1
00:00:00,300 --> 00:00:02,340
Hello everybody and welcome back.

2
00:00:02,340 --> 00:00:07,950
And right now let us continue on fixing and adding a different functions to our back door.

3
00:00:08,640 --> 00:00:13,560
So first thing you might have noticed in the previous videos or in the first video where we tried to

4
00:00:13,560 --> 00:00:15,960
actually run our our backdoor.

5
00:00:16,110 --> 00:00:21,630
You might have noticed that we can't really change our directories so we can go on directly back or

6
00:00:21,630 --> 00:00:29,160
forward or basically change to any other directory instead of the instead of the directory that we ran

7
00:00:29,160 --> 00:00:30,260
the program in.

8
00:00:30,300 --> 00:00:33,680
So we want to be able to change that and how we do that.

9
00:00:33,690 --> 00:00:37,440
Well basically first of all let us know the reverse Sheldon UI

10
00:00:40,760 --> 00:00:44,960
so let's see what we have to do in order to get this to work.

11
00:00:44,960 --> 00:00:54,710
So first of all we want to go to our show function right here so let us tap this a little bit down and

12
00:00:54,710 --> 00:00:57,610
we can see right now we have these two options right here.

13
00:00:57,620 --> 00:01:05,180
Q for breaking and try and accept rule with basically executing the system commands on target system.

14
00:01:05,420 --> 00:01:12,830
We want to add another option right here and we also covered in the python basics that we can run and

15
00:01:12,920 --> 00:01:21,700
if else command with multiple statements with using l If so we will after the Q specify the L if command.

16
00:01:22,040 --> 00:01:30,390
And right now we want to specify basically what to do if the if we try to change the directory.

17
00:01:30,390 --> 00:01:37,400
So in our reverse show Let's think first what the target or what the reverse shall we receive.

18
00:01:37,410 --> 00:01:45,630
Once we try to change the directory we know that in Windows if I go my command prompt it is same as

19
00:01:45,630 --> 00:01:46,200
in the Linux.

20
00:01:46,200 --> 00:01:52,770
We can change the directory with the C D or CB desktop will change the directory to desktop we can see

21
00:01:52,770 --> 00:01:59,250
that we have three spaces right here first to take the D two characters which is C D and then the third

22
00:01:59,250 --> 00:02:02,040
space right here is the empty space.

23
00:02:02,310 --> 00:02:08,430
So we know that first we specify the C D command which is two letters and then we add space and then

24
00:02:08,430 --> 00:02:11,100
specify the path to the directory we want to change.

25
00:02:11,700 --> 00:02:14,780
So we need to keep that in mind the ones we write this.

26
00:02:14,850 --> 00:02:22,260
So the target machine or the reverse shall we receive a command that will always start with C D empty

27
00:02:22,260 --> 00:02:24,930
space and then the path.

28
00:02:24,960 --> 00:02:29,160
So what we want to do is basically just select here.

29
00:02:29,190 --> 00:02:41,990
Else if command equals so double quote equals to the C E code the quotes and right here we cannot specify

30
00:02:42,110 --> 00:02:47,780
the command equals two that we need to specify if two letters of the command equal to C D first two

31
00:02:47,780 --> 00:02:49,910
letters or first two characters.

32
00:02:49,910 --> 00:02:54,620
Now we know that we actually covered in Python basically a string manipulation so we know that we can

33
00:02:54,620 --> 00:03:01,520
select the first letters we're typing two dots and then two this will all select the first two characters

34
00:03:01,760 --> 00:03:10,590
from zero or basically the character labeled is number zero and character labeled as number one.

35
00:03:10,650 --> 00:03:16,530
So all the characters up to the second one and we know that it starts from 0 0 0 and 1 are actually

36
00:03:16,530 --> 00:03:17,850
first two characters.

37
00:03:17,880 --> 00:03:24,840
So here we specified if the command if the first two characters of the command equal C D.

38
00:03:25,890 --> 00:03:32,280
We also want to specify and the length of the command is bigger than one.

39
00:03:33,570 --> 00:03:42,770
Now this means that if the length of the command is a is a larger than two letters so for example if

40
00:03:42,780 --> 00:03:48,660
I just type your C DB You can see that the C D command in windows actually print my current working

41
00:03:48,660 --> 00:03:53,820
directory it is same as P W Dean Linux in Windows it is just silly.

42
00:03:54,270 --> 00:04:00,120
So we want to differentiate these two comments so C D which prints the working directory and c d to

43
00:04:00,150 --> 00:04:02,910
another directory which is for example desktop.

44
00:04:02,970 --> 00:04:05,260
So that's why it specified right here.

45
00:04:05,400 --> 00:04:12,720
If the command is the first to collect the letters of the command equal C D and the left the command

46
00:04:12,720 --> 00:04:13,840
is weaker than one.

