1 00:00:02,550 --> 00:00:04,070 We don't need this anymore. 2 00:00:04,220 --> 00:00:05,530 Let's go to the next challenge. 3 00:00:06,490 --> 00:00:07,360 It's 20. 4 00:00:07,480 --> 00:00:08,230 So you. 5 00:00:11,560 --> 00:00:13,200 Gateless OpenNet. 6 00:00:15,540 --> 00:00:24,730 Kick this time, Derek finally taught that execute his slogan and has asked you to test the to test 7 00:00:24,790 --> 00:00:25,720 its security. 8 00:00:26,710 --> 00:00:27,700 That's a nice joke. 9 00:00:28,360 --> 00:00:31,000 So try to look in as the mean. 10 00:00:31,450 --> 00:00:33,190 You can log in. 11 00:00:33,250 --> 00:00:35,100 As for your water. 12 00:00:35,440 --> 00:00:36,150 Oh, OK. 13 00:00:37,180 --> 00:00:44,930 But first thing first it says was that Duric finally told that he secured his in. 14 00:00:45,760 --> 00:00:54,370 Let's try to check this thing, as we did before, to inspect Element and check network. 15 00:00:55,860 --> 00:01:01,020 And then we freesheet so that we get the information, if BHP finds. 16 00:01:02,290 --> 00:01:03,020 All right. 17 00:01:03,080 --> 00:01:06,860 So let's go up here and check index. 18 00:01:08,670 --> 00:01:08,890 No. 19 00:01:09,330 --> 00:01:10,480 We don't need that. 20 00:01:10,590 --> 00:01:11,210 We will peak. 21 00:01:11,310 --> 00:01:14,210 Okay, so let's see how he encrypted. 22 00:01:14,280 --> 00:01:14,640 Now. 23 00:01:16,560 --> 00:01:17,760 You know what? 24 00:01:17,830 --> 00:01:19,300 Forty seven now. 25 00:01:22,020 --> 00:01:23,600 Massive crowd, frail. 26 00:01:23,910 --> 00:01:27,250 So he used to be here. 27 00:01:27,730 --> 00:01:29,910 Was Far War crowd flow. 28 00:01:30,240 --> 00:01:31,560 Sishen cookies. 29 00:01:32,510 --> 00:01:34,090 Stay tuned. 30 00:01:40,860 --> 00:01:41,980 Say H. 31 00:01:42,190 --> 00:01:44,650 DP on nail care. 32 00:01:46,220 --> 00:01:49,780 Excellent, including Jay-Z defrayed be all. 33 00:01:51,830 --> 00:01:53,270 Will Cain. 34 00:01:55,520 --> 00:01:55,880 Kay. 35 00:01:58,300 --> 00:02:01,690 Scheme it is all right. 36 00:02:01,880 --> 00:02:04,590 So hate to admit you security. 37 00:02:05,470 --> 00:02:05,800 Really? 38 00:02:06,280 --> 00:02:14,190 So now we can do we can try to log in as fire water as it seems to also like fire. 39 00:02:14,320 --> 00:02:15,040 Does that mean. 40 00:02:15,070 --> 00:02:17,730 And then water and then was our. 41 00:02:19,400 --> 00:02:20,210 Let's see. 42 00:02:20,570 --> 00:02:24,980 You are logging in as fire king. 43 00:02:25,190 --> 00:02:27,800 So what do we want to do? 44 00:02:28,490 --> 00:02:30,900 Let's go and check Corky's. 45 00:02:32,690 --> 00:02:36,380 Okay, so you're here as a whole in my. 46 00:02:38,180 --> 00:02:39,830 Now, what we can do? 47 00:02:40,850 --> 00:02:46,160 Let's check this first thing again to see what was the requirement. 48 00:02:48,960 --> 00:02:50,570 To shake your old. 49 00:02:51,580 --> 00:02:59,590 This stage, a secret is sure to try to log in as the main. 50 00:03:00,850 --> 00:03:05,760 O kay, so let's use the cookies again. 51 00:03:06,820 --> 00:03:07,820 Let's stay put. 52 00:03:08,080 --> 00:03:14,480 Let's try to put Doug in here and do like Dad. 53 00:03:14,490 --> 00:03:17,940 We check this out of information. 54 00:03:17,950 --> 00:03:19,060 We get nothing. 55 00:03:20,080 --> 00:03:23,750 So or let's try again to put in this code injection. 56 00:03:23,960 --> 00:03:28,190 Let's say that it's too and not. 57 00:03:29,870 --> 00:03:32,960 Space or meeting space again? 58 00:03:33,020 --> 00:03:35,900 So a score we can do quotes. 59 00:03:36,090 --> 00:03:37,440 Now to Google. 