1
00:00:12,200 --> 00:00:15,060
Hi and welcome back to another episode on How to Hack.

2
00:00:15,500 --> 00:00:21,650
So over here I have Firefox Web browser running, so we are going to access into a Web application server.

3
00:00:21,890 --> 00:00:25,480
So I'm going to enter one or two one six eight zero two on two.

4
00:00:25,910 --> 00:00:31,040
So this is made exploitable to that we have running via our Oracle virtual box.

5
00:00:31,430 --> 00:00:36,620
So over here, as you can see, we have a massive that means log in to anticipatable and we got the

6
00:00:36,620 --> 00:00:39,920
IP address of one or two one six eight zero two one two.

7
00:00:40,280 --> 00:00:46,070
So, of course, Matus Floatable two is a vulnerable Web server that allow us to do different kind of

8
00:00:46,070 --> 00:00:51,170
penetration testing, not just on the server end, but also on the Web application server.

9
00:00:51,170 --> 00:00:53,120
And so we have Mutty today.

10
00:00:53,120 --> 00:00:57,950
We have a which can be used for us in terms of Web application testing.

11
00:00:58,240 --> 00:01:03,950
I understand more about open Web application, security project and the associated vulnerabilities.

12
00:01:04,670 --> 00:01:11,420
So over here I have Mutilates running and I can go on all ups, top 10 and of course we can look at

13
00:01:11,420 --> 00:01:17,000
the top 10 Web application vulnerabilities and we can also look at a couple of outtakes.

14
00:01:17,030 --> 00:01:24,590
So over here, for example, we have SQL, I extract data bypass authentication, insert injection,

15
00:01:24,980 --> 00:01:28,330
blind SQL via timing and so on and so forth.

16
00:01:28,350 --> 00:01:33,040
So we have a lot of different ways for us to actually learn about cyber.

17
00:01:33,440 --> 00:01:38,660
And of course, here we have one particular item, which is add to your block so I can click on that.

18
00:01:39,170 --> 00:01:43,490
And of course, we actually have created a JavaScript attack on that.

19
00:01:43,490 --> 00:01:45,140
So I'm going to click on reset database.

20
00:01:45,170 --> 00:01:50,840
So the good thing about MUTILATOR is that you can very quickly reset the data inside the database that

21
00:01:50,840 --> 00:01:58,310
allow you to retry some of the attack made, especially if you screw up the databases or you screw up

22
00:01:58,310 --> 00:02:03,050
the test environment and it could come back here again, reset the database and you can go back and

23
00:02:03,050 --> 00:02:04,330
try again different attacks.

24
00:02:05,720 --> 00:02:12,920
So once I'm here, as we can see, we are on the Web application server in and we can see the entry

25
00:02:12,920 --> 00:02:13,520
over here.

26
00:02:13,550 --> 00:02:18,330
So we have an anonymous and we have to date and we have the comment.

27
00:02:18,680 --> 00:02:24,860
So, for example, if I want to test, I want to try and save block entry and immediately we'll get

28
00:02:24,860 --> 00:02:29,700
another anonymous block and all these items that are being inserted into the system.

29
00:02:30,200 --> 00:02:36,890
So what I'm going to do next is I can actually try to inject any kind of script to see whether the input

30
00:02:36,890 --> 00:02:38,300
forms are being sanitized.

31
00:02:38,690 --> 00:02:44,930
So I can enter, for example, script and I can close the script and I can put, for example, alert

32
00:02:46,130 --> 00:02:48,110
and we can put, for example, hacked.

33
00:02:48,500 --> 00:02:52,580
OK, so this will do a pop up of the word hacked.

34
00:02:52,800 --> 00:03:00,230
So if I click on Save Blocked entry immediately, we can see that the JavaScript managed to get past

35
00:03:00,350 --> 00:03:01,880
the Web application server.

36
00:03:02,210 --> 00:03:06,050
And if I scroll all the way down, I can see that there is a Blang entry here, but it's not really

37
00:03:06,050 --> 00:03:06,530
blank.

38
00:03:06,890 --> 00:03:08,720
It is being loaded as a JavaScript.

39
00:03:08,720 --> 00:03:11,980
So we're going to introduce to you web developer option.

