1
00:00:00,150 --> 00:00:00,840
Hello everybody.

2
00:00:00,930 --> 00:00:02,100
And welcome back.

3
00:00:02,100 --> 00:00:08,500
And now let us continue on fixing our reverse shell and server code so we'll start off with server.

4
00:00:08,760 --> 00:00:15,030
As I said we will fix this code a little bit add some functions here and there and we will also add

5
00:00:15,030 --> 00:00:20,220
two functions one for sending data and one for receiving data which will allow us to actually send and

6
00:00:20,220 --> 00:00:24,110
receive as much data as we want as we can see right here.

7
00:00:24,210 --> 00:00:33,060
The result equals target receive 1024 bytes is limited to this if the target output or answer is bigger

8
00:00:33,060 --> 00:00:36,240
than this it might actually make our program crash.

9
00:00:36,300 --> 00:00:37,580
So we want to fix that.

10
00:00:37,590 --> 00:00:44,130
First of all for example for any bigger commands such as gnats that this will not fit in 2010 24 bytes

11
00:00:45,570 --> 00:00:52,530
so let's first start off by actually putting our servers through a function so we will put this part

12
00:00:52,530 --> 00:00:58,670
of the code in our server function so we can actually make it a little bit prettier.

13
00:00:58,680 --> 00:01:02,360
So let's copy this copy.

14
00:01:02,650 --> 00:01:09,860
Let's go all the way down since we will specify it down here and paste the same code then.

15
00:01:09,920 --> 00:01:16,510
Right now what we can do is we can actually delete this so we can delete all of this.

16
00:01:16,510 --> 00:01:21,870
Now I know this isn't a pretty code but trust me it doesn't really matter as long as it works and it's

17
00:01:21,880 --> 00:01:23,650
long as it doesn't break.

18
00:01:23,650 --> 00:01:30,580
So first thing we want to do is first of all separated from the while loop then what we want to do right

19
00:01:30,610 --> 00:01:38,020
now is actually make our function so that server and then we will put all of this in that function so

20
00:01:38,020 --> 00:01:45,130
creating a socket then by setting Socket options then binding the socket all of that should be in the

21
00:01:45,220 --> 00:01:46,240
same function.

22
00:01:46,330 --> 00:01:54,030
We can also print listening for incoming connections and then we can accept the connection as well and

23
00:01:54,040 --> 00:01:55,500
print Target connected.

24
00:01:56,080 --> 00:02:03,640
So you will notice that we also use these these as variable right here in the other commands as well

25
00:02:04,270 --> 00:02:09,510
as or pardon me not be as variable we use the target variable in the other commands.

26
00:02:09,520 --> 00:02:16,030
So what we want to do is make those variables actually global so we can use it in any other function

27
00:02:16,120 --> 00:02:19,270
we make or in our while loop as well.

28
00:02:19,270 --> 00:02:25,240
If you'll just specify the variable inside the function it will only be used in that function and won't

29
00:02:25,240 --> 00:02:28,150
be recognized outside of the code for that function.

30
00:02:28,150 --> 00:02:36,040
So we need to make those variables to be global so global as global IP since we use IP right here which

31
00:02:36,040 --> 00:02:41,180
is outside of the function and global what's global target.

32
00:02:41,440 --> 00:02:47,870
So Target is also something that we use in order to send and receive the output of the command.

33
00:02:48,240 --> 00:02:54,060
And right now this should be good for the target and for the server function if we need to add anything

34
00:02:54,060 --> 00:03:02,160
else afterwards we will add it now right now you will notice something wrong which is how can we actually

35
00:03:02,160 --> 00:03:02,790
execute this.

36
00:03:02,790 --> 00:03:09,720
So we actually have to call the function in order to execute it so we will do that with server and then

37
00:03:10,420 --> 00:03:15,750
the Open parentheses and close parentheses which will call this function which will execute this function

38
00:03:16,050 --> 00:03:18,470
and which will go down to execute the code.

39
00:03:18,480 --> 00:03:24,000
But the next code as you can see right here is as Dot close or basically as soon as this program starts

40
00:03:24,000 --> 00:03:24,820
it will all.

