1
00:00:00,270 --> 00:00:06,680
Hello everybody and welcome back to our final actual attack with our key logger on back door.

2
00:00:07,290 --> 00:00:13,710
So right now what we want to actually do is before we run the attack let us first of all delete the

3
00:00:13,740 --> 00:00:18,270
backdoor from our persistence and also delete the registry key for our persistence.

4
00:00:18,270 --> 00:00:24,420
So if I just type here there at this directory right here so there and you delete the backdoor that

5
00:00:24,420 --> 00:00:28,580
the AKC so we can actually fully run the actual.

6
00:00:29,340 --> 00:00:33,580
Let me just see the night.

7
00:00:33,840 --> 00:00:36,330
It could be because it's open already.

8
00:00:36,360 --> 00:00:41,070
So I didn't quote the reversal previously so let us see.

9
00:00:41,150 --> 00:00:50,870
I have multiple revolver shells opened patient cannot be completed sometimes it causes properly and

10
00:00:50,870 --> 00:00:56,090
sometimes it doesn't close properly but it could be something with my window stand it could also be

11
00:00:56,090 --> 00:00:57,170
something with the reverse shell.

12
00:00:57,170 --> 00:01:02,380
But we saw in the previous video everything works perfectly we can execute commands we can take screenshots

13
00:01:02,420 --> 00:01:04,190
and so on so on.

14
00:01:04,190 --> 00:01:11,100
So we want to delete now the backdoor we check once again there nothing is here so we do not have the

15
00:01:11,170 --> 00:01:11,800
backdoor.

16
00:01:12,190 --> 00:01:20,570
Now let's also delete the registry so go to direct added administrator password.

17
00:01:20,570 --> 00:01:25,130
We want to go to the actual not this part.

18
00:01:25,130 --> 00:01:26,540
We want to go to the

19
00:01:29,160 --> 00:01:40,760
current user then the software we find Microsoft right here we find Windows current version and then

20
00:01:40,910 --> 00:01:48,350
run which is right here we do beat our backdoor delete it.

21
00:01:48,550 --> 00:01:51,260
Are you sure you want to permanently delete this value.

22
00:01:51,260 --> 00:01:51,860
Yes.

23
00:01:51,860 --> 00:01:57,580
And right now before we actually run our backdoor we want to actually make a few changes.

24
00:01:57,710 --> 00:02:01,130
So this actually doesn't look so suspicious.

25
00:02:01,130 --> 00:02:04,180
For example we do not want to change our will.

26
00:02:04,220 --> 00:02:10,580
We do not want to create a persistence with a name called backdoor not the AKC let's call it windows

27
00:02:10,580 --> 00:02:20,350
32 not the AKC for example something that doesn't doesn't get to much of the attention even if it is

28
00:02:20,350 --> 00:02:22,420
seen in a folder.

29
00:02:22,420 --> 00:02:28,460
So we change the location of the backdoor to be windows 32 not the AKC.

30
00:02:28,750 --> 00:02:35,470
But this also means that we have to change a few other things such as or we do not actually have to

31
00:02:35,470 --> 00:02:38,390
change right here since it specifies it as a variable.

32
00:02:38,500 --> 00:02:45,840
But what we do have the changes right here key logger that the external let's call it for example Windows

33
00:02:45,840 --> 00:02:55,770
not the 60 or I don't even know let's call it process manager not the 60 doesn't even matter you can

34
00:02:55,770 --> 00:03:01,140
call it whatever you want just don't call it kill loggers since if someone sees that it will know that

35
00:03:01,470 --> 00:03:05,900
basically they have a kill logging on their system and then they will delete that folder.

36
00:03:06,450 --> 00:03:12,390
So we change these too but you need to know that if we change the process manager right here or basically

37
00:03:12,390 --> 00:03:18,620
the key logger that you see right here we also have to change it in our key logger so nano kilogram

38
00:03:18,620 --> 00:03:19,540
of pie.

39
00:03:19,710 --> 00:03:25,230
And right here we have to change it to be process manager.

40
00:03:25,230 --> 00:03:30,160
So they have to be the same so let's see if anything else right here.

41
00:03:30,160 --> 00:03:31,190
Nothing really.

42
00:03:31,210 --> 00:03:34,930
Here we have on along already our reverse shovel ready.

43
00:03:34,930 --> 00:03:42,230
Now let's run a full compilation command with our image so blind road not mine.

