WEBVTT

00:01.840 --> 00:02.240
Okay.

00:02.960 --> 00:10.720
After we completed all this program, we built a lot of very good evil file that we can use in a lot

00:10.760 --> 00:19.680
of places, that there is still something that we can do with them.

00:19.680 --> 00:20.120
Okay.

00:21.040 --> 00:26.120
And that is about persistency.

00:26.160 --> 00:27.320
What does that mean?

00:27.520 --> 00:37.000
That means I want to build my program, or I want to show you how you can use this program in a windows

00:37.000 --> 00:47.200
machine, that whenever the victim is starting the windows machine, your program needs to start loading,

00:47.200 --> 00:48.280
okay?

00:48.320 --> 00:52.200
Start executing so you don't need to.

00:52.400 --> 01:00.620
Every time go and double click on your window on your, for example, backdoor or any of your You will

01:00.620 --> 01:01.980
find that you created.

01:01.980 --> 01:07.500
So one of those ways is to add those entry into registry.

01:07.540 --> 01:10.980
Let me show you how we can do this into start menu.

01:11.020 --> 01:14.540
We are going to search for our registry editor.

01:15.300 --> 01:18.300
Let's hit this and let's see.

01:19.540 --> 01:24.980
So into this registry let me show you.

01:28.460 --> 01:28.860
Okay.

01:28.860 --> 01:34.300
Whenever you are searching for registry editor you will be able to see something like this.

01:34.340 --> 01:37.100
Okay so let's go to second one.

01:37.100 --> 01:40.180
It is called H key current user.

01:40.940 --> 01:47.940
And after that we need to come here into the uh software.

01:47.980 --> 01:48.380
Okay.

01:48.420 --> 01:49.020
Software.

01:49.540 --> 01:57.100
And after uh, searching for software, we need to come to, uh, Microsoft.

01:57.140 --> 01:57.580
Okay.

01:58.220 --> 02:03.120
And after that, we need to find windows again.

02:03.520 --> 02:04.360
That is here.

02:05.880 --> 02:10.120
And after that, you need to come to current version.

02:11.520 --> 02:11.840
Okay.

02:11.880 --> 02:12.440
Windows.

02:12.480 --> 02:12.720
Okay.

02:12.760 --> 02:13.920
Current version.

02:14.320 --> 02:19.040
And finally, we need to find this run here.

02:19.640 --> 02:30.280
Now in here, if you give any thing, add anything in here whenever your computer is starting.

02:30.440 --> 02:30.600
Okay.

02:30.640 --> 02:32.440
When it is started.

02:32.440 --> 02:36.720
So it will automatically it will start executing.

02:36.760 --> 02:40.400
As you see here there is three files okay.

02:40.440 --> 02:43.680
One of them it was Microsoft Edge update.

02:43.680 --> 02:47.280
I removed this because whenever I was starting my computer.

02:47.280 --> 02:53.080
So it was starting to update the Microsoft Edge and I really didn't like that.

02:53.080 --> 02:58.160
So there is another thing that is called on drive or one drive dot exe.

02:58.520 --> 03:04.420
And whenever we start our computer automatically, this will start loading.

03:04.540 --> 03:13.260
So how can we add something or like, uh, our program right in here.

03:13.300 --> 03:13.740
Okay.

03:15.300 --> 03:16.100
Add that.

03:16.460 --> 03:24.020
So, uh, we, we are able to add our program here very easily.

03:24.260 --> 03:26.620
Just let me show you a simple example.

03:27.940 --> 03:31.180
Uh, by using the read or write command.

03:31.220 --> 03:32.340
We can add this okay.

03:32.380 --> 03:37.460
For example I'm using bridge rig or eg and then add.

03:37.580 --> 03:43.620
Then I use h k c u slash.

03:44.340 --> 03:53.420
And then you need to write uh this location software Microsoft Windows Currentversion run.

03:53.460 --> 03:54.180
Okay.

03:54.220 --> 03:56.300
So let's write that okay.

03:56.340 --> 03:58.850
The first one is called Software.

03:59.330 --> 04:04.850
And then we have Microsoft.

04:06.850 --> 04:08.330
And what is the next thing?

04:08.650 --> 04:09.490
Microsoft.

04:09.530 --> 04:11.570
We have windows.

04:13.810 --> 04:15.730
We have current.

04:18.090 --> 04:18.730
Version.

04:18.850 --> 04:21.130
And finally we have Ram.

04:21.170 --> 04:21.570
Okay.

04:21.930 --> 04:25.170
So now this is the location that we want to add.

04:25.330 --> 04:30.170
But still there is something we need to add something extra.

04:30.210 --> 04:31.130
Okay.

04:31.170 --> 04:35.810
One of them is uh dash or slash v okay.

04:36.930 --> 04:39.810
Slash v is a value or name here.

04:39.810 --> 04:41.850
As you see, the first one is default.

04:41.890 --> 04:44.850
The other one is, uh, Microsoft Edge.

04:44.850 --> 04:46.890
And this one one drive or on drive.

04:47.730 --> 04:53.290
Then now I want to add this as, uh, give it something like test.

04:53.330 --> 04:53.770
Okay.

04:54.610 --> 04:58.310
And also we have another thing that is called T.

04:58.790 --> 05:00.110
T is for type.

05:00.310 --> 05:04.190
As you see, type is ready and this is z.

05:04.230 --> 05:07.870
We need to give specifically this one.

05:08.230 --> 05:12.510
So reg underscore is z.

05:13.270 --> 05:14.990
And also.

05:15.030 --> 05:15.670
All right.

05:17.110 --> 05:18.030
Okay.

05:18.030 --> 05:23.390
We need to give another thing that is called D.

05:23.390 --> 05:33.630
And this is the location of your program for example your backdoor or your any program in any file that

05:33.630 --> 05:35.310
you have that you created.

05:35.430 --> 05:36.950
You can add that here.

05:36.950 --> 05:46.390
So and for example mine is in C drive and into the program for example okay.

05:46.430 --> 05:48.910
Right now it is not in this location.

05:48.910 --> 05:50.790
Just imagine that it is in this location.

05:50.790 --> 05:55.430
For example it is this dot x and this one.

05:55.910 --> 05:57.030
Now I hit enter.

05:57.610 --> 06:01.130
You see that the operation completed successfully.

06:01.810 --> 06:04.570
And right now you see nothing here.

06:05.210 --> 06:09.490
And for example, I click somewhere else and then I click on run.

06:09.530 --> 06:12.690
Now you see that something new added called test.

06:12.690 --> 06:18.650
This is the type and this is the location for the file C drive program file.

06:19.050 --> 06:21.730
And also test dot exe.

06:22.370 --> 06:31.410
So now whenever I start the program the windows sorry the windows machine it will come and try to execute

06:31.410 --> 06:33.210
this program.

06:33.210 --> 06:35.450
That's called test dot exe from this location.

06:35.450 --> 06:41.490
But in this location actually I don't have any file called test X with no problem.

06:41.490 --> 06:47.210
So here you saw you learn how you can add your program in this location.

06:47.290 --> 06:47.850
Okay.

06:47.890 --> 06:49.770
So thanks for watching.

06:49.770 --> 06:55.010
And let's go add one of the file here okay.

06:55.050 --> 06:56.410
So let's go and see.