1
00:00:00,390 --> 00:00:01,750
Welcome back.

2
00:00:01,770 --> 00:00:07,470
So we've had quite a tough task in the previous few videos but we managed to get it all to work.

3
00:00:07,470 --> 00:00:12,080
Now it's time to wrap up our program and run it for a first test.

4
00:00:12,120 --> 00:00:17,780
So what we did for now is we return the user name and password extracted it from the body and stored

5
00:00:17,820 --> 00:00:19,530
it in these two variables.

6
00:00:19,530 --> 00:00:23,970
Now what we need to do is we need to print these two variables as a result.

7
00:00:23,970 --> 00:00:36,080
So right here after this we need to check whether username and password is not equal to non.

8
00:00:36,240 --> 00:00:39,450
Seems like we cannot specify two of these variables.

9
00:00:39,450 --> 00:00:46,560
So we need to delete this but we are going to do instead is we are going to store this inside the one

10
00:00:46,560 --> 00:00:54,890
variable let's call it like this.

11
00:00:55,510 --> 00:01:00,630
Now the reason why we are storing it in one variable is because we can use one if statement later on

12
00:01:01,020 --> 00:01:02,970
even though we are returning to values.

13
00:01:03,000 --> 00:01:08,400
This will both be stored inside of a user pass just as two different elements.

14
00:01:08,400 --> 00:01:08,910
All right.

15
00:01:08,910 --> 00:01:16,590
So after that we can check whether if user underscore pass is not equal to none.

16
00:01:16,800 --> 00:01:20,850
And what this simply means since we set the user and pass to be equal to none.

17
00:01:21,330 --> 00:01:26,730
If we don't manage to find any user name and password these two values will remain in on and they will

18
00:01:26,730 --> 00:01:30,630
be returned as not at the end of the function therefore.

19
00:01:30,660 --> 00:01:34,220
Right here we are checking if user and password is not equal to none.

20
00:01:34,230 --> 00:01:38,460
And we specify that with this exclamation mark an equal sign.

21
00:01:38,520 --> 00:01:45,990
Then what we want to print is past dot unquote.

22
00:01:46,680 --> 00:01:51,330
And this is just a way for us to print these two values so past dot unquote.

23
00:01:51,330 --> 00:01:54,630
And we will select the first element of the user pass

24
00:01:58,490 --> 00:02:07,000
and we need to select the second element which would be the password as well so far stop unquote user

25
00:02:07,090 --> 00:02:11,590
underscore pass and the second element.

26
00:02:11,590 --> 00:02:12,000
OK.

27
00:02:12,820 --> 00:02:20,730
So once again if these two values are not equal to none we will print the user name and password in

28
00:02:20,730 --> 00:02:21,600
any other case

29
00:02:24,600 --> 00:02:30,720
and buy in any other case I mean if we encounter any other package that doesn't satisfy these three

30
00:02:30,840 --> 00:02:37,590
statements right here we're going to simply pass and let that package go since it will probably not

31
00:02:37,590 --> 00:02:41,360
store any user name or any password.

32
00:02:41,360 --> 00:02:41,900
All right.

33
00:02:41,910 --> 00:02:44,740
So this should be the entire program.

34
00:02:44,820 --> 00:02:45,600
Here it is.

35
00:02:45,630 --> 00:02:48,010
Let's see how it runs.

36
00:02:48,420 --> 00:02:53,010
If I open up the terminal and clear the screen and run it

37
00:02:56,430 --> 00:02:57,300
you will see it.

38
00:02:57,300 --> 00:02:58,730
Did it run successfully.

39
00:02:58,740 --> 00:03:00,360
We don't see anything right here.

40
00:03:00,360 --> 00:03:05,610
Nothing is being printed so let's check out whether we can get something to print right here.

41
00:03:05,610 --> 00:03:15,560
If we open up our Firefox and they simply go to the one article that 160 that one that one which is

42
00:03:15,560 --> 00:03:23,840
my routers log in page and I go for example type Hello as a user name and world as a password and click

43
00:03:23,840 --> 00:03:27,850
on log in you will see right here.

