1 00:00:00,420 --> 00:00:04,040 Now we're ready to receive connections from our back door. 2 00:00:04,080 --> 00:00:10,110 So we created the back door we set a payload and we're listening for incoming connections here from 3 00:00:10,170 --> 00:00:15,160 any connection that comes in from the same back door on the same pair apart on the same IP. 4 00:00:15,510 --> 00:00:22,590 So now if a person runs that back door will receive the connection back in here on this computer what 5 00:00:22,590 --> 00:00:27,970 we're going to do now is we're going to test the backdoor to make sure that it works and to do that. 6 00:00:27,990 --> 00:00:33,900 We're going to use a very basic delivery method later on in the course we're going talk about smart 7 00:00:33,900 --> 00:00:39,080 delivery methods that will trick the person into opening the file that we're sending to them. 8 00:00:39,090 --> 00:00:46,440 For now we're just doing a very basic example just to test our very basic backdoor so to do that we're 9 00:00:46,440 --> 00:00:49,520 just going to put the back door on our web server. 10 00:00:50,710 --> 00:00:53,080 And then download it from the target's computer. 11 00:00:53,080 --> 00:00:57,940 So there is nothing smart about this and you probably can't use this way to deliver the backdoor to 12 00:00:57,940 --> 00:00:58,870 a real person. 13 00:00:58,930 --> 00:01:03,430 So we're only doing this for testing to make sure our backdoor works. 14 00:01:03,430 --> 00:01:07,420 So Carly comes in with a web server. 15 00:01:07,420 --> 00:01:11,580 And what that means basically you can use Kelly as a web site. 16 00:01:11,590 --> 00:01:16,240 So what we're going to do is we're going to put that backdoor and that Web site and then just download 17 00:01:16,240 --> 00:01:18,810 it from the target Windows machine. 18 00:01:18,820 --> 00:01:23,600 Now the Web site directory where you should start the website's files is Vire. 19 00:01:23,620 --> 00:01:26,160 W w w DML. 20 00:01:26,350 --> 00:01:28,230 So let's show you where it is now. 21 00:01:28,240 --> 00:01:35,380 If we if you just click in here on the path and then put a forward slash it'll allow you to type to 22 00:01:35,380 --> 00:01:38,320 manually type the path that you want to go to. 23 00:01:38,320 --> 00:01:43,500 So you want to go to var w w w hash DML 24 00:01:46,350 --> 00:01:50,400 and this is the location where the website files are stored. 25 00:01:50,640 --> 00:01:55,620 No for you you'll probably only have indexed that hasty M-L you want to have all of that stuff but that's 26 00:01:55,620 --> 00:01:59,670 just stuff that I created while I was testing a few things. 27 00:01:59,730 --> 00:02:06,770 So the index is the main page that people usually see when they browse to this website. 28 00:02:07,030 --> 00:02:12,280 So what I'm going to do here is I'm going to first of all create a directory and I'm going to call it 29 00:02:12,310 --> 00:02:13,730 evil files. 30 00:02:13,780 --> 00:02:19,450 So every time we create a backdoor or a key logger we're going to put it in here and then download it 31 00:02:19,450 --> 00:02:21,260 in the Windows machine to test it. 32 00:02:21,580 --> 00:02:27,180 And again later on in the delivery method section we're going to talk about smart delivery methods. 33 00:02:27,220 --> 00:02:32,080 For now we're only going to be creating the evil files and test them to make sure that they work as 34 00:02:32,080 --> 00:02:33,060 expected. 35 00:02:33,430 --> 00:02:35,970 So I'm going to call this directory evil files 36 00:02:40,390 --> 00:02:46,560 and inside it I'm going to put the Pachter that we created before. 37 00:02:46,660 --> 00:02:53,260 So the backdoor that we created was made using vild evasion and evasion actually gave us the full path 38 00:02:53,260 --> 00:02:54,610 of it when we created it. 39 00:02:54,610 --> 00:02:59,130 If you remember or you can go back now to the lecture and have a look on it. 40 00:02:59,150 --> 00:03:02,550 So I'm just going to press control t to open a new tab. 41 00:03:02,780 --> 00:03:08,870 And then again I'm going to click on the men on the path in here and I'm going to put forward slash 42 00:03:08,870 --> 00:03:12,410 to manually enter the path and then we're going to go to var 43 00:03:15,830 --> 00:03:16,730 Ville evasion 44 00:03:20,020 --> 00:03:21,430 comp.. 45 00:03:21,830 --> 00:03:30,420 Hit enter and you'll see the back door that I created right here and renamed it throve hasty CPS A-380. 