1
00:00:01,480 --> 00:00:09,580
Now you have enough information to go ahead and try to gain access to other systems to computers servers

2
00:00:09,700 --> 00:00:12,120
web servers and stuff like that.

3
00:00:12,280 --> 00:00:19,180
And in this section we're going to be talking about gaining access to computer devices and what I mean

4
00:00:19,180 --> 00:00:22,090
by computer devices is anything.

5
00:00:22,090 --> 00:00:24,060
And the reason behind this I want it.

6
00:00:24,060 --> 00:00:30,340
I want to get this through I want to get this idea through is that any electronic device device you

7
00:00:30,380 --> 00:00:39,340
see is a computer so a phone a TV a laptop a web server a Web site and Network Rail to all of these

8
00:00:39,340 --> 00:00:45,580
things are computers all of them have an operating system and they have programs installed on these

9
00:00:45,610 --> 00:00:46,960
operating systems.

10
00:00:47,200 --> 00:00:52,570
And usually in most cases these computers are used by a user.

11
00:00:52,570 --> 00:00:57,820
So we have an operating system they have programs installed on that operating system and they have a

12
00:00:57,820 --> 00:01:01,360
user who uses on and configured this system.

13
00:01:02,020 --> 00:01:07,930
So I'm going to be talking about how you gain access to computers and this example an actual personal

14
00:01:07,930 --> 00:01:11,680
computer so the names that people call it usually a computer.

15
00:01:11,680 --> 00:01:16,310
So it's gonna be we're going to have a target of a Windows device and we're gonna have a target of a

16
00:01:16,330 --> 00:01:21,300
Linux device but the concept is always the same.

17
00:01:21,300 --> 00:01:26,790
Getting access to computer devices is always the same so you can apply the same concepts if you are

18
00:01:26,790 --> 00:01:27,790
targeting a phone.

19
00:01:27,840 --> 00:01:32,250
If you're talking to a target in a tablet if you're targeting a web server and we will be targeting

20
00:01:32,250 --> 00:01:33,300
web servers as well.

21
00:01:33,660 --> 00:01:37,740
But I will be talking about it just like a normal computer.

22
00:01:37,740 --> 00:01:39,570
This is very important to understand.

23
00:01:39,960 --> 00:01:45,540
Every device you see is a computer and it works just like your personal computer.

24
00:01:45,540 --> 00:01:50,870
So I can set up a web server on my computer I can make it look like a Web site and act as a Web site.

25
00:01:50,940 --> 00:01:56,820
I can make it act as a TV and I can make it act as anything I want and literally TV is and all these

26
00:01:56,820 --> 00:02:06,430
things are just simpler computers with less complicated hardware in them so we're going to be talking

27
00:02:06,550 --> 00:02:12,340
about attacking these devices from two main parts or from two main sites.

28
00:02:12,340 --> 00:02:16,380
The first approach that we're going to use is the server side.

29
00:02:16,720 --> 00:02:22,630
So and this site it doesn't require any user interaction we're going to have a computer and we're going

30
00:02:22,630 --> 00:02:28,360
to see how we can gain access to that computer without the need for the user to do anything for the

31
00:02:28,360 --> 00:02:31,320
user who uses that computer to do anything.

32
00:02:31,360 --> 00:02:39,690
This mostly applies to web servers and app applications and devices that don't get used much by people

33
00:02:39,700 --> 00:02:45,370
so people basically configured them and then they run automatically.

34
00:02:45,490 --> 00:02:51,070
So all we have is gonna be an IP address and we're going to see how we can test the security and gain

35
00:02:51,070 --> 00:02:53,670
access to that computer based on that IP.

36
00:02:53,680 --> 00:02:59,710
So our main way of getting getting in is going to be the operating system that that target runs and

37
00:02:59,710 --> 00:03:03,320
the applications installed on that system.

38
00:03:03,490 --> 00:03:07,200
The second approach that we're going to try is the client side attacks.

39
00:03:07,210 --> 00:03:13,810
So this approach will require the client or the person who uses that computer to do something to do

40
00:03:13,810 --> 00:03:18,070
something that something could be a number of things that could be installing an update.

41
00:03:18,070 --> 00:03:19,660
It could be off in the picture.

42
00:03:19,690 --> 00:03:21,700
It could be open a Trojan.

43
00:03:21,700 --> 00:03:27,880
So we're going to learn how to create a Trojan how to create back doors how to use social engineering

44
00:03:28,060 --> 00:03:34,660
to make the target person do something and when they do that action we will gain access to their computer

45
00:03:36,410 --> 00:03:41,090
information gathering is going to be crucial in this case because we actually need to know the person

46
00:03:41,150 --> 00:03:44,410
that we're targeting after all of that.

47
00:03:44,450 --> 00:03:50,720
I'm gonna talk about the post exploitation so what you could do after you gain access to this computer

48
00:03:50,720 --> 00:03:56,060
regardless of the method that you gained access to it so you could have used a server side exploit you

49
00:03:56,060 --> 00:04:01,340
could have used client side exploit or you could have just got a physical access the person left their

50
00:04:01,340 --> 00:04:02,580
desk and you got in.

51
00:04:02,630 --> 00:04:05,600
So we're going to see how you could what can you do.

52
00:04:05,630 --> 00:04:11,180
Once you have access to your target how you could further exploit that target and increase your privileges

53
00:04:11,180 --> 00:04:13,520
or target other computers in the same place.