1 00:00:03,960 --> 00:00:05,490 OK, so let's look at this page. 2 00:00:07,600 --> 00:00:13,070 All right, in everything, we have to check what information that we have. 3 00:00:13,370 --> 00:00:19,740 So like cocaine and then I click on this beach as well so that we can view this rescored. 4 00:00:22,270 --> 00:00:23,710 So squalled on. 5 00:00:25,290 --> 00:00:30,910 If we win this thing in good data or in common, all that you can control. 6 00:00:31,020 --> 00:00:31,480 If. 7 00:00:35,250 --> 00:00:35,970 This. 8 00:00:40,180 --> 00:00:41,830 You don't need to. 9 00:00:41,940 --> 00:00:45,880 So let's still let it here and then we can way. 10 00:00:45,930 --> 00:00:50,280 Click here to see the source code. 11 00:00:50,840 --> 00:00:51,070 OK. 12 00:00:51,390 --> 00:00:58,770 We have some information that he said that the range is our one one two hundred to two hundred thirty 13 00:00:59,040 --> 00:01:01,250 and twenty two ninety one. 14 00:01:01,900 --> 00:01:05,580 This is is that we get this information here. 15 00:01:05,900 --> 00:01:07,830 The following page can only be seen. 16 00:01:07,990 --> 00:01:11,350 You show IP range is the one that is outlawed. 17 00:01:12,030 --> 00:01:15,810 So this information is very useful. 18 00:01:15,870 --> 00:01:16,720 We let it here. 19 00:01:17,400 --> 00:01:19,800 We might close this one for now. 20 00:01:23,060 --> 00:01:23,460 All right. 21 00:01:23,570 --> 00:01:29,060 So as you can see, we are not eligible to see this page because that disparity can only be seen by 22 00:01:29,060 --> 00:01:35,360 people with IP address ranging from 200 to 230 or 22 to 91. 23 00:01:35,900 --> 00:01:37,460 So what we're going to do to be a bore. 24 00:01:37,550 --> 00:01:40,610 So it's just a matter of changing our IP address. 25 00:01:40,700 --> 00:01:48,410 And one of the easiest way to do so is by changing your IP address via a proxy server or any kind of 26 00:01:48,410 --> 00:01:49,870 proxy proxy plugin. 27 00:01:50,120 --> 00:01:53,240 So we are going to install a new program. 28 00:01:53,270 --> 00:01:54,590 So let's go to EXT. 29 00:01:56,540 --> 00:02:01,710 It's then shown here and we go here. 30 00:02:02,280 --> 00:02:06,030 So if you have a quorum, so you can just type the same as me. 31 00:02:06,120 --> 00:02:07,500 You can just follow me step by step. 32 00:02:07,540 --> 00:02:09,180 But if you have Firefox, it doesn't matter. 33 00:02:09,190 --> 00:02:13,380 So I can just try typing proxy server for Firefox. 34 00:02:13,500 --> 00:02:13,870 All right. 35 00:02:19,550 --> 00:02:24,800 Thinks he could be in big clusters if this week in. 36 00:02:27,040 --> 00:02:32,150 OK, so we to condense this one and then we need to come. 37 00:02:35,020 --> 00:02:35,760 Extension. 38 00:02:36,500 --> 00:02:45,020 So before that, we can try to to put it off and check all I.P. address first. 39 00:02:45,980 --> 00:02:47,520 So let's go back here. 40 00:02:48,020 --> 00:02:48,830 Extension. 41 00:02:51,180 --> 00:02:57,380 Luke and Luke put it off first, and then it's visit this website. 42 00:02:57,480 --> 00:03:03,980 What is my or is like these my apologies that come. 43 00:03:06,790 --> 00:03:13,760 And so and at the very beginning, we have to have 200, as it was said in August. 44 00:03:14,320 --> 00:03:16,450 So and now we can go back here. 45 00:03:18,930 --> 00:03:20,070 And don't disturb. 46 00:03:20,170 --> 00:03:23,190 And come here and put it on. 47 00:03:24,150 --> 00:03:30,430 Now we can try to find a VPN proxy, which is ranging from 200. 48 00:03:31,270 --> 00:03:33,660 Let's try to click on it or. 49 00:03:36,110 --> 00:03:37,600 Like clean air. 50 00:03:44,650 --> 00:03:56,170 You can pick here and then change location and try to go in Kennedy and not eat five one four nine. 51 00:03:56,310 --> 00:03:57,130 You don't need it. 52 00:03:58,570 --> 00:03:59,890 Oh, we can go. 53 00:03:59,990 --> 00:04:00,790 It's a joke. 54 00:04:01,480 --> 00:04:02,440 United State. 55 00:04:05,990 --> 00:04:07,520 You can go step by step, very slow. 56 00:04:07,670 --> 00:04:08,600 It's not a problem. 57 00:04:08,990 --> 00:04:10,070 What me as I know. 58 00:04:11,390 --> 00:04:13,350 Argentina might be a good one. 59 00:04:13,430 --> 00:04:14,840 So I can click on Argentina. 60 00:04:17,250 --> 00:04:23,040 And if he's granted so we can choose to see it from here. 61 00:04:25,140 --> 00:04:27,050 June 29. 62 00:04:29,250 --> 00:04:30,170 Okay, now listen. 63 00:04:30,890 --> 00:04:31,630 This bridge. 64 00:05:19,670 --> 00:05:21,150 Let's get right into it. 65 00:05:21,590 --> 00:05:22,770 Inflation is. 66 00:07:08,450 --> 00:07:10,180 Can now, so let's go to the next step. 67 00:07:10,780 --> 00:07:11,330 Next. 68 00:07:12,800 --> 00:07:13,520 Next up, we are. 69 00:07:15,690 --> 00:07:16,110 OK. 70 00:07:18,780 --> 00:07:19,470 Access denied. 71 00:07:19,560 --> 00:07:24,960 You are not allowed to view this page for the following reason, and which is the reason, is that this 72 00:07:24,960 --> 00:07:28,080 page can only be viewed using the operating system. 73 00:07:28,890 --> 00:07:29,880 Hellbound hackers. 74 00:07:30,120 --> 00:07:30,470 Yes. 75 00:07:31,140 --> 00:07:31,560 All right. 76 00:07:31,590 --> 00:07:39,210 So that means we don't have a way to access this siblings since then so we can get rid of this because 77 00:07:40,500 --> 00:07:42,630 it's a very low restriction. 78 00:07:42,810 --> 00:07:46,260 That is not so powerful in the program. 79 00:07:46,260 --> 00:07:48,210 We weren't deprogramming, Leveritt. 80 00:07:50,390 --> 00:07:53,440 They are two steps you can now twist that you can follow. 81 00:07:53,700 --> 00:07:59,480 Either you go and download this operating system, which I don't encourage you to do. 82 00:07:59,870 --> 00:08:05,710 And the second one is to fool the system, how you can do it first thing first as as usual. 83 00:08:05,780 --> 00:08:10,720 So you just check to see if there are anything hidden in a comment that. 84 00:08:11,820 --> 00:08:12,350 Into this. 85 00:08:12,930 --> 00:08:16,370 So seepage code and therefore what? 86 00:08:16,680 --> 00:08:17,420 Let me check it. 87 00:08:17,600 --> 00:08:18,990 Oh, OK. 88 00:08:19,500 --> 00:08:20,130 So nothing. 89 00:08:20,400 --> 00:08:25,830 So therefore, what we're gonna do, we are going to use the same tool as we did earlier for the previews 90 00:08:26,310 --> 00:08:28,800 for a previous lecture. 91 00:08:28,950 --> 00:08:31,710 I think it's the basic tree. 92 00:08:31,740 --> 00:08:32,370 Something like that. 93 00:08:32,370 --> 00:08:35,880 So we're going to use a very well known tool, which is user agent. 94 00:08:35,940 --> 00:08:40,050 So let's go back to oral extension so that we. 95 00:08:41,370 --> 00:08:44,880 So that we activate the extension. 