In this tutorial we will cover why it is important to learn how to use Linux. While it might not be the most popular OS for household PCs, the majority of tech and network infrastructure runs on Linux machines. Companies such as Google, Facebook, Amazon, and PayPal run on a Linux based distro. So, if you would like to get a job at any of the big tech companies, save maybe Microsoft, Linux administration skills are extremely valuable. Also, you have price. Linux is completely open source. This means that you can download and use almost any distro completely free of charge. Most Linux companies make their money selling support and enterprise level services. Most importantly, Linux is much more secure than Windows or Mac OS. The banking industry and major stock markets are powered by Linux machines.
In this first tutorial of the series I will introduce you to the course. This will be a two part course which will consist of basic system administration tutorials, and it will also prepare you for the RHCSA exam. Feel free to use the following Linux distribution when following along with this course: Red Hat, Fedora, CentOS.
If you find yourself needing assistance at any point throughout the tutorial series, feel free to enroll in The Complete Ethical Hacking Course Bundle for 1 on 1 help!
Hello everybody and welcome to the continuation of this tutorial. Anyway, today we’re going to do the actual cracking of the captured file, which is basically a follow up tutorial on the previous one. Make sure you watch these in the proper order, as they are usually tied to one another.
Anyway, we have aircrack-ng, so I’m just going to go ahead and type that in, aircrack-ng. We need -w for either the password or word list that we will be using. You can find these online and download them, and I’ve seen some pretty good ones. It will be around 48 gigabytes, something like that, however you will need to keep certain things in mind. First of all, the region where you’re performing this. For example, if you’re doing this in the US, or Canada, or any other English-speaking area, you will be able to find some relatively good word lists that you can use. If you are in a region such as mine where people mainly speak Slavic languages, an English word list is not going to be very helpful. Or, if you’re, for example, in Russia, or perhaps in France, or something of a kind, there are specified word lists for those particular languages. But, more often than not, they don’t tend to work. As I said, if you’re in an English-speaking region, try out a word list. People tend to either repeat passwords, or they tend to use fairly similar ones, so the likelihood of the password being in the word list is pretty high. This is what is referred to as a dictionary attack. You literally take a dictionary from somewhere, you type the name of the file here after download, and then you pass it to aircrack-ng, and then you start cracking, which is a fairly difficult process to do. But, over a certain period of time, it will practically finish trying all of the possible combinations, within the dictionary, in a reasonable amount of time. It might take a day or two, or something like that, but if you’re sitting next to a Wi-Fi you can spread this attack out. Once you begin cracking the password, you can sit in your house without a connection to the internet. The capture process requires being connected to the network, the cracking process is conducted on your local machine. This is very important, it is completely different from an online attack.
However, I am in a region where word lists are not very useful, and therefore I’m going to take a different approach. I’m going to say -w for a file to be read in, but I will also tell it to read in from standard output. Now I do need to specify the actual capture file, so SCAN_test-01.cap, let’s just expand this to full screen, excellent! So, I have SCAN_test-01.cap, and the final thing that I need to put in is the ESSID, which is Something. Now in front of it all I’m going to use crunch and pass it to a list of arguments. With -F you can actually specify what sort of characters will be assigned to which positions. So, for example, I would strongly advise looking through the man pages of crunch, let me just show you. Clear, and man crunch, excellent! So we have the man page for crunch, and you have these arguments, and so on and so forth. And if we go down below, this is f /path/to/charset.list which we might actually use as well. I’ve showed you that, but we’ll see whether that is convenient for our purpose. Sorry, it’s not -f, it’s -t. All of these symbols present certain types of characters. So, for example, the @ represents lowercase letters. The % sign represents numbers. The ^ I believe is capital letters, etc. You don’t need to memorize the syntax. Just take a look at the man page and figure out how to write the command.
So, keep in mind that the @ sign is an option, comma is an option, percentage sign is an option, and the caret sign is an option. Look at what it says, the explanation is practically perfect. Specifies a pattern, an example of a pattern, says your god. Believe it or not, people actually use that in their passwords. And he has two @ signs at the front, and four @ signs in the back. Look at what the @ sign represents, will insert lowercase characters. It will use this word, and it will insert lowercase characters in front and behind. If he had placed a comma in there it would insert uppercase characters. If he had inserted a percentage sign somewhere in there, it would insert numbers, not a caret sign, a percentage sign. And the caret sign is down below, it will insert symbols. That is why it is very important to acquaint yourselves with the sort of password that you are breaking. You cannot just walk in and break a password, brute-force it, without knowing anything about it previously. That’s just highly unlikely to happen. I mean, even with the best of machines out there, it will not work as well as you want it to. I’m running a few virtual machines in the background, so perhaps my CPU usage will be a bit lower, but I’ve managed to turn everything off and max it out. It was on 1,700 passwords per second. I think I could have gotten to 2,200 if I overclocked my processor, but I don’t have the proper cooling system.