46 00:03:30,800 --> 00:03:35,790 So I'm going to copy this and paste it in here 47 00:03:38,950 --> 00:03:39,520 and that's it. 48 00:03:39,520 --> 00:03:46,810 Now we can download this file from the Web site that Cal uses that Kelly has now to start the web server 49 00:03:46,840 --> 00:03:48,270 to start the Web site. 50 00:03:48,310 --> 00:03:59,310 We have to start service from the command prompt and to do that we're going to do service Apache to. 51 00:03:59,480 --> 00:04:03,290 So the command is service to start the service. 52 00:04:03,290 --> 00:04:06,210 Apache 2 is the name of the web server. 53 00:04:06,590 --> 00:04:09,710 And then we want to start this web server. 54 00:04:09,710 --> 00:04:17,870 I'm going to hit enter and because we didn't get any errors that means the command got executed properly. 55 00:04:17,870 --> 00:04:26,330 Now everything is done so the IP of the machine was 10 20 14 to 30 and it's the same IP that we're listening 56 00:04:26,330 --> 00:04:30,630 here and it's the same IP that you'd get if you were on ifconfig. 57 00:04:31,310 --> 00:04:37,760 So I'm going to go to my Windows machine and I'm going to navigate to my IP address of the Kalli machine 58 00:04:38,210 --> 00:04:46,530 which is 10 2014 to 13 and this will open the basic index that takes them that I showed you. 59 00:04:46,660 --> 00:04:52,960 And it basically just says it works tell us that the web server is working and the Web site is working. 60 00:04:52,960 --> 00:04:55,510 This is all inside Vire. 61 00:04:55,540 --> 00:04:57,940 W w w d l. 62 00:04:58,540 --> 00:05:05,920 So if I wanted to go to the directory where we put the doctor then we're just going to go to evil files 63 00:05:05,950 --> 00:05:09,590 because we coded evil files. 64 00:05:09,720 --> 00:05:15,150 I'm going to hit enter and you can see the back door that we created in the previous lecture and we 65 00:05:15,150 --> 00:05:18,390 call the trepanation disappears A-380. 66 00:05:18,420 --> 00:05:21,300 So if I click on that it's going to download it for me. 67 00:05:21,510 --> 00:05:26,330 And like I said before this this is not the smartest way to deliver the backdoor. 68 00:05:26,340 --> 00:05:31,950 But right now all we want to do is just to test the backdoor and make sure that it works. 69 00:05:31,950 --> 00:05:38,580 So if I click on the download and run the backdoor it's going to tell me that this is an executable 70 00:05:38,580 --> 00:05:40,170 so be careful when you run it. 71 00:05:40,320 --> 00:05:42,900 But this is not detection of a virus. 72 00:05:42,900 --> 00:05:48,070 It's actually just saying be careful when you're on the X is going right anyway. 73 00:05:48,720 --> 00:05:55,890 And once we come back here you'll see that we received a connection from the target machine. 74 00:05:55,890 --> 00:05:58,450 So we didn't connect to the target computer. 75 00:05:58,590 --> 00:06:01,650 The target computer connected back to us. 76 00:06:01,830 --> 00:06:09,060 So you can see the IP of the target computer which is 10 24000 to 0 6 and that IP connected back to 77 00:06:09,060 --> 00:06:12,880 us on port 80 80 right here. 78 00:06:14,280 --> 00:06:20,100 So basically now we have full control over that computer right here you can see that we have a Peter 79 00:06:20,160 --> 00:06:21,270 session. 80 00:06:21,270 --> 00:06:27,560 And what Mr. Peter allows to do is literally do anything that the user can do on their computer. 81 00:06:27,600 --> 00:06:32,310 So we'll see how we can use the interpreter later on in the post connection attacks. 82 00:06:32,310 --> 00:06:37,560 For now we can see that the back door is working and if we do this info 83 00:06:40,740 --> 00:06:49,170 you can see that we are inside the M-S edge Windows 10 machine windows and right here it's x 64. 84 00:06:49,170 --> 00:06:55,740 It uses English US and its uses interpreter 86 for Windows. 85 00:06:56,160 --> 00:07:01,470 So as I said Now we can do anything we want on the target machine and we'll talk about how to use the 86 00:07:01,470 --> 00:07:04,730 Matel Peter later on in the post connection section. 87 00:07:04,830 --> 00:07:11,330 But again basically right now we have to target computer and we have full control over it.