How to protect your private network from break-ins | Real experiment with a hacker
ฝัง
- เผยแพร่เมื่อ 31 พ.ค. 2024
- 👾 Follow this link to book a demo: sumsub.com/free-demo/
In this video, you’ll find out about how sniffing with twisted pairs works and what danger it poses to your data.
Sniffing is a kind of attack that involves listening in our data, transmitted through the network. Hackers can, with the help of special tools or software, eavesdrop on traffic and watch in real time what information is coming in and out of the computer.
Your passwords, documents, photos, any and everything could end up in the hands of another person.
For some reason, people often think that this requires some kind of expensive tools or equipment. But in this video you’ll see how hackers can eavesdrop on network traffic using simple crocodile clips. Most importantly, we’ll show you how to stay protected against these kind of attacks.
👾 More about us:
sumsub.com
/ sumsubcom
/ sumsubcom
/ admin
Timecodes:
00:00 The hacker is in search of a victim
02:01 Let’s start with the theory, what is RJ45
03:02 How information travels through the wires
04:13 How a hacker ‘sniffs’ information. Let’s start to assemble our tools!
05:20 How the attack works, as shown on our special testbed
06:20 Listening to outgoing traffic
09:20 Using a special script to search for sensitive information
11:40 Listening to the outgoing traffic and intercepting valuable data
13:47 The vulnerabilities of sniffing attacks and how to protect yourself against them
18:28 What measures do we take to protect data at Sumsub?
#sniffingattack #hardwaresniffingattack #howtohack #ethicalhacking #maninthemiddle #capturetraffic #rj45 #twistedpair #ethernetcable #cybersecurity #sumsub - วิทยาศาสตร์และเทคโนโลยี
![[4K] TREASURE(트레저) “KING KONG” Band LIVE Concert 킹콩은 라이브를 찢어🦍 [it’s KPOP LIVE 잇츠라이브]](http://i.ytimg.com/vi/p8bLLOxPDD8/mqdefault.jpg)
This is pretty old stuff guys. I personally have not seen a Vampire Tap device since the early 90s. Also with the rise of SSL and TLS for mail transport this is not going to work at least for raw sniffing anyway. Cool video though.
Thats why you MITM with this and decrypt the SSL. Too easy. Either way, yes there are better attack vectors, but if you had time, and the correct place to do this, like an accessible basement, with a tap, and some specific hardware you would leave in place that I won't name, This could indeed be very effective.
@@phillipgilligan8168 how do you plan on decrypting the SSL traffic without the private key? Granted there are some tools where you can strip SSL out of a session but the end-users going to know.
@@LP-fy8wr your MitM proxy replaces the ssl cert so you actually own the private key in that configuration.
Look for “Mitmproxy” also, never use these kinds of tools on systems you don’t own. (Sorry had to add a disclaimer there)
Oh cmon. Pentestish hispsters and opensource nerds were all over Throwing Star TAP just several years ago.
@@LP-fy8wr you would not believe how many users will click "whatever, just get me to the site". Not to mention that you actually can make it TLS again. All this cryptomumbojumbo is good, but cert managing infrastructure is really bad. It's so bad, I actually think it was made this way by design by some NSA or whatever. Getting your hands on "good" certificate is not as hard as one would've expect. And after that the only thing standing between you and plaintext would be cert pinning, which is like a dad who went for a pack of cigaretts twenty years ago. Downgrading TLS is still a thing too, as far as I can tell. So yeah, mitm is still possible in modern internets. Although I have no idea why this dude invoked mitm in context of passive sniffing.
The point is to do this after the router. There is no point doing this before the router (in the company's LAN). Since you're already in the company, no need to cut cables. In a pentest scenario you want to get it and get out as stealthy as possible.
Many years ago, a telco I worked for had a large office building in a city, they decided this building was no longer suitable so they moved over to a new one. One of our competitors ended up taking over the old office building.
Then one of our techs had a startling realisation, that building was fed with fibre, and there would have been all the necessary associated equipment in there, as in fibre to the corporate network as opposed to the internet.
