1 1 00:00:00,900 --> 00:00:03,420 Okay, now that we have our script ready, 2 2 00:00:03,420 --> 00:00:06,020 in this lecture, I'm gonna show you how to compile it 3 3 00:00:06,020 --> 00:00:09,243 to an executable and how to change its icon. 4 4 00:00:10,280 --> 00:00:13,353 The script is written in a scripting language called AutoIt. 5 5 00:00:14,277 --> 00:00:17,040 Now AutoIt doesn't come pre-installed in Kali 6 6 00:00:17,040 --> 00:00:19,890 but it gets installed when you install Ville 7 7 00:00:19,890 --> 00:00:22,590 and since we're using a Ville backdoor, then there's no way 8 8 00:00:22,590 --> 00:00:25,100 you can be at this point without installing Ville, 9 9 00:00:25,100 --> 00:00:27,917 that's why I'm not gonna cover how to install AutoIt 10 10 00:00:27,917 --> 00:00:29,640 but you can literally just download it 11 11 00:00:29,640 --> 00:00:31,363 and run the installer using line. 12 12 00:00:32,300 --> 00:00:35,360 So AutoIt should be already installed for you by now 13 13 00:00:35,360 --> 00:00:39,320 and now all we have to do is first rename this file 14 14 00:00:39,320 --> 00:00:44,133 and change the extension from a .txt to a .au3. 15 15 00:00:46,560 --> 00:00:51,000 Then, we're gonna go to All Programs and look for compile, 16 16 00:00:51,000 --> 00:00:54,210 so I'm gonna type in compile in here and you'll see 17 17 00:00:54,210 --> 00:00:55,930 that I have the application 18 18 00:00:55,930 --> 00:00:58,900 that will compile AutoIT scripts for me. 19 19 00:00:58,900 --> 00:01:00,200 So I'm gonna click on that 20 20 00:01:02,280 --> 00:01:04,410 and this is very, very simple as you can see. 21 21 00:01:04,410 --> 00:01:06,370 The first thing that it asks you for 22 22 00:01:06,370 --> 00:01:08,710 is the source AutoIt script 23 23 00:01:08,710 --> 00:01:10,550 and that's the file that we made. 24 24 00:01:10,550 --> 00:01:14,270 So I'm just gonna click on Browse and you'd have to navigate 25 25 00:01:14,270 --> 00:01:18,040 to downloads from here but I'm already in downloads 26 26 00:01:18,040 --> 00:01:21,830 so I'm just gonna click on it and click on open. 27 27 00:01:21,830 --> 00:01:23,910 You can also set where it's gonna be stored 28 28 00:01:23,910 --> 00:01:27,830 but I'm just gonna keep it to be stored at the downloads. 29 29 00:01:27,830 --> 00:01:31,260 And then you can see here, you can actually change the icon 30 30 00:01:31,260 --> 00:01:33,290 and use a custom icon. 31 31 00:01:33,290 --> 00:01:36,390 To do this, we'll have to first download an icon 32 32 00:01:36,390 --> 00:01:38,720 that represents our file. 33 33 00:01:38,720 --> 00:01:42,070 Now, if your file was a PDF, then you can just come 34 34 00:01:42,070 --> 00:01:45,120 into this website which is called IconArchive 35 35 00:01:45,120 --> 00:01:48,690 and then download, just look for a PDF or a mp3 36 36 00:01:48,690 --> 00:01:51,770 and you'll see icons that represent these files. 37 37 00:01:51,770 --> 00:01:56,310 However, in my case, I'm trying to use an image as the file 38 38 00:01:56,310 --> 00:01:59,790 that the person sees and Windows usually shows a preview 39 39 00:01:59,790 --> 00:02:01,710 of the image, it doesn't really show 40 40 00:02:01,710 --> 00:02:03,990 a specific icon for images. 41 41 00:02:03,990 --> 00:02:06,200 So what I wanna do is I wanna convert 42 42 00:02:06,200 --> 00:02:09,820 the GT-R image to an icon and to do that, 43 43 00:02:09,820 --> 00:02:14,363 I'm just gonna go to Google and just google image to ico. 44 44 00:02:15,340 --> 00:02:18,870 Now I've actually tried a few of them and the best one 45 45 00:02:18,870 --> 00:02:23,800 that preserve the quality was this one, RW Designer. 46 46 00:02:23,800 --> 00:02:26,700 So you can try different ones on your own time 47 47 00:02:26,700 --> 00:02:30,110 and what you wanna do now is download the image 48 48 00:02:30,110 --> 00:02:33,290 that you want to make an icon of and in my case, 49 49 00:02:33,290 --> 00:02:35,930 I want the same image that the person will see. 50 50 00:02:35,930 --> 00:02:37,490 So I'm just gonna save it 51 51 00:02:39,770 --> 00:02:42,230 and save it in the downloads, that's fine 52 52 00:02:43,470 --> 00:02:47,140 and then in here, we're gonna go to Browse to select it 53 53 00:02:48,230 --> 00:02:50,510 and we have the image here, double click 54 54 00:02:51,910 --> 00:02:54,020 and then we're gonna keep this to icon 55 55 00:02:54,020 --> 00:02:56,280 for Windows seven or Vista, that's fine 56 56 00:02:57,210 --> 00:02:59,670 and I'm just gonna click on download. 