1 00:00:00,690 --> 00:00:07,650 Oregon's initiative will be doing the falafel box from the box so they'll be able to spend their time. 2 00:00:08,190 --> 00:00:09,370 So let's get started. 3 00:00:09,750 --> 00:00:11,070 And I have already done that. 4 00:00:11,070 --> 00:00:20,190 And members can so you can see there are the boards and scanning and you can see there are two spots 5 00:00:20,190 --> 00:00:26,460 open, as is it, and there is a Web server and there are no EUTERPE boards. 6 00:00:26,640 --> 00:00:29,040 And they have also run the different groups. 7 00:00:29,670 --> 00:00:32,390 And you can see here there is nothing information. 8 00:00:32,670 --> 00:00:38,550 So there is a robot and it is allowing sort of the following, the standard. 9 00:00:39,540 --> 00:00:41,730 So that could be interesting. 10 00:00:42,120 --> 00:00:44,490 So that would be Bortolotti. 11 00:00:45,840 --> 00:00:55,970 And for every user agent, it is disallowing any text for this to be shown up in the car business. 12 00:00:57,610 --> 00:01:05,010 OK, uh, I have been over to scan and you can also see there is a login page. 13 00:01:06,810 --> 00:01:09,150 So let me say, I mean, 14 00:01:12,120 --> 00:01:22,840 it's so user and the password went so wrong ID and so that means whenever we give the user name our 15 00:01:22,860 --> 00:01:23,590 existing name. 16 00:01:26,050 --> 00:01:33,760 It's history again, so that could be, uh, we can try for billion as good indications, uh, why you 17 00:01:33,760 --> 00:01:42,670 need to pray for the Bolinas connection means when I do the character username, it is giving me some 18 00:01:42,970 --> 00:01:45,980 different results than the error message Claygate. 19 00:01:46,120 --> 00:01:50,930 So that means this could be vulnerable to the balloon as the actions. 20 00:01:52,010 --> 00:01:54,870 So, uh, I refuse to go to scan. 21 00:01:55,570 --> 00:02:05,470 So this is the login page and I have put the extensions first because the robots that they're destroying, 22 00:02:05,470 --> 00:02:11,360 the pictures showing up in like Google or any other verb. 23 00:02:11,710 --> 00:02:14,670 So that that's why I got the note and put the text. 24 00:02:16,510 --> 00:02:20,230 Now, interestingly, we have only one friend that is, uh, I would rather be. 25 00:02:22,120 --> 00:02:23,770 So if you go to that. 26 00:02:28,040 --> 00:02:34,820 So there's someone from us, from administrator militia, so to go to lawyers. 27 00:02:34,930 --> 00:02:36,810 OK, so far I've heard. 28 00:02:37,670 --> 00:02:42,860 OK, that could be the domain of killer. 29 00:02:52,700 --> 00:02:54,560 So let us see the. 30 00:03:08,860 --> 00:03:13,690 And you need to further debate. 31 00:03:21,110 --> 00:03:30,860 OK, it's the same page, right, you can see the log in, so it's the same page, so let's try to disperse. 32 00:03:35,520 --> 00:03:39,810 So there is no page on that, so of course, there is no hope for the people. 33 00:03:40,560 --> 00:03:44,840 So, you know, Chris has informed me that he will log into my confidence in the passport. 34 00:03:45,210 --> 00:03:50,580 So our guess should be correct because of the connection that they. 35 00:03:51,250 --> 00:03:58,960 So using that, you made a future so you can upload the, uh, the washer locks production on the form 36 00:03:58,980 --> 00:04:01,570 and senior to of one third of the water. 37 00:04:02,850 --> 00:04:11,850 So that means they should be put on the Bernasconi so that, uh, another intercept on. 38 00:04:13,650 --> 00:04:17,130 It's up to Barbara to. 39 00:04:19,550 --> 00:04:26,240 And when I send it to repeater down in the support of. 40 00:04:28,040 --> 00:04:34,610 So this username should be prone to the bullying that's going on, because whenever we are putting the 41 00:04:34,610 --> 00:04:40,130 correct information here, we are getting a different response and we are putting the wrong information, 42 00:04:40,150 --> 00:04:42,800 like get were getting the first response. 43 00:04:43,850 --> 00:04:48,580 OK, so we can see down here there is a fast response again. 44 00:04:48,590 --> 00:04:57,220 So this is the first condition and wrong ID issued should be a response. 45 00:04:58,430 --> 00:05:01,180 So this is the response, OK. 46 00:05:04,420 --> 00:05:08,800 Now, what I'm going to do is I'm going to say and. 47 00:05:15,360 --> 00:05:27,220 I'm going to put the first condition one is close to and then comments so the query could be set up. 48 00:05:27,240 --> 00:05:34,940 The current shows from that they were never name is close to admin and one is called Facebook Common. 