1
00:00:00,390 --> 00:00:01,020
Welcome back.

2
00:00:01,470 --> 00:00:03,580
Time to start coding our back door.

3
00:00:04,140 --> 00:00:08,050
So in this video, we're going to start with the base of our program.

4
00:00:08,550 --> 00:00:15,210
Remember that we must create two different programs, a server and a back door, and it doesn't matter

5
00:00:15,210 --> 00:00:16,500
with which one we start.

6
00:00:16,530 --> 00:00:20,010
So let's in this case, start coding the server first.

7
00:00:20,640 --> 00:00:23,290
We're going to code both of them simultaneously.

8
00:00:23,760 --> 00:00:29,640
So what I'm going to do is I'm going to open the terminal and remember that we have these tools directory

9
00:00:29,640 --> 00:00:30,870
from the first project.

10
00:00:31,170 --> 00:00:32,490
Let us navigate to there.

11
00:00:32,760 --> 00:00:38,160
And instead of the port scanner, we're going to make another subdirectory inside of here and call this

12
00:00:38,430 --> 00:00:39,250
back door.

13
00:00:40,350 --> 00:00:43,200
Then we are going to change the directory to the subdirectory.

14
00:00:43,210 --> 00:00:45,590
And here we are going to code our tools.

15
00:00:46,260 --> 00:00:53,520
So, as I said, let's start with server first to do that with type server that be why we open it using

16
00:00:53,520 --> 00:00:56,620
NENO and here we are going to code our project.

17
00:00:57,270 --> 00:00:59,770
So what's the first thing that we must do?

18
00:01:00,360 --> 00:01:06,810
Well, since these two programs are going to communicate with one another, they must establish a connection

19
00:01:06,810 --> 00:01:07,290
first.

20
00:01:07,560 --> 00:01:12,810
And we know that we can do that with the help of a socket library.

21
00:01:13,080 --> 00:01:17,300
So Socket allows us to initiate an Internet connection between two machines.

22
00:01:18,200 --> 00:01:19,580
So how are we going to do that?

23
00:01:19,850 --> 00:01:26,420
Well, first thing that we must do and that we also did inside of our ports scanner is we must initiate

24
00:01:26,420 --> 00:01:32,930
a socket object and I'm going to call my socket object suck inside of the server that way.

25
00:01:33,440 --> 00:01:36,140
And to initiate it, I will type socket at socket.

26
00:01:36,410 --> 00:01:38,750
So we're doing this with the help of the socket library.

27
00:01:38,750 --> 00:01:45,320
And here in the brackets, we want to specify two different parameters socket that av underscore in

28
00:01:45,320 --> 00:01:45,530
it.

29
00:01:45,920 --> 00:01:49,760
Cuma socket dot socket underscore string.

30
00:01:50,300 --> 00:01:51,650
And I know what you're thinking.

31
00:01:51,680 --> 00:01:53,780
What even are these arguments.

32
00:01:54,080 --> 00:02:00,530
Well this socketed if underscore it tells our program that we're going to make a connection over IP

33
00:02:00,530 --> 00:02:07,360
for address and the socket that stream tells of our program that we're going to use the TCP connection.

34
00:02:08,090 --> 00:02:09,440
So simple as that.

35
00:02:09,830 --> 00:02:15,120
Now the next thing that we want to do is we want to bind the IP address and the port.

36
00:02:15,910 --> 00:02:18,470
This is something that we already did inside of our first project.

37
00:02:18,480 --> 00:02:21,380
So there's nothing really too much to explain right here.

38
00:02:21,390 --> 00:02:27,590
We just type SOC and use the methods that bind open to and close to Brackett's.

39
00:02:27,590 --> 00:02:33,830
And the first parameter is going to be the IP address of our Linux machine in my case, if I go and

40
00:02:33,830 --> 00:02:34,610
check it out.

41
00:02:36,120 --> 00:02:43,170
This is not one, but 12, so we'll go right here and specify one or two that one that one dot 12 as

42
00:02:43,170 --> 00:02:44,100
the first parameter.

43
00:02:44,100 --> 00:02:47,100
And remember, it must be between the quotes.

44
00:02:47,640 --> 00:02:51,040
Then I will specify comma and port that we are going to use.

45
00:02:51,060 --> 00:02:53,630
Well, we can just go with Port five five five five.

46
00:02:53,880 --> 00:02:54,420
Why not?

47
00:02:54,630 --> 00:02:56,310
It doesn't even matter, to be honest.

48
00:02:57,320 --> 00:03:02,700
After we do all of this, we find it the IP address with the port and now the next thing that we must

49
00:03:02,720 --> 00:03:06,440
do is we must start listening for the incoming connections.

50
00:03:06,920 --> 00:03:09,080
Remember, this was the crucial part in the reverse.

51
00:03:09,080 --> 00:03:14,330
Chelse, the target executes the payload, but we must listen for the incoming connections.

