1
00:00:04,060 --> 00:00:07,180
Congratulations on everything that you've gotten going so far.

2
00:00:07,630 --> 00:00:14,260
If you've made it this far successfully, you've already got a virtual ethical hacking lab that has

3
00:00:14,320 --> 00:00:20,500
a Caleigh Linux virtual machine and a Windows 10 virtual machine, which will be more than most people

4
00:00:20,560 --> 00:00:22,360
ever get a chance to put their hands on.

5
00:00:22,660 --> 00:00:24,100
So great work getting this far.

6
00:00:24,640 --> 00:00:29,470
I'm also going to show you how to do two additional virtual machines in this lesson and the next one.

7
00:00:29,980 --> 00:00:35,260
Now, if you are on a very slow download speed at home or if you just want to get into doing some of

8
00:00:35,260 --> 00:00:40,870
the ethical hacking and Caleigh in windows, you can wait to download and install these last two virtual

9
00:00:40,870 --> 00:00:42,460
machines until a little later.

10
00:00:42,790 --> 00:00:45,280
But we're going to do an Android virtual machine.

11
00:00:45,280 --> 00:00:50,980
A lot of attacks these days are coming on mobile devices, your phone, your tablet and other Internet

12
00:00:50,980 --> 00:00:52,000
of Things devices.

13
00:00:52,390 --> 00:00:57,970
And then Metis Floatable two is a Web server that we're going to learn how to attack and then how to

14
00:00:57,970 --> 00:00:58,540
defend.

15
00:00:59,080 --> 00:01:03,280
So let's get started with the Android virtual machine.

16
00:01:03,880 --> 00:01:08,550
The great thing about Android VIMS is that there's a Web site called OS Boxes.

17
00:01:08,590 --> 00:01:15,280
If you've never used OS boxes before, their terrific Web site for virtual machine images of dozens

18
00:01:15,280 --> 00:01:18,730
of different kinds of free and open source platforms.

19
00:01:19,090 --> 00:01:24,760
And one of those is the Android XIV six platform so that you can run an Android tablet or phone right

20
00:01:24,790 --> 00:01:27,190
on your computer in a virtual machine.

21
00:01:27,640 --> 00:01:33,010
So we're going to go to OS boxes, dot org slash Android dash x 86.

22
00:01:34,450 --> 00:01:39,290
And once you get OS boxes, you find that there are some Android virtual machines.

23
00:01:40,930 --> 00:01:47,830
And you can scroll down just a little bit that you will find several versions of Android dating all

24
00:01:47,830 --> 00:01:56,650
the way back to some of the very early Android, one Android two, four, five, six, seven, eight,

25
00:01:57,040 --> 00:02:01,330
and even some of the latest Android version nine.

26
00:02:02,470 --> 00:02:05,410
We were using ORIO just a year or two ago.

27
00:02:05,800 --> 00:02:09,400
Now we're using PI, so we're already to the PE's.

28
00:02:09,400 --> 00:02:14,350
We'll see what comes next with Q and R and and so on down the alphabet.

29
00:02:14,800 --> 00:02:22,150
But if you come down to any of the flavors from Orio forward, I've had some really good success using

30
00:02:22,420 --> 00:02:29,170
the Android Oreo distributions eight, not one, and later for ethical hacking to teach my students.

31
00:02:29,680 --> 00:02:31,870
But I'm going to try something a little newer.

32
00:02:32,050 --> 00:02:38,830
We're gonna go to the first release of Android X eighty six nine point o pi and you'll find the virtual

33
00:02:38,830 --> 00:02:44,290
box download and click the download button for the 64 bit virtual box.

34
00:02:44,320 --> 00:02:45,280
Virtual machine.

35
00:02:46,790 --> 00:02:51,050
You'll notice this takes you to SourceForge and it will start a download.

36
00:02:51,620 --> 00:02:53,810
It'll take just a few moments for that to download.

37
00:02:54,190 --> 00:02:56,810
You'll notice it's giving us a seven zip file.

38
00:02:57,200 --> 00:03:02,600
While this virtual machine is pretty much ready to go, it still has a few pieces that we have to take

39
00:03:02,600 --> 00:03:03,650
care of ourselves.

40
00:03:04,280 --> 00:03:07,850
So we'll go into our downloads folder as soon as that finishes.

41
00:03:09,330 --> 00:03:09,690
All right.

42
00:03:09,720 --> 00:03:14,460
When the download completes, you should have an Android 64 bit.

43
00:03:14,580 --> 00:03:21,750
And whichever version of Android device you chose with a seven zip extension, that means we'll need

44
00:03:21,750 --> 00:03:24,360
another application to unzip that.

45
00:03:24,450 --> 00:03:30,030
If you're on a Windows computer, you can just go to two seven zip dawg, or you can do a search for

46
00:03:30,030 --> 00:03:30,870
seven zip.

47
00:03:32,840 --> 00:03:37,420
And you'll find seven zip dot org, it's a free download, just like everything else that we're using.

