1
00:00:12,280 --> 00:00:16,660
Hey, guys, welcome back to another episode on how the heck so ribbeck to heck is on.

2
00:00:16,660 --> 00:00:22,360
And we will be looking at this vulnerable Web application platform to do all security penetration testing

3
00:00:22,360 --> 00:00:22,560
on.

4
00:00:22,930 --> 00:00:28,720
And in this case, over here, we actually have the website running on Culex and we can actually log

5
00:00:28,720 --> 00:00:31,390
out of the particular session.

6
00:00:31,660 --> 00:00:36,280
So we are now on the e-commerce site and we can click on to sign in or sign up and I can go and enter

7
00:00:36,500 --> 00:00:38,320
a and a and click sign in.

8
00:00:38,830 --> 00:00:39,700
And of course it stays.

9
00:00:39,700 --> 00:00:43,510
The following username or password are incorrect.

10
00:00:43,750 --> 00:00:50,110
So of course over here, what we can do now is to go into your browser, go to top right corner, click

11
00:00:50,110 --> 00:00:52,920
on your preferences and scroll all the way down.

12
00:00:52,930 --> 00:00:58,600
So if, for example, you're in Firefox and you can click on netbook settings, click on a menu proxy

13
00:00:58,600 --> 00:00:59,300
configuration.

14
00:00:59,320 --> 00:01:04,660
So in this case, we have one two seven zero zero one in port of eight zero eight zero.

15
00:01:04,660 --> 00:01:11,710
Click OK on that and go ahead and go to top left corner and we can go ahead and click onto Sweet OK.

16
00:01:11,770 --> 00:01:15,760
So Sweet Community Edition would start and in this case I'm going to click OK.

17
00:01:16,270 --> 00:01:20,920
Temporary Project Click makes use D Fort's Click Start Berp.

18
00:01:21,190 --> 00:01:26,250
All right, so once you're here you can go ahead and click onto the proxy tab.

19
00:01:26,260 --> 00:01:31,600
So in the future we'll be doing a few tutorial for Street across all the different tabs and functions

20
00:01:31,600 --> 00:01:37,390
and capabilities on Bourbon Street for us to perform all bug bounty hunting to do our penetration testing.

21
00:01:37,410 --> 00:01:45,340
OK, so once we're in all right, once we're in, what we can do now is to go back into Firefox and

22
00:01:45,340 --> 00:01:46,240
go back to Hickerson.

23
00:01:46,330 --> 00:01:46,620
All right.

24
00:01:46,630 --> 00:01:51,430
So we can key in a for username and game, whichever payload you want to for the password.

25
00:01:51,430 --> 00:01:53,680
For you click on to sign it.

26
00:01:54,500 --> 00:02:00,340
OK, so once we click on a sign and it gets sent over into proxy a suite and we can see all the details

27
00:02:00,340 --> 00:02:00,580
here.

28
00:02:00,580 --> 00:02:02,290
So I'm going to do a control.

29
00:02:02,770 --> 00:02:03,250
All right.

30
00:02:03,520 --> 00:02:04,090
You can do it right.

31
00:02:04,090 --> 00:02:04,780
Click copy.

32
00:02:05,290 --> 00:02:05,560
All right.

33
00:02:05,560 --> 00:02:07,300
So we can copy the entire feel.

34
00:02:07,690 --> 00:02:08,080
All right.

35
00:02:08,230 --> 00:02:11,770
So once you've done so, you can open up, for example, mouse parent in this case.

36
00:02:12,100 --> 00:02:16,390
And I've actually saved all the information here so I can use it again or I can save it one more time.

37
00:02:16,900 --> 00:02:18,070
So we have to post.

38
00:02:18,070 --> 00:02:23,110
So this is what we are sending over into the Web application server from the browser.

39
00:02:23,110 --> 00:02:30,010
And in this case we have user login, return your URL and we have the host IP address to user agent,

40
00:02:30,340 --> 00:02:33,640
all this different information that we're sending over into the Web application system.

41
00:02:33,640 --> 00:02:37,240
So it's very important for us to understand the fundamentals.

