1
00:00:00,270 --> 00:00:02,070
Vulnerable virtual machine.

2
00:00:03,180 --> 00:00:08,880
All right, so practicing your skills always helps you and your career and your personal life, but

3
00:00:08,880 --> 00:00:11,740
here we're just going to stick with your professional life, right?

4
00:00:12,030 --> 00:00:18,330
So there are many ways for you to gain the knowledge of Web application penetration testing.

5
00:00:18,930 --> 00:00:22,670
You can read blogs and you watch courses and you participate.

6
00:00:22,680 --> 00:00:26,070
You watch videos and so on and so forth.

7
00:00:26,070 --> 00:00:33,000
But nothing will ever beat actual hands on experience in order to improve your skills.

8
00:00:34,550 --> 00:00:41,240
Hands on experience allows you to understand the procedures and methods of securing Web apps, so you're

9
00:00:41,240 --> 00:00:45,080
going to get your hands dirty to get more out of this course.

10
00:00:45,350 --> 00:00:47,180
And it's a good thing because you know what?

11
00:00:47,480 --> 00:00:48,320
Muscle memory.

12
00:00:49,390 --> 00:00:56,410
So I'm going to say now to accomplish everything that we've been talking about, you must have a vulnerable

13
00:00:56,410 --> 00:01:01,080
Web application so that we can try to build that lab, right.

14
00:01:02,000 --> 00:01:07,850
Of course, you can develop a Web app by yourself, but it's not necessarily reasonable when you're

15
00:01:07,850 --> 00:01:09,890
new to Web vulnerabilities.

16
00:01:10,880 --> 00:01:18,260
So you must first exploit and learn what the vulnerabilities of Web applications might be and what they

17
00:01:18,260 --> 00:01:18,740
look like.

18
00:01:20,900 --> 00:01:27,680
So as Web penetration testers, it's vital to be aware of real world applications, which are very diverse.

19
00:01:27,680 --> 00:01:33,980
And many, many ways they are built with various technologies and each of them can be served up differently.

20
00:01:34,760 --> 00:01:41,030
So to be prepared for testing, we should practice and improve our skills stands to reason, right?

21
00:01:42,280 --> 00:01:49,780
Now, thanks to our security community, we can find many intentionally vulnerable Web applications

22
00:01:50,290 --> 00:01:51,540
on which to practice.

23
00:01:52,420 --> 00:01:57,730
So that means that we can download these applications source code and then use him in our environment.

24
00:01:58,690 --> 00:02:03,160
Also, there are some pre-built virtual machines that contain these applications already.

25
00:02:05,640 --> 00:02:12,960
And by using these virtual machines and applications that way, you ensure that you have a safe environment

26
00:02:12,960 --> 00:02:13,920
in which to work.

27
00:02:16,350 --> 00:02:21,130
Box, no, I didn't say beat box, although that would be fun.

28
00:02:22,440 --> 00:02:28,650
But I just want to let you know that you can develop your attacking skills, identify and exploit vulnerabilities

29
00:02:28,650 --> 00:02:32,070
in Web applications with this.

30
00:02:32,500 --> 00:02:38,400
This is an old WASP project called Vulnerable App Directory Project.

31
00:02:39,290 --> 00:02:43,580
And it holds in categorises pretty much almost everything for us.

32
00:02:44,760 --> 00:02:48,300
Most of the vulnerable applications can be found in this project.

33
00:02:49,260 --> 00:02:55,350
Now, here are many options when you need vulnerable applications in virtual machines.

34
00:02:56,030 --> 00:03:00,030
Now, thanks to the community for this purpose, many buggy apps are developed.

35
00:03:00,360 --> 00:03:01,950
So that means it's intentional.

36
00:03:02,130 --> 00:03:02,580
Mm hmm.

37
00:03:03,680 --> 00:03:08,210
You can find and review a list of all known vulnerable Web applications here.

38
00:03:09,100 --> 00:03:14,050
And if you're not necessarily comfortable using an already built configuration, of course, you can

39
00:03:14,050 --> 00:03:16,810
create your own vulnerable system from the very beginning.

40
00:03:18,160 --> 00:03:21,940
Some developers, that's what they do without even knowing it.

41
00:03:22,060 --> 00:03:22,750
I'm just kidding.

42
00:03:23,200 --> 00:03:23,490
All right.

43
00:03:23,490 --> 00:03:24,730
So I need to be honest with you.

44
00:03:25,270 --> 00:03:31,090
When I was first planning out this course, I was planning to create a vulnerable machine from the very

45
00:03:31,090 --> 00:03:32,650
beginning by myself.

46
00:03:32,650 --> 00:03:34,600
And have you do it as well.

47
00:03:34,930 --> 00:03:40,450
As I've said, I really do believe that this has many benefits in order to learn application deployment

48
00:03:40,450 --> 00:03:42,120
process at the very least.

49
00:03:42,880 --> 00:03:49,960
But as I already told you, what I decided was it's too time consuming and it certainly isn't for beginners.

50
00:03:50,050 --> 00:03:54,340
So for that reason and others, we're not going to do it that way in this cause.

51
00:03:54,790 --> 00:03:59,290
We're going to use a prepared virtual machine called PAYBOX.

