1
00:00:00,540 --> 00:00:01,350
Welcome back.

2
00:00:01,380 --> 00:00:06,040
And it is finally time to go to the upload and download function now.

3
00:00:06,060 --> 00:00:08,600
These are also some of the crucial options.

4
00:00:08,600 --> 00:00:10,920
The cover there we have with this.

5
00:00:10,980 --> 00:00:15,870
You can download any file that is stored on the target machine and you can also upload your own files

6
00:00:15,870 --> 00:00:20,540
whether there are scripts different malware or basically anything you want to.

7
00:00:20,580 --> 00:00:22,530
You can upload on target machine.

8
00:00:23,220 --> 00:00:28,490
So we're going to start off with the upload function and let's do it first inside of our server.

9
00:00:28,540 --> 00:00:30,140
We need to add the else if.

10
00:00:30,150 --> 00:00:34,970
Option right here inside of all while True loop so elusive command.

11
00:00:35,160 --> 00:00:38,690
And we're going to do the same thing that we did with the DC the command.

12
00:00:38,760 --> 00:00:43,390
And that is we're going to compare the first six characters clips.

13
00:00:43,440 --> 00:00:46,710
Now you might be asking why are we comparing the first six characters.

14
00:00:46,760 --> 00:00:47,180
Well.

15
00:00:47,800 --> 00:00:50,880
Well the upload board has six characters.

16
00:00:50,940 --> 00:00:58,120
Therefore if the beginning of the command equals to upload it there's just right.

17
00:00:58,170 --> 00:00:58,760
This correct.

18
00:00:58,760 --> 00:01:01,920
They saw the beginning of the command equals to upload.

19
00:01:01,920 --> 00:01:06,920
That means that we want to upload the file so we'll create a function called upload file.

20
00:01:07,080 --> 00:01:13,400
And that function will upload the file to the target machine which is called the rest of the command.

21
00:01:13,410 --> 00:01:19,530
So from the seventh character and until the end this basically means if we have a command that looks

22
00:01:19,530 --> 00:01:27,990
something like this upload image that JPEG it will compare these first six characters.

23
00:01:28,080 --> 00:01:33,390
And if they do match that means that we want to upload a file and then it will perform the upload file

24
00:01:33,390 --> 00:01:38,700
function onto the rest of the name which is the name of the file that we want to upload.

25
00:01:38,700 --> 00:01:43,950
Remember we're excluding the empty space because we don't really need it since it is not in the name

26
00:01:43,950 --> 00:01:44,730
of our file.

27
00:01:45,430 --> 00:01:45,840
OK.

28
00:01:45,870 --> 00:01:54,060
So let's leave this and let's code the upload function.

29
00:01:54,060 --> 00:01:57,490
Let's go all the way up and below the reliable send.

30
00:01:57,600 --> 00:01:59,740
We can add our upload function.

31
00:01:59,970 --> 00:02:06,540
First define it upload file which takes the parameter of the file name.

32
00:02:07,040 --> 00:02:07,410
OK.

33
00:02:09,100 --> 00:02:12,070
All we need to do is open that file for reading.

34
00:02:12,100 --> 00:02:19,090
So we're going to open the file name and we're going to open it for reading of bytes since in order

35
00:02:19,090 --> 00:02:22,300
to transfer the file content we need to transfer it in bytes.

36
00:02:22,300 --> 00:02:30,040
Therefore we want to read bytes and not just simply read text as we do usually after reopen the file.

37
00:02:30,040 --> 00:02:33,500
We want to send the contents of the file to the back door.

38
00:02:33,970 --> 00:02:34,330
OK.

39
00:02:34,360 --> 00:02:35,380
So how can we do that.

40
00:02:35,500 --> 00:02:42,130
Well instead of using reliable send we're going to use the regular send function that comes with socket

41
00:02:42,130 --> 00:02:43,060
library.

42
00:02:43,060 --> 00:02:49,510
And that is because we don't really want to encode these content that comes from the file as we do in

43
00:02:49,510 --> 00:02:50,760
our reliable sent.

44
00:02:50,800 --> 00:02:54,880
We simply just want to send it straight away as it is read in bytes.

45
00:02:54,910 --> 00:03:02,900
So we're going to specify target which is the target socket descriptor that sent and the thing we're

46
00:03:02,940 --> 00:03:05,390
sending is file that treat.

47
00:03:05,670 --> 00:03:06,990
Simple as that.

48
00:03:07,260 --> 00:03:10,150
And that is the entire upload function.

49
00:03:10,170 --> 00:03:14,300
Now we have to code the other part of the function inside of our backdoor.

50
00:03:14,430 --> 00:03:17,100
So this is just the part where service sends the file.

51
00:03:17,130 --> 00:03:19,800
Now the backdoor has to receive the file.

