1 00:00:00,090 --> 00:00:01,590 All right, so welcome back, everyone. 2 00:00:01,620 --> 00:00:07,300 The seriousness and the search is again on reflected excuses about why. 3 00:00:08,070 --> 00:00:15,240 Well, because I understand this is not a straightforward topic, to be very honest. 4 00:00:15,240 --> 00:00:21,480 You find a lot of content on the Internet, but you won't be able to correlate it on very first glance. 5 00:00:21,480 --> 00:00:21,720 Right. 6 00:00:22,170 --> 00:00:28,890 So I'll be putting some more strength on some of these, you know, the specific this topic, because 7 00:00:28,890 --> 00:00:33,490 if you understand this, it would be easier for you to understand the story as well. 8 00:00:33,510 --> 00:00:33,780 Right. 9 00:00:34,650 --> 00:00:35,790 So let's get started. 10 00:00:36,630 --> 00:00:43,440 We'll take the same example, but we'll be going a bit deeper into it to understand what exactly behind 11 00:00:43,440 --> 00:00:45,150 the scenes story is. 12 00:00:45,460 --> 00:00:46,440 Same example. 13 00:00:46,620 --> 00:00:47,730 They have a factor. 14 00:00:47,820 --> 00:00:50,170 We have a hacker and the victim as well. 15 00:00:50,790 --> 00:00:56,130 And of course, the hacker has in the in the our example hackers send an email. 16 00:00:56,570 --> 00:00:58,980 The e-mail was having a link. 17 00:00:59,730 --> 00:01:01,430 And that's where the story starts. 18 00:01:01,830 --> 00:01:06,500 I won't want you to visualize what how exactly the e-mail really looks like. 19 00:01:07,260 --> 00:01:16,530 So let's say an example of maybe, you know, maybe e-mail says there's a product and worth of maybe 20 00:01:17,010 --> 00:01:18,060 maybe ten thousand. 21 00:01:18,060 --> 00:01:26,100 And by the way, we have you know, we are giving some freebies and all that stuff by right away. 22 00:01:26,100 --> 00:01:27,330 And this is the line. 23 00:01:27,330 --> 00:01:30,960 Click here all for ending in the next 30 minutes. 24 00:01:31,090 --> 00:01:41,600 You just you would just be mom, you you know, if the user get if you use it, really get compromised 25 00:01:41,610 --> 00:01:44,700 by looking at the e-mail, he would probably click on the e-mail. 26 00:01:44,700 --> 00:01:45,020 Right. 27 00:01:45,960 --> 00:01:54,030 And that's e-mail when you hold the your e-mail cursor, I mean, your Moscoso there, you will probably 28 00:01:54,030 --> 00:02:00,360 get to see that link on the dot on the extreme bottom of your browser. 29 00:02:00,360 --> 00:02:03,480 Or probably you can copy the link as well by right. 30 00:02:03,480 --> 00:02:04,070 Click on it. 31 00:02:04,500 --> 00:02:06,240 This is how it really looks like. 32 00:02:06,960 --> 00:02:13,210 You get the browser and you get the website address and there is a question mark and that's basically 33 00:02:13,210 --> 00:02:14,090 the search query. 34 00:02:14,640 --> 00:02:18,270 Now, this is the Dallas script called JavaScript Code. 35 00:02:18,270 --> 00:02:20,580 It can be mean as the malicious code as well. 36 00:02:21,060 --> 00:02:27,090 Maybe by redirecting or have many, many purpose in the same script code, we can have any other activity 37 00:02:27,090 --> 00:02:29,930 or many other malicious activity could be done as well. 38 00:02:30,240 --> 00:02:32,230 And it could be pretty longer, too. 39 00:02:33,030 --> 00:02:41,130 So let's imagine it's a really malicious code and what's going to happen next as it is belonging to 40 00:02:41,130 --> 00:02:42,900 the CTP website. 41 00:02:43,350 --> 00:02:44,990 And there's a code as well. 42 00:02:45,000 --> 00:02:51,630 But first task is to root for if the user click on it, it should be user should get redirected to a 43 00:02:51,630 --> 00:02:52,120 website. 44 00:02:52,620 --> 00:02:54,570 Right user just click on it. 45 00:02:54,720 --> 00:02:57,090 It should get redirected to a Web site. 46 00:02:57,480 --> 00:03:03,810 And of course, this site as an example, dot com and which is already vulnerable. 47 00:03:03,990 --> 00:03:09,390 What I mean to say when I say vulnerable is because if you remember, if you're following me correctly, 48 00:03:09,840 --> 00:03:13,620 the output sanitisation is not really happening with this website. 49 00:03:13,920 --> 00:03:22,470 That means the website is not really looking at what really going outside of my of my arm, you know, 50 00:03:22,470 --> 00:03:24,570 outside of my interface, just maybe. 51 00:03:24,870 --> 00:03:29,290 So in that case, whatever the script, scapegoat the user, just click on it. 52 00:03:29,640 --> 00:03:35,370 The request as a part of the world goes to the website and there's a JavaScript code as well. 53 00:03:35,760 --> 00:03:41,220 If it is not really looking at the response side, what is really going out? 54 00:03:41,370 --> 00:03:46,050 The response will be the JavaScript code as it is. 55 00:03:46,200 --> 00:03:48,900 And this is what I'm really talking about. 56 00:03:49,470 --> 00:03:56,880 The as a part of the request, this goes to the vulnerable site example dot com that includes the JavaScript 57 00:03:57,360 --> 00:04:03,660 and website sends Dedalus script code as it is to the user vector machine. 58 00:04:04,080 --> 00:04:06,120 You can see it to see him go over there. 59 00:04:06,480 --> 00:04:14,070 And when this is being used by the Web browser, the client machine, web browser, maybe Chrome or 60 00:04:14,070 --> 00:04:18,720 any kind of Web browser on the machine and runs on it. 61 00:04:19,050 --> 00:04:23,310 And if it is malicious code in our case, yes, it is. 62 00:04:23,610 --> 00:04:31,800 And in that case it will send the request to the hacker machine and then a hacker can completely control 63 00:04:31,800 --> 00:04:34,380 the computer, the machine. 64 00:04:34,380 --> 00:04:38,270 And now you can see it is completely being compromised. 65 00:04:38,470 --> 00:04:38,900 Right. 66 00:04:39,390 --> 00:04:41,550 This is what I wanted to add. 67 00:04:41,820 --> 00:04:47,060 And the part of Reflected Xerces, I hope you like the session will catch you in the next one. 68 00:04:47,190 --> 00:04:47,670 Thank you.