1
00:00:00,930 --> 00:00:06,930
‫System commands are related to the operations performed on the operating system in the target computer.

2
00:00:07,800 --> 00:00:13,560
‫We've used almost all of the commands seen on the slide before, but I want to remind you of where we

3
00:00:13,560 --> 00:00:18,750
‫will use the command clear up clears the event logs for windows systems.

4
00:00:18,750 --> 00:00:22,140
‫It clears application system and security files.

5
00:00:22,560 --> 00:00:26,400
‫We use a command interpreter against Windows Systems lecture.

6
00:00:27,670 --> 00:00:30,100
‫Execute runs a command on the victim machine.

7
00:00:30,790 --> 00:00:34,870
‫We used it to create a channel to have a command show on the victim machine.

8
00:00:36,270 --> 00:00:42,300
‫Get Pedi shows the idea of the process in which our interpreter session is injected.

9
00:00:43,450 --> 00:00:47,050
‫Yet you I.D. The see which privileges we have at the moment.

10
00:00:47,740 --> 00:00:51,550
‫We use this and get paid commands while demonstrating the migration.

11
00:00:52,880 --> 00:00:56,510
‫Kill terminates the specified process on the victim.

12
00:00:57,050 --> 00:00:59,240
‫I don't think we've used that one yet.

13
00:01:00,280 --> 00:01:03,760
‫Piece lists the processes running on the victim.

14
00:01:04,150 --> 00:01:07,150
‫We use that to find a process to migrate.

15
00:01:08,130 --> 00:01:10,500
‫Reboot reboots, the victim system.

16
00:01:11,190 --> 00:01:17,460
‫That means you'll lose this session, but we've rebooted the victim machine while demonstrating persistence.

17
00:01:18,840 --> 00:01:22,620
‫Shutdown is just that it shuts the vector machine down.

18
00:01:22,800 --> 00:01:29,460
‫That means, again, you'll lose the current session reg to manage the registry of the victims system.

19
00:01:30,210 --> 00:01:33,220
‫We use this command while removing the back door.

20
00:01:33,240 --> 00:01:33,960
‫If you remember.

21
00:01:35,370 --> 00:01:38,760
‫Shell to have a common shell on the victim.

22
00:01:39,840 --> 00:01:44,000
‫I remember that we use this command in the session management lecture.

23
00:01:45,140 --> 00:01:45,890
‫Says info.

24
00:01:46,250 --> 00:01:49,820
‫Well, it's just that it's the command that I use most throughout the course.

25
00:01:50,120 --> 00:01:54,140
‫It gets information about the victim machine, such as the operating system.

26
00:01:55,400 --> 00:01:59,300
‫So let's have a look at the system command in action.

27
00:02:03,070 --> 00:02:08,950
‫Here I have an interpreter session in Cali, so this info to gather information about the victims system

28
00:02:09,820 --> 00:02:15,700
‫and I can see the operating system, the architecture domain name of the computer logged on user number.

29
00:02:17,030 --> 00:02:17,840
‫Get PID.

30
00:02:18,800 --> 00:02:22,700
‫See the process ID, we are injected, and that's nine, six four.

31
00:02:23,600 --> 00:02:30,260
‫Get you ID to see who we are on the victim machine and we are the system user, which is very good for

32
00:02:30,260 --> 00:02:30,470
‫us.

33
00:02:31,630 --> 00:02:34,000
‫P.S. to list the running processes.

34
00:02:34,810 --> 00:02:36,940
‫And here's our process nine, six four.

35
00:02:38,320 --> 00:02:45,070
‫Now we can use the kill command to kill any process, so let's kill one one eight nine two.

36
00:02:45,370 --> 00:02:45,670
‫All right.

37
00:02:46,060 --> 00:02:47,350
‫Let's the process again.

38
00:02:47,620 --> 00:02:51,190
‫Peace and the process 189 two doesn't exist anymore.

39
00:02:52,610 --> 00:02:53,480
‫Let's kill another one.

40
00:02:53,840 --> 00:02:54,380
‫Whatever.

41
00:02:55,870 --> 00:02:58,720
‫Shell to obtain a shell on the victim.

42
00:03:00,290 --> 00:03:03,170
‫Control see to exit from the show by terminating it.

43
00:03:05,120 --> 00:03:05,750
‫So what else?

44
00:03:06,980 --> 00:03:09,020
‫Clear effort to clear the locks.

45
00:03:09,980 --> 00:03:15,890
‫So let's go to the victim before running the command, open the event viewer and see all the log files.

46
00:03:21,180 --> 00:03:24,270
‫Back to Cali and run the clear rev command.

47
00:03:25,320 --> 00:03:29,460
‫And Windows XP refresh the event viewer and the logs have gone.

48
00:03:31,060 --> 00:03:33,400
‫Execute to run a command on the victim's system.

49
00:03:34,330 --> 00:03:42,970
‫Let's run the command XY, which opens a command prompt F to specify the file to be executed, I to

50
00:03:42,970 --> 00:03:44,530
‫interact with a created channel.

51
00:03:45,290 --> 00:03:48,610
‫Now look at that the channel created and we are on the same channel.

52
00:03:49,480 --> 00:03:54,550
‫So that means we have a command shell on the victim machine in an alternative way.

53
00:03:55,590 --> 00:03:58,080
‫Now you can use Control C to terminate the channel.

54
00:03:59,340 --> 00:04:04,980
‫I kept the shut down come in to the end because, well, it shut down the victim system.

55
00:04:06,290 --> 00:04:11,030
‫But look at this, I run the command, and as you see, the victims system is shutting down.

56
00:04:12,000 --> 00:04:12,600
‫Voila!