1
00:00:00,600 --> 00:00:06,630
Hi, within this next year, we're going to analyze the map, scan results, and we're going to try

2
00:00:06,630 --> 00:00:11,910
and find a vulnerable service so that we can go into and hack this machine.

3
00:00:12,000 --> 00:00:12,360
Right.

4
00:00:12,840 --> 00:00:13,980
So here you go.

5
00:00:13,980 --> 00:00:16,290
We have the 10 or 214 over here.

6
00:00:16,530 --> 00:00:22,350
So we have many of the ports closed, but we have the 80 ports open.

7
00:00:22,350 --> 00:00:25,770
So this is a Web server, obviously it in the Apache.

8
00:00:26,010 --> 00:00:29,910
And of course, we're going to take a look at that as a normal human being.

9
00:00:29,910 --> 00:00:30,190
Right.

10
00:00:30,480 --> 00:00:38,460
We're going to write the IP address in our Mozilla and we can just see what it has inside of the Apache

11
00:00:38,460 --> 00:00:38,960
server.

12
00:00:39,570 --> 00:00:43,100
So it has the title of Vibranium Market.

13
00:00:43,350 --> 00:00:48,240
I believe this has to do something with the movie itself or the Black Panther itself.

14
00:00:48,630 --> 00:00:59,040
So over here we have the RPG buying service and we have some kind of like two and four, maybe just

15
00:00:59,040 --> 00:01:01,290
kind of the version numbers.

16
00:01:01,860 --> 00:01:10,260
And it's actually worth a shot to search for these exploits for the RPG by maybe it has to do something

17
00:01:10,260 --> 00:01:12,240
with that, but we don't know it.

18
00:01:12,260 --> 00:01:15,770
So let me just open a new tab over here and just search for it.

19
00:01:15,960 --> 00:01:17,730
I'm going to search it, OK?

20
00:01:17,760 --> 00:01:22,550
I'm going to use search it and I'm going to search everything regarding to our PC byte.

21
00:01:23,010 --> 00:01:23,570
Here you go.

22
00:01:23,580 --> 00:01:30,420
We have the exploit titles over here, but as you can see, it doesn't look promising.

23
00:01:30,420 --> 00:01:36,990
It's all regarding to dos or denial-of-service dos, OK, rather than the Edo's its DOS.

24
00:01:37,350 --> 00:01:40,710
And I don't think it's going to help us in this case.

25
00:01:40,830 --> 00:01:41,220
Right.

26
00:01:41,230 --> 00:01:42,680
So it's all dos.

27
00:01:43,260 --> 00:01:48,620
So what happens if we just deny the service out of here?

28
00:01:48,630 --> 00:01:49,070
Nothing.

29
00:01:49,080 --> 00:01:49,350
Right.

30
00:01:49,350 --> 00:01:52,650
So I'm going to just ignore that for a while.

31
00:01:52,830 --> 00:01:58,050
I believe this is our PC binde will not be effective in order to gain access.

32
00:01:58,050 --> 00:01:59,510
Maybe we can use it later.

33
00:01:59,520 --> 00:02:01,850
OK, so great.

34
00:02:01,860 --> 00:02:11,460
And as you can see, there is nothing regarding to like there's nothing helpful regarding to this aversion

35
00:02:11,460 --> 00:02:12,840
numbers over here as well.

36
00:02:12,840 --> 00:02:18,780
There are a lot of things going on in the PC bind, but I don't think it's going to help us at all.

37
00:02:19,440 --> 00:02:22,310
So we're going to focus on the Port 80.

38
00:02:22,320 --> 00:02:26,190
But right now, let me just see if we have something funny over here.

39
00:02:26,370 --> 00:02:33,630
As you can see, we have DSH, but it resides on the report, Turkey, Turkey, Turkey, Turkey.

40
00:02:33,630 --> 00:02:36,440
And it's it's a little bit weird.

41
00:02:36,500 --> 00:02:41,490
OK, so, you know, the SFH port is 22 generally.

42
00:02:41,850 --> 00:02:44,040
So maybe there is something wrong over there.

43
00:02:44,040 --> 00:02:47,550
Maybe it's not a safe service or something like that.

