1
00:00:00,240 --> 00:00:02,280
Hello everybody and welcome back.

2
00:00:02,280 --> 00:00:07,380
And before we continue with our functions as you're fun to show you one thing that we need to code in

3
00:00:07,380 --> 00:00:09,440
order for you to be able to execute it.

4
00:00:09,510 --> 00:00:15,330
So I already ran my shell the same shell from previous video on my target bases so right now all I have

5
00:00:15,330 --> 00:00:18,690
to do is run my server.

6
00:00:18,870 --> 00:00:22,970
So here I run the server listening for incoming connections and soon enough.

7
00:00:22,980 --> 00:00:26,320
I hope that the shell will open.

8
00:00:26,370 --> 00:00:27,360
So here it is.

9
00:00:27,360 --> 00:00:27,960
Who am I.

10
00:00:29,490 --> 00:00:30,390
Everything works good.

11
00:00:30,390 --> 00:00:36,120
And what I want to show you right here if you for example open your command prompt and type here start

12
00:00:36,660 --> 00:00:39,990
notepad for example.

13
00:00:39,990 --> 00:00:44,570
It will start a notepad and it will prompt you for the for the.

14
00:00:45,130 --> 00:00:49,920
Basically for the next command to be input while the notepad is running.

15
00:00:49,920 --> 00:00:59,050
But if we tried to do the same on our shell or a server or basically reverse shell start notepad it

16
00:00:59,050 --> 00:01:05,230
will open notepad but it will hang on the connection as soon as the notepad isn't closed.

17
00:01:05,230 --> 00:01:10,210
So we will not be able to execute any other commands until the notepad is closed.

18
00:01:10,210 --> 00:01:13,050
So we want to actually be able to fix that.

19
00:01:13,180 --> 00:01:14,530
And how do we fix that.

20
00:01:14,530 --> 00:01:19,300
Well first of all you can see that we received the connection back as soon as someone clicks X on the

21
00:01:19,360 --> 00:01:22,220
notepad and then we can type am I.

22
00:01:22,300 --> 00:01:24,340
Which means we can run our shell.

23
00:01:24,460 --> 00:01:33,820
So what we want to do right now is basically try to call the part of our L if statement where we will

24
00:01:33,820 --> 00:01:40,060
use the SAP process library in order to start the notepad or basically in order to start any program

25
00:01:40,090 --> 00:01:42,670
that you specify after this start comment.

26
00:01:42,670 --> 00:01:44,560
So let us close this.

27
00:01:44,560 --> 00:01:48,610
Kill it in the right here so it doesn't run.

28
00:01:48,620 --> 00:01:54,170
Once we run it once again and what we want to do right now is nano our reverse show.

29
00:01:54,380 --> 00:01:56,650
But let me just delete this from the previous video.

30
00:01:57,470 --> 00:02:06,010
So we have a clear start since tech reverse shall not be why and what we want to do right now is add

31
00:02:06,010 --> 00:02:06,670
the statement.

32
00:02:06,680 --> 00:02:12,410
What happens when we specify a start as a beginning so we can open for example start explorer start

33
00:02:12,440 --> 00:02:15,150
notepad start calculator or start any other program.

34
00:02:15,740 --> 00:02:25,520
So else if command and I believe first file letters yes first five equal groups not three equals equal

35
00:02:25,520 --> 00:02:27,130
to start.

36
00:02:27,950 --> 00:02:31,520
We will try to run that program so try and accept

37
00:02:34,280 --> 00:02:45,930
once we tried to run it we need to use a process not be open command from the six letters so we calculate

38
00:02:45,930 --> 00:02:48,060
the empty space as well.

39
00:02:48,450 --> 00:02:50,320
And then shall we construct.

40
00:02:50,820 --> 00:02:57,440
This will open up our command and in order for us to for example know if we successfully started it.

41
00:02:57,450 --> 00:03:02,070
Let's send to our target or basically to our server.

42
00:03:02,100 --> 00:03:13,460
Let's send a reliable send ups send class started and accept.

43
00:03:13,470 --> 00:03:14,120
If it doesn't.

44
00:03:14,130 --> 00:03:18,630
If it fails to send it we will just send a reliable send

45
00:03:21,440 --> 00:03:26,010
to quote exclamation marks fail to start.

46
00:03:28,080 --> 00:03:31,190
So this should be everything we need to do I believe so.

