1
00:00:00,330 --> 00:00:02,380
Everybody and welcome back.

2
00:00:02,460 --> 00:00:08,160
And in the previous video I showed you how you can install the tool correctly with all the programs

3
00:00:08,190 --> 00:00:08,860
it needs.

4
00:00:08,880 --> 00:00:10,850
And right now we are good to go.

5
00:00:10,860 --> 00:00:15,610
And we should be ready to run our first hour spoofing attack on this two.

6
00:00:15,660 --> 00:00:22,560
Now if we type here let me just clear the screen and type once again and my TMF So you can either run

7
00:00:22,560 --> 00:00:23,420
it with this.

8
00:00:23,450 --> 00:00:28,380
So dot and then slash and add the name of the program or you can run it with Python and then add my

9
00:00:28,380 --> 00:00:30,630
TMF minus Ritesh dash help.

10
00:00:31,590 --> 00:00:36,000
So it will run the same output which is our available options for this program.

11
00:00:36,150 --> 00:00:41,070
So let us see what we should use in order to run these simple are spoofing attack.

12
00:00:41,100 --> 00:00:47,250
So if we scroll up we can see first thing that catches our eye is this proof right here.

13
00:00:47,250 --> 00:00:52,290
So redirect modify traffics using ICMP de FCP or DNS.

14
00:00:52,290 --> 00:00:55,610
Now for the first attack we want to use the ARB poker.

15
00:00:55,650 --> 00:00:58,910
So what what we need to specify is two comments right here.

16
00:00:58,950 --> 00:01:04,740
One of them each is this pork which is basically just loading the plug in spool and the next one is

17
00:01:04,740 --> 00:01:09,150
the minus minus ARP which redirects traffic using ARP spoofing.

18
00:01:09,150 --> 00:01:11,420
Now we already talked about our scoping is.

19
00:01:11,430 --> 00:01:15,630
So you should already be familiar with what kind of attack we're running right here.

20
00:01:15,630 --> 00:01:19,770
Now there are a few other things that we also need to specify.

21
00:01:19,920 --> 00:01:25,740
Besides these two as you remember in these previous videos where we run with three commands they are

22
00:01:25,740 --> 00:01:26,180
spoofing.

23
00:01:26,190 --> 00:01:28,190
We had to specify the targets.

24
00:01:28,200 --> 00:01:35,420
Now right here we can run the option in attack on all the targets that are on our local network.

25
00:01:35,490 --> 00:01:38,880
We do not need to specify the target even though we can.

26
00:01:38,880 --> 00:01:44,370
For example if you only wanted to target one simple one The P.C. you could do that with minus minus

27
00:01:44,370 --> 00:01:45,520
target command I believe.

28
00:01:45,960 --> 00:01:52,350
But if you do not specify any target and you only specify the gateway you will be are spoofing everyone

29
00:01:52,410 --> 00:01:54,170
on the local area network.

30
00:01:54,180 --> 00:01:56,960
So let's see how that works.

31
00:01:57,030 --> 00:02:06,210
Basically as I said we want to specify this pull plug in the r plugin and also let me just scroll up.

32
00:02:06,240 --> 00:02:08,750
I believe it's somewhere here.

33
00:02:08,890 --> 00:02:12,200
As you can see there are a bunch of options right here.

34
00:02:12,210 --> 00:02:16,350
Also what you need to specify is the minus eye for the interface.

35
00:02:16,350 --> 00:02:18,010
So we need to specify the interface.

36
00:02:18,070 --> 00:02:24,000
We're listening on and minus minus gateway for the hour round IP address.

37
00:02:24,000 --> 00:02:26,700
Let me see if it is really minus minus gateway.

38
00:02:26,700 --> 00:02:27,210
Here it is.

39
00:02:27,240 --> 00:02:29,970
So specify the gateway IP.

40
00:02:29,970 --> 00:02:33,790
Now we need those four options to run a simple option open attack.

