1
00:00:00,210 --> 00:00:07,440
Now that we have successfully injected come on in low and medium security, but it's time to see on

2
00:00:07,440 --> 00:00:09,450
high all we can say impossible.

3
00:00:09,820 --> 00:00:11,220
So why it is impossible.

4
00:00:11,220 --> 00:00:19,320
Why what Dolapo did there so that we are not able to get inside or Galina's discussion using some comments.

5
00:00:19,350 --> 00:00:21,780
OK, so now let's see Comisar.

6
00:00:22,200 --> 00:00:24,840
OK, first of all, we need to change our security to high.

7
00:00:26,190 --> 00:00:27,780
So we are currently on high.

8
00:00:29,570 --> 00:00:35,360
So now let's get back to my institution, so guys, in this lecture, we are going to see and analyze

9
00:00:35,600 --> 00:00:41,810
what is the perspective of a developer, what did what they are doing here so that we are not able to

10
00:00:41,810 --> 00:00:42,870
get inside it.

11
00:00:43,160 --> 00:00:50,230
OK, so we are not able to get to see all the files and all we did in the last some videos.

12
00:00:50,290 --> 00:00:53,810
OK, so this is the field of IP, not just try to enter the IP here.

13
00:00:55,020 --> 00:00:55,890
Now hit enter.

14
00:00:56,800 --> 00:01:01,900
So often, and as you can see, the spinning, OK, so now let's try to do with this.

15
00:01:03,160 --> 00:01:03,850
This come on.

16
00:01:05,670 --> 00:01:05,970
No.

17
00:01:06,880 --> 00:01:09,190
So you have entered an invalid IP address.

18
00:01:09,220 --> 00:01:15,630
So what it is doing here is this is simply supposed like this is a common knowledge try to do this with.

19
00:01:15,640 --> 00:01:16,470
So what it is doing.

20
00:01:16,470 --> 00:01:20,530
This is reflecting the error, which is you have entered the invaded IP address.

21
00:01:20,550 --> 00:01:23,320
Okay, guys, so now let's analyze its source code.

22
00:01:23,970 --> 00:01:24,960
So when you see.

23
00:01:25,560 --> 00:01:26,730
Let me get.

24
00:01:28,610 --> 00:01:29,220
Bigger.

25
00:01:29,280 --> 00:01:32,880
OK, so this is the source code that I have.

26
00:01:33,310 --> 00:01:38,380
OK, so now let's analyze the source code, why it is not picking up inputs.

27
00:01:38,630 --> 00:01:41,330
So this is what if some type.

28
00:01:41,360 --> 00:01:42,710
OK, so now.

29
00:01:43,680 --> 00:01:48,750
This is a function which is tribalists, what that means is strip.

30
00:01:49,500 --> 00:01:52,020
OK, I saw this dysfunction is doing here.

31
00:01:53,260 --> 00:02:00,820
What this is doing here, this function simply removes the back in the string and returns the string

32
00:02:00,820 --> 00:02:02,140
with the EU back.

33
00:02:02,980 --> 00:02:04,990
OK, I saw this function is doing here.

34
00:02:05,020 --> 00:02:06,270
This is a function here.

35
00:02:06,640 --> 00:02:11,600
What this is doing, this is simply removing the backslash in this string and reduced the string with

36
00:02:11,650 --> 00:02:13,060
the stripped back.

37
00:02:13,930 --> 00:02:20,230
So now one more function that we have that is explored here explored is the target.

38
00:02:20,500 --> 00:02:22,930
OK, so this is the function that we have here.

39
00:02:23,290 --> 00:02:25,310
Now, let me scroll down.

40
00:02:26,050 --> 00:02:28,140
OK, so this is a function explode.

41
00:02:28,750 --> 00:02:35,140
So what it is doing so this function breaks the string into an array and returns an array of strings.

42
00:02:35,290 --> 00:02:41,830
So the parameters separated specifies where to split the string and the parameters string is the string

43
00:02:41,980 --> 00:02:48,380
to be split and the optional parameter limit specifies the number of added element to return.

44
00:02:49,270 --> 00:02:50,680
So what it is doing here.

45
00:02:51,100 --> 00:02:57,050
So next, what we have here is, you know, we can say, yes, this is a function is what it is doing.

46
00:02:57,190 --> 00:02:58,690
Yes, this is also a function.

47
00:02:58,720 --> 00:03:05,260
So what it is doing so this is simply checking if a string is a pneumatic or pneumatic string, if it

48
00:03:05,270 --> 00:03:08,500
is true, otherwise it returns false here.

49
00:03:08,800 --> 00:03:09,190
OK.

50
00:03:09,260 --> 00:03:10,770
Because as you can see, it is inside.

51
00:03:10,780 --> 00:03:13,660
If so, what we can conclude from this.

52
00:03:13,990 --> 00:03:21,370
So the conclusion is that it can be seen that the this security level code is like impossible and this

53
00:03:21,490 --> 00:03:25,810
simply adds the NPC sarap tokens and the parameters.

54
00:03:25,810 --> 00:03:35,320
IP is strictly restricted here and only inputs such as digital, digital, no DOT, no will be received

55
00:03:35,320 --> 00:03:36,270
and executed.

56
00:03:36,460 --> 00:03:40,300
So there is no command execution of winnability inside it.

57
00:03:40,720 --> 00:03:42,670
OK, guys, so this is how.

58
00:03:44,320 --> 00:03:48,550
You can simply securing a Web site using this.

59
00:03:48,580 --> 00:03:53,260
OK, so now let's get back to it so you cannot exploit this.

60
00:03:53,260 --> 00:03:59,120
You cannot take advantage of the winnability because developers is playing.

61
00:03:59,380 --> 00:04:01,660
That developer has a great job here.

62
00:04:02,170 --> 00:04:08,290
So this is why how you can exploit any vulnerability related to communication by using by playing with

63
00:04:08,290 --> 00:04:09,040
the operators.

64
00:04:09,290 --> 00:04:13,800
And if it is like if a developer did the great job.

65
00:04:13,950 --> 00:04:17,970
So you cannot find any kind of an ability because they also have the.

66
00:04:18,550 --> 00:04:19,030
OK, guys.

67
00:04:19,030 --> 00:04:20,440
So this is how you can do it.

68
00:04:20,620 --> 00:04:25,120
So this is all about constitution from the next election, which we are going to start with some other

69
00:04:25,120 --> 00:04:25,620
winnability.

70
00:04:25,630 --> 00:04:28,810
So this is all for this lecture and thank you.

71
00:04:28,810 --> 00:04:29,020
What?

72
00:04:29,020 --> 00:04:29,650
In this lecture?