1
00:00:00,970 --> 00:00:07,640
Information gathering is one of the most important steps when it comes to hiking or penetration testing.

2
00:00:07,960 --> 00:00:13,870
If you think of it you can't really gained access to a system if you don't have enough information about

3
00:00:13,870 --> 00:00:14,450
it.

4
00:00:14,830 --> 00:00:20,890
So for example let's say you're connected to a network and one of the devices connected to this network

5
00:00:21,100 --> 00:00:25,120
is your target now for you to hack into that target.

6
00:00:25,270 --> 00:00:30,760
First you need to discover all of the connected clients to this network get their MAC address their

7
00:00:30,760 --> 00:00:37,960
IP address and then from there try to maybe gather more information or answer my tags in order to gain

8
00:00:38,050 --> 00:00:40,710
access to your target.

9
00:00:40,720 --> 00:00:44,380
Now there are a number of programs that'll do this for you.

10
00:00:44,380 --> 00:00:49,270
Examples are net discover and end map which do this job really really well.

11
00:00:49,270 --> 00:00:56,410
So in this lecture we'll start with the simpler one which is a Discover and see how to use it to quickly

12
00:00:56,410 --> 00:01:00,610
map the network were connected to and end the next lecture.

13
00:01:00,670 --> 00:01:07,780
I'm going to show you how to use and map to gather detailed information about all of the clients connected

14
00:01:07,810 --> 00:01:09,180
to the same network.

15
00:01:10,420 --> 00:01:18,120
So I have my calleigh Terminal and year and if I do if config you'll see I have zero.

16
00:01:18,130 --> 00:01:25,320
It has an IP address and like I said this is the virtual interface created by birchell box.

17
00:01:25,360 --> 00:01:28,880
When we set the kyley machine to use an our network.

18
00:01:29,910 --> 00:01:37,620
Now I also said that this network behaves exactly like either network and as far as the Miss Eunice

19
00:01:37,620 --> 00:01:44,730
concerned it thinks that it is connected to our real wired network and as you can see here is tell me

20
00:01:44,730 --> 00:01:46,440
that wired connected.

21
00:01:47,530 --> 00:01:51,090
Now I have my virtual windows machine right here.

22
00:01:51,460 --> 00:01:56,760
It is configured to use the same nadda network as the kyley machine.

23
00:01:57,010 --> 00:02:00,020
Remember we're still in the where a kiking section.

24
00:02:00,130 --> 00:02:06,420
So both you and the target machine need to be connected to the same network.

25
00:02:06,460 --> 00:02:13,150
So as far as these two computers are concerned they think that they are connected to the same network.

26
00:02:13,150 --> 00:02:19,120
So what I want to do right now is use that discover and see how we can use it to discover all devices

27
00:02:19,330 --> 00:02:21,300
connected to the same network.

28
00:02:22,380 --> 00:02:27,750
Now the method that I'm going to show you will work exactly the same whether you use it against a virtual

29
00:02:27,750 --> 00:02:31,090
network like I'm doing right now or I guess the real network.

30
00:02:31,140 --> 00:02:35,730
And even if your target is a wife or a wireless network.

31
00:02:35,730 --> 00:02:40,950
So all you have to do is throw the name of the program which is net this cover and then they'd dash

32
00:02:41,040 --> 00:02:47,550
are to specify an IP range to Syria for this needs to be arranged.

33
00:02:47,550 --> 00:02:49,700
That can be accessed by you.

34
00:02:49,710 --> 00:02:57,990
So right now you can see that my IP is 10 0 to 16 and I can only access IP is on the same subnet.

35
00:02:58,020 --> 00:02:59,650
So I pees on the same subnet.

36
00:02:59,670 --> 00:03:02,660
Start out in zero to zero.

37
00:03:02,920 --> 00:03:11,320
And they would end at 10 0 2 2 5 4 because 2 5 4 is the last IP that a client can have.

38
00:03:12,410 --> 00:03:21,310
So my range is going to be 10 0 to 1 and they won a search for clients that might have an IP of days

39
00:03:21,360 --> 00:03:24,810
or a one dizzier or two two days or two or three.

40
00:03:25,040 --> 00:03:29,240
All the way up to 10 0 2 2 5 4.

41
00:03:29,750 --> 00:03:36,410
So instead of manually type in all of these eyepiece I can just type over a 24 hour net.

42
00:03:36,410 --> 00:03:42,680
This cover will automatically know that I'm trying to search for all of the IP is that's doubt out there

43
00:03:42,700 --> 00:03:47,420
as you are to wine and end at in 0 2 2 5 4.

44
00:03:47,420 --> 00:03:53,290
So this is a way of specifying an IP range for the whole subnet.

45
00:03:53,390 --> 00:03:54,820
So if I hit enter now.

46
00:03:56,240 --> 00:04:02,540
You'll see that this cover will show me all the I piece of the device is connected to the same network

47
00:04:03,080 --> 00:04:08,490
and note that the first three part of the IP is are always the same because they are on the same sub

48
00:04:08,490 --> 00:04:13,280
Nat and I also have the MAC addresses of these clients.

49
00:04:13,490 --> 00:04:18,130
NET discoverer's also attempted to guess the device vendor.

50
00:04:18,640 --> 00:04:22,170
Now if I press Q This will quit the program.

51
00:04:22,250 --> 00:04:27,260
Right now we have a list of all the connected clients to this same network.

