1
00:00:00,360 --> 00:00:01,260
‫-: Hi.

2
00:00:01,260 --> 00:00:04,881
‫Within this lecture we are going to discuss the IP address

3
00:00:04,881 --> 00:00:09,440
‫that we are going to be using to create this backdoor

4
00:00:09,440 --> 00:00:13,198
‫and some other very interesting concepts regarding

5
00:00:13,198 --> 00:00:15,959
‫this IP issue over here.

6
00:00:15,959 --> 00:00:19,440
‫So we need two more parameters

7
00:00:19,440 --> 00:00:21,210
‫in order to create this backdoor

8
00:00:21,210 --> 00:00:23,817
‫which is LHOST and LPORT.

9
00:00:23,817 --> 00:00:28,817
‫They stand for local host and local port, respectively.

10
00:00:29,370 --> 00:00:34,370
‫So it means that the host, the IP address

11
00:00:35,541 --> 00:00:38,722
‫that we are going to be expecting this session to come

12
00:00:38,722 --> 00:00:42,002
‫and LPORT means the port's number

13
00:00:42,002 --> 00:00:45,642
‫that we are expecting this session to come as well.

14
00:00:45,642 --> 00:00:47,610
‫So this will be something

15
00:00:47,610 --> 00:00:52,387
‫like 192.1.68.1.1 and port will be something

16
00:00:52,387 --> 00:00:56,703
‫like 80, 80 or 40, 40 or something like that.

17
00:00:57,630 --> 00:00:58,800
‫So what is the issue?

18
00:00:58,800 --> 00:01:01,950
‫Why don't we just give the IP address

19
00:01:01,950 --> 00:01:05,141
‫and wait for connection to come over here?

20
00:01:05,141 --> 00:01:07,560
‫So there are actually more

21
00:01:07,560 --> 00:01:10,458
‫than one IP address that we can give over here.

22
00:01:10,458 --> 00:01:14,881
‫So if you have ever watched a section like this

23
00:01:14,881 --> 00:01:19,322
‫or a tutorial like this in YouTube or any other websites

24
00:01:19,322 --> 00:01:23,430
‫most probably you will see, you would see

25
00:01:23,430 --> 00:01:27,660
‫something like local IP address is put over here.

26
00:01:27,660 --> 00:01:29,939
‫Actually, there are more than one IP address.

27
00:01:29,939 --> 00:01:33,341
‫If you go to google.com and search for

28
00:01:33,341 --> 00:01:36,871
‫what is my IP address?

29
00:01:36,871 --> 00:01:40,940
‫then you're going to get your public IP address

30
00:01:40,940 --> 00:01:45,940
‫which is the IP address of your router, your modem, okay?

31
00:01:46,500 --> 00:01:51,087
‫This is not the specific IP address of your current device.

32
00:01:51,087 --> 00:01:54,889
‫This is the IP address of your router.

33
00:01:54,889 --> 00:01:57,827
‫So if you go over here and say, What is my IP over Google

34
00:01:57,827 --> 00:02:02,160
‫it will give you some kind of this public IP address.

35
00:02:02,160 --> 00:02:04,660
‫I'm blurring mine so that you won't see mine,

36
00:02:04,660 --> 00:02:08,070
‫but you can just click whatever website

37
00:02:08,070 --> 00:02:09,570
‫that you want to use over here,

38
00:02:09,570 --> 00:02:12,000
‫like whatismyipaddress.com

39
00:02:12,000 --> 00:02:14,880
‫and you will find out your own IP address.

40
00:02:14,880 --> 00:02:18,030
‫And this is your public IP address, okay?

41
00:02:18,030 --> 00:02:20,280
‫This is the router's IP address.

42
00:02:20,280 --> 00:02:23,100
‫I'm going to explain what public means

43
00:02:23,100 --> 00:02:25,263
‫what local means in a minute.

44
00:02:25,263 --> 00:02:29,086
‫But the problem over here is that

45
00:02:29,086 --> 00:02:34,086
‫if you give that public IP address to this back door

46
00:02:35,024 --> 00:02:37,306
‫then it's not safe for you.

47
00:02:37,306 --> 00:02:42,306
‫It's not safe for the hacker because in real life

48
00:02:42,565 --> 00:02:45,886
‫if a hacker commits a crime,

49
00:02:45,886 --> 00:02:49,320
‫they can actually analyze the back door

50
00:02:49,320 --> 00:02:54,320
‫and they can see the public IP address on that back door

51
00:02:54,431 --> 00:02:59,429
‫so that they can try to locate the location

52
00:02:59,429 --> 00:03:02,047
‫of the hacker with that information.

53
00:03:02,047 --> 00:03:06,087
‫So hackers use other platforms, other tools

54
00:03:06,087 --> 00:03:10,550
‫in order to overcome this problem in real life.

55
00:03:10,550 --> 00:03:13,260
‫In order to be realistic

56
00:03:13,260 --> 00:03:18,260
‫we are going to use those tools in our example as well.

