Remotely Control PCs with Reverse Shells!? Easy hacker tool

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

so you want to be able to remove control any computers the what we need to learn today is about reverse shells it is a super cool way for us to be able to enter some commands over into computer and next thing you know you're able to remotely control that computer so as you can see here we have a Target computer that we are going after so it could be a laptop or it could also be a desktop that you're targeting next thing we need is a hacker who is going to be able to Target a computer by entering some piece of code onto the computer after which that gives them full control of the entire PC and be going over into a site as well as a tool that allow us to easily create and generate those type of shells and code after which giving us remote control of those computers the first thing we need to learn is exactly what are shells so if you go over into Windows computer you go to bottom left you enter CMD this is command promp you go ahead and hit enter on that it has a popup and this popup is the one that we are going after this is the one that allow us the ability to interact with the computer through a command line so in this case if I enter say di it lists down all those different folders files within the current working directory I can also enter things like say CIS info or System Info be able to get all this different processor information and information about the computer and if you're on Linux or col Linux you can go to the top left corner click on the terminal and you can see right here we have the terminal open up and I can say and thir things like PWD to print working directory and so on so far so we are interacting with the computer through a command line and yes it makes it look really cool like a hacker now the problem is that if you are a hacker on the right side and what you do is that you scan against the target device you are going to get block out by the firewall so what we need to do then is to create a malicious software that is then sent over into the computer say through email social media messages and so on and so forth or sometime depending on what type of computer it is and the user clicks onto the link and that detonates the execution this gives us remote control of that PC now the good news is that this is really easy to create now now the first thing you can do is go over into your favorite browser so in this case I can go over into say five Fox I run fir Fox right now and I go through this website called RAF shell.com so go ahead and enter that ra shell.com so this is is an online reverse shell generator that we can easily use to help us generate those code as well as the listener in order for us to remote control this PCS the first thing you want to do is to be able to change the team from light to dark I've already changed it over into dark so that you look like a hacker one you want to be able to set the IP and Port so in this case the IP address is going to be your call Linux IP address as well as the port number you be hosting the listener number two is the listener instruction so in this case we have several options and we will give you the code that gives you the instruction to set up the listener of your tie number three as you can see right at the bottom half we have reverse buy MSA Venom hook shell so all these are different type of shells that you can set up and of course depending on the type of operating system that you want to Target such a neat solution so now in this case what I do is open up terminal and I'll enter the following of ipaddr to get my IP address so in this case my IP address is as follow of 1821 16801 17 so this is the col Linux IP address so we have already set the IP address as well as the target por number the next thing we can see here is the type so we have several types that we can use as part of setting up the listener so in this case we have msf console which is going to be using Metasploit or meterpreter or any other potentially type of payloads or different type of listeners that you would have set so in this case that depends on what you set on the bottom number three so in this case I can say NC for netcat so this is something easier in terms of instructions right so that is something we can set forth the next step is to look at the OS so in this case we have operating system I'll select onto windows so we're targeting a Windows computer or Windows device and we can send a payload over to the user the user click execute onto the file that's it it's game over we gain control of the operating system so in this case we have several options right here and the one that I more specifically want to Target is going to be those on the Powershell the reason why is because Powershell is going to be available for any of these Windows computer and we can use it and we send it over to the user they run this Powershell script that gives this control over into the PC so all we can do right now is copy the following script and we can go ahead and open up terminal and I can say set all right and I create a file maybe I can call this touch a Powershell reverse. PS1 with the extension of PS1 which stands for Powershell script extension so that the computer can load it with that I can go ahead and say enter mouse pad all right Powershell reverse. PS1 oops let me go ahead and enter the one of the extension or right don't save and then follow by PS1 hit enter on that paste the following information here save it close it done all we got to do right now is go ahead and send this file over copy the file say Powershell reverse. PS1 over into say VAR HTML SL enter on that cannot create regular file permission deny let's enter super user do enter the password for super user hit enter on that done what we can do now is go ahead and host our server so that the user when they click onto the link they will download the file all right so go ahead and enter Pudo system CTL start a2. service you enter