Ethical Hacking Full Course – Learn Ethical Hacking in 10 Hours | Ethical Hacking Tutorial | Edureka

Hi guys, my name
is Aarya and I'm going to be your instructor
for this course today. So in this Ethical
Hacking full course video, we'll be learning almost
everything that is required for you to get started
as an Ethical Hacker. So come let's quickly go
over the topics that we are going
to be covering today firstly. We're going to be going
to the basics of cyber security and cryptography where we'll be learning
the key concepts of confidentiality
integrity and availability and how the cryptography
Concepts also tie into the whole picture next. We'll be looking
at some cyber threats. We be seeing how the Cyber threads
actually affect our computer and then we will also see
how we can mitigate them. After which we will be looking into the history
of ethical hacking. We learn how this all began in the Massachusetts
Institute of Technology.

And then we will be looking
into the fundamentals of networking and ethical
hacking in this will be learning the various tools that are used in ethical hacking and also
the network architectures. These tools are used
in after this. We will be having a look into what the most
famous operating systems that is there. That is Kali Linux. Kali Linux is used
by ethical hackers and penetration testers all around the world
will be learning how to install this on our local systems
will be learning the tools that come along with it and Bash we should be using
them after that. We'll be learning
about penetration testing and penetration. Testing is a subset
of ethical hacking. So in this we will be learning
about a tool called Metasploit and using Metasploit
will be learning. Learn more about vulnerability
analysis and how we can install back doors
in different computer systems and take advantages of these vulnerabilities now
nmap is also another tool that we are going
to be discussing in this course, we will be learning how we can use nmap
to gather information from our networks and how we can use this information
to our advantage after that.

We'll be learning deeply
about three cyber attacks that are there
in this industry first is cross-site scripting secondly
distributed denial of service and thirdly SQL
injection attacks. Now we be doing these attacks
ourselves on dummy targets and learning more
about these attacks and how they are orchestrated
and thus we will be learning more about how we
can mitigate them. If we actually become
ethical hackers now, we will also be discussing some very Advanced cryptography
methods called steganography, which is basically used
for hiding digital code inside images last but not the
least we will be also discussing how you could become
an ethical hacker yourself. So we'll be discussing
a roadmap will also be discussing the job profiles
that are there in the industry. Re and we will also
be discussing the companies that are hiring for these job
profiles along with the salaries that they are trying to offer. Also, we won't be leaving
hanging right there will also be discussing the 50 most
common interview questions that come along
with these job profiles so that you can snag that job interview and if you do
like our content in the end, please leave us a like, please leave a comment if you want to and do hit
the Subscribe button so that you can
join our ever-growing community of learners.

It can be rightfully said that today's generation
lives on the internet and we generally users
are almost ignorant as to how those random bits of ones and zeros Rich securely
to a computer. It's not magic its work
and sweat that makes sure that your packets reach to you
on sniffed today Ira ball from at Eureka. I'm here to tell you guys
about how cybersecurity makes this all possible now before we begin let me brief
you all about the topics that we're going to cover today.

So basically we're going
to ask three questions. Options that are important to cybersecurity firstly
we're going to see why cyber security is needed next
we're going to see what exactly is cyber security and in the end I'm going
to show you also a scenario how cybersecurity can save
a whole organization from organized cybercrime. Okay. So let's get started. Now as I just said we
are living in a digital era whether it be booking a hotel
room ordering some dinner or even booking a cab. We're constantly using
the internet and inherently constantly generating data
this data is generally He stored on the cloud which is basically a huge
data server or data center that you can access online. Also, we use an array of devices to access
this data now for a hacker. It's a golden age with so many access points
public IP addresses and constant traffic and tons of data to exploit
black hat hackers are having one hell of a time
exploiting vulnerabilities and creating malicious software for the same above
that cyber attacks are evolving by the day hackers
are becoming smarter and more creative
with their malware's.

And how they bypass virus scans and firewalls still
baffled many people. Let's go through some
of the most common types of cyber attacks now, so as you guys can see I've
listed out eight cyber attacks that have plagued us since
the beginning of the internet. Let's go through them briefly. So first on the list, we have General
malware's malware is an all-encompassing term
for a variety of cyber threats including Trojans viruses and worms malware
is simply defined as code with malicious intent that typically steals
data or destroy. On the computer
next on the list. We have fishing often
posing as a request for data from a trusted third
party phishing attacks are sent via email and ask users
to click on a link and enter the personal
data phishing emails have gotten much more sophisticated in
recent years making it difficult for some people to discern
a legitimate request for information from a false
one phishing emails often fall into the same category as
spam but are more harmful than just a simple ad
next on the list.

We have password attacks. It's a password attack is
exactly what it sounds like a third party trying
to gain access to your system. My tracking a user's password. Next up is DDOS which stands for
distributed denial-of-service DDOS attack focuses on disrupting the service
of a network a darker send High volumes of data or traffic through the network that is making a lot
of connection requests until the network
becomes overloaded and can no longer
function next up.

We have man-in-the-middle
attacks by impersonating the endpoint in
an online information. That is the connection
from your smartphone to a website the MIT. Emma docs can obtain information
from the end users and entity he or she is communicating
with for example, if your Banking online
the man in the middle would communicate with you
by impersonating your bank and communicate with the bank
by impersonating you the man in the middle would then receive
all the information transferred between both parties which could include
sensitive data such as bank accounts and personal
information next up. We have drive-by downloads
through malware on a Ledge. Emmett website a program is downloaded to a user system
just by visiting the site.

It doesn't require
any type of action by the user to download
it actually next up. We have mail advertising which is a way to
compromise your computer with malicious code that is downloaded
to your system when you click
on an effective ad lastly, we have Rogue softwares, which are basically malware's that are masquerading as legitimate and necessary
security software that will keep your system safe.

So as you guys can see now the internet sure
isn't the safe place. As you might think
it is this not only applies for us as individuals. But also large organizations. They're having multiple
cyber breaches in the past that has compromised the privacy
and confidentiality of a data. If we head over to the site
called information is beautiful. We can see all
the major cyber breaches that have been committed. So as you guys can see even
big companies like eBay, AOL Evernote Adobe
have actually gone through major cyber breaches, even though they have a lot
of security measures taken to protect the data
that they contain so it's not only that small individuals
are targeted by hackers and other people but even bigger organizations
are constantly being targeted by these guys.

So after looking at all sorts of cyberattacks possible
the breaches of the past and the sheer amount
of data available. We must be thinking that there must be some sort
of mechanism and protocol to actually protect us from all
these sorts of cyberattacks and indeed there is a way and this is called
cyber security in a Computing context security
comprises of cybersecurity and physical security. Both are used by
Enterprises to protect against unauthorized access
to data centers and other computerized
systems information security, which is designed to maintain
the confidentiality integrity and availability of data is a subset of cybersecurity
the use of cyber.

Cybersecurity can help prevent against cyberattacks data
breaches identity theft and can Aid in Risk Management. So when an organization
has a strong sense of network security and an effective
incident response plan, it is better able to prevent and mitigate these
attacks for example and user protection defense
information and guards against loss of theft while also scanning computers
for malicious code. Now when talking
about cybersecurity, there are three main activities that we are trying to protect
ourselves against and they are Unauthorized modification
unauthorised deletion and unauthorized access. These freedoms are very synonymous to the very
commonly known CIA Triad which stands for confidentiality
integrity and availability. The CIA Triad is also commonly referred to as
a three pillars of security and more security policies
of bigger organizations. And even smaller companies are
based on these three principles.

So let's go through
them one by one. So first on the list we have confidentiality confidentiality
is roughly equivalent to privacy measures
undertaken to ensure confidentiality are designed
to prevent sensitive information from reaching the wrong people while making sure
that the right people can in fact get it access
must be restricted. To those authorized to view
the data in question in as common as well for data
to be categorized according to the amount and type of damage that could be done. Should it fall into
unintended hands more or less stringent measures
can then be implemented across to those categories? Sometimes safeguarding
data confidentiality meanwhile special training for those privy to such documents such training would typically
include security risks that could threaten
this information training can help familiarize ourselves. Her eyes people
with risk factors and how to guard against them
further aspects of training can include strong password and password related
best practices and information about social
engineering methods to prevent them from bending
data handling rules with good intention and potentially
disastrous results. Next on list.

We have integrity Integrity
involves maintaining the consistency accuracy and trustworthiness of data over its entire lifecycle data
must not be changed in transit and steps must be taken
to ensure that data. Cannot be altered by unauthorized people for example
in a breach of confidentiality. These measures include file permissions and user
access controls Version Control may be used to prevent
are honest changes or accidental deletion by authorized users
becoming a problem. In addition. Some means must be in place
to detect any changes in data that might occur as a result of non-human caused events
such as electromagnetic pulses or server crash some data might include
checksums even cryptography. Graphic checksums for
verification of Integrity backup or redundancies must
be available to restore the affected data
to its correct State last but not least is availability
availability is best ensured by rigorous maintaining of all Hardware performing
Hardware repairs immediately when needed and maintaining a correctly functional
operating system environment that is free
of software conflicts.

It's also important to keep
current with all necessary system upgrades providing
adequate communication bandwidth and preventing the occurrences of Bottlenecks are equally
important redundancy failover and even higher availability
clusters can mitigate serious consequences when hardware issues
do occur fast in as adaptive Disaster
Recovery is essential for the worst-case scenarios that capacity is reliant
on the existence of a comprehensive Disaster
Recovery plan safeguards against data loss or interruption in connection must include unpredictable
events such as natural disasters and file to prevent data loss from such occurrences
a backup copy. He must be stored
in a geographically isolated location, perhaps even in a fireproof
water safe place extra security equipments
or software such as firewalls and proxy servers and goddess against down times and unreachable data you to malicious actions such as
denial-of-service attacks and network intrusions.

So now that we have seen what we
are actually trying to implement when trying to protect
ourselves on the internet. We should also know the ways that we actually
protect ourselves when we are attacked
by cyber organizations. So the Step to actually mitigate
any type of Cyber attack is to identify the malware
or the Cyber threat that is being currently going on
in your organization. Next. We have to actually analyze and evaluate all
the affected parties and the file systems that have been compromised and in the end we have
to patch the hole treatment so that our organization
can come back to its original running State
without any cyber breaches. So how is it exactly done? This is mostly done by actually
calculating three factors. The first factor is vulnerable. Leti the second factor is threat
and the third is risk. So let me tell you about
the three of them a little bit. So first on the list of actual calculation is
we have vulnerability. So a vulnerability refers
to a known weakness of an asset that can be exploited by
one or more attackers. In other words. It is a known issue that allows an attack
to be successful.

For example, when a team member resigns
and you forget to disable their access to external
accounts change logins or remove their names from the company credit
cards this leaves. Your business open to both unintentional
and intentional threats. However, most vulnerabilities
are exploited by automated tacos and not a human typing
on the other side of the network. Next testing for vulnerabilities is critical to ensuring
the continued security of your systems
by identifying weak points and developing a strategy
to respond quickly. Here are some questions that you ask when determining
your security vulnerabilities. So you have questions
like is your data backed up and stored in a secure off-site
location is your data stored in the cloud if yes, how exactly is
it being protected from cloud vulnerabilities? What kind of security
do you have to determine who can access modify or delete information from
within your organization next like you could ask questions like what kind of antivirus
protection is in use? What is the license currents are
the license current? And is it running
as often as needed? Also, do you have
a data recovery plan in the event of
vulnerability being exploited? These are the normal questions that one asks when actually
checking their vulnerability.

Next up is thread a thread
refers to a new or newly discovered incident with
potential to do harm to a system or your overall organization. There are three main types of thread National
threats like floods or tornadoes unintentional
threats such as employee mistakingly accessing
the wrong information and intentional threats. There are many examples of intentional threats including
spyware malware advert companies or the Actions of disgruntled
employees in addition worms and viruses are categorized as threats because they
could potentially cause harm to your organization through
exposure to an automated attack as opposed to one
perpetrated by human beings.

Although these threats
are generally outside of one's control and difficult
to identify in advance. It is essential to take
appropriate measures to assess threats regularly here are
some ways to do so and sure that your team members
are staying informed of current trends in cyber security so they
can The identify new threats, they should subscribe to blogs
like wired and podcast like the Tech janek's Extreme it that covers these issues as well as join
professional associations, so they can benefit from breaking news feeds
conferences and webinars. You should also perform
regular threat assessment to determine the best approaches
to protecting a system against the specific threat
along with assessing different types of thread
in addition penetration, testing involves modeling
real-world threats in order to discover vulnerabilities
next on the List, we have risk.

So risk refers to the potential
for loss or damage when a threat exploits
a vulnerability examples of risks include
Financial losses as a result of business disruption loss of privacy reputational
damage legal implications and can even include loss of life risk can also
be defined as follows, which is basically threat
X the vulnerability you can reduce the potential
for Risk by creating and implementing a
risk management plan. And here are the key aspects
to consider When developing your Management strategy firstly
we need to assess risk and determine needs when it comes to designing and implementing a
risk assessment framework. It is critical to prioritize
the most important breaches that need to be addressed all
the frequency May differ in each organization. This level of assessment
must be done on a regular recurring basis. Next. We also have to include a total stakeholder
perspective stakeholders include the business owners as
well as employees customers and even vendors all
of these players have the potential
to negatively impact.

Actor organization, but at the same time
they can be Assets in helping to mitigate risk. So as we see risk management
is the key to cybersecurity. So now let's go through a scenario
to actually understand how cybersecurity actually defend an organization against
very manipulative cybercrime. So cyber crime as we all know is
a global problem that's been dominating
the new cycle. It poses a threat
to individual security and an even bigger threat
to large International companies Banks and government
today's organized cybercrime. Part of Shadows
loan hackers of Fast and Now large organized crime
Rings function like startups and often employ
highly trained developers were constantly innovating
new online adapt most companies have preventative security software
to stop these types of attacks, but no matter how secure we are
cyber crime is going to happen.

So meet Bob, he's a chief security
officer for a company that makes a mobile app
to help customers track and manage their finances. So security is a top priority. So Bob's company has
an activity response. Platform in place that automates
the entire cybersecurity process the ARP software
integrates all the security and ID software needed
to keep a large company like Bob's secured
into a single dashboard and acts as a hub for the people processes and Technology needed to respond
to and contain cyber doll.

Let's see how this platform
works in the case of a security breach while Bob is out on a business trip
irregular activity occurs on his account as a user Behavior analytic engine
that monitors account activity. Recognize a suspicious Behavior
involving late-night logins and unusual amounts
of data being downloaded. This piece of software
is the first signal that something is wrong and alert is sent to the next
piece of software in the chain, which is the
security information and event management system. Now the ARP can orchestrate
a chain of events that ultimately prevents
the company from encountering a serious security disaster
the ARP connects to a user directory software that Bob's company uses. Which immediately Cognizes
the user accounts belong to an executive who is out on a business trip and then proceeds
to lock his account. The ARP sends the incident IP address to threat
intelligence software which identifies the dress as a suspected malware
civil as each piece of security software runs. The findings are recorded
in the ARP s incident, which is already busy
creating a set of instructions called A playbook for a security analyst
to follow The analyst and locks Bob's a bounce and
changes his passwords this time.

The software has determined
the attempted attack came from a well-known
cyber crime organization using stolen credentials. Bob's credentials were stolen when the hacker found
a vulnerability in his company's firewall software and use it to
upload a malware infected file. Now that we know how the attack happened
the analyst uses the ARP and identifies and patches all the things
the ARP uses information from endpoint tool to determine Which machines need
to be patched recommends how to pass them and then allows
the analyst to push the batches to all the computers
and mobile devices instantly.

Meanwhile Bob has to allow
the legal Departments of the breach and the ARP instantly
notifies the correct version of the situation
and the status of the incident after the attack is contained and Bob's account
is secured the analyst and communicates which data may
have been stolen or compromised during the incident. He identifies which
geography is jurisdiction. And Regulatory Agencies cover the users and informations
affected by the adapter. Then the ARB creates
a series of tasks.

So the organization can notify
the affected parties and follow all relevant compliances and liability procedures
in the past a security breach. This large would have
required Bob's company to involve several agencies and third parties to solve
the problem a process that could have taken
months or longer. But in a matter of hours
the incident response platform organized all of
the people processes. Has and Technology to identify
and contain the problem find the source of the attack
fix the vulnerability and notify all affected parties and in the future Bob and
his team will be able to turn to cognitive security tools.

These tools will read
and learn from tens of thousands of trusted publication blogs and
other sources of information. This knowledge will uncover
new insights and patterns and dissipate an isolate
and minimize attacks as they happen and
immediately recommend actions for Security Professionals
to take Keeping data safe and companies like pops
out of the headlines. Cryptography is essentially
important because it allows you to securely protect data that you don't want anyone else
to have access to it is used to protect corporate Secrets
secure classified information and to protect
personal information to guard against things
like identity theft and today's video
is basically going to be about cryptography now before we actually jump
into the session. Let me give you guys
a brief on the topics that we're going to cover today. So first of all, we're going to cover
what is cryptography through the help
of a very simplistic scenario, then we are going to go through
the classifications of Rafi and how the different classification
algorithm works in the end.

I'm going to show you
guys a Nifty demo on how a popular algorithm
called RSA actually works. So let's get started. Now. I'm going to take the help
of an example or a scenario to actually explain. What is cryptography. All right. So let's say we have
a person and let's call him Andy now suppose Andy sends a message
to his friend Sam who's on the other side
of the world now, obviously he wants
this message to be private and nobody else should Have
access to the message now. He uses a public forum. For example the internet
for sending this message.

The goal is to actually
secure this communication. And of course we have to be
secured against someone now, let's say there is
a smart guy called Eve who is secretly got access
to your Communication channel since this guy has access
to your communication. He can do much more
than just eavesdrop. For example, you can try
to change the message in itself. Now this is just
a small example. What if Eve actually gets access
to your private information.

Well that could actually result
in a big catastrophe. So, how can an D be sure that nobody in the middle could
access the message center sound. The goal here is to make
communication secure and that's where cryptography comes in. So what exactly is cryptography? Well cryptography
is the practice and the study of techniques
for securing communication and data in the
presence of adversaries. So, let me take
a moment to explain how that actually happens. Well, first of all,
we have a message. This message is firstly
converted into a Eric form and then this numeric form
is applied with a key called an encryption key and this encryption key is used
in encryption algorithm. So once the numeric message and the encryption key
has been applied in an encryption algorithm. What we get is called
a cipher text. Now this Cipher text
is sent over the network to the other side of the world where the other person
whose message is intended for will actually use
a decryption key and use the ciphertext as a parameter
of a decryption algorithm.

And then he'll get what we actually send
as a message and if some error had actually
occurred he'd get an arrow. So let's see how cryptography can help secure
the connection between Andy and sound so
the protect his message and the first converts
his readable message to an unreadable form here. He converts a message
to some random numbers and after that he uses a key to encrypt his message
after applying this key to the numerical form
of his message. He gets a new
value in cryptography.

We call this ciphertext. So now if Andy
sends the ciphertext or encrypted message
over Communication channel, he won't have to worry about somebody in the middle of
discovering the private message. Even if somebody manages
to discover the message, he won't be able
to decrypt the message without having a proper key
to unlock this message. So suppose Eve here
discovers the message and he somehow manages
to tamper with the message and message finally reaches
some Sam would need a key to decrypt the message to
recover the original plaintext. So using the key he
would convert a cipher. X2 numerical value corresponding to the plain text now after
using the key for decryption, what will come out is
the original plain text message or an adult now this error
is very important. It is the way Sam knows that message sent by Andy is
not the same as a message that you receive. So the error in a sense tells us that Eve has tampered
with the message. Now, the important thing
to note here is that in modern
cryptography the security of the system purely relies
on keeping the encryption and decryption key secret
based on the type of keys and encryption.

Algorithms cryptography is classified under
the following categories. Now cryptography is
broadly classified under two categories namely symmetric key cryptography
and a symmetric key cryptography popularly also known as
public key cryptography. Now symmetric key cryptography is further classified
as classical cryptography and modern cryptography further drilling down classical
cryptography is divided into two which is transposition cipher and substitution Cipher on the
other hand modern cryptography. He is divided into stream Cipher and block Cipher
in the upcoming slides are broadly explain all
these types of cryptography. So let's start with symmetric
key cryptography first. So symmetric key algorithms
are algorithms for cryptography that use the same cryptographic
keys for broad encryption of plaintext and decryption of ciphertext the keys
may be identical or there may be some simple
transformation to go between the two keys the keys in practice represent
a shared secret between two or more parties that can be used to maintain a private information
link this requirement that both parties have access to the secret key is
not the main drawbacks of symmetric key
encryption in comparison to public key encryption also known as a symmetric
key encryption now symmetric key cryptography is sometimes also called
secret key cryptography and the most popular
symmetric key system is the data encryption standards, which also stands
for D EAS next up.

We're going to discuss
transposition Cipher. So in cryptography a transposition cipher
is a method of encryption by which the positions held
by units of plain text, which are commonly
characters are groups of characters are shifted
according to a regular system so that the ciphertext
constitutes a permutation of the plain text. That is the order
of units is changed. The plaintext is reordered now, mathematically speaking
a bijective function is used on the characters position to encrypt and an inverse
function to decrypt. So as you can see that there is an example
All on the slide. So on the plain text side,
we have a message, which says meet me
after the party. Now. This has been carefully arranged
in the encryption Matrix, which has been divided
into six rows and the columns.

So next we have a key which is basically
for to 165 and then we rearranged by looking
at the plain text Matrix and then we get the cipher text which basically is
some unreadable gibberish at this moment. So that's how this
whole algorithm works on the other hand when the ciphertext Being
converted into the plain text The plaintext Matrix
is going to be referred and it can be done
very easily moving on. We are going to discuss
substitution Cipher. So substitution of single letter
separately simple substitution can be demonstrated by writing out the alphabets in some order to represent
the substitution. This is termed a substitution
alphabet the cipher the alphabet may be shifted or reversed creating the Caesar and upstage Cipher
respectively or scrambled in a more complex fashion.

In which case it is called
a mixed Alpha bit or deranged alphabet traditionally mixed alphabets
may be created by first writing out keyword removing
repeated letters in it. Then writing all the remaining
letters in the alphabet in the usual order now
consider this example shown on the slide using the system. We just discussed
the keyword zebras gives us the following alphabets
from the plain text alphabet, which is a to z. So the ciphertext alphabet is basically zebras Then
followed by all the alphabets. We have missed out
in the zebra word. So as you guys, Can see it's zebras followed
by s c d e f g h and so on now suppose
we were to actually encrypt a message
using this code.

So as you guys can see on the screen,
I've shown you an example, which is a message flee at once. We are discovered
is being actually encrypted using this code. So if you guys can see
out here the F letter actually corresponds to S. And then the L letter
actually corresponds to I out here then we actually
get the cipher text which is Si a a is that you using the code and the process that I just
discussed now traditionally, the cipher text
is written out in blocks of fixed length omitting
punctuations and spaces. This is done to help avoid
transmission errors to disguise the word boundaries
from the plain text. Now these blocks
are called groups and sometimes a group count. That is the number of groups
is given as an additional check now five-letter
groups are traditional as you guys can see that we have also divided
our ciphertext into groups of five and this dates back. Back to when messages
were actually used to be transmitted by Telegraph. Now if the length of the message happens
not to be divisible by 5.

It may be padded
at the end with nulls and these can be any characters that can be decrypted
to obvious nonsense. So the receiver
can easily spot them and discard them next on
our list is stream Cipher. So a stream Cipher is a method of encrypting text
to produce Cipher text in which a cryptographic key and algorithm are applied
to each binary digit in a data stream
one bit at a time. This method is not much used
in modern cryptography. The main alternative method
is block Cipher in which a key and algorithm are applied to block of data rather than
individual bits in a stream. Okay. So now that we've spoken
about block Cipher let's go and actually explain what block Cipher does a block Cipher
is an encryption method that A deterministic algorithm for the symmetric key
to encrypt a block of text rather than encrypting
one bit at a time as in stream ciphers.

For example, a common block
Cipher AES encryption 128-bit blocks with a key
of predetermined length. That is either 128 192
or 256 bits in length. Now block ciphers are pseudo-random
permutation families that operate on the fixed size
of block of bits. These prps our function that cannot be
differentiated from completely random permutation and thus are A reliable
and been proven to be unreliable by some Source. Okay. So now it's time that we discussed
some asymmetric cryptography. So asymmetric cryptography also known as public key cryptography
is any cryptography system that uses pair of keys, which is a public key
which may be disseminated widely and private Keys which are known
only to the owner.

This accomplishes
two functions authentication where the public key verify is that a holder of the paired
private key send the message and encryption where only
the paired private key holder. Decrypt the message encrypted with the public key and
a public key encryption system. Any person can encrypt a message
using the receivers public key that encrypted message
can only be decrypted with the receivers private key. So to be practical the generation of public
and private key pair must be computationally
economical the strength of a public key
cryptography system relies on computational efforts
required to find the private key from its paid public key. So effective security only requires keeping
the private key private and the public key
can be a openly distributed without compromising security. Okay. So now that I've
actually shown you guys how cryptography actually
works and how the different classifications
are actually applied. Let's go and do
something interesting.

So you guys are actually
watching this video on YouTube right now. So if you guys actually go and click on the secure part
besides the URL you can actually go and view
the digital certificates that are actually used out here. So click on certificates and you'll see the details
in the details. Up. Now as you guys can see
the signature algorithm that is used for actually securing YouTube
is being shot 256 with RSA and RC is a very very
common encryption algorithm that is used throughout the internet then
the signature hash algorithm that is being used is sha-256. And the issue is
Googling internet Authority and you can get
a lot of information about sites and all
their Authority Key identifiers or certificate policies
the key usage and a lot of thing about security just from
this small little button audio. Also, let me show you a little how public key
encryption actually works. So on the side, which is basically
cobwebs dot CSV or UGA dot edu. You can actually demo out
public key encryption. So suppose we had to send
a message first we would need to generate keys. So as you can see, I just click generate keys
and it got me two keys, which is one is the public key, which I will distribute
for the network and one.

Private key which I will
actually keep secret to myself. Now. I want to send a message
saying hi there. When is the exam tomorrow? So now we are going to encrypt
it using the public key because that's exactly
what's distributed. So now as you can see we
have got our ciphertext saw this huge thing right
out here is ciphertext and absolutely makes no sense
whatsoever now suppose we were to actually then decrypt the message we
would Would use the private key that goes along with our account
and we would decode the message and as you guys can see
voila we have hi there when the exam tomorrow. So we are actually
sent a message on the internet in a very
secure fashion above that. There's also our essay
that needs some explaining because I had promised
that to now RSA is a very very commonly used algorithm that is used
throughout the internet and you just saw it
being used by YouTube.

So it has to be common. So RSA has a very unique way
of applying this algorithm. There are many actual parameters that you actually
need to study. Okay. So now we're actually
going to discuss Odyssey, which is a very popular
algorithm that is used for of the internet. And you also saw that it's being used
by YouTube right now. So this cryptosystem is one
of the initial system. It remains most employed
cryptosystem even today and the system was invented
by three Scholars, which is Ron rivest ADI
Shamir and Len adleman hence the name RSA and we
will see the two aspects of the RSA cryptosystem.

Firstly generation of key pair and secondly encryption
decryption algorithms. So each person or a party who desires to participate in communication using
encryption needs to generate a pair of keys namely
public key and private key. So the process followed
in the generation of keys is as follows first, we have to actually calculate n now n is actually given
by multiplying p and Q as you guys can see out here. So p and Q are supposed to be
very large prime numbers so out here P will be 35, but Are some very
strong encryption we are going to choose very
large prime numbers. Then we actually have
to calculate Phi L Phi is you can see the formula
goes is p minus 1 into Q minus 1 and this
helps us determine for the encryption algorithm.

Now, then we have to actually calculate e now he
must be greater than 1 and less than Phi which is p minus 1 into Q minus 1 and there must be
no common factors for e + 5 except for one. So in other words, they must be co-prime
to each other. Now to form the public key
the pair of numbers n and E from the RSA
public Key System.

This is actually made public
and is distributed throughout the network
interestingly though, N is a part of the public key
and the difficulty in factorizing a large
prime number ensures that the attacker
cannot find in finite time. The two primes that is p and Q that is used to obtain n this
actually ensures the strength of RSA now in the generation
of the private key. The private key D is It from p q
and E for given n and E. There is a unique number D. Now. The number D is the inverse
of B modulo 5.

This means that D is a number
less than five such that when multiplied by E. It gives one. So let's go and actually
fill up these numbers. So n should be 35 out Hill and if we generate them
we get the value of V, which is 24, which is basically 4 into 6, and then we should also get It's
now he should be co-prime. So we are going to give it 11
as 11 is co-prime to both. So now for the actual encryption
part we have to put in p and N out here so he out here for us is 11 and N is 35 and then we
are going to pick a letter to actually Cipher which is a and then we're going
to encode it as a number. So as you guys can see
we've encoded as one and out here now. After we've given the message
it's numerical form. We click on encryption and we get it now to actually
decrypt the message. We are going to need d
and n now D for us was 5 and N was 35 so 5 and 35 and then we're going
to take encrypted message from above and we're going
to decrypt this message.

So after you decrypt it, we have the numerical form
of the plaintext and then decode the messages
click here decode messages. And as you guys can see we have
decoded the message using RSA. So guys that's
how I receive Oaks. I explained all the factors that we actually use
in our essay from n25 to e to D. And I hope you understood
a part of it if y'all are still more interested y'all can
actually research a lot on our say it's a very
in-depth cryptography system p and N now D for us was 5
and N was 35 so 5 and 35. And then we're going
to take encrypted message from above and we're going
to decrypt this message. So after you decrypted we
have the numerical form of the plaintext and then decode the messages
click here decode message.

And as you guys can see we have
decoded the message using RSA. So guys, that's
how I receive books. I explained all the factors that we actually use
in our essay from n25 to e to D. And I hope you understood
a part of it. If y'all are still more interested y'all can
actually research a lot on our say it's a very in-depth
cryptography system just as pollution was a side effect
of the Industrial Revolution. So are the many
security vulnerabilities that come with the
increase internet connectivity cyber attacks are exploitations of those vulnerabilities
for the most part individuals and businesses have found ways
to counter cyber attacks using a variety of security measures. And just Good Old Common Sense. We are going to examine eight of the most common
cyber security threats that your business could face
and the ways to avoid them. So before we actually
jump into the session, let me give you how the session
will actually work. We are going to discuss
the most 8 common cyber threats. We're going to discuss
in particular what they are how the threat works
and how to protect yourself.

Okay. So now let's jump in now cyber attacks
are taking place all the time. Even as we speak the security of
some organization big or small. All is being compromised. For example, if you visit this site out here
that is threat Cloud. You can actually view
all the cyber attacks that are actually
happening right now. Let me just give you
a quick demonstration of how that looks like. Okay, so as you
guys can see out here, these are all the places that
are being compromised right now. The red Parts actually
show us the part that is being compromised
and the yellow places actually show us from where
it's being compromised from. Okay, as you guys can see now that someone from Madeline's
is actually attacking this place and someone from USA
was attacking Mexico. It's a pretty interesting site and actually gives you a scale
of how many cyber attacks are actually happening
all the time in the world.

Okay now getting back I think
looking at all these types of cyber attacks. It's only necessary that we educate ourselves
about all the types of cyber threats that we have. So these are
the eight cyber threats that we're going to be
discussing today firstly. We're going to start
off with malware. So malware is
an all-encompassing term. Or a variety of cyber attacks
including Trojans viruses and worms malware
is simply defined as code with malicious intent that typically steals data or destroy something
on the computer. The way malware goes about doing
its damage can be helpful in categorizing what kind
of malware you're dealing with.

So let's discuss it. So first of all viruses like
the biological namesakes viruses attach themselves to clean files and infect other clean files
and they can spread uncontrollably damaging
a systems core functionality. I'm deleting or
corrupting files. They usually appear
as executable files that you might have downloaded
from the internet. Then there are also Trojans. Now this kind of malware disguises
itself as legitimate software or is included in legitimate
software that can be tampered with it tends to act discreetly
and creates back doors in your security to let
other malware sin. Then we have worms worms. In fact entire networks
of devices either local or across the Internet by using
the Network's interfaces. It uses each consecutive
infected machine. To infect more and then
we have botnets and such where botnets are networks
of infected computers that are made to work together under the controller
of an attacker. So basically you
can encounter malware if you have some OS
vulnerabilities or if you download some legitimate
software from somewhere or you have some
other email attachment that was compromised with Okay.

So how exactly
do you remove malware or how exactly do you
fight against it? Well, each form of malware
has its own way of infecting and damaging computers and data and so each one requires a different
malware removal method. The best way to prevent malware
is to avoid clicking on links or downloading attachments
from unknown senders. And this is sometimes done by deploying a robust
and updated firewall which prevents the transfer
of large data files over the network in a hope
to be doubt attachments that may contain malware. It's also important
oughtn't to make sure your computer's operating system whether it be Windows Mac
OS Linux uses the most up-to-date security updates and software programmers
update programs frequently to address any holes
or weak points, and it's important to install
all these updates as well as to decrease
your own system weaknesses.

So next up on our list of
cyber threats we have fishing. So what exactly is fishing well often posing as
a request for data from a trusted third
party phishing attacks are sent via email and ask Those to click on a link and enter their personal
data phishing emails have gotten much more sophisticated
in recent years and making it difficult for some people to discern
a legitimate request for an information from a false one now
phishing emails often fall into the same category as
spam but are way more harmful than just a simple ad so how exactly
does fishing work. Well most people associate
fishing with email message that spoof or mimic Bank
credit card companies or other Genesis
like Amazon eBay and Facebook these messages look
at entik and attempt to get victims to reveal
their personal information.

But email messages are only one small piece
of a phishing scam from beginning to end
the process involves five steps. The first step is
planning the Fisher must decide which business
to Target and determine how to get email addresses for the customers
of that business. Then they must go
through the setup phase. Once they know which business
to spoof and who their victims are fissures create methods
for Living the messages and collecting the data then
they have to execute the attack. And this is the step. Most people are familiar
with that is the fishes and the phony message that appears to be
from a reputable Source after that the Fisher records the information the victims
enter into the web page or pop-up windows
and in the last step, which is basically identity
theft and fraud the Fisher's use the information they've gathered
to make illegal purchases or otherwise commit fraud and as many as 1/4 of
the victims never fully recover.

So how exactly can Can you
be actually preventing yourself from getting fished? Well, the only thing
that you can do is being aware of how phishing
emails actually work. So first of all, a phishing email has
some very specific properties. So firstly you
will have something like a very generalized way of addressing someone liked
your client then your message will not be actually from a very
reputable source so out here as you can see it's written
as Amazon on the label, but if you actually inspect
the email address that Came from its from management
at Maison Canada dot C A which is not exactly
a legitimate Amazon address. Third. You can actually hover
over the redirect links and see where they actually redirect you
to now this redirects me to www.facebook.com zone.com as you can see out here. So basically, you know, this is actually a phishing
email and you should actually report this email
to your administrators or anybody else that you think is supposed
to be concerned with this also.

Let me give you guys
a quick demonstration. Chinon how fishing actually
works from the perspective of an attacker. So first of all, I have actually created
a phishing website for harvesting Facebook credentials. I simply just took
the source code of the Facebook login page and paste it and then made
a back-end code in PHP which makes a log file
of all the Facebook passwords that get actually entered
onto the fishing page now.

I've also sent myself an email. As to make sure
this looks legitimate, but this is only
for spreading awareness. So please don't use
this method for actually harvesting credentials. That's actually a very
legal thing to do. So, let's get started. First of all, you will go
to your email and see that you'll get some emails
saying your Facebook credentials have been compromised. So when you open it,
it looks pretty legit. Well, I haven't made
it look all that legit. It should look legit. But the point out here is
to actually make you aware of how this works.

So as you guys can see
it says Dear client we have strong reasons to believe that your credentials
may have been compromised and might have been used
by someone else. We have locked
your Facebook account. Please click here
to unlock sincerely Facebook associate Dean. So if we actually click here, we are actually redirected
to a nice-looking Facebook page, which is exactly how Facebook looks like when
you're logging in now suppose. I were to actually log
into my Facebook account, which I won't I'll just
use some brand my Like this is an email addres
gmail.com and let's put password as admin 1 2 3 and we click login now since my Facebook is actually
already logged in it will just redirect to facebook.com and you might just see me logged
in but on a normal computer is just redirect you
to www.facebook.com, which should just
show this site again. Okay. So once I click
login out here all that the backend code
that I've written in PHP. PHP out here will do is that it's going to take
all the parameters that have entered
into this website.

That is my email address and the password and just
generate a log file about it. So let's just hit
login and see what happens. So as you guys can see
I've been redirected to the original Facebook page that is not meant for fishing
and on my system audio. I have a log file and this log file
will show exactly as you can see are fished
out the email address. This is an email addres gmail.com and it's also
showed the password. That is admin one two three. So this is how exactly fishing
works you enter an email address and you're entering
the email address on a phishing website. And then it just redirects you
to the original site.

But by this time you've already
compromised your credentials. So always be careful
when dealing with such emails. So now jumping back to our session the next type
of cyber attacks. We're going to discuss
is password adducts. So an attempt to obtain or decrypt a user's password for illegal use is exactly
what a password attack is Hackers can use cracking
programs dictionary attacks and passwords Nippers and password attacks
password cracking refers to various measures used
to discover computer passwords. This is usually accomplished
by recovering passwords from data stored
in or transported from a computer system password
cracking is done by either repeatedly guessing
the password usually through a computer algorithm
in which the computer tries numerous combinations. Nations under the password
is successfully discovered now password attacks can be done
for several reasons, but the most malicious reason is in order to gain
unauthorized access to a computer with the computers owners
awareness not being in place.

Now this results in cyber crime such as stealing
passwords for the purpose of accessing Bank information. Now today, there are
three common methods used to break into
a password-protected system. The first is a Brute
Force attack a hacker uses a computer program or script to try
to login with possible. Odd combinations usually
starting with the easiest to guess password. So just think if a hacker
has a company list he or she can easily guess usernames. If even one of the users
has a password one, two, three, he will quickly be able to get in the next
our dictionary attacks. Now a hacker uses a program or script to try to login bicycling
through the combinations of common words in contrast
with Brute Force attacks where a large proportion key
space is searched systematically a dictionary attack tries
only those possibilities which are most
likely to succeed.

Typically derived
from a list of words, for example a dictionary
generally dictionary attacks succeed because most people have
a tendency to choose passwords which are short or such as single words found
in the dictionaries or simple easy predicted
variations on words such as a pending a digit or so. Now the last kind of password attacks are used
by keylogger tax hacker uses a program to track all
of the users keystrokes.

So at the end of the day
everything the user has typed including the login IDs and
passwords have been recorded. Added a keylogger attack
is different than a brute force or dictionary attack
in many ways not the least of which the key logging program
used as a malware that must first make it
onto the user's device and the keylogger attacks
are also different because stronger passwords don't provide much
protection against them, which is one reason that multi-factor authentication
is becoming a must-have for all businesses
and organizations. Now, the only way to stop
yourself from getting killed in the whole password
attack conundrum is by actually practicing
the Best practices that are being discussed in the
whole industry about passwords. So basically you
should update your password. Regularly. You should use alphanumerics in your password and you
should never use words that are actually
in the dictionary.

It's always advisable
to use garbage words that makes no sense for passwords as a just
increase your security. So moving on we're going
to discuss DDOS attacks. So what exactly is a DDOS
or a Dos attack? Well, first of all, it stands for distributed denial
of service and a Dos attack focuses on disrupting
the service to a network as the name suggests attackers and high volume of data
of traffic through the network until the network
becomes overloaded and can no longer function. So there are a few
different ways attackers can achieve dos attack, but the most common is the distributed
denial-of-service attack. This involves the attacker
using multiple computers to send the traffic or data that will overload the system
in many instances a person may not even realize that his or her computer
has been hijacked and is contributing to the Dos attack
now disrupting Services can have serious consequences
relating to security and online access many instances of large-scale Dos attacks
have been implemented as a single sign of protest
towards governments or individuals and have led to severe punishment
including major jail time.

So, how can you Prevent
dos attacks against yourself. Well, firstly unless
your company is huge. It's rare that you would be even
targeted by an outside group or attackers for
a Dos attack your site or network could still
fall victim to one. However, if another organization
on your network is targeted now the best way to prevent
an additional breach is to keep your system as
secure as possible with regular software updates
online security monitoring and monitoring of your data flow
to identify any unusual or threatening spikes in traffic before they become a problem. Dos attacks can also
be perpetrated by simply cutting a table
or dislodging a plug that connects your website
server to the Internet so due diligence
in physically monitoring. Your connections is
recommended as well. Okay. So next up on our list
is man-in-the-middle attacks. So by impersonating the endpoints in an online
information exchange the man in the middle attack can obtain
information from the end user and the entity he or she is communicating
with for example So if you are Banking online the man in the middle
would communicate with you by impersonating your bank and communicate with the bank
by impersonating you the man in the middle would then
receive all of the information transferred between both parties which could include sensitive
data such as bank accounts and personal information.

So how does it exactly
work normally an MI t– M gains access through an unencrypted
wireless access point which is basically one that doesn't use WEP WPA or any
of the other security measures. Then they would have
to access all the information being transferred between both parties by actually spoofing something called
address resolution protocol. That is the protocol that is used when you
are actually connecting to your gateway
from your computer. So how can you exactly prevent
MIT am attacks from happening against you firstly you have
to use an encrypted W AP that is an encrypted
wireless access point next. You should always
check the security of your connection because when somebody is actually trying
to To compromise your security. He will try to actually
strip down the HTTP or hsts that is being injected
in the website, which is basically
the security protocols. So if something like this HTTP is not appearing
in your website, you're on an insecure website
where your credentials or your information
can be compromised and the last and final measure that you can actually
use is by investing in a virtual private Network which spoofs your entire IP and you can just
browse the internet with perfect comfort.

Next up on our list
is drive-by downloads. So Gone are the days where you had to click
to accept a download or install the software update in order to become infected now just opening
a compromise webpage could allow dangerous code
to install on your device. You just need to visit or drive
by a web page without stopping or to click accept any software at the malicious
code can download in the background to your device
a drive-by download refers to the unintentional download
of a virus or malicious. Software onto your computer or mobile device
a drive-by download will usually take advantage or exploit a browser or app
or operating system that is out of date
and has security flaws. This initial code that is downloaded is
often very small and since its job is often simply
to contact another computer where it can pull down
the rest of the code onto your smartphone tablet or other computers often
a web page will contain several different types
of malicious code in hopes that one of them will match
a weakness on your computer.

So What is this exactly what
But first you visit the site and during the three-way
handshake connection of the TCP IP protocol a back
in script is triggered. As soon as a connection is made
by Al the last ack packet is sent a download
is also triggered and the malware is basically
injected into your system. Now the best advice I
can share about overriding drive-by downloads is
to avoid visiting websites that could be considered
dangerous or malicious. This includes adult content
file sharing websites, or Anything that offers you
a free trip to the Bahamas Now some other tips to stay protected include
keep your internet browser and operating system up-to-date
use a saved search protocol that once you went to navigate to a malicious site and use
comprehensive security software on all your devices
like McAfee all access and keeping it up to date.

Okay, so that was it
about drive-by downloads. Next up is Mal advertising
or malvert izing. So malvit sizing is the name
we in the security industry give to criminally
Android advertisements which intentionally, in fact people and businesses. These can be any ad on any site often ones
which you use as a part of your everyday internet usage
and it is a growing problem as is evident
by a recent US Senate report and the establishment of bodies like trust and ads now whilst
the technology being used in the background is
very Advanced the way presents to the person beings infected
is simple to all intents and purposes the advertisement
looks the same. Same as any other
but has been placed by criminal like you can see
the mint at out here.