52
00:03:19,800 --> 00:03:21,100
So let's go all the way down.

53
00:03:21,220 --> 00:03:23,070
And first of all add the command.

54
00:03:23,160 --> 00:03:33,870
Else if and if first six characters are equal to upload then we're going to create a function called

55
00:03:33,870 --> 00:03:35,550
Download underscore file

56
00:03:38,250 --> 00:03:43,800
from the command and then seventh character till the end.

57
00:03:43,800 --> 00:03:46,130
Now don't get confused with this download file.

58
00:03:47,100 --> 00:03:51,450
If you take a look it from the perspective of the server we are uploading a file.

59
00:03:51,450 --> 00:03:57,540
But if you take a look at the perspective from the backdoor we're technically downloading a file from

60
00:03:57,540 --> 00:03:59,590
the server that the server is sending.

61
00:03:59,610 --> 00:04:04,590
That's why here the function will be called download file and in the server who is sending the file

62
00:04:04,830 --> 00:04:06,900
the function will be called upload file.

63
00:04:07,250 --> 00:04:07,620
OK.

64
00:04:07,890 --> 00:04:14,010
But these two functions combined to the entire process of sending the file from the server to backdoor.

65
00:04:14,430 --> 00:04:14,790
OK.

66
00:04:15,750 --> 00:04:21,720
So now we're left to do is we're left to code the actual download file function.

67
00:04:21,720 --> 00:04:23,010
Let's do it below this

68
00:04:26,500 --> 00:04:27,630
let's define it first.

69
00:04:27,640 --> 00:04:34,120
So define the download file and it takes the parameter of file name

70
00:04:38,820 --> 00:04:40,230
on our backdoor path.

71
00:04:40,310 --> 00:04:47,510
We need to first open the file for writing and we're opening file name and we are writing bytes.

72
00:04:47,510 --> 00:04:49,520
Remember that.

73
00:04:49,520 --> 00:04:53,870
Then what we're going to do is we're going to set the socket timeout.

74
00:04:53,870 --> 00:04:59,640
So we're going to type s dot set time out to be equal to 1.

75
00:05:00,120 --> 00:05:05,170
And the reason why we're setting time out is so we can define where is the end of the file.

76
00:05:06,000 --> 00:05:09,340
I will explain it to you a little bit better once we code the entire function.

77
00:05:09,340 --> 00:05:11,140
Let's get straight into the next line.

78
00:05:11,190 --> 00:05:16,980
We're going to create a variable called chunk and this track variable will receive thousand and twenty

79
00:05:16,980 --> 00:05:18,500
four bytes every time.

80
00:05:18,760 --> 00:05:19,080
OK.

81
00:05:19,650 --> 00:05:21,600
And now while a chunk exists.

82
00:05:21,610 --> 00:05:23,450
So while chunk is not equal to none.

83
00:05:24,180 --> 00:05:29,070
We're going to write those thousand and 24 bytes inside of the file.

84
00:05:29,070 --> 00:05:35,910
So f dot right and in the brackets we specify chunk after it.

85
00:05:35,930 --> 00:05:41,830
We are going to try to receive more chunks or chunk equals has not receive.

86
00:05:41,930 --> 00:05:54,060
And then once again thousand twenty four bytes and then I am going to accept socket time out as E.

87
00:05:54,170 --> 00:06:02,870
In that case we are going to break out of this loop and at the end I am going to set the timeout back

88
00:06:03,020 --> 00:06:03,690
to none.

89
00:06:03,920 --> 00:06:09,590
So it doesn't exist anymore and let's not forget to close the actual file.

90
00:06:10,280 --> 00:06:10,750
OK.

91
00:06:10,780 --> 00:06:14,360
So let's explain this function line by line with first of all.

92
00:06:14,360 --> 00:06:15,870
Open the file for reading.

93
00:06:16,010 --> 00:06:23,200
So we are creating a new file and we are receiving the data and writing it in bytes inside of that file.

94
00:06:23,210 --> 00:06:30,070
The reason why we set the socket timeout is so we can accept and break out of this loop if needed.

95
00:06:30,350 --> 00:06:36,050
If we don't have the time out it will infinitely try to receive thousand twenty four bytes and it will

96
00:06:36,050 --> 00:06:39,000
never stop once it reaches the end of the file.

97
00:06:39,020 --> 00:06:44,030
It will try to receive thousand twenty four more bytes but it will not manage to because the entire

98
00:06:44,030 --> 00:06:45,350
file has been sent.

99
00:06:45,350 --> 00:06:47,680
Therefore it will hang right here.

