2. Discovering Devices Connected to the Same Network Movie Subtitles

00:00:00,950 --> 00:00:04,Information gathering is one of the most important steps


00:00:04,860 --> 00:00:07,when it comes to hacking or penetration testing.


00:00:07,970 --> 00:00:11,If you think of it, you can't really gain access to a system


00:00:11,530 --> 00:00:14,if you don't have enough information about it.


00:00:14,810 --> 00:00:17,So, for example, let's say you're connected to a network


00:00:17,990 --> 00:00:21,and one of the devices connected to this network


00:00:21,070 --> 00:00:22,is your target.


00:00:22,690 --> 00:00:25,Now for you to hack into that target,


00:00:25,260 --> 00:00:28,first you need to discover all of the connected clients


00:00:28,310 --> 00:00:31,to this network, get their MAC address, their IP address,


00:00:31,910 --> 00:00:35,and then from there try to maybe gather more information


00:00:35,620 --> 00:00:39,or run some attacks in order to gain access to your target.


00:00:40,680 --> 00:00:42,Now, there are a number of programs


00:00:42,650 --> 00:00:44,that will do this for you.


00:00:44,330 --> 00:00:47,Examples are NetDiscover and Nmap,


00:00:47,050 --> 00:00:49,which do this job really, really well.


00:00:49,260 --> 00:00:52,So in this lecture, we'll start with the simpler one,


00:00:52,220 --> 00:00:56,which is NetDiscover and see how to use it to quickly map


00:00:56,780 --> 00:00:59,the network we're connected to.


00:00:59,110 --> 00:01:00,And in the next lecture,


00:01:00,620 --> 00:01:02,I'm gonna show you how to use Nmap


00:01:02,780 --> 00:01:05,to gather detailed information about all


00:01:05,920 --> 00:01:09,of the clients connected to the same network.


00:01:10,420 --> 00:01:15,So, I have my Kali terminal in here, and if I do ifconfig,


00:01:15,530 --> 00:01:20,you'll see I have eth0, it has an IP address.


00:01:20,050 --> 00:01:23,And like I said, this is the virtual interface created


00:01:23,850 --> 00:01:27,by VirtualBox when we set the Kali machine


00:01:27,170 --> 00:01:28,to use a NAT network.


00:01:29,870 --> 00:01:34,Now, I also said that this NAT network behaves exactly like


00:01:34,150 --> 00:01:35,an Ethernet network.


00:01:35,730 --> 00:01:38,And as far as the Kali machine is concerned,


00:01:38,650 --> 00:01:42,it thinks that it is connected to a real wired network.


00:01:42,680 --> 00:01:44,And as you can see in here,


00:01:44,010 --> 00:01:46,it's telling me that wired connected.


00:01:47,480 --> 00:01:51,Now, I have my virtual Windows machine right here.


00:01:51,420 --> 00:01:54,It is configured to use the same NAT network


00:01:54,910 --> 00:01:56,as the Kali machine.


00:01:56,970 --> 00:02:00,Remember, we're still in the network hacking section,


00:02:00,120 --> 00:02:04,so both you and the target machine need to be connected


00:02:04,650 --> 00:02:06,to the same network.


00:02:06,400 --> 00:02:09,So as far as these two computers are concerned,


00:02:09,430 --> 00:02:13,they think that they are connected to the same network.


00:02:13,130 --> 00:02:16,So what I wanna do right now is use NetDiscover


00:02:16,090 --> 00:02:19,and see how we can use it to discover all devices connected


00:02:19,960 --> 00:02:21,to the same network.


00:02:22,330 --> 00:02:24,Now the method that I'm gonna show you


00:02:24,040 --> 00:02:25,will work exactly the same,


00:02:25,860 --> 00:02:28,whether you're using it against a virtual network,


00:02:28,180 --> 00:02:31,like I'm doing right now, or against real network,


00:02:31,100 --> 00:02:34,and even if your target is a Wi-Fi or a wireless network.


00:02:35,690 --> 00:02:38,So all you have to do is type the name of the program,


00:02:38,130 --> 00:02:41,which is NetDiscover, and then type dash r


00:02:41,350 --> 00:02:45,to specify an IP range to search for.


00:02:46,170 --> 00:02:49,This needs to be arranged that can be accessed by you.


00:02:49,680 --> 00:02:54,So right now you can see that my IP is 10.0.2.

00:02:54,020 --> 00:02:57,and I can only access IPs on the same subnet.


