1
00:00:00,120 --> 00:00:05,160
So now that we know how to get the expertise, you know, you know, multiple locations where we can

2
00:00:05,160 --> 00:00:10,260
find them, we're going to make sure we understand, you know, what is doing and make sure that it's

3
00:00:10,260 --> 00:00:11,100
set up correctly.

4
00:00:11,370 --> 00:00:15,720
So, you know, this is not only to ensure that it's going to work, but ensure that you don't cause

5
00:00:15,720 --> 00:00:20,160
harm or damage to a system that's going to be attacking, especially if it's a client, because you

6
00:00:20,160 --> 00:00:21,050
don't want to do that.

7
00:00:21,060 --> 00:00:22,350
It's the last thing that you want to do.

8
00:00:22,380 --> 00:00:26,820
There have been many cases where, you know, exploits actually have a malicious code and they would,

9
00:00:26,820 --> 00:00:29,950
in fact, or destroy computers, you know, that there were launched against.

10
00:00:30,240 --> 00:00:37,860
So just always, always be careful and be sure to read over these things and make sure that you know,

11
00:00:37,860 --> 00:00:38,940
you know what's going on.

12
00:00:39,090 --> 00:00:43,140
So this kind of brings me into, you know, dissecting exploits.

13
00:00:43,350 --> 00:00:48,510
So to better understand them, you know, you have to open them up and then sex ed or look at them on

14
00:00:48,510 --> 00:00:51,960
the exposed deep Web site and actually see what the code is doing.

15
00:00:52,980 --> 00:00:58,710
And, for example, you know, you might need it locally because you might need to edit the show code

16
00:00:59,400 --> 00:01:00,600
for it to work properly.

17
00:01:00,600 --> 00:01:06,720
And show code is pretty much like the command that's going to be executed a lot of the time that's going

18
00:01:06,720 --> 00:01:09,660
to create a connection back to your computer.

19
00:01:10,890 --> 00:01:12,990
You may have to edit that sometimes.

20
00:01:12,990 --> 00:01:17,430
You may not, but it's something that you definitely looking to make sure that the Chalco that's in

21
00:01:17,450 --> 00:01:24,860
and that is in there isn't any, you know, malicious is going to destroy or connect back out to like

22
00:01:24,870 --> 00:01:26,880
a command and control center somewhere.

23
00:01:27,840 --> 00:01:33,930
And, you know, you might also need to understand what kind of arguments that the exploit needs to

24
00:01:33,930 --> 00:01:34,920
actually launch correctly.

25
00:01:34,920 --> 00:01:37,020
So that's actually going to colonics.

26
00:01:37,320 --> 00:01:44,280
And let's look for an exploit and actually just dissect it a little bit, see what's going on.

27
00:01:44,310 --> 00:01:49,530
So what about the kind of Linux that actually opened up the exploit that we copied over for the VSAT,

28
00:01:49,530 --> 00:01:56,010
TPD two point three point four backdoor command execution so we could actually look through it and start

29
00:01:56,010 --> 00:02:00,800
to understand kind of what's going on before we're actually, you know, launching.

30
00:02:00,820 --> 00:02:06,060
So, for example, we know for this one it's going to require misplay and it's actually verified.

31
00:02:06,300 --> 00:02:08,930
And as you can see, you know, as an excellent ranking right here.

32
00:02:08,940 --> 00:02:10,980
So we know that this one is going to be safe.

33
00:02:11,320 --> 00:02:13,890
And so what you want to do is kind of look to it.

34
00:02:13,890 --> 00:02:19,160
You get some more information like right here, tells you, hey, this module exploits a malicious backdoor

35
00:02:19,470 --> 00:02:22,220
that was added, you know, to the user.

36
00:02:22,950 --> 00:02:27,540
The download archive just gives you more information.

37
00:02:27,540 --> 00:02:28,690
You know who made it inside.

38
00:02:28,710 --> 00:02:30,870
So what we want to do, we want to see the code part.

39
00:02:31,110 --> 00:02:33,900
So it's OK if that you know, if you don't know Ruby.

40
00:02:33,960 --> 00:02:37,200
I don't know Ruby myself personally like to to indef.

41
00:02:37,980 --> 00:02:41,940
But once you start to understand, you know, like different scripting languages.

42
00:02:42,090 --> 00:02:46,830
Well I understand like the basic syntax of scripting languages, like Python for example, you can kind

43
00:02:46,830 --> 00:02:52,260
of look at this and see the similarities just a little bit different of syntax so you can kind of see

44
00:02:52,260 --> 00:02:52,910
what's going on.

45
00:02:52,920 --> 00:02:54,900
So right here is defining function.

46
00:02:55,080 --> 00:02:58,750
That is actually, you know, that's the explosion itself on.

47
00:02:58,800 --> 00:03:00,880
And, you know, they have some pseudocode in here.

48
00:03:00,880 --> 00:03:02,880
It says, OK, it's connecting.

49
00:03:03,990 --> 00:03:09,540
So we know what kind of is going on right now, just trying to connect over the specific word that it

50
00:03:09,540 --> 00:03:11,310
needs to for the exploit.

51
00:03:12,120 --> 00:03:18,060
Then it has some more code that's kind of just going over actually how to handle and control the back

52
00:03:18,060 --> 00:03:19,170
door that is creating.

53
00:03:20,430 --> 00:03:23,540
So from what I see here, everything looks fine.

54
00:03:23,550 --> 00:03:28,230
It doesn't look like it's anything malicious.

55
00:03:28,230 --> 00:03:33,420
I don't see anything that jumps out of me as something that could potentially cause harm.

56
00:03:33,420 --> 00:03:39,480
And I understand the general flow is going on just taking advantage, you know, of something inside

57
00:03:39,480 --> 00:03:42,120
of, you know, that vulnerable service.

58
00:03:42,720 --> 00:03:48,900
So we would actually this is a good candidate for us to use, you know, actually when we were to,

59
00:03:48,900 --> 00:03:52,290
you know, launch our attack against this port.

60
00:03:52,620 --> 00:03:53,130
So.

61
00:03:54,110 --> 00:04:00,200
Now we know a little bit more how to dissect, so get used to looking at scripting languages, get used

62
00:04:00,200 --> 00:04:06,320
to understanding kind of flow of these things and what's happening, and you'll be able to spot out,

63
00:04:06,320 --> 00:04:07,610
you know, most of the time.

64
00:04:07,610 --> 00:04:08,280
You, Pynacker.

65
00:04:08,320 --> 00:04:10,640
I mean, you're not going to find in marksman's.

66
00:04:10,640 --> 00:04:11,480
I'm anything.

67
00:04:11,660 --> 00:04:13,220
That's where militias are damaging.

68
00:04:13,250 --> 00:04:15,260
But, you know, you can never be too safe.

69
00:04:15,440 --> 00:04:20,900
And then other times, you might need to just understand, you know, what kind of arguments an expert

70
00:04:20,930 --> 00:04:25,510
actually might need when you, you know, launching it from the command line.