It's really out of place. So you could say it's been made
by a criminal now without your knowledge
a tiny piece of code hidden deep in the advertisement
is making your computer go to the criminal servers
these and catalog details about your computer and its location before choosing which piece
of malware to send you and this doesn't need
a new browser window and you won't know about it. So basically you're redirected
to some criminal server. Neither injections takes place
and voila you're infected. It's a pretty dangerous
thing to be in. So how exactly can you
stop ma advertising. Well, first of all, you need to use
an ad blocker, which is a very must
in this day and age you can have ad blocker extensions
installed on your browser whether it be Chrome Safari or Mozilla also regular
software updates of your browser and other softwares that work very fertile
to your browser always helps and next is some common sense.

And yeah, Advertisement
that is about a lottery that's offering you free money
is probably going to scam you and inject malware to so now we click on those ads. So the last kind
of cyber attacks. We are going to discover
today and discuss about is Rogue software. So Rogue security software is
a form of malicious software and internet fraud that misleads
users into believing that there is a virus
on their computer and manipulates them
into paying money for a fake malware removal tool. It is a form of scare
where that money. Lets users through fear and a form of ransomware rock
security software has been a serious security thread
in desktop Computing since 2008. So now how does a rogue
security software work these cams manipulating users in to download the program
through a variety of techniques. Some of these methods
include ads offering free or trial versions of Security Programs
often pricey upgrades or encouraging the purchase
of deluxe versions, then also pops warning that your computer
is infected with the virus which encourages you to clean.

It by clicking on the program and then manipulated
SEO rankings that put infected website as the top hits when you search these links then
redirect you to a landing page that seems your
machine is infected and encourages you a free trial
of the Rogue security program. Now once the scareware is installed it can steal
all your information slow your computer corrupt
your files disable updates for Less timet
antivirus softwares or even prevent you from visiting legitimate
security software vendor sites. Well talking about prevention. The best defense
is a good offense. And in this case
and updated firewall makes sure that you have a working
one in your office that protects you and your employees
from these type of attacks. It is also a good idea
to install a trusted antivirus or anti-spyware software program that can detect
threats like these and also a general level
of distrust on the internet and not actually believing
anything right off. The bat is the way
to go teen is infected and encourages you a free trial
of the Rogue security.

Program now once the scareware
is installed it can steal all your information slow
your computer corrupt your files to siebel updates for Less timet antivirus
softwares or even prevent you from visiting legitimate
security software vendor sites. Well talking about prevention. The best defense
is a good offense. And in this case
and updated firewall makes sure that you have a working one
in your office that protects you and your employees
from these type of attacks. It is also a good idea
to install a trusted antivirus or These fiber software program that can detect
threats like these and also a general level
of distrust on the internet and not actually believing
anything right off.

The bat is the way
to go the key word of this video is
ethical hacking course, but in reality, it's just an expansive video
on the fundamentals of ethical hacking. There is no such thing as an ethical hacking
course to be honest because snow course can teach you a discipline like
ethical hacking all the best that you can do and creating content
for ethical hacking is that you can tell people about the fundamentals
are followed in this discipline. Okay. Now before we start
let me just give you a general idea of the topics that I intend to cover
throughout this video. Okay now to be honest, we're going to cover a pretty
broad range of material. We are first we're going
to be going over footprinting and recognitions
where you get an idea. What's involved in
the ethical hacking engagement that you're working on and information about the Target that
you're engaged with? Then we're going to talk
about networking fundamentals and here we're going to get
our hands dirty with buckets and the understanding of dcpip at a deeper level
and also understanding how the different protocols work
and why they work that way now.

We are also going
to be talking about cryptography where we talk about different
cryptography key ciphers. We're going to deal
with web encryption to SSL and And TLS we are also going
to talk about certificates and the creation of certificates and how they actually operate we will also talk
about public key cryptography and we are also scanning
an enumeration so nmap and dealing with Windows servers and using SNMP and ldap
and all that sort of stuff. Then we're going to be
talking about penetration where we deal
with different ways of getting into systems and also
go over using Metasploit, which is an exploit framework, and we're going to talk
about how to Use Metasploit and you actually
get in the systems and make use of the exploits that they have then we're going
to talk about malware's viruses and worms and rootkits and all
of that sort of stuff.

We're going to take a look
at the different pieces of malware and how you
would pull that apart in order to understand what is doing and potentially make use of that malware during
an ethical hacking engagement. Then we're going to talk
about different types of denial of service attacks
or dos attacks and the difference
between a denial-of-service attack and Distributed
denial-of-service attack, and there is a difference there. So we're going to go
over this docks now. We're also going to go
over web application hacking and the types of tools that you would use during web application hacking and
the different vulnerabilities that web applications have and how to make use
of these exploits and those vulnerabilities.

We're going to talk
about Wireless networking how to probe wireless networks what wireless networks are doing and how to secure
wireless networks. We're also going to talk about a little bit
about detection vation. And to be honest with you, the direction of Asian kind
of comes up in a lot of different areas
through the many of the topics that were also going to talk about
programming programming tax and how to protect oneself
against programming attacks. Okay. So that was the number of topics that we are actually going
to cover through this video. Now the approach that I'm going to be taking
in the series of videos is whenever possible. We're going to be going
to use a Hands-On approach. So we're going to show you
the actual All tools I'm going to make use of and the tools
to do some sort of demonstration and how they actually work. I am a big believer in getting your hands dirty as
the best way to learn anything.

So as we go through
the series of videos, I strongly encourage you
to get access to the tools that I'm going to
be demonstrating wherever possible and dig in and get
your hands dirty along with me and there are places where we're going to be going
over some theoretical material and I'm not a big fan
of PowerPoint slides, but That are necessary evil and order to convey
certain types of information.

So wherever possible I'm going
to minimize their use, but you will run across places where they're just a necessity
and we're going to have to go through some slides where in order to get
some particular points across they are primarily
of a theoretical nature. So that's the process
that we will be taking through this video
and I hope you have fun as you go along the way. Okay. So let's begin now
the first topic that we're going to tackle is
what What is hacking? Okay, so let us take a trip to the early days
of hacking the start with now the internet
engineering task force is responsible for maintaining
documentation about protocols and very specification
and processes and procedures regarding anything
on the internet. They have a series of documents
called the request for comments or the rfc's and according
to RFC one three eight nine.

It says a hacker is a person who Delights in having
and Intimate understanding of the internal workings
of a system computers and computer networks in particular while
the expression hackers may go back a long time and have many different
connotations are definitions. As far as computers. Go. Some of the earliest
hackers were members of the tech Model Railroad Club at the Massachusetts
Institute of Technology and what those people did
and the various things that they did and were involved
in a detailed and Steven Levy's book called hackers
for Our purposes now for our purposes
would be talking about other types of hackers. Although the spirit of
what we do goes back to those early days. Now, the definition of hacking or hackers has changed
particularly in the 1980s and in part as a result
of a couple of people namely Robert T Morris
who was a Cornell graduate who Unleashed a
piece of software that was called a worm on
what was an early version of the internet Forum went
on to cause a lot of damage and create a lot of downtime
on Systems across the country and across the world.

Now the Morris worm did end up
resulting in something good. However, that is
computer Emergency Response Team at Carnegie Mellon
was created primarily in response to the mall swarm. Now, there's also Kevin mitnick
was another well-known hacker who was responsible
for various acts of computer crime
over a couple of decades. He was the first
convicted in 1988. So the definition of hacker
or hacking move from something benign to something
far more sinister.

In popular culture now, we see hacking or hackers
in all sorts of popular culture. We've seen them in hacker movies called War Games also
the movie hackers. Of course. You also see in The Matrix
movies where you can see if you look really closely that they are using
a tool called nmap, which we will get into the use
of in great detail later on as we go on now. It's the movie sneakers
and the movie SWAT fish and on television in other Into other places
you can see the agents at NCIS regularly doing
things like cracking complex cryptography in just
a matter of seconds or minutes. So what is hacking really well hacking is about
a deep understanding of something particularly with relation to
computers and Computing.

It's also about exploring and
the joy of learning new things and understanding
them very clearly and being able to manipulate
those things in ways that maybe other people
haven't before it's all about digging into problems. To find out Solutions
in creative and interesting ways and sometimes finding problems where there weren't
problems previously and that's a little bit
about what is hacking. Okay. So now that we have talked
about what exactly is hacking and how the meaning and conditions of that word
has changed over time how it came into existence
how it was coined. Let's go over the reasons
that people normally hack. Now you may want
to hack just for fun as discussed previously
hacking is a tradition. It goes back several decades at MIT even preceding
the computer too late definition of hacking now MIT has a long
and storied history of hacking and sometimes have
a computer to lated nature which in this case
happens to be true and sometimes a fan on computer-related
nature instance.

Now here you can see that MIT is home page
has been hacked or you might even say
the faced indicate that Disney is buying a mighty. This was an April Fool's
Day prank and 1998. Eight. And again, this is just
the kind of hacking that it would do for fun. Rather. Now. Sometimes you might want
to hack just to prove a political point or any point
for that matter in this case.

Again, Bill Gates had donated
some money to the MIT which allowed them
to have a new building and he was coming
to MIT to visit and give a talk
about Microsoft Windows and its systems. And as you can see the the
Windows systems are installed in the entryway at the Or hacked to be running Linux
instead and you can see here. That ducks. The penguin is saying welcome to the William Edge
Gates Building again that some students who decided that they wanted to make a point
about Linux and Microsoft and windows to Bill Gates and they thought hacking was
the best way to go about it. Sometimes you have just
for the challenge. Here's an example again at MIT where some students turned
the facade of a building into a Tetris game board. Now, this was
a reasonably difficult hack and the students went after it just for the challenge
of completing it and it just so they could have
some pride of ownership and to be able to say that they were able
to pull this off, you know, the things
that teenagers do to show off to other teenagers.

It just increases with increase in scale now in spite
of its difficulties and its challenges and all
the obstacles and planning that have to go into it. They were able to pull it off and now they have
those bragging rights. So that was one Them and one
of the instances where somebody would hack just for the challenge and
for the fun of it. Now, sometimes you want
to hack to prevent theft and this is where we get more specifically in
the computer-related hackings. You see a lot of Articles
and stories in the news over the last few
years about cybercrime and here is an example
of data theft compromised and a few than
one-and-a-half million cards for Global claimants. So there are some attackers who got into this
company global payment and they were able to pull
out about a million and a half credit card numbers
during the intrusion there.

So what you may want to do
is you may want to learn how to hack in order
to find these holes in your systems or applications
or employer systems so that you can fix these holes
and prevent these compromises from happening because of
the reputation of hit that your company takes where were things
like these happen. You have the risk of completely
running out of business. So just to protect
our job to protect Company and protect your own
desire of business. You may just want
to learn to hack and that's a very good reason. Now, you may also want
to find all the problems that exist in your system for putting them out
and deploying them so that you can keep
these attackers from getting in and stealing critical
or sensitive information. Sometimes you may want to hack
to get there before the bad guys and the same sort
of idea is the last one where we're just going to talk
about and it exactly is ethical hacking now.

We were just talking Talking
about how sometimes you may want to hack into your own system before publishing it
out to the public. Let's take Internet Explorer. For example. Now Internet Explorer was
actually published the public with some critical
error in the code. And these flaws were heavily
exploited by people who actually found them. Now a number of people
in the world go out looking for these flaws and they call themselves
security researchers and they get in touch
with the vendors after they found a flaw
or a bug and work. The vendors to get it fixed what they end up with is
a bit of reputation. They get a name for themselves and that name recognition
may end up getting them a job or some speaking engagements
or book deal or any number of ways
that you could cash in on some name recognition
from finding the sort of bugs and getting them fixed. If you want to get there
before the bad guys. You may think you're
helping out a vendor. You may want to just
make a name for yourself. If you want to find
these sort of bugs before the bad guys do because think about the bad guys finding then is they
don't announce them and they don't get them fixed and that makes everybody
a little less secure.

Finally may want
to protect yourself from hacked computer companies
and fight cyber criminals, and this is new headline
from June 18 2012, and we're starting
to see these sort of news headlines show up as companies are starting
to retaliate against attackers in order to retaliate
against attackers. Now in order to
retaliate against Dockers, you need to be able
to The same sort of skills and techniques
and knowledge and experience that those attackers have and where your company
may want you to learn to hack or the company may want
to bring in people who are skilled
at these sort of activities so that they can
attack the Dockers and hopefully you end up
with more Steely exterior and you get a reputation
for not being a company that people wanted to go
after those are several reasons. And there you go. I gave you around a bunch of reasons as to why
you may want to hack. Back for fun prove a point take
yourself to protect the company to not run out of business and along with another
bunch of reasons. Okay. So now that we have talked about
why you would want to hack.

Let's move on to the types
of hackers that exist. Now we're going to be talking
about the different types of hacking and the first
step of Hawking that I want to discuss
is ethical hacking and ethical hackers, which is really what we're going to be talking
about for the rest of these lessons now
an ethical hacker is Buddy who thinks like
a black hat hacker or things like somebody who is intent on breaking
into your systems but follows a moral compass that's more in line
with probably the majority of the population. So their intent isn't to do
bad things their intent is look for bad things
and get them fixed. So that bad things don't happen
ethical hackers aren't out to destroy anything
and they're not out the break anything unless it's deemed
to be acceptable as a part of the engagement
and also necessary.

And in order to demonstrate
a particular vulnerability to the organization that
they're working with so that's an ethical hacker and there's a certification that's available
from the ec-council. It's a certified ethical
hacker and you know, if you find
certifications valuable and this sort of thing is
what do you want to do? We're seeing a set
of certified ethical hacker may be something you
might want to look into now. Let's talk about
black hat hacker. There's a plenty of cases
of black hat hackers through yours and
let's talk about a guy. In particular called
Kevin mitnick. This guy right here
is a particularly good example probably because he was a black hat
hacker for a lot of us years. His goal was to cause
mischief to steal where necessary and just
to be engaged in the lifestyle of being a hacker and doing whatever was necessary to continue doing
whatever it craw doing whatever he was doing it
cross moral boundaries or ethical boundaries. And so Kevin mitnick here was
involved for well over a decade and computer crime and was finally
picked up by the FBI and he was charged and prosecuted and he
was eventually convicted of some of the activities
that he was involved with now you may be able to argue
that Kevin is a gray hat hacker and as well and a gray
hat hacker is somebody who kind of skirts the line between black
and white hat Hawking and white had Hawking
is really what an ethical hacker is so instead
of saying ethical hacker.

You could say white hat hacker. It's the same idea of white hat hacker is somebody
who acts for good if you Think of it like that if you want to think
of it as a good versus evil and what they're really
doing is they're in it for the technical challenge. They're looking to make
things better make things more efficient improve them
in some way on the other hand. The black hat hacker is out
for the money for the thrill. It's really criminal activity and a gray hat hacker is
somebody who may employ the tactics and technique
of a black hat hacker, but have sort of a white hat focus in other words
they're going to do Do things that may be malicious
and destructive in nature, but the reason they're doing
it is to improve the security posture
of an organization that they're working with so you can see there's actually a book
called gray hat hacking. It's a pretty good book
and it details a lot of the tactics and strategies and techniques will be going
over in subsequent lessons in this video.

Now one other type of hacking that I want to talk about is
a thing called hacktivism and you'll find hacktivism
all over the place and Example in the last year or so and certainly in recent
memory is called loves security. Yeah, you heard that right? It's called loves security
and you can argue that lulls is actually
a response to another type of activism and
organization called Anonymous started hacking companies like Sony to protest
their involvement in a lawsuit regarding a PlayStation
3 hacker now allow security was supposedly testing
the treatment of anonymous or was hacking in support
of this group Anonymous, so they hacked number. Of companies and the things like
pulled information usernames and passwords from the databases
at these companies and they said that the reason was to shine
a light on the security of these companies and also theoretically
embarrassed the companies with their weak
or poor security postures and the problem with that that they were doing this
through were posting information that they had found online and that information
often included details about customers for
these particular corporations.

And for an ethical hacker
a white hat hacker that would cross the boundary. Of causing harm. So there's no reason for me as an ethical hacker
to post information in a public forum about somebody because I could be doing
damage to them. But in this case law security
and Anonymous specifically lot of security were engaged
in the form of hacktivism and what they were doing
was not only damaging to the corporation that certainly was detrimental to those people so
different types of hackers and different types
of hacking we've got ethical or white hat hacking.

You've got black hat gray hat
and then we finally got Mmm, it's really the goal and the means that vary
from one to the other. Okay. So now that we've discussed
the types of hackers. Let's also discuss the skills
necessary to become one. So what we're going to discuss in this part are
the different skills that are required or will be learned as
a part of this video.

So initially just for basic Computing you
need a basic understanding of operating systems
and how to work them. There are going to be several
fundamental types of tasks that I won't be going
into any detail at all or and you need to know
how to run programs. And do things like open
up a command prompt without me walking you
through and how to do that. So I am going to assume that you have some basic
understanding of how to do these sorts of tasks.

Also, you need an understanding
of the basic system software and you'll need a basic
understanding of how to use command line utilities. There are a number
of tools and programs that we're going to be going
through this video and many of them use
the command line now whether it's on Windows or Linux still need
to be familiar with typing and being able to run programs
from the command line and the various command
line switches and parameters that those programs are types of programs are going to use now
from a networking perspective. You need a basic understanding of some simple
networking Concepts. You need to know
what cables are and switches and hubs and how systems
are networked together.

You don't really need
a deep level of understanding. I'll be going
through some protocols as reasonably deep level because I think
it's important as an ethical hacker to understand what's going on
at the protocol level so that you can know
better what you are. Going and how to achieve
the goals and tasks that you have before you so
we're going to be going over some protocols. So just understanding
what protocols are and how they go together.

They all sort
of things are necessary from a networking perspective. Now, we're going to also be
learning a bunch of life skills. Yes, there are some life skills
that it's important to have. I think the most important one
is the ability to accept failure and persevere and by that. I mean you're going to be just
running across several things that just don't work
the first time around and it's going to take
a little bit of time and stick-to-itiveness to plug
away and keep going until you get something to work.

And the way that you get
things to work is having an ability to problem solve and sometimes solving
problems requires being a little creative. Sometimes you need
thing out of the box and come out a problem from a different perspective
in order to find a solution throughout the course
of this video. You're going to run
across a lot of sticky problems through the course of learning
about being an ethical hacker and just doing the work. Because it's not a simple. So here's a little recipe for
how to do this now go follow this recipe every time and
you're going to be successful. Every situation is different. Every system is different. You're going to run across
some pretty sticky problems and you're going to have to just
wait and get your hands dirty and keep failing and failing
and failing and failing until you find a way to succeed. So I think those skills are
very necessary to learn how to be an ethical hacker
digging through some of the material
that will be going over in this.

Yo, as far as what you
are going to be learning you're going to be learning
about how to use a lot of tools. You're going to learn
networking and by that. I mean we're going to be talking
about different Protocols are evolved involved
in networking systems together, you're going to learn
about security and security postures security is the heart
and soul of ethical hacking. It's why we do ethical hacking in order to make systems
and networks more secure than they were previously.

That's the goal
from a networking perspective. We're going to be talking
about how to read packets from Network captures. You're going to be going
into TCP IP related protocols and fairly significant amount of detail and they're
going to understand how protocols interact
with one another. So we're going to do all that and the reading packets
is going to be really important and we're going to do
a fair amount of that in addition to just
fundamental approach to learning how to read packets
in several lessons. We're going to read packets
as a way of understanding the different tools that were using and how they're going to learn
tactics and methodologies and you get to learn Learn
to use the information you've gathered in order
to get more information and information is really
what is this all about? You can't do much anything
without information and sometimes it takes
a fair bit of digging in order to find that information and what you're going
to learn is the entry points and the Stepping Stones
to get the information that you need.

And then once you
have that information, you're going to be learning
about ways to exploit it in order to get deeper
into the dark. You're going to learn
security awareness. We're going to talk about risk
and understanding risks and vulnerabilities primarily
recognize the difference between a vulnerability and an exploit and there's
a significant difference. There is so security awareness
and understanding what a risk is and how that impacts your Target and it's going to be key to a lot of things
that we talked about.

So it sounds like a lot
we're going to cover a fair bit of ground not all
of it at a deep level. Sometimes we are going
to skim the surface but there's an an awful lot
of material to be cover. So let's get started into talking about the different
skills are required or will be learned as a part
of the series of video. So initially just
for basic Computing you need a basic understanding
of operating systems. So it sounds like a lot weird that we're going to cover
and fair bit of a is going to be at a very deep level and sometimes we're just
going to skip the surface but there's an awful lot
of material to cover so let's get started. Okay, so that was all
about the skills that we are going to develop. Throughout this video
and that might be necessary for you to become
an ethical hackl. Now. Let's talk about
the types of attacks that you might be dealing
with ethical hacker yourself. So now we're going to be talking
about the types of attacks. Now one type of attack that you'll find common
particularly in cases of hacktivism, for example, or cases where people are trying
to make a particular point or just be a general pain is this idea of defacing defacing
goes back for quite a while.

It's the idea. In of sort of digital graffiti where you've left your mark
or your imprint behind so that everybody knows you were
there primarily a website thing and it's really just making
alterations to something that used to be pretty common
a long time ago. Now it's very particular
for businesses or people or just organizations
in general to have their homepage has been replaced
by this other thing that was along the lines
of hey, I was here and I took over your web page. We also have a pretty common one for certainly has been common
over the years.

And it's a pretty good part
towards quality exploits in high-profile vulnerabilities. And that's buffer overflow. Now a buffer overflow is
a result of the way programs are stored in memory when programs are running
they make use of a chunk of memory called a star and it's just like
a stack of plates when you put a bunch of plates down when you pull
a plate off you're going to pull the top plate
you're going to pull the old displayed you're going to pull
the one that was on top. So the same thing
with the stack here, we're accessing memory and This has to do with the way
functions are called in memory when you call the function
a chunk of memory gets thrown on top of the stack and
that's the chunk of memory that gets accessed and you've got a piece
of data in memory, but in that stack and
that's called a buffer and when too much data
is sent and try to put into the buffer it
can overflow now the bounds of the configured area
for that particular buffer.

It can overflow the bounds of the configured area
for that particular buffer. Now the way stack Are put
together we end up with the part of the stock where the return address
from the function is stored. So when you overflow
the buffer you have the ability to potentially
override that return at which point you
can control the flow of execution of programs. And if you can control the flow
of execution of the program, you can insert code into that memory that could
be executed and that's where we get buffer overflow
that turns into exploits that creates the ability to get
like a command shell or some other useful thing
from the system where the The buffer
overflow is running.

So that's a buffer
overflow in short. Sometimes. We also have
format string attacks. And sometimes these
can be precursors to buffer overflow formats. Now format strings come about because the C programming
language makes use of these format strings that determines how data
is going to be input or output. So you have a string
of characters that define whether the subsequent input or output is going
to be an integer or whether it's going
to be a character or whether it's going
to be a string or a floating-point
that sort of thing.

So you have a format string that defines the input
or the output now for programmer leaves
of the format string and just gets lazy
and provides only the variable that's going to be output. For example, you have
the ability to provide that format string. If you provide
that format string what then happens is
the program starts picking the next piece of data of the stack displays them because that way we
can start looking at data that's on the stack of the running program just
by providing a format string if I can look at the data I
may be able to Find information like return address or some other use
of piece of information. There is also a possibility of being able to inject
data into the stock. I may be able to
find some information like a return address or some other useful
piece of information. There is also a possibility
of being able to inject data into the stack. I may be able to
find some information like a return address or some other useful
piece of information.

There is also a possibility
of being able to inject data into the stock using
this particular type. Now moving on to our next type
of attack is a denial of service a denial of service. This is a pretty common one and you'll hear
about this a lot. This is not to be confused with
the one that I'll be talking about after this and that is
a distributed denial of service. So this one that you see is that this is a denial
of service attack and a denial of service
is any attack or action that prevents a service
from being available to its legitimate
or authorized users. So you hear about a ping flood
or a syn flood? That is basically a syn packet being sent to your machine
constantly or a Smurf attack and Smurf attack
has to do something with icmp Echo requests and responses using
broadcast addresses.

That one's been pretty
well shot down over the last several years. You can also get a denial
of service simply from a malformed packet
or piece of data where a piece
of data is malformed and sent into a program. Now if the program
doesn't handle it correctly if it crashes suddenly
you're not able to use that program anymore. So therefore you are denied. The service of the program
and thus the denial of service. Now, as I said a denial
of service is not to be confused with a distributed
denial of service. And I know it's
pretty trendy particularly in the media to call it
any denial-of-service DDOS or any denial-of-service DDOS.

Now it's important to note that any denial of service
is not a DDOS a DDOS or as you might know
a distributed denial of service is a very specific
thing distributed denial of the service is a coordinated
denial-of-service making use of several hosts
in several locations. So if you think about a botnet
as an example a botnet could be used to trigger
a distributed denial of service, but I've got a lot of bots that I'm controlling
from a remote location and I'm using all
these boards to do something like sending a lot of data
to particular server when I've got a lot of system
sending even small amounts of data all of that data
can overwhelm the server that I'm sending it to so the Behind a distributed
denial-of-service attack is too overwhelmed resources on a particular server in order to cause that server
not to be able to respond.

Now the first known
DDOS attack use the tool called stock Old Rod, which is German for barbed wire
the stock Old Rod came out of some work that a guy
by the name of mr. Was doing in 1999. He wrote a proof
of concept piece of code called tfn, which was the
tribe flood Network. Let me just show that for you. So you can see on the Wikipedia page
the try flat Network or tfn is a set
of computer programs that is used to conduct various
DDOS attacks such as icmp flood syn floods UDP flowers
and small for tax. Now. I know many people
don't really consider Wikipedia really good source
of any sort of knowledge, but it's a good place
to start off.

So if you want to read
about all these types of attacks like icmp floods and what exactly is
a syn flood you can always do that from It's
not that bad place. Of course, you should use
Wikipedia as your final Rosetta Stone moving on. So this program called Old Rod, which was it was used to attack
servers like eBay and Yahoo! Back in February of 2000 so that tack in February
of 2000 was really the first known distributed
denial-of-service attack, which is not to say that there weren't denial
of service attacks previously So to that there were
certainly plenty of them, but they were
not distributed now this means If there
weren't a lot of systems used to coordinate and create a denial-of-service
condition and therefore we get distributed
denial-of-service attack.

So that's a handful
of type of tax and some pretty common attacks that you're going to see
as an ethical hacker when you become
an ethical hacker or if you're trying
to become an ethical hacker, you should always know
about these types of attacks. Okay. So in this lesson, we're going to be talking
about penetration testing and some of the details
around how it works and Logistics and specifically
things like scope so, Exactly is penetration testing.

So well, not surprisingly. It's testing to see
if you can penetrate something which means you're going
to check to see whether you can break
into a particular thing. Whether it's a server or
in applications depending on the type of Engagement. You've got you may have
the ability to try to break in physically to a location but primarily but you're
going to be doing with penetration testing is you're going to be trying
to break into systems and networks and applications. And that's the kind
of what It's all about and this may actually involve
social engineering attacks. So it may require you
to make a phone call to somebody and get them
to give you their username and password or some other type
of social engineering attack where maybe you send a URL
via a crafted email. Sometimes it's just strictly
a technical approach. We're running scans and you're running Metasploit
and you're gaining access that way or maybe
some other type of Technology.

Application sort of connection, sometimes it's physical access
that you need. So in order to get access
to a particular system, if you can get physical access
then maybe you can get in so that was all about that's what exactly
penetration testing is. It's checking whether you
can get into a system whether it be physically
or on a network. So what are the goals of penetration testing the goals
would be to assess weakness in an organization
security postures. We want to figure out
what they're vulnerable so that they can go and fix
It's these problems you want to help them understand
their risk positions better and what they can or may be able to do
to mitigate those risks and ultimately you want
to be able to access systems in a particular way
to find weaknesses.

So those are really
sort of the goals of penetration testing now
from a result standpoint when you're done you're testing
what you are going to do. Well, you're probably going to
generate a report and by that, I don't mean you're going
to run some automated tool and you're going
to get it to generate. The report for you, you're actually going to give
that to the client. You're actually going to give
you a report to the client and then they're going to write
you a really large check. So that's not really
how it works. You're going to write a report
detailing the findings in a detailed way so that it includes
what did you do to find out what you actually found out and how you can actually
mitigate that particular risk.

So you should really include
remediation activities in order to fix this vulnerabilities that you find and it's
pretty easy to walk around saying hey, that's a problem
and that's problematic. And that's a problem. That's really not a lot of value in that where there's
a value is that hey, that's a problem. And here's how you
can go about fixing it. So let's talk about the scope
of penetration testing. So firstly you want
to actually realize how big is the breadbox
and how specifically what is it that the you two of the two
of you have agreed that being you
the ethical hacker and the other guy being
the authorized person to give you permission to ethically
hack specifically agree that you can do
penetration testing.

And you can Target them as
an organization or decline and what you have agreed
to our any exclusions or any sort of areas that they say you're not allowed
to touch so anything so like if they've got
a database server, maybe there's a lot
of really sensitive data on it and there's a little hesitant and they may put don't touch
this thing clause in the school. So there are a lot
of different reasons why they may exclude
areas from the scope and if they exclude them
then trust their reason and listen to them what They have to say
in terms of this is what we want you to accomplish.

So along those lines you
really need to get sign off from the target organization. Now, we've talked
about this before and this is certainly all
about the ethics then trust and it's also about legality because if you do something that you don't have
permissions to do you could be prosecuted for that. So definitely get the scope
very clear in writing and with signatures attached
to it as to what you can and what you can't do and always get approval
from the right people and make sure you get Buddy who has the right level of permissions and is
the right level of management so that they can sign off
on its understanding and accept the risk that is associated
with a penetration test. So let me talk a little bit
about security assessments and how they differ
from penetration tests.

The security assessment
is a hand in hand approach with clients. So you would walk in doing
a collaborative thing where you're a trusted partner
and you are live with them and your goal
isn't to penetrate them and point out all the things. That are really bad, but it's to get a full
assessment of the risk that the organization is exposed to and you would probably
provide more details about fixes that maybe you would
in a penetration test. Now what we're going to do
is we're going to walk in and make sure that the policies and procedures they have
in place are really what they need
for the organization and the risk appetite that they've got
and we're going to make sure that the policies
and procedures have controlled that can tell us whether they are being
actually adhere to or not.

Procedures and policies
are being followed a security assessment is
probably a little bit more comprehensive than a penetration test and you would look
at more factors to assess the security postures
of the organization in their overall risk and you would tailor the output
based on the risk appetite and what they're most interested
in and that's not to say that I'm going to tell them
what they want to hear.

But if there's something
that they know and I know that they're just
not going to do I'm not going to be making
a big deal out of it because they're already
Eddie aware of it and I'll make a note
of it in the report just for a complete the sick, but I'm not going to go out
in a lot of details. So it's really kind of a hand hand collaborative
approach where again, you're not just saying that they want us to say we're
providing some real security and risk guidance
towards her activities and other things so it may provide
an unrealistic view.

So you've got a week. Let's say to do
this penetration test against your target. Now, you're going to have
to go in you're going to have to get setup. You're also going to have
to start doing a bunch of scans and make sure that Gathering information and screenshots and data
for your reports you're going to have to do
all sorts of activities. Also during the course
of that week. You're going to be engaged
in probably beginning to write your report and getting a sense of
what is going to say and what's going to be in it. If you don't actually
get any major penetration during the course of that week
the organization may feel like their code and code secure.

That's one of the reasons
why penetration testing while really sexy
and show is nice and all but if an organization walks
out of it it believing that in a week, you didn't manage to get
no get the Keys of the Kingdom. They might must be secure
that's really misguided view because I'm dedicated skilled
and motivated attacker isn't going to just take a week
or some portion of that fee. They're after something
they're going to dedicate themselves to do it
and really go after it.

So just because you didn't find
a penetration in some subset of week doesn't mean that they're secure and Illman
and in vulnerable to attacks. It just means
that during the course of that particular week
and The circumstances that were in place you
can get a penetration that was really
significant or major. That's all it means. It doesn't mean anything
beyond that and if an organization
walks away feeling like the secure they're going to end up not fixing
the real vulnerabilities that may be in place that could expose them
to significant risks.

So that's penetration
testing its corpse its goals and how it differs
to security assessments now, it's time to go
over foot reading. So what is footprinting well
for printing is getting an idea. Via of the entire scope
of your target. That means not just the scope that you were given which may be an address block
or it may be a domain name that even maybe a set
of a truss blocks. Now, what you want to do
is you want to figure out all the information that's associated with that
in great detail as you can possibly get so you
want the list of domain names as you're going
to go through this you probably want some sort of database or Excel
spreadsheet or something.

Track of all the information because you're going to have
a lot of it at the end. You want to be able
to find information quickly. So having some sort
of in a notepad going with your notes or as I said spreadsheet
or a database. So if you can get organized in that way you want to keep
all those sorts of things down. So in this case, I want to do
some search on suppose. Let's say Eddie
record dot go now. I need Network block. So so far we found out
that just made up IP addresses because I'm just
putting information down, but I need never be Block, so you may have one IP address
that you can find externally or you're going to want to hold range of internal clocks and you
can do a little bit of digging.

If you aren't provided those you
want specific IP addresses for critical systems web
servers email servers databases. If you can find any
of these things of those sorts and you
want system architectures and what kind of stuff are they
running are they running Intel are they running windows? Are they running
some Unix systems? What are they running? What kind of Access
Control lists they have. These are going to be To get
but you may be able to guess them and you can guess
these by doing Port can so what sort of responses
you get back from the port scans with the filters and are
what you don't get back. We'll tell you about
if there's an IDs around or some you want
to do a system numeration, or you can get access to a system somehow you want
to know usernames group name. So on so the basic idea of footprinting is
gathering information now if you can get access to system
somehow you want to no use Names group names so you want
system banners routing tables SNMP information if you
can get it DNS host names if you can get those now, this is for both internal
and external on the side.

If you're doing
an internal penetration test or ethical hacking engagement. You want to know the networking
protocols that are out there. Are they using TCP IP, or are they using some UDP or are they on ipx
or SPX the using decnet or appletalk or are they
using some sort of split DNS? In other words? Do they have internal DNS? So was that give different foam for the external and will it
give different information? If you want to check for
remote access possibilities now in the foot printing process you want to be very exhaustive
you might want to try and take out email addresses
server domain name Services. I mean IP addresses
or even contact numbers and you want to be very
exhausted with your approach. You don't want to miss
anything out because if you do that, you can continue and also provide some some
launching points for additional.

Tax or test that you
may be able to do but this is definitely a starting point
of the types of information that you need to have as you go about
footprinting your target. Now next thing that we are going to see
is very interesting. This is one
of the many common tools that are out there
on the internet and that is the Wayback machine
or also known as archive.org now while it might not give you all
the information that you need but it gives certainly
gives you a starting point and what we're talking about
here is the Wayback machine or archive.org so Just
give you a quick look at what archive.org looks like.

Okay. I already have it open out here. So audio what you can see is how a website look
like around some time ago. So for example, if you want to look at
with Google look like so you just have to search
for Google out here and wait for results to come back. Okay. So we see that Google goes
way back to 1998. So that was the last capture
or the first capture other. It was the first capture
by the Way back machine and we can see that it has a screenshot
of November 11th and how Google looked so, let's see what Google look
like in November 11th of 1988.

So this is what Google look like it was there was
actually nothing to it. It just said welcome to Google
Google search engine prototypes and it hasn't link. So yeah, this is what the Google
search engine look like. It had a Stanford surge. It had a Linux urge and you could do
all sorts of stuff. You could just put
the results now. I'm trying to tell y'all is
you can see the evolution of the website should time
to the Wayback machine and this gives you rather
in informated look into how website
has actually evolved. Okay. Now that we know what
for printing is and how it falls into
the hole recognition process. So let's go over a couple
of websites to do a little bit of historical thinking
about companies and the types of infrastructure that they may be using and this information
of course is useful so that we can narrow
down our Focus. Us in terms of what we want
to Target against them for attacks now over time
we've improved our awareness about what sorts of information we may want
to divulge so several years ago you may have gone to a company's
website and discover that you could get
email addresses and names of people in positions that you may find relevant and there were all sorts
of bits of information that could be used
against the company and over time we have discovered that those are pieces of information probably
don't belong in a website where they can be used
against the company and so they've been pulled
off now The used to be also that Google had the ability
to pull up information that it had cash so far.

For example, if a website is
no longer available or if it was temporarily
down and offline. There was a little cash button
that you can click when you did
and the Google search and you could pull up
that cast information. So even though the website
wasn't available you can still get information from Google's
servers now Google's remove that so we don't have
that ability any longer. However, there is
an internet archive that we can Use so this thing
is called the Wayback machine and I have it open out here.

So it's archive.org / web. So archive.org is a website that gives us information
about other websites and how they look
like in years ago and by so I'm going to go
to the Wayback machine which you can see is
at the archive.org and I'm going to go and try and
search for Eddie record dot go. So now we're going
to take a historical look at Eddie record dot goes website and you can see we've got
some years and they've got information going back up to Thousand thirteen, so let's look at what
this website looked like when it was just 2013.

Okay, there doesn't seem
to be any snapshots out here. I wonder what's going on. Okay. So let's go 2014 and
the first snapshot seems to be on the September 12th of 2014. Actually. It's on May 17 to so
let's see what that looks like. Okay. So this is what Eddie
regular look like back in 2013 or other 2014 September
12 2014 to be actually exact now you can see that the we have
some live classes and all this pictures there and they've got this weird
picture of the sky and here I don't know why
that was a thing back in 2014. Now we can browse more
advanced screen shots or rather the screen shots
that were taken later on and see how this company has evolved
with this infrastructure and the way it actually
lays out its content. Okay, so it still hasn't evolved but I can go a couple
of years ahead and see what this has actually
evolved into so if I would go to December 2016, so this is what it looked
like in 2016 and we can see that they've added
this weird box out here about brides and courses
they have other search bar that kind of looks weird, but it's mostly
because my Internet is slow and it's not loading
all the elements.

They've also changed how they've actually laid
out the courses we can also. Oh see a change
in the prices, I guess. So, yeah, this tells us about how it evolves
as complete website. Now this other website I want to
talk about is called net crap. Now next craft does internet research including
the types of web servers that companies run and they
have a web server service. You can see here as we scroll
the Apache server service has sixty four point three percent
of the internet Market, of course, and that's followed by Microsoft with 13% interesting information
may be useful information, but even more useful
than that is looking. But different companies
Run for the websites and you can see here. Okay. So let's try and search
for Eddie Rekha dot code here. So let's just put
in the website URL and that net craft
generate the site report. So as you can see that some stuff
is not available. You know that the net
block owner is by Amazon Technologies name
server is this thing right here? DNS admin is
AWS DNS host Master.

We also have the IP address
we can go for a wire look up. Up the IP on virustotal
you can do that. There is no IPv6 present. So that's some information that we can see so we
can obviously opt-out not Target IPv6 ranges. Then there's also reverse DNS then we also have a bunch
of Hosting history. So this is a history
of it and we know that it's hosted on a Linux
system with an Apache web server and it was last seen and this was when it
was last updated. So this is some very
useful information. You can also get information
on If like Netflix, so if you just type, okay I said I just
spelled that wrong. So let me just change
from the URL out here.

So if you go and die for
netflix.com and you'll see that it will show you
all sorts of information. So as you see that it's
on an e WS server. It's Amazon data services, Ireland and this is
all the hosting history that it goes along with it has some send the
policy Frameworks domain-based message authentication and Reporting confirmations. And there's all sorts of information that you
can get about websites and web servers from net craft. So the Wayback machine long with net craft make up
for some interesting tools that are available
on the internet from which you can do a little bit
of your reconnaissance recess.

Okay. Now that we have gone
over net craft and the Wayback machine now, it's time to actually get to know how to use
the little information that the side actually provides. So what the next topic that we are going to go
over is using DNS to get more information now we're going
to be Going over to land. This is called
who is and the utility that is used to query
the various Regional internet registries the store information
about domain names and IP addresses and let
me just show it to you about all the internet
registries are there. So I have Aaron dotnet open out here and these are
the internet registries that provides the isps and looks over the Internet
control as a whole. So here we have afrinic we
have up next we have Aaron we have lacnic
and we have ripe NCC so These are all the regions
and all the different types of stuff that they support
all the different countries.

You can look at the map that it is pouring out
here by just hovering over the providers. So as you can see all
these Brown region out here is Africa after Nick then we have up next
which is black or grayish thing, which is India and Australia and quite a lot of issue
then we have iron which is a lot of North America
in the United States me. Then this lacnic
which is mostly the Latino side, which is a South American part. Then we have the rest of Europe which is ripe NCC
and this is the part that ripe NCC is providing
internet to okay. So that was all
about the internet registries. Now, let's get back to the topic and that is using DNS
to get more information. Now for this we are going to
be using a Linux based system. So I have a bunch of running
on my virtual machine out here and let me
just log into it. So firstly we are going
to be using this Square. I recalled who is that looks up these internet registries
that I just showed you.

Let me just quickly remove this. Okay. So for acquiring information from the regional internet
registries that I just talked about you can use who is to get information about who owns
a particular IP address. So for example, I could do who is and
let's see I could do who is Google or rather
netflix.com and we can get all sorts of information
about Netflix so we can see that we Of the visit markmonitor
then let's see. Let's go up and look
for all sorts of information that has been given to
us by this who is query.

So as you guys can see I just
went a little bit too much. Okay. So registry domain ID, we have the domain ID
where it is registered as a registered URL is markmonitor. Okay. So this is for marking actually
now the creation date is 1997. So you haven't realized Netflix
been around for a long time and it's been updated on 2015. And registry expiry date as we see is 2019 that's going
to actually go off this here.

Then this is all
useful information so we can see all sorts
of domain status the name server URL the DNS SEC
that it says unsigned. This is very useful information that is being provided
by very simple query. Now, if you want to know who
owns a particular IP address, so let's see if we get back
the IP address out there. We should have got
back the IP address, but it's kind of lost on me.

So To get back the IP address
also for a domain name service. So, you know, so you could use
this command called dick. So your dick netflix.com. Now as you guys can see that it has returned a bunch
of multiple IP addresses at these are all
the IP addresses that Netflix's so I
could do something like if I was trying to check out who all the certain
IP address and for example, I have got one
of these IP addresses, but let's just assume
I don't know that actually belongs to Netflix so I can go who is
50 4.77 dot hundred and eight to and it'll give
me some information so As you guys can see
it is giving us a bunch of information as to who this is
and how it is happening. So we see that it is from Aaron dotnet and so
we can very smartly assume that it's from the North
American part know we can also see
that it's in Seattle.

So our guess was
completely right. So it also gives us a range. So this is
something very useful. So if you see we now have
the rain age of the IPS that might be being
used by this guy. So we indeed have 54 and it
says it goes up to the 54. There's also 34 lat now. Let's check that out and see
what information we get set who is and let's check it out. What was the IP that we were just seeing
is 34.2 49.1 25.1 67.

So 34.2 49.1 65 I don't know. Let's see. You can also put in
a random IP address. It don't really matter and they'll give
you the information. So let's see is this and some IP address even
this seems to be an error and IP address
and it's also based in Seattle and we got
a bunch of information. So that's how you can use the who is query and the query do actually
get all sorts of information about the domain name service
and get information from a DNS basically. So now let's go
over some theoretical part that Is for DNS. So using DNS to get
information so firstly what is the domain name service? And why do we need? So a domain name service is
a name given to an IP address so that it's easy to remember.

Of course you it's easy
to remember names and demonics rather than a bunch
of random weird numbers. Now, this was mainly so that we can map names
to IP addresses and we can get the a bunch of information
from the host name resolution. So that's the purpose
of IP addresses now we Also be looking at
how to find network ranges. Okay. Now before we get
onto actually moving on to how to find out
the network ranges, let me just show you
how you can also use who is so who is suppose
you want to know the domains with the word feu in it.

