1
00:00:00,390 --> 00:00:01,790
Welcome back.

2
00:00:01,800 --> 00:00:06,860
Let's continue with the development of our target communication function inside of our server.

3
00:00:07,050 --> 00:00:11,670
Now in the previous video we saw how we can actually send the message from the backdoor to our server

4
00:00:11,970 --> 00:00:14,190
and then we will print it to the screen.

5
00:00:14,910 --> 00:00:17,940
But we don't really care about sending messages back and forth.

6
00:00:17,940 --> 00:00:19,560
This is not a chat program.

7
00:00:19,560 --> 00:00:23,790
This is a back door and sending messages is not a function that we need.

8
00:00:24,510 --> 00:00:30,210
So the first and most important thing that we need our backdoor to do is to be able to execute commands

9
00:00:30,270 --> 00:00:31,360
on target machine.

10
00:00:31,980 --> 00:00:35,630
So that is what we are going to implement right now.

11
00:00:35,640 --> 00:00:41,100
If we go to our target communication function inside of our server we can simply just delete these lines

12
00:00:41,160 --> 00:00:44,000
as we don't really care about sending messages.

13
00:00:44,070 --> 00:00:47,640
We can also lower this so we can see the entire program better.

14
00:00:47,700 --> 00:00:52,680
And then when we can do is we can prompt the user of the server to enter the command that they want

15
00:00:52,680 --> 00:00:55,020
to execute on target system.

16
00:00:55,020 --> 00:00:58,240
So let's create a variable called command.

17
00:00:58,350 --> 00:01:05,610
This command variable will take an input from the user as to which command the user wants to execute.

18
00:01:05,610 --> 00:01:07,280
We can specify something like this.

19
00:01:07,290 --> 00:01:16,550
So start sign and then Shell let's make it look the same as Cally terminals so we'll specify percent.

20
00:01:16,660 --> 00:01:19,960
S so we can know which target.

21
00:01:19,980 --> 00:01:24,060
Are we communicating with them then two dots space.

22
00:01:24,090 --> 00:01:30,660
And right after it we can specify percent and then string of IP.

23
00:01:30,840 --> 00:01:33,030
Remember IP stores the IP address.

24
00:01:33,030 --> 00:01:39,130
All we're simply saying right here is that we want to specify the IP address instead of percent s.

25
00:01:39,450 --> 00:01:42,000
So we know which target are we executing the command on.

26
00:01:42,330 --> 00:01:50,790
All right once the user of the server inputs this command we can send the command right away using Target

27
00:01:50,910 --> 00:01:52,470
got sent.

28
00:01:52,500 --> 00:01:58,140
But remember we cannot really send simply just the command it was something that we could do in python

29
00:01:58,170 --> 00:02:05,490
2 but we can no longer do it in Python 3 since we need to actually encode the command before we send

30
00:02:05,490 --> 00:02:05,730
it.

31
00:02:06,780 --> 00:02:12,720
So we're going to create the specific function which is going to use the help of Jason libraries.

32
00:02:12,720 --> 00:02:20,100
So we're going to import the Jason library and we'll create the function called Reliable underscore

33
00:02:20,100 --> 00:02:27,590
sent what this function will take as an input is the data that we want to send or in our case the command.

34
00:02:28,020 --> 00:02:30,310
And then we need to create the data.

35
00:02:30,630 --> 00:02:34,380
So data will be equal groups.

36
00:02:34,740 --> 00:02:44,580
Jason data will be equal to Jason data dumps from the data that we specify or from the command after

37
00:02:44,580 --> 00:02:50,410
we do that we can use part get send function of the Jason data.

38
00:02:51,510 --> 00:02:57,180
But don't forget that we also need to use the ENCODE function before we send it since we're the ones

39
00:02:57,180 --> 00:03:03,030
that are sending the message we are the ones that need to encode it the backdoor program will decode

40
00:03:03,030 --> 00:03:05,380
the message before executing it.

41
00:03:05,400 --> 00:03:06,270
All right.

42
00:03:06,570 --> 00:03:12,470
Therefore this is the entire reliable send function and instead of the send function that socket library

43
00:03:12,480 --> 00:03:16,200
gives us we're going to use reliable send throughout our program.

44
00:03:16,320 --> 00:03:22,320
So let's specify right here reliable send and we will specify command in brackets we're sending the

45
00:03:22,320 --> 00:03:28,500
command to the backdoor as soon as we send the command we want to wait for the reply so we'll create

46
00:03:28,500 --> 00:03:37,520
a variable called result and that result variable will be equal to target dot receive.

