1
00:00:00,120 --> 00:00:09,240
So let's see how we can perform a starvation attack and consume the DHC people using Yersinia Yersinia

2
00:00:09,240 --> 00:00:15,420
is a network tool designed to take advantage of some weaknesses in different network protocols.

3
00:00:16,020 --> 00:00:20,430
The protocols currently implemented in your cinema are shown in the slide.

4
00:00:23,100 --> 00:00:26,730
Now we're going to use our VMS in that mode during this demo.

5
00:00:28,090 --> 00:00:31,810
So I'm on my host machine and over the virtual machine library.

6
00:00:32,910 --> 00:00:39,600
This is the Colly that I'll use to click this icon to see the VM settings, click the network adapter

7
00:00:39,600 --> 00:00:43,710
icon, it says Internet is shared with my Mac.

8
00:00:44,070 --> 00:00:50,720
So if you look the explanation in the right hand side of the frame, it means the VM is in that mode.

9
00:00:51,720 --> 00:00:52,780
So this is what we want.

10
00:00:52,800 --> 00:00:54,480
So just leave it as it is.

11
00:00:55,470 --> 00:01:01,500
The Connect Network adapter is selected so Colly is ready to use within that network connection.

12
00:01:02,970 --> 00:01:08,470
So Windows eight is the other VM that I'll use to demonstrate DHP starvation attack.

13
00:01:09,420 --> 00:01:12,460
Let's have a look at the network settings of Windows as well.

14
00:01:12,690 --> 00:01:16,130
Yeah, it's in that mode and the network adapter is connected.

15
00:01:17,310 --> 00:01:23,760
So I'll disconnect the network adapter by clicking here because I just want to show you that the DHP

16
00:01:23,760 --> 00:01:25,560
of VMware is working properly.

17
00:01:26,670 --> 00:01:33,870
So I want to add a second network interface for my window system click show all and go to the settings

18
00:01:33,870 --> 00:01:44,790
menu and click on ADD device that the upper left hand corner select network adapter and click add the

19
00:01:44,790 --> 00:01:49,620
details of the new adapter listed here in that mode is selected by default already.

20
00:01:50,890 --> 00:01:54,430
So uncheck the Connect Network adaptor box for now.

21
00:01:55,380 --> 00:02:01,680
OK, so as you see, we have two network adapters for the Windows system, both of them are in that

22
00:02:01,680 --> 00:02:03,330
mode and are disconnected.

23
00:02:04,280 --> 00:02:06,170
So now I'll start the Windows eight system.

24
00:02:12,440 --> 00:02:13,820
And sure enough, it's ready.

25
00:02:15,160 --> 00:02:21,400
Right, click on a network icon at the lower right corner and Select Open Network in Sharing Center.

26
00:02:22,970 --> 00:02:27,080
And right there, we don't have an active network at the moment.

27
00:02:28,290 --> 00:02:29,230
That's to be expected.

28
00:02:30,450 --> 00:02:34,560
So now I connect the first adapter and activate the network.

29
00:02:35,680 --> 00:02:43,540
In VMware Fusion, you can see and change the setting in several ways if you use the VMS and full screen

30
00:02:43,540 --> 00:02:49,120
mode like I do, just go to the upper side for VMware fusion menu.

31
00:02:49,300 --> 00:02:49,740
There it is.

32
00:02:50,080 --> 00:02:54,090
And if the menu does not appear, just press command control buttons together.

33
00:02:55,120 --> 00:02:55,420
Right.

34
00:02:55,450 --> 00:03:00,490
So this is the default setting of VMware Fusion to turn back to the host system when you're inside of

35
00:03:00,490 --> 00:03:00,910
VM.

36
00:03:02,260 --> 00:03:09,160
And these are the network adapters, when you click on them, you'll see the short menu for network

37
00:03:09,160 --> 00:03:15,940
adapter and here you can connect or disconnect the network adapter chains, the network mode, Nat Bridge

38
00:03:15,940 --> 00:03:16,840
or host only.

39
00:03:16,840 --> 00:03:20,830
And you can use this pop up for the network adapter settings.

40
00:03:22,710 --> 00:03:29,430
Now, the second way to see and change the network settings is to click the settings icon, then select

41
00:03:29,430 --> 00:03:31,140
the adapter to see the settings.

42
00:03:32,400 --> 00:03:35,850
So the third way is to go to the virtual machine menu.

43
00:03:37,550 --> 00:03:42,200
Go to the network adapter and you'll see the short menu of the adapter.

44
00:03:43,450 --> 00:03:51,610
Now go to the first network adapter icon and click on the Connect Network adapter menu item, and now

45
00:03:51,610 --> 00:03:56,940
you see in the network and sharing center window, we now have an active network connection.

46
00:03:57,610 --> 00:04:01,120
So click the network name and the details button.

47
00:04:02,150 --> 00:04:08,450
Here are the connection details and right there, there it is, DHP is one seven two one six eight nine

48
00:04:08,450 --> 00:04:15,890
nine that 204 and it assigned an IP address for the PVM 172 dot one six eight nine nine two two one,

49
00:04:16,490 --> 00:04:19,160
as well as the Gateway and the DNS address.

