1
00:04:51,839 --> 00:04:53,887
Good morning
2
00:04:54,399 --> 00:04:57,727
Lancaster
3
00:06:53,951 --> 00:06:57,535
Hey good morning hey good morning
4
00:07:00,863 --> 00:07:03,167
Still waiting for FEMA papers
5
00:07:03,935 --> 00:07:06,751
And it just paid for them and then we started painting
6
00:10:36,927 --> 00:10:43,071
It'll still be a wedding.
7
00:15:47,711 --> 00:15:51,551
Good morning everyone welcome to today for of the training
8
00:15:52,063 --> 00:15:54,879
So let's start with Erica Podiatry
9
00:16:05,375 --> 00:16:11,519
So being started with the Java Edition in which field
10
00:16:11,775 --> 00:16:17,919
Read the binary XML and Json
11
00:16:18,175 --> 00:16:24,319
Define object produce the Magic by using which we can spot
12
00:16:24,575 --> 00:16:29,183
These binary Java desolation object
13
00:16:29,695 --> 00:16:35,839
Based on that one Swissport that we can simply use devices utility bicycle utility
14
00:16:36,095 --> 00:16:42,239
Temptation father of
15
00:16:42,495 --> 00:16:48,639
Define elicit realization that seen the blog of Anna security labs
16
00:16:48,895 --> 00:16:55,039
Sun Devil created on in our environment
17
00:17:01,695 --> 00:17:07,839
Lego stitches dollar version dishwasher Behar we can modify devices
18
00:17:08,095 --> 00:17:14,239
Dodge Charger student how we can come pilot in order to create custom payload 2 x 30
19
00:17:14,495 --> 00:17:20,639
Danville Cindy extremities realization Valerie Boutique
20
00:17:20,895 --> 00:17:27,039
But the moment the application convert the object into XML serialize formatted
21
00:17:27,295 --> 00:17:33,439
What is this kind of solids
22
00:17:33,695 --> 00:17:39,839
Is this the XML representation of X-Men serialized data of the object so he can simply
23
00:17:40,095 --> 00:17:46,239
Replace this XML decoder with the class which gave us Diplomat execution capability
24
00:17:46,495 --> 00:17:52,639
Example of using which simply become ants in the back
25
00:17:53,919 --> 00:18:00,063
The museum Dexter ground Italian scene
26
00:18:00,319 --> 00:18:06,463
Did Jason Jason Jason doing lots of eczema stuff in the back
27
00:18:06,719 --> 00:18:12,863
So the Dixon Justin is not detectable to disassemble Lamberti
28
00:18:13,119 --> 00:18:19,263
But if he somehow identified to be identified by 10
29
00:18:19,519 --> 00:18:25,663
Using in the backend which allows students attend XML processing than using Jackson Jason also be able to
30
00:18:32,319 --> 00:18:38,463
Vinyl civilization Soviets in the documentation that the battery for motorcycle battery for my glasses
31
00:18:38,719 --> 00:18:44,863
It can't be binary citylights object
32
00:18:45,119 --> 00:18:51,263
Not entirely serialized object using symmetric b double AAA
33
00:18:51,519 --> 00:18:57,663
88m for simply use this bicycle Dartmouth utility
34
00:18:57,919 --> 00:19:00,223
Unexplored application father
35
00:19:00,479 --> 00:19:06,623
Then go see example of Mencia
36
00:19:07,135 --> 00:19:13,279
B & S license Behavior seen that it uses the pickle and pickle
37
00:19:13,535 --> 00:19:19,679
Uses dog mattered a note to come to civilization and digitalisation
38
00:19:19,935 --> 00:19:26,079
Turn the matters that is allowed to do this when you take picture with them
39
00:19:26,335 --> 00:19:28,895
Device in this relationship
40
00:19:29,151 --> 00:19:35,295
It is kind of important matters or Lexie and pickling
41
00:19:35,551 --> 00:19:36,319
Bruce's
42
00:19:36,575 --> 00:19:42,719
The distillation is not able to open file
43
00:19:45,791 --> 00:19:51,935
You open so the moment
44
00:19:52,191 --> 00:19:58,335
Isn't that we have provided our orbital hours to execution
45
00:19:58,847 --> 00:20:04,991
The moment send this data to the backend entitle Library state of execute
46
00:20:05,247 --> 00:20:11,391
Record that is done with interviews better than by bring.
47
00:20:11,647 --> 00:20:17,791
Danville senior example of I-35 by the Plex Media Server
48
00:20:18,047 --> 00:20:24,191
Anybody could this upload 35 which later
49
00:20:24,447 --> 00:20:25,471
Can people function
50
00:20:25,727 --> 00:20:31,871
And using that the researcher is able to perform.
51
00:20:32,127 --> 00:20:38,271
So I senior decor
52
00:20:38,527 --> 00:20:43,135
Goodbye be
53
00:20:43,391 --> 00:20:49,535
That is no relation is implemented content that is there within District
54
00:20:49,791 --> 00:20:54,399
And by doing that that isn't eligible to become self-sufficient
55
00:20:55,167 --> 00:21:01,311
Danville senior Rubio with a injection
56
00:21:01,567 --> 00:21:07,711
Let him put into a into a template in the Bakken
57
00:21:07,967 --> 00:21:14,111
If you're able to identify the back and tablet
58
00:21:14,367 --> 00:21:17,696
Indeed
59
00:21:18,976 --> 00:21:25,120
Then we'll seen the bunch of study around template injection attack Alex Marty template
60
00:21:25,376 --> 00:21:31,520
Japanese you are beautiful female guitar player
61
00:21:31,776 --> 00:21:37,920
What what civilization might need to wear while sitting at home be able to compromise
62
00:21:38,176 --> 00:21:44,320
Enter domain controller of the organization Where We Are
63
00:21:44,576 --> 00:21:46,880
Injection
64
00:21:47,392 --> 00:21:53,536
Then we'll see what is secondary simple injection where is different
65
00:21:53,792 --> 00:21:59,936
And the situation is different so the first insertion point allows to let sit in store
66
00:22:00,192 --> 00:22:02,496
The data within the database
67
00:22:02,752 --> 00:22:08,896
And during the execution Point what did Wilfred first fat from the
68
00:22:09,152 --> 00:22:14,528
Then it will pass this info answer
69
00:22:16,576 --> 00:22:22,720
Then we'll discuss what is Autobahn Expedition social
70
00:22:22,976 --> 00:22:29,120
Bring the outerbanks exploration because it has a different function or let it be.
71
00:22:29,376 --> 00:22:35,520
Which basically allows two let's make it out of band called to the Atticus tubing
72
00:22:35,776 --> 00:22:41,920
Example for that is mustard or sister Expedia tree which basically allows to make a note
73
00:22:42,176 --> 00:22:48,320
Outer Banks
74
00:22:48,576 --> 00:22:54,720
Ballard bicycle injection
75
00:22:55,744 --> 00:23:01,888
Exercise around my second-oldest projection here you've seen that the ventures
76
00:23:02,144 --> 00:23:05,728
Dixon point is if I updated and
77
00:23:05,984 --> 00:23:10,848
The ignition point is
78
00:23:11,616 --> 00:23:17,760
Daniel Cindy SQL injection through cryptographic
79
00:23:18,016 --> 00:23:24,160
Commission from the end-user so there are two application in the background
80
00:23:24,416 --> 00:23:30,560
Diversification into Santa Anita to the other education to the user browser
81
00:23:30,816 --> 00:23:32,864
Play protect this using the encryption
82
00:23:33,376 --> 00:23:39,520
So here if you had to identify the endpoint which basically gives
83
00:23:39,776 --> 00:23:45,920
For the user to user spandex value
84
00:23:46,176 --> 00:23:52,320
Multiple payloads based on our need and then we can simply analyzed application
85
00:23:52,576 --> 00:23:58,720
Identify the endpoint with basically accept the encrypted value
86
00:23:58,976 --> 00:24:05,120
Our first in point we can generate our payload and Pasty.
87
00:24:05,376 --> 00:24:11,520
Verification verification
88
00:24:11,776 --> 00:24:12,800
Injection
89
00:24:14,336 --> 00:24:17,920
No let's start with R
90
00:24:18,176 --> 00:24:24,320
Once you identify the SQL injection challenges together
91
00:24:24,576 --> 00:24:30,720
What is the requirement for bear
92
00:24:30,976 --> 00:24:37,120
Sally's nothing but Communication channel between two parties on the CO2 machine
93
00:24:37,376 --> 00:24:43,520
Akshay Kumar
94
00:24:43,776 --> 00:24:49,920
Output
95
00:24:50,176 --> 00:24:56,320
Spfc in our previously example
96
00:24:56,832 --> 00:25:02,976
Beautiful multiple virus
97
00:25:03,232 --> 00:25:09,376
Example of extract
98
00:25:09,632 --> 00:25:14,752
The cities of SQL query to obtain a result of multiple internet
99
00:25:15,008 --> 00:25:21,152
On the backend is helpful which basically allows us to
100
00:25:21,408 --> 00:25:27,552
Do everything in am window okay
101
00:25:27,808 --> 00:25:33,952
The article Force Department server to initiate a connection
102
00:25:34,208 --> 00:25:40,352
Listing on DirecTV connection from the application
103
00:25:41,888 --> 00:25:48,032
Updated version we are using the Metasploit now what is Metasploit
104
00:25:48,288 --> 00:25:54,432
I believe everyone knows about that bastard so Metasploit is kind of a plane versus basically used to identify
105
00:25:54,688 --> 00:26:00,832
Unexplored availability for setting alarm
106
00:26:01,088 --> 00:26:07,232
Test contains models likability / Statics exploit to welcome before 6
107
00:26:07,488 --> 00:26:13,632
Rotation it has a payload to obtain a shell and everything to perform operation
108
00:26:13,888 --> 00:26:20,032
There are certain basic pillow interested in advance pillow
109
00:26:20,288 --> 00:26:26,432
It's kind of an advanced payload which basically provide provides many built-in commands for post exploitation
110
00:26:26,688 --> 00:26:32,832
As we have seen in the example of Plex Media Server extradition able to extract information of this
111
00:26:33,088 --> 00:26:39,232
System using this info onto schedule then we can also
112
00:26:39,488 --> 00:26:45,632
How many cards to expect eventual Orthopedic exponential abuser that is logged in on that particular machine
113
00:26:45,888 --> 00:26:52,032
This matter picture is a kind of advance payday loan
114
00:26:52,288 --> 00:26:56,128
Sinks insert something what happened
115
00:26:57,152 --> 00:27:03,296
Even if you're available not successful on the backend system
116
00:27:03,552 --> 00:27:09,696
Customizable Daytona requirement dexfield MSRP
117
00:27:09,952 --> 00:27:16,096
The payload baseball Army
118
00:27:16,352 --> 00:27:18,656
All it's a sale Corpus do not need
119
00:27:19,680 --> 00:27:25,824
So here let me spend
120
00:27:26,080 --> 00:27:28,640
Octonauts
121
00:27:28,896 --> 00:27:35,040
First record intifada fecal ingestion application to create a payload
122
00:27:35,296 --> 00:27:38,880
We know what it will do.
123
00:27:39,904 --> 00:27:46,048
Which is created using the payload letter Windows X 64 by the Beatles
124
00:27:46,304 --> 00:27:52,448
Psalm 30 verse 2
125
00:27:52,704 --> 00:27:58,848
40 x 61 64-bit architecture
126
00:27:59,104 --> 00:28:05,248
Musically the information of the article smashing executable
127
00:28:05,504 --> 00:28:11,648
People make outbound connection to this airport and Airport
128
00:28:11,904 --> 00:28:18,048
First view to Lexus send this article executive
129
00:28:18,304 --> 00:28:22,656
Download this executable file from Atticus machine
130
00:28:23,424 --> 00:28:29,568
Bubble tea
131
00:28:29,824 --> 00:28:35,968
Galaxy Vol 2
132
00:28:36,224 --> 00:28:41,856
Simple patterns over to Homestead particle executable
133
00:28:42,112 --> 00:28:48,256
We are ready to send this user ex. Executed
134
00:28:48,512 --> 00:28:54,656
Shuffle the SQL injection we're in such a way that the backend solar
135
00:28:54,912 --> 00:29:01,056
Try to download this user x.exe from the artist machine and store it into a local
136
00:29:01,312 --> 00:29:07,456
So this particular command we are using which basically download the user x.exe
137
00:29:07,712 --> 00:29:12,832
And then it will dump today work at the stem
138
00:29:13,088 --> 00:29:19,232
So once now a piano results
139
00:29:19,488 --> 00:29:25,632
That on beat bucket application server know what next
140
00:29:25,888 --> 00:29:32,032
1 cyl and you to start a list to Alexa wait for the album connection
141
00:29:32,288 --> 00:29:38,432
Extinguisher
142
00:29:38,688 --> 00:29:44,832
Within the msfconsole again
143
00:29:45,088 --> 00:29:51,232
XXX pcmd sure I want to be powerful, and that is
144
00:29:51,488 --> 00:29:57,632
Please execute this particular executable
145
00:29:57,888 --> 00:30:04,032
The moment it will execute this particular come on it will make album connection
146
00:30:11,200 --> 00:30:17,344
So based on that our next exercise. Continue with the previous exercise to obtain a divorce
147
00:30:17,600 --> 00:30:23,744
Shell on the TV host machine using Metasploit and nephew Windows tools like Powershell salt YouTube
148
00:30:24,000 --> 00:30:26,304
Descript insulin
149
00:30:26,560 --> 00:30:32,704
The challenge comes lasciviousness
150
00:30:32,960 --> 00:30:37,056
Your goal is to use any of the exercise
151
00:30:37,312 --> 00:30:43,456
From the previous places like secondary simple injection or simple injection to crypto
152
00:30:43,712 --> 00:30:48,064
P0244 this particular exercise like simple injection to reverse shattered
153
00:30:48,832 --> 00:30:52,672
So anyone has any question in this
154
00:30:56,768 --> 00:31:01,888
So what I'll do I'll just give you letters 10 mins
155
00:31:02,400 --> 00:31:08,544
Give Alyssa 10 minutes to play with this exercise
156
00:31:09,312 --> 00:31:13,152
Then again I'll give you time to complete this exercise
157
00:31:13,664 --> 00:31:16,480
So are the best
158
00:31:18,016 --> 00:31:24,160
If you have any question or query regarding any of the steps just pushed your question & Carry in Bremerton
159
00:31:24,416 --> 00:31:30,560
Call Jenna will provide resolution let me unlock the password if you want
160
00:31:30,816 --> 00:31:36,960
To get this something offline on shift so
161
00:31:37,216 --> 00:31:40,800
I'll confirm once I uploaded the password
162
00:38:58,816 --> 00:39:02,912
Looks like no one has completed this difficult right
163
00:39:42,592 --> 00:39:48,736
I have updated the password Portal Part 4
164
00:39:48,992 --> 00:39:50,784
To help from this folder
165
00:39:51,040 --> 00:39:53,344
Tickling Jacinto
166
00:41:09,632 --> 00:41:14,496
Okay so let me give you a big them around this
167
00:41:20,128 --> 00:41:23,968
Let me connect to the VPN.
168
00:41:32,160 --> 00:41:34,976
Start about speed
169
00:41:45,472 --> 00:41:51,616
So now the plus thing is built using
170
00:41:51,872 --> 00:41:58,015
Which basically pick outbound connection today
171
00:41:58,271 --> 00:41:59,295
Just
172
00:42:01,599 --> 00:42:07,743
It's a typing DiSpirito, msf
173
00:42:07,999 --> 00:42:12,351
I think I'll be alone
174
00:42:15,679 --> 00:42:21,823
730 load for Windows machine 64
175
00:42:22,079 --> 00:42:28,223
HTTP connection
176
00:42:28,479 --> 00:42:34,623
So here I would provide the attackers IP address
177
00:42:34,879 --> 00:42:37,183
Check my IP address
178
00:42:37,951 --> 00:42:39,999
CIT 85
179
00:42:41,279 --> 00:42:47,423
Airport
180
00:42:47,679 --> 00:42:53,823
Translate to fire type is equal to exe and storied with Indy user 85
181
00:42:54,079 --> 00:42:55,871
Dot EXE
182
00:43:00,991 --> 00:43:03,807
So it has created for us
183
00:43:04,063 --> 00:43:05,599
This is a pillow
184
00:43:05,855 --> 00:43:10,207
90s article I have to put this
185
00:43:10,719 --> 00:43:16,863
On my machine Ivan mstp.
186
00:43:21,215 --> 00:43:27,359
Now let's go to our school in Jacksonville
187
00:43:27,615 --> 00:43:28,895
Simple injection
188
00:43:29,151 --> 00:43:30,943
There
189
00:43:31,199 --> 00:43:34,527
Insertion point is to calibrate page
190
00:43:38,111 --> 00:43:40,927
Canopy disabilities
191
00:43:42,719 --> 00:43:48,863
Insects already logged in over here here I want to fire
192
00:43:59,359 --> 00:44:05,503
Indian example if you want to perform this reverse circulation
193
00:44:05,759 --> 00:44:11,903
The first time to go to this particle steps like no to check the username weather this year
194
00:44:12,159 --> 00:44:18,303
What is apart of Seaside roll or not
195
00:44:18,559 --> 00:44:24,703
Bellenden only you are able to run the system on that particular system
196
00:44:25,983 --> 00:44:32,127
SP already doubled especially sale in the park
197
00:44:32,383 --> 00:44:38,527
I want to execute Master xpcom this
198
00:44:38,783 --> 00:44:44,927
But I'm using the
199
00:44:45,183 --> 00:44:51,327
URL cash iPhone app option which basically used to pull Stone load
200
00:44:51,583 --> 00:44:54,143
The information from 34th location
201
00:44:54,399 --> 00:45:00,543
And here I'm providing the part that I want to download information from this particular
202
00:45:01,567 --> 00:45:07,455
Let's say you are sorry user IDs
203
00:45:10,783 --> 00:45:15,647
I want to download the user 85. Exe and I want to store it within
204
00:45:16,671 --> 00:45:20,767
A temporary location C Windows 10
205
00:45:21,023 --> 00:45:25,887
Copy this information
206
00:45:26,911 --> 00:45:32,287
Provided within the password question
207
00:45:35,103 --> 00:45:41,247
No let me start the private window in order to
208
00:45:41,503 --> 00:45:45,087
The exhibition point and that is our password
209
00:45:45,599 --> 00:45:47,647
Princess Peach
210
00:45:47,903 --> 00:45:51,231
Login password
211
00:45:53,791 --> 00:45:59,935
Secret answer to secret question
212
00:46:00,191 --> 00:46:02,239
Next
213
00:46:06,079 --> 00:46:12,223
It has an updated download
214
00:46:12,479 --> 00:46:18,623
On a mushy moment we send Elizabeth click on this visit by country
215
00:46:18,879 --> 00:46:25,023
The Bakken excited Bruce's this particular query Indy unsafe SQL query
216
00:46:25,279 --> 00:46:31,423
Try to make out of bounds request to download 2085x Islam the attic and Storage
217
00:46:31,679 --> 00:46:37,823
Windows 10 using 485 EXE
218
00:46:38,079 --> 00:46:44,223
On December so the next time you two do you start
219
00:46:44,479 --> 00:46:47,807
Support that I'm using this msfconsole
220
00:46:51,391 --> 00:46:57,535
Set some come on
221
00:46:59,583 --> 00:47:05,727
Information so I want to exploit I won't use the extra light Mighty Handler
222
00:47:08,287 --> 00:47:14,175
The payload that I've created is this
223
00:47:20,831 --> 00:47:26,719
The payload vacuum created is this
224
00:47:27,231 --> 00:47:31,327
Latest copy this information this situation
225
00:47:32,095 --> 00:47:38,239
Set ellhurst is equal to 192168 4.85
226
00:47:39,775 --> 00:47:43,871
Aboard the peanut cipto
227
00:47:44,127 --> 00:47:50,271
Used by creating a payload then let the set Airport
228
00:47:50,527 --> 00:47:56,671
And let's start d-lister now it's time to execute.
