1
00:00:03,190 --> 00:00:09,990
At this point, we're almost halfway through our command and control section on Windows 10 using materne

2
00:00:09,990 --> 00:00:10,240
fritter.

3
00:00:10,840 --> 00:00:17,200
But we're just scratching the surface of what you can do with materne fritter when you are penetration

4
00:00:17,200 --> 00:00:23,320
testing and network or doing a security assessment against individual users or against a company.

5
00:00:24,370 --> 00:00:28,900
You, of course, want to use this ethically because everything that we're doing here can get you in

6
00:00:28,900 --> 00:00:29,380
trouble.

7
00:00:29,680 --> 00:00:35,360
But we're gonna take the the fear factor up a significant step with this lesson, because we're going

8
00:00:35,360 --> 00:00:43,930
to see how to grab screenshots, how to capture keystrokes and even how to take over the Web cam on

9
00:00:43,930 --> 00:00:45,640
an infected Windows computer.

10
00:00:45,660 --> 00:00:46,810
So I've attached a Web cam.

11
00:00:46,810 --> 00:00:49,120
We show how to do that in the previous section.

12
00:00:49,480 --> 00:00:54,340
So if you haven't attached a USP Web cam and you have an extra one around that you're going to attach

13
00:00:54,340 --> 00:00:55,320
to your Kelly VM.

14
00:00:55,780 --> 00:01:01,200
It's a good idea to go back into the previous section and see how to add that USP Keibel USP Web cam.

15
00:01:01,540 --> 00:01:03,430
But we're gonna do screenshots.

16
00:01:03,670 --> 00:01:06,600
We're going to do keystrokes and webcams.

17
00:01:06,940 --> 00:01:08,260
So let's jump right in.

18
00:01:09,790 --> 00:01:13,770
First of all, I'm still in a good Windows Materne session if you need to re-establish one.

19
00:01:13,840 --> 00:01:19,660
You saw how to do a session, you saw how to rerun your Kelly, your exploit from windows so that it

20
00:01:19,660 --> 00:01:20,530
calls back to Kelly.

21
00:01:20,860 --> 00:01:28,240
We even uploaded a second copy of the virus into our documents folder and we created an exception in

22
00:01:28,240 --> 00:01:30,190
the virus and thread exceptions.

23
00:01:30,550 --> 00:01:35,200
So the Windows defender won't delete that one even if it wakes up and deletes our downloaded virus.

24
00:01:35,500 --> 00:01:39,820
So we'll be able to rerun and reconnect really easily with just three or four lines of code.

25
00:01:40,780 --> 00:01:46,420
So up next, we're going to do a help one more time and we're going to come up to.

26
00:01:49,980 --> 00:01:55,560
The user interface commands and take a look at what we've got here, we got screen shot.

27
00:01:55,890 --> 00:01:57,060
So that might be interesting.

28
00:01:57,060 --> 00:01:59,480
Just see what's on the user's screen right now.

29
00:01:59,910 --> 00:02:01,230
Let's do that one first.

30
00:02:01,650 --> 00:02:02,970
So if I control El.

31
00:02:04,340 --> 00:02:06,440
I'm going to try the command screenshot.

32
00:02:08,800 --> 00:02:11,250
And I'm going to use an option here, Dash V.

33
00:02:11,890 --> 00:02:12,470
True.

34
00:02:13,760 --> 00:02:15,790
That's the dash view option.

35
00:02:15,800 --> 00:02:16,780
So screenshot.

36
00:02:17,090 --> 00:02:22,940
And I want a view that screenshot right here live in my windows and my Caleigh box from Windows.

37
00:02:23,330 --> 00:02:27,410
If you just say screenshot, it's going to save a screenshot into your home folder and you can go to

38
00:02:27,410 --> 00:02:29,000
your other tab and open that up.

39
00:02:29,300 --> 00:02:32,270
But we're gonna view it right as it takes the screenshot.

40
00:02:32,930 --> 00:02:33,830
And look at that.

41
00:02:33,890 --> 00:02:42,890
I am in my Caleigh virtual machine, but I'm looking at the desktop of that remote Windows 10 computer.

42
00:02:43,490 --> 00:02:45,790
Now it's just a quick image file.

43
00:02:45,800 --> 00:02:47,780
This doesn't let us interact with it at all.

44
00:02:48,290 --> 00:02:51,020
But if we close these.

45
00:02:52,800 --> 00:02:53,470
There we go.

46
00:02:53,960 --> 00:02:56,200
I might even be able to do a screen share.

47
00:02:56,530 --> 00:03:00,730
Now, let me do a quick word of warning, because sometimes the screen share command will crash your

48
00:03:00,740 --> 00:03:10,270
maternity connection because it's sending full video of your Windows desktop back to your Caleigh machine.

49
00:03:10,540 --> 00:03:11,080
But let's try.

50
00:03:11,100 --> 00:03:12,070
Screen share.

