1
00:00:00,210 --> 00:00:02,520
‫Instructor: Hi, within this section,

2
00:00:02,520 --> 00:00:06,030
‫we are going to take a look at In-Network attacks.

3
00:00:06,030 --> 00:00:10,620
‫So, if you're connected to the same router, same modem,

4
00:00:10,620 --> 00:00:14,160
‫with another device, then you're on the same network.

5
00:00:14,160 --> 00:00:17,910
‫And you can actually try to attack a device

6
00:00:17,910 --> 00:00:20,400
‫on the same network using some techniques.

7
00:00:20,400 --> 00:00:23,520
‫And we are going to discuss that in this section.

8
00:00:23,520 --> 00:00:26,970
‫So, if you have taken the complete Ethical Hacker course

9
00:00:26,970 --> 00:00:29,490
‫from me, from Call Stars,

10
00:00:29,490 --> 00:00:32,190
‫then you know how to do this, okay?

11
00:00:32,190 --> 00:00:35,490
‫This works in mobile devices as well.

12
00:00:35,490 --> 00:00:40,110
‫Not as good as computers I would say,

13
00:00:40,110 --> 00:00:42,240
‫but it actually works.

14
00:00:42,240 --> 00:00:44,490
‫So if you don't know what I'm talking about,

15
00:00:44,490 --> 00:00:48,000
‫just don't worry you're gonna learn within a minute.

16
00:00:48,000 --> 00:00:49,860
‫So within this section,

17
00:00:49,860 --> 00:00:53,040
‫we are going to focus on network attacks.

18
00:00:53,040 --> 00:00:56,280
‫We have to understand how networks work.

19
00:00:56,280 --> 00:00:58,530
‫So we have to understand how we can reach

20
00:00:58,530 --> 00:01:00,690
‫to the internet and request some data,

21
00:01:00,690 --> 00:01:04,890
‫and get some responses, and actually get that responses

22
00:01:04,890 --> 00:01:09,330
‫in our devices inside of a network as well.

23
00:01:09,330 --> 00:01:12,780
‫So, that's what we are going to do in this lecture.

24
00:01:12,780 --> 00:01:17,700
‫So, assume that you have a device like a phone,

25
00:01:17,700 --> 00:01:22,500
‫and actually a computer and a laptop in your own house.

26
00:01:22,500 --> 00:01:26,520
‫So you have a router in order to connect to the internet,

27
00:01:26,520 --> 00:01:29,160
‫your internet provider.

28
00:01:29,160 --> 00:01:31,080
‫So, how does this work?

29
00:01:31,080 --> 00:01:34,530
‫So for example, if you want to go to google.com

30
00:01:34,530 --> 00:01:37,800
‫you actually forward that request to your router,

31
00:01:37,800 --> 00:01:40,680
‫and your router forwards that request to the internet,

32
00:01:40,680 --> 00:01:44,730
‫to google.com and gets some response,

33
00:01:44,730 --> 00:01:48,990
‫and then forwards that response back to your device.

34
00:01:48,990 --> 00:01:52,680
‫And in order for this to work,

35
00:01:52,680 --> 00:01:55,620
‫you should have an IP address,

36
00:01:55,620 --> 00:01:59,190
‫and you should have both local IP address

37
00:01:59,190 --> 00:02:01,590
‫and a public IP address.

38
00:02:01,590 --> 00:02:05,370
‫So, if you see something like that, 192.168.0.10

39
00:02:05,370 --> 00:02:10,370
‫or 10.0.2.15, these are your local IP addresses.

40
00:02:11,790 --> 00:02:16,470
‫So, if you see something like 10.0.2.15, 10.0.2.8, 10.0.2.5,

41
00:02:16,470 --> 00:02:20,970
‫you're most probably on a virtual network like a net network

42
00:02:20,970 --> 00:02:23,700
‫if you see something like 192.168,

43
00:02:23,700 --> 00:02:26,610
‫you're most probably on a real network,

44
00:02:26,610 --> 00:02:30,060
‫you're getting internet from the router itself,

45
00:02:30,060 --> 00:02:33,183
‫and this is your local IP.

46
00:02:34,050 --> 00:02:37,470
‫So you know how to get your local IP, right?

47
00:02:37,470 --> 00:02:39,270
‫We have seen this before.

48
00:02:39,270 --> 00:02:42,060
‫We have run IF config or IP config

49
00:02:42,060 --> 00:02:44,790
‫depending on your operating system.

50
00:02:44,790 --> 00:02:49,020
‫And in order to find your own public IP address,

51
00:02:49,020 --> 00:02:52,620
‫you can actually go to google.com, okay?

52
00:02:52,620 --> 00:02:56,100
‫And search for what is my IP address, like this.

53
00:02:56,100 --> 00:02:58,680
‫So if you search for what is my IP,

54
00:02:58,680 --> 00:03:02,040
‫it will display you an IP address, okay?

