1 1 00:00:00,990 --> 00:00:02,960 In this section, we're gonna start talking 2 2 00:00:02,960 --> 00:00:05,040 about Client Side Attacks. 3 3 00:00:05,040 --> 00:00:08,410 So, most of the time it's better to try to gain access 4 4 00:00:08,410 --> 00:00:11,110 to your target using the server-side attacks. 5 5 00:00:11,110 --> 00:00:14,380 So, try to find exploits in the operating system. 6 6 00:00:14,380 --> 00:00:16,870 And in the applications installed. 7 7 00:00:16,870 --> 00:00:19,100 If you tried that, and it didn't work, 8 8 00:00:19,100 --> 00:00:21,830 or if your target is hidden behind an IP, 9 9 00:00:21,830 --> 00:00:24,630 so if the target person is not in the same server as us, 10 10 00:00:24,630 --> 00:00:26,180 on the same network as us, 11 11 00:00:26,180 --> 00:00:29,160 and if the target person is using a network, 12 12 00:00:29,160 --> 00:00:32,200 so if you ping their IP, you won't be able to reach it, 13 13 00:00:32,200 --> 00:00:36,070 because they're hidden behind a router, or behind a network, 14 14 00:00:36,070 --> 00:00:38,650 then your next resort is going to be 15 15 00:00:38,650 --> 00:00:40,470 the client-side attacks. 16 16 00:00:40,470 --> 00:00:43,190 So these attacks require the user to do something. 17 17 00:00:43,190 --> 00:00:45,170 So the user's going to have to open a link, 18 18 00:00:45,170 --> 00:00:46,770 they're gonna have to install an update, 19 19 00:00:46,770 --> 00:00:49,310 they're gonna have to install a picture, or open a picture, 20 20 00:00:49,310 --> 00:00:51,410 or they have to interact, they have to do something. 21 21 00:00:51,410 --> 00:00:54,060 And once they do it, we will be able to run code, 22 22 00:00:54,060 --> 00:00:55,513 and achieve our goal. 23 23 00:00:56,560 --> 00:00:59,210 Therefore, because it requires user interaction, 24 24 00:00:59,210 --> 00:01:02,320 information gathering is very important in this case, 25 25 00:01:02,320 --> 00:01:05,010 and we don't only need to get information 26 26 00:01:05,010 --> 00:01:06,890 about the installed applications, 27 27 00:01:06,890 --> 00:01:08,890 we also need to know the person. 28 28 00:01:08,890 --> 00:01:10,730 We need to know their friends, 29 29 00:01:10,730 --> 00:01:12,690 we need to know the networks they use, 30 30 00:01:12,690 --> 00:01:14,120 the websites they use, 31 31 00:01:14,120 --> 00:01:19,020 if there's any websites that they frequently use and trust. 32 32 00:01:19,020 --> 00:01:22,232 Therefore, the information gathering section in here 33 33 00:01:22,232 --> 00:01:24,950 is going to be focused on the person, 34 34 00:01:24,950 --> 00:01:27,890 rather than focused on the applications 35 35 00:01:27,890 --> 00:01:29,593 and on the operating system. 36 36 00:01:30,690 --> 00:01:34,290 So, I also wanna show you my lab for this. 37 37 00:01:34,290 --> 00:01:36,300 So obviously we're gonna be using 38 38 00:01:36,300 --> 00:01:38,390 the Kali machine for the attacking, 39 39 00:01:38,390 --> 00:01:40,320 and the victim, or the target, 40 40 00:01:40,320 --> 00:01:42,733 is going to be using the Windows machine. 41 41 00:01:44,010 --> 00:01:46,070 So again, I'm just gonna go over the networks, 42 42 00:01:46,070 --> 00:01:48,940 just to to show you that they're both on the same network, 43 43 00:01:48,940 --> 00:01:52,940 they're both using the NAT, the 10.20.14-NAT, 44 44 00:01:52,940 --> 00:01:56,300 and if we go here, we have a NAT network as well, 45 45 00:01:56,300 --> 00:01:59,580 and it should be the 10.20.14 as well. 46 46 00:01:59,580 --> 00:02:02,330 So both devices are on the same network, 47 47 00:02:02,330 --> 00:02:03,660 but it really doesn't matter. 48 48 00:02:03,660 --> 00:02:05,380 Even if they're on different networks, 49 49 00:02:05,380 --> 00:02:08,220 these attacks will work anyway, where we're gonna be using 50 50 00:02:08,220 --> 00:02:10,550 reverse connections in most of them, so 51 51 00:02:12,020 --> 00:02:13,710 you don't really need, 52 52 00:02:13,710 --> 00:02:16,520 the target doesn't really need to have a separate 53 53 00:02:17,610 --> 00:02:18,873 real IP address.