1 00:00:03,190 --> 00:00:09,990 At this point, we're almost halfway through our command and control section on Windows 10 using materne 2 00:00:09,990 --> 00:00:10,240 fritter. 3 00:00:10,840 --> 00:00:17,200 But we're just scratching the surface of what you can do with materne fritter when you are penetration 4 00:00:17,200 --> 00:00:23,320 testing and network or doing a security assessment against individual users or against a company. 5 00:00:24,370 --> 00:00:28,900 You, of course, want to use this ethically because everything that we're doing here can get you in 6 00:00:28,900 --> 00:00:29,380 trouble. 7 00:00:29,680 --> 00:00:35,360 But we're gonna take the the fear factor up a significant step with this lesson, because we're going 8 00:00:35,360 --> 00:00:43,930 to see how to grab screenshots, how to capture keystrokes and even how to take over the Web cam on 9 00:00:43,930 --> 00:00:45,640 an infected Windows computer. 10 00:00:45,660 --> 00:00:46,810 So I've attached a Web cam. 11 00:00:46,810 --> 00:00:49,120 We show how to do that in the previous section. 12 00:00:49,480 --> 00:00:54,340 So if you haven't attached a USP Web cam and you have an extra one around that you're going to attach 13 00:00:54,340 --> 00:00:55,320 to your Kelly VM. 14 00:00:55,780 --> 00:01:01,200 It's a good idea to go back into the previous section and see how to add that USP Keibel USP Web cam. 15 00:01:01,540 --> 00:01:03,430 But we're gonna do screenshots. 16 00:01:03,670 --> 00:01:06,600 We're going to do keystrokes and webcams. 17 00:01:06,940 --> 00:01:08,260 So let's jump right in. 18 00:01:09,790 --> 00:01:13,770 First of all, I'm still in a good Windows Materne session if you need to re-establish one. 19 00:01:13,840 --> 00:01:19,660 You saw how to do a session, you saw how to rerun your Kelly, your exploit from windows so that it 20 00:01:19,660 --> 00:01:20,530 calls back to Kelly. 21 00:01:20,860 --> 00:01:28,240 We even uploaded a second copy of the virus into our documents folder and we created an exception in 22 00:01:28,240 --> 00:01:30,190 the virus and thread exceptions. 23 00:01:30,550 --> 00:01:35,200 So the Windows defender won't delete that one even if it wakes up and deletes our downloaded virus. 24 00:01:35,500 --> 00:01:39,820 So we'll be able to rerun and reconnect really easily with just three or four lines of code. 25 00:01:40,780 --> 00:01:46,420 So up next, we're going to do a help one more time and we're going to come up to. 26 00:01:49,980 --> 00:01:55,560 The user interface commands and take a look at what we've got here, we got screen shot. 27 00:01:55,890 --> 00:01:57,060 So that might be interesting. 28 00:01:57,060 --> 00:01:59,480 Just see what's on the user's screen right now. 29 00:01:59,910 --> 00:02:01,230 Let's do that one first. 30 00:02:01,650 --> 00:02:02,970 So if I control El. 31 00:02:04,340 --> 00:02:06,440 I'm going to try the command screenshot. 32 00:02:08,800 --> 00:02:11,250 And I'm going to use an option here, Dash V. 33 00:02:11,890 --> 00:02:12,470 True. 34 00:02:13,760 --> 00:02:15,790 That's the dash view option. 35 00:02:15,800 --> 00:02:16,780 So screenshot. 36 00:02:17,090 --> 00:02:22,940 And I want a view that screenshot right here live in my windows and my Caleigh box from Windows. 37 00:02:23,330 --> 00:02:27,410 If you just say screenshot, it's going to save a screenshot into your home folder and you can go to 38 00:02:27,410 --> 00:02:29,000 your other tab and open that up. 39 00:02:29,300 --> 00:02:32,270 But we're gonna view it right as it takes the screenshot. 40 00:02:32,930 --> 00:02:33,830 And look at that. 41 00:02:33,890 --> 00:02:42,890 I am in my Caleigh virtual machine, but I'm looking at the desktop of that remote Windows 10 computer. 42 00:02:43,490 --> 00:02:45,790 Now it's just a quick image file. 43 00:02:45,800 --> 00:02:47,780 This doesn't let us interact with it at all. 44 00:02:48,290 --> 00:02:51,020 But if we close these. 45 00:02:52,800 --> 00:02:53,470 There we go. 46 00:02:53,960 --> 00:02:56,200 I might even be able to do a screen share. 47 00:02:56,530 --> 00:03:00,730 Now, let me do a quick word of warning, because sometimes the screen share command will crash your 48 00:03:00,740 --> 00:03:10,270 maternity connection because it's sending full video of your Windows desktop back to your Caleigh machine. 49 00:03:10,540 --> 00:03:11,080 But let's try. 50 00:03:11,100 --> 00:03:12,070 Screen share. 