1
00:00:00,270 --> 00:00:01,040
Hello everybody.

2
00:00:01,140 --> 00:00:03,000
And welcome back.

3
00:00:03,000 --> 00:00:08,910
And right now what we want to do is let us implement a function that will take the screenshot of the

4
00:00:08,910 --> 00:00:15,130
target's b c this is something that we saw in the metal plate framework a maternity show.

5
00:00:15,150 --> 00:00:20,110
So let's try to actually implement that as well in our rivers show.

6
00:00:20,760 --> 00:00:27,450
So of course we will not be coding our own screenshot function since that would take a lot of time.

7
00:00:27,470 --> 00:00:31,640
What we want to do is basically use a library that already allows us to do that.

8
00:00:31,700 --> 00:00:39,340
So let us see which library that is if you just find find or search on the Internet you will be probably

9
00:00:39,350 --> 00:00:43,330
you'll probably find our library called the basically the MSF.

10
00:00:43,370 --> 00:00:50,060
Now the MSF is a library that allows us to actually take a screenshot with through two or three lines

11
00:00:50,060 --> 00:00:51,260
of code.

12
00:00:51,260 --> 00:00:57,470
Then the screenshot is saved under a certain name and then we have this screenshot of our target's browser.

13
00:00:57,470 --> 00:00:59,060
So we will implement that.

14
00:00:59,060 --> 00:01:04,170
So let us just open our remote shall first so open it.

15
00:01:06,140 --> 00:01:13,990
And what we want to do is first of all go down to the elif statement so let us scroll down right here.

16
00:01:14,340 --> 00:01:20,190
Now let's add another elif statement that will allow us to take a function with a part of me that will

17
00:01:20,190 --> 00:01:21,940
allow us to take a screenshot.

18
00:01:21,940 --> 00:01:31,180
So tell us if the command and the first 10 letters is that is how many letters screenshot has equals

19
00:01:31,180 --> 00:01:35,590
equals screenshot.

20
00:01:35,890 --> 00:01:42,400
We want to actually try and accept as always so our program doesn't crash.

21
00:01:42,400 --> 00:01:46,530
We want to run a screenshot function.

22
00:01:46,560 --> 00:01:53,080
So we do not have this function yet but we will code it for now and let us just put it here and let's

23
00:01:53,080 --> 00:01:57,440
see what we actually have to do after we have the screenshots of this cell shell.

24
00:01:57,460 --> 00:02:03,420
So we need to read from that screenshot and we need to send the files of the content of that screenshot

25
00:02:03,430 --> 00:02:04,030
to the server.

26
00:02:04,450 --> 00:02:11,120
So we will use the similar as before in the file download an Apple Google basically open the screenshot

27
00:02:11,170 --> 00:02:20,880
itself and it would and we will send the encoded content of that picture basically to our server.

28
00:02:20,920 --> 00:02:26,040
Now if you open right here now let me just show you if we can find it.

29
00:02:26,080 --> 00:02:34,140
The MSA library saves every screenshot it takes as a monitor minus one dot BMG.

30
00:02:34,150 --> 00:02:40,180
So emphasis library I missed this but it doesn't matter.

31
00:02:42,220 --> 00:02:45,080
We will be able to find it.

32
00:02:45,100 --> 00:02:48,920
Let this just load.

33
00:02:49,080 --> 00:02:56,750
Let's see and assess and ultrafast cross platform multiple screens and module in python using C types.

34
00:02:56,750 --> 00:02:58,890
So let me show you.

35
00:02:59,060 --> 00:03:01,280
We will also have to import the C types.

36
00:03:01,280 --> 00:03:03,000
So we will do that as well.

37
00:03:03,140 --> 00:03:10,130
But right now let me show you that it saves every every screenshot as monitor dot or monitor minus one

38
00:03:10,220 --> 00:03:11,190
dot BMG.

39
00:03:12,380 --> 00:03:18,500
Let me just scroll down if it says anywhere.

40
00:03:18,680 --> 00:03:24,420
We will have to also perform these commands since we need to download it in our main folder.

41
00:03:24,420 --> 00:03:31,170
It doesn't say it anywhere but trust me it will save the file or every screenshot it makes as a monitor

42
00:03:31,170 --> 00:03:32,940
minus one that BMG.

43
00:03:33,540 --> 00:03:36,470
So first of all we need to think about two things.

