1
00:00:00,210 --> 00:00:02,580
Hello everybody and welcome back.

2
00:00:02,580 --> 00:00:10,590
And right now let's see how we can actually make our file or our reverse shell to be an image or not

3
00:00:10,590 --> 00:00:15,030
to be an image to be to actually to actually open an image.

4
00:00:15,150 --> 00:00:16,950
Once a target double clicks it.

5
00:00:17,370 --> 00:00:26,460
So we want to make a reverse shell that actually can open an image as soon as it is clicked on.

6
00:00:26,460 --> 00:00:28,340
So let's see what we can do that.

7
00:00:28,410 --> 00:00:35,970
Now on my use be drive I have right here the this image right here that J Peck and we will try to make

8
00:00:36,570 --> 00:00:44,020
our target execute the reverse shell and also open this image at the same time.

9
00:00:44,800 --> 00:00:47,460
So let us see how we can do that.

10
00:00:47,590 --> 00:00:52,990
We can simply do that by going into our reverse shell that P Y.

11
00:00:53,550 --> 00:00:59,740
But let me just remove all of these screenshots from the previous video.

12
00:00:59,770 --> 00:01:01,860
Also this minus.

13
00:01:01,960 --> 00:01:09,040
And also build minus r so we should only have these two files and let us go into the reverse shall not

14
00:01:09,040 --> 00:01:10,180
be white.

15
00:01:10,330 --> 00:01:13,550
Now we need to import something called cis.

16
00:01:13,680 --> 00:01:15,670
Now since we already did import it.

17
00:01:15,670 --> 00:01:18,110
This is where we are going to use it right now.

18
00:01:18,640 --> 00:01:23,950
So let me just say we need to go all the way down right here.

19
00:01:25,180 --> 00:01:34,780
And what we want to do is right after we actually call the registry function we want to create basically

20
00:01:34,780 --> 00:01:40,270
a file which will store the image that we will actually plug in to our reverse shell.

21
00:01:40,270 --> 00:01:41,860
Now how do we do that.

22
00:01:41,860 --> 00:01:49,060
Well basically what we want to type right here so perhaps we want to type your name which will be the

23
00:01:49,060 --> 00:02:00,130
name of our file and we will use a regular path to the CIS underscore slips me I pass which basically

24
00:02:00,130 --> 00:02:05,750
creates a temporary folder which will store this image and we can call it.

25
00:02:06,010 --> 00:02:10,780
We actually need to call it the same as the year as the name of the image.

26
00:02:10,780 --> 00:02:19,430
So let me just plug in my youth B drive since I will need my image in order to compile it with the program.

27
00:02:19,430 --> 00:02:30,860
So open files we find the image itself and what we want to do is I want to move this image to the folder

28
00:02:30,860 --> 00:02:33,920
where I have my server and reverse shelf.

29
00:02:33,920 --> 00:02:41,990
So I will just copy the dragon to be root python programs and then reverse.

30
00:02:42,440 --> 00:02:51,570
And then I can exit this since I have it right there but actually I just need to also let me just I

31
00:02:51,800 --> 00:03:01,670
need to also copy the file of that image so I can reverse less and just copy the file the name of the

32
00:03:01,670 --> 00:03:05,270
image that you want to use copied like this.

33
00:03:05,270 --> 00:03:12,150
Now I can close it and then you paste it right here and then you add the additional double quotes.

34
00:03:12,260 --> 00:03:19,100
So you need to add this right here this will use a temporary pi installer folder with the name of the

35
00:03:19,100 --> 00:03:20,400
image itself.

36
00:03:20,450 --> 00:03:26,300
So it will store it right there and as soon as target opens it it will open this path right here.

37
00:03:26,780 --> 00:03:29,750
So what we want to do is actually open that path.

38
00:03:30,140 --> 00:03:32,210
So the target opens the image.

39
00:03:32,240 --> 00:03:40,020
So we would do that with the support process not be open and we want to open the name which is the path

40
00:03:40,290 --> 00:03:42,410
this path with this image right here.

