Placeholder Image

字幕列表 影片播放

  • All right.

  • Hello, world.

  • This is CS 50 on this Colton argument today.

  • We're joined by sees fifties.

  • Nick.

  • Juan.

  • Hello.

  • Thanks for joining us on screen.

  • What we're talking about today we're talking about Callie.

  • Callie Lennox County S O.

  • Yeah.

  • Great question.

  • I think a lot of people have heard of Callie more or less, but basically it is a penetration testing Lennox distribution.

  • So it is geared towards pen testers all over.

  • The goal is for them to be able to just spin up a device with a fresh OS, and they have all the tools that they would possibly want to do.

  • Pen testing eso I see in the chat room talking about hacking, pen testing and hacking are different, really and kind of intent and permission, but not much else.

  • Both have to think like Attackers.

  • Both have to understand the systems that they're attacking.

  • The networks that they're attacking both have to understand a lot about how people think.

  • And there's many more things not not covered in those three topics that are also part of pen testing and hacking.

  • The difference.

  • Key difference being pen testers are, I would say, 100% of the time asked to do the hacking.

  • Uh, there's maybe a corporation or an individual or an institution that asks pen testers to come in and test the security of the network or test the kind of resilience of the network to being penetrated by external forces or Attackers.

  • Hackers are usually not asked to attack people.

  • I think the only times that would occur is if someone thinks that they're so secure and they challenge people to hack them.

  • But that is the kind of key difference there.

  • But both have been known to use Callie Lennox.

  • They will have to kind of go through a couple of terminologies here in that black hat.

  • White hat, pen tester, hacker um, and script kiddie are kind of five key words I think we should cover because we've kind of covered a little bit of pen tester and hacker.

  • There's Black Hat White House, which kind of correspond just white hats and black hats that correspond where a white hat hacker is someone who tends thio work as a pen tester.

  • They're employed, that's their job.

  • They get money and they're legally allowed to do certain things.

  • A lot of times in pen testing scenarios.

  • If you're hired by like, AH, company that has sensitive Donna, they have very strict rules on what you're actually allowed to do.

  • Maybe you guess the password username combo and that you don't you don't go any further.

  • Or maybe they say, OK, you've got that.

  • And now you are allowed to spread a virus from machine to machine, but you're not allowed to do anything else from the virus can take information.

  • No information extraction.

  • There's other companies that might say, Hey, extract as much information as you can get at the end of the week.

  • Tell us what you got and will verify that that was like the right information.

  • Black actors are what you think of.

  • Usually when you say hacker, that's that's the person who's going around snooping through a system, putting viruses on things, doing all sorts of terrible stuff, maybe for good purposes in their minds.

  • But it is certainly illegal, or it should be very illegal.

  • United States laws on hacking are actually a little questionable, and whether or not they actually do what they say they do.

  • I think you can look at the Senate interviews of our Congress interviews Zuckerberg and, uh And we kind of tell you what you need to know as faras where our lawmakers are on hacking legislation or just technological legislation.

  • Someone removed?

  • Yeah, that's a good way to put it.

  • Uh, yeah, it's Ah, it's a wild time.

  • And I see in the chat David is President said I was a little bit popping.

  • Was that Mr Robot is lurking the sandwiches that I saw the first episode I saw.

  • I watched the first episode of Mr Robot because he always talked about it, and I was super sites to actually see that very good shot pretty prominently, especially towards the later season.

  • After season one, we don't use a ton, but season to season three.

  • You'll see the that Connie pull it up on my screen.

  • But yeah, very cool.

  • Nick Co tu auras, Lennox, your thing s o.

  • I mean, those aren't necessarily mutually exclusive.

  • I do love Lennox systems.

  • I tend to be a lot better with Nick Systems that windows, for example.

  • But I do also code quite a bit.

  • I mostly in python and suppose plus, but I'm pretty familiar with, like our if you count?

  • That is programming.

  • Uh, nothing against aren't sorry that I really like by that.

  • I'm not a huge fan of our Matt lab, I guess if you count it on Java script and Jake weary and things like that A lot of Web development stuff as well.

  • How does he have a sees fit to send what topics to cover on stream.

  • Oh, yeah, you and I do.

  • A lot of the streams will get a lot of ideas that kind of talk about it, but a lot of it is cater towards the end of the folks expertise who have the time to come on stream.

  • It's usually in the center of what the folks are familiar with.

  • But we'll take suggestions.

  • If you have suggestions different, let us know you should be wearing a black honey.

  • Actually, I should've brought my, like, hacker black Hoody.

  • Probably true U s.

  • So what is the overall, I guess, sort of flow of the stream state, like, how are we gonna demonstrate politics?

  • So originally, I was going to walk through some of the tools that are included in Cali Lennix by default and kind of explain what they do and so on.

  • And we're still gonna do that.

  • But we're going to contextualize it a little bit on.

