Hello hackers, how are you? Welcome again to WsCube Tech, I am Ashish Kumar. I've brought you a complete course on hacking. Start this video. Before this, ethical hacking, bug bounty hunting, penetration testing, which is the advanced paid-live course. If you want to join this course, you’ll get the form link in the description. You also get contact details below. Call us & enroll for your favorite course. Hello students. How are you all? Welcome to WsCube Tech! I am Ashish Kumar. Today, I am here with a video. You’ll learn about the introduction, use, scope & laws of ethical hacking. Now let’s start. Today, you’ll be going to learn 5 things. What is ethical Hacking, types of hackers, types of attacks on a system, Scope in Ethical Hacking, cyber laws you should be aware of. Here are the 5 topics we're about to learn. Let’s start with the first topic. That is What is Ethical Hacking? We’ll be going to learn about this very well. Let's look at these points first. After this, we’ll discuss briefly what is Ethical Hacking? Penetration Testing & Cyber Security. Legally breaking into Systems & Servers. Securing the Organisation. Defeating bad Hackers. Now, What is Ethical Hacking? Ethical stands for legal. What is Ethical? Ethical means legal. Hacker, who does Penetration Testing & finds the vulnerability of the system. They test the system. Basically, in legal formats or if we follow rules & laws for testing the system, then we are Ethical Hackers. It means we’ll not going to do anything illegal. Anything related to Ethical Hacking like penetration testing. We will do it under legal formats. You won't do any illegal work. So, we are Ethical Hackers. Come back to these points. What are they meant to be? What are we doing in Ethical Testing? We’ll maintain the Cyber Security & do Penetration Testing. Legal breaking into Systems & Servers. It means we are going to break systems & servers legally for betterment. Securing the Organisation? We secure the organization. If there is a company, & we will find out the shortcomings and tell them, & remove the vulnerabilities.The company will be secure. After that, defeating bad hackers. After doing all these things, bad hackers, who can harm the system, which can harm the organization, we are defeating them. They have the aim of misusing the company or domain. We are protecting them. We play an important role in the Cyber Security world because we are securing the world from cyber-attacks. What’s the next topic? The next topic is the ‘types of hackers’. How many types of hackers are there? It is divided into different categories according to work. Knowledge is the same but, it is divided into different categories. Now, we are dividing the hackers into 3 categories. Let’s try to understand this. First is the White Hat hacker, then Grey Hat hacker & the last one is Black Hat hacker. Let’s understand these categories. How does they use its knowledge? They are divided into categories only on the basis of knowledge. Remember this. First is White hat hacker. What is a White hat hacker? A White hat hacker is an ethical hacker. They do Penetration Testing or break the system, they work according to legal rules, by following laws & permission, they perform penetration testing. If he wants to test any system, firstly he asks for permission from the owner to check their system. If they grant permission, then he can test the system. After testing, all the vulnerabilities found in the system, will all be removed.This is a White hat hacker, who works legally after taking the permission. They are doing good work. They are securing the server. Second is, Grey hat hacker. What is a Grey hat hacker? Grey hat hackers are those who can do good work and bad work. With the help of their knowledge, they can secure the system or they can crack or spoil the system. They can also sell the details or credentials for money. They are the masters of their own will. It is the hackers who follow their own will. They can work for legal things and illegal things. They work for the betterment or they work for making things worse by using Ethical Hacking. So they are Grey hat hackers. After that, Black Hat Hackers. Who are Black hat hackers? Black hat hackers are also known as bad hackers. Their job is that they will find the loopholes in the system. By using that, they will crash or spoil the system or the data they get from the system, they'll sell that data, and get the money. They do someone's loss for their profit. All the illegal work is done by them. By using Ethical hacking, all the illegal work like stealing data, accessing illegally, accessing the system remotely, ransomeware. These people can do anything wrong for the money like selling the details of a system. Black hat hackers can do all of these. Next is, types of attacks on a system. How many types of attacks can occur in a system? How many ways can a system be vulnerable? We will understand. When we do the testing, it also has an important role. So let's understand it well. The first option is, Operating system attacks. What is an operating system attack? Which we are using like Windows, Linux, Mac operating systems. When there are drawbacks to these operating systems. In versions of the operating system, if there's any mistake in their by-default settings. By using drawbacks, we take access to any system, that is called Operating system attacks. In Windows, we get a lot of vulnerabilities. like null account, misconfiguration, etc. are some of them. When we attack through all these short comings. We check the version of the OS, and according to versions, we check the attacks, it is known as operating system attacks. Now, there is Misconfiguration attacks. What is misconfiguration? weather we are using software, application, or operating system, they all have settings. In which port it’ll work? Who will respond when you take action? If there is a drawback in these settings, or if a setting is set by default, it is called misconfiguration. Let’s talk about examples. We have a router or broadband at home, and we are using its network. Its default gateway means admin webpage. What’s its by-default password? Admin Admin, admin password. These are some by-default passwords. If you didn’t change this password. Even today, it's by-default password. This is a part of misconfiguration. Some settings come by default with a device. If we don’t change the setting and if because of those settings, the device is vulnerable, it is known as misconfiguration attack. After that, there is Application-level attacks. What is an application-level attack? We use web applications, we use websites, but when we find a drawback in them or when we find a mistake in a program of a developer, or we trying the SQL injection, cross ride skipping, etc., in the web application with the help of programming. Because of the developer's fault if we are compromising the web application, these are termed application-level attacks. After that there is Shrink- Wrap Code Attack. What is Shrink- Wrap Code Attack? Try to understand it well. Suppose, there was an issue in either of these three applications. I reported that issue or I conveyed that you have this vulnerability. They didn’t release the patch. They have not removed that vulnerability yet. Because of this reason other attackers hack their system, then it is known as Shrink- Wrap Code Attack. Those devices, systems, applications whose vulnerabilities or patches are not yet released, and they have been attacked one more time. They are known as Shrink-Wrap Code attacks. These are types of attacks on a system. The next topic is Scope in Ethical hacking. We are moving towards Ethical hacking, classes are good, we are getting it. Is there any scope? We’ll see some logical points. & we’ll try to understand our environment. Is there a scope of ethical hacking in reality or not? Let’s focus on these. First is, in India what is the average salary of ethical hackers? It is 5 lakhs per year. An ethical hacker's average salary is 5 lakhs per year. This salary is not accurate. It may differ. If your skills are good, you've good knowledge. Your salary may be increased. Let’s move on. This is related to cybercrime. Cybercrime has increased by 600%. When? In Covid-19. In Covid-19, cyberattacks increased a lot. Everyone is upset with it. You can see in the environment around you that every day some system is being hacked. Sometimes apple has vulnerabilities, Zoom is being hacked, Microsoft is being hacked. 0:09:34.590,0:09:40.040 These are the attacks that have happened. Because of these attacks, you can see in the graph, 600% of the cybercrime is increased. When? In the Covid-19 pandemic & growing in 2020. Let's see what happens in 2021, cyber attacks are increasing a lot. If there is a world war in the future, it could be a cyberwar. Cyberwar is the most dangerous war. You can access device from home. You can harm anyone, every rocket, device, or nuclear weapon, you can accessed them as everything is digital right now. If you can hack every digital machine, cyberwar will be a very dangerous. We can consider a lot of examples. There are lots of points that say cyberwar can be very dangerous. It is necessary that the ethical hackers get ready in time so that there is no cyber attack & able to secure the system. We need to defeat the bad hackers. Next point is, according to Statista, the Indian Government spends more than 395 million U.S dollars. This means according to Statista, in 2019, the Indian government invest 395 million U.S dollars in cyber security. They spend 395 million U.S dollars on cyber security. This is too much. So this is the 2019 graph. In 2019 they spend this much U.S dollars. They are increasing the cyber security team. They also provide training. They want people to apply for Ethical Hackers. Prepare yourself for ethical hackers, develop their skills. They have also talked about 550 million U.S dollars to apply by 2022. In 2022, the Indian government will be going to invest up to 550 million U.S dollars in cyber security. The scope is too good but, it is not as easy as we think. We will have to develop our skills for this. You will continue to learn with me & develop your skills. If you develop your skills, you can keep anyone secure. The demand for cyber security is very high. We just have to improve our skills in it & work hard. We can see the results. We will do this work together. Let’s move forward. We saw so much about cybersecurity and ethical hacking. Ethical means, process all attacks and testing by following the laws. Now, we’ll talk about what are laws? What does cyber law say? Acts of India, the Patents (Amendment) Act 1999, Trade Marks Acts 1999 & the Copyright Act 1957, and The Information Technology Act. These Acts are related to cyber security. You can understand more about these acts from these two URLs. I will provide you these URLs in the description. It is the Indian Act, which is related to cyber security. We need to know about it. If we are testing a system, we should know what not to do. Let me tell you without permission, we don't have to test any system at all. It's very much a basic rule for an ethical hacker or white-hat hacker. Without any written permission, we will not test any system. Today’s first topic is the basic part. Networking concept. What is networking? We’ll be going to discuss the networking concept. Let's start with what we're going to learn today. We're going to learn 5 things. What is computer networking? How does it work? What are the types of networks? What is IP address & their types? and role of ports in networking. These are the 5 things we are going to learn. Let’s start with our first topic, what is computer networking? What is computer networking? From these points, you will understand computer networking. First communication. What is communication? When two devices or entities communicate with each other or shares the information, this is called communication. What is computer networking? When a computer with another computer through any source, and share any data, information, or software, is known as computer networking. How does it work? We’ll see it later. Sharing of software. What are the things we can share on computer networks? We can share files, softwares, we can share information. File or information we shared, will be stored somewhere. If I've shared the file, it'll be stored in your system. If I've sent audio to you, it'll be stored in your system. If you have sent the software, it will be saved in your system. So it preserves information. And security, what is security? If two systems communicate with each other, they do so through the protocol. TCP, UDP and STTP, communicate through any protocol. The protocol takes care that their data is transferred securely, and stored securely. So they provide us with security. Sharing of hardware is also done in computer networking and sharing of data. So computer networking provides us with all these terms. Let’s discuss it again. When two systems want to communicate with each other. This communication is termed computer networking. All the rules, process, or regulation followed in communication, is called computer networking. How it works? It is the most important topic. Please try to understand it well. In Ethical hacking, networking plays an important role. When we do network scanning, we need to understand the network. The first entity that we have to understand is the ISP. What is ISP? Internet Service Provider. Jio, Airtel, BSNL & any other networks who provide us with internet, are called ISP. You must be using some ISP internet in your home. You will have either Airtel's broadband in your home, or you will have Jio's or BSNL broadband in your home. What does ISP do? ISP is an internet service provider. It provides internet to the broadband. Broadband is providing us with the internet. From where connected system get the internet? This is provided by broadband. Let’s understand the communication between ISP & broadband. When communication between ISP and Broadband is built. ISP is providing the internet to broadband. Then what is he getting? What do you aboubt IP? What is IP? IP is an address, Internet Protocol Address. And when is this address provided? This address is found when a system has internet provided. As soon as the internet is connected to the system, an IP is alloted to it. In it’s Wide Area Network or Local Area Network. It has an address. It will get the address only if it has internet. As soon as the ISP gave internet to broadband. An IP is allotted to it. It’s public IP. 82.10.250.19 When was this IP allotted to the Internet? When the ISP provided its internet. As soon as it has an internet connection. It has a private IP & public IP.192.168.0.1, which it already had. What will it do next? It has the internet, has the public IP, devices are connected. Whether they are wired or wireless. There is one wireless device, the rest of them are wired devices. The device that is connected to it. It is providing internet to these devices. With the internet, it is alloting the IP to each one. On which basis will the IP be allotted? IP will be allotted via the default gateway That is 192.168.0.1. Whichever IP will be allotted to the system, it will be after 0.1. That's how default gateway works. Default gateway is the first IP of the system's router After that, all the IPs are assigned by the router to each system. Our system has 102. This one has 100, this one has 10, which is play station. The router is providing IPs to everyone. But the IP that it is providing, are all are private IPs. All the IPs that you see here are private IPs. They do not exist in the wide-area network or the internet world. No one knows this system has these IPs. Which system is this IP belonging to? Whatever IP is going to the internet, only the public IP will go. Private IP will not go. Because this IP is just limited to this area. There is no importance of this IP outside this area. Then which IP? This public IP, which the ISP has given to it. Let’s understand it. Computer wants to access the Google. It writes google.com. As soon as it generated a request to access Google. It searched google.com in its browser. Where will the delivery come after generating a packet? Near our router. Now, what will the router do? The router will forward this packet to the Internet. The router is forwarding this packet to the Internet. Let’s understand the source IP & destination IP. The system from which the packet is being generated. That is called source IP. This packet is generated from here. What is destination IP? The destination at which this packet is going. From here if the router generated a packet towards the Google server. We want access to your site. Source IP was of router and the destination IP was of Google. That packet had to arrive there. So as soon as the router sent the packet. So the source IP that is here will be the router. This packet will be directly passed to the Google server, ping from his IP. we’ll discuss it later. Google server will give only two responses. Either you can't access my site or you can access my site. In both cases, it will generate a response. It gives reply. That reply is known as response. As soon as the response is generated, on which IP will it come? Will it come to the IP of this system? At 102? No. It will come to the IP of the router. Just because that router’s IP is the source IP. The IP that has been transferred to the Google server, was this IP. So the response that will come, that response will also come to this router. This router received a response. Now, the router does another good job. It is important to understand this. The router generates an ARP request every few seconds. What is an ARP request? Address Resolution Protocol. What does it do? It confirms how many systems are connected to the router. What is the IP of all those systems? It asks who is 102? A request will be generated, that asks who is 192.168.0.102. This request will be sent to all the systems. This system will say I'm 102. As soon as it replies, I'm 102. It will update it in its records. And the response that came will be shared with it. That's how networking works. Either it is wireless or wired, even if this the wireless device has asked for permission to access Google. But the IP that goes, will be the public IP of the router. The response will also come to the router itself. The router will share the ARP request with everyone. Whoever has the IP, will share with it. That’s how networking works. Move towards fo our next topic. The next topic is, types of networks in networking. How many types of networks in networking? Networking consists of 3 types of networks. Local Area Network, Metropolitan Area Network, and Wide Area Network. The network is divided into three categories. So let's understand what's inside of them. First is, LAN. What is LAN? LAN, as you can see here. There is a router that we just understood. The system is connected to a router. There will be 10 or 5 systems. Any system whether connected to a Wi-Fi or wired device. doesn’t matter. All the devices that are connected inside the router are called LAN. This is a router. The router has connected the system. How many systems are connected to the router? 1,2,3,4,5,6. Six systems are connected. There is a small area network, it will be called a Local Area Network. This Local Area Network is known as LAN. Whatever information is being shared in the small area, is called LAN. The second is, MAN. Metropolitan Area Network. What is MAN? When a router, broadband, or any other service is using it on a stage bigger than the LAN. This network is also being provided at home, it is also being provided to the company and its servers. If there is net provided in the surrounding area, that means it covers a large geographical area compared to LAN. It is called MAN. Metropolitan Area Network. The third is WAN, Wide Area Network. What is a Wide Area Network? We all are connected to Wide Area Network. Wide Area Network is Internet. That covers a large geographical area. ISP provides internet all over the country. It is a Wide Area Network. 'WWW' is a Wide Area Network. What does it do? A router is providing internet in different countries & different devices. This is a Wide Area Network. Our next topic is, What is IP address? We just saw public IPs, we saw some private IPs, seen default gateway, which is like a private IP. We’ll understand it later. Now, what is IPv4? What is IPv4? And what information it gives us, let’s understand. The full form of IP is Internet Protocol Address. Next thing. It consists of digits of 4 pairs. Each pair has 8 bits i.e, 1 byte. Total bites will be 32, i.e, 4 bytes. So, each IP is 4 bytes. Let’s understand a few things about IP. IP slots give us information. This will be new for you. This is the first pair, what information does the first pair give? This pair tells us which country the IP is from. This pair will tell us whether it is from India or the IP of another country. Does the second pair tell us? The second pair tells us what the state is. The third pair tells us who the ISP is. Who is Internet Service Provider? It tells us that where is the office of ISP that alloted the IP, which state and in which country? The IP tells about the location. Just like our Aadhaar card gives information about the house, or gives our information. Similarly, IP also holds information. In scanning, we will see what information can be fetched from IP. After these information, 4th pair indicates towards device. How it works and what's the work? Let’s understand that. Suppose, you access a site or a criminal has committed a cyber fraud. If they have accessed a site, the IP is recorded in the logs file What is the record in the logs file? What was run, what was the IP, and at what time has it was used? These 3 informations are stored within it. What does our cyber team do? It reaches that ISP through this IP. It reaches the ISP office in that state of that country. It queries which system had this IP at this time. Then they find out that this system had this IP, whose MAC address is this. And through that, they get to that system. This is how our IP keeps a lot of our information. What is the difference between IPv4 & IPv6? About IPv4, we understood that IPv4 is a version inside which we get the numbers of a total of 32 bits. In which the addressing takes place in this form. 192.159.252.76. The prefix notation, which is the starting of the IP, the country & state remains fixed, the given ISP changes according to it. The first pair will be changed according to the country. The second pair will be changed according to the state. How many addresses can be made? How many combinations can it be made? How many systems can be allotted IPv4? This is 2^32, i.e, 4.7 billions addresses. 