2 hours 25 minutes
in the last video I showed you everything you'll need in order to participate in the lab
in the next few videos will be building are attacking its and Windows 10 machine using an everyday flash drive.
This Tak will have a text file that trick the victim and going to the down the link on the flash drive and downloading the harmless batch file.
Okay, so let's get started and writing our batch file. So in this attack, what we're gonna do is we're going to make a Google Dr Link to this patch file, so it's not going to actually be on the flash drive.
What we are gonna have is a link to it, and we'll put in another,
text file that basically says it's social engineer, someone to actually download that that, uh, that file from the link and run it.
So first, let's let's just start by by actually making the match file, then we'll upload it to Google drive.
So I got my flash drive here and you could you could make this anywhere. Since we're gonna blow that, I'm just gonna make it here, So let's go ahead. Open no pet plus plus,
and this is going to be very similar. Thio the previous lab
be slightly different. So first, let's do the at Echo Command again. Echo basically echoes anything you type after it. So we're gonna say,
Look at I
credit card info and I'm saying this because we're gonna have a five. This is gonna be a file that says credit card information. So the person opening this will think, Hey, there's someone's credit card information.
So now we're gonna say, now you will pay.
All right, so let's do a new line again. We want to do that echo off. So by default back, it was off.
And so now we'll do the timeout Command again. The time out, Come in,
stops the bad file so the victim can see what's going on. Otherwise it'll just run through and not really show the victim what's going on? So we'll do time out, and this will stop it. Basically, posit will do it for,
uh, stupid two seconds and then we'll do this. Command No break and again that no break makes it so they can escape out of the command window unless they press control, See?
And they will see that it will ask them or tell them if you want to break out, press control C And to hide that from them with you
greater than no. And that'll just hide that completely. So all they'll see is this this first line so far?
Okay, so now it's two.
Something similar. We did the last one
Echo Virus activated.
Hacking in progress.
And again, we'll do the time outcome and
timeout slash teal for two seconds.
No break again. So they don't see that they can escape out of it. And the knoll?
I'm sorry. The no break ins. So they have to press control seat escape in the Noles so they don't see it.
Okay? And okay. And I want to do the echo.
to new line
on. Okay, looking,
let's say looking for, uh, say financial.
to steal. Let's get more
specific what we're looking for again, we got to be polite, So we'll say Please wait.
Then we'll need on their time out
so they can see what's going on on.
Uh, let's let's do three seconds.
No break has to be together. No, brakes so they can't break out of unless they best control see
greater than old. They don't see they have that option.
Now we're going to change the directory again. We'll choose the C drive just because again that majority of wonders machines will have the C drive and just keep this more simple.
Then we'll do our directory command So little. Show the folders
and do another time out just so they could see what's going on. Let's do it for five seconds.
way. Need our goal.
Okay, so now let's let's clear the screen. Just tow. Give more space for the other echo commands
we'll do another echo and we'll say Sensitive
Fine and short
and they're happy about it. Slave Exclamation point again. We'll do another time out.
let's do this. Let's do too. I don't want a last Make it last too long.
Type to another. No break.
I can't see it.
Okay, And let's say we're exporting files. Exporting
pile to hackers.
Can this be polite? Say please wait
another time out.
He is two for two. Another no break
on Greater didn't also they can't see it
all right. And let's say
now let's say that it was a success. So
and then we'll say something like
Stolen the information. They're going on a spending spree
and another time out.
Oh, they don't.
Can I see what's going on?
let's be polite. Will say thank you.
Then we'll do one last time out.
Make it wait there for about 20 seconds. But the mold out over
on one last man is exits. Exits the match mine. Okay, so let's see, It's make sure we didn't make any mistakes here.
That looks good.
Yeah, that looks good,
case. Now we're gonna go ahead and save this.
Well, save it as
let's go back to that.
Here we go.
So let's save this as, um
let's say, credit card.
And so with no money card there
and this is a
batch files, we're gonna do a dot bat.
Well, go ahead and say that their last drive for now and again when a you save as a bad file note pad plus person was that shows you the commands in blue.
So it looks like we're good there, So I'm gonna go ahead
and let's let's just test this. So we know it works.
No, I think in order to do that would have to switch screens so you can see what's going on.
So I think we're good there.
let's go ahead and run this.
Oh, hacking a progress. Looking for financial information?
I was looking through my files. Oh,
since the files found that's not good,
I don't know
at least their plates and now we know that it works.