44
00:02:47,730 --> 00:02:55,620
We can always try to go into that server with SSA as a route if they don't have some kind of like a

45
00:02:55,620 --> 00:03:03,270
password or we can just use Anonymous as a password or we can use a password or admin as a password,

46
00:03:03,480 --> 00:03:06,930
try to make our way into that and see.

47
00:03:07,140 --> 00:03:09,030
Maybe it will work, maybe it won't.

48
00:03:09,030 --> 00:03:10,170
But it's worth a shot.

49
00:03:10,170 --> 00:03:10,500
Right.

50
00:03:10,530 --> 00:03:14,850
We we know that there is an SSA service on this part.

51
00:03:15,270 --> 00:03:21,690
So maybe you can just come over here and try that in the other terminal as well.

52
00:03:22,110 --> 00:03:28,020
If it doesn't work, it's obviously going to be some kind of Web servers or penetration testing.

53
00:03:28,560 --> 00:03:30,480
But again, it's worth a shot.

54
00:03:30,930 --> 00:03:33,270
So let me come over here and try that.

55
00:03:33,270 --> 00:03:39,660
So I'm going to say it's this a true route into Tunnel 214 and for the port, I'm just going to say,

56
00:03:39,660 --> 00:03:42,180
Treacher, to try and say yes.

57
00:03:42,510 --> 00:03:43,230
And here you go.

58
00:03:43,230 --> 00:03:44,610
It asks for a password.

59
00:03:44,610 --> 00:03:46,980
So we definitely need a password.

60
00:03:47,190 --> 00:03:53,880
So you can try anonymous, you can try password, you can try Wakanda or vibranium, I don't know.

61
00:03:54,270 --> 00:04:00,660
But as you can see, the anonymous didn't work and the other ones, I believe, won't work as well.

62
00:04:00,660 --> 00:04:02,850
So it's not that easy in this case.

63
00:04:03,870 --> 00:04:09,780
So, again, we are not going to have a luck with this SSA thingy.

64
00:04:09,780 --> 00:04:16,290
Of course, we can try brute forcing it, but since we have the other services, I believe we better

65
00:04:16,290 --> 00:04:17,010
focus on that.

66
00:04:17,010 --> 00:04:23,520
Right now we have the RBC, but again, we have looked at the IRP, see, and it's not going to do much

67
00:04:23,520 --> 00:04:24,540
in this case.

68
00:04:25,020 --> 00:04:30,690
So over here, we know that the target machine is Linux, which is very good.

69
00:04:31,320 --> 00:04:33,330
And here you go.

70
00:04:33,360 --> 00:04:34,700
I believe that's it.

71
00:04:34,720 --> 00:04:37,650
So that leaves us with the Port 80.

72
00:04:37,980 --> 00:04:42,900
So we're going to have to focus on the website of the things and we're going to do some web penetration

73
00:04:42,900 --> 00:04:43,350
tests.

74
00:04:43,620 --> 00:04:44,040
Right.

75
00:04:44,730 --> 00:04:53,040
So we don't have anything over here like kernel thingy, like a colonel exploit something like that,

76
00:04:53,430 --> 00:04:54,540
even that we had.

77
00:04:54,720 --> 00:04:59,340
It would be helpful in the privileged escalation site rather than.

78
00:05:00,090 --> 00:05:01,300
Gaining access sight.

79
00:05:01,830 --> 00:05:03,070
So here you go.

80
00:05:03,090 --> 00:05:10,800
We have this hat tricks that X, Y, Z, and I'm going to show you what this this is a book, OK, Hektor,

81
00:05:11,340 --> 00:05:12,420
that X, Y, Z.

82
00:05:12,570 --> 00:05:15,460
And I believe it's Buchdahl tactics that X, Y, Z.

83
00:05:15,810 --> 00:05:18,440
So Carlos, pull up.

84
00:05:18,450 --> 00:05:28,350
So some guy has written this as a guitar book and it's fantastic because it has I believe this guy was

85
00:05:28,350 --> 00:05:30,720
prepping for the Okposo.

86
00:05:31,380 --> 00:05:36,740
He took a lot of nice notes over here and he made it into a book.

