Teaser - Converting Downloads To Trojans On The Fly & Hacking Windows 

Now, before we dive into the course content, I'd like to give you a teaser or a taste of what you'll

be able to do by the end of the course.

So this is going to be one example that's based on one topic that's covered in one subsection of the course.

So by the end of the course, you'll be able to do so much more.

But I chose to make a teaser on this topic because, first of all, it's the last topic explained in

the course.

So you're going to have to go through the whole course to know how to do this.

Also, I think this topic can be used to make a really nice teaser.

Now, because this is a teaser lecture, I'm not going to explain the technical aspect of how am I doing this?

Because I'm going to teach you how to do this as you go through the course.

For now, just sit back and enjoy this lecture.

And after this lecture, we're going to dive into the course content where you learn how to do things like this and much, much more.

So we're going to try to hack into this Windows machine from this Kailey machine.

Now, this Windows machine is connected to the same network as this card machine.

So this attack will work whether the windows and the candy machines are connected to the same Wi-Fi network or if they're connected to the same Internet or wired network.

Now, as you can see, the candy machine is full of weird text, that's because I've already executed all of the attack.

So I'm listening for incoming connections here.

AARP spoofing the Windows machine here and I'm running the script that's doing all the magic in here.

Basically, the script that's running in this terminal tab in here can be used to convert any file that

any person downloads to a Trojan made out of that file as long as the person is connected to the same network as us.

Now, this script is not something that we're just going to download and install.

You're going to learn how to actually think and write scripts like this one.

So throughout the course, we're going to implement this script ourselves using Python and Man and the Middle Proxy.

So this script is already running and let's go and see it in action, so let's say the targeted person

wants to download Firefox.

So we're just going to go to Firefox dot com.

We get Firefox website.

Now, keep in mind, Firefox websites use hashtags, so it's supposed to be secure against attacks like this one.

Now, the user is just going to go and download Firefox from the button that the website offers.

And then the Firefox installer is going to get downloaded, as you can see here.

Then I'm just going to go to my downloads to show you, as you can see, we have a file with an installer icon.

It's called Firefox Installer. If we double click this, it's an E, so it's asking me if I want to run this E, I'm going to say, yes, I want to install Firefox.

And as you can see, we have the publisher, Firefox, which is all good.

We're going to say, yes, please install this for me and then we're going to get the Firefox installer.

So everything looks perfect, nothing suspicious at all.

If we go to the killing machine, you'll see that we actually gained access to this computer and now we actually have full control over this computer and I can do whatever I want with it so I can download, upload files, edit files, install programs, install viruses, lock the keys or do anything I want.

I can even access the computer resources such as the mike or the webcam.

So as you know, I like to run the webcam in my Tizer lectures just to convey the idea that I have full control over the computer.

So I'm just going to do webcam stream. To open the webcam of the computer.

And as you can see, you'll see me through the webcam of the Windows computer.

Now I'm going to close this and this is not all that I want to show you.

Now, this script will also work with other file types because they're going to understand how this

works and how to implement it yourself, you're going to be able to adapt it to get it to work with

any file type.

So let me close this.

So I'm going to do control, see, exploit. Or sorry, exits first to close this connection.

So right now, I closed my connection with the machine, I don't have control over it anymore and I'm going to do exploit again.

And now I'm going to go to the Windows machine. And I am going to close this and I'm going to try to download a PDF.

I'm just going to try to open a normal PDF file.

So let's say the target wants to learn about network security.

So they're going to look for network security PDF. Let's go to the first result in here, I'm going to click on that. Now, as you can see, this got downloaded as a zip file, so if I go to my downloads, you'll see I have a zip file called security. I'm going to extract this here.

And as you can see, I have a PDF book called Security Has a PDF icon if we double click this.

We will get our book about network security, where we can learn about the different aspects of network security, but if we go to the candy machine again, you can see that we have full control over the machine. We got an interpreter connection.

And again, just as an example, I'm going to run the Web stream to show you that I got full control and I can access the webcam.

And here we go. I'm accessing the webcam through the hacked Windows machine.

Now, as I said, this is just a taste of what you'll be able to do, this is not everything that's

going to be covered in the course. This is only covered in one subsection of the course.

And you're going to understand exactly how to do this and how to write the tool that's used to run this attack.

So you're going to be able to use the same knowledge to implement other man-in-the-middle tools that'll run your own attack ideas.

Throughout the course, you're going to learn a lot more than just this, and with everything that you're going to learn, you're going to learn it in detail and we're going to break it down into small components so that you understand how they work and you can combine them together to run your own attack ideas.