1
00:00:01,440 --> 00:00:09,180
Hello and welcome in this new session, you going to study 32 bit to 64 bit cross injections.

2
00:00:09,960 --> 00:00:18,510
It is about how to inject 64 bit payload into 64 bit processors using 32 bit processes.

3
00:00:22,360 --> 00:00:23,950
Dinosaur cross injections.

4
00:00:26,470 --> 00:00:37,350
We have a sixty four week process for week injecting into be process, and that's the first time in

5
00:00:37,350 --> 00:00:47,530
this time he's a 32 bit process, having a 32 bit pill injecting into 32 bit process.

6
00:00:48,990 --> 00:00:58,320
The next time, use a 64 bit process, having a 32 bit pill, injecting into a 32 bit process.

7
00:01:01,280 --> 00:01:12,440
The last time is a 32 bit process, FCC phobic people trying to inject into a 64 bit player of all this,

8
00:01:13,130 --> 00:01:16,660
the first, second and then wildly sexy by the fourth one.

9
00:01:17,470 --> 00:01:18,980
Normally you feel.

10
00:01:23,920 --> 00:01:28,210
This is home 32 bit applications run on 64 bit system.

11
00:01:29,830 --> 00:01:36,850
So how does this 32 bit applications run on 64 bit system, assuming you have 64 bit kernel?

12
00:01:38,110 --> 00:01:40,120
Running Windows 64 bit.

13
00:01:41,110 --> 00:01:42,910
And you have to be processed.

14
00:01:45,840 --> 00:01:54,280
Did it do that, it'll be process we have to go through an emulator known as Windows on Windows emulator,

15
00:01:55,180 --> 00:01:57,020
also known as well.

16
00:01:57,080 --> 00:01:57,750
64.

17
00:01:59,230 --> 00:02:02,050
This emulator is running in the user space.

18
00:02:02,590 --> 00:02:07,720
The emulator within the system calls to the 64 bit kernel.

19
00:02:09,760 --> 00:02:18,010
In addition to that, even the simulator will also provide security hooks for engines and other security

20
00:02:18,010 --> 00:02:21,640
devices to monitor that a little bit processes.

21
00:02:24,000 --> 00:02:34,620
However, there is a way to bypass windows on Windows Simulator, and that is by using different fuels

22
00:02:35,280 --> 00:02:41,910
as excessive for and different functions algorithms found in the Metasploit Framework.

23
00:02:43,670 --> 00:02:53,270
If they only use in this state with use algorithms, also known as the Heaven's Gate technique, what

24
00:02:53,270 --> 00:02:56,090
are the advantages of having a cross injection?

25
00:02:58,010 --> 00:03:03,050
Heaven's Gate bypasses the security measures of the Wall 64 emulator.

26
00:03:04,950 --> 00:03:12,060
Every antivirus and security house depends on washes you his death or evade it.

27
00:03:13,930 --> 00:03:14,710
References.

28
00:03:15,460 --> 00:03:17,320
These are two links you can read up on.

29
00:03:17,350 --> 00:03:18,340
For more details.

30
00:03:22,380 --> 00:03:25,020
32 bit to 64 bit cross injection.

31
00:03:25,860 --> 00:03:34,710
This is their explanation of how he works on a knife, you have a Trojan, a 32 bit Trojan and inside

32
00:03:34,710 --> 00:03:37,650
it embedded a 64 bit payload.

33
00:03:39,240 --> 00:03:41,760
The Trojan is running into 32 bit more.

34
00:03:43,590 --> 00:03:46,860
That is a normal mode that they take to be happy.

35
00:03:47,030 --> 00:03:49,970
Think you are running inside it?

36
00:03:50,000 --> 00:03:55,980
You also have to show coach as excessive force and excessive force function.

37
00:03:56,670 --> 00:03:58,510
Both of them come from different view.

38
00:03:58,770 --> 00:03:59,790
Metasploit Framework.

39
00:04:00,690 --> 00:04:01,230
Over here.

40
00:04:05,810 --> 00:04:11,210
And on the right, we have staggered process, which is a 64 bit process.

41
00:04:11,960 --> 00:04:13,850
And this is a one guy going to inject.

42
00:04:16,010 --> 00:04:20,390
The first step is to copy the payload to the target process.

43
00:04:25,370 --> 00:04:32,720
Then the second step is to transition the Trojan into the 64 bit.

44
00:04:35,030 --> 00:04:40,300
He does that by executing the excessive force.

45
00:04:43,060 --> 00:04:52,660
Once the A64 shackle is runny, the Drugeon, which is today to be handed start, will again shift into

46
00:04:52,660 --> 00:04:53,520
a 64 bit more.

47
00:04:56,410 --> 00:05:00,430
Then the next step is to execute the A64 function.

48
00:05:08,260 --> 00:05:15,490
The excessive function, who then ran the payload, which has been copied over to the target process.

49
00:05:18,060 --> 00:05:22,850
He does that by making use of an API called RTL create using a tray.

50
00:05:26,620 --> 00:05:28,810
So that is how you can use.

51
00:05:30,490 --> 00:05:38,680
Cross injection by making use of different fuels, heaven's gate implementation from Metasploit in order

52
00:05:38,680 --> 00:05:46,150
to execute 64 bit pedal from a 32 bit Trojan horse on target 64 bit process.

53
00:05:46,600 --> 00:05:47,740
That's all for this video.

54
00:05:48,370 --> 00:05:49,540
Thank you for watching.