1
00:00:00,330 --> 00:00:01,350
So hi, everyone, how are you?

2
00:00:01,470 --> 00:00:03,560
I hope you guys are doing absolutely fine, instinct's it.

3
00:00:03,990 --> 00:00:07,860
So guys, in this lecture, we are going to talk about what is local fighting pollution.

4
00:00:07,920 --> 00:00:12,600
So before learning it first, we need to understand what is fighting pollution to fight.

5
00:00:12,600 --> 00:00:16,710
Inclusion is very important to understand before understanding the local fighting pollutants, knowledge

6
00:00:16,710 --> 00:00:18,690
to understand what is fighting pollution.

7
00:00:19,500 --> 00:00:21,230
So fighting pollution, winnability.

8
00:00:21,600 --> 00:00:28,170
So this is the kind of winnability that allows an attacker to reach sensitive information or an arbitrary

9
00:00:28,170 --> 00:00:28,740
command.

10
00:00:28,800 --> 00:00:35,860
Using the files is stored on the Web server or using the files that are posted on attacks Muzzin.

11
00:00:36,420 --> 00:00:43,140
So this vulnerability exists mainly because of the poorly written code in the Web application and if

12
00:00:43,140 --> 00:00:49,950
not taken seriously, a file includes an exploit can simply compromise the entire server by granting

13
00:00:49,950 --> 00:00:52,290
full access to the attacker.

14
00:00:52,620 --> 00:00:56,130
So this is how it how dangerous it is actually.

15
00:00:56,580 --> 00:00:59,250
So this is the basic overview of filing glutens.

16
00:00:59,250 --> 00:01:04,860
So, guys, now let's see what is local file, including the winnability that we are going to exploit

17
00:01:04,860 --> 00:01:06,090
in this particular lecture.

18
00:01:07,020 --> 00:01:12,750
So local filing inclusion is one of the well, we can see one of the type of filing the winnability

19
00:01:12,960 --> 00:01:19,770
that allows the attacker to use the vulnerable file stored in a Web server to his or her own advantage.

20
00:01:20,130 --> 00:01:26,280
So Web server uses different files to execute different functions on a website based on the requirements

21
00:01:26,280 --> 00:01:27,180
of the user's.

22
00:01:27,570 --> 00:01:32,700
Suppose if you talk about, for example, like if you want to download something from the website that

23
00:01:32,700 --> 00:01:39,010
the Web server will call the function, that will simply lead to the download page and that will allow

24
00:01:39,010 --> 00:01:40,060
you download the data.

25
00:01:40,350 --> 00:01:43,320
So when you see any kind of you are like downloading.

26
00:01:43,320 --> 00:01:49,200
So you will see at the end you will find like a page is equal to like.

27
00:01:51,370 --> 00:01:52,180
Download.

28
00:01:54,880 --> 00:02:01,720
So this is this is the way it looks like when you try to download it, so using local file, including

29
00:02:01,720 --> 00:02:06,780
winnability, so the attacker tampers the United Parramatta's you can see it, we are tampering here.

30
00:02:07,060 --> 00:02:11,930
So you are a barometer to send a different data to the Web server to simply execute.

31
00:02:12,310 --> 00:02:18,160
So instead of downloading the data that I could out to execute different functions, to get other sensitive

32
00:02:18,160 --> 00:02:19,410
data from the website.

33
00:02:20,140 --> 00:02:25,990
So in this particular lecture, we are going to what we are going to do here is we are going to simply

34
00:02:25,990 --> 00:02:33,830
use that to try to get the content of ETEK password file that will be stored inside this Web server.

35
00:02:34,330 --> 00:02:39,350
So don't worry if this is not clear to you at that at this particular moment.

36
00:02:39,370 --> 00:02:44,760
So for the in this particular period, we are going to decode each and everything.

37
00:02:44,770 --> 00:02:45,340
So don't worry.

38
00:02:46,000 --> 00:02:52,100
So first of all, what we need to do here is we need to simply jeno security to law.

