1
00:00:00,150 --> 00:00:02,500
Hello everybody and welcome back.

2
00:00:02,500 --> 00:00:08,490
And let me show you in this tutorial how you can perform a powerful attack using the B framework.

3
00:00:08,580 --> 00:00:11,340
And the man in the middle attack framework.

4
00:00:11,340 --> 00:00:15,740
Now B framework is basically a tool used for Browser Exploitation.

5
00:00:15,780 --> 00:00:17,610
It can be right here.

6
00:00:17,890 --> 00:00:23,880
The simple use of that attack or the practical matter of that attack is basically hooking other people

7
00:00:23,880 --> 00:00:29,580
or hooking other browsers to connect to the page which is running the code for the redirection to the

8
00:00:29,780 --> 00:00:38,760
DOT JavaScript file which then basically creates a zone on a zombie army of all the battle of the machines

9
00:00:38,760 --> 00:00:41,360
that are currently connect on the local net local network.

10
00:00:41,400 --> 00:00:47,160
And if there are some browsers on those machines that are outdated you can perform various types of

11
00:00:47,160 --> 00:00:50,170
attacks on them and actually exploit them.

12
00:00:50,160 --> 00:00:57,000
Now in order for you to run beef you need to first open up your terminal.

13
00:00:57,000 --> 00:01:00,570
You can run it through a terminal all through the applications right here.

14
00:01:00,570 --> 00:01:03,180
I believe it is anything spoofing.

15
00:01:03,180 --> 00:01:03,530
OK.

16
00:01:03,540 --> 00:01:06,990
It is not there exploitation here in exploitation tools.

17
00:01:06,990 --> 00:01:09,960
Here it is beef access as framework.

18
00:01:09,960 --> 00:01:12,240
I will run it from the command.

19
00:01:12,240 --> 00:01:22,060
Also just type your beef minus access and run it and what you want to do from here is basically copy

20
00:01:22,060 --> 00:01:26,760
this script right here and put it into your Apache website.

21
00:01:26,770 --> 00:01:29,080
Now I will show you the entire process right here.

22
00:01:29,140 --> 00:01:30,930
Let me just open up the beef.

23
00:01:31,270 --> 00:01:36,610
So this opened automatically and the username and password for this page are both beef.

24
00:01:36,610 --> 00:01:42,910
So just type your beef and then beef once again click on the log in right here and you will be prompted

25
00:01:42,910 --> 00:01:44,460
with page looking like this.

26
00:01:44,470 --> 00:01:47,270
Here you have online browsers and off site browsers.

27
00:01:47,440 --> 00:01:53,410
You can read this if you want to basically teach us something about the new users.

28
00:01:53,410 --> 00:02:00,810
You can read if you are not familiar with the beef since we didn't cover it before but right now what

29
00:02:00,810 --> 00:02:08,440
I want to show you is what you need to do in order to hook other people for this type of attack.

30
00:02:08,440 --> 00:02:12,790
So you need to let me just zone zoom in so see it better.

31
00:02:12,790 --> 00:02:18,070
There is this thing called the hook but you want to do is this.

32
00:02:18,070 --> 00:02:24,940
So you want to create a simple HDMI file or any fake page or basically anything you want which is an

33
00:02:24,970 --> 00:02:31,930
HDMI file and put it on to your Apache to Web site on your calendar next machine or on other machine

34
00:02:31,930 --> 00:02:34,380
that you run.

35
00:02:34,440 --> 00:02:42,820
What you want to do is include this script which is javascript code into that HDMI all code on your

36
00:02:42,820 --> 00:02:43,910
Apache too.

37
00:02:43,960 --> 00:02:50,500
And every time someone opens your Apache web server or web site and through their Google browser or

38
00:02:50,620 --> 00:02:58,540
search bar or anywhere else they will be running this javascript code which will be law and which will

39
00:02:58,630 --> 00:03:03,820
allow us to actually exploit them if their browser is out dated.

40
00:03:03,820 --> 00:03:09,250
We will see them in our PIF framework on that page that we logged in previously.

41
00:03:09,250 --> 00:03:11,790
So let me just show you how you can do that.