4.7 billion addresses can be generated by IPv4. IPv4 can allot IP to 4.7 billion devices. But it is less than today's use. According to today's usage, a lot of people are using the internet. A lot of devices are on the internet. So it's becoming difficult to allot IPs to so many devices. Let's talk about static IP, which we will understand further about. So it's becoming much more difficult. In that case, we introduced the IPv6. IPv6 is an updated version of IPv4. Which has some more profitable things. We understand what it is. IPv6 has 126-bit numbers. Its notation is of this kind, as you can see here. 0:26:56.140,0:27:00.970 The special thing about it is that its number of combinations are a lot more. How much? 2^128. It means 340 trillion trillion trillion addresses. Approximately, so many addresses can be created. Here we will not feel the lack of IP allocation to systems. That's why IPv6 was introduced. The next point is the types of IP. How many types of IPs are there? First looks at these two topics, public & private. What are these two IPs? What’s the difference? In Public IP we saw, that ISP had provided the broadband, which our SIM has. If in our mobile we have turned on the mobile hotspot, and the rest of the devices are connected, those who are using the net. Their IP will not go. IP will go of our device because that is a public IP. Whatever device is connected to its internal, it is connected by the local IP. A public IP is an IP that will be visible all over the internet. Just like our PAN card number, if we apply it anywhere in the world, we will get our information. It is available all over the world. Our name is our Identity, wherever the name is taken, it can be identified whose name is this. If you talk about our nickname, which is taken in limited area, That is known as Private IP. Private means it is known in that area only, it has no importance outside that area. Whatever system was connected to the router, whatever the IP it had, 192168 This system's IP will never forward. The IP that we will see on the Internet will be the public IP. Next, static & dynamic. What is static IP & dynamic IP? A static IP address is simply an address that doesn't change once it is alloted, they are fixed. My system’s IP address is 142.168.29.29. This IP will remain fixed. It will be fixed whether it is the next day, the month, or the year. Where is static IP used? When we host our website, or when a website gets the domain, and gets a domain name, it is hosted The IP gets a name that we call a domain name. So its IP is fixed. Because we will not want to change our IP regularly. Someone has a problem getting to us. It's like our home address. I don't want my home address to be different. If you are coming, I have to tell a new address every day, that is not possible. This will reduce the traffic that come to the website. That's why we ask for static IP. We are given a static IP. What is dynamic IP? The IP that we are getting is allotted to our devices by default. Because we don't need a static IP that much. A normal user doesn't need a static IP that much. The IP that we are allotted in our devices is the dynamic IP. It changes regularly. After a period of time, that IP changes. If there is a blockage or hurdle in the middle, it changes the IP. You turned on your airplane mode, switch off the phone or changed the SIM. In that case, the new IP is assigned. IP can be assigned to everyone time to time. If a system is not in use or not in working conditions, then it is stupid to keep an IP. We were short of IP. There is not so much IP after IPv6. When we don't have the use of static IP. Static IP is not given to us .This is our next topic, Role of ports in networking. What is the role of ports in networking? I give you a brief to understand it. When one system has to be communicated to another system. Any file, any information to be shared. Suppose, its IP was 192.168.1.28. And its IP was 192.168.1.29. These two systems wants to communicate with each other. They want to share the information with each other. But it uses any protocol, either TCP or UDP. They have to follow some rules, which decide the port. The information that is going, which way is it going? There are a lot of paths here. I just have to share some information. I'm accessing a website, sending requests to it, and taking responses. So there are different paths here. We can understand this as a street too. Now let's also take two live examples to understand it. It's a friend's house and it's my house. If my friend has to come to my house, he will come by some way. He will know the address of my house. He'll know what the street number of my house is. This friend who will come, whatever the address is, whatever the lanes are going, which lane is bringing him. He will come according to that. The data that is also being transferred on the internet. Communication that is taking place between the two systems. It will be on some port or will be on some way. Ports have some rules. What? If I'm listening at port number 28, you'll speak at port number 28 too. When the two friends were meeting. There are different paths here. If the number of this street is 80. So if I am standing on street number 80, I am waiting for him. And he comes from street number 443. So, will we be able to meet? We will not be able to meet. Our communication will not be set up. We won't talk whatever work we both had to. These are both systems that have their IP. If these two have to transfer data from each other and share information, then they have to do it on the same port. So let's understand some other things about it. What is the total number of ports? The total number of ports is 65536. They have some states. What is the mean of states? When we do networking scanning, we see some states of the ports. Either it looks open, or it looks closed or it looks filtered. Here is one thing to understand this. Let's say our house has doors open so anyone can come in, or we have it closed so nobody can enter. or the door is locked. Unless someone has a key, no one can come in. This is some of the states of ports. Next is, Well Known ports. What is this? The ports numbered from 0-1023, are well-known. It is known that who will be using these ports by default. Like 80 is used by HTTP, 443 is used by HTTPS, these are well known-ports. It is defined that these ports will be using them. These services will be using it. Next is, registered ports. Ports from 1024 to 49151 are called registered ports. These ports are registered for a particular system. It is registered for a service, only that will work on them. From 49152 to 65535 are called dynamic ports. It can be allotted to anyone. It can be of use to anyone. That’s why they are called dynamic ports. Every service that we saw, will run on one of the ports. So these are some by-default services or by-default ports. Let's take a look at it. Port No. 20, Service of FTP data is used by port number 20. through which protocol is it communicating? Whatever communication will happen will be either TCP or UDP. The protocol will remain TCP or UDP. What is service? This is for the sharing of FTP data Port number 20 is using FTP data service. When we run the website, that is, HTTP service runs on port number 80. The protocol will remain TCP but, the service will be HTTP. And HTTPS, as soon as a SSL certificate is added to a HTTP website, it becomes a HTTPS. And this SSL certificate or this SSL service, it runs on port number 443. Their protocol will remain TCP. And here you can see, the service it has is SSL. So there are some such services that run only on by-default ports. OSI vs. TCP/IP Model. Here we're going to learn a few things about OSI vs. TCP/IP Model. Let’s discuss it. What is OSI Model? How it works? What is TCP/IP Model? How it works? OSI Vs TCP/IP Model. Today we're going to learn 5 things. Our first topic is, What is OSI Model? Let's look at these things first, and then we'll clear it. What is the full form of OSI? Open System Interconnection Model. It defines function. What is it doing? In 7 layers, it has defined some functions that helps us in standardize communication. When two systems had to be communicated with computer networking, now they follow the OSI model and do the communication. Because it also sets up standardised communication. The 7 layers that are here, it is helping it in standardise communication. This means the OSI is a model that is defining the function in 7 layers. With the help of which we can set the standardized communication between two systems. It is bottom-to-up approach. The OSI model works bottom to up. Next thing is, this is the OSI model we have. How it works? How does the OSI model work? Let's understand it. We have a total of 7 layers. These 7 layers, in which we have an application, presentation, session, transport, network, data layer & physical. These seven layers helps in our networking. Let's see how it'll do it. This is the first layer, physical layer, that is being read from bottom to up. What does this layer do? It does bitstreaming. It helps in bitstreaming of the data that is being transferred. What will the data layer do? Whatever errors are being generated, data layer will work on them. What will networking do? It resolve addresses. This will find where is the data going. It works on source IP, address IP, source address & destination address. What the transport layer does? The transport layer gives acknowledgement. The transport layer will tell us whether this packet has been transported or not. The reply or acknowledgement that has come in return will tell. What will the session layer do? When two systems are connected, a session is created between them. Those sessions should be connected, the session helps in that. What does session layer do? Whether that network is connected or not, whether that session is active or not. If the session is not active, it will reconnect. Whether that session is authenticated or not, whether the authenticated person is connected to that session or not. After that, What does the Presentation Layer do? It performs the data manipulation. It will encode, encrypt, convert to a zip file, compress the data. Whatever process it is, it is done by the presentation layer. Application layer. This is our high level layer, it helps us to share resources. So how is work going now? Suppose a client is transferring data. When that client has transferred the data from here, as soon as the data goes to the server, then that data will be read at the bottom to up. First the physical layer will do its work, then the data layer will do its work, then network layer, then transport, session, presentation, & then application. This process, which is about data sharing, is accepting the data. The OSI layer is followed in between them. The data which is coming or going should work properly. The data that is being transferred should be proper, complete, secure transferred. So all this work is done by OSI model. Because of the OSI model, communication is happening in our networking, it has become easy. Next is, what is TCP/IP model? TCP stands for Transmission Control Protocol. And IP stands for Internet Protocol. What is the TCP/IP model helping us with? Let's see some points, we will understand it later. TCP/IP is a version of OSI model, divides in 4 to 5 layers, it is a practical model which works on WAN. What is it? TCP/IP is a model that is a practical version of OSI. It is working as the same as OSI, only it has been implemented practically in Wide Area Network. Either it has four layers or it has 5 layers. TCP/IP is divided into 2 parts.There is a 4 layer model and a 5 layer model. Both are doing the same thing. The 4 layer model is followed in the wide area network. In which we are transferring data, and doing standardized communication, which we used to do in the OSI model. But here it is just 4-5 layers and it is practically working in the WAN. Next is, this is TCP 4-layer model & this is 5-layer model. What is the difference between the both? What points are in 4-layer & what points are in 5-layers. In TCP/IP 4-layer model, the application layer comes first in this, will work the way it used to work in the OSI model. Then transport layer, internet layer & network access layer. In TCP/IP 5-layer model, their is application layer, transport layer, internet layer, data-link layer & physical layer. The physical layer and the data-link layer are combined into the network access layer. The 4-layer model is globally used and recognized. OSI Vs TCP/IP model. What’s the difference between the OSI model &TCP/IP model? The 4 layers defined in the TCP model. There are 7 layers in the OSI model. There is not much difference in these two. These layers are combined into 4-layers. First three layers are combined in the application layer. Transport layer in transport layer, network layer in internet layer, data-link layer & physical layer are combined in network access layer. By combining all these layers, the TCP/IP model has been created, which is practically used in Wide Area Network. This is only difference in the entire functioning of the OSI model in done by TCP/IP Model. This is the difference between TCP/IP model & OSI model. I have brought a video of Protocols in Networking. Which is an essential part of the networking concept. Here we are going to learn 5 things. What are network protocols? Types of protocols. How does it works? TCP 3-way handshake, and TCP Vs UDP. We are going to learn 5 things. Let's start with the first topic, What are Networking Protocols? These are the basic points. Set of rules. How data is transmitted? Device communication. What are Networking Protocols? What are networking protocols used for? When two devices communicate with each other, they need a source to communicate with each other. We call that protocol, what does protocols do? These are some set of rules that tell how the data will be transmitted. This set of rules will tell us how to transmit data. What encryption format will it have? This will make us follow the Standardized process. It will help us in communicating with devices. When two devices communicate with each other, protocols are used. Protocol is the source that will carry data from one place to another. It will tell on which port the data will come or go. All rules are followed by protocols. Next is, types of protocols. How many types of protocols are there? Here we have defined the protocol on the basis of the TCP/IP 4-layer model. We have application layer, inside which there are protocols that are Telnet, SNTP, POP3, FTP, NTP, HTTP, SNMP, DNS, SSH. These protocols come or works under the application layer. Second is, transport layer, What protocols come under it? TCP & UDP. Transfer will be successful through TCP & UDP. The protocol will be TCP & UDP only. The protocol that comes under the Internet layer is IP, ICMP, ARP, DHCP. Last layer is network access layer, the protocol that comes inside it is Ethernet, PPP, ADSL. These models are arranged according to the TCP/IP model. What is TCP? How it works? TCP has a 6 flags. These are those 6 flags. Which flag is used for what? Through whom TCP is helping the two devices communicate? How does it works? Let’s understand. First flag is, the urgent flag. What does it do? Data contained in a packet should be processed immediately. This flag says that the packet in which the data is coming, if it has an urgent flag, then urgent work should be done on this packet. Its priority is high. Finish. What does it do? It says there will be no further transmission. It is telling us that the communication we just set up to share a file, the file has been shared. This connection should be closed. Our work is over. Next is, RST. Reset. Reset the connection. Connection should be reset. After that, PSH. push. It says sends all buffered data immediately. Send buffered data quickly so that we can close the connection. ACK. Acknowledgment. What does it do? Our packets which we are sharing which we are sharing requests. Whether that packet is reaching there or not, it shares its acknowledgment. Acknowledges the receipt of the packets. SYN. Synchronization. What does it do? Establish the connection. The request for the connection packet is shared through the SYN packet. So this is 6 flags of TCP. Let us see how TCP works. TCP follows 3-way handshake, i.e shaking hands 3 times. Let’s understand in normal language, how it is working. Here, we have Bill and Sheela. These two have to communicate with each other. Bill has to talk to Sheela, so Bill will follow TCP handshake. A handshake must occur before any data transfer takes place. When a connection is established, then the data transfer starts. So here Bill has generated a request towards Sheela. Bill has sent a packet to Sheela, inside which he has sent a SYN flag. Bill has sent a SYN flag. Said to Sheela “I would like to talk with you Sheela on port 21, Are you open? Bill asked Sheela at port number 21. There were different routes, as we understood in the previous video. What is port? It is a path between one system to communicate with another system. Right now he is asking Sheela, are you open on port 21? Can I talk to you? Through the SYN packet, it sent a request to establish the connection to Sheela. As soon as Sheela got the request, Sheela is saying, “OK, let’s talk Bill. I’m open on port 21”. Sheela told Bill that I should open on port 21. We can talk. And by what means did it speak? Via sending SYN+ACK packet. I have got your request and I am sending you the acknowledgment, that I’m open on port 21. We can talk. Bill replied again. Bill to establish this connection properly. Sheela's request has came, Sheela's response has came, will reply to her with acknowledgment & it’s packet. In which he is speaking, “Ok, Thanks Sheela”. As soon as it has sent two acknowledgment flags inside the one packet. At the same time this connection is established. After the connection is established, a session is created in which the data will keep transferring till when? It will keep transferring as long as the handshake established is not broken. Now how can we do that? Let's understand. How can we terminate the TCP session? How to close this session which was established? Its process is also very easy. The connection that Bill had made with Sheela, the connection that was established has to be broken now. How? Bill will say, “I’m done with the data transfer”. The data that I had to transfer has been done. How will he speak? By sending FIN flag. Bill generated a request within which the FIN flag was sent, means Finish. I am done now. Sheela will respond against him. Ok, I received your response. OK, I received your termination request. How will she do it? By generating packets of two acknowledgment flags. Sheela will give one more reply. “I have received all the data”. Sheela has checked whether the data you were sharing has been received or not. As soon as she has received the data. She said, “I have received all tha data”. And she has also shared the FIN flag packet from here, ok this connection is finished from my side too. The last session remains of the Bill. In which Bill will send the acknowledgment packet and say, ok this connection is completely closed now. After this no session won't stay created. Bill will going to close this connection completely. That is, whatever data was to be transferred, won't be transferred. That’s how TCP works. TCP Vs UDP. What’s the difference between TCP & UDP? TCP follows 3-way handshake & UDP follows 1-way handshake. In TCP, first the SYN packet goes, the acknowledgment packet of the SYN arrives, then an acknowledgment packet goes. Then a connection is established. But here we see, here a request packet comes, then just a response packet goes. UDP follows 1-way handshake, the 3-way handshake is not followed & it works in the wired network. TCP works in wireless network. In wired area networks, TCP communication is used. TCP protocol is used. Only one request is generated in UDP, after that the data transfer continues. And this happens in wired networks. Domain Name & DNS is an essential part of Networking Concept. What will you learn? You are going to learn 4 things. What is domain name? What is DNS? Records in DNS & there use. What is a zone file? These 4 topics, we are going to learn. Let's start the first topic which is, what is domain name? Let's look at some points, after that you will understand well what is a domain name. Name of IP. Easy to remember. Next I have given some examples. Let's understand this what is domain name? We run websites, go to the Internet, write a name for any domain like google.com, facebook.com, wscubetech.com. As soon as we type these name, then it goes to a system and through the system itself, i.e, server or website, we access it. Domain name is the name that we write, google.com, facebook.com. How does a domain name work? The domain google.com, how is it working? Each domain is connected to a single IP. Understand the purpose of making it. Why was the domain name created? Because there are so many digits, 4-pair digits are the in IP, which was 192.168.42.42. Example- this is IP, so we can't remember such a PIN. We cannot properly remember the value of 4-pairs. If we have to go to Google.com then we will not go by writing this. There are so many domains like this, we can't remember all of them. To keep it easy, we have introduced the domain name to make it easy to remember, which is the name of as server IP. There is a server, whatever its IP is, it became it’s name. As soon as we type Google.com, we are going to Google IP through DNS server. Domains made that job easy, we don't need to remember the IP anymore. We need to remember the name which is the domain name. Like our Aadhar card does not need to remember the number, our name is enough. All the information are done through name. As soon as we go to any portal and write name, write our mobile number or some other details, then our Aadhaar number shows.This is also something similar. As soon as we generate a request on a domain, then that domain automatically redirects us to the IP. So this is domain. Now, what is DNS? What is Domain Name Server or Domain Name System? The full form of DNS is Domain Name System. It is also known as address book of internet. It translates domain name in IP. why it is known as address book of internet? If we have a phone book, what information is there in it? someone's name, their mobile number and their address. We keep these three things confirmed in a phone book. So why is it called address book? whatever relation or information is between a domain and IP, it stores all that information in its own file, i.e, is called zone file. It saves all this information in the format of records. That is, whatever is the relation between the domain and the IP, all that data will be stored here, in the zone file. All the information is collected and kept, hence it is called Address Book of Internet. So that if we go to any domain, he will ping us on the same IP. Now, what type of records? What type of records are there in DNS? and what do they do? The first record we have is the 'A' record. What happens in the 'A' record? IP of domain name. What is it speaking? IP of a domain name. An IP appears in the 'A' record. The IP which we had to connect to the domain. If you write google.com then google.com will be redirected to which IP? That IP is stored inside the 'A' directory. Then comes 'CNAME'. What is stored inside it? Forward domains & subdomain to another domain. What does it do? It forwards any domain or sub- domain to another domain. It is not used every time. But if we want to use it, then we have to fill the value in the record of 'CNAME'. Then, MX. Mail Server. What does it do? It directs mail to email server. Whatever I am mailing, I mail from the same domain, it redirects it to the server side. What is TXT record? Any text by admin. Understand more about it. A 'TXT' record is a record which does not have any boundation. Which is open, that is, the administrator can write whatever he wants to write about his domain. 