1
00:00:00,830 --> 00:00:01,650
Welcome back.

2
00:00:01,670 --> 00:00:06,070
Time to write the code that will execute our commands inside of our payload.

3
00:00:06,770 --> 00:00:12,530
So as I already mentioned for this, we're going to need an additional library to go to your back door

4
00:00:12,530 --> 00:00:15,680
program and import subprocess.

5
00:00:16,100 --> 00:00:20,340
This library will allow us to execute any comment that the server sent.

6
00:00:21,020 --> 00:00:25,520
Let's go down here where we added the comment for the command execution.

7
00:00:25,990 --> 00:00:27,410
We can delete it right now.

8
00:00:27,590 --> 00:00:31,190
And to execute the command, we can do something like this.

9
00:00:31,760 --> 00:00:40,370
We can initiate, execute, and we're going to equal that to the subprocess dot p. open.

10
00:00:40,490 --> 00:00:45,200
And this transfer process open, this process open takes a few parameters.

11
00:00:45,200 --> 00:00:48,740
And the first one will be what we want to execute.

12
00:00:48,920 --> 00:00:52,610
In our case, we want to execute our command.

13
00:00:53,600 --> 00:00:56,960
The second parameter we can select to be shall equal Stroope.

14
00:00:58,740 --> 00:01:05,640
And there are some additional parameters such as study out equal subprocess that pipe and make sure

15
00:01:05,640 --> 00:01:07,980
that you type this pipe in the capital letters.

16
00:01:09,180 --> 00:01:20,070
Another parameter study error equals subprocess dot pipe and the last one will be tested in equals subprocess

17
00:01:21,000 --> 00:01:26,450
dot, but these are all the parameters that we need to specify right here.

18
00:01:26,760 --> 00:01:32,010
The most important one is that you specify this command as the first argument.

19
00:01:32,460 --> 00:01:39,120
Once we initiate the process open onto the execute, we can create a variable called result that will

20
00:01:39,120 --> 00:01:42,990
be equal to execute as to the out dot.

21
00:01:43,200 --> 00:01:43,650
Right.

22
00:01:43,650 --> 00:01:45,300
So we want to read the output.

23
00:01:45,550 --> 00:01:52,050
We're also going to concat to this to execute a study error that read.

24
00:01:52,530 --> 00:01:56,180
So these are the two things that will give us an output of the comment.

25
00:01:56,520 --> 00:01:59,030
Then we will store them inside of the result variable.

26
00:01:59,460 --> 00:02:05,320
And this line that I'm going to write right now could be a little bit tricky.

27
00:02:05,430 --> 00:02:09,000
Let me write it first result, dot the code.

28
00:02:09,840 --> 00:02:11,950
You might be wondering why are we decoding this?

29
00:02:12,410 --> 00:02:14,340
Well, if I go up here.

30
00:02:15,470 --> 00:02:21,950
In the reliable scent, we're going to encode our data and this result is something that we are going

31
00:02:21,950 --> 00:02:28,680
to send in the next line, and once we perform these two lines, we already get an encoded data.

32
00:02:29,030 --> 00:02:35,710
So if we don't decode it first and we try to send it straight away, it will throw us an error.

33
00:02:35,720 --> 00:02:40,390
It will not be able to do that because it is going to try to encode and encode the data.

34
00:02:40,910 --> 00:02:43,640
That's why first we must decode it right here.

35
00:02:43,790 --> 00:02:51,290
And then in the next line, we're going to type reliable underscore and we are going to send our result.

36
00:02:51,800 --> 00:02:52,190
Great.

37
00:02:52,190 --> 00:02:58,580
Now that footedness, let us test our program and to test this program, you're going to need a Windows

38
00:02:58,580 --> 00:03:03,420
environment to compile it and you're going to need any version of Python three.

39
00:03:03,800 --> 00:03:09,470
Now, in my case, I'm using Python three point seven, so I would advise you to use the same version.

40
00:03:09,500 --> 00:03:15,050
So just download Python three point seven, because if it works for me, it will most likely work for

41
00:03:15,050 --> 00:03:15,260
you.

