1
00:00:00,060 --> 00:00:01,210
All right, welcome back, everyone.

2
00:00:01,470 --> 00:00:11,410
Now that we know how to install the well and why and how how to what exactly is relevation, basically

3
00:00:11,420 --> 00:00:18,660
we learn about real framework that consist of television and the way ordinance will be focusing on television

4
00:00:18,660 --> 00:00:20,930
as a part of this course.

5
00:00:21,900 --> 00:00:25,760
Let's get started and turn up a billboard with really vision.

6
00:00:25,890 --> 00:00:26,300
All right.

7
00:00:26,940 --> 00:00:27,360
So.

8
00:00:28,500 --> 00:00:31,390
Let's first go to the candy machine.

9
00:00:32,790 --> 00:00:38,190
All right, so we already have two minutes open and I'll tell you what the purpose of it.

10
00:00:38,850 --> 00:00:43,980
So on the first that's launched, you've been this way.

11
00:00:44,310 --> 00:00:48,150
Just type the commentary and you get to option.

12
00:00:48,300 --> 00:00:52,620
It consists of two tools, the first Israeli invasion.

13
00:00:52,620 --> 00:00:58,680
And the second is what we organize will be making use a real invasion because that's from that.

14
00:00:58,710 --> 00:01:03,960
That said, you can launch a gun ordinance is more for a source.

15
00:01:03,960 --> 00:01:04,740
Good indication.

16
00:01:04,740 --> 00:01:10,860
And many of the many other options, pretty much everyone says, well, in order to select one, you

17
00:01:10,860 --> 00:01:15,000
have to make use of use in order to list all the possible options.

18
00:01:15,000 --> 00:01:21,180
You can make use of the list to update the number of payloads that you can have with valuation.

19
00:01:21,450 --> 00:01:23,070
You can make use of a command.

20
00:01:23,080 --> 00:01:33,550
Israel, the makers of use one for certain groups, one, and then immediately going to see the menu

21
00:01:33,550 --> 00:01:34,980
with 41 below.

22
00:01:35,760 --> 00:01:36,720
But where are those?

23
00:01:37,360 --> 00:01:42,490
Well, in order to see that, you have to use the list came out right.

24
00:01:43,020 --> 00:01:43,630
Beautiful.

25
00:01:43,830 --> 00:01:52,910
Now you can see all the payloads starting from C to bite on the goal written by abortion as well, by

26
00:01:53,010 --> 00:01:59,160
Ruby and Graves as well for this session will make use of PyCon.

27
00:01:59,160 --> 00:02:03,120
I mean, sorry, let's use the Bauscher even in the partial as well.

28
00:02:03,120 --> 00:02:09,840
In fact, in every every programming language you get to see three categories as expected.

29
00:02:09,840 --> 00:02:12,410
The reverse dcb then we have.

30
00:02:12,420 --> 00:02:21,020
So then we have reverse should be reversed as troops as well in order to use one you can use.

31
00:02:21,150 --> 00:02:23,250
Maybe that's a pretty good OK.

32
00:02:23,760 --> 00:02:28,950
And then the moment you select that you get all the options for that below.

33
00:02:29,700 --> 00:02:36,720
You see all the options are by default selected all the barometer's from bad, you know, bad Mac addresses

34
00:02:36,720 --> 00:02:39,570
options or host hostname.

35
00:02:39,570 --> 00:02:46,320
Domingue, look at both and all those stuffs are by default selected and inventory as processes as well.

36
00:02:46,710 --> 00:02:47,790
What do you need to have?

37
00:02:47,790 --> 00:02:54,750
Is the host host, local host IP address so that you have to make use of self as host?

38
00:02:55,200 --> 00:03:00,450
What's the IP address of the system you can make as a config then?

39
00:03:00,630 --> 00:03:02,160
Zeder Don Juan Martin.

40
00:03:03,000 --> 00:03:03,470
Perfect.

41
00:03:03,480 --> 00:03:07,530
Now when you see this you should see the option.

42
00:03:07,560 --> 00:03:07,910
FettI.

43
00:03:08,040 --> 00:03:10,410
Yeah, the host has been selected.

44
00:03:10,730 --> 00:03:11,750
It's pretty quick.

45
00:03:11,850 --> 00:03:14,100
I mean just click generate command.

46
00:03:14,310 --> 00:03:19,170
Sorry, just in third and it's going to be pretty good.