So one of our techs paid a visit (high, just chasing a phone fault, can we have the basement keys) and yes it was all still there, powered up, gigabit feeds of all our internal corporate systems...... not for long......
That's what you get from a building full of sales execs etc. no technical knowledge at all.
RJ-45 is not a cable, it's a type of connector for utp/stp cable like CAT5, CAT5E, CAT6 and so on.
Why hide the commands? This basic stuff can be easily found. Information wants to be free. This is just silly as there are legitimate reasons for sniffing packets. I do it all the time as part of my job. Come on no one is using FTP or telnet where passwords are sent in clear text any more.
exactlyyyyy
TH-cam will often ban videos that show exactly how this kind of stuff is done
@@solarsombrero227 they only ban videos involving dishonest behavior, but learning network sniffing can be used for good... Usually I just see channels like these mention that it's for educational purposes or whatever and mention it's illegal to do it without permission.
Same reason why hacking is taught in general. The black-hats already have their resources for learning this stuff.
@@solarsombrero227 just put a "for educational purposes only"
Well, he's got liability. We don't, we can just share what he has to censor lol
Not a bad video but I must say, I do miss the amazing quality you used to produce with Bradley with those sets.
Thank you for the hard work you put into making this video.
Glad you enjoyed it!😊
Splicing into a cable is definitely detectable since the attenuation of the signal will increase.
where can I purchase a device that will detect signal attenuation that will send me a notification when it happens and alert me to which cable it is?
@@josephzajdler home routers have the hardware for it but not the software
Great video, very informative without being too informative. I’m glad Seytonic gave you a shout out, definitely going to sub. Keep up the great work.
Thanks a lot! Glad to hear that! 🥰
Perfeito , parabéns pela iniciativa !!!
I remember a late 90s LAN party. A heavy kiddo sat in the corner, smirking. I walked over and sat down next to the pale, bespectacled boy. When his blubber had stopped jiggling after to our seated collision, he lifted his meaty arm and pointed at the screen. He was running something named Lunix. His screen was full of terminals. He adjusted his glasses and took a breath from his asthma inhaler, before finally speaking. "See that? I have ARP poisoned the network. All traffic is routed through my computer. See those website passwords scrolling on the screen? That's people on this network who are logging into websites." I was too impressed to report him to anyone.
Loving the description, very immersive
thanks for your tutorial i really enjoyed it
This is an amazing video! I learned a lot, thank you!
Glad you enjoyed it !
Great explanation
I regularly convince your id verification system that photoshopped IDs I make are real.
Hey! Thanks for your comment 🙂 We constantly improve our products and take into consideration any feedback. In order to provide a detailed answer to you we'd like to take a closer look at your case. Please share it with us by dropping us an email at Pr@sumsub.com
it's honestly easier to infect a client.. great content tho!!
I love your videos, such a quality
Thank you so much!
This thing is awesome. I'm digging it!
Hey! Glad that you like it ☺
Hackers rarely work locally, this is more for companies that are afraid of industrial espionage
i prefer these longer videos so very much more to the shorts.
Hey! Thanks for your comment! We also love the long format and we're not going to stop producing it 😊
Thank you sir 🙏
it was kinda fun filling in the blanks when watching this, like a shout-out at a Pantomime
pretty nice.. thanks.. gotta love kodachi too :)
I like how they censor the software as if you couldn't just google lol
Makes it more MYSTERIOUS, ooohh !!
Its for arse covering. TH-cam has policies against making instructional hacking videos
@@jameswalker199 correct - it is a TH-cam restriction - nothing more.
Good for them. God forbid some Karen gets their channel taken down.
great content!
i want this man to make audiobooks so i can fall asleep to his voice
Hex editors are so much fun!
Thank you for your vide, but My question is: WHat kind of phone do you use for this operation ?Thanks
Amazing content!
