1
00:00:00,180 --> 00:00:05,910
Hello everybody and welcome to the next section in our ethical hacking course.

2
00:00:05,910 --> 00:00:11,810
Now in the previous section we finished with deep wireless penetration testing section.

3
00:00:12,060 --> 00:00:18,900
And we also before that initially that penetration testing section right now let's see what we can do

4
00:00:19,020 --> 00:00:22,620
after we actually exploit the network itself.

5
00:00:22,620 --> 00:00:28,200
So we saw in the previous section how we can exploit the network or basically hack a Wi-Fi and get into

6
00:00:28,200 --> 00:00:29,760
the local network.

7
00:00:29,760 --> 00:00:33,810
Now let's see what we can do once we are in.

8
00:00:33,810 --> 00:00:41,080
So this is a special section for a certain attack that probably most of you have heard of.

9
00:00:41,360 --> 00:00:47,970
Uh it is one of the most common attacks and one of the most known attacks that there are and it is called

10
00:00:48,060 --> 00:00:50,640
Man in the middle attack.

11
00:00:50,780 --> 00:00:55,430
Now the men in the middle attack basically is the same as it sounds.

12
00:00:55,430 --> 00:01:02,430
It is somewhat interfering with the connection between a victim and the router.

13
00:01:02,450 --> 00:01:09,320
So let me just explain to you before I explain the attack itself we need to learn something about a

14
00:01:09,320 --> 00:01:14,000
certain protocol code called our protocol and our packets.

15
00:01:14,000 --> 00:01:21,860
Now that is a very important thing to learn since it is the fundamental of the of the network discovery.

16
00:01:21,860 --> 00:01:28,040
And also it is the fundamental of the men in the middle attack the understanding the protocol itself

17
00:01:28,040 --> 00:01:31,400
will also help you understand the attack.

18
00:01:31,400 --> 00:01:33,260
So what is the protocol.

19
00:01:33,440 --> 00:01:40,280
Well our protocol basically stands for the our poor solution protocol and it is one of the most simple

20
00:01:40,280 --> 00:01:45,970
ones since it is only used for a discovery of MAC addresses.

21
00:01:46,160 --> 00:01:49,930
For example let's let's see what's my I have config.

22
00:01:49,940 --> 00:01:52,100
So my No.

23
00:01:52,100 --> 00:01:53,380
Pardon me my IP address.

24
00:01:53,420 --> 00:02:01,700
So my IP IP address is one do that 168 that one that for now let's say for example I wanted to communicate

25
00:02:01,730 --> 00:02:06,130
with the router I would have to communicate with its Mac had first.

26
00:02:06,140 --> 00:02:13,310
So what I will do is I would send up an hour packet in order to discover what the MAC address of the

27
00:02:13,310 --> 00:02:14,270
router is.

28
00:02:14,270 --> 00:02:22,490
So the packet would say uh sound something that it would be something like this uh who is 192 that 168

29
00:02:22,490 --> 00:02:28,070
that one that one tell one ninety two that 168 that one that for.

30
00:02:28,220 --> 00:02:35,480
And then the router would respond to me with the answer I am and one ninety two one that the 168 THAT

31
00:02:35,480 --> 00:02:36,160
ONE THAT ONE.

32
00:02:36,230 --> 00:02:42,010
AND THIS IS MY MAC address and then would a process of communication would continue.

33
00:02:42,020 --> 00:02:50,960
Now the all every P.C. there is something called the ARP table or basically where you store the MAC

34
00:02:50,960 --> 00:02:58,580
addresses of the certain devices that are on your local area network for example in order to check the

35
00:02:59,110 --> 00:03:04,130
root of which once reach devices you have stored in your ARP tables on your account in this machine

36
00:03:04,130 --> 00:03:12,620
you can just type here ARP minus 8 and it will show you right here that it only has my router stored

37
00:03:12,650 --> 00:03:19,280
which is normal seen it says right here Gateway the IP address one right to that 168 that one that one

38
00:03:19,370 --> 00:03:25,530
and it gives us its mac address sensitive it performed the ARP request on it.

39
00:03:25,540 --> 00:03:33,240
Now as we can see right here I for example do not have the my main P.C. right here in my card tables.

40
00:03:33,250 --> 00:03:36,200
So let's actually perform.

41
00:03:36,670 --> 00:03:38,500
Let me show you how you can do it.

