1
00:00:00,300 --> 00:00:01,230
Welcome back.

2
00:00:01,410 --> 00:00:09,000
In this video, I want to show you a cool way that you can make your executable seem and look like another

3
00:00:09,000 --> 00:00:09,630
file.

4
00:00:09,780 --> 00:00:16,320
So what I'm going to do right now is I'm going to mask our shell trick that we created from the previous

5
00:00:16,320 --> 00:00:19,650
video to look like a car image.

6
00:00:20,010 --> 00:00:23,730
And what you will need for this is you're going to need a car image.

7
00:00:23,730 --> 00:00:26,880
Or basically it doesn't even have to be an image or a car.

8
00:00:26,880 --> 00:00:29,100
It can be any file type that you want.

9
00:00:29,130 --> 00:00:32,220
If you want to create it to be a PDF file, you can.

10
00:00:32,220 --> 00:00:36,090
If you want to create it to be a JPEG file, you can just follow along.

11
00:00:36,090 --> 00:00:39,750
And the process of doing that is the same for every file type.

12
00:00:40,200 --> 00:00:46,620
So two things you're going to need a file that you want your executable to look like and the executable

13
00:00:46,620 --> 00:00:47,270
itself.

14
00:00:47,280 --> 00:00:52,560
So this is the same payload from the previous video, which is the regular Windows Shell.

15
00:00:52,980 --> 00:00:57,090
And what I'm going to do is I'm going to copy it to the desktop real quick.

16
00:00:57,690 --> 00:01:01,980
And once you got these two files on your desktop, you are ready to go.

17
00:01:02,280 --> 00:01:08,580
Now, the first thing that we must do is we must make an icon file from this PNG file.

18
00:01:08,730 --> 00:01:10,620
And how can we do that?

19
00:01:10,620 --> 00:01:17,130
Well, we can just open the Google Chrome or any search engine and type PNG to icon.

20
00:01:18,370 --> 00:01:24,280
You can navigate to the first link in case you chose a PNG file and it will lead you to this convert

21
00:01:24,280 --> 00:01:32,080
icon for it allows us to simply just upload our PNG image and it will create an icon file with that

22
00:01:32,080 --> 00:01:32,620
image.

23
00:01:32,620 --> 00:01:34,480
So I'm going to lower the screen.

24
00:01:36,340 --> 00:01:38,050
Then, as it says right here.

25
00:01:38,050 --> 00:01:39,460
Drop your files.

26
00:01:39,460 --> 00:01:40,810
I will drop it right here.

27
00:01:41,290 --> 00:01:42,850
It will take a few seconds.

28
00:01:42,850 --> 00:01:43,720
And right here.

29
00:01:43,720 --> 00:01:46,090
Our file should appear once it's done.

30
00:01:46,880 --> 00:01:50,330
Here at this we can download it by pressing this arrow.

31
00:01:51,220 --> 00:01:54,900
And it will download the car dot echo file for us.

32
00:01:54,910 --> 00:01:57,010
So I'm going to show it in folder.

33
00:01:57,040 --> 00:02:00,070
Paste it on my desktop and now we're good to go.

34
00:02:00,100 --> 00:02:02,770
We got the card that PAG, which is the image.

35
00:02:02,770 --> 00:02:09,550
We got this card, that icon which we're going to use to make our executable, have this icon right

36
00:02:09,550 --> 00:02:16,990
here and we're going to merge it with this PNG image in order for once the target executes our program,

37
00:02:16,990 --> 00:02:19,030
it also opens this image.

38
00:02:19,300 --> 00:02:20,920
Let me show you how it would look like.

39
00:02:20,920 --> 00:02:27,670
So all you want to do, you want to select these two files, right click on them and click Add to archive.

40
00:02:28,060 --> 00:02:30,070
Click on this right here.

41
00:02:30,070 --> 00:02:32,230
There are a few settings that we must set.

42
00:02:32,230 --> 00:02:35,080
First, our high format should be zip.

43
00:02:35,750 --> 00:02:36,350
Right here.

44
00:02:36,350 --> 00:02:38,990
You want to check, create, SFX or Hive?

