1
00:00:07,060 --> 00:00:13,210
To make our spearfishing email even more convincing than just using a real notification sent from Facebook

2
00:00:13,210 --> 00:00:17,530
or from your bank or your organization, you're going to need to understand a little bit more about

3
00:00:17,530 --> 00:00:20,380
IP addresses to see what I mean.

4
00:00:20,380 --> 00:00:26,890
Let's open up our Windows VM again, and I'm going to go to Google Chrome and I'm also going to going

5
00:00:26,890 --> 00:00:28,420
to open my command prompt.

6
00:00:28,930 --> 00:00:31,600
Remember, the command prompt is just seemed.

7
00:00:34,060 --> 00:00:39,460
So I'm going to need both Google Chrome and the command prompt open for this, if I go to a familiar

8
00:00:39,460 --> 00:00:48,880
Web site like Google dot com, if I type in Google dot com into my browser, that domain name from our

9
00:00:48,880 --> 00:00:56,410
domain name system or DNS system that runs most of the Internet, that domain name system resolves that

10
00:00:56,410 --> 00:00:59,770
name Google dot com to a Web address.

11
00:00:59,770 --> 00:01:02,650
And that Web address takes us to this Web site.

12
00:01:02,890 --> 00:01:04,960
And we've got a different doodle for today.

13
00:01:04,960 --> 00:01:06,220
The same thing for Facebook.

14
00:01:06,220 --> 00:01:09,310
Dotcom takes me to the Facebook Web page.

15
00:01:09,310 --> 00:01:16,060
So I type in just a name and it takes me to a Web site, which is actually a Web server running at a

16
00:01:16,060 --> 00:01:17,800
specific IP address.

17
00:01:18,070 --> 00:01:21,430
But how can we find out the IP address of that server?

18
00:01:21,730 --> 00:01:29,920
Well, let's come back to our command prompt window and let's use the ping command ping www.youtube.com.

19
00:01:31,540 --> 00:01:33,460
You notice it gives me an address for Google.

20
00:01:33,490 --> 00:01:39,160
There are lots of addresses for Google out on the Internet because they have tons of redundant servers,

21
00:01:39,260 --> 00:01:42,790
seventy four point one twenty five, twenty one point ninety nine is one address.

22
00:01:43,180 --> 00:01:46,600
If I highlight that using my mouse and I have to highlight it.

23
00:01:46,600 --> 00:01:47,260
Exactly.

24
00:01:47,260 --> 00:01:50,050
And Windows 10, I just have to click and then.

25
00:01:50,050 --> 00:01:50,380
Right.

26
00:01:50,380 --> 00:01:51,250
Click to copy it.

27
00:01:51,610 --> 00:01:54,340
Or on other versions of Windows you can right.

28
00:01:54,340 --> 00:01:57,100
Click and mark and then highlight it.

29
00:01:57,100 --> 00:01:58,630
But Windows 10 will let us do this.

30
00:02:00,700 --> 00:02:07,460
If I ping that address and just right click the paste 74 dot, 125 dot twenty one point ninety nine.

31
00:02:07,960 --> 00:02:09,510
Notice it responds as well.

32
00:02:09,520 --> 00:02:11,530
That means I have connectivity out to Google.

33
00:02:11,720 --> 00:02:17,050
If you don't have network connectivity on your Windows 10 bucks, maybe try turning off and turning

34
00:02:17,050 --> 00:02:21,180
on the network interface from the main window.

35
00:02:21,190 --> 00:02:22,840
I'll show that one more time really fast.

36
00:02:24,350 --> 00:02:29,450
Click down here, disconnect your network adaptor, then reconnect it, then try to connect if you're

37
00:02:29,450 --> 00:02:33,440
having trouble and make sure you are on that public net address.

38
00:02:35,890 --> 00:02:44,890
Make sure you're on that public net address tonight at 9:00, dot something, and if I do an IP config,

39
00:02:45,640 --> 00:02:51,850
I can see I'm on the 10.1 95 address right now, so I'm on that tendo at Nine Public Network.

40
00:02:52,270 --> 00:02:57,630
So let's see that ping command again, paying without Google dot com.

41
00:02:58,780 --> 00:03:03,590
And it gave me some address, 74 dot 125 just happens to be what we're using here.

42
00:03:04,390 --> 00:03:09,850
So if I take this seventy four point one twenty five that twenty one point ninety nine or whatever address

43
00:03:09,850 --> 00:03:12,610
you get for Google and switch back to Chrome.

44
00:03:14,160 --> 00:03:16,080
Many people don't know that we can do this.

45
00:03:19,290 --> 00:03:25,950
We can paste that address right here and hit Enter and it takes us to Google as well, we can do the

46
00:03:25,950 --> 00:03:28,020
same thing for Facebook or any other website.

47
00:03:28,510 --> 00:03:30,530
But here's another step there.

48
00:03:30,570 --> 00:03:37,110
I'm going to show you two more ways to change this URL so that it's not immediately apparent that we're

49
00:03:37,110 --> 00:03:39,490
running something from a Calli Linux computer.

50
00:03:40,140 --> 00:03:42,090
Let's say that I were to type.

51
00:03:44,790 --> 00:03:53,670
Let's try this Facebook or B.W., that Facebook dotcom com at.

52
00:03:54,730 --> 00:04:02,470
Google dotcom, you've probably never seen this before, but Facebook dotcom at Google dot com, this

53
00:04:02,470 --> 00:04:08,680
at Simbel is a holdover from the days when we used to do FTP or file transfer protocol and other user

54
00:04:08,680 --> 00:04:10,370
log ins through a browser.

