1
00:00:00,480 --> 00:00:05,900
Today, we will talk about CAP and how we can use it for our penetration testing purposes.

2
00:00:07,380 --> 00:00:09,450
Netscape is hacker Swiss Army Knife.

3
00:00:09,810 --> 00:00:14,490
It's a very powerful tool and it has been used for testing and hacking for many years.

4
00:00:15,990 --> 00:00:22,170
One of the features that Netscape can offer is SportsCenter, which it will help us to check if a certain

5
00:00:22,170 --> 00:00:23,700
port is open or not.

6
00:00:24,930 --> 00:00:26,340
Let's see how we can do that.

7
00:00:28,020 --> 00:00:34,950
Let's type and see in our command line, followed by the dash and the argument, then the target IP

8
00:00:34,950 --> 00:00:38,220
address and finally the port we want to scan.

9
00:00:45,840 --> 00:00:50,430
From the result, we can see the port 80 of the Apache two is open.

10
00:00:52,080 --> 00:00:58,380
We can also use Netcare to listen on a certain port and then we can establish a connection on that port

11
00:00:58,380 --> 00:00:59,990
from a different operating system.

12
00:01:02,040 --> 00:01:05,200
Let's use Ngarkat has a server on our colonics.

13
00:01:05,210 --> 00:01:08,610
We don't listen to one to one port, four four four four.

14
00:01:21,230 --> 00:01:28,820
The dash an option is to disable DNS name resolution, the dash URL to create a listener, the dashboard

15
00:01:28,830 --> 00:01:34,520
is to add some verbosity to our output and finally, the dash is to specify a list.

16
00:01:34,520 --> 00:01:42,950
Newport now our Nic cat is listening on PT. four four four four and waiting for incoming connection.

17
00:01:44,660 --> 00:01:47,300
Let's open another terminal window and connect to it.

18
00:01:58,320 --> 00:02:02,610
Now, let's use this as a chat server and exchange some messages.

19
00:02:24,360 --> 00:02:31,200
We can also use Netcare to send and receive files, we will use our colonics as a server and we will

20
00:02:31,200 --> 00:02:33,870
try to send a file to it using maquilas.

21
00:02:53,760 --> 00:02:57,450
We are using out with redirection here to save the received file.

22
00:03:15,730 --> 00:03:22,690
From the Mako's terminal, we will send the file using input redirection with the list than sign.

23
00:03:27,600 --> 00:03:35,040
Nice, we were able to transfer to set up that file to our meetings, let's verify that by checking

24
00:03:35,040 --> 00:03:36,570
the file size on our Kelly.

25
00:03:53,370 --> 00:03:54,180
It looks good.

26
00:03:56,370 --> 00:04:02,640
Now let's take a look at one of the most interesting features of Ngarkat, and it's called remote administration.

27
00:04:04,230 --> 00:04:10,680
Netcare has the ability to redirect commands using the Dashty option, which it will execute a certain

28
00:04:10,680 --> 00:04:13,470
program after a successful connection with our target.

29
00:04:14,970 --> 00:04:16,130
Let's take an example.

30
00:04:17,730 --> 00:04:24,870
We will use Nic, Catherine Arkley, Alison and PT. four four four four, and then we will use the dashi

31
00:04:24,870 --> 00:04:29,040
option to execute the bin based upon successful connection.

32
00:04:34,940 --> 00:04:40,160
Now, up from our Mako's, we will connect to our Nick at the same way we did before.

33
00:04:51,450 --> 00:04:56,160
Let's try to execute some commands now, like who am I or I have config.

34
00:05:04,350 --> 00:05:09,590
Nice, it looks like we, again, remote access to our Kelly using Ngarkat.

35
00:05:10,980 --> 00:05:16,710
Keep in mind that not whole operating system that come loaded with medical support, the Dashty option

36
00:05:17,580 --> 00:05:20,580
depends on how the cath was compiled in the first place.

37
00:05:21,990 --> 00:05:28,200
And most cases, we won't be able to accomplish this example since the target might be behind net or

38
00:05:28,200 --> 00:05:30,540
network address translation.

39
00:05:31,590 --> 00:05:37,950
Or it could be also protected with a firewall that blocks all incoming connections to a certain port.

40
00:05:39,030 --> 00:05:43,530
But we can still initiate connection from our target straight to us through Ngarkat.

41
00:05:43,530 --> 00:05:50,940
And that's called reverse cell connection, which usually firewalls do not block outgoing traffic to.

42
00:05:50,940 --> 00:05:54,270
Depends on how you configured your firewall in the first place.

43
00:05:56,250 --> 00:06:03,390
Let's try now to use Netcare to listen for incoming connections on our Mac OS as the attacker operating

44
00:06:03,390 --> 00:06:08,040
system and then send reverse Shell connection from our Kelli.

45
00:06:20,300 --> 00:06:24,680
Now we switch to our calculators and send a reverse shell to the maquilas.

46
00:06:51,040 --> 00:06:54,220
Let's try who am I again, I can pick.

47
00:07:02,040 --> 00:07:02,560
Nice.

48
00:07:03,390 --> 00:07:05,470
Looks like we were able to send your version.

49
00:07:07,530 --> 00:07:09,290
We have reached the end of this lesson.

50
00:07:09,720 --> 00:07:10,310
Thank you.

51
00:07:10,320 --> 00:07:11,280
And soon the next one.