1
00:00:00,210 --> 00:00:02,690
Hello everybody and welcome back.

2
00:00:02,700 --> 00:00:09,230
And now before we continue to eat recap which is not up to the man in the middle which I'll show briefly.

3
00:00:09,410 --> 00:00:13,640
Let us see what else we can do with our man in the middle framework too.

4
00:00:14,100 --> 00:00:16,880
So there are a bunch of other options as well.

5
00:00:16,920 --> 00:00:18,720
We will not cover all of them of course.

6
00:00:19,080 --> 00:00:26,570
Well I just want to show you some of the things that you can do in order to specify your tack more detailed

7
00:00:26,600 --> 00:00:29,040
or in order to perform some different type of the attack.

8
00:00:29,510 --> 00:00:37,340
So what we did cover we did cover how to spell we both Arp and unless we were redirecting the DNS queries

9
00:00:37,340 --> 00:00:44,210
to some other Web sites we were also performing the captive portal attacks which were we redirected

10
00:00:44,300 --> 00:00:51,950
all of the websites to the captive portal which was running the vulnerable or the evil code which was

11
00:00:52,040 --> 00:00:57,370
redirecting people to hook their browsers to our B framework.

12
00:00:57,410 --> 00:01:03,950
We were also performing some of the HST yes attacks which was SSL strip attack but let's see what else

13
00:01:03,980 --> 00:01:06,370
we can perform in this tool.

14
00:01:06,410 --> 00:01:17,190
So let's see something something perhaps funny for for example here you have e replaces images with

15
00:01:17,190 --> 00:01:23,180
the random one from specified directory so you can specify this for example and it will load plug in

16
00:01:23,180 --> 00:01:29,330
image random miser and you need to specify after that image minus there and then the directory where

17
00:01:29,330 --> 00:01:32,100
you have some images stored and it will.

18
00:01:32,180 --> 00:01:38,660
For example you need for change all of the pictures on that website from your directory pictures and

19
00:01:38,690 --> 00:01:43,610
everyone on the local network will be seeing the website with different pictures.

20
00:01:43,610 --> 00:01:45,740
Now that is something that you can do.

21
00:01:45,740 --> 00:01:48,800
For example I would show you but I don't really have.

22
00:01:49,370 --> 00:01:55,520
I don't really have the the folder with pictures right here but there is another thing we can do so

23
00:01:55,520 --> 00:02:01,700
for example another fighting is upside down it which loads plug in upside down turn it which flips images

24
00:02:01,700 --> 00:02:09,020
of 100 degrees 180 degrees so we can try that one out since we don't need anything besides that.

25
00:02:09,020 --> 00:02:14,430
Let's see what else we can add in order to make our attack better.

26
00:02:14,600 --> 00:02:18,440
So let's for example add this which is this screenshot right here.

27
00:02:18,500 --> 00:02:23,390
Use the amount to render an accurate screenshot of Klein's browser so let's see if this will work.

28
00:02:23,390 --> 00:02:25,180
Now I use this before.

29
00:02:25,340 --> 00:02:27,470
Sometimes it works and sometimes it doesn't.

30
00:02:27,470 --> 00:02:29,030
Let's see if it will work now.

31
00:02:29,420 --> 00:02:34,120
So what we will use is basically these two options we need to specify a screen.

32
00:02:34,130 --> 00:02:36,290
And then after that interval and seconds.

33
00:02:36,320 --> 00:02:41,590
So let's see how that would look like we cleared the page and we type as usual.

34
00:02:41,600 --> 00:02:44,720
And my TMF by then minus I.

35
00:02:44,750 --> 00:02:49,000
And then the e-trade 0 which is our network interface.

36
00:02:49,070 --> 00:02:55,670
After that we specify spoof and then ARP you most likely or will be using our spoofing since you cannot

37
00:02:55,670 --> 00:02:59,140
perform an email attack without it.

38
00:02:59,450 --> 00:03:02,170
After that what we want to use now.

39
00:03:02,690 --> 00:03:05,300
I believe it is upside down internet.

40
00:03:05,300 --> 00:03:06,860
Well that could be a problem.

41
00:03:06,860 --> 00:03:13,170
Let the culprit or you know what we can actually do it like this.

42
00:03:13,200 --> 00:03:22,990
So we can open up another terminal and here we can go to the M.I.T. and math and then add my TMF minus

43
00:03:22,990 --> 00:03:23,830
minus help.

44
00:03:24,880 --> 00:03:28,730
And we will find those two plug ins.

45
00:03:28,780 --> 00:03:31,110
I believe there were somewhere towards the top.

46
00:03:31,120 --> 00:03:36,670
Now this is also an interesting plug in injects a javascript key logger into clients web pages.

47
00:03:36,700 --> 00:03:41,740
So this is basically a key logger that will be injected into vulnerable Web pages and then you will

48
00:03:41,740 --> 00:03:43,530
be able to capture keystroke.

