1
00:00:00,360 --> 00:00:01,350
Instructor: Welcome back.

2
00:00:01,350 --> 00:00:03,390
Let's continue with our programs.

3
00:00:03,390 --> 00:00:04,740
So in the previous video,

4
00:00:04,740 --> 00:00:06,570
we managed to establish a connection

5
00:00:06,570 --> 00:00:08,070
between these two programs,

6
00:00:08,070 --> 00:00:09,930
or we didn't really manage to establish,

7
00:00:09,930 --> 00:00:11,820
but we created a part of code

8
00:00:11,820 --> 00:00:13,770
that will establish the connection

9
00:00:13,770 --> 00:00:15,870
once we run these programs.

10
00:00:15,870 --> 00:00:19,230
Now, let us go to our server program first

11
00:00:19,230 --> 00:00:23,490
and let's figure out this target communication function.

12
00:00:23,490 --> 00:00:26,940
Remember, this function will send the commands

13
00:00:26,940 --> 00:00:29,370
to the target system that we want to execute

14
00:00:29,370 --> 00:00:32,189
and it will also receive the response

15
00:00:32,189 --> 00:00:33,303
of the target system.

16
00:00:34,200 --> 00:00:35,910
So let us code it up here.

17
00:00:35,910 --> 00:00:37,980
And we are just going to start it

18
00:00:37,980 --> 00:00:40,740
and then we are going to go to the backdoor program.

19
00:00:40,740 --> 00:00:42,330
First thing that we're going to do is we are

20
00:00:42,330 --> 00:00:44,280
going to initiate the function.

21
00:00:44,280 --> 00:00:47,553
So define and then target underscore communication.

22
00:00:48,900 --> 00:00:51,750
As we can see, it takes no parameters

23
00:00:51,750 --> 00:00:54,090
and what we are going to do straight away

24
00:00:54,090 --> 00:00:55,980
inside of this function is we are going to

25
00:00:55,980 --> 00:00:59,340
enter an infinite while true loop.

26
00:00:59,340 --> 00:01:02,100
What we will essentially do here is we are going to ask

27
00:01:02,100 --> 00:01:04,260
for a command from the user of this program

28
00:01:04,260 --> 00:01:07,320
and then we're going to send that command to the payload

29
00:01:07,320 --> 00:01:10,320
and go back to the beginning of this while true loop

30
00:01:10,320 --> 00:01:12,480
once we receive the response.

31
00:01:12,480 --> 00:01:13,950
Let me show you what they mean.

32
00:01:13,950 --> 00:01:16,740
Inside of here, the first thing that we want to do

33
00:01:16,740 --> 00:01:19,410
is we want to initiate a command.

34
00:01:19,410 --> 00:01:21,960
Since we don't know what command we want to execute

35
00:01:21,960 --> 00:01:24,120
we're just going to use an input statement

36
00:01:24,120 --> 00:01:26,490
that will allow the user of this program

37
00:01:26,490 --> 00:01:28,890
to type in the command.

38
00:01:28,890 --> 00:01:31,050
And we're going to write it like this.

39
00:01:31,050 --> 00:01:34,860
Let's make it pretty, let's make it look like a terminal.

40
00:01:34,860 --> 00:01:38,310
And use this sign, percent S, and you're going to

41
00:01:38,310 --> 00:01:41,880
see why we are using this percent S in just a second.

42
00:01:41,880 --> 00:01:44,250
So after the percent, S type two dots

43
00:01:44,250 --> 00:01:47,861
and then empty space and add a single quote at the end.

44
00:01:47,861 --> 00:01:50,880
And here, you can add another percent

45
00:01:50,880 --> 00:01:54,090
and string of IP address.

46
00:01:54,090 --> 00:01:55,440
And if you don't know Python,

47
00:01:55,440 --> 00:01:59,130
you're probably wondering what even happened here.

48
00:01:59,130 --> 00:02:02,160
Well, this is a statement that will print out

49
00:02:02,160 --> 00:02:04,590
and once we type this percent S,

50
00:02:04,590 --> 00:02:09,330
it will get exchanged with this string of IP address.