41
00:02:34,320 --> 00:02:37,490
So let's clear the screen and type IV config.

42
00:02:37,950 --> 00:02:40,680
We can see that my interfaces DHS zero.

43
00:02:40,680 --> 00:02:45,810
Now as I said before you can use an interface you want if you have connected your wireless adapter you

44
00:02:45,810 --> 00:02:47,930
can use that interface as well.

45
00:02:48,090 --> 00:02:52,700
I'll be using this interface since that interface is time connected on the network.

46
00:02:52,890 --> 00:03:00,030
So that to start off with minus slash without slash and then add my DMX might not by her the first thing

47
00:03:00,030 --> 00:03:04,250
we want to specify would basically be the interface we're running on.

48
00:03:04,250 --> 00:03:05,940
So let's type here minus I.

49
00:03:06,060 --> 00:03:09,120
And then it is a zero which is our interface.

50
00:03:09,120 --> 00:03:17,280
So after that let's load the plug in spoof for spoofing attacks and let's set that to spoof with the

51
00:03:17,280 --> 00:03:19,140
ARB protocol.

52
00:03:19,360 --> 00:03:25,180
There lasting as I said that we need to specify is the gateway we did minus minus Gateway command.

53
00:03:25,470 --> 00:03:28,710
And after that we specify the routers IP address.

54
00:03:28,710 --> 00:03:35,700
Now if you do not know your alters IP address you can simply just open up another terminal and type

55
00:03:35,700 --> 00:03:37,980
your net stat minus an hour.

56
00:03:38,100 --> 00:03:41,260
It will give you the gateway IP address which is this one for me.

57
00:03:41,310 --> 00:03:47,520
You can also you check the this IP address with I have config and it will also give you and just find

58
00:03:47,550 --> 00:03:49,560
where it should give you the Gateway.

59
00:03:52,560 --> 00:03:58,900
Well never mind it doesn't seem to give the gateway but you can use nets that minus an R and it will

60
00:03:58,910 --> 00:04:01,530
for sure give you the gateway IP address.

61
00:04:01,530 --> 00:04:08,400
So once you find out your gateway IP address this type one I do that 168 at 1 1 and we will be ready

62
00:04:08,400 --> 00:04:09,210
to run the attack.

63
00:04:09,210 --> 00:04:16,470
So let me just show you once again with the command prompt and art minus a comment we can see that currently

64
00:04:16,470 --> 00:04:24,420
before we run the attack we can see that art minus eight gives a legit Mac address for our rather IP

65
00:04:24,750 --> 00:04:26,630
as we can see when I do that.

66
00:04:26,680 --> 00:04:31,830
Said that one one has this mac address and this right here is my laptop.

67
00:04:31,830 --> 00:04:33,040
And let me just find.

68
00:04:33,060 --> 00:04:33,460
OK.

69
00:04:33,480 --> 00:04:39,130
It doesn't seem to have the the clinic's machines at MAC address right here.

70
00:04:39,270 --> 00:04:41,780
But soon enough it will have it right here.

71
00:04:41,820 --> 00:04:48,300
So we will be having this MAC address as you can see right here from the IV config output on our clinic's

72
00:04:48,300 --> 00:04:53,190
machine instead of this MAC address right here on the Reuters IP address.

73
00:04:53,190 --> 00:04:54,870
So let's run the attack.

74
00:04:55,200 --> 00:04:56,850
Just press here enter.

75
00:04:56,850 --> 00:05:02,610
It will load up this banner that they have it will load up all the plugins they have as we can see spoof

76
00:05:02,730 --> 00:05:04,740
are spoofing enabled.

77
00:05:04,890 --> 00:05:06,520
We can have something you.

78
00:05:06,690 --> 00:05:09,170
These are just some of the options that you can specify.

