1
1

00:00:00,730  -->  00:00:03,640
<v ->Now before we dive into the course content,</v>
2

2

00:00:03,640  -->  00:00:06,420
I'd like to give you a teaser or a taste
3

3

00:00:06,420  -->  00:00:10,250
of what you'll be able to do by the end of the course.
4

4

00:00:10,250  -->  00:00:12,490
So this is going to be one example,
5

5

00:00:12,490  -->  00:00:14,550
that's based on one topic
6

6

00:00:14,550  -->  00:00:18,360
that's covered in one subsection of the course.
7

7

00:00:18,360  -->  00:00:20,410
Now, because this is a teaser lecture,
8

8

00:00:20,410  -->  00:00:22,970
I'm not gonna explain the technical aspect
9

9

00:00:22,970  -->  00:00:24,470
of how am I doing this,
10

10

00:00:24,470  -->  00:00:26,670
because I'm gonna teach you how to do this
11

11

00:00:26,670  -->  00:00:28,480
as you go through the course.
12

12

00:00:28,480  -->  00:00:31,710
For now just sit back and enjoy this lecture.
13

13

00:00:31,710  -->  00:00:33,050
And after this lecture,
14

14

00:00:33,050  -->  00:00:35,140
we're gonna dive into the course content,
15

15

00:00:35,140  -->  00:00:37,540
where you'll learn how to do things like this,
16

16

00:00:37,540  -->  00:00:39,310
and much, much more.
17

17

00:00:39,310  -->  00:00:41,500
So in this video, I'm gonna give you an example
18

18

00:00:41,500  -->  00:00:44,170
of hacking this Windows computer
19

19

00:00:44,170  -->  00:00:46,400
from this Linux machine.
20

20

00:00:46,400  -->  00:00:50,560
So in this example, I'm gonna use a program called ,
21

21

00:00:50,560  -->  00:00:54,090
which is a Browser Exploitation Framework.
22

22

00:00:54,090  -->  00:00:55,590
I'm gonna launch it from here.
23

23

00:00:57,780  -->  00:01:01,340
And the way this works is it uses a JavaScript code
24

24

00:01:01,340  -->  00:01:03,530
to hook a target computer,
25

25

00:01:03,530  -->  00:01:05,730
and then once a computer is hooked
26

26

00:01:05,730  -->  00:01:08,730
we'll be able to run a number of commands.
27

27

00:01:08,730  -->  00:01:12,230
Now to do that, I'm gonna use a man-in-the-middle attack
28

28

00:01:12,230  -->  00:01:15,940
to automatically inject the hook code for .
29

29

00:01:15,940  -->  00:01:18,420
So I'm gonna use a tool called man-in-the-middle F.
30

30

00:01:18,420  -->  00:01:21,070
And I'm gonna do an ARP spoofing attack.
31

31

00:01:21,070  -->  00:01:23,390
And I'm gonna give him my network interface,
32

32

00:01:23,390  -->  00:01:25,580
and I'm gonna give it the gateway.
33

33

00:01:25,580  -->  00:01:27,670
And I'm gonna give it the target IP address,
34

34

00:01:27,670  -->  00:01:30,710
which is the address of the Windows machine.
35

35

00:01:30,710  -->  00:01:31,780
Then I'm gonna tell it that,
36

36

00:01:31,780  -->  00:01:34,960
I want you to inject a JavaScript URL,
37

37

00:01:34,960  -->  00:01:36,530
and I'm gonna give it the location
38

38

00:01:36,530  -->  00:01:38,363
where the hook code is stored.
39

39

00:01:39,500  -->  00:01:43,660
I'm gonna hit Enter, and that's it running.
40

40

00:01:43,660  -->  00:01:45,500
Now, I know this looks very complicated,
41

41

00:01:45,500  -->  00:01:47,610
you don't know where I got the options from.
42

42

00:01:47,610  -->  00:01:49,640
All this looks confusing, but again,
43

43

00:01:49,640  -->  00:01:51,940
don't worry about that, we're gonna talk about this,
44

44

00:01:51,940  -->  00:01:53,530
and go through this step-by-step,
45

45

00:01:53,530  -->  00:01:55,280
so it will be very easy for you.
46

46

00:01:55,280  -->  00:01:57,550
Right now all you need to understand is
47

47

00:01:57,550  -->  00:02:01,410
this program is going to inject the hook code,
48

48

00:02:01,410  -->  00:02:04,660
so the code that allows BeEF to hack into that computer
49

49

00:02:04,660  -->  00:02:06,810
into the browser of the target person.
50

50

00:02:06,810  -->  00:02:10,400
So that the code will run without the person even knowing.
51

