1
00:00:00,840 --> 00:00:02,220
Instructor: Welcome back.

2
00:00:02,220 --> 00:00:06,360
Time to code our download and upload functions.

3
00:00:06,360 --> 00:00:08,220
So for now, we coded a bunch

4
00:00:08,220 --> 00:00:11,790
of different options such as executing commands, quitting

5
00:00:11,790 --> 00:00:14,880
out to the shell, changing directories, clearing the screen.

6
00:00:14,880 --> 00:00:17,310
But let's also see how we can create two functions

7
00:00:17,310 --> 00:00:19,140
that will allow us to download

8
00:00:19,140 --> 00:00:21,663
and upload files on the target machine.

9
00:00:22,710 --> 00:00:25,200
So let's start with server first.

10
00:00:25,200 --> 00:00:27,210
I'm going to navigate to my tools

11
00:00:27,210 --> 00:00:29,460
and to the back door directory.

12
00:00:29,460 --> 00:00:31,530
Here I will nano our server

13
00:00:31,530 --> 00:00:34,410
and inside of the server down here we want to

14
00:00:34,410 --> 00:00:36,810
code the download function first.

15
00:00:36,810 --> 00:00:40,170
So download function will be used to download the files

16
00:00:40,170 --> 00:00:41,820
from the target machine.

17
00:00:41,820 --> 00:00:43,530
And the reason why I'm saying this is

18
00:00:43,530 --> 00:00:46,350
because even though it is obvious from our server

19
00:00:46,350 --> 00:00:47,730
we will be downloading files,

20
00:00:47,730 --> 00:00:51,780
but from our backdoor code we will be uploading files.

21
00:00:51,780 --> 00:00:53,220
What do I mean by that?

22
00:00:53,220 --> 00:00:55,140
Well, since backdoor will be running

23
00:00:55,140 --> 00:00:57,930
on the target system for that machine,

24
00:00:57,930 --> 00:01:00,810
the code will upload the file to our server

25
00:01:00,810 --> 00:01:02,700
while from our server perspective

26
00:01:02,700 --> 00:01:06,480
we will be downloading that file to our Kali Linux machine.

27
00:01:06,480 --> 00:01:09,023
So inside of the server here,

28
00:01:09,023 --> 00:01:11,430
we want to add an option, else,

29
00:01:11,430 --> 00:01:15,480
if the command and then first eight characters.

30
00:01:15,480 --> 00:01:18,210
And you might be wondering why first eight characters.

31
00:01:18,210 --> 00:01:22,410
Well, because download has eight characters

32
00:01:22,410 --> 00:01:25,470
and we are comparing, if the command starts with download

33
00:01:25,470 --> 00:01:28,380
then we are going to download a specific file.

34
00:01:28,380 --> 00:01:32,500
And to do that, we're going to use download_file function

35
00:01:33,600 --> 00:01:36,570
This function will take the parameter of the file name

36
00:01:36,570 --> 00:01:38,160
so we are going to type command

37
00:01:38,160 --> 00:01:41,550
and from the ninth character till the end.

38
00:01:41,550 --> 00:01:43,890
Of course, this function we're going to code right now.

39
00:01:43,890 --> 00:01:45,840
But, just to clarify why I wrote it

40
00:01:45,840 --> 00:01:47,790
like this is because once again

41
00:01:47,790 --> 00:01:51,873
if the command is something like this, download file.txt.

42
00:01:52,890 --> 00:01:55,290
We're comparing first eight characters

43
00:01:55,290 --> 00:01:56,760
if they're equal to download.

44
00:01:56,760 --> 00:01:58,920
If they are, that means we are downloading a file

45
00:01:58,920 --> 00:02:03,480
and then we will paste this to this download file function.

46
00:02:03,480 --> 00:02:06,510
Since we are going to strip first nine characters off

47
00:02:06,510 --> 00:02:08,100
which will be the download word

48
00:02:08,100 --> 00:02:09,812
and the empty space.

