1 1 00:00:01,440 --> 00:00:03,690 Now you have enough information 2 2 00:00:03,690 --> 00:00:06,510 to go ahead and try to gain access 3 3 00:00:06,510 --> 00:00:07,660 to other systems. 4 4 00:00:07,660 --> 00:00:09,660 To computers, servers, 5 5 00:00:09,660 --> 00:00:12,270 web servers and stuff like that. 6 6 00:00:12,270 --> 00:00:13,490 And in this section 7 7 00:00:13,490 --> 00:00:15,020 we're gonna be talking about 8 8 00:00:15,020 --> 00:00:17,603 gaining access to computer devices. 9 9 00:00:18,480 --> 00:00:20,500 And what I mean by computer devices 10 10 00:00:20,500 --> 00:00:22,050 is anything 11 11 00:00:22,050 --> 00:00:23,630 and the reason behind this, 12 12 00:00:23,630 --> 00:00:25,570 I wanna get this through, 13 13 00:00:25,570 --> 00:00:27,160 I wanna get this idea through, 14 14 00:00:27,160 --> 00:00:30,870 is that any electronic device you see 15 15 00:00:30,870 --> 00:00:31,940 is a computer. 16 16 00:00:31,940 --> 00:00:33,900 So a phone, a TV, 17 17 00:00:33,900 --> 00:00:35,740 a laptop, a web server, 18 18 00:00:35,740 --> 00:00:36,870 a website 19 19 00:00:36,870 --> 00:00:38,720 a network, a router, 20 20 00:00:38,720 --> 00:00:41,000 all of these things are computers. 21 21 00:00:41,000 --> 00:00:42,950 All of them have an operating system 22 22 00:00:42,950 --> 00:00:45,140 and they have programs installed 23 23 00:00:45,140 --> 00:00:47,130 on these operating systems. 24 24 00:00:47,130 --> 00:00:48,300 And usually, 25 25 00:00:48,300 --> 00:00:49,420 in most cases, 26 26 00:00:49,420 --> 00:00:52,540 these computers are used by a user. 27 27 00:00:52,540 --> 00:00:54,060 So you have an operating system, 28 28 00:00:54,060 --> 00:00:55,790 they have programs installed 29 29 00:00:55,790 --> 00:00:57,200 on that operating system 30 30 00:00:57,200 --> 00:00:58,270 and they have a user 31 31 00:00:58,270 --> 00:01:02,030 who uses and configures this system. 32 32 00:01:02,030 --> 00:01:03,550 So, I'm gonna be talking about 33 33 00:01:03,550 --> 00:01:05,640 how you gain access to computers 34 34 00:01:05,640 --> 00:01:06,710 in this example 35 35 00:01:06,710 --> 00:01:08,430 and actual personal computers 36 36 00:01:08,430 --> 00:01:10,440 so the name that people call it usually. 37 37 00:01:10,440 --> 00:01:11,680 A computer, 38 38 00:01:11,680 --> 00:01:12,513 so it's gonna be, 39 39 00:01:12,513 --> 00:01:13,370 we're gonna have a target 40 40 00:01:13,370 --> 00:01:14,600 of a Windows device 41 41 00:01:14,600 --> 00:01:15,600 and we're gonna have a target 42 42 00:01:15,600 --> 00:01:17,403 of a Linux device. 43 43 00:01:18,410 --> 00:01:21,310 But the concept is always the same. 44 44 00:01:21,310 --> 00:01:23,410 Getting access to computer devices 45 45 00:01:23,410 --> 00:01:24,280 is always the same. 46 46 00:01:24,280 --> 00:01:26,390 So you can apply the same concepts 47 47 00:01:26,390 --> 00:01:27,780 if you are targeting a phone, 48 48 00:01:27,780 --> 00:01:29,900 if you are targeting a tablet, 49 49 00:01:29,900 --> 00:01:31,280 if you're targeting a web server 50 50 00:01:31,280 --> 00:01:32,230 and we will be targeting 51 51 00:01:32,230 --> 00:01:33,650 web servers as well. 52 52 00:01:33,650 --> 00:01:36,000 But I will be talking about it 53 53 00:01:36,000 --> 00:01:37,680 just like a normal computer. 54 54 00:01:37,680 --> 00:01:39,920 This is very important to understand. 55 55 00:01:39,920 --> 00:01:42,280 Every device you see 56 56 00:01:42,280 --> 00:01:43,360 is a computer 57 57 00:01:43,360 --> 00:01:45,510 and it works just like your personal computer. 58 58 00:01:45,510 --> 00:01:46,940 So I can set up a web server 59 59 00:01:46,940 --> 00:01:48,010 on my computer. 60 60 00:01:48,010 --> 00:01:49,680 I can make it look like a website 61 61 00:01:49,680 --> 00:01:50,890 and make it act as a website, 62 62 00:01:50,890 --> 00:01:52,730 I can make it act as a TV 63 63 00:01:52,730 --> 00:01:55,230 and I can make it act as anything I want 64 64 00:01:55,230 --> 00:01:57,180 and literally TV's and all these things 65 65 00:01:57,180 --> 00:01:58,980 are just simpler computers 66 66 00:01:58,980 --> 00:02:02,833 with less complicated hardware in them. 67 67 00:02:04,150 --> 00:02:07,310 So, we're gonna be talking about 68 68 00:02:07,310 --> 00:02:09,000 attacking these devices 69 69 00:02:09,000 --> 00:02:10,860 from two main parts 70 70 00:02:10,860 --> 00:02:12,320 or from two main sides. 