So you could go who is fool and this
will give you a whole bunch of things but hafu exist
and all the sorts of foods that there is on the internet. So that was
one interesting flag, and if you want to know how to use more about Who is
you could just go – – hell? Yes. Yeah. So this is all
the types of stuff that we can do with who is so you can set the host
we can set the board that we want to search for then
we can set with the elf laughing and find one level
less specific match and we can do an exact
match to an inverse look up for
specified attributes.

Then we can also set the source
we can set verbose type and we can choose for request template
with this bunch of stuff. Can do so you could suppose say who is verbose and suppose
any record dot coal and I'll give you
a verbose version of the right database
query service objects aren't RPS out format
the right database objectives. So, okay. Let's try something else
like who is netflix.com? Okay, I'm sorry. I was supposed to be were both
and I kept doing Edge silly me. So you do V and that will give you a much more like this
is the right database again.

And I think
I'm doing something wrong. Okay, just for that thing. OK V and tight okay, or let's just see
that's let me just show you how to use video primary
keys are returned. Only primary Keys. Okay. Let's see. Let's try that out. Okay, so it seems to be that this is a ripe
database query service and objects are
in our PSL format. So it won't really
work for that thing. And it also says that no entries found
because this error so this is for
some layer lessons. So for now, I hope I gave you a good idea
of how to use Hue is like you could Just go ho is then some IP address 192.168.1.1
or some Gabriel just like that or you could just go
for a domain name service like Facebook and get all sorts
of information about Facebook when the query actually
returns you something.

Okay. So let's move on to network range is now now
in this part of the video. We are going to be going
over the utility called who is which is used for getting
information from the DNS. Now, let me just show
you a website. Get out here. So this is the regional
internet registries. So the internet registries
are used to store information about domain names and IP addresses and there are five Regional internet
registries first is iron, which is responsible
for North America.

So that would be the US and
Canada then we have laugh make which is responsible
for Latin America and portions of the Caribbean then there's ripe that's responsible for Europe
and Middle East and Central Asia. There's afrinic which is
responsible for Africa. And finally we have up next which is responsible
for Asia Pacific Rim. So, that's the Regional internet
registries and as I said who is responsible
for acquiring information from the various
Regional internet registries as you can use who is to get
information about who owns a particular IP address, for example, let me just open
up my Ubuntu system.

Let me clear this out first. So as I was just saying, for example, you could go
who is facebook.com. Okay. So as you guys can see
we could find out pretty quickly about who owns
a particular IP address. So for example, I could do who is
in just go facebook.com and tells me about who it
belongs to a also gives you who owns a particular IP address and who's responsible
for them from the information. You can get email addresses. I belong to
a particular company. This one has an email address for Tech contact
of Ip reg address it so you can get all sorts
of email addresses attack contacts and all sorts
of stuff out there the Database contains
only.com and dotnet and all sorts of information.

Now. I want to query
a different IP address and different information belongs in the different
Regional internet registries, of course, so if I want to go
to a particular database, I will have to use
the minus H flag so I could do who is Aaron net
and remember the IP address and I'm going
to query that again. And of course I get
the same information back because I went there so you could just go who is Edge and then follow it
with an IP address. So something like 30 4.25 the 176 the 98 so that's
just some random IP address. I just made up and it says
that who is option? Okay. So it's a it's a capital H. Okay. So let's see that and we get all sorts
of information back from that. So area a Darren and all sorts of stuff now I
can get information about domains as well.

So if I can query
something like netflix.com and I can find out that this is that actually Netflix and there's an
administrative contact and the technical content that I
need to see the difference. Main server so service that foot have
authority of information about the DNS entries
for that particular domain. You can also see
other information like when the record was created and whole bunch
of different phone numbers that you contact an
additional storing information about IP addresses
and domain name.

Sometimes it will
store information about particular host names and there may be other reasons
why you would store a hostname or particular information about hosting on
the system where the one of the rare rirs now if I want to wanted to look
up something specifically So once I have found that I could know do a look up on who is supposed say
something like who is full. So let's say who is fool. Now if you already don't have who is installed you
can easily install it by just going up to install who is on your Unix system
and that should do the trick and then you can start use
this really Nifty tool. Okay, so that was all about using who is now let's get
on to actually using how to Network ranges
for a domain. Okay. So now let's talk about how we
are going to be going over and fighting next ranges.

So suppose you bought it
at engagement and you only know the domain name and you don't know much beyond that and you're
expected to figure out where everything is
and what everything is. So how do you go
about doing that? Well use some of the tools that
we either have been talking about or will soon be talking
about in more detail. And the first thing
I'm going to do is I'm going to use a domain name
that you record.com and I'm going to look up at you
like a DOT go and see if I get get an IP address back. So let's just head over there
and go poo is Eddie record or not cool, or we could use
the host keyword. So as you see we get
an IP address back and that is 34 the to dander to 30 the 35 and that is
the IP address and you see that I've got back
an IP address.

So here's just an IP address and I don't know what
that IP address belongs to and I also don't know
how big the network range or network block is that's associated
with so what I'm Do is a who is and I'm going
to look up with Aaron who owns it IP address so you can basically go
who is 34.2 10.2 3935. So as you guys can see that gives us a bunch
of information and who is now this doesn't seem to
have a very big Network range, but unlike something
like Netflix.

So suppose we were to do something like host
netflix.com and see See now. We have a bunch of IP addresses. So suppose we will do
who is let's see who is 52.99 the $40 147 now I'm expecting Netflix
to be a much larger company and have a better. Yeah now see we get net range. So this is the network range
that we're talking about. So we had a random IP address and now we have found
the network range. So that's how
Find network ranges and this can be very useful.

So this gives me evidence that netflix.com has a presence
on different addresses. The one I have also located by looking up
that particular host name. So I've got one address
here that I can look at. Let's take a look at the website because let me
different address. Now if I didn't have
that I could also go and do something
like an MX flag. So let's see I could go dig and this will give us
all the male's so dig MX.

And let's see. Let's see what MX
does actually you go help so we could do dig –
Edge for a list of options. So these are all the options
that we have and the one that we're going to use
is something like this. Do you think MX and we say
something like netflix.com. So these are all
mailings and mx's that we have gotten from Netflix
and this is information regarding it's still
producing information. That's a big thing to produce. Okay. So as I was just
saying you can use the MX flag I could get back all
the mail handlers in this case and their mail is being handled
by Google and let's see wait, let's go until then
it's going to tell me that Google is not particularly
surprising and other things that you can do is check
for different host names since I'm assuming DNS
probably doesn't allow Zone transfers since most DNA. Has servers don't anymore, although they used to you
may have to start guessing so I could do something like
Web Mail said we find out here.

So it's showed us a dump of all
the ascending memory stuff. Okay, so that was all about finding Network
ranges now moving on to our next topic is using
Google for recognizance. Now some people also call
this Google hacking now, if you know how to use Google to exactly Target and find
what you are looking for. Google is an excellent tool
for recognitions purposes. And today. I'm going to show you
how you could use Google exactly for your searches. So first of all, let's go Open a tab
of Google so open up here. So let's go to google.com. Ok. So now we're going to be talking about how we can use Google to
actually gain some information or some targeted information. So this is in general called
Google hacked now when I say Google hacking
I'm not meaning by breaking into Google
to steal information. I'm talking about making use
of specific keywords that Google uses to get
the most out of the queries that you submit. So for example, a pretty basic one is the use
of quotations you go things in order to use Civic phrases.

Otherwise Google will find pages that have instances of all those words rather than
the word specifically together in particular order. So I'm going to pull this query
up and this shows a list of let me just show it to you. So you go index off now. This is showing us an index
of all the films now. This is basically all
those index of size that you want. So as you guys can see the show
this index of all sorts of films that are there now you
can Use index of and you see that we have also an index of downloads
or something like that.

-.com such download and it is an index
of all sorts of stuff. Now you can go into some folder
and check them out G Jones. You weren't EG Perico. I don't know what these are
but some sort of self. And this is how you
can use Google Now. Let me just show you
some more tricks. So you can use this
suppose you're using Google to find for something
like a presentation so you could use something
like file type.

DP DX and it'll search
for every type of file there. That is Peabody. Okay. Let's try some other
side PVD so config. Okay. So this brings up all
the types of files that have some configs in them. So some gaming configuration as we see this initial
configuration of Liverpool. Now, you could also use
something like the sing and URL and you can use
some other route. And this will give
you all the things that route in their URL. So King rude and Digital Trends and how to root Android
so fasten the root and suppose you want
to say something like all in file type or suppose. You want some extension
so so dot P BTW the pptx. Does that work? Let's search for
JavaScript files. Okay. I think it's JS. Okay, that doesn't seem
to work either. This shows us all the things
that she estimate. No, it's just external JS. I'm doing this wrong. So you could use file type.

So let's see file type
and we go see doc. So these are all the documents that you could find
at the file type thing. And you could also
do GS, I guess. Yeah. This is give you all
the JavaScript files are there. So this is how you can use
Google to actually narrow down your searches to suppose you want
a particular set of keywords, and we want to make sure we get
the password file from Google. Okay. So now let's go into more details
about the various things. You can find
using Google hacking. Now while Google hacking
techniques are really useful for just general
searching in Google. They're also useful
for penetration testers or ethical hackers. You can narrow down information that you get from Google you
get a specific list of systems that may be vulnerable so we can do things
like look for are pages that do in the title error. So I'm going to get
a whole bunch of information.

So suppose like we go in title
and we say error So as that we get
all sorts of stuff and we can do
the mines Google part. So if you don't mind is
Google not show you the stuff that's from Google. So we get a variance
documentation pages about different vendors
and the errors that they support. So here's one doc
about Oracle about Java error, but you know something more
specific we may be able to get errors about all sorts
of other stuff. So this is how you could use
the Google hacking technique to your own advantage
of your penetration tester.

Now, let's also show
You something called the Google hacking database now. This is very useful
for an ethical hacker. Now on the Google hacking
database was created several years ago by
a guy called Johnny Long who put this Google hacking
database together to begin to compile a list of searches that would bring
up interesting information. Now Johnny has written a couple
of books on Google hacking. So we're at the Google
hacking database website here and you can see them talk about Google Docs
and all sorts of stuff.

Now you can see that we can do all sorts
of search like and you are Elsa BC B SP this brings up
some portal Pages now out here. You can bring up some password
APS password and URL. Now this will give
you all sorts of stuff on Google suppose you go and URL
like a PS password. Now, you can get all sorts of stuff like which have
passwords in their URL.

So maybe you can just guess
a password from there to now that was Google hacking so Google hacking
entries and they also, Number of categories and that you can look through
to find some specific things. So you may be interested
in of course and you will search
specific information that you may be looking for with regards
to specific product. For example, let me
just show you XY database.

These are all
the certain types of stuff. You can go through out here. And as you see we have all sorts of sound like is
an SQL injection thing. This is something
regarding Pier archived ours. So these let you get a foothold
in the some password cracking. Alms and you can do
some Brute Force checking and you can see here if it talks about the type
of searches and what it reveals. You can just click here
on Google search engine will actually bring up
Google fit a list of responses that Google generates.

So let's look at this one here. This type is a log. So this is something
about cross-site scripting logs and we can also
see some party logs if I was not wrong so some denial-of-service POC
and we can see a bunch of stuff and if you continue
to scroll down there, Our interesting information in here so somehow
somebody's got a party log that has a lot of information. They've got it up
on a website and basically bunch of information that you can see you can also
get some surveillance video sometimes and you can look
into them and this basically how you could use Google.

So it's basically a list of
queries that you can go through and this is a very useful site if you are a penetration tester
and looking for some help with your Google
hacking terminologies, so that's it for Or Google hacking now. Let's move on. Okay. So now it's time
for some networking fundamentals and what better place
to begin with dcpip. Now we're going to be talking
about the history of dcpip and the network that eventually morphed
into the thing that we now call the internet. So this thing began
in 1969 and it spun out of this government
organization called arpa which Advanced research
projects agency and they had an idea to create
a computer network that was resilient
to a certain type of military attacks and the idea was
to have This network that could survive certain types
of war and warlike conditions.

So our percent out this request
for proposals to BBN, which is Bolt beranek and Newman
and they were previously and acoustical consulting
company and they won the contract to build what was called the arpanet. The first connection
was in 1969. So that's where we get the idea that the internet began
in 1969 and the internet as we call it now Then
Shall We Begin but arpanet it and often it has a long history that goes goes through NSF net in 1980s and after arpanet
was sort of decommissioned and a lot of other networks
were folded into this this thing called nsfnet that then turned into
what we now call the internet and once a lot of other
networks were connected into its first protocol
on the arpanet initially there were
18 to 22 protocols, which is very first protocol
defining communication on arpanet and it
was called 1822 protocol because BBN report
1822 which describes how it works shortly
and after that.

It was just think all
the network control program and the network
control program consisted of arpanet host-to-host protocol
and an initial control protocol. Now, they're certainly
not a direct correlation or an analogy here. But if you want to think about it in particular
where you can say that the arpanet host-to-host
protocol is kind of like UDP and initial connection
protocol or ICP. It's kind of like TCP. So the host-to-host
protocol provided a unidirectional flow control
steam stream between hosts. Which sounded a little bit
like UDP and ICP provided a bi-directional pair
of streams between Two Hosts. And again, these
aren't perfect knowledge. He's but the host-to-host
protocol is a little I bit like UDP and ICP is a little bit like TCP now now
the first router was called an interface message processor
and that was developed by BBN.

It was actually
a ruggedized Honeywell computer that had special
interfaces and software. So the first router wasn't
Roundup built piece of Hardware, but it was actually
an existing piece of hardware. Especially published
for this particular application. So Honeywell had this computer
that they made out and BBN took that and made some specific
hardware and faces and build some special software that allowed it to turn into this interface
message processor, which passed messages
over arpanet from one location to another so where did I become
hint here in 1973? So I became in here
as well in 1973 as I just said and a guy
but name of Vint Cerf and another guy by the name
of Robert Kahn took.

The ideas of NCP and
what the arpanet was doing and they tried to come up
with some Concepts that would work for the needs that the arpanet had
and so by 1974. They had published a paper
that was published by the IEEE and they propose
some new protocols. They originally proposed
the central protocol called TCP later on TCP was broken into TCP and IP to get away
from the monolithic concept that TCP was originally
so they broke it into more modular protocols
and thus you get TCP and IP. So how do we get to our version? Or which is ipv4 since that's the kind of Internet that we're using
right now version 6 is coming and has been coming
for many many years now, but you're still
kind of version for so how did we get here
between 1977 and 79 and we went through version 0
to 3 By 1979 and 1980.

We started using version 4 and that's eventually became
the de facto protocol on the internet in 1983 when NCP was finally shut down
because of all the hosts on the arpanet, but we're using TCP IP. By that point in 1992 work began on an IP Next Generation
and for a long time, although the specifications in the rfc's talked
about P&G eventually and I PNG became known as IPv6.

You may be wondering
where ipv5 went. Well, it was
especially purpose protocol that had to do something with streaming and certainly
not a widespread thing. One of the differences
between ipv4. And IPv6 is that IPv6 has a 128-bit address
which gives us the ability to have some Recklessly
large numbers of devices that have their own unique
IP address IP V4 by comparison has only 32-bit addresses. And as you probably
heard we're well on our way to exhausting
the number of IP addresses that are available
and we've done a lot of things over the years
to conserve address space and reuse address space so we can continue to extending
to the point till where we completely
run a 5p V4 addresses. Another thing about IPv6
is it attempts to fix on the inherent issues and IP and some of those has to do
with security concerns and there are certainly
a number of flaws and ipv4.

I'm going to start working
on IP Next Generation or IPv6. They try to address some
of those concerns in some of those issues and they
may not have done it perfectly but it was certainly an attempt and IPv6 attempt to fix
some of the issues that were inherently in IP. And so that's the history of
TCP IP still very reach today. Okay. So now that we've discussed
a brief history on TCP IP and how it came about
to the TCP IP version 4 Cisco's the model itself. Now we're going to be
discussing two models. And those are the OSI model
and the TCP IP model. Now as I said will be talking
about the OSI and TCP models for Network protocols
and the network Stacks OSI. First of all is the one that you see out here is the one
on the left hand side of the screen and OSI stands for
open systems interconnection. And in the late 1970s, they start working on a model
for how a network stack and network protocols would look
originally the intent was to develop the model
and then developed protocols that went with it.

But what ended up happening was after they develop the models
TCP IP started really taking off and the TCP IP model was what went along with it
and much better what was going on with TCP IP, which became the predominant
protocol and as a result The OSI protocols
never actually got developed. However, we still
use the OSI model for teaching tool as
well as way of describing what's going on
with the network stack and the Applications you'll often hear people talking
about different layers. Like that's a little too problem or render layer
3 space now continuing through these lessons. I'll refer occasionally
to the different layers.

And when I do that,
I'm referring to the OSI model. So let's take a look
at the OSI model starting from the bottom. We have the physical layer, which is where all the physical
stuff lives the wires and cables and network interfaces and hubs repeaters switches
and all that sort of stuff. So all that's all physical stuff
is sitting Sitting in the physical layer now sitting Above This is
the data link layer.

And that's where
the ethernet protocol ATM protocol frame relay. Those are things live. Now. I mentioned the switch below the physical
the switch lives at layer 1, but it operates at layer 2. And the reason it
operates at layer 2 is because it looks
at the data link address and the layer
to our physical address and that's not to be confused
with in the physical layer. It does get a little
mixed up sometimes and we refer to the MAC address now the MAC address is
not the physical address. I'm talking about it is the message
authentication code dress on the system as
so the MAC address on system as a physical address because it lives
on the physical interface and bound physically. However that Mac address or media Access Control
address lives at layer 2 at the data link layer
the network layer, which is right above at layer 3.

That's why the IP lives
as well as icmp ipx and from ipx SPX to the protocols from novel
routers operate at layer 3. Three and at layer 4 above that
is the transport layer. That's the TCP UDP and SPX again
from the ipx SPX suit of protocols number
of that is the session layer and that's layer 5 and that's a plot of SSH as well
as several other protocols. Then there's a
presentation layer which is a layer 6 and
you'll often see people refer to something like jpeg
or MPEG as examples of protocols that live on that layer then
there's a presentation layer, which is the final layer which is layer 6 and you'll
often see people refer to something like Jpeg, or MPEG as example the protocol
that live at that layer and then the live at that layer
which is the presentation layer. Finally. We have Leo 7, which is the application layer
and that's actually TP FTP SMTP and similar application
protocols whose responsibility is to deliver and use
the functionality.

So that's basically
the OSI model and that's the seven layers
of the OSI model and there's some important
thing to note here. That is when we
are putting packets onto the wire the packets
get built from Top. Top of the Stack Down by from the top of the stack
to the bottom of the stack which is why it's called
a stack each layer sits on top of the other and the application layer
is responsible for beginning the process and then that follows through
the presentation session and transport layer and down
through the network data link until we finally drop it on
the wire at the physical layer when it's received
from the network. It goes from the bottom up and we receive it
on the physical and gets handled
by the data link and then the network
and till the application layer. So basically when a packet
Coming in it comes in from the application goes
out from the physical and then we're going out also, it goes from the physical
through the data link, then the network
transport session presentation and application and finally
to the Target system.

Now what we're dealing with is
an encapsulation process. So at every layer on the way
down the different layers add bits of information
to the datagram all the packet. So that's when it gets to the other side
each layer knows where it's demarcation pointers. Well, it may seem
obvious each layer. Talk to the same layer. On the other side. So when we drop a packet out onto the wire the physical layer
talks to the physical layer and in other words
the electrical bits that get transmitted by
the network interface on the first system are received on the second system
on the second system. The layer two headers have report by the first
system get removed and handled as necessary. Same thing at the network layer. It's a network layer
the puts the IP header and the network layer that removes the IP header
and determines what to do from there and so
on and so on again while it may seem obvious It's an important
distinction to recognize that each layer talk
to each layer while it may seem obvious.

It's an important
distinction to recognize that each layer talk
to each layer. And when you're building
a packet you go down through the stack and when you're receiving
you come up to the stack. And again, it's called a stack because you keep pushing things
on top of the packet and they get popped
off the other side. So that was detailed and brief working on
how the OSI model is set up and how the OSI model works now, let's move on to the VIP model, which is on the right hand side
and you'll notice that there's a really
big difference here that being that there are only four layers
in the TCP IP model as compared to the seven layers
of the OSI model.

Now, we have
the network access layer the internet layer the transport
layer and the application layer in the functionality. Now, we have the access layer the internet layer
the transport layer and the application
layer the functionality that the stack provides is
the same and in other words, you're not going
to get less functionality out of the TCP IP model. It's just that they've changed
where And functionality decides and where the demarcation point
between the different layers are so there are only four layers
in the TCP IP model, which means that a couple
of layers that have taken in functions from some
of the OSI models and we can get into that right
here the difference between the models
at the network access layer in the TCP IP model that consists of the physical and the data link layer
from The OSI model.

So on the right here, you see the network access layer that takes into the account
the physical and the data link layers from The OSI model and the Left hand side similarly the application layer
from the TCP IP model and compresses all
the session presentation and the application layer
of the OSI model on the right the very
top box the application layer and Compass has
the session presentation and application layer
and on the left hand side that of course leaves
the transport layer to be the same and the OSI model. They call it the network layer
and then dcpip model. It's called the internet layer
same sort of thing. That's where the IP lives
and even though it's called the internet layer as
compared to the network layer. It's Same sort of functionality. So those are the really
big differences between OSI and dcpip model anytime. I refer to layers
through the course of this video that I'm going to be referring
to the OSI model and in part because it makes
it easier to differentiate the different functionality.

If I were to say live
on function in the TCP IP model, you would necessarily know if I was talking
about a physical thing or a data link thing since there's more granularity
in the OSI model. It's better to talk about
the functionality in terms. Terms of the layers
in the OSI model and that's the predominant
model The OSI model and the TCP IP model for Network Stacks Network
protocols and applications. Okay. So now that we've discussed
the TCP IP model. Let's go over some
another important protocol and that is UDP. So what do you see out here on your screen right
now is Wireshark and we'll be going
over the users of our shark and what it's useful for
in the sock upcoming lessons. But for now, let me
just show you a UDP packet. Okay. So before we get into the analysis of the packet
while it's still filtering, let me just tell you
a little bit about you to be so UDP is a protocol and
the TCP IP suit of protocols. It's in the network layer.

That's a network layer
in the OSI. So similar reference model
the IP network layer carries the IP address and that has information
about how to get back is to his destination the transport layer sits
on top of the network layer and that carries information about how to differentiate
Network layer applications and that information about
how those Network application gets differentiated is
in the form of ports. So the transport layer has ports and the network layer has
in this case an IP address. And UDP is a transport layer
protocol and UDP stands for user datagram protocol and often call connectionless
or sometimes unreliable. Now unreliable doesn't mean that you can't really rely
on it unreliable means that you can't just that what you sent
is reaching the other side. So 1 means actually
that there's nothing in the protocol that says
it's going to guarantee that the data Will Graham
that you send or the fact that you send is going to get
where you wanted send it.

So the Tikal has no sort
of safety feature like that. So you shouldn't use
this protocol that is used to be if you want some sort
of safety net. And if you needed that type
of safety net you would have to write it
into your own application. So basically UDP is
a fast protocol and that's one of the reason why it's good. It's also on the reason
why it's unreliable because in order to get
that speed you don't have all of the error
checking and validation that messages are getting there. So because it's fast it's good for things like games
and for real-time voice and video anything
where speed is important. And you would use UDP. So right here. I have a packet capture. So I'm using Wireshark capture
some buckets and let's check out UDP packet so out here you see that there are some freedoms that says 167 bites on bio
167 bites have been captured but we're not really interested
in the frame part. You're interested in
the user datagram protocol. But so here you can see that the source board is
one eight five three and the destination
Port is Phi 2 0 8 1 now it has a length
and it has a checksum and Tough.

So as you guys see
out here, well, we don't really see
a bunch of information what you only see
is a source port and the destination port land
and there is also a checksum so you to be doesn't come
with an awful lot of headers because it doesn't need any of the things that you see
in the other packet headers. The only thing it
needs is to tell you how to get the application
on the receiving host.

And that's where
the destination Port comes in and wants the message gets
to the destination. The destination needs to know how to communicate back
to the originator and that would be
Through the source port or a return message. So a return message
would convert The Source port to a destination port and send back to that board in order to communicate
with the originator. So we have a source port
and destination port and the length is a minimal amount of checking
and to make sure that if the packet that you received
as a different from the length that specify in the UDP header, then there may have
been something wrong so you won't may want
to discard the message to check for more messages.

So the checksum also make sure that nothing in the middle
was tampered with although it's if there's some sort
of man in the middle. Attack or something like that a checksum is
pretty easy to manufacture after you've altered the packet so you can see here
in the message that there's a number
of UDP packets some of them just UDP the one look and happens to be
from some Skype application, I guess so talking
to Skype servers and we've already got
the DNS now DNS also needs some Fast Response times because you don't want
to send a lot of time looking up information about service
that you're going to before because just to go to them. So DNS server through all
throughout their queries on to the Using UDP hoping
to get fast sponsors. They don't want to spend a lot
of time setting up connections and during all the negotiating that comes at the
protocol like TCP.

For example. So here you see
that the DNS is using UDP and what we've got here is another
UDP packet for Destination and all sorts of stuff so you can see it out here so you can see the checksum. It's unverified checksum status so you can check out all sorts
of stuff using Wireshark. So that was about UDP
or The user datagram protocol. Okay. So now that we're done
with the user datagram protocol. Let's talk about
addressing mode. So addressing modes is how you address a packet
to your different destination. So there are three kinds
of addressing mode. The first kind of addressing
mode is unicast. This is pretty simple
one to understand. So there is one destination
and one source and the source sends
the packet to the destination and it's it depends
on the protocol that you're using
to actually address.

So if it's something like TCP IP your Using
a bi-directional stream. So the blue computer can talk
to the red computer and the red computer can talk
back to the blue computer, but you can also use
a UDP stream which is like One Direction stream. So it's not sure
if I'm using the correct word. So it's a stream that
in One Direction. I guess I'm driving
home the point here. So if it's UDP only
blue is talking and when blue stops
talking then read can talk, but if it's dcpip blue and red
him talk simultaneously at the same time now moving
on there's also so broadcast now broadcast means that you are sending
your bracket to everybody on the network.

So broadcast messages
are very common from mobile network providers so many get those
advertisements saying something like you have
a new postpaid plan from Vodafone or as hell
or something like that. Those are broadcast messages. So it's one server
that is sending out one single message to all
the other systems now, there's also multicast now. The cast is like broadcast but selective now
multicast is used for actually casting yours
your screen to multiple people. So something like screen share and you're doing it with
multiple people is multicast because you have the option
to not show particular computer what you are actually sharing. So those are three modes of addressing unicast
broadcast and multicast. Okay now moving
on let's look into the tool that we just used once and UDP. That is why sure. So what exactly is wash off? So this utility called
Wireshark is a packet capture.

Usually meaning that
it grabs data. That's either going out or coming in of a specific
Network and there are a number of reasons why
this may be useful or important on the reason
why it's really important is what's going on in the network
is always accurate. In other words. You can't mess
around with things once they're on the network
or you can't lie about something that's actually on the network
as compared with applications in their logs, which can be
misleading or inaccurate.

Or if an attacker gets
into an application they may be able to alter the logging
now several other behaviors that make it difficult to see
what's really going on and the network
you can really see what's going on. Once it hits the wire. It's on the wire and you
can't change that fact now once it hits the wire so we're going to do here
is a quick packet capture. So let me just open up
our shop for you guys. So as you guys can see I have already washed
Shock open for us.

Let me just remove
the CDP filter that was there. So why shock is Cheering. So let's go over the stuff
that you can see on the screen some important
features of our sharks so that we can use it later. So what I'm doing here is a quick packet capture
and I'm going to show some of the important
features of Wireshark so that we can use
it later on now when we're starting to do
some more significant work. I select the interface
that I'm using primarily, which is my Wi-Fi, and I'm going to be go over here
and we'll bring up a Google page so that we can see
what's happening on the network.

So let me just quickly open
up a Google page as you guys can see
It's capturing a bunch of data that's going on here. Let me just open
up a Google base and that's going
to send up some data. Let's go back. So it's dropping a whole bunch
of stuff of the network. I'm just going to stop
that going to go back and go back and take a look
at some of the messages here. So some of the features
of a shock as you can see on the top part of the screen. It doesn't window that says number time Source
destination protocol length and info and those are
all of the packets that have been captured
in the numbering starting from 1 and the time I'm has to do
with being relative to the point that we've started capturing
and you'll see the source and destination addresses and the protocol
the length of the packet and bytes and some information about the packet
the bottom of the screen.

You'll see detailed information
about the packet that has been selected. So suppose I'm sales selecting this TCP packet out
here so we can go through the frames frame also has an interface ID
is encapsulation type and all sorts of information. Is there about the frame
then we can look at the source Port
destination Port see Stumble the flag said the check sums, you can basically check
everything about a packet because this is
a packet analyzer and a packet sniffer. Now, you'll see some detail information
about the back of that.

I'll be selected. So I'm going to select so
the selected this TCP IP packet. We see that in the middle frame
and says frame 290. It means that it has
a 298 lat packet and the packet that was capture 66 bites and we
grabbed 66 Bisons 528 bit later. So you what do you see
out here was source and the destination In
Mac address of the layer to layer address and then you can see
the IP address of both source and destination and says it's
a TCP packet gives us a source Port destination port and we can start drilling down
into different bits of the packet and you can see when I select a particular
section of the packet down at the very bottom you can see what's actually a hex dump of the packet and on the right
hand side is the a sky. So this is the hex hex dump and is the a sky that
you're looking at. What's really cool
about varsha gate is it really pulls the packet
into it's different layers that we have. Spoken about the different
layers of the OSI and the TCP IP model and the packets are put
into different layers and there's a couple
of different models that we can talk about with that but were shocked
does really nicely.

Is it demonstrate
those layers for us as we can see here. It is actually four layers and in this particular packet
here we can also do something. So I've got
a Google web request. So what I want to do here is
I want to filter based on HTTP, so I find a filter. So let's see
if we can do an http. And what I see here
is says text input and it's going to get an image. That's a PNG image. And this is a request
to get the icon that's going to be displayed
in the address bar. So you also see something
called our pouch here, which I'll be talking
about very soon.

So let's just filtering
be done now in the web browser. It's a favicon dot Ico
that can do here. I can select analyze
and follow TCP streams. You can see all
the requests related to this particular request and it breaks them
down very nicely. You can see we've sent
some requests to Spotify because I've been using
spotify you actually listen to some music then you
can see all sorts of stuff. Like this was something
to some not found place. So let's just take
the Spotify one and you can see that we get a bunch of information from
the Spotify thing. At least you can see
the destination The Source, it's an Intel core machine. So the first part of the MAC address the first
few digits is lets you tell if it's what what is vendor ID
so Intel has its own member ID. So F 496 probably tells us
that it's that's an Intel Core. So why shock does this
really neat little thing that it also tells us
from the MAC address what type of machine you're
sending your packets to from the back address itself.

So it's coming
from Sophos foresee and going to an Intel Core
in the type is ipv4. So that was all about Bioshock. You can use it extraneously
for packet sniffing and pack analysis. Packet analysis come very handy when you're trying
to actually figure out how to do some stuff
like IDs evasion where you want to craft
your own packets and you want to analyze packets that are going into the IDS
system to see which packets are actually getting detected
its as some intrusion so you can craft your bucket
and a relative manner so that it doesn't get actually
detected by the idea system.

So this is a very Nifty little
tool will be talking about how you can craft your own
packets just a little while, but for now, Now,
let's move ahead. Okay. So now that we're done with
our small little introduction and a brief views
on history of our shop. Now, let's move on
to our next topic for the video. That is DHCP. Okay. So DHCP is a protocol and it stands for dynamic
host configuration protocol. So DHCP is a network
management protocol used to dynamically assign
an Internet Protocol address to any device on the network so they can communicate
using IP now DHCP. Means and centrally manages these configurations
rather than requiring some network administrator to
manually assigned IP addresses to all the network devices. So DHCP can be implemented on small or small local networks
as well as large Enterprises. Now DHCP will assign new
IP addresses in each location when devices are moved
from place to place which means Network
administrators do not have to manually initially
configure each device with a valid IP address.

So if device This is
a new IP address is moved to a new location
of the network. It doesn't need any sort
of reconfiguration. So versions of DHCP
are available for use in Internet Protocol version
4 and Internet Protocol version 6 now as you see on your screen
is a very simplistic diagram on how DHCP works. So let me just run
you down DHCP runs at the application layer of the TCP IP protocol stack to dynamically assign
IP addresses to DHCP clients and to allocate
TCP IP configuration information to It's TB clients.

This includes subnet mask
information default gateways IP addresses domain name
systems and addresses. So DHCP is a client-server
protocol in which servers managed full of unique IP addresses as well as information about
line configuration parameters and assign addresses
out of those address pools now DHCP enabled clients send
a request the DHCP server, whenever they connect
to a network the clients configure with DHCP broadcasts
a request the DHCP server and the request Network. In information for local network
to which they are attached a client typically
broadcasts a query for this information immediately after booting up
the DHCP server response to the client requests by providing IP configuration
information previously specified by a network administrator.

Now this includes
a specific IP address as well as for the time period also called Lee's for which
the allocation is valid when refreshing an assignment a DHCP client request
the same parameters the DHCP server May assign
the new IP address based on the You said by
the administrator now a DHCP server manages a record of all the IP addresses it
allocates to networks nodes. If a node is we are located
in the network the server identifies it using its media
Access Control address now which prevents accidental
configuring multiple devices with the same IP address now
the sap is not routable protocol nor is it a secure one DHCP is limited to a specific
local area network, which means a
single DHCP server. A pearl an is adequate now
larger networks may have a wide area network containing multiple
individual locations depending on the connections
between these points and the number of clients
in each location.

Multiple. DHCP servers can
be set up to handle the distribution of addresses. Now if Network administrators
want a DHCP server to provide addressing to multiple subnets
on and given Network. They must configure
DHCP relay Services located on interconnecting routers that DHCP request
to have to cross these agents relay messages. Between DHCP client and servers dscp also lacks
any built-in mechanism that would allow clients
and servers to authenticate each other both are vulnerable
to deception and to attack where row clients can exhaust
a DHCP servers pool.

Okay. So let's move on
to our next topic and that is why use DHCP. So I just told you that DHCP don't really have
any sort of authentication so it can be
folded really easily. So what are the advantages
of using DHCP so The sap offers quite
a lot of advantages firstly is IP address management
a primary advantage of dscp is easier management
of IP addresses in a network with the DHCP.

You must manually
assign IP address, you must be careful
to assign unique IP addresses to each client and the configure
each client individually the client moves
to a different network. You must make model
modifications for that client. Now when DHCP is enabled the DHCP server manages
the assigning of IP addresses without the administrators
intervention clients. And move to other subnets without panel
country configuration because they obtained from a DHCP server
new client information appropriate for the new network
now apart from that you can say that the hcp also provides a centralized
Network client configuration. It has support
for boot TP clients. It supports of local clients
and remote clients. It supports Network booting and also it has a support
for a large Network and not only for sure
like small-scale networks, but for larger Works as well. So that way you see DHCP has
a wide array of advantages even though it doesn't really
have some authentication. So because of these advantages
DHCP finds widespread use in a lot of organizations. Okay, so that winds
up DHCP for us. So let us go into the history
of cryptography now. So let me give you
a brief history of cryptography now cryptography actually goes back several
thousand years before shortly after people began to find ways
to communicate there are some of Who were finding ways
to make the understanding of that communication difficult so that other people
couldn't understand what was going on.

And this led to the development
of Caesar Cipher that was developed
by Julius Caesar and it's a simple
rotation Cipher and by that, I mean that you rotate a portion of the key in order
to generate the algorithm. So here's an example. We've got two rows
of letters and that are alphabetical in order and means we basically wrecking
the alphabets down and the second row
is shifted by three. Letters so Abby is a z actually because if you move that way B
is a z from the first row gets shifted back the second row and then the letter
D becomes letter C the there's that's an example
of how encryption works.

So if you try to encrypt
a word like hello, it would look completely
gibberish after it came out of the algorithm. So if you count the Letters
Out you can see that letter H can be translated
to little a letter L. So that's a Caesar Cipher. Now you must Little things
like rot13 which means that you rotate the 13 letters
instead of three letters. That's what we
can do here again, and this is just
a simple rotation Cipher ourseives the cipher that's what of course the rod stands
for its rotate or rotation. Now coming forward
couple thousand years. We have the Enigma Cipher now, it's important to note
that the Enigma is not the word given to this particular Cipher
by the people who developed it.

It's actually the word
given to it by the people who were trying to crack
it the Enigma Cipher is a German Cipher, they develop this
Cipher and machine that was capable of encrypting
and decrypting messages. So they could messages to and from different
battlefields and waterfronts, which is similar
to the Caesar Cipher sees a use it to communicate
with his Butterfield generals and the same thing. We're with the Germans. You've got to get messages
from headquarter down to where the people
are actually fighting and you don't want
it to get intercepted in between by the enemy. So therefore you use encryption and lots of energy
was spent by the allies and in particular the British
trying to decrypt the messages. One of the first instances that we are aware of where machine was used
to do the actual encryption and we're going to come ahead
a few decades now into the 1970s where it was felt that there was a need for
a digital encryption standard.

Now the National
Institute of Standards and technology is responsible
for that sort of thing. So they put out a proposal for
this digital encryption standard and an encryption algorithm. What ended up happening
was IBM came up with this encryption algorithm that was based
on the Lucifer Cipher that it was one of their people
had been working on on a couple of years previously in 1974 and they put
this proposal together based on the Lucifer Cipher and in 1977 that proposal for an encryption
algorithm was the one that was chosen to be
the digital encryption standard. And so that came
to be known as Des over time and it became apparent that there was a problem with this and that was it
only had a 56 bit key size and while in the 1970s that was considered
adequate to defend against brute forcing
and breaking of course.

By 1990s. It was no longer considered
adequate and there was a need for something more and it
took time to develop something that would last long
for some long period of time and so in the meantime
a stopgap has developed and this stopgap is what we call the triple Des. The reason it's called
triple Des is you apply the Des algorithm
three times in different ways and you use three different keys
in order to do that. So here's how triple Des Works
your first 56 bit key is used to encrypt the plain text just like you would do with the standard
digital encryption standard algorithm but changes
and you take that Cipher text that's returned from
the first round of encryption and you apply the decryption
algorithm to the cipher text.

However, the key
thing to note is that you don't use the key
that you use to encrypt you. Don't use the first
key to decrypt because otherwise you'll get
the plain text back. So what you do is
you use a second key with the decryption algorithm against the cipher text
from the first round. So now you've got
some Cipher text that has been encrypted
with one key and decrypt it with Second key and we take
the cipher text from that and we apply a turkey using
the encryption portion of the algorithm to
that Cipher encryption portion of the algorithm
to that ciphertext to receive a whole new set of ciphertext
obviously to do the decryption. You do the third key and decrypt it with
the second key you encrypt it. And then with the first
key you decrypt it.

And so you do reverse order and the reverse algorithm at
each step to apply triple Des. So we get an effective key size
of about one sixty eight bits, but it's still only
X bits at a time. Now I said triple Des
was only a stopgap. What we were really looking for was Advanced encryption
standard once again and niste requested proposals so that they could replace
the digital encryption standard in 2001 after several thousands
of looking for algorithms and looking them
over getting them evaluated and getting them looked
into this selected an algorithm and it was put together by
a couple of mathematicians. The algorithm was called rijndael and that became the
advanced encryption standard. Or AES, it's one
of the most advantages of AES is it supports
multiple key lens currently what you'll typically see is as we are using 128-bit keys.

However, AES supports
up to 256 bit key. So if we get the point where 128-bit isn't enough
we can move all the way up to 256 bits of keying material. So cryptography has
a really long history. Currently. We are in a state where we have a reasonably stable
encryption standard and AES, but the history
of cryptography shows that with Every set of encryption eventually
people find a way to crack it. Okay. So that was a brief
history of cryptography. Now. What I want to do
is let's go over and talk about a yes
triple des and Des in themselves because they are
some really key cryptography key moments in history because there's some really
key historic moments in the history of cryptography.

Now, we're going to talk about the different types
of cryptography key ciphers and primarily we're going to be talking about
this triple des and AES now. This is the digital
encryption standard. It was developed by
IBM in the 1970s. And originally it
was cryptography Cipher named Lucifer and after some modifications
IBM proposed it as digital encryption standard and it was selected by
the digital encryption standard ever since then
it's been known as dis. Now one thing that cost a little bit
of controversy was during the process of selection and it's a requested
some changes and it hasn't been particularly clear but changes
were requested by the NSA. There has been
some speculation that wondered if the NSA was requesting a back door into this
digital encryption standard which would allow them to look at encrypted messages
in the clear.

So basically it would
always give the NSA the ability to decrypt
DS encrypted messages. It remained the encryption
standard for the next couple of decades or so. So what is this and
how does it work? Basically? It uses 56-bit Keys rather
than the stream Cipher. It's a block Cipher and it uses
a 64-bit blocks and a 1998 – was effectively broken
when a desk If the message was cracked and three days a year
later a network of ten thousand systems around the world crack
the best encrypted message in less than a day and it's just gotten worse since then with modern
computing power being what it is since this was actually created we already have come
to the realization that we needed something else. So Along Came triple Des now triple DES isn't
three times the strength of desk necessarily it applies. There's just three times
and what I mean by that is is what we do is we take a plain
text message then let's call that P and we are going to use
a key called K 1 and we're going to use that key to encrypt
a message and use a key that will be will call K1 and we're going to use
that to encrypt the message and that's going to result
in the ciphertext and we will call the c 1 so c 1 the output of the first
round of encryption.

We're going to apply
a second key and we'll call that K2 with that second key and we're going to go
through a decryption process on see one since it's the wrong key. We're not going to get
plain text out on the And what we're going to get
is another round of ciphertext and we will call this c 2
what we do with c 2. We are going to apply a third
key and we will call this K 3 and we're going
to encrypt ciphertext c 2 and that's going to result
in another round the ciphertext and we will call that c 3. So we have 3 different Keys
applied in two different ways. So with Chi 1 and Chi 3 we
do a round of encryption and with key to we do
a round of decryption. So it's an encrypted Crypt
and crypt process with separate keys while
that doesn't really healed.

A full 168 bit key size
the three rounds of encryption yields an effective key size of
a hundred and sixty eight bits because you have
to find 356 bit keys. So speaking of that technical
detail for triple Des. We're still using the test block
Cipher with 56-bit keys. But since we've got
three different Keys, we get an effective length
of around 160 8. Bits triple Des was really
just a stopgap measure. We knew that if test
could be broken triple desk surely we broke in
with just some more time again. And so the nest was trying
to request a standard that was in 1999. And in 2001 this
published an algorithm that was called a s
so this algorithm that was originally called rijndael was
published by nist as advanced encryption standard
some technical specifications about a s is that the original drained
all album specified variable block sizes
and key lengths and as long as those lock sizes and key lengths were
multiples of 32 bits.

So 32 64 96, and so On you could use
those block sizes and key lens when a s was published a specified a fixed
128-bit block size and key length of 128 192 and 256 a yes
with three different key lengths but one block size and that's a little bit of detail
about desk triple des and AES. So when a s was published a specified fixed
128-bit block size and a key length
of 128 192 and 256 bits. So we've got with a S3
different key lens, but one block size. And that was a little bit of detail about this triple des
and AES will use some of these and doing some Hands-On work
and the subsequent part of this video. Okay. So now that I've given
you a brief history of how we have reached
to the encryption standards that we're following today.

