1 00:00:00,340 --> 00:00:04,780 Here we are embarking on the execution of the Dup2 system call. 2 00:00:04,810 --> 00:00:13,030 This is an essential task in managing file descriptors, and we are essentially duplicating the my client 3 00:00:13,030 --> 00:00:21,070 if the file descriptor and associating it with the standard output zero, standard output one, and 4 00:00:21,070 --> 00:00:24,370 thus standard error two streams. 5 00:00:24,370 --> 00:00:32,770 So this ensures that the communication channel established with the client encompasses all aspects of 6 00:00:32,770 --> 00:00:34,720 input and output. 7 00:00:34,720 --> 00:00:43,330 So now we will execute it three times to duplicate our file descriptor to stdin, stdout and stderr 8 00:00:43,360 --> 00:00:47,830 error here, which will take zero, one, two respectively. 9 00:00:47,830 --> 00:00:56,380 So the subsequent step here will involve, uh, tripling the impact of our dup2 operations, effectively 10 00:00:56,380 --> 00:01:00,490 enabling communication through all fundamental input and output streams. 11 00:01:00,490 --> 00:01:06,640 So we had the let's actually call this bind listen and accept. 12 00:01:06,640 --> 00:01:07,840 We called here. 13 00:01:07,840 --> 00:01:11,830 So we will do that same to uh dump. 14 00:01:14,670 --> 00:01:16,620 Oh, actually, sorry for this. 15 00:01:16,620 --> 00:01:18,240 We need to change this to dove. 16 00:01:18,240 --> 00:01:22,740 I just realized not a big deal, but this typos happen. 17 00:01:22,740 --> 00:01:25,800 So it actually happened just two times. 18 00:01:26,370 --> 00:01:27,630 The first one is okay. 19 00:01:28,370 --> 00:01:33,020 Now, uh, here, what we're going to do is we will use a DOP cue. 20 00:01:33,020 --> 00:01:35,180 And as you can see, we got a 33. 21 00:01:35,180 --> 00:01:42,020 So executing this command facilitates the identification of the numeric code corresponding to the Dup2 22 00:01:42,020 --> 00:01:42,980 system call. 23 00:01:42,980 --> 00:01:49,490 And this numeric representation greets the operating system in seamlessly duplicating and managing file 24 00:01:49,490 --> 00:01:50,150 descriptors. 25 00:01:50,150 --> 00:01:52,160 So we will also copy this. 26 00:01:52,160 --> 00:01:56,780 So syscall syscall for dup2. 27 00:01:57,740 --> 00:01:59,870 And here. 28 00:02:00,740 --> 00:02:04,670 It was, um, for the 33 here. 29 00:02:04,910 --> 00:02:11,810 Now, let's, uh, build the, uh, dup to, uh, syscall in our assembly program here. 30 00:02:11,810 --> 00:02:16,460 So actually, let's make it not know. 31 00:02:17,760 --> 00:02:18,450 Now? 32 00:02:18,450 --> 00:02:19,110 Yes. 33 00:02:19,890 --> 00:02:25,020 Now what we're going to do is we will just add the command dup. 34 00:02:25,880 --> 00:02:28,940 Two and 33. 35 00:02:28,970 --> 00:02:31,490 Now we will move the die. 36 00:02:31,520 --> 00:02:33,800 Move our die. 37 00:02:33,800 --> 00:02:35,030 RBCs. 38 00:02:35,750 --> 00:02:38,090 Uh, XOR racks. 39 00:02:38,090 --> 00:02:42,650 Racks and add racks. 40 00:02:43,190 --> 00:02:45,920 Um, 33, as we always do here. 41 00:02:46,580 --> 00:02:47,990 Uh, so 33 here. 42 00:02:47,990 --> 00:02:48,230 So. 43 00:02:48,230 --> 00:02:55,100 Because in this case, uh, we will need to enter this because we want to call the syscall for dup2. 