1
00:00:00,280 --> 00:00:05,790
And Lou everybody when it comes to my advanced ethical hacking networking penetration texting cause

2
00:00:15,400 --> 00:00:16,960
this video will cover.

3
00:00:17,440 --> 00:00:19,400
If I attack.

4
00:00:19,480 --> 00:00:21,480
We are going to introduce you.

5
00:00:21,520 --> 00:00:21,870
What.

6
00:00:22,120 --> 00:00:25,450
What's all about this attack and how it works.

7
00:00:25,510 --> 00:00:34,090
Attacking our if I will know what applications and the countermeasure we should be taken so that we

8
00:00:34,090 --> 00:00:37,490
mitigate this kind of attack.

9
00:00:38,860 --> 00:00:39,390
Yes.

10
00:00:39,730 --> 00:00:46,920
So what is it exactly MFA is having no ability phone and Web sites that are attackers to include that

11
00:00:46,930 --> 00:00:50,200
we would file on the web server.

12
00:00:50,200 --> 00:00:56,650
This may lead to some remote code as a cushion and fulfill a compromise of that system.

13
00:00:58,010 --> 00:01:06,680
In this attack again little girl or the adversary can try to include some files so that it gets the

14
00:01:06,770 --> 00:01:17,760
access otherwise it access to a particular Web site target or some stuff that here we provided some

15
00:01:17,760 --> 00:01:18,540
definition.

16
00:01:18,570 --> 00:01:24,480
And then in this image so it's it's the design of how it is at that point.

17
00:01:24,580 --> 00:01:27,840
But first thing first they include a function in peace.

18
00:01:27,920 --> 00:01:36,530
I lose content from locale or fires to be executed in any script at one time if it's to be from real

19
00:01:36,530 --> 00:01:37,250
code.

20
00:01:37,260 --> 00:01:38,380
No it's not.

21
00:01:38,430 --> 00:01:42,380
It will not be about out of the road.

22
00:01:42,490 --> 00:01:51,580
And if I recall five inclusion are lots of web platforms are vulnerable to this kind of attack.

23
00:01:51,930 --> 00:02:01,260
But the big platform was much much compromised to this particular attack.

24
00:02:01,260 --> 00:02:13,570
Let's say just in just a few quick view what do we have to be a really good notable or reliable.

25
00:02:14,040 --> 00:02:17,170
Well they were not all.

26
00:02:17,520 --> 00:02:20,640
And then here is the index.

27
00:02:20,640 --> 00:02:21,590
Fine.

28
00:02:21,730 --> 00:02:25,460
And along and BHP is created equal.

29
00:02:25,470 --> 00:02:30,530
It's a newly instated contact with BHP.

30
00:02:31,060 --> 00:02:36,520
So here mostly they can get Ackroyd here.

31
00:02:36,530 --> 00:02:42,670
And despite we going to explain how it goes unsorted minimize it it's minimize it.

32
00:02:42,720 --> 00:02:43,440
OK.

33
00:02:43,530 --> 00:02:44,460
As we said earlier.

34
00:02:44,730 --> 00:02:52,140
So isn't it targeting vulnerabilities in application that dynamically France's external script.

35
00:02:52,350 --> 00:02:53,130
All right.

36
00:02:53,130 --> 00:02:55,320
How did this attack work.

37
00:02:55,320 --> 00:03:02,820
First thing for us to use is a search engine to identify a website with a vulnerable component.

38
00:03:02,830 --> 00:03:04,550
How this can happen.

39
00:03:04,920 --> 00:03:05,690
Okay.

40
00:03:06,170 --> 00:03:10,230
And I can use Google search engine or stop page or don't dog.

41
00:03:10,860 --> 00:03:12,230
Some something like that.

42
00:03:12,300 --> 00:03:19,270
So the reader to mine that he identified your Web site would renewable component he looks for it okay.

43
00:03:19,330 --> 00:03:26,890
The attacker use a scanner to do it to do identify a website with a vulnerable component as we have

44
00:03:27,000 --> 00:03:34,080
explained earlier said so that's why we we use privacy proficient on scanning because we have the options

45
00:03:34,260 --> 00:03:36,060
of lives Gunny.