41
00:03:24,900 --> 00:03:29,240
It will go into the wild to loop first before doing any of this.

42
00:03:29,250 --> 00:03:33,510
So we want to make a function for the while True loop as well.

43
00:03:33,900 --> 00:03:35,690
We will call the function shell.

44
00:03:35,700 --> 00:03:40,890
So first of all let's go upwards.

45
00:03:41,100 --> 00:03:46,860
Let's define that function to be shall we call it simple since Shell is something that we use to execute

46
00:03:46,860 --> 00:03:54,200
the commands and we tab all of this into our shell functions.

47
00:03:54,200 --> 00:03:56,280
Tab it all just once.

48
00:03:56,280 --> 00:04:00,900
So it looks good and this should be it.

49
00:04:00,920 --> 00:04:05,300
Now you might notice that we didn't call the shell command so we have to call it down there.

50
00:04:06,230 --> 00:04:11,720
We have to call it after the server command so we can't actually execute the commands before the target

51
00:04:11,720 --> 00:04:12,680
connects back to us.

52
00:04:12,680 --> 00:04:18,290
So the server function has to be called first and then the shell function has to be called right after

53
00:04:18,380 --> 00:04:20,010
the server function.

54
00:04:20,030 --> 00:04:28,970
So our shell function when we run indefinitely until the until we as are as an attacker and 30 command

55
00:04:28,970 --> 00:04:34,070
Q which will terminate the connection and which will continue outside of the while loop and we'll go

56
00:04:34,070 --> 00:04:43,470
to the next execution of as close which will close the program and the connection so this should be

57
00:04:43,470 --> 00:04:43,620
it.

58
00:04:43,620 --> 00:04:45,110
I believe everything is set.

59
00:04:45,120 --> 00:04:45,900
Good.

60
00:04:45,960 --> 00:04:48,660
Now you might be asking why doesn't this execute this.

61
00:04:48,660 --> 00:04:54,320
Well basically once you have a code in a function the machine doesn't read the code or the Python doesn't

62
00:04:54,330 --> 00:04:57,600
read this code in a function until the function gets called.

63
00:04:57,600 --> 00:05:01,590
So we have to call it in order to execute this code right here.

64
00:05:01,620 --> 00:05:09,810
So what we want to add as well is two functions that will actually make us able to send and receive

65
00:05:09,900 --> 00:05:11,810
as much data as we want.

66
00:05:11,910 --> 00:05:14,550
So we will code that up.

67
00:05:15,030 --> 00:05:20,950
So to make space and let's call that reliable sense so reliable underscore sent.

68
00:05:21,120 --> 00:05:29,050
And we want to input a data to that function so reliable send will be our command of which we will input

69
00:05:29,050 --> 00:05:35,400
in this function and then we have to add another library which we will use in order to dump that data

70
00:05:35,460 --> 00:05:41,300
and make it send as much as much bytes as it can.

71
00:05:41,300 --> 00:05:46,360
So import Jason is the name of the library that we will use.

72
00:05:46,370 --> 00:05:48,810
So just type upwards import Jason.

73
00:05:49,130 --> 00:05:56,090
And then in our function what you want to do is Jason underscore data we'll call it like that equals

74
00:05:56,090 --> 00:06:02,570
Jason dot numbers which is a function and then we want to use data in that function.

75
00:06:02,570 --> 00:06:09,650
So Jason dumps and then we want to specify data inside the brackets then we want to type our regular

76
00:06:09,740 --> 00:06:17,100
sockets and function which is Target and send and we want to send the adjacent data underscore data.

77
00:06:17,450 --> 00:06:22,150
And this will be our reliable scent which means we can send as much as we want.

78
00:06:22,150 --> 00:06:28,610
So let us actually switch all of our target dot it with the reliable scent so we can see right here

79
00:06:28,640 --> 00:06:35,180
we have the one and only target that sense will just delete that and type here reliable underscore scent

80
00:06:35,300 --> 00:06:36,940
and then we send the command.

81
00:06:37,040 --> 00:06:43,770
So then our command will get put in this function right here and then the adjacent data will take the

82
00:06:43,770 --> 00:06:48,890
value of Jason the dumps of our command then we will send adjacent data to the target.