'SPF' records are also mentioned inside it. Whatever different information they want to tell, why the domain was created, what is its motive, by any sense. Even if it is for digital marketing purpose, they can write anything in the text record. The text is edited by the record admin and it can contain any information. NS. Name Server. Name Server of DNS entry. If my domain is wscubetech. com, then its name server will be 'ns1.wscubetech.com' or 'ns2.wscubetech.com'. So these are Name Servers. Next is, SOA. What is SOA? SOA is admin info about a domain. SOA record contains all the information of domain's admin. If anyone has to do reporting, then to whom will it go, infoatadimin.com, whatever domain it does, whatever it does. Whatever information is there from the admin from that domain, it will be a show in SOA. What does SRV do? Specify port for specific server. "SRV" specifies on which port which service will run.Defines each one, that this service will run on this port. What does PTR do? Provides domain name in reverse-lookups. As soon as we reverse-lookup a domain, it will show the name of the same domain. Whatever domain name you put in it, it will show that domain name. These are some basic records that DNS saves. Where does it save? in zone file. What is a zone file? Let us understand a little more about zone files. It is a text file of DNS. Records of Domain are stored in it. It is used for IP mapping and it is linked to the name server. Let's understand this. What is a zone file? A zone file is a text file, inside which "A" records, "MX" records and all other records are stored in it. This file is the way to link between the two files. It is linking between domain and IP. All the files that have been saved inside the DNS Manager will be saved inside the zone file. The zone file is updated every 4 hours. We can get to know about this from its TTL. Time To Live. We will understand better when we do scanning. When we scan IP or DNS. So it’s TTL is visible there, which by-default is 4 hours. So this is 4 hours means zone file will be updated after every 4 hours. If we have changed the name of a domain, transferred it from one place to another, or made any major change. So that change will be updated after 4 hours. So the zone file holds all this information. The zone file is very important. Another special thing is that the link to the name server. Like ns1.wscubetech.com. This is the name server. One such name server is linked with the zone file. In the future, if you understand how zone transfer happens or how it works, then the name server will play a very important role. Request Vs Response. This is an important part of networking concept which we are going to understand. So let's get started. Today we are going to learn 5 things here. What is request? What is response? Types of request & responses. Capture a request & response. Understanding a request & response. Today we are going to learn these 5 things about Request & Response. Our first topic is, what is request? What is HTML Request? Let's understand this. We will read the first two points. A packet asking to load a website. Asking the website to load the packet. Includes GET/POST, headers & body. In which it includes GET/POST, headers & body. So to understand what it is, let's look at this side once. This is a client. This client has to access any site. This client is required to access WsCube Tech's site. As soon as this client goes to the Google bar and writes wscubetech.com, writes the complete domain. At the same time a packet will be generated inside which the IP and some source IP, and such packets will be generated here, who will be asking WsCube Tech that can I run your site? When this packet is generated in which it is asking, can I run your system. We call this packet a request. A packet that a client sends to ask if I can access your website is called a request. How does this packet look, what things are added inside it, and how can we get it. I will tell you all these things. This is a request that is catched. There are some things inside this request, we will understand what are they? First thing is GET then URL, and then this is HTTP’s version. What can come in place of a GET and what can a GET do? This is a method. There are different methods for sharing the request. GET, PUT, POST, body etc. These are different kind of methods. So they define methods. The get method is such a method in which the value that is being sent goes in the URL itself. Whatever data is going, it will go in the URL itself. ‘/doc.text.html’ is a URL. HTTP/1.1 is a version. From the host to the content-length: 35 are called headers. Header means having some value in it and each value have a meaning. Here we will understand which are the headers? What values do they have? First is the host header. Next to which is a Domain- www.Text101.com. When this client made a request to the server of WsCube Tech. Can I access your site? So who was the host over here? Wscubetech.com. As soon as the client has granted permission to access the site and generates a request. So the host name header in that request came with the name written on it- wscubetech.com. Under that header came another header- accept header. Which tells the request which is going, what it can support? This request can support images whose extension will be ‘gif & jpeg’. It can support gif & jpeg images. Then there is accept language, it will tell which language can it support? Accept- encoding, which encoding and request can it support. i.e, gzip & deflate. User agent. This is important header. There's a lot of good information inside. Currently, written here is- Mozilla/4.0. This is Mozilla’s version. In a real request, when the user-agent goes to the header, it takes a lot of information. It will tell which is your browser, what is the version of your browser, how many bits is your operation system, i.e, 32 bits or 64 bits? Which system are you running? Apple, Linux, Windows. It will also tell the operating system, the number of bits, the browser and the version of the browser. User agent header takes all our information to the server. All the information will be in the server of WsCube Tech. After that there is another header, Content-Length. Which will tell us what is the length of the request. Length is 35. Here what you are able to see below is the body part. Anything can be put inside that body part. If there is any response, then here comes complete programming. If the request is made, then all the values are parameters that are being transferred through the ports. All those values come here. This is our by-default request, which will be generated and sent to the server. just to ask that can I access your site? Next is what is response? What is HTML response? To understand this, let's look at this point once. Packet Providing Permission to access website and content. A packet that is giving permission or replying to that request. In which he is giving permission to access the content or website. That is known as response. It includes GET/POST, Header & Body. What comes in the Body is complete program of that page. when we request it, Can we access website. Where did the request packet go after generating? On the server. Whose? WsCube Tech. Then WsCube Tech will reply. Either he will say that you cannot access, this will also a reply. Or he can access, this will also a reply. If he says that you can access the website, then what will be the information in the generated reply? GET/POST, Header, Body will be there. But the complete program of that page inside the body, that complete program will be within that response. And the server that is sending the reply, we call this response. Here, the server has sent that yes you can access my site. We will call this the response which will be given to the client. The response within which all programming will take place. Then the client will see the website of WsCube Tech on their browser. And even they refuses that no, you can't access. So there must be some code going on here. Like 400 or 301. There must be some program going on the website, whatever it is in that response. It must be showing on his browser. This is request & response. We understood about the methods. Let's see how many types of request methods are there. First, GET. What is GET method? Data transfer through URL easily visible & not secure. Whatever data is being transferred, it will be transferred through URL. What is URL? There is tab in our browser, where we go to search or write anything. When we access the website, its domain & its directories will show there. If the data is transfer in the same directory. If it shows admin equals to this, password equals to this. If you have entered Id- password on your login page & submitted. As soon as you submit, if you see your Id-password in your URL. So this request is GET request. This method which is in use, this is the GET method. So it is not considered secure because your data is completely visible. It is going through the URL, it can also be manipulated. Next is HEAD method. Same as GET, but transfer the status line & header section only. Other than that, no other information goes into the Head method. Third is POST method. What is this? It sends user information & files in body to server using HTML form. The data that is being input from any means of the HTML form or the request is being generated. Whatever data is there in that request, it will go to the body part. It is considered more secure than the GET because all the data in the GET is visible in the URL. Whatever data is being transferred here, it is going in the POST body, which a normal person cannot see unless it's intercepting that request. Normally when we run the website, we cannot easily intercept. We have to use some tool, advanced function or operation. Next is PUT method. What does PUT method do? It replaces all current representation of the target resource with the uploaded content. Whatever new content has been uploaded, it replaces that uploaded content with the old content. this is done by PUT method. Next to that, there are some other methods. Like DELETE. What does DELETE method do? Removes all current representation of the target source given by a URL. Whatever operations a URL has given to it. According to it, whatever content or whatever is there, it will remove it. OPTION. What does OPTION method do? Describes the communication options for the target resources. It will show the option, will describe those options, whatever option we have to communicate with a target. TRACE method. What does it do? Performs a message loop-back test along the path to the target resources. The TRACE method is used to trace the path to the target's resources. It gives the exact path or loaction. CONNECT. What does CONNECT method do? Establish the tunnel to the server identified by given URL. When two systems are connected to each other, they are sharing data. When their hand-shaking happens, then CONNECT option is used which keeps them both connected. A tunnel is formed which is connected to the server. Tunnel formed between client and server, so it is doing CONNECT method. Today, we are seeing in this video while transferring in our network through Wireshark how we can capture the data & data packets . How can you do modifications in it, how to find the packet and find out which packet is kept in which place. Whatever packet is being transferred in our network, whether it is going through request or coming through response. We can capture both the packets and modify them. Let us move on to Wireshark. You will find Wireshark installed on Kali Linux. If it is not available then I will tell you everything in the lab setup part, how to install the tools. There are two methods to start Wireshark. First we write Wireshark in the search bar, if I press enter in it, it will start. The second way, which we use most commonly, is through our terminal. I will give the route information here. Here, I just have to write Wireshark. Wireshark will start as soon as you type & enter. What you are seeing here, all the devices names are showing, any, loopback, ethernet, jio, bluetooth. Inside the device, you will see the chart, this chart is telling where the data is being transferred. Where is the fluctuating data, where is the data moving. Lan0 is our wifi stick name. Whatever communication is happening through our WiFi stick, data is coming or going. Whatever is being transferred is being recorded here. So let's go inside it and see. It has started recording. Data is coming, ARP request is coming. You can see it here. Broadband is sending ARP request. Here all the packets, whatever the request and response are, they are being captured. So I visit the site for an example. So on this site I submit the login, i.e, username- admin and password-admin@123. I will not save But I do know that this packet has been captured through Wireshark. Now my job is to find this packet and see what information I have been able to capture. So now I stop it because that packet must have been captured in it. Here you are seeing a lot of packets, TCP, ARP and whatever response or request I am getting from any server, all that is coming over here. We have two options to search. Either we use a filter whatever packets are there, are seen filtered, which is a very good option, will see the filter in the next session. Here we will do string search. Here we will write such a string which is being used somewhere in that packet. Chances will be that it is being used So we write 'pass', short form of password. We are able to see that which was our packet, which we had put in Id-Password, i.e, admin & admin@123. It is visible here in clear text format. So here we are able to see that Wireshark is reading the packet. We are able to see the information related to the packet here. Went to this IP from this IP. That was the source IP, destination IP was of server. Total length of content is 589. This is done through the HTTP protocol. Whatever information we have is showing here, has gone in the POST method. we are able to visit and see the ID-password that has been sent in the POST method. So that's all in today's session. We saw how we can capture a packet through Wireshark and read them. All about Linux. What are we going to learn today? Total 4 things to learn here. What is Linux operating system? Cool features of Linux, Basic file system of Linux, and Basic Linux commands. We are going to learn these 4 things. Let's start. What is Linux? Linux is an operating system. Linux is similar to Windows. There are some points in this, by looking at which we can understand Linux better. First is, Open Source operating system. It means Linux is an Open source operating system. This operating system is developed by the open source community. Which has the advantage that it is free to use. This is not a paid one. If we use Windows operating system then we have to purchase it. Original Windows has to be purchased but original Linux is free to use. It's source code is open to modify, is easily available. We can modify our operating system, we can change it, we can change its source code. Its source code is freely available. Next is, based on Linux Kernel. Linux was started, is based on Linux kernel. Linux was started Sep-17-1991, By whom it was made? Linus Torvalds. Linux has been introduced by Linus Torvalds. Now, it is being made completely by the community. Let me tell you another advantage of this. Because a very big community is making it that means a group of people. Means when more people are making an operating system than the employees of a company, then it will be definitely very good. Let's See Some Cool Features Of Linux. First is, multi-user capability. In Linux operating system, more than one person can be added at a time. Next, multi-tasking. It can do many tasks simultaneously at one time. Portability. Linux can run on every device. We use this in a pen drive, in a source device, ATM, Bometric, Linux is used everywhere. Because it is portable. It is able to work efficiently with all these devices. Security. The structure of Linux is so good, community is making it & dependent on the proper file system. That's why it is quite secure. Everything is treated like a file in Linux. You cannot execute anything. There are many points which makes Linux secure. Next is, live CD/USB. I personally like this feature a lot. Linux will be installed in any CD or pendrive. And it will run like a live operating system. To run Linux in any computer, I do not need to install any software in that computer system. I just have to do pendrive plugging, start boot manager source. Then, I can run my operating system without installing any operating system. I can do all the work in that computer through Linux, without installing Linux in it. There are some more good features which we will discuss later. It's my favourite. Graphical User Interface. Earlier, Linux is based on terminal but because of the large number of versions of Ubuntu and Linux, Linux provides a very good graphical user interface because of different distributions. Application support. Linux application support is great. File system. Like I said, everything is treated like a file system in Linux. So its file system is also very good. Next is, open source. It is available as open source. Next we will see basic file system of Linux. You will see some basic directories in the file system of Linux or the directories of Linux. What work is done, which basic files are stored, and how is it useful to us? First is, /bin directory. What does it store? Basic programs. In Linux, we run everything from the terminal, most of the things. And we are also going to use terminal in our ethical session. we run different commands, ls, cd, dir, pwd. All commands which we are using, the programming of these commands is stored in the bin directory. Next is, /sbin. What /sbin stores? System programs. The programs that are helpful for the system. Like disk, sysctl, mkfs, etc. Any software that is helpful for the system. They are all in this directory. /etc directory. What is stored in /etc directory? Configuration files. Every system or software has some configuration. When we install any software, their settings, configuration files are stored in the /etc directory. Next is, /temp. What stores in /temp directory? Temporary files. The files that we copy. And all the temporary files, which are stored for a short time, all those files are stored inside the /temp directory. What is store in /usr/bin directory? Applications. What type of applications? Which we install from outside. Like even if we get pre-installed applications, but those are also an applications. Like nmap, gedit, nano, apt. All the applications we use in the Linux operating system are stored in the /usr/bin directory. What is store in /usr/share? Application support & data files. Data files which is use to support the application, is store in this directory. What files? Suppose we use dub in Linux. Use dub or any other software that requires a file. Dub needs a wordlist. Similarly, we will have many tools that need files. Their data files are stored in /usr/share. Next directory is, /home directory. What is store in /home directory. Personal directories of users. All the users that have been created, all the guest users, all of them have personal directories. Like /home, /wscubetech, /desktop, /downloads. All these files are stored in the home directory. Next directory is, /root directory. Because the directory of all guest users was being stored inside the /home directory. So our admin is inside the /root directory. Home directory of super user. The admin's home directory is /root. All the data which belongs to the admin user, is stored in the /root. So this was the basic Linux file system. Next we will understand basic Linux commands. Once we will understand them here and then we will do it practically. Here are some basic Linux commands. First is 'help'. As soon as we write help in the terminal, it will tell us the basic commands which are helpful for us. It will also tell what is it useful for. Next command 'man'. What does it do? It shows manual. If you write the name of the software after any command, it tells its manual, how to use it, what functions can be used with it and what output will it generate. What is manual? Tells us what work we can do, how to use it. 'Man' command, if I write the name of any command or software or function in front of it, then whatever information it has related to it, it will show its manual. 'ls' means list directory. Listing files. If I'm in a folder. For example: If we go to Windows, go to the download, you will see all those files-folders which you must have downloaded. If you go to Documents, you will see the documents or folders you have created. So if we want to see all these files and folders in terminal, then we use 'ls' command, which shows us all the files inside the directory in which we are. 'cd', Change Directory. That is, to move from one directory to another. That is, going from the folder of Downloads to Desktop folder, from Desktop folder to the folder of Documents. When we move from one folder to another, we move with the help of 'cd'. In the terminal write the location after 'cd' where we want to go. So we reach directly from our current location to the location which we mention next to 'cd'. 'pwd'. We talked about location, we are going from one directory to another directory. So 'pwd' helps us where we are currently active, and what is the location of the place where we are working. Like if I am in the downloads folder. If you're running Windows, and you're in the downloads folder, you'll see the download location. That is, inside the 'c' drive, in any folder, there is a folder named downloads inside any folder, you can see it. But when we use the terminal, then we can see by writing 'pwd' what is our current directory i.e. what is the location of the directory we are on. In home, root and where is it lying inside that. next is, 'dir'. Directory. It works exactly like 'ls'. Like 'ls' we see all the files-folders inside the directory. The same way 'dir' works. 'dir' gets run in 'cmd' 'ls' won't run in 'cmd'. 'dir' also works in the command prompt of Windows. 'mkdir', make-directory. When we have to create folder then we use 'mkdir'. If you write the name of any folder after 'mkdir', then a folder with that name will be created at the same place. 'cp', copy. We know the meaning of copy. Moving any files and folders from one place to another. Means that file is kept at this place, to create the same file in other place also, is called as 'copy'. Which is used in Linux by typing 'cp' in the terminal. Move, 'mv'. To move any file from one place to another. Remove it from here and keep it in another place. To pick any one file from the terminal and keep it in some other place, then we use 'mv' command. Where we have to give the command and the name of the file to be moved next to it, the place where we want to move, both commands have to be given which we will see practically. 'rn', remove. To delete any file, 'rn' command is used. Next is 'sudo su', sudo super user. What does it do? It gives us root privileges. If we see in Windows, in Windows we install an application, then it asks us for Yes or No administration permission. Similarly, we do it in the terminal. As soon as we give 'sudo su', it asks us for the password for root privileges. As soon as we give the password, it gives us root privileges. That is, we can now execute any file. Some commands could not run by normal user, we can run that command. 'sudo su' will give us root privileges. What does 'cat' do? 'cat' will print the contents inside the file. If I have any file. I have created a file named Ashish. I created a file named Wscubetech. Whatever content is written inside a text file or a file of any format. as soon as I write the name of that file after 'cat', will show all the content of that file on the terminal. 'nano', is a file editor tool of Linux, inside which we can edit the file. You can modify the data of the files. To use 'Nano', the commands have to be used more. Ctrl+x, ctrl+s, with similar commands we can do all the work in 'nano'. Then 'gedit'. 'gedit' is similar to 'Notepad'. Just like our Windows operating system has Notepad, here we have gedit which gives us the function to edit the file graphically. All the options are available there. We do not need to see any command here. So 'gedit' is useful for file editing and file creation. 'chmod'. Now that we are discussed about the file, let's understand some other things. What is 'file'? The file has some permissions, let's understand about it. What does 'Chmod' do? Execute any file or gives or takes permission of any kind. So what is permission? Let's discuss. Suppose we have created a file name 'wscubetech.txt'. So we created a file named 'wsc.text' Inside this file we wrote echo "hi". What is Echo? This is a command to print, but right now it is just a text. As soon as I wrote it, saved it and closed it. So when I saved it and closed it. A file has 3 permissions. But by-default this had only two permissions. Read & write. What are the 3 permissions that a file should have? Read, write & execute. A file has 3 permissions, i.e, read, write & execute. We can read, modify & run that file. The program which will be written in that file will be executed. A file can have 3 permissions file. But when we saved a file by by-default then we saw that a file has only read & write permissions. We can read & change it but cannot execute it, cannot run that program. This means that it is currently working as text, it will not execute. But if I want to execute this file then in that case this file must have execute permission. So here comes 'Chmod' to help me. 