1 00:00:00,300 --> 00:00:07,290 So in this model, we were doing the coatrack box from the box and they were resistant and then pivot 2 00:00:08,340 --> 00:00:09,630 and I have already done that. 3 00:00:09,630 --> 00:00:16,680 And Max, can you can see on our reports, uh, this is it is open eight zero zero nine. 4 00:00:16,710 --> 00:00:18,750 So that is, uh, Pache. 5 00:00:19,020 --> 00:00:22,500 So it is hosting the satellites. 6 00:00:22,500 --> 00:00:23,100 We don't know. 7 00:00:23,490 --> 00:00:29,130 And that is Tomcat Web server and six or 60000. 8 00:00:29,280 --> 00:00:31,040 And there is also a Web server. 9 00:00:31,320 --> 00:00:35,320 So we have a service and one Apache's Arezzo. 10 00:00:36,000 --> 00:00:42,630 So let's go ahead and see what this Devadas can do for the script to scan has revealed. 11 00:00:45,300 --> 00:00:52,560 Potentially, there are some methods I have get out of this, but there is no use there. 12 00:00:52,960 --> 00:01:01,800 And so if you have some access to that access, then you can upload the virus and know how to run the 13 00:01:02,340 --> 00:01:03,690 scan on 80 80. 14 00:01:05,730 --> 00:01:08,100 You can see on ideating, we know nothing. 15 00:01:08,220 --> 00:01:11,040 So first, let's go to this. 16 00:01:12,860 --> 00:01:21,520 Web page, so there is a manager, it's a simple Tomcat manager, it needs authentication to access 17 00:01:21,520 --> 00:01:28,420 any of this content, like operating a website, etc. And there is a 60000 book. 18 00:01:29,620 --> 00:01:30,910 So let's go and see. 19 00:01:30,910 --> 00:01:33,190 First, our ADA report. 20 00:02:01,050 --> 00:02:04,890 So seeing for Nansel, not form or good. 21 00:02:09,550 --> 00:02:13,510 And honestly, she doesn't want to go to Normandy for the beach. 22 00:02:17,000 --> 00:02:23,430 I sense a Web hosting the private browser to serve anonymously. 23 00:02:24,700 --> 00:02:32,000 Let's see any comments so you can see here, um, my target getting the value and posting it to the 24 00:02:32,000 --> 00:02:32,960 Europeans. 25 00:02:33,980 --> 00:02:36,200 OK, let's say employer Broadcom. 26 00:02:39,140 --> 00:02:41,990 So the dot com would not fetch anything. 27 00:02:43,020 --> 00:02:45,230 OK, so that's what you can do is. 28 00:02:49,290 --> 00:02:51,300 It's sort of absurd on our own. 29 00:02:51,630 --> 00:02:53,900 Now, let's go to that you are. 30 00:03:06,390 --> 00:03:13,850 And also on a sixty thousand boat to have the info that BHP that reveals the BHP info function, that 31 00:03:13,860 --> 00:03:21,330 tells us about the BHP, Russians and Wassan, etc., so I will show you that. 32 00:03:24,140 --> 00:03:25,380 In that BHP. 33 00:03:27,890 --> 00:03:31,010 So here you can search for a few 34 00:03:33,710 --> 00:03:34,070 really. 35 00:03:34,610 --> 00:03:35,090 I think it's. 36 00:03:35,460 --> 00:03:38,770 Yes, you can search for food information. 37 00:03:39,140 --> 00:03:48,380 So if you found any and if I were on a routine so you can see here are being stored, no, that's fine. 38 00:03:48,800 --> 00:03:52,730 So now we can say our problem, OK? 39 00:03:52,940 --> 00:04:03,220 You can see a file of birdsong so you can upload something on to this 60000 or we'll get the boot. 40 00:04:03,890 --> 00:04:07,260 Now, that's a sales post. 41 00:04:07,340 --> 00:04:18,650 Makhdoom says it to me now exercise supposed to make some say this too and be so sure we could remember 42 00:04:18,650 --> 00:04:19,190 this one 43 00:04:22,280 --> 00:04:24,460 and you can see the crucial for this. 44 00:04:24,470 --> 00:04:28,220 So that means you can include any of the content. 