1
00:00:00,060 --> 00:00:04,170
Hello, everyone, welcome to another video of our men in the middle attacks.

2
00:00:05,700 --> 00:00:12,960
Today, we will see how to replace and fail with our payload using the file to replace plugging in better

3
00:00:12,960 --> 00:00:13,320
cap.

4
00:00:15,300 --> 00:00:17,400
First, let's take a look at the file.

5
00:00:17,430 --> 00:00:19,890
Replace Ruby File.

6
00:00:24,100 --> 00:00:33,070
This plugin you can download from the Internet, if you just type replace file, dot, RB, Google,

7
00:00:33,460 --> 00:00:34,560
it will get it from GitHub.

8
00:00:35,500 --> 00:00:43,570
So we're going to use this plugin to replace Aleksi file downloaded by the victim with our show code

9
00:00:43,570 --> 00:00:44,650
or our payload.

10
00:00:46,390 --> 00:00:53,950
So when the victim tries to connect to maybe a website like seven zip and try to download a file, we

11
00:00:53,950 --> 00:00:58,620
will replace this file with our payload and get her version.

12
00:00:59,530 --> 00:01:00,030
All right.

13
00:01:00,310 --> 00:01:03,640
First thing we need to do is to create our payload.

14
00:01:14,730 --> 00:01:20,220
All right, our payload is called show that the U.S..

15
00:01:23,880 --> 00:01:29,040
OK, second step is let's prepare another show.

16
00:01:32,940 --> 00:01:33,390
Here.

17
00:01:42,720 --> 00:01:52,020
To listen for our incoming connection, go to open a massive console using the exploit multi handler

18
00:01:52,020 --> 00:01:57,700
for this and our windows Metropia reverse to keep haloed, OK?

19
00:02:00,490 --> 00:02:09,930
Leave this aside for now, the second step is or third step is to use better cap.

20
00:02:11,300 --> 00:02:18,250
There's just proxy and we're using the dust as a proxy module and we're specifying our module dilruba

21
00:02:18,250 --> 00:02:22,750
module replace file and then that dash file, dash extension.

22
00:02:23,020 --> 00:02:26,500
You see, of course, you can replace it with anything else.

23
00:02:26,500 --> 00:02:34,120
But in this example, we're using Yuxi and we are using the Dadush file that's replaced with our EXI

24
00:02:34,180 --> 00:02:34,570
file.

25
00:02:35,230 --> 00:02:36,550
OK, let's do this.

26
00:02:42,160 --> 00:02:47,200
Now, here on our Windows machine, we're going to open a website.

27
00:02:49,850 --> 00:02:51,580
Seven zip dot org.

28
00:02:51,630 --> 00:02:55,640
Let's make sure we are getting this associated first, no.

29
00:03:17,480 --> 00:03:18,230
Reopening.

30
00:03:27,450 --> 00:03:28,850
All right, let's try again.

31
00:03:33,640 --> 00:03:43,120
Yup, so here what happened is our script, our Ruby Fireplace module, it replaced this file with this

32
00:03:43,120 --> 00:03:44,880
file, right?

33
00:03:45,340 --> 00:03:48,040
So this is not seven zip actual file.

34
00:03:48,490 --> 00:03:49,510
This is our payload.

35
00:03:50,620 --> 00:03:53,410
If we double click on it, open it.

36
00:03:55,690 --> 00:03:59,460
We got our version of.

37
00:04:06,650 --> 00:04:12,650
This is a very dangerous attack, and the men will attack because the victim here doesn't realize that

38
00:04:12,650 --> 00:04:13,820
the fire was replaced.

39
00:04:14,420 --> 00:04:19,130
Of course, we can do this with anything else, like PDF or any other extensions.

40
00:04:20,060 --> 00:04:20,830
All right.

41
00:04:21,880 --> 00:04:23,660
I think that's it for this video.

42
00:04:23,690 --> 00:04:25,880
Thanks for watching and see you in the next one.