1 00:00:00,280 --> 00:00:05,650 And Lou everybody when it comes to my advanced ethical hacking networking penetration testing goes 2 00:00:16,090 --> 00:00:21,650 the syllabus will cover the part of state of kind. 3 00:00:22,210 --> 00:00:30,420 In this so we are going to show you what first we are going to tell you a little bit about what is still 4 00:00:30,570 --> 00:00:36,440 Iris skin and how how it works and how to fight against this. 5 00:00:36,730 --> 00:00:41,920 So here we are going to use every well known tool tool which is snow. 6 00:00:42,150 --> 00:00:44,370 We will use it only on carrying machine. 7 00:00:44,400 --> 00:00:46,280 So here we are on a Mac. 8 00:00:46,560 --> 00:00:52,320 So we are going to show just a really do stuff about it to install it on your Michael Clayton system 9 00:00:52,320 --> 00:00:56,400 first thing first you have to do you have to go and copy this link. 10 00:00:56,670 --> 00:01:02,040 We would amend you know to copy this command. 11 00:01:02,070 --> 00:01:12,210 All right go and type this command in into your into your operating system and type this coming into 12 00:01:12,210 --> 00:01:17,300 a terminal soloists Yeah I'm going to pass it here. 13 00:01:17,350 --> 00:01:18,820 Everything will be provided guys. 14 00:01:19,270 --> 00:01:22,960 So don't worry we don't wind though. 15 00:01:23,770 --> 00:01:24,530 OK. 16 00:01:24,880 --> 00:01:37,230 So let's make it bigger and well we don't need it we need quite and yeah let's make it this one. 17 00:01:37,330 --> 00:01:46,720 OK here you're gonna go and post it here puts it into a terminal after testing so you know you have 18 00:01:46,720 --> 00:01:53,120 to put your password your logging password of course and then now of two you're going to type this in 19 00:01:53,130 --> 00:02:00,290 the comment would be this one so you copy D or B minus E and so into on its own so. 20 00:02:00,290 --> 00:02:05,490 So you posted after pressing intel you can now wait and put your password and then you're going to type 21 00:02:05,500 --> 00:02:12,310 this comment to install it's not and you're going to wait till it's installed after that while it is 22 00:02:12,310 --> 00:02:13,040 installing. 23 00:02:13,160 --> 00:02:20,940 So you have to abated by this common sudo show more or less. 24 00:02:21,630 --> 00:02:22,980 And this. 25 00:02:22,990 --> 00:02:28,400 So what I read after right after this and with Andrew if you want to to open your snot. 26 00:02:28,450 --> 00:02:34,290 So we just take the comments not introduce what we are going to show to you or Kylie machine. 27 00:02:34,410 --> 00:02:34,930 OK. 28 00:02:35,020 --> 00:02:40,290 So let's go through they tell me to call first because this comment for you. 29 00:02:40,310 --> 00:02:51,090 Well OK I don't need this don't OK so let's go here. 30 00:02:51,600 --> 00:02:53,950 This process how it works. 31 00:02:53,950 --> 00:02:56,910 The first thing for us this tale. 32 00:02:57,590 --> 00:03:02,340 I can hear we love her still but I'm gonna tell you how it works. 33 00:03:02,530 --> 00:03:03,640 And I'll tell you much. 34 00:03:03,990 --> 00:03:06,960 And so here you have a description. 35 00:03:07,050 --> 00:03:08,280 What you have to do. 36 00:03:08,280 --> 00:03:17,550 You have to use the command say in my command and the IP address of your zombie machine and the IP address 37 00:03:17,550 --> 00:03:18,570 if you're a victim. 38 00:03:19,080 --> 00:03:23,670 Let's say here you're going to tape the in command and your type in the command. 39 00:03:23,670 --> 00:03:25,780 So this is how the process will be. 40 00:03:25,950 --> 00:03:31,820 It's one command then a command. 41 00:03:31,830 --> 00:03:37,800 And here would be the IP address of the zombie approaches of the zombie. 42 00:03:37,800 --> 00:03:39,260 So what we mean by that. 43 00:03:39,270 --> 00:03:46,130 Here is the IP address behind which your IP address would be hidden. 44 00:03:46,580 --> 00:03:51,170 And here it would be either visible of the victim machine. 45 00:03:51,540 --> 00:03:56,690 So between this command this is so trying. 46 00:03:57,370 --> 00:03:59,190 Warning on college UNIX machine. 47 00:03:59,190 --> 00:04:09,870 And then you would make this can you the victim let's say ask some kind of security's properties or 48 00:04:09,870 --> 00:04:11,370 securities. 49 00:04:11,730 --> 00:04:20,370 System put in place that is let's say if a firewall or any idea is intrusion detection system it won't 50 00:04:20,370 --> 00:04:33,300 get it your will IP because your IP is hidden behind behind the IP address of the zombie state is only. 51 00:04:33,560 --> 00:04:34,530 Well so. 52 00:04:34,610 --> 00:04:36,240 OK. 53 00:04:37,020 --> 00:04:42,110 We will surely show how it works to you in a practical port. 54 00:04:42,150 --> 00:04:43,170 After a few minutes. 55 00:04:43,470 --> 00:04:49,590 So now let's let's explain to you how it is too critically. 56 00:04:50,280 --> 00:04:50,610 OK. 57 00:04:50,880 --> 00:04:54,380 So we can remove this comment so we don't need this fine. 58 00:04:54,450 --> 00:05:00,450 We provided to you so that you can read it before starting your your particular port. 59 00:05:01,150 --> 00:05:05,410 But if you already have a knowledge about it so it doesn't matter. 60 00:05:05,490 --> 00:05:06,590 You have to. 61 00:05:06,600 --> 00:05:08,780 You don't have to read it line by line. 62 00:05:09,330 --> 00:05:10,140 OK. 63 00:05:10,260 --> 00:05:16,380 So the first case is that you put these on B's IP address and recorded. 64 00:05:16,380 --> 00:05:23,720 So you try to find it in an IP address which is in your environment. 65 00:05:24,780 --> 00:05:27,470 So after that what are we going to do. 66 00:05:27,540 --> 00:05:32,270 You're going to type in my command and hide yourself behind it. 67 00:05:32,280 --> 00:05:33,650 So this is how it works. 