1
00:00:00,270 --> 00:00:02,580
Hello everybody and welcome back.

2
00:00:02,580 --> 00:00:08,010
And right now let the set a function that will allow us to check if our script is actually being run

3
00:00:08,340 --> 00:00:12,720
with the administrative privileges or with the simple user privileges.

4
00:00:12,720 --> 00:00:17,070
Now this can be useful in order for you to know what your available options are.

5
00:00:17,070 --> 00:00:19,230
We will code in our reversal.

6
00:00:19,230 --> 00:00:23,750
Our simple one letter command or pardon me one word command.

7
00:00:23,770 --> 00:00:29,920
True but just be for example check for the check privileges and we should be prompted back.

8
00:00:30,060 --> 00:00:35,550
Whether the user that we are currently funding descriptors is an administrator or not.

9
00:00:35,880 --> 00:00:39,820
Now I have written a simple script right here in notepad.

10
00:00:39,870 --> 00:00:44,520
This simple script right here first of all it imports the OS library.

11
00:00:44,520 --> 00:00:47,290
It has a function called the has admin.

12
00:00:47,340 --> 00:00:49,940
Now you can call it anything you want.

13
00:00:49,950 --> 00:00:55,770
Basically what this function does is it will check if the admin if the user that is running the script

14
00:00:55,860 --> 00:01:01,290
is having the administrative privileges or if the script itself is having the administrative privileges

15
00:01:01,650 --> 00:01:07,770
how it does that basically with first of all create our global variable called admin and then we try

16
00:01:07,770 --> 00:01:14,030
something something that will actually check if the user is administrator.

17
00:01:14,030 --> 00:01:19,340
Now that something is basically accessing the temp directory in windows.

18
00:01:19,340 --> 00:01:22,670
Now you might be asking why are we actually accessing the temp directory.

19
00:01:22,730 --> 00:01:28,220
Well basically in windows once you actually access the temp directory that means you have administrative

20
00:01:28,220 --> 00:01:29,030
privileges.

21
00:01:29,150 --> 00:01:32,600
Since simple users can't really access this directory.

22
00:01:32,600 --> 00:01:37,100
So what we perform right here is the check of that directory.

23
00:01:37,100 --> 00:01:39,650
We can access it in case we can't.

24
00:01:40,010 --> 00:01:45,840
As we can see right here except admin admin variable will be set to false.

25
00:01:45,920 --> 00:01:52,220
In other case where we actually can access it the admin variable will be set to true.

26
00:01:52,250 --> 00:01:58,970
So now that we actually run the function once once the user of our server actually executes check command

27
00:01:59,480 --> 00:02:03,890
then the function will perform the check right here.

28
00:02:03,890 --> 00:02:08,380
And also we need to set the if administrator equals to true.

29
00:02:08,540 --> 00:02:16,370
Then we will send back to our server administrative apologies if it is not true we will send user privileges

30
00:02:16,430 --> 00:02:22,490
so that the user of the server actually knows whether the shell is on the user or administrator account.

31
00:02:23,240 --> 00:02:29,180
So let us implement this in our program but before we do that let me actually show you how this works

32
00:02:29,180 --> 00:02:30,550
in a simple command prompt.

33
00:02:30,560 --> 00:02:37,430
So we open a command prompt as the user then we goes to the desktop where I say the script and I will

34
00:02:37,430 --> 00:02:43,360
just write on this script so checked out by what I get back is user privileges.

35
00:02:43,360 --> 00:02:45,850
So it went through this code the trend is function.

36
00:02:45,970 --> 00:02:52,210
It notice that with the user privileges it cannot access these temporary this directory pardon me which

37
00:02:52,210 --> 00:02:56,020
is the temp directory and then it set the admin to false.

38
00:02:56,080 --> 00:03:01,900
Then this loop right here checked if admin is true since it wasn't true it printed out user privileges

39
00:03:02,440 --> 00:03:08,650
but right now if we go and run the command prompt as the administrator so right click right here then

40
00:03:08,710 --> 00:03:18,160
run as the administrator click here yes then if we go to the same directory I can just find the script

41
00:03:18,160 --> 00:03:24,580
did I say it so users then the account name then the desktop and then I'd write on this program once

42
00:03:24,580 --> 00:03:30,090
again we can see that right now it says administrator privileges.

43
00:03:30,340 --> 00:03:36,470
So this program works all they have to do right now is implemented in our reverse shell and in our server.

44
00:03:36,580 --> 00:03:37,730
So let us do that.

45
00:03:39,920 --> 00:03:44,130
Let me open this like this with to decide.

46
00:03:44,480 --> 00:03:49,220
Let me know the reverse shall the key why we can see everything here.

47
00:03:49,250 --> 00:03:56,270
We already have set as in the previous video we can see all of our functions that we already coded and

48
00:03:56,280 --> 00:03:57,790
let's look right here.