46
00:03:36,360 --> 00:03:41,160
So when you click the left coming in on purpose in the brochure professional.

47
00:03:41,490 --> 00:03:49,020
So there you can just copy it went blank and posted that and then tried to penetrate it so that you

48
00:03:49,070 --> 00:03:53,200
didn't if exist some vulnerabilities inside of it.

49
00:03:53,200 --> 00:03:53,640
All right.

50
00:03:53,970 --> 00:04:00,000
It's not gonna do to scan website that you don't own.

51
00:04:00,000 --> 00:04:04,920
Guys always penetrate to what you are only.

52
00:04:04,950 --> 00:04:08,510
All right so here the Expo.

53
00:04:08,520 --> 00:04:10,070
Do we want finance.

54
00:04:10,160 --> 00:04:13,440
Do we modify inclusion of vulnerability to put it back.

55
00:04:13,490 --> 00:04:15,450
Share.

56
00:04:16,130 --> 00:04:18,480
In this part D.

57
00:04:18,480 --> 00:04:26,440
This site is compromise and my motto is style pages defaced or deleted here.

58
00:04:26,580 --> 00:04:33,130
Anyone can go to that website and then since that website has indeed a model which is.

59
00:04:33,270 --> 00:04:41,910
So every user that went to the website is renewable because it depends on the attack on detail of the

60
00:04:41,970 --> 00:04:44,970
attacker what what he wants to get.

61
00:04:44,990 --> 00:04:50,100
So but since that model is installed in that website.

62
00:04:50,130 --> 00:04:52,840
So this is only critical.

63
00:04:53,130 --> 00:04:55,280
Server is hijacked.

64
00:04:55,380 --> 00:05:02,980
Silver is included a d d all s but Silver says I'll compromise it to guys I'm telling you.

65
00:05:03,300 --> 00:05:06,380
So what is the deal as it was is not.

66
00:05:06,410 --> 00:05:16,830
There is nothing as and distribution of denial of service but that means the attack the attack is from

67
00:05:16,930 --> 00:05:22,330
multiple of computers or devices to be simple data is compromised.

68
00:05:22,380 --> 00:05:31,200
Password information are stored in your information might be credit card all your birthday all you'll

69
00:05:31,200 --> 00:05:33,910
see where you're living even in stuff right.

70
00:05:34,080 --> 00:05:34,570
All right.

71
00:05:34,890 --> 00:05:36,410
So let's go future.

72
00:05:36,610 --> 00:05:43,790
Okay so let's show you let's review each year in this fight.

73
00:05:43,830 --> 00:05:49,470
In this link insulin is what the attacker can do.

74
00:05:49,470 --> 00:05:52,920
He can just try and do two ways.

75
00:05:53,050 --> 00:06:01,350
The content appears and then put their GP and then east website.

76
00:06:01,440 --> 00:06:04,640
Let's say even dot com.

77
00:06:04,800 --> 00:06:05,830
He put it there.

78
00:06:05,880 --> 00:06:12,990
You will put a very strong payload so that he can stream your sessions so that he can steal your password

79
00:06:13,020 --> 00:06:18,980
Eakins to anything your location any very sensible information.

80
00:06:23,430 --> 00:06:28,920
Let us show you at our clients you know your book code build on BHP.

81
00:06:29,100 --> 00:06:34,890
You can take it very simple code and that OK.

82
00:06:35,400 --> 00:06:40,580
And then you typed in code of silence was.

83
00:06:42,970 --> 00:06:43,770
Okay.

84
00:06:44,400 --> 00:06:51,230
You mean that page would be doing this in report codes.

85
00:06:51,890 --> 00:06:52,530
Thank you.

86
00:06:53,070 --> 00:06:55,440
Well what this group will do.

87
00:06:55,830 --> 00:07:04,440
This particular code is taking some page which is included into this page so that he can pill form a

88
00:07:04,440 --> 00:07:07,800
remote control of that website.

89
00:07:07,800 --> 00:07:10,560
Since this website is good news.

90
00:07:11,160 --> 00:07:14,130
Okay so all right.

91
00:07:15,490 --> 00:07:20,570
Okay let's minimize it in you know what fits.

