1
00:00:00,240 --> 00:00:05,820
Hello everybody and welcome to our final test of our backdoor and command control center.

2
00:00:05,820 --> 00:00:11,280
Now what they did for this lecture I installed Windows 7 virtual machine that I'm going to test with

3
00:00:11,280 --> 00:00:12,780
my Windows 10 virtual machine.

4
00:00:13,380 --> 00:00:18,750
I compiled a backdoor made it look like an image copied it to the desktop on my windows sent machine

5
00:00:19,020 --> 00:00:23,850
and I also copied it to the desktop or it might be in the seven machine.

6
00:00:23,850 --> 00:00:29,040
Now we're going to test these two programs together and see whether we can accept both of the connections

7
00:00:29,040 --> 00:00:32,730
to our command and control center at the same time.

8
00:00:32,850 --> 00:00:34,350
I haven't tested it before.

9
00:00:34,410 --> 00:00:38,910
So let's see whether it will work if there are some errors we're going to fix them.

10
00:00:39,000 --> 00:00:41,460
Let's first run the command and control center.

11
00:00:41,460 --> 00:00:42,830
Go to your clinics.

12
00:00:43,010 --> 00:00:49,130
Go to your backdoor project and type by on 3 command and control that B Why.

13
00:00:49,200 --> 00:00:51,630
It says waiting for the incoming connections.

14
00:00:51,630 --> 00:00:56,900
So let's go and run the first program which is going to be under windows 7 machine.

15
00:00:56,970 --> 00:01:03,420
Now in case you don't have two windows machines I will I will make sure to link in the resources our

16
00:01:03,420 --> 00:01:07,160
tutorial on how to install Windows 7 virtual machine.

17
00:01:07,410 --> 00:01:11,910
Then you can create two virtual environments running Windows and you can test your command and control

18
00:01:11,910 --> 00:01:14,040
center with the backdoor.

19
00:01:14,040 --> 00:01:15,900
Now let's run this program.

20
00:01:15,960 --> 00:01:21,850
I double click click on run it will open up an image.

21
00:01:22,480 --> 00:01:25,990
Everything seems to work correctly nothing else is being opened up.

22
00:01:26,080 --> 00:01:27,250
Then this image.

23
00:01:27,310 --> 00:01:30,660
Let's go back to Kelly clinics and see whether we got the connection.

24
00:01:30,700 --> 00:01:32,220
We're still waiting for the connection.

25
00:01:32,230 --> 00:01:34,860
But that is because of that 20 seconds timeout.

26
00:01:34,870 --> 00:01:39,230
So let's just wait a few more seconds and the connection should pop up right here.

27
00:01:39,820 --> 00:01:40,090
OK.

28
00:01:40,120 --> 00:01:41,170
So here it is.

29
00:01:41,200 --> 00:01:42,370
We got the message.

30
00:01:42,370 --> 00:01:46,220
When I do that 168 16 6 has connected.

31
00:01:46,420 --> 00:01:51,310
Now if we tried to run the command for example targets which is the command in order to list all of

32
00:01:51,310 --> 00:01:54,820
the available sessions we only have one session.

33
00:01:54,880 --> 00:01:58,680
Now let's see whether we can enter this session and execute commands there.

34
00:01:58,750 --> 00:02:06,430
If we type session zero and type of what might we get to the output that we are John P.C. which is my

35
00:02:06,430 --> 00:02:09,060
windows 7 machine.

36
00:02:09,060 --> 00:02:14,920
Now if we want to for example quit the session we can simply just go and type quit and type targets

37
00:02:14,920 --> 00:02:19,440
once again try to enter the session once again type who am I.

38
00:02:20,260 --> 00:02:23,350
And this time this session will not work.

39
00:02:23,350 --> 00:02:24,790
That is something that we need to fix.

40
00:02:24,790 --> 00:02:25,940
So this is the first bug.

41
00:02:25,960 --> 00:02:30,880
Make sure to keep it in mind right now what we are going to do is we are going to try to see whether

42
00:02:30,880 --> 00:02:33,310
we can connect the second target.

43
00:02:33,310 --> 00:02:38,930
Let's first of all close the command the control center run it again.

44
00:02:39,010 --> 00:02:41,020
Python 3 command control center.

45
00:02:41,040 --> 00:02:44,180
Pete why not let's run both of these programs.

