1
00:00:00,720 --> 00:00:04,380
Hello, everyone, welcome to your new video of our Python lessons.

2
00:00:05,370 --> 00:00:10,170
Today, we will be talking about how to send shall code and injected over socket in Python.

3
00:00:11,760 --> 00:00:16,230
First of all, let's see how we create an interpreter payload in raw format.

4
00:00:36,520 --> 00:00:44,530
OK, our show code is ready in order for us to open and read this show code binary file, we need to

5
00:00:44,530 --> 00:00:49,360
use the open function in Python with the RB attributes for read binary.

6
00:00:50,890 --> 00:00:56,560
Let's take a look at our server file now after I modified it to Central Code and we will explain each

7
00:00:56,560 --> 00:00:56,890
line.

8
00:01:07,430 --> 00:01:11,850
First, we ask the user to type IP and port to connect back to.

9
00:01:13,340 --> 00:01:18,450
Next, we have our massive venom command to create our binary payload.

10
00:01:20,840 --> 00:01:25,400
Then we execute the command using the subprocess module that we discussed before.

11
00:01:29,840 --> 00:01:36,440
Next, we read the show code binary file using the open function with the R attributes for reading binary.

12
00:01:40,470 --> 00:01:43,830
After we read it, we save it in a rebel called code,

13
00:01:47,850 --> 00:01:53,580
then we list our clients again using the list of clients function that we created before, and we ask

14
00:01:53,580 --> 00:01:56,460
the user which target he wants to send it to.

15
00:02:00,190 --> 00:02:06,670
After that, we use our fulu to match the number he gave us with the one in the list, but before we

16
00:02:06,670 --> 00:02:12,490
send our Sherko to the target, we need to tell the client that we are sending Shoket so the client

17
00:02:12,490 --> 00:02:14,500
would call the right function to do that.

18
00:02:15,100 --> 00:02:17,230
After that, we send our code.

19
00:02:23,400 --> 00:02:26,660
Now, let's look at the client and see what's happening at the other side.

20
00:02:42,460 --> 00:02:51,550
At the client line number four seven, if we see the word geocode in our data, we call a function called

21
00:02:52,090 --> 00:02:53,410
inject shortcode.

22
00:02:55,570 --> 00:02:57,280
Let's take a look at this function now.

23
00:03:01,390 --> 00:03:09,550
In this function, we received the show code using the socket to receive function and then we prepare

24
00:03:09,550 --> 00:03:14,420
and we prepare our memory for the show code, as you saw in our slides.

25
00:03:15,310 --> 00:03:21,940
Keep in mind that we are injecting the code into a running process with the number four zero six nine.

26
00:03:24,550 --> 00:03:28,270
So we need to know the process number you're injecting to beforehand.

27
00:03:32,270 --> 00:03:35,630
We can know that using the task force command from the command prompt.

28
00:03:45,980 --> 00:03:54,170
Let's try and inject our Chalco into our calculator application, we will first open our calc application

29
00:03:54,170 --> 00:03:56,900
and get its process idea from our DOS command.

30
00:04:15,870 --> 00:04:20,280
As you can see, the process ID is four zero five six.

31
00:04:23,160 --> 00:04:28,170
Of course, you can make this more flexible by using by asking the client for the running processes

32
00:04:28,170 --> 00:04:33,600
from the server side and then provide the client with the process idea to inject you.

33
00:04:34,290 --> 00:04:37,950
But for the sake of testing, we will hardcoded our cost side here.

34
00:04:51,230 --> 00:04:57,350
OK, now, after we hardcoded or post decided, let's try and get our Chalco, the first, we need to

35
00:04:57,350 --> 00:05:01,850
open another emissive console window to receive the show code when it connects back to us.

36
00:07:02,440 --> 00:07:02,700
Nice.

37
00:07:03,340 --> 00:07:05,860
It's working, we just received an interpreter payload.

38
00:07:08,350 --> 00:07:13,300
This method is very effective since we are not writing any files on disk at the client side.

39
00:07:14,230 --> 00:07:20,050
We're basically receiving the show code in memory and also execute executing it without writing anything

40
00:07:20,050 --> 00:07:20,470
on this.

41
00:07:22,840 --> 00:07:24,480
We have reached the end of this lesson.

42
00:07:24,640 --> 00:07:25,240
Thank you.

43
00:07:25,240 --> 00:07:26,320
And see you in the next one.