WEBVTT

00:01.310 --> 00:07.420
That everyone in the video we have this good about myself and them and Kulis through which we can create

00:07.420 --> 00:12.850
custom revolutions and Monthly's and decided to leave it in and gives you a good read.

00:12.870 --> 00:16.410
It works with the remote connection on the net.

00:16.670 --> 00:21.930
Man this week you do discuss about exploiting MS Office and PDA Bookman's.

00:22.180 --> 00:30.340
You can say so and this video will be covering how we can use them and make us explode the most commonly

00:30.340 --> 00:38.260
used applications on a plane say parties in this office and buttons know they would talk about these

00:38.400 --> 00:38.950
tools.

00:39.070 --> 00:46.240
Almost all of the computers running Windows would be having an MS Office installed and also Adobe Reader

00:46.490 --> 00:52.740
but of the governments in many cases since they don't build the computers.

00:53.000 --> 00:54.520
Even if the news is updated.

00:54.550 --> 00:57.680
They're not beating the softest features installed on Windows.

00:57.700 --> 01:00.700
The application becomes very uneven.

01:00.730 --> 01:06.250
They may be running older versions of the application which has expired and that is what they are trying

01:06.250 --> 01:07.540
to fix.

01:07.750 --> 01:10.920
In this video to take the control and the.

01:11.220 --> 01:18.110
Also if could go back into the previous voodoo than he used separate them to create a show called The

01:18.940 --> 01:26.390
discrete data file of each automatic or file off of some of the pharmacologists that is appropriate

01:26.400 --> 01:27.430
for that Darkfall.

01:27.640 --> 01:32.010
But maybe they use a word download that file or click that fact.

01:32.200 --> 01:39.190
However if are sending a Microsoft document or a few deifying crane praying that they're looking for

01:39.190 --> 01:42.370
some type of document and giving the same kind of name.

01:42.730 --> 01:50.860
That it will become easier when the user on opening them does not exclude the ones who are calling machine

01:51.310 --> 01:57.960
and see how they can use emissive them and make us play to exploit in this office and the flights.

01:57.970 --> 02:02.920
So now we open our community and we have already lost the AMS.

02:03.140 --> 02:06.550
So another one of your feedback will be using an Adobe Reader.

02:06.640 --> 02:11.190
This media is dead easy so sojourning no telescope.

02:11.350 --> 02:15.400
I know so little in the name but fun to search for the players.

02:15.490 --> 02:16.510
Who are you.

02:16.510 --> 02:19.010
Could this be any less so.

02:19.110 --> 02:22.470
Need to just quickly start going through the command.

02:22.600 --> 02:27.420
The first one would be to use the exploit so that I can use like.

02:27.610 --> 02:34.780
Says in both those exploit of file format and then you need to back in the exact explode name that is

02:34.940 --> 02:37.110
a job and this would pedia understood.

02:37.130 --> 02:38.620
Embedded in this book.

02:38.650 --> 02:40.350
You know this.

02:40.550 --> 02:52.670
So I specified the record be used in the field every day when the is made to fit to specify the table.

02:52.950 --> 03:02.600
Please repeat it over to use over a year or so just as the Lord knows because it was the ACP and we

03:02.610 --> 03:09.430
will release this event takes place at once then scribbly have a look at the options that need to be

03:09.430 --> 03:10.680
configured.

03:10.810 --> 03:18.020
So here you can see the names and their dirty Axion the file name is pedia replied name.

03:18.310 --> 03:24.010
How you can change this name to some other name of your choice a name that would be convincing enough

03:24.010 --> 03:27.330
on the users to download the file and open it.

03:27.470 --> 03:38.600
While defining search by name and give it a name a meeting discussions and then not.

03:38.960 --> 03:47.140
So given the name like Adam Lambert pilia in the evening right before we speak in case something is

03:47.350 --> 03:47.950
going on.

03:47.950 --> 03:50.030
We can see it needs the editor.