229
00:47:56,927 --> 00:48:03,071
Payload on the server in for that running display
230
00:48:03,327 --> 00:48:06,911
Injecting dispatch
231
00:48:08,191 --> 00:48:14,335
Wews Perry Galaxy clothes WSM for 10 minutes please
232
00:48:14,591 --> 00:48:20,735
Used XP cmdshell 2000s particle command cmd.exe
233
00:48:20,991 --> 00:48:23,039
This
234
00:48:23,295 --> 00:48:25,599
85 XE Honda 7
235
00:48:26,111 --> 00:48:27,903
Let me copy this
236
00:48:31,487 --> 00:48:34,815
Eustis Tinder profile of the beach
237
00:48:39,423 --> 00:48:45,567
Go to my messages in Boynton Beach
238
00:48:51,455 --> 00:48:56,063
It's updated knowledge
239
00:48:58,623 --> 00:49:04,767
Answer in the moment we click on this reset password to make outbound connection
240
00:49:05,023 --> 00:49:09,119
There are certain things that is happening on Alyssa
241
00:49:10,655 --> 00:49:16,287
Which is basically handling a request from the attic
242
00:49:16,543 --> 00:49:19,103
So now we have a makeup dresser
243
00:49:19,359 --> 00:49:22,175
So now we can play with this
244
00:49:22,431 --> 00:49:28,575
And we can simply type? To check what are the options or what are the pre-built
245
00:49:28,831 --> 00:49:30,367
137
246
00:49:31,647 --> 00:49:37,791
So you can simply use this information like the salty system commands
247
00:49:38,047 --> 00:49:44,191
Said you can't exactly use like at pididdly
248
00:49:44,447 --> 00:49:50,591
Report lost please don't do this kind of operation because it will set down
249
00:49:50,847 --> 00:49:56,735
What system for the POC Papa's you can simply use this demand season 2
250
00:49:56,991 --> 00:50:03,135
Where my schedule ID and on
251
00:50:07,999 --> 00:50:09,791
Go to ID
252
00:50:12,607 --> 00:50:16,191
Michelle
253
00:50:17,983 --> 00:50:22,079
It says that one channel is created now you can play with the shell
254
00:50:22,591 --> 00:50:26,431
It's at 1 to read the content of C windows
255
00:50:26,687 --> 00:50:29,247
GreenDot ini
256
00:50:29,759 --> 00:50:35,135
Okay now I just done the dishes at the moment we click on this exit
257
00:50:35,391 --> 00:50:41,535
It will exit from the shell but still open so you can still play with this
258
00:50:44,607 --> 00:50:50,751
Fashion
259
00:50:51,007 --> 00:50:57,151
Exercise anyone has any question in this
260
00:50:59,455 --> 00:51:05,343
Okay sortileges give you 50 more minutes to complete this exercise that will move to the next one
261
00:51:06,367 --> 00:51:12,511
So are the best if you complete this exercise please update the Bolin Channel Jenna and if you have any
262
00:51:12,767 --> 00:51:16,095
Any question just push your question Aquarion.
263
00:56:07,423 --> 00:56:09,471
Recording in progress
264
01:06:13,119 --> 01:06:18,751
If you are still doing this one so let me add 50 minutes then we'll move to the next one
265
01:11:20,063 --> 01:11:25,439
It looks like everyone has computer display
266
01:11:26,975 --> 01:11:33,119
Okay. Please do not worry then try this during departed a slap.
267
01:11:34,399 --> 01:11:36,447
Now let's move to the next one
268
01:11:36,703 --> 01:11:42,847
And daddys so
269
01:11:43,103 --> 01:11:49,247
Less than 33 and greater than 3.7
270
01:11:50,271 --> 01:11:56,415
SQL injection is a mansion that we are in kind of a sticky situation
271
01:11:56,671 --> 01:12:02,815
To convince a client
272
01:12:03,071 --> 01:12:09,215
Teddy's no public fuses are available
273
01:12:09,471 --> 01:12:15,615
Developer version of Joomla and identify Harwich
274
01:12:15,871 --> 01:12:19,199
The thought process how we have done.
275
01:12:19,711 --> 01:12:25,855
So here the endpoint is the purple update page
276
01:12:27,135 --> 01:12:33,279
Associative and execution pry point is
277
01:12:33,535 --> 01:12:36,607
Sportage so what we have observed is that
278
01:12:37,119 --> 01:12:43,263
Belinda Joomla indicated exploit there are multiple user Elizabeth the first
279
01:12:43,519 --> 01:12:49,663
What is a manager at being super and the manager is the least privilege user and the super admin is the highest
280
01:12:51,455 --> 01:12:57,599
So in order to explore this beautiful to log in and doing this
281
01:12:57,855 --> 01:13:03,999
Analisis 40mm dance in the post Expedition escalate our privilege from the manager user
282
01:13:04,255 --> 01:13:07,327
So let me walk you through entire process.
283
01:13:07,583 --> 01:13:11,423
Going to while analyzing this pregnancy pee
284
01:13:11,935 --> 01:13:18,079
So as I mentioned I'd injection point is the profile updated and the second oldest SQL injection
285
01:13:18,335 --> 01:13:24,479
That's what is loaded
286
01:13:24,735 --> 01:13:30,879
Zipforms Adams Administration was treated as an
287
01:13:31,135 --> 01:13:37,279
Okay so
288
01:13:37,535 --> 01:13:43,679
The first character not the Bluemont be provided
289
01:13:43,935 --> 01:13:48,799
It will consume the entire within this particular
290
01:13:49,055 --> 01:13:50,335
Adam Eaton
291
01:13:50,591 --> 01:13:56,735
So he abused us equal map to automatic this process where it has a support
292
01:13:56,991 --> 01:14:03,135
Or the second and SQL injection Alex and how we can use these days in the next modern or letter
293
01:14:03,391 --> 01:14:04,415
Say the next topic
294
01:14:04,671 --> 01:14:10,815
But I also explain the basic stuff that we can use with a simple map like the new edition
295
01:14:11,071 --> 01:14:17,215
An injection Mark start of in Houston Street during this walkthrough
296
01:14:17,471 --> 01:14:23,615
You are demo model SQL injection on the junior Belleville identify NexGard the second-order SQL injection
297
01:14:23,871 --> 01:14:30,015
Wife in the United States Daniel to fetch the database founded
298
01:14:30,271 --> 01:14:36,415
Call Collin 81 administrator so let me go to decal machine
299
01:14:43,839 --> 01:14:46,399
Let me ask you this
300
01:14:55,871 --> 01:15:02,015
Browser
301
01:15:02,271 --> 01:15:08,415
Distance from Facebook marks you can simply existence Tula
302
01:15:09,951 --> 01:15:11,231
Scioscia
303
01:15:11,487 --> 01:15:17,631
DM poinsettias vulnerable is B. Indicators of the first to a lock-in
304
01:15:17,887 --> 01:15:22,495
It said Mistreater index.php
305
01:15:24,287 --> 01:15:30,431
It rejects a student login page to hear what I'm doing I'm just looking at the list playlist user
306
01:15:31,711 --> 01:15:34,527
And that is lipsi
307
01:15:36,319 --> 01:15:42,463
And it's his manager it's kind of has a list
308
01:15:42,719 --> 01:15:44,255
Langston's
309
01:15:47,327 --> 01:15:53,471
So you do see it has only certain limited access
310
01:15:53,727 --> 01:15:58,847
Toyodiy user S5 between login
311
01:16:00,639 --> 01:16:06,783
Spoiled are let me open the same
312
01:16:07,039 --> 01:16:08,319
9 point
313
01:16:12,927 --> 01:16:18,559
Again you have to login to the administrator user so let me do that
314
01:16:20,607 --> 01:16:24,191
The super admin user it lets a not so secure
315
01:16:29,823 --> 01:16:35,967
So here you see it hasn't existed
316
01:16:36,223 --> 01:16:42,367
System control panel you can create the user can also manage the menus that is available business
317
01:16:42,623 --> 01:16:48,767
Langston's in Solon
318
01:16:49,023 --> 01:16:54,911
Double injection point is to Holiday page
319
01:16:55,167 --> 01:16:59,007
Vodak let me capture this particular request
320
01:17:03,103 --> 01:17:08,735
No I know that this is the weather this week
321
01:17:08,991 --> 01:17:10,527
And 46 best
322
01:17:13,087 --> 01:17:19,231
Injection is
323
01:17:19,487 --> 01:17:25,631
And based on analysis of development in Strongsville identified
324
01:17:25,887 --> 01:17:29,215
Level select
325
01:17:29,727 --> 01:17:35,871
It says yes
326
01:17:36,127 --> 01:17:37,407
Blippi
327
01:17:37,663 --> 01:17:42,015
Go to the dashboard page
328
01:17:42,783 --> 01:17:48,927
The moment to refresh this page it has respond with the sequel syntax error it says that
329
01:17:49,183 --> 01:17:53,279
You're single coat is part of this body
330
01:17:53,535 --> 01:17:59,679
So the next thing is let's try to provide
331
01:18:00,447 --> 01:18:03,775
I want to go phone single coat or
332
01:18:04,543 --> 01:18:06,847
That's asleep
333
01:18:08,383 --> 01:18:14,527
Second-in-command
334
01:18:16,575 --> 01:18:18,367
And this request
335
01:18:22,463 --> 01:18:28,607
But the moment we do you see the only the first character is part of this
336
01:18:28,863 --> 01:18:35,007
Qualified in the back and it will not process the entire input and they identified that
337
01:18:35,263 --> 01:18:41,407
Application and add apple juice and Belton gym the entire input Within.
338
01:18:41,663 --> 01:18:47,807
I am done the same thing they just provided the secret and Exposition and Guadalupe
339
01:18:48,063 --> 01:18:52,671
Now let's check whether it will become a part of the Glad in the back end or not
340
01:18:53,183 --> 01:18:55,231
The moment we do that
341
01:18:55,487 --> 01:18:59,071
You see now over enter payload is part
342
01:18:59,327 --> 01:19:05,471
I'll be ready in the back so now what we can do
343
01:19:05,727 --> 01:19:11,871
Invisible map on this particular parameter
344
01:19:12,127 --> 01:19:18,271
Physical map
345
01:19:18,527 --> 01:19:24,671
Is a custom injection Mark within the sequel map again
346
01:19:24,927 --> 01:19:31,071
Send the signal map payload to this particular position only
347
01:19:31,327 --> 01:19:37,471
Will not process any of the other parameter
348
01:19:37,727 --> 01:19:43,871
Simply Market as X32
349
01:19:44,127 --> 01:19:50,271
Deuces
350
01:19:50,527 --> 01:19:56,671
The moment we done that we are unable to retrieve the output
351
01:19:56,927 --> 01:20:03,071
Where to create our payload which basically result into certain things from the backing and the piano.
352
01:20:03,327 --> 01:20:09,471
What is this like
353
01:20:09,727 --> 01:20:15,872
Beautiful function
354
01:20:17,920 --> 01:20:24,064
At the moment we do this application application
355
01:20:24,320 --> 01:20:30,464
Responded the name of the database that means we are able to
356
01:20:30,720 --> 01:20:36,864
So the next thing we can try is instead of retrieving database LetMeWatchThis
357
01:20:37,120 --> 01:20:43,264
Is a custom injection point of on this
358
01:20:43,520 --> 01:20:44,800
Quest
359
01:20:46,592 --> 01:20:50,944
What time do let me save this into one file
360
01:20:51,712 --> 01:20:52,992
Let's see
361
01:20:54,016 --> 01:20:57,856
Sobble
362
01:20:58,368 --> 01:21:04,512
Txt I already Mart custom injection mark
363
01:21:05,280 --> 01:21:11,424
Elijah versus only location
364
01:21:12,704 --> 01:21:15,264
No let's Rana pillow
365
01:21:15,520 --> 01:21:18,848
Supernatural physical map
366
01:21:19,616 --> 01:21:25,760
I want to process a request in for that fuel to use this option let me show you
367
01:21:30,112 --> 01:21:33,440
I'm just give you basic information.
368
01:21:33,696 --> 01:21:39,840
Within that psychological
369
01:21:40,096 --> 01:21:46,240
Then I'll explain what is innovation companies
370
01:21:47,776 --> 01:21:53,920
So the request is Joomla. EXT now
371
01:21:54,176 --> 01:22:00,320
Is I know that the backend dbms is my signal for the students to to save the time that may just provide
372
01:22:01,600 --> 01:22:07,744
And s u r e
373
01:22:10,304 --> 01:22:16,448
Estilo Bhatia
374
01:22:16,704 --> 01:22:18,752
Is that is available in the market
375
01:22:19,520 --> 01:22:25,664
So here it says that custom injection marker found in post body do you want to process it yes
376
01:22:25,920 --> 01:22:32,064
I want to process that only
377
01:22:32,320 --> 01:22:38,464
Because I already custom I already marked the custom injection montreign Casino
378
01:22:38,976 --> 01:22:45,120
It says that you are addicted to the other page
379
01:22:45,376 --> 01:22:48,192
So let's say yes I want to follow it
380
01:22:48,704 --> 01:22:54,848
If you do that is a result of post request we want to resend original prostituta new location
381
01:22:55,104 --> 01:23:01,248
No because my falling piss test Morales we are able to obtain
382
01:23:01,504 --> 01:23:07,648
So the moment we run this very that vacation respond Betty output up
383
01:23:07,904 --> 01:23:14,048
Altadena business that is that on the back and someone just get cash
384
01:23:14,304 --> 01:23:20,448
Save the time but the moment you run this April takes 5 minutes
385
01:23:21,472 --> 01:23:27,616
Know what next we are able to identify the database names that's what our challenge is like
386
01:23:27,872 --> 01:23:34,016
But let me walk you through the process that we have done to become the first expedition
387
01:23:34,272 --> 01:23:40,416
Normal is relative at least
388
01:23:40,672 --> 01:23:43,232
Super-admin
389
01:23:43,488 --> 01:23:45,024
So
390
01:23:47,072 --> 01:23:49,376
What time do now
391
01:23:50,656 --> 01:23:56,544
I know that we are able to obtain or database
392
01:24:03,200 --> 01:24:07,296
Sqlmap
393
01:24:08,832 --> 01:24:14,976
All we can do animation
394
01:24:15,232 --> 01:24:20,096
Then you can buy from the auction that you can simply provide the name of the database
395
01:24:20,352 --> 01:24:26,496
Okay now then you can use this table option to accept all the tables that is there within this TV
396
01:24:26,752 --> 01:24:29,568
For that let me fix that
397
01:24:30,080 --> 01:24:36,224
IPhone
398
01:24:39,552 --> 01:24:43,392
Again providing the same input Sierra snow
399
01:24:43,648 --> 01:24:49,792
Yes no it's try to exchange
400
01:24:50,048 --> 01:24:53,888
All the tables theme song
401
01:24:55,936 --> 01:25:00,800
So let's wait for 102 minutes results
402
01:25:10,528 --> 01:25:16,672
It is so many tables right session
403
01:25:17,696 --> 01:25:18,976
Session
404
01:25:27,680 --> 01:25:30,240
Sexing.
405
01:25:35,360 --> 01:25:41,504
Now we have all the tables name that is available in this database
406
01:25:41,760 --> 01:25:47,904
Going through all its emotional distance to do tables like users use as group that uses
407
01:25:48,160 --> 01:25:54,304
Where is Urban table call session which contains be all this
408
01:25:54,560 --> 01:26:00,704
Information who is logged into this tool application
409
01:26:00,960 --> 01:26:01,984
Session
410
01:26:02,240 --> 01:26:08,384
Suppose that I know the better
411
01:26:08,640 --> 01:26:14,784
The people name then you can simply use this I-70 to fix the table and then we can
412
01:26:15,040 --> 01:26:21,184
Eustace dump
413
01:26:21,440 --> 01:26:25,024
So my table is
414
01:26:26,304 --> 01:26:28,352
Session
415
01:26:32,192 --> 01:26:36,288
And now I want to down
416
01:26:37,056 --> 01:26:43,200
And I want to run it and Waterman
417
01:26:43,456 --> 01:26:46,016
Yes no
418
01:26:46,272 --> 01:26:48,320
Distorting the same output
419
01:26:48,576 --> 01:26:50,624
Yes no
420
01:26:55,488 --> 01:27:01,632
No it's not able to identify all the column name so that's why it's saying that
421
01:27:01,888 --> 01:27:08,032
Happy want to use cumin Kalam existing checks so let's say yes I want to do that
422
01:27:08,288 --> 01:27:11,104
If you look at this
423
01:27:11,616 --> 01:27:16,992
Sweet has so many information
424
01:27:17,504 --> 01:27:23,648
Word count 2733 basically text
425
01:27:23,904 --> 01:27:30,048
Time to brute-force documentation is available
426
01:27:30,304 --> 01:27:34,656
Alicia option document
427
01:27:34,912 --> 01:27:36,448
Online
428
01:27:44,128 --> 01:27:50,272
If that is on the table information is available section where we are to look at
429
01:27:50,528 --> 01:27:55,136
We have to identify the column then that is better than this session
430
01:27:55,904 --> 01:27:57,952
And that is
431
01:28:01,280 --> 01:28:05,376
Okay with indigestion
432
01:28:06,144 --> 01:28:12,288
Which has exited the same name
433
01:28:12,544 --> 01:28:18,688
Only this columnist sylectus use this information and creating content
434
01:28:20,224 --> 01:28:24,320
Call
435
01:28:24,576 --> 01:28:30,720
Session column
436
01:28:30,976 --> 01:28:33,024
DxD
437
01:28:33,280 --> 01:28:35,072
And get them.
438
01:28:36,096 --> 01:28:41,472
I'm just providing all the column name that is available online
439
01:28:41,728 --> 01:28:45,056
Call justo.