45
00:02:39,440 --> 00:02:41,990
And here you can name your file whatever you want.

46
00:02:42,020 --> 00:02:47,870
The only bad thing about this is that it will have an extension, but most of the people don't have

47
00:02:47,870 --> 00:02:52,610
extensions enabled on their Windows system, so this will not present that big of a problem.

48
00:02:52,860 --> 00:02:58,040
Okay, so let's go right here and call it car XY.

49
00:02:59,050 --> 00:03:04,060
Then I want to go to the advanced step and click right here on SFX Options.

50
00:03:04,720 --> 00:03:10,000
This will open this small window and we want to go through each step and set the settings accordingly.

51
00:03:10,000 --> 00:03:15,790
In the update tab, you want to click extract and update files, and in the overwrite mode you want

52
00:03:15,790 --> 00:03:17,740
to overwrite all files.

53
00:03:18,310 --> 00:03:24,760
Then if I go to text an icon tab here, we want to click on this load SFX icon from the file.

54
00:03:24,790 --> 00:03:28,870
Click on Browse, find the icon file that you just created.

55
00:03:29,020 --> 00:03:32,170
In my case, it is on my desktop, so I'm going to select it.

56
00:03:32,740 --> 00:03:35,350
Once you do that, you can move on to the next step.

57
00:03:35,350 --> 00:03:39,020
So in the list tab, there is nothing that we want to set here.

58
00:03:39,040 --> 00:03:41,170
Also, there is nothing that we want to set.

59
00:03:41,200 --> 00:03:48,700
If I go to the advanced nothing in modes, we want to click on hide all and unpack to a temporary folder

60
00:03:49,060 --> 00:03:50,510
after it in the setup.

61
00:03:50,530 --> 00:03:52,900
We want to write both of our file names.

62
00:03:52,900 --> 00:03:58,340
So in the run after extraction we want to type right here shell dot to exceed.

63
00:03:58,360 --> 00:04:01,880
Just make sure you type the files name right here correctly.

64
00:04:01,900 --> 00:04:08,530
So Shell dot tc is our executable and car dot pag is our image.

65
00:04:09,220 --> 00:04:09,550
Okay.

66
00:04:09,550 --> 00:04:10,060
Good.

67
00:04:10,150 --> 00:04:12,530
Under the general, nothing here to do.

68
00:04:12,550 --> 00:04:15,520
So once you set all of those options, you can click on, okay?

69
00:04:15,520 --> 00:04:18,339
And you can click right here on okay as well.

70
00:04:18,700 --> 00:04:20,140
And here it is.

71
00:04:20,140 --> 00:04:23,350
We got the text on our desktop.

72
00:04:23,830 --> 00:04:25,900
It has the icon of this image.

73
00:04:25,900 --> 00:04:30,280
And once we go and execute it, it should also open this image.

74
00:04:30,280 --> 00:04:33,070
But in the background it should also run our shell.

75
00:04:33,220 --> 00:04:35,320
Tfsi Let's test it out.

76
00:04:35,320 --> 00:04:38,710
But first we must set up our listener.

77
00:04:38,710 --> 00:04:40,360
So open terminal.

78
00:04:42,140 --> 00:04:43,610
Run MSF console.

79
00:04:45,320 --> 00:04:47,290
Let's set up our listener.

80
00:04:47,300 --> 00:04:52,490
So multi handler set payable to be regular windows interpreter.

81
00:04:53,330 --> 00:04:57,800
Reverse dhcp ll host will be the IP address.

82
00:04:57,800 --> 00:05:03,110
All my linux machine and LL Port if I remember correctly was 5555.

83
00:05:03,260 --> 00:05:05,030
Now I can run this.

84
00:05:05,270 --> 00:05:09,380
This will start the listener and if I go to my desktop and execute this file.

85
00:05:10,070 --> 00:05:17,000
Well, for some reason it seems to have only opened this metal shell and it didn't open the image.

86
00:05:17,010 --> 00:05:22,970
And this is something that happens sometimes so we can try to change some of the settings in order to

87
00:05:22,970 --> 00:05:23,570
make this work.