49 00:05:35,550 --> 00:05:36,450 So they should be fine. 50 00:05:36,460 --> 00:05:43,290 Let's and this and no, we should see the false statement that is private. 51 00:05:44,280 --> 00:05:53,640 So that means this query got executor's and one is close to two use making the entire Koidu foris so 52 00:05:53,640 --> 00:05:55,210 that that's where you got the trigger. 53 00:05:55,650 --> 00:05:58,430 So let me change you to one is close to one. 54 00:05:58,900 --> 00:05:59,970 Now let's send this. 55 00:06:02,310 --> 00:06:07,910 And you can see wrong the inflation had been so that means this quarry has been executed successfully, 56 00:06:08,820 --> 00:06:10,040 so that should do it. 57 00:06:10,730 --> 00:06:15,510 Now I'm going to pray for prime time SQL injections. 58 00:06:23,440 --> 00:06:32,100 Our global mind maps can so be using the operating system, so that means on one day you cannot start 59 00:06:32,100 --> 00:06:33,020 a massive scale, right? 60 00:06:33,100 --> 00:06:40,410 Microsoft work so that you can you can only to pay for about mesoscale. 61 00:06:42,500 --> 00:06:47,420 OK, so sleep of four kids, I'm going to sleep for four seconds. 62 00:06:49,930 --> 00:06:52,020 So it's saying hacking director. 63 00:06:52,270 --> 00:06:52,800 OK. 64 00:06:52,840 --> 00:06:58,150 That should be changed to PG&E cause I'm training for PostgreSQL. 65 00:07:00,870 --> 00:07:01,810 So I can attend. 66 00:07:03,180 --> 00:07:12,270 So that means this is being checked for some other names in this, if discovery contains the words like 67 00:07:12,270 --> 00:07:20,610 sweet pea or benchmark, then this is going to be treated as a hacking attempt. 68 00:07:21,300 --> 00:07:23,280 So we cannot use the function. 69 00:07:23,560 --> 00:07:24,560 Functions are extra. 70 00:07:25,290 --> 00:07:32,910 So let me use Sarah so you to determine what type of database it's using, whether it's or whether they 71 00:07:33,050 --> 00:07:34,430 are not recorded. 72 00:07:34,830 --> 00:07:36,980 So you can see that the. 73 00:07:43,530 --> 00:07:56,330 Set up year from information schema dot lets first determine whether it be from the. 74 00:08:00,960 --> 00:08:04,700 They should be are no officer. 75 00:08:08,610 --> 00:08:10,560 Hmmm, maybe the Oracle. 76 00:08:11,550 --> 00:08:14,810 Oh, I think so. 77 00:08:14,870 --> 00:08:22,170 It's also true for other information schema that there was a limited one. 78 00:08:33,370 --> 00:08:38,910 OK, that should not come like this, Preferment. 79 00:08:43,970 --> 00:08:45,140 Let's pray for. 80 00:08:47,640 --> 00:08:50,640 We are watching. 81 00:09:03,140 --> 00:09:09,270 So, OK, this is not a regular, so we got that because there is not a regular version. 82 00:09:12,740 --> 00:09:21,540 So for missions commander, tables are limited, one is equal to yet, so we can do another. 83 00:09:21,560 --> 00:09:24,500 It is my school table that was. 84 00:09:26,730 --> 00:09:37,760 We need to determine the tables right now, salad bar you from what we consider Log-in in one. 85 00:09:42,870 --> 00:09:50,310 So when you were limiting one news, you should get only the one dessert yet and send this so pretty 86 00:09:50,310 --> 00:09:50,540 good. 87 00:09:50,760 --> 00:09:52,490 So let's try for users. 88 00:09:52,860 --> 00:09:59,710 So it is like a common table so you can just brute force with the intruder. 89 00:10:00,270 --> 00:10:04,220 So wrong ID but so that means we have the users. 90 00:10:05,450 --> 00:10:13,050 OK, now we need to add loopholes that use a column names on paper. 91 00:10:13,060 --> 00:10:20,730 It will be username and password, but we need to make sure that those are in there in that they can 92 00:10:20,730 --> 00:10:31,890 get off and concatenating with that username and whatever the user name it will be, it will be appended 93 00:10:32,010 --> 00:10:33,560 at the right side of it. 94 00:10:33,900 --> 00:10:41,100 And in this spring, we need to select first one because the first one will be out this year because 95 00:10:41,100 --> 00:10:43,840 we are concatenating the user name at this year. 96 00:10:45,690 --> 00:10:48,530 So substring of one government. 97 00:10:48,660 --> 00:10:51,740 So that should return you if there is a user name column. 98 00:10:52,500 --> 00:11:00,500 So let's send this request and you can see there is a name that send you to one to. 99 00:11:02,710 --> 00:11:09,540 And you can see try again, so that means there is no username Bucaram, there is no need to set the 100 00:11:10,690 --> 00:11:15,040 password, it's a password. 101 00:11:15,190 --> 00:11:22,330 And so you can see there is a password after 23, password only three. 102 00:11:22,330 --> 00:11:25,500 And see, there is only three. 