That is the advanced
encryption standard. Let's go ahead and talk a little bit more
about this triple des and AES. So this is a digital
encryption standard. It was developed by IBM
in the 1970s and originally it it was a cryptographer
xi4 named Lucifer and after some modifications
IBM proposed it as the digital encryption standard. It was selected to be
the digital encryption standard and ever since then
it's been known as Tes or deaths one thing that caused a little bit
of controversy was during the process of selection
the NSA requested some changes and it hasn't been
particularly clear what changes were
requested by the NSA. There has been some sort
of speculation that wondered if the NSA was requesting
a back door into this. It'll encryption standard which would allow them to look
at encrypted messages in the clear. So basically it would
always give the NSA the ability to decrypt
this encrypted messages. It Remains the encryption
standard for the next couple of decades or so. And what is this and
how does it work now tests Remain the digital
standard for encryption for the next couple of decades.

So what does it do
and how does it work? So basically it uses a 56 bit key rather
than a stream Cipher. It's a block Cipher and it
uses 64-bit blocks and in 1998, if you know there's
was effectively broken when a des encrypted message
was cracked in three days and then a year later
a network of 10,000 systems around the world crack
the Des encrypted message unless and a day and it's just gotten worse since then with modern Computing
being what it is today. Now since this was created and broken we knew
we needed something and what came in between
Advanced encryption standards and this is triple
Des now triple Des is Three times the strength
of this necessarily it's really there's applied three times and what I mean by that is
we take a plain text message, then let's call that P and we are going
to use a key called K 1 and we're going to use
that key to encrypt the message and that's going to result
in the ciphertext one.

So we'll call that C1
now c 1 is the output of the first round of encryption and we're going to apply
a second key called key to and with that second piggy. We are going to go through
a decryption process on C1 now since it's the wrong key we are. Not going to get the plain text
out of the decryption process on the other end. We are going to get
another round of ciphertext and we're going to call
that c 2 now with c 2. We are going to apply
a third key and we are going to call that K 3 and we're going
to encrypt ciphertext c 2 and that's going to result
in ciphertext C 3 so we have 3 different Keys
applied in two different ways.

So what Chi 1 Chi 3 we do around
of encryption with key to we do around a decryption. So it's basically an unencrypted
decrypt encrypted process with three separate keys, but It does really is
it doesn't really healed a 168 bit key size because ineffectiveness it's
basically 256-bit keys that are being used to race it whether it be
three different keys. So ineffectiveness, you could say
that it's the 168 bit key, but it is not the same strength
because people realize that triple Des
can be easily broken because if this is broken, you can do the same thing
with three different ways whether whatever key
that you use so it just takes longer time.

To decrypt if you
don't know the tree and if you are just using
a Brute Force attack, you know that triple
Des can be broken if this can be broken. So triple Des was literally
a stop gap between Des and AES because people knew that we needed something
more than triple des and for this the NISD or the National
Institute of Standards and technology in 2001. They chose a s as the algorithm that is now called
Advanced encryption algorithm. So it was originally called
the rijndael algorithm. And the main thing
about the rijndael algorithm and advanced encryption
standard algorithm. Is that the rijndael algorithm specifically
States in its papers that it has available block size and available key size
as long as they are in multiples of 32. So 32 6496 like that. But what AES does differently is that it gives you one block size that is 128 bits and gives
you three different key sizes that is 128 192 and 256. So with AES three
different key lens, but one block size.

Okay, so that was a little bit
more information on a yes this and triple des and we are going
to be using this information in some subsequent lessons
Okay now moving on. Okay. So now that we've discussed
the different history of cryptography and more important
cryptography algorithms. Let's discuss the different
types of cryptography. Now, the first type of
cryptography I'm going to talk about is symmetric cryptography
and by symmetric cryptography, I mean Key is the same
for encrypting or decrypting. So I use the same key whether I am encrypting the data
or decrypting data. Well things about symmetric
key cryptography is that the use a shorter
key length then for asymmetric cryptography, which I'll get into
a couple of minutes. It's also faster
than a symmetric and you can use algorithms
like d EAS or a s as those are both symmetric
key cryptography algorithms and you can use a utility
like a a script. Let me just demonstrate how a symmetric key
cryptography works. So for this we can use
a tool called a a script.

So in a a script is
actually available for Linux and Windows and Mac
all the systems. So I'm using it on the Windows one and I'm using
the console version. So first of all, I have a text file
called text or txt. So let me just show that to you. So we as you guys can see I have this thing called text
up txt now to do text or txt. All I let me just show
what x dot txt contains. So as you guys can see
it has a sentence. The quick brown fox jumped
over the lazy dog. So that's the sentence that has all the alphabets
in the English language rather. So now we are going
to try and encrypt it so we can use
something like a SIDS because both of them are symmetric key ciphers
symmetric key algorithms rather. So we are using AES
in this case. So what we're going
to do is say s script I'm going to encrypt it and we're going to give
you the password of let's say Pokemon.

We're going to call it
Pokémon and regarding do Do text Dot txt. We're gonna encrypt that file. So now we have
encrypted that file. Let's go see we must
be having a new file. So this is called text
or txt that a yes. So that is our encrypted file. And this is what we would
generally send over the network if we are sending it to anybody. So let's assume
the person who's received. It also knows
our encryption algorithm. I mean encryption
algorithm and the key that goes along with it. So let's try to decrypt it
now now before I decrypted, let me just show you What
an encrypted message looks like so this is what the ciphertext look
like a snow text Dot txt. The AES. So yeah, as you guys can see
the windows control control you she'd everything but if I were to go here I
will just go into the file and just ever notepad
plus plus you'll see that it's a bunch of crap.

You really can't make out
anything what is being made? Here we come. Really decipher much. So that's the point
of using encryption. Now if you were to decrypted, all you have to do is
a script we turned the crib. We're trying to give
the password is going to be what was the password
Pokémon I'll K so and we're going to try
and create text txt. The AES. Let's dir that again. Okay, so that just the crypts
are message for us. So this is how you would use a script
for encryption and decryption. So that just
description and that's how you would use symmetric key
encryption to encrypt a file for this example symmetric key uses the either a stream
Cipher or a block Cipher and the differences
between stream or block ciphers.

Is that block takes a block
of bits at a time and it's a fixed length. For example 64 bits if I were to use
a block Cipher with 64 bits, I would need to take him 64 bits before I could
start encrypting now if I didn't have 64 bits to encrypt I would have
to fill it with padding in order to get
up to 64 bits a stream Cipher on the Other hand it will encrypt a bit at a time. So it doesn't matter
how many bits you've got. You don't need
to have some multiple of the block length in order
to encrypt without padding. And another type of cryptography
is a symmetric now asymmetric as you would expect users
to different keys. And that's where we have
public key and private key a symmetric key cryptography
uses a longer Keelan and also has more computation and the encryption
process is slower with a symmetric key encryption and the encryption process is slower than with
a symmetric key encryption while the For symmetric key is
for signing documents or emails for example, but I would have
the private key sign something and the public key would be used
to verify a signature and another reason for using a symmetric key
encryption is to ensure that you got it from
who actually sent it since you've got two keys.

You always knew who
the other end of the equation is where it's symmetric
key senses just one key. If you can intercept
the key you can decrypt and also encrypt messages. And so if somebody can figure
out the key you can break into a communication
stream using symmetric. Turkey and scription
so asymmetric gives you the advantage of ensuring that the other end is who
the other end says and they are since they're the only ones
who should have the private key and in this particular
instance in practice. However, however hybrid
encryption models tend to be used and that's where you would use a symmetric encryption to
encrypt asymmetric session keys. So basically you
encrypt the message that you are sending using
symmetric key encryption and then you when Changing the key with somebody else you use
a symmetric key encryption. So this is going to be
a slower process. You probably won't want
to use it for a smaller files in order to do that. Fortunately the file example
that I have is a smaller one.

So I'm going to try
and generate a key right now. So for this we have to head over
to our Ubuntu system. So let's see. Let me show you how public
key encryption actually works and we are going
to first create a key. So let me just clear
this out for you. First of all. Let's create a file and
let's call that text Dot txt. Now. If you see we are going to edit
text or txt to have some file. So have some text in it. So there seems to be
a warning with the GDK. I'll just use Echo instead. So now let's see
if that is in our file. Okay. So let me just show you
how a symmetric key encryption or public key
cryptography works. So first of all,
we need a text file. So let me see do we
have a text file? So there seems to be
a text Dot txt. So let's see what
this text Dot txt says so it says that this is
a random text file.

Now, what we want to do is we want to create
a public key first, so I'm going to use
openssl for doing this. This so we go openssl and we are going to use it with our say so we're trying
to generate a key. So generous e and we're going
to use this tree to use this and we're going to Output it
into file called private key. So we are also going
to be using a 4 0 9 6 bit. So this is going
to be our private key. So this will create a private
key using RSA algorithm. So let it work its way out. So first of all, it's asking me
for the past three days now, so since You can protect
your keys with the passphrase. So I'm just going
to use my name. Okay. So now we see if we LS and we have
a private key, I guess. Yep. So we have this private key. Now. We're using this private key.

We are going to generate
a public key. So for this I'm again
going to be using open SSL and open SSL is unix-based. So you will need a Unix system. So you go are say utl. That's RC utility. And what we want
to do is encrypt and we want the public key in and key and we want
to use the public key that we just generated. I'm sorry guys. So we are going
to be using Odyssey. So first of all, we need to generate
a public key. So for that we use
the private key. So we will give the private
key as an argument after the in flag. So private key and we are trying
to get out a public key. So pop out and we're going
to call public dot key. Okay, so there seems to be Okay. I messed it up a little I
forgot to give the output so you go out and then
you use public key.

So it's asking me
for a passphrase and now it's writing
the are sticky and since the password was correct. We have a public key to so if you see now we have
a public key and a private key. So we are going to encrypt
our file using the public key. So we go openssl
and we go RS a utl. And we go and crypt
and we can do pump in. So we are going
to use the public key and we want to put
the text at the XT as the file to be encrypted. So text Dot txt. And what we want to Output
is an encrypted file. So encrypted Dot txt. Okay, I call it open SL L
need to go and edit that out. Yeah, so that makes
it a correct command and now we have
an encrypted file. So let's see Alice and yep
encrypted dot txt. So if you just cut that out, so we see it's
a bunch of garbage and we really can't read it unless we decrypt it so
or decrypting the key.

All we have to do
is again use openssl. Let's clear this out
first so openssl. And we are going to be using
the RC utility again. So RSA utl. We're going to
decrypt this time. So we go with the decrypt flag and then we are going
to be giving the inky and that is going
to be the private key and what we want to decrypt
is encrypted the txt. And what we want output it is
as let's say plain text txt. So it's going to ask me
for my past rays, which is mine. Name and I've entered
the passphrase and now we have a plain text Dot txt. Now. If we are to go and LS we see that we have a plain
text txt out here just with light info dot txt.

Let me just cut that out. So plain text D XD. So this is a random text file. And if you go up we see that it was a bunch
of garbage and before that. It was a random text file. Now, you can also run
this command called if plain text Dot Txt text txt. So this give you a difference
in the text rings. So it's zero so it gives you
that's the difference. So both files are the same and that's how public
key cryptography works and how symmetric
key cryptography works. Okay. Now moving ahead
of cryptography. Let's talk about certificates. Okay. So now that we're done
with cryptography. Let's talk about
digital certificates. So what is
a digital certificate? Well, a digital certificate
is an electronic password that allows a person
or can ization to exchange data securely over the internet
using public key infrastructure.

So digital certificate is also known as
a public key certificate or an identity certificate now
digital certificates are a means by which consumers and businesses can utilize
the Security application of public key
infrastructure public key infrastructure comprises
of the technology to enable and secure e-commerce and
internet based communication. So what kind of security does
a certificate provide so firstly it provides identification and Authentication Asian
the person or entities with whom we are communicating
I really who they say they are so that is
proved by certificates. So then we have confidentiality
of information within a message or transaction is
kept confidential.

It may only be read and understood by
the intended sender. Then there's Integrity
there's non-repudiation the center cannot deny
sending the message or transaction the receiver
really get to non-repudiation and I'll explain how non-repudiation comes
into digital certificates. So digital certificates
are actually issued by By authorities
who are business who make it their business to
actually certify certify people and their organization
with digital certificates. Now, you can see these
on Google Chrome now, let me just open
Chrome for you guys and you can see it out here. You can see certificates and you can go into the issue
of statements and you can go and all sorts of stuff so you can see it's issued
by encrypt Authority X3.

So that's an issuing authority
for digital certificates. Now that was all about
the theory of certificates. Let's go and see
how you can create one. Go to create
a digital certificate. We are going to be using
the openssl tool again. So first of all, let me show you
how to create a certificate. So we are going to be using
the openssl tool for that. So first of all,
let me clear the screen out. So in this case, I'm going
to generate a certificate Authority certificate. So I'm doing an artistic
key here to use inside the certificate. So first of all, I need to generate
a private key. So to do that as I had just showed you guys we can use
the openssl tool ego openssl and Jen are say and we're going to use test three then
Ouches and let's call it c a DOT key and we're
going to use 4 0 9 6 this so I'm doing
an RSA key here to use inside the certificate
some generating private key and the private key is used as
a part of the certificate and there's a public key
associated with the certificate.

So you've got public and private key and data gets encrypted
with the public key and then gets decrypted
with the private key. So they are mathematically
linked that the public and private key because you need one for the end
of the communication the and the other for the the other
end of the communication and they have to be linked
so that the data that gets encrypted with one key catch
to be decrypted with other key. So this is asking
for a passphrase and so I'm going to be giving my name as a passphrase so that
has generated the key for us. So now I'm going to generate
the certificate itself. So I'm going to be using
the openssl utility. So first of all,
you say openssl nice a request, so it will be a new request and it's going to be
An x.509 request it's going to be valid for 365 days. And let's see the key
is going to be see a DOT key and we're going
to Output it into CA or let's call it at Eureka dot c r t so this is certificate
that I'm producing in the name of the company that
I'm working for.

So that is at Eureka. So it says it's unable
to load the private key. Let me just see
as the private key existing. I had a previous. Private key. So let me just remove that doesn't have
a see a DOT key seems like I put the name differently. So let me just try
that again openssl and we do request so we are requesting new certificate and
it's going to be x509 and it's going to be there
for 365 days and key is He apparently that's
where it's cold out here.

So and it's going to be out
into Eddie record CRT. That's another so
let's enter the past three. So it's my name. So now it's going to ask
me a bunch of information that's going to be
inside the certificate. So let's say it's asking
the country name against let's put in the state. Okay. So iin State Province
named some states. So Bangalore look ality. Let's say white Field
organization name is Eddie. Rekha unit name brain
Force common name. Let's leave that
out email address. Let's leave that out too,
and we have a certificate. So if you go and list
all your files, you'll see that there is
a certificate called any record or CRT out here, which is highlighted.

Okay. So now if you want
to view this file, you could always use the openssl
you can always use the openssl. Utility, so you say you want to
read an extra five nine request and you wanted to text and what you want
to see is at Eureka CRT. Okay, so that
is the certificate. So you see that it has all the signature
it has signature algorithm. It has all the information
about the certificate and it says signature issuer is
cin and state Bangalore and location right field. I wreck up reinforce velocity. It has all sorts of information. Nation so that was all about digital certificates how
who issues digital certificates? Where are they useful? So this is
basically non-repudiation. So nobody can say
with this certificate that if this certificate is included
in some sort of website and that website tends
to be samples malicious and there's a complaint
now the website can go to a court of law and say
they didn't know about this because the certificate that was included had
their private key and private key was only supposed
to be known to the company so that Non-repudiation
you just don't deny that you didn't do it.

Okay, so that was all
about certificate not moving on. Okay. So moving on we're
going to be talking about cryptography caching. And while the word
cryptography is in the term cryptography caching
and it does lead to believe that there is encryption Vault. There is no encryption involved
in a cryptographic hash. There is a significant
difference between hashing and any sort of encryption
and that is primarily that encryption is
a two-way process when I encrypt a piece of data
or a file or anything else. So what I'm doing
is putting it into a state where I expect it to be able
to get it back out again, in other words when I interrupt a file
expect it to be able to decrypt the file and get the original contents hashing is a one-way function
on the other hand.

Once I've hashed piece of data
or file there is no expectation and ability to get
the original piece of data back hashing
generates a fixed length value and different types of hashing will generate
different length values. For example, md5 will generate
a different length value than sha-1 And they're
both hashing algorithms, but they generate
different length values and the resulting value
from a hash function should be no relation at all
to the original piece of data. As a matter of fact, if two inputs generate
the same hash value it's called the collision and
if you can generate collisions, you may be able to get a point where you can generate
a piece of data that are going to generate
the same hash values and that leads you to
the potential ability to break the particular hashing algorithm that you're using. So what we can use hash is for well one thing we can use
hashes for file in text.

T we can run a hash on a file and get
a value back and later. We can check that the value make sure
if it's the same if it's the same I can be sure that the same file was hashed
in both instances. So let me just show you
an example of what I just said that if we Hash
a file we will get the same hash every time so
remember the certificate that we just created. Let me just log in again. So we are going to Hash this certificate and it
will create a certain hash and we are going to see that every time
we hash it we are. Being the same hash so we can use this command
called md5sum and we can do Eddie record or CRT. So this is the harsh produced after you've hatched
at your record or CRT. So if I do an md5 again, so md5 is a hashing algorithm that you should move so
at your record or CRT and it will produce very similar has let's see
a sha-1 works like this.

So sha-1 and you record or CRT? Okay, Xiao Chuan is sha the shuffle
in the shower you tools back? Courage. Okay, so I proved
my point that but md5 if it is cryptography
hashing algorithm. We are getting
the same hash back. So if you are able
to produce the same hash that means you have broken
the algorithm in itself. So if you run md5 on the knocks, you can get a version
of md5 and md5 summation program on Windows and Mac OS where with the utility
md5 is does the same thing. So I just showed you
the file and I hashed it and another reason we use
hashing is we are storing passwords so password.

Stored after hashing,
we hashed passwords. And the reason
for hashing password is so you're not storing
the password in clear text which would be easily seen in if you got it protected
with low emissions if I hashed password
every time I hash the password, I'm going to get the same value
back from the same algorithm. So what I do is store
the hash and some sort of password database
since it's a one-way function. You can't get the password
back directly from the hash. Now what you can do
with most password cracking programs do
some variation of this and you just generate hashes
against list of words. If you look at a hash value that matches the one
in the password once you get the hash that matches the one
in the password, you know, what password is there and here and we come back
to the idea of collisions if I can take
two different strings of characters and get
the same values back and it's easier
to crack the password because I mean not necessarily
get the password with the hash that I get back from particular
string of data is the same as that I get from
the original password, then it doesn't matter
whether I know the password because the string of data that I put in is going
to generate the same hash value that you're going to compare
when Login and this hash value will just give you that as valid and you
will be able to login.

So suppose the password
that you chose while making your account is dog and the dog word
produces this hash value and if I were to like hash cat with the same algorithm
and if the other than was prone to collisions, it might produce
the same hash value as dog. So with the password cat I
could open up your password. I mean I could open
up your account.

So that was all
about hashing and hashing. Rhythms, let's move on. Okay. So in this part of the video, we are going to go
over SSL and TLS or SSL and TLS are ways
of doing encryption and they were developed
in order to do encryption between websites web servers
and clients or browsers. SSL was originally developed by
a company called Netscape and if you don't remember
Netscape eventually spun off their source code
and became Mozilla project where we get Firefox from so back in 1995 Netscape
released version 2 of SSL, and there was a version one,
but nothing was Done with it. So we got the version 2 of SSL
and that was used for encryption of web transmission
between the server and the browser
to do a whole number of flaws between the server and the browser now
SSL version 2 had a whole number of flaws and SSL to has
the type of flowers that can lead to decryption
of messages without actually having the correct keys and not being
the right endpoints and so Netscape released
SSL version 3 in 1996.

And so we get SSL
3.0 which is better than 2.0 but it still hurts. Some issues and so
in 1999 we ended up with TLS now SSL is secure socket layer and TLS is
transport layer security. They both accomplished
the same sort of thing and they're designed
for primarily doing encryption between web server
and web browsers because we want to be able
to encrypt the type of traffic. So let me show you what kind
of traffic looks like. So first of all, let me open bar shop
and out here. I already have a TLS scan
ready for you guys that you can see we have
all sorts of TLS data so you can see that here's my source
and it's 32 and destination is sound 6 1 2. 4050 9.46 doing
a client key exchange and the chain Cipher suspect
and Krypton handshake message and then we start
getting application data. So there are some other
steps involved here and you're not seeing all of it with this particular
Wireshark capture because again, you know, we get fragmented packets and at some point it
starts getting encrypted and you can see it anyways because wash out without having the key
can decrypt those messages but one ends up happening is the client sends a hello and the silver is
Ponce with a Hello and they end up exchanging
information as part of that now including
version numbers supported and you get random number and the clients going to send
out a number of surface suits that may want support and order
and it can support the server and it's going to pick
from those sweet of ciphers.

Now, then we start doing
the key exchange and then do the change Cipher spect
and from the client and server and eventually the server
just sends a finished message and at the point we've got this encrypted
communication going on, but there's this handshake that Zone between the two
systems and there's a number of different types
of handshakes depending on the type of end points that you've got. But that's the type
of communication that goes on between servers and the client
one important thing about using SSL and TLS is as I mentioned some
of the earlier versions had vulnerabilities in them
and you want to make sure that the server's
aren't actually running those. So you want to run some scans
to figure out the type of calls and ciphers
that different systems you so for this we can use
something called SSL scan.

So this is available for Unix. Not really sure. If there is something that is similar
for Windows or Mac, but on Unix based system that is
Linux we can use SSL scan. So let me just show
you how to use that clear as far out. So what we can do is run
SSL scan again suppose www dot Ed u– record dotco. So we're doing Isis can hear against the website
and you can see it's going out and probing all
the different types of ciphers after you know on this system
start with SSL V3 and are going to TLS version 1 and we could force
as a substantive try to do an SSL V2. If I scroll back up here
I get the surface I Firs which is SSL version
3 it's using RSA and it's using RSA
for the asymmetric. Now in order to do
the key exchange and once we get the session key
up we're going to do use AES 256 and then we're going to use the secure hash algorithm
to do the message authentication or the Mac.

It's something calls the hmac for the hashed message
authentication code and what it does is simply
hashes the MAC address that you would check one side
against the other to make sure that the message
hasn't been fitted with in transmission. You can see here all
the different types of Cipher suits that are
available peers TLS running rc4 at 40 bits using md5. So that would be
a pretty vulnerable type of communication to use
and between the server and the client 40-bit
Cipher using rc4 is a low strength Cipher and we
would definitely Recommend that clients remove those
from the support of ciphers that they have on their server.

All that configuration
would be done at the web server as well as when you generated your key
and your certificates normally certificates would be handled
by a certificate Authority. Now, you can also
self-signed certificates and have those installed
in your web server in order to Communications
with your clients that the challenge with that is
browsers today warned when they see a certificate against
the certificate Authority that is entrusted of it and it
doesn't have any certificate. Aditi tall so
you'll get a warning in your browser indicating. There may be a problem
with your certificate if your clients
are Savvy enough and if the users are Savvy
enough you may be able to make use of these self
fine self-signed certificates and save yourself some money, but generally it's
not recommended simply because clients are starting
to get these bad certificates and when they run across one that's really a problem
a real Rogue certificate.

They're going to ignore
the certificate message in the browser
and just go to the sites that could have malicious
purposes in mind and may end up compromising the clients
or customers or users. That's SSL and TLS and how they work and negotiate
between servers and end points. Okay. So now that we've talked
about TLS and SSL. Let's talk about
disk encryption. Now this encryption
is actually something that was not really difficult to
do but sort of out of the reach of normal desktop computers
for a really long time.

Although there have long been
ways to encryption of files and to a lesser degree
maybe entire disks as we get faster processor
certainly encrypting the entire disks and being able to encrypt and decrypt on the fly
without affecting. Performance is something that certainly comes
with Within Reach and it's a feature that shows up in most modern
operating systems to one degree or another now these days
we are going to look at a couple of ways here
of doing disk encryption.

I want to tell you
about one of them first and it's not the one I can show I can't really show
the other one either. So with Microsoft their Windows system have
this program called BitLocker and BitLocker requires
either Windows Ultimate or Windows and price. I don't happen to have either version so I
can't really show it. You but I can tell you that BitLocker has ability
to entire disk encryption and they use a s for the encryption Cipher
and the thing about BitLocker is that they use a feature that comes with most modern
systems particularly laptops.

Lll strip in them that's called The Trusted
platform module or TPM. The TPM chip is part what it does is
it stores the keys that allows operating system to be able to access the disk
through this encryption and decryption process and they
use a pretty strong encryption Cipher which is a yes, but you have to have
one of the cup Well of different versions
of Windows in order to be able to use BitLocker and it's one of those things
you would normally run in an Enterprise. And so that's why they included
in on its Enterprise version. Now on the Mac OS side they have this thing called
file Vault and you see in the system preferences
on the security and privacy.

If you go to filevault you
can turn on filevault now I if you have the little button that they're says
Stone on file wall, then you can turn
on the file wall and it would ask you
about setting up keys and it works similar
to Those BitLocker now pgp happens to have the ability
to do disk encryption and you can see that in the case of this
you burned the system.

They've got a package called
gde Crypt which is a GUI that allows you to map and mount
a created encrypted volume so I could run G decrypt and put
help me set up the process of encrypting the volumes
have got on my system. Now this conscription
is a really good idea because when you are working with clients the data is
normally very sensitive.

So as I mentioned And you can always use things
like BitLocker and windows fault or other search software's
for disk encryption. So what I mentioned before
is now not only possible. It's very much a reality
with current operating systems. Now, let's talk about scanning now
scanning is refers to the use of computer networks
to gather information regarding computer systems and networks canning is mainly used to security
assessment system maintenance and also for performing
attacks by hackers. The purpose of network
scanning is as follows, it allows you
to Nice available UDP and TCP Network Services running
on a targeted host. It allows you to recognize
filtering systems between the users
and the targeted host.

It allows you to determine
the operating systems and used by assessing
the IP responses. Then it also allows you to evaluate the target
host TCP sequence numbers and predictability to determine
the sequence prediction attacks and the TCP spoofing now
Network scanning consists of Network Port scanning as well as vulnerability scanning
Network Port scanning refers to the method of sending
data packets via the network. Through computer system
specified Service Port this is to identify
the available Network Services on that particular system. This procedure is effective for
troubleshooting systems issues or for tightening the system
security vulnerability scanning is a method used to discover
known vulnerabilities of computing systems
available on network. It helps to detect
a specific weak spot in an application software
or the operating system, which could be used
to crash the system or compromise it
for undesired purposes.

Now Network Port scanning as
well as vulnerability scanning is an information. Rings technique, but when carried out
by Anonymous individuals are viewed as a pollutant
attack Network scanning process is like Port scans and pink stripes and return details about which IP address map
to active life hose and the type
of service they provide another Network scanning method
known as inverse mapping gathers details about IP addresses that do not map to Live host which helps an attacker to focus on feasible addresses
Network scanning is one of the three important methods
used by an attacker to gather information
during the footprint stage and the attacker makes a File of the target organization
this includes data such as organization's
domain name systems and email servers in additions
to its IP address range and during the scanning stays
the attacker discovers details about the specified IP addresses that could be accessed online
their system architecture their operating systems and services running
on every computer now during the enumeration stays at a collects data including
routing tables Network user and group names simple
Network management protocol data and so on.

So now let's talk About
intrusion detection evasion. So before we get
into IDs Salvation, let's talk about
what exactly is an IDs now an intrusion detection system
or IDs is a system that honor does Network traffic
for suspicious activity and issues alerts
when such activities discovered while anomaly detection and
Reporting is primary function some intrusion detection systems
are capable of taking actions when malicious activity
or anomalous traffic is detected including blocking traffic sent
from suspicious IP addresses, although intrusion detection
systems monitor Network for Ali malicious activity they
are also prone to false alarms or false positives consequently organizations need
to fine-tune their IDs product when they first install them that means properly configuring
their intrusion detection system to recognize
what normal traffic on the network looks like compared to potentially
malicious activity and intrusion prevention
system also monitors Network packets for potentially
damaging Network traffic, but we're an intrusion
detection system responds to potentially malicious traffic
by logging the traffic and issuing warning notification intrusion
prevention systems response to such By rejecting the
potentially malicious packets.

So there are different types
of intrusion detection system. So intrusion detection system
come in different flavors and detect suspicious activities
using different methods. So kind of intrusion detection is a network intrusion
detection systems that is nids is it deployed
at a strategic point or points within the network where it can monitor
inbound and outbound traffic to and from all the devices
on the network. Then there is host
intrusion detection system that is at IDs which runs on all computers
or devices in the network. With direct access
to both the internet and the Enterprise internal
Network SIDS have an advantage over any ideas in that they have may be able to
detect anomalous Network packets that originated from
inside the organization's or malicious traffic that nids has failed to detect hid s may also be able
to identify malicious traffic that originates from
the host itself as when the host has been
infected with malware and is attempting spread to other systems signature
based intrusion detection system monitors all packaged
traversing the network and compare them against database of
signatures or attributes.

I've known malicious threats
much like antivirus softwares. So now let's talk
about into IDs evasion. Okay. So now let's talk
about IDs evasion. Now IDs is
an intrusion detection system as we just spoke about
and instead it detect exactly the types of activities that
we are engaged in sometimes and sometimes you may be in
called in to work on a Target where activities are known and should be known
by The Operators or the operations people
involved in monitoring and managing the network
and the idea being not only do they want to assess
the technical controls that are in place, but they also want
to assess the operational procedures and ensure that the systems and processes
are working the way that they are supposed
to be working.

Now when you are engaged
with the Target that you are in full cooperation with you don't need to do
these types of vision tactics. All these techniques
may be actually avoided but if you are asked
to perform an assessment or a penetration on a Target where they are not supposed
to see your activities, then you need to know some different techniques
to evade detection from an IDs. So we're going to talk about
a couple of different things. That you can do. So one thing that you can do
is manipulate packaged to look a particular way.

Now for this there is
a tool called packets. So packet is a really good way
to actually manipulate traffic and by actually manipulating
the contents of a packet like you can specify
the destination and source. So it's a really useful tool to set up a package
look a particular way. One thing it can do is allow
you to spoof IP addresses so I could set
the source IP address here.

That was something completely
different from mine now from Using TCP or UDP? I'm not going to see
the response back. And in this case TCP. I'm not even going to get
the three weeks connection me because responses are going
to go back to the source IP. But what you can do is an additional two spoofing
you can set a particular ways that a packet may look like changing the type
of service or by changing the fragmentation of set or by
different flags settings at me allow you through an IDs
without maybe getting flagged and it may also allow
you to a firewall now it's a slim possibility
but it's a possibility.

Now. Another thing you
can do is use packets to generate a A lot
of really bogus data and what you might do is hide
in the noise generated by packet so you can could create
some really bogus packets that are sure to set
of ideas alarms and then you can run
some legitimate scans underneath and hopefully be able to get
some responses different from mine now
from using TCP or UDP. I'm not going to see
the response back. And in this case DCP, I'm not even going to get
the three weeks connection me because responses are going
to go back to the source IP.

But what you can do is an additional two spoofing
you can set up a particular ways that a packet may look like changing the type
of service or by changing the augmentation offset or by
different flag settings at me allow you through an IDs
without maybe getting flagged and it may also allow
you to a firewall now it's a slim possibility
but it's a possibility. Now. Another thing you can do is
use packet to generate a lot of really bogus data and what you might do is hide
in the noise generated by packet so you can could create
some really bogus packets that are sure to set
of ideas alarms and then you can run
some legitimate scans underneath and hopefully be able
to get some responses.

Kali Linux is the industry's
leading Linux distribution and penetration testing and ethical hacking
it offers tons and tons of hacking
and penetration tools and different kind
of software's by default. It is widely recognized
in all parts of the world even among window users
who may not even know what Linux has well
to be precise Kali Linux was developed by offensive
security as the rewrite of backtrack backtrack just
like Kali Linux was a lie. Linux distribution that focused on security it
was used for digital forensics and penetration testing purpose. But the question here is why
should you choose Kali Linux when you have other choices like
parrot security operating system back box black art
and many more out there. Let me list are few reasons as to why Kali Linux is
the best choice first and foremost it offers more than
600 penetration testing tools from different kind
of security fields and four and six secondly.

Kali Linux is customizable. So if you're not comfortable
with current Kali Linux tools or features or
graphical user interface, you can customize
Kali Linux the way you want. It is built
on a secure platform. The Kali Linux team
is actually made up of small group of individuals. Those are the only ones
who can commit packages and interact with repositories. All of which is done using
multiple secure protocols. So color Linux is definitely
a secure platform, although penetration
tools tend to be In an English colony includes
multilingual support this way more users can operate
in the native language and locate the tools that they need for the job that they are doing
on Kali Linux and lastly Kali Linux just like back truck is
completely free of charge on top of all this benefits Kali Linux offers different
installation options one way of installing Kali Linux is by making a collie
bootable USB drive.

This is the fastest way of installing Kali Linux
and the most favorable as Well, we will discuss why in a while. You can also install
Kali Linux using hard-disk installing Kali Linux on your computer using the hard
disk is a very easy process, but you should make sure that your computer has
compatible Hardware. You can also install Kali Linux
alongside your operating system. It could be Windows or Mac, but you should exercise caution
during setup process because it might mess up with your default
bios settings lastly. You can use different kind
of virtualization software. Just VMware or watch a box to install Kali Linux on
your preferred operating system. Well apart from all this you
can also set up Cal Linux on Advanced risc machines or a RM like Raspberry Pi
trim slice cube truck and many more.

So there you go guys. Now if you know what
color Linux is and why it is a leading Linux distro
for ethical hacking and penetration testing
in today's session. We will explore different ways
to install Kali Linux. Let's get started
then all Your I said that the fastest method for setting up Kali Linux is
to run it live from a USB drive. But why first of all,
it's non-destructive, it makes no changes
to the host systems hard drive or the operating system
that it is installed on. So once you remove USB your
operating system will return to its original state.

Secondly. It's portable. You can carry color index
in your pocket and can run it whenever you
want just in few minutes. It's customizable. You can create your own. Kali Linux ISO image and put it into USB drive using
a simple procedure which we will discuss
later and lastly. It's potentially persistent. You can configure your Kali Linux live USB drive
to have persistent storage so that the data you
can collect is saved and you can use it
across different reboots. Now. Let's see how to create
a bootable USB drive on Windows guys. Actually the process
is very simple. It's just a three step process. First of all,
you need to plug your USB. USB drive into an available
USB port on your Windows PC next you need to note down
the destination drive. It uses one set mounts. For example, it could be
F drive after that. You will have to download
and launch a software called win32 disk imager
on the software. You'll have to choose
color Linux ISO file that needs to be
matched and verify that the USB drive to be overwritten is
the correct one lastly.

Once the Imaging is complete. You need to safely
eject the USB drive from Windows machine. So, like I said,
it's very simple, right? Well, I'm not going to show
you a demo on this one because like I said, it's very easy, and I'm sure
you guys can pull it off. If you have any doubts. You can post them
in the comment session. We'll get back to you. And as for the demo part will
be doing for installations here. First of all, we'll see how to install
Kali Linux using VMware on Windows operating system.

Then we'll see how to install Kali Linux on Mac
using virtualbox moving on. We'll see how to install Kali Linux tools on
different Linux distributions. I'll A showing
how to install it on Ubuntu. Well, the procedure is same for
every other Linux distribution. So you can go ahead and use
the same procedure for the Linux distribution that you're using
and lastly we will see how to install Kali Linux on Windows 10 using
Windows subsystem for Linux. So, I hope it's clear that what we'll be learning
in the session. Let's get started with
the first demo in this demo. We'll see how to launch
Kali Linux using VMware. So guys you can install
Kali Linux using any virtualization software. It could be VMware
or virtualbox in this demo.

I'll show you
how to install it using VMware. So first of all, obviously we'll have
to install VMware light. So just type of VMware
and it's the first link that you find you can go
ahead and download VMware Workstation Pro you have it in the downloads. Here you can download
workstation player as well or you can download
VMware Workstation Pro now.

Once that is downloaded. You will have to download
a curl Linux ISO image so that you will have to go
for official Kali Linux website just type for Kali Linux and it's the first link you
can see downloads option here click on download and yeah, you can see different
download options here you have color Linux light
for 64-bit as well as 32 bit.

And then there is
Kali Linux 64-bit and 32-bit and you have Great images
for VMware and Wachtel boxes. Well suppose you want to skip
the entire lengthy procedure of installing it and you
want to just use the image, then you can go ahead and use
this color Linux 64-bit for VMware or virtual box same goes
for the 32-bit as well. But since we are focusing
on installing right now, let's just go ahead
and download ISO file and install it from
the beginning until last step. I have already downloaded it. So I have an ISO file
downloaded on my computer. So all you have to do is
just click on the torrent link. It will be downloaded.

Let's open VMware then so
as you can see, I have the embed workstation
Pro installed here. So I already have two about to
Virtual Machine installed on my VMware Workstation. As you can see on the home page
three different options. It says create
a new virtual machine or open a virtual machine
and connect to remote server. So if you want to
create a color index or any other washing machine
from step one, you can use this create
a new virtual machine option. Well, if you have an image of
and watch the machine already, and if you want to just
use it and avoid installation procedure. Then you can go
ahead and use this open a virtual machine option while just click on this
create a new virtual machine and click on next
as you can see here.

You have an option which says
installer disc image file. ISO file. You'll have to attach
your so click on browse. Let's see where I've stored
my color Linux as you can see. I already have it here
and there's one file here. Let me click on that and open so I don't bother
about this at all. It usually shows that
and then click on next year. So it's asking which operating system
will Be installed on this virtual machine. I wanted to be Line-X. So make sure you select
Linux 64-bit and click on next you have an option
to name your virtual machine. Let's say Kali Linux. And where do I want to store it in my documents under watching
machines color next sure and click on next. It says it already exists. Let me try this one. Then let's take our Linux one
and next Yeah, so basically Your Kali Linux
will need about a 20 GB.

Let's assign some 40 GB are
that's the maximum this size that you can a lot while you can a lot more
than that as well. But minimum it needs about 20 GB
and you have an option with Stay Store virtual disk as
a single file or multiple files. Let's just select store
virtual disk as a single file toward complications
and click on next here. So as you can see, you can review your virtual
machine settings here. You have an option to make
changes to the settings. You can make changes right now,
or you can do it later. It as well. Let's just go ahead
and make changes now. Click on the customize
Hardware option here. Well as for the memory
for this virtual machine, it totally depends on what you're using
virtual machine for if you're not using
it for heavy works.

Then you can assign
least amount of memory. Let's say I want
to assign about 2GB. There we go. And as for the processors number of processors 1 and the number
of core processors, you can choose as
many as you want. Let's say to this
will increase the performance of your virtual machine, so and again, Totally depends on whatever
you want to choose and yeah, we have already attached
the image network adapter you can set for not USB controller
and sound card. You can retain
the default settings. And as for the display click
on accelerated 3D Graphics sense what color Linux has
a graphical user interface and it says 768mb is
the recommended amount of memory that you can use for graphics. So let's go ahead and select
that and click on close. Well, you can actually
make all the settings after installing color index.

As well no problem there. Once you've done
that click on finish here, as you can see,
my color Linux image is ready. For installation. You have two options to power up as you can see you have
this option here. You can click on that to power
on this virtual machine, or you can go ahead
and click on this. Let me click on this. So once you click on that, you should be greeted
with this Kali boot screen as you can see,
there are a lot of options here.

We did discuss live
option earlier, right? So if you don't want any trace of Kali Linux
on your operating system, you can go ahead and use
live option here. You have live USB persistence mode and live
USB encrypted persistence as well suppose. You want to store some data
and save it for later the boots you can use
live persistent option here and most of the time
people get confused with this installing
graphical install. Just don't go ahead
and click on it. Style option do it only if you are well versed
with command line interface. So basically that install option
is for command line interface. So you will be greeted with Kali
Linux command line interface since if you're doing it if you're using Kali Linux
for the first time go ahead with graphical installed select
the graphical install and click enter.

So as you can see, it will start
mounting storage devices whole installation process
might take about 10 minutes. So it's prompting you to select a language so select
your preferred language, then you control location. Let's say English and click on enter
and it's asking you for the country location
just give United States and enter and I want
the keyboard to be configured with American English. You can choose
any native language. Like I said earlier it supports multilingual or it
supports Get the languages. So go ahead and choose it, but it might complicate the way
you use Khalil mix later. So you can always go ahead
and stick out with English only. Well, it doesn't matter. So as you can see
it's configuring the network. So it will detect the ISO file
and load installation component and then prompt you to enter
the hostname for your system while in this installation. Let's just enter Kali
and click on and off. You can give the name you want
and next it's asking you for the domain name suppose. You have set
up virtual machines.

Jeans, and if you want to give
all of them a domain name, you can assign
a domain name as well, but it's optional. Let's not give any domain name
here and click on enter. The next thing it does is it
will prompt you for the password that you'll have to enter every
time you launch your Kali Linux. So just give some password
of your choice. And click on continue. The best thing about callanetics
is you can set up date and time as well. You can make it
later as well, but you can choose it here. So just click on Eastern
of whichever choice you like and click on enter. So the installer will now prob your disk and offer you
four different choices, as you can see, it says guided use entire disk
guided use entire disk and setup lvm, which is logical volume
manager same thing, which is encrypted and manual.

So if you are an expert, if you already use
this color index before you can go ahead and select any of this three
options from the bottom. That's he'll be a more manual
or encrypted lvm. Otherwise, you can always go ahead and choose guided
use entire disk option here if you are a beginner and click on enter so This
is the disk partition. Where'd all the data will be
stored and click on continue. It's asking if you want
to stores all files in one partition, or if you want
to make partitions.

So depending on your needs, you can go ahead and choose
to keep all your files in single partition, which is default or you
have separate partition for one or more
of the top-level directories. Let's just choose
the first option and click on enter. So once you've done
that you'll have one last chance to review
our disk configuration. Once you're sure that you've given correct
details click on enter here. It's asking if the changes
that you make to Kali Linux should be written
to the disk or not.

So say yes. So we did start partition
and install the washing machine. It took a while but as you can see installation
is almost done. It's asking me to configure
the package manager. Well, if you select
no in the session, you will not be able
to install packages from Cali repositories later
and click on continue. So suppose if you want
to install other repositories or updates later on you
can always go and click on yes. Otherwise, it's always otherwise
you can go for know as well. Now it's going to configure
the package manager will install package manager and configure it then it
will install GRUB boot loader.

And it's asking if you want to install GRUB boot
loader to master boot record. Definitely. Yes so select. Yes and click on continue. So it's asking to select
the device manually. You can click
the select the device. So yeah, guys we're done here. So you can finally click on continue option to reboot
your new color installation. So as you can see the entire process took
about 10 to 11 minutes.

So yeah, let's go ahead
and click on continue here. It's gonna finish
the installation. So guys as you can see
the installation process from the step where we
select the language till the last step is same. It's just the medium on which
you are installing is different for example, right now. We use VMware later on. I'll show you
how to use virtualbox. But once you color Linux image
is ready to boot the rest of the installation process
is similar to this. So it's finished installing. It's loading the image. So if you have done everything right during
the installation process and according to
your needs your land up in this page use a name. So we've given
at this Scully right kli and password as you can see
it showing an error. It says the didn't work. Please try again. This is mostly
because if first time when you log in you should use word root as
your default username.