  • So the way that we could kind of imagine this scenario is somewhat comments and actually right now, and I think it'll actually getting more common as we go where I used to.

  • We're gonna protect his All Star.

  • Am I?

  • Some of it was actually personal, True, but it's all scenario at this point where we're going to say that cold and I work for a company on I am a network admin or kind of like a sys admin.

  • I do stuff on the computers.

  • I told my manager, and I called is not happy with my performance one day.

  • It makes perfect sense fires on Once I'm fired.

  • I have most companies, I think, try to implement this in such a way that they, like, clean out your access very quickly.

  • But this company doesn't really do that.

  • So I get access to the machines for around a couple hours before I fired.

  • Plus, I kind of knew the firing was coming, you know, like I keep sleeping on my shifts and eating bananas, whatever.

  • So I have kind of known that everyone does as one does when there's this admit And Yates.

  • Um, actually, it's an illusion turn cybersecurity competition on.

  • So I know that, and I know I'm gonna get fired, so I kind of messed around with some of the systems.

  • They also work.

  • Everything still works.

  • It's all operational.

  • Well, actually demonstrate that it's still operational.

  • But I like, you know, added some things miss configured some stuff through some service is around, you know, there's there's some other things going on there, and I am super familiar with catalytic.

  • So I made it really easy for Kelly to attack U S O.

  • He fired me.

  • I no longer have direct access to the systems.

  • And now Colton being the man good manager that he is, he went through the change, the passwords, that was it.

  • And actually a lot just don't even do that.

  • So, like, that's actually pretty good step.

  • The passenger knew now he changed into things.

  • He heard of this thing called Wait, speak.

  • So he, uh he, uh, modified some of his passwords that their lead spoken.

  • Now I guess that's the very secure, very secure.

  • And we're gonna talk about why Callie is kind of cool.

  • It's the best tool for script kiddies if and I know that someone somewhere I'm positive will comment on, either you do video the Facebook stream.

  • So one of these dreams will be like You're handing script kiddies all these tools to attack people.

  • But it's like you Astra has property, but it's not like they don't have the Internet.

  • You know, you can go Google things and it'll it'll tell you.

  • But I think that my point on the streams I'm gonna very much emphasize that it's important for us to understand how the stones work and what they're doing and why they're important.

  • Because as a pen tester and as someone who like very much advocates for ethical hacking and wants people to be aware of these sorts of things, I think that it's really just two sides of the same coin to understand how someone could hack you and to understand how to defend against the attack.

  • And if you want to be better at attacking someone, you should be better at defending systems.

  • They go together, so I like, As Lee points out of hate, thes air two parts, right?

  • Me sleeping on the job.

  • I've never that I'm aware of policy job.

  • But I got you.

  • Okay, So when asked what, uh you know.

  • But what Lennox do you run in there?

  • Seeming arch, actually, really like our clinics.

  • I've since switched away from our ex towards something called Alpine Lennox.

  • I think it's a little bit Maur, just like director modularity concepts, but I generally really, like a boon to because it comes with so many things that I can then play around with.

  • It's a very standard destro people.

  • It's pretty easy for people like you noticed understands.

  • There's a lot of support in the community on Dhe.

  • It's pretty versatile.

  • I can use it to be optimized for almost anything.

  • The main complaint that I would have is that a lot of its default things have become very clunky.

  • The one that I particularly dislike his system resolved D, which is the kind of default Deanna's resolver on of into systems.

  • I really dislike it.

  • I don't I just don't like the way it's set up.

  • I don't like the way that it manages D.

  • N s.

  • I don't really understand exactly what the paradigm was that they were trying to follow when they did it.

  • But I'm sure that it made sense for them.

  • I just don't particularly understand it, but I do really like I've been to in general, and I really appreciate the community that's around it, and I wholeheartedly supported.

  • So I actually generally use Evangeline IX.

  • Um, but I had used.

  • So I have another laptop that was given to me when I fixed that person's laptop on that laptop.

  • Dual boots a bin to destroy, actually in trouble.

  • It's a tool of its inability Destro, a Windows distribution and Callie distribution.

  • So I have to stop that.

  • Stop it.

  • Just stop.

  • Um, yeah, that is kind of what I use.

  • I actually use a Mac for, like, most work and things I use Lennox stuff for when I'm being a little bit more white hat factory.

  • But I really like my Mac.

  • Mac is also a unique space system, so it ends up being very similar in a lot of important ways.

  • Um, yeah.

  • So let's see.

  • Um, there's some other stuff going on in the chat.

  • I see.

  • I think I joke from Buck.

  • See, I just want to send a ping message and get a pong.

  • Answer is very funny.

  • You're wrong.

  • Answer might contain a remote shell I TMP shells or ICMP reversals.

  • A.

  • Really cool.

  • We won't be building one on this chat.

  • There will be other.

  • River Shell's already has a fuel, but well, there will be other things.

  • And so you're like, What's a river shell?

  • And we'll talk about that when we come on.

