1
00:00:02,350 --> 00:00:06,910
Write another we managed to get a remote child from our talented computer.

2
00:00:06,910 --> 00:00:12,420
Let's see if we can do the same and use the same exploit with medium security.

3
00:00:12,460 --> 00:00:18,620
So I'm going to cancel this and I'm going to go to the security level.

4
00:00:21,110 --> 00:00:31,510
And I'm going to said that to me you know my dad and we're going to go back to our file inclusion vulnerability.

5
00:00:31,890 --> 00:00:37,200
I'm going to listen on the same port exactly like we did in the last video.

6
00:00:37,260 --> 00:00:41,520
I'm going to use the exact same way to get by for sure.

7
00:00:41,520 --> 00:00:50,350
So we're just going to put the DXi file that contains the code for the first connection.

8
00:00:50,440 --> 00:00:53,470
So that's our file and we run it.

9
00:00:53,470 --> 00:00:55,660
And as you can see we get nothing here.

10
00:00:55,690 --> 00:00:57,800
And we get an error message.

11
00:00:57,820 --> 00:01:04,780
So what's happening here is it could be that the exploit is patched or maybe they're used in some sort

12
00:01:05,080 --> 00:01:08,850
of filtering.

13
00:01:09,020 --> 00:01:12,050
You can try and play around with it.

14
00:01:12,050 --> 00:01:16,760
Now obviously they can't really filter based on your name because you know you can have any name in

15
00:01:16,760 --> 00:01:17,340
here.

16
00:01:17,420 --> 00:01:22,790
They can't really filter on that because again you can have dots and file names like the files that

17
00:01:22,790 --> 00:01:31,840
they had originally is the original file is called include those BHB So again they can't really have

18
00:01:32,520 --> 00:01:34,100
a filter on the dots.

19
00:01:34,240 --> 00:01:40,090
So the things that would should raise flags for you is the forward slash which is highly unlikely because

20
00:01:40,090 --> 00:01:43,030
again for stashes are used a lot.

21
00:01:43,610 --> 00:01:50,040
TTP because usually you wouldn't have TTP your out after the first HDTV.

22
00:01:50,230 --> 00:01:51,310
So I'm going to use it.

23
00:01:51,310 --> 00:01:57,390
I'm just going to try and put in a set of normal things I'm going to put capital-T is so instead of

24
00:01:57,390 --> 00:02:00,480
page small these malty I have TTP.

25
00:02:00,610 --> 00:02:03,800
But the truth is there are capital.

26
00:02:04,090 --> 00:02:09,240
And if I hit Enter now you'll see that I got my connection right here.

27
00:02:09,470 --> 00:02:14,230
And again I have full access to the server where I can do whatever I want.

28
00:02:16,930 --> 00:02:22,430
Now obviously this is happening because the way that they're secure and this is not right and we'll

29
00:02:22,660 --> 00:02:25,840
talk about security in any future lecture.

30
00:02:26,020 --> 00:02:28,170
So I just want to show you the code now though.

31
00:02:28,270 --> 00:02:30,760
Just a quick look I usually don't show the code.

32
00:02:30,930 --> 00:02:37,000
And as you can see here they are actually looking for hey she TPSAC CPS and they're replacing that with

33
00:02:37,000 --> 00:02:37,700
nothing.

34
00:02:38,050 --> 00:02:42,110
So that's why when we use capital-T is we were able to bypass this filter.

35
00:02:42,190 --> 00:02:47,530
So always using filters is never a good idea because filters can always be pyper bypass.