1
00:00:00,710 --> 00:00:07,430
Let's continue with our interpretor comments, so we only covered navigating to filesystem and some

2
00:00:07,430 --> 00:00:12,860
essential comments between switching sessions inside of an interpreter, but we didn't really touch

3
00:00:12,860 --> 00:00:19,440
on those interesting comments, such as running Kielinger or snapping a screenshot or recording microphone.

4
00:00:20,210 --> 00:00:25,640
But before we get to them, there is one portion of the comments that we must go through first.

5
00:00:25,640 --> 00:00:28,090
And those are system comments.

6
00:00:28,880 --> 00:00:32,620
Let us run the help menu to check them out.

7
00:00:33,170 --> 00:00:41,030
So if we scroll all the way up right after the networking comments, we should see the system comments

8
00:00:41,840 --> 00:00:42,710
and hear.

9
00:00:42,710 --> 00:00:45,360
There are a few interesting ones, for example.

10
00:00:45,650 --> 00:00:49,470
Let's start with this execute command right here.

11
00:00:49,940 --> 00:00:55,750
So this command allows us to execute any type of the command it would use inside of a shell.

12
00:00:56,060 --> 00:00:58,640
It will most likely run this on a separate thread.

13
00:00:58,820 --> 00:01:02,390
So we will be able to execute different commands simultaneously.

14
00:01:03,080 --> 00:01:04,220
Let me show you what I mean.

15
00:01:04,430 --> 00:01:09,740
So, for example, let's say that I want to start our calculator on the target machine.

16
00:01:09,770 --> 00:01:11,600
I can type execute Calc.

17
00:01:12,200 --> 00:01:15,890
And here it will tell me that I need to specify the dash F option.

18
00:01:17,340 --> 00:01:24,060
Process nine thousand ninety six is created, and right here I got my calculator opened.

19
00:01:25,150 --> 00:01:31,000
Now, if I wanted to terminate this process or any other process inside of the system commands, we

20
00:01:31,000 --> 00:01:34,900
also get this comment that says terminate a process.

21
00:01:35,560 --> 00:01:39,010
But for this command, we need to know the process.

22
00:01:40,150 --> 00:01:44,520
So here we got the process ID as soon as we started this process.

23
00:01:44,530 --> 00:01:47,520
But let's say we wanted to terminate a different process.

24
00:01:47,800 --> 00:01:49,510
How would we get its process?

25
00:01:50,530 --> 00:01:56,230
Well, remember, we can type the command post to list out all of the files that are currently running

26
00:01:56,230 --> 00:01:57,300
on the target system.

27
00:01:57,610 --> 00:02:03,160
And this left column right here is the process ID if I scroll all the way up.

28
00:02:04,170 --> 00:02:13,080
Here we can see or process it and I can scroll all the way down and at the end somewhere around here,

29
00:02:13,080 --> 00:02:15,480
we should see our calculator being open.

30
00:02:16,140 --> 00:02:17,500
Let's go and search it.

31
00:02:17,520 --> 00:02:20,250
So search for the calculator application.

32
00:02:20,910 --> 00:02:26,400
And if I scroll a little bit up, we should be able to find it somewhere around here.

33
00:02:26,970 --> 00:02:34,440
And here it is calculator data so we can see the process is eight four, one, two.

34
00:02:35,350 --> 00:02:43,170
Let's try to kill this process and see whether our calculator closes, so if I go and copy this process,

35
00:02:43,180 --> 00:02:45,370
I'd eight for one to.

36
00:02:46,600 --> 00:02:50,860
And down here, I type kill and then paste the process said.

37
00:02:52,400 --> 00:02:58,700
Here we can see the calculator is now gone so we can start different programs and terminate different

38
00:02:58,700 --> 00:03:01,580
programs if we want to, using an interpreter SHELP.

39
00:03:02,630 --> 00:03:09,320
A few more interesting comments from the system, comments would be probably this reboot comment that

40
00:03:09,330 --> 00:03:10,870
reboots the remote computer.

41
00:03:10,910 --> 00:03:16,430
Now, I'm not going to test this because I'm running my show on the main Windows operating system.

42
00:03:16,430 --> 00:03:23,760
So rebooting that machine would be no good since I'm also recording on it besides rebooting.

43
00:03:23,780 --> 00:03:29,090
We can also shut down the target machine just by specifying the command shut down and you can test both

44
00:03:29,090 --> 00:03:31,490
of these commands on a virtual machine.

45
00:03:31,940 --> 00:03:37,250
And at the end we also get the system information so gets information about the remote systems such

46
00:03:37,250 --> 00:03:37,970
as OS.

47
00:03:38,180 --> 00:03:42,790
And that is always useful to know some of the additional information about the target machine.