55
00:03:02,040 --> 00:03:05,040
‫And most probably you will see it when you just

56
00:03:05,040 --> 00:03:08,400
‫hit on the Google search like over here, okay?

57
00:03:08,400 --> 00:03:10,260
‫And I'm of course blurring it

58
00:03:10,260 --> 00:03:14,040
‫so that you can't see my own public IP address.

59
00:03:14,040 --> 00:03:15,840
‫And you can go to any website

60
00:03:15,840 --> 00:03:19,440
‫to find your own IP address as well.

61
00:03:19,440 --> 00:03:23,970
‫So the important thing is that the public IP address

62
00:03:23,970 --> 00:03:28,920
‫is the same thing for all the devices in your own network,

63
00:03:28,920 --> 00:03:32,700
‫because public IP address is for your router actually,

64
00:03:32,700 --> 00:03:34,470
‫it connects to the internet,

65
00:03:34,470 --> 00:03:38,340
‫it forwards that information to your devices.

66
00:03:38,340 --> 00:03:42,570
‫So every device over here has one public IP address,

67
00:03:42,570 --> 00:03:44,970
‫but at the same time they have

68
00:03:44,970 --> 00:03:48,060
‫all different local IP addresses.

69
00:03:48,060 --> 00:03:51,900
‫And in this network attack section

70
00:03:51,900 --> 00:03:55,350
‫we are actually interested in the local IP addresses

71
00:03:55,350 --> 00:03:58,260
‫because that's what we are going after.

72
00:03:58,260 --> 00:04:01,200
‫We are assuming that we are on the same network.

73
00:04:01,200 --> 00:04:03,120
‫And to be on the same network

74
00:04:03,120 --> 00:04:05,643
‫we have to connect to the same router.

75
00:04:06,900 --> 00:04:11,900
‫And after that we can try to spoof the IP addresses

76
00:04:12,600 --> 00:04:14,550
‫and gather the information

77
00:04:14,550 --> 00:04:18,210
‫that we are not supposed to be gathering at the first place.

78
00:04:18,210 --> 00:04:23,210
‫And by spoofing, I mean just tricking the rooter to think

79
00:04:24,000 --> 00:04:26,760
‫that we are a different device.

80
00:04:26,760 --> 00:04:30,270
‫So what we are gonna do just, we are going to

81
00:04:30,270 --> 00:04:34,320
‫open our Kali Linux and connect our Kali Linux

82
00:04:34,320 --> 00:04:38,550
‫directly to our router so that it can actually

83
00:04:38,550 --> 00:04:41,190
‫forward some requests and get some responses

84
00:04:41,190 --> 00:04:42,390
‫from the router.

85
00:04:42,390 --> 00:04:46,500
‫And in order to do that, you're gonna need a USB WiFi card.

86
00:04:46,500 --> 00:04:49,890
‫I'm going to explain what is it and how to get it.

87
00:04:49,890 --> 00:04:52,950
‫And as I said before, just don't get it

88
00:04:52,950 --> 00:04:55,200
‫if you're only taking this course

89
00:04:55,200 --> 00:05:00,030
‫and if you're just watching this out of curiosity, okay?

90
00:05:00,030 --> 00:05:03,060
‫Because it's a very simple and short section

91
00:05:03,060 --> 00:05:08,060
‫and it costs some money to get this USB WiFi card, okay?

92
00:05:08,700 --> 00:05:10,740
‫And just for that reason,

93
00:05:10,740 --> 00:05:13,410
‫I don't believe you have to get this,

94
00:05:13,410 --> 00:05:15,570
‫but if you're looking forward to be

95
00:05:15,570 --> 00:05:18,420
‫an mobile application penetration tester,

96
00:05:18,420 --> 00:05:20,940
‫of course you're more than welcome to buy it.

97
00:05:20,940 --> 00:05:22,680
‫So if I are run IF config,

98
00:05:22,680 --> 00:05:26,310
‫now I only see the eth0 over here, okay?

99
00:05:26,310 --> 00:05:30,570
‫And I have my MAC address right there.

100
00:05:30,570 --> 00:05:35,570
‫So we are not interested in the MAC address at this section.

101
00:05:36,090 --> 00:05:41,090
‫However, it actually has something to do with this attack

102
00:05:42,180 --> 00:05:47,180
‫because we are going to run some ARP spoofing

103
00:05:47,190 --> 00:05:48,420
‫in this section.

104
00:05:48,420 --> 00:05:53,190
‫So ARP stands for Address Resolution Protocol.

105
00:05:53,190 --> 00:05:55,620
‫And here you can see the MAC addresses

106
00:05:55,620 --> 00:05:58,800
‫and the IP addresses of the devices.