83
00:06:48,890 --> 00:06:57,440
So right now what we want to do is also code a function that will perform a reliable receive.

84
00:06:57,490 --> 00:07:02,830
Now the reason it's called Reliable is because it will actually receive as much bytes as the target

85
00:07:02,830 --> 00:07:03,650
sends.

86
00:07:03,670 --> 00:07:12,540
So let us call that as well defined which is the short for function reliable underscore receive.

87
00:07:12,970 --> 00:07:15,700
Now you can call these functions anything you want.

88
00:07:15,700 --> 00:07:17,740
I will just call it like this.

89
00:07:17,740 --> 00:07:23,440
And right now what we want to do is actually perform a little bit of a bigger code and for the reliable

90
00:07:23,490 --> 00:07:28,720
send in the reliable receive we do not need to specify anything between the brackets since we are the

91
00:07:28,720 --> 00:07:34,150
ones that are receiving the the results of our command.

92
00:07:34,240 --> 00:07:42,040
So we want to specify a local variable called J some data equals and then the empty string and we want

93
00:07:42,040 --> 00:07:52,360
to run a while to loop in order to actually add the bytes provide so 1024 bytes to another thousand

94
00:07:52,360 --> 00:07:55,330
24 bytes until we run out of bytes.

95
00:07:55,330 --> 00:08:00,440
Well it sounds maybe it maybe sounds problematic but it really is.

96
00:08:00,430 --> 00:08:05,890
And so just type here a while True loop which is an infinite loop and we want to perform something that

97
00:08:05,890 --> 00:08:08,480
we used before which is to try and acceptable.

98
00:08:08,560 --> 00:08:16,210
So it will try something except when it receives an error and we will use the terror in order to continue

99
00:08:17,630 --> 00:08:20,180
so let's try to call this.

100
00:08:20,180 --> 00:08:22,280
So try this should work.

101
00:08:22,280 --> 00:08:31,670
Try Jason underscore data equals Jason underscore data plus target not receive and we want to receive

102
00:08:31,670 --> 00:08:39,720
here thousand twenty four bytes as usual and then after that we want to return the function.

103
00:08:39,740 --> 00:08:50,040
Jason loads of our Jason data and then if that is it if the Jason data is basically a lower than 20

104
00:08:50,060 --> 00:08:58,660
1024 bytes it will return it except it will give us a value error already check this.

105
00:08:58,660 --> 00:09:01,730
So I know that the name of the error where we value error.

106
00:09:01,810 --> 00:09:09,100
So I just type it right here accept value are two dots and then continue why do we specify here continue.

107
00:09:09,100 --> 00:09:17,980
Well basically if we get a value error it means that the that the data that the target sent was larger

108
00:09:17,980 --> 00:09:23,980
than thousand and 24 bytes which means we need to go back to the real true loop and then it will perform

109
00:09:24,070 --> 00:09:29,860
the receiving 1024 bytes once again and it will add it to our variable Jason data which also has the

110
00:09:29,860 --> 00:09:36,370
previous thousand twenty four bytes and it will do that as long as there is some bytes left receive

111
00:09:36,670 --> 00:09:42,340
and as soon as the bytes are no longer left to receive it will just quit right here and it will send

112
00:09:42,340 --> 00:09:45,140
us back all of the bytes that the target sent.

113
00:09:45,160 --> 00:09:51,480
So these are two functions used to send and receive as much data as we want but right now since we coded

114
00:09:51,490 --> 00:09:55,660
the reliable receive we want to change this.

115
00:09:55,680 --> 00:10:03,220
So result equals with three thousand twenty four bytes in our normal function we do not specify anything

116
00:10:03,220 --> 00:10:07,320
in the brackets and result equals reliable receive.

117
00:10:07,960 --> 00:10:10,750
So we will get the result right here and we will.

118
00:10:10,750 --> 00:10:13,490
And we will print the result.

119
00:10:13,510 --> 00:10:14,870
So this should be good.

120
00:10:15,000 --> 00:10:15,760
All should be good.

