1
00:00:00,240 --> 00:00:07,320
Now that we know how IRP spoofing works let's see how we can run this attack and redirect the flow of

2
00:00:07,320 --> 00:00:11,500
data so it flows through our device.

3
00:00:11,520 --> 00:00:19,410
This will allow us to intercept data and see everything sent to and from a target computer including

4
00:00:19,420 --> 00:00:23,160
usernames passwords and so on.

5
00:00:23,160 --> 00:00:28,490
Now there are a number of tools that can be used to run an ERP spoofing attack.

6
00:00:28,530 --> 00:00:34,110
You can even build your own tool and I cover this in my Python programming course.

7
00:00:34,110 --> 00:00:42,270
But in this lecture I want to show you how to use a very simple yet reliable tool called ERP spoof.

8
00:00:42,270 --> 00:00:50,000
Then in the next lectures we'll use a tool called better cap because it has more features.

9
00:00:50,070 --> 00:00:56,610
Basically the main reason why I want to cover a piece poof in this lecture because it is a very simple

10
00:00:56,610 --> 00:00:59,670
tool but it's very reliable.

11
00:00:59,680 --> 00:01:05,130
It's also ported to many operating systems including iOS and Android.

12
00:01:05,130 --> 00:01:11,040
Therefore if you learn how to use it here you'll be able to use this tool on all of the other operating

13
00:01:11,040 --> 00:01:18,240
systems so you can only use this tool to redirect the flow of data and make it flow through your computer

14
00:01:18,690 --> 00:01:24,510
and then you'll have to use another tool like a packet sniffer like wire shark to analyze this data

15
00:01:24,750 --> 00:01:29,810
and do more stuff with it and will cover all of this later on in the course.

16
00:01:30,930 --> 00:01:33,650
Now use an ERP spoof is very simple.

17
00:01:33,690 --> 00:01:37,280
First we're going to have to type its name so it's ERP spoof.

18
00:01:37,530 --> 00:01:45,570
Then we're going to do Dash I to specify the interface that is connected to the target network and in

19
00:01:45,570 --> 00:01:51,790
my case is 88 0 because that's the interface that's connected to the network.

20
00:01:51,810 --> 00:02:00,660
So if I do if config you'll see 88 0 is the interface that's connected now as you can see I'm going

21
00:02:00,650 --> 00:02:05,680
to be running this attack against my virtual not network.

22
00:02:05,750 --> 00:02:12,440
You can run this attack against any type of network even Wi-Fi networks and I will cover that later

23
00:02:12,440 --> 00:02:13,580
on in the course.

24
00:02:13,670 --> 00:02:20,350
But for now just until you properly understand how this works I highly recommend you do like I'm doing

25
00:02:20,350 --> 00:02:25,760
right now and test the attack against the virtual not network.

26
00:02:25,760 --> 00:02:32,510
So all you'll have to do is make sure the Kelly machine and the target Windows machine are both configured

27
00:02:32,720 --> 00:02:43,330
to use the same not network so we're going to do dash t to specify the target and my target is at 10

28
00:02:43,330 --> 00:02:53,680
0 2 7 as we can see in here that's the IP of my target and I'm going to have to give it the IP of the

29
00:02:53,710 --> 00:02:58,060
Gateway which is at 10 0 to 1.

30
00:02:58,060 --> 00:03:06,750
As you can see in here now this will spoof the target telling him that I am the router we'll also need

31
00:03:06,750 --> 00:03:09,620
to run this command once more in here.

32
00:03:09,720 --> 00:03:15,060
So I'm going to clear the screen and again I'm going to do a sharpie spool.

33
00:03:15,770 --> 00:03:26,400
I eat a zero and the target this time is going to be 10 0 to 1 and 10 0 2 7.

34
00:03:26,400 --> 00:03:32,040
So right now we're going to be telling the writer that I am the victim.

35
00:03:32,040 --> 00:03:34,100
So the first one will fool the victim.

36
00:03:34,140 --> 00:03:37,170
The second one will fall thereafter.

37
00:03:37,170 --> 00:03:44,750
Now keep in mind this attack will work against both either net and Wi-Fi or wireless networks.

38
00:03:44,790 --> 00:03:51,150
I'm done in it right now against the virtual network which acts as either net or a wired network.

39
00:03:51,480 --> 00:03:57,130
But the attack can be executed exactly the same against wireless networks.

40
00:03:57,180 --> 00:04:03,090
All you have to do is connect a wireless adapter to the Kelly machine connect the adapter to the target

41
00:04:03,090 --> 00:04:04,640
network and use it.

42
00:04:04,890 --> 00:04:07,990
So the same concept as the networks kind of applies.

43
00:04:08,130 --> 00:04:13,620
You need to have a wireless adapter that works well with Kelly and you need to have that adapter connected

44
00:04:13,620 --> 00:04:21,370
to Carly and connect it to the target network so I'm going to hit enter here and I'm going to hit enter

45
00:04:21,370 --> 00:04:31,060
here and now if we go to the target machine and run the same command a sharpie a you're going to see

46
00:04:31,090 --> 00:04:32,490
that the MAC address.

47
00:04:32,500 --> 00:04:41,250
Now for the router is different than what it was and this is actually the MAC address of the Cally machine.

48
00:04:41,250 --> 00:04:48,210
So right now this Windows machine thinks the router is at this MAC address and every time it needs to

49
00:04:48,210 --> 00:04:55,140
send requests it will send it to this MAC address which means that they will be sent to this computer

50
00:04:55,140 --> 00:04:59,850
right here now this computer is not a router.

51
00:04:59,900 --> 00:05:05,590
So when it gets requests it's actually going to stop them from flowing and going to the router.

52
00:05:05,600 --> 00:05:08,000
This is a security feature in Linux.

53
00:05:08,180 --> 00:05:14,960
So you need to enable port forwarding so that this computer would allow packets to flow through it just

54
00:05:14,960 --> 00:05:16,490
like a rafter.

55
00:05:16,820 --> 00:05:28,110
Now to enable port forwarding we're going to do Echo One to proc says net IP version for IP forward.

56
00:05:28,200 --> 00:05:31,940
And as you can see this command gets executed with no issues.

57
00:05:31,980 --> 00:05:38,520
And right now this computer will still have its internet access so we can go and browse any Web site

58
00:05:38,550 --> 00:05:47,760
we want but all these requests are not going directly to the router but they are going to this computer

59
00:05:47,760 --> 00:05:55,660
first and then this computer is forwarding them to the router as shown in this diagram.

60
00:05:55,710 --> 00:06:01,110
And then when the responses come back they're going to go to the hacker first and then they go to the

61
00:06:01,110 --> 00:06:02,970
victim.

62
00:06:03,000 --> 00:06:09,630
So as you can see a very simple tool it allows us to redirect the flow of data so it flows through our

63
00:06:09,630 --> 00:06:13,140
computer allowing us to become the man in the middle.

64
00:06:13,140 --> 00:06:20,390
And once we're the man in the middle we can inject code in the browser of the target we can steal usernames

65
00:06:20,580 --> 00:06:27,030
passwords see all the information that the person sends and receives replaced downloaded files with

66
00:06:27,030 --> 00:06:29,700
Trojans and much much more.