49
00:02:10,680 --> 00:02:12,780
Okay, now that we did this

50
00:02:12,780 --> 00:02:15,420
let us code the download function up here.

51
00:02:15,420 --> 00:02:19,500
So we're going to code it below the reliable receive.

52
00:02:19,500 --> 00:02:22,830
Let us define it first, so define download_file.

53
00:02:24,960 --> 00:02:27,600
As we already know, this function takes one parameter

54
00:02:27,600 --> 00:02:28,600
which is the file

55
00:02:29,640 --> 00:02:30,473
name

56
00:02:32,250 --> 00:02:33,510
And this is going to be a little bit

57
00:02:33,510 --> 00:02:36,390
of a harder function to code, but let's give it a try.

58
00:02:36,390 --> 00:02:38,460
We're going to start like this.

59
00:02:38,460 --> 00:02:40,500
We're going to initiate a file object

60
00:02:40,500 --> 00:02:41,910
and how we do that in Python,

61
00:02:41,910 --> 00:02:46,023
we simply specify the file object name and then we open it.

62
00:02:48,030 --> 00:02:49,800
But besides of opening it,

63
00:02:49,800 --> 00:02:52,770
we must specify the way we want to open it.

64
00:02:52,770 --> 00:02:56,280
Whether we want to open it for reading or for writing

65
00:02:56,280 --> 00:02:58,890
that is a second parameter to this open function.

66
00:02:58,890 --> 00:03:01,800
In this case, since we're going to download the file

67
00:03:01,800 --> 00:03:04,260
we want to write the content that we receive

68
00:03:04,260 --> 00:03:05,520
from our back door

69
00:03:05,520 --> 00:03:07,950
to the file that we create on our Kali Linux machine.

70
00:03:07,950 --> 00:03:10,080
Therefore, inside of our server code

71
00:03:10,080 --> 00:03:10,950
we want to

72
00:03:10,950 --> 00:03:11,790
write

73
00:03:11,790 --> 00:03:12,623
bytes.

74
00:03:12,623 --> 00:03:14,370
So what does this mean?

75
00:03:14,370 --> 00:03:17,880
Well, we are opening this file object to store the contents

76
00:03:17,880 --> 00:03:19,950
of the file that we want to download.

77
00:03:19,950 --> 00:03:22,830
That's why we're going to write that content.

78
00:03:22,830 --> 00:03:26,460
And this W stands for right while this B stands for bytes.

79
00:03:26,460 --> 00:03:29,463
So we are essentially writing bytes to our file.

80
00:03:30,360 --> 00:03:32,460
Then another thing that we must add

81
00:03:32,460 --> 00:03:33,933
is the target.settimeout.

82
00:03:35,640 --> 00:03:38,220
This is a call function that we get from the socket library

83
00:03:38,220 --> 00:03:42,120
and we are going to set the timeout to be one in this case.

84
00:03:42,120 --> 00:03:42,953
Why?

85
00:03:42,953 --> 00:03:45,840
Well sometimes if we don't set the timeout it might

86
00:03:45,840 --> 00:03:48,990
actually get stuck and not allow us to download the file.

87
00:03:48,990 --> 00:03:50,850
Of course, this timeout is something that

88
00:03:50,850 --> 00:03:53,550
at the end of this function we must remove

89
00:03:53,550 --> 00:03:56,880
so it doesn't interfere with other commands and connections.

90
00:03:56,880 --> 00:03:59,550
But for this function we must set the timeout

91
00:03:59,550 --> 00:04:01,950
so our program doesn't crash.

92
00:04:01,950 --> 00:04:02,783
Great.

93
00:04:02,783 --> 00:04:04,170
Once we initiate the timeout,

94
00:04:04,170 --> 00:04:06,930
we're going to initiate a variable called chunk

95
00:04:06,930 --> 00:04:08,850
and this chunk will be a small parts

96
00:04:08,850 --> 00:04:12,330
of data that we're going to receive multiple times.