42
00:03:11,800 --> 00:03:21,630
So as I said before your Apache tool folder is in var w w w and then age the amount.

43
00:03:21,880 --> 00:03:27,910
Here you have files basically files that will display on the page.

44
00:03:27,930 --> 00:03:30,560
Once someone types in your IP address.

45
00:03:30,600 --> 00:03:39,420
Now for this attack I will use the Apache tool on my laptop but I will show you how you can create the

46
00:03:39,780 --> 00:03:43,410
the attack with Apache too on your calendar machine.

47
00:03:43,410 --> 00:03:52,140
So here we have the 1.0 HCM Al file which I actually want to delete for now on and what I want to do

48
00:03:52,200 --> 00:03:53,150
is Nano.

49
00:03:53,490 --> 00:03:58,440
So we will create a new HDMI file including the script code.

50
00:03:58,440 --> 00:04:02,580
So now no script not notice them out.

51
00:04:02,580 --> 00:04:04,490
Now you can call it anything you want.

52
00:04:04,770 --> 00:04:10,890
It doesn't matter or actually it does matter you need to call it indexed not HDMI.

53
00:04:10,900 --> 00:04:15,130
So let me just rename it so index to teach the AML as I said before.

54
00:04:15,650 --> 00:04:21,310
If you're it's the email file on your Web Apache to server is it called into is the email.

55
00:04:21,320 --> 00:04:23,240
It will not display it.

56
00:04:23,240 --> 00:04:26,960
So call it index not h the email save file under different name yes.

57
00:04:26,960 --> 00:04:35,090
And now we can write to the file so we will create the most simple the most simple version of the of

58
00:04:35,090 --> 00:04:41,480
the email file so just follow what I type right here.

59
00:04:41,780 --> 00:04:44,000
It doesn't matter if you do not understand it.

60
00:04:44,030 --> 00:04:50,450
You can basically just copy any page and type add the same thing which I will show you in just a second.

61
00:04:50,780 --> 00:04:56,880
I will just type a small code right here.

62
00:04:57,950 --> 00:05:08,630
Here we can add a title which will be test now for those of you that actually know the age the amount

63
00:05:08,630 --> 00:05:11,510
is will be very simple for you.

64
00:05:11,570 --> 00:05:12,970
For those of you who don't.

65
00:05:12,980 --> 00:05:16,780
You will also understand it it's really not that hard to understand.

66
00:05:16,880 --> 00:05:21,010
We just created the body tag and the head stack and these.

67
00:05:21,020 --> 00:05:27,000
Each one represents the header which we will display on our page and let's say it says just hello.

68
00:05:27,230 --> 00:05:30,330
We closed the header with the h1 tag and the slash.

69
00:05:30,980 --> 00:05:33,580
And then we close the body header.

70
00:05:33,760 --> 00:05:34,090
Yeah.

71
00:05:34,130 --> 00:05:35,450
The body art.

72
00:05:35,570 --> 00:05:38,470
We all send the HDMI out part.

73
00:05:38,480 --> 00:05:39,640
Now let us say this.

74
00:05:39,650 --> 00:05:43,300
Control oh and then control X to exit.

75
00:05:43,340 --> 00:05:45,610
Now we still didn't have the hook.

76
00:05:45,630 --> 00:05:46,820
But let me just show you

77
00:05:49,870 --> 00:05:53,270
or let me actually at the hook first so you can see it.

78
00:05:53,910 --> 00:05:55,510
We not need to nano.

79
00:05:55,660 --> 00:05:58,950
He will need to manually intercept CML.

80
00:05:58,980 --> 00:06:07,770
And what you want to do is at the hook that you copied from the from the beef framework so that JavaScript

81
00:06:07,770 --> 00:06:08,200
code.

82
00:06:08,220 --> 00:06:11,810
Now it is the same for everyone where you want to add.

83
00:06:11,820 --> 00:06:13,740
You want to add it to the hash tag.

84
00:06:13,770 --> 00:06:19,110
So somewhere between this part right here and somewhere between this part right here.

85
00:06:19,110 --> 00:06:27,570
So let us set it right below the title so we can actually edit above the title so just type your script.

