1
00:00:00,390 --> 00:00:06,330
So now we are going to steal some cookies from the user using this exercice vulnerability.

2
00:00:06,430 --> 00:00:14,370
Let's go the spirit over here and let me login into this admin and pass for.

3
00:00:19,270 --> 00:00:32,350
So now I logged in, let's see the draft, pick me, write the sample script together to make sure that

4
00:00:32,350 --> 00:00:35,380
we are getting the there is access.

5
00:00:35,410 --> 00:00:36,870
So a lot of high.

6
00:00:44,280 --> 00:00:46,960
So I copied and pasted in here.

7
00:00:51,730 --> 00:01:02,270
So let me turn this to to law, so actually I want you to watch it, uh, this only this, uh, kettling,

8
00:01:02,380 --> 00:01:09,790
so that when we put the security law and the full house bypassed this filter so you can apply this matter

9
00:01:10,360 --> 00:01:14,560
and you can see there is a, uh, Dallas group executives are boxing.

10
00:01:14,600 --> 00:01:14,820
Right.

11
00:01:15,580 --> 00:01:24,890
OK, I know what I'm going to do is I want to, uh, print out this document that.

12
00:01:25,660 --> 00:01:27,480
So this is a document object.

13
00:01:27,520 --> 00:01:32,230
We can access this, uh, current document, that kookie.

14
00:01:33,610 --> 00:01:34,630
So if I say like this.

15
00:01:35,080 --> 00:01:37,660
No, my cookie will be displayed.

16
00:01:41,330 --> 00:01:47,310
So security is equal to law, society is this one sees around five.

17
00:01:47,690 --> 00:01:56,330
OK, now how can we send to a commission so far that we need to set up a server in order to install

18
00:01:56,330 --> 00:01:59,000
Apache or some other advanced software for this?

19
00:01:59,690 --> 00:02:05,250
You can use this Python three and there is a module cartridge to tip that server.

20
00:02:05,270 --> 00:02:09,530
You can simply set up a Web server on the spot, say, one, two, three, four.

21
00:02:10,730 --> 00:02:12,860
So now we are serving.

22
00:02:12,860 --> 00:02:15,200
This had to depend upon all interfaces.

23
00:02:15,200 --> 00:02:15,890
One, two, three, four.

24
00:02:15,920 --> 00:02:24,920
So if I go and check my IP address, I have this one so we can send the request or we can post these

25
00:02:25,190 --> 00:02:28,800
requests to this IP address and we get the result here.

26
00:02:28,820 --> 00:02:32,330
So let me, uh, show you this one.

27
00:02:33,620 --> 00:02:39,250
So in script, I would say type is equal to or Eckstut JavaScript.

28
00:02:39,260 --> 00:02:46,730
So we have seen this type ecstasy assist texta A.M. and the our studios.

29
00:02:47,270 --> 00:02:48,300
I can say that.

30
00:02:49,550 --> 00:02:53,350
So now inside this can be considered as a text or JavaScript.

31
00:02:54,740 --> 00:02:58,340
Now what I can do is I want to delete this one.

32
00:02:58,340 --> 00:03:00,320
I want to document.

33
00:03:02,020 --> 00:03:06,580
Uh, but, uh, sorry.

34
00:03:10,140 --> 00:03:11,850
Document that location.

35
00:03:14,130 --> 00:03:20,290
Is calls to the GDP current slash and.

36
00:03:22,940 --> 00:03:30,680
Now, I need to put the this Kleenex machine, which is 192, that right one, not for current one,

37
00:03:30,680 --> 00:03:33,670
two, three, four, because my Web server is running on this board.

38
00:03:33,680 --> 00:03:34,450
One, two, three, four.

39
00:03:35,540 --> 00:03:39,080
So me make sure my borders and ports are OK.

40
00:03:39,500 --> 00:03:40,990
So one, two, three, four.

41
00:03:41,000 --> 00:03:43,340
And IP addresses one of the twin.

42
00:03:45,370 --> 00:03:52,090
And know, what we want to say is we put the question mark stress and then question mark resurveyed

43
00:03:52,360 --> 00:03:56,260
name is cookies is equals to press.

44
00:03:56,800 --> 00:03:58,930
We need to include this document, that cookie.

45
00:04:03,840 --> 00:04:05,020
Put this in corner then.

46
00:04:05,580 --> 00:04:14,160
So what I'm doing is I'm taking the whole Duquan solution to this IP address and what I'm going to do

47
00:04:14,160 --> 00:04:21,230
is I'm sending a parameter and the value in that parameter is the name of this parameter and the value

48
00:04:21,250 --> 00:04:22,020
is Buchbinder.

