WEBVTT

00:00.870 --> 00:06.930
Hello everyone in the previous video we have discussed about metasearch interfaces and that is because

00:06.930 --> 00:12.040
many of our material is not just Riego is about using media.

00:12.500 --> 00:18.270
So in this video we've been heard about what is material to home or tablet or works the highlighting

00:18.270 --> 00:24.280
features and a few basic commerciality to interpret what exactly is meant to appeal to a motor vehicle

00:24.310 --> 00:32.050
is an advanced dynamically extensible payload that uses in-memory deal indiction Stagers and is a standard

00:32.130 --> 00:37.280
ordinaire look at non-tech socket and provides the comprehensive plan.

00:37.280 --> 00:45.140
So to be EPA make up router features Kamarck history tab completion channels and many more features.

00:45.180 --> 00:53.250
It was originally written by Max Miller for us both to point x on the server portion of metal is implemented

00:53.280 --> 00:57.400
in plain C and say can be written in any language.

00:57.540 --> 01:03.880
Mark mid-stride has the full featured movie correct and when we talk about the working of Myrto creator.

01:03.990 --> 01:07.590
It's like the target exiguous the initial stage you find on.

01:07.710 --> 01:15.600
He was Zuker the stage load the deal with then the reflective of Pandurs the loading or the connection

01:15.600 --> 01:24.900
of the B in the middle code initializers establishes a de-list 1.0 link for the socket and sent a message

01:25.350 --> 01:27.300
back to the attack machine.

01:27.330 --> 01:32.580
Then the letters flowed on the attacker received this get and can't because the play exposed.

01:32.700 --> 01:40.730
If the model gives and Mr. Debrett's all these extensions that lord it over the one 1.0 using the to

01:40.740 --> 01:42.100
be portable.

01:42.120 --> 01:48.130
So when we had exploding the target machine and using recovery as a filter it would follow this process

01:48.330 --> 01:49.960
while sending the pillow.

01:50.240 --> 01:56.530
And once the target machine is exploited and for doing so if you have used de-motivated appeal then

01:56.580 --> 01:59.640
D-bag on process's What does that explain.

01:59.890 --> 02:06.020
So one of the highlighting features of metaverse particularly is that it is stealthy as it resides entirely

02:06.060 --> 02:08.540
in memory and Drac's nothing to the desk.

02:08.640 --> 02:15.330
No new processes are peaker as make Epica injects itself into the compromise process and it can migrate

02:15.330 --> 02:16.530
to other running processes.

02:16.540 --> 02:23.610
We use whatever to use encrypted communications Pettifor and all of these provide limited forensic evidence

02:23.790 --> 02:30.630
and impact on the new features can be added to make up for that time without having to review it.

02:30.840 --> 02:35.560
So now let's move on to a clean machine just to save time using the demo.

02:35.640 --> 02:40.400
I have already exploded a Windows machine by using the ex-pros shortcut.

02:40.410 --> 02:47.770
I can dl a loader so I use this exploit and then save the options where we can see as our host really

02:47.820 --> 02:48.930
was needed.

02:49.050 --> 02:54.740
So I said these are the host of the Callimachi an IP address or the attackers IP address.

02:54.820 --> 02:57.950
After defining the US Army holes you could check the options again.

02:58.020 --> 03:02.760
You will see that ghost is also needed killing machines taking orders.

03:02.820 --> 03:07.900
Then I did find the payload to be used as Windows Media Player to Key West ECP.

03:08.000 --> 03:11.210
Finally once you are done with the options configuration.

03:11.320 --> 03:13.520
I of the exploit come.

03:13.670 --> 03:20.190
To start DD was PCB handler on the attackers machine and the only requirement left is not the target

03:20.190 --> 03:26.260
should reserve that particular link which has been generated by McCusker searches and vulnerable runs

03:26.280 --> 03:33.200
to this particularly now as soon as the victim shall visit the given link on a Windows machine the attackers

03:33.240 --> 03:38.760
machine will start sending some packets to the victim machine and run this process complex.

03:38.820 --> 03:40.850
It will give a better picture.

03:40.860 --> 03:45.960
It may take some time to send detailer package on the client machine but once you've successfully done

03:46.080 --> 03:51.010
your share get the motor prepossession not to interact with them or to the session.

