Would you like to inspect the original subtitles? These are the user uploaded subtitles that are being translated: 1 00:00:01,290 --> 00:00:09,820 We saw you in a previous lecture how we can create a fake app that includes a payload and how to send 2 00:00:09,820 --> 00:00:10,540 the victim. 3 00:00:10,560 --> 00:00:17,020 And once the victim is told this fake app to his Android device we're going to get. 4 00:00:17,010 --> 00:00:19,760 We will get full access to his device. 5 00:00:19,800 --> 00:00:27,780 Now the only problem with this technique that zap is doing nothing is useless. 6 00:00:27,870 --> 00:00:37,120 So if the victim received such an install it and it's not doing anything most probably he would remove 7 00:00:37,120 --> 00:00:43,130 it even if he's not suspecting that this is a malicious and so what we'll be doing in this picture. 8 00:00:43,150 --> 00:00:47,270 I'm going to show you how to bind a real app with a fake. 9 00:00:47,310 --> 00:00:54,690 Does that include the payload or actually how to include a payload inside it really at all. 10 00:00:54,700 --> 00:00:58,310 Step does that allow you to do that. 11 00:00:58,330 --> 00:01:06,560 I wrote them in a fine which include the lecture so you can download this file. 12 00:01:06,580 --> 00:01:09,110 That explains it step by step how to do it. 13 00:01:09,550 --> 00:01:17,530 Now in general you'll see that there is a different script that allows you to do that and you can use 14 00:01:17,620 --> 00:01:19,160 the scripts that I choose. 15 00:01:19,180 --> 00:01:24,750 Or you can search online for a script but you'll find many scripts that is doing that. 16 00:01:25,150 --> 00:01:28,910 So first what we need to do we need to get a real app. 17 00:01:29,350 --> 00:01:32,070 So to be able to do that you just can't Google it. 18 00:01:32,170 --> 00:01:36,720 Or if you are aware of any website from where you can download the real app you can do that as well. 19 00:01:37,060 --> 00:01:44,460 So I'm going to try to download Noach took a piquet or any games or anything. 20 00:01:44,620 --> 00:01:50,890 You'll find many website that allow you to download a free app. 21 00:01:50,890 --> 00:01:51,790 This is one of them. 22 00:01:51,790 --> 00:01:57,450 Those are regular app which you can really download like a computer to big websites that are free to 23 00:01:57,490 --> 00:01:57,940 download 24 00:02:01,330 --> 00:02:06,210 free a wiki and you can choose the one or search for any renegade. 25 00:02:06,310 --> 00:02:10,150 So this will be the app where we will include the 26 00:02:12,950 --> 00:02:17,080 we will include the militias. 27 00:02:17,540 --> 00:02:19,420 So I click on download. 28 00:02:20,000 --> 00:02:22,150 So it will include the payload inside. 29 00:02:22,490 --> 00:02:25,680 And this is happening when you click on. 30 00:02:26,930 --> 00:02:35,260 And once the app has been downloaded it would show inside's Downloads folder. 31 00:02:35,290 --> 00:02:44,080 Let's go to and that's to download and the app should be here. 32 00:02:44,290 --> 00:02:54,910 Nauts Yeah this is on now now I'm going to copy it and I need to create a folder I'm going to create 33 00:02:54,910 --> 00:03:12,200 a new folder and I'm going to name it anything like on city where I will add this site you. 34 00:03:12,720 --> 00:03:17,330 Now for simplicity because we will be using the command line for doing that. 35 00:03:17,330 --> 00:03:27,970 For simplicity it's better to rename it to an easier instead of having all this fun than you can Gibbs 36 00:03:27,980 --> 00:03:29,570 and him or you can rename it. 37 00:03:29,580 --> 00:03:30,660 It will not change anything. 38 00:03:30,660 --> 00:03:34,250 So I rename it and I'm going to name this app notes 39 00:03:37,450 --> 00:03:43,040 notes again and click on rename. 40 00:03:43,130 --> 00:03:51,860 Now go and put me on it because my terminal and let's go to the folders that we just created 1 2 3. 41 00:03:52,400 --> 00:03:58,790 And unless it's trick the app is it isn't 42 00:04:03,860 --> 00:04:05,390 so sorry. 43 00:04:05,780 --> 00:04:15,380 Then the next step would be to download the script that we would need to use for binding. 44 00:04:15,710 --> 00:04:18,080 The app has a payload. 45 00:04:18,170 --> 00:04:21,130 Now the script name is meet us below it. 46 00:04:21,150 --> 00:04:23,630 A key embed in the payload. 