1
00:00:00,210 --> 00:00:02,910
Hello everybody and welcome back.

2
00:00:02,910 --> 00:00:10,110
And from now on we cover two types of the tax which is the story the success attack and the reflected

3
00:00:10,120 --> 00:00:17,130
excesses attack this one as we can see we covered and it basically leaves this hallowed window open

4
00:00:17,310 --> 00:00:25,840
all the time for anyone who is it and they reflected exercise attack is basically what we sent in the

5
00:00:25,840 --> 00:00:35,730
previous videos over link to the victim now I also try to show you how you can gather the cookies with

6
00:00:35,730 --> 00:00:42,510
these simple HDP server running but that couldn't and didn't seem to work if you wanted to you can search

7
00:00:42,510 --> 00:00:50,910
online how to do it more accurate and more better since I believe I made a mistake in some of the uh

8
00:00:51,210 --> 00:00:56,700
syntax of the comment but it doesn't matter for now on since there is another attack that I want to

9
00:00:56,700 --> 00:00:57,620
show you.

10
00:00:57,930 --> 00:01:06,580
So basically what happens if you wanted to change the looks of a certain website you can also.

11
00:01:06,600 --> 00:01:14,670
You can also do that with the exercise attack and with the stored excess attack which is all there are

12
00:01:14,690 --> 00:01:22,620
a lot more dangerous since it can be used to ruin the European nation and the world well basically the

13
00:01:22,620 --> 00:01:25,570
reputation of a certain company.

14
00:01:25,680 --> 00:01:33,340
For example if you were to find the website the honorable to be stored X assess attack.

15
00:01:33,780 --> 00:01:39,790
You could for example change all of its pictures then Uh may maybe upload your own age to your mail

16
00:01:39,790 --> 00:01:40,470
file.

17
00:01:40,590 --> 00:01:47,400
So it shows another website entirely and it would ruin the reputation of the website itself.

18
00:01:48,550 --> 00:01:52,090
But uh luckily that is not really that common attack.

19
00:01:52,090 --> 00:01:54,070
I will show you how to do it right now.

20
00:01:54,550 --> 00:01:59,590
So first of all before I continue on to make sure that my intercept is off.

21
00:01:59,680 --> 00:01:59,980
Good.

22
00:02:00,010 --> 00:02:03,070
So let us go on to our little machine.

23
00:02:04,060 --> 00:02:09,420
So when I do that 168 that one dot six.

24
00:02:10,000 --> 00:02:15,520
Now where we want to go is we want to go right here motel day I believe that is how you pronounce it.

25
00:02:15,520 --> 00:02:17,040
Not really sure.

26
00:02:17,190 --> 00:02:23,450
And right here we want to go to the O W 2013.

27
00:02:23,760 --> 00:02:24,660
2013.

28
00:02:24,690 --> 00:02:25,020
Yeah.

29
00:02:25,060 --> 00:02:28,150
And cross-eyed scripting attack.

30
00:02:28,420 --> 00:02:34,510
Let me just find Dom injection and HDMI all five storage now.

31
00:02:35,290 --> 00:02:43,540
Now you can see that this leads us to a certain web page which basically I believe is used to uh store

32
00:02:43,540 --> 00:02:44,080
something.

33
00:02:44,080 --> 00:02:53,530
So let us just type here tool onto the one and add the new and we can see added key tool to session

34
00:02:53,530 --> 00:03:03,010
storage and we can see it added our word as an item one to the storage and you can also change the storage

35
00:03:03,010 --> 00:03:03,840
type right here.

36
00:03:03,850 --> 00:03:06,260
So we cannot write too.

37
00:03:06,400 --> 00:03:06,830
Right.

38
00:03:06,880 --> 00:03:12,820
Right here we can add Item 2 as a local storage type and as well it will add it right here.

39
00:03:12,820 --> 00:03:15,370
So these are the totals that we added right here.

40
00:03:16,120 --> 00:03:25,280
But no let's try to exploit this with the cross site scripting Dom injection.

41
00:03:25,360 --> 00:03:27,450
So what we want to do.

42
00:03:27,690 --> 00:03:33,200
Well first of all type the code in a leaf pad so you can see it better than I will copy paste it in

43
00:03:33,220 --> 00:03:36,380
the website to see if it works.