on that all right enter the following of status let's see whether we have the web server running so we do it's active and running right here so what we want to do now is go back over into ref shell.com copy The Listener instructions copy on that go over a terminal paste it over here hit enter on that so our listener is started and waiting right now now go over into the target Windows computer and in this case you go and open a browser targeted into call Linux IP address as well as the file name that going after and once you hit enter on that it will ask you to save the file so in this case I'm going to save it over into desktop click save on that done so click over into the desk top and we have the Powershell reverse. PS1 right click run with Powershell click open and boom if I head back over into col Linux you can see right here we now have connection I can enter dir I can enter PWD pre workking the rec three I can enter who are you okay just kidding D is in such a command so yes we're in it's game over we can also try other interesting type of payloads as well as listeners so in this case let's go ahead and head over to Ms Venom so in this situation I'm going to use the following of Windows Mater staged it reverse t BCP I'll go and copy the folling over here open up a terminal and I can paste it right here hit enter on that so this will set up a reverse. ex that we can send over into the user so now that we have the file all I got to do is enter pseudo all right Follow by reverse Follow by copy reverse. exe over to VAR HTML hit enter on that all right so this will help us copy the file into our website and on the top right corner what I'll do is set the listener in this case let's go ahead and select onto msf console let's go and copy the instructions right here copy that and what I can do now is open up tumnal all right paste it hit enter on that so this was startup our listener using mploy and once the user double click on the reverse. exe that's it it's game over so I'm heading back over into the Windows computer and you can see right here with 19216801 17 reverse. exe so let's go ahead and execute on that so once you hit enter on this it will ask you to download let's go ahead and click save fall and we can have the fall over here now and you can see that this is the fall reverse 2.exe so I've downloaded several of them earlier double clicked on that all right click more info click run anyways once you H back over in colics you can see right here we have the mat session and that's it we are in I can enter help I can see all this different type of instructions I can enter shell so this gives a shell over into the computer I can enter the to see all those different folders files within the current working directory so we are in we have full complete control of the Entire Computer next up we have a website running and what we're going to do now is to Target some vulnerabilities within the site say in this case we have a SQL injection vulnerability so where we can Target and input different type of SQL injection and not only that SQL injection and SQL commands could potentially allow us to place our code over into the site and then after which we can execute in the code giving us control of the web server so the first payload we have here is a SQL injection vulnerability and what we do is we Union select over into another part through the SQL database and in this case we can load file of at C possibility to see us what can we get using the SQL database system so now heading over to the website we have to payload search for a movie I click on search and it can see the result right here we're able to get all this information regarding the uses in the operating system the next payload we have here is to take advantage of the SQL injection one more time and here we have the code which will then be output over into Tam Loy shell. PHP which will then Target for execution so in this case this code over here will use the ncat targeting the IP address colon followed by the port and bean bash of already executable so once you ready go ahead and click on search on this and you can see right here error file F law sh. PHP already exists so I have already executed this before and that file now exists within the temp directory now we have another payload over here is targeting a different part of the S and this is called the remote file inclusion attack so this allow us to Target a different part of the S which then gets executed on our behalf giving us the reverse shell as you can see here I have already created my reverse shell using net cat and we are listening so you can see right here I entered the following URL which is the target law shell. PHP so once we execute on this this was give us the remote connection over into the website so in three two 1 hit enter on that and I hit back over in terminal you can see right here connect to enter PR working directory enter LS we're in it's game over we have full remote control of the entire website right now the final tool I want to teach you is called the hack tools this will also provide us different type of reverse shelf instructions part of hacking and once you have downloaded that you go to the top right corner you can click onto your extensions click onto hack tools this would open up the extension as you can see right here we have reverse shell we have PHP and all this different type of instructions that you can easily copy and paste from to be able to run your code against a Target computer so this is it you have learned something useful you have learned something valuable as part of cyber security career and I hope you use it for good with great power comes great responsibility

Info

Channel: Loi Liang Yang

Views: 34,608

Rating: undefined out of 5

Keywords: hacker, hacking, cracker, cracking, kali linux, kali, metasploit, ethical hacking, ethical hacker, penetration testing, penetration tester, owasp

Id: 8rcMhYNtDPg

Channel Id: undefined

Length: 9min 56sec (596 seconds)

Published: Sat Mar 09 2024