40
00:03:11,990 --> 00:03:18,370
So if I do it right, click and I click on Inspect Element, OK, and we'll come to this console.

41
00:03:18,380 --> 00:03:18,740
All right.

42
00:03:18,770 --> 00:03:20,750
So this is the web developer console.

43
00:03:20,750 --> 00:03:24,590
You can also access it from the top right corner of Firefox.

44
00:03:24,920 --> 00:03:30,560
And you can click on the web developer and you can click on toggle 2s, inspector web console and all

45
00:03:30,560 --> 00:03:32,540
these different other taps.

46
00:03:32,750 --> 00:03:33,110
All right.

47
00:03:33,530 --> 00:03:37,130
So, of course, over here I can actually look at TRD.

48
00:03:37,130 --> 00:03:39,440
So LTT is a table.

49
00:03:39,440 --> 00:03:41,540
So it is a table column, Bill.

50
00:03:41,870 --> 00:03:43,610
So we can actually expand is a little more.

51
00:03:43,640 --> 00:03:48,980
And we can see that this is the item that we have actually injected into the Web application server.

52
00:03:49,350 --> 00:03:54,080
And of course, it has a script opening and a script closing and in a pop up call hacked.

53
00:03:55,100 --> 00:03:57,120
So immediately we can do inspection of Alamin.

54
00:03:57,350 --> 00:04:00,020
OK, so very easily we can understand what's going on.

55
00:04:00,290 --> 00:04:03,110
So I can also inspect element on the text box.

56
00:04:03,440 --> 00:04:07,790
OK, so we can see the rolls, the columns and all these different data.

57
00:04:07,820 --> 00:04:14,090
So that's the whole purpose of inspect element to understand what are the values that are actually being

58
00:04:14,090 --> 00:04:21,440
presented to us in terms of looking at what data are acceptable, what data may not be sanitized.

59
00:04:21,620 --> 00:04:26,600
So that's one of the ways that we can actually look at using the web developer option.

60
00:04:26,780 --> 00:04:31,780
OK, so we have a crosseyed scripting as well, so we have input made it all right.

61
00:04:31,820 --> 00:04:37,310
So we can add to your block, view someone's block, DNS, look up and all these different injection

62
00:04:37,310 --> 00:04:37,580
matter.

63
00:04:38,120 --> 00:04:38,410
All right.

64
00:04:38,420 --> 00:04:43,700
So the other thing that we also want to look at is in terms of trying to get more data.

65
00:04:43,880 --> 00:04:44,210
All right.

66
00:04:44,210 --> 00:04:45,880
So we have HDMI injection as well.

67
00:04:46,610 --> 00:04:48,230
We have a two year block.

68
00:04:48,500 --> 00:04:54,680
We have GDP Hater's, we have Domme injection, kookie injection, capture data page, comen injection,

69
00:04:54,680 --> 00:05:00,530
JavaScript injection and many other different capabilities for us to Tassell detect Mantid.

70
00:05:00,710 --> 00:05:01,070
All right.

71
00:05:01,080 --> 00:05:06,650
So one of those methods that we're going to look at is also in terms of going back into DVDs.

72
00:05:07,880 --> 00:05:08,210
All right.

73
00:05:08,210 --> 00:05:09,590
So we can hit enter back to.

74
00:05:09,970 --> 00:05:16,930
The main page on TV so we can enter Etman and we can enter the password and we can log in to the site,

75
00:05:17,470 --> 00:05:22,990
so of course once we are in a site, we can actually change the script security to low so that it's

76
00:05:22,990 --> 00:05:27,040
easier for us to learn, especially if you're starting out on a web application penetration testing.

77
00:05:27,700 --> 00:05:33,310
So once you changed it to low, we can also click on, for example, on sequel injection.

78
00:05:33,970 --> 00:05:38,140
We also have Croci scripting reflected and so on our CROCI scripting.

79
00:05:39,010 --> 00:05:44,020
So what are we going to do now is we are we can click on set up and I'm going to create and reset a

80
00:05:44,020 --> 00:05:50,410
database again, because again, the great thing about this is that you can reset a database, especially

81
00:05:50,410 --> 00:05:55,900
if you've been doing a lot of different attacks and you want to retry again, all if you just inserted

82
00:05:55,900 --> 00:06:00,250
a lot of different kind of attack methods that kind of screwed up the database, then you can revert

83
00:06:00,250 --> 00:06:01,990
back to its original form it.

