Would you like to inspect the original subtitles? These are the user uploaded subtitles that are being translated:
1
00:00:01,679 --> 00:00:06,878
welcome back in the demo
2
00:00:04,000 --> 00:00:08,879
uh user enumeration so let me start with
3
00:00:06,878 --> 00:00:12,079
the login functionality
4
00:00:08,880 --> 00:00:15,519
let me as i um already explained to you
5
00:00:12,080 --> 00:00:18,240
in the previous video let me start with
6
00:00:15,519 --> 00:00:18,800
existing email and non-existing email
7
00:00:18,239 --> 00:00:20,399
and
8
00:00:18,800 --> 00:00:23,439
let's see how the web application
9
00:00:20,399 --> 00:00:26,640
responds so my email is david
10
00:00:23,439 --> 00:00:28,719
example.com well i am the user of this
11
00:00:26,640 --> 00:00:29,679
web application i am registered out
12
00:00:28,719 --> 00:00:31,759
there so
13
00:00:29,678 --> 00:00:33,039
well i know that this is uh you know
14
00:00:31,760 --> 00:00:35,679
existing
15
00:00:33,039 --> 00:00:37,839
uh email and now i'm gonna provide some
16
00:00:35,679 --> 00:00:39,920
arbitrary password right i just wanna
17
00:00:37,840 --> 00:00:41,680
see if the web application is going to
18
00:00:39,920 --> 00:00:42,640
tell me something about this email if
19
00:00:41,679 --> 00:00:44,878
this is
20
00:00:42,640 --> 00:00:46,399
registered email or not well i know that
21
00:00:44,878 --> 00:00:48,238
this is registered email but
22
00:00:46,399 --> 00:00:50,320
you know in case of other emails i don't
23
00:00:48,238 --> 00:00:52,640
know it so i just have to
24
00:00:50,320 --> 00:00:53,840
see how the web application responds
25
00:00:52,640 --> 00:00:55,920
because
26
00:00:53,840 --> 00:00:58,320
this is something what i need to learn
27
00:00:55,920 --> 00:00:59,120
to see if other emails are registered or
28
00:00:58,320 --> 00:01:02,640
not right
29
00:00:59,119 --> 00:01:05,920
so let me now click login and let's
30
00:01:02,640 --> 00:01:09,359
see the response wrong
31
00:01:05,920 --> 00:01:11,359
email and or password
32
00:01:09,359 --> 00:01:12,640
well when you've got this message you
33
00:01:11,359 --> 00:01:16,239
don't know what is wrong
34
00:01:12,640 --> 00:01:16,719
email and or password so now let's try
35
00:01:16,239 --> 00:01:20,319
with
36
00:01:16,719 --> 00:01:24,158
some arbitrary email like whatever
37
00:01:20,319 --> 00:01:25,279
add whatever dot com and arbitrary
38
00:01:24,159 --> 00:01:27,520
password
39
00:01:25,280 --> 00:01:30,000
let's see how it works for non-existing
40
00:01:27,519 --> 00:01:33,118
email right
41
00:01:30,000 --> 00:01:34,078
wrong email and or password the same
42
00:01:33,118 --> 00:01:36,640
response
43
00:01:34,078 --> 00:01:38,158
so i have completely no chance to learn
44
00:01:36,640 --> 00:01:41,040
anything here right
45
00:01:38,159 --> 00:01:42,320
providing existing email non-existing
46
00:01:41,040 --> 00:01:45,040
email or in other words
47
00:01:42,319 --> 00:01:46,000
registered or not registered i cannot
48
00:01:45,040 --> 00:01:48,479
figure out
49
00:01:46,000 --> 00:01:50,239
which one is registered and which one is
50
00:01:48,478 --> 00:01:53,359
not right
51
00:01:50,239 --> 00:01:56,399
okay but as i told you uh don't give up
52
00:01:53,359 --> 00:01:59,759
hackers are smart and hackers will
53
00:01:56,399 --> 00:02:01,040
try to reach their goal in a number of
54
00:01:59,759 --> 00:02:03,159
different ways
55
00:02:01,040 --> 00:02:05,040
now let me go to forgot password
56
00:02:03,159 --> 00:02:08,319
functionality
57
00:02:05,040 --> 00:02:10,399
in forgot password functionality i'm
58
00:02:08,318 --> 00:02:11,679
asked to enter my email and then the
59
00:02:10,399 --> 00:02:14,639
password reset link
60
00:02:11,680 --> 00:02:15,840
