1
00:00:00,960 --> 00:00:02,160
Instructor: Welcome back.

2
00:00:02,160 --> 00:00:03,559
In this video I want to talk

3
00:00:03,559 --> 00:00:05,730
about yet another tool that we can use

4
00:00:05,730 --> 00:00:10,263
for payload creation and that tool is called TheFatRat.

5
00:00:11,670 --> 00:00:12,870
I know, right?

6
00:00:12,870 --> 00:00:14,340
What a name.

7
00:00:14,340 --> 00:00:17,490
Anyway, this is a tool that we have available on GitHub

8
00:00:17,490 --> 00:00:18,990
so let's go real quick

9
00:00:18,990 --> 00:00:22,050
and download it from the GitHub repository.

10
00:00:22,050 --> 00:00:25,230
If I type in in the search bar Fat Rat GitHub

11
00:00:25,230 --> 00:00:27,750
it should lead me to this first link where I want

12
00:00:27,750 --> 00:00:30,900
to click on and once it opens this page

13
00:00:30,900 --> 00:00:32,880
we want to copy the link to this tool

14
00:00:32,880 --> 00:00:36,960
and git clone it inside of our desktop directory.

15
00:00:36,960 --> 00:00:38,250
Now you will notice right here

16
00:00:38,250 --> 00:00:40,560
that I already have the tool downloaded

17
00:00:40,560 --> 00:00:43,170
so I will not be cloning it right now.

18
00:00:43,170 --> 00:00:46,620
The good thing for this tool is that on the GitHub page

19
00:00:46,620 --> 00:00:49,128
if I scroll down here, we have the commands

20
00:00:49,128 --> 00:00:52,290
for the exact installation of this tool.

21
00:00:52,290 --> 00:00:54,720
So first we git clone the tool itself

22
00:00:54,720 --> 00:00:57,810
then we change directory to the tool folder

23
00:00:57,810 --> 00:01:00,420
and we run this command right here.

24
00:01:00,420 --> 00:01:02,430
Since I already did all of this

25
00:01:02,430 --> 00:01:06,390
you do this first and then we can go and start the tool.

26
00:01:06,390 --> 00:01:07,860
Okay, did you do it?

27
00:01:07,860 --> 00:01:10,140
Let's go and start TheFatRat tool.

28
00:01:10,140 --> 00:01:12,720
Now keep in mind, once starting this tool

29
00:01:12,720 --> 00:01:14,970
you must enter the root terminal

30
00:01:14,970 --> 00:01:19,290
and we do that as usual with sudo as you command.

31
00:01:19,290 --> 00:01:20,910
Once I go there, I will navigate

32
00:01:20,910 --> 00:01:24,180
to the desktop and to TheFatRat directory.

33
00:01:24,180 --> 00:01:28,260
If I type ls, we should see this file called fatrat

34
00:01:28,260 --> 00:01:30,090
and that is the tool itself.

35
00:01:30,090 --> 00:01:31,440
So in order to run it

36
00:01:31,440 --> 00:01:34,500
we can just type its name inside of the terminal

37
00:01:34,500 --> 00:01:37,833
press enter and this will start the tool for us.

38
00:01:38,670 --> 00:01:40,830
You will notice that the tool is rather similar

39
00:01:40,830 --> 00:01:42,570
to all of the previous tools that we used

40
00:01:42,570 --> 00:01:45,510
for payload creation so there is nothing really new here.

41
00:01:45,510 --> 00:01:47,640
We're just experimenting with different tools to

42
00:01:47,640 --> 00:01:51,180
see what type of payload is best for us.

43
00:01:51,180 --> 00:01:53,490
It will go right here to some of the dependencies,

44
00:01:53,490 --> 00:01:56,040
and if it doesn't have some of the files that it

45
00:01:56,040 --> 00:02:00,270
needs installed, it'll automatically install it for you.

46
00:02:00,270 --> 00:02:03,690
For me, it already has all of this installed, so it'll just

47
00:02:03,690 --> 00:02:06,960
prompt me with this warning that says don't upload the

48
00:02:06,960 --> 00:02:10,679
back doors created with the Fat Rat to the virustotal.com.

49
00:02:10,679 --> 00:02:13,567
So we are not going to do that if the tool tells us to

50
00:02:13,567 --> 00:02:17,880
we're not going to go and upload them to virus total.

51
00:02:17,880 --> 00:02:19,680
Anyway, let's see how we can create them.

52
00:02:19,680 --> 00:02:22,140
So I will press enter to continue.

53
00:02:22,140 --> 00:02:24,510
Here its started the service PostgreSQL

54
00:02:24,510 --> 00:02:26,643
and I will press continue once again.

