1
00:00:07,360 --> 00:00:09,770
Hi and welcome back to another episode on How to Hack.

2
00:00:09,880 --> 00:00:15,850
So today we're discussing about the use of cross site scripting to actually plan your own JavaScript.

3
00:00:16,070 --> 00:00:20,980
And once you have the browser exploitation stream running on a legitimate site, what happened is that

4
00:00:20,980 --> 00:00:27,520
whenever a user, a legitimate user, dedicated user goes into the site, what happened is that your

5
00:00:27,520 --> 00:00:28,880
JavaScript will be loaded.

6
00:00:28,900 --> 00:00:33,730
And from there on, you'll be able to do a lot more capabilities in terms of finding out what kind of

7
00:00:33,790 --> 00:00:40,450
client browser it is, redirection, even sending them a executable payload to gain access into the

8
00:00:40,450 --> 00:00:41,520
machine directly.

9
00:00:41,980 --> 00:00:48,370
And this is a key concern, especially in terms of cross scripting, which is continue to be highly

10
00:00:48,370 --> 00:00:52,960
malicious within many of these Web application servers are running across the Internet.

11
00:00:53,140 --> 00:00:56,480
So without further ado, let us get started on today's tutorial.

12
00:00:56,890 --> 00:01:01,090
So over here, your colleagues running and we can go ahead and log in to Linux.

13
00:01:01,630 --> 00:01:07,180
So once you log in to colonics, the first thing you want to do is actually just start a browser exploitation

14
00:01:07,180 --> 00:01:14,050
framework so that you have a place to host the malicious hook, a malicious JavaScript hook, so we

15
00:01:14,050 --> 00:01:19,130
can open up terminal and you can actually go ahead and enter Beef Desh access.

16
00:01:19,720 --> 00:01:23,890
So this will be the browser exploitation framework that will be launching.

17
00:01:23,890 --> 00:01:29,620
And this is the part where we will have the management console to actually look at all the browsers

18
00:01:29,620 --> 00:01:31,780
who has been hooked into the JavaScript.

19
00:01:32,380 --> 00:01:37,870
So once it launches into Firefox or Chrome or whichever is your favorite browser, you can go ahead

20
00:01:37,870 --> 00:01:42,200
and log in to the browser exploitation framework management console.

21
00:01:42,460 --> 00:01:48,070
So once you click log in on the left side, we can see all of the other devices which has been connected.

22
00:01:48,070 --> 00:01:50,020
INTUITY hooked it JavaScript before.

23
00:01:50,530 --> 00:01:57,370
So, for example, if I click onto this particular device and we can see all the pass values and we

24
00:01:57,370 --> 00:02:01,780
can see that it was a Chrome browser, it was a window title.

25
00:02:02,320 --> 00:02:07,330
And where was the your eye that had access into Android phone the IP address?

26
00:02:07,330 --> 00:02:13,000
And we can also click onto Network Tap and in a network tab we can actually see how are we connected

27
00:02:13,210 --> 00:02:16,750
or how is the client device connecting over into the hooked and browser.

28
00:02:17,170 --> 00:02:22,450
So again, this is a very simple way, very easy way for you to visualize how the machine's connected

29
00:02:22,450 --> 00:02:22,870
over.

30
00:02:23,380 --> 00:02:27,820
And of course, we can also look at two two one six six six three six nine.

31
00:02:27,850 --> 00:02:30,460
So, again, this is coming from the Internet.

32
00:02:30,460 --> 00:02:36,940
And again, we can see here that we will hosting a JavaScript onto Loy Yang, Young Balkam.

33
00:02:37,300 --> 00:02:40,390
And of course, this was the browser title and so on.

34
00:02:40,600 --> 00:02:46,690
And we can see the information regarding the server, regarding the client device, and we could gain

35
00:02:46,690 --> 00:02:47,860
clicking onto network.

36
00:02:47,860 --> 00:02:51,500
We can see more information, whole services and so on.

37
00:02:51,520 --> 00:02:53,010
So really, really useful tools.

38
00:02:53,800 --> 00:02:55,900
And of course, we can also click onto Zombi.

39
00:02:56,320 --> 00:03:02,290
So zombies, we can actually see that these were the other domains that we were using and we're connecting

40
00:03:02,290 --> 00:03:02,650
over.