103 00:11:26,230 --> 00:11:28,280 So that means we got the column. 104 00:11:28,500 --> 00:11:30,800 Let's check for Heidi Klum. 105 00:11:34,870 --> 00:11:42,820 So there is it really is an impasse, so we don't need to leave the idea now, we go to the user table 106 00:11:42,820 --> 00:11:47,020 and the user username and password call-up. 107 00:11:48,920 --> 00:11:56,420 OK, now what we're going to do is we are going to find the maximum string that is floating in these 108 00:11:56,420 --> 00:12:00,220 columns, Maxo Flintoff username. 109 00:12:02,370 --> 00:12:10,620 So you can do this limited one, so it should give you, like, certain. 110 00:12:13,120 --> 00:12:14,230 So let's end this. 111 00:12:16,460 --> 00:12:26,570 So, Brian, so that means, uh, the username Bucaram contains the data Mangrum cannot be done. 112 00:12:26,780 --> 00:12:35,240 So let me send this to intruder and we are going to, for these positions, clear our positions and 113 00:12:35,240 --> 00:12:36,890 set this one as position. 114 00:12:38,390 --> 00:12:39,520 Oh, God. 115 00:12:41,370 --> 00:12:46,080 OK, so let's add this position, uh. 116 00:12:50,780 --> 00:13:02,330 Let me say one to 51, because after a bruising week and that that is the hash of the 32. 117 00:13:05,430 --> 00:13:08,220 So let's copy all these numbers and. 118 00:13:14,950 --> 00:13:24,110 Bumpy roads and based here, we are going below a maximum of of using them and is equal to the number, 119 00:13:24,120 --> 00:13:24,730 we are beautiful. 120 00:13:25,560 --> 00:13:27,830 So let's start the attack. 121 00:13:32,310 --> 00:13:33,060 Started at. 122 00:13:35,890 --> 00:13:40,500 So the default period is this one that deals with the. 123 00:13:42,310 --> 00:13:50,200 So we got the response as they try again as if, all right, if there is a character, we get the wrong 124 00:13:50,200 --> 00:13:51,160 idea, unfortunately. 125 00:13:51,190 --> 00:13:56,850 So that means the characters and the true response are greater than this in the first response. 126 00:13:57,190 --> 00:13:59,410 So you can do the descending order for this. 127 00:14:01,610 --> 00:14:04,040 OK, so three nine, three maximum of. 128 00:14:09,570 --> 00:14:11,790 Maximum freedom, you can stop this one. 129 00:14:13,990 --> 00:14:18,680 I'll make money, you you can see Adventism makes more for right here. 130 00:14:19,550 --> 00:14:20,540 OK, fine. 131 00:14:21,350 --> 00:14:26,940 Oh, so OK, they should maybe there is only one user so that's fine. 132 00:14:27,480 --> 00:14:30,370 Now we are going to say password. 133 00:14:32,090 --> 00:14:33,790 So let's start this attack again. 134 00:14:35,540 --> 00:14:42,110 So let's see the default request that is up sort of default response. 135 00:14:44,200 --> 00:14:45,030 And that is. 136 00:14:45,580 --> 00:14:50,070 So you can double click on this to sort it according to the descending order. 137 00:14:57,440 --> 00:15:05,320 So that makes you the name, uh, could be Edwin or another member with the, uh, file. 138 00:15:07,550 --> 00:15:10,040 Characters there should be maximum. 139 00:15:36,020 --> 00:15:36,330 OK. 140 00:15:36,350 --> 00:15:38,720 Meanwhile, what are you going to use, uh. 141 00:15:40,400 --> 00:15:43,480 So your response rate, so sound three nine three. 142 00:15:44,120 --> 00:15:45,620 So the response is. 143 00:15:47,800 --> 00:15:54,190 So 32 is the maximum length, so that's caused this, so if you do that to the of brute force using 144 00:15:54,190 --> 00:15:54,920 the Internet. 145 00:15:55,270 --> 00:15:56,350 It will take days. 146 00:15:56,890 --> 00:15:58,860 So let's use the Python script. 147 00:15:59,110 --> 00:16:01,600 So first, we need to construct the query. 148 00:16:03,260 --> 00:16:04,060 Uh. 149 00:16:05,930 --> 00:16:11,630 Substring of bars for the first character should be. 150 00:16:16,310 --> 00:16:29,480 That's the year where user name use had been, so that should be on that send this request and see the 151 00:16:29,480 --> 00:16:32,230 response within the first contact with it or not. 152 00:16:32,600 --> 00:16:34,250 So first character is not a. 153 00:16:36,680 --> 00:16:45,050 OK, so let us script to this with Python, and I had it done the Python script in order to save the 154 00:16:45,050 --> 00:16:47,740 time, so it took a little bit of time. 155 00:16:53,430 --> 00:17:00,120 So, OK, I'm going the request, I will just explain this call, importing the Turkish model and using 156 00:17:00,120 --> 00:17:07,550 that username, so admin, admin and stuff like this, uh, this interprete additional. 157 00:17:10,170 --> 00:17:16,830 I just copied this and posted as usernames so you can see usernames and in this username we are going 158 00:17:16,830 --> 00:17:21,180 to go for this place and this press. 