1 00:00:00,090 --> 00:00:01,380 All right, so welcome back, everyone. 2 00:00:01,410 --> 00:00:08,040 This is a speech and the session is about, again, the demo, the real time hack of LinkedIn accountants 3 00:00:08,280 --> 00:00:14,670 or I would say LinkedIn account takeover or hijack using beef and be back earlier. 4 00:00:14,670 --> 00:00:22,800 We have seen how we made it possible with beef and DPW, where I hope you're getting the purpose of 5 00:00:22,800 --> 00:00:30,600 DPW will be vapid just to me, just to make sure we have an infected website where there is no control 6 00:00:30,600 --> 00:00:36,370 over the data going outside of its perimeter of Facebook, in fact. 7 00:00:36,750 --> 00:00:42,510 OK, let's let's get our let's get our Carly ready. 8 00:00:42,690 --> 00:00:43,580 This is O'Kelley. 9 00:00:43,950 --> 00:00:48,050 And as you can see, the article has been started. 10 00:00:48,060 --> 00:00:52,720 So I, I, I hope you got the idea so far. 11 00:00:53,190 --> 00:00:55,360 First of all, you need to go to the beef. 12 00:00:55,740 --> 00:00:57,360 That's where you have your package. 13 00:00:57,510 --> 00:01:01,740 And from there you can run the beef script so that your beef get the launch. 14 00:01:02,160 --> 00:01:09,810 And once it is started, then you can go to the browser, you can go to the browser and that's where 15 00:01:09,810 --> 00:01:15,000 you can type your you know, that's where you can log into your UI. 16 00:01:18,570 --> 00:01:19,020 All right. 17 00:01:19,050 --> 00:01:21,930 So as of now, there's no online browser. 18 00:01:22,650 --> 00:01:23,310 Exactly. 19 00:01:23,310 --> 00:01:24,480 And it is as it is. 20 00:01:24,480 --> 00:01:29,340 And now we need some online browser at this moment will go to war with the machine. 21 00:01:29,370 --> 00:01:30,630 This is our Victor machine. 22 00:01:30,630 --> 00:01:34,230 And from there we launched the browser. 23 00:01:34,650 --> 00:01:40,420 And in this case, because we need do we need to compromise the what we call. 24 00:01:43,620 --> 00:01:49,220 We need to we need to we are making use of Beevor, which is the infected site in our case. 25 00:01:49,590 --> 00:02:00,420 So let's login to the OS, BWV and this is of SPW, what you see on the bottom over here, OK, and 26 00:02:00,420 --> 00:02:05,330 over there we have got multiple website, multiple wonderful links of the websites. 27 00:02:05,790 --> 00:02:08,360 I remember this is this is all hosted. 28 00:02:08,760 --> 00:02:15,970 This is all combined and hosted in OS BWV projects where you find all this packages available. 29 00:02:16,180 --> 00:02:23,880 So let's login to be VAP and the default credential is B, but all right, let's login. 30 00:02:24,180 --> 00:02:31,980 And now it's completely a simulation, not a kind of simulation where it is already infected so you 31 00:02:31,980 --> 00:02:35,490 can select your desired testing. 32 00:02:35,490 --> 00:02:37,710 So we would like to test affected exercise. 33 00:02:37,710 --> 00:02:45,810 Right, so we can make use of reflected get reflected exercice crossette scripting and get response. 34 00:02:46,410 --> 00:02:51,290 And that's where you can test yourself in fact any script. 35 00:02:51,300 --> 00:02:53,340 So let's say I test a simple script. 36 00:02:57,330 --> 00:03:04,800 C My idea is not to test something really simplistic or something which doesn't doesn't require it in 37 00:03:04,800 --> 00:03:12,600 the real world, although we might be taking help of initially, we might be making use of some basic 38 00:03:12,600 --> 00:03:17,280 tools some time just to make sure you understand how it really works. 39 00:03:17,280 --> 00:03:19,470 And the basic what the rest everything. 