47
00:04:13,860 --> 00:04:19,980
This means that we want to change our directory to some other path since we specified an empty space

48
00:04:20,160 --> 00:04:21,800
after the after the C D.

49
00:04:22,350 --> 00:04:30,510
And we want to add the two dots right here and all we want to do is write to try and accept rule right

50
00:04:30,510 --> 00:04:30,900
here.

51
00:04:31,530 --> 00:04:38,570
So we actually if for example we run this on target and we have wrongly specified did depart that want

52
00:04:38,570 --> 00:04:41,160
to change our directory to this program will break.

53
00:04:41,160 --> 00:04:43,280
If we do not have a tried and acceptable.

54
00:04:43,590 --> 00:04:47,900
So we want to try to change our directory and we will try it.

55
00:04:47,940 --> 00:04:58,200
We always dot c h there and then we were did we will be actually the command just or the command after

56
00:04:58,200 --> 00:05:05,590
the first three letters and what the path to the directory will be is the command.

57
00:05:05,640 --> 00:05:13,230
Just after the first three characters so command then we specify these brackets right here and then

58
00:05:13,230 --> 00:05:19,140
three and then two dots after the three we closed these brackets and we closed the second bracket.

59
00:05:19,170 --> 00:05:27,930
This means that the path that this function right here will try to change its path to the remaining

60
00:05:27,930 --> 00:05:32,640
of the command right after the first three characters and we know that the first three characters are

61
00:05:32,640 --> 00:05:34,530
C D and then and this base.

62
00:05:34,590 --> 00:05:36,110
So after that we'll be the part.

63
00:05:36,180 --> 00:05:43,110
So we know that we will change the path to that part of the command and we want to accept in the case

64
00:05:43,140 --> 00:05:44,970
that directory doesn't exist.

65
00:05:44,970 --> 00:05:46,680
We want to send something back.

66
00:05:46,830 --> 00:05:53,640
So we will use a reliable send or actually let's just continue right here.

67
00:05:53,640 --> 00:05:55,470
We do not want to use a reliable census.

68
00:05:55,470 --> 00:06:02,620
There is no point so continue which will actually just continue with our while True loop.

69
00:06:02,790 --> 00:06:09,690
So we specified right here to change our directory if the first two letters are C D and the length of

70
00:06:09,690 --> 00:06:11,310
the command is bigger than one.

71
00:06:11,970 --> 00:06:19,440
And we also specified if that directory can be changed to We want to specify the code to continue executing.

72
00:06:19,470 --> 00:06:27,830
So this should be about it for this reverse shall not be y side part of code or deed C D.

73
00:06:27,840 --> 00:06:37,290
Now we will also want to specify the what the server should do once the reverse shall basically execute

74
00:06:37,350 --> 00:06:38,940
the change we call directory command.

75
00:06:38,940 --> 00:06:45,920
So if you notice right here and right after we execute this command we do not sign.

76
00:06:45,930 --> 00:06:48,190
We do not send anything to the server.

77
00:06:48,270 --> 00:06:51,270
So what the reliable shall we do.

78
00:06:51,280 --> 00:06:56,640
Or pardon me what the reverse shall we do after we execute the general directory to go back to the beginning

79
00:06:56,640 --> 00:06:59,700
of our true loop and it will try to receive the commands.

80
00:07:00,090 --> 00:07:05,100
And this will create the problem if we do not code the server part of the C D command as well.

81
00:07:05,100 --> 00:07:12,100
C is the server will wait for the reply and disable the server and both call both backdoor.

82
00:07:12,120 --> 00:07:17,880
We'll both be waiting for the replies at the same time and that will terminate our connection and it

83
00:07:17,880 --> 00:07:18,560
will bug out.

84
00:07:18,570 --> 00:07:25,540
So we want to change the part of the server code as well so save the river shall see your city URL ex

85
00:07:25,600 --> 00:07:31,440
to exit can we want to nano our server not be why we want to go to the same part right here which is

86
00:07:31,460 --> 00:07:38,310
the true true and we want to add right here elusive and we're basically what we want to are the same

87
00:07:38,310 --> 00:07:48,960
as in the previous code so elusive command first two letters equal C D and the length of the command

88
00:07:50,970 --> 00:07:51,930
is bigger than one.

89
00:07:51,930 --> 00:07:58,530
Basically same as in the reverse shell comment but right here we do not want to perform anything we

90
00:07:58,530 --> 00:08:00,780
just want to continue.

91
00:08:00,780 --> 00:08:02,330
Now why do we want to continue.

92
00:08:02,430 --> 00:08:03,440
But we are the server.

