Alright, so what is a string? Well, a string is any text that you want to be treated as text within a program. So again we need to talk about a few other things that we’re going to be talking about actually a few videos from now, but for right now just trying to follow along. So, this is a string because it’s wrapped in quotations, and if we hit enter Python is going to say hello string. Now, you can also use single quotations here to do the same thing. So basically you have two options either using double quotations or single quotations, and let’s say you want to have a word in your string that you well let’s say you need to have a word in that string of text which contains an apostrophe. So let’s say we wrapped in single quotes and we say ‘don’t do that’ Python is going to freak out about that because what it thinks is happening is that we’re starting a string here, we’re typing three letters, and then we’re ending the string, and then it doesn’t know what to do about all this. It’s saying well t do that I don’t know what that means, it’s no variable, and there’s no function that I can perform on this, so I’m just going to freak out and give you a syntax error. So what you would need to do in order to print out don’t do that is you can just wrap it in double quotations and then just type don’t do that, and as you can see what I print it’s going to keep that intact. Now alternatively let’s say you want to quote somebody. So, let’s wrap in double quotes and say, “she said “I want this” and then close it, close it. Again, it’s gonna freak out because what it thinks that we’re trying to do is start a string, say she said, then end the string and then it’s going to freak out over all this because it doesn’t realize that this is part of that string because we have explicitly told it to end the string here. So what you would do in this instance is just wrap the entire string in single quotations. So, ‘she said “I want this”‘ and as you can see it’s going to print it out correctly. Now alternatively what if she said something that had an apostrophe in it. So, let’s try and cope with that so ‘she said “don’t put that there”‘ again it’s going to freak out because we’re starting the string here, we’re adding a single quotation which is not interpreting as the other string, in fact right here where this apostrophe is it thinks that’s the end of the string, so it’s treating this like a string and then this as constants, or variables, or whatever and it doesn’t know what to do with them because we’re not telling it to do anything and then these just random quotations here. So what we need to do in this instance is we need to learn about escaping certain characters. So, let’s write it out first then I’ll explain it. So what we’re going to do is wrap it in single quotes and we’re going to say ‘she said “don/ ‘t do that”‘ and what’s happening here, let’s hit enter. That’s not what…let me that out. It’s just returning what we wrote there. There. So we print that out and what this does is the backslash here tells the next character to be interpreted as text regardless of what it would normally be interpreted as, so rather than this trying to end the string Python knows at this point that we want this to be printed out with the string and not end the string but just printed out as a single character, and so that’s what it’s going to do. So there’s times when you’re going to need to do each of these in your Python code and so that’s how to handle strings and what they are. Again, a string is just a series of characters which is interpreted as text and you can print it, you can manipulate it, we’re actually going to get into string manipulation in the next video.
Alright, so what kind of work environment do we need to be efficient at programming with Python? The question can be posed for any programming language really, and so the answer is usually going to be same. I mean feel free if you want to, to openup notepad on Windows or you know some basic text editor and write a script and go over to the terminal and command prompt and run it, however that’s not efficient for a variety of reasons. So, what we’re going to be using is an IDE, which stands for integrated development environment, and we’re going to be using Jetbrains PyCharm. Now, PyCharm is free for, I spelled that wrong just go to Google, search PyCharm, and click on the link there which is from jetbrains.com, and you can download it. Now when you get to the download screen you’re going to get a professional or community version, choose the community version that is free, it’s completely fully featured as far as i can tell, and that’s the one that we’re going to be using in this video. Now alternatively I mean you can go have a look at other IDEs for Python, but I find that this one it just works really well, it’s simple, and it does everything that we need it to do, and it also has some advanced features which we may look at some point in the future. So, go ahead download the installer for your platform, it does require Java as well, so you can just open up Google and type download Java, and it’s going to take a java.com/download if you click that link, just click download the appropriate version for your system, and once you have that installed then you can install PyCharm. So, let’s take a walk around PyCharm right quick. So, this is going to be the first screen that you see every time you start up PyCharm. The first launch screen is a bit different you can choose a theme and whatnot, all that is relevant really. We’re going to create a new project, it’s going to be pure Python, now there’s also other options here if you want to start a Django project, etc., but