1 1 00:00:01,520 --> 00:00:02,540 In today's lecture, 2 2 00:00:02,540 --> 00:00:03,870 and the next few lectures, 3 3 00:00:03,870 --> 00:00:05,693 we're going to talk about pivoting. 4 4 00:00:08,810 --> 00:00:09,860 We're going to assume 5 5 00:00:09,860 --> 00:00:13,043 that our target is this Metasploitable device. 6 6 00:00:13,940 --> 00:00:15,860 Now, each one of these circles, 7 7 00:00:15,860 --> 00:00:19,450 the big circles, we're going to assume is a network 8 8 00:00:19,450 --> 00:00:20,890 and as you can see, 9 9 00:00:20,890 --> 00:00:22,830 the Metasploitable device 10 10 00:00:22,830 --> 00:00:25,100 is not visible by the hacker. 11 11 00:00:25,100 --> 00:00:27,960 So the hacker cannot see this device. 12 12 00:00:27,960 --> 00:00:30,880 This device is hidden either behind the network 13 13 00:00:30,880 --> 00:00:34,160 or for some other reason, the hacker is not able 14 14 00:00:34,160 --> 00:00:37,020 to ping or access the IP address 15 15 00:00:37,020 --> 00:00:38,459 of this device. 16 16 00:00:38,459 --> 00:00:40,870 So we're assuming in our example 17 17 00:00:40,870 --> 00:00:45,044 that it exists in a different internal network. 18 18 00:00:45,044 --> 00:00:47,560 So we can see that this big network 19 19 00:00:47,560 --> 00:00:48,900 has four devices. 20 20 00:00:48,900 --> 00:00:50,790 It has the Metasploitable device, 21 21 00:00:50,790 --> 00:00:53,210 it has an iPhone, another device 22 22 00:00:53,210 --> 00:00:55,170 and the Windows device which we hacked 23 23 00:00:55,170 --> 00:00:57,193 and we can see that it's in red. 24 24 00:00:58,230 --> 00:01:02,320 And the hacker exists in this smaller network 25 25 00:01:02,320 --> 00:01:03,610 and there's only two devices. 26 26 00:01:03,610 --> 00:01:06,050 There the hacker and the red device, 27 27 00:01:06,050 --> 00:01:08,820 the Windows 10 device which we hacked. 28 28 00:01:08,820 --> 00:01:10,460 So the target of pivoting 29 29 00:01:10,460 --> 00:01:13,250 is we use the device that we hacked, 30 30 00:01:13,250 --> 00:01:15,050 the common device in the middle 31 31 00:01:15,050 --> 00:01:17,490 to compromise other devices 32 32 00:01:17,490 --> 00:01:20,300 that only this device has access to. 33 33 00:01:20,300 --> 00:01:23,850 So our target, the hacker cannot see the target 34 34 00:01:23,850 --> 00:01:25,810 which is the Metasploit device. 35 35 00:01:25,810 --> 00:01:27,980 But the device that we just hacked, 36 36 00:01:27,980 --> 00:01:30,320 the Windows device, can see that device 37 37 00:01:30,320 --> 00:01:32,520 because they're in the same network. 38 38 00:01:32,520 --> 00:01:33,920 So in our next videos, 39 39 00:01:33,920 --> 00:01:37,360 we're going to try to hack into the Metasploitable device 40 40 00:01:37,360 --> 00:01:41,130 while the Metasploitable device is not gonna be visible 41 41 00:01:41,130 --> 00:01:41,963 to the hacker 42 42 00:01:43,340 --> 00:01:46,090 which is the Kali device. 43 43 00:01:46,090 --> 00:01:48,290 The only way to access the Metasploitable 44 44 00:01:48,290 --> 00:01:50,170 is through the Windows device 45 45 00:01:50,170 --> 00:01:52,490 which we are going to use as a pivot 46 46 00:01:52,490 --> 00:01:55,603 in order to hack this device right there. 47 47 00:01:56,940 --> 00:02:00,450 So to set up my networks or my lab, 48 48 00:02:00,450 --> 00:02:03,790 I'm going to go to the VirtualBox Settings 49 49 00:02:05,040 --> 00:02:07,173 and I'm gonna go to the Preferences. 