1 00:00:03,140 --> 00:00:09,860 Welcome back to our next lesson on viewing, downloading and uploading files to and from an infected 2 00:00:09,860 --> 00:00:12,470 Windows 10 computer from our Linux box. 3 00:00:12,860 --> 00:00:16,700 In our previous listen we Rampy WD to print the working directory. 4 00:00:16,940 --> 00:00:18,230 We can see that we're in downloads. 5 00:00:18,260 --> 00:00:23,900 But remember, our Defendor woke up and deleted that downloaded file. 6 00:00:24,200 --> 00:00:25,280 So if I do an L. 7 00:00:25,370 --> 00:00:29,270 S or a D.R, either one of those two commands should work just fine. 8 00:00:29,810 --> 00:00:32,370 I can see I've got a couple of files on my Windows computer. 9 00:00:32,390 --> 00:00:38,420 Now, remember, I'm running interpreter on my Windows computer that's infected and I'm when I run L. 10 00:00:38,420 --> 00:00:43,550 S from Inside Materne program, actually listing the files on that Windows computer. 11 00:00:43,550 --> 00:00:45,790 So I see the fortnight oilskins Dudi XY. 12 00:00:46,370 --> 00:00:50,150 But what I also see a desktop that I, I could try. 13 00:00:50,210 --> 00:00:53,030 Cat Command desktop. 14 00:00:54,400 --> 00:01:04,000 Top dog, I and I and I can see the configuration information for this Windows computer, so that user's 15 00:01:04,000 --> 00:01:07,570 desktop that I and I file just as a little bit of local information. 16 00:01:08,020 --> 00:01:12,730 If we wanted to, we could download that file, download desktop. 17 00:01:13,850 --> 00:01:18,820 I and I that's not very interesting information, but it just shows that we can actually pull those 18 00:01:18,820 --> 00:01:19,660 files locally. 19 00:01:20,080 --> 00:01:25,120 And then if I switch over to a different terminal window and then L. 20 00:01:25,120 --> 00:01:25,660 S. 21 00:01:26,800 --> 00:01:29,770 I will see a new file that it created in my home directory. 22 00:01:29,830 --> 00:01:31,810 My Caleigh home directory. 23 00:01:32,200 --> 00:01:32,880 Desktop. 24 00:01:33,130 --> 00:01:33,580 I and I. 25 00:01:33,610 --> 00:01:35,080 That came from that Windows computer. 26 00:01:35,080 --> 00:01:36,680 If I do an LSD dash l. 27 00:01:37,720 --> 00:01:39,700 I can see that it came from that computer. 28 00:01:41,260 --> 00:01:41,450 Oh. 29 00:01:41,530 --> 00:01:42,970 When it was created on that computer. 30 00:01:42,970 --> 00:01:46,150 So that image had it as March 19th of twenty nineteen. 31 00:01:46,540 --> 00:01:50,590 That was the last modified date for that desktop that I and I, I can see. 32 00:01:50,590 --> 00:01:53,090 All my files are newer from 20/20. 33 00:01:54,160 --> 00:01:59,770 And I'm going to switch back over to Mama Turtur, remote shell. 34 00:02:00,610 --> 00:02:05,080 We've seen how to view files on the remote Windows machine. 35 00:02:05,080 --> 00:02:06,160 We've seen how to download. 36 00:02:06,520 --> 00:02:07,960 Now let's see how to upload. 37 00:02:08,380 --> 00:02:14,290 So I'm in the downloads directory, but I don't want to just upload my fortnight all skins into that 38 00:02:14,290 --> 00:02:15,580 downloads directory again. 39 00:02:16,000 --> 00:02:21,300 I actually want to see D into dot, dot, slash. 40 00:02:22,330 --> 00:02:26,920 Let's go into documents and then p d. 41 00:02:27,930 --> 00:02:29,490 So the dot, dot. 42 00:02:29,910 --> 00:02:34,950 If you've used or if you remember from when we were doing this in Linux and Windows, c.D, dot dot 43 00:02:34,950 --> 00:02:40,950 takes us up one directory slash documents means come out of the downloads folder for this user and go 44 00:02:40,950 --> 00:02:47,180 up into the root and go into the user's home folder, then go into their documents folder. 