1
00:00:00,900 --> 00:00:06,940
‫System commands are related to the operations performed on the operating system in the target computer.

2
00:00:07,800 --> 00:00:13,590
‫We've used almost all of the commands seen on the slide before, but I want to remind you of where we

3
00:00:13,590 --> 00:00:18,770
‫will use the command clear that clears the event logs for Windows Systems.

4
00:00:18,780 --> 00:00:22,170
‫It clears application system and security files.

5
00:00:22,560 --> 00:00:26,430
‫We use the command interpreter against Windows Systems Lecture.

6
00:00:27,640 --> 00:00:30,110
‫Execute runs a command on the victim machine.

7
00:00:30,790 --> 00:00:34,890
‫We used it to create a channel to have a command show on the victim machine.

8
00:00:36,270 --> 00:00:42,360
‫Get PIDE shows the idea of the process in which our interpreter session is injected.

9
00:00:43,420 --> 00:00:50,200
‫Get you I.D. to see which privileges we have at the moment, we use this and get PID commands while

10
00:00:50,200 --> 00:00:51,580
‫demonstrating the migration.

11
00:00:52,880 --> 00:00:56,510
‫Kill terminates the specified process on the victim.

12
00:00:57,020 --> 00:00:59,290
‫I don't think we've used that one yet.

13
00:01:00,280 --> 00:01:03,740
‫P.S. lists, the process is running on the victim.

14
00:01:04,150 --> 00:01:07,180
‫We use that to find a process to migrate.

15
00:01:08,160 --> 00:01:10,510
‫Reboot, reboots the victim system.

16
00:01:11,160 --> 00:01:17,490
‫That means you'll lose this session, but we've rebooted the victim machine while demonstrating persistence.

17
00:01:18,840 --> 00:01:22,600
‫Shutdown is just that it shuts the victim machine down.

18
00:01:22,800 --> 00:01:29,480
‫That means, again, you'll lose the current session, Regg, to manage the registry of the victim system.

19
00:01:30,210 --> 00:01:33,960
‫We use this command while removing the back door, if you remember.

20
00:01:35,370 --> 00:01:38,760
‫Shell to have a command shell on the victim.

21
00:01:39,810 --> 00:01:43,980
‫I remember that we used this command in the session management lecturer.

22
00:01:45,110 --> 00:01:51,200
‫This info, well, it's just that it's the command that I use most throughout the course, it gets information

23
00:01:51,200 --> 00:01:54,170
‫about the victim machine, such as the operating system.

24
00:01:55,370 --> 00:01:59,300
‫So let's have a look at the system command in action.

25
00:02:03,040 --> 00:02:08,950
‫Here I have an interpreter session in Colly Disinfo to gather information about the victim system,

26
00:02:09,790 --> 00:02:15,310
‫and I can see the operating system, the architecture domain name of the computer logged on user.

27
00:02:15,310 --> 00:02:15,730
‫No.

28
00:02:17,030 --> 00:02:22,700
‫Get pide, see the process ID, we are injected and that's ninety-six for.

29
00:02:23,600 --> 00:02:30,290
‫Get you ID to see who we are on the victim machine and we are the system user, which is very good for

30
00:02:30,290 --> 00:02:30,500
‫us.

31
00:02:31,660 --> 00:02:36,600
‫He has to list the running processes and here's our process, nine six.

32
00:02:38,320 --> 00:02:45,100
‫Now we can use the kill command to kill any process, so let's kill one one eight nine two.

33
00:02:45,340 --> 00:02:51,210
‫All right, let's the process again, peace and the process 192 doesn't exist anymore.

34
00:02:52,550 --> 00:02:54,380
‫Let's kill another one, whatever.

35
00:02:55,840 --> 00:02:58,720
‫Shell to obtain a shell on the victim.

36
00:03:00,260 --> 00:03:03,200
‫Control see to exit from the show by turning in.

37
00:03:05,090 --> 00:03:05,750
‫So what else?

38
00:03:07,010 --> 00:03:09,050
‫Clear left to clear the locks.

39
00:03:09,950 --> 00:03:15,920
‫So let's go to the victim before running the command over the event viewer and see all the log files.

40
00:03:21,210 --> 00:03:24,270
‫Back to Cali and run the clear command.

41
00:03:25,290 --> 00:03:29,490
‫And Windows XP, refresh the event viewer and the logs have gone.

42
00:03:31,030 --> 00:03:33,430
‫Execute to run a command on the victim system.

43
00:03:34,330 --> 00:03:43,000
‫Let's run the command EXI, which opens a command prompt F to specify the file to be executed, ie to

44
00:03:43,000 --> 00:03:44,540
‫interact with a created channel.

45
00:03:45,250 --> 00:03:45,790
‫Now look at that.

46
00:03:45,790 --> 00:03:48,620
‫The channel created and we are on the same channel.

47
00:03:49,450 --> 00:03:54,580
‫So that means we have a command shell on the victim machine in an alternative way.

48
00:03:55,560 --> 00:03:58,080
‫Now you can use control C to terminate the channel.

49
00:03:59,310 --> 00:04:05,010
‫I kept the shut down command to the end because, well, it will shut down the victim system.

50
00:04:06,290 --> 00:04:11,030
‫But look at this, I run the command and as you see, the victim system is shutting down.

51
00:04:12,030 --> 00:04:12,630
‫Wollar.