57
00:03:19,383 --> 00:03:23,760
‫So I'm going to explain what a local IP is

58
00:03:23,760 --> 00:03:28,050
‫and what a public IP is with a detailed presentation

59
00:03:28,050 --> 00:03:32,420
‫to you so it won't be some kind of vague thing in your head.

60
00:03:32,420 --> 00:03:36,923
‫So when we try to visualize how internet

61
00:03:36,923 --> 00:03:41,923
‫or how networks work, we can use this chart.

62
00:03:42,360 --> 00:03:45,330
‫So there is a router in your home

63
00:03:45,330 --> 00:03:50,010
‫and you have some kind of devices like phones and MacBooks

64
00:03:50,010 --> 00:03:52,527
‫or iMacs or computers or laptops,

65
00:03:52,527 --> 00:03:55,406
‫and they're all connected to that router

66
00:03:55,406 --> 00:03:58,605
‫because they want to go to the internet.

67
00:03:58,605 --> 00:04:02,622
‫So when they try to go to google.com for example

68
00:04:02,622 --> 00:04:05,760
‫they send some request to the router,

69
00:04:05,760 --> 00:04:08,270
‫and router send some request to the internet.

70
00:04:08,270 --> 00:04:10,740
‫They get some responses back

71
00:04:10,740 --> 00:04:14,933
‫and router forwards that responses to the related device.

72
00:04:14,933 --> 00:04:16,050
‫Okay?

73
00:04:16,050 --> 00:04:19,036
‫So this is how requests and responses work.

74
00:04:19,036 --> 00:04:23,376
‫But over here we only have one public IP address

75
00:04:23,376 --> 00:04:28,376
‫which is 85.100.25.149 in this case.

76
00:04:30,304 --> 00:04:34,077
‫But also we have some local IP addresses as well.

77
00:04:34,077 --> 00:04:37,198
‫So this local IP addresses are assigned

78
00:04:37,198 --> 00:04:40,614
‫by router with some kind of tools

79
00:04:40,614 --> 00:04:44,862
‫to the individual devices in your home or in your network.

80
00:04:44,862 --> 00:04:49,843
‫Okay? So what you see as 192.168.0.10,

81
00:04:49,843 --> 00:04:54,780
‫0.11, 0.12 represents the local IP address

82
00:04:54,780 --> 00:04:56,801
‫of the individual devices.

83
00:04:56,801 --> 00:04:59,999
‫So router generally gets the first IP address

84
00:04:59,999 --> 00:05:02,577
‫unless it is configured otherwise.

85
00:05:02,577 --> 00:05:04,287
‫So it is 192.168.0.1

86
00:05:07,800 --> 00:05:11,351
‫So they use this IP addresses and something else

87
00:05:11,351 --> 00:05:14,370
‫called MAC addresses

88
00:05:14,370 --> 00:05:17,790
‫in order to circulate this information

89
00:05:17,790 --> 00:05:20,730
‫with the network in order to have this kind

90
00:05:20,730 --> 00:05:23,340
‫of communication with the network, okay?

91
00:05:23,340 --> 00:05:26,040
‫But we use public IP addresses

92
00:05:26,040 --> 00:05:28,758
‫in order to communicate with the external world.

93
00:05:28,758 --> 00:05:32,560
‫So if you guess that every individual device

94
00:05:32,560 --> 00:05:36,540
‫in this house has the same public IP address

95
00:05:36,540 --> 00:05:37,999
‫then you're absolutely right.

96
00:05:37,999 --> 00:05:41,552
‫They have different local IP addresses

97
00:05:41,552 --> 00:05:44,311
‫but they have only one public IP address.

98
00:05:44,311 --> 00:05:49,311
‫So if you want to get a connection from some outer world

99
00:05:49,435 --> 00:05:52,958
‫you have to give them your public IP address

100
00:05:52,958 --> 00:05:56,190
‫which is not safe because it's detectable.

101
00:05:56,190 --> 00:05:58,200
‫It's trackable, okay?

102
00:05:58,200 --> 00:06:02,440
‫And also you have to do some kind of port forwarding,

103
00:06:02,440 --> 00:06:03,840
‫in this case,

104
00:06:03,840 --> 00:06:06,879
‫even if you are willing to share your information

105
00:06:06,879 --> 00:06:10,060
‫with a back door, then the router has to

106
00:06:10,060 --> 00:06:15,060
‫know which device it should forward their information to

107
00:06:15,578 --> 00:06:20,520
‫in order to forward the related information.

108
00:06:20,520 --> 00:06:22,436
‫For example, you hacked into the Android.

109
00:06:22,436 --> 00:06:26,099
‫Android gave you the connection back,

110
00:06:26,099 --> 00:06:29,897
‫you got it from the router, but the router should know

111
00:06:29,897 --> 00:06:34,590
‫whether it should forward this connection to iPhone or iMac

112
00:06:34,590 --> 00:06:39,059
‫or MacBook or Kali Linux or any other device in the house.

113
00:06:39,059 --> 00:06:41,922
‫And this operation is called Port Forwarding.

