1
00:00:00,990 --> 00:00:01,840
Hello, everyone.

2
00:00:02,640 --> 00:00:11,790
So in this video, we are going to see one of the LFR one liability onto a live website site, so let's

3
00:00:11,790 --> 00:00:20,250
quickly see how we can identify a basic elfy onto any target and how can we exploit it.

4
00:00:20,940 --> 00:00:29,340
Remember these type of elfy when liabilities are generally categorized as a P1 and a P2 based on liability,

5
00:00:29,880 --> 00:00:34,080
which holds the severity of critical or higher.

6
00:00:34,770 --> 00:00:41,820
So in case you identify any elfy based on liabilities into any target, make sure you report it as soon

7
00:00:41,820 --> 00:00:46,830
as possible so the chances of getting duplicate becomes less.

8
00:00:49,170 --> 00:00:57,730
Let's see the practical and understand how you can identify LFA venerability into a life target, so

9
00:00:57,750 --> 00:01:04,170
far this what I have done is I'm going to choose this particular target, which is crown oficial, dot

10
00:01:04,170 --> 00:01:04,440
com.

11
00:01:04,980 --> 00:01:11,940
So once I went to this website, what I'm going to do is I have started my website as well, and I have

12
00:01:11,940 --> 00:01:13,860
already called the audience.

13
00:01:14,370 --> 00:01:16,890
And you can see here are all the audience.

14
00:01:17,190 --> 00:01:18,940
Now, let me start it again.

15
00:01:19,440 --> 00:01:26,250
So what I'm going to do is first I'm going to reload the Stargate so that I can get the you all into

16
00:01:26,250 --> 00:01:26,740
my box.

17
00:01:26,780 --> 00:01:29,630
But now I'm going to utilize this.

18
00:01:29,640 --> 00:01:33,630
So I'm going to send it to repeater and turn this off.

19
00:01:34,230 --> 00:01:34,670
All right.

20
00:01:34,680 --> 00:01:41,850
So I have the request into my box, you know, and you can see this is how the request looks like and

21
00:01:41,850 --> 00:01:42,820
this is the response.

22
00:01:43,510 --> 00:01:51,360
Now, one of the spider crawls that you all saw in Bob's Your Community audition for 20/20, there is

23
00:01:51,360 --> 00:01:56,910
a passive crawler, which means you have to manually go to each audience and it will automatically bring

24
00:01:56,910 --> 00:01:58,440
those Yarl's into Bob's suit.

25
00:01:59,250 --> 00:02:05,650
Or else if you are on to Bob's youth community at one point explosion, then you can run a spider,

26
00:02:05,940 --> 00:02:08,730
which will automatically spider all the yards for you.

27
00:02:09,780 --> 00:02:17,790
So right now I'm into boxcutters in 2020, so I have already called the audience by going on each length,

28
00:02:17,790 --> 00:02:18,360
one by one.

29
00:02:18,780 --> 00:02:20,970
And let me just show you, how does it looks like.

30
00:02:21,720 --> 00:02:29,340
So you can see over here, these are all the audience which I was able to passively crawl and bring

31
00:02:29,340 --> 00:02:29,940
to bear.

32
00:02:30,870 --> 00:02:32,130
Now, let's do one thing.

33
00:02:32,130 --> 00:02:37,500
Let's take one of the model, which is let's say page equals to contact DOT.

34
00:02:38,850 --> 00:02:40,470
And let me send this to the Peter.

35
00:02:41,580 --> 00:02:47,940
As you can see, I have this URL and the get request in my repeated up and I hit send and see I'm getting

36
00:02:47,940 --> 00:02:51,240
a response for the contact dot BHP.

37
00:02:51,930 --> 00:02:58,440
Now what if I say instead of contact dot BHP slash ATC slash bus W.T..

38
00:02:59,100 --> 00:03:02,340
For those of you who do not know what is E, it is a possibility.

39
00:03:02,760 --> 00:03:10,320
So this past a bloody file represents the number of users into any Linux based system.

40
00:03:10,740 --> 00:03:12,510
Let me show in my computer.

41
00:03:15,640 --> 00:03:24,700
As you can see over here, if I try to get it, possibly you will be able to see all the users that

42
00:03:24,700 --> 00:03:27,250
belong to this specific computer.

43
00:03:27,280 --> 00:03:34,330
So these are all the users that are running into this specific system.

44
00:03:35,710 --> 00:03:36,220
All right.

45
00:03:36,220 --> 00:03:42,370
So now what we are going to do is we are going to see the ADC slash past a bloody file and let's see

46
00:03:42,370 --> 00:03:46,570
if we are able to see the users for the current official dot com server.

47
00:03:47,050 --> 00:03:48,120
Let me hit send.

48
00:03:48,550 --> 00:03:53,830
Let's see the response, if any, where we get the pass W.T. fight.

49
00:03:54,220 --> 00:03:59,350
And you can see over here, the past of fight has successfully loaded.

50
00:04:01,000 --> 00:04:07,330
And we can see there is a root user and there is the current official dot com, one more user which

51
00:04:07,330 --> 00:04:08,240
has been created.

52
00:04:08,890 --> 00:04:17,380
Now, let's see, the shadow file is hit send and let's see if we are able to see the password for any

53
00:04:17,380 --> 00:04:18,940
of the users that are being created.

54
00:04:19,570 --> 00:04:23,440
And you can see we are able to see the passwords as well.

55
00:04:23,770 --> 00:04:29,950
As you can see, these are all the default users, which is staff guest, SSL, admin database, etc..

56
00:04:30,850 --> 00:04:32,640
So this is it for this video.

57
00:04:32,740 --> 00:04:39,970
I hope you guys understood how you can do a basic elfy onto any target by just including the payload,

58
00:04:39,970 --> 00:04:47,650
which is slash ATC slash pastor or slash ADC slash shadow in one of the injection points.

59
00:04:48,040 --> 00:04:48,550
Thank you.