44
00:03:42,370 --> 00:03:55,300
Then drive C Python 27 then scripts by installing the AKC add data and then we specify here route windows

45
00:03:55,590 --> 00:03:58,430
or not despite by the main road python programs reverse.

46
00:03:58,570 --> 00:04:05,290
And then the name of our image we add to the image I have to add the DOT and the comma and then dot.

47
00:04:05,320 --> 00:04:07,930
So let me zoom in in case you don't see it.

48
00:04:07,960 --> 00:04:11,250
But you should already be familiar with all of these commands.

49
00:04:11,320 --> 00:04:13,490
We ran it a thousand times.

50
00:04:13,810 --> 00:04:16,380
And after that we had to specify the regular options.

51
00:04:16,720 --> 00:04:17,990
One file.

52
00:04:18,520 --> 00:04:19,740
No console.

53
00:04:19,780 --> 00:04:27,890
And we want to add the icon which we downloaded in previous videos which is Route downloads drag on

54
00:04:27,900 --> 00:04:33,730
dot IKO and then all we have to do after this is specify the name of the file we want to compile which

55
00:04:33,730 --> 00:04:37,640
is the reverse shall be why and press here enter.

56
00:04:37,720 --> 00:04:44,200
So right now what we need to do is go on our UCB import this

57
00:04:46,980 --> 00:04:52,440
then once we import that we all we have to do is copy the reverse shell into that folder and we will

58
00:04:52,440 --> 00:04:53,370
be good to go.

59
00:04:54,240 --> 00:05:00,450
So let us see how all of this will work we'll try out all of our available options in order to check

60
00:05:00,450 --> 00:05:04,220
out every option if it works correctly at the final project.

61
00:05:04,230 --> 00:05:09,540
So go to this more reverse shell to media route.

62
00:05:09,550 --> 00:05:12,380
Kelly live We cope the shell there.

63
00:05:13,880 --> 00:05:15,370
Everything is copied.

64
00:05:15,890 --> 00:05:25,310
We delete all of the unnecessary files and we run our server so server listens for incoming connection.

65
00:05:25,310 --> 00:05:27,220
We now unplug our view as we drive

66
00:05:30,050 --> 00:05:32,960
we can paste it on our desktop right here.

67
00:05:32,990 --> 00:05:38,560
Woops bunch of programs opened for some reason right here.

68
00:05:38,560 --> 00:05:41,450
It doesn't really have the icon but it doesn't matter.

69
00:05:41,570 --> 00:05:43,680
We can see before we actually run it.

70
00:05:43,700 --> 00:05:48,640
If I just type your deal once again there is no back door to see there is no key logger that the extreme

71
00:05:49,100 --> 00:05:52,490
right here in our in our registry.

72
00:05:52,610 --> 00:06:00,500
Right here we do not have the backdoor registry so let's run this in order to see what actually happens.

73
00:06:00,590 --> 00:06:04,840
We run the program we can see everything works perfectly.

74
00:06:04,840 --> 00:06:08,050
It opens the image so it looks diligent.

75
00:06:08,050 --> 00:06:14,320
It really does open the image that the icon specifies and right now if I in a few seconds we should

76
00:06:14,320 --> 00:06:19,380
be getting the show back and in a few seconds we should all also have the registry right here.

77
00:06:20,020 --> 00:06:25,840
So let's close the image since we do not need it now if I just go right here and there once again you

78
00:06:25,840 --> 00:06:29,050
can see right now if I just go down here we have something.

79
00:06:29,050 --> 00:06:35,530
Windows 32 that the AKC which looks like a normal windows program and it will not get any attention

80
00:06:35,800 --> 00:06:39,790
by the users now by anyone detection knows all of this stuff.

81
00:06:39,790 --> 00:06:43,170
This will actually still be suspicious but that is something we can't change.

82
00:06:43,750 --> 00:06:51,910
So we have deep in those 32 that the AKC has our backdoor with persistence in our AP data roaming folder.

83
00:06:51,910 --> 00:06:56,580
And we also have in the our registry key if we refresh with a five.

84
00:06:57,190 --> 00:07:02,110
We have once again something called backdoor which we need in which we forgot to actually change.

85
00:07:02,110 --> 00:07:07,150
I will show you later on how you can change the name of this as well in the command but the backdoor

86
00:07:07,180 --> 00:07:11,920
actually runs our persistence with these windows 32 that the AKC program.

87
00:07:11,920 --> 00:07:16,800
So right now all we have to actually do since we got the show back is execute commands.

88
00:07:16,830 --> 00:07:18,410
So who am I.