That is a very important aspect to this. You will need to watch the temperature of your processor. If you’re using an Intel Core processor it will shut down by default, it will not allow you to destroy it by overheating it. On the right side of the screen here I have a temperature meter. You will see that the current temperature is around 61 degrees Celsius. When I begin the brute force attack with aircrack, it will load the CPU to ridiculous extent, and you will see how the CPU temperature will increase. When you’re performing this attack, you may wish to consider employing some extra cooling systems in order to reduce the temperature of your processor. That will not only decrease the chance of something malfunctioning, but it also increase the amount of attempts it can perform per second.
Anyway, without further ado, I’m going to type in crunch -t. I want you to use four numbers in front, and I know that the word is thunder so I’m going to type it in. I’m going to say, 123456789, and 0. Also, I need a pipe. A pipe is simply saying, whatever comes out of this, pass it to this. And this argument here is saying, read from whatever is passed, or from standard output. Press ENTER, and there we go. This is going to take a while. Actually, this is not going to work because I am a genius who failed to actually pass the proper length. Once passing length, and in combination with what we did here, you absolutely need to make sure that it’s exactly the same length. 11, 11, excellent! Press ENTER, and the scan is in progress. There we go, key found in a ridiculously short amount of time. Primarily because, I already knew a good portion of it. Let’s try something different. Let’s remove this, and if I remember correctly hat was for capital letters, I believe it was a comma? Let’s verify that because I’m not all-knowing, and comma will insert uppercase letters. Yes, it will. My memory still serves me well. I will remember to treat my brain with something later. Press ENTER, and the amount of possible combinations is not that large. I wanted to make sure that you had the opportunity to see the maximum amount of tries here.
Let me go ahead and close all of my other virtual machines. Once I do that, I will have more CPU power to spare, that I can devote to this brute-forcing method. I remember getting up to 1700. Once again, it’s found it within a reasonable amount of time. Let’s try passing a character set. So, it’s a lowercase f, /path/to/charset.lst charset-name. I need to go ahead and type in cd Desktop/crunch-3.6/, excellent! ls, and we have a charset somewhere in here. I’m pretty sure it’s crunch.c, Makefile, crunch.1, charset.lst, excellent! Here we go, let’s type in less charset.lst, and here we have the names as I stated before for pretty much all the charsets in existence. We can specify these manually, but it’s better to use these charsets as there is a much smaller probability of an actual mistake. Let’s use mixalpha-numeric-space, and this is going to significantly increase the amount of possible combinations. It will probably take until tomorrow to actually guess it, but oh, well. Press ENTER, and it’s still giving me a relatively small number of combinations. Let’s remove this one to say @@, and this one as well, @, press ENTER, it’s 726 gigabytes. Now this will take a significant amount of time. Let’s see what else we can close in order to increase it. Oh, I know why it’s so low. I am recording my screen for this tutorial. That is eating up my memory and CPU time as well.
I would like to show you something else before I wrap this tutorial up, because I have a feeling I’ve already breached the allotted time. If you have some sort of temperature meter on your computers, you will notice that after an hour, or something like that, the temperature will begin to rise. What you can do here in order to alleviate the stress on a single machine, and in order to increase the number of possible attempts, you can actually use this command and specify either a list of characters. For example, you can tell one machine, okay, I want you to do all of the combinations for 9 9. Of course, then this option would not be possible any longer. We would need to delete this, and another machine could do, for example, 10 10. Another one could do 11 11. This technique is especially useful for laptops, because a single laptop doesn’t have a ton of processing power. Laptops weren’t actually amazing. So we actually merged not just a few laptops but also desktop computers. I remember merging 10-20 computers together to conduct a brute-force attack. They were all generating passwords. You can give different parameters to different computers to execute it on the captured file. Because this captured file is portable, you can conduct a brute forcing attack offline. In the follow up tutorials, I will show you some other methods for how you can attack wireless access points, and what you can do with them. In any case, I bid you farewell, and I hope to see you in the next tutorial.
The remainder of the tutorial videos can be found in this YouTube playlist:
You can also enroll in the course and download the videos for offline viewing:
Enroll now in our Black Friday/Cyber Monday Course Bundle for 2017! This bundle of Udemy courses includes all 14 technology courses listed on the website by Joseph Delgadillo, Nick Germaine, and Ermin Kreponic! Get 98% off some of the best-selling courses covering ethical hacking, Linux administration, programming languages, and development!
This course is the successor to The Complete Ethical Hacking Course: Beginner to Advanced! Gain the knowledge hackers use to compromise systems and use it to protect your own.
Get started as a front-end web developer using HTML, CSS, JavaScript, jQuery, and Bootstrap. Use this course to launch your own career as a freelance web developer!
Gain the knowledge necessary for passing the CEH exam and move on to a career as professional pentester!
When you purchase this course bundle you will receive lifetime access to the classes, 1 on 1 assistance with the tutorials, and a certificate of completion through Udemy. Each course is fully subtitled in English.