47
00:03:19,350 --> 00:03:23,220
Let's say it now it's up to you what name you choose.

48
00:03:23,680 --> 00:03:24,510
Let me.

49
00:03:27,750 --> 00:03:33,300
Let's give it salary slip, so I overslept, maybe make.

50
00:03:37,250 --> 00:03:40,890
It's a big you know, once you do that, it was pretty quick.

51
00:03:40,920 --> 00:03:48,060
Now you can see that the goal has been to break the bailout is really see the language, this partial

52
00:03:48,060 --> 00:03:50,820
bailout as bailout modulars power.

53
00:03:50,830 --> 00:04:00,990
Sheremeta, which was DCB and the source code, is written to this source code as written as being placed

54
00:04:00,990 --> 00:04:02,050
in this directory.

55
00:04:02,430 --> 00:04:06,740
And remember this last option, just make a note of it.

56
00:04:07,110 --> 00:04:14,950
Keep your eye on this last option, because this is going to save a lot of husa of our Millersburg framework.

57
00:04:15,230 --> 00:04:23,350
Remember, one thing, whatever we have done that we have just created, we have just built A and bauscher.

58
00:04:24,170 --> 00:04:34,140
Now, this doesn't replace the framework activity where we stopped listening to our bailout.

59
00:04:34,140 --> 00:04:34,480
Right.

60
00:04:34,650 --> 00:04:37,080
This will replace the M7.

61
00:04:37,500 --> 00:04:41,230
The purpose of emissive was just to create a bailout.

62
00:04:41,250 --> 00:04:51,420
That's exactly the purpose of relevation is now going to the massive console and initiating this session

63
00:04:51,750 --> 00:04:56,510
or start listening to the request coming in from the other machine.

64
00:04:57,220 --> 00:04:58,920
It will still remain the same.

65
00:04:59,160 --> 00:05:06,330
Even if you create a payload, you still have to go to the MSF console and you have to select the same

66
00:05:06,630 --> 00:05:07,620
options as well.

67
00:05:07,920 --> 00:05:12,910
And then you have to stop listening to the station once you install this payload on the Dogen machine.

68
00:05:12,930 --> 00:05:20,740
Right now, one thing is let's go to the this directory CBDs.

69
00:05:20,790 --> 00:05:27,460
That's where it starts to load than we have been put.

70
00:05:27,810 --> 00:05:28,450
So.

71
00:05:30,070 --> 00:05:37,420
All right, so you see the salary slip me, salicylate me.

72
00:05:37,750 --> 00:05:38,730
Here it is, right?

73
00:05:39,160 --> 00:05:40,080
This is the bill.

74
00:05:40,420 --> 00:05:49,390
But the challenge here is this bailout is being created and backed, OK, with massive venom.

75
00:05:49,400 --> 00:05:52,800
It was generated directly in the Baltic Sea.

76
00:05:53,170 --> 00:05:54,570
So we have a challenge here.

77
00:05:54,910 --> 00:06:03,760
Now we have to convert this dorkbot file into Dot Yuxi, otherwise we won't be able to make it executable

78
00:06:03,760 --> 00:06:04,840
on our machine.

79
00:06:05,320 --> 00:06:07,980
Well, there's an option, simple option.

80
00:06:07,990 --> 00:06:10,970
OK, what you can do is you can make use of a tool.

81
00:06:10,970 --> 00:06:12,160
We've got Betawi.

82
00:06:12,700 --> 00:06:15,220
That's back to Xiqing worker.

83
00:06:16,420 --> 00:06:22,920
You can you can download it from the GitHub or make use of Getgood so you can get the flow.

84
00:06:23,410 --> 00:06:25,120
And here is the link.

85
00:06:25,120 --> 00:06:35,020
I just copied it already so you can just based our I mentioned in the note as well so that you can give

86
00:06:35,020 --> 00:06:35,680
me access.

87
00:06:36,940 --> 00:06:37,600
Oh sorry.

88
00:06:37,600 --> 00:06:42,070
I already have the access so possibly I have to go to the sort of.

89
00:06:46,390 --> 00:06:50,870
All right, so if you if you see once you do that, this will be the start.

90
00:06:50,900 --> 00:06:58,360
This will be downloaded, not really installed as BIDU, even if I want to show you, you can see this

91
00:06:58,360 --> 00:07:01,230
has been installed as being long back, OK?

92
00:07:01,690 --> 00:07:06,250
And often the successful command, all from Europe, not from the county.

