1 1 00:00:01,060 --> 00:00:03,040 Now, before doing anything, 2 2 00:00:03,040 --> 00:00:07,630 I wanna show you the network settings of my Kali machine 3 3 00:00:07,630 --> 00:00:09,710 So, I'm going to select it here. 4 4 00:00:09,710 --> 00:00:12,893 I'm going to go to settings, network, 5 5 00:00:14,040 --> 00:00:18,193 and as you can see, it's set to use a NAT Network. 6 6 00:00:19,250 --> 00:00:23,163 So now, if I go to my Kali machine and do ifconfig, 7 7 00:00:24,340 --> 00:00:28,350 we'll see we have an interface called E.T.H. zero. 8 8 00:00:28,350 --> 00:00:31,340 This interface is a virtual interface 9 9 00:00:31,340 --> 00:00:35,040 created by VirtualBox because we set 10 10 00:00:35,040 --> 00:00:38,083 this machine to use a NAT Network. 11 11 00:00:39,120 --> 00:00:43,600 You can also see that this interface has an IP address, 12 12 00:00:43,600 --> 00:00:48,280 which means that is properly connected to this NAT Network, 13 13 00:00:48,280 --> 00:00:53,230 and it will provide the Kali machine with internet access 14 14 00:00:53,230 --> 00:00:58,033 as long as my host machine right here has internet access. 15 15 00:00:59,000 --> 00:01:02,500 So now, on my Kali, if I go, and let's say 16 16 00:01:02,500 --> 00:01:06,280 if I just go to Bing.com on my browser 17 17 00:01:08,730 --> 00:01:12,380 you'll see that I can successfully go to the website 18 18 00:01:12,380 --> 00:01:15,680 because Kali is connected to the internet 19 19 00:01:15,680 --> 00:01:20,323 through this virtual interface that is called E.T.H. zero. 20 20 00:01:21,180 --> 00:01:23,540 Now, if we go back to our diagram 21 21 00:01:23,540 --> 00:01:27,120 that shows what we need to create an access point, 22 22 00:01:27,120 --> 00:01:29,760 you can see that we need an interface 23 23 00:01:29,760 --> 00:01:32,270 that is connected to the internet. 24 24 00:01:32,270 --> 00:01:35,320 We don't care what type of interface this is, 25 25 00:01:35,320 --> 00:01:40,260 as long as this interface has internet access. 26 26 00:01:40,260 --> 00:01:44,630 So, in our example, we're gonna be using E.T.H. zero 27 27 00:01:44,630 --> 00:01:48,873 to provide our fake access point with internet access. 28 28 00:01:50,120 --> 00:01:52,280 The other interface that we need, 29 29 00:01:52,280 --> 00:01:55,950 we said that this needs to be a wireless adapter 30 30 00:01:55,950 --> 00:01:59,910 that is able to act as an access point. 31 31 00:01:59,910 --> 00:02:02,100 Again, if I go back to the result 32 32 00:02:02,100 --> 00:02:05,310 of my ifconfig, you can see I already have 33 33 00:02:05,310 --> 00:02:07,350 a wireless adapter connected 34 34 00:02:07,350 --> 00:02:09,873 to this computer; it's called lan zero. 35 35 00:02:10,760 --> 00:02:13,030 Keep in mind that this is in Managed Mode. 36 36 00:02:13,030 --> 00:02:18,030 It's not in Motor Mode, and it is not connected to anything. 37 37 00:02:18,040 --> 00:02:21,470 So you can see it does not have an IP address. 38 38 00:02:21,470 --> 00:02:23,500 This is very, very important. 39 39 00:02:23,500 --> 00:02:26,140 It needs to be, first of all, in Managed Mode 40 40 00:02:26,140 --> 00:02:30,440 and, second, not connected to any network. 41 41 00:02:30,440 --> 00:02:33,710 So, even if we go at the Network Manager in here, 42 42 00:02:33,710 --> 00:02:35,890 you can see we have Wired Connected. 43 43 00:02:35,890 --> 00:02:40,163 This is my E.T.H. zero and Wi-Fi Not Connected. 44 44 00:02:41,910 --> 00:02:44,700 Once we have everything configured properly, 45 45 00:02:44,700 --> 00:02:48,020 you're ready to use Mana and, before we started, 46 46 00:02:48,020 --> 00:02:50,490 we should modify its settings. 