159 00:17:24,530 --> 00:17:33,950 OK, uh, first time downloading the data of the upper case and lower case and then the numbers and 160 00:17:33,960 --> 00:17:37,520 converting the dictionary, we need to send this as a data. 161 00:17:37,880 --> 00:17:39,960 So this is a different offer. 162 00:17:40,130 --> 00:17:47,000 So this is a different I'm storing it in the different variable and then I'm going to look for this 163 00:17:47,000 --> 00:17:51,860 one to 32 and admin and set up so you can see the placeholder here. 164 00:17:52,430 --> 00:17:53,750 I'm going to for this one. 165 00:17:54,080 --> 00:17:54,800 And this one. 166 00:17:57,570 --> 00:18:00,690 So after forcing out Kadesh. 167 00:18:02,560 --> 00:18:08,020 So this is the Python code, so for 10 minutes we got this and that repositions. 168 00:18:08,040 --> 00:18:09,960 And finally, this is the hash. 169 00:18:10,900 --> 00:18:14,240 This is fresh out. 170 00:18:19,700 --> 00:18:20,170 OK. 171 00:18:20,380 --> 00:18:26,930 Uh, it's using the P p, right, so I have to ask my friend on the record immediately, he had found 172 00:18:26,930 --> 00:18:29,910 that there is appear to be collusion. 173 00:18:29,930 --> 00:18:31,640 So I'm going to explain that. 174 00:18:32,450 --> 00:18:37,820 But I'm going to show you how to force the other user names in that database. 175 00:18:39,510 --> 00:18:40,880 Um, OK. 176 00:18:47,730 --> 00:18:52,070 And let me grab the request. 177 00:18:52,110 --> 00:18:55,750 So this is the page now I'm going to say take a. 178 00:18:58,210 --> 00:19:03,820 So they try again now you can use the user's three. 179 00:19:08,790 --> 00:19:14,490 I think say, Chris, the reporter users. 180 00:19:47,910 --> 00:19:53,310 So this is very unless there's securest common. 181 00:19:56,510 --> 00:20:00,710 Not this one, you can type usernames. 182 00:20:05,990 --> 00:20:10,320 Let's see, does contain some 10 million Muslims. 183 00:20:12,340 --> 00:20:14,490 And Mrs. Kuhar and. 184 00:20:25,480 --> 00:20:25,970 OK. 185 00:20:25,990 --> 00:20:33,830 Uh, anywhere, uh, you can use any word and you can simply write the Python script and you can put 186 00:20:33,830 --> 00:20:40,210 for this one in this world, you can put right it and send the request and see the response, if it 187 00:20:40,210 --> 00:20:47,410 is, uh, before that is a relevant saying that again, then you can see that, uh, username does not 188 00:20:47,410 --> 00:20:47,890 exist. 189 00:20:48,600 --> 00:20:49,960 OK, um. 190 00:20:53,360 --> 00:21:02,660 I go back to my notes, we have this hash rate, so this is the hash, uh, in our database. 191 00:21:03,830 --> 00:21:05,870 OK, uh, what I'm going to do is. 192 00:21:09,700 --> 00:21:16,600 There is another member, Chris, so what I'm going to do is I'm going to run the Python script to grab 193 00:21:16,600 --> 00:21:20,740 the hash of the cross user so mean we can do other. 194 00:21:21,790 --> 00:21:22,650 That should be it. 195 00:21:28,100 --> 00:21:33,990 But country good, so so to run in the background. 196 00:21:34,580 --> 00:21:38,450 So meanwhile, I will show you a magic house. 197 00:21:38,750 --> 00:21:44,750 So if we go to this website, Whiteheads, it's basically saying that, uh, BHB when were not using 198 00:21:44,750 --> 00:21:52,010 the word equal, but it does not check the left hand side and the right hand side was taped. 199 00:21:52,310 --> 00:21:57,280 The compass you need to use that properly equal to, it's similar to the JavaScript. 200 00:21:57,680 --> 00:22:04,490 So whenever, uh, the number is stacked with Julie and the remaining is the only numbers, this will 201 00:22:04,490 --> 00:22:06,680 be treated as a proving point value. 202 00:22:07,650 --> 00:22:16,220 OK, so whenever there is a database like BHP and it is using the hash of the file and say this number, 203 00:22:17,000 --> 00:22:23,230 if you, uh, put a hash of this number, you get this exact same result. 204 00:22:23,450 --> 00:22:26,760 So you can see this is the exact same result we have here. 205 00:22:27,530 --> 00:22:29,870 So that means this floating point number. 206 00:22:30,350 --> 00:22:37,880 If you log in with this floating pin number, it will be sent into the hash function and output will 207 00:22:37,880 --> 00:22:38,530 be this one. 208 00:22:39,290 --> 00:22:43,160 And me, it is like comparing this one with the zero. 209 00:22:43,670 --> 00:22:46,260 So it is checking, uh, whether it is correct or not. 210 00:22:46,280 --> 00:22:49,350 So obviously you get similar. 