Glad you enjoyed it😊
small note. at the start of the video the comments on the bash shell are C comments not bash comments.
without looking at the channel that uploaded, and only reading the video name in my subscription feed, I thought this was going to be an onion video about avoiding Joe Biden Sniffing Attacks
Thanks for this video its very imformative but how you connect crocodile to that green cable if you dont cut that plastic around cable
Useful informations, thanks for the video.
Happy it was helpful!🎉
As a pentester I believe that it would be interesting see the complete commands or some suggestion about proper documentation.
As a pentester, you should know these commands as you use them every day
@@jameswalker199 As it pertains to this video, what commands would those be, that you think everyone should know?
Great video
doing this in my college networking class.. great stuff
Hacking?
@@ahmedmahomed working with RJ45 and Cat5E cabling, exploiting things and breaking them down can give you a greater understanding of how they work and how data is transferred through them.
@@ahmedmahomed *listening on the network*
@Ahmed Mahomed
Yes. There are hackers that get paid by companies to hack them, then produce an exhaustive writeup on all their security failings, that way the company can clean up the low hanging fruit and make their systems more secure. Its called penetration testing, or more generally, whitehat hacking.
There's also blackhats, who are malicious hackers, greyhats, that sit somewhere in the middle, hacking just for fun but usually telling the victim if they find anything serious, and greenhats, who are only in it for the money, normally doing penetration testing and bug bounties, but they aren't afraid of selling malware if the bug bounty doesn't pay well.
Great video! Makes it’s easy to understand for the average joe. My only gripe is nitpicking. But it’s bugging me how he keeps calling it an rj45 cable. It’s a copper twisted pair cable or more specifically, likely a cat5, cat5e or cat6 cable
RJ45 refers to the connector, cat5,6 etc refers to the cable itself.
Based on the fact that there is not a noticeable divider I would have to say it’s cat 5 or cat 5e
My dear brother, if you continue in this way, the channel will grow. Yes, this is the type of videos that we want. Continue and we will support you
We really going to redact things like wireshark lol? Come on now. Either way, loved the way the video was edited and the cadence of the video. Despite people feeling one way or another, it was creative and cool. Thanks for the video.
I really like your video tutorials
A bad actor can just store the SSL encrypted network traffic and wait few years for the quantum computing to get cheaper. For example, they can track network of government officials, since there influence will not go away in few years, it makes sense.
Hi!
What distro are you using?
Hope you upload uncensored video on Patreon or smthng 🌟
good job
I didn't understand how you can read the data without connecting the crocodile cable. You only clipped them but didn't connect them.
Of course when someone cuts pairs to turn 1000 MB in to 100 MB that may be enough to get some people to take a look at their network if it goes on too long. They might go to the room where they have the router looking for a bad cable. If they are smart enough they might even look at exposed cables if there are any. You can also run your cables in conduits to make things harder to mess with. That won't make it impossible at all but it might make them move on to an easier target unless they are after you specifically for some reason.
Awesome
Good content, ethernet line connect can detect but I looking at how they do as method and other prevention.
Hey, can you tell me the laptop (the front at thinkpad) model ? I interested with the design.
10:00 tcpdump?
Very helpful and informative, subscribed and liked, thank you please do more.
Thanks mate! Check out our new video about drone hacking :)
Specialist in cybersecurity sounds like another name for whitehat hackers to me
I didn't understand a thing but it was a good video
Sniffing on fiber cables was done 40 years ago. So no, Not Secure either. The only secure method is encryption
Can we physically eavesdrop on fiber optic cables using light sensors?
Best cable cut, optimal and simple hacker's set. TY!
// also, thank you for good quality of information
// handy script =)
Dd are u frm❤ 🇷🇺
This is the best Vidéo
which app did you use on an android phone
2:42 - wow! I knew from this video which color in Ethernet cable wires for what! 😀
This is no problem. Every modern service uses ssl. Even if you hijack the traffic in middle you won't be able to decipher it.