'chmod' is a command that changes a mode. It will add or remove the permission. Suppose it does not have executable permission and I want to execute it. So I'll give it permission. How will I give? chmod+x wsc.txt (file name) As soon as I run this command, i.e, chmod+x (excutable permission) wsc.txt (file name) After running this command, I will be able to see here that this file also has permission to execute. A file has 3 permissions. 'Chmod' works to give or take permission to the file. Next is, './ ' command. When I gave executable permissions to the file, how do I run it? I can execute any file using './ ' command. I can execute any file using 'bash' command. What does 'apt-get update' do? Let's Understand, Let's take an example of Android. We have playstore in our android. There are different applications in playstore. When we update, all the applications get updated. But here 'apt-get update' doesn't mean that. Suppose we have updated our playstore. The version of our playstore application was 14.1. When we updated it, the version becomes 14.2. It means that we updated the application of playstore. All the applications installed in mobile, were not updated. 'apt-get update' does the same thing. 'apt-get updates' updates the URLs of all the repository files. It is updating the playstore of Linux so that whatever software we are updating can be done easily. If we are downloading new software then that too should be downloaded easily. What will 'apt-get update' do? It will update all the repository files so that there is no problem in the installation or update of any software. Next is 'apt-get upgrade'. This command, is used to update all the installed tools in the Linux machine. When we perform update all apps in playstore, that is 'apt-get upgrade'. Next is, 'apt-get install gedit'. What 'apt-get install gedit' does? It is used to download and install any software. If I want to install tools named 'gedit' then I will write 'apt-get install gedit'. If I want to do anything else I will write 'apt-get install notepad'. In the same way, whatever tool I write, it is searched through the repository and later that tool is installed. Just now we read about Linux, saw some of its commands. Let us practice it and see, how they perform and what is the output. I'm starting. First of all, open the terminal. I zoom the terminal a bit, and open the commands that were there so that all the commands can be practiced. 'man'. what does 'man' do? It shows the manual write any command 'man' 'ls'. I want to check the manual of 'ls' command. Over here it is telling me the manual for 'ls'. What does it do? What is the function of 'ls' that can be used and what will it perform. After seeing this, the 'Q' below is showing for Quit. I will quit it. Next command is 'cd' & 'ls' both. What does 'cd' do? 'cd' does change directory. Moves folders from one folder to another. I got into a folder. I typed 'ls' and saw which file-folders are stored in the folder, as soon as I enter the address, I can see here, Desktop, Documents, Downloads. There are 3 folders. What was 'cd' doing? Jumping from one folder to another. If I want to go to the downloads folder & see what is stored there. What will I do? 'cd Downloads'and Enter. Look here, downloads folder has come here after wscubetech. That means now I am inside the downloads folder. what is my directory? Downloads folder. What is inside the download folder. Inside the download folder, we are able to see that there are two folders named Ashish & Tester & file named test. If I want to see my location, my current location. So I will write 'pwd' command. What does 'pwd' command do? Print working directory. It will tell what is the location of the directory. Inside the home, inside the hackisthan, inside the wscubetech, which is in the directory named downloads. Next command is 'dir'. 'Dir' acts like 'ls'. When I type 'dir' and enter, it will show the file-folders that are stored in the directory. What will the 'mkdir' do? 'mkdir' will create a folder. You can create a folder with any name. So let's create a folder named 'Test2'. Did 'ls' and see if that folder is showing here or not. You see here a folder named 'Test 2' is visible. If you have to go inside this folder then 'cd Test2'. Look here, we are in the directory of 'Test 2'. If the directory is to be checked then 'pwd'. Well you must have seen above /wscubetech/downloads/test2. By typing 'pwd' we can see that our current directory, or the directory in which I am working, is 'test2'. What will the 'cp' do after this? 'Cp' will copy anything, any file-folder from one place to another. So, let's use it. I am taking a step-back. I have two options to come back. First of all, in whichever directory I want to go, I should write the proper location of it. That is, I have to go back in download folder,I write the whole directory, /home/hackisthan/wscubetech/downloads. or else I type 'cd ..' and enter. I am comimg back in directory. I have come back to a directory. So I'll try 'ls' to see if I am able to see all the files-folders now or not. All those files & folders are visible. So why not copy any file. So we copy the test file and put it in the folder named test2. Now look, there are two options in this too, either I can go to the directory named test2 and go inside it & see if the file is there or not. Or I just have to check whether the file has reached the folder or not, so I will directly write the name of that directory near 'ls'. Test2. That is, the listing of all files & folders which are in the test2 folder, i.e, show me the number of files and folders inside test2. And as soon as I entered, a file named test is available. Next command is, 'move'. Move means to move from one place to another. File will placed from one place to another. How will it happen? 'cd Test2'. Where to move this? I take a step back. 'cd downloads'. Here the file named test was moved to the folder named tester. The test file has to be moved. where to do it? In a folder named tester. Now, the file named test has been moved to the folder named tester. Let's see by 'ls', has it moved from here? Yes it is removed. You can see the test file which was showing earlier, it is not visible. Has it reached the tester? 'ls Tester'. The file named test has been reached inside the tester. What is the next command? Remove. Removing a file completely or deleting it. rm My current directory does not contain test file. Where is the file named test? in tester. went to the tester by doing "cd tester". There is a file store named test. Since this file named test is also stored in test2, why not remove it. It is of no use now. 'mv rm test'. Will remove it through 'rm test'. We can check that file is not there now. The file has been deleted from here. Next command is 'sudo su'. What is 'sudo su'? It gives us root privileges, as we discussed. So let's see where root privileges are needed and how it will work? If I write command. Will also check 'apt-get updates' here. 'apt-get update'. What does this command do? As I told you by giving an example, it is updating the playstore. That is, it will update the URLs of the repository file here. I run this update. But it is saying here you do not have permission. Look here 'Permission denied'. This can only be done by an administrator. download, install or update any software can only be done by admin. Let's an administration permission or root privileges should be given to it. 'sudo su'. It will ask for my password. Now I can see that # is made here. Earlier, there was $ here it meant normal user. Now red color # is showing, it means I am root user. Now if I run the command, 'apt-get update' & enter. So, here you can see all the URLs are there, it is updating them. Updating the repository file so that the software that I install gets updated. I am closing this by ctrl+C, because I will not do it now. If we press Ctrl+C inside the Linux terminal, it will be closed. Ctrl+C doesn't work as copy here. Ctrl+Shift+C is pressed for copy. Remember. To paste, use Ctrl+Shift+V. Next command is, './' & 'bash'. What does it do? What does 'apt-get update' & 'apt-get install gedit' do? What will 'apt-get upgrade' do? It will update all the software installed in Linux and Ubuntu. So let's see it by running it. 'apt-get upgrade'. It is asking me for a permission in yes or no, and it needs download 1517 MBs of data. If I am updating the file, it will have 1,517 MB data. So it is telling me whether you want to do it or not? If yes, then the upgrade will start. But if I do not want to update then I will deny it. This process has just stopped. It is necessary to upgrade because all the software in your computer all the applications of the Linux machine gets updated. Next command is, apt-get install. I can install any particular tool. gedit is an editor, so we install it. It is already installed in my system, so it won't install. But as soon as you write apt-get install gedit. It will ask you yes or no. If you write 'Y' and press enter, it will install it. It is asking from me too. Great. There are some repository files-pluggings that it wants to update. So this is what it is doing. I have given 'Yes' permission. You are able to see how it is installing. It is 80% done. It will take a little more time then it will install. Next command is './' & 'bash'. What does it do? It runs and executes a file. Before that we have to check whether that file has executable permission. Who would tell us? 'chmod'. 'chmod' will tell us if that file has permissions. If not, then we will give permission to file through 'chmod'. It is installing packages. Open a new tab. Back to previous directory. I'll zoom in a bit. Now, we are on the directory named test2 where we have copied the file named test. Something is written inside this file, let's see what is there. 'cat' prints the contents inside the file. 'cat test'. We have to see the content of the file named test, here on the output in terminal. Look, here there is a line written- echo "Ashish". This is a program that will print 'Ashish' What will echo do? I want to execute this file, not read. Before that, I have to see what permissions this file has. For that I will write- ls -l, & press enter. So when is the file named test created for this file, which user has it and what are its permissions. Read, write, execute. It has all three permissions. If I don't want it to execute or have executable permissions, we can take permission from it as well. If 'Chmod' can give permission to someone, then it can also take it. How will that happen? When we write 'Chmod + x/w/r/wxr'. Write anything. Let's see what I can write here. When I type '+x' and the name of the file, it gets executable permission. But if I write '-x', so I will take permission from that file. I will write '+x' then, I will take executable permission, I will write '+r', then I will take read permission & '+w', then I will take write permission. let's see once. Let's see by doing 'ls -l', whether it has a permission or not. Now you can see that it only have read & write permissions, executable permission is not showing. Again, we provide permission to it so that we can execute it. we will not write 'chmod -x' , it will be '+x'. & Same, file name. 'ls -l'. So, it told me that now it has read, write & execute, all three permissions. So I can execute it. I can execute in two ways, './ ' & 'bash' command. let's run './ '. './ ' file name. There is no space here you can see. When I write the ./ & name of the file here and press enter, only 'Ashish' is being printed. The test which was 'echo' is not printing, only 'Ashish' is getting printed i.e. this program is running. Run it with 'bash'. 'bash test' & enter. Still only 'Ashish' is printing, 'echo' is not getting printed. So these are some basic Linux commands that will be used. The first video of 'Setting Up Lab' which is 'Installing Kali Linux in Virtual Box'. So what are we going to learn here today. Today we will learn how to install Kali Linux. Kali Linux can be installed in two ways. First, install directly in computer & second, install in a virtual box. What is Virtual Box? Virtual Box creates such a storage, like some softwares, like how we work in cloud, it also works like that. This creates a storage system locally, where everything runs virtually. So, in this we can run many operating systems simultaneously inside any one operating system. If I have downloaded the virtual box software in Windows operating system. So I can install more operating system inside that virtual box software. So, today we will install Kali Linux in this way. There are two ways to install Kali Linux in a Virtual Box. Let's get started. First of all we will open browser. Here, we are going to download 3 things. First of all Virtual Box which is our 'Vmware Workstation' software. The second thing is the ISO file of Kali Linux. The third one is the virtual box of Kali Linux itself, which is already made, which we will get on its official site. We will download these three things. First of all download 'vmware Workstation' So we will write on Google 'vmware Workstation' & enter. Here it's official site at top result. We will go in it and after going here and scrolling down, we will see the download option. So here we are able to see - Try Workstation 16 Pro, is a professional & latest version. We will download 'Try'. After that, we will activate it through the serial key. Click on 'Download for Windows' if you are downloading for Windows click on 'Download for Linux' if you are downloading for Linux. So we are downloading Virtual Box in Windows operating system, we will click on 'Download'. & Download has started here below. I am closing it here because I already have this file downloaded. So now download the another file. Now, we have to download the ISO file of Kali Linux. For that, we will go to the site of Kali Linux, go to downloads. There are different versions and operating systems of Kali Linux, which will work differently. They are visible all over here. There is installer, live & netinstaller. Installer file is required. Either you can download it from torrent or you can download it directly from the browser. The first file we need to download is this. then let's download it. Download is started on click. I am canceling it because it is already downloaded. The next file that we have to download is the Kali Linux virtual machine file, which is available on its official site. So we will go to virtual machine of Offensive Security. With the help of that URL, we can download the virtual machine file of Kali Linux from here. It has two files, 62bit & 32bit. If your operating system is 32 bit, you should download 32 bit file, if your operating system is 64 bit, then you should download 64 bit file. Mine is 64 bit, so I'll click on it. This download will start. So the download has started, there is a download file of 2.4 Gb. I am cancelling this because it is also downloaded in my system. After downloading these three files, our process will start, in which we will install Kali Linux inside Virtual Box. There are two ways to install Kali Linux. First, I follow the complete manual process to install Kali Linux. I am saying that inside of Virtual Box. There are two ways to install Kali Linux. First, I follow the complete manual process. Second, the virtual machine that I installed from the official site of Kali Linux, import the same virtual machine there. So let's see these two options. If you double click on the virtual machine that you had downloaded, then the process is easy. Only you have to tap on next. It will install. Let's see. So here is the vmware workstation, we are starting the installation process. After that I will close because I have already installed. We will click on 'next'. Because I have already installed, it is asking me do you want to repair? Currently, I am cancelling it. You have to click on 'next', & follow the procedure then finish it. As soon as you finish, the icon of Virtual Box will appear. As soon as you double click it will ask you for serial key. Let me tell you about the serial key. You have to go to the site. You have to go to Google and write 'vmware 16', which was our version. Write 'VmWare 16 Pro' and enter. Click on the first URL and link that is there, and you will find its serial key. By copying any one serial key and applying it, your software 'Vmware' will be activated. Where 'Vmware' is asking for serial key, submit it. Virtual Box will be activated. Your 'vmware' work station will look like this. The options that are visible, it is coming through this tab. If they are not visible, then as soon as you click here, it will start appearing here. Next, you have 3 options showing- create a new virtual machine, open a virtual machine & connect to a remote server. At present, we are going to install here from two ways. The first method was which is very easy. In which we have to import the virtual machine file which is the virtual box of Kali Linux. Open Virtual Machine. We will not create, just open. Select that downloaded file. You will have to extract the file that you will download. By-default zip file will appear. You can see it. I have to import the 'vmx' file here. So I will click on it and click on Open. Here you can see that Kali machine or Virtual Box has been imported. All we have to do is click on Power on the sources machine. Before that, if you have to change some of its settings, then you can. Click on Edit Virtual Machine Settings. You can see how much RAM it is providing, how much hard disk is it providing. We will increase the RAM a bit because my system has 8 GB RAM I can provide it 4-5 GB of RAM. We will not do anything to the processor. In the processor, give 1 to the core-processor. The hard disk drive is 80 GB manual. Minimum 80 GB is enough. We will not do anything in the network adapter. USB controller. There is one option is tick here - show all USB input devices. If you want the system or pendrive connected to the computer to be shown in your virtual box, then only you will tick 'Show all USB input devices'. If you do not want any device to be able to connect, then unmark it. Sound-cart is fine by default, you don't have to do anything. The display is perfect, you don't have to do anything with it. Just press OK. Since all the settings have been updated, click on the Power on this virtual machine. As soon as you click on the Power on this virtual machine, this will start the virtual machine directly. You do not need any installation. One more thing to keep in mind that as soon as you start it, its id-password is gven in the description. It's ID is Kali & password is also 'Kali'. As soon as Id and password are asked, we will enter 'Kali' only. We have downloaded the virtual box of Kali machine from the official site of Kali. Its default username-password is 'kali'. So we are logging in. Here the Kali machine has been installed. We didn't have to work too hard. But we can also change its ID password that we will see later. If you want to manually install Kali Linux inside Virtual Box. So, now we will follow that process. How can we do that? I will perform power off here. We will click on Create a Virtual Machine. On clicking this option, the opened tab in front of us, on which it is written that select the recommended option. Select the option that is being recommended. Here we will select the ISO file. We will tick the ISO file that 'Install Disk Image File' is asking for, and then go to browse and download the Kali Linux file that we just downloaded. Go to the location of downloaded file, you will select that file, which is here in downloads. This is the Kali Linux installer that I just downloaded. We will select the file then click on Next. Here, it is asking us about operating system or virtual box we are installing, it is of which operating system, what is its version? Go to Linux because you will not find Kali Linux written here, so what will we do, if your system is 64 bit in Linux, then we will select 64 bit. Otherwise select the normal kernel. I am selecting 'other Linux 5.x and later kernel 64- bit'. If you do not have 5.x being written, only 3.x there, even then you can select the 64 bit version, you will not have any issue. We will click on Next. Here it is asking us what to name the virtual box and the machine that we are creating. we name it- wscube. Asking for its location. Where do we want to create this Virtual Box? Suppose you have given 80 GB or 100 GB of storage to your virtual box. If you have to provided 100 GB of storage, you have to keep it on a disk where 100 GBs are free. But even if 100 GBs are filled, then it should not make any difference to your system. If you put in C drive which is selected by default, then your C drive will fill up quickly and your Windows system will hang. In that case, you can install in any directory according to your need. Here, we will click on Browse, whichever location seems right, you can install it. Currently, I am installing it in C drive. Let's click on Next. And here it is asking us how much storage we want to give to the virtual disk that we are creating. I will recommend you at least 80 GB. Because we are going to install more tools then minimum 80 GB will be required. You can give 100-150 GB more than that. The option above- store virtual disc as a single file, I'll check mark it. I do not want to create separate files of this virtual machine as whenever any file is accidentally deleted, it will show me an error. I'll checklist the store virtual disc as a single file, all the files will be compressed in a single file installed. Next, it is asking me to customize hardware, I'll checklist. I will set the customization correctly. Like RAM, I have 8 GB RAM, I can provide it up to 5 GB. I am providing it 4.5. By default process is right. The network adapter has to be net only. USB controllers, as I told, you are putting USB pluggin, pendrive or any cd drive if you want it to be visible in the Kali machine only then you need to tick this option. If you don't want any external device to connect to your Virtual Box, don't tick this option. So I'm not doing it because I don't need it. If you want a printer otherwise, display settings are correct. I will close and finish it. You can see here that a tab named Wscube has been added, which is of our Kali machine, we have made Virtual Box currently. Next comes the process of its installation. At present, Virtual Box has just been created, now we will install it. It is showing us that it is Graphically Installed. Showing installed, showing advanced options and some more options. We will click on the graphical install so that we can install graphically easily. If we click on second option install, So we have to install it through command line. Advanced option is showing in third options, after going to that option, if I am facing any problem in installation or it is corrupt, then it will help us to restore it. There are some other options like this is an automated install, It will install automatically. There are a few different functions like that. Take a back step. I will go to the graphical install. In language, I will select English language and in country, India. Keyboard language which is by-default American English, is correct. Here this installation is reading the media and downloading the files and whatever files-libraries are needed in this installation. What is Detect Network Hardware doing? Wherever the net is turned on, whether it is an ethernet cable or a wifi stick. It is configuring and connecting to the net through it, so that it can easily download the software. It is important to note that here it is asking me the name of the host. You have to keep in mind that by-default Kali will be there. But never keep it Kali by default. Because when we are scanning a system, then this host name is recorded in its logs file. If we do not want anyone to see us or to be found easily, if you want to remain anonymous, then in that case do not write Kali here and write Windows. Even if our log files are being recorded, Kali host names or operating systems is not visible. It won't show 'Kali', it will show Windows. People who come under doubt, Suppose someone has committed a crime i.e. some cyber has been attacked. What will cyber law people do? They will read the logs file. And when they will read the logs file, then they will try to find such terms that are related to hacking or ethical hacking. As it would have been written 'Kali'. They will come to know that 'Kali' is one such operating system which is more used for hacking operations, then the person will come under doubt and after doing queries, it can be found whether this person is culprit or not. So, here we will write Windows. These are points of being anonymous that everybody won't tell you. It is best to keep the host name as Windows. Then Continue. The domain name is asking us, we will keep it like this. Click on Next. Here it is asking us for the username, so we keep the Wscube as its username. And asking for the password, then I will enter the password. All the devices, disc or partitions I have made, it will read them all. It will ask me where I want to do the installation. We have 4 options showing here: guided- use entire disk, guided- use entire disk and set up LVM, guided- use entire disk and set up encrypted LVM, and manual. The third option helps in providing encryption. If we want the Kali Linux install to be encrypted, so we can do that too. This is a good option, we should do it. Right now, I'm not doing it. Another option is manual, this will be useful when we are installing Kali Linux in the system, not installing in Virtual Box. This will be our next video. in which, we will see how to install Kali Linux in our system. Then, we will use the manual option. At the moment we have only one partition, only one virtual hard disk we have created. We want Kali Linux to be installed in it, so we will use Guided: use entire disk, i.e., the entire disk we have created of 80GB, should have Kali Linux installed. Then continue, Here this is showing about virtual hard disk was created. Select then continue. Three more options are showing. 