211 00:22:49,700 --> 00:22:52,840 There are some other medications as well. 212 00:22:54,440 --> 00:23:01,030 I if it's using that amplitude, then you can try this, you can see the hashes particular. 213 00:23:01,370 --> 00:23:05,640 So if this is the hash that is told in the database and you can try to. 214 00:23:07,380 --> 00:23:17,160 So this is the table you can put down in your notes, so let me call this number and let us go back 215 00:23:17,160 --> 00:23:18,180 to Firefox. 216 00:23:18,810 --> 00:23:20,610 So meanwhile, brute force. 217 00:23:23,210 --> 00:23:25,130 On Edman Borsht. 218 00:23:27,470 --> 00:23:36,650 So just like successful and we got some somebody that is free to upload a message, so I have, ah, 219 00:23:36,680 --> 00:23:41,960 the image papers filed by passing techniques, but I failed. 220 00:23:42,320 --> 00:23:46,820 So then I have tried the that particular page without being and person. 221 00:23:46,820 --> 00:23:52,540 They are the extensions in the GitHub page. 222 00:23:53,360 --> 00:23:57,660 So if we can't profile it says no human remains. 223 00:23:57,950 --> 00:24:04,210 So that means, uh, we need to put the long name so that there may be a buffalo for good or not. 224 00:24:04,670 --> 00:24:06,530 So let's go ahead and print. 225 00:24:16,330 --> 00:24:18,310 OK, let's create a new file. 226 00:24:24,210 --> 00:24:28,950 So be like I'm bored, regress. 227 00:24:37,050 --> 00:24:44,340 OK, meanwhile, let's capture that question about to understand, um, which parameters it's being 228 00:24:44,340 --> 00:24:44,710 sent. 229 00:24:45,600 --> 00:24:48,300 OK, or get up where you are. 230 00:24:48,310 --> 00:24:48,700 Right. 231 00:24:48,930 --> 00:24:52,710 So we need to hold off on our, uh, mission. 232 00:24:52,980 --> 00:24:55,420 So blatantly so. 233 00:24:57,770 --> 00:25:00,930 Where are we, Fox? 234 00:25:16,900 --> 00:25:21,940 So let's first host the Florida and now. 235 00:25:36,540 --> 00:25:38,850 There is a disturbing new. 236 00:25:41,520 --> 00:25:43,430 Sorry to bother you. 237 00:25:49,740 --> 00:25:57,650 Chance senators have done so, we can upload our attendees to into the saltpetre. 238 00:25:58,700 --> 00:26:00,530 OK, let's start off. 239 00:26:03,050 --> 00:26:14,990 So successful where uploads a random string, so in that kind of thing for the, uh, the file has been 240 00:26:14,990 --> 00:26:15,470 uploaded. 241 00:26:18,590 --> 00:26:19,940 To do that, PMG. 242 00:26:25,690 --> 00:26:27,040 Let's go to the directory. 243 00:26:30,210 --> 00:26:38,010 So in the brute force of the global fraudulency, the territories here are up front, so this a for 244 00:26:38,010 --> 00:26:38,190 them. 245 00:26:38,490 --> 00:26:41,070 So the fighters are going into that for the. 246 00:26:46,150 --> 00:26:47,980 Uproots and Destra do not be. 247 00:26:50,910 --> 00:26:58,270 So it's this image cannot be dispelled because it contains cells, so you can see there are no limits. 248 00:26:58,650 --> 00:27:01,410 So that means we need to or four of them. 249 00:27:01,450 --> 00:27:02,210 I don't know. 250 00:27:02,880 --> 00:27:03,940 Let's try this out. 251 00:27:04,970 --> 00:27:12,740 So what is the better you do, sending your order as a parameter name and where you used to? 252 00:27:12,960 --> 00:27:14,240 So that should be fine. 253 00:27:17,400 --> 00:27:20,300 Is equals to requests, not the tough. 254 00:27:27,680 --> 00:27:34,130 Also, I applaud you all is equal to. 255 00:27:48,210 --> 00:27:49,600 Çöpler, BHP. 256 00:27:55,330 --> 00:27:56,620 So now what? 257 00:27:56,650 --> 00:27:58,900 Let's, uh, generate the file name. 258 00:28:03,090 --> 00:28:04,450 That's a capital B.. 259 00:28:27,150 --> 00:28:35,330 Sort of to frighten them and it's a hundred bees firing them plus equals to, let's say, the exchange, 260 00:28:35,410 --> 00:28:40,760 Nasdaq P and G, 200 bees and that being OK. 261 00:28:40,830 --> 00:28:41,790 Uh. 262 00:28:46,850 --> 00:28:55,550 So let's say that fire should be hoisted right in yes, so it's not a system of. 263 00:28:59,970 --> 00:29:11,070 But the firing up, not format of finding out, so, no, I'm going to make that they're done that is 264 00:29:11,520 --> 00:29:12,410 this down. 265 00:29:17,020 --> 00:29:26,650 Dictionary you order and then data is our source, so that is. 266 00:29:28,670 --> 00:29:31,880 And this one. 267 00:29:34,080 --> 00:29:40,470 GDP ten point six hundred eight thousand. 268 00:29:43,990 --> 00:29:44,620 It doesn't 269 00:29:47,800 --> 00:29:49,690 define them right? 270 00:29:52,550 --> 00:29:54,770 Not format of fire, no. 271 00:29:56,630 --> 00:30:06,980 So that's our data now are Oddisee calls to requests that get off your order, upload your order, and 272 00:30:06,980 --> 00:30:09,470 then we need to push the data that is equal to. 273 00:30:11,760 --> 00:30:15,000 OK, that should do it, you should send a request. 