52
00:03:14,510 --> 00:03:17,220
And that is exactly what our server program will do.

53
00:03:17,330 --> 00:03:18,950
It will listen for the connections.

54
00:03:19,100 --> 00:03:23,750
And once the target executes a payload, they will connect to our server program.

55
00:03:24,660 --> 00:03:34,770
So to do that, we can first print like this, let us print listening for the incoming connections just

56
00:03:34,770 --> 00:03:37,110
so we know which part of the program we are.

57
00:03:37,650 --> 00:03:41,820
And below that we can type SOC dot listen.

58
00:03:42,060 --> 00:03:47,250
And we are going to specify five in the brackets, meaning that we are going to listen up to five different

59
00:03:47,250 --> 00:03:47,850
connections.

60
00:03:48,150 --> 00:03:54,060
OK, so our program will now be stuck on this part until the connection is established.

61
00:03:54,720 --> 00:04:00,330
Once the target tries to connect back to us, we need to store their connection in a few variables.

62
00:04:00,960 --> 00:04:05,640
In another sense, we need to store their socket object that we are going to use to communicate with

63
00:04:05,640 --> 00:04:06,240
the target.

64
00:04:06,630 --> 00:04:11,110
And we're also going to split that into an IP address.

65
00:04:11,130 --> 00:04:15,250
So what I'm going to do is I'm going to type target IP.

66
00:04:15,780 --> 00:04:21,930
These are going to be two separate variables and they're going to be equal to SOC Dot accept.

67
00:04:22,080 --> 00:04:28,920
And this method is simply just accepting the incoming connection and storing the targets socket object

68
00:04:29,070 --> 00:04:29,760
right here.

69
00:04:29,910 --> 00:04:33,060
And the IP address in the second variable.

70
00:04:33,330 --> 00:04:34,530
Simple as that.

71
00:04:35,490 --> 00:04:40,020
Once we do that and once the connection is accepted, we can print.

72
00:04:41,110 --> 00:04:48,580
That target connected and we can add Frumkin and what we're going to do here is we're going to close

73
00:04:48,580 --> 00:04:54,760
the quote and add a plus sign and then the string of the IP variable.

74
00:04:54,910 --> 00:04:59,350
And once again, remember, the IP variable will store the IP address of the target.

75
00:04:59,590 --> 00:05:02,440
So what we are essentially doing right here is we're printing that.

76
00:05:02,440 --> 00:05:05,320
We got the connection from the target's IP address.

77
00:05:05,770 --> 00:05:09,630
OK, we need to close one more bracket right here.

78
00:05:10,120 --> 00:05:15,880
And what we're going to do at the end is we're just going to enter a function called target communication.

79
00:05:16,990 --> 00:05:21,100
Now, of course, this function doesn't exist and we're going to code it in some future video.

80
00:05:21,100 --> 00:05:23,490
But for now, let's just leave it right here.

81
00:05:23,890 --> 00:05:27,060
We successfully created the socket object binded.

82
00:05:27,070 --> 00:05:31,030
The IP address with the port, will listen for the incoming connections.

83
00:05:31,180 --> 00:05:35,190
And at the end, we accepted the connection from our target system.

84
00:05:35,920 --> 00:05:39,520
We're going to leave it at this for now on our server program.

85
00:05:39,730 --> 00:05:42,550
And let's go to our backorder program.

86
00:05:43,240 --> 00:05:49,620
Now we need to figure out the code for our backdoor to make it connect to our server, the API.

87
00:05:50,440 --> 00:05:54,130
So first thing that we're going to do is, of course, to import.

88
00:05:55,920 --> 00:06:03,450
The socket library then, as in the server program, we need to initiate the socket object and I'm not

89
00:06:03,450 --> 00:06:06,140
going to call it soccer right here, I'm just going to call it S.

90
00:06:06,930 --> 00:06:09,510
And here we're going to specify the same parameters.

91
00:06:09,660 --> 00:06:12,050
Socket dot af underscore it.

92
00:06:12,300 --> 00:06:15,520
Comma, socket dot soc underscore straight.

93
00:06:16,640 --> 00:06:21,530
Well, Rudy explained what these are and the only thing that we need to do right here is we need to

94
00:06:21,530 --> 00:06:26,450
connect to our target machine, but we're not going to use the connect method right here.

95
00:06:26,690 --> 00:06:30,460
What we are going to do is we are going to call the connection function.

96
00:06:30,770 --> 00:06:33,100
And of course, this is a function that doesn't exist.

97
00:06:33,110 --> 00:06:34,690
So one must code it up here.

98
00:06:35,270 --> 00:06:37,760
Let's define it first to define connection.

99
00:06:37,760 --> 00:06:40,430
It will take no parameters between the brackets.

100
00:06:40,670 --> 00:06:46,700
And what we are going to do is we are going to type right here, try, which is the tri statement.

101
00:06:46,700 --> 00:06:50,600
So it will try to connect to our killing machine.

