1
00:00:00,550 --> 00:00:06,640
‫So look at the page seen in the slide, this is the manual page of the Mac of command.

2
00:00:08,290 --> 00:00:15,790
‫Mecca is a command line tool mainly used to flood the switch on a local network with random Mac addresses.

3
00:00:16,390 --> 00:00:21,760
‫So as I mentioned before, when the Switch receives a frame, it creates a new entry in its Mac address

4
00:00:21,760 --> 00:00:23,290
‫table for these Mac addresses.

5
00:00:24,100 --> 00:00:29,590
‫Once the Switch is Mac, address table is full and it cannot save any more Mac addresses, it generally

6
00:00:29,590 --> 00:00:33,970
‫enters into a fail open mode and it starts behaving like a network up.

7
00:00:35,420 --> 00:00:36,350
‫So let's see.

8
00:00:36,560 --> 00:00:37,910
‫Mac of command in action.

9
00:00:40,070 --> 00:00:43,070
‫So here's a network that I created in G and S3.

10
00:00:45,430 --> 00:00:49,840
‫Well, the IP addresses are different from the one that I created in the previous lectures, but not

11
00:00:49,840 --> 00:00:50,230
‫to worry.

12
00:00:50,440 --> 00:00:53,290
‫It's completely identical with that network.

13
00:00:54,510 --> 00:01:03,090
‫So in addition, I've added some other VMware VMS, OWASP Broken Web applications and Metasploit BBL

14
00:01:03,270 --> 00:01:09,870
‫in the same way with Carly now just a little word of caution while you're adding a VMware VM to Ghana's

15
00:01:09,870 --> 00:01:10,620
‫three network.

16
00:01:10,920 --> 00:01:19,620
‫Do not forget to create a new custom network mode such as VM Net two, because all VMS need a separate

17
00:01:19,620 --> 00:01:20,790
‫custom network mode.

18
00:01:21,300 --> 00:01:21,900
‫Remember that?

19
00:01:23,120 --> 00:01:27,920
‫OK, so now I'll go to Carly, since Carly is a part of the Jeunesse Three Network.

20
00:01:28,220 --> 00:01:33,800
‫Its network settings is custom, so it's not in that mode right now.

21
00:01:35,480 --> 00:01:38,210
‫Have a look at the IP address using if config.

22
00:01:38,870 --> 00:01:46,070
‫OK, so it's in one nine two one six eight one zero zero 24 IP block.

23
00:01:47,000 --> 00:01:48,950
‫So now check the entire network.

24
00:01:49,760 --> 00:01:54,230
‫I go over to the other teams and look at the interface configurations.

25
00:01:55,340 --> 00:01:58,460
‫These are the IP addresses of all the VMS.

26
00:01:59,330 --> 00:02:00,740
‫Now go to college and ping them.

27
00:02:02,850 --> 00:02:04,090
‫The results are pretty good.

28
00:02:04,560 --> 00:02:06,960
‫We got the reply packets for Ping request.

29
00:02:08,100 --> 00:02:16,650
‫So now I open another terminal screen and scan these two VMS and see the open ports and running services.

30
00:02:18,410 --> 00:02:26,300
‫So I'll simply use the map command with the IP address only, so it'll be a sin scan and the top 1000

31
00:02:26,300 --> 00:02:27,350
‫ports will be scanned.

32
00:02:28,470 --> 00:02:29,280
‫Here are the results.

33
00:02:30,540 --> 00:02:35,760
‫Ten not one one has nine open ports and ten point one two has 23.

34
00:02:36,180 --> 00:02:43,320
‫And as you see here, Telnet port of the one nine two one six eight one zero one two is open.

35
00:02:45,020 --> 00:02:46,280
‫So let's go to the VRMs.

36
00:02:47,450 --> 00:02:52,910
‫11:50 is Metasploit Bill and 10. 11 is OWASP BW.

37
00:02:54,110 --> 00:03:01,400
‫Now we know the Telnet service is running on Metasploit, so to create some traffic and let the switch

38
00:03:01,400 --> 00:03:02,990
‫fill the Mac address table.

39
00:03:03,470 --> 00:03:08,210
‫I'll start up a Telnet connection from OWASP, BWR to Metasploit about.

40
00:03:09,200 --> 00:03:16,340
‫Type Telnet and the IP address of Metasploit will enter the username and password, which are already

41
00:03:16,340 --> 00:03:18,110
‫given as a welcome message here.

42
00:03:21,190 --> 00:03:23,110
‫And we got the session.

43
00:03:25,150 --> 00:03:26,920
‫OK, so we can exit now.