87
00:05:37,080 --> 00:05:46,890
So I actually overview or I actually read this book or just try to scan the related parts when I do

88
00:05:46,890 --> 00:05:50,530
my penetration tests or when I do my seats.

89
00:05:50,550 --> 00:05:51,100
OK.

90
00:05:51,480 --> 00:05:57,510
So, for example, if I want to take a look at the privilege escalation that I can come over here and

91
00:05:57,510 --> 00:06:04,380
I can see all the related commands, all the related different kind of methods over there.

92
00:06:04,710 --> 00:06:06,280
So it helped me a lot.

93
00:06:06,290 --> 00:06:14,150
So I'm just going to make you sure that you get this link in the resources of this lecture as well.

94
00:06:14,190 --> 00:06:21,510
But if you don't get it, just go for book that Hedrick's, that X, Y, Z, and I actually will use

95
00:06:21,510 --> 00:06:23,160
this in this lecture as well.

96
00:06:23,250 --> 00:06:25,320
OK, so that's why I brought it up.

97
00:06:26,460 --> 00:06:27,480
So far so good.

98
00:06:27,510 --> 00:06:33,900
So these are helpful resources and I'm going to share some more resources at the end of this course

99
00:06:33,900 --> 00:06:34,340
as well.

100
00:06:34,830 --> 00:06:36,720
So let's go into 10 to 14.

101
00:06:36,900 --> 00:06:37,420
Here you go.

102
00:06:37,440 --> 00:06:38,550
This is our Web site.

103
00:06:38,550 --> 00:06:42,540
As you can see that we bring you Murcutt and coming soon.

104
00:06:42,930 --> 00:06:45,570
So we have the title.

105
00:06:45,580 --> 00:06:51,440
We have kind of a menu over here, but it doesn't do anything it says that made by Mamadu.

106
00:06:51,930 --> 00:06:54,330
And so here you go.

107
00:06:54,330 --> 00:06:58,320
We don't have anything at all, I believe, in this website.

108
00:06:58,620 --> 00:07:01,050
So we only have this made by Mamadu.

109
00:07:01,050 --> 00:07:02,490
So it can be a hint.

110
00:07:02,520 --> 00:07:06,510
OK, these are important things, especially in the seats.

111
00:07:06,510 --> 00:07:12,360
It can be a hint, it can be a user, it can be the administrator user or something like that.

112
00:07:12,370 --> 00:07:15,080
So it's worth taking a note over there.

113
00:07:15,090 --> 00:07:16,500
So made by Mamadu.

114
00:07:17,730 --> 00:07:26,370
And let me just try to go over here and inspect this element or just view the page source and see if

115
00:07:26,370 --> 00:07:28,880
we had something hidden in the HTML code.

116
00:07:29,100 --> 00:07:30,810
Let me zoom in a little bit.

117
00:07:31,820 --> 00:07:40,700
And here you go, we have the HDMI code, we have the characters that we have the title, and we have

118
00:07:40,700 --> 00:07:44,170
nothing fancy going on over here, I believe, right?

119
00:07:44,180 --> 00:07:46,580
We have the bootstraps.

120
00:07:46,580 --> 00:07:46,910
Yes.

121
00:07:47,030 --> 00:07:49,460
So it's all related to success.

122
00:07:50,060 --> 00:07:54,590
And we have a class we have another Heather over here.

123
00:07:55,130 --> 00:08:00,230
This is just the things that make up this Heather over here.

124
00:08:00,830 --> 00:08:05,410
And this is the way Britney marketed title, as you can see.

125
00:08:06,170 --> 00:08:11,780
And we have all a main roll over here is kind of an inner cover.

126
00:08:12,230 --> 00:08:14,530
So it says on coming soon.

127
00:08:14,750 --> 00:08:16,670
And over here we have a comment.

128
00:08:16,680 --> 00:08:24,040
So if you see this thing over here like this syntax in the HTML, it means that it's a comment.

129
00:08:24,320 --> 00:08:26,000
It's not the actual code.

130
00:08:26,000 --> 00:08:30,410
It's not going to get executed or it's not going to get interpreted by our browser.

