1 00:00:00,120 --> 00:00:09,210 ‫So let's see how we can perform a DHC starvation attack and consume the DHP pool using Yersinia Yersinia 2 00:00:09,210 --> 00:00:15,420 ‫is a network tool designed to take advantage of some weaknesses in different network protocols. 3 00:00:15,990 --> 00:00:20,400 ‫The protocols currently implemented in your cinema are shown in this light. 4 00:00:23,100 --> 00:00:26,670 ‫Now we're going to use our VMS in that mode during this demo. 5 00:00:28,120 --> 00:00:31,810 ‫So I'm on my house machine and open the virtual machine library. 6 00:00:32,940 --> 00:00:34,290 ‫This is the collie that I'll use. 7 00:00:35,250 --> 00:00:40,020 ‫So click this icon to see the VM settings, click the network adapter icon. 8 00:00:41,130 --> 00:00:47,010 ‫It says Internet is shared with my Mac, so if you look the explanation in the right hand side of the 9 00:00:47,010 --> 00:00:50,700 ‫frame, it means the VM is in that mode. 10 00:00:51,720 --> 00:00:52,760 ‫So this is what we want. 11 00:00:52,770 --> 00:00:54,420 ‫So just leave it as it is. 12 00:00:55,470 --> 00:01:01,500 ‫The Connect network adapter is selected, so Carly is ready to use with a net network connection. 13 00:01:02,970 --> 00:01:08,460 ‫So Windows eight is the other VM that I used to demonstrate DHP starvation attack. 14 00:01:09,420 --> 00:01:12,450 ‫Let's have a look at the network settings of windows as well. 15 00:01:12,720 --> 00:01:16,110 ‫Yeah, it's in that mode and the network adapter is connected. 16 00:01:17,340 --> 00:01:23,720 ‫So I'll disconnect the network adapter by clicking here because I just want to show you that the DHP 17 00:01:23,730 --> 00:01:25,560 ‫of VMware is working properly. 18 00:01:26,700 --> 00:01:33,840 ‫So I want to add a second network interface for my Windows system, click show all and go to the Settings 19 00:01:33,840 --> 00:01:44,760 ‫menu and click on Add Device at the upper left hand corner, select network adapter and click Add the 20 00:01:44,760 --> 00:01:46,800 ‫details of the new adapter listed here. 21 00:01:47,400 --> 00:01:49,620 ‫The that mode is selected by default already. 22 00:01:50,890 --> 00:01:54,370 ‫So uncheck the Connect network adapter box for now. 23 00:01:55,410 --> 00:02:00,000 ‫OK, so as you see, we have two network adapters for the Windows system. 24 00:02:00,390 --> 00:02:03,300 ‫Both of them are in that mode and are disconnected. 25 00:02:04,310 --> 00:02:06,140 ‫So now I'll start the Windows eight system. 26 00:02:10,050 --> 00:02:10,710 ‫Log in. 27 00:02:12,470 --> 00:02:13,820 ‫And sure enough, it's ready. 28 00:02:15,130 --> 00:02:21,370 ‫Right click on a network icon at the lower right corner and select open network and sharing center. 29 00:02:23,000 --> 00:02:27,050 ‫And right there, we don't have an active network at the moment. 30 00:02:28,290 --> 00:02:29,220 ‫That's to be expected. 31 00:02:30,450 --> 00:02:34,500 ‫So now I connect the first adapter and activate the network. 32 00:02:35,710 --> 00:02:40,540 ‫In VMware Fusion, you can see and change the setting in several ways. 33 00:02:41,710 --> 00:02:44,470 ‫If you use the VM in full screen mode like I do. 34 00:02:45,340 --> 00:02:49,150 ‫Just go to the upper side for VMware Fusion menu. 35 00:02:49,270 --> 00:02:49,720 ‫There it is. 36 00:02:50,080 --> 00:02:54,070 ‫And if the menu does not appear, just press command control buttons together. 37 00:02:55,090 --> 00:02:55,420 ‫Right. 38 00:02:55,420 --> 00:03:00,520 ‫So this is the default setting of VMware Fusion to turn back to the host system when you're inside of 39 00:03:00,520 --> 00:03:00,880 ‫him. 40 00:03:02,290 --> 00:03:09,130 ‫And these are the network adapters, when you click on them, you'll see the short menu for network 41 00:03:09,130 --> 00:03:09,700 ‫adapter. 42 00:03:09,760 --> 00:03:16,030 ‫And here you can connect or disconnect the network adapter, change the network mode, Nat Bridge or 43 00:03:16,030 --> 00:03:20,800 ‫host only, and you can use this pop up for the network adapter settings. 44 00:03:22,680 --> 00:03:29,400 ‫Now, the second way to see and change in network settings is to click the Settings icon, then select 45 00:03:29,400 --> 00:03:31,110 ‫the adapter to see the settings. 46 00:03:32,400 --> 00:03:35,880 ‫So the third way is to go to the virtual machine menu. 47 00:03:37,550 --> 00:03:42,200 ‫Go to the network adapter and you'll see the short menu of the adapter. 48 00:03:43,450 --> 00:03:51,610 ‫Now go to the first network adapter icon and click on the Connect network adapter menu item and now 49 00:03:51,610 --> 00:03:54,010 ‫you see in the network and sharing center window. 50 00:03:54,460 --> 00:03:56,920 ‫We now have an active network connection. 51 00:03:57,640 --> 00:04:01,120 ‫So click the network name and the details button. 52 00:04:02,180 --> 00:04:07,940 ‫Here are the connection details, and right there, there it is, DHP is one seven two point one six 53 00:04:08,180 --> 00:04:14,510 ‫nine nine two two five four and it assigned an IP address for the VMM one seven two point one six nine 54 00:04:14,510 --> 00:04:19,130 ‫nine two two one, as well as the Gateway and the DNS address. 