52
00:03:59,840 --> 00:04:03,580
OK, so B box contains the buggy application, B, WAP.

53
00:04:05,280 --> 00:04:12,270
Buggy web application, in case you're wondering, therefore, we are going to play with the B WAP in

54
00:04:12,270 --> 00:04:12,900
this court.

55
00:04:13,700 --> 00:04:18,980
So it's based on P and it runs on the minus Google database server at the back end.

56
00:04:20,260 --> 00:04:23,980
It has three levels of security, low, medium and high.

57
00:04:24,870 --> 00:04:28,200
And each level demands different skills.

58
00:04:29,310 --> 00:04:37,830
So it covers all risks from the WASP Top 10 project with all major known Web vulnerabilities such as

59
00:04:37,830 --> 00:04:44,880
excess six RF school injection file injection, upload flaws and many more.

60
00:04:45,720 --> 00:04:51,450
So at any time, you can easily reset the database if you figure that you want to start over again.

61
00:04:52,230 --> 00:04:56,870
And it comes with a simple, straightforward interface, alas.

62
00:04:56,970 --> 00:04:58,770
Don't let that deceive you.

63
00:04:59,680 --> 00:05:05,770
Because it's only for learning purposes now, another great feature, you can also view the vulnerability

64
00:05:05,770 --> 00:05:06,840
in the source code.

65
00:05:07,510 --> 00:05:12,370
So it means that you don't really need to try something blindly, like a script kiddie.

66
00:05:13,400 --> 00:05:17,690
You can observe and measure what you're doing by looking at the source code.

67
00:05:18,500 --> 00:05:22,010
OK, anyway, let's just install this box into the lab.

68
00:05:24,070 --> 00:05:28,360
So open up your favorite browser and this time Type B Web.

69
00:05:29,770 --> 00:05:35,440
And follow the first link from the results of the search, and here we are, the official Web site of

70
00:05:35,440 --> 00:05:36,760
the owner of the application.

71
00:05:38,170 --> 00:05:40,120
And then we can go to the download page.

72
00:05:41,430 --> 00:05:44,070
Click the link below to download PAYBOX.

73
00:05:45,170 --> 00:05:49,010
And you will be redirected to SourceForge dot net.

74
00:05:50,210 --> 00:05:53,720
So click here to download and save the file.

75
00:05:55,070 --> 00:05:56,480
Download or take a few minutes.

76
00:05:57,580 --> 00:06:02,680
And this time, I am absolutely sure that I'm not going to record the entire download process.

77
00:06:05,800 --> 00:06:09,290
OK, so after the download finishes, go to your download folder.

78
00:06:10,000 --> 00:06:10,840
And what do you know?

79
00:06:10,850 --> 00:06:14,110
Here is a downloaded file in seven zip format again.

80
00:06:15,220 --> 00:06:17,950
Let me just close the browser so you can have a clean view.

81
00:06:18,490 --> 00:06:21,790
OK, so right, click on the file, extract the files.

82
00:06:22,730 --> 00:06:29,320
I'm going to extract it to a new folder under the previous folder that I created for virtual machines

83
00:06:29,320 --> 00:06:30,490
at the beginning of the course.

84
00:06:32,050 --> 00:06:35,260
And I'll wait a few seconds until the extraction finishes.

85
00:06:35,890 --> 00:06:37,920
All right, so the extraction is done.

86
00:06:38,770 --> 00:06:39,910
Let's go to the folder.

87
00:06:40,990 --> 00:06:42,490
And here are the files.

88
00:06:43,500 --> 00:06:48,210
And double click on the file with this VM X extension.

89
00:06:50,110 --> 00:06:53,980
And now the virtual machine will start in full screen automatically.

90
00:06:55,020 --> 00:07:01,860
And again, we're going to come up against this warning and just click on I moved it and continue.

91
00:07:04,390 --> 00:07:07,690
OK, so now in a few seconds, the box will start.

92
00:07:09,670 --> 00:07:13,870
And here is the desktop environment of our virtual machine.

93
00:07:14,790 --> 00:07:22,020
And I'm going to offer congratulations yet again, you have imported a vulnerable machine into your

94
00:07:22,260 --> 00:07:23,460
lab environment.

95
00:07:24,060 --> 00:07:24,720
Good job.

96
00:07:27,080 --> 00:07:32,070
All right, so now we have imported the preinstalled b WAP virtual machine.

97
00:07:32,720 --> 00:07:37,340
It's also possible to download the application code itself and use it, but we're not going to do it

98
00:07:37,340 --> 00:07:37,720
that way.

99
00:07:37,880 --> 00:07:43,280
So one thing to keep in mind, these kinds of applications are they're damn vulnerable.

100
00:07:43,610 --> 00:07:47,290
Don't upload them to an Internet facing server.

101
00:07:47,690 --> 00:07:49,470
They will be compromised.

102
00:07:50,120 --> 00:07:57,230
So believe me, I did it once for experimental purposes and it did not take any time at all for it to

103
00:07:57,230 --> 00:07:57,860
be hacked.

104
00:07:58,010 --> 00:08:02,570
Now, in case you think I'm giving you permission to do that again, just make sure that you set it

105
00:08:02,570 --> 00:08:03,740
up in a secure environment.