1 00:00:00,270 --> 00:00:06,390 So in this, we will be seeing the brain, the skull reduction in the previous injections, we have 2 00:00:06,390 --> 00:00:07,950 seen the Arab Western Union. 3 00:00:08,580 --> 00:00:15,960 So in that we monitor the water and it will be sending an application and then the pictures from the 4 00:00:15,960 --> 00:00:20,660 database and it shows that there is no the place that is actually breast response. 5 00:00:21,240 --> 00:00:32,910 So in this brain, this connection, then there is a in taking input, but the result is not shown in 6 00:00:32,910 --> 00:00:33,000 the. 7 00:00:33,540 --> 00:00:35,850 So that is what brain disconnection means. 8 00:00:36,270 --> 00:00:42,870 Application is vulnerable to a connection, but it's sponsors does not contain any of our research. 9 00:00:43,290 --> 00:00:47,740 So how do we expect this use by checking the statements? 10 00:00:48,090 --> 00:00:56,610 So we put conditions like this and if it's true, the website will return something and if it finds 11 00:00:56,610 --> 00:00:58,860 who the certain something. 12 00:00:59,160 --> 00:01:02,550 So we see the differences between these two responses. 13 00:01:04,730 --> 00:01:11,130 So instead of when it comes to one, we will ask whether this, uh, economy, this or not. 14 00:01:11,150 --> 00:01:16,320 So if you take this, it will return the country, which we have got from now, our true statement. 15 00:01:17,990 --> 00:01:20,200 So let's get started. 16 00:01:23,490 --> 00:01:28,230 So help me to, uh, align with this one Mother Subscene. 17 00:01:39,260 --> 00:01:42,150 So this is the database I.D. username and password. 18 00:01:42,290 --> 00:01:43,650 This is in my local machine. 19 00:01:44,090 --> 00:01:56,830 Now, what I want to do is I want to set up to use them name from info, very user name zikos to add 20 00:01:56,840 --> 00:01:56,980 up. 21 00:01:58,970 --> 00:02:01,960 So now this is the only one that is that OK? 22 00:02:02,270 --> 00:02:09,050 Now what I do is I get to select some string of. 23 00:02:14,580 --> 00:02:24,090 So this quarter results a little bit on the arrow answer and in the terror, we are going to give you 24 00:02:24,090 --> 00:02:25,080 two parameters. 25 00:02:25,530 --> 00:02:28,710 That is the starting officer supposed one. 26 00:02:28,950 --> 00:02:33,730 And then from that officer to how many of beats you want to read, that is one. 27 00:02:34,320 --> 00:02:38,600 Now, he can see the first letter of the year. 28 00:02:40,140 --> 00:02:45,540 So let to the arrow and then we put the cursor at this offset one. 29 00:02:45,780 --> 00:02:50,610 So this is one one means discarding it and then count from here onwards. 30 00:02:51,180 --> 00:02:52,650 This offset one. 31 00:02:53,460 --> 00:02:54,470 So here. 32 00:02:54,590 --> 00:02:58,480 Hey, so here you can we got the answer here. 33 00:02:58,510 --> 00:03:02,640 So this brain, this connection using this technique. 34 00:03:03,570 --> 00:03:04,950 So that's existant. 35 00:03:12,970 --> 00:03:19,000 So you can also buy the whole apps using this editing the cookie in the entertainment audience and also 36 00:03:19,000 --> 00:03:24,370 boom, where this extension and this cookie extension from the Chrome and Firefox. 37 00:03:24,940 --> 00:03:27,380 So there will bring no upside for this video. 38 00:03:27,430 --> 00:03:29,240 You can try in this extension. 39 00:03:29,290 --> 00:03:29,710 Also. 40 00:03:35,320 --> 00:03:36,760 So let me choose this. 41 00:03:39,260 --> 00:03:42,230 And, uh, single. 42 00:03:47,870 --> 00:03:57,320 So now you can see there is somebody welcome back right now if you go to back refreshed this, so there 43 00:03:57,320 --> 00:03:58,160 is welcome back. 44 00:03:58,550 --> 00:04:01,040 I think there is more connection in the water. 