1
00:00:00,060 --> 00:00:01,390
All right, so welcome back, everyone.

2
00:00:01,410 --> 00:00:04,770
This is a nation the session is about relaunching the beat.

3
00:00:05,130 --> 00:00:06,000
Let's get started.

4
00:00:06,900 --> 00:00:16,230
OK, so let's go to our candy machine, because that's where the all the magic happens will have to

5
00:00:16,230 --> 00:00:18,150
launch the dominant first.

6
00:00:18,540 --> 00:00:20,970
Let's get access as a route.

7
00:00:25,010 --> 00:00:25,830
Oh, sorry.

8
00:00:27,870 --> 00:00:28,800
That's bad.

9
00:00:29,520 --> 00:00:30,390
All right, wonderful.

10
00:00:30,660 --> 00:00:37,710
So we got the access and now first thing that you need to do is you need to install the beep on your

11
00:00:37,710 --> 00:00:38,210
system.

12
00:00:38,910 --> 00:00:48,720
And to do that, what you have to do is you can straight away make use of a BP package manager and install

13
00:00:48,720 --> 00:00:49,710
the beef right away.

14
00:00:50,490 --> 00:00:52,440
In my case, it's already installed.

15
00:00:52,440 --> 00:00:59,700
So it should be showing me as beef is already with the newest version and I should be good enough with

16
00:00:59,700 --> 00:00:59,850
it.

17
00:01:00,660 --> 00:01:07,530
Another way is you can clone the package from the GitHub site itself so you can go to the GitHub.

18
00:01:07,580 --> 00:01:11,430
Such for beef, that's where you get the dibs.

19
00:01:11,760 --> 00:01:18,750
I mean, basically the you don't get file, you can make use of get blown and get to command and that

20
00:01:18,750 --> 00:01:20,740
file, that package will be installed.

21
00:01:20,970 --> 00:01:21,370
All right.

22
00:01:21,720 --> 00:01:22,870
So this is pretty quick.

23
00:01:23,220 --> 00:01:23,980
Now let's go.

24
00:01:25,140 --> 00:01:29,520
Once you do this, the package will because we are in route a route directly.

25
00:01:29,820 --> 00:01:33,460
So the package is supposed to be in the room itself.

26
00:01:33,480 --> 00:01:36,220
And this is what the package really looks like, the beef.

27
00:01:36,780 --> 00:01:39,480
Now, we have to get into this.

28
00:01:41,490 --> 00:01:46,740
I'm sorry, we have to get into this, but.

29
00:01:51,260 --> 00:01:57,890
In this victory, and you see, once you get this, you have to install and you have to initiate the

30
00:01:57,890 --> 00:02:02,750
installation of it for four installation, too, you need to be initiated.

31
00:02:02,750 --> 00:02:07,690
We have to make use of a script, which is this one installed script.

32
00:02:07,700 --> 00:02:11,390
You can do this by this.

33
00:02:11,720 --> 00:02:19,280
And the moment you do that will be getting started now, because in my case, it's already done.

34
00:02:19,280 --> 00:02:23,390
It just it's just auto it just get auto completed.

35
00:02:23,690 --> 00:02:29,780
You don't have to do anything with it because in my case I have already completed I can do no.

36
00:02:29,780 --> 00:02:30,560
And Gummow.

37
00:02:31,010 --> 00:02:36,350
Now, once the installation is complete, you have to launch the dashboard.

38
00:02:36,350 --> 00:02:36,670
Right.

39
00:02:37,040 --> 00:02:40,170
But beef won't allow you to access it.

40
00:02:40,400 --> 00:02:41,210
So let me show you.

41
00:02:41,810 --> 00:02:46,220
I have once it is done, I have to be in the same directory.

42
00:02:46,580 --> 00:02:53,630
And if I show you in the same direction, it said we made use of install in order to launch, we have

43
00:02:53,630 --> 00:02:55,890
to made you make use of beef as well.

44
00:02:55,970 --> 00:02:58,560
So I make use of dogs.