60 00:03:39,340 --> 00:03:40,350 Let's say you hit. 61 00:03:43,430 --> 00:03:45,030 To see what we will get. 62 00:03:46,750 --> 00:03:47,580 And we see it. 63 00:03:47,650 --> 00:03:48,110 Okay. 64 00:03:48,330 --> 00:03:49,290 So. 65 00:03:50,470 --> 00:03:52,390 That's when it all it's. 66 00:03:54,120 --> 00:03:54,690 Well, look. 67 00:03:55,710 --> 00:03:57,870 Why don't you put his hand in the cookie? 68 00:03:58,140 --> 00:04:00,410 You see, it was about DeCourcy. 69 00:04:00,870 --> 00:04:03,780 So congrats, 40 points has been added. 70 00:04:04,180 --> 00:04:06,090 So we don't even need to go there. 71 00:04:06,530 --> 00:04:10,170 OK, because we we will pass this challenge. 72 00:04:10,580 --> 00:04:14,710 OK, so let's close this and let's go. 73 00:04:14,800 --> 00:04:16,190 This we don't need them anymore. 74 00:04:16,860 --> 00:04:19,530 Now, let's look ahead to the next challenge. 75 00:04:20,930 --> 00:04:21,260 Craig. 76 00:04:21,270 --> 00:04:22,730 And then he'll. 77 00:04:26,030 --> 00:04:26,360 Kay. 78 00:04:28,220 --> 00:04:32,030 So we're going to click here to enter the page. 79 00:04:33,200 --> 00:04:39,850 It's this time joik invented antiracist group BHB and M.S. Cure Game. 80 00:04:40,520 --> 00:04:43,470 But he once again failed to secure it. 81 00:04:44,090 --> 00:04:44,360 OK. 82 00:04:44,450 --> 00:04:51,440 So, as usual, the basic things that we are going to do is to see the view, page, source and segment. 83 00:04:52,460 --> 00:04:58,850 And as we grow, so you might have to analyze the code and you analyze it. 84 00:04:58,940 --> 00:05:04,310 And then after that you can go to inspect and to see more stuff. 85 00:05:04,850 --> 00:05:06,530 So put this challenge. 86 00:05:06,720 --> 00:05:12,290 We we are just going to see the content of the network which are here. 87 00:05:12,500 --> 00:05:14,750 So we just refresh the page like that. 88 00:05:16,610 --> 00:05:18,200 And we want. 89 00:05:19,290 --> 00:05:28,230 To see this page headers, to see what kind of information Jerry has now and so we can check it out 90 00:05:28,260 --> 00:05:31,160 old said Cookie Ghitis. 91 00:05:31,220 --> 00:05:33,060 It could be. 92 00:05:34,280 --> 00:05:37,540 So, okay, operate and secure. 93 00:05:37,910 --> 00:05:38,780 We caught one. 94 00:05:39,710 --> 00:05:40,040 All right. 95 00:05:40,290 --> 00:05:43,580 So, gentlemen, have a little bit if not. 96 00:05:43,680 --> 00:05:45,020 But again, the event. 97 00:05:45,200 --> 00:05:49,850 So now let's go in and allege the they first kersting first. 98 00:05:50,360 --> 00:05:57,160 If you want to use in, you can use Duby to fine on the folders. 99 00:05:58,120 --> 00:06:00,680 And this is challenging. 100 00:06:00,680 --> 00:06:02,310 Basic 21 sought to do so. 101 00:06:02,660 --> 00:06:07,530 You just open your terminal and then type dharam like this one Dharam. 102 00:06:07,790 --> 00:06:13,130 And this challenge is anyone and just wait to see. 103 00:06:13,580 --> 00:06:19,760 So we get a page which is secret as we can to take off those so we might get it. 104 00:06:20,090 --> 00:06:23,000 So we might want to open it to see. 105 00:06:23,850 --> 00:06:26,870 So this page is about when we are going to take let's say. 106 00:06:26,960 --> 00:06:27,590 I mean. 107 00:06:28,480 --> 00:06:29,600 I mean there. 108 00:06:30,760 --> 00:06:31,760 So this page. 109 00:06:32,290 --> 00:06:35,860 Bob so your username password didn't that much anyway. 110 00:06:35,970 --> 00:06:36,670 Court in order. 111 00:06:37,460 --> 00:06:46,400 So what we're gonna do, we're gonna try to use it command, which will give us some more information. 112 00:06:46,430 --> 00:06:47,600 So let's go back first. 113 00:06:49,280 --> 00:06:49,830 Goldberg. 