we’re just going to start a Python project here and we’re going to choose version 3.5.1 which is also going to tell the IDE here where to find the binary files to run Python. Now, we’re also going to name the project here, so first program, and this is going to be the name of our project. It’s going to create a folder called first program and this is how we’re going to identify it within here. So, along the left-hand side here this is the project view so let’s go ahead and right click and create a new file. Now, additionally you can create a new directory, a Python package, and a bunch of different file types here. We’re just going to choose a Python file and I’m going to name it main, which is going to name it main.py, and here we can start typing our script. So, again I’m just going to use the hello world example, and that’s all it’s going to be. I’m going to save it, keyboard shortcuts are going to take you a long way if you’re going to become a programmer, so I expect you know some already, if you don’t on Windows Linux control + S saves the file and on OS 10 its command + S so you don’t have to always go through the menus and stuff, but let’s have a look through the menus. If you want to create a new project, a new file, or directory you can open one etcetera, you can actually access the settings by going to default settings for this project, and a bunch of different options down here that we don’t really need. If you go to edit you’re going to see you can undo and it’s also going to show you the corresponding keyboard shortcuts for each one of these options, so this is command + Z and that’s going to undo whatever action I previously did, this is also going to be useful if you’re going to become a professional programmer. Same is true for copy, paste, find. We’re going to be discussing find at some point, I mean it’s a pretty powerful command you can find not only in the current file but your entire project if you want to look for instances of variable or string or something you can actually search through the entire root directory of this project if you want. If you go to view and go tool windows here is what we’re looking at here project if we select that it’s going to, it should hide that, yeah, so it hid the project sidebar, so we’re going to leave that open. Now, we can also show favorite structure, etcetera. If you have version control setup this will not be disabled and you can use that to perform first control actions. We’re going to open up a Python console here and here we can actually run Python code. If we wanted to say 5+5 you know and it’s going to return that so this is the interpreter itself, however if we want to actually open terminal we can open a terminal here and here we can just type python3 main.py and it’s going to run what we have up in this file right here. Now additionally we have a run right here. We can set up run, a run configuration here, to actually every time we hit the run it’s going to automatically run our project so let’s go ahead and hit the plus sign, choose python, and it’s gonna be called a Python run, script is going to be python3 or the script is going to be the actual python script that we want run so it’s going to be main.py, script parameters this is if we’re passing in any arguments or anything we’re not going to it’s already found the Python interpreter because when we set up the project we chose the correct Python version. This is going to be interpreter options we’re not going to be using any, and that’s all that we need to do. So, let’s go ahead and click apply and then run, and it’s going to run the script, output that, and then it says it finished with exit code zero which is completely normal. So, every time you want to run if you have this little section opened here just hit that play button, the Run button there, it’s going to run the code in real time. So, make changes, hit ctrl + S, and then run the code right there, this is the most efficient way to run a program in an IDE, you know, you don’t have to switch back and forth between windows and stuff. So, this is the primary reason that we’re going to be using this IDE for the sake of this course. Again, feel free to have a look at some others but I recommend if you’re a complete novice to any of this just follow along exactly with what I’m doing and you shouldn’t have a problem. However, if you do there’s a discussion section to the right of this video, use it, let me know if you have any trouble, and I’ll try to clear it up. So, with all that said we are finally ready to actually get in to the language itself.
So, let’s go ahead and create a Python script and learn how to run it. So, I’m going to be doing this in terminal completely we will discuss other options later, what I need to do first is change directory into “pycharm projects” and there’s nothing really in here so I’m going to create a file using the nano text editor, you guys don’t have to follow along, however if you want to that’s great too. I’m just going to call it test.py. Now all Python scripts need to have the .py extension. So, what we’re going to do is just a simple, simple script it’s going to print “hello world” So, I’m going to control + O to save, and control + C to exit, control + X to exit. Alright, now if we just type “test.py” you’ll see BASH doesn’t know what to do with this command because test.py is not an installed program. So what we need to do is run “python3 test.py” and it will return the result of anything in that script. So, that’s how to run python scripts, in the next video what we’re going to be doing is setting up an actual work environment using an IDE, and get you guys all ready to start with the basics.