55
00:04:10,840 --> 00:04:15,730
So this will take everything that appears before this, as long as there are no slashes or other illegal

56
00:04:15,730 --> 00:04:16,210
characters.

57
00:04:16,210 --> 00:04:17,420
Dots are OK.

58
00:04:18,160 --> 00:04:24,340
That will take everything before this and use it as a username to try to pass to this Web site, the

59
00:04:24,340 --> 00:04:25,450
site after this.

60
00:04:25,750 --> 00:04:30,880
So I would expect by looking at this just really quickly, it starts with www.youtube.com if you don't

61
00:04:30,880 --> 00:04:34,210
notice the rest, you would expect this to take you to Facebook.

62
00:04:34,870 --> 00:04:44,080
But if you put HTP colon slash slash before this address, notice that it grais out the first half because

63
00:04:44,080 --> 00:04:48,040
it tries to see that as a username at Google dot com.

64
00:04:48,040 --> 00:04:49,090
Watch what's going to happen.

65
00:04:50,170 --> 00:04:52,430
It's going to load Google, not Facebook.

66
00:04:52,930 --> 00:04:56,200
Well, the same is true here if I go to Facebook.

67
00:04:58,330 --> 00:05:04,030
And if I say htp, colon, slash, slash, Twitter, Facebook dot com.

68
00:05:06,300 --> 00:05:13,500
You have to type this exactly at and use that IP address for Google paste seventy four point one twenty

69
00:05:13,500 --> 00:05:15,390
five point twenty one point ninety nine.

70
00:05:16,110 --> 00:05:20,310
Now, this looks like it really is a Facebook dotcom Web site, right?

71
00:05:20,310 --> 00:05:25,630
HTP colon slash slash w w w dot Facebook dot com at.

72
00:05:25,650 --> 00:05:26,700
And then some numbers.

73
00:05:26,700 --> 00:05:32,010
Most people don't realize that that will take you to wherever this address goes.

74
00:05:33,290 --> 00:05:34,760
And that took us to Google.

75
00:05:35,210 --> 00:05:41,090
Well, it could just as easily take us to our ten point nine four address, but let's get even trickier.

76
00:05:42,000 --> 00:05:50,220
We can convert this number to a different type of number, to an integer to one single number, instead

77
00:05:50,220 --> 00:05:57,180
of the four numbers separated by dots that we normally see as an IP address, we can change this so

78
00:05:57,180 --> 00:06:01,260
that it is one single long integer, one single number.

79
00:06:01,570 --> 00:06:02,890
Let's see how that works.

80
00:06:02,940 --> 00:06:05,830
First of all, make sure that you get to Google from that address.

81
00:06:05,850 --> 00:06:06,240
Good.

82
00:06:07,250 --> 00:06:19,160
We're going to look for an IP address to integer convertor IP address to integer converter, and you

83
00:06:19,160 --> 00:06:21,430
can pick any of the results that come up on Google.

84
00:06:21,440 --> 00:06:23,520
You can do this by hand yourself as well.

85
00:06:23,540 --> 00:06:25,040
I'll show you how.

86
00:06:25,490 --> 00:06:33,230
But I just happened to pick IP, address guy dotcom slash IP and I'm going to enter that Google address

87
00:06:33,230 --> 00:06:37,730
that I got seventy four point one twenty five twenty one point ninety nine and click convert.

88
00:06:38,270 --> 00:06:42,500
And it tells me that that IP address seventy four point one twenty five to twenty one point ninety nine

89
00:06:42,500 --> 00:06:44,630
is equal to this integer.

90
00:06:45,760 --> 00:06:52,780
Well, this number is just this number, 74 times, 256 plus this number one hundred twenty five.

91
00:06:53,020 --> 00:06:59,110
Multiply that hole number by two hundred fifty six, then add twenty one, multiply that new result

92
00:06:59,110 --> 00:07:01,710
by two hundred fifty six, then add ninety nine.

93
00:07:02,020 --> 00:07:04,630
You can try it on your calculator, you'll get the same result.

94
00:07:04,630 --> 00:07:07,960
Will copy this address or this number.

95
00:07:08,530 --> 00:07:13,450
And now here's the magic type in http colon slash slash.

96
00:07:16,060 --> 00:07:17,230
And that number.

97
00:07:19,640 --> 00:07:25,820
One, two, one two four nine seven one one four five nine in this case was, what, seventy four point

98
00:07:25,820 --> 00:07:31,010
one twenty five twenty one point ninety nine converted to as an integer just by doing that math and

99
00:07:31,010 --> 00:07:32,540
hit enter.

100
00:07:34,400 --> 00:07:44,220
Notice it converted it really quickly to a four component dotted IP address and then took us to Google.

101
00:07:44,570 --> 00:07:47,240
We're going to make use of that in our spearfishing email.

102
00:07:47,420 --> 00:07:52,290
We'll see how to change our URL so that it looks exactly like it's taking us to WWOR.

103
00:07:52,460 --> 00:07:54,230
Facebook, dotcom fact.

104
00:07:54,230 --> 00:07:55,980
Let's test it here really fast.

105
00:07:56,090 --> 00:07:58,130
W Facebook dot com.

106
00:07:59,080 --> 00:08:02,680
At and that integer Paiste.

107
00:08:04,380 --> 00:08:12,300
Just remember to hit HTP Collins before it, and this will not take us to Facebook dotcom, it will

108
00:08:12,300 --> 00:08:19,350
take us to Google dot com, we're going to see how to redirect that to our Calli Linux IP address in

109
00:08:19,350 --> 00:08:20,040
the next lesson.