114 00:06:50,300 --> 00:06:52,570 And we're going to try discriminant. 115 00:06:52,970 --> 00:06:54,150 Which is interesting, named. 116 00:06:55,370 --> 00:06:57,560 And first thing first. 117 00:07:00,580 --> 00:07:01,320 Here, okay. 118 00:07:02,500 --> 00:07:09,200 So we would have been equal or having one equal to one and and then equal dash, dash. 119 00:07:09,290 --> 00:07:09,870 So what? 120 00:07:10,100 --> 00:07:13,400 Which means that all the worst behind will be ignored. 121 00:07:14,030 --> 00:07:15,810 So we can go on again. 122 00:07:17,060 --> 00:07:20,570 Your username and password did not match any records and so on. 123 00:07:20,570 --> 00:07:21,140 That abates. 124 00:07:21,710 --> 00:07:22,420 All right. 125 00:07:31,780 --> 00:07:33,750 Okay, so click on log in. 126 00:07:33,790 --> 00:07:39,820 But before we have to delete the space or case or no, we're going to take on log in to see. 127 00:07:39,850 --> 00:07:40,880 Or you just listen. 128 00:07:41,530 --> 00:07:41,810 OK. 129 00:07:41,950 --> 00:07:45,580 And now we have a new new message. 130 00:07:46,000 --> 00:07:57,610 New Escorial, you all that says that you called on users I.D. is invalid in this cell, at least because 131 00:07:57,610 --> 00:08:01,300 it is not contained in an aggregate function. 132 00:08:01,330 --> 00:08:02,920 And there is no micros. 133 00:08:03,640 --> 00:08:06,250 OK, here we get some information. 134 00:08:06,280 --> 00:08:11,040 This may be turbo and you might be called on it. 135 00:08:11,340 --> 00:08:14,320 OK, so let's go for Fruita information. 136 00:08:14,770 --> 00:08:17,620 So we have these users, that Aidi. 137 00:08:19,920 --> 00:08:26,370 Since we've just got some information about the Tybalt and some contend so the table is users and then 138 00:08:26,870 --> 00:08:32,160 it column name is 80, we can try to find out much more information about the table. 139 00:08:32,250 --> 00:08:36,930 I mean, so that we can find more more columns to do so. 140 00:08:36,930 --> 00:08:40,940 We are going to use a commons, which is good by then. 141 00:08:41,040 --> 00:08:43,920 So let's go back here and let's go back. 142 00:08:44,950 --> 00:08:50,250 So we have to note that users is the table and I.D. is a clone of the table. 143 00:08:50,640 --> 00:08:59,670 So when we go back here and then instead of having this common single common space of having two equal 144 00:08:59,670 --> 00:09:06,150 to one one, and then we want to try to type group go by. 145 00:09:06,510 --> 00:09:13,080 So the information that we get was the table name users, dot idee. 146 00:09:13,680 --> 00:09:21,000 And then we put space and then we let this comment still late that would dash, dash, dash. 147 00:09:21,060 --> 00:09:23,730 That means it will not everything behind. 148 00:09:23,880 --> 00:09:25,020 So we know that already. 149 00:09:25,050 --> 00:09:26,400 So just was under. 150 00:09:28,580 --> 00:09:29,220 O kay. 151 00:09:29,420 --> 00:09:32,410 Now it's genuine, it's always in you. 152 00:09:32,540 --> 00:09:35,900 You will message, which is call on users. 153 00:09:35,990 --> 00:09:40,420 That username is invalid and deselect least because of that. 154 00:09:41,810 --> 00:09:44,100 Now we get another caller name. 155 00:09:44,530 --> 00:09:45,830 This is still the table. 156 00:09:46,280 --> 00:09:48,480 And then this is under local name. 157 00:09:48,830 --> 00:09:51,710 We can try it out to find more information. 158 00:09:51,830 --> 00:09:53,360 Dissimilarly like we did. 159 00:09:53,740 --> 00:09:58,580 So we will remember the quote unended name is user name. 160 00:09:59,060 --> 00:10:01,310 So we just go back. 161 00:10:04,650 --> 00:10:11,710 So now we still keep going with this and process using good bye, and then we're going to try to put. 162 00:10:11,910 --> 00:10:15,200 Let me move this mouse. 