1
00:00:00,600 --> 00:00:06,330
Hello everyone and welcome to our biggest project in this course which is going to be the back door

2
00:00:07,760 --> 00:00:08,230
now.

3
00:00:08,250 --> 00:00:13,080
Most of you will probably consider this one of the most important tools that we are going to code inside

4
00:00:13,080 --> 00:00:14,580
of this entire course.

5
00:00:14,670 --> 00:00:19,800
And you're actually right the back door and the reverse shells are something that are used all over

6
00:00:19,800 --> 00:00:24,320
the world in penetration tests in order to gain access to the target machine.

7
00:00:24,390 --> 00:00:31,150
And in order to execute commands you get different information or simply just spy on your target.

8
00:00:31,230 --> 00:00:37,530
In this project we will code and advance back door that will be able to do multiple things such as Execute

9
00:00:37,530 --> 00:00:41,030
commands start the key logger execute screenshots.

10
00:00:41,040 --> 00:00:47,480
It will also be able to hide itself inside of a registry and also inside of our hidden directory we

11
00:00:47,490 --> 00:00:52,480
will be able to upload files download files and just as a plus to all of that.

12
00:00:52,680 --> 00:00:57,930
We're also going to create a command and control server in the next project or in the next section which

13
00:00:57,930 --> 00:01:02,130
we'll be able to communicate with multiple targets at once.

14
00:01:02,130 --> 00:01:07,320
So you will be able to infect multiple targets and execute commands on multiple targets simultaneously

15
00:01:08,130 --> 00:01:11,120
as well as switch between different sessions.

16
00:01:11,220 --> 00:01:11,780
Right.

17
00:01:11,880 --> 00:01:18,870
Now before we even get to all of that let's start off with the base part which is creating the backdoor

18
00:01:19,200 --> 00:01:20,100
and the server.

19
00:01:20,430 --> 00:01:21,270
Yeah that's right.

20
00:01:21,270 --> 00:01:23,700
We will need this server as well.

21
00:01:23,700 --> 00:01:26,730
We need to create two programs inside of this project.

22
00:01:26,730 --> 00:01:31,500
One program will be our reverse shell or backdoor which we will send to the target system.

23
00:01:31,500 --> 00:01:36,150
And the second program will be the server which we will run from our killer Linux machine.

24
00:01:36,270 --> 00:01:40,620
And there we can communicate with the backdoor on the target machine.

25
00:01:40,620 --> 00:01:41,190
All right.

26
00:01:41,190 --> 00:01:46,740
So without further ado let's create those two programs out of the Create the backdoor project.

27
00:01:46,800 --> 00:01:51,010
So all we're left to do is right click on you python file.

28
00:01:51,070 --> 00:01:55,310
Let's create backdoor not be why as our first file.

29
00:01:55,500 --> 00:02:01,290
And we also need another file which is going to be server that P Why.

30
00:02:01,290 --> 00:02:01,740
All right.

31
00:02:01,770 --> 00:02:06,720
So we're going to code both of these programs simultaneously.

32
00:02:06,720 --> 00:02:11,670
Once we have the function put it backdoor for example we will also cover it in the server and so on

33
00:02:11,670 --> 00:02:12,450
and so on.

34
00:02:12,450 --> 00:02:15,650
And at the end we are going to test these two programs.

35
00:02:15,690 --> 00:02:18,780
So let's start off with initiating the connection first.

36
00:02:18,780 --> 00:02:20,420
That's the first part of everything.

37
00:02:20,420 --> 00:02:25,680
Before we even execute commands on run screenshots we need to gain access or gain connection to the

38
00:02:25,680 --> 00:02:27,210
target machine.

39
00:02:27,240 --> 00:02:33,630
So for that we are going to use the socket library and double imported inside of our server and I will

40
00:02:33,630 --> 00:02:40,320
initiate simple connection with a created the SOC object which will be socket socket.