45 00:04:01,640 --> 00:04:02,260 All right. 46 00:04:04,520 --> 00:04:09,990 So they have said that there is a connection in Coogee. 47 00:04:10,040 --> 00:04:11,690 So we'll see that one also. 48 00:04:25,740 --> 00:04:37,110 Click on this now Centera Peter, you can see the cookie, so cookie content, but we're tracking it 49 00:04:37,110 --> 00:04:38,430 in session so it will. 50 00:04:42,810 --> 00:04:50,140 The Skullcandy extracts the tracking that is put in the database and checks with this technology. 51 00:04:50,400 --> 00:04:54,750 So if that matches, it'll identify as a technician. 52 00:04:54,750 --> 00:05:00,220 And so I'm this is OK if this is something I don't like to think for. 53 00:05:00,540 --> 00:05:04,470 So then the tracking, it belongs to some other user. 54 00:05:04,500 --> 00:05:07,820 So this will be checked with the database. 55 00:05:07,830 --> 00:05:16,800 So this is so whenever we first ask the for the Web page, it is automatically downloaded and stored 56 00:05:16,800 --> 00:05:17,570 in the database. 57 00:05:19,380 --> 00:05:24,900 So that's why you need to put semicolon and we are going to make this a lot faster. 58 00:05:25,440 --> 00:05:25,890 One. 59 00:05:28,700 --> 00:05:31,010 One, so now let's send this request. 60 00:05:44,200 --> 00:05:48,970 OK, there are going to be one or three lines, right, so why not realigns? 61 00:05:51,300 --> 00:05:58,880 So now what you're going to do is manage to do so, we're making this as a first so in the world to 62 00:05:59,340 --> 00:06:03,350 some data from the cookie table, we're that is going to this one. 63 00:06:03,630 --> 00:06:05,010 So we're making it fast. 64 00:06:05,200 --> 00:06:08,940 Now, we should see some of the response on Coxon. 65 00:06:12,570 --> 00:06:19,000 So we've still got the same response on. 66 00:06:24,510 --> 00:06:28,200 So we should see some changes in this. 67 00:06:29,980 --> 00:06:32,340 That's one to one. 68 00:06:40,430 --> 00:06:43,280 So there is one extra layer where it is being added. 69 00:06:46,520 --> 00:06:48,610 So let's unpack this one. 70 00:06:59,700 --> 00:07:00,900 Let's push this. 71 00:07:02,840 --> 00:07:03,970 So this is the pool. 72 00:07:04,160 --> 00:07:05,900 So let's go answer to. 73 00:07:09,200 --> 00:07:10,550 Nosocomial is one. 74 00:07:15,940 --> 00:07:24,760 Now, let's get this done for them to, OK, this plane has been attacked, so we need to search for 75 00:07:24,760 --> 00:07:25,210 this one. 76 00:07:26,020 --> 00:07:29,920 So whenever there is one, that is false statement. 77 00:07:34,280 --> 00:07:35,810 So that is no welcome in this. 78 00:07:39,590 --> 00:07:43,970 I say one and send the response now let's search for work. 79 00:07:44,180 --> 00:07:47,340 So there it is, good for this country. 80 00:07:47,960 --> 00:07:50,390 So this statement is true. 81 00:07:50,400 --> 00:07:52,220 That means we're getting this response. 82 00:07:52,250 --> 00:07:53,000 Welcome back. 83 00:07:54,500 --> 00:07:57,560 OK, this should be a good indication for our queries. 84 00:07:58,500 --> 00:08:10,050 So, OK, now what we're going to do is we are going to look for some directress for some Tobi's so 85 00:08:10,070 --> 00:08:16,970 hearings that they have already told us that there is a user stable and the username and password but 86 00:08:17,020 --> 00:08:21,290 button need to get some are taking list from the. 87 00:08:22,640 --> 00:08:26,900 So I have married some random 88 00:08:29,720 --> 00:08:33,080 names on all newsgroups. 89 00:08:42,520 --> 00:08:45,520 So how have this double Ms. 90 00:08:55,570 --> 00:09:09,280 So, OK, now what we can do is I will show you how to fix the bubbles so you can set and select small. 