163 00:10:15,360 --> 00:10:18,100 So now we're going to try to put a comma. 164 00:10:18,390 --> 00:10:22,190 And then users the table name that we get. 165 00:10:22,760 --> 00:10:24,900 And that you won't miss Agent Dot. 166 00:10:25,140 --> 00:10:26,450 And then user name. 167 00:10:26,900 --> 00:10:27,650 User name. 168 00:10:27,900 --> 00:10:33,270 So having one equal, one dash dash. 169 00:10:33,360 --> 00:10:33,800 Always. 170 00:10:34,080 --> 00:10:34,910 So we presidenta. 171 00:10:36,120 --> 00:10:41,140 To see now we get your message, which is users the passwords. 172 00:10:41,310 --> 00:10:47,040 So decem that abey's that at least this intimate ending within your column. 173 00:10:47,190 --> 00:10:49,580 So now we are still looking for new cologne. 174 00:10:50,100 --> 00:10:52,380 So let's go back because all member password. 175 00:10:52,490 --> 00:10:52,860 Okay. 176 00:10:54,150 --> 00:10:55,860 So we will not try to. 177 00:10:55,990 --> 00:11:02,550 And now coma and users the Tibaldi name password. 178 00:11:03,410 --> 00:11:08,940 And then also we have space and newquist in order to see if we get more information or can we get one 179 00:11:08,940 --> 00:11:09,510 for missions. 180 00:11:09,590 --> 00:11:16,990 So this is brave, a big capital, a capital D, and we still keep going. 181 00:11:17,370 --> 00:11:18,420 Keep going. 182 00:11:19,740 --> 00:11:22,550 So we gonna go there. 183 00:11:23,210 --> 00:11:23,570 All right. 184 00:11:23,600 --> 00:11:25,400 So Engelbach, you know, push. 185 00:11:26,190 --> 00:11:30,370 We put comma and users datable name. 186 00:11:30,580 --> 00:11:33,920 God, we've a I d. 187 00:11:34,380 --> 00:11:36,140 And then we still post Endor. 188 00:11:36,390 --> 00:11:37,290 Let's check it. 189 00:11:37,410 --> 00:11:37,710 OK. 190 00:11:37,770 --> 00:11:39,690 Everything is void or I think. 191 00:11:39,870 --> 00:11:40,050 OK. 192 00:11:40,170 --> 00:11:40,960 Well it's Masuo Center. 193 00:11:41,040 --> 00:11:43,910 If not we would see o k. 194 00:11:44,160 --> 00:11:45,340 Let's check again. 195 00:11:45,420 --> 00:11:47,010 Deforesting first that we get. 196 00:11:47,790 --> 00:11:49,270 I don't know if I had a mistake. 197 00:11:49,380 --> 00:11:55,770 And uh and the user we've idbi forget our how it was. 198 00:11:55,770 --> 00:12:07,050 We then said he remained so excited barrooms or let's try to use it and try to enter again to see looking 199 00:12:07,320 --> 00:12:07,890 gleave. 200 00:12:08,670 --> 00:12:11,580 So let's just copi eat dirt. 201 00:12:12,570 --> 00:12:15,230 We could be and then you go back here. 202 00:12:17,560 --> 00:12:22,250 And then we just a comma behind it here. 203 00:12:22,550 --> 00:12:23,070 Come on. 204 00:12:24,120 --> 00:12:24,450 Yeah. 205 00:12:24,540 --> 00:12:30,120 And then it's basically just, quote, beaten, just eat here. 206 00:12:30,730 --> 00:12:32,140 So get it. 207 00:12:32,220 --> 00:12:35,870 We think he's owed having one equal one and dash. 208 00:12:35,880 --> 00:12:36,130 Dash. 209 00:12:36,360 --> 00:12:37,010 So, Mr.. 210 00:12:38,660 --> 00:12:45,140 So at this point, we didn't get any new message from the database, which says that the state will 211 00:12:45,140 --> 00:12:48,680 name and colognes but under the dub dub. 212 00:12:49,100 --> 00:12:53,150 That means there are no more colognes in the table. 