93
00:08:03,450 --> 00:08:05,850
We are not really performing anything on our target.

94
00:08:05,850 --> 00:08:13,140
We just wanted to send a command for the changing over directory to the target and we want to go back

95
00:08:13,140 --> 00:08:17,370
to beginning of our work while the true low point we can send the next command.

96
00:08:17,370 --> 00:08:20,900
So this is the entire part of the server code for DC D.

97
00:08:21,240 --> 00:08:30,150
So just say this can let us compile our reverse shall we use the same commands before I will just go

98
00:08:30,150 --> 00:08:31,680
backwards until I find it.

99
00:08:31,710 --> 00:08:35,230
So here it is we have the same command.

100
00:08:35,230 --> 00:08:36,650
So just run it.

101
00:08:36,670 --> 00:08:41,640
This is something that we did already three times so you should be already familiar with it and all

102
00:08:41,660 --> 00:08:47,170
we want to do is just run and try to change our directory with our code in order to see if it works

103
00:08:47,170 --> 00:08:49,680
properly so see these tests.

104
00:08:49,870 --> 00:08:52,190
We have our reverse shell right here.

105
00:08:52,230 --> 00:09:00,080
Want to open our B drive first of all we want to change the directory to the units we drive.

106
00:09:04,640 --> 00:09:09,140
Not really sure why he doesn't want to change the rectory there OK.

107
00:09:09,400 --> 00:09:11,840
Want to delete the previous reverse shell.

108
00:09:12,400 --> 00:09:13,690
Let this go back to the

109
00:09:16,570 --> 00:09:23,430
2 hour this folder and copy the reverse dot shell to be our USP drive.

110
00:09:23,440 --> 00:09:32,140
So just copy it there and then you can do as usual by deleting all of these previous files that we created

111
00:09:32,270 --> 00:09:34,930
in the compilation.

112
00:09:34,930 --> 00:09:42,370
Right now if we unplug our B drive and we confront the server

113
00:09:47,080 --> 00:09:52,280
and we copy this desktop we double click and try to run it.

114
00:09:52,280 --> 00:09:59,780
Right now we should be able to actually change our directory so let's see if we receive the connection

115
00:09:59,780 --> 00:10:03,290
back on our target or from our server.

116
00:10:03,320 --> 00:10:04,870
We still didn't receive anything.

117
00:10:04,880 --> 00:10:09,390
That is because we need to wait 20 seconds before reprice first time to connect.

118
00:10:09,440 --> 00:10:12,380
So we should be getting the connection back any second.

119
00:10:12,380 --> 00:10:13,470
Here it is.

120
00:10:13,570 --> 00:10:14,430
And right now.

121
00:10:14,480 --> 00:10:18,060
First of all we want to check out two commands one of them is just C D.

122
00:10:19,280 --> 00:10:19,910
Which doesn't.

123
00:10:19,910 --> 00:10:22,490
Which actually allows us if I just type your point I.

124
00:10:23,040 --> 00:10:24,690
You can see it doesn't bug out.

125
00:10:24,710 --> 00:10:31,090
We get DCD and the shell back and the next thing we want to check out is the changing of our directory

126
00:10:31,100 --> 00:10:33,490
so we know that we are in the desktop directory.

127
00:10:33,650 --> 00:10:40,560
Since we are actually running the pile from there and if I type there you can see we are in this directory.

128
00:10:40,640 --> 00:10:44,230
So what happens if we go on directory back.

129
00:10:44,390 --> 00:10:50,180
We want to type your data once again and you can see we managed to go one directory back and actually

130
00:10:50,180 --> 00:10:57,310
go to the users directory so let's go back to the desktop there.

131
00:10:57,580 --> 00:11:03,420
So we are on desktop make directory called test as we can see we successfully made it it's right here.

132
00:11:03,580 --> 00:11:10,150
And if we just change in directory to test and take you there you can see we are currently in the test

133
00:11:10,150 --> 00:11:16,230
directory and there is nothing there since we didn't create any file there so that would be about it

134
00:11:16,240 --> 00:11:17,800
for this tutorial.

135
00:11:17,800 --> 00:11:24,460
We managed to make our reverse shell or backdoor basically to be able to actually change the directory

136
00:11:24,940 --> 00:11:28,240
and not create an error while doing that.

137
00:11:28,300 --> 00:11:36,640
So right now we have almost a fully functioning rebel shell what we want to do is basically also add

138
00:11:36,640 --> 00:11:41,650
the download and upload function so we can actually download and upload files from the target system

139
00:11:42,100 --> 00:11:48,700
and also upload it and also upload them to the target system and that will do in the next videos.

140
00:11:48,700 --> 00:11:51,320
So I hope I see you there and take care.

141
00:11:51,440 --> 00:11:51,730
Bye.