1
00:00:01,890 --> 00:00:02,250
All right.

2
00:00:02,250 --> 00:00:08,070
So right before we start with our first exercise, I want to explain to you what has changed in the

3
00:00:08,070 --> 00:00:09,960
summer 2022 remastering.

4
00:00:11,760 --> 00:00:18,540
So I want you to skip to this section right here, remastered section number one, because the previous

5
00:00:18,540 --> 00:00:24,120
live and binaries were running on outdated Linux virtual machines.

6
00:00:24,120 --> 00:00:28,190
And because of recent Linux updates, they no longer work.

7
00:00:28,200 --> 00:00:33,060
So now we use doctor containers locked to a specific Linux kernel version.

8
00:00:33,060 --> 00:00:38,670
So you can go ahead and check out the previous sections as viewed, but I suggest you view the old videos

9
00:00:38,670 --> 00:00:39,240
too.

10
00:00:40,050 --> 00:00:46,860
It's going to teach you a lot between the differences of Python two and three and how Shell Code is

11
00:00:46,860 --> 00:00:49,290
inserted as part of the script.

12
00:00:51,010 --> 00:00:56,410
So throughout the course you're going to notice that I use multiple penetration testing distributions.

13
00:00:56,860 --> 00:01:04,780
Linux Perrette 32, is 64 bit, but thanks to these doctor containers you're going to you don't even

14
00:01:04,780 --> 00:01:07,480
need to even have Linux.

15
00:01:07,480 --> 00:01:10,270
You just have to have a 64 bit Linux virtual machine.

16
00:01:10,270 --> 00:01:16,480
However, I recommend a penetration testing distribution because you can do things like generate a dynamic

17
00:01:16,480 --> 00:01:18,520
shell code with Metasploit, for example.

18
00:01:19,420 --> 00:01:23,950
So the doctor containers say all of the necessary debugging and exploit development tools to complete

19
00:01:23,950 --> 00:01:25,420
the exercise you have.

20
00:01:25,420 --> 00:01:33,580
The debugger included the debugger petta extensions or the newest Geoff Extensions, which is now supported.

21
00:01:34,660 --> 00:01:40,390
Also, we are going to use platform emulation to allow 32 bit containers to run on 64 bit Linux virtual

22
00:01:40,390 --> 00:01:41,110
machines.

23
00:01:44,070 --> 00:01:54,000
So Docker nowadays should be available on your standard app repo for a penetration testing distro.

24
00:01:54,030 --> 00:01:55,890
It's available on a button, too.

25
00:01:55,920 --> 00:02:03,660
It's available on Linux and Perret, but for whatever reason, they couldn't like install Docker from

26
00:02:03,660 --> 00:02:06,540
your repositories for your Linux virtual machine.

27
00:02:06,750 --> 00:02:08,250
Just take the link right here.

28
00:02:11,310 --> 00:02:14,100
So the syntax github provided is wrong.

29
00:02:14,100 --> 00:02:22,200
You do pseudo docker pull this line to download the lib HDP DB and docker container.

30
00:02:22,290 --> 00:02:29,940
But like I said before, I contain all of the tools within the container for you to create the exploit

31
00:02:29,940 --> 00:02:30,570
and run it.

32
00:02:32,640 --> 00:02:40,200
So at the release of my course back in 2019 to 2020, Python two is still being used in my exploit examples.

33
00:02:40,380 --> 00:02:47,100
Since then, Python two has been entirely deprecated and using py py to install additional modules often

34
00:02:47,100 --> 00:02:48,090
end in failure.

35
00:02:48,240 --> 00:02:55,080
However, a lot of older exploits are still written in Python two and furthermore, most debugging and

36
00:02:55,080 --> 00:02:58,590
reverse engineering tools still use their scripting interest in Python two.

37
00:02:59,250 --> 00:03:00,180
Ghidorah.

38
00:03:00,300 --> 00:03:01,830
I may cover this later on.

39
00:03:01,830 --> 00:03:09,180
I don't have a module for it yet, but ghidorah actually still uses Python two because of Python.

40
00:03:09,180 --> 00:03:16,110
Jonathan wants not updated, so it uses Python two, although you normally write these little java applets

41
00:03:16,410 --> 00:03:21,330
or source code files and ghidorah ingests the java file and runs it.

42
00:03:21,330 --> 00:03:23,670
Kind of like a script immunity debugger.

43
00:03:23,670 --> 00:03:26,340
I'm not really sure if they support Python three.

44
00:03:26,340 --> 00:03:32,280
I know that Moana was still written in Python two, so for that reason I will leave the older Python

45
00:03:32,280 --> 00:03:37,110
two videos up for reference and to explain the differences between Python two and three syntax for shell

46
00:03:37,110 --> 00:03:38,970
coding as we proceed through the course.

47
00:03:40,380 --> 00:03:46,830
So in my older videos, I reversed the bites to demonstrate Indian ness.

48
00:03:46,830 --> 00:03:53,640
You'll find that if you'll find out about that in the original lib http 1.2 videos.

49
00:03:54,330 --> 00:03:59,490
But for the most part, once you understand that you have to reverse the bytes of a memory address before

50
00:03:59,490 --> 00:04:00,600
a instruction pointer.

51
00:04:00,600 --> 00:04:03,900
Overwrite is no longer necessary to continue doing this.

52
00:04:04,050 --> 00:04:14,130
So using from struct import pack in python, you can actually just write the memory address right here.

53
00:04:14,340 --> 00:04:20,100
And for 32 bit exploits you use a capital L, make sure you use lowercase in front of it to show that

54
00:04:20,100 --> 00:04:26,700
it's little Indian if you use a greater than sign will be big Indian, which is something like a MIPS

55
00:04:27,330 --> 00:04:32,820
assembly like architecture, which is something for Iot devices.

56
00:04:33,600 --> 00:04:40,530
So for 64 bit exploits, you use a capital Q, make sure you always use the lower sign for little Indian

57
00:04:40,950 --> 00:04:44,040
and that is AMD 64 processors.

58
00:04:44,040 --> 00:04:50,520
So lowercase L memory address is 386 processors.

59
00:04:53,740 --> 00:04:58,840
So starting with the start coronary bypass module, we will introduce pone tools.

60
00:04:58,840 --> 00:05:06,490
Pone tools actually makes the building of rob chains even easier by abbreviating our previous struct

61
00:05:06,490 --> 00:05:12,650
packed line as simply p 64 rest.

62
00:05:13,030 --> 00:05:21,520
Poe tools itself has its own special interactive mode, which uses standard out and error pipes to make

63
00:05:21,520 --> 00:05:23,590
interactive use of the shell to spawn.