51 00:03:17,220 --> 00:03:19,350 And it says playing. 52 00:03:19,470 --> 00:03:21,300 So what I want to do is change the screen. 53 00:03:21,360 --> 00:03:24,540 So let's go over here and surf to a different address. 54 00:03:24,570 --> 00:03:30,600 Let's go to Wells Fargo or Goldman Sachs Bank. 55 00:03:32,590 --> 00:03:33,310 Or any bank. 56 00:03:33,350 --> 00:03:39,370 And you notice it's slowing down my Internet connection because this is streaming full video from my 57 00:03:39,370 --> 00:03:43,180 Windows computer to my Caleigh computer. 58 00:03:43,210 --> 00:03:51,130 But everything you look at on your desktop, a remote attacker will be able to see if you run an infected 59 00:03:51,130 --> 00:03:54,400 file that's running a remote access Trojan like Materne printer. 60 00:03:55,060 --> 00:03:56,950 So that is creepy. 61 00:03:57,160 --> 00:03:59,680 But we're gonna take it up a couple more notches. 62 00:04:00,460 --> 00:04:07,270 So what I'm going to do is control see to kill that screen share so that it stops showing so much information 63 00:04:07,780 --> 00:04:09,460 control l to clear the screen. 64 00:04:10,120 --> 00:04:12,610 We've seen how to do a screenshot and a screen share. 65 00:04:12,820 --> 00:04:15,700 Let's see how to capture key strokes. 66 00:04:16,150 --> 00:04:22,540 So we saw if we help or use the help command and scroll up just a bit. 67 00:04:23,910 --> 00:04:26,850 We saw the screen share and screen shot. 68 00:04:27,240 --> 00:04:33,710 We also have key scan start, key scan dump and key scan stop. 69 00:04:34,230 --> 00:04:35,880 So let's see how that would work. 70 00:04:36,270 --> 00:04:41,580 So I will type in key scan, underscore, start. 71 00:04:42,630 --> 00:04:46,470 And so it started a keystroke sniffer on my Windows computer. 72 00:04:46,920 --> 00:04:55,460 So let's say that I search for hacking for kids on Amazon. 73 00:04:58,890 --> 00:05:00,870 There's a book called Hacking for Kids. 74 00:05:03,770 --> 00:05:04,560 Oh, look at that. 75 00:05:04,590 --> 00:05:06,960 There's another great book called Teach Your Kids to Code. 76 00:05:07,360 --> 00:05:09,930 Those happen to be a couple of mine, so I'm a little bit proud of those. 77 00:05:10,230 --> 00:05:10,710 Look at that. 78 00:05:10,710 --> 00:05:13,630 We've got hacking for kids from the author, Bryce Payne. 79 00:05:14,040 --> 00:05:15,690 Who knew you could even preorder? 80 00:05:15,960 --> 00:05:19,080 We've got got lots of really cool things available. 81 00:05:19,170 --> 00:05:22,260 But I just did a search for hacking for kids. 82 00:05:22,350 --> 00:05:23,100 Amazon. 83 00:05:24,160 --> 00:05:25,890 Let's do a key scan dump. 84 00:05:29,380 --> 00:05:36,520 And look at what Materne Critter sent back to my Kalli computer hacking for kids. 85 00:05:36,580 --> 00:05:37,240 Amazon. 86 00:05:37,720 --> 00:05:43,690 Now, of course, I didn't type in my username or my password, but if I typed those things in, they 87 00:05:43,690 --> 00:05:45,340 would be showing right here as well. 88 00:05:45,670 --> 00:05:52,600 So I'm going to stop that key scan source, a key scan underscore stop, because that is a really noisy 89 00:05:52,600 --> 00:05:53,010 command. 90 00:05:53,010 --> 00:05:58,900 It takes up a lot of your network connection because every keystroke that an infected user types on 91 00:05:58,900 --> 00:06:04,690 their Windows 10 computer now comes over to my Caleigh box. 92 00:06:05,020 --> 00:06:08,200 That's passwords, credit card numbers, everything that you might type in. 93 00:06:08,230 --> 00:06:13,420 You see why we're starting to get really paranoid about downloading and running strange files? 94 00:06:13,840 --> 00:06:15,580 Well, let's take it one step further. 95 00:06:15,850 --> 00:06:24,730 So in the previous section, I connected a USP Web cam, and I'm just gonna double check that that device 96 00:06:24,730 --> 00:06:28,870 is available here and I'm going to connect it to my Caleigh box. 97 00:06:29,000 --> 00:06:29,560 Oh, sorry. 98 00:06:29,560 --> 00:06:31,710 I'm going to connect it to my Windows 10 box. 99 00:06:32,080 --> 00:06:34,030 So I've got my Windows 10 computer running. 100 00:06:34,090 --> 00:06:35,470 My VM is in front. 101 00:06:35,680 --> 00:06:40,590 I come up to devices now on my Windows on a Windows desktop. 102 00:06:40,600 --> 00:06:45,560 Devices will be right at the top of the window itself on my Mac. 103 00:06:45,580 --> 00:06:48,100 It's up here at the top of the screen. 