57 57 00:02:59,670 --> 00:03:03,640 This will convert it to an icon from here .ico. 58 58 00:03:03,640 --> 00:03:06,370 So I can just click on OK to save it and then 59 59 00:03:06,370 --> 00:03:08,800 I'm gonna go back to my compiler 60 60 00:03:10,900 --> 00:03:13,800 and we're gonna set the option in here, the icon, 61 61 00:03:13,800 --> 00:03:16,890 I'm gonna click on Browse and select the icon 62 62 00:03:16,890 --> 00:03:18,520 that we just downloaded. 63 63 00:03:18,520 --> 00:03:20,820 Now again, in your case, you might have to navigate 64 64 00:03:20,820 --> 00:03:24,670 to root from here and then go to downloads 65 65 00:03:25,710 --> 00:03:27,970 and then we have the icon in here, 66 66 00:03:27,970 --> 00:03:30,030 the one that we just created. 67 67 00:03:30,030 --> 00:03:33,020 I'm gonna click on open and that's it, 68 68 00:03:33,020 --> 00:03:34,760 all the options are set. 69 69 00:03:34,760 --> 00:03:38,130 So all we had to do for this is set the location 70 70 00:03:38,130 --> 00:03:42,023 for the script and then set the icon in here. 71 71 00:03:43,240 --> 00:03:44,630 I'm gonna click on convert 72 72 00:03:45,720 --> 00:03:48,520 and that has generated the file for me. 73 73 00:03:48,520 --> 00:03:51,913 Gonna click on OK and I'm just gonna close everything. 74 74 00:03:54,850 --> 00:03:57,460 Now you can see we have the executable in here. 75 75 00:03:57,460 --> 00:04:02,180 So this is a .exe and this one was the old script. 76 76 00:04:02,180 --> 00:04:04,310 So when you're sending to the target, 77 77 00:04:04,310 --> 00:04:07,423 you wanna be sending the exe, the executable here. 78 78 00:04:08,310 --> 00:04:11,150 I'm just gonna rename this to gtr image 79 79 00:04:13,450 --> 00:04:16,760 and then I'm gonna copy it and I'm gonna put it 80 80 00:04:16,760 --> 00:04:21,760 in my web server at var/wwwhtml/evil-files/. 81 81 00:04:25,300 --> 00:04:28,210 Before downloading this at the target computer, 82 82 00:04:28,210 --> 00:04:31,560 you wanna listen for incoming connections from Metasploit 83 83 00:04:31,560 --> 00:04:34,010 and I have showed you how to do that before. 84 84 00:04:34,010 --> 00:04:36,370 So right now, I'm only gonna do show options 85 85 00:04:36,370 --> 00:04:38,470 to show you the options that I have set 86 86 00:04:38,470 --> 00:04:40,600 and if you don't remember how to do this, 87 87 00:04:40,600 --> 00:04:42,800 then please go back to the listening 88 88 00:04:42,800 --> 00:04:44,730 for incoming connections lecture 89 89 00:04:44,730 --> 00:04:47,390 as I explained all of this in details. 90 90 00:04:47,390 --> 00:04:49,830 For now, I'm only gonna do exploit 91 91 00:04:49,830 --> 00:04:52,060 to wait for incoming connections. 92 92 00:04:52,060 --> 00:04:55,040 Now everything is ready, I'm gonna go to the Windows machine 93 93 00:04:55,040 --> 00:04:57,420 and download the file. 94 94 00:04:57,420 --> 00:04:58,460 So the file is gonna be 95 95 00:04:58,460 --> 00:05:03,460 at http//10.20.14.213/evil-files/gtr-image.exe. 96 96 00:05:06,530 --> 00:05:09,193 I'm gonna hit enter and we're gonna save the file. 97 97 00:05:14,370 --> 00:05:19,020 And as you can see, we see a file that has an icon, 98 98 00:05:19,020 --> 00:05:22,640 that's an image icon which has a preview of the image 99 99 00:05:22,640 --> 00:05:27,410 so it's very representative and if we double click this file 100 100 00:05:27,410 --> 00:05:32,410 and run it, you see that we get an image that corresponds 101 101 00:05:32,540 --> 00:05:37,100 to the icon but if we go to the Kali machine, 102 102 00:05:37,100 --> 00:05:40,140 you'll see that we got a meterpreter session here 103 103 00:05:40,140 --> 00:05:43,060 and basically now we hacked into the target computer 104 104 00:05:43,060 --> 00:05:45,990 and we can do anything that we want there. 105 105 00:05:45,990 --> 00:05:47,840 So just to confirm, I'm gonna sysinfo 106 106 00:05:50,870 --> 00:05:53,950 and as you can see now, we're inside the target computer 107 107 00:05:53,950 --> 00:05:55,910 and we have full access to it. 108 108 00:05:55,910 --> 00:05:58,700 We managed to do this with a file that has an icon 109 109 00:05:58,700 --> 00:06:01,370 of an image and actually displayed an image 110 110 00:06:01,370 --> 00:06:03,110 to the target person. 111 111 00:06:03,110 --> 00:06:06,120 And like I said, this method can be used to combine 112 112 00:06:06,120 --> 00:06:09,980 our backdoor or evil file with any file that you want 113 113 00:06:09,980 --> 00:06:13,280 with an image, with a PDF, with a song or anything 114 114 00:06:13,280 --> 00:06:15,523 that the target person is interested in.