44 00:02:55,760 --> 00:02:59,360 And now we will, uh, lastly XOR. 45 00:03:00,660 --> 00:03:07,800 XOR, uh, RSI, RSI and after that we will call the Cisco. 46 00:03:10,090 --> 00:03:10,870 And that's it. 47 00:03:10,870 --> 00:03:15,610 So and also we will call this three times as you remember. 48 00:03:15,610 --> 00:03:17,860 So because we did that in here. 49 00:03:17,860 --> 00:03:21,490 So the first one is for errors no input. 50 00:03:21,490 --> 00:03:24,340 The second one output and the third one is errors. 51 00:03:24,340 --> 00:03:26,290 So zero for input. 52 00:03:26,560 --> 00:03:27,430 Um the. 53 00:03:28,680 --> 00:03:29,130 Yeah. 54 00:03:30,390 --> 00:03:38,370 So the standard output for zero, standard input for one and standard error two uh streams here. 55 00:03:38,370 --> 00:03:41,340 So let's oops. 56 00:03:41,340 --> 00:03:41,820 Yeah. 57 00:03:42,360 --> 00:03:44,910 Now let's go to TCP minus m here. 58 00:03:44,910 --> 00:03:45,480 So. 59 00:03:46,340 --> 00:03:46,970 Here. 60 00:03:49,690 --> 00:03:52,030 In which is zero. 61 00:03:52,030 --> 00:03:54,850 And now we will make the same dub. 62 00:03:54,850 --> 00:03:57,400 Two 3233 again. 63 00:03:57,400 --> 00:03:58,360 But. 64 00:04:00,770 --> 00:04:03,140 Here we will study in. 65 00:04:04,420 --> 00:04:05,470 One. 66 00:04:05,800 --> 00:04:13,930 And now let's, um, here, let's actually copy this from this actually, let's write it down here. 67 00:04:13,930 --> 00:04:15,280 So XOR. 68 00:04:16,000 --> 00:04:17,260 Racks. 69 00:04:17,290 --> 00:04:19,270 Racks here. 70 00:04:19,270 --> 00:04:21,370 And after that. 71 00:04:22,690 --> 00:04:27,460 The last need to call the increment here after add. 72 00:04:27,460 --> 00:04:30,010 So add racks. 73 00:04:31,050 --> 00:04:35,220 33 and we will increment RSI by one. 74 00:04:36,310 --> 00:04:37,810 Increment RSI. 75 00:04:39,600 --> 00:04:42,810 Buy one and Cisco here. 76 00:04:42,810 --> 00:04:47,910 And now we will use the top two for St. 77 00:04:47,940 --> 00:04:49,320 No it was this. 78 00:04:49,440 --> 00:04:51,510 This one was STD out. 79 00:04:51,510 --> 00:04:56,130 And now we will STD error here which is STD standard error. 80 00:04:56,130 --> 00:05:04,650 So dub 233 and std error here which is two. 81 00:05:04,950 --> 00:05:10,440 Now we will do the same here, but we will instead of. 82 00:05:12,310 --> 00:05:12,760 That's actually. 83 00:05:12,760 --> 00:05:13,390 Copy this. 84 00:05:17,940 --> 00:05:19,770 Axle racks, racks and racks. 85 00:05:20,220 --> 00:05:21,210 33. 86 00:05:21,780 --> 00:05:23,850 Increment size is called here. 87 00:05:23,850 --> 00:05:26,310 So in this case we will call this um. 88 00:05:27,240 --> 00:05:28,230 Third here. 89 00:05:28,230 --> 00:05:29,520 So STD error here. 90 00:05:29,520 --> 00:05:30,840 So no second. 91 00:05:30,840 --> 00:05:37,590 So in this case we are after this one here we are incrementing this by one. 92 00:05:37,590 --> 00:05:46,290 And this happens that 33 uh that now has this uh two in its value here. 93 00:05:46,440 --> 00:05:50,550 So and I want to explain this again, uh, here. 94 00:05:50,550 --> 00:06:00,090 So in this DUP system call DUP two system call, we are placing the value of x which holds the client, 95 00:06:00,150 --> 00:06:07,140 uh, my client, if the value variable into the RDF register, it is an essential step in preparing 96 00:06:07,140 --> 00:06:10,050 the old file descriptor for the duplication process. 