So, the interpreter, and this is going to be a short video I think, but we’re basically going to talk about the difference between an interpreted programming language and compiled programming language, and this might be a little adept for the novice programmer but just stick with us again if you have any questions or not sure if you completely understand it, there’s a discussion section to the right of this video, yes should be right to the right of this video, so use that and I will try and clear up any confusion. So, first, with a compiled programming language you write your code and you save it into this file, and you can’t run that file yet. Let’s say you’re writing C++ code, so you write a function, you write a script that will do something. If you try and open that file with the .cpp extension, which is for C++ files, it is just going to open that in a text editor or code editor because that’s not an executable file. What you need to do with a compiled programming language is once you save your file you need to compile it into a language that the computer can read, so binary ones and zeros, and by compiling this file into an executable file, then you can double click it and it will run. So, if you’re on Windows building executable files for windows they will have a .exe extension. If you’re on Linux I don’t believe they have an extension. So, the difference here is with Python when you write a script you can instantaneously run that script without having to compile it into binary and because we can do that what’s actually happening is when you run the Python command you’re not running the file standalone. So, when you compile a programming file into a binary file you can just type the name of that file in the terminal or command prompt and hit enter and it will run that program as a standalone program because the computer already knows how to run it, but when you run Python scripts you’re going to run it with the Python command and then the name of the file, and what basically happens is you’re running the program Python which is interpreting your code and running that. So, what happens is it does compile into binary but it does what’s called just-in-time compilation, and what that does is every time you run its going to parse all the code and it’s going to convert it into a temporary file and then run that temporary file. So, let me break out of this, there. So, how you would run a script and we’re going to talk about that later but basically how to enter the interpreter on its own you just type python3 to use the three version of Python you can see the version we are using Python 3.5.1. So, basically in the interpreter you can run real time code, so if I were to type “print hello world” it’s going to instantaneously run that line of code. If I run “4 + 6” it’s going to return 10 because that’s the sum of four and six, and so the interpreter is great to use if you want to test something really quick, if you want to debug a few lines of code, or if you just want to see if something would actually work. So, we’re going to be starting out using the interpreter but as things get a little more complex we’re going to get into writing scripts and executing those scripts. So, now we need to learn how to run a Python script.
In this video we’re not going to be doing anything, we’re not gonna be learning about networking specifically on Linux. We need to understand a few general concepts before we get to that. So, this video is going to be a sort of introduction to networking on Linux. An introduction to networking in general. So, right now you are on a computerized device watching this video which is on the Internet. And the way that’s happening is basically you’re connected to a router, or a modem router all-in-one device, and the router is connected to your internet service provider, and your internet service provider has devices that are connected to the bigger world of the internet. So, you send a request, if you open up a browser and type in google.com and then hit enter, your web browser sends that as a request. It’s basically saying okay this is the web page that this computer wants to look at right now. It sends that through your router, which sends it to your internet service provider, and your internet service provider has all these fancy computers that properly route certain requests to DNS servers, any requests actually. What a DNS server does is it says okay, you gave me this string of text, a domain name or URL, and I have a record here that shows this domain or string of texts is supposed to serve up the content at this IP address. And so how the internet works is it doesn’t understand Google.com or Facebook.com. The internet uses network addresses, right, and so think of it like each web server, each server out there has and address just like every house on your street has an address. So, if you were gonna send somebody down the street to Joe’s place, you would say okay well go to this address, then you would give them the address of Joe’s place and they would be able to find it. The same thing is happening on a DNS server. You give the DNS server a domain name that you want to look at, and then th the DNS server takes that and says okay well I know this domain name is supposed to route to this IP address. So, you request, you need to go over to the server to get that content, and so your request then gets translated to an IP address and other information, and it gets to the web server that it’s supposed to be at. And then the web server running Apache or anything really nginx, I’m sure there’s tons out there that I don’t know about, but the web server receives requests, it receives all of the information related to it. So, cookies you know session variable stuff like that as well as the exact item you want to look at it. So, if you go to website.com/something /something else, everything after the .com/ is called a URI and that indicates what piece of content on the server you want. So, think of the first part domain.com as what server you need to be communicating with, and then afterwards you know /about.php or something that’s gonna tell the server once it gets the request what page it needs to send you. And then it does it’s you know rendering process and it sends you that page in the exact same route that your request took to get there. So, it’s like when you send your friend down the street to Joe’s place to pick up a box of pizza. So, your friend walks down the street he turns left you know maybe turns right, he gets to Joe’s place, he walks in says hey I need to get a pizza, Joe gives