48
00:03:37,960 --> 00:03:43,900
But if you're on your Mac, you've already got an application that will unzip that archive.

49
00:03:44,290 --> 00:03:49,930
We're going to open it with the UN archives are the same thing that we use to expand that huge Windows

50
00:03:49,990 --> 00:03:50,890
virtual machine.

51
00:03:51,520 --> 00:03:58,060
So once you an archive or once you extract with seven zip, all you have to do is open up the 64 bit

52
00:03:58,060 --> 00:03:58,600
folder.

53
00:03:59,880 --> 00:04:07,500
Inside that 64 bit of folder, you'll notice that we don't have an OVA, a an open virtualization archive

54
00:04:07,500 --> 00:04:09,540
or an open virtual appliance file.

55
00:04:09,960 --> 00:04:11,400
We have a VDI.

56
00:04:11,450 --> 00:04:13,680
That's the virtual disk infrastructure.

57
00:04:14,280 --> 00:04:20,610
What we're going to do is attach this machine to a new virtual box VM.

58
00:04:21,090 --> 00:04:26,340
So this is not as ready made as our Caleigh and Windows virtual machines, but it's just one or two

59
00:04:26,340 --> 00:04:27,180
more steps.

60
00:04:27,540 --> 00:04:29,820
So we're going to go through that process right now.

61
00:04:30,060 --> 00:04:35,580
We're going to create a new virtual machine that will use this Android disk file.

62
00:04:35,610 --> 00:04:41,850
So this is like the virtual disk or the the flash memory inside your Android phone or tablet.

63
00:04:42,330 --> 00:04:45,420
So we're going to start a new virtual box machine.

64
00:04:45,420 --> 00:04:47,340
We'll call this Android nine DRDO.

65
00:04:52,110 --> 00:04:57,600
And we'll change the type to Linux and we'll just change it to other 64 bit Linux.

66
00:04:57,630 --> 00:04:58,860
That should work just fine.

67
00:05:00,620 --> 00:05:06,260
So we're creating a new virtual machine that will house our virtual Android phone or tablet.

68
00:05:07,320 --> 00:05:12,180
We're going to give it about two gigs of RAM, the same as our Kelly Box.

69
00:05:14,760 --> 00:05:18,450
And we're going to use an existing virtual hard disk.

70
00:05:18,810 --> 00:05:24,660
That existing disk is this Android X 86 virtual disk infrastructure file.

71
00:05:25,110 --> 00:05:29,000
So we're going to use an existing disk create.

72
00:05:29,110 --> 00:05:29,230
OK.

73
00:05:29,700 --> 00:05:31,080
First, we need to find that disk.

74
00:05:31,590 --> 00:05:34,530
So we're going to choose that virtual hard disk file.

75
00:05:35,160 --> 00:05:38,370
And we just need to go to wherever we downloaded this folder.

76
00:05:38,550 --> 00:05:39,870
So we'll click add.

77
00:05:43,250 --> 00:05:48,640
And I've downloaded mine to an external disk because we're downloading a whole lot of big files and

78
00:05:48,640 --> 00:05:50,420
I'll find that 64 bit folder.

79
00:05:50,510 --> 00:05:52,760
And there's my Vehbi I file.

80
00:05:53,300 --> 00:05:54,650
All I have to do is click open.

81
00:05:56,090 --> 00:06:00,860
And now I've got that available in my list of disk drives and I can choose it.

82
00:06:02,220 --> 00:06:07,020
And now I have a hard disk for my Android 686 nine DRDO.

83
00:06:08,600 --> 00:06:12,890
And that is almost enough to get our virtual Android device up and running.

84
00:06:12,920 --> 00:06:19,100
But we need to make one additional change for any of the Android eight DRDO and newer virtual machines.

85
00:06:19,400 --> 00:06:21,710
We need to change the graphics controller.

86
00:06:22,130 --> 00:06:28,910
If you ever start an Android device from a virtual box and you see that there is just a black screen

87
00:06:28,910 --> 00:06:36,730
or a console log in a terminal prompt, you're probably you're probably suffering from the same errors.

88
00:06:36,800 --> 00:06:41,840
A lot of my students and you have the graphics controller sent to the wrong adapter.

89
00:06:42,320 --> 00:06:46,790
So we're going to use the V box s v g a graphics controller.

90
00:06:46,790 --> 00:06:48,050
I got there by clicking here.

91
00:06:48,050 --> 00:06:56,120
You can also double click on the display and just change this to V box s BGA instead of the V MSBA.

92
00:06:57,060 --> 00:06:57,320
Press.

93
00:06:57,390 --> 00:06:57,910
OK.

94
00:06:58,820 --> 00:07:00,640
And it may say in ballad settings, Detective.

95
00:07:00,680 --> 00:07:01,260
But that's OK.

96
00:07:01,310 --> 00:07:02,750
It's still gonna work just fine.

97
00:07:03,380 --> 00:07:04,580
So we will start.

