1
00:00:00,420 --> 00:00:04,040
Now we're ready to receive connections from our back door.

2
00:00:04,080 --> 00:00:10,110
So we created the back door we set a payload and we're listening for incoming connections here from

3
00:00:10,170 --> 00:00:15,160
any connection that comes in from the same back door on the same pair apart on the same IP.

4
00:00:15,510 --> 00:00:22,590
So now if a person runs that back door will receive the connection back in here on this computer what

5
00:00:22,590 --> 00:00:27,970
we're going to do now is we're going to test the backdoor to make sure that it works and to do that.

6
00:00:27,990 --> 00:00:33,900
We're going to use a very basic delivery method later on in the course we're going talk about smart

7
00:00:33,900 --> 00:00:39,080
delivery methods that will trick the person into opening the file that we're sending to them.

8
00:00:39,090 --> 00:00:46,440
For now we're just doing a very basic example just to test our very basic backdoor so to do that we're

9
00:00:46,440 --> 00:00:49,520
just going to put the back door on our web server.

10
00:00:50,710 --> 00:00:53,080
And then download it from the target's computer.

11
00:00:53,080 --> 00:00:57,940
So there is nothing smart about this and you probably can't use this way to deliver the backdoor to

12
00:00:57,940 --> 00:00:58,870
a real person.

13
00:00:58,930 --> 00:01:03,430
So we're only doing this for testing to make sure our backdoor works.

14
00:01:03,430 --> 00:01:07,420
So Carly comes in with a web server.

15
00:01:07,420 --> 00:01:11,580
And what that means basically you can use Kelly as a web site.

16
00:01:11,590 --> 00:01:16,240
So what we're going to do is we're going to put that backdoor and that Web site and then just download

17
00:01:16,240 --> 00:01:18,810
it from the target Windows machine.

18
00:01:18,820 --> 00:01:23,600
Now the Web site directory where you should start the website's files is Vire.

19
00:01:23,620 --> 00:01:26,160
W w w DML.

20
00:01:26,350 --> 00:01:28,230
So let's show you where it is now.

21
00:01:28,240 --> 00:01:35,380
If we if you just click in here on the path and then put a forward slash it'll allow you to type to

22
00:01:35,380 --> 00:01:38,320
manually type the path that you want to go to.

23
00:01:38,320 --> 00:01:43,500
So you want to go to var w w w hash DML

24
00:01:46,350 --> 00:01:50,400
and this is the location where the website files are stored.

25
00:01:50,640 --> 00:01:55,620
No for you you'll probably only have indexed that hasty M-L you want to have all of that stuff but that's

26
00:01:55,620 --> 00:01:59,670
just stuff that I created while I was testing a few things.

27
00:01:59,730 --> 00:02:06,770
So the index is the main page that people usually see when they browse to this website.

28
00:02:07,030 --> 00:02:12,280
So what I'm going to do here is I'm going to first of all create a directory and I'm going to call it

29
00:02:12,310 --> 00:02:13,730
evil files.

30
00:02:13,780 --> 00:02:19,450
So every time we create a backdoor or a key logger we're going to put it in here and then download it

31
00:02:19,450 --> 00:02:21,260
in the Windows machine to test it.

32
00:02:21,580 --> 00:02:27,180
And again later on in the delivery method section we're going to talk about smart delivery methods.

33
00:02:27,220 --> 00:02:32,080
For now we're only going to be creating the evil files and test them to make sure that they work as

34
00:02:32,080 --> 00:02:33,060
expected.

35
00:02:33,430 --> 00:02:35,970
So I'm going to call this directory evil files

36
00:02:40,390 --> 00:02:46,560
and inside it I'm going to put the Pachter that we created before.

37
00:02:46,660 --> 00:02:53,260
So the backdoor that we created was made using vild evasion and evasion actually gave us the full path

38
00:02:53,260 --> 00:02:54,610
of it when we created it.

39
00:02:54,610 --> 00:02:59,130
If you remember or you can go back now to the lecture and have a look on it.

40
00:02:59,150 --> 00:03:02,550
So I'm just going to press control t to open a new tab.

41
00:03:02,780 --> 00:03:08,870
And then again I'm going to click on the men on the path in here and I'm going to put forward slash

42
00:03:08,870 --> 00:03:12,410
to manually enter the path and then we're going to go to var

43
00:03:15,830 --> 00:03:16,730
Ville evasion

44
00:03:20,020 --> 00:03:21,430
comp..

