1 00:00:00,320 --> 00:00:05,770 And Lou everybody when it comes to my advanced ethical hacking networking penetration distinct course 2 00:00:16,120 --> 00:00:17,790 hello again everybody. 3 00:00:17,920 --> 00:00:28,060 This video will cover the concept of x axis facial hinge in new military and exploitation so that before 4 00:00:28,060 --> 00:00:32,910 going into the IDF somebody might say So what is excesses excesses. 5 00:00:32,940 --> 00:00:41,500 It is a kind of web application attack so which we can use this kind of attack to explode some web applications 6 00:00:41,500 --> 00:00:50,160 on Web sites excesses is the abbreviation of course site scripting attack before going into the death 7 00:00:50,310 --> 00:00:55,570 of the party code part of the excesses firing range attack. 8 00:00:55,830 --> 00:01:02,460 But we are going to do we are going to just explain you what is excess is how it works how many types 9 00:01:02,550 --> 00:01:05,650 of excesses there do exist. 10 00:01:05,850 --> 00:01:06,500 OK. 11 00:01:06,570 --> 00:01:07,780 So now let's go. 12 00:01:07,800 --> 00:01:10,640 No no we're going to hold these. 13 00:01:10,650 --> 00:01:16,720 This project is a project that we have already published for all these citizen Daisy. 14 00:01:16,730 --> 00:01:21,350 So now we are going to need to go to two main port. 15 00:01:21,360 --> 00:01:23,850 And the first one is the definition. 16 00:01:23,850 --> 00:01:26,430 This one and how to exercise that word. 17 00:01:26,640 --> 00:01:30,920 And then the two main types of the excesses. 18 00:01:30,930 --> 00:01:32,150 All right. 19 00:01:32,160 --> 00:01:34,640 So let's go to page seven 20 00:01:38,110 --> 00:01:38,720 I. 21 00:01:39,250 --> 00:01:43,060 So you know why these is excesses. 22 00:01:43,330 --> 00:01:45,960 So let's let's try to know exactly. 23 00:01:46,090 --> 00:01:54,550 Excesses is a kind of attack that mainly attack with the web application with you know abilities and 24 00:01:54,910 --> 00:02:04,060 inject some script into a database into the system so that the attacker or the hacker get access to 25 00:02:04,060 --> 00:02:04,940 the system. 26 00:02:04,960 --> 00:02:13,270 All play on the crane side so that he gets he's quite unsure of his credentials which were saved on 27 00:02:13,270 --> 00:02:14,470 the bowser. 28 00:02:14,470 --> 00:02:15,170 All right. 29 00:02:15,190 --> 00:02:22,480 And Enterprise which does not manage how it's a data flowing in the air either outgoing information 30 00:02:22,480 --> 00:02:28,270 from the server or input output server are its users are safe and the. 31 00:02:28,460 --> 00:02:32,640 So is exposed to cyber risk in cyber security. 32 00:02:32,710 --> 00:02:40,960 Then we start all of the IP of the web application or I mean the programmer so they have a very serious 33 00:02:40,960 --> 00:02:48,370 responsibility by issuing in by ensuring that a high security system is put in place while using the 34 00:02:48,370 --> 00:02:49,970 application. 35 00:02:50,280 --> 00:02:59,640 Well again according to a zone in one year the excesses is the javascript payload injection the that 36 00:02:59,800 --> 00:03:02,560 arose in that recently to attack your website. 37 00:03:02,890 --> 00:03:10,910 So your web borders back injecting some malicious javascript payload into that web site so that you 38 00:03:10,910 --> 00:03:19,150 can steal so sensitive one information like cookies saved password decision or credit cards and so on. 39 00:03:19,150 --> 00:03:25,690 So it is a kind of time that first up on the client side a web browser of that user. 40 00:03:25,720 --> 00:03:31,120 Then after a securing may attack the server of that application. 41 00:03:31,120 --> 00:03:31,690 All right. 42 00:03:32,170 --> 00:03:41,050 Now also some situation where the attacker embeds a script into a link and shortens it or obfuscated 43 00:03:41,130 --> 00:03:44,410 is sort of defective we let it be a board to. 44 00:03:44,470 --> 00:03:48,250 The contents of that link before clicking onto it. 45 00:03:48,250 --> 00:03:55,360 So this is a very good tactic because many users or or many people say they have something in mind that 46 00:03:55,360 --> 00:04:04,630 they would not click on something that they don't know or something that which is which looks like suspicious. 47 00:04:04,630 --> 00:04:09,900 So by shortening it you will not know what is behind this. 48 00:04:10,000 --> 00:04:12,600 So you will probably click on it. 49 00:04:13,120 --> 00:04:21,400 So there are many ways or of how to shorten your web link on the Internet you can just go got it and 50 00:04:21,400 --> 00:04:24,210 then you will find many many many examples. 51 00:04:24,850 --> 00:04:25,780 Okay. 52 00:04:25,960 --> 00:04:29,680 So this kind of attack is called reflecting excesses. 53 00:04:29,710 --> 00:04:30,340 What is that. 54 00:04:30,640 --> 00:04:40,270 So it is that when when the user or when the attacker tried to shorten it lands and then sent it to 55 00:04:40,270 --> 00:04:47,650 the victim why the victim clicks on it therefore he gets the victims or Brosseau is session cookies 56 00:04:47,710 --> 00:04:51,910 or any kind of location stuff like that. 57 00:04:51,940 --> 00:04:53,390 All right. 58 00:04:53,780 --> 00:05:00,100 So the next figure illustrates how the existence that work on the victim would enable web applications. 59 00:05:00,100 --> 00:05:03,380 So let's see this first example here. 60 00:05:03,970 --> 00:05:06,450 Let's try to put it be good. 61 00:05:07,100 --> 00:05:08,110 Oh okay. 62 00:05:08,290 --> 00:05:08,710 You. 63 00:05:08,880 --> 00:05:10,150 Again. 64 00:05:10,390 --> 00:05:12,370 So let's go. 65 00:05:12,370 --> 00:05:12,870 Here we are. 66 00:05:12,940 --> 00:05:20,080 The first step is that the attacker injects unfit to money shoes creep into the application. 67 00:05:20,080 --> 00:05:25,090 This is the attacker who was on a web server. 68 00:05:25,090 --> 00:05:32,130 Now he calls a javascript heroes and inserted EMEA to the renewable Web site. 69 00:05:33,000 --> 00:05:33,540 Okay. 70 00:05:33,640 --> 00:05:36,640 So as an example it can be script. 71 00:05:36,640 --> 00:05:41,940 When does the location ever he really get the location or the cookies. 72 00:05:42,250 --> 00:05:47,430 So he embed this script into his lead and shorten e link. 73 00:05:47,450 --> 00:05:52,160 Either he is a clever guy you know and send it to a victim. 74 00:05:52,180 --> 00:05:59,110 So this second step is that the victim was is the vulnerable Web application and malicious code comes 75 00:05:59,110 --> 00:06:09,820 back in the form of its peak response Web page for the victim the victim suppose it leads in the payload 76 00:06:09,880 --> 00:06:12,130 which have been sent by the attacker. 77 00:06:12,430 --> 00:06:14,260 And we act with it. 78 00:06:14,290 --> 00:06:22,690 So the third one is that the attacker gains access over the victim's credentials without him knowing 79 00:06:23,050 --> 00:06:31,420 by injecting so it explodes again until there is this two minute part of this attack. 