104 00:06:48,430 --> 00:06:50,840 I'm going to come to devices and I'm going to find this webcam. 105 00:06:50,890 --> 00:06:57,700 Notice Smile Mac book here has a face time camera but also added the second USP. 106 00:06:57,760 --> 00:06:58,210 Camera. 107 00:06:59,850 --> 00:07:08,270 Once that set up, I'm going to see if I can actually attach if I can attack this webcam from my Caleigh 108 00:07:08,280 --> 00:07:09,360 computer remotely. 109 00:07:10,080 --> 00:07:15,690 So I'm just going to sit this down right here and I'm going to use one of my commands. 110 00:07:15,690 --> 00:07:16,430 I say help. 111 00:07:17,870 --> 00:07:20,030 Just to see what that command was again. 112 00:07:21,210 --> 00:07:24,960 So under the webcam controls, I can record from the microphone. 113 00:07:25,440 --> 00:07:28,440 I'm not going to start a video chat with an infected user. 114 00:07:28,950 --> 00:07:30,450 I can list Web cams. 115 00:07:30,480 --> 00:07:35,250 I can take a snapshot from the webcam and I can stream from that webcam. 116 00:07:35,940 --> 00:07:36,510 Ouch. 117 00:07:36,720 --> 00:07:39,660 So let's say web cam list. 118 00:07:42,410 --> 00:07:43,550 Underscore list. 119 00:07:44,950 --> 00:07:45,940 And look at this. 120 00:07:45,970 --> 00:07:52,750 My Windows 10 virtual machine has a USP Web cam attached to it. 121 00:07:52,990 --> 00:07:54,490 The one that I just connected. 122 00:07:56,030 --> 00:08:04,130 So now, if I say webcam underscore stream before I president are on this, let me just do one more 123 00:08:04,130 --> 00:08:04,720 reality show. 124 00:08:04,790 --> 00:08:06,140 Actually, two reality checks. 125 00:08:06,170 --> 00:08:06,740 Number one. 126 00:08:07,520 --> 00:08:10,610 Don't use this virus even as a prank. 127 00:08:11,180 --> 00:08:18,050 Even with a friend, even with someone who's given you permission, if you don't have complete permission 128 00:08:18,050 --> 00:08:22,640 to use the network that you're on, the network that that user is on. 129 00:08:23,060 --> 00:08:26,060 And and make sure that you've done that. 130 00:08:26,060 --> 00:08:31,640 You checked through the laws in your local and your location just to make sure that this is not illegal, 131 00:08:32,030 --> 00:08:33,950 even to possess or to run. 132 00:08:34,370 --> 00:08:40,640 But you need to know that an attacker can run these kinds of commands through a simple virus as easy 133 00:08:40,640 --> 00:08:41,230 as this one. 134 00:08:42,760 --> 00:08:48,250 And you need to remember why it's important to run good antivirus and keep your firewall up to date. 135 00:08:48,670 --> 00:08:50,980 So when we click webcam stream. 136 00:08:53,560 --> 00:08:55,360 It is going to work to set up. 137 00:08:55,450 --> 00:08:56,680 Oh, my goodness. 138 00:08:59,850 --> 00:09:10,650 If you notice as I move this USP Web cam, it's going to be able to see me on the screen so you can 139 00:09:10,650 --> 00:09:17,010 see my tiny little video window there, because this is a very old webcam, but it's still a webcam, 140 00:09:17,130 --> 00:09:18,870 just like you might have on a real computer. 141 00:09:18,870 --> 00:09:26,640 You see, there's a little bit of a lag on the screen, but an infected user has opened up their files. 142 00:09:26,970 --> 00:09:35,940 They've opened up their screen, their desktop, their keystrokes and even their Web cam to an attacker 143 00:09:36,060 --> 00:09:41,010 across the Internet who has a little bit of knowledge of Kalli. 144 00:09:42,330 --> 00:09:46,860 So I know that this has been scary, but it's been with a purpose. 145 00:09:47,190 --> 00:09:52,590 We want you to know how important it is to protect your Windows 10 computer, your Caleigh computer, 146 00:09:52,980 --> 00:09:59,760 your Mac, your cell phone and other devices that have a computer chip and have a lot of devices in 147 00:09:59,760 --> 00:10:00,510 them like this one. 148 00:10:01,380 --> 00:10:06,630 When we come back in the next section, we you see just a few last steps in the commanding control. 149 00:10:06,890 --> 00:10:12,630 We're going to raise our privileges to the level that we're going to be able to steal windows, passwords 150 00:10:13,020 --> 00:10:14,610 from an infected computer. 151 00:10:14,640 --> 00:10:19,440 This is how attackers get into one computer and get dozens of passwords. 152 00:10:20,160 --> 00:10:22,660 So we'll see how to do that in the next lesson.