51
00:02:09,330 --> 00:02:12,840
And remember, our IP is simply the IP address

52
00:02:12,840 --> 00:02:14,850
of the target system that we initiated

53
00:02:14,850 --> 00:02:16,500
in this line right here.

54
00:02:16,500 --> 00:02:19,050
So what this will print is it will print the shell,

55
00:02:19,050 --> 00:02:20,970
and then after it the IP address

56
00:02:20,970 --> 00:02:23,280
of the target machine and then two dots.

57
00:02:23,280 --> 00:02:26,940
And here we will be able to type in our command.

58
00:02:26,940 --> 00:02:28,950
We just made it look a little bit prettier

59
00:02:28,950 --> 00:02:30,250
once we're on the program.

60
00:02:31,260 --> 00:02:33,750
So the next thing that we want to do is then

61
00:02:33,750 --> 00:02:37,140
send that command and we are going to use a function

62
00:02:37,140 --> 00:02:39,210
that I'm going to call reliable send.

63
00:02:39,210 --> 00:02:41,550
And this function also doesn't exist.

64
00:02:41,550 --> 00:02:43,170
It will take one parameter,

65
00:02:43,170 --> 00:02:44,700
which will be the command itself.

66
00:02:44,700 --> 00:02:47,010
So we are sending the command to the target.

67
00:02:47,010 --> 00:02:48,840
Now, this reliable send function is something

68
00:02:48,840 --> 00:02:50,580
that we will code in the next lecture.

69
00:02:50,580 --> 00:02:52,740
For now, just picture it as the function

70
00:02:52,740 --> 00:02:55,503
that will send this command to the target system.

71
00:02:56,430 --> 00:02:59,490
Then, right here, after we send the command

72
00:02:59,490 --> 00:03:01,770
we want to check out what this command was.

73
00:03:01,770 --> 00:03:06,243
For example, let's type if command equals equals to quit.

74
00:03:07,320 --> 00:03:11,220
Then this will initiate to our program that we want to exit

75
00:03:11,220 --> 00:03:13,950
out of the shell and we want to exit this program.

76
00:03:13,950 --> 00:03:15,270
So we're just going to break out

77
00:03:15,270 --> 00:03:18,720
to this while true loop and that will end our program.

78
00:03:18,720 --> 00:03:20,850
So remember, once you type quit,

79
00:03:20,850 --> 00:03:23,100
that means you want to stop communicating

80
00:03:23,100 --> 00:03:24,150
with the target system

81
00:03:24,150 --> 00:03:27,270
and you want to close this server program.

82
00:03:27,270 --> 00:03:29,700
So we're going to break out to the while true loop,

83
00:03:29,700 --> 00:03:32,490
and that will exit out of this target communication function

84
00:03:32,490 --> 00:03:34,983
and then it will exit out of the program.

85
00:03:36,270 --> 00:03:40,350
If it is not quit, so else

86
00:03:40,350 --> 00:03:45,060
we're going to type right here, result equals

87
00:03:45,060 --> 00:03:47,670
and then reliable underscore receive.

88
00:03:47,670 --> 00:03:49,740
And this function is also something that we will create

89
00:03:49,740 --> 00:03:50,910
in the next lecture.

90
00:03:50,910 --> 00:03:53,220
For now on, just picture this function right here

91
00:03:53,220 --> 00:03:55,590
as a function that will receive the response

92
00:03:55,590 --> 00:03:59,100
from the target after the target runs our command.

93
00:03:59,100 --> 00:04:01,530
Then we are going to store the response inside

94
00:04:01,530 --> 00:04:04,260
of this result variable and

95
00:04:04,260 --> 00:04:07,830
we want to print the result.

96
00:04:07,830 --> 00:04:09,600
Simple as that.

97
00:04:09,600 --> 00:04:11,970
So let's go through this real quick once again.

98
00:04:11,970 --> 00:04:14,280
We're asking for the input of the command,

99
00:04:14,280 --> 00:04:16,620
then we are sending that command to the target.

100
00:04:16,620 --> 00:04:18,390
We check if the command was quit.