  • Ben, Fisker says, is commanding bash the same in Mac analytics.

  • Of most part there, Bash is a type of shell.

  • It is a particular shelter, the born again shell, and so that shell works.

  • I think, to my knowledge, it works almost exactly the same in Mac and Lennox Lennox sisters Mack.

  • There are some things underlying it that, like change implementation details, but I think otherwise it's pretty much the exact same.

  • I used National both.

  • I've also heard people really like seashell.

  • I've almost been Cannon convinced to switch to the show, but I have not yet.

  • There's another shell called Fish that I really like, but I haven't had the chance to, like, sit down and get like acquainted with its super Well, it just looks really eloquent and beautiful, so I might switch to it.

  • But for the most part, I like Bash.

  • I'm pretty familiar with the show, but I like basket most at the moment.

  • Savage been in a super love that name.

  • They start our test all sorts.

  • Cool, Beautiful.

  • Why not Devi and asks Igor Voltaic, right?

  • So let's see, um, I've been to is a Debian based system.

  • It's very somewhere.

  • It's more like they kind of work from each other.

  • But I don't use Debbie and myself just because I got acquainted with him into first.

  • I didn't get a lot of these systems at some point, they're all kind of the same.

  • If you can get them to work for what you need, then there's no reason to switch how you just said which Lennox history is best for you.

  • I think that is pretty much the same.

  • Answer right is like, If it works for what you want to do, then that's great.

  • Andi, think that the more you learn what you actually want to do, the more you realize what things have tools already built in and are just gonna be you probably Google.

  • I'm guessing, like, depending on your objectives and yeah, exactly.

  • We've been running a bunch of data science stuff.

  • Sex works fine, but I've been, too.

  • Might have been a boon to light distribution that renders graphics pretty poorly.

  • But does all the computations really well might be really useful?

  • Or maybe the entire reverse is true.

  • It's kind of up to what you need and what you like, um, and then skin.

  • Oh, so Ellen, one says a General Lennox question as destro hoppers.

  • How'd I say ever share my data between installs?

  • I heard I could petition the boot and home a CZ.

  • Long as you're not switching up your file system entirely.

  • Yet you could do that.

  • You could have a boot partition and then just a home partition that you mount between different Destro's pretty reasonable.

  • You have any family familiar with, like auto mounting things, but it's not hard.

  • There's a lot of tutorials online.

  • Very reasonable tax Man, 29 says on the importance of making sure people know about these risks.

  • Someone close to me once worked for a police department, didn't even have to check security briefings, didn't know why plugging a random USB key on your work computer was bad.

  • Yeah, it's actually a huge problem, Not even just in police for mistletoe.

  • That very much exemplifies the problem.

  • But in General s Oh, there was this, A group hack five Really cool would recommend going about a J.

  • K with number five.

  • And they're super interesting that you all sorts of cool, like white hot stuff.

  • And they have a really cool podcast on it as well.

  • Andre did this little kind of social experiment at a local university where they took a bunch of us bees and through them around the camps except their US bees would ping back to them.

  • They actually contained beacons that said, Hey, uh, I've been plugged into a computer That was not sandbox was not air gapped.

  • It was not protected in any way.

  • I'm just literally on someone's machine on and it didn't do anything delicious.

  • It was literally just to kind of demonstrate what goes on.

  • And they found it was like 68% of people would, like, grab these years peace.

  • But I think the actual status 68% of their us these were picked up and plugged in that they know of.

  • And so somebody might have just, like, died or yeah, so yeah, very much useful.

  • Thio keep in mind and there's a lot that goes into that, Dominates says.

  • We write some pointers on how to start a trained white hot acting.

  • No, just Google.

  • It answers.

  • I don't know what exactly you would do well, except for how do I get started and white hat hacking.

  • But I think that the way that I got started in the way that I think works really well for a lot of people that, like, hands on learning it is take a system that you built right.

  • So at home, I use a bunch of raspberry pies.

  • I think they're awesome.

  • They're beautiful, like small computers.

  • You can, but almost any sort of reasonable wrestle them on dhe configure them to do something like, uh, Dina, certain SMTP or some service.

  • So not only do you gain understanding of that server, that device, whatever, but you gave understanding of how the configuration works because a lot of hacking stuff deals a lot with, like engineering people and engineering kind of the configuration or being aware of how things are commonly configured and then taking advantage of that configuration.

  • The other thing that you might want to dio if you're interested in it, is I mean, yes, taking courses in white, how hacking will give you exposure, which is very useful.

  • It is actually kind of one of the biggest issues with trying to get intending.

  • Topic really is like, How do I know what I don't know, You know, like, how do I see that space of things that I just don't understand?

  • And I think that class is really useful with, except for about a structure.

  • They also have a bunch of people who have that knowledge googling particular things.

  • Like, Can I go?

  • You know, um, maybe how do I hack into my own WiFi network?

  • Isa Really interesting one.