45
00:02:58,760 --> 00:03:00,170
Beef that again a script.

46
00:03:00,380 --> 00:03:05,610
Once I hit that hit Enter the beef will be initiated, will be launched as well.

47
00:03:05,930 --> 00:03:12,890
Now if it, if it's the first time you are doing this, you would be getting an error saying that change

48
00:03:12,890 --> 00:03:13,970
the default password.

49
00:03:14,690 --> 00:03:17,680
I mean, if you don't do that, the beef won't be initiated.

50
00:03:18,230 --> 00:03:20,240
How how can you change the password then?

51
00:03:20,900 --> 00:03:24,950
What you can do is you can go to the config script.

52
00:03:24,960 --> 00:03:27,860
This is the file where all the settings are really the sites.

53
00:03:28,190 --> 00:03:32,990
So you can do Nanoha and can fake one script.

54
00:03:32,990 --> 00:03:38,000
And once you go and do it, this is where the credentials are defined.

55
00:03:38,000 --> 00:03:39,350
Usually does bbf.

56
00:03:39,350 --> 00:03:44,240
I have Gene to Roger, Roger, you can come out and that's easy.

57
00:03:44,630 --> 00:03:45,560
That's what it is.

58
00:03:45,860 --> 00:03:54,290
Once you do that then you can again go make use of that dart slash beef and beef will be initiated by

59
00:03:54,350 --> 00:03:59,720
the beef tool, will take some time to load the package and then only it will get started with it.

60
00:04:00,350 --> 00:04:00,790
All right.

61
00:04:00,800 --> 00:04:02,780
Oh, we have some error here.

62
00:04:03,200 --> 00:04:03,860
Look at this.

63
00:04:04,100 --> 00:04:10,880
This might might occur and many of the situation and not just in case of beef, many other cases as

64
00:04:10,880 --> 00:04:11,070
well.

65
00:04:11,180 --> 00:04:18,530
So it seems like there is some process running or I might have tried earlier as well because of that.

66
00:04:18,530 --> 00:04:26,030
There is still some those same same process or some services running on the same border.

67
00:04:26,040 --> 00:04:31,460
So what you can do is you can search for what exactly the process item.

68
00:04:31,670 --> 00:04:36,620
OK, if there is any duplicate process already on the same board, I haven't really done so.

69
00:04:36,620 --> 00:04:38,800
We have to kill the process.

70
00:04:39,650 --> 00:04:43,160
So how how we identify which process already has a trouble.

71
00:04:43,400 --> 00:04:49,400
So to be very honest, you won't find, you know, regularly this problem.

72
00:04:49,730 --> 00:04:53,120
You'll find it when you make use of it very often.

73
00:04:53,150 --> 00:05:00,770
OK, so what you can do is you can simply go to and get the idea about what is the what is the number

74
00:05:00,770 --> 00:05:09,500
to it so you can make Gewgaws of l'Est Hellersdorf and then make use of minus T minus and you can define

75
00:05:09,770 --> 00:05:11,780
which is the process identifier.

76
00:05:12,020 --> 00:05:18,200
In our case we have a trouble with three thousand so we can mention about three thousand board number.

77
00:05:18,470 --> 00:05:22,280
This will give us this will give us the process idea of three thousand four.

78
00:05:23,430 --> 00:05:25,970
Oh we have some chop.

79
00:05:25,970 --> 00:05:30,350
OK, sorry I it has to be minus I to wonderful.

80
00:05:30,530 --> 00:05:31,760
So this is the process.

81
00:05:32,690 --> 00:05:35,720
Once you get the process already we have to tell this process.

82
00:05:35,990 --> 00:05:40,150
OK, so once we cleared Gilda's we can initiate decision.

83
00:05:40,820 --> 00:05:47,210
So in order to do this we can make use of command kill and then the minus nine.

84
00:05:47,210 --> 00:05:52,220
That's the idea for killing the process idea and then define what is the process.

