WEBVTT 00:01.160 --> 00:01.560 Okay. 00:01.560 --> 00:03.200 Now we are able to. 00:05.280 --> 00:08.760 Send and receive some data like hello from Cali. 00:08.760 --> 00:14.080 This is something we send and connection established is something we received from victim. 00:14.120 --> 00:14.480 Okay. 00:16.880 --> 00:17.240 Okay. 00:17.520 --> 00:21.760 In creating a backdoor, it is not what we want, okay? 00:21.760 --> 00:24.600 It's not all things we want. 00:24.640 --> 00:30.800 I want to execute system command or for example windows system command from here. 00:30.840 --> 00:31.280 Okay. 00:31.320 --> 00:32.000 From when? 00:32.040 --> 00:36.920 From Linux I want to write some command on. 00:39.800 --> 00:40.400 Windows. 00:41.240 --> 00:42.760 So right now I'm listening. 00:42.880 --> 00:45.840 And let's go back to windows. 00:46.480 --> 00:51.400 Here I need to use another library which is called SAP process. 00:51.680 --> 00:56.320 So this SAP process will allow me to execute system command. 00:56.560 --> 01:03.570 So I use SAP process Okay, I have it now, here and now. 01:03.730 --> 01:12.210 Instead of printing this on, um, on the terminal or as cmd, I can execute this. 01:12.210 --> 01:12.890 Okay. 01:12.890 --> 01:19.330 So let's come here, create a function I'm going to name it execute system command okay. 01:19.370 --> 01:20.290 Execute. 01:22.570 --> 01:25.770 System command. 01:27.130 --> 01:31.810 And we need to give the command as argument here okay. 01:31.850 --> 01:34.090 So let's go with command. 01:35.690 --> 01:38.370 So how can we execute a system command. 01:39.410 --> 01:50.290 Uh everything you need is to return this subprocess dot check but check output. 01:50.810 --> 01:54.130 And here inside this you need to give the command. 01:54.650 --> 02:03.370 And because your command is a string so we need to use shell is equal to true. 02:03.410 --> 02:06.810 So now this is the execute system command function. 02:06.810 --> 02:08.810 And now we can use it here. 02:09.850 --> 02:11.130 Okay. 02:11.170 --> 02:19.370 After we uh okay here we have connection received. 02:19.410 --> 02:24.130 Now let's change this because right now we have the received data. 02:24.170 --> 02:27.810 Now let's change it to something else like let's go with command. 02:27.850 --> 02:28.730 Okay. 02:28.730 --> 02:30.570 So we have the command here. 02:31.210 --> 02:36.410 Now let's say I'm going to use the execute system command here. 02:36.730 --> 02:41.210 So let's create another variable I'm going to name this command result. 02:41.250 --> 02:43.410 It is equal to execute. 02:45.570 --> 02:48.170 Execute system command okay. 02:49.050 --> 03:02.780 And here I need to give the command that I received after I, I after I received the command result 03:02.820 --> 03:03.300 here. 03:03.780 --> 03:06.340 Now, if I want, I can send it back. 03:06.380 --> 03:09.100 Okay, so how can I send it back? 03:09.140 --> 03:19.420 I use connection connections dot send and then command result. 03:19.620 --> 03:21.740 And then we can close that. 03:22.820 --> 03:23.980 And that is all. 03:23.980 --> 03:24.380 Okay. 03:25.420 --> 03:32.860 So, uh, it looks beautiful, but maybe there is still a small problem. 03:32.860 --> 03:33.460 Maybe. 03:34.340 --> 03:36.620 Let's go and see here. 03:36.660 --> 03:36.900 Okay. 03:36.900 --> 03:38.140 We are listening still. 03:38.700 --> 03:40.140 And let me. 03:42.660 --> 03:43.300 Write here. 03:43.500 --> 03:45.740 Try to read execute the program. 03:46.180 --> 03:48.020 So right now it is listening. 