41
00:03:02,660 --> 00:03:07,570
So if you've been following the channel, you can look at the past tutorial that we've been doing and

42
00:03:07,570 --> 00:03:13,390
showcasing many of these key capabilities across over onto the Internet because of a lot of demand.

43
00:03:13,390 --> 00:03:18,130
A lot of comments have come in and say that they want to know how can they do all these hacking over

44
00:03:18,130 --> 00:03:19,000
onto the Internet.

45
00:03:20,110 --> 00:03:25,710
So moving forward, we also have made exploitable to running and we can enter MSF, Etman, MSF, administer

46
00:03:25,720 --> 00:03:27,430
password and interactive config.

47
00:03:27,820 --> 00:03:30,340
So this is the Web application server there would be targeting.

48
00:03:30,460 --> 00:03:34,740
So from here we can see the IP address of one or two one six eight one one five.

49
00:03:35,230 --> 00:03:40,300
And going back into the colonics, we can go into one or two one six eight one one one five.

50
00:03:40,750 --> 00:03:42,820
And of course we can go into mutely day.

51
00:03:42,820 --> 00:03:48,070
And I will reset the database because we've been doing a lot of testing prior to this tutorial so they

52
00:03:48,070 --> 00:03:52,790
can learn as much as possible in a cleaner and easier way possible.

53
00:03:53,500 --> 00:04:00,190
So going into Ops top 10, we can go into cross site scripting and we can go into via input getgo so

54
00:04:00,190 --> 00:04:01,670
we can click at to your block.

55
00:04:02,200 --> 00:04:06,460
So this is a typical tax form that you see all the time and it is tax form.

56
00:04:06,460 --> 00:04:11,320
You can see that you can insert some kind of comments into the tax form.

57
00:04:11,530 --> 00:04:14,410
And a lot of times many of these applications are developed.

58
00:04:14,410 --> 00:04:21,040
Whether you're on mobile or and web, they are always unsanitized, the allowed input to go to fully

59
00:04:21,070 --> 00:04:26,950
without checking what kind of parameters, what kind of script has been inserted into the database,

60
00:04:26,950 --> 00:04:28,690
into the Web application server.

61
00:04:29,170 --> 00:04:34,030
So from here, say, I enter ABC, this would actually allow us to save the blog entry.

62
00:04:34,030 --> 00:04:39,640
And at bottom we can actually see that we have the information and we have the comment of ABC here.

63
00:04:39,970 --> 00:04:45,100
And likewise what happened is the hackers would actually use this chance to inject a script into the

64
00:04:45,100 --> 00:04:51,190
browser so that when after legitimate users access into the website, they will look the script and

65
00:04:51,190 --> 00:04:54,260
once the script is loaded, we will get a hooked it browser.

66
00:04:54,370 --> 00:04:58,960
So, for example, going back in the terminal, we can see what is the script that we can use, for

67
00:04:58,960 --> 00:04:59,950
example, over here.

68
00:05:00,250 --> 00:05:06,040
So we can copy this information and we can paste it right here and we can actually change the IP address

69
00:05:06,040 --> 00:05:06,610
of the.

70
00:05:06,980 --> 00:05:10,430
Attacker machine, which is one or two one six, eight, one, two, three.

71
00:05:11,090 --> 00:05:14,900
So over here we can actually go into terminal and we can enter eye of conflict.

72
00:05:15,830 --> 00:05:20,330
And once we hit enter a conflict, we can see that we got the IP address of one or two, one, six,

73
00:05:20,330 --> 00:05:21,650
eight, one, two, three.

74
00:05:22,280 --> 00:05:27,140
And once we have all this information, we can actually click save block entry and immediately we'll

75
00:05:27,140 --> 00:05:29,240
be able to hijack into many other machines.

76
00:05:29,840 --> 00:05:36,350
So in the meantime, what I'll do is I'll launch Windows 10 to demonstrate how we can be able to hijack

77
00:05:36,350 --> 00:05:39,020
browsers of users coming into the site.

78
00:05:39,680 --> 00:05:42,850
So in this case, we can see the Windows 10 is running a booting up.

79
00:05:42,860 --> 00:05:47,060
So in the meantime, going back into colonics, we can click Sieff block entry.

80
00:05:47,480 --> 00:05:52,400
And what happened is that when you write click and click view page source, we can actually do a control

81
00:05:52,400 --> 00:05:55,900
f one or two one six, eight, nine, one or two three.

