1
00:00:00,360 --> 00:00:05,700
And the session will be talking about detecting vulnerable SBP methods.

2
00:00:06,360 --> 00:00:10,080
Now this from this onwards, we are going very, very practical.

3
00:00:10,260 --> 00:00:16,320
OK, so whatever we are talking about, this is all about finding out the vulnerabilities, warning,

4
00:00:16,360 --> 00:00:23,190
not finding out the real world vulnerabilities that some of them would be, you know, some of them

5
00:00:23,190 --> 00:00:30,240
would be legacy or data, but they are still effective because at the end, you never know, you know,

6
00:00:30,540 --> 00:00:35,580
even if organization or large enterprises still have outdated system.

7
00:00:35,970 --> 00:00:43,860
And you just being a penetration tester, you just need one weak point, you know, and that's the reason

8
00:00:43,860 --> 00:00:44,670
you shouldn't know.

9
00:00:44,670 --> 00:00:51,660
All the all the points that are very, very important will be starting with starting with some basic

10
00:00:52,680 --> 00:00:55,230
vulnerability and finding the technique.

11
00:00:55,230 --> 00:01:02,280
And then we'll go to some advanced technique as well from skill injection, finding out the skill injection

12
00:01:02,280 --> 00:01:08,580
to finding out some juicy funds, or finding out some crosseyed scripting vulnerability as well.

13
00:01:09,330 --> 00:01:17,760
So this is what we're you know, even even by just by finding the exact methods, you can even find

14
00:01:17,760 --> 00:01:23,880
out, you know, cross site tracing is what this is, again, a very crucial attack.

15
00:01:24,060 --> 00:01:29,050
Well, and you finding out this kind of a vulnerability can be very, very effective as well.

16
00:01:29,520 --> 00:01:36,630
So without taking much time, let's jump into it, go to the, you know, and map.

17
00:01:36,630 --> 00:01:44,310
And what we are trying to understand is if we have a target as as Web application and if we get to know

18
00:01:44,310 --> 00:01:52,740
what all methods are supported by the server, it becomes an easy job for us to talk about.

19
00:01:52,750 --> 00:01:58,740
And we all know there are multiple methods used by the EDP.

20
00:01:58,740 --> 00:02:02,900
And once your three way handshake we talked about earlier.

21
00:02:02,910 --> 00:02:11,550
Right, the three way handshake on the DCP and once that has been accomplished, then the EDP handshake

22
00:02:11,560 --> 00:02:12,930
has to messages.

23
00:02:12,930 --> 00:02:15,090
I would say it basically starts.

24
00:02:15,510 --> 00:02:22,350
So the client first send the message and this message is basically sent to a specific you are to get

25
00:02:22,350 --> 00:02:23,650
the information about it.

26
00:02:24,000 --> 00:02:32,310
So when you when you look at any message, you know, and that says, uh, that says, you know, get

27
00:02:32,310 --> 00:02:41,180
on the tip method, that basically trying to get all the content on that specific what I so maybe it's

28
00:02:41,190 --> 00:02:44,570
CNN dot com slash breaking news.

29
00:02:44,580 --> 00:02:51,590
So that's the you what I you type on your browser and that's basically the message sent from your browser.

30
00:02:52,050 --> 00:02:58,160
There are some post message which is used to upload and you know many more as well, like delete, but

31
00:02:58,560 --> 00:02:59,510
please connect.

32
00:03:00,210 --> 00:03:06,660
Now what we are trying to accomplish is we are trying to understand what are the different methods supported

33
00:03:06,660 --> 00:03:07,710
on a typing machine.

34
00:03:07,710 --> 00:03:14,580
And if we there are some vulnerable, there are some, you know, risky methods as well, which are

35
00:03:14,580 --> 00:03:18,180
not supposed to be open on the public facing server.

36
00:03:18,180 --> 00:03:23,910
If we get those, it would be easy for us to, you know, compromise that application server.

37
00:03:24,330 --> 00:03:25,970
Now, let's started this way.

38
00:03:26,010 --> 00:03:33,180
If you just get the get Borst and options method, it would be easy enough.

39
00:03:33,180 --> 00:03:35,160
That's just the normal application.

40
00:03:35,430 --> 00:03:42,560
That's where it would be difficult to compromise our probably to hack the entire website.

41
00:03:43,020 --> 00:03:52,320
But if you get, you know, methods like dress, connect, put, delete, these are something which

42
00:03:52,320 --> 00:04:01,240
are more risky methods which out of the even interest is something which can be used for crowd cross

43
00:04:01,260 --> 00:04:08,540
sites tracing as well, which can be very, very helpful and makes the penetration job pretty much easier.

44
00:04:08,760 --> 00:04:15,900
Now, let's make good use of it, because first try to find if if we have, what are the methods available?

45
00:04:15,900 --> 00:04:16,860
So let's.

46
00:04:19,450 --> 00:04:29,200
Do it and map minus B and let's scan for both Ed and 443 for SCDP initiatives and then let's make use

47
00:04:29,200 --> 00:04:33,640
of a script that might hyphen hyphen script.

48
00:04:34,030 --> 00:04:39,610
And the script name is as Deep Methods and our target machine.

49
00:04:40,810 --> 00:04:42,010
It's that easy, right?

50
00:04:42,340 --> 00:04:43,120
So the board.

51
00:04:43,360 --> 00:04:44,020
What board?

52
00:04:44,020 --> 00:04:47,770
We are trying to talk about it for four to three.

53
00:04:48,250 --> 00:04:50,490
The script name is SDP Methods.

54
00:04:50,830 --> 00:04:58,150
The purpose is to get the all you know, all the board supported by the DOGOOD machine you press enter.

55
00:04:58,510 --> 00:04:59,490
It's pretty quick.

56
00:04:59,530 --> 00:05:05,770
You get to know the and methods are this get had post options.

57
00:05:06,640 --> 00:05:09,810
That's pretty specific right now.

58
00:05:09,820 --> 00:05:14,480
The study methods on a target machine.

59
00:05:14,620 --> 00:05:20,980
This will help you to understand what methods are available so that you can plan your penetration test

60
00:05:20,980 --> 00:05:21,660
accordingly.

61
00:05:22,030 --> 00:05:27,620
If you get some more vulnerable methods, that makes your job pretty easy and quick as well.

62
00:05:28,450 --> 00:05:29,650
I hope you like the video.

63
00:05:29,650 --> 00:05:30,840
We'll get you in the next one.