274 00:30:15,360 --> 00:30:18,120 Maybe we should send a cookie as well. 275 00:30:18,990 --> 00:30:20,330 That's OK. 276 00:30:20,400 --> 00:30:28,080 Sorry, I don't recognize as this cookie sockpuppet is Cookie. 277 00:30:31,480 --> 00:30:33,430 Cookie zikos to. 278 00:30:48,660 --> 00:30:50,310 Each piece is really. 279 00:30:52,500 --> 00:30:57,560 This one, so that should be that is another cookie. 280 00:30:57,740 --> 00:31:01,820 So with a cookie, I'm sending this request. 281 00:31:02,000 --> 00:31:03,060 So that should apply. 282 00:31:04,850 --> 00:31:07,820 OK, so now I'm going to print the order. 283 00:31:09,800 --> 00:31:18,660 So let's see again, the corporate BHB and logging as a admin and the them so that they should be. 284 00:31:20,560 --> 00:31:22,300 I don't really want to be like. 285 00:31:26,010 --> 00:31:26,480 Sorry. 286 00:31:40,700 --> 00:31:49,730 So we got some results with that, so you specify a new order of an image to upload. 287 00:31:55,020 --> 00:32:01,950 I'm sorry, I'm sorry, supposed to request so sorry, because the Post. 288 00:32:06,000 --> 00:32:11,370 So you can see that proves for and approach to this round number. 289 00:32:11,820 --> 00:32:15,200 So it has operated the hundred bees got BMG. 290 00:32:16,080 --> 00:32:19,650 So let me increase the number 200. 291 00:32:26,800 --> 00:32:36,420 Hmm, OK, that's I think it has successfully appeared to be sloppy, and so let me introduce to three. 292 00:32:46,580 --> 00:32:47,780 Finding them too long. 293 00:32:47,830 --> 00:32:48,800 What the hell is that? 294 00:32:55,780 --> 00:33:05,230 So the Farnam is Gurang for Coretta's, so it is trying to shorten, so shorten, but this one let me 295 00:33:05,320 --> 00:33:08,050 copy all this BS copy. 296 00:33:11,930 --> 00:33:13,280 Mauresmo, Braedon. 297 00:33:19,560 --> 00:33:20,910 So then, dollface. 298 00:33:22,990 --> 00:33:35,650 So six characters that is being accepted by the, uh, Bakan, so let's go and tweak our export to this 299 00:33:35,920 --> 00:33:41,660 sort of 236 rate putative boom and you can see not being here, so. 300 00:33:41,680 --> 00:33:41,970 Right. 301 00:33:42,490 --> 00:33:47,940 So that should Coraki fit on to our web, uh, the filter. 302 00:34:03,080 --> 00:34:06,980 So successful it has been successful. 303 00:34:08,570 --> 00:34:11,600 Now let me change the extension to. 304 00:34:14,650 --> 00:34:18,790 BHP and let's see the response. 305 00:34:24,030 --> 00:34:26,320 So something bad happened, bad extension. 306 00:34:26,380 --> 00:34:35,240 OK, I don't know what we're going to do is, um, so fire them is equal to that. 307 00:34:37,140 --> 00:34:38,790 Yeah, that should do it. 308 00:34:38,790 --> 00:34:39,410 I think so. 309 00:34:45,680 --> 00:34:52,400 OK, you can see whenever you open the 240 characters, the last four characters have been truncated 310 00:34:52,640 --> 00:34:57,690 and you can see that look to the final that BHP. 311 00:34:58,220 --> 00:35:07,740 So what we are going to do is we are going to direct a file that is 232 of normal characters and with 312 00:35:07,740 --> 00:35:09,590 the extensions that it will not be. 313 00:35:13,640 --> 00:35:14,080 OK. 314 00:35:20,110 --> 00:35:24,040 So let me say beat it to 232. 315 00:35:28,590 --> 00:35:28,990 Copy. 316 00:35:33,000 --> 00:35:33,960 A national 317 00:35:36,810 --> 00:35:39,660 database that got PMG. 318 00:35:41,730 --> 00:35:44,310 So now we need to push the BHP Rauscher. 319 00:35:48,520 --> 00:35:50,770 BHP, Rio, that BHP. 320 00:35:58,540 --> 00:36:07,960 I think I have already written this, the tendency already, so they should get paid to copy all the 321 00:36:07,960 --> 00:36:08,760 content. 322 00:36:22,740 --> 00:36:24,810 Copy this and before tweet. 323 00:36:27,130 --> 00:36:27,630 OK. 324 00:36:31,460 --> 00:36:33,510 But me again, where is the pool? 325 00:36:34,970 --> 00:36:36,230 Host the server. 326 00:36:46,190 --> 00:36:51,050 So instead of just firing them, you can to comment this. 327 00:37:01,760 --> 00:37:08,310 I think Farnam has been formed here, so we have already created the file that is attached to the Beechcraft 328 00:37:08,330 --> 00:37:14,990 page and here we are, a parody of that should be this. 329 00:37:21,770 --> 00:37:31,520 So trying to shorten so has been uprooted to this territory, so copy this random string and. 330 00:37:34,400 --> 00:37:39,260 Let's go to Slash, uh, let's start the listener. 331 00:37:43,580 --> 00:37:45,220 OK, what is the final? 