82
00:05:55,910 --> 00:05:58,690
And we can see that this group has been loaded successfully.

83
00:05:59,150 --> 00:06:04,580
And this means that we would have to hook the browser and going back into we understand we can actually

84
00:06:04,580 --> 00:06:07,290
look and log in into the user account.

85
00:06:07,760 --> 00:06:12,770
So once you log into the user, so this could be a legitimate user going into a legitimate site.

86
00:06:13,200 --> 00:06:20,270
And what happened is that because you're going to a site and a site actually has a malicious JavaScript

87
00:06:20,270 --> 00:06:21,750
running through another site.

88
00:06:21,770 --> 00:06:26,750
So when I click into Add to your block and I go to this site, I have loaded a JavaScript, too.

89
00:06:27,260 --> 00:06:30,470
So going back into colonics, we can go into the left site.

90
00:06:30,470 --> 00:06:33,610
And this is the part where we're looking at online browsers.

91
00:06:34,100 --> 00:06:38,360
So when we're looking at online browsers, we can here on the left side see that we got a new machine

92
00:06:38,360 --> 00:06:39,290
coming in connect.

93
00:06:39,290 --> 00:06:45,200
It is a Windows is running on Internet Explorer and we can see a lot more information about this particular

94
00:06:45,480 --> 00:06:45,980
device.

95
00:06:46,190 --> 00:06:52,640
And likewise, we can go into network to see how we're serving the JavaScript onto the client device.

96
00:06:53,060 --> 00:06:58,940
And of course, this is the part where we can do hacking into the site and we can go into social engineering

97
00:06:58,940 --> 00:07:00,980
and we can actually use Google phishing.

98
00:07:01,370 --> 00:07:06,770
So Google phishing is a great tool that we can use to actually demonstrate how we can surf a Google

99
00:07:06,770 --> 00:07:09,140
phishing site offering fishing login page.

100
00:07:09,560 --> 00:07:15,290
And once we're in, this will allow us to try to get a username and password of the user account.

101
00:07:15,710 --> 00:07:22,970
So over here we can see that this plugin uses an image detector, x SRF cross site request forgery on

102
00:07:22,970 --> 00:07:25,490
a log alberton so we can go ahead and click execute.

103
00:07:26,030 --> 00:07:30,920
So once to execute it on the right site, you can see the automatically brought into the Google login

104
00:07:30,920 --> 00:07:31,340
page.

105
00:07:31,760 --> 00:07:37,280
So the user enter something like Loy Yang Young G.M. dot com followed by their password.

106
00:07:37,670 --> 00:07:42,230
So right now you don't know what a password is, but when I click sign in, I'll be redirected to the

107
00:07:42,230 --> 00:07:44,020
correct account login page.

108
00:07:44,030 --> 00:07:50,090
So sometimes if you remember how you're surfing the web, you get multiple times of login so the users

109
00:07:50,090 --> 00:07:51,800
may not find it so suspicious.

110
00:07:52,190 --> 00:07:57,680
And Onda going back to colonics, we can go into come in number two and when we expand it we can see

111
00:07:57,680 --> 00:08:01,430
that immediately we've got the username and password directly from here.

112
00:08:02,090 --> 00:08:08,240
So they're saying it with a combination of cross site scripting vulnerability as well as the injection

113
00:08:08,240 --> 00:08:09,680
of a JavaScript hook.

114
00:08:09,860 --> 00:08:14,510
We were able to do a lot of capabilities against a particular browser.

115
00:08:14,750 --> 00:08:20,360
And if you'll be looking at the past few videos, actually, in fact, a lot of this hacking techniques,

116
00:08:20,360 --> 00:08:26,270
tactics can be merged together, mashed together, and you come off a new way of actually attacking

117
00:08:26,270 --> 00:08:28,400
many of these devices and assets.

118
00:08:28,910 --> 00:08:32,870
So I hope you have learned something valuable in today's tutorial and you have any questions.

119
00:08:32,870 --> 00:08:37,190
Feel free to leave a comment below and I'll try my best to answer any of those questions and remember

120
00:08:37,190 --> 00:08:41,690
the light share and subscribe to the channel so that you can be kept abreast of the latest cyber security.

121
00:08:41,690 --> 00:08:42,080
Tiriel.

122
00:08:42,410 --> 00:08:43,850
Thank you so much once again for watching.