1
00:00:01,340 --> 00:00:07,910
So now that we have our browser or target hooked we can go on the commands and start executing commands

2
00:00:08,150 --> 00:00:09,510
on that target.

3
00:00:09,830 --> 00:00:14,300
You can use the search to filter it looking for a certain command if you know what you're looking for

4
00:00:14,810 --> 00:00:21,420
or you can use the categories and look for commands suitable to what you want to do on the target computer.

5
00:00:21,440 --> 00:00:23,860
Some of these commands are information gathering commands.

6
00:00:23,960 --> 00:00:25,850
Some of them are social engineering.

7
00:00:25,850 --> 00:00:29,760
Some of them will even give you full control over the target computer.

8
00:00:29,810 --> 00:00:30,900
There is a lot of commands.

9
00:00:30,920 --> 00:00:35,990
So I want to be able to go over all of them but I'll be showing you some of the most important commands

10
00:00:36,200 --> 00:00:38,210
and examples of simple ones as well.

11
00:00:38,240 --> 00:00:44,190
So you know how to experiment and run the other commands so where it doesn't.

12
00:00:44,200 --> 00:00:49,120
If you go to the browser you'll see commands related to stuff that you can do inside the browser so

13
00:00:49,120 --> 00:00:54,310
you can see things that will allow you to for example get a screenshot and you'll be able to try and

14
00:00:54,310 --> 00:00:57,450
gain and turn on the web cam and see if it works.

15
00:00:57,610 --> 00:01:04,180
And basically open the webcam on the target you can gather information.

16
00:01:04,540 --> 00:01:11,230
If you go here on the exploits you'll see a number of exploits that you can run again depending on what's

17
00:01:11,230 --> 00:01:13,140
running on the contact with computer.

18
00:01:13,150 --> 00:01:20,170
You can run them all you have to do is just click on the module that you want to run and click on execute.

19
00:01:20,170 --> 00:01:26,010
Sometimes the modules need to set some options to be set up and we'll have examples of that as well.

20
00:01:26,290 --> 00:01:31,570
And the social engineering again there are some really cool stuff that you can do and you can show fake

21
00:01:32,080 --> 00:01:35,260
updates fake notification bars and stuff like that.

22
00:01:36,510 --> 00:01:39,130
So tell me an example of a very simple command.

23
00:01:39,270 --> 00:01:46,260
So again we're going to do just an alert to show an alert box so some just using the search to filter

24
00:01:47,190 --> 00:01:53,120
and you can see here this will just create an alert dialog and it's going to say Be alert dialog.

25
00:01:53,130 --> 00:01:55,260
You can modify this and type in anything you want.

26
00:01:55,260 --> 00:02:04,160
For example I'm going to type in test and then when you execute go into Target and you'll see that the

27
00:02:04,160 --> 00:02:06,560
target got a message saying test.

28
00:02:06,740 --> 00:02:09,740
So this has been injected into the target browser.

29
00:02:11,650 --> 00:02:14,740
Another cool thing that you can do is the wrong javascript

30
00:02:17,770 --> 00:02:21,360
and this will allow you to execute any javascript you want.

31
00:02:21,460 --> 00:02:26,260
So again you can look for Google for useful javascript code for example a key logger or whatever you

32
00:02:26,260 --> 00:02:31,960
want to do or you can write your own if you know javascript and basically whatever you write here will

33
00:02:31,960 --> 00:02:33,650
be executed on the target.

34
00:02:33,880 --> 00:02:42,770
Again we're only saying an alert and this is going to say beef raw javascript and can execute.

35
00:02:42,810 --> 00:02:49,320
And here we go again we get a dialog saying we've tried javascript.

36
00:02:49,470 --> 00:02:55,650
Let's see if we can get a screenshot of the target computer and we're going to use plug in called Spy.

37
00:02:55,880 --> 00:03:05,950
Spider I think yes by there I so again click on it here like Suku give it a second then we're going

38
00:03:05,950 --> 00:03:07,270
to click on the command here.

39
00:03:08,630 --> 00:03:22,770
It looks like this time didn't work properly let's just do it again.

40
00:03:22,860 --> 00:03:23,490
And here we go.

41
00:03:23,490 --> 00:03:27,600
As you can see we've got a screen shot of what the target person is looking at.

42
00:03:29,250 --> 00:03:32,110
I know the really good plug in is a plug in.

43
00:03:32,110 --> 00:03:40,950
It's a redirect plug in and it will basically allow you to redirect the browser to any web page you

44
00:03:40,950 --> 00:03:41,490
want.

45
00:03:41,490 --> 00:03:46,200
This could be very useful because you can use it to redirect the target person and tell them that they're

46
00:03:46,200 --> 00:03:51,330
going to need to download that update and instead of giving them an update give them back or you can

47
00:03:51,330 --> 00:03:54,470
redirect them to a fake logon page for example for Facebook.

48
00:03:54,510 --> 00:03:59,490
You can really do anything you want with this so you can set the website that you want the target to

49
00:03:59,490 --> 00:04:00,820
be redirected to.

50
00:04:00,930 --> 00:04:05,020
And we're going to redirect them to project in this example and we'll see you.

51
00:04:05,040 --> 00:04:05,780
Execute

52
00:04:08,700 --> 00:04:12,910
as you can see here they are redirected to beef project.

53
00:04:12,960 --> 00:04:16,830
These are some of the basic modules that are that you can use.

54
00:04:16,830 --> 00:04:18,390
Again you can experiment with these.

55
00:04:18,390 --> 00:04:23,730
Go over them and see what would be useful in your particular situation.