1 00:00:00,360 --> 00:00:05,700 And the session will be talking about detecting vulnerable SBP methods. 2 00:00:06,360 --> 00:00:10,080 Now this from this onwards, we are going very, very practical. 3 00:00:10,260 --> 00:00:16,320 OK, so whatever we are talking about, this is all about finding out the vulnerabilities, warning, 4 00:00:16,360 --> 00:00:23,190 not finding out the real world vulnerabilities that some of them would be, you know, some of them 5 00:00:23,190 --> 00:00:30,240 would be legacy or data, but they are still effective because at the end, you never know, you know, 6 00:00:30,540 --> 00:00:35,580 even if organization or large enterprises still have outdated system. 7 00:00:35,970 --> 00:00:43,860 And you just being a penetration tester, you just need one weak point, you know, and that's the reason 8 00:00:43,860 --> 00:00:44,670 you shouldn't know. 9 00:00:44,670 --> 00:00:51,660 All the all the points that are very, very important will be starting with starting with some basic 10 00:00:52,680 --> 00:00:55,230 vulnerability and finding the technique. 11 00:00:55,230 --> 00:01:02,280 And then we'll go to some advanced technique as well from skill injection, finding out the skill injection 12 00:01:02,280 --> 00:01:08,580 to finding out some juicy funds, or finding out some crosseyed scripting vulnerability as well. 13 00:01:09,330 --> 00:01:17,760 So this is what we're you know, even even by just by finding the exact methods, you can even find 14 00:01:17,760 --> 00:01:23,880 out, you know, cross site tracing is what this is, again, a very crucial attack. 15 00:01:24,060 --> 00:01:29,050 Well, and you finding out this kind of a vulnerability can be very, very effective as well. 16 00:01:29,520 --> 00:01:36,630 So without taking much time, let's jump into it, go to the, you know, and map. 17 00:01:36,630 --> 00:01:44,310 And what we are trying to understand is if we have a target as as Web application and if we get to know 18 00:01:44,310 --> 00:01:52,740 what all methods are supported by the server, it becomes an easy job for us to talk about. 19 00:01:52,750 --> 00:01:58,740 And we all know there are multiple methods used by the EDP. 20 00:01:58,740 --> 00:02:02,900 And once your three way handshake we talked about earlier. 21 00:02:02,910 --> 00:02:11,550 Right, the three way handshake on the DCP and once that has been accomplished, then the EDP handshake 22 00:02:11,560 --> 00:02:12,930 has to messages. 23 00:02:12,930 --> 00:02:15,090 I would say it basically starts. 24 00:02:15,510 --> 00:02:22,350 So the client first send the message and this message is basically sent to a specific you are to get 25 00:02:22,350 --> 00:02:23,650 the information about it. 26 00:02:24,000 --> 00:02:32,310 So when you when you look at any message, you know, and that says, uh, that says, you know, get 27 00:02:32,310 --> 00:02:41,180 on the tip method, that basically trying to get all the content on that specific what I so maybe it's 28 00:02:41,190 --> 00:02:44,570 CNN dot com slash breaking news. 29 00:02:44,580 --> 00:02:51,590 So that's the you what I you type on your browser and that's basically the message sent from your browser. 30 00:02:52,050 --> 00:02:58,160 There are some post message which is used to upload and you know many more as well, like delete, but 31 00:02:58,560 --> 00:02:59,510 please connect. 32 00:03:00,210 --> 00:03:06,660 Now what we are trying to accomplish is we are trying to understand what are the different methods supported 33 00:03:06,660 --> 00:03:07,710 on a typing machine. 34 00:03:07,710 --> 00:03:14,580 And if we there are some vulnerable, there are some, you know, risky methods as well, which are 35 00:03:14,580 --> 00:03:18,180 not supposed to be open on the public facing server. 36 00:03:18,180 --> 00:03:23,910 If we get those, it would be easy for us to, you know, compromise that application server. 37 00:03:24,330 --> 00:03:25,970 Now, let's started this way. 38 00:03:26,010 --> 00:03:33,180 If you just get the get Borst and options method, it would be easy enough. 39 00:03:33,180 --> 00:03:35,160 That's just the normal application. 40 00:03:35,430 --> 00:03:42,560 That's where it would be difficult to compromise our probably to hack the entire website. 41 00:03:43,020 --> 00:03:52,320 But if you get, you know, methods like dress, connect, put, delete, these are something which 42 00:03:52,320 --> 00:04:01,240 are more risky methods which out of the even interest is something which can be used for crowd cross 43 00:04:01,260 --> 00:04:08,540 sites tracing as well, which can be very, very helpful and makes the penetration job pretty much easier. 44 00:04:08,760 --> 00:04:15,900 Now, let's make good use of it, because first try to find if if we have, what are the methods available? 45 00:04:15,900 --> 00:04:16,860 So let's. 46 00:04:19,450 --> 00:04:29,200 Do it and map minus B and let's scan for both Ed and 443 for SCDP initiatives and then let's make use 47 00:04:29,200 --> 00:04:33,640 of a script that might hyphen hyphen script. 48 00:04:34,030 --> 00:04:39,610 And the script name is as Deep Methods and our target machine. 49 00:04:40,810 --> 00:04:42,010 It's that easy, right? 50 00:04:42,340 --> 00:04:43,120 So the board. 51 00:04:43,360 --> 00:04:44,020 What board? 52 00:04:44,020 --> 00:04:47,770 We are trying to talk about it for four to three. 53 00:04:48,250 --> 00:04:50,490 The script name is SDP Methods. 54 00:04:50,830 --> 00:04:58,150 The purpose is to get the all you know, all the board supported by the DOGOOD machine you press enter. 55 00:04:58,510 --> 00:04:59,490 It's pretty quick. 56 00:04:59,530 --> 00:05:05,770 You get to know the and methods are this get had post options. 57 00:05:06,640 --> 00:05:09,810 That's pretty specific right now. 58 00:05:09,820 --> 00:05:14,480 The study methods on a target machine. 59 00:05:14,620 --> 00:05:20,980 This will help you to understand what methods are available so that you can plan your penetration test 60 00:05:20,980 --> 00:05:21,660 accordingly. 61 00:05:22,030 --> 00:05:27,620 If you get some more vulnerable methods, that makes your job pretty easy and quick as well. 62 00:05:28,450 --> 00:05:29,650 I hope you like the video. 63 00:05:29,650 --> 00:05:30,840 We'll get you in the next one.