1
00:00:03,140 --> 00:00:09,860
Welcome back to our next lesson on viewing, downloading and uploading files to and from an infected

2
00:00:09,860 --> 00:00:12,470
Windows 10 computer from our Linux box.

3
00:00:12,860 --> 00:00:16,700
In our previous listen we Rampy WD to print the working directory.

4
00:00:16,940 --> 00:00:18,230
We can see that we're in downloads.

5
00:00:18,260 --> 00:00:23,900
But remember, our Defendor woke up and deleted that downloaded file.

6
00:00:24,200 --> 00:00:25,280
So if I do an L.

7
00:00:25,370 --> 00:00:29,270
S or a D.R, either one of those two commands should work just fine.

8
00:00:29,810 --> 00:00:32,370
I can see I've got a couple of files on my Windows computer.

9
00:00:32,390 --> 00:00:38,420
Now, remember, I'm running interpreter on my Windows computer that's infected and I'm when I run L.

10
00:00:38,420 --> 00:00:43,550
S from Inside Materne program, actually listing the files on that Windows computer.

11
00:00:43,550 --> 00:00:45,790
So I see the fortnight oilskins Dudi XY.

12
00:00:46,370 --> 00:00:50,150
But what I also see a desktop that I, I could try.

13
00:00:50,210 --> 00:00:53,030
Cat Command desktop.

14
00:00:54,400 --> 00:01:04,000
Top dog, I and I and I can see the configuration information for this Windows computer, so that user's

15
00:01:04,000 --> 00:01:07,570
desktop that I and I file just as a little bit of local information.

16
00:01:08,020 --> 00:01:12,730
If we wanted to, we could download that file, download desktop.

17
00:01:13,850 --> 00:01:18,820
I and I that's not very interesting information, but it just shows that we can actually pull those

18
00:01:18,820 --> 00:01:19,660
files locally.

19
00:01:20,080 --> 00:01:25,120
And then if I switch over to a different terminal window and then L.

20
00:01:25,120 --> 00:01:25,660
S.

21
00:01:26,800 --> 00:01:29,770
I will see a new file that it created in my home directory.

22
00:01:29,830 --> 00:01:31,810
My Caleigh home directory.

23
00:01:32,200 --> 00:01:32,880
Desktop.

24
00:01:33,130 --> 00:01:33,580
I and I.

25
00:01:33,610 --> 00:01:35,080
That came from that Windows computer.

26
00:01:35,080 --> 00:01:36,680
If I do an LSD dash l.

27
00:01:37,720 --> 00:01:39,700
I can see that it came from that computer.

28
00:01:41,260 --> 00:01:41,450
Oh.

29
00:01:41,530 --> 00:01:42,970
When it was created on that computer.

30
00:01:42,970 --> 00:01:46,150
So that image had it as March 19th of twenty nineteen.

31
00:01:46,540 --> 00:01:50,590
That was the last modified date for that desktop that I and I, I can see.

32
00:01:50,590 --> 00:01:53,090
All my files are newer from 20/20.

33
00:01:54,160 --> 00:01:59,770
And I'm going to switch back over to Mama Turtur, remote shell.

34
00:02:00,610 --> 00:02:05,080
We've seen how to view files on the remote Windows machine.

35
00:02:05,080 --> 00:02:06,160
We've seen how to download.

36
00:02:06,520 --> 00:02:07,960
Now let's see how to upload.

37
00:02:08,380 --> 00:02:14,290
So I'm in the downloads directory, but I don't want to just upload my fortnight all skins into that

38
00:02:14,290 --> 00:02:15,580
downloads directory again.

39
00:02:16,000 --> 00:02:21,300
I actually want to see D into dot, dot, slash.

40
00:02:22,330 --> 00:02:26,920
Let's go into documents and then p d.

41
00:02:27,930 --> 00:02:29,490
So the dot, dot.