45 00:04:32,570 --> 00:04:42,870 We're going to know what you can lose that's trying for same IP address, so that is a localhost 127, 46 00:04:42,890 --> 00:04:50,700 not 0.01 Swadesh support number 22, because we know that the pope is open. 47 00:04:50,700 --> 00:04:51,100 Right. 48 00:04:52,140 --> 00:04:52,980 So we shall see. 49 00:04:53,580 --> 00:04:57,720 So that means that this your input here, it should be included in this. 50 00:04:57,730 --> 00:05:01,080 But what I can do is I can say file 51 00:05:04,250 --> 00:05:11,610 twenty seven, dot one, slash eight C possibly. 52 00:05:13,230 --> 00:05:14,570 So it just try harder. 53 00:05:14,580 --> 00:05:22,250 Maybe this is being third a file and there is no FPP. 54 00:05:22,260 --> 00:05:24,810 You can check the open borders on the map. 55 00:05:24,810 --> 00:05:29,460 What ports are open is open and. 56 00:05:33,030 --> 00:05:35,160 So NPR decided online. 57 00:05:35,650 --> 00:05:37,350 So let's go and find this. 58 00:05:41,090 --> 00:05:43,610 And well, I don't know what I'm getting. 59 00:05:50,800 --> 00:06:00,890 Are things that one, I think we don't have any enough portable information because the final protocol 60 00:06:00,890 --> 00:06:05,710 is being filtered, there is no FPP, there's no S.P.. 61 00:06:07,370 --> 00:06:08,710 OK, that's. 62 00:06:12,770 --> 00:06:20,270 It's 21, so similar to the nakad, when you connect to the network using the words, you get the same 63 00:06:20,270 --> 00:06:26,300 information, but there are some local services, there should be accessible only with this box. 64 00:06:27,860 --> 00:06:32,570 So what you can do is you can write the Python script. 65 00:06:37,330 --> 00:06:41,420 Import requests, you are this. 66 00:06:42,370 --> 00:06:45,030 So this is a water. 67 00:06:47,920 --> 00:06:53,780 And here's what we need to build for this at this point, no, right, so we need to brute force from 68 00:06:53,920 --> 00:07:05,700 format of, say, for a range of other seven, 2000, because I brute this one. 69 00:07:06,010 --> 00:07:08,820 So that's why it took so much time in Python. 70 00:07:08,830 --> 00:07:09,240 I know. 71 00:07:09,740 --> 00:07:11,920 So here we get this down. 72 00:07:12,640 --> 00:07:19,720 There are few services guaranteed to 90, 110 that are local services running on the box. 73 00:07:21,280 --> 00:07:23,740 OK, so one 2000 should be enough. 74 00:07:30,140 --> 00:07:32,570 Format, toffy, so they see that you are. 75 00:07:36,880 --> 00:07:42,070 Orders you, orders the courts to request not that you are. 76 00:07:44,140 --> 00:07:46,830 Since we did not login, we don't need any cookie. 77 00:07:48,220 --> 00:08:02,940 We could start to wonder if and how far for our text rather than zero then print or contains this data, 78 00:08:04,030 --> 00:08:05,310 not format outfight. 79 00:08:05,980 --> 00:08:12,300 So I to answer that is well to put in this of bring order. 80 00:08:14,940 --> 00:08:26,760 And let's first up, let's also bring the rent or the rent for the text and print out that extra, so 81 00:08:26,760 --> 00:08:31,890 that should do it right down to two or three. 82 00:08:35,050 --> 00:08:41,710 OK, so you can see our popcorn contains the data to support you, but I don't know what those two words 83 00:08:41,710 --> 00:08:45,530 are, so we need to say instead of zero two. 84 00:08:45,790 --> 00:08:46,960 So that should be. 85 00:08:51,160 --> 00:09:00,630 OK, you need to wait for so much time so that people do like this, so 22, we already know that Sage 86 00:09:01,410 --> 00:09:06,830 and 90 contain some under-construction and put 110. 