131
00:08:30,680 --> 00:08:38,690
But the developer has written this for some reason, like for writing clean code or maybe giving some

132
00:08:38,690 --> 00:08:40,700
message, something like that.

133
00:08:40,700 --> 00:08:47,640
And you can see a lot of hints in the CVS, even the Web penetration tests like in the form of comments.

134
00:08:47,900 --> 00:08:50,100
So here we have something like that.

135
00:08:50,330 --> 00:08:52,000
So now link active.

136
00:08:52,760 --> 00:08:55,460
So this is a navigation link supposably.

137
00:08:55,460 --> 00:09:02,750
And we have the aircraft, which is the link itself over here, and it's related to home.

138
00:09:03,320 --> 00:09:06,170
So it's related to this button.

139
00:09:06,560 --> 00:09:13,940
But rather than the rather then the link over here, we only have a hash tag, which is nothing, which

140
00:09:13,940 --> 00:09:18,020
just makes us redirect to the page itself.

141
00:09:18,260 --> 00:09:27,770
But at the bottom of this, OK, in the next slide we have another A.F., which is kind of weird because

142
00:09:27,770 --> 00:09:29,060
it's been commented out.

143
00:09:29,060 --> 00:09:34,280
And as you can see at the at Mamadu, we have this graph here as well and here as well.

144
00:09:34,290 --> 00:09:42,200
So not no link works over here, actually right there, all hash tags, which doesn't which doesn't

145
00:09:42,200 --> 00:09:42,800
do anything.

146
00:09:42,800 --> 00:09:45,470
But in this case, we have an interest.

147
00:09:45,470 --> 00:09:55,280
But it's commented out and the aircraft, the link itself, the questionmark language f r so I believe

148
00:09:55,280 --> 00:09:58,650
this is an opportunity for us to test something.

149
00:09:59,060 --> 00:10:01,280
So as you can see, this is a parameter.

150
00:10:01,670 --> 00:10:06,590
Most probably it's going to change the language into French and it's worth a shot.

151
00:10:06,590 --> 00:10:12,950
So I'm going to copy this and just delete this and pasted over here and hit enter.

152
00:10:13,070 --> 00:10:16,100
And as you can see, our language has been changed to French.

153
00:10:16,100 --> 00:10:16,970
Indeed.

154
00:10:17,420 --> 00:10:24,770
And even though it didn't, it won't matter if you try with other languages like English, Turkish or

155
00:10:24,770 --> 00:10:26,690
something like Italian.

156
00:10:26,900 --> 00:10:27,820
It doesn't work.

157
00:10:27,830 --> 00:10:29,360
It only works in French.

158
00:10:29,750 --> 00:10:35,900
And so if you just try with the questionmark itself, nothing happens.

159
00:10:36,260 --> 00:10:43,340
But this gives us an opportunity, because once you see something like that, like that, it takes in

160
00:10:43,340 --> 00:10:46,820
a parameter and it can be some kind of vulnerability.

161
00:10:47,600 --> 00:10:52,850
And I don't know about you, but when I see something like this, first thing came to my mind is the

162
00:10:52,850 --> 00:10:58,970
directory traversal, which is a vulnerability that we leverage file inclusion vulnerabilities in order

163
00:10:58,970 --> 00:11:02,580
to see the files that we are not allowed to see in that server.

164
00:11:02,960 --> 00:11:10,130
So all you have to do is just write that data, dash that that slash that that slash and write the file

165
00:11:10,130 --> 00:11:13,660
that you want to see like etsi password, for example.

166
00:11:13,970 --> 00:11:21,610
And if you haven't heard about this vulnerability before, please just take a look at our complete web

167
00:11:21,620 --> 00:11:29,170
penetration testing codes are complete at collecting cores because we do a lot of things over there

168
00:11:29,540 --> 00:11:31,100
and as you can see, didn't work.

169
00:11:31,100 --> 00:11:39,080
We didn't get any response in the HTML or in the browser over here, but it doesn't mean that it doesn't

170
00:11:39,080 --> 00:11:44,420
have this kind of vulnerability because we don't know the depth yet.

171
00:11:44,420 --> 00:11:48,380
So we don't know how many things that we should put over here.