03:48.060 --> 03:48.500 Okay. 03:49.540 --> 03:51.580 And I'm going to come back here. 03:51.580 --> 03:54.500 You see connection is established. 03:54.620 --> 04:04.710 Let's use a windows command like dir For Der Hit enter and you see that we sent the data, we receive 04:04.750 --> 04:06.190 the data, we send the data. 04:06.590 --> 04:08.870 And in windows we received an error. 04:10.150 --> 04:13.150 And that is pipe error again okay. 04:13.190 --> 04:15.230 Arc's not allowed okay. 04:15.230 --> 04:19.190 Let's see where is that error. 04:22.150 --> 04:22.670 Mm. 04:29.230 --> 04:31.150 Execute system command. 04:31.270 --> 04:33.750 This is it okay. 04:33.790 --> 04:40.470 Line 13 and model command result okay. 04:41.110 --> 04:42.670 We receive the error here. 04:44.950 --> 04:47.230 And let's come back here. 04:49.470 --> 04:49.790 Okay. 04:49.790 --> 04:51.150 We have the command here. 04:51.150 --> 04:54.150 We need to do one thing okay. 04:54.190 --> 04:58.590 And that is to encode this use Input. 04:58.870 --> 04:59.270 Okay. 04:59.550 --> 05:02.910 This was, uh, not here. 05:04.070 --> 05:06.590 Let's use it here. 05:11.030 --> 05:13.550 Okay, let's see if now. 05:13.590 --> 05:17.670 I think this may solve the result. 05:17.670 --> 05:20.070 If not, again, we will check it. 05:20.070 --> 05:20.470 Okay. 05:22.470 --> 05:23.870 Let's come back here. 05:25.310 --> 05:31.870 Use clear lesson on that port and back here. 05:33.150 --> 05:34.150 Use CLS. 05:35.670 --> 05:35.950 Okay. 05:35.990 --> 05:40.670 Execute this and let's use dir. 05:40.710 --> 05:41.590 Hit enter again. 05:41.630 --> 05:42.910 We received an error. 05:42.910 --> 05:44.310 Let's see what is the error. 05:45.150 --> 05:45.510 Okay. 05:46.670 --> 05:50.110 Input did not mean decode. 05:50.150 --> 05:50.790 Hmm. 05:53.390 --> 05:55.790 Oh yes I used input here. 05:55.790 --> 05:56.750 Sorry for that. 05:57.680 --> 05:58.160 Uh. 05:58.160 --> 05:59.680 Let's see. 05:59.720 --> 06:01.360 We are receiving the command. 06:01.400 --> 06:01.760 Okay. 06:02.080 --> 06:05.600 So here, instead of encoding, we need to decode this. 06:05.600 --> 06:06.040 Okay. 06:08.880 --> 06:09.120 Okay. 06:09.160 --> 06:10.040 Seven again. 06:11.720 --> 06:12.080 Okay. 06:12.120 --> 06:13.520 Lesson on that. 06:16.000 --> 06:19.040 And okay. 06:19.040 --> 06:20.360 Let's go back here. 06:20.720 --> 06:22.080 It's going to be dir. 06:22.120 --> 06:22.840 Hit enter. 06:23.240 --> 06:29.400 Now you see that we are receiving the result through this one okay. 06:29.440 --> 06:32.760 I use dir or dir command. 06:32.880 --> 06:36.200 It is a command like Lzw in when in Linux. 06:36.240 --> 06:39.360 You see it is showing me all the result. 06:39.720 --> 06:41.560 Uh, everything I have here. 06:41.600 --> 06:42.040 Okay. 06:42.080 --> 06:48.800 Inside this folder and let's say directory of C, this is the directory okay. 06:48.840 --> 06:52.640 Python project desktop which is my username. 06:52.640 --> 06:58.440 And it is showing me that I have these two files here inside this folder. 06:59.680 --> 07:03.480 Now, right now, you see that it only executes once. 07:03.520 --> 07:03.840 Okay. 07:03.880 --> 07:05.680 And then it closes the program. 07:06.200 --> 07:07.400 So it is not what I want. 07:07.440 --> 07:07.720 Okay. 07:07.760 --> 07:11.440 The thing I want is to be executed a lot of time. 07:11.440 --> 07:13.640 For example, this time I use dir. 07:13.680 --> 07:15.840 It shows me the directory this time. 07:15.880 --> 07:20.240 The second time, for example, I want to use cli command to go to another directory. 