87 00:09:07,410 --> 00:09:15,870 So it is a bookmark that goes here and there is nothing here and contains this data all over. 88 00:09:16,980 --> 00:09:23,490 So when you come to 320, you you'll get this, uh, a page. 89 00:09:23,670 --> 00:09:29,450 And if you go to this Firefox Nadege HTML. 90 00:09:42,910 --> 00:09:48,760 So you can see here, action is close to nothing, so this is a big page, even though you weren't out 91 00:09:48,760 --> 00:09:49,720 any had been ordered. 92 00:09:50,020 --> 00:09:51,900 It's not going to perform any action. 93 00:09:52,390 --> 00:09:54,240 So it's like a rabbit hole here. 94 00:09:55,360 --> 00:09:57,400 An interesting piece, 880. 95 00:09:58,450 --> 00:10:01,660 So this python script takes so much time. 96 00:10:01,660 --> 00:10:02,610 So you to wait. 97 00:10:02,610 --> 00:10:10,600 So I'm just I really slow this down and let me copy this. 98 00:10:15,500 --> 00:10:25,250 And I know what today did not deliver the content here, Firefox or. 99 00:10:28,970 --> 00:10:32,900 So this should do the fans. 100 00:10:34,280 --> 00:10:41,060 So we on this backup, so should take you to Doc Zikos to back up. 101 00:10:41,480 --> 00:10:49,190 So if you want to view blat, you can say, wow, so this is a local. 102 00:10:49,520 --> 00:10:52,780 That's why we are going to these references. 103 00:10:53,210 --> 00:10:58,460 So here we need to say this stuff here. 104 00:10:58,580 --> 00:11:00,500 So what is the word 888? 105 00:11:07,650 --> 00:11:11,250 Sorry, not for its creates. 106 00:11:15,630 --> 00:11:23,910 So now, if I want to include the contents of the backup, I need to see Questionmark Dock as equals 107 00:11:23,920 --> 00:11:28,190 to backup so you can also press control. 108 00:11:28,200 --> 00:11:37,200 You can see here the backup back is close to the roof with our friends and he tenter. 109 00:11:39,840 --> 00:11:40,920 There is nothing here. 110 00:11:40,980 --> 00:11:41,940 OK, that's. 111 00:11:50,850 --> 00:11:51,360 OK. 112 00:11:52,920 --> 00:11:54,060 Now, let's hablar. 113 00:12:05,770 --> 00:12:07,480 So Ari is. 114 00:12:09,680 --> 00:12:12,860 So this is one case or one year or two for this. 115 00:12:17,080 --> 00:12:18,140 So that's a. 116 00:12:22,220 --> 00:12:24,350 The rest of. 117 00:12:34,960 --> 00:12:36,670 Mark Zikos, tobacco. 118 00:12:39,560 --> 00:12:46,700 OK, you can see the signs that are proven to be sort of tubular and press control, you know, you 119 00:12:46,700 --> 00:12:48,120 can see this is the comment. 120 00:12:49,730 --> 00:12:51,080 So this is the license. 121 00:12:52,220 --> 00:12:59,410 And Burnam are Tom Cattrall and Tom Campbell told one person, must be change. 122 00:12:59,420 --> 00:13:02,190 And usually my pastor is going to this one. 123 00:13:02,900 --> 00:13:04,650 So we got the password. 124 00:13:05,810 --> 00:13:08,990 Now, where is our manager that is on the board? 125 00:13:08,990 --> 00:13:10,300 Eight eighty eight. 126 00:13:10,340 --> 00:13:10,790 Right. 127 00:13:12,710 --> 00:13:14,560 So this is the manager. 128 00:13:17,120 --> 00:13:18,860 So this manager Sawka. 129 00:13:22,500 --> 00:13:31,370 Copy this and go to this one so you can go to even the normal page, so it's four, not four manager. 130 00:13:33,700 --> 00:13:41,010 So the reason Tom Gurcharan has been changed to where text day and proxy status. 131 00:13:41,370 --> 00:13:48,510 So let's go to HDMI to have some nice interface gave the password. 132 00:14:01,470 --> 00:14:08,440 So, I mean, in the past, so we got this page. 133 00:14:10,110 --> 00:14:14,420 OK, now what we're going to do is we are going to operate out of options. 