52
00:04:28,050 --> 00:04:35,280
No like I said You can also use this method to discover a client's connected to the same wife I network.

53
00:04:35,280 --> 00:04:43,560
The only thing is right now if I do if config you can see that my candy machine does not have a wireless

54
00:04:43,560 --> 00:04:46,970
adapter it's not connected to a wife I network.

55
00:04:47,990 --> 00:04:54,400
And like I said before you cannot access the built in a wireless card from a virtual machine.

56
00:04:55,190 --> 00:05:01,250
Therefore if you want to do this or run any of the wireless attacks that we're going to see in the future

57
00:05:01,610 --> 00:05:08,530
against a real computer and a real wireless network you're going to need to use a wireless adapter.

58
00:05:09,750 --> 00:05:15,090
Now I'm going to include links in the description that'll help you pick a good adapter that works with

59
00:05:15,150 --> 00:05:16,280
khalila next.

60
00:05:16,480 --> 00:05:21,810
Well right now I actually have one and I'm just going to connect it and use it just to prove to you

61
00:05:21,960 --> 00:05:29,010
if things work on the virtual machines connected to the virtual network they will work exactly the same

62
00:05:29,190 --> 00:05:32,670
against a real network with real machines.

63
00:05:32,670 --> 00:05:34,870
So I'm going to connect my adapter now.

64
00:05:36,080 --> 00:05:38,500
And if I do if quod Fig.

65
00:05:39,420 --> 00:05:40,810
It's still much lower now.

66
00:05:40,920 --> 00:05:48,180
So I'm going to connected from my devices U.S. B and Italy can't be adapt her name.

67
00:05:49,270 --> 00:05:51,440
And let's see if that shows up now.

68
00:05:52,170 --> 00:05:52,760
Perfect.

69
00:05:52,800 --> 00:05:56,520
As you can see I have an adapter now called Lines 0.

70
00:05:57,410 --> 00:06:04,640
And well I'm going to do is I need to Kinect this adapter to a wife I network froze before I can discover

71
00:06:04,670 --> 00:06:07,940
all the connected clients to this network.

72
00:06:08,330 --> 00:06:10,960
So I'm going to go to my network manager.

73
00:06:11,090 --> 00:06:18,920
I'm going to click in here and you click on select network and as you can see automatically now is actually

74
00:06:18,920 --> 00:06:20,630
connected to a network.

75
00:06:20,660 --> 00:06:25,930
What in your case you'd want to select a network and click on kanag and then athel asked you for the

76
00:06:25,930 --> 00:06:27,300
password.

77
00:06:27,320 --> 00:06:35,450
So now I'm actually connected and you'll see if I do if conflict again right now lines 0 hires an IP

78
00:06:35,450 --> 00:06:36,250
address.

79
00:06:37,410 --> 00:06:42,950
So this means that it is connected to a network and this means that we can use it now with net this

80
00:06:42,950 --> 00:06:44,610
cover.

81
00:06:44,610 --> 00:06:50,100
So again I'm going to use the exact same command that I use before just to show you and prove to you

82
00:06:50,280 --> 00:06:56,400
that if this works against virtual machine as it'll work against real machines and the only difference

83
00:06:56,400 --> 00:06:58,200
is going to be the IP.

84
00:06:58,200 --> 00:07:05,860
So I'm gonna remove this IP and as you can see right now my IP is 1 9 2 1 6 8 1 8.

85
00:07:06,360 --> 00:07:15,290
So therefore the range that I'm going to look for is going to start at 1 9 2 5 6 8 1 1 and I'm going

86
00:07:15,290 --> 00:07:23,100
to leave the over 24 here because this will tell net this cover that I want to start at 1 9 2 6 8 1

87
00:07:23,100 --> 00:07:27,940
1 and finish at 1 9 2 1 6 8 2 5 4.

88
00:07:28,530 --> 00:07:30,490
So if I hit enter now.

89
00:07:32,400 --> 00:07:34,880
No this did not warrant and I know why.

90
00:07:35,010 --> 00:07:42,570
In order for this to work you actually have to disable the night network so that to disable the network

91
00:07:42,570 --> 00:07:48,900
or going to go on devices were going to go on network and were going to air uncheck the Kinect network

92
00:07:48,900 --> 00:07:49,740
adapter.

93
00:07:51,050 --> 00:07:52,980
So now was done with this.

94
00:07:53,060 --> 00:07:56,200
If we just run the exact same command again.

95
00:07:58,050 --> 00:08:05,770
As you can see it's this covering all the connected clients all their IP addresses all their MAC addresses.

96
00:08:05,790 --> 00:08:11,650
It's guessing the manufacturer and you can see it's also this covering some Apple devices here.

97
00:08:11,670 --> 00:08:16,640
So as you can see it's working perfectly using the exact same command.

98
00:08:17,530 --> 00:08:23,500
Now why do you do this just to show you that if things were against virtual machine years and guest

99
00:08:23,560 --> 00:08:29,380
virtual networks then they will work against three elmis she IMs because these virtual machines and

100
00:08:29,380 --> 00:08:33,050
virtual networks are modelled on very old machines.

101
00:08:33,170 --> 00:08:37,490
And as far as the machines are concerned they actually think they are real.

102
00:08:37,490 --> 00:08:39,330
Computers and real machines.