213 00:12:53,370 --> 00:12:54,530 So what are we gonna do? 214 00:12:55,160 --> 00:13:05,810 We are gonna use now a union select command so that we can extract the information that that is in each 215 00:13:05,810 --> 00:13:08,150 wall of decorum that we have get. 216 00:13:08,480 --> 00:13:14,390 So we have found that there exists two equal Enns and two users. 217 00:13:14,510 --> 00:13:17,970 It was username and password. 218 00:13:18,290 --> 00:13:21,410 And we've idee even the idea as well. 219 00:13:21,650 --> 00:13:22,950 So for colognes. 220 00:13:23,100 --> 00:13:29,830 So now we will use the union said, so that we can extract information in each of these of these Koran's. 221 00:13:30,380 --> 00:13:30,740 Okay. 222 00:13:32,030 --> 00:13:33,140 So let's go back. 223 00:13:36,360 --> 00:13:38,260 Let's go back a gut. 224 00:13:41,600 --> 00:13:50,840 OK, so now we're going to do you and your uncle and let's whisk control a so tight, so leg we day 225 00:13:52,170 --> 00:13:52,860 union 226 00:13:55,360 --> 00:13:58,110 select space. 227 00:13:59,270 --> 00:14:00,160 Me, mom. 228 00:14:02,960 --> 00:14:06,900 I mean, in Long Island, disease, user name I dead. 229 00:14:07,330 --> 00:14:13,340 So there is a user name that that is that can be is user name. 230 00:14:13,600 --> 00:14:14,070 Of course. 231 00:14:16,140 --> 00:14:23,740 So wee wee wee now grows the bone disease and you put coma. 232 00:14:24,630 --> 00:14:26,340 One, one, one. 233 00:14:26,460 --> 00:14:28,320 So do is that we put one on one. 234 00:14:28,350 --> 00:14:29,800 Is that because that we have or. 235 00:14:29,800 --> 00:14:30,930 We did that. 236 00:14:31,310 --> 00:14:32,190 And did tambour. 237 00:14:32,370 --> 00:14:34,080 We have Four Corners. 238 00:14:34,110 --> 00:14:45,060 So since we are trained to do a union day's values, so we use therefore they use it in value as, as 239 00:14:45,180 --> 00:14:46,800 it's a part of the Tibor. 240 00:14:47,760 --> 00:14:49,990 And then so that we report. 241 00:14:50,670 --> 00:14:53,790 So we assume them as new or new in Europe. 242 00:14:54,210 --> 00:14:55,790 So if you want to know which one for me. 243 00:14:55,800 --> 00:14:56,420 Sure about it. 244 00:14:56,430 --> 00:14:57,870 So you can go to decide. 245 00:14:58,590 --> 00:14:59,310 Let me show you. 246 00:15:00,210 --> 00:15:03,300 We can try to find much more information, but just work usual. 247 00:15:03,780 --> 00:15:07,980 So here we will be finding Cologne's with a loose. 248 00:15:07,980 --> 00:15:10,700 Would that type in any escarole injection attack? 249 00:15:11,070 --> 00:15:18,360 The reason for performing in this cruel injection, as we said it is to fight an attack, is to find 250 00:15:18,450 --> 00:15:19,680 much more information. 251 00:15:19,710 --> 00:15:30,390 I mean, if there are some colognes and some some corones in the table to retrieve Deusen from an injected 252 00:15:30,390 --> 00:15:35,490 query, Jan do interesting that I guess you want to which way it will be in stream form. 253 00:15:35,610 --> 00:15:38,700 It might be in an integer form as well. 254 00:15:39,030 --> 00:15:43,780 So you need to find one corones at least into the original crew. 255 00:15:43,850 --> 00:15:49,430 You're always told always that that type is all which is compatible with Distin data. 256 00:15:50,220 --> 00:15:51,780 So having that in mind. 257 00:15:51,840 --> 00:15:52,770 So let's say that. 258 00:15:52,830 --> 00:16:00,150 So you can probe or you can check each call on to test whether it can hold string data by submitting 259 00:16:00,240 --> 00:16:06,090 a series of union select payloads that plays a string value into each column in turns. 