96 00:08:45,970 --> 00:08:46,810 So here it is. 97 00:08:46,900 --> 00:08:49,410 So quickly, let's move it a little bit, Don. 98 00:08:49,580 --> 00:08:52,410 OK, so now we're activated. 99 00:08:52,870 --> 00:08:58,600 Therefore, we're going to equate the exemption we're going to try to make in somehow that we have this 100 00:08:58,600 --> 00:09:05,060 alerting system so we could we right click and then we copy this string and then we go Akao. 101 00:09:06,580 --> 00:09:08,330 And okay. 102 00:09:08,470 --> 00:09:11,930 We see we have called Internet Explorer Iwerks and sentimental. 103 00:09:12,340 --> 00:09:13,690 So this is what we have created. 104 00:09:14,020 --> 00:09:18,990 So now what we can do, we can just click on it and click on auctions. 105 00:09:20,800 --> 00:09:33,720 And I can see her bone, bone or else and here so you pass this train and you pass it to you as well. 106 00:09:34,000 --> 00:09:36,340 And then you just put flag one to it matter. 107 00:09:37,150 --> 00:09:38,430 And then you add. 108 00:09:39,480 --> 00:09:40,030 OK. 109 00:09:40,450 --> 00:09:42,250 So now it has been added here. 110 00:09:42,580 --> 00:09:43,870 So now what we can do. 111 00:09:44,260 --> 00:09:48,300 We can go back here and go here again. 112 00:09:49,360 --> 00:09:52,630 Click on it and try to get it. 113 00:09:53,230 --> 00:09:54,250 Well, we have it. 114 00:09:55,150 --> 00:09:57,310 So here it is. 115 00:09:57,400 --> 00:09:58,630 And then we just click on it. 116 00:09:59,200 --> 00:10:00,180 Now it's up here. 117 00:10:00,640 --> 00:10:07,630 So now we have to click on it so that this system so that the water may get know about it. 118 00:10:08,080 --> 00:10:09,940 So we click on it. 119 00:10:10,330 --> 00:10:12,220 Now, let's wait a little bit. 120 00:10:12,520 --> 00:10:14,060 Congratulations, Jose. 121 00:10:14,500 --> 00:10:21,220 So we do use it, agent switcher, so we can do quite a lot of thing, because when you use this kind 122 00:10:21,220 --> 00:10:26,730 of user agent, you fool, this is then of knowing they will sue. 123 00:10:27,040 --> 00:10:29,650 I mean, do operating wedding system that you will use. 124 00:10:30,130 --> 00:10:33,850 So that's how you can bypass an operating system, some some walls. 125 00:10:34,210 --> 00:10:40,520 If you are going to try something and you don't want to do site databases, then get to know you. 126 00:10:40,570 --> 00:10:47,250 So you can use user agent to bypass this so that they don't know which operating system you use it. 127 00:10:47,930 --> 00:10:48,240 Okay. 128 00:10:48,640 --> 00:10:50,430 So we wish this. 129 00:10:50,710 --> 00:10:52,300 So let's close this up. 130 00:10:53,530 --> 00:10:54,670 Let's go for the next one. 131 00:10:56,990 --> 00:10:59,870 So we are going to click on 12:00. 132 00:11:02,950 --> 00:11:03,590 Oh, right. 133 00:11:04,850 --> 00:11:06,210 Okay, so let's click here. 134 00:11:09,850 --> 00:11:14,110 Find a password for the protected folder and then access it. 135 00:11:14,260 --> 00:11:16,840 So they protected further is this one. 136 00:11:16,870 --> 00:11:19,410 Or it's clickable so we can right. 137 00:11:19,480 --> 00:11:21,840 Click on it and open in a new page. 138 00:11:21,970 --> 00:11:23,680 Or just try to do so. 139 00:11:23,770 --> 00:11:25,030 Like, dad, we just. 140 00:11:25,030 --> 00:11:25,200 We. 141 00:11:25,370 --> 00:11:25,550 OK. 142 00:11:25,720 --> 00:11:26,530 So come back. 143 00:11:29,880 --> 00:11:30,160 OK. 144 00:11:30,550 --> 00:11:31,220 It was the same. 145 00:11:31,960 --> 00:11:36,380 So as usual, we can click and try to really source code. 146 00:11:38,350 --> 00:11:43,310 Now, an emboldened gay and lesbian comeback. 147 00:11:43,670 --> 00:11:50,320 You enjoy to view this source code as usual. 148 00:11:50,410 --> 00:11:52,230 You know what you are trying to say. 149 00:11:53,140 --> 00:12:01,690 You were trying to see some comment or some encrypted digs in a comment on such stuff like that. 150 00:12:02,260 --> 00:12:07,140 Some P.H. becoming even if we can see some peace before. 151 00:12:07,240 --> 00:12:14,950 But sometimes we might we might see some some critical meinzer or some type of comment. 152 00:12:15,070 --> 00:12:18,730 So let's try again. 153 00:12:19,060 --> 00:12:19,480 Nothing. 154 00:12:21,400 --> 00:12:31,420 So what we can do is find a password for the protected for there so we can use durable to generate all 155 00:12:31,510 --> 00:12:40,870 the directories, which is inside dist this path, so we can just copy it and try to use burp to find 156 00:12:40,870 --> 00:12:41,170 it. 157 00:12:41,710 --> 00:12:46,420 So obviously we will have we will find this kind of folder inside. 158 00:12:46,660 --> 00:12:51,910 But the thing is that we be able to click onto it so we will not be able because it's protected. 159 00:12:52,390 --> 00:12:53,590 So but never mind. 160 00:12:53,610 --> 00:13:05,080 Let's go here and then we can type durable and we plus posted here and then this started. 161 00:13:05,800 --> 00:13:06,120 Okay. 162 00:13:07,460 --> 00:13:16,580 So what we can see that this page is natural as well as all the pages, because it's not only the page 163 00:13:16,640 --> 00:13:18,160 is ending, isn't it? 164 00:13:18,360 --> 00:13:19,540 And that's the PDB. 165 00:13:19,580 --> 00:13:23,030 But it has something here that is important. 166 00:13:23,060 --> 00:13:25,840 Challenge and DOT challenges that BHB. 167 00:13:26,630 --> 00:13:31,630 What if we say that we are going to take protected the passage. 168 00:13:32,060 --> 00:13:33,380 Just to see that. 169 00:13:33,620 --> 00:13:35,900 Let me do it like that. 170 00:13:36,410 --> 00:13:38,930 Protected and then hypocenter. 171 00:13:41,020 --> 00:13:42,660 Okay, so we've got a new truck. 172 00:13:43,020 --> 00:13:47,250 You own do h work, but we have remitted defiles you can include. 173 00:13:47,340 --> 00:13:48,120 So keep trying. 174 00:13:48,540 --> 00:13:48,870 All right. 175 00:13:48,900 --> 00:13:55,470 So keep them trying so we could hear again and we will analyze the code. 176 00:13:57,420 --> 00:14:00,360 So you will check the code first. 177 00:14:01,470 --> 00:14:01,960 Okay. 178 00:14:02,130 --> 00:14:02,660 Oh. 179 00:14:02,940 --> 00:14:07,050 It seems that we have ordered these get before the name. 180 00:14:07,170 --> 00:14:08,960 You OK? 181 00:14:09,090 --> 00:14:09,690 What I did. 182 00:14:09,900 --> 00:14:10,290 Good. 183 00:14:10,660 --> 00:14:11,880 So let's come back here. 184 00:14:11,940 --> 00:14:12,770 Meanwhile. 185 00:14:14,340 --> 00:14:19,150 OK, so let's say that we don't want to type this after the. 186 00:14:19,790 --> 00:14:21,180 We are going to David. 187 00:14:22,100 --> 00:14:24,920 See this kind of thing. 