47 47 00:02:50,490 --> 00:02:54,360 Mana's settings are stored in a text file. 48 48 00:02:54,360 --> 00:02:57,510 So, to edit the settings, we're going to open this file 49 49 00:02:57,510 --> 00:03:02,350 and edit it using Leafpad which is just a text editor. 50 50 00:03:02,350 --> 00:03:04,123 So, I'm going to type Leafpad, 51 51 00:03:05,040 --> 00:03:09,310 followed by the location of the file that we want to modify, 52 52 00:03:09,310 --> 00:03:11,440 and the Settings File for Mana 53 53 00:03:11,440 --> 00:03:14,190 is stored in E.T.C. 54 54 00:03:14,190 --> 00:03:15,880 Mana Toolkit 55 55 00:03:15,880 --> 00:03:17,790 Host A.P.D. 56 56 00:03:17,790 --> 00:03:20,460 Mana dot conf. 57 57 00:03:20,460 --> 00:03:22,900 So, all we're doing with this command is 58 58 00:03:22,900 --> 00:03:26,810 we're using a text editor called Leafpad 59 59 00:03:26,810 --> 00:03:31,120 to open a file that is stored in this path. 60 60 00:03:31,120 --> 00:03:33,930 So when we hit Enter, you'll see 61 61 00:03:33,930 --> 00:03:37,480 we have the text editor here opening the file for us, 62 62 00:03:37,480 --> 00:03:39,630 and all of these are the settings 63 63 00:03:39,630 --> 00:03:42,630 that you can modify for Mana. 64 64 00:03:42,630 --> 00:03:45,290 You can actually get a full list and a full description 65 65 00:03:45,290 --> 00:03:48,910 of all the settings that you can modify in this link 66 66 00:03:48,910 --> 00:03:50,860 but we don't need this for now. 67 67 00:03:50,860 --> 00:03:54,543 The main thing that you need to modify is the interface. 68 68 00:03:55,520 --> 00:03:58,040 This is the interface that you want 69 69 00:03:58,040 --> 00:04:01,060 to use to broadcast the signal. 70 70 00:04:01,060 --> 00:04:05,600 So, basically, it is this component, and in my example 71 71 00:04:05,600 --> 00:04:09,940 this is going to be lan zero; this is my wireless interface. 72 72 00:04:09,940 --> 00:04:11,623 So I'm keeping this the same. 73 73 00:04:12,680 --> 00:04:15,420 The next thing that you might want to modify 74 74 00:04:15,420 --> 00:04:20,330 is the S.S.I.D.; this is the network name that will appear 75 75 00:04:20,330 --> 00:04:23,033 when people look for Wi-Fi networks. 76 76 00:04:23,890 --> 00:04:25,610 I'm going to keep this as internet 77 77 00:04:25,610 --> 00:04:27,640 so when people look for networks, 78 78 00:04:27,640 --> 00:04:31,663 they will see my fake access point under this name. 79 79 00:04:32,810 --> 00:04:34,940 So I have nothing to say right now 80 80 00:04:34,940 --> 00:04:38,210 but, if you modified anything, make sure you save the file 81 81 00:04:38,210 --> 00:04:41,023 from File Save, and then close it, 82 82 00:04:42,450 --> 00:04:45,400 and the next file that we'll need to modify 83 83 00:04:45,400 --> 00:04:48,640 is the Start Script; this is the file 84 84 00:04:48,640 --> 00:04:52,193 that will actually start Mana Toolkit for us. 85 85 00:04:53,220 --> 00:04:56,280 Again, we're going to use Leafpad to open and edit 86 86 00:04:56,280 --> 00:04:59,420 this file; so we're going to type Leafpad, 87 87 00:04:59,420 --> 00:05:04,420 followed by the location of Mana's Start Script which is 88 88 00:05:04,590 --> 00:05:09,490 in user share Mana Toolkit 89 89 00:05:09,490 --> 00:05:11,780 run Mana start 90 90 00:05:11,780 --> 00:05:13,310 NAT simple 91 91 00:05:13,310 --> 00:05:14,823 dot S.H. 92 92 00:05:16,980 --> 00:05:19,720 Now, in this file, there are two main things 93 93 00:05:19,720 --> 00:05:22,940 that you need to modify; the first one 94 94 00:05:22,940 --> 00:05:27,060 is the Upstream Interface; this is the interface 95 95 00:05:27,060 --> 00:05:30,700 that has internet access so this is 96 96 00:05:30,700 --> 00:05:34,520 this component right here and, as we've seen before, 97 97 00:05:34,520 --> 00:05:38,120 this is E.T.H. zero in my case. 98 98 00:05:38,120 --> 00:05:39,883 So I'm gonna leave this the same. 99 99 00:05:40,860 --> 00:05:45,330 The next one, the P.H.Y., is again the interface 100 100 00:05:45,330 --> 00:05:48,500 that is gonna broadcast the signal. 