1
00:00:00,990 --> 00:00:02,570
Instructor: Welcome back.

2
00:00:02,570 --> 00:00:05,763
In this video, we are finally going to test our back door.

3
00:00:06,660 --> 00:00:09,570
Now we are going to see whether we get some errors

4
00:00:09,570 --> 00:00:11,760
during the compiling of the program.

5
00:00:11,760 --> 00:00:14,340
We're going to see all of our commands work.

6
00:00:14,340 --> 00:00:17,580
So we will be testing, uploading files, downloading files

7
00:00:17,580 --> 00:00:19,200
and other commands as well.

8
00:00:19,200 --> 00:00:20,940
And if we encounter any error

9
00:00:20,940 --> 00:00:24,900
we're going to fix it to make our backdoor fully work.

10
00:00:24,900 --> 00:00:26,910
Now the first error that I want to change

11
00:00:26,910 --> 00:00:30,540
from the previous video is inside of our backdoor code.

12
00:00:30,540 --> 00:00:35,520
And what that is is right here in the upload command,

13
00:00:35,520 --> 00:00:39,510
I didn't specify download file, I only specify download.

14
00:00:39,510 --> 00:00:41,790
And if I were to compile this program

15
00:00:41,790 --> 00:00:43,560
this function would not work

16
00:00:43,560 --> 00:00:46,680
because there is no download function inside our code.

17
00:00:46,680 --> 00:00:49,233
There is only download file function.

18
00:00:50,100 --> 00:00:51,960
Now that is the only error for now.

19
00:00:51,960 --> 00:00:54,570
Let us save this and if we go

20
00:00:54,570 --> 00:00:57,870
and compile the program, so what I'm going to do

21
00:00:57,870 --> 00:01:00,930
is I'm going to copy the backdoor.py

22
00:01:00,930 --> 00:01:03,903
to the home, Mr. Hacker and then desktop.

23
00:01:05,040 --> 00:01:08,970
Then I'm going to paste the backdoor

24
00:01:08,970 --> 00:01:13,020
onto my Windows 10 desktop so I can compile it later.

25
00:01:13,020 --> 00:01:15,000
And right after it I'm going to check

26
00:01:15,000 --> 00:01:18,000
out whether I set the IP addresses correctly.

27
00:01:18,000 --> 00:01:19,930
So what I got inside of our server

28
00:01:20,989 --> 00:01:24,210
and backdoor is the IP address of 192.168.1.12

29
00:01:24,210 --> 00:01:25,773
in port 5555.

30
00:01:26,610 --> 00:01:29,828
Now port is something that we do not need to change

31
00:01:29,828 --> 00:01:31,620
unless some other program is using it.

32
00:01:31,620 --> 00:01:33,390
But what we must check out

33
00:01:33,390 --> 00:01:38,160
before running both of these programs is our IP address.

34
00:01:38,160 --> 00:01:40,500
So in my case it does match.

35
00:01:40,500 --> 00:01:44,100
My IP address is 192.168.1.12.

36
00:01:44,100 --> 00:01:47,550
So I can straight away start my server.

37
00:01:47,550 --> 00:01:49,800
It'll listen for the incoming connections.

38
00:01:49,800 --> 00:01:51,090
And while it is listening

39
00:01:51,090 --> 00:01:53,880
I will go and compile my back door.

40
00:01:53,880 --> 00:01:56,280
So for this, I will open the command prompt.

41
00:01:56,280 --> 00:01:58,650
I will navigate to the desktop directory.

42
00:01:58,650 --> 00:02:01,990
And if you remember the command, we must run py installer

43
00:02:03,360 --> 00:02:05,416
then the name of the program

44
00:02:05,416 --> 00:02:10,120
and then dash dash one file and dash dash no console.

45
00:02:10,979 --> 00:02:13,770
Once we specify this command right here

46
00:02:13,770 --> 00:02:15,453
then we can press enter.