'All files in 1 partition' means what do you want? All the files are stored in the one partition or it should be in a separate partition which we have to set. We will select the recommend option. You can see, we had a virtual hard disk in which the partition has been created automatically, which is necessary in the installation of Kali Linux. After that, we have to finish this. 'Finished partition and write changes to disk'. We will go with this. It is asking us here that do you want to make changes to the disc? Do you want to write what what you have changed? Shall we start this process? Yes. So, now our virtual hard disk that was created, it gets formatted, and then gets written on there. First, it will be the format, Now, all the libraries and software are there, gradually the process of their installation will start. Here, it is installing all the libraries. This process will take time, so I'll skip it for a while. The options that are highlighted here are asking that which environment do you want to install Kali Linux with? And which softwares do you want to install? by default Kali Linux comes with 'xfce (Kali's default desktop environment)'. But I will recommend you to install 'GNOME'. because it is very user-friendly and works very well in it. We'll checklist the GNOME. The top 10 tools that are written here, you can install it if you want. But I won't. We are going to watch some more videos in setting-up labs, where we will install the tools according to demand. I'm unticking it, but if you want you can tick and then continue. It will install on the basis of all the tools we have selected. Here it is asking- Install the GRUB boot loader. Whether to add GRUB boot loader or not. We will add so that our booting becomes easier. It is asking the name of the partition on which we have installed Kali. We will select that and continue. The finishing touches are being given here, libraries are being updated, views are being added. All this work is being done here. Installation is about to complete. The installation is complete, just continue, then by giving the finishing touches it will reboot. You are able to see that our operating system has been installed. Lets start it. The ID password that we had kept earlier, we will write it here. Here is our username. Enter the password, that we kept. Here our Kali Linux is completely installed. You can see it has started. Installing hacking scripts, tools and wordlists. Here we will work on the tools, scripts, wordlist & configuration of Kali Linux. Let's see what we are going to learn. Today, we will configure Linux, install Discover tool, download Wordlist & install Burp Suite. This is our job today. We are going to do 4 things practically. Let's start our first process which is Configuring Linux, we will set the setting here. Let's start wmware workstation. Here, as soon as I click on this bar, whatever my virtual machine was, it will appear. So, last time we installed Kali Linux by the name of WsCube Tech then let's start it, power on this virtual machine. Here, our Kali Linux has started. Our job is to configure it means to do some setting in it so that we do not face any problem in future. We give all these configurations. First of all, we will open the terminal. Here our terminal is started. The first thing to do is give this root permission, write the password. We have got root permission, you can see the sign of '#' has came instead of '$'. Meaning, now we are a root user. First of all, we have to run the command 'apt-get update'. Before that, what does 'apt-get update' do? 'apt-get update' updates the source list in which considere an example that it was updating the playstore, it is not updating the apps inside the playstore. Once we check the source list, what is in it, if there is any configuration error in it, then we will solve it. So let's go to the directory of the source list, i.e, cd/etc/apt. Our source list is kept inside the 'apt' directory because we need to update the source list of 'apt'. We will type 'ls' so here you see all the files. The file we have to edit is, source.list. So we will write: gedit source.list & enter. As soon as we enter the gedit source.list, then gedit opened that file in notepad format, so that if we want to make some changes in it, then we can do it. If it wants to read, then it can. All the URLs after the hashtag or whatever things are there, they are all commented. Because if anything is written after the hashtag, then it is called a comment. But here, a URL, a link of the sourcelist, is open. What should happen, both should be open, you can see below it should also be open. So we will remove the hashtag from here, save it with Ctrl+S or you can save it from here also and close it. Now, our source list is absolutely correct. Two URLs that should be there. The two URLs that should be there are two source list files inside it. So we will run the command 'apt-get update'. 'apt-get update' then enter. I'm zooming it. The update is doing its work, updating all URLs and repository files. So here you can see that 'apt-get update' is doing its work. The repository file has been updated. Our job is to do 'apt-get updates', all the software installed gets updated. This is neccessary, doing this will make easier to do many things, the work will be done well. Do 'apt-get upgrade' once. Here it is asking whether you will do yes or no means whether you want to upgrade or continue it or not. It is telling how many size archives it will download. Here I am doing yes because I want to upgrade. All the tools, libraries, packages that are there in Kali Linux will all be upgraded. As soon as the 'apt-get upgrade' command has finished its work, it'll update everything properly. This is the tip, if for whatever reason some hurdle comes after doing 'upt-get upgrade' command So your upgrade command stops, then you have to do nothing, just run it back, so it starts from the same place where it stopped. Let's say 60% of your download is done and it stops in between then as soon as you run 'apt-get upgrade' command, it will start back. So it's upgraded. System update & upgrade is complete. Now our job is to install Discover Tools, what does it do, that we will discuss later. To install Discover Tools, we have to go to the browser and write - Discover GitHub. Whatever we will install for Linux, we will do it from GitHub itself. Click on the first URL. What you can see in front are the files of Discover. You have to install this. First you have to download for that. If you see below, it will show you the installation process, how to download after that how to install it. The update.sh file has to be run and then the discover file has to be run. First of all we will download it. I am going to click on this code, then we will get its url of GitHub. We will copy it from here. After copying, we will go to the terminal and here we will go to that folder, we would like that whatever we are doing in this folder, it should be downloaded there. So using 'cd' will go to the download folders. There are two files here, Burpsuit & Torghost, I will tell about it now. So now we download the 'git clone'. You have to paste the URL after typing 'git clone'. It will start cloning i.e. it will download the files which were there at URL. It has downloaded. Let's take a look by using 'ls' You can see that a folder named Discover has been created, inside which all those files are here. I will write 'cd discover'. 2:06:44.590,2:06:51.800 Here all the files are listed that we saw there on the GitHub page. So what we have to do is we have to run the update.sh file. We will write: update.sh As soon as you enter, whatever programming was there in the update.sh file, whatever files it had to download, discover packages, all those work will start here. You can see that it has started its process. It will first upgrade Kali and then download all the discover tools or script or packages. Discover is installed. We just have to run this Discover. So for that we will use 'ls'. So you can see here that we are getting Discover.sh file. So we'll copy this file by Ctrl+C and run it by doing ./, after ctrl+v. './ ' and as soon as we enter the name of the file, this file will run and here it is asking us how we can do the scanning. Discover has been installed here. Next we have to install wordlist. Such a wordlist in which we can get everything. A lot of our things will become easy because of the wordlist. This is a group of wordlist ie there are different folders in it, they will download which is very helpful for us. Its name is Seclist Master. So we'll go to GitHub and search for Seclist master and press enter. So you can see the GitHub Seclist is visible. We will go in it. Here you can see discovering, fuzzing. Wordlist will be availed related to everything. For example, if someone's password is leaked, it will also be found here. This wordlist is helpful so we'll download it. We'll copy the GitHub link and then go to our terminal. I will close with Ctrl+C. One thing to keep in mind is that the file-wordlist we are downloading, we will download it in the document folders. For that I will take a step back. One more step back. Now, I am in WsCube Tech. If I do 'ls' then I can see here that here is the download-desktop all the folders. I would do 'cd desktop and documents'. Here, I will write the git clone command 'git clone' and paste the URL. Seclist has been downloaded here and cloning is happening. Whatever files were visible on upgrade, all those files will be downloaded, after that we will use them in future. As long as this download is happening, let's discuss about Discovery. Discovery is a tool that helps us in gathering information. It is a part of footprinting & reconnaissance it helps us in that. Discover helps in every 3rd party source, every type of source. It gathers the information. It performs DNS testing, it does everything. By performing DNS testing, DNS lookup, using API of each area, it gathers information at give it to us. It works by taking 'reconeyez' together and at the same time some other encryption is used, so the information that comes to us would be much more. Discover is a very helpful tool for us in information gathering. That's why we installed Discover. In Seclist, we saw that we will get all kinds of wordlists. Now we will download 'Burpsuite'. I will provide you the URL to download 'BurpSuite' which is from Burpsuite Professional, along with it there are some files which will help in connecting with it. I have bookmarked it and I will share the link with you. First of all you have to download BurpSuite. I am downloading this. I will click on 'Download Anyway'. I have this already download, you have to download this file. Then go to the terminal, give root permissions. Then you have to go to the folder of downloads because whatever files you download are stored in the downloads folder. Then 'cd download'. If you do 'ls', then 'Burpsuite' is zipped and stored here. If you want to unzip it then you have to type 'unzip' then the name of the file. If you do 'ls', a folder named 'burpsuite' has been created here, that is, the file has been unzipped, now we will go in that. You can see that 4 files are stored. This is the professional version of Burpsuite, we have to run it, install it. Before doing all this, we have to crack it too. So to do that, we have to follow the process. We have to run ESEdition.jar file. Because it is java file, to run it, we will write - 'java', it's extension '-jar' & file name Also, we will also mention that we will put 'no verify' option inside 'java -jar' so that it does not ask for verification. So we will write 'java- noverify jar' & press enter. 'Esc' addition will help crack BurpSuite. We have run 'esc'. Here we have to check if our version of Java, i.e, installed in Kali Linux, is it compatible with burpsuit? To check, we will click on the Run button. To check, we will click on the Run button, and check whether clicking on this run button will start BurpSuite? If this happens then our burpsuite will be cracked. Let us click on run & wait. After clicking on run, there is no response, nothing is happening. In this case, and we have not detected the error yet, so to see the error, first of all we close the file. Here you'll run the BurpSuite file. Whose name was 'Burpsuite Pro', which was the jar file. We will run it. You can see that the Java version is 11.0.11. Here it is showing below that if it is not tested in the old version of burpsuit pro, it will not perform well. What shall we do? We have to download the old version of Java like 8 and then run on it. We have to download old version of java. We close this. Ctrl+C will close a process. Now lets see, how many versions of Java are installed in the system. Write a command- 'update-alternatives --config java'. Here you can see that there is no version here. No alternative of java. Any version of Java is not available. Our first task is to download any version of Java. If the 8 version of Java is compatible, then we will download it. To download it, we will go to the browser. Here we will write 'Java jdk8' We will come to the Open Logics website. And here is showing all the versions and files of Java. We need version 8 and what's going on here is version 11. Here is the 8th version. We need 8 version JDK. We will get the JDK file here. We need the JDK file Linux 64. Here we will download the .deb file. I will save the file. After saving the download will start. The download will be done in the download folder itself. Let's go back to our terminal. Our current directory is BurpSuite. You can also check by typing 'pwd'. Current directory is our BurpSuite. We will come back by writing 'cd..'. Do 'ls'. Here we can see that the open logistic file 'open.jdk' is visible here. We have to install this file. How will you install? Here we will write 'dpcg -i'. 'i' for installation then name of that file and Enter. As soon as we enter, it will install the deb file. Jdk file has been downloaded. Our last command was in which we were checking or selecting the version of Java, we will run it back. 'update-alternatives'. With the upper arrow, you can go to the last command written. We have arrows, Up & Down, from there you press the upper arrow then it is showing the last command. Apart from that we can also check by writing 'history' command, which we will see. Here we will run 'update-alternatives --config java'. Here it is showing 3 options, whichever option I select that version of Java will be used. The last option here is our number 2, here the hotspot file of jdk8, will run it. We will type 2 and press Enter. This file will be selected. Let's run once and see. Showing '*' before it means this file is selected. We will enter again. We will run the 'ESEdition' file again. Check by writing 'ls'. Right now we are outside the Burpsuite directory, we will go inside Burpsuite. Here 'ESEdition' will run the file. 'java -noverify -jar ESEdition.jar'. This file is running. Now as soon as I click on the run button, Burpsuite will start at the same time i.e. this file is working well. Burpsuite will start, now we will crack it so that it can be easily installed. Let me tell you one thing that new versions of Burpsuite came, we have taken the old & professional versions because in the new versions, we are not getting the spider option, all the good options. Because of this we will install the old version so that spiderlink which is very important function, plays important role inside testing in ethical hacking. That's why we are taking the old version. I would recommend you do not use the new version. So we are accepting. Here's asking for a license from us. Key that you are seeing here, we will copy it by 'Ctrl+A' 'Ctrl+C'. and paste it here 'Ctrl+V'. The next. Then click on manual activation and copy the code and paste it here. The last code generated here, we will paste this activation code here. Click on next. We can see that our activation has been successful. BurpSuite is activated quite well. This is a one-time process, it has to be activated only once. After that you will run it directly. The file is provided here to run. Once I start it with 'Start Burp'. It also becomes very effective. Burpsuite is a tool that can intercept and modify any request that is being sent to us on the website or domain. It provides us with good options, which makes website testing easy for us. So BurpSuite is a helpful tool for us. It helps a lot that we can do penetration testing of any website very easily. We are going to use it further, so we have installed it. Burpsuite has started. We will see it further that what are the options in it, how can we use it. Right now, I am closing it now. I am closing this file and tell you how to run it. As we are typing 'ls' you can see the new file is visible here- 'burpsuite.sh'. This is the file through which we can open BurpSuite all the time. Let's see once what is written in it. The command is written inside it, which was written near the run button. What is this command doing? It is running the burpsuite file. Whenever we come, we just have to write './burp.sh'. Burpsuite will start as soon as you click on it. Keep in mind that it has been activated in the root, whenever you are running Burpsuite, run it with root permission only. As '#' is showing I am rooted and I am starting BurpSuite with rooted permission only. You do the same. If you do in normal user, Then it will not work, will ask you for the activation code again because you had activated it in its root permission. Burpsuite is started so I am canceling it and closing it because our Burpsuite installation has been completed. I have brought a video for you where we will learn how we can do Complete Anonymous Settings in our computer & our Linux machine. In which we will change proxy, VPA, MAC address. So let's see what we are going to do. Configuring Proxy, configuring VPNs, it means we change it's settings. After that, changing MAC Address, after that we will make some program which will help to run these whole processes automatically. We will do Shell Programming, Shell Programming will help us, whatever we are making programs, that is, we are changing the VPN and MAC Address, it will help in work automatically. Let's start our video where we are going to learn, the first topic is how can we configure proxy i.e. how to apply proxy settings. First of all, we will open our terminal. We have opened the terminal. The first thing to check here is whether our host name is correct or not. This is the same host name that we were installing in Kali Linux then I told that it should never be named 'Kali', it should be named 'Windows'. Let me explain once again, I can also change it manually i.e. at the time of installation, the name 'Kali' was written on it, If you do not change the host name, then we can change it manually from here. This keeps us anonymous. That is, when we do scanning of any system, then the name of the host name on it will be Windows like a normal user. What we will do for that, first we will give root permissions and here we will write 'gedit', go to the 'etc' directory, inside it there is a file named host. We will go to the file named Hosts. Open the file, you can see that Windows is written here. So this is configured, 'Kali' is not written here. This is the first thing we had to check. We will save it again & close it. The next thing to do is to check the host. By typing 'host', we will press enter. Windows is written here too. Keep in mind that 'Kali' or any name is not appearing at any place which cannot help us to remain anonymous, which makes you easily visible. Here all the settings are correct. If not, then you can write Windows by removing 'Kali'. I'll save it and close it. Here is the host name and host have been saved. Now our job is to change the tor browser proxy or proxy which Kali has. To configure proxy change, first go to its file. 