  • So I will always advocate Test it on yourself, right?

  • Like it's kind of like, you know, you just hot water and yourself before you give it to Maybe what I really like to do that, because it's not illegal for you to hack yourself from what I know with, like, some kind of caveats where it's like if you work for a corporation counsel was the corporation that act corporation.

  • That's illegal.

  • But wait, you know, there's certain things we're late.

  • You could just twist my definition.

  • But generally speaking, if you're at home and it's your own home WiFi you own the WiFi and the router.

  • Yeah, maybe, like tests out.

  • See if you could do a man in the middle style attack.

  • Can you reroute someone's traffic to your device instead of to your router?

  • Things like that.

  • There's all sorts of things, though, to get going S.

  • O.

  • Al Gore says, What do you think about FreeBSD?

  • To be honest, I hate it.

  • I really don't.

  • You know, I really do not like using T in our competition.

  • Two weeks ago, we actually had a machine that ran the kid that was on that we assigned to.

  • It was like a question.

  • How do I I do things like every one of the way a lot.

  • I think.

  • I think Boots star.

  • Oh boo, Stop!

  • Stop the game Stops said.

  • What is Komal EPPS?

  • That is the browser based OS that is provided on Chromebooks.

  • So Google's things on Dhe.

  • Then there's some stuff about spoiling.

  • Mr Robot, I'll pretend I didn't see it.

  • I have totally done that in college.

  • So Ellen one's kind of have a point about, like plugging us bees into, um, things randomly.

  • There are kind of like, safer ways to do it where, like I could make sure that that USB gets only plugged into like a sandbox virtual machine, for example, that's not necessarily super safe.

  • You could you could feasibly come up with ways that the USB doesn't think what you think.

  • It doesn't do what you think it does.

  • So things that look like us thieves may not actually be US peas.

  • They might register themselves harbor devices like anything that port, for example, on DSO.

  • Maybe I'll get a USB.

  • It tells your computer.

  • Hey, I'm the Ethernet port.

  • I'm actually your entire Internet port.

  • I'm the only Internet port that matters, and then your browser's whether or not you're logged in might try and connects through that on and send some information to the U.

  • S B.

  • R.

  • The USB.

  • It's not really a USB andan that USB might send some information back in poison your browser cache, and then when you log in your screwed anyway, so it's really important to be like there's no such thing as too safe.

  • I think in the world that we live in a moment.

  • Uh, Chaman, Ali says.

  • How do I balance learning skills?

  • Pen testing, Web development?

  • I wanna be a jacket, multiple trades like you guys.

  • It's funny that you say that because the phrases often jack of all trades master of none.

  • That's what people will say.

  • It's kind of like, you know, a lot.

  • You don't know anything and well enough to be good at anything.

  • But I think that that freeze get misquoted in that it's the full phrases, something like Jack of all trades, master of none better than a master of one for something on DSO.

  • There is more to that phrase, and I think that it's really important in this case, too.

  • You follow what you're interested in, but take things that look difficult and force yourself to do him eso like, Let's say you wanted to go into using Phoebe ISI.

  • Oh, yeah, well, it's fine like that.

  • Actually, I think that would be really useful thing for me to go and d'oh ah, Nde You don't even have to like be that good at it s o much is just be exposed to you.

  • Want to see as much as possible, and then you can kind of delve into stuff as you go.

  • A lot of it, I think, deals with just being curious.

  • Uh, really.

  • It's just like, Oh, I I was recently on the Calle Olynyk site making sure I knew a little bit about its history and find out where it came from.

  • And also just checking if they'd updated their images.

  • They had they included a new thing called wire guard.

  • It's a VPN client and firewall are sorry.

  • Server Andi, I was like, Oh, that's super interesting.

  • So I, you know, commands tabs that push it off, doing the tab didn't open it for, like, seven days, but eventually it went to it and it was really cool on, and I was like, Oh, this is awesome.

  • I actually ended up building a wire guard VPN because I thought it was so cool.

  • Like today s o.

  • I think that sort of thing is really useful.

  • You overtake points at the bottom test networks like hack the box.

  • There's some other ones, like medicine, portable and, um uh, like sex generalizing.

  • Generate those boxes and things.

  • Those are really useful, but it's not.

  • You don't just stop there, right?

  • Like you go into those, you start to, like, test some of these skills.

  • There's all sorts of other things that you can like go and experiment with that are very similar.

  • I think it's a good place to start, right?

  • Like you start there.

  • And then as you kind of like Google tutorials and read things, you know, just, like open up the other things that look tangentially interesting.

  • You know their tabs and not all of them will be like I've seen all sorts of things.

  • I'm like, I don't care, But there are a lot of things was like, Oh, I didn't even know that I would have cared about this time discovered like D three, which is a Java script library for God.

  • Everybody's using everyone use our like, grafted on and things like that.

  • So there's all sorts of ways to kind of get really good at these sorts of things.

  • Cool or sorry.