47
00:03:37,850 --> 00:03:39,350
All right.

48
00:03:39,350 --> 00:03:44,910
And then as soon as we receive it we're going to print the result.

49
00:03:45,020 --> 00:03:48,430
Now we need to cover these same steps inside of our backdoor.

50
00:03:49,310 --> 00:03:55,460
So let's go to our backdoor program and let's lead these two lines which are from the previous video.

51
00:03:55,460 --> 00:04:01,180
As soon as we connect we want to receive the command that we need to execute remember our server is

52
00:04:01,180 --> 00:04:02,570
sending the command to execute.

53
00:04:02,600 --> 00:04:03,740
Therefore our backdoor.

54
00:04:03,740 --> 00:04:13,190
First of all needs to receive the command so we can specify at stop receive thousand and 24 bytes or

55
00:04:13,340 --> 00:04:18,860
we can create something similar to the reliable send function just we can do it for the received function

56
00:04:19,460 --> 00:04:24,890
since you will notice that this actual receiver function takes a parameter of the amount of bytes that

57
00:04:24,950 --> 00:04:26,530
we want to receive.

58
00:04:26,540 --> 00:04:33,440
Well what if the command or the response from the server is larger than thousand twenty four bytes in

59
00:04:33,440 --> 00:04:38,560
that case our program will crash and we don't really want that.

60
00:04:38,600 --> 00:04:44,710
So let's create the function that will be able to accept and receive any amount of bytes that is server

61
00:04:44,720 --> 00:04:45,580
sense.

62
00:04:46,220 --> 00:04:55,310
So let's delete this and we will simply just create the function called Reliable receive

63
00:04:59,030 --> 00:05:03,950
this reliable receive function will declare a variable called data which will be empty at the beginning

64
00:05:05,460 --> 00:05:12,320
then we're going to enter an infinite loop a while to loop which is going to try to receive the data.

65
00:05:12,720 --> 00:05:23,030
So data will be equal the previous data plus socket not receive thousand twenty four bytes and we also

66
00:05:23,030 --> 00:05:24,410
want to decode the response.

67
00:05:24,410 --> 00:05:31,580
Remember remember in Python 3 we need to decode and we also want to perform the R strip function onto

68
00:05:31,580 --> 00:05:39,130
it since we don't want any new line characters or so on and so on we want to print it as it is then

69
00:05:39,160 --> 00:05:43,930
if that is all we can simply just return this data.

70
00:05:43,940 --> 00:05:50,000
We're going to return it with the help of the Jason library so we're going to use Jason loads on our

71
00:05:50,050 --> 00:05:58,240
data and in case we didn't receive everything in case we get a value either so accept value error.

72
00:05:58,420 --> 00:06:01,530
We want to continue with the execution.

73
00:06:01,570 --> 00:06:07,150
All right so this is our entire reliable receipt function and you will see that the Jason is read underline

74
00:06:07,160 --> 00:06:10,760
so therefore we need to import it inside of our backdoor as well.

75
00:06:10,870 --> 00:06:12,770
So import Jason.

76
00:06:13,150 --> 00:06:16,480
And also don't forget that inside of our server.

77
00:06:16,480 --> 00:06:20,450
Don't forget to encode the data before sending it since here.

78
00:06:20,450 --> 00:06:21,750
We're going to decode it.

79
00:06:21,790 --> 00:06:26,950
And in case you forgot to encode the data before sending it this will try to decode something that's

80
00:06:26,950 --> 00:06:29,900
not even encoded and it will result in error.

81
00:06:30,740 --> 00:06:36,220
Okay so now that you've got these two functions we're ready to receive the command let's create the

82
00:06:36,220 --> 00:06:43,210
variable which is going to be called command and that command will be equally reliable not receive or

83
00:06:43,240 --> 00:06:50,620
underscore received once we receive that command we can execute it right away but before we executed

84
00:06:50,710 --> 00:06:55,870
we need to import a library that will allow us to do that and that library is called Sub process.

85
00:06:55,870 --> 00:07:01,660
So type here imports up process and with the help of this library we're going to execute the comment

86
00:07:01,690 --> 00:07:03,160
that the server sent.

87
00:07:03,220 --> 00:07:13,300
So it's specified right here execute will be equal to sub process not be open which center for process

88
00:07:13,330 --> 00:07:17,920
open we want to open the command or execute the command.

89
00:07:18,490 --> 00:07:27,840
And there are some parameters that we also need to specify such as for example Shell equals true.

