1
00:00:01,000 --> 00:00:05,890
So as we've seen in the previous lesson, passwords really are problems, aren't they?

2
00:00:06,700 --> 00:00:08,860
We can reveal passwords stored in a browser.

3
00:00:08,860 --> 00:00:12,850
We can also sniff passwords running across a network.

4
00:00:13,090 --> 00:00:18,820
In this lesson, we're going to see how to use a tool called Wireshark, a really popular tool for security

5
00:00:18,820 --> 00:00:22,180
and for hacking to capture unencrypted passwords.

6
00:00:22,180 --> 00:00:27,460
When they go across our network, you're going to see why you should always make sure you've got a secure

7
00:00:27,460 --> 00:00:31,090
connection and connection to a website.

8
00:00:31,090 --> 00:00:36,970
Whenever you enter your username and password, we're going to need to run three virtual machines to

9
00:00:36,970 --> 00:00:37,860
work this lab.

10
00:00:37,870 --> 00:00:42,100
I'm going to show you you can do this several different ways because I'm going to show you how to use

11
00:00:42,100 --> 00:00:47,020
your medicine, voidable your Windows seven and your Windows 10 VMS.

12
00:00:47,020 --> 00:00:51,760
And we're going to listen in to our local area network from this Windows 10 machine.

13
00:00:51,760 --> 00:00:57,310
And we're going to capture information going from our Windows seven computer, trying to log in to a

14
00:00:57,310 --> 00:01:00,030
website on a Mideast voidable box.

15
00:01:00,370 --> 00:01:02,680
So, first of all, let's start up get exploitable.

16
00:01:03,490 --> 00:01:08,110
And if you've logged out of Métis voidable or if it's shut down and you have to restart, remember,

17
00:01:08,110 --> 00:01:17,320
MSF a.T.M in it's given to us right here is the log in and MSF in the high end as the password.

18
00:01:17,620 --> 00:01:26,050
And we just need to do an IV config to make sure we get the 10 Agota three address that that machine

19
00:01:26,050 --> 00:01:26,520
is on.

20
00:01:26,530 --> 00:01:34,450
So it is on my 10 Dorota three to five this time and then we can minimize the Métis floatable virtual

21
00:01:34,450 --> 00:01:35,380
machine window.

22
00:01:37,600 --> 00:01:44,560
Next, we're going to run our Windows seven box, and we just need to check for sure what network that

23
00:01:44,560 --> 00:01:45,820
Windows seven machine is on.

24
00:01:45,850 --> 00:01:49,370
We're going to make sure that we're on our V box net zero host only adapters.

25
00:01:49,390 --> 00:01:52,210
Well, that should give us a 10 Agota three address.

26
00:01:52,220 --> 00:01:54,580
We don't need to worry about the address of the Windows seven box.

27
00:01:54,880 --> 00:01:56,110
Just get it up and running.

28
00:01:56,740 --> 00:02:02,050
Then finally, we're going to open the Windows 10 VM and go ahead and log into it.

29
00:02:02,620 --> 00:02:07,150
And we're going to need to connect the Windows 10 machine out to the public in that network just for

30
00:02:07,150 --> 00:02:10,180
a moment so that we can download Wireshark.

31
00:02:10,540 --> 00:02:13,210
So come with me to the network controller for the Windows 10.

32
00:02:13,210 --> 00:02:20,110
We're going to take it off of host only go to the Nat network public Matt and hit OK, come down to

33
00:02:20,110 --> 00:02:23,770
the lower right corner and we're going to disconnect that network adapter.

34
00:02:24,730 --> 00:02:30,760
Then we're going to reconnect it and then we will try one of our browsers to see if we get a good connection

35
00:02:30,760 --> 00:02:35,810
not to the Internet, let's say Wireshark dot org.

36
00:02:36,370 --> 00:02:41,660
If you don't get a good connection to the Internet there, just reconnect that network adapter and try

37
00:02:41,660 --> 00:02:42,150
it again.

38
00:02:43,060 --> 00:02:47,230
And if you still don't get an Internet connection, we just need to run ACMD.

39
00:02:48,860 --> 00:02:50,570
Can do IP config.

40
00:02:52,710 --> 00:02:58,410
And you can see we've still got a private internal host, only ten point three address, I'm going to

41
00:02:58,410 --> 00:03:02,580
say IP config release.

42
00:03:05,500 --> 00:03:13,690
And then IPE configuring you now that we have a 10 down 099 address, we're public to the Internet,

43
00:03:13,690 --> 00:03:15,460
we should be able to reload this page.