101 101 00:05:48,500 --> 00:05:52,550 So, in my example, this is my wireless adapter, 102 102 00:05:52,550 --> 00:05:56,390 and it is called lan zero- not lan one. 103 103 00:05:56,390 --> 00:05:59,980 So I'm actually gonna modify this to lan zero 104 104 00:05:59,980 --> 00:06:02,510 then I'm gonna save it Control 'S' 105 105 00:06:02,510 --> 00:06:05,120 and quit it Control 'Q', 106 106 00:06:05,120 --> 00:06:09,450 and that's it; we're ready to start the fake access point, 107 107 00:06:09,450 --> 00:06:11,010 and like we said before, we're going 108 108 00:06:11,010 --> 00:06:13,900 to be starting it using this script right here, 109 109 00:06:13,900 --> 00:06:17,230 this start NAT simple; that's why we modified it. 110 110 00:06:17,230 --> 00:06:20,140 So all we have to do is I'm gonna copy this 111 111 00:06:20,140 --> 00:06:22,360 because that's its location. 112 112 00:06:22,360 --> 00:06:25,680 So, in order to start it because this ends 113 113 00:06:25,680 --> 00:06:28,620 with a dot S.H., we're gonna do bash 114 114 00:06:29,820 --> 00:06:33,083 followed by the location of the script. 115 115 00:06:34,050 --> 00:06:37,260 So what we wanted to modify using a text editor 116 116 00:06:37,260 --> 00:06:39,620 we used the program called Leafpad 117 117 00:06:39,620 --> 00:06:42,360 followed by the path of the file. 118 118 00:06:42,360 --> 00:06:45,020 Right now, we don't want to modify it. 119 119 00:06:45,020 --> 00:06:48,150 We want to execute the code inside it. 120 120 00:06:48,150 --> 00:06:51,250 The code inside it is a Bash Script Code. 121 121 00:06:51,250 --> 00:06:55,493 That's why we're saying I want to run this file using bash. 122 122 00:06:56,910 --> 00:06:58,473 Now, I'm gonna hit Enter, 123 123 00:06:59,500 --> 00:07:02,810 and, as you can see, it's telling me that the access point 124 124 00:07:02,810 --> 00:07:06,280 is enabled, and I can press Enter 125 125 00:07:06,280 --> 00:07:09,263 to kill the access point so to exit it. 126 126 00:07:10,380 --> 00:07:14,060 Now, sometimes the first time that you run this script, 127 127 00:07:14,060 --> 00:07:17,150 it will not work; it will actually give you an error. 128 128 00:07:17,150 --> 00:07:20,127 So it's a good idea to actually just run the code again, 129 129 00:07:20,127 --> 00:07:23,530 literally the same command, if it fills, if it complains 130 130 00:07:23,530 --> 00:07:27,280 about the specific error, just run the command again, 131 131 00:07:27,280 --> 00:07:30,800 and it might work, if it didn't work for the second time, 132 132 00:07:30,800 --> 00:07:33,630 then ask me in the 'Q' and 'A' section, 133 133 00:07:33,630 --> 00:07:37,053 and we will respond to you and help you fix this issue. 134 134 00:07:37,980 --> 00:07:41,320 So now, let's go and try to connect to this network 135 135 00:07:41,320 --> 00:07:43,473 and see if it actually works. 136 136 00:07:44,950 --> 00:07:47,600 So right here, I have a windows machine. 137 137 00:07:47,600 --> 00:07:50,350 It's another virtual machine, but 138 138 00:07:50,350 --> 00:07:55,350 I have another wireless adapter connected to this machine. 139 139 00:07:55,430 --> 00:07:58,590 Do not test this from your host machine 140 140 00:07:58,590 --> 00:08:03,170 because the fake access point is getting its internet access 141 141 00:08:03,170 --> 00:08:06,040 from the host machine through the NAT Network. 