46
00:02:44,260 --> 00:02:47,780
We run pictures of JPEG on our windows 7 machine.

47
00:02:47,830 --> 00:02:48,850
It seems to work.

48
00:02:48,910 --> 00:02:49,330
Let's go.

49
00:02:49,330 --> 00:02:51,220
No we understand machine and run.

50
00:02:51,220 --> 00:02:55,810
Once again picture the JPEG.

51
00:02:55,910 --> 00:02:57,890
This seems to work on Windows 10 as well.

52
00:02:57,890 --> 00:02:59,110
We open up the image.

53
00:02:59,120 --> 00:03:04,410
Let's go to our clinics and see whether we get both connections prompted to us.

54
00:03:04,550 --> 00:03:07,250
We got the connection from the windows 7 machine.

55
00:03:07,250 --> 00:03:12,460
Now we are waiting for the connection of Windows 10 machine.

56
00:03:12,490 --> 00:03:13,240
Here it is.

57
00:03:13,240 --> 00:03:15,490
We got both sessions connected.

58
00:03:15,490 --> 00:03:19,050
Now if we tried to print the sessions we did targets command.

59
00:03:19,060 --> 00:03:22,350
We can see we have session zero and session 1.

60
00:03:22,480 --> 00:03:27,000
Let's first enter the session one silo type session one type.

61
00:03:27,000 --> 00:03:28,120
Who am I.

62
00:03:28,120 --> 00:03:30,190
This should be Windows 10 machine.

63
00:03:30,190 --> 00:03:31,090
Here it is.

64
00:03:31,090 --> 00:03:38,070
If I type quit it for closed the session but it will still remain inside of our command control center.

65
00:03:38,230 --> 00:03:39,700
And that is something that we need to fix.

66
00:03:39,700 --> 00:03:46,060
But let's first of all go to session zero point my and this works as well.

67
00:03:46,790 --> 00:03:49,810
OK so let's quit these sessions.

68
00:03:49,810 --> 00:03:51,670
Actually the command control center.

69
00:03:51,670 --> 00:03:56,080
And now let's see what we need to fix in order for us to be able to switch between sessions without

70
00:03:56,080 --> 00:03:57,480
closing them.

71
00:03:57,550 --> 00:04:01,180
So let's go to our pie chart inside of our back door project.

72
00:04:01,630 --> 00:04:06,200
Right here we can add an else if statement.

73
00:04:06,200 --> 00:04:11,890
Else if command equals equals 2 for example background which will indicate that we want to background

74
00:04:11,920 --> 00:04:18,880
the session we can simply just pass instead of using quit which will break out of this loop the background

75
00:04:18,880 --> 00:04:23,650
will simply pass and go to the beginning of the while True loop and there it will wait for the second

76
00:04:23,650 --> 00:04:26,100
command which can be for hours.

77
00:04:26,470 --> 00:04:31,690
That's why we want to background that session in case we want to get back to it later on now that we

78
00:04:31,690 --> 00:04:32,490
fix that.

79
00:04:32,530 --> 00:04:33,830
Let's test it once again.

80
00:04:33,820 --> 00:04:40,740
I'm going to compile the program once again and then we'll see whether it works OK.

81
00:04:40,750 --> 00:04:46,240
So here it is I compile the fixed version of backdoor after we added the elusive statement for the background

82
00:04:46,240 --> 00:04:47,140
comment.

83
00:04:47,140 --> 00:04:49,340
Now let's see whether it will work.

84
00:04:49,480 --> 00:04:54,610
But before we even start we need to make sure that the inside of our command the control center we also

85
00:04:54,610 --> 00:05:00,400
input the background command to go to the target communication function and below the quit if statement

86
00:05:00,430 --> 00:05:10,720
we can add else if comment equals equals background then we will break out of this loop.

87
00:05:10,720 --> 00:05:15,760
Now the reason why we are breaking out of this loop inside of our server is because we want to break

88
00:05:15,760 --> 00:05:20,410
out of the target communication and go back to the wild True loop which is our command control center

89
00:05:21,490 --> 00:05:25,820
and in our back door we only want to pass and go to the beginning of the wild troop.

90
00:05:26,650 --> 00:05:34,510
So let's test our program type in Python 3 command control center the B by waiting for the incoming

91
00:05:34,510 --> 00:05:35,220
connections.