92
00:07:20,630 --> 00:07:28,200
Let's go over to Dakota overview of what of what is the difference between our fight and NFA.

93
00:07:28,220 --> 00:07:34,050
Similar to edify it is the NFA is Earl qualified in.

94
00:07:34,280 --> 00:07:39,320
It's a kind of it that involves offloading some payloads fire to the servers.

95
00:07:39,440 --> 00:07:48,320
If you are aware waters for example the attacker seen as a detect the vulnerable website.

96
00:07:48,380 --> 00:07:49,420
After scanning.

97
00:07:49,460 --> 00:07:58,790
So now he can try to upload some payloads fight on to his Web Wasser so that he gets access to the web

98
00:07:58,790 --> 00:07:59,390
server.

99
00:07:59,690 --> 00:08:04,890
So editorial tools are often references together in the context of inclusion attack.

100
00:08:05,000 --> 00:08:12,420
In both cases a successful attack we sought in marriage would be applauded as we have said earlier that

101
00:08:12,640 --> 00:08:13,870
targeted server.

102
00:08:13,970 --> 00:08:22,600
But however unlike our fight and if I an to exploit insecure locale file upload function that that that

103
00:08:23,270 --> 00:08:27,700
functions but failed to validate user control input.

104
00:08:27,740 --> 00:08:39,170
This is a very crucial aspect for any programmers or any kind of cybersecurity guys will want to do

105
00:08:39,670 --> 00:08:43,850
or want to make sure that it will but the kitchen is safe.

106
00:08:43,850 --> 00:08:55,670
You always have to take in charge your input validation sees your web server cannot face or can that

107
00:08:56,010 --> 00:09:01,770
resist to some files input or so characters input.

108
00:09:02,370 --> 00:09:07,330
It's it's very crucial because you have to sanitize your application first.

109
00:09:07,340 --> 00:09:08,910
I mean you freely do it.

110
00:09:09,020 --> 00:09:13,820
You proofread some kind of file from being uploaded to your server.

111
00:09:13,920 --> 00:09:22,760
You've proven some kind of characters to be inserted into a neat space which which can get access to

112
00:09:22,760 --> 00:09:23,520
your servers.

113
00:09:23,570 --> 00:09:29,690
For example in search field you you restrict some characters from utility so that you can resist to

114
00:09:29,690 --> 00:09:31,460
the obscure ingestion attack.

115
00:09:32,360 --> 00:09:34,380
Likewise you sanitize it.

116
00:09:34,490 --> 00:09:41,690
You will be able to even be able to even fight against it if X is attacked.

117
00:09:41,690 --> 00:09:42,890
It's the six of us.

118
00:09:42,890 --> 00:09:43,720
It exists.

119
00:09:43,750 --> 00:09:51,170
There is a course sites cross site scripting attack which is must be in three phases.

120
00:09:51,170 --> 00:09:55,860
We have him it is a sex attack and then we have reflected as a sex attack.

121
00:09:55,880 --> 00:09:58,070
We have attacked Dom.

122
00:09:58,110 --> 00:10:07,220
This isn't a permanent attack is like when the adversary or an attacker try to try to get access to

123
00:10:07,220 --> 00:10:16,060
a server while uploading files it defines the DL in the vulnerable website site for instance in info

124
00:10:16,060 --> 00:10:16,750
on Web site.

125
00:10:17,000 --> 00:10:21,130
So the attacker can inject some payload there and then that build on stay there.

126
00:10:21,350 --> 00:10:29,150
Whenever any claims or any other user go through the page ended it automatically the payloads of the

127
00:10:29,150 --> 00:10:38,090
attacker get loads and the user automatically gets into that trap.

128
00:10:39,220 --> 00:10:44,440
The reflected excessive attack it can be done mostly by email.

129
00:10:44,660 --> 00:10:51,770
Maybe met so the attacker send a victim email and then incites Amos to click on that email and automatically

130
00:10:52,550 --> 00:10:53,560
clicks on that email.

131
00:10:53,570 --> 00:11:00,860
That email might redirect the victim to another page and then this is exactly how they're reflected

132
00:11:00,940 --> 00:11:02,010
as a sex attack.

