1
00:00:00,420 --> 00:00:04,020
Hello everyone and welcome to our command and control center section.

2
00:00:04,020 --> 00:00:08,640
And in this section we're going to create the server that will be able to accept and maintain multiple

3
00:00:08,640 --> 00:00:10,470
connections at once.

4
00:00:10,470 --> 00:00:15,480
Now this will not be a coding a long section because our program will more likely be the same as the

5
00:00:15,480 --> 00:00:17,540
server from the previous project.

6
00:00:17,610 --> 00:00:20,920
It will just have some minor changes that we are going to go through.

7
00:00:20,970 --> 00:00:26,430
Now of course you will have the program available to download at the end of this section so you can

8
00:00:26,430 --> 00:00:29,400
simply just download it and follow this trial along.

9
00:00:29,700 --> 00:00:34,520
I'm going to explain what we changed what we added and why we added it.

10
00:00:34,560 --> 00:00:34,890
OK.

11
00:00:35,100 --> 00:00:37,110
So let's get straight into it.

12
00:00:37,230 --> 00:00:42,360
What they did for this project is I didn't really create a new project I just created the new file inside

13
00:00:42,360 --> 00:00:47,880
of our backdoor project which are named command and control that be wired for this program.

14
00:00:47,880 --> 00:00:52,890
We are going to need to import additional library which is going to be the threading library.

15
00:00:52,890 --> 00:00:59,550
And down here you will notice that they copied the entire server code from our previous server all of

16
00:00:59,550 --> 00:01:05,730
the functions such as reliable receive reliable sent upload file download file and target communication

17
00:01:06,120 --> 00:01:08,580
all was copied to this program.

18
00:01:08,580 --> 00:01:15,960
All of those functions and in each and every function we added another parameter which is the target

19
00:01:16,020 --> 00:01:19,390
parameter as we can see right here.

20
00:01:19,700 --> 00:01:23,510
The reason why we added this target parameter to each and every function.

21
00:01:23,600 --> 00:01:30,110
I will explain in just a few seconds but let's go down for now and go to the new part of the program.

22
00:01:30,140 --> 00:01:32,480
So here is where the program actually starts.

23
00:01:32,480 --> 00:01:37,460
We declared two different lists the targets list which is going to store all of the socket descriptors

24
00:01:37,460 --> 00:01:42,700
from all of the machines from all of the target machines that are going to connect to us and the eyepiece

25
00:01:42,740 --> 00:01:47,080
list will store all of the IP addresses from all of the target machines.

26
00:01:47,090 --> 00:01:51,300
We also declare a stop flag variable which I'll explain also in just a second.

27
00:01:51,320 --> 00:01:53,010
And we said to be false.

28
00:01:53,360 --> 00:01:58,850
We then declare the socket object we bind to an IP address with this port we listen for the five incoming

29
00:01:58,850 --> 00:02:03,420
connection and now we start the thread on a function called accept connections.

30
00:02:03,440 --> 00:02:04,570
This function is new.

31
00:02:04,580 --> 00:02:05,960
It was not in our server.

32
00:02:05,960 --> 00:02:07,190
So here it is right here.

33
00:02:07,490 --> 00:02:10,850
And what this function does is it simply checks for this top flag.

34
00:02:10,850 --> 00:02:15,470
If the stop flag is equal to False it will continue with the execution of this part of the program.

35
00:02:15,530 --> 00:02:20,720
If the stop flag is equal to true then it will break out of this while True loop and then close this

36
00:02:20,720 --> 00:02:22,970
thread or this function.

37
00:02:22,970 --> 00:02:26,960
And what this function does it is simply just accepts the connection.

38
00:02:26,960 --> 00:02:31,580
The reason why we need to run it on a separate thread is because we also want to be able to communicate

39
00:02:31,580 --> 00:02:36,710
with other machines that have already connected at the same time as this thread is running and accepting

40
00:02:36,740 --> 00:02:39,260
new connections as we can see right here.

41
00:02:39,260 --> 00:02:45,740
We tried to store the socket objects inside of Target and IP then we append to these two values to the

42
00:02:45,740 --> 00:02:51,770
target list and the IP list the socket descriptor goes to the target's list and the IP address to the

43
00:02:51,770 --> 00:02:53,820
target goes to the IP list.