90
00:07:27,900 --> 00:07:38,490
We also need the S to the out to be equal to sub process that pipe and two more parameters as to d e

91
00:07:38,550 --> 00:07:48,800
r has to also be equal to sub process that pipe and as to the in has to be equal to sub process the

92
00:07:48,820 --> 00:07:49,320
pipe.

93
00:07:50,400 --> 00:07:50,790
OK.

94
00:07:50,800 --> 00:07:55,680
So with the help of this execute variable we can execute the command that we received.

95
00:07:56,600 --> 00:07:59,600
After we do that we also want to gather the result of that comment.

96
00:07:59,630 --> 00:08:04,850
So that command will have some type of output and we want to take it and store it inside a variable

97
00:08:05,210 --> 00:08:12,950
so we'll create a variable called result and that variable will be equal to execute that as to the out

98
00:08:14,620 --> 00:08:24,260
no 3D plus execute dot as the d e r r dot read.

99
00:08:25,250 --> 00:08:31,640
And then we want to send this result back server so the server knows what is the output of this command

100
00:08:32,030 --> 00:08:36,390
and we're going to use reliable send to do that we will send the result.

101
00:08:36,650 --> 00:08:42,650
And keep in mind we do not have reliable sent inside of our back door soldiers copied from the server

102
00:08:44,610 --> 00:08:48,870
copy and paste it right here.

103
00:08:50,440 --> 00:08:55,180
There are a few things that we need to change but such as for example we are not using targets aka descriptor

104
00:08:55,210 --> 00:08:57,580
which is only to be found in server program.

105
00:08:57,640 --> 00:09:04,450
We want to use the S which we created to be a socket descriptor inside of our backdoor.

106
00:09:04,880 --> 00:09:06,710
Everything else will remain the same.

107
00:09:06,710 --> 00:09:11,300
We will encode the data and then we will send it inside of our server.

108
00:09:11,300 --> 00:09:17,200
We also need to receive that data as you will see in our target communication we using target receive.

109
00:09:17,330 --> 00:09:19,860
But we don't really want to use targeted to receive.

110
00:09:19,880 --> 00:09:26,720
We want to use reliable underscore receive well specified like this and we need to cope with the reliable

111
00:09:26,720 --> 00:09:30,090
data received from this program.

112
00:09:30,230 --> 00:09:39,830
From this backdoor to the server once against which the socket descriptors from the US to target and

113
00:09:39,890 --> 00:09:45,740
everything should be good to go once we print the result the program will close.

114
00:09:46,610 --> 00:09:54,380
But why execute only one command when we can iterate inside of a while True loop and execute as many

115
00:09:54,380 --> 00:09:55,550
commands as we want.

116
00:09:55,550 --> 00:10:04,760
So all we need to do is tap all of this in inside of a while True loop and it will prompt us infinitely

117
00:10:05,450 --> 00:10:06,430
to input the command.

118
00:10:06,650 --> 00:10:10,510
And it will also send the command and wait for the result.

119
00:10:10,520 --> 00:10:13,120
We also need to do the same inside of our backdoor.

120
00:10:13,460 --> 00:10:20,700
So right here we're going to copy all of this copy.

121
00:10:21,660 --> 00:10:31,110
Then we're going to delete this and let's create the function called Shell defined right here Shell

122
00:10:32,100 --> 00:10:33,440
and paste our code

123
00:10:38,050 --> 00:10:38,650
Wait.

124
00:10:38,690 --> 00:10:45,980
Let's move this back to its line and all we need to do is create a while True loop as well here as we

125
00:10:45,980 --> 00:10:47,540
did in our server.

126
00:10:47,540 --> 00:10:55,160
Now let's add it right at the beginning so while true we want to receive the command we want to execute

127
00:10:55,160 --> 00:11:03,550
the command we want to store the result and we want to send the result but this will present us a problem.

128
00:11:03,550 --> 00:11:08,890
If you think about it we wouldn't want our programs to run for infinite amount of time.

129
00:11:08,950 --> 00:11:14,950
So we need to have some indication or some type of a message that will tell the program that we no longer

130
00:11:14,950 --> 00:11:19,300
want to execute the commands and that we want to close both of these programs.

131
00:11:19,570 --> 00:11:25,920
While that is rather easy to do let's go to our server and inside of our target communication and after

132
00:11:25,930 --> 00:11:35,950
would send the command what we can do we can simply compare if command equals equals to quit.

133
00:11:36,610 --> 00:11:43,180
Then what we can do we can break out of this infinite loop and close the program by breaking out.

