1

00:00:01,540 --> 00:00:09,000

So now you're going to see how we can have a complete system from one drug to and then that.



2

00:00:09,010 --> 00:00:11,560

So let me start and myself on so



3

00:00:20,840 --> 00:00:22,960

many take a few seconds to start.



4

00:00:22,960 --> 00:00:23,560

So are.



5

00:00:23,610 --> 00:00:28,190

Are going to do is on Windows and Internet Explorer 11.



6

00:00:28,430 --> 00:00:39,760

So we will embed our exploit and Matt in the middle attack and when the user of life visit on any Web



7

00:00:39,760 --> 00:00:48,020

site and Internet Explorer on Windows then written machine will get a metaphorical The sessional white



8

00:00:48,090 --> 00:00:50,610

right so we'll see how we are going to do that.



9

00:00:50,960 --> 00:00:52,980

So MSF console is a socket.



10

00:00:52,980 --> 00:01:02,040

Now let me show you that I'm going to do it with two different strokes and I want a.



11

00:01:02,360 --> 00:01:11,270

So as you can see I have connected the two different micro-cap so I'm going to start on VNC I'm connected



12

00:01:11,270 --> 00:01:16,020

with this IP 1 9 2 1 6 8 2 5 4 1 0 9.



13

00:01:16,160 --> 00:01:23,420

And that that I'm going to do it on this network and the device on which I'm going to do attack is of



14

00:01:23,420 --> 00:01:26,260

windows down which is connected to this net.



15

00:01:26,330 --> 00:01:27,100

Right.



16

00:01:27,110 --> 00:01:32,460

That device is not connected to that the next truck on which we are having the right.



17

00:01:32,540 --> 00:01:34,400

So you have to remember that right.



18

00:01:34,670 --> 00:01:38,710

So let me close on this.



19

00:01:38,750 --> 00:01:42,830

So let's just create exploit the exploit is



20

00:01:58,630 --> 00:02:08,770

so that exploit me is 16 feet or 5 1 dbspace quite let's just hit enter and let's just set the payload



21

00:02:08,840 --> 00:02:09,740

that's.



22

00:02:10,160 --> 00:02:27,690

So the payload is Matto pretty diverse decently.



23

00:02:27,830 --> 00:02:39,090

And now we have to side the SRB Vorst that if our local host IP seul Let's do this config and check



24

00:02:39,090 --> 00:02:39,810

the IP



25

00:02:42,530 --> 00:02:55,960

so the IP is 1 7 $4.20 tandoor 3 is called We decide if the unless US based out and we have to said



26

00:02:56,040 --> 00:02:57,290

that enforced.



27

00:02:57,300 --> 00:02:58,930

And then right.



28

00:02:59,250 --> 00:03:00,830

IP will be similar.



29

00:03:04,660 --> 00:03:05,590

So data set.



30

00:03:05,640 --> 00:03:12,450

Now lets just check out the options and range options and let's check out if you have missed out any



31

00:03:12,460 --> 00:03:13,240

auction.



32

00:03:14,660 --> 00:03:15,000

All right.



33

00:03:15,000 --> 00:03:16,890

So all the options are set.



34

00:03:16,890 --> 00:03:30,890

Now as you can see this does exploit and we will get you all right.



35

00:03:31,100 --> 00:03:31,770

There you are.



36

00:03:31,770 --> 00:03:41,610

And right what you have to do now is you have to somehow reward this you are to send to victim and we



37

00:03:41,610 --> 00:03:44,500

want them to play this you are right.



38

00:03:44,520 --> 00:03:49,330

So nowadays victims are not that foolish.



39

00:03:49,530 --> 00:03:56,370

I should say that they click on the local and if you somehow change your model as well.



40

00:03:57,030 --> 00:03:59,970

You have to wait until the user clicks on the phone.



41

00:04:00,120 --> 00:04:06,530

So this is not we going to do right now what we are going to do is even embed this you wanted to add



42

00:04:06,580 --> 00:04:14,610

my DMA tag and if you visit on any site let's suppose you go visit Ben-Dor home or any other site does



43

00:04:14,610 --> 00:04:19,490

you or will be executed and we will get a up art session automatically.



44

00:04:19,500 --> 00:04:20,020

Right.



45

00:04:20,220 --> 00:04:26,450

So let's just open another terminal let's just perform mit him attack.



