1
00:00:00,600 --> 00:00:07,380
In the previous lectures we learned how to use better cup to discover all clients on the same network

2
00:00:07,620 --> 00:00:15,480
run an AARP spoofing attack to intercept the data and then sniff data to see the user names passwords

3
00:00:15,480 --> 00:00:19,800
and everything that's getting sent over the network.

4
00:00:19,800 --> 00:00:24,630
Now in order to do this we actually had to run a number of commands.

5
00:00:24,960 --> 00:00:30,960
So first of all we had to do net dot probe on to turn on the probe module.

6
00:00:30,960 --> 00:00:38,820
We had to set the settings for the AARP spoof module turned that on and then turned the sniffing module

7
00:00:38,880 --> 00:00:40,180
on.

8
00:00:40,230 --> 00:00:46,830
Now every time you want to do this every time you want to intercept data and see it on screen you're

9
00:00:46,830 --> 00:00:54,570
going to have to do all of the steps that I showed you in the previous lecture or if you're lazy like

10
00:00:54,570 --> 00:01:00,210
myself you can use a couplet to do all of that automatically.

11
00:01:00,270 --> 00:01:03,540
Which is exactly what I want to show you in this lecture.

12
00:01:04,560 --> 00:01:07,310
So what do I mean by a couplet.

13
00:01:07,320 --> 00:01:14,860
Well basically a couplet is just a text file that contains all of the commands that you want to run.

14
00:01:14,910 --> 00:01:17,590
So I'm going to resize this menu.

15
00:01:17,700 --> 00:01:24,090
I'm going to open a text file and I'm just going to organize this a little bit to make it easier to

16
00:01:24,090 --> 00:01:24,620
follow.

17
00:01:25,470 --> 00:01:30,840
And I'm going to clear this window here and I'm gonna go to the first command that we had to run in

18
00:01:30,840 --> 00:01:32,170
order to do this.

19
00:01:32,280 --> 00:01:38,980
So against crawling up the first thing we did was net that probe on.

20
00:01:39,030 --> 00:01:48,150
So in my text file here I'm gonna literally type this command net dot probe on and as we saw this will

21
00:01:48,150 --> 00:01:51,420
automatically start the net the tree cone module.

22
00:01:51,420 --> 00:01:58,320
Again we enabled both of these modules in order to discover the connected clients and keep automatically

23
00:01:58,320 --> 00:02:01,770
discovering any new clients that connect to the network.

24
00:02:02,730 --> 00:02:09,030
The next thing that we did was modify the settings for the AARP spoof module.

25
00:02:09,240 --> 00:02:14,370
So we did said AARP spoof full duplex to true.

26
00:02:15,300 --> 00:02:18,050
I'm going to actually copy this and paste it here.

27
00:02:20,930 --> 00:02:23,810
Then we set the target IP.

28
00:02:24,320 --> 00:02:31,070
So again I'm just going to copy this and paste it here and keep in mind this is very important.

29
00:02:31,100 --> 00:02:37,010
You want to make sure that you change the IP here to the IP of your target all the time.

30
00:02:37,010 --> 00:02:43,700
And if you are targeting multiple computers you can just use the comma and type the next IP after the

31
00:02:43,700 --> 00:02:46,000
comma.

32
00:02:46,110 --> 00:02:49,520
Next we turned on the AARP spoof module.

33
00:02:49,680 --> 00:02:51,740
So again this is what I'm going to do here.

34
00:02:51,750 --> 00:03:03,360
I'm going to do AARP that spoof on and finally we also run the sniffer by doing net dogs sniff on.

35
00:03:03,360 --> 00:03:06,450
So again I'm just going to type this in here.

36
00:03:06,750 --> 00:03:09,150
Net Dot's native on.

37
00:03:09,960 --> 00:03:14,670
So this is actually a nice summary of what we did in the previous lectures.