51

00:02:10,400  -->  00:02:12,420
So I'm gonna go to my Windows machine,
52

52

00:02:12,420  -->  00:02:13,920
I'm gonna run the web browser.
53

53

00:02:14,760  -->  00:02:16,300
And I'm just gonna go to any website,
54

54

00:02:16,300  -->  00:02:18,183
so I'm just gonna go to bing.com.
55

55

00:02:22,330  -->  00:02:24,940
Now, if we go back to the Kali machine,
56

56

00:02:24,940  -->  00:02:27,010
you'll see that we have the IP address
57

57

00:02:27,010  -->  00:02:30,290
of the target person under the hook browsers.
58

58

00:02:30,290  -->  00:02:32,410
And if we click on the commands tab,
59

59

00:02:32,410  -->  00:02:35,360
you'll see a large number of categories with commands
60

60

00:02:35,360  -->  00:02:37,790
that you can run on the target computer.
61

61

00:02:37,790  -->  00:02:41,240
Again, we'll talk about that later in future videos,
62

62

00:02:41,240  -->  00:02:44,070
what I'm interested in is a plugin,
63

63

00:02:44,070  -->  00:02:47,370
which allow us to show a notification bar
64

64

00:02:47,370  -->  00:02:48,713
on the target computer.
65

65

00:02:49,820  -->  00:02:52,130
And what I'm gonna say in that notification bar,
66

66

00:02:52,130  -->  00:02:54,260
is I'm gonna say that there is a new update,
67

67

00:02:54,260  -->  00:02:55,763
click here to install it.
68

68

00:02:56,760  -->  00:02:58,380
So what this is gonna do is,
69

69

00:02:58,380  -->  00:03:00,250
it's gonna show the target person
70

70

00:03:00,250  -->  00:03:01,710
that there is a new update,
71

71

00:03:01,710  -->  00:03:03,770
and once they install that new update,
72

72

00:03:03,770  -->  00:03:05,620
I'll hack into their computer,
73

73

00:03:05,620  -->  00:03:07,810
to do that, I'm gonna have to use a backdoor.
74

74

00:03:07,810  -->  00:03:09,250
Now, I've already made a backdoor
75

75

00:03:09,250  -->  00:03:11,960
that's not detectable by antivirus programs.
76

76

00:03:11,960  -->  00:03:14,090
I'm not gonna show you how to do that now,
77

77

00:03:14,090  -->  00:03:17,190
but in the course, you'll learn how to do that.
78

78

00:03:17,190  -->  00:03:18,700
So right now, I'm just gonna say
79

79

00:03:18,700  -->  00:03:22,233
where I stored the backdoor, and I call it update.exe.
80

80

00:03:23,590  -->  00:03:25,020
So that's it, that's all done.
81

81

00:03:25,020  -->  00:03:29,650
I'm gonna click on Execute, and that will execute it for me.
82

82

00:03:29,650  -->  00:03:31,890
Now, before I go and run the Update,
83

83

00:03:31,890  -->  00:03:34,730
I'm going to listen for incoming connections,
84

84

00:03:34,730  -->  00:03:36,880
so that I can connect to the target computer
85

85

00:03:36,880  -->  00:03:38,963
once they try to update their computer.
86

86

00:03:39,860  -->  00:03:42,190
So again, I'm gonna explain why you need to do this,
87

87

00:03:42,190  -->  00:03:44,210
and how to do this in future lecture,
88

88

00:03:44,210  -->  00:03:46,410
right now I'm just gonna do it very quickly.
89

89

00:03:48,680  -->  00:03:51,750
And once we do that, if we go on the target machine,
90

90

00:03:51,750  -->  00:03:55,277
you'll see that their Firefox is telling them that
91

91

00:03:55,277  -->  00:03:57,187
"There is a critical update,
92

92

00:03:57,187  -->  00:04:00,370
"and you need to click here to install that update."
93

93

00:04:00,370  -->  00:04:01,343
I'm gonna click it,
94

94

00:04:03,200  -->  00:04:05,040
and you can see that it's downloading
95

95

00:04:05,040  -->  00:04:07,663
an update file for me, I'm gonna save it.
96

96

00:04:09,370  -->  00:04:11,610
Now, that's downloaded for me.
97

97

00:04:11,610  -->  00:04:13,280
So if I go to my downloads,
98

98

00:04:13,280  -->  00:04:15,720
just to show you what the file look like,
99

99

00:04:15,720  -->  00:04:18,830
you can see that it looks like a normal file,
100