him the pizza, then he walks same way back to your house, and before you know it a web page has loaded within your computer box. That’s how that happens. I hope you guys understood that. In the next video we’re actually gonna cover a few more concepts before we dive into you know really understanding to the point that we can use applications to do certain things. So, I hope you guys found that informative. If you didn’t, if there’s any point in this video that you felt lost, or confused, or even that I was just rambling, or even if you just want to tell me you know a few more web server applications aside from Apache, there is a comment section to the side of this video. You just leave a comment I will reply and get you whatever information you need, and hopefully this will make sense to you. So, in the last video we described how the internet works, what the internet is, is technically an interconnected collection of networks. So, all these little networks all over the world can now be connected to other networks in the world, and so we have the internet which is just that. So, to understand the network here we’re bringing it down from you know the top level stuff, down to a more localized thing. And so a local network is the type of network that you have set up in your house, where you connect to the router, the router then you know can interact with the internet for you, and then return the information to you computer. Now, I wanted to talk for a moment about IP addresses and the current issues that face them, while still using ipv4. So, let’s open up a document here. So, an IP address looks like this. This is an IP address of a server somewhere, probably, if you put this in your browser…actually let’s try. That was just a random one that I just wrote up, let’s see what happens. This is probably the address of somebody, somebody you know, somebody is connected to an internet service provider and they get one IP address for all their computers, and the reason why that happens is because these IP addresses can go from 1.1.1.1 all the way to 255. So, as you can imagine the range is pretty big but it’s not quite big enough for the human population, and so we’ve been running out of IP addresses for the last fifteen or twenty years. And, multiple solutions have been brought into the equation to try and solve this problem. One of them was called a NAT. What this is is a network address. Basically, you have one router you have one IP address. So, the IP address you have let’s say is this one up here at the top, this is your IP address that the internet service provider has given you. Without the use of a router you can plug one device into the modem and your computer will use this IP address in requests, so basically when you send a request to google.com to load a page or to load a search what happens is your IP address gets sent to Google as well so that Google can return this data to your device. But, what happens when you only have one IP address and seven computers, that’s when the NAT comes into play. So, this IP address now is the IP address of your modem or router, and it assigns NAT addresses to all the devices on your network. So, let’s say you just have two devices on the network. The first one, actually the IP address of your actual router is likely this. I’ve seen one instance where a network did not use this IP address as its routers IP address. The IP addresses that your router will assign to computers in your home all begin with 192. So, basically it would be something like that, right, that would be the IP address, actually hold up I got this wrong. This is the IP address of your router, this is the IP address of your first computer. So, it always begins with 192.168 Your second computer might be this, and your 3rd computer might be this. So, now you have three IP addresses, three devices on your network and your router here is keeping track of them. So, from this device I type google.com into the address bar, what happens is this IP address along with the request gets sent to my router, the router then sends the request off to the ISP and then over to the internet and stuff, with the IP address of the router which internally is this and externally this is our ISP IP address they gave us. So, what happens this gets sent to google.com, google.com sends the page back to this IP address connected to the router here, the router then takes that request and connects it with the device that requested it, and then it sends it back to that device. And so that’s how a router interfaces between a local network and the internet. So, in the olden days before the NAT address and routers really took off each one of these computers would have had a different IP address, so it would have looked something like this. So, that would have been 3 actual IP addresses when we found a way that you actually only need one IP address for our network, and so that’s what a router does and so these IP addresses are local and you’re gonna see these in terminal. Now, one other special IP address is 127.0.0.1 On every computer this means this computer. It’s basically a self identifying IP address. If I were to type this into my browser I would see my localhost, where if you put this in your browser you would see your localhost. The NAT IP address basically works the same way. So, if I were to go to 192.168.0.3 it would try to find a computer only on my network that has this address and then connect to it. So, that’s how a router works, in the next video we’re getting into the ifconfig. On Windows you have an ipconfig command, on Linux here you’ve got ifconfig and we’re gonna cover that in the next video, and a a few other commands as well. So, thank you guys so much for watching, and I’ll see you guys soon.