91 00:09:10,180 --> 00:09:18,650 So we are targeting one element from that table in a table now. 92 00:09:20,800 --> 00:09:29,080 So this output will be smarter if the table exists so that if the table like this, we should get the 93 00:09:29,140 --> 00:09:30,220 solution here. 94 00:09:38,070 --> 00:09:46,920 So there is this waiting for right now what I can be select year from for, so there is a inflatable 95 00:09:46,920 --> 00:09:49,170 and there are some photos. 96 00:09:49,350 --> 00:09:51,180 So that's why we got the famous. 97 00:09:51,420 --> 00:09:56,120 Know, what we can do is we can say we want to limit the output to one. 98 00:09:56,130 --> 00:09:59,290 So that means we can get exact this year from this one. 99 00:09:59,550 --> 00:10:04,560 So this year we see at the same time we get going to the desert when there's a table in four. 100 00:10:04,920 --> 00:10:08,680 Now, let me change to in and you get that. 101 00:10:09,150 --> 00:10:10,740 So this is the first one. 102 00:10:10,770 --> 00:10:11,640 This is from. 103 00:10:15,140 --> 00:10:17,040 Limit one announcement. 104 00:10:18,380 --> 00:10:21,830 So there is a truth we shall see. 105 00:10:21,860 --> 00:10:22,490 Welcome back. 106 00:10:22,610 --> 00:10:27,250 So that means this is first so there is no power with the Internet. 107 00:10:27,560 --> 00:10:35,930 So now what you need to do is need to say users, sorry, there is a user and concern and you should 108 00:10:35,930 --> 00:10:36,380 see. 109 00:10:37,240 --> 00:10:38,090 Welcome back. 110 00:10:41,360 --> 00:10:43,070 So there is no welcome back. 111 00:10:49,190 --> 00:10:57,560 Once we have done something wrong, 70 years from users, the MCT want. 112 00:11:05,020 --> 00:11:11,050 So let's see what they have given that Evernham users. 113 00:11:30,450 --> 00:11:33,960 So you see one come back here, I think our caller is correct. 114 00:11:47,970 --> 00:11:51,660 Where I have been drawn sort of see the solution once. 115 00:12:05,110 --> 00:12:07,380 Oh, my God, the space. 116 00:12:07,770 --> 00:12:09,650 Oh, my God. 117 00:12:09,670 --> 00:12:13,300 The space after this year has been given that. 118 00:12:13,300 --> 00:12:14,820 I am sorry for that. 119 00:12:15,250 --> 00:12:18,410 So now you can see that is and come back. 120 00:12:19,090 --> 00:12:21,150 So that means the universe exists. 121 00:12:21,490 --> 00:12:30,430 So I hope for this one simple intruder and positions clear Argo positions you need to change to users 122 00:12:31,510 --> 00:12:33,250 so users click on ADD. 123 00:12:33,490 --> 00:12:37,210 So this means, however, has been added to users. 124 00:12:37,750 --> 00:12:43,960 Now click on parrots and now you can start typing some user, some names. 125 00:12:53,360 --> 00:12:53,640 Mike. 126 00:13:18,840 --> 00:13:25,620 So then add some tables here to users, log in credentials and so on. 127 00:13:26,940 --> 00:13:28,950 So this is a simple cyberattack. 128 00:13:29,520 --> 00:13:30,900 Now, that started at. 129 00:13:34,160 --> 00:13:36,380 So the default one is if I want to do. 130 00:13:42,540 --> 00:13:46,230 So let's turn to something that does not exist. 131 00:13:51,440 --> 00:13:57,690 That's right, exceptional, so I know the table does not exist, so give me the first response. 132 00:13:59,170 --> 00:14:03,560 Now we have the tables here and started at. 133 00:14:05,510 --> 00:14:10,640 So the default request is of the responses of the federal government. 134 00:14:11,180 --> 00:14:12,740 So now you can see the response here. 135 00:14:12,750 --> 00:14:14,410 There is no welcome back. 136 00:14:15,110 --> 00:14:16,110 There is no combat. 137 00:14:16,260 --> 00:14:21,080 No, you can certainly come to this land so you can see for what to do. 138 00:14:21,110 --> 00:14:29,660 So that means this uses a table like this so that so you pull these double, double limbs so the plane 139 00:14:29,660 --> 00:14:30,700 is clear in action. 