1
1

00:00:00,270  -->  00:00:02,370
<v ->Now we're ready to receive connections</v>
2

2

00:00:02,370  -->  00:00:03,950
from our backdoor.
3

3

00:00:03,950  -->  00:00:06,450
So we created the backdoor, we set payload,
4

4

00:00:06,450  -->  00:00:08,880
and we're listening for incoming connections
5

5

00:00:08,880  -->  00:00:11,370
here from any connection that comes in
6

6

00:00:11,370  -->  00:00:13,710
from the same backdoor on the same port
7

7

00:00:13,710  -->  00:00:15,360
on the same IP.
8

8

00:00:15,360  -->  00:00:18,440
So now if a person runs that backdoor,
9

9

00:00:18,440  -->  00:00:21,030
we'll receive the connection back in here
10

10

00:00:21,030  -->  00:00:22,300
on this computer.
11

11

00:00:22,300  -->  00:00:24,147
What we're gonna do now is we're gonna test
12

12

00:00:24,147  -->  00:00:26,891
the backdoor to make sure that it works.
13

13

00:00:26,891  -->  00:00:31,320
To do that, we're gonna use a very basic delivery method.
14

14

00:00:31,320  -->  00:00:33,300
Later on in the course, we're gonna talk about
15

15

00:00:33,300  -->  00:00:35,960
smart delivery methods that will trick the person
16

16

00:00:35,960  -->  00:00:38,950
into opening the file that we're sending to them.
17

17

00:00:38,950  -->  00:00:41,740
For now, we're just doing a very basic example
18

18

00:00:41,740  -->  00:00:45,320
just to test our very basic backdoor.
19

19

00:00:45,320  -->  00:00:48,080
So to do that, we're just gonna put the backdoor
20

20

00:00:48,080  -->  00:00:51,660
on our web server and then download it
21

21

00:00:51,660  -->  00:00:52,970
from the target computer.
22

22

00:00:52,970  -->  00:00:54,780
So there is nothing smart about this
23

23

00:00:54,780  -->  00:00:57,100
and you probably can't use this way to deliver
24

24

00:00:57,100  -->  00:00:58,810
the backdoor to a real person.
25

25

00:00:58,810  -->  00:01:00,480
So we're only doing this for testing
26

26

00:01:00,480  -->  00:01:02,423
to make sure our backdoor works.
27

27

00:01:03,300  -->  00:01:07,290
So Kali comes in with a web server
28

28

00:01:07,290  -->  00:01:10,140
and what the means basically you can use Kali
29

29

00:01:10,140  -->  00:01:11,450
as a website.
30

30

00:01:11,450  -->  00:01:13,940
So what we're gonna do is we're gonna put that backdoor
31

31

00:01:13,940  -->  00:01:16,280
in that website and then just download it
32

32

00:01:16,280  -->  00:01:18,680
from the target window's machine.
33

33

00:01:18,680  -->  00:01:20,720
Now the website directory, where you should
34

34

00:01:20,720  -->  00:01:25,720
store the website's files, is var/www/html.
35

35

00:01:26,240  -->  00:01:28,120
So I will show you what it is now
36

36

00:01:28,120  -->  00:01:30,690
if we, if you just click in here
37

37

00:01:30,690  -->  00:01:33,770
on the path and then put a forward slash,
38

38

00:01:33,770  -->  00:01:36,080
it will allow you to manually type
39

39

00:01:36,080  -->  00:01:38,160
the path that you want to go to.
40

40

00:01:38,160  -->  00:01:43,057
So we want to go to var/www/html.
41

41

00:01:46,450  -->  00:01:50,530
This is the location where the website files are stored.
42

42

00:01:50,530  -->  00:01:53,320
Now for you, you'll probably only have index.html.
43

43

00:01:53,320  -->  00:01:55,050
You won't have all of that stuff.
44

44

00:01:55,050  -->  00:01:57,120
But that's just stuff that I created while I
45

45

00:01:57,120  -->  00:01:58,603
was testing a few things.
46

46

00:01:59,610  -->  00:02:03,600
So the index is the main page that people usually see
47

47

00:02:03,600  -->  00:02:05,713
when they browse to this website.
48

48

00:02:06,920  -->  00:02:09,620
So what I'm gonna do here is I'm gonna first of all
49