134 00:14:14,730 --> 00:14:21,180 And I have spent so much time putting up figuring out why it did not work, because I'm uploading the 135 00:14:21,480 --> 00:14:22,830 shell into the future. 136 00:14:22,860 --> 00:14:24,630 So the big workout. 137 00:14:25,020 --> 00:14:26,260 But this picture did not. 138 00:14:26,310 --> 00:14:32,340 So let's create the artificial java, the DP and enter. 139 00:14:36,450 --> 00:14:40,440 So I was about to go for the version of the pills. 140 00:14:58,170 --> 00:15:04,230 So it has been treated in the home for the Destructoid, so let's broaden this out. 141 00:15:04,230 --> 00:15:04,590 What? 142 00:15:07,500 --> 00:15:08,550 And the president's one. 143 00:15:11,750 --> 00:15:16,510 So if you go to the test site, we should start the DNA 144 00:15:19,910 --> 00:15:23,720 one, two, three, four, now go to test. 145 00:15:26,080 --> 00:15:31,450 We should see the show, Ali, we are right down there. 146 00:15:31,570 --> 00:15:33,580 So let's upgrade to the racial. 147 00:15:37,550 --> 00:15:38,840 So there is three. 148 00:15:44,300 --> 00:15:45,620 That's Barnabus. 149 00:15:52,520 --> 00:16:00,070 Now, back from this process and in the research, you need to take these two comments in the same. 150 00:16:00,290 --> 00:16:05,420 So if you take only this comment, so this research will freeze. 151 00:16:10,520 --> 00:16:12,980 OK, that's where my BWB. 152 00:16:31,000 --> 00:16:35,860 So I have to this first, but there is there not any information? 153 00:16:39,890 --> 00:16:53,120 Let's go to home, KDDI, home run less so there are two uses, the nurse and doctor. 154 00:17:04,250 --> 00:17:09,560 So we don't have permissions to this Atanas user, so let's go to downcourt. 155 00:17:19,190 --> 00:17:21,370 So there is a four to Arkell. 156 00:17:31,840 --> 00:17:38,560 So they reserve their trip and this data, it's going to get further alerts. 157 00:17:40,890 --> 00:17:44,250 And you can see there is an end to this deep fight and Vanity Fair. 158 00:17:44,280 --> 00:17:46,890 So it's a hit. 159 00:17:48,840 --> 00:17:51,330 So this is the problem and this is the. 160 00:17:51,720 --> 00:17:59,520 So you can grab both of these photos into the country using that and see you have the next card in this 161 00:18:00,210 --> 00:18:00,840 box. 162 00:18:02,930 --> 00:18:08,030 So there reason I care so you can grab this, these photos will take so much time. 163 00:18:08,240 --> 00:18:09,320 So listen to this. 164 00:18:09,410 --> 00:18:11,930 It is like a database for back to the territory. 165 00:18:12,200 --> 00:18:16,730 So it contains all the objects, users and password hashes, et cetera. 166 00:18:29,570 --> 00:18:35,570 So I I have somewhere I don't know those, so into this started and. 167 00:18:38,660 --> 00:18:41,170 That's foget A.D.s, not. 168 00:18:48,190 --> 00:18:51,460 Sorry and beauteous. 169 00:19:15,090 --> 00:19:17,000 OK, let's stop this group. 170 00:19:21,780 --> 00:19:30,480 So in the whole narrative, we have this, OK, that should be OK, we have the big and in. 171 00:19:30,790 --> 00:19:42,930 So that's I'm going to use the impact, um, very secret dumpster pilot back at the secret dumps and 172 00:19:42,930 --> 00:19:43,800 you can help. 173 00:19:49,170 --> 00:19:57,090 So you need to specify the entity is file and the system, so your system, how you use the word binary 174 00:19:57,090 --> 00:20:05,010 file minus A.D.s to be, is that a bit? 175 00:20:07,260 --> 00:20:18,870 And the system is designed to be built and you need to specify the IP address that is our local machine. 176 00:20:22,990 --> 00:20:24,870 Hmm, it's a local. 