188 00:14:24,980 --> 00:14:27,330 It would get us blah blah. 189 00:14:31,050 --> 00:14:31,320 OK. 190 00:14:31,480 --> 00:14:34,720 They same the same thing here appears. 191 00:14:34,890 --> 00:14:37,550 So let's try to put one. 192 00:14:39,160 --> 00:14:40,120 Something like that. 193 00:14:42,470 --> 00:14:42,980 Okay. 194 00:14:44,200 --> 00:14:50,470 So what we can do, therefore, since we got a folder here. 195 00:14:51,250 --> 00:15:01,230 Let's say that we wouldn't put it as challenge, we would put a folder named Protected An. 196 00:15:02,970 --> 00:15:08,010 What can we do, we can try to see something first. 197 00:15:12,320 --> 00:15:12,770 So. 198 00:15:14,630 --> 00:15:18,770 Our task was about let's keep trying. 199 00:15:19,190 --> 00:15:20,790 Let's check order begin. 200 00:15:23,160 --> 00:15:26,160 We'll have phone, so fire this there. 201 00:15:27,090 --> 00:15:37,780 So instead of waiting this, let me check again this beach to access. 202 00:15:43,180 --> 00:15:44,500 H.T. excess. 203 00:15:47,820 --> 00:15:48,730 Insists. 204 00:15:50,340 --> 00:15:55,050 Let me check this in things they have in Beijing. 205 00:15:56,160 --> 00:16:04,080 Equal age range that exists. 206 00:16:07,420 --> 00:16:09,990 No kid might then be this. 207 00:16:13,140 --> 00:16:18,390 Import protected slash 88 axis. 208 00:16:20,210 --> 00:16:26,380 OK, so auto type, basic auto restricted. 209 00:16:26,450 --> 00:16:26,970 Oh yeah. 210 00:16:27,080 --> 00:16:30,200 Or to use a inch deep buzzword. 211 00:16:32,330 --> 00:16:42,500 Let's call this Kopi and instead of access it here. 212 00:16:47,220 --> 00:16:48,870 First presenter. 213 00:16:51,290 --> 00:16:56,740 Good train ups see way to do. 214 00:16:59,740 --> 00:17:00,170 OK. 215 00:17:00,270 --> 00:17:01,870 So we have found something, guys. 216 00:17:02,670 --> 00:17:07,660 This is how the queen Seans will appear. 217 00:17:07,860 --> 00:17:12,330 So user and password diskless, what we can try it out. 218 00:17:12,360 --> 00:17:14,600 But it seems to be encrypted, but never mind. 219 00:17:14,610 --> 00:17:17,760 So we are going to try it out first if it's not encrypted. 220 00:17:18,060 --> 00:17:19,070 If it is the plain text. 221 00:17:19,070 --> 00:17:19,430 So. 222 00:17:19,810 --> 00:17:20,550 So we will get it. 223 00:17:20,580 --> 00:17:23,700 But if it is encrypted, we have to find a way to decrypt it. 224 00:17:24,210 --> 00:17:24,530 OK. 225 00:17:26,100 --> 00:17:29,370 So now what we're gonna do, we gonna just try to copy D. 226 00:17:29,490 --> 00:17:33,740 D code because we don't know how it is encrypted or hacked. 227 00:17:34,080 --> 00:17:44,600 So we are going to try to see what type of what type of of a hash it has been hashed. 228 00:17:44,970 --> 00:17:50,310 So let's try to open a new terminal, my wide clicking here. 229 00:17:50,550 --> 00:17:56,880 And so you will just copy that and make sure we copy. 230 00:17:59,390 --> 00:18:01,330 And heal on colorant. 231 00:18:02,050 --> 00:18:03,170 So we have a tool. 232 00:18:03,430 --> 00:18:04,000 It is. 233 00:18:04,510 --> 00:18:12,700 It comes with kind of uniquely these harshly hash identifiers so we can type attach a hash identifier, 234 00:18:12,760 --> 00:18:13,370 90 percent earth. 235 00:18:14,420 --> 00:18:24,170 Okay, so now you're going to pass the dash text, which you have compiled earlier and invested here. 236 00:18:25,840 --> 00:18:32,950 So it gives us some probabilities that it has been in court and we'd dish D. 237 00:18:33,030 --> 00:18:37,210 E s this hash looking. 238 00:18:37,380 --> 00:18:46,860 And so now what we can do, we can just try try to do quite defile and then blast decent code. 239 00:18:47,340 --> 00:18:53,590 I mean, dissin hatched takes incited so that we can try a brute force that that quote you should know 240 00:18:53,590 --> 00:18:58,530 yet that we will use additional we attack because we will use Yunta, Reaper, John Doe, Reaper. 241 00:18:58,990 --> 00:19:01,470 He's a very well known tool in cutting next. 242 00:19:02,020 --> 00:19:08,470 I can say even it's the most well-known tool for apprentice testers when you are going to attack. 243 00:19:08,810 --> 00:19:18,370 So when you are going to quack or to do quack's on password's so that you get the plane takes off of 244 00:19:18,370 --> 00:19:20,370 some password's, it's very well known. 245 00:19:20,860 --> 00:19:24,650 So what we can do so can just cross it. 246 00:19:24,990 --> 00:19:34,670 And then now what we can do, we can create enough new takes fire so it'll be equated in a home fortress. 247 00:19:34,750 --> 00:19:35,410 It doesn't matter. 248 00:19:36,340 --> 00:19:39,880 So first thing for us, this charge is if we have some fire, it is already there. 249 00:19:39,950 --> 00:19:40,350 Okay. 250 00:19:41,750 --> 00:19:42,540 Okay, nothing. 251 00:19:42,800 --> 00:19:46,750 Okay, so we can create a fire and bust this code there. 252 00:19:47,050 --> 00:19:48,530 Let's say, John. 253 00:19:49,720 --> 00:19:50,690 So great. 254 00:19:51,520 --> 00:19:54,490 We can do is equal to plus there, but it doesn't matter. 255 00:19:54,520 --> 00:19:57,720 So we can just copy and paste it here. 256 00:19:57,760 --> 00:19:58,620 Control beat. 257 00:19:59,150 --> 00:19:59,480 Okay. 258 00:19:59,520 --> 00:20:00,640 And save. 259 00:20:01,660 --> 00:20:03,990 Now we will use John. 260 00:20:04,270 --> 00:20:13,210 We prove to attack this fire, to crack it because we don't know what kind of encrypted text it has. 261 00:20:13,990 --> 00:20:15,140 We don't know how to. 262 00:20:16,420 --> 00:20:17,690 What is the plane takes? 263 00:20:17,830 --> 00:20:18,360 It has. 264 00:20:18,410 --> 00:20:20,130 We are going to try to find it out. 265 00:20:20,240 --> 00:20:22,230 So to do so, we are going to do two to. 266 00:20:22,520 --> 00:20:23,470 John the Ripper. 267 00:20:23,720 --> 00:20:25,960 He was John just this time. 268 00:20:26,860 --> 00:20:29,480 And then we used the word lease there, Woodley's. 269 00:20:29,530 --> 00:20:32,890 We are going to use a who is walk you. 270 00:20:33,390 --> 00:20:34,870 You have it on your calendar needs. 271 00:20:35,030 --> 00:20:37,120 What if not, we can just go and downloaded. 272 00:20:37,500 --> 00:20:43,590 I will try to show you where it is located, mainly on New Jersey and Sheryl. 273 00:20:45,050 --> 00:20:48,610 So who would lease that choice to go? 274 00:20:49,900 --> 00:20:50,380 Would lease. 275 00:20:50,380 --> 00:20:51,130 Would lease. 276 00:20:51,580 --> 00:20:51,900 OK. 277 00:20:52,000 --> 00:20:58,740 This one lucky if you have escaped. 278 00:20:59,320 --> 00:21:00,350 So you can just wait. 279 00:21:00,400 --> 00:21:04,510 Click and extract it here so that you have this fight. 