49
00:03:57,830 --> 00:04:00,980
Code the function is admin.

50
00:04:00,980 --> 00:04:04,560
Now whether you call it has or is I mean it doesn't really matter.

51
00:04:04,630 --> 00:04:10,880
You can call it anything you want as I said right now all we want to do is just basically copy this

52
00:04:10,880 --> 00:04:16,880
program right here so global admin is our variable then what we'll do is we will try to perform the

53
00:04:16,880 --> 00:04:24,860
check of that directory so OS is the library that people use for this we already use for example this

54
00:04:24,860 --> 00:04:32,180
part right here perhaps that we just open open these type of brackets in this part always stopped in

55
00:04:32,180 --> 00:04:33,430
my room.

56
00:04:33,800 --> 00:04:35,360
We already used before.

57
00:04:35,360 --> 00:04:38,080
So this is a little bit of a bigger command.

58
00:04:39,020 --> 00:04:42,500
That's why I am I am keeping it from here.

59
00:04:42,500 --> 00:04:47,570
So see cuts backslash and then Windows.

60
00:04:47,570 --> 00:04:49,590
We closed the apostrophe.

61
00:04:49,610 --> 00:04:55,800
We closed the brackets then a comma and then open apostrophe temp closed apostrophe.

62
00:04:56,000 --> 00:05:00,190
Then the closed square brackets and then closed to normal brackets.

63
00:05:00,380 --> 00:05:06,250
So we can move this so we can see the entire actual command.

64
00:05:06,320 --> 00:05:08,930
And here we perform the check of the directory.

65
00:05:09,080 --> 00:05:15,260
If it can't go to the directory we set the admin to be false.

66
00:05:15,260 --> 00:05:20,320
If it can't we will do that with else admin will be set.

67
00:05:20,320 --> 00:05:24,440
Control will let us do it like this to true.

68
00:05:24,440 --> 00:05:27,130
So now let's enlarge this.

69
00:05:27,320 --> 00:05:32,850
We do not need to see the rest of the code right now all we have to do is go to our.

70
00:05:33,470 --> 00:05:40,940
While True loop basically the shell loop will let us go all the way down here and let us actually perform

71
00:05:41,090 --> 00:05:41,650
another.

72
00:05:41,690 --> 00:05:43,040
Else if statement so.

73
00:05:43,050 --> 00:05:45,070
Else if command.

74
00:05:45,470 --> 00:05:48,020
And then first for example.

75
00:05:48,300 --> 00:05:54,670
5 letters since that is how much check has equals equals 0 check.

76
00:05:57,380 --> 00:05:59,570
Then we added the two dots right here.

77
00:05:59,600 --> 00:06:09,990
We will actually try to execute the is admin so his admin.

78
00:06:10,170 --> 00:06:11,590
I believe that is how we called it.

79
00:06:11,590 --> 00:06:13,080
Let me just check it out.

80
00:06:13,090 --> 00:06:17,890
We execute the is admin function and what we want to send is basically

81
00:06:20,680 --> 00:06:28,300
or we actually want to send back the admin variable but right here we will not name it false and true

82
00:06:28,300 --> 00:06:41,260
we can just name it something like this admin equals user privileges and here admin will equal administrator

83
00:06:42,460 --> 00:06:43,650
privileges.

84
00:06:44,740 --> 00:06:48,290
So we set the admin variable to be a string.

85
00:06:48,310 --> 00:06:51,450
And right now we will send this string to our server.

86
00:06:51,880 --> 00:06:53,220
So let us go down here.

87
00:06:53,230 --> 00:07:04,480
So you try it is admin and then RELIABLE send admin which is our global variable except so in an ease

88
00:07:04,560 --> 00:07:05,930
in any other case.

89
00:07:05,950 --> 00:07:10,550
If this doesn't work we for example can't check or perform this program.

90
00:07:10,650 --> 00:07:13,250
We want to send to the server.

91
00:07:15,030 --> 00:07:20,950
Our string that will say can't perform the check.

92
00:07:20,950 --> 00:07:24,280
So this is basically it for the reverse shell.

93
00:07:24,280 --> 00:07:30,490
Now let's see if we have to code anything in our server side of the code in order for this to work properly

94
00:07:30,490 --> 00:07:36,350
so controller to say this control X to exit and let us now know the server or b y.

95
00:07:36,910 --> 00:07:45,160
So let us see what will happen once we send the check comment so check we send that it performs all

96
00:07:45,160 --> 00:07:50,330
of it as before and then we get the result back and then we print the result.

97
00:07:50,380 --> 00:07:54,810
So I don't think we have to add anything right here we can just compile the shell.

98
00:07:55,180 --> 00:07:56,910
So let us go.

99
00:07:56,950 --> 00:07:59,400
Right here we have the reverse shell right here.

100
00:07:59,530 --> 00:08:04,670
Let us compile it with our Heiko file and also with our image.