79
00:05:09,540 --> 00:05:16,830
And right now these spoofing is enabled and we are spoofing the entire network as we can see if I type

80
00:05:17,010 --> 00:05:25,340
out minus say once again the MAC address of the router is the same now as the MAC address of our Kelvin

81
00:05:25,470 --> 00:05:27,240
machine as we can see right here.

82
00:05:27,240 --> 00:05:32,630
So these two are saying which means we are we successfully spoofed these windows machine.

83
00:05:32,700 --> 00:05:37,510
Now let's see how what we can do once we spoof the machine.

84
00:05:37,650 --> 00:05:42,610
So I'm right here on my google chrome on Windows 10.

85
00:05:42,630 --> 00:05:50,910
And if I go to a simple Web site so we can see that in the app of our spoofing machine we can actually

86
00:05:50,910 --> 00:05:57,980
see that the we can actually see who is visiting which Web site as we can see that one eye to that one

87
00:05:57,990 --> 00:06:03,750
to say that one that sticks on the Chrome OS Windows is visiting this Web site right here.

88
00:06:03,750 --> 00:06:10,620
Now be aware that this will not show for every Web site for example if I was its Twitter.

89
00:06:10,980 --> 00:06:15,850
Let me just show you and I go right here.

90
00:06:15,850 --> 00:06:22,650
It will not show us that the target has visited with dot com since Twitter is on edge the DP s over

91
00:06:22,650 --> 00:06:23,370
to us.

92
00:06:23,380 --> 00:06:30,850
Now that is basically no not yet one or both to the man in the middle attack or to the decryption tax

93
00:06:30,860 --> 00:06:34,550
so we won't be able to see which Web site is the target visiting.

94
00:06:34,550 --> 00:06:43,130
This will only work on HRT websites and on a GDP as websites running over SSL while performing the SSL

95
00:06:43,130 --> 00:06:46,070
strip which I will show in the next videos.

96
00:06:46,070 --> 00:06:48,720
Now for example.

97
00:06:50,090 --> 00:06:58,790
If you have a page over HDP and that page has a log in for example form with username and password and

98
00:06:59,180 --> 00:07:05,390
anyone now on the local network types the log in username and password there it will be visible in the

99
00:07:05,870 --> 00:07:11,770
output of our ARB spoofing attack so we will be having username and password printed out right here.

100
00:07:12,410 --> 00:07:21,830
But if someone for example goes to the to the HRT website as we can see right here and goes to a simple

101
00:07:23,120 --> 00:07:30,580
simple log logging form as we can see it is a shitty CPS and our target right here cannot really.

102
00:07:30,650 --> 00:07:37,400
Or our program right here cannot really see that website since it is our CPS and someone type plotting

103
00:07:37,430 --> 00:07:38,530
over a CPS.

104
00:07:38,570 --> 00:07:45,770
It will not print up anything in our output right here since it cannot perform as cell strip since we

105
00:07:45,770 --> 00:07:47,690
didn't specify it yet.

106
00:07:47,690 --> 00:07:52,790
Now in the next videos I will show you how we can actually gather the user name and password from this

107
00:07:52,790 --> 00:07:53,690
website as well.

108
00:07:53,690 --> 00:08:02,450
Even though it is over HDP s performing the SSL strip so that would be it about this tutorial.

109
00:08:02,450 --> 00:08:07,100
This was just as simple as simple arm spoofing attack.

110
00:08:07,100 --> 00:08:13,100
So this simple attack will only work as I said on AC DP websites for now and since we didn't really

111
00:08:13,100 --> 00:08:15,760
use the SSL strip option.

112
00:08:16,490 --> 00:08:22,520
So this is the most simple version of it of the attack that we can do and that will show you some of

113
00:08:22,520 --> 00:08:25,580
the more advanced versions in the next videos.

114
00:08:25,580 --> 00:08:28,540
Hope you enjoyed this video and I hope I see you in the next one.

115
00:08:28,670 --> 00:08:28,920
By.