1
00:00:00,690 --> 00:00:01,410
Welcome back.

2
00:00:01,650 --> 00:00:07,460
Let us see how we can implement the changing of the directory inside of our server and back door.

3
00:00:08,190 --> 00:00:15,120
So in the previous video, we tested our program for the first time and we were able to execute all

4
00:00:15,120 --> 00:00:15,780
of the comments.

5
00:00:16,080 --> 00:00:21,960
But once we tried to change the directory on the target system, we weren't able to do that.

6
00:00:22,120 --> 00:00:23,870
We were stuck in the same directory.

7
00:00:24,450 --> 00:00:29,760
So let us see how we can bypass this and how we can be able to change the directories inside of our

8
00:00:29,760 --> 00:00:30,510
backdoor code.

9
00:00:31,080 --> 00:00:35,160
The first thing that we must do is we must now know our backdoor.

10
00:00:36,540 --> 00:00:44,550
And down in the channel function here, we must add an option if the command starts with CD first.

11
00:00:44,550 --> 00:00:51,660
Python has a library that is called OS Library and with the help of the OS library we can change the

12
00:00:51,660 --> 00:00:54,440
directory with just one single command.

13
00:00:55,170 --> 00:01:01,800
So first thing that we must do is we must import that library, go up here and import OS.

14
00:01:02,840 --> 00:01:07,520
Once you do that down here in the shell function here, we must add the command.

15
00:01:08,690 --> 00:01:13,040
Or the statement which will say else if command.

16
00:01:14,790 --> 00:01:19,030
And then equals equals to the empty space.

17
00:01:19,710 --> 00:01:26,550
Then we will change the directory, but you might notice that there is something wrong with this statement

18
00:01:26,550 --> 00:01:27,000
right here.

19
00:01:27,830 --> 00:01:34,310
For example, we are comparing the command with CD and empty space, but most likely the command will

20
00:01:34,310 --> 00:01:36,500
be something like CD and then desktop.

21
00:01:37,480 --> 00:01:45,310
So if it compares this with this, these two will not be the same, even though they start the same.

22
00:01:46,220 --> 00:01:53,420
So what we must do, instead of comparing the entire command, we must compare just the first three

23
00:01:53,690 --> 00:02:00,490
characters and we can do that by specifying square brackets and then two dots, up to third character.

24
00:02:01,070 --> 00:02:06,290
In other words, all of this just means that we are comparing the first three characters of the command

25
00:02:06,410 --> 00:02:12,320
with KDDI and empty space and empty space is the reason why we're comparing three characters and not

26
00:02:12,320 --> 00:02:12,680
to.

27
00:02:14,070 --> 00:02:20,010
I have to compare this and they do match, then we can use the OS library and function, which is called

28
00:02:20,010 --> 00:02:24,750
C H there, which stands for change directory onto the command.

29
00:02:24,900 --> 00:02:31,740
And then right here, we need to do the quite opposite thing that we did, which is from the third character.

30
00:02:31,770 --> 00:02:38,820
And then till the end, since this function will be something like this, if we ran the command desktop,

31
00:02:39,510 --> 00:02:45,080
then this function will do something like this os c h dear and then desktop.

32
00:02:45,930 --> 00:02:52,920
So what we essentially did is we compared this and then if they did match, we then used this part of

33
00:02:52,920 --> 00:02:54,410
the command to change the directory.

34
00:02:54,780 --> 00:02:56,610
And this is pretty much it.

35
00:02:56,620 --> 00:02:58,820
We don't need to add anything else.

36
00:02:59,160 --> 00:03:01,060
This will change directory for us.

37
00:03:01,300 --> 00:03:03,800
However, this is not everything that we must do.

38
00:03:04,320 --> 00:03:10,380
What else we must do is we must go to the server code and add the same command inside our target communication

39
00:03:10,380 --> 00:03:10,840
function.

40
00:03:11,040 --> 00:03:20,210
So right here we can add another statement of command equals equals to code and this space.

41
00:03:20,220 --> 00:03:25,650
And here, remember that we also must start from the beginning up to third character.

42
00:03:27,090 --> 00:03:30,460
Just in this case, we are not going to do anything.

43
00:03:30,580 --> 00:03:35,730
We're going to just pass because in server we don't want to do anything.

44
00:03:35,730 --> 00:03:41,130
We just want to go back to the beginning where we can send the next command and in the back there code,

45
00:03:41,130 --> 00:03:44,070
we simply just change the directory of our program.

46
00:03:44,760 --> 00:03:49,490
Now, there is one more comment that I want to add in this video, and that is the clear command.

47
00:03:50,370 --> 00:03:54,870
This is not really that useful, but once you have a bunch of commands and outputs on your desktop,

48
00:03:54,870 --> 00:03:57,480
you can use something similar to this.

49
00:03:57,990 --> 00:03:59,040
That for you is right here.

50
00:03:59,280 --> 00:04:06,750
See, for example, type pseudo IV config and it outputs me with the IV configured command.

51
00:04:06,760 --> 00:04:08,780
I can just type clear to clear the screen.

52
00:04:08,970 --> 00:04:11,760
So let us do something similar inside of our code.

53
00:04:12,390 --> 00:04:19,560
First, we're going to go with the server and if we send the command clear, this command will get sent

54
00:04:19,560 --> 00:04:20,280
to the target.

55
00:04:20,280 --> 00:04:25,980
However, we want to execute it right here inside of our server, since there is no point in executing

56
00:04:25,980 --> 00:04:29,350
the clear command inside of our backdoor code on the target system.

57
00:04:30,180 --> 00:04:35,490
So what we are going to do right here is we are going to add another elusive statement, elusive command,

58
00:04:36,240 --> 00:04:37,640
equal sequel's to clear.

59
00:04:38,610 --> 00:04:45,660
We're going to use once again the OS library and we are going to call the system command, which will

60
00:04:45,660 --> 00:04:47,340
execute the clear command.

61
00:04:47,520 --> 00:04:53,130
This system function allows us to specify any command in the brackets, which will then get executed

62
00:04:53,130 --> 00:04:54,160
inside of our terminal.

63
00:04:54,960 --> 00:05:00,830
Of course, since this is inside of a server code, we must import the OS library here as well.

64
00:05:02,460 --> 00:05:08,640
And since the command will get sent to the back door as well, we want to cover that step also inside

65
00:05:08,640 --> 00:05:09,570
of our shell function.

66
00:05:09,580 --> 00:05:12,660
So let us go right here and add else.

67
00:05:12,810 --> 00:05:20,820
If statement command equals equals to clear just in this case, we will pass and not do anything.

68
00:05:21,880 --> 00:05:27,970
OK, simple as that, and these are just two comments that I wanted to cover in this video, which only

69
00:05:27,970 --> 00:05:30,820
this side comment is really important for us right now.

70
00:05:31,090 --> 00:05:36,250
But in the next video, what we are going to do is we are going to see how we can download and upload

71
00:05:36,250 --> 00:05:38,070
files to the target system.

72
00:05:38,590 --> 00:05:43,210
Then at the end, we are going to test our final version of the program and see whether all of these

73
00:05:43,210 --> 00:05:47,370
commands that we imported work or if there is something that we must change.

74
00:05:48,250 --> 00:05:53,350
So for now, and we got execution of the command, changing of the directory, we can clear the screen

75
00:05:53,590 --> 00:05:57,810
if we get too many things happening and we can quit outside of the shelf.

76
00:05:58,180 --> 00:05:58,590
Great.

77
00:05:59,170 --> 00:06:01,360
Let us continue coding in the next lecture.