  • Star starting 1 11 says VSD is great virals.

  • That's true, although there are a lot of firewalls that can be implemented, a software firewalls on.

  • And then you could put it on their own dedicated box and essentially have a hardware firewall.

  • I'm sure someone will yell at me for that, but like it effectively can be that way, depending on your use case.

  • It's actually very related to use case on dhe.

  • For me, that works fine.

  • But I would imagine for some people it would be better to just have, like, a pellet.

  • Also firewall.

  • And I think the advice and the rest of the chat is very worthwhile.

  • Challenge Self pick things that are worthwhile.

  • Uh, pro tip.

  • Not BSD.

  • I nice.

  • Just like the SP think it's funky.

  • It's kind of the same reason that I dislike, um, Windows and so on.

  • Just pop into Everyone is cursing on the chat.

  • Um, and I think we can weigh into, uh, into Callie.

  • I think folks are probably very eager to, uh, to see you want me to bring up your screen way.

  • My screen.

  • I think we're all set up S o.

  • We have two screens going on.

  • I also have labeled my screen's a little bit more effectively.

  • No, Maybe this has left the chat.

  • Love it.

  • They know there are angrily typing their comments on the YouTube.

  • Couldn't be happy.

  • Just to be clear, the inventors of previously very brilliant people and did all sorts of I've never even used it.

  • I'm just shitting on it because I really just like, Yeah, and I'm sure they are very reasons why they don't like me.

  • I love Jen to Sorry, e.

  • Keep reading.

  • This, uh, has the same great things we really appreciate.

  • That actually happens.

  • Banana suit, Great name.

  • Still great name.

  • Uh, any gent to fans?

  • I say, Yes.

  • I actually had to death for a company on a gentle system for a while.

  • I really like the penguin that comes up to tell you how many cores your Os has accessed.

  • It's really don't but like when it loads like boots, it has, like, the little penguins, the Gentoo penguins, and it puts how many of them that you have cores.

  • It's pretty amazing.

  • And it detects hyper 30 and things like What if he did it on like a like a Google multi like giant distributed system?

  • Expected?

  • Just thinks, of course, a lot of people asking why?

  • Your wire see, Matrix is just read today.

  • I'm really glad you asked.

  • Thank you for noticing eso no rainbow on this one today because I feel like kind of red and blue are the two theme colors of the hacking world except for black and white, black and white being the descriptors for the people red and blue being the descriptors for kind of like what they're doing.

  • So you Yeah, wait down the evil person.

  • And actually, this is the Cali tool.

  • That is painful to look at, which is kind of awful to read.

  • I'm really I might switch that to something.

  • Let's see if we can figure this little bit.

  • Maybe just like a really pale red.

  • Yeah, We're gonna get a ship.

  • That huge saturation.

  • We're gonna just put that down a little bit.

  • We could also like a plant, right?

  • That's it's better.

  • Yeah.

  • Yeah, that's right, Dio.

  • Now you guys can look at this without going blind.

  • This is our hacker, um, interface.

  • And this one is blue double counsel at the moment.

  • What was the text look like on that one?

  • Okay, Okay, that's that's not so.

  • This is our interface that Colton will also have up just so that we can, like, see what's going on for him.

  • But, yeah, we have blue for kind of blue team.

  • Good guys, manager.

  • And we have red for Callie.

  • Things that are going on, stuff like that and a character arcs in.

  • So FT got 92 count Hexagon.

  • Calzone in our, uh are in Damn gosh think about which follows.

  • Appreciate it.

  • Uh, let's see.

  • Wheat.

  • I wanted to bring up the Cali Lennix desktop background.

  • It's iconic.

  • I don't have a desktop version running right now, but this is in theirs.

  • In the show, I think they had a black and a white version, but with saying, Yeah, anything.

  • Let's go find that you get typing the images like, Oh, I think it was Maybe that second image.

  • So it might just be up.

  • You just doing Mr Robot Callie Lennix.

  • We'll probably see a screenshot.

  • We tried Thio.

  • It's like it's like the third row area.

  • It's like, Yeah, it's like the 1st 1 Any of these.

  • Yeah, I think this is the one that you may be used.

  • Um, and I actually really like the light.

  • The quieter you become, the more you are able to hear.

  • I think that's a reference to like a phrase from Ninjas or Samura.

  • My completing those two would be really insulting.

  • So it's like kind of like ancient phrase of like if you kind of just like silence yourself, you can hear all sorts of other things.

  • But, yeah, it's this beautiful kind idea, Very cool on.

  • And it was basically just invented for pen testers.

  • Someone having a really good suggestion.

  • Try red on black.

  • Um, so I might do the similar.

  • But opposite in that background color, I can edit my text color, I believe.

  • I mean, able to steal like a black.

  • And then this is kind of red.

  • That's fine.

  • You have a red prompt.

  • Ready?

  • My prompt is red.

  • You know, this is kind of beauty.