Thank you for taking the time to read this and we hope to see you in the classes. Happy holidays!
If you want to get started hacking you will LOVE The Complete Ethical Hacking Course: Beginner to Advanced! This complete course will take you from beginner to expert hacker. We will begin with the very basics showing you how to setup your environment, and move on to password cracking, WiFi hacking, Dos attacks, SQL injections, and much more! Enroll for free!
Together we’re going to take a journey through Linux and give you the knowledge you need to be a power user, but first we must ask the question, what is Linux? Well, confusingly it depends on who you ask. In order to get an idea of what Linux is we’ve gotta go back in time. In the early 1980’s Richard Stallman, then working in the AI lab at MIT, started the GNU project with the goal of creating an entirely free and open Unix-like operating system. This all started when the lab got a new printer, but the license restricted his ability to modify the code. He had hacked earlier printers to electronically send messages to users who printed items when the printing was complete, as well as notifying other users when the printer was free to use. By the early 1990’s there was almost enough GNU software to create an entire operating system, however their kernel, the GNU Hurd, was not yet complete. Meanwhile, in the early 1990’s Linus Torvalds set out on a hobby project to develop Unix-like colonel known as Linux, and used GNU software such as GNU’s “C” compiler to do it. While a kernel on its own was useless, he ended up including GNU software with the kernel tree to release an operating system. Later, Richard Stallman’s free software foundation sponsored the group Debian to release a GNU/Linux distribution that was completely open for people to use and contribute to. Debian over the years grew from a small group of Free Software Foundation hackers, to the enormous community that is today. Due to its popularity, Debian has become the base of countless Linux distributions. Because of how open the software is, anybody to read the source code, modify it, and then redistribute it. Because of this, this is what we have now, it’s kind of a mess. There are so many Linux distributions that a common problem for beginners is what Linux distribution should I use. While there are a few distros out there that actually include its own software, one of the biggest problems in Linux is how many distros there are and the fact that a lot of them are the same distribution with new wallpapers, and icons, and everything else is the same. Ubuntu was started in the early 2000’s and is owned and distributed by Canonical. The base of Ubuntu is Debian, and Ubuntu has become so popular that it has in turn been forked countless times. Forking is a process which the operating system is used as the base of a new distribution. Ubuntu includes it’s own desktop environment called Unity, and has recently started distributing phones running a version of Ubuntu. Canonical also contributes bug fixes and other contributions upstream, meaning that they send these changes back to Debian to include in future releases. While Debian releases new versions sporadically, Ubuntu’s aim was to capture the stability of Debian, but released new versions more frequently. As such, Canonical releases two distributions a year, one in April and one in October. The naming convention of Ubuntu is year & month. So, the version we’ll be working with was released in October of 2015 and it’s called Ubuntu 15.10. Every two years in April, a long-term support version is released called LTS, which is officially supported for five years. While releases in between LTS versions are supported for only 9 months, the next LTS release will be in April of 2016. So, to download Ubuntu we’re going to go to Ubuntu.com, and when the page loads we’re going to see in the top navigation that there’s an option that says desktop. Just click on that, this is the version of Ubuntu we’re gonna be working with, and then when you get on the overview page, just click download Ubuntu, the big orange button in the main area. And on this page it’s gonna give us a few versions, so it’s gonna prompt us to download the last LTS release which was released 2014, in April. If you’re gonna be running Ubuntu on a server it makes sense to you long-term support versions because you only need to install a new version like every five years. You can install more frequently because there’s new LTS version every two years, but with a non LTS version there’s only official support and bug fixes for nine months. So, we’re gonna go with one of the nine months cycles here and download the latest stable release which is Ubuntu 15.10, this was released maybe 10-15 days ago. We’re gonna download 64 bit because that’s the processor type we’re running. You can either click the download button to download it directly in the browser, or you can click alternative downloads & torrents to view what other type of other files you can download. Now, if you’re running on a really super fast internet connection it doesn’t really make a difference. The in browser download is probably going to download just as quickly as a torrent, however if you don’t have an incredible internet connection, a torrent download is going to make a lot of sense. It’s going to download a lot quicker than it would in the browser. Now, I’ve already got my version downloaded, it took about 10-15 minutes, because I have really bad at the moment. Next thing we’re gonna do, we’re not going to install to directly onto our hard drives yet. That’s an awful big commitment to make when you you’re not really familiar with the system. So, we’re gonna do is go to VirtualBox.org, and this is a piece of software that allows us to create virtualized machines, virtual machines are a virtual computer if you want to call it that. This allows us to create different virtual machines, set them up differently, as well as star different operating systems on one. So, when you get to VirtualBox.org there’s a gigantic button here that you cannot miss. Click on that and it’s gonna take you to the download page for VirtualBox. Now, it offers different packages dependent on different operating systems. This is going to be for the host machine, and to put that it clearer terms, the computer that I’m in right now that we can see is running Windows 10, that is the host. So, I need to download VirtualBox 5 for Windows hosts, this link right here, click that it’s gonna start the download. Now, I’ve already got mine downloaded. We’re going to need these in the next few videos, so thanks for watching!