49
00:03:44,020 --> 00:03:45,520
But we will not be doing that.

50
00:03:45,520 --> 00:03:52,600
Right now we will only use these two which is discrete interval and then the image randomize which is

51
00:03:52,780 --> 00:03:55,610
right here or not the image randomize is the upside down.

52
00:03:55,710 --> 00:04:00,300
It will flip all of the images on the current that page.

53
00:04:00,340 --> 00:04:02,860
So let us start typing it.

54
00:04:03,220 --> 00:04:05,410
Let me just go down here so am I.

55
00:04:05,410 --> 00:04:10,430
TMF minus I eat at 0 4.

56
00:04:10,720 --> 00:04:20,160
Are we all recovered all of this so Gateway wanted to do that 160 that on the one then upside down or

57
00:04:20,170 --> 00:04:28,940
net and then we also specify the screen and then let me see how it goes screen.

58
00:04:29,000 --> 00:04:34,480
And then after that interval so minus minus interval.

59
00:04:34,570 --> 00:04:37,660
Now let's set that to 20 seconds for example.

60
00:04:38,060 --> 00:04:41,330
And I believe we specified everything we need.

61
00:04:41,330 --> 00:04:49,010
Now let's see the target that we will be using is our good old web site which is this one.

62
00:04:49,010 --> 00:04:55,540
So if we refresh it right here it doesn't have much pictures but it does have some of them.

63
00:04:55,540 --> 00:05:00,700
So as you can see right here right here this picture right here is also a picture.

64
00:05:00,700 --> 00:05:08,520
And let's actually run this so it loads the default banner it loads all of the plugins.

65
00:05:08,520 --> 00:05:12,950
And right now if we tried to reload this page let's see if this will work

66
00:05:18,530 --> 00:05:27,200
we can see this picture right here which is in the name is flipped so let's see this one is flipped

67
00:05:27,200 --> 00:05:30,330
as we can see that 2019 is flip.

68
00:05:31,010 --> 00:05:32,810
This one didn't.

69
00:05:32,870 --> 00:05:35,380
Now most of these as we can see this one date.

70
00:05:35,390 --> 00:05:38,030
So this is the picture that flipped as well.

71
00:05:38,130 --> 00:05:43,880
We could see it doesn't really work on all the pictures but some of them did flip.

72
00:05:43,930 --> 00:05:49,210
Let me just see if there is anything else that flips OK.

73
00:05:49,250 --> 00:05:51,260
So that would probably be about it.

74
00:05:51,260 --> 00:05:54,290
Now some of them did and some of them didn't.

75
00:05:54,380 --> 00:06:01,790
We can try to render the page once again maybe some of the others will flip as well but it doesn't matter.

76
00:06:01,790 --> 00:06:06,920
This is just a little of some fun thing that you can do while performing the attack.

77
00:06:06,920 --> 00:06:09,350
You can fool around with some people.

78
00:06:09,350 --> 00:06:10,880
So nothing will slip.

79
00:06:10,880 --> 00:06:14,180
This is the picture that did flip this one as well right here.

80
00:06:14,870 --> 00:06:17,180
So that's a fun thing to do.

81
00:06:17,180 --> 00:06:17,910
Now let's see.

82
00:06:17,930 --> 00:06:23,850
Another thing that could be more useful which is this one saved screenshot to 192 that 168 that wanted

83
00:06:23,960 --> 00:06:26,990
to and this is the name of the screenshot.

84
00:06:27,020 --> 00:06:34,350
So let's actually see if we were really able to capture and screenshot so let's close this.

85
00:06:34,550 --> 00:06:38,810
Now I'm not really sure where exactly are these pictures it could be in the logs.

86
00:06:38,810 --> 00:06:41,450
So let's check right there.

87
00:06:41,750 --> 00:06:42,640
And here they are.

88
00:06:43,130 --> 00:06:47,620
We captured actually five different pictures.

89
00:06:47,690 --> 00:06:50,630
And let's actually open some of them.

90
00:06:50,630 --> 00:06:57,620
Now we will go to the folders and then we go to the root directory and then we will go to the M.I.T.

91
00:06:57,620 --> 00:07:03,250
map directory and then logs and see what kind of screenshots we were able to capture.

92
00:07:03,260 --> 00:07:05,990
Now let's go to the.

93
00:07:06,180 --> 00:07:07,310
Let me just see

94
00:07:11,490 --> 00:07:12,060
home.

95
00:07:12,060 --> 00:07:13,070
We know.

96
00:07:13,120 --> 00:07:20,190
Well I do not want to go right here where I want to go to the computer and then from the computer I

97
00:07:20,190 --> 00:07:22,650
want to go to the root directory.

98
00:07:22,710 --> 00:07:24,340
Let me just find it right here.