332 00:37:50,050 --> 00:37:55,660 So these had to do with the bills and not be here? 333 00:37:56,170 --> 00:37:56,970 No, he turned up. 334 00:37:58,900 --> 00:37:59,790 We shall see. 335 00:37:59,980 --> 00:38:02,550 We should see the show so you can see who I. 336 00:38:03,490 --> 00:38:10,280 So we are tied up and let's see our positions so cracked, the 18 positions appear. 337 00:38:10,570 --> 00:38:22,360 So let us continue our which by dawn, which by the country that should be right on through. 338 00:38:25,360 --> 00:38:28,440 Know we do a lot. 339 00:38:32,350 --> 00:38:33,600 Bin Bash. 340 00:38:37,610 --> 00:38:43,880 OK, let's update Aboudi, so we are KDDI, where the H.T.. 341 00:38:51,410 --> 00:38:56,830 She'd rather see the insurance. 342 00:39:02,930 --> 00:39:04,160 Seabridge Giammo. 343 00:39:07,190 --> 00:39:12,090 So these are the first contests I would rather be active in logic. 344 00:39:12,170 --> 00:39:15,830 So let me use you the legal logic that BHP. 345 00:39:18,680 --> 00:39:31,040 OK, so my dad pushed us and we need to send the username password, compulsory message, inverted username, 346 00:39:31,040 --> 00:39:31,810 password. 347 00:39:31,930 --> 00:39:37,820 OK, so here we are getting into your verbal ambassador. 348 00:39:40,970 --> 00:39:50,120 And they're being compelled to use a certain type and then you can see it is of and so we have to send 349 00:39:50,120 --> 00:39:54,830 the first number that is being put this past. 350 00:39:55,670 --> 00:39:57,890 So that will result in the same hash. 351 00:39:57,890 --> 00:39:58,630 That is the. 352 00:40:14,110 --> 00:40:28,910 Oh, there are no match of your meal and sleep benchmark, so you so you can see if we send the union 353 00:40:29,450 --> 00:40:37,460 through parliament marking the username full of possible food, using hacking the hacking at undetected. 354 00:40:37,910 --> 00:40:43,740 So we're going to end the race so you can see this is the connection. 355 00:40:43,910 --> 00:40:48,650 So this is not done correctly? 356 00:40:48,950 --> 00:40:51,920 No, it's password. 357 00:40:52,190 --> 00:40:57,160 And then it is Rawdon's goes to admin, then going to operate BHP. 358 00:40:58,460 --> 00:41:01,690 Otherwise it is not preferred at BHP. 359 00:41:01,870 --> 00:41:05,390 OK, since what we've ended up that BHP. 360 00:41:10,070 --> 00:41:16,070 So that sure, that is the logic of this and other things that BHP. 361 00:41:21,120 --> 00:41:25,530 So it is taking the Rose Garden connection that BHP. 362 00:41:28,680 --> 00:41:31,430 Localhost six, that is my school. 363 00:41:31,440 --> 00:41:39,750 So it is running as internal, we can see more Passo so you can see this is the username for the user, 364 00:41:40,470 --> 00:41:40,950 for the user. 365 00:41:40,950 --> 00:41:45,030 Marchette So connecting to this uh metaverse. 366 00:41:45,190 --> 00:41:46,970 So this is a good. 367 00:41:49,220 --> 00:41:54,080 Hmm, so we can I into this morning, you know, this is a pop open 368 00:41:57,020 --> 00:41:58,780 that another interesting phylis. 369 00:42:02,500 --> 00:42:05,200 So we can also provide BHP. 370 00:42:19,940 --> 00:42:30,520 So this is not random, Florida, so it is creating the random follow up, so there should be some red 371 00:42:31,140 --> 00:42:31,910 36. 372 00:42:41,060 --> 00:42:49,620 So anywhere we can go to Monsur, the password, so we're watching it. 373 00:42:50,450 --> 00:42:53,540 Let's go to KDDI home. 374 00:42:56,460 --> 00:43:00,430 And less so there is another user or less your seat. 375 00:43:01,410 --> 00:43:02,800 So we had the permission. 376 00:43:03,540 --> 00:43:09,520 So the idea, OK, you can see there are so many unusual groups here. 377 00:43:10,200 --> 00:43:11,490 Got a lot of checking. 378 00:43:11,490 --> 00:43:12,560 I did not get anything. 379 00:43:12,570 --> 00:43:20,450 Then I saw an ad from the right up and there is a frame buffer from the video. 380 00:43:20,580 --> 00:43:28,180 So let's go to the analyst group if we start. 381 00:43:29,580 --> 00:43:37,160 So if it's OK, if we go to get our price strings of Mesero. 382 00:43:37,350 --> 00:43:39,600 So these are a good raw format. 383 00:43:40,230 --> 00:43:41,760 You can't get much out of it. 384 00:43:42,030 --> 00:43:54,990 So we can say get your mesero etc. dot image, let's say image or not, we'll get permission to get 385 00:43:55,080 --> 00:43:56,040 a zero. 386 00:43:56,580 --> 00:44:00,840 And we're are saying to them, image VirTra. 387 00:44:03,430 --> 00:44:10,090 So you do temp and this myself up, so you can see there are these many bites. 388 00:44:10,450 --> 00:44:14,790 So what you can do is you can open this in computer or Photoshop. 