1
00:00:00,960 --> 00:00:03,180
‫Instructor: Hi. Within this lecture,

2
00:00:03,180 --> 00:00:05,670
‫we're going to see how we can use

3
00:00:05,670 --> 00:00:08,490
‫a tool called MsfVenom

4
00:00:08,490 --> 00:00:13,490
‫in order to create a backdoor for our Android devices.

5
00:00:13,560 --> 00:00:17,010
‫So, the tool that we're going to use

6
00:00:17,010 --> 00:00:19,920
‫is called MsfVenom, or MsfVenom,

7
00:00:19,920 --> 00:00:22,440
‫however you may want to pronounce it.

8
00:00:22,440 --> 00:00:25,320
‫Let me show you how to spell it.

9
00:00:25,320 --> 00:00:26,220
‫In order to do that,

10
00:00:26,220 --> 00:00:28,530
‫of course, you have to open your (indistinct)

11
00:00:28,530 --> 00:00:30,690
‫and you have to open your terminal

12
00:00:30,690 --> 00:00:34,020
‫and make sure you're ready to write some comments

13
00:00:34,020 --> 00:00:35,820
‫on your terminal.

14
00:00:35,820 --> 00:00:38,520
‫I believe you know how to install (indistinct),

15
00:00:38,520 --> 00:00:41,700
‫how to run it, how to run your terminal by right now.

16
00:00:41,700 --> 00:00:44,370
‫If you have skipped the previous section,

17
00:00:44,370 --> 00:00:48,153
‫make sure you go back and watch that before coming here.

18
00:00:49,470 --> 00:00:53,070
‫So, over here, we're going to use MsfVenom.

19
00:00:53,070 --> 00:00:54,930
‫And in order to do that, first of all,

20
00:00:54,930 --> 00:00:57,810
‫I'm going to type MsfVenom like this,

21
00:00:57,810 --> 00:01:01,680
‫and hit enter in order to see the documentation

22
00:01:01,680 --> 00:01:03,840
‫of the MsfVenom.

23
00:01:03,840 --> 00:01:06,720
‫Of course, we're going to write a lot of parameters,

24
00:01:06,720 --> 00:01:09,060
‫but at this point, you don't know any.

25
00:01:09,060 --> 00:01:13,050
‫So, first of all, I'm going to show you what are those.

26
00:01:13,050 --> 00:01:17,730
‫So, we use this MsfVenom in order to create back doors,

27
00:01:17,730 --> 00:01:21,450
‫in order to create some malicious files.

28
00:01:21,450 --> 00:01:24,630
‫And it all starts with payloads.

29
00:01:24,630 --> 00:01:26,460
‫So, what are payloads?

30
00:01:26,460 --> 00:01:29,940
‫We use payloads, we use this tool

31
00:01:29,940 --> 00:01:33,990
‫in order to select what kind of operating system

32
00:01:33,990 --> 00:01:37,020
‫that we are going to hack in,

33
00:01:37,020 --> 00:01:40,050
‫and what kind of session do we expect back

34
00:01:40,050 --> 00:01:43,800
‫and what kind of port and way that we should follow

35
00:01:43,800 --> 00:01:45,150
‫to hack (indistinct).

36
00:01:45,150 --> 00:01:47,310
‫So, maybe you don't know these terms.

37
00:01:47,310 --> 00:01:50,520
‫Don't worry, I'm going to explain everything.

38
00:01:50,520 --> 00:01:54,480
‫As you can see, we can see the payload over here.

39
00:01:54,480 --> 00:01:58,593
‫It's actually --payload or -p.

40
00:01:59,760 --> 00:02:02,130
‫We need to specify this payload,

41
00:02:02,130 --> 00:02:05,463
‫otherwise, we won't get any backdoor created.

42
00:02:06,480 --> 00:02:10,800
‫And remember, MsfVenom is not only for creating back doors

43
00:02:10,800 --> 00:02:14,190
‫for Android, we can create some back doors

44
00:02:14,190 --> 00:02:16,770
‫like malicious files for Windows

45
00:02:16,770 --> 00:02:19,200
‫and other platforms as well.

46
00:02:19,200 --> 00:02:21,870
‫So, we need to specify the platform.

