1
00:00:00,070 --> 00:00:06,840
Knowledge about this firing cruise in water buildings and we are discussing about this inclusion, that

2
00:00:06,840 --> 00:00:13,140
means, uh, we are including some content of the fire within the same Web server, as you can see here,

3
00:00:13,140 --> 00:00:17,970
that you are vulnerable vulnerabilities and questionmark pages to include that page.

4
00:00:18,480 --> 00:00:25,220
So we are just saying the other parameter and we are including the page files content.

5
00:00:25,590 --> 00:00:27,250
So that will be rendered here.

6
00:00:28,650 --> 00:00:34,110
And this one, I would like to, uh, read the contents of other files as well.

7
00:00:34,770 --> 00:00:42,990
So to include if I read this, uh, page is Dr. Page so we can get the information I could see possibly

8
00:00:42,990 --> 00:00:45,660
at Sea Shadow and other files as well.

9
00:00:45,660 --> 00:00:53,160
If you know otherwise they exist on the server, then you can just, uh, go and, uh, put the you

10
00:00:53,160 --> 00:00:55,100
are here to include the file.

11
00:00:56,010 --> 00:00:59,160
So what we do is I say it's particularly.

12
00:01:03,490 --> 00:01:14,500
OK, saying fire out front, because this server may be running on this very W-W, uh, XHTML or some

13
00:01:14,500 --> 00:01:19,420
other folder, so then we need to go to the top of this directory.

14
00:01:20,350 --> 00:01:28,600
So you need to put the backslash to that and rush to get the industry and put again.

15
00:01:28,890 --> 00:01:29,490
Put again.

16
00:01:29,500 --> 00:01:36,960
So like this do some five or six times and then to make sure that you are the router from then you're

17
00:01:36,970 --> 00:01:40,120
going to pass the veloute.

18
00:01:42,010 --> 00:01:47,630
So still not from OK, let me move somewhat here.

19
00:01:48,130 --> 00:01:50,260
So let me move this.

20
00:01:53,070 --> 00:02:00,700
What could be more, somewhat higher and just as you can see here are the contents of this particular

21
00:02:00,720 --> 00:02:01,890
file has been displayed.

22
00:02:02,970 --> 00:02:07,320
So you can see there you can search for any users.

23
00:02:07,320 --> 00:02:12,090
You tell the unencrypted passwords are no login passwords.

24
00:02:12,630 --> 00:02:13,770
So home user.

25
00:02:14,520 --> 00:02:20,640
So just to user, there is a user name here, just a user and user.

26
00:02:21,210 --> 00:02:24,060
So there is no group home user and bimbette.

27
00:02:25,950 --> 00:02:30,240
So there is I think there that is only one user, just a user.

28
00:02:30,240 --> 00:02:38,400
And we can search this for any uh uh, since the information.

29
00:02:40,860 --> 00:02:44,410
So I think we got only one user that is just a user.

30
00:02:45,490 --> 00:02:46,600
I know what I can do.

31
00:02:46,950 --> 00:02:49,590
I can do this possibly unsatiable.

32
00:02:52,420 --> 00:02:59,330
And you can see for to open because permission denied to open this file, because the user running this

33
00:02:59,330 --> 00:03:02,960
Web server does not have enough privileges to open the seizure of it.

34
00:03:03,550 --> 00:03:07,630
So these are the basic files you could include.

35
00:03:07,840 --> 00:03:14,830
Another important thing is you can include this proc version, this version that is the Linux distribution

36
00:03:15,130 --> 00:03:15,600
version.

37
00:03:16,420 --> 00:03:24,280
And you can see here the next version it colonel is using 2006, and it's saying the server and the

38
00:03:24,280 --> 00:03:25,870
GC version of this want to.

39
00:03:27,340 --> 00:03:33,130
So it got a decisive action, but we don't care what you see and you can see the next corner is two

40
00:03:33,130 --> 00:03:34,360
point six point two four.

41
00:03:34,390 --> 00:03:42,160
So you can just probably Google over this to forensics experts or you can just, uh, find our experts

42
00:03:42,160 --> 00:03:44,390
and then use the experts to get the highest.

43
00:03:45,190 --> 00:03:47,020
So this is very sensitive information.

44
00:03:47,020 --> 00:03:48,430
Getting this question.

45
00:03:48,580 --> 00:03:55,800
You get the, uh, results rationally just or some cannot experts to get a reversal.

46
00:03:57,160 --> 00:03:59,050
So this is all about this local filing.

47
00:03:59,350 --> 00:04:07,460
Whenever you have these pages, calls to include or editorial page, that means should disturb you.

48
00:04:07,520 --> 00:04:11,360
We can ask for, uh, any other file which we have access to.

49
00:04:11,560 --> 00:04:18,550
So if you are sketchy possibility and it's seizure and you get the information some the basic information

50
00:04:18,760 --> 00:04:23,130
and you can exploit this information using any experts.

51
00:04:23,890 --> 00:04:26,950
So I hope you have understood what this file inclusion.