1 00:00:00,120 --> 00:00:05,160 So now that we know how to get the expertise, you know, you know, multiple locations where we can 2 00:00:05,160 --> 00:00:10,260 find them, we're going to make sure we understand, you know, what is doing and make sure that it's 3 00:00:10,260 --> 00:00:11,100 set up correctly. 4 00:00:11,370 --> 00:00:15,720 So, you know, this is not only to ensure that it's going to work, but ensure that you don't cause 5 00:00:15,720 --> 00:00:20,160 harm or damage to a system that's going to be attacking, especially if it's a client, because you 6 00:00:20,160 --> 00:00:21,050 don't want to do that. 7 00:00:21,060 --> 00:00:22,350 It's the last thing that you want to do. 8 00:00:22,380 --> 00:00:26,820 There have been many cases where, you know, exploits actually have a malicious code and they would, 9 00:00:26,820 --> 00:00:29,950 in fact, or destroy computers, you know, that there were launched against. 10 00:00:30,240 --> 00:00:37,860 So just always, always be careful and be sure to read over these things and make sure that you know, 11 00:00:37,860 --> 00:00:38,940 you know what's going on. 12 00:00:39,090 --> 00:00:43,140 So this kind of brings me into, you know, dissecting exploits. 13 00:00:43,350 --> 00:00:48,510 So to better understand them, you know, you have to open them up and then sex ed or look at them on 14 00:00:48,510 --> 00:00:51,960 the exposed deep Web site and actually see what the code is doing. 15 00:00:52,980 --> 00:00:58,710 And, for example, you know, you might need it locally because you might need to edit the show code 16 00:00:59,400 --> 00:01:00,600 for it to work properly. 17 00:01:00,600 --> 00:01:06,720 And show code is pretty much like the command that's going to be executed a lot of the time that's going 18 00:01:06,720 --> 00:01:09,660 to create a connection back to your computer. 19 00:01:10,890 --> 00:01:12,990 You may have to edit that sometimes. 20 00:01:12,990 --> 00:01:17,430 You may not, but it's something that you definitely looking to make sure that the Chalco that's in 21 00:01:17,450 --> 00:01:24,860 and that is in there isn't any, you know, malicious is going to destroy or connect back out to like 22 00:01:24,870 --> 00:01:26,880 a command and control center somewhere. 23 00:01:27,840 --> 00:01:33,930 And, you know, you might also need to understand what kind of arguments that the exploit needs to 24 00:01:33,930 --> 00:01:34,920 actually launch correctly. 25 00:01:34,920 --> 00:01:37,020 So that's actually going to colonics. 26 00:01:37,320 --> 00:01:44,280 And let's look for an exploit and actually just dissect it a little bit, see what's going on. 27 00:01:44,310 --> 00:01:49,530 So what about the kind of Linux that actually opened up the exploit that we copied over for the VSAT, 28 00:01:49,530 --> 00:01:56,010 TPD two point three point four backdoor command execution so we could actually look through it and start 29 00:01:56,010 --> 00:02:00,800 to understand kind of what's going on before we're actually, you know, launching. 30 00:02:00,820 --> 00:02:06,060 So, for example, we know for this one it's going to require misplay and it's actually verified. 31 00:02:06,300 --> 00:02:08,930 And as you can see, you know, as an excellent ranking right here. 32 00:02:08,940 --> 00:02:10,980 So we know that this one is going to be safe. 33 00:02:11,320 --> 00:02:13,890 And so what you want to do is kind of look to it. 34 00:02:13,890 --> 00:02:19,160 You get some more information like right here, tells you, hey, this module exploits a malicious backdoor 35 00:02:19,470 --> 00:02:22,220 that was added, you know, to the user. 36 00:02:22,950 --> 00:02:27,540 The download archive just gives you more information. 37 00:02:27,540 --> 00:02:28,690 You know who made it inside. 38 00:02:28,710 --> 00:02:30,870 So what we want to do, we want to see the code part. 39 00:02:31,110 --> 00:02:33,900 So it's OK if that you know, if you don't know Ruby. 40 00:02:33,960 --> 00:02:37,200 I don't know Ruby myself personally like to to indef. 41 00:02:37,980 --> 00:02:41,940 But once you start to understand, you know, like different scripting languages. 42 00:02:42,090 --> 00:02:46,830 Well I understand like the basic syntax of scripting languages, like Python for example, you can kind 43 00:02:46,830 --> 00:02:52,260 of look at this and see the similarities just a little bit different of syntax so you can kind of see 44 00:02:52,260 --> 00:02:52,910 what's going on. 45 00:02:52,920 --> 00:02:54,900 So right here is defining function. 46 00:02:55,080 --> 00:02:58,750 That is actually, you know, that's the explosion itself on. 47 00:02:58,800 --> 00:03:00,880 And, you know, they have some pseudocode in here. 48 00:03:00,880 --> 00:03:02,880 It says, OK, it's connecting. 49 00:03:03,990 --> 00:03:09,540 So we know what kind of is going on right now, just trying to connect over the specific word that it 50 00:03:09,540 --> 00:03:11,310 needs to for the exploit. 51 00:03:12,120 --> 00:03:18,060 Then it has some more code that's kind of just going over actually how to handle and control the back 52 00:03:18,060 --> 00:03:19,170 door that is creating. 53 00:03:20,430 --> 00:03:23,540 So from what I see here, everything looks fine. 54 00:03:23,550 --> 00:03:28,230 It doesn't look like it's anything malicious. 55 00:03:28,230 --> 00:03:33,420 I don't see anything that jumps out of me as something that could potentially cause harm. 56 00:03:33,420 --> 00:03:39,480 And I understand the general flow is going on just taking advantage, you know, of something inside 57 00:03:39,480 --> 00:03:42,120 of, you know, that vulnerable service. 58 00:03:42,720 --> 00:03:48,900 So we would actually this is a good candidate for us to use, you know, actually when we were to, 59 00:03:48,900 --> 00:03:52,290 you know, launch our attack against this port. 60 00:03:52,620 --> 00:03:53,130 So. 61 00:03:54,110 --> 00:04:00,200 Now we know a little bit more how to dissect, so get used to looking at scripting languages, get used 62 00:04:00,200 --> 00:04:06,320 to understanding kind of flow of these things and what's happening, and you'll be able to spot out, 63 00:04:06,320 --> 00:04:07,610 you know, most of the time. 64 00:04:07,610 --> 00:04:08,280 You, Pynacker. 65 00:04:08,320 --> 00:04:10,640 I mean, you're not going to find in marksman's. 66 00:04:10,640 --> 00:04:11,480 I'm anything. 67 00:04:11,660 --> 00:04:13,220 That's where militias are damaging. 68 00:04:13,250 --> 00:04:15,260 But, you know, you can never be too safe. 69 00:04:15,440 --> 00:04:20,900 And then other times, you might need to just understand, you know, what kind of arguments an expert 70 00:04:20,930 --> 00:04:25,510 actually might need when you, you know, launching it from the command line.