1
00:00:00,390 --> 00:00:02,670
Welcome back to Basic Exploit Development.

2
00:00:02,940 --> 00:00:10,740
In this section, we're going to show you how to use a proxy art bridge offensively that requires physical

3
00:00:10,740 --> 00:00:19,920
access to the targeted client and just a single warrantless car to be inserted into any Linux machine

4
00:00:19,920 --> 00:00:21,150
on the corporate network.

5
00:00:22,740 --> 00:00:29,130
So if physical penetration testers, that is the ones that pick locks, use a shovel tool to open the

6
00:00:29,130 --> 00:00:30,390
handle on the other side.

7
00:00:30,840 --> 00:00:35,580
If they match a break into a facility that they are allowed to perform a penetration test on, they

8
00:00:35,580 --> 00:00:41,880
have an opportunity to create a proxy our bridge, a properly configured proxy, our bridge well, our

9
00:00:41,880 --> 00:00:48,600
seamless flow of traffic from a wireless card to a late Ethernet card, effectively allowing the wireless

10
00:00:48,600 --> 00:00:52,230
networks clients to communicate to that land Ethernet.

11
00:00:53,070 --> 00:00:57,900
All that is needed is the attackers to funnel in the next machine is a wireless USB adapter.

12
00:00:57,900 --> 00:01:05,850
Those cheap five $10 wireless currency find fries and then run PR routed or a proxy ARP routing daemon.

13
00:01:06,420 --> 00:01:12,900
The command is proxy R&D and PR routing your wireless card and your Ethernet card.

14
00:01:15,690 --> 00:01:16,980
So let's see.

15
00:01:17,640 --> 00:01:23,220
Let's show you how this works, because the wireless card is going to be running hot, APD, which generates

16
00:01:23,220 --> 00:01:28,350
a wireless hotspot, and you want on that hotspot that's logged in, should be able to communicate to

17
00:01:28,350 --> 00:01:29,550
the corporate LAN.

18
00:01:31,240 --> 00:01:32,500
Here is a diagram.

19
00:01:34,360 --> 00:01:36,610
These red triangles represent attackers.

20
00:01:36,780 --> 00:01:41,800
Now, let's assume that we found a Linux machine inside the corporate network.

21
00:01:42,130 --> 00:01:47,920
We inserted a cheap five $10 wireless card onto it, and then we ran PR throughout it.

22
00:01:49,330 --> 00:01:56,860
The hot spot is where the attackers will lock back end using amplified or parabolic or Yagi style wireless

23
00:01:56,860 --> 00:01:57,370
antennas.

24
00:01:58,810 --> 00:02:07,000
And when when they connect to the to the hot spot, they are able to reach the victims within the Ethernet

25
00:02:07,000 --> 00:02:08,320
side of the LAN.

26
00:02:09,520 --> 00:02:15,370
How it works is that PR routed is basically forwarding all our requests and responses.

27
00:02:17,020 --> 00:02:23,950
So we are going to create a far less hotspot from our wireless card and then have our attackers log

28
00:02:23,950 --> 00:02:29,650
in to the hotspot and then use proxy ARP routing daemon to forward packets into the internet.

29
00:02:29,650 --> 00:02:30,100
LAN.

30
00:02:31,030 --> 00:02:34,090
This is a layer three network level attack.

31
00:02:37,240 --> 00:02:38,770
So let's just get this started.

32
00:02:39,670 --> 00:02:46,420
First you want to install on the victim sudo app get install dash wide hosting.

33
00:02:46,600 --> 00:02:48,220
They already have that.

34
00:02:49,300 --> 00:02:51,670
And you also need to configure the wireless hotspot.

35
00:02:52,660 --> 00:02:53,560
So let us.

36
00:03:00,050 --> 00:03:06,440
You just could with the wireless card of they just inserted into the victim you then just give it an

37
00:03:06,680 --> 00:03:08,680
ID and a passphrase.

38
00:03:11,740 --> 00:03:15,580
Now it's time to run wholesale APD to generate that hot spot.

39
00:03:15,760 --> 00:03:22,060
Remember, we dropped a wireless adapter onto a victim Linux machine within the offices of the corporate

40
00:03:22,060 --> 00:03:22,510
network.

41
00:03:30,860 --> 00:03:36,290
If you were to check your phone right now, there should be a hotspot st proxy art bridge.

42
00:03:36,620 --> 00:03:37,850
You can name anything you want.

43
00:03:39,350 --> 00:03:43,100
And now we're going to use proxy our PR provided.

44
00:03:44,180 --> 00:03:45,800
Let's see our network interface first.

45
00:03:56,510 --> 00:03:57,320
Pure sprouted.

46
00:04:02,120 --> 00:04:03,740
And that's your Eastern interface.

47
00:04:04,490 --> 00:04:05,450
Copy and paste that.

48
00:04:06,860 --> 00:04:12,020
And if you run it right now, it won't show you any inspiration on the console for stuff purposes.

49
00:04:12,320 --> 00:04:13,910
But you want to see that it actually works.

50
00:04:14,230 --> 00:04:15,240
You use Dashti.

51
00:04:16,839 --> 00:04:18,730
And so if you're branded.