WEBVTT

00:04.720 --> 00:11.560
Okay, now that we know how to, uh, create our reverse factor.

00:11.600 --> 00:19.920
Okay, now we have our reverse factor here, and it is time to create another program, which is very

00:19.920 --> 00:21.160
cool and very famous.

00:21.200 --> 00:28.680
A lot of people know what is it or what it is, and that is called Trojan.

00:28.720 --> 00:29.440
Okay.

00:29.480 --> 00:34.800
So now let's go and create a very simple Trojan, okay.

00:35.360 --> 00:39.120
That whenever the victim click on that.

00:39.280 --> 00:44.880
So, uh, that looks like a very normal, uh, file.

00:44.880 --> 00:49.360
And we will be able to execute our code in the background.

00:49.360 --> 00:56.120
So you see, I have, I have these, uh, for example, reverse factor here.

00:56.160 --> 00:56.920
Okay.

00:56.960 --> 01:05.260
I want to create a Trojan to, for For example, that looks like a normal picture.

01:05.260 --> 01:12.500
Whenever they click, it will open a picture, and in background I want to execute reverse backdoor

01:12.500 --> 01:15.860
and I connect using Kali Linux okay.

01:15.900 --> 01:17.820
And listener to that computer.

01:17.820 --> 01:26.260
And I must be able to move inside folders, download and upload data into this system.

01:26.260 --> 01:28.580
So this is the windows system okay.

01:29.580 --> 01:30.820
In here.

01:30.820 --> 01:32.700
Let me show you something.

01:33.260 --> 01:36.220
Right now in this system I installed Xampp.

01:36.260 --> 01:37.700
It is a web server okay.

01:38.540 --> 01:46.380
And in the docs folder here I put a file called picture okay or PC.

01:46.620 --> 01:48.740
This is a normal file right now.

01:48.820 --> 01:52.220
You see this is just an image okay.

01:52.260 --> 01:57.740
And also I must put my reverse factor in here as well.

01:58.820 --> 02:07.640
Uh, for you or for others, uh, they can put them in their color Linux if they have installed the

02:07.640 --> 02:09.320
Xampp or any web server.

02:09.320 --> 02:17.960
If they have, they could upload their file there and then when they open a picture, they must be able

02:17.960 --> 02:22.600
to download the file from a server.

02:22.640 --> 02:29.640
Okay, so for me I put this in this computer to just test this okay.

02:29.680 --> 02:32.280
I don't have the Xampp installed in my Kali Linux.

02:32.520 --> 02:38.160
So because of that I am using this windows uh as a target.

02:38.160 --> 02:43.240
And also I put the evil file right here to download it here okay.

02:43.280 --> 02:45.200
And execute this.

02:45.200 --> 02:51.120
So first we need to have a reverse.

02:52.200 --> 02:55.800
It looks like the reverse factor is deleted okay.

02:55.840 --> 03:00.720
By maybe by firewall or something.

03:01.160 --> 03:03.880
So we need to go to cmd.

03:06.460 --> 03:11.220
Okay Siri desktop and Python project and re.

03:16.740 --> 03:17.220
Okay.

03:17.220 --> 03:22.060
Now if I use dir you see we have a reverse factor.py.

03:22.980 --> 03:38.740
Uh here I want to use I installer and then one file no console hit enter.

03:38.780 --> 03:43.100
That's not really sorry something happened.

03:44.060 --> 03:48.620
And here I need to use or add reverse factor as well.

03:48.620 --> 03:52.180
So this will package the reverse factor okay.

03:52.300 --> 03:55.460
After the reverse factor is completed.

03:55.500 --> 03:57.900
As you see now it is completed.

03:57.900 --> 04:01.940
And here you see that the file is here.

04:01.940 --> 04:06.820
And I want this to copy okay.

04:09.400 --> 04:10.320
That is here.

04:10.400 --> 04:13.680
Let's use Ctrl C or just copy this from here.

04:13.680 --> 04:16.280
I want to put this into Xampp.

04:18.320 --> 04:23.480
Which the docs reverse factor listed here.

04:23.560 --> 04:24.720
Right now it is here.

04:24.760 --> 04:25.080
Okay.

04:25.120 --> 04:25.800
Perfect.

04:27.200 --> 04:33.480
Now in here I created a file called download Execute and Report.

04:33.960 --> 04:37.840
So in here I am going to create this file to looks like a picture.

04:37.840 --> 04:44.160
Whenever they click over this file it must be just a picture okay.

04:45.080 --> 04:46.000
It must show a picture.

04:46.000 --> 04:52.080
And in background we must be able to execute our reverse factor.

04:52.120 --> 04:54.960
And like that okay.

04:55.000 --> 05:02.240
So to start this I need to import some module okay I will start I will start working a little faster.

05:02.280 --> 05:04.200
The first one is going to be requests.

05:05.200 --> 05:10.180
And if you don't have it you need to install this request pip install requests, it will be installed

05:10.180 --> 05:11.260
in your system.

05:11.540 --> 05:13.940
The next one is a subprocess.

