1 00:00:00,150 --> 00:00:04,530 Now, based on the feedback that I've received, I'm going to show you some additional Python scripts 2 00:00:04,530 --> 00:00:10,740 and show you how you can leverage Pi shark to capture usernames and passwords automatically off the 3 00:00:10,740 --> 00:00:11,340 wire. 4 00:00:11,820 --> 00:00:19,410 In this example, I've got an OSPF script, I've got an FTP script and I've got a Telnet script. 5 00:00:19,590 --> 00:00:26,130 These are Python scripts, so I'll show you in a moment how you can use both. 6 00:00:26,130 --> 00:00:36,180 PY shock which leverages t shock to capture traffic off the wire in real time and then look for something 7 00:00:36,180 --> 00:00:41,550 in that CAPTCHA such as OSPF and then print something. 8 00:00:41,550 --> 00:00:44,130 Now I've expanded my genie three topology slightly. 9 00:00:44,130 --> 00:00:49,560 I've still got my Ubuntu client, which is connected in this example to a Cisco switch, which in turn 10 00:00:49,590 --> 00:00:52,920 is connected to an ether switch which is connected to the internet. 11 00:00:53,640 --> 00:01:00,660 I've got an ubuntu to PC and I've got a Toolbox PC running here. 12 00:01:01,110 --> 00:01:06,870 What I have done on the Cisco switch is enable port span or mirroring. 13 00:01:07,440 --> 00:01:10,980 So on the Ethernet switch show run. 14 00:01:12,740 --> 00:01:15,140 If I scroll down all the way to the bottom. 15 00:01:18,550 --> 00:01:20,710 Notice I've got these monitor sessions. 16 00:01:20,740 --> 00:01:24,250 I am monitoring traffic from this source interface. 17 00:01:24,250 --> 00:01:30,790 Gigabit is zero one and I'm copying that to interface gigabit is zero zero. 18 00:01:30,790 --> 00:01:36,910 So all traffic that's been received on gigabit zero one, this interface to the broader is going to 19 00:01:36,910 --> 00:01:38,650 be copied to this interface. 20 00:01:38,740 --> 00:01:44,950 In other words, to my ubuntu client where I'm running t shock and py shock. 21 00:01:44,950 --> 00:01:45,970 So again. 22 00:01:47,150 --> 00:01:50,570 Source interface gigabit zero one destination interface gigabit. 23 00:01:50,600 --> 00:01:51,590 Zero zero. 24 00:01:51,980 --> 00:01:59,310 I've got this toolbox server, it's running an FTP server, TFTP server, web server and so forth. 25 00:01:59,330 --> 00:02:04,100 What I'll do is an example is copy the config of the router to the toolbox server. 26 00:02:04,100 --> 00:02:13,250 Using FTP and using this FTP script, I should be able to see the username and the password dynamically 27 00:02:13,250 --> 00:02:15,200 captured using py shock. 28 00:02:15,860 --> 00:02:16,070 Okay. 29 00:02:16,070 --> 00:02:21,410 Now in previous videos I've shown you how to install py shock, but I'll demonstrate it again here. 30 00:02:21,440 --> 00:02:27,680 If you're happy with the installation of RT shock and PY shock, then skip the rest of this video and 31 00:02:27,680 --> 00:02:32,090 go to the next video where I'll show you the first script, which is OSPF. 32 00:02:33,440 --> 00:02:33,680 Okay. 33 00:02:33,680 --> 00:02:38,560 So only continue watching if you want to see how to install this engine is three. 34 00:02:38,570 --> 00:02:44,660 There is a problem downloading traffic from the internet through a Cisco switch. 35 00:02:44,840 --> 00:02:52,700 So I'm going to get this ubuntu client to connect to the internet directly via the ether switch. 36 00:02:52,820 --> 00:02:55,820 That's just so that I can install the software. 37 00:02:56,360 --> 00:03:01,340 So on the ubuntu client IP config shows me my IP address. 38 00:03:02,090 --> 00:03:09,660 First thing I'll do per my sort of list of scripts is app get updates. 39 00:03:09,800 --> 00:03:11,720 Update Ubuntu references. 40 00:03:15,110 --> 00:03:15,350 Okay. 41 00:03:15,350 --> 00:03:16,400 So that's done. 42 00:03:17,110 --> 00:03:19,930 Next thing to do is to install t shock. 43 00:03:19,930 --> 00:03:22,390 PY shock a leverages t shock. 