1
00:00:00,710 --> 00:00:08,270
Now, you might notice that I am using a skill injection in the password field, right, and not on

2
00:00:08,270 --> 00:00:13,760
the username, because I know the user name is Edvin, but what if you don't know the username as well

3
00:00:13,760 --> 00:00:14,430
as password?

4
00:00:14,810 --> 00:00:19,550
Well, in that case, we will try a single injection on the user name.

5
00:00:19,980 --> 00:00:22,000
OK, so let's try this.

6
00:00:22,670 --> 00:00:27,770
So let's remove admin and let's say we don't know the user names or type X, Y, Z.

7
00:00:28,520 --> 00:00:32,990
OK, and then we will make it a ESKIL injection.

8
00:00:33,090 --> 00:00:38,960
So singlehood then the condition one is equal to one and then hash.

9
00:00:39,830 --> 00:00:43,350
OK, so let's copy it.

10
00:00:44,700 --> 00:00:49,070
So it's back to browser and pasted.

11
00:00:52,280 --> 00:00:58,340
OK, now the buzzword type, anything like one, two, three, four, five, six, extra hit enter.

12
00:01:01,790 --> 00:01:04,970
Now forward.

13
00:01:08,330 --> 00:01:11,100
See, this time the security is set too low.

14
00:01:11,300 --> 00:01:15,650
OK, so we have successfully lobbied as admin.

15
00:01:16,250 --> 00:01:20,180
OK, now let's increase the security.

16
00:01:23,420 --> 00:01:26,450
Again, we have to forward this request.

17
00:01:29,380 --> 00:01:33,710
Otherwise, we will not able to access to the website.

18
00:01:33,970 --> 00:01:38,590
OK, so as you can see, the security level is too arrogant.

19
00:01:39,550 --> 00:01:43,330
So let's log out again.

20
00:01:43,330 --> 00:01:45,070
We have to forward this request.

21
00:01:50,720 --> 00:02:00,380
Now, let's try Eskil diction again, but this time it won't work as we know that we do the security,

22
00:02:00,650 --> 00:02:04,940
so let's change it to the normal text like ABC.

23
00:02:07,040 --> 00:02:12,900
Yes, and password would be ABCDE could enter.

24
00:02:15,410 --> 00:02:19,080
Now, here now it is the security level one.

25
00:02:19,110 --> 00:02:23,170
So we have to make changes here to bypass plain sight security.

26
00:02:24,830 --> 00:02:27,940
So singlehood again.

27
00:02:28,640 --> 00:02:29,600
Eskil injection.

28
00:02:30,710 --> 00:02:38,050
OK, now let's forward the request and see whether we are able to get access into that website or not.

29
00:02:39,530 --> 00:02:42,560
See, we have not been as admin.

30
00:02:42,740 --> 00:02:47,200
OK, so login is successful right now.

31
00:02:47,390 --> 00:02:55,370
Let's increase security to top OK to level five, which is the highest level of security in our virtual

32
00:02:55,370 --> 00:02:56,100
environment.

33
00:02:56,550 --> 00:03:03,020
OK, and this level of security is sufficient to stop attacks like estriol injection.

34
00:03:04,280 --> 00:03:09,440
OK, so now we have increased the security level to five, which says it is secure now.

35
00:03:09,920 --> 00:03:17,900
OK, so let's logout from here and try to perform Eskil injection attack again.

36
00:03:18,920 --> 00:03:26,870
But this time we are not able to get access into this website as a security level is set to maximum.

37
00:03:28,070 --> 00:03:31,220
OK, so let's try to attack again.

38
00:03:32,330 --> 00:03:38,480
Let's say Elamine and possibly evictee hit enter.

39
00:03:42,340 --> 00:03:52,810
Now, again, let's make it as fuel injection one is equal to one hash, and this time let's try to

40
00:03:52,810 --> 00:03:54,670
make Passover feel as well.

41
00:03:54,700 --> 00:03:55,950
OK, so let's change it.

42
00:04:00,120 --> 00:04:02,190
OK, and click on Forward.

43
00:04:07,670 --> 00:04:08,430
OK, see?

44
00:04:08,450 --> 00:04:10,580
It says bad username or password.

45
00:04:11,090 --> 00:04:15,710
So this kind of security is sufficient to stop Eskil injection attacks.

46
00:04:16,130 --> 00:04:18,890
Now, what is happening behind the scenes?

47
00:04:20,420 --> 00:04:29,270
The webpage has given instructions using security that never in the user name or password you found

48
00:04:29,720 --> 00:04:36,710
characters like single code or double code, then just remove them because username and password will

49
00:04:36,710 --> 00:04:38,790
only accept plain text.

50
00:04:39,040 --> 00:04:49,760
OK, for example, let's say we have used this indication on both username and password.

51
00:04:50,270 --> 00:04:58,380
Now Web page will ignore this single code, OK, and make it a plain text because whenever we remove

52
00:04:58,380 --> 00:05:03,620
a single code from our injection, then this is no longer a ESKIL injection.

53
00:05:03,920 --> 00:05:06,170
It is just a normal text.

54
00:05:06,350 --> 00:05:06,710
Right?

55
00:05:07,910 --> 00:05:16,490
So this way you can secure if you are a programmer, then you must know how to secure from a text like

56
00:05:16,490 --> 00:05:24,080
a skill injection and cross the descriptives right so that attacks won't work in level five security

57
00:05:24,080 --> 00:05:25,460
in our virtual environment.

58
00:05:25,940 --> 00:05:34,160
OK, now in the next video, I will perform Eskil injection attack on live Web sites.

59
00:05:34,670 --> 00:05:35,030
Right?