1
00:00:00,790 --> 00:00:01,360
Welcome back.

2
00:00:01,750 --> 00:00:04,620
So for now on half of the program is done good.

3
00:00:04,630 --> 00:00:08,320
We managed to get MAC addresses from our target and our router.

4
00:00:08,320 --> 00:00:14,090
Now it's time to actually perform the hacking stuff and spoof these two targets all right.

5
00:00:14,090 --> 00:00:17,090
So let's do it now that we've got the MAC addresses.

6
00:00:17,090 --> 00:00:18,610
Let's see what's next step.

7
00:00:18,620 --> 00:00:24,980
First of all I'm going to delete these two print statements as we don't really need them at the moment

8
00:00:25,820 --> 00:00:28,470
allow this.

9
00:00:29,010 --> 00:00:36,590
And now if you remember we need to enter a while loop in order for our spoofing to last longer.

10
00:00:36,600 --> 00:00:43,260
So what we are going to do is I'm going to type to try and accept statements right here and industry's

11
00:00:43,260 --> 00:00:46,400
statement or simply just try to support the targets.

12
00:00:46,410 --> 00:00:56,230
So while true we want to spoof and you'll see in just a second what parameters will this pull function

13
00:00:56,260 --> 00:00:57,630
take.

14
00:00:57,850 --> 00:01:03,580
And in the accept statement we want to accept keyboard interruption.

15
00:01:03,580 --> 00:01:08,680
And the reason why we're specifying the keyboard interrupt is because if you take a closer look this

16
00:01:08,680 --> 00:01:14,560
is a while True loop and while True loop are infinite loops that means this false proof for the infinite

17
00:01:14,560 --> 00:01:15,550
amount of time.

18
00:01:15,670 --> 00:01:20,860
Therefore we want to make sure that at any time that we want to stop the program we'll simply just keyboard

19
00:01:20,860 --> 00:01:24,370
interrupt and it foreclose the spoofing.

20
00:01:24,370 --> 00:01:26,980
So it will print right here.

21
00:01:28,120 --> 00:01:34,900
Closing AARP's buffer and then we can simply exit the program.

22
00:01:34,900 --> 00:01:35,890
All right.

23
00:01:36,010 --> 00:01:39,040
So now let's get back to this poll function.

24
00:01:39,040 --> 00:01:41,920
It is read underlined of course because it doesn't exist.

25
00:01:41,920 --> 00:01:43,410
Therefore we will have to code it.

26
00:01:43,810 --> 00:01:48,800
But before we do that let's take a look at what parameters dysfunction should take.

27
00:01:49,150 --> 00:01:56,130
While it actually has to take all of these four parameters right here since we want to spoof both of

28
00:01:56,130 --> 00:02:01,680
the targets and for each of the target we need its own MAC address and its own IP address.

29
00:02:01,680 --> 00:02:07,710
Therefore we need to send all of these four variables into this support function.

30
00:02:07,710 --> 00:02:10,920
Let's keep track of in which order we are sending them.

31
00:02:10,920 --> 00:02:20,570
So we are first of all going to send Raul to IP then we will send targeted IP.

32
00:02:21,370 --> 00:02:27,680
Then we will send Raul or Mac and the last thing we need to send is the target Mac.

33
00:02:27,820 --> 00:02:30,700
So we are sending these four variables.

34
00:02:30,910 --> 00:02:35,220
And right here we will code the function itself.

35
00:02:35,710 --> 00:02:40,690
And keep in mind that we need to specify the exact same order of these variables.

36
00:02:40,900 --> 00:02:43,760
So we don't get error when running the program.

37
00:02:44,080 --> 00:02:45,820
The next one is target IP.

38
00:02:46,720 --> 00:02:48,970
After it comes the proper Mac.

39
00:02:49,120 --> 00:02:51,800
And lastly the target Mac.

40
00:02:51,880 --> 00:02:52,570
Here it is.

41
00:02:52,600 --> 00:02:58,780
Now let's see what we need to code right here in the first video of this section once we created the

42
00:02:58,780 --> 00:03:00,460
first malicious packet.

43
00:03:00,460 --> 00:03:04,870
We created it using an OPI footstool which is a response which is good.

44
00:03:04,870 --> 00:03:06,030
It should be like that.

45
00:03:06,160 --> 00:03:10,670
And we're going to do the same thing right here just right now instead of one packet.

46
00:03:10,690 --> 00:03:12,550
We're going to create two packets.

47
00:03:12,550 --> 00:03:17,650
One will be sent to the router and the other one will be sent to the Windows machine spoofing them both

48
00:03:17,740 --> 00:03:19,270
at the same time.

