1
00:00:00,450 --> 00:00:07,500
OK, now it's time to talk about the need to get my cat is one of the original network penetration testing

2
00:00:07,500 --> 00:00:11,820
tools and, as they call it, Swiss Army knife.

3
00:00:12,360 --> 00:00:19,140
So this utility reads Android data across network connection using PCB or UDP protocols.

4
00:00:20,040 --> 00:00:22,580
Now first, let's have a look inside it.

5
00:00:22,590 --> 00:00:27,790
So here in the terminal men and see, as you can see, it is a Swiss Army knife.

6
00:00:27,840 --> 00:00:30,990
Simple Unix utility, which reads like that across networks.

7
00:00:31,410 --> 00:00:35,640
OK, now first try connect to somewhere else.

8
00:00:35,960 --> 00:00:39,660
So pseudo systems to check the status of the Apache.

9
00:00:40,860 --> 00:00:44,010
You can see that Apache is still up and running.

10
00:00:44,370 --> 00:00:55,950
So Nrsi Dash N.V. now stands for disabled DNS resolution and V stands for for more verbose.

11
00:00:56,430 --> 00:01:01,230
Now, actually, you can read more about it from the menu at which I got these from there.

12
00:01:02,070 --> 00:01:02,780
And then what?

13
00:01:02,790 --> 00:01:04,489
IBM address, then the port?

14
00:01:04,500 --> 00:01:04,830
No.

15
00:01:05,280 --> 00:01:10,500
Maybe it will be the local IP address, by the way, as you can see here or if you want.

16
00:01:10,770 --> 00:01:13,710
By the way, this is for the Loop or the local host.

17
00:01:14,100 --> 00:01:16,680
You can get the IP address by using the I config.

18
00:01:17,070 --> 00:01:25,620
OK, so here it is our IP address, as you can see now and see Dash and V, but the IP address the board,

19
00:01:25,630 --> 00:01:27,810
which is 80, this is responsible for about.

20
00:01:28,290 --> 00:01:29,970
How did I know that by using.

21
00:01:30,240 --> 00:01:31,080
Yes, you are right.

22
00:01:31,560 --> 00:01:35,940
Netstat, Dash and TNP comment as we last previously.

23
00:01:36,150 --> 00:01:42,390
As you can see, the Port 80 is open now again and see Dash and V.

24
00:01:42,780 --> 00:01:45,000
But the IP address, what about no?

25
00:01:45,870 --> 00:01:52,140
And if you can see when I try it, you can see it is open and we can book command and boot whatever

26
00:01:52,260 --> 00:01:52,650
we want.

27
00:01:53,130 --> 00:01:58,890
But by the way, this and behavior is unexpected because we are sending about requests, by the way,

28
00:01:59,410 --> 00:02:04,290
about the requested hour or so that indicated ex-chairman that we sell.

29
00:02:05,440 --> 00:02:12,370
Or the main page of the browser, so this doesn't make sense, by the way, but I'm just showing you

30
00:02:12,370 --> 00:02:13,570
how to use the NC.

31
00:02:14,080 --> 00:02:14,530
OK.

32
00:02:15,530 --> 00:02:23,550
Now we can use and see it within it and see with the pope three well responsible for the email for us

33
00:02:23,630 --> 00:02:28,490
SNP, a simple network management protocol and a lot of other boards and verticals.

34
00:02:28,730 --> 00:02:34,700
OK, now let's clear the screen and I want to open a new chairman at OK, like this?

35
00:02:36,730 --> 00:02:39,190
So here we have on the left and we have on the right.

36
00:02:39,850 --> 00:02:40,180
OK.

37
00:02:41,450 --> 00:02:50,480
Now here on the right and here on the left, so and then if we want to use this time to open to listening

38
00:02:50,480 --> 00:02:52,640
on as TCB or you to be bought.

39
00:02:52,970 --> 00:03:02,930
So I would use Dash and the LP OK now and as we learned previously to disable DNS resolution, we which

40
00:03:02,930 --> 00:03:09,260
means the anesthesiologist or you will not search for the IB or the domain name, you just get the IP

41
00:03:09,260 --> 00:03:18,740
and put it as is V for various or to get to get more output, L for listening and P for for the vote.

42
00:03:18,770 --> 00:03:19,100
No.

43
00:03:19,490 --> 00:03:23,510
OK, so I would put the port number and I would put nine nine nine nine.

44
00:03:23,600 --> 00:03:24,980
OK, now press enter.

45
00:03:24,980 --> 00:03:27,210
As you can see, we are listening on any.

46
00:03:27,230 --> 00:03:35,750
As you can see, which means any IP address and we are listening on board nine nine nine nine now here

47
00:03:35,750 --> 00:03:38,810
on the right and see what the IP address.

48
00:03:39,020 --> 00:03:39,520
OK.

49
00:03:39,560 --> 00:03:42,620
As we learned previously and with that, the board number.

50
00:03:43,160 --> 00:03:46,190
Now, if I press enter, you can see that, yeah, we have a connection here.

51
00:03:46,520 --> 00:03:46,970
All right.

52
00:03:47,150 --> 00:03:49,370
So if I type and as it will be there.

53
00:03:49,520 --> 00:03:51,590
But you can see it is not just a command.