140 00:14:31,250 --> 00:14:35,510 Most of the things are about the brutalism. 141 00:14:38,390 --> 00:14:43,220 So one another important thing, what you can do is select. 142 00:14:43,520 --> 00:14:49,600 So if you know that already, if that is MySQL database, you can get that select option. 143 00:14:50,450 --> 00:14:51,800 So Senate version. 144 00:14:53,750 --> 00:14:54,720 And. 145 00:14:58,670 --> 00:15:10,310 Or what you can do is clear from information schemata tables so we can bring other instruments, Camarata. 146 00:15:10,370 --> 00:15:18,190 Was it just because it's like my school or Microsoft a possibility if you are an descriptives? 147 00:15:19,490 --> 00:15:22,310 So let's go and do that again. 148 00:15:23,210 --> 00:15:25,630 So here my conditions are set. 149 00:15:26,300 --> 00:15:34,970 Now, let me add some more items for schemata tables and then are on the tables. 150 00:15:36,080 --> 00:15:38,580 So this is none of this is. 151 00:15:38,760 --> 00:15:38,980 All right. 152 00:15:39,830 --> 00:15:41,420 Now, let's start the attack again. 153 00:15:53,510 --> 00:16:01,450 So X1 is the first response we can start according to it and we can see the probables users and from 154 00:16:01,730 --> 00:16:08,570 commemoratives, so that means you can conclude that most of the functions are only thing that is in 155 00:16:08,940 --> 00:16:09,950 with the manuscript. 156 00:16:10,400 --> 00:16:11,150 Syntex. 157 00:16:14,320 --> 00:16:24,790 So let's go back to our reporter so you can order a, uh, breakfast at every table, what you can do 158 00:16:24,810 --> 00:16:27,970 is you can trade a table like this. 159 00:16:28,420 --> 00:16:34,260 Some non-Muslims have this table so we can use this table. 160 00:16:34,270 --> 00:16:34,610 Right. 161 00:16:34,990 --> 00:16:40,770 So in the normal, you just you need to get the most important or hypervigilant. 162 00:16:41,260 --> 00:16:42,610 So we route. 163 00:16:43,030 --> 00:16:45,100 So this might be the good Islam Sape. 164 00:16:51,870 --> 00:16:53,130 OK, no. 165 00:16:57,450 --> 00:16:59,220 We are going to up. 166 00:17:02,490 --> 00:17:04,890 So first, you need to find the column names. 167 00:17:05,070 --> 00:17:11,790 OK, so in solution, they did not do how to find the columnists, they just said, but there is a name. 168 00:17:13,530 --> 00:17:16,520 OK, now my militarizes select. 169 00:17:20,900 --> 00:17:27,600 In full, so we get the economic numbers of this particular to the least, you can certainly use it. 170 00:17:28,400 --> 00:17:33,360 So you got this is an current rate, but these two are separate columns now. 171 00:17:33,410 --> 00:17:38,900 What I do is I can get this, I can get this one. 172 00:17:38,900 --> 00:17:41,800 And now you can see I got the arrow. 173 00:17:42,080 --> 00:17:48,290 So, yes, the first year and the next one is I don't know what else I can do. 174 00:17:48,290 --> 00:17:50,870 The substring some Shingo's. 175 00:17:53,280 --> 00:18:01,260 OK, I could just see Sarah, some string of this and that is kookery. 176 00:18:10,570 --> 00:18:20,350 So the string of sorry, OK, December, so this this Enerco returns that yet. 177 00:18:20,680 --> 00:18:23,590 So in that we need to get the first one, which is it? 178 00:18:23,890 --> 00:18:24,960 Which we already know. 179 00:18:27,460 --> 00:18:33,770 So you can see it because first we have the year and concatenated with this tape. 180 00:18:34,090 --> 00:18:35,590 So we get this column. 181 00:18:37,540 --> 00:18:39,570 If there is a column, then we get the result. 182 00:18:39,590 --> 00:18:42,010 Yet there is no Kaminen username. 183 00:18:42,580 --> 00:18:43,920 So we get the first. 184 00:18:44,530 --> 00:18:45,410 So we get there. 185 00:18:45,430 --> 00:18:47,930 So this is how you can connect the columns. 186 00:18:48,430 --> 00:18:51,030 So again, this method is not this group. 