85
00:05:52,220 --> 00:05:55,770
Say no to the string to fight them once you hit, enter.

86
00:05:56,240 --> 00:05:58,010
Now, this process already has been carried.

87
00:05:58,460 --> 00:06:02,810
And now one, you can try making use of the beef command again.

88
00:06:02,810 --> 00:06:04,370
And it worked this time.

89
00:06:04,370 --> 00:06:07,370
Let's beef is loading.

90
00:06:07,550 --> 00:06:09,890
Wait for wait a few seconds.

91
00:06:10,730 --> 00:06:11,240
Lovely.

92
00:06:12,590 --> 00:06:13,880
It worked all right.

93
00:06:14,840 --> 00:06:15,130
Huh.

94
00:06:15,590 --> 00:06:22,070
So now you can see beef is giving some information about it, right.

95
00:06:22,070 --> 00:06:23,780
There are three zero five modules.

96
00:06:23,900 --> 00:06:29,060
April eight Xingjian enable events proxy admin UI.

97
00:06:29,090 --> 00:06:37,070
This is what we are looking for, to control everything from farm control, everything about the user

98
00:06:37,070 --> 00:06:41,270
activity or post exploitation activity and everything.

99
00:06:41,270 --> 00:06:43,130
So we need to have the admin UI.

100
00:06:43,610 --> 00:06:46,310
There are some social engineering packages as well.

101
00:06:46,940 --> 00:06:48,530
Crosseyed scripting RES.

102
00:06:49,390 --> 00:06:54,790
Many of the staff, there's one more thing which is needed, the malicious script.

103
00:06:55,270 --> 00:07:01,900
We need to have the script that we can, you know, that we can make use of it and give it to the victim

104
00:07:01,900 --> 00:07:02,310
machine.

105
00:07:02,500 --> 00:07:09,370
If you remember the example, we made an email right now, phishing e-mail, which was getting the JavaScript

106
00:07:09,370 --> 00:07:10,270
code into it.

107
00:07:10,780 --> 00:07:15,600
Now, this is something that we we will be building, building up beef tool.

108
00:07:15,940 --> 00:07:17,070
And this is what it is.

109
00:07:17,080 --> 00:07:18,920
It is basically the hook you are.

110
00:07:19,660 --> 00:07:22,520
So this is what we'll be hooking to the user.

111
00:07:22,540 --> 00:07:25,160
It will be injecting this JavaScript to the user.

112
00:07:25,810 --> 00:07:30,230
And this is the dashboard we need to get access to.

113
00:07:30,280 --> 00:07:30,580
Right.

114
00:07:31,330 --> 00:07:36,760
So unless you don't change the password, if you remember, you won't be getting the access to the UI

115
00:07:39,400 --> 00:07:40,300
at CDB.

116
00:07:40,960 --> 00:07:43,040
It's not actually as yet.

117
00:07:43,690 --> 00:07:48,370
And then you define, oh, in this is because we are on the local system itself.

118
00:07:48,380 --> 00:07:56,040
You can make yourself one twenty seven zero zero zero one zero zero one and three thousand port.

119
00:07:56,050 --> 00:08:00,130
And then we have UI and UI directly.

120
00:08:00,130 --> 00:08:07,400
And then panel, let's say you can make use of the same password.

121
00:08:07,840 --> 00:08:08,370
Lovely.

122
00:08:08,830 --> 00:08:15,520
You could see, you could see the dashboard is open and it is full of information.

123
00:08:15,550 --> 00:08:18,720
You can see the logs, zombies and everything.

124
00:08:18,730 --> 00:08:18,960
Right.

125
00:08:19,270 --> 00:08:23,920
These are some of the offline devices, devices which are no longer associated.

126
00:08:24,280 --> 00:08:31,000
Once you have the JavaScript code being used, you could see all the devices online, you know, made

127
00:08:31,000 --> 00:08:31,510
use of them.

128
00:08:32,110 --> 00:08:34,680
So this is the malicious script.

129
00:08:35,560 --> 00:08:41,210
If somebody click on this link, they get compromised that I'll show you how exactly.