44
00:03:27,760 --> 00:03:35,800
‫Now I'll go to the console of the switch and type show Mac address table dynamic to see the dynamic

45
00:03:35,800 --> 00:03:37,480
‫records of the Mac address table.

46
00:03:38,760 --> 00:03:43,280
‫Now here there are six Port and Mac mappings for now.

47
00:03:44,240 --> 00:03:45,560
‫Run the command again.

48
00:03:46,250 --> 00:03:47,510
‫And now we have two rows.

49
00:03:48,480 --> 00:03:54,270
‫So it seems by the look at this, that the Mac address table aging is 10 or 15 seconds.

50
00:03:55,900 --> 00:03:57,820
‫OK, you ready for this?

51
00:03:59,170 --> 00:04:01,480
‫This is the time of Max letting.

52
00:04:02,990 --> 00:04:05,090
‫So now I'm in a terminal screen oncology.

53
00:04:06,140 --> 00:04:10,850
‫Have a look at the manual of Mac of Command first, so type men.

54
00:04:10,880 --> 00:04:12,500
‫Mac of and hit at her.

55
00:04:14,000 --> 00:04:19,700
‫Makeover is a tool that's used to flood the local network with random Mac addresses.

56
00:04:21,090 --> 00:04:22,110
‫And here are the options.

57
00:04:23,790 --> 00:04:32,400
‫I to identify the network interface, to attack and to specify the number of packets to send D to specify

58
00:04:32,400 --> 00:04:35,280
‫the destination systems, IP address, etc..

59
00:04:36,150 --> 00:04:37,140
‫So let's create the command.

60
00:04:38,200 --> 00:04:42,160
‫Of course, the first command I'll send is Mac of.

61
00:04:43,200 --> 00:04:52,020
‫I the interface it's used to attack will take that in as easy zero d, the destination, the Ether Switch

62
00:04:52,020 --> 00:04:52,530
‫router.

63
00:04:54,010 --> 00:04:55,510
‫Now we're ready to run a command.

64
00:04:56,050 --> 00:04:56,680
‫So hit enter.

65
00:04:58,230 --> 00:05:03,270
‫And the Mac flood started and Mac of sends tens of packets and seconds.

66
00:05:04,670 --> 00:05:11,480
‫Now, let me go to the Ether Switch router console and look at the dynamic Mac address table again.

67
00:05:12,470 --> 00:05:15,800
‫You can call the last command by using the up haruki.

68
00:05:16,940 --> 00:05:23,570
‫And as you see, there are a lot of rows for our fast Ethernet one zero port, which is used for calling.

69
00:05:25,050 --> 00:05:32,040
‫So while Markov is running, let's run Wireshark and try to listen in to the traffic on the telnet of

70
00:05:32,040 --> 00:05:33,570
‫Kylie's own network interface.

71
00:05:41,110 --> 00:05:47,320
‫Now, to see only to tell them that traffic type telnet in the filter box and click the blue button

72
00:05:47,470 --> 00:05:48,280
‫next to the box.

73
00:05:48,940 --> 00:05:49,270
‫OK.

74
00:05:49,600 --> 00:05:51,040
‫No Telnet traffic for now.

75
00:05:51,760 --> 00:05:57,850
‫Now go back to the old BW, AVM and Telnet to the Metasploit VM again.

76
00:05:58,570 --> 00:06:02,710
‫Telnet the IP address of Metasploit able username and password.

77
00:06:04,850 --> 00:06:05,510
‫Run command.

78
00:06:05,870 --> 00:06:08,000
‫OK, so back to Cali.

79
00:06:09,160 --> 00:06:10,660
‫You see the town that traffic here.

80
00:06:11,590 --> 00:06:17,110
‫Collie is neither the source of the traffic nor the destination, it receives the tail in that traffic.

81
00:06:17,830 --> 00:06:25,030
‫Now this is a typical in her behavior to send packets to each node so we can say that our switch is

82
00:06:25,030 --> 00:06:27,970
‫behaving like a hub now, just like we predicted.

83
00:06:29,680 --> 00:06:36,430
‫So let's go ahead and stop Wireshark and the lack of command using control C keys, you can do that.

84
00:06:38,990 --> 00:06:40,430
‫These are the Telnet packets.

85
00:06:41,300 --> 00:06:48,110
‫Since Telnet is a clear text protocol, by default, we can see the payload as well as the metadata.

86
00:06:49,040 --> 00:06:52,190
‫We can see every character in a different packet.

87
00:06:52,310 --> 00:06:57,530
‫So select one of them, right click follow and select TCP Stream.

88
00:06:58,850 --> 00:07:04,130
‫So the right characters here are client packets, the blue characters are the server packets.

89
00:07:04,760 --> 00:07:08,060
‫Here is a credential username and password.