92
00:05:35,260 --> 00:05:37,860
Let's run the program on our windows 10 machine.

93
00:05:38,200 --> 00:05:40,930
Let's also run the program on windows 7 machine

94
00:05:45,920 --> 00:05:51,730
here on Windows 7 we got the image open let's close it's right here and a number of understand machine

95
00:05:51,740 --> 00:05:55,880
we also got the image open and let's close it right here.

96
00:05:56,240 --> 00:06:00,540
What we are interested in is whether we've got the connections on our command and control.

97
00:06:00,800 --> 00:06:04,070
Let's wait for just a few seconds and see whether we get the connections.

98
00:06:04,730 --> 00:06:05,010
OK.

99
00:06:05,030 --> 00:06:11,320
So here is the first one and here is the second connection both of our machines have connected to our

100
00:06:11,320 --> 00:06:12,670
command and control.

101
00:06:12,670 --> 00:06:15,620
Now let's see whether we can switch between those two sessions.

102
00:06:15,640 --> 00:06:19,880
If I type Target's command we will get all of our available sessions with their idea.

103
00:06:20,110 --> 00:06:24,130
Let's enter session one type who am I.

104
00:06:24,250 --> 00:06:26,450
We are the John B C so this is Windows 7.

105
00:06:26,470 --> 00:06:32,650
And now if we type background it will return me to the command to control and if I type session once

106
00:06:32,650 --> 00:06:39,970
again for targets pardon me if we type targets once again and we want to enter back to our windows 7

107
00:06:39,970 --> 00:06:43,460
machine and enter session 0 once again type who am I.

108
00:06:43,480 --> 00:06:48,610
We can still execute the command so we can switch between two different sessions we can background this

109
00:06:48,610 --> 00:06:54,190
one and go into session with windows then machine if I type am I.

110
00:06:54,850 --> 00:07:00,040
Now we get to the output for we understand machine and we can go back and forth as long as we want we

111
00:07:00,040 --> 00:07:05,710
can also execute other commands such as for example screenshot which we implemented into our backdoor

112
00:07:06,640 --> 00:07:11,950
once we entered the screenshot for our we understand machine we can then back around it clear the screen

113
00:07:12,070 --> 00:07:20,910
and go back to the machine of Windows 7 and execute this screenshot there as well if we want okay.

114
00:07:20,960 --> 00:07:25,790
So now that we see that we can navigate between different sessions let us see whether we can send the

115
00:07:25,790 --> 00:07:34,670
same command to both of the machines if I type send all and I want the command to be make their test

116
00:07:35,360 --> 00:07:40,180
what this command will do is it will create the directory or folder on both of the machines called the

117
00:07:40,180 --> 00:07:47,780
test if I type enter we will get the output that to both of the machines the the command has been sent

118
00:07:47,840 --> 00:07:54,560
so let's check it out first of all and go to windows 7 machine let's refresh right here for some reason

119
00:07:54,770 --> 00:08:05,280
we don't get the test directory let us first see on our windows 10 machine for some reason this doesn't

120
00:08:05,280 --> 00:08:15,820
seem to work let's refresh and give it another try well let's type right here if we type send call let's

121
00:08:15,820 --> 00:08:26,870
for example type M.K. dear folder now if you go to Windows 7 machine refresh this page we still.

122
00:08:26,870 --> 00:08:28,900
Get the folder.

123
00:08:29,750 --> 00:08:30,040
Ok.

124
00:08:30,070 --> 00:08:35,290
So I think I found the problem and the problem is in the M.K. dear command since that is done the command

125
00:08:35,330 --> 00:08:40,660
doesn't work for some reason therefore there is not really any problem with public code we can execute

126
00:08:40,690 --> 00:08:41,350
other commands.

127
00:08:41,350 --> 00:08:43,660
If we try for example let me show you.

128
00:08:43,720 --> 00:08:48,150
If we type send all first of all let's clear the screen so we can see everything better.

129
00:08:48,160 --> 00:08:54,170
And if I type send all and for example I want to open notepad so send or notepad.

130
00:08:54,280 --> 00:09:00,160
Click on enter you will see that on our windows 10 machine the notepad will open.

131
00:09:00,160 --> 00:09:03,660
If we go to Windows 7 machine the notepad will also open.