130
00:08:41,980 --> 00:08:48,720
So even if somebody tried to click on this link directly, I should be getting their access right.

131
00:08:50,860 --> 00:08:56,260
Let me go back and let me open up the machine.

132
00:08:56,650 --> 00:09:01,280
This is not the real attack at this point because we'll have to make it more realistic.

133
00:09:01,570 --> 00:09:03,150
I'm just giving you an example.

134
00:09:04,270 --> 00:09:11,210
So even if somebody tried to, let's say, access the stability of CTP

135
00:09:13,510 --> 00:09:24,100
and because this this is the we have to make use of the network IP address in this case, then the reason

136
00:09:24,100 --> 00:09:27,970
is this has to be network discovery.

137
00:09:27,970 --> 00:09:35,260
If somebody is trying to access the any site being in the global system, the local host are 147 zero

138
00:09:35,260 --> 00:09:35,950
zero one.

139
00:09:35,960 --> 00:09:41,770
That would be helpful if somebody access from this another host the real IP address, the network IP

140
00:09:41,770 --> 00:09:45,630
address is needed and that's the real network IP address you can see over here.

141
00:09:46,060 --> 00:09:49,440
And then we can define hope dog G.S..

142
00:09:49,510 --> 00:09:49,780
Right.

143
00:09:50,300 --> 00:09:51,520
Once you hit enter.

144
00:09:52,930 --> 00:09:58,390
And this would probably be, you know, this would probably be injected into the system.

145
00:09:58,390 --> 00:10:05,880
And this is the way the system, you know, the actors JavaScript get inserted into the platform itself.

146
00:10:06,460 --> 00:10:08,650
And if you could see.

147
00:10:13,140 --> 00:10:19,470
Although it says there's an error and time, error and everything, this is what we'll be inserting

148
00:10:19,470 --> 00:10:20,970
into the real system itself.

149
00:10:21,000 --> 00:10:26,490
OK, so what we made use of is this this who dodgiest file.

150
00:10:26,820 --> 00:10:31,060
And once we tried doing it directly on the browser, it didn't work.

151
00:10:31,170 --> 00:10:31,860
You see this?

152
00:10:32,910 --> 00:10:34,350
Do you want to save this file?

153
00:10:34,350 --> 00:10:37,890
Because this is considering as a file in that case.

154
00:10:38,190 --> 00:10:42,210
So that's why I will be making use of it on a site.

155
00:10:42,330 --> 00:10:44,880
That's why we need a vulnerable site to be accessed.

156
00:10:45,210 --> 00:10:52,530
Because if you see if the user is directly getting the JavaScript file and putting on the URL, it's

157
00:10:52,530 --> 00:10:55,240
not really going to work because this would be taken as a file.

158
00:10:55,950 --> 00:11:03,210
What is really needed, if you remember the example, we need the real well, vulnerable site which

159
00:11:03,210 --> 00:11:09,090
takes the data and give you as it is, throw it as it is, reflected Asmodeus.

160
00:11:09,390 --> 00:11:12,360
That's why I will be making use of DV DPW.

161
00:11:12,610 --> 00:11:21,900
In our case, there will be there will be throwing the same JavaScript code to the Web site, to our

162
00:11:21,900 --> 00:11:27,970
vulnerable site so that it will reflect back to the machine and that's how the system get compromised.

163
00:11:28,260 --> 00:11:33,890
So I hope you got the idea that this is not the way we'll be inserting the code directly into the browser.

164
00:11:34,770 --> 00:11:35,540
You got the idea.

165
00:11:35,540 --> 00:11:41,520
And this is not the way will be directly inserting into the browser, rather, will be inserting on

166
00:11:41,780 --> 00:11:49,200
on to the infected site by the machine directly and will see what the response comes back.

167
00:11:49,230 --> 00:11:49,640
All right.

168
00:11:50,070 --> 00:11:54,900
So let's get started with our lab in the next session and really capture this and think you.