44
00:03:36,640 --> 00:03:44,170
What we want to do is for example we want to change the look or the h the amount the file itself in

45
00:03:44,170 --> 00:03:46,510
order to show something else instead of the.

46
00:03:46,630 --> 00:03:50,610
Instead of that page so let us do that.

47
00:03:50,700 --> 00:03:51,640
We want to type here.

48
00:03:51,660 --> 00:03:53,230
Image source.

49
00:03:53,310 --> 00:03:57,310
So first open up the airway bracket and then type your image.

50
00:03:57,330 --> 00:04:13,680
Source equals X on error equals then type here the number quotes document not body dot inner.

51
00:04:15,060 --> 00:04:24,710
I believe it is inner inner H CML equals then single quote or apostrophe can open up the header let's

52
00:04:24,720 --> 00:04:33,420
say in the header let's say it says you have been hacked for example.

53
00:04:33,420 --> 00:04:37,890
Now you can put anything you white one here you can even put something else if you want to.

54
00:04:38,220 --> 00:04:44,280
Especially if you know the yellow script and the HMO you can type anything you want.

55
00:04:44,280 --> 00:04:52,110
So what we want to do right now is close the header with this comment so open brackets then slash then

56
00:04:52,230 --> 00:05:00,570
H1 basically the H1 stands for the header we decided the one which is I believe the biggest the header

57
00:05:00,900 --> 00:05:03,290
version you can use not really sure.

58
00:05:03,330 --> 00:05:09,120
Not really that great that h the AML and what we want to do is close a single quote then close double

59
00:05:09,120 --> 00:05:13,010
quotes and add the error we brackets.

60
00:05:13,050 --> 00:05:19,520
So let me just check out once again we have a single quote open here we closed it right here.

61
00:05:19,680 --> 00:05:22,570
Double quote open here we closed it right here.

62
00:05:22,770 --> 00:05:25,630
So let us try to see if this will work.

63
00:05:25,650 --> 00:05:26,900
I believe it should.

64
00:05:27,180 --> 00:05:30,420
Unless I have some kind of an error in the syntax.

65
00:05:31,230 --> 00:05:42,010
So here let us instead of to type our code and here let's just say three and add new and as you can

66
00:05:42,010 --> 00:05:44,860
see it changes the entire page.

67
00:05:44,880 --> 00:05:45,300
Indeed.

68
00:05:45,370 --> 00:05:51,200
You have been hacked format or our header that we've written two seconds ago.

69
00:05:51,280 --> 00:05:55,850
Now let me just check for someone visiting.

70
00:05:56,020 --> 00:06:02,510
I don't think that it will stay there.

71
00:06:02,680 --> 00:06:09,350
I did this yesterday I should remember but I really don't so let us just visited once again.

72
00:06:09,440 --> 00:06:17,800
Always right here than the cross-eyed scripting Dom injection h the email storage and no it does not

73
00:06:19,370 --> 00:06:24,080
but it doesn't matter even we know now that this is more ball to the example.

74
00:06:24,170 --> 00:06:25,830
A point made to the exercise.

75
00:06:25,910 --> 00:06:33,970
Um injection or not injection access scripting attack as we can see we managed to change the inner H

76
00:06:33,980 --> 00:06:43,400
to a mouth uh page with this right here and it changed the entire page for us now.

77
00:06:43,590 --> 00:06:49,740
As I said this attack is used to growing the reputation of a certain of a certain company for example

78
00:06:49,920 --> 00:06:54,700
especially if it is the store let's assess the taxes if this were stored.

79
00:06:54,720 --> 00:07:01,170
Now everyone who visits this page would see this or for example if if you were to change some of the

80
00:07:01,170 --> 00:07:08,030
pictures on the web page E2 they would see a different pictures or basically anything that you put in

81
00:07:08,030 --> 00:07:12,570
the HDMI code with your access injection.

82
00:07:12,570 --> 00:07:20,070
So that was about it for the historical it was rather short and in the next one I'll show you a few

83
00:07:20,070 --> 00:07:25,030
tools that you can use in order to automate the cross-eyed scripting attack.

84
00:07:25,140 --> 00:07:28,470
So I hope I see you in the next lecture and Taker my.