42
00:03:16,220 --> 00:03:24,300
After you do that, what we must do is we must copy our back door to our windows and machine.

43
00:03:24,560 --> 00:03:24,950
Why?

44
00:03:25,070 --> 00:03:28,340
Well, we're going to compile it on a Windows machine for this.

45
00:03:28,340 --> 00:03:30,750
You can use of Windows Virtual Machine if you'd like.

46
00:03:30,770 --> 00:03:34,840
Just make sure you download Python three point seven onto that Windows virtual machine.

47
00:03:35,090 --> 00:03:38,040
Once you do that, you can copy the back door.

48
00:03:38,060 --> 00:03:40,890
I am first going to copy it to my desktop.

49
00:03:41,270 --> 00:03:46,070
So, Mr. Hacker, on the desktop and from the desktop, I'm going to copy it.

50
00:03:47,660 --> 00:03:56,060
Onto the Windows 10 desktop, great, now that we copied it, we're going to need a few things in order

51
00:03:56,060 --> 00:03:57,240
to compile this program.

52
00:03:57,500 --> 00:04:03,140
So, first of all, open your command prompt on your Windows machine, navigate to the directory where

53
00:04:03,290 --> 00:04:07,730
your back door is and to compile this program.

54
00:04:07,760 --> 00:04:10,220
We're going to need a PPI installer library.

55
00:04:10,700 --> 00:04:13,850
You can install that library using PIP as usual.

56
00:04:14,600 --> 00:04:19,190
Once you get the points to the library, you want to go to the directory where your back door is and

57
00:04:19,190 --> 00:04:20,570
type installer.

58
00:04:21,560 --> 00:04:24,590
Then the name of the program, in my case, Back-Door, the P y.

59
00:04:24,800 --> 00:04:27,340
And we're going to use two different arguments.

60
00:04:27,350 --> 00:04:31,760
One of them is one file and the other one is no console.

61
00:04:32,940 --> 00:04:35,670
Won't specify all of this press enter.

62
00:04:36,870 --> 00:04:40,590
And this will compile our Python program for us.

63
00:04:41,250 --> 00:04:47,070
Now, one thing to keep in mind is that you must have all the libraries from this program installed

64
00:04:47,070 --> 00:04:51,040
using PIP in order for the compiling of the program to be successful.

65
00:04:51,660 --> 00:04:57,540
So in this case, our backdoor right here if I admitted using notepad.

66
00:04:59,300 --> 00:05:04,940
We only have these three libraries and all of them are already by default in Python, so there is no

67
00:05:04,940 --> 00:05:06,980
libraries that we must install yet.

68
00:05:07,310 --> 00:05:12,950
But in future, if you keep adding onto this program and you add additional libraries that might not

69
00:05:12,950 --> 00:05:19,430
be by default installed in Python, you will need to install them first using PIP and then you can compile

70
00:05:19,430 --> 00:05:20,960
the program successfully.

71
00:05:21,470 --> 00:05:22,280
OK, great.

72
00:05:22,430 --> 00:05:27,530
Now that we compile the program, we're going to have these four folders.

73
00:05:27,800 --> 00:05:34,220
We're going to have the disk folder, this Bikash folder, this backdoor towards Backfill and the build

74
00:05:34,220 --> 00:05:34,750
folder.

75
00:05:35,540 --> 00:05:38,650
These three right here you can delete straight away.

76
00:05:38,810 --> 00:05:39,550
We don't need them.

77
00:05:39,830 --> 00:05:43,690
And this this folder will have our executable.

78
00:05:44,000 --> 00:05:44,660
Here it is.

79
00:05:44,960 --> 00:05:47,090
It is called backdoor that you see.

80
00:05:47,480 --> 00:05:53,930
And you know, what is the cool part if I scan it using the latest version of Windows Defender?

81
00:06:00,390 --> 00:06:08,070
Here it is, zero threats found, so we created an undetectable backdoor that we coded amazing right

82
00:06:08,580 --> 00:06:13,950
now to test it, to see whether it works, first thing that we must make sure is that the IP addresses

83
00:06:13,950 --> 00:06:15,630
and the ports are set correctly.