55
00:02:27,630 --> 00:02:28,680
And here it is.

56
00:02:28,680 --> 00:02:30,570
This is the main menu.

57
00:02:30,570 --> 00:02:33,570
So we got quite a few options right here.

58
00:02:33,570 --> 00:02:36,000
We can create Backdoor with msfvenom.

59
00:02:36,000 --> 00:02:39,570
We can create fully undetectable backdoor with Fudwin.

60
00:02:39,570 --> 00:02:42,540
We can create with other programs as well.

61
00:02:42,540 --> 00:02:44,610
So this is just a matter of choice.

62
00:02:44,610 --> 00:02:48,000
You can also, if you notice right here, create the back door

63
00:02:48,000 --> 00:02:51,990
of the APK file, which would be for mobile phones.

64
00:02:51,990 --> 00:02:53,430
Okay, great.

65
00:02:53,430 --> 00:02:55,560
Let us go with any one of these.

66
00:02:55,560 --> 00:02:58,590
Let's go for example with number six, which is

67
00:02:58,590 --> 00:03:03,390
create fully undetectable back door with PwnWinds.

68
00:03:03,390 --> 00:03:05,790
It says in the brackets, excellent, but keep in mind

69
00:03:05,790 --> 00:03:08,700
that even though right here it says fully undetectable

70
00:03:08,700 --> 00:03:10,860
it most likely won't be fully undetectable

71
00:03:10,860 --> 00:03:14,310
because this tool right here isn't that new.

72
00:03:14,310 --> 00:03:17,580
Nonetheless, let us go with number six as an option

73
00:03:17,580 --> 00:03:20,160
and you can go with a different option if you prefer.

74
00:03:20,160 --> 00:03:21,690
I will just go with this one

75
00:03:21,690 --> 00:03:23,400
for the purposes of this tutorial

76
00:03:23,400 --> 00:03:27,450
and here we have also a few different options.

77
00:03:27,450 --> 00:03:31,200
We can create backdoor with C Powershell Embed Pdf.

78
00:03:31,200 --> 00:03:34,770
We can create backdoor with C Meteperter reverse tcp.

79
00:03:34,770 --> 00:03:38,550
We can create exe file with C Sharp and the powershell.

80
00:03:38,550 --> 00:03:41,430
It says it is fully undetectable 100%.

81
00:03:41,430 --> 00:03:43,230
So let's go with that one.

82
00:03:43,230 --> 00:03:45,303
This time I will select number two.

83
00:03:46,830 --> 00:03:50,190
It will tell me right here my IPV4 local address

84
00:03:50,190 --> 00:03:55,190
my IPV6 address and my public IP address right here.

85
00:03:55,590 --> 00:03:57,390
So what I'm going to do is I'm going to

86
00:03:57,390 --> 00:04:01,960
set the local host IP to be 192.168.1.12

87
00:04:03,810 --> 00:04:07,200
and I will select the local port to be 5555.

88
00:04:07,200 --> 00:04:08,640
Press enter.

89
00:04:08,640 --> 00:04:10,650
Please enter the base name for output files.

90
00:04:10,650 --> 00:04:12,800
We can call this RatBackdoor

91
00:04:14,968 --> 00:04:18,779
just so we know from which program it is.

92
00:04:18,779 --> 00:04:20,700
Here it asks us to select which type

93
00:04:20,700 --> 00:04:21,870
of payload we want to create.

94
00:04:21,870 --> 00:04:22,770
And we are going to go

95
00:04:22,770 --> 00:04:26,220
with the good old Windows meterpreter, reverse tcp.

96
00:04:26,220 --> 00:04:28,500
So I'll select number three right here,

97
00:04:28,500 --> 00:04:32,403
press enter, and this should create the backdoor for me.

98
00:04:33,810 --> 00:04:34,860
After a few seconds

99
00:04:34,860 --> 00:04:37,650
we should have this output that says backdoor saved

100
00:04:37,650 --> 00:04:39,840
to this path right here

101
00:04:39,840 --> 00:04:43,170
and up here we can see the code of our payload.

102
00:04:43,170 --> 00:04:45,720
It is inside of C Sharp and we can see it calls

103
00:04:45,720 --> 00:04:49,680
the system function which execute a power shell command.

104
00:04:49,680 --> 00:04:50,513
Okay, great.

105
00:04:50,513 --> 00:04:53,850
So let's remember this location right here.

106
00:04:53,850 --> 00:04:58,773
Matter of fact, let's copy it and now we can press enter.