41
00:02:40,320 --> 00:02:46,140
It will have the parameters of socket dot f underscore iiNet which stands for IP for address.

42
00:02:46,140 --> 00:02:53,760
And we will have another parameter called socket dot SOC underscore stream which stands for DCP connection

43
00:02:53,850 --> 00:02:57,440
as we want to have this connection with our target.

44
00:02:57,550 --> 00:03:06,780
Right now that would create the socket object we need to bind it with our IP address and our port for

45
00:03:06,780 --> 00:03:08,030
the purposes of this trial.

46
00:03:08,030 --> 00:03:16,200
We are going to set the port of one 27 0 0 1 or simply just the local host IP address on which we are

47
00:03:16,200 --> 00:03:19,890
going to connect to during the first few phases of our backdoor.

48
00:03:19,890 --> 00:03:24,080
Later on we are going to test it on real machines of course with real IP addresses.

49
00:03:24,090 --> 00:03:26,420
But for now this will be good.

50
00:03:26,480 --> 00:03:32,340
So we're going to bind the local host IP address with the port let's say 5 5 5 5 and you can choose

51
00:03:32,400 --> 00:03:37,420
any port you like really as long as it is a free port and nothing is being run there.

52
00:03:37,430 --> 00:03:37,880
All right.

53
00:03:37,890 --> 00:03:43,710
So now if you bind it the IP address with the port Let's print it to the screen that we're listening

54
00:03:43,710 --> 00:03:51,810
for the incoming connections and just in case why not add a colored function from the term color library

55
00:03:52,110 --> 00:03:55,380
in order to print this in different colors.

56
00:03:55,380 --> 00:04:00,330
So we are going to print this in green that we are waiting for the incoming connection or listening

57
00:04:00,330 --> 00:04:04,560
for the incoming connection that's specified in between the brackets

58
00:04:06,960 --> 00:04:12,390
listening for the incoming connections.

59
00:04:12,390 --> 00:04:12,790
All right.

60
00:04:12,810 --> 00:04:15,570
And we want to print this in green.

61
00:04:16,820 --> 00:04:22,660
So let's specify green right here and then we can listen for the connection socket.

62
00:04:22,690 --> 00:04:25,380
Listen and we specify five right here.

63
00:04:25,380 --> 00:04:31,950
Now this number five stands for that we are actually listening for five incoming connections but of

64
00:04:31,950 --> 00:04:35,790
course we are also going to manage one if we get only one connection.

65
00:04:35,790 --> 00:04:36,150
All right.

66
00:04:36,150 --> 00:04:41,570
So now that we set up our listener for the connection we can wait for the connection and then accept

67
00:04:41,580 --> 00:04:43,110
it as soon as it comes.

68
00:04:43,200 --> 00:04:49,470
We're going to create two different variables called Target and IP and those two variables are going

69
00:04:49,470 --> 00:04:55,700
to be equal to soc dot except now inside of this target variable will be the socket descriptor.

70
00:04:55,950 --> 00:05:01,770
So we're going to use the target variable in further communication and inside of the IP variable will

71
00:05:01,770 --> 00:05:06,990
be the IP address of the target machine as well as the port from where the connection is coming from

72
00:05:07,560 --> 00:05:09,320
that will be stored inside this.

73
00:05:09,670 --> 00:05:10,270
OK.

74
00:05:12,420 --> 00:05:17,640
Now that we accepted the connection we got the connection established and we can print to the screen

75
00:05:19,530 --> 00:05:23,430
as well in colored we can print

76
00:05:26,220 --> 00:05:29,820
Target connected from.

77
00:05:30,210 --> 00:05:37,500
And then we can use from and we can use our IP variable that we just declared right here.

78
00:05:37,500 --> 00:05:39,590
So we can simply just conquer out right here.

79
00:05:39,590 --> 00:05:44,550
The string of the IP remember the IP stores the IP address of the target.

80
00:05:44,550 --> 00:05:50,730
And then we want to print this in green and we are missing one bracket at the end.