84
00:06:15,870 --> 00:06:19,700
And that is something that we should have done before actually compiling the program.

85
00:06:19,950 --> 00:06:25,560
But in my case, I remember that I said they wanted to that 168 dot want a 12 to be the IP address of

86
00:06:25,770 --> 00:06:31,470
Linux machine and the Port five five five five to be the port to connect to, which is in my case,

87
00:06:31,470 --> 00:06:31,890
correct.

88
00:06:32,040 --> 00:06:36,930
So what I'm going to do is I'm going to use Python three to start my server.

89
00:06:37,350 --> 00:06:40,620
It will print out listening for the incoming connections.

90
00:06:41,190 --> 00:06:44,730
And if I go right here, execute the backdoor to.

91
00:06:47,130 --> 00:06:49,530
Nothing seems to be happening, but that is good.

92
00:06:49,560 --> 00:06:56,190
We don't want our program to open anything, but if we go back to here and we wait a couple of seconds

93
00:06:56,190 --> 00:07:02,700
because remember that we set time to sleep command to be 20 seconds before actually connecting to our

94
00:07:02,700 --> 00:07:03,600
Kalinda's machine.

95
00:07:03,960 --> 00:07:06,510
And after 20 seconds, here it is.

96
00:07:06,780 --> 00:07:09,180
We get the shell from our Windows 10 machine.

97
00:07:09,900 --> 00:07:16,020
We get shelled written and then the IP address, as well as the port from which the connection is coming

98
00:07:16,020 --> 00:07:16,260
from.

99
00:07:16,800 --> 00:07:22,150
Now, if we try to execute some of the command prompt commands, such as, for example, who am I?

100
00:07:22,770 --> 00:07:23,970
It seems to be stuck.

101
00:07:23,970 --> 00:07:26,340
So there is something wrong with our code.

102
00:07:26,730 --> 00:07:31,310
Let us go and check our server first to see whether everything is good.

103
00:07:31,530 --> 00:07:34,860
So we got a reliable send and if reliable, receive functions.

104
00:07:35,160 --> 00:07:36,720
Everything seems to be good.

105
00:07:37,780 --> 00:07:44,210
But right here, we reliable received the result and then we print it out, so this could be the problem.

106
00:07:45,780 --> 00:07:51,960
Let's check it out inside the other factor code as well, just to make sure that everything is good

107
00:07:51,960 --> 00:07:52,290
here.

108
00:07:54,590 --> 00:08:00,560
And after a few minutes of searching, I managed to find the error, so the error was inside of the

109
00:08:00,770 --> 00:08:01,590
backdoor code.

110
00:08:01,880 --> 00:08:07,510
The first thing that I didn't do is I didn't import this Jason library inside of my backdoor code.

111
00:08:07,640 --> 00:08:13,820
I only copied these two functions from the server code, but I forgot to import the Jason Library.

112
00:08:14,010 --> 00:08:15,770
So that is the first thing that we must do.

113
00:08:15,800 --> 00:08:17,120
I already did it right here.

114
00:08:17,330 --> 00:08:26,320
And the second thing is the typo right here in this line, we typed our step and it should be our strip.

115
00:08:26,960 --> 00:08:33,010
We need to fix that both here and inside of the server code.

116
00:08:33,560 --> 00:08:41,270
So go down here and change the ah, step into R and then strip, say, right here as well.

117
00:08:42,260 --> 00:08:47,780
And we are going to copy the back door that apply to the whole Mr. Hacker.

118
00:08:47,780 --> 00:08:51,070
And then that's the so we're going to recompile it once again.

119
00:08:51,710 --> 00:08:54,230
All of these things we do not need anymore.

120
00:08:54,410 --> 00:08:59,630
So I'm going to delete them if it tells you right this, that the file is currently in use.

121
00:08:59,900 --> 00:09:01,370
That is because we ran it.

122
00:09:01,370 --> 00:09:08,720
And to close it, we can go to task manager, find the back door data ACCE that is running and close

123
00:09:08,720 --> 00:09:10,550
it inside of our task manager.