97 00:06:10,200 --> 00:06:17,490 And by executing this, uh, XOR of racks, racks, we are clearing the racks register, preparing it 98 00:06:17,490 --> 00:06:19,170 for its upcoming role. 99 00:06:19,170 --> 00:06:25,590 And subsequently we increment this value by racks here, um, by 32. 100 00:06:25,620 --> 00:06:26,010 No. 101 00:06:27,150 --> 00:06:35,940 The value in racks by yeah 33 effectively assigning it to uh dup to syscall number here and we ensure 102 00:06:35,940 --> 00:06:39,570 that the RSA register is set to zero. 103 00:06:40,050 --> 00:06:45,300 And um, aligning it for the second phase of our operation here. 104 00:06:45,300 --> 00:06:48,690 And we ensure and here we ensure that. 105 00:06:48,690 --> 00:06:55,530 And after that this instruction is executed propelling the operating system to enact the DUP to action. 106 00:06:55,530 --> 00:07:03,960 And when we then repeat the process two more times by incrementing RSI each time ensuring that the DUP 107 00:07:03,960 --> 00:07:12,300 two operation is carried out for all three streams one, two, three and uh, here we will also. 108 00:07:13,800 --> 00:07:15,210 Um, what we. 109 00:07:15,390 --> 00:07:18,900 What we have left to do is you. 110 00:07:18,900 --> 00:07:22,680 We have completed this, uh, top here. 111 00:07:23,590 --> 00:07:28,960 And now we need to add our exec Cisco. 112 00:07:28,990 --> 00:07:31,150 So now let's actually. 113 00:07:32,510 --> 00:07:34,730 Prepare the arguments for the exec syscall. 114 00:07:34,760 --> 00:07:35,270 Here. 115 00:07:35,270 --> 00:07:36,350 So. 116 00:07:37,250 --> 00:07:38,090 Exec. 117 00:07:40,120 --> 00:07:40,660 Exec. 118 00:07:40,660 --> 00:07:41,050 We. 119 00:07:49,230 --> 00:07:49,770 No. 120 00:07:50,130 --> 00:07:51,480 Exactly. 121 00:07:51,510 --> 00:07:52,470 Siskel. 122 00:07:56,740 --> 00:07:58,840 And that exec syscall. 123 00:07:58,840 --> 00:08:01,150 We did that in previous lecture here. 124 00:08:01,150 --> 00:08:02,080 I found that. 125 00:08:02,080 --> 00:08:06,640 So you can find it find this in this lectures attachment sections. 126 00:08:06,640 --> 00:08:08,890 But also you can just write it. 127 00:08:08,890 --> 00:08:11,050 So it's not a long program here. 128 00:08:12,220 --> 00:08:14,650 So after that, let's call this. 129 00:08:15,820 --> 00:08:18,610 And here our code is ready. 130 00:08:18,610 --> 00:08:22,330 Now, now let's put all the pieces together in one code. 131 00:08:22,330 --> 00:08:27,280 So you remember we firstly called this socket call here. 132 00:08:27,550 --> 00:08:31,450 No we don't we didn't we didn't call the socket call firstly. 133 00:08:33,230 --> 00:08:33,920 Yes. 134 00:08:33,920 --> 00:08:35,180 And after that? 135 00:08:36,370 --> 00:08:38,590 We had to call this. 136 00:08:38,590 --> 00:08:43,210 Listen, posh port numbers and bind here. 137 00:08:44,160 --> 00:08:45,000 Yes. 138 00:08:45,000 --> 00:08:50,250 And before that, now we will first define our global start. 139 00:08:50,910 --> 00:08:55,230 So global start section text here. 140 00:08:55,230 --> 00:08:57,900 This is where our code will be here. 141 00:08:58,050 --> 00:09:01,290 And now what we're going to do. 142 00:09:03,410 --> 00:09:04,610 Yes we will. 143 00:09:04,610 --> 00:09:05,510 Firstly. 