100
00:06:47,690 --> 00:06:53,360
That is why we implement this timeout function once it reaches to the end of the file it will try to

101
00:06:53,360 --> 00:06:59,020
receive more thousand twenty four bytes but it will not manage and after one second it will break out

102
00:06:59,060 --> 00:07:03,640
the loop which will indicate that the file has been finished downloading.

103
00:07:03,920 --> 00:07:06,020
Then we will set the time out back to none.

104
00:07:06,320 --> 00:07:09,680
So it doesn't present us the problem with other commands right here.

105
00:07:09,680 --> 00:07:12,890
That requires socket object and then we close the file.

106
00:07:13,370 --> 00:07:13,730
OK.

107
00:07:15,940 --> 00:07:18,580
Now let's see whether this will work.

108
00:07:18,580 --> 00:07:25,360
So what I'm going to do is I'm going to open the terminal right here where we are going to run our server

109
00:07:25,930 --> 00:07:30,630
and I'm going to transfer the backdoor to my Windows 10 machine.

110
00:07:30,640 --> 00:07:36,520
Then I'm going to compile this backdoor right here and then we will see whether I can upload the file

111
00:07:36,790 --> 00:07:39,270
from the server to the spindle stand machine.

112
00:07:39,770 --> 00:07:40,120
OK.

113
00:07:40,150 --> 00:07:41,080
So let's do it.

114
00:07:41,590 --> 00:07:43,330
I will plug in my USP drive.

115
00:07:43,450 --> 00:07:43,750
OK.

116
00:07:43,750 --> 00:07:45,820
So it has already been plugged in.

117
00:07:45,820 --> 00:07:53,560
And then what I can do I can type Payless and copy backdoor b y to media route and then deal with B

118
00:07:53,560 --> 00:07:55,300
drive.

119
00:07:55,300 --> 00:07:59,290
Once it is copied I can unplug my USP drive right here

120
00:08:02,800 --> 00:08:04,150
go to my USP drive

121
00:08:07,400 --> 00:08:13,490
base the backdoor right here onto the desktop and then open up the command prompt

122
00:08:17,130 --> 00:08:21,890
navigate through the directory where the backdoor is which in my case is the desktop directory so solver

123
00:08:21,930 --> 00:08:23,940
go to desktop.

124
00:08:23,940 --> 00:08:28,860
And before we actually try to compile this program we need to make sure that we have all the libraries

125
00:08:28,860 --> 00:08:29,910
need it.

126
00:08:29,970 --> 00:08:35,220
So let's go to clinics and check out which libraries does this program have.

127
00:08:35,250 --> 00:08:40,190
It has the same process the socket the Jason and the OS library.

128
00:08:40,410 --> 00:08:45,360
I believe these are all standard libraries so there is nothing really for us to install at the moment

129
00:08:45,690 --> 00:08:52,640
so we can simply just compile the program right away typing the comment by installer backdoor dot B

130
00:08:52,650 --> 00:08:57,120
Y dash dash one file dash dash no console

131
00:09:00,350 --> 00:09:01,250
press here enter

132
00:09:04,640 --> 00:09:11,090
the compilation has finished as it says right here completed successfully and now if I go back to my

133
00:09:11,090 --> 00:09:17,270
clinics and run the server so I will run server dot Pete why it will listen for the incoming connections

134
00:09:17,660 --> 00:09:23,450
I will go to my this directory right here and double run backdoor

135
00:09:27,600 --> 00:09:33,490
now if we get this error right here fail to execute script backdoor that can mean two different things.

136
00:09:33,570 --> 00:09:39,120
Either you are missing a library or you have some syntax error inside of your code.

137
00:09:39,120 --> 00:09:41,250
So let's go and check it out.

138
00:09:41,250 --> 00:09:46,230
If I go back to my clinic's we can leave the server running.

139
00:09:46,230 --> 00:09:50,180
It really doesn't matter since the problem is not in server but in backdoor.

140
00:09:50,220 --> 00:09:54,120
Let us check out whether we imported all of the libraries that we might need.

141
00:09:55,320 --> 00:10:03,660
So we use socket we have socket we have the OS library we have the Jason library let's check out inside

142
00:10:03,660 --> 00:10:09,570
of our command prompt whether we need to install some of them see if we tried to install Jason for example

143
00:10:10,620 --> 00:10:15,870
it will give us an error which means that the Jason library is a standard library if we tried to install

144
00:10:15,870 --> 00:10:21,600
some process it should also give us an error because that is also our standard library woops we want

145
00:10:21,600 --> 00:10:30,780
to peep three install process yes we have all the libraries so let's see whether we have some error

146
00:10:30,900 --> 00:10:39,350
inside of our code Well the first thing that we notice is that we are actually trying to connect to

147
00:10:39,350 --> 00:10:45,260
the local host IP address instead we want to try to connect to the clinic's IP address so let's go to

148
00:10:45,260 --> 00:10:52,690
our terminal type I have config the IP address of clinics is one night to that 168 that funded for public

149
00:10:52,690 --> 00:10:56,870
copy and paste it instead of the local host IP address.

