Time
1 hour 41 minutes
Difficulty
Beginner
CEU/CPE
2

Video Transcription

00:00
Hey, guys, Welcome back to the cyber quilting course on celebrity. This is Abderaman name on today's episode we cover organization.
00:09
So organization is the second step of the cyber canteen. And in this step, we depend a lot on reconnaissance. And this is why I was saying, spend as much time as you can doing reconnaissance because you, Constance, will give you the base that you're going to build the rest of the attack on. So if I go to organization
00:29
without doing proper reconnaissance, I won't be able to build
00:32
a weapon or a payload that would work
00:36
on the target machine because I'm guessing what the target machine is.
00:41
So from now on, our assumptions are
00:44
where the target machine is. Windows.
00:47
We're going to use local host. From now on, we're going. All of the attacks are going to happen within my virtual environment. So we're not going to communicate with anything on the Internet.
00:58
So organization is a fairly passive step. This stuff happens on my side or the attacker side. Only we're not going to communicate with the victim.
01:07
What we're trying to do here, as I said, is built a payload that we're going to use later on or deliver, and they following step to the victim
01:17
to be able to install it and then have control over the victim site. There are two tools that we're going to talk about today. Mitt Exploit and Unicorn
01:29
with Exploit comes built in in Cali, Lennix. It's an extremely popular tool. There's a lot of documentation out there. I'm going to leave a couple of links in The resource is page that I highly recommend going to, because
01:42
if you're looking to go into pen testing MIT exploit is the tool you want to learn.
01:48
The other tool is unicorn. It's a tool that I stumbled upon a few weeks ago. It's a python tool, and it's extremely good in evading protection tools,
01:59
so let's jump right into it.
02:01
So what we're going to run today is the first thing that we're gonna learn today is Emma's venom, which is, and I don too.
02:08
Ah,
02:09
Mitt exploit
02:12
and our payload is going to be reversed. The city
02:19
on Diversity CP is is very popular
02:23
because it
02:24
it bypasses
02:27
or uses the
02:29
state fullness of a fire old to bypass the control. So
02:34
I fired a little block any communication coming from the outside
02:38
to the inside. However, F a communication innocent firewall is triggered from behind the fire world, the return packet will be automatically allowed.
02:47
So our looking host,
02:50
as I said before, we're going to use local host here.
02:53
So it's going to be my local I p me
02:59
find it here. And that's my local I p. That's happy that I'm going to use from now on
03:06
and wouldst you were going to use port four for four
03:13
on that, you can pick whatever support you want. A lot of people tend to use the defaults,
03:22
so
03:30
five and then
03:32
we're going to generate a execute people
03:37
space here
03:38
and we're going to put it and
03:40
boot
03:43
desktop gonna call payload that taxi.
03:46
So
03:47
what? This
03:50
clears the payload.
03:52
You might notice that the halo does that sexy, which is kind of difficult
03:58
to send over,
04:00
uh, email or
04:01
get it to the victim.
04:03
And that's correct. Because ah, lot of anti viruses and a lot of email exchange servers will block any E x e to be sent.
04:13
And for that we're going to use the other tool that I'm gonna show you a unicorn.
04:17
But before we get into unicorns were going to go to
04:21
show you the outfit off
04:26
that
04:28
did the payload off metal spike.
04:30
So there you go. That's the payload that t x c. Obviously, I cannot learn it here because running a Lennox machine
04:38
but any
04:39
protection tool easily detect
04:42
a doctor x e file.
04:45
So let's move to unicorn on a said that seed. It's a python
04:49
cool
04:54
and ah, it's a fairly easy part on Tool.
04:59
So we're going to run this exact same
05:01
commander we round before out of the exact same payload that we did before the reverse TCP reverse.
05:10
Ah TCP. But this time it's going to be university TPS
05:15
the same I p
05:18
21 on Let's use because its diversity TPS we're going to use for 43
05:26
So now while it's ah, generating, the payload is going to generate two files. The 1st 1 is
05:33
the text file, which will be delivered in the next face to the victim. The other one is the RC file you can see here
05:43
and that's going to configure MSF counselor Meter sport to be able to execute and create the listener. So let's less here.
05:51
And that's
05:54
the power cell, that text.
05:57
And
05:58
that's unicorn
05:59
that our sea.
06:01
Okay, so we have a number of true or false questions for our post assessment
06:08
questions.
06:09
So the 1st 1 is weaponization. Days
06:12
is independent from the Constance and can be done and pedal with it
06:17
on. The answer here is off.
06:20
As I said,
06:21
reconnaissance is the most or the most important step. You cannot go to organization. You won't create a correct weapon if you bypassed reconnaissance.
06:32
So the second question is and weaponization face. The attacker is actively trying to access the victim or the victim's note.
06:44
Again, that's incorrect. False, because
06:47
organization is a fairly passive
06:51
phase and we're not going to communicate with the victim during the organization face.
06:59
Finally, a myth exploit will produce a text file and RC file.
07:03
And that's also incorrect. As I said, Mr Sport, or, as you saw Mr Sport, created inexcusable
07:10
that we are supposed to get somehow
07:12
to the other side. Obviously, this can be done.
07:15
If they have unopened FTP port that has access to a Windows server,
07:20
you might be able to get it there. However, any
07:25
anti virus or any anti malware tool or I P s or ideas in the way would actually detect that executed all fire on most probably block it. In most cases, however, and
07:40
unicorn, we created a *** fire that we are going to use to send to the victim on a data see fire that we're going to use to execute and create
07:49
the listener.
07:50
And today's episode we cover the weaponization phase on. We went through a couple of examples and Mitt exploit on dhe unicorn and the next episode we will cover delivery.
08:03
See you then.

Up Next

Cybersecurity Kill Chain™

A practical take on Lockheed Martin Cyber Kill Chain™, The course simulates an example target attack following the 7 phases of the Cyber Kill Chain™.

Instructed By

Instructor Profile Image
Abdulrahman Alnaim
Security Operations Manager
Instructor