1 00:00:00,830 --> 00:00:03,860 Hello and welcome to the practical walkthrough. 2 00:00:04,430 --> 00:00:08,360 As are the I go in download this for yet. 3 00:00:08,480 --> 00:00:17,240 Zero nine could in fact the injection unzip it and put it in a mound for the inside? 4 00:00:17,390 --> 00:00:29,570 You will find a new project called ASADA, which used downloadable from Nick Landis, which is over 5 00:00:29,570 --> 00:00:29,870 here. 6 00:00:30,590 --> 00:00:33,320 If you click on that, he will take you to lenders. 7 00:00:34,380 --> 00:00:34,740 You have. 8 00:00:38,180 --> 00:00:47,200 So this is the two set in England Landis has created for creating, as are the Trojans, so we can make 9 00:00:47,240 --> 00:00:48,200 use of these. 10 00:00:50,610 --> 00:00:55,830 As mentioned in the previous theoretical video lesson on Saturday. 11 00:00:56,820 --> 00:01:04,170 We are going to assume that we have a binary drill and that we do not have the source code, we. 12 00:01:05,680 --> 00:01:12,280 So we're going to create and deck buying new media and assume that it is to we'll need binary, we have 13 00:01:12,280 --> 00:01:14,950 analysts to this article and this is the one. 14 00:01:16,340 --> 00:01:21,850 So it is the same effect in the mail, which he used in previous projects inside it. 15 00:01:21,980 --> 00:01:29,240 We have a Microsoft Paint Generator childhood using Metasploit. 16 00:01:30,410 --> 00:01:35,940 And here we have a change, here we have. 17 00:01:38,050 --> 00:01:42,450 User defined external function can't run your course. 18 00:01:45,020 --> 00:01:49,610 Previously, this was around from the age of nine, but now the moon is empty. 19 00:01:50,270 --> 00:01:51,380 He just returns true. 20 00:01:52,670 --> 00:01:56,830 And instead, we have a nice party from Shenkar Ranocchia. 21 00:01:58,580 --> 00:02:09,320 So this radical Islamist, a previous statement he was taking, he would just open the bill in his security. 22 00:02:12,110 --> 00:02:15,770 So now we're going to build this, in fact, you go into a binary. 23 00:02:20,240 --> 00:02:21,590 So let's copy this far. 24 00:02:24,350 --> 00:02:25,760 Inning over here. 25 00:02:25,790 --> 00:02:35,090 Open access for Native to his command front code to change directory, right click you place apart. 26 00:02:35,250 --> 00:02:35,810 Hit Enter. 27 00:02:37,520 --> 00:02:43,310 And in the compiler reflective, dial that script to give you a binary. 28 00:02:43,670 --> 00:02:47,690 Yeah, check to ensure that there are no errors here. 29 00:02:49,140 --> 00:02:51,650 OK, so now you will find the package again. 30 00:02:55,070 --> 00:02:58,080 So the starting point is actually a binary. 31 00:02:58,100 --> 00:02:58,640 Yeah. 32 00:02:59,600 --> 00:03:03,590 No, let us assume we only have this referred to you, girl. 33 00:03:04,880 --> 00:03:06,610 Have you have no access to this article? 34 00:03:07,820 --> 00:03:12,050 How are we going to turn this into a reflective? 35 00:03:12,350 --> 00:03:12,880 Yeah. 36 00:03:14,570 --> 00:03:18,590 So to do that, we need to use the technology. 37 00:03:20,060 --> 00:03:22,610 Which is created by new lenders. 38 00:03:24,680 --> 00:03:36,560 So we have to use the toolchain provided by this project yesterday to convert this effective jail into 39 00:03:36,560 --> 00:03:37,940 an idea in jail. 40 00:03:39,260 --> 00:03:43,280 So to do that, we open a command from which we already have. 41 00:03:44,120 --> 00:03:45,770 And then we use a Python script. 42 00:03:47,570 --> 00:03:49,050 So we need a Python interpreter. 43 00:03:49,610 --> 00:03:59,960 And we are going to run Python script from the lenders project, which is called convert to shellcode. 44 00:04:01,270 --> 00:04:07,980 Not by this script is in this folder here under the Python directory. 45 00:04:08,700 --> 00:04:11,010 You're actually running the script from the command line. 46 00:04:15,260 --> 00:04:20,720 So let's take the option to see what are the parameters. 