88
00:05:23,570 --> 00:05:26,540
But in this case, it was just a late opening.

89
00:05:26,540 --> 00:05:27,890
So here is the image.

90
00:05:27,920 --> 00:05:31,670
It opened right now for some reason that took a few seconds.

91
00:05:31,670 --> 00:05:37,190
So let's just run it once again just to see whether it will open faster right now.

92
00:05:37,190 --> 00:05:41,530
So I will run the listener once again and open cardiac.

93
00:05:43,130 --> 00:05:48,140
It still seems to take some time, even though our metal shell is open.

94
00:05:48,620 --> 00:05:56,150
So what we can do instead of this is we can, first of all, exit this shell, close this image that

95
00:05:56,150 --> 00:06:03,320
opened 10 seconds after we execute it and we can start the MSV console again, delete this file and

96
00:06:03,320 --> 00:06:08,810
we're going to change one setting which will hopefully make our file execute faster.

97
00:06:09,110 --> 00:06:11,090
So let's go once again, zip here.

98
00:06:11,090 --> 00:06:18,680
We want to name the file to be hard to see under the advanced SFX options and here under the setup is

99
00:06:18,680 --> 00:06:19,790
something that we want to change.

100
00:06:19,790 --> 00:06:22,820
So last time we specified the shell dot first.

101
00:06:22,820 --> 00:06:30,440
Right now we're going to specify current PNG first and under it I'm going to specify Shell Dot TC,

102
00:06:30,800 --> 00:06:33,950
then I'm going to click right here, hide all.

103
00:06:34,660 --> 00:06:35,530
In the general.

104
00:06:35,530 --> 00:06:37,060
Nothing in the update.

105
00:06:37,060 --> 00:06:38,620
Extract and update files.

106
00:06:38,620 --> 00:06:40,160
Overwrite all files.

107
00:06:40,180 --> 00:06:41,440
Text an icon.

108
00:06:41,440 --> 00:06:45,310
Lets select our icon file in the license and module.

109
00:06:45,310 --> 00:06:46,600
There is nothing, so let just click on.

110
00:06:46,610 --> 00:06:47,140
Okay.

111
00:06:47,170 --> 00:06:49,270
It will create our file once again.

112
00:06:49,780 --> 00:06:51,640
Not sure why I close them as a console.

113
00:06:51,640 --> 00:06:52,000
When?

114
00:06:52,000 --> 00:06:57,490
Right now we're going to set up our listener again and multi handler.

115
00:06:59,880 --> 00:07:00,860
Later, Peter.

116
00:07:03,120 --> 00:07:08,280
Set the outpost and the airport.

117
00:07:09,780 --> 00:07:10,950
We want to run it.

118
00:07:12,040 --> 00:07:16,750
Run the file and now it opens the image straight away.

119
00:07:17,680 --> 00:07:24,460
So just make sure that you specify the image name first and then after it you can specify the shell

120
00:07:24,460 --> 00:07:24,980
name.

121
00:07:25,000 --> 00:07:27,970
And here we also got the interpreter session opened.

122
00:07:28,300 --> 00:07:30,370
We can execute commands as usual.

123
00:07:30,400 --> 00:07:33,190
So our program works good.

124
00:07:33,220 --> 00:07:35,440
It has an icon of an image.

125
00:07:35,470 --> 00:07:36,980
It also opens an image.

126
00:07:37,000 --> 00:07:39,580
The only problem is this extension.

127
00:07:39,580 --> 00:07:45,310
And there are some of the ways that you can fix this and make it seem like it doesn't have any extension.

128
00:07:45,310 --> 00:07:50,470
But most of those ways automatically get detected by any antivirus out there.

129
00:07:51,010 --> 00:07:52,110
Okay, great.

130
00:07:52,120 --> 00:07:57,730
Now that we cover this, we are ready to finally get into the post exploitation section.

131
00:07:57,730 --> 00:08:04,510
And here we're going to go into details with the interpreter shell, what options it has and what post

132
00:08:04,510 --> 00:08:08,620
exploitation modules we can run after hacking the target.

133
00:08:08,770 --> 00:08:10,090
See in the next video.