177 00:20:33,270 --> 00:20:44,760 So contentious domain Red and Adam Mesh and then Bihac, so to grab this and Behesht, so let's go to 178 00:20:46,470 --> 00:20:48,820 Greg Station Gortner. 179 00:20:50,640 --> 00:20:52,070 You can also use John. 180 00:20:53,790 --> 00:20:55,640 So these are the first appreciators. 181 00:20:55,650 --> 00:21:01,580 So let's grab this one copy and guess. 182 00:21:02,350 --> 00:21:02,790 I don't know. 183 00:21:02,850 --> 00:21:06,820 So you can see Adena's is also in this Linux box. 184 00:21:07,950 --> 00:21:10,350 Maybe they may use the same passwords. 185 00:21:15,170 --> 00:21:15,590 Yes. 186 00:21:27,690 --> 00:21:33,750 So you can see we got the passports on this is the ordinance, so let's copy this. 187 00:21:34,410 --> 00:21:41,700 And what they're going to do is I'm going to switch to this Atanas. 188 00:21:44,740 --> 00:21:45,940 So the password. 189 00:21:54,220 --> 00:21:55,640 So let's go with this one. 190 00:21:58,210 --> 00:21:59,050 OK, there we go. 191 00:21:59,080 --> 00:22:03,430 You can see we are the attorneys side, home attorneys. 192 00:22:09,620 --> 00:22:10,880 So you can see that. 193 00:22:11,370 --> 00:22:22,610 So we got the normal share with you to ask you to produce your socks for processes. 194 00:22:25,660 --> 00:22:26,460 Oh, 195 00:22:29,650 --> 00:22:37,120 so you can see there is a ground job going on, so I render it in peace and in peace, that city rule 196 00:22:37,360 --> 00:22:38,680 that a tree is right. 197 00:22:39,910 --> 00:22:44,270 So that's going to get so dirty. 198 00:22:44,740 --> 00:22:50,580 So I think this is a route from getting closer, but are looking for can't be found here. 199 00:22:53,620 --> 00:22:54,880 Can be found here. 200 00:22:54,910 --> 00:23:01,180 So that means there is another box you can see this is a DMD, so it's generally located outside of 201 00:23:01,180 --> 00:23:03,600 the network and it's not an actual machine. 202 00:23:04,300 --> 00:23:08,470 So you can run the IP of the regular. 203 00:23:08,740 --> 00:23:13,690 You can see there is another adapter that is being connected to this, uh, this network. 204 00:23:13,690 --> 00:23:14,760 Tangelo, zero three one. 205 00:23:16,720 --> 00:23:18,530 So we are the first one. 206 00:23:18,710 --> 00:23:22,060 So there may be other computers. 207 00:23:24,370 --> 00:23:29,680 And what I did is I have uploaded that is to the military and the deputy. 208 00:23:30,220 --> 00:23:33,970 But there is a payment for the request. 209 00:23:33,980 --> 00:23:36,760 So that's why we cannot scan any ports. 210 00:23:37,730 --> 00:23:38,120 OK. 211 00:23:38,200 --> 00:23:42,960 Uh, I spent a lot of time there and got that wrong. 212 00:23:44,380 --> 00:23:48,030 And you can see there is there are some request logs. 213 00:23:49,600 --> 00:23:50,070 Sorry. 214 00:23:50,530 --> 00:23:56,270 So request is coming from an zero three thirty one thirty three. 215 00:23:56,800 --> 00:24:08,530 And at this time, so for every few seconds or two minutes and get our current target digit and can 216 00:24:08,530 --> 00:24:10,450 see the bridge at one point one six. 217 00:24:11,330 --> 00:24:15,070 So I searched online for the one point one six. 218 00:24:19,890 --> 00:24:25,050 And I got so much of the time that expected, so you can see we can. 219 00:24:28,320 --> 00:24:37,440 So let's see how we can take advantage of this, so I will just explain briefly so I would open the 220 00:24:37,440 --> 00:24:39,090 text to Ed. 221 00:24:45,310 --> 00:24:46,630 So generally, the. 222 00:24:50,120 --> 00:25:02,900 So we use the river to fetch ferries from A.P., my box set us up finding them to be right. 