1 1 00:00:01,010 --> 00:00:01,870 Now in this lecture 2 2 00:00:01,870 --> 00:00:03,650 we'll learn how to configure the router 3 3 00:00:03,650 --> 00:00:06,410 so that it forwards incoming connections 4 4 00:00:06,410 --> 00:00:09,520 to the Kali machine so we can receive reverse connections, 5 5 00:00:09,520 --> 00:00:11,800 we can hook people to BeEF 6 6 00:00:11,800 --> 00:00:14,550 and launch attacks outside the network the same way 7 7 00:00:14,550 --> 00:00:17,420 that we used to launch them inside the network. 8 8 00:00:17,420 --> 00:00:19,910 So to get to the router settings, 9 9 00:00:19,910 --> 00:00:23,640 usually the router is the first IP in the subnet. 10 10 00:00:23,640 --> 00:00:27,960 So you can see that my IP was 192.168.0.11. 11 11 00:00:27,960 --> 00:00:29,620 Usually the router is the first one 12 12 00:00:29,620 --> 00:00:31,880 so it'll be 198.168.0.1. 13 13 00:00:32,740 --> 00:00:34,740 Also, another way to get it, 14 14 00:00:34,740 --> 00:00:35,960 you can type in route -n 15 15 00:00:38,930 --> 00:00:40,580 and that'll show you where the gateway is. 16 16 00:00:40,580 --> 00:00:41,413 And as you can see, 17 17 00:00:41,413 --> 00:00:44,240 it's at 192.168.0.1. 18 18 00:00:44,240 --> 00:00:47,770 So this is the local IP address of the router. 19 19 00:00:47,770 --> 00:00:50,469 We're gonna browse that in our browser, 20 20 00:00:50,469 --> 00:00:52,169 so I'm just gonna type it in here. 21 21 00:00:54,416 --> 00:00:56,590 192.168.0.1. 22 22 00:00:56,590 --> 00:00:58,090 Hit enter. 23 23 00:00:58,090 --> 00:00:59,670 And as you can see, 24 24 00:00:59,670 --> 00:01:01,250 I have my router settings 25 25 00:01:01,250 --> 00:01:03,780 and I have to log in with the username and password. 26 26 00:01:03,780 --> 00:01:06,020 Now, the router settings might look different 27 27 00:01:06,020 --> 00:01:07,410 from router to router, 28 28 00:01:07,410 --> 00:01:09,610 but the names are usually the same. 29 29 00:01:09,610 --> 00:01:10,800 Usually, first of all, 30 30 00:01:10,800 --> 00:01:11,680 you'll have to log in 31 31 00:01:11,680 --> 00:01:13,300 as you can see here for me. 32 32 00:01:13,300 --> 00:01:17,710 And you either have a default username and password 33 33 00:01:17,710 --> 00:01:18,830 or it will be, 34 34 00:01:18,830 --> 00:01:20,950 you'll see them on a sticker behind 35 35 00:01:20,950 --> 00:01:23,200 or underneath the router itself. 36 36 00:01:23,200 --> 00:01:25,540 So for me, I've actually changed the password 37 37 00:01:25,540 --> 00:01:26,790 so I'm just gonna log in. 38 38 00:01:32,490 --> 00:01:35,220 So I'm logged in here to my control panel 39 39 00:01:35,220 --> 00:01:37,490 and again, it might look different for you. 40 40 00:01:37,490 --> 00:01:41,670 But you wanna look for something called IP forwarding. 41 41 00:01:41,670 --> 00:01:43,600 For me, it's under Advanced. 42 42 00:01:43,600 --> 00:01:45,043 So I'm gonna go to Advanced, 43 43 00:01:46,220 --> 00:01:48,143 and then I'm gonna go on Forwarding. 44 44 00:01:49,780 --> 00:01:52,580 And this is where I can set up my IP forwarding. 45 45 00:01:52,580 --> 00:01:55,150 So look for something called IP forwarding 46 46 00:01:55,150 --> 00:01:58,250 or I've actually seen them on some routers 47 47 00:01:58,250 --> 00:01:59,470 called virtual network, 48 48 00:01:59,470 --> 00:02:00,363 I don't know why. 49 49 00:02:01,270 --> 00:02:03,150 But you wanna look for something 50 50 00:02:03,150 --> 00:02:05,860 that allows you to set up rules to redirect ports 51 51 00:02:05,860 --> 00:02:07,690 inside the network. 52 52 00:02:07,690 --> 00:02:11,130 So the port that were listening on at the moment 53 53 00:02:11,130 --> 00:02:12,330 is port 8080. 54 54 00:02:12,330 --> 00:02:14,740 So that's the port that we picked in the handler, 55 55 00:02:14,740 --> 00:02:17,000 that's the port that we picked in the backdoor 56 56 00:02:17,000 --> 00:02:19,600 and that's the port that we wanna get the connection on. 57 57 00:02:19,600 --> 00:02:21,860 So the public port is gonna be 8080 58 58 00:02:22,890 --> 00:02:25,663 and again, the target port is gonna be 8080. 