1

00:00:00,090 --> 00:00:01,380

All right, so welcome back, everyone.



2

00:00:01,410 --> 00:00:08,040

This is a speech and the session is about, again, the demo, the real time hack of LinkedIn accountants



3

00:00:08,280 --> 00:00:14,670

or I would say LinkedIn account takeover or hijack using beef and be back earlier.



4

00:00:14,670 --> 00:00:22,800

We have seen how we made it possible with beef and DPW, where I hope you're getting the purpose of



5

00:00:22,800 --> 00:00:30,600

DPW will be vapid just to me, just to make sure we have an infected website where there is no control



6

00:00:30,600 --> 00:00:36,370

over the data going outside of its perimeter of Facebook, in fact.



7

00:00:36,750 --> 00:00:42,510

OK, let's let's get our let's get our Carly ready.



8

00:00:42,690 --> 00:00:43,580

This is O'Kelley.



9

00:00:43,950 --> 00:00:48,050

And as you can see, the article has been started.



10

00:00:48,060 --> 00:00:52,720

So I, I, I hope you got the idea so far.



11

00:00:53,190 --> 00:00:55,360

First of all, you need to go to the beef.



12

00:00:55,740 --> 00:00:57,360

That's where you have your package.



13

00:00:57,510 --> 00:01:01,740

And from there you can run the beef script so that your beef get the launch.



14

00:01:02,160 --> 00:01:09,810

And once it is started, then you can go to the browser, you can go to the browser and that's where



15

00:01:09,810 --> 00:01:15,000

you can type your you know, that's where you can log into your UI.



16

00:01:18,570 --> 00:01:19,020

All right.



17

00:01:19,050 --> 00:01:21,930

So as of now, there's no online browser.



18

00:01:22,650 --> 00:01:23,310

Exactly.



19

00:01:23,310 --> 00:01:24,480

And it is as it is.



20

00:01:24,480 --> 00:01:29,340

And now we need some online browser at this moment will go to war with the machine.



21

00:01:29,370 --> 00:01:30,630

This is our Victor machine.



22

00:01:30,630 --> 00:01:34,230

And from there we launched the browser.



23

00:01:34,650 --> 00:01:40,420

And in this case, because we need do we need to compromise the what we call.



24

00:01:43,620 --> 00:01:49,220

We need to we need to we are making use of Beevor, which is the infected site in our case.



25

00:01:49,590 --> 00:02:00,420

So let's login to the OS, BWV and this is of SPW, what you see on the bottom over here, OK, and



26

00:02:00,420 --> 00:02:05,330

over there we have got multiple website, multiple wonderful links of the websites.



27

00:02:05,790 --> 00:02:08,360

I remember this is this is all hosted.



28

00:02:08,760 --> 00:02:15,970

This is all combined and hosted in OS BWV projects where you find all this packages available.



29

00:02:16,180 --> 00:02:23,880

So let's login to be VAP and the default credential is B, but all right, let's login.



30

00:02:24,180 --> 00:02:31,980

And now it's completely a simulation, not a kind of simulation where it is already infected so you



31

00:02:31,980 --> 00:02:35,490

can select your desired testing.



32

00:02:35,490 --> 00:02:37,710

So we would like to test affected exercise.



33

00:02:37,710 --> 00:02:45,810

Right, so we can make use of reflected get reflected exercice crossette scripting and get response.



34

00:02:46,410 --> 00:02:51,290

And that's where you can test yourself in fact any script.



35

00:02:51,300 --> 00:02:53,340

So let's say I test a simple script.



36

00:02:57,330 --> 00:03:04,800

C My idea is not to test something really simplistic or something which doesn't doesn't require it in



37

00:03:04,800 --> 00:03:12,600

the real world, although we might be taking help of initially, we might be making use of some basic



38

00:03:12,600 --> 00:03:17,280

tools some time just to make sure you understand how it really works.



39

00:03:17,280 --> 00:03:19,470

And the basic what the rest everything.



40

00:03:19,470 --> 00:03:26,430

It's all a continuous job of finding vulnerabilities so that you can move to move to and start compromising



41

00:03:26,430 --> 00:03:28,430

the latest platform as well.