Welcome all. This is an introduction to ethical hacking for 2016-2017. And before I continue any further, some of you may know me from the previous ethical hacking course, and this one will be significantly more advanced as opposed to that one. That being said, the requirements for this one will be also significantly different. But before we continue any further, let me just go over a few things. First of all, my throat is getting dry, because this is like the fifth time that I’m attempting this and certain people, certain very rude people keep interfering. But anyway, there a few considerations to make here. So the first one, is what can you expect to learn from this course? Well, you can expect to…I will show you basically, how you can compromise systems, monitor a traffic in the air, fight against encryption, what you can do with encrypted traffic, how you can attempt to decrypt it. Some of it you will be able to decrypt, I will show you various methods, Listening booths in the middle, and how to take off certain layers of encryption, and extract the useful information from the data which is out there in the air. I will show you various methods how to compromise systems in general, like PCs, servers, phones, smartphones that is. And we also may play around a little bit with the GSM network and see some of the vulnerabilities there. That’s a 2G network, so you have 2G, 3G and 4G. 2G is the GSM and 4G is the LTE. Anyway, we will be most likely, I will most likely at a certain point in time also talk a little bit about social engineering and you will see the practical aspect of that as well. But, there are two kind of considerations that you should make when taking this course. So, moral side of things and legal considerations. So, just because you will be able to do something, and I will teach you how to do some serious damage with the knowledge that you get you will be able to do some serious damage, but it doesn’t mean that you should. There really is no need for you to do so. And just think about it, you don’t want anybody messing with your stuff, so don’t mess with anybody else’s stuff. There really is no need, or justified reason for you to do it. Legal aspects, legal considerations. In most countries, it is illegal to mess around with systems you don’t have permission to mess around on systems that you yourself do not own. Just to give you a stupid example, it’s illegal to mess around with your neighbors Wi-Fi. It’s illegal to connect to it without that person’s permission, who owns it. So even these small, I would say, inevitable things are taken into consideration by law. Not to speak of breaking into the servers or taking information from the phones, personal information from the phones and other kinds. That’s all covered as well. So you can get into a lot of trouble if you misuse the knowledge. I will give you a lot of knowledge here, I will show you how to do various things. Please, do not abuse the knowledge. Use the knowledge, do not abuse it. Ok, that being said, let’s go over to the other side. Besides of the cute puppy up there that my friend drew, sitting over there smiling, for some strange reason. He doesn’t want to come on camera, God knows why. You will have software and hardware requirements for this course, so those are the two. You have three requirements, one is software, one is hardware and the third one is, your current knowledge, your current amount of knowledge, so to say. Let’s get into the operating systems. So, Windows and OSX are completely incompatible for our purpose. On OSX you lack a large amount of tools and you lack hardware compatibility in the first place, even though you have a Unix-like Shell, it’s really not a system that you want to use for this purpose. Windows as well, Windows is even worse. You don’t have the degree of anonymity while using Windows is not really that good. With Linux, is open source, you know all the traffic that’s coming out, that’s going in, to monitor, to know exactly what it is, all of it can be decrypted. With Windows, you will have…I notice a lot of unauthorized duplications from my machines, and it’s closed source, you don’t know what is going on in the background, you don’t know the source code. And you might say, “Well, I know the source code of Linux but I’m not a developer, I have no idea what it means” It doesn’t matter, a lot of other people know what it means, a lot of other people who made it. Somebody who says something out there on the forums, if there was funny going on there. I don’t what’s going on with Windows, under the hood, and I don’t know what’s going on with OSX under the hood, and therefore I generally don’t like using them for anything unless I am practically forced to do so. My primary operating system that I use in my daily basis for productivity work, with pen testing and development is Linux, and it has the largest, practically the best tools for development and for pen testing. It doesn’t matter which distribution you are using, you should be able to install pretty much all the tools on all the distributions out there. Anyway, you will need a machine where you will have Linux installed. So, we will need Linux as an operating system installed. I will tell you which distro to choose, I will make suggestions and I will show you how to install it. Now, to answer the questions in advance, yes, you can have a virtual machine on Windows or OSX. Yes, you can have a bootable USB with persistence storage, and yes, you can have dual boot on Windows and OSX, all these three setups are…first of all, you’re gonna encounter a lot of problems with dual boot, with both Windows and especially OSX. Linux dual booting with OSX and Windows is a huge problem, especially with the UEFI Bios. Some of you might argue and say, “Well, it’s not, I’ve succeeded in doing it” Yes, I’ve succeeded in doing it, it works, but, it’s a hassle to get it to work, or at least it was a hassle for me, the process is buggy, you will encounter a lot of problems and a lot of your problems I cannot replicate them and not know how to solve. I can’t replicate them and therefore I don’t know how to solve them, because the dual boot behaves differently on different machines with different BIOSes. On different motherboards that is. So, have a machine which has Linux installed as a single operating system. All these other optional setups, like dual boot, live USB, virtual machines, I’ll go ahead and create these videos for you and I’ll post them on Youtube as optional setups, but that’s not the setup that I will be using, that’s just something that I will post there for you, so you can have a look, but it will not be a part of this course at all. They will be on Youtube, they will be completely free, no need to registering or anything like that. If you want have that kind of setup you can go, have a look at it, but I make no guarantees there. Ok, so, in terms of hardware, First, what you need to consider is driver compatibility. Driver compatibility has been an issue for a very long time with Linux, but lately it hasn’t been a problem almost at all, because Linux nowadays supports pretty much most of the devices out there without any problems, with open source drivers, and open source drivers, yeah, they tend to work, really, really, really well with most devices out there. There are still hiccups here and there, but, it works. However, you will need to make sure that your system that