51
00:03:17,220 --> 00:03:19,350
And it says playing.

52
00:03:19,470 --> 00:03:21,300
So what I want to do is change the screen.

53
00:03:21,360 --> 00:03:24,540
So let's go over here and surf to a different address.

54
00:03:24,570 --> 00:03:30,600
Let's go to Wells Fargo or Goldman Sachs Bank.

55
00:03:32,590 --> 00:03:33,310
Or any bank.

56
00:03:33,350 --> 00:03:39,370
And you notice it's slowing down my Internet connection because this is streaming full video from my

57
00:03:39,370 --> 00:03:43,180
Windows computer to my Caleigh computer.

58
00:03:43,210 --> 00:03:51,130
But everything you look at on your desktop, a remote attacker will be able to see if you run an infected

59
00:03:51,130 --> 00:03:54,400
file that's running a remote access Trojan like Materne printer.

60
00:03:55,060 --> 00:03:56,950
So that is creepy.

61
00:03:57,160 --> 00:03:59,680
But we're gonna take it up a couple more notches.

62
00:04:00,460 --> 00:04:07,270
So what I'm going to do is control see to kill that screen share so that it stops showing so much information

63
00:04:07,780 --> 00:04:09,460
control l to clear the screen.

64
00:04:10,120 --> 00:04:12,610
We've seen how to do a screenshot and a screen share.

65
00:04:12,820 --> 00:04:15,700
Let's see how to capture key strokes.

66
00:04:16,150 --> 00:04:22,540
So we saw if we help or use the help command and scroll up just a bit.

67
00:04:23,910 --> 00:04:26,850
We saw the screen share and screen shot.

68
00:04:27,240 --> 00:04:33,710
We also have key scan start, key scan dump and key scan stop.

69
00:04:34,230 --> 00:04:35,880
So let's see how that would work.

70
00:04:36,270 --> 00:04:41,580
So I will type in key scan, underscore, start.

71
00:04:42,630 --> 00:04:46,470
And so it started a keystroke sniffer on my Windows computer.

72
00:04:46,920 --> 00:04:55,460
So let's say that I search for hacking for kids on Amazon.

73
00:04:58,890 --> 00:05:00,870
There's a book called Hacking for Kids.

74
00:05:03,770 --> 00:05:04,560
Oh, look at that.

75
00:05:04,590 --> 00:05:06,960
There's another great book called Teach Your Kids to Code.

76
00:05:07,360 --> 00:05:09,930
Those happen to be a couple of mine, so I'm a little bit proud of those.

77
00:05:10,230 --> 00:05:10,710
Look at that.

78
00:05:10,710 --> 00:05:13,630
We've got hacking for kids from the author, Bryce Payne.

79
00:05:14,040 --> 00:05:15,690
Who knew you could even preorder?

80
00:05:15,960 --> 00:05:19,080
We've got got lots of really cool things available.

81
00:05:19,170 --> 00:05:22,260
But I just did a search for hacking for kids.

82
00:05:22,350 --> 00:05:23,100
Amazon.

83
00:05:24,160 --> 00:05:25,890
Let's do a key scan dump.

84
00:05:29,380 --> 00:05:36,520
And look at what Materne Critter sent back to my Kalli computer hacking for kids.

85
00:05:36,580 --> 00:05:37,240
Amazon.

86
00:05:37,720 --> 00:05:43,690
Now, of course, I didn't type in my username or my password, but if I typed those things in, they

87
00:05:43,690 --> 00:05:45,340
would be showing right here as well.

88
00:05:45,670 --> 00:05:52,600
So I'm going to stop that key scan source, a key scan underscore stop, because that is a really noisy

89
00:05:52,600 --> 00:05:53,010
command.

90
00:05:53,010 --> 00:05:58,900
It takes up a lot of your network connection because every keystroke that an infected user types on

91
00:05:58,900 --> 00:06:04,690
their Windows 10 computer now comes over to my Caleigh box.

92
00:06:05,020 --> 00:06:08,200
That's passwords, credit card numbers, everything that you might type in.

93
00:06:08,230 --> 00:06:13,420
You see why we're starting to get really paranoid about downloading and running strange files?

94
00:06:13,840 --> 00:06:15,580
Well, let's take it one step further.

95
00:06:15,850 --> 00:06:24,730
So in the previous section, I connected a USP Web cam, and I'm just gonna double check that that device

96
00:06:24,730 --> 00:06:28,870
is available here and I'm going to connect it to my Caleigh box.

97
00:06:29,000 --> 00:06:29,560
Oh, sorry.

98
00:06:29,560 --> 00:06:31,710
I'm going to connect it to my Windows 10 box.

99
00:06:32,080 --> 00:06:34,030
So I've got my Windows 10 computer running.

100
00:06:34,090 --> 00:06:35,470
My VM is in front.

101
00:06:35,680 --> 00:06:40,590
I come up to devices now on my Windows on a Windows desktop.