45
00:03:21,830 --> 00:03:30,420
Hit enter and you'll see the back door that I created right here and renamed it throve hasty CPS A-380.

46
00:03:30,800 --> 00:03:35,790
So I'm going to copy this and paste it in here

47
00:03:38,950 --> 00:03:39,520
and that's it.

48
00:03:39,520 --> 00:03:46,810
Now we can download this file from the Web site that Cal uses that Kelly has now to start the web server

49
00:03:46,840 --> 00:03:48,270
to start the Web site.

50
00:03:48,310 --> 00:03:59,310
We have to start service from the command prompt and to do that we're going to do service Apache to.

51
00:03:59,480 --> 00:04:03,290
So the command is service to start the service.

52
00:04:03,290 --> 00:04:06,210
Apache 2 is the name of the web server.

53
00:04:06,590 --> 00:04:09,710
And then we want to start this web server.

54
00:04:09,710 --> 00:04:17,870
I'm going to hit enter and because we didn't get any errors that means the command got executed properly.

55
00:04:17,870 --> 00:04:26,330
Now everything is done so the IP of the machine was 10 20 14 to 30 and it's the same IP that we're listening

56
00:04:26,330 --> 00:04:30,630
here and it's the same IP that you'd get if you were on ifconfig.

57
00:04:31,310 --> 00:04:37,760
So I'm going to go to my Windows machine and I'm going to navigate to my IP address of the Kalli machine

58
00:04:38,210 --> 00:04:46,530
which is 10 2014 to 13 and this will open the basic index that takes them that I showed you.

59
00:04:46,660 --> 00:04:52,960
And it basically just says it works tell us that the web server is working and the Web site is working.

60
00:04:52,960 --> 00:04:55,510
This is all inside Vire.

61
00:04:55,540 --> 00:04:57,940
W w w d l.

62
00:04:58,540 --> 00:05:05,920
So if I wanted to go to the directory where we put the doctor then we're just going to go to evil files

63
00:05:05,950 --> 00:05:09,590
because we coded evil files.

64
00:05:09,720 --> 00:05:15,150
I'm going to hit enter and you can see the back door that we created in the previous lecture and we

65
00:05:15,150 --> 00:05:18,390
call the trepanation disappears A-380.

66
00:05:18,420 --> 00:05:21,300
So if I click on that it's going to download it for me.

67
00:05:21,510 --> 00:05:26,330
And like I said before this this is not the smartest way to deliver the backdoor.

68
00:05:26,340 --> 00:05:31,950
But right now all we want to do is just to test the backdoor and make sure that it works.

69
00:05:31,950 --> 00:05:38,580
So if I click on the download and run the backdoor it's going to tell me that this is an executable

70
00:05:38,580 --> 00:05:40,170
so be careful when you run it.

71
00:05:40,320 --> 00:05:42,900
But this is not detection of a virus.

72
00:05:42,900 --> 00:05:48,070
It's actually just saying be careful when you're on the X is going right anyway.

73
00:05:48,720 --> 00:05:55,890
And once we come back here you'll see that we received a connection from the target machine.

74
00:05:55,890 --> 00:05:58,450
So we didn't connect to the target computer.

75
00:05:58,590 --> 00:06:01,650
The target computer connected back to us.

76
00:06:01,830 --> 00:06:09,060
So you can see the IP of the target computer which is 10 24000 to 0 6 and that IP connected back to

77
00:06:09,060 --> 00:06:12,880
us on port 80 80 right here.

78
00:06:14,280 --> 00:06:20,100
So basically now we have full control over that computer right here you can see that we have a Peter

79
00:06:20,160 --> 00:06:21,270
session.

80
00:06:21,270 --> 00:06:27,560
And what Mr. Peter allows to do is literally do anything that the user can do on their computer.

81
00:06:27,600 --> 00:06:32,310
So we'll see how we can use the interpreter later on in the post connection attacks.

82
00:06:32,310 --> 00:06:37,560
For now we can see that the back door is working and if we do this info

83
00:06:40,740 --> 00:06:49,170
you can see that we are inside the M-S edge Windows 10 machine windows and right here it's x 64.

84
00:06:49,170 --> 00:06:55,740
It uses English US and its uses interpreter 86 for Windows.

85
00:06:56,160 --> 00:07:01,470
So as I said Now we can do anything we want on the target machine and we'll talk about how to use the

86
00:07:01,470 --> 00:07:04,730
Matel Peter later on in the post connection section.

87
00:07:04,830 --> 00:07:11,330
But again basically right now we have to target computer and we have full control over it.