you are using in terms of hardware components is compatible with the Linux kernel. You do this by basically getting the list of components of the PC and just typing in on the net, like, wireless card, what number, drivers for Linux, and it’s gonna tell you, yes, they do exist or no, they do not exist. If you type in, like, graphic card, this graphic card driver’s for Linux. Yes, they do exist or they do not exist, so that’s some of the checkups that you need to make. In general, if the drivers exist for, I mean if you have drivers in one distribution and if they’re open source you can have them for pretty much all the distributions without any problems. Next up is really important, so router access, you will need access to your home router, you will need to be able to access it. A lot of ISPs these days, they tend to block the user access to the home router. I don’t know why they do this, most likely because they don’t want a ton load of people messing around with the configuration of the routers. And they don’t know what they’re doing, so they mess things up and they call support and it takes valuable time and effort and it costs them money. So they just lock the router. But, if you don’t have access to your router, what you can do is just give them a call or write an email, asking that you would like to have a permission, that you would like them to unlock the router and they will tell you: “Okay, but you can do that at your own risk” Most likely if you mess something up, they will charge you some small amount to restore the original configuration. But, you can basically back your router up, once they unlock it. And just create a backup file and you can use that as a restore point in case you don’t know how to restore the internet connection in your house. However, you will need access to your router because we’re gonna be configuring, we’re gonna be opening up this machine to the outside world, so it will be accessible from outside world. This will be necessary for certain setups, I will show you how to configure the router and to configure….what you need to do is pretty much the same on every router, however, the interfaces on the routers will vary, but it’s quite simple, there isn’t much up to it. Wireless cards, this is also you will need to keep in mind, they need to be, not only compatible with Linux, but they need to be compatible with Aircrack and Reaver, so Aircrack-ng and Reaver. Some wireless cards function well, other do not, you can look it up on the net which ones do and which ones do not. In the final account of things, you can just go ahead and use the one that you have and see how it works out. Chances are that it will work, but again, that’s some of the information that you will look up on the net. You see, first of all you establish which chipset does your wireless card use, you can do this by typing in the model of your wireless card on the manufacturer’s website and the manufacturer will have the chipset listed there. Then you check whether that chipset has compatible drivers for Linux, and whether that chipset is supported by Reaver and Aircrack-ng. All this information is listed on the sites. So you just use your favourite search engine and, I assure you, you will find these results without bigger difficulties. If you fail by some crazy chance to do so just go with the flow and see what happens. See if it works out or if it doesn’t. The CPU, now the CPU that you have should support virtualization options, that means for Intel, you will need VT-d and for AMD you will need AMD-Vi. These are the flags which tell you if the processor is capable of virtualization. That’s the simplest explanation I can give in that regard. Make sure that your, it will be nice if your CPU supported virtualization so that you can do everything that I do as well. How do you check this? Well, you go to the manufacturer’s website and again, you see whether it’s supported or not, you can even ask the manufacturer with an email if it supports virtualization or not, just give them a call, I mean, and ask them quite literally, just give them the model number and they will be able to tell it to you, yes or no, without any problems really. Now, RAM, it will be good if this machine where Linux will be installed would have at least 4GB of RAM. Linux doesn’t necessarily requires 4GB, it’s gonna run with less than 2GB without any difficulties. It’s not RAM hungry like Windows and OSX are, but it would be good if you had more than 4. Why more than 4? For smoother operations of virtual machines, because we’re gonna have some of them, which we’re gonna set up there, and that we will use as our own small virtual servers, as our own pocket environments, where we shall conduct our research and where we will…the servers which we will use in order to go through the course, we’ll build our own environments where we will perform whatever it is that we need to do. USB, have a USB lying around, some USB, it may not be a big USB, it may not be a 3.0 USB or anything like that, pretty much any USB stick will do. What will you need it for? One of the basic things that we might need it for…I can show you how to make a cryptographic key, how you can convert it a USB into a crypto key, when you plug your USB into a laptop, you basically unbox or unencrypt your drives and it unlocks your PC. And then you can have another layer of security on top of that and it can request for a password confirmation as well. So that’s really good security for you right there. In addition to all of this, I will also show you how to monitor traffic, how to protect yourselves, how to secure your environment, how to figure out what’s going on on the network. where to post listening, where to listen for the network traffic, how to figure out what is going on and such things. And in addition to all of this, my final thing that I would like to state here, is the disclaimer. I am not in any way responsible for what you do with the knowledge that I give you, I’m giving you this knowledge in good faith, this knowledge is presented here in good faith, that you will use it properly and that you will not abuse it in any way. As all of this is for educational purposes so that you will gain knowledge, not so that you go messing around with your neighbor’s Wi-Fi. I mean, just don’t that, it’s quite stupid, you have nothing to gain and you can get into a lot of trouble for no reason of whatsoever. So, that’s it, I’m gonna go head bid you all farewell and wish you a ton lot of luck with this course and I hope that you have a lot of fun as we go through a lot of these things.
