1
00:00:00,780 --> 00:00:01,200
All right.

2
00:00:01,200 --> 00:00:04,260
So for our final line, we're going to write our payload.

3
00:00:05,190 --> 00:00:14,730
So in the Python three script, we're going to write with open payload as write binary.

4
00:00:18,270 --> 00:00:18,960
Payload.

5
00:00:21,300 --> 00:00:21,780
Payload.

6
00:00:21,990 --> 00:00:22,590
Right.

7
00:00:24,630 --> 00:00:29,760
So we're going to write a file called Payload and then we're going to copy and paste this into our PO

8
00:00:29,760 --> 00:00:30,360
box.

9
00:00:31,780 --> 00:00:33,350
So go back to the bottom.

10
00:00:33,380 --> 00:00:34,280
Nano.

11
00:00:36,310 --> 00:00:37,990
Nano exploit.

12
00:00:38,230 --> 00:00:39,020
Dot pie.

13
00:00:45,240 --> 00:00:47,010
And then we're going to do Python three exploit.

14
00:00:47,280 --> 00:00:48,000
Hi.

15
00:00:48,300 --> 00:00:50,790
You should find a new file called Payload.

16
00:00:52,110 --> 00:00:58,290
So what we're going to do, since we showed you how it works before it accepts input using get se.

17
00:00:59,010 --> 00:01:03,120
We're going to run it and then we're going to ingest the payload, see what happened.

18
00:01:05,930 --> 00:01:17,030
So Control be easy to zoom in and notice that we overrode the base pointer with eight B's and we also

19
00:01:17,030 --> 00:01:21,800
overrode the return instruction pointer with six C's.

20
00:01:21,830 --> 00:01:25,340
Now why do we choose six C's instead of eight C's?

21
00:01:26,090 --> 00:01:33,360
Because on 64 bit computing, we actually utilize only up to 48 bits out of the 64 bit.

22
00:01:33,410 --> 00:01:34,670
That's six bytes.

23
00:01:35,330 --> 00:01:42,650
So what we can do now is map the exact location of when RDP is overwritten, which is right here.

24
00:01:43,190 --> 00:01:49,480
So we go back and now we can work on our exploitation script.