89
00:07:18,470 --> 00:07:23,410
Ah minus sake let's try something else that doesn't really work.

90
00:07:23,410 --> 00:07:30,430
So if you just type EPR minus say personal tracking so we get the error we type your IP config for example

91
00:07:30,850 --> 00:07:32,740
that stat so we can type here.

92
00:07:33,010 --> 00:07:38,410
Basically anything and we will receive all these system functions back.

93
00:07:38,670 --> 00:07:41,790
But right now let's see what our available options.

94
00:07:41,850 --> 00:07:43,140
So we can see help.

95
00:07:43,320 --> 00:07:48,990
We can download pass download the file from Target B C so let's say people there see what we can actually

96
00:07:48,990 --> 00:07:50,220
download.

97
00:07:50,220 --> 00:07:58,150
We can go to some directory in order to download some other filer files so let us see right here.

98
00:08:00,910 --> 00:08:04,120
If we have anything to download if we don't it doesn't really matter.

99
00:08:04,120 --> 00:08:07,480
We already checked it out and it worked.

100
00:08:07,630 --> 00:08:09,600
So let us open this back.

101
00:08:09,670 --> 00:08:11,590
Let's see our other available options.

102
00:08:11,590 --> 00:08:19,620
With help we can upload so upload a file to target b c we can do that right away so let us just create

103
00:08:19,620 --> 00:08:21,010
a simple file.

104
00:08:21,030 --> 00:08:27,820
Now let's try to upload it just to see if it still works so C Python and then reverse nano upload that

105
00:08:27,820 --> 00:08:32,700
key step or let's call it as the U.S. doesn't matter.

106
00:08:33,040 --> 00:08:34,150
Hello.

107
00:08:34,450 --> 00:08:43,420
Save it then we go right here and I would try to upload desktop t we see if we successfully upload the

108
00:08:43,420 --> 00:08:50,020
file we can see test out the axes right here says hello so upload a novel function's work so we delete

109
00:08:50,120 --> 00:08:55,840
it to stop the extensions we do not need it and you can see right now it doesn't exist anymore on target

110
00:08:55,890 --> 00:09:02,710
P.S. let's see what else we can do get you URL so we can download a file from any page so let's see

111
00:09:02,740 --> 00:09:08,020
how we can actually do that let's go for example to our Firefox

112
00:09:11,730 --> 00:09:16,900
then go to some for example get some repository and see if we can download the file to the target B.C.

113
00:09:17,290 --> 00:09:18,670
from the gate repository.

114
00:09:19,000 --> 00:09:25,600
So let's try to download some some actual start new session so that some actual password lists to the

115
00:09:25,600 --> 00:09:27,150
target we see in order to check.

116
00:09:27,150 --> 00:09:36,240
So ten thousand password lists will go to some a directory this should exist somewhere or basically

117
00:09:36,240 --> 00:09:39,940
we can download any passwords we want but let's just try with this.

118
00:09:39,940 --> 00:09:44,930
Scroll down let's see 10000 password listed at GitHub.

119
00:09:49,460 --> 00:09:56,630
So we go to the loops to the raw file right here in order to see the password list themselves so just

120
00:09:56,710 --> 00:10:00,780
keep it raw and specify this path right here.

121
00:10:00,920 --> 00:10:02,840
So copy.

122
00:10:03,110 --> 00:10:04,670
Let's see if this will work.

123
00:10:04,700 --> 00:10:11,120
So all we have to do is actually specify get and then the URLs so get or let's actually see in which

124
00:10:11,120 --> 00:10:17,390
director we are we are a desktop let's make directory just for this file so M.K. dear to me directory

125
00:10:18,260 --> 00:10:29,780
testing download C to testing download we can see right now we are in this directory right here that

126
00:10:29,780 --> 00:10:30,860
we created.

127
00:10:30,860 --> 00:10:33,930
Now let's get and then specify the path.

128
00:10:34,310 --> 00:10:36,350
So we press you enter.

129
00:10:36,710 --> 00:10:40,510
We wait for it to finish it says download the file for unspecified your URL.

130
00:10:40,640 --> 00:10:47,000
If we go to our testing download we can see 10 million possibilities not the extreme which has the 10

131
00:10:47,000 --> 00:10:48,700
million passwords or 10.

132
00:10:48,710 --> 00:10:49,430
I'm not really sure.

133
00:10:49,760 --> 00:10:53,060
Apparently there's 10 million but it doesn't even matter.