50 50 00:02:09,050 --> 00:02:10,603 And I'm gonna go to Network. 51 51 00:02:11,870 --> 00:02:14,430 And we can see that we have this network here 52 52 00:02:14,430 --> 00:02:17,410 that we've been using as the internal NAT network. 53 53 00:02:17,410 --> 00:02:20,170 This is the one in which my Windows 54 54 00:02:20,170 --> 00:02:22,950 and my Kali devices are connected to, 55 55 00:02:22,950 --> 00:02:25,320 the 10.20.14-NAT. 56 56 00:02:25,320 --> 00:02:27,130 I'm going to create another NAT network 57 57 00:02:27,130 --> 00:02:28,810 by clicking on the plus here 58 58 00:02:30,070 --> 00:02:32,770 and we can see that this one's called NatNetwork. 59 59 00:02:32,770 --> 00:02:34,610 Now, I'm gonna click on this icon 60 60 00:02:34,610 --> 00:02:39,610 to edit the settings and we can set the network IP. 61 61 00:02:42,210 --> 00:02:45,210 I'm gonna set it to 10.20. 62 62 00:02:45,210 --> 00:02:49,010 The other one was 14, so we'll set this one to 15. 63 63 00:02:49,010 --> 00:02:51,400 Zero up to 24. 64 64 00:02:51,400 --> 00:02:52,870 And I'm gonna change the name 65 65 00:02:52,870 --> 00:02:56,260 so we have the same kinda naming pattern 66 66 00:02:56,260 --> 00:02:59,423 and I'm gonna call it 10.20. 67 67 00:03:07,786 --> 00:03:09,380 So we created another network 68 68 00:03:09,380 --> 00:03:12,593 and the Kali machine is not connected to this network. 69 69 00:03:14,350 --> 00:03:16,530 Okay, so I'm gonna click OK. 70 70 00:03:16,530 --> 00:03:18,440 This network is created. 71 71 00:03:18,440 --> 00:03:22,160 So I'm going to modify the settings of the Windows device 72 72 00:03:22,160 --> 00:03:25,090 to get it to be connected to the two networks. 73 73 00:03:25,090 --> 00:03:27,900 So the Windows device as we can see in this, 74 74 00:03:27,900 --> 00:03:29,710 it's the common device 75 75 00:03:29,710 --> 00:03:32,810 and it's gonna be connected to the NAT network 76 76 00:03:32,810 --> 00:03:34,520 that the Kali's connected to 77 77 00:03:34,520 --> 00:03:38,220 and the one that is the Metasploit is connected to. 78 78 00:03:38,220 --> 00:03:39,490 Metasploitable. 79 79 00:03:39,490 --> 00:03:40,800 So in my Windows machine, 80 80 00:03:40,800 --> 00:03:43,240 the Settings, I'm gonna go to Networks 81 81 00:03:44,140 --> 00:03:46,720 and I'm gonna go to Adapter 2. 82 82 00:03:46,720 --> 00:03:48,410 I'm gonna enable that adapter 83 83 00:03:49,600 --> 00:03:53,170 and I'm going to connect it to a NAT network 84 84 00:03:53,170 --> 00:03:56,513 and I'm gonna select the 10.20.15-NAT. 85 85 00:03:57,440 --> 00:03:59,880 So the Windows device now uses two adapters, 86 86 00:03:59,880 --> 00:04:02,250 one of them is connected to the 14-NAT 87 87 00:04:02,250 --> 00:04:04,543 and the other one's connected to the 15-NAT. 88 88 00:04:06,960 --> 00:04:09,553 Then I'm gonna go to my Metasploitable device. 89 89 00:04:10,480 --> 00:04:14,010 I'm gonna under Settings, Network 90 90 00:04:14,010 --> 00:04:17,403 and instead of connecting it to the 10.20.14, 91 91 00:04:20,700 --> 00:04:23,313 I'm gonna connect it to the 10.20.15. 