1
00:00:01,440 --> 00:00:09,150
So our guys know this year we are going to sign up a new user into the network, so you cannot create

2
00:00:09,150 --> 00:00:10,620
a new user normally.

3
00:00:11,130 --> 00:00:15,590
So you need to solve a challenge to get the, uh, sign up page.

4
00:00:15,600 --> 00:00:16,800
So click on this joint.

5
00:00:16,810 --> 00:00:19,430
Now we can go to this website had the work started.

6
00:00:20,370 --> 00:00:23,170
So let's do this.

7
00:00:23,400 --> 00:00:27,270
So they're turning this page to go to court.

8
00:00:27,930 --> 00:00:30,650
And so let's use the source code.

9
00:00:32,040 --> 00:00:33,120
So it's in one.

10
00:00:33,800 --> 00:00:34,950
So it's a one liner.

11
00:00:36,150 --> 00:00:37,140
So it's right.

12
00:00:37,140 --> 00:00:38,460
Click and inspect this one.

13
00:00:42,370 --> 00:00:51,600
So there is the, uh, front desk and a notepad dot mythologist, so this may be used to get the invite

14
00:00:51,620 --> 00:00:53,260
code, so that's right.

15
00:00:53,280 --> 00:00:55,190
Click on this carpooling address.

16
00:00:55,810 --> 00:00:57,850
Now open this new page.

17
00:00:59,470 --> 00:01:03,760
Now we have got some JavaScript function and it's being obfuscated.

18
00:01:03,760 --> 00:01:05,460
So easy to get to.

19
00:01:05,470 --> 00:01:07,010
Can see here there is a backup.

20
00:01:07,090 --> 00:01:14,170
So Bakare means in general is used to back something that cannot be understood by the woman.

21
00:01:14,600 --> 00:01:17,530
So you can see here, it's very tough to read this call.

22
00:01:20,530 --> 00:01:26,050
Before that, we will, uh, make this beautiful.

23
00:01:27,070 --> 00:01:30,580
So this is a one liner or this is also called reunification.

24
00:01:30,790 --> 00:01:38,240
So, uh, making the every call and tailcoat into the one line is called verification.

25
00:01:38,530 --> 00:01:40,900
So are we going to be extremely beautiful?

26
00:01:43,530 --> 00:01:53,970
So this beautiful format that according to the site, it's copy paste and format, extremely new know.

27
00:02:07,330 --> 00:02:08,990
So this is the original call.

28
00:02:10,750 --> 00:02:12,310
This is a series of poker.

29
00:02:14,050 --> 00:02:16,300
So there is a lot of things going on.

30
00:02:17,800 --> 00:02:21,340
So here this is another pack arriving, so.

31
00:02:27,980 --> 00:02:38,270
So one thing you can expect is there will be a random token, so here it is and it takes a group, so

32
00:02:38,270 --> 00:02:44,500
it's loading some randomly generated token and then it's showing the invite.

33
00:02:44,930 --> 00:02:51,980
So maybe this can be our secret or random generated that.

34
00:02:52,010 --> 00:02:52,760
Copy this.

35
00:02:56,110 --> 00:02:58,840
OK, I know where we are, so let's call this one.

36
00:03:01,630 --> 00:03:03,190
So this is a diverse group.

37
00:03:03,270 --> 00:03:09,050
OK, let's copy this and is nice.

38
00:03:09,610 --> 00:03:16,870
So this is a website which you can in which you can be obfuscate this obfuscated JavaScript code.

39
00:03:17,200 --> 00:03:26,470
So means so you can there is a uh or you can understand in the human language reconsolidate log of a

40
00:03:26,470 --> 00:03:28,260
variable, then you will get easily.

41
00:03:28,600 --> 00:03:34,480
So there is this, uh, obfuscation to hide from others, uh, to reveal the code.

42
00:03:35,170 --> 00:03:43,090
So here you can enter this obfuscated code and you can get the nice, uh, meaning of this JavaScript

43
00:03:43,090 --> 00:03:43,550
function.

44
00:03:43,780 --> 00:03:46,240
So page it in here and click on this.

45
00:03:46,240 --> 00:03:46,510
Nice.

46
00:03:52,880 --> 00:03:56,570
So I think this is the one we got this we wish.

