1
00:00:00,300 --> 00:00:04,740
Now based on the feedback that I've received I'm going to show you some additional python scripts and

2
00:00:04,740 --> 00:00:12,000
show you how you can leverage pi shock to capture usernames and passwords automatically off the wire.

3
00:00:12,000 --> 00:00:19,610
In this example I've got an O SPF script I've gotten fifty P scripts and I've got a telnet script.

4
00:00:19,650 --> 00:00:28,570
These are python scripts so I'll show you in a moment how you can use both pi shock which leverages

5
00:00:28,590 --> 00:00:38,070
t shock to capture traffic off the wire in real time and then look for something in that capture such

6
00:00:38,070 --> 00:00:41,750
as 0 SPF and then print something.

7
00:00:41,760 --> 00:00:47,070
Now I've expanded my Jena 3 topology slightly I've still got my boon to client which is connected in

8
00:00:47,070 --> 00:00:52,230
this example to a Cisco switch which in turn is connected to an ether switch which is connected to the

9
00:00:52,230 --> 00:00:53,480
Internet.

10
00:00:53,760 --> 00:00:59,260
I've got a bunch to two P.C. and I've got a toolbox.

11
00:00:59,280 --> 00:01:09,420
P.S. running here what I have done on the Cisco switch is enable port span or mirroring so on the Ethernet

12
00:01:09,420 --> 00:01:14,950
switch show run scroll down all the way to the bottom

13
00:01:18,660 --> 00:01:25,530
notice I've got these monitor sessions I'm monitoring traffic from this source interface gigabit 0 1

14
00:01:26,340 --> 00:01:34,940
and I'm copying that to interface gigabit 00 so all traffic that's been received on gigabit 0 1.

15
00:01:34,950 --> 00:01:38,880
This interface to the broader is gonna be copied to this interface.

16
00:01:38,970 --> 00:01:45,070
In other words to my Ubuntu client where I'm running t shock and Pi shock.

17
00:01:45,150 --> 00:01:51,740
So again source interface gigabit 01 destination interface gigabit 00.

18
00:01:52,130 --> 00:01:59,570
I've got to this tool box server it's running an empty piece of TFT piece of web server and so forth.

19
00:01:59,570 --> 00:02:06,470
What I'll do as an example is copy the config of the router to the tool box over using FCP and using

20
00:02:06,470 --> 00:02:14,600
this FCP script I should be able to see the username and the password dynamically captured using pi

21
00:02:14,600 --> 00:02:20,840
shock you know in previous videos I've shown you how to install pi shock but all demonstrated again

22
00:02:20,840 --> 00:02:21,200
here.

23
00:02:21,650 --> 00:02:27,800
If you're happy with the installation of T shock and Pi shock then skip the rest of this video and go

24
00:02:27,800 --> 00:02:35,170
to the next video we'll show you the first script which is always P.F. OK so only continue watching.

25
00:02:35,170 --> 00:02:43,090
If you want to see how to install this ingenious 3 there is a problem downloading traffic from the Internet

26
00:02:43,150 --> 00:02:44,870
through a Cisco switch.

27
00:02:45,010 --> 00:02:52,860
So I'm gonna get this boon to client to connect to the Internet directly via the ether switch.

28
00:02:52,990 --> 00:03:01,970
That's just so that I can install the software so on the Ubuntu client IP config shows me my IP address.

29
00:03:02,230 --> 00:03:04,130
First thing I'll do.

30
00:03:04,390 --> 00:03:08,780
Per my sort of list of Scripts is app.

31
00:03:08,860 --> 00:03:11,560
Get updates update Ubuntu references

32
00:03:15,140 --> 00:03:15,350
okay.

33
00:03:15,360 --> 00:03:17,250
So that's done.

34
00:03:17,310 --> 00:03:22,920
Next thing to do is to install t shock py shock a leverage is t shock.