47
00:02:17,130 --> 00:02:18,090
Now what you can do

48
00:02:18,090 --> 00:02:22,020
after you test out this program and it works successfully

49
00:02:22,020 --> 00:02:23,880
then you can apply other methods such

50
00:02:23,880 --> 00:02:25,470
as making it look like an image

51
00:02:25,470 --> 00:02:27,660
something that we already covered before to

52
00:02:27,660 --> 00:02:29,910
make your backdoor even more trust able

53
00:02:29,910 --> 00:02:32,640
to the target so they can execute it.

54
00:02:32,640 --> 00:02:35,160
Our compiling of the program has finished

55
00:02:35,160 --> 00:02:38,190
and here we get those four files.

56
00:02:38,190 --> 00:02:40,680
These three we can delete straight away.

57
00:02:40,680 --> 00:02:43,620
And all we need is this, this directory.

58
00:02:43,620 --> 00:02:45,280
We have our backdoor.exe

59
00:02:46,440 --> 00:02:50,700
and if we run it, remember that inside of our code,

60
00:02:50,700 --> 00:02:54,330
it'll wait for 20 seconds before establishing connection

61
00:02:54,330 --> 00:02:55,350
to the server.

62
00:02:55,350 --> 00:02:57,870
And hopefully in just a few seconds

63
00:02:57,870 --> 00:03:00,630
we should see right here a shell pop up

64
00:03:00,630 --> 00:03:01,803
on the target system.

65
00:03:04,050 --> 00:03:06,660
And here it is, we got the connection

66
00:03:06,660 --> 00:03:10,380
from 192.168.1.4, which is Windows 10 machine

67
00:03:10,380 --> 00:03:14,820
and it is initiating the connection from this port number.

68
00:03:14,820 --> 00:03:16,020
Now let's test out all

69
00:03:16,020 --> 00:03:18,120
of the commands that we applied to our code.

70
00:03:18,120 --> 00:03:19,520
So first of all, let's start

71
00:03:20,679 --> 00:03:22,350
with simple commands such as simple command front commands

72
00:03:22,350 --> 00:03:25,140
which are who am I, IP config.

73
00:03:25,140 --> 00:03:26,940
Let's run netstat to see

74
00:03:26,940 --> 00:03:29,100
whether we are going to be able to see all

75
00:03:29,100 --> 00:03:31,740
of the connections that our Windows 10 target machine has

76
00:03:31,740 --> 00:03:33,510
and we do manage to see it.

77
00:03:33,510 --> 00:03:34,893
If I type dir,

78
00:03:36,354 --> 00:03:38,370
I will only see backdoor.exe because inside

79
00:03:38,370 --> 00:03:42,033
of the this directory we only have backdoor.exe program.

80
00:03:42,870 --> 00:03:44,940
Now comes the crucial part.

81
00:03:44,940 --> 00:03:48,270
Are we going to be able to change directory to one step back

82
00:03:48,270 --> 00:03:51,000
and see the contents of the desktop directory?

83
00:03:51,000 --> 00:03:51,960
Let's give it a try.

84
00:03:51,960 --> 00:03:56,960
If I timely command CD and then two dots, press Enter

85
00:03:57,060 --> 00:04:00,390
run the recommend, and here it is.

86
00:04:00,390 --> 00:04:04,320
We successfully changed directory to the desktop directory.

87
00:04:04,320 --> 00:04:06,720
Let's try to go to some other directory.

88
00:04:06,720 --> 00:04:09,720
Let's for example, go one more directory back.

89
00:04:09,720 --> 00:04:14,070
So if I type once again type dir and here it is

90
00:04:14,070 --> 00:04:15,540
we are one directory back

91
00:04:15,540 --> 00:04:18,000
and we can change the directory from here.

92
00:04:18,000 --> 00:04:19,773
If I go to documents.

93
00:04:21,990 --> 00:04:24,120
Now I am inside of the documents directory

94
00:04:24,120 --> 00:04:26,460
so I can successfully change the directory

95
00:04:26,460 --> 00:04:28,500
to whichever folder I want.