440
01:28:51,200 --> 01:28:55,808
And the name of the pipe is session calendar Pepsi
441
01:28:58,368 --> 01:29:01,952
Competition commission based eat over here
442
01:29:02,464 --> 01:29:08,352
Sunday 1298
443
01:29:08,608 --> 01:29:14,752
Sorry just take 85 option
444
01:29:15,008 --> 01:29:18,592
I'm just doing the same
445
01:29:19,360 --> 01:29:25,504
Before the PlayStation
446
01:29:25,760 --> 01:29:30,624
If it's expired then we'll do it again that's why I'm just doing that
447
01:29:30,880 --> 01:29:33,184
Yes no
448
01:29:37,792 --> 01:29:43,936
Yes to root Flash
449
01:29:45,216 --> 01:29:51,360
It's a detention column. EXT
450
01:29:51,616 --> 01:29:53,664
And now it's retrieving
451
01:29:53,920 --> 01:30:00,064
Name some R5
452
01:30:00,320 --> 01:30:02,368
Complete this process
453
01:30:08,256 --> 01:30:14,400
So this is all just actually show you the process that we have done to escalate our privilege
454
01:30:14,656 --> 01:30:20,800
Expedition available once you identify the simple injection like we have seen in the previous example
455
01:30:30,272 --> 01:30:33,856
It's like speaking sometimes it just wait for that
456
01:30:36,416 --> 01:30:40,512
It's still good for April 14th
457
01:30:50,752 --> 01:30:52,544
60%
458
01:31:20,960 --> 01:31:27,104
It's about the complete then it started a tree that information from the back-end database all the rows that is there
459
01:31:32,736 --> 01:31:37,088
So yeah it's time to distribute information from the database
460
01:31:37,600 --> 01:31:43,744
Acquisition I declined idps timestamp user ID username
461
01:31:45,280 --> 01:31:51,424
Around 1
462
01:31:55,776 --> 01:32:01,920
Okay so it's identified kind of stationery that is that over here
463
01:32:02,176 --> 01:32:05,760
What's the username is
464
01:32:16,512 --> 01:32:19,072
It just made for some time
465
01:32:25,984 --> 01:32:32,128
Still doing identify my information
466
01:32:32,384 --> 01:32:38,528
So you see now is able to identify an information of the super admin user and that is not
467
01:32:38,784 --> 01:32:39,552
Procedure
468
01:32:41,344 --> 01:32:47,488
And this might be a session cookie of despotic
469
01:32:47,744 --> 01:32:51,328
I'll finish this process
470
01:32:56,704 --> 01:32:59,264
American Signature
471
01:33:03,104 --> 01:33:09,248
Electrical information
472
01:33:12,832 --> 01:33:18,976
So yes it has expected all this information so this is the information for Elizabeth user and this
473
01:33:19,232 --> 01:33:25,376
Information for a high-speed user and restarting like this
474
01:33:28,960 --> 01:33:35,104
Like you said I declined assassinated at a time
475
01:33:35,360 --> 01:33:40,992
This is the Cincinnati looks to be autistic
476
01:33:41,248 --> 01:33:42,528
In simply
477
01:33:43,040 --> 01:33:46,880
Go to our consul
478
01:33:48,672 --> 01:33:54,816
Storage Storage storage
479
01:33:57,120 --> 01:34:03,264
I just good I'm doing wrong please let me again go to my application
480
01:34:03,520 --> 01:34:06,592
Go to the storage here
481
01:34:06,848 --> 01:34:11,712
Can simply replace the spooky
482
01:34:11,968 --> 01:34:13,760
Let's try to do Facebook page
483
01:34:14,016 --> 01:34:20,160
The moment you refresh the page one successfully obtained a session of the super admin user
484
01:34:20,416 --> 01:34:26,560
So this is how we approach the junior version which is vulnerable while there is no problem
485
01:34:26,816 --> 01:34:32,960
Are available and based on information or based on the analysis
486
01:34:33,216 --> 01:34:39,360
Food that is there on d08 index position on that particular parameter
487
01:34:39,616 --> 01:34:45,760
Expedition to escalate Oculus from the normal
488
01:34:46,272 --> 01:34:49,088
So anyone has any questioning this
489
01:34:55,744 --> 01:35:01,888
Okay so with that now let's go to our next topic
490
01:35:02,144 --> 01:35:08,288
As I mentioned.
491
01:35:08,544 --> 01:35:14,688
Identify this information from the back-end database
492
01:35:14,944 --> 01:35:21,088
Location of the dinosaur new right so it has a full support for most of the data business likewise
493
01:35:21,344 --> 01:35:27,488
Oracle postgres Microsoft
494
01:35:27,744 --> 01:35:33,888
All this pain injection techniques like Boolean Boolean Boolean best blind time-based blind Erebus Unum days
495
01:35:34,144 --> 01:35:40,288
Spect where he's kind of queries that we used in our simple injection
496
01:35:40,544 --> 01:35:44,128
Channel 5 Boston s exercise Freddy's
497
01:35:44,384 --> 01:35:50,528
Then allow us to do a fingerprinting animation Debussy nor energy
498
01:35:50,784 --> 01:35:56,928
Kind of extra data databases tables column and the end.
499
01:35:57,184 --> 01:36:03,328
Is there a script
500
01:36:03,584 --> 01:36:09,728
Bypass Google protection also allowed to do download upload files and it has also supports
501
01:36:09,984 --> 01:36:16,128
For the second noticeable injection and. Titian
502
01:36:16,384 --> 01:36:20,992
Seen in the previous six Rivers demo version
503
01:36:21,248 --> 01:36:23,808
Did you lovers palatable version
504
01:36:24,064 --> 01:36:30,208
Is it mentioned that sometime what happened be straight-up invisible map on the wall
505
01:36:30,464 --> 01:36:35,840
Unable to extract any of the information so here
506
01:36:37,120 --> 01:36:43,264
This is how it's created the pillow the baby are creating
507
01:36:43,520 --> 01:36:49,664
Explore this pain injection condition singlecut or than
508
01:36:49,920 --> 01:36:56,064
A Doubloon value Nexus 7 7/8 is equal to the same value and
509
01:36:56,320 --> 01:37:02,464
Condition using
510
01:37:02,720 --> 01:37:04,256
Florida menu
511
01:37:04,512 --> 01:37:10,656
So I'd also has a support for a trip to bypass Bebop screws kind of lexicon
512
01:37:10,912 --> 01:37:17,056
Barbie episode face mask
513
01:37:18,080 --> 01:37:24,224
Apostrophe Mark then it will also convert this entire building to a base 64 and Court
514
01:37:24,480 --> 01:37:30,624
There are certain other scripts are available light
515
01:37:30,880 --> 01:37:37,024
And so on so you can simply go to this particular Cruise
516
01:37:37,792 --> 01:37:43,936
Then the uses of restriction so I'll be mentioned that white is required
517
01:37:44,192 --> 01:37:50,336
Because once we identify the simple injection point we can simply Martin Padilla parameter
518
01:37:50,592 --> 01:37:56,736
Only injectable location
519
01:37:57,760 --> 01:38:03,904
Is it blindly one will not work it will not able to
520
01:38:04,160 --> 01:38:10,304
So he'll first film to create a payload into
521
01:38:10,560 --> 01:38:14,912
And like we have seen in the Joomla demonstration by
522
01:38:15,168 --> 01:38:21,312
We have created a new line with the output
523
01:38:21,568 --> 01:38:27,712
Ezekiel Purina Select database function 34 function
524
01:38:27,968 --> 01:38:33,088
My location
525
01:38:33,344 --> 01:38:39,488
Supported result this is useful option that is available
526
01:38:39,744 --> 01:38:45,888
So how to use this Economic Development so sometime what happened
527
01:38:46,400 --> 01:38:52,544
We have to modify certain things within the sequel map at runtime
528
01:38:59,456 --> 01:39:05,600
It's going to allow us to execute the B and Kodak Tran time
529
01:39:05,856 --> 01:39:12,000
Bison provide devices to this option where you can simply
530
01:39:12,256 --> 01:39:18,400
Sleepless certain parameter at different times in the request parameter before sending request
531
01:39:21,728 --> 01:39:27,872
Easton. Our next exercise by the advanced people
532
01:39:28,128 --> 01:39:34,272
Identify the simple injection point
533
01:39:34,528 --> 01:39:40,672
So what you think
534
01:39:40,928 --> 01:39:47,072
Get product call National PID and signature
535
01:39:47,328 --> 01:39:50,656
Insertion point Quest
536
01:39:51,936 --> 01:39:57,056
Let me
537
01:40:08,320 --> 01:40:12,928
No here a moment ago to discover
538
01:40:13,440 --> 01:40:15,744
Inspector mobile
539
01:40:16,512 --> 01:40:19,584
I'm getting one request to watch.
540
01:40:23,680 --> 01:40:29,824
This request in the back and it just sending this get product request
541
01:40:30,080 --> 01:40:36,224
The first to fetch tea product information now
542
01:40:36,480 --> 01:40:38,528
And there is a signature
543
01:40:39,040 --> 01:40:45,184
So so as we have seen previously.
544
01:40:45,440 --> 01:40:51,584
Auto protect
545
01:40:51,840 --> 01:40:57,984
Let's check weather District 2
546
01:41:00,032 --> 01:41:06,176
Afghanistan sending this party line formation now
547
01:41:06,432 --> 01:41:10,272
A single quart electric file single
548
01:41:12,576 --> 01:41:17,952
One little one and coming out rest of the body
549
01:41:18,720 --> 01:41:24,864
Another has occurred that means it will not allow us to modify anything within despair
550
01:41:31,520 --> 01:41:33,568
Yo to analyze this source code
551
01:41:34,336 --> 01:41:40,480
That have the signature parameters done that in all invited to bypass
552
01:41:40,736 --> 01:41:46,880
Identify two gendered signature then
553
01:41:47,136 --> 01:41:53,280
YouTube convert discharge clipboard into a python code
554
01:41:53,536 --> 01:41:59,680
Did that one time whatever the value that you provided what year is basically update
555
01:41:59,936 --> 01:42:06,080
The equivalent signature parameter value
556
01:42:06,336 --> 01:42:08,128
Evil auction
557
01:42:08,640 --> 01:42:14,784
What I do I just first play with this exercise then I'll clear all the concepts related
558
01:42:15,040 --> 01:42:21,184
Disable auction during the walk-through we can use it what's the purpose of this evil option
559
01:42:21,440 --> 01:42:25,280
So anyone has any question in this
560
01:42:31,168 --> 01:42:37,312
Okay so what time. Just let you play with this particular exercise first and I think we are heading
561
01:42:37,568 --> 01:42:43,712
2D yes copy play Casper so
562
01:42:43,968 --> 01:42:48,832
Play followed by 15 minutes coffee break
563
01:42:49,088 --> 01:42:55,232
Demoed on this and then again Alfie Boe time to complete this 25 minutes
564
01:42:56,256 --> 01:43:01,120
First exercise break and then followed by coffee break
565
01:43:03,936 --> 01:43:10,080
So all the best everyone we are also available during the coffee break so if you have any questions for this job
566
01:43:10,336 --> 01:43:16,480
Are the previous topic that will cover today you can simply Pingus on the Bravo Channel
567
01:44:57,600 --> 01:45:03,744
And let me also share the password of the jewel application to those who want to play with this during the carpet
568
01:45:04,000 --> 01:45:06,560
Black and also play with this
569
01:45:07,840 --> 01:45:09,120
Demo
570
02:07:56,416 --> 02:08:02,560
Annabelle come back everyone I hope you enjoy your coffee play okay so only three people
571
02:08:06,656 --> 02:08:09,216
Finnegan algebra time to competition
572
02:08:09,984 --> 02:08:15,104
Call Dad that's beautiful too
573
02:08:16,128 --> 02:08:22,272
No hospital to identify Decor using
574
02:08:22,528 --> 02:08:28,672
Simply to right click
575
02:08:28,928 --> 02:08:35,072
Fantastic day today in activities
576
02:08:35,328 --> 02:08:41,472
Are the Javascript file in order to identify declines and processes for
577
02:08:41,728 --> 02:08:47,104
Is exercise important
578
02:08:47,360 --> 02:08:53,504
And this is for the API vulture
579
02:08:53,760 --> 02:08:57,088
API product product
580
02:09:25,760 --> 02:09:30,112
Give me a midsize onions to do things up
581
02:10:00,576 --> 02:10:03,136
Start deebot
582
02:10:05,696 --> 02:10:11,328
Lowe's next Starbucks
583
02:10:11,584 --> 02:10:17,728
Admissible Roxy
584
02:10:17,984 --> 02:10:22,848
Stubhub.com
585
02:10:24,128 --> 02:10:30,272
Select any of the top up and the moment you let say to order
586
02:10:31,552 --> 02:10:34,368
Same-day request in the Buckeye
587
02:10:35,904 --> 02:10:42,048
Repeater now
588
02:10:45,376 --> 02:10:48,192
Teresa request
589
02:10:48,448 --> 02:10:54,592
Which is part of a signature is created and that is Epi product get product
590
02:10:54,848 --> 02:11:00,992
The entire URL to create the signature insertion
591
02:11:01,248 --> 02:11:07,392
Barbie's pregnant kitchen function is URL
592
02:11:07,648 --> 02:11:13,792
Titan version of this particular javascriptcore has
593
02:11:14,048 --> 02:11:18,656
All kind of implementation for different Detroit
594
02:11:19,936 --> 02:11:22,240
In order to provide our payload
595
02:11:25,056 --> 02:11:31,200
Let's try to modify
596
02:11:31,456 --> 02:11:37,600
Respond respond
597
02:11:43,488 --> 02:11:49,632
Lowe's cancer gas because I want to start a terminal
598
02:11:50,656 --> 02:11:52,960
No
599
02:11:53,216 --> 02:11:57,568
Is all the expensive piece of gold in our
600
02:11:58,080 --> 02:12:00,128
You buy promo code bypass
601
02:12:00,384 --> 02:12:06,528
I'm using this hplibrary asleep
602
02:12:09,088 --> 02:12:11,648
Then I'm using this key
603
02:12:11,904 --> 02:12:15,488
Okay and then good for encryption is
604
02:12:15,744 --> 02:12:19,840
The message I just replace this with
605
02:12:20,096 --> 02:12:26,240
Let me check what it is 123
606
02:12:26,496 --> 02:12:32,640
Bentley's under the signature at mix sha-256 signature for this particular input
607
02:12:32,896 --> 02:12:35,712
Signature office information
608
02:12:35,968 --> 02:12:42,112
Let's I do not despise in 30 here.
609
02:12:42,368 --> 02:12:46,464
Signature for us
610
02:12:49,024 --> 02:12:55,168
So yes we are able to generate orbs
611
02:12:55,424 --> 02:13:01,568
No information that is dead for this article appeared in the back
612
02:13:05,152 --> 02:13:10,272
For that I'm just find a spot to go tomorrow
613
02:13:11,296 --> 02:13:14,880
And Addie's 13
614
02:13:15,136 --> 02:13:19,744
And plus one equal to one
615
02:13:20,000 --> 02:13:25,376
Okay so going to have to generate the signature for this
616
02:13:26,400 --> 02:13:30,240
And want what
617
02:13:30,496 --> 02:13:34,336
We run this quarter game
618
02:13:35,104 --> 02:13:38,176
Is Sister signature office days
619
02:13:38,688 --> 02:13:44,832
It's against
620
02:13:49,952 --> 02:13:53,280
Instagram and how to check
621
02:13:56,864 --> 02:14:03,008
Games on this tomorrow in Joe Biden
622
02:14:03,264 --> 02:14:09,408
Parameter
623
02:14:16,064 --> 02:14:22,208
That means this particular and pundits Valerie
624
02:14:25,024 --> 02:14:31,168
Add rental deal to change the signature
625
02:14:31,680 --> 02:14:36,800
So how do we do that to do that feel to use this evil auction
626
02:14:37,056 --> 02:14:42,688
Supposed to let me know because I'm injection point to Russia
627
02:14:43,200 --> 02:14:49,344
Okay so this PID parametrix
628
02:14:52,416 --> 02:14:58,560
Disclosing this over here here I'm just creating One Pilots Isabel
629
02:14:58,816 --> 02:15:04,960
Uber request. EXE
630
02:15:05,216 --> 02:15:11,360
Storing my request injection
631
02:15:11,616 --> 02:15:14,432
Vulnerable
632
02:15:14,688 --> 02:15:19,040
No I'm fighting this particular Pokemon
633
02:15:23,648 --> 02:15:29,024
Google Map
634
02:15:29,536 --> 02:15:35,680
Sequester txt now I want to I want to change this
635
02:15:35,936 --> 02:15:42,080
After inserting discipline that I'm just fine
636
02:15:42,336 --> 02:15:48,480
Value within table option
637
02:15:48,736 --> 02:15:54,880
What is mildew for inserted
638
02:15:55,136 --> 02:16:00,768
State that is importing libraries than
639
02:16:05,120 --> 02:16:11,264
Then it has to create X-Men
640
02:16:11,520 --> 02:16:17,664
Felicity is pissed and the input for that particular encryption
641
02:16:17,920 --> 02:16:24,064
Is it product is equal to
642
02:16:24,320 --> 02:16:30,464
Know this information that you're considered from DPI Department
643
02:16:30,720 --> 02:16:36,864
It's rent time and then the value that is
644
02:16:37,120 --> 02:16:43,264
You have to replace this volume
645
02:16:43,520 --> 02:16:49,664
The value function that you to read this information to PID
646
02:16:49,920 --> 02:16:56,064
Information from The Paddy parameter information
647
02:16:56,320 --> 02:17:02,464
Prosystem multiple parameter at runtime
648
02:17:03,232 --> 02:17:06,816
That's what I have to execute
649
02:17:07,584 --> 02:17:10,400
The moment we're on this summer
650
02:17:18,080 --> 02:17:24,224
Just passing the payload the backend better replacing the signature card
651
02:17:24,480 --> 02:17:27,296
Runtime for sometime
652
02:17:46,752 --> 02:17:52,896
Yes Stratton do distributed database information and that is
653
02:17:53,152 --> 02:17:57,248
So this fateful sometime
654
02:18:06,720 --> 02:18:12,864
The first one is book Stevie used to Blind a payload
655
02:18:13,120 --> 02:18:19,264
Information about the only thing that you to understand over here is that you have to keep in mind the name of the barometer that is dead
656
02:18:19,520 --> 02:18:25,664
Seattle map that only look at this
657
02:18:26,688 --> 02:18:29,760
Mia map
658
02:18:30,016 --> 02:18:36,160
Information
659
02:18:36,416 --> 02:18:42,560
Information within this signature
660
02:18:42,816 --> 02:18:47,936
Into mine while doing this while using disable option
661
02:18:48,960 --> 02:18:55,104
CS second database are they expensive
662
02:18:55,616 --> 02:18:59,200
I guess master
663
02:19:14,048 --> 02:19:18,912
So this is how you going to extract the information using table auction
664
02:19:19,424 --> 02:19:24,288
If there is a need of a Lexus changing the value of the parameter at runtime
665
02:19:24,544 --> 02:19:26,848
So anyone has any question in this
666
02:19:27,104 --> 02:19:33,248
I missed the part where we got the key from again do the encryption
667
02:19:33,504 --> 02:19:36,064
LetMeWatchThis
668
02:19:39,648 --> 02:19:45,792
The first real client divided this is a plantar processor
669
02:19:46,048 --> 02:19:52,192
Sourcecorp okay what's the time
670
02:19:52,448 --> 02:19:58,592
That is that on JavaScript
671
02:19:58,848 --> 02:20:04,992
Identified
672
02:20:05,248 --> 02:20:11,392
API product get product ID
673
02:20:11,648 --> 02:20:17,792
Create a signature
674
02:20:24,448 --> 02:20:30,592
The input is nothing but thieves
675
02:20:30,848 --> 02:20:36,992
Signature is important signature parameter
676
02:20:37,248 --> 02:20:43,392
T.i. product a product is equal to
677
02:20:43,648 --> 02:20:49,792
Value is nothing but each ended one
678
02:20:50,048 --> 02:20:52,608
Implementation of
679
02:20:52,864 --> 02:20:59,008
It's a little library with indifferent
680
02:21:06,176 --> 02:21:07,456
And
681
02:21:08,992 --> 02:21:11,808
Disease
682
02:21:12,320 --> 02:21:18,464
That is this okay
683
02:21:18,720 --> 02:21:24,864
List of that you used to look for kitties and stuffing and source code files or I mean ivy
684
02:21:25,120 --> 02:21:31,264
Is there any like you recommend a list to use
685
02:21:31,520 --> 02:21:37,664
This approach to protect a creepy kind of thing always implemented The Blind Side
686
02:21:37,920 --> 02:21:44,064
So he used to always use piano
687
02:21:44,320 --> 02:21:50,464
You can always identify this kind of encryption
688
02:21:52,256 --> 02:21:58,400
Yeah I'm staying within the job Scruples razor like you use the word list for anything too quickly like
689
02:21:58,656 --> 02:22:04,800
Search through for keys or tokens or password
690
02:22:11,456 --> 02:22:17,600
Basically pulled out all the JavaScript files and mapped out and canceled the lists are interesting in points that are available
691
02:22:17,856 --> 02:22:24,000
Has keys and stuff it will highlight them to you so that's from the attack attack perspective
692
02:22:24,256 --> 02:22:30,400
Usually doctors tell them to not have your
693
02:22:30,656 --> 02:22:36,800
A signature Logics embedded in depending on the particular
694
02:22:43,456 --> 02:22:49,600
I just post a link of that clocking in the generation
695
02:22:53,696 --> 02:22:59,840
It's not what I say
696
02:33:03,232 --> 02:33:09,376
It looks like most of your computer this one now let's go to the next one
697
02:33:09,632 --> 02:33:14,496
This one please do not buy you can complete this doing the 30 days left.