47 00:04:23,630 --> 00:04:33,640 So if you take set and search on Google for this specific script you just in these screen 48 00:04:40,420 --> 00:04:49,560 you can go. 49 00:04:49,960 --> 00:04:51,770 And let's paste it here. 50 00:04:53,710 --> 00:04:54,220 Beatty's 51 00:04:57,790 --> 00:05:06,280 and usually this specific script or most of those clip are located in a folder or in a Web site called 52 00:05:06,340 --> 00:05:07,610 getup. 53 00:05:07,690 --> 00:05:15,440 So get the hub is from where you can get many script that help you see a big library actually for doing 54 00:05:15,440 --> 00:05:16,640 different kinds of attack. 55 00:05:16,820 --> 00:05:28,590 So this is a script as you can see and you can go and download it it and once the script it's downloaded 56 00:05:28,830 --> 00:05:31,960 and it could be downloaded to the same location. 57 00:05:32,130 --> 00:05:35,160 So let's get back to downloads folder. 58 00:05:40,310 --> 00:05:45,640 Getting back to the downloads folder you go. 59 00:05:45,890 --> 00:05:54,310 And this is the script as you can see I'm going to also copy it and add it to my home folder inside 60 00:05:54,310 --> 00:05:58,680 so on to see where I would be paste. 61 00:05:58,740 --> 00:06:01,080 Excellent now. 62 00:06:01,280 --> 00:06:05,880 So getting to the command line that's trigs that's the file is that. 63 00:06:06,470 --> 00:06:12,440 In general this is actually a compressed fine because it's like a zip file like Windows engine or to 64 00:06:12,440 --> 00:06:23,560 be able to uncompress any zip file you just use a common unzip and the filename will unzip and the file 65 00:06:23,560 --> 00:06:24,040 name. 66 00:06:24,070 --> 00:06:27,300 You don't need to read the full name Simitis plate. 67 00:06:27,490 --> 00:06:38,960 And here you go and it has been unzipped it leave my screen and the nets and as soon as you can see 68 00:06:38,960 --> 00:06:50,800 I have to find I have a folder now going back to going into the folders that you just created meta upload. 69 00:06:52,060 --> 00:06:58,690 And lest you find another folder under the name of V-2 going inside this folder because this is where 70 00:06:58,780 --> 00:07:03,260 the program that you can need to embed. 71 00:07:03,850 --> 00:07:13,350 Or I'm sorry to bind the payload inside the application so if you check an s. 72 00:07:13,660 --> 00:07:22,450 Yes this is a fine AP kindled in Bend the pillow and it uses a specific fine now to be able to do the 73 00:07:22,630 --> 00:07:24,090 binding feature. 74 00:07:24,100 --> 00:07:30,280 What I need to do is I need to move this note inside the same folder instead of using the copy command. 75 00:07:30,370 --> 00:07:36,950 And you know using a lot of syntax lets do that manually I'm sorry issues. 76 00:07:37,540 --> 00:07:40,470 Graphically so going here home. 77 00:07:40,510 --> 00:07:41,690 One two three. 78 00:07:41,950 --> 00:07:49,800 Let's take a copy from this one and two we're going to put it inside Simitis ploy 0 2. 79 00:07:50,100 --> 00:07:52,320 And let's end it here. 80 00:07:52,320 --> 00:07:55,560 So now I have a program and the findings are simple. 81 00:07:55,710 --> 00:08:01,230 It doesn't matter where the point is you should have a program and a file inside the simple. 82 00:08:01,230 --> 00:08:06,370 Now let's run the program now for any fine set up. 83 00:08:06,420 --> 00:08:07,600 RB That's mean. 84 00:08:07,630 --> 00:08:09,530 It's a ruby file Ruby is a language. 85 00:08:09,780 --> 00:08:17,650 So to be able to launch to run transit program you need to start by typing groupy and the file name 86 00:08:17,730 --> 00:08:21,310 Ruby and the file name is a B. 87 00:08:21,450 --> 00:08:31,890 And if you put it it continues then you put the aptonym notes took a picture then you typed minus B 88 00:08:31,920 --> 00:08:32,790 minus b. 89 00:08:32,830 --> 00:08:36,930 Man I need for inside this file to bind bedo. 90 00:08:37,410 --> 00:08:41,630 And you put the payload the payload that you'll be using could be Android. 91 00:08:42,290 --> 00:08:50,280 It's the same payload payloads that we used in the lecture where we created the fake payload Android 92 00:08:51,000 --> 00:08:55,530 slash Mr. rate. 93 00:08:57,170 --> 00:09:04,760 Slash really verse those core you see the 94 00:09:08,130 --> 00:09:13,240 oh Sodhi so. 95 00:09:13,710 --> 00:09:20,310 So let me clear the screen because the sims are accidentally free. 96 00:09:20,590 --> 00:09:24,660 And let me repeat the comment one more time blowby. 97 00:09:25,380 --> 00:09:35,080 And then a b that Zenza filename which is no it isn't that and then minus B mean. 98 00:09:35,100 --> 00:09:41,280 I need to bind a payload inside this fight and I need and I will use the payloads that I used in the 99 00:09:41,280 --> 00:09:42,920 previous scenario. 