46

00:04:26,520 --> 00:04:31,480

So let's just do mit MF No.



47

00:04:31,500 --> 00:04:33,800

BASH level



48

00:04:37,510 --> 00:04:48,500

in the book and then you have to give our best to us all then get me and we can check out the gateway.



49

00:04:48,550 --> 00:05:00,760

The BY DOING ALL.



50

00:05:00,770 --> 00:05:10,430

So this is the gateway IP of the other NACRO on which we are attacking.



51

00:05:10,530 --> 00:05:22,670

This is all most kids who Darger and now you have to give the target IP and you should know that I will



52

00:05:22,690 --> 00:05:25,340

give you some information get in session.



53

00:05:25,400 --> 00:05:33,610

As I told you before I'm not going to show you how I got this IP but you can get this IP by doing and



54

00:05:33,610 --> 00:05:37,000

map and other tools using those tools on the network.



55

00:05:37,090 --> 00:05:37,840

Right.



56

00:05:37,870 --> 00:05:45,740

So this is the IP of our Victim 1 7 2 1 7 2.20 dot dot for.



57

00:05:45,760 --> 00:05:46,660

Right.



58

00:05:46,690 --> 00:05:49,240

And then we have to give down to a fist fight.



59

00:05:49,510 --> 00:05:58,730

So the interface is just check on the interface as the so that interface is Dumoulin by.



60

00:05:58,940 --> 00:06:06,150

Red w LAN but we are connected but with the other NACRO quite secure and Necros as you can see or hear



61

00:06:06,150 --> 00:06:08,110

us and.



62

00:06:08,230 --> 00:06:08,980

Right.



63

00:06:09,120 --> 00:06:11,790

So let's just give the interface



64

00:06:17,840 --> 00:06:20,240

LAN one.



65

00:06:20,560 --> 00:06:32,470

Now we have to inject 5 right so we can use double dash inject and this time we are going to inject



66

00:06:33,290 --> 00:06:40,730

J.F. payload and that just below will have and this Mattei start you are.



67

00:06:40,890 --> 00:06:41,530

Right.



68

00:06:41,560 --> 00:06:44,180

So we will embed that you are in the.



69

00:06:44,200 --> 00:06:45,300

All right.



70

00:06:45,310 --> 00:06:48,220

So let me show you the payload files that were here.



71

00:06:48,220 --> 00:06:57,180

You can see are at their next door that will open at like the previous line.



72

00:06:57,440 --> 00:07:04,110

Now just copy this Lenk and waste in this five.



73

00:07:04,800 --> 00:07:06,310

So what this code is doing.



74

00:07:06,310 --> 00:07:06,860

Right.



75

00:07:07,210 --> 00:07:09,650

So this code is basically a very direct.



76

00:07:09,660 --> 00:07:12,630

Bring any ideas to this you all right.



77

00:07:12,790 --> 00:07:18,520

So if you visit any site it will read that it will automatically be dedicated to this you are right.



78

00:07:18,560 --> 00:07:26,080

If this just build embedded into victims with the right that it will automatically re-addicted to you



79

00:07:26,130 --> 00:07:28,090

on white.



80

00:07:28,260 --> 00:07:39,980

So lets just lost this fine math just minimize those as lords and let's just do double dash.



81

00:07:40,060 --> 00:07:44,430

Judith band fine.



82

00:07:45,650 --> 00:07:54,390

And then after the fight which is on group text all below are just right.



83

00:07:54,410 --> 00:07:56,160

This is the fight.



84

00:07:56,450 --> 00:07:58,640

We can also do.



85

00:07:59,650 --> 00:08:06,510

We can also embed you all by as Yemen beshrew out and then we can just play you on the left and right.



86

00:08:06,590 --> 00:08:07,860

We can do this thing as well.



87

00:08:08,000 --> 00:08:08,570

Right.



88

00:08:08,840 --> 00:08:17,530

But I'm not going to do this as cancel out this effect because I have already shown this thing in the



89

00:08:17,530 --> 00:08:22,490

previous section of then in the previous series sorry.



90

00:08:22,530 --> 00:08:27,590

So this time let's just create just me are quite two number.



91

00:08:27,740 --> 00:08:29,100

Yes.



92

00:08:29,250 --> 00:08:35,050

And then you have to get file and go next door.



93

00:08:35,160 --> 00:08:36,960

We'll talk just right.