698
02:33:16,800 --> 02:33:19,616
No it's.
699
02:33:24,224 --> 02:33:30,368
So what happened
700
02:33:30,624 --> 02:33:33,184
But you are unable to retrieve
701
02:33:33,952 --> 02:33:40,096
Because scuse me
702
02:33:40,352 --> 02:33:46,496
What happened in the back and two you are unable to
703
02:33:46,752 --> 02:33:52,896
All these people
704
02:33:53,152 --> 02:33:59,296
Listen to see 91/30 in International Drive
705
02:34:03,648 --> 02:34:06,464
So does that mean that we are h-2a limit
706
02:34:06,720 --> 02:34:12,864
It's time to be a limitless without up and call
707
02:34:13,120 --> 02:34:19,264
Because it's excellent cover China compared compared to
708
02:34:19,520 --> 02:34:25,664
Internet Protocol xhdpi
709
02:34:25,920 --> 02:34:32,064
Because the dentist just not do anything else
710
02:34:32,320 --> 02:34:38,464
So if there is a higher chance that we are able to bypass the crystal.
711
02:34:38,720 --> 02:34:44,864
What is implemented in the applications available
712
02:34:45,120 --> 02:34:51,264
What are so this District of Paris 2255 B
713
02:34:51,520 --> 02:34:57,664
Alternator digits and hyphen
714
02:34:57,920 --> 02:35:00,736
Can I get done for you
715
02:35:01,248 --> 02:35:07,392
About G2 means destruction than you can only create the domain which is
716
02:35:07,648 --> 02:35:13,792
Of 255 character you cannot create a domain name
717
02:35:14,048 --> 02:35:20,192
No protocol is used mostly over the user datagram
718
02:35:20,448 --> 02:35:26,592
And there is no guarantee that this will be blood based on their order
719
02:35:26,848 --> 02:35:32,992
Arrival
720
02:35:33,248 --> 02:35:39,392
Budget video rental units will try to use this UDP protocol
721
02:35:39,648 --> 02:35:45,792
She had there's no guarantee that we are able to retrieve the data in the sequence okay
722
02:35:46,048 --> 02:35:52,192
So that's the challenge number two not the tour challenges the maximum length of the subdomains
723
02:35:52,448 --> 02:35:55,264
Protector
724
02:35:55,520 --> 02:36:01,664
It's a my user user 85off.com
725
02:36:02,432 --> 02:36:08,576
Know if I want to create another subduing the dentist use ratify and there is a limit
726
02:36:08,832 --> 02:36:14,976
Okay so the limit of any of the subdomain is 63 character you cannot
727
02:36:15,232 --> 02:36:21,376
Create a name of the subdomain more than 63 character
728
02:36:21,632 --> 02:36:27,776
Is not more than two packet characters
729
02:36:28,032 --> 02:36:34,176
Welcome these challenges to x-rated further to extract the data from server
730
02:36:34,432 --> 02:36:40,576
The encode and Big Data into smaller chunks suitable for
731
02:36:40,832 --> 02:36:44,416
Sending audio.
732
02:36:44,672 --> 02:36:50,816
Algebraic or enter output in such a way that it will.
733
02:36:51,072 --> 02:36:57,216
Let's listen to perfect our land is 623 character
734
02:36:57,472 --> 02:37:03,616
We're opening 16 months counter within our domain name so when this
735
02:37:03,872 --> 02:37:10,016
Send Elizabeth Adidas solar try to resolve this departing a subdomain
736
02:37:10,272 --> 02:37:14,624
And it will send a DNS queries today Atticus machine
737
02:37:15,136 --> 02:37:21,280
Nohea Bistro disciplines counter what we can do we can start the output and then
738
02:37:21,536 --> 02:37:27,680
Convert into smaller chunks and then expect the output from
739
02:37:35,872 --> 02:37:42,016
How we connected to the data over the dealer
740
02:37:43,296 --> 02:37:49,440
Which is a less modern protocol application
741
02:37:49,696 --> 02:37:55,840
So you can simplify to find the commands at
742
02:37:56,096 --> 02:37:58,656
Secure Auto Parts Expedition
743
02:37:59,168 --> 02:38:05,312
So this is determined that we are going to use during this Expedition so once it will snow here
744
02:38:05,568 --> 02:38:11,712
What it will do it we'll just participated become our story.
745
02:38:11,968 --> 02:38:18,112
Then we will divide this output into a smaller chunks where we can create a subdomain
746
02:38:18,368 --> 02:38:24,512
And the moment we try to let Sarah's lookup
747
02:38:24,768 --> 02:38:30,912
Idiotic
748
02:38:31,168 --> 02:38:37,312
And then we are using this egrip function basically I should be good from this
749
02:38:37,568 --> 02:38:41,152
Supplementary
750
02:38:41,408 --> 02:38:47,552
So this is kind of exercise to complex while just posted up
751
02:38:47,808 --> 02:38:53,952
Whether you want to play 56 Lifeforce or should I give you please water pool
752
02:38:54,208 --> 02:38:58,048
On the positive just push it on the Jenna Jenna
753
02:39:04,448 --> 02:39:10,592
Would like to see you today or you want to play with it first
754
02:39:12,896 --> 02:39:17,760
Minutes to
755
02:39:18,528 --> 02:39:21,088
Beauty School
756
02:39:21,856 --> 02:39:23,392
Okay
757
02:39:55,136 --> 02:40:01,024
Is the most popular would like to see a democracy
758
02:40:02,048 --> 02:40:08,192
Adjective for majority of You Are
759
02:40:12,288 --> 02:40:14,592
Thanks for the word everyone
760
02:40:22,528 --> 02:40:28,672
What we're doing we are using the same endpoint injection
761
02:40:28,928 --> 02:40:35,072
Just blocked yesterday
762
02:40:35,328 --> 02:40:41,472
Extra content.
763
02:40:41,728 --> 02:40:46,336
So let me go to TV
764
02:40:52,224 --> 02:40:56,832
Okay so let's Fire Department
765
02:40:57,088 --> 02:41:00,160
What should I do for Columbus PC command first
766
02:41:06,304 --> 02:41:08,864
BNS Odie
767
02:41:09,120 --> 02:41:15,264
User 85
768
02:41:15,520 --> 02:41:17,824
Exercise
769
02:41:23,712 --> 02:41:27,296
And thank you to start
770
02:41:27,552 --> 02:41:30,880
Tcpdump listener
771
02:41:39,328 --> 02:41:41,632
Go to my
772
02:41:44,448 --> 02:41:49,056
Weather in Portage
773
02:41:51,872 --> 02:41:54,176
Logging
774
02:41:54,688 --> 02:42:00,832
Password answer security question
775
02:42:01,344 --> 02:42:07,488
Google next declaring that you're just posted within the
776
02:42:07,744 --> 02:42:12,096
Basically making out on The Bancorp
777
02:42:12,352 --> 02:42:18,496
Quality Inn
778
02:42:18,752 --> 02:42:20,800
Reset the password
779
02:42:21,312 --> 02:42:27,456
The moment we do that
780
02:42:27,712 --> 02:42:29,760
Indiana State Police
781
02:42:30,784 --> 02:42:32,064
Know what next
782
02:42:32,576 --> 02:42:36,416
So the next invisible coming this particular come on
783
02:42:37,696 --> 02:42:42,816
Let me explain this what is the first command is this
784
02:42:43,584 --> 02:42:45,888
The second, please
785
02:42:54,592 --> 02:42:56,640
Study
786
02:42:56,896 --> 02:43:03,040
What it will do if a store t.i. Peek'n Peak output
787
02:43:03,296 --> 02:43:09,440
Understand use output X replacing the sex with my user ID
788
02:43:09,696 --> 02:43:15,840
To Output into a
789
02:43:16,096 --> 02:43:17,632
Concordance X-Files
790
02:43:18,912 --> 02:43:23,264
And the input for that is
791
02:43:24,288 --> 02:43:30,432
Define bemused by picante
792
02:43:30,688 --> 02:43:33,248
StarTex
793
02:43:35,552 --> 02:43:41,696
And you'll be home before ocean so it's kind of the type of encoding
794
02:43:41,952 --> 02:43:43,232
Let me show you this
795
02:43:45,536 --> 02:43:47,840
In my local machine
796
02:43:48,864 --> 02:43:51,168
CMG
797
02:44:01,408 --> 02:44:06,272
What's going on typing Eustis
798
02:44:09,600 --> 02:44:11,392
Easter Twinkie
799
02:44:11,648 --> 02:44:17,792
Install the output within this output 85 stand
800
02:44:21,376 --> 02:44:27,520
Machine
801
02:44:27,776 --> 02:44:33,920
Teresa output
802
02:44:34,176 --> 02:44:38,784
85 Clifton
803
02:44:42,368 --> 02:44:47,232
It is nothing but it has to Dr to De TI te confieso Mar
804
02:44:48,000 --> 02:44:54,144
Lock the next thing we have dry
805
02:44:54,400 --> 02:44:58,240
Explain tax information to a hex value because
806
02:44:58,496 --> 02:45:04,640
If you try to access this information over the internet
807
02:45:04,896 --> 02:45:11,040
Like new line.
808
02:45:11,296 --> 02:45:17,440
Which basically allows two information
809
02:45:17,696 --> 02:45:23,840
Dido meaning
810
02:45:24,864 --> 02:45:26,144
Again
811
02:45:33,568 --> 02:45:36,896
So yes it's store successfully
812
02:45:39,200 --> 02:45:45,344
Stop it has this specific output format
813
02:45:45,600 --> 02:45:50,208
That 72
814
02:45:50,976 --> 02:45:57,120
Option one
815
02:45:57,376 --> 02:46:01,216
Option let me show you some of them
816
02:46:13,247 --> 02:46:16,063
AC it's kind of a certificate format
817
02:46:16,831 --> 02:46:21,439
Anaconda 64, right
818
02:46:28,095 --> 02:46:34,239
Experiment which is which is not required
819
02:46:39,359 --> 02:46:45,503
So it's in the Certificate request format so then it's not required for us
820
02:46:45,759 --> 02:46:47,039
Exponent
821
02:46:48,831 --> 02:46:54,975
Bahama multi-line which contains the output of this ipconfig
822
02:46:55,231 --> 02:47:01,375
Like you do we'll just remove this piece first and then bill
823
02:47:01,631 --> 02:47:07,775
Create a subdomain based on this line so for the first time
824
02:47:08,031 --> 02:47:14,175
Information from this document and the first line.
825
02:47:14,431 --> 02:47:15,711
Accuser
826
02:47:15,967 --> 02:47:22,111
85
827
02:47:22,367 --> 02:47:26,207
Over here in this fight
828
02:47:26,719 --> 02:47:32,863
Now how do we process it so far. I'm just passing these parties the second, what it will do
829
02:47:35,167 --> 02:47:37,471
Let me down
830
02:47:40,543 --> 02:47:44,383
So this is kind of a Powershell command Avengers fighting metal
831
02:47:57,951 --> 02:48:04,095
It will do if your first accident all the content that is stored within this particular file
832
02:48:04,351 --> 02:48:10,495
Now the first thing it will do is remove all the spaces and father in Jessie
833
02:48:10,751 --> 02:48:16,895
Using this replace function but it will replace all this space with a value that means
834
02:48:17,663 --> 02:48:19,199
It is accomplished
835
02:48:23,807 --> 02:48:26,111
Testament
836
02:48:29,695 --> 02:48:35,327
Subspace with empty value
837
02:48:36,351 --> 02:48:39,423
So you can pick up this
838
02:48:39,935 --> 02:48:42,495
Know if you look at the length of this
839
02:48:43,263 --> 02:48:48,127
Line it has only a 32 character that it's embedded subdomain
840
02:48:48,639 --> 02:48:54,783
So the next thing people to 3816 one variable
841
02:48:55,039 --> 02:49:01,183
Used to track the sequel of this up to me straight to
842
02:49:01,439 --> 02:49:07,583
The output that is stored within this output 85x
843
02:49:07,839 --> 02:49:13,983
Beeline one-by-one from this particular document information
844
02:49:14,239 --> 02:49:20,383
On the 2nd instead it will be this time then toward lines and four clients or support the first light what is mildew
845
02:49:20,639 --> 02:49:26,783
Do ft converted into stream
846
02:49:27,807 --> 02:49:32,415
Let me write it down for you.
847
02:49:32,927 --> 02:49:39,071
Information that you've read from this particular file
848
02:49:39,327 --> 02:49:40,863
FirstLight
849
02:49:42,399 --> 02:49:44,959
.
850
02:49:45,215 --> 02:49:48,287
User x.com
851
02:49:49,823 --> 02:49:53,919
Did you know he just
852
02:49:54,175 --> 02:50:00,319
Buy Posada challenges because our domain name is not more than
853
02:50:00,575 --> 02:50:06,719
But any of the subdomain is not more than 63 correct
854
02:50:06,975 --> 02:50:13,119
We just to DNS Luca and fastest supplements
855
02:50:13,375 --> 02:50:19,519
62 result
856
02:50:21,567 --> 02:50:27,711
For the second instance water for the second Loop
857
02:50:27,967 --> 02:50:32,575
DVD
858
02:50:33,599 --> 02:50:39,743
Danny from the feed the second line output and that is
859
02:50:42,559 --> 02:50:44,351
Again
860
02:50:45,375 --> 02:50:51,519
The end of The Legend of Doom enemies same
861
02:50:51,775 --> 02:50:55,871
Again for this particular domain or not
862
02:50:56,127 --> 02:51:02,271
Lesley Stahl
863
02:51:02,527 --> 02:51:08,671
3D supplement for output 85.
864
02:51:08,927 --> 02:51:12,511
For each and every line
865
02:51:12,767 --> 02:51:16,607
On artist
866
02:51:17,119 --> 02:51:20,447
Azafata particle
867
02:51:21,215 --> 02:51:24,543
So I'm fighting this battle come on
868
02:51:29,407 --> 02:51:35,551
90s these contain certain character which is
869
02:51:35,807 --> 02:51:41,951
Isabella character is apart of
870
02:51:42,207 --> 02:51:43,487
Into a
871
02:51:43,743 --> 02:51:49,887
Powerful encoded value
872
02:51:50,143 --> 02:51:53,215
Used utility.
873
02:51:53,471 --> 02:51:56,799
So y'all to go to this utility.
874
02:51:58,847 --> 02:52:01,407
Powershell encoder and
875
02:52:02,175 --> 02:52:03,967
Ethan suplee
876
02:52:05,503 --> 02:52:10,111
Pause music and Omar
877
02:52:10,623 --> 02:52:14,463
Acordes holiday explained
878
02:52:19,327 --> 02:52:21,375
And at last
879
02:52:24,703 --> 02:52:27,519
85.
880
02:52:32,383 --> 02:52:38,527
Add Skype apps
881
02:52:38,783 --> 02:52:42,879
To use this particular pelo it is nothing party
882
02:52:43,135 --> 02:52:44,927
Glaucoma
883
02:52:45,183 --> 02:52:47,231
Know what time do
884
02:52:48,511 --> 02:52:51,071
Just replacing it over here
885
02:52:51,327 --> 02:52:53,887
So what it will do
886
02:52:58,495 --> 02:53:04,639
Using disks single code and semicolon I want to join
887
02:53:04,895 --> 02:53:11,039
What is the first exit
888
02:53:11,295 --> 02:53:17,183
Estudiar put up this particular file within this in Sialkot 85
889
02:53:17,951 --> 02:53:24,095
Sevendust a outboard 85 file then using the salt doodle contest converting the output
890
02:53:24,351 --> 02:53:26,655
Put into a hex format
891
02:53:27,167 --> 02:53:33,311
85in 285x
892
02:53:33,567 --> 02:53:39,711
I'm just fighting or I'm just creating a subdomain
893
02:53:39,967 --> 02:53:45,343
On I-80
894
02:53:46,111 --> 02:53:52,255
Itzy
895
02:53:52,511 --> 02:53:54,303
That is this
896
02:53:54,559 --> 02:53:56,863
Objective information
897
02:53:59,935 --> 02:54:04,543
Then go to our
898
02:54:04,799 --> 02:54:10,943
Hustisford password page
899
02:54:12,735 --> 02:54:18,879
So it has alqamar updated updated
900
02:54:25,535 --> 02:54:30,143
And it's two.
901
02:54:30,655 --> 02:54:36,799
Are there on a 215
902
02:54:37,055 --> 02:54:39,871
God will be. EXE
903
02:54:40,127 --> 02:54:43,199
And that's Randy store
904
02:54:45,759 --> 02:54:51,903
The moment it will run this summer in the park
905
02:54:52,159 --> 02:54:56,511
Based on the information that is available within this particular file
906
02:54:56,767 --> 02:55:00,607
Okay and we are able to deceive the hits for that
907
02:55:01,119 --> 02:55:07,263
No as if uses the UDP protocol you see we are unable to receive the hits
908
02:55:07,519 --> 02:55:13,663
Chick-fil-A
909
02:55:13,919 --> 02:55:18,271
32 33 36 PetSmart in the sequence Drive
910
02:55:19,039 --> 02:55:25,183
It's also usually happen that you received a duplicate entries so we'll do bypass all this on
911
02:55:25,439 --> 02:55:30,559
All these outfits
912
02:55:30,815 --> 02:55:32,095
Then
913
02:55:45,151 --> 02:55:51,295
What date will do it will use this option or less agreeable it in Cali
914
02:55:51,551 --> 02:55:57,695
What if you do it will search for a specific red expire has 029
915
02:55:57,951 --> 02:56:04,095
Nothing but a sequence counter this
916
02:56:04,351 --> 02:56:10,495
All right. Then please read 0292881
917
02:56:10,751 --> 02:56:16,895
Which is nothing but tea
918
02:56:20,479 --> 02:56:26,623
Please read the information from 0262 character
919
02:56:26,879 --> 02:56:30,207
The moment we do this
920
02:56:35,583 --> 02:56:41,727
You see we are able to accept information that is issued County Arkansas
921
02:56:41,983 --> 02:56:48,127
Northwest Motorsport disinformation
922
02:56:51,455 --> 02:56:57,599
The sort to do the salt and iPhone you is for the eunuch
923
02:56:58,879 --> 02:57:05,023
Then we are only interested into a second food because that's what the output of a
924
02:57:05,279 --> 02:57:09,887
Rachel, I'm just doing got high panty
925
02:57:10,655 --> 02:57:16,543
Take me to restart and I'm interested into a second column
926
02:57:17,055 --> 02:57:23,199
No you'll be converted as this is a hex formative to convert this into
927
02:57:23,455 --> 02:57:26,015
Simply uses x60
928
02:57:26,271 --> 02:57:32,415
Rivers I can be at the moment we do that information
929
02:57:32,671 --> 02:57:38,047
Yes it's 6219
930
02:57:38,303 --> 02:57:44,447
So this is how we can actually
931
02:57:49,823 --> 02:57:52,895
So anyone has any question
932
02:57:53,663 --> 02:57:59,807
And he said that you don't understand all you require.