86
00:06:27,570 --> 00:06:34,770
Now this script right here is referring to the our script code and this C R C right here is basically

87
00:06:34,770 --> 00:06:35,190
source.

88
00:06:35,190 --> 00:06:40,770
So what this page will do is it for the source the script to the IP address that you specified toward

89
00:06:40,890 --> 00:06:44,670
the folder that we specified to and it will run that script that it finds there.

90
00:06:45,060 --> 00:06:47,460
Now my script is located on my

91
00:06:50,380 --> 00:06:53,110
basically on on your own IP address.

92
00:06:53,140 --> 00:07:00,790
So what you want to do is basically just check out your IP address first which you can do simply with

93
00:07:00,790 --> 00:07:03,190
the config.

94
00:07:03,220 --> 00:07:08,800
So what you want to do I have config my IP address is one I did two that once said that one but seven.

95
00:07:08,810 --> 00:07:12,270
So what you specify right here is equal then.

96
00:07:12,770 --> 00:07:17,630
Double quotes and then age TTP to dot slash slash.

97
00:07:17,630 --> 00:07:25,220
And then your IP address once you state that one that's seven and then you again specify two dots and

98
00:07:25,220 --> 00:07:29,120
then you specify the port which is always three thousand.

99
00:07:29,120 --> 00:07:34,910
It should be three thousand by default if it is not you can change the configuration file but it should

100
00:07:34,910 --> 00:07:36,760
be three thousand for you.

101
00:07:36,980 --> 00:07:44,790
And after that you specify slash and then hook dot J S which stands for JavaScript file.

102
00:07:44,840 --> 00:07:46,730
So this is the following.

103
00:07:46,730 --> 00:07:47,610
Let me just.

104
00:07:48,890 --> 00:07:52,230
Why is it OK.

105
00:07:52,260 --> 00:07:53,600
So this is the following.

106
00:07:53,840 --> 00:08:03,630
And what you want to do right after is called the double quotes like this and then closed the entire

107
00:08:03,630 --> 00:08:04,530
script code.

108
00:08:04,530 --> 00:08:05,070
So.

109
00:08:05,070 --> 00:08:07,290
Script.

110
00:08:07,400 --> 00:08:08,630
You are good to go.

111
00:08:08,720 --> 00:08:13,940
So right now you save this say modify modified buffer.

112
00:08:14,600 --> 00:08:18,320
And if you can see this is the entire code that you need.

113
00:08:18,320 --> 00:08:27,920
So you need to put this in this directory right here so slash var slash w w w slash h the amount and

114
00:08:28,010 --> 00:08:29,420
you will be good to go.

115
00:08:29,510 --> 00:08:34,720
Now another thing that you want to do in case yours Apache 2 is in training.

116
00:08:34,730 --> 00:08:35,980
You need to set it to run.

117
00:08:35,990 --> 00:08:43,310
So in order to check if you're Apache who is running just type service Apache to a status and here we

118
00:08:43,310 --> 00:08:45,620
can see you loaded active inactive.

119
00:08:45,620 --> 00:08:53,410
So we need to run the Apache tool first so service Apache to start.

120
00:08:54,320 --> 00:09:01,280
So we started the Apache too and now let me show you what happens when someone visits that page.

121
00:09:01,280 --> 00:09:03,980
Now as I said I only showed you how to do this.

122
00:09:04,370 --> 00:09:12,460
I won't be using the Apache tool from my clinic's machine I will use it on my laptop where I have Apache

123
00:09:12,470 --> 00:09:18,800
to running and where I have the same file that I showed you right here on my Apache tool so it will

124
00:09:18,800 --> 00:09:19,680
display halo.

125
00:09:19,700 --> 00:09:24,990
And it also has a script in the head tag with the hook to the javascript file.

126
00:09:25,070 --> 00:09:31,150
So what happens when we visit the vet page.

127
00:09:31,150 --> 00:09:36,820
So let me just first open this right here as we can see we do not have any problems connected but if

128
00:09:36,820 --> 00:09:46,870
you type right here one ninety two not 160 K Dot 1 and 15 which is the IP address where I am running

129
00:09:46,960 --> 00:09:49,840
the file with the script of a hook.