So, the first thing that we need to do to get into programming in Python is installing it. So, let’s go ahead and discuss about the three different ways that you’re going to be installing it. First, we’re going to cover Mac because that’s what i’m using and so it’s easiest to show you how to do it. So, what you’re going to do is open up terminal which I’ve moved into that folder and put right here. Now, if you haven’t installed Homebrew, what you’re going to do is run a Ruby command that’s going to download and set it up. So, basically what Homebrew is, is a package manager that you can use to install a lot of packages. So, if you’re used to Linux basically on Linux if you want to install a package you don’t need to go all around the internet and search for packages on websites and then download from shady sources and get viruses, that’s just a bad construct of computer operating systems, but unfortunately that’s how Windows works and so i’m going to show you guys the right way to install in Windows as well. Using Linux or OS 10 you’re going to be installing through terminal. So, first setup Homebrew, this is how you do it, come to brew.sh and it’s going to give you this line of code here. You just paste this in terminal, run it, it’s going to install brew. Once you’ve got brew installed what you’re going to do is run “brew install python” Now that’s how easy it is. OS 10 does ship with a version of Python but the the version included in OS 10 is 2.7 series and I think it’s actually an old really something that’s like to 2.7.5 or something like that so it’s pretty old. At least I think it was that. We can actually run “–python version” here, so okay so the version that OS 10 El Capitan ships with is 2.7.10. When you run brew install Python it’s going to install python 3, that’s the command that we’re going to have to be using because there’s already a Python version installed, so we’re going to be using Python 3 and you can check the version we’ve got 3.5.1 that’s the version that homebrew is going to install for you. Now similarly if you’re on Linux what you would do there’s a few different ways because there’s a few different package managers. So if you’re on Arch Linux I don’t think you’re gonna need help setting it up, and actually a lot of Linux distributions have Python/Python 3 pre-installed, so you can just run “python –version” and “python3 –version” and see what version you have installed, you might need to upgrade, it it might be fine. If you have 3.4 you can follow along with this course I don’t think there’s that many differences between the two versions and there’s definitely not code-breaking differences, so that shouldn’t be a problem. However, if you do notice that you’re having a problem you could upgrade the version of Python either through the repository or otherwise. If you’re on Ubuntu you’re gonna be using the apt-get command, so you’d run “sudo apt-get install python3” That’s going to install Python 3 for you. If you’re on Fedora I believe it used to be yum, I think it’s dnf now. Yeah, so let’s just review exactly what commands you’re going to be using, I think it’s like dnf install. So, you can still use yum I guess, ok so you can use yum to install. So, what you’re gonna do is we’re gonna run “sudo yum install” and then I believe the package is just called python3, Python 4 is going to be pretty amazing but right now we’re using Python 3. So, there we go. Now if you’re on Arch and I said I don’t think you need any help getting it setup but just for you know if you are new to Arch you’d run “sudo pacman -S python3” but again python3 should be pre-installed, so you shouldn’t even need to do any of this but if you do that’s gonna do it. Now on Windows you do need to go download a file from the internet and run it, the the difference between what I said before what I’m saying now is this is not a shady location. So, what you’re going to do is go to python.org, go to the download sections, and if you just hover over this it’s actually going to show you a drop-down and you can choose what platform you’re on. So you would choose windows and they actually have a 3.6 which we’re not going to we’re not going to be using because this is in alpha. So, click latest python3 release python 3.5.1, it’s going to take you to this page and basically give you a changelog and whatnot. If you go down here make sure you get the version that’s compatible with your system. If you have a computer that is not obsolete it should be running a 64-bit operating system which means it has a 64-bit processor. So you would download this one right here, Windows x86 64 executable and what that’s going to download is an .exe file which you can use to install the program. If you’re running a 32-bit system you’re going to download this one just the x86, and yeah just install it. Now, there is one note on the installation, when you run the installation there’s going to be a certain step where you have some checkboxes and one of them is going to say add python to the path variable, make sure that’s checked because if it’s not checked if you try to run Python in the command line you won’t be able to because it won’t know where to find this mysterious Python command. So, by checking that box basically it tells windows where the Python binary file is located, so you want to make sure Windows is aware of where that file is. And that’s all there is to installing it. To confirm that you’ve got it installed open up a command prompt to terminal and just type Python3 and it should drop you down into the interpreter, which we’re going to be discussing in the next video.