280 00:21:04,600 --> 00:21:06,220 So we have it here. 281 00:21:06,580 --> 00:21:21,490 So now we can just try to type with lease or at least dash dash quigley's equal and a path share and 282 00:21:21,490 --> 00:21:24,160 or at least we'd least. 283 00:21:24,300 --> 00:21:26,670 Or at least. 284 00:21:27,040 --> 00:21:27,320 Yeah. 285 00:21:28,060 --> 00:21:31,450 And or on that dxp. 286 00:21:33,410 --> 00:21:34,070 It's not enough. 287 00:21:34,370 --> 00:21:43,390 So now that, you know, we find we are going to attack this with this fire is the John that we have 288 00:21:43,400 --> 00:21:44,840 just created earlier. 289 00:21:45,320 --> 00:21:49,580 Now we can just die G and Deb, what can we have it? 290 00:21:50,040 --> 00:21:51,800 And then it was under your seat. 291 00:21:52,280 --> 00:21:53,470 And it's pretty tough, Siggins. 292 00:21:53,750 --> 00:21:55,220 We have the password encrypted. 293 00:21:55,700 --> 00:22:01,970 So now we are going to see how we can use this umbrella to test it out. 294 00:22:02,420 --> 00:22:08,570 First and first, I'm going to show you a trick on when you are using John. 295 00:22:08,570 --> 00:22:15,740 And we don't do we were never quite the same password at it tries. 296 00:22:16,200 --> 00:22:22,090 So if you try to put too click on our up and then you will see, OK. 297 00:22:22,400 --> 00:22:23,330 I would try it again. 298 00:22:23,420 --> 00:22:27,740 And then you just type press enter like that, you see. 299 00:22:28,040 --> 00:22:28,860 You will get anywhere. 300 00:22:29,300 --> 00:22:35,360 That's because, John, do we already save this file in Joe on folders. 301 00:22:35,470 --> 00:22:36,280 John Folders. 302 00:22:36,650 --> 00:22:37,670 You might get it. 303 00:22:37,730 --> 00:22:38,750 Here it is. 304 00:22:38,800 --> 00:22:42,590 As you want to get it here to home. 305 00:22:44,340 --> 00:22:52,000 It's Akin then your pest control h to see all the heat and fires and look for John, something like 306 00:22:52,000 --> 00:22:52,120 that. 307 00:22:52,150 --> 00:22:52,320 OK. 308 00:22:52,470 --> 00:22:53,170 So we have it here. 309 00:22:53,500 --> 00:22:55,980 Double click it d file. 310 00:22:56,080 --> 00:22:57,250 It is hatched there. 311 00:22:57,640 --> 00:22:58,870 So let me show you. 312 00:22:59,450 --> 00:23:02,770 You will see the hash that you see on Twitter. 313 00:23:03,130 --> 00:23:07,330 So now let's just try to clear everything and save it. 314 00:23:08,540 --> 00:23:14,480 OK, we say it now because everything again to come back here, we just missed our up and present. 315 00:23:15,460 --> 00:23:15,830 You see. 316 00:23:16,000 --> 00:23:16,600 Excellent. 317 00:23:16,720 --> 00:23:18,950 And then you see some pop up was you. 318 00:23:19,240 --> 00:23:22,600 That means the umbrella is no Ethan in this fight. 319 00:23:22,930 --> 00:23:24,720 So that's how you might use gender. 320 00:23:25,330 --> 00:23:30,370 OK, so let's go to Ortez because we have a print X password, so we're going to pass it here so that 321 00:23:30,370 --> 00:23:33,610 we can get some new points. 322 00:23:33,740 --> 00:23:34,140 All right. 323 00:23:36,400 --> 00:23:36,640 OK. 324 00:23:36,730 --> 00:23:39,220 So now let's open or Firefox. 325 00:23:42,280 --> 00:23:43,960 Who was these studies was on? 326 00:23:44,020 --> 00:23:46,480 Because we have too many applications which out. 327 00:23:46,770 --> 00:23:48,320 And so let's close. 328 00:23:48,360 --> 00:23:53,290 Call in the news and then let's we OpenNet let's call this a team like that. 329 00:23:53,400 --> 00:23:56,170 And we really don't want to save any state from now. 330 00:23:57,520 --> 00:23:57,910 All right. 331 00:23:57,940 --> 00:24:00,250 And they've actually gone out with Bennett. 332 00:24:01,840 --> 00:24:05,160 So let's we open it here. 333 00:24:30,890 --> 00:24:31,620 No, it doesn't. 334 00:24:31,650 --> 00:24:32,040 No, it. 335 00:24:46,940 --> 00:24:47,350 Should. 336 00:25:01,350 --> 00:25:02,210 We are in. 337 00:25:04,890 --> 00:25:05,700 So. 338 00:25:09,210 --> 00:25:10,990 It's about Firefox. 339 00:25:11,380 --> 00:25:15,450 First thing first you've got to open it terminal because you need. 340 00:25:18,470 --> 00:25:19,850 You need to go, go, go. 341 00:25:20,600 --> 00:25:21,580 The danger of a war. 342 00:25:24,050 --> 00:25:24,700 Stable. 343 00:25:27,140 --> 00:25:32,130 No sandbox, no books wasn't. 344 00:25:33,860 --> 00:25:35,960 So that we launch, we will go on. 345 00:25:38,220 --> 00:25:39,700 Well, we stole. 346 00:25:45,210 --> 00:25:50,100 So I'm gonna get to open warfare folks as well, because we need. 347 00:25:53,780 --> 00:25:57,540 So let's try and do two reloaded because we are here. 348 00:25:57,560 --> 00:26:00,590 I think this decision is expiratory. 349 00:26:01,010 --> 00:26:01,700 Let's try. 350 00:26:02,030 --> 00:26:02,220 OK. 351 00:26:02,270 --> 00:26:03,050 So we are staying here. 352 00:26:03,800 --> 00:26:04,250 That's good. 353 00:26:04,790 --> 00:26:05,180 All right. 354 00:26:05,540 --> 00:26:07,310 Can we just move for a shade to see? 355 00:26:08,840 --> 00:26:09,950 OK, so we still here. 356 00:26:10,440 --> 00:26:12,870 And so we we didn't log automatically. 357 00:26:13,500 --> 00:26:15,290 So let's open Firefox. 358 00:26:21,900 --> 00:26:23,200 And it's open for folks. 359 00:26:26,160 --> 00:26:27,810 So let's check here. 360 00:26:28,170 --> 00:26:30,460 Bone and bone. 361 00:26:31,980 --> 00:26:35,390 So let's get it first so that we can proceed to the report. 362 00:26:35,540 --> 00:26:35,970 Twelve. 363 00:26:37,410 --> 00:26:46,520 So anything it's going to. 364 00:26:56,010 --> 00:26:56,270 Plus. 365 00:27:04,710 --> 00:27:04,860 OK. 366 00:27:05,370 --> 00:27:06,270 So we got him. 367 00:27:08,010 --> 00:27:10,060 Let's go to the challenge. 368 00:27:14,380 --> 00:27:15,520 Both twins. 369 00:27:20,370 --> 00:27:22,980 We double click and I click on it, 370 00:27:25,930 --> 00:27:26,940 open it up. 371 00:27:27,480 --> 00:27:27,780 So. 372 00:27:31,850 --> 00:27:32,970 So let's check out. 373 00:27:35,020 --> 00:27:41,110 OK, so the user was user and the password was kind of on board. 374 00:27:41,230 --> 00:27:50,290 I remember on well, let's put it here for us so that we can just copy and Puzey Willa and. 375 00:27:55,520 --> 00:27:59,470 Just got caught in it here. 376 00:28:02,000 --> 00:28:02,750 Let's eat. 377 00:28:03,080 --> 00:28:05,880 You okay? 378 00:28:07,090 --> 00:28:08,830 Ethics or not, inside the system? 379 00:28:09,840 --> 00:28:11,790 Now looking just shouldn't despite all 380 00:28:16,030 --> 00:28:17,020 the signs you can see. 381 00:28:17,100 --> 00:28:21,340 Guys, let me go here and try to finish this. 382 00:28:21,940 --> 00:28:29,050 I have two seven five blind and lets me flush it, you see. 383 00:28:29,990 --> 00:28:30,480 OK. 384 00:28:31,560 --> 00:28:35,320 So Congress 30 point has been added. 