50
00:04:21,950 --> 00:04:25,420
Now, I'll go back to Cali and open a terminal screen.

51
00:04:26,320 --> 00:04:31,960
Using the F config command to see the network interface configuration, and sure enough, it has the

52
00:04:31,960 --> 00:04:32,740
IP address.

53
00:04:33,980 --> 00:04:37,610
So paying the Windows eight system to validate the network two to one.

54
00:04:38,580 --> 00:04:43,580
OK, we receive the ICMP reply, so everything looks OK.

55
00:04:45,370 --> 00:04:52,750
Now, is it time for your Cynthia to type man, your Cynthia and hit enter to see the menu?

56
00:04:54,010 --> 00:04:59,290
And right here in the manual, Yersinia is a framework for performing layer two attacks.

57
00:04:59,890 --> 00:05:02,980
And here's a list of protocols implemented in your Cynthia.

58
00:05:05,530 --> 00:05:12,560
Scroll down, you'll see the options we can use uppercase G to start a graphical interface.

59
00:05:13,210 --> 00:05:15,250
So let's go ahead and use it in graphical mode.

60
00:05:16,620 --> 00:05:26,640
Press Q To quit from the manual and turn back to the terminal now type Yersinia Abrogates Gee and Press

61
00:05:26,640 --> 00:05:27,000
enter.

62
00:05:27,840 --> 00:05:31,080
So this is a graphical user interface of Yersinia.

63
00:05:32,250 --> 00:05:38,430
Before running the attack, let's open Wireshark and monitor the network packets to see what happens

64
00:05:38,430 --> 00:05:39,540
when we start the attack.

65
00:05:40,470 --> 00:05:48,390
You can type Wireshark in terminal to start it or just click the Wireshark icon to select the interface

66
00:05:48,390 --> 00:05:50,880
to listen double click e0.

67
00:05:52,040 --> 00:05:59,270
And to discard the different packets and focus only on the DHC packets, we can filter the packets in

68
00:05:59,270 --> 00:06:03,110
the filter box type boot P and hit enter.

69
00:06:04,430 --> 00:06:10,450
So Boot P is the short form of bootstrap protocol, which I mentioned earlier.

70
00:06:10,760 --> 00:06:16,970
It's basically a computer networking protocol to automatically assign an IP address to network devices

71
00:06:16,970 --> 00:06:18,620
from a configuration server.

72
00:06:19,070 --> 00:06:21,890
And obviously it's used by the DHP server.

73
00:06:23,560 --> 00:06:27,760
Now we can turn back to your Cynthia and prepare and run the attack.

74
00:06:28,660 --> 00:06:32,800
So quick launch attack, that's the length of the upper left hand corner.

75
00:06:34,260 --> 00:06:42,860
The tabs in the window are the implemented protocols, choose DHP and select sending Discover packet

76
00:06:43,500 --> 00:06:44,490
now click OK.

77
00:06:46,030 --> 00:06:53,500
As soon as we click the button, your seniors start sending dozens of requests in a second, it'll keep

78
00:06:53,500 --> 00:06:55,720
sending the packets till we stop the attack.

79
00:06:57,270 --> 00:07:03,210
Now, look at the Wireshark window, these are the Discover packets sent by Yersinia.

80
00:07:05,210 --> 00:07:11,000
So now, while Yersinia is sending the Discover packet, let's activate the second interface of the

81
00:07:11,000 --> 00:07:16,940
Windows VM and let's see if the DHP server assigns an IP address for the second interface.

82
00:07:18,800 --> 00:07:25,160
All right, so we're in the windows VM now go to the second network adapter, click Connect Network

83
00:07:25,160 --> 00:07:27,770
Adapter two to activate the second interface.

84
00:07:28,660 --> 00:07:36,100
Now, do you remember what happened when we activated the first interface, we saw the new network activated,

85
00:07:36,700 --> 00:07:43,210
but now there is still no network because the server is busy replying to the request created by your

86
00:07:43,210 --> 00:07:46,570
Synthia, it's not going to answer the Windows eight second interface.

87
00:07:48,040 --> 00:07:50,710
So let's turn back to Cali and stop the attack.

88
00:07:51,800 --> 00:07:57,470
In your city is interface, just click list attacks and then click, stop or stop all.

89
00:07:59,170 --> 00:08:06,400
And the Wireshark window, look at the bottom of the package list, we now have a complete DHC sequence.

90
00:08:07,670 --> 00:08:11,660
Discover, offer, request and ask packet's.

91
00:08:13,200 --> 00:08:20,520
In the Windows eight pvm, we now have the second network, the first one was either net zero to this

92
00:08:20,520 --> 00:08:21,720
one is either net zero.

93
00:08:22,980 --> 00:08:23,490
Click on it.

94
00:08:24,740 --> 00:08:31,880
In the status window, click on details, the second interface has an IP address now assigned by the

95
00:08:32,510 --> 00:08:32,930
server.