134
00:11:43,180 --> 00:11:48,000
This program will close automatically because it reached the end of the program.

135
00:11:49,060 --> 00:11:51,670
So we need to do the same inside of our backdoor.

136
00:11:51,700 --> 00:11:56,710
Just keep in mind that before you actually compare these two values you first of all need to send the

137
00:11:56,710 --> 00:12:03,880
command so that our backdoor can also it can also receive the quick command and then close its own program.

138
00:12:03,880 --> 00:12:09,810
Once we receive the command we can go right here and check if command equals equals to quit

139
00:12:14,310 --> 00:12:18,470
we break out of this loop and close the program.

140
00:12:18,520 --> 00:12:25,710
All right so we got quite a few functions coded in this lecture so let's test it out and see if everything

141
00:12:25,710 --> 00:12:26,790
works.

142
00:12:26,880 --> 00:12:31,610
Let's open up the terminal and run server first.

143
00:12:31,760 --> 00:12:33,880
It will listen for the incoming connections.

144
00:12:33,960 --> 00:12:37,660
Let's go for another terminal and run our back door.

145
00:12:37,710 --> 00:12:39,320
So Python 3 backdoor.

146
00:12:39,410 --> 00:12:45,840
P Y and we can see that the programs this time didn't close so we are waiting for an input from the

147
00:12:45,840 --> 00:12:46,600
target.

148
00:12:46,650 --> 00:12:51,690
We got shell as well as the print of the IP address and the port from which the connection is coming

149
00:12:51,690 --> 00:12:54,610
from and lets say we want to type the command.

150
00:12:54,630 --> 00:12:56,500
Who am I.

151
00:12:56,520 --> 00:13:04,770
Press enter and it seems that we don't really get the response and right now let this control see this

152
00:13:05,640 --> 00:13:10,350
and find our error inside of this program.

153
00:13:10,370 --> 00:13:13,730
We get the narrative which says object of part of type bytes.

154
00:13:13,730 --> 00:13:20,760
It's not Jason serialized table and the error is inside of our backdoor.

155
00:13:21,290 --> 00:13:28,160
If you scroll all the way down right here the part where we actually execute the command is the part

156
00:13:28,220 --> 00:13:29,900
where our programs fail.

157
00:13:31,040 --> 00:13:36,890
And the reason is because we're missing one line right after we stole the result we need to add another

158
00:13:36,890 --> 00:13:43,860
line which we'll say result equals result dot decode.

159
00:13:44,390 --> 00:13:49,370
And the reason for that is we need to the code right here first because the above commands towards a

160
00:13:49,370 --> 00:13:52,910
bytes type result that we can't encode as a string.

161
00:13:52,910 --> 00:14:00,280
Therefore the result has to be decoded first before we use the reliable send function onto the result.

162
00:14:00,290 --> 00:14:04,240
And remember the reliable send function encodes the answer.

163
00:14:04,320 --> 00:14:04,680
Okay.

164
00:14:05,030 --> 00:14:07,550
So right here with the code first.

165
00:14:07,610 --> 00:14:09,470
Then we encode and send it.

166
00:14:09,470 --> 00:14:16,340
And now let's see whether this will work by the server the by listening for the incoming connections

167
00:14:16,820 --> 00:14:20,730
and right here we got the connection.

168
00:14:20,730 --> 00:14:21,840
Let's execute the command.

169
00:14:21,840 --> 00:14:22,380
Who am I.

170
00:14:23,310 --> 00:14:25,710
And now everything seems to work correctly.

171
00:14:25,710 --> 00:14:31,350
We get the output which sets route and we also get the prompt to enter the second command so let's type

172
00:14:31,400 --> 00:14:34,900
L S and the Allies command works as well.

173
00:14:34,920 --> 00:14:40,890
We got all three files that are in the current directory which is a backdoor server and virtual environment.

174
00:14:40,890 --> 00:14:46,950
If we type for example I have config we will get the output of the command I have config with our IP

175
00:14:46,950 --> 00:14:54,060
address right here and now finally let's test the quit command whether it will quit both programs if

176
00:14:54,060 --> 00:15:04,440
I type quit press enter it closes the server and it also closes the back door so our program works really

177
00:15:04,440 --> 00:15:05,730
well for now.

178
00:15:06,060 --> 00:15:11,850
And now that we've got the basic part of the program completed which is executing the commands we can

179
00:15:11,850 --> 00:15:17,370
keep on adding different functions to our back door we're going to continue in the next lecture so hope

180
00:15:17,370 --> 00:15:19,540
I see you there and take care bye.