44
00:03:36,480 --> 00:03:44,580
Then if we want to for example take multiple screenshots if it all saves them as our same name then

45
00:03:44,580 --> 00:03:48,620
it basically means that they will overwrite each other.

46
00:03:48,620 --> 00:03:53,640
So we need to make sure to actually save two different screenshots after two different names.

47
00:03:53,990 --> 00:03:59,660
So let's see how we can do that but that is something that we need to do to take care of in our server

48
00:03:59,660 --> 00:04:00,980
side of code so for now on.

49
00:04:00,980 --> 00:04:09,740
Let us just try to implement the sending of the contents of the screenshots so we will open monitor

50
00:04:10,220 --> 00:04:12,520
minus one that BMG.

51
00:04:12,680 --> 00:04:20,120
So make sure to specify the same name since this is the name that the says library saves the screenshot

52
00:04:20,120 --> 00:04:23,350
us and we want to specify the read by its function.

53
00:04:23,360 --> 00:04:30,650
So we read from the phone from the image and let's save it at C S for example for a screenshot then

54
00:04:30,650 --> 00:04:34,620
two dots at the end pops where two dots there they are.

55
00:04:35,180 --> 00:04:44,290
And we want to reliable send this function or this screenshot reliable sent base64 since this is our

56
00:04:44,540 --> 00:04:53,420
picture we want to encode it so it doesn't crash base64 encode see as Dot read and we specify the open

57
00:04:53,480 --> 00:04:55,190
and closed three brackets.

58
00:04:55,340 --> 00:04:59,100
So this is basically what we want to try to do can after this.

59
00:04:59,150 --> 00:05:04,640
We also want to remove the screenshots so it doesn't stay on the target system since with when we use

60
00:05:04,640 --> 00:05:10,340
the screenshot function it will save the screenshot on the target b c then it will read from it and

61
00:05:10,340 --> 00:05:11,610
send it back to us.

62
00:05:11,660 --> 00:05:18,420
So we do not want to leave that screenshot there we want to actually delete it right after it sends

63
00:05:18,420 --> 00:05:18,570
it.

64
00:05:18,600 --> 00:05:20,760
So the target doesn't see it.

65
00:05:20,760 --> 00:05:27,690
So always dot remove is the function that we will use from our always library and then we remove monitor

66
00:05:28,410 --> 00:05:29,600
minus one.

67
00:05:29,610 --> 00:05:33,900
That being G I'll make sure to specify the cream.

68
00:05:34,050 --> 00:05:36,100
Otherwise this will fail.

69
00:05:36,360 --> 00:05:42,690
And then in the except we want to send our normal reliable send

70
00:05:45,420 --> 00:05:49,730
exclamation mark for the error first of all let me just find these quotes there.

71
00:05:49,800 --> 00:05:59,030
They are failed to take screenshot and then we close this.

72
00:05:59,160 --> 00:06:05,190
So we send an error message that will say failed to take a screenshot and right now what we want to

73
00:06:05,190 --> 00:06:13,330
do is basically just find or basically code the screen shall function with the emphasis library.

74
00:06:13,350 --> 00:06:23,790
So first of all let us go up and import the emphasis library as well as seed types so import si types.

75
00:06:24,020 --> 00:06:24,900
Maybe we will need it.

76
00:06:24,900 --> 00:06:31,250
It said that it is based on seed types and also type here from A.S. import MSF.

77
00:06:31,910 --> 00:06:33,290
This is how we will use it.

78
00:06:33,740 --> 00:06:37,520
So once you specify it let's add the function itself.

79
00:06:37,580 --> 00:06:42,380
So let's set it right here.

80
00:06:42,390 --> 00:06:49,950
Def screenshot since that is what this part is what since that is what we specified in the coding of.

81
00:06:50,000 --> 00:06:56,570
If statement so and all we have to do right here is if you know the syntax it would be very simple.

82
00:06:56,570 --> 00:07:02,070
So right now with M ss as a function as screenshot

83
00:07:04,670 --> 00:07:05,870
we just want to step here.

84
00:07:06,070 --> 00:07:09,750
Screenshot that shot.

85
00:07:10,370 --> 00:07:15,980
This will perform this screenshot function it will save these screenshot as monitor minus one that being

86
00:07:15,980 --> 00:07:20,480
Jeep and then we will read from it in our LCD statement.

87
00:07:20,540 --> 00:07:24,470
We will open the file for reading and we will send the file.

