1
00:00:01,180 --> 00:00:07,690
So listen, this we are going to see The Exorcist by Password's, so whenever when I first entered the

2
00:00:07,700 --> 00:00:09,580
script, I read we got nothing.

3
00:00:09,950 --> 00:00:18,740
Uh, we did not get even attacked because at first the securities I had you innocence with the DP back

4
00:00:18,760 --> 00:00:23,400
and has appeared somewhere filters to avoid this scripted act to execute.

5
00:00:23,650 --> 00:00:32,500
So let me show you how to bypass these security mechanisms that serve media and submit all the security

6
00:00:32,500 --> 00:00:33,170
is media.

7
00:00:33,200 --> 00:00:41,670
I can just to whenever whenever I take the script archive and then if I submit this, we just get rid

8
00:00:41,710 --> 00:00:46,500
of it because our script, uh, they have some bypass filters.

9
00:00:46,500 --> 00:00:51,010
So I did not execute and we do not see the box.

10
00:00:52,720 --> 00:00:59,560
So I basically say the main bypass techniques you can use and you can also Google for access at once.

11
00:01:00,310 --> 00:01:05,810
There are so many and so many blogs, so I'm going to show you the script.

12
00:01:05,830 --> 00:01:07,220
So this is the obfuscation.

13
00:01:07,450 --> 00:01:08,560
What are going to tell piece?

14
00:01:08,560 --> 00:01:12,660
You want to mix the operators and the workers out of it?

15
00:01:12,830 --> 00:01:13,780
Let's call this.

16
00:01:15,140 --> 00:01:17,570
All right, did, said Descript.

17
00:01:20,540 --> 00:01:27,600
No, I'm so right here to get a clear visibility.

18
00:01:28,880 --> 00:01:30,650
Now I'm going to say a script.

19
00:01:31,620 --> 00:01:32,510
Arato.

20
00:01:35,800 --> 00:01:37,110
Now, I can just say.

21
00:01:38,630 --> 00:01:39,920
Ersek Group.

22
00:01:42,480 --> 00:01:51,510
So you don't need to worry about the exact matching of this progress in our case, we can do in a uppercase

23
00:01:51,510 --> 00:01:58,480
lowercase apparatus, Apricus and so on, can just copy this letter and read pasted in here.

24
00:01:59,520 --> 00:02:05,430
So if I submit this, I think we should, uh, get the red box.

25
00:02:05,650 --> 00:02:10,710
If you had the source code, you can get this and you can see there is a black box.

26
00:02:10,870 --> 00:02:11,030
Right.

27
00:02:11,880 --> 00:02:12,250
OK.

28
00:02:12,270 --> 00:02:14,550
They have given the source code red tape.

29
00:02:14,790 --> 00:02:15,780
Uh, Nikki.

30
00:02:17,080 --> 00:02:19,660
And let me just read the source code.

31
00:02:23,330 --> 00:02:30,070
So what they're doing is they're using the speech we started off script with.

32
00:02:30,620 --> 00:02:35,910
So when you type there is a script in this you order, then it will be replaced.

33
00:02:37,610 --> 00:02:40,200
So you can see this one.

34
00:02:41,150 --> 00:02:48,260
That's why we got the a lot of high the protection in the previous case.

35
00:02:52,100 --> 00:02:59,420
So another important thing is know there is a quotation filter that you cannot pass the quotations in

36
00:02:59,420 --> 00:03:05,510
the field in order, then you can use the string that from Carcoar function.

37
00:03:05,750 --> 00:03:12,800
So what this does is it you take a bunch of ASCII dissimilarities and it will convert to the normal,

38
00:03:12,950 --> 00:03:15,090
uh, ASCII values.

39
00:03:15,110 --> 00:03:19,560
So that this one works and it will convert into the, uh, alphabet.

40
00:03:19,580 --> 00:03:22,640
Let's see, ASCII table.

41
00:03:24,980 --> 00:03:32,390
So if you go to the wall and you if you want to see a little fire, you need to, uh, find the hedge,

42
00:03:33,110 --> 00:03:35,850
which is the smart one, unfortunately.

43
00:03:35,930 --> 00:03:43,600
And so if you want to send the order to find it or not, for one comma, one zero five.

44
00:03:44,440 --> 00:03:46,120
So think that's one.

45
00:03:46,130 --> 00:03:47,460
So, OK.

46
00:03:47,870 --> 00:03:57,230
Now, if you you can put this high inside of these quotations because we saw the first copy and it this

47
00:03:57,560 --> 00:04:05,570
better it because it is so I know my bypass filter having the quotations filter so it's not allowing

48
00:04:05,630 --> 00:04:07,130
the quotations to be executed.

49
00:04:07,460 --> 00:04:10,240
So now would it be copied from Carcoar.

50
00:04:10,700 --> 00:04:14,600
And so let me copy paste this.