68 00:05:34,110 --> 00:05:34,810 And we quote it. 69 00:05:34,860 --> 00:05:42,570 I mean you recorded that means you take note of it so that you can proceed with your will which of process 70 00:05:42,930 --> 00:05:45,430 and forge a C on them. 71 00:05:45,560 --> 00:05:52,730 Ford is saying us packets from the zombie and send it to the DOJ report on the target depending on the 72 00:05:52,730 --> 00:05:58,270 port state the target's creation may or may not cause the zombies IPO just to be implemented. 73 00:05:58,380 --> 00:06:05,760 We would show like probably zombies I.P. address again their target to fraud state is then data mined 74 00:06:06,570 --> 00:06:09,210 by comparing this new IP address and so on software. 75 00:06:09,250 --> 00:06:13,830 OK so two can just read it. 76 00:06:13,980 --> 00:06:16,120 This is how the process is working. 77 00:06:16,200 --> 00:06:23,610 You see it you put this on the IP address now where the attacker sends it synchronous acknowledged to 78 00:06:23,610 --> 00:06:24,270 the zombie. 79 00:06:24,780 --> 00:06:25,370 Yeah. 80 00:06:25,650 --> 00:06:34,450 In the zombie net it's getting decent canoes acknowledge sends back it is to disclose its IP address. 81 00:06:34,500 --> 00:06:36,320 So this step is always the same. 82 00:06:36,660 --> 00:06:37,800 Okay. 83 00:06:37,890 --> 00:06:41,280 Why you send your comment to the. 84 00:06:42,030 --> 00:06:49,050 To the zombies and then the zombies sends the command to the target machine. 85 00:06:49,050 --> 00:06:50,590 I mean to the victim. 86 00:06:50,670 --> 00:07:00,830 So now being as the victim you get communication with the zombies and not with the attacker. 87 00:07:01,360 --> 00:07:02,310 Okay. 88 00:07:02,470 --> 00:07:07,180 You can read these readings with this and finding you're working. 89 00:07:07,280 --> 00:07:10,630 Do scans on because you're going to find it. 90 00:07:10,820 --> 00:07:13,420 So let's read a very good line. 91 00:07:13,430 --> 00:07:20,550 The first blog for you the first step is executing an IP and your skin is to find inappropriate zombie. 92 00:07:20,570 --> 00:07:27,440 It needs to assign that IP are just packets and commentary on a global word and horse it communicates 93 00:07:27,440 --> 00:07:29,020 with bases. 94 00:07:29,120 --> 00:07:35,770 It should be either a hand to this simple and of course as extra use traffic will bump up its IPO address 95 00:07:35,780 --> 00:07:36,220 against. 96 00:07:36,220 --> 00:07:36,630 Okay. 97 00:07:36,740 --> 00:07:37,800 What do you mean by that. 98 00:07:38,030 --> 00:07:45,560 So let's just show you a little panel or cutting machine just for a quick view to show you how to speak 99 00:07:45,620 --> 00:07:49,260 or how to choose a particular zombie IP address. 100 00:07:49,290 --> 00:07:53,550 So you open up your cutting machine okay. 101 00:07:53,560 --> 00:07:59,340 So we save his vision so it's going to benefit all we have done before. 102 00:07:59,350 --> 00:08:03,350 So let's just open it okay here. 103 00:08:03,360 --> 00:08:12,160 So we're going to open a new terminal killer see you when I try to find out which which is on the IP 104 00:08:12,160 --> 00:08:14,120 address you want to find. 105 00:08:14,260 --> 00:08:17,140 But before let's check IP address here. 106 00:08:17,950 --> 00:08:19,280 So. 107 00:08:19,490 --> 00:08:25,450 Or IP address on the host machine is to be if and then we'll type it. 108 00:08:25,450 --> 00:08:28,390 So yeah. 109 00:08:28,810 --> 00:08:31,510 And you go here. 110 00:08:31,510 --> 00:08:36,180 So it ends with 2 7. 111 00:08:36,480 --> 00:08:37,390 Be aware. 112 00:08:38,330 --> 00:08:41,880 Any time you change your network so your IP address. 113 00:08:42,120 --> 00:08:42,950 No. 114 00:08:43,060 --> 00:08:48,490 The last number or this number might get changed or even the whole number might get changed on your 115 00:08:49,150 --> 00:08:49,870 local network. 116 00:08:49,880 --> 00:08:56,410 It does it mean that it won't do what you have to be aware to check it again so that you make it so 117 00:08:56,410 --> 00:09:02,740 that you make it comfortable to the future books machine IP and your host machine. 118 00:09:02,740 --> 00:09:10,320 For example if in your copy machine your network let's say here to your network is is on Wi-Fi. 119 00:09:10,630 --> 00:09:12,530 If now after some time. 120 00:09:12,550 --> 00:09:21,250 So you even you just saved this version of the cutting machine and you put a keyboard in turn it then 121 00:09:21,580 --> 00:09:28,340 now you're going to try to have to fix it here you know so you're going to have to fix it and you end 122 00:09:28,540 --> 00:09:34,520 automatically you would find your your new Internet adapter so you get to fix it. 123 00:09:34,750 --> 00:09:38,140 Otherwise it will give you it might give you it anymore. 124 00:09:38,170 --> 00:09:39,040 All right. 125 00:09:39,040 --> 00:09:42,720 So so let's close this. 126 00:09:43,090 --> 00:09:53,420 Let's go here and you just type net discover as we have said guys all these tapes train and map then 127 00:09:53,470 --> 00:09:58,820 map need tool need to you know make us proud. 128 00:09:58,900 --> 00:10:08,940 It has broad US broad Armitage we have explained everything in our first lecture. 129 00:10:09,080 --> 00:10:11,530 So how to get this option. 130 00:10:11,680 --> 00:10:18,820 You just try to type in the Discover and stuff and then you press minus 5 and the E to eat is. 131 00:10:18,870 --> 00:10:19,810 It's all introverts. 132 00:10:20,020 --> 00:10:29,590 So to check your interface you have to just say let's make it let's let's wind let's just copy it and 133 00:10:30,080 --> 00:10:31,910 copy okay. 134 00:10:32,180 --> 00:10:36,060 Forget your user interface will have to take config. 135 00:10:36,130 --> 00:10:37,510 So it is easier here. 136 00:10:37,570 --> 00:10:40,530 So to see very well you just say. 137 00:10:40,710 --> 00:10:42,270 If config. 138 00:10:42,310 --> 00:10:42,940 Exactly. 139 00:10:42,940 --> 00:10:44,490 So this is your IP address. 140 00:10:44,530 --> 00:10:47,260 This is all IP address under this interface. 