1
00:00:00,180 --> 00:00:07,490
Hello everybody and welcome back into the first tutorial of our actually backdoor coding.

2
00:00:07,620 --> 00:00:13,590
So what we will do right now is we will try to recreate some of the functions and some of the things

3
00:00:13,590 --> 00:00:19,020
that we saw in the previous section which was the metal plate or system hacking section.

4
00:00:19,050 --> 00:00:25,240
Now we saw that in order for us to run our maternity shell on target we had to actually set up a listener

5
00:00:25,350 --> 00:00:28,020
and run the shell on target system.

6
00:00:28,020 --> 00:00:35,880
So this is exactly the same that we all tried to do right now with the code two programs in Python.

7
00:00:35,970 --> 00:00:41,850
One would be the server which will be listening for incoming connections and one will be the payload

8
00:00:41,880 --> 00:00:45,150
or the reverse shell which we have to deliver to the target.

9
00:00:45,180 --> 00:00:52,800
Any way you like whether it is over email or some message or link or if it is just to simply do is B

10
00:00:53,850 --> 00:00:54,700
deliver method.

11
00:00:54,840 --> 00:01:00,310
So here I have some picture right here.

12
00:01:00,330 --> 00:01:09,390
So let me open it which basically shows what we have to do in order to create the server and reverse

13
00:01:09,390 --> 00:01:09,840
shell.

14
00:01:09,870 --> 00:01:14,550
So there is a module or library in Python called socket library.

15
00:01:14,670 --> 00:01:16,290
We will have to import that.

16
00:01:16,320 --> 00:01:22,800
We talked about in the python basics What importing libraries mean and what and how they help us in

17
00:01:22,890 --> 00:01:24,650
our code production.

18
00:01:24,660 --> 00:01:31,380
And we will use that library in order to create a connection between our P.C. and the target b c as

19
00:01:31,380 --> 00:01:39,510
we can see as this server is a program that will run on our killer Linux machine and the client is basically

20
00:01:39,510 --> 00:01:45,060
a reverse shell which we have to deliver and these right here are just some of the functions that we

21
00:01:45,060 --> 00:01:52,710
will have to use in order to properly make a connection between these two pieces as we can see we will

22
00:01:52,710 --> 00:01:56,850
use our three way handshake using DCP in order to make our program.

23
00:01:56,850 --> 00:02:02,570
We will not be coding and UDP backdoor we will use it DCP these first commands.

24
00:02:02,610 --> 00:02:05,350
As it says right here server creating listening socket.

25
00:02:05,370 --> 00:02:11,790
So we have to listen for incoming connections the same thing as we did in the metals play framework

26
00:02:11,790 --> 00:02:18,540
when we use the exploit multi handler and set up a listener on a local host and on local port then we

27
00:02:18,540 --> 00:02:24,720
wait for our target to execute our program and then we get the mortar shell back just in this case we

28
00:02:24,720 --> 00:02:31,050
will not get the metal shell back we will get the shell that we create as we can see as soon as the

29
00:02:31,050 --> 00:02:37,470
target finishes or execute this connect function we will be accepting the connection and establishing

30
00:02:37,470 --> 00:02:43,050
connection we are three way handshake and then we will be able to send and receive commands as long

31
00:02:43,050 --> 00:02:44,680
as we want.

32
00:02:44,790 --> 00:02:52,560
Now another key thing to say right here is that we will use a while loop which we also covered in Python

33
00:02:52,560 --> 00:02:57,630
basics but right now what we will do is we will use an infinite while loop.

34
00:02:57,630 --> 00:03:03,960
We had our simple example of an infinite lot while loop it before.

35
00:03:04,020 --> 00:03:10,500
Basically what we want to do is to be able to execute system commands and Target B C for as long as

36
00:03:10,500 --> 00:03:16,940
we want and then we should specify for example a command which is queue or exit or anything like that.

37
00:03:17,070 --> 00:03:22,890
The string that we will type in in order to actually break the connection and in order to close the

38
00:03:22,890 --> 00:03:24,180
reverse shell connection.