'cd /etc'. After going to the 'etc' directory, we will see if there is a proxychains.config file here. Here in my case the file 'proxychains4.config' is there, you can also have it with the name 'proxychain.config'. If your file named 'proxychains.config' is not found then you can on 'proxychains4.config' like I did. We will write 'gedit' then the name of the file and enter. The file has been opened. Now what we have to do, the last two options that we are seeing inside this file, proxy is added here. We will first go to the first option, and by default, this is strict_chains that will not contain #. and dynamic_chains will be commented. If you will see such file then you have to first comment out strict_chain and remove # which is already attached to dynamic_chain. The dynamic_key function will follow. We will scroll down. You can see here, the proxy list format is telling you how to add proxies. First of all, we will enter the protocol, after that the IP which is on the port and then if there is id-password then they will also enter. This is the method to add proxy. Here some proxy is added below, so we will manually add proxy. For that, we will go to the site, here we will go to the free proxy list or any site where the free proxy list is available. Many websites will be found like this. What do we have to do here? We select some proxies to test from lets say Thailand. We copy some proxies from here, then we will change them according to our own need. That's too much for now, and will paste it here in the last. First of all, we have to write their protocols here which is: HTTPS then Tab, The IP and port has come written. Further items are not required, so delete. Do the same thing in next too. First of all, its protocol has to be written. You can see that its protocol is also HTTP. After writing HTTP, we will press Tab. Further things are not required so will delete them. Whatever things we have written, we will set it according to the format. I set it as per the format. In this format, we can see that HTTP is written in capital letters, IP and port is written next. Id-password is not required yet, so we have not written Id-password. Save it. We will close it. We will try to run it. We will write 'proxychains curl' and URL. We will test whether the proxychains that are applied are working or not. Press enter. Here we can see that the IP which is visible, which was German IP, the proxy was already set, that IP is visible. and switching from one IP to another. Our proxies are working. All those IP are visible where we applied. By setting it with a proxy, it will show its output because there are many proxychains, will show the output of whomever it works with. This proxychain is working. I'll close it. In this way, we can apply manual proxy. If we apply by looking for the right proxy from the right site, then it is good for us. This was the way to apply proxy chain manually. Now we can make it more easy by using tools. There is a tool called 'ProxyGhost'. That means this is the script. We will definitely download it, it works very well, gives very good performance. Lets install it. We will type 'Tor Ghost GitHub' and press enter. Here you will get its URL. Ww will click on first option. You can see that the process of running it is also mentioned below its file. Firstly 'build.sh' has to be run. After that we can run our file automatically, python file. We will copy the code from here. Use the same process, first go to the download folder. I'll open a new tab. Here, I will give root permissions, and I will go to the downloads folder. Here I will write 'git clone' and paste the URL with Ctrl+V. As soon as you press enter 'Tor Ghost' will be downloaded. I have already downloaded it, you see a file named 'Tor Ghost'. As soon as you click enter, the 'Tor Ghost' file will be downloaded. If any issue comes, if your Git is not installed then you can easily run it using the command 'apt-update git'. I am canceling this. Now, we will go to the file of 'Tor Ghost'. So we will write: 'cd torghost'. Press Enter. Run 'ls' command. The first process is to run the build.sh file. Write 'build.sh'. Press Enter. Because I have already prepared it. Whatever files-software is required, it will complete the whole process. An error may appear in the middle of Python, there is no issue. You see an error may occur, you will ignore it. Now we will run this file directly, we will write 'Python 3'. That is, will run the 3rd version of Python. Here we will write the name of the file 'torghost.py'. Press Enter. We can see that as soon as it has started, some options are visible to use it. When '-s' is used, it means to start. '-x' to stop. These two options are more necessary for us. We use over here. -s is used for starting, as soon as we use '-s' & press enter, our system will set all the proxychains, will create its own configuration file. Now it has changed our IP. Current IP is showing something else. Let's go to 'Whats my IP' to see if the IP has been changed and what location it has it happened? So here we will write 'what's my IP' and press enter. Here you can see that it is showing the IP of Germany. It has set up proxy well. Proxy will keep changing here. It was Torghost who has been changing our proxy and IP address. It is also keeping us secure. Now we will talk about the next option which is the VPN i.e. VPN configuration. Who is better between VPN and proxy, who should be used and who should not? And if we can't use it, why can't we use it. We will see all these things. VPN is one such IP that will get allotted, we will use it but it is more vulnerable. VPN is less secure than proxylist. Why? Because there is vulnerability inside the VPN which we call 'dnsleak'. There is a vulnerability of "dns leak" inside the VPN, which can show our current VPN and a lot of information. Therefore it is recommended not to use the VPN. Let us see the manual process of the VPN, How we can change the VPN manually and how we can change it through any tool. To change manually, we will write here 'cd'. We will go to the "etc" directory and inside the "etc" directory we will go inside the "dhcp" directory. Type 'ls' to see what files are visible. Changes have to be made in the 'dhpsclient.config' files. You can configure VPN. For that, we will write 'gedit dhcpclient.config' Press Enter. The file has been opened. Here you have to search 'prepend'. You can see 'Prepend' domain name server is highlighted. What we have to do first is to remove its commenting '#' have to be removed. So that it doesn't remain a comment Similarly, we have to add the VPN where 'IP' is written. I paste it two or three times. It is recommended that even if you are using a VPN, then it should be changed at least 3 times. Here, we will add a VPN instead of this IP and save this. After this, if we use 'dhcp' service, then our VPN service will change. This was the use of the VPN. We do not recommend the VPN, because the proxy is more secure. The circle of proxy remains secure. It is difficult to track VPN that is why we use proxychains. Let us check the vulnerability of the VPN that how 'dns leak' occurs in the VPN. Here, I will add extension for VPN Services. When we add any extension in chrome, it is extension. If you add here, it is called 'Add-ons'. We will search for add-ons. As soon as you searched for add-ons, here you have come to Chrome Add-on store, Firefox Add-on store. Let's go to Firefox add-ons because our browser is Firefox. In Extensions, we can search for any extension. We need some extension of free VPN. I consider it right to take Betternet, so we'll write Betternet. So here it has come. We are adding VPN Betternet. OK! Got it! So here we have added an extension for the VPN. It is showing different option. I will activate the by-default option and connect. I will check IP. You can see my IP is changed, it's United States's IP, as I have set it. Now, my job is to see that in reality there are vulnerabilities in the VPN. I will go to a site 'dnsleaktest.com'. After going here, it will take my current IP. It will ask if you want to do any test on it. So we do a normal test run and see if there is a vulnerability in the VPN in reality or not. Write VPN test here. The panel of Astrill VPN leak test is visible. Let's start it. Here it is asking us whether you want to do a test run. Run standard test. Here it has started scanning. We go to see if we have found anything in dns leak. Here you can see, we did a normal test run in dns leak, its result has come out well. It hasn't given us any specific details. VPN we tested, we didn't find any vulnerability. Once we extend this test. Let's go to the leak test which we did here. Betternet is providing us a good VPN. It is providing us with proper vulnerability. Here it is showing that the IP that is switching is of the US. No personal IP is going. So there is no dns leak in this IP. If you are using any VPN, then do its dns leak test, is it vulnerable or not? Because in a lot of VPN,you will get the vulnerability of dns leak. With dns leak, we can reach the current location of any person. So this was today's session where we understood about 'dns leak' and 'VPN', and changed some configuration settings so that we can remain anonymous. Now there is another point in which we will change the MAC address. There will be 3 ways to identity the device. First is IP, second is MAC address, and third is the browser details goes while request the website. We are going to change these two things. First we changed IP through proxy and VPN, now we will change MAC address. How to change MAC address? If we are running wifi then its MAC address will be changed. Or if we are running the net from hardware cable ie Ethernet, then we will change its MAC address. Now I am connected to Ethernet, then let's see how the MAC address of Ethernet will be changed. For this, we will first give root permissions. After changing the root permissions, it is very easy to change the MAC address of Ethernet. First we will write 'ifconfig'. We can see that we are using Ethernet net. Here the IP of Ethernet is visible. Our net is running via ethernet and our MAC address is '8a 03 63'. This is its current MAC address. What do we have to do? The free install tool is 'MAC Address Changer' of MAC Address which is installed in our Kali Linux, it has to be run. So we will write 'macchanger --help' so that whatever commands are there, it is visible. We can see that its commands were shown, how and with which function it will work. The important thing for us is this, '-s' for show. '-e' for ending. i.e., to change the last three pairs of MAC address. Starting 3 pairs tell which company the MAC address belongs to. By not changing it, change the MAC address of the company to which it belongs, i.e, MAC address has 6 pairs of digits. Starting 3 pairs tell which company the MAC address belongs to like Apple, Microsoft, or Hp. The last 3 digits give the information of the device, which device it is. What are we doing? The last 3 digits are changing. i.e, if there is a computer of the HP, the MAC address of the HP will be shown. But it's device number is getting changed. That is, we are looking at some other device in the company. Similarly, if we change 3 digits of starting then we will see the device of other company. To understand this better, If I write this keyword 'L', then 'L' will provide me the list of vendor's MAC addresses. Write '-l' & press Enter. Here you can see that the starting MAC address is telling which company has the MAC address. Like it is from Intel. We can see the MAC address of all such companies which are registered and verified. You can switch your system in any company if the MAC address is tracked. First let's see my current MAC address. 'macchanger -s eth0'. Why did I write 'eth0' because the name of my interface was 'eth0'. The name of the net through which the ethernet was running was 'eth0' as seen in 'ifconfig'. Here my current MAC address is slightly changed. I just saw it by running it. And this is the permanent MAC address. What is the permanent MAC address? It never changes. As soon as the system is rebooted, our by default MAC address will be visible at the same time. So the permanent MAC address never changes. If I write 'macchange -e' & request to change the ending MAC address, and in the last I write the interface and press enter. It's changing my MAC address. I ran it again, still changing MAC address. Here you can see my new MAC address. This is the permanent MAC address & the current MAC address is this. Our MAC address is changing but as soon as the system is rebooted, only the permanent MAC address will appear. So to solve this, we thought of something logical. As soon as the system reboots, the MAC address should be changed with the help of 'macchanger'. So what will happen in this case, every time the system is rebooted, our MAC address will be different, and our permanent MAC address will not be visible anywhere. How can we do this? We will do this through shell scripting. So let's see how to change the MAC address of Ethernet through shell scripting. For that, first we go to our document directory. Because we will create shell scripting to change the MAC address, we will create it in the document folder. Write 'cd documents'. 'ls'. I have created mac.sh file inside document directory to change, review it once. I will start editing this file by typing 'gedit'. We have visited the directory of the terminal to put it in the shell scripting. After that we have written the command 'macchanger -e eth0'. It has been written 3 times because if we are adding VPN or changing MAC address or anything, then it should be performed atleast 3 times. Even if you are resetting the mobile. It is considered very safe and good to do so. Because the MAC address is overwritten and the confirm MAC address. In that case none of our old MAC addresses are visible. That's why we've run it three times for security precautions. This is a shell program that will change the MAC address. Let's run it and see if it is working or not? Saved this, closed it. How to run 'mac.sh' file which is a shell scripting file. It will run from './ '. './mac.sh' & press enter. You can see that because I wrote the command 3 times, it has changed the MAC address 3 times. These are 3 MAC addresses. My current MAC address has changed completely. If you want to watch then you can write: 'macchanger -s', for show my current MAC address & press enter. My MAC address is completely different. This means MAC address has changed. Our task is that when this system is rebooted, at the same time this MAC address changes, then how good will it be. Our permanent MAC address will not be visible anywhere. How will this happen? We have pre-installed tool 'corntab'. through which we can do this. In 'corntab', through the editing option i.e. 'corntab', we will first start editing by writing '-e'. We have to write 'corntab -e' & press enter. So here its editing file will open. In which this by default line will not be written. So, it would look like this to you. What you have to do, in the first line, make a space '@reboot'. That is, as the system reboots, then this option has to be performed. Here we are writing '@reboot', it means the system reboots, the command I will write next to it, will be executed. Here we write the location 'mac.sh'. This means mac.sh should be executed upon reboot. Here you will write directory name which is 'home', 'wscube' username, 'wscube' personal folders 'documents' and then 'mac.sh'. Here was the current directory where mac.sh was built. You can also check it once. If you want to check what is your current directory. Open this window. We go to documents & the 'ls'. Mac.sh file store here. We have to write 'pwd', print working directory. As you can see '/home/wscube/documents'. '/home/wscube/documents' then file's name 'mac.sh'. We have entered its current location here i.e. this file will run as soon as it is rebooted. We save this by pressing Ctrl+O. Press enter. Close it by Ctrl+S. Here, root permissions are given again. and check whether the last command has been updated or not. Here it is updated and saved. Close it with Ctrl+X. It is closed. Since the line which we had to execute in 'crontab' has been entered, we just have to start its services. For which, we will write 'Service Cron Start'. This cron services has started. Next command will help us to run the command automatically as soon as the system is rebooted. Write 'systemctl enable cron service'. It has been enabled, let's start it too. 'systemctl start cron service' Now we will run the command 'update-rc.d cron defaults'. This will update the 'rc' file so that the 'cron' file will run as soon as the system is rebooted. We have started 'cron', done 'systmstl', done 'update.rc'. Mac.sh file will be executed as soon as the system reboots. Before that, as soon as you create a new mac.sh file, it will have by default read-write permissions. It will look something like this, I will show you. I take permission from this so that it will look like yours. You can also get permission from '-x'. Write 'ls'. You can see that mac.sh is written. With 'ls -l' we can check which file has which permissions. Mac.sh only has read-write permission available. We have to provide executable permission to it. We'll write 'chmod +x mac.sh' for that. If read-write permission is given in your mac.sh file, write 'ls -l' to give executable permission to mac.sh. So you can see that mac.sh file has got executable permission. What is my job now? To execute. The file should be executed upon reboot. Now, we will reboot the system. Our system has rebooted. Now we go to the terminal and check whether the MAC address has been allotted or not when the system is rebooted. For that, first root permission will be given. Show the MAC address of 'eth0'. Here you can see that our permanent MAC address is '71:12:ea' and the new MAC address allotted is different. Our MAC address has changed. Every time the system is rebooted, we will have a new MAC address i.e. my permanent address will not show anywhere. In this, we saw how to change the address of hardware Ethernet cable. Now we have to see how to change the address of wifi stick. i.e, we are running the internet from WiFi, how can we change the MAC address that we are getting from it. See this too. First of all after giving root permission, as soon as I am typing 'ifconfig'. So I can see from which source I am running internet. There are no IP next to ethernet, no IP next to 'lo'. After the LAN0, the IPs are visible. That is, I am running the Internet through LAN0 which is name of my wifistick. I can check that I am running internet from LAN0. So now we will change the MAC address of our device. How will you do? First of all, we will turn it off so that we can change its settings. If we make changes in a running thing, then it becomes misconfigured. It can generate any error, it can get corrupt as well. What shall we do? We will turn it off first, for which we will write 'ifconfig wlan0 down'. Press Enter. This will bring down the wifistick. After that we will write the command 'iwcongif wlan0 hw', 'hw' for hardware, 'ether' for changing the MAC address. What is the MAC address to keep? Ether was written after the MAC address. After typing 'ether', we will write the MAC address. Earlier it was something else now it is something else. Write down the MAC address. Here we have written the MAC address. After typing the MAC address, now we will press enter. We have to write 'ifconfig' not 'iw' here. After typing 'ifconfig' we will press enter. We can see that it is showing that your MAC address is invalid. The starting MAC address should be 0 after that press Enter. Still have to make some changes. Now our MAC address has been changed, then we will choose Wifistic to check it. Press Enter. Wifistick has started again. Now let's see by writing 'ifconfig'. You can see that the MAC address we just created has been set. This was how to change MAC address in wifistick. I have come up with a new video in which we will see that we will install some machines, configure them so that they can do some testing. Without delay let's start our video of today, where what are we going to do? Installing Windows XP.'metasploitable2' is a vulnerable machine where we can do all the testing, will install this. The 'dvwa' which is a part of it, will also see that how to configure it. Let's start this video. First let's install Windows XP. To download Windows XP, you have to go to Google and write Windows XP Download. Now, we will download Windows XP ISO. If your computer is 32 bit, then download 32 bit, if it is 64 bit, then 64 bit. I am about to download 64 bit. Here I will download 64-bit Windows XP. Start downloading. The Windows XP download has started. We will install it as soon as it is downloaded. I already have Windows XP downloaded so I'll cancel it. After downloading Windows XP, now we create a new virtual machine. Here we will click on next as we did in Kali Linux. We'll select the ISO file. Go to the browser, select our Windows file. Here our Windows XP ISO file is stored, we will select it and click on Next. Here it is asking for the product key of the Windows XP. We will find it here. Write here 'Windows XP product key'. From here we copy this key and paste it here. We will not keep the password. Keep the full name 'wscube'. Click on next. Virtual machine name saved as Windows XP Professional. One thing to change because my C drive is full. As I told you, you can select the drive you want. So we'll select another drive. Let's select the G drive. Ok. Great. Windows XP will be installed on the G drive. Give 50 GB to it. Install the virtual disk in a single file like we did in Kali Linux. Customized hardware. Provide it a RAM. Let's provides 4 GB of RAM. Give it a processor, 1 is enough. Everything else is fine. It doesn't need any changes. I'll close it. Click Finish. You can see that Windows XP has been added. Lets start it. Windows XP is being installed here. From here, we'll see the product key and write it. Search and write the product key, will be activated. Maybe you will have to write 1-2 product keys. The error that is being generated, click on OK. You can see that Windows XP has been installed here, will do on further testing in Window XP. You can see that Windows XP has been installed here. Now we have to test it, which we will do next. Next, we have to install two more things, metasploitable2 & DVWA. So now we will install metasploitable2. To install you have to open the browser and write: metasploitable2. We will go to Rapid7's website where we will find metasploitable2. There are two URLs here. If you click on the first URL, it will ask for some details. After filling the details the download will start. So we will download from sourceforge.net. So here the download has started. This is a download of 850 MB, let it download. I have this download already so I'll stop it. I want to import my file in virtual machine. Here we do not need to create a new virtual machine because it is already a virtual machine. On clicking Open a new virtual machine, we will select the file. You can see that the name of metasploitable2 appeared. Import is done. Set the configuration in it. It's RAM and processor are correct. The hard disk has enough storage of 8 GB. Anyway, we are not going to install anything in it, will test it, save it. metasploitable2 is a machine that is vulnerable. A lot of testing related to ethical testing can be done in this. So for this we have to start. Power on this virtual machine. Here its login and password is 'msf admin'. Write 'msfadmin', Enter. 'msfadmin'. We have logged in. Now what we have to do, because this machine is already vulnerable, then we will not need to do much configuration in it. We can see its IP here. 'ifconfig'. This is a Linux machine, so all Linux commands will run here. As soon as we type 'ifconfig', it is showing current IP. Here we can see its IP, 192.168.92.134. We have been allotted its IP Now if we open this IP from any virtual machine, it will open. Here metasploitable2 is installed. This was our metasploitable2 which is very easy to perform. We just had to import the virtual machine. Here metasploitable2 has started. Next we will see how to test it and how to use it. It is similar to Linux operating system, so all Linux commands will run in it. As we have downloaded and installed Metasploitable2. Now our job is to configure DVWA. The good news is that there is DVWA in metasploitable2 as well. Once we test whether it is working or not. Here you will login 'msfadmin' and password 'msfadmin'. Here Metasploitable2 has started. We want to see its IP. Here its showing IP, 192.168.92.134. Here Metasploitable2 has started, its services is started, it is configured automatically. Our job is just that we have to start our virtual machine, install Kali Linux. and write this IP there to see if it is working or not. Its IP is 192.168.92.134. We will go to the KALI machine. Go to browser. Here we will write 192.168.92.134. So you can see that was the page of Metasploitable2 because it is in local machine, all interconnected with each other. If both the systems are on the same IP then we can access Metasploitable2. As soon as we are writing to the system's IP Metasploitable2 is able to access that system. Here it is showing DVWA, go to DVWA. Here Id is asking for password. Let me tell you, we get ID-password from Metasploitable2 is admin & password. 