05:14.860 --> 05:20.580
And also we need OS and we need another thing that is called temp file.

05:21.500 --> 05:22.180
Perfect.

05:22.740 --> 05:26.900
So here I need to create a method for doing the download stuff.

05:26.940 --> 05:33.980
Okay so download here I need to give the URL as argument.

05:34.340 --> 05:37.860
And in here let's get create a variable.

05:37.900 --> 05:39.860
Name it get response.

05:42.020 --> 05:43.820
And it is equal to.

05:46.100 --> 05:49.500
We have the request okay dot get.

05:49.900 --> 05:52.740
And in here you need to give the URL.

05:54.460 --> 05:57.740
Now that we have this I'm going to create another variable.

05:57.740 --> 05:59.700
I'm going to name this file name.

05:59.700 --> 06:00.500
It is equal to.

06:00.540 --> 06:03.460
If you want to get the file name you need to use URL.

06:03.500 --> 06:04.380
Let's split.

06:06.420 --> 06:09.500
And I'm going to split this with a slash.

06:10.040 --> 06:13.720
And then remove this.

06:13.760 --> 06:14.320
Okay.

06:14.360 --> 06:15.960
This will give me the file name.

06:16.720 --> 06:19.880
And here let's use with open.

06:22.320 --> 06:23.160
Uh.

06:23.160 --> 06:24.520
File name okay.

06:28.720 --> 06:36.440
Uh I want to open this as w b means write as binary okay.

06:37.920 --> 06:40.040
As out file.

06:42.320 --> 06:44.200
So now we have the out file.

06:44.240 --> 06:44.640
Okay.

06:46.280 --> 06:47.080
Out file.

06:47.080 --> 06:52.080
Dot write method will write into this file.

06:52.800 --> 06:59.920
And I'm going to use something called get response that is here.

06:59.960 --> 07:00.160
Okay.

07:00.200 --> 07:03.640
We already have it here by using get method.

07:03.640 --> 07:06.160
And then we're giving the URL to this.

07:06.160 --> 07:09.920
And in here I am going to use content.

07:09.960 --> 07:12.740
So this will download the file for me.

07:13.420 --> 07:16.180
And I don't care about this.

07:17.020 --> 07:18.140
How does it work?

07:18.140 --> 07:19.620
Or something or anything?

07:20.180 --> 07:22.620
Now I do this like this.

07:22.620 --> 07:28.260
I move to the second part, and the second part is to get the temp directory.

07:28.860 --> 07:33.060
So let's create temp directory.

07:34.860 --> 07:43.380
So it is equal to temp file dot get temp dir.

07:45.220 --> 07:49.220
And here we need to use to change the directory to this location.

07:49.220 --> 07:57.300
So we use OS dot Chdir means change directory to temp directory.

07:57.340 --> 07:57.740
Okay.

07:58.460 --> 08:04.660
So the next one is to call this method which is the download method.

08:05.340 --> 08:14.390
And in here we need to give the location of that image and also that evil file.

08:14.430 --> 08:18.310
Okay, uh, that is inside the server.

08:18.710 --> 08:21.670
So here, let me open my server.

08:21.710 --> 08:22.030
Okay.

08:22.110 --> 08:23.550
It is for me.

08:24.910 --> 08:26.310
Xampp control panel.

08:30.550 --> 08:35.430
Okay, let's start Apache and also MySQL.

08:37.470 --> 08:40.030
And then open Chrome here.

08:45.190 --> 08:55.110
To get the URL or the link for the file for evil file that we put it on our server.

08:56.150 --> 08:58.990
So here let's use localhost.

09:01.670 --> 09:05.070
And then reverse factor.

09:06.790 --> 09:10.990
When I use localhost reverse factor it shows picture.

09:10.990 --> 09:15.810
And also this uh reverse factor dot exe Five.

09:15.850 --> 09:20.410
Okay, if I click on this, it will show me this image.

09:20.610 --> 09:23.770
Now I'm going to copy this URL from here.

09:24.450 --> 09:26.570
And then I am going to use it here.

09:26.610 --> 09:27.010
Okay.

09:28.690 --> 09:30.770
So now I have this.

09:31.290 --> 09:34.450
It is the URL or the link that comes here.

09:34.450 --> 09:37.490
And it will download this file.

09:37.810 --> 09:41.090
And after it is downloaded we need to open this.

09:41.130 --> 09:41.770
Okay.

09:41.810 --> 09:47.850
So for doing that we use subprocess dot e p open.

09:47.850 --> 09:55.410
And then we give the name of the file dot jpg which is pick dot jpg.

09:57.930 --> 09:58.730
And.

10:00.810 --> 10:05.610
Also here we need to give that shell is equal to.

10:08.210 --> 10:08.610
True.

10:09.650 --> 10:13.850
The same thing needs to be happened with the zip file.

10:13.890 --> 10:18.510
Okay so I copy this And paste it here.

10:18.670 --> 10:23.350
So just change this file to reverse.

10:27.270 --> 10:29.510
Factor dot x.

10:29.790 --> 10:33.870
And also the same thing with this.

