1
00:00:01,030 --> 00:00:07,020
Now from the previous lectures we know once we connect to our network it's game over.

2
00:00:07,180 --> 00:00:14,560
Because once connected we can run an AARP spoofing attack to redirect the flow of packets so that they

3
00:00:14,590 --> 00:00:16,770
go through our computer.

4
00:00:16,780 --> 00:00:19,020
This allow us to become the man in the middle.

5
00:00:19,300 --> 00:00:21,170
And once were the man in the middle.

6
00:00:21,220 --> 00:00:29,500
We can run so many dangerous and effective attacks so we can spy on all the users steal their passwords

7
00:00:29,710 --> 00:00:31,990
redirect them to different Web sites.

8
00:00:32,080 --> 00:00:36,020
And this is all just a small taste of what you can do.

9
00:00:36,070 --> 00:00:42,580
You'll actually see us build on this in the client side the tax section where we're going to completely

10
00:00:42,580 --> 00:00:46,720
hack into computers connected to the same network as us.

11
00:00:47,290 --> 00:00:53,590
And if you go and do my advanced network hacking course then you'll see more advanced attacks that will

12
00:00:53,590 --> 00:00:57,700
allow us to do so many cool stuff on the network.

13
00:00:57,700 --> 00:01:04,960
And again all of this is possible because once we connect we can run ERP spoofing and become the man

14
00:01:04,960 --> 00:01:05,640
in the middle.

15
00:01:06,850 --> 00:01:12,580
Now in this section I actually want to show you another method that'll allow us to become the man in

16
00:01:12,580 --> 00:01:17,620
the middle and once more the man in the middle we'll be able to run all of the attacks that you've seen

17
00:01:17,620 --> 00:01:23,710
so far and all of the other man in the middle attacks that you'll learn in the future.

18
00:01:23,710 --> 00:01:29,230
So let's go back to the first diagram that we learned in this course when we were talking about how

19
00:01:29,230 --> 00:01:31,120
networks work in general.

20
00:01:31,120 --> 00:01:37,630
We said the only device that has access to the Internet is the access point and whenever a client wants

21
00:01:37,630 --> 00:01:43,090
to access something they send the request to the access point the access point goes through the Internet

22
00:01:43,330 --> 00:01:48,210
gets the response and send it back to the client now.

23
00:01:48,250 --> 00:01:54,350
What if we replace this Access Point with our hacker computer.

24
00:01:54,490 --> 00:02:04,150
So what if we can use our machine to create a Wi-Fi network that actually has internet access so people

25
00:02:04,150 --> 00:02:09,270
will actually try to come in and connect to our network to access the Internet.

26
00:02:09,940 --> 00:02:16,030
And then when they connect to our network by default we will be the man in the middle because we are

27
00:02:16,030 --> 00:02:22,420
the router so we won't really need to exploit anything we are automatically the man in the middle.

28
00:02:22,570 --> 00:02:28,450
And the clients will automatically send us any requests because they want to access the Internet and

29
00:02:28,450 --> 00:02:33,940
we will see these requests obviously go to the Internet get them what they want and give it back to

30
00:02:33,940 --> 00:02:35,090
them.

31
00:02:35,200 --> 00:02:41,830
This way we'll be able to launch all of the attacks that I showed you previously without the need to

32
00:02:41,830 --> 00:02:44,020
exploit the AARP protocol.

33
00:02:44,020 --> 00:02:50,590
So with that the need to run AARP spoofing all will have to do once our network is running and we have

34
00:02:50,590 --> 00:02:51,820
clients connected.

35
00:02:51,820 --> 00:03:00,040
We can just start sniffing using wire shark or using man in the middle F so for this to work you need

36
00:03:00,040 --> 00:03:04,140
a computer and we already have our hacker computer with Khalili next.

37
00:03:04,210 --> 00:03:12,640
You also need internet access and you need a wireless device that that's going to broadcast the Wi-Fi

38
00:03:12,640 --> 00:03:19,000
signal until all the neighboring devices that I am a network you can come in and connect to me.

39
00:03:20,080 --> 00:03:26,260
So you will need first of all an interface that has Internet connection.

40
00:03:26,260 --> 00:03:31,070
This interface it can be a Wi-Fi interface connected to the Internet.

41
00:03:31,180 --> 00:03:36,000
It could be an either net interface connected to an Ethernet network.

42
00:03:36,100 --> 00:03:42,340
It could be a 3G or a 4G dongle and it even can be a virtual interface.

43
00:03:42,340 --> 00:03:44,590
And this is where I'm actually going to do.

44
00:03:44,720 --> 00:03:47,190
It's going to be my 88 0.

45
00:03:47,230 --> 00:03:56,830
The virtual interface that is connected to my not network so this can be any network device as long

46
00:03:56,920 --> 00:03:58,860
as it has Internet access.

47
00:04:00,540 --> 00:04:02,760
The next interface that you will need.

48
00:04:02,820 --> 00:04:09,210
Like I said it's going to have to be a Wi-Fi interface because it needs to be able to broadcast the

49
00:04:09,210 --> 00:04:15,570
signal for the network and you can't use any Wi-Fi interface.

50
00:04:15,630 --> 00:04:25,770
This interface needs to be able to act as an access point so it needs to be capable of acting like a

51
00:04:25,770 --> 00:04:29,000
proper access point like character.