130
00:09:49,840 --> 00:09:59,160
So we plan press here enter as we can see right here oh wait I didn't rename it to the index that HDMI

131
00:09:59,170 --> 00:10:00,820
also just give me a second.

132
00:10:00,850 --> 00:10:06,280
As I said it had the file that you have in this large file stage WWE obviously abuses the amount folder

133
00:10:06,370 --> 00:10:10,130
needs to be named indexed HDMI out in order for it to explain.

134
00:10:10,600 --> 00:10:14,280
So I renamed it on my laptop and let me just refresh the page.

135
00:10:14,500 --> 00:10:20,770
And here we can see it just this place Halo which can be really normal for our users so you just notice

136
00:10:20,800 --> 00:10:21,820
nothing is happening.

137
00:10:21,830 --> 00:10:25,360
You can close this right now but what happened in our beef.

138
00:10:25,390 --> 00:10:32,530
Now we have our browser hooked which means we can perform any kind of exploitation or any kind of the

139
00:10:32,530 --> 00:10:33,350
attack.

140
00:10:33,480 --> 00:10:42,070
If that browser is out dated here we can see browser is Windows and TV understand windows 64 Mozilla

141
00:10:42,700 --> 00:10:48,040
you can see it is over Chrome so basically you just get a bunch of these information right here.

142
00:10:48,030 --> 00:10:52,080
The host the name IP you all kinds of stuff.

143
00:10:52,120 --> 00:10:58,630
And what you want to what you can do right here is basically just go to the comments and here you have

144
00:10:58,720 --> 00:11:01,240
the attacks that you can perform on the browser.

145
00:11:01,240 --> 00:11:08,140
So here are social some social engineering attacks through jacking fake class pass creepy simple hijacker

146
00:11:08,170 --> 00:11:11,070
and some other you can have browser attacks.

147
00:11:13,030 --> 00:11:16,290
Webcam you can hook it you can play sound.

148
00:11:16,290 --> 00:11:18,610
There are just too much of these options right here.

149
00:11:18,620 --> 00:11:21,690
We will not cover basically these attacks.

150
00:11:21,690 --> 00:11:27,000
I just want to show you how you can hook a browser and knew now can experiment with all of this.

151
00:11:27,000 --> 00:11:33,600
Now if the browser is outdated this is a very powerful attack since now you can basically do anything

152
00:11:33,690 --> 00:11:38,310
on the target P.C. P.S. There are some of the methods to modules.

153
00:11:38,310 --> 00:11:43,590
I believe there is only one right here but there are some exploits right here which you can also use

154
00:11:44,050 --> 00:11:44,990
shellshock.

155
00:11:45,010 --> 00:11:50,770
We covered Shellshock is that is the famous command ejection attack.

156
00:11:50,910 --> 00:11:53,330
There are some of the other PSP dos.

157
00:11:53,360 --> 00:12:00,210
So there are a bunch of these options right here that you can perform but more about that later.

158
00:12:00,210 --> 00:12:02,640
I just want to show you how you can hook a browser.

159
00:12:02,640 --> 00:12:06,430
Now you might be asking right now so what is the point.

160
00:12:06,450 --> 00:12:12,510
We actually need to get someone to type the IP address of that machine in order for it to load that

161
00:12:12,510 --> 00:12:16,860
page and in order for it to hook to our B framework.

162
00:12:16,860 --> 00:12:19,470
Now that's where the man in the middle comes in.

163
00:12:19,500 --> 00:12:24,900
So what you can do is basically you can actually let me show you.

164
00:12:24,900 --> 00:12:29,670
So let's go to the man in the middle.

165
00:12:29,670 --> 00:12:31,180
And what you can do.

166
00:12:31,380 --> 00:12:38,600
So let's type it does this help what you can do is you can actually redirect everyone on the local network

167
00:12:38,630 --> 00:12:40,220
to that Web site.

168
00:12:40,520 --> 00:12:42,120
So let's perform that.

169
00:12:42,110 --> 00:12:43,820
I'll show you how you can do it.