47
00:02:21,870 --> 00:02:26,100
‫We need to specify the technology that we're going to use

48
00:02:26,100 --> 00:02:30,093
‫to hack into the target computer or target device.

49
00:02:31,200 --> 00:02:33,930
‫So, I'm going to write it down first

50
00:02:33,930 --> 00:02:37,530
‫and I'm going to explain it, part by part, to you.

51
00:02:37,530 --> 00:02:38,970
‫And we're not going to finish

52
00:02:38,970 --> 00:02:41,010
‫creating our back door in this lecture,

53
00:02:41,010 --> 00:02:44,310
‫we're just getting familiarized with MsfVenom

54
00:02:44,310 --> 00:02:48,003
‫so that we can comprehend all of this stuff.

55
00:02:49,080 --> 00:02:51,850
‫So, all you have to do just right now

56
00:02:53,634 --> 00:02:54,467
‫is to write msfvenom -p

57
00:02:58,440 --> 00:02:59,550
‫like this.

58
00:02:59,550 --> 00:03:02,130
‫So, Msf, not C,

59
00:03:02,130 --> 00:03:06,180
‫MsfVenom -p,

60
00:03:06,180 --> 00:03:09,000
‫and then we specify the payload

61
00:03:09,000 --> 00:03:12,960
‫that we are going to be using for this.

62
00:03:12,960 --> 00:03:17,160
‫So, you first chart with the operating system,

63
00:03:17,160 --> 00:03:19,860
‫like if you're going to do this for Windows,

64
00:03:19,860 --> 00:03:22,020
‫then you write Windows over here.

65
00:03:22,020 --> 00:03:24,210
‫If you're going to do this for Android,

66
00:03:24,210 --> 00:03:27,780
‫then you write Android over here. Okay?

67
00:03:27,780 --> 00:03:32,100
‫So, in our case, of course, we're going to go with Android

68
00:03:32,100 --> 00:03:34,440
‫and then you put a slash

69
00:03:34,440 --> 00:03:36,630
‫and then you write the session

70
00:03:36,630 --> 00:03:38,850
‫that you want to expect to get back.

71
00:03:38,850 --> 00:03:40,890
‫I'm going to explain this

72
00:03:40,890 --> 00:03:45,420
‫a little bit later on in this lecture, but right now,

73
00:03:45,420 --> 00:03:48,060
‫just write meterpreter.

74
00:03:48,060 --> 00:03:53,060
‫So, it's either pronounced as meterpreter or meterpreter,

75
00:03:53,880 --> 00:03:57,510
‫it depends on the country that you live in, I believe.

76
00:03:57,510 --> 00:04:00,060
‫So, I'm going to call this meterpreter

77
00:04:00,060 --> 00:04:03,190
‫and it's spelled as METER, like this.

78
00:04:04,411 --> 00:04:09,411
‫PRETER. Meterpreter.

79
00:04:09,990 --> 00:04:14,990
‫And then, put a slash and then write reverse tcp.

80
00:04:15,291 --> 00:04:17,820
‫Reverse_tcp.

81
00:04:17,820 --> 00:04:20,070
‫Don't worry, I'm going to explain.

82
00:04:20,070 --> 00:04:22,590
‫So, Android is the operating system

83
00:04:22,590 --> 00:04:25,083
‫that we 're going to be attacking, right?

84
00:04:26,010 --> 00:04:30,060
‫And you know it, and meterpreter is the session.

85
00:04:30,060 --> 00:04:34,620
‫So, this manages a session, manages the connection

86
00:04:34,620 --> 00:04:38,250
‫between the target computer or target device

87
00:04:38,250 --> 00:04:41,700
‫and the (indistinct) or attacker device.

88
00:04:41,700 --> 00:04:45,270
‫So, in this case, we're going to attack an Android phone

89
00:04:45,270 --> 00:04:49,650
‫and when Android phone connects back to us,

90
00:04:49,650 --> 00:04:52,920
‫then meterpreter will create a session.

91
00:04:52,920 --> 00:04:56,580
‫Actually, this payload will create a meterpreter session

92
00:04:56,580 --> 00:04:58,740
‫in which we manage this session,

93
00:04:58,740 --> 00:05:01,230
‫in which we manage this connection

94
00:05:01,230 --> 00:05:05,850
‫so that we can send some comments to the Android

95
00:05:05,850 --> 00:05:09,000
‫to be executed, like browsing the files

96
00:05:09,000 --> 00:05:12,990
‫or opening the camera of the phone or something like that.