44
00:03:27,850 --> 00:03:30,810
We do get both username and password.

45
00:03:30,850 --> 00:03:35,020
Now the password is encrypted but that is because of my relative security.

46
00:03:35,020 --> 00:03:38,640
Therefore our program successfully works.

47
00:03:38,710 --> 00:03:41,140
We do manage to get the user name and password.

48
00:03:41,140 --> 00:03:43,080
Now let's see on another Web site as well.

49
00:03:43,240 --> 00:03:52,060
Let's go to our good old test BHP that followed by dot com.

50
00:03:52,750 --> 00:03:58,390
Here if you go on the sign up we will have a page where it will ask us for the user name and password

51
00:03:58,930 --> 00:04:01,290
so let's type the user name and password right here.

52
00:04:01,300 --> 00:04:03,220
Let's go once again with hello.

53
00:04:03,340 --> 00:04:13,660
And then world click on login and we get both helo and both world in our terminal right here.

54
00:04:13,660 --> 00:04:16,890
So our program works correctly.

55
00:04:17,110 --> 00:04:22,410
Now in case you also want to get from which website are these usernames and passwords coming from.

56
00:04:22,410 --> 00:04:23,530
Which would be a good idea.

57
00:04:24,880 --> 00:04:33,250
All you need to do is go down in our packet pass function and if the packet has these three statements

58
00:04:33,250 --> 00:04:43,460
fulfilled we also want to print packet DCP and then that payload.

59
00:04:43,500 --> 00:04:50,990
All right so let's go and run it once again and go to Firefox and type

60
00:04:54,270 --> 00:04:55,050
oh never mind.

61
00:04:55,080 --> 00:04:58,110
We will be printing a whole lot more packets than we need.

62
00:04:58,140 --> 00:05:05,670
So this actual statement should go here and not here.

63
00:05:05,670 --> 00:05:07,430
So we only want to print it.

64
00:05:07,470 --> 00:05:10,170
If the user and pass is not equal to none.

65
00:05:10,260 --> 00:05:12,480
So let's go on again and print it

66
00:05:15,490 --> 00:05:16,450
now once we reload.

67
00:05:16,450 --> 00:05:19,700
We are not getting any random packets so let's type right here.

68
00:05:19,800 --> 00:05:24,290
Admin and password will be password click on OK.

69
00:05:24,460 --> 00:05:31,120
We get the user name to be admin and password to be password and we all forget the entire packet above.

70
00:05:31,120 --> 00:05:37,040
So now we can see that the log in is coming from this website.

71
00:05:37,150 --> 00:05:40,600
We also see a bunch of other different information which could be useful to us.

72
00:05:40,630 --> 00:05:44,380
But from now on we are only interested in this host information.

73
00:05:44,380 --> 00:05:48,390
And in these two values which are username and password.

74
00:05:48,600 --> 00:05:49,600
All right.

75
00:05:50,020 --> 00:05:54,820
Now that we are sure that our program works and that we can sniff usernames and passwords on different

76
00:05:54,900 --> 00:05:59,480
websites and by the way keep in mind this will only work on HDP websites.

77
00:05:59,620 --> 00:06:05,620
If you want to sniff the information and passwords over the HDP as websites you will also need to run

78
00:06:05,710 --> 00:06:13,140
SSL strip on the site and that will only work for the SSL connections and not for the DNS encryption.

79
00:06:13,140 --> 00:06:18,660
All right but let's put that on the site in the next video.

80
00:06:18,690 --> 00:06:24,810
We can combine it with our arms pool for and see how we can sniff the usernames and passwords on a different

81
00:06:24,810 --> 00:06:30,840
machine the same way we did write down Kelly Linux just we're going to try to save usernames and passwords

82
00:06:31,080 --> 00:06:33,030
on Windows 10 machine.

83
00:06:33,240 --> 00:06:37,740
So thank you for watching this lecture and I will see you in the next video by.