71 71 00:02:12,320 --> 00:02:13,550 The first approach 72 72 00:02:13,550 --> 00:02:14,580 that we're going to use 73 73 00:02:14,580 --> 00:02:16,720 is the server side. 74 74 00:02:16,720 --> 00:02:17,960 So in this side 75 75 00:02:17,960 --> 00:02:20,160 it doesn't require any user interaction. 76 76 00:02:20,160 --> 00:02:21,790 We're gonna have a computer 77 77 00:02:21,790 --> 00:02:23,670 and we're gonna see how we can 78 78 00:02:23,670 --> 00:02:25,620 gain access to that computer 79 79 00:02:25,620 --> 00:02:26,480 without the need 80 80 00:02:26,480 --> 00:02:28,020 for the user to do anything. 81 81 00:02:28,020 --> 00:02:29,990 For the user who uses that computer 82 82 00:02:29,990 --> 00:02:31,330 to do anything. 83 83 00:02:31,330 --> 00:02:33,820 This mostly applies to web servers 84 84 00:02:33,820 --> 00:02:36,620 and applications 85 85 00:02:36,620 --> 00:02:37,530 and devices 86 86 00:02:37,530 --> 00:02:39,670 that don't get used much by people. 87 87 00:02:39,670 --> 00:02:42,950 So people basically configure them 88 88 00:02:42,950 --> 00:02:45,470 and then they run automatically. 89 89 00:02:45,470 --> 00:02:48,060 So, all we have is gonna be an IP address 90 90 00:02:48,060 --> 00:02:49,620 and we're gonna see how we can test 91 91 00:02:49,620 --> 00:02:50,620 the security 92 92 00:02:50,620 --> 00:02:52,200 and gain access to that computer 93 93 00:02:52,200 --> 00:02:53,670 based on that IP. 94 94 00:02:53,670 --> 00:02:56,490 So, our main way of getting in 95 95 00:02:56,490 --> 00:02:58,200 is gonna be the operating system 96 96 00:02:58,200 --> 00:02:59,410 that that runs 97 97 00:02:59,410 --> 00:03:00,942 and the applications installed 98 98 00:03:00,942 --> 00:03:02,343 on that system. 99 99 00:03:03,430 --> 00:03:05,520 The second approach that we're gonna try 100 100 00:03:05,520 --> 00:03:07,200 is the client side attacks. 101 101 00:03:07,200 --> 00:03:09,250 So this approach will require 102 102 00:03:09,250 --> 00:03:10,810 the client or the person 103 103 00:03:10,810 --> 00:03:12,140 who uses that computer 104 104 00:03:12,140 --> 00:03:13,480 to do something. 105 105 00:03:13,480 --> 00:03:14,313 To do something 106 106 00:03:14,313 --> 00:03:15,267 that something could be 107 107 00:03:15,267 --> 00:03:16,480 a number of things. 108 108 00:03:16,480 --> 00:03:18,040 It could be installing an update, 109 109 00:03:18,040 --> 00:03:19,630 it could be opening a picture, 110 110 00:03:19,630 --> 00:03:21,670 it could be opening a Trojan, 111 111 00:03:21,670 --> 00:03:22,503 so we're gonna learn 112 112 00:03:22,503 --> 00:03:23,460 how to create a Trojan, 113 113 00:03:23,460 --> 00:03:24,860 how to create Backdoors, 114 114 00:03:24,860 --> 00:03:28,060 how to use social engineering 115 115 00:03:28,060 --> 00:03:29,580 to make the target person 116 116 00:03:29,580 --> 00:03:30,600 do something 117 117 00:03:30,600 --> 00:03:32,530 and when they do that action, 118 118 00:03:32,530 --> 00:03:34,803 we will gain access to their computer. 119 119 00:03:36,490 --> 00:03:37,350 Information gatherings 120 120 00:03:37,350 --> 00:03:38,650 can be crucial in this case 121 121 00:03:38,650 --> 00:03:40,460 because we actually need to know 122 122 00:03:40,460 --> 00:03:42,143 the person that we're targeting. 123 123 00:03:43,330 --> 00:03:44,410 After all of that, 124 124 00:03:44,410 --> 00:03:45,770 I'm gonna talk about 125 125 00:03:45,770 --> 00:03:47,300 the post exploitation. 126 126 00:03:47,300 --> 00:03:48,710 So what you could do 127 127 00:03:48,710 --> 00:03:50,720 after you gain access to this computer, 128 128 00:03:50,720 --> 00:03:52,110 regardless of the method 129 129 00:03:52,110 --> 00:03:53,590 that you gained access to it. 130 130 00:03:53,590 --> 00:03:55,940 So you could have used a server side exploit, 131 131 00:03:55,940 --> 00:03:56,950 you could have used 132 132 00:03:56,950 --> 00:03:58,330 a client side exploit 133 133 00:03:58,330 --> 00:03:59,163 or you could have 134 134 00:03:59,163 --> 00:04:00,560 just got physical access. 135 135 00:04:00,560 --> 00:04:01,630 The person left their desk 136 136 00:04:01,630 --> 00:04:02,600 and you got in. 137 137 00:04:02,600 --> 00:04:04,590 So, we're gonna see how you could, 138 138 00:04:04,590 --> 00:04:05,600 what can you do 139 139 00:04:05,600 --> 00:04:07,320 once you have access to your target. 140 140 00:04:07,320 --> 00:04:09,550 How you could further exploit that target 141 141 00:04:09,550 --> 00:04:11,150 and increase your privileges 142 142 00:04:11,150 --> 00:04:13,483 or target other computers in the same place.