59 59 00:02:26,830 --> 00:02:30,210 And the target IP address is the IP address 60 60 00:02:30,210 --> 00:02:31,450 that's listening on the port. 61 61 00:02:31,450 --> 00:02:33,710 So this is the IP address of the Kali machine 62 62 00:02:33,710 --> 00:02:35,660 where you have your handlers running. 63 63 00:02:35,660 --> 00:02:38,540 So the IP address of may Kali machine right here 64 64 00:02:38,540 --> 00:02:40,900 is 192.168.0.11 65 65 00:02:40,900 --> 00:02:42,880 and we can see that also right here 66 66 00:02:42,880 --> 00:02:45,510 from the result of ifconfig, 67 67 00:02:45,510 --> 00:02:49,130 so it's 192.168.0.11. 68 68 00:02:49,130 --> 00:02:50,563 I'm gonna type that in here. 69 69 00:02:52,230 --> 00:02:53,063 And that's it, 70 70 00:02:53,063 --> 00:02:54,070 that's the rule that we wanna add. 71 71 00:02:54,070 --> 00:02:55,220 I'm gonna click on Save 72 72 00:02:56,260 --> 00:02:57,530 and that rule is saved. 73 73 00:02:57,530 --> 00:03:00,700 So now whenever the router gets a request 74 74 00:03:00,700 --> 00:03:02,180 for port 8080, 75 75 00:03:02,180 --> 00:03:05,100 it'll know that it's gonna forward that request 76 76 00:03:05,100 --> 00:03:06,340 to the Kali machine 77 77 00:03:06,340 --> 00:03:08,830 and the router will not cut that connection. 78 78 00:03:08,830 --> 00:03:11,660 So we've actually set up a proper route right now. 79 79 00:03:11,660 --> 00:03:14,560 So the first thing we did is we created the backdoor. 80 80 00:03:14,560 --> 00:03:16,790 We used the real IP in the backdoor, 81 81 00:03:16,790 --> 00:03:18,560 we didn't use the private IP, 82 82 00:03:18,560 --> 00:03:21,210 so we didn't use the 192.168.0.11, 83 83 00:03:21,210 --> 00:03:22,810 we used the real IP. 84 84 00:03:22,810 --> 00:03:24,740 We're gonna send that backdoor 85 85 00:03:24,740 --> 00:03:27,720 to a device on a different network. 86 86 00:03:27,720 --> 00:03:30,080 That device is gonna run the backdoor. 87 87 00:03:30,080 --> 00:03:32,020 The backdoor will try to connect back 88 88 00:03:32,020 --> 00:03:33,830 on the real IP to the router, 89 89 00:03:33,830 --> 00:03:35,910 but the router will know exactly what to do 90 90 00:03:35,910 --> 00:03:37,810 with this because we just set up our rule 91 91 00:03:37,810 --> 00:03:40,240 telling the router to forward any requests 92 92 00:03:40,240 --> 00:03:43,143 that it gets on port 8080 to the Kali machine. 93 93 00:03:44,460 --> 00:03:45,670 What I also want to do is, 94 94 00:03:45,670 --> 00:03:48,400 I actually wanna set up a rule for port 80. 95 95 00:03:48,400 --> 00:03:50,100 This is the port that Apache, 96 96 00:03:50,100 --> 00:03:52,100 that my web server runs on. 97 97 00:03:52,100 --> 00:03:55,990 And I wanna enable that so that I can download the backdoor 98 98 00:03:55,990 --> 00:03:58,240 from the target computer. 99 99 00:03:58,240 --> 00:04:00,253 So I'm gonna add the rule for port 80. 100 100 00:04:01,820 --> 00:04:03,820 And again, this is gonna be the same machine, 101 101 00:04:03,820 --> 00:04:04,793 the Kali machine. 102 102 00:04:06,170 --> 00:04:08,600 And we're gonna put port 80 here. 103 103 00:04:08,600 --> 00:04:09,950 We're gonna save this rule. 104 104 00:04:11,220 --> 00:04:13,450 And this will allow me to download the backdoor 105 105 00:04:13,450 --> 00:04:17,130 because I placed the backdoor in /va */www/ right here, 106 106 00:04:17,130 --> 00:04:20,610 so I'll actually be able to access my web server in Kali 107 107 00:04:20,610 --> 00:04:24,160 and download the backdoor from outside the Internet. 108 108 00:04:24,160 --> 00:04:26,593 So I'm gonna start my Apache web server. 109 109 00:04:30,590 --> 00:04:32,490 So this is actually just another example, 110 110 00:04:32,490 --> 00:04:33,670 you don't even need to do this. 111 111 00:04:33,670 --> 00:04:36,150 You can just transfer the backdoor using USB 112 112 00:04:36,150 --> 00:04:38,590 or any other method or send it via email. 