385 00:28:35,380 --> 00:28:37,300 Now we have to get to five points. 386 00:28:37,380 --> 00:28:37,590 OK. 387 00:28:38,020 --> 00:28:40,210 So let's proceed to the next step. 388 00:28:41,060 --> 00:28:43,720 Then next challenge. 389 00:28:47,710 --> 00:28:49,690 OK, so that's close Firefox. 390 00:28:49,770 --> 00:28:50,680 You don't need it anymore. 391 00:28:51,610 --> 00:28:56,060 If bugs and we needed so little, we'll need to get. 392 00:29:01,750 --> 00:29:03,850 We don't need this one. 393 00:29:06,260 --> 00:29:09,340 Just just try to test again. 394 00:29:09,700 --> 00:29:14,350 Oh, Google comes in books and books and an umbrella. 395 00:29:18,880 --> 00:29:20,170 Just got it. 396 00:29:23,340 --> 00:29:28,330 Got busted here in something. 397 00:29:30,120 --> 00:29:35,240 To hear how it goes on, you would think he would see it kind of so because we are we are. 398 00:29:35,760 --> 00:29:38,060 You already beat this. 399 00:29:38,260 --> 00:29:40,000 OK, so that's good. 400 00:29:40,050 --> 00:29:47,790 These two Dysport know basic Web hacking, everything so long as George. 401 00:29:48,950 --> 00:29:54,770 Now, we already see that there is a user name, which name is George. 402 00:29:55,520 --> 00:29:56,960 So let's try to click here. 403 00:29:57,140 --> 00:29:58,050 We have Frank. 404 00:29:58,250 --> 00:29:59,040 We have Johnny. 405 00:29:59,070 --> 00:29:59,830 We have now. 406 00:29:59,840 --> 00:30:00,680 We have Jessica. 407 00:30:01,610 --> 00:30:05,990 And now we have the logging system as the first thing, as the basic things. 408 00:30:06,320 --> 00:30:10,700 What we have to do, we have Dwight Creek and producer Scott. 409 00:30:12,930 --> 00:30:21,270 Now we want to analyze this code to find if you have some encrypted text in in some comment or so future 410 00:30:21,480 --> 00:30:26,810 P code, even if we could use it, and that's it. 411 00:30:27,260 --> 00:30:36,370 So often and so often you would probably you might see some some obscure comment. 412 00:30:36,620 --> 00:30:39,080 So let's just try to score it on. 413 00:30:43,800 --> 00:30:45,670 Let's try to score alone. 414 00:30:45,930 --> 00:30:46,170 Yeah. 415 00:30:47,730 --> 00:30:54,230 Swore to nothing, at least nothing. 416 00:30:57,440 --> 00:30:57,910 System. 417 00:30:58,430 --> 00:30:58,970 Let's go. 418 00:30:59,840 --> 00:31:03,380 So you probably see nothing here. 419 00:31:03,650 --> 00:31:06,370 So let's just Crozet, know what we are going to do. 420 00:31:06,380 --> 00:31:12,060 We are going to try to click on log in to see something so you can log in. 421 00:31:13,700 --> 00:31:15,920 You did not logging as a judge. 422 00:31:15,950 --> 00:31:17,140 Please try and see. 423 00:31:17,720 --> 00:31:19,360 So let's try Johnny. 424 00:31:21,100 --> 00:31:21,760 It can. 425 00:31:21,860 --> 00:31:23,750 You did not begin as a judge. 426 00:31:23,900 --> 00:31:29,060 Please try again, because this system knows that we have to be low getting as a judge. 427 00:31:29,450 --> 00:31:31,800 So let's go to the steps required. 428 00:31:32,400 --> 00:31:34,060 Let's go to the required step now. 429 00:31:35,150 --> 00:31:35,490 OK. 430 00:31:35,540 --> 00:31:40,670 So now what we can do, we can just try to go low again as they show you or your. 431 00:31:40,730 --> 00:31:43,290 And then we did not recognize Judge. 432 00:31:43,640 --> 00:31:51,560 So you little white cleek and not on your page source anymore because we didn't find any encrypted text 433 00:31:51,620 --> 00:31:54,760 or any useful information in some commented. 434 00:31:54,920 --> 00:31:55,560 Oh yes. 435 00:31:55,670 --> 00:32:05,670 So we I went to change some data by clicking on a suspect case or it's Troy to see or get it. 436 00:32:05,800 --> 00:32:08,090 Is this Monde's or destroy the good one? 437 00:32:09,520 --> 00:32:11,010 Frank, I'm Frank. 438 00:32:11,300 --> 00:32:12,550 Let's try to go down. 439 00:32:13,610 --> 00:32:17,000 We have to modify that Frank to George Gates. 440 00:32:18,060 --> 00:32:19,630 So get it. 441 00:32:19,840 --> 00:32:23,990 So this is shoosh it. 442 00:32:33,700 --> 00:32:37,120 OK, so no, let's see. 443 00:32:37,210 --> 00:32:39,400 So we have a value option, value, Frank. 444 00:32:39,580 --> 00:32:42,000 Frank, Johnny, Johnny and nine. 445 00:32:42,180 --> 00:32:42,860 I'm just excited to go. 446 00:32:43,990 --> 00:32:45,680 Jessica DiCicco. 447 00:32:46,150 --> 00:32:50,900 So now let's try to change, defining or destroy to change or not. 448 00:32:51,400 --> 00:32:52,210 So it doesn't matter. 449 00:32:56,340 --> 00:33:00,100 Well, Craig and is so we can just edit as we roots. 450 00:33:01,680 --> 00:33:04,610 Okay, so George G. 451 00:33:08,870 --> 00:33:09,410 G. 452 00:33:10,160 --> 00:33:10,490 E. 453 00:33:10,790 --> 00:33:13,340 Or g.P we thought. 454 00:33:13,820 --> 00:33:19,700 Okay, without s and then we can try to change this and not to judge again. 455 00:33:21,510 --> 00:33:22,040 All right. 456 00:33:24,580 --> 00:33:24,890 OK. 457 00:33:25,270 --> 00:33:26,880 So who is Georgie? 458 00:33:27,100 --> 00:33:27,640 George. 459 00:33:27,730 --> 00:33:28,780 So let's try. 460 00:33:29,860 --> 00:33:37,930 Let's try to Doug here, here, like that case and we on another. 461 00:33:40,150 --> 00:33:43,850 Now, I know yours, George. 462 00:33:44,130 --> 00:33:49,380 OK, so now let's try to on Log-in, because that is not there anymore. 463 00:33:49,770 --> 00:33:50,790 So we can you. 464 00:33:51,780 --> 00:33:52,950 Congratulations. 465 00:33:53,040 --> 00:33:55,050 Anything 10 points has been added. 466 00:33:55,680 --> 00:34:00,260 OK, so let's close this now again. 467 00:34:01,130 --> 00:34:07,980 These things and we're wondering next step forward in the next challenge. 468 00:34:08,930 --> 00:34:14,660 So Kim Beazley, challenge 14, I mean, logging password summit. 469 00:34:15,510 --> 00:34:17,000 We can see that a little bit. 470 00:34:17,000 --> 00:34:19,950 Probably that there was an admin. 471 00:34:20,010 --> 00:34:21,150 So but we don't know yet. 472 00:34:21,720 --> 00:34:24,670 It's just not going I think is is below. 473 00:34:24,870 --> 00:34:27,900 And so it's as within as the basic things. 474 00:34:27,990 --> 00:34:34,680 We are just going to page six or so before analysing this code. 475 00:34:34,740 --> 00:34:41,040 Let's try to see if this page is we'll know it all the steroid injection. 476 00:34:41,780 --> 00:34:43,950 So let's take a look here. 477 00:34:43,950 --> 00:34:52,770 We are going to put it all in the middle of the courts so we type on space. 478 00:34:55,990 --> 00:34:58,750 First east now or in the middle. 479 00:34:58,870 --> 00:35:00,940 And is like that. 480 00:35:01,080 --> 00:35:03,110 So it's Munish, one good one. 481 00:35:03,210 --> 00:35:04,580 So destroyed. 