00:04
Hello, Team Pompilio here for the mess, polite cyber class
00:10
and this section We're going to be looking at a way to create a reverse connection on a little window system. We ready? Did analytic system
00:26
we're just gonna be sending a simple, executed all file to the victim.
00:31
Obviously, you could bundle this this file this payload with the reverse connection to some other kind of ah program. Like like a game
00:41
you know, basically created Trojan by wrapping a trusted program around this malicious payload.
00:46
The purposes of our demonstration. We're just going to create the payload and show that it works.
00:52
All right, so first of all,
00:57
we need Thio be honor Callie system,
01:00
and we're gonna do is run
01:03
some of the medicine Lloyd tools from the command lines that going into the council
01:07
and this is a a nice evolution to make for the medicinally practitioner because you're going to want to work more efficiently and perhaps script some of these things.
01:19
So you have to start thinking ahead
01:21
as to how you're capturing what work you're doing for ah, possible reuse
01:27
All right. So we're gonna run the MSF Benham Command
01:34
to create a payload,
01:37
and we come of this in the linen tutorials. Well, we're gonna use it again.
01:42
Now, I've already saved my command in my career in history.
01:49
That waiter have to type of Ellen again.
01:52
But I hear it. It's so
01:53
we start off with Ah, platform. I'm sorry. The payload. When doesn't interpret reverse TCP
02:00
notice? I'm not specifying the platform of the architecture. And in many cases,
02:06
uh, program will figure out what you want and we'll make some assumptions. And if you don't like the assumption, then you have to adjust it.
02:13
I'm gonna exclude known characters. So dash B for bad bites or bad characters Specify local host. That's by the port.
02:23
And nothing to start thinking about is the encoder that you use and how many generations you want to go through to try to evade anti virus.
02:31
Absolutely beyond the scope of what we're working that right here. But I just included five generations
02:38
of the default encoder which will probably be shikata Good night.
02:43
Notice miss Specifying a file format. E x e.
02:46
This is so the binary will run on eight Windows seven system Children, Plenty of other windows systems as well.
02:53
And then I just give it the output.
02:55
But I want to call the
02:58
file. Maybe I shouldn't call it something so obvious. Let's call
03:04
something a little bit more
03:14
All right, Secret photos on T X. C.
03:16
So think about, you know, social engineering ideas.
03:21
All right, we see that
03:23
I didn't specify a platform or or an architecture, but it figured it out from the payload.
03:32
she got a gun. Eyes I mentioned, and we see that are
03:38
our payload has been created.
03:53
it's good to be organized. Give all your files in one place, if you if possible.
03:59
All right. So now I've got the, uh, the payload created. So my next task is to create a listener.
04:08
And the next thing about doing these reverse
04:10
connections, either through linens or windows, is
04:13
the fact that you should be able to evade certain firewalls. All you have to do is you support that's allowed to the firewall, like, 80 or 443
04:24
I'm just using 4444 on a force of habit because that support that's not commonly used. It's frequently a default port for a lot of medicine. Boy,
04:34
You're, um, exploits. I should sit.
04:36
Okay. So now what I have to do is set up the handler.
04:41
And again, I've already typed this in. Someone's gonna bring it up for my command history.
04:50
I'm putting in quiet mode again. And the dash access, actually cute, whatever. I put between the double quotes as a series of commands.
04:57
So I tell it, uh, to use the multi handler, which is the most versatile one
05:01
for these types of connections.
05:03
I get the same payload that I put into the
05:09
the exploit that I'm going to send to the victim.
05:11
And then the usual things air here in my local host, my will comport again. Poured 4444 Make sure this all matches
05:16
the payload that you created. Otherwise the connection will work.
05:19
And then there's a run command,
05:21
which is basically the same thing as saying exploit.
05:27
a shortcut for the for exploit. They do the same thing,
05:33
So let's go ahead and run this to create de listener
05:43
takes a few moments. Okay, there we go.
05:45
Let's see. So I'm I am actually running
05:55
I'm gonna use a thumb drive to get the file to the victim.
06:10
So let's see if you want to go to directory
06:16
when rivers show and there's my secret photos.
06:31
this is a convenient way to move things between V EMS. If you don't want enable other security features like copy and paste
06:39
just a little bit extra work to do the connect and disconnect.
06:49
All right. That's no look at it on our window system.