933
02:58:06,207 --> 02:58:12,351
Okay so I already uploaded steps on
934
02:58:25,151 --> 02:58:31,039
Available on this folder as well
935
02:58:34,111 --> 02:58:40,255
Well you can also follow the O'fallon to see if you have any question
936
02:58:40,511 --> 02:58:46,655
And simply post your question regarding the driver support
937
02:58:47,935 --> 02:58:51,007
So are the best to let me give you Alexa
938
02:58:51,263 --> 02:58:55,871
8:35
939
03:22:08,511 --> 03:22:12,351
Exercise
940
03:23:54,495 --> 03:24:00,639
Looks like most of your computer disk 127 computer please do not worry
941
03:24:00,895 --> 03:24:06,015
Adidas
942
03:24:06,271 --> 03:24:12,415
Introduction to graphs
943
03:24:12,671 --> 03:24:18,815
Started planning to create the mobile version of the Facebook application
944
03:24:19,071 --> 03:24:25,215
So the Facebook application is not working properly on mobile devices
945
03:24:25,471 --> 03:24:31,615
And that's where they created this project
946
03:24:31,871 --> 03:24:38,015
Key benefits of this craft project is it will only return to stay. But which is better
947
03:24:38,271 --> 03:24:44,415
Crapulous nowaday minutes paragraph Foundation
948
03:24:44,671 --> 03:24:50,815
That it is
949
03:24:54,143 --> 03:25:00,031
As I mentioned that it only responded to Twitter that you just worried
950
03:25:00,287 --> 03:25:06,431
And it's it's between your application and your data database
951
03:25:06,687 --> 03:25:12,831
List
952
03:25:13,087 --> 03:25:19,231
Picture
953
03:25:19,487 --> 03:25:25,631
Do any changes within your view it will require to do changes within your controller as well
954
03:25:25,887 --> 03:25:32,031
Things to do in your controller
955
03:25:32,287 --> 03:25:38,431
Thanksgiving this emaciated just have to change.
956
03:25:38,687 --> 03:25:44,831
Retrieving data into karaoke
957
03:25:45,087 --> 03:25:51,231
2
958
03:25:51,487 --> 03:25:57,631
10 points to Ricky Market data
959
03:25:57,887 --> 03:25:59,935
I want to fix the API
960
03:26:00,191 --> 03:26:06,335
Sometimes it is DPI or pitching the data or underfitting daddy.
961
03:26:06,591 --> 03:26:12,735
The baby right in the back and it's always
962
03:26:12,991 --> 03:26:19,135
Funny totally Tuesday.
963
03:26:19,391 --> 03:26:22,975
Can do easy starting off request between the Planet Sub
964
03:26:23,231 --> 03:26:29,375
So this is the typical architecture of Le Tigre
965
03:26:29,631 --> 03:26:35,775
Do the information that say the players teams matches
966
03:26:36,031 --> 03:26:42,175
Communicate with a back-end database
967
03:26:42,431 --> 03:26:48,575
Results from the database
968
03:26:48,831 --> 03:26:54,975
Avir let's say it's between Decline and your database so
969
03:26:55,231 --> 03:27:01,375
Bobby Singer
970
03:27:01,631 --> 03:27:07,775
Finally here is a mansion.
971
03:27:08,031 --> 03:27:14,175
Communicating in the Batman communicate like Microsoft
972
03:27:20,063 --> 03:27:26,207
Dysgraphia books
973
03:27:26,463 --> 03:27:32,607
Dropped your schema is nothing but your steamer which has
974
03:27:32,863 --> 03:27:39,007
All the information off your graph key lime pie so here it has
975
03:27:39,263 --> 03:27:45,407
Object
976
03:27:45,663 --> 03:27:51,807
Object called training which has this many variables
977
03:27:52,063 --> 03:27:58,207
Larry mutation and subscription
978
03:27:58,463 --> 03:28:04,095
Where is nothing but your select operation the mutation is nothing but your update delete
979
03:28:04,351 --> 03:28:10,495
And insert operation and subscription is nothing but your events Ortega
980
03:28:10,751 --> 03:28:16,895
Disqualification respond with the training of all the paintings title
981
03:28:17,151 --> 03:28:23,295
Information if you want to modify something in the back end
982
03:28:23,551 --> 03:28:29,695
Training training in the back
983
03:28:29,951 --> 03:28:36,095
Just a little lesson on certain events like the moment
984
03:28:36,351 --> 03:28:42,495
Subscription and then processing
985
03:28:42,751 --> 03:28:43,775
Chocolate works
986
03:28:44,287 --> 03:28:50,431
Not the place. Has very powerful electric very under this graphical introspection
987
03:28:50,687 --> 03:28:56,831
Kathmandu it will extract all the Glock customer order
988
03:28:57,087 --> 03:29:03,231
Intersection very allowed to extract all the graphical simulator information
989
03:29:03,487 --> 03:29:05,791
Within a single Paris
990
03:29:06,047 --> 03:29:12,191
This Goblin plus introspection is by default enabled in any of the empire
991
03:29:12,447 --> 03:29:18,591
And this is John Daly enabled for the internal uses only what is the devil
992
03:29:18,847 --> 03:29:24,991
Forget to change the settings of this introspection then it's available for accessible 4D
993
03:29:25,247 --> 03:29:31,391
The abuser over the internet
994
03:29:31,647 --> 03:29:37,791
Extra information information
995
03:29:38,047 --> 03:29:44,191
Information which is not available for the end-user invite analyzing
996
03:29:44,447 --> 03:29:50,591
Able to retrieve information modified information in the pocket
997
03:29:50,847 --> 03:29:56,991
So this is the example of introspection I want to read all the names from the back end
998
03:29:58,271 --> 03:30:04,415
Iman Audiology bacon cupcakes Kemah
999
03:30:04,671 --> 03:30:10,815
Expedition
1000
03:30:11,071 --> 03:30:17,215
Use and introspection to extract API information of the user next Android
1001
03:30:17,471 --> 03:30:23,615
Using craft beer mutation you to elevate our privilege from admin user today
1002
03:30:23,871 --> 03:30:30,015
Alexander
1003
03:30:30,271 --> 03:30:36,415
3010
1004
03:30:36,671 --> 03:30:42,815
I'll give you a demo first and then I'll give you time to commit suicide
1005
03:30:43,583 --> 03:30:47,935
So what I'm doing I just going to my
1006
03:30:48,447 --> 03:30:52,543
Novel12.com
1007
03:30:53,055 --> 03:30:57,407
Or that the Pig clothes
1008
03:30:57,663 --> 03:30:59,455
Is Bowser first
1009
03:30:59,711 --> 03:31:04,319
I have to go to this expense.
1010
03:31:05,087 --> 03:31:07,647
Expense tracker
1011
03:31:10,463 --> 03:31:14,047
Isn't that setting first register myself
1012
03:31:14,559 --> 03:31:18,655
Sanjay
1013
03:31:19,167 --> 03:31:23,007
Enjoy.
1014
03:31:55,775 --> 03:31:57,823
Is an expensive
1015
03:31:58,079 --> 03:32:04,223
It's a Titleist laptop
1016
03:32:04,479 --> 03:32:06,527
HP laptop
1017
03:32:17,791 --> 03:32:23,935
StudentVue expense page where he can see the expense
1018
03:32:24,447 --> 03:32:30,591
The next English
1019
03:32:34,687 --> 03:32:36,991
Listen to request
1020
03:32:44,671 --> 03:32:50,815
In the back and it will send this particular request let the guests get expense okay
1021
03:32:51,071 --> 03:32:57,215
And then for this crap okay so you will always see the single a
1022
03:32:57,471 --> 03:33:03,615
Play Bad Daddy's a different design query is a Boston to post request
1023
03:33:03,871 --> 03:33:07,199
Let me play with this place first
1024
03:33:07,711 --> 03:33:13,855
Autistic best the moment I sent this request it says that yes has one net worth
1025
03:33:19,231 --> 03:33:24,863
It says that there is no record because you haven't provided any tips
1026
03:33:32,543 --> 03:33:38,687
It respond with null value
1027
03:33:44,575 --> 03:33:50,719
Mark this is a custom injection point in West Allis
1028
03:33:50,975 --> 03:33:52,767
Distorted into one file
1029
03:33:54,047 --> 03:33:58,399
Snowman
1030
03:33:58,655 --> 03:34:04,543
Graphql. EXE
1031
03:34:06,591 --> 03:34:12,223
No I want to perform the sequel map on this burglar and point
1032
03:34:12,735 --> 03:34:18,879
Request is Craftwell. Exe and I want an extra for the database
1033
03:34:19,135 --> 03:34:21,439
Mission Palms economicos hour
1034
03:34:22,207 --> 03:34:27,071
Say hey do you want to proceed yes
1035
03:34:27,327 --> 03:34:33,471
800-pound in Port Deposit no because we already are
1036
03:34:33,727 --> 03:34:37,311
Custom injection
1037
03:34:41,151 --> 03:34:47,295
I'll let you speak for sometime in Arabic
1038
03:34:47,551 --> 03:34:50,111
Execution
1039
03:35:04,191 --> 03:35:10,335
Sometime
1040
03:35:10,591 --> 03:35:16,735
IMDb sews is my sequence
1041
03:35:16,991 --> 03:35:23,135
Yes it's just if the beautiful other deviance
1042
03:35:23,391 --> 03:35:28,767
Swanqueen to darkest Fordham icicle extending provided level one and this one
1043
03:35:42,335 --> 03:35:48,479
So it has identified that the dog has to be have eight kilometres we weren't 22/32
1044
03:35:48,735 --> 03:35:52,831
Find try to find local union column pants with body test
1045
03:35:53,599 --> 03:35:55,135
It's a yes
1046
03:36:07,935 --> 03:36:14,079
Sometime
1047
03:36:19,455 --> 03:36:25,599
If it's not about then you can simply replace PCS with no
1048
03:36:25,855 --> 03:36:31,999
Options
1049
03:36:32,255 --> 03:36:34,559
They do that inspired the back and write
1050
03:36:37,887 --> 03:36:40,447
So let's just wait for that
1051
03:36:48,127 --> 03:36:51,199
Option
1052
03:36:51,967 --> 03:36:58,111
Jeep contest and detection face next fight
1053
03:37:33,439 --> 03:37:36,511
Yes I want to keep the other databases
1054
03:37:36,767 --> 03:37:38,303
No
1055
03:37:54,175 --> 03:38:00,319
Injection not expected value for auction Union
1056
03:38:00,575 --> 03:38:02,623
Let's play say yes
1057
03:38:03,135 --> 03:38:09,279
Is there a speedometer 10 theaters
1058
03:38:13,119 --> 03:38:18,495
Yes be able to extract a database information from the back-end server
1059
03:38:25,151 --> 03:38:30,015
All the information that is there within this particular
1060
03:38:30,271 --> 03:38:36,415
Database and expense tracker that looks like this expense record database
1061
03:38:36,671 --> 03:38:42,303
Application
1062
03:38:42,559 --> 03:38:48,703
BBS just takes his name and that is this
1063
03:38:48,959 --> 03:38:52,543
I know I want to extract all the tables information
1064
03:38:56,127 --> 03:39:02,271
Play test tables sticks to table user because it might contain
1065
03:39:02,527 --> 03:39:08,671
Administer credential
1066
03:39:09,183 --> 03:39:11,231
Antibiotics
1067
03:39:19,935 --> 03:39:23,775
Semana do a search for it
1068
03:39:28,383 --> 03:39:34,527
Look at it from starting uc30 society and the Prudential is spider
1069
03:39:34,783 --> 03:39:40,927
Edmond address and the password is
1070
03:39:41,183 --> 03:39:47,327
Do that within the graphical also its water Municipal injection if you are glenpointe
1071
03:39:47,583 --> 03:39:52,703
Apis all its application
1072
03:39:53,471 --> 03:39:59,615
The next thing is use introspection to exit the bios of the user eccentric
1073
03:39:59,871 --> 03:40:01,407
Second Challenge
1074
03:40:02,687 --> 03:40:04,735
The part that
1075
03:40:04,991 --> 03:40:11,135
What I do just fighting introspection query that are 60in you dislike
1076
03:40:11,391 --> 03:40:17,535
I'm stopped at at 7 to party
1077
03:40:19,583 --> 03:40:25,727
It's sad that please read tkc my information that I want picture of the types are all the names
1078
03:40:25,983 --> 03:40:32,127
Landfills and name of the pills send it will respond with all this scheming to make
1079
03:40:32,383 --> 03:40:37,247
On the backend
1080
03:40:37,759 --> 03:40:43,903
The next thing is your text what are the query information is available available
1081
03:40:44,159 --> 03:40:49,023
That is available to search for electric Berry
1082
03:40:51,327 --> 03:40:57,471
Did I to Paris available expenses and users application
1083
03:41:00,031 --> 03:41:06,175
There is no way to identify the user information is not sending.
1084
03:41:06,431 --> 03:41:12,575
Only
1085
03:41:12,831 --> 03:41:18,975
So this is kind of a user
1086
03:41:19,231 --> 03:41:25,375
So the next thing is what are the information that is available within this
1087
03:41:25,631 --> 03:41:30,495
Users that say object surface search for this user
1088
03:41:31,519 --> 03:41:37,663
Then the possible values within the user is Heidi last name email
1089
03:41:37,919 --> 03:41:44,063
Address tender is the salary for personal identifiable information for
1090
03:41:44,319 --> 03:41:47,647
So let's try to use this
1091
03:41:47,903 --> 03:41:51,231
For that I'm fighting this.
1092
03:41:56,351 --> 03:42:01,471
So here I want to buy the query and if you look at this
1093
03:42:06,079 --> 03:42:12,223
Users and expense it will take one argument that is ID
1094
03:42:12,479 --> 03:42:18,623
Just want ID it will respond with all the user information on that specific user information
1095
03:42:18,879 --> 03:42:25,023
Creating my query in. So I want to use this wedding user
1096
03:42:25,279 --> 03:42:29,119
Identify drop your schema
1097
03:42:30,143 --> 03:42:36,287
And some that I want to read this information what's the id first name last name email mobile number address
1098
03:42:36,543 --> 03:42:41,407
Insanity
1099
03:42:42,943 --> 03:42:49,087
And within that I want to pass the ID using this particular.
1100
03:42:49,343 --> 03:42:55,487
So let's send this to you see you are able to retrieve the information of any of the used
1101
03:42:55,743 --> 03:42:58,303
Amadou let's attend
1102
03:42:59,839 --> 03:43:05,983
You think you are able to retrieve the information of decided Municipal so this is how you can identify
1103
03:43:06,239 --> 03:43:12,383
Zombie cocktail
1104
03:43:12,639 --> 03:43:18,783
Beautician to elevate our privilege.
1105
03:43:19,039 --> 03:43:25,183
Posting that I want to show you is that when you click on this view expense you are only able to see the expense that is
1106
03:43:25,439 --> 03:43:31,583
Announce to you what the enemy is allowed to see the expense of all the
1107
03:43:31,839 --> 03:43:37,983
The user so let's try to English pound
1108
03:43:38,239 --> 03:43:42,079
Identified invitation daylight
1109
03:43:42,335 --> 03:43:47,455
So the moment to send this club calendars tax inquiry
1110
03:43:47,967 --> 03:43:51,039
And if you search for the mutation
1111
03:43:58,975 --> 03:44:05,119
Mutation that are two mutations available the first one is that expense and the second one is
1112
03:44:05,375 --> 03:44:11,519
Update application for a user to update
1113
03:44:11,775 --> 03:44:17,919
Information that means this is kind of hidden
1114
03:44:18,175 --> 03:44:24,319
He's not allowed to use my ID and user identified what are they
1115
03:44:24,575 --> 03:44:28,159
Mission that is allowed to update using this particular query
1116
03:44:29,951 --> 03:44:32,511
Okay so what I do
1117
03:44:33,791 --> 03:44:39,935
Is identify this particular mutation type so let's say now
1118
03:44:40,191 --> 03:44:42,239
I want to identify
1119
03:44:42,751 --> 03:44:48,639
The dentastix I want to use this button intersection wedding or the nutrition type
1120
03:44:49,407 --> 03:44:55,551
Apparently medicine type of the name name of the pills and all the arguments that is
1121
03:44:55,807 --> 03:45:01,951
Available for that particular mutation
1122
03:45:02,207 --> 03:45:08,351
The first one is an expense but it has a title
1123
03:45:08,607 --> 03:45:14,751
Description and expense be able to update the data
1124
03:45:15,007 --> 03:45:21,151
We didn't update user it has this many arguments first name last name mobile address
1125
03:45:27,807 --> 03:45:32,671
Information
1126
03:45:34,463 --> 03:45:38,815
Record that I'm just fighting this battle of Paris
1127
03:45:42,143 --> 03:45:48,287
The here and should have confetti I want to use the mutation and visit the mutation
1128
03:45:48,543 --> 03:45:54,175
What to use update using mutation let's I want to update first name last name
1129
03:45:54,431 --> 03:46:00,575
Mobile number address salary and ascending
1130
03:46:00,831 --> 03:46:02,111
YouTube
1131
03:46:06,463 --> 03:46:10,303
Song
1132
03:46:14,143 --> 03:46:20,287
And it says mobile number is
1133
03:46:24,895 --> 03:46:31,039
Address
1134
03:46:31,295 --> 03:46:37,439
Good morning please send this yes this
1135
03:46:37,695 --> 03:46:42,559
Old information Update 7 pm
1136
03:46:42,815 --> 03:46:48,959
If you look at this last line but it has also contains this authorization header which has the basics
1137
03:46:49,215 --> 03:46:53,311
So let's check what inside.
1138
03:46:53,567 --> 03:46:59,711
Send Sue you. After doing re-logging that the barometer has changed within digital.
1139
03:47:08,671 --> 03:47:14,815
But it has this many user identifiable information like email first and last name of wild address salary
1140
03:47:15,071 --> 03:47:21,215
And is man-made parameter is also there it is
1141
03:47:25,567 --> 03:47:31,199
Sport that seem to do a lockout and loading again
1142
03:47:31,455 --> 03:47:37,599
To get the updated information
1143
03:47:44,255 --> 03:47:49,631
Successfully logged in
1144
03:47:53,983 --> 03:48:00,127
So it has created this particular to confirm whether our information is
1145
03:48:04,991 --> 03:48:11,135
Schedule at the moment you look at the information for this particular base64 to canoe
1146
03:48:11,391 --> 03:48:17,535
Now these are
1147
03:48:17,791 --> 03:48:23,935
Element of units from the normal expense of all the
1148
03:48:24,191 --> 03:48:30,335
Able to see the information of all the users that are 2027
1149
03:48:30,591 --> 03:48:33,151
Instantly
1150
03:48:33,407 --> 03:48:39,551
You start you can simply use information about user
1151
03:48:39,807 --> 03:48:45,951
So this is how you can park on Dixie Plantation was Robert if
1152
03:48:52,607 --> 03:48:58,751
Nutrition and you can simply
1153
03:48:59,007 --> 03:49:01,823
So anyone has any question in this
1154
03:49:07,711 --> 03:49:13,087
Okay so what time do I just YouTube
1155
03:49:14,623 --> 03:49:18,207
25 minutes
1156
03:49:19,743 --> 03:49:25,631
And I guess after 25 minutes we are heading to the lunch
1157
03:49:29,471 --> 03:49:35,615
Yes we are heading to 25 minutes exercise pick
1158
03:49:35,871 --> 03:49:37,919
1 Orland Street
1159
03:49:49,951 --> 03:49:56,095
If you any question just post your question Aquarion.
1160
03:49:59,167 --> 03:50:05,311
And let me update the walkway so
1161
03:53:08,863 --> 03:53:15,007
Suboxone can simply go to this
1162
03:53:15,263 --> 03:53:18,335
We can talk on this
1163
05:14:51,519 --> 05:14:56,895
I hope you enjoyed your lunch break now that's good 1X topic
1164
05:14:58,175 --> 05:15:04,319
So with that said we done with cycling
1165
05:15:04,575 --> 05:15:10,719
And this model disbarred what is malicious file extension will see what other test cases better today circumventing
1166
05:15:10,975 --> 05:15:17,119
Addition checks after they discussed about exercise around exporting Harden web server
1167
05:15:23,775 --> 05:15:29,919
Understood
1168
05:15:30,175 --> 05:15:36,319
The application did not implement the proper ventilation around 5 time file extension
1169
05:15:36,575 --> 05:15:42,719
Define content or application has implemented a Blindside validation application
1170
05:15:42,975 --> 05:15:49,119
Blacklisting mechanism this checks
1171
05:15:49,375 --> 05:15:53,983
No spitting
1172
05:15:54,239 --> 05:16:00,383
Eating with that we can do the most damage we can do use international politics.