'admin' is the username & 'password' is the password. Enter. We can see that we have already logged in. In today's session, we had to configure and install all three things, we have done that. Today, video is about What is footprinting & reconnaissance? What are we going to learn today? let's see. Today we are going to learn 3 things. What is footprinting & reconnaissance?, types of footprinting & use of footprinting. Let's start with our first topic What is Footprinting? First we will see some of its points, then after seeing some examples about it, we will understand what it is. Personal details, company details, system information, gathering all information about target, entities belong to target & technology. What is Footprinting? What is happening in this? We can also call Footprinting as Information Gathering. Information gathering and Footprinting are the same thing. What's going on in it? A very important phase in ethical hacking is Footprinting. This is the first step in ethical hacking which is very important. We should know about the device or system or domain that is targeted. What is it, what is its technology, we should know everything. Footprinting is the most important part in the ethical hacking phase. The topic is first and foremost, so don't miss it at all. Understand this well. If I want to attack any system, if I want to attack your system, even if I am doing it with your permission. I should know everything. What is your name, who is connected to you, who knows you, this information is also useful for me. When bad hat hackers attack in the ethical hacking field, what do they do? They first gather the information about you. We will also see how we can preserve our information. So what do they do by gathering our information? That who is connected to us, they can also do phishing to us, they can perfrom various attacks. So information gathering is a very important part. In it we take information of any person, information of any domain or company. So here it is written that we find someone's personal details through any means. Looking for company details, whatever details we can get out of that company like its economic details, whatever. System Information. What information can be there about a system such as which software is new, which is old, what is its operating system. All that information will come under System Information. Gathering all information about target. That is, we will gather all the information related to the target. One more thing is being included in this that we will also take information about the entity which belongs to it. Like they will also know about my friends, will also know about my mails that I am receiving. This is a very important part of information gathering. And Technology. If you are testing on a domain, then what technology is being used in the domain. Is the website built in PHP or Wordpress? So all this information gathering is very important because all the subsequent attacks will be according to this. Next is, what are the types of information gathering, types of Reconnaissance & Footprinting. How many types of Reconnaissance & Footprinting are there? They are of 2 types. Active & passive. 2 types of information gathering are there, active & passive. Information gathering has been divided according to categories. What is happening in this? What Happens in Active Footprinting? Let's see. Direct interaction i.e, we are doing direct interaction. We are interacting directly with the domain, server, etc. There is direct interaction & we take information. What are we doing in Active information gathering? Whatever target or scope is in front of us, for which we have to take information, we interact directly with it. He knows that in some way, someone is amassing my information. We are talking directly to his friend or we are trying to know about him by calling him from social engineering. When we do such activities, we call it Active Information Gathering. Next is, passive information gathering. What Happens in Passive Information Gathering? In passive information gathering, we take someone's information without interacting. That is, we do not interact with him in person. We take his information through third parties. Like we are seeing him by going to his social site, going to another site and looking at it, trying to get information out of its mail. When we do information gathering of someone from different sources, in which the target is not aware that information gathering is being done, while taking any of his information, we call it Passive Information Gathering. Next point is, use of Reconnaissance & Footprinting. What is the use of Reconnaissance & Footprinting? Let us try to understand this with some points. Information Gathering. What is Reconnaissance & Footprinting? Information Gathering. We are taking target's information. Time saving. What is time saving? When we move towards penetration testing in ethical hacking, we have to test a domain but we do not do information gathering. So this process takes a lot of time as all the attack-testing would have to be done in it. If I know this website is built in WordPress, why don't I do a vulnerability test related to WordPress itself? If I know that this app is built in PHP, Ubuntu, Laravel, then I will use the same platform's vulnerability access tracking. Why shouldn't find the loopholes in the same way? If I find errors of PHP in my WordPress site, will I get it? I'll never get it. If I find the errors of WordPress in my Laravel site, will I get it? I'll never get it. This saves my time. When I take the technology out of information gathering, and I take the information then it saves my time. We are saving time. Easy processing is going on. How was saving of time is happening? I have the information so I know that's what I have to do. When I have all the information, I am doing all attacks from information. I am trying all the techniques, I am accessing the vulnerability. So it's doing Easy Processing is saving time, it is helping me in easy processing. Process is going too fast. Next is accurate attacking, this part is showing all the things. When I have gathered all the informations, then whatever techniques I'll test now will give accurate outputs. If I know it's a WordPress website then I WordPress wordlist. Even if I attack it, I try to get out of its directory, WP admin accurate results will come after WP content. In today's video, we will see how to footprinting. We know what is Footprinting & how it is done. Now we'll see How to do Footprinting? What are you going to learn today? We'll going to learn 3 things Footprinting through search engines, Footprinting using advance Google Hacking Techniques, and footprinting through social networking sites. Let's start today's first topic, Footprinting through search engines. How can we do Information Gathering, Footprinting with Search Engines? Let see Footprinting through search engines. The first Search Engine we have is 'Not Evil' 'Not Evil' is a search engine that can be run only through a web browser. This is an onion link, this is part of the hidden web. But the information it gives here is very good. The information of 'Not Evil' is very useful for us. If we can't search something with normal browser, then we can do it in 'Not Evil'. It can only be accessed from the Tor browser. Since it is an online link, we cannot access it. There are two more search engines, Shodan & Censys. Shodan & Censys are also known as hackers search engine. It also gives very good performance. The output or result that we get from these, like What do search engines do for us? Gives the output of whatever you search for is very good. If we look from the point of view of ethical hacking i.e. we can see which proxy, ports, webcam is open. If you go to Shodan and explore it. So you can see there are many things related to you here. This is useful for us because, if we come to know about any software version or technology which is in use by the target. If we search that here, we see related vulnerabilities and Ports. Which is very useful to take information gathering to the next stage. Next is Yahoo & Duck Duck Go. You must have heard 'Duck Duck Go'. In Linux operating system, it is run with Firefox. It is said about it that it does not trace us. Next is, Bing & Google. We all use google. If you use advance search in Google then we get good information. Apart from this, if using a Google's normal search engine. If we go from Next to Next page. Let's see its later entries. We will get some such information there, domain owner forgot to remove it. If many years ago I made a website and put a lot of information in it. Later, I came to know that this information should not be here, I removed it and released some updates. Because I had uploaded that information a long time ago and forgot to remove it from everywhere. Today, if I will go to next to next page by searching the same thing then even today, attacker can see that information. So we should take care of these things. The search engine produces very good output and is very helpful for us for information gathering. Next topic is, Footprinting using Advance Google Hacking Techniques. Gathering information using advanced technology of Google. What does it mean? These are the operators that make our output look as we want. For example, I write 'Images of WsCube tech'. Showing more images along with images of WsCube tech. And there are some common images which I don't want to show. Like WsCube tech is showing images but also showing logo. But I don't want that logo to appear. Then what should I do? I will write the logo next by putting a minus sign. Now, the output I am getting with the help of 'sign' There will not be any image related to the logo. In such an index, an advanced operator has been created to filter the output. First operator is cache. Cache operator is such an operator within which as soon as we search for something, if we write the domain ahead, it will tell us its cache. So what do we have to do? We have to write the name of the cache operator, then whatever the domain will be written. The cache on that side will show. Next is allintext: Whatever text is written next to it, then this text will be shown to us related to it anywhere in any site. There are some other operators who are helping us, in which filetype: also comes under this. Filetype is a good operator, very useful for us. Suppose in a website, we are looking for personal files. We want to get the login.php file. Or we need any document or invoice, document.doc or .txt, in any format. We know that this file is probably there. It may be result.txt It may be result.pdf. If we know what format the file is, then what will we do? We will use the site URL, Write that domain and write that domain next to filetype. Any file of the same format like .pdf or .txt. whatever file is in this format, it will show us in indexing. We will get the output that we want. To make this more easy, we can also write an advanced search by going to Google. So we will have a guide of advanced search. We will find a GUI and according to that, our output will be filtered. Next is inurl: What does inurl: do? It is an operator inside which I type text if it will be coming in any URL Whatever is the output from that URL, we will see it in indexing. There are some more operators which are useful for us. Intext: If this text is being found anywhere, we will see its output in index. Indexof: is a useful operator. Let me tell you about index of operator. Its work is such that if we write any domain after indexof: then it can find whatever directories are related to that domain. Directory searching means, if I write indexof: wscubetech or write any other domain, whatever directory will open, not file, as file will run. As soon as I go to login.php, the login page will opem. But if I am going using indexof: , So the folder in which login.app is stored, it will show me that folder. Directory which we are able to see, through these I can read the programming of many files. In that case we are using indexof. We already see site: Whatever domain we write next to the site, its related site is shown in the index. '*:' means any value can come here. When at any place Even if we write ' *: ' on the terminal, it means any value can come. Negation operator helps that what we do not want in the output. Next is, Footprinting through social networking sites. What are social networking sites? We all must be well aware of social networking sites. We all are connected to Facebook, Instagram, Twitter, LinkedIn. Fo professional work we visit LinkedIn & twitter. For entertainment pupose we use Instagram, Facebook & other social networking sites. All the social networking sites have more scope for information gathering. It holds so much of our information that it is very easy for any attacker to visit our profile and get all of our information. for example:When you go for a walk, you start your live story, or uploaded the status that I have come from this location to this location. Your time is shown that you have been to these places at this time. Apart from that, someone wishes you on your birthday. Suppose the birth date is hidden in your privacy. Let's assume that your privacy is strong. But people are wishing you, then your birth can be guessed by it. We know birthdate & year is not too difficult to find. We stay updated on social networking sites so much that more than half of our information is found on social sites. If we follow the page, then they can know what we like and what we don't. We can collect a lot of information like this from social networking sites. If possible, at least the information should be uploaded on social sites. As we have just seen, through social netwroking sites, Google search engines & advance operators, we can do information gathering. We see it by applying it practically, how can we do information gathering? How much good information can we get only from these 3 places? Let's start Open the browser. First of all, we will see how we can get good information from search engines. We will see through the search engine how much output we can see of one thing. We do information gathering about WsCube Tech and see what we get about it. First, search in Google. Write Wscubetech. Here the indexing has appeared on the first page of Google. Now we can see what information we can see through Google search engine. We are able to see that there is about and contact information which we will get on the site, we can go and see it. Here its location can be found, what is its location. This little information can be of great use to us. Let's see what we are finding next. It's timing schedule is off. When the staff is present, and when is not present. Some people have given reviews, through them we can connect with them also. We can also connect with people who are connected with WsCube Tech. It has a YouTube channel. We can understand its technology from youtube channel. We can see what is working, what is it using, what it teaches. We can also see about its application. You can install the application and see how it is working. Facebook profile. Its information will be on Facebook profile, which we will see through social networking site. There is a linkedin page, where we can see their employees. There is also a profile of WsCube Tech on Pinterest. Let's look at the next page. When we go to the next to next page on Google, we keep getting more related things. Never stop on the first page of indexing, you can get better information if you go to the next page. Here we are also getting the Instagram page of WsCubeTech. Crunchbus organization is telling something about WsCube Tech. Registered on Zoom Information. Also on Upwork. Also used in clutch.co It has also been used in Glassdoor, It is also on Naukri.com, where we can see about hiring, what are their requirements, what should the employers know? From that we can know what technology it uses. Like it is written that we need a developer who can work on PHP and WordPress. So we can understand that the most used technology they employs is WordPress and PHP. Similarly, we can get information about their company's requirements. Over here, we've got another domain- Wscubetechtechnology.com which is HTTP admissionbox, UrbanPro. You can see we are getting a lot of information about WsCube Tech. Going to the next page of Google, you are able to see where it is registered and at how many places. There is information about the place it is connected to. We will go deep and see what information will be available, what can we see. So many sites are connected here. We can get a lot of good information about it. Here is the annual revenue. So in the same way we can collect information about any domain, target or person through search engines. Let's see some other search engines than Google. We'll use Duck Duck Go. We'll write WsCubeTech. Showing it's first site. It is not showing the courses domain, where courses are uploaded. Login page is shown. Another sub-domain of this is 'www.mail.wscubetech.com' that is visible. WsCubeTech is also registered on 'summertrainingjodhpur' Let's see in the more result, what else can you see Instagram pages, Aboutus page, summertrainingjodhpur It is related to ''The Handbook''. If we search here about any domain or person, in the next section, it is giving very good information. Let's see two search engines that are performing well, i.e, Shodan & Censys. These are also called hacker search engines. Because it can give very good information related to IP or domain. I have opened Shodan. I am logged into it. You can also login to it by registering or you can also login directly from Google. It will show the options after login, you search about any domain or any IP. All the vulnerabilities or information related to it are available, you can see them. Write Microsoft. As soon as we wrote Microsoft, information related to requests & responses, open ports are visible. We'll see the report directly we got an overview of Microsoft's report. It is showing things related to it. Wherever Microsoft is written is showing the open ports related to it. Organizations associated with Microsoft will show here. In whichever vulnerabilities are mentioned in Microsoft, all those Vulnerabilities will appear here. After that, products, tags, operating system, web technologies, and we can see the records of everything related to Microsoft. For now, we will not. You should review this, it is a very good site. Second site is, Censys. This is Censys. Where we can get good information from any platform, domain and target Can extract good information related to IP or domain. IP performs well. IP gives good information. First we go to search engine. Let's see once by pasting our IP here. There is no summary information regarding our IP. But you can get by using other IP. If you pin a site, you will get the information related to it here. If you write any IP here, you will see the information related to it. Its output will be shown in the summary. If it is not visible, then in that case also you can go to 'WHOIS' domain and take some information. Here it is asking for registration, so we will register. I will also let you know how to register in a new way. We can write anything in these details. here asking for email from us then we will get fake mails in 'Tempmail' It is providing fake mails, so this is useful for us. We'll copy it. We'll paste here and keep this username. We'll keep the same password and remove the last 4 letters, which is '.com'. We will do the same here. Click on I agree. You can write anything in company. You can write any number in contact number, here we will select India. Tick here and continue. Here's the mail to confirm our registration so we can login into it. Copy the mail. Confirmation mail has arrived. So we will copy the mail and paste it in the URL. Now our mail is confirmed. Our mail address, let's copy it again from the Tempmail. Paste here. Enter your password. We have logged in Censys. Now we need information from IP about 'WHOIS', it will give us good information. When we do such testing in different places or here we see a related summary of it Whether there has been any vulnerabilties or anything related to specification then it will be helpful for us. This was information gathering, gathering information from different sources. Here, we'll write IP. This is our IP. We'll paste this IP. As the first output came in which summaries were not shown. Same thing is happening over here. We will go to 'WHOIS', go there to see what information is coming related to our IP. You can see that information related to IP has started coming here. This is India's IP. Ok correct. Details about our net information is shown. Our net belongs to 'siti essel group'. So here was the related information from the net. Showing e-mails, links & changes. So this is how Shodan, Censys, Google, and Duck Duck Go, are used to gather the information. Good information was coming after going to the next to next page. Going to the next to next page in Google & Duck Duck Go, we were able to see that we are getting more information about the site, & it's other information. How many other domains are there that the site is associated with? How many sub-domains does that site have? We were able to see all these things. So this was our first topic where we tried to gather information through search engines. Now, we would be Google Advanced Search Operators, also known as Google Dorking, through which we would try to do information gathering. And see how much new and good information you can take. Let's start. Go to Kali machine. What will we do if we want to get the information of WsCube Tech? We'll write WsCube Tech We'll write normally. Enter. Information has appeared on the normal page. Along with this, we will use some advanced operator and see what information can come. If I write— indexof: wscubetech.com It will show Indexing related to WsCube Tech whereever it is open. That is, wherever its directory can be seen, it will show us. See here 'www.portfolio.wscubetech.com', is a sub-domain, can see here that we can access the directory of WsCube Tech. The page is not loading, we have been accessing its directory which is the cji.bin directory. In which, we are seeing a fake error page but we are able to access its directory page. Here, talk about directory, which means that if I test any directory before this then definitely I can see inside some directories here. We can get a lot of good information through the index show that is happening here, which we will see further how can we do it. Let's see what we got. Here you can see that as soon as we have used the search operator, we see more indexing of WsCube Tech. I can access many more directories by going inside these folders. I can take a lot of information through this vulnerability. Through search operators we get good information. At present, I have not done anything, I have used advanced search operator. So, we can do information gathering by using different advanced search operators. Now we will see how much good information we can get from domain or target through any social networking sites. So let us see what information we can take related to WsCube Tech. WsCube Tech Here we are seeing the profile related to WsCube Tech. We will go to the profile Will see what information can be taken. We'll open Facebook, LinkedIn & Pinterest. Go to the next page where we will also see Instagram and other profiles. We'll open Instagram & twitter profile. Now, we will go to these profiles & see what other information we can see related to WsCube Tech. Let us see what information we can get on the Facebook page of WsCube Tech Its WhatsApp number is here. On its banner, we can see what technologies it is using. That is, what technologies will be used in its sites or projects. Let's see what is next. Here we are seeing the hiring. As we want to do more information gathering related to this. So we can get more information by applying in hiring or by sharing resume or by connecting with that company, through the work of social engineering, you can get better information. Information gathering is important because it can identify the shortcomings in the company & to overcome those shortcomings. For example Here are all the details related to the hiring, which a black-hat hacker uses. So it can do a lot of damage. We have to first find out the shortcomings by thinking in its way, then report it and correct it. We have to guide them which things have to be shown and how to carry it. Or if this information is available then they