41
00:03:43,410 --> 00:03:47,740
And we want to type your regulatory shell equally strong.

42
00:03:48,480 --> 00:03:49,590
Then we close this

43
00:03:52,200 --> 00:03:58,310
except and here you can basically just type tyrannical if you want.

44
00:03:58,310 --> 00:04:03,420
For example I know no equals three.

45
00:04:03,960 --> 00:04:06,660
Now this is just some part of the code which doesn't really matter.

46
00:04:06,660 --> 00:04:10,720
So this will do if the code before doesn't work.

47
00:04:10,840 --> 00:04:20,100
And let's say addition equals no close number one.

48
00:04:20,100 --> 00:04:24,680
Now this is basically you can just type here anything you want.

49
00:04:24,930 --> 00:04:26,230
I just typed here this.

50
00:04:26,230 --> 00:04:34,500
This can also also help in preventing some anti viruses since they can basically notice there are some

51
00:04:34,500 --> 00:04:36,030
regular functions in there.

52
00:04:36,030 --> 00:04:42,860
Now this is just not really that good of a function but I just coded anything for the accept rule.

53
00:04:42,870 --> 00:04:47,550
So if the opening of the image doesn't work it will just perform this and it will continue with the

54
00:04:47,550 --> 00:04:49,230
regular connection.

55
00:04:49,230 --> 00:04:55,710
So right now basically all we need to do is compile the program so it can actually contain the image

56
00:04:55,710 --> 00:05:01,680
itself and when it prints the image into this directory right here it will then open the image with

57
00:05:01,680 --> 00:05:02,790
this command.

58
00:05:02,790 --> 00:05:12,750
So this is all we need to specify right now let us control all this and let us try and see how we can

59
00:05:12,750 --> 00:05:17,580
actually compile this with this image right here.

60
00:05:17,580 --> 00:05:30,140
So let us use wine route dot wine drive seed python scripts by installer that the see and what we want

61
00:05:30,140 --> 00:05:32,900
to do right now is add the data.

62
00:05:32,900 --> 00:05:35,320
Now this we can do with this command right here.

63
00:05:35,320 --> 00:05:42,890
So there's that ad dash data and under the double quotes we need to specify the path to the image that

64
00:05:42,890 --> 00:05:49,160
we want to add in my case it is the root python programs reverse and then the dragon dot J.

65
00:05:49,160 --> 00:05:51,240
Back then it close the quotes.

66
00:05:51,240 --> 00:05:56,420
Now before you close the quotes there are some syntax for pine so you need to add before the second

67
00:05:56,620 --> 00:06:02,830
code closed you need to add the comma and not just find it.

68
00:06:02,840 --> 00:06:06,350
Where is it.

69
00:06:06,350 --> 00:06:06,830
Here it is.

70
00:06:06,830 --> 00:06:12,620
So this come on dot and you also need to add the DOT after it.

71
00:06:12,620 --> 00:06:15,620
So you need to have this at the end.

72
00:06:15,650 --> 00:06:17,750
Let me zoom in 10 so you can see it doing better.

73
00:06:18,110 --> 00:06:23,460
So this is something that you need to have before ending the comment right now.

74
00:06:23,510 --> 00:06:30,610
Me ask is this is too big we want to add the regular things such as one file and no console.

75
00:06:31,100 --> 00:06:35,850
And right now if I compile this program it should have.

76
00:06:36,500 --> 00:06:41,810
Let me just see my installer too few arguments.

77
00:06:42,140 --> 00:06:45,990
Not really sure what it means by too few arguments.

78
00:06:49,300 --> 00:06:55,960
Let me just check it out right here at the data root both programs.

79
00:06:56,160 --> 00:06:57,000
OK.

80
00:06:57,130 --> 00:07:05,050
One file no console.

81
00:07:05,420 --> 00:07:06,070
Not really sure.

