1 00:00:01,000 --> 00:00:05,890 So as we've seen in the previous lesson, passwords really are problems, aren't they? 2 00:00:06,700 --> 00:00:08,860 We can reveal passwords stored in a browser. 3 00:00:08,860 --> 00:00:12,850 We can also sniff passwords running across a network. 4 00:00:13,090 --> 00:00:18,820 In this lesson, we're going to see how to use a tool called Wireshark, a really popular tool for security 5 00:00:18,820 --> 00:00:22,180 and for hacking to capture unencrypted passwords. 6 00:00:22,180 --> 00:00:27,460 When they go across our network, you're going to see why you should always make sure you've got a secure 7 00:00:27,460 --> 00:00:31,090 connection and connection to a website. 8 00:00:31,090 --> 00:00:36,970 Whenever you enter your username and password, we're going to need to run three virtual machines to 9 00:00:36,970 --> 00:00:37,860 work this lab. 10 00:00:37,870 --> 00:00:42,100 I'm going to show you you can do this several different ways because I'm going to show you how to use 11 00:00:42,100 --> 00:00:47,020 your medicine, voidable your Windows seven and your Windows 10 VMS. 12 00:00:47,020 --> 00:00:51,760 And we're going to listen in to our local area network from this Windows 10 machine. 13 00:00:51,760 --> 00:00:57,310 And we're going to capture information going from our Windows seven computer, trying to log in to a 14 00:00:57,310 --> 00:01:00,030 website on a Mideast voidable box. 15 00:01:00,370 --> 00:01:02,680 So, first of all, let's start up get exploitable. 16 00:01:03,490 --> 00:01:08,110 And if you've logged out of Métis voidable or if it's shut down and you have to restart, remember, 17 00:01:08,110 --> 00:01:17,320 MSF a.T.M in it's given to us right here is the log in and MSF in the high end as the password. 18 00:01:17,620 --> 00:01:26,050 And we just need to do an IV config to make sure we get the 10 Agota three address that that machine 19 00:01:26,050 --> 00:01:26,520 is on. 20 00:01:26,530 --> 00:01:34,450 So it is on my 10 Dorota three to five this time and then we can minimize the Métis floatable virtual 21 00:01:34,450 --> 00:01:35,380 machine window. 22 00:01:37,600 --> 00:01:44,560 Next, we're going to run our Windows seven box, and we just need to check for sure what network that 23 00:01:44,560 --> 00:01:45,820 Windows seven machine is on. 24 00:01:45,850 --> 00:01:49,370 We're going to make sure that we're on our V box net zero host only adapters. 25 00:01:49,390 --> 00:01:52,210 Well, that should give us a 10 Agota three address. 26 00:01:52,220 --> 00:01:54,580 We don't need to worry about the address of the Windows seven box. 27 00:01:54,880 --> 00:01:56,110 Just get it up and running. 28 00:01:56,740 --> 00:02:02,050 Then finally, we're going to open the Windows 10 VM and go ahead and log into it. 29 00:02:02,620 --> 00:02:07,150 And we're going to need to connect the Windows 10 machine out to the public in that network just for 30 00:02:07,150 --> 00:02:10,180 a moment so that we can download Wireshark. 31 00:02:10,540 --> 00:02:13,210 So come with me to the network controller for the Windows 10. 32 00:02:13,210 --> 00:02:20,110 We're going to take it off of host only go to the Nat network public Matt and hit OK, come down to 33 00:02:20,110 --> 00:02:23,770 the lower right corner and we're going to disconnect that network adapter. 34 00:02:24,730 --> 00:02:30,760 Then we're going to reconnect it and then we will try one of our browsers to see if we get a good connection 35 00:02:30,760 --> 00:02:35,810 not to the Internet, let's say Wireshark dot org. 36 00:02:36,370 --> 00:02:41,660 If you don't get a good connection to the Internet there, just reconnect that network adapter and try 37 00:02:41,660 --> 00:02:42,150 it again. 38 00:02:43,060 --> 00:02:47,230 And if you still don't get an Internet connection, we just need to run ACMD. 39 00:02:48,860 --> 00:02:50,570 Can do IP config. 40 00:02:52,710 --> 00:02:58,410 And you can see we've still got a private internal host, only ten point three address, I'm going to 41 00:02:58,410 --> 00:03:02,580 say IP config release. 42 00:03:05,500 --> 00:03:13,690 And then IPE configuring you now that we have a 10 down 099 address, we're public to the Internet, 43 00:03:13,690 --> 00:03:15,460 we should be able to reload this page. 44 00:03:16,760 --> 00:03:24,980 And we're going to download Wireshark from Wireshark, Dot, R.G., come to the download link and we're 45 00:03:24,980 --> 00:03:30,440 running a 64 bit version of Windows, so we're going to download the 64 bit Windows installer. 