1
00:00:02,090 --> 00:00:06,440
‫So in the previous lesson, we performed a basic Ossy command injection example.

2
00:00:08,430 --> 00:00:14,250
‫Now, from the very first point to a reverse shell, we've done everything manually.

3
00:00:15,230 --> 00:00:21,440
‫And now, if you're new to this field or even if you're an experienced veteran, sooner or later you're

4
00:00:21,440 --> 00:00:23,750
‫going to want to automate what you do.

5
00:00:25,800 --> 00:00:30,240
‫So you can use tools or code your own.

6
00:00:31,760 --> 00:00:36,230
‫So on this question, I want to use the tool comics for the command injection.

7
00:00:37,150 --> 00:00:39,550
‫Comics actually ships with Karlie.

8
00:00:40,820 --> 00:00:42,560
‫And this is the latest version.

9
00:00:44,850 --> 00:00:52,680
‫However, I couldn't run it due to a bug and I didn't even get to fix the bugs, so instead of using

10
00:00:52,680 --> 00:00:55,050
‫this version, I'm going to use a previous version.

11
00:00:56,720 --> 00:01:02,090
‫So it's a long way around, just showing you that I will go to its GitHub page.

12
00:01:04,320 --> 00:01:07,830
‫And you see under the releases, you're going to see different releases.

13
00:01:08,520 --> 00:01:09,930
‫So I'm just going to download this one.

14
00:01:12,300 --> 00:01:14,520
‫All download the source code and save it.

15
00:01:17,790 --> 00:01:19,350
‫And go to the download folder.

16
00:01:21,160 --> 00:01:22,390
‫Extract the files.

17
00:01:24,470 --> 00:01:26,480
‫OK, so now I'm going to go back to the terminal.

18
00:01:27,460 --> 00:01:29,350
‫And go to that directory.

19
00:01:31,330 --> 00:01:33,190
‫All right, so here are the files.

20
00:01:34,270 --> 00:01:40,360
‫And you can run it directly from here, show options by specifying the H parameter.

21
00:01:42,250 --> 00:01:43,540
‫It has many options.

22
00:01:44,850 --> 00:01:51,810
‫You can test everyone if you like, but I'm going to go on, so go to Firefox's.

23
00:01:53,050 --> 00:01:54,580
‫And send the traffic to berp.

24
00:01:56,720 --> 00:01:58,100
‫We're going to look up.

25
00:02:01,090 --> 00:02:04,240
‫Now, copy this request to a file.

26
00:02:05,720 --> 00:02:08,450
‫And name it, whatever you want to and save.

27
00:02:10,240 --> 00:02:11,830
‫Then let there Cresco.

28
00:02:14,740 --> 00:02:18,580
‫Now we have nothing with Bourbon Firefox.

29
00:02:20,240 --> 00:02:22,400
‫So let's use comix.

30
00:02:24,040 --> 00:02:33,340
‫So type comics dot p y dash r to specify the file that we saved P is for the parameter and the request

31
00:02:33,340 --> 00:02:33,970
‫to test.

32
00:02:34,900 --> 00:02:39,760
‫And all to test and check for everything Comics' tests.

33
00:02:41,460 --> 00:02:42,360
‫And hit enter.

34
00:02:44,170 --> 00:02:45,250
‫So it gets something.

35
00:02:47,040 --> 00:02:50,700
‫OK, I'm not alone, Comics' also displays a password file first.

36
00:02:52,550 --> 00:02:55,850
‫Now, it also enumerates this system in detail.

37
00:02:57,490 --> 00:03:04,330
‫And below, it asks to open a shell style interface, so of course, I hit enter to accept.

38
00:03:06,130 --> 00:03:09,430
‫And this is the comics style, Shel.

39
00:03:10,880 --> 00:03:12,860
‫So now you can run those commands from here.

40
00:03:14,080 --> 00:03:15,420
‫Your name, Dashi.

41
00:03:18,260 --> 00:03:18,920
‫EDD.

42
00:03:21,880 --> 00:03:25,770
‫And comics can also create a reverse shell for us.

43
00:03:27,030 --> 00:03:29,040
‫So type in reverse, TCP.

44
00:03:31,370 --> 00:03:34,340
‫Now, you may recall Métis Point.

45
00:03:36,020 --> 00:03:41,150
‫OK, so set the localhost to the IP address of your Caleigh.

46
00:03:43,580 --> 00:03:48,350
‫And then set the local port on Kalani to listen for the river, his connection.

47
00:03:50,040 --> 00:03:52,970
‫I'm going to say four, four, four, five.

48
00:03:55,030 --> 00:03:57,940
‫And now you must choose which type of shell you want.

49
00:03:58,980 --> 00:04:04,680
‫And let's see, we've already done the net cat style shell, so choose to.

50
00:04:06,760 --> 00:04:14,950
‫Now, you must choose which type of reverse TCP shell, so I'm going to say eight and it will generate

51
00:04:14,950 --> 00:04:15,880
‫the payload for us.

52
00:04:17,510 --> 00:04:20,210
‫And then create a medical resource file.

53
00:04:21,600 --> 00:04:23,880
‫All right, so I'm going to just put the window.

54
00:04:24,980 --> 00:04:27,140
‫Then copy the resource file.

55
00:04:28,090 --> 00:04:31,360
‫And paste it in here and add a Q.

56
00:04:32,230 --> 00:04:36,220
‫For the parameter to start Métis boite in quiet mode.

57
00:04:38,090 --> 00:04:39,320
‫Then hit enter.

58
00:04:41,090 --> 00:04:45,290
‫Now, the U.S. file creates a multi handler with his options.

59
00:04:46,140 --> 00:04:47,640
‫And then exploit.

60
00:04:48,750 --> 00:04:54,450
‫So that way that generated reverse TCP payload on B box connects to the handler and Kelly.

61
00:04:56,220 --> 00:04:58,320
‫And the interpreter session is open.

62
00:04:59,440 --> 00:05:01,000
‫So type this info.

63
00:05:03,060 --> 00:05:07,860
‫And this command shows a short view of the system and the session information.

64
00:05:09,410 --> 00:05:13,310
‫And get Eweida for the user of the session.

65
00:05:14,990 --> 00:05:20,840
‫Now you can run your post modules or do some privilege escalations on the system, that's entirely up

66
00:05:20,840 --> 00:05:21,950
‫to you, whatever you want.

67
00:05:23,180 --> 00:05:24,950
‫Oh, and one last thing.

68
00:05:26,290 --> 00:05:35,080
‫So as I observe this shell, it's not as consistent as a Boyte reverse DCP shells, so.

69
00:05:36,160 --> 00:05:41,400
‫I don't know why this would be, but in your system, it may indeed still be different.