It's ok to call yourself a hacker if you're cybersecurity specialist and know how to pen test. People will misunderstand though that's for sure. EC-Counsel, who offers the Ethical Hacker certifications, offers the exact same cert by an alternative name. In case you worry about making a potential employer nervous by having the word "hacker" refer to you on your resume 🤣.
great video, but why the comments so negative
Hey! Thanks a lot! Really happy to hear that you liked it.😍 Recently, we've been going through some changes and some of our old fans are not happy about it. However, we really appreciate every feedback, it helps us to become better
Tipping an ethernet cable is already ass enough, imagine now adding aligator clips to each wire and then connecting it to each wire of the tapped device without crossing any of them. Unrealistic
12:26 "excessive spending on toilet paper" - Elliot
Waittttt, you used the green pair which is the tx wires, you should have used the orange pair on the sniffer cable....
What about those internet cables poking out of buildings?
Interesting but I don't like all the censorship, can't finish watching.
Do you have any courses I can buy?
So you're willing to get the viewing audience most of the way there in terms of understanding but there's a little bit of homework at the end. That's job security right there.
This had so many errors..
Analyze them
If you have physical access a hacker wouldn't typically do something like this. This is probably how people hacked in the 90s-early 2000s. There are so many other modern ways to accomplish the same thing. There are so many legit videos about hacking on youtube I am not quite sure why you're hiding things.
They are hiding things for arse covering. TH-cam policy says you can't make instructional hacking videos.
Also, this is simple for a noob audience, since it gets people to think about what's around them and how it can actually be abused. Hacking isn't magic, it just looks like magic if you squint at it from a distance, so seeing real hacking close up, even if its old techniques, demystifies it.
Modern things like USB Rubber Duckies are fun, but if you aren't used to thinking about how to use things in unconventional ways, it'll just look like a magic USB stick.
Scenario for early 2000 situations, not for today. It's like guide , HOw to break into WiFi secured with WEP key.
the top third of the screen looks like wireshark
Bro they just steal my stuff and replace it with garbage from the courts. They think I can't tell the difference but the materials the device that I purchased are completely different in texture and weight. I'm not going to a judge just to complain about espionage.
You should seriously consider whether you have schizophrenia
the glitch noises were haxking my brain
I know which program was used at 9:36, network engineers actually use it all the time 🤭. Other than that, I'll keep quiet about it though. While this kind of attack seems highly impractical to me and probably no longer part of a hacker's contemporary toolbox, the video nonetheless goes into a lot of detail on a lot of the more advanced concepts one must grasp before mounting an attack. That makes it an information goldmine regardless!
Agree
Wireshark
It’s tcpdump. Same deal, but cli based.
I liked this video until he started to censor some words and commands, that's really dramatic and paranoid, how this video could prevent attacks that are deprecated? That's no sense...
Nice phone you got there.... What is it? 🧐
even if you got in to the building to see these cables good luck identifying witch one is your target
cool analog nmap
"now optics are the most widely used"
Uh, where do you live that fiber optic cables outnumber ethernet cables?
A few things mate.
Hackers are cybersecurity specialist as far as i know.
Why do you fail to mention offensive security is a thing in your intro?
Take so much
Excellent video
omg this video make my life... THX SO MUCH 💖
Awesome bro
what are the names of the programs and software that were censored?
Would be a shame if somebody name dropped: wireshark, tcpdump and python-impacket.
I have a doubt if we sniff the packet it is encrypted with hash than burtforce takes a lot of time to decrypt it...
Cuz it could be md5 hash the most common.
Also the attack fail if the ethernet is in monitoring.(The flow of e-)
Right?
Actually i take back my previous comment this description is tragic
What is the script and what is it called?
2:08 emag lmao
Ja :))) Fiverr roman oare?
The sniffing you mention can happen with WiFi also so please don't anyone think you are safe just because you use WiFi. WiFi is worse even because someone just has to get close!!
Me after learning this: all right, next stop Valve HQ.
We're getting Half life 3 this time boys
maybe clarify how long and time consuming a dictionary attack can take.
Wow great info,tQ sir
yea
A guy talking in"Londonish",Credibility level = 0%
Anti-newbie video ON 😂
Vamp Taps, huh? Guess they are still around.
They will look at mine and instantly deleted what they seen from there computer