42
00:02:37,390 --> 00:02:37,710
All right.

43
00:02:37,810 --> 00:02:44,560
Of how Web application actually communicates with the browser or with the agent or in this case, we

44
00:02:44,560 --> 00:02:51,820
can look at all the different details here, like content type content, length cookie, great and secure

45
00:02:51,820 --> 00:02:53,440
requests and so on, so forth.

46
00:02:53,440 --> 00:02:56,380
And of course, here we have the username and password for you.

47
00:02:56,530 --> 00:02:56,600
Right.

48
00:02:56,650 --> 00:03:02,470
So understanding how this structure works is very important because it helps us identify and also try

49
00:03:02,470 --> 00:03:08,440
to manipulate and change different payloads or instructions that we sent into the Web application system

50
00:03:08,710 --> 00:03:10,210
as part of a penetration testing.

51
00:03:10,330 --> 00:03:10,690
All right.

52
00:03:11,050 --> 00:03:18,460
So what we can do next is we can go ahead and boot up Eskild map to help us perform our school map to

53
00:03:18,460 --> 00:03:22,720
help us perform the sequel Injection Attack so I can go ahead and open up terminal.

54
00:03:23,200 --> 00:03:25,330
I have a separate terminal right here on the right site.

55
00:03:25,990 --> 00:03:30,700
OK, so what I've done is I've actually created instructions for us to use.

56
00:03:30,700 --> 00:03:34,570
So in this case, I'm going to explain a little more for you as we use the instructions here.

57
00:03:34,570 --> 00:03:37,840
OK, so I can paste a selection so we have SQL map.

58
00:03:37,960 --> 00:03:38,320
All right.

59
00:03:38,320 --> 00:03:39,060
And we have Desh.

60
00:03:39,070 --> 00:03:45,220
Ah, so this is the follow they'll be using, which is hackers on SQL Injection DSP.

61
00:03:45,370 --> 00:03:46,990
So retargeting the username.

62
00:03:47,020 --> 00:03:47,290
All right.

63
00:03:47,290 --> 00:03:49,450
Level five, risk free DBS.

64
00:03:49,630 --> 00:03:53,590
It's ten, so go ahead and hit enter on debt and this would begin rounding the attack.

65
00:03:53,630 --> 00:03:55,630
OK, so just give me a second.

66
00:03:55,630 --> 00:04:01,540
Let me take a look at the fall where we OK, silver KD to desktop so say to fall onto the desktop folder.

67
00:04:01,540 --> 00:04:03,790
So now we can rerun the instruction again.

68
00:04:04,000 --> 00:04:06,890
He'd have to run that and over here immediately.

69
00:04:06,890 --> 00:04:07,090
Right.

70
00:04:07,090 --> 00:04:08,920
We can find out more information.

71
00:04:09,060 --> 00:04:09,430
All right.

72
00:04:09,450 --> 00:04:13,060
States to following school map resume the following injections.

73
00:04:13,060 --> 00:04:14,230
We've been doing it for the first time.

74
00:04:14,560 --> 00:04:17,350
He's going to take a while because it's trying all sorts of attacks.

75
00:04:17,350 --> 00:04:19,390
And in this case we have boolean baseline.

76
00:04:19,690 --> 00:04:20,080
All right.

77
00:04:20,080 --> 00:04:22,690
We have selected queries and we have time base Blyer.

78
00:04:23,170 --> 00:04:28,210
So if you're not sure what all this stands for in terms of scale injection, especially in advanced

79
00:04:28,210 --> 00:04:32,200
SQL injection, do check out Electret opposes a link on to comment section.

80
00:04:32,200 --> 00:04:34,840
So check that out if you're not aware of how to run it.

81
00:04:35,060 --> 00:04:38,590
OK, what all this all these different type of SQL injection.

82
00:04:40,010 --> 00:04:44,860
So over here, immediately we are able to look at the two available databases.

83
00:04:44,860 --> 00:04:47,860
So in this case we have hecker's on and we have information schema.