133
00:11:02,300 --> 00:11:08,780
And then in that redirected page so it has some kind of payload so that e gets what he needs.

134
00:11:08,780 --> 00:11:15,230
For example location or position of cookies and stuff like that and then did Dom access is quite the

135
00:11:15,230 --> 00:11:22,610
same as they would've rented SS is attack but the only difference is that in the dome existence it never

136
00:11:22,610 --> 00:11:24,230
reaches the server site.

137
00:11:24,480 --> 00:11:29,530
Okay so let's close this chapter because it's none of what we are talking about now.

138
00:11:29,970 --> 00:11:33,160
Okay let's give some example.

139
00:11:33,170 --> 00:11:41,740
As we stated earlier it be a GSP payload might be containing GSP include page in string with case the

140
00:11:41,780 --> 00:11:50,240
get go and we do it so that that's the problem with the detector ones or it can be documented get location

141
00:11:50,330 --> 00:11:51,200
and stuff like that.

142
00:11:51,680 --> 00:12:00,610
So whenever the victim go to that particular address so the attacker gets what he needs from him.

143
00:12:01,260 --> 00:12:02,840
Alright here guys.

144
00:12:02,960 --> 00:12:08,810
You can read much more information about it how to sanitize and put some inputs but in this field we

145
00:12:08,810 --> 00:12:14,930
are going to just choose an example of if you were working with a P2P fight.

146
00:12:15,260 --> 00:12:17,460
Let's go to your site.

147
00:12:17,990 --> 00:12:21,640
It's easy to heal.

148
00:12:21,650 --> 00:12:25,450
You can take some counter resume flexibility to measure.

149
00:12:25,940 --> 00:12:26,280
All right.

150
00:12:26,570 --> 00:12:30,830
So what do you have to truly validate the user input.

151
00:12:30,830 --> 00:12:36,860
This is the first thing to validate somebody's beating the user's input.

152
00:12:36,860 --> 00:12:42,590
This is very cool shot because if you don't put some kind of filter some kind of filter is some kind

153
00:12:42,590 --> 00:12:46,880
of sanitization against the user's input.

154
00:12:46,880 --> 00:12:53,520
I'm telling you guys you'd get into the trap because attacker first thing first that he wants to try.

155
00:12:53,690 --> 00:13:00,970
If you want sanitize it and then if you ask not sanitize it you will take advantage of that.

156
00:13:01,690 --> 00:13:06,930
And then the second thing so you can set a low said.

157
00:13:07,400 --> 00:13:08,460
You were an.

158
00:13:08,680 --> 00:13:20,270
If Ukraine threw me off in a row and I know you were included to begin off to be off to the 0 4 guys

159
00:13:21,290 --> 00:13:24,670
in your PSP configuration.

160
00:13:24,710 --> 00:13:30,360
Fine fine fine fine.

161
00:13:30,770 --> 00:13:35,120
Which is being the key here.

162
00:13:35,340 --> 00:13:36,890
You in your back inside.

163
00:13:36,950 --> 00:13:40,610
I mean you know dashboard as an administrator.

164
00:13:40,720 --> 00:13:42,240
You don't have to said.

165
00:13:42,260 --> 00:13:49,970
This file to me order otherwise attackers will take advantage of it looking for much more information.

166
00:13:49,970 --> 00:13:56,850
You can click this link to get the origin our website address to learn much more information about it.

167
00:13:57,200 --> 00:13:57,520
All right.

168
00:13:58,430 --> 00:14:03,320
So that said for this video guys we hopefully that will expand you really well.

169
00:14:03,770 --> 00:14:05,390
What is exactly about.

170
00:14:06,110 --> 00:14:14,570
If I attack in how it works in the countermeasures that you have to take while you are as a developer

171
00:14:14,720 --> 00:14:22,420
or as an administrator of or or some website if you are working there you have to bear in mind this

172
00:14:22,620 --> 00:14:29,250
this implementation should be taken first before breaching the website.

173
00:14:29,270 --> 00:14:29,810
Okay.

174
00:14:29,960 --> 00:14:30,520
Thank you.

175
00:14:30,530 --> 00:14:32,730
And seeing you in the next video.