80 00:06:31,510 --> 00:06:37,390 First thing for us globally there are women powered of course that's quick attack that we've selected 81 00:06:37,560 --> 00:06:41,980 excesses dystopian excesses and the DOM based exercise. 82 00:06:42,480 --> 00:06:49,480 So let's begin with the less come on one but most dangerous in terms of in terms of damage proportion 83 00:06:49,650 --> 00:06:58,010 that it can put it is to me the permanent attack the permanent attack can be quote stowed excesses that 84 00:06:58,020 --> 00:07:05,880 like most known as persistent type 2 accesses that deck as we as we have already stated in the previous 85 00:07:05,880 --> 00:07:16,410 chapters that the input user case is a must in India target website if you as a programmer as a developer 86 00:07:16,530 --> 00:07:20,180 or building your website you are all user input. 87 00:07:20,190 --> 00:07:22,710 So you have to take great care of this. 88 00:07:22,740 --> 00:07:29,130 You have to find a way to sanitize the user input or buy food turning it so that it does it accept some 89 00:07:29,130 --> 00:07:34,450 characters in autumn build stuff later or otherwise it would be very common. 90 00:07:34,470 --> 00:07:40,470 So that you can newbies can attack your Web site by the base or is accurate information in all by some 91 00:07:41,340 --> 00:07:43,770 excesses attack you know. 92 00:07:43,890 --> 00:07:51,450 So just try to be aware of the consequences as a summary of the excesses that the attacker. 93 00:07:51,510 --> 00:07:58,980 We have been going to attempt to input that is to be stored in a database system how it works. 94 00:07:59,040 --> 00:08:03,210 Let's go a little bit put it to you. 95 00:08:04,810 --> 00:08:05,390 OK. 96 00:08:05,910 --> 00:08:09,050 So come on. 97 00:08:09,720 --> 00:08:10,070 OK 98 00:08:13,890 --> 00:08:15,150 good. 99 00:08:16,600 --> 00:08:18,160 OK. 100 00:08:18,610 --> 00:08:19,050 OK. 101 00:08:19,570 --> 00:08:25,330 So the first thing for us this is the victim web browser. 102 00:08:25,830 --> 00:08:26,650 OK. 103 00:08:26,950 --> 00:08:37,120 What the attacker do the attacker sitting at home at his computer and try to post a malicious comment 104 00:08:37,420 --> 00:08:47,150 into either a form or a comment post of a Web site and where he puts in order or click comment. 105 00:08:47,230 --> 00:08:55,720 His comment is now lie alive on their Web site that Web site. 106 00:08:55,730 --> 00:09:01,780 Therefore any other users that come to that Web site to read what order is user. 107 00:09:02,210 --> 00:09:09,630 Well writing they are able to see the attacker stuff too therefore. 108 00:09:09,640 --> 00:09:14,350 So that's why we coded it is stored in the database system in the server. 109 00:09:14,890 --> 00:09:15,980 OK. 110 00:09:16,000 --> 00:09:16,930 No comment. 111 00:09:16,930 --> 00:09:19,330 Let's go now. 112 00:09:19,650 --> 00:09:20,750 Stop it. 113 00:09:20,850 --> 00:09:27,530 He's calling the comments in a web application database by pressing into or by clicking on comment. 114 00:09:27,580 --> 00:09:32,400 Now the victim clicks on demand issues comment posted by the attacker. 115 00:09:32,410 --> 00:09:36,930 Of course if you are a good attacker you have to embed your payload. 116 00:09:37,090 --> 00:09:44,440 I mean short a need or obfuscated so that it does it be suspicious so that you'll get what you want 117 00:09:44,810 --> 00:09:47,590 or get in there. 118 00:09:47,590 --> 00:09:56,230 The fourth one money was comments get executed on the victims or poser in transfer the victim's credentials 119 00:09:56,530 --> 00:09:58,020 to the attacker was it. 120 00:09:58,240 --> 00:10:06,910 You know by clicking on his comment or by clicking on what the attacker was posted on that form so automatically 121 00:10:07,240 --> 00:10:09,760 the attacker get the victim. 122 00:10:09,760 --> 00:10:14,430 The victims were Boyce's credentials everything that were saved. 123 00:10:14,440 --> 00:10:16,860 He can get them all right. 124 00:10:17,330 --> 00:10:17,880 Okay. 125 00:10:17,980 --> 00:10:21,550 So this is just an explanation. 126 00:10:21,580 --> 00:10:23,230 Oh okay. 127 00:10:24,910 --> 00:10:25,380 Okay. 128 00:10:25,560 --> 00:10:27,190 Let's go to New effect it is a success. 129 00:10:27,210 --> 00:10:36,380 Now this again one decision must go on and fairly very very very quick very easy easy to meet with tip. 130 00:10:36,420 --> 00:10:37,700 It is a setup. 131 00:10:37,740 --> 00:10:38,500 What is it. 132 00:10:38,500 --> 00:10:40,220 So it is in universities then. 133 00:10:40,360 --> 00:10:47,040 And what we mean by that actually the most common one although it is not the most tenuous basically 134 00:10:47,290 --> 00:10:55,440 the inference showing craft is paid for link sends it to some desired victims of your email for example 135 00:10:55,440 --> 00:11:02,670 or you know any kind of social media and then entices them into clicking on it. 136 00:11:04,130 --> 00:11:13,330 So that it reaches the victims poser Foxy hacker usually mix that spiteful spiteful link be either orchestrated 137 00:11:13,400 --> 00:11:21,440 as we have stated earlier or show tainted then sit back and joke coffee jerk wine in Dixie cup of coffee 138 00:11:21,560 --> 00:11:22,170 enjoy. 139 00:11:22,190 --> 00:11:27,180 So what do you know waiting for people to come in when you're a victim that begins on that particular 140 00:11:27,180 --> 00:11:35,890 hour Bowser e Bowser is it good that issue is embedded script and discrete stimulus some sensitive data 141 00:11:36,170 --> 00:11:44,600 release releases them to the attacker inevitably clicking on that link makes it automatic weakest to 142 00:11:44,610 --> 00:11:50,910 the vulnerable server when you click on anything your mouse makes a weakest invoke something. 143 00:11:50,990 --> 00:11:58,670 So since that link content contents of malicious clip inside and the website which you are navigating 144 00:11:58,670 --> 00:12:04,950 on is vulnerable then that weakest endures that will be we know several with javascript code history 145 00:12:04,990 --> 00:12:06,280 as a part of it. 146 00:12:06,410 --> 00:12:13,580 There are after several whispered to the victims we spend the weakest two victims poor so with the money 147 00:12:13,600 --> 00:12:14,380 issue scored. 148 00:12:14,640 --> 00:12:21,560 So would flick did back scenes down there were no barriers to prevent that JavaScript code from the 149 00:12:21,560 --> 00:12:23,490 outside world into the server. 150 00:12:24,430 --> 00:12:28,390 Okay so this is how how we obfuscated. 151 00:12:28,410 --> 00:12:32,290 This is a very good way to obfuscate your link. 152 00:12:32,680 --> 00:12:34,460 Okay. 153 00:12:34,880 --> 00:12:36,970 Just if you don't know what is obfuscation. 154 00:12:37,070 --> 00:12:39,230 So you we have we just put it for you. 155 00:12:39,230 --> 00:12:45,140 It is a process that is used for illegitimate intentions a process that leads to law. 156 00:12:45,240 --> 00:12:46,380 Would we be bullied. 