1
00:00:02,770 --> 00:00:04,820
So, guys, welcome back and this, will you?

2
00:00:04,870 --> 00:00:09,780
We are going to write a simple father using the Python programming language.

3
00:00:10,390 --> 00:00:11,140
So that's get.

4
00:00:17,670 --> 00:00:27,690
No, I'm using this particular oil keep it from Hackney website, and it uses the editor while I put

5
00:00:27,690 --> 00:00:30,340
these two first links in the description.

6
00:00:30,360 --> 00:00:32,240
Make sure you can download this.

7
00:00:32,820 --> 00:00:38,850
No, I am also using the budget to debunk this program, this Bahraini military blogger.

8
00:00:40,990 --> 00:00:42,340
No, we run the program.

9
00:00:44,570 --> 00:00:53,060
So basically, what I will explain again, fuzzing generally really connect to the server our application,

10
00:00:53,240 --> 00:01:00,850
and we generate a random or unintentional data and then we send the data to the application and we see

11
00:01:00,860 --> 00:01:04,830
its behavior using the debugger with the good.

12
00:01:04,880 --> 00:01:08,960
You can see the applications that are our memory.

13
00:01:10,100 --> 00:01:17,360
So my application is running in this hour, listening on the port one three three seven to contact.

14
00:01:17,360 --> 00:01:18,070
You need all.

15
00:01:18,180 --> 00:01:19,550
You also need an IP address.

16
00:01:19,550 --> 00:01:20,680
Right now.

17
00:01:20,690 --> 00:01:23,870
What I can do is I'm going to find a way to solve this machine.

18
00:01:25,800 --> 00:01:33,240
API, FIP config, sorry, I have configures for you now, if you will be config, you can see the network

19
00:01:33,240 --> 00:01:38,370
adapter details, not IP addresses due to the 168, not one.

20
00:01:38,370 --> 00:01:41,130
I do not want to copy this.

21
00:01:52,850 --> 00:01:54,670
I think this is the correct Brooks.

22
00:01:57,020 --> 00:01:57,920
And also.

23
00:01:59,370 --> 00:02:00,920
Poll number is one three three seven.

24
00:02:02,340 --> 00:02:05,960
To interact with any obligation, we use library.

25
00:02:07,080 --> 00:02:16,640
So imports are good and we also use some delay between the sending of data, I mean, requests are back.

26
00:02:16,730 --> 00:02:24,840
It's now import time now to guarantee your application will to create a socket.

27
00:02:25,320 --> 00:02:27,470
For that, I am going to create a circuit.

28
00:02:27,630 --> 00:02:28,830
This is equal to.

29
00:02:29,940 --> 00:02:39,470
So good, not so good, also so good dog here for this August function takes two barometer's aelfwine

30
00:02:39,480 --> 00:02:47,070
it, which means I want to send this packet with an IP address of question four and also.

31
00:02:48,930 --> 00:02:57,450
So extreme, which means that I want to send this other TCAP, it performs through a handshake and then

32
00:02:57,450 --> 00:02:58,830
it is another DCB one.

33
00:02:59,850 --> 00:03:00,990
So I'm going to connect.

34
00:03:00,990 --> 00:03:01,380
No.

35
00:03:03,230 --> 00:03:09,890
Kind of takes it as an argument and so on, we need to go IBRD and the Bornholmer.

36
00:03:16,410 --> 00:03:17,820
Come on, 387.

37
00:03:20,350 --> 00:03:26,440
No UFOs, no how are we going to talk to that application through our Python program?

38
00:03:26,950 --> 00:03:34,980
No, I don't want to lose Bernat first thing and Sarver's sensible to us when we can have the right

39
00:03:35,590 --> 00:03:37,600
to see that banner and see what it is.

40
00:03:40,800 --> 00:03:43,800
And we need to get this message out.

41
00:03:43,830 --> 00:03:49,350
You will see the solution to actually are in the knowledge, but in the Bernat.