1173
05:16:00,639 --> 05:16:06,783
Identify Define location on which the pilot it's uploaded
1174
05:16:07,039 --> 05:16:13,183
Emmett so let me explain one of the interesting things that we have identified one of Atlantic Ocean
1175
05:16:13,439 --> 05:16:19,583
During the testing of the FDA request of defile
1176
05:16:19,839 --> 05:16:25,983
Contains the file name but along with that it also takes e-file part from where you
1177
05:16:26,239 --> 05:16:32,383
Want to store this particular file and we are like
1178
05:16:32,639 --> 05:16:38,783
Because as a double a college says application
1179
05:16:39,039 --> 05:16:45,183
Space relationship problem we can upload a file Within.
1180
05:16:45,439 --> 05:16:51,583
Option
1181
05:16:51,839 --> 05:16:57,983
One piece of corn it is basically written in the application programming language
1182
05:16:58,239 --> 05:17:04,383
Do a command execution in the application Elizabeth and sour
1183
05:17:04,639 --> 05:17:10,783
Implemented
1184
05:17:11,039 --> 05:17:16,159
Terabyte file size and Kenny
1185
05:17:16,415 --> 05:17:22,559
Know if you're talking about a very specific issue about the blacklisting mechanism
1186
05:17:22,815 --> 05:17:28,959
So there are different different DreamBox available like BHP spjst
1187
05:17:29,215 --> 05:17:35,359
Started with some basic exchange like pspspsps new extension
1188
05:17:35,615 --> 05:17:41,759
Clonazepam charity of the green bucket tear or two apart
1189
05:17:42,015 --> 05:17:48,159
How old is Johnny off Lexa pspspspsp
1190
05:17:48,415 --> 05:17:53,023
The PSP started with the darkbeast extension then they were introduced BHP 3
1191
05:17:53,279 --> 05:17:59,423
Nbh before NPH p5p stmp stml
1192
05:17:59,679 --> 05:18:05,823
He has started with a SPS pxssh xsnx for the web services
1193
05:18:06,079 --> 05:18:12,223
Sba4
1194
05:18:12,479 --> 05:18:18,623
Female portraits
1195
05:18:18,879 --> 05:18:25,023
Creating created a blacklisting mechanism at the time of creating the application
1196
05:18:25,279 --> 05:18:31,423
Introduce introduce new extension
1197
05:18:31,679 --> 05:18:37,823
New extension
1198
05:18:38,079 --> 05:18:44,223
Exploit
1199
05:18:44,479 --> 05:18:50,623
Music to upload of action
1200
05:18:50,879 --> 05:18:57,023
Plus account / profile to give you a hint.
1201
05:18:57,279 --> 05:19:03,423
Application okay so here you can try the ASP spxc HTML and
1202
05:19:03,679 --> 05:19:04,959
Exchanger
1203
05:19:05,471 --> 05:19:06,495
Okay
1204
05:19:07,007 --> 05:19:13,151
So he identified extension which is allowed to upload on the server and using that y'all do
1205
05:19:13,407 --> 05:19:19,551
Alex
1206
05:19:19,807 --> 05:19:23,135
So what I'll do I'll just give you letter
1207
05:19:23,903 --> 05:19:30,047
Five minutes to identify the extension which is allowed on the server
1208
05:19:30,303 --> 05:19:34,911
And I'll give you them around this and then I get a time to complete this exercise
1209
05:19:36,191 --> 05:19:42,335
Meanwhile if you have any question you can simply put your question on the privates
1210
05:24:27,775 --> 05:24:31,615
Is anyone able to identify the extension which is allowed on the server
1211
05:24:31,871 --> 05:24:32,895
Anyone
1212
05:24:38,015 --> 05:24:41,855
Okay so let me pick you up you got them around this
1213
05:24:49,279 --> 05:24:52,351
Okay so one person is identified extension
1214
05:24:54,143 --> 05:24:58,239
That's great can you tell me what what's the extension that is allowed in the summer
1215
05:25:02,847 --> 05:25:05,663
The jungle canalchat
1216
05:25:05,919 --> 05:25:09,503
And subjects
1217
05:25:10,015 --> 05:25:13,599
Are you able to get disillusioned kassatex
1218
05:25:15,647 --> 05:25:21,792
You can also drive with their subjects
1219
05:25:30,240 --> 05:25:34,848
Yes it stopped up.
1220
05:25:35,104 --> 05:25:39,968
So here what I'm doing I just creating walnuts ASP cell
1221
05:25:40,480 --> 05:25:45,600
And this is the sample code of the official
1222
05:25:48,672 --> 05:25:54,816
It makes been dispersed some beautiful stable one
1223
05:25:56,352 --> 05:26:02,496
Abington da parameter parameter
1224
05:26:02,752 --> 05:26:08,896
Amanda to pass into CM Department it will then pass through this gate command function
1225
05:26:09,152 --> 05:26:15,296
Function is called using the script
1226
05:26:15,552 --> 05:26:21,696
And here it's trying to function
1227
05:26:21,952 --> 05:26:28,096
Execute that particular, that we are passing within da parameter
1228
05:26:28,352 --> 05:26:34,496
Acapella Karmin and we are trying to write it using this response. Right over here
1229
05:26:34,752 --> 05:26:36,800
As an asp
1230
05:26:39,104 --> 05:26:42,432
Simple. Asp
1231
05:26:47,552 --> 05:26:53,440
Open Orvis file sample. Asp
1232
05:26:56,256 --> 05:27:02,400
Okay this is anticipated to repeater to check what's the output is
1233
05:27:02,656 --> 05:27:08,544
Unsupported file types
1234
05:27:09,056 --> 05:27:15,200
No you can have fun tonight with the SMS
1235
05:27:15,456 --> 05:27:21,600
Text SPC okay
1236
05:27:21,856 --> 05:27:28,000
Country so I believe everyone knows about addict.com tickets change
1237
05:27:28,256 --> 05:27:34,400
Which contains deconsecration about this pacific.net application
1238
05:27:40,288 --> 05:27:43,360
We try to upload a. Config file
1239
05:27:44,128 --> 05:27:49,504
They said your profile gets updated.
1240
05:27:49,760 --> 05:27:52,832
Quantify
1241
05:27:55,904 --> 05:27:58,976
Anak Matic listings
1242
05:28:03,840 --> 05:28:08,448
Copy image location pc28uu C
1243
05:28:08,704 --> 05:28:14,848
But it says that this particular file is not existent
1244
05:28:15,104 --> 05:28:20,480
Nexcycle update upload 105.25
1245
05:28:20,736 --> 05:28:23,040
What I'm doing
1246
05:28:23,296 --> 05:28:28,160
Mr. Please I'm adding selecting the same file update
1247
05:28:29,440 --> 05:28:35,072
She looks a. SP let's say I want to upload maps.con tick by
1248
05:28:45,056 --> 05:28:51,200
Location
1249
05:28:51,456 --> 05:28:56,064
Internet
1250
05:28:56,320 --> 05:29:02,464
Accessible
1251
05:29:02,720 --> 05:29:08,864
Delisa interesting concept with this chapter 25 so
1252
05:29:09,120 --> 05:29:12,448
Body settings of the Isola
1253
05:29:13,216 --> 05:29:19,360
Citicorp ice settings application
1254
05:29:19,616 --> 05:29:22,688
25
1255
05:29:23,968 --> 05:29:30,112
420
1256
05:29:30,368 --> 05:29:36,512
All the Exotic wanted file to be accessible from the any of the application that is hosted on
1257
05:29:36,768 --> 05:29:42,912
So somehow we have to first change this Behavior
1258
05:29:43,168 --> 05:29:45,216
The second video restart
1259
05:29:45,472 --> 05:29:51,616
Chapter 25 is also not allowed accessible tan France
1260
05:29:51,872 --> 05:29:58,016
Modify to be somewhere over here
1261
05:29:58,272 --> 05:30:04,416
25
1262
05:30:04,928 --> 05:30:11,072
This is the call settings on ASUS router settings for pisor but
1263
05:30:11,328 --> 05:30:17,472
You can modify this setting at the application Level
1264
05:30:17,728 --> 05:30:23,872
Christian concept of the Pentatonix this is your application and your
1265
05:30:24,128 --> 05:30:30,272
File gets updated or uploaded
1266
05:30:40,512 --> 05:30:46,656
You can also specify the backdoor config file at the folder label as well
1267
05:30:46,912 --> 05:30:53,056
So if that is a Viber Khalifa within a district
1268
05:30:53,312 --> 05:30:59,456
Population from the particle pie if not exists that is checked for the parrot if it's not exist in the pattern
1269
05:30:59,712 --> 05:31:05,856
Dallas checks for parity application part always
1270
05:31:06,112 --> 05:31:12,256
That is always a country or its contribution
1271
05:31:12,512 --> 05:31:17,120
We didn't download.
1272
05:31:17,376 --> 05:31:23,520
I'll be using
1273
05:31:27,360 --> 05:31:33,504
This is a special that we have shown over here this is nothing but
1274
05:31:33,760 --> 05:31:39,904
And he of your time to modify the configuration of our current folder
1275
05:31:40,160 --> 05:31:46,304
And here we are saying that whenever you find any contract extension
1276
05:31:46,560 --> 05:31:52,704
Please process this. Configuration extension using the ASP. That means please
1277
05:31:52,960 --> 05:31:59,104
Gt25 is ASP file and process the cord that is there within this ASP file
1278
05:31:59,360 --> 05:32:05,504
African people
1279
05:32:05,760 --> 05:32:11,904
Status return on this route
1280
05:32:12,160 --> 05:32:18,304
I'm just
1281
05:32:18,560 --> 05:32:24,704
Find this Behavior against writing to request filtering and here I'm just removing the file extension
1282
05:32:24,960 --> 05:32:31,104
From the list of the extension that is not allowed.
1283
05:32:33,920 --> 05:32:40,064
So those are the two changes that have done so let me copy this data and
1284
05:32:40,320 --> 05:32:44,160
Let me try to upload
1285
05:32:51,072 --> 05:32:53,376
Update
1286
05:32:54,144 --> 05:32:57,984
Xaea12 upload of Epcot config file
1287
05:33:00,544 --> 05:33:03,104
Data for that incest
1288
05:33:06,432 --> 05:33:12,576
And if everything goes correct
1289
05:33:12,832 --> 05:33:18,976
Then our corporate treat as a speaker and we are able to
1290
05:33:32,032 --> 05:33:37,408
It responded similarly you can park
1291
05:33:39,968 --> 05:33:46,112
This is for the understanding Papa's part to Compass exercise you can simply take of help
1292
05:33:46,368 --> 05:33:52,512
Galaxy file that is there within this
1293
05:33:52,768 --> 05:33:58,912
Quality provided the web.com people and also contains the core
1294
05:34:00,960 --> 05:34:03,520
So anybody has any question
1295
05:34:08,896 --> 05:34:15,040
Okay so what time do I just few minutes
1296
05:34:20,416 --> 05:34:26,560
And yes you can definitely try to upload our extension is but so this is the approach one that might be a possibility.
1297
05:34:26,816 --> 05:34:32,960
Direction to nice also like ashx and if you are able to
1298
05:34:35,264 --> 05:34:37,824
Saw the Best in Me
1299
05:44:13,824 --> 05:44:17,408
Most of your computer this one
1300
05:44:18,176 --> 05:44:24,320
Easy rice but just be able to identify the extinction than kansuke up.
1301
05:44:30,976 --> 05:44:37,120
Let's just talk about
1302
05:44:37,376 --> 05:44:43,520
Okay using
1303
05:44:43,776 --> 05:44:49,920
Application proxy decline Saturday
1304
05:44:50,176 --> 05:44:56,320
You can also exchange that I shown you in the Box Roxy from asp
1305
05:44:56,576 --> 05:45:02,720
Multi-platform data
1306
05:45:02,976 --> 05:45:09,120
Forwarded
1307
05:45:09,376 --> 05:45:15,520
Using a special connector in the file names like Mel B try to
1308
05:45:15,776 --> 05:45:21,920
Upload a file Etsy
1309
05:45:28,576 --> 05:45:34,720
BHP percentage 200. APG
1310
05:45:34,976 --> 05:45:41,120
Application try to check whether to buy extension or not
1311
05:45:41,376 --> 05:45:47,520
What is the time of store in the fall if the stream with the null character
1312
05:45:47,776 --> 05:45:53,920
Your t-top
1313
05:45:54,176 --> 05:46:00,320
Text all and then you can inject a cord in a valid 54 minutes like you can simply upload up
1314
05:46:00,576 --> 05:46:06,720
USB cord into gif
1315
05:46:06,976 --> 05:46:13,120
Implicit
1316
05:46:13,376 --> 05:46:19,520
As I mentioned that the previous exercise
1317
05:46:26,176 --> 05:46:32,320
5 Malaysian to upload of action
1318
05:46:32,576 --> 05:46:38,720
And execute commands on the first the challenge.
1319
05:46:38,976 --> 05:46:45,120
BHP so what I'll do I'll just let you all play with this exercise as let's
1320
05:46:51,776 --> 05:46:56,640
Go to bypass T5 additional supplies
1321
05:46:56,896 --> 05:47:03,040
Blindside validation bypass
1322
05:47:03,296 --> 05:47:09,440
Just giving you a hint okay the second thing is y'all to identify the exchange
1323
05:47:09,696 --> 05:47:15,840
Engine that is alarm
1324
05:47:16,096 --> 05:47:22,240
Defile on December 13th I think directory
1325
05:47:22,496 --> 05:47:28,640
This file uploaded to identify now this is a hardened server
1326
05:47:28,896 --> 05:47:34,272
Okay so if you'll try to let's try to
1327
05:47:34,528 --> 05:47:40,672
Try to use the function like system function dysfunction has blocked
1328
05:47:40,928 --> 05:47:47,072
Execution on that particular server
1329
05:47:47,328 --> 05:47:53,472
The function is basically give you a command execution capability
1330
05:47:53,728 --> 05:47:59,872
Disabled on this hour
1331
05:48:00,640 --> 05:48:04,992
Fine using that particular command
1332
05:48:05,248 --> 05:48:11,392
All it's a function which is not visible in the summer and then you are able to
1333
05:48:12,672 --> 05:48:18,816
RC electric
1334
05:48:19,072 --> 05:48:25,216
What are the largest that you to play with this exercise then I'll give you a
1335
05:48:25,472 --> 05:48:27,520
Eminem diss
1336
05:48:28,800 --> 05:48:34,944
Meanwhile if you have any question just a question on the ballot.
1337
05:48:35,200 --> 05:48:37,504
To help you
1338
06:02:12,096 --> 06:02:14,912
It looks like nobody has found.
1339
06:02:21,824 --> 06:02:25,152
Okay let's paint studio apartments
1340
06:03:28,384 --> 06:03:31,200
In one person is found location
1341
06:03:38,880 --> 06:03:45,024
The challenge is to shop.
1342
06:03:45,280 --> 06:03:50,656
So is this is a PhD application
1343
06:03:51,936 --> 06:03:57,824
Supposed to go to this Saturday
1344
06:04:06,528 --> 06:04:12,672
Toyota Tercel policy
1345
06:04:12,928 --> 06:04:19,072
Teresa Faulkner
1346
06:04:19,328 --> 06:04:22,144
Sopor the beauty Papas
1347
06:04:25,984 --> 06:04:31,360
Shuffle the POC Pappas I'm just creating
1348
06:04:31,616 --> 06:04:37,760
Which has a simple basic pH in Corbett says equal
1349
06:04:38,016 --> 06:04:44,160
This is basically World program
1350
06:04:48,512 --> 06:04:54,656
And let me upload this or that I'm to provide my name sunshine
1351
06:05:01,568 --> 06:05:07,712
And some of the information that said this is a test and I want to upload
1352
06:05:17,440 --> 06:05:20,000
Okay
1353
06:05:28,704 --> 06:05:31,776
Okay all files
1354
06:05:32,544 --> 06:05:38,688
And I want Center.
1355
06:05:38,944 --> 06:05:45,088
Let's check whether it has implemented a planted visitation or not
1356
06:05:45,344 --> 06:05:49,440
Adjust convert a JPG
1357
06:05:51,744 --> 06:05:57,888
MB sample. PHP it's a.
1358
06:05:58,144 --> 06:06:04,288
Checking The Blind Side politician for
1359
06:06:04,544 --> 06:06:06,336
Okay
1360
06:06:07,872 --> 06:06:11,712
Exceptional
1361
06:06:12,224 --> 06:06:18,368
Say yes not allowed Plus to upload
1362
06:06:23,488 --> 06:06:29,632
Nothing happened
1363
06:06:29,888 --> 06:06:36,032
That it gets uploaded to identify the location on which is filed
1364
06:06:36,288 --> 06:06:42,432
So here you can simply Run Derby
1365
06:06:42,688 --> 06:06:48,832
Starbucks.com
1366
06:06:49,088 --> 06:06:52,160
So hear it say
1367
06:06:52,928 --> 06:06:59,072
Popeyes I'm using this
1368
06:06:59,328 --> 06:07:05,472
Instrument for me so if you want to play with this FM
1369
06:07:06,240 --> 06:07:10,336
Let me download the Wireless Transfer
1370
06:07:18,784 --> 06:07:24,928
Let me see this
1371
06:07:25,184 --> 06:07:27,488
What is Tabata
1372
06:07:29,536 --> 06:07:35,680
Save this
1373
06:07:35,936 --> 06:07:39,520
If a pure or this burger and white
1374
06:07:40,288 --> 06:07:44,640
And for that just watching
1375
06:07:44,896 --> 06:07:49,760
This particle command Avenue
1376
06:07:50,016 --> 06:07:54,624
So you have to provide
1377
06:07:55,392 --> 06:08:01,536
Do you auto start stop.
1378
06:08:01,792 --> 06:08:05,376
John Deere Clipper force on this particular application
1379
06:08:05,632 --> 06:08:07,680
Fmw
1380
06:08:07,936 --> 06:08:09,984
Common. TC
1381
06:08:10,240 --> 06:08:13,312
Okay to use the first keyboard
1382
06:08:14,592 --> 06:08:20,736
It's nothing next wait for me is it's able to identify poncho
1383
06:08:20,992 --> 06:08:23,552
Files
1384
06:08:23,808 --> 06:08:29,952
Supposed admin.php giving to 102
1385
06:08:32,000 --> 06:08:36,608
That looks certain folders like images
1386
06:08:37,888 --> 06:08:44,032
CSS shop upload
1387
06:08:46,336 --> 06:08:52,480
Alexis you awake and you see
1388
06:08:52,736 --> 06:08:58,880
Available want images folder and within that folder
1389
06:08:59,136 --> 06:09:05,280
Information gets uploaded a bunch of hair tied all the jpg jpg.