157 00:12:46,880 --> 00:12:48,510 We need ability as well. 158 00:12:48,620 --> 00:12:54,250 And if we can glean mostly might look like that this one okay. 159 00:12:54,990 --> 00:13:02,970 So we have to give an overview about Shorten in toto look and pause the video and try to edit. 160 00:13:03,300 --> 00:13:06,240 So this is the attack that will be effective. 161 00:13:06,280 --> 00:13:07,040 This is this attack. 162 00:13:07,040 --> 00:13:11,540 So we have given two examples but let's let's just explain this one. 163 00:13:11,590 --> 00:13:17,470 So here this is the victim and this is the black actor. 164 00:13:17,880 --> 00:13:19,790 He stands. 165 00:13:20,000 --> 00:13:26,750 He sends the victim email with money shoes lying then waiting for the victim to be to click on that 166 00:13:26,750 --> 00:13:27,530 link. 167 00:13:27,560 --> 00:13:36,210 Since when the victim clicks clicks the land and she's happy with this continued malicious code is send 168 00:13:36,520 --> 00:13:37,310 to that food. 169 00:13:37,490 --> 00:13:40,810 Will application of course then deterred process. 170 00:13:40,850 --> 00:13:41,970 Is that legitimate. 171 00:13:42,020 --> 00:13:51,950 GDP we spent containing malicious code is reflected by the rule a web application to the victim malicious 172 00:13:51,950 --> 00:14:00,680 code executes in context of victims or boss or in victim sensitive information is sent back to the attacker 173 00:14:00,760 --> 00:14:01,180 like that. 174 00:14:01,280 --> 00:14:07,400 You said it was this and it was a good idea for the victim to increase while clicking and it goes to 175 00:14:07,400 --> 00:14:16,220 the server and then disable sending back to his browser and his poseur of course is interconnected. 176 00:14:16,230 --> 00:14:18,680 Then send it back to the attacker machine. 177 00:14:19,280 --> 00:14:20,040 All right. 178 00:14:20,550 --> 00:14:23,530 So that's how it works. 179 00:14:23,680 --> 00:14:32,240 Ding dong best excesses it's less come on holiday record types the Ziegel could be regarded as being 180 00:14:32,250 --> 00:14:39,850 especially specific type of the reflected attack both trickery by sending a link to a dessert person 181 00:14:39,860 --> 00:14:47,710 which inputs that are reflected to the person but the only difference between the reflected exercise 182 00:14:47,750 --> 00:14:53,420 attack in the DOM basic attack is that they don't based attack near a. 183 00:14:53,450 --> 00:14:55,530 We choose the server. 184 00:14:55,580 --> 00:14:57,230 This is the only difference. 185 00:14:57,590 --> 00:14:58,010 Yeah. 186 00:14:58,190 --> 00:14:59,170 So how Edwards. 187 00:14:59,240 --> 00:15:03,080 Let's just quickly win despite all right. 188 00:15:03,200 --> 00:15:11,020 So the attack craft and muddy shoes link use his ways to have that link which the victim either via 189 00:15:11,450 --> 00:15:12,270 email. 190 00:15:12,350 --> 00:15:13,420 What's up Facebook. 191 00:15:13,430 --> 00:15:14,530 I dunno whatever. 192 00:15:14,960 --> 00:15:21,310 Then the victim clicks on that link and email issues vulnerable webpage loads on the victim's. 193 00:15:22,370 --> 00:15:31,800 So the attackers malicious creep may exist could combine it with IRL account privilege software and 194 00:15:31,880 --> 00:15:39,920 crafted link may contain some javascript payload to attack on a vulnerable page if renewable application 195 00:15:39,950 --> 00:15:47,480 accept its GDP request although it does not incorporate email issues and inject each of us in JavaScript 196 00:15:47,480 --> 00:15:49,070 stream in the. 197 00:15:49,160 --> 00:15:52,030 We spent message day doubtful. 198 00:15:52,280 --> 00:15:59,150 They were out of that victim once the male issues and checked the payload transferring the victim's 199 00:15:59,150 --> 00:16:00,050 credentials. 200 00:16:00,050 --> 00:16:02,980 I mean cookies saved password. 201 00:16:03,100 --> 00:16:06,300 Station anything to the web server of the attacker. 202 00:16:06,320 --> 00:16:13,420 That's how the attacker again then grab the information that he needs from that particular victim. 203 00:16:14,190 --> 00:16:14,810 Okay. 204 00:16:14,980 --> 00:16:19,620 Any such attack the attacker money bullets are the object in the document old model. 205 00:16:20,110 --> 00:16:20,870 And in it. 206 00:16:20,950 --> 00:16:23,330 In it and in an appropriate manner. 207 00:16:23,350 --> 00:16:30,950 He handles the property of each team and a page looking at each team its source code of the page and 208 00:16:30,950 --> 00:16:33,520 the prints of the attack. 209 00:16:33,520 --> 00:16:38,560 It's crucial to detect them because they are exact. 210 00:16:38,560 --> 00:16:45,370 That is to say the attacker the attackers payload is a part of the domain of the achievement page but 211 00:16:45,370 --> 00:16:47,050 not part of the we spent. 212 00:16:47,080 --> 00:16:48,970 We have to be aware of that too. 213 00:16:49,090 --> 00:16:54,200 The attacker may use this object document location in the window location and or commit to it and so 214 00:16:54,190 --> 00:16:55,630 on and so on and so well. 215 00:16:56,330 --> 00:17:07,870 Okay so we have seen guys what is exactly excesses how it works and the scene behind it. 216 00:17:07,870 --> 00:17:14,600 You're not out to try to know if someone sends you something. 217 00:17:14,920 --> 00:17:17,530 If you don't know what kind of friend. 218 00:17:17,570 --> 00:17:25,770 If you don't trust that person it's better not only to not click but if you if you really want to click 219 00:17:26,210 --> 00:17:35,530 the little out first find everything clear your cookies delete e delete e e told anything off that was 220 00:17:35,540 --> 00:17:38,270 Earth and oh usually me. 221 00:17:38,620 --> 00:17:40,550 I have a particular voice. 222 00:17:40,600 --> 00:17:45,040 I never in my credentials lead what I do. 223 00:17:45,190 --> 00:17:46,690 I just surf the web. 224 00:17:46,690 --> 00:17:47,630 That's it. 225 00:17:47,710 --> 00:17:51,940 If you don't have something like that it's better to delete cookies. 226 00:17:51,980 --> 00:17:53,920 And so and so and so what. 227 00:17:54,360 --> 00:18:01,370 So know this is the part of the theoretical view of the excesses outwards. 228 00:18:01,390 --> 00:18:07,030 Here we have given you a lot of information so you can stop the video and read them. 229 00:18:07,070 --> 00:18:12,680 You tell me if I'm going to stop dead and can see so many so many examples of it. 230 00:18:13,430 --> 00:18:16,330 I really think that you already know what is exists. 231 00:18:16,570 --> 00:18:24,190 So now we are looking forward to seeing you in New Field infuse again to try to make it practical now 232 00:18:24,280 --> 00:18:34,780 to attack some some words and detect if if a next suspect is in some web application in science. 233 00:18:35,080 --> 00:18:35,640 Thank you. 234 00:18:35,990 --> 00:18:37,800 Okay looking forward. 235 00:18:44,960 --> 00:18:45,780 All right. 236 00:18:45,910 --> 00:18:53,230 So let's go first and first we're going to go to Kelly UNIX machine and then open your o water and then 237 00:18:53,650 --> 00:19:00,640 we will go to this following what blank will provided to you and then which was. 238 00:19:00,640 --> 00:19:08,040 Of course we will go here and you copy and pass control V and then you go there. 