So, the last video that we’re doing is setting up an SSH host on our local machine, and it’s really simple. So, let’s go ahead and open up terminal. We need to install openssh-server. So, go ahead and run “sudo apt-get install openssh-server” I believe it is. We’ll get an error message if that’s not it’s been awhile since I did this, so. Once we have it installed you’re basically good to go, however we are going to make it a little more secure. We’re gonna change the port that this runs on and so there is an SSH deconfig file now. Let’s go ahead and run “sudo nano /etc/ssh/ssd_config” So, we can go ahead and make this more secure by changing the port and also changing the authentication stuff. So, let’s go ahead and change the port to 2212 instead of the default 22, and then we’re going to scroll down here a bit, and under authentication here we’re going to change permit root login to no, so nobody’s gonna be able to login as root. Scroll down a bit here as well, and we’re going to add a line this is allow users, and this is going to take basically a list of usernames of users who are allowed to log in through SSH. So, I’m going to make my user account able to login through SSH and this is going to restrict all other users from connecting to this machine via SSH. So, I’m going to save it and exit, gonna clear this up, and then what we need to do is restart the SSH service. So, run “sudo systemctl restart ssh” and you’re good to go. And so now if I were on a different machine here, actually let’s see if I can get my external IP address here, I don’t think I can get it through here, no. Alright, clear this. I’m gonna open up network-tools and I’m gonna do something like if you guys have seen the movie Inception, this concept that I’m about to do will feel a little little bit familiar to you. This by the way when you go to network-tools.com the IP address that pops into the input field by default is your external your public facing IP address. This is the IP address that your internet service provider gives to you. Now, actually in order for this to work, this would have to be the only machine or I would have to set up through the router DMOZ port forwarding or a host forwarding, but what we can try, we’re gonna try it anyway. I’m going to
“ssh [email protected]” and then from here I’m going to ssh into this machine. It probably won’t forward that port. So, I would have to go through my router at this point to configure port forwarding for that port 2212 in order to be able to connect from an external host to this host. If you only have one machine, so basically like the IP address of my server when I, when I go to the IP address, it goes directly to my server. It’s not configured through NAT addresses my server actually has five IP addresses, and those IP addresses go directly to my server, and that’s why I can access SSH on that server without having to configure any routers or anything. I think actually the server provider manage that in some way. So, anyway you know if I were to go into my router and configure DMOZ or port forwarding, what I was just doing would in fact work. So, thank you guys so much for watching, and I will see you guys again soon.
Hey guys, let’s go over some SFTP. So, first what is SSTP? Well first before we answer that question, let’s ask a similar but different question, what is FTP? FTP is an acronym for the term file transfer protocol and it uses the port 21, and basically what it does is it transfers files between two machines. So, SFTP, because in regular FTP everything is transferred in clear text, so if anybody is sniffing packets on your network like we learned in a previous video, they would be able to read all those packets, basically. So, we’re not going to use FTP, I actually recommend never use FTP. SFTP is just easier anyway, and so we’re just going to use SFTP. So, similarly to the “ssh” command, you’re gonna write “sftp” and then the connection string. So, in my case it’s exactly the same as before. Then it asks for my password for the remote host, so I’m gonna put that in here, and now I can list what’s on the remote host by typing “ls” but we also have a few different commands to list what’s on the local host. I’m actually gonna exit here. I’m going to make a directory called “sftp-demo” I’m going to change into sftp-demo, and I’m going to “touch” a file called “names.txt.” Now, I’m going to reconnect while in this directory, to my server. Now, if I run “ls” I get the remote directories current directory listing, if I type “lls” I get the local listing of the directory that I’m in on the local host. And so here we can actually, we can grab files and transfer them to and from both machines. So, if I wanted to put names.text on to the server in the current directory, what I would do is type “put names.txt” and it’s going to upload it to my remote host with the same name. So, that’s when you would use “put” if you want to push a file from from your local machine to the remote host. Similarly, use the command “get” to get files. So, I’m going to, I really don’t recall any of these files, I’m just gonna get the composer.json file. So, I’m going to type “get composer.json” and if I run “lls” on my local machine I can now see that I have that file there. So, if I exit and then run “ls” I’ve got that file there. So, that is how you would use SFTP to transfer files to and from machines, and also a few commands there that can help you see what files are available. So, thank you guys so much for watching, and I will see you guys again soon.