172
00:11:48,380 --> 00:11:53,930
Like maybe we should put eight of the dot dot slash things.

173
00:11:54,200 --> 00:11:56,560
So we're going to have to try and see.

174
00:11:56,810 --> 00:12:02,350
And this is not the only way to look for the directory traversal.

175
00:12:03,110 --> 00:12:05,720
For example, we have dot, dot, lb.

176
00:12:05,720 --> 00:12:12,730
So this is a tool that comes with colonics and it's a directory traversal foser.

177
00:12:12,770 --> 00:12:21,470
OK, you can just give the URL that you want to test you and it can test it for you to see if it has

178
00:12:21,470 --> 00:12:30,050
any kind of directory traversal vulnerabilities and it can just give you the kind of way to exploit

179
00:12:30,050 --> 00:12:30,760
it as well.

180
00:12:31,690 --> 00:12:40,010
Again, using some kind of manual, this kind of automated tools can lead to some false things as well.

181
00:12:40,030 --> 00:12:47,300
So I'm just going to try and be manual over here, but you can try that upon yourselves as well.

182
00:12:47,680 --> 00:12:54,590
So as you can see, we cannot find it with six deaths or any other deaths over here.

183
00:12:54,730 --> 00:13:01,000
So what I'm going to do, I'm going to show you the pattern reversal portion of this book, that electric,

184
00:13:01,060 --> 00:13:08,440
that X, Y, Z, because there are tons of ways to try and see if there is a director to of vulnerability

185
00:13:08,440 --> 00:13:09,310
in a Web website.

186
00:13:09,370 --> 00:13:11,970
OK, so you have to see it for yourself.

187
00:13:12,280 --> 00:13:18,430
So if you scroll down a little bit, you can see it just starts with the exactly the same thing that

188
00:13:18,430 --> 00:13:19,350
we have started.

189
00:13:19,630 --> 00:13:26,700
And it just very it like it has a lot of variations over here, like we have to try this.

190
00:13:26,710 --> 00:13:35,020
Of course, we started with this, OK, so we started with the dot dot slash XY password and it just

191
00:13:35,020 --> 00:13:39,520
converts it with some kind of other representation of the slashes.

192
00:13:39,700 --> 00:13:48,100
Maybe we can try this, OK, and we're not even sure how many datasets that we should use in this case,

193
00:13:48,370 --> 00:13:50,080
but again, it doesn't work.

194
00:13:50,440 --> 00:13:55,760
So you're going to have to try a lot of these things over here, OK?

195
00:13:56,050 --> 00:14:04,600
And I tried and tried and tried until I found the solution when I solved the CTF, I believe, a couple

196
00:14:04,600 --> 00:14:05,740
of years ago.

197
00:14:06,430 --> 00:14:15,310
And it turns out that we have some kind of parameter tingay going on over here.

198
00:14:15,310 --> 00:14:17,780
I'm going to show you where it resides.

199
00:14:18,190 --> 00:14:21,560
So let me find the thing over there.

200
00:14:21,580 --> 00:14:22,900
So, yep, that's it.

201
00:14:23,110 --> 00:14:28,270
So wrappers, as you can see, it starts with the IP itself.

202
00:14:28,340 --> 00:14:37,750
So filter read string and it just encodes it with Base64 or Arati Tartine like we have seen before.

203
00:14:38,080 --> 00:14:38,680
Right.

204
00:14:39,010 --> 00:14:40,600
Independent CTS.

205
00:14:40,930 --> 00:14:43,600
And it just takes in a resource.

206
00:14:44,140 --> 00:14:48,570
So maybe we can try those things, filter things.

207
00:14:48,940 --> 00:14:53,200
So I'm going to take and see if this works.

208
00:14:53,200 --> 00:14:58,720
I'm going to copy this and I'm going to come back to our Brayne market over there.

209
00:14:59,020 --> 00:15:07,470
I'm going to delete everything over here and just paste the thing over there and say enter.

210
00:15:08,320 --> 00:15:13,870
So now it's it tries to read the ROTC.

211
00:15:14,140 --> 00:15:21,610
It tries to just read the index that BHP by using the raw 13 encryption over here.