But later on once you have already logged
in you can change the username according to your need so root and password you can use
the same password which you set
during installation. In process so as you
can see login is successful and here I go my Kali
Linux is up and running so I can start using cullinan X
according to my needs. So once you've done that you can go ahead
and install VMware tools so that you can maximize it
full screen and all that stuff. You can also go ahead
and change the date and time settings. As you can see here can go
for the settings option here and do the settings and you can start using Color Linux for hacking and
penetration testing purposes.

So it's as easy as that guys. So please Please go
ahead and try installing it. Well, if you find any errors
during installation process, let us know
in the comment session. We'll get back to you
as soon as possible. Now. Let's move on
to our second demo. Now. We'll see how to launch Cullen X on Mac operating system using
virtualbox in the previous demo. We use VMware and now
we'll be using virtualbox. But actually I'm not using
any Mac system here operating system, but I'll show you
how to install using virtualbox.

The procedure is very similar. So all you have to do is
on your Mac operating system. Go ahead and click a
for Should box download. So this is the
virtualbox official page. You can go ahead and click
on downloads here. As you can see you have
different options here. It says windows for Windows operating system
OS X host line X and solar host since if you're using
Windows then go ahead and select Windows host. But as for Mark,
you'll have to select this. It's mostly a DOT exe file. Once you've done
that you can install virtualbox. It's just click
on next next next and it will walk out and provide settings
according to your need. I already have
installed virtualbox. It's the next thing
you do is similar as what you've done with VMware. Go ahead and download
official Kali Linux image. Make sure you don't download
any duplicate versions of ISO file from other websites. Make sure you download it
from original website.

If you want to do it
from the beginning go ahead and install
ISO file your torrent or you can just go ahead and download just the image
for Wii virtual box here for 64 bit and you have option
for 32-bit as well. I've already done that. So let me open my Virtual box. Yeah artists the procedure
for VMware and watch the box is almost seen
just slight difference. Let me maximize
the screen for you guys as you can see I already have and watching machine
launched up here. I haven't powered it up yet. Anyway, I'll show you
how to install new one. Just click on new' option here. This is your
virtualbox homepage guys. So click on New Year
and just give a name. We've already given color Linux all you're right
for the virtual machine. So let's give it
some of the name. Let's say capital K L line. Unix and choose the type
of operating system that's line X and here 64-bit – 64-bit according to
your operating system needs you can go ahead and choose it 32 but as well click
on next and again, like I said earlier depending on what you're doing
on color Linux operating system or virtual machine you go ahead
and design the memory since I'm just showing you how to install I'm not assigning
much memory you have.

So let's just retain
the default ones it to 4mb. That's 1 GB and click on next and it's asking you have
a three options here. Of not to add virtual artists
create virtual orders now and you can go ahead and add
a virtual hard disk, you use an external
virtual hard disk. Go ahead and select
the second option click on create and use
virtualbox image. Like I said earlier
we downloaded ISO image, right and it's an ISO file
with extension dot is oh, so basically it's nothing
but image so click on next and I want to the storage on physical hard disk
to be assigned dynamically and click on next. So this is the name
of the virtual machine which we just gave all your
it's asking you to choose the path wherever you want
to store your virtual machine. Let's say documents and watching machines click
on open and save so that's the part of setup.

And as for the memory call you always needs you
to assign at least 20 GB. So let's go ahead and give 20 GB you
can always assign more than that and click on create. So this is the one we
just created right? It's ready. Just click on settings
before you power up. You'll have to make
certain settings. So if you want to change name or type and version
you can always go ahead and do that here. We don't have anything
in advance is just the folder where your virtual machine
with this Toad go for systems. We won't be using
any floppy disk are so right. So on ticket or uncheck it and yeah, this is memory if you want to go ahead
and change or assign more memory because the performance of your virtual machine
is not that great. It you can go ahead and do
that for the process of make sure you enable
this extended features.

So basically if you want
to increase the performance of your virtual
machine the number of processors you assign
should increase Well for now since I'm to show you how to install and just going
to assign one you have option to increase to say to like that. And as for the display, you can enable 3D acceleration
display storage settings. This is the most
important one right now. We don't have any image attached
to your so click on this empty and click on the CD image that you see here
and choose watch. And attach the image or die. So Fire torrent file, which you just downloaded
click on open and audio no settings default
Network by default. You can always set it for Nat since we're using only one
watching machine ha but if you want to use a cuddle in X
with any other motion machine like Metasploit able to you can
go ahead and use this host-only adapter option here
because when you use Nat and when you have
two virtual machines, both of them will be assigned
with same IP address, which will definitely a problem.

L'm because both of these virtual machines
need to interact right? So, yeah. Well, I'm just saying all
this video information so you can go ahead
and click on host-only adapter if you using 2 virtual machines and you want them
to interact as for now, I'm just retaining
it Nat and rest you can you don't have to make
any changes and click on OK once you've made all
the settings click on this or you can go ahead
and click on start option. Are you can light click
on it and start Again, like I said, the installation process from
Step One is very similar to that whether using VMware. So again, you'll be greeted
with Kali boot screen and you have multiple options again.

I'm not repeating
the entire thing here. So go ahead and click
on graphical install. And if you're a pro
and using command line, you can always go
for install option. And if you want to just use it
for one time purpose, you can always go
for live option here. That's all guys. I'm sure you can catch
it from here, right? Because it's almost similar
to the ones we did using VMware if you have Here are just go
back and take a look at it. Yeah, well, like I said, I showed you on how to use
virtualbox to install Kali Linux on Windows operating system. Well, let's aim
for the Mac as well. You just have to download your
stuff there instead of Windows. You have another option
with this operating system. You can dual boot
your color Linux with Windows or Mac. It's not as easy as
these installation process because it will involve
you setting the BIOS to changes that you get to see when you power up
your computer initially.

Make sure you refer to color
Linux official documentation and make sure you've done
the installation properly so that you won't mess
up your default settings. So guys we are done
with two ways of installing Kali Linux one
on Windows and one on Mac. We saw how to install it using
VMware as well as virtual box in the third part will see how to install Kali tools
on any Linux distribution. It could be Ubuntu Fedora
peppermint operating system or any other version
or distribution of Linux. The procedure is actually similar in
every Linux distribution. So if you follow up
on one Linux distribution, you can go ahead and do it on the Linux distribution
of your choice or the one that you use One thing
you should remember is that Kali Linux is not for
the Dai Li line X purposes.

Well, it's only
for ethical hacking or web application penetration
testing for these purposes. So guys will be using
a tool called Catalan. Let me spell it for you guys. It's Ka T WL iron. So let's just search for that. There we go. It's a script that helps you
to install Kali Linux tools on your Linux distribution
of your choice. So it's usually
the GitHub script.

So click on the first link
that you find. So for those of you who like to use penetration
testing tools provided by Kali Linux development team. You can effectively do that on your preferred Linux
distribution using this tool which is Catalan
or Ka t oo a lion. So as you can see once you've
installed Catalan properly on your operating system, you should be greeted
with this page.

I'll show you how to do that. What about it? So the purpose of asking you to see this page is to take
a look at prerequisite hours. So first thing you need
to have a python of version 2.7 or above installed
in your operating system and you need a line
exists efficient system. It could be Ubuntu
or it could be Fedora or peppermint any other
planets distribution. I have a bun to here. I'll be using
VMware Workstation Pro. It's already open but let
me just go back.

All you have to do is
search for one, too. And click on the first link. So as you can see there are
a lot of options yet for to install a bin
to just click on this and you'll be able
to download a file ISO image. I've already done that. I'm not doing it again. Let's go back
to VMware Workstation as you can see. I already have my Ubuntu
operating system installed installing a window is
it's very straightforward. So just take a look
at the instructions that you need to know when
you're installing Ubuntu once you've done the installation, which should look
something like this. So let me power up. I've been to operating system. So as you can see, once you install your land up
on this page and it's asking for the password you
set up this username and password during
the installation process. So don't worry about it. Click on enter. So let's say you are
a Unix lover you like using your next platform.

But right now you want to use certain tools for performing
application penetration, testing and ethical hacking. You just don't need
all the tools. You need few Tools in that case instead of
installing color index on your operating system
installing only certain color Linux tools will be
The best option right for that. Like I said earlier
will be using cut Olin. I have a set
of four five commands that you need to use
to install Catalan Festival.

You need to have get
on your operating system. Let me check
if I have it or not. Anyway, I have these five
or four set of commands which will be using
I'm going to attach them in the description below. So if you want you can use them as you can see install
get First Command. It says unable to use it because have to login
as a root user. So let me just it's asking
for the password. Yeah now I'm a root user. So let me try the command again. That's apt-get install Kit. Yeah installing get it's just
going to take few minutes. But while this is happening, let's go ahead
and explore cartoon to let me go for Firefox here. Let's search for Carter: so it's the first link guys
like I said earlier, so let me scroll down as we saw the should be
the home page and we did take a look
at the requirements.

So let's just go back and see
if it's done. It's still happening. So one thing is make
sure you have a python or version 2.7 or above. Otherwise the entire thing
won't work at all. Yeah guys it's done. Now. We are done with the first step. We need to install a we need
to clone the cartel in right? So what you do? Like I said, I have a command right
here just copy this and place it over
there control C. Let's go back to terminal and it
makes your skin for you guys. Yeah. And based so basically
I'm cloning it here and the next command is
I'm copying the python file to this directory and click on until it's done. It's just quick process now,
we'll have to change permissions so that we have access
to use Catalan for that. Basically. We are giving
execute permission. So chmod plus X. Make sure
you take a look at that + x + enter we are audio
is now our cut line is installed say a lion, so as you can see It's already the first thing
that you should do is before you upgrade
your system essays.

Please remove all the color
like repositories to avoid any kind of problems. So as you can see it shows
you like five options here. First one is
Azad Kali repositories and update next view categories. Like I said, Kali Linux is 600
plus tools, right? So you have different
tools categorized under different headings. Then you have
classic menu indicator. It's nothing here
as you can see. I have a small icon here. If you click on that, it'll just show
you different menus.

That's all and if you
want to install color menu for easy access you
can do that as well. So let me just click one
under one that says add color Linux repositories update
remove and view all kundan's. So let's try removing them. Let's drive with
adding repositories. It is there are certain
duplicate signatures removed and all that. So let's just try to remove like they suggested earlier
have been deleted now one. So if you guys want to go ahead and update the repositories
already existing ones, you can go ahead and do that. I'm not doing it now because it's going
to take a while. So if you want to go
back just click back.

It's as easy as that. Now, let's say I want
to view categories and install one to love it
as you can see. There are like number
of fusion number of categories here. So I have web application
penetration tools your have password attacks. I have exploitation tools. Well, if you are interested, there's an introduction video
of what is Kali Linux by director in the south. Security playlist. So go ahead and take
a look at that. We have explained like about five to six popular
tools in Kali Linux. Anyway getting back
to today's session. Let me just say for as you can see it lists all
the web application tools. So if I want to install
all those there's an option that's zero, but let's
just say I want an install a tool called SQL map. I'm sure you might
have heard SQL map.

If not, it's okay. It's a tool which you
use for checking out vulnerabilities at a present
an application database system. So anyway, it asks
inside the number of the tool that you want to install. Let's say 27. So as you can
see it's installing. So it's as if you said guys so
once you just done installing, I'll get back to you. Any tool I just
showed you how to use how to install SQL map which is there
in web application tools. You can go ahead and do that for other different types
of tools as well suppose.

You want to install
all the tools. You can go forward 0 as
in click on zero option. So there you go guys. I just showed you
how to install one tool so you can go ahead and do
that for any kind of stool under any category. So if you just want
to go back click pack and go for other types of tools, let's say eight there you can
see so whatever different time of exploration tools you
want you can go ahead and install them. Let me just click back and the back sometimes when you
try to install all the tools, you might get an error saying that's the file doesn't exist
or depository doesn't exist. All you have to do is go
for one First Option here. As you can see here
you have option two which is update. So update your repositories. Make sure the Kali Linux mirror which is present for
the updation as the right one. Once I've done
that you won't get any errors.

All the tools will
be installed properly. So suppose you want to get
back from these cattle and easy just press control C. And yeah as you can see
it says goodbye. So that's as easy as it is to
use colonics tools on any kind of Linux distribution while I've showed you on a bun
to the procedure is same on any other Linux
distribution guys. So there we go guys. I've done with
three things first. We did on Windows
using VMware then on Mac using virtualbox
and third I showed you how to install Kali
Linux tools on any kind of Linux distribution.

And finally, there's
one last demo here. We'll see how to
install Kali Linux or Windows operating system
using Windows subsystem for Linux feature. So, let me get back
to my operating system. We won't be needing
VMware Workstation anymore. So guys will be using
a feature called windows subsystem for Linux, which is By default present
in all the current versions of Windows 10. This is actually for those who prefer using Color Linux
command line interface. So make sure to listen
to me properly. Oh use this option only if you are a pro in using
command line interface or if you have any experience
using command line interface. Otherwise just go ahead and use
VMware watch the box and install Kali Linux graphical
user interface option. So yeah, this windows subsystem for line X allows you to run
Linux distributions as subsystem on your Windows
operating system this Her is really a new feature. It exists only in Windows 10. So you need to use
latest version of Windows 10 to perform this demo
or use this option. And in addition to that.

We also have
other prerequisites, especially we need
to have git installed or you can go ahead
and zip the file which is Windows subsystem
for Linux files normally but having it is
also a nice day. Secondly, you need
to have python of version 3 or above make sure
you've installed Python and set up the path to check if your python is installed
properly or not just sake. Go via command prompt
and just type a python version. It should show you wasn't properly only
then you can be sure that your python
is properly installed. As you can see for made showing
three point six point seven, which is definitely above three, and it's properly installed
in the path is set.

The first thing you
need to do is enable WSL or Windows subsystem for Linux. Just go for the control panel
and there click on programs and turn Windows features on or off make sure
not to touch any other features. It might mess up
your operating system. So scroll down. It's usually at the bottom. Bye. For let's never nibbled a few using it for the first time you
need to enable it. So first thing you
do is enable it as you can see here. It says windows
subsystem for Linux. Make sure you enable it check
mark it and click on OK. Once you have done
that run your command prompt or terminal as an administrator. All you have to do is
right-click on it and click on run as administrator. And yes now will be
enabling based distribution. That is like I said windows
subsystem for Linux allows you to run a line X
distribution as subsystem. Right, but for that
we need to enable this base distribution for that. You need to install
the base distribution or any kind of Linux
distribution that you need.

So just use LX run and install. So once you type that this is the output
which you get it says, it's the Legacy Windows system
for Linux distribution. So you can go ahead and install
other Linux distribution which are available
in Microsoft store. But unfortunately Kali Linux
is not available, but it doesn't matter right. We're anyway installing
it using the procedure. Just click on why
here saying yes, I've already installed. So it's showing
Legacy Windows system for Linux distribution
is already installed on my system for you. It might take a while
after installing. The most important
thing is it lasts for you to set up a password and username don't skip
that step wait for a while and make sure you set
up the password and use an improperly only then
entire thing will work out once you've done
that we are done here. You can close
the command prompt. The next thing you need
to do is install git I already have it installed. It's very easy install
dot exe file and click on installation process.

It's very straightforward
and open git bash. Yeah before that. Let me go ahead and create
a folder called text here. And as you can see it stored
on my desktop right now, it's empty. Anyway, let me go back
to get here and CD desktop TST all your Venable
windows subsystem for Linux. But now we have to download
the script right for that. Search for Windows subsystem
for Linux Witcher. And the first link is
the GitHub link click on that. There you go guys. It says windows subsystem
for Linux distributions, which are it is the purpose
is to let you easily download and install Linux distribution as subsystem on your
Windows operating system.

So as you can see you have
different options here for the base operating systems. So yeah copy this link
here control see see and go back to git git clone and paste the link which you
just download it paste it. It shouldn't take very long. It's done guys. So now if your check
your test folder Windows subsystem for Linux
will be downloaded properly.

Let's just go back and check
that here is our test folder as you can see windows subsystem
for Linux is already there now open your command prompt. CD let's go for the text file. And if you search for the directories under
that you can see WSL here. Now, let's go for that as well. You can just press stop
directories under that so as you can see the two things
the most important things is this get pre-built dot p y and install py this KET pre-build py will fetch
Kali Linux Docker files and installed our py
will install Kali Linux for you. I already have it installed. But I'll just show you
how to do it. So go back to the browser
and type talk a file.

Click on the second link. I just wanted few to copy the command easily
so that you won't make mistakes. This is the one which you'll have
to copy to fetch the color index dog of files. So you can just copy this part
and go for command prompt. Let me maximize this for
you here you can say so if you remember I said
python is masked. So make sure you install it properly and set
up the path White. And get pre-built. Let me just people dot
pi and copy it. As you can see it's installing. It's going to take
probably like 2 minutes. So it says it's done at says it's safe to this file
in the text folder.

Let's go back and check
if that's happened. Here's a test folder
under WSL you have python as you can see you
have python folder. Is it folder
of Kali Linux installed or fetched you'll have
to install it now, right? So let me now just type python. This is the command
that you want to use that's installed on pie
and stalled out pie and copy this or just type
and enter tab lutefisk stabbed and click enter. So as you can see
it took a while but it did install right now. All you have to do is
it's installed so you can close the CMD and open
your command prompt and run it as an administrator click.

Yes. Let me maximize the screen
you'll have to set the root password are
the default user as brute so set default the command that you need to use
hit default user as root. As you can see it's now set
to root and click Bash. Done guys, right now. We are running on Callie operating system
on command line interface if want to make sure if you're actually running
on Curry just type Cat ATC and issue. It shows that
Kali Linux rolling. So as you can see we have successfully installed Kali
Linux command line interface or how to use command line
interface on Windows using Windows subsystem for Linux
and I'm telling it to you again just use it if you know how to use command line
interface very properly.

Otherwise Might be a little overwhelming
subpoenas the fault. It's the command that you need
to use hit default user as root as you can see. It's now set to root
and click Bash. Done guys, right now. We are running on Callie operating system
on command line interface if want to make sure if you're actually running
on Curry just type Cat ATC and issue its shows
that Kali Linux rolling. So as you can see we have successfully installed Kali
Linux command line interface or how to use command line
interface on Windows using Windows subsystem for Linux
and I'm telling it to you again just use it if you know how to use command line
interface very properly.

Otherwise It might be a little
overwhelming for beginners. So now it's time that we go through
the command line basics of any Linux terminal. Now, the Linux terminal
is a very powerful tool. It allows you to move around
the whole operating system through the files and folders. It allows you to create files. She's their permissions change how they behave and a bunch of other things you
can do filtering you can grab stuff the specific stuff
from a specific file and there's a bunch
of interesting thing that you can do and as an ethical hacker
you will be working with Knox distribution
most of the time whether it may be Kali Linux or some other thing
like Peridot s but you will be working
on enough most of the time because it's a powerful tool
for networking analysis and scanning and
all sorts of stuff that you want to do
as an ethical hacker.

So the First Essential step
is to actually know how to use the tool that is available to you
and that is out here, which is the terminal now as I'm running this
on a virtual machine, you might find it that my execution times
a much slower and that is because I I have
a very very slow laptop because my virtual machine
is actually eating up a lot of my Ram and I have a bunch
of other processes that are also rendering I do this on my free time.

So let's go ahead and go
through the commands that we are going
to actually go through now. Let me actually make
a list of commands that I want to teach you guys. So let me see if leafpad is available
firstly leafpad is basically a text editor. So the first come on that we're going
to start off with is CD. CD stands for change directory
now at this moment. We are in the root directory as you guys can see we can print
the current working directory with the single PWD and that is
a current working directory as you see it's called route and suppose we want to change
directory to the home directory.

So all you have to do
is CD which stands for change directory as I just said
and specify the part. No CD / home. Okay. So once we're in home, I want to make
a list of commands that are used on the CLI
that I want to teach you guys. Guys, so what would I do
I would firstly see if any files are available
that I can edit. Okay, so these files are available, but let's create
a new file for ourselves.

So firstly let's do
Nano list dot txt. Now. What Nano does is
now we'll open up a small command line text editor now come online text editors are very much used
by ethical hackers because they save
a bunch of time if there's always switching
between GUI and command-line because you'll be doing a bunch
of stuff on the command line and Will you want to write
something you're always switching to gooey? It's a waste of time
and you want to see if I'm as an ethical hacker. So you can use this thing
called a command line editor and it can basically do most of
the stuff a GUI editor would do. Now you say Nano
and the name of this file.

So now basically
has created this file now and it has opened up
this new fresh window, which overrides the command line that we were in The Bash
and this is a place where you can actually edit what goes in the file
now, let's see. See the list of commands
that I'm going to teach you. I'm going to teach you LS LS
will be the list of files. We did CD. We saw a PWD. So that was a print working
directory will be looking at how you can copy stuff
at the CP command.

Then we will be looking at MV which is basically move then
we will be looking at cap. And that's an interesting one and also less which is
another interesting thing and we'll be looking at grep which is actually
used for graphing or grabbing things from files that You might want
to see you'll see what I mean and a short while we will see echo which
probably does what you think. If you have any experience
with the Linux, then we'll be doing touch and we'll be doing make
their which is make directory and then we'll do
in ch own chmod then all the most
dangerous commands has RM and then you can do man. Let's help. Okay. So these are
the list of commands that we are going to go through in this As part of the video so
suppose I was making this video and I want to
save the somewhere. So you see down here. There are a bunch of options
that are sure to you.

Now this cat it sign
might be not really thinking that the shift 6
1 it's not shift 6:00. It's actually a controlled
so cat it is controlled and then G of course means G. So if you go Control G,
it will actually get help. Now. What we want to do
is save the file and that is control. Oh and that is right out. So what we want
to Who is a control? Oh, and now it's going to say if we want to name
the file list at the XD and we want to name
the file and it says that we have written
down 15 lines.

So that's how you save a file. Now. All you want to do
is exit out of you. Okay. So first let's go LS and let's
go through whatever there is. So LS showed us the list
of files that are there in that directory. Now Alice can also
show you the list of files in a directory. Curry with the paths that you specify
likewise ALS VAR. It'll show me everything
that is involved. Okay, there are a lot
of interesting things like bar. So let's head over twice CD /
bar and you hit enter and now we are
in the folder bar. So now to actually demonstrate how powerful analysis we have
a few Flags now to see the flags of any command you
can just do – – help universally throughout
the Unix one line so out here you see some information that is Stuff to read
but if you go on top and scroll out here, you'll see all the flags that you can use
with the command.

That is LS and
how you can use them so you can see what you use and you can read
a little bit about it. So if you use all it ignores
entries starting with DOT, so suppose we were to do LS in why let's see so
it shows us like this now if you do LSL, it'll show a long list
with more information. So these are the permissions
Options that you see out here we will be seeing how we can change the permissions of a file
soon enough and this is who owns the file the user and the user group
is the file number. I guess. I'm not sure which is when the created the name
of the file is the time when the file was
created, I guess.

Okay. So that's how you get
very detailed information about all the files now. That's another thing you
might want to use with ALS and that is the 8X
so you can go LS a and it will show you all. Of the hidden files also. So now you see some two files
that were not shown out here. Our file is begins from backup. But when we do LS, / I mean – La we see two more files
at this Dot and Dot so let's see if we can move into that CD dot
so we can't even move into that. So that's interesting. So these are hidden files. So these are not seen
two random users and we can actually
do stuff with them. We will see how we
can use hidden. Hours later on. So if you want to show
hidden files through LSU, all you have to do is LS and –
La so that was all about LS. So let's move back to /home
where our list of commands that I want to show you
always so silly home.

Let's Alas and see
what was it called, its called list and suppose. I want to see the condensed
of list or txt. All I have to do
is say list dot txt. Now. It shows us whatever
this file is containing. It will read it out for you. Done CD we've done LS and its various forms we've done PWD now it's time
to do CP CP is basically used for copying files from one place
to another so suppose. I want to copy this address file that is there into
some other directory. Let's save our so all I would
have to do is CP name Dot txt. And then you specify
which location you want to actually copy it
to so CD / VAR. So this is where I want to copy
my file to and you hit enter and it's Copied but
that was a very small file now. We can actually check
if it was copied before I move on and pour
some more knowledge into you.

So let's go into VAR. So CD / VAR hit enter
and you're involved again and you CLS and now
you see a name dot txt. So let's remove
name dot exe from here because I want to copy
it again and show y'all a difference between a flag
that I'm going to use right now. So the – and letters that you
use are called flag. Technically in the
Linux terminal RG. So let's go back to home now
instead of the name of the file and moving back home. Just like I did you can type out the complete name
of the file out here.

So you could have gone
CD slash home slash name Dot txt and copy to slash bar. But this time what we're going to do is
we're going to use a hyphen V, which is basically used for a verbose output
of whatever you're doing. So most of the commands that we're going
to using will have a – V with them. So, let's see how this
actually affects the output. So what we're going to do
is we want to copy so sleepy and verbose and we want
to copy the file name Dot txt.

And we want to copy it
to the folder called VAR, right? So now you'll see that it will give us
what is being moved rather that is named Dot txt. And where it is being moved
to so this is a very good way of knowing what is
actually happening because if you do it without the verbose
And suppose name not the XD was just 20 GB file
and you just don't know if it has finished or not. So if it's a 20 GB file that is continuously update you
on where what is being copied. So basically all you
have to do is type – V if you want to know where your files being copied
and the exact part.

Okay, so that was about
how you can copy files from here and there now, what was the next command
that we want to see so cat. So, let me just go and see
the next command that is there so list at the XT so after God I want
to show less Okay. So we've done CP we
also have to do MV. Now as you guys can see that CP is basically
a copy copy is as you would expect it leaves
a copy of the file that in the original directory while also maintaining
a copy in the directory that you specified. But if you want to move
the file completely, all you would have to do
is use the command MV. So MV is for moving
the file now, let's see what all goes with MV so you can type help and as I said you get
the verbose option And you get suffixes
you can force things to happen to suppose. You don't have the permission do
not problem before overwriting. So it'll give you a prompt
and you can completely overlooked the problem
with the F thing.

Let me just show you
how that looks like. We'll be doing a verbose and we will be coughing the
address dot txt file and okay. So every time I've
been actually typing so you can do address
or txt by just pressing Tab and it will auto complete
so address or txt to / – bar now, it will show you that it is actually renamed
addressed at the XD to VAR dress dot txt. Now. If you go and do LS
out here you will see that address dot txt is
not actually he go but if we were
to move to VAR, so CD / far, okay. I've also been
typing out commands that have been previously using and you can simply toggle
through all the commands that you've used by
the up and down keys. So LS MV MV V help I did CD home and I have to go through all
this just to prove a point. It's a seedy bar.

We want to change that now. We're in the variable folder. And we also want to see
what we have out here. So address should be
out here and Alas and as you guys can see addressed
at the XT is the first file that has come up and it
is basically the same file and it can prove that to you
by just getting the file and as address txt. And you see that is some random address
for some random person. Okay now, Let's quickly clear
out a file or window. You can do that
with the control l or you can just type or clear. Now. What we want to do
is move back to home. So yeah City home. Okay. So now that we're
back at home again. Let's get out our next file. So let's start the XT and after move I wanted to go
through cap now cat as you guys can see is printing
out the contents of a file and there's also less which does something
very similar to cat. So, let's see what it does. So if you go less and you list.txt you actually
see the contents of the file in a completely new window, which overlays on
the previous window and this is a very neat way
to actually see the contents of a file which is true less.

If you want to keep
your main command line interface not so cluttered which cat
clatters it completely. So if you want to get out
of this place this less place and all you have
to do is press q and Q gets you back and as you see nothing was printed
out on our main interface. So this is a very
cool way to actually keep your command line interface neat
and tidy when you're doing work. Okay, so crap, so grab is used for actually
filtering out stuff from file. So suppose we want to see whether a command has
some verbose option to it or not. So now I know that MV has a purpose command
but suppose I didn't know that so MV – – helped then
you use the pipe sign.

So what the pipes Means is you have to take
this command the First Command and then you five nine and two
the second come on and you want to see graph – V if that exists. Okay, so let's see
grab for both. Yep. So a verbose exists
and that is – be and that's – – verbose so explaining
what is being done. So what happened out
here is basically we took this first command and then we filter it and filtering is done
through the piping. So basically think
about you taking some Ian and pipelining it
through something else which funnels it
out of this command which is grip so you can use MV / help in conjunction with a bunch
of other commands just on correct and I'll leave
the creativity up to you.

So grab is basically
used for getting what you want from a file and graph is used very very much
throughout the source of this video through
this Kali Linux tutorial that you're going
to be watching. So that is a very
easy way to see if you have a particular option or let me do Against also
so CD / VAR now, we're in the bar folder. And let's LS. We actually have name dot txt. Now. Let's also go into backups
OCD be and tapped and that brings us back up folder and we're now in the backup
folder Let's do an LS out here. Okay, so we have
a bunch of files. Okay. We have some password dot back. No see if you have cat
and you go password got back. You can see the entire thing. Now what? What if you didn't want
this entirety of it or if you want something in particular you
want to be very neat so you can do that same command.

You can pipeline it and you can see grab and you
want everything with no login so we can see that there's a bunch of things that say no login and we only want those
and these are all the things that say no login in them and it's a much less a list
and it gives us a very particular list that
you are looking for. So that is how you use crap. So now let's head back. To home. Okay, I've done wrong. And again, let's see what the next Monday's so
now let's start the XD. So we've done crap.

We now have to do Echo Echo and then touch OK let's go
back a few we press q and we get out of there. So what did I have
to teach again? I'm such a dummy
we have do Echo. Okay. So what does it Echo used
for so suppose you will say Echo and open code hello world. It would basically do
what the man says that is. Echo whatever you say now, it'll say Echo hello world
and that will basically Echo whatever you typed out
in the conditions.

That is Hello World
spelled very wrong. Okay now suppose you want
to actually put this into a file so you could do
Echo hello world. Let's spell it properly
this time and you want to answer in the file. We had a phone number I guess
for number dot exe. Yep, and we can Echo
it at that thing. Now that was done now. Let's see. What is it phone
number DOT txt phone. Dot txt and it says hello world so you can basically input
text it to a certain file with the echo command and
that's how you do it. Okay. Now let's also see how you can make directories and
that is with the make directory. Come on. So, okay. We also have to do
touch before that. I forgot now Dodge is used for
quickly creating files so touch for you could save touch
and then the file name so we can create
a name file again name dot exe or or
that will create a name dot txt.

Let me just show it
to you and I sell and we have a name dot txt. We can also create
multiple files with touch and you could say file1 file2 and file 3 so like this you can create multiple
files and let me just LS that out and show it
to you and let cell and we have five on file
to open files three now. We can also create a directory. So make dir and the name
of the directory.

So suppose you wanted to say All
your movies in One Directory, they make directory movie and now you have
directory called movies and you can also
move into movies. So CD movie. Okay, so that's
how you create directories and you can move into them with
the change directory folder. Now, let's see what
the next command was. So CD and dot dot so
fit CD dot dot you can move back to the previous folder
if I'm already know told you that and since we're in movies
we can just go back to home with CD dot dot after now.

Let's see what else is there,
so Cat list Dot txt. And okay now CH own chmod now CH own will be
a little tough to show because we don't have any sort
of a user or here. The root user is the only user that we have on this virtual
box and set up but if you want to change
the ownership of a file, so let's see so you can see the ownership
of a file through the LSL. Come on and you see
that root and root. So this is owner name.

And this is the owner group and
they're mostly the same thing. So our next command app you're going to actually
see is called CH own. So let's see how CH own
is actually used CSU own is used for changing
the ownership of a file. So a actually don't remember
how to use CH own. So if you actually don't
remember or you're getting stuck somewhere just use
the help function.

So if a command
line argument symbolic, so let me just go
through this one. So this is how you use it owner
and then call them group. Okay, and then the file name so you go CH own and then you want to say
the name of the owner and the group you wanted
to belong to that is root and rude and then you
specify the name of the file. So suppose I
won't change file one that already belongs
to root and root so it doesn't really matter because I don't have any other username to actually
change the ownership to so this is how you
would normally change ownership. So let me just show you where you can see the ownership
and that is LS – L and I'll share the root
and root you see on file one is basically
this is the owner. This is the owner group. They're normally the same thing
and the same name, but if you had
some different owner like a guest you could change it by actually using the CH own method the command methods
are different things.

I always get confused
because of the programming. Okay. Now the next command that is left is called
chmod to actually show you how chmod works. Let me show you
an interesting file. So suppose. Let me just do this once okay now Echo what you want to Echo? Oh is let's Echo. Hello world and let's put
that in quotation. And we want to put
this in test now once we've done that lets Alas and we see that we have
a test file out here and we want to move test to test our sh so tested sh
is the executable file that is used in bash scripting. So we move test to test
out sh the way you actually execute batch files
on your command line is with .

+ / she say dot slash
and if I press T, and I press tab. You see that there is no options
that's coming up. That is because they're start
sh is not an executable file to test out sh is don't have
the executable permission. So let me just show
that to you LS and you see test or sh it doesn't
have the executable. Now you see movie
it is executable. I don't know why
it is a directory. So it is an executable
you can move into it.

So it's blue and color. So the way you I actually can make this an executable is
by changing his permission. So the way you do that is chmod and basically
you change it to an executable. So plus X that is
making an executable. If you do plus RL
make it readable. And if you do plus W
will make it writable also, so if you do plus X
and do tests or SSH and now you go and do LSL, you'll see that SSH
has become green because it is an executable file
now and now if you do dot slash and you press T, you get that Sh, if I press tab, so now it is
an executable file.

And if I executed it presses out hello world
under the my screen. So that's how you
can use the chmod or which is basically the change
of emissions of files and we'll be changing
permissions of files throughout the course of
this video will be very useful for us and you'll see as we go along with this video. Okay. So the next thing that I want to show
you only to our left and I remember those now and it is RM + RM is used
for actually removing. A files so you
should be very careful while using RM or any sort of removing command
on a Linux system because once you
remove something it is very difficult to get it back
in as almost The Impossible.

It's not like Windows
where it's basically just disappeared in
front of your eyes, but it's still there in
the memory cluttering it all up. That's why Linux
always Trump's Windows. That's one of the reasons and make a video
on that later on. But for now,
let's focus on our M. Now. We can remove file one. So, let's see so file one
is going to be removed. So if he LS no, you see 506 this but let
me show you our M. And if I do movie it'll say cannot remove
movie is a directory. But if you go into the help menu
I bet there will be an option that you can just
forcefully should move it.

So our M force will just
remove so our n /r and you can do movie and it will recursively remove
everything and if you go Hill and do The LSL you'll see that there is no movie. He directory anymore. And that is how you
can remove movies. Now that problem that you see out there is
actually a safety measure because once you
remove a directory and it's not retrievable, that's a very sad scenario and you don't want to get
yourself in such a scenario in whatsoever possibility. Okay moving on so on so forth that was all about the RM folder
now you can do RM and address of anything. So RM, I know we moved
in address that the x t so in The VAR folder
we can go our M VAR and dress Dot txt.

And that will remove address
out the XD from the folder of our let me just
show you that work. So CD bar and LS and you see that there is no address
or txt out here. Okay, another way to get
help for any command that you want is man
and suppose you want to see what RM will show
everything about our M that is there to show
to you show you how to use use it'll give you
a description schnapps has named remove files and directories. It's a very useful way so out
here you see is the manual page. So that is where means man and you can press
line one nature. You can press Q to quit. So that's very much helpful. OK guys. So that was all
about the command line interface and how we can use it to go
about the operating system and change file permissions
copy fires move files and a bunch of other stuff now
it's time to get on with the interesting stuff and that Is firstly we're going
to be learning how you can actually see Anonymous
with proxy James OK guys.

So now that we are done
with the command line Basics. It's time that we move
forward with proxy James. So before we move forward
with proxy chains, let us head back to PowerPoint
presentation and see what exactly proxy chains are. Okay. So proxy chains now as the name suggests
proxy chains are basically a chain of proxies now, where is the proxy used a proxy is used whenever
you want to anonymize? Has yourself on the wire
or the network? You do not want to know or you
do not want to others know what the source IP address was
for your client system and to do this.

All you have to do is send
your package through a bunch of intermediaries systems and these intermediaries systems
carry the bucket out and they transmit it
to the Target system. And this is much
slower and let's see how we can use this
in Kali Linux. No in combination with tour
to in order to anonymize. Pick not only
on web browsing traffic, but rather instead on
all networks related traffic generated by pretty
much older applications, but you can also change
this in the settings. Now, what we're going
to do is we're going to open up the proxy
chain configuration file and we're going to
understand all its options that are available. So to do that. All you have to do is say no
you go into the ETC folder and then you go
for the proxy chain that conf and what
do you see out here? Is in a new editor and we had spoken
about Nano editor when we were discussing
the CLI part.

I hope you haven't skip that now what do you see
out here is a bunch of instructions and options. So let me just zoom in
into the Squall line interface and now you can read
everything much well, so what proxy jeans is well, it gives you the ability
rather to draw out your traffic through a series
of proxy servers and stay Anonymous
in such a fashion by hiding behind them or by having
them forward your request. So it looks like
On the other side that your requests are coming
from them as opposed to you now surprisingly enough. There are large amount
of these proxy servers out there that you can use but they're
not very stable, you know, they go up and down and they're not very fast so
far specific targets, they can be useful
but not for brute forcing and not for any sort
of computing attack.

So suppose you're doing
something to certain Target for trying to log in
or you're already logged in you can definitely do it
through proxy chains, and it will be reasonably fast
and reasonably stable. As well, but if you're doing some sort
of mass scanning or your brute forcing a password or something of a kind
of a proxy chain with a list of proxies selected
from the internet, especially the free proxies.

It's not going to work. I mean it's going to work out
eventually in a technical sense, but it will consume more time
than you can spare and by that. I mean it can be
very very long time. It can take about months
or two to do a simple scan. So that's not an option and
there are other ways of doing that but for the time being
I just want you to know how you can use proxy jeans and How you can configure
it and actually because it's really useful and I use it fairly
often a lot of people do and it's a fantastic
piece of software.

So first off we have
the types of proxies. So you see yes EDP socks
for and socks5 now, they are fundamental differences
between these protocols and you always want to find
yourself a socks5 proxy as that's the best possible one and that has the ability
to anonymize all sorts of traffic scdp. Well as a name it says
it's for HTTP traffic and socks for Or is very similar to Socks by but it
does not support IPv6 protocol and it does not
support UDP protocol. So this can be sucks for and can be rather problematic
and you always want to make sure that you're using socks5
wherever and however any way down below you have
these other options, which we will go over. So basically how you
enable these options is that you don't need to type
some complex lines of code or anything of any kind basically you all you have to do
is just leave the hash out here. I'll show you so suppose we want Do actually activate
Dynamic jeans option. So all we have to do
is delete the hash.

But let's put
in the harsh right now. So after you delete the harsh, all you have to do is save
the file and the option is enabled this hash presents
a commented out line meaning that the system reading
this will ignore if there is Harsh and if there isn't hash it
will take it into consideration and interpret it according you. Anyway what we have
here are statements which allow us to specify how we want our traffic
to be routed the First off we have Dynamic
chain Dynamic chain is a some and is an option which you will find
people using the most it is most commonly used option and a preferable want
to at that and honestly, I think it's the best one
out there primarily because it's the most stable one and here's why now suppose
you have a b c d proxies.

So those are some servers
with IP addresses with open ports. And if you have
a strict chain policy, which is enabled
on this computer right now as you see if you have
a strict chain policy, we can only be able
to access any site on Internet in general
by going through ABCD. So you have to go
through all of them and you have to go through them
in that specific order.

That is ABCD and that's
not always a good thing. I mean if you're paying
for 5 proxies, that's not a problem because they will
always be operational and they will always be up and why not that's
not a bad idea or an option but there are however people who use proxies for free and
they don't tend to pay for them. Why would you pay for like
five proxies for simple scan or something of that kind? They're not free
and the a cost money and they're rather expensive also, but still, I mean the act
of paying itself identifies you and kind of diminishes
the amount of anonymity you have on the internet.

So some complex payment methods can still be used
to actually anonymize yourself, but it's fairly simple
to just use a dynamic chain. So firstly we're going
to go ahead and uncomment the dynamic chain option and we're going to comment
out the strict chain option. So strict chain will
no longer be used and I will be using Dynamic chains. And one more thing to note here. Is that if you want
to use Rocky chains in combination with door if you want to Route
all your traffic through the Tor Network
not just web traffic. You must be
enabling Dynamic chains. I mean, there's a chance that it will work
with strict genes. But give the instant
instability of door nodes. It is highly unlikely. You will need Dynamic jeans
and that is why I'm using them. Anyway, if you're using
Dynamic changes just give you the ability to go from ABCD to your desired
destination by not having to adhere to any order. So let's say C is down
and you would go a b d and it Woodworking
with no problems, even if P was down
you would go to a d and you would go and still
reach the destination.

So as long as one single proxy
is functional it's going to work and you don't require
any specific order to do it down below now down below you have some other
options to so first is random chains now random chains in effect are basically the same thing as
resetting your service. I mean if you're
resetting your door, you will be now assigned
new IP address in Taurus is your new IP address
every 10 minutes or so. Anyway with the random. You can specify a list of ips and then you
can tell your computer. Okay, I want you to try and I want you to connect
to this point and every time you connect every
time you transmit the packet, I want you to use
a different proxy and we can do that as well. And that's one of the options
definitely and you can see okay.

Use this is phone five times and then change to another one
or some kind of like that. There are a lot of options
to specify their family the chain length
any way down below. There's quite mode. You don't really need
that then that's proxy. DNS requests. No leak from DNA. Stata, this is very important. You cannot have any DNA sleek
and let me explain to you what DNS leaks are and even though somebody cannot get
your particular IP address. They can get the IP address
of the DNS server that you are using and that DNS servers do is resolved
main domain to the IP address and vice versa. So for example, if you type in youtube.com, the DNS server of your local
ISP provider will resolve that into some sort
of IP address that YouTube has and it will make a request.

No problem and you
do not want that happening because Is your local DNS server
will be discovered and that is information that can be used in order to figure out
your personal IP address. And when that is done
your physical location is pretty much compromised. And that's an oval and you definitely
need proxy DNS here. It might slow you down a bit, but without that you're
practically not Anonymous and it's just a matter of time
before somebody finds you now, if you go down below we have
some other options here, but we're not really interested
in them at the moment.

What we here are for the formats for entering proxies and I'm
going to leave it at that. So what do you see out here
is first the type of the proxy that is sucks 5 then the IP
address then the port number and then two words that Islam has secret
and then juice to Hidden. Okay. So now what you see out here
as I just said is how you would actually write
down your proxy chains. And now as I had already
also said you always want to be using socks5 and you
don't want to be using HTTP because they're not really that safe and socks5
doesn't support a lot of Anyway, and this is the IP address
of the proxy server that we will enter a few
of them manually later on and this here is the port number that you see on which
the proxy server is listening and that port is open
over here these two words. Now what some proxy server especially paid ones will always
have a username and password so you can just type
them here in plain text and fortunately it is assumed that only you and you alone
have access to this computer besides this file
and besides this file is you not know.

Everybody can read
this file anyway, so if you can just type
in the username here and password here, you will gain access
to a certain proxy that you have chosen
or that you have paid for. Anyway, these are
just some examples and we won't actually
be using these proxies or anything of the kind. We need to go down
below here here you see and at the end of the file. So if I just press
enter a couple of times, there we go. So here is only one proxy active
at the moment and says socks for and all traffic is routed
here through Tor by default. So That to tour now and tardy
for listens on the sport. So this 9:05 is report is white
or listens on now, what we want to do is we want
to add socks5 proxy address. So what you want to do
is just type in socks5 and the same IP address socks5 and you want to be keeping the
spacing correct just use tab.