121
00:10:15,760 --> 00:10:19,220
For now we have the command equals Q Is break.

122
00:10:19,300 --> 00:10:23,670
Else result equals receive reliable receive and then print the result.

123
00:10:23,770 --> 00:10:28,570
Then we go back to the wall to loop and then we get printed for the same command which we sent with

124
00:10:28,570 --> 00:10:30,640
our reliable send comment.

125
00:10:30,670 --> 00:10:31,030
Good.

126
00:10:31,630 --> 00:10:33,250
Let's see down here.

127
00:10:33,250 --> 00:10:37,450
We coded a function server we call the shell function in while True loop.

128
00:10:37,600 --> 00:10:44,650
And we also called and called Reliable receive and reliable send function which we use in our show loop.

129
00:10:44,740 --> 00:10:45,040
Good.

130
00:10:45,160 --> 00:10:50,580
So this should be I believe it for the server so let's close it.

131
00:10:50,680 --> 00:10:57,070
Now let's before we close it actually call two functions since we will use same functions in our client

132
00:10:57,070 --> 00:11:01,840
server problem in our client code which is our or shell.

133
00:11:02,500 --> 00:11:04,060
So we copy this.

134
00:11:04,060 --> 00:11:10,540
We close this and then we now know the reverse shall not be why here.

135
00:11:10,570 --> 00:11:19,160
Let those just paste these two functions right away and we have to actually change a few things in these

136
00:11:19,160 --> 00:11:24,050
functions since we do not have something called target in our client code.

137
00:11:24,050 --> 00:11:27,140
We have to change that into actually SOC.

138
00:11:27,260 --> 00:11:34,010
So as we can see right here in our client code we actually send and receive data with socket that receive

139
00:11:34,070 --> 00:11:35,440
and socket sent.

140
00:11:35,480 --> 00:11:38,030
So we have to change that right here as well.

141
00:11:38,030 --> 00:11:41,340
So it's not targeted sent it is socket or sent.

142
00:11:41,360 --> 00:11:45,810
So let's delete this SOC dot sent and we send adjacent data.

143
00:11:45,980 --> 00:11:54,620
And here we have to type here socket out received since that is what we specified in our client code.

144
00:11:54,650 --> 00:11:54,910
Good.

145
00:11:54,910 --> 00:11:57,110
So we have the functions ready.

146
00:11:57,290 --> 00:12:04,490
All we have to do right now is actually use them in our while to look for a socket that received no

147
00:12:04,490 --> 00:12:06,130
longer we do not longer need that.

148
00:12:06,140 --> 00:12:12,260
We only need reliable not received and we delete the thousand 24 bytes.

149
00:12:12,530 --> 00:12:20,510
Then right here once we send the result we do not need to socket send we can use reliable underscore

150
00:12:20,510 --> 00:12:26,810
sent and we send the result but right here let us also run our simple functions.

151
00:12:26,810 --> 00:12:29,040
So this code looks a little bit prettier.

152
00:12:29,060 --> 00:12:32,690
What we want to do is let's actually create

153
00:12:35,270 --> 00:12:35,960
known here

154
00:12:40,430 --> 00:12:45,980
what we want to do is also on our while to create a shock shower function.

155
00:12:45,980 --> 00:12:55,050
So while the truth will be put in our shall function defined shall we will call it same as in our server

156
00:12:55,050 --> 00:13:04,380
code and all we have to do is just tab all of our code so tab with this tab this tab this tab and just

157
00:13:04,380 --> 00:13:06,580
do same with all of these.

158
00:13:06,580 --> 00:13:10,790
Code now that we have shall function we have to call it.

159
00:13:10,800 --> 00:13:14,620
But before we call it we actually have to perform the connection.

160
00:13:14,730 --> 00:13:21,270
So let's actually copy this upper code below all of these functions right here.

161
00:13:21,280 --> 00:13:22,930
So copy this.

162
00:13:22,930 --> 00:13:28,470
Then we can delete this and will paste it at the end of our code.

163
00:13:28,480 --> 00:13:35,890
So it actually goes through all of our functions before executing that code and we paste it right here

164
00:13:36,190 --> 00:13:38,090
so we paste the same code.