42

00:03:28,440 --> 00:03:34,680

So let's see if we're testing on, i.e. at this moment, we can learn to test or learn to test the same



43

00:03:34,680 --> 00:03:37,390

thing with Chrome and Microsoft each as well.



44

00:03:37,920 --> 00:03:44,870

First of all, we need to see how exactly the method really works and then we can go at with the other



45

00:03:44,880 --> 00:03:46,280

other market leaders as well.



46

00:03:46,370 --> 00:03:46,630

Right.



47

00:03:47,280 --> 00:03:49,470

And then you can type anything into it.



48

00:03:49,470 --> 00:03:50,300

And let's see if.



49

00:03:50,610 --> 00:03:51,370

Oh, wonderful.



50

00:03:51,690 --> 00:03:58,440

So you see, we have just submitted some information to be VAP and it is giving the same script back



51

00:03:58,440 --> 00:04:00,610

to us as a part of effective exercise.



52

00:04:01,650 --> 00:04:06,760

This means it has a one ability and we are sure that this hack would be successful.



53

00:04:07,020 --> 00:04:07,370

All right.



54

00:04:08,310 --> 00:04:09,420

So let's get started.



55

00:04:09,990 --> 00:04:11,730

We have our hooked.



56

00:04:11,740 --> 00:04:14,790

Yes, OK, this is our juice.



57

00:04:14,790 --> 00:04:21,210

This is what we have to submit it to the beat at the infected site.



58

00:04:22,860 --> 00:04:24,480

Let's again create this script.



59

00:04:26,550 --> 00:04:29,610

Sorry and



60

00:04:32,790 --> 00:04:33,510

sorry.



61

00:04:33,530 --> 00:04:35,190

This is my bad.



62

00:04:36,030 --> 00:04:39,210

And we need to define the you are l.



63

00:04:44,020 --> 00:04:51,790

And then the IP address of the beef, which is 10, then, sorry, go and three thousand.



64

00:04:53,280 --> 00:04:54,390

Stasch.



65

00:04:58,040 --> 00:05:05,870

That is right, and that's any random number doesn't matter just that we have to feed, so you have



66

00:05:05,870 --> 00:05:07,070

to summon something.



67

00:05:07,100 --> 00:05:11,630

OK, now we have we have the scripts reading the figures.



68

00:05:12,110 --> 00:05:14,510

What is exactly going to happen at the moment?



69

00:05:14,510 --> 00:05:15,720

I click on Go.



70

00:05:15,770 --> 00:05:20,090

The JavaScript code will be submitted to Webapp.



71

00:05:20,750 --> 00:05:26,750

And because it is a redirection, I mean, because that is a redirection to this you warrant.



72

00:05:26,790 --> 00:05:33,590

So this request will be going to beef and that's why that's how the beef get directly beef.



73

00:05:33,920 --> 00:05:36,650

Establish the connection with the victim machine directly.



74

00:05:36,740 --> 00:05:41,540

OK, let's move on to let's see if we are getting the request.



75

00:05:41,990 --> 00:05:45,560

Establish an online browser on beef system.



76

00:05:48,390 --> 00:05:52,960

We'll probably have to wait all while wonderful, you could see it has been successful.



77

00:05:52,980 --> 00:05:58,110

We could see the what was earlier offline browser.



78

00:05:58,110 --> 00:06:00,560

Now that looks like online browser.



79

00:06:00,690 --> 00:06:06,150

You see this now what we have done earlier, we can try the same thing.



80

00:06:06,150 --> 00:06:08,900

In fact, we can do it with Langdon.



81

00:06:08,910 --> 00:06:13,820

Of course, as a part of it, we can do it with LinkedIn because the session is about that.



82

00:06:14,250 --> 00:06:19,130

But you can also drive at Facebook the way we have tried earlier, that this is what it is.



83

00:06:19,140 --> 00:06:19,590

And



84

00:06:22,470 --> 00:06:27,210

so this again, gives you the idea about the system is the same system.



85

00:06:27,220 --> 00:06:30,330

So we have information about the system, Mozilla and whatnot.



86

00:06:31,080 --> 00:06:33,570

Come on, let's go for social engineering.



87

00:06:33,570 --> 00:06:38,840

And then I hope you remember the green is for exploitable and unpredictable.