  • So this is Callie.

  • This is I think we have to destroy itself in your abortion foes will.

  • Thank you.

  • So someone asked what separates different Lennox sisters, and that's a very broad question.

  • They're all sorts of things that separate them.

  • But one of the main things is kind of like different sets of like user paradigms.

  • Eso like different ways that users should really be approaching things.

  • So even do, for example, really focuses on, like everything has, like, the service's and processes.

  • And it's very much like How am I going to adjust things based on what service is air running?

  • What's the status of the service is How do I turn things on and off its model, they think a little bit closer to maybe not have originally been modeled this way, but it looks as if it's a lot closer to like a, um, more like a desktop experience.

  • If I go into the image of this trial, which is what this is, I could do like a pseudo service status, status, all the loops and see what service is air running.

  • Everything is in file systems and stuff like that on.

  • There's just all sorts of stuff going on here, so in Kelly, you can actually do the same thing.

  • They're very similar in terms of like what they have access to on the underlying side.

  • So this has also a lot of service is for some reason, the county district is running very fast.

  • I mean, part of that is due to the fact that Kelly is meant to be pretty fast.

  • So if we kind of scroll through all the service is there are some extra ones on Callie that you might notice Beef is one of them.

  • And then there's another one that's worth noting.

  • I think the Medicis Plate service is in here somewhere.

  • Marie does another one and the next for this, um, NBD and video Persistence.

  • And then there's some other ones worth pointing out in some, uh, Red Sox on, and there's probably some ones that I missed.

  • But there's a bunch of service is and tools built into Callie that are very useful for us to do things with on So s O, for example, and that exists on Callie by default.

  • So does Medusa, which is also very useful.

  • MSF console or medicine, Voight's framework counsel.

  • For those of you who aren't from there, we're gonna spend a decent amount of time in that today because it's super useful.

  • It is probably the most accused of being a script kiddies favorite toy, but it has all sorts of reasons for being a script kiddies favorite toy, because it makes a lot of things that non script, kiddies.

  • D'oh!

  • Very convenient.

  • It build them in.

  • So if you're already aware of how to build those things, you wanna build them over and over again yourself, And you're like, Oh, if only there was a tool that would do this That tends to be the kind of, like, go to tool.

  • It does have a pretty windows heavy focus.

  • But in recent years, in part of the past two years, I've seen a lot of packages added to it that support Lennox based attacks and exploits, and that's really cool.

  • So Well, maybe maybe not cool for people who were getting hacked with it, but it is very cool in concept, and it helps make pen testers a little bit more well rounded.

  • So I really like that on dso those three tools.

  • We're gonna talk about a decent today.

  • Medusa is a really useful tool for cracking passwords, brute force style on DDE.

  • What it does is it basically just says, Hey, give me a service and tell me a password list and a user list, and I'll just go triumph, and there's all sorts of parameters for it.

  • If you can read through these, it can do all sorts of cool things.

  • You needed a host name and are even a network that it can attack.

  • You can tell it to stop after cracking one password using, impair or log into a file.

  • There's all these kind of like things that you can add to it and make it really useful.

  • You'll see it in action in a little bit, and it's a really useful tool.

  • So I think one of the great things about Callie is maybe I am a pen tester who is working on the fly.

  • You know, I don't necessarily have a whole lot of time to set up.

  • It's like, How do I go as quickly as possible to attack the company that I'm in?

  • And so what I might be able to dio is I just have a bootable version of Cali on a USB.

  • I pull you into a machine booted into Callie, and that machine is already connected to the network has all the tools I could possibly want, and I just go.

  • It's very fast, right?

  • So it is pretty useful for me to be able to do something like that s so yeah as being pointed out in the chat and map is a network mapper.

  • I use it by default.

  • There are other ones necessary and things like that.

  • But I'm going to stick to and Matt because I think it's a very simple one, I think is really useful.

  • Medusa is a password cracker.

  • There are many others, and also most of these other tools that I when I say many others are also on Callie s so you could go and like, find John the Ripper is also I don't know the actual uh, Let's go tell you what there is a John the Ripper version.

  • Somewhere on here, John the Rivers, Another pop popular password cracker.

  • There's a lot.

  • There's many tools on here.

  • This is where the desktop version has an advantage you can't like skin to Roland.

  • Mammography, just like it's magic thing.

  • Modifies very useful for doing all sorts of stuff.

  • Um, and then there's just tons of things in here, too.

  • If you want to do X attack.

  • Oh, thank you.

  • It's just I don't use it often.

  • So, John, the rivers on here.

  • There's all sorts of stuff that you could do on.

  • We're gonna focus on three tools in particular just to kind of, like, hit at the three main things for, like, network to texts where were not given access to, like, the WiFi network.

  • But, like, air crack suite is also on here.

  • The beef framework is on here.

  • There's all sorts of stuff that s o I think it would take us way too long to try and go through all of them.