88
00:07:24,470 --> 00:07:26,980
We do reliable send and base64 encode.

89
00:07:27,110 --> 00:07:32,420
Then we will remove the screenshots so it doesn't stay on target b c in case that doesn't work.

90
00:07:32,420 --> 00:07:42,110
We will send to our server failed to take screenshot so let us save this and close this since we were

91
00:07:42,110 --> 00:07:44,300
done with the reverse Shell site.

92
00:07:44,300 --> 00:07:54,630
Now we want to do is open our server and actually code the part of the server code for the screenshot.

93
00:07:54,760 --> 00:07:55,890
So what we need to do.

94
00:07:56,590 --> 00:07:58,980
We do not need any function for this or we want to.

95
00:07:59,260 --> 00:08:03,520
All we have to do is handle the message back properly.

96
00:08:03,520 --> 00:08:08,220
So let's add an LS If statement else.

97
00:08:08,260 --> 00:08:16,070
If command is first telnet there's a screenshot you close to screenshot

98
00:08:18,620 --> 00:08:28,400
we want to try to receive the screenshots so with open and right now we need to specify the thing that

99
00:08:28,400 --> 00:08:29,380
I told you before.

100
00:08:29,630 --> 00:08:38,330
So if we open the file we need to make something that will open every screenshot with different name.

101
00:08:38,330 --> 00:08:47,400
So what we will do is we will add a variable called count for example so let us do it right here.

102
00:08:47,420 --> 00:08:53,510
Global count we make a variable that will count our screenshot so we go down here.

103
00:08:53,510 --> 00:09:00,380
So I did just below the shell function and then go on here with open and then we need to stack the file

104
00:09:00,380 --> 00:09:07,770
name to be different so we will use the percent deep for a number or close this.

105
00:09:07,770 --> 00:09:15,340
Let me just open the apostrophe at the end as well so screenshot percent deep and then we want to instead

106
00:09:15,350 --> 00:09:17,930
of percent use count every time.

107
00:09:17,990 --> 00:09:21,530
So count and then comma right bytes.

108
00:09:21,560 --> 00:09:28,460
So we want to write the screenshot we want to call it for example as screen we call that is the file

109
00:09:28,460 --> 00:09:35,290
name and what we want to do right now is add variable for example called image.

110
00:09:35,340 --> 00:09:39,560
So image equals reliable dot or underscore received.

111
00:09:40,080 --> 00:09:42,540
This is us receiving the image itself.

112
00:09:42,540 --> 00:09:46,650
And right now what we need to do is decode the image.

113
00:09:47,400 --> 00:09:59,910
We did these base 64 so letters to image decoded equals base64 dot v 64 decode and then we paste the

114
00:09:59,910 --> 00:10:03,930
image to be decoded.

115
00:10:04,630 --> 00:10:10,410
Now we need to specify since we are receiving either our image.

116
00:10:10,450 --> 00:10:17,770
If it works well enough or either a string that says failed to take image so this image variable right

117
00:10:17,770 --> 00:10:23,910
here will either be a content of a screenshot or it will be a simple string that says failed to take

118
00:10:23,920 --> 00:10:24,810
screenshot.

119
00:10:24,850 --> 00:10:34,870
So once we decoded we need to check if it contains if image underscore decoded and first four characters

120
00:10:35,800 --> 00:10:37,030
equal to this.

121
00:10:37,480 --> 00:10:42,250
So this is something that is specified in the reversal function.

122
00:10:42,250 --> 00:10:46,510
When it fails to take screenshots so these are the first four characters and effort that goes failed

123
00:10:46,570 --> 00:10:55,360
to take screenshot but will only specify first for if the first four characters are equal to this we

124
00:10:55,360 --> 00:11:00,140
want to print the image that underscore decoded.

125
00:11:00,460 --> 00:11:05,000
So we actually know that it failed to to take the screenshot.

126
00:11:05,050 --> 00:11:17,380
Else we want to write the screenshot to the file so screen that screen that right image decoded.

127
00:11:18,220 --> 00:11:19,540
So simple.

128
00:11:19,570 --> 00:11:20,350
Simply explain.

129
00:11:20,350 --> 00:11:27,420
This means that once we receive either an image or stream we check if it is we first decoded.

130
00:11:27,430 --> 00:11:29,850
Then we check if it is a string with this form.

131
00:11:29,860 --> 00:11:38,080
If it is of an error message if it is not equal right the contents of the image to the file screen Now

132
00:11:38,170 --> 00:11:44,590
also what we need to do is after this for x we need to increase count by 1.