42
00:03:38,530 --> 00:03:45,250
So let me just open my command prompt and find out the IP address of my main P.C. so you will see the

43
00:03:45,250 --> 00:03:49,960
IP address of my main P.C. is one ninety two that 168 that one but five.

44
00:03:49,990 --> 00:03:56,920
Now in order for me to know to communicate with domain P.C. I would have to find out the MAC address

45
00:03:56,920 --> 00:03:57,700
of it first.

46
00:03:57,700 --> 00:04:05,050
Now we can do that with the ARP request and our request we will automatically be perform if I bring

47
00:04:05,430 --> 00:04:13,900
my mind SBC so ping one or two that one 68 that one that five count and we can specify a count three

48
00:04:14,170 --> 00:04:17,240
and it will ping my main P.C. three times.

49
00:04:17,420 --> 00:04:24,220
And now you will see if I run out minus say again I will have two devices right here as we can see I

50
00:04:24,220 --> 00:04:30,760
also now have one night to that 168 at one at five and I also have the MAC address of my windows P.C.

51
00:04:32,360 --> 00:04:39,290
we got it since the ICMP request or the ping request actually had to perform the ARP request first in

52
00:04:39,290 --> 00:04:46,650
order to find out what is the MAC address of my windows P.C. in order to send the ping requests that

53
00:04:46,650 --> 00:04:49,200
is a simple idea behind the ARP request.

54
00:04:49,470 --> 00:04:52,510
Now there is also there are two things about the AAP.

55
00:04:52,530 --> 00:05:00,480
They are our requests and our responses are our requests are basically something you send to our outer

56
00:05:00,480 --> 00:05:09,090
for example as they said who is and the AAP reply starts with my I am or the debt my IP address is located

57
00:05:09,090 --> 00:05:10,920
at that MAC address.

58
00:05:10,920 --> 00:05:17,580
So let me just show you if we open up our white shark we should be able to see some our progress flowing

59
00:05:17,580 --> 00:05:18,430
around.

60
00:05:18,600 --> 00:05:24,960
Maybe you will understand it better and after that I will also show you the contents of the our request

61
00:05:25,020 --> 00:05:27,760
in a Skippy which is a python library.

62
00:05:27,810 --> 00:05:34,620
So let me just open this and we can feel throughout our.

63
00:05:35,510 --> 00:05:36,290
At the beginning.

64
00:05:36,290 --> 00:05:39,860
So let's just wait for some or we do not need to wait.

65
00:05:39,860 --> 00:05:49,690
Let us just being something or no I need to open a new terminal since this is Terminal 4 why a shark

66
00:05:53,790 --> 00:05:58,130
and let us try to pin one wanted to that 168 that won that fight.

67
00:05:59,600 --> 00:06:03,840
I will not give us the opera responses since we already have.

68
00:06:04,080 --> 00:06:04,920
Oh never mind.

69
00:06:05,880 --> 00:06:07,770
But this is not OK.

70
00:06:07,770 --> 00:06:12,140
So it did give us the our responses even though we had it in the ark tables.

71
00:06:12,240 --> 00:06:13,550
We can have it right here.

72
00:06:13,590 --> 00:06:14,610
Let us just close this.

73
00:06:14,610 --> 00:06:15,790
This is enough.

74
00:06:15,810 --> 00:06:19,290
You can see that this simple concept of the Ark protocol is this.

75
00:06:19,290 --> 00:06:27,840
So we send to the uh to the broadcast Mecca to the broadcast MAC address so to everyone we send a question

76
00:06:27,870 --> 00:06:35,520
who has 192 that 168 that one therefore tell 192 that 168 that one but five or basically let me just

77
00:06:35,520 --> 00:06:36,230
check this.

78
00:06:36,240 --> 00:06:37,050
This is reverse.

79
00:06:37,060 --> 00:06:45,710
So one idea to the 168 that one that 5 is my window specie and that 4 is our cleanest machine.

80
00:06:45,710 --> 00:06:46,680
So OK.

81
00:06:46,860 --> 00:06:54,630
So this request right here was performed by our Windows machine as we can see who has and then the IP

82
00:06:54,630 --> 00:07:00,390
address of the clinic's machine and tell the IP address of our Windows 10 machine.

83
00:07:00,390 --> 00:07:06,540
So this was a package that was sent by our Windows 10 machine to be broadcast address so everyone on

84
00:07:06,540 --> 00:07:09,010
the local area network received this packet.