134
00:10:53,150 --> 00:10:53,570
This.

135
00:10:53,600 --> 00:11:00,290
We saw that this actually works I'm pretty sure there are ten thousand here not a million but doesn't

136
00:11:00,290 --> 00:11:00,950
really matter.

137
00:11:01,670 --> 00:11:03,820
So our guest function works.

138
00:11:03,830 --> 00:11:11,210
We can download any file from the Internet to target B.C. let us delete the file that's not deleted.

139
00:11:11,210 --> 00:11:14,450
We don't really care so let's take your help.

140
00:11:14,450 --> 00:11:21,050
We can see Star program on target B.C. if we just type your start notepad start calculator apps

141
00:11:23,980 --> 00:11:29,690
start explore.

142
00:11:30,770 --> 00:11:37,340
We can see it starts all of these basically windows right here so we can see start in Explorer started

143
00:11:37,430 --> 00:11:38,180
notepad

144
00:11:40,890 --> 00:11:42,620
start calculator.

145
00:11:42,810 --> 00:11:48,840
Basically we can start files on all programs that target B.C. let us check the screenshot function so

146
00:11:48,870 --> 00:11:56,730
screenshot we just press the screenshot and then would check if we successfully downloaded it in our

147
00:11:56,790 --> 00:11:58,770
directory so just go to places.

148
00:11:58,770 --> 00:11:59,550
Computer

149
00:12:02,280 --> 00:12:04,530
in order to see if we download the screenshot

150
00:12:08,690 --> 00:12:10,370
we go to the root

151
00:12:13,890 --> 00:12:19,890
and just find its python programs so programs reverse.

152
00:12:20,050 --> 00:12:26,770
And here we have our screenshots so we can see we took a screenshot of our we understand b c which is

153
00:12:26,770 --> 00:12:30,280
basically just our clinic's machine since we are running continuous machine of understand.

154
00:12:30,280 --> 00:12:33,460
You can see it is when you stand by these icons down here.

155
00:12:33,460 --> 00:12:36,280
So its creation function also works.

156
00:12:36,360 --> 00:12:38,910
Let us check out what else we have on the next one.

157
00:12:38,920 --> 00:12:44,830
Check function so check user privileges so we can see that we are running as user privileges and not

158
00:12:44,830 --> 00:12:51,610
as administrator then after that if we just type your key logger start on the score start so we can

159
00:12:51,610 --> 00:12:53,190
see before we started right here.

160
00:12:53,200 --> 00:13:00,230
There is no windows not the exterior for our key logger file we just type your key log start with type

161
00:13:00,240 --> 00:13:04,520
your day and once again we now have the loops.

162
00:13:04,560 --> 00:13:05,490
What was it called.

163
00:13:05,490 --> 00:13:08,030
What did I name it.

164
00:13:08,040 --> 00:13:10,680
Oh I went naming process manager at the D.

165
00:13:10,920 --> 00:13:18,330
So it created that folder right here and now whatever we type of no windows 10 machine shell a world

166
00:13:19,500 --> 00:13:28,180
standard as always and we just type your kilo dump on the score dump everywhere well basically 5 seconds

167
00:13:28,190 --> 00:13:29,910
in and parcel it eat only type here.

168
00:13:30,000 --> 00:13:33,130
Kilo or just health which is type here.

169
00:13:33,240 --> 00:13:34,570
Kilo down once again.

170
00:13:34,580 --> 00:13:43,320
So kilo on the school dump we can see Hello World printed out right here so everything works perfectly

171
00:13:43,620 --> 00:13:48,270
all of our code functions work and you can actually continue adding some of the other functions you

172
00:13:48,270 --> 00:13:52,780
might need also in your program or also in your back door.

173
00:13:52,950 --> 00:13:56,740
We will finish it right here so this is our final project.

174
00:13:56,820 --> 00:13:59,820
We tested out every function and it actually works.

175
00:14:00,000 --> 00:14:05,520
So I hope you enjoy this tutorial of coding backdoor and I hope I see you in the next one where we will

176
00:14:05,520 --> 00:14:07,810
actually see how we can code.

177
00:14:08,220 --> 00:14:14,310
Advanced brute force for example for alters no mark for my right for basic authentication.

178
00:14:14,310 --> 00:14:19,440
Now I will show you what basic authentication is and how we can actually code it.

179
00:14:19,590 --> 00:14:23,440
So I hope you enjoyed this video and I hope I see you in the next one.

180
00:14:23,740 --> 00:14:24,000
But.