239 00:19:10,010 --> 00:19:12,620 What it should be on your candy machine right. 240 00:19:12,790 --> 00:19:13,720 So we have some. 241 00:19:14,070 --> 00:19:16,210 Okay. 242 00:19:16,930 --> 00:19:17,940 Pass it again. 243 00:19:18,040 --> 00:19:19,940 And then we had some mistake. 244 00:19:19,940 --> 00:19:21,530 We had two spaces guys 245 00:19:24,410 --> 00:19:25,660 this is again. 246 00:19:25,670 --> 00:19:27,050 No it wasn't. 247 00:19:27,590 --> 00:19:30,620 As you may did it so it is secure. 248 00:19:30,650 --> 00:19:31,700 Or obligation at a. 249 00:19:31,850 --> 00:19:37,390 But it is secure for transport layer security. 250 00:19:37,550 --> 00:19:46,910 I mean for SSL for a communication SSL certificate is valid but it does mean that it is not vulnerable. 251 00:19:46,910 --> 00:19:47,380 All right. 252 00:19:47,450 --> 00:19:52,390 So let's open or carry machine and then get into the def movie to. 253 00:19:52,600 --> 00:19:54,390 We have it over here. 254 00:19:54,590 --> 00:19:58,440 So it does just for the sake of this video. 255 00:19:58,580 --> 00:20:04,720 I'll go there and we'll burn or attack a machine to get our 2. 256 00:20:12,980 --> 00:20:22,850 You're going to have to configure all your were born so that your books street matches with it. 257 00:20:22,910 --> 00:20:31,040 What do I mean by that as default your birth suite application is setting up as Port eighty eight. 258 00:20:31,280 --> 00:20:32,550 So that means you. 259 00:20:32,630 --> 00:20:37,180 That means you have to configure your Firefox or your Google Chrome I don't know so it depends on you 260 00:20:37,190 --> 00:20:39,070 what kind of watch it that you use. 261 00:20:39,110 --> 00:20:43,910 So you're gonna use it exactly the same so that you can get the connection between the birdseed and 262 00:20:44,030 --> 00:20:44,970 your Firefox. 263 00:20:44,980 --> 00:20:45,420 All right. 264 00:20:45,560 --> 00:20:50,360 So let it simple and type or credentials. 265 00:20:50,540 --> 00:20:51,810 Well whatever the read. 266 00:20:52,100 --> 00:20:56,320 So this we can minimize it from now white 267 00:21:00,070 --> 00:21:01,010 when I would in a it 268 00:21:06,350 --> 00:21:16,420 so we open the terminal as usual and then when I stop or proceed with. 269 00:21:16,510 --> 00:21:18,700 And then we're going to start off Firefox as well. 270 00:21:18,760 --> 00:21:21,530 We open firefox as our boss. 271 00:21:22,220 --> 00:21:25,460 If you have any kind of verbosity you can use it. 272 00:21:25,670 --> 00:21:26,600 It does it matter. 273 00:21:33,070 --> 00:21:33,560 No it 274 00:21:38,050 --> 00:21:38,370 it 275 00:21:42,330 --> 00:21:43,170 all right. 276 00:21:43,220 --> 00:21:45,650 So now we have Firefox. 277 00:21:45,810 --> 00:21:50,220 So we have to configure it according to Oberst before studying Oberg out. 278 00:21:50,530 --> 00:21:51,340 How can you do that. 279 00:21:51,480 --> 00:22:00,840 So you have to go to advance to before advance to settings and then click at events here and network 280 00:22:01,550 --> 00:22:02,720 of preferences. 281 00:22:02,760 --> 00:22:06,050 Of course then whenever you click on setting. 282 00:22:07,410 --> 00:22:11,190 So as you can see mine is already used. 283 00:22:11,580 --> 00:22:16,540 The proxy see this one and deport is 88. 284 00:22:16,860 --> 00:22:24,370 We put 88 because all books speed is country good as 80 80 port number. 285 00:22:24,390 --> 00:22:26,010 So as a default. 286 00:22:26,010 --> 00:22:33,120 So that's why he would put this default but make sure you have no other applications or no kind of UNIX 287 00:22:33,140 --> 00:22:39,350 machine which have a warning on disk put and then which are winning in the same time at the same time 288 00:22:39,740 --> 00:22:42,110 with your Firefox O2 Brooksley. 289 00:22:42,150 --> 00:22:42,760 All right. 290 00:22:42,810 --> 00:22:46,670 So we think okay that's it that's all we need. 291 00:22:46,670 --> 00:22:56,100 And then we can try to go here and in that link we have used this one was public firing orange dot spot 292 00:22:56,220 --> 00:22:58,080 that come to going out with. 293 00:22:58,520 --> 00:23:19,350 Jessica Gale and David public public in that first issue to be is public polling language that dot com 294 00:23:19,400 --> 00:23:21,720 and no press Enter or Return. 295 00:23:22,590 --> 00:23:23,200 All right. 296 00:23:23,250 --> 00:23:25,680 We are there now what we're going to do. 297 00:23:25,710 --> 00:23:31,730 We can try to start obsolete if you have a Brooks professional that you have bought before. 298 00:23:31,860 --> 00:23:33,270 It would be very good. 299 00:23:33,420 --> 00:23:39,290 But if you have any in addition community it will work as well. 300 00:23:39,290 --> 00:23:40,270 All right. 301 00:23:40,380 --> 00:23:49,080 So for the first time when you started when used when you click enter for this Web site it might ask 302 00:23:49,080 --> 00:23:57,480 you it might it might ask you for cert you have to edit and then that's all so that you can have this 303 00:23:57,480 --> 00:23:58,850 Web site on your local host. 304 00:23:58,890 --> 00:24:03,720 Because now as we said he did Bob on or put 1880. 305 00:24:03,810 --> 00:24:07,020 So now you are working on that Web site on local. 306 00:24:07,460 --> 00:24:07,960 Okay. 307 00:24:08,130 --> 00:24:10,690 So no one is open obsolete file. 308 00:24:11,010 --> 00:24:15,080 So we have grid or worksheet official and all. 309 00:24:15,120 --> 00:24:17,440 John and then we can type this. 310 00:24:19,030 --> 00:24:24,660 Obviously professional you started but if you want you can start your burps read enough and community. 311 00:24:24,660 --> 00:24:26,250 So it's not a problem. 312 00:24:26,730 --> 00:24:29,010 It's not a problem. 313 00:24:29,130 --> 00:24:33,550 Look we can next it's Birgit 314 00:24:41,330 --> 00:24:42,890 so we're going to wait a little bit. 315 00:24:42,910 --> 00:24:43,640 Make loads. 316 00:24:44,090 --> 00:24:45,200 Yeah okay. 317 00:24:45,200 --> 00:24:45,680 No. 318 00:24:46,020 --> 00:24:48,220 Obama said he started. 319 00:24:50,780 --> 00:24:57,460 Okay now you would have to make sure that your burps read intercept is off. 320 00:24:57,900 --> 00:25:01,070 OK so we're going to try to go there. 321 00:25:01,120 --> 00:25:03,490 See okay. 322 00:25:03,680 --> 00:25:06,500 Automatically it's on and you know click on it. 323 00:25:06,530 --> 00:25:08,890 We make it off. 324 00:25:08,890 --> 00:25:09,750 All right. 325 00:25:09,830 --> 00:25:20,180 So after that we should go to Target tab and then after being on the target tab we can click on target. 326 00:25:21,400 --> 00:25:23,290 And then we need to like scope 327 00:25:27,810 --> 00:25:28,830 okay. 328 00:25:29,130 --> 00:25:38,460 So now what we have to do we have to pass or we have to pass the link that we have on all Firefox. 329 00:25:38,480 --> 00:25:42,030 We have to pass it there. 330 00:25:42,070 --> 00:25:44,020 We have to compete first 331 00:25:47,280 --> 00:25:57,410 seen all now by taking copy and go back to your work and past you were there. 