1
00:00:00,060 --> 00:00:00,930
Welcome back, everyone.

2
00:00:00,960 --> 00:00:09,560
This is a session this is first of all, and you are watching the session on creating a bit of a mess

3
00:00:09,570 --> 00:00:10,260
of venom.

4
00:00:10,860 --> 00:00:11,300
All right.

5
00:00:11,790 --> 00:00:20,670
So from this decision on what will be really getting into action, will be making a bailout slash longer

6
00:00:21,570 --> 00:00:28,760
and the beans will be exploiting our target with the same with the same feeling.

7
00:00:28,800 --> 00:00:30,370
So let's get started.

8
00:00:30,750 --> 00:00:38,490
Let's first understand a couple of Javins and comments in Texas about why massive venom is basically

9
00:00:38,490 --> 00:00:39,090
a tool.

10
00:00:39,300 --> 00:00:43,550
It's a tool which is big, which is used to build the payload.

11
00:00:43,790 --> 00:00:54,660
OK, and this makes you use make make use of multiple, multiple techniques in order to make the payload

12
00:00:55,500 --> 00:01:00,390
from very simple to even complex as advances.

13
00:01:00,870 --> 00:01:01,170
All right.

14
00:01:01,500 --> 00:01:10,200
So the command to start the massive payload assembly, MSF, m. you just have to go to the Catley and

15
00:01:10,200 --> 00:01:16,680
you can simply type of venom and get started if you want to get more detail about how the command really

16
00:01:16,680 --> 00:01:18,670
looks like, will it be going into it?

17
00:01:19,420 --> 00:01:22,160
But I'll let you know again for further.

18
00:01:22,290 --> 00:01:24,640
MSF Venom Python from health.

19
00:01:24,930 --> 00:01:27,810
I can give you the all the available options.

20
00:01:28,590 --> 00:01:34,740
Now, there are multiple ways you can build the payload, even the advanced payload as well.

21
00:01:35,250 --> 00:01:41,170
This could be starting with assigning the kind of payload you want to go for.

22
00:01:41,670 --> 00:01:45,230
So as I told you about, there are multiple type of payload.

23
00:01:45,240 --> 00:01:54,840
You can make use of reverse rewash mind churl in even in the reverse shell itself, you have BCB reverse

24
00:01:54,840 --> 00:01:55,760
DCB Shell.

25
00:01:55,780 --> 00:02:01,490
Then we can have reverse htp shell, then we can have reverse a special as well.

26
00:02:01,920 --> 00:02:09,420
And this can even be for multiple platforms, it can be for Windows, for Linux, for, you know, web

27
00:02:09,420 --> 00:02:13,680
application, BHP to many more for Java platform as well.

28
00:02:13,680 --> 00:02:22,110
For every different platform applications are, you know, operating system as it might change and even

29
00:02:22,860 --> 00:02:26,620
the kind of platform that you are looking for as well.

30
00:02:27,000 --> 00:02:27,340
Right.

31
00:02:27,360 --> 00:02:31,950
There's something going wrong with the printer, which will be talking about it as well to make sure

32
00:02:31,950 --> 00:02:36,120
we if we have you have a kind of persistent connection.

33
00:02:36,120 --> 00:02:42,990
Even if the system, even even if you lose the connection because of Internet, because of Vansickle,

34
00:02:43,500 --> 00:02:50,230
you want the moment the system goes online, you still be having the connection back to their adoption

35
00:02:50,280 --> 00:02:52,230
with that materialisation.

36
00:02:52,260 --> 00:02:52,560
Right.

37
00:02:53,820 --> 00:02:59,670
So in order to make use of payload, you simply say you can start off with the names of men and women

38
00:02:59,940 --> 00:03:06,360
and then you can select which payload to go for by making use A minus B or hyphenation from payload

39
00:03:06,660 --> 00:03:07,110
as well.

40
00:03:07,140 --> 00:03:07,860
That's going to work.

41
00:03:08,100 --> 00:03:16,590
Then you can also make use of an encoder encoder encoded start to start, including your payload, so

42
00:03:16,590 --> 00:03:19,190
that it becomes a bit different.

43
00:03:19,200 --> 00:03:22,410
And, you know, some of the operating system.

