1
00:00:00,390 --> 00:00:01,030
Welcome back.

2
00:00:01,530 --> 00:00:09,030
In this video, I want to show you a cool way that you can make your executable seam and look like another

3
00:00:09,030 --> 00:00:09,450
file.

4
00:00:09,960 --> 00:00:16,350
So what I'm going to do right now is I'm going to mask our shell data that we created from the previous

5
00:00:16,350 --> 00:00:19,500
video to look like a car image.

6
00:00:20,100 --> 00:00:25,320
And what you will need for this is you're going to need a car image or basically it doesn't even have

7
00:00:25,320 --> 00:00:26,880
to be an image or a car.

8
00:00:26,880 --> 00:00:28,950
It can be any file type that you want.

9
00:00:29,250 --> 00:00:34,230
If you want to create it to be a PDF file, you can if you want to create it to be a JPEG file, you

10
00:00:34,230 --> 00:00:36,080
can just follow along.

11
00:00:36,090 --> 00:00:39,600
And the process of doing that is the same for every file type.

12
00:00:40,320 --> 00:00:41,340
So two things.

13
00:00:41,340 --> 00:00:47,070
You're going to need a file that you want your executable to look like and the executable itself.

14
00:00:47,430 --> 00:00:52,380
So this is the same payload from the previous video, which is the regular Windows interpretor Shell.

15
00:00:53,040 --> 00:00:56,940
And what I'm going to do is I'm going to copy it to the desktop real quick.

16
00:00:57,750 --> 00:01:03,690
And once you got these two files on your desktop, you are ready to go now, the first thing that we

17
00:01:03,690 --> 00:01:08,400
must do is we must make an icon file from this file.

18
00:01:08,790 --> 00:01:10,630
And how can we do that?

19
00:01:10,680 --> 00:01:17,010
Well, we can just open the Google Chrome or any search engine and type Yanji to Icko.

20
00:01:18,450 --> 00:01:25,080
You can never get to the first link in case you chose Portugal and Italy due to this convertor dot com,

21
00:01:25,560 --> 00:01:32,490
for it allows us to simply just upload our image and it'll create an icon file with that image.

22
00:01:32,730 --> 00:01:34,290
So I'm going to lower the screen.

23
00:01:36,380 --> 00:01:40,650
Then, as it says right here, drop your files, I will drop it right here.

24
00:01:41,390 --> 00:01:42,890
It will take a few seconds.

25
00:01:42,920 --> 00:01:45,940
And right here, our files should appear once it's done.

26
00:01:46,860 --> 00:01:50,130
Here it is, we can download it by pressing this arrow.

27
00:01:51,210 --> 00:01:58,080
And it will download the car that I filed for us, so I'm going to show it in folder based it on my

28
00:01:58,080 --> 00:01:59,940
desktop and now we are good to go.

29
00:02:00,210 --> 00:02:02,670
We got the car, that PMG, which is the image.

30
00:02:02,850 --> 00:02:09,570
We got this car that Icko, which we are going to use to make our executable, have this icon right

31
00:02:09,570 --> 00:02:16,890
here and we're going to merge it with this image in order for once the target executes our program.

32
00:02:17,010 --> 00:02:18,850
It also opens this image.

33
00:02:19,380 --> 00:02:20,910
Let me show you how it would look like.

34
00:02:20,970 --> 00:02:23,790
So all you want to do, you want to select these two files.

35
00:02:24,090 --> 00:02:24,450
Right.

36
00:02:24,450 --> 00:02:26,040
Click on them and click.

37
00:02:26,190 --> 00:02:27,480
Add to archive.

38
00:02:28,140 --> 00:02:30,070
Click on this right here.

39
00:02:30,090 --> 00:02:32,160
There are a few settings that we must set.

40
00:02:32,310 --> 00:02:34,920
First or high format should be zip.

41
00:02:35,790 --> 00:02:41,400
Right here, you want to check, create SFX, our hype, and here you can name your file, whatever

42
00:02:41,400 --> 00:02:41,880
you want.

43
00:02:42,030 --> 00:02:47,880
The only bad thing about this is that it will have an extension, but most of the people don't have

44
00:02:47,880 --> 00:02:52,380
extensions enabled on their Windows system, so this will not present that big of a problem.

45
00:02:52,830 --> 00:02:57,860
OK, so let's go right here and call it car seat.

46
00:02:59,030 --> 00:03:05,960
Then I want to go to the advanced tab and click right here on SFX Options, this will open this small

47
00:03:05,960 --> 00:03:09,980
window and we want to go through each step and set the settings accordingly.

48
00:03:09,980 --> 00:03:15,980
In the update tab, you want quick extract and update files and in the overwrite mode, you want to

49
00:03:15,980 --> 00:03:17,530
overwrite all files.

50
00:03:18,410 --> 00:03:22,630
Then if I go to text and I can type here who want to click on this load?

51
00:03:22,640 --> 00:03:28,670
SFX icon from the file, click on Browse, find the icon file that you just created.

52
00:03:29,150 --> 00:03:32,060
In my case, it is on my desktop, so I'm going to select it.

53
00:03:32,840 --> 00:03:35,350
Once you do that, you can move on to the next step.

54
00:03:35,360 --> 00:03:39,030
So in the lysis tab, there is nothing that we want to set here.

55
00:03:39,050 --> 00:03:41,060
Also, there is nothing that we want to set.

56
00:03:41,180 --> 00:03:48,560
If I go to the advanced nothing in modes, we want to click on hide all and unpack the temporary folder

57
00:03:49,070 --> 00:03:49,700
after it.

58
00:03:49,700 --> 00:03:52,760
In the setup, we want to write both of our file names.

