1 hour 41 minutes
Hey, guys, Welcome back to the cyber quilting course on celebrity. This is Abderaman name on today's episode we cover organization.
So organization is the second step of the cyber canteen. And in this step, we depend a lot on reconnaissance. And this is why I was saying, spend as much time as you can doing reconnaissance because you, Constance, will give you the base that you're going to build the rest of the attack on. So if I go to organization
without doing proper reconnaissance, I won't be able to build
a weapon or a payload that would work
on the target machine because I'm guessing what the target machine is.
So from now on, our assumptions are
where the target machine is. Windows.
We're going to use local host. From now on, we're going. All of the attacks are going to happen within my virtual environment. So we're not going to communicate with anything on the Internet.
So organization is a fairly passive step. This stuff happens on my side or the attacker side. Only we're not going to communicate with the victim.
What we're trying to do here, as I said, is built a payload that we're going to use later on or deliver, and they following step to the victim
to be able to install it and then have control over the victim site. There are two tools that we're going to talk about today. Mitt Exploit and Unicorn
with Exploit comes built in in Cali, Lennix. It's an extremely popular tool. There's a lot of documentation out there. I'm going to leave a couple of links in The resource is page that I highly recommend going to, because
if you're looking to go into pen testing MIT exploit is the tool you want to learn.
The other tool is unicorn. It's a tool that I stumbled upon a few weeks ago. It's a python tool, and it's extremely good in evading protection tools,
so let's jump right into it.
So what we're going to run today is the first thing that we're gonna learn today is Emma's venom, which is, and I don too.
and our payload is going to be reversed. The city
on Diversity CP is is very popular
or uses the
state fullness of a fire old to bypass the control. So
I fired a little block any communication coming from the outside
to the inside. However, F a communication innocent firewall is triggered from behind the fire world, the return packet will be automatically allowed.
So our looking host,
as I said before, we're going to use local host here.
So it's going to be my local I p me
find it here. And that's my local I p. That's happy that I'm going to use from now on
and wouldst you were going to use port four for four
on that, you can pick whatever support you want. A lot of people tend to use the defaults,
five and then
we're going to generate a execute people
and we're going to put it and
desktop gonna call payload that taxi.
clears the payload.
You might notice that the halo does that sexy, which is kind of difficult
to send over,
uh, email or
get it to the victim.
And that's correct. Because ah, lot of anti viruses and a lot of email exchange servers will block any E x e to be sent.
And for that we're going to use the other tool that I'm gonna show you a unicorn.
But before we get into unicorns were going to go to
show you the outfit off
did the payload off metal spike.
So there you go. That's the payload that t x c. Obviously, I cannot learn it here because running a Lennox machine
protection tool easily detect
a doctor x e file.
So let's move to unicorn on a said that seed. It's a python
and ah, it's a fairly easy part on Tool.
So we're going to run this exact same
commander we round before out of the exact same payload that we did before the reverse TCP reverse.
Ah TCP. But this time it's going to be university TPS
the same I p
21 on Let's use because its diversity TPS we're going to use for 43
So now while it's ah, generating, the payload is going to generate two files. The 1st 1 is
the text file, which will be delivered in the next face to the victim. The other one is the RC file you can see here
and that's going to configure MSF counselor Meter sport to be able to execute and create the listener. So let's less here.
the power cell, that text.
that our sea.
Okay, so we have a number of true or false questions for our post assessment
So the 1st 1 is weaponization. Days
is independent from the Constance and can be done and pedal with it
on. The answer here is off.
As I said,
reconnaissance is the most or the most important step. You cannot go to organization. You won't create a correct weapon if you bypassed reconnaissance.
So the second question is and weaponization face. The attacker is actively trying to access the victim or the victim's note.
Again, that's incorrect. False, because
organization is a fairly passive
phase and we're not going to communicate with the victim during the organization face.
Finally, a myth exploit will produce a text file and RC file.
And that's also incorrect. As I said, Mr Sport, or, as you saw Mr Sport, created inexcusable
that we are supposed to get somehow
to the other side. Obviously, this can be done.
If they have unopened FTP port that has access to a Windows server,
you might be able to get it there. However, any
anti virus or any anti malware tool or I P s or ideas in the way would actually detect that executed all fire on most probably block it. In most cases, however, and
unicorn, we created a *** fire that we are going to use to send to the victim on a data see fire that we're going to use to execute and create
And today's episode we cover the weaponization phase on. We went through a couple of examples and Mitt exploit on dhe unicorn and the next episode we will cover delivery.
See you then.