1 00:00:00,720 --> 00:00:09,090 In this picture, we will be completing or Glenside software and we will be connecting to to our control 2 00:00:09,090 --> 00:00:09,540 panel. 3 00:00:11,190 --> 00:00:13,230 So let's start calling. 4 00:00:16,990 --> 00:00:27,250 For the first task, we need to create new variables for storing other URLs first you will be registered 5 00:00:27,260 --> 00:00:36,560 URL, which will be the registration page of our control panel, which is registered BHP. 6 00:00:39,790 --> 00:00:47,190 So for you, it will be a setpiece slash IP address of the particular machine, let's check it again. 7 00:00:49,130 --> 00:00:51,740 Or IP address is currently. 8 00:00:54,120 --> 00:01:01,600 Let's check it again by using IP space, a command, here's the IP address of the machine. 9 00:01:02,330 --> 00:01:09,660 We need to use this, so I need to change the last part of the IP address, which will be one hundred 10 00:01:09,660 --> 00:01:14,130 and forty five, and use this IP address in every URL. 11 00:01:14,460 --> 00:01:20,970 So or register your L will be registered at HP. 12 00:01:21,960 --> 00:01:24,840 And also we need to create another variable for. 13 00:01:29,090 --> 00:01:31,820 Get results page, which is here. 14 00:01:33,190 --> 00:01:35,980 So let's do it, we just get I would call it. 15 00:01:37,360 --> 00:01:49,860 Get results and the world will be a part of that machine slash get results that BHP. 16 00:01:53,320 --> 00:02:01,060 So what's next for the first step, we need to register the control panel before getting into the wire 17 00:02:01,060 --> 00:02:01,530 loop. 18 00:02:02,080 --> 00:02:10,960 So just before the wire loop, we will send the post request to the registered page in order to register 19 00:02:10,960 --> 00:02:13,600 or client machine to control panel. 20 00:02:15,110 --> 00:02:24,320 To do so, we need to send the post request within some parameters and or parameters will be the hostname, 21 00:02:24,560 --> 00:02:26,830 the IP address and the operating system. 22 00:02:27,500 --> 00:02:31,940 So let's create a new variable for storing the parameters. 23 00:02:33,440 --> 00:02:34,310 I will call it 24 00:02:37,130 --> 00:02:41,690 register variables or register. 25 00:02:43,080 --> 00:02:54,080 The parameters and it will be hostname will be cut or hostname, and we can get that information from 26 00:02:54,080 --> 00:03:01,580 the general info class by using instance of general info class we can use. 27 00:03:02,740 --> 00:03:10,450 Hostname variable of general info class to get hostname information and also we need to append the IP 28 00:03:10,450 --> 00:03:21,010 address information and again we can use or general info class IP version four address variable of general 29 00:03:21,010 --> 00:03:25,750 info class stores, the IP address of our client said machine. 30 00:03:27,070 --> 00:03:32,230 And also we need to append the operating system version. 31 00:03:34,210 --> 00:03:46,300 And to do so we will use the operating system variable of the general info class and our parameters. 32 00:03:46,300 --> 00:03:47,920 Registrar parameters is already. 33 00:03:48,850 --> 00:03:56,170 And so we need to create a content type header in order to send post requests properly. 34 00:03:56,740 --> 00:04:02,610 If you are new to this concept, please don't worry about the content type header before keeping continue. 35 00:04:03,580 --> 00:04:06,970 So in order to add a new header to our. 36 00:04:08,400 --> 00:04:11,520 The requests we need to use. 37 00:04:14,850 --> 00:04:24,780 Heather's the object that Heather's dad admitted and are headed to will be a content type and the value 38 00:04:24,780 --> 00:04:34,650 of the content type will be application slash X dash w w w dash home, dash Eurail and call it. 39 00:04:38,350 --> 00:04:46,960 And now we can send a poll request to all registered page in order to register control panel. 40 00:04:49,690 --> 00:04:50,440 Let's do it. 41 00:04:51,370 --> 00:05:00,010 Send the post request, we will be using applause to drink method of the planned class, it takes two 42 00:05:00,010 --> 00:05:00,700 arguments. 43 00:05:00,850 --> 00:05:07,960 The first argument will be registered URL and the second argument will be registered Parramatta's. 44 00:05:12,700 --> 00:05:21,580 And let's test, but before testing, let's clean up our table victim's table by using truncate table 45 00:05:21,770 --> 00:05:27,330 victim's comment and our victim's table now clean. 46 00:05:28,150 --> 00:05:28,720 Let's see. 47 00:05:30,610 --> 00:05:34,400 As you can see, no record exists on the victim's table. 