84
00:04:47,860 --> 00:04:53,920
So obviously we're going to be very interested in knowing about Pécas on because that's likely the database,

85
00:04:53,950 --> 00:04:58,810
which contains all the sensitive information of all the uses of the shopping cart, information of the

86
00:04:58,810 --> 00:05:03,460
products of the passwords, the credit card information, billing address, the phone number and and

87
00:05:03,460 --> 00:05:03,910
so on.

88
00:05:04,540 --> 00:05:07,860
Information schema, it's more of a structure of how the database.

89
00:05:08,110 --> 00:05:08,410
All right.

90
00:05:08,440 --> 00:05:09,580
So what we can do next.

91
00:05:09,940 --> 00:05:11,080
Is I can go back again.

92
00:05:11,290 --> 00:05:14,890
So I've created all this different instructions are ready for you.

93
00:05:14,930 --> 00:05:15,110
All right.

94
00:05:15,160 --> 00:05:16,300
So I can copy this.

95
00:05:16,300 --> 00:05:21,190
And let me explain a little more for you as well so I can post selection and it stays the following

96
00:05:21,640 --> 00:05:23,320
school map are all right.

97
00:05:23,920 --> 00:05:26,030
And we are specifying the file name again.

98
00:05:26,230 --> 00:05:26,460
All right.

99
00:05:26,470 --> 00:05:28,360
And of course, the user is a target.

100
00:05:28,870 --> 00:05:29,230
All right.

101
00:05:29,230 --> 00:05:31,480
Target parameter that we're going after.

102
00:05:31,480 --> 00:05:36,880
And we have Dashti, meaning that we are looking into the database, Carcassonne and we're looking at

103
00:05:36,880 --> 00:05:38,020
a column sort of threats.

104
00:05:38,080 --> 00:05:41,870
OK, so transmitting we're running multiple threats against this attack.

105
00:05:41,900 --> 00:05:42,160
All right.

106
00:05:43,090 --> 00:05:44,080
So hit enter on that.

107
00:05:44,080 --> 00:05:47,860
And right now we are retrieving all those information that is part of the database.

108
00:05:47,860 --> 00:05:51,110
So in this case, we can look at all the tables in the database.

109
00:05:51,110 --> 00:05:57,340
So again, we have a big coverage about how we run all those SQL injection, about the structure of

110
00:05:57,340 --> 00:05:57,910
databases.

111
00:05:57,910 --> 00:05:59,800
So databases.

112
00:05:59,800 --> 00:05:59,980
Right.

113
00:05:59,980 --> 00:06:01,660
You have full bite tables.

114
00:06:01,870 --> 00:06:02,230
All right.

115
00:06:02,380 --> 00:06:08,530
Followed by the information insert tables, which are structured in columns and rows, or in this case,

116
00:06:08,830 --> 00:06:10,850
we have all the columns of each of the table.

117
00:06:10,870 --> 00:06:17,080
So in this case, we have table news and we have the column, the type of data that you can input into

118
00:06:17,080 --> 00:06:17,590
the column.

119
00:06:17,950 --> 00:06:18,260
All right.

120
00:06:18,280 --> 00:06:21,380
And we have the table wish list for the worse.

121
00:06:21,430 --> 00:06:21,820
All right.

122
00:06:21,850 --> 00:06:25,090
We have the column as well as type integer timestamp.

123
00:06:25,090 --> 00:06:31,090
So it's very important for us to understand the basic fundamentals of Skouris, of how relational databases

124
00:06:31,090 --> 00:06:31,750
work with each other.

125
00:06:31,750 --> 00:06:33,860
And, of course, right now, not only sequel.

126
00:06:33,890 --> 00:06:34,200
All right.

127
00:06:34,810 --> 00:06:38,080
So again, we can look at wish-List wish list item.

128
00:06:38,230 --> 00:06:38,530
All right.

129
00:06:38,530 --> 00:06:39,970
We have enquiry's.

130
00:06:40,330 --> 00:06:41,560
We have products.

131
00:06:41,980 --> 00:06:42,370
All right.

132
00:06:42,370 --> 00:06:44,020
We have Aldar address.

133
00:06:44,230 --> 00:06:44,480
All right.

134
00:06:44,500 --> 00:06:45,460
Personal data.