96
00:04:28,500 --> 00:04:31,560
Now before we continue with execution of other commands

97
00:04:31,560 --> 00:04:32,970
let us navigate back

98
00:04:32,970 --> 00:04:35,790
to the desktop directory on my Windows 10 machine.

99
00:04:35,790 --> 00:04:38,755
And from here, let us test

100
00:04:38,755 --> 00:04:41,553
out whether we can upload and download files.

101
00:04:42,540 --> 00:04:45,750
So what I got inside of my tools directory

102
00:04:45,750 --> 00:04:50,750
on my Kali Linux machine is I got this tester.txt file

103
00:04:51,751 --> 00:04:54,840
and this is simply just a txt file that says Hello world.

104
00:04:54,840 --> 00:04:56,640
What we want to do is we want to see

105
00:04:56,640 --> 00:04:59,790
whether we are going to be able to upload this file

106
00:04:59,790 --> 00:05:01,410
to the target system.

107
00:05:01,410 --> 00:05:02,730
So let's give it a try.

108
00:05:02,730 --> 00:05:06,967
If I go right here and type upload tester.txt.

109
00:05:07,830 --> 00:05:09,810
Now before you run this command, make sure

110
00:05:09,810 --> 00:05:12,570
that the file that you're trying to upload is

111
00:05:12,570 --> 00:05:16,260
in the same directory as your server.py.

112
00:05:16,260 --> 00:05:18,780
Otherwise you will need to specify the full path

113
00:05:18,780 --> 00:05:21,120
to that file because if you don't

114
00:05:21,120 --> 00:05:23,880
this will not work and it'll probably crash.

115
00:05:23,880 --> 00:05:25,080
So let's give it a try.

116
00:05:25,080 --> 00:05:28,260
Since tester.txt is in the same directory

117
00:05:28,260 --> 00:05:31,876
as both of my programs, if I press Enter,

118
00:05:31,876 --> 00:05:35,430
let's go to our Windows 10 desktop

119
00:05:35,430 --> 00:05:37,743
and here is the tester.txt.

120
00:05:40,384 --> 00:05:45,000
If I open the file here, it opens Hello world.

121
00:05:45,000 --> 00:05:47,320
So we successfully managed to upload the file

122
00:05:48,228 --> 00:05:49,061
to the target machine.

123
00:05:49,061 --> 00:05:52,890
This file wasn't here before we ran our program.

124
00:05:52,890 --> 00:05:55,860
Now let's see whether we can still execute commands.

125
00:05:55,860 --> 00:05:57,270
Maybe it crashed something.

126
00:05:57,270 --> 00:05:58,530
So if I run, who am I?

127
00:05:58,530 --> 00:06:01,320
I can still execute more commands.

128
00:06:01,320 --> 00:06:03,660
Let's give a try to the download function.

129
00:06:03,660 --> 00:06:06,870
So in this case, we're going to download something

130
00:06:06,870 --> 00:06:08,313
from the Windows 10 desktop.

131
00:06:09,150 --> 00:06:12,130
So what I'm going to do is I'm going to open a notepad

132
00:06:13,380 --> 00:06:15,726
and I'm going to write something.

133
00:06:15,726 --> 00:06:16,559
So for example,

134
00:06:16,559 --> 00:06:20,880
"This is a file from the Windows 10 machine."

135
00:06:20,880 --> 00:06:25,880
I'm going to save it onto my desktop

136
00:06:27,172 --> 00:06:31,020
as a try download me dot txt.

137
00:06:31,020 --> 00:06:32,730
So here it is on the desktop

138
00:06:32,730 --> 00:06:36,300
and if I go right here, type dir once again,

139
00:06:36,300 --> 00:06:37,830
we should see that file inside

140
00:06:37,830 --> 00:06:39,570
of our dir output.

141
00:06:39,570 --> 00:06:42,606
Let's give it a try and try to download it.

142
00:06:42,606 --> 00:06:46,470
So download, try download me dot txt.