84
00:06:02,770 --> 00:06:04,900
So going back into Staut.

85
00:06:05,230 --> 00:06:05,580
All right.

86
00:06:05,590 --> 00:06:06,910
So this is cross site scripting.

87
00:06:07,360 --> 00:06:13,060
And again, this is very similar to the earlier tutorial you saw on D Mutal today.

88
00:06:13,060 --> 00:06:14,620
So I can enter, for example, Tarsa.

89
00:06:15,070 --> 00:06:15,670
Hello.

90
00:06:15,880 --> 00:06:18,120
And I can sign Guestbook.

91
00:06:18,130 --> 00:06:18,400
All right.

92
00:06:18,400 --> 00:06:23,680
So immediately we'll see a new data being inserted into the database.

93
00:06:24,130 --> 00:06:31,600
So again, we are testing once again for Screwtape Attacks so we can enter script and we are able to

94
00:06:32,200 --> 00:06:37,330
enter alert and then we have, for example, hacked it.

95
00:06:38,050 --> 00:06:38,470
All right.

96
00:06:38,560 --> 00:06:40,360
And we can actually click on Sign Guestbook.

97
00:06:40,840 --> 00:06:45,160
And once again, we are able to see that we have the ability to get it pop up.

98
00:06:45,170 --> 00:06:49,480
So once you have JavaScript attack being enabled, there's a lot of things that you can do.

99
00:06:49,480 --> 00:06:51,280
You can do redirection to a different site.

100
00:06:51,640 --> 00:06:57,070
You can inject a browser exploitation framework so you can inject a script into the site.

101
00:06:57,070 --> 00:07:02,950
And immediately you'll be able to run your own scripts inside a legitimate site so you can cost a lot

102
00:07:02,950 --> 00:07:06,110
of damage for whichever user is logging into the site.

103
00:07:06,520 --> 00:07:12,370
So once again, if I click on Inspect Element, so over here once again, if I open it up, we can see

104
00:07:12,370 --> 00:07:18,250
that we managed to inject Descript into the site and this is how we get the script alert running.

105
00:07:18,400 --> 00:07:21,430
So you could as I mentioned earlier, it could be many different attacks.

106
00:07:21,790 --> 00:07:24,640
It could be the script for a redirection to a different site.

107
00:07:24,910 --> 00:07:28,100
It could be for browser exploitation framework, which I've seen earlier before.

108
00:07:28,570 --> 00:07:34,060
So, for example, if I were to open up a new private window, OK, and if I, for example, go to one

109
00:07:34,060 --> 00:07:35,950
or two, one six eight zero two one two.

110
00:07:36,290 --> 00:07:42,190
So I go back to the the today, which we have already injected a different script.

111
00:07:42,520 --> 00:07:45,100
I inject a defective script into the site.

112
00:07:45,580 --> 00:07:50,830
So what's what's going to happen next is that we're in a login as a different user so we can go to Ops,

113
00:07:51,550 --> 00:07:58,480
we can go to the, for example, HDMI injection and we'll be able to actually click on Add to your block.

114
00:07:58,630 --> 00:08:03,970
And immediately, even though we're logging in as a different user, we will still see the same JavaScript

115
00:08:03,970 --> 00:08:04,850
being run as hacked.

116
00:08:05,110 --> 00:08:11,050
The reason for that is because whoever is accessing the website has the malicious script being injected

117
00:08:11,050 --> 00:08:11,710
into the site.

118
00:08:11,980 --> 00:08:17,890
So whoever reaches the legitimate site on this page will get script and the hackers can do whatever

119
00:08:17,890 --> 00:08:21,310
they want and it will be able to get a lot more damage from here.

120
00:08:21,850 --> 00:08:24,730
So with that, I hope you learned something valuable in today's tutorial.

121
00:08:24,730 --> 00:08:29,020
And if any questions, before you leave a comment below, I'll try my best to answer any of your questions.

122
00:08:29,290 --> 00:08:34,320
So I would like share and subscribe to the channel so that you can be kept abreast of the latest cybersecurity.

123
00:08:34,780 --> 00:08:36,190
Thank you so much once again for watching.