93
00:07:06,250 --> 00:07:07,300
I tried from the county.

94
00:07:07,720 --> 00:07:10,210
Do it from the loop and you should see this.

95
00:07:11,320 --> 00:07:17,380
Now this file as this file, you can't really run directly because in order to execute it, you have

96
00:07:17,380 --> 00:07:26,610
to have, you know, architecture windows are created so that so that you can activate the OK.

97
00:07:27,340 --> 00:07:29,890
In order to do that, you have to have a wine.

98
00:07:30,130 --> 00:07:37,780
You have to have or why not predicted on your system so that to support Windows File, Windows Executable

99
00:07:37,780 --> 00:07:38,110
File.

100
00:07:38,770 --> 00:07:47,020
And I'll show you the link as well to download steps for this so you can install new wind on your system

101
00:07:47,020 --> 00:07:51,970
in order to execute or install any Dorte acce file.

102
00:07:52,090 --> 00:07:54,590
You have to have wine for this, right?

103
00:07:54,910 --> 00:08:00,640
So because I already have one, if I type wine, you see this option is already available.

104
00:08:04,510 --> 00:08:08,330
You see this, I have one five zero three, that's the question I have.

105
00:08:08,740 --> 00:08:12,430
I'll show you the commands for four steps for downloading it.

106
00:08:12,430 --> 00:08:18,880
Of course, from the very first, you might face some challenges and I'll show you those troubleshooting

107
00:08:18,880 --> 00:08:19,630
steps as well.

108
00:08:20,110 --> 00:08:25,350
Now, once you have that, you what are you going to do is you can simply go to the directory between

109
00:08:25,420 --> 00:08:25,890
first

110
00:08:28,900 --> 00:08:34,030
and under that you will find there are some Phuntsok at the very first.

111
00:08:34,030 --> 00:08:36,580
You have to install this button this far.

112
00:08:37,150 --> 00:08:44,780
You have to in order to install any files, you just type back installer.

113
00:08:46,360 --> 00:08:46,840
OK.

114
00:08:49,020 --> 00:08:49,410
All right.

115
00:08:49,420 --> 00:08:52,900
So the moment you do that, it will start installing this file.

116
00:08:53,080 --> 00:09:01,090
OK, because I have already installed this, I might call my doctor some challenges, but usually when

117
00:09:01,090 --> 00:09:04,450
you start installing it, it looks exactly like Windows installation.

118
00:09:04,450 --> 00:09:04,740
Right.

119
00:09:04,750 --> 00:09:05,540
Next, next.

120
00:09:05,560 --> 00:09:09,820
And all those options you do, that installation will start happening.

121
00:09:10,330 --> 00:09:15,970
OK, I'll stop it because I already have installed in order to launch it, installation is done.

122
00:09:15,970 --> 00:09:20,490
OK, in order to launch it, I have to go to the portable options, OK.

123
00:09:20,500 --> 00:09:24,580
And between itself and from there I'll find this option.

124
00:09:24,580 --> 00:09:27,220
That's where I make use of watching the game.

125
00:09:27,580 --> 00:09:33,740
But this time it is just going to launch this application but not really install it.

126
00:09:33,900 --> 00:09:38,520
OK, so hit that and wonderful.

127
00:09:38,560 --> 00:09:38,920
Lovely.

128
00:09:38,980 --> 00:09:41,640
Now you see the dash but now you see the app coming in.

129
00:09:41,650 --> 00:09:42,090
That's it.

130
00:09:42,100 --> 00:09:44,410
Back to the converter.

131
00:09:44,480 --> 00:09:49,450
OK, now what do you need to do is keep it as it works.

132
00:09:49,450 --> 00:09:49,660
Right.

133
00:09:49,780 --> 00:09:56,680
So let me have this open and there is the file.

134
00:09:56,680 --> 00:09:58,450
You can see the very exactly.

135
00:09:58,450 --> 00:09:59,890
The directory is in the rack.

136
00:10:00,790 --> 00:10:01,780
Let's go to where.

137
00:10:04,570 --> 00:10:05,080
Right.

138
00:10:05,200 --> 00:10:09,430
Then we go to lap over here.

139
00:10:09,640 --> 00:10:20,080
And then we have and then in the output we have sources we are looking for Sallas slip me.

140
00:10:21,400 --> 00:10:22,180
You see this.

141
00:10:22,540 --> 00:10:25,460
The entire code is now really here.