107
00:05:00,180 --> 00:05:03,090
Now you will notice that this tool doesn't set the listener

108
00:05:03,090 --> 00:05:04,800
automatically for us.

109
00:05:04,800 --> 00:05:07,290
So what we are going to do is you can either set

110
00:05:07,290 --> 00:05:09,930
up a listener based on the information that you specified

111
00:05:09,930 --> 00:05:12,522
for the payload inside the second terminal using

112
00:05:12,522 --> 00:05:16,260
MSF console, or we can go back to the menu

113
00:05:16,260 --> 00:05:17,511
using the number nine.

114
00:05:17,511 --> 00:05:21,060
And once it comes back to this menu we can go and jump

115
00:05:21,060 --> 00:05:25,143
to MSF console straight from the Fat Rat with the number 10.

116
00:05:26,370 --> 00:05:27,390
Okay, great.

117
00:05:27,390 --> 00:05:30,360
While the MSF console is opening, what I'm going to do

118
00:05:30,360 --> 00:05:34,290
is I'm going to open another terminal where I'm going to

119
00:05:34,290 --> 00:05:39,270
enter the root terminal first and then navigate

120
00:05:39,270 --> 00:05:41,670
to the path that we copied.

121
00:05:41,670 --> 00:05:42,510
Okay, great.

122
00:05:42,510 --> 00:05:47,510
Type ls here and we should have Ratbackdoor.exe.

123
00:05:47,520 --> 00:05:50,190
Let's copy it to our desktop.

124
00:05:50,190 --> 00:05:52,653
So home/mrhacker and then desktop.

125
00:05:53,760 --> 00:05:57,910
And from the desktop, if I go and lower all of these windows

126
00:06:00,180 --> 00:06:02,413
we should be able to copy it straight to our

127
00:06:02,413 --> 00:06:04,560
Windows 10 machine.

128
00:06:04,560 --> 00:06:05,520
Okay, great.

129
00:06:05,520 --> 00:06:07,650
So it is on our target machine.

130
00:06:07,650 --> 00:06:10,620
Let's set the settings inside of the MSF console.

131
00:06:10,620 --> 00:06:15,180
Use exploit multi handler set payload to be remember,

132
00:06:15,180 --> 00:06:18,970
windows meterpreter reverse tcp

133
00:06:19,950 --> 00:06:23,670
and we need to set the L host and the L port accordingly

134
00:06:23,670 --> 00:06:25,860
to what we set inside of our payload.

135
00:06:25,860 --> 00:06:29,100
So for me it is 192.168.1.12

136
00:06:29,100 --> 00:06:32,790
and the L port is 5555.

137
00:06:32,790 --> 00:06:33,783
Press run.

138
00:06:34,890 --> 00:06:39,890
And if we go and run our back door, it will execute,

139
00:06:40,050 --> 00:06:42,030
go back to our MSF console

140
00:06:42,030 --> 00:06:44,070
and here is the meterpreter shell.

141
00:06:44,070 --> 00:06:47,400
Once again, we can execute the commands that we want.

142
00:06:47,400 --> 00:06:50,970
If I type for example PS command, this will list all

143
00:06:50,970 --> 00:06:54,690
of the processes running on that target machine.

144
00:06:54,690 --> 00:06:56,410
So if I scroll all the way up

145
00:06:58,590 --> 00:07:03,330
we should be able to find the Ratbackdoor.exe file

146
00:07:03,330 --> 00:07:05,940
that we executed on the target machine.

147
00:07:05,940 --> 00:07:07,563
It should be somewhere here.

148
00:07:09,060 --> 00:07:10,470
And here it is.

149
00:07:10,470 --> 00:07:13,260
Here is the Ratbackdoor.exe.

150
00:07:13,260 --> 00:07:16,230
This is our file running on the target system.

151
00:07:16,230 --> 00:07:18,180
Now we know how to create payloads.

152
00:07:18,180 --> 00:07:20,490
Now there are other tools as well that we can use

153
00:07:20,490 --> 00:07:22,650
but I will leave that for you to discover

154
00:07:22,650 --> 00:07:26,010
since they all work pretty much the same.

155
00:07:26,010 --> 00:07:28,440
Great. In the next video we're going to

156
00:07:28,440 --> 00:07:32,130
check out how we can make some changes on our payloads

157
00:07:32,130 --> 00:07:35,400
that will allow us to either bypass some of the antiviruses

158
00:07:35,400 --> 00:07:37,290
or we are going to see what we can do

159
00:07:37,290 --> 00:07:40,320
to the payload to make our target have greater chance

160
00:07:40,320 --> 00:07:41,940
of executing it.

161
00:07:41,940 --> 00:07:43,240
See you in the next video.