150
00:10:56,870 --> 00:11:01,850
The reason why we cannot use the local host is because right now we are running the programs on two

151
00:11:01,850 --> 00:11:07,160
different machines therefore it cannot really connect to the local host if we are hosting the server

152
00:11:07,250 --> 00:11:13,700
on a different machine we also need to change the IP address inside of our server so therefore we need

153
00:11:13,700 --> 00:11:21,560
to close this connection exit the terminal let's go all the way down where the IP addresses and then

154
00:11:21,740 --> 00:11:28,880
based it right here so that the server can bind the local IP address of clinics with the port 5 5 5

155
00:11:28,880 --> 00:11:29,510
5.

156
00:11:30,050 --> 00:11:33,480
OK so everything seems to be good right now.

157
00:11:34,350 --> 00:11:38,970
If I go and plug in my USP try once again we open it up

158
00:11:45,730 --> 00:11:51,250
then we copy the backdoor once again so CPD vector that people lie to you it's B drive

159
00:11:55,680 --> 00:11:57,570
unplug the U.S. B drive through

160
00:12:01,300 --> 00:12:07,550
Let's paste the change the backdoor so go to areas B Drive.

161
00:12:07,650 --> 00:12:11,950
Find the back door file which you just transferred to U.S. B Drive.

162
00:12:11,990 --> 00:12:18,680
Copy it to the desktop and run the same command that we're on previously which will compile our backdoor

163
00:12:18,720 --> 00:12:26,500
so find Stoller backdoor dash dash one file dash dash no console while it is compiling let's go to our

164
00:12:26,530 --> 00:12:34,250
server and run it so open up your terminal and type Python 3 server B why it will listen for the incoming

165
00:12:34,270 --> 00:12:41,170
connections but right now it fully Senate on the IP address of 192 that 168 that funded for this has

166
00:12:41,170 --> 00:12:48,300
finished compiling let's go to the disk directory and execute backdoor

167
00:12:53,010 --> 00:12:57,590
we seem to not get any error right now which means our backdoor executed successfully.

168
00:12:57,660 --> 00:13:02,430
Let's go to our clinics and see whether we received the connection and we did manage to receive the

169
00:13:02,430 --> 00:13:07,410
connection we can see that the connection is coming from the one night to that 168 that one the two

170
00:13:07,920 --> 00:13:08,900
from the port.

171
00:13:08,940 --> 00:13:10,370
6 3 5 5 1.

172
00:13:11,160 --> 00:13:15,870
If I tried to execute some of the commands who are my it will give me the output that we have Windows

173
00:13:15,900 --> 00:13:23,070
10 machine right here if I type deer the deer command will give us the output of all of the files in

174
00:13:23,070 --> 00:13:28,440
that current working directory since we are in this directory which is in the desktop directory we only

175
00:13:28,440 --> 00:13:35,070
have one file which is our backdoor to see but what we really want to test right now is our upload function

176
00:13:36,660 --> 00:13:44,730
right now inside of my directory inside of my back project I have an image that J Peck let's see whether

177
00:13:44,730 --> 00:13:50,420
we can actually transfer this image onto Windows 10 machine if we notice this directories empty it on

178
00:13:50,420 --> 00:13:54,360
me has this back door file and right now if I type upload

179
00:13:57,180 --> 00:14:04,590
upload image J Peck I don't need to specify path since this is in the same directory as our server click

180
00:14:04,590 --> 00:14:10,770
on enter let's see whether we can execute the commands right after it and we can and if we go to this

181
00:14:10,770 --> 00:14:15,750
directory right here we have image file inside of it so let's open it up

182
00:14:18,690 --> 00:14:24,990
and forget the exact same image that we uploaded from our killer Linux machine wow this school right

183
00:14:25,230 --> 00:14:31,260
we managed to code the function that will upload any type of file to the target machine whether it is

184
00:14:31,260 --> 00:14:38,040
a text file whether it is a JPEG a PMG and the AKC doesn't matter all of those files should work if

185
00:14:38,040 --> 00:14:44,250
you tried to upload them great so other upload function works let's also see whether we quit the program

186
00:14:44,250 --> 00:14:45,440
successfully once we type.

187
00:14:45,440 --> 00:14:48,720
Quit we do.

188
00:14:48,770 --> 00:14:54,500
The program closes successfully and in the next video we can see how we can do the exact same thing

189
00:14:54,740 --> 00:14:58,820
just opposite so we can actually download the files from the target machine.

190
00:14:59,540 --> 00:15:03,470
Thank you for watching this trial and I will see you in the next lecture by.