48
00:03:43,220 --> 00:03:48,710
Here we can see the computer, the OS, the architecture, the system, language and other options as

49
00:03:48,710 --> 00:03:48,980
well.

50
00:03:49,490 --> 00:03:54,740
But I said that we are going to cover some of the interesting comments right here in this video and

51
00:03:54,740 --> 00:03:56,210
let's get straight into them.

52
00:03:56,390 --> 00:04:04,760
So after the system comments, we get these user interface comments and here we can control mouse keyboard

53
00:04:04,880 --> 00:04:10,070
record microphones, run screenshots and bunch of other cool options that we're going to cover right

54
00:04:10,070 --> 00:04:10,360
now.

55
00:04:10,790 --> 00:04:14,120
So let's start, for example, with this mouse option.

56
00:04:14,720 --> 00:04:16,370
Send mouse events.

57
00:04:17,150 --> 00:04:18,620
Let's see how that would work.

58
00:04:18,860 --> 00:04:24,470
If I just type mouse inside of the interpreter, it gives us a small usage for this comment.

59
00:04:24,830 --> 00:04:28,910
So mouse and then the action we can type click up, down, right.

60
00:04:28,910 --> 00:04:32,930
Click right up, right down, double click and so on and so on.

61
00:04:33,260 --> 00:04:35,450
We can also move the mouse if we want to.

62
00:04:35,600 --> 00:04:37,690
So let's try this comment.

63
00:04:37,730 --> 00:04:41,960
If I copy mouse move and then paste right here.

64
00:04:42,770 --> 00:04:46,160
Let us put the mouse right here and if I press enter.

65
00:04:47,410 --> 00:04:49,600
Here, the mouse moved on its own.

66
00:04:50,410 --> 00:04:51,540
Let's do it once again.

67
00:04:52,910 --> 00:04:58,850
Did you see it, it moves on its own so we can control the mouse on the target machine now, even though

68
00:04:58,850 --> 00:05:00,940
this is called, it is not really that useful.

69
00:05:01,160 --> 00:05:06,230
However, there are other commands we would find a lot more useful than this, such as, for example,

70
00:05:06,410 --> 00:05:07,840
running a key logger.

71
00:05:08,240 --> 00:05:10,730
Let's see how we can run a simple logger.

72
00:05:11,720 --> 00:05:19,010
So if I scroll all the way up here, we get the comments, kids can start, kids can stop and kids can

73
00:05:19,220 --> 00:05:19,640
dump.

74
00:05:20,400 --> 00:05:20,660
Hmm.

75
00:05:21,440 --> 00:05:23,870
Let's give them a try, if I could.

76
00:05:23,990 --> 00:05:26,810
This comment that says start capturing keystrokes.

77
00:05:29,690 --> 00:05:35,040
And put it inside of my mother there, it says, Starting the keystroke sniffer.

78
00:05:35,670 --> 00:05:38,610
Now, let's go to this page and this is a people page.

79
00:05:38,610 --> 00:05:41,190
And now just going to type something random right here.

80
00:05:41,520 --> 00:05:49,480
So let's say example at Gmail, dot com and password will be test one, two, three, four.

81
00:05:49,500 --> 00:05:55,620
If I click on login, of course, this account does not exist, but let's go right here and see whether

82
00:05:55,620 --> 00:06:01,770
our material shall manage to capture it to print out the keystrokes that were captured.

83
00:06:01,770 --> 00:06:10,160
We can type, can underscore, dump, press, enter and here at this example shift at Gmail dot com.

84
00:06:10,680 --> 00:06:12,630
And here is the password test.

85
00:06:12,780 --> 00:06:13,830
One, two, three, four.

86
00:06:14,820 --> 00:06:22,890
To stop Hochelaga, we can type can underscore, stop, and this will stop capturing keystrokes.

87
00:06:23,280 --> 00:06:29,370
So this is really useful if you want to capture the messages that they're sending online or basically

88
00:06:29,370 --> 00:06:35,190
whatever they type on their keyboard, you can capture it by typing keys, can underscore start and

89
00:06:35,190 --> 00:06:40,530
then you can type keys, can underscore dump to dump all of the keystrokes that they captured in that

90
00:06:40,530 --> 00:06:41,800
specific time lapse.

91
00:06:42,420 --> 00:06:42,870
Great.

92
00:06:43,110 --> 00:06:45,200
Let's check out more options as well.

93
00:06:45,840 --> 00:06:51,120
So another interesting one is the one that we already covered, which is the screenshot option, as

94
00:06:51,120 --> 00:06:51,510
it says.

95
00:06:51,510 --> 00:06:56,490
Grab a screenshot of the interactive desktop if we run it real quick.