42
00:02:29,910 --> 00:02:34,950
If you've used or if you remember from when we were doing this in Linux and Windows, c.D, dot dot

43
00:02:34,950 --> 00:02:40,950
takes us up one directory slash documents means come out of the downloads folder for this user and go

44
00:02:40,950 --> 00:02:47,180
up into the root and go into the user's home folder, then go into their documents folder.

45
00:02:47,210 --> 00:02:51,060
So go up into the home and then down into their documents.

46
00:02:51,630 --> 00:02:55,740
Now, if I can remember where my file is on this Caleigh Linux box.

47
00:02:56,340 --> 00:03:04,320
And if we remember, we created two copies of ICD to my desktop and else I've got my fortnight, all

48
00:03:04,320 --> 00:03:05,340
skins there.

49
00:03:06,180 --> 00:03:09,090
And if I c.b and if I do a PWP.

50
00:03:12,200 --> 00:03:17,060
On my Caleigh box, I can see that's home Caleigh desktop fortnight oilskins daddy XY, in fact, I'm

51
00:03:17,060 --> 00:03:20,270
going to copy that just so I don't misspell it.

52
00:03:20,420 --> 00:03:21,750
So I'm going to copy that selection.

53
00:03:22,370 --> 00:03:29,660
I want to upload an extra copy of this virus into the documents folder so that if Windows Defender wakes

54
00:03:29,660 --> 00:03:33,500
up and deletes it out of my downloads folder, I'll be able to add it in there.

55
00:03:33,520 --> 00:03:39,380
So if I do an LSN documents right now, we'll see that it's got some folders from my pictures, my videos,

56
00:03:39,410 --> 00:03:41,680
but it doesn't really have very much in here.

57
00:03:41,690 --> 00:03:43,670
Desktop I9, a power shell folder.

58
00:03:44,120 --> 00:03:51,050
So if we look over on our Windows computer and come up to the documents folder, that power show folder

59
00:03:51,050 --> 00:03:52,280
is the only thing that's showing up.

60
00:03:52,280 --> 00:03:54,560
And then we've got links to my pictures and videos.

61
00:03:55,010 --> 00:04:01,160
So what I want to do is from my Kalli computer, from my Caleigh virtual machine running Materne critter

62
00:04:02,000 --> 00:04:03,830
across that reverse CCP connection.

63
00:04:03,860 --> 00:04:11,660
I'm going to upload slash home, slash Caleigh slash desktop.

64
00:04:13,770 --> 00:04:19,530
And I'm going to get my fortnight all skins with a control v, there are control shift V or just a paste

65
00:04:21,180 --> 00:04:27,000
upload slash home, slash Kelly slash desktop fortnight oilskins and press enter.

66
00:04:28,910 --> 00:04:32,340
And you see, it says it's uploading and has uploaded fortnight all skins.

67
00:04:32,370 --> 00:04:34,890
Let's switch back to the Windows computer and see if that's true.

68
00:04:36,320 --> 00:04:37,580
Look at that.

69
00:04:37,670 --> 00:04:41,760
So now in our downloads folder, we have the original copy that we downloaded.

70
00:04:42,380 --> 00:04:47,210
But when we ran it, we gave a remote attacker our Kelly Windows.

71
00:04:47,300 --> 00:04:48,650
Our Kelly virtual machine.

72
00:04:49,040 --> 00:04:57,680
Complete control to access the file system, to view, to download and to upload files across that Materne

73
00:04:57,680 --> 00:04:58,580
Critter connection.

74
00:04:59,840 --> 00:05:04,160
Well, if that scares you, that's a good thing, because you should never run a file that you don't

75
00:05:04,160 --> 00:05:05,510
trust from across the Internet.

76
00:05:05,780 --> 00:05:10,520
But when we come back, we're going to see how to take even more command and control of that Windows

77
00:05:10,520 --> 00:05:11,300
10 computer.

78
00:05:11,570 --> 00:05:16,760
We'll go all the way through how to attack a Web cam that you may have attached.

79
00:05:17,030 --> 00:05:18,740
We'll see that in the next couple lessons.