99
00:07:25,500 --> 00:07:29,940
Then we go to the Am I TMF Right here to the logs.

100
00:07:31,100 --> 00:07:41,980
And here are the pictures so we open one of them for example and we can see if it were to open so let's

101
00:07:41,980 --> 00:07:46,460
see if this picture will open OK.

102
00:07:46,490 --> 00:07:47,120
There it is.

103
00:07:47,120 --> 00:07:54,500
We can see that we successfully managed to capture a screenshot from the target's browser so this could

104
00:07:54,500 --> 00:07:59,270
be very interesting you could capture all kinds of stuff with screenshots.

105
00:07:59,510 --> 00:08:06,420
As I said it will only work on HDTV websites and on Egypt CPS Web sites while performing SSL.

106
00:08:06,500 --> 00:08:12,380
Now in this case we didn't perform as a cell we were attacking and HIPPA website so we can see that

107
00:08:12,500 --> 00:08:17,870
we successfully captured couple of screenshots on and on each 20 seconds.

108
00:08:17,870 --> 00:08:22,770
We can also see this image that were that was flipped on the target's browser.

109
00:08:22,910 --> 00:08:25,680
So this attack successfully worked.

110
00:08:25,680 --> 00:08:29,150
Now let me see since I don't really need this.

111
00:08:29,150 --> 00:08:33,530
Let me open up terminal from here and let me delete

112
00:08:41,920 --> 00:08:44,720
or I will just delete it later since it has some Twitter names.

113
00:08:44,730 --> 00:08:46,720
No sense to delete right now.

114
00:08:47,130 --> 00:08:49,920
And we can see that we successfully captured screenshots.

115
00:08:49,920 --> 00:08:53,930
And also we successfully flipped the images on Target's browser.

116
00:08:53,940 --> 00:08:56,670
Now this is not the only thing you can do with this.

117
00:08:56,670 --> 00:08:59,890
Of course and this is just some fun things that you can perform.

118
00:08:59,910 --> 00:09:02,490
So let's see what else we can do.

119
00:09:02,790 --> 00:09:04,380
We will not be running any more attacks.

120
00:09:04,380 --> 00:09:09,090
I just want to show you that there are other things you can do as well such as for example.

121
00:09:09,090 --> 00:09:14,340
I believe you can run a shell shock attack with a store using this command right here.

122
00:09:14,340 --> 00:09:20,130
So am I TMF Then e for the interface then.

123
00:09:20,280 --> 00:09:30,330
Right now you want to what you want to use E spoof and then ops spoof and then DHS p and you can use

124
00:09:30,390 --> 00:09:32,510
shellshock right here.

125
00:09:32,520 --> 00:09:34,740
I believe you need to specify a command.

126
00:09:34,740 --> 00:09:41,900
So for example hello and you will be able to run the shell shock attack which we covered even before

127
00:09:41,900 --> 00:09:42,950
briefly.

128
00:09:42,950 --> 00:09:49,900
Now shell shock as I said before the basic beat is a bug it is widely known and in the Unix special

129
00:09:50,920 --> 00:09:55,020
it would scar I believe in 2014 or something like that.

130
00:09:55,220 --> 00:09:55,640
It is.

131
00:09:55,640 --> 00:10:00,500
It allows an attacker to cause vulnerable versions of bash to execute arbitrary commands.

132
00:10:00,530 --> 00:10:06,080
So this can allow an attacker to gain unauthorized access to us to a computer system.

133
00:10:06,110 --> 00:10:09,710
So that is also something you can take a look at.

134
00:10:09,710 --> 00:10:13,170
You can also take a look at the key logger that I showed you before.

135
00:10:13,310 --> 00:10:15,500
So there is that option as well.

136
00:10:15,500 --> 00:10:18,110
And there are a bunch of other options that you can use right here.

137
00:10:18,110 --> 00:10:21,530
So we will not be covering all of them be covered some of them.

138
00:10:21,530 --> 00:10:27,310
Some of the more important ones and you can experiment with the others if you want to.

139
00:10:27,320 --> 00:10:32,570
Now in the next video what we will be covering is ether cap tool that is the tool for man in the middle

140
00:10:32,570 --> 00:10:36,390
attacking which comes pre installed in clinics.

141
00:10:36,500 --> 00:10:40,050
We will cover it briefly since we cover most of the attacks in this.

142
00:10:40,050 --> 00:10:44,930
Also I'll just show you about how to use the capital and what you can do with it.

143
00:10:45,050 --> 00:10:50,270
And then we will continue to the next section which is system hacking section which is probably the

144
00:10:50,270 --> 00:10:56,950
most important section in this course so that'll be about it for this tutorial.

145
00:10:56,950 --> 00:10:59,830
I hope you enjoyed it and I hope I see you in the next one.

146
00:11:00,160 --> 00:11:00,430
But.