52
00:04:29,070 --> 00:04:36,200
Now all of the Wi-Fi adapters that I recommend support this mode and I've already included a video in

53
00:04:36,200 --> 00:04:42,360
the resources before when when I first spoke about wireless adapters but I'm also going to include this

54
00:04:42,360 --> 00:04:44,900
video in the resources of this lecture.

55
00:04:45,030 --> 00:04:50,590
So if you're going to buy one or if you're not sure how to pick the right one then check out this video.

56
00:04:50,610 --> 00:04:53,100
It should be helpful for you.

57
00:04:53,190 --> 00:05:01,260
So once we have this setup properly we can use our computer to start an access point and it's going

58
00:05:01,260 --> 00:05:03,890
to act exactly like her after.

59
00:05:04,050 --> 00:05:08,610
So people will be able to see the network when they look for Wi-Fi networks.

60
00:05:08,610 --> 00:05:14,850
They'll be able to connect to it and get internet connection but when they connect they will have to

61
00:05:14,850 --> 00:05:20,250
send us all of their requests because we are the router we are the access point.

62
00:05:20,340 --> 00:05:24,320
So by default we will be the man in the middle.

63
00:05:24,390 --> 00:05:31,650
Therefore you'll be able to execute all mine in the middle attacks that you learned so far and any other

64
00:05:31,650 --> 00:05:36,370
man in the middle attacks that you will learn in the future.

65
00:05:36,410 --> 00:05:40,920
So basically AARP spoofing is one method of becoming the man in the middle.

66
00:05:41,060 --> 00:05:48,930
And what I'm going to show you right now is another method of becoming the man in the middle now you

67
00:05:48,930 --> 00:05:57,000
can see that in order to use our computer as an access point we need a number of components to be configured

68
00:05:57,000 --> 00:05:58,160
properly.

69
00:05:58,200 --> 00:06:05,970
So first of all we need our wireless interface to broadcast the signal as if it's a real network.

70
00:06:05,970 --> 00:06:11,040
This will allow other clients to connect to it but that's not the end of the road.

71
00:06:11,070 --> 00:06:16,640
The wireless interface needs to know when these clients are requesting Web sites.

72
00:06:16,650 --> 00:06:23,840
It needs to be able to forward these requests to the other interface that is connected to the Internet.

73
00:06:23,850 --> 00:06:29,100
Then again it will need to be able to know when the responses come back and forward.

74
00:06:29,130 --> 00:06:31,860
All of this to the right client.

75
00:06:32,150 --> 00:06:38,550
Now you can configure all of these things manually and I actually covered this in my advanced network

76
00:06:38,550 --> 00:06:44,910
back in course and I cover a lot of advanced things that you can do with the fake access point like

77
00:06:44,910 --> 00:06:47,000
launch in an evil to an attack.

78
00:06:47,010 --> 00:06:55,370
Hacking into WPA to enterprise and so one would this would take at least 30 lectures and this is not

79
00:06:55,480 --> 00:06:59,740
a network hack and course this is a general ethical hack course.

80
00:06:59,900 --> 00:07:05,600
Therefore that would be out of the scope of this lecture if you're interested in learning how to do

81
00:07:05,600 --> 00:07:11,030
this manually and how to run advanced attacks using the fake access point.

82
00:07:11,120 --> 00:07:15,800
Then check out my advanced network hacking course in the bonus lecture.

83
00:07:15,800 --> 00:07:23,150
The last lecture of this course for now for this course I'm going to show you a great way of quickly

84
00:07:23,150 --> 00:07:28,160
creating a fake access point that will allow us to become the man in the middle.

85
00:07:28,160 --> 00:07:36,410
Similar to what's shown in this diagram the tool that we're going to use is called minor toolkit and

86
00:07:36,410 --> 00:07:43,820
it's basically a set of tools that allow us to automatically create a fake access point automatically

87
00:07:43,820 --> 00:07:52,350
sniff data bypass hasty CPS and so one so the tool comes with three main start scripts.

88
00:07:53,220 --> 00:08:00,230
So the first one start no upstream will allow us to start the fake access point with no internet access.

89
00:08:00,810 --> 00:08:02,700
So this is not really useful for us.

90
00:08:02,760 --> 00:08:08,750
And I will not use this in this lecture the next one is third not simple.

91
00:08:08,760 --> 00:08:13,390
This will start a fake access point with Internet access.

92
00:08:13,830 --> 00:08:21,000
The third one start not full will start a fake access point with Internet access and it will automatically

93
00:08:21,000 --> 00:08:28,960
start sniffing data and bypass TTP s now I actually always you start not simple.

94
00:08:28,990 --> 00:08:36,130
I never use third not full because this feels a lot of the times and we already learned how to start

95
00:08:36,130 --> 00:08:43,750
sniffing and bypass each TTP as using better cup so you can always start not simple this or start a

96
00:08:43,750 --> 00:08:50,570
fake access point for you with Internet access and then you can open another terminal window use Buttercup.

97
00:08:50,620 --> 00:08:51,360
Exactly.

98
00:08:51,580 --> 00:08:59,620
As I showed you before and you'll be able to sniff data and bypass TTP yes you can also use wire shark

99
00:08:59,620 --> 00:09:03,040
if you want to sniff the data and analyze them again.

100
00:09:03,040 --> 00:09:10,470
Exactly as shown before now and the next lecture I'm gonna show you how to use minor tool kit to create

101
00:09:10,530 --> 00:09:14,040
a fake access point with internet connection.