88

00:06:39,270 --> 00:06:41,070

What do you see in the oranges?



89

00:06:41,070 --> 00:06:43,720

Exploitable, but maybe detected by the users.



90

00:06:43,790 --> 00:06:48,260

Red is something which is not cannot be done for sure.



91

00:06:48,270 --> 00:06:51,940

And if you find some green, this means it's not really recognized.



92

00:06:52,530 --> 00:06:55,710

So let's go to petty theft.



93

00:06:55,710 --> 00:06:57,890

And from there we are.



94

00:06:58,800 --> 00:07:02,100

Let's first test with me Willingdon.



95

00:07:02,130 --> 00:07:05,880

OK, but then you test what is the backing.



96

00:07:06,270 --> 00:07:13,240

If you want to define some custom logo or something for any specific website, you can do that.



97

00:07:13,410 --> 00:07:21,080

The purpose is you can have any one horrible site, some user go there, user get redirected to any



98

00:07:21,090 --> 00:07:23,670

email or phishing email that you sent him across.



99

00:07:24,090 --> 00:07:27,360

From there, it submits to JavaScript to this vulnerable site.



100

00:07:27,630 --> 00:07:34,250

You get the response back as a JavaScript and from after noun words, the user is completely in control.



101

00:07:34,620 --> 00:07:38,100

Now, whatever we are doing, it's all post exploitation activity.



102

00:07:38,430 --> 00:07:44,670

So now you can completely control the user machine by sending any popup off, maybe LinkedIn or maybe



103

00:07:44,670 --> 00:07:50,160

Facebook saying that, okay, listen, your Facebook account has been locked out or, you know, in



104

00:07:50,160 --> 00:07:56,850

order to proceed further, let's log into your Google account or LinkedIn account and then user go ahead



105

00:07:56,850 --> 00:07:59,550

and submit the information and submit the credential.



106

00:07:59,550 --> 00:08:02,730

And we're supposed to get it on our beep system.



107

00:08:03,000 --> 00:08:03,870

Let's try it out.



108

00:08:06,120 --> 00:08:06,630

Wonderful.



109

00:08:06,660 --> 00:08:15,210

You see, we have just executed this LinkedIn and user get a prompt for LinkedIn that has teamed up



110

00:08:15,570 --> 00:08:16,230

for LinkedIn.



111

00:08:16,230 --> 00:08:16,520

Right.



112

00:08:16,830 --> 00:08:23,860

And let's say we do it for test and the regime and dot com and maybe password estis.



113

00:08:24,410 --> 00:08:30,840

OK, and let's Sinon, nothing happened, but something happened here.



114

00:08:31,920 --> 00:08:32,640

But see.



115

00:08:33,690 --> 00:08:34,140

Lovely.



116

00:08:34,830 --> 00:08:39,560

Can you see this, this Saiz answer is yes.



117

00:08:39,570 --> 00:08:40,950

Aderet G.M. dot com.



118

00:08:40,950 --> 00:08:45,140

And the password is this is really cool, right.



119

00:08:45,210 --> 00:08:49,410

This is how the account can be taken into account.



120

00:08:49,410 --> 00:08:50,930

Can be compromised for LinkedIn.



121

00:08:51,360 --> 00:08:53,000

I mean, not just for LinkedIn.



122

00:08:53,010 --> 00:08:56,410

In fact, this can be even done for Facebook as well.



123

00:08:56,430 --> 00:09:05,830

You can even execute a game for the Facebook and you can see it's working very so best one maybe or



124

00:09:06,330 --> 00:09:12,930

two at G.M. dot com password could be test one, two, three.



125

00:09:13,470 --> 00:09:16,830

That login didn't work again.



126

00:09:17,280 --> 00:09:19,980

But did it did we get the response.



127

00:09:21,040 --> 00:09:21,920

Yes, that's right.



128

00:09:22,440 --> 00:09:23,700

I hope you got the idea.



129

00:09:24,600 --> 00:09:26,600

I hope this was useful to you as well.



130

00:09:26,910 --> 00:09:28,300

We'll catch you in the next session.



131

00:09:28,320 --> 00:09:28,830

Thank you.