55 00:04:21,950 --> 00:04:25,400 ‫Now I'll go back to Carly and open a terminal screen. 56 00:04:26,320 --> 00:04:32,230 ‫Using the config command to see the network interface configuration, and sure enough, it has the IP 57 00:04:32,230 --> 00:04:32,680 ‫address. 58 00:04:33,980 --> 00:04:36,740 ‫So, Ping, the Windows eight system to validate the network. 59 00:04:36,780 --> 00:04:37,580 ‫Two to one. 60 00:04:38,610 --> 00:04:39,090 ‫OK. 61 00:04:39,690 --> 00:04:43,560 ‫We received the ICMP reply, so everything looks OK. 62 00:04:45,370 --> 00:04:54,940 ‫Now, is it time for your Cynthia, to take men your senior and hit enter, see the menu and right here 63 00:04:54,940 --> 00:04:59,260 ‫in the manual, your senior is a framework for performing layer two attacks. 64 00:04:59,890 --> 00:05:03,010 ‫And here's a list of protocols implemented in your senior. 65 00:05:05,560 --> 00:05:12,550 ‫Scroll down, you'll see the options we can use uppercase G to start a graphical interface. 66 00:05:13,210 --> 00:05:15,250 ‫So let's go ahead and use it in graphical mode. 67 00:05:16,470 --> 00:05:25,290 ‫Can press Q to quit from the manual and turn back to the terminal, now type your senior uppercase G. 68 00:05:25,770 --> 00:05:27,000 ‫And press enter. 69 00:05:27,840 --> 00:05:31,050 ‫So this is a graphical user interface of your cinema. 70 00:05:32,220 --> 00:05:38,400 ‫Before running the attack, let's open Wireshark and monitor the network packets to see what happens 71 00:05:38,400 --> 00:05:39,570 ‫when we start the attack. 72 00:05:40,470 --> 00:05:48,390 ‫You can type Wireshark in terminal to start it or just click the Wireshark icon to select the interface 73 00:05:48,390 --> 00:05:48,930 ‫to listen. 74 00:05:49,530 --> 00:05:50,880 ‫Double click eth0. 75 00:05:52,040 --> 00:05:59,280 ‫And to discard the different packets and focus only on the DHC packets, we can filter the packets in 76 00:05:59,280 --> 00:06:03,080 ‫the filter box type boot p and hit enter. 77 00:06:04,430 --> 00:06:10,460 ‫So Boot P is the short form of bootstrap protocol, which I mentioned earlier. 78 00:06:10,790 --> 00:06:16,940 ‫It's basically a computer networking protocol to automatically assign an IP address to network devices 79 00:06:16,940 --> 00:06:18,590 ‫from a configuration server. 80 00:06:19,100 --> 00:06:21,860 ‫And obviously, it's used by the DHCP server. 81 00:06:23,530 --> 00:06:27,760 ‫Now we can turn back to your city and prepare and run the attack. 82 00:06:28,660 --> 00:06:30,370 ‫So quick launch attack. 83 00:06:30,760 --> 00:06:32,800 ‫That's the link at the upper left hand corner. 84 00:06:34,260 --> 00:06:43,800 ‫The tabs in the window are the implemented protocols choose DHP and select sending Discover packet now 85 00:06:43,800 --> 00:06:44,490 ‫click OK. 86 00:06:46,060 --> 00:06:52,000 ‫As soon as we click the button, you're seniors start sending dozens of DHCP requests in a second. 87 00:06:52,990 --> 00:06:55,720 ‫It'll keep sending the packets till we stop the attack. 88 00:06:57,270 --> 00:06:58,770 ‫Now, look at the Wireshark window. 89 00:06:59,580 --> 00:07:03,180 ‫These are the DHP discover packets sent by Yersinia. 90 00:07:05,240 --> 00:07:10,790 ‫So now, while you're Cynthia is sending the HP Discover packet, let's activate the second interface 91 00:07:10,790 --> 00:07:16,940 ‫of the Windows VM, and let's see if the HP server assigns an IP address for the second interface. 92 00:07:18,830 --> 00:07:25,160 ‫All right, so we're in the Windows VM now, go to the second network adapter, click Connect Network 93 00:07:25,160 --> 00:07:27,740 ‫Adapter to to activate the second interface. 94 00:07:28,660 --> 00:07:36,100 ‫Now, do you remember what happened when we activated the first interface, we saw the new network activated? 95 00:07:36,700 --> 00:07:43,060 ‫But now there is still no network because the DHCP server is busy replying to the request created by 96 00:07:43,060 --> 00:07:46,540 ‫Yersinia, it's not going to answer the Windows eight second interface. 97 00:07:48,070 --> 00:07:50,680 ‫So let's turn back to Carly and stop the attack. 98 00:07:51,830 --> 00:07:57,470 ‫In your city is interface, just click list attacks and then click Stop or stop all. 99 00:07:59,200 --> 00:08:06,390 ‫In Wireshark window, look at the bottom of the package list, we now have a complete DHC sequence. 100 00:08:07,640 --> 00:08:11,630 ‫Discover, offer, request and act packets. 101 00:08:13,230 --> 00:08:16,650 ‫In the Windows eight VM, we now have a second network. 102 00:08:17,250 --> 00:08:19,770 ‫The first one was Ethernet zero two. 103 00:08:20,190 --> 00:08:21,690 ‫This one is even at zero. 104 00:08:22,980 --> 00:08:23,490 ‫Click on it. 105 00:08:24,770 --> 00:08:26,690 ‫In a status window, click on details. 106 00:08:27,770 --> 00:08:32,930 ‫The second interface has an IP address now assigned by the DHP server.