39
00:02:52,750 --> 00:02:53,790
Yes, it isn't law.

40
00:02:54,250 --> 00:02:58,900
So when you get inside the file inclusion, which you will find here, you will see there is nothing

41
00:02:58,900 --> 00:02:59,440
to enter.

42
00:02:59,800 --> 00:03:04,230
So what we need to do here is, as I told you earlier, that we are going to get the file.

43
00:03:04,330 --> 00:03:06,110
We are going to attack on the U.S. system.

44
00:03:06,400 --> 00:03:08,230
So now let's understand it.

45
00:03:08,350 --> 00:03:09,290
So what is this?

46
00:03:09,310 --> 00:03:10,430
So this is the file.

47
00:03:10,900 --> 00:03:12,880
This is the link, actually, Urin.

48
00:03:13,060 --> 00:03:15,360
And this is the file which is included.

49
00:03:16,060 --> 00:03:20,230
So the piece that we are seeing here, this is because of include DOT.

50
00:03:21,070 --> 00:03:22,780
And this is what it is doing.

51
00:03:22,780 --> 00:03:26,160
It is simply requesting passage equal to include not BHB.

52
00:03:26,170 --> 00:03:27,140
That is where the swinger's.

53
00:03:27,460 --> 00:03:28,300
So now let's see.

54
00:03:28,300 --> 00:03:35,140
What I'm going to do here is let's see this pages here inside this or not.

55
00:03:35,290 --> 00:03:36,530
So when you hit enter.

56
00:03:37,000 --> 00:03:37,530
OK.

57
00:03:38,770 --> 00:03:40,000
It is doing nothing here.

58
00:03:41,050 --> 00:03:48,120
OK, let's go back and what the next time that we can do here is let's try to.

59
00:03:51,450 --> 00:03:56,290
See, OK, let's try to see what what this thing is here.

60
00:03:56,820 --> 00:04:00,300
So when you analyze this, you will find this is included.

61
00:04:01,410 --> 00:04:06,540
This is the directory fee F.I. and this is one one more data, which is vulnerability.

62
00:04:06,750 --> 00:04:07,830
And this is developed.

63
00:04:08,370 --> 00:04:11,300
David Eluay, I noticed you'll find many directress.

64
00:04:11,550 --> 00:04:19,770
OK, so now let's get back to a terminal and let's see how we can see why we are why we want to see

65
00:04:19,770 --> 00:04:21,860
the LDC password file.

66
00:04:22,350 --> 00:04:27,750
We want to see it a password file because let's see how to open this file.

67
00:04:27,760 --> 00:04:37,800
Is it easy as W.T. So when you zoom it out, you will see this file contains all the users on this particular

68
00:04:37,800 --> 00:04:38,530
Web server?

69
00:04:38,850 --> 00:04:40,290
Okay, so these are the part.

70
00:04:40,920 --> 00:04:45,060
So when you scroll it up or down, you will find numbers of user it.

71
00:04:45,900 --> 00:04:51,390
So the intention of getting this file from this Web server is to know about the user and the bot.

72
00:04:51,390 --> 00:04:58,110
So from these bots, you will find lots of you'll find lots and lots of juicy data.

73
00:04:58,530 --> 00:05:04,230
OK, so now let's find out how we can get this particular file using the Suara.

74
00:05:04,260 --> 00:05:05,310
So now let's first.

75
00:05:06,460 --> 00:05:11,410
I'll rephrase this, I'm not referencing, as you can see, that this is a barometer beach barometer

76
00:05:11,410 --> 00:05:12,340
and here it is.

77
00:05:13,360 --> 00:05:15,650
What it is giving it to is using gateways.

78
00:05:16,080 --> 00:05:23,320
So now next thing that I'm going to do here is so let's analyze this particular thing, OK?

79
00:05:23,740 --> 00:05:24,640
Where is my.

80
00:05:26,300 --> 00:05:27,680
You open this again.