187 00:18:52,300 --> 00:18:55,450 I found this using concat operation. 188 00:19:00,050 --> 00:19:04,070 Content of smaller comma user. 189 00:19:05,630 --> 00:19:07,310 So I'm just guessing this one. 190 00:19:09,680 --> 00:19:16,970 So not only in the users table to me using amorally from users. 191 00:19:20,560 --> 00:19:21,810 Limit one. 192 00:19:23,950 --> 00:19:25,390 So this is one Wangary. 193 00:19:29,590 --> 00:19:34,000 And will the submission of this one be to the starting? 194 00:19:44,640 --> 00:19:52,980 So now, if there is a user name column that you sort of send this and. 195 00:19:53,580 --> 00:19:57,880 Welcome back, that means there is a column with the username, so let's click on one. 196 00:19:58,290 --> 00:19:59,850 So get one. 197 00:20:00,180 --> 00:20:01,530 Now let's send the request. 198 00:20:02,580 --> 00:20:04,380 And there is no way that means. 199 00:20:05,910 --> 00:20:07,000 One does not exist. 200 00:20:07,020 --> 00:20:11,010 So send this to improve the conditions. 201 00:20:11,010 --> 00:20:12,480 Clear our positions. 202 00:20:13,510 --> 00:20:14,310 No, sir. 203 00:20:14,360 --> 00:20:15,440 This is a new one. 204 00:20:16,650 --> 00:20:17,370 And click on. 205 00:20:18,060 --> 00:20:28,030 Now, the pressure has been placed at the ballots so you can just get stuck on them. 206 00:20:28,050 --> 00:20:39,090 So this brainless school is sort of guessing and see what you can with the columns, passwords, password 207 00:20:39,300 --> 00:20:39,960 idy. 208 00:20:40,170 --> 00:20:41,130 Capital P. 209 00:20:41,700 --> 00:20:44,580 Passwords, capital P. 210 00:20:47,280 --> 00:20:55,260 Passwords and so an identity can be kept, Élodie. 211 00:20:59,230 --> 00:21:00,100 So what do you think? 212 00:21:00,130 --> 00:21:09,850 Yes, I think that's enough for this smart Ebenezer's non-constructive to that the first one, Leontes 213 00:21:10,360 --> 00:21:12,880 first response, you do not have a combat. 214 00:21:13,390 --> 00:21:24,600 So now you can then click on this to start according to the OK, I'm sorry, this is the case since 215 00:21:24,740 --> 00:21:28,170 that means more capital and inspired Batarseh. 216 00:21:28,360 --> 00:21:30,380 So, Pasodoble, I need to. 217 00:21:31,090 --> 00:21:34,480 So you don't require that much. 218 00:21:36,420 --> 00:21:42,040 So we came to pass our column and the decorum of the table users. 219 00:21:42,480 --> 00:21:48,440 So this is how you put the columns so we know the table use table. 220 00:21:48,660 --> 00:21:51,960 We have the three columns, Heidi, username and password. 221 00:21:54,100 --> 00:22:03,690 So generally, uh, here what they have given is that directly contact the relentless pursuit of three 222 00:22:04,240 --> 00:22:10,450 so you can see it didn't matter and if greater than three it to retaliate. 223 00:22:13,360 --> 00:22:18,490 And multiple times greater than three, greater than 10, greater than 30. 224 00:22:19,360 --> 00:22:22,030 So I put some methodology. 225 00:22:22,730 --> 00:22:27,210 I will show you there are some info on. 226 00:22:30,700 --> 00:22:32,350 From info, I didn't order. 227 00:22:33,490 --> 00:22:46,120 So now what I want to do is select the air from floor where I'm so frustrated and show you what I'm 228 00:22:46,120 --> 00:22:46,600 going to lose. 229 00:22:46,870 --> 00:22:51,370 I'm going to select the max of Lentulov using. 230 00:22:53,990 --> 00:23:02,450 From Infl, so which is the maximum user, the name, this one, this little necklace contains some 231 00:23:02,450 --> 00:23:06,200 greater number of characters and you can see 80. 232 00:23:11,570 --> 00:23:14,030 If you want to, uh. 233 00:23:14,240 --> 00:23:16,680 So this is, of course, this one. 234 00:23:17,180 --> 00:23:22,610 So that means the maximum characters of the maximum using them. 235 00:23:23,300 --> 00:23:27,040 So every other username is less than or equal to 18 characters. 