48 00:05:35,200 --> 00:05:43,810 So now let's run all court and see if the registration process is working or not. 49 00:05:47,960 --> 00:05:56,060 Now switch back to your attacker machine and use that comment again, as you can see, our victim has 50 00:05:56,060 --> 00:05:57,620 been registered to database. 51 00:06:00,090 --> 00:06:06,330 So stop the program by using control keyword combination. 52 00:06:09,200 --> 00:06:14,570 So what's next after the registration we need to send? 53 00:06:15,860 --> 00:06:26,060 Requests to get comment from the control panel to do so, we will be using comment URL, but. 54 00:06:30,460 --> 00:06:40,900 Let's check that get comment that we need to send the post requests and we need to set hostname IP address 55 00:06:40,900 --> 00:06:47,710 and operating system parameters, these parameters are already existing, the registered parameters. 56 00:06:47,710 --> 00:06:52,680 So we can use this variable for sending a post request to get comment. 57 00:06:53,140 --> 00:06:55,780 Also get comment page also. 58 00:06:58,780 --> 00:06:59,350 So. 59 00:07:03,320 --> 00:07:11,360 We need to send the post request to the get comment that PSAP page with the same parameters with the 60 00:07:11,360 --> 00:07:16,190 registered page, which will be hostname IP address and operating system. 61 00:07:16,610 --> 00:07:17,480 So let's do it. 62 00:07:18,760 --> 00:07:23,680 Before sending the post requests, we need to add this header again. 63 00:07:27,890 --> 00:07:32,210 Get inside the wire loop and inside the tri blog. 64 00:07:34,410 --> 00:07:44,190 And your content type header to your Web client object, and by using upload method of client class, 65 00:07:44,940 --> 00:07:48,720 we will send the post request to the comment URL. 66 00:07:50,540 --> 00:07:57,890 It upholstering matter takes two arguments, the first argument is the the the euro. 67 00:07:57,920 --> 00:08:07,310 And second argument is the parameters which will be registered parameters and actually change its name 68 00:08:07,730 --> 00:08:09,440 and just call it parameters. 69 00:08:10,160 --> 00:08:11,360 It's better this way. 70 00:08:12,830 --> 00:08:17,150 Just use parameters and parameters. 71 00:08:19,640 --> 00:08:27,230 So when we take a comment, we need to send a comment to the common parser class comment, parts of 72 00:08:27,230 --> 00:08:29,560 a function of operations class. 73 00:08:30,020 --> 00:08:30,440 So. 74 00:08:32,350 --> 00:08:43,180 We will save the comment by using a variable, let's call it string taking commands, and we need to 75 00:08:43,180 --> 00:08:51,300 send this comment to the comment parts of a function of operations class, which is here. 76 00:08:52,690 --> 00:08:53,980 So let's do it. 77 00:08:56,080 --> 00:08:56,980 Use. 78 00:09:01,970 --> 00:09:06,290 The instance of the operation operation's class. 79 00:09:10,340 --> 00:09:15,800 And call command parts or function with the taking command as arguments. 80 00:09:19,210 --> 00:09:28,780 Actually, we can do one improvement here, actually, let's make it if if the length of comment is 81 00:09:28,780 --> 00:09:41,620 bigger than one, then send the comment to comment post or function if taking comment lines bigger than 82 00:09:41,620 --> 00:09:42,030 one. 83 00:09:42,970 --> 00:09:46,330 Then send the command, the command parser function. 84 00:09:50,550 --> 00:09:59,310 And we need to send the result of the command parser function to control panel in order to receive results 85 00:09:59,310 --> 00:10:03,180 of the commands, so hard to do so. 86 00:10:08,450 --> 00:10:16,850 First thing first, we need to edit the comment, partial function, because it's return data type is 87 00:10:16,850 --> 00:10:17,230 void. 88 00:10:17,240 --> 00:10:27,410 Now we need to change the streambed and the command policy function will return the return values of 89 00:10:27,410 --> 00:10:34,570 the functions, return value of the all of the functions inside the common person class comment parser 90 00:10:34,610 --> 00:10:35,110 function. 91 00:10:36,050 --> 00:10:43,730 So let's add the return keyword just before every function calls. 92 00:10:51,330 --> 00:10:52,080 Let's do it now. 93 00:10:52,090 --> 00:10:52,470 So. 94 00:11:09,110 --> 00:11:23,330 And we are done and then we need to send the results of the command to the attacker machine to do so, 95 00:11:24,060 --> 00:11:29,170 we need to send a post request to the get results page. 96 00:11:30,440 --> 00:11:30,920 So. 97 00:11:34,070 --> 00:11:41,780 Let's assign the result of the comment partial function to a variable, I would call it command result, 98 00:11:42,650 --> 00:11:46,700 and it will be equal to the term value of the common function. 