1
00:00:00,210 --> 00:00:07,690
So in this video, we are going to see how to create opportunities using this pathway to build.

2
00:00:08,710 --> 00:00:11,280
OK, now I am going to.

3
00:00:18,820 --> 00:00:29,980
So now I'm going to find a way also as I'm going to find a binary that is, uh, with the user as to

4
00:00:30,100 --> 00:00:35,310
be done and I have already found that I'm not going to waste this time.

5
00:00:35,740 --> 00:00:38,120
And that isn't Usama bin Maeno.

6
00:00:39,640 --> 00:00:43,870
So this is a custom binary and it has this, uh, security button.

7
00:00:44,470 --> 00:00:47,490
And this binary is asking for straight conversion.

8
00:00:47,500 --> 00:00:48,460
And I have config.

9
00:00:53,360 --> 00:01:04,300
You can see here, you can see the city but is on and it's asking for sick conversion and I to take

10
00:01:04,680 --> 00:01:06,700
this photo too.

11
00:01:06,730 --> 00:01:10,050
It will give me the conversion for type three.

12
00:01:10,090 --> 00:01:14,220
It will give me the IP conversion.

13
00:01:15,470 --> 00:01:20,740
So I know how this is, uh, this binary is taking this status.

14
00:01:21,070 --> 00:01:29,620
So to see the commands used by this binary unit to tie strings, uh, these strings come in, use the

15
00:01:31,280 --> 00:01:34,180
squishing stored in that executable.

16
00:01:36,740 --> 00:01:37,190
Sorry.

17
00:01:40,290 --> 00:01:46,050
So these are the things that are stored in this executable and you can see the strings attached to conversion

18
00:01:46,050 --> 00:01:48,740
and you've configured to Joyce has also been stored.

19
00:01:49,110 --> 00:01:51,710
And then you can see there is a curcumin.

20
00:01:52,140 --> 00:02:00,020
They've already seen the command and it's asking for, uh, just, uh, status request and response.

21
00:02:00,030 --> 00:02:04,580
It is just responding, uh, whether it has some internal connectivity.

22
00:02:04,830 --> 00:02:12,630
And then it's, uh, giving the conversion using this unit minus R and I often think, uh, determining

23
00:02:12,630 --> 00:02:17,180
over Ethernet adapter status and choice if you give any other number.

24
00:02:18,030 --> 00:02:23,940
So the misconfiguration here is if you type which call.

25
00:02:25,740 --> 00:02:33,570
So it's you ejecting from the user beancurd, this is actual Kurbanov, so you need to do the actual

26
00:02:33,570 --> 00:02:41,250
part from the three saying you're serving coal miners and if you give the coal like this, then it will

27
00:02:41,250 --> 00:02:42,240
fetch from the pot.

28
00:02:42,570 --> 00:02:45,340
Now let's see a code Alapatt.

29
00:02:49,520 --> 00:02:51,800
So here the reuseable.

30
00:02:53,600 --> 00:02:54,940
So here it is, yes.

31
00:02:55,390 --> 00:02:59,790
And then this this party's in the middle somewhere, right?

32
00:03:00,320 --> 00:03:01,140
Yes, I've been.

33
00:03:01,430 --> 00:03:06,680
And then whenever you execute this call, it will take in this spot and then execute the goal.

34
00:03:07,370 --> 00:03:12,350
So what if there isn't another Kurbanov that is in the home cannot be built?

35
00:03:13,040 --> 00:03:17,260
If there is another Carbonari, then it will execute from starting.

36
00:03:17,270 --> 00:03:22,940
But so what it means is it will, uh, search for starting.

37
00:03:22,940 --> 00:03:26,020
But and then it fastidiosa to home cannot be built.

38
00:03:26,240 --> 00:03:29,110
And if there is no God then it will want to go home.

39
00:03:29,390 --> 00:03:33,820
Be and if there is no in I need to go on to local and etc..

40
00:03:33,980 --> 00:03:37,840
And finally you asabi there is a Kolber then it will execute.

41
00:03:38,690 --> 00:03:45,920
So now what we're going to do is we are going to create a fake file with the name Google so that going

42
00:03:45,920 --> 00:03:49,700
to a temporary tree so we can create the first.

43
00:03:49,700 --> 00:03:54,500
There are really two years ago core assets.

44
00:03:54,860 --> 00:04:00,030
So we are going to store this benefit and uh, file Corkle.

45
00:04:01,670 --> 00:04:06,980
So if a cat call, I have this business, it's know what I'm going to do.

46
00:04:07,430 --> 00:04:11,610
I'm going to add this part at the starting of this part, Marybel.

47
00:04:12,350 --> 00:04:15,020
So to do that, you need to sexpert.

48
00:04:16,950 --> 00:04:18,180
Parties equals to.

49
00:04:21,660 --> 00:04:23,940
Now, you said Colin.

50
00:04:27,990 --> 00:04:29,140
And you need to put the.

51
00:04:33,560 --> 00:04:36,160
Now, you see, if you export this oh.

52
00:04:39,070 --> 00:04:39,570
To the.

53
00:04:42,480 --> 00:04:49,200
Now there is a temporary truce, so first the temperature will be checked and there is a cold in that

54
00:04:49,470 --> 00:04:50,640
it will get executer.

55
00:04:52,230 --> 00:04:58,280
So there is a call and one more thing we need to set the permissions of this call at a 777.

56
00:04:58,740 --> 00:05:01,830
I am going to set the red executable for everyone.

57
00:05:05,560 --> 00:05:13,270
So now for this to turn into greencard, because it's an executive now, what we can do is we can,

58
00:05:15,160 --> 00:05:25,580
uh, run this ASUDA so that I think you should introduce us user bill and not because it's already executing

59
00:05:25,660 --> 00:05:30,030
as a result, because the user already is on.

60
00:05:31,690 --> 00:05:33,930
So now I'm going to execute this.

61
00:05:34,930 --> 00:05:43,300
So I need to press one because apparently statistically then our corporate executive now if I could

62
00:05:43,300 --> 00:05:47,340
enter, I shall get richer and then we got the richer.

63
00:05:52,020 --> 00:06:00,540
So this is how you correct any binary that is not using the absolute part, so whenever a binary is

64
00:06:00,540 --> 00:06:09,430
using the temporary or like a variable name from the part, uh, you need to you can escalate the operation

65
00:06:09,450 --> 00:06:10,190
to the root user.

66
00:06:11,550 --> 00:06:20,200
So this is one misconfiguration and you need to put the user bilker then only you are to recycle binary.

67
00:06:21,150 --> 00:06:22,620
So now I'm going to do this.

68
00:06:26,030 --> 00:06:28,620
So this is all about the pathway to manipulation.

69
00:06:30,170 --> 00:06:32,040
So let me recap what we are doing here.

70
00:06:32,480 --> 00:06:39,020
So there is a minority that is using another opportunity that is called which is a good example.

71
00:06:43,410 --> 00:06:48,450
And this whole binary is a good thing as a root result, because that user is on.

72
00:06:48,690 --> 00:06:58,550
So that's why we have added a tree stump and to the dollar, to the part where we will and we are at

73
00:06:58,550 --> 00:07:00,160
it at the starting of this pathway.

74
00:07:00,360 --> 00:07:07,470
So that, uh, exciting discovery will be found and it will get executed inside the code when we have

75
00:07:07,470 --> 00:07:09,670
written business and it will be on the shelf.

76
00:07:10,770 --> 00:07:15,420
So this is a pathway to manipulation and getting this aroup religious.