54
00:03:52,760 --> 00:03:55,580
It is just like I checked so high there.

55
00:03:56,750 --> 00:03:59,780
Who are you, for example, you can see that it is receiving here.

56
00:04:00,560 --> 00:04:02,390
I am No.

57
00:04:02,390 --> 00:04:02,690
One.

58
00:04:02,850 --> 00:04:03,830
Whatever, OK?

59
00:04:03,860 --> 00:04:07,040
As you can see, we are using it as we are using a jet.

60
00:04:07,430 --> 00:04:07,800
OK?

61
00:04:08,090 --> 00:04:11,540
Now, as you can be used to transfer files, OK?

62
00:04:11,750 --> 00:04:14,050
But actually, it is a bad practice.

63
00:04:14,060 --> 00:04:18,829
I will not handle it here in this court because it is a bad practice, by the way, to use and see because

64
00:04:18,829 --> 00:04:22,580
it is an encrypted protocol or an encrypted connection, they say.

65
00:04:23,030 --> 00:04:25,250
So I will not hand that here.

66
00:04:25,820 --> 00:04:26,210
OK.

67
00:04:26,510 --> 00:04:27,680
You can read more about it.

68
00:04:27,740 --> 00:04:29,300
We will use that direction.

69
00:04:29,510 --> 00:04:31,460
And as simple as that.

70
00:04:32,060 --> 00:04:37,430
OK, now the most important feature of the ANC or the usage of ANC.

71
00:04:37,430 --> 00:04:43,670
For us, the theory that red team that Dakar's which is opening a reverse shin.

72
00:04:43,880 --> 00:04:44,360
OK?

73
00:04:45,620 --> 00:04:47,010
Now, please don't get confused.

74
00:04:47,120 --> 00:04:53,090
Now attackers are mean that we are the red team that detecting weakness in the system.

75
00:04:54,010 --> 00:04:57,970
Not to damage the system or how any system or whatever.

76
00:04:58,000 --> 00:05:03,370
OK, so here on the left, let's imagine this is the attacker machine.

77
00:05:03,520 --> 00:05:07,880
And on the right, this is the victim machine so embedded in the attacker.

78
00:05:07,900 --> 00:05:12,430
We will use this command and see Dash and the ANP, as we learned previously.

79
00:05:12,760 --> 00:05:14,200
So here we are, the attacker.

80
00:05:14,200 --> 00:05:19,900
We are listening and waiting until the victim sent the request to us.

81
00:05:19,930 --> 00:05:20,380
OK.

82
00:05:21,070 --> 00:05:26,930
On the right here, the victim machine, we will use the ANC, but the IP address of our machine?

83
00:05:26,980 --> 00:05:33,320
OK, which is our attacker machine and with the board that you are listening to, as you can see.

84
00:05:33,490 --> 00:05:42,070
But we will use the Dash E option, which means execute action or execute a command or execute a utility,

85
00:05:42,070 --> 00:05:45,100
and that utility will be the best bin bash.

86
00:05:45,430 --> 00:05:52,210
So I am executing a bin bash on my machine and I am signaling that to the attacker machine.

87
00:05:52,210 --> 00:05:56,200
So on the victim machine, we are executing best, as you can see.

88
00:05:56,440 --> 00:05:59,560
And when the attacker here, we can use less.

89
00:05:59,620 --> 00:06:02,830
You can see, yeah, we are seeing everything here.

90
00:06:03,130 --> 00:06:09,820
OK, so you can see that unless this is inside the victim machine, not inside our machine.

91
00:06:10,030 --> 00:06:10,450
OK.

92
00:06:11,620 --> 00:06:20,620
If I type such text, just the text, for example, and as again, you can see that it should be here,

93
00:06:20,980 --> 00:06:23,660
by the way, because I'm using text that we already have it here.

94
00:06:23,890 --> 00:06:29,350
By the way, you can see that the arrows and whatever are not working as you can see this command here

95
00:06:29,350 --> 00:06:34,070
we received not found because this is not a sophisticated chill like the terminal.

96
00:06:34,090 --> 00:06:36,100
This is just the symbol bin bash.

97
00:06:36,130 --> 00:06:36,580
OK.

98
00:06:37,180 --> 00:06:44,390
So touch, not the text, for example, unless you can see that here it is, not text.

99
00:06:44,410 --> 00:06:44,800
OK.

100
00:06:45,130 --> 00:06:47,620
And well, this is the just the basics.

101
00:06:47,950 --> 00:06:53,830
Now, by moving forward with this course, we will learn the techniques, the tools, how to hit the

102
00:06:53,830 --> 00:07:00,550
victim to open such a fashion by executing shell command, by visiting websites or whatever.

103
00:07:00,560 --> 00:07:00,940
OK?

104
00:07:01,270 --> 00:07:01,910
Don't worry.

105
00:07:01,960 --> 00:07:03,070
This is just the basics.

106
00:07:03,220 --> 00:07:04,660
But keep that in your mind.

107
00:07:04,840 --> 00:07:11,980
How to open a reverse shell on the victim's machine by executing Bash Bin Bash And we are while we are

108
00:07:11,980 --> 00:07:14,890
listening on that specific connection with board.

109
00:07:14,900 --> 00:07:15,220
No.