00:00:00
all right let's take a look at
00:00:01
everything that we are dealing with all
00:00:04
the little applications and programs in
00:00:07
our demonstration at the very top is
00:00:10
Debian itself so Debian is a Linux
00:00:13
flavor so a lot of people when they take
00:00:17
a look at a platform they're like well
00:00:18
what are you using are you using
00:00:20
Microsoft Windows or are you using Linux
00:00:24
and it's a hard question to answer
00:00:26
because when somebody says hey I'm using
00:00:29
Microsoft Windows you can probably
00:00:31
already guess that they're using some
00:00:34
maybe Windows 10 or Windows 11 pretty
00:00:37
much unless they're into Legacy software
00:00:40
in in which you might presume they're
00:00:42
they're using Windows 7 or Windows 8 or
00:00:45
something although Windows 8 is is
00:00:47
actually really hated out there so when
00:00:49
somebody says I'm using Windows they
00:00:51
have an idea what you're talking about
00:00:53
when it comes to Linux Linux is a little
00:00:55
bit
00:00:56
like being asked do you speak Chinese
00:01:00
because quite frankly there is no
00:01:03
Chinese language there are only dialects
00:01:06
related to that southeastern region so
00:01:10
there's one example of a dialect is
00:01:13
Mandarin so when it comes to Linux there
00:01:16
is no Linux operating system there are
00:01:20
flavors of Linux and that's what you
00:01:23
have to say when you're talking about
00:01:25
which operating system you use the
00:01:27
flavor or distribution I should say
00:01:30
we're using is Debian and the reason why
00:01:33
I'm using I choose Debian is because
00:01:36
there is a wonderful array of arm 64
00:01:41
versions or architectures of Debian and
00:01:44
there is a a arm 64 version of c and
00:01:49
maybe Fedora and maybe Ubuntu but Debian
00:01:53
is just a really really great great
00:01:56
version that you can utilize on your Mac
00:02:00
M1 M2 M3 or M4 MacBook or or MacBook Air
00:02:05
or something like that and you can
00:02:08
utilize Visual Studio excuse me uh
00:02:11
VMware Fusion or you can utilize an app
00:02:14
called UTM so I'm not going to go
00:02:17
through the instructions about how to
00:02:20
install uh Debian over over UTM or or
00:02:24
VMware or VMware Fusion it's just that
00:02:28
you know that's something you should
00:02:29
know how to do as a skill set so that's
00:02:32
Debian moving on we have uh NC so that
00:02:36
stands for netcat and actually if we go
00:02:39
to Debian right here and we do the man
00:02:43
NC or netcat we can see that NC is a
00:02:47
what they call a TCP IP Swiss army knife
00:02:52
and what it refers to is the fact that
00:02:54
it's so utilitarian like there's so many
00:02:58
different utilities and as you can see
00:03:00
it NC actually stands for netcat and
00:03:04
it's a simple Unix so this one goes back
00:03:07
a Long Way to the old Unix days it's a
00:03:10
simple Unix utility which reads and
00:03:12
writes data across network connections
00:03:15
now when you think of network
00:03:17
connections you probably think of client
00:03:19
server or something at least another
00:03:22
entity or PC or asset that is beyond
00:03:25
your local PC definitely or especially
00:03:29
beyond your local network all right but
00:03:33
what we are doing I'm going to press Q
00:03:35
to get out of here what we are doing we
00:03:39
are let me going going back here what
00:03:41
we're doing is let me grab my drawing
00:03:43
tool right here we are going this is our
00:03:47
single PC right here our single so this
00:03:51
is like our desktop and I'm sorry it's
00:03:53
kind of like a 2-year-old made it made
00:03:55
it but what we're going to do we're
00:03:57
going to open up two terminals so we're
00:04:00
going to open up two command line
00:04:02
interfaces uh on the same desktop so
00:04:05
imagine this is the same computer okay
00:04:08
and here's your desktop so we're opening
00:04:11
two distinct you know uh sessions uh
00:04:14
terminal sessions on the same computer
00:04:17
and then we're going to communicate as
00:04:19
if we're on different computers but
00:04:21
we're on the same computer and we're
00:04:22
going to utilize NC or netcat as a chat
00:04:27
box so um I'm going to to start this
00:04:30
this will be the listener and this will
00:04:32
be the client and then the client will
00:04:34
say something and then the listener will
00:04:37
say something back and then the client
00:04:39
will say something back and then what
00:04:41
we're going to do is we're going to use
00:04:43
uh let me bring out another color here
00:04:45
we're going to use wire shark right here
00:04:48
we're going to use wire shark to listen
00:04:50
in onto the conversation and the
00:04:53
implication is is that if wire shark can