44
00:03:23,010 --> 00:03:25,140
In fact, let's talk about the windows.

45
00:03:26,520 --> 00:03:34,620
They might find it difficult to detect as a malicious traffic so we can possibly try possibly to possibly

46
00:03:34,620 --> 00:03:41,940
try to build type of encoding mechanism in order to make our payload a bit more undetectable.

47
00:03:42,150 --> 00:03:42,560
All right.

48
00:03:42,930 --> 00:03:51,610
So it all depends on the kind of antivirus which is being used for on the target sites as target site

49
00:03:51,630 --> 00:03:52,070
as well.

50
00:03:52,440 --> 00:03:58,640
So we have to plan accordingly what kind of a mechanism, what tools we should really go for.

51
00:03:58,980 --> 00:04:05,910
You can selected by minus E or hyphenation encoded encoders, but then encryption.

52
00:04:06,000 --> 00:04:12,960
You can make use of encryption as well if you're going for a steeps so or even generic as you can make

53
00:04:12,960 --> 00:04:15,480
use of kind of encryption.

54
00:04:15,480 --> 00:04:19,310
You want to go for maybe a year, two, four, five, six or eight is 128 as well.

55
00:04:19,770 --> 00:04:26,220
And the way to make use of it is the hyphen, hyphen, encrypt and last.

56
00:04:26,220 --> 00:04:29,070
But there are two more options that you can go for.

57
00:04:29,070 --> 00:04:35,310
Iteration is the number of times you iterate the same payload in order to make it kind of fun, you

58
00:04:35,310 --> 00:04:44,060
know, kind of shelbie where the multiple times and get it iterated and becomes a bit more undetectable.

59
00:04:44,070 --> 00:04:45,780
You're trying to make it at least.

60
00:04:46,650 --> 00:04:55,260
And then additional code you can make use of additional code which can be used as this show or indications

61
00:04:55,260 --> 00:04:57,270
to the cell injections.

62
00:04:57,270 --> 00:04:59,910
You know, with and this is a pretty much an.

63
00:05:00,300 --> 00:05:03,100
Technique for this, there are some of the tools as well.

64
00:05:03,150 --> 00:05:06,180
There's one project as well for the same activity.

65
00:05:06,180 --> 00:05:12,610
If we can make use of animation and we can make use of the project as well for the same activity.

66
00:05:12,870 --> 00:05:16,860
OK, as we go in more advanced, learn about that, too.

67
00:05:16,890 --> 00:05:17,270
All right.

68
00:05:17,730 --> 00:05:18,910
So let's get started.

69
00:05:18,930 --> 00:05:28,650
Let's start building a first and I would say the basic payload and let's get started for this.

70
00:05:28,650 --> 00:05:30,840
We need to go to virtual machine.

71
00:05:32,490 --> 00:05:32,830
Sorry.

72
00:05:33,480 --> 00:05:33,950
Oh yeah.

73
00:05:34,080 --> 00:05:35,070
So here it is.

74
00:05:35,520 --> 00:05:41,370
We are in a washing machine and at this moment, the building or below.

75
00:05:43,340 --> 00:05:50,280
OK, so the first thing that you have to do is type MSF venom, OK?

76
00:05:50,780 --> 00:05:53,250
The moment you do that, you get an option of health.

77
00:05:55,730 --> 00:06:00,980
See, as I told you earlier, you get an option, a payload, you get an option for encoder all the

78
00:06:00,990 --> 00:06:01,240
stuff.

79
00:06:01,250 --> 00:06:01,470
Right.

80
00:06:01,790 --> 00:06:07,730
So we'll be building the first basic kind of payload and will be saving it on our system as well.

81
00:06:07,970 --> 00:06:08,380
All right.

82
00:06:09,320 --> 00:06:10,200
So let's get started.

83
00:06:10,900 --> 00:06:15,230
Will it be that being MSF venom then will select our field?

84
00:06:15,680 --> 00:06:19,880
So to make it simple enough to be our target will be Windows 10.

85
00:06:20,030 --> 00:06:26,420
I'm taking windows and straight away because I don't want to waste time walking on Windows seven and

86
00:06:26,420 --> 00:06:32,870
on legacy platforms, because that's not something that you would find as a target most of the time.

87
00:06:33,050 --> 00:06:33,440
All right.