49
00:03:19,360 --> 00:03:26,320
So let's create a variable which will be called packet one the packet one will be a packet that we will

50
00:03:26,320 --> 00:03:28,870
determine to go to the router.

51
00:03:29,230 --> 00:03:30,250
So how can we do that.

52
00:03:30,250 --> 00:03:32,130
Most will simply create capital.

53
00:03:32,190 --> 00:03:38,050
Our packet as usual we send the OPI to be equal to since this is a response.

54
00:03:38,440 --> 00:03:44,530
And in order to to navigate this packet router we simply send the hardware destination to be equal to

55
00:03:44,540 --> 00:03:46,360
Router Mac.

56
00:03:46,690 --> 00:03:50,320
We also need to send a p destination to be equal to Router IP.

57
00:03:52,720 --> 00:03:53,350
Right here.

58
00:03:53,800 --> 00:03:57,660
And another thing that we need is going to be the source.

59
00:03:57,760 --> 00:04:04,570
Now before I actually type this before several create packet 2 which is going to be navigated through

60
00:04:04,570 --> 00:04:12,810
the windows 10 machine or to your own target machine which is not router or B has to be equal to

61
00:04:15,830 --> 00:04:22,940
hardware destination has to be equal to target Mac and it be destination has to be equal to target IP

62
00:04:23,690 --> 00:04:24,530
and P source.

63
00:04:24,530 --> 00:04:27,890
Once again we are going to leave empty right here.

64
00:04:28,220 --> 00:04:30,150
And the reason why we are leaving it empty.

65
00:04:30,170 --> 00:04:37,790
What do you think what should be the B source or the packet source in the first packet.

66
00:04:37,850 --> 00:04:42,710
Keep in mind that the B source is the IP address of the machine that is sending these packets so in

67
00:04:42,710 --> 00:04:46,520
our case that would be the IP address of the calisthenics machine.

68
00:04:47,420 --> 00:04:51,980
But we're not going to specify the IP address of the clinic's machine because then it would just be

69
00:04:52,010 --> 00:04:53,000
a regular packet.

70
00:04:53,000 --> 00:04:56,820
We want to create the malicious packet that will be able to spoof the connection.

71
00:04:56,870 --> 00:05:00,720
So what we need to specify right here is the target's IP.

72
00:05:01,550 --> 00:05:07,820
We want to send this package to the voter and make it seem as it came from the windows 10 machine.

73
00:05:08,000 --> 00:05:09,850
The same thing goes with the pack too.

74
00:05:09,890 --> 00:05:15,500
We want to send this back it to the Windows 10 machine and make it seem like it came from the router.

75
00:05:15,500 --> 00:05:18,900
Therefore in the packet tool we are specifying browser.

76
00:05:19,090 --> 00:05:27,890
I keep simple as that all we are left to do right now is send these two packets.

77
00:05:28,050 --> 00:05:37,870
So how can we do that well using the send function so scape it would send will first sent back one and

78
00:05:37,870 --> 00:05:43,420
then escape it'll send packets to write.

79
00:05:43,480 --> 00:05:46,850
Simple as that and our program is almost done.

80
00:05:46,930 --> 00:05:53,430
All we are left to add is right here under the while True loop below this pool function we want to add

81
00:05:53,430 --> 00:05:56,740
the small time out so it doesn't spoof too fast.

82
00:05:56,740 --> 00:06:04,180
We want to add kind of sleep let's sleep for two seconds between each and every packet that we sent.

83
00:06:04,420 --> 00:06:09,850
So we will send the ARP response demolishes our response every two seconds and we will keep the ARP

84
00:06:09,850 --> 00:06:15,370
tables updated with the incorrect MAC addresses to the router and we understand machine.

85
00:06:16,360 --> 00:06:18,390
So our program should be finished.

86
00:06:18,390 --> 00:06:21,830
Now let's test it and see how it works.

87
00:06:21,850 --> 00:06:30,820
If I open up my terminal right here clear the screen and type python on AARP's buffer and then I specify

88
00:06:30,940 --> 00:06:33,070
wanted to do that 168 at 1 1.

89
00:06:33,370 --> 00:06:39,480
So first goes the routers IP address and then one night to that 168 that one that too.

90
00:06:39,610 --> 00:06:42,630
This is the vendor's 10 IP address before we run it.

91
00:06:42,790 --> 00:06:48,190
Let's check once again the arc tables of this target machine.

92
00:06:48,460 --> 00:06:54,390
Let's also open a browser so we can see that we can connect to the Internet.

93
00:06:54,400 --> 00:06:55,660
OK so here is the browser.