00:04:56
listen to two you know separate
00:04:58
conversations even though they're on the
00:05:00
same computer there are separate
00:05:01
conversations so if wi Shar can listen
00:05:03
to the to separate conversations on your
00:05:06
computer you buy inference it can also
00:05:09
do the same if you're like at a coffee
00:05:12
shop and somebody basically uses a
00:05:14
program like Eder cap to you know to do
00:05:17
the man in the- Middle attack and
00:05:19
somebody in some coffee shop could
00:05:21
possibly see your information so be
00:05:24
careful when you're at a coffee shop you
00:05:26
know don't go to like your financial
00:05:28
institution or your bank or something
00:05:30
because yes you know your bank is
00:05:33
protected by HT
00:05:35
https which are is basically a digital
00:05:39
signature certificate like it's en it's
00:05:42
encrypted but the beginning of it the
00:05:46
initialization of the request might not
00:05:49
be encrypted and the the client or the
00:05:54
the nefarious being that is
00:05:56
eavesdropping on your on your request
00:05:59
might figure out a way to decode your
00:06:02
information based on the initialization
00:06:05
algorithm of your request that being
00:06:08
said let's go ahead and begin our
00:06:10
demonstration all right we're about to
00:06:12
do a demonstration here but before I can
00:06:15
complete my demonstration where're I
00:06:17
want to show you that I am virtualizing
00:06:21
on my MacBook M3 and I'm using VMware
00:06:25
fusion and this is of course as you can
00:06:27
see Debian now in in order for me to
00:06:30
begin my demonstration we have to
00:06:33
install net Tools in order for me to uh
00:06:37
take a look at what the IP address is
00:06:40
with the command if config which is the
00:06:43
kind of like the windows version of it
00:06:45
which is IP config so of course Linux
00:06:49
and other NYX like languages have if
00:06:52
config now Debian does not come with
00:06:56
that installed that might be different
00:06:59
with Cali I'm sure with Cali it comes
00:07:01
pre-installed but with Debian you
00:07:03
definitely have to install it separately
00:07:05
so how you install it is pseudo apt so
00:07:08
pseudo allows you to do root type things
00:07:11
even if you're not if you're ho if
00:07:14
you're screen name isn't on in the root
00:07:17
but it could be on the Su in the sudoers
00:07:20
group in which case this is a is
00:07:22
Advanced package tool for many Linux
00:07:25
distributions like Debian and also uh
00:07:29
yub to places things like that and also
00:07:31
Cali and then of course the function of
00:07:35
the AP is install and then the name of
00:07:38
the package is actually net tools okay
00:07:41
so now the if config command works so we
00:07:44
can we can say pseudo if config and this
00:07:49
gives us our IP address as you can see
00:07:52
okay the next thing we have to do we
00:07:55
have to install wire shark which is a
00:07:57
way to analyze packets on both our local
00:08:01
network and analyze Global packets so
00:08:05
we'll go ahead and install it and then
00:08:06
of course let's see oh it it let me
00:08:09
raise this up do you want to continue
00:08:11
and obviously yes so just have to give
00:08:15
it some time for it to connect to its
00:08:18
sources and we want to say yes super
00:08:22
users should be able to okay and so just
00:08:25
to analyze the command PSE sudo allows
00:08:28
us to do root things with a nonroot user
00:08:32
Advanced packaging tool and then install
00:08:35
is one of the functions of AP and then
00:08:38
wi shark represents the name of the
00:08:40
program we want to install and if we
00:08:43
type in man wi shark it'll give us a
00:08:45
description it is a guey Network
00:08:48
protocol analyzer so as it says it lets
00:08:52
you interactively browse packet data
00:08:55
from a live Network or for a previously
00:08:57
saved capture file and so that is wi
00:09:00
sharp all right let's take a look at how
00:09:02
we can set up the demonstration there is
00:09:05
as you can take a look at your diagram
00:09:07
there are two sides to this and we can
00:09:10
actually make two Terminals and if you
00:09:12
want to go ahead and see how we can make
00:09:14
an extra terminal we can click on
00:09:17
Terminal and then just click on new
00:09:19
window and that allows us to bring up
00:09:21
more than one terminal now on one side
00:09:24
we have NC or netcat and then we have
00:09:28
space and then Dad so Dash is kind of
00:09:32
kind of like telling it what how you
00:09:35
want the app to act what you want it to
00:09:38
do so in this case NC space space and
00:09:41
then some people call it Tac l i just
00:09:44
call it a plain old Dash so NC space- L
00:09:48