07:20.240 --> 07:21.200 Again I need to. 07:21.520 --> 07:22.600 I must be able to. 07:25.160 --> 07:25.960 Uh, I got. 07:29.240 --> 07:32.160 To I must be able to execute my commands. 07:32.600 --> 07:32.800 So. 07:35.640 --> 07:38.160 Come on again I'm listening okay. 07:38.440 --> 07:40.000 So to solve that. 07:40.120 --> 07:42.480 To handle that, you need to come here. 07:42.480 --> 07:44.480 You see this three line here? 07:44.520 --> 07:45.320 Okay. 07:45.320 --> 07:47.880 These are responsible for. 07:50.000 --> 07:51.600 Receiving the command. 07:51.600 --> 07:56.080 Executing the command and also sending the commands okay. 07:56.450 --> 08:01.410 So for that we need to put them into a into a loop. 08:01.490 --> 08:02.930 And that is going to be a while loop. 08:02.970 --> 08:03.650 Okay. 08:03.690 --> 08:08.130 So let's use while it is true which is all the time true. 08:08.170 --> 08:08.890 Okay. 08:08.930 --> 08:12.850 We need to execute this thing. 08:13.730 --> 08:16.610 So and. 08:28.930 --> 08:29.930 Just a moment. 08:30.970 --> 08:31.730 Okay. 08:31.770 --> 08:33.210 It is unreachable. 08:35.930 --> 08:36.570 No problem. 08:36.570 --> 08:37.490 Let's go and execute. 08:37.530 --> 08:38.850 Maybe this is not an error. 08:39.850 --> 08:42.010 Uh, am I listening right now or not? 08:42.810 --> 08:43.010 Okay. 08:43.050 --> 08:43.850 I'm listening. 08:45.650 --> 08:46.930 Let's come back here. 08:46.970 --> 08:49.370 Execute the program. 08:49.410 --> 08:50.770 Come back here. 08:50.810 --> 08:51.090 Okay. 08:51.130 --> 08:52.210 Connection established. 08:52.210 --> 08:54.090 Let's use dir. 08:54.370 --> 08:58.540 Okay, now I have the result, which is, uh, here. 08:58.580 --> 08:59.020 Okay. 08:59.340 --> 09:00.980 Let's use another command. 09:00.980 --> 09:01.900 For example. 09:02.020 --> 09:03.500 It's going to be ipconfig. 09:03.940 --> 09:04.660 Okay. 09:04.700 --> 09:06.380 Ipconfig. 09:06.460 --> 09:07.060 Hit enter. 09:07.380 --> 09:10.380 Now it is showing me the result for ipconfig. 09:12.860 --> 09:21.060 And if I use city ups it is not going to be happened if I use dir. 09:21.100 --> 09:24.340 Now still I am into the same location. 09:24.380 --> 09:24.780 Okay. 09:25.820 --> 09:34.060 And let's see I want to go to city desktop disk top. 09:35.620 --> 09:36.260 Not happened. 09:36.300 --> 09:36.500 Okay. 09:36.540 --> 09:37.140 No problem. 09:37.300 --> 09:45.940 So now we are able to execute system command more than one time. 09:45.980 --> 09:46.420 Okay. 09:48.020 --> 09:49.620 Let me come back here. 09:55.700 --> 10:00.540 Mhm. 10:03.060 --> 10:03.380 Okay. 10:03.380 --> 10:05.420 We are able to do a lot of things here. 10:09.420 --> 10:12.020 Mhm. 10:12.060 --> 10:12.500 Okay. 10:17.740 --> 10:18.140 Okay. 10:18.580 --> 10:19.020 Okay. 10:21.380 --> 10:21.700 Okay. 10:21.700 --> 10:27.940 We are able to execute our system command from Kali Linux on Windows machine. 10:27.940 --> 10:31.100 So it is something that normal user can do okay. 10:33.420 --> 10:35.100 And if I use who am I. 10:35.140 --> 10:38.100 This is working or not okay. 10:38.580 --> 10:42.740 It is showing me that I am this this user okay. 10:42.740 --> 10:44.500 Exploit ship is my user. 10:44.500 --> 10:45.260 Super user. 10:45.980 --> 10:47.220 So okay. 10:47.260 --> 10:47.900 That's it. 10:48.340 --> 10:50.860 Let's go and see how we can improve this. 10:51.260 --> 10:54.260 More beautiful and more and more. 10:54.300 --> 10:54.700 Okay.