1 00:00:00,540 --> 00:00:06,810 In the previous video, I told you that whatever clothing function used on the Web page, you have to 2 00:00:06,810 --> 00:00:10,020 use the same function, otherwise your script won't work. 3 00:00:10,410 --> 00:00:14,540 OK, so we have seen that on our website. 4 00:00:15,090 --> 00:00:17,900 We have to use double code closing, OK? 5 00:00:18,240 --> 00:00:20,550 Only then we will able to run our script. 6 00:00:21,100 --> 00:00:28,160 OK, because if you don't use this closing function, then our script will won't work. 7 00:00:28,440 --> 00:00:35,780 Right now I know that it's a little bit confusing, but in this video all your confusion will be cleared, 8 00:00:36,120 --> 00:00:36,380 right? 9 00:00:36,750 --> 00:00:43,710 So here is our website, which help you to increase your knowledge and confidence about Exercice attacks. 10 00:00:44,040 --> 00:00:44,340 Right? 11 00:00:44,610 --> 00:00:49,630 So the website called Lead-time Dot Net accessors one. 12 00:00:50,190 --> 00:00:57,180 OK, so I'm not sure, but this website provides you around seven or eight levels of different challenges, 13 00:00:57,560 --> 00:01:02,700 OK, which will definitely help you to practice Access's IPEX, which will help you to understand how 14 00:01:02,700 --> 00:01:05,980 you can help on my website. 15 00:01:06,090 --> 00:01:06,430 Right. 16 00:01:07,320 --> 00:01:08,880 So let's click on a year. 17 00:01:08,880 --> 00:01:09,800 Bring it on baby. 18 00:01:10,890 --> 00:01:13,260 And here is our first challenge. 19 00:01:13,290 --> 00:01:15,680 OK, so it's asking to enter your name. 20 00:01:15,690 --> 00:01:18,750 So I'm entering my name, ok. 21 00:01:19,620 --> 00:01:20,800 It says cannot find you. 22 00:01:21,000 --> 00:01:22,480 Yes, that's what we want. 23 00:01:23,140 --> 00:01:34,260 Now let's run the script and let's say alert one, two, three, and then prosit. 24 00:01:35,220 --> 00:01:37,340 OK, click on Search. 25 00:01:39,180 --> 00:01:41,310 It says one, two, three is reflecting. 26 00:01:42,060 --> 00:01:46,260 OK, nice try but use a learned document don't you. 27 00:01:46,470 --> 00:01:50,100 So we have to use this alert instead of using one, two, three. 28 00:01:50,250 --> 00:01:54,870 OK, only then it will take us to the next level. 29 00:01:56,100 --> 00:01:56,300 Right. 30 00:01:56,940 --> 00:02:02,950 OK, so nobody you can enter the script again here or you can edit it from here as well. 31 00:02:02,970 --> 00:02:05,070 OK, so let me edit this. 32 00:02:06,450 --> 00:02:12,300 So instead of using this, we have to use document to go out and hit enter and it says good work, you 33 00:02:12,300 --> 00:02:13,840 are welcome to the next round, OK. 34 00:02:14,250 --> 00:02:16,420 So now here is the challenge too. 35 00:02:17,040 --> 00:02:19,490 So let me enter my name again. 36 00:02:20,580 --> 00:02:22,860 OK, this time we are not getting a reply. 37 00:02:23,610 --> 00:02:25,890 So let's check out the page source. 38 00:02:29,300 --> 00:02:30,930 OK, no, not selection. 39 00:02:30,950 --> 00:02:36,890 I want to complete bedsores, right, and here it is. 40 00:02:38,570 --> 00:02:39,980 OK, here is the input. 41 00:02:41,390 --> 00:02:42,920 So let me copy this. 42 00:02:45,480 --> 00:02:52,530 OK, so the reason behind it is not reflecting is this one, OK, which is a closing tag, which is 43 00:02:52,530 --> 00:02:53,520 a closing bracket. 44 00:02:53,550 --> 00:02:55,700 OK, so this is a closing function. 45 00:02:56,130 --> 00:03:01,590 So in the previous video, you have seen that we are using the closing, but this time we have to use 46 00:03:01,590 --> 00:03:02,880 this bracket only. 47 00:03:03,240 --> 00:03:03,580 Right. 48 00:03:03,930 --> 00:03:07,620 So our payload would be something like this. 49 00:03:09,850 --> 00:03:10,610 Script. 50 00:03:11,920 --> 00:03:13,150 OK, alert. 51 00:03:13,930 --> 00:03:18,880 And then one, two, three, and then close it, right. 52 00:03:19,480 --> 00:03:24,330 So this would be our payload for the jet engine number two. 53 00:03:25,910 --> 00:03:26,470 Right. 