165
00:13:38,450 --> 00:13:39,820
Yes it was upper.

166
00:13:39,820 --> 00:13:41,570
So let's see if this will work.

167
00:13:41,630 --> 00:13:44,070
SOC equals socket socket socket.

168
00:13:44,080 --> 00:13:44,800
Therefore I know that.

169
00:13:44,830 --> 00:13:45,320
OK.

170
00:13:45,340 --> 00:13:46,630
We connect.

171
00:13:46,630 --> 00:13:52,870
We print connection established to server and then we can run our shell from here and then we enter

172
00:13:52,870 --> 00:13:57,080
div all true loop which makes us execute the commands on target.

173
00:13:57,090 --> 00:14:01,610
P.S. so we have the reliable central rival received function.

174
00:14:01,840 --> 00:14:05,150
And right now I believe we should be good to go.

175
00:14:05,320 --> 00:14:11,230
But before we actually save this program and run it.

176
00:14:11,350 --> 00:14:17,970
Let's run a simple try and accept rule for executing the command on target server on target machine.

177
00:14:18,480 --> 00:14:23,430
So right here this is the part of the code where we actually execute the command that we get from the

178
00:14:23,430 --> 00:14:26,750
server and send the result back to the server.

179
00:14:26,760 --> 00:14:31,460
Here we want to run a simple try and acceptable for the commands that can be run so try.

180
00:14:31,950 --> 00:14:34,430
We want to try to execute the command.

181
00:14:34,670 --> 00:14:39,710
We want to try to do all of this and then send the command back to us and then accept.

182
00:14:40,580 --> 00:14:47,670
So for every time a command can be executed for some reason or target machine we will want to make and

183
00:14:47,670 --> 00:14:50,070
try and accept also our code doesn't break.

184
00:14:50,070 --> 00:14:57,150
So for every command that can be run we want to reliable send or sent to our target machine reliable

185
00:14:57,780 --> 00:15:01,890
reliable underscore sent open brackets.

186
00:15:01,890 --> 00:15:04,130
Let's make it like this.

187
00:15:04,290 --> 00:15:12,470
Can't execute that command.

188
00:15:12,670 --> 00:15:18,350
We can do it like this or we can put this string in a variable and then prompted to the reliable send.

189
00:15:18,610 --> 00:15:24,270
But we can also do it simply like this just by sending a string to our reliable send function.

190
00:15:24,460 --> 00:15:30,880
It is the same as if we actually took this string put it in a variable and then printed on and then

191
00:15:30,880 --> 00:15:33,670
put the variable between these brackets.

192
00:15:33,670 --> 00:15:42,640
So this should work if you ask me for non let's just save this right here exit and then let's first

193
00:15:42,640 --> 00:15:45,830
of all check out the server before we run it.

194
00:15:45,940 --> 00:15:48,990
We have reliable sand the shell function the server function.

195
00:15:49,000 --> 00:15:49,790
OK.

196
00:15:50,800 --> 00:15:52,560
Let's run the server.

197
00:15:52,810 --> 00:15:55,840
Right now we are listening for the incoming connections.

198
00:15:55,900 --> 00:15:58,660
So let's open another window.

199
00:15:58,660 --> 00:16:04,620
You zoom in.

200
00:16:06,460 --> 00:16:11,790
Let's put this so we can see both of the windows.

201
00:16:11,810 --> 00:16:15,860
Let's go to the White on reverse.

202
00:16:15,860 --> 00:16:19,940
And then we run or let's clear the screen first and then we run the reverse.

203
00:16:19,970 --> 00:16:20,840
Sheldon P Y.

204
00:16:21,440 --> 00:16:24,690
So the connection established well right now.

205
00:16:24,860 --> 00:16:31,940
So we know that on our server the connection or the server function was executed and we went into our

206
00:16:31,940 --> 00:16:34,660
shell function which prompted us for executing command.

207
00:16:34,670 --> 00:16:38,410
So let's type your l s and something right here

208
00:16:42,240 --> 00:16:44,940
something right here doesn't work so let's see what.

209
00:16:45,180 --> 00:16:46,750
Here we can have.