223 00:25:03,320 --> 00:25:09,950 So you use the we get up to fetch the first from the harbor resources from the ship. 224 00:25:10,790 --> 00:25:18,340 So that's whenever the version is less than one point one eight. 225 00:25:18,740 --> 00:25:22,620 So there is some passing problem. 226 00:25:22,850 --> 00:25:30,680 So whenever I, I own this box and I'm going to rewrite it to some, let's say FPP. 227 00:25:32,930 --> 00:25:39,530 So actually the request is for final number from this box. 228 00:25:39,980 --> 00:25:41,240 So this is my box. 229 00:25:41,690 --> 00:25:48,080 And what I will do is I will redirect this request to my FPP, uh, server here. 230 00:25:48,080 --> 00:25:53,720 What I can do is, uh, I can see, uh, some malicious not 231 00:25:56,330 --> 00:26:04,340 so great, uh, instead of, uh, trying to fix this resource. 232 00:26:04,490 --> 00:26:09,940 But I will redirect this request to this location if it should not exist. 233 00:26:10,220 --> 00:26:13,710 So the project will go and fetch this malicious ACCE. 234 00:26:14,090 --> 00:26:20,810 So instead of saving this as filename that it will save as many ships dirty. 235 00:26:22,850 --> 00:26:27,260 So it will fetch this one. 236 00:26:27,410 --> 00:26:35,810 And in the in your local folder you will help my precious daughter, you see, instead of fighting them, 237 00:26:35,810 --> 00:26:36,710 not DHT. 238 00:26:38,330 --> 00:26:43,240 So you can see there is so much of insecurity here. 239 00:26:43,730 --> 00:26:47,330 So that is we are going to, uh, take advantage of this. 240 00:26:49,900 --> 00:26:52,360 So they give the Python script here. 241 00:26:56,180 --> 00:27:03,980 So despite unscrupulous automatically, whatever the request is central to this Python script, it will 242 00:27:03,980 --> 00:27:05,830 be related to the FTB server. 243 00:27:06,860 --> 00:27:08,960 So you can copy this here. 244 00:27:08,960 --> 00:27:16,460 It will be, um, basically you cannot write the binary because that binary is not going to be executed 245 00:27:16,460 --> 00:27:17,210 by any process. 246 00:27:17,450 --> 00:27:20,740 So what we're going to do is we are going to poison the. 247 00:27:22,070 --> 00:27:24,820 So the reiterative contains some variables. 248 00:27:25,160 --> 00:27:29,300 Those are set when the penalty is being executed. 249 00:27:30,380 --> 00:27:31,720 So we pushed for it. 250 00:27:31,910 --> 00:27:39,590 So whenever there is a post for requesting the data in this file specified here will be sent as a request. 251 00:27:44,450 --> 00:27:47,410 OK, so we're going to copy the script. 252 00:27:49,460 --> 00:27:53,980 So he can so copy this group and I have already copied this one. 253 00:28:01,530 --> 00:28:10,830 Can the river so narrow yet so and so does the one one six dot be white and here we need to set some 254 00:28:10,830 --> 00:28:11,490 settings. 255 00:28:13,390 --> 00:28:15,880 OK, I will explain here first. 256 00:28:22,370 --> 00:28:31,820 First, OK, we will write our hearts in our Carriageworks as a post for its C0 and document this one 257 00:28:31,900 --> 00:28:40,400 contemporary current job somewhere in starting the Python module and we are setting up the FTB server. 258 00:28:41,330 --> 00:28:43,850 So here we are setting up. 259 00:28:44,350 --> 00:28:45,790 It should be resample. 260 00:28:46,400 --> 00:28:49,730 So this is going to be run. 261 00:28:52,430 --> 00:28:57,230 On the box, OK, first I will explain this. 262 00:28:57,860 --> 00:29:06,880 So we ran the Python script, and before that we pushed our dataset. 