54 00:03:27,520 --> 00:03:30,350 So let's use it. 55 00:03:31,140 --> 00:03:36,160 OK, but first, let's try this with the name, OK, and see whether it works or not. 56 00:03:37,180 --> 00:03:38,580 OK, so it's reflecting back. 57 00:03:38,590 --> 00:03:38,950 Yes. 58 00:03:39,880 --> 00:03:42,900 So the method of using is absolutely correct. 59 00:03:46,130 --> 00:03:46,480 Done. 60 00:03:47,810 --> 00:03:48,440 OK. 61 00:03:48,540 --> 00:03:52,250 Again, we have to use this thing instead of using one, two, three. 62 00:03:54,540 --> 00:03:58,620 So no worries, let me edit this again. 63 00:04:03,460 --> 00:04:06,210 OK, so now it's time for a challenge. 64 00:04:06,250 --> 00:04:09,280 Three, let me enter my name again. 65 00:04:11,680 --> 00:04:16,060 Let's view page source and here it is. 66 00:04:18,770 --> 00:04:19,940 Let me copy this. 67 00:04:25,900 --> 00:04:32,280 OK, so the reason behind it is not reflecting is this, which is the Bellecourt closing, right. 68 00:04:33,220 --> 00:04:35,290 So let's try this again. 69 00:04:38,100 --> 00:04:48,960 Here, OK, so the closing and my name hit Enter and you will able to see the reflected pretty then. 70 00:04:49,860 --> 00:04:53,180 So let's use our script again. 71 00:04:53,190 --> 00:04:54,330 So script. 72 00:04:56,350 --> 00:05:06,670 This one, this is our payload, right, and this time, let's use document dot, you are in and close 73 00:05:06,670 --> 00:05:07,530 the script. 74 00:05:09,740 --> 00:05:10,700 And hit enter. 75 00:05:11,150 --> 00:05:19,010 OK, so now it's time for challenge for OK, so this time let's use hello. 76 00:05:20,860 --> 00:05:25,360 OK, view page source and let's see why it's not working. 77 00:05:28,490 --> 00:05:29,240 So. 78 00:05:33,480 --> 00:05:37,950 OK, this is the reason behind it is not working, which is single called closing, right. 79 00:05:38,310 --> 00:05:45,900 So I hope now you understand that whatever return here, which is a closing function, you have to use 80 00:05:45,900 --> 00:05:46,560 the same thing. 81 00:05:46,710 --> 00:05:47,010 Right. 82 00:05:47,640 --> 00:05:52,140 So let's use it, which is the single call closing. 83 00:05:52,170 --> 00:05:54,600 OK, so let me add this here. 84 00:05:54,600 --> 00:05:55,800 Single closing in. 85 00:05:55,800 --> 00:05:57,380 Hello, C.. 86 00:05:57,390 --> 00:06:04,180 It's reflecting OK, which means we have to use the same thing for our script as well. 87 00:06:04,200 --> 00:06:13,200 So script alert, one or not, we have to use a document, don't you. 88 00:06:13,240 --> 00:06:15,470 All right. 89 00:06:15,870 --> 00:06:19,440 And then close the script hit enter. 90 00:06:20,910 --> 00:06:21,920 OK, great work. 91 00:06:22,470 --> 00:06:24,650 Now it's time for Challenge five. 92 00:06:25,230 --> 00:06:27,750 OK, so let's use hello again. 93 00:06:28,830 --> 00:06:30,450 And it's not reflecting. 94 00:06:30,450 --> 00:06:34,500 Let's view page source and see this one. 95 00:06:35,370 --> 00:06:39,180 OK, which is input field and. 96 00:06:43,420 --> 00:06:50,140 OK, it says input by text name is equal to name, there is the hello. 97 00:06:53,540 --> 00:07:02,270 It's not getting it OK, so let me take my name and let's visit the page source and let's find. 98 00:07:05,000 --> 00:07:09,230 OK, so it's not taking this right. 99 00:07:12,940 --> 00:07:14,390 The reason behind is, is. 100 00:07:17,320 --> 00:07:19,900 In type, text and then name. 101 00:07:22,240 --> 00:07:29,080 OK, so here is one more different thing, which I forgot to tell you about, is it see, it is not 102 00:07:29,080 --> 00:07:32,970 necessary that you will get a single input parameter feel right here. 103 00:07:32,980 --> 00:07:35,100 You will find two different parameter fields. 104 00:07:35,350 --> 00:07:40,780 The first one is the name OK, which is my name, and the next one is submit. 105 00:07:40,990 --> 00:07:45,290 OK, this pattern submit is also an input parameter. 