212
00:15:21,740 --> 00:15:29,500
So we are seeing the index BHB, but we're not getting, I believe, anything else, like we're not

213
00:15:29,500 --> 00:15:31,120
getting a funny thing over there.

214
00:15:31,130 --> 00:15:33,280
So let me try with this one.

215
00:15:33,670 --> 00:15:41,950
OK, so base64 encoding, I'm going to come over here and just zoom in a little bit so that you can

216
00:15:41,950 --> 00:15:44,500
see it in a better way, what I'm doing.

217
00:15:44,800 --> 00:15:49,920
So rather than taking the whole link, I'm just taking over here.

218
00:15:49,960 --> 00:15:58,300
OK, so it starts with the B column slash slash and I'm pasting over here after the language parameter.

219
00:15:58,800 --> 00:16:01,450
If I hit enter, nothing happens.

220
00:16:01,450 --> 00:16:05,020
Let me just go to the source and see if this works or not.

221
00:16:06,310 --> 00:16:13,210
So what we have here, maybe we can have to try with this one as well, so this is basically the same

222
00:16:13,210 --> 00:16:17,920
thing, but it alters the BHP upper case, lower case.

223
00:16:17,920 --> 00:16:22,390
So maybe it's being blocked by some kind of firewall.

224
00:16:22,540 --> 00:16:24,700
It can bypass that kind of thing.

225
00:16:25,030 --> 00:16:28,370
And we don't get anything back here at all.

226
00:16:28,810 --> 00:16:35,410
And as you can see, we're trying new stuff and we're not getting anything different back now.

227
00:16:35,500 --> 00:16:40,690
It doesn't mean, again, it doesn't have director traversal vulnerability.

228
00:16:41,290 --> 00:16:46,070
Rather, it means that we're going to have to change something over there.

229
00:16:46,630 --> 00:16:51,550
So as you can see, it starts with the it's fine and it's filtering something.

230
00:16:51,550 --> 00:16:54,940
It's converting it to base64, which is good.

231
00:16:55,780 --> 00:16:58,740
But over here we have the index BHB.

232
00:16:59,140 --> 00:17:04,020
So rather than index BHP freeride on the index, we get the message.

233
00:17:04,510 --> 00:17:06,480
So that's weird.

234
00:17:06,490 --> 00:17:08,250
We get something like that.

235
00:17:08,270 --> 00:17:09,970
So we don't know what it is yet.

236
00:17:10,300 --> 00:17:12,460
So I'm just going to leave the page source.

237
00:17:12,910 --> 00:17:19,280
Yeah, we have the HDMI code one more time, but we have a new line over here which breaks.

238
00:17:19,300 --> 00:17:22,920
Teach them a code so we cannot see the website properly.

239
00:17:23,200 --> 00:17:28,270
It looks like it's base64 because we're we were doing it with base64.

240
00:17:28,630 --> 00:17:32,410
So I'm just going to search for Base64 Decode, OK?

241
00:17:32,440 --> 00:17:38,860
I'm just going to do this offline, online rather than using an offline tool within Karley because it's

242
00:17:38,860 --> 00:17:40,420
much more easier this way.

243
00:17:40,840 --> 00:17:43,900
I'm just going to say decode and here you go.

244
00:17:43,930 --> 00:17:56,290
Apparently we have actually found a new thing like a like a new IP command or new thing over here.

245
00:17:56,770 --> 00:17:58,000
And here you go.

246
00:17:58,000 --> 00:17:59,980
We have a new password.

247
00:18:00,550 --> 00:18:05,680
So this password can be a password for anything.

248
00:18:05,690 --> 00:18:11,530
I don't know yet, but we're going to try and see it right like that right here.

249
00:18:11,560 --> 00:18:15,070
OK, so naeemi forever two two seven.

250
00:18:16,270 --> 00:18:18,910
So maybe this is related with movie again.

251
00:18:18,910 --> 00:18:25,240
I don't know it so I'm just going to copy it and take enough note of it because it actually includes

252
00:18:25,240 --> 00:18:26,670
some exclamation points.

253
00:18:26,920 --> 00:18:32,820
We're definitely going to forget about it if we don't take a note of it later on.