144 00:09:06,960 --> 00:09:07,380 Yeah. 145 00:09:07,380 --> 00:09:09,150 Open this code here. 146 00:09:09,480 --> 00:09:15,030 I've already explained this code, so I will not explain this almost second time here. 147 00:09:15,030 --> 00:09:22,320 So I don't want to waste our lecture times because in next lecture we have a better things to do. 148 00:09:22,740 --> 00:09:24,510 And learning things here. 149 00:09:25,140 --> 00:09:29,940 So yeah let's make it tops tabs here. 150 00:09:30,540 --> 00:09:32,040 It won't take long. 151 00:09:47,480 --> 00:09:48,110 Yeah. 152 00:09:48,200 --> 00:09:51,590 So remember we got this from our older lectures attachment section. 153 00:09:51,590 --> 00:09:56,030 But you can look at this and write but I will share this code as well. 154 00:09:57,860 --> 00:10:02,480 So let's go back to our now. 155 00:10:02,480 --> 00:10:05,420 So see this source shell code. 156 00:10:05,420 --> 00:10:08,780 So remember what our exit method did. 157 00:10:10,800 --> 00:10:12,870 Plus here a dot out. 158 00:10:12,870 --> 00:10:18,510 So with our execute method we got gained shell here with this. 159 00:10:18,930 --> 00:10:20,040 So less. 160 00:10:20,040 --> 00:10:21,780 And as you can see here less. 161 00:10:22,590 --> 00:10:25,260 Lay and that's it. 162 00:10:25,260 --> 00:10:31,050 So this is why we implemented the exit we, uh, method here because we will. 163 00:10:31,050 --> 00:10:32,910 That's why we wrote this. 164 00:10:34,020 --> 00:10:37,290 Uh, TCP uh, shell bind program. 165 00:10:37,830 --> 00:10:38,760 Uh, shell code here. 166 00:10:38,760 --> 00:10:41,730 So let's actually add the tabs here. 167 00:10:44,270 --> 00:10:47,450 And Add and I think that's it. 168 00:10:47,450 --> 00:10:48,170 Yeah. 169 00:10:48,170 --> 00:10:49,070 Perfect. 170 00:10:49,070 --> 00:10:55,100 Now what we're going to do now is we will firstly uh, call the socket syscall. 171 00:10:55,100 --> 00:10:58,010 In this case it's was 41. 172 00:10:58,160 --> 00:10:59,510 Let's actually try that. 173 00:11:01,180 --> 00:11:01,840 Exit. 174 00:11:01,840 --> 00:11:02,830 Clear. 175 00:11:03,850 --> 00:11:05,140 And it was. 176 00:11:06,890 --> 00:11:07,400 Circuit. 177 00:11:07,400 --> 00:11:07,790 Yeah. 178 00:11:07,790 --> 00:11:08,720 41. 179 00:11:10,390 --> 00:11:14,050 I think we got this here now. 180 00:11:14,050 --> 00:11:17,530 So syscall for socket. 181 00:11:19,180 --> 00:11:20,560 It's 41. 182 00:11:20,560 --> 00:11:25,330 And now what we're going to do is we have written the text section. 183 00:11:25,330 --> 00:11:28,000 Now we will start our program from here. 184 00:11:28,630 --> 00:11:31,840 And now we will call the circuit here. 185 00:11:32,170 --> 00:11:32,920 So. 186 00:11:35,850 --> 00:11:36,660 Socket. 187 00:11:37,170 --> 00:11:38,100 Socket. 188 00:11:38,130 --> 00:11:39,150 Syscall. 189 00:11:39,180 --> 00:11:42,000 And now we will again do XOR. 190 00:11:43,660 --> 00:11:47,440 Rags, rags and add. 191 00:11:49,100 --> 00:11:53,060 Rex 41 and then XOR. 192 00:11:53,540 --> 00:11:54,560 RTI. 193 00:11:54,860 --> 00:12:00,020 RTI at RTI two. 194 00:12:01,100 --> 00:12:01,790 XOR. 195 00:12:03,580 --> 00:12:04,540 RSI. 196 00:12:04,570 --> 00:12:05,590 RSI. 197 00:12:06,640 --> 00:12:12,970 And the increment RSI bond here and XOR are the x. 198 00:12:15,300 --> 00:12:18,300 RDX here and we will call the Siskel here. 199 00:12:20,860 --> 00:12:21,400 Cisco. 