101
00:04:18,390 --> 00:04:20,760
If it was, then we exit the program.

102
00:04:20,760 --> 00:04:23,040
If it wasn't, then we store the response

103
00:04:23,040 --> 00:04:26,400
of the command that we received using this function

104
00:04:26,400 --> 00:04:28,410
to this result variable.

105
00:04:28,410 --> 00:04:30,840
And then we print out the result.

106
00:04:30,840 --> 00:04:34,920
For example, if the command was ls or dir,

107
00:04:34,920 --> 00:04:36,390
that command lists out

108
00:04:36,390 --> 00:04:39,450
all of the files and folders inside of a directory.

109
00:04:39,450 --> 00:04:42,570
We would then store this inside of this result variable

110
00:04:42,570 --> 00:04:43,740
and then we would print out

111
00:04:43,740 --> 00:04:45,330
all of the files and folders

112
00:04:45,330 --> 00:04:47,910
inside of the target's directory.

113
00:04:47,910 --> 00:04:49,440
Simple as that.

114
00:04:49,440 --> 00:04:52,530
Now that we did this, let's go to our backdoor program,

115
00:04:52,530 --> 00:04:54,123
and code something similar.

116
00:04:56,460 --> 00:04:58,410
Just inside of this backdoor program,

117
00:04:58,410 --> 00:05:01,920
we do that using the shell function.

118
00:05:01,920 --> 00:05:03,840
So what I'm going to do is I'm going to go

119
00:05:03,840 --> 00:05:05,280
below the connection function

120
00:05:05,280 --> 00:05:09,720
and right here I will initiate this shell function.

121
00:05:09,720 --> 00:05:11,910
And as our target communication function,

122
00:05:11,910 --> 00:05:15,783
the shell function will also start with the while true loop.

123
00:05:17,040 --> 00:05:18,990
Then what we are going to do is we are going to

124
00:05:18,990 --> 00:05:20,760
create the command variable.

125
00:05:20,760 --> 00:05:24,120
And in this program, this command variable will

126
00:05:24,120 --> 00:05:28,530
receive the command that our server sent.

127
00:05:28,530 --> 00:05:32,130
So in backdoor, we first receive the command.

128
00:05:32,130 --> 00:05:35,070
Then after we receive the command, we check

129
00:05:35,070 --> 00:05:37,440
if that command was quit, the same thing

130
00:05:37,440 --> 00:05:39,210
that we did in our server.

131
00:05:39,210 --> 00:05:42,840
And in the same way, we're going to exit out of the program,

132
00:05:42,840 --> 00:05:46,080
by breaking out of this while true loop.

133
00:05:46,080 --> 00:05:47,850
And the other case we want

134
00:05:47,850 --> 00:05:50,940
to execute the command.

135
00:05:50,940 --> 00:05:52,650
But this is something that I'm going to type

136
00:05:52,650 --> 00:05:54,090
as a comment for now.

137
00:05:54,090 --> 00:05:56,100
So here in the l statement,

138
00:05:56,100 --> 00:05:59,160
we want to execute the command.

139
00:05:59,160 --> 00:06:01,350
And the reason why I'm not typing it right now

140
00:06:01,350 --> 00:06:03,240
is because this execution of command

141
00:06:03,240 --> 00:06:04,920
requires another library we're going to

142
00:06:04,920 --> 00:06:07,290
touch on as soon as we finish coding

143
00:06:07,290 --> 00:06:09,840
these reliable receive functions

144
00:06:09,840 --> 00:06:12,000
and reliable send functions.

145
00:06:12,000 --> 00:06:15,300
So first, we need to code them and then we're going to go

146
00:06:15,300 --> 00:06:18,243
and type the code of the command execution.

147
00:06:19,200 --> 00:06:20,220
So for now, we just start

148
00:06:20,220 --> 00:06:23,070
at the base of our shell and target communication function.

149
00:06:23,070 --> 00:06:25,110
And we are going to continue coding them

150
00:06:25,110 --> 00:06:26,580
in the next lecture.

151
00:06:26,580 --> 00:06:27,413
See you there.