1
00:00:00,270 --> 00:00:02,280
Hello everybody and welcome back.

2
00:00:02,280 --> 00:00:08,070
And right now let us start off first by coding a server connection with this socket library.

3
00:00:08,070 --> 00:00:12,890
Now before we actually begin let me just tell you a few things.

4
00:00:13,020 --> 00:00:16,250
Basically things will break from time to time.

5
00:00:16,260 --> 00:00:24,500
So don't let that upset you or discourage you from actually finishing this code at the end.

6
00:00:24,510 --> 00:00:30,900
It should all work properly but if you have some problems make sure to check out on the Internet basically

7
00:00:30,900 --> 00:00:36,450
some of the functions may be outdated on your python version or something like that and they may have

8
00:00:36,510 --> 00:00:40,260
a new name or a different name or something like that.

9
00:00:40,340 --> 00:00:50,270
Basically I will code right here in python 2 so but I will also sometimes use the the syntax for Python

10
00:00:50,270 --> 00:00:57,980
3 so that you actually can use this on both pythons but most likely some of the tools right here will

11
00:00:57,980 --> 00:01:00,470
be from Python 2 or basically libraries.

12
00:01:00,500 --> 00:01:04,700
So right now let us get started with our server coding.

13
00:01:04,760 --> 00:01:11,960
So what we want to do is as I said in the previous video we want to create our connection with the socket

14
00:01:12,050 --> 00:01:12,800
library.

15
00:01:12,800 --> 00:01:14,180
So let us do that.

16
00:01:14,240 --> 00:01:20,750
So first of all let us make a directory for reversal.

17
00:01:20,810 --> 00:01:28,820
So let's call it reverse and we have our directory out here so we don't mix these Python basic basic

18
00:01:28,820 --> 00:01:33,830
programs with our reverse shell so let's change our directory to the reverse shell.

19
00:01:33,830 --> 00:01:35,470
Now lets now know our server.

20
00:01:35,480 --> 00:01:43,940
So we will start off with coding the server so server not be why we should start off as a as in every

21
00:01:43,940 --> 00:01:47,440
previous video we the path to the actual python.

22
00:01:47,450 --> 00:01:53,920
So hash tag I mark and then slash user share item.

23
00:01:54,110 --> 00:01:57,920
This is something that you need to have included in all of your python codes.

24
00:01:57,920 --> 00:02:03,020
And after that we want to import the library that we will use which is called socket library.

25
00:02:03,020 --> 00:02:12,510
So import socket right now what we will do is we will basically create a simple connection with our

26
00:02:12,570 --> 00:02:13,040
server.

27
00:02:13,050 --> 00:02:14,480
So let us do that.

28
00:02:14,520 --> 00:02:22,650
We will use first of all what we have to do is basically we have to declare our socket so our socket

29
00:02:22,650 --> 00:02:26,520
will be IP before and it will run over DCP.

30
00:02:26,520 --> 00:02:30,350
Now the function that specifies that is specified like this.

31
00:02:30,350 --> 00:02:41,430
So we will type here as equals socket not socket and then open parentheses loops parenthesis socket

32
00:02:41,490 --> 00:02:46,090
dot a f underscore iiNet which basically stands for IP before address.

33
00:02:46,110 --> 00:02:53,760
So we want to make a server that police are on on IP address and then comma socket dot SOC on the score

34
00:02:53,760 --> 00:03:00,440
stream which specifies that we want to have a DCP connection between our server and our client.

35
00:03:00,570 --> 00:03:08,020
So this is the beginning code of actually defining the socket itself the socket descriptor which which

36
00:03:08,020 --> 00:03:11,830
will be written into the memory and actually accepting the connections after that.

37
00:03:11,830 --> 00:03:14,720
So this is how you do that in Python.

38
00:03:14,740 --> 00:03:16,740
It is very similar in other programs as well.

39
00:03:16,740 --> 00:03:23,130
So this f underscore iiNet and soc underscore stream is something that you probably saw if you coded

40
00:03:23,140 --> 00:03:28,150
some DCP servers in other programming languages as well.

41
00:03:29,500 --> 00:03:35,620
So after we do that what we want to do is we want to set some of set some of the options for our socket.

42
00:03:35,620 --> 00:03:41,480
So just follow up with me with the DOT set sock hop.

43
00:03:41,530 --> 00:03:48,550
I believe that is I will specify this function and involvement type a socket that S O L on the socket

44
00:03:48,790 --> 00:03:56,010
comma socket that has 0 for use HDD R comma 1.

45
00:03:56,680 --> 00:04:00,260
So this is just some of the basic Socket options.

46
00:04:00,370 --> 00:04:08,650
This socket that s o underscore reuse ADR basically allows the process to connect to a port our local

47
00:04:08,650 --> 00:04:12,540
hosting port even while it is in time.

48
00:04:12,550 --> 00:04:16,240
Wait so it will make more sense later.

49
00:04:16,660 --> 00:04:24,430
But let's see our picture and what we have to run next in over in order to create our server.