332 00:25:57,920 --> 00:25:58,300 OK. 333 00:25:59,150 --> 00:26:14,580 So after Preston you were there what you have to do include. 334 00:26:15,020 --> 00:26:22,030 It says to you now you have added in a 10 to target what do you would propose it to stop sending out 335 00:26:22,070 --> 00:26:26,430 of scope items to the east toy or auto web tools. 336 00:26:26,660 --> 00:26:28,740 You have to answer yes. 337 00:26:29,000 --> 00:26:32,810 So we click on Yes all right. 338 00:26:32,900 --> 00:26:37,910 While being inside map click on where it says creator. 339 00:26:37,970 --> 00:26:44,040 Okay let's go back something that is really important. 340 00:26:44,100 --> 00:26:55,110 Guys sometimes you can lunge your props free and then why you go to this target you go to this target 341 00:26:55,830 --> 00:26:59,030 and your book Street is burning. 342 00:26:59,100 --> 00:27:01,480 I mean you go here and you. 343 00:27:01,500 --> 00:27:09,300 This part is totally blank spot and then what you have to do first thing first you have to make sure 344 00:27:09,450 --> 00:27:17,460 that your intercept is on while you make it on and then you go to that page the target page you will 345 00:27:17,460 --> 00:27:19,600 load it again. 346 00:27:19,830 --> 00:27:20,210 Okay. 347 00:27:20,230 --> 00:27:23,610 Now you should get the content. 348 00:27:23,880 --> 00:27:27,390 I mean the communication on your book sheet. 349 00:27:27,390 --> 00:27:30,450 So now we go back on the worksheet Okay here it is. 350 00:27:30,720 --> 00:27:36,270 Now what you have to do if this pilot if if this part is blank. 351 00:27:36,480 --> 00:27:44,360 That means the public firing range is out of scope to put it in that scope. 352 00:27:44,370 --> 00:27:50,740 You have to go there and click and send to Spider. 353 00:27:50,790 --> 00:27:56,370 Why would you send it to spider and it would say this item his own side to crow and spider ring scope 354 00:27:56,670 --> 00:28:05,490 would you note what he finds scope and twinkle dared him to say yes and then you said yes when you go 355 00:28:05,490 --> 00:28:12,430 back there so you will of course find it need here so that you can see the files and folders. 356 00:28:12,430 --> 00:28:13,350 Let's have a check. 357 00:28:13,440 --> 00:28:15,960 You see you see. 358 00:28:16,460 --> 00:28:16,990 Let's go. 359 00:28:16,990 --> 00:28:18,620 Here we are. 360 00:28:18,630 --> 00:28:25,000 All right and then automatically in this photo time. 361 00:28:25,210 --> 00:28:29,290 So if we do with the content of it if we tried to go there. 362 00:28:29,340 --> 00:28:29,790 OK. 363 00:28:29,860 --> 00:28:31,000 Here are some content. 364 00:28:31,440 --> 00:28:32,000 OK. 365 00:28:32,080 --> 00:28:33,340 So what do we have to do now. 366 00:28:34,150 --> 00:28:36,180 Let's try to go back. 367 00:28:36,210 --> 00:28:42,790 He'll target and then there are many files and in folders you can check them. 368 00:28:42,790 --> 00:28:48,280 Now let's go back so what we have to do it in while being inside. 369 00:28:48,280 --> 00:28:54,760 Map click on where it sees finder hiding Net phone items or something like that. 370 00:28:54,860 --> 00:28:58,350 And it's good to hear you. 371 00:28:59,290 --> 00:29:06,010 So we have to click on short when we found the terrorist weakest and show on the in scope item where 372 00:29:06,010 --> 00:29:08,580 they are shown in school by them. 373 00:29:08,620 --> 00:29:09,540 Okay. 374 00:29:09,670 --> 00:29:12,950 Now we click outside the box here. 375 00:29:13,140 --> 00:29:13,760 Great. 376 00:29:13,820 --> 00:29:14,630 Excellent. 377 00:29:15,050 --> 00:29:23,710 And so as we can see now it's it's showing you the most awful event the most important things that you 378 00:29:23,710 --> 00:29:25,940 have asked for. 379 00:29:26,440 --> 00:29:26,870 OK. 380 00:29:27,470 --> 00:29:31,980 So now going spider time where it's a spider is posed. 381 00:29:32,030 --> 00:29:38,190 And we have to warn it. 382 00:29:38,280 --> 00:29:45,460 So it's a quote despite a tumblr and then we click on here to win it. 383 00:29:46,160 --> 00:29:52,130 Then we're going to wait till the weakest crude will be on zero. 384 00:29:52,190 --> 00:29:59,640 It still won't eat even if you see the number your numbers stop working what is still winning in question. 385 00:29:59,660 --> 00:30:03,050 Just wait a little time. 386 00:30:04,180 --> 00:30:08,320 So in the end it will work. 387 00:30:08,420 --> 00:30:10,060 Now wait minute wait. 388 00:30:10,090 --> 00:30:10,900 It's this. 389 00:30:10,900 --> 00:30:14,710 No okay so I'm just a little bit passion's 390 00:30:24,940 --> 00:30:25,450 all right. 391 00:30:25,470 --> 00:30:26,130 Very good. 392 00:30:26,250 --> 00:30:30,190 So are we just crude is zero. 393 00:30:30,370 --> 00:30:39,420 Now what we have to do we should go to the public firing range and then we try to reload that Page was 394 00:30:39,420 --> 00:30:40,330 first thing first. 395 00:30:40,350 --> 00:30:44,100 We have to make sure that all suite now is on. 396 00:30:44,560 --> 00:30:44,960 OK. 397 00:30:45,000 --> 00:30:50,430 So let's go back to boxing to any don't begin of its own. 398 00:30:50,760 --> 00:30:55,150 And then when I go here we try to we lose it. 399 00:30:55,290 --> 00:31:03,890 So let's we need to find what kind of outputs that would get let's go back to purpose this will close 400 00:31:03,900 --> 00:31:07,220 on books in our unusual OK. 401 00:31:07,260 --> 00:31:10,990 So now of its food fight if we have to read of. 402 00:31:11,070 --> 00:31:11,820 Okay now okay. 403 00:31:11,900 --> 00:31:13,020 It's going to be 22. 404 00:31:13,310 --> 00:31:19,680 So now we're going to go back to our target website and then we're going to click on reflecting access 405 00:31:19,740 --> 00:31:23,190 and so that we find a positive body. 406 00:31:23,200 --> 00:31:27,800 And then we're going to try to open in Newtown. 407 00:31:28,980 --> 00:31:29,660 OK. 408 00:31:29,670 --> 00:31:30,460 So we need this one. 409 00:31:30,450 --> 00:31:31,550 So let's click on it. 410 00:31:32,850 --> 00:31:34,060 That's what we'll get. 411 00:31:34,600 --> 00:31:35,000 Okay. 412 00:31:35,010 --> 00:31:39,680 It's a blank page contained which contains a name. 413 00:31:39,990 --> 00:31:42,380 Okay so now we've got our will. 414 00:31:42,390 --> 00:31:47,350 We could have we learned that page after we have intercept on Bourbon Street on. 415 00:31:47,630 --> 00:31:49,080 So let's go back to worksheet. 416 00:31:49,970 --> 00:31:51,080 Let's go back. 417 00:31:51,110 --> 00:31:52,930 So everything is all right. 418 00:31:53,090 --> 00:31:55,220 Proxy Tony. 419 00:31:55,310 --> 00:31:56,370 No no no. 420 00:31:56,560 --> 00:31:56,860 OK. 421 00:31:56,890 --> 00:32:05,680 So it's on going to do with fresh meat and then to that we get the connection into over shoot. 422 00:32:05,700 --> 00:32:06,920 All right. 423 00:32:06,990 --> 00:32:13,730 So we we should be really careful about the Get ocean. 