44
00:02:53,870 --> 00:02:57,210
Then we prints to the screen that the target has connected.

45
00:02:57,290 --> 00:02:58,470
All right.

46
00:02:58,640 --> 00:03:03,300
Once we do that we enter another while loop which this is the new part of the program.

47
00:03:03,350 --> 00:03:07,790
It is rather the same or it has the same idea as our server just.

48
00:03:07,790 --> 00:03:09,770
It has some different commands.

49
00:03:09,770 --> 00:03:13,040
These are not the commands that we use to communicate with one target.

50
00:03:13,040 --> 00:03:18,560
This will be the command that will we use to communicate with our command and control server as we can

51
00:03:18,560 --> 00:03:24,340
see a first prompt for the user of our program to enter the command if command equals the targets.

52
00:03:24,350 --> 00:03:29,280
That means that the user wants to print all of the targets that are connected to our server.

53
00:03:29,480 --> 00:03:31,610
Therefore we will create a counter variable.

54
00:03:31,610 --> 00:03:37,100
We will set it to be equal to zero and then we will iterate over a piece list which is the list that

55
00:03:37,100 --> 00:03:38,850
we created at the beginning of the program.

56
00:03:38,900 --> 00:03:40,320
In case you don't remember.

57
00:03:40,340 --> 00:03:43,510
And we also append all the new connections to that list.

58
00:03:43,730 --> 00:03:46,860
We will iterate for each IP in that IP list.

59
00:03:46,920 --> 00:03:53,750
We will print that session with its own I.D. which will be equal to the counter number at that specific

60
00:03:53,750 --> 00:03:54,760
iteration.

61
00:03:55,040 --> 00:04:00,740
And why I say at that specific iteration is because we increase the counter by one every time we print

62
00:04:00,830 --> 00:04:01,940
an IP address.

63
00:04:02,030 --> 00:04:07,820
Therefore each and every session and each and every connection will have its own I.D. that we will use

64
00:04:07,820 --> 00:04:12,540
throughout the rest of the comments to communicate with those specific sessions.

65
00:04:12,590 --> 00:04:16,870
The next comment needs no explaining this is something that we used in our server as well.

66
00:04:16,910 --> 00:04:18,590
We simply just want to clear the screen.

67
00:04:18,680 --> 00:04:24,050
Once we have too much information on our desktop we simply just want to clear and get rid of all of

68
00:04:24,050 --> 00:04:25,660
that information.

69
00:04:25,670 --> 00:04:26,550
All right.

70
00:04:26,690 --> 00:04:32,270
The third command is the command which we compare first seven characters with session.

71
00:04:32,270 --> 00:04:35,360
The reason why we do that is because the command will look something like this.

72
00:04:35,380 --> 00:04:43,000
So session 8 what this indicates is that we want to enter the shell function with the session 8.

73
00:04:43,030 --> 00:04:45,780
So we only want to communicate with Section 8.

74
00:04:46,220 --> 00:04:52,160
What we do with this command is the first split this numbers to we create a variable called NUM and

75
00:04:52,160 --> 00:04:57,890
then we split from the eight character which is cutting out 4 seven and empty space and leaving only

76
00:04:57,890 --> 00:05:02,160
the number which we then convert to integer and store it inside of num.

77
00:05:02,570 --> 00:05:09,470
Then we select that target from the target's list or from the target socket descriptors using this idea

78
00:05:09,470 --> 00:05:10,820
right here.

79
00:05:10,820 --> 00:05:13,240
Remember this number will be the session idea.

80
00:05:13,310 --> 00:05:18,260
Therefore once we select the town number to be equal to targets and then from the eighth element we

81
00:05:18,260 --> 00:05:21,710
will get the exact same target that we want.

82
00:05:21,710 --> 00:05:23,300
We also want to get its IP address.

83
00:05:23,330 --> 00:05:26,880
So we use the same with the IP as list using the same number.

84
00:05:27,080 --> 00:05:31,580
After we do that we then enter the target communication with these two values.

85
00:05:31,760 --> 00:05:37,100
And let me just read this before I show you where I showed the part where we actually added these two

86
00:05:37,100 --> 00:05:39,260
parameters to our target communication.