135
00:06:45,460 --> 00:06:48,190
So you can think back about general data protection regulation.

136
00:06:48,470 --> 00:06:54,340
I'll think about all the privacy laws that has been enacted across many, many different countries in

137
00:06:54,340 --> 00:06:59,740
protecting its citizens data because those personal information and data can be used to access some

138
00:06:59,740 --> 00:07:03,010
of this sensitive and critical services that you subscribe to.

139
00:07:03,880 --> 00:07:05,500
So scrolling, scrolling up.

140
00:07:06,070 --> 00:07:06,400
All right.

141
00:07:06,400 --> 00:07:09,080
We can see again, more tax and here.

142
00:07:09,280 --> 00:07:09,550
All right.

143
00:07:09,550 --> 00:07:15,350
We have table users and table users seem to content contain quite a lot of sensitive information.

144
00:07:15,380 --> 00:07:15,520
All right.

145
00:07:15,550 --> 00:07:21,800
So in this case, we can look at password, we can look at credit card, we can look at email, let's

146
00:07:21,850 --> 00:07:26,260
log in and all this even off provider and off UID.

147
00:07:26,350 --> 00:07:29,100
So this is open authorization.

148
00:07:29,110 --> 00:07:29,500
All right.

149
00:07:29,770 --> 00:07:32,020
And we have photo, we cover password.

150
00:07:32,040 --> 00:07:35,200
Resto could use a phone, usernames.

151
00:07:35,200 --> 00:07:39,130
All these are pretty important information that the hackers could extract.

152
00:07:39,370 --> 00:07:45,130
And as part of the extraction, they will be able to launch the attack against the attacks against the

153
00:07:45,130 --> 00:07:46,400
user in question.

154
00:07:46,430 --> 00:07:52,300
OK, so what we can do next is that after the game, the second information that can help us dump out

155
00:07:52,300 --> 00:07:56,060
more details so I can copy this and I can go back into the terminal.

156
00:07:56,110 --> 00:07:56,520
All right.

157
00:07:56,530 --> 00:08:00,610
So I can go back in the terminal and I get pastie selection in this case.

158
00:08:01,150 --> 00:08:06,100
So once again, we'll look at school map and we'll looking into the fall that we have gotten to post

159
00:08:06,400 --> 00:08:07,420
into the system.

160
00:08:07,450 --> 00:08:07,750
All right.

161
00:08:07,750 --> 00:08:09,670
Now we have target of username.

162
00:08:10,090 --> 00:08:14,080
We have to database hackers on and then we have Table Tibble users.

163
00:08:15,070 --> 00:08:18,630
C stands for specifying the columns that we're going after.

164
00:08:18,640 --> 00:08:24,190
So we have username, password, credit card, credit cards, TV critic, taxpayers dump.

165
00:08:24,220 --> 00:08:24,520
All right.

166
00:08:24,520 --> 00:08:27,550
And so go ahead, hit enter on that.

167
00:08:28,450 --> 00:08:33,860
And over here retrieving all this information and we can immediately find the username, the password,

168
00:08:33,860 --> 00:08:35,590
the credit card, all these different details.

169
00:08:35,980 --> 00:08:39,220
And of course, very quickly, we could find out all these details.

170
00:08:39,220 --> 00:08:40,900
We can do password cracking on it.

171
00:08:41,110 --> 00:08:47,110
We can use all sorts of methods to gain access to the information, personal information, as well as

172
00:08:47,110 --> 00:08:47,920
a critical data.

173
00:08:47,920 --> 00:08:49,800
So very quickly, we can launch all those attacks.

174
00:08:50,320 --> 00:08:53,500
So once again, I hope you learned something valuable in today's session.

175
00:08:53,500 --> 00:08:57,760
And if any questions before you leave a comment below now, try my best to answer any of your questions

176
00:08:57,880 --> 00:09:03,040
and we will like, share and subscribe the channel so that you can be kept abreast of the latest cybersecurity

177
00:09:03,040 --> 00:09:03,490
tutorial.

178
00:09:03,610 --> 00:09:04,990
Thank you so much once again for watching.