200 00:12:24,260 --> 00:12:26,870 And now we will explain this circuit cycle here. 201 00:12:26,870 --> 00:12:28,370 So Zorak tracks. 202 00:12:28,370 --> 00:12:35,630 So this this instruction uses the XOR operator or XOR operation to set the Rax register to zero. 203 00:12:35,630 --> 00:12:41,060 So Rax is commonly used to store the system call number, and setting it to zero often indicates that 204 00:12:41,060 --> 00:12:45,590 you are preparing to make a system call, and here add rax for to one. 205 00:12:45,590 --> 00:12:52,580 This instruction adds the value for to one to the Rax register, and this is a system call for circuit 206 00:12:52,580 --> 00:12:53,600 operations. 207 00:12:53,690 --> 00:12:59,960 Um and also we have the XOR Aadhi Aadhi here. 208 00:13:01,490 --> 00:13:05,510 And also after that we are, uh, setting here. 209 00:13:05,510 --> 00:13:07,520 As you can see, we have the two here. 210 00:13:07,520 --> 00:13:13,190 So with this, we are setting telling the assembly to telling the operating operating system to set 211 00:13:13,190 --> 00:13:17,240 RDA to AF init, which in this case IP version four. 212 00:13:17,240 --> 00:13:24,290 And with this we are clearing the RSI RSI to prepare for socket type, in this case socket stream TCP. 213 00:13:24,800 --> 00:13:27,650 And we are setting the uh. 214 00:13:29,590 --> 00:13:30,550 So we are after. 215 00:13:30,550 --> 00:13:37,150 And here we are clearing the decks to prepare for circuit protocol, in this case zero. 216 00:13:37,150 --> 00:13:39,520 And after that we are executing this circuit syscall. 217 00:13:39,520 --> 00:13:48,250 So here um the main here, the main new nuances here I want to explain is these three lines of code. 218 00:13:48,370 --> 00:13:56,260 Because here, um incrementing the value in RDI by two which sets RDI to Afinet. 219 00:13:56,260 --> 00:14:00,580 So this value represents the domain for IP version for communication. 220 00:14:00,580 --> 00:14:03,670 And here X or RSI, RSI here. 221 00:14:03,820 --> 00:14:08,500 This clears the RSI register to prepare it for the socket type argument. 222 00:14:08,500 --> 00:14:18,280 So and we also have the increment RSI this increment value in RSI by one which sets the RSI to socket 223 00:14:18,280 --> 00:14:18,790 stream. 224 00:14:18,790 --> 00:14:24,640 So this value indicates that we are working with the TCP socket which is reliable stream oriented communication 225 00:14:24,640 --> 00:14:26,290 and accelerated RDX. 226 00:14:26,290 --> 00:14:33,670 RDX, which you already know that we are clearing the RDX register to prepare it for the socket protocol 227 00:14:33,790 --> 00:14:40,960 argument, and after that we will need to save the soc FD in RDI register. 228 00:14:40,960 --> 00:14:47,980 So save SoC socket FD. 229 00:14:49,550 --> 00:14:58,190 Left in RDI register and with this we will need to do mov rdc rax. 230 00:15:00,620 --> 00:15:04,970 And here we have pushed the port number. 231 00:15:04,970 --> 00:15:14,570 So binded the calls, binding, listening, accepting the three times top exec with Cisco. 