81
00:05:29,820 --> 00:05:30,800
Do you see?

82
00:05:32,380 --> 00:05:34,070
Past the bloody incident.

83
00:05:34,150 --> 00:05:40,190
So when you see here what we are having, so we are having this particular thing, which is far OK.

84
00:05:40,600 --> 00:05:45,430
So when you see this link, what you will find this is one directly one.

85
00:05:45,700 --> 00:05:48,130
This is directed to this history.

86
00:05:48,370 --> 00:05:52,270
And after this, we'll be having war and then of we are having one more day.

87
00:05:52,750 --> 00:05:55,100
So totally we are having Phidippides here.

88
00:05:55,360 --> 00:06:01,720
So what we need to do here is we need to get back to all of these territories and then we can XOL of

89
00:06:01,720 --> 00:06:04,770
all of that, that we can simply explore the fight.

90
00:06:04,990 --> 00:06:06,030
So how you can do that.

91
00:06:06,040 --> 00:06:10,220
So as we all know, for Linux for getting back, we need this particular symbol.

92
00:06:10,240 --> 00:06:11,320
Let me zoom it.

93
00:06:12,470 --> 00:06:13,170
Okay.

94
00:06:13,180 --> 00:06:13,780
Okay, okay.

95
00:06:13,780 --> 00:06:14,140
Okay.

96
00:06:16,200 --> 00:06:19,900
We'll be using this particular thing, Dot.

97
00:06:23,380 --> 00:06:29,680
Five, 10, oh, three to five, let's try to do sometimes take seven.

98
00:06:31,240 --> 00:06:36,700
Knowledge should enter so often that and you will find we are managed to get inside this file and this

99
00:06:36,700 --> 00:06:40,170
is the content of this particular that we have seen in this particular shell.

100
00:06:40,450 --> 00:06:42,580
So this is the same content that we are having here.

101
00:06:42,610 --> 00:06:45,690
So this is how how dangerous it is.

102
00:06:45,700 --> 00:06:51,640
You can simply use the warrant and you will get the file access and you you will wish you can see what

103
00:06:51,640 --> 00:06:56,960
is inside it and what the content that that this particular file contains inside it.

104
00:06:57,250 --> 00:07:02,940
So that is why it is very important to fix the file includes a winnability.

105
00:07:03,250 --> 00:07:03,750
Well, Gigha.

106
00:07:03,810 --> 00:07:07,300
So this is how you can exploit it in low settings.

107
00:07:07,540 --> 00:07:12,850
OK, so before getting to the medium one, first of all, we need to see the source code so that we

108
00:07:12,850 --> 00:07:18,600
can see is there any perimetral also, as you can see, there is nothing like which is filtering anything.

109
00:07:18,760 --> 00:07:22,120
So you can use simply these things as you can see that it's nothing like that.

110
00:07:22,340 --> 00:07:28,490
OK, so now let's simply dominated and now let's try for the medium one, OK?

111
00:07:28,750 --> 00:07:40,100
So when you genzel security to medium one, OK, let's make it medium and let's see the source, ok.

112
00:07:40,120 --> 00:07:41,080
There is no source.

113
00:07:41,080 --> 00:07:44,440
We need to get inside filing inclusion and when you see the source.

114
00:07:45,430 --> 00:07:50,440
OK, so when you see the source, what it is doing here.

115
00:07:51,010 --> 00:07:52,030
This is for Louann.

116
00:07:52,420 --> 00:07:53,140
I want.

117
00:07:55,250 --> 00:08:02,160
For the I think security is low, will it change to medium now, medium?

118
00:08:02,180 --> 00:08:06,810
Now get back to fighting close and let's call it down and let's see the.

119
00:08:08,440 --> 00:08:09,360
So Norgay's.

120
00:08:10,590 --> 00:08:13,860
If you see this particular thing, what it is doing here.

121
00:08:14,690 --> 00:08:15,710
What it is doing here.