42
00:03:51,290 --> 00:03:59,210
And now let's close the subject and let's see if this works, OK, now put welcome those who are with

43
00:03:59,210 --> 00:04:07,430
her and for her or good a tea and a tea by sending us out there with the help.

44
00:04:09,200 --> 00:04:10,610
After losing the Bernard.

45
00:04:12,730 --> 00:04:17,710
We can tell you the calls to help.

46
00:04:28,610 --> 00:04:32,600
Again, we need to resume, and it's not a scandal program.

47
00:04:34,580 --> 00:04:41,240
As you can see, the program is telling us these are the very comments that the program accepts help

48
00:04:41,240 --> 00:04:48,090
or flow on in the value or for two and three or four and value and so on, up toward 14 in the world.

49
00:04:48,260 --> 00:04:55,970
And finally, the common good, generally, this is the normal way to the production tax.

50
00:04:56,230 --> 00:05:03,260
You can also use Netcare to just to know what, commence the production excerpts.

51
00:05:04,250 --> 00:05:08,150
Now, I'm going to do more these things.

52
00:05:09,440 --> 00:05:18,200
First, we will send one packet with our fuzzing letter and then we iterate order to send multiple times,

53
00:05:18,660 --> 00:05:18,990
OK?

54
00:05:19,250 --> 00:05:26,180
Now, since we have received the burner, what we are going to do is we want to say junk is equal to

55
00:05:29,150 --> 00:05:29,840
250.

56
00:05:35,580 --> 00:05:44,280
No, I want to say interesting one is you need to encode these values if you are using Python three

57
00:05:45,060 --> 00:05:49,140
by three, you need to send it as only bytes you cannot send.

58
00:05:49,320 --> 00:05:51,990
The soccer data has no strings or something.

59
00:05:54,520 --> 00:06:01,690
Rauluni Cordasco loses, it does not allow Unicode only to lose, and that's why it's No.

60
00:06:03,660 --> 00:06:04,920
There's not enough.

61
00:06:09,360 --> 00:06:10,650
Let's bring down this.

62
00:06:12,130 --> 00:06:13,320
Barer with.

63
00:06:15,100 --> 00:06:15,880
But it's.

64
00:06:17,660 --> 00:06:22,040
Gabeira sent with this number of late night format of.

65
00:06:26,030 --> 00:06:34,910
Now, what we're going to do is we put the gun and, no, the second is going to be OK now I'm sending

66
00:06:34,910 --> 00:06:40,070
15 a number of years to the application.

67
00:06:43,440 --> 00:06:49,990
It's just better than 150 words and it's open this and you can see there are a lot of connections opening

68
00:06:49,990 --> 00:06:52,990
and closing, but our application did not crash.

69
00:06:55,250 --> 00:06:58,310
Now, repeat the same process with Awilo.

70
00:07:00,660 --> 00:07:01,850
So while true.

71
00:07:07,400 --> 00:07:13,130
No, I'm going to repeat this entire process until I get an error like.

72
00:07:14,080 --> 00:07:17,520
Soccer did not character connection refuse.

73
00:07:17,820 --> 00:07:22,660
It means that when our position crashed, when you are going to Canada, when the application is crushed,

74
00:07:23,350 --> 00:07:24,240
you get the connection.

75
00:07:24,400 --> 00:07:24,790
All right.

76
00:07:25,440 --> 00:07:26,710
I'm going to try.

77
00:07:29,760 --> 00:07:36,990
Try sending the data and whenever any exceptionalities, you break the program simply.

78
00:07:41,170 --> 00:07:42,210
Also print.

79
00:07:44,750 --> 00:07:53,870
Application could actually by the format of code No.

80
00:07:54,130 --> 00:07:58,250
Another thing we need to do is we need to increase, the code says.

81
00:08:01,720 --> 00:08:09,380
All right, I think this is our fuzzing symbol for there has been completed.

