1
00:00:01,200 --> 00:00:07,500
‫Using MSF Venom, you can create more complicated malware doing this.

2
00:00:07,770 --> 00:00:12,690
‫You may suppose it will not be easy for the security systems to recognize the malware.

3
00:00:13,590 --> 00:00:15,630
‫Look at the examples seen in the slide.

4
00:00:16,170 --> 00:00:19,950
‫You can use Dash e parameter to encode the payload.

5
00:00:20,700 --> 00:00:25,590
‫You can use MSF Venom Dash El Encoders to see the list of encoders.

6
00:00:26,250 --> 00:00:30,180
‫With the Dash II parameter, you can encode the payload several times.

7
00:00:30,600 --> 00:00:37,350
‫In this example, it was 10 times Dash K is used to preserve the template behavior and inject the payload

8
00:00:37,350 --> 00:00:38,100
‫as a new thread.

9
00:00:38,610 --> 00:00:45,270
‫If you use this option, the size of the output file becomes a bit bigger than the template file.

10
00:00:46,480 --> 00:00:51,310
‫But do not forget that you are still using a standard Metasploit payload.

11
00:00:52,940 --> 00:00:55,040
‫Let's take a closer look at the listener.

12
00:00:56,060 --> 00:01:02,300
‫If you use a payload with a reverse connection, also known as a connect back, you, the attacker have

13
00:01:02,300 --> 00:01:04,610
‫set up a listener first on your box.

14
00:01:05,240 --> 00:01:09,800
‫The victim or target machine acts as a client connecting to that listener.

15
00:01:10,220 --> 00:01:12,740
‫And then finally, you receive the session.

16
00:01:14,150 --> 00:01:21,650
‫Exploits multi slash handler module of Metasploit Framework is used to collect and manage multiple sessions

17
00:01:21,650 --> 00:01:23,180
‫from different platforms.

18
00:01:24,140 --> 00:01:31,100
‫You can see the detailed options of the handler using Show Advanced Command if you set exit on session

19
00:01:31,100 --> 00:01:35,480
‫false, the handler continues to listen when an active session is killed.

20
00:01:36,970 --> 00:01:44,110
‫Set the same payload with the malware and set the option of the payload if you run the handler using

21
00:01:44,110 --> 00:01:48,310
‫the exploit Dash J Command, the handler runs in the background.

22
00:01:49,880 --> 00:01:52,430
‫When a session is opened, a message appears.

23
00:01:53,720 --> 00:01:57,680
‫Use session, Dash L Command to list the active sessions.

24
00:01:59,300 --> 00:02:05,510
‫To activate a session use session, Dash, I command with the ID number of that session.

25
00:02:07,500 --> 00:02:11,280
‫You can use background command to send the session background.

26
00:02:13,370 --> 00:02:17,480
‫Use session, Dash Kay with Session ID to kill session.

27
00:02:18,110 --> 00:02:23,900
‫If you use Dash K Uppercase K parameter, you kill all captured sessions.