44
00:03:16,760 --> 00:03:24,980
And we're going to download Wireshark from Wireshark, Dot, R.G., come to the download link and we're

45
00:03:24,980 --> 00:03:30,440
running a 64 bit version of Windows, so we're going to download the 64 bit Windows installer.

46
00:03:31,740 --> 00:03:36,450
They should take just a little while to download, and then you'll run the installer to set up Wireshark

47
00:03:36,990 --> 00:03:42,660
and the installer will take you through just a regular couple of next's and agrees when it comes to

48
00:03:42,660 --> 00:03:49,140
the part that asks if you want to install wind cap, yes, you need to install whimp cap that allows

49
00:03:49,140 --> 00:03:52,890
us to do packett capturing on windows hit next.

50
00:03:53,730 --> 00:03:57,930
And you don't need to install USB cap, but if you want to, that's one that you can add as well.

51
00:03:59,570 --> 00:04:05,160
We'll just click next and allow it to install during the installation, you get a pop up like this one

52
00:04:05,180 --> 00:04:07,700
says, Welcome to Whimp Cap installation.

53
00:04:09,590 --> 00:04:12,050
You just want to next and agree your way through.

54
00:04:13,470 --> 00:04:17,610
And it'll automatically start the Wimpey cab driver at boot time install.

55
00:04:18,870 --> 00:04:26,640
And finish when Wireshark finishes installing him next, and we can go ahead and run Wireshark as soon

56
00:04:26,640 --> 00:04:32,700
as it finishes and we are going to take Wireshark off of our public Internet.

57
00:04:32,710 --> 00:04:37,500
Now that we have Wireshark installed, we want to make sure that this machine is not running on our

58
00:04:37,500 --> 00:04:38,400
public network.

59
00:04:38,410 --> 00:04:39,390
Let's switch it back.

60
00:04:41,440 --> 00:04:43,030
So on your network adaptor.

61
00:04:44,010 --> 00:04:48,750
Take it off the NAT network and bring it back to the host, only the box net zero.

62
00:04:50,200 --> 00:04:56,860
Click OK, and then one more change while we're in the network, we can come to advanced for this vaccine

63
00:04:56,860 --> 00:05:02,830
at zero and we're going to turn on what we call promiscuous mode and we're going to allow that for all

64
00:05:02,830 --> 00:05:03,760
the victims.

65
00:05:04,360 --> 00:05:12,340
What this means is we're going to override some of the code that's part of our network adapter card

66
00:05:12,610 --> 00:05:18,490
that keeps that network adapter card from paying attention to traffic that's meant for other computers

67
00:05:18,910 --> 00:05:19,780
by default.

68
00:05:20,230 --> 00:05:27,700
Everything that flows over the network is visible, but on most network cards, promiscuous mode is

69
00:05:27,700 --> 00:05:28,540
turned off.

70
00:05:28,750 --> 00:05:34,000
We're going to allow promiscuous mode for our VMS so that we'll be able to see traffic that's meant

71
00:05:34,000 --> 00:05:36,160
for other victims from one computer.

72
00:05:36,430 --> 00:05:39,970
If you're doing this on a larger network, you can even turn it on for all.

73
00:05:39,970 --> 00:05:44,850
If you are the owner and operator of that network and have explicit permission to do so.

74
00:05:45,340 --> 00:05:52,630
Running Wireshark on a public network or on a shared network or on your work or school network can get

75
00:05:52,630 --> 00:05:54,100
you into a lot of trouble.

76
00:05:54,100 --> 00:05:56,880
So don't do this anywhere that you don't have access.

77
00:05:56,890 --> 00:05:58,840
So we're going to allow just for VMS.

78
00:06:00,260 --> 00:06:07,400
And click OK, then, to be safe, we're going to come back to our command prompt in Windows 10 will

79
00:06:07,400 --> 00:06:08,810
type ACMD.

80
00:06:09,830 --> 00:06:19,100
And we will do an IP config release and an IP config slash renew.

81
00:06:24,260 --> 00:06:31,040
And when that comes back with a ten point 023 address, we know we are on the private internal host

82
00:06:31,040 --> 00:06:35,210
only Network Tendo, not three to six, and we can proceed with the lab.

83
00:06:35,480 --> 00:06:37,130
We'll see how to sniff the password.

84
00:06:37,130 --> 00:06:43,370
Now that we've got a Wireshark set up, we will try to log into a Web page from our Windows seven box

85
00:06:43,370 --> 00:06:45,110
onto the Métis voidable machine.

86
00:06:45,350 --> 00:06:51,260
And this Windows 10 computer off to the side is going to sniff that username and password.

87
00:06:51,500 --> 00:06:52,760
We'll see it in the next lesson.