Hello, everyone. Welcome to the latest installment
of the medicine like class will be doing everything you're seeing here on Cyber Eri
this module four minutes point. We're going to be discussing clients side attacks. In this case, we're going to be
trying to get a reverse shell on a limb ICS system and then we'll do another demonstration for a window system
in particular. What I'm gonna do is show how you can take a regular limits package.
In this case, we're gonna be using the ex bomb game, which is a cover mine sweeper Mind Sweeper clone. It's a free game. You can play analytics systems
and we're going to change some of these scripts and files that are included with the package to install our medicine ploy payload,
which will be the reverse TCP shell.
It's pretty neat idea, because once the victim
installs this software on their machine, they have to do this as route by the way.
Then we'll be able to get a root shell back to the attacker system, which is very powerful because now
if I've gotta root shell on the victim's system, I can make any changes to the system that I want. I can install software. I can remove software.
I can make configuration changes. I can try to install the back door
to return, but to the system at a later time.
So that's obviously something that's worth exploring.
All right, so first things first,
go ahead and open a command show
and let's see what my I P addresses. Okay? I did
already pre download the X bomb
and since I've done that, I've switched my virtual machines back to host on Lee mode,
which is definitely the best safest thing to do when you're using vulnerable machines. You don't wanna expose those to your network, so it's safer to keep everything within your same host.
And you can do this by
going to your settings
and looking at your network adapter. The other options are bridged when you wanna have an address with everything else with your host, for instance, on the same network, Manning will also allow you to get to the same network using sharing the hosts I p address
London at mode, allowing to get to the Internet,
whereas host only does not.
So I'm gonna stay within my host for the remainder of this demonstration.
I also need to get the I P address from my victim machine. In this case, it's ah, Debbie and eight. So I've set up another virtual machine for this purpose,
and I could see that one is 1 28
So I've got 26 1 28 and 26 1 29
I'll show you where I got the ex bomb package here real quick.
I really bookmark this.
Not It's on the packages dot debian dot or ge
website slash risi slash I 3 86 lash out bomb download.
I'm I know that my Debbie in
victim machine is a intel architecture.
You might want to download the AMG architecture of this package as well
of to have that as another option
in case your victim machine is running on the other virtual hardware architecture.
Okay, so that package gets, uh,
saved in my downloads directory,
as you would imagine. And there it is.
Ex bomb to dutch too, eh?
when the first things I need to do is get the package into my temporary work directory,
I'm going to make a directory here that was gonna call this back door since
that's kind of what I'm doing. I'm I'm getting a reverse shell
to the victim's system.
And what I want to do now is
I also need a couple of files.
One of these files and I'm copy.
I'll actually just do a
when the father called Control. And this is gonna be part of the package Will move this into place
The control file just contains some information about the package. It's got the name, the version number,
which section it belongs to, and some other parameters. Like the architecture who maintains it and a description.
And so I've just created this,
actually took this from the real control file, but I changed description made a little bit shorter. As I said, it's a free mind sweeper game. This file is used during the package installation process, so the system can see some parameters
that are needed to categorize this this software correctly
and we also have a post installation script.
And what this does is just runs a few commands and simple, huh?
so far that we have here and what I'm doing is changing the permissions on the scores file
and in a couple of different locations,
and that I'm trying to suit you to run the actual game itself.
We'll see where this figures in a little bit later,
but these these two files are needed in order to
install or bundle in rather the payload with the package and then to get it to install when the user tries to run the installation script for the for the package itself.