00:02:57,980 --> 00:03:02,So IPs on the same subnet start at 10.0.2.0,


00:03:02,860 --> 00:03:06,and they would end at 10.0.2.

00:03:06,730 --> 00:03:11,because 254 is the last IP that a client can have.


00:03:12,380 --> 00:03:17,So, my range is gonna be 10.0.2.

00:03:17,400 --> 00:03:20,and I wanna search for clients that might have an IP


00:03:20,800 --> 00:03:25,of 10.0.2.1, 10.0.2.2, 10.0.2.3,


00:03:25,010 --> 00:03:28,all the way up to 10.0.2.254.


00:03:29,700 --> 00:03:32,So instead of manually typing all of these IPs,


00:03:32,780 --> 00:03:35,I can just type over

00:03:35,920 --> 00:03:38,and NetDiscover will automatically know


00:03:38,500 --> 00:03:41,that I'm trying to search for all of the IPs


00:03:41,570 --> 00:03:46,that start at 10.0.2.1 and end at 10.0.2.254.


00:03:47,400 --> 00:03:51,So this is a way of specifying an IP range


00:03:51,290 --> 00:03:53,for the whole subnet.


00:03:53,360 --> 00:03:57,So if I hit enter now, you'll see that NetDiscover


00:03:57,540 --> 00:04:01,will show me all the IPs of the devices connected


00:04:01,440 --> 00:04:03,to the same network.


00:04:03,070 --> 00:04:05,And note that the first three parts of the IPs


00:04:05,610 --> 00:04:08,are always the same because they are on the same subnet.


00:04:09,710 --> 00:04:12,And I also have the Mac addresses of these clients


00:04:12,950 --> 00:04:15,and Net discovers also attempting


00:04:15,340 --> 00:04:17,to guess the device vendor.


00:04:18,620 --> 00:04:21,Now, if I press queue, this will quit the program.


00:04:21,870 --> 00:04:25,And right now, we have a list of all the connected clients


00:04:25,640 --> 00:04:26,to the same network.


00:04:28,020 --> 00:04:30,Now, like I said, you can also use this method


00:04:30,770 --> 00:04:35,to discover clients connected to the same Wi-Fi network.


00:04:35,240 --> 00:04:38,The only thing is, right now, if I do ifconfig,


00:04:39,640 --> 00:04:41,you can see that my Kali machine


00:04:41,770 --> 00:04:44,does not have a wireless adapter,


00:04:44,120 --> 00:04:46,it's not connected to a Wi-Fi network.


00:04:47,970 --> 00:04:49,And like I said before,


00:04:49,520 --> 00:04:52,you cannot access the built in wireless card


00:04:52,600 --> 00:04:55,from a virtual machine.


00:04:55,140 --> 00:04:57,Therefore, if you want to do this


00:04:57,410 --> 00:05:00,or run any of the wireless attacks that we're gonna see


00:05:00,420 --> 00:05:03,in the future against a real computer


00:05:03,510 --> 00:05:05,and a real wireless network,


00:05:05,470 --> 00:05:08,you're gonna need to use a wireless adapter.


00:05:09,720 --> 00:05:12,Now, I'm gonna include links in the description


00:05:12,210 --> 00:05:14,that will help you pick a good adapter


00:05:14,240 --> 00:05:16,that works with Kali Linux.


00:05:16,480 --> 00:05:18,But right now I actually have one,


00:05:18,650 --> 00:05:19,and I'm just gonna connect it


00:05:19,890 --> 00:05:21,and use it just to prove to you,


00:05:21,940 --> 00:05:24,if things work on the virtual machines connected


00:05:24,980 --> 00:05:26,to the virtual network,


00:05:26,930 --> 00:05:30,they will work exactly the same against a real network


00:05:30,630 --> 00:05:32,with real machines.


00:05:32,630 --> 00:05:34,So, I'm gonna connect my adapter now.


00:05:35,980 --> 00:05:40,And if I do ifconfig, it's still not showing up,


00:05:40,900 --> 00:05:45,so I'm gonna connect it from my devices, USB,


00:05:46,010 --> 00:05:48,and click on the adapter name,


00:05:49,240 --> 00:05:52,and let's see if it shows up now.


00:05:52,150 --> 00:05:55,Perfect, as you can see, I have an adapter now called Lan0.


00:05:57,380 --> 00:05:58,And what I'm gonna do is,


00:05:58,860 --> 00:06:03,I need to connect this adapter to a Wi-Fi network first

114...