82
00:08:09,400 --> 00:08:15,430
I think so in order to prove you are the goal, we are creating this order and we are connecting to

83
00:08:15,430 --> 00:08:16,270
the application.

84
00:08:16,570 --> 00:08:19,360
And then we are receiving something back which we don't care.

85
00:08:20,020 --> 00:08:26,560
And we are creating the some junk page using the first conduce fifty.

86
00:08:27,280 --> 00:08:29,500
It means plus we are sending 50 years.

87
00:08:30,900 --> 00:08:36,630
And then we are increasing two hundred, increasing hundred, one hundred and.

88
00:08:37,670 --> 00:08:47,060
Then again, in 150 enemies, in 150 words of fear, and then if A did not crash again, we look for

89
00:08:47,060 --> 00:08:55,970
this blog and news and again, 250 ways, if the application has crashed, then we get this attention

90
00:08:55,970 --> 00:09:02,480
and the Sprint segment will get the good and the bad and talk it will close.

91
00:09:03,440 --> 00:09:07,040
So I think this is this is the correct one.

92
00:09:08,400 --> 00:09:11,640
Let's see if any rescue you get had seen this.

93
00:09:15,950 --> 00:09:19,970
OK, OK, I'm sorry I did not pull this.

94
00:09:21,740 --> 00:09:24,380
Or from such a dumb.

95
00:09:26,000 --> 00:09:32,630
So that precautionary I accept there is all for one space and the junk and we also put.

96
00:09:34,490 --> 00:09:40,930
I am not sleep of said, you know, point three milliseconds in order to run the program.

97
00:09:51,060 --> 00:09:58,980
So I know her application has been crucial and you can see a two one five zero waste our Python program

98
00:09:58,980 --> 00:10:04,190
cannot send anywhere anymore because there is no response from it.

99
00:10:05,220 --> 00:10:06,790
There is no actual connection to it.

100
00:10:06,810 --> 00:10:11,170
You can see the plane has crashed here, you can see are our four years here.

101
00:10:11,880 --> 00:10:18,990
You can also see the AP, which is the instruction pointer, and also EKG's and E.S.P has been over

102
00:10:18,990 --> 00:10:19,950
400 years.

103
00:10:24,950 --> 00:10:26,870
Now, if I close the program.

104
00:10:31,930 --> 00:10:34,990
Now, let's let me run the program again normally.

105
00:10:41,660 --> 00:10:45,910
No, I will cannot do it using normal Python script.

106
00:10:48,660 --> 00:10:53,290
And I know I was and only the junk one two on Fraser Daltry.

107
00:10:58,870 --> 00:11:03,270
Or else I can just modify the on secondary records to do.

108
00:11:05,350 --> 00:11:06,770
I call.

109
00:11:08,370 --> 00:11:10,440
Less than three.

110
00:11:12,950 --> 00:11:20,090
Now, I'm going to send Daltry because we know the number of flights reduced to zero and you can send

111
00:11:20,090 --> 00:11:22,610
this can be a complex one.

112
00:11:28,870 --> 00:11:30,370
Sorry, did not run the program.

113
00:11:32,530 --> 00:11:33,110
There you go.

114
00:11:33,250 --> 00:11:39,030
You can definitely see we send our Bofur with two one five zero years and it never called for.

115
00:11:39,940 --> 00:11:46,300
In this way, we can force the application for any wonder these are crashes and then we can examine

116
00:11:46,300 --> 00:11:51,200
the application memory to see our data is there.

117
00:11:51,670 --> 00:11:59,690
Remember one thing, not every crash leads to a inability, but sometimes a crash can restore vulnerability,

118
00:11:59,740 --> 00:12:00,990
but not other times.

119
00:12:01,870 --> 00:12:02,830
That's all for this week.

120
00:12:03,220 --> 00:12:04,930
I hope you have enjoyed this.

121
00:12:06,980 --> 00:12:07,490
See you in the.