49
00:04:22,560 --> 00:04:28,350
So I'm just sending this document in a parameter just like username and password.

50
00:04:29,010 --> 00:04:32,190
So let me go with this and run this.

51
00:04:35,620 --> 00:04:37,690
So far, click on Submit.

52
00:04:39,680 --> 00:04:46,550
We can see here we got the Dataquest, the trash cookies, we got everything.

53
00:04:47,300 --> 00:04:50,750
So what we have said is cookies is equal to this whole cookie.

54
00:04:50,780 --> 00:04:58,790
We have seen in the previous script that these are tough cookie so we can see securities galore.

55
00:04:59,450 --> 00:05:00,760
This session is good.

56
00:05:00,770 --> 00:05:03,820
This one, this is all cookies we got in this.

57
00:05:04,640 --> 00:05:09,710
So this is a basic where you get the cookies using this python server.

58
00:05:10,580 --> 00:05:17,570
But there is a good way to get these cookies by using some python, frasca, Django.

59
00:05:17,810 --> 00:05:22,540
Or you can also if you know PSP, you can just write the simple typical.

60
00:05:24,730 --> 00:05:32,230
So this is I don't know that much I know python jungle, but we do try to call jungle in the U.S.,

61
00:05:32,230 --> 00:05:39,160
but it's not necessary and necessary, but you can use for comparable purpose.

62
00:05:39,170 --> 00:05:42,810
So you can also set up to actually be server like this python three a.m..

63
00:05:43,090 --> 00:05:47,520
This is a simple and a neat where you get the cookies.

64
00:05:47,530 --> 00:05:50,350
You know, I can copy these cookies and paste it in.

65
00:05:50,350 --> 00:05:53,440
My other brother and I will get that login.

66
00:05:53,680 --> 00:05:55,300
So let me try this.

67
00:05:57,360 --> 00:05:59,550
So let me go to my room here.

68
00:05:59,580 --> 00:06:02,700
One nine one nine two.

69
00:06:03,570 --> 00:06:05,040
So, David, over here.

70
00:06:06,420 --> 00:06:12,450
So there is already a health insurance exchange that is called Key Ed again this year.

71
00:06:14,760 --> 00:06:16,340
Can just pasted in here.

72
00:06:17,720 --> 00:06:24,950
So I need to promote this or this, and I want to call this a green sticker on.

73
00:06:26,790 --> 00:06:35,100
So my cookies have been sitting on this page, I see nothing, let me see cookies, OK, no, I want

74
00:06:35,100 --> 00:06:41,330
to moving in to this tree, so order Tree Hill previously vulnerabilities.

75
00:06:41,330 --> 00:06:43,950
So let me move on to this vulnerability's.

76
00:06:45,980 --> 00:06:49,700
And let's see if we can log in without using the password.

77
00:06:51,440 --> 00:06:53,300
OK, let me click on this.

78
00:06:58,400 --> 00:07:06,230
And there you can see we are locked in, as you had been, uh, Scooter, along the way, we have locked

79
00:07:06,230 --> 00:07:13,100
in as we have stolen the key of the admin user, because you can see this is the admin and we have logged

80
00:07:13,100 --> 00:07:18,740
in as that user because we have just posted the cookie in here and we have successfully navigated into

81
00:07:18,800 --> 00:07:19,670
these vulnerabilities.

82
00:07:19,940 --> 00:07:26,030
And without logging in with username and password, we had already got the section of this admin.

83
00:07:26,690 --> 00:07:28,400
So I think you have understood.

84
00:07:28,730 --> 00:07:38,440
So you can just, uh, spin up using the python and then you can just, uh, send the document, that

85
00:07:38,570 --> 00:07:41,900
cookie using this, uh, another document, that location.

86
00:07:43,010 --> 00:07:50,110
And then you need to start JavaScript for make sure that this is interpreted as to document the.

87
00:07:52,390 --> 00:07:55,620
So this is the basic to the police.

88
00:07:55,990 --> 00:08:02,260
I hope you understood so that after this video was stealing cookies, using exercise can see this exercise

89
00:08:02,260 --> 00:08:03,340
is very dangerous.

90
00:08:03,370 --> 00:08:10,270
It used to trick the user using, uh, this, uh, uh, script.

91
00:08:10,570 --> 00:08:17,050
Even you can, um, obviously, you can get the cookie of the user.

92
00:08:17,050 --> 00:08:19,810
You are going to try and you can just impersonate adult.

93
00:08:20,020 --> 00:08:28,000
So this exercise is very dangerous that you can just get the section of that user.