03:50.120 --> 03:59.990
I'll just set the place and host and that will be the last I guess machine's IP address or number of

03:59.990 --> 04:02.320
active parties or for three.

04:02.390 --> 04:08.360
And then Jane before beginning to wonder if I just leave it as before and just turn the corner.

04:08.430 --> 04:10.340
It's like the.

04:10.460 --> 04:16.520
That once it starts we can see it is getting on to the effort and even the fight.

04:16.660 --> 04:23.220
And this is all we're doing is looking to move this fight on to a different location.

04:23.350 --> 04:28.560
So I move in to the that the mention of

04:32.600 --> 04:43.000
do unless you can see my PDA I just quickly move despite the lack of ego trips over there so that we

04:43.000 --> 04:46.560
can have it accessible on the machine.

04:46.700 --> 04:48.310
Some of this is done.

04:48.430 --> 04:55.840
I know that the file can be done in order to get to play with the machine and see if the file is available.

04:55.870 --> 04:59.520
This is the only place where social engineering comes in.

04:59.530 --> 05:06.440
You can send email you can upload the file to public shares and so on with the use of a download to

05:06.450 --> 05:08.010
be like this.

05:08.090 --> 05:14.770
And I think it could be said of running on my machine so I type in the address.

05:14.810 --> 05:21.510
This may be either that the server is not running on my machine or some other reasons.

05:21.640 --> 05:28.110
So just let me have a look for the site and see what mistake and then move the.

05:28.510 --> 05:32.610
That it came off the server to my third group.

05:32.860 --> 05:34.480
Well was this

05:37.170 --> 05:39.080
moment I just need to be saved.

05:39.210 --> 05:44.860
And then the dedication that.

05:45.280 --> 05:55.260
And so I specified the command to move the file and if the location of my lips up to the lines it is

05:55.260 --> 06:04.840
done now and it would just somehow make the image of this building and down on the fly select $70 divide.

06:04.850 --> 06:12.780
He saved the file on the local computer and they have a lot of recordings if you do file.

06:12.780 --> 06:17.110
My advice would be to enable the handler on the machine.

06:17.220 --> 06:19.580
So here I would use the IS

06:22.480 --> 06:22.810
GOOD

06:28.450 --> 06:33.540
knows that there can be the same payload that we have used to DPD

06:36.420 --> 06:43.090
the two options we need to just said the host has are mortified.

06:43.140 --> 06:52.890
So sick as 1 9 1 6 8 1 to Buddha and Tokiko which appeared was off my cutting edge once done just come

06:52.890 --> 06:54.060
on exploit.

06:54.360 --> 06:59.840
And it started until he was and had started on this for now.

07:00.010 --> 07:07.590
They did it in my face and just cracked open the file system it will be in good condition.

07:07.590 --> 07:12.410
He's going on to his missus since I'm using it for the first game.

07:12.570 --> 07:14.340
You lost me for the morning.

07:14.440 --> 07:17.540
Missed the cut open see him leave it on for years.

07:17.610 --> 07:19.610
This can also be a good day.

07:19.860 --> 07:25.680
In the meanwhile you can see that this bullet is being sent and then your decision has been open and

07:26.050 --> 07:28.080
for a full refund on the machine.

07:28.230 --> 07:35.070
Even the CMB has closed not and we have to feed if I open it just that instead of sending them a blank

07:35.070 --> 07:38.280
page you could even get it downloaded.

07:38.420 --> 07:44.090
Tell you the file and forget the payload inside that file so that they also get a PDA.

07:44.150 --> 07:47.430
Put it through and you get a ticket for Bishop.

07:47.460 --> 07:49.150
Will it ever be afraid.

07:49.240 --> 07:55.140
It would not be a case like you're getting any more connection and not getting anything done or anything.

07:55.140 --> 07:56.130
So let's give them.