46 00:03:31,740 --> 00:03:36,450 They should take just a little while to download, and then you'll run the installer to set up Wireshark 47 00:03:36,990 --> 00:03:42,660 and the installer will take you through just a regular couple of next's and agrees when it comes to 48 00:03:42,660 --> 00:03:49,140 the part that asks if you want to install wind cap, yes, you need to install whimp cap that allows 49 00:03:49,140 --> 00:03:52,890 us to do packett capturing on windows hit next. 50 00:03:53,730 --> 00:03:57,930 And you don't need to install USB cap, but if you want to, that's one that you can add as well. 51 00:03:59,570 --> 00:04:05,160 We'll just click next and allow it to install during the installation, you get a pop up like this one 52 00:04:05,180 --> 00:04:07,700 says, Welcome to Whimp Cap installation. 53 00:04:09,590 --> 00:04:12,050 You just want to next and agree your way through. 54 00:04:13,470 --> 00:04:17,610 And it'll automatically start the Wimpey cab driver at boot time install. 55 00:04:18,870 --> 00:04:26,640 And finish when Wireshark finishes installing him next, and we can go ahead and run Wireshark as soon 56 00:04:26,640 --> 00:04:32,700 as it finishes and we are going to take Wireshark off of our public Internet. 57 00:04:32,710 --> 00:04:37,500 Now that we have Wireshark installed, we want to make sure that this machine is not running on our 58 00:04:37,500 --> 00:04:38,400 public network. 59 00:04:38,410 --> 00:04:39,390 Let's switch it back. 60 00:04:41,440 --> 00:04:43,030 So on your network adaptor. 61 00:04:44,010 --> 00:04:48,750 Take it off the NAT network and bring it back to the host, only the box net zero. 62 00:04:50,200 --> 00:04:56,860 Click OK, and then one more change while we're in the network, we can come to advanced for this vaccine 63 00:04:56,860 --> 00:05:02,830 at zero and we're going to turn on what we call promiscuous mode and we're going to allow that for all 64 00:05:02,830 --> 00:05:03,760 the victims. 65 00:05:04,360 --> 00:05:12,340 What this means is we're going to override some of the code that's part of our network adapter card 66 00:05:12,610 --> 00:05:18,490 that keeps that network adapter card from paying attention to traffic that's meant for other computers 67 00:05:18,910 --> 00:05:19,780 by default. 68 00:05:20,230 --> 00:05:27,700 Everything that flows over the network is visible, but on most network cards, promiscuous mode is 69 00:05:27,700 --> 00:05:28,540 turned off. 70 00:05:28,750 --> 00:05:34,000 We're going to allow promiscuous mode for our VMS so that we'll be able to see traffic that's meant 71 00:05:34,000 --> 00:05:36,160 for other victims from one computer. 72 00:05:36,430 --> 00:05:39,970 If you're doing this on a larger network, you can even turn it on for all. 73 00:05:39,970 --> 00:05:44,850 If you are the owner and operator of that network and have explicit permission to do so. 74 00:05:45,340 --> 00:05:52,630 Running Wireshark on a public network or on a shared network or on your work or school network can get 75 00:05:52,630 --> 00:05:54,100 you into a lot of trouble. 76 00:05:54,100 --> 00:05:56,880 So don't do this anywhere that you don't have access. 77 00:05:56,890 --> 00:05:58,840 So we're going to allow just for VMS. 78 00:06:00,260 --> 00:06:07,400 And click OK, then, to be safe, we're going to come back to our command prompt in Windows 10 will 79 00:06:07,400 --> 00:06:08,810 type ACMD. 80 00:06:09,830 --> 00:06:19,100 And we will do an IP config release and an IP config slash renew. 81 00:06:24,260 --> 00:06:31,040 And when that comes back with a ten point 023 address, we know we are on the private internal host 82 00:06:31,040 --> 00:06:35,210 only Network Tendo, not three to six, and we can proceed with the lab. 83 00:06:35,480 --> 00:06:37,130 We'll see how to sniff the password. 84 00:06:37,130 --> 00:06:43,370 Now that we've got a Wireshark set up, we will try to log into a Web page from our Windows seven box 85 00:06:43,370 --> 00:06:45,110 onto the Métis voidable machine. 86 00:06:45,350 --> 00:06:51,260 And this Windows 10 computer off to the side is going to sniff that username and password. 87 00:06:51,500 --> 00:06:52,760 We'll see it in the next lesson.