141 00:10:47,260 --> 00:10:55,600 So now you're going to type that in a discourse or you just for a second shift in in we posted here. 142 00:10:55,760 --> 00:10:58,400 Yeah it takes this one. 143 00:10:58,410 --> 00:10:58,770 Okay. 144 00:10:58,780 --> 00:11:04,800 And with this you're here you're gonna find a lot of IP address. 145 00:11:04,930 --> 00:11:11,240 So let's just stop it because we don't have we don't need to just show you show you too many things. 146 00:11:11,290 --> 00:11:11,590 Okay. 147 00:11:11,590 --> 00:11:13,530 And you just pick one of them. 148 00:11:13,570 --> 00:11:18,220 This is all IP address or host IP address or Mac IP address. 149 00:11:18,250 --> 00:11:21,620 So this is the IP address of. 150 00:11:21,990 --> 00:11:22,290 Oh. 151 00:11:22,300 --> 00:11:24,970 This is the appearance of someone is and this is the seed. 152 00:11:25,390 --> 00:11:33,820 Okay let's just shut it down like that and so much in state so that we don't need to start a new stuff. 153 00:11:33,940 --> 00:11:34,490 Okay. 154 00:11:34,960 --> 00:11:35,490 Yeah. 155 00:11:35,980 --> 00:11:39,470 So let's look at ways. 156 00:11:39,480 --> 00:11:40,820 So this is how it works. 157 00:11:40,840 --> 00:11:42,750 So you have to find it working. 158 00:11:42,760 --> 00:11:45,560 I do a zombie zombie so that you make it work. 159 00:11:45,740 --> 00:11:46,910 Okay here. 160 00:11:46,960 --> 00:11:49,090 This is a very way example. 161 00:11:49,090 --> 00:11:56,320 Once a suitable zombie has been flown as big pig it has been picked up by you to performing is it is 162 00:11:56,320 --> 00:12:03,190 very easy as we have shown you as we have showed you earlier in in our killing machine. 163 00:12:03,190 --> 00:12:07,420 So since you have your zombie it is very easy. 164 00:12:07,420 --> 00:12:14,210 You see a map of port network and minus people again in the minus airs. 165 00:12:14,290 --> 00:12:22,020 This is a scan and I I do it and you put your victim so your victim might be in April dressed as whereas 166 00:12:22,430 --> 00:12:26,340 as an as a website domain. 167 00:12:26,380 --> 00:12:28,510 So again a new justice. 168 00:12:28,600 --> 00:12:30,680 Start your scan. 169 00:12:30,910 --> 00:12:31,390 Okay. 170 00:12:31,390 --> 00:12:37,610 This is how it works this is how it works implementation are going where decision call a all scan. 171 00:12:37,610 --> 00:12:45,670 Step by step to describe a scan and the very fundamental level the map implementation is far more complex. 172 00:12:45,700 --> 00:12:53,440 Key differences are part of reason for quick execution and we didn't then see to reduce first positive. 173 00:12:53,530 --> 00:12:56,300 Of course it will be so many false positives. 174 00:12:56,340 --> 00:13:03,970 Because sometimes if your IDE is intrusion detection system has set up in such a way that it detects 175 00:13:04,210 --> 00:13:07,530 ICMP or DCP European so-and-so. 176 00:13:07,810 --> 00:13:16,540 So when the attacker is aware of these things what he can do he can try to do some tweaking stuff like 177 00:13:17,050 --> 00:13:22,040 like hiding behind something or you know so that you don't get it. 178 00:13:22,050 --> 00:13:28,090 So while you get who you have a notification from someone who's trying to get into a system and that 179 00:13:28,090 --> 00:13:38,160 one has an IP address of 0 0 1 9 2 a BLA BLA BLA 1 1 1 for example it's a but it's an innocent IP address. 180 00:13:38,200 --> 00:13:39,870 It's not the attacker and address. 181 00:13:39,940 --> 00:13:40,920 You know what I'm saying. 182 00:13:40,930 --> 00:13:44,730 So this is what we call first positive. 183 00:13:44,860 --> 00:13:52,480 So to make your stuff much more so you want to if you want to get if you want to know how deep penetration 184 00:13:52,780 --> 00:14:01,120 is doing or is wanting you can just get packet trace packages is it a good command to detect how the 185 00:14:01,120 --> 00:14:07,330 communication is form you as that occur to the zombie and then from the zombie to the victim from the 186 00:14:07,330 --> 00:14:11,470 victim to the zombie from the zombie to the victim again from the zombie to the victim and from the 187 00:14:11,470 --> 00:14:12,270 zombie to you. 188 00:14:12,280 --> 00:14:21,760 So only one communication is is getting you as the attacker is the zombie the victim never which is 189 00:14:21,760 --> 00:14:23,560 you the victim only. 190 00:14:23,560 --> 00:14:33,130 Which is the attacker aside we are we are going to explain to you guys fight against steel ideal skin. 191 00:14:33,340 --> 00:14:33,900 So. 192 00:14:33,970 --> 00:14:39,340 Okay now let's try to show you how the attack is working. 193 00:14:39,340 --> 00:14:45,190 Now let's go back to Kelly machine so we can just minimize it before going to the Security Board because 194 00:14:45,490 --> 00:14:48,670 fate again is still a big screen is the security. 195 00:14:48,680 --> 00:14:55,480 But what you have to do you know so again before going to this we are going to show you how the attack 196 00:14:55,720 --> 00:15:00,880 or how the penetration can be made. 197 00:15:00,880 --> 00:15:12,600 So we call you again get restarted. 198 00:15:12,860 --> 00:15:13,310 Good 199 00:15:18,870 --> 00:15:20,830 or good so we can minimize it. 200 00:15:20,870 --> 00:15:22,310 Or just close it. 201 00:15:22,310 --> 00:15:22,800 All right. 202 00:15:23,010 --> 00:15:29,550 So now what we are going to do week as we have said is we have already find some I.P. address. 203 00:15:29,570 --> 00:15:35,780 I mean some target so we can try to see if they host it up or down. 204 00:15:35,780 --> 00:15:48,590 So to do that let's let's just waste this first came with a map and scan Network SCAN network in what 205 00:15:48,590 --> 00:15:49,790 we are going to do. 206 00:15:50,030 --> 00:15:57,710 We are going to tape the range of IP address so before that let's check it again so that we show it 207 00:15:57,710 --> 00:15:59,100 to you or IP. 208 00:15:59,100 --> 00:16:13,660 This was a copy machine was this was 1 5 9 0 key note the net mass is 255 255 255. 209 00:16:13,720 --> 00:16:19,990 That means so we can assume that the range is 24 slash 24. 