87
00:05:39,560 --> 00:05:43,670
And that is what I mentioned at the beginning of the program we had to add those two variables so we

88
00:05:43,670 --> 00:05:50,180
can communicate with the exact targets that we want to hear we added target and IP and in each and every

89
00:05:50,180 --> 00:05:51,920
function we also use the target.

90
00:05:52,010 --> 00:05:57,910
So we make sure that we know with which target we communicate with all the rest of the commands are

91
00:05:57,910 --> 00:06:00,720
from our servers so nothing really to explain here.

92
00:06:00,790 --> 00:06:01,900
Everything is the same.

93
00:06:02,800 --> 00:06:04,780
And now let's go all the way down.

94
00:06:04,870 --> 00:06:06,850
Explain the rest of the code.

95
00:06:06,970 --> 00:06:12,370
The next command that we can run is exit and this exit command simply indicates that we want to close

96
00:06:12,400 --> 00:06:16,040
our command and control center with this Exit command.

97
00:06:16,150 --> 00:06:18,940
All of the connections with our targets will be terminated.

98
00:06:18,940 --> 00:06:20,470
We do that inside of our for loop.

99
00:06:20,470 --> 00:06:24,010
So for each target it targets list we reliable sent.

100
00:06:24,040 --> 00:06:29,200
So we use our reliable send function to send to that specific target the equipped command.

101
00:06:29,200 --> 00:06:33,790
And if you remember from our server the quick comment indicates that we want to close the connection

102
00:06:33,790 --> 00:06:35,040
with the target.

103
00:06:35,320 --> 00:06:39,870
Then we closed the socket for the target and then we closed our own socket.

104
00:06:40,000 --> 00:06:45,820
And also let's not forget to set this top flag to be equal to true so accept connections function can

105
00:06:45,880 --> 00:06:47,360
also terminate.

106
00:06:47,410 --> 00:06:53,560
Remember once the sub flag equals the true the function will stop it because we have this break statement.

107
00:06:53,590 --> 00:06:54,400
OK.

108
00:06:54,520 --> 00:06:58,450
So let's go down onto the next command which is killer.

109
00:06:58,540 --> 00:07:04,090
Now this Q command can be a little bit tricky because it is used to only terminate one session.

110
00:07:04,090 --> 00:07:06,890
So for example let's say we have five sessions available.

111
00:07:06,940 --> 00:07:12,760
We don't really want to terminate all five of them and we only want to terminate session number three.

112
00:07:12,880 --> 00:07:18,580
That's why we will type the command which will look something like this kill three and this kill will

113
00:07:18,580 --> 00:07:19,810
be compared with this command.

114
00:07:19,810 --> 00:07:26,060
So first four characters and these three will be the session I.D. that we get from the target's command.

115
00:07:26,170 --> 00:07:30,550
Once the target's command prints out all of the available sessions with their I.D. we will know which

116
00:07:30,550 --> 00:07:37,870
session belongs to which I.D. then we can kill session number three if we want which we do by setting

117
00:07:37,870 --> 00:07:42,880
up the target first or the target socket descriptor will be equal to Target's list and then the integer

118
00:07:43,300 --> 00:07:50,590
of the number that we specified next to kill the IP will be the same thing just with IP as list then

119
00:07:50,590 --> 00:07:55,510
we use reliable send function again to send only to that one target Dick with command.

120
00:07:55,820 --> 00:08:00,990
We then close that target socket object and we remove that target from our lists.

121
00:08:01,090 --> 00:08:03,270
So it no longer stays there.

122
00:08:03,490 --> 00:08:09,170
And the last but not least the command which is one of the most importance is the send all command.

123
00:08:09,190 --> 00:08:14,200
Now they send all command also requires us to add some part of the code inside of our backdoor which

124
00:08:14,200 --> 00:08:17,550
I'll show in just a second but let's cover it first here.

125
00:08:17,560 --> 00:08:23,560
So we compared the command with sent all and this Central Command simply does as it says it sends the

126
00:08:23,560 --> 00:08:29,370
command to all the targets that are connected we first of all initiate a variable which is going to

127
00:08:29,370 --> 00:08:32,120
be the length of the target list.

128
00:08:32,130 --> 00:08:35,210
We print x so we know how many targets would have connected.