47 00:04:22,430 --> 00:04:26,570 And here shows you that there's an f dash dash at five meters. 48 00:04:27,710 --> 00:04:29,690 You have to specify the function you. 49 00:04:30,860 --> 00:04:34,720 Yeah, yeah, yeah, yeah, this is a thing. 50 00:04:36,710 --> 00:04:40,850 So if you do not know what is the spot and the function? 51 00:04:42,030 --> 00:04:45,520 You can always open this in P Bay or studio. 52 00:04:46,060 --> 00:04:48,180 Let's try opening BPP Studio. 53 00:04:54,200 --> 00:04:56,440 And you drank fighting the in the. 54 00:05:01,190 --> 00:05:04,990 And under here, you can see the protest function is Iranian. 55 00:05:07,070 --> 00:05:11,840 So now, you know, that is the barometer you have to specify here and that you have. 56 00:05:13,170 --> 00:05:20,880 So that is now trying to convert our DNA into an RTI game. 57 00:05:22,590 --> 00:05:34,380 So providing the family barometer run, you could see a spotlight function and then provide the binary. 58 00:05:34,470 --> 00:05:34,980 Yeah. 59 00:05:36,770 --> 00:05:39,180 So Divine idea is affecting our. 60 00:05:41,190 --> 00:05:46,340 So this is a one which we are going to convert into a s, r and D, I dunno. 61 00:05:48,780 --> 00:05:50,580 So let's see the internal. 62 00:05:52,960 --> 00:06:01,570 King Ego, so he has created reflective skin, and you can confirm by looking here. 63 00:06:02,110 --> 00:06:04,100 This is the show. 64 00:06:06,010 --> 00:06:11,470 That is created by using the Midlanders solution. 65 00:06:13,120 --> 00:06:18,940 So now the next step is if you want to encrypt this before we embedded inside the Trojan. 66 00:06:19,900 --> 00:06:24,010 So the encryption process is same as the one we get across. 67 00:06:24,010 --> 00:06:28,840 Different views reflect the law that we use. 68 00:06:29,020 --> 00:06:34,540 The Python script and clips provide the name of. 69 00:06:34,660 --> 00:06:41,900 He found that you want to encrypt and then redirect to an output file. 70 00:06:41,950 --> 00:06:43,900 Call encrypted, don't you? 71 00:06:45,190 --> 00:06:45,700 No, he didn't. 72 00:06:47,140 --> 00:06:53,520 So you take this file and encrypt, producing the queer encrypted. 73 00:06:56,440 --> 00:06:58,180 Now you can open this and cumulative. 74 00:07:02,130 --> 00:07:08,670 And then here you find your Yassky and also the encrypted data. 75 00:07:12,800 --> 00:07:13,100 Right. 76 00:07:13,140 --> 00:07:18,990 So now it's time to get our cruising, so open the Trojan directory here. 77 00:07:19,590 --> 00:07:20,820 This is the Trojan. 78 00:07:22,800 --> 00:07:23,850 We're going to put our. 79 00:07:25,980 --> 00:07:27,510 It is not that prosperous. 80 00:07:30,110 --> 00:07:31,550 And then we'll hear. 81 00:07:32,800 --> 00:07:39,900 You notice that this is a fight to you because we do need to have the get off set for you. 82 00:07:40,190 --> 00:07:41,170 In fact, even though the. 83 00:07:43,560 --> 00:07:46,890 Surely we can be targeting the outset for effectively. 84 00:07:48,090 --> 00:07:52,050 So let us know in place these people and key from the encrypted one. 85 00:07:53,870 --> 00:08:07,310 So we copied this payload, and you think based on you on here, we do the same for the Hirschi, so 86 00:08:07,310 --> 00:08:13,340 we copy the ASG and then come here legally. 87 00:08:13,370 --> 00:08:16,700 He is key and case in. 88 00:08:16,700 --> 00:08:22,700 You can see now we are ready to compile our Trojan. 89 00:08:23,510 --> 00:08:25,910 So let us come to the Trojan folder. 90 00:08:28,110 --> 00:08:33,300 Hit, enter and run the script compact region that hit enter. 91 00:08:35,820 --> 00:08:39,900 So now that region has been built, you can now execute 92 00:08:42,480 --> 00:08:45,630 it, enter any books. 93 00:08:46,590 --> 00:08:52,320 So this is how you can combine built in s are the I Trojan. 94 00:08:54,130 --> 00:08:55,300 That's all for this video. 95 00:08:55,540 --> 00:08:56,710 Thank you for watching.