210 00:16:19,990 --> 00:16:32,980 So when we type in LA minus n so we take the IP range and the IP range at 1 6 8 and one dot one you 211 00:16:32,980 --> 00:16:39,130 see one dot one and then here we type 24. 212 00:16:39,430 --> 00:16:41,890 And then so we can put it into. 213 00:16:42,140 --> 00:16:43,470 Now we are waiting. 214 00:16:43,620 --> 00:16:44,450 Okay. 215 00:16:44,570 --> 00:16:52,160 It seems to us how many computers are up so let's say let's check it close it up. 216 00:16:52,610 --> 00:17:00,610 So okay I can tell you is a super computer so we have seen it before in all Hear hear. 217 00:17:00,630 --> 00:17:02,290 So we have seen it. 218 00:17:03,030 --> 00:17:06,660 This was computer so much skin. 219 00:17:06,790 --> 00:17:08,030 This is one to me again. 220 00:17:08,060 --> 00:17:10,520 Oh no I knew MAC address. 221 00:17:10,540 --> 00:17:13,150 I'll kill your kid on high. 222 00:17:13,450 --> 00:17:14,310 OK. 223 00:17:14,380 --> 00:17:16,030 Chose my book. 224 00:17:16,210 --> 00:17:18,150 Of course this is awesome. 225 00:17:18,250 --> 00:17:19,930 This is almost machine. 226 00:17:19,930 --> 00:17:21,860 I mean this Mac machine. 227 00:17:22,020 --> 00:17:23,100 All right. 228 00:17:23,170 --> 00:17:27,190 So he sees the MAC address of it. 229 00:17:27,370 --> 00:17:31,190 So we have one good omen. 230 00:17:31,210 --> 00:17:45,520 We have 1 2 2 2 3 4 5 6 6 machines that forget that this is a all or candy machine. 231 00:17:45,520 --> 00:17:46,480 Okay. 232 00:17:46,660 --> 00:17:46,960 All right. 233 00:17:47,200 --> 00:17:55,870 Now since we have a lot of computers which are or let's say we have a lot of devices which are up so 234 00:17:56,170 --> 00:17:58,380 we are to be we are going to be careful. 235 00:17:58,390 --> 00:18:02,890 We will just make a pediatrician to all computers. 236 00:18:02,920 --> 00:18:09,220 So these computers as you said earlier this is my candy machine. 237 00:18:09,220 --> 00:18:11,990 This machine like this. 238 00:18:12,130 --> 00:18:12,990 I don't know it. 239 00:18:13,040 --> 00:18:14,680 So let's go again. 240 00:18:14,770 --> 00:18:15,910 This I know it would. 241 00:18:15,910 --> 00:18:18,210 I don't have a wide access to it. 242 00:18:18,230 --> 00:18:18,410 OK. 243 00:18:18,490 --> 00:18:21,850 This is my MacBook IP address. 244 00:18:21,870 --> 00:18:22,100 Okay. 245 00:18:22,120 --> 00:18:22,850 We can use it. 246 00:18:22,870 --> 00:18:27,220 And this one is my own to address 247 00:18:30,130 --> 00:18:40,960 we have to note because many people do you think that using insiders can and they can just do it quickly 248 00:18:41,290 --> 00:18:47,410 with any kind of computing system with any kind of operating system that they are using. 249 00:18:47,590 --> 00:18:52,930 But we are far away from this kind of deal because it's not to some. 250 00:18:52,940 --> 00:19:01,920 So one might be lucky enough if if they use and not version of Windows operating system and then now 251 00:19:02,150 --> 00:19:02,970 this can. 252 00:19:03,000 --> 00:19:04,610 So let's say in. 253 00:19:04,680 --> 00:19:05,870 Wait a. 254 00:19:06,030 --> 00:19:06,900 Let me check it. 255 00:19:06,970 --> 00:19:14,150 You like the foot and mouth scan a door and then you put it would this these numbers here. 256 00:19:14,440 --> 00:19:16,900 So this is the IP address of. 257 00:19:17,410 --> 00:19:18,120 Let me check it. 258 00:19:19,030 --> 00:19:20,760 Let me put our up. 259 00:19:20,860 --> 00:19:21,230 OK. 260 00:19:21,460 --> 00:19:24,450 So this is the IP IP address of your victim. 261 00:19:24,610 --> 00:19:28,280 And this is the IP address of your zombie. 262 00:19:28,360 --> 00:19:31,310 But many people just say that. 263 00:19:31,350 --> 00:19:31,950 Okay. 264 00:19:32,020 --> 00:19:35,530 It's enough to just put a port behind it. 265 00:19:35,740 --> 00:19:40,570 This kind of port because sometimes usually it's like that but it it's working. 266 00:19:40,570 --> 00:19:45,430 But on some old version of Windows OK let's say Windows 98. 267 00:19:45,430 --> 00:19:45,760 Yeah. 268 00:19:45,790 --> 00:19:46,880 So it might work. 269 00:19:47,140 --> 00:19:54,670 But nowadays it won't work anymore because some systems they have already put it kind of ISP is inside 270 00:19:54,670 --> 00:19:57,480 of it so that they see this. 271 00:19:57,580 --> 00:20:07,290 I do scan will not intercept or or will not cross the border so that they don't reach the victim let 272 00:20:07,300 --> 00:20:11,170 us just give you a short overview of how it works. 273 00:20:11,170 --> 00:20:11,490 Okay. 274 00:20:11,500 --> 00:20:12,210 Let's go to. 275 00:20:12,220 --> 00:20:13,640 All right. 276 00:20:14,500 --> 00:20:16,040 OK. 277 00:20:16,120 --> 00:20:20,000 Fight against so we have to evolve. 278 00:20:20,080 --> 00:20:20,920 All right. 279 00:20:20,920 --> 00:20:29,790 So now this step before going into this step is is that fighting a zombie IP address. 280 00:20:29,830 --> 00:20:30,960 Is not that easy. 281 00:20:31,000 --> 00:20:40,150 As as you might think you just try to discover and then you pick a number you use it as I do or always 282 00:20:40,150 --> 00:20:43,630 on B and then use an order one as victim No no no no. 283 00:20:43,660 --> 00:20:46,200 It's a day that you have to find a way. 284 00:20:46,240 --> 00:20:49,360 This only means that that IP is vulnerable. 285 00:20:50,030 --> 00:20:58,660 So since that IP is vulnerable sometimes it might happen that if we use it so we can cross the border 286 00:20:59,240 --> 00:21:02,150 then we can try to make discarding of. 287 00:21:02,260 --> 00:21:13,540 So let's say and map in much scripting engine provides provide this quite IPD IP sequence to detect 288 00:21:13,780 --> 00:21:18,770 new book Zombie devices in the following is input to make it so. 289 00:21:18,820 --> 00:21:19,840 But first thing first. 290 00:21:19,860 --> 00:21:24,760 Who noble host are classified as incremental or a later engine. 291 00:21:24,760 --> 00:21:28,420 Just for a quick overview if we go up up up up up. 292 00:21:28,420 --> 00:21:30,330 So we have doing it. 293 00:21:30,400 --> 00:21:30,980 OK. 294 00:21:31,120 --> 00:21:33,130 So this is an incremental. 