97
00:04:12,330 --> 00:04:14,640
So we're going to type target.receive

98
00:04:14,640 --> 00:04:16,529
and we're going to specify inside

99
00:04:16,529 --> 00:04:18,720
of the brackets amount of bytes that we want to receive.

100
00:04:18,720 --> 00:04:23,550
In this case we are going to use 1024 bytes.

101
00:04:23,550 --> 00:04:25,830
So how are we going to keep receiving data

102
00:04:25,830 --> 00:04:27,810
until the file size is over?

103
00:04:27,810 --> 00:04:30,960
Well, we can just type, while chunk

104
00:04:30,960 --> 00:04:33,450
and this, while chunk will simply

105
00:04:33,450 --> 00:04:34,620
run this while loop

106
00:04:34,620 --> 00:04:38,130
as long as there is something inside of the chunk variable.

107
00:04:38,130 --> 00:04:40,680
And if there is something inside of the chunk variable,

108
00:04:40,680 --> 00:04:43,410
we want to write that something to our file

109
00:04:43,410 --> 00:04:45,960
and we do that using our file object.

110
00:04:45,960 --> 00:04:47,970
That we call F

111
00:04:47,970 --> 00:04:51,480
and using the right function onto that object.

112
00:04:51,480 --> 00:04:53,820
So file.write and we are writing

113
00:04:53,820 --> 00:04:55,563
the chunk inside of that file.

114
00:04:56,700 --> 00:04:59,250
Then after we write that we're going to try to

115
00:04:59,250 --> 00:05:01,560
receive the chunk once again.

116
00:05:01,560 --> 00:05:04,680
So chunk = target.receive.

117
00:05:04,680 --> 00:05:08,310
We're going to go with 1,024 bytes once again.

118
00:05:08,310 --> 00:05:10,140
And if we

119
00:05:10,140 --> 00:05:13,150
run into a timeout, socket.timeout

120
00:05:14,550 --> 00:05:15,870
as error,

121
00:05:15,870 --> 00:05:20,520
we are going to simply break out of this wild chunk loop

122
00:05:20,520 --> 00:05:24,480
because that would mean that we reached the end of the file.

123
00:05:24,480 --> 00:05:28,780
And at the end, let's not forget to set the timeout

124
00:05:29,790 --> 00:05:31,290
to nonexistent.

125
00:05:31,290 --> 00:05:33,210
So we can do that by specifying

126
00:05:33,210 --> 00:05:36,720
target.settimeout to none.

127
00:05:36,720 --> 00:05:39,300
We are simply just removing this statement right here

128
00:05:39,300 --> 00:05:41,340
that we initiated at the beginning

129
00:05:41,340 --> 00:05:43,530
of the download file function.

130
00:05:43,530 --> 00:05:47,250
And the one last thing that we must do is anytime

131
00:05:47,250 --> 00:05:49,950
that we open a file object, once we are finished

132
00:05:49,950 --> 00:05:53,220
with that object, we must close it inside of our function.

133
00:05:53,220 --> 00:05:56,010
So I will just type f.close.

134
00:05:56,010 --> 00:05:59,160
Great. This is our download file function

135
00:05:59,160 --> 00:06:01,830
that we're going to run inside of the server code.

136
00:06:01,830 --> 00:06:05,070
Now let's see how we can create the correspondence function

137
00:06:05,070 --> 00:06:07,710
to this, inside of the backdoor code.

138
00:06:07,710 --> 00:06:10,440
Remember, from here we are downloading a file

139
00:06:10,440 --> 00:06:11,763
but from the backdoor,

140
00:06:13,050 --> 00:06:15,720
we are uploading a file.

141
00:06:15,720 --> 00:06:17,610
So what we must do right here

142
00:06:17,610 --> 00:06:18,443
is

143
00:06:18,443 --> 00:06:19,950
inside of the shell function

144
00:06:19,950 --> 00:06:22,203
we must add an else if statement.