482 00:35:06,110 --> 00:35:06,830 So meant. 483 00:35:10,060 --> 00:35:16,840 So we've got to be that doing logging, because if we are refresh. 484 00:35:19,010 --> 00:35:20,670 Some some wine. 485 00:35:20,760 --> 00:35:23,440 So we get Mawgoud. 486 00:35:24,060 --> 00:35:24,630 So 487 00:35:32,130 --> 00:35:32,730 Saloon's. 488 00:35:34,970 --> 00:35:37,020 OK, so where have we been? 489 00:35:38,390 --> 00:35:38,860 14. 490 00:35:40,500 --> 00:35:41,630 So this book. 491 00:35:43,380 --> 00:35:43,980 And MLK. 492 00:35:44,090 --> 00:35:45,980 Well, listen, we still made it up. 493 00:35:48,180 --> 00:35:50,370 To see inquired pass would try again. 494 00:35:50,430 --> 00:35:55,080 So it's kind of, you know, what a disgruntled Egyptian soldier, what we can do, we can just drive 495 00:35:55,080 --> 00:36:01,920 to go and analyze this code to see if we have so much encoded, encrypted or. 496 00:36:03,390 --> 00:36:05,840 Ticks, which are in a comment. 497 00:36:06,950 --> 00:36:14,410 So as a border wall, it's called out on it, which if it means. 498 00:36:16,110 --> 00:36:16,540 Check. 499 00:36:16,610 --> 00:36:17,390 New password. 500 00:36:17,400 --> 00:36:19,300 I mean, the text for the new password. 501 00:36:20,080 --> 00:36:22,450 So let's just copy this. 502 00:36:26,270 --> 00:36:29,830 Plus, stayed behind. 503 00:36:31,350 --> 00:36:36,320 Behind this, we were see your case. 504 00:36:36,530 --> 00:36:37,370 This is the path. 505 00:36:37,490 --> 00:36:42,050 So we need the need to text admin, the DST. 506 00:36:42,940 --> 00:36:46,000 I mean, the extra let's check to see. 507 00:36:46,980 --> 00:36:49,850 OK, this seems to be like a password. 508 00:36:51,350 --> 00:36:53,020 Probably it's encrypted, but we don't know. 509 00:36:53,030 --> 00:36:54,380 So let's try to copy it. 510 00:36:55,640 --> 00:36:57,740 And we would just try it out here. 511 00:36:59,480 --> 00:37:00,320 Let's go over here. 512 00:37:00,680 --> 00:37:01,040 So. 513 00:37:02,710 --> 00:37:03,180 And. 514 00:37:05,360 --> 00:37:07,060 We are just testing you guys. 515 00:37:07,480 --> 00:37:12,290 So, OK, folks are on 14 more now. 516 00:37:13,800 --> 00:37:15,210 So we own 14. 517 00:37:20,950 --> 00:37:24,130 Yeah, so let's try to bust the bus would do. 518 00:37:25,570 --> 00:37:26,030 Guste. 519 00:37:27,270 --> 00:37:28,400 And submit. 520 00:37:30,360 --> 00:37:33,730 Congress, so that past quarter was not even encrypted. 521 00:37:33,760 --> 00:37:34,770 Guys, no hashed. 522 00:37:35,130 --> 00:37:37,410 So we get this point. 523 00:37:37,470 --> 00:37:39,360 OK, so let's go to the next challenge. 524 00:37:40,470 --> 00:37:41,780 We will close this. 525 00:37:41,960 --> 00:37:46,070 We don't need this anymore this anymore. 526 00:37:46,080 --> 00:37:51,420 So we are going to do fifteen by Drake can. 527 00:37:53,690 --> 00:37:58,020 Okay, so let's go here again to analyze it before. 528 00:37:58,680 --> 00:38:01,040 Since this is a one freedom, we will not try. 529 00:38:01,180 --> 00:38:06,960 This is cruel and tried to submit to see if we will find something good puzzle. 530 00:38:07,020 --> 00:38:07,650 Please try again. 531 00:38:07,690 --> 00:38:08,320 OK, I know. 532 00:38:11,010 --> 00:38:19,920 Well, so what we have as mission is that we have to find a secret file using a common technique to 533 00:38:19,920 --> 00:38:28,570 find heat in territories as usual, as usual in the first part of this advance. 534 00:38:28,650 --> 00:38:35,040 If you a hockey network and penetration testing, we will used so many tools so that we can get some 535 00:38:35,040 --> 00:38:37,530 deltoids fired by. 536 00:38:37,650 --> 00:38:43,050 And Muppet or by Durbin need it or by using WP scan. 537 00:38:43,980 --> 00:38:50,670 So to do so, Aegeus gonna try to copy this path here. 538 00:38:51,780 --> 00:38:52,320 Copy. 539 00:38:52,640 --> 00:38:52,990 Control. 540 00:38:53,000 --> 00:38:53,260 See. 541 00:38:53,340 --> 00:38:55,470 And then here we are going to open the new terminal. 542 00:38:57,790 --> 00:39:03,210 We want a durable display so that we find more directories and sayadi. 543 00:39:03,750 --> 00:39:04,560 So we Dobek. 544 00:39:06,210 --> 00:39:10,340 And then we just control shift and we pass the deal. 545 00:39:11,430 --> 00:39:14,610 And then so we are waiting for this can be complete. 546 00:39:15,090 --> 00:39:17,940 Meanwhile, we can go here and analyze this source code. 547 00:39:19,650 --> 00:39:21,230 Let's find some. 548 00:39:22,640 --> 00:39:23,430 Which is. 549 00:39:24,780 --> 00:39:25,650 Commented. 550 00:39:26,040 --> 00:39:26,610 Oh! 551 00:39:27,830 --> 00:39:29,400 And did so, I don't know. 552 00:39:29,460 --> 00:39:31,110 So let's try to check it out. 553 00:39:33,060 --> 00:39:33,990 In that time. 554 00:39:40,040 --> 00:39:44,990 None of this law would admit we have a green comment. 555 00:39:45,440 --> 00:39:49,610 Try Googling, we find that is used to block Google. 556 00:39:49,790 --> 00:39:53,880 But Paul Doyce thing, it's well, it's a school. 557 00:39:53,990 --> 00:39:59,240 Districts will need to Google it as it sees the. 558 00:40:00,150 --> 00:40:03,740 Let be complete controversy and let's go here. 559 00:40:05,310 --> 00:40:07,690 That school is going to score and score. 560 00:40:09,260 --> 00:40:10,970 Quite nothing as important. 561 00:40:11,780 --> 00:40:12,080 OK. 562 00:40:12,170 --> 00:40:13,400 So we don't need this anymore. 563 00:40:13,570 --> 00:40:17,110 Can just cause it needs to move. 564 00:40:17,120 --> 00:40:17,470 Right. 565 00:40:17,540 --> 00:40:18,980 Let's try to see. 566 00:40:21,220 --> 00:40:22,410 It's still scanning. 567 00:40:22,460 --> 00:40:25,680 So let's just wait a little bit. 568 00:40:25,770 --> 00:40:27,660 Mommy needs and we own em. 569 00:40:28,210 --> 00:40:31,190 So until it is too Xena's or was it. 570 00:40:31,190 --> 00:40:33,630 We got it right. 571 00:40:34,070 --> 00:40:35,040 So I wouldn't do it. 572 00:40:36,740 --> 00:40:38,930 Well, a scan is complete. 573 00:40:38,960 --> 00:40:40,940 So let's go back and check. 574 00:40:41,440 --> 00:40:43,050 There were toys that we have read. 575 00:40:44,060 --> 00:40:50,430 So we have Dutch H.T. access to password care, ABC in. 576 00:40:52,940 --> 00:40:53,830 Oh, right. 577 00:40:53,940 --> 00:40:58,650 So we have this we can just White Creek and copy this thing. 578 00:40:58,800 --> 00:41:00,540 Let's go. 579 00:41:03,260 --> 00:41:03,880 Jamal. 580 00:41:05,960 --> 00:41:07,690 OK, so let's come back. 581 00:41:08,100 --> 00:41:14,730 And so we're gonna to just open a new tab in buses there or just control C Control Week. 582 00:41:15,920 --> 00:41:17,050 We want to see this fight. 583 00:41:19,000 --> 00:41:23,470 Hayden takes these to ABC Heat Index. 