59
00:03:53,060 --> 00:03:57,980
So the run after extraction, we want to type right here shell data.

60
00:03:58,460 --> 00:04:01,790
Just make sure you type the files name right here correctly.

61
00:04:02,030 --> 00:04:05,450
So Doxy is our executable end card dot.

62
00:04:05,450 --> 00:04:08,390
PMG is our image.

63
00:04:09,150 --> 00:04:09,840
OK, good.

64
00:04:10,200 --> 00:04:15,390
Under the general, nothing here to do so once you set all of those options, you can click on OK,

65
00:04:15,630 --> 00:04:18,200
and you can click right here on OK as well.

66
00:04:18,780 --> 00:04:19,980
And here it is.

67
00:04:20,250 --> 00:04:23,270
We got Kadota acce on our desktop.

68
00:04:23,910 --> 00:04:30,180
It has the icon of this image and once we go and executed, it should also open this image.

69
00:04:30,390 --> 00:04:33,180
But in the background it should also run our shelter.

70
00:04:34,260 --> 00:04:35,220
Let's test it out.

71
00:04:35,430 --> 00:04:38,640
But first we must set up our listener.

72
00:04:38,760 --> 00:04:40,230
So open terminal.

73
00:04:42,150 --> 00:04:42,900
Run MSF massive.

74
00:04:45,330 --> 00:04:53,750
Let's set up our listener, so multi handler said payload to be regular Windows interpreter reverse

75
00:04:54,210 --> 00:04:57,800
the host will be the IP address.

76
00:04:57,990 --> 00:05:02,860
My calendars, machine and outport, if I remember correctly, was five five five five.

77
00:05:03,420 --> 00:05:04,830
Now I can run this.

78
00:05:05,390 --> 00:05:09,210
This will start the listener and if I go to my desktop and execute this fall.

79
00:05:10,120 --> 00:05:16,090
Well, for some reason, it seems to have only opened this matter, but there Shell and it didn't open

80
00:05:16,090 --> 00:05:22,510
the image and this is something that happens sometimes so we can try to change some of the settings

81
00:05:22,510 --> 00:05:23,590
in order to make this work.

82
00:05:23,590 --> 00:05:26,540
But in this case, it was just a late opening.

83
00:05:26,560 --> 00:05:27,760
So here is the image.

84
00:05:27,970 --> 00:05:35,350
It opened right now for some reason that took a few seconds to just run it once again just to see whether

85
00:05:35,500 --> 00:05:37,200
it will open faster right now.

86
00:05:37,210 --> 00:05:46,060
So I will run the listener once again and open car that it still seems to take some time, even though

87
00:05:46,060 --> 00:05:47,950
our interpretor shell is open.

88
00:05:48,730 --> 00:05:56,170
So what we can do instead of this is we can, first of all, exit this shell, close this image that

89
00:05:56,170 --> 00:06:03,100
opened 10 seconds after we executed, and we can start the massive console again, delete this file

90
00:06:03,100 --> 00:06:08,670
and we are going to change one setting, which will hopefully make our file execute faster.

91
00:06:09,220 --> 00:06:11,140
So let's go once again, zip here.

92
00:06:11,140 --> 00:06:16,900
We want to name the file to be harder to see under the advance SFX options.

93
00:06:16,900 --> 00:06:19,810
And here under the setup is something that we want to change.

94
00:06:19,810 --> 00:06:27,070
The last time we specified the shell, the first right now we're going to specify that PMG first and

95
00:06:27,070 --> 00:06:33,760
under it I'm going to specify Shell that the ACCE then I'm going to click right here, hide all.

96
00:06:34,740 --> 00:06:41,310
In the general, nothing in the update, extract and update files, overwrite all files, text an icon,

97
00:06:41,550 --> 00:06:45,330
let's select our file in the license and module.

98
00:06:45,360 --> 00:06:45,900
There is nothing.

99
00:06:45,900 --> 00:06:49,110
So I just click on OK, it will create our file once again.

100
00:06:49,860 --> 00:06:51,660
Not sure why I closed the console.

101
00:06:51,660 --> 00:06:57,300
One Right now we are going to set up our listener again and multi handler.

102
00:06:59,960 --> 00:07:00,650
Interpretor.

103
00:07:03,160 --> 00:07:10,810
Said the host and the airport, we want to run it.

104
00:07:12,030 --> 00:07:16,590
Run the file and now it opens the image straight away.

105
00:07:17,280 --> 00:07:24,310
OK, so just make sure that you specify the image name first and then after it you can specify the shell

106
00:07:24,510 --> 00:07:24,850
name.

107
00:07:25,110 --> 00:07:27,810
And here we also got the interpreter session opened.

108
00:07:28,440 --> 00:07:30,140
We can execute commands as usual.

109
00:07:30,570 --> 00:07:33,000
So our program works good.

110
00:07:33,270 --> 00:07:35,280
It has an icon of an image.

111
00:07:35,580 --> 00:07:37,000
It also opens an image.

112
00:07:37,020 --> 00:07:39,480
The only problem is this extension.

113
00:07:39,630 --> 00:07:45,150
And there are some of the ways that you can fix this and make it seem like it doesn't have any extension,

114
00:07:45,420 --> 00:07:50,310
but most of those ways automatically get detected by any antivirus out there.

115
00:07:50,970 --> 00:07:51,930
OK, great.

116
00:07:52,200 --> 00:07:57,750
Now that we cover this, we are ready to finally get into the post exploitation section.

117
00:07:57,750 --> 00:08:04,530
And here we're going to go into details with the interpreter shell, what options it has and what post

118
00:08:04,530 --> 00:08:08,400
exploitation modules we can run after hacking the target.

119
00:08:08,910 --> 00:08:09,930
See you in the next video.