145
00:06:24,210 --> 00:06:27,220
So else if command, first eight characters

146
00:06:28,260 --> 00:06:30,390
are == to download, we're doing

147
00:06:30,390 --> 00:06:31,313
the same thing that we did in our server.

148
00:06:31,313 --> 00:06:36,270
Just here, we're going to call upload file

149
00:06:36,270 --> 00:06:37,650
onto the file name.

150
00:06:37,650 --> 00:06:40,083
So from the ninth character till the end.

151
00:06:41,190 --> 00:06:43,290
Since our back door is uploading a file

152
00:06:43,290 --> 00:06:45,840
the function will be quite a lot easier to code.

153
00:06:45,840 --> 00:06:47,520
So let us go up here and

154
00:06:47,520 --> 00:06:52,520
below the connection function we can define upload file.

155
00:06:52,530 --> 00:06:55,860
This of course will take file name as the parameter

156
00:06:55,860 --> 00:06:59,193
and only thing we need to do is open the file

157
00:06:59,193 --> 00:07:01,890
that we want to upload to the server.

158
00:07:01,890 --> 00:07:04,290
In this case, we are going to define the file name

159
00:07:04,290 --> 00:07:06,720
as the first parameter, just as we did inside

160
00:07:06,720 --> 00:07:09,390
of our download file in the server code.

161
00:07:09,390 --> 00:07:14,340
Just this time we are going to read bytes from this file.

162
00:07:14,340 --> 00:07:17,370
Why? Well, from the back door we are not writing

163
00:07:17,370 --> 00:07:19,920
or storing a file

164
00:07:19,920 --> 00:07:20,910
onto the system,

165
00:07:20,910 --> 00:07:23,070
we're simply just reading the contents

166
00:07:23,070 --> 00:07:25,380
of the file that the server wants to download

167
00:07:25,380 --> 00:07:29,940
and we are going to send that content to our server program.

168
00:07:29,940 --> 00:07:31,650
So how can we do that in Python?

169
00:07:31,650 --> 00:07:34,140
Well, we can type as s.send

170
00:07:34,140 --> 00:07:38,283
and the thing that we are sending is file.read.

171
00:07:39,630 --> 00:07:42,240
This is the entire upload file function.

172
00:07:42,240 --> 00:07:45,000
But before we actually close off this video,

173
00:07:45,000 --> 00:07:47,460
we must also code the upload function.

174
00:07:47,460 --> 00:07:49,860
What if we want to upload a file

175
00:07:49,860 --> 00:07:52,563
to the target system from our Kali Linux machine?

176
00:07:53,400 --> 00:07:55,770
While it is pretty much the same thing,

177
00:07:55,770 --> 00:07:58,200
we just need to reverse these two functions

178
00:07:58,200 --> 00:08:00,810
which are upload file and download file.

179
00:08:00,810 --> 00:08:02,280
So what I'm going to do

180
00:08:02,280 --> 00:08:04,150
is I'm going to copy this function

181
00:08:05,310 --> 00:08:06,430
save this program

182
00:08:07,887 --> 00:08:08,720
(keyboard typing)

183
00:08:08,720 --> 00:08:10,590
Go to my server code,

184
00:08:10,590 --> 00:08:13,740
and I'm going to paste the upload file function

185
00:08:13,740 --> 00:08:16,650
right above the download file.

186
00:08:16,650 --> 00:08:17,580
Just here.

187
00:08:17,580 --> 00:08:22,580
I'm going to change the s.send into target.send.

188
00:08:23,130 --> 00:08:24,570
When will this function run?

189
00:08:24,570 --> 00:08:28,170
Well, it'll run if the command starts with upload.

190
00:08:28,170 --> 00:08:31,290
So let's define it down here in the target communication.