45 00:02:47,210 --> 00:02:51,060 So go up into the home and then down into their documents. 46 00:02:51,630 --> 00:02:55,740 Now, if I can remember where my file is on this Caleigh Linux box. 47 00:02:56,340 --> 00:03:04,320 And if we remember, we created two copies of ICD to my desktop and else I've got my fortnight, all 48 00:03:04,320 --> 00:03:05,340 skins there. 49 00:03:06,180 --> 00:03:09,090 And if I c.b and if I do a PWP. 50 00:03:12,200 --> 00:03:17,060 On my Caleigh box, I can see that's home Caleigh desktop fortnight oilskins daddy XY, in fact, I'm 51 00:03:17,060 --> 00:03:20,270 going to copy that just so I don't misspell it. 52 00:03:20,420 --> 00:03:21,750 So I'm going to copy that selection. 53 00:03:22,370 --> 00:03:29,660 I want to upload an extra copy of this virus into the documents folder so that if Windows Defender wakes 54 00:03:29,660 --> 00:03:33,500 up and deletes it out of my downloads folder, I'll be able to add it in there. 55 00:03:33,520 --> 00:03:39,380 So if I do an LSN documents right now, we'll see that it's got some folders from my pictures, my videos, 56 00:03:39,410 --> 00:03:41,680 but it doesn't really have very much in here. 57 00:03:41,690 --> 00:03:43,670 Desktop I9, a power shell folder. 58 00:03:44,120 --> 00:03:51,050 So if we look over on our Windows computer and come up to the documents folder, that power show folder 59 00:03:51,050 --> 00:03:52,280 is the only thing that's showing up. 60 00:03:52,280 --> 00:03:54,560 And then we've got links to my pictures and videos. 61 00:03:55,010 --> 00:04:01,160 So what I want to do is from my Kalli computer, from my Caleigh virtual machine running Materne critter 62 00:04:02,000 --> 00:04:03,830 across that reverse CCP connection. 63 00:04:03,860 --> 00:04:11,660 I'm going to upload slash home, slash Caleigh slash desktop. 64 00:04:13,770 --> 00:04:19,530 And I'm going to get my fortnight all skins with a control v, there are control shift V or just a paste 65 00:04:21,180 --> 00:04:27,000 upload slash home, slash Kelly slash desktop fortnight oilskins and press enter. 66 00:04:28,910 --> 00:04:32,340 And you see, it says it's uploading and has uploaded fortnight all skins. 67 00:04:32,370 --> 00:04:34,890 Let's switch back to the Windows computer and see if that's true. 68 00:04:36,320 --> 00:04:37,580 Look at that. 69 00:04:37,670 --> 00:04:41,760 So now in our downloads folder, we have the original copy that we downloaded. 70 00:04:42,380 --> 00:04:47,210 But when we ran it, we gave a remote attacker our Kelly Windows. 71 00:04:47,300 --> 00:04:48,650 Our Kelly virtual machine. 72 00:04:49,040 --> 00:04:57,680 Complete control to access the file system, to view, to download and to upload files across that Materne 73 00:04:57,680 --> 00:04:58,580 Critter connection. 74 00:04:59,840 --> 00:05:04,160 Well, if that scares you, that's a good thing, because you should never run a file that you don't 75 00:05:04,160 --> 00:05:05,510 trust from across the Internet. 76 00:05:05,780 --> 00:05:10,520 But when we come back, we're going to see how to take even more command and control of that Windows 77 00:05:10,520 --> 00:05:11,300 10 computer. 78 00:05:11,570 --> 00:05:16,760 We'll go all the way through how to attack a Web cam that you may have attached. 79 00:05:17,030 --> 00:05:18,740 We'll see that in the next couple lessons.