Would you like to inspect the original subtitles? These are the user uploaded subtitles that are being translated: 1 00:00:00,980 --> 00:00:03,020 Okay, now that we have Veil loaded, 2 00:00:03,440 --> 00:00:07,600 you can see it show us the main commands that you can use with Veil. 3 00:00:08,560 --> 00:00:11,500 So the first command is you can do 'exit' to exit. 4 00:00:12,080 --> 00:00:15,740 You can do 'info' to get information about specific tool. 5 00:00:16,020 --> 00:00:18,920 You can do 'List' to list the available tools. 6 00:00:19,120 --> 00:00:23,040 You can do 'update' to update Veil and this is very, very important 7 00:00:23,380 --> 00:00:28,680 because you always want to be up to date when it comes to by passing antivirus programs 8 00:00:29,320 --> 00:00:32,780 and then you can do 'use' to use a tool. 9 00:00:33,860 --> 00:00:36,180 Now, let's start to using Veil-Evasion 10 00:00:36,280 --> 00:00:41,880 and as we do it, it's goinna become so easy and you'll be able to understand it more. 11 00:00:42,800 --> 00:00:48,260 Now Veil has two main tools and if we do a 'list', you'll be able to see them. 12 00:00:49,280 --> 00:00:54,200 So we have the first one, which is the one that we're interested in, which is called 'Evasion' 13 00:00:54,440 --> 00:00:58,900 and that's the one that generates undetectable backdoors for us. 14 00:00:59,480 --> 00:01:02,760 And then there is the second one, which is called 'Ordinance' 15 00:01:03,000 --> 00:01:07,540 and this tool generates the payloads that's used by 'Evasion', 16 00:01:07,540 --> 00:01:10,980 so you can look at this as a helper or a secondary tool. 17 00:01:11,600 --> 00:01:16,660 Now, what I mean by a payload is, a payload is the part of the code, 18 00:01:16,660 --> 00:01:19,507 of the backdoor that does the stuff that we want. 19 00:01:19,507 --> 00:01:21,720 That does the evil stuff, if you wanna say. 20 00:01:22,460 --> 00:01:25,120 So it's the part of the code that give us a reverse connection. 21 00:01:25,320 --> 00:01:29,580 It's the part of the code that download and execute something on the target computer. 22 00:01:29,860 --> 00:01:37,200 It's the part of the code that allow us to achieve what we want by executing that file 23 00:01:38,340 --> 00:01:41,180 and this is going to become more clear as we start using Veil. 24 00:01:41,820 --> 00:01:45,100 Now, for now, we're interested into using 'Evasion'. 25 00:01:45,420 --> 00:01:51,900 So we're gonna do 'use 1' because that's the first tool, that's number one 26 00:01:52,660 --> 00:01:56,360 and as you can see, we have 'Veil-Evasion' loaded now. 27 00:01:56,540 --> 00:02:01,900 And as I said before, this used to be a standalone tool that you just downloaded on its own 28 00:02:01,900 --> 00:02:04,160 but now they have it all combined together. 29 00:02:04,780 --> 00:02:08,620 Now as you can see, the first thing that we get when we load 'Veil-Evasion' 30 00:02:08,620 --> 00:02:11,260 is the commands that you can run on this tool. 31 00:02:12,080 --> 00:02:17,340 So the first thing that we want to do is we want to 'list' to see all the available payloads 32 00:02:18,460 --> 00:02:21,160 and as you can see, we have 41 different payloads 33 00:02:21,880 --> 00:02:25,680 and all of these payloads follow a certain naming pattern 34 00:02:26,120 --> 00:02:29,960 and you can see for example, let's take this example right here 35 00:02:29,960 --> 00:02:32,280 because that's the payload that I'm going to be using. 36 00:02:32,400 --> 00:02:35,600 You can see the payload is divided into three parts. 37 00:02:36,920 --> 00:02:43,320 The first part right here refers to the programming language that's the payload is going to be wrapped in. 38 00:02:43,660 --> 00:02:49,540 So we have the evil code and then the evil code is going to be wrapped into a certain programming language 39 00:02:49,540 --> 00:02:51,580 that the target computer understands. 40 00:02:52,100 --> 00:02:56,340 And right here you can see that this payload uses 'Go' programming language. 41 00:02:56,340 --> 00:02:58,180 We can see this one uses C. 42 00:02:58,400 --> 00:03:00,400 We can see these ones you see CS. 43 00:03:00,400 --> 00:03:01,460 We have Python. 44 00:03:01,460 --> 00:03:04,380 We have PowerShell and we have Ruby, if we scroll down. 45 00:03:06,440 --> 00:03:09,340 The second part of the payload is really important. 46 00:03:10,500 --> 00:03:17,560 This is the type of the payload, the type of the code that's going to be executed on the target computer. 47 00:03:19,240 --> 00:03:24,780 In this example, we're using 'Meterpreter', which is a payload designed by 'Metasploit'. 48 00:03:25,200 --> 00:03:29,760 'Metasploit' is a huge framework for hacking and it allows you to do a lot of things 49 00:03:29,760 --> 00:03:34,240 but in this lecture were focusing on creating a payload called 'Meterpreter' 50 00:03:34,240 --> 00:03:38,740 and what's really cool about 'Meterpreter' is it runs in the memory 51 00:03:38,740 --> 00:03:41,800 and it allow us to migrate between system processes, 52 00:03:41,800 --> 00:03:48,980 so we can have the payload or the backdoor running from a normal process like Explorer for example 53 00:03:49,360 --> 00:03:53,555 and this payload will allow us to gain full control over the target computer. 