38
00:03:14,670 --> 00:03:19,560
Again like I said every time you want to intercept the connections you're going to have to start better

39
00:03:19,560 --> 00:03:22,700
cap and run all of these commands manually.

40
00:03:22,800 --> 00:03:29,370
You want to start the probe module you want to enable the full duplex so you fool or spoof the target

41
00:03:29,450 --> 00:03:30,510
on the router.

42
00:03:30,630 --> 00:03:36,080
You want to set your target IP and you want to turn on this poof and turn on the sniff.

43
00:03:36,810 --> 00:03:45,030
So to make this very easy instead of having to type this every time we want to run an AARP spoofing

44
00:03:45,060 --> 00:03:46,880
attack and intercept data.

45
00:03:47,160 --> 00:03:49,220
I put all of this in a text file.

46
00:03:49,560 --> 00:03:58,260
I'm going to save this text file I'm going to put it in my root directory and I'm going to call it spoof

47
00:03:58,630 --> 00:04:08,160
dot see a p that cap so I'm going to save this now and I can close it because we're done with it and

48
00:04:08,160 --> 00:04:11,750
we can go back here and what I'm actually going to do.

49
00:04:11,850 --> 00:04:13,600
I'm going to exit out of this.

50
00:04:13,620 --> 00:04:20,940
I'm going to quit buttercup and I'm going to clear the screen and if I do ls to list all of the files

51
00:04:21,000 --> 00:04:26,480
and directories and the current working directory because right now I am in route.

52
00:04:26,670 --> 00:04:33,220
So if I do Ellis you can see we have a new file called spoof dot cup.

53
00:04:33,570 --> 00:04:41,370
And just to confirm if I go down to my file manager right here you can see we have a new file again

54
00:04:41,400 --> 00:04:51,090
in the root called spoof dot Cup and all we want to do is feed this pool file to better cap before we

55
00:04:51,090 --> 00:04:51,520
start.

56
00:04:51,530 --> 00:04:52,640
Better.

57
00:04:53,280 --> 00:04:55,400
Now we don't know how to do this.

58
00:04:55,560 --> 00:04:56,950
So we're going to do better.

59
00:04:56,950 --> 00:05:04,410
Cab dash dash help to see all of the options that we can set with better cap and what we want to do

60
00:05:04,530 --> 00:05:13,050
is use the dash Capulet option right here so we're gonna run better cup like we used to do first of

61
00:05:13,050 --> 00:05:20,490
all we do better cup followed by a face to specify the interface that is connected to the target network

62
00:05:20,760 --> 00:05:24,100
and in my case this is 88 0.

63
00:05:24,510 --> 00:05:29,580
So so far this is identical to what I've been doing in the previous lectures.

64
00:05:29,580 --> 00:05:37,140
The only difference now is we're going to use the dash Capulet option to specify my couplet file that

65
00:05:37,140 --> 00:05:38,670
I just created.

66
00:05:38,880 --> 00:05:46,690
So I'm gonna do that couplet followed by the file that I just created which is called spoof the cup

67
00:05:47,430 --> 00:05:48,890
and that's it.

68
00:05:49,120 --> 00:05:55,610
Now before I hit enter just to confirm to you I'm gonna go back to my windows machine and I'm gonna

69
00:05:55,630 --> 00:05:58,110
do a R P A just to show you.

70
00:05:58,810 --> 00:06:04,640
And as you can see right now the rafters IP right here has this MAC address.

71
00:06:05,080 --> 00:06:11,290
So after I run this it should automatically start all of the modules that I just typed and it should

72
00:06:11,290 --> 00:06:13,180
run an ERP spoofing attack.

73
00:06:13,270 --> 00:06:21,880
Therefore the Raptors MAC address should change to the MAC address of 88 zero that is connected to Carly

74
00:06:21,970 --> 00:06:24,070
right here.