51
00:04:14,600 --> 00:04:22,400
If I copy and Piperno it will be like similar to String, not from Carcoar and the Sarasate will decode

52
00:04:22,400 --> 00:04:31,910
this one, not for as yet or not for a fight as I saw it pasted in here and see if I can submit we get

53
00:04:31,910 --> 00:04:32,310
the high.

54
00:04:33,350 --> 00:04:39,520
So if you want to add another character, you can say, uh, let's say.

55
00:04:41,750 --> 00:04:51,290
Well, another number to reach, a number that said forty eight at the forty eight, sorry.

56
00:04:54,510 --> 00:04:55,190
48.

57
00:04:55,470 --> 00:04:59,700
So if you can copy this old bird and post it in here.

58
00:05:02,410 --> 00:05:08,080
And you can see how zero, so that's how you bypass these quotations filter in case there is a coalition

59
00:05:08,080 --> 00:05:10,790
strategy during this trip, not from Carcoar function.

60
00:05:11,800 --> 00:05:14,500
So this is about the medium security.

61
00:05:14,540 --> 00:05:16,780
Now we are going to this high security.

62
00:05:17,260 --> 00:05:21,370
Uh, let me give you the source.

63
00:05:30,360 --> 00:05:31,650
So in this source.

64
00:05:35,770 --> 00:05:38,800
I think so there is pressure characters.

65
00:05:41,390 --> 00:05:43,970
So it's displaying the special characters.

66
00:05:44,960 --> 00:05:49,580
OK, just let me try the normal script once.

67
00:05:51,060 --> 00:05:54,970
Script of height, and then we just got the entire script.

68
00:05:55,530 --> 00:06:03,540
So now what we can do is we can put the image that so I already shown you the syntax of this image,

69
00:06:04,050 --> 00:06:10,470
like basically going to put David Sarsfield, which is also a need to specify the image.

70
00:06:10,470 --> 00:06:12,720
But that's not the.

71
00:06:13,650 --> 00:06:16,040
So there is no accurate depiction of Sarva.

72
00:06:16,400 --> 00:06:18,210
Obviously, it returns an error.

73
00:06:18,450 --> 00:06:22,930
So you can say honourary is equal to no.

74
00:06:23,130 --> 00:06:31,770
We need to switch with the script function we have already seen on click a button on function in the

75
00:06:31,920 --> 00:06:38,850
button that if I put this button, then the function of this particular script has been executed.

76
00:06:39,030 --> 00:06:45,480
So in the same way, if there is an image and the source is an accurate in case the source is not available,

77
00:06:45,690 --> 00:06:52,290
this JavaScript function will get executed because you are seeing on a rep acupuncture.

78
00:06:52,680 --> 00:06:55,520
Now I can say are tough high.

79
00:06:57,750 --> 00:07:04,920
Because this image so I can just simply copy and paste it in here on the face of it, this.

80
00:07:08,480 --> 00:07:17,000
So let us know if you can see I have this program, I know we have seen about this, uh, access bypass

81
00:07:17,240 --> 00:07:24,530
and I know we have felt that we got the, uh, medium term medium security exercise.

82
00:07:24,740 --> 00:07:28,610
But what they have done is they have said this impossible fruchter exercise.

83
00:07:28,760 --> 00:07:30,750
So you can see the source code here.

84
00:07:30,980 --> 00:07:36,120
This is the exact source code of this, our special characters you can see here.

85
00:07:36,290 --> 00:07:42,940
So this is the, uh, uh, security patch for this exercise.

86
00:07:42,950 --> 00:07:48,230
If by using this especially its function, almost exercice use the word it.

87
00:07:49,160 --> 00:07:51,110
So that's what they are saying.

88
00:07:51,440 --> 00:07:58,820
And we cannot, uh, generate an alarm or any other dallas' could be because there is any special kurtas

89
00:07:58,820 --> 00:07:59,180
function.

90
00:07:59,930 --> 00:08:05,960
So now let's test this, uh, image tag under this, uh, medium security.

91
00:08:06,290 --> 00:08:09,830
So we go to a medium now some.

92
00:08:11,380 --> 00:08:14,420
All of this in here is a copy.

93
00:08:20,080 --> 00:08:26,360
And there you can see, uh, there is a two are tough two, and there you see the image X.

94
00:08:29,210 --> 00:08:35,630
It has not been found here, that's why honorable it has executed these are books, so this medium security

95
00:08:35,630 --> 00:08:39,140
is based on this script.

96
00:08:39,320 --> 00:08:42,110
It does not execute the script at all your character.

97
00:08:42,510 --> 00:08:46,920
That's why we have used this image and we also execute this prosecution.

98
00:08:47,180 --> 00:08:52,300
So the medium security is only seeing about this case a script that.

99
00:08:52,310 --> 00:08:54,630
So you had this obfuscation and I messed up.

100
00:08:54,830 --> 00:09:01,400
So in the high security, we cannot simulate the exercise because they relate specifically to function

101
00:09:01,410 --> 00:09:04,910
and it is a solution to this exercise.