260 00:16:06,420 --> 00:16:09,300 So as an example, we have already know that. 261 00:16:10,080 --> 00:16:14,170 Oh, Tibble, it has Falkland's. 262 00:16:14,430 --> 00:16:15,840 So and this base. 263 00:16:15,990 --> 00:16:17,380 So we had the user name. 264 00:16:17,440 --> 00:16:21,300 So first, first we got the I.D. and then the user name and password. 265 00:16:21,360 --> 00:16:22,330 And we've added. 266 00:16:22,680 --> 00:16:28,410 So I mean, we've it was the last Calon that we get. 267 00:16:28,680 --> 00:16:35,470 So to do so, you can just try unions select and then you put one of them here and new éluard newel 268 00:16:35,490 --> 00:16:36,690 value and then dash. 269 00:16:36,690 --> 00:16:37,170 Dash. 270 00:16:37,310 --> 00:16:37,770 We do we. 271 00:16:37,890 --> 00:16:39,690 Which will be ignored the worst of the part. 272 00:16:39,750 --> 00:16:48,810 Or you can just try to contain them to put them in your head here and then a year and so and so and 273 00:16:48,810 --> 00:16:49,050 so on. 274 00:16:50,070 --> 00:16:56,050 So if the data Calon in the data type of economy is not compatible with destroying data. 275 00:16:56,670 --> 00:17:00,860 So the injected query will cause it at least equal. 276 00:17:01,070 --> 00:17:05,940 So China's conversion frails would converting do for value a that type integer? 277 00:17:06,180 --> 00:17:11,160 So let's go into the death of this policy that we can show you or how it works. 278 00:17:11,400 --> 00:17:11,970 Exactly. 279 00:17:13,360 --> 00:17:13,740 Okay. 280 00:17:16,050 --> 00:17:20,540 Okay, so after that, we take from the table name. 281 00:17:20,610 --> 00:17:22,940 So the table name was what was users? 282 00:17:23,730 --> 00:17:24,550 It was ours. 283 00:17:25,340 --> 00:17:25,850 Okay. 284 00:17:26,200 --> 00:17:28,080 We are the user name. 285 00:17:28,410 --> 00:17:30,560 We'll get that you that you have put. 286 00:17:31,240 --> 00:17:40,020 And the bone disease where user name is greater than a single than a single stream. 287 00:17:40,080 --> 00:17:41,450 So we put a a week. 288 00:17:42,090 --> 00:17:44,650 And then we put ups. 289 00:17:45,150 --> 00:17:48,440 We didn't finish with the string yet. 290 00:17:48,450 --> 00:17:50,310 And then by accident we was in there. 291 00:17:50,880 --> 00:17:51,480 So let's go. 292 00:17:51,550 --> 00:17:53,040 Here we are. 293 00:17:53,410 --> 00:17:57,330 We are the streamy where the user name is Grieder. 294 00:17:57,500 --> 00:17:58,860 Dun Dun. 295 00:17:59,030 --> 00:18:00,590 A single stream. 296 00:18:01,500 --> 00:18:05,840 And then so we're going to try to two to ignore dearest. 297 00:18:08,530 --> 00:18:10,220 So then was it good? 298 00:18:10,690 --> 00:18:15,130 What we're focusing on, let's try to verify if a comment is oil, it is OK. 299 00:18:16,370 --> 00:18:21,790 It might be it's not okay because we we've got to put a single quote before the union. 300 00:18:21,850 --> 00:18:22,210 Of course. 301 00:18:22,210 --> 00:18:23,020 Never forget that. 302 00:18:23,350 --> 00:18:24,130 Never forget that. 303 00:18:24,980 --> 00:18:25,300 Okay. 304 00:18:25,380 --> 00:18:31,530 So now we can just put it in order in order to see, you know, the syntax. 305 00:18:31,680 --> 00:18:32,860 A walk on her thing. 306 00:18:33,330 --> 00:18:38,260 VAR Shaa Veeru at main two accord on the data type integer. 307 00:18:38,710 --> 00:18:41,550 Now we knew that there was a name. 308 00:18:41,620 --> 00:18:43,810 Which name is and mean. 309 00:18:44,080 --> 00:18:52,380 So this is exactly that you want recision that we that we show you that we have shown you earlier in 310 00:18:52,420 --> 00:18:53,070 this page. 311 00:18:53,410 --> 00:18:54,550 Let me go back first. 312 00:18:56,070 --> 00:19:02,890 In this page, it's a condition for when Gordon devalue the Russia value, a two debtor type integer. 