39
00:03:24,330 --> 00:03:30,480
So we will have to put these two functions on both of our codes or both of our programs in a while loops

40
00:03:30,750 --> 00:03:36,980
so they can both send and receive indefinitely as we can see clients sending the data server assuming

41
00:03:36,990 --> 00:03:43,740
the data is when a client uses some function and server uses received function that's how we will receive

42
00:03:43,800 --> 00:03:50,580
the command output that we run on Target B C and we run the command itself or we send the command itself

43
00:03:50,580 --> 00:03:56,550
to the target via the send command or send function that is built into the socket library as we can

44
00:03:56,550 --> 00:04:06,060
see servers sending data and client receiving data after that we have to once we specified our Q command

45
00:04:06,090 --> 00:04:12,690
or an exit command depending on what we were code we should be closing the connection with the target.

46
00:04:12,840 --> 00:04:15,600
So that's how we can close the reverse shell.

47
00:04:15,660 --> 00:04:21,470
Now this is just the basic server and client and type of program.

48
00:04:21,780 --> 00:04:28,620
What we want to do after we actually code the connection we want to actually be able to execute some

49
00:04:28,710 --> 00:04:34,630
more things such as for example running a screen shot on target system and actually getting that screenshot

50
00:04:34,660 --> 00:04:41,640
into our calisthenics machine or a poor example running key logger or making a persistent shell or making

51
00:04:41,640 --> 00:04:48,340
a registry key in order for us to be able to run the shell whatever system reboots or whenever target

52
00:04:48,340 --> 00:04:49,580
system reboots.

53
00:04:49,590 --> 00:04:56,640
So we want to build in all of those functions and make it as close as possible to the metal plate framework.

54
00:04:56,770 --> 00:04:59,440
Metropolitan Shell will try to do that.

55
00:04:59,460 --> 00:05:05,430
Of course we will not use all of the options in Metro protrusions that would take too long to code and

56
00:05:05,430 --> 00:05:10,950
possibly would break somewhere since right now we will not be running a properly written code.

57
00:05:10,950 --> 00:05:13,950
We only want to write our code that actually works.

58
00:05:13,950 --> 00:05:19,470
It doesn't matter if it is pretty or not for us we want it to work and we don't want it to break.

59
00:05:19,470 --> 00:05:21,690
So simple as that.

60
00:05:21,690 --> 00:05:27,750
Now what I said before is that we actually coded the while loop for these instructions were not for

61
00:05:27,750 --> 00:05:30,270
those instructions about recorded something similar.

62
00:05:30,270 --> 00:05:32,190
So right now I'm in my python programs.

63
00:05:32,190 --> 00:05:37,610
Let me just enlarge this so you can see it a little bit better.

64
00:05:37,640 --> 00:05:44,150
Let me just find out which program was the while loop.

65
00:05:44,190 --> 00:05:48,910
Let me just get one by one so I can find it actually.

66
00:05:48,950 --> 00:05:56,920
So possibly six nodes those classes cat Python 3 maybe that is for.

67
00:05:56,940 --> 00:05:58,230
So it's Python for.

68
00:05:58,770 --> 00:05:59,610
So here it is.

69
00:05:59,670 --> 00:06:06,540
If I now know Python 4 not be why here we can see a simple Use a while loop that we will actually use

70
00:06:06,540 --> 00:06:09,010
something similar in our program.

71
00:06:09,120 --> 00:06:15,630
So we can as we said the x value to be true and while true we will run this program so we will run it

72
00:06:15,630 --> 00:06:24,510
forever until the user types in Q which then after that we'll break the break the loop and exit the

73
00:06:24,510 --> 00:06:25,070
program.

74
00:06:25,230 --> 00:06:30,100
So we want to actually deploy something similar to this.

75
00:06:30,420 --> 00:06:38,160
So now without actually delaying this let's actually get started into coding a server and a simple server

76
00:06:38,190 --> 00:06:40,840
and a simple backdoor for the beginning.

77
00:06:40,920 --> 00:06:46,560
So that would be about it for this tutorial and I hope I see you in the next one where we start coding

78
00:06:46,920 --> 00:06:47,220
by.