54 00:03:53,555 --> 00:03:57,900 So we'll be able to navigate through the file system, download, upload files, 55 00:03:57,900 --> 00:04:00,300 turn on the mic, turn on the webcam, 56 00:04:00,300 --> 00:04:04,160 even use that computer to hack other computers, install a key logger. 57 00:04:04,160 --> 00:04:06,640 You can literally do anything you can think of 58 00:04:06,780 --> 00:04:11,260 and all of this will be running from the memory, from a normal process on the system. 59 00:04:11,400 --> 00:04:14,820 So it's very hard to detect and it doesn't leave a lot of footprints. 60 00:04:15,760 --> 00:04:19,440 That's why it's a really, really cool payload and we'll be using it a lot. 61 00:04:21,120 --> 00:04:25,840 The third part of the name is the method that's going to be used to establish the connection. 62 00:04:26,380 --> 00:04:30,200 So in here you can see that this is called Rev HTTPS. 63 00:04:31,060 --> 00:04:38,720 So rev stands for 'Reverse' and HTTPS is the protocol that's going to be used to establish the connection. 64 00:04:38,720 --> 00:04:44,300 So we can see that this payload will create a reverse HTTPS connection. 65 00:04:45,420 --> 00:04:50,440 You can see this one right here for example, it creates a reverse HTTP connection 66 00:04:50,920 --> 00:04:55,280 and we have this one in here that creates a reverse TCP connection. 67 00:04:56,500 --> 00:05:00,820 Now, what I mean by reverse is the connection is going to come 68 00:05:00,820 --> 00:05:04,140 from the target computer to my own computer. 69 00:05:04,480 --> 00:05:07,600 So I won't be connecting to the computer that I want to hack. 70 00:05:08,140 --> 00:05:11,720 What's gonna happen is once the person double click's the backdoor, 71 00:05:11,720 --> 00:05:15,500 the backdoor will connect back to me from the target computer. 72 00:05:17,020 --> 00:05:21,340 What's cool about this is, I'll be able to bypass antivirus programs 73 00:05:21,340 --> 00:05:26,540 because the connection is not going to the target computer, it's coming back to my computer. 74 00:05:26,760 --> 00:05:30,540 So it's literally, as if the target person is just connecting to a normal website. 75 00:05:30,920 --> 00:05:34,600 I'm going to use a port that websites use which is 80 or 8080. 76 00:05:34,600 --> 00:05:37,360 So again, if the person analyzes the connection, 77 00:05:37,360 --> 00:05:41,140 it'll look as if they're literally, just connecting to a normal website. 78 00:05:41,920 --> 00:05:48,140 Also, if the target computer is hidden behind a router or behind a network, again, this is gonna work 79 00:05:48,300 --> 00:05:52,320 because the connection is coming from the target computer to me, 80 00:05:52,320 --> 00:05:54,640 instead of me connecting to the target computer. 81 00:05:55,300 --> 00:05:58,360 So using a reverse connection is really, really handy 82 00:05:58,360 --> 00:06:03,300 and I think this is really the only practical way of gaining access to your computer 83 00:06:03,300 --> 00:06:07,820 because there is a lot of things that can stop you from connecting to a certain computer. 84 00:06:09,500 --> 00:06:11,680 Now, this is the general naming pattern. 85 00:06:12,000 --> 00:06:17,440 You'll see some payloads like this one right here, which doesn't follow that general naming pattern 86 00:06:17,760 --> 00:06:23,900 and basically what these payloads do for example, you can see this one is called 'shellcode inject'. 87 00:06:24,260 --> 00:06:29,620 So what it's going to do is, it's going to create a payload that injects your other payload. 88 00:06:30,100 --> 00:06:32,040 So it's going to create a normal payload 89 00:06:32,340 --> 00:06:35,840 and that normal payload injects a 'Meterpreter payload' for example. 90 00:06:36,380 --> 00:06:39,180 Now, it does this to try to bypass more security 91 00:06:39,400 --> 00:06:45,100 but usually, they won't bypass more things than the normal payloads would bypass. 92 00:06:45,320 --> 00:06:49,200 So that's why I usually just used one of the normal payloads in here. 93 00:06:50,680 --> 00:06:51,600 So this is it. 94 00:06:51,600 --> 00:06:53,980 This is all about the payloads. 95 00:06:54,380 --> 00:06:55,620 Sorry, I took a bit of time 96 00:06:55,620 --> 00:06:59,100 but I wanted to make sure that you guys understand the naming pattern. 97 00:06:59,300 --> 00:07:01,620 I wanted you to understand what a payload is 98 00:07:01,620 --> 00:07:05,060 and the difference between a 'reverse' and a 'bind' and a 'TCP' payload. 99 00:07:05,060 --> 00:07:09,020 This way you the rest of the course will become more clear to you 100 00:07:09,020 --> 00:07:12,460 and I can just use the payload that I want without explaining what it is. 101 00:07:13,220 --> 00:07:15,700 Now, in the next lecture, we're going to be generating a payload 102 00:07:15,980 --> 00:07:18,540 and we'll be testing it against antivirus programs. 10197