Hello, dear viewers. Welcome to persistence, continued access the post exploitation hacking course.
This video is going to be another Windows persistence and backdoor in course.
In this one, we're going to be discussing writing batch strips at the council and scheduling tasks.
So is to create back doors at
prearranged times. First thing that I want to discuss is match scripts. Bad scripts look like this.
Some name that that it's really
please. What I heard. Anything, not bat is a bad script. A bad script is nothing but commands that we would normally type
But instead it's all in a single file
Now. There used to be a really handy Windows command called Edit. There was a command line editor. It still exists on everything up to Window seven and Window 7 32 bit.
However, if your own window 7 64 minute, it's not there.
When Microsoft, in their infinite wisdom, decided you didn't beat that,
we're left with kind of a pickle. We don't really know how to write toe a file from the command line.
However, there is one
sub optimal, and it's no one's favorite, but it does work,
and it's by using the copy command. So what we're gonna do is going to copy Con con is a user variable or an environment variable. That's map to counsel
council. Of course, being the thing that we're using right now,
waiting for council entry.
So now we're gonna type C and tat.
tech L k P one is revived
Now that line is ready to be copied. Now notice you can't go back back space, does you? No. Good.
Which is why you gotta be careful editing.
you can still back space in the land itself, but as soon as you hit enter, that is put on the buffer to be written to the file.
Now, the way you close this is my head in control Z and then on Mike machine because controls he isn't a proper interrupt. Sometimes
you hit enter and it says one file copied. Now, if you do endure,
if you do it here There we go. You see? Run scripts, not bat exists, right here
pretty small. And you can check it at any time to make sure that it is what we want
by doing the reverse of what we just did and doing a copy run script
Now, if we do this, if we just execute run script not bad.
It prints that out, and then it starts a command line. It starts. Ah, n cat with access to the command line.
So we say. Okay, cool. That's a thing We're gonna end cat
and written. Awesome.
That's not super quiet. It prints out what it's actually doing.
turning the bats job and we come up with something a little bit different, but it's actually pretty easy to do this
Gonna do. Copy, Run, script dot Bat con.
I'm sorry. We're in a new copy con Run, script out, Matt. Going completely over at this file, basically.
So it's actually not a bad idea to delete it. First
run. Script that bat,
though. All right, now we're going to copy con run scripts.
Now, First we're gonna do is an at echo off.
And that says don't repeat anything. I'm about to tell you just do what you're told and don't print anything to the screen unless something else is to do. So
Don't repeat my commands. Basically. Then we're gonna do see and cat, not XY.
and you will get very, very, very, very, very, very used to running a plant or really, all of these commands.
Obviously, there are actually, you know, better commands in there. Well, I shouldn't say better. There are other tools you'll probably get familiar with as you get more and more into this. But these beginner tools that we've gone over in these videos are gonna be the ones that you're really gonna want to get familiar with.
And they're the ones that you're going to be very familiar with before too long. So
And then we could do in echo on at the end if we want. But that's not really necessary.
So let's see the difference in running this one from running last one. So run script, a bat
still does everything we want
what good does that do us or to be a little bit more straightforward.
What good does that do is going
on forever. We can create match scripts and we can give it special names. But what we want to do that? Why? You know why they would just spend five minutes learning how to write a bad script with this, innit?
The simple answer is because if we have a bad script,
where do you copy Con
We'll be open with Adecco off
techie cmd, Dottie xy
And then whatever it finishes running that,
Well, actually and this is important because
I mentioned a moment ago
careful when you hit that enter key because that's not what I wanted. I shall put in that sea and cat.
We're gonna do this without K. So it's not going to be persistent is not going to keep the socket open
so we can connect to it. It will terminate the command. When we terminate the connection, it will end that command.
And then it could do other stuff.
For example, one of the things that can do
is delete itself. Now, why would we want to do that? Well,
there's the obvious reason,
which is that we can hide it. We can take this off the disc.
So you see, we've got this going now
well, test. Not bad. It's still there, but we can actually take it out. And ah, we can write the batch jobs so that it ends and I could
I'll go in and edit my code so that
any code samples actually work into this. But we can go in and do things that are, like, delete this file when you're done executing whatever it is you're executing, or we can even go in there and,
you know, do the opposite direction. If we wanted to
try and delete it before
I'm going to go ahead and delete test out bad. Make sure we don't have any other files happening. Cool.
So, you know, for a fact test that bad has gone now,
so it can't be contest up bad.
All right, so let's see if it works this time. No guaranteeing that it will. This kind of ah,
and experience of testing and kind of guessing and checking as we go a little bit with scripting things like this. And it's kind of important that you go through the process
of, you know, having error, testing air, figuring out what's going on with it.
So we try, you know, test out back.
Can I bite our local host? We get that
and we don't want to terminate the batch job.
Why can't we terminate the batch job?
It deleted itself. Hey, look at that. It did its job
run script. Not bad, still there. But I was a different thing.
that's handy. Because now, if we only wanted the back door to be open for a moment or if we wanted to change without or anything like that, we see that we can put controls into the match scripts that will actually clear up our tracks after us. We're not actually in the clearing track section yet, but when we get there, you're gonna want scripts like that, things you can just drop on the target, just go to town.
This is very handy. Um,
in later cases, or, for example, I'll show you how
I will write up a batch script when I'll show you this in the final portion of this, where we actually go through and I just run my own
basic post exploit Siri's of steps. But I'll show you how with a single bath script, I collect all of the information that I want on a sheet,
and then I can start back during or even in some cases, I'll actually put the backdoor mechanism if I know what it is that I want Youse. I put that into play,
and so instead of running all of these different commands and taking all this time, do it.
I just activate one bad script. It takes into play, and
all of a sudden I got all the data.
So that's the bad scripts, and that's the important of that. Scripts, a CZ. Well, as the as you may have noticed
ease with which about script to be screwed up