1
00:00:00,180 --> 00:00:06,440
So, guys, in the sort lecture, we are going to discuss what is a script and what are the we can say

2
00:00:06,450 --> 00:00:12,000
payloads that we will be using in this section or in our upcoming life of hacking.

3
00:00:12,630 --> 00:00:18,290
So to make things clear of JavaScript is different from the Java programming language.

4
00:00:18,660 --> 00:00:22,550
So Netscape name JavaScript purely for marketing reasons.

5
00:00:22,560 --> 00:00:29,310
So as the Java programming language was gaining popularity during that time, and so in dynamic of application,

6
00:00:29,310 --> 00:00:31,190
JavaScript is used for right live.

7
00:00:31,650 --> 00:00:34,890
We can see a wide variety of tasks and can be embedded.

8
00:00:35,940 --> 00:00:41,920
We can see in the editorial pages to retrieve data from the several sources to build the Web page.

9
00:00:42,630 --> 00:00:49,590
So a simple example would be a social networking websites using JavaScript to build a profile page by

10
00:00:49,590 --> 00:00:55,320
loading the profile image, user details and all post for several locations.

11
00:00:55,650 --> 00:00:59,880
So some of these in JavaScript is used in code.

12
00:01:00,240 --> 00:01:02,170
Now let's see them.

13
00:01:02,580 --> 00:01:03,860
So the first one is a script.

14
00:01:04,330 --> 00:01:06,270
OK, so the first one is a script that.

15
00:01:06,480 --> 00:01:08,220
So let me first change the color.

16
00:01:09,800 --> 00:01:11,250
So I have to use this color.

17
00:01:11,540 --> 00:01:19,700
So first all, we are having a script, OK, so OK, so this is our payload, as you can see this as

18
00:01:19,700 --> 00:01:20,540
our payload.

19
00:01:21,230 --> 00:01:23,020
So as you can see that the script.

20
00:01:23,180 --> 00:01:24,540
So what it is doing here.

21
00:01:24,560 --> 00:01:31,270
So JavaScript can be embedded directly in the web using a script that so as you can see this thing.

22
00:01:31,430 --> 00:01:36,410
So when our discussion will execute, it will simply pop up a box like this.

23
00:01:36,620 --> 00:01:45,620
OK, a box like this, which is simply alerting the user died X, X, X, be whatever written inside

24
00:01:45,620 --> 00:01:48,850
these double code, it will reflect on this particular dialogue.

25
00:01:48,950 --> 00:01:55,890
So this is the this is why we use Java script and then later we are having body type.

26
00:01:56,120 --> 00:02:00,570
So this script can also be embedded using the OnLoad event in the body type.

27
00:02:00,920 --> 00:02:01,280
OK.

28
00:02:01,430 --> 00:02:06,370
So this will simply alert you if you this the payload is starting from here.

29
00:02:06,710 --> 00:02:11,750
So it was simply it will do the same work like a script and then we are having image.

30
00:02:11,990 --> 00:02:17,840
So this is nothing but this that can be used to execute a JavaScript and which is often used for malicious

31
00:02:17,840 --> 00:02:18,500
purposes.

32
00:02:18,680 --> 00:02:21,020
So we are going to see all of them, don't we.

33
00:02:21,620 --> 00:02:27,770
OK, I saw there are some other tags such as iFrame and Divide and Link are also used to embed scripting

34
00:02:27,920 --> 00:02:28,820
e-mail page.

35
00:02:29,120 --> 00:02:35,270
So JavaScript can be used to not only retrieve information from the web server, but also to perform

36
00:02:35,270 --> 00:02:44,140
the DOM we can save document object model, which is called Dom script, and it has it has access to

37
00:02:44,150 --> 00:02:46,750
web browser data and operating system properties.

38
00:02:47,090 --> 00:02:54,170
So JavaScript was actually designed to run in a very restricted environment with limited access to the

39
00:02:54,170 --> 00:02:55,540
underlying operating system.

40
00:02:55,730 --> 00:03:01,820
But even with the limitation, limited access, as we can see, limited access, a JavaScript loaded

41
00:03:01,820 --> 00:03:05,900
in the Web browser can be used to do some nasty stuff.

42
00:03:06,860 --> 00:03:13,780
So in JavaScript is loaded in a Web browser so it can access the cookies assigned to the user HACEN

43
00:03:13,910 --> 00:03:15,800
and access the usual history.

44
00:03:16,220 --> 00:03:19,370
So cookies are often used as a section identifiers.

45
00:03:20,590 --> 00:03:27,100
If the attacker can steal them, they can gain control over the situation, also, JavaScript can has

46
00:03:27,100 --> 00:03:35,080
the access to the entire dome of the webpage and can modify the e-mail page, which which simply can

47
00:03:35,080 --> 00:03:37,270
lead to a defacing of the webpage.

48
00:03:38,080 --> 00:03:44,720
So this is how JavaScript works in case of excesses in the next lecture.

49
00:03:44,830 --> 00:03:51,190
We are going to see some more about some more things about Java so we can see across at the scripting.