584 00:41:24,460 --> 00:41:26,200 So what we can do? 585 00:41:27,520 --> 00:41:36,180 First thing first, we're going to say what is user, what he's what ATX the. 586 00:41:37,070 --> 00:41:37,400 OK. 587 00:41:38,560 --> 00:41:39,350 So, yeah. 588 00:41:41,790 --> 00:41:50,310 OK, so let's talk a little bit about the war, but that the exiting but is a war both the defendant 589 00:41:50,390 --> 00:41:52,220 will put is a text file. 590 00:41:52,360 --> 00:42:00,000 Webmaster is quick to instruct Web warbirds, typically search engine about how to point to pages on 591 00:42:00,000 --> 00:42:00,720 the Web site. 592 00:42:01,130 --> 00:42:02,510 So there will be a text file. 593 00:42:02,540 --> 00:42:03,860 It is a part of the war. 594 00:42:03,890 --> 00:42:06,300 But exclusion protocol are epee. 595 00:42:06,800 --> 00:42:09,390 A group of web standards that we do late. 596 00:42:09,500 --> 00:42:17,240 How war books, Choiseul, the web access and indexed content search of the content up to users. 597 00:42:17,780 --> 00:42:18,530 The R. 598 00:42:19,280 --> 00:42:20,350 The R e p. 599 00:42:20,420 --> 00:42:22,040 I mean Dhoom. 600 00:42:22,810 --> 00:42:30,860 The Walbert Exclusion Protocol also includes some directives like Mutawa boards as well as pages, subdirectories 601 00:42:30,890 --> 00:42:31,650 and so forth. 602 00:42:32,240 --> 00:42:41,060 So in practice, that fire indicate where to set any user agenda or chording software can or cannot 603 00:42:41,060 --> 00:42:43,220 call part of a Web site. 604 00:42:43,300 --> 00:42:52,370 These call instructions are specified by disallowing or allowing the behavior of certain user agent. 605 00:42:53,380 --> 00:43:01,620 Okay, so how can we understand how it how how it works, guys? 606 00:43:01,940 --> 00:43:11,390 So first thing first, they has to be that you've see the steak that you see after to use as agent means 607 00:43:11,450 --> 00:43:12,830 that there will board. 608 00:43:12,860 --> 00:43:21,760 That 60 file applies to all web warbirds that visit the site and the slash after dessert, all terrasse 609 00:43:22,310 --> 00:43:25,110 the slash after Desilu. 610 00:43:25,220 --> 00:43:30,890 ABC tells us they will, but to not visit any page on that site of that site. 611 00:43:31,100 --> 00:43:36,500 So you might be wondering why anyone would want to stop Web wabbits from visiting with these sites. 612 00:43:36,650 --> 00:43:45,980 After all, one of the major goals of C, E or is to get search engines to call your Web site easily 613 00:43:46,010 --> 00:43:48,800 so that they can increase your thinking. 614 00:43:49,880 --> 00:43:54,290 This is where the secret of the of this s or has come in. 615 00:43:54,710 --> 00:43:57,120 You probably have a lot of pages on your site wide. 616 00:43:57,560 --> 00:43:59,660 Even if you don't think you do. 617 00:44:00,890 --> 00:44:02,610 But just go and check. 618 00:44:02,870 --> 00:44:10,670 You might be surprised if a search engine calls your your site, it it will call every single page of 619 00:44:10,670 --> 00:44:11,360 your Web site. 620 00:44:11,720 --> 00:44:17,870 And if you have a lot of pages, it will take this search engine boat a way to quote them. 621 00:44:18,170 --> 00:44:21,170 So which can have negative effects on your thinking. 622 00:44:21,260 --> 00:44:26,570 So that's because Google bought Google search engine but has a, quote, budget. 623 00:44:27,350 --> 00:44:30,080 So, yeah, this breaks down into two positive. 624 00:44:30,080 --> 00:44:31,670 First is called a limit. 625 00:44:31,790 --> 00:44:32,270 Limit user. 626 00:44:32,320 --> 00:44:32,970 How is. 627 00:44:34,950 --> 00:44:38,590 Okay, let's give some example of how it works. 628 00:44:39,880 --> 00:44:42,640 Search engines have two main jobs. 629 00:44:43,060 --> 00:44:47,530 The first one is to quote the Web site to discover content. 630 00:44:48,040 --> 00:44:55,600 The second job is indexing the content so that it can be served up to searchers who are looking for 631 00:44:55,690 --> 00:44:59,330 information to call site search engine. 632 00:44:59,360 --> 00:45:03,500 Photo links to get from one side to another were to make a recording. 633 00:45:03,500 --> 00:45:06,290 Of course, many billions of links and Web sites. 634 00:45:06,710 --> 00:45:12,640 Scrolling behavior is sometimes known as Spide doing after waving at a Web site. 635 00:45:12,730 --> 00:45:14,230 But be forced by doing it. 636 00:45:14,590 --> 00:45:21,520 The search caller will look for a will, but the extra file, if it finds one, the caller will read 637 00:45:21,580 --> 00:45:25,180 that file first before continuing to the page. 638 00:45:25,480 --> 00:45:28,350 This is very important, guys, because there will. 639 00:45:28,400 --> 00:45:35,680 But the 65 contains information about how the search engine should work, should work or should should 640 00:45:35,710 --> 00:45:43,150 call the information file and there will instruct Frood or caller action on this particular Web site, 641 00:45:43,570 --> 00:45:44,050 if they will. 642 00:45:44,100 --> 00:45:51,390 But the 60 file, it does not contain any directives that DSL or a user agent's activities are. 643 00:45:51,490 --> 00:45:57,390 If we decide does it have what it takes the 60 file, it will proceed to court order. 644 00:45:57,460 --> 00:45:58,900 Information on this site. 645 00:46:00,260 --> 00:46:01,820 Yeah, so that's how it looks. 646 00:46:02,030 --> 00:46:02,630 So let's. 647 00:46:03,410 --> 00:46:05,450 Let's come back to our topic. 648 00:46:06,220 --> 00:46:06,560 OKing. 649 00:46:09,750 --> 00:46:13,530 So what we have to do, we have to just copy this. 650 00:46:14,380 --> 00:46:14,750 Path. 651 00:46:15,380 --> 00:46:17,040 And we just copy control, see? 652 00:46:18,080 --> 00:46:19,790 And then we go plasty the. 653 00:46:21,950 --> 00:46:22,970 Behind this. 654 00:46:23,300 --> 00:46:26,350 So this chick it. 655 00:46:26,440 --> 00:46:27,650 Oh, kill, we're doing it. 656 00:46:27,680 --> 00:46:30,180 You have phoned if the heat and fire will burst. 657 00:46:30,460 --> 00:46:31,640 That takes the Yeah. 658 00:46:31,730 --> 00:46:33,290 So we did it finally. 659 00:46:33,290 --> 00:46:35,090 Just which you missed. 660 00:46:35,200 --> 00:46:36,590 So we find it here first. 661 00:46:36,710 --> 00:46:36,950 OK. 662 00:46:37,520 --> 00:46:38,000 So. 663 00:46:38,090 --> 00:46:38,470 Yeah. 664 00:46:39,170 --> 00:46:40,090 And guess what? 665 00:46:40,220 --> 00:46:42,290 What a challenge is heaven bound. 666 00:46:42,520 --> 00:46:42,950 Okay. 667 00:46:42,980 --> 00:46:45,440 So we are willing to compete again. 668 00:46:45,440 --> 00:46:49,060 Control or just or we can copy and go back here. 669 00:46:50,480 --> 00:46:53,540 And let's use these things and just. 670 00:46:55,270 --> 00:46:59,470 Bus and submit. 