1
00:00:10,280 --> 00:00:17,270
Let us continue with phyla vulnerabilities in the last lecture, you saw how to exploit a basic low

2
00:00:17,270 --> 00:00:23,120
level operative allegedly using depletion, but what if the level is set to medium?

3
00:00:23,540 --> 00:00:32,530
Well, let us see if we can exploit that to slow down on your machine and portable and login to dampen

4
00:00:32,540 --> 00:00:33,950
Raible Web application.

5
00:00:34,370 --> 00:00:39,020
As you can see right now, I'm in my college machine, so go to the Firefox browser.

6
00:00:46,500 --> 00:00:49,550
Let us log into time with the rebels web application.

7
00:00:57,420 --> 00:01:01,650
And first, we will set to security, to media.

8
00:01:04,400 --> 00:01:07,710
Now, the security has been set to the medium level.

9
00:01:09,480 --> 00:01:18,840
Now, let us go to applaud and will again try to applaud a BHP shell, so let's choose let's applaud

10
00:01:18,870 --> 00:01:24,160
this, shall there to see if we can upload this so open and upload.

11
00:01:24,840 --> 00:01:29,340
Well, we got an error that the image was not uploaded.

12
00:01:29,730 --> 00:01:34,770
And also we got a descriptive error of showing what was the image on this line.

13
00:01:35,250 --> 00:01:41,400
Now, these errors are also a critical vulnerability to an attacker as they are showing some critical

14
00:01:41,400 --> 00:01:42,960
information about the courier.

15
00:01:43,380 --> 00:01:44,400
So now what to do?

16
00:01:46,630 --> 00:01:48,970
Let us go and start absolute.

17
00:01:52,130 --> 00:01:58,640
Meanwhile, we'll go to the preferences in the Musila and just change the proxy settings.

18
00:01:59,740 --> 00:02:00,890
If you don't remember.

19
00:02:00,910 --> 00:02:01,930
Why do we do this?

20
00:02:02,140 --> 00:02:05,230
You can refer back to the previous video and see again.

21
00:02:10,250 --> 00:02:16,460
And now the suit has started, just do not modify anything, just click start BOPE.

22
00:02:23,200 --> 00:02:26,050
A boat has been chartered go to proxy.

23
00:02:26,960 --> 00:02:33,620
Click The Intercept is on not if this is if you can see this button is clicked, it will show intercepted

24
00:02:34,040 --> 00:02:35,990
on there desk check if it is on.

25
00:02:37,670 --> 00:02:46,610
Let's applaud and yes, forward it is, one can see it is now what we will do is we'll go to our shell,

26
00:02:46,610 --> 00:02:49,070
the shell which we had created in the last video.

27
00:02:52,710 --> 00:02:53,580
And we will.

28
00:02:54,670 --> 00:03:02,530
Rename this shell, so we'll rename this as Shell Demo Dot, that's a GPG.

29
00:03:03,920 --> 00:03:05,060
Now, this is an image.

30
00:03:06,210 --> 00:03:14,690
And let us try to upload this image, keeping our intercept on so Brouse, Chalamont or.

31
00:03:16,270 --> 00:03:24,970
GPG, I'm sorry, and then we'll click, upload, you can see immediately we got a request in BOPE saying

32
00:03:24,970 --> 00:03:25,410
that.

33
00:03:25,420 --> 00:03:27,780
Are you sure you want to upload this now?

34
00:03:27,790 --> 00:03:29,770
You can see this is a post request.

35
00:03:30,160 --> 00:03:32,830
As you can see the parameters through the wall.

36
00:03:33,910 --> 00:03:38,440
We can see who's agent and the content limit is one one three six.

37
00:03:38,800 --> 00:03:46,750
The most important thing right now that we're interested in is the filename and the content type.

38
00:03:47,080 --> 00:03:54,580
You can see the content here is image slash GPG and filename is Shell demo that Dipti.

39
00:03:55,030 --> 00:03:58,240
But what if we can edit that jpg.

40
00:03:58,570 --> 00:04:02,550
Let let's try and see if we can edit that jpg here.

41
00:04:03,520 --> 00:04:11,140
Well you can also edit it in the parameters tab after forwarding, but we will just edit it in the filename.

42
00:04:11,140 --> 00:04:17,470
So I what I will do instead of GBG, I will write the HP.

43
00:04:18,830 --> 00:04:27,240
And then I will forward the request and let us see Vola, shall the model be successfully uploaded.

44
00:04:27,980 --> 00:04:34,800
What we did is we tricked the browser, telling that we are uploading a jpg, but in between we changed

45
00:04:34,800 --> 00:04:35,680
it to BHP.

46
00:04:36,500 --> 00:04:40,340
This is how we have to exploit the medium level of vulnerability.

47
00:04:40,730 --> 00:04:42,950
Let us see if we have successfully uploaded this.

48
00:04:42,980 --> 00:04:44,780
So click copy.

49
00:04:46,190 --> 00:04:52,620
And we have shown you in the last lecture how to check whether we have uploaded this file paste into

50
00:04:53,570 --> 00:04:55,360
and again, it is asking for intercepts.

51
00:04:55,370 --> 00:05:00,510
We just forward for now outline of the intercept and yes, we uploaded.

52
00:05:01,400 --> 00:05:03,740
So let us exploit the server.

53
00:05:04,100 --> 00:05:05,060
Copy this.

54
00:05:08,330 --> 00:05:09,470
Go to terminal.

55
00:05:12,200 --> 00:05:17,510
Again, type Veasley, then the destination website.

56
00:05:17,750 --> 00:05:19,490
I'm sorry, I didn't copy properly.

57
00:05:39,980 --> 00:05:41,000
Go to Termine.

58
00:05:47,700 --> 00:05:53,710
Just based, followed by the password and hit Enter, there you go.

59
00:05:54,090 --> 00:06:00,160
We have compromised the medium level security of the military with the publication as well.

60
00:06:00,570 --> 00:06:02,560
Let's see if we can execute a command.

61
00:06:03,480 --> 00:06:04,260
And there you go.

62
00:06:04,270 --> 00:06:07,290
We have our file sharing modot BHP.

63
00:06:07,650 --> 00:06:10,470
You can also execute the present working directory.

64
00:06:10,890 --> 00:06:19,140
Then if you click help will find out the system information using this command system in info.

65
00:06:20,220 --> 00:06:21,360
Sistem.

66
00:06:24,350 --> 00:06:24,950
Info.

67
00:06:25,490 --> 00:06:33,440
And there you go, so you can see how powerful this shell is, and I hope you also got the idea how

68
00:06:33,440 --> 00:06:37,150
to exploit the file, a provisional duty using it.

69
00:06:38,030 --> 00:06:39,920
This was all for today's lecture.

70
00:06:41,250 --> 00:06:43,590
Again, while quitting the browser.

71
00:06:46,120 --> 00:06:49,910
So this was all for this lecture in the next lecture.

72
00:06:49,930 --> 00:06:57,430
We'll see some different interesting topics again before quitting Firefox to not forget to change the

73
00:06:57,430 --> 00:07:00,690
preferences from proxy settings.

74
00:07:00,700 --> 00:07:02,200
No proxy click.

75
00:07:02,200 --> 00:07:05,770
OK, and then this is always a good practice.

76
00:07:06,740 --> 00:07:08,940
I will see you in the next lecture.