88
00:06:33,470 --> 00:06:36,560
In fact, most of the time you're going to find Windows 10 for sure.

89
00:06:37,190 --> 00:06:42,970
OK, so then you defined your buildup.

90
00:06:43,460 --> 00:06:48,350
So make sure this is the kind of payload you have to remember.

91
00:06:48,740 --> 00:06:58,160
Or even if you don't remember, you can go and check out in the MSF console as well, which I can even

92
00:06:58,160 --> 00:06:58,730
show you.

93
00:06:58,880 --> 00:06:59,540
Or here is.

94
00:06:59,540 --> 00:07:06,620
But so if you want to see what are the different payloads available, you can even go to the.

95
00:07:07,460 --> 00:07:08,200
Let me go to.

96
00:07:11,580 --> 00:07:22,080
And Andrew and Deepti, massive console, and in here you get to see all possible payloads available,

97
00:07:22,470 --> 00:07:25,470
so best you get the Naem at least, right.

98
00:07:25,740 --> 00:07:27,040
Which payload to go for.

99
00:07:27,060 --> 00:07:32,840
So you can type you are currently on the Midas touch despite Fienberg here.

100
00:07:32,850 --> 00:07:39,960
You can search for people the moment you hit and you see it start with everything.

101
00:07:39,960 --> 00:07:44,450
Payload Windows 64.

102
00:07:44,700 --> 00:07:48,030
This is 64 architecture that will be very as.

103
00:07:49,050 --> 00:07:56,920
And accordingly, if you remember, I talked about Shell Bindweed and you believe in financial risk,

104
00:07:57,510 --> 00:07:58,650
reverse DCB.

105
00:07:58,650 --> 00:08:01,950
That would be an asset as well as tips as well.

106
00:08:02,100 --> 00:08:08,520
You see, this was a city that never sleeps well, and this is a part of me troubador.

107
00:08:08,910 --> 00:08:15,170
If you remember, I told you interpretor is is used to form a kind of persistent connection.

108
00:08:15,660 --> 00:08:20,340
So even if you lose the connection, you're still able to regain a victim decision.

109
00:08:20,370 --> 00:08:20,720
All right.

110
00:08:21,270 --> 00:08:23,060
So these are the many options.

111
00:08:23,070 --> 00:08:30,080
But remember, these structured works like this, the payload, the slash, the the platform and then

112
00:08:30,090 --> 00:08:37,380
the architecture, and then you define either you want to make use of printer, which will we will be

113
00:08:37,380 --> 00:08:40,590
using it and then the shell, OK.

114
00:08:40,860 --> 00:08:52,110
Exactly the same way we're making use of it windows and then Mr. Better than slash it was DCB.

115
00:08:52,770 --> 00:09:00,030
So as of now it's it's very clear that we are making use of regular shuttle or DCB, which is pretty

116
00:09:00,030 --> 00:09:05,820
basic one, and then we'll define our host localhost and look at both.

117
00:09:06,270 --> 00:09:16,650
So let's define our course, which is going to be almost equal to Bendat Segador one nine and the space

118
00:09:17,280 --> 00:09:27,360
port equal to you can make use of any random board, but you can even go for Phi Phi Phi or you can

119
00:09:27,420 --> 00:09:30,230
even make use of aspergillus.

120
00:09:30,660 --> 00:09:32,820
Then it's pretty simple.

121
00:09:32,850 --> 00:09:38,990
Now you just have to save it or you will find multiple methods.

122
00:09:39,000 --> 00:09:42,920
You can make use of minus or as well as a saving to the output file.

123
00:09:43,230 --> 00:09:48,210
Or probably you can save it to a different profile as well as you wish.

124
00:09:48,240 --> 00:09:59,160
So let's say if you if you would like to save it to to certain somewhere so you can make use of it like

125
00:09:59,910 --> 00:10:02,770
slash through slashed and finally.

126
00:10:03,370 --> 00:10:03,660
Right.

127
00:10:04,110 --> 00:10:07,110
Don't you see it's that simple at the moment.

128
00:10:07,110 --> 00:10:07,590
You hit it.

129
00:10:10,010 --> 00:10:11,150
Oh my God.

130
00:10:12,010 --> 00:10:14,000
I was right.