263 00:29:07,250 --> 00:29:16,910 So whenever there is a request coming to this Port 80 on this box, it will be redirected to this FPP 264 00:29:16,910 --> 00:29:18,600 and my colleague, the. 265 00:29:19,500 --> 00:29:25,220 So it will be downloaded as the courtesy of this file. 266 00:29:25,220 --> 00:29:36,140 And it is being requested after saving this if the victim is asking for post request and because we 267 00:29:36,140 --> 00:29:40,960 already said the post underscore file name as it see shadow. 268 00:29:41,660 --> 00:29:43,850 So we decided c0. 269 00:29:51,520 --> 00:30:02,710 So we know there's a push to question the data of the TSA is already taken and, uh, can to send this 270 00:30:02,710 --> 00:30:11,470 to this push to so we can see the contents of the shuttle and the response units and the current. 271 00:30:11,810 --> 00:30:20,140 So here is the current job that is being placed in this seat chronology. 272 00:30:22,360 --> 00:30:27,640 So here's what we're going to do, is we are going to say put out a document here. 273 00:30:27,640 --> 00:30:33,880 We are going to send the data and it is going to be sold as a charango. 274 00:30:37,060 --> 00:30:44,210 So you can also modify it to passably and add your own user, Sturdee Gonzales, appearance. 275 00:30:45,730 --> 00:30:49,750 So this is going to be run on the BMD server. 276 00:30:51,160 --> 00:30:59,170 So because that is going to receive the request from and not the one that three the actual box. 277 00:31:02,200 --> 00:31:10,810 So zero zero zero zero on our interfaces and property and FPP is going to be hosted on my current Xbox. 278 00:31:12,610 --> 00:31:15,370 OK, this is the ground job. 279 00:31:15,370 --> 00:31:22,200 I'm going to add that this etsi koranda be social, you know. 280 00:31:24,840 --> 00:31:29,490 So you can push this, what you can do is ensure with CSIRO. 281 00:31:30,300 --> 00:31:32,380 You can also send group robotic. 282 00:31:33,210 --> 00:31:38,490 So that should also do, you know, go to Tom. 283 00:31:51,790 --> 00:31:53,680 So that's our. 284 00:32:01,240 --> 00:32:02,830 That dance group. 285 00:32:03,130 --> 00:32:05,800 I'm sorry, I did not mention the point that is eight thousand. 286 00:32:10,640 --> 00:32:13,240 She can see the request here and the script here. 287 00:32:13,860 --> 00:32:25,070 OK, let's set up our FPP server on the condition and it should be writable because the box is going 288 00:32:25,070 --> 00:32:30,890 to be I think it's going to be writable distributed enough. 289 00:32:33,110 --> 00:32:35,430 So that's why it's. 290 00:32:37,290 --> 00:32:37,520 OK. 291 00:32:38,120 --> 00:32:39,880 I do not show you one thing. 292 00:32:39,890 --> 00:32:41,780 So when I found the Bernoulli's. 293 00:32:44,180 --> 00:32:44,660 So. 294 00:32:54,030 --> 00:33:02,250 So touched so many things for discussion, but also there is one Ben-Ari. 295 00:33:10,530 --> 00:33:12,360 I find it so. 296 00:33:15,750 --> 00:33:16,950 It's a SoloHealth. 297 00:33:44,930 --> 00:33:49,250 So I think we go from not being so I have run successfully. 298 00:33:49,280 --> 00:34:02,440 So if you want to host any summer show, you don't if you run this pattern, you see permission denied 299 00:34:02,480 --> 00:34:10,600 because the boat is 80 and under one year before you can post the spots, you need the revolution. 