124
00:09:10,850 --> 00:09:13,660
Then we should be able to delete the disk folder.

125
00:09:14,240 --> 00:09:14,630
Great.

126
00:09:14,990 --> 00:09:22,700
Now that we did that, what I'm going to do is I'm going to once again copy the backdoor way onto my

127
00:09:22,700 --> 00:09:26,500
desktop and I'm going to compile it once again using the command prompt.

128
00:09:26,510 --> 00:09:33,860
So PI installer backdoor dogpile dash dash one file and dash dash no console press enter.

129
00:09:36,370 --> 00:09:43,960
While this compiling letters go to our clinics machine and let us start our server by country server

130
00:09:43,960 --> 00:09:49,300
dogpile, it will listen for the incoming connections and right here we can go to the this directory

131
00:09:49,510 --> 00:09:51,760
and execute Back-Door dot the.

132
00:09:53,500 --> 00:09:59,230
Once again, these other files we do not need, so you can delete them only if this directory with the

133
00:09:59,230 --> 00:10:00,280
backdoor data.

134
00:10:01,330 --> 00:10:06,970
And in just a few seconds, we should receive the connection right here in our Linux machine due to

135
00:10:06,970 --> 00:10:10,320
the time out of 20 seconds that we coded inside of our program.

136
00:10:10,330 --> 00:10:12,820
And if I type, who am I right now?

137
00:10:13,150 --> 00:10:14,290
It works.

138
00:10:14,290 --> 00:10:16,570
I can execute commands on the target machine.

139
00:10:16,690 --> 00:10:22,810
If I type there, it will tell me that the only file in the directory is back 30 ACCE, and that is

140
00:10:22,810 --> 00:10:26,050
because we are currently inside of this, this directory.

141
00:10:26,590 --> 00:10:30,880
If I type IP config, it will tell me my IP address.

142
00:10:31,240 --> 00:10:37,090
I can type in that stat command to get the net state output where it will tell me all of my current

143
00:10:37,090 --> 00:10:38,920
connections on that target machine.

144
00:10:39,520 --> 00:10:45,130
But if I, for example, try to go one step back, this will not work.

145
00:10:45,130 --> 00:10:47,410
I will still be in the test directory.

146
00:10:47,830 --> 00:10:53,530
So it seems that our program works if we can execute the commands, but for now we can't seem to change

147
00:10:53,530 --> 00:10:56,230
the directories into a different directory.

148
00:10:56,230 --> 00:10:59,760
And that is something that we must see how to fix in the next video.

149
00:11:00,610 --> 00:11:02,780
But for now, it is good that it works.

150
00:11:02,800 --> 00:11:06,250
We saw how we can compile the program to Yuxi using Pine.

151
00:11:06,850 --> 00:11:13,420
So once again, just install Python three point seven on a Windows machine installed pine installer

152
00:11:13,660 --> 00:11:18,960
for the python and install all the libraries that you're using inside of your program.

153
00:11:19,210 --> 00:11:23,890
In our case, we are not using any additional libraries outside of the standard Python Library, so

154
00:11:23,890 --> 00:11:25,000
we didn't need to do that.

155
00:11:25,330 --> 00:11:32,590
Or anything we needed to do is to install pine and then use the command installer program, name one

156
00:11:32,590 --> 00:11:35,200
file and no console as options.

157
00:11:35,200 --> 00:11:37,300
And this should compile the program for you.

158
00:11:38,140 --> 00:11:43,420
Once you execute it, it should connect to the server that we are running from our machine and let us

159
00:11:43,420 --> 00:11:44,580
test the quick command.

160
00:11:44,590 --> 00:11:47,980
If I press enter, it closes the program right here in our terminal.

161
00:11:48,250 --> 00:11:51,250
But does it also close the program in task manager?

162
00:11:51,280 --> 00:11:52,290
Let us check it out.

163
00:11:54,720 --> 00:12:00,660
And it indeed does so we also close the program on the target machine with the quick comment.

164
00:12:01,350 --> 00:12:01,800
Great.

165
00:12:01,920 --> 00:12:06,960
In the next video, we're going to see how we can successfully change the rectories using our program.