1
00:00:00,950 --> 00:00:01,640
Welcome back.

2
00:00:02,150 --> 00:00:08,420
In this video, I want to talk about yet another tool that we can use for Paillot creation, and that

3
00:00:08,420 --> 00:00:10,850
tool is called the Fat Rat.

4
00:00:11,590 --> 00:00:13,480
I know, right, why the name?

5
00:00:14,300 --> 00:00:20,390
Anyway, this is a tool that we have available on GitHub, so let's go real quick and download it from

6
00:00:20,390 --> 00:00:21,500
the GitHub repository.

7
00:00:22,020 --> 00:00:23,900
If I typing in the search bar.

8
00:00:23,900 --> 00:00:28,280
Vatterott GitHub, it should lead me to this first link where I want to click on.

9
00:00:28,730 --> 00:00:35,750
And once it opens this page, we want to copy the link to this tool and get clone it inside of our desktop

10
00:00:35,750 --> 00:00:36,370
directory.

11
00:00:36,920 --> 00:00:41,860
Now you will notice right here that I already have the tool downloaded, so we'll not be cloning it

12
00:00:41,870 --> 00:00:42,590
right now.

13
00:00:43,160 --> 00:00:46,610
The good thing for this tool is that on to get a page.

14
00:00:46,610 --> 00:00:51,790
If I scroll down here, we have the commands for the exact installation of this tool.

15
00:00:52,250 --> 00:00:59,540
So first we get the tool itself, then we change directory to the tool folder and we run this command

16
00:00:59,540 --> 00:01:00,050
right here.

17
00:01:00,410 --> 00:01:05,590
Since I did all of this, you do this first and then we can go and start to talk.

18
00:01:06,350 --> 00:01:07,600
OK, did you do it?

19
00:01:07,880 --> 00:01:14,780
Let's go and start to now keep in mind, one starting this tool, you must enter the root terminal.

20
00:01:14,930 --> 00:01:21,680
And we do that as usual with pseudo as you comment, once they go there, I will never get to the desktop

21
00:01:21,680 --> 00:01:28,070
and to the fat read directly if I type, unless we should see this file called Fatfat.

22
00:01:28,220 --> 00:01:30,000
And that is the tool itself.

23
00:01:30,080 --> 00:01:36,800
So in order to run it, we can just type its name inside of the terminal press enter and this will start

24
00:01:36,800 --> 00:01:37,670
the tool for us.

25
00:01:38,640 --> 00:01:43,080
You will notice that the toll is rather similar to all of the previous tolls that we use for Paillot

26
00:01:43,080 --> 00:01:45,360
creation, so there is nothing really new here.

27
00:01:45,480 --> 00:01:50,640
We're just experimenting with different tools to see what type of payload is best for us.

28
00:01:51,170 --> 00:01:53,490
It will go right here through some of the dependencies.

29
00:01:53,490 --> 00:01:58,920
And if it doesn't have some of the files that it needs installed, it will automatically install it

30
00:01:58,920 --> 00:01:59,470
for you.

31
00:02:00,240 --> 00:02:02,670
For me, it already has all of this installed.

32
00:02:02,670 --> 00:02:08,760
So it will just prompt me with this warning that says don't upload the back doors created with the threat

33
00:02:09,000 --> 00:02:10,490
to the virus total dot com.

34
00:02:10,980 --> 00:02:12,330
So we're not going to do that.

35
00:02:12,480 --> 00:02:16,980
If the tool tells us to, we're not going to go and upload them to virus total.

36
00:02:17,850 --> 00:02:23,550
Anyway, let's see how we can create them, so I will press enter to continue here it started the service.

37
00:02:23,550 --> 00:02:26,490
PostgreSQL and I will press continue once again.

38
00:02:27,570 --> 00:02:33,190
And here it is, this is the main menu, so we got quite a few options right here.

39
00:02:33,540 --> 00:02:40,230
We can create backdoor with MSF, we can create fully undetectable Back-Door with food when we can create

40
00:02:40,230 --> 00:02:42,150
with other programs as well.

41
00:02:42,510 --> 00:02:44,090
So this is just a matter of choice.

42
00:02:44,580 --> 00:02:50,400
You can also, if you notice right here, create the back door of the APIC file, which would be for

43
00:02:50,520 --> 00:02:51,390
mobile phones.

44
00:02:51,960 --> 00:02:52,940
OK, great.

45
00:02:53,430 --> 00:02:55,200
Let us go with any one of these.

46
00:02:55,560 --> 00:03:02,420
Let's go, for example, with number six, which is great, fully undetectable Back-Door with P.W. and

47
00:03:02,470 --> 00:03:04,430
wins it says in the brackets.

48
00:03:04,440 --> 00:03:04,910
Excellent.

49
00:03:04,920 --> 00:03:10,260
But keep in mind that even though right here it says fully undetectable, it most likely won't be fully

50
00:03:10,260 --> 00:03:13,610
undetectable because this tool right here isn't that new.

51
00:03:14,280 --> 00:03:20,160
Nonetheless, let us go with number six as an option and you can go with a different option if you prefer.

52
00:03:20,190 --> 00:03:23,400
I would just go with this one for the purposes of this tutorial.

53
00:03:23,400 --> 00:03:30,840
And here we have also a few different options we can create back to see Power Shell and the bed PDF.

54
00:03:31,170 --> 00:03:34,380
We can create Vector T Metropia, the reverse DCP.

55
00:03:34,740 --> 00:03:38,520
We can create XY file with C sharpened the power shell.