that says this side is the listener so
00:09:51
according to the diagram it shows this
00:09:52
side being The Listener and this other
00:09:55
side is the I guess you could call it
00:09:58
call it a CL
00:10:00
so this side is the listener so this is
00:10:02
what the L is saying and then we have
00:10:05
space and then Dash p that stands for
00:10:08
port and we can decide what kind what
00:10:10
port we want to use we have ports one to
00:10:14
right around
00:10:17
6,400 some ports and of course I think
00:10:20
there are more but the the reason why
00:10:23
the 31,000 range it was selected is that
00:10:27
because it's not a common port
00:10:29
common ports are for example Port 80 for
00:10:33
HTTP Port 443 for uh for
00:10:37
https and so on and so forth there's
00:10:40
ports for Email exchange there's ports
00:10:43
for ports for
00:10:44
DHCP and and such and and things like
00:10:47
that so the by the time you hit the
00:10:49
31,000 you're in kind of like random
00:10:52
Port ranges so
00:10:55
31337 is safe so I'm hoping that you're
00:10:58
taking it a pay pay attention to this
00:11:00
side of the screen right here so again
00:11:02
we call NC or netcat which means uh
00:11:06
that's in Linux that's how we that's how
00:11:08
we execute a an application is we is we
00:11:12
actually type in the app type in the
00:11:15
application and then we say space and
00:11:17
then- L Dash and then space and then- P
00:11:20
which means the port number and then we
00:11:22
can press enter so we've turned this
00:11:24
side of the terminal into a list into a
00:11:27
listening Port this is the client Port
00:11:30
so in order to get us to get us to know
00:11:32
what our IP address is you you saw how a
00:11:35
ran if config and that's how we got the
00:11:38
IP address uh 17216 11151 128 and then
00:11:43
of course we're targeting we're
00:11:45
targeting Port
00:11:47
31337 so these two ports should match
00:11:50
now remember we're on the same PC except
00:11:52
where there're different terminal
00:11:54
windows so technically they're they're
00:11:56
going to be different streams so I'm
00:11:58
going to go go ahead press enter now
00:12:00
what this means is we're using netcat to
00:12:03
Simply have a conversation between the
00:12:05
same two terminals on the same P excuse
00:12:08
me between two different terminals on
00:12:09
the same PC so here I can say hi and you
00:12:13
can see on this end we have high and
00:12:15
then we'll say how you doing like this
00:12:19
and then we'll in this side says Fine
00:12:22
hey guess what we went bowling and Jerry
00:12:29
got
00:12:30
290 and on this side this other person
00:12:33
might say Jerry or Jerry and then we can
00:12:36
say Jerry the one with a mullet cool and
00:12:42
that's about it now oh you know what I
00:12:46
should have ran the other part of this
00:12:48
demonstration so I'm going to press
00:12:49
contrl Z to end this and then I'm going
00:12:52
to press clear and press clear for here
00:12:56
and this time I'm going to go ahead and
00:12:59
run Packa Tracer or uh yeah not Packa
00:13:02
Tracer wire shark so I'm going to go
00:13:05
ahead I'm going to continue without
00:13:07
saving and I'm going to X this out and
00:13:11
I'm going to go ahead and capture and
00:13:13
let's do this again with wire shark in
00:13:16
the background so let's go ahead and
00:13:18
capture on Port
00:13:20
3137 as a listener and this is running
00:13:23
NC netcat on Port 3137 as a client and
00:13:27
then I'm going to say hi that's going to
00:13:29
say hi and then we'll say hello how are
00:13:33
you and then finally this side we'll say
00:13:36
Jerry bold a one uh a 290 two let's give
00:13:41
him some extra points 295 and then we'll
00:13:44
say Jerry or Jerry and then Jerry with a
00:13:49
mullet and the other side says cool okay
00:13:52
and we'll go to here we're going to end
00:13:54
the capture and we'll end these services
00:13:57
on this side and the service is on this
00:13:59
side now let's go ahead to this capture
00:14:02
we're going to analyze we're going to
00:14:03
follow and then we're going to follow
00:14:05
the TCP stream and low and behold even
00:14:08
though this wire shark was a separate
00:14:11
program running on a separate stream it
00:14:13
was able to capture this in real time
00:14:17
because this netcat sends things out in
00:14:20
plain text now the ramifications are
00:14:23
such that if you're in a land and you
00:14:27
establish wire shark as a list
00:14:29
and you're able to you know run ethereal
00:14:32
or something to to enable the man in
00:14:35
the- Middle attack any application that
00:14:37
is sent in plain text can be captured
00:14:40
quite fruitfully by a program like wire
00:14:44
shark and yes that should very much
00:14:47
scare everyone