671 00:47:01,040 --> 00:47:01,700 Congrats. 672 00:47:02,120 --> 00:47:04,850 Fifteen point quin's has been added. 673 00:47:05,420 --> 00:47:06,400 All right, good. 674 00:47:06,500 --> 00:47:09,260 So now let's go to the next challenge. 675 00:47:10,750 --> 00:47:11,800 So, yeah. 676 00:47:13,290 --> 00:47:14,000 16. 677 00:47:20,480 --> 00:47:22,070 Basic Challenge 16. 678 00:47:22,220 --> 00:47:25,910 So this log is vulnerable to Escuela injection. 679 00:47:26,150 --> 00:47:29,270 So guess what if it if it if that is OK. 680 00:47:29,360 --> 00:47:31,470 So we are just going to type this. 681 00:47:31,850 --> 00:47:42,730 But in order for you guys to to to remember this, this injection always put the disposal between the 682 00:47:42,730 --> 00:47:46,520 space and between a single court to do so. 683 00:47:46,880 --> 00:47:51,010 We are going to use every thing and it's as always. 684 00:47:51,440 --> 00:47:53,960 And we are going to do like that. 685 00:47:55,400 --> 00:48:03,750 Two single quotes and then we put one and a single court space. 686 00:48:03,830 --> 00:48:05,600 Now all in space. 687 00:48:05,630 --> 00:48:07,760 Now another single court. 688 00:48:08,090 --> 00:48:11,690 And now we put one joule equal to one, equal one. 689 00:48:11,810 --> 00:48:12,590 And then that's it. 690 00:48:12,950 --> 00:48:16,470 So the two outsiders single court. 691 00:48:16,520 --> 00:48:17,570 So we don't need them anymore. 692 00:48:17,600 --> 00:48:18,540 So we use. 693 00:48:19,970 --> 00:48:21,580 And then all we delete. 694 00:48:21,650 --> 00:48:23,350 So now we can just click on submit. 695 00:48:23,570 --> 00:48:24,200 So let's see. 696 00:48:28,470 --> 00:48:31,260 In a quick escrowed injection, please try again. 697 00:48:31,590 --> 00:48:37,410 OK, so now we are going to try it is clear injection because this first was not working. 698 00:48:37,500 --> 00:48:43,730 And then it seems to us that this this challenge is vulnerable to Escadrille injection. 699 00:48:44,040 --> 00:48:51,900 So we are going to just try to enter some characters or some other commands so that we made it work. 700 00:48:51,930 --> 00:48:56,700 But first thing first, so that we don't forget, we are going to view page source. 701 00:48:58,490 --> 00:48:59,070 Well, kid. 702 00:49:00,780 --> 00:49:01,370 Let's call it. 703 00:49:01,440 --> 00:49:07,860 I want to find out if there are some informations, some information, some hidden data, which. 704 00:49:09,220 --> 00:49:13,330 Which are in this page as we draw. 705 00:49:13,420 --> 00:49:15,610 So let's just cordon down. 706 00:49:19,350 --> 00:49:20,180 At the moment. 707 00:49:21,330 --> 00:49:23,100 Okay, so you're. 708 00:49:24,760 --> 00:49:25,420 All right. 709 00:49:31,020 --> 00:49:31,380 All right. 710 00:49:31,650 --> 00:49:32,380 So nothing is that. 711 00:49:32,610 --> 00:49:34,080 So you just cross it. 712 00:49:35,760 --> 00:49:43,080 Now, what we can do, sometimes spaces might be free trade. 713 00:49:43,410 --> 00:49:45,570 So we have to find a way to buy plastic. 714 00:49:45,990 --> 00:49:48,930 So instead of typing this comment. 715 00:49:50,310 --> 00:49:50,980 This comment. 716 00:49:52,920 --> 00:49:53,490 This one. 717 00:49:53,580 --> 00:49:56,100 So we're going to try to avoid the space between. 718 00:49:56,280 --> 00:49:59,130 So to avoid the space, we are all we. 719 00:49:59,550 --> 00:50:04,940 We have to just type dash, star, star, dash. 720 00:50:05,460 --> 00:50:14,130 And so now instead of this, we a dush and star star dush. 721 00:50:15,060 --> 00:50:18,550 And again you can do the same. 722 00:50:18,750 --> 00:50:21,630 Stop motion star. 723 00:50:22,200 --> 00:50:22,900 And what we can do. 724 00:50:22,950 --> 00:50:23,230 Okay. 725 00:50:23,400 --> 00:50:24,160 So now it's okay. 726 00:50:24,690 --> 00:50:26,370 And then we can try to. 727 00:50:27,270 --> 00:50:29,470 We can just copy it so that we. 728 00:50:29,670 --> 00:50:30,900 We just was. 729 00:50:32,040 --> 00:50:37,000 Control a copy because it's a matter. 730 00:50:37,370 --> 00:50:38,590 This disk. 731 00:50:39,860 --> 00:50:44,510 This training, guys, is testing is been testing. 732 00:50:44,540 --> 00:50:46,620 So that means you have to just test it. 733 00:50:47,060 --> 00:50:49,970 So we could beat you by X then? 734 00:50:49,970 --> 00:50:50,490 Wouldn't need. 735 00:50:51,320 --> 00:50:53,310 And after a while. 736 00:50:53,450 --> 00:50:56,300 So we tried to see if we can find it. 737 00:50:56,330 --> 00:50:57,260 So nothing. 738 00:50:57,860 --> 00:51:06,010 So now let's try to make it in a secure in a secure command dash dash. 739 00:51:06,490 --> 00:51:11,120 And let's now click on Submit. 740 00:51:12,900 --> 00:51:16,570 Congrats, you see the teen's dad. 741 00:51:17,310 --> 00:51:18,140 It is not over. 742 00:51:18,360 --> 00:51:28,800 It is valuable to ask for an injection, but the single is Cuil injection must be bypassed the the space, 743 00:51:28,860 --> 00:51:33,140 because when you use this space inside, you are inside your comment. 744 00:51:33,570 --> 00:51:34,530 It is it. 745 00:51:34,670 --> 00:51:36,300 The space gets full to it. 746 00:51:36,630 --> 00:51:44,970 So it prevents you from its form from getting into the system. 747 00:51:45,150 --> 00:51:47,700 Therefore, you have to find a way to avoid the space. 748 00:51:48,000 --> 00:51:52,160 The way to avoid this space is using Dush. 749 00:51:52,320 --> 00:51:53,910 I mean slash star. 750 00:51:53,910 --> 00:51:54,480 Star. 751 00:51:55,870 --> 00:52:01,400 Slash, and then it's not enough, because when we try to test it, it was not working. 752 00:52:01,420 --> 00:52:05,290 So we had to put a comment in our school comment. 753 00:52:05,500 --> 00:52:10,470 So we used dash dash after that space, that dash, and then we present. 754 00:52:10,580 --> 00:52:12,160 Now we get it into the system. 755 00:52:12,460 --> 00:52:13,600 So that's how you make it go. 756 00:52:13,660 --> 00:52:20,520 So you you have to know not all the steps, but you have it's it's just a matter of training, sort 757 00:52:20,630 --> 00:52:28,070 of more you know, the more chance you have to get access into a vulnerable page, go out. 758 00:52:28,240 --> 00:52:32,920 So let's just close it now and let's go to the next step. 759 00:52:32,980 --> 00:52:34,280 We have been in 16. 760 00:52:34,630 --> 00:52:35,440 I don't remember every. 761 00:52:35,920 --> 00:52:37,450 We try to click on both. 762 00:52:38,760 --> 00:52:39,540 I'm a member. 763 00:52:40,060 --> 00:52:41,370 Well, I've been. 764 00:52:41,700 --> 00:52:41,910 OK. 765 00:52:41,970 --> 00:52:44,570 So we have been this hill. 766 00:52:45,310 --> 00:52:45,520 OK.