236 00:23:28,910 --> 00:23:38,720 So that means we need to go for every, uh, this letter 18 times, like for each time, maximum 18 237 00:23:38,720 --> 00:23:39,140 times. 238 00:23:39,770 --> 00:23:47,240 So you need to check every read this first one and then second letter and then third and so on. 239 00:23:47,960 --> 00:23:52,650 So that will be our max moment in the same way. 240 00:23:52,670 --> 00:23:56,890 You can also check for password certain. 241 00:23:57,170 --> 00:24:05,700 So the maximum, uh, word that can password one that contains the characters are and so you add oversees 242 00:24:05,720 --> 00:24:09,570 the maximum rent and it contains the end characters. 243 00:24:10,490 --> 00:24:12,140 So this will be very useful. 244 00:24:13,430 --> 00:24:15,170 So let's go back to our repeater. 245 00:24:15,460 --> 00:24:17,000 Now, what we're going to do is. 246 00:24:26,840 --> 00:24:35,090 Senator Max of Randolph, so the quorum. 247 00:24:37,790 --> 00:24:39,110 What is the quorum now? 248 00:24:39,150 --> 00:24:46,340 We have phone that is user name right from the table users. 249 00:24:48,540 --> 00:24:53,700 So this result will return, whether it is No. 250 00:24:53,880 --> 00:24:54,540 So it will. 251 00:24:54,930 --> 00:24:55,940 You can also say one. 252 00:24:56,340 --> 00:25:01,230 So now let's end this and you can see there is no welcome back. 253 00:25:01,560 --> 00:25:05,180 I think the square is correct, Max, out front of user from users. 254 00:25:05,700 --> 00:25:06,180 That's fine. 255 00:25:06,180 --> 00:25:07,260 Nothing to intrude. 256 00:25:08,970 --> 00:25:14,780 So you need to clear all the placeholders and put the pressure on. 257 00:25:14,850 --> 00:25:20,360 So we need to check these returns over one, two, three, four, etc.. 258 00:25:20,520 --> 00:25:25,790 If we didn't spend, that means the maximum length of an instant could go negative. 259 00:25:27,030 --> 00:25:40,830 So come into the parents we need to add up for in the range of one to 30 percent off I so I'm going 260 00:25:40,830 --> 00:25:43,380 to add the container numbers. 261 00:25:44,280 --> 00:25:54,030 Copy this and don't click on this and burn this page here and now start the attack. 262 00:25:57,600 --> 00:26:01,080 So this is the first one one five zero six one. 263 00:26:04,630 --> 00:26:06,780 Already put this in descending order. 264 00:26:11,160 --> 00:26:14,280 So we need to wait for their response. 265 00:26:19,790 --> 00:26:29,430 So you can see why you want to so the response and so you can see there is a welcome back and the penalties 266 00:26:29,450 --> 00:26:29,810 30. 267 00:26:30,080 --> 00:26:33,740 So the maximum username is 30 now. 268 00:26:33,740 --> 00:26:35,690 Lentulov administrator. 269 00:26:38,650 --> 00:26:45,160 So that means there is in addition to the most probably the starting with the the stable, that containing 270 00:26:45,160 --> 00:26:46,150 username and password. 271 00:26:46,330 --> 00:26:47,910 Of course, they should be shorter. 272 00:26:47,950 --> 00:26:49,770 And the department. 273 00:26:52,300 --> 00:26:53,110 Because this. 274 00:26:56,020 --> 00:26:57,810 So these are my previous results. 275 00:26:59,740 --> 00:27:12,090 Now we have users, stable username, password, Heidi, and one of the usernames that we set to for 276 00:27:12,130 --> 00:27:15,100 the password for this administrator user. 277 00:27:19,520 --> 00:27:20,780 Let's go to Peter. 278 00:27:25,930 --> 00:27:35,620 And now we need to set up a password so we can change the password column. 279 00:27:43,100 --> 00:27:55,220 OK, we can move the substring substring of password, the first one, first off, so far at the first, 280 00:27:55,550 --> 00:28:12,110 so that means for shelter substring of password oneone from users, their user name is equals to administrator. 