1390
06:09:05,536 --> 06:09:10,400
Jim Alonso on this
1391
06:09:11,168 --> 06:09:17,312
Search for a DOT PHP so it's not that that means
1392
06:09:17,568 --> 06:09:23,712
Extension is blocked by the application
1393
06:09:23,968 --> 06:09:29,856
345 HTML
1394
06:09:30,880 --> 06:09:33,952
Okay so what time do
1395
06:09:36,000 --> 06:09:40,096
Bailiff
1396
06:09:56,736 --> 06:10:02,880
Temple
1397
06:10:03,136 --> 06:10:09,280
If you are and here instead of BHP let me try to upload phtml
1398
06:10:10,304 --> 06:10:16,448
Let me give it my username over here by forget from Aldi
1399
06:10:16,704 --> 06:10:18,496
This training okay
1400
06:10:18,752 --> 06:10:20,544
Uploaded
1401
06:10:21,824 --> 06:10:27,968
It says it yes this is uploaded on this hour
1402
06:10:33,344 --> 06:10:39,488
It is a simple HTML simple 85. PSG vs Pakistan
1403
06:10:39,744 --> 06:10:45,888
It says that your pH people people gets executed
1404
06:10:46,144 --> 06:10:52,288
So he has now we can sympathize with the system function
1405
06:10:52,544 --> 06:10:58,688
The system will not execute your code over here
1406
06:10:58,944 --> 06:11:05,088
It is not disabled.
1407
06:11:05,344 --> 06:11:11,488
Upload the page before which contains 2 p.m. footage
1408
06:11:12,512 --> 06:11:15,840
Okay open.
1409
06:11:16,608 --> 06:11:18,400
Biles first
1410
06:11:18,912 --> 06:11:25,056
I'm here.
1411
06:11:25,312 --> 06:11:31,456
Nanosecond
1412
06:11:31,712 --> 06:11:37,856
Instead of this what I want
1413
06:11:39,136 --> 06:11:43,232
Let's say pH be in function
1414
06:11:43,488 --> 06:11:45,024
Baby
1415
06:11:46,816 --> 06:11:49,376
Again try to upload a file
1416
06:11:58,848 --> 06:12:04,992
You can simply capture Turkish
1417
06:12:16,000 --> 06:12:19,584
Anticipated
1418
06:12:19,840 --> 06:12:22,912
Instrument bass I want to upload
1419
06:12:23,168 --> 06:12:27,008
HTML5
1420
06:12:28,544 --> 06:12:34,688
Saint West
1421
06:12:34,944 --> 06:12:38,272
On this fitted Palomar knot
1422
06:12:40,320 --> 06:12:46,464
The moment you try to access it loads tbsp info
1423
06:12:50,816 --> 06:12:54,400
Text list of the visible function
1424
06:12:54,912 --> 06:13:01,056
All mountains are discovered on this particular server which is that mean
1425
06:13:01,312 --> 06:13:07,456
This is not allowed to be secured on any of the BHP application like system be open first
1426
06:13:07,712 --> 06:13:13,856
2 Celexa cancel
1427
06:13:14,112 --> 06:13:20,256
Not locked while here and it is prop open the documentation of proko
1428
06:13:20,512 --> 06:13:21,536
Open
1429
06:13:26,400 --> 06:13:32,544
It allows 22
1430
06:13:32,800 --> 06:13:38,944
You can simply play with the pipes over here and then again
1431
06:13:39,200 --> 06:13:40,480
Support that
1432
06:13:40,736 --> 06:13:46,624
Let's say I'm awesome
1433
06:13:48,160 --> 06:13:51,232
This
1434
06:13:57,376 --> 06:14:00,192
It's at work
1435
06:14:01,216 --> 06:14:07,360
Northeast
1436
06:14:08,384 --> 06:14:14,528
So let me taste you can wake me up
1437
06:14:14,784 --> 06:14:20,928
If you could, and then
1438
06:14:33,728 --> 06:14:38,848
Now let's go to
1439
06:14:39,616 --> 06:14:45,760
Envision that there is a sample lp5 understood
1440
06:14:46,016 --> 06:14:52,160
Lucy
1441
06:14:52,416 --> 06:14:55,488
Antenna
1442
06:14:55,744 --> 06:15:01,888
So I believe this demo is clear to bypass Atlanta
1443
06:15:02,144 --> 06:15:08,288
1080p HD extension which is blocked on this hour but how do we identify
1444
06:15:14,944 --> 06:15:21,088
Extension which is allowed on the server but there are the function that is blocked with busy
1445
06:15:27,744 --> 06:15:33,888
Tips disable which still allow us to run the command system
1446
06:15:34,144 --> 06:15:40,288
I'm using that we are able to.
1447
06:15:40,544 --> 06:15:46,688
I believe this question just
1448
06:15:46,944 --> 06:15:53,088
Question or you can simply post your question on the agenda
1449
06:15:53,856 --> 06:15:56,928
Exercise Danville
1450
06:23:12,640 --> 06:23:17,760
Once you complete exercise please update the whole enchilada Janet so we can move forward
1451
06:30:58,048 --> 06:31:04,192
Is the most a computer this one yes
1452
06:31:05,216 --> 06:31:11,360
Yeah I'm just in case study around 55 bypass
1453
06:31:18,016 --> 06:31:24,160
GIF Library okay so let me extend
1454
06:31:28,512 --> 06:31:33,888
Competition
1455
06:31:40,032 --> 06:31:46,176
It started was testing a book place.com
1456
06:31:46,432 --> 06:31:52,576
What is identified by the order so it just replace the file extension
1457
06:31:54,368 --> 06:32:00,512
Okay so here they change the file extension from jpg to PDF
1458
06:32:00,768 --> 06:32:06,912
He was surprised that the file was uploaded
1459
06:32:07,168 --> 06:32:13,312
He's like it's kind of a straightforward exploit to replace the exchange
1460
06:32:13,568 --> 06:32:17,408
Elizabeth shooting
1461
06:32:17,664 --> 06:32:23,808
Option on the server so he just used
1462
06:32:24,064 --> 06:32:30,208
Adjust phpinfo core
1463
06:32:30,464 --> 06:32:36,608
The moment eats a scientist are requested
1464
06:32:36,864 --> 06:32:43,008
It's basically PG.
1465
06:32:49,664 --> 06:32:55,808
Is he just added the BHP
1466
06:32:56,064 --> 06:33:01,440
At the end of this particular
1467
06:33:01,696 --> 06:33:07,840
Like this
1468
06:33:08,096 --> 06:33:14,240
Huntington Beach win for coded message that this is not allowed
1469
06:33:14,496 --> 06:33:20,640
Identified that even a single character content application
1470
06:33:20,896 --> 06:33:27,040
He's not able to upload their particular file
1471
06:33:27,296 --> 06:33:33,440
Something with the GIF images and hear defecation uploaded the application
1472
06:33:33,696 --> 06:33:39,840
Accepted
1473
06:33:40,096 --> 06:33:46,240
Identify the moment download downloader
1474
06:33:46,496 --> 06:33:52,640
Uploaded file.not did not contain any phpinfo code execution output
1475
06:33:52,896 --> 06:33:54,432
Adjust
1476
06:33:54,688 --> 06:34:00,832
He just uploaded one file okay so then compare this
1477
06:34:01,088 --> 06:34:07,232
Set the original file with the uploaded file that is uploaded on the server
1478
06:34:07,488 --> 06:34:13,632
Competitive volunteer. Pipes and identify the common blocks that is said within the
1479
06:34:13,888 --> 06:34:20,032
Original five Andy uploadify
1480
06:34:20,288 --> 06:34:26,432
All it's Super Why did the hex value of the hex representation of the PHP input and once he
1481
06:34:26,688 --> 06:34:32,832
Response
1482
06:34:33,088 --> 06:34:39,232
Interesting approach the researcher has used to perform this
1483
06:34:39,488 --> 06:34:42,048
Alex
1484
06:34:44,096 --> 06:34:50,240
So-so
1485
06:34:50,496 --> 06:34:56,640
Nothing but idiot about data if you want if you want
1486
06:35:03,296 --> 06:35:09,440
Implodes Auto Title Company manager version in Citra
1487
06:35:09,696 --> 06:35:15,840
Information that is there within the file and store this information and if
1488
06:35:16,096 --> 06:35:22,240
There is no problem elevation is implemented around this metadata properties
1489
06:35:22,496 --> 06:35:25,312
Illustration
1490
06:35:26,336 --> 06:35:32,480
Alissa Violet basically process xlsx file
1491
06:35:32,736 --> 06:35:38,880
Which country is the metadata properties
1492
06:35:39,136 --> 06:35:45,280
Alex
1493
06:35:45,536 --> 06:35:51,680
Attached to this particular file and then it's try to enter this property into a
1494
06:35:51,936 --> 06:35:58,080
If it's not proper validation implemented around this information.
1495
06:35:58,336 --> 06:36:04,480
In 26 example of properties
1496
06:36:04,736 --> 06:36:10,880
It's real
1497
06:36:11,136 --> 06:36:14,976
Hello to
1498
06:36:15,744 --> 06:36:21,888
Properties you can mention it
1499
06:36:22,144 --> 06:36:28,288
It's a subject again it's a Samsung 51 points
1500
06:36:28,544 --> 06:36:34,688
Beetle
1501
06:36:34,944 --> 06:36:41,088
Is Matilda properties
1502
06:36:41,344 --> 06:36:44,160
So is similarly
1503
06:36:45,696 --> 06:36:51,840
Give me the Leo Pinocchio OpenOffice also we can also provide three properties by doing this
1504
06:36:52,096 --> 06:36:58,240
Simply to Simply open the file within this Emmett open office and by doing a file
1505
06:36:58,496 --> 06:37:04,640
Properties properties
1506
06:37:04,896 --> 06:37:11,040
Cummins and next exercise Bellevue
1507
06:37:11,296 --> 06:37:17,440
Identify the SQL injection by a 570s user
1508
06:37:17,696 --> 06:37:23,840
Fpww Steam
1509
06:37:24,096 --> 06:37:30,240
So the important thing here to understand is the semicolon
1510
06:37:30,496 --> 06:37:36,640
Is a string termination character in The metadata properties so let me show you
1511
06:37:39,456 --> 06:37:43,040
Sociology I'm just added
1512
06:37:43,808 --> 06:37:49,952
It's a title he's simple
1513
06:37:56,608 --> 06:38:02,752
Only this particular information
1514
06:38:03,008 --> 06:38:09,152
Identify a B12 injection
1515
06:38:11,456 --> 06:38:13,504
So anyone has any question in this
1516
06:38:18,368 --> 06:38:24,512
Okay I think we are heading to the second couple bags
1517
06:38:24,768 --> 06:38:30,912
And meet of opportunity of this coffee break and followed by Daniels.
1518
06:38:31,168 --> 06:38:35,776
25 minutes
1519
06:38:37,312 --> 06:38:43,456
Boyd's coffee pics
1520
06:38:45,504 --> 06:38:51,648
Anyone has any question
1521
06:38:51,904 --> 06:38:58,048
Available during the day so you can simply Pingus on the ballots about China
1522
07:03:36,960 --> 07:03:42,080
I hope you enjoy your lunch
1523
07:03:44,128 --> 07:03:50,272
Do not let me quickly give your demo down this then I'll get I'll give you time to come
1524
07:03:50,528 --> 07:03:52,576
Go to my calendar
1525
07:03:53,088 --> 07:03:54,624
It's in.
1526
07:03:54,880 --> 07:03:58,720
I have to go to The Flame Restaurant.
1527
07:03:59,488 --> 07:04:05,632
Expense reimbursement I hope already logged into this
1528
07:04:05,888 --> 07:04:12,032
Asian
1529
07:04:21,248 --> 07:04:24,320
Expense
1530
07:04:24,832 --> 07:04:30,976
It allows to upload Excel file
1531
07:04:39,936 --> 07:04:43,264
It's downloaded over here
1532
07:04:45,312 --> 07:04:48,128
Next
1533
07:04:48,384 --> 07:04:53,504
Isn't that let me play with some of the metadata properties
1534
07:04:54,016 --> 07:04:56,832
Let's I want to enter title
1535
07:04:57,344 --> 07:05:03,488
Expunged
1536
07:05:04,256 --> 07:05:07,584
The title
1537
07:05:11,936 --> 07:05:16,288
ABCD single
1538
07:05:16,800 --> 07:05:19,616
Being single quotes
1539
07:05:21,408 --> 07:05:24,480
Temple
1540
07:05:24,736 --> 07:05:27,808
Okay let's just do this 5
1541
07:05:31,904 --> 07:05:38,048
Let's try to upload a file
1542
07:05:40,352 --> 07:05:46,496
Sample data it says that
1543
07:05:46,752 --> 07:05:51,616
Increasing tax near this close quotation mark after the characters
1544
07:05:51,872 --> 07:05:58,016
So we're looking at this we are unable to identify which information is processed so they can simply
1545
07:05:58,272 --> 07:06:00,064
Chick-fil-A by one
1546
07:06:00,320 --> 07:06:06,464
So let's start what date
1547
07:06:08,000 --> 07:06:12,352
8 / 130
1548
07:06:16,960 --> 07:06:18,752
Save this
1549
07:06:19,520 --> 07:06:22,336
The same fight
1550
07:06:23,872 --> 07:06:30,016
Talbots Roses by the background application the title information than it's so yes
1551
07:06:30,272 --> 07:06:36,416
Dental information is processed in the back of its try to straight up
1552
07:06:36,672 --> 07:06:42,816
Vital Information With.
1553
07:06:43,072 --> 07:06:49,216
What you can do our challenges to let 6 check be username
1554
07:06:50,752 --> 07:06:56,896
Okay will do identify let's say the current determines name
1555
07:06:57,152 --> 07:07:03,296
Sport Authority for functions available so let's quickly modify a payload
1556
07:07:03,552 --> 07:07:09,696
Now is this is a very careful
1557
07:07:09,952 --> 07:07:16,096
Why does identify the columns next to this
1558
07:07:16,352 --> 07:07:18,144
Vatican value
1559
07:07:18,400 --> 07:07:21,984
And I won't be use this
1560
07:07:22,240 --> 07:07:28,384
Scenic username and whatever just inserted
1561
07:07:28,640 --> 07:07:33,504
Username B value
1562
07:07:34,272 --> 07:07:39,648
Bye-bye
1563
07:07:39,904 --> 07:07:46,048
Let's check weather.
1564
07:07:46,304 --> 07:07:51,424
To do that it says that your file uploaded successfully
1565
07:07:52,192 --> 07:07:58,336
Know the moment YouTube you you see your
1566
07:07:58,592 --> 07:08:04,736
Username is stored within the phylum section that means after the title information
1567
07:08:06,528 --> 07:08:11,904
And that's where we are unable to identify
1568
07:08:12,160 --> 07:08:18,304
B a b b b b name
1569
07:08:25,472 --> 07:08:31,616
Madera properties in Singapore
1570
07:08:31,872 --> 07:08:34,432
Okay
1571
07:08:34,688 --> 07:08:40,832
Save this file again try to upload it with the expense section
1572
07:08:47,488 --> 07:08:53,632
Let's check what information that came into this section
1573
07:08:53,888 --> 07:09:00,032
The moment we triplexes that particular policy it's revealing the information.
1574
07:09:00,288 --> 07:09:03,360
Expensive embarrassment TV
1575
07:09:03,616 --> 07:09:09,760
This is how you can go from the SQL injection also if the back of the application process.
1576
07:09:10,016 --> 07:09:15,648
Store this information straight up
1577
07:09:16,160 --> 07:09:19,232
So anybody has any question in this
1578
07:09:22,560 --> 07:09:26,400
Okay so what are you 10 more minutes
1579
07:09:26,912 --> 07:09:30,752
To complete this exercise then we'll move to the next topic
1580
07:09:36,640 --> 07:09:42,784
Meanwhile if you have any question please unmute yourself Plantation Oregon simply push your question on the basketball Channel
1581
07:09:43,040 --> 07:09:49,184
And I already uploaded stops on them
1582
07:09:56,096 --> 07:10:01,472
Yep
1583
07:10:07,616 --> 07:10:12,224
Adventure complete exercise please update the polling channel channel
1584
07:19:29,024 --> 07:19:35,168
The most popular than this one
1585
07:19:35,424 --> 07:19:41,568
Summit at Chick-fil-A
1586
07:19:41,824 --> 07:19:47,968
So here we are talking about and then we can call in
1587
07:19:48,224 --> 07:19:54,368
Cannon fires have expandable internal Xbox really see what is export injection and we'll see
1588
07:19:54,624 --> 07:20:00,768
At last
1589
07:20:07,424 --> 07:20:13,568
Make a request on behalf of a taker
1590
07:20:13,824 --> 07:20:19,968
You might be able to access the internet application on we can do a port scan or it's if you can use the applications
1591
07:20:20,224 --> 07:20:21,504
Proxy
1592
07:20:23,296 --> 07:20:29,440
No these don't imprison the internal application only accessible from
1593
07:20:29,696 --> 07:20:35,840
The internal environment if it's not exposed to them
1594
07:20:36,096 --> 07:20:42,240
This internal application is not tasted heavily against the security issue
1595
07:20:42,496 --> 07:20:48,640
So as an attic in internal
1596
07:20:48,896 --> 07:20:55,040
Application this internal application
1597
07:20:55,296 --> 07:21:01,440
On on the internal internal environment
1598
07:21:01,696 --> 07:21:07,840
Exploding marble pentesting don't internet application you can identify
1599
07:21:14,496 --> 07:21:20,640
Using that pill to identify the local or internal application and
1600
07:21:20,896 --> 07:21:27,040
What's 10 divided Anvil glide into particular expression volunteerism this local or dental application
1601
07:21:27,296 --> 07:21:33,440
Expected to Somerset
1602
07:21:33,696 --> 07:21:39,840
Can do that so let's say there is this a b c d e f on
1603
07:21:40,096 --> 07:21:46,240
The author in the organizer which is not accessible from the outside so if they're taken
1604
07:21:46,496 --> 07:21:52,640
Since depiction that is crucial in this our see it's not allowed Bartlett
1605
07:21:52,896 --> 07:21:59,040
Best application to publicly accessible and which is why
1606
07:21:59,296 --> 07:22:05,440
Weekend do we supplied our payload in the SSI in such a way that it will try to query
1607
07:22:05,696 --> 07:22:07,232
Seafood students h c
1608
07:22:07,744 --> 07:22:10,304
Whitney Houston disappoint
1609
07:22:10,560 --> 07:22:16,704
So when we sent this pillow to be flexible
1610
07:22:16,960 --> 07:22:23,104
Try to make a query or request to depiction which is posted on the subway seat
1611
07:22:23,360 --> 07:22:29,504
He was ejected from the Saturday which is
1612
07:22:29,760 --> 07:22:35,904
Internal request okay
1613
07:22:36,160 --> 07:22:42,304
And then this response is part of the response of the server application and then it will forward it today
1614
07:22:42,560 --> 07:22:48,704
The Atticus browser so this is how we can perform this
1615
07:22:48,960 --> 07:22:55,104
Exit navigation
1616
07:22:55,360 --> 07:23:01,504
Extract information is based on on the library that is supported in the bucket
1617
07:23:01,760 --> 07:23:07,904
Supports measure measure and so on
1618
07:23:08,160 --> 07:23:14,304
Content Discovery we can also do 50 bypass like
1619
07:23:14,560 --> 07:23:20,704
Time to exit navigation using the localhost network like this
1620
07:23:20,960 --> 07:23:27,104
VIP artist Colin for everyone to access or everyone to check whether it's open.
1621
07:23:27,360 --> 07:23:33,504
You can also read the data from the internal fixation like this
1622
07:23:33,760 --> 07:23:39,904
Make a request to the attackers control dominant
1623
07:23:40,160 --> 07:23:46,304
Navigation along with the FTP and other files
1624
07:23:46,560 --> 07:23:52,704
It also supports two different articles like file graph for the ACT
1625
07:23:52,960 --> 07:23:59,104
Activia ppsi map
1626
07:23:59,360 --> 07:24:05,504
A depends on so please don't.
1627
07:24:05,760 --> 07:24:11,904
This is telephone number to check the open fruit and vegetable Foods open on the food
1628
07:24:12,160 --> 07:24:18,304
And utilizing disarray
1629
07:24:18,560 --> 07:24:24,704
Detailing job.