So 127 dot 0 dot 0 dot one
and then you want to specify the port number the
also so now 0 5 0 so what you see out
here the 127. 0.021. This is the loopback address
of your computer. So this is for any
device communication and if you're paying
this address and if you're paying yourself
basically and usually people think this address
in order to make sure that the IP protocol
is set up correctly, even though they don't have
internet connectivity.

So let's just type in 1.27 dot 0 dot 0 dot one and
the same port number and 9:05. So now we have to press Ctrl o
to save our You can save on the same name and we're o 65 lines of course
down and that's written and now you have to press Ctrl X
and you exit out. So let's press Ctrl L
and clear our screen now, we just edited
our proxy change configuration in a very neat environment. So to go ahead and type
in our service door status. So we want to check
status of our daughter. So service tour still this so
torturous could not be found.

Sound so do we have
the torturers installed? Okay sewed. Our service is not installed. Just give me a little moment
quickly install it. Okay. So now that we have set up our broccoli
jeans configuration file and we have put in a sock 5 proxy chain giving
it the torch service. Now, what we need to do first
is start up our tour service now to actually check if the car is running or not or if the door service
is running or not. Let me just clear that out. We need to go service
to our star. And you see it
says it's inactive. So what do you have to do
is say service to our star and that will start
the tour service. It might take some time
depending on the system that you're using and what are
their it has started it for me. Now what you have to do
to actually use proxy chains before you go to any website.

So all I have to do
is say proxy chains, then you specify the browser
that you're using. So we're going
to be using Firefox and you could say something
like www dot Duck duck duck on so now here you will see how your ping is
being transmitted to. Dr. Go.com when I say thing, I mean your packets
and your requests, I'm sorry for my vocabulary. So now your packets
are going to be directed through a bunch of IP addresses, but we haven't actually
put a bunch of you just have put the loop back
for the Tor Network. So we will let our do the rest
of the things for us. Okay, so depending on your system this
might take a little bit. Of time to actually open up. Okay. So let's go ahead and see what's actually happening
on the terminal while this thing is loading up.

Okay, as you can see
it's going through a bunch of proxies out of here and some are denying it
and some are saying it's okay. So as you guys can see most of
the time you might give tonight and it will be a less
number of occasions and that is exactly
what we're looking for because primarily we have gone
a great extent for the anonymity and what do you want
to do is stay like that. So this is basically
how you Use proxy chains. Now if this computer
just decides to open up talk go.com on Mozilla. I could actually show you
some interesting stuff but it seems my computer
has kind of given up on actually opening duck Taco
it still waiting for dr.

Goes actually confirmation,
but that's about it. So this is how you can actually
configure proxy chains. I'm really sorry that my computer
isn't working right now, so well and nothing
is actually opening on Mozilla. It's mostly because
my Ram is over. Loaded. I think I should go
ahead and get myself a new Ram. But for now,
let me just also say that we can put
some custom proxy lists and instead of just
saying let me just go ahead and open up that file again as you guys and see out here. I'm going to end this right now because my computer can't really
take all this pressure. See it's like so hard. Okay. Let me just quit out of that and
let me just open up a new one.

Now as I had said that you can put up
some custom proxy lists, not really gonna do that. But let me just show you. You can do that you go. No and you go cetera and proxy so you basically have to go
into the proxy chain. Okay, so I think I
should put this can yeah now if you just go in
and edit out here, all you have to do is
setup Dynamic jeans and you can go online and search for free proxy list and
that will give you everything that the port number
to the IP address. Let me just show it to
you free proxy server. Our list. So all you have to do is search
for free proxy server list and you can see out here
the proxy Davis scbs and you basically want to find a soft fire proxy to find
self a proxy just add that into your keyword.

And once you find
those proxy addresses, all you have to do is take
down this IP address and followed by the port number and you go ahead and just put it down
in this configuration file and then you hit control. Oh and you just save it
and And you just go back. So that was all
about proxy chains and how you can set up Roxy change
to set make yourself. Very Anonymous. I'm sorry hold muscle, uh, pardon work that's still
sad state of my computer but moving on let's go ahead
and study about Max changes.

OK guys. So that was all
about proxy chains. Let's move ahead
to match changer. Okay. Now before we go into the tool
called Mac changer, let's just see what a Mac addresses now
Mac address actually stands for media Access Control
address of the device and is a unique identifier
assigned to a network interface. Stroller for communication
purposes now a Mac addresses are used as a network address for most IEEE a certain
ethnic Technologies, including ethernet Wi-Fi
and Bluetooth.

Now in this context
Mac addresses are used in the medium Access
Control protocol sub layer and as typically represented as Mac addresses are
not recognizable as six groups of two hexadecimal digits each. Now, these are separated by a colon and the first
three hexadecimals are actually the organizationally
unique identifier. So they actually
represent your vendor and the next three Hexadecimal is actually represent
your network card unique. Okay, so when you are
actually on a network you are recognized on something
called an ARP table. Let me just show
you the ARP table how you can see it. Let's go in.

So the password is root
still an ARP table is basically an address
resolution protocol table. And well, this is
a virtual machine and it doesn't really
know many machines on the local network. But if I were to go on my Windows system and show
you my ARP table, let's see. Okay, so if I show
you the ARP table of my Windows machine
and on any machine that has a TCP IP protocol
suit installed you will have this command as working called are
and you gave the – A and now you see that your IP address
or somebody else's IP address is actually map
to physical address.

Now. The MAC address
is very commonly used in the our protocol and this is how you are actually
identified on a network. Now sometimes what you want to do is be unknown
on this network. There are various reasons
why you want to do that. Let me just give you an example
of a very malicious. Reason that was done
in my college. So we asked students would
actually change the MAC address of our own computer
to the professor's computer. So we would somehow look up
the professor's IP address and then come to know
about his Mac address and then we would spoof
our Mac to be his Mac address and then we would do
some tripe sort of malicious activity
on the college internet and then internet administrators of our college
would come to know that that Mac address
is doing some sort of malicious activity and that Mac address
would get permanently banned for that session on the call.

Dish Network so basically our professor would not be able
to use a wireless projectors that he would use to actually
show us as presentations and we end up
getting a free class. Now. I am not actually
promoting any sort of bad activity like this. I have just experienced this
in my own college life. So that was something
but there are many other reasons that you might want to spoof
your Mac now Mac changer is an amazing tool
for actually spoofing your back. So first of all, how do you come to know
your Mac address? So let's see you go ifconfig. This will give us
our Mac address. Now this dress that you see out here is
the MAC address of this machine. So you can also check
out the MAC address by going Mark changer, then let's type
in the help options.

And this will show us
how to get the MAC address. So if you see
there's a show flag so we can go Mac changer and you can put the S and then
you put the interface now the interface is
where it's working. So at 0 is where we are. Actually getting we
don't want the loopback one. So at 0 and this will give
us the MAC address. So I can't Mac address is
zero eight zero zero two seven. Let's see if that was
the same one shown.

Where is that matter? It's okay. So if a 0 a 0 0 to 7,
so, I'm sorry. This was the MAC address. I selected the wrong thing. What I was showing you is
the IPv6 address and you can see that's very very long. So, this is our Mac address. Now what you might want to do
to change your Mac address. Well, let's see with V
we can get the version with s you can show
we can do the E. And as I said, if you remember that the first
three bits is about the vendors so you can also get
the vendor list by going – L.

So you go – L and this will give you
a list of Mac addresses and which rendered
the belong to so sometimes if you don't know the vendors that are actually
being used on the network of your college, for example, and you want to
just stay Anonymous and not raise any Flags. Lakhs of Suspicion so you could hide yourself
as a Cisco router. So suppose your college
was using all sorts of Cisco routers
and you decided that today. I'm going to put myself
as a Cisco router and I'm going to screw
around with the network. So it would not raise any Flags before you actually decide
to do some malicious activity in some deeper inspection of your Mac address people
would actually realize that you are actually
spoofing the dress and after some investigation
they put Andy take some time to actually reach to you
and how you spoofed it, but the And of Ginger Mac
is not raising any flags and that is exactly
what you should try to do. So Mac changer is also
very useful for getting the list of all the Mac addresses
and the vendor IDs.

Now, let me just clear
the screen out quickly. So we go clear and let's
bring back the help. So we go matching
injure and – help. Now, what we want to do is give
ourself a random Mac address now Mac changer, so that is Done
with the our flag and we want to do it on F 0. So once you run that you will be given
a new Mac address. So our new Mac
address is f6c 649 now you can verify
that by running ifconfig. Now we could just do ifconfig and you see our new
maxi dress is an ether so we could also do something
like this ifconfig and you could grab eater.

So that's just telling
you the MAC address and this is completely new also. You can show it to
the Mac changer tool itself. Okay, so we need
to give it the e0. I've got that now. You see that this is
our current MAC address and this is a permanent
Mac address and their two are completely different. Sometimes you also might want
to actually change your Mac when your laptop is
or your system is booting up because you might want
to stay Anonymous all the time. Who knows and sometimes
you might think I'll actually change it
when I want change it, but let's face it we We are forgetful as human beings
and we tend to forget things that we are supposed to do.

So what else is better than to actually automate
the whole process yourself and forget about remembering all
these stupid nitty-gritty stuff. So you can tell Linux or cardigan enough
to actually change. Your Mac address on boot-up
is use this tool called crontab now crontab is actually used
for scheduling tasks on Linux. So let me show you
how to do that firstly. Let's clear our screen
and go crontab and go Health now. You see it's
a pretty small and menu. So first we start
with it you flag that user this file is going to work
for then we got the E flag, which is for editing crontab
users the users crontab list and you can see the list
of users crontab and let's see. So do we have
any crunch all this? So there is no crontab
at this moment so we can set up one for ourselves
by going to the E. Then there's the r which is delete users crontab
and I want to tell you all be very careful when treating
anything of that sort because once you delete
something from The Knocks that I've already said that it It is very very difficult to actually
retrieve it back.

You might get fragmented pieces
of what you had actually deleted and that will only leave you
with sadness and Devastation. Now, what you want to do is go
through crontab and press e and this will bring us to select
an Editor to change later on select editor. So we'll do it Nano. So what do you have out
here is the readme file of crontab and if you read
this entire thing you will get how to use crontab completely.

But if you have any sort of doubts even after reading
it you can leave them down. The comment section below now. What do you want to do
is actually set up a crontab so that you can change your Mac address whenever
you reboot your computer. So all you have to do
is say at reboot what you want to
done is Mac changer, and if you remember we want
to run the MAC address and we want it on eat zero. So that's done. Now. All you have to do
is save this thing. So you go control. Oh and that will write
it out you crontab and you press enter and you have ridden on one line. Now you go control X
you have X is it out? So now let us clear the screen
by pressing Ctrl L and enter and let's go
ahead and get our Mac address.

So if we go ahead and run that are Mac address
is set to f6c 649. So just remember the first few
letters have 66 and 49 now. Let me just reboot my computer
and you will see after I reboot and run ifconfig
again with gravity table. We will see a different
Mac address now rebooting my take some time because I'm actually
using Of washing machine but still now it's given
problems with the Firefox. But let's hope this
won't take much time. Okay. So now that our computer
has booted up and we have actually opened
up a terminal let's go in and type ifconfig and
let's get in our ether that is the MAC address.

So if you remember
the MAC address now, you see that it has
completely changed and that's how you can spoof
your Mac address on our local network. And this will basically help you in staying Anonymous
on our protocols and anything that actually laughs your IP
address to the MAC address. Okay. So that was all
about math Changers meet you in the next section. So in this section,
we will be talking about wireless encryption
protocol cracking. So that is basically
Wi-Fi cracking now Wi-Fi in today's day and age uses pins or passwords to normally
encrypt the data usage. Basically, if you want to access
the wireless access point, you need a password or a PIN to actually
gain authorization now this authorization Chicken
is done using a for a handshake which we will try to capture
using a tool called aircrack-ng and then we will try
to crack into the password using a wordless
generator called crunch. Now, you can use aircrack-ng
to crack WPA and WPA2. There's also another protocol
called WEP or WEP and that is not normally
used these days.

If you find anybody using that you should always advise
them to actually upgrade to WPA or WPA2 because Wei. EP is actually very
easily cracking these days and people are generally
punished for using WEP by hackers all around the world. Okay. So now you can actually go ahead
and go into a terminal and type ifconfig to actually
look at your network card name as you guys can see out here. It's called wlo one. So the first step that we need to do to actually
go into the process of Wi-Fi cracking is set
up our network access card or our access point.

Monitor mode so as you guys can see out here
after typing ifconfig. It shows me that my Wi-Fi access
God is wl1 interface. Now our process of cracking
passwords is pretty simple. What we want to do
is actually monitor for all sorts of access points
that are nearby to us. Once we have chosen
the access point that we want to actually penetrate
into and find the password. What you want to do is run
a narrow dumps can on it and then we will try
and D authenticate any device that is connected
to the access point now one assumption out here is that the password
is saved in that device and it will automatically
try to re-authenticate itself with the access point and we want to catch and log
this re-authentication process which will actually have
a four-way handshake between your device
and the access point. So this is basically the procedure we are going
to follow now another thing that you need to know
before actually using this process to gain
any access to any Is that you need to know a little
bit about what the password is? Maybe it could be length
or it could be something like a specific character
at a specific place.

Maybe you know
a series of characters. So you just can't really guess
the password out of thin air. That is not how cracking Works unless you have
some unlimited potential of processing power
in that case. You can very well brute force it
and just find the password, but if you are not somebody who
Has unlimited processing power and you're trying
to use aircrack-ng. You need to know a little bit
about the password. Also before we proceed with this wireless
encryption protocol cracking.

What I want to say is
if you want to get into somebody's Wi-Fi network, or you want to actually
test for vulnerabilities. It's better that you test
for router vulnerabilities. Then actually cracking
a Wi-Fi password because you're more likely than not to find
more router vulnerabilities than actually successfully
Like a Wi-Fi password if you don't know
anything about it, if you don't know anything
about the password just go ahead and run
some vulnerability tests on the router itself and more
often than not you will just find something you can abuse.

Okay. Now let's talk
about the two tools that I'm going to be using. Now these two tools. One of them is already
installed on Kali Linux, but if you are not using
this on Carly, you can also use this
on any Linux based system. So what you have
to do is download and All aircrack-ng, which is easily installed with the command
apt-get install aircrack-ng and you also have to install
this word list generator called crunch now crunch
is easily downloadable by just Googling the name and the first link
will be a sourceforge link and all you have to do
is go inside that and install it and
once you've figured out how to install crunch
you can make sure that its installed. Now once you have installed both
the software's you can check out if the manual pages
are opening up. Let me just open the manual page
of aircrack-ng and show you that it has been
properly installed.

Now as you guys can
see the manual page of aircrack-ng opened up and the manual page
of crunch is also opening up. So that means both
of our software's have been successfully
installed on our system. Now before we go ahead. Let me just show you
how crunch actually works so crunch is basically
a wordless generator. What you would do is you try and generate a word list
with given characters. So what you can see out here
is I've typed in crunch 3/5, so Means the minimum length is 3
and the maximum length is 5 and I've given it
a series of numbers.

So it will use these numbers
and generate all the words that are possible
from length 3 to length 5. So the way we are going
to use crunch in conjunction with aircrack is that we are going to use crunch
to generate the word list. And then we are going
to pipe the word list through aircrack-ng when we are actually
trying to capture and crack what we will capture
in a certain log file now. What you want to do
first is actually put your network interface card
on a monitor mode. Now you can do that by typing in ifconfig
and then the interface name which happens to be wl1 and
first you have to put it down. So I've config wl1 down now
to put your interface card into monitor mode. You have to type in IW config and you go the name
of the interface and then you go mode monitor.

Okay, it seems
I've spelled it wrong. So let me just do it once again. So that has put
our network interface card into monitor mode and what we need to do
after that is we need to start up our network interface. So all we have to do is type
in ifconfig wl1 up now. Once it is up and running you
can check by typing in ifconfig that indeed your network
interface card is up and running don't worry
is running in monitor mode if it's up and running what we want to do next
is pretty important to the whole process. So what we want to do now. Now is check for some services that might still be running
in the background that might hamper
with our whole scanning process.

So we do this by actually typing
in the command Area 1 and G check and then the name
of the interface. So as you guys can see nothing
is exactly running right now. But if there were any process
running you would only add a command airmon-ng check and instead of writing
the interface name. All you have to do is say kill. It will kill any processes now if you see Any process named
the network administrator you want to kill
that process first separately and then kill
any other child processes. You may need to actually
run this command few times before all the processes are killed and then
you're good to go. Okay. So now that we have finished
killing all the subprocesses. What we want to do is run and error dumps can on
the network card. So that is WL 1. So for this we go Aero dump – Angie and then we put in
the name of the interface.

And this will start the scan that will look
something like this. So after you run
the aerodrome scan on your interface, what do you see out here is
a result of all the access point that is found out
to the monitoring mode. Now if you see we have a bunch
of columns out your first of all we have the bssid column. Now, the bssid column is
basically the MAC address of all the routers
that are found. No, every router obviously
has a MAC address. So those are the MAC address that is tied
to the router names, which is shown by the SSID then
we How the pwr column we have the beacons column we have
the data packets column.

Another important column
is a channel column. It's important know which channel your router
is working on. Then we can see the cipher
column the authentication so out here we can see
the encryption that is used. So most of it is using WPA2. So what we will be cracking is
basically WPA2 so from this is what you need to recognize
is basically the Wi-Fi router that you want to crack into now, I'm performing this particular
test at my office.

Is and I don't really have
the permission to actually go in and test them
for these vulnerabilities. I'm not a security
analyst off here. So I don't really have the permissions
to penetrate into them. So what I have done is I
have run a similar test at home using my own Wi-Fi and I will show you
the results for that. But for this working example, you will see the scans
that I'm running in this office.

So as we intend to stay ethical what we are going to do out
here is we are going to capture whatever we find in our office. For on the educational purposes, but when we are doing
the actual cracking step that is the last step
of this whole procedure. I'll be running it on a file
that I had generated at home as I just said because I have four missions
to do whatever I want with my own Wi-Fi and passwords. Okay. So for this example, I'm going to pick this wi-fi
that is called attract of Wi-Fi and it's running
on channel number 6. So what do you want to pick
from here is the bssid and the channel number we need to remember
these two things first the bssid and Channel number now. What do you want to do after
that is open up a new window on your terminal
and login as root. Now what we want to do here is
run a separate Arrow dumps can on this specific bssid
and check for all the devices that are actually connected
to this access point.

Now we do this by running the command airodump-ng
and while we're doing this, we also want to capture
all the scan outputs that we actually get
into a certain file. So we will be actually storing
it in a file called capture and then we just have
to pass in the bssid and the interface We also
have to specify the channel. So let's see what the channel is
1 so the channel is Channel 6. So that's what we want to do and we specify the Channel
with the – see Flags.

So after you have identified
the MAC address, all you need to do is copy
it down and place it with after the bssid flag. Okay, so we're going
to run our Command out here and we just want to say
our file is going to be well test out capture. Now that our scan is
up and running. All you want to do is wait till someone is actually
connected to this access point. So I forgot to mention this for this process
to actually work properly.

Somebody needs to be connected
to that access point because what we are going to try
and do is disconnect. That certain device
and let them reconnect and capture that log file. Okay, so it seems like nobody is actually
connecting to it. So at this time I'm going to do
is go back to our Aerodrome scan that we had run on a network interface and look
at some other Mac address or other access point
to actually penetrate into and let's see if something has actually
connected to that.

Okay, so oh la la now
what do you see out here is that somebody has actually
connected to this access point and his Mac address can be seen
under the station stab. Now. What we want to do is run the authentication broadcast
message on that station and the authenticate that guy. No to actually run
the the authentication process. All you have to do is go ahead and open up a new terminal
window again and let this can be running
in the background. Don't use any
scanner this moment. Okay. So the information that they need to
remember is the bssid or rather the Mac ID
of the station now, you also want your monitoring to
be running on the same channel so that your the authentication
message is being already broadcast on the same channel so we can do that easily
by going airmon-ng and saying WL One
and you can say start on specify channel. So what we want to be doing
is running this on Channel 6, then we want to go and use
the third suit of tools that is are replay now are
replay is used for broadcasting the authentication messages
and all sorts of stuff.

Now you can see all this
in The Help menu also and you can do
that by typing in – – help if you go down you see that you can send
the authentication message using the – 0 Flag and that's exactly
what you're going to do. Then we stay zero again because we wanted
constantly send a broadcast of the authentication. So it's looping
basically and until and unless we stop the scan. Nobody will actually
be able to access the Wi-Fi. So it's basically
like a small toss attack and then we want
to specify the bssid. Okay, so it seems
like I forgot the whole a tag before the bssid and
that should get it working. Okay, so it seems like I have copied
some wrong bssid I guess.

So, let me just go ahead
and copy that once properly. Okay. So now that we have
the proper bssid as you guys can see we are running the
authentication broadcast message on that particular
network access card, and now you want to run this
for around a couple of minutes so that you become sure that all the devices
have disconnected. Now while this is happening what you're doing is basically
sending a Dos attack to that small little Wi-Fi and
you want to catch the handshake that occurs between devices
and the router that it is connected to
while reconnecting themselves Okay.

So now that we've let's can run
for a couple of minutes. Let us just stop it. Let's stop this
others can too now. If I go and list out
the files on my desktop, you should see that there's something
called the test capture. Now, the test capsule is given
to us in various formats. We have the capture format,
which is just capture – 0 1. Cap and then we
have test capture CSV. We have a Kismet CSV. So it gives you a bunch of formats to actually
run your cracking on now if you remember I
had told you all that I have already
generated a similar.

At home, basically when I was trying to crack
into my own home password, so I will be running
the tests on that file or the cracking procedure
on that file. And that is the last step
of this whole procedure. So, let me just go ahead
and move into that folder. So I go see these can now
as you guys can see out here if I list down the files if you can see a Capture
One Dot Capture One Dot CSV. This is Kismet CSV
and this and that XML. So I was not lying when I said that I have already
done this at home. So we are going to run out. Cracking process on
capture with 0 1. Cap now. Let me just tell you guys
the password for my home. Wi-Fi is sweet ship
346 so you can say that I know the entire password, but I'm going
to act like somebody who only has a general idea
of what my password look like.

So let's say I know that my password
contains tweet ship but I don't really know the last
three numbers or letters or whatever they may be. Okay, so we are going
to use crunch once again to generate a list of words that might include Egypt
346 and let me just open the crunch manual for once now if you go down
in the crunch manual what you'll see is the – t so as you guys can see
there is a pattern that is pit specified
like after it at the red God and Then followed by
four other ad rates and all the ad rates will be replaced by
a lowercase character.

Now you can remove
other eight and use a comma and be replaced
with an uppercase character or you can use percentages which in case it
would be numbers. Or you could use the caret sign in which case it
will insert symbol. So when you know the length
of the password and also a certain degree
of few letters, you can use the hyphen T flag. So that is exactly what we are going to use
with crunch out here for this example. So, let me just remind
you guys that the password for my home Wi-Fi
is we chipped 346. Now what we can do
is we can ask crunch to actually generate something
that looks like sweet ship 346. So what I could do is say crunch
So the minimum length is 12.

I already know that and the maximum
length is also 12 now. Let me just input
in the pattern. So we put in the pattern
after – tea. So now I'm going to show you
how long it can take. So we are just
going to say sweet and then put in some ad rates and then also get a try
and guess in the numbers. So after you've put in the pattern you want
to also input which letters and numbers it could be and I'm just going to input
my entire keyboard out here. Now, what you want to do is pipe
this command through aircrack-ng is cracking procedure. Okay. So now what we want to do is
type this command to aircrack-ng and we want to write from a rather read
from the capture file. So what we go is –
W and then – and then the capture file name.

So capture 0 1. Cap and then we also
have to specify the essid which is given to the E flag
and the essid for my home. Wi-Fi is Nest away
underscore cc105. So that's actly
what I'm going to type in and this will start
the cracking process on my Wi-Fi from the captured file. So as you guys can see
this is going to take a long long long long time and I'm not really actually
going to complete it. So in this time, I'm actually just going to try
and explain why this is not very feasible
on a virtual Network. So basically this
is not feasible because at this moment
why computer is using all four of its course
and all the memory that is possible. So what this means is
on a virtual box. This is not really possible
your virtualbox don't really have that much power. If you are using a 4 core
processor computer only two of its maximum course
can be actually allotted to your virtual box
machine above that. You can't really give
it the entire memory because that will make
your computer crash.

So if you want to do
something like this, it's better that you install
Kali Linux as a dual boot or as your own daily driver
and then you can do this. So this is why I have not done
this on a virtual machine and instead downest
on deep in Linux, which is my daily
driver operating system. Now as you guys can see
this constantly trying to actually guess the password by actually going
through all the permutations and combinations.

That is basically it's taking
in all the words generated from crunch piping it
into the current command. That is the aircrack-ng command
and is comparing everything. So what I'm going to do is
I'm actually going to end this because this will take
a very very very long time. And what we're going to do is
we're going to actually try and shorten the command
of the or the amount of guessing that you're trying to do. So, let me just try and do that. So as you guys can see out here, I have reduced
the number of alphabets that might be actually tested. But even in this case, this will take
a humongous amount of time and let me
just show that to you. So as you guys can see
the test is running running running and running and and there's not really
much you can do you can just let this run go out
for a cup of coffee and then come back and you might still
see that drawing. It really depends
on what the password is and how much time
it takes to crack it and how much processing power
you have directly affects how much time this will take
so let me just show you guys that this is taking
a bunch of time.

Okay. So now that I have
fast-forwarded a lot into the scan you can see that I have tried
almost two one two, seven six zero eight keys. So that's more
than a million Keys. That's 2 million keys that have tried so and it
still hasn't reached at 3:46. So what we're going
to do is just to show you for demonstration purposes that
this procedure actually works. Let me just shorten
guessing even more. So what we want to do
is this time we want to just guess the numbers so We'll modify
our Command accordingly. So we just put in sweet chip and let the algorithm
just guess at 3:46 part. So we're going to
remove the alphabets from the guessing scope also and as you guys can see the password is almost
immediately guessed because only 456
keys were tested. And as you guys can see it shows
that the key was found and it's sweet ship 346 now
let me also show you that it works with the guessing
of letters just because I don't think of did that letters are also guest
and not just numbers.

So let me make it just gets
the P part that is sweet. She and then it should
guess B and then 346. So let me just show you that and as you guys can see it guesses
it almost immediately after just going
through 15,000 Keys. Okay, so that brings
us to the end of this wi-fi cracking tutorial and also to the end
of this video which was regarding ethical
hacking using Kali Linux. I hope you guys had
a bunch of fun learning about Mac changes proxy chain. And a bunch of stuff that we did
like Wi-Fi password cracking.

I hope you practice these
procedures and methodologies that have thought you only for
your own educational purposes and not use it to harm anybody
or do anything harmful with it because let me just tell
you very seriously that you can be prosecuted
by the law. So let's end this video
on a good note by saying please practice this
for only educational purposes. Let me just show you that and as you guys can see it guesses
it almost immediately after just going
through 18,000 Keys. Okay, so that brings
us to the end of this wi-fi cracking tutorial and also to the end
of this video which was regarding ethical
hacking using Kali Linux. I hope you guys had
a bunch of fun learning about Mac changes proxy chains
and a bunch of stuff that we did like
Wi-Fi password cracking.

I hope you practice these
procedures and methodologies that have taught you only for
your own educational purposes and not use it to harm anybody
or do anything harmful with it because let me just tell you
when he sees this. You that you can be
prosecuted by the law. So let's end this video
on a good note by saying please practice this
for only educational purposes. If you are a hacker
pentester security researcher or just another person who picks Google in front
of friends to look cool, then it's likely that you must have already known
about some Linux distros, which are particularly
made for them.

Today. We're going to explore
one such Linux distro parrot. Security OS one of
the leading Linux distribution and penetration testing
and ethical hacking. So let's quickly go
through today's agenda first. We will Begin by discussing how Linux distributions are
suitable for ethical hacking and different type
of Linux distros that are available
for ethical hacking and penetration testing. Then we will begin
with our today's topic which is parrot security OS we will discuss
its features its history. If or not parrot security OS
is suitable for you.

Moving on we will see how particular day
OS is different from Kali Linux and then I'll show you how to install parrot security
OS using VMware software and finally we'll end
the session by taking a look at few popular
parrot security OS tools. So I hope agenda
was cleared you guys. Let's get started
then a security focused operating system is
a hacker's best friend as it helps a hacker
to detect the weaknesses in computer systems
or computer networks. whether you want to pursue
a career in information security or you are already working
as a security professional or if you are just interested
in this specific field for fun or decent Linux distro, that suits your purpose
is always a must now if you're wondering what a line X destroys
it is a Linux distribution that has been curated to perform
security related tasks on most of the time a lonex distro will
have a line X base of the Ubuntu or Debian flavor and the usually
Some custom tools pre-installed in it as well.

As you guys know
line X is the best choice for Security Professionals
for obvious reasons. And hence. Most of the Destroyers
are usually built on it a line X distro can help you in performing analysis ethical hacking then iteration
testing digital forensic task and various other
auditing purpose, but guys apart
from these destroys. There are other open
source tools as well that you can bundle and use as
per customer requirements, but using these destroys
have lot of advantages. Like first default, they save a lot of time and
effort that you need to spend when you are dealing
with customer requirements. Secondly the help
beginners to easily start with security testing without having to get
into the nitty gritties of operating system.

And lastly the most popular reason is you have
great pool of distros that you can choose from most of the time Kali Linux is
the obvious first choice of operating system
for every new hacker. If you ask me why
the obvious answer would be because Kali Linux is lot
of cool things it comes bundled. With the curated collection
of tools moreover. These tools are organized
into easy-to-navigate menu and a Lifeboat option. That's very new be user-friendly
as an it's very friendly to new ethical hacker, but guys cullinane X is
in the only distribution which is targeted at pentesters. There are many exciting
Alternatives that may better fit your use case. Anyway, let's begin
our discussion with Kali Linux.

It was developed by
a fancy security as a rewrite of backtrack Kali Linux distro. Those tops the list
of best operating system for ethical hacking purposes. And then there is
parrot security OS which is our today's discussion. It is a mixture
of Frozen box operating system and Kali Linux. It's the second most popular
operating system vertical acting and penetration testing is well, and then you have
back box Linux. It's a win to based operating
system with its focus mainly on security assessment
and penetration testing. Then you have been
to and excellent hacking operating system
with wide variety of tools that you can choose from Apart from this you have deaf clinics
blackout lining cyborg backtrack and many others.

But as for today's session, we will be discussing
about parrot operating system that it OS is the second most popular Linux distro vertical
hacking after Kali Linux. It is a comprehensive
portable security lab that you can use for cloud
penetration testing computer for insects reverse engineering
hacking cryptography and many other
security purposes. Now a little bit about
his history the first release of parrot OS appeared
in April 10 2013. Originally it was developed
as part of Frozen box. Now it has grown
to include a community of Open Source developers Professional Security Experts
Advocates of digital rights and Linux enthusiasts
from all over the world.

Well compared to others
para sacar TOS promises a lightweight operating system and it's highly efficient along
with its plethora of Recognize tools you also
get the opportunity to work and surf anonymously which is like a granted wish
to an ethical hacker or any penetration tester
will learn about other features in the later part
of the session. So moving on since its release
in 2013 parrot has grown rapidly and currently offers many different flavors targeted
towards different use cases. For example, like I said,
we have para security. It's the original parrot OS and is designed
with penetration testing.

Forensics hacking development and privacy in mind then
you also have parrot home which is targeted
towards desktop users. It strips out
the penetration testing packages and presents are nicely
configured Debian environment. Then you have parrot
are it's focused on wireless penetration
testing borrowed Studio. It's designed with
multimedia Creation in mind. Then you have parrot
Cloud the most popular it Target server applications
giving the user access to full suit of penetration
testing tools included in part security. But it doesn't have
a graphical front end like we do in Paris
security moving on. We also have parrot iot. It's designed for low
resources devices such as orange Pi Raspberry Pi and you have pine
64 and many others. So it's true that pallet security was
doesn't have large community of users behind it
as Kali Linux dust, but the distribution
has been gaining a lot of momentum recent years. So things could be
very different just a year or two from now.

So let me convince you more. Let's just discuss A features
of parasitic rtos. Let's start with
the system requirement. It's based on Debian 9. It runs on a custom hardened line X 4.5 kernel
uses a mate desktop and light DM display manager. It requires a minimum
of 256 MB RAM and works with both 32
and 64-bit systems as well as a are incompatible version apart on this parrot OS can also
be installed on cloud and updated to perform
cloud-based security. So basically it
runs on Debian 9. It is compatible with 32
as well as 64-bit systems and a RM systems as well and it requires a minimum
of 256 MB RAM.

So those are the system
requirements moving on it also supports anonymity. It offers a tool called and non
surf including anonymization of entire operating system. It comes with custom-built anti-foreign sick tools
interfaces for gpg and crisp that up originally it also supports Bose encryption tools
such as Elle UK has truecrypt and veracrypt and many others
moving on it also supports forensic boot option
to shut put Ottomans plus many more it braces Falcon programming language
multiple compilers debuggers and Beyond it also
provides full support for developing Frameworks
for embedding systems and many other amazing features.

So Guys, these are
few features of para todos. So basically parrot
operating system supports and Amity it offers different
kind of cryptography tools. It also supports forensic mode
and it also provides opportunity to develop Frameworks
for embedded systems and many other amazing
features moving on before you go ahead and use
parrot OS there are some important considerations that you need to take
a look at first of all parrot towards provides
general purpose features, like any other normal
operating system, but guys before you go ahead
and use para Todo es there are some important considerations that you need to take
a look at first. Of all it provides
general purpose features, like any other normal
operating system does but at its core it
is still tuned for security and foreign six. Now, let's see
how different parrot OS is from other distributions. Bharat is different from
a general-purpose distribution because it does not try
to hide its features.

For example, there is a tool
called parrot update reminder. It's simple yet powerful program
using this program. You can check for system
upgrades once a week, but instead of hiding
the upgrade process behind it. This part like any
other operating system. It shows the user
the full update process from the APT output. So you can see the upgrade
process going on.

Secondly parrot was designed to be a very comfortable
environment for Security Experts and researchers. It includes many basic
programs for daily use which other penetration
testing distributions usually exclude part security includes
its own sandbox system. I mean, it provides a secure
distribution user applications and parrot are protected
to Emmett the damages in case if the system
is compromised anytime. So this way no harm is caused. So like we discussed earlier
it also supports Digital four and six digital forensics
experts need an environment that does not
compromise their proof. So pirate comes
with Autumn and functions which are disabled by default to all of four and six
Acquisitions to perform in a very safe way.

So before you go ahead and choose any
of these operating system, make sure you check
out their features. The services they offer
and make sure that if they are suitable
for the task, which you want to perform
but as for Peridot s these are its features
we discussed earlier and these are the certain points that you should take
into consideration before you go ahead and use it. Now if you're wondering who the parrot security
is made for well, it's made for Security
Experts digital forensics experts engineering
and IIT students researchers, you have journalists and
activists as well in the list and you have the new be
hackers police officers and special security. Institutions. So basically if you ask me
it's suitable for a student or the entry level
Security Experts as well.

So first, I'll show you how to install para
sacar TOS on VMware. So basically when it
comes to installation, you have two options, you can install
parrot security OS alongside your operating system
using dual boot option or you can install it using any
of these virtualization software like virtual box or VMware. Ask for today's session. I'll show you
how to install it using VMware. So let's get started
with our installation. So, where is this search
for the pirate security West and it most probably the first
link that you find on the net. This is particle
TOS official website as you can see, there's a little bit
about its history. Its features. It says it's based on Debian. It's designed for security
development and privacy in mind. It also includes
a laboratory for security and digital forensics experts
along with that it also focuses if you want to develop
your own software and all that and it's project goals mostly a security
privacy and development.

This is the Which you should
consider important development unlike other operating
systems its features. It secure lightweight when compared to Kali Linux
or any other operating systems and it's a free source. So go ahead and explore it. So as for the download options, you can go for
security addition here and the download menu here you
can see other options as well. It says home edition security and other bills we discussed few
of the flavors of pirate. Orsolya. We discussed pirate home
part are part student when you lose any weight If you're concerned
with parrot security four point five point one is a current
version that's running. So you have two options
here to download. First of all take
a look at the size. It's 3.7 GB and 5.9 GB. So make sure whichever
you want you downloading it depending on your operating
system requirements. And as you can see,
this is a lifeblood installer. I so this is
a virtual Appliance. You can choose any of these if download is taking
a little longer than you expected. Maybe you can go
for mirrors or a torrent.

So I've already installed it. I'm not doing it I have What is a file as well as the Soviet
format installed as well? Next thing we need
to do is install VMware. So VMware VMware
Workstation Pro. So you have
a download option here. You can go ahead
and download it you have for the free option yard
also have VMware Player. I guess fate here. I go the Ling sorry
about that here in the downloads so you can go
for a workstation Pro or you can also go
for workstation play or hear any of this with civil suits you have
he downloaded it. It's going to take for a while. And then all you have
to do is install click on next and finish
the installation process. So before you start
your virtual machine, make sure you have
your parrot OS image ISO file or Ruby a format
which ever is of your choice.

And then here we go
VMware Workstation homepage. Yeah, as you can see I already have a pirate
OS operating system installed your or washing machine install
your this is I have install it using ISO file. It's very easy. I'll show you how to do it. But if you have ovf format, all you have to do is click
on this file menu. Open and as you can see, I have a particle T over here
and click and import it.

That's all click select it
and click on open. So I'm not going to show you
how to do that. So it's very
straightforward process. That's it. This is my ISO file. Let me show it to you again
how to install it. Anyway current file or you can just go for create
a new virtual machine. Yah, click on next
and attached ISO file browse.

I have it in my
local this T here. I have a pair of security
and open next it selinux it did. Bian latest version
which is 64 bit and click on next give any suitable name
for your virtual machine. Let's say parrot
secured t Okay, Wes and click on next. Let's assign about
40 GB it again. Depends on what you want to do. If you're doing heavy tasks. Maybe you can assign more disk. So as it a store-bought
shall discuss a single file or split into multiple files. I'm going to choose single file
click on next and you And always go ahead and make this customize Hardware
settings earlier or later, but you can do it now as well.

Customize Hardware. I have not connection as for network adapter
memory 5 to well, let's just say 2 GB and not yeah, we set processors. I'm just designing one
for now cool and clues. You can see the changes which are made
are displayed here. Once you're satisfied with your settings with that
you made click on finish. You're good to go your cigars. System is been displaying
your so like I said, you can always make
settings later on. You have the set it question
machine setting options here. Just click on this. Let me maximize
the screen for you guys. So as you can see the parrot
security ISO is very flexible. There are quite a few options
you have live mode. You have terminal mode
you have Ram mode. So basically live mode is just
a standard live USB boot option just like you can see while you're installing
Kali Linux suppose. If you don't know
how to install Kali Linux, there's a video on how to
install it as well by durocher. You can refer to that
in the the clacking playlist.

Okay, so coming back. Sorry about that you
have Have a persistence more encrypted persistence
foreign six mode and all that terminal mode. As you can see is
out of the live boot option. But without graphical user
interface the most popular one among new hackers, or if you're the first time
user is install option with a graphical user interface. So it's almost familiar
with Kali Linux users. If you want to get a feel
of parrot security if analyst features, maybe you can give
for live mode, but if you want to get just started then you can always
go for install mode. I'm going to click on that
and click on standard install. So it's mounting all
the installation tools and all that. So once the machine is booted
up you'll be asked to select your preferred language
the broad menu select the graphical installer options and click on let's say English and United States
American English.

So then the loader will automatically install
some additional components and configure your network
related settings. It might take a while. So basically then
the installer should prompt you for a host name
and the root password. Let's give some root
password give the password of your choice reenter
the password for verification. And now it's gonna ask you to set up a user apart
from the root user. So let's just say
test user continue. I'm going to keep it
as tests continue and choose a password
for the new user which is different from the root user password
that you'll have to remember. What so just give this new user a passport continue
re-enter the password? Okay. Let me just go back
and my mistake. Let me try it again. Select your time zone. So basically after
you've set your password, it's asking you
for the time zone. Let's say central eastern. So now the installer
will provide you four choices about the partition of the disk. The easiest option for you is to use guided use
entire disk option which the first option here
experienced users can always go for manual partitioning method for more granular
configuration options.

So yeah Gaiden partitioning I'm going to select
that guide use entire disk. This is the disc
we're going to store so it's asking if you want to store all files
in one partition or different. Let's just say all files in one. Mission and hit on continue. So now we will have
to confirm all the changes to be made to the disk
on the host machine be aware that continuing will erase
the data on the disk.

So after that you can just click
on finish partitioning and writing disk thing. It's asking if you want
to write the changes to the disk, obviously. Yes. So click. Yes. So once aren't confirming
the partition changes the installer will run
through the process of installing the files let it
install the system automatically this may take a while. So I'm we'll meet you guys
once installation is done. So once installation
is done It'll ask you if you want to install
the GRUB boot loader on your hardest just say yes and click on enter device manually or sorry
just click the device, which is already there go back. The installation process
is now almost complete. So guys the
installation is done. Once the installation is done. You can see the machine boots you intimated desktop
environment as an if you have chosen to install
option will be presented with a light DM login screen.

So basically you'll have
to enter the password and the which is set up
for the test use earlier. Not the root password. Please do remember that. I'm sure you remember
setting up a password for the user right
that password and login. So here we go. So guys here we are
as you can see the machine boots you into
the mate desktop environment.

Let me pronounce it
M80 you can call it whatever you want mate
or mate desktop environment. So as you can see, it's very good looking apart from that parrot Security
will automatically detect when updates are available and prompt you to update
the system as soon as you install it here. It's not showing it to me
because I've already updated it, but Otherwise, all you can do
is just go to the terminal here. You can see terminal option
here right go to terminal there and just say sudo apt-get update
last me for the password. How'd it go? Might be a matter of updated
in another virtual machine. Anyway, I installed
the other one as well. Maybe it's in that anyway,
I'll update for you. So let me just minimize this
while it's updating. Let's go ahead
and do other things. So it's almost done I guess. Yeah, as you can see
it's almost updated and it says 116 packages more can be upgraded and if I
want to have to run update list, if you want to see
which of those packets are have to just list out
those using app command.

Yo, I'm not showing
you two guys. So anyway when you're making
you First make sure you system always stays updated. Okay, let's go back
to exploring parrot towards so as you can see
system is laid out in a very straightforward manner with a collection of tools that
you might be familiar with. If you're using Kali Linux before the menu system is
almost similar to Kali Linux and it's very easy to navigate
the real differences that parrot security is meant
to be used as a daily driver as in your regular operating system through the other things
as well to prove that you can see you have sound
and video options here a lot of Grabbing languages options
as well you have system tools and you have Graphics included
you have office applications of software's you have base.

You have math writer and planner just like any other
normal operating system. So while you can use color index
as a desktop workstation, it is really is a penetration
testing distribution first. I'm talking about Kali Linux. So with curly you need
to build the system towards being a daily use system as in you start using
Kali Linux you need to modify or you need to customize it in. Your way that you make
it more plausible or easy for you to use
for the daily purposes, but that's not the case with
parrot security OS its interface and everything is so good. It almost appears
like a normal operating system and it is like a very
normal operating system.

So you have
your penetrating distance which are there and along
with that you have your day-to-day applications are
also there in this now talking about the system requirements the default palette
Security install uses about 300 13 MB of ram. So as you can see here you
can see The squad little bar. It's like a task manager, which you can find it in
your windows can click on that. It will show you all
the progress that's going on. First of all, it says the pirate gnu
Linux system in the release and the colonel all the information
about your ISO file and you have made
desktop environment here in the hardware, which is this and the presser
it's based on available space and all that when you
click on the processes, it shows all the processor
which are currently running sleeping just
like your task manager. And your Windows
operating system. So yeah, like I said, it requires about 200 13 MB
of ram approximately around that but of course, this is only system
related process running when compared to Kali Linux.