Hey guys, I want to touch briefly on Meteor.js, today in this video, and a little bit about how to use it. First thing you’re going to do is in a Google search just type “install meteor.” It’s going to give us the location of the Meteor installer to download. If you’re on OSX or Linux, just copy this command “curl https://install.meteor.com/ | sh“ open up Terminal, clear it out, and then paste it in here. If you get this error, it means that you don’t have curl installed so you need to install it. So sudo apt-get install curl” and once curl is setup you can run the previous command again. And it’s going to download Meteor and install it. I already have Meteor installed and so it’s removing my existing meteor installation, and it’s going to download a new one. So, when Meteor is done installing it gives you a notice here, how to get started. So, let’s just create an app, do I have a projects directory already, I do. So, I want to change directory to projects and I’m going to type, Meteor, create to do and it’s going to create project and a project directory in my current directory called “to do”. So, I’m going to change directory, and then if I list the directory Meteor has created the three files to get you started. So I can type “meteor” and it’s going to launch the program on port 3000, there we go. So, once again, this message means the app has been launched, so you can go to local hosts on port 3000 and this is our Meteor app. It’s got an event handler here for the click me button, which counts the times it’s been pressed, but that doesn’t really look to great. So I’m going to close this here, show you how you add packages to Meteor. So you type “meteor add” and then the package name. So you can browse Meteor packages by going to Atmospherejs.com, and if I were looking for say, bootstrap, I would…there is a lot here. However, the official bootstrap module or package is “add twbs:” stands for twitter bootstrap and then “bootstrap”. So, when I add that to my project like this, and let me go into the filemanager here, into projects, and to do, and you’ll going to see these three files that it created for us. But if you hit Control+H you’re going to also see a hidden directory entitled Meteor, and this is where it stores the packages that we add, and some internal Meteor stuff as well. So, I’m not going into that. These are the files that you’ll be working in with Meteor so you can open for instance, the HTML file with the “gedit” here we go. And you’ll see, this is the mark up. So, Meteor works with templates a lot. This isn’t an in depth tutorial, but more about how to get started. Meteor has a pretty awesome tutorial on their website. Just go to meteor.com and you can access the documentation, reference points, and the tutorial to get you started. So, that’s the basic usage of Meteor in the command line. Typically, it’s just Meteor create in the App name, and once you’re on the app directory just run Meteor to run the application, and you can use the Meteor add or Meteor remove, if you want to remove a package, add to add a package and then the package name. So, thanks for reading this and I hope you guys found it informative and a good place to start with Meteor. A selling point for Meteor is the fact that realtime interactions are built into its core. So, you no longer have to fake it, with Javascript, Ajax calls to PHP scripts, everything is done in Javascript, it’s all realtime. So, It’s awesome to work with and it makes things easy as well. So, check that out, if you’re into web application development at all.
In this video we’re not going to be doing anything, we’re not gonna be learning about networking specifically on Linux. We need to understand a few general concepts before we get to that. So, this video is going to be a sort of introduction to networking on Linux. An introduction to networking in general. So, right now you are on a computerized device watching this video which is on the Internet. And the way that’s happening is basically you’re connected to a router, or a modem router all-in-one device, and the router is connected to your internet service provider, and your internet service provider has devices that are connected to the bigger world of the internet. So, you send a request, if you open up a browser and type in google.com and then hit enter, your web browser sends that as a request. It’s basically saying okay this is the web page that this computer wants to look at right now. It sends that through your router, which sends it to your internet service provider, and your internet service provider has all these fancy computers that properly route certain requests to DNS servers, any requests actually. What a DNS server does is it says okay, you gave me this string of text, a domain name or URL, and I have a record here that shows this domain or string of texts is supposed to serve up the content at this IP address. And so how the internet works is it doesn’t understand Google.com or Facebook.com. The internet uses network addresses, right, and so think of it like each web server, each server out there has and address just like every house on your street has an address. So, if you were gonna send somebody down the street to Joe’s place, you would say okay well go to this address, then you would give them the address of Joe’s place and they would be able to find it. The same thing is happening on a DNS server. You give the DNS server a domain name that you want to look at, and then th the DNS server takes that and says okay well I know this domain name is supposed to route to this IP address. So, you request, you need to go over to the server to get that content, and so your request then gets translated to an IP address and other information, and it gets to the web server that it’s supposed to be at. And then the web server running Apache or anything really nginx, I’m sure there’s tons out there that I don’t know about, but the web server receives requests, it receives all of the information related to it. So, cookies you know session variable stuff like that as well as the exact item you want to look at it. So, if you go to website.com/something /something else, everything after the .com/ is called a URI and that indicates what piece of content on the server you want. So, think of the first part domain.com as what server