1
00:00:01,500 --> 00:00:04,560
So the first thing we're going to look at is the server side attacks.

2
00:00:05,370 --> 00:00:08,940
And again, these are the attacks that don't require user interaction.

3
00:00:09,450 --> 00:00:13,040
You can use these attacks with with servers.

4
00:00:13,070 --> 00:00:15,180
So Web servers and stuff like that.

5
00:00:15,480 --> 00:00:19,020
And you can also use it against normal computers that people use every day.

6
00:00:20,220 --> 00:00:25,710
The reason why I'm going to be using it against an application against my meter is Floatable, which

7
00:00:25,710 --> 00:00:30,450
runs Unix and which is more of a server than a normal personal computer is.

8
00:00:30,450 --> 00:00:37,830
Because if the if your target uses a personal computer and if they're not on the same network as you,

9
00:00:38,190 --> 00:00:42,800
then even if you get their IP address, their IP address is going to be behind the writer.

10
00:00:42,810 --> 00:00:45,870
So they'll probably be connecting the heart through arrived her.

11
00:00:46,260 --> 00:00:52,050
And therefore, if you use the IP to try and determine what operating systems run on it and what applications

12
00:00:52,050 --> 00:00:58,230
are installed, you will not get much useful information because you're only going to be getting information

13
00:00:58,230 --> 00:01:02,940
about the router and not about the person, because the person is hiding behind the router.

14
00:01:03,540 --> 00:01:11,400
Whereas when you're targeting a Web server or a server in general, then the server will have a IP address

15
00:01:11,610 --> 00:01:14,700
and that IP address, you can access it directly on the Internet.

16
00:01:16,030 --> 00:01:22,210
So this attack or these ways of gathering information that we're going to look at now will work if the

17
00:01:22,210 --> 00:01:23,710
person is on the same network.

18
00:01:24,100 --> 00:01:26,650
And if the person has a real IP.

19
00:01:26,890 --> 00:01:31,510
So if you can think the person, even if it's a personal computer, if you can ping it, then you can

20
00:01:31,510 --> 00:01:38,440
run all of the attacks and all of the information gathering methods that we're going to explain now.

21
00:01:39,010 --> 00:01:43,720
So in my example, I'm going to be targeting my mother's political machine here.

22
00:01:44,170 --> 00:01:48,100
And before I could show you anything, first of all, I want to show you the network settings.

23
00:01:48,370 --> 00:01:49,930
So it's said to not.

24
00:01:50,440 --> 00:01:53,830
And it's on the same network as my candy machine.

25
00:01:53,860 --> 00:01:56,170
So the candy machine is going to be my attacking machine.

26
00:01:56,770 --> 00:02:01,150
And again, on the network, it's set to not network and it's on the same subnet.

27
00:02:01,220 --> 00:02:02,460
Now, this is very important.

28
00:02:06,090 --> 00:02:13,830
So and here, if I do IP contact or if I do if confect sorry, you'll see that my IP is ten, twenty,

29
00:02:13,880 --> 00:02:15,060
fourteen, two or four.

30
00:02:15,660 --> 00:02:19,900
And if I go to my Caleigh machine, I should be able to ping it.

31
00:02:19,930 --> 00:02:22,830
Now, if I can't finish it, then we won't be able to do anything.

32
00:02:27,070 --> 00:02:30,200
And as you can see, we're getting responses back from the machine.

33
00:02:30,410 --> 00:02:33,920
So we are connected to that machine and we can get responses from it.

34
00:02:34,160 --> 00:02:36,890
Therefore, we can try and test its security.

35
00:02:37,400 --> 00:02:42,710
So, again, you can use these attacks and you can use these approaches against any computer that you

36
00:02:42,710 --> 00:02:43,090
can think.

37
00:02:43,100 --> 00:02:49,400
So if it's a personal computer or if it's a server of any kind, as long as you can ping that direction

38
00:02:49,430 --> 00:02:54,410
or you can pick that person, then you can use these attacks and these methods that we're going to talk

39
00:02:54,410 --> 00:02:56,410
about in the server site attacks.

40
00:02:56,900 --> 00:03:02,390
So it's going to work against Web sites, Web servers, people, normal computers as long as you can

41
00:03:02,390 --> 00:03:02,780
find them.

42
00:03:03,380 --> 00:03:07,550
And just to convey this idea, now, we see them with exploitable machine right there.

43
00:03:07,550 --> 00:03:12,410
So it's just a normal machine is the normal virtual machine that I can use right here to do anything

44
00:03:12,410 --> 00:03:12,780
I want.

45
00:03:12,800 --> 00:03:13,410
I can list.

46
00:03:13,460 --> 00:03:15,470
I can even install a graphical interface.

47
00:03:15,710 --> 00:03:20,400
And then I'll be able to do just use it just the way I use my Talli machine.

48
00:03:21,470 --> 00:03:23,320
But at the same time, it has a web server.

49
00:03:23,330 --> 00:03:25,970
So if I try to navigate to it from here.

50
00:03:28,360 --> 00:03:33,670
You'll see that I actually have a Web server here and it has Web sites that I can actually read and

51
00:03:33,670 --> 00:03:35,260
stuff and browse.

52
00:03:35,620 --> 00:03:39,490
And what we're actually going to have a look on these Web sites and see how we can test them in the

53
00:03:39,490 --> 00:03:39,850
future.

54
00:03:40,450 --> 00:03:42,190
So everything is a computer.

55
00:03:42,370 --> 00:03:45,310
If you can think that IP, you can use the server side attacks.

56
00:03:45,520 --> 00:03:49,930
It mostly works against servers because servers always have real IP is.

57
00:03:50,140 --> 00:03:55,180
And also, if the person is in the same network as you, then you can pick them and you can do all of

58
00:03:55,180 --> 00:03:56,990
these attacks as well.