281 00:28:12,140 --> 00:28:16,570 You can also put the capper here. 282 00:28:16,600 --> 00:28:17,450 You can also try. 283 00:28:18,020 --> 00:28:19,550 First, let's try this Mollet. 284 00:28:22,960 --> 00:28:24,130 Administrator. 285 00:28:30,290 --> 00:28:39,290 So I think this should work, set up some sort of puzzle, first sort of being the first letter from 286 00:28:39,290 --> 00:28:49,260 the battlefield, from the U.S. administrator, sort of senior to one to year and concern somebody, 287 00:28:49,290 --> 00:28:51,910 not get combat, no central intruder. 288 00:28:53,240 --> 00:28:55,840 And we have this positions, our. 289 00:28:59,360 --> 00:29:10,520 So you can go into this, you can brute force this one article first, but first let's look for this 290 00:29:10,520 --> 00:29:12,080 one and click on ADD. 291 00:29:17,820 --> 00:29:20,400 OK, there, we need to choose this. 292 00:29:20,640 --> 00:29:25,350 We need to set up the panel on corporate monitors and all numbers. 293 00:29:31,490 --> 00:29:39,200 So that have become so this is my laboratory, I have created a small. 294 00:29:46,640 --> 00:29:53,900 So this is more like the contents of the small capital and the numbers 295 00:29:56,720 --> 00:30:04,780 so far, I mean, little print of it. 296 00:30:06,770 --> 00:30:08,300 So let me copy this. 297 00:30:08,300 --> 00:30:09,230 All of this. 298 00:30:14,870 --> 00:30:23,660 Paper ballots and post here, so we are checking it every half of it here and the number that is the 299 00:30:23,660 --> 00:30:25,780 first letter of the puzzle. 300 00:30:26,030 --> 00:30:27,530 Now, let's start the attack. 301 00:30:30,730 --> 00:30:36,030 So the department is for know, six one people in descending order. 302 00:30:38,690 --> 00:30:44,510 Because we already know that the true response contains Morente because darling, welcome back is being 303 00:30:44,510 --> 00:30:45,860 aired in the true response. 304 00:32:10,810 --> 00:32:22,690 So you can see the parent is young, so that means the first is young, so you can write down. 305 00:32:27,030 --> 00:32:33,270 So first one is so I have already done this, so the password is randomizer. 306 00:32:34,800 --> 00:32:36,120 Whenever you open this one. 307 00:32:36,150 --> 00:32:38,910 So that means the password for me is different than yours. 308 00:32:39,840 --> 00:32:44,250 And I can assure you that there are no capital afterwards. 309 00:32:44,760 --> 00:32:49,440 Just for the sake of this distributer, I'm going to skip uppercase one. 310 00:33:06,550 --> 00:33:07,750 OK, what? 311 00:33:14,430 --> 00:33:15,390 Then I do 312 00:33:18,870 --> 00:33:24,300 so now we got the numbers and smart afterwards. 313 00:33:28,770 --> 00:33:36,300 OK, what we're going to do is create all this and clear all the positions we are going to at this position, 314 00:33:36,360 --> 00:33:36,660 so. 315 00:33:40,080 --> 00:33:49,110 So this position one indicates the first bite and the second bite through the cuts and so on, and this 316 00:33:49,110 --> 00:33:52,830 one will be testing with the desert. 317 00:33:53,370 --> 00:33:55,410 So you need to survive the. 318 00:33:58,260 --> 00:34:02,940 Cluster bomb below the one. 319 00:34:05,880 --> 00:34:11,460 So the Pentagon is going to be armed, so that's at the Adepero. 320 00:34:13,230 --> 00:34:15,480 So these are the purple states. 321 00:34:15,570 --> 00:34:20,010 The Pentagon is going to be the maximum the password and. 322 00:34:23,230 --> 00:34:24,880 That is adding quanti. 323 00:34:30,470 --> 00:34:40,220 So let's not take the Sunday puzzle ballots, so let's take the maximum length of password. 324 00:34:48,570 --> 00:34:56,550 So in previous trials, I got that 20 as the password and so that since. 