96
00:06:58,180 --> 00:07:03,820
This will save a screenshot inside of this slash home slash Mr. Hacker directory, and we can visited

97
00:07:03,820 --> 00:07:06,030
by clicking on this open folder.

98
00:07:06,640 --> 00:07:07,890
And here is the screenshot.

99
00:07:08,410 --> 00:07:13,780
So it is a screenshot of our Callinan's machine, because Michael in this machine is running on this

100
00:07:13,780 --> 00:07:14,740
Windows machine.

101
00:07:15,660 --> 00:07:23,100
But what if I wanted to, for example, see what the target is doing or simply just record the screen

102
00:07:23,490 --> 00:07:24,670
at the live time?

103
00:07:25,230 --> 00:07:31,920
Well, there is a command called Screen Share, and it says watch the remote user's desktop in real

104
00:07:31,920 --> 00:07:32,280
time.

105
00:07:32,640 --> 00:07:33,930
We can type it right here.

106
00:07:34,290 --> 00:07:35,070
Screen share.

107
00:07:36,840 --> 00:07:41,220
And this will start streaming the target's desktop to our Linux machine.

108
00:07:43,630 --> 00:07:50,320
Here it is now, this command knows to be a little bit buggy as it does require some of the power in

109
00:07:50,320 --> 00:07:50,980
order to run.

110
00:07:51,160 --> 00:07:57,220
As we can see right here, it can be buggy sometimes, but nonetheless, we can see the target's desktop.

111
00:07:57,970 --> 00:07:59,740
Let us close this real quick.

112
00:07:59,740 --> 00:08:05,830
And another command that they wanted to show you that is really cool is recording the target's desktop.

113
00:08:06,370 --> 00:08:10,360
How we can do that if I type the help command, go up here.

114
00:08:11,710 --> 00:08:18,740
Here we can see these commands right here, record mike, record audio from the microphone for X seconds.

115
00:08:18,970 --> 00:08:25,450
We can also stream the webcam and take a snapshot from the specified webcam using these commands right

116
00:08:25,450 --> 00:08:25,740
here.

117
00:08:26,230 --> 00:08:30,310
But since my Windows 10 machine doesn't have a webcam, I'm not going to be running this.

118
00:08:30,330 --> 00:08:34,990
Of course, you can test these comments out if you got the webcam and see if they work for now.

119
00:08:35,170 --> 00:08:39,400
I'm going to record a microphone on our Windows 10 target machine.

120
00:08:40,270 --> 00:08:47,020
Now, this command requires a parameter we can specify the amount of seconds using dash the option and

121
00:08:47,020 --> 00:08:53,920
I will specify ten seconds if I press here, enter this will start recording and it should capture what

122
00:08:53,920 --> 00:08:56,450
I'm speaking at the moment to the microphone.

123
00:08:56,800 --> 00:09:01,960
So here the ten seconds finished and it saved the file inside of this home.

124
00:09:02,560 --> 00:09:04,920
Mr. Hacker and this is the file name.

125
00:09:05,620 --> 00:09:10,750
You can listen if you want to, but for now, let's check out what other commands we have at the end

126
00:09:10,750 --> 00:09:11,560
of the help menu.

127
00:09:11,560 --> 00:09:16,280
And we got these cool commands such as get system and hash done.

128
00:09:16,870 --> 00:09:22,690
And believe it or not, these commands could be the most useful out of all of the others that we covered.

129
00:09:23,110 --> 00:09:25,870
However, if I tried to run the system command.

130
00:09:26,990 --> 00:09:28,430
Inside, one interpreter, Shell.

131
00:09:29,960 --> 00:09:34,380
Hmmm, operation failed, they will not work.

132
00:09:34,730 --> 00:09:38,780
It seems we cannot get system privileges on the target machine.

133
00:09:39,200 --> 00:09:45,080
And just to remind you, system privileges, our highest privileges on the Windows machine even higher

134
00:09:45,080 --> 00:09:48,420
than the administrator once we get system, level, account.

135
00:09:48,560 --> 00:09:51,330
We can say we fully hacked that box.

136
00:09:52,070 --> 00:09:53,720
So what are we going to do?

137
00:09:54,230 --> 00:10:00,560
Well, we are going to try to elevate our privileges in the next video by using post exploitation modules

138
00:10:01,010 --> 00:10:03,620
for now recovered basic interpreter commands.

139
00:10:03,620 --> 00:10:07,590
And you saw how useful they are despite being so easy to run.

140
00:10:08,180 --> 00:10:14,090
We simply got the screen shot by running one command record at the microphone by running one command.

141
00:10:14,660 --> 00:10:19,540
But it is time to get into more advanced things and running more advanced modules.

142
00:10:20,120 --> 00:10:21,110
See you in the next video.