133
00:11:45,520 --> 00:11:52,370
So for example if count equals I don't know 3 or 4 and we also need to specify.

134
00:11:52,390 --> 00:11:53,370
We need to specify.

135
00:11:53,370 --> 00:11:55,200
Count to be a number.

136
00:11:55,200 --> 00:11:57,610
So we said global count.

137
00:11:58,450 --> 00:11:59,590
Global count

138
00:12:02,290 --> 00:12:03,170
unless specified.

139
00:12:03,250 --> 00:12:05,500
Then up here since we put to be global.

140
00:12:05,500 --> 00:12:10,690
Not really sure if it has to it probably doesn't have to be global but since we said that it is global

141
00:12:10,980 --> 00:12:15,640
we will set count to be 1 for the first time and we will use it right here.

142
00:12:16,690 --> 00:12:19,880
So global count is 1.

143
00:12:20,110 --> 00:12:24,280
So the first screenshot will be saved with the name screenshot 1.

144
00:12:24,310 --> 00:12:29,350
The second screenshot since this will be increased by 1 will be named under the screenshot screenshot

145
00:12:29,430 --> 00:12:34,210
2 and so on and so on for as many screenshots as we take.

146
00:12:34,300 --> 00:12:36,350
So let us see how this works.

147
00:12:36,370 --> 00:12:45,260
Control or to save control X to exit and we need to compile the program so we use the same command.

148
00:12:45,260 --> 00:12:47,610
I just find it once again.

149
00:12:47,740 --> 00:12:48,970
Here it is.

150
00:12:48,970 --> 00:13:00,290
But before we use this command what we have to do is actually installed the the MSF library and steps

151
00:13:00,390 --> 00:13:00,750
library.

152
00:13:00,750 --> 00:13:09,150
But I believe Italy already has he types into our wine folder so we use wine slash root not wine drive

153
00:13:09,150 --> 00:13:15,580
C by 10 27 and Python not exceed 10 minus M for deep pit.

154
00:13:15,660 --> 00:13:18,650
We use Pip to install and assess.

155
00:13:18,930 --> 00:13:23,960
I believe we can use it with this thread here so let's see if this works it should work.

156
00:13:23,970 --> 00:13:29,630
So we are installing the MSF library for our wine python.

157
00:13:30,180 --> 00:13:40,050
Collecting MSF and hopefully it will download it successfully so we will see and we can see it all finished

158
00:13:40,050 --> 00:13:45,140
successfully so installs collective packages MSF successfully installed MSF.

159
00:13:45,420 --> 00:13:48,570
So let the see for the C types as well.

160
00:13:48,570 --> 00:13:53,040
It probably does have them but just in case so we don't actually run into an error.

161
00:13:53,040 --> 00:13:56,030
Let us collect that as well if it has them.

162
00:13:56,040 --> 00:14:02,090
I believe it will say something like requirement already satisfied or something like that.

163
00:14:02,130 --> 00:14:06,690
If it doesn't have them it will download it and we will be able to use C types as well.

164
00:14:07,230 --> 00:14:10,010
So no matching distribution so we already have that.

165
00:14:10,150 --> 00:14:15,990
OK so let us compile this right now with the same command.

166
00:14:15,990 --> 00:14:21,770
So one file no console press enter right here.

167
00:14:21,990 --> 00:14:28,880
Meanwhile we delete this file which is previous Shell.

168
00:14:28,890 --> 00:14:29,520
Are you sure.

169
00:14:29,520 --> 00:14:31,110
Yes I'm sure.

170
00:14:31,140 --> 00:14:33,650
Then we go and plug in our USP drive.

171
00:14:34,050 --> 00:14:36,590
So simple as before.

172
00:14:37,090 --> 00:14:43,130
And as soon as this finish finishes compiling we can paste it to the kids we drive.

173
00:14:43,140 --> 00:14:48,850
So this more reverse shell to the media route calorie Caroline.

174
00:14:49,430 --> 00:14:50,710
We move it.

175
00:14:51,120 --> 00:15:01,530
We go on directly back and we run our server unexpected you on indent so that see.

176
00:15:01,770 --> 00:15:07,440
We have a code error in our server at all so let us see where it is

177
00:15:10,810 --> 00:15:12,110
not through this show.

178
00:15:13,340 --> 00:15:16,140
If else.

