1
00:00:00,300 --> 00:00:08,180
OK, so we went through and we actually made custom our where we got an interpreter show to the host,

2
00:00:08,430 --> 00:00:09,740
so what can we do now?

3
00:00:09,750 --> 00:00:14,630
So one day that we can actually do is something we can use like a key logger.

4
00:00:15,480 --> 00:00:19,950
So it's a very typical post exploitation tactic.

5
00:00:20,160 --> 00:00:27,570
And pretty much it's going to record every single key that's pressed on the computer and then send it

6
00:00:27,570 --> 00:00:33,120
back to you, you know, for your analysis and your use so you can really use this to capture stuff

7
00:00:33,120 --> 00:00:37,810
like logging information and the user will never even know.

8
00:00:38,010 --> 00:00:43,870
So let's try to see how we can do that very quickly with the interpreter to show that we have.

9
00:00:44,220 --> 00:00:46,410
OK, so back in my car, the machine.

10
00:00:46,420 --> 00:00:50,340
So if you type in how command, you can see the different commands that you can actually do.

11
00:00:50,940 --> 00:00:55,170
You do stuff like check out the webcam if you want to do that.

12
00:00:55,860 --> 00:00:57,780
We can enumerate information.

13
00:00:57,780 --> 00:01:01,590
But what we're going to do right now is the keys can start.

14
00:01:01,620 --> 00:01:04,980
So this is going to start capturing keystrokes.

15
00:01:05,160 --> 00:01:14,160
So I you have to do is typing keys can start and it's already it's already started, so I already have

16
00:01:14,160 --> 00:01:14,520
to start it.

17
00:01:15,450 --> 00:01:17,160
So that's why I said the operation failed.

18
00:01:17,730 --> 00:01:20,810
So what we can do is actually it starts to ease.

19
00:01:21,210 --> 00:01:24,830
So what I can do is I kind of already did it right here.

20
00:01:24,840 --> 00:01:33,090
But let's say, you know, this was like a login form or something or I'm looking for like I'm logging

21
00:01:33,090 --> 00:01:38,390
in and I'm typing in super secret password or whatever.

22
00:01:38,880 --> 00:01:39,350
Cool.

23
00:01:40,110 --> 00:01:45,150
Or maybe over here, I don't know a timber's code.

24
00:01:45,330 --> 00:01:51,420
So we can go back over here and do a CAT scan on this could dump.

25
00:01:52,900 --> 00:01:58,860
And it's going to dump pretty much everything that just happens or even caught the backspace right there,

26
00:01:59,050 --> 00:02:08,760
so secret password a timber's so you can kind of start to use this to kind of put a piece together like,

27
00:02:08,770 --> 00:02:12,280
you know, maybe pieces of login information.

28
00:02:13,810 --> 00:02:20,170
Maybe you try to figure out some sensitive information about the network, maybe a Social Security number,

29
00:02:20,350 --> 00:02:23,610
and you'll definitely be able to tell based on like how it looks and stuff.

30
00:02:23,800 --> 00:02:31,000
So that's like a very quick way that you can, you know, use the key login function inside of interpreter

31
00:02:31,000 --> 00:02:33,390
to actually capture some very sensitive information.