will be sent to this email so now when i
61
00:02:14,639 --> 00:02:18,878
provide my email
62
00:02:15,840 --> 00:02:20,080
here and i click send password reset
63
00:02:18,878 --> 00:02:22,719
link
64
00:02:20,080 --> 00:02:25,120
then i see a message password reset link
65
00:02:22,719 --> 00:02:27,840
has been sent to your email
66
00:02:25,120 --> 00:02:29,759
that's cool that's cool but how does the
67
00:02:27,840 --> 00:02:32,479
web app responds
68
00:02:29,759 --> 00:02:33,199
to non-existing email let's check this
69
00:02:32,479 --> 00:02:37,119
out
70
00:02:33,199 --> 00:02:40,399
whatever add whatever right dot com
71
00:02:37,120 --> 00:02:40,400
send password reset link
72
00:02:40,560 --> 00:02:46,719
email doesn't exist so
73
00:02:43,759 --> 00:02:47,439
yeah we've got it we've got it we have
74
00:02:46,719 --> 00:02:50,400
found
75
00:02:47,439 --> 00:02:52,639
that user enumeration via forgot
76
00:02:50,400 --> 00:02:55,360
password functionality is possible
77
00:02:52,639 --> 00:02:56,479
because the system responds differently
78
00:02:55,360 --> 00:02:59,200
the web app
79
00:02:56,479 --> 00:03:00,079
responds differently for registered
80
00:02:59,199 --> 00:03:03,439
email
81
00:03:00,080 --> 00:03:05,200
and non-registered email right and this
82
00:03:03,439 --> 00:03:08,239
is how you can start
83
00:03:05,199 --> 00:03:11,679
building a list of registered emails
84
00:03:08,239 --> 00:03:13,920
now do some kind of automation here
85
00:03:11,680 --> 00:03:15,200
and voila you will learn who's register
86
00:03:13,919 --> 00:03:17,518
who is not
87
00:03:15,199 --> 00:03:20,238
and that's it i've got two different
88
00:03:17,519 --> 00:03:22,719
types of responses for registered emails
89
00:03:20,239 --> 00:03:23,759
and unregistered emails this is it this
90
00:03:22,719 --> 00:03:27,039
is how it works
91
00:03:23,759 --> 00:03:29,519
and in a real attack the attacker would
92
00:03:27,039 --> 00:03:30,560
do some kind of automation here but when
93
00:03:29,519 --> 00:03:32,239
you do hacking
94
00:03:30,560 --> 00:03:33,680
you need to provide a kind of proof of
95
00:03:32,239 --> 00:03:36,640
concept you need to
96
00:03:33,680 --> 00:03:37,599
show the program owner or the company
97
00:03:36,639 --> 00:03:41,279
how you can
98
00:03:37,598 --> 00:03:44,238
build this list of registered emails
99
00:03:41,280 --> 00:03:44,799
and what i explained to you is is enough
100
00:03:44,239 --> 00:03:47,439
right
101
00:03:44,799 --> 00:03:48,080
we see in forgot password functionality
102
00:03:47,439 --> 00:03:50,560
two different
103
00:03:48,080 --> 00:03:52,400
uh responses for registered and
104
00:03:50,560 --> 00:03:53,680
unregistered emails and this is how we
105
00:03:52,400 --> 00:03:55,360
can differentiate
106
00:03:53,680 --> 00:03:56,959
who is registered who is not registered
107
00:03:55,360 --> 00:03:59,280
this is how we can start building
108
00:03:56,959 --> 00:04:00,080
uh this list and here is how the
109
00:03:59,280 --> 00:04:03,840
attacker
110
00:04:00,080 --> 00:04:06,879
can build this list as well so you see
111
00:04:03,840 --> 00:04:09,598
try to be smart don't give up too early
112
00:04:06,878 --> 00:04:11,598
try also other functionalities in the in
113
00:04:09,598 --> 00:04:12,479
the web application if you've got a goal
114
00:04:11,598 --> 00:04:14,479
in your mind
115
00:04:12,479 --> 00:04:15,919
try to be open-minded and and then you
116
00:04:14,479 --> 00:04:17,759
can reach your goal
117
00:04:15,919 --> 00:04:23,039
i believe that this is clear and
118
00:04:17,759 --> 00:04:23,040
basically this is it in this demo
7920
Can't find what you're looking for?
Get subtitles in any language from opensubtitles.com, and translate them here.