you need to be communicating with, and then afterwards you know /about.php or something that’s gonna tell the server once it gets the request what page it needs to send you. And then it does it’s you know rendering process and it sends you that page in the exact same route that your request took to get there. So, it’s like when you send your friend down the street to Joe’s place to pick up a box of pizza. So, your friend walks down the street he turns left you know maybe turns right, he gets to Joe’s place, he walks in says hey I need to get a pizza, Joe gives him the pizza, then he walks same way back to your house, and before you know it a web page has loaded within your computer box. That’s how that happens. I hope you guys understood that. In the next video we’re actually gonna cover a few more concepts before we dive into you know really understanding to the point that we can use applications to do certain things. So, I hope you guys found that informative. If you didn’t, if there’s any point in this video that you felt lost, or confused, or even that I was just rambling, or even if you just want to tell me you know a few more web server applications aside from Apache, there is a comment section to the side of this video. You just leave a comment I will reply and get you whatever information you need, and hopefully this will make sense to you. So, in the last video we described how the internet works, what the internet is, is technically an interconnected collection of networks. So, all these little networks all over the world can now be connected to other networks in the world, and so we have the internet which is just that. So, to understand the network here we’re bringing it down from you know the top level stuff, down to a more localized thing. And so a local network is the type of network that you have set up in your house, where you connect to the router, the router then you know can interact with the internet for you, and then return the information to you computer. Now, I wanted to talk for a moment about IP addresses and the current issues that face them, while still using ipv4. So, let’s open up a document here. So, an IP address looks like this. This is an IP address of a server somewhere, probably, if you put this in your browser…actually let’s try. That was just a random one that I just wrote up, let’s see what happens. This is probably the address of somebody, somebody you know, somebody is connected to an internet service provider and they get one IP address for all their computers, and the reason why that happens is because these IP addresses can go from 1.1.1.1 all the way to 255. So, as you can imagine the range is pretty big but it’s not quite big enough for the human population, and so we’ve been running out of IP addresses for the last fifteen or twenty years. And, multiple solutions have been brought into the equation to try and solve this problem. One of them was called a NAT. What this is is a network address. Basically, you have one router you have one IP address. So, the IP address you have let’s say is this one up here at the top, this is your IP address that the internet service provider has given you. Without the use of a router you can plug one device into the modem and your computer will use this IP address in requests, so basically when you send a request to google.com to load a page or to load a search what happens is your IP address gets sent to Google as well so that Google can return this data to your device. But, what happens when you only have one IP address and seven computers, that’s when the NAT comes into play. So, this IP address now is the IP address of your modem or router, and it assigns NAT addresses to all the devices on your network. So, let’s say you just have two devices on the network. The first one, actually the IP address of your actual router is likely this. I’ve seen one instance where a network did not use this IP address as its routers IP address. The IP addresses that your router will assign to computers in your home all begin with 192. So, basically it would be something like that, right, that would be the IP address, actually hold up I got this wrong. This is the IP address of your router, this is the IP address of your first computer. So, it always begins with 192.168 Your second computer might be this, and your 3rd computer might be this. So, now you have three IP addresses, three devices on your network and your router here is keeping track of them. So, from this device I type google.com into the address bar, what happens is this IP address along with the request gets sent to my router, the router then sends the request off to the ISP and then over to the internet and stuff, with the IP address of the router which internally is this and externally this is our ISP IP address they gave us. So, what happens this gets sent to google.com, google.com sends the page back to this IP address connected to the router here, the router then takes that request and connects it with the device that requested it, and then it sends it back to that device. And so that’s how a router interfaces between a local network and the internet. So, in the olden days before the NAT address and routers really took off each one of these computers would have had a different IP address, so it would have looked something like this. So, that would have been 3 actual IP addresses when we found a way that you actually only need one IP address for our network, and so that’s what a router does and so these IP addresses are local and you’re gonna see these in terminal. Now, one other special IP address is 127.0.0.1 On every computer this means this computer. It’s basically a self identifying IP address. If I were to type this into my browser I would see my localhost, where if you put this in your browser you would see your localhost. The NAT IP address basically works the same way. So, if I were to go to 192.168.0.3 it would try to find a computer only on my network that has this address and then connect to it. So, that’s how a router works, in the next video we’re getting into the ifconfig. On Windows you have an ipconfig command, on Linux here you’ve got ifconfig and we’re gonna cover that in the next video, and a a few other commands as well. So, thank you guys so much for watching, and I’ll see you guys soon.