210
00:16:47,490 --> 00:16:47,910
Oh yes.

211
00:16:47,910 --> 00:16:56,350
In our reverse shell cause we didn't import the Jason library so let's close this immediately.

212
00:16:56,360 --> 00:17:02,220
This terminal in order for us to use these functions right here as we did in the server code we need

213
00:17:02,220 --> 00:17:10,320
to import the Jason library so we can use these functions Jason dumps Jason that load loads right here

214
00:17:10,770 --> 00:17:16,290
we need to have that library so we can use those functions otherwise that normal our code will not recognize

215
00:17:16,290 --> 00:17:16,750
them.

216
00:17:16,890 --> 00:17:24,020
So import Jason then let's say this once again close this Let's open another terminal

217
00:17:26,870 --> 00:17:33,130
enlarge this right here you zoom in make this a little bit smaller.

218
00:17:33,600 --> 00:17:41,660
Go to the Python and reverse run our server once again run our reverse shell and then execute our last

219
00:17:41,660 --> 00:17:47,640
comment so we can see we successfully executed our reverse reliable send and reliable reliability comment

220
00:17:48,190 --> 00:17:51,590
received comments so everything works perfectly for now.

221
00:17:51,740 --> 00:17:58,100
So let's see who am I and what if I type here and instead that A.P. for example we get everything right

222
00:17:58,100 --> 00:18:05,640
here clear it clears the screen since we actually cleared the screen of our terminal where my p WD I

223
00:18:05,660 --> 00:18:13,380
know we can try I have config so we get output of all of these commands back to us also if you type

224
00:18:13,380 --> 00:18:18,840
your enter as you can see right now it doesn't actually hang on the code and we can still execute the

225
00:18:18,840 --> 00:18:22,440
commands if at I point I can still get the result of the commands.

226
00:18:22,440 --> 00:18:27,810
That's why that's because we implemented that try and accept rule on executing the command.

227
00:18:27,830 --> 00:18:32,810
You try it tried executing nothing as a command and it didn't work.

228
00:18:32,820 --> 00:18:35,030
So it actually skipped right to it.

229
00:18:35,040 --> 00:18:43,140
So we can try executing something that doesn't exist or let me just see so we can get prompted can't

230
00:18:43,140 --> 00:18:44,370
execute that command.

231
00:18:44,710 --> 00:18:53,010
Let's see dear OK so the works as well right here well I believe we will get to that.

232
00:18:53,190 --> 00:18:58,830
Sometimes it doesn't really matter what matters is that our code now works we can execute all the commands

233
00:18:58,840 --> 00:19:06,990
we can just print out yes to list running processes we can print working directory we can do anything

234
00:19:06,990 --> 00:19:12,090
we want we can create directory same Kadir test and they put up here last once again we can see there

235
00:19:12,090 --> 00:19:16,380
is another directory right now called test in our file folder.

236
00:19:16,530 --> 00:19:17,820
So that's good to know.

237
00:19:17,820 --> 00:19:23,550
Now let's see if the queue option works as well so we type your queue and we can see both programs closed

238
00:19:23,580 --> 00:19:25,890
without any error which is good.

239
00:19:25,890 --> 00:19:29,520
And right now if I type your class you can see it we still have the test directory.

240
00:19:30,090 --> 00:19:36,590
So I will just remove it since we don't really need it and right now we have a working reverse shell

241
00:19:36,650 --> 00:19:44,280
and server that by which can be used to execute sys commands on target but there are still some things

242
00:19:44,280 --> 00:19:47,340
that don't work here such as changing our directory.

243
00:19:47,340 --> 00:19:51,210
For example if I tried to change my directory I won't be able to.

244
00:19:51,210 --> 00:19:54,920
We will see how we can actually fix that as well.

245
00:19:54,930 --> 00:20:01,950
And then we will start adding some more functions and some more available things for our reverse shell.

246
00:20:02,550 --> 00:20:04,830
So that'll be about it for this video.

247
00:20:04,830 --> 00:20:08,330
I hope you enjoyed it and I hope I see you in the next one.

248
00:20:08,470 --> 00:20:08,700
Bye.