97
00:05:12,990 --> 00:05:17,670
‫We do this with a session called meterpreter.

98
00:05:17,670 --> 00:05:21,510
‫It's very advanced, it has a lot of comments built in

99
00:05:21,510 --> 00:05:25,353
‫so that you can interact with the hacked device.

100
00:05:26,430 --> 00:05:29,880
‫And then, later on, we have this reverse tcp.

101
00:05:29,880 --> 00:05:34,200
‫This is the way that we are trying to hack into.

102
00:05:34,200 --> 00:05:36,660
‫We could have written over here

103
00:05:36,660 --> 00:05:41,520
‫something like reverse tcp, reverse http.

104
00:05:41,520 --> 00:05:46,050
‫So, reverse means that connection will come

105
00:05:46,050 --> 00:05:48,960
‫from Android phone to us.

106
00:05:48,960 --> 00:05:53,040
‫It won't be coming from (indistinct) to the Android phone

107
00:05:53,040 --> 00:05:55,770
‫because it will be much more detectable

108
00:05:55,770 --> 00:06:00,570
‫if we try to send the connection from here to this phone.

109
00:06:00,570 --> 00:06:04,860
‫But if we send the connection from Android phone

110
00:06:04,860 --> 00:06:09,570
‫to our (indistinct), it will be much less detectable. Okay?

111
00:06:09,570 --> 00:06:13,830
‫And actually, it's the case for the Windows

112
00:06:13,830 --> 00:06:16,560
‫and other operating systems as well.

113
00:06:16,560 --> 00:06:20,550
‫We don't use bind, we use reverse connections

114
00:06:20,550 --> 00:06:24,510
‫when we try to create back doors.

115
00:06:24,510 --> 00:06:26,460
‫So, tcp is the port,

116
00:06:26,460 --> 00:06:29,730
‫is the gate that we are trying to go in.

117
00:06:29,730 --> 00:06:34,380
‫We could have used http or https as well.

118
00:06:34,380 --> 00:06:36,480
‫In my trial and errors,

119
00:06:36,480 --> 00:06:40,950
‫I found out that reverse tcp is the way to go

120
00:06:40,950 --> 00:06:43,470
‫so that I'm going with reverse tcp.

121
00:06:43,470 --> 00:06:45,030
‫If it doesn't work for you,

122
00:06:45,030 --> 00:06:50,030
‫you can just try to create something with reverse http

123
00:06:50,490 --> 00:06:52,893
‫or https as well.

124
00:06:54,000 --> 00:06:56,520
‫So, once we do that,

125
00:06:56,520 --> 00:07:01,440
‫we're going to specify a little bit more parameters

126
00:07:01,440 --> 00:07:04,890
‫within the couple of following lectures

127
00:07:04,890 --> 00:07:09,090
‫and it will create a backdoor, a payload for us.

128
00:07:09,090 --> 00:07:13,830
‫Once we send this file to the target computer

129
00:07:13,830 --> 00:07:17,913
‫or target device, the Android, actually, in this case,

130
00:07:18,885 --> 00:07:22,350
‫once the user taps on this file,

131
00:07:22,350 --> 00:07:25,860
‫it will create a session between (indistinct)

132
00:07:25,860 --> 00:07:30,330
‫and Android phone so that we can easily access

133
00:07:30,330 --> 00:07:33,570
‫all the files and folders and command system

134
00:07:33,570 --> 00:07:37,650
‫inside of those phones or those targets.

135
00:07:37,650 --> 00:07:41,490
‫So, that's what we are trying to do within this section.

136
00:07:41,490 --> 00:07:44,940
‫So, if you have understood it, then it's very good

137
00:07:44,940 --> 00:07:47,250
‫because we're going to stop here

138
00:07:47,250 --> 00:07:49,230
‫and continue within the next lecture

139
00:07:49,230 --> 00:07:52,950
‫where we discuss the rest of the parameters

140
00:07:52,950 --> 00:07:55,443
‫that we need to put in over here.