1630
07:24:24,960 --> 07:24:31,104
Dice 2122 8403 1080
1631
07:24:35,200 --> 07:24:40,576
Okay so the challenge is
1632
07:24:40,832 --> 07:24:46,208
Shoprite.com
1633
07:24:46,464 --> 07:24:52,608
Charlotte mixes Bachata station
1634
07:24:53,632 --> 07:24:59,776
It's time to fetch this images let's check Howard images
1635
07:25:03,360 --> 07:25:09,504
Okay it's only contagious products.
1636
07:25:09,760 --> 07:25:15,904
I want to also see the images request as well
1637
07:25:16,160 --> 07:25:22,304
You see there is one image Handler. BHP
1638
07:25:22,560 --> 07:25:28,704
You are so let me send this
1639
07:25:34,592 --> 07:25:40,736
Weekly check. If you access the server status page directly from the internet for this application
1640
07:25:40,992 --> 07:25:47,136
You see it respond with the letter that this particular page is orbit and you cannot access this particular page from the
1641
07:25:47,392 --> 07:25:50,464
Sunday particular application
1642
07:25:50,720 --> 07:25:56,864
Let's try to access this
1643
07:25:59,168 --> 07:26:05,312
Using this particular pillow
1644
07:26:05,568 --> 07:26:09,152
Respond with the content of Southwest status page
1645
07:26:10,432 --> 07:26:14,784
Respond with speech
1646
07:26:15,552 --> 07:26:21,696
So what's next for the next thing is let's say we want to do a code scan
1647
07:26:21,952 --> 07:26:28,096
How do we identify the VIP status used in the back and two assigned to the
1648
07:26:28,352 --> 07:26:34,496
Say who's there or in the back
1649
07:26:34,752 --> 07:26:40,896
Its infrastructure support that you can simply use
1650
07:26:45,504 --> 07:26:51,136
And here
1651
07:26:51,392 --> 07:26:53,184
It is 15
1652
07:26:53,440 --> 07:26:59,584
Salinas environment internal IP address information like ATC
1653
07:26:59,840 --> 07:27:05,984
Xbox interface
1654
07:27:06,240 --> 07:27:12,384
Is I'm using the DHCP so it's not showing any IP address over here
1655
07:27:12,640 --> 07:27:18,784
Static IP address and it's definition
1656
07:27:19,040 --> 07:27:22,112
Alexa ABC Network
1657
07:27:23,136 --> 07:27:26,208
Interfaces
1658
07:27:28,256 --> 07:27:34,400
The moment I sent this request to the server it will just respond with the lights IP address of the sovereign
1659
07:27:34,656 --> 07:27:40,800
And that is 192168 210
1660
07:27:41,056 --> 07:27:47,200
Things that we can do if we can simply try to do both confirm legit Wonder.
1661
07:27:47,456 --> 07:27:53,600
235 55 255 and we try to check the letter Vaillancourt like a Jeep
1662
07:27:53,856 --> 07:28:00,000
Local 321 22 and so on
1663
07:28:00,256 --> 07:28:06,400
Navigation that is accessible using this particular as a sorrowful.
1664
07:28:06,656 --> 07:28:08,192
Betsy
1665
07:28:09,216 --> 07:28:15,360
Stupi Colin 192168101
1666
07:28:15,616 --> 07:28:17,152
And
1667
07:28:19,456 --> 07:28:21,760
80
1668
07:28:23,040 --> 07:28:29,184
Momentary sent this request using multiplication which is using
1669
07:28:29,440 --> 07:28:35,584
SoundCloud M stop like Amazon AWS SDK
1670
07:28:35,840 --> 07:28:40,960
Sign in
1671
07:28:41,472 --> 07:28:47,104
Okay now let's do about skinny support that I'm just sending this week
1672
07:28:47,872 --> 07:28:54,016
And here and say I want to use different IP address
1673
07:28:57,088 --> 07:29:00,160
I want to use the custom plasterboard
1674
07:29:00,416 --> 07:29:06,560
Support the first parameter at 11 12 13 14
1675
07:29:06,816 --> 07:29:12,960
In 15-20 110 I'm just trying to provide some random IP address
1676
07:29:15,008 --> 07:29:21,152
Or the second parameter report 21:22
1677
07:29:23,456 --> 07:29:26,016
8440
1678
07:29:26,272 --> 07:29:32,416
8080 8000 9000
1679
07:29:33,440 --> 07:29:39,584
Okay and now they're try to start
1680
07:29:41,888 --> 07:29:48,032
It's time to send a request and try to check whether the 2140
1681
07:29:48,288 --> 07:29:54,432
This is a people so how do we identify that this particular port is open or not
1682
07:29:54,688 --> 07:30:00,832
It's trying to connect this 21 Port over there
1683
07:30:01,088 --> 07:30:07,232
It is something all it said while making the connection it just paid for the username and password
1684
07:30:07,488 --> 07:30:13,632
Identify the delay in response
1685
07:30:13,888 --> 07:30:16,192
Let me in
1686
07:30:17,216 --> 07:30:23,360
It's a time of response received so you see you can observe the dealer in
1687
07:30:23,616 --> 07:30:29,760
Respond respond with 3226
1688
07:30:30,016 --> 07:30:36,160
When sigurd the three-second delay if you provide the username and password while connecting
1689
07:30:36,416 --> 07:30:42,560
FTP then it just respond with a message right
1690
07:30:42,816 --> 07:30:48,960
What is implemented for application you can identify
1691
07:30:49,216 --> 07:30:55,360
Applebee's open on Airport
1692
07:30:55,616 --> 07:31:01,760
6213 21:22
1693
07:31:02,016 --> 07:31:08,160
So this is how we can do a port scan
1694
07:31:08,416 --> 07:31:14,560
Access ABC Boston
1695
07:31:14,816 --> 07:31:18,400
Simply do
1696
07:31:22,240 --> 07:31:25,312
Scdc passwd
1697
07:31:25,568 --> 07:31:31,712
Support Nintendo
1698
07:31:31,968 --> 07:31:38,112
So by exploiting Desiree.
1699
07:31:42,208 --> 07:31:47,840
If you have any question you can amuse yourself on a Sebastian Alba can simply move the next stopping
1700
07:31:49,888 --> 07:31:56,032
Okay so let's go to the next stop
1701
07:31:56,288 --> 07:32:02,432
The use of supplied in food is
1702
07:32:02,688 --> 07:32:08,832
Is the PDF file so what happened in this day
1703
07:32:09,088 --> 07:32:15,232
First created HTML5 in based on this HTML file it will convert cassette
1704
07:32:15,488 --> 07:32:21,632
Media and then it will send to a user for the download
1705
07:32:21,888 --> 07:32:28,032
Hardbody liabilities to maintain the design and if you identify
1706
07:32:28,288 --> 07:32:34,432
In diverse Anderson process solitary situation. Azar forum
1707
07:32:34,688 --> 07:32:40,832
Henderson and so on
1708
07:32:41,088 --> 07:32:47,232
Mr. Passing the legitimate content and inject istemal pool which makes
1709
07:32:47,488 --> 07:32:53,376
2D internal files electricity Atticus control to me
1710
07:32:53,888 --> 07:33:00,032
So when the back of the application fastest input to create vegetable file and
1711
07:33:00,288 --> 07:33:06,432
Converted into a letter PDF
1712
07:33:06,688 --> 07:33:12,832
Attica Central Library
1713
07:33:13,088 --> 07:33:17,696
Xperia 5
1714
07:33:17,952 --> 07:33:24,096
So disjointed are exercise ball YouTube
1715
07:33:24,352 --> 07:33:30,496
Utilize the PDF export injection to confirm ssrf using or vagina
1716
07:33:30,752 --> 07:33:36,896
3D content of internal file pin.
1717
07:33:37,152 --> 07:33:38,688
Account slash profile
1718
07:33:39,456 --> 07:33:45,344
Let me show you the injection point then I'll give you time to play with this exercise
1719
07:33:48,928 --> 07:33:51,488
Okay so
1720
07:33:53,024 --> 07:33:56,352
Let me go to my Kalamazoo
1721
07:33:59,424 --> 07:34:03,008
And
1722
07:34:07,360 --> 07:34:10,176
Let me borrow.
1723
07:34:13,248 --> 07:34:19,136
Order just forward the necessary information Picante now
1724
07:34:20,160 --> 07:34:26,304
Blue-eyed some spam information that this one joint is 1234
1725
07:34:26,560 --> 07:34:31,680
Well that's 2123
1726
07:34:38,336 --> 07:34:44,480
Just Flowers to download the invoice to download
1727
07:34:44,736 --> 07:34:50,880
Adjust load the PDF file that says that hate this particular PDF is created using the exposed
1728
07:34:51,136 --> 07:34:57,280
And if you who folding table
1729
07:34:57,536 --> 07:35:03,680
Search for weather this SPD apply Brisbane
1730
07:35:03,936 --> 07:35:09,312
Libraries Ballard
1731
07:35:09,568 --> 07:35:15,712
Bruce's the user input so this is invoice number that is under than from the back and then it's showing the user
1732
07:35:15,968 --> 07:35:20,832
User email address so this information is looks
1733
07:35:21,344 --> 07:35:27,488
It's retrieved from the users with a user's profile information so he
1734
07:35:27,744 --> 07:35:33,888
Wssra payload and just
1735
07:35:34,144 --> 07:35:39,520
Execute your pssession
1736
07:35:39,776 --> 07:35:44,128
What are giblets
1737
07:35:44,640 --> 07:35:50,784
10 minutes to play with exercise and I'll give you are dumb or on this then I guess I'll give your time to come this way
1738
07:35:52,320 --> 07:35:58,464
It's a minimal if you have any question you can simply put your question on the ground support Channel Oregon simply on motorcycle
1739
07:35:58,720 --> 07:36:00,000
Question
1740
07:36:01,024 --> 07:36:07,168
And I already uploaded the steps on the empty books if you want to take a
1741
07:36:07,424 --> 07:36:13,568
Hope ology want a hint you can simply go to that okay
1742
07:45:44,448 --> 07:45:50,592
It's only one person has completed this one
1743
07:45:50,848 --> 07:45:52,640
Time to competition
1744
07:45:52,896 --> 07:45:59,040
The plastic milk identify what are the user input that will become a part of the
1745
07:46:00,320 --> 07:46:06,464
It's a condition pluses
1746
07:46:06,720 --> 07:46:12,864
Okay so what we are doing
1747
07:46:13,120 --> 07:46:19,264
This is what is your name
1748
07:46:19,520 --> 07:46:22,336
I named The System Genesis
1749
07:46:24,128 --> 07:46:30,272
Send Billy courtesies let's say
1750
07:46:31,552 --> 07:46:34,368
India
1751
07:46:37,952 --> 07:46:42,048
Now let me update this
1752
07:46:43,072 --> 07:46:47,936
Don't be able to edit my name mobile about question billing address
1753
07:46:48,960 --> 07:46:55,104
Membership profile and Swanson out let me do a Top Again
1754
07:46:55,360 --> 07:46:57,664
Information that will become apart of
1755
07:46:58,432 --> 07:47:00,736
History of transition process
1756
07:47:02,272 --> 07:47:04,832
Soaking providing the same
1757
07:47:06,368 --> 07:47:12,512
Damning information that's a fake information
1758
07:47:16,608 --> 07:47:19,424
Its ability
1759
07:47:24,288 --> 07:47:30,432
Not
1760
07:47:30,688 --> 07:47:36,832
Address
1761
07:47:37,088 --> 07:47:43,232
Name is reflected within the invoice and my address is also reflected in Vice
1762
07:47:43,488 --> 07:47:49,632
So these are the two parameters which basically become
1763
07:47:49,888 --> 07:47:56,032
Become a part of this video condition process so the first thing is the identification
1764
07:48:02,944 --> 07:48:09,088
So what we can do to first thing you can do that identification okay
1765
07:48:09,344 --> 07:48:10,880
Before. What can do
1766
07:48:11,648 --> 07:48:17,792
Let me go to my topic
1767
07:48:18,048 --> 07:48:24,192
Let's say this is a HTML
1768
07:48:24,448 --> 07:48:30,592
Source from this location
1769
07:48:32,640 --> 07:48:34,944
E85
1770
07:48:39,552 --> 07:48:45,696
Information word anthesis information
1771
07:48:45,952 --> 07:48:48,512
Update information
1772
07:48:49,280 --> 07:48:52,608
Okay let's try to do a Top Again
1773
07:49:01,568 --> 07:49:07,712
Start my list because we are calling there should be depressed
1774
07:49:11,552 --> 07:49:15,392
All it support
1775
07:49:15,904 --> 07:49:22,048
888
1776
07:49:28,704 --> 07:49:30,752
Auntie
1777
07:49:31,264 --> 07:49:37,408
At the moment it's supplies the user input a decimal and converted into a PDF file
1778
07:49:37,664 --> 07:49:43,552
Sydney Cowabunga Quest 2
1779
07:49:46,880 --> 07:49:48,928
10
1780
07:49:49,696 --> 07:49:55,840
Stockton
1781
07:49:56,096 --> 07:50:02,240
This to fail is vulnerable because
1782
07:50:02,496 --> 07:50:08,640
So the next thing is real today thing content of internal files instead of
1783
07:50:08,896 --> 07:50:15,040
Making out a parent request instead of using vegetable
1784
07:50:16,576 --> 07:50:19,648
Ford x470 update my profile
1785
07:50:21,696 --> 07:50:23,232
And you still got that
1786
07:50:24,000 --> 07:50:30,144
Take me to supply products
1787
07:50:30,400 --> 07:50:36,544
Countertop see Windows pin. Diana has information input
1788
07:50:36,800 --> 07:50:40,384
This be loading boat the fields update
1789
07:50:40,640 --> 07:50:42,176
Go to top up
1790
07:50:42,944 --> 07:50:45,760
I didn't perform the order
1791
07:50:47,808 --> 07:50:49,344
Beano
1792
07:50:58,048 --> 07:51:04,192
Spell information
1793
07:51:04,448 --> 07:51:10,592
Beauty Supply
1794
07:51:10,848 --> 07:51:16,992
Just load the content of pinto Thailand
1795
07:51:17,248 --> 07:51:23,392
Andy the address location and you see you are able to do that at that position
1796
07:51:23,648 --> 07:51:29,792
So this is how you can also call Pam dssr Empire Has Fallen
1797
07:51:30,560 --> 07:51:33,376
So anyone has any question in this
1798
07:51:35,936 --> 07:51:42,080
Okay let me add 10 more minutes to complete this exercise and will move to the next one
1799
07:58:33,984 --> 07:58:37,312
Edible Ones who captured exercise
1800
08:01:41,632 --> 08:01:47,776
It looks like majority of your computer disk.
1801
08:01:48,032 --> 08:01:54,176
Apart Depot
1802
08:01:54,432 --> 08:02:00,576
Abused The Authority component is
1803
08:02:00,832 --> 08:02:06,976
Followed by SS
1804
08:02:07,232 --> 08:02:10,048
Play spotless? Has
1805
08:02:10,304 --> 08:02:16,448
Collin and address in.
1806
08:02:16,704 --> 08:02:22,848
This is how Theocratic component is looks like
1807
08:02:23,104 --> 08:02:29,248
So the very famous researcher or inside has deed
1808
08:02:29,504 --> 08:02:35,648
Very interesting research around. That's how we can bypass this by filter between the different
1809
08:02:35,904 --> 08:02:42,048
So here you just mentioned about that whenever or the BHP application is that
1810
08:02:42,304 --> 08:02:48,448
That is a beautiful functions I feel blue what is static electricity
1811
08:02:48,704 --> 08:02:54,848
Ebay.com
1812
08:02:55,104 --> 08:03:01,248
Border collie call noches call UPS.
1813
08:03:01,504 --> 08:03:07,648
It's basically when we provide this particular import and behave differently
1814
08:03:07,904 --> 08:03:14,048
Expect the email app.com instead of admin and Forester expected
1815
08:03:14,304 --> 08:03:19,936
Securetech.com in Edmond at jet.com
1816
08:03:20,704 --> 08:03:26,848
Know what happened the back of the education block Sisseton
1817
08:03:27,104 --> 08:03:33,248
Hubert's life let's see
1818
08:03:33,504 --> 08:03:39,648
Olympic blocks
1819
08:03:39,904 --> 08:03:46,048
Bypassing mechanism light PS4.
1820
08:03:47,072 --> 08:03:53,216
A bypass Beluga horse we can simply use this information like 127 tour 2020
1821
08:03:53,472 --> 08:03:59,616
2000 127
1822
08:03:59,872 --> 08:04:06,016
Quest and eventual treated as 127.
1823
08:04:06,272 --> 08:04:12,416
Similarly for the IPv6 we can also use this kind of lets in sequence
1824
08:04:12,672 --> 08:04:18,816
To treat this as a stupid
1825
08:04:19,072 --> 08:04:25,216
Also use this poop. But then it slender 2
1826
08:04:25,472 --> 08:04:31,616
27. 0.1
1827
08:04:31,872 --> 08:04:38,016
Look at this. Me and so on if it's blocking this kind of Lexi
1828
08:04:38,272 --> 08:04:44,416
IP Cosmetics operation than you can also use the decimal
1829
08:04:44,672 --> 08:04:50,816
Location like this if you also use the decimal representation of the body glove IP to bypass
1830
08:04:51,072 --> 08:04:57,216
Such a salad fingers it's basically nothing but it's nothing but today presentation 27.0
1831
08:04:57,472 --> 08:05:03,616
This is the decimal representation of 19216801
1832
08:05:03,872 --> 08:05:10,016
And so you can also use this kind of bypass
1833
08:05:10,272 --> 08:05:16,416
For the PSP functions like this
1834
08:05:16,672 --> 08:05:22,816
And be salty bunch of others to bypass filters
1835
08:05:23,072 --> 08:05:29,216
Texas disaster because she do then it's try to access local was similarly 127.
1836
08:05:29,472 --> 08:05:35,616
127 2012
1837
08:05:35,872 --> 08:05:42,016
Excess or little bypass decided filter in the back and if it's not allow you to access the internal application
1838
08:05:42,528 --> 08:05:48,672
So with that said we are done with hearty food so what I do
1839
08:05:48,928 --> 08:05:55,072
Open this channel 45 minutes you can simply go to each and every topic.
1840
08:05:55,328 --> 08:06:01,472
And if you have any questions regarding any of the top of the steps that will cover
1841
08:06:01,728 --> 08:06:06,336
For any of the exercise you can simply ask a question
1842
08:06:07,104 --> 08:06:13,248
Is looking at a timer
1843
08:06:13,504 --> 08:06:15,296
Play 25 minutes
1844
08:06:28,864 --> 08:06:35,008
Ed Rudy 12 at any clothing.
1845
08:06:35,264 --> 08:06:41,408
Tomorrow will be the last day if you'd like to do a quick revision of everything and cash
1846
08:06:41,664 --> 08:06:47,808
Do you have you can reach out to us 30 minutes prior to class. Because we started
1847
08:06:53,440 --> 08:06:59,584
Those who do not have any question can simply drop from despotic regime
1848
08:07:00,096 --> 08:07:06,240
England
1849
08:07:10,848 --> 08:07:15,200
Thank you thanks
1850
08:07:22,624 --> 08:07:24,672
Text Krista
1851
08:07:34,912 --> 08:07:36,960
Recording stopped
1852
08:07:37,984 --> 08:07:40,288
Thanks gems
1853
08:08:57,088 --> 08:09:00,672
Thanks Tyler thanks Tyler tomorrow
1854
08:11:21,984 --> 08:11:24,032
Okay select close to Jewel
1855
08:11:25,568 --> 08:11:30,432
Okay so I hope you don't have any question
1856
08:11:30,944 --> 08:11:32,736
See you tomorrow