191
00:08:31,290 --> 00:08:33,480
Else if command

192
00:08:33,480 --> 00:08:37,923
and first six characters are == to upload,

193
00:08:39,240 --> 00:08:42,600
then we are calling the upload file function

194
00:08:42,600 --> 00:08:45,720
onto the command and from the seventh character

195
00:08:45,720 --> 00:08:49,920
till the end, once again from the seventh character because

196
00:08:49,920 --> 00:08:52,440
after the seventh character starts the name of the file

197
00:08:52,440 --> 00:08:54,450
that we want to upload.

198
00:08:54,450 --> 00:08:55,283
Okay, great.

199
00:08:55,283 --> 00:08:58,320
And one more thing that we must do is now we must copy

200
00:08:58,320 --> 00:09:02,310
this download file function and add it to our backdoor code.

201
00:09:02,310 --> 00:09:05,583
Let's save this, go to our backdoor code.

202
00:09:07,020 --> 00:09:09,813
And since we already have the upload file function.

203
00:09:10,980 --> 00:09:12,810
Right below it,

204
00:09:12,810 --> 00:09:14,460
we're going to add

205
00:09:14,460 --> 00:09:16,200
the download file function,

206
00:09:16,200 --> 00:09:18,900
but of course we must change this target into s

207
00:09:18,900 --> 00:09:22,680
because target is not initiated inside of our backdoor code,

208
00:09:22,680 --> 00:09:23,643
here as well.

209
00:09:25,110 --> 00:09:28,407
Inside of this statement as well, we must change and

210
00:09:28,407 --> 00:09:33,407
at the end, once we remove the timeout, we must also add s.

211
00:09:34,380 --> 00:09:35,280
Great.

212
00:09:35,280 --> 00:09:39,690
Now that we did all of this, our functions should run.

213
00:09:39,690 --> 00:09:42,540
Just before we close off this video, we must also

214
00:09:42,540 --> 00:09:46,860
add the upload option inside of our shell function.

215
00:09:46,860 --> 00:09:50,100
So let's just go down here below the download and type

216
00:09:50,100 --> 00:09:51,720
else if

217
00:09:51,720 --> 00:09:52,553
command

218
00:09:53,760 --> 00:09:58,266
First six characters are == to upload

219
00:09:58,266 --> 00:10:01,230
(keyboard typing)

220
00:10:01,230 --> 00:10:05,190
Then what we want to do is we don't want to upload the file,

221
00:10:05,190 --> 00:10:08,310
we want to download file,

222
00:10:08,310 --> 00:10:12,360
and it is the same principle as with the previous function.

223
00:10:12,360 --> 00:10:14,700
Since if the server sends the upload command

224
00:10:14,700 --> 00:10:17,610
it wants to send its own file to our back door.

225
00:10:17,610 --> 00:10:19,590
Therefore, from the back door perspective,

226
00:10:19,590 --> 00:10:23,370
we are downloading that file to the target system

227
00:10:23,370 --> 00:10:26,340
and what we must specify is command

228
00:10:26,340 --> 00:10:29,403
from the seventh character till the end.

229
00:10:30,390 --> 00:10:32,100
And that would be about it.

230
00:10:32,100 --> 00:10:35,100
We coded the download and upload functions.

231
00:10:35,100 --> 00:10:38,310
Now we are not going to test them inside of this video

232
00:10:38,310 --> 00:10:40,860
but in the next video we're also going to

233
00:10:40,860 --> 00:10:44,670
test our previous commands and see if our back door works

234
00:10:44,670 --> 00:10:47,370
on the target system, if our quit command works,

235
00:10:47,370 --> 00:10:49,080
if execution of the commands work,

236
00:10:49,080 --> 00:10:51,210
if we can change the directory and

237
00:10:51,210 --> 00:10:54,300
at the end we're going to see whether we can upload

238
00:10:54,300 --> 00:10:57,270
and download the file from that target machine.

239
00:10:57,270 --> 00:10:58,370
See in the next video.