106 00:07:45,610 --> 00:07:49,480 So this one is the first input parameter and such is the second one. 107 00:07:49,660 --> 00:07:58,450 OK, so let me type something like this, which is Henno and let's say one and here and submit we will 108 00:07:58,540 --> 00:08:02,800 try to run Halo two and hit enter. 109 00:08:05,050 --> 00:08:11,110 OK, and if we go inside the page source we will be able to see. 110 00:08:11,320 --> 00:08:13,170 OK, so problem is different this time. 111 00:08:13,240 --> 00:08:19,600 So let's try one more time and let's visit view page source. 112 00:08:21,550 --> 00:08:32,290 And here you will able to find that it's taking our input as a string and that's the reason why it is 113 00:08:32,290 --> 00:08:33,340 not working here. 114 00:08:33,640 --> 00:08:34,060 OK. 115 00:08:35,260 --> 00:08:40,990 So whenever it picks our input as a string, it won't execute this one. 116 00:08:41,020 --> 00:08:44,500 OK, so what we have to do is we have to close this thing. 117 00:08:44,710 --> 00:08:46,990 OK, we have to close its script. 118 00:08:47,620 --> 00:08:47,940 Right. 119 00:08:48,520 --> 00:08:51,440 So the actual thing would be like this. 120 00:08:52,330 --> 00:08:57,500 So let me show you our payload would look like this to slash the script. 121 00:08:58,480 --> 00:09:00,010 OK, then. 122 00:09:00,730 --> 00:09:03,310 Now we have to run our script. 123 00:09:03,790 --> 00:09:13,850 OK, so script alert and document dot you all and then close it. 124 00:09:13,960 --> 00:09:16,310 OK then. 125 00:09:17,290 --> 00:09:21,110 So this would be our payload for this new challenge. 126 00:09:21,140 --> 00:09:25,900 OK, so let's move here and let me use this. 127 00:09:28,480 --> 00:09:29,550 OK, done. 128 00:09:30,040 --> 00:09:30,370 Right. 129 00:09:30,850 --> 00:09:39,370 So as I told you that whatever it used for closing your function, OK, whatever function they will 130 00:09:39,370 --> 00:09:41,350 use on a web page, we have to use the same thing. 131 00:09:41,350 --> 00:09:41,660 Right. 132 00:09:42,880 --> 00:09:47,200 So that was the case now in Jenin six. 133 00:09:47,380 --> 00:09:51,440 Let me tape again and this time. 134 00:09:52,510 --> 00:09:54,430 OK, let's close this. 135 00:09:56,620 --> 00:10:05,200 And it's not reflecting, so let's be open source again and let's see this one. 136 00:10:06,460 --> 00:10:12,000 OK, so yes, again, what's the reason that it's not working? 137 00:10:14,780 --> 00:10:18,980 OK, I hope this time you will be able to find out the reason, right? 138 00:10:22,160 --> 00:10:30,680 So, uh, the reason is this, again, the closing function, so this time, if you want to create the 139 00:10:30,680 --> 00:10:31,220 payload. 140 00:10:34,080 --> 00:10:44,820 Use this thing force to close this, close your function, OK, and then try to run our script. 141 00:10:45,270 --> 00:10:53,700 OK, which is document that you ordered and then close it as always. 142 00:10:55,430 --> 00:11:02,280 OK, so copy this payload and pasted here. 143 00:11:03,630 --> 00:11:04,920 I hope it will work. 144 00:11:07,300 --> 00:11:08,390 Oh, yes, good work. 145 00:11:08,410 --> 00:11:09,670 You are welcome to the next round. 146 00:11:09,710 --> 00:11:13,090 And now it's time for Challenge seven. 147 00:11:13,580 --> 00:11:16,870 OK, this time let me use hello again. 148 00:11:19,180 --> 00:11:21,130 OK, it's not reflecting. 149 00:11:21,340 --> 00:11:23,260 So let's view page source. 150 00:11:26,010 --> 00:11:35,660 OK, if you are able to see the coding here, you will know that it's not taking input from your keyboard, 151 00:11:35,670 --> 00:11:35,980 OK? 152 00:11:36,210 --> 00:11:40,740 So whatever you type using your keyboard, it won't work here. 153 00:11:41,340 --> 00:11:47,200 OK, so that would be an increased level for exercise changes, right? 154 00:11:48,030 --> 00:11:51,090 So this time we have to use some other thing. 155 00:11:52,140 --> 00:11:58,020 So this time let's try to assign input using mouse. 156 00:11:58,690 --> 00:12:05,040 OK, so those students who know little about programming will understand this thing. 