94
00:06:55,690 --> 00:07:01,450
And every time we actually open this browser our connection goes through the router through this MAC

95
00:07:01,450 --> 00:07:04,340
address and then it retrieves this page back to us.

96
00:07:04,630 --> 00:07:11,600
And right now we're going to try to make this browser open the page while going to our Cal Linux machine.

97
00:07:12,590 --> 00:07:15,830
So let's run the program.

98
00:07:17,180 --> 00:07:19,970
It will print right here sent one packet.

99
00:07:19,970 --> 00:07:25,600
These are the packages that are being sent each and every two seconds as we specified right here.

100
00:07:25,610 --> 00:07:32,510
Now let's check the ARP tables on our of understand machine and we can see we successfully spoofed the

101
00:07:32,510 --> 00:07:34,160
MAC address of the voter.

102
00:07:34,160 --> 00:07:39,800
Now the Windows 10 machine things that the router is our clinic's machine and sends all the packets

103
00:07:39,920 --> 00:07:41,230
to us.

104
00:07:41,270 --> 00:07:46,520
Same goes with the router the router is also spoofed and sends all the packets that should go to the

105
00:07:46,520 --> 00:07:50,410
Windows 10 machine to overkill Linux machine.

106
00:07:50,440 --> 00:08:00,060
Now if we tried to go and open some page I clicked on a random website you will notice that it will

107
00:08:00,120 --> 00:08:01,920
load pretty long.

108
00:08:03,380 --> 00:08:09,410
Matter of fact in just a few seconds it will say that the actual connection cannot be established and

109
00:08:09,410 --> 00:08:11,840
it will not open this page.

110
00:08:11,840 --> 00:08:13,070
Now why is that.

111
00:08:13,070 --> 00:08:14,830
Well let me click X right here.

112
00:08:15,680 --> 00:08:21,340
If it closed this program right here there is one thing that we forgot to do.

113
00:08:21,560 --> 00:08:27,650
We successfully spoofed both of the targets but now we perform more of something like a boss attack

114
00:08:27,860 --> 00:08:31,630
on both of these targets as they cannot connect to the Internet anymore.

115
00:08:31,670 --> 00:08:38,530
That is because we are not forwarding packets from one target to another in order to be able to forward

116
00:08:38,530 --> 00:08:39,170
the packets.

117
00:08:39,190 --> 00:08:47,290
We need to run the command inside of our terminal which is Echo 1 and then these two arrows to right

118
00:08:47,920 --> 00:08:58,720
at this location so slash proc slash this slash net slash IP 4 and slash IP forward.

119
00:08:58,900 --> 00:09:02,670
Press your enter and if I run the program once again

120
00:09:06,850 --> 00:09:16,910
and try to load the website now it loads successfully we can load every website that we want if we want

121
00:09:16,910 --> 00:09:17,090
to.

122
00:09:17,090 --> 00:09:18,920
We can also go to Facebook dot com

123
00:09:23,990 --> 00:09:26,450
it will load all the pages without any problem.

124
00:09:26,570 --> 00:09:30,740
And on the vendor stand machine you will not notice anything out of order.

125
00:09:30,740 --> 00:09:35,660
You will most likely never know that you have been are spoofed and that someone can read all of your

126
00:09:35,660 --> 00:09:36,880
information.

127
00:09:36,950 --> 00:09:41,860
The only way that you can actually notice that if you simply just go to your command prompt and type

128
00:09:41,860 --> 00:09:48,760
the command are Dash 8 and you notice that two different IP addresses have same MAC address.

129
00:09:48,770 --> 00:09:52,850
This is a good indication that at the moment you are being spoofed.

130
00:09:52,970 --> 00:09:58,670
All right so we can see our article for works correctly now all the packets are going through our own

131
00:09:58,670 --> 00:10:00,800
machine and we can read them if we want to.

132
00:10:01,100 --> 00:10:03,830
But more about that in the later sections.

133
00:10:03,830 --> 00:10:09,710
When we code our own password sniffer then we are going to combine our arsenal for right here with the

134
00:10:09,710 --> 00:10:15,440
password sniffer and we are going to see how these two tools will combine in order for us to sniff the

135
00:10:15,440 --> 00:10:18,540
passwords that summer types in their browser.

136
00:10:18,560 --> 00:10:22,130
All right so that's about it for the section in the next video.

137
00:10:22,130 --> 00:10:27,470
Of course we are going to perform a small recap on this program and then we will proceed to the next

138
00:10:27,470 --> 00:10:28,690
project.

139
00:10:28,700 --> 00:10:30,750
Thank you for watching and take care.

140
00:10:30,800 --> 00:10:31,250
Bye.