  • But we'll go through some of the key ones that I particularly enjoy on give you access to kind of the common things that you might encounter needing to dio as a pen tester or act.

  • So we kinda discussed how I am on Kelly.

  • And I know where his machine sits, eh?

  • So I'm gonna go kind of copy his are here.

  • I'll go into my phone screen over here.

  • Um, actually gonna just tail see y'all don't read all of what's going on there.

  • Uh uh.

  • Confident.

  • Cool.

  • And this is hiss.

  • All right.

  • Sorry.

  • His i p So that's where he's sitting.

  • You guys shouldn't be able to touch either of the Cali or weak devices.

  • They're both on AWS.

  • They're out there, but they do block prints.

  • Touch this attempt except for our two.

  • So if you can, please So the first thing I'm gonna do is I'm gonna just kind of thing.

  • Um, What's going on with Colton?

  • Make sure I can touch whatever he's doing on I get a response.

  • I really hope that you might actually tale that with an extra line.

  • I don't remember if the Callie Dunne was at the end or you okay, Yeah.

  • So I continue on and I kind of know that your host is there, which is great.

  • On one of the first things that I might go and Dio is, I might say, OK, what service's are still running?

  • Because I know that it's been like a day since Manager got on there, and I want to go and make sure he didn't shut down.

  • Any of my favorite service is so and that is really useful tool for that.

  • I can do just a map with no flags but a host, and it'll just do a really quick scan of common courts in disco.

  • Being moving what's open on.

  • Dhe actually has all sorts of powerful tools like hey, take us host.

  • That's a zombie and use it to paying other things so that they can't necessarily trace back Who is doing the singing to me as the like deadly hosts.

  • You immediately know that that server has a database on it.

  • Yes, yes, I can see that you have my sequel open and as your ex network admin.

  • I was hoping, you know, I was really excited that you kept it open because, you know, you used to have me go on vacation and I had to still administer the database.

  • So I left myself a remote user which end?

  • Maybe my convict was a little off.

  • I didn't restrict it to a specific I p.

  • What I should have, maybe done is howto v p m that I could access and then be access the server from that VPN.

  • But I was like, Well, you know, we don't use it that often, so it's not worth setting all that up, So I just left it open.

  • Temper.

  • That's okay.

  • And so someone says brute force sequel Xs are crossing scripting attacks are useless nowadays, these air, so common actually wholeheartedly disagree with that in pretty much every way in that I except for the fact that they're so common.

  • That part, I do agree with, they are extremely common.

  • And I think the intuition says that, Oh, everyone's heard of these.

  • Of course you would protect against them.

  • However, that's not true.

  • People do not protect against brute force attacks in any meaningful way.

  • One of the most meaningful ways would be to use randomly generated passwords that are very long.

  • However, people don't want to have to remember all these passwords or use a password manager, or they just can't be bothered to use two factor authentication.

  • I can reinforce people's passwords fairly easily, and I don't need to brute force your password in particular.

  • I could just brute force in general, and a lot of attacks are not directed at one person.

  • They're usually directed at just anyone who walks by.

  • And if I happen to get a key, I went right.

  • So it's a very from the Attackers side.

  • It's pretty easy.

  • I could sit in a coffee shop and man in the middle of the WiFi that's going on, and then it's not too difficult for me to just snoop on everything that everyone's doing.

  • Intercept the T l s handshake, and maybe you just figure out what you're as is what you guys are talking about.

  • Now there are other things that are much more advanced.

  • An interesting sounding.

  • There's all sorts of beautiful attacks going on right now, but we don't necessarily need to do that.

  • I can guess people's passwords.

  • You can actually write a Web scraper for, like, someone's public Facebook account.

  • And you say brute force is terrible.

  • But maybe I Taylor my brute force attack.

  • So maybe I say, Okay, I'm trying to attack an individual person.

  • I'm targeting them, and I want to say Okay, well, I know that their Facebook account is open to the public.

  • So I scraped their entire Facebook history everything that they've ever liked, everything they were looked at, everything that they've ever posted.

  • I scraped the whole thing for key terms.

  • I used my favorites random package from the Python and LP package framework.

  • I grabbed out key or important things over some threshold.

  • And then I used John the Ripper to generate a comprehensive password list, using everything they hold dear, all dates, all numbers that are significant to them as well as common additions and subtractions, adding 123 And those things speak things like that.

  • Now my great force attack is actually really good.

  • It's pretty likely that I will be able to crack one of your password somewhere pretty quickly.

  • And you might say, Oh, well, you know, the person that you're attacking might have done block.

  • And you could always kind of play that game with yourself, like they might have done this time better than that.

  • But while I'm re forcing you, I might look for other avenues of attack.

  • I might know your birthday now because I saw your Facebook.

  • I might call up your, you know, health care provider and get some other information on you.

  • And I helped everybody Just use your birthday to check if you are, so I'll just do that.

  • Um, I gather some other information about you, maybe call your bank, answer some security questions.

