1
00:00:00,480 --> 00:00:01,020
Hello.

2
00:00:01,230 --> 00:00:11,400
In the last lesson, we already decrypted the encryption and we done the payload into a new file called

3
00:00:11,790 --> 00:00:13,380
as decrypted bin.

4
00:00:14,280 --> 00:00:20,820
So going down this fujiko shackle, run it in this lesson, I'm going to show you how to use Shankle,

5
00:00:20,820 --> 00:00:23,700
run it to Deseo shellcode.

6
00:00:24,930 --> 00:00:33,720
So now, before we can use Sherko Runner, you have to open this in the hex editor and export proper

7
00:00:34,290 --> 00:00:37,440
file, properly formatted for running in a C program.

8
00:00:38,250 --> 00:00:40,620
So to do that, we use the Hex editor.

9
00:00:41,040 --> 00:00:42,080
So good iFLY.

10
00:00:42,420 --> 00:00:53,280
Go to the Hex editor and fire up your hex editor called SD and then you drag the decrypted binary into

11
00:00:53,280 --> 00:00:53,610
here.

12
00:00:54,720 --> 00:00:58,290
So now we had to export and this has been properly formatted code.

13
00:00:58,890 --> 00:01:08,280
So we select all these and then we click on file and then you click on the spot, see, and then you

14
00:01:08,350 --> 00:01:16,620
dump in for the show, click wrong on this project folder, be using and call it as, decrypt it and

15
00:01:16,800 --> 00:01:19,810
see see extension click and see.

16
00:01:20,990 --> 00:01:22,200
Now we can close this.

17
00:01:22,350 --> 00:01:24,090
And you can see this, a new file here.

18
00:01:24,600 --> 00:01:27,630
So we need to open this file and copy the contents.

19
00:01:28,140 --> 00:01:30,330
So we open in the notepad plus plus.

20
00:01:30,990 --> 00:01:37,380
And then notice it has properly formatted everything for us with to zero X prefixing frame for every

21
00:01:37,380 --> 00:01:39,390
of the hex values.

22
00:01:39,960 --> 00:01:45,810
And then he also nicely tells us the size of this area, which is two hundred eighty eight and vice

23
00:01:46,230 --> 00:01:48,540
meaning at two hundred hex bytes here.

24
00:01:49,500 --> 00:01:58,020
So all we need to do is to copy all these practical P and then open the chocolate and a sip.

25
00:02:00,600 --> 00:02:03,060
And then come down here.

26
00:02:05,020 --> 00:02:05,770
And peace.

27
00:02:12,190 --> 00:02:12,790
Busy here.

28
00:02:13,270 --> 00:02:16,270
So now we have to rename this So we come shellcode.

29
00:02:16,810 --> 00:02:18,370
So we just copy the name beer.

30
00:02:21,440 --> 00:02:21,890
And.

31
00:02:23,800 --> 00:02:24,590
Renamed this.

32
00:02:26,290 --> 00:02:30,070
Now we can delete this one, this is just a sample.

33
00:02:30,850 --> 00:02:31,810
We don't need it anymore.

34
00:02:33,760 --> 00:02:37,730
So this program, Kaushal Corunna, is for testing Choco's.

35
00:02:37,730 --> 00:02:42,790
So any time you want to test a show, we hear them from any malware.

36
00:02:43,150 --> 00:02:50,560
You can always use these tiny you use hex editor to do a her properly formatted uri and then put the

37
00:02:50,560 --> 00:02:52,690
area inside this program.

38
00:02:53,540 --> 00:02:54,490
And now we can save it.

39
00:02:54,970 --> 00:03:01,020
So make sure you you put to it here for the length of the Shankle to it.

40
00:03:02,500 --> 00:03:09,940
And then after that use, it is going to allocate memory and print the parents, address Hesperus and

41
00:03:09,940 --> 00:03:10,810
look at the memory.

42
00:03:11,350 --> 00:03:18,190
And then you copy Chalco to the Lakota memory changes permission to be executable, readable.

43
00:03:18,970 --> 00:03:24,160
And then you ask you to press, enter, and then you run it using Coutre.

44
00:03:24,970 --> 00:03:29,440
So now we will compile this using the compile script here.

45
00:03:29,860 --> 00:03:34,690
So the computer screen will take Nishikawa, CBP and create chappo file.

46
00:03:36,550 --> 00:03:44,920
And you open this thing up and you can see here Chuco running setpiece input and the output is currently

47
00:03:44,920 --> 00:03:45,940
under Iyesi.

48
00:03:46,690 --> 00:03:52,150
So to compile it, we opened a new X sixty four native to terminal.

49
00:03:52,780 --> 00:04:01,570
And then we know we get to this location so we copy this Parkhurst and then see this base right click

50
00:04:01,570 --> 00:04:02,980
to paste it into.

51
00:04:03,460 --> 00:04:08,270
And now we can compiled by a Collini compiled script get into.

52
00:04:09,430 --> 00:04:13,300
So now you generate our Churko around the EIC.

53
00:04:13,550 --> 00:04:17,380
And now we can test how show by running this file.

54
00:04:18,250 --> 00:04:26,050
So just go around the EIC hit enter again and how shellcode has executed it.

55
00:04:26,440 --> 00:04:31,180
And he has run the disharmonious was designed to run.

56
00:04:31,180 --> 00:04:33,520
And that's why you see the nonpaid popping up here.

57
00:04:34,330 --> 00:04:39,070
So this is how you can use the Sherko run source code.

58
00:04:39,700 --> 00:04:41,650
So that's all for this video.

59
00:04:41,980 --> 00:04:43,660
Thank you for watching.