131
00:10:14,770 --> 00:10:16,650
Oh all right.

132
00:10:16,660 --> 00:10:17,370
Really sorry.

133
00:10:17,670 --> 00:10:18,570
And it's a venom.

134
00:10:19,260 --> 00:10:22,500
And then we'll see the magic happening.

135
00:10:23,490 --> 00:10:30,210
You will find it will take some time and then you see the encoder and not as specified.

136
00:10:30,210 --> 00:10:31,800
We haven't selected any encoder.

137
00:10:31,810 --> 00:10:33,780
We haven't selected any architecture.

138
00:10:34,160 --> 00:10:40,770
It means we haven't defined whether it should be used for it except six or 64.

139
00:10:41,070 --> 00:10:47,880
We haven't selected a platform as well, but we mean by default it's going to be making use of X as

140
00:10:47,880 --> 00:10:48,080
well.

141
00:10:48,090 --> 00:10:50,460
But you can also make use of minus.

142
00:10:51,390 --> 00:10:54,570
You know, accordingly, the platform will be selected.

143
00:10:54,600 --> 00:10:55,470
It's all up to you.

144
00:10:55,620 --> 00:10:59,490
You can define hyphenation platform and then you can run windows as well.

145
00:10:59,500 --> 00:11:01,260
It's up to you by default.

146
00:11:01,260 --> 00:11:01,980
It's going to work.

147
00:11:02,460 --> 00:11:06,090
So this is what the basic platform really looks like.

148
00:11:06,090 --> 00:11:13,500
Now, if you want to make use of multiple other elements and you you can see where it is being stored.

149
00:11:13,500 --> 00:11:21,260
So you can go to these dashboard for Denver and then type a list and then you will see your payload

150
00:11:21,510 --> 00:11:24,470
X is available right now.

151
00:11:25,710 --> 00:11:28,780
This this is the way we have created this payload.

152
00:11:29,160 --> 00:11:36,360
The moment this payload of this this payload is delivered to the target and the target.

153
00:11:36,360 --> 00:11:37,440
Open up this file.

154
00:11:38,010 --> 00:11:42,950
It should start it should be ready to get compromised.

155
00:11:43,050 --> 00:11:47,610
OK, but we'll talk about how the how we're attacking the machine.

156
00:11:47,610 --> 00:11:51,930
And in this situation, our tally machine will be opening up a listening station.

157
00:11:51,930 --> 00:11:59,160
If you remember what I talked in the reverse showed our our malware never really opened up any listening

158
00:11:59,160 --> 00:11:59,610
station.

159
00:11:59,610 --> 00:12:04,200
In fact, on the other hand, our machine needs to open a listening station.

160
00:12:04,500 --> 00:12:09,990
So there is still something need to be done on this machine, on the scaley machine to open up a listening.

161
00:12:10,060 --> 00:12:12,100
Session, which we haven't done so far.

162
00:12:12,420 --> 00:12:18,850
OK, so I don't know, I have only give you an idea about how to create a bill and a very, very basic

163
00:12:18,850 --> 00:12:25,090
level as we go ahead, will be making use of more and more texture to it, like Encoder will be selecting

164
00:12:25,090 --> 00:12:28,540
and Godor will be selecting architecture, will be selecting platform and many more.

165
00:12:28,870 --> 00:12:35,650
This is just to be very specific about how to make it very, very simple in the current situation.

166
00:12:35,650 --> 00:12:41,380
And most of the windows then, even if you drive everything, the no antivirus on the system as well,

167
00:12:42,120 --> 00:12:46,060
it will definitely might not work for sure.

168
00:12:46,480 --> 00:12:51,280
And the reasons this this has a lot of things to be done.

169
00:12:51,640 --> 00:12:57,430
But just to make you an idea about how to get started with the basic minimum command, this is what

170
00:12:57,430 --> 00:12:58,510
you have to start with.

171
00:12:58,570 --> 00:12:58,980
All right.

172
00:12:59,260 --> 00:13:06,760
So from the next session, try to make our Bangalor even more concrete, more solid and more effective

173
00:13:06,760 --> 00:13:07,160
as well.

174
00:13:07,900 --> 00:13:08,310
Thank you.

175
00:13:08,320 --> 00:13:08,860
We'll get to the.