1
00:00:02,120 --> 00:00:08,480
Let's talk about how we can prevent these vulnerabilities now and these exploits we were able to run

2
00:00:08,540 --> 00:00:11,620
any code we wanted on the tablet computer.

3
00:00:11,660 --> 00:00:17,720
Again this functionality should be avoided you should avoid allowing users to run any sort of code on

4
00:00:17,720 --> 00:00:18,860
your server.

5
00:00:19,280 --> 00:00:24,710
Try to avoid all these functions such as the evil pass through and all of these functions that allow

6
00:00:24,770 --> 00:00:28,520
a user to run operating system code on the server.

7
00:00:28,640 --> 00:00:35,330
If you absolutely have to use something like it then make sure you analyze the input before you execute

8
00:00:35,330 --> 00:00:35,900
it.

9
00:00:35,900 --> 00:00:41,720
For example in the example we've seen where the code was doing a ping and it will think anything we

10
00:00:41,720 --> 00:00:48,230
put in the text box so I'm put in here as Slashdot text box just to show that this is the input that

11
00:00:48,230 --> 00:00:49,680
we put in the text box.

12
00:00:49,700 --> 00:00:51,650
This is what the program actually looks like.

13
00:00:51,650 --> 00:00:55,640
If it looks too complicated forget about it we're just talking about the concept here.

14
00:00:55,640 --> 00:00:58,900
So we're going to be talking about this here.

15
00:00:59,010 --> 00:01:08,410
So say for example you put what we did is we put normal IP and then we put the semi-colon and then we

16
00:01:08,410 --> 00:01:12,570
put a command that we wanted to do so we did for example LS alike.

17
00:01:13,000 --> 00:01:19,880
The problem with this is the Web Application used to take this the way it is copy it and run it in here

18
00:01:20,380 --> 00:01:27,670
which will when you when you execute this command it will do the ping first and then it will do the

19
00:01:27,670 --> 00:01:30,580
LS L.A. which is the command that we wanted.

20
00:01:30,580 --> 00:01:36,280
What you need to do is for example if you had to do it what I advise is you just don't use these functions

21
00:01:36,550 --> 00:01:39,530
if you have to use a function a function like this.

22
00:01:39,530 --> 00:01:43,810
Then what you should do is check that the input is what you're expecting.

23
00:01:43,810 --> 00:01:47,270
For example you expected an IP address and nothing else.

24
00:01:47,290 --> 00:01:53,070
So you can use regex to make sure you're not going to talk about projects or what Rodricks is Rodricks

25
00:01:53,080 --> 00:01:58,360
is basically a rule that will make sure that the input looks on the following format so it takes a digit

26
00:01:58,360 --> 00:02:05,140
digit that digit digit thought digit digit that digit digit which if I put anything else then the web

27
00:02:05,140 --> 00:02:06,680
application should refuse it.

28
00:02:08,570 --> 00:02:14,290
And this is exactly what the high security level does for the code.

29
00:02:14,330 --> 00:02:19,820
So I know we're talking about black box testing and everything but I want to show you what your code

30
00:02:19,820 --> 00:02:20,720
should look like.

31
00:02:20,900 --> 00:02:27,690
So if we go to the security settings and I'm going to set this too high this is actually called impossible

32
00:02:27,920 --> 00:02:34,160
and the new versions of a DVD I bought were used in the one that comes with me that's floatable and

33
00:02:34,160 --> 00:02:35,310
it's just called high.

34
00:02:35,480 --> 00:02:39,130
So the reason why they call it impossible because it's very secure.

35
00:02:39,500 --> 00:02:44,420
So if you go to the command execution again and I'm just going to give you the source to show you what

36
00:02:44,420 --> 00:02:45,100
they're doing.

37
00:02:45,290 --> 00:02:48,580
So they're implemented in a way very similar to use and projects.

38
00:02:48,710 --> 00:02:55,540
I think user projects could be a bit nicer for in terms of like the look of the code but there isn't

39
00:02:55,550 --> 00:02:57,070
the same concept.

40
00:02:57,080 --> 00:03:01,400
So basically what they have is they have the targets right here.

41
00:03:02,460 --> 00:03:06,730
So this is what you input this is what we put in here.

42
00:03:06,750 --> 00:03:14,080
So whatever you type in here is going to come up as this variable right here these last dollar target.

43
00:03:14,100 --> 00:03:21,430
So the first thing that they're doing is they're strip and the slashes from it after they do that.

44
00:03:21,560 --> 00:03:23,870
They're dividing the IP using this function.

45
00:03:23,870 --> 00:03:28,800
So what this function does is device the IP based on the dot.

46
00:03:28,820 --> 00:03:33,170
So we have number number that number number that number number that number number.

47
00:03:33,260 --> 00:03:36,470
So dividing this thought into an array.

48
00:03:36,710 --> 00:03:39,410
So for example if you have an IP that say

49
00:03:43,190 --> 00:03:55,340
so when we put our IP which is 10 20 14:2 or 8 what this function does what the explode function does

50
00:03:55,340 --> 00:04:01,010
right here it'll divide this into four and into an array of four elements.

51
00:04:01,010 --> 00:04:03,880
So the arrays is going to be something like this.

52
00:04:03,950 --> 00:04:12,760
It will be 10 20 14 troit OK.

53
00:04:12,940 --> 00:04:18,580
And each one of these elements can be accessed based on a number right here.

54
00:04:18,580 --> 00:04:26,320
So what they do is they check if each one of these elements is a number so it checks if it's numeric

55
00:04:26,320 --> 00:04:32,620
for the updates for the 0 for the one for the two and for the three and that checks for this element

56
00:04:32,860 --> 00:04:35,760
this element this element and this element.

57
00:04:35,770 --> 00:04:39,910
So they're making sure that we have a number number number number.

58
00:04:39,910 --> 00:04:46,660
So we try to inject our code right here regardless of what characters we use a word what tricks we use.

59
00:04:46,780 --> 00:04:52,990
As long as we're going to put characters in here for example P.W. the characters are going to go into

60
00:04:53,170 --> 00:04:55,780
here as well into the last element.

61
00:04:55,940 --> 00:05:03,970
And one this last element gets checked in using this function using the is numerus function.

62
00:05:04,010 --> 00:05:11,340
It will give an error because obviously this is not number two or eight semicolon PWT is not a number.

63
00:05:11,480 --> 00:05:16,590
And that will give us an error saying that we have entered an invalid IP.

64
00:05:17,000 --> 00:05:23,080
So the best way to do this again is to make sure what the user imported is what you're expecting.

65
00:05:23,080 --> 00:05:28,970
In this case we're expecting a number number number number Dauth number number number that number number

66
00:05:28,970 --> 00:05:34,850
number number number number so divided this into four arguments and make sure each one of these elements

67
00:05:34,850 --> 00:05:41,570
is a number will help us to protect this input and validate the input that it is correct.

68
00:05:41,600 --> 00:05:46,460
And it won't be and hackers won't be able to use it to hack into our server.