107
00:05:58,800 --> 00:06:01,110
‫Of course, they're just there for example,

108
00:06:01,110 --> 00:06:03,150
‫they're not real values.

109
00:06:03,150 --> 00:06:06,657
‫But in order to know the MAC address

110
00:06:06,657 --> 00:06:11,657
‫and IP address pairing in a network, we do some ARP scan.

111
00:06:13,440 --> 00:06:15,720
‫It's nothing to do with hacking, actually.

112
00:06:15,720 --> 00:06:18,930
‫You can just map the entire network

113
00:06:18,930 --> 00:06:22,170
‫using some ARP requests, okay?

114
00:06:22,170 --> 00:06:26,610
‫And you can say that, yeah, who has this IP address?

115
00:06:26,610 --> 00:06:30,210
‫And you can broadcast this message to the entire network

116
00:06:30,210 --> 00:06:34,170
‫and all of the devices will respond back immediately

117
00:06:34,170 --> 00:06:36,180
‫saying that I have this IP address

118
00:06:36,180 --> 00:06:37,470
‫and I have this MAC address.

119
00:06:37,470 --> 00:06:40,440
‫Yeah, it matches with me, so I'm this device.

120
00:06:40,440 --> 00:06:44,370
‫So the failure or the vulnerability in the system

121
00:06:44,370 --> 00:06:47,460
‫is that you don't have to ask a question

122
00:06:47,460 --> 00:06:50,070
‫or you don't have to broadcast a signal,

123
00:06:50,070 --> 00:06:54,510
‫in order to receive a response from any device.

124
00:06:54,510 --> 00:06:56,220
‫So what does it mean?

125
00:06:56,220 --> 00:06:58,320
‫So assume that I am the hacker

126
00:06:58,320 --> 00:07:00,660
‫on the right hand side over here.

127
00:07:00,660 --> 00:07:03,390
‫I can come over to the router

128
00:07:03,390 --> 00:07:07,320
‫and I can just say that I have the IP address

129
00:07:07,320 --> 00:07:12,210
‫of 192.168.0.9, even though I don't have it.

130
00:07:12,210 --> 00:07:15,990
‫And I can go to that device,

131
00:07:15,990 --> 00:07:19,980
‫the MacBook in our case or Mac computer in our case.

132
00:07:19,980 --> 00:07:24,980
‫And I can say that I have the IP address of 192.168.0.1.

133
00:07:25,560 --> 00:07:29,160
‫So the MacBook will think that I'm the router

134
00:07:29,160 --> 00:07:33,270
‫and the router will think that I'm the MacBook.

135
00:07:33,270 --> 00:07:38,270
‫So the MacBook will actually forward the requests to me

136
00:07:39,270 --> 00:07:44,270
‫and the router will forward the responses to me as well.

137
00:07:44,400 --> 00:07:47,220
‫And I will forward that request to the router

138
00:07:47,220 --> 00:07:48,930
‫and I will get the response back

139
00:07:48,930 --> 00:07:51,060
‫and I will forward the response back

140
00:07:51,060 --> 00:07:53,850
‫to the original MacBook.

141
00:07:53,850 --> 00:07:57,150
‫So I will be man in the middle.

142
00:07:57,150 --> 00:08:00,870
‫So this attack is called man in the middle, okay?

143
00:08:00,870 --> 00:08:05,100
‫And it all always starts with ARP spoofing,

144
00:08:05,100 --> 00:08:09,480
‫tricking router to believe that we are something else,

145
00:08:09,480 --> 00:08:11,520
‫we are someone else in the network,

146
00:08:11,520 --> 00:08:13,800
‫and tricking that someone else

147
00:08:13,800 --> 00:08:17,070
‫that we are actually the router itself.

148
00:08:17,070 --> 00:08:21,210
‫So, they will always forward the responses

149
00:08:21,210 --> 00:08:24,180
‫and requests through us, okay?

150
00:08:24,180 --> 00:08:27,870
‫So that we will be actually reading the requests

151
00:08:27,870 --> 00:08:31,350
‫and responses and seeing the confidential information

152
00:08:31,350 --> 00:08:36,060
‫like usernames and passwords that is being forwarded

153
00:08:36,060 --> 00:08:39,060
‫to the internet, or coming back from the internet

154
00:08:39,060 --> 00:08:43,920
‫so that we can hack the target device.

155
00:08:43,920 --> 00:08:46,629
‫So this is man in the middle attack,

156
00:08:46,629 --> 00:08:48,810
‫and we're going to see this in action

157
00:08:48,810 --> 00:08:50,820
‫and we are going to learn how to do that

158
00:08:50,820 --> 00:08:52,710
‫with mobile devices as well.

159
00:08:52,710 --> 00:08:54,180
‫So we're gonna stop here

160
00:08:54,180 --> 00:08:56,853
‫and continue within the next lecture.