1
00:00:00,420 --> 00:00:03,210
Hello, everyone, and welcome to this video.

2
00:00:03,540 --> 00:00:10,290
So while performing penetration testing for Target Organization, we are able to identify one of the

3
00:00:10,290 --> 00:00:13,120
broken link into the Web application.

4
00:00:13,350 --> 00:00:17,300
So, as you can see, this is a live target, which is your toes, dot com.

5
00:00:17,850 --> 00:00:25,860
And under this target web application, we identified that one of the link was pointing to another service,

6
00:00:25,860 --> 00:00:29,850
but actually never was existing or was never claimed.

7
00:00:30,450 --> 00:00:30,930
All right.

8
00:00:31,110 --> 00:00:33,810
So let's see this how we are able to identify this.

9
00:00:34,590 --> 00:00:42,650
So we clicked on one of the users page and redirected to the LinkedIn profile, as we can see over here

10
00:00:43,260 --> 00:00:43,550
now.

11
00:00:44,040 --> 00:00:49,440
Unfortunately, this LinkedIn profile does not exist or the profile is not available.

12
00:00:50,160 --> 00:00:57,180
So now what the attacker is going to do is attacker is going to create a LinkedIn profile with the same

13
00:00:57,180 --> 00:01:05,610
user name, which was pointing to LinkedIn from the target of application, which is your post dot com.

14
00:01:05,880 --> 00:01:06,320
All right.

15
00:01:06,810 --> 00:01:10,440
So as you can see, I have created account with the name Goodman.

16
00:01:11,100 --> 00:01:18,270
So I'm just going to quickly go into the settings to identify where I can change my public, you all,

17
00:01:18,720 --> 00:01:20,820
and take over the target.

18
00:01:21,270 --> 00:01:24,270
You are of the target web application.

19
00:01:24,830 --> 00:01:28,710
So let me just navigate to edit my public profile.

20
00:01:29,460 --> 00:01:34,490
And you can see on the right hand side, this is my old profile, which is good man.

21
00:01:34,500 --> 00:01:38,880
And now I'm willing to copy this you all and pasted over here.

22
00:01:40,750 --> 00:01:42,620
So, yeah, I have done this.

23
00:01:42,640 --> 00:01:45,150
Let me just save this and you can see success.

24
00:01:45,160 --> 00:01:46,570
We have updated your settings.

25
00:01:46,870 --> 00:01:49,740
I have successfully claimed the new you all.

26
00:01:50,020 --> 00:01:56,680
So let me again click on the you all as again, see, this person works in the operations.

27
00:01:56,860 --> 00:01:57,300
All right.

28
00:01:57,670 --> 00:02:08,230
So now any attacker can impersonate this employee, which is working in operations and try to communicate

29
00:02:08,230 --> 00:02:14,230
with other users or communicate with the people who are working on this website.

30
00:02:14,680 --> 00:02:20,130
And this way it can be a loss to the target company or organization.

31
00:02:20,710 --> 00:02:22,450
So I hope you guys understood this.

32
00:02:22,960 --> 00:02:23,560
Thank you.