143
00:06:46,470 --> 00:06:48,960
One more thing, make sure you specify the name correctly

144
00:06:48,960 --> 00:06:50,880
otherwise it'll also crash because

145
00:06:50,880 --> 00:06:53,520
if you specify a name of the file that doesn't exist

146
00:06:53,520 --> 00:06:55,383
it'll not be able to find it.

147
00:06:56,323 --> 00:07:00,716
So if you press enter right here, it'll take a few seconds.

148
00:07:00,716 --> 00:07:04,470
And if I go inside of my back door directory type LS

149
00:07:04,470 --> 00:07:09,470
once again, here we have try download me dot txt file.

150
00:07:09,540 --> 00:07:12,475
If I get it to see the contents, here it is.

151
00:07:12,475 --> 00:07:15,780
This is a file from the Windows 10 machine.

152
00:07:15,780 --> 00:07:19,020
So our commands work successfully.

153
00:07:19,020 --> 00:07:20,910
The one less command

154
00:07:20,910 --> 00:07:23,529
that we must give it a try is the clear command.

155
00:07:23,529 --> 00:07:25,800
So if a type clear, it'll clear our screen

156
00:07:25,800 --> 00:07:28,110
and we will be able to execute other commands

157
00:07:28,110 --> 00:07:29,940
in a more clear terminal.

158
00:07:29,940 --> 00:07:32,643
Great, everything works as we planned.

159
00:07:34,390 --> 00:07:35,223
Now the one last command

160
00:07:35,223 --> 00:07:37,620
that we must test, easily quit command.

161
00:07:37,620 --> 00:07:40,140
So if I go to my task manager

162
00:07:40,140 --> 00:07:42,210
while I still didn't close the backdoor

163
00:07:42,210 --> 00:07:44,700
you should see backdoor.txt running

164
00:07:44,700 --> 00:07:48,630
as a background process on the Windows 10 machine.

165
00:07:48,630 --> 00:07:50,110
But if I type quit

166
00:07:50,970 --> 00:07:53,910
it will close the server from the Kali Linux machine.

167
00:07:53,910 --> 00:07:54,743
But let's see

168
00:07:54,743 --> 00:07:57,600
whether it'll also close the backdoor in Windows 10 machine.

169
00:07:57,600 --> 00:07:59,370
And it does indeed close it.

170
00:07:59,370 --> 00:08:03,060
We no longer see backdoor.txt process right here

171
00:08:03,060 --> 00:08:04,533
inside of our task manager.

172
00:08:05,490 --> 00:08:08,820
So everything worked as we planned.

173
00:08:08,820 --> 00:08:10,570
All of the commands that we applied

174
00:08:11,408 --> 00:08:12,480
are working successfully.

175
00:08:12,480 --> 00:08:14,276
Now what you can do

176
00:08:14,276 --> 00:08:16,560
from here is you can try applying different commands

177
00:08:16,560 --> 00:08:18,810
and making these backdoor even better.

178
00:08:18,810 --> 00:08:21,552
You can try adding a keylogger in Python.

179
00:08:21,552 --> 00:08:23,640
You can try creating a persistence using registry.

180
00:08:23,640 --> 00:08:26,483
You can try executing screenshots.

181
00:08:26,483 --> 00:08:29,283
And all of this I do in my Python free hacking course.

182
00:08:30,368 --> 00:08:31,745
But since this is a beginner course

183
00:08:31,745 --> 00:08:33,690
in complete ethical hacking, we will stop here

184
00:08:33,690 --> 00:08:35,770
and we're going to focus

185
00:08:35,770 --> 00:08:38,528
on some other subjects from the next video.

186
00:08:38,528 --> 00:08:41,760
But you can improve this program a lot if you learn Python

187
00:08:41,760 --> 00:08:45,360
and add even more functions to this program.

188
00:08:45,360 --> 00:08:46,193
Nonetheless

189
00:08:46,193 --> 00:08:48,360
this is another project that we did successfully.

190
00:08:48,360 --> 00:08:50,790
And in the next section we're going to touch

191
00:08:50,790 --> 00:08:54,390
on a big subject of web app penetration testing.

192
00:08:54,390 --> 00:08:55,490
See in the next video.