424 00:32:13,770 --> 00:32:15,800 So this is what we get here. 425 00:32:16,020 --> 00:32:19,020 That a is that is this a. 426 00:32:19,080 --> 00:32:20,950 That was a period here. 427 00:32:20,970 --> 00:32:22,310 All right. 428 00:32:22,770 --> 00:32:23,670 Come on. 429 00:32:23,780 --> 00:32:24,900 OK. 430 00:32:24,980 --> 00:32:25,620 Sorry. 431 00:32:26,360 --> 00:32:27,130 It's done. 432 00:32:27,360 --> 00:32:35,160 So now what we have to do in the war time we see the information needed to insert codes code means or 433 00:32:35,160 --> 00:32:37,880 how it is so wide click there. 434 00:32:38,040 --> 00:32:42,700 And then you wouldn't have seen it with beta then after that we're going to click OK. 435 00:32:42,750 --> 00:32:51,910 So let's go white and try and then you beta in like week beta. 436 00:32:52,360 --> 00:32:54,050 So now we sent it to a beta. 437 00:32:54,070 --> 00:33:02,020 Now we have to go to do we beta tab and click on go when you click on go we will get to waist prints 438 00:33:02,290 --> 00:33:13,330 of how that a character is put in the time into keywords I mean Dick moves body that cured buddy buddy. 439 00:33:14,290 --> 00:33:20,050 So when we see our date how the later a is embedded. 440 00:33:20,520 --> 00:33:21,150 OK. 441 00:33:21,200 --> 00:33:28,730 So let's keep on go you are excellent. 442 00:33:29,480 --> 00:33:29,770 OK. 443 00:33:29,780 --> 00:33:30,910 So what are you going to do. 444 00:33:30,920 --> 00:33:32,250 We're going to try to. 445 00:33:32,910 --> 00:33:39,170 We're going to try to replace the A by several characters which are generally used in excesses that 446 00:33:39,230 --> 00:33:47,720 payload this method is not going to work anything but it will just show us what we are able to put into 447 00:33:47,720 --> 00:33:57,200 web application we had in burps we get we float data and meters by the blabber over and zones all north 448 00:33:57,230 --> 00:33:57,860 and so on. 449 00:33:58,520 --> 00:34:03,530 So now we can we place the a hiker by similar characters. 450 00:34:03,530 --> 00:34:09,980 So we're going to try to delay that A and then put some character. 451 00:34:10,130 --> 00:34:23,790 So let's say we're going to try to board these one Cormann is one Dutch Dutch eligible mod excesses 452 00:34:23,940 --> 00:34:37,010 excesses and excesses excesses people encounter and during work it's security work. 453 00:34:37,260 --> 00:34:41,670 And we're going to try to put people on disease as well. 454 00:34:42,170 --> 00:34:42,940 All right. 455 00:34:42,990 --> 00:34:55,060 So now we then have to click on go by but by doing so as we see it in cause or character or two in so. 456 00:34:55,090 --> 00:34:57,250 So let's try it out. 457 00:34:57,350 --> 00:35:00,060 Go on King 458 00:35:02,860 --> 00:35:08,150 known experience the code inadequate that we get there we spend 459 00:35:10,960 --> 00:35:13,280 nearly spends OK so we can put it in. 460 00:35:13,700 --> 00:35:15,870 It's enough to be seen. 461 00:35:15,920 --> 00:35:17,020 All right. 462 00:35:17,120 --> 00:35:22,020 So why do we see in the body no money here should be that a. 463 00:35:22,220 --> 00:35:26,520 But we have replaced that a by these characters. 464 00:35:26,540 --> 00:35:33,780 So what we can see that we see the cause semicolon dash dash. 465 00:35:33,830 --> 00:35:35,360 Then came. 466 00:35:35,570 --> 00:35:38,940 So after the equal sign. 467 00:35:39,070 --> 00:35:46,840 It didn't read any of all characters I mean the work it and so on live a very good idea that this web 468 00:35:46,840 --> 00:35:49,450 application is vulnerable to exist attack. 469 00:35:49,900 --> 00:35:50,830 Okay. 470 00:35:51,040 --> 00:36:03,100 So since we did this here let's try to go now to proxy and turn this off and we're going to go here 471 00:36:03,690 --> 00:36:09,730 in that family and that link we will try to replace that a by a bailout queen. 472 00:36:10,240 --> 00:36:16,790 So we're gonna type squeak and ballad and we have to put their number. 473 00:36:17,050 --> 00:36:20,470 Let's say any number of workers. 474 00:36:20,500 --> 00:36:22,870 And then we have this creep. 475 00:36:23,110 --> 00:36:26,270 So let's look first thing first. 476 00:36:27,550 --> 00:36:28,690 Okay. 477 00:36:29,340 --> 00:36:33,540 So you can place call center. 478 00:36:33,690 --> 00:36:35,100 Here we are. 479 00:36:35,100 --> 00:36:43,140 That means this Web site is vulnerable to excesses because because it is reflected on the page. 480 00:36:43,620 --> 00:36:44,330 All right. 481 00:36:44,430 --> 00:36:51,470 So let's move now onto another example which will gonna work for this simple generic payload. 482 00:36:51,570 --> 00:36:52,080 All right. 483 00:36:52,260 --> 00:37:00,220 So we can say okay so this is done now but that is 484 00:37:03,600 --> 00:37:12,180 now as we can see in the previous example when we tried to embrace the letter R by some characters we 485 00:37:12,180 --> 00:37:20,250 can type the payload after that and then it will Genia wait the attack on the web page. 486 00:37:20,250 --> 00:37:24,750 Okay now let's try to go to some some other examples. 487 00:37:25,080 --> 00:37:25,520 All right. 488 00:37:25,860 --> 00:37:27,310 So on disappears off. 489 00:37:27,340 --> 00:37:28,740 Okay that's good. 490 00:37:28,740 --> 00:37:29,670 Now we're going to try. 491 00:37:29,830 --> 00:37:32,380 Let's go to the point of title. 492 00:37:32,730 --> 00:37:35,810 We click on it okay. 493 00:37:35,840 --> 00:37:37,400 It's a blank page. 494 00:37:37,400 --> 00:37:48,020 As I've said earlier in labs penetration testing in the course one always try to right click on any 495 00:37:48,020 --> 00:37:54,710 page as an attacker and go to a few source page so that if something there is even. 496 00:37:54,880 --> 00:37:55,220 Okay. 497 00:37:55,260 --> 00:38:01,250 We see this a tool is between this a leader is between the two. 498 00:38:01,460 --> 00:38:01,890 All right. 499 00:38:01,910 --> 00:38:05,330 So does all this web page contain. 500 00:38:05,390 --> 00:38:09,800 So let's close it and let's go back to our group. 501 00:38:09,860 --> 00:38:14,660 So now we're going to turn and intercept on go back again. 502 00:38:14,690 --> 00:38:18,510 We loaded so that we get so that we get the connection. 503 00:38:19,830 --> 00:38:20,100 I 504 00:38:23,640 --> 00:38:25,280 so we get it. 505 00:38:25,620 --> 00:38:26,270 OK. 506 00:38:26,550 --> 00:38:30,010 In the war o meter. 507 00:38:30,010 --> 00:38:31,530 So it's good to hear you. 508 00:38:31,560 --> 00:38:38,110 It can get it tied to all quotation mark Q equality. 509 00:38:38,730 --> 00:38:46,590 Let's try to replace the air by this same character that maybe some characters that we have used earlier 510 00:38:46,790 --> 00:38:48,400 in the previous examples. 511 00:38:48,640 --> 00:38:53,220 Why not try and name like Kumar. 512 00:38:53,550 --> 00:39:04,960 Kumar What do you acknowledge excesses equal in right. 513 00:39:05,070 --> 00:39:21,480 We will get this these in the words copy this copy this OK and control X two ways it would aim and send 514 00:39:21,480 --> 00:39:25,040 it to Darwin Peter as we did earlier. 