82
00:07:06,070 --> 00:07:08,000
White says too few arguments.

83
00:07:11,600 --> 00:07:14,540
Let's try to actually delete this.

84
00:07:14,630 --> 00:07:20,270
Maybe this is something that we need to specify right after we plug in the icon for known.

85
00:07:20,270 --> 00:07:24,980
Let us just use this invalid data binary value

86
00:07:30,250 --> 00:07:31,840
let's try with this.

87
00:07:31,840 --> 00:07:34,720
I'm not really sure if I remember the syntax correctly.

88
00:07:37,880 --> 00:07:45,380
OK so let me just try to play this down one rule to drive see everything is good.

89
00:07:45,380 --> 00:07:49,820
Pyne's told that the AKC data than the path

90
00:07:53,060 --> 00:07:54,870
than the thought right here.

91
00:07:54,900 --> 00:07:58,560
I believe that is the syntax if it is not I'll have to check it out.

92
00:08:00,730 --> 00:08:06,480
One filed and then no Consul.

93
00:08:07,720 --> 00:08:09,660
OK so this doesn't seem to work.

94
00:08:09,660 --> 00:08:15,750
Now we will try to make it work with the icon as well so I will just add the icon to the file.

95
00:08:15,840 --> 00:08:18,090
Now in order for you to create the icon

96
00:08:21,550 --> 00:08:27,070
in order for you to make the icon of our program just go to your Firefox.

97
00:08:27,070 --> 00:08:29,160
Maybe that is something that we need to specify.

98
00:08:29,170 --> 00:08:35,870
I was going to do that in the next video but we can do it right now as well so go to the for website

99
00:08:35,890 --> 00:08:49,010
called HDP S slash slash convert loops convert IDE code dot com slash JPEG

100
00:08:51,780 --> 00:08:54,790
to IKO.

101
00:08:56,240 --> 00:09:01,790
So it will lead you to this Web site where you can upload an image and what this will do is it will

102
00:09:01,790 --> 00:09:08,020
create the icon file or basically the icon for your image so we can click right here to upload it.

103
00:09:10,080 --> 00:09:11,770
Let's click right here.

104
00:09:11,790 --> 00:09:20,160
Let's go to the root then go to the python programs where my images reverse and upload this image

105
00:09:23,830 --> 00:09:25,260
and then we can OK.

106
00:09:25,360 --> 00:09:26,430
So it's finished.

107
00:09:26,500 --> 00:09:28,290
So you just click here on the right side.

108
00:09:28,300 --> 00:09:31,390
It will be the icon which is created from your image.

109
00:09:31,390 --> 00:09:33,540
You just click this arrow right here.

110
00:09:33,550 --> 00:09:37,300
So download this icon and it will download the icon for us.

111
00:09:37,390 --> 00:09:44,760
We want to save it then we want to check out in which directory it is so we can use it in our command

112
00:09:46,470 --> 00:09:48,840
we can see that it is in the downloads directory.

113
00:09:49,020 --> 00:09:51,060
So we will specify that path.

114
00:09:51,060 --> 00:09:54,930
Once we specify the icon option in our pie installer comment.

115
00:09:54,930 --> 00:09:57,550
So we know that it is in the Dallas directories.

116
00:09:58,260 --> 00:10:00,120
We go back to here.

117
00:10:00,120 --> 00:10:02,650
So we use the same command as before they did it for us.

118
00:10:02,670 --> 00:10:08,730
So just specify that data and then this with the DOT and the comma and then dot after it.

119
00:10:08,730 --> 00:10:11,790
Then one file then no console.

120
00:10:11,910 --> 00:10:18,600
And after that you want to specify dash dash icon and then the path to the icon which is Route downloads

121
00:10:18,960 --> 00:10:21,260
and then the name of the icon itself.

122
00:10:21,270 --> 00:10:26,700
Now I just notice that the reason why this didn't work is because we didn't even specify to the file

123
00:10:26,700 --> 00:10:33,210
that we want to actually compile it didn't have anything to do with the icon so you didn't have to do

124
00:10:33,210 --> 00:10:34,030
this part.