101
00:08:04,750 --> 00:08:09,710
So Python twenty seven scripts by installer not the AKC.

102
00:08:09,880 --> 00:08:17,320
We add the data so the dash dash add that data and then we specify the path to our image which is the

103
00:08:17,320 --> 00:08:22,530
root python programs reverse and then go on file right here

104
00:08:25,330 --> 00:08:34,000
so also add right here the dot and comma and then dot after that we want to add one final option so

105
00:08:34,000 --> 00:08:36,630
one file then no console.

106
00:08:36,670 --> 00:08:44,320
And also the icon which is in route downloads and then dragon wallpaper Chinese that I call or basically

107
00:08:44,320 --> 00:08:45,640
any icon that you used.

108
00:08:46,000 --> 00:08:53,830
We also want to specify the name of our shells so reverse shall not be why now let us actually compile

109
00:08:53,830 --> 00:08:55,990
this into our program.

110
00:08:55,990 --> 00:09:02,590
Now remember that the reason why our image is an opening the previous videos is actually because we

111
00:09:02,590 --> 00:09:08,860
forgot to specify the slash in front of our path with our image.

112
00:09:08,860 --> 00:09:11,420
Now we'll show you what I mean in the second if you missed it.

113
00:09:11,450 --> 00:09:18,610
So that's why in order for image to open properly after we were on the program you need to have this

114
00:09:18,610 --> 00:09:19,730
slash right here.

115
00:09:19,780 --> 00:09:21,790
So without this slash it will not work.

116
00:09:21,880 --> 00:09:24,780
So make sure to have this slash once again then.

117
00:09:24,790 --> 00:09:27,600
Now let us actually use our use B.

118
00:09:27,940 --> 00:09:29,560
So I will plug it in

119
00:09:32,860 --> 00:09:38,740
I will go to my DOS directory and now remove the reverse shell that the C Intermedia wrote and then

120
00:09:38,770 --> 00:09:46,660
Caroline and I will go on directly back and I will run my server in order to reason listen for the incoming

121
00:09:46,660 --> 00:09:47,530
connections.

122
00:09:47,590 --> 00:09:49,790
So it does unplug this use B Drive

123
00:09:52,540 --> 00:10:02,490
let me check if we deleted the previous the previous backdoor.

124
00:10:02,490 --> 00:10:04,750
So let me just enlarge this.

125
00:10:04,760 --> 00:10:09,790
There so we need to delete this backdoor that you see.

126
00:10:10,010 --> 00:10:12,470
And right now we should be good to go.

127
00:10:12,520 --> 00:10:15,690
Let us paste this on the desktop right here.

128
00:10:15,760 --> 00:10:17,930
Now let the sexually run the program.

129
00:10:18,100 --> 00:10:21,550
Right now it should open the picture as we can see right here.

130
00:10:21,610 --> 00:10:30,700
All works properly and then in a few seconds we should be getting the shell back then we will run our

131
00:10:30,700 --> 00:10:39,530
check function in order to see if we are administrator or in order to see if we are user so shell is

132
00:10:39,530 --> 00:10:41,720
here Let us see if normal comments work.

133
00:10:41,720 --> 00:10:46,330
So I pick config works in my works are mine as it works.

134
00:10:46,390 --> 00:10:51,680
And right now let us type your check what we get back is the user privileges.

135
00:10:51,710 --> 00:10:57,230
So right now we know that the user the trend our shell is an actual user account and not administrator

136
00:10:57,230 --> 00:10:59,030
account.

137
00:10:59,030 --> 00:11:02,050
Now let us close this.

138
00:11:02,050 --> 00:11:04,960
Let us make it just a little bit prettier before we end.

139
00:11:05,790 --> 00:11:13,120
You can remove all the necessary files or pardon me all the unnecessary files.

140
00:11:13,130 --> 00:11:21,880
Well let's make this string a little bit prettier so admin and then set a plus for pardon me it said

141
00:11:22,980 --> 00:11:24,850
commission are right here.

142
00:11:24,850 --> 00:11:30,990
User privileges and here let's add the plus for the administrative privileges.

143
00:11:33,400 --> 00:11:36,370
So it looks just a little bit prettier we can save this.

144
00:11:36,370 --> 00:11:40,510
And right now if you were to run this reverse shell as an administrator you would get prompted back

145
00:11:40,780 --> 00:11:44,010
the administrator privileges after that comment.

146
00:11:44,170 --> 00:11:48,880
So that would be about it from this video where we checked out if we were a user or the administrator

147
00:11:48,880 --> 00:11:53,230
account we will make sharp comment in the next video.

148
00:11:53,230 --> 00:11:59,710
Basically what we will do is we will code our help comment when someone that is using our server actually

149
00:11:59,710 --> 00:12:06,590
types help they get prompted all the available options currently that we have coded in our reverse show.

150
00:12:06,640 --> 00:12:10,570
So I hope you enjoyed this video and I hope I see you in the next one by.