325 00:35:22,390 --> 00:35:23,620 So now you can see the. 326 00:35:24,160 --> 00:35:30,490 So that means the maximum a tax policy can 30 is 20. 327 00:35:31,600 --> 00:35:33,400 So let's generate the numbers. 328 00:35:37,010 --> 00:35:38,180 One 221. 329 00:35:45,230 --> 00:35:46,650 Copy and paste here. 330 00:35:47,120 --> 00:35:55,850 So pillar one is the one 221, so on 220 that is being searched for each byte of password and each by 331 00:35:55,880 --> 00:35:59,530 Twitter posting with this alphabet and numbers. 332 00:36:00,260 --> 00:36:03,080 So I think you need to just add that and it will be. 333 00:36:06,180 --> 00:36:09,170 And so already they're sending out dissident. 334 00:36:12,240 --> 00:36:18,580 So you can see here that you might be checking with you and to convert is taking you to Turbit and so 335 00:36:18,580 --> 00:36:24,870 on, if there is a year in any of these debates, I will get the response. 336 00:36:27,410 --> 00:36:35,150 So taking a position and now there is no air up to No. 337 00:36:47,120 --> 00:36:50,010 OK, I'm going to stop here now. 338 00:36:50,270 --> 00:36:51,450 It's taking so much time. 339 00:36:51,740 --> 00:36:57,850 So in the same way, you're going to automate the entire process with the python. 340 00:36:57,860 --> 00:37:08,390 So I already, uh, did some code, but I'm getting better at this, getting the password. 341 00:37:10,640 --> 00:37:12,140 So you are. 342 00:37:14,860 --> 00:37:15,070 It's. 343 00:37:16,780 --> 00:37:22,960 So if I should stake in the water and we are checking if it's supposed to bring the to getting ready 344 00:37:22,970 --> 00:37:26,630 default, then and then we're extracting the keys. 345 00:37:26,740 --> 00:37:35,070 So this is the key where we got the connection and then we're sending our request with modified cookie. 346 00:37:35,290 --> 00:37:39,140 So we're adding this is corporate and then we're talking. 347 00:37:39,370 --> 00:37:47,300 So if there is a like come back, it will be not equal to the length of the default response. 348 00:37:47,530 --> 00:37:49,980 So that means you are transparent to the school. 349 00:37:50,440 --> 00:37:52,170 And then we're proposing Dabbous. 350 00:37:52,540 --> 00:37:54,660 So I have added some brush to here. 351 00:37:55,780 --> 00:37:58,020 You can see users logging out. 352 00:37:58,030 --> 00:38:03,930 So these three tables, I'm going to bootless and I'm checking this using this quality, but this was 353 00:38:04,210 --> 00:38:04,780 shown up. 354 00:38:05,560 --> 00:38:06,940 And then again, same method. 355 00:38:07,660 --> 00:38:11,050 We are just getting there and comparing them to Fortran. 356 00:38:11,860 --> 00:38:15,580 And then I created the columns, username, password, hash society. 357 00:38:15,850 --> 00:38:18,320 And then I'm done reading this using the string. 358 00:38:18,920 --> 00:38:23,160 This is Skullcandy so we can know that this can't exist. 359 00:38:23,680 --> 00:38:25,090 So let's go on this. 360 00:38:25,540 --> 00:38:27,580 So it's just a simple brute force. 361 00:38:28,540 --> 00:38:29,460 So checking. 362 00:38:29,710 --> 00:38:37,060 So this is a tracking idea and your transparent brain is quite suitable for users and then columns with 363 00:38:37,060 --> 00:38:38,260 a new password. 364 00:38:38,260 --> 00:38:41,210 I won't show up. 365 00:38:41,380 --> 00:38:42,100 No, it's fine. 366 00:38:42,100 --> 00:38:45,930 But it's I'm getting some arrows at this, getting the password. 367 00:38:47,170 --> 00:38:50,380 So I hope for the Bapu's more than enough for this. 368 00:38:50,860 --> 00:38:57,960 So you can see what one of the answer at precognition the answer is the password contained. 369 00:38:57,990 --> 00:39:02,020 See, so in that way, after completion of this, you can put the password.