47
00:04:03,130 --> 00:04:04,850
So let's not forget.

48
00:04:05,410 --> 00:04:12,700
So this is the, uh oh netcode we need to actually examine.

49
00:04:12,700 --> 00:04:19,350
You can see this is IDEX request, so there is a push to quash.

50
00:04:19,600 --> 00:04:20,690
So decision making.

51
00:04:20,690 --> 00:04:20,860
Wait.

52
00:04:21,190 --> 00:04:24,820
This is a function maybe executed on the server side.

53
00:04:25,660 --> 00:04:31,690
Are we to send the post request in a type different format to this?

54
00:04:31,690 --> 00:04:32,170
You are.

55
00:04:34,680 --> 00:04:36,390
OK, I think so.

56
00:04:36,710 --> 00:04:45,520
So you can see Unsuccess, we need to send it as a variable here and it is outputting on to the console

57
00:04:45,830 --> 00:04:46,280
server.

58
00:04:49,810 --> 00:04:58,060
So we need to make the post request to this, uh, in a different format and to this year so you can

59
00:04:58,060 --> 00:05:04,120
use the call, but I'm not going to open it up, so I'm going to use the online call.

60
00:05:09,020 --> 00:05:19,940
So let's try this push to Questcor minuses to this bond display unnecessary data, and we need to specify

61
00:05:19,940 --> 00:05:20,360
this.

62
00:05:20,360 --> 00:05:23,960
You are that is this one.

63
00:05:27,400 --> 00:05:28,580
Let's copy this one.

64
00:05:28,880 --> 00:05:29,320
Sorry.

65
00:05:33,010 --> 00:05:38,980
So check the box that is the domain name and the part is this one.

66
00:05:42,980 --> 00:05:52,010
And we need to send the parameters like the postulator saw before data, and you can see here the function

67
00:05:52,010 --> 00:05:54,430
is taking that as a variable name.

68
00:05:55,190 --> 00:05:59,140
So I think we need to send this data as it is available.

69
00:06:00,080 --> 00:06:01,270
So let's copy this.

70
00:06:01,910 --> 00:06:04,790
And it is equal to this one.

71
00:06:05,720 --> 00:06:10,020
And we need to set up a post.

72
00:06:10,580 --> 00:06:11,630
Let's send this one.

73
00:06:15,150 --> 00:06:18,150
So could not result at the box.

74
00:06:18,180 --> 00:06:19,140
Sorry for the.

75
00:06:25,290 --> 00:06:29,020
OK, we have got the success and we have got some data.

76
00:06:29,040 --> 00:06:34,980
You can see this is the data and the encryption type is a raw property, which is router 13.

77
00:06:35,520 --> 00:06:36,840
So that's copy this one.

78
00:06:37,800 --> 00:06:42,690
And that's a drop in decoder ring.

79
00:06:42,720 --> 00:06:47,430
Let's go ahead and decode this one page in here and click on this or that.

80
00:06:47,970 --> 00:06:54,690
So in order to generate the inside could make a post request to in white generate.

81
00:06:58,420 --> 00:07:04,520
So we need to remove this one, remove this whole, too, so this is the character you are now.

82
00:07:04,540 --> 00:07:11,280
So we need to make the EPA in general so that EPA in regulate and consent.

83
00:07:14,840 --> 00:07:21,350
So we have got this one, this, you can see a string ending there is equal to maybe the most cases

84
00:07:21,380 --> 00:07:26,300
it's a 64, so that's a base64 becherer.

85
00:07:30,730 --> 00:07:33,280
And pasted in here and decode this one.

86
00:07:35,050 --> 00:07:43,360
So this is the in code that is copied and pasted in here and you can sign up

87
00:07:47,050 --> 00:07:47,170
now.

88
00:07:47,350 --> 00:07:48,670
You can see congratulations.

89
00:07:48,840 --> 00:07:57,390
Now you can use the username here and email and the password and of these checkboxes and register.

90
00:07:57,400 --> 00:08:00,560
So that's how you all do the sign up for the hacked.

91
00:08:00,600 --> 00:08:02,940
But, uh, it's pretty easy.

92
00:08:03,190 --> 00:08:06,520
It's, uh, the odd about this group obfuscation.