313 00:19:02,960 --> 00:19:03,660 So quite decent. 314 00:19:04,260 --> 00:19:07,770 Okay, so now what are we gonna do? 315 00:19:08,090 --> 00:19:09,000 So what are we going to do? 316 00:19:09,250 --> 00:19:09,630 We're going to. 317 00:19:10,150 --> 00:19:11,880 Let's come back here. 318 00:19:15,160 --> 00:19:20,350 So the reason that we get the message is because that. 319 00:19:21,760 --> 00:19:28,180 We were trying to put a string in the first call on and then the first call on us. 320 00:19:28,360 --> 00:19:29,310 We have phone. 321 00:19:29,770 --> 00:19:31,630 It was in Nadie. 322 00:19:31,900 --> 00:19:34,660 So they cannot be extreme. 323 00:19:34,960 --> 00:19:37,040 So it should be like an integer. 324 00:19:37,260 --> 00:19:48,280 So, no, let's try to modify disco men's or let's say we wanna put user name use or we can boot something 325 00:19:48,280 --> 00:19:49,120 like. 326 00:19:50,730 --> 00:19:53,100 So let's see, first thing first. 327 00:19:54,360 --> 00:19:58,490 One heel and then he'll boot. 328 00:19:58,750 --> 00:19:59,360 User name. 329 00:20:00,840 --> 00:20:01,270 Okay. 330 00:20:01,650 --> 00:20:06,190 As the second step and then so can center to see what's what's going on. 331 00:20:09,480 --> 00:20:17,680 So we get back to our origin all in one message, which says that it did not in user name password in 332 00:20:17,720 --> 00:20:20,090 that much, any records in a database. 333 00:20:20,370 --> 00:20:21,150 That's perfect. 334 00:20:21,460 --> 00:20:22,550 Well, before continuing. 335 00:20:22,560 --> 00:20:30,360 So let's try to test the first comment at the first union common that we have put to this one. 336 00:20:32,040 --> 00:20:38,070 This one user name might be inside the user name. 337 00:20:38,130 --> 00:20:41,340 And then instead of here, we are trying to get Deewar back. 338 00:20:42,480 --> 00:20:44,220 We bought one. 339 00:20:44,670 --> 00:20:55,100 And then instead of putting just a single string inside, we get a user name and the table already, 340 00:20:55,410 --> 00:20:56,810 which was I. 341 00:20:57,270 --> 00:21:01,770 So we're going to try to put all this so that we can extract more information. 342 00:21:02,100 --> 00:21:03,550 I mean, more user name. 343 00:21:03,690 --> 00:21:04,950 If there are any. 344 00:21:05,350 --> 00:21:07,850 So now we just created. 345 00:21:07,920 --> 00:21:08,810 Check it again. 346 00:21:09,000 --> 00:21:09,420 Presenter. 347 00:21:11,300 --> 00:21:19,220 You see, so we get this same message as we get as we did earlier, because we had a mistake. 348 00:21:20,120 --> 00:21:20,600 Mistake. 349 00:21:20,690 --> 00:21:27,330 We wanted to have mistakes and we see what kind of information or what kind of message that the database 350 00:21:27,600 --> 00:21:29,230 will generate us. 351 00:21:29,690 --> 00:21:37,550 So therefore, we have changed the I.D. to to this string so that we get that one message. 352 00:21:37,670 --> 00:21:39,650 And then after when we did think that. 353 00:21:39,680 --> 00:21:45,830 So we changed to first the first by meter in the call on us one, which is two. 354 00:21:46,070 --> 00:21:50,730 And then this again, might be user name, which is a string. 355 00:21:50,900 --> 00:21:52,830 Let's say password or user name. 356 00:21:52,880 --> 00:21:53,980 And so it's a little one. 357 00:21:54,920 --> 00:21:55,240 Okay. 358 00:21:55,340 --> 00:21:56,150 Now what are going to do? 359 00:21:56,330 --> 00:22:00,920 We can try to extract the information now for a password. 360 00:22:01,160 --> 00:22:07,910 Now we do need to work for the user name anymore because we get it already that there are probably new 361 00:22:07,910 --> 00:22:09,880 user names at the table. 