99 00:11:47,210 --> 00:11:52,970 And people send these variable, this variable to a token machine. 100 00:11:53,790 --> 00:11:59,240 Let's check the get results page. 101 00:12:00,600 --> 00:12:07,670 It requires three parameters, the hostname IP address and resolve parameters. 102 00:12:08,170 --> 00:12:13,340 So let's create the corresponding parameters on the client side. 103 00:12:15,230 --> 00:12:18,320 Let's create a new variable, I will call it. 104 00:12:22,050 --> 00:12:34,120 Result parameters, and it will be hostname, which will be equal because the name variable of Jianlin 105 00:12:34,170 --> 00:12:44,190 for class and IP address and it will be equal to the IP version for address variable of the general 106 00:12:44,190 --> 00:12:45,030 info class. 107 00:12:45,540 --> 00:12:54,570 And lastly, we need to append result and the result will be equal to common result, variable command 108 00:12:54,570 --> 00:12:55,380 result variable. 109 00:12:55,980 --> 00:13:07,560 And then we need to create we need to add the header to all requests and then we can send the request 110 00:13:07,560 --> 00:13:10,770 to the get results page by using. 111 00:13:13,010 --> 00:13:26,390 Upload string method of the planned class or first parameter will be get resolved and our second parameter 112 00:13:26,720 --> 00:13:35,480 will be resolved parameters and now it seems like we are pretty much ready. 113 00:13:36,740 --> 00:13:37,760 So let's. 114 00:13:41,630 --> 00:13:44,540 Let's clean our database again. 115 00:13:49,400 --> 00:13:53,210 And open your browser and go to your panel. 116 00:14:01,530 --> 00:14:08,180 As you can see, no board is exist now and let's run our program. 117 00:14:11,900 --> 00:14:23,840 And refresh the page, as you can see, our hosts is here, and let's try to manage our board by sending 118 00:14:23,840 --> 00:14:34,390 a simple IP complete command and let's see if the result has been shown here. 119 00:14:34,400 --> 00:14:38,360 As you can see, we got the result from Declan Klein software. 120 00:14:38,630 --> 00:14:43,670 And let's say let's wait for a few seconds. 121 00:14:50,360 --> 00:14:51,530 And the new results. 122 00:14:58,910 --> 00:15:00,320 There is resolved. 123 00:15:02,730 --> 00:15:05,670 Hmmm, there may be a little error exists. 124 00:15:06,600 --> 00:15:08,460 Let's try another comment, actually. 125 00:15:11,340 --> 00:15:20,970 Yep, or else comment has returned after refreshing the page, and if I refer you to Page again, I 126 00:15:20,970 --> 00:15:23,180 will see the ability comment. 127 00:15:23,940 --> 00:15:26,130 It's because it's happening because. 128 00:15:28,950 --> 00:15:35,640 When we return, the results from the show results show results page. 129 00:15:36,450 --> 00:15:39,570 We need to remove the. 130 00:15:42,860 --> 00:15:52,280 Result from the database, so let's do it and complete our program, we need after showing the result, 131 00:15:52,830 --> 00:15:56,860 we need to remove it from the database so the new results can come. 132 00:15:58,520 --> 00:15:59,210 Let's do it. 133 00:16:02,220 --> 00:16:10,530 Updates victims said comment resolved to empty. 134 00:16:14,120 --> 00:16:16,220 Up to. 135 00:16:18,730 --> 00:16:22,060 I'm sorry, my keyboard layout has changed. 136 00:16:22,900 --> 00:16:25,020 Let me fix it again. 137 00:16:27,700 --> 00:16:37,270 Said common resolve to blank where hostname as it goes to questionmark and questionmark will be replaced 138 00:16:37,270 --> 00:16:42,290 with the perimeter of the victim, said CAMAC results a. hostname. 139 00:16:42,310 --> 00:16:45,280 OK, that seems good. 140 00:16:46,480 --> 00:16:51,760 And then find Perram and then execute. 141 00:16:52,480 --> 00:16:56,400 We do not need to use to result in bad result and fetch comments here. 142 00:16:57,610 --> 00:16:59,020 Now we should be ready. 143 00:17:03,180 --> 00:17:03,660 So. 144 00:17:08,390 --> 00:17:18,050 Let's try it actually refresh the page again and try to send an IP config comment and let us see. 145 00:17:18,650 --> 00:17:22,010 As you can see, the IP configuration is here. 146 00:17:22,790 --> 00:17:27,890 And let's try let's try the last comment again. 147 00:17:32,570 --> 00:17:38,270 And let's see what will happen, as you can see, the US government has worked so. 148 00:17:39,990 --> 00:17:48,060 We have completed our program, we successfully connected to our control panel and or both machine can 149 00:17:48,060 --> 00:17:50,520 be controlled from our control panel. 150 00:17:51,890 --> 00:17:55,130 So that was it for this lecture. 151 00:17:56,400 --> 00:17:57,590 See you in the next one.