1 00:00:00,090 --> 00:00:01,140 All right, welcome back, everyone. 2 00:00:02,310 --> 00:00:10,170 And before we get started to the real lab, the demo, in fact, of Reflected Exercice Adak, let's 3 00:00:10,170 --> 00:00:12,600 understand how our lab really looks like. 4 00:00:13,300 --> 00:00:17,820 OK, so in our lab setup, we have our system and platform. 5 00:00:17,820 --> 00:00:24,070 An IP address platform is basically the operating system and the system could be any tool that I'm dropping 6 00:00:24,070 --> 00:00:24,360 about. 7 00:00:25,020 --> 00:00:28,290 So we'll be making use of beef in our case. 8 00:00:28,710 --> 00:00:37,440 And beef is the exploitation tool, browser exploitation tool, basically, which we will be making 9 00:00:37,440 --> 00:00:37,920 use of. 10 00:00:38,250 --> 00:00:39,420 Let me tell you something. 11 00:00:39,720 --> 00:00:44,970 I will not be making use of legacy method of showing you. 12 00:00:45,240 --> 00:00:48,160 I will not be using it personally to show you, OK? 13 00:00:48,180 --> 00:00:49,470 It is getting compromised. 14 00:00:49,520 --> 00:00:56,460 OK, see, we are getting the code, you know, JavaScript back and all the stuff will be making the 15 00:00:56,460 --> 00:01:04,440 situation as if it's a real attack happening from the victim to the attacker to the actual vulnerable 16 00:01:04,440 --> 00:01:04,740 side. 17 00:01:05,280 --> 00:01:15,000 So I want you to look and feel the what exactly happening from the hacker and victim and the website 18 00:01:15,000 --> 00:01:17,450 point of view, vulnerable website point of view. 19 00:01:18,210 --> 00:01:23,190 So will be make use of browser exploitation framework. 20 00:01:23,500 --> 00:01:24,450 That's beef. 21 00:01:24,810 --> 00:01:28,740 And that's basically a tool which is a part of Khaleel Index. 22 00:01:29,190 --> 00:01:36,230 So if it is not, I guess with 20/20, it's not really clearly 20/20, it's not a part of it. 23 00:01:36,250 --> 00:01:44,430 So in fact, you can install it, but it will be and it will be downloaded and installed on your system. 24 00:01:44,820 --> 00:01:48,770 The IP address in our lab is standard 0.01, not six. 25 00:01:49,350 --> 00:01:53,700 Then we have a victim of will be make use of the latest system. 26 00:01:53,700 --> 00:01:57,240 We will not be using the machine, maybe Windows seven. 27 00:01:57,250 --> 00:01:58,440 We stand all the time. 28 00:01:58,440 --> 00:01:58,680 Right. 29 00:01:58,740 --> 00:02:00,160 Not even XP for sure. 30 00:02:00,870 --> 00:02:07,950 Um, so will be making use of Windows 10 here, the upgraded machine with bad system antivirus running 31 00:02:07,950 --> 00:02:08,400 into it. 32 00:02:08,820 --> 00:02:13,070 The IP address of the largest of the Windows 10 would be done door to door. 33 00:02:13,110 --> 00:02:19,290 To understand why I'm telling you this IP address so that when we make use of the lab, you understand 34 00:02:19,290 --> 00:02:20,500 where exactly we are going. 35 00:02:20,530 --> 00:02:20,790 Right. 36 00:02:21,700 --> 00:02:29,460 And then we have the way that's basically part of all that's BWV os BWV. 37 00:02:29,880 --> 00:02:39,510 It's basically a Linux platform, which is being which is a project by by Overspread, which is a broken 38 00:02:39,510 --> 00:02:46,980 web application and a DB W8 just one of these subprojects subtable, which is the down vulnerable web 39 00:02:46,980 --> 00:02:47,570 application. 40 00:02:48,000 --> 00:02:56,820 So when we look at the BBWAA BVA Broken Web application, there are a set of tools into a set of infected 41 00:02:56,820 --> 00:02:59,960 application, infected or vulnerable web application. 42 00:03:00,450 --> 00:03:02,310 David W.A. is one of them. 43 00:03:02,470 --> 00:03:06,530 Right, and I'll show you when we started installing them. 44 00:03:07,050 --> 00:03:10,530 So the IP address for this is standard product one, two, six. 45 00:03:10,920 --> 00:03:17,150 Let's look at how exactly it would really look in the lab. 46 00:03:17,190 --> 00:03:22,710 So this is how the laboratory looks like the beef would be used by the hacker in the candy machine. 47 00:03:23,250 --> 00:03:25,590 Windows 10 would be, of course, over the machine. 48 00:03:26,190 --> 00:03:31,930 Who would be receiving the e-mail to you can get the idea will be in the windows, then looking at the 49 00:03:31,950 --> 00:03:39,290 mail will be clicking on and on and on content or phishing email and will be redirected to the W.A. 50 00:03:39,630 --> 00:03:45,540 So mostly will be on the windows then to see how we are getting compromised from the victim point of 51 00:03:45,540 --> 00:03:51,960 view, from the hacking point of view, will be working on the PIF, will be there on the tool to see 52 00:03:51,960 --> 00:04:01,260 what exactly user is doing and how we can compromise the user by by making use of many of the escalation 53 00:04:01,260 --> 00:04:03,710 or many of the social engineering tools as well. 54 00:04:03,720 --> 00:04:04,040 Right. 55 00:04:04,320 --> 00:04:10,740 And the VW is, of course, just an infected application where the output sanitisation is not really 56 00:04:10,740 --> 00:04:11,190 happening. 57 00:04:11,340 --> 00:04:11,670 All right. 58 00:04:11,970 --> 00:04:17,670 So I hope you got the area and the lab said it was clear to you I will get you in the next session. 59 00:04:17,670 --> 00:04:24,120 We will get started with the real real demo for the reflective garrotted scripting in that. 60 00:04:24,310 --> 00:04:24,690 All right. 61 00:04:24,990 --> 00:04:25,410 Thank you.