1
00:00:01,240 --> 00:00:06,180
So let's quickly jump onto the first technique, which is a squirrel shell.

2
00:00:06,820 --> 00:00:12,820
Now for this, we are going to run a squirrel map and we are going to execute the command.

3
00:00:14,300 --> 00:00:20,100
And we are going to execute the command, which has been shown below, which is Bitan Eskild murdered

4
00:00:20,150 --> 00:00:21,470
by Hyphen U.

5
00:00:21,800 --> 00:00:22,940
Which stands for the YOU.

6
00:00:23,360 --> 00:00:28,360
We are going to give the order, the custom indication point or the indication marker.

7
00:00:28,970 --> 00:00:37,440
And then we are going to give the Schuylkill using the command hyphen, hyphen Ezekial hyphen Shell.

8
00:00:38,090 --> 00:00:38,570
All right.

9
00:00:39,260 --> 00:00:44,500
Let's move ahead to the practical time and let's see how can we execute this.

10
00:00:45,050 --> 00:00:51,890
So we are going to perform this on to a life target of Dutch government and let's see if we are able

11
00:00:51,890 --> 00:00:53,830
to get the Escorial shell.

12
00:00:54,410 --> 00:00:58,480
So in this video, you can see or hear the command that I have already given.

13
00:00:58,490 --> 00:00:59,870
And this is our target.

14
00:01:00,170 --> 00:01:03,470
I have already identified this target to be vulnerable.

15
00:01:03,680 --> 00:01:07,610
And you can see I have added a star at the parameter, which is idee.

16
00:01:08,840 --> 00:01:15,200
Badge means I'm going to execute all the command, so I want a school map to take all the decisions

17
00:01:15,530 --> 00:01:20,540
and do not prompt for yes or no, I want to do banner grabbing as well.

18
00:01:20,570 --> 00:01:26,840
That's why I have written banner and I have written hyphenation, always hyphenation and hyphen Ezekial,

19
00:01:26,840 --> 00:01:27,980
hyphen Sharelle as well.

20
00:01:28,280 --> 00:01:33,290
So if I can get away with level or if I can get a skill level.

21
00:01:34,500 --> 00:01:41,430
So let's see which shall do we get into this target of application so we just need to hit ended and

22
00:01:41,430 --> 00:01:44,520
you can see Eskil map has successfully started.

23
00:01:45,350 --> 00:01:52,340
And you can see we are able to successfully get the shell at the bottom of the screen over here, the

24
00:01:52,340 --> 00:01:59,510
back end DBMS is minuscule fetching the banner and you can see this is the output because of the command

25
00:01:59,510 --> 00:02:02,620
that we executed, which was Hyphenation Bandit.

26
00:02:02,930 --> 00:02:08,240
And we have grabbed the technology that has been used onto the target of the Observer.

27
00:02:08,870 --> 00:02:12,200
So we can see it uses the operating system as Linux.

28
00:02:12,620 --> 00:02:19,820
The webapp technology is engineers and Plaschke the back and DBMS is my skill greater than equal to

29
00:02:19,820 --> 00:02:20,820
5.0.

30
00:02:21,860 --> 00:02:28,690
We are not interested in to the banner that we have grabbed what we are much more interested in my skill

31
00:02:28,700 --> 00:02:36,240
shell and let's see if we are able to execute any commands onto the shell of the server of the database.

32
00:02:36,800 --> 00:02:43,850
So I have written very simple three basic queries that I'm going to perform not to harm the target of

33
00:02:43,890 --> 00:02:45,040
application server.

34
00:02:45,560 --> 00:02:49,310
You can execute as many as commands you want onto the target server.

35
00:02:49,520 --> 00:02:57,230
But keep in mind, we are not going to update, delete or modify or alter with any data into the database.

36
00:02:58,530 --> 00:03:05,250
So first, let's quickly ran this command in which we're going to tape select three Grasstree from dual.

37
00:03:06,330 --> 00:03:12,200
Is there is a spelling mistake from Dee, I have added a deal with you, so which is a spell error,

38
00:03:12,210 --> 00:03:15,440
so let's fix that and execute it again.

39
00:03:15,660 --> 00:03:18,270
And we are going to see the output of three.

40
00:03:18,270 --> 00:03:25,500
Grasstree, which we are going to get, is nine and against, which means that we are able to execute

41
00:03:25,500 --> 00:03:27,680
our query onto onto the server.

42
00:03:29,390 --> 00:03:35,900
Now we are going to execute these commands, which is select staff from Project Stable or select staff

43
00:03:35,900 --> 00:03:36,970
from users.

44
00:03:37,730 --> 00:03:42,300
So let's quickly execute this command and wait for this to execute.

45
00:03:42,740 --> 00:03:47,930
As you can see, fetching current database, fetching columns from the table users into the database

46
00:03:47,930 --> 00:03:57,650
Albatros and completed it did not return any output because there is no such people with the name users.

47
00:03:58,100 --> 00:04:02,270
So this was we got nothing because there was no such deal.

48
00:04:02,420 --> 00:04:08,840
But I know that this database contains a table which is projects, so I'm going to change it to projects

49
00:04:08,840 --> 00:04:09,760
and it ended.

50
00:04:10,100 --> 00:04:15,440
And you can see they successfully started retrieving the database from the table projects.

51
00:04:16,310 --> 00:04:22,960
So this way it is going to show you or dump all the data from the table projects.

52
00:04:23,300 --> 00:04:30,350
So I hope you guys understood how we are able to get the Eskil Shell onto the target of Observer and

53
00:04:30,350 --> 00:04:32,790
we are able to execute our commands.

54
00:04:33,290 --> 00:04:39,830
Now, keep in mind, whenever you are doing testing or bug bounty hunting and you get the skill level

55
00:04:39,830 --> 00:04:47,510
access or the access to any target application, I would highly recommend not to execute any malicious

56
00:04:47,510 --> 00:04:53,840
query or command over there to update, delete or modify any content onto the server.

57
00:04:54,980 --> 00:05:02,150
Obviously, if you have got the will shell, it is going to increase the impact and target organization

58
00:05:02,150 --> 00:05:09,230
will automatically understand it, but you should not execute any harmful command and just a very basic

59
00:05:09,230 --> 00:05:13,580
command to explain what is the shell excess.

60
00:05:14,120 --> 00:05:15,410
So I hope you guys understood.

61
00:05:15,440 --> 00:05:16,010
Thank you.