49

00:02:09,620  -->  00:02:13,630
create a directory and I'm gonna call it "evil files."
50

50

00:02:13,630  -->  00:02:16,900
So every time we create a backdoor or a key logger,
51

51

00:02:16,900  -->  00:02:19,480
we're gonna put it in here and then download it in
52

52

00:02:19,480  -->  00:02:21,430
the windows machine to test it.
53

53

00:02:21,430  -->  00:02:24,740
And again, later on in the delivery method section,
54

54

00:02:24,740  -->  00:02:27,000
we're gonna talk about smart delivery methods.
55

55

00:02:27,000  -->  00:02:29,850
For now, we're only gonna be creating the evil files
56

56

00:02:29,850  -->  00:02:33,290
and test them to make sure that they work as expected.
57

57

00:02:33,290  -->  00:02:36,127
So I'm gonna call this directory "evil files."
58

58

00:02:40,270  -->  00:02:44,270
And inside it, I'm gonna put the backdoor
59

59

00:02:44,270  -->  00:02:45,653
that we created before.
60

60

00:02:46,530  -->  00:02:50,173
So the backdoor that we created was made using veil evasion.
61

61

00:02:51,120  -->  00:02:53,550
Veil evasion actually gave us the full path of it
62

62

00:02:53,550  -->  00:02:55,920
when we created it, if you remember, or you can
63

63

00:02:55,920  -->  00:02:59,010
go back now to the lecture and have a look on it.
64

64

00:02:59,010  -->  00:03:02,650
So I'm just gonna press Ctrl+T to open a new tab
65

65

00:03:02,650  -->  00:03:07,100
and then again I'm gonna click on the path in here
66

66

00:03:07,100  -->  00:03:10,680
and I'm gonna put forward slash to manually enter the path
67

67

00:03:10,680  -->  00:03:15,680
and then we're gonna go to var/lib/veil-evasion/
68

68

00:03:18,270  -->  00:03:23,270
output/compiled hit enter and you'll see
69

69

00:03:24,640  -->  00:03:26,930
the backdoor that I created right here.
70

70

00:03:26,930  -->  00:03:29,793
We named it rev https8080.
71

71

00:03:30,670  -->  00:03:32,160
So I'm gonna copy this...
72

72

00:03:34,300  -->  00:03:35,873
And paste it in here.
73

73

00:03:38,790  -->  00:03:39,623
And that's it.
74

74

00:03:39,623  -->  00:03:42,170
Now we can download this file from the website
75

75

00:03:42,170  -->  00:03:44,333
that Kali uses, that Kali has.
76

76

00:03:45,360  -->  00:03:48,170
Now to start the web server to start the website,
77

77

00:03:48,170  -->  00:03:51,294
we have to start its service from the command prompt.
78

78

00:03:51,294  -->  00:03:56,294
To do that, we're gonna do service apache2 start.
79

79

00:03:59,360  -->  00:04:03,170
So the command is service to start the service,
80

80

00:04:03,170  -->  00:04:06,450
apache2 is the name of the web server,
81

81

00:04:06,450  -->  00:04:09,560
and then we want to start this web server.
82

82

00:04:09,560  -->  00:04:14,340
I'm gonna hit enter and because we didn't get any errors,
83

83

00:04:14,340  -->  00:04:16,893
that means the command got executed properly.
84

84

00:04:17,730  -->  00:04:22,160
Now everything is done, so the IP of the Kali machine
85

85

00:04:22,160  -->  00:04:24,440
was 10.20.14.213.
86

86

00:04:24,440  -->  00:04:26,860
It's the same IP that we're listing here.
87

87

00:04:26,860  -->  00:04:28,800
And it's the same IP that you'd get
88

88

00:04:28,800  -->  00:04:29,993
if you're on ifconfig.
89

89

00:04:31,180  -->  00:04:33,990
So I'm gonna go to my windows machine
90

90

00:04:33,990  -->  00:04:36,740
and I'm gonna navigate to my IP address
91

91

00:04:36,740  -->  00:04:41,740
of the Kali machine, which is 10.20.14.213.
92

92

00:04:42,880  -->  00:04:46,540
This will open the basic index.html that I showed you
93