113 113 00:04:38,590 --> 00:04:40,100 I'm just showing you another example 114 114 00:04:40,100 --> 00:04:42,093 of how port forwarding is used. 115 115 00:04:43,490 --> 00:04:45,480 Now I'm gonna go to a Windows machine 116 116 00:04:45,480 --> 00:04:47,980 and that Windows machine is gonna be connected 117 117 00:04:47,980 --> 00:04:49,880 to a completely different network. 118 118 00:04:49,880 --> 00:04:52,233 And we're gonna download the file from there. 119 119 00:04:54,180 --> 00:04:55,820 So here is my Windows machine 120 120 00:04:55,820 --> 00:04:57,350 and if I go and check my IP, 121 121 00:04:57,350 --> 00:05:00,160 you'll see it has a different external public IP. 122 122 00:05:00,160 --> 00:05:02,160 So I'm just gonna look for What's My IP. 123 123 00:05:04,070 --> 00:05:07,140 You'll see that the IP here is completely different 124 124 00:05:07,140 --> 00:05:10,303 than the IP of this machine that we used. 125 125 00:05:12,080 --> 00:05:15,510 So these are two completely separate devices 126 126 00:05:15,510 --> 00:05:18,050 connected to different networks. 127 127 00:05:18,050 --> 00:05:19,640 And what I'm gonna do know is 128 128 00:05:19,640 --> 00:05:22,770 I'm gonna access my Apache web server 129 129 00:05:22,770 --> 00:05:23,960 and download the back door. 130 130 00:05:23,960 --> 00:05:25,890 And normally, without IP forwarding, 131 131 00:05:25,890 --> 00:05:27,770 you won't be able to do that. 132 132 00:05:27,770 --> 00:05:28,740 And to access that, 133 133 00:05:28,740 --> 00:05:31,190 first I'm gonna get the IP of this machine again 134 134 00:05:31,190 --> 00:05:32,850 because I forgot it. 135 135 00:05:32,850 --> 00:05:37,310 And it's 89.100.145.189. 136 136 00:05:43,610 --> 00:05:45,740 And we called our backdoor, backdoor, 137 137 00:05:45,740 --> 00:05:47,723 so I'm just gonna type in backdoor.exe. 138 138 00:05:49,300 --> 00:05:50,600 And we're gonna hit enter. 139 139 00:05:53,260 --> 00:05:56,263 It's actually 189 here, not 89. 140 140 00:05:57,210 --> 00:05:58,100 And as you can see, 141 141 00:05:58,100 --> 00:06:00,280 I was able to download the backdoor. 142 142 00:06:00,280 --> 00:06:01,620 And this should actually tell you 143 143 00:06:01,620 --> 00:06:04,330 that IP forwarding has been set up correctly 144 144 00:06:04,330 --> 00:06:05,910 because without that, 145 145 00:06:05,910 --> 00:06:07,070 without IP forwarding, 146 146 00:06:07,070 --> 00:06:09,490 I wouldn't be able to access my web server 147 147 00:06:09,490 --> 00:06:10,600 and download the backdoor. 148 148 00:06:10,600 --> 00:06:13,360 So I'm actually accessing the web server in Kali 149 149 00:06:13,360 --> 00:06:14,890 as if it's a normal website. 150 150 00:06:14,890 --> 00:06:17,500 You can actually host fake webpages, 151 151 00:06:17,500 --> 00:06:18,680 you can host websites, 152 152 00:06:18,680 --> 00:06:21,173 anything you want right now on your Apache. 153 153 00:06:23,310 --> 00:06:24,580 So I'm gonna come in, 154 154 00:06:24,580 --> 00:06:25,850 I'm gonna run the backdoor 155 155 00:06:29,050 --> 00:06:31,990 and we'll see if that'll give me a reverse connection 156 156 00:06:31,990 --> 00:06:33,720 on my Kali machine, 157 157 00:06:33,720 --> 00:06:36,273 which is on a completely different network. 158 158 00:06:38,650 --> 00:06:40,060 And as you can see, 159 159 00:06:40,060 --> 00:06:42,790 I got a reverse Meterpreter shell 160 160 00:06:42,790 --> 00:06:44,610 and you can see that the shell is coming 161 161 00:06:44,610 --> 00:06:46,960 from an external IP address 162 162 00:06:46,960 --> 00:06:49,140 into my internal IP address 163 163 00:06:49,140 --> 00:06:50,700 to the Kali machine. 164 164 00:06:50,700 --> 00:06:53,570 And right now I can control the target computer 165 165 00:06:53,570 --> 00:06:55,150 and do all the things that we do 166 166 00:06:55,150 --> 00:06:56,803 in the post connection attacks.