94

00:08:37,320 --> 00:08:45,110

So this attack this attack will do is it will embed this bail or find in victims.



95

00:08:45,130 --> 00:08:45,830

All right.



96

00:08:46,080 --> 00:08:52,410

And when victims tried to visit any site this failed or just finally be executed and the victim will



97

00:08:52,470 --> 00:08:58,190

automatically be directed to you or in which the embedded in the payload are just fine.



98

00:08:58,200 --> 00:08:58,680

Right.



99

00:08:58,860 --> 00:09:02,060

So that's just heard the



100

00:09:06,160 --> 00:09:11,530

so so the IP is dissolved now and the attack is started now.



101

00:09:11,540 --> 00:09:12,010

Right.



102

00:09:12,170 --> 00:09:15,190

So let me move into the victim machine.



103

00:09:18,730 --> 00:09:24,710

So on here you can see I'm connected with secure.



104

00:09:24,810 --> 00:09:25,360

Right.



105

00:09:25,590 --> 00:09:27,980

And let me show you the IP as well.



106

00:09:31,340 --> 00:09:33,920

So this is the IP on this report from the task.



107

00:09:33,920 --> 00:09:34,800

Right.



108

00:09:35,330 --> 00:09:39,090

So let's just open Internet Explorer



109

00:09:42,870 --> 00:09:46,930

right and let's do this with a big dot com right.



110

00:09:51,890 --> 00:09:56,980

As you can see the requestors automatically is in direct threat to this you order.



111

00:09:57,130 --> 00:10:04,250

And let's just move on do our breath put it back on your machine and see if we got any better bird a



112

00:10:04,460 --> 00:10:05,470

or not.



113

00:10:05,570 --> 00:10:06,710

That will be my third.



114

00:10:10,250 --> 00:10:15,890

We'll as you can see it's sending still the quest is still going on.



115

00:10:15,900 --> 00:10:18,650

Let's see if you get the metal for the session or not.



116

00:10:41,310 --> 00:10:42,340

All right.



117

00:10:42,510 --> 00:10:50,280

We got make a bit of session as you can see by just visiting Ben-Dor Cuomo.



118

00:10:50,370 --> 00:10:53,600

Let me move into my machine as well.



119

00:10:54,410 --> 00:10:58,940

So as you can see as soon I just said it been dotcom.



120

00:10:58,940 --> 00:11:01,450

It automatically you direct us to this.



121

00:11:01,480 --> 00:11:02,380

You are then.



122

00:11:02,910 --> 00:11:05,380

And Nygaard the metal part of session open.



123

00:11:05,380 --> 00:11:05,890

Right.



124

00:11:06,130 --> 00:11:09,140

Let's just interact with the session a little bit.



125

00:11:10,880 --> 00:11:17,370

Let's just do a session and let's just one because session one is open right now.



126

00:11:17,380 --> 00:11:17,970

Right.



127

00:11:18,090 --> 00:11:22,710

And we can do pretty much anything with the machine.



128

00:11:22,710 --> 00:11:25,930

Now we can get this shell here.



129

00:11:27,320 --> 00:11:28,480

Let's just take action.



130

00:11:28,700 --> 00:11:36,560

And within short time the card the complete axis of that dumb machine from one drug to another not using



131

00:11:36,560 --> 00:11:40,850

just the man in the middle attack and using my death.



132

00:11:40,940 --> 00:11:41,410

Right.



133

00:11:41,570 --> 00:11:47,830

So this is how you could hear the combinations of framework and attacks to do our preretirement that



134

00:11:47,900 --> 00:11:48,330

right.



135

00:11:48,500 --> 00:11:51,680

So we created a link in my desk Floyd.



136

00:11:51,860 --> 00:11:55,680

And of course in order to do that it's not going to click that link right.



137

00:11:55,820 --> 00:11:56,680

For what we did.



138

00:11:56,680 --> 00:12:04,280

It's the embedded direct link in man in the middle attack and banned the use or visit any site or tried



139

00:12:04,280 --> 00:12:09,950

to with any site it will automatically be directed to you or everyone.



140

00:12:09,970 --> 00:12:10,440

Right.



141

00:12:10,610 --> 00:12:14,230

And we got the complete access of the time machine.



142

00:12:14,540 --> 00:12:17,090

This is when you perform realtime attacks.