85
00:07:09,210 --> 00:07:14,370
And the one that no the MAC address of the clinic's machine will respond.

86
00:07:14,370 --> 00:07:18,830
And the response comes from basically us.

87
00:07:19,100 --> 00:07:24,170
It can also come from the router as we can see right here my night to that 168.

88
00:07:24,170 --> 00:07:30,150
That one that 4 is at this MAC address and this is an ARP response.

89
00:07:30,210 --> 00:07:31,650
This is the same thing.

90
00:07:31,650 --> 00:07:32,440
Just reverse.

91
00:07:32,430 --> 00:07:38,070
So here we we are asking as a Kleenex machine we are asking who is the to stand.

92
00:07:38,160 --> 00:07:42,180
And here is the reply we understand is at this MAC address.

93
00:07:42,180 --> 00:07:46,860
So those are just basic concept of the our requests and our replies

94
00:07:50,260 --> 00:07:56,830
so we will just close this with without saving OK.

95
00:07:56,930 --> 00:08:00,890
And now let me show you something else.

96
00:08:01,610 --> 00:08:08,690
Let me just enlarge this so we zoom it in and if you type your escapee in your Kleenex it will open

97
00:08:08,690 --> 00:08:12,410
up something uh some kind of a python library.

98
00:08:12,830 --> 00:08:19,700
Basically we will cover it later on for now and just type here Alice and then art and you will see the

99
00:08:19,730 --> 00:08:22,190
contents of the ARP packet.

100
00:08:22,210 --> 00:08:26,490
Now you do not care about most of these or actually you care about.

101
00:08:26,490 --> 00:08:33,230
Around half of these so the O.P. right here stands for either request or reply no one will be set to

102
00:08:33,230 --> 00:08:35,540
request the number two will be set to reply.

103
00:08:35,690 --> 00:08:42,200
You can see that in the art packet there is a specified the source IP field and the IP field of the

104
00:08:42,200 --> 00:08:43,220
destination.

105
00:08:43,220 --> 00:08:50,210
So basically source IP field would be our IP address and the IP field for the destination would be the

106
00:08:50,210 --> 00:08:51,280
targets IP address.

107
00:08:51,290 --> 00:08:59,090
So let's say I want to perform an art packet that asks for the IP field or for the death for the mac

108
00:08:59,090 --> 00:09:00,270
address of our author.

109
00:09:00,350 --> 00:09:05,660
I would specify my my mac address right here and I will specify the writers I IP address right here

110
00:09:05,870 --> 00:09:07,850
in the IP destination address.

111
00:09:07,850 --> 00:09:13,850
We also need to specify our mac address and the destination MAC address which we will be of which we

112
00:09:13,850 --> 00:09:14,870
will be receiving.

113
00:09:15,050 --> 00:09:19,560
So we specify our mac address so that we can get the reply.

114
00:09:19,820 --> 00:09:29,390
And in the destination MAC address we will get the answer of what MAC addresses stored at that IP address

115
00:09:29,390 --> 00:09:36,780
that we are searching for so that is basically the simple concept of the art protocol.

116
00:09:37,140 --> 00:09:38,490
Now you might be asking.

117
00:09:38,550 --> 00:09:40,050
Let me just close this.

118
00:09:40,050 --> 00:09:43,450
You might be asking why am I showing you all this.

119
00:09:43,470 --> 00:09:50,310
Well it is the as I said it is the fundamental of demand in the middle attack as the all man in the

120
00:09:50,310 --> 00:09:51,240
middle tax base.

121
00:09:51,240 --> 00:09:55,970
We start with the R spoofing and what is ARB spoofing.

122
00:09:55,980 --> 00:09:59,180
I will talk about in the next lecture.

123
00:09:59,320 --> 00:10:02,780
Uh I just wanted to give you a brief overview of what our protocol is.

124
00:10:02,790 --> 00:10:07,090
If you want to you can search a little bit more about it and read on it.

125
00:10:07,120 --> 00:10:12,960
It's really not that hard to understand it especially once we run this attack in practical you will

126
00:10:13,080 --> 00:10:19,860
understand it even more so let me just finish editorialized here and in the next one hour in theory

127
00:10:19,860 --> 00:10:24,750
explain what the attack will be that we will perform which is amendment or attack.

128
00:10:24,750 --> 00:10:28,050
So I hope I see you there and take care by.