92 92 00:04:24,410 --> 00:04:27,940 So this way, the Metasploitable is only connected 93 93 00:04:27,940 --> 00:04:31,500 to the network which the Windows is connected to 94 94 00:04:31,500 --> 00:04:33,910 and the Kali's connected to the network 95 95 00:04:33,910 --> 00:04:35,860 which the Windows is connected to 96 96 00:04:35,860 --> 00:04:39,850 and Windows is connected to the two networks 97 97 00:04:39,850 --> 00:04:42,010 that I have right now in my devices 98 98 00:04:42,010 --> 00:04:44,910 so it's connected to this one and this one. 99 99 00:04:44,910 --> 00:04:46,980 Now, to verify that I have the right settings, 100 100 00:04:46,980 --> 00:04:49,720 I'm just gonna start my Metasploitable. 101 101 00:04:49,720 --> 00:04:51,570 And I'm gonna start the Windows 102 102 00:04:51,570 --> 00:04:53,560 and I'm just gonna do some ping commands 103 103 00:04:53,560 --> 00:04:56,773 to make sure that everything is set up correctly. 104 104 00:05:00,450 --> 00:05:02,640 Okay, so my machines have started 105 105 00:05:02,640 --> 00:05:06,580 and the main thing now is my Windows machine 106 106 00:05:06,580 --> 00:05:10,380 should be able to ping both of my Metasploitable 107 107 00:05:10,380 --> 00:05:11,750 and my Kali. 108 108 00:05:11,750 --> 00:05:14,233 So let's get the IP of the Metasploitable. 109 109 00:05:16,470 --> 00:05:19,150 And it's 10.20.15.4. 110 110 00:05:19,150 --> 00:05:24,020 So I'm gonna do ping 10.20.15.4. 111 111 00:05:27,070 --> 00:05:28,010 And as you can see now, 112 112 00:05:28,010 --> 00:05:32,080 the Windows machine can see the Metasploitable machine. 113 113 00:05:32,080 --> 00:05:34,460 Now, let's see if it can see the Kali machine 114 114 00:05:34,460 --> 00:05:36,587 which is on 14.203. 115 115 00:05:41,920 --> 00:05:44,760 And again, so the Windows can see both machines 116 116 00:05:44,760 --> 00:05:48,410 which means that it is the machine in the middle. 117 117 00:05:48,410 --> 00:05:51,470 Now let's see if the Metasploitable machine 118 118 00:05:51,470 --> 00:05:53,300 can see the Kali machine. 119 119 00:05:53,300 --> 00:05:54,850 It shouldn't be able to see it 120 120 00:05:54,850 --> 00:05:57,000 because we said the Kali machine 121 121 00:05:57,000 --> 00:05:59,450 and the Metasploitable machine are connected 122 122 00:05:59,450 --> 00:06:01,490 to two different networks. 123 123 00:06:01,490 --> 00:06:05,617 So I'm gonna do ping 10.20.14.203. 124 124 00:06:15,430 --> 00:06:17,840 Now, as you can see now, I got nothing 125 125 00:06:17,840 --> 00:06:19,590 and we can see that six packets 126 126 00:06:19,590 --> 00:06:21,840 were transmitted, zero received 127 127 00:06:21,840 --> 00:06:26,680 so my Metasploitable cannot see the Kali machine 128 128 00:06:26,680 --> 00:06:29,480 and the Kali cannot see the Metasploitable either. 129 129 00:06:29,480 --> 00:06:34,480 So if I do ping 10.20.15.4, 130 130 00:06:38,340 --> 00:06:41,180 you'll see that it's sent three packets, zero received. 131 131 00:06:41,180 --> 00:06:45,050 Again, these two devices cannot see each other 132 132 00:06:45,050 --> 00:06:47,120 because they're in two different networks. 133 133 00:06:47,120 --> 00:06:48,940 So what we're gonna do in the next videos 134 134 00:06:48,940 --> 00:06:52,340 is we already have an access to the Windows machine 135 135 00:06:52,340 --> 00:06:53,530 which can see both 136 136 00:06:53,530 --> 00:06:56,410 and we're gonna try to hack into the Metasploit 137 137 00:06:56,410 --> 00:07:00,090 using the Windows machine that we just hacked into 138 138 00:07:00,090 --> 00:07:02,170 because it's the common machine 139 139 00:07:02,170 --> 00:07:05,883 that is connected to both networks.