295 00:21:33,640 --> 00:21:36,460 So we will show you it in use against guys. 296 00:21:36,490 --> 00:21:37,210 So don't worry. 297 00:21:37,540 --> 00:21:37,900 Yeah. 298 00:21:37,930 --> 00:21:41,020 So it did the vulnerable host. 299 00:21:41,040 --> 00:21:45,740 It's classified as being incremental sometimes if you find it. 300 00:21:45,810 --> 00:21:46,670 Let him see. 301 00:21:46,750 --> 00:21:53,080 It's not that white for you because you don't need it as a latency window indeed as increment or not 302 00:21:53,170 --> 00:21:54,290 I. 303 00:21:54,290 --> 00:22:04,120 So now what we are going to do the first step when you want to make a scan you have to find is zombie 304 00:22:04,720 --> 00:22:08,640 the zombie ages is renewable. 305 00:22:08,650 --> 00:22:18,450 Listen you have to be aware of or so you can get a lot of false positive or false negatives of the result. 306 00:22:18,460 --> 00:22:19,250 Yeah. 307 00:22:19,250 --> 00:22:19,680 All right. 308 00:22:19,840 --> 00:22:29,710 So he you you it might have happened if you use this this IP. 309 00:22:30,590 --> 00:22:31,340 OK. 310 00:22:31,450 --> 00:22:34,740 And this is always on me. 311 00:22:34,780 --> 00:22:37,410 This is all on the end and this is a victim. 312 00:22:37,450 --> 00:22:42,250 If you use it sometimes or all or once on Windows so all windows. 313 00:22:42,260 --> 00:22:46,230 So it might work but sometimes it might not work either. 314 00:22:46,240 --> 00:22:47,320 It did. 315 00:22:47,320 --> 00:22:47,860 It depends. 316 00:22:47,860 --> 00:22:56,950 For example Windows 2000 to it might not work but it will be enough just to put the deposit number of 317 00:22:56,950 --> 00:22:58,900 that vulnerable host. 318 00:22:58,930 --> 00:23:02,890 So I mean the zombie to get it. 319 00:23:02,890 --> 00:23:04,890 You have to and map it. 320 00:23:04,960 --> 00:23:05,830 You can. 321 00:23:05,970 --> 00:23:06,890 We are. 322 00:23:07,300 --> 00:23:14,210 We were trying to to map this IP address so that we can find deposit numbers which are opening. 323 00:23:14,230 --> 00:23:18,190 So if we do we did find a road we would find a D. 324 00:23:18,250 --> 00:23:30,560 We find 4 4 3 0 4 SSL and then we find 6 to 1 for DCP and 9 1 1 9 1 he was a war stuff like that but 325 00:23:31,460 --> 00:23:38,840 it's not the case because how would we know that it is a zombie we can't know that we can't just say 326 00:23:38,840 --> 00:23:46,880 that this IP address we can use it as I door or as a zombie because we don't know if it is you know 327 00:23:46,900 --> 00:23:47,160 we. 328 00:23:47,200 --> 00:23:48,760 No of course not probably. 329 00:23:48,770 --> 00:23:50,960 So yeah we have to find a way to do that. 330 00:23:51,620 --> 00:23:58,780 So what we are going to do we don't put the port number anymore because as we have tried it doesn't 331 00:23:58,780 --> 00:23:59,000 work. 332 00:23:59,030 --> 00:24:05,900 Just just for the sake of this video because we wanted to show you guys maybe many people did just use 333 00:24:05,900 --> 00:24:14,210 it on YouTube or know Jimmy awesome on YouTube but they don't tell you the reason behind same because 334 00:24:14,570 --> 00:24:22,100 if that IP address is a new one to IP address or a few windows 10 or Windows 8 lets say something like 335 00:24:22,100 --> 00:24:29,720 that it won't work because the ISP is already installed there or they might have some kind of firewalls 336 00:24:29,750 --> 00:24:36,280 installed there and then you can't cross the border to get to the victim IP or to get to it to get to 337 00:24:36,280 --> 00:24:39,590 the victim own computer devices. 338 00:24:39,920 --> 00:24:44,150 So let's say or what we can do. 339 00:24:44,420 --> 00:24:52,490 So first thing first we have to find a way to get some IP address see some IP addresses which are which 340 00:24:52,490 --> 00:24:55,100 can act as a zombie to do so. 341 00:24:55,100 --> 00:25:04,760 We just pressed this script wind this clip and map and P D 1 80 and would press it by pressing it you 342 00:25:04,760 --> 00:25:13,700 will you will find error or download a load of a lot of information about it and you might just have 343 00:25:13,940 --> 00:25:21,450 to just look for the ones that say incremental and then just now you press enter after pressing enter. 344 00:25:21,620 --> 00:25:24,140 So everything will be alright. 345 00:25:24,260 --> 00:25:33,140 OK so let's proceed to just show what we are not going to let it scan because it does take time maybe 346 00:25:33,140 --> 00:25:41,640 five minutes or 10 years or probably even more probably for four minutes as well not to be exaggerated. 347 00:25:41,670 --> 00:25:48,190 Yeah but so if you just have to press enter and then wait for the map to just show you the auctions. 348 00:25:48,340 --> 00:25:48,760 OK. 349 00:25:48,860 --> 00:25:55,820 So we just press control seek to control it and then we are going up in order to show you always old. 350 00:25:56,010 --> 00:25:56,420 OK. 351 00:25:56,420 --> 00:25:59,250 So this is always all but let's go to the very beginning. 352 00:25:59,300 --> 00:26:06,750 You see guys it's a lot it's a lot it's a lot it's a lot but so many first positives result as well 353 00:26:07,120 --> 00:26:07,980 so on. 354 00:26:08,210 --> 00:26:11,050 OK now wait a moment. 355 00:26:11,060 --> 00:26:14,360 Let's go up to see where we have begun 356 00:26:20,600 --> 00:26:22,330 Let's Google at Google Earth. 357 00:26:23,060 --> 00:26:24,520 Probably we are next to this. 358 00:26:24,530 --> 00:26:29,970 So we don't know but obviously it shouldn't be that that. 359 00:26:29,970 --> 00:26:36,280 OK so this is what we have type guys so this comment so you type it and then you will get a lot of information. 360 00:26:36,350 --> 00:26:40,400 Now we aren't seeing in maps can we port for blah blah blah. 361 00:26:40,460 --> 00:26:45,740 And that IP address you have to look for here if it is set in sea or if it is incremental or we don't 362 00:26:45,740 --> 00:26:52,320 need that and so we need to see increment or so let's go down to go down one to search for incremental. 