have to be rectified. As we saw the index appeared, in which we could see all the directories. We can also do something else through directories. We will see in the future what the hacker can do. First, we will look at it by thinking in its way that how much information which is not needed is available on the internet, which information can cause harm and how can we save it. It is our motive that we look at things and whatever harmful information is available, it should be removed from there. We can see the same on Twitter as well. There is a lot of information available on Twitter too. Here you can see more about Connect User. As soon as you login to LinkedIn, you can also see how many employees are associated with it, you will also get all those entities which are associated with them. Good information can also be available through all the employees who are associated with them. So, this is Pinterest page. You can see more information. By visiting its Instagram page, its followers and other information like who are liking, commenting on it or are connected with it. You can see the information related to it or the information related to it last activity. This was today's session where we have done information gathering, where good information gathering has been done. Now our job is to report it and correct it. I will get it done now. So this was today's video where we saw how important social engineering is for us. How much information can we get from it. As we saw that we had taken a lot of information inside the 'indexof:'. We can excess it's file. It's entire directories can be accessed. I will rectify this vulnerability now. But this is our job. We are information gathering and if there is any shortcoming anywhere, then our job is to remove it. Today, I have brought a video for you where we will learn some advanced things about Footprinting. We will see how we can do Footprinting in the website. We will see what are the steps we will follow to do the website's footprinting. First step, knowing website technology by using Netcraft & Wapplyzer. Next is, sub domain's of website. That is, how many sub domains does the website have, by using Sublist3r & Subdomainfinder. Next is, Finding hidden links. How many hidden links are in the website in which we will use Extractor and DIRB. which will provide us directories. Next, we will check the security of the headers of request & response. So we'll check security of headers. After that, we will see what is the IP of that domain and what is it's buffer size. What is the meaning of its buffer size? After that, we will do the testing of the SSL certificates. Whether the SSL certificate with that domain is verified and vulnerable or not. After that, we will see more information about it through Wayback machine. Last is, checking SPF records. This is today's session in which we are going to see a lot of things. We are going to look at the important parts of information gathering. Let's start this video. Understand it well. Let's start. Open Kali Linux machine. First of all, the technology of our website is being used, using which technology the website is made, what technology is it using like PHP, WordPress, Magento etc. Which is client side programming or server side programming. We'll see more information of it. For that we will use two extensions,i.e, Netcraft & Wapplyzer. Netcraft is a platform that provides a lot of information related to any site. The problem here is that our netcraft site has been upgraded. If we want information through netcraft then we have to register and buy license. We will not do that and download its extension which is still free. What shall we do for it? We'll go over here and write 'add-on'. Add 'Add-on' in firefox. and add extensions on chrome. Here we will go to the Addon store. Add-ons on Firefox. Here we will search the names of the Addons we want. Firstly, we want Netcraft. We will install the Netcraft extension that we get. Add it to firefox. Here you can see, the extension of Netcraft has been added. We need one more extension that is called Wapplyzer. We'll write Wapplyzer. Here you can see that the Wapplyzer extension has come here. Click on it. We'll add it to FireFox. Add. Ok. Here we now have both Netcraft & Wapplyzer extensions added. Now, let's see what other information we can gather through them. How to find out the technologies of the site. It is easy. We have to open a domain, like WsCube Tech. We are on wscubetech.com. This site is loaded as soon as we visit the site. If we click on Netcraft here. This is keeping the site report ready for us. Netcraft is saying, all the reports related to the site have been prepared, you can come & see. For that we'll click on site report. As soon as we click on Site Report, we will be redirected to Netcraft. It was earlier working in the format of API or paid version. But now it is providing inforamtion freely. So now let us see how much information we have got related to WsCube Tech. In Netcraft's rating, it has a rating of 1 out of 10 ratings. Risk rating tells how much risk is there in it. So it is telling that the risk is low. Ok. Showing the rank of the site. Showing the URL of the site. After that, The domain name is shown. Netblock owner's name is shown. Shown name server of netblock owner. It is telling which hosting server is being used. Showing hosting country and showing IP address of domain. DNS admin is a part of information gathering. Showing the mail address of DNS admin. Showing some more information related to the organization such as address and all. Showing information related to the server here. Here, it will show the information related to the TTL & SSL certificate. let's see once and what is happening. Showing the serial number & signature algorithm- 'sho256'. It is hosting history. Where is this hosted from? From which server is it run, which Linux is it running from, which system is it run from. Showing IP & network owner. We saw this information. Netcraft has shown us a lot of information. We just need to add an extension. After that we see what information we can get through Wapplyzer. We will reload this site one more time. So far it has caught 15 technologies. Will reload again. Click on Wapplyzer. Here Wapplyzer will tell what it has caught. You can see that PHP has been used, old language has been used, which tool is used in live chat, how is Javascript graphics provided, Bootstrap framework is used. Facebook page is logged in social login. This was Wapplyzer & Netcraft where we have taken a lot of information about the site by adding an extension. What technology is that site made of, what is the use of that site. This information is going to be very helpful for us in the future to find out how to test this site. It will ease our work and will provide very efficient result of testing. Let's move on. Next, we are going to see that how many sub domains a site has. How many sub domains are there in the domain that we have got in a site. We'll use two platforms to find them. First of all there is an online platform of domain, 'subdomainfinder'. We'll write Subdomain finder. After that we'll write 'c99' near it that's what I prefer. You can write anything. We have to enter a domain. Keep in mind, sometimes it will ask for the domain, sometimes it will ask for the URL then you give the complete url. Like http.www.wscubetech.com. But when it is asked only for domain, you'll write wscubetech.com Press Enter. So now it will find its sub domains. It will show which subdomains have its turned on, which subdomains have IP & other information. Our result is ready. You can see the technology of cloudflair. It is showing the IP of the subdomains that are active. The subdomain that is not active, it will not show their IP. First subdomain is wscubetech.com, proposals.wscubetech.com, blog, courses, autodiscover, cpanel, ccalendar, ccontacts, mail.wscubetech, webdisc, etc. Too many subdomains are visible. The more domains or related subdomains we get, the more fun we get in testing. Because we have more scope of testing. We saw in all the subdomain through the online platform. We will see the subdomain through another platform which is called sublist3r. This is a script which helps us to find the subdomain & it produces good output. Let's take a look at this too. We have to install it in Kali Linux. Write 'sublist3r' Be careful when you are writing 'sublist3r', write 'sublist3r'. Press Enter. Here, the GitHub URL will appear. We will go to GitHub. Will follow the process of downloading or cloning GitHub. What is that? Here we are seeing all the files. We'll go to the code. Copy this URL, then go to terminal. Give it a root permissions. I'm zooming it. After giving root permission we will go to that folder Wherever we want it to be downloaded and saved. We will go in cd downloads There is already a software store here. Now we have to download the Sublist3r software here. We'll write- git clone. If the error is coming as soon as you type it, that means it is telling you that the git clone not found. If any such error is coming then you have to write 'apt-get install git'. When you run 'apt-get git' command, so you will have Git software or package downloaded. After that you can run the Git clone command. We'll paste the URL by pressing Ctrl+V. Press Enter. You can see, files are being downloaded here by creating a folder of cloning sublist3r. Do 'ls'. You can see Sublist3r folder in here. Go inside 'cd Sub'. Let me tell you a shortcut. As soon as we write the name of a file: and that file is a bit unique, then no file here starting with sublist3r or this name. If you press the 'Tab' button after writing a couple of digits of starting, then it will be filled directly. This is a shortcut trick which ease our work. Press Enter. We are in this folder. We'll se its file through 'ls', List directories. Here we can see some files are provided. How can we use it? We will download a lot of packages and softwares, it is not necessary that we know all processes. GitHub will help in this. Going from where we had downloaded. If we scroll down then we can see what is the process to use it. We installed it using Git clone & run this only through python. Before that, you can see that there is a requirement file, that is, some package required for this updater to be installed. How is it done? 'pip install -r requirements.txt'. As soon as it wrote this package, all the packages that were named inside 'requirement.txt', those packages have been installed through 'pip' command. First, we run this command. After that . we'll follow the further process. Let's go to our terminal. Paste the command. Write 'pip install -r' & file name 'requirement.txt ' Write 'req' then press Tab button, full name will come. Press Enter. So here we are already in Rooted Permission, so we don't need to give permission. As soon as we enter it will start installing the requirement file. Now, our requirements files is completely installed. So our job is to run the sublist3r.python file. For that, we'll write- python sublist3r.py Press Enter. After that the file will run. Here is our sublist3r.python file that we want to run, here the error is generated and this error is mostly generated because the we are not using the right version of Python. Let's see it by running it once through the python3. Press Enter. You can see it is working perfectly. Now by using its option, we will understand how we can use it. Currently here it is showing option '-h' I can take help of this. We'll write '-h' after 'python3 sublist3r.py'. Press Enter. Its help can be seen here. We can see how to use it. If we want to add domain within for which sub domains are required then we will use '-r' function. We'll use hyphen function. What we'll do? We'll call the last arrow by using upper arrow. This was our last command. Write '-d' aftyer that & write domain name after it which is wscubetech.com. Press Enter. Now it will find all the topics related to this domain through every platform, through every API, find us and print it here. It took some time. We wait a little. Then it will show sublist3r, as it has done. It has printed all its active sub domains. It has not printed the sub domains which are not active. This was second topic, where we saw how we can find subdomains. We will further see what are its uses. Let's see the next point. The next point after subdomain finding is to look for hidden links, which is helpful for us. We can see it in two ways, link extractor & DIRB. Apart from that, there are other things which we will be doing gradually. At present, we will take the information of all the links within a site, domain or website using two platforms. We should see such link which is hidden, they will also see it. Lets start. I'll do clear screen 'clear', it will clear the screen of terminal. We can work like new one. Now we need Link Extractor & DIRB. First of all Link Extractor which is 3:42:05.529,3:42:12.779 an online platform will make our work easy. Write: Link extractor. I would suggest you to use the link of WebToolHub only. It works well. You can use any. The output will be almost the same in all. Here it is asking us for the complete URL, asking for a domain name. So we'll go and get the complete URL. This is the complete URL in which we want to see the hidden links. Those links which can be helpful for us. Means all the links we have to extract, we will see which of those links are of our use. Any directory or file we should know, we will look through DIRB. Let's copy & past this link in the link extractor. Here it has started processing. And we can see that it has printed the output here. It extracted all the links it could extract from inside the site and printed it out. Let's see those URLs. The URL that is coming here are the image URLs, zoom it. If you click on the image then the image will open. Here we have got the image URLs. Apart from that let's see more. All of these URL's are of images. Some URL of CSS file have been found. Javascript URL found. General URLs are found. There are too many URLs. like Javascript, Courses, CSS, wscubetech. The login page is also showing here. Title : login, password. All such URLs are visible here. Which of these is useful and which we will use, we will see further. You can extract as much links or information as you can from a domain or website. We have seen a lot of URLs. Many of these are helpful too, a lot of URLs are going to be useful too. Next we will see through DIRB. How much information can we take of the site, i.e, how many URLs or directories of the site can be find, For that, DIRB is such a tool that we will get pre-installed in Kali Linux. After giving root permission to run, we should write 'dirb'. Press Enter. So its help will appear to show how can we use it. Let us see how many files and directories we can access through DIRB. Here, I am giving the URL of WsCube Tech after DIRB, we have to give the complete URL. Press Enter. So it will automatically find all the real directories inside it by setting its own wordlist. How will you do it? As soon as its status code is 200, it means this directory is valid, this page is being accessed. What does the status 200 code say, that the connection is being established correctly in this page, we are able to access this page easily. Different status codes give different information. Here it is testing the names of such files and folders one by one which is the structure of a website. Link Extractor has done its job. Similarly, we can extract a lot of information about file-folders, which is the structure of a website through Link Extractor and DIRB. We will see more advanced techniques of this. How can we find out more effective link structure. That was all for this point. Let us look for the next point. Next comes the topic where we will check the security of the Request & Response header. If you remember, I saw Host Header and User Engine. We had seen all these handers. We will check whether the security of the user's header is good or not through online platform. Name is securityheaders.com Security Headers is a platform where it will check the vulnerability, security of request, and response of any URL we provide. So let's see how we can do it. First let's take the URL of WsCube Tech. We go to WsCubeTech. Here we will check the header of the basic home page. We have copied the URL. Paste that address here then we have to run the scan. Here it is telling that the security of its headers is 'F'. 'F' means very vulnerable, it is the last stage. It is very vulnerable. It will tell us. Here it has been red marked. There is vulnerability in these headers and what is that can be checked below. All the red paths coming here means that the headers are missing. These headers should be there. Just because this headers is missing so it is making this request vulnerable. This was the Security Header's Check. That is, by copy-pasting any similar URL or URL inside any site, the headers that are being added to it, whether it is vulnerable or not, you can check its security. This was another topic, under which we saw about security headers. Moving on to the next topic. Now we will see how to see the IP of a domain and what is the buffer size of a domain. Here, DIRB is still working. Open new tab. Give it some information. Today we are going to understand about both the IP and the buffer size. Getting the IP of a domain is a very easy task. Will see right now. Second is buffer size. Let's see IP first. We don't have to do anything to see the IP, all we have to do is type 'ping' then the domain name. wscubetech. As soon as we entered the name of the domain, there was a request here, it came after pinging. We have got its IP. This IP is of wscubetech's domain. Copy this IP by Ctrl+C. Now our task is to find out its buffer size. What is its buffer size? The buffer size is the limit of the server. What is the limit? It is that how many packets can come in the packet coming here or what size packet can come in it. If more packets come from there then the site will go down. That site will not be able to respond to further packets. For example: You can eat only one apple at a time, if you have 2-3 apples then what will you do? You will be able to eat another apple only after finishing one apple. The same process happens in a site. When it already has a packet which is its limit, if it can solve only one packet, then the rest of the packets that are coming will have to wait until this packet process is properly finished. This is how processors & servers work. Why are we finding out the buffer size? Buffer size is being ascertained because what is the last limit of this server. We will find out that. That is, if a packet larger than this range or larger than this size arrives at the site, then it can not take its load. If we cannot read that packet, then we call it buffer over flow i.e. when more packets are there than the limit. For example: If the buffer size of this site is that it can read or work packets of 1400 bytes. When each person sends a packet, it will of 32 bytes, 64 bytes packets, or any bytes. This packet is going, will be loaded, its output will come. But when more than 1400 packets will start coming near it at once, all the packets that will come, those users will have to wait. That's why we say the server is running down. It is because of this that when users come to the site more than the limit, then they are not able to perform well. The limit is that it can process the same number of packets, if more packets come in, it will not be able to perform well. We can call it a DDoS attack. That is, if we send data to the system more than a limit, which will also be called buffer overflow. In that case the system is not able to perform well, that site goes down, it is unable to process further packets. So how can we fix it? First of all we need to see the limit, what is its limit, we will see that later. We'll find out the buffer size. So we have found out what is IP. We can do the same thing in Windows also. We will perform this in Windows because ping performs very well in it. Let's go to Windows. I have opened the command prompt. Now write: 'ping' then domain name 'wscubetech.com'. You can see its IP here. Same one that appeared before. First, we have to check the buffer size. Here we have got the IP. Now we will see the buffer size of this IP, i.e. what is the limit of this system IP, what size packets can it process. To understand that, we will write 'ping'. First of all, we will see the help of 'Ping'. '-h'. Here the help of ping appeared. You can see how the ping performs with the functions. Here we will do its fragmentation. We will use '-f' option so that there is no flag fragmentation. With that '-l' option will be used which is setting the size of the packet. We just had to ping the by-default, we can see that the result has came. By default it sent a packet of 32 bits. I will also tell you what this 'TTL-45' means. 'TTL' plays an important role. This 32 byte packet that went, what we are doing now is increasing the size of this packet & removing its fragmentation. Do 'ping -f' to remove fragmentation, fragmentation is not to be used. '-l', size of packet. Will put the packet size of 1400. After that, I will put the IP. What was it? 192.185.141.193 '-f l 1400' then IP. You can see that the packet that is going here is of 1400 bytes. By default, this is closing as soon as 4 packets go by, that's why I am performing it in 'cmd' because its performing stage is good. We will also try flooding. Here, it has shown that the response of the packet of 1400 bits that is going is proper. Four packets have been sent and 4 have been received. We have to see what is its last limit. At what limit will it generate error or stop responding to which packet? We'll make this 1500. Now you can see that the error is shown. What's that? Packet needed to be fragment. Here we have set up the domain fragment. We will reduce the size of this packet. We had put 1400 earlier, let's keep it 1450. Here is its response. It's working just fine. We'll close and add a little extra value to it. If we had to enter the value after 1400, then we'll make it 1480, error is there. That is, there is a value between 1450 to 1480, which will be its last limit. We will take some value in between, 70. Error is coming even on 70. Let's Take a little less, 60. Packet of 60 is going, that means, there is a value between 60-70. Let's see by setting 65. Error on 65. 63 packet size. Ok. Going on 63. Last is 64. The packet is going, even on 64. One more time, we'll see it by putting 65. Here, we saw that as soon as we 64 which is the last limit, that is, on which we are sending the packet. What is the server limit? The server that can process the packets, what is the bytes limit of those packets? 1464. If a packet is one byte more than 1464, then it will not be able to process it. What were its limits? 1464. If any packet comes above that, then it will be called buffer overflow i.e. packets of its range will come. Suppose, its last limit is 1464, if packets keep coming over it, will any user want to connect to it, he will be able to connect? This is the reason for finding out the buffer size. We get to know the range or limit of the server. Above that we can consider a DoS attack as the server will go down. If such packets keep on coming, then the server will start misbehaving. This was the session of IP and ping. What & how we can use from this, we will see further. Next point is, where we'll test SSL. That is, as soon as we add the SSL certificate in an HTTP site, that site starts performing HTTPS. Secure Server Layer, i.e, SSL starts working. Is the SSL certificate that we have added is secure? Does it have any vulnerability? or is it working securely? We have to test this in SSL labs and perfrom SSL test. Here we have come to the SSL test, we will see its next session after the SSL test. Here we will see the vulnerability of the SSL certificate of whatever host name we will provide, how vulnerable it is or there are any shortcomings in it. To test its security, we'll run the SSL test. Write: wscubetech.com.