40 00:03:19,470 --> 00:03:26,430 It's all a continuous job of finding vulnerabilities so that you can move to move to and start compromising 41 00:03:26,430 --> 00:03:28,430 the latest platform as well. 42 00:03:28,440 --> 00:03:34,680 So let's see if we're testing on, i.e. at this moment, we can learn to test or learn to test the same 43 00:03:34,680 --> 00:03:37,390 thing with Chrome and Microsoft each as well. 44 00:03:37,920 --> 00:03:44,870 First of all, we need to see how exactly the method really works and then we can go at with the other 45 00:03:44,880 --> 00:03:46,280 other market leaders as well. 46 00:03:46,370 --> 00:03:46,630 Right. 47 00:03:47,280 --> 00:03:49,470 And then you can type anything into it. 48 00:03:49,470 --> 00:03:50,300 And let's see if. 49 00:03:50,610 --> 00:03:51,370 Oh, wonderful. 50 00:03:51,690 --> 00:03:58,440 So you see, we have just submitted some information to be VAP and it is giving the same script back 51 00:03:58,440 --> 00:04:00,610 to us as a part of effective exercise. 52 00:04:01,650 --> 00:04:06,760 This means it has a one ability and we are sure that this hack would be successful. 53 00:04:07,020 --> 00:04:07,370 All right. 54 00:04:08,310 --> 00:04:09,420 So let's get started. 55 00:04:09,990 --> 00:04:11,730 We have our hooked. 56 00:04:11,740 --> 00:04:14,790 Yes, OK, this is our juice. 57 00:04:14,790 --> 00:04:21,210 This is what we have to submit it to the beat at the infected site. 58 00:04:22,860 --> 00:04:24,480 Let's again create this script. 59 00:04:26,550 --> 00:04:29,610 Sorry and 60 00:04:32,790 --> 00:04:33,510 sorry. 61 00:04:33,530 --> 00:04:35,190 This is my bad. 62 00:04:36,030 --> 00:04:39,210 And we need to define the you are l. 63 00:04:44,020 --> 00:04:51,790 And then the IP address of the beef, which is 10, then, sorry, go and three thousand. 64 00:04:53,280 --> 00:04:54,390 Stasch. 65 00:04:58,040 --> 00:05:05,870 That is right, and that's any random number doesn't matter just that we have to feed, so you have 66 00:05:05,870 --> 00:05:07,070 to summon something. 67 00:05:07,100 --> 00:05:11,630 OK, now we have we have the scripts reading the figures. 68 00:05:12,110 --> 00:05:14,510 What is exactly going to happen at the moment? 69 00:05:14,510 --> 00:05:15,720 I click on Go. 70 00:05:15,770 --> 00:05:20,090 The JavaScript code will be submitted to Webapp. 71 00:05:20,750 --> 00:05:26,750 And because it is a redirection, I mean, because that is a redirection to this you warrant. 72 00:05:26,790 --> 00:05:33,590 So this request will be going to beef and that's why that's how the beef get directly beef. 73 00:05:33,920 --> 00:05:36,650 Establish the connection with the victim machine directly. 74 00:05:36,740 --> 00:05:41,540 OK, let's move on to let's see if we are getting the request. 75 00:05:41,990 --> 00:05:45,560 Establish an online browser on beef system. 76 00:05:48,390 --> 00:05:52,960 We'll probably have to wait all while wonderful, you could see it has been successful. 77 00:05:52,980 --> 00:05:58,110 We could see the what was earlier offline browser. 78 00:05:58,110 --> 00:06:00,560 Now that looks like online browser. 79 00:06:00,690 --> 00:06:06,150 You see this now what we have done earlier, we can try the same thing. 80 00:06:06,150 --> 00:06:08,900 In fact, we can do it with Langdon. 81 00:06:08,910 --> 00:06:13,820 Of course, as a part of it, we can do it with LinkedIn because the session is about that. 82 00:06:14,250 --> 00:06:19,130 But you can also drive at Facebook the way we have tried earlier, that this is what it is. 83 00:06:19,140 --> 00:06:19,590 And 84 00:06:22,470 --> 00:06:27,210 so this again, gives you the idea about the system is the same system. 85 00:06:27,220 --> 00:06:30,330 So we have information about the system, Mozilla and whatnot. 