363 00:26:52,880 --> 00:26:54,340 So nothing nothing. 364 00:26:54,350 --> 00:26:56,050 Let's go let's go let's go. 365 00:26:56,060 --> 00:26:57,080 So we have OK. 366 00:26:57,140 --> 00:26:58,170 This is when domains. 367 00:26:58,280 --> 00:26:58,630 OK. 368 00:26:58,670 --> 00:27:07,940 So let's go let's go down to see if we will find more incremental service they would want to give. 369 00:27:07,970 --> 00:27:09,440 This one is one of them. 370 00:27:10,220 --> 00:27:11,270 OK let's go. 371 00:27:12,020 --> 00:27:14,710 We should find some not so. 372 00:27:14,770 --> 00:27:18,690 OK so this IP address and Skynet. 373 00:27:18,710 --> 00:27:26,450 And then we have detected that the whole script was old AI IP I.D. sake is incremental. 374 00:27:26,450 --> 00:27:28,580 This is what we need to do. 375 00:27:28,700 --> 00:27:35,110 By the way you're going to try to use this IP address to see if it's really a zombie IP address. 376 00:27:35,240 --> 00:27:37,650 We don't know to which it belongs. 377 00:27:37,820 --> 00:27:40,040 It's just say that here board. 378 00:27:40,880 --> 00:27:44,210 It's not in or network environment at all. 379 00:27:44,240 --> 00:27:48,060 So it is risky but for the sake of view. 380 00:27:48,080 --> 00:27:59,770 So we do we know that it's it's not going to do a black scanning or an illegal scan. 381 00:27:59,780 --> 00:28:06,770 So we are going just to try to use it as a zombie and then to find it to put it to to see if we can 382 00:28:06,770 --> 00:28:08,260 get to a victim IP. 383 00:28:08,320 --> 00:28:19,420 So so we copy it and copy it like that and then we can open up and in a lift but it just does it to 384 00:28:19,600 --> 00:28:21,840 here. 385 00:28:22,260 --> 00:28:24,660 Come on we will pass it here. 386 00:28:24,660 --> 00:28:33,430 And then if we want to copy all this stuff we can just try to do like that and so that we get all the 387 00:28:33,430 --> 00:28:38,060 information because it's a lot of guys so controlling it so impressive. 388 00:28:38,190 --> 00:28:39,360 Hey sit down. 389 00:28:39,400 --> 00:28:39,810 All right. 390 00:28:39,820 --> 00:28:50,750 So now we're going to proceed to them to their command which will allow us to make the ideal scan. 391 00:28:50,890 --> 00:28:51,280 So. 392 00:28:51,280 --> 00:28:51,910 All right. 393 00:28:51,910 --> 00:29:04,780 So now let's type and map and map and minus S minus minus as I said before we can type minus IP network 394 00:29:04,780 --> 00:29:06,750 port number and okay. 395 00:29:06,790 --> 00:29:14,470 So we will use this as port so we copy each control C Okay. 396 00:29:15,000 --> 00:29:25,000 Jose and so we proceed here and then now we are going to use the IP address of Windows 7 mushing that 397 00:29:25,000 --> 00:29:25,970 windows 7 machine. 398 00:29:25,990 --> 00:29:35,680 We have used we have used it in the previous videos of 0 0 of the networks cunning so we can just check 399 00:29:35,680 --> 00:29:36,360 it to see it. 400 00:29:36,370 --> 00:29:42,380 But of course we are in a different environment sort of so the API just might get changed as well. 401 00:29:42,460 --> 00:29:46,260 So but the IP address we have at it for it. 402 00:29:46,270 --> 00:29:48,270 It was let me minimize it. 403 00:29:48,460 --> 00:29:52,510 It was something like let's say the name is John. 404 00:29:52,600 --> 00:30:03,260 So let's it's it's the weeknight that moment who key the name in it is to use easy my book. 405 00:30:03,310 --> 00:30:08,170 No this is to use easy who you want to use is to use z. 406 00:30:08,230 --> 00:30:08,560 Okay. 407 00:30:08,580 --> 00:30:08,840 Okay. 408 00:30:08,860 --> 00:30:11,830 This one so that we're going to use it. 409 00:30:12,010 --> 00:30:19,490 Let's say this we copy copy it and then we persevere there. 410 00:30:19,500 --> 00:30:22,160 So now so you can present it. 411 00:30:22,440 --> 00:30:29,960 And we going to see how would we look like so it will probably take a little more time. 412 00:30:29,960 --> 00:30:34,560 We're going to post the video deceived. 413 00:30:34,650 --> 00:30:36,410 Exactly what we mean. 414 00:30:36,840 --> 00:30:42,230 Because all of them all of the port all of the IP address let me her phone. 415 00:30:42,240 --> 00:30:48,680 Even if they are like incremental what they're all supposed to do. 416 00:30:49,420 --> 00:30:57,990 So what I mean by that to the first positive it's a must is the most critical problem the issue that 417 00:30:57,990 --> 00:31:05,000 we can face when we want to make do a test and I do scan sort of here. 418 00:31:05,410 --> 00:31:06,180 Let's go here. 419 00:31:07,070 --> 00:31:15,610 When I show you as you can see so most of them are first quality the most difficult step when carrying 420 00:31:15,610 --> 00:31:19,020 out in a scan is to find you vulnerable as on board. 421 00:31:19,360 --> 00:31:21,800 We have found no IP address. 422 00:31:21,850 --> 00:31:28,060 We choose your imaging between 1 2 1 6 8 1 and something like that. 423 00:31:28,060 --> 00:31:36,330 We just find many things like one day one you know and much more like it's a one off one five four. 424 00:31:36,360 --> 00:31:37,290 And so and so and so. 425 00:31:37,810 --> 00:31:45,400 So it's a different code to many reasons and different stories and that many ISP broke and this type 426 00:31:45,400 --> 00:31:52,430 of kind of skin and muscle of operating system Windows 8 Windows 7 Windows XP or 2. 427 00:31:52,470 --> 00:32:01,210 So they assign an API you want only there for the file was in honeypot may return as the first positive 428 00:32:02,380 --> 00:32:03,620 so that's why it doesn't work. 429 00:32:03,790 --> 00:32:10,990 So we're going to try to look out with these tools showdown and Festivus Congressman that we can proceed 430 00:32:10,990 --> 00:32:12,340 to day scan. 431 00:32:12,640 --> 00:32:19,280 All right after some time I will come back and then we presenter. 