122
00:08:16,070 --> 00:08:21,770
So what it is doing here is when you see this particular function, which is still Ripley's, it is

123
00:08:21,770 --> 00:08:25,580
simply replacing these particular things into the blank spaces.

124
00:08:25,990 --> 00:08:26,570
Okay, guys.

125
00:08:26,600 --> 00:08:32,020
So as you can see this particular thing into the spaces, blank spaces.

126
00:08:32,030 --> 00:08:34,970
So this is simply filtering something.

127
00:08:35,000 --> 00:08:39,290
So now let's try to exploit some seeing winnability.

128
00:08:39,920 --> 00:08:43,590
I want to get the same file using some other part window.

129
00:08:44,180 --> 00:08:46,670
OK, let me erase it.

130
00:08:47,000 --> 00:08:52,670
And then what I can try here, as you know, that this is what it is doing.

131
00:08:52,940 --> 00:08:57,840
This is the these are simply when you don't.

132
00:08:57,850 --> 00:09:01,440
But as you can see, we are managed to get inside this particular file.

133
00:09:01,820 --> 00:09:03,330
So the what is the thing here?

134
00:09:03,680 --> 00:09:05,870
So the thing here is when you.

135
00:09:09,820 --> 00:09:13,040
When you see this, this is the fight that we have here.

136
00:09:13,420 --> 00:09:19,270
So the thing here is when you see this, what they are doing here, they are filtering these spaces

137
00:09:19,420 --> 00:09:22,360
that that in our case, we are having thoughts.

138
00:09:22,600 --> 00:09:26,320
So these are simply we can say.

139
00:09:27,670 --> 00:09:33,130
As you can see, what it is doing, the simply filtering the spaces, but in this case, we don't have

140
00:09:33,130 --> 00:09:33,890
any space.

141
00:09:33,890 --> 00:09:38,960
So if you want to use the single one, you can also using the money will get the file access.

142
00:09:39,030 --> 00:09:44,320
OK, so this is how you can exploit it using the medium settings.

143
00:09:44,740 --> 00:09:47,350
OK, so this is how you can do with the medium settings.

144
00:09:47,360 --> 00:09:56,530
So if you talk about like this security height, so as we all know that this is just like impossible

145
00:09:56,530 --> 00:09:57,330
to exploit this.

146
00:09:57,850 --> 00:09:59,970
So when you try the same thing with this.

147
00:09:59,980 --> 00:10:03,820
So let me do this like Etsy.

148
00:10:05,800 --> 00:10:09,470
Blood it into somebody's head and as you can see, the file not found.

149
00:10:09,500 --> 00:10:15,750
So let's get it gets back and let's see the view source and let's analyze what it is doing here.

150
00:10:16,580 --> 00:10:18,550
So guess what it is doing here.

151
00:10:19,490 --> 00:10:27,740
And when you see this so when you change the difficulty to high and try to exploit from the medium difficulty

152
00:10:27,740 --> 00:10:31,520
and you will notice some, there is nothing working.

153
00:10:31,880 --> 00:10:34,010
So surely the target is more secure.

154
00:10:34,490 --> 00:10:43,340
So as it is only accepting, as you can see here, include DOT, BHB or input, starting with the word

155
00:10:43,520 --> 00:10:44,090
white.

156
00:10:45,040 --> 00:10:51,580
OK, so what it is doing, it is only accepting this particular thing, so if you try to if you try

157
00:10:51,580 --> 00:10:54,020
to inject anything else, it will sue you at it.

158
00:10:54,730 --> 00:11:02,260
OK, so this is how you can secure your website using these parameters, using these kind of filtering

159
00:11:02,260 --> 00:11:06,000
so that no one can exploit your local filing bluesier.

160
00:11:06,280 --> 00:11:08,500
So this is all for you all for this lecture.

161
00:11:08,920 --> 00:11:10,000
I hope you understand this.

162
00:11:10,000 --> 00:11:11,250
And thank you for in this lecture.