1
00:00:00,540 --> 00:00:07,110
All right, this note, we are going to see another misconfiguration that is allowing the reader access

2
00:00:07,110 --> 00:00:09,120
to these private tickets.

3
00:00:09,360 --> 00:00:15,780
So if you know the user name and if you notice, uh, if you can read the contents of this private Osiecki,

4
00:00:16,080 --> 00:00:18,670
then you can log in to that user without the password.

5
00:00:19,200 --> 00:00:25,650
You can log in to the as a city told that password and you largely get that user.

6
00:00:27,120 --> 00:00:37,160
So, uh, administrators generally will back up the route route users as a key into something very important

7
00:00:37,180 --> 00:00:37,920
near their territory.

8
00:00:38,250 --> 00:00:45,040
So if you have the right access like a normal user, then you can ask your belonging to the user.

9
00:00:45,360 --> 00:00:50,410
So I am here, the Ordover doctor, and this is about 30 to 40 in this river.

10
00:00:50,520 --> 00:00:53,780
We have the private institute and we don't know the password.

11
00:00:53,790 --> 00:00:59,950
So but so by reading this, are using this as the key.

12
00:00:59,970 --> 00:01:03,270
We need to log in to this Bendit 14 user.

13
00:01:04,930 --> 00:01:14,260
So frustrate me into this by using this Carpati, you can also use the normal switch and the number

14
00:01:14,260 --> 00:01:14,830
is.

15
00:01:17,490 --> 00:01:19,350
Uh, maybe, but no.

16
00:01:20,430 --> 00:01:23,710
So let me go to zero.

17
00:01:24,330 --> 00:01:35,210
I got to go to zero and then we need to open this connection reconnaissance and covid this password

18
00:01:35,220 --> 00:01:36,870
Bandit 13 and this password.

19
00:01:49,350 --> 00:01:55,980
So I successfully logged into this battle that you can see the username here address and we have this

20
00:01:55,980 --> 00:02:04,180
as a certificate of private, so let us use the permissions of this one so we can treat this as a private,

21
00:02:04,200 --> 00:02:05,550
let's say, cat.

22
00:02:09,010 --> 00:02:16,790
So this is a priority and we can use this private key to do this panel for the user.

23
00:02:17,680 --> 00:02:22,150
So here they have set the panel for dinner and we can use this one.

24
00:02:22,360 --> 00:02:28,480
So let me as I said, I think this works.

25
00:02:30,770 --> 00:02:34,560
As I such minus eight.

26
00:02:37,720 --> 00:02:38,680
Bandit 14.

27
00:02:49,330 --> 00:02:51,350
Yes, and there you go.

28
00:02:51,400 --> 00:02:59,080
We have successfully logged into this abandoned 14 user, so we just said that where this one.

29
00:03:00,900 --> 00:03:01,680
So.

30
00:03:03,600 --> 00:03:04,410
Yes, there we go.

31
00:03:04,440 --> 00:03:13,680
This one is you need to say, is it and many say to us it is private and the user Étretat is this old

32
00:03:13,680 --> 00:03:14,040
machine.

33
00:03:14,340 --> 00:03:18,470
That's why it has created its character to the same machine.

34
00:03:19,260 --> 00:03:21,560
So you can ask a special IP address of another.

35
00:03:21,810 --> 00:03:24,180
So we are actually logged into this Beneful.

36
00:03:24,540 --> 00:03:31,160
So you can think this is not true to part, but it may have some higher privileges than the reality.

37
00:03:31,470 --> 00:03:39,230
And you can also, uh, enumerate this user for any more escalation vectors so that this question is

38
00:03:39,240 --> 00:03:47,280
not from that we, uh, not only from normal user producer, but also can be normal user to a somewhat

39
00:03:47,280 --> 00:03:48,600
higher user.

40
00:03:49,680 --> 00:03:57,280
So this is how you create or produce if you have the read permission for this as a private.