515 00:39:25,870 --> 00:39:32,430 Okay now we're going to pass it again here because so that we can click on go and control V. 516 00:39:32,430 --> 00:39:38,110 And now it can click on Google look you see how it appears. 517 00:39:38,180 --> 00:39:38,750 Okay. 518 00:39:39,380 --> 00:39:48,150 And so now okay let's try to go here and type the payload in the browser to see if it will work 519 00:39:54,700 --> 00:39:59,380 first thing first we got to do you need these a. 520 00:39:59,470 --> 00:40:06,510 And then before that we have to stop on Bourbon Street and decide it's going to 521 00:40:11,430 --> 00:40:17,300 proxy in a number of right. 522 00:40:17,960 --> 00:40:23,180 So now I want to see if it will work. 523 00:40:23,230 --> 00:40:24,660 What you should network. 524 00:40:25,200 --> 00:40:34,440 I screamed oh we have this sweet conduit just eluded 525 00:40:40,300 --> 00:40:43,600 me. 526 00:40:44,140 --> 00:40:46,210 We are not on Internet. 527 00:40:46,210 --> 00:40:46,980 We have changed. 528 00:40:46,990 --> 00:40:48,850 Don't forget it would be cable 529 00:40:51,810 --> 00:40:53,360 network would you. 530 00:40:53,440 --> 00:41:00,030 Ed Okay here on this one change. 531 00:41:01,550 --> 00:41:10,640 Right again a loaded I you need to take shoes again. 532 00:41:15,850 --> 00:41:16,660 Okay. 533 00:41:16,730 --> 00:41:19,180 No no no. 534 00:41:21,520 --> 00:41:22,190 It's off. 535 00:41:22,450 --> 00:41:27,490 So we're going to try to tie it payload to JavaScript payload. 536 00:41:27,490 --> 00:41:30,590 You can type always it first. 537 00:41:31,140 --> 00:41:38,540 Let's check it again let's check it meditate on it. 538 00:41:38,580 --> 00:41:41,750 This new it's called 539 00:41:47,610 --> 00:41:53,930 to here well nothing so you 540 00:41:57,330 --> 00:42:06,080 could and we do the same thing as we did earlier 0 1 do never mind anything. 541 00:42:07,090 --> 00:42:09,380 So we squeak this 542 00:42:12,410 --> 00:42:12,900 one. 543 00:42:13,000 --> 00:42:14,400 It should not work. 544 00:42:14,500 --> 00:42:16,660 Usually it's straight. 545 00:42:16,930 --> 00:42:18,720 You see nothing is. 546 00:42:18,760 --> 00:42:27,850 But it doesn't mean that it is not a normal ethicists attack mode this way of trying to get access or 547 00:42:27,850 --> 00:42:28,910 to make the payload. 548 00:42:28,930 --> 00:42:29,980 It won't work for it. 549 00:42:30,280 --> 00:42:36,110 So now what we gonna do is so what we're going to do. 550 00:42:36,110 --> 00:42:38,970 We have to close the title tag. 551 00:42:39,080 --> 00:42:45,910 We placed the a from the Q You've got a buy the closed tab of title. 552 00:42:45,930 --> 00:42:54,470 Then after the closing time you can take this same deal us good again so that we can find if we if we 553 00:42:54,470 --> 00:42:56,050 will be able to do it. 554 00:42:56,060 --> 00:42:58,460 Okay so we can do it here. 555 00:42:58,580 --> 00:43:11,370 No when I tried to do group that I do try to keep the title I do mentally closing. 556 00:43:11,400 --> 00:43:20,010 Good speed load in new. 557 00:43:20,230 --> 00:43:21,400 Here we are. 558 00:43:21,440 --> 00:43:22,250 Here we are. 559 00:43:22,700 --> 00:43:28,100 So distant now we get we get to exercise attack. 560 00:43:28,130 --> 00:43:38,120 We're on she's loaded the way we get it is first thing first we get the encrypted and encrypted we get 561 00:43:38,210 --> 00:43:45,980 the how the website was encoded when we like click on it and then click on View Source Source page we 562 00:43:45,980 --> 00:43:52,650 see that Dave Parmenter aid was meeting title and then we closed that tag off title first then we injured 563 00:43:52,910 --> 00:43:53,990 or payloads group. 564 00:43:54,290 --> 00:44:00,610 So okay now let's go to some some other examples. 565 00:44:00,880 --> 00:44:08,700 So we just go back and then we can leave here on this link which is this is where we turn. 566 00:44:09,220 --> 00:44:09,840 Okay. 567 00:44:09,910 --> 00:44:17,740 Now what we have to do we could not try to put it on so that we can put it on and go back into Firefox 568 00:44:18,490 --> 00:44:24,960 and we don't shit and so now which route again the connection with decrypted and Firefox. 569 00:44:24,970 --> 00:44:25,360 All right. 570 00:44:25,600 --> 00:44:29,950 So now you are implicated and send it to a beta center. 571 00:44:31,170 --> 00:44:34,960 We're going to go back to go to beta here. 572 00:44:35,050 --> 00:44:36,520 We're going to change the power meter. 573 00:44:37,130 --> 00:44:43,810 So we since we have seen earlier that it is embedded into a team coming. 574 00:44:43,870 --> 00:44:50,040 Now we're going at you we placed the eight Bye bye energy and we're coming. 575 00:44:50,110 --> 00:44:59,390 So the comment of each team is close to these and we have to type the payload now on screen and access 576 00:44:59,760 --> 00:45:03,720 its payload it one two to three. 577 00:45:03,860 --> 00:45:05,050 OK. 578 00:45:05,130 --> 00:45:08,030 And that again. 579 00:45:08,540 --> 00:45:13,460 Now we can click on go see we get it. 580 00:45:13,850 --> 00:45:25,370 So the comment is here now what we can do we can just just copy this copy this alone could be this payload 581 00:45:26,900 --> 00:45:38,260 controversy go back a year to Firefox to put it here Uncle Pete I see the eagle here. 582 00:45:38,650 --> 00:45:41,280 Would you please this a cookie Steve. 583 00:45:41,900 --> 00:45:51,910 Well we had the mistake this was the it before placing you know we get to go back to sweet and. 584 00:45:52,360 --> 00:45:52,990 No no no. 585 00:45:53,350 --> 00:46:00,490 And we have to turn the epoxy both where is it of. 586 00:46:00,660 --> 00:46:01,090 Getting. 587 00:46:01,770 --> 00:46:06,810 So now we can place in order now to see here we are. 588 00:46:06,840 --> 00:46:08,060 Here we are guys. 589 00:46:08,220 --> 00:46:09,340 This is excellent. 590 00:46:09,340 --> 00:46:11,410 This is really excellent. 591 00:46:13,680 --> 00:46:16,310 Thank you so much advice. 592 00:46:16,400 --> 00:46:18,610 This is an advice and quite everything. 593 00:46:18,770 --> 00:46:21,730 After being on we'd better go. 594 00:46:21,920 --> 00:46:27,100 Please read carefully to see how the thing is between the team and buddy. 595 00:46:27,110 --> 00:46:30,570 Let's say if we are in this example and this example. 596 00:46:30,660 --> 00:46:39,890 Be careful to see that in India in walling by any tags in most cases in the waste funds are we are where 597 00:46:39,890 --> 00:46:42,040 we have been in the purpose read. 598 00:46:42,140 --> 00:46:46,460 So we move any takes after the cue equal blah blah blah. 599 00:46:46,670 --> 00:46:47,750 As an example. 600 00:46:47,860 --> 00:46:57,890 Q You call a So we have put it here and then you try always to close what was opening before then after 601 00:46:57,890 --> 00:47:05,670 closing it you can inject your payload we've collected excesses examples never forget to view this disuse 602 00:47:05,690 --> 00:47:13,430 squat as I say it's very important for us if let's say if the E is enveloping it. 603 00:47:13,520 --> 00:47:15,410 Bye bye. 604 00:47:15,650 --> 00:47:27,200 They are common terms like OK let's say if you forget even if it is inverted by this character so try 605 00:47:28,010 --> 00:47:37,110 try to close that character first and then you can inject your scoop always try to close that type of 606 00:47:37,130 --> 00:47:43,220 first that tag first. 