1 00:00:01,340 --> 00:00:07,910 So now that we have our browser or target hooked we can go on the commands and start executing commands 2 00:00:08,150 --> 00:00:09,510 on that target. 3 00:00:09,830 --> 00:00:14,300 You can use the search to filter it looking for a certain command if you know what you're looking for 4 00:00:14,810 --> 00:00:21,420 or you can use the categories and look for commands suitable to what you want to do on the target computer. 5 00:00:21,440 --> 00:00:23,860 Some of these commands are information gathering commands. 6 00:00:23,960 --> 00:00:25,850 Some of them are social engineering. 7 00:00:25,850 --> 00:00:29,760 Some of them will even give you full control over the target computer. 8 00:00:29,810 --> 00:00:30,900 There is a lot of commands. 9 00:00:30,920 --> 00:00:35,990 So I want to be able to go over all of them but I'll be showing you some of the most important commands 10 00:00:36,200 --> 00:00:38,210 and examples of simple ones as well. 11 00:00:38,240 --> 00:00:44,190 So you know how to experiment and run the other commands so where it doesn't. 12 00:00:44,200 --> 00:00:49,120 If you go to the browser you'll see commands related to stuff that you can do inside the browser so 13 00:00:49,120 --> 00:00:54,310 you can see things that will allow you to for example get a screenshot and you'll be able to try and 14 00:00:54,310 --> 00:00:57,450 gain and turn on the web cam and see if it works. 15 00:00:57,610 --> 00:01:04,180 And basically open the webcam on the target you can gather information. 16 00:01:04,540 --> 00:01:11,230 If you go here on the exploits you'll see a number of exploits that you can run again depending on what's 17 00:01:11,230 --> 00:01:13,140 running on the contact with computer. 18 00:01:13,150 --> 00:01:20,170 You can run them all you have to do is just click on the module that you want to run and click on execute. 19 00:01:20,170 --> 00:01:26,010 Sometimes the modules need to set some options to be set up and we'll have examples of that as well. 20 00:01:26,290 --> 00:01:31,570 And the social engineering again there are some really cool stuff that you can do and you can show fake 21 00:01:32,080 --> 00:01:35,260 updates fake notification bars and stuff like that. 22 00:01:36,510 --> 00:01:39,130 So tell me an example of a very simple command. 23 00:01:39,270 --> 00:01:46,260 So again we're going to do just an alert to show an alert box so some just using the search to filter 24 00:01:47,190 --> 00:01:53,120 and you can see here this will just create an alert dialog and it's going to say Be alert dialog. 25 00:01:53,130 --> 00:01:55,260 You can modify this and type in anything you want. 26 00:01:55,260 --> 00:02:04,160 For example I'm going to type in test and then when you execute go into Target and you'll see that the 27 00:02:04,160 --> 00:02:06,560 target got a message saying test. 28 00:02:06,740 --> 00:02:09,740 So this has been injected into the target browser. 29 00:02:11,650 --> 00:02:14,740 Another cool thing that you can do is the wrong javascript 30 00:02:17,770 --> 00:02:21,360 and this will allow you to execute any javascript you want. 31 00:02:21,460 --> 00:02:26,260 So again you can look for Google for useful javascript code for example a key logger or whatever you 32 00:02:26,260 --> 00:02:31,960 want to do or you can write your own if you know javascript and basically whatever you write here will 33 00:02:31,960 --> 00:02:33,650 be executed on the target. 34 00:02:33,880 --> 00:02:42,770 Again we're only saying an alert and this is going to say beef raw javascript and can execute. 35 00:02:42,810 --> 00:02:49,320 And here we go again we get a dialog saying we've tried javascript. 36 00:02:49,470 --> 00:02:55,650 Let's see if we can get a screenshot of the target computer and we're going to use plug in called Spy. 37 00:02:55,880 --> 00:03:05,950 Spider I think yes by there I so again click on it here like Suku give it a second then we're going 38 00:03:05,950 --> 00:03:07,270 to click on the command here. 39 00:03:08,630 --> 00:03:22,770 It looks like this time didn't work properly let's just do it again. 40 00:03:22,860 --> 00:03:23,490 And here we go. 41 00:03:23,490 --> 00:03:27,600 As you can see we've got a screen shot of what the target person is looking at. 42 00:03:29,250 --> 00:03:32,110 I know the really good plug in is a plug in. 43 00:03:32,110 --> 00:03:40,950 It's a redirect plug in and it will basically allow you to redirect the browser to any web page you 44 00:03:40,950 --> 00:03:41,490 want. 45 00:03:41,490 --> 00:03:46,200 This could be very useful because you can use it to redirect the target person and tell them that they're 46 00:03:46,200 --> 00:03:51,330 going to need to download that update and instead of giving them an update give them back or you can 47 00:03:51,330 --> 00:03:54,470 redirect them to a fake logon page for example for Facebook. 48 00:03:54,510 --> 00:03:59,490 You can really do anything you want with this so you can set the website that you want the target to 49 00:03:59,490 --> 00:04:00,820 be redirected to. 50 00:04:00,930 --> 00:04:05,020 And we're going to redirect them to project in this example and we'll see you. 51 00:04:05,040 --> 00:04:05,780 Execute 52 00:04:08,700 --> 00:04:12,910 as you can see here they are redirected to beef project. 53 00:04:12,960 --> 00:04:16,830 These are some of the basic modules that are that you can use. 54 00:04:16,830 --> 00:04:18,390 Again you can experiment with these. 55 00:04:18,390 --> 00:04:23,730 Go over them and see what would be useful in your particular situation.