Welcome all. This is an introduction to ethical hacking for 2016-2017. And before I continue any further, some of you may know me from the previous ethical hacking course, and this one will be significantly more advanced as opposed to that one. That being said, the requirements for this one will be also significantly different. But before we continue any further, let me just go over a few things. First of all, my throat is getting dry, because this is like the fifth time that I’m attempting this and certain people, certain very rude people keep interfering. But anyway, there a few considerations to make here. So the first one, is what can you expect to learn from this course? Well, you can expect to…I will show you basically, how you can compromise systems, monitor a traffic in the air, fight against encryption, what you can do with encrypted traffic, how you can attempt to decrypt it. Some of it you will be able to decrypt, I will show you various methods, Listening booths in the middle, and how to take off certain layers of encryption, and extract the useful information from the data which is out there in the air. I will show you various methods how to compromise systems in general, like PCs, servers, phones, smartphones that is. And we also may play around a little bit with the GSM network and see some of the vulnerabilities there. That’s a 2G network, so you have 2G, 3G and 4G. 2G is the GSM and 4G is the LTE. Anyway, we will be most likely, I will most likely at a certain point in time also talk a little bit about social engineering and you will see the practical aspect of that as well. But, there are two kind of considerations that you should make when taking this course. So, moral side of things and legal considerations. So, just because you will be able to do something, and I will teach you how to do some serious damage with the knowledge that you get you will be able to do some serious damage, but it doesn’t mean that you should. There really is no need for you to do so. And just think about it, you don’t want anybody messing with your stuff, so don’t mess with anybody else’s stuff. There really is no need, or justified reason for you to do it. Legal aspects, legal considerations. In most countries, it is illegal to mess around with systems you don’t have permission to mess around on systems that you yourself do not own. Just to give you a stupid example, it’s illegal to mess around with your neighbors Wi-Fi. It’s illegal to connect to it without that person’s permission, who owns it. So even these small, I would say, inevitable things are taken into consideration by law. Not to speak of breaking into the servers or taking information from the phones, personal information from the phones and other kinds. That’s all covered as well. So you can get into a lot of trouble if you misuse the knowledge. I will give you a lot of knowledge here, I will show you how to do various things. Please, do not abuse the knowledge. Use the knowledge, do not abuse it. Ok, that being said, let’s go over to the other side. Besides of the cute puppy up there that my friend drew, sitting over there smiling, for some strange reason. He doesn’t want to come on camera, God knows why. You will have software and hardware requirements for this course, so those are the two. You have three requirements, one is software, one is hardware and the third one is, your current knowledge, your current amount of knowledge, so to say. Let’s get into the operating systems. So, Windows and OSX are completely incompatible for our purpose. On OSX you lack a large amount of tools and you lack hardware compatibility in the first place, even though you have a Unix-like Shell, it’s really not a system that you want to use for this purpose. Windows as well, Windows is even worse. You don’t have the degree of anonymity while using Windows is not really that good. With Linux, is open source, you know all the traffic that’s coming out, that’s going in, to monitor, to know exactly what it is, all of it can be decrypted. With Windows, you will have…I notice a lot of unauthorized duplications from my machines, and it’s closed source, you don’t know what is going on in the background, you don’t know the source code. And you might say, “Well, I know the source code of Linux but I’m not a developer, I have no idea what it means” It doesn’t matter, a lot of other people know what it means, a lot of other people who made it. Somebody who says something out there on the forums, if there was funny going on there. I don’t what’s going on with Windows, under the hood, and I don’t know what’s going on with OSX under the hood, and therefore I generally don’t like using them for anything unless I am practically forced to do so. My primary operating system that I use in my daily basis for productivity work, with pen testing and development is Linux, and it has the largest, practically the best tools for development and for pen testing. It doesn’t matter which distribution you are using, you should be able to install pretty much all the tools on all the distributions out there. Anyway, you will need a machine where you will have Linux installed. So, we will need Linux as an operating system installed. I will tell you which distro to choose, I will make suggestions and I will show you how to install it. Now, to answer the questions in advance, yes, you can have a virtual machine on Windows or OSX. Yes, you can have a bootable USB with persistence storage, and yes, you can have dual boot on Windows and OSX, all these three setups are…first of all, you’re gonna encounter a lot of problems with dual boot, with both Windows and especially OSX. Linux dual booting with OSX and Windows is a huge problem, especially with the UEFI Bios. Some of you might argue and say, “Well, it’s not, I’ve succeeded in doing it” Yes, I’ve succeeded in doing it, it works, but, it’s a hassle to get it to work, or at least it was a hassle for me, the process is buggy, you will encounter a lot of problems and a lot of your problems I cannot replicate them and not know how to solve. I can’t replicate them and therefore I don’t know how to solve them, because the dual boot behaves differently on different machines with different BIOSes. On different motherboards that is. So, have a machine which has Linux installed as a single operating system. All these other optional setups, like dual boot, live USB, virtual machines, I’ll go ahead and create these videos for you and I’ll post them on Youtube as optional setups, but that’s not the setup that I will be using, that’s just something that I will post there for you, so you can have a look, but it will not be a part of this course at all. They will be on Youtube, they will be completely free, no need to registering or anything like that. If you want have that kind of setup you can go, have a look at it, but I make no guarantees there. Ok, so, in terms of hardware, First, what you need to consider is driver compatibility. Driver compatibility has been an issue for a