1 00:00:03,820 --> 00:00:11,040 So let's see how we can gain full control and get an interpreter session from the target's computer. 2 00:00:11,050 --> 00:00:15,610 So again we're going to go on the commands and we're going to go into social engineering. 3 00:00:15,640 --> 00:00:21,430 There's actually a number of ways that you can use in here to get a reverse shell now. 4 00:00:21,430 --> 00:00:25,770 It all depends on how you want to make your social engineering attack. 5 00:00:25,950 --> 00:00:31,510 But we're going to use We're going to use an notification bar effect notification bar and we're using 6 00:00:31,510 --> 00:00:37,600 Firefox because our target is runs on Firefox or are using Firefox. 7 00:00:37,610 --> 00:00:43,160 So what this will do it'll basically tell the user it will display a notification bar tell the user 8 00:00:43,160 --> 00:00:47,960 that there is a new update or there is a plugin that you need to install once they install the plug 9 00:00:47,960 --> 00:00:48,360 in. 10 00:00:48,410 --> 00:00:52,930 Then they'll actually install a backdoor and he'll give you full access to their computer. 11 00:00:52,970 --> 00:00:56,960 So the way we're going to do this is we're going to use the same back door that we always created and 12 00:00:56,960 --> 00:00:57,870 we've been using. 13 00:00:58,040 --> 00:01:07,940 Now I actually have it stored in my web server so I have it stored and wired with the e-mail. 14 00:01:08,200 --> 00:01:15,130 And I have it's called update ATX but it's the same by doing the same reverse interpreter that we used 15 00:01:15,130 --> 00:01:15,760 before. 16 00:01:17,890 --> 00:01:20,690 So I'm going to give the full address with here. 17 00:01:20,710 --> 00:01:22,030 So it started in 18 00:01:25,000 --> 00:01:36,540 10 20 worth in 0 7 that's my actual IP and the name of the file is of the ATX the. 19 00:01:36,720 --> 00:01:41,700 And then the notification and investigation is just saying there is an additional plugin that needs 20 00:01:41,700 --> 00:01:45,810 to be installed to display some elements on this page. 21 00:01:45,810 --> 00:01:52,470 Now you can change this and just say am critical update for Firefox. 22 00:01:52,480 --> 00:01:57,270 Click here to install. 23 00:01:57,400 --> 00:01:58,590 So I'm going to hit execute 24 00:02:01,900 --> 00:02:06,130 and if we go into Target you can see that they're getting a message telling them that there is a new 25 00:02:06,130 --> 00:02:11,320 update for Firefox and click here to download and install so that the average person will be like oh 26 00:02:11,320 --> 00:02:12,670 you need to install this. 27 00:02:12,670 --> 00:02:18,900 So they download it and now basically they have a backdoor downloaded on their machine. 28 00:02:18,950 --> 00:02:24,050 Once they try to run this backdoor to install the update they think it's an update but they'll actually 29 00:02:24,050 --> 00:02:29,090 run a backdoor which will give us full access to their computer before we run them back to where I need 30 00:02:29,090 --> 00:02:31,840 to listen on the port exactly like we did before. 31 00:02:31,850 --> 00:02:35,800 So I'm just going to do show options here to show you I'm not going to go through all the steps. 32 00:02:35,810 --> 00:02:38,180 It's use my test right Monte had there. 33 00:02:38,480 --> 00:02:41,980 Same way we did it in the video of listening for portes. 34 00:02:42,060 --> 00:02:45,320 So we're using arbitrary versus ETP. 35 00:02:45,360 --> 00:02:47,560 I have my IP and the port. 36 00:02:47,790 --> 00:02:53,690 So I'm just going to exploit and I'm listening for the connections now. 37 00:02:53,700 --> 00:02:56,400 Now let's run the update that we just downloaded. 38 00:03:06,270 --> 00:03:10,120 And if we go on the target you can see that we got full control over it. 39 00:03:10,120 --> 00:03:15,640 Use an amateur Peter session. 40 00:03:15,670 --> 00:03:22,630 Now again this is just an example of one way of gaining full control over the third computer. 41 00:03:22,630 --> 00:03:25,110 There's a number of ways that you can do use and be. 42 00:03:25,320 --> 00:03:30,880 And there is a number of social engineering attacks that you can do to gain full access on the target 43 00:03:30,880 --> 00:03:31,800 computer. 44 00:03:32,170 --> 00:03:38,020 So again I highly recommend you go over to the plugins and experiment with them and see what attacks 45 00:03:38,020 --> 00:03:38,800 you can come up with.