1 00:00:01,140 --> 00:00:01,740 Hello again. 2 00:00:01,770 --> 00:00:08,280 We are on our final stage of the excellent development section for small 5.5 and this time it is time 3 00:00:08,280 --> 00:00:09,840 to generate our payloads. 4 00:00:10,170 --> 00:00:19,710 Now, previously we have eliminated our bad characters and we also have located our jobs for construction 5 00:00:19,920 --> 00:00:23,100 as well as bypass the outer space layout randomization. 6 00:00:24,390 --> 00:00:30,360 So at this point, you should generate a payload with the command and the stuff that I'm Dashti Windows 7 00:00:31,200 --> 00:00:33,230 Shell Reverse GCP. 8 00:00:35,680 --> 00:00:39,010 Co-host because 1921681 2110. 9 00:00:39,220 --> 00:00:42,210 Remember, this IP address could be any thing. 10 00:00:42,220 --> 00:00:45,850 You just need to go use the IP config command where I have config. 11 00:00:48,490 --> 00:00:49,000 Refinement. 12 00:00:52,830 --> 00:00:54,660 So for you it will be different. 13 00:00:59,590 --> 00:01:03,290 We'll have a listen on four, four, four, three format and see. 14 00:01:04,849 --> 00:01:06,260 Eliminate our bad characters. 15 00:01:07,010 --> 00:01:07,370 Sorry. 16 00:01:09,470 --> 00:01:13,010 Which is 00080. 17 00:01:15,500 --> 00:01:17,240 Architecture x86. 18 00:01:19,170 --> 00:01:19,950 Platform. 19 00:01:20,920 --> 00:01:21,490 Windows. 20 00:01:36,880 --> 00:01:38,290 Copy and paste this. 21 00:01:48,590 --> 00:01:50,450 Take note of the file size right here. 22 00:02:00,430 --> 00:02:04,690 Actually, this should change to my thought. 23 00:02:18,290 --> 00:02:18,890 There we go. 24 00:02:26,820 --> 00:02:31,440 Let's copy all of this, including the payload size, the. 25 00:02:42,670 --> 00:02:46,360 Common this out and take notice 351 bytes. 26 00:02:50,440 --> 00:02:51,490 Change the bumper. 27 00:02:57,590 --> 00:03:00,950 And then add this as see. 28 00:03:02,630 --> 00:03:04,970 Let's try to add a party of 16 knots. 29 00:03:10,260 --> 00:03:14,190 Plus the shelter for us. 30 00:03:15,670 --> 00:03:25,570 The main buffer sees 100 -206 minus four for the return address, -16 for the sled. 31 00:03:26,670 --> 00:03:29,760 -351 for the buffer. 32 00:03:34,410 --> 00:03:35,460 Oh, Tom at the sound. 33 00:03:47,630 --> 00:03:49,730 Just checking to see if I have something to do. 34 00:03:50,870 --> 00:03:51,170 Yeah. 35 00:03:51,170 --> 00:03:51,920 The math is right. 36 00:03:55,660 --> 00:03:57,790 So let's start a natural listener. 37 00:04:03,350 --> 00:04:04,910 Let's restart this process. 38 00:04:15,360 --> 00:04:16,470 Very soon, this trader. 39 00:04:17,970 --> 00:04:18,690 Attach. 40 00:04:30,430 --> 00:04:31,370 Have a run. 41 00:04:40,290 --> 00:04:41,130 Keep playing. 42 00:04:44,950 --> 00:04:45,940 And we got our show. 43 00:04:55,490 --> 00:05:00,800 So what would be the first thing you want to do when you finally own the system? 44 00:05:02,380 --> 00:05:07,930 Well, actually, let's just try this again one more time, because I don't think you guys were visualizing 45 00:05:07,930 --> 00:05:08,740 what was going on. 46 00:05:08,920 --> 00:05:11,800 You just saw this happen there. 47 00:05:14,450 --> 00:05:18,560 So lesser moved out to Bulger because that department keeps on positive things. 48 00:05:18,960 --> 00:05:20,240 And let's just start the service. 49 00:05:23,110 --> 00:05:23,560 Start. 50 00:05:29,670 --> 00:05:33,720 Out of the three python. 51 00:05:35,330 --> 00:05:35,810 To you. 52 00:05:35,810 --> 00:05:36,220 To me. 53 00:05:36,530 --> 00:05:41,360 BUZZER In there, we get a reversal from the Explorer program. 54 00:05:41,840 --> 00:05:47,090 So one of the first things you want to do is make yourself persistent and that will be easier. 55 00:05:48,350 --> 00:05:49,580 Let's say he was attacked. 56 00:05:50,450 --> 00:05:51,470 Attack slash. 57 00:05:51,470 --> 00:05:57,470 And then you want to add that user to the administrators group.