56
00:03:38,550 --> 00:03:41,040
It says it is fully detectable one hundred percent.

57
00:03:41,400 --> 00:03:43,210
So let's go with that one.

58
00:03:43,260 --> 00:03:45,210
This time I will select number two.

59
00:03:46,820 --> 00:03:54,110
It will tell me right here my IPV for a local address, my IPV six address and my public IP address

60
00:03:54,140 --> 00:03:54,780
right here.

61
00:03:55,550 --> 00:04:00,350
So what I'm going to do is I'm going to set the localhost IP to be 192 of the 168.

62
00:04:00,350 --> 00:04:01,940
That one that 12.

63
00:04:03,750 --> 00:04:09,930
And I will select the Lakeport to be five five five five press enter, please enter the base name for

64
00:04:09,930 --> 00:04:10,710
output files.

65
00:04:10,710 --> 00:04:19,050
We can call this rat back door just so we know from which program it is here.

66
00:04:19,050 --> 00:04:21,900
It asks us to select which type of payload we want to create.

67
00:04:21,900 --> 00:04:25,500
And we are going to go with the good old Windows interpretor RiverCity.

68
00:04:26,190 --> 00:04:32,280
So I will select number three right here, press enter and this should create the backdoor for me.

69
00:04:33,730 --> 00:04:40,210
After a few seconds, we should have this output that says bagged, saved to this path right here and

70
00:04:40,210 --> 00:04:42,670
up here, we can see the code of our payload.

71
00:04:43,120 --> 00:04:48,940
It is inside of C sharp and we can see it calls the system function, which execute a powerful command.

72
00:04:49,660 --> 00:04:50,470
OK, great.

73
00:04:50,470 --> 00:04:53,410
So let's remember this location right here.

74
00:04:53,830 --> 00:04:55,390
Matter of fact, let's go it.

75
00:04:56,660 --> 00:04:58,670
And now we can press enter.

76
00:05:00,140 --> 00:05:05,540
Now, you will notice that this tool doesn't set the listener automatically for us, so what we are

77
00:05:05,540 --> 00:05:10,310
going to do is you can either set up a listener based on the information that you specified for the

78
00:05:10,310 --> 00:05:13,670
payload inside the second terminal using a massive console.

79
00:05:13,940 --> 00:05:17,410
Or we can go back to the menu using the number nine.

80
00:05:17,810 --> 00:05:23,600
And once it comes back to this menu, we can go and jump to a massive console straight from the threat

81
00:05:23,840 --> 00:05:25,010
with the number 10.

82
00:05:26,320 --> 00:05:27,100
OK, great.

83
00:05:27,370 --> 00:05:32,560
While the MSF council is opening, what I'm going to do is I'm going to open another terminal.

84
00:05:33,540 --> 00:05:42,010
Where I'm going to enter the root terminal first and then navigate to the path that we copied, OK,

85
00:05:42,030 --> 00:05:46,020
great by palace here and we should have read back door.

86
00:05:47,490 --> 00:05:50,190
Let's keep it to our desktop.

87
00:05:50,220 --> 00:05:51,720
So, Mr. Hacker.

88
00:05:51,720 --> 00:05:57,870
And then desktop and from the desktop, if I go and lower all of these Windows.

89
00:06:00,150 --> 00:06:03,810
We should be able to go straight to our Windows 10 machine.

90
00:06:04,530 --> 00:06:07,240
OK, great, so it is on our target machine.

91
00:06:07,620 --> 00:06:15,140
Let's set the settings inside of the massive console use exploit multi handler said payload to be remember

92
00:06:15,180 --> 00:06:18,930
Windows interpreter reverse DCP.

93
00:06:19,920 --> 00:06:25,680
And we need to set the elbows and the airport accordingly to what we set inside of our payload.

94
00:06:25,920 --> 00:06:33,690
So for me it is 180 to the 168 from the and the airport is five five five five press run.

95
00:06:34,840 --> 00:06:37,630
And if we go and run our back door.

96
00:06:38,820 --> 00:06:43,590
It will execute go back to our massive console and here is the metropolitan shelf.

97
00:06:44,070 --> 00:06:47,060
Once again, we can execute the comments that we want.

98
00:06:47,370 --> 00:06:54,120
If I type, for example, to command, this will list all of the processes running on that target machine.

99
00:06:54,660 --> 00:06:56,280
Sifa scroll all the way up.

100
00:06:58,610 --> 00:07:06,350
We should be able to find the red back door that the that we executed on the target machine, it should

101
00:07:06,350 --> 00:07:07,370
be somewhere here.

102
00:07:09,040 --> 00:07:15,610
And here it is, here is the red backorder dot Dixie, this is our file running on the target system.

103
00:07:16,210 --> 00:07:17,980
Now we know how to create payloads.

104
00:07:18,190 --> 00:07:20,470
Now there are other tools as well that we can use.

105
00:07:20,470 --> 00:07:25,210
But I will leave that for you to discover since they all work pretty much the same.

106
00:07:26,020 --> 00:07:26,440
Great.

107
00:07:26,740 --> 00:07:32,440
In the next video, we're going to check out how we can make some changes on our payloads that will

108
00:07:32,440 --> 00:07:38,140
allow us to either bypass some of the antivirus or we are going to see what we can do to the payload

109
00:07:38,140 --> 00:07:41,480
to make our target have greater chance of executing it.

110
00:07:41,920 --> 00:07:42,970
See you in the next video.