142
00:10:25,840 --> 00:10:32,980
Now, it might happen that when you create your payload, it might be detected by many and devices.

143
00:10:33,400 --> 00:10:39,010
And that's what we are going to learn when we are going to see in the next station as well, because

144
00:10:39,190 --> 00:10:40,840
it might just like us.

145
00:10:40,850 --> 00:10:45,550
There are many folks, there are many engineers, many, many penetration tester as well, who might

146
00:10:45,550 --> 00:10:49,560
be testing the same real framework and that situation antivirus.

147
00:10:49,560 --> 00:10:50,770
Just get the idea, OK?

148
00:10:50,780 --> 00:10:55,060
Yeah, it has been you know, it is the same file now.

149
00:10:55,390 --> 00:10:57,130
This has already been written.

150
00:10:57,130 --> 00:10:59,050
What do we do you do ten years on it?

151
00:10:59,320 --> 00:11:08,920
It might you know, you have to either be very strong or strong position so that even if you do slight

152
00:11:08,920 --> 00:11:13,480
changes, it doesn't really destruct or bust up the entire code.

153
00:11:13,930 --> 00:11:19,960
And at the same time, it should look unique so that antivirus can not really detective.

154
00:11:20,080 --> 00:11:20,380
Right.

155
00:11:20,740 --> 00:11:29,020
So that we that's the that's the way the real hackers make use of well, not just to launch it right

156
00:11:29,020 --> 00:11:36,580
away, they make use of it just to get the code and then they start modifying the existing code.

157
00:11:36,970 --> 00:11:41,080
And once they have the code, what I can do is I can start converting it.

158
00:11:41,860 --> 00:11:43,900
So you can see the school is ready.

159
00:11:44,230 --> 00:11:46,930
I can select a couple of options if I want.

160
00:11:46,930 --> 00:11:49,030
I can make use of Ikon as well.

161
00:11:49,030 --> 00:11:54,880
I can select maybe a PDF icon, so that will look like a PDF file and that's where you can select the

162
00:11:54,880 --> 00:11:55,750
PDF icon.

163
00:11:56,200 --> 00:11:57,790
You can keep it as it is as well.

164
00:11:58,030 --> 00:12:04,930
And once it is done, you can decide which architecture you're targeting to maybe 30 to 64 bit or whatever

165
00:12:04,930 --> 00:12:05,320
it is.

166
00:12:05,320 --> 00:12:09,550
Then you can select all this option and then finally you can run it.

167
00:12:09,580 --> 00:12:09,910
Right.

168
00:12:09,910 --> 00:12:16,260
So the moment you run this, you see the file has been created, the file has been created now.

169
00:12:16,540 --> 00:12:23,020
And that's the way you can see that is being stored in C use a root temp.

170
00:12:23,350 --> 00:12:29,650
This is the filename which has been created, OK, and that's the way you convert any backfill into

171
00:12:29,650 --> 00:12:30,420
Dorte XY.

172
00:12:30,670 --> 00:12:33,370
So you've got just to give you a recap from the.

173
00:12:33,370 --> 00:12:41,800
Well, we have actually we have actually generated a payload in partial and that was generated in back

174
00:12:41,800 --> 00:12:42,490
extension.

175
00:12:43,210 --> 00:12:46,810
Then we need to convert that by backfill into docking.

176
00:12:46,840 --> 00:12:53,380
Except for that to happen, we need a tool called that back to we can work for now.

177
00:12:53,380 --> 00:12:57,010
The challenges that tool itself can run only on the windows.

178
00:12:57,310 --> 00:13:02,830
So in order to support the Dorte XY conversion, we have to have wine for a wine to.

179
00:13:03,210 --> 00:13:11,360
Which help us to install any naughty fun, that's why we install wine and wine, basically help us to

180
00:13:11,430 --> 00:13:12,840
not to eat too.

181
00:13:13,260 --> 00:13:18,930
And once it has been launched, then it can convert any backfill to see five.

182
00:13:19,530 --> 00:13:19,910
All right.

183
00:13:19,920 --> 00:13:23,390
So that's that's the that's the ultimate result.

184
00:13:23,700 --> 00:13:28,230
And that's the way we get the people file for target machine.

185
00:13:28,620 --> 00:13:29,000
All right.

186
00:13:29,010 --> 00:13:31,860
So I hope you got the sense we get you in the next session.

187
00:13:31,920 --> 00:13:32,400
Thank you.