86 00:06:31,080 --> 00:06:33,570 Come on, let's go for social engineering. 87 00:06:33,570 --> 00:06:38,840 And then I hope you remember the green is for exploitable and unpredictable. 88 00:06:39,270 --> 00:06:41,070 What do you see in the oranges? 89 00:06:41,070 --> 00:06:43,720 Exploitable, but maybe detected by the users. 90 00:06:43,790 --> 00:06:48,260 Red is something which is not cannot be done for sure. 91 00:06:48,270 --> 00:06:51,940 And if you find some green, this means it's not really recognized. 92 00:06:52,530 --> 00:06:55,710 So let's go to petty theft. 93 00:06:55,710 --> 00:06:57,890 And from there we are. 94 00:06:58,800 --> 00:07:02,100 Let's first test with me Willingdon. 95 00:07:02,130 --> 00:07:05,880 OK, but then you test what is the backing. 96 00:07:06,270 --> 00:07:13,240 If you want to define some custom logo or something for any specific website, you can do that. 97 00:07:13,410 --> 00:07:21,080 The purpose is you can have any one horrible site, some user go there, user get redirected to any 98 00:07:21,090 --> 00:07:23,670 email or phishing email that you sent him across. 99 00:07:24,090 --> 00:07:27,360 From there, it submits to JavaScript to this vulnerable site. 100 00:07:27,630 --> 00:07:34,250 You get the response back as a JavaScript and from after noun words, the user is completely in control. 101 00:07:34,620 --> 00:07:38,100 Now, whatever we are doing, it's all post exploitation activity. 102 00:07:38,430 --> 00:07:44,670 So now you can completely control the user machine by sending any popup off, maybe LinkedIn or maybe 103 00:07:44,670 --> 00:07:50,160 Facebook saying that, okay, listen, your Facebook account has been locked out or, you know, in 104 00:07:50,160 --> 00:07:56,850 order to proceed further, let's log into your Google account or LinkedIn account and then user go ahead 105 00:07:56,850 --> 00:07:59,550 and submit the information and submit the credential. 106 00:07:59,550 --> 00:08:02,730 And we're supposed to get it on our beep system. 107 00:08:03,000 --> 00:08:03,870 Let's try it out. 108 00:08:06,120 --> 00:08:06,630 Wonderful. 109 00:08:06,660 --> 00:08:15,210 You see, we have just executed this LinkedIn and user get a prompt for LinkedIn that has teamed up 110 00:08:15,570 --> 00:08:16,230 for LinkedIn. 111 00:08:16,230 --> 00:08:16,520 Right. 112 00:08:16,830 --> 00:08:23,860 And let's say we do it for test and the regime and dot com and maybe password estis. 113 00:08:24,410 --> 00:08:30,840 OK, and let's Sinon, nothing happened, but something happened here. 114 00:08:31,920 --> 00:08:32,640 But see. 115 00:08:33,690 --> 00:08:34,140 Lovely. 116 00:08:34,830 --> 00:08:39,560 Can you see this, this Saiz answer is yes. 117 00:08:39,570 --> 00:08:40,950 Aderet G.M. dot com. 118 00:08:40,950 --> 00:08:45,140 And the password is this is really cool, right. 119 00:08:45,210 --> 00:08:49,410 This is how the account can be taken into account. 120 00:08:49,410 --> 00:08:50,930 Can be compromised for LinkedIn. 121 00:08:51,360 --> 00:08:53,000 I mean, not just for LinkedIn. 122 00:08:53,010 --> 00:08:56,410 In fact, this can be even done for Facebook as well. 123 00:08:56,430 --> 00:09:05,830 You can even execute a game for the Facebook and you can see it's working very so best one maybe or 124 00:09:06,330 --> 00:09:12,930 two at G.M. dot com password could be test one, two, three. 125 00:09:13,470 --> 00:09:16,830 That login didn't work again. 126 00:09:17,280 --> 00:09:19,980 But did it did we get the response. 127 00:09:21,040 --> 00:09:21,920 Yes, that's right. 128 00:09:22,440 --> 00:09:23,700 I hope you got the idea. 129 00:09:24,600 --> 00:09:26,600 I hope this was useful to you as well. 130 00:09:26,910 --> 00:09:28,300 We'll catch you in the next session. 131 00:09:28,320 --> 00:09:28,830 Thank you.