157 00:12:06,210 --> 00:12:11,220 So we will use on mouse over. 158 00:12:12,210 --> 00:12:16,530 OK, you would assume this as a script or as a function. 159 00:12:17,340 --> 00:12:25,560 OK, so whenever your Web page has a secure coding like it won't accept input from your keyboard. 160 00:12:25,790 --> 00:12:29,770 OK, so in that case, any of your attack won't work. 161 00:12:30,150 --> 00:12:33,780 OK, so in that case we have to use mouse input. 162 00:12:34,230 --> 00:12:45,780 So on mouse over and let's say alert and the alert would be document dot urin and semicolon. 163 00:12:46,290 --> 00:12:55,680 OK, so let's try this payload in our challenge number seven and let's see that it worked or not. 164 00:12:56,370 --> 00:13:03,880 OK, see, whenever you use on mouse over, you have to move your mouse on that input field. 165 00:13:03,990 --> 00:13:10,040 OK, as soon as I moved by mouse to the name feel it work. 166 00:13:10,380 --> 00:13:10,700 Right. 167 00:13:10,920 --> 00:13:16,440 So I hope now you understand that whenever your keyboard is not working, you have to use your mouse 168 00:13:16,440 --> 00:13:17,010 inputs. 169 00:13:17,220 --> 00:13:17,540 Right. 170 00:13:17,550 --> 00:13:22,320 You have to assign inputs using on mouse over. 171 00:13:23,010 --> 00:13:25,560 OK, so now it's time for a challenge. 172 00:13:25,560 --> 00:13:26,040 Eight. 173 00:13:26,700 --> 00:13:29,660 Let's see how different it is from other challenges. 174 00:13:30,540 --> 00:13:32,040 Let's move the page source. 175 00:13:32,310 --> 00:13:34,610 OK, there is a little difference between the two. 176 00:13:34,920 --> 00:13:38,550 This time we have to use double codes, right. 177 00:13:39,750 --> 00:13:42,390 So double goal here and here as well. 178 00:13:45,370 --> 00:13:50,050 And this would be our payload for the jet engine number eight. 179 00:13:52,430 --> 00:13:54,950 Right, let me close all of these. 180 00:14:00,200 --> 00:14:06,590 OK, so I hope it will work, it's not working. 181 00:14:06,770 --> 00:14:14,000 OK, so as I told you, we have two different input parameters, so let's try the same thing on the 182 00:14:14,060 --> 00:14:15,650 second parameter as well. 183 00:14:15,800 --> 00:14:22,820 OK, so let's run our payload on this search parameter, OK? 184 00:14:23,300 --> 00:14:25,460 And let's see whether it works or not. 185 00:14:26,540 --> 00:14:27,970 See, it worked, right. 186 00:14:29,000 --> 00:14:31,410 So this way you have to try. 187 00:14:31,610 --> 00:14:32,700 OK, just finished. 188 00:14:32,720 --> 00:14:35,240 OK, so the challenges are eight. 189 00:14:36,050 --> 00:14:44,060 OK, eight different levels of challenges you will find on this website right now you have to understand 190 00:14:44,090 --> 00:14:44,460 that. 191 00:14:44,460 --> 00:14:46,430 Do the same thing. 192 00:14:47,100 --> 00:14:49,430 Want to work on the same input parameters. 193 00:14:49,430 --> 00:14:56,540 You have to try your each of your attacks on all of the available input fields or input parameters you 194 00:14:56,540 --> 00:14:57,770 find on a website. 195 00:14:58,010 --> 00:15:04,190 For example, on e-commerce websites, you will find a lot of parameters on a lot of input parameters. 196 00:15:04,230 --> 00:15:11,270 OK, so the search of or the login page or the sign a page or the contact us page or the boxes. 197 00:15:11,420 --> 00:15:11,760 Right. 198 00:15:11,960 --> 00:15:19,520 So you have to include all of the input parameters in your attack in order to find a single vulnerability 199 00:15:19,790 --> 00:15:21,320 in that website. 200 00:15:21,790 --> 00:15:27,620 OK, so I hope you understand the difference between almost a normal keyboard input. 201 00:15:28,310 --> 00:15:36,290 Whenever your keyboard inputs are not working, you have to use on mouse over OK, and you have to move 202 00:15:36,290 --> 00:15:42,530 your mouse on that field in order to work your script. 203 00:15:42,530 --> 00:15:50,990 Right now, in the next video, I will show you how you can earn some real money by hacking into some 204 00:15:50,990 --> 00:15:53,540 websites and how you can find those websites.