07:56.130 --> 08:01.900
I took it to mean when you have a connection and Unza had the connection.

08:01.920 --> 08:03.900
I can go through the computer.

08:03.960 --> 08:06.960
I think he cares about them and so on.

08:07.120 --> 08:13.910
So that is how we can use my test flight elopes to make is that a structure to applications like any

08:13.980 --> 08:16.760
only things within this space.

08:16.770 --> 08:26.160
Moving on to example for the immense office space and just exit this one back to my in seconds or so

08:26.160 --> 08:34.440
now I need to use an exploit to create a fight scene be open to an MS Office and not be using an exploit

08:34.470 --> 08:37.480
which is in this movie file format.

08:37.540 --> 08:49.280
But this week Microsoft Office is Arkia be five minutes late to exploit the payload.

08:49.450 --> 08:52.760
The rest of the process will be almost seen.

08:52.820 --> 08:57.300
Need to understand what takes place to be used for this type of application.

08:58.610 --> 09:04.260
That poker depends on what it is what version of the application is running on the package.

09:04.260 --> 09:13.260
When she says she had this two options and now it says it needs a file name if I am a symbolic RPF or

09:13.460 --> 09:25.300
contain this name and I need to specify the file name and give it a name like t in place but keep calling

09:26.660 --> 09:33.190
me a little more than a bookcase I said at.

09:33.370 --> 09:35.660
That's the fact that the address

09:39.380 --> 09:40.350
is sick.

09:40.650 --> 09:45.020
I just need to create the file that use become our next.

09:46.620 --> 09:49.110
And it has been stored in this location.

09:49.500 --> 10:00.540
Hiring Manager are here in move this by the location of my server so that it can go to people put up.

10:00.990 --> 10:03.750
Now I need to start the handler.

10:03.750 --> 10:07.480
So use is right.

10:08.040 --> 10:13.150
And that the Lord knows.

10:13.630 --> 10:18.740
And to us this is no letting people know all that.

10:19.070 --> 10:27.030
But whatever a parody of stupidity by using the hash to be used when you're using the händler.

10:27.110 --> 10:36.480
So all this and come on this flight and the handlers that start and the main thing you know the machine

10:37.020 --> 10:46.450
we see and we just don't on that save the files onto my machine or the victims of the.

10:46.630 --> 10:52.450
They tried to open it on the open which is all the cedar's it has lost.

10:52.610 --> 10:52.880
OK.

10:52.900 --> 10:58.650
So this is you've got this ad only having the same file open earlier think the day me doing it for the

10:58.650 --> 11:00.420
first time you get this error.

11:00.600 --> 11:04.960
The disparately you open the file but the file is opening.

11:04.980 --> 11:11.110
You can see the machine test and the stage payload and then we get the decision as well.

11:11.220 --> 11:13.880
So that's how you can use different things by it.

11:13.980 --> 11:19.110
We've got locations which may be running on the klank machine and build on that you can easily get the

11:19.370 --> 11:21.490
merchant on the pin something good.

11:21.510 --> 11:27.720
Now the only drawback I've already use this decision would be I think to the time the blank stare file

11:27.780 --> 11:32.540
open on the computer and his office document doesn't matter if they close the file.

11:32.700 --> 11:39.160
Decisions were also put in the meantime you need to migrate your Sheshan a matter of this make up a

11:39.170 --> 11:46.350
presentation on some other process so that even if the thing closes the food chain has been stopped

11:46.650 --> 11:51.240
and that we have already discovered vote in a previous sections and we had this kind of up there depicted

11:51.810 --> 11:55.050
in this video we have gotten an understanding about how we can use.

11:55.200 --> 11:56.150
Just.

11:56.530 --> 12:02.070
Most applications like you defend in this office and the next we do have a quick overview of all social

12:02.070 --> 12:02.610
engineering.

12:02.670 --> 12:08.450
Get in a very good soup of opposition up in data and it uses a lot of desperate.