35
00:03:22,920 --> 00:03:31,230
It basically is a rapper 40 shock so you can get it to do anything that t shock does so through a python

36
00:03:31,230 --> 00:03:34,650
script you can manipulate stuff in t shock.

37
00:03:34,650 --> 00:03:41,340
You can extract information from t shock in the same way as if you were using it manually but we're

38
00:03:41,340 --> 00:03:43,950
doing that through python.

39
00:03:43,980 --> 00:03:44,180
Okay.

40
00:03:44,190 --> 00:03:52,840
The next thing I'll do is install Python 3 Pip so apt get install Python 3 pip install that

41
00:03:55,860 --> 00:04:01,260
that actually installed Python at the same time so Python 3 will be installed as well.

42
00:04:01,260 --> 00:04:06,460
And then I'll install pi shock using Pip 3.

43
00:04:06,450 --> 00:04:16,750
So basically you could just copy these commands onto a boon to host and install the software yourself.

44
00:04:16,770 --> 00:04:21,990
I have shown you how to do this previously but I just want to show you the full process of how to get

45
00:04:21,990 --> 00:04:23,930
this setup.

46
00:04:24,240 --> 00:04:25,150
Okay that's done.

47
00:04:26,250 --> 00:04:32,040
So the last step is Pip install pi shock okay and that's done as well.

48
00:04:32,040 --> 00:04:37,960
So Python 3 that works ti shock.

49
00:04:38,670 --> 00:04:41,400
Hopefully we'll see some captures.

50
00:04:41,400 --> 00:04:42,410
There you go.

51
00:04:42,510 --> 00:04:52,200
So t shock is now installed pie shock is installed so I mean to delete that link and connect the P.C.

52
00:04:52,220 --> 00:05:01,550
directly to gigabit 00 on the switch because Port merging is happening from this interface to this interface.

53
00:05:01,550 --> 00:05:10,740
So let's go back to the client and make sure that it's seeing the traffic so ti shock.

54
00:05:10,760 --> 00:05:12,560
Are we seeing any packets.

55
00:05:12,560 --> 00:05:13,160
Yes we are.

56
00:05:13,160 --> 00:05:15,050
There is no SPF packet as an example.

57
00:05:15,060 --> 00:05:18,010
There's EAI GOP and on the road.

58
00:05:18,620 --> 00:05:28,210
As an example if I pinged one on 2 1 6 8 122 2 5 4 that's the net cloud we should see ICMP traffic assuming

59
00:05:28,210 --> 00:05:30,840
that that's working properly.

60
00:05:31,010 --> 00:05:41,730
We don't see that let's do a Let's do a ping to 2 5 5 seeming that I'm doing it right.

61
00:05:41,730 --> 00:05:48,480
Here you can see the broadcast traffic so the ICMP traffic is being sent so that's great.

62
00:05:50,410 --> 00:05:56,200
What I'll do is a lost test is ping from the tool box to the broader and make sure that that is seen

63
00:05:56,770 --> 00:06:03,040
by the T shock application so the right has got this IP address.

64
00:06:03,240 --> 00:06:03,750
I'm going to.

65
00:06:04,070 --> 00:06:09,900
Well let's do it from the boon to host from a boon to to so on a boon to to I should be able to paying

66
00:06:09,900 --> 00:06:22,280
1 on 2 1 6 8 1 22 and the IP address of the router which is 80 to so the ping succeeds and on a boon

67
00:06:22,280 --> 00:06:23,930
to one we should see

68
00:06:27,110 --> 00:06:29,110
those ICMP packets and there you go.

69
00:06:29,120 --> 00:06:31,940
Notice I can see the ICMP messages.

70
00:06:31,940 --> 00:06:34,040
So that works great.

71
00:06:34,040 --> 00:06:34,310
Okay.

72
00:06:34,310 --> 00:06:39,460
So in the next video I'll show you how we use these python scripts to capture traffic.