254
00:18:33,190 --> 00:18:37,510
So I'm going to just narrow into my notes that text.

255
00:18:37,960 --> 00:18:41,830
OK, so I'm going to go to the bottom of this page.

256
00:18:42,050 --> 00:18:44,040
I'm just going to pasted over here.

257
00:18:44,170 --> 00:18:48,610
So this is a password and we don't know where to use it yet.

258
00:18:49,000 --> 00:18:54,550
But of course, this is a very good lead that will lead us to something.

259
00:18:54,550 --> 00:18:55,360
Definitely.

260
00:18:56,230 --> 00:18:57,480
And here you go.

261
00:18:57,490 --> 00:19:00,630
Let me just close this down and this one as well.

262
00:19:01,090 --> 00:19:05,560
Let me try to go to the regular Web page over here.

263
00:19:05,560 --> 00:19:08,890
Let me just delete everything over there, OK?

264
00:19:09,340 --> 00:19:17,800
And let me try to find if there is an admin page over here, like maybe this password just for admins

265
00:19:18,550 --> 00:19:23,110
and maybe we can search for the robots, not robots.

266
00:19:23,110 --> 00:19:27,220
That should have been the first thing that we have looked into over here.

267
00:19:27,430 --> 00:19:32,260
But I forgot about it, so I don't think anything else is there.

268
00:19:32,650 --> 00:19:39,130
So maybe we can have to go back to our map and get the note that you see over here.

269
00:19:39,460 --> 00:19:48,030
Remember, we had this SNH tingay over here and we can try to look into it.

270
00:19:48,040 --> 00:19:51,760
Maybe we can try to login with that password.

271
00:19:51,760 --> 00:19:52,120
Right.

272
00:19:52,390 --> 00:19:58,060
So let me try and log in as a root over here and copy that.

273
00:19:58,420 --> 00:20:02,290
I don't think it's going to work because it shouldn't be that easy.

274
00:20:02,290 --> 00:20:02,590
Right.

275
00:20:02,590 --> 00:20:06,430
The root password just put it over the Internet.

276
00:20:06,670 --> 00:20:08,530
And as you can see, it doesn't work.

277
00:20:09,460 --> 00:20:15,040
But maybe we can use another user over here.

278
00:20:15,250 --> 00:20:18,310
And remember, we have seen that user.

279
00:20:18,580 --> 00:20:20,560
Maybe it's a user we don't know yet.

280
00:20:20,830 --> 00:20:22,390
Maybe it was a hint.

281
00:20:22,390 --> 00:20:25,900
Maybe it was some kind of false alarm or something like that.

282
00:20:26,200 --> 00:20:33,670
But we know that our Bradley Market Web site has been made by Mamadu.

283
00:20:33,760 --> 00:20:34,180
Right.

284
00:20:34,180 --> 00:20:35,950
So, Mamadu, over here.

285
00:20:36,460 --> 00:20:42,610
So it is there is a great possibility that the user in the server as well.

286
00:20:42,940 --> 00:20:49,750
So I'm going to try that and I'm going to try and see if Mamadu has chosen this Niimi forever.

287
00:20:50,350 --> 00:20:58,150
So let me just try this, Mamadu, and just paste the selection over there and let's see if we can log

288
00:20:58,150 --> 00:20:58,390
in.

289
00:20:58,930 --> 00:21:00,520
Nope, it doesn't work.

290
00:21:00,520 --> 00:21:04,660
Let me try and let me copy and paste one more time to make sure.

291
00:21:05,310 --> 00:21:10,690
Come over here, let me just see if this works or not, and here you go.

292
00:21:10,710 --> 00:21:13,050
We managed to go into the server.

293
00:21:13,060 --> 00:21:16,400
Finally we found our way into the server.

294
00:21:16,680 --> 00:21:21,280
We managed to use DSH and that's it.

295
00:21:21,720 --> 00:21:24,830
So we managed to log into the server.

296
00:21:24,840 --> 00:21:26,980
Now we are done with the website as well.

297
00:21:27,180 --> 00:21:31,200
We're going to see what we can do over here in the next lecture.