75
00:06:24,070 --> 00:06:31,760
So I'm going to hit enter and as you can see we actually got an error and the error saying the couplets

76
00:06:31,780 --> 00:06:33,950
poof could not be found.

77
00:06:33,980 --> 00:06:38,760
So I'm suspecting I made a spelling mistake and I did.

78
00:06:38,840 --> 00:06:43,070
As you can see I actually named the couplet spoof not spoof.

79
00:06:43,070 --> 00:06:45,890
So I actually make a lot of mistakes like this.

80
00:06:46,130 --> 00:06:51,680
So I'm just going to rename this to spoof and we're going to go back here.

81
00:06:51,740 --> 00:07:00,630
I'm going to exit and run the same command again and perfect as you can see we got no errors at all.

82
00:07:01,160 --> 00:07:07,040
If I do help as you can see automatically we have this poof is running.

83
00:07:07,040 --> 00:07:13,880
We have the probe the recon and this NIF all running as soon as we run Buttercup.

84
00:07:14,060 --> 00:07:20,840
If you remember the first time we ran it it was we only had the stream running and we had to do everything

85
00:07:20,840 --> 00:07:23,850
manually and set the options manually.

86
00:07:23,870 --> 00:07:26,510
So this is a really really nice way of doing it.

87
00:07:27,620 --> 00:07:31,240
Now let's confirm that everything is working as expected.

88
00:07:31,310 --> 00:07:40,130
So I'm going to go to the Windows machine and we're going to do a R P A again on perfect as you can

89
00:07:40,130 --> 00:07:48,170
see the rafters MAC address has changed to the same MAC address as the Kali machine and the original

90
00:07:48,260 --> 00:07:52,010
writers MAC address the correct one was this.

91
00:07:52,040 --> 00:07:57,830
So this means that this Windows machine is now spoofed thinking that the candy machine is the router

92
00:07:58,070 --> 00:08:01,700
and the router now thinks that the candy machine is this machine.

93
00:08:01,700 --> 00:08:07,670
This whole place Carly in the middle of the connection and just to confirm this just real quick I'm

94
00:08:07,670 --> 00:08:09,050
already involved in web.

95
00:08:09,050 --> 00:08:14,880
This is the Web site that we tested the log in before I'm actually even still logged in so I'm going

96
00:08:14,880 --> 00:08:22,220
to log out log in again and going to leave the user name to ad men and I'm just going to put a password

97
00:08:22,250 --> 00:08:27,080
again 1 2 3 4 2 9 0 enter.

98
00:08:27,230 --> 00:08:30,350
Well let's go back and perfect as you can see.

99
00:08:30,650 --> 00:08:35,430
We wouldn't be able to get this if we were not in the middle of the connection.

100
00:08:35,480 --> 00:08:41,390
So the fact that we're getting all of this information means that we managed to intercept the data and

101
00:08:41,390 --> 00:08:45,140
see everything the target user sends or receives.

102
00:08:45,200 --> 00:08:49,430
And again we have the user name and the password right here.

103
00:08:49,670 --> 00:08:52,370
Like I said this will only work with ETP.

104
00:08:52,400 --> 00:08:56,060
We will discuss hash TTP as in the next lectures.

105
00:08:56,360 --> 00:09:04,010
But in this lecture I just wanted to show you an easy way of scripting the commands that you often run

106
00:09:04,190 --> 00:09:11,330
with better cup because in the future we're gonna be doing a number of things that rely on us being

107
00:09:11,330 --> 00:09:12,410
the man in the middle.

108
00:09:12,920 --> 00:09:19,530
So because I don't want to waste time enabling all of the modules that we're running here.

109
00:09:19,640 --> 00:09:29,100
So again if I right click this and open with and normal text editor all you'll have to do is just put

110
00:09:29,100 --> 00:09:36,270
your commands in a file give a file a specific name and then when you're on better cop all you have

111
00:09:36,270 --> 00:09:42,030
to do is just use the Capulet argument followed by the name of your calculate file.