114
00:06:41,922 --> 00:06:46,922
‫It's pretty easy to do that, but it causes some problems

115
00:06:47,070 --> 00:06:49,424
‫with some kind of internet providers.

116
00:06:49,424 --> 00:06:53,238
‫So in order to eliminate this port forwarding and

117
00:06:53,238 --> 00:06:57,690
‫in order to eliminate the safety issue that is brought us

118
00:06:57,690 --> 00:07:00,719
‫by sharing our public IP address,

119
00:07:00,719 --> 00:07:04,563
‫we are going to focus on something called tunneling.

120
00:07:04,563 --> 00:07:06,210
‫Okay?

121
00:07:06,210 --> 00:07:08,760
‫We are going to use some services

122
00:07:08,760 --> 00:07:11,343
‫and we are going to make that service

123
00:07:11,343 --> 00:07:15,024
‫port forward or forward those information to our computer

124
00:07:15,024 --> 00:07:18,518
‫to our Kali Linux directly so

125
00:07:18,518 --> 00:07:23,518
‫that we won't be sharing our public IP with the backdoor

126
00:07:25,011 --> 00:07:28,944
‫with the malicious file that we are trying to create.

127
00:07:28,944 --> 00:07:31,707
‫And also we are not going to deal

128
00:07:31,707 --> 00:07:34,569
‫with the port forwarding in a router level

129
00:07:34,569 --> 00:07:39,387
‫in our own house or in our own network.

130
00:07:39,387 --> 00:07:42,463
‫So that's actually how hackers

131
00:07:42,463 --> 00:07:45,862
‫in the real world work as well.

132
00:07:45,862 --> 00:07:49,320
‫So let me show you some kind

133
00:07:49,320 --> 00:07:51,864
‫of examples regarding this local IP as well

134
00:07:51,864 --> 00:07:55,746
‫so that you will comprehend it in a better way.

135
00:07:55,746 --> 00:07:58,410
‫So what you can do,

136
00:07:58,410 --> 00:08:01,005
‫you can open your terminal inside of Kali Linux.

137
00:08:01,005 --> 00:08:03,420
‫I'm going to open a new tab

138
00:08:03,420 --> 00:08:05,928
‫and write if config, ifconfig.

139
00:08:05,928 --> 00:08:09,600
‫And what you see over here is 10.0.2.15

140
00:08:09,600 --> 00:08:13,445
‫or something like that, and it's our local IP address.

141
00:08:13,445 --> 00:08:17,880
‫So I'm not going to write 10.0.2.15 over here.

142
00:08:17,880 --> 00:08:20,324
‫I'm going to write some other thing that I'm going to

143
00:08:20,324 --> 00:08:22,089
‫show you in a minute, but maybe you

144
00:08:22,089 --> 00:08:27,089
‫you may think that what is 10.0.2.15, you said that?

145
00:08:27,460 --> 00:08:29,995
‫192.1.68, something like that.

146
00:08:29,995 --> 00:08:34,995
‫So 10.0.2 generally refers to net network IP addresses.

147
00:08:36,584 --> 00:08:39,090
‫So we are using some kind

148
00:08:39,090 --> 00:08:42,510
‫of virtual network inside of our virtual box.

149
00:08:42,510 --> 00:08:44,910
‫Remember we are using net network.

150
00:08:44,910 --> 00:08:47,520
‫So we have this 10.0.2.15.

151
00:08:47,520 --> 00:08:50,424
‫If we use some kind of USB wifi card

152
00:08:50,424 --> 00:08:54,347
‫to connect our Kali Linux directly to our router,

153
00:08:54,347 --> 00:08:58,486
‫then we would get something like 192.1.68, okay?

154
00:08:58,486 --> 00:09:02,621
‫And it doesn't even matter what kind of IP address

155
00:09:02,621 --> 00:09:07,621
‫that we have, if we have a working local network.

156
00:09:07,913 --> 00:09:12,913
‫So maybe you can see something like 172.1.68 as well,

157
00:09:13,269 --> 00:09:17,606
‫rather than 192 that just don't be surprised.

158
00:09:17,606 --> 00:09:19,245
‫It's possible.

159
00:09:19,245 --> 00:09:22,084
‫And over here, as I said before

160
00:09:22,084 --> 00:09:25,230
‫we are not going to use those information

161
00:09:25,230 --> 00:09:28,213
‫in order to create our LHOST and LPORT

162
00:09:28,213 --> 00:09:31,800
‫but rather we are going to use something called tunneling.

163
00:09:31,800 --> 00:09:36,155
‫But it's essential for you to understand this information

164
00:09:36,155 --> 00:09:40,212
‫so that you would understand what are we trying to do

165
00:09:40,212 --> 00:09:43,753
‫with the tunneling service in a minute, okay?

166
00:09:43,753 --> 00:09:46,500
‫So if you come to this point,

167
00:09:46,500 --> 00:09:49,090
‫I'm going to stop over here and continue

168
00:09:50,029 --> 00:09:53,163
‫with the tunnel services within the next lecture.