129
00:08:35,310 --> 00:08:39,910
We set the eye variable to be equal to zero and then we enter a while loop.

130
00:08:39,930 --> 00:08:42,460
So while I is smaller than x.

131
00:08:42,540 --> 00:08:48,300
So while this right here is smaller than the number of targets that we have connected we will select

132
00:08:48,390 --> 00:08:50,340
each and every target like this.

133
00:08:50,340 --> 00:08:57,480
And then we will reliable sent that command to that target in any other case if for some reason that

134
00:08:57,480 --> 00:08:59,740
doesn't work we will print failed.

135
00:09:00,750 --> 00:09:05,610
So this is just another way that we can iterate over targets we select the amount of targets that we

136
00:09:05,610 --> 00:09:12,270
have and then we initiate the counter to be equal to zero and then we use this in order to send a command

137
00:09:12,270 --> 00:09:13,510
to each and every target.

138
00:09:13,560 --> 00:09:18,750
And there is one line missing right here which is we need to of course increase by at the end of this

139
00:09:18,750 --> 00:09:19,080
slope.

140
00:09:19,080 --> 00:09:25,240
So I plus equals one so this will iterate as long as we have targets connected.

141
00:09:25,270 --> 00:09:32,520
And once it finishes it will send a command to all of the targets and in the final ELTs case work prints

142
00:09:32,530 --> 00:09:35,360
to the screen that the command doesn't exist.

143
00:09:35,650 --> 00:09:39,220
And this else is a part of this bigger ls if statement.

144
00:09:40,080 --> 00:09:40,500
OK.

145
00:09:41,110 --> 00:09:43,840
So this is our entire command and control center.

146
00:09:43,840 --> 00:09:48,160
Feel free to go over this video one more time in case there is something that you do not understand

147
00:09:48,160 --> 00:09:53,710
because this program can be a little bit tricky of course also feel free to ask a question in Q and

148
00:09:53,710 --> 00:09:55,360
A section if you'd like.

149
00:09:55,360 --> 00:10:00,580
And right now let's add the part of the code that is missing from the backdoor in order for this send

150
00:10:00,640 --> 00:10:02,680
all function to work.

151
00:10:02,680 --> 00:10:10,190
We need to go to our backdoor scroll all the way down into our shell function and add an else statement.

152
00:10:10,300 --> 00:10:12,570
This ls if statement will be elusive.

153
00:10:12,580 --> 00:10:25,950
Command and then the first seven characters equal equal to send all we didn't want to execute that comment.

154
00:10:25,970 --> 00:10:32,660
So some process that be open and the command itself will be what comes after they sent all.

155
00:10:32,760 --> 00:10:36,720
That's why we need to strip this and all with the empty space of command.

156
00:10:36,920 --> 00:10:43,620
And then from the eighth character till the end and we need to set the other parameters as well such

157
00:10:43,620 --> 00:10:54,690
as Shell equals two and let's copy the rest of the parameters from the line above like this asserted

158
00:10:54,750 --> 00:11:00,920
in also equals to sub process that pipe.

159
00:11:00,940 --> 00:11:01,270
Okay.

160
00:11:01,840 --> 00:11:03,850
So these two lines are basically the same.

161
00:11:03,850 --> 00:11:10,300
Just in this line where we use the Central Command we strip the first eight characters and we also don't

162
00:11:10,300 --> 00:11:15,850
store it anywhere as we do inside of this statement right here where we want to execute it since we

163
00:11:15,850 --> 00:11:17,710
are not really returning any output.

164
00:11:17,740 --> 00:11:19,840
That's why we don't need to store it.

165
00:11:19,840 --> 00:11:22,480
We only want to execute that command.

166
00:11:22,480 --> 00:11:22,750
Okay.

167
00:11:22,780 --> 00:11:28,570
So now that everything is set to go in the next video we're going to perform the final test of our backdoor

168
00:11:28,840 --> 00:11:32,800
and our command and control center and see how they all work together.

169
00:11:33,290 --> 00:11:33,640
Okay.

170
00:11:34,000 --> 00:11:34,840
Thank you for watching.

171
00:11:34,900 --> 00:11:37,840
And I will see you in the next lecture by.