93

00:04:46,540  -->  00:04:48,450
and it basically just says it works,
94

94

00:04:48,450  -->  00:04:50,510
telling us that the web server is working
95

95

00:04:50,510  -->  00:04:52,810
and the website is working.
96

96

00:04:52,810  -->  00:04:57,810
This is all inside var/www/html.
97

97

00:04:58,420  -->  00:05:00,810
So if I wanted to go to the directory
98

98

00:05:00,810  -->  00:05:03,330
where we put the backdoor,
99

99

00:05:03,330  -->  00:05:05,870
then we're just gonna go to evil-files.
100

100

00:05:05,870  -->  00:05:07,653
Because we called it evil-files.
101

101

00:05:09,600  -->  00:05:12,770
I'm gonna hit Enter and you can see the backdoor
102

102

00:05:12,770  -->  00:05:14,770
that we created in the previous lecture
103

103

00:05:14,770  -->  00:05:18,290
and we called it rev https 8080.
104

104

00:05:18,290  -->  00:05:21,350
So if I click on that, it's gonna download it for me
105

105

00:05:21,350  -->  00:05:23,580
and like I said before, this is not
106

106

00:05:23,580  -->  00:05:26,240
the smartest way to deliver the backdoor
107

107

00:05:26,240  -->  00:05:28,900
but right now all we want to do is just to test
108

108

00:05:28,900  -->  00:05:31,830
the backdoor and make sure that it works.
109

109

00:05:31,830  -->  00:05:35,283
So if I click on the downloads and run the backdoor,
110

110

00:05:36,170  -->  00:05:38,470
it's gonna tell me that this is an executable,
111

111

00:05:38,470  -->  00:05:40,250
so be careful when you run it,
112

112

00:05:40,250  -->  00:05:42,780
but this is not detecting a virus.
113

113

00:05:42,780  -->  00:05:46,380
It's literally just saying "be careful when you run EXEs."
114

114

00:05:46,380  -->  00:05:47,713
I'm gonna run it anyway.
115

115

00:05:48,600  -->  00:05:51,530
And once we come back here, you'll see
116

116

00:05:51,530  -->  00:05:55,770
that we received a connection from the target machine.
117

117

00:05:55,770  -->  00:05:58,470
So we didn't connect to the target computer,
118

118

00:05:58,470  -->  00:06:01,700
the target computer connected back to us.
119

119

00:06:01,700  -->  00:06:03,870
So you can see the IP of the target computer,
120

120

00:06:03,870  -->  00:06:08,130
which is 10.20.14.206 and that IP connected
121

121

00:06:08,130  -->  00:06:12,773
back to us on port 8080, right here.
122

122

00:06:14,130  -->  00:06:18,080
So basically now we have full control over that computer.
123

123

00:06:18,080  -->  00:06:21,600
Right here, you can see that we have meterpreter session.
124

124

00:06:21,600  -->  00:06:23,810
What meterpreter allows us to do is literally
125

125

00:06:23,810  -->  00:06:25,910
do anything that the user can do
126

126

00:06:25,910  -->  00:06:27,460
on their computer.
127

127

00:06:27,460  -->  00:06:29,810
So we'll see how we can use the meterpreter
128

128

00:06:29,810  -->  00:06:32,180
later on in the post-connection attacks.
129

129

00:06:32,180  -->  00:06:35,890
For now, we can see that the backdoor is working
130

130

00:06:35,890  -->  00:06:37,547
and if we do sysinfo...
131

131

00:06:40,610  -->  00:06:41,443
you can see
132

132

00:06:41,443  -->  00:06:45,570
that we are inside the MSEDGEWIN10 machine.
133

133

00:06:45,570  -->  00:06:49,020
It's a windows 10 right here, it's x64,
134

134

00:06:49,020  -->  00:06:54,020
it uses English US, and it uses a meterpreter x86
135

135

00:06:54,500  -->  00:06:56,040
for windows.
136

136

00:06:56,040  -->  00:06:58,670
So as I said, now we can do anything we want on
137

137

00:06:58,670  -->  00:07:00,870
the target machine and we'll talk about how
138

138

00:07:00,870  -->  00:07:03,150
to use the meterpreter later on in
139

139

00:07:03,150  -->  00:07:04,730
the post-connection section.
140

140

00:07:04,730  -->  00:07:07,830
But again, basically right now, we hacked
141

141

00:07:07,830  -->  00:07:11,143
the target computer and we have full control over it.