Hey guys, in this video it’s all about SSH. So, first what is SSH? It’s an abbreviation that stands for Secure Shell and it basically allows you to access the shell or the command line of a remote host that has an SSH server setup. So, in one of the previous videos I connected via SSH to my own server and so I’m gonna do that again, and I’m going to explain exactly what I’m doing as I’m doing it. So, the way to get connected to a remote host through command line is using the “ssh” command, and then the only argument it’s gonna take is the connection string. So, in this case it’s my username on my remote host at, and then the remote host. So, I can use this or any other domain name that points to that server or I could use the server’s IP address, and when I hit enter it’s gonna ask for my password on that machine, so I’m gonna put it in and you’re gonna see that the prompt is gonna change. I’ve actually got this machine named the exact same thing is I have my server name, so it’s nick@voltron here, and I’m on my local machine. So, if I were to go to “var/www/html” and then run the “ls” command, I’m gonna see that I’ve got a lot of directories here actually, and a lot of these are actually unused and old projects that I worked on. But, anyway, basically once you get connected all the commands are the exact same because it’s essentially just a remote Linux shell. So, I could return to my home directory, then list those files, and you’ll see that again I’ve got just a bunch of random files. So, that is how to connect to SSH, when you’re done just type exit the connection will be closed. So, that was a really short video just to recap how to get connected is type “ssh” your remote user name at the name of the remote host, and hit enter and its gonna ask for your password. So, thank you guys for watching this video. In the next video we are going to be going over some SFTP, which is a bit bigger.
So, now you don’t only have to scan devices on your local network, you can
also scan external IP addresses or host names. So, I’m going to scan my server here by typing “nmap pointybracket.net” and then the host name of my server. It’s gonna take a moment and I’ve got a lot of open ports just because I have so many different things running. I’ve got, there’s a lot of things that run on it and some things that I just setup that I’ve never really used and haven’t bothered to shut them down, and so what we get here is my host and we can see that I’ve got FTP, SSH, SMTP, we’ve got the standard domain in HTTP, pop3, there’s a bunch of stuff here and I’m not going to go into what all those are but we can see that these are everything that the server has. You can also set a file, so let me clear this. Let’s open up gedit. So, we’re going to create a file of of hosts that we want to regularly scan and this can save time when we scan them if you’ve got like you know a few hosts that you regularly check on. So, I’m going to put “pointybracket.net” “192.168.0.1” and “192.168.0.100” and I’m gonna save this as “networks.txt” So, what we can do there is we can type “nmap -iL -/networks.txt.” so it’s a lowercase “i” and a capital “L” and then the location of that file, so it was “networks.txt” in my home directory. This is going to scan each of the hosts that is in that networks file. It returns in the order that they were scanned in, so that’s pretty neat. I want to go over a few more things with you guys regarding this command it does get pretty big there’s so much so that you can do with this, and so I really urge you guys to go and explore this if networking is one of your interests, if you want to really you know follow that. One of the things I want to show you guys is how we can turn on OS inversion detection during the scan, and so what we’re going to do is type “nmap -A 192.168.0-100” and this is going to scan, oh I had a little typo in the IP address there so I had just fix that, so this should tell me the operating system versions that are running on the devices on my network, and you can also find this information about other hosts. Aside from this, just while this is running you can scan aa network and find out which servers and devices are up and running by using the flag “-sP” You can display the reason that a port is in a particular state by having the flag “–reason” You can choose to only show opened ports which appears to be the default functionality here, it doesn’t show the closed ports. You can actually also show all of the host interfaces for a machine by typing “–iflist” in the list of arguments for this command, and I mean again it’s really big so go ahead and look this up. If you wanna type in google.com “nmap commands” there’s a bunch of different ones that you guys should play around with, this was more of an introduction onto the most common or basic functionalities of this program. I’m going to cancel this here and I’m just going to restart. This will go a bit faster, I’m just going to target my own IP address here so we can get this done and you guys can see the example output that this is gonna do when adding the “-A” slag in here. So, here you can see a lot of information about this machine. Let’s go to the top here. We’ve got the port, the state, and the service, as well as the version of the service. So, I have Apache 2.4.12 installed and that’s also the same one here. If we go down we get more information about the host cell, so we have OS UNIX, we’ve got the computer name, the domain name if anything is configured, the fully qualified domain name, and just a lot more information. So, that is the nmap command and it would be useful if you’re trying to just scan your network, and one of the examples that comes off the top of my head that would be you know when I would use command is if I noticed that the internet’s you know running a bit slow. Let’s say I’ve got 10 people in my house and half of them may or may not be using the internet and I wanna see how many people are online, this is what I would do in that instance or if you you know if you want to check how many machines offer a certain service, or what the IP address is that you need to use to access a certain service on another machine, this would help you figure that out. So, thank you guys for watching this video, I will see you guys again soon.