50
00:04:24,430 --> 00:04:28,540
So we set up our socket with this command right here.

51
00:04:28,540 --> 00:04:32,290
We set up some of the options so we specified our socket.

52
00:04:32,290 --> 00:04:38,500
Now what we have to do is actually bind the socket itself with or basically bind the port that we will

53
00:04:38,500 --> 00:04:41,700
listen on and also bind the IP address.

54
00:04:41,740 --> 00:04:46,700
So we have to specify the IP address that we want to listen on.

55
00:04:46,800 --> 00:04:52,530
Now in the process of actually creating this we want to specify a local host IP address which is basically

56
00:04:52,530 --> 00:04:59,130
same for everyone which is 1 27 0 0 0 that one since we want to be able to run both client and both

57
00:04:59,130 --> 00:05:01,700
server from our calendar next machine.

58
00:05:01,740 --> 00:05:08,220
Once we actually notice that everything is running smooth and good and this program doesn't break then

59
00:05:08,220 --> 00:05:13,770
we can switch the IP address to our local IP address or port forwarded or basically.

60
00:05:14,760 --> 00:05:21,570
Yeah basically a local IP address or of the an IP address if we run the attack over the Internet.

61
00:05:21,570 --> 00:05:26,400
But if you're on the attack on local host you want to have your local IP address in the US that bind

62
00:05:26,480 --> 00:05:31,470
the function that we will write right now and you can specify any port you want as long as it isn't

63
00:05:31,470 --> 00:05:37,220
used currently by the system so don't specify a port like 80 or 22 or something like that.

64
00:05:37,230 --> 00:05:43,980
If you have a search open specify some random high port so let us write the function which is bind so

65
00:05:44,070 --> 00:05:45,420
as not bind.

66
00:05:45,420 --> 00:05:50,830
Now make sure that whatever you call your socket right here which in my case I only called S.

67
00:05:50,910 --> 00:05:57,960
Make sure to type it as well in other functions so for example if I call this SOC I would have to write

68
00:05:58,830 --> 00:06:01,890
here as well SOC that bind and soc.

69
00:06:01,890 --> 00:06:06,950
That said stock options so make sure to follow up with that.

70
00:06:06,960 --> 00:06:12,390
So don't actually name something different and then use a different name later on you have to use the

71
00:06:12,390 --> 00:06:15,210
same socket name for the entire program.

72
00:06:15,240 --> 00:06:18,820
So let us bind our port and our host.

73
00:06:18,840 --> 00:06:25,680
We do that with open double parentheses so open two parentheses then type here your local host IP address

74
00:06:25,710 --> 00:06:34,020
which is why not in 127 0 0 that 1 Clause the apostrophe and we can see this is actually a string so

75
00:06:34,410 --> 00:06:36,330
it is under 2 double quotes.

76
00:06:36,390 --> 00:06:42,900
And right now we want to specify a comma and after the comma we specify the port that we want to listen

77
00:06:42,900 --> 00:06:48,900
on which in my case I want to specify five four three two one doesn't even matter as long as the port

78
00:06:49,020 --> 00:06:52,050
isn't used by anything so close double parentheses.

79
00:06:52,050 --> 00:06:59,220
And right now we were successfully specified our IP address which is our local host IP address and our

80
00:06:59,220 --> 00:07:01,080
port that we will listen on.

81
00:07:01,080 --> 00:07:05,910
As I said before this is something that you will change after we finish the entire program so you can

82
00:07:05,910 --> 00:07:11,630
use it on any other machine right now as we can see right here.

83
00:07:11,640 --> 00:07:17,490
The next thing we want to specify is the listening we want to listen for the incoming connections so

84
00:07:18,180 --> 00:07:20,570
you can do that with as not listen.

85
00:07:21,120 --> 00:07:24,520
And let's specify one in the parentheses.

86
00:07:24,540 --> 00:07:29,580
Basically it means it will listen for 1 collections if you specify 2 it will listen for 2 connections

87
00:07:29,660 --> 00:07:37,410
let's specify 5 connections so it licenses for 5 connections after we do that let us actually accept

88
00:07:37,410 --> 00:07:38,950
the connection itself.

89
00:07:39,090 --> 00:07:44,850
And if you see right here the accept e doesn't show what it has to take but basically what it has to

90
00:07:44,850 --> 00:07:49,410
take is the target and the IP address the target is a sock.

91
00:07:49,410 --> 00:07:54,840
Basically the file descriptor that it will store in memory in the IP is the IP address of the target

92
00:07:54,840 --> 00:07:55,360
machine.

93
00:07:55,710 --> 00:07:57,900
So let us name it something like this.

94
00:07:57,930 --> 00:07:59,220
So Target

95
00:08:01,830 --> 00:08:08,600
comma IP equals as Dot accepts and you open and close the parentheses.

96
00:08:08,610 --> 00:08:13,470
Now in the accept function you do not have to specify anything in the parentheses.

