Time
5 minutes
Difficulty
Intermediate

Video Transcription

00:05
hello and welcome to another episode of breaking stuff with Robert. Today we're going to be talking about D B D, which is a portable net cat clone that offers some pretty good encryption that can run on both units and Windows based systems. So let's jump right in
00:23
the objectives of this particular lesson or to give you a high level overview of DVD and some of its use cases that will fill out here in a demo. Our target audience is for this tool are going to be network administrators, maybe looking to securely transfer files exploitation analysts that were looking to mimic system persistence, activities
00:41
and, of course, penetration testers looking to maintain access during systems
00:45
while conducting a penetration test.
00:48
Now, some pre requisites for the tools used but not required is a fundamental knowledge of the Cali command line utilization and fundamental knowledge of persistence mechanisms. So with those things in mind, let's go ahead and jump into our demo.
01:04
All right, everybody, welcome to our demo environment. So today you may notice that I have a Windows Command prompt up over here, and that is because this tool in the tools category for Callie is like for maintaining access now,
01:19
as we said, you could do some other things with it. It's indicated that she can be used to securely transfer files.
01:26
It does, you know, handle encryption. Is it said it's Thea Portable Neck Cat Clone. And it's got some, you know, decent encryption than it could do between two end points for our purposes. Today. We're doing it from the standpoint of maintaining access to the system. So let's go ahead and jump right into this real quick. So we're going to imagine that this is my attacking machine.
01:46
Eso We'll put DVD
01:47
d b d in here, and we're going to listen
01:52
off Port 80 80
01:53
in other boats mode. So we're now actively listening for that connection.
02:00
So I know that my i p for my Lennox boxes written here on the paper. So I've got 1 91 681251 38 So, since I'm in the binaries folder were just imagining here that I have managed to get these binaries into a directory on the system that I'm attacking on DDE
02:17
just for demonstration here will do D B d.
02:22
Um, we're going to want this to restart every 10 seconds. But maybe you do it much longer. Let's just say 1000 seconds 2400 seconds and we're going to run. This is a process, or Damon, we're gonna turn that on. Its gonna be verbose. And we wanted to execute a command prompt for us
02:40
and the machine that this should be calling back to is 1 to 5138 on Port 80 80.
02:47
Bam. So as you can see, there were now
02:53
running his old Ro Bear desktop, and I've got my connection back.
02:58
Now, let's just say for the sake of discussion
03:00
that, uh, you know, you've gone ahead and created some kind of start up task. It's got a batch file that it runs this on.
03:09
But for some reason, you know, this gets closed out of what have you
03:15
and, uh
03:16
or we exit out? We say, you know, we need to go somewhere and do something like that. So it's running in the background. You come back from lunch or whatever the case may be, you start listening again,
03:28
and within 10 seconds
03:30
we've got that connection again. So something to note here and a virus ate this thing like it was nobody's business. And I did have to make some firewall changes before it connected out on my end. So kudos to me for being safe in that respect, but those are just things that you'll have to remember when you're working through on engagement. So
03:50
the way that I get this to stop doing what it's doing, you know, if we don't have a scheduled task, is I have to actually go into
03:57
my task manager.
03:59
And so we'll just show you for the demo here.
04:04
I know you're hiding in here.
04:08
There is. So we see DVD right there. So if I go ahead and exit out of here,
04:13
I start listening again. Just just a shade here. That it will reconnect because that's running
04:20
would get a connection here.
04:23
Okay, now check this out.
04:29
We're dead at that point because we found that particular task or process, and we stopped it.
04:33
So now when we start listening again, we can't reconnect. But
04:38
if you've got some kind of start up task in place, that's running this with maybe a bad file and you've gotten the binaries in a directory that's you know, somewhat isolated, and you may have to do some manipulation of the original files so that Anna virus doesn't eat it. So there's some experimentation on that do some testing.
04:54
But this is definitely a great way to establish and maintain access in an environment for testing purposes.
05:00
And so, with that in mind, let's go ahead and jump back over to our slides.
05:06
So I hope you enjoyed that demo of DVD. We again provided you with a high level overview. Should you? How you could use DVD to get a little bit of persistence going with some additional steps in an environment. And so with that in mind, I hope you enjoyed this today, and I thank you for your time and look forward to seeing you again soon.

How to Use Durandal's Backdoor (BSWR)

DBD is a portable Netcat-clone that offers strong encryption with AES-CBC-128 + HMAC-SHA1 and can run on UNIX/Linux and Windows 32 bit platforms. Like Netcat, it is a networking utility which reads and writes data across network connections, using the TCP/IP protocol communication only.

Instructed By

Instructor Profile Image
Robert Smith
Director of Security Services at Corsica
Instructor