03:51.100 --> 03:56.410
If we move to the Baghran you can use the session come on track take a.

03:56.610 --> 03:59.790
So first using the session is happening.

04:00.090 --> 04:06.260
I JPT own intentions and then using session space and I call the session id.

04:06.330 --> 04:11.700
You can start interacting with that particular session of Mecca for tsunami and good in Buddhism typical

04:11.730 --> 04:17.730
console connected with the client machine and I can start using my computer to exit the within machine

04:18.070 --> 04:24.480
munch of metal part of the U.S. the first commandos get UAD Niskanen helps in getting the user name

04:24.540 --> 04:31.250
of the machine so as to confirm which account we have been logged in as on the machine.

04:31.410 --> 04:34.220
The next command will send differentiation to the backdrop.

04:34.220 --> 04:41.250
You can also use the standard Unix commands like cat CD PWT in settlement of propitiation to interact

04:41.250 --> 04:42.940
with the victims Windows machine.

04:43.080 --> 04:48.840
So as we can see when I type it up really as soon as the current directory on the Windows machine the

04:48.840 --> 04:54.510
next command is clear even now once we have successfully exploited the Windows machine we can start

04:54.510 --> 04:58.460
walking to the machine or what choice automatically do it on the machine.

04:58.500 --> 05:03.760
However while moving out of system we would not like to leave our footprints.

05:03.780 --> 05:10.490
This is where we are even watching this come on will delete all the windows blobs using the dollar.

05:10.500 --> 05:11.040
Come on.

05:11.280 --> 05:17.190
You can download any file on the sims machine to the father's machine using the physical command.

05:17.250 --> 05:19.980
You can do any commercial on the lootings machine.

05:20.340 --> 05:29.400
For example if you type your minuses and then no factory space for interacting it will open the new

05:29.410 --> 05:31.530
fat on the machine.

05:31.530 --> 05:33.690
But the victim can also see the notepad open.

05:33.690 --> 05:40.770
So you run the command and then more just type an edge in the previous comer marker and said available

05:40.770 --> 05:42.720
in Topeka to take the list.

05:42.780 --> 05:43.870
We can take it.

05:43.950 --> 05:49.950
We can dump the contents of the Sam database using the past and come on this can help us to brute force

05:49.950 --> 05:52.100
the password of the victims machine.

05:52.290 --> 05:54.240
Similarly we have more commercial available.

05:54.390 --> 06:00.320
For example the idle time helps us to see how long the victim's machine has been idle.

06:00.480 --> 06:05.970
The advantage helps us to understand of all the little details we can't even migrate the middle partition

06:06.210 --> 06:11.850
from quartern process to any other more stable process and using search we can search for files on the

06:11.850 --> 06:17.300
remote machine using the shell command will give us access to the CMB of the working machine.

06:17.320 --> 06:22.590
The lot of them aren't real help in uploading any fire to the written smashy this can help us get back

06:22.800 --> 06:25.510
on the machine and by using the webcam list.

06:25.530 --> 06:31.680
C'mon we can take David Cameron divisions machine and then take are also so we can see that meter reader

06:31.770 --> 06:37.310
as a payload is very futureit and provides lots of options which can be used Gunderson's machine.

06:37.440 --> 06:43.770
Once it has been expected to start working more on recommended Metabolife and in particular to get more

06:43.770 --> 06:45.450
clarity about this error.

06:45.570 --> 06:50.290
The more you dive deep into my test mode more you will learn about integration testing.

06:50.410 --> 06:55.150
Findus we do we had a brief overview of met up with the repeal or two in the section.

06:55.260 --> 06:58.290
We have learnt about setting of McCusker wrote a product.

06:58.320 --> 07:03.320
We got an understanding about de-lurked and explodes inside the writer's program.

07:03.480 --> 07:08.410
And we go through the process of importing iness results in group Michael spokeswomen book.

07:08.700 --> 07:14.570
We are also seeing how to use my post-road scanning and we had a discussion about request work interfaces

07:14.910 --> 07:16.850
and in particular of old Armitage.

07:16.950 --> 07:23.760
We've also learned about how to use the metaphorical tailor so you have learnt a lot of things in this

07:23.760 --> 07:25.600
section in the next section.

07:25.650 --> 07:28.370
We will learn a lot of exploitation using metastable.