44 00:03:22,780 --> 00:03:30,050 It basically is a wrapper for t shock so you can get it to do anything that t shock does. 45 00:03:30,070 --> 00:03:34,600 So through a python script you can manipulate stuff in t shock. 46 00:03:34,630 --> 00:03:40,810 You can extract information from t shock in the same way as if you were using it manually. 47 00:03:40,810 --> 00:03:42,730 But we're doing that through Python. 48 00:03:43,930 --> 00:03:44,170 Okay. 49 00:03:44,170 --> 00:03:47,170 The next thing I'll do is install python three pip. 50 00:03:47,680 --> 00:03:53,020 So app get install python three pip install that. 51 00:03:55,780 --> 00:03:57,970 That actually installed Python at the same time. 52 00:03:57,970 --> 00:04:05,560 So Python three will be installed as well and then I'll install PI Shark using pup three. 53 00:04:06,280 --> 00:04:16,060 So basically you could just copy these commands onto an ubuntu host and install the software yourself. 54 00:04:16,630 --> 00:04:21,790 I have shown you how to do this previously, but I just want to show you the full process of how to 55 00:04:21,790 --> 00:04:23,080 get this set up. 56 00:04:24,230 --> 00:04:25,330 Okay, that's done. 57 00:04:26,080 --> 00:04:29,200 So the last step is pup install py shock. 58 00:04:30,520 --> 00:04:30,770 Okay. 59 00:04:30,790 --> 00:04:31,880 And that's done as well. 60 00:04:31,900 --> 00:04:37,060 So Python three, that works t shock. 61 00:04:38,620 --> 00:04:41,330 Hopefully we'll see some captures. 62 00:04:41,350 --> 00:04:42,280 There you go. 63 00:04:42,310 --> 00:04:43,240 So. 64 00:04:44,630 --> 00:04:46,310 T shock is now installed. 65 00:04:46,310 --> 00:04:47,720 PY shock is installed. 66 00:04:47,720 --> 00:04:50,210 So going to delete that link and connect. 67 00:04:51,540 --> 00:04:58,470 The PC directly to gigabit is zero zero on the switch because port mirroring is happening from this 68 00:04:58,470 --> 00:05:00,390 interface to this interface. 69 00:05:01,380 --> 00:05:07,980 So let's go back to the Ubuntu client and make sure that it's seeing the traffic, so to speak. 70 00:05:10,710 --> 00:05:12,540 Are we seeing any packets? 71 00:05:12,570 --> 00:05:13,120 Yes, we are. 72 00:05:13,140 --> 00:05:15,060 There's an OSPF packet as an example. 73 00:05:15,060 --> 00:05:19,740 There's copy and on the router as an example. 74 00:05:20,070 --> 00:05:23,490 If I pinged 12168 120 2254. 75 00:05:23,520 --> 00:05:26,250 That's the net cloud we should see ICMP traffic. 76 00:05:27,620 --> 00:05:30,110 Assuming that that's working properly. 77 00:05:30,900 --> 00:05:31,760 We don't see that. 78 00:05:31,770 --> 00:05:33,030 Let's do a. 79 00:05:34,910 --> 00:05:39,020 Let's do a ping to two, five, five. 80 00:05:40,270 --> 00:05:41,920 Seeming that I'm doing it right here. 81 00:05:41,920 --> 00:05:46,360 You can see the broadcast traffic so that ICMP traffic is being sent. 82 00:05:47,130 --> 00:05:48,270 So that's great. 83 00:05:50,240 --> 00:05:56,420 What I'll do is I'll lost test is ping from the toolbox to the router and make sure that that is seen 84 00:05:56,570 --> 00:06:00,350 by the TX shock application. 85 00:06:00,350 --> 00:06:02,420 So the router has got this IP address. 86 00:06:03,140 --> 00:06:09,380 I'm going to well let's do it from the boom host from a boom to two so on a boon to to I should be able 87 00:06:09,380 --> 00:06:18,290 to ping 192168 122 and the IP address of the router which is 82. 88 00:06:20,060 --> 00:06:21,500 So the ping succeeds. 89 00:06:21,500 --> 00:06:24,140 And on ubuntu one we should see. 90 00:06:27,020 --> 00:06:28,280 Those ICMP packets. 91 00:06:28,280 --> 00:06:29,030 And there you go. 92 00:06:29,060 --> 00:06:31,490 Notice I can see the ICMP messages. 93 00:06:31,760 --> 00:06:33,500 So that works great. 94 00:06:33,950 --> 00:06:39,620 Okay, so in the next video, I'll show you how to use these Python scripts to capture traffic.