100

00:04:18,830  -->  00:04:22,340
it has a nice icon, if we run it
101

101

00:04:22,340  -->  00:04:24,170
we'll actually get an installer
102

102

00:04:24,170  -->  00:04:26,130
that will update flash for us.
103

103

00:04:26,130  -->  00:04:27,650
But at the same time,
104

104

00:04:27,650  -->  00:04:31,770
this is going to execute my backdoor at the background.
105

105

00:04:31,770  -->  00:04:33,070
Don't worry about this,
106

106

00:04:33,070  -->  00:04:35,230
I'm gonna teach you how to make your Trojans,
107

107

00:04:35,230  -->  00:04:37,860
or your evil files look and function
108

108

00:04:37,860  -->  00:04:39,500
just like any other file.
109

109

00:04:39,500  -->  00:04:42,580
So you can have a picture, a PDF,
110

110

00:04:42,580  -->  00:04:44,840
or an installer like I have in here
111

111

00:04:44,840  -->  00:04:46,720
that works like a normal file,
112

112

00:04:46,720  -->  00:04:49,440
but at the same time when it gets executed
113

113

00:04:49,440  -->  00:04:53,160
it'll execute your evil code in the background.
114

114

00:04:53,160  -->  00:04:55,500
So now even though that the target person is happy,
115

115

00:04:55,500  -->  00:04:56,850
they think they're installing
116

116

00:04:56,850  -->  00:04:59,450
an update for their Flash Player.
117

117

00:04:59,450  -->  00:05:01,940
If we go back to the Kali machine,
118

118

00:05:01,940  -->  00:05:05,060
you'll see that we managed to get a reverse session
119

119

00:05:05,060  -->  00:05:06,893
from the Windows machine.
120

120

00:05:08,600  -->  00:05:11,083
So I'm gonna interact with that computer.
121

121

00:05:11,920  -->  00:05:13,900
And now I'm inside it.
122

122

00:05:13,900  -->  00:05:16,650
So I can do so many things with the target computer,
123

123

00:05:16,650  -->  00:05:20,090
I basically have full control over that computer.
124

124

00:05:20,090  -->  00:05:22,730
And we're gonna talk about all the things that you can do
125

125

00:05:22,730  -->  00:05:25,410
in the post connection section of this course.
126

126

00:05:25,410  -->  00:05:27,790
What I wanna do now is, I wanna show you
127

127

00:05:27,790  -->  00:05:31,890
how to access the webcam of the target computer.
128

128

00:05:31,890  -->  00:05:35,490
So we're gonna use a plugin that comes with meterpreter.
129

129

00:05:35,490  -->  00:05:40,490
So I'm just gonna do webcam_stream, I'm gonna hit Enter.
130

130

00:05:45,160  -->  00:05:48,540
And as you can see, I managed to turn on the webcam
131

131

00:05:48,540  -->  00:05:49,830
of the target computer.
132

132

00:05:49,830  -->  00:05:51,570
So this is actually a webcam
133

133

00:05:51,570  -->  00:05:53,260
that's attached to the Windows machine,
134

134

00:05:53,260  -->  00:05:55,210
and right there, you can see me,
135

135

00:05:55,210  -->  00:05:57,450
and I basically hacked into the Windows machine.
136

136

00:05:57,450  -->  00:06:00,150
I can do anything I want on the new Windows machine.
137

137

00:06:00,150  -->  00:06:01,810
And I can also turn on the webcam,
138

138

00:06:01,810  -->  00:06:03,720
I can inject a key logger,
139

139

00:06:03,720  -->  00:06:06,280
I basically have full control over that machine.
140

140

00:06:06,280  -->  00:06:09,810
Now again, this is just an example of one attack
141

141

00:06:09,810  -->  00:06:11,140
that we're going to use.
142

142

00:06:11,140  -->  00:06:13,540
We're gonna do so many more attacks like this,
143

143

00:06:13,540  -->  00:06:16,550
and all of them are gonna allow us to gain full control
144

144

00:06:16,550  -->  00:06:17,923
over the target system.
145

145

00:06:19,790  -->  00:06:22,170
So don't worry about how to do this attack,
146

146

00:06:22,170  -->  00:06:23,340
don't worry about the commands,
147

147

00:06:23,340  -->  00:06:24,460
don't worry about all of that.
148

148

00:06:24,460  -->  00:06:26,840
This is just a teaser, a simple taste
149

149

00:06:26,840  -->  00:06:29,140
of the things that you'll be able to do
150

150

00:06:29,140  -->  00:06:30,443
by the end of the course.