1
00:00:00,090 --> 00:00:06,630
Let's talk about IP ITV 6 attacks and mainly we're going to be talking about our DNS takeover attacks

2
00:00:06,630 --> 00:00:12,140
via IP 6 and as of right now this is the go to attack for me.

3
00:00:12,180 --> 00:00:19,140
It used to be responder you know grab the hashes try to crack them and then it was SMB relay and if

4
00:00:19,140 --> 00:00:21,660
you can't crack the hashes we'll try to relay them.

5
00:00:21,660 --> 00:00:29,710
Well this is just another form of relaying but it's so much more reliable because it utilizes IP vs

6
00:00:29,710 --> 00:00:30,450
6.

7
00:00:30,600 --> 00:00:34,710
And I'm going to just use my pen for this one we're just going to kind of talk through this and you're

8
00:00:34,710 --> 00:00:35,910
gonna see how terrible I draw.

9
00:00:35,910 --> 00:00:36,870
By the way.

10
00:00:36,870 --> 00:00:40,770
And then we're gonna go right into it and you're gonna see how cool this really is.

11
00:00:40,800 --> 00:00:42,770
I can't even explain how awesome it is.

12
00:00:42,840 --> 00:00:45,340
So I Peavey 6 attack.

13
00:00:45,360 --> 00:00:52,250
If you think about a machine running on a Windows network we typically run an IP the four right.

14
00:00:52,350 --> 00:00:56,210
And we have the box and it's typically running IP before in the network.

15
00:00:56,220 --> 00:00:59,850
Chances are the networks not even utilizing IP 6.

16
00:00:59,970 --> 00:01:05,700
If you go look at your computer now and you go into your network adapter properties chances are ITV

17
00:01:05,700 --> 00:01:12,890
6 is turned on but you're utilizing IP for if you do an IP config just for a Windows example right.

18
00:01:12,900 --> 00:01:20,760
So if or utilizing V4 but v 6 is turn on who's doing DNS for v 6.

19
00:01:20,790 --> 00:01:25,370
And the answer usually is nobody nobody's doing that.

20
00:01:25,730 --> 00:01:32,180
So what we can do is we can say hey I'm going to setup a attacker machine we'll give them a smiley face

21
00:01:32,780 --> 00:01:40,280
and kind of a smiley face and we'll we'll take him and we'll listen for all these the six messages that

22
00:01:40,280 --> 00:01:46,270
come through and we'll say Hey I am your DNS OK I'm going to spoof the DNS server.

23
00:01:46,280 --> 00:01:53,670
So send all your IP six traffic to me and then I'll go ahead and just pass that along for you.

24
00:01:53,680 --> 00:02:01,870
The issue here is that when this happens we can get authentication to the Domain Controller.

25
00:02:01,900 --> 00:02:09,310
So say this is the DC we can get authentication to the domain controller the et al that or we can do

26
00:02:09,310 --> 00:02:11,200
so via SMB.

27
00:02:11,200 --> 00:02:16,180
So what we can do is we could take for example and you're going to see in the example that we reboot

28
00:02:16,180 --> 00:02:22,180
a machine that reboot just triggers an event that event comes through to us we can use that machine

29
00:02:22,180 --> 00:02:27,370
to log into the domain controller and it doesn't have to be an admin or anything and we can get information

30
00:02:27,370 --> 00:02:32,530
a lot of information out of just that we can potentially use that machine to create another machine

31
00:02:32,560 --> 00:02:38,500
as you're going to see from a blog example and we can wait for somebody to maybe log into the network

32
00:02:38,530 --> 00:02:44,740
or use their credentials somewhere and guess what that comes to us in the form of a. m. just like a

33
00:02:44,740 --> 00:02:53,170
responder just like SMB relay and we relay this we do what's called elder app relaying we El that relay

34
00:02:53,170 --> 00:02:59,020
over to the Domain Controller with this until I'm credentials we log in if it's a domain administrator

35
00:02:59,050 --> 00:03:00,610
to the domain controller.

36
00:03:00,610 --> 00:03:01,810
And guess what.

37
00:03:01,810 --> 00:03:03,100
We create an account.

38
00:03:03,130 --> 00:03:04,380
It creates an account for us.

39
00:03:04,390 --> 00:03:10,160
This tool that we're gonna use is called Man in the middle six and my team six.

40
00:03:10,240 --> 00:03:13,590
And what we're going to do is we're going to use this tool.

41
00:03:13,600 --> 00:03:15,680
It's going to do all this for us.

42
00:03:15,700 --> 00:03:22,170
We're gonna combine that with entail and relay X and it's going to relay into all that from our A.L.

43
00:03:22,170 --> 00:03:28,480
A.T.M. credentials and then this tool is going to create along with until I'm really X is going to create

44
00:03:28,840 --> 00:03:32,190
a new account for us and it's gonna do so many awesome things.

45
00:03:32,260 --> 00:03:34,200
So I'm really excited to show it to you.

46
00:03:34,240 --> 00:03:36,390
We just have a couple of steps we have to do we have to download.

47
00:03:36,430 --> 00:03:38,590
MAN The middle six in the next video we have the setup.

48
00:03:38,620 --> 00:03:43,540
L That s really quick which is just a certificate and then we're going to be rolling and this is one

49
00:03:43,540 --> 00:03:51,710
of the most fun attacks still very undetected very hard to detect and still very very prominent in network.

50
00:03:51,740 --> 00:03:54,190
So let's go ahead and move on to the next video.

51
00:03:54,280 --> 00:03:58,210
Get me in the middle six installed and then let's go ahead and see a live demonstration of what this

52
00:03:58,210 --> 00:03:59,010
attack looks like.