362 00:22:10,400 --> 00:22:14,240 So therefore we will just try to extract the password. 363 00:22:14,660 --> 00:22:21,360 To do so, we will use the same common, but instead of mean instead of meaning long. 364 00:22:21,380 --> 00:22:23,710 So we're going to try to put password. 365 00:22:24,350 --> 00:22:25,970 We don't need this anymore. 366 00:22:26,090 --> 00:22:27,680 We just need a password. 367 00:22:28,170 --> 00:22:30,920 But instead of design, good are done. 368 00:22:31,520 --> 00:22:36,870 I mean the district I mean, because we already know that user name there is admin. 369 00:22:37,160 --> 00:22:42,620 So we should put a net greater or equal at one end and then that's it. 370 00:22:42,650 --> 00:22:44,370 So let's just wait for him before we enter. 371 00:22:45,090 --> 00:22:45,360 OK. 372 00:22:45,900 --> 00:22:49,360 Or the user name is equal admin. 373 00:22:49,520 --> 00:22:49,810 OK. 374 00:22:49,870 --> 00:22:52,340 And then just Eskinder. 375 00:22:54,330 --> 00:23:00,760 All right, so we get a new what message would say to that Syntex, the walk on everything and do show 376 00:23:00,800 --> 00:23:08,770 Vario one to go to court on that day in Darfur or get a D is passed. 377 00:23:08,770 --> 00:23:10,190 Would destroying. 378 00:23:11,350 --> 00:23:18,700 So let's let's COPD because we don't know exactly what it is called be. 379 00:23:19,150 --> 00:23:20,440 Let's move it again. 380 00:23:20,580 --> 00:23:28,710 So Syntex converting the of shock value disvalue to it caught on tape. 381 00:23:30,390 --> 00:23:31,120 Into de. 382 00:23:31,590 --> 00:23:41,520 OK, so we understand as of this might be a buzzword, but it says that it convert destroying into an 383 00:23:41,520 --> 00:23:42,450 integer type. 384 00:23:42,780 --> 00:23:43,890 So that means. 385 00:23:44,190 --> 00:23:54,350 So instead of coding the password here, we can try instead to put one to you, you know, because it's 386 00:23:54,370 --> 00:23:55,050 the 80. 387 00:23:55,200 --> 00:23:57,080 And then we can just put password. 388 00:23:57,180 --> 00:23:58,770 Let's say something like that here. 389 00:23:59,340 --> 00:24:01,770 And so let's try to within two before continuing. 390 00:24:03,090 --> 00:24:08,690 So we get this and you want me said it again, so prefer yes or no less U.S. 391 00:24:10,550 --> 00:24:11,990 The details that we get. 392 00:24:12,110 --> 00:24:17,270 And so let's try to click here and control these two parts of the puzzle. 393 00:24:17,310 --> 00:24:18,560 Bill Gates is there. 394 00:24:19,040 --> 00:24:26,630 So now let's put the user name, which we already know, which has had mean jobs, which is I mean, 395 00:24:26,670 --> 00:24:30,920 and and he was going to bust this. 396 00:24:33,260 --> 00:24:40,490 So he just to see if it will be if it will work or if it is encrypted, but we'll find a way so that 397 00:24:40,540 --> 00:24:41,730 we will agree. 398 00:24:41,920 --> 00:24:44,770 So let's just pause, enter or just click on log in. 399 00:24:46,070 --> 00:24:50,760 Congo at 45 points has been added, so that's good, guys. 400 00:24:50,830 --> 00:24:58,970 So we have used group by comment in the union say comment so that we can fool the database system so 401 00:24:58,970 --> 00:25:02,300 that we can get the more information that we need to push it. 402 00:25:03,240 --> 00:25:05,670 Okay, so let's close this table. 403 00:25:05,750 --> 00:25:09,580 We've got five hundred thirty five points. 404 00:25:10,030 --> 00:25:11,660 So let's go to the next challenge. 405 00:25:12,020 --> 00:25:16,520 We are going to challenge twenty two can.