232 00:15:15,400 --> 00:15:17,830 And now I think we have done. 233 00:15:17,830 --> 00:15:20,800 Now let's assemble it to see. 234 00:15:21,900 --> 00:15:24,120 What we need now. 235 00:15:24,120 --> 00:15:39,810 An Asme FL, FL 64 bind shell now tcp bind here tcp bind dot asm object file tcp bind dot all here and 236 00:15:39,810 --> 00:15:49,740 lld tcp bind object file no bind all here and the output file is going to be TCP bind. 237 00:15:49,740 --> 00:15:53,430 And let's run it here TCP bind. 238 00:15:54,570 --> 00:15:56,490 And as you can see here we got. 239 00:15:57,660 --> 00:16:00,300 This, but no reaction here. 240 00:16:03,630 --> 00:16:05,940 Let's actually open the Wireshark now. 241 00:16:07,240 --> 00:16:08,020 Listen. 242 00:16:08,020 --> 00:16:08,440 Oops. 243 00:16:16,110 --> 00:16:20,490 But actually, instead of just opening Wireshark we can also use this netstat here. 244 00:16:20,490 --> 00:16:23,040 Let's actually close this clear. 245 00:16:24,010 --> 00:16:28,990 Open the new and run this TCP bind. 246 00:16:28,990 --> 00:16:34,840 And let's run the netstat n t n t lp. 247 00:16:36,960 --> 00:16:43,410 And as you can see here, the output of this command shows us that this code is works here. 248 00:16:43,410 --> 00:16:46,170 The program name name is TCP bind. 249 00:16:46,410 --> 00:16:48,570 And now we will. 250 00:16:49,550 --> 00:16:54,470 What are we going to do is we will need to get this bind here, the shellcode from it. 251 00:16:57,470 --> 00:17:01,610 And now let's start writing our code. 252 00:17:01,610 --> 00:17:02,210 And. 253 00:17:02,210 --> 00:17:07,010 But firstly, we will need to get the shell code from our assembly program. 254 00:17:07,010 --> 00:17:12,500 And in order to do that, we had some, uh, ready to use terminal here. 255 00:17:12,500 --> 00:17:14,960 I should find it somewhere here. 256 00:17:15,530 --> 00:17:23,240 And as I as I always do, I will share it with you in the attachment sections of this course. 257 00:17:23,240 --> 00:17:25,040 And, uh, here. 258 00:17:27,020 --> 00:17:28,550 We have this. 259 00:17:28,910 --> 00:17:30,290 Let's copy this. 260 00:17:30,290 --> 00:17:31,400 Paste. 261 00:17:32,750 --> 00:17:33,470 Yes. 262 00:17:33,710 --> 00:17:42,050 Now here we will change the hello to mom TCP bind TCP bind. 263 00:17:44,610 --> 00:17:45,360 And. 264 00:17:47,970 --> 00:17:49,830 Source shellcode. 265 00:17:49,860 --> 00:17:51,240 TCP bind here. 266 00:17:55,160 --> 00:17:56,870 S and. 267 00:17:56,870 --> 00:17:57,530 Yeah. 268 00:17:59,250 --> 00:18:01,590 That said, now let's copy this. 269 00:18:04,650 --> 00:18:07,350 Go back to our Top Point C program. 270 00:18:07,350 --> 00:18:09,240 So we don't need we will not use it anything. 271 00:18:09,240 --> 00:18:10,320 But it works here. 272 00:18:10,320 --> 00:18:13,260 So we just rotate it in both languages. 273 00:18:13,260 --> 00:18:16,080 But now we will inject our shell code here. 274 00:18:16,080 --> 00:18:16,860 So. 275 00:18:18,230 --> 00:18:19,760 Exact racial here. 276 00:18:19,760 --> 00:18:23,690 Now we will use that and change it to our this. 277 00:18:24,490 --> 00:18:25,540 And also. 278 00:18:27,570 --> 00:18:28,410 That's it. 279 00:18:28,990 --> 00:18:35,380 Now let's actually copy this and paste it in shell code. 280 00:18:36,930 --> 00:18:37,830 Yes. 281 00:18:37,830 --> 00:18:41,190 And we will name it the Real. 282 00:18:41,980 --> 00:18:43,750 Real TCP. 283 00:18:45,320 --> 00:18:45,950 Shellcode. 