170
00:12:43,910 --> 00:12:46,940
Basically all you need to do is use captive portal.

171
00:12:46,940 --> 00:12:51,440
Now captive portal you can use as it says right here.

172
00:12:51,530 --> 00:12:54,920
Be a captive portal so captive load plug in captive portal.

173
00:12:54,920 --> 00:12:59,450
And we need to specify the URL where it where the portal is located.

174
00:12:59,480 --> 00:13:05,180
So the current to your hour my portal is located will be my IP address of a laptop since there is the

175
00:13:05,600 --> 00:13:09,200
javascript file that we need in order to hook browsers.

176
00:13:09,200 --> 00:13:15,920
So what we need to do is basically just have my TMF minus my minus eye for the interface and then we

177
00:13:15,920 --> 00:13:21,390
specify the minus minus minus minus half.

178
00:13:21,410 --> 00:13:28,360
So we are performing the ARP spoofing and all we need to do after the Gateway which is let me just see

179
00:13:28,370 --> 00:13:30,950
when I get to that 168 at 1 1.

180
00:13:31,070 --> 00:13:39,300
We need to specify captive and then portal you URL and then we specify a GDP.

181
00:13:39,740 --> 00:13:44,030
When I do that on set to fund funded 15 and that should be it.

182
00:13:44,090 --> 00:13:47,570
So right now if I just press here run

183
00:13:52,190 --> 00:13:54,930
you can see it is running the ARB spoofing attack.

184
00:13:54,940 --> 00:14:01,600
And now if I go to my browser and they want to for example refresh this page which is from the previous

185
00:14:01,600 --> 00:14:08,290
attacks and I just refresh it you will see that I get redirected to the Halo page.

186
00:14:08,410 --> 00:14:15,250
Now this is just a redirection but in the background the actual event the yellow script code from that

187
00:14:15,250 --> 00:14:23,580
hook file and it actually to the browser or the P.C. on our BS framework.

188
00:14:23,620 --> 00:14:25,270
So we have it right here now.

189
00:14:25,300 --> 00:14:28,110
It is not hooked twice and I already have it right here.

190
00:14:28,510 --> 00:14:33,030
But if I were to run it from for example my laptop right here.

191
00:14:33,040 --> 00:14:40,930
So let me just visit the same HDP page from my laptop and you will see it also appear right here.

192
00:14:40,930 --> 00:14:48,210
So I will visit the same page that just go to my laptop.

193
00:14:48,330 --> 00:14:48,980
Now let's

194
00:14:52,980 --> 00:15:02,190
go right here and in a few seconds here is my laptop as we can see my laptop is Linux running Mozilla

195
00:15:02,220 --> 00:15:08,430
boon to Linux 64 you have some of the options and now you can actually perform attacks on both of these

196
00:15:08,430 --> 00:15:14,310
machines and soon enough all of the machines on the local network will start appearing here since any

197
00:15:14,370 --> 00:15:19,150
website you visit will get redirected to this page basically normal.

198
00:15:19,170 --> 00:15:24,710
No one will be able to go to any other Web sites that are HDP or HDP or SSL.

199
00:15:24,870 --> 00:15:30,540
They will all be redirected to this page and then their browsers will be hooked where you can perform

200
00:15:30,580 --> 00:15:32,720
a different types of attacks.

201
00:15:32,850 --> 00:15:35,580
So that will be it about this tutorial.

202
00:15:35,580 --> 00:15:40,340
Now I will not be showing these attacks right here you can just test them yourself.

203
00:15:40,350 --> 00:15:41,290
They are not that too.

204
00:15:41,310 --> 00:15:43,350
They are not that hard to perform.

205
00:15:43,490 --> 00:15:45,930
See this is go here and you just need time stamped right here.

206
00:15:45,930 --> 00:15:51,840
And then the attacks will work if the boundaries are outdated so you can try it out on yourself.

207
00:15:51,840 --> 00:15:53,250
And we will cry.

208
00:15:53,250 --> 00:15:59,040
We will try a few other different attacks before we move to the next tool in the next story.

209
00:15:59,400 --> 00:16:01,260
And I hope I see you there by.