98
00:07:06,070 --> 00:07:10,960
And just like we did with our other virtual machines, it's a good idea to change the view on the virtual

99
00:07:10,960 --> 00:07:13,290
screen to 200 percent.

100
00:07:13,450 --> 00:07:15,670
And you'll see it is getting to a console screen.

101
00:07:16,180 --> 00:07:21,490
But this should boot up into a really nice Android display.

102
00:07:22,270 --> 00:07:22,930
There we go.

103
00:07:24,030 --> 00:07:28,460
And it'll take a few moments for Android to boot up the first time, but once it gets up and running,

104
00:07:28,460 --> 00:07:32,480
we'll be able to see a real Android phone or tablet operating system.

105
00:07:32,780 --> 00:07:36,140
The nine DRDO release one is a tablet operating system.

106
00:07:36,140 --> 00:07:40,970
So you can see that it's already got our virtual desktop in front of us.

107
00:07:41,330 --> 00:07:43,100
Your machine may be a little bit slower.

108
00:07:43,220 --> 00:07:43,790
That's OK.

109
00:07:43,850 --> 00:07:47,150
We're running a virtual machine inside your computer.

110
00:07:47,570 --> 00:07:51,260
So sometimes it takes a little extra time to get everything loaded.

111
00:07:51,590 --> 00:07:56,270
The first time you run your Android virtual machine, you'll notice it's going to do a lot of settings.

112
00:07:56,270 --> 00:08:00,320
It'll go out to the Internet and connect and get some additional information.

113
00:08:00,650 --> 00:08:05,380
But you've got the same types of applications that you would expect just on a regular Android device.

114
00:08:05,390 --> 00:08:12,110
You can open up your contacts, you can open up the Google Play store and don't put any of your actual

115
00:08:12,110 --> 00:08:19,460
Google account information in to this device because it is not your real phone and you don't want to

116
00:08:19,460 --> 00:08:23,540
leave any information in here that could be taken advantage of by someone else.

117
00:08:24,110 --> 00:08:27,380
But you will see you've got your home button down at the bottom.

118
00:08:27,830 --> 00:08:34,790
You've got I you can see the square button will show you all your active applications and you can get

119
00:08:34,790 --> 00:08:38,270
rid of those so you can get rid of all of the apps that are running.

120
00:08:38,810 --> 00:08:40,310
And we've got g mail.

121
00:08:40,310 --> 00:08:46,850
And if you say push up from the middle, click and drag up, you'll be able to see a number of apps

122
00:08:46,910 --> 00:08:50,180
already installed and working on your phone.

123
00:08:50,620 --> 00:08:54,560
And you won't be able to make phone calls from this virtual Android device, of course, because it

124
00:08:54,560 --> 00:08:55,790
doesn't have a SIM card.

125
00:08:56,210 --> 00:08:59,330
That's the little card that lets you connect to telephone networks.

126
00:08:59,600 --> 00:09:05,930
But it will let us do just about everything else, including G mail, YouTube, using the Web browser

127
00:09:06,230 --> 00:09:10,240
and and connecting and testing different applications app.

128
00:09:10,790 --> 00:09:16,040
So once you've got this machine up and running, if you ever need to leave the virtual machine, you

129
00:09:16,040 --> 00:09:23,570
can press your right control button on a P.C. or your left command button on a Mac.

130
00:09:25,020 --> 00:09:28,650
Know that'll get you outside this window if you ever get stuck inside there.

131
00:09:28,920 --> 00:09:34,410
And if you ever have any mouse trouble in an Android device, an Android virtual device, you can turn

132
00:09:34,410 --> 00:09:41,190
off mouse integration on a Windows box that'll be in the menu bar at the top of the virtual machine.

133
00:09:41,610 --> 00:09:46,020
You just click input and turn off mouse integration on a Mac.

134
00:09:46,140 --> 00:09:49,720
It will be at the top of your screen input.

135
00:09:49,890 --> 00:09:53,490
And just check mouse integration that will turn off the regular mouse.

136
00:09:53,520 --> 00:09:58,200
And then you have a little bit slower mouse inside the application to get back out.

137
00:09:58,260 --> 00:09:59,700
Again, we can use that.

138
00:10:00,870 --> 00:10:02,580
Left or right?

139
00:10:02,820 --> 00:10:10,770
Control key on Windows device or the lift command key on a MAC to get back out of that window.

140
00:10:10,890 --> 00:10:12,810
And then we'll turn on mouse integration again.

141
00:10:12,810 --> 00:10:16,460
It seems to be working just fine on the Android version nine DRDO.

142
00:10:17,580 --> 00:10:22,770
So once you've got your Android nine Dotto device, we can hit the back button here.

143
00:10:24,380 --> 00:10:24,920
There we go.

144
00:10:25,100 --> 00:10:27,860
And we got our lock screen, we got everything just like we like it.

145
00:10:28,640 --> 00:10:35,660
We will give this a run in a later section and we'll actually learn how attacker's getting to your virtue.

146
00:10:35,780 --> 00:10:41,660
Get into your cell phone and your tablet by safely practicing in this virtual machine.