  • I now have your bank account, and I might say, or maybe I don't have your bank account.

  • But I have some information, right?

  • And the more information I get, the closer I am by a lot to grabbing things on what you're doing.

  • So there's all sorts of things that you can do, and that's just with brute force.

  • There's all sorts of stuff that you can do.

  • A sequel, injection attacks.

  • People don't sanitize the strings very well, even though that's taught in the intro CS Class in almost every school I know sanitize your strength.

  • Sanitizing put strings data is not different for anyone.

  • Data is just data.

  • So there's all these dangerous things that people just d'oh and a lot of them are really just out of laziness or compatibility, right?

  • Let's say I turn on cross site scripting, protect protection, but it breaks a bunch of the other things on our website.

  • Well, management might come up to me and they might say, Hey, we can't afford to lose $5000 a day just because you want to protect against an attack that's never gonna hit us.

  • That's pretty rational from where they're sitting across that scripting attacks don't happen that often, right?

  • It's unlikely that you're gonna get hit, so okay, I'll turn it up.

  • And four years later, we realize that we've actually been compromised for the past four years, you know, and like you might say, Well, that's never happened.

  • But the Marriott or, uh, what if it had hotel chain that had been hacked for 10 years in a row?

  • That's exactly what happened, and it wasn't across it scripting, but they just had been compromised.

  • This whole time.

  • I was like 320 credentials were right.

  • Sorry, 20 million credentials were, like compromised the entire population of the U.

  • S.

  • These sorts of things.

  • A lot of times it sounds like it's super complex and super difficult, and some things are.

  • And like social engineers and people who are like researching in these things, they're doing some pretty crazy stuff.

  • They're taking, like air gapped machines and listening to frequencies and guessing it stuff, using math to do stuff.

  • They're breaking algorithms and doing all sorts school stuff.

  • But what I'm talking about is just good old fashioned, like taking use of people's kind of social weaknesses on.

  • Yeah, well, as people point out, chat a lot of what I mentioned with social engineering, but hacking and using social engineering.

  • That's just one of your tools, right?

  • It's just a CZ important is having Callie Lennox or having and Map or other tools that can do these for you.

  • It's how you get information, right?

  • Hackers game is really how can I get a much information as possible without anyone knowing that what they're giving me is important on Dhe?

  • That's the real trick.

  • At the end.

  • There is.

  • People will often say, I don't care who knows this.

  • It's not important.

  • And they'll say, Who cares?

  • Who knows what my favorite color is or what street I was born on?

  • None of that's interesting Not to you.

  • Maybe, but those are your two first security questions for your bank account.

  • So now that I've got those and your bank account, I can validate myself.

  • Is you anywhere?

  • Because people often assume banks are safe.

  • But Santander had a security vulnerability where it would redirect you to its http site instead of Asian GPS, which means that if I'm man in the middling something on, you know, uh, Starbucks WiFi on I've just redirected you all through my router.

  • That then redirects your own Starbucks WiFi.

  • Hey, I see you sent out of sight.

  • I have your bank account log in information now.

  • Your bank didn't protect you.

  • So there are all these things and implicit trust that people put in the things they use service is they use and that dangerous something that I saw a little while ago where I was asked to do this by the people who did it.

  • It was like it was above board, but I was able to use a sequel injection to get access to someone's database on a certain forum online.

  • And they're sequel.

  • Injection was protected against, like, a easy light.

  • Oh, do this or this and it'll drop everything whenever they're logging.

  • Information will sanitized was good, but their search bar on their website, they had built it themselves, and they didn't think that anyone would try to do anything weird with sequel in that it's a search bar.

  • It's not interesting.

  • And so what I did was I sequel injected things into their search bar, and I changed one of the display text displays that was being auto generated.

  • They were selling things so it would query their database, and then it would return something in the spaces where, like, products should go with the return from that database query.

  • And so what I did was in the sequel injection.

  • I replaced their database query with my own.

  • And then the website would just tell me what I wanted to know.

  • In fact, told me all their users passwords they weren't hashed.

  • And it told me all the credit card numbers also not hashed.

  • Nothing in first.

  • Nothing interesting.

  • And so then I e mailed them and I said, Hey, I've completed my pen test my remote pen, Tess, and you know, here's where you can pay me Here's the flaws I discovered.

  • Here's how you should fix them.

  • There are probably more right, Like I only discovered it, Excellency Flaws and I think that they're really serious and important.

  • I think that they should be your priority right now, but there are many, many more that you probably need to go fix here.

  • My suggestions as to where those are and I'm by no means a professional pen.

  • Tester has been doing this for

All right.

字幕與單字

單字即點即查 點擊單字可以查詢單字解釋

B1 中級

KALI LINUX!- CS50 Live,EP.51 (KALI LINUX! - CS50 Live, EP. 51)

  • 1 0
    林宜悉 發佈於 2021 年 01 月 14 日
影片單字