97
00:08:13,500 --> 00:08:20,610
You can basically just specify the parentheses opened and closed which means it on the use function

98
00:08:20,610 --> 00:08:22,860
without the actual input in that function.

99
00:08:23,520 --> 00:08:29,910
So with this we get the file socket socket descriptor for our target and it stores it and we also get

100
00:08:29,910 --> 00:08:36,480
the IP address of our target which we will use in order to actually print out from which IP address

101
00:08:36,510 --> 00:08:38,390
we received the connection.

102
00:08:38,490 --> 00:08:45,870
Right now we can save this program as this is this most simple use of server after we accept the connection

103
00:08:46,260 --> 00:09:00,100
we can print just so we can see that it does work so print for example target or targets connected.

104
00:09:00,420 --> 00:09:01,470
Exclamation mark.

105
00:09:01,470 --> 00:09:09,240
We put that in the in the double quotes and we can then close the connection so as not close.

106
00:09:09,700 --> 00:09:12,250
And this is our server finished.

107
00:09:12,390 --> 00:09:18,750
So let's actually try to see if we can receive a connection with this program.

108
00:09:18,780 --> 00:09:19,630
It might break.

109
00:09:19,740 --> 00:09:23,070
I didn't double check this before I already encoded before.

110
00:09:23,070 --> 00:09:28,500
So we will fix anything that actually breaks in our coding process.

111
00:09:28,500 --> 00:09:34,130
So one thing I want to specify right here is when it starts to listen I want to print

112
00:09:36,460 --> 00:09:46,980
listening listening for incoming connections so we want to print once it listens and then we will try

113
00:09:46,980 --> 00:09:52,470
to connect with our other terminal and if it connects successfully it will print Target connected and

114
00:09:52,470 --> 00:09:54,140
then it will close the connection.

115
00:09:54,150 --> 00:10:02,480
So let us save this so control low and through and then control X and then we want to see more of this

116
00:10:02,490 --> 00:10:07,520
so it can actually be an executable and we want to run this.

117
00:10:07,680 --> 00:10:08,840
Permission denied.

118
00:10:10,560 --> 00:10:13,130
Why is the permission denied.

119
00:10:15,740 --> 00:10:20,690
Bad interpreters so let's see your share python.

120
00:10:24,220 --> 00:10:28,880
Okay well let me just see what our other programs so cat.

121
00:10:29,090 --> 00:10:31,130
Python 3.

122
00:10:31,130 --> 00:10:31,510
User.

123
00:10:31,520 --> 00:10:32,300
Oh yeah.

124
00:10:32,300 --> 00:10:33,610
It's user bin python.

125
00:10:33,620 --> 00:10:35,090
It's not user share python.

126
00:10:35,090 --> 00:10:35,860
Pardon me.

127
00:10:35,870 --> 00:10:40,910
So we need to specify what was the directory in reverse.

128
00:10:40,910 --> 00:10:47,480
We want to specify actually user bin python it's not user share so change it is not really sure why

129
00:10:47,570 --> 00:10:49,100
I typed user share.

130
00:10:49,100 --> 00:10:55,100
Probably because I was talking about this point and then that site is located in user share so just

131
00:10:55,100 --> 00:10:57,560
change this to user slash pain slash python.

132
00:10:57,830 --> 00:11:05,270
Save this exit and now see page mode it will did each month so we can actually run the server right

133
00:11:05,270 --> 00:11:13,530
now as we can see it just prints out right here listening for incoming connections so we know it performed

134
00:11:13,590 --> 00:11:19,740
all of those functions correctly and now it is listening for an incoming connection now we can specify

135
00:11:19,770 --> 00:11:26,820
an incoming connection with a different terminal so let's open up a new window let's actually enlarge

136
00:11:26,820 --> 00:11:34,560
this a little bit so something like this and right now let's try to not get on our local coast I'm not

137
00:11:34,560 --> 00:11:44,130
really sure that's impossible it should be so and see what is the five four three two one and here we

138
00:11:44,130 --> 00:11:50,490
can see that we successfully connected to our program as it as we can see it said targets connected

139
00:11:51,180 --> 00:11:57,000
so we successfully connected to it and it close the connection so our server works it can accept the

140
00:11:57,000 --> 00:12:03,000
connection and it will print out target connected once someone connects to our server so good now that

141
00:12:03,000 --> 00:12:10,020
works so that is the most simple coding of the server we will fix that code a little bit that something

142
00:12:10,020 --> 00:12:15,410
here and there and then we will continue with our client afterwards.

143
00:12:15,540 --> 00:12:22,050
Now in the next section we will or not the section in the next video we will actually code the simple

144
00:12:22,050 --> 00:12:28,260
version of our reverse shell of our client or basically our payload that we will deliver which will

145
00:12:28,260 --> 00:12:33,720
successfully connect to our server that be wise we can run to python programs and see if they interact

146
00:12:33,720 --> 00:12:35,420
well with each other.

147
00:12:35,760 --> 00:12:40,740
So that would be about it for this story so I hope I see in the next one and take care my.