132
00:09:03,700 --> 00:09:08,960
So we successfully sent the command which was executed by both of these machines.

133
00:09:08,980 --> 00:09:14,860
Now if it for example want to attack with the details some Web site you could either upload a file and

134
00:09:14,860 --> 00:09:21,720
run that file on all of the machines with this command or I can simply just send all the command to

135
00:09:21,760 --> 00:09:26,940
ping and let's say for example we want to ping our clinic's machine and that's why I started my white

136
00:09:26,980 --> 00:09:30,650
shark to show you the ICMP packets.

137
00:09:30,670 --> 00:09:35,980
The goal here is to get the ICMP packets from both Windows 7 and Windows 10 machines.

138
00:09:35,980 --> 00:09:41,280
If we do get from both of those machines that means we successfully pinged from all of our targets that

139
00:09:41,280 --> 00:09:42,580
are connected.

140
00:09:42,580 --> 00:09:48,610
So let's go and send this command send all ping one I to do that 168 dot one dot four which is the IP

141
00:09:48,610 --> 00:09:51,020
address on my clinics press enter.

142
00:09:51,160 --> 00:09:52,330
The command has been sent.

143
00:09:52,330 --> 00:09:58,090
And if I go to my virus shark we can see that we are getting the ICMP packets from two different IP

144
00:09:58,090 --> 00:10:04,710
addresses here is from the IP address one to do it at 168 that found six and from the IP address one

145
00:10:04,720 --> 00:10:06,390
I did two that 168.

146
00:10:06,400 --> 00:10:07,390
Not one but two.

147
00:10:07,990 --> 00:10:09,050
OK.

148
00:10:09,190 --> 00:10:12,980
So our central function works correctly.

149
00:10:13,060 --> 00:10:18,760
Now there are two more things that we need to check and that is the kill function and the exit function.

150
00:10:19,000 --> 00:10:24,580
If we type targets we will see our available sessions we can execute the commands in both of these sessions

151
00:10:24,670 --> 00:10:25,750
as we can see right here

152
00:10:31,380 --> 00:10:36,940
but what if for example I want to kill session zero I want to kill the session with windows 7 machine

153
00:10:37,530 --> 00:10:43,470
well I could simply just type kill and then zero which is the idea session of our windows 7 machine

154
00:10:44,760 --> 00:10:52,080
press enter and if I type targets once again right now I will only have one session left and that session

155
00:10:52,080 --> 00:10:57,810
will be the session with my Windows 10 machine and you will notice that right now the windows 10 machine

156
00:10:58,020 --> 00:11:04,560
will become session with the IDF zero so we can no longer exit with either one we right now exit with

157
00:11:04,560 --> 00:11:11,880
IP zero so let's try it if I type session zero typo my it is no longer windows 7 machine since we deleted

158
00:11:11,880 --> 00:11:15,580
it and removed it from our sessions it is Windows 10 machine.

159
00:11:15,860 --> 00:11:22,230
OK so that one works as well let's background it and now let's try the last command which is the exit

160
00:11:22,230 --> 00:11:29,490
comment if I type exit we successfully exit our command and control center so everything works correctly

161
00:11:29,970 --> 00:11:35,490
we have a server that can accept multiple connections that can send one commands to all of the target

162
00:11:35,490 --> 00:11:41,220
systems that will execute them simultaneously we can switch between different sessions and communicate

163
00:11:41,250 --> 00:11:47,910
with each and every target as we like so we accomplished our goal this project by far is the hard this

164
00:11:47,910 --> 00:11:53,520
project where we code our threaded server because it might actually take some time for you to understand

165
00:11:53,580 --> 00:11:58,020
all the code but on four you can go over the videos one more time and you will understand it a whole

166
00:11:58,020 --> 00:12:02,070
lot better you also have the code at the end of the lecture so you don't need to call it yourself you

167
00:12:02,070 --> 00:12:06,870
can simply just download the code and follow along the tutorials as they explain what each and every

168
00:12:06,870 --> 00:12:11,430
line do in case next to all of that you have any other questions regarding the code.

169
00:12:11,460 --> 00:12:14,430
Feel free to post them in the Q and A section.

170
00:12:14,430 --> 00:12:14,760
OK.

171
00:12:15,060 --> 00:12:19,350
So thank you for watching this project and I will see you in the next lecture by.