81
00:05:50,730 --> 00:05:51,150
Okay.

82
00:05:51,180 --> 00:05:53,550
So now it is get.

83
00:05:53,550 --> 00:05:58,980
Remember we need to install the term color library inside of this virtual environment so flip through

84
00:05:59,040 --> 00:06:00,900
install term color

85
00:06:06,710 --> 00:06:07,010
okay.

86
00:06:07,040 --> 00:06:08,030
So here it is.

87
00:06:08,150 --> 00:06:09,860
Let's exit this terminal.

88
00:06:09,860 --> 00:06:12,980
And now this should all have a correct syntax.

89
00:06:12,980 --> 00:06:13,400
OK.

90
00:06:13,520 --> 00:06:19,370
So now that we got the connection let's go and do the same inside of our door.

91
00:06:19,880 --> 00:06:23,690
So in our backdoor we actually need to connect to this server.

92
00:06:23,720 --> 00:06:26,490
So we don't need to bind the ports or accept the connections.

93
00:06:26,540 --> 00:06:30,390
All we need to do is create the socket descriptor and connect to our server.

94
00:06:30,410 --> 00:06:31,820
So let's do that.

95
00:06:32,090 --> 00:06:36,140
We first of all are going to import a socket library.

96
00:06:36,320 --> 00:06:41,600
Then we will declare the socket object and we are going to call it s instead of just SOC.

97
00:06:41,600 --> 00:06:44,540
So we don't confuse these two programs inside of server.

98
00:06:44,540 --> 00:06:48,990
We're going to call it sock and inside of backdoor we'll call it s..

99
00:06:49,040 --> 00:06:49,420
All right.

100
00:06:49,430 --> 00:06:55,100
So as will be equal to socket or socket and the two parameters should be the same as in our server.

101
00:06:55,100 --> 00:07:00,290
So socket about a f underscore it once again for the IP before address.

102
00:07:00,320 --> 00:07:06,530
And then we need socket dot SOC underscore stream for the TCB connection.

103
00:07:06,530 --> 00:07:13,700
Right after we do that we can simply just type start to connect and specify the IP address and the port

104
00:07:13,700 --> 00:07:19,510
to which we want to connect to in our case 127 dot 0 0 1.

105
00:07:19,850 --> 00:07:23,520
And the port if you remember is 5 5 5 5.

106
00:07:23,750 --> 00:07:24,170
Okay.

107
00:07:24,230 --> 00:07:29,810
So this you initiated the connection and if we run these two programs the backdoor will just connect

108
00:07:29,810 --> 00:07:32,480
to the server and then the programs will be closed.

109
00:07:32,480 --> 00:07:38,690
So we want to also send some messages between these two programs so let's go right here and let's for

110
00:07:38,690 --> 00:07:49,760
example enter a function which will call target communication right here and inside with Target communication.

111
00:07:49,790 --> 00:07:56,630
We first of all need to define it so target communication loops communication

112
00:07:59,630 --> 00:08:01,730
it will not take any parameters.

113
00:08:01,730 --> 00:08:04,940
All we need to do is to receive the comment.

114
00:08:04,940 --> 00:08:06,480
So how can we receive the command.

115
00:08:06,740 --> 00:08:11,990
Well we need to specify target not receive.

116
00:08:11,990 --> 00:08:19,120
We want to receive a thousand twenty four bytes and we want to print to the screen the message.

117
00:08:19,220 --> 00:08:24,190
So we're going to store it right here inside of the message and we are printing message right here.

118
00:08:24,400 --> 00:08:25,280
OK.

119
00:08:25,400 --> 00:08:29,810
Now we also need to code the part inside of our backdoor right have to reconnect.

120
00:08:29,840 --> 00:08:41,350
We want to create the message so message will be hello world and then we want to sock and send the message.

121
00:08:41,450 --> 00:08:43,040
Simple as that.