389 00:44:14,800 --> 00:44:19,110 So I do not have -- or Photoshop I would use in the format of the computer. 390 00:44:19,120 --> 00:44:25,510 So there would be a real order in this -- and Photoshop so you can use those. 391 00:44:25,960 --> 00:44:30,850 But this image, after loading the image, you'll get the password like this. 392 00:44:34,510 --> 00:44:42,190 So there will be image of rocking of the user, uh, trending this year, so user is going to change 393 00:44:42,190 --> 00:44:46,180 the password and that image will be in the as a screenshot. 394 00:44:46,210 --> 00:44:49,410 So this is the password for the user. 395 00:44:52,730 --> 00:44:54,980 Now I can switch to Yossi. 396 00:44:58,780 --> 00:45:07,300 So this Morschel user, how the school, my school user, morschel password. 397 00:45:11,680 --> 00:45:19,230 Let's see whether there are any other juicy information in the database show databases, so information 398 00:45:19,240 --> 00:45:24,800 schema and value for use are use for. 399 00:45:27,020 --> 00:45:32,720 I showed there was so there is only one double users, so let's 400 00:45:35,600 --> 00:45:42,020 start from users, so I'd use a password. 401 00:45:47,590 --> 00:45:55,730 I mean, so this is the highest you can see exact hash and Chris, so the cruise user has been at this 402 00:45:55,750 --> 00:46:00,220 hash, you can see, oh, we're. 403 00:46:17,550 --> 00:46:22,290 What I'm selecting the clues and a substance. 404 00:46:37,610 --> 00:46:44,190 OK, the first hash begins with a B, right, so the B ID for this one. 405 00:46:45,770 --> 00:46:48,850 OK, there is no information on its exit. 406 00:46:49,970 --> 00:46:51,770 Let's go to your Yossi. 407 00:46:54,660 --> 00:46:56,130 And this is the password. 408 00:47:03,740 --> 00:47:18,890 So who are my Oktay home, you'll see less so there is no information, so you can see the multimember 409 00:47:18,890 --> 00:47:22,760 is a member of this, OK, that should do it. 410 00:47:23,140 --> 00:47:27,890 And I left myself there and do this stuff. 411 00:47:27,920 --> 00:47:33,020 So I'm moving all those crazy devices, all partitions, uh, permissions. 412 00:47:33,050 --> 00:47:35,360 So whether we have the permission or not. 413 00:47:38,860 --> 00:47:42,510 So this group can read right on this as dear. 414 00:47:43,630 --> 00:47:45,010 So that should be it. 415 00:47:46,000 --> 00:47:52,690 Now you can look at the FDA one, but it takes a lot of garbage to ensure that what you can least you 416 00:47:52,690 --> 00:47:58,160 can do is stop using demographic's debuggers, as do you want. 417 00:47:59,800 --> 00:48:02,050 So here you can only read the files. 418 00:48:02,320 --> 00:48:07,900 And of course, you can write for us because we have the right publisher, but we are going to only 419 00:48:07,900 --> 00:48:10,060 fetch the route from Guardroom. 420 00:48:12,640 --> 00:48:16,960 So this is the route from what we can, Figes. 421 00:48:17,860 --> 00:48:21,230 We can see personably 422 00:48:23,710 --> 00:48:24,820 also it see. 423 00:48:29,180 --> 00:48:32,970 Shout up so you can try to crack the hatches either way, too. 424 00:48:33,240 --> 00:48:42,560 So instead, what you can do is cat, who you can grab the little to the north Texas, which only underscores 425 00:48:42,570 --> 00:48:42,710 it. 426 00:48:43,950 --> 00:48:45,210 So copy this. 427 00:48:48,740 --> 00:48:49,580 National. 428 00:48:52,880 --> 00:48:53,850 We will be key. 429 00:48:55,830 --> 00:49:02,450 So this is private key permissions 400 and you can log another. 430 00:49:16,540 --> 00:49:19,020 So we are my group. 431 00:49:20,660 --> 00:49:22,530 OK, to see the brute force here. 432 00:49:24,810 --> 00:49:28,280 So stop the right, so it is always good for. 433 00:49:28,830 --> 00:49:33,950 I don't know why, so, OK, that's out of this box. 434 00:49:34,530 --> 00:49:44,370 So what we have learned is we have the school in the base and then we can know that there's a restriction 435 00:49:44,370 --> 00:49:45,140 on the final approach. 436 00:49:45,160 --> 00:49:46,290 And we bypassed it. 437 00:49:46,440 --> 00:49:53,700 And we also learned about the medications, uh, and the past for the use of these credentials. 438 00:49:54,210 --> 00:49:54,800 And then I. 439 00:49:55,350 --> 00:50:01,860 So if you are a member of other groups, you can search for more information. 440 00:50:02,220 --> 00:50:08,280 And if you are a member of this group, you can stop admissions of these devices attached to the computer 441 00:50:08,280 --> 00:50:09,970 and you can see whether you can read or write. 442 00:50:10,680 --> 00:50:12,120 So let's talk about this video.