very long time with Linux, but lately it hasn’t been a problem almost at all, because Linux nowadays supports pretty much most of the devices out there without any problems, with open source drivers, and open source drivers, yeah, they tend to work, really, really, really well with most devices out there. There are still hiccups here and there, but, it works. However, you will need to make sure that your system that you are using in terms of hardware components is compatible with the Linux kernel. You do this by basically getting the list of components of the PC and just typing in on the net, like, wireless card, what number, drivers for Linux, and it’s gonna tell you, yes, they do exist or no, they do not exist. If you type in, like, graphic card, this graphic card driver’s for Linux. Yes, they do exist or they do not exist, so that’s some of the checkups that you need to make. In general, if the drivers exist for, I mean if you have drivers in one distribution and if they’re open source you can have them for pretty much all the distributions without any problems. Next up is really important, so router access, you will need access to your home router, you will need to be able to access it. A lot of ISPs these days, they tend to block the user access to the home router. I don’t know why they do this, most likely because they don’t want a ton load of people messing around with the configuration of the routers. And they don’t know what they’re doing, so they mess things up and they call support and it takes valuable time and effort and it costs them money. So they just lock the router. But, if you don’t have access to your router, what you can do is just give them a call or write an email, asking that you would like to have a permission, that you would like them to unlock the router and they will tell you: “Okay, but you can do that at your own risk” Most likely if you mess something up, they will charge you some small amount to restore the original configuration. But, you can basically back your router up, once they unlock it. And just create a backup file and you can use that as a restore point in case you don’t know how to restore the internet connection in your house. However, you will need access to your router because we’re gonna be configuring, we’re gonna be opening up this machine to the outside world, so it will be accessible from outside world. This will be necessary for certain setups, I will show you how to configure the router and to configure….what you need to do is pretty much the same on every router, however, the interfaces on the routers will vary, but it’s quite simple, there isn’t much up to it. Wireless cards, this is also you will need to keep in mind, they need to be, not only compatible with Linux, but they need to be compatible with Aircrack and Reaver, so Aircrack-ng and Reaver. Some wireless cards function well, other do not, you can look it up on the net which ones do and which ones do not. In the final account of things, you can just go ahead and use the one that you have and see how it works out. Chances are that it will work, but again, that’s some of the information that you will look up on the net. You see, first of all you establish which chipset does your wireless card use, you can do this by typing in the model of your wireless card on the manufacturer’s website and the manufacturer will have the chipset listed there. Then you check whether that chipset has compatible drivers for Linux, and whether that chipset is supported by Reaver and Aircrack-ng. All this information is listed on the sites. So you just use your favourite search engine and, I assure you, you will find these results without bigger difficulties. If you fail by some crazy chance to do so just go with the flow and see what happens. See if it works out or if it doesn’t. The CPU, now the CPU that you have should support virtualization options, that means for Intel, you will need VT-d and for AMD you will need AMD-Vi. These are the flags which tell you if the processor is capable of virtualization. That’s the simplest explanation I can give in that regard. Make sure that your, it will be nice if your CPU supported virtualization so that you can do everything that I do as well. How do you check this? Well, you go to the manufacturer’s website and again, you see whether it’s supported or not, you can even ask the manufacturer with an email if it supports virtualization or not, just give them a call, I mean, and ask them quite literally, just give them the model number and they will be able to tell it to you, yes or no, without any problems really. Now, RAM, it will be good if this machine where Linux will be installed would have at least 4GB of RAM. Linux doesn’t necessarily requires 4GB, it’s gonna run with less than 2GB without any difficulties. It’s not RAM hungry like Windows and OSX are, but it would be good if you had more than 4. Why more than 4? For smoother operations of virtual machines, because we’re gonna have some of them, which we’re gonna set up there, and that we will use as our own small virtual servers, as our own pocket environments, where we shall conduct our research and where we will…the servers which we will use in order to go through the course, we’ll build our own environments where we will perform whatever it is that we need to do. USB, have a USB lying around, some USB, it may not be a big USB, it may not be a 3.0 USB or anything like that, pretty much any USB stick will do. What will you need it for? One of the basic things that we might need it for…I can show you how to make a cryptographic key, how you can convert it a USB into a crypto key, when you plug your USB into a laptop, you basically unbox or unencrypt your drives and it unlocks your PC. And then you can have another layer of security on top of that and it can request for a password confirmation as well. So that’s really good security for you right there. In addition to all of this, I will also show you how to monitor traffic, how to protect yourselves, how to secure your environment, how to figure out what’s going on on the network. where to post listening, where to listen for the network traffic, how to figure out what is going on and such things. And in addition to all of this, my final thing that I would like to state here, is the disclaimer. I am not in any way responsible for what you do with the knowledge that I give you, I’m giving you this knowledge in good faith, this knowledge is presented here in good faith, that you will use it properly and that you will not abuse it in any way. As all of this is for educational purposes so that you will gain knowledge, not so that you go messing around with your neighbor’s Wi-Fi. I mean, just don’t that, it’s quite stupid, you have nothing to gain and you can get into a lot of trouble for no reason of whatsoever. So, that’s it, I’m gonna go head bid you all farewell and wish you a ton lot of luck with this course and I hope that you have a lot of fun as we go through a lot of these things.