It's very lightweight
callanetics install requires about 600 4 MB of RAM and that too only with system
related process running. So, like I said,
it's a very lightweight system. So yeah, the bar is a task manager it
lists all the processes that are running and all that
you obviously have a terminal which I showed earlier
the Cool thing with terminal is that it goes
with their interface. Other than that. It's pretty much
like any other normal dominant. And then there is a pure ends
of the interface.

I mean my first reaction
when I saw it was wow, amazing, right when compared
to the plain Kali Linux. So yeah, you get
to use cool collection of wallpapers as well. You have change
desktop background here you have fonts interface and see
you have quite a lot of collection of wallpapers and you can go ahead and add
your Customs as well. That's all about the interface. And like I said, it's like any other
normal operating system. So it comes with a lot
of programming languages and a bunch of text editors.

You also have IDs as well. It uses plume as
your default text editor. So that's it when talking about the normal
operating system not talk about the performance
almost all of his know that color index is a bit laggy and when you run it
on a low-end system, sometimes it's like a nightmare when you have Have
Brute Force attack going on in the background. Are you doing something else? It's gonna be worried say stock
or it's very slow but imperative it's very lightweight and doesn't like much
as you can see, it's smooth now talk
about Hardware requirements. Pretty much both Kali Linux and your parrot required
high end Hardware, but Pat, it needs
low specification Hardware as compared to Kali. So if I have to conclude and one board parrot is
a good-looking distro. It's very lightweight
its resource friendly and Want to know how much resources
consuming and all that you can always go
at click on the little bar, which is available there.

Click on the resources. You can see the CPU is tree memory Network history
file systems and all that. So basically it's
a good-looking distro lightweight resource friendly. All this features apart tight. Security Os Os has pretty good
collection of features as well, which we discussed earlier. It comes like what hell
lot of tools, but if you see the sections, there are a lot of other things
which are not in Kali Linux. So the most A pointed
tool here is that in Kali Linux is supposed
want to say private when you're doing hacking
or any other stuff. You have to install
a non serve tour and then enable them
or proxy chain. You also have the option
of proxy chains to stay yourself Anonymous on the system
by you doing hacking or pen testing or anything, but with parrot OS you already
have an answer of pre-installed. All you have to do is click
on the start button.

So let me show you
how to stay Anonymous. So this is one
of the best feature and Palette security OS
it has proxy change. As well as an unsafe to make
yourself an anonymous so you can go for this announcer of and click on and on
Star talk before that. You can check your IP
of your system. So it says 1.65 1.73
doesn't just remember it don't have to note
it down anywhere. Well, not 651 76 now now if I go and enable
this first of all L ask you for the administration
passport give that Okay. So basically once you
enter the password, I'll ask you if you want an answer
to kill the dangerous process which that can be D anonymize
you are clear cache files or modify your IP table rules
and all that. It'll ask you if you want to do
that just say yes. So basically as
soon as you click on S, as you can see the notifications
here the tool will attempt to kill dangerous processes
that can be anonymous you anytime it will clear
your cache files. It will modify
your iptables modify your Of config file disable your IPv6 and only allow you
the outbound traffic through top as you can see it's a store
is running started for you.

Imagine doing all
this stuff by yourself. If you don't have
an answer fly can call it an X. This would be quite a bit
of effort manually, but with the script
already present here, it's just a click away. So parrot security
also includes a seminal script for i2p as well apart from that once you've enabled
you can also check like I said your IP address now. So as you can see it says Global
Anonymous proxy activated dance, like no one's watching encrypt
like everyone is so basically it's saying
the surf is started out.

As you can see my IP address
has been changed it for something of 160 something. But right now it's 182. So on and on surf has made
me Anonymous now, I can do whatever you want
in an anonymous mode. So that's all I wanted to show
you here now back to Firefox. It has quite
a documentation part. Well, it's still in the creation stage here
is you can see documentation. It's not all that well prepared
or created yet. So if you have any minor dot
you can go ahead and refer to the Documentation party. Oh, so here you go. Okay, then let's go
back to the Destro. One thing that you can point out
about parity with is that it has a lot
of cryptography tools such as it has Zulu script Zulu mount
a graphical utility that will help you mount
your encrypted volumes. Then there is something
called Crypt Keeper. It's another graphical utility that allows you to manage
encrypted folders and much more. These agilities
makes confidential. LT easily accessible anyone
with the minimal experience. I mean if you do not have
any idea about cryptography you can easily start learning your
that's what I meant.

So it just doesn't stop with cryptography or a non surf
you have lot of other tools which you might not find
and color next. So let me show
you guys that part as you can see you have lot of
tools you have most used tools, which is Armitage. You have Wireshark Zen map
over a span all that then you have
wireless testing tools. Give me a second. Yeah, post exploitation this set of tools mostly you can't find
them in the Kali Linux.

You have OS back door
towards webpack dough tools. You have web Covey
bleep and all that and you have something called
social engineering kit. If I'm right. It should be
in the exploitation tools. Whereas exploitation here how you can see a social
engineering tool kit just click on that password. So it is started up all that. So if I just click one, you have a lot of options
the update set configuration you have Social Links. Attacks you have different type
of attacks here. You have power
shell attack vectors. You have mass mailer attack you have phishing
attack vectors and all that.

So basically you can click
on that and enable all that acts not going to show you
in this demo how to do it. This is just the basic
introductory video about Peridot s. So, let me just
close the terminal while there are common tools
like you have nmap. I'm sure you know
how to use nmap. Let me just show you anyway and then map is one
of the scanning tools. You can find it
in information guy. Drink, I'm short and map
is you're here to one of the basic tools. Okay, let's just explore and map
and Demetria here. Let me just show you how to use nmap first just click and map you have
all the help or then map configuration options
are displayed in front of you. If you don't have to use
just go through them. It's pretty easy
a simple example. I'm already using the one
which is already there. Just say scan me
dot nmap dot orgy.

Okay your aegyo making
spelling mistake again. Sorry about that. It's gonna take a little while. That's all while it's scanning. Let me just show
you another tool, which is Dimitri. It's a deep magic
information gathering tool. It has ability. So here it is. It should be in the information gathering only you
have your here goes. So basically, like I said, it has ability to gather as
much information as possible about a hose subdomains. It's email and
formation TCP port scan who's look up and all that. Let's just check out. Then map scanning is done. Here is the terminal. Yeah, it's gonna take
a little while. So once the scanning is done, it's going to show you
how many seconds it took what are the pores which are open
and the close personal that now about the material
you can enable it from your dominant, but you can also do it
from here information gathering and click on the me. Try password. So let's say Huh? Here we go. So let me maximize.

All you have to do is
you have lot of options here. You have W,
which performs a who's look up you can do it online as
an using Firefox as well. You have a lot of websites where you can gather
all the information once you have your IP address or and all that
and you have retrieved and crafts outcome information
on host perform search for possible subdomains
email address and all that. So basically you can give
all this options in one go. Let's say TR y – – option taste output
your host or text or to the file specified by – oh, so I just press click 0,
let me just gives pseudo.

Let me just check
if I've given any file here. I do have a file
called test dot txt. Okay. So like I said
in the iPhone option, it will save your output to
the dot txt file out of the file specified by – no option. So basically just
specify the filename where you want to store
the all the scan info. Whoa, and the website
where you want to website of whose information
you want to scan. So let's say the blue
dot pinterest.com. Here you go. It started scanning. Let me just scroll up. The host name and the host
IP addresses showing once you have IP addresses, you know can gather almost
all the information. It's also showing the places
where it's coordinated. It's created lost modified. You have sources you
have address here and then yeah last modified
created sores and all that.

So basically it's showing a lot
of information here. Similarly. You can using Dmitry or a deep magic information
gathering tool you can actually gather information about any
other website you want to know. Let's just check out
if in map is done scanning. So see as you can see it's done. So I've given a website name
here instead of that. You can go ahead
and give the IP address which is this one and it will show you
the same results as you can see. There are a lot of ports
usually nmap scan is about more than thousand votes
as you can see. It says 992 of the clothes pose
and these are the open ports and suppose you want to know
more information about each Port because basically if your hacker
if you try to hack something you don't need information
about all the ports. It's basically the One port
which you want to so to know that you can there are
a lot of options which are provided by a map. If you want to know more
about by and Map There's and video and I'd wake up
playlist all about in map.

It's under network security. So you make sure
to take a look at that. So while you are taking a look
at particular device, make sure you go ahead and watch a video
on Kali Linux as well. So you will know
how different Heroes and color index are though they are similar
in few parts. So that's it about system
as in parrot OS so like I said, it's On good-looking distro, which is lightweight
when compared to Kali Linux and lot of tools lot
of unique tools as well. When compared to Kali Linux and
it's very smooth away smooth.

Oh apart from all
these good things. There are a few things that are problematic
with part ways. First of all, like you don't find
our search body. Oh, that's not a problem. But that's one demerit you can say and it's
also a little problematic when it comes to launching your
application the process LL slow and like Carla lineage. So guys, this is your
parrot OS so basically Lee this was a crisp video on what parrot devices
it's review its features and all that and make sure
to watch a video on pero no es versus Kali Linux. So Linux has been known
for its various distributions that cater to various needs one of the most famous
distributions is Kali Linux that is a penetration
testing oriented distribution, which was built to bring about much-needed Corrections
in its previous.

Duration known as
backtrack OS now since the release of Kali Linux. It has gone under various iterations
in the form of updates while other penetration testing and security related
distributions were also being developed all
around the world. So in this session, we will compare Kali to One Source distribution that
has come under the spotlight and that is parrot OS
so today in this video.

I will first be giving you
guys a brief introduction to what exactly is Kali Linux. And then I will also give
a brief introduction to what parrot OS is then
we will be comparing Kali versus parrot according
to various parameters. So let's move ahead now. Let me give you guys
a brief introduction to what Kali Linux is. So Kali Linux is a penetration
testing and security focused operating system as the name suggests Carly has
a Linux kernel at its core above that the creators
of Carly Marty are Oni and Devon Kearns. Added the latest injection
packages to help pentesters. Save some time Kali Linux has
developed according to the DB and development standards and it was developed as
a refined penetration test during distribution. That would be served as a replacement for backtrack OS
currently the development of Carly is being handled
by offensive security, which is the organization that provides prestigious
certifications, like oscp osce and Os WP over the years. Carly has developed its own cult
following with people who swear by the word and by
the power provided by Kali while I may not be
such a staunch believer in Kali Linux.

There are plenty of reasons
for want to use curly for one. It's absolutely free. Secondly. It comes pre-installed with tons and tons
of penetration testing tools and security related
tools above that. It can be completely customized
according to your needs as the code is
an open-source get tree and The whole code
is basically available to the public to be tweaked. Also the kernel that runs Kali Linux comes with
the latest injection packages. And it also comes
with gpg signed packages and repositories above that. Kali Linux has
some true multi-language support and it was developed in
an extremely secure environment. Also Carly supports a wide range of wireless devices now
at this moment Callie may seem like a very
useful operating system.

But as you guys might
remember the great quote, From Spider-Man create power comes with
heavy resource utilization according to the official
documentation of Carly the system requirements
are quite heavy on the low-end Kali Linux needs a basic of at
least 128 MB of RAM and a 2 GB hard disk space
to set up a simple SSH server that will not even have
the GUI of the desktop on the higher end. If you opt to install
the default genome desktop and the Kali Linux
full meta package. You should really Aim
for at least round 2 gigs of RAM and around 20 GB of free hard disk space
now besides the RAM and hardest requirement. Your computer needs to have
CPU supported by at least one of the following architectures
them being amd64 i386 and Armel and AR M HF
and also arm 64 now, even though the official
documentation says 2GB of RAM is enough. I have personally
faced numerous lag and stutter issues when running Carly
on a virtual machine with 6G EB of allocated Ram which in my opinion
is a definite bummer. Now, let's take
a moment to discuss about parrot OS so parrot much like Carly is also a deviant
based distribution of Linux.

When I see Debian based, it means that the
code repositories adhere to the Debian development
standards para Todo es 2 comes with its own arsenal
of penetration testing and security related tools. Most of these tools are
also available on Carly. No, but it was first
released in 2013 and was developed by
a team of Security Experts Linux enthusiasts
open source developers and Advocates of digital rights. The team was headed
by Lorenz of Elektra and part is designed
in a very unique way while the operating system
has everything that is needed for a security expert. It doesn't present itself to be a daunting learning
experience for beginners who want to set foot into
the world of ethical hacking and vulnerability analysis.

But it OS can be very well
used as a daily driver as it provides all of the necessary tools
to complete day to day tasks. So who exactly is peridot
s made for well, first of all, it is made for Security Experts
and digital forensic experts. It can be also used by
engineers and IIT students who are enthusiastic
about ethical hacking then parrot OS can be also used
by researchers journalists and hacktivists and last but not the least
but it OS is also meant for these officers and
special security institution.

Okay. So now let's take a moment to actually discuss
the system requirements that one might need
to run parrot OS so the system requirements for Bharat is much
more forgiving than Kali Linux on the CPU side. You need an x86 architecture
with at least 700 megahertz of frequency and architecture. Why is you need i386 amd64 or AMD 486 which is basically
the X86 architecture or are male and Armature which are basically iot devices
like Raspberry Pi on the side of ram you need at least 256 MB on a nine three eight six
architecture three a 20mb on an amd64 architecture and as a general
documentation 512mb of RAM is generally recommended
by the parrot zik OS people.

On the GPU side parrot
OS is very surprising as it needs. No graphic acceleration. That means you can run this without a graphic
card on the side of hard disk space pirate
OS needs at least 16 GB of free hard disk space
for its full installation. That is for G 4 gigabytes
Left 4 gigabytes lesser than Kali Linux and for
booting options both Kali Linux and parrot OS have
the Legacy BIOS preferred. Now comparing two operating
systems when it comes to Parrot OS and Kali Linux that are both operating systems
meant for similar purposes that is penetration. Testing. In this case. It becomes really tough. Most of the factors in such
cases boil down to a matter of personal taste rather
than an objective comparison.

Now before we move ahead
with the comparison, let me list out
a few similarities that you might have noticed between
the two operating systems. So first of all, both operating systems are tuned for Operating
penetration testing and network related tools and both operating
systems are based on Debian development standards
both of the operating system Support 32 and
64-bit architecture and both operating systems
also support Cloud VPS along with iot devices. And of course, both of them come pre-installed
with their own arsenal of hacking tools. Now, let's get down
with the differences. The first criteria of differences that we are going
to discuss is Hardware.

Points now as you guys
can see on the slide. I have put down the system
requirements of parrot OS on the left hand side and I have put down the system
requirements of Kali Linux on the right hand side. So as you guys can see parrot OS and Kali Linux both need
1 gigahertz dual-core CPU when it comes to Ram parrot
OS needs much lesser arm than Kali Linux, but it needs 384 MB of RAM
for its minimal running time and Kali Linux needs
a 1 gigahertz of RAM.

The other hand in terms of GPU, but it OS doesn't really
need a graphic card as it has no need for graphical acceleration Kali
Linux on the other hand. If you're trying to run
the genome desktop version, you will certainly
need a graphic card on the other hand pirate OS need
16 GB of free hard disk space for its full installation and Kali Linux needs
20 GB of free space. So basically parrot OS is
a much more lightweight version. So we see that parrot
OS definitely wins against Kali Linux when it comes to Hardware requirements due to
its lightweight nature not only does it require lesser Ram
to function properly, but the full installation is
also pretty lightweight thanks to the use of the mate desktop
environment by the developers.

So basically if you're having
an older Hardware configuration on your computer pirate
OS should definitely be your choice. Now the next parameter
that we are going to compare. The two OS is in is look
and feel now this section. Be boils down
to personal choice personally. I prefer the minimalistic look that is given by parrot OS
the interface of parrot OS is built using the Ubuntu
mate desktop environment. There are two clear
sections on top you see a pain which contains
applications places systems, which is much like Kali itself, but it also gives
some cool information about CPU temperatures
along with the usage graph and the bottom pane
contains the menu manager and the work station manager, which is a brilliant addition to the Linux system Kali Linux
on the other hand follows the genome desktop interface while it still
has the functionality that is offered by para Todo es.

It doesn't provide
the same clean and refined look in my opinion. If you don't know your way
around a collie interface, it is pretty easy
to actually get lost. Now, the next parameter that we're going to compare
them is hacking tools now since both these
operating systems are For penetration testers
and ethical hackers. I think hacking tools is
the most important criteria that both the operating systems
are going to be compared in so when it comes to General tools and functional features para
Todo es takes the price when compared to Kali Linux
pirate OS has all the tools that are available in Kali Linux
and also it adds his own tools.

There are several tools
that you will find on parrot that is not found on Kali Linux. Let's take a look
at a few of them. So the first on that you
see is called Wi-Fi Fisher now Wi-Fi fish oil is
a rogue access point framework for conducting
red team engagements or Wi-Fi security testing using
Wi-Fi Fisher penetration testers can easily achieve a man in the middle position
against the wireless clients by performing targeted
Wi-Fi Association attacks. Wi-Fi Fisher can be further used to mount victim
customized web phishing attacks against the connected clients
in order to capture credentials or in fact the victim With some sort of
malware another tool that is seen on parrot
and is much appreciated that is not seen on the Kali sign is called
a non surf now being anonymous for a hacker is the first step
before hacking a system and anonymizing a system in an ideal way is
not an easy task.

No one can perfectly
anonymize a system and there are many tools available
on the internet that see that they are no no my system
one such tool is a non surf now, announce. So of is pretty good as it uses the tour iptables
to anonymize the whole system. Also, if you guys
have not already realizes tour also also comes
pre-installed on parrot while it has to be externally
installed on Carly. Now these things that you see that Wi-Fi Fisher Tor Browser and announcer surely
they can be imported and download it on curly
but they don't really come pre-installed and that is
what counts right now. So since pirate OS
also Is designed with development in mind
it also comes pre-installed with a bunch of useful compilers
for various languages and ideas for their
respective development, which is completely absent
on the Kali Linux side. So for this part of hacking tools parrot OS definitely takes
a price now the next thing that we are going to compare both y'all both
these operating systems is release variations now
both operating systems come with a variety of variations, but part OS has
much more diversity in terms of variety.

So let me just explain
what I mean. So as you guys can see
on the left-hand side, I have listed down
the release variations that are available
for parrot OS now aside from the full editions, which is both provided
by parrot and Kali. They also both provide the light
additions on parrot side and the light Edition
on Carly side. They are both basically
the same thing. We're in minimalistic tools
are actually pre-installed and you can Install and
customize the operating system according to your own needs. If you don't choose to customize
the operating system, you can very well use
it as a very lightweight and portable operating system. So Peridot a slight addition and Carly light additions
are two flavors of the operating system. Now, this is where the difference is
such differences start. So parrot os are
Edition also exist. So this is an addition that is used
for wireless penetration, testing and wireless
vulnerability testing. So basically anything
Thing Wireless parrot OS erudition does it faster
and does it better then? There's also parrot
OS Studio Edition, which is used for multimedia
content creation Yes.

You heard that right part
it OS can also make content for your social media. So if you're thinking
about using part OS for marketing as well as
security deposit OSU has definitely your go-to
operating system Carly on the other hand aside
from its light version and full edition offers. Some desktop interfaces like the E17 KDE and xfce
the Ubuntu mate and the lxde. So these are
basically just skins that run over Cali and basically make
Ali look a little different from one another you
can check out all these different customizations
on the khari documentation. Other than that Callie
has also support for cloud and iot devices in the form of
the Armel and arm HF releases.

These releases are
also available in parrot over. ESO para Todo es
doesn't stand down. So as you guys see Peridot s provides you a lot
of diversity in the variety that it is offering. So in my opinion parrot
OS also takes the price in this section. Now the main question remains which of these two distributions
is better for beginners Well, it is to be duly noted
that both these distributions are not exactly
meant for beginners. If you want to learn about Linux
as an operating system, you're better off using
something like Go bond to or deepen.

This also doesn't mean that you cannot learn
the basics on parrot or Kali on the other hand. If you are already knowing
the basics of Linux and want to get your hands on an operating system
to learn ethical hacking. I would personally recommend
using the parrot SEC OS light addition this is because the light version comes
with the bare minimum of networking tools. This means as you learn your ethical hacking concept
slowly you could develop or install tools one by one. Instead of being overwhelmed
with a whole bunch of them from the beginning not only
does this allow yourself to evolve as an ethical hacker and penetration tester, but it also makes sure
your fundamentals are built in a methodical manner. Now, I recommend parrot OS / Carly for one other
reason to that is because the default user
for Callie is Route. This makes the environment
a whole lot more aggressive and mistakes tend to be punished and a whole lot more difficult
to deal with So this means that parted OS is generally
the winner in my opinion.

When you get hired as
a penetration tester or a security analyst one of the main rules
is vulnerability assessment. So what exactly is
vulnerability assessment? Well, I've already possessed
man is the process of defining identifying classifying and prioritizing vulnerabilities
in a computer system application and network infrastructures and providing organization
doing the assessment with the necessary
knowledge awareness and risk background
to understand the threats to its environment
and react appropriately to them. So vulnerability is a situation that can be taken
advantage of by a hacker or a penetration tester for their own misuse or actually
for fixing the issue. So while I'm ready assessment
has three steps.

So the first step is actually
identifying the assets and the vulnerabilities
of the system. The second step is actually
quantifying the assessment and the third is reporting
the results now vulnerability assessment is only a small part and Pen testing is
an extended process of vulnerability assessment when testing NG
or penetration testing includes processes like scanning
vulnerability assessment and itself exploitation research and Reporting whatever
the results are. So in the industry
was the most widely used Frameworks when penetration
testing is Metasploit. So Metasploit is widely used
in penetration testing as I just said and also used
for exploitation research. So some of you might ask what exactly is
an exploit research well in this world there
are tons of exploits and the way to approach each
Of them is ever so different. So what we have to do
is exploit all the research that is available to us and we have to find
the best way to approach them.

So suppose, for example,
you have a secure shell login. So the best way to actually
approach secure shell login until my knowledge is that you have to get
a backdoor access to this from the port numbers that you can scan
via nmap or eczema. Okay. So without wasting
much time at looking at prop and presentations, let's actually get started as
to how we can use Metasploit. So So Metasploit is a freely
available open source framework that is widely
used by pentesters as we just discussed. So to actually
install Metasploit, which is easily available
on Linux and windows. I guess. Let me just check it out. So you go on your browser and you time Metasploit
downloads now you just visit the first link and as you guys can see it says
it's the world's most used penetration testing tool and then you just download
the Metasploit framework by clicking the
download button here.

So y'all might also
find Pro version which is a paid thing. And this has a little bit
of extra features like group support and actually helping a company
work as an organization, but we don't actually need that and practicing
our pentesting abilities. So for that you just go ahead and download Metasploit
framework and install it on your system above that there is another thing I
want to get make you guys aware of and that is Metasploit table. So when actually
been testing we need a server or a website to actually
pen testing zone. So normally this is a very illegal thing to do
with our permission. Ian so Met exploitable
has actually created a server with a lot
of vulnerabilities on it and it's called Metasploit
able to somet exploitable to is easily downloadable
from this link and it's a virtual box file. So you guys must have
a virtual machine software on your system to actually
set this thing up. I'll also go through how to actually set
up Metasploit herbal because it has a lot of configuration and network
management to go with it.

So we'll get to that later. But for now, let's get started
with Metasploit table. So before that Metasploit herbal
is written in Ruby and if you all know
Ruby coding and y'all know how to make exploits y'all can also always contribute
to the Metasploit community. So Metasploit is one of the most
widely used pen testing tools in the industry. So what exactly is Metasploit? Well, it's a framework and what a framework is is it's
actually a collection of tools. So these tools are majorly used
for penetration testing and exploitation research
now one might ask what Exactly is
exploit research.

Well, there are tons
of exploits out there and there are tons of ways
to actually approach them and this only comes to us from thorough research as
to how we can approach each and every exploit
in their best way. So talking about Metasploit. Well, it's open source and free
and it's also written in Ruby. So if you guys know
Ruby coding and know how to make exploits
y'all can always contribute to the Metasploit framework now
talking about the download part. Well y'all can easily
download Metasploit from its download page, which is – Floyd.com download I'll
be leaving the download link in the description. And once you're
on the download page, you'll see two versions
one is the free version which is the original
Metasploit framework and it's the core framework
that everybody works on and then there's Metasploit Pro which comes with
a 14 day free trial. So Metasploit Pro actually
has a few extra features, which is great
for an organization. Like it helps
you work as a team, but if you're a guy who's just practicing pentesting
like me Metasploit framework, Work the free version is
the absolute way to go now.

Also when pentesting you all will also need
Metasploit table now met exploitable is an intentionally
vulnerable Target machine for actually practicing
your medicine flight skills on so we will go over the installation
of Metasploit table later. But for now, let's go
over Metasploit table. So once you guys
have actually downloaded the link y'all can actually
install it on your systems and Metasploit actually
has three interfaces. So we are going to be using
the command line interface. Or the msf console
in other words, but you all can also use the GUI
interface which is called Armitage if I'm not wrong.

So let's get started. So first of all, I've already actually
downloaded Metasploit and install it on my computer and y'all can just do the same
by pressing the download button as you guys can see so
just start up Metasploit. All you have to do
is go on your terminal and so to start a Metasploit
all you have to do. Do is go on your
terminal on Linux? Well, we're starting
upholstery SQL Server because first of all
the postgresql server is the basis of all
the Metasploit exploits that are stored and starting it
will just make it run faster.

So we go service post
gray SQL and start so that's the start of a service and indeed it has so next thing
you want to do is go in and type msf console. And that's going to take
a little bit of time because I was very slow computer and it's going to start
up our Metasploit free. So as you guys can see you got
a big banner out here. It says Metasploit cyber mesial and it's the banner changes
every time don't get worried. If you have a different banner
and the main thing is that you should see
this msf thing out here.

So this means we are
in the msf Shell right now, which is the
Metasploit framework shell. So let's get started by
actually curing our screen. So first things first
the first command that you might want to run on a deployed
is the help command. So help will tell us everything that we can do
with this framework. So as you guys can see
there are a bunch of commands and the descriptions
to go along with it. Y'all can give it a quick read
and find the things that are interesting to you. So as you guys can see
Banner is display an awesome Metasploit Banner
y'all can change the banner as you guys can see there are
a lot of Juicy commands like there's a banner command, which I just had used. So if you go and die panel
will give you a nice cool Banner about Metasploit and there
are other commands which work very similar
to Linux like CD.

Changes the current directory
you can change the color by toggling colors and then you can connect to
the host and all sorts of stuff. So Metasploit has
a bunch of exploits. So before we go further, I want to make you guys aware
of three important terms regarding Metasploit. The first is a vulnerability and
we had already discussed this that a vulnerability
is a situation which can be taken advantage
of by a system or a person who axis so the second
part is an exploit. So what exactly is
an exploit Yeah, well an exploit is a module which is a bunch of code written
in Ruby on Metasploit that is used to Target
different vulnerabilities.

And the third thing
is a payload. So a payload is
the action that you do once you actually have access
to somebody system. So basically suppose
you have hack somebody and you've gained access
to their system. Now the activities you do
after gaining access is defined as the payload so
we just spoke about exploits and I told you guys that Metasploit has
a bunch of Right. So how do we see all
the exploits that are there? So you go show exploits. Well, as you guys can see we've loaded
up a bunch of exploits which is basically
all the exploits that Metasploit has
to offer at this moment. So let me just increase
the screen a bit and let's cruel completely to the top. Yep. So as you guys can see show exploits give us
a bunch of exploits and shows the name a description
a disclosure did and the rank.

So the name and description is as it says it's the name
of the exploit and it's a short description about it. The disclosure date is when the extract was actually
released by Metasploit and the rank is how it has fared
against the vulnerability. It was released for
since it was actually released. So as you guys can see
ranks range from Great good and stuff and we have
a bunch of exploits. So as you guys can see
there's an Android exploit. There's a Samsung Galaxy
knocks Android exploit. There are bunch
of Windows exploit Adobe Flash exploit FTP exploits
MySQL exploit asp.net exploits and a bunch of other stuff. So as you guys can see there are
a bunch of exploits to use and it can get confusing and rather Troublesome
to search for the exploit.

You actually want to use so as A pen tester you can always
go for the search keyword, which is basically suppose, you know that you
have a MySQL server which has a bunch of vulnerabilities and you
want to test those out. So you simply go
search my SQL now, I'll search the database
for all the exploits that are related to mySQL
and present them to you. Okay, so we have our results. So as you guys can see
we have a bunch of MySQL related module system. Now at this makes it very easier
if you are a pen tester and you're looking
for MySQL exploits now suppose you choose
your exploit and let's see, let's choose. Which one do we
want to use today? We're going to just use
this MySQL hash dump. So to actually use
this we have to copy the knee so double click on it
and it'll just select it and New go Ctrl shift C
in your terminal so that copies it and so if you want some more
information about it, you can always go info and then just paste
in the name of the exploit.

So this gives us a bunch
of information actually gives us all the information
you need about the exploits. So it gives you the name
that it's a MySQL password. Hash dump its module name
is Ox Terry scanner and all this stuff. It's licensed by Metasploit. Framework in itself
and it has a normal rang and these are all the options
that you might need to set when actually using the exploit and this also gives you
a small description. So it says this module
extracts the user names and encrypted password hashes
from a MySQL server and stores them for later cracking so seems
like really cool stuff. You can do with ice cubes server
and its password database.

So if you actually
want to use this so you have to use
the use keyword. So we go you Who's
and control shift V? So as you guys can see
it's denoted in red out here that we are indeed and exploit
that we want to use. Now. The first thing you want to do when you're using
an exploit is you want to go and say show options.

Now as you guys can see
these are the options that we actually need to set
before using the exploit. Now the options can be necessary
or they can be optional like so there's
a password field out here, which is not really necessary, but will help your exploit if you actually provide it
but you need to provide the our hosts which is the targeting
host machine and the port and the threads is already
set now suppose you want to set the our hosts so you can just go set.

Host and you can set it
to whatever IP address you want like suppose you want
to address 192.168.1.1 56 some of that sandwich. I will set the our hosts. You can also set the number of
threads now threads are actually what the threads mean
and parallel processing that mean how many parallel
threads you're gonna run so that you have
faster computation. So this means new need GPU power if you have multiple threads
running So let's set threads 234 now so we've set the threads 30 and then you can go
show options again and see that you have indeed
actually set your options.

So we've set the threats to 30
and our host has also been set. So that was all about how you
can get into a module know get some information
about a module and how can also use them or you so once you're done
using the module or once you're done
setting up the options, You can go ahead and run
the command run or even exploit and this will start actually
running exploit on the system that we want to now of put
in a very arbitrary IP address. So and that not have
MySQL Port running so our exploit feel now once you have desiderio exploit and you want to go
back to the main msf. Unix shell just go
ahead and type back.

It's as simple as that so that brings us back
to the msf command line. I'm so let's go ahead
and clear our screen now. Okay, so it's time
to do something interesting. So to do that. First of all, we need to go ahead and actually download
Metasploit able to so download Metasploit able to do
you have to go on this link. I'll leave the link
in the description. So or rather you can just
go on your browser and type in Metasploit able
to download so met exploitable as we had earlier discussed
is a Linux based distribution and It's mostly meant for actually practicing
your pen testing skills. So basically it has a bunch
of ports open on it.

So it's basically
just for your he's so that you don't go ahead and test it out
on some valid website and then get thrown into jail because that's a very
illegal thing to do. So go ahead and download
Metasploit able to and then also download Oracle virtualbox
machine Oracle virtualbox. So you all can
also easily download that from www.virtualbox.org. And this is because you should never run mad
exploitable to on a system that is connected to a network. You should always use it
on a virtual machine because it's Protected
Their Faith so that nobody else can access it. So to actually set
up Metasploit table. Once you've downloaded
it you go ahead and open up your virtual box. So out here you have
to go into Global tools and you create a host only
network manager now already created a host only network
manager and then you go ahead and enable the DHCP server
by pressing this out here like enable then you go back and you just go new you give it a name like whatever
you want to name it. I have already named
mine Metasploit with to as you guys can see.

So we're going to call this demo for just demonstration purposes
choose a type to be Linux and it someone to 64-bit click
next give it a gig of RAM and you are going to use
an existing virtual hard disk so out here you just click
on this button out here and Browse to the place where you actually downloaded and unzipped your Metasploit
will download file. Then you get this virtual
machine disk file, which is with vmdk file and you just go ahead
and load it up. So I'm not going to do that again because that's just
going to eat up my Ram and I've already
installed it up to you. So that was all
about the installation and the configuration. So now let's get started
and let's start playing around with Metasploit. So once you're done downloading and installing Metasploit table
on your computer, all you have to do is
Is go ahead and start it up in your virtual box machine
and the login ID and the password both are msf.

Admin. So first of all, we need the IP address
of our Metasploit double server. So we go ifconfig
and this gives us the address. So as you can see out here
are addresses 192.168.1.2 6. 101. So once you've go ahead
and started a Metasploit herbal, it's time that we go ahead and
exploit all the vulnerabilities that is presented to us by meds. Able to so do that. Let's head back
to our Linux terminal again. So once we have the IP address
that was 192.168.0 6.11 if I am correct, so let's go and quickly get a little bit
of information about that. So who is 192.168.1.1
6.1 o 1 so this will give us who is on Metasploit able to
and will give us a bunch of information as to To
how the server is set up where is set up? The ports are open
and various other things. So as you guys can see
this gave us a complete who is so to get
some more information about our Metasploit.

Double Servo. We're going to be using nmap. Now. If you guys don't know about
how to use nmap you can go out and check my other video
on the playlist of made a pretty good and map tutorial. So we go and map – F – s and V which is
steel version and we give it. the name or the domain name
server and 2.16 856 R11 So we've got a juicy result
out here and we can see that there's a bunch
of stuff open. So as you guys can see
there's the FTP poor open, which has a version
of vsf tpd 2.3.4. There's also openssh,
which is for .7 P1 DPN. There's also tell languages
almost miserable to have talent running on your computer. Then there's SMTP.

There's HTTP and there's
a bunch of ports open as you guys can just
see on your screen. So it's We actually used
Metasploit like a pen tester to go ahead and test
out these vulnerabilities. So let's choose
these FTP things. So we have this fdp out here. So from the version number, which is given to us by
the steel version flag on and map we know
that it's using vsf tpd 2.3.4.

So we can easily search for
an exploit of the same version. So as a pen tester you
would go search V SFTP D 2.3.4. So this should give
us all the exploits that are available for
this particular vulnerability. So as you guys can see
after a long search from the search vsf tpd, we found a vulnerability or an exploit that can take
advantage of the binary. So it's time we
actually use this. So first of all, let's get some info
about this so info. Let's copy down this thing and then let's get
some info about this.

So as a small module description says this module exploits
a malicious back door that was added to be
SFTP D download archive. This backdoor was introduced. In the vsf tpd, 2.3.4, tar.gz archive between June 30th
and voila voila. So we have the options
of setting in our host. It has an available targets
provided by these guys, and it's a pretty good
exploit in my opinion. So let's go ahead and use it.

So we go use
and love the exploit. So it's visible to us that again entered
exploit module which is eunuch / FTP SFTP D 234 back door. So what we're going to do is
we are going to actually gain a backdoor access
to our met exploitable system. So to actually make
this more believable. So if you guys go into
your Metasploit herbal system, so you guys can see that That you are
in the root directory so you can gain some root access by going sudo Su
and going msf admin.

So we're now
root user in the msf. Admin or rather
the Metasploit will console. So if we go LS we can see
the various files and if you go sleepy / home when the home directory now and
if you do LS out here we can see that there are a bunch of stuff. So there's an FTP folder. There's a hack Folder there's
a times of admin folder and the service in this user. So that's five folders if you guys remember so now what we're going to do is
we're going to gain some back door access
into the system and we're going to create
a bunch of folders in the home directory. So let's get on doing that. So to do that we head back
to our marriage like terminal and we go show options as we had already
entered are exploited. So go show options. So as we see the options that we have to provide is
the ER host and port number now the port number
has already been set because it's 21. That's where FTB runs or other TCP runs and we now
just have to set the host.

So to set the host we have
to just put it in the IP address of our Metasploit herbal server. So if I remember
correctly it set our hosts to 192.168 / 56 Art 101. So that has said are our hosts
so we can again check that if we've done it correctly
by going show options. And we indeed
have set our hosts. Now. All we have to do
is run the exploit. So we go and hit run. So as you guys can see
we have actually gained a back door service
has found and handling and the command shell session
has started now you might be confused as to why
do I have this blinking line? Well, this blinking
line actually means that you are inside
the Metasploit herbal server. That means we have already
gained the backdoor access and is taking line denotes that we are on the terminal
of Metasploit able to now if you don't guys
don't believe me, let's do some experimenting. So as I had said, I'll create a bunch of folders
in the home directory.

So let's change
the home directory first or rather first. You can also do a
who am I and instead you that you're the root user
next you go and do CD / home and I'll change
the home directory. Now, let's make
a bunch of folders like make directory. This is a test. So that should have
made a directory. So let's go into
that directory CD. This is a test. So we're already
into the directory. This is a test. Now. Let's make a file
called targets Dot txt. So that creates 12.

So just to see if you have actually
done it properly. Let's go back
to our Metasploit herbal. So Now in the home directory
you go and type in LS again. Okay. So let's type in LS and see so as you guys can see
we have created. This is a test folder and it's already available
then so let's go and move into that folder. So this is a test and we
are already in that folder. So I'm we are also
created a text file which was called targets.

So that was LS and it should give us
a Target start txt. So as you guys just saw
we gained a backdoor access into a remote system
through a vulnerability that was available
to us on the FTP. Port so we first did that by scanning
the entire domain name server of Metasploit table by nmap and gaining some intelligence as
to what ports are running and watch boats
are actually open then we found out
that the FTP port is open.

Then we went on to Metasploit
and we found out exploit that vulnerability very
successfully we found out how to use the exploit some information about
that exploit and in the end, we actually executed at months and we are already
in that folder. So and we are also
created a Text file which was called targets. So that was LS and it should give us
a Target start txt. So as you guys just saw
we gained a backdoor access into a remote system
through a vulnerability that was available
to us on the FTP Port. So we first did that by scanning
the entire domain name server of Metasploit table by nmap and gaining some intelligence as
to what ports are running and what sports
are actually open. Then we found out
that the FTP port is open. Then we went on to Metasploit
and He found out exploit that vulnerability very
successfully we found out how to use the exploit some information about
that exploit and in the end, we actually executed at months.

Now you guys must be wondering what exactly is and map
and why should I learn it? Well and map is
a network scanner that is widely used by
ethical hackers to scan networks as the name suggests. Now, you might wonder why
do I need a network scallop? Well, Let me give
you an example. So suppose you have a Wi-Fi that has been set up
in your new house and you realize that your data is being actually
consumed at a faster rate than you are using it. Now. You have suspected that it's your pesky neighbor
who keeps on connecting to your Wi-Fi and eating
up all your data. So to actually confirm
all your doubts. What you want to do
is a network scan and nmap is a pretty
wonderful tool to do that now nmap runs on Linux. Mac OS and windows and I'm mostly going
to be running this on Linux because that's what I do most
of my penetration testing and network testing on so let's go ahead and get on with the installation
of nmap on your computer.

So what you do is go
apt-get install and map now for this you have
to be logged in as root. If you're not logged in
as root just add pseudo before this whole command
and it will install it now. I already have nmap
installed so Um, not really going to install
it again and again, so let's just go ahead and just
do a few scans on our website that is www.eddecosta.com and we are going to see
what we get back as results. So first of all,
let me just show you how you can scan a certain
domain name servers or DNS. So at map we are going to use
a flag all the time now, let me just tell
you what our flag.

So if you just go
to nmap and type – – help this will give you
all the flags and options that are available
to Actually use on any map. So if you are actually stuck
and you can't remember stuff, let's go in and type and Mom – help and it will give you all
the stuff now Network scans generally take a long time. So I'm going to be using
the fast mode most of the time. So for fast mode, all you have to do is type
in any record dot go and sit and wait for this
can't get over now when the scan gets over you will see a bunch of
information and let me just wait till that information pops up and then we will talk
about the information together.

Okay. So as you guys can see
our scan has been completed it took 13 .71 seconds
to actually do the scan. Now as you guys can see it shows
us the port's the states and the services now the porch
is basically the port number which are service that is also bind it
to is working on so we can see that SSH service is working on port number
22 SMTP on 25 actually Beyond 80 our PC by 911 and Sgt. BS on 443 so that is how you can use nmap
to scan a certain website.

Now if you see and map
has also given us the public IP of the DNS because what nmap does
is it looks at the DNS and then translate it to an IP that is recognized
to that DNS server. So nmap. Also Returns the public IP. So what we can do
also is and map – F and 34.2 10.2 30 and Dot. 35. Okay. So as you guys can see that our command also works
when we put in the IP address and it produces
the same results. Now we can also scan for multiple hosts now
suppose you are on a network and you want to scan
for multiple hosts now.

You don't really want to run
different commands for that. Now what you can do is just go
in and type and map and a bunch of IP addresses like 192.168.1.1
and Or 1.2 and 192.168.1.3 and what this will do is it
will draw the net Maps scan on these three
different IP addresses and you did this
in just one command. So that's a way
that you can do this.

Now. You can also know about how much of your scan is left
by just pressing the up button so that will tell you and give you a constant update
on how your scan is going like – 32.4% Dot and 4.7 now and also show you kind
of the time remaining. Okay. So till this port
scan is going on. Let me just tell you
about the states now States can be of two types
open closed and unavailable. Sometimes you will see that
it is unavailable and that's because some sort of 5
all or something is running out there states can also be closed
in that case mostly and math will not return
you any result unless you're explicitly finding
something of the closed state.

So that was a little trivia
on States and how they work. How much are Scott has done so a scout is dot 81% takes
around another 20 seconds. It should be done soon. Now. This scan could be significantly
made faster with just EF tag, but I really want to give
you all a good look into how this works. 97 98 99. Okay. So as you guys can see
this is our result. It gives us a bunch
of ports and services now as I just said this thing
can be also closed and also unable Available. So open and closed
we see both the examples.

Okay, so that was about
how you can scan multiple ports. So you can also scan multiple
boards with this command as I will show you. So what I do not one six eight
dot one dot one to Thirty. Now what this will do
is basically scan everything from 192.168.1.1 to 192.168.1.2
up to 30 like that. So this is a very useful way
of actually scanning. Tubal IP addresses. Let me just show you
how that works.

Since we have used the a flag, this is going to work
considerably faster now as you guys can see out here. This had taken around
a hundred nineteen seconds. So that's round two minutes now. This will take
a considerably less a time. So, let's see this was done
in 29.91 seconds, and we'd it 30 IP addresses. So we see that – F surely speed ins
the whole scanning process now, you can also give nmap
a Target list now, let me Could Target list
so targets D XD.

We just got it out for you. So that's starting it now. All I want to do
is edit this file. So, let me just edit
that file and put a 192.168.1.1 192.168.1.2
192.168.1.3 192.168.1.5 for 192.168.1.5 or 15. Boom Rose. Sit now, all we have
to do is save it. So that saves it and control
X to actually access it. Now, you can go ahead and view
what is a target set txt. So as you guys can see this is
what isn't Target such cxt. And now you can just pass it
to end map with the IL flag and you could say that nmap
is going to actually scan all the IP addresses that are in this file.

