1
00:00:01,140 --> 00:00:04,520
So far we've seen how to discover this as will her abilities.

2
00:00:04,710 --> 00:00:11,520
We are the look on her reflected stored and on base and we've also seen a few ways on how to bypass

3
00:00:11,520 --> 00:00:17,560
security and how to address our payload so that it works on different situations.

4
00:00:17,580 --> 00:00:21,420
We still haven't seen any good way of exploiting these vulnerabilities though.

5
00:00:21,510 --> 00:00:27,450
All we did was run a code saying alert access or alert and the message that we want.

6
00:00:27,540 --> 00:00:32,730
So in this lecture and the next few lectures we're actually going to see how we can exploit machines

7
00:00:32,730 --> 00:00:38,880
that visit these vulnerable Web pages and we're going to do that using a framework called the framework

8
00:00:39,900 --> 00:00:46,260
what it does it allows us to run a large number of commands to hook browsers and to hook a browser to

9
00:00:46,260 --> 00:00:50,770
be if a javascript code has to be executed on that browser.

10
00:00:50,880 --> 00:00:58,440
And because beef uses Javascript it's very easy for us to inject that code into Access vulnerable Web

11
00:00:58,440 --> 00:01:04,680
pages and that code will be executed every time a person runs that page.

12
00:01:04,680 --> 00:01:06,620
So all of this is going to become more clear.

13
00:01:06,720 --> 00:01:11,090
Let us just run with and get it set up and get someone hooked to it.

14
00:01:11,100 --> 00:01:16,170
In this video and in the next videos will be run in our commands and you'll see it'll become much more

15
00:01:16,170 --> 00:01:18,450
clear on how to use me.

16
00:01:18,660 --> 00:01:23,730
So I'm going to go to my calendar next and the first thing I'm going to do is just run be here from

17
00:01:23,730 --> 00:01:27,020
it I can give it some time and it'll start.

18
00:01:27,050 --> 00:01:29,190
It'll automatically start the browser for you.

19
00:01:32,590 --> 00:01:38,300
So now to log in the user name is beef and the password is beef as well.

20
00:01:41,210 --> 00:01:44,690
So this is the main screen of beef you can see here on the left.

21
00:01:44,690 --> 00:01:51,440
You have online browsers and this will basically list all the browsers that are hooked to beef at the

22
00:01:51,440 --> 00:01:54,130
moment you can see that we have nothing hooked to it.

23
00:01:54,260 --> 00:02:00,050
And on the right once you click on a hooked browser you'll be able to run your commands in here again.

24
00:02:00,070 --> 00:02:03,360
In this lecture and future lectures will be running some commands.

25
00:02:03,440 --> 00:02:05,600
So it'll become more clear to you.

26
00:02:05,630 --> 00:02:10,430
So right now let's go ahead and try to go and get some people hooked to beef.

27
00:02:10,430 --> 00:02:15,860
Now there's a number of methods that you can do to hook people to be what we're interested in is how

28
00:02:15,860 --> 00:02:19,250
to hook them through Access vulnerabilities.

29
00:02:19,310 --> 00:02:24,440
So the main thing that we're going to be using is the code given to us by itself so it's actually telling

30
00:02:24,440 --> 00:02:26,140
us what code to use.

31
00:02:26,210 --> 00:02:31,250
And as you can see now this is a javascript code similar to the alert code that we were using.

32
00:02:31,700 --> 00:02:38,390
So the first thing I'm going to do is copy this and we're going to paste that in a leaf pad just so

33
00:02:38,390 --> 00:02:40,280
that I can show you how to modify it.

34
00:02:43,800 --> 00:02:48,720
So all you have to do is just inject this code into the vulnerable pages.

35
00:02:48,720 --> 00:02:52,270
One thing that you have to modify is that you have to add your IP in here.

36
00:02:52,740 --> 00:02:56,780
So to get your own IP all you have to do is run ifconfig.

37
00:02:56,800 --> 00:03:04,290
So I'm just going to get a terminal and I'm going to run ifconfig and as you can see now my IP is this.

38
00:03:04,320 --> 00:03:06,600
So it's 10 20 40 into 0 8

39
00:03:10,060 --> 00:03:13,940
and that's it now the code is ready to be executed.

40
00:03:14,070 --> 00:03:16,170
So I'm going to close this.

41
00:03:16,340 --> 00:03:23,610
And let's go to one of our vulnerable Web pages that we were using before so used to go and let's go

42
00:03:23,610 --> 00:03:26,450
to DPW I.

43
00:03:26,510 --> 00:03:30,590
So first let's just go and set the security to low.

44
00:03:30,700 --> 00:03:34,630
We've seen how to bypass the security so I don't want to make this video too complicated.

45
00:03:36,300 --> 00:03:40,700
And let's have a look on example on reflected one.

46
00:03:40,740 --> 00:03:46,170
So if we go on a reflected exercise and remember when we used to put the name here and the name gets

47
00:03:46,170 --> 00:03:49,990
displayed so we used to just put our script instead of the name.

48
00:03:50,040 --> 00:03:52,290
And that gets executed as well.

49
00:03:52,290 --> 00:03:56,380
So instead of doing an alert we're actually going to run it like this.

50
00:03:56,400 --> 00:04:05,120
So this was our code and we used to do this to get our code to be executed so let's just have an example

51
00:04:05,120 --> 00:04:06,120
on it as well.

52
00:04:15,220 --> 00:04:17,020
And as you can see you get access to us.

53
00:04:17,140 --> 00:04:22,450
So we're using exactly the same code exactly the same concept except we're changing the payload instead

54
00:04:22,450 --> 00:04:23,670
of say an alert.

55
00:04:23,800 --> 00:04:25,630
We're actually going to put this code.

56
00:04:25,630 --> 00:04:28,210
We're going to ask for this code to be executed.

57
00:04:28,810 --> 00:04:32,370
So we're just going to modify that and put it in here.

58
00:04:36,080 --> 00:04:37,330
So this is ready now.

59
00:04:37,340 --> 00:04:39,190
And you can send it to any person.

60
00:04:39,290 --> 00:04:43,560
And once they execute this you are l they will be hooked to B.

61
00:04:43,730 --> 00:04:47,850
And then you'll be able to run all the commands that allow you to run.

62
00:04:47,870 --> 00:04:52,940
Now you can go ahead and change this or I'll use an or else shortening service just to make it look

63
00:04:52,940 --> 00:04:54,130
less suspicious.

64
00:04:54,230 --> 00:04:58,280
So let's just have an example I'm actually going to execute this code in my state in the same browser

65
00:04:58,280 --> 00:05:03,110
which I shouldn't I should probably do it on a different machine but we'll do it just here just to show

66
00:05:03,110 --> 00:05:05,190
you the proof of concept.

67
00:05:05,260 --> 00:05:06,810
So we are on this here.

68
00:05:07,070 --> 00:05:08,630
And if we go to beef Now

69
00:05:11,440 --> 00:05:19,570
now I've actually mistyped my IP here it's it's 10 20 not 10 14:20.

70
00:05:19,710 --> 00:05:25,650
So this is my IP I'm just going to fix that pasted here.

71
00:05:30,090 --> 00:05:36,360
And if we go to beef you'll see that we have an online browser and a person is hooked now we can click

72
00:05:36,360 --> 00:05:37,960
on this and run the commands.

73
00:05:38,040 --> 00:05:39,820
But I'm going to leave that for a different lecture.