100 00:09:42,990 --> 00:09:45,910 Android meeter 101 00:09:50,330 --> 00:09:50,900 Retha 102 00:09:56,670 --> 00:09:57,870 reverse 103 00:10:00,080 --> 00:10:02,360 is on that score. 104 00:10:02,620 --> 00:10:07,230 The fool comment R-rating insides of files that will attach to the electorate so you don't need to memorize 105 00:10:07,230 --> 00:10:08,010 anything. 106 00:10:08,130 --> 00:10:11,460 TCAP then minus. 107 00:10:11,510 --> 00:10:15,040 And where in minus end do you need to put. 108 00:10:15,060 --> 00:10:16,980 I'm sorry Madison. 109 00:10:19,360 --> 00:10:20,610 And host 110 00:10:26,860 --> 00:10:27,610 and host. 111 00:10:27,620 --> 00:10:34,390 You need to type Z IP obstacle the Linux machine which in my case is 1 and 2 and 6 8 to 1 112 00:10:37,590 --> 00:10:42,810 on my keep doing this mystique I'm so sorry and I'm look is closed. 113 00:10:42,810 --> 00:10:49,740 So that's why whenever I click on any number to return to the previous column. 114 00:10:50,100 --> 00:10:58,960 Ruby Dee Dee Dee and Zen is a fine name notes. 115 00:10:59,190 --> 00:11:03,670 Ricky Martin is the android 116 00:11:10,680 --> 00:11:12,820 and me the 117 00:11:17,710 --> 00:11:19,550 early birds 118 00:11:22,240 --> 00:11:27,960 the birds C C D. 119 00:11:28,300 --> 00:11:37,970 Then we need to the IP so in holes in most school 120 00:11:41,990 --> 00:12:00,010 one mine to look at 1 6 8 1 8 1 0 3 and in poor 1 4 4 1 2 3 years. 121 00:12:00,050 --> 00:12:07,650 Now feel free to choose any party controls for 4:4 you can choose for 4C or for whatever you want you 122 00:12:07,650 --> 00:12:12,970 can use because this port will be open on your colonics machine to accept the connection. 123 00:12:13,210 --> 00:12:17,310 So this is IP of my machine and this is the part of my machine as well. 124 00:12:17,470 --> 00:12:18,960 And then you click on enter. 125 00:12:19,600 --> 00:12:24,850 And as you can see he would bind those two files. 126 00:12:25,140 --> 00:12:30,760 This may take a few minutes so let me like pose the video until everything is set and then I'm going 127 00:12:30,760 --> 00:12:39,130 to show you that the application has been binded with a payload. 128 00:12:39,530 --> 00:12:40,550 I received an error. 129 00:12:40,550 --> 00:12:43,130 It seems that the payloads that I choose was not right. 130 00:12:43,130 --> 00:12:48,770 So you know it's better to take it from here. 131 00:12:51,890 --> 00:12:55,390 Let me repeat it one more time. 132 00:12:55,580 --> 00:12:59,380 So it seems that the panel itself it's it's not right. 133 00:12:59,700 --> 00:13:01,650 Yeah that's it. 134 00:13:02,060 --> 00:13:08,410 Because I choose I forget to put slash Android at the printer and let's do it again. 135 00:13:09,410 --> 00:13:11,050 And let's pause one more time. 136 00:13:14,390 --> 00:13:18,330 As you can see has been created with a different name. 137 00:13:18,410 --> 00:13:24,820 It snowed under is called embedded a key and it should be on the same location. 138 00:13:24,980 --> 00:13:28,230 So let me just use it. 139 00:13:28,820 --> 00:13:36,920 And here is a new app and if I take this app and copy it to the Android device and run it you can see 140 00:13:36,920 --> 00:13:40,150 that it's a regular app but it has a payload inside. 141 00:13:40,400 --> 00:13:41,920 So let me copy it here. 142 00:13:43,180 --> 00:13:50,830 If you don't know how to drag and drop files between Linux and Windows I already explained that in the 143 00:13:50,830 --> 00:13:51,920 previous picture. 144 00:13:52,330 --> 00:13:56,460 So let me just open this. 145 00:13:57,580 --> 00:14:00,640 Android device and B. 146 00:14:01,240 --> 00:14:05,280 And this is the file. 147 00:14:05,800 --> 00:14:06,830 I mean to put it here. 148 00:14:11,840 --> 00:14:15,330 And it says Moby's in. 149 00:14:15,350 --> 00:14:17,260 So let's see. 150 00:14:21,260 --> 00:14:24,880 Who this is. 151 00:14:25,190 --> 00:14:31,550 And it's not bad but notice that when I try to install this application on my device it's asking me 152 00:14:31,550 --> 00:14:36,320 to get permission to get access to my file my documents my pictures everything. 153 00:14:36,350 --> 00:14:39,090 And this is not minute by minute to install the regular run. 154 00:14:39,110 --> 00:14:44,000 He will not request for all those permission. 155 00:14:44,030 --> 00:14:51,370 So by doing that once you install it it will X's your next machine but do not forget to run the handler 156 00:14:51,800 --> 00:14:53,480 as we did on the previous take. 14435