179
00:15:16,130 --> 00:15:16,800
Right here

180
00:15:21,920 --> 00:15:23,450
so what is the error.

181
00:15:23,450 --> 00:15:31,070
I'm not really sure if it has anything to do with this so let us see if image with open try

182
00:15:34,720 --> 00:15:36,040
I accept.

183
00:15:36,100 --> 00:15:37,020
Oh yes.

184
00:15:37,270 --> 00:15:39,880
So we didn't even code the except through.

185
00:15:39,880 --> 00:15:42,850
So what happens when it doesn't work.

186
00:15:42,850 --> 00:15:43,870
So except

187
00:15:46,750 --> 00:15:51,940
we want to create an hour for actually we do not need a try and accept the challenge.

188
00:15:52,190 --> 00:15:55,770
Right here we have it in our reverse shell so we can just delete this.

189
00:15:55,850 --> 00:15:57,960
We can just leave it without the try and accept.

190
00:15:57,970 --> 00:16:06,130
So us see once again server listening for incoming connection so basically at the screenshot part just

191
00:16:06,130 --> 00:16:09,250
delete the try that we added since we do not need it.

192
00:16:10,680 --> 00:16:16,920
But we want to do right now we want to go to the Today unplug my ISP try.

193
00:16:16,940 --> 00:16:19,360
So first of all unplug the U.S. me drive

194
00:16:22,360 --> 00:16:30,160
and right now what they want to do is basically run the reverse show that the AKC again from the US

195
00:16:30,160 --> 00:16:30,740
beat right.

196
00:16:30,790 --> 00:16:34,540
It doesn't even matter you can paste it on your desktop and it'll work the same.

197
00:16:34,540 --> 00:16:37,500
So let us see how this will work right now.

198
00:16:39,130 --> 00:16:45,610
Let us lower our screen so that screenshot actually takes the part of the screen of Windows 10 as well

199
00:16:45,610 --> 00:16:49,030
so it doesn't take on the screen of the Linux machine.

200
00:16:49,030 --> 00:16:56,020
And if I just type your screenshot it will take a few seconds in order to take the screenshot and also

201
00:16:56,020 --> 00:16:57,160
send it back to us.

202
00:16:57,160 --> 00:17:04,150
I believe and soon enough we should receive screenshot successfully taken or something like that.

203
00:17:04,280 --> 00:17:09,900
So let's see it's taking a rather long time.

204
00:17:09,900 --> 00:17:15,960
We didn't receive anything so it means I believe that screenshot worked well enough as we can see on

205
00:17:15,960 --> 00:17:16,620
the desktop.

206
00:17:16,620 --> 00:17:23,160
We do not have any monitor minus one that BMG so we can also take the screenshot with Calvin next machine

207
00:17:23,160 --> 00:17:28,980
in the lower right corner corner so we can see that it saved properly with screenshot 1 and screenshot

208
00:17:29,010 --> 00:17:32,190
2 that it doesn't overwrite the screenshot.

209
00:17:32,190 --> 00:17:38,910
So let us see as we can see it does take a few seconds to perform this but it should work.

210
00:17:38,910 --> 00:17:46,650
Once we check the folder of our killer Linux machine which is the same folder as our server so let us

211
00:17:47,780 --> 00:17:52,110
open this up we do not need this anymore.

212
00:17:52,130 --> 00:17:58,360
We can quit the shell and if I just type your files we have screenshot 1 and screenshot 2.

213
00:17:58,370 --> 00:18:07,370
Now let's see if they are actually the pictures that we got that we took from our monitor of Windows

214
00:18:07,370 --> 00:18:08,090
10.

215
00:18:08,150 --> 00:18:10,970
So let's open the folder.

216
00:18:10,970 --> 00:18:22,050
We go to the root we go to the Python program so let us find Python programs reverse and as we can see

217
00:18:22,060 --> 00:18:28,000
screenshot 1 and screenshot 2 are good screenshots of our target desktop.

218
00:18:28,000 --> 00:18:34,420
So right now as we can see we can successfully take screenshots of the target's machine.

219
00:18:34,420 --> 00:18:35,780
So this is another useful thing.

220
00:18:35,800 --> 00:18:39,100
We coded and we will continue in the next video.

221
00:18:39,100 --> 00:18:42,420
Hope you enjoyed this one and I hope I see you in the next one.

222
00:18:42,610 --> 00:18:42,880
By.