142 142 00:08:06,040 --> 00:08:09,120 So, if you test this network from the host machine, 143 143 00:08:09,120 --> 00:08:11,360 the network will not work. 144 144 00:08:11,360 --> 00:08:14,610 So, either test it from another virtual machine 145 145 00:08:14,610 --> 00:08:17,060 with another wireless adapter 146 146 00:08:17,060 --> 00:08:19,880 or, if you don't have another wireless adapter, 147 147 00:08:19,880 --> 00:08:21,950 then you can test it from your phone 148 148 00:08:21,950 --> 00:08:26,950 or from another laptop or any other computer within range, 149 149 00:08:27,210 --> 00:08:31,333 but do not ever test it from the host machine. 150 150 00:08:32,720 --> 00:08:34,210 So right here, I'm going to search 151 151 00:08:34,210 --> 00:08:36,350 for networks to connect to, 152 152 00:08:36,350 --> 00:08:39,900 and, as you can see I have a network called Internet. 153 153 00:08:39,900 --> 00:08:41,620 It does not use a password 154 154 00:08:41,620 --> 00:08:43,313 so I'm just gonna connect to it. 155 155 00:08:50,080 --> 00:08:52,450 As you can see, I'm connected now, 156 156 00:08:52,450 --> 00:08:56,060 and I'm gonna open Firefox just to check if 157 157 00:08:56,060 --> 00:09:00,063 I have internet connection so I'm going to go to Bing.com, 158 158 00:09:02,640 --> 00:09:05,430 and, as you can see, Bing.com's loading. 159 159 00:09:05,430 --> 00:09:09,530 So now, I actually have internet access. 160 160 00:09:09,530 --> 00:09:12,300 So now, anything I do on this computer 161 161 00:09:12,300 --> 00:09:14,960 will have to be sent to the access point. 162 162 00:09:14,960 --> 00:09:16,920 If I want to access any websites, 163 163 00:09:16,920 --> 00:09:19,730 if I enter any passwords and usernames, 164 164 00:09:19,730 --> 00:09:22,707 everything is going to go to the access point, 165 165 00:09:22,707 --> 00:09:25,710 and the access point is the hacker machine 166 166 00:09:25,710 --> 00:09:29,330 so the hacker machine is already the man in the middle. 167 167 00:09:29,330 --> 00:09:31,650 So now, you're at the same position 168 168 00:09:31,650 --> 00:09:35,950 that you would be after running an A.R.P. spoofing attack. 169 169 00:09:35,950 --> 00:09:38,130 So you can go ahead and use Wireshark 170 170 00:09:38,130 --> 00:09:40,820 to sniff packets and analyze them, 171 171 00:09:40,820 --> 00:09:44,380 or you can go and use man in the middle left 172 172 00:09:44,380 --> 00:09:47,083 exactly as I showed you before. 173 173 00:09:48,320 --> 00:09:50,500 The only thing that you need to keep in mind 174 174 00:09:50,500 --> 00:09:52,800 when using Wireshark or man in the middle left 175 175 00:09:52,800 --> 00:09:56,490 or any other tool unique to set the interface 176 176 00:09:56,490 --> 00:09:59,970 to the interface that is broadcast in the signal. 177 177 00:09:59,970 --> 00:10:04,410 So this is the interface that you set in the P.H.Y. option, 178 178 00:10:04,410 --> 00:10:08,600 not in the Upstream; so in my case right now 179 179 00:10:08,600 --> 00:10:12,043 this would be lan zero, not E.T.H. zero. 180 180 00:10:13,030 --> 00:10:16,010 Also, if you're going to use man in the middle left, 181 181 00:10:16,010 --> 00:10:18,960 theoretically you wouldn't need to use the 182 182 00:10:18,960 --> 00:10:22,340 dash dash A.R.P. dash dash spoof argument, 183 183 00:10:22,340 --> 00:10:24,920 but I noticed that the tool will not work 184 184 00:10:24,920 --> 00:10:28,000 unless you add that argument so you can add it in, 185 185 00:10:28,000 --> 00:10:31,823 and you'll see that it'll work exactly as shown before.