432 00:32:19,350 --> 00:32:23,470 Now here we are after two hours and 37 minutes. 433 00:32:23,490 --> 00:32:30,020 You see now we are on 33 percent if we get these messages this message. 434 00:32:30,020 --> 00:32:35,610 So yeah we still have to wait because we are not even in a half of it. 435 00:32:35,610 --> 00:32:37,930 So let's just wait a moment. 436 00:32:38,010 --> 00:32:44,400 Well it's nice to be a boss you wait you know till we get the results. 437 00:32:44,410 --> 00:32:45,180 So yeah. 438 00:32:45,340 --> 00:32:55,950 Or if you want I would advise you don't put it up to 255 but you can just put it up to one hundred Oh. 439 00:32:55,990 --> 00:32:58,130 From whom. 440 00:32:58,300 --> 00:33:00,160 20 or from 80. 441 00:33:00,220 --> 00:33:06,250 Okay let's see from 80 and to 150 all to fifty five. 442 00:33:06,360 --> 00:33:06,580 Yeah. 443 00:33:11,600 --> 00:33:12,170 All right. 444 00:33:12,170 --> 00:33:19,070 So we can slow the process because it it it takes us too long time. 445 00:33:19,130 --> 00:33:19,940 See. 446 00:33:19,990 --> 00:33:24,630 We have consulted at eight hours and twenty eight minutes. 447 00:33:25,060 --> 00:33:31,470 So for four forty eight minute Prop. 8 percent only. 448 00:33:31,470 --> 00:33:38,720 That means so when you all were wounded 16 hours as we have already said to you guys. 449 00:33:38,760 --> 00:33:46,770 So you know the best thing first is is trying to use the updated version of a new operating system for 450 00:33:46,770 --> 00:33:47,590 example. 451 00:33:47,610 --> 00:33:59,030 You can stop using Windows XP or Windows 98 or 95 because inside these operating systems the ISP dot 452 00:33:59,030 --> 00:34:01,940 Burton doesn't blocks this type of scan. 453 00:34:01,950 --> 00:34:07,520 So that's why it is it is able to make that kind of scan so. 454 00:34:07,530 --> 00:34:16,020 But in Windows 7 or Windows 10 or Windows Vista on Ubuntu they don't allow this kind of scan but for 455 00:34:16,020 --> 00:34:24,240 the sake of this video we are going to showing you how to how it's working in the windows nineteen ninety 456 00:34:24,760 --> 00:34:25,490 five. 457 00:34:26,100 --> 00:34:26,970 But before that. 458 00:34:26,990 --> 00:34:36,600 So as we have said many ISP Brooke these type of scans or what is ISP ISP is the internet services providers. 459 00:34:36,600 --> 00:34:43,050 So nowadays the new operating systems let's say or Ubuntu or Linux. 460 00:34:43,080 --> 00:34:50,220 They block this kind of scan and then even door to find a zombie IP address. 461 00:34:50,280 --> 00:34:52,350 It's very very very difficult. 462 00:34:52,350 --> 00:35:01,320 So while while you're warning your Windows XP or your windows or your Windows 95 so you can train to 463 00:35:01,320 --> 00:35:07,050 find this zombie API IP address there when you trade and it's working. 464 00:35:07,060 --> 00:35:10,080 So now you can it to this kind so that's all you need. 465 00:35:10,110 --> 00:35:17,610 First thing first you need the ideal scan which means that you you have to find a zombie IP address 466 00:35:17,850 --> 00:35:20,460 so that you can hide yourself behind it. 467 00:35:20,460 --> 00:35:21,230 All right. 468 00:35:21,300 --> 00:35:26,270 And mobile phone operating systems assign a p a d o n dumbly. 469 00:35:26,420 --> 00:35:35,010 So that's why we have showed you earlier in video so that in all color UNIX machine there are some there 470 00:35:35,010 --> 00:35:44,550 are some IP addresses which are challenging like or randomize it on increments all the ones that we 471 00:35:44,550 --> 00:35:53,970 need to proceed to the ideas con is the incremental ones because if it is set as IP Ada when normally 472 00:35:54,060 --> 00:36:03,330 it's very very very difficult next to impossible to use that IP address as a zombie IP address configured 473 00:36:03,420 --> 00:36:10,260 firewalls and honey put me return first positive version as well to many server. 474 00:36:10,260 --> 00:36:19,860 Now they have a firewall which is tip between so that when attackers are trying to penetrate to the 475 00:36:19,860 --> 00:36:20,640 system. 476 00:36:20,700 --> 00:36:30,580 So you have to first penetrate to the firewall by the sound of it as good as you set your firewall. 477 00:36:30,600 --> 00:36:33,970 It's the more chance you have to protect yourself. 478 00:36:34,110 --> 00:36:36,750 You know you give some restrictions from your power. 479 00:36:36,750 --> 00:36:44,070 For example you would define some specific MAC address and some specific IP address orange which should 480 00:36:44,070 --> 00:36:47,020 be code by your firewall. 481 00:36:47,050 --> 00:36:54,640 They are for any external IP address which is which is and that belong to your whinge. 482 00:36:54,660 --> 00:36:59,870 They can't penetrate your firewall because your firewall was very well set up by you before. 483 00:36:59,880 --> 00:37:00,110 OK. 484 00:37:00,150 --> 00:37:01,330 So you have to know that. 485 00:37:01,350 --> 00:37:09,120 So let's go into the practice but we will use all Windows 95 and Windows XP so that we can try to find 486 00:37:09,150 --> 00:37:14,620 a zombie if we if we will have chins and to proceed to the demonstration. 487 00:37:15,450 --> 00:37:15,930 All right 488 00:37:18,880 --> 00:37:19,230 OK. 489 00:37:19,300 --> 00:37:19,870 Hold. 490 00:37:20,180 --> 00:37:20,400 OK. 491 00:37:20,420 --> 00:37:24,100 Now we can try to make some configurations into or machine. 492 00:37:24,110 --> 00:37:26,720 So let's try to put it on net operating system. 493 00:37:26,720 --> 00:37:29,240 We don't want to use which add up to now. 494 00:37:29,270 --> 00:37:35,060 So let's make it so that we can set up Windows or Windows machines as well. 495 00:37:36,080 --> 00:37:36,480 OK. 496 00:37:36,560 --> 00:37:38,110 We'll put it on. 497 00:37:38,120 --> 00:37:39,530 Not network. 498 00:37:39,530 --> 00:37:39,930 All right. 499 00:37:39,950 --> 00:37:41,390 Not on the net. 500 00:37:41,720 --> 00:37:42,710 And so we proceed. 501 00:37:42,740 --> 00:37:44,830 And then so it can start cleaning this machine. 