122
00:08:43,040 --> 00:08:45,140
Let's see whether this will work.

123
00:08:45,260 --> 00:08:57,310
If I go to my terminal and here if I run the server not be why name color is not defined.

124
00:08:57,310 --> 00:08:57,700
Wait.

125
00:08:57,700 --> 00:09:03,670
Maybe we need to specify like this term colored dot colored

126
00:09:08,610 --> 00:09:09,830
like this.

127
00:09:09,870 --> 00:09:11,010
Now it should work.

128
00:09:11,010 --> 00:09:12,910
Wait let me just add it right here as well.

129
00:09:12,910 --> 00:09:21,860
The term color that colored and an underwriter that we have is right here so it's not communication

130
00:09:23,550 --> 00:09:25,160
so it's not like this.

131
00:09:25,170 --> 00:09:26,620
We misspelled this.

132
00:09:26,620 --> 00:09:28,320
So it's communication.

133
00:09:29,200 --> 00:09:29,660
OK.

134
00:09:29,790 --> 00:09:31,380
So now everything should be good.

135
00:09:31,530 --> 00:09:34,280
Let's clear the screen and run it once again.

136
00:09:34,290 --> 00:09:35,790
We run our server.

137
00:09:35,790 --> 00:09:39,210
It will listen for the incoming connection as it says right here.

138
00:09:39,240 --> 00:09:40,920
And if I go to my second terminal

139
00:09:47,270 --> 00:09:51,040
let's lower this terminal so we can see both of them equally.

140
00:09:51,800 --> 00:09:59,750
And we go to the patron on projects and then backdoor and we run the backdoor dot P Y.

141
00:09:59,990 --> 00:10:06,110
It will give us an error that says a bytes like object is required not string.

142
00:10:06,140 --> 00:10:09,860
Now if we ran these two programs with Python 2 they would work.

143
00:10:10,070 --> 00:10:15,890
But this is Python 3 and there is something that was changed inside of Python 3 regarding the socket

144
00:10:15,890 --> 00:10:16,560
library.

145
00:10:16,580 --> 00:10:23,070
Therefore we cannot freely print this as the error says a bytes like object is required not string.

146
00:10:23,090 --> 00:10:29,210
So what we need to do is we need to encode and decode the message the program where we're sending the

147
00:10:29,210 --> 00:10:33,350
message which is our backdoor has to encode the message before sending it.

148
00:10:33,410 --> 00:10:40,370
So we're going to add message dot and code which will include the message and inside of our server which

149
00:10:40,370 --> 00:10:46,150
will print the message it has to first decode the message because we cannot print and encoded message.

150
00:10:46,310 --> 00:10:52,080
Therefore we will specify right here message dot decode just like that.

151
00:10:52,100 --> 00:11:01,880
Now if we run the program once again we first of all need to run the server and then we run our backdoor.

152
00:11:02,000 --> 00:11:03,860
Everything will work correctly.

153
00:11:03,860 --> 00:11:05,340
We do not get any errors.

154
00:11:05,390 --> 00:11:07,180
We get these two statements printed.

155
00:11:07,250 --> 00:11:12,440
So listening for the incoming connection then once the target connects we get target connected from

156
00:11:12,440 --> 00:11:19,730
the local host IP address and from this port and this was the message that backdoor sends to us.

157
00:11:19,730 --> 00:11:20,000
OK.

158
00:11:20,030 --> 00:11:20,510
Good.

159
00:11:20,510 --> 00:11:26,120
We managed to establish the connection and this is the first part of creating our backdoor in the next

160
00:11:26,120 --> 00:11:26,480
video.

161
00:11:26,510 --> 00:11:32,180
We're going to continue on developing this target communication function and see what else we can do

162
00:11:32,390 --> 00:11:34,620
instead of just sending the message.

163
00:11:34,630 --> 00:11:35,180
All right.

164
00:11:35,180 --> 00:11:39,830
So thank you for watching this lecture and I will see you in the next sartorial by.