47
00:03:31,200 --> 00:03:33,170
Let us just say this.

48
00:03:33,600 --> 00:03:37,080
And also we will need to code the part of the show.

49
00:03:37,230 --> 00:03:42,390
Of pardon me part of the server as well as financial server.

50
00:03:42,840 --> 00:03:46,280
Or maybe we will not need to code anything that me just check out right here.

51
00:03:46,620 --> 00:03:49,340
So we sent started to open the program and we receive.

52
00:03:49,340 --> 00:03:55,140
Yeah we actually don't need to type here anything we can just proceed with the same code right here.

53
00:03:55,150 --> 00:03:56,460
Since we sent it since.

54
00:03:56,460 --> 00:04:01,860
If we send the commands start something it will send the command and it will go right here and it will

55
00:04:01,860 --> 00:04:02,780
wait for the result.

56
00:04:02,790 --> 00:04:07,980
The result will be a string whether we successfully started or didn't start the program.

57
00:04:07,980 --> 00:04:10,890
So let us say this right now.

58
00:04:11,490 --> 00:04:15,540
Let us also delete the halo that the city and let us compile the program.

59
00:04:16,560 --> 00:04:19,600
So here we have the compilation.

60
00:04:19,620 --> 00:04:20,850
Same as before.

61
00:04:20,880 --> 00:04:25,460
1 file no console click enter right here while this click Central.

62
00:04:25,470 --> 00:04:29,530
Let me just delete the reversal from the previous video.

63
00:04:29,540 --> 00:04:30,610
So delete this test.

64
00:04:30,660 --> 00:04:34,420
The extreme and also the delete this desk directory.

65
00:04:34,530 --> 00:04:41,880
So this should successfully compile since we didn't report any input into any new libraries that will

66
00:04:41,880 --> 00:04:43,790
maybe cause some trouble.

67
00:04:43,920 --> 00:04:50,280
And right now what we want to do is as usual plug in our USP drive in order to transfer the file.

68
00:04:50,490 --> 00:04:56,590
Once you plug in the beta I want to go to this directory more reverse shell to the media en route another

69
00:04:56,670 --> 00:05:04,410
Carrie Lee live drive after that we go on directly back and start our server listening for incoming

70
00:05:04,450 --> 00:05:05,500
connections.

71
00:05:05,500 --> 00:05:16,180
Then we unplug the USP drive and right now what we want to do is open it and start our reverse shell.

72
00:05:16,220 --> 00:05:20,430
Now I started it from the calendar as we drive but it doesn't really matter or we'll just be in the

73
00:05:20,440 --> 00:05:23,610
different directory once we receive the shell prompted.

74
00:05:23,920 --> 00:05:27,070
So we just wait now for it to get back to us.

75
00:05:27,100 --> 00:05:32,790
It should take a few seconds and here it is target connected.

76
00:05:32,830 --> 00:05:35,790
So if I just type in there you can see we are no longer on the desktop.

77
00:05:35,800 --> 00:05:40,820
We are in the US we trade directory since I started the reversal there but it doesn't matter.

78
00:05:40,840 --> 00:05:47,110
What matters is if I now start read it to prompt a started and it will also open notepad.

79
00:05:47,110 --> 00:05:48,860
It will not hang anymore.

80
00:05:48,880 --> 00:05:54,730
So right now I can run other commands as well such as I have config for example and I can start another

81
00:05:54,730 --> 00:06:00,100
node but if I wanted to and it will open to node pages you can see right here.

82
00:06:00,490 --> 00:06:10,810
You can also start calculator start explorer if you wanted to explorer start notepad once again so you

83
00:06:10,810 --> 00:06:12,880
can start a bunch of files on the target.

84
00:06:12,880 --> 00:06:20,380
P.S. without them doing anything so you can just start a bunch of other applications and also execute

85
00:06:20,440 --> 00:06:23,420
the commands while they are being opened.

86
00:06:23,440 --> 00:06:29,470
So before we actually coded that we thought the target had to actually cause the calculator in order

87
00:06:29,470 --> 00:06:33,450
for us to continue to execute commands right now that is not necessary.

88
00:06:33,460 --> 00:06:38,410
We can execute commands while the programs are opened so that would be about it.

89
00:06:38,410 --> 00:06:44,050
For this video I just want to show you that and we will continue in the next video by.