102
00:06:50,600 --> 00:06:55,910
And remember, the connect function requires to open and close brackets the same way that the bind function

103
00:06:55,910 --> 00:06:56,210
does.

104
00:06:56,360 --> 00:07:01,970
And it also takes two parameters, which the first one is the IP address of the machine that we want

105
00:07:01,970 --> 00:07:02,910
to connect to.

106
00:07:03,050 --> 00:07:08,420
So this will be the IP address of this machine once again and the port will be once again the Port five

107
00:07:08,420 --> 00:07:14,330
five five five because we want to connect to that port since our server program will be listening on

108
00:07:14,330 --> 00:07:14,960
that port.

109
00:07:15,740 --> 00:07:21,650
If it manages to connect, we're going to enter our second function, which is going to be called Shell.

110
00:07:21,800 --> 00:07:24,370
And this shell function also doesn't exist.

111
00:07:24,380 --> 00:07:25,310
We're going to code it.

112
00:07:25,500 --> 00:07:29,530
And what will be the purpose of this shell function is executing the comments.

113
00:07:29,780 --> 00:07:34,160
So for now, we're just going to leave it right here and we're going to code it later.

114
00:07:34,910 --> 00:07:38,000
Once we leave the shell function, we can close the socket object.

115
00:07:38,510 --> 00:07:45,040
And in the accept statement, we can call again this connection function.

116
00:07:45,950 --> 00:07:48,380
Now, you might be wondering, why are we doing this?

117
00:07:49,070 --> 00:07:51,590
Well, if I had something like this right here.

118
00:07:52,560 --> 00:08:00,420
So I go and type while true, which is to remember the infinite loop, and I tap all of these commands

119
00:08:00,420 --> 00:08:03,780
once so they can belong to the wild Trouillot.

120
00:08:04,710 --> 00:08:10,740
And right here, I'm going to also add a statement, time to sleep and give me just one second.

121
00:08:10,740 --> 00:08:12,270
I will explain why I'm doing this.

122
00:08:13,020 --> 00:08:14,970
Let me just call the function till the end.

123
00:08:15,510 --> 00:08:21,810
I'll break right here and I will import the time library because we are going to need it since we use

124
00:08:21,810 --> 00:08:22,390
it right here.

125
00:08:23,070 --> 00:08:24,830
So what are we doing right here?

126
00:08:25,470 --> 00:08:27,480
We're calling the connection function.

127
00:08:27,930 --> 00:08:35,610
This connection function starts and infinite while loop, this infinite loop sleeps for 20 seconds and

128
00:08:35,610 --> 00:08:38,370
then it tries to connect to our clinics machine.

129
00:08:39,060 --> 00:08:44,910
If it manages to connect, it will go inside of the shell function where we will execute the comments

130
00:08:44,910 --> 00:08:45,810
on the target system.

131
00:08:46,140 --> 00:08:52,740
If it doesn't manage to connect, it will go into this except statement and it will call the same function

132
00:08:52,770 --> 00:08:53,530
once again.

133
00:08:54,240 --> 00:08:55,680
So what does this tell you?

134
00:08:56,220 --> 00:09:00,940
It will run this function infinitely until it manages to connect.

135
00:09:01,650 --> 00:09:07,890
So this is good because one reason we don't want our target to start the payload and not be able to

136
00:09:07,890 --> 00:09:10,800
connect just because we haven't started the server yet.

137
00:09:11,370 --> 00:09:14,940
We want to be able to connect to the target system whenever we want.

138
00:09:15,360 --> 00:09:22,290
So this function will tell the payload to try to connect to every 20 seconds, every 20 seconds while

139
00:09:22,290 --> 00:09:23,220
their machine is running.

140
00:09:23,670 --> 00:09:29,430
This program will try to connect our Kleenex machine so we can start the server at any point of time.

141
00:09:29,430 --> 00:09:33,220
And after 20 seconds, it will establish a connection to us.

142
00:09:33,810 --> 00:09:41,670
So this is just calling this function over and over again until this line right here works and they

143
00:09:41,670 --> 00:09:42,410
connect to us.

144
00:09:42,720 --> 00:09:46,320
Then we enter a second function, which is the shell function.

145
00:09:47,310 --> 00:09:54,060
OK, this is the base of our Back-Door DCPI, here is how we are going to connect to our server and

146
00:09:54,060 --> 00:09:59,540
in the next video, we're going to see what we are going to do with the contents of the shell function.

147
00:10:00,090 --> 00:10:06,750
And if I save this controller and also the target communication function.

148
00:10:06,900 --> 00:10:10,350
So these are the functions that will receive and execute commands.

149
00:10:11,130 --> 00:10:15,680
Feel free to post any question if you have about the code, if there is something that you do not understand.

150
00:10:15,990 --> 00:10:20,970
And in the next lecture, we are going to continue with the coding of our programs.

151
00:10:21,220 --> 00:10:21,780
So there.