300 00:34:10,610 --> 00:34:11,050 So. 301 00:34:16,910 --> 00:34:21,800 So now you can see Epiphone, the open on this Kleenex box will be one. 302 00:34:24,790 --> 00:34:32,620 So let's start our server on five, five, five, six, so what happens here is that 10 zero three one 303 00:34:32,620 --> 00:34:40,360 that Bugs tries to do the gatecrashed on our this BMG for the arcade alternate user. 304 00:34:40,750 --> 00:34:45,540 So here's what we're going to do is, OK, I do not have the file. 305 00:34:45,820 --> 00:34:49,370 I'm going to return to this FPP server. 306 00:34:49,660 --> 00:34:54,630 So here is what we're going to do is we are going to send the record to our SIEFERT. 307 00:34:54,820 --> 00:35:03,280 So that will be stored in the home territory of the user requesting as it is without changing the file 308 00:35:03,280 --> 00:35:07,070 name as the arcade got together. 309 00:35:07,130 --> 00:35:15,220 So, OK, so we need to wait for a few minutes because the request we can see it is being made for every 310 00:35:15,220 --> 00:35:15,850 two minutes. 311 00:35:16,000 --> 00:35:17,170 That is really Coranderrk. 312 00:35:40,010 --> 00:35:48,950 OK, now you can see the request from the IP address and now we are redirecting police FPP. 313 00:35:51,900 --> 00:36:01,530 Anonymous editor disconnect at all, so anonymous is anonymous login, so you can see the 10 zero 333 314 00:36:01,530 --> 00:36:05,350 133 has been logged in as anonymous and fitchett of the. 315 00:36:06,570 --> 00:36:14,390 So since the British version, Barnaby is less than one point one aide in the case of that box. 316 00:36:15,000 --> 00:36:18,460 So it is a story that obligatory as it is. 317 00:36:19,410 --> 00:36:21,960 So now after voting, it will 318 00:36:24,690 --> 00:36:26,040 send the post request. 319 00:36:34,010 --> 00:36:41,630 So we are asking for the proof that you this file does not exist, you will not get the push to question, 320 00:36:42,050 --> 00:36:43,880 you should not give the post request. 321 00:36:44,270 --> 00:36:47,020 Your current job is not going to be at it. 322 00:36:47,030 --> 00:36:49,830 So that's what you need to make sure that this fight exists. 323 00:36:50,260 --> 00:36:57,590 So I have tried to get the root private of the route, but I have I did not get the particulars because 324 00:36:57,590 --> 00:37:00,800 there is no private key for the route to the. 325 00:37:03,030 --> 00:37:13,230 So there is a ground up running, so if there is a successful tarsier, again, it will try to ask for 326 00:37:13,230 --> 00:37:16,410 another permit and now it is supposed to cost. 327 00:37:38,760 --> 00:37:45,370 So now you can see the hash here, that is the root root flag, and now we are sending the ground up 328 00:37:45,390 --> 00:37:53,150 as a response and it is going to be stored in this structure because that is what in the navigator. 329 00:37:54,450 --> 00:37:58,480 Now, we shall see Boudjellal in two minutes. 330 00:37:58,540 --> 00:37:59,070 I think so. 331 00:38:38,560 --> 00:38:45,150 Where did you do any wrong, MERSIADES Five, four, five, six. 332 00:38:45,260 --> 00:38:47,250 OK, we got this, we are my group. 333 00:38:47,980 --> 00:38:50,140 So now is the grown ups. 334 00:38:51,040 --> 00:38:57,910 So for every two minutes we use running that we get up and. 335 00:38:59,160 --> 00:39:08,340 The water, that is, and everyone that is out of the server is going to not OK also errors and then 336 00:39:08,340 --> 00:39:16,710 there is and that is running for every four minutes, that is not obligatory so that we could send the 337 00:39:16,710 --> 00:39:17,220 new one. 338 00:39:25,870 --> 00:39:27,520 So you can use that. 339 00:39:28,060 --> 00:39:36,030 So this is, uh, this looks somewhat easy, but it takes so much of an enumeration and a lot of time. 340 00:39:36,430 --> 00:39:38,170 So that's what this video coatrack.