607 00:47:43,290 --> 00:47:46,130 Now let's go to a more complex example. 608 00:47:46,560 --> 00:47:47,470 Let's close this gap. 609 00:47:47,910 --> 00:47:48,590 Let's go. 610 00:47:48,900 --> 00:47:52,920 Let's choose here these one. 611 00:47:53,070 --> 00:47:54,150 That's true. 612 00:47:54,700 --> 00:48:07,680 The best entrances get so we can try a to see what kind of stuff we have here. 613 00:48:07,780 --> 00:48:09,720 Do you high. 614 00:48:10,840 --> 00:48:13,180 Each style body or not. 615 00:48:13,210 --> 00:48:13,670 OK. 616 00:48:13,690 --> 00:48:17,280 It's just this one OK. 617 00:48:17,470 --> 00:48:19,710 So let's make boy click. 618 00:48:19,780 --> 00:48:25,710 If you choose to see what kind of meat is embedded in a body in each team. 619 00:48:25,720 --> 00:48:26,650 All right. 620 00:48:26,650 --> 00:48:32,260 So you can close it now are you going to do. 621 00:48:32,630 --> 00:48:38,050 We're going to try to put a burp on so that we get the connection. 622 00:48:38,180 --> 00:48:46,890 I mean the communication you reload Firefox bitch so go back again 623 00:48:50,690 --> 00:48:56,740 so much related okay but we have to do this simple says. 624 00:48:56,850 --> 00:48:58,650 I click and send it to a viewer. 625 00:49:00,780 --> 00:49:04,800 So now go back to beta here. 626 00:49:05,010 --> 00:49:09,480 This is upwind of injecting the commands or the payload. 627 00:49:09,690 --> 00:49:13,460 So let's try to do the same thing again. 628 00:49:13,500 --> 00:49:20,490 You know if you trying to put some characters it we don't want to say to it. 629 00:49:20,690 --> 00:49:27,590 It will not work but you can try to to to insert some characters to see how are we doing. 630 00:49:27,600 --> 00:49:29,530 We are working. 631 00:49:29,610 --> 00:49:30,400 So let's try it. 632 00:49:30,410 --> 00:49:33,310 Doing the same thing you know. 633 00:49:34,700 --> 00:49:37,720 Yeah. 634 00:49:38,630 --> 00:49:55,010 Nash It says this is an equal and security blanket disease Bond is going back it close it again so it 635 00:49:55,010 --> 00:49:59,550 can try to go old enough flaked. 636 00:50:00,680 --> 00:50:07,430 Now we have anyone that you were saying that invalid input content that contains tag or okay. 637 00:50:07,670 --> 00:50:08,870 What does that mean. 638 00:50:09,940 --> 00:50:14,580 It e this is the response to this valley. 639 00:50:14,590 --> 00:50:23,800 This invalid input tells us that this particular website either might contain some firewalls installed 640 00:50:23,890 --> 00:50:28,900 or need or some filters that always trains ask for sending tags. 641 00:50:28,960 --> 00:50:37,780 I mean it has some restrictions so we can try to pull one of tag for example to test the like if we 642 00:50:37,780 --> 00:50:43,420 try to put this this tag so we can try and do to test it. 643 00:50:43,690 --> 00:50:52,540 But what about to put or Xs on payroll or JavaScript payload or JavaScript fail because it does it a 644 00:50:52,540 --> 00:50:54,690 little detached you know. 645 00:50:54,820 --> 00:50:56,720 So content tags. 646 00:50:56,740 --> 00:50:57,940 So it does it tell. 647 00:50:57,950 --> 00:51:01,790 So how can we live how we will be able to these things. 648 00:51:01,810 --> 00:51:05,560 These exist alert and we'll be able to write it. 649 00:51:05,740 --> 00:51:10,700 So we have to finally we have to find a way to make it. 650 00:51:10,720 --> 00:51:14,310 There are many payloads that don't rely on tags. 651 00:51:14,350 --> 00:51:18,960 For example we can use this particular payload and will write it down for you. 652 00:51:19,060 --> 00:51:22,850 So we can have this payload as. 653 00:51:23,710 --> 00:51:24,730 It's easy. 654 00:51:24,760 --> 00:51:25,860 It's kind of a door. 655 00:51:25,960 --> 00:51:39,580 And on load are not equal wrote one to a tweet and that said we can put the space which contained only 656 00:51:39,580 --> 00:51:43,130 one day and execute the javascript immediately. 657 00:51:43,140 --> 00:51:52,280 All right after the word which is loaded so the SS the S of A G means it's capable of being too graphic. 658 00:51:52,300 --> 00:51:52,780 No. 659 00:51:52,960 --> 00:51:53,970 As I said earlier. 660 00:51:54,000 --> 00:52:02,820 So this percentage 20 is an estimate encoded text which is a space which means it's a space. 661 00:52:02,860 --> 00:52:09,360 If you want to continue on your purposes we don't need to use javascript. 662 00:52:10,090 --> 00:52:17,320 So that we type this script script and stuff like that we don't need it because it can contain only 663 00:52:17,440 --> 00:52:19,720 one thing and cosine like that. 664 00:52:19,720 --> 00:52:20,250 All right. 665 00:52:20,260 --> 00:52:30,020 So now let's try to find a way to do to bypass it and then we would try to type. 666 00:52:30,160 --> 00:52:32,940 I wrote one two three four five. 667 00:52:33,280 --> 00:52:33,640 Okay. 668 00:52:34,060 --> 00:52:42,950 And then we put percentage space D which which tells us that it is a space HDMI. 669 00:52:43,000 --> 00:52:43,330 Come on. 670 00:52:43,330 --> 00:52:49,990 If you were to brush it you'd just copy this like dead and pass it into your street and decoded as a 671 00:52:50,080 --> 00:52:52,850 issue music where we see it is a space. 672 00:52:52,990 --> 00:52:53,440 All right. 673 00:52:53,440 --> 00:53:05,090 So now let's go eat and pasted and posted here by removing the a common carrier eat invested here. 674 00:53:05,110 --> 00:53:08,120 Now we're going to try to we load Beijing in two. 675 00:53:08,240 --> 00:53:16,400 We can go on Google or I'll keep it seems good tuples right now. 676 00:53:16,410 --> 00:53:19,750 We're going to send this page to a web post. 677 00:53:20,040 --> 00:53:22,760 We write Craig as we did before what we didn't do it. 678 00:53:22,760 --> 00:53:30,800 This one and then in always you know session all what you can do OK we can compete oh what we can do 679 00:53:30,890 --> 00:53:35,510 we can just first first first make sure that your group sheet anticipates OK. 680 00:53:35,540 --> 00:53:36,340 So it is off. 681 00:53:36,540 --> 00:53:40,870 And then just go there and time this comment. 682 00:53:40,990 --> 00:53:43,700 Beta and type this comment there. 683 00:53:44,220 --> 00:53:44,710 OK. 684 00:53:44,840 --> 00:53:54,340 But as we already check it out so let's do it and post it here and there was another this is it. 685 00:53:54,360 --> 00:53:56,610 Excellent excellent excellent. 686 00:53:56,620 --> 00:54:02,620 So no doubt now guys this is all for this video. 687 00:54:02,680 --> 00:54:06,000 I really think that this video was informative for you all. 688 00:54:06,130 --> 00:54:10,630 And then we are looking forward to seeing you in the next video. 689 00:54:10,630 --> 00:54:11,230 Thank you.