102
00:06:40,600 --> 00:06:45,560
Devices will be right at the top of the window itself on my Mac.

103
00:06:45,580 --> 00:06:48,100
It's up here at the top of the screen.

104
00:06:48,430 --> 00:06:50,840
I'm going to come to devices and I'm going to find this webcam.

105
00:06:50,890 --> 00:06:57,700
Notice Smile Mac book here has a face time camera but also added the second USP.

106
00:06:57,760 --> 00:06:58,210
Camera.

107
00:06:59,850 --> 00:07:08,270
Once that set up, I'm going to see if I can actually attach if I can attack this webcam from my Caleigh

108
00:07:08,280 --> 00:07:09,360
computer remotely.

109
00:07:10,080 --> 00:07:15,690
So I'm just going to sit this down right here and I'm going to use one of my commands.

110
00:07:15,690 --> 00:07:16,430
I say help.

111
00:07:17,870 --> 00:07:20,030
Just to see what that command was again.

112
00:07:21,210 --> 00:07:24,960
So under the webcam controls, I can record from the microphone.

113
00:07:25,440 --> 00:07:28,440
I'm not going to start a video chat with an infected user.

114
00:07:28,950 --> 00:07:30,450
I can list Web cams.

115
00:07:30,480 --> 00:07:35,250
I can take a snapshot from the webcam and I can stream from that webcam.

116
00:07:35,940 --> 00:07:36,510
Ouch.

117
00:07:36,720 --> 00:07:39,660
So let's say web cam list.

118
00:07:42,410 --> 00:07:43,550
Underscore list.

119
00:07:44,950 --> 00:07:45,940
And look at this.

120
00:07:45,970 --> 00:07:52,750
My Windows 10 virtual machine has a USP Web cam attached to it.

121
00:07:52,990 --> 00:07:54,490
The one that I just connected.

122
00:07:56,030 --> 00:08:04,130
So now, if I say webcam underscore stream before I president are on this, let me just do one more

123
00:08:04,130 --> 00:08:04,720
reality show.

124
00:08:04,790 --> 00:08:06,140
Actually, two reality checks.

125
00:08:06,170 --> 00:08:06,740
Number one.

126
00:08:07,520 --> 00:08:10,610
Don't use this virus even as a prank.

127
00:08:11,180 --> 00:08:18,050
Even with a friend, even with someone who's given you permission, if you don't have complete permission

128
00:08:18,050 --> 00:08:22,640
to use the network that you're on, the network that that user is on.

129
00:08:23,060 --> 00:08:26,060
And and make sure that you've done that.

130
00:08:26,060 --> 00:08:31,640
You checked through the laws in your local and your location just to make sure that this is not illegal,

131
00:08:32,030 --> 00:08:33,950
even to possess or to run.

132
00:08:34,370 --> 00:08:40,640
But you need to know that an attacker can run these kinds of commands through a simple virus as easy

133
00:08:40,640 --> 00:08:41,230
as this one.

134
00:08:42,760 --> 00:08:48,250
And you need to remember why it's important to run good antivirus and keep your firewall up to date.

135
00:08:48,670 --> 00:08:50,980
So when we click webcam stream.

136
00:08:53,560 --> 00:08:55,360
It is going to work to set up.

137
00:08:55,450 --> 00:08:56,680
Oh, my goodness.

138
00:08:59,850 --> 00:09:10,650
If you notice as I move this USP Web cam, it's going to be able to see me on the screen so you can

139
00:09:10,650 --> 00:09:17,010
see my tiny little video window there, because this is a very old webcam, but it's still a webcam,

140
00:09:17,130 --> 00:09:18,870
just like you might have on a real computer.

141
00:09:18,870 --> 00:09:26,640
You see, there's a little bit of a lag on the screen, but an infected user has opened up their files.

142
00:09:26,970 --> 00:09:35,940
They've opened up their screen, their desktop, their keystrokes and even their Web cam to an attacker

143
00:09:36,060 --> 00:09:41,010
across the Internet who has a little bit of knowledge of Kalli.

144
00:09:42,330 --> 00:09:46,860
So I know that this has been scary, but it's been with a purpose.

145
00:09:47,190 --> 00:09:52,590
We want you to know how important it is to protect your Windows 10 computer, your Caleigh computer,

146
00:09:52,980 --> 00:09:59,760
your Mac, your cell phone and other devices that have a computer chip and have a lot of devices in

147
00:09:59,760 --> 00:10:00,510
them like this one.

148
00:10:01,380 --> 00:10:06,630
When we come back in the next section, we you see just a few last steps in the commanding control.

149
00:10:06,890 --> 00:10:12,630
We're going to raise our privileges to the level that we're going to be able to steal windows, passwords

150
00:10:13,020 --> 00:10:14,610
from an infected computer.

151
00:10:14,640 --> 00:10:19,440
This is how attackers get into one computer and get dozens of passwords.

152
00:10:20,160 --> 00:10:22,660
So we'll see how to do that in the next lesson.