502 00:37:44,870 --> 00:37:51,710 So we have had it as a saved version already so we're going to try to just modified a coil and try to 503 00:37:51,710 --> 00:37:52,550 close it. 504 00:37:52,610 --> 00:37:52,840 Yeah. 505 00:37:52,850 --> 00:38:00,730 Because you know so you have to find this way to find the machines which are up. 506 00:38:01,180 --> 00:38:01,680 All right. 507 00:38:01,700 --> 00:38:06,350 So before starting so let's try to reconfigure. 508 00:38:06,680 --> 00:38:14,600 So do this term we know because we don't want it to appear like 1 9 2 because we have change IP address 509 00:38:14,930 --> 00:38:18,170 to be on net network not on which network. 510 00:38:18,500 --> 00:38:20,630 So let's make it here. 511 00:38:20,630 --> 00:38:24,780 So we go to added fiber frenzies. 512 00:38:25,040 --> 00:38:32,280 Carlo let's check white on black white on black clothes. 513 00:38:32,330 --> 00:38:36,840 OK so now we can close this thing know so once they do it doesn't matter what for the sake of this video 514 00:38:36,850 --> 00:38:37,660 is all we are going to. 515 00:38:37,730 --> 00:38:41,360 Just to to restart or carry machine. 516 00:38:41,370 --> 00:38:41,650 OK 517 00:38:49,180 --> 00:38:53,530 now we will use or we not. 518 00:38:53,600 --> 00:39:02,460 We are going to try to find home team members that are on network so we can type if we want and discovery 519 00:39:02,870 --> 00:39:05,900 we can or we can use any map as well. 520 00:39:06,380 --> 00:39:16,800 It means that scum network and then we put this in would slash 24. 521 00:39:16,850 --> 00:39:24,080 That's because or sudden it is 255 255 255. 522 00:39:24,100 --> 00:39:30,300 And so if you look at it you will have to try to type if country. 523 00:39:30,750 --> 00:39:34,550 Oh it's you who's come in for us. 524 00:39:35,260 --> 00:39:43,150 So we was willing to use again and map it into space. 525 00:39:43,150 --> 00:39:50,250 My name is P means put an end network 526 00:39:53,000 --> 00:39:58,630 in then good smart small s big incompetent. 527 00:39:58,710 --> 00:40:00,700 Heidi sky. 528 00:40:01,210 --> 00:40:08,360 Either in here or after you good it is the IP address. 529 00:40:08,380 --> 00:40:18,780 I mean the IP address behind which you can hide yourself and you've been the victim. 530 00:40:19,490 --> 00:40:24,020 And then white I can present or if you want your page to go to a range port. 531 00:40:24,050 --> 00:40:29,180 But for now you can put it days and just wait. 532 00:40:29,420 --> 00:40:33,720 What do we use. 533 00:40:34,480 --> 00:40:45,480 We use when go in motion so that we can of the zombie IP address and try to make it bigger. 534 00:40:45,550 --> 00:40:50,960 KAREN So guy using data. 535 00:40:50,970 --> 00:40:51,630 I don't. 536 00:40:51,660 --> 00:40:52,300 Not. 537 00:40:52,720 --> 00:40:59,070 One hundred and seventeen is 1 1 OK. 538 00:40:59,200 --> 00:41:03,680 Hillary said it must be incremental class. 539 00:41:03,730 --> 00:41:04,560 How. 540 00:41:05,850 --> 00:41:11,900 We have found one or two to number one share in the victim. 541 00:41:13,030 --> 00:41:14,030 OK. 542 00:41:14,460 --> 00:41:15,140 Why not. 543 00:41:16,500 --> 00:41:27,480 We don't care because even if the victim so kind of 40s or ideas detection file we never know that the 544 00:41:27,480 --> 00:41:29,030 attack was from us. 545 00:41:29,040 --> 00:41:35,580 I mean from the prom or machine cause we we hide said it is only 546 00:41:38,430 --> 00:41:40,580 now we can try to do just this. 547 00:41:40,610 --> 00:41:48,540 Our ob gyn put it could put a specific number so it's in the range. 548 00:41:48,560 --> 00:41:57,830 No you'll find on in report which are between 20 and 100 so let's check it out this week. 549 00:41:57,980 --> 00:41:59,980 This is the language that we find here. 550 00:42:00,770 --> 00:42:03,300 And this indicated might be all right. 551 00:42:03,830 --> 00:42:04,770 So now we can present a 552 00:42:08,290 --> 00:42:18,590 let's say it will not show any number like 4 6 4 4 4 5 3 8 9. 553 00:42:19,250 --> 00:42:27,230 You see everything in Xinjiang between 20 and 200. 554 00:42:28,100 --> 00:42:31,110 If you want we can find. 555 00:42:31,310 --> 00:42:34,870 It is how the process is working. 556 00:42:35,100 --> 00:42:46,940 By sending packet in which three kids can try out in the type pocket traits which really show us and 557 00:42:47,000 --> 00:42:50,260 tell me not to process. 558 00:42:50,280 --> 00:42:58,830 Okay so so as you say so this is how the process went in. 559 00:42:58,830 --> 00:43:00,320 That is really important. 560 00:43:00,350 --> 00:43:12,090 It puts the packet which we're sending a team from the US only to see that there is no communication 561 00:43:12,600 --> 00:43:15,150 between the distorted print. 562 00:43:15,150 --> 00:43:24,740 I mean if the attacker and different communication communications we show their attacker is only his 563 00:43:24,770 --> 00:43:28,980 own attacker in the zombie victim victim his own. 564 00:43:29,370 --> 00:43:33,000 You can never find a victim to the attacker. 565 00:43:33,020 --> 00:43:34,230 Never. 566 00:43:34,360 --> 00:43:43,580 That's how can you lose these fabulous can to hide themselves between now the IP address 567 00:43:50,460 --> 00:43:55,210 is on me to attacker only to victim. 568 00:43:55,360 --> 00:44:00,960 And again it would define attacker to zombie. 569 00:44:01,160 --> 00:44:03,950 So that's how it's working guys. 570 00:44:03,950 --> 00:44:10,740 So we just wanted to show it to you because for the sake of this video but not nowadays. 571 00:44:10,820 --> 00:44:20,940 So this kind of scan that's so powerful because so many new operating systems so they have a really 572 00:44:20,940 --> 00:44:28,320 was set of ISP so something like that and firewall is only make use violence in that. 573 00:44:28,350 --> 00:44:32,990 So that gun can be eliminated totally. 574 00:44:33,030 --> 00:44:33,600 OK. 575 00:44:33,720 --> 00:44:34,980 Thank you. 576 00:44:34,980 --> 00:44:36,200 See you in the next video.