10:40.030 --> 10:44.830
And this the first one will download that image and show the image.

10:44.830 --> 10:48.790
The second one will download and try to execute this one.

10:48.790 --> 10:54.230
But here we are not going to use Popen because we need to call this okay.

10:54.270 --> 10:56.870
So we use call method here.

10:57.470 --> 11:04.190
And after that is finished we need to do two more things here okay.

11:05.230 --> 11:10.830
And that is to remove the image and also to remove that evil file.

11:10.830 --> 11:14.190
So we use OS dot remove.

11:17.670 --> 11:21.970
Uh Peak dot jpg.

11:24.490 --> 11:26.850
And also reverse factor.

11:30.570 --> 11:31.530
A to Z.

11:32.090 --> 11:34.090
So now I am going to save this.

11:35.170 --> 11:38.290
Uh it is in this location okay.

11:40.530 --> 11:41.290
Right here.

11:41.610 --> 11:42.330
Let me.

11:44.410 --> 11:50.890
Come back this dir hit enter download execute and report dot p y.

11:50.930 --> 11:51.890
We have it here.

11:51.930 --> 11:52.370
Okay.

11:52.970 --> 11:55.250
Let's use pi installer.

11:57.930 --> 11:59.330
Uh, one file.

11:59.530 --> 12:03.770
And also we need to use no console.

12:05.970 --> 12:09.930
And we have the download execute and report.

12:10.010 --> 12:11.730
Hit enter.

12:11.730 --> 12:14.770
And after this is complete.

12:17.330 --> 12:18.250
Uh, we need to.

12:20.350 --> 12:27.070
Come to this holy machine and listen from here.

12:27.110 --> 12:27.510
Okay.

12:29.750 --> 12:31.670
Python listener.py.

12:31.710 --> 12:33.630
Right now we are listening from here.

12:33.670 --> 12:34.070
Okay.

12:35.070 --> 12:40.750
And the Trojan is about to be complete.

12:42.190 --> 12:44.150
So right now this is a Trojan.

12:44.190 --> 12:44.470
Okay.

12:44.510 --> 12:46.470
That it looks like an image.

12:46.670 --> 12:52.070
Whenever we double click on this file that will be generated here.

12:52.110 --> 12:52.870
Okay.

12:52.910 --> 12:56.190
Into here exe file.

12:58.710 --> 13:03.310
When we double click on this file we will be able to see this image.

13:03.350 --> 13:03.790
Okay.

13:04.470 --> 13:09.950
And in background we will be able to run this program that is called reverse factor dot exe.

13:10.790 --> 13:14.390
And we will be able to connect from Kali Linux to this machine.

13:15.150 --> 13:15.830
Let's see.

13:19.950 --> 13:21.590
Download execute and report.

13:21.630 --> 13:23.170
It is not yet completed.

13:23.210 --> 13:23.610
Okay.

13:26.210 --> 13:27.730
Now it is completed.

13:27.730 --> 13:30.130
And let me come right in here.

13:31.970 --> 13:33.650
And this top.

13:36.770 --> 13:37.690
Okay.

13:37.730 --> 13:39.370
Now, you see, we have this.

13:39.370 --> 13:41.090
I'm going to double click this.

13:43.570 --> 13:46.210
And wait just a moment.

13:46.810 --> 13:51.490
You see, I only see this image and nothing dangerous.

13:51.490 --> 13:52.410
Anything else?

13:52.450 --> 13:55.130
Okay, so let's come back here.

13:55.170 --> 14:00.610
Right now you see that it has also got connected and got a connection from this.

14:00.930 --> 14:01.770
Okay.

14:01.810 --> 14:02.850
IP also changed.

14:02.890 --> 14:03.570
No problem.

14:03.570 --> 14:09.090
Let's use the I r and you see a lot of image here a lot of files and folders here.

14:10.490 --> 14:16.490
If I come back here enter this dir okay I see a few folders.

14:16.530 --> 14:20.890
If I came back again if I use dir.

14:20.930 --> 14:33.830
You see now we are able to, to okay, to use to city to come back and go inside.

14:33.830 --> 14:36.830
For example, I'm going to go to inside this folder.

14:37.390 --> 14:41.630
So I use city roaming.

14:42.030 --> 14:43.070
Hit enter.

14:43.110 --> 14:46.950
Now if I use city sorry if I use dir.

14:46.950 --> 14:53.670
You see that we have all this Adobe and also we have code.

14:53.670 --> 14:58.030
We have these files and folders.

14:58.070 --> 15:00.350
So now from here I will be able to.

15:00.990 --> 15:06.870
And also you see we have window explorer windows explorer dot exe as that was one of our file.

15:06.870 --> 15:14.270
You know that now I'm able to download this file or I can upload another backdoor or another evil file

15:14.310 --> 15:14.870
to this.

15:14.870 --> 15:18.870
So now it is working and it is a Trojan.

15:18.910 --> 15:20.510
So very simple Trojan.

15:21.310 --> 15:25.030
And thanks for watching and I will see you in the next lecture.