284 00:18:47,870 --> 00:18:52,130 Now we will need to compile this with gcc. 285 00:18:52,820 --> 00:18:54,890 Without step stack protector. 286 00:18:54,890 --> 00:19:01,430 So gcc f no stack protector. 287 00:19:02,180 --> 00:19:05,150 The exec stack. 288 00:19:05,150 --> 00:19:08,210 And this should be rename it real. 289 00:19:08,780 --> 00:19:09,800 This shellcode. 290 00:19:09,800 --> 00:19:12,320 And now let's run this. 291 00:19:13,170 --> 00:19:14,580 Now it was a dot out. 292 00:19:15,890 --> 00:19:19,430 A that out shell length is 159. 293 00:19:19,730 --> 00:19:23,300 And now let's check it with. 294 00:19:25,220 --> 00:19:32,390 So we should check it with our netstat nelp command clear netstat NLP. 295 00:19:33,380 --> 00:19:35,480 And here we go. 296 00:19:35,510 --> 00:19:39,230 The program name a dot out and local address foreign address. 297 00:19:39,230 --> 00:19:41,840 So congratulations here. 298 00:19:42,750 --> 00:19:46,170 Uh, this is your first shellcode. 299 00:19:46,170 --> 00:19:50,610 And with these actions, we validate the efficiency of our shellcode. 300 00:19:50,610 --> 00:19:56,760 And the successful execution and interaction exemplify your mastery of assembly, programming and the 301 00:19:56,760 --> 00:19:58,470 intricacies of shellcode. 302 00:19:58,470 --> 00:20:06,270 And now I'm giving you 10s to figure out what can we use that for to connect to this shell. 303 00:20:09,440 --> 00:20:17,300 We can use the NC here and now NC localhost 7117331. 304 00:20:17,300 --> 00:20:19,910 This is our port and that's it. 305 00:20:19,910 --> 00:20:20,990 So let's actually. 306 00:20:22,530 --> 00:20:23,220 Rename. 307 00:20:25,190 --> 00:20:25,880 No. 308 00:20:25,880 --> 00:20:26,420 Yeah. 309 00:20:26,990 --> 00:20:28,820 So let's actually open the new. 310 00:20:28,850 --> 00:20:31,850 No, no, I want to open the new terminal here. 311 00:20:33,490 --> 00:20:36,340 Just make it on the right side of the screen. 312 00:20:36,340 --> 00:20:38,350 And this is the left side. 313 00:20:38,680 --> 00:20:41,530 And now clear. 314 00:20:44,770 --> 00:20:48,070 Yes, netstat almost works now. 315 00:20:49,600 --> 00:20:50,350 Here. 316 00:20:52,120 --> 00:21:02,230 This is a shackle length, so we will use the NC localhost 717331 and RLS here RLS. 317 00:21:05,990 --> 00:21:06,380 Here. 318 00:21:27,070 --> 00:21:28,510 Now go to here. 319 00:21:30,900 --> 00:21:32,550 And now. 320 00:21:38,120 --> 00:21:38,720 Here. 321 00:21:40,450 --> 00:21:42,220 And say localhost. 322 00:21:51,660 --> 00:21:53,670 And a dot out. 323 00:21:53,670 --> 00:21:54,450 Run this. 324 00:21:54,450 --> 00:21:57,060 And as you can see here we got this. 325 00:21:57,420 --> 00:22:01,350 Less clear less clear. 326 00:22:08,740 --> 00:22:11,290 And now let's exit this. 327 00:22:11,290 --> 00:22:15,400 And as you can see when we exit this just exit is also here. 328 00:22:15,400 --> 00:22:17,530 So now we will clear it. 329 00:22:17,530 --> 00:22:22,480 Now firstly we will open this a dot out then NC here. 330 00:22:22,480 --> 00:22:24,430 So LZ LZ. 331 00:22:24,430 --> 00:22:28,030 And as you can see here you can execute commands. 332 00:22:28,030 --> 00:22:29,080 Let's exit. 333 00:22:29,080 --> 00:22:30,400 And that's it.