So let that just run. So this will take
a little bit of time because it's five IP addresses and it's really radical
the fast boat 83% of our work is done. Okay. So as we see our scan
has been completed now, what do you see out
here is scan results for whatever we had provided
and targets dot txt list. So that's how you can also
provide and map input file and it will give you the results
for all the targets that were specified in the file. Now, let's go ahead and talk about a little bit
on Port scanning. So nmap is also A brilliant tool
for scouting boards. And if you have
a server or web site, you know that there are
65535 ports out there or every silver and almost 99%
are unused so sometimes kind of ports is really
at the society. Now you can scan boards
by just using the pflag and specifying the port number
and this is how you would do it. And if you just specify
the IP address after that, so I'm going to use
w-w-w dot Ed u– record.

Go and what you can also do is this will scan only
the port number 20, but you can also scan
from port number 20 to 25. You can also put in comas
and tell and lap. You also want to scan all these are the port 80 is HTTP
and 443 is HTTP, so you can surely do that. So let me just go
ahead and run this. Okay, so that gives us
an information on the boards that is there now
something about ports. Also you suppose, you know. You want to scan
for some HTTP Port so you can just say and map
and with the – be you can just say that I want to scan
the HTTP board www dot Ed u– red card dot go so that will
just go ahead and do that.

And as you guys can see that give us a result
and you can also add in stuff like MySQL FTP
and stuff like that. So let me just see show you how that rods okhttp
is done poor Sgt. Okay, so as you can You
guys can see these artboards that are running and it gave us
according to the day. Now. If you want to scan
all the ports, you can use – P – and the IP address
at www.deeptrekker.com. Now this generate
takes a lot of time because you're basically
doing 65,000 scan. So I'm not really
going to do that.

I'm going to quit this out. Another thing that I want to show you all
that generally takes a lot of time to actually
execute is called something like an aggressive scam. So as you guys can See out here. I have done an aggressive
scan on Ed Eureka. So do that. All you have to do
is and map – A and then you go
Eddie record dot go.

So let us see how much time did this take to actually
execute this deck 459 seconds that's long time for scan, but it gives us a bunch
of other information. For example, it gives
us the traceroute. So what is the traceroute first
of all so traceroute is the route taken by a packet
to to actually reach the clients and the target cell. So as you guys can see our back
it had 22 hops first went to the first stop was
to the Gateway router that is 192.168.1.1. Then when to the Airtel lease
line then rent this IP address that went to the pslv SNL dotnet and it went to London
New York the Chicago and the went all the way up to
wherever this thing has hosted that was some information and then there is
some other Information given to us like the TCB open TCB rap program version
sport type sport States and all sorts of other
information is given about in an aggressive scan another scan that I
have previously also done and kept for y'all is because it takes a lot of time
and I have done something called this service
version so and map – s and V where V Capital will
give you the service version.

So it tries to actually
guess the word. Asian of the service
that is running. So for example on TCP Port it
tells us it is postfix SMTP D or the Apache. It's Apache HTTP D. You can see all sorts
of versions that are here. Another thing and map
is generally brilliant is for guessing
the operating system that is running. Oh, I have already done
this can previously because this takes
a humongous amount of time that I don't really have and
that is three eighty six point three four seconds and this can together
basically took me. In ten minutes, and I don't really
have that kind of time for explaining all this stuff. So as you guys could see
out here the OS get is kind of os detail is fortunate for the gate it kind of
tries to guess the OS upon the time to live that is in the response
from the packets that it sends.

So – SVP – oh and – A are some really
cool stuff stuff that you might want to know. Another thing that you
can do is trace route as I had just told y'all
and y'all can do Trace. Trout separately. So you go – – traceroute and then you say
the name of any sort of website. So suppose. I want to know
how I reach netflix.com. So I go netflix.com and this
will give me a trace route that shows me how my packet
actually reaches the flicks.com.

Okay. So this is basically
it was a direct one hop. Okay, so that was surprising
all the other hand. If I were to do this
on Eddie record dot go it would take A bunch
of hops to actually reach that it is by just
take some time to run. Okay, so it's 94 percent down. I'm just waiting
for it to get completed. Okay. So this gave us a hop and
as you guys can see we took twenty two hops to actually
reach a direct cannot go and it's the same process you go
through a bunch of IP addresses and then you reach
this thing called you as West do compute
that Amazon AWS.

Okay, so that was about traceroute now just
to end this tutorial. Let me just tell you guys that you all can also save
a file to add map. And that is basically save
all whatever you found from a search into a file
and let me just show you how to do that. Now. Sometimes when you are working
as a security analyst you will have to perform Network
scans on a wide area network that is huge. It's basically huge
these cards take a lot of time and you don't really have
the space or your command line to actually store that and see that in the parade. That is feasible. Little for analysis. So what do you want to do
is actually save it in a file.

So what you can do
is say Ed map. Oh n and then you can see the other file we
could say results Dot txt, and we could save this in file. So w-w-w dot Ed u–
Rekha dot go. So whatever search result is going to be generated
is going to be stored in this file called
results dot txt. Now. This file need not exist. List from before it will just
be created by and map and now you see if I do LS. We have a Target
or a results dot txt. Now if I just cut out that file, let me just less it
actually results Dot txt.

And what you see out here
is an nmap scan result that is stored. Another thing that I would like
to show you all before I end this at map tutorial
is a verbose mode. So for verbose mode is basically when we were pressing
up arrows to see how much of our scan is done. You can basically do
that for postponed. Take all – F + – V for verbose and you
could say www dot Ed u– record Dot and this
will basically give you a verbose mode of
what is actually going on. I'll tell you everything
and boom roasted there it's done and we have finished
our and map tutorial and now you see if I do LS. We have a Target
or a results dot txt if I just cut out that file. Let me just less it
actually results Dot txt. And what do you see out
here is an nmap scan result.

That is Stored a lot of thing that I would like to show
you all before I end this at map tutorial
is a verbose mode. So for verbose mode is basically when we were pressing
up arrows to see how much of our scan is done. You can basically do
that for postponed. So you go – F + – V for verbose and you
could say www dot Ed u– record Dot and this
will basically give you a verbose mode of
what is actually going on. I'll tell you everything
and boom roasted there it's done and We have finished
our and map tutorial.

So first of all, what exactly is
cross-site scripting? Well cross-site scripting refers to client-side
code injection attacks where in an attacker can execute a malicious script
also commonly referred to as a malicious payload
into a legitimate website or web application now xss is
amongst the most rampant of web application
vulnerabilities and occurs when of Web application
makes use of something like a nun validated or unencoded user input
within the output that it generates Now
by leveraging xss and attacker does not Target
a victim directly instead an attacker would be exploiting
a vulnerability within a website or something like
a web application that the victim would visit and essentially using
the vulnerable website or the web application
as a vehicle to deliver a malicious script
to the victims browser. Now while exercise
can be taken advantage of within a virtual box script
ActiveX and Flash unquestionably the most
widely abused is Javascript. This is mostly because JavaScript
is the fundamental to any browsing experience all the modern sides today have some
JavaScript framework running in the background
now xss can be used in a range of ways
to cause serious problems.

Well, the traditional is uses
of exercise is the ability for an attacker to steal. Session cookies allowing an attacker to probably
impersonate a victim and that Justin's and that
just doesn't stop there. So exercise has been
used to wreak havoc on social websites spread malware website defa commence
and fish for credentials and even used in conjunction with some clever social
engineering techniques to escalate to even
more damaging attacks. Now cross site scripting
can be classified into three major categories. So the first is reflected
cross-site scripting. The second is stored or
persistent cross-site scripting and the third is dom-based
cross-site scripting so out here Dom refers
to the document object model that is used file
web application building.

So let's take a moment
to discuss the three types of cross-site scripting. So the first one we're going
to be discussing is reflected cross-site scripting Now by far the most common type
of cross-site scripting that you'll become. Because is probably reflected
cross-site scripting here. The attackers payload is a script and has
to be part of a request which is sent to the web server
and reflected back in such a way that the HTTP response
includes the payload from the HTTP request Now
using a phishing email and other social engineering
techniques the attacker layers in the victim to inadvertently
make a request to the server which contains the cross
site scripting payload, and then he ends up
executing the script that gets reflected and cute it
inside his own browser.

Now since reflected cross-site
scripting isn't really a persistent kind of attack the attacker
needs to deliver this payload to each victim that he wants to serve. So a medium like a social
network is very conveniently used for destination
of these attacks. So now let's take
a step by step. Look at how cross-site
scripting actually works. So firstly the attacker
crafts a URL containing a malicious string
and sends it to the victim. Now the poor victim
is tricked by the attacker into requesting the URL
from the website, which is running
a I respond script and then the website
includes the militia string from the URL in the response. And then in the end
the victims browser executes, the malicious script
inside the response sending the victims cookies to
the attacker silver.

Okay. So at first reflected xss
might seem very harmless because it requires a victim
himself to actually send a request containing
a militia string now since nobody would be
willingly attacking himself. So there seems to be no way of actually
performing the attack but as it turns out there are
at least two common ways of causing a victim to launcher reflected
cross-eyed attack on himself. So the first way is if the user or targets
a specific individual and the attacker can send
the malicious URL to the victim. For example using email
or for example instant messaging and then trick him
into visiting the site.

Secondly if the user
targets a large group of people the attacker
then can publish the link or the malicious URL or his own website
or social media, and then he'll just wait
for visitors to click on it. So these two methods are similar and both can be very
successful with the use of a URL shortening service
like one provided by Google. So this masks the militia
string from users who might otherwise identifier. Okay. So that was all about
reflected cross-site scripting. Let's move on to store
cross-site scripting now. So the most damaging type
of cross-site scripting that is there today
is persistent or stored cross-site scripting installed
cross-site scripting attacks.

It attacks. I'm sorry installed
cross-site scripting attacks. The attacker is injecting
a script into the database that is permanently stored
on the target application. So a classic example is a malicious script
inserted by an attacker in the comment field or on
a blog or a forum post. So when a victim navigates to the affected webpage
now in a browser The cross site scripting
payload will be served. As a part of the web page just like any legitimate
comment would be now.

This means that the victim
will be inadvertently ended up ending up executing
the malicious script. Once the page is viewed
in the browser. Now, let's also take
a step by step. Look at how cross-site scripting
in the stored version works. So the attacker uses one
of the websites form to insert a malicious string into
the websites database first. Now the victim unknowingly
request the page from the website and then the website Glued
some malicious string from the database
in the response and then sends it to the victim. Now the poor victim
will be actually executing the malicious script
inside the response and sending all the cookies
to the attackers server. So that's basically how stored or persistent
cross-site scripting works. Now it's time for the last type
of cross-site scripting which is document object model
based cross-site scripting. So dom-based cross-site
scripting is an advanced type of cross-site scripting attack. So which is made possible when the web applications
client-side script writer uses provided data to
the document object model.

So basically it means that data is subsequently read
from the document object model by the web application
and output it to the browser. So if the data is incorrectly
handled in this place and attacker can very
well inject a payload, which will be stored as a part
of the document object model and then executed when the data is read
back from the Dome. No, let's see how
that actually happens. So first attacker craft
the URL containing a malicious string
and sends it to the victim.

Now this victim is again
tricked by the attacker into actually requesting
the URL from the website. This is like the primary step in actually performing
cross-site scripting. Now the third step is that the website receives
the request but does not include the militia string
in the response. Here's the catch of
dom-based cross-site scripting. So now the victims browser
executes the legitimate script inside the response. Causing the malicious script
to be inserted into the page that is basically
into the inner HTML attributes and the final step is then
the victims browser then executes the malicious script
inserted into the page and then just sends the victim the cookies
to the attacker silver. Now if you guys
must have realized in the previous
examples of persistent and reflected cross-site
scripting those server inserts, the malicious script
into the page, which is then sent as
a response to the victim now when the victims browser
receives the response it assumes that the malicious Ripped
is to be a part of the pages legitimate content and then automatically
executes it during page load as with any other script would be
but in a Dom base attack, there is no malicious script
insert it as a part of the page.

The only scripts that are being actually
automatically automatically executed during the page load is
legitimate part of the page. So that's the scary part. So the problem is that this legitimate script
directly makes user input in order to add
HTML to the page. So the militia string is inserted into the page
using Nice chairman, so it's pastas sgml. So mostly people
who are actually in servicing or surveying any server for
cross-site scripting attacks. They will not be actually
checking the client side. So it's a very subtle difference
but it's very important. So in traditional cross site
scripting the militias JavaScript is actually executed when the page is loaded as
a part of the HTML server and in dom-based
cross-site scripting the militias JavaScript
is executed at some point after the page has
already been loaded. Because the page is
legitimate JavaScript treating user input is using it
in an unsafe way. So now that we have actually
discussed all the three types of cross-site scripting that is varied that is
widely available today.

Now, let's see
what can actually happen if cross-site scripting will if you were actually a victim
of cross-site scripting, I'm sorry. So, let's see what can happen if you actually were a victim
of cross-site scripting. So the consequences of
what an attacker can do with the ability
to execute JavaScript on a webpage may not immediately
stand out to you guys, but especially since browsers like Java
like Chrome run JavaScript in a very tightly controlled
environment these days and JavaScript has
very limited access to users operating systems
and user files.

But when considering the JavaScript has the access
to the following that we're going
to discuss we can only see how creative JavaScript
attackers can get. So firstly with malicious
JavaScript has access to all the same objects that the rest of the web page
has so this includes a thing called cookies now cookies are often used
to store session tokens. And if an attacker can obtain
a user session cookie, they can impersonate that user
anywhere on the internet. Secondly JavaScript can read
and make arbitrary modifications to the browser's
document object model. So your page will
just be incorporated with all sorts of scripts and viruses without You even
knowing from the server side now JavaScript can be used with the XML HTTP request
to send HTTP request with arbitrary content
to arbitrary destinations.

And the most scary part is that JavaScript and modern
browsers can leverage HTML5 apis such as accessing a user's
geolocation webcam microphone and whatnot and even specific files from
the users file system. Now while most of these apis
require the users to opt in cross-site scripting
with in actions with some very clever social engineering
can bring an attacker of very long way now
the above in combination with social engineering as I just said allows an attacker to pull
off Advanced attacks, including cookie theft
keylogging fishing and identity theft to now critically cross-site scripting
vulnerabilities provide. The perfect ground for attackers to escalate
attacks to more serious ones. So now that we understand what
cross-site scripting attacks are and how damaging they can be
to your application. Let's dive To the
best known practices that are actually followed to
prevent them in the first place.

So the first mechanism
that is used is called escaping. So escaping data means that taking data and application
has received and ensuring that it's secure before actually
rendering it for the end user. Now by escaping
user input key characters in the data received by
a web page will be prevented from being interpreted in any malicious sort
of way now innocence your censoring the data
or webpage receives in a way that will disallow characters
especially those brackets that begin the HTML attributes
like in HTML and I'm G so these will be stopped
from being rendered which would otherwise cause harm
to your application and users and database, but if your page doesn't allow
users to add their own code to the page A good rule of thumb
is We need to escape any and all HTML URL
and JavaScript entities.

However, if you
are running a forum and you do allow users
to as Rich text to your content, you have a few choices. So firstly you will need
to carefully choose which HTML entities
you will escape and which you won't
or buy replacement format for raw HTML such as markdown which will in turn allow
you to continue escaping all the sorts of HTML characters
now the second method that is normally used
is called validating input And so validating
input is the process of ensuring an application
is rendering the correct data and preventing malicious data from doing harm to the site
the database and the users. So while whitelisting and input
validation are more commonly associated with stuff
like SQL injection, they can also be used as
an additional method of prevention for
cross-site scripting attacks. So input validation
is especially helpful and good at preventing
cross-site scripting in forms as it prevents a user
from adding special.

Characters into the fields
instead of refusing the quest completely. But in fact valid
input validation is not the primary method of
prevention for vulnerabilities such as cross-site scripting and even SQL injection
for that example, but instead they help to reduce
the effects should an attacker actually discover such
a vulnerability in your system. Now the third way to prevent
cross-site scripting attack is to sanitize user input. So sanitizing data
is a strong defense but should not be used alone to battle cross-site
scripting attacks. It's totally possible. Will that you find the need
to use all three methods of prevention in working towards
a more secure application. Now as you guys might notice that sanitizing user inputs is
especially helpful on sites that allow HTML markup to ensure
data received Can Do no harm to users as well
as your database by scrubbing the data clean
of potentially harmful markup and changing the
unacceptable user input into an acceptable format.

OK guys. So that was all the theory about
cross-site scripting it's time. Demo right now. So for the demonstration now, I'm going to be showing
you guys the three types of cross-site scripting that we have discussed
throughout the course of the session. So not only will this be
a rather interesting to see how cross-site scripting works
on a vulnerable web application, but it will also give us a better understanding
of cross-site scripting in itself now to perform
cross-site scripting is a very big crime. So we really can Target
any random web platform website or web application
for that matter. So keeping that thing in mind I have chosen the broken
web application project. So this is brought
To Us by a wasp which stands for open source web
application security project.

The broken web application
project or Bebop is a broken web application that is intentionally vulnerable and it incorporates
a majority of the known bugs that are out there
and it is widely used by security enthusiastic students and practicing ethical hackers
to mostly practice and nurture their skills
in the right direction. Okay, so to get started
first of all, we need to download a few
files and get things ready.

So first of all,
we will download the broken web. Ation project and I'll be leaving
the download link in the description just in case
you guys want to practice in your own free time. Secondly. We need to download
a virtual box. Now after we have
both the files ready and we have it installed and we have our broken
web application installed in the virtual machine. We are good to go. Now. I've already done
all that boring job and actually installed
the broken web application as you guys can see. I'm already running the owasp broken web application
on my virtual. And this is the Oval
Office virtual machine. So as you guys can see
it's based off Linux and if we go ifconfig, it'll give us the IP address
that it's running on. So as you guys can see, it's running on 192.168.1 46.4
so If we just head over there, yeah, I've already open that up. We get a portal. So for this
particular demonstration, I'm going to be using the broken
web application project and also webgoat. So first of all, let's head over to the broken
web application project.

So we'll be greeted
with a login screen out here and the credentials
for this is B and Bug as you guys can see, so just go and enter login
after you enter the credentials. Okay, so y'all will be
welcomed with a place where you can choose your bug and you can also choose
the amount of security that you want to practice with. So since this is
a very simple demonstration, I'm going to set
the security too low. And the first thing that we're going
to test is actually reflected cross-site scripting. So reflected cross-site
scripting mostly has things to do with the get request when we are actually
coding on the back end.

So, let's see. First of all we go ahead and choose reflected cross-site
scripting for the get method and we go and press hack. Now will be presented
with a form. Now form is a very good way of actually showing
reflected cross-site scripting because normally when
an attacker will be trying to attack you he'll be trying
to send you a form or any way. You can actually input something into the his
soul so interestingly if we go and just in put nothing
into these two fields and just go will see
the URL change out here.

So firstly you guys see that it's the fields are
very clearly visible and These are the two fields
and that means that it's an uncoded input. So this is a very rich place to actually practice
your web vulnerability and penetration testing skills. So if I were to hackl, I would try and run
a script out here. So if I were to go script and I've already
practiced a few out here as you guys can see, so if you go script alert, this is an example
of reflected xss. Yeah, and if we go and just
end the script out here. This is going to actually render the JavaScript input
as a part of the page and we are going to get
an output because of this. So that's how reflected
cross-site script is actually working. So as you guys can see
we the what am I saying? As you guys can see
the web application has actually rendered our JavaScript
and now we can see that reflected cross-site scripting is actually
working out here.

So now you guys
must have realized that in a practical scenario. This form must be
sent to the victim and must be tricked
into filling the form for the attack to be successful. Also in more practical scenarios where sites are
also having forms. They're going to be putting
filters to the Of the input parameters such that you cannot run
JavaScript in them and you cannot also input
any unencoded inputs into them. So that was all
about reflective JavaScript. I mean reflected
cross-site scripting. So now let's move
on to store cross-site scripting which is the most dangerous form
of cross-site scripting. Okay, so as I had discussed the comment sections are
normally the best place for actually stored
cross-site scripting. so as you guys can see out here if we already have
a few comments that had added for practicing
now in store cross-site scripting the attacker
is normally attacking the data that is stored.

So basically we are going
to inject the script into the database
into the server. So if the script has
some malicious intent and it can do
a multitude of thing if it has a malicious intent
will not get into that. So for that reason, let's first add
a normal comment out here. So let's say if this was blog
I'd say good job there. Like I said
or something like hey, man, nice work. If you go and
press submit, okay, it's showing this is
an example of persistent cross-site scripting because I had already
inserted malicious script.

So this is that script out
here the second input but just for demonstration purposes. Let's go in and put it again
so we can also input raw data that is unencoded input
in the form of script. So let's go alerts. Unless his print hello world. So if we go and press submit
so at first ones that other cross-site script
and then it will say that this page isn't working. So this is also a very
good example now we have two scripts actually
running on this page. So the first one is actually this is an example of
cross-site scripting persistent. So that was the second one
and then comes the hello world. So that's actually two scripts
running back to back. So anybody if I were
to actually come back to this side any other day and these comments
existed It would just get automatically executed
from the database because just because we
are referring to it. Okay, so time for
dom-based cross-site scripting and I was using this application
for the first time yesterday and I realized that there is actually
no way that we can actually test dom-based
cross-site scripting you.

So to actually test
on base cross site scripting we are going to be using
this thing called webgoat. Now the login credentials to webgoat is guests
for the username and guests for the password. I'd already logged in
so it didn't ask me. So now if we go out here and go on the cross
site scripting in xs/s, you will also see
that there is no options available for actually donbass
cross-site scripting this is because it's under
a acts security or Ajax if you might pronounce
it that way. So in this is
under a acts security because if you guys remember
we had just discussed that don't be cross site
scripting is a client-side cross-site scripting. So things like a normal script
would normally be checked on the server side. But when we are talking
on client side, we are talking about languages
like HTML a acts etcetera so you can put your scripts
in HTML form.

So suppose we were to go
so let's input a script first. So suppose you have
to go script. Hello world now. If we go and submit the solution
nothing actually happens because we are actually putting
in encoded in puts out there. It's the Dom that is unencoded. Now if we were to actually go in
and input in a language that the client-side actually
understands for example HTML, so we immediately get a result. So first of all, it's going to actually
manipulate the inner HTML attributes of this site. So if we go image
and we put a source now, let's not give the source
anything and on alert on are urado on an error. We're going to run
some simple JavaScript so alert And we can say this is
an example of dom-based xss.

Now as soon as I end
end the image tag, this is going to get done
because the client side is always rendering
the client-side page. So watch this. Sorry, I think
I miss type somewhere. Let's go again so image. Unless you something I've
already used and you can see that it says hacked and out. He'll we've not even
press submit solution. So out here you can see that as soon as we completed
it is again saying hacked so that means as soon as you
complete the query or the client-side HTML language, so that will completely trigger the cross-eyed
payload image tag.

This is going to get run because the client side
is always rendering the client-side page. So watch this. I'm sorry. I think I miss type somewhere. Let's go again so image. Okay, let's use something I've
already used and you can see that it says hacked
and out here. We've not even
press submit solution. So out here you can see that as soon as we
completed it is again saying that so that means as soon
as you complete the query or the client-side HTML language, so that will completely
trigger the cross-eyed payload firstly let's go or what does and DDOS means now
to understand a DDOS attack. It is essential to understand
the fundamentals of a Dos attack does simply stands
for denial of service? The service could be
of any kind for example, imagine your mother
confiscate your cellphone when you are preparing
for your exams to help you study without any sort of distraction while the intentions of
your model is truly out of care and concern you are being denied
the service of calling and any other service offered
by your cell phone now with respect to a computer
and computer networks.

A denial of service
could be in the form of hijacking web servers
overloading ports, which request rendering them unusable the dying
Wireless authentication and eyeing any sort of service that is provided
on the internet attacks of such intent can be performed
from a single machine while single machine attacks
are much easier to execute and monitor their also easy to detect and mitigate
to solve this issue. The attack could be executed
from multiple devices spread across a wide area. Not only does this make
it difficult to stop the attack but it also becomes
near impossible to point out. The main culprit such attacks
are called distributed denial of service or DDOS attacks. Now, let us see how they work
the main idea of a U.s. Attack as explained is making a certain service
unavailable since everything that is attacked is
in reality running on a machine.

The service can
be made available. If the performance of
the machine can be brought down. This is the fundamental
behind dose and DDOS attacks. Now some dos attacks
are executed by flooding servers with connection requests until the server is overloaded and is deemed useless others
are executed by sending unfragmented packets to a server which they are unable
to handle these methods when Muted by a botnet exponentially increase
the amount of damage that they are doing and their difficulty
to mitigate increases in Leaps and Bounds to understand more
about how these attacks work.

Let us look at the different
types of attacks. Now while there are plenty of
ways to perform a DDOS attack. I'll be listing down
the more famous ones. These methodologies have become
famous due to their success rate and the Damage they
have caused over time. It is important to note
that with the advancement and Technology. The more creative minds
have devised more devious ways to perform. Dos attacks. Now the first
type of methodology that we are going to discuss
is called ping of death now according to the TCP IP protocol
the maximum size of the packet can be
65,535 bytes the Ping of death attack exploits
this particular fact in this type of attack.

The attacker sends packets that are more than
the max packet size when the packet fragments
are added up computers generally do not know what to do with such
packets and end up freezing or sometimes crashing
entirely then we come to reflect on the docks
this particular attack. Iraq is more often than not used
with the help of a botnet. The attacker sends a host of innocent computers
a connection request using a botnet which are
also called reflectors. Now this connection
that comes from the botnet looks like it comes from the victim
and this is done by spoofing The Source part
in the packet header. This makes the host
of computers send an acknowledgement to
the victim computer since there are
multiple such requests from the different computers to the same machine this
overloads the computer and crashes it this type of attack is also known
as a Smurfette.

Another type of attack is called
mail bomb now mail bomb attacks generally attack email
servers in this type of attack instead of packets
oversized emails filled with random garbage values are sent
to the targeted email server. This generally crashes
the email server due to a sudden spike in load
and renders them useless until fixed last but not the least we
have the teardrop attack. So in this type of attack, the fragmentation offset field of a packet is abused
one of the fields in an IP header is a fragment
offset field indicating the starting position or offset. Of the data contained
in a fragmented packet relative to the data
in the original packet if the sum of the offset and the size of one fragmented
packet differs from that of the next fragmented packet
the packet overlap now when this happens a server
vulnerable to teardrop attacks is unable to reassemble
the packets resulting in a denial
of service condition.

Okay. So that was all the theoretical
portion of this video now, it's time to actually perform
our very own DDOS attack. Okay. So now that we finish
the theoretical part of how DDOS actually works and what it actually is
but it's different types. Let me just give you guys
a quick demonstration on how you could apply a denial of service attack on a wireless network
anywhere around you like this could be
somewhere like Starbucks where you're sitting
or this could be a library also or your college
institution no matter where you're sitting
this procedure will work.

So the first thing we want to do
is actually open up a terminal as because we were Be doing
most of our work on a command line basis. Now for this
particular demonstration. We will be actually using
two tools first is aircrack-ng, which is a suit of tools which contains aircrack-ng
airmon-ng a replay and G and airodump-ng. So these are the four tools
that come along with it. And the second one that we'll be using
is called Mac change of okay. So let me just put
my terminal on maximum. So you guys can see
what I'm actually writing out.

So first thing we want to do
is Actually log in as root. So let me just do that quickly because we need to login as
root because most of the stuff that we're going to do right now
will need administrator access. Now. If the first thing we
want to do is check out our wireless network cards name and we can do that easily
by typing ifconfig. Now, you can see that my wireless card is called
WL 1 and we get the MAC address and we also get the IPv6 dress. So that's my wireless network
card and we'll Actually setting that up in monitor mode now before we actually go in
to start up our Network are in monitor mode.

Let me just show you
how you can install the two tools that I just spoke
about that is aircrack-ng at Mac changer. So do install aircrack-ng. You can just go app get install aircrack-ng hit enter
and this should do it for you. I already have it installed. So it's not going to do
much to install mac changer. You could just go
the same command that is zap get
install mac changer and you can check if both the tools
have been installed properly by opening the manual pages
by typing man aircrack-ng and this will open up
the manual page for you. And let's also do
the same format to ensure. So what we're going
to do first is set up our network interface card
into monitor mode.

So to do that, all we have to do
is type ifconfig, and we need to put
a network interface card down. So we go. Wlo one down and with
the command IW Go mode monitor. Don't forget to specify the interface that
you're working on. So IW config WL 1 mode Monitor and all you have to do
now is put it back up.

So what we are going
to type is ifconfig. Wl1 up. You can check the mode
it will see managed if it's monitoring mode. So as you guys can see
it says mode managed, so that's how we're going
to go ahead so you can check that just for your own purposes so we can also check for only. Wlo one by
specifying the interface. Or you could also check
the mode only by passing it through a pipe function
and that is using grep mode.

So IW config wl1 crap and mold. Well mode begin
to the capital M. So that's how you
would probably return it. So as you guys can see that has returned
the mode for us icon along with the access point
and the frequency. Okay, so that was
a little fun trivia on how you could fetch the mode
from a certain command that like iwconfig
by passing it through a pipe and Open your list mode crap
basically means grab. Okay, so now moving on we
will get to the more important stuff now so
firstly we need to check for some sub processes that might still be running and that right actually interfere
with the scanning process. So to do that, what we do is airmon-ng check and then the name
of the interface now as you guys can see I have
the network manager that is running out here
and we need to kill that first and that can be easily
done by going kill with the PID after that.

You can run
a general command called. Old airmon-ng check and kill so whatever it finds
it will kill it accordingly and when it produces
no results like this, that means you're ready to go as there are
no sub processes running that might actually
interfere with us can now what we want to do
is we want to run a dump scan on the network interface card and check out all
the possible access points that are available to us. So as you guys can see
this produces a bunch of access points and they come
with their be ssids there. So have the power
which is the pwr that is the power of the signal
and let me go down back again. So yeah, you can see the beacons
you can see the data you can see the channels available
and what the bssid is. It's the Mac ID that is actually tied
in with the essid which basically represents
the name of the router.

Now, what we want to do
from here is we want to choose which router
we want to actually dose. Now, the whole process
of dosing is actually we will continue Sleety
authenticate all the devices that are connected to it. So for now I have chosen
Eddie Rekha Wi-Fi to actually toss out and once I send it
the authentication broadcast, it will actually the authenticate all the devices
that are connected to it. Now this the authentication is done with a tool
called are replay which is a part of
the aircrack-ng suit of tools. Now. Let's just see how we can use are a play
by opening up the help command. So we go – – help and this opens up
the help command for us. Now as you guys
can see it shows us that we can send a D'Orsay. Gation message by tapping into – 0 and then we need
to type in the count. So what we are going
to do is type in – 0 which will send
the DL syndication message and now we can dive 1 or 0. So 1 will send only
one the authentication message while 0 will continuously
Loop it and send a bunch of the authentication messages.

We are going to say zero
because we want to be sure that we are the authenticating
everybody and we can also generally specify the person. We also want to specifically
the authenticate but for this demonstration, I'm just Just going to try
and the authenticate everybody that is there. So what we are going to do is we are going to copy down
the MAC address or the bssid as you would know it and then we are going to run
the authentication message.

Now as you guys can see
Rd authentication message is beginning to hunt
on Channel Nine. Now as you guys know
and as I already know that our bssid or Mac address
is working on Channel 6 now, we can easily change the channel
that are interface. Working on by just going
IW config WL 1 and then Channel and then specifying the channel as you guys can see our chosen
router is working on Channel 6. So that's exactly
what we're going to do. Now as you guys can see it
immediately starts sending the authentication codes
to the specified router and this will actually
make any device that is connected
to that router almost unusable.

You might see that you are
still connected to the Wi-Fi, but try browsing the internet with them you will never be able
to actually Each any site as I'm constantly the authenticating
your service you will need that for a handshake
all the time. And even if it completes you are
suddenly the authenticated again because I'm running
this thing on a loop.

Now, you can let this command
run for a few moments or how much of a time you want
to DDOS at guy for well, this is not exactly a DDOS because you're doing it
from one single machine, but you can also optimize
this code to actually looks like it's running
from several different machine. So let me just show you
how to do that. We are going to write a script
file to actually optimize. Is our code lat
so this script file will actually automate
most of the things that we just did
and also optimize a little by changing our Mac address
every single time.

So we become hard
to actually point out. So the first thing
that we want to do is we want to put our wireless
network card down and maybe that's not the first thing
that I want to do. Just give me a moment
to think about this. I haven't actually thought
this true I'm doing this on the Fly. Okay. So the first thing that we're going to do
is we're going to start a while loop that Is going
to continuously run until we actually
externally stop it. So we go while true
and then we're going to say do and the first thing
that we want to do is send out the authentication
message and we are going to send a it around 10
the authentication messages and we want to run it
on a specific bssid. So that is the bssid
that had copied. So let me just put in that and then we just put
in the interface is it supposed to work on now? What we want to do
after that is You want to change the MAC address after we have sent
all these 10 packets.

So what we will need to do
is put down our wireless network and as already
discussed we can do that with ifconfig wlan0 down. And now what we want to do
is change our Mac address so we can do that with the simple tool
that we had installed and saying Mac changer – are so let me just open up
a Quick Tab and show you guys how much Ginger actually works. Now you can already check out my other video called
the ethical hacking course, which actually covers
a lot of topics and Mac changer is just one
of them and you can check how to use it in depth
in that video. But for now, let me just give
you a brief introduction how much change it works the Mac
changer will basically give you a new Mac address every time let me just open
up the help menu for you guys. So as you guys can see
these are the options that are available to us. We can get a random Mac address. We can also tell to show
our Mac address and we also have to specify Interface when we want to show
us the MAC address now, let me just generate
new Mac address.

So you see our chair
that interface up or insufficient permissions
is being shown. So this means we always have
to put down our interface first. So let me just do that
quickly ifconfig wlan0 down. And now what we want to do is
give ourselves a new Mac address and boom roasted. We already have
a new Mac address as you guys can see
from the new Mac part.

Now if you put back are
in network interface card, and then try and show up
Mac address again weeks. See that our current
MAC and are from red. Mack are two completely
different Mac addresses and of current MAC
and the new Mac I identical. So this is how you
can actually generate new Mac addresses to spoof
your own identity on the while and that is very
useful in this case because the person you're attacking will be
so confused as to what to do because your Mac address
is changing every time and there's no real solution to the situation
that you're creating for them. At least. I don't know of any solution. If you do know
how to stop this for yourself. Please leave it. Down in the comment
section below and help the world a little bit. Now. We wanted also get to know what
our Mac address is every time.

So let me just type my function through the whole thing
and let me just try and grab the new Mac address. So my changer are wl1 and grab Mark and then we
want to put our Rental Car in the monitor mode and then we also want to put
up our network interface card. Now, what we want to do
out here is optimize it so we can be
attacking constantly. So let us Put a sleep timer. So this will make
our program sleep for a particular amount of time. I'm going to make
a sleep for 5 seconds. So after every 5 seconds, it's gonna send
that particular bssid. Then the authentication messages then just going to bring
down my interface card. It's gonna change
my Mac address. It's going to put back
the interface card in the monitor mode
and sleep for 5 seconds. And then repeat
the entire process and to end the script.

Let's just say done. So that will denote
when Loop is done now. Let me just save it
Ctrl o control X to exit and there we go. Okay. So first of all to actually run this need to give it
some more permission. So as you guys can see
we already have it. Let me just put it
in a much more readable format. Okay. So as you guys can see our doors does sh doesn't really
have execute ability so we can do
that with command chmod. So I'm going to give it
some executable permission. So chmod One plus X
and then the name of the file. So this will actually
change our dos dos SSH into a executable bash script. Okay. So it seems that we
have done some error. So let's just go back
into our bash script and check for the error
that we have probably done. So now –
does a jet d'eau start sh. Okay. So the thing
that I am missing is that I forgot – A that I'm supposed to put
before putting the bssid and the are replay
Angie part of the code.

So let me just go ahead
and quickly do that. Okay. So now that that is done. Let me just save it
and quickly exit and see if this thing is working. Ok. So now we are trying
to work out our script now you guys should know that this Erica Wi-Fi
is my company's Wi-Fi and I have complete permission
to go ahead and do this to them. Also. My company's Wi-Fi
is kind of secure. So every time it senses that ADI authentication
message is being sent. I ain't like that. It kind of changes the channel
that it is working on. So these guys are
really smart smarter than me most of the time and this time I'm just going to try and force them
to work on Channel 6. So let me just go
ahead and run my script once.

Okay, so let me just check that. They're still working
on Channel 6 Yep. They're still working
on Channel 6. Let me just check my script
once if it's correctly done if I have the perfect Mark ID. Let me just copy in the Mac ID
just to be sure once again, so they go. Copied it. Let's go into the script
and let's face it out. Okay. So now that that is done and we have mac IDs
and everything set up properly.

Let me just show you
how to run the script so you go Dot and backward slash
and then you said – does SH now. I see that our thing
is working on Channel 8. So this will definitely
not book and say that the SSID is not so
what we need to do as I have showed you guys earlier we can go aw config wl1
and change the channel 2. Channel 6. Oops, I channel
to channel it again. This will not work. I'm sorry. That was my bad. So now that we have changed
it to channel 6, you can see that it is sending
everything immediately. Okay. So that is actually running
our script very well. And as you guys can see
the security measures are taken by my company. It will not always
work on Channel 6. It will keep rotating now
until it finds the safe channel. So it really can't find
a safe Channel. I was always be dosing
on Channel 6 and It will run. Sometimes it won't run sometimes
but mostly with unsecured Wi-Fi that is running at your home.

Mostly this will work
a hundred percent times. So let me just stop this because my company
will go mad on me if I just keep on dancing them. So this brings us to the end
of a demonstration. This is how you can
always toss your neighbors if they're annoying you but remember if you're caught
you could be prosecuted. So this was about
how the device works with DDOS actually is
and the different types and how you can do one
on your own with your own system by my company. It will not always work on
Channel 6 will keep rotating now until it finds the safe channel.

So it really can't find
a safe Channel. I was always be dosing on Channel 6 and it will run
sometimes it won't run sometimes but mostly with unsecured Wi-Fi that is running at your home. Mostly this will work
a hundred percent times. So let me just stop this because my company
will go mad on me if I just keep on dancing them. So this brings us to the end. To off a demonstration. This is how you can
always dose your neighbors if they're annoying you but remember if you're caught
you could be prosecuted. So this was about
how the device Works would beat us actually is and the different types and
how you can do one on your own with your own system. In early days of Internet building websites
were straightforward. There was no JavaScript. No back-end know CSS
and very few images but as web gained
popularity the need for more advanced technology and dynamic websites group this led to development of common
Gateway interface or CGI as we call it and
server-side scripting languages like ASP JavaScript PHP and many others websites changed
and started storing user input and site content.

Databases each and
every data field of a website is like a gate to database
for example in login form. The user enters the login data and search failed
the user enters a search text and in data saving form the user
enters the data to be saved. All this indicate
data goes to database. So instead of correct data, if any malicious code is entered
then there are possibilities for some serious damage
to happen to the database and sometimes to the end. Fire system and this is what
SQL injection is all about.

I'm sure you've heard
of SQL SQL query language or SQL is a language
which is designed to man, you plate and manage
data in a database SQL injection attack is a type
of cybersecurity attack that targets these databases
using specifically crafted SQL statements
to trick the systems into doing unexpected
and undesired things. So by leveraging an SQL injection vulnerability
present in web. Or the website given the right circumstances
an attacker can use it to bypass web applications
authentication details as in if you have login and password user can or attacker can enter
just the user ID. Skip the password entry
and get into the system or it can sometimes
retrieve the content of an entire database. He can also use SQL injection
vulnerability to add modify and sometime delete records in a database
affecting data Integrity while using this vulnerability.

Attacker can do unimaginable
things this exactly shows how dangerous and SQL
injection can be now. Let's check out how a typical
SQL injection is carried out. Well, let's start with
non-technical explanation guys. Have a simple analogy here. So first let's go through this. Once you understand
this you are easily able to relate this with what
SQL injection attack is. So anyway first imagine that you have
a fully automated bus that functions based on the instructions given by
human through a standard web.

Well that for might look
something like this. For example the for might say
drive through the route and where should the bus stop if when should the bus
stop this route and where should the bus stop
and this condition? That's when should the bus stop
or the user inputs. This is where you will have
to enter the input into the form now after putting
some data into the field. It looks something
like this drive through Route 77 and stop at the bus stop if there are people
at the bus stop. Well, that looks
simple enough, right? So basically you're the human or the person is trying
to give 3 instruction that is per should
stop at Route 77. It should stop at the bus stop if there are people
at the bus stop.

Well, that sounds harmless
now imagine a scenario where someone manages
to send these instructions which looks something like this drive through Route 77
and do not stop at the bus stop and ignore rest of the firm if there are people
at the bus stop. And now since the bus
is fully automated. It does exactly as instructed. It drives up Route
77 and does not stop at any bus stop even
when there are people waited because the instruction says
do not stop at the bus stop and ignore the rest of the form. So this part which is if there are people
at the bus stop is ignored we were able to do this because the query structure and the supplied data
are not separated properly so that Automated bus
does not differentiate between the instructions and the data it simply does
anything that it is fed with are asked to do well
SQL injection attacks are based on the same concept attackers are able to inject
malicious instructions into good ones all of which
are then sent to database server through web application and now the technical
explanation and SQL injection needs to conditions to exist which is a relational database
that uses SQL and a user.

And put which is directly
used in an SQL query. Let's say we have
an SQL statement a simple SQL statement. This statement says
select from table users where username is so-and-so
and password is so and so basically you
can think of it as a code for a login form. It's asking for the username and the password
this SQL statement is passed to a function that sends the entire string
to Connected database where it will be passed executed
and returns a result at the end if you have noticed First
the statement contains some special characters, right? We have asked her
to return all the columns for selected database row and then there is equals
to only riddance values that match the search string and then we have
single quote here and here to tell
the SQL database where the search string
starts or ends. So for user you have starting here and in
here and for password here, so basically a pair now
consider the following example in which a website user is able
to change the Use of this user and password such as
n log in form.

So if the values are put
into user and password, it looks something
like this select from users table. The user name is Dean
and password as Winchester's and the SQL statement
is simple enough. It's very direct. So if there is a user called
Dean with password Winchester's then all the columns of table users are
extracted now suppose if the input is not properly
sanitized by the web application the attacker Can easily insert
some malicious SQL statement like this the username
might be Dean or 1 is equal to 1 and then you have double hyphen
followed by password is equal to Winchester's so basically
along with the data the user or the attacker
has tried to enter a malicious SQL statement
disguising it as a data here. So guys, you need
to notice two things here. First one we have or 1 is equal
to 1 it's a condition that will always
be true therefore. It is accepted as
a valid input by application. For example, if Dean
is not a valid user or if there is no user called Dean in the database application
would consider the next value because there is or in between our next value
is 1 is equal to 1 which always returns true.

So basically our input will be
something like this Dean or true and if there is no user called
Dean the next input will be true and it will be taken
as an input value and values will be displayed. So the next part
which has double – I'm sure you know
what double – represents Droid. Basically, it's commenting
the next part of the SQL query.

So it instruct the SQL passer that the rest
of the line is a comment and should not be executed. So the part that's
password part will be ignored. So basically what we're trying
to do is we're trying to bypass the password
authentication here. So once the query executes
the SQL injection effectively removes the password
verification resulting in an authentication bypass
by using double life, and we're commenting
rest of the comment. And before that using
one is equal to one which is translated to true.

We are trying to enter
the database without even giving an invalid value. So the application will most
likely log the attacker in with the first account
from the query result. And as you guys know most
of the time the first account in a database is that if an administrative user
so basically by doing nothing or basically by giving
some random data here the attacker was able
to extract the admin details, it sounds very dangerous, right? So that's all an SQL
injection attack is all about.

As found on YouTube

Share this article

Leave a comment