125
00:10:34,170 --> 00:10:38,940
All you had to do after the no console party just type your reverse shall not be white.

126
00:10:39,330 --> 00:10:42,030
But since we already did this let's continue with it.

127
00:10:42,030 --> 00:10:46,550
We have the icon saved in the downloads folder which is the icon for our file.

128
00:10:46,680 --> 00:10:51,210
And right now after it we want to just specify the name of the file that we want to compile.

129
00:10:51,210 --> 00:10:53,260
So we have everything specified.

130
00:10:53,280 --> 00:10:54,720
And if I just click your enter

131
00:10:58,000 --> 00:11:04,180
it will start compiling our program while adding the image and also adding the icon for our program.

132
00:11:04,510 --> 00:11:11,110
So you will see that we will have a program that will have the icon of the image and it will also open

133
00:11:11,110 --> 00:11:12,250
the image itself.

134
00:11:12,340 --> 00:11:20,830
Once we actually click or double click it on our P.C. but since we do not want it to open the image

135
00:11:20,830 --> 00:11:21,430
every time.

136
00:11:21,430 --> 00:11:27,860
So for example once we create the persistence we do not want to match to make image open.

137
00:11:27,860 --> 00:11:31,650
That's why we coded this part right here.

138
00:11:31,920 --> 00:11:32,880
So why.

139
00:11:33,230 --> 00:11:37,480
That's why we called coded it to open the image in the lower part.

140
00:11:37,600 --> 00:11:43,480
If this goes or its location doesn't exist which means that this is running the first time which means

141
00:11:43,540 --> 00:11:49,570
it should open the image now any other time that this is running at a startup after the reboot it should

142
00:11:49,570 --> 00:11:55,390
not open the image and it will not open the image since this part of the code is only are under these

143
00:11:55,390 --> 00:11:57,090
circumstances right here.

144
00:11:57,100 --> 00:12:02,980
So every time we go after the first time this image will not be opened anymore by the target which is

145
00:12:02,980 --> 00:12:04,080
good.

146
00:12:04,090 --> 00:12:09,010
So right now what we want to do first of all in order to see if the image opens correctly we want to

147
00:12:09,010 --> 00:12:15,360
first delete the first file from our IP data and then go to roaming.

148
00:12:15,520 --> 00:12:21,840
And then if I just type here let me just show you there and delete the backdoor that you.

149
00:12:23,340 --> 00:12:27,490
I will exit this program since I need to also delete this in the registry.

150
00:12:27,490 --> 00:12:31,840
So just type you run the risk at it OK.

151
00:12:31,910 --> 00:12:38,180
It will ask for administrator password and what they wanted to do is just delete these backdoor so delete

152
00:12:38,180 --> 00:12:40,480
it deleting will.

153
00:12:40,480 --> 00:12:42,790
Are you sure you want to permanently delete this value.

154
00:12:42,820 --> 00:12:43,440
Yes.

155
00:12:43,480 --> 00:12:48,250
Now make sure to not let anything else since deleting the wrong things can actually make your computer

156
00:12:48,250 --> 00:12:50,630
crash and your windows not work anymore.

157
00:12:50,630 --> 00:12:54,240
So be careful while using the registry added so.

158
00:12:54,360 --> 00:12:54,780
Right.

159
00:12:54,790 --> 00:12:59,560
All we have to do right now is run our program first of all.

160
00:12:59,890 --> 00:13:07,060
We will run the server listening for incoming connections then what we want to do is actually copy from

161
00:13:07,060 --> 00:13:14,150
another terminal in the executable to the media.

162
00:13:14,200 --> 00:13:15,340
Ruth.

163
00:13:15,790 --> 00:13:18,880
Once we copied there we want to exit this terminal.

164
00:13:19,300 --> 00:13:24,580
We want to unplug the device and large this.