1 00:00:00,365 --> 00:00:01,590 ‫Instructor: Hi. 2 00:00:01,590 --> 00:00:05,910 ‫Within this section we are going to solve a CTF together. 3 00:00:05,910 --> 00:00:09,420 ‫So CTF stands for Capture the Flag. 4 00:00:09,420 --> 00:00:11,010 ‫It's kind of a challenge. 5 00:00:11,010 --> 00:00:13,470 ‫It's built to be hacked. 6 00:00:13,470 --> 00:00:16,230 ‫And we're gonna hack in using some 7 00:00:16,230 --> 00:00:19,320 ‫of the techniques that we have learned previously 8 00:00:19,320 --> 00:00:20,820 ‫during the course. 9 00:00:20,820 --> 00:00:24,210 ‫And we are going to just capture the flag, 10 00:00:24,210 --> 00:00:27,630 ‫reveal the vulnerabilities, and in order to do that 11 00:00:27,630 --> 00:00:32,630 ‫I found a very good ctf, which is called Insecure Banking. 12 00:00:33,150 --> 00:00:36,360 ‫And as you can see, I forked it on GitHub. 13 00:00:36,360 --> 00:00:38,520 ‫So this is not written by me. 14 00:00:38,520 --> 00:00:43,380 ‫This is an open source Android insecure app challenge. 15 00:00:43,380 --> 00:00:44,490 ‫Okay? 16 00:00:44,490 --> 00:00:47,004 ‫And even it has a user guide 17 00:00:47,004 --> 00:00:50,970 ‫and it gives some instructions about the usage. 18 00:00:50,970 --> 00:00:54,660 ‫Of course, you don't have to read all of them 19 00:00:54,660 --> 00:00:56,190 ‫you don't have to read at all 20 00:00:56,190 --> 00:00:59,730 ‫because I'm going to show you exactly how to install it. 21 00:00:59,730 --> 00:01:02,850 ‫And I will share this GitHub address so 22 00:01:02,850 --> 00:01:05,880 ‫that you can come over here and download it 23 00:01:05,880 --> 00:01:10,230 ‫and then run it on your emulator to hack it. 24 00:01:10,230 --> 00:01:13,704 ‫I'm going to show you how to do that exactly step by step. 25 00:01:13,704 --> 00:01:17,550 ‫It will involve installing new software. 26 00:01:17,550 --> 00:01:22,550 ‫It actually involves a server and actually pretend server 27 00:01:23,310 --> 00:01:25,950 ‫that you will run on your local host. 28 00:01:25,950 --> 00:01:30,000 ‫And it'll simulate a real server where we get the data 29 00:01:30,000 --> 00:01:32,490 ‫and display the data in our app. 30 00:01:32,490 --> 00:01:36,610 ‫So it actually follows a real life pattern when we 31 00:01:36,610 --> 00:01:40,140 ‫where we have a server and when we get the data 32 00:01:40,140 --> 00:01:43,350 ‫and where we post the data to that server. 33 00:01:43,350 --> 00:01:46,710 ‫So it's a really good example to practice all 34 00:01:46,710 --> 00:01:49,590 ‫the things that we have learned so far. 35 00:01:49,590 --> 00:01:53,730 ‫And I'm doing the CTF on Android so that everyone 36 00:01:53,730 --> 00:01:56,850 ‫can practice what we have been learning so far. 37 00:01:56,850 --> 00:02:00,990 ‫Okay, you don't have to have a MacBook in order to do this. 38 00:02:00,990 --> 00:02:02,970 ‫And as you can see on the left hand side, 39 00:02:02,970 --> 00:02:06,510 ‫I have my server running on my local host. 40 00:02:06,510 --> 00:02:09,690 ‫And on the right hand side I have my emulator. 41 00:02:09,690 --> 00:02:13,680 ‫And this is a little bit different than our regular emulator 42 00:02:13,680 --> 00:02:16,680 ‫that we have seen in our Andriod studio. 43 00:02:16,680 --> 00:02:18,960 ‫Maybe you have realized that 44 00:02:18,960 --> 00:02:21,960 ‫this is called Genymotion, okay? 45 00:02:21,960 --> 00:02:25,950 ‫Or some people prefer to call it Genymotion. 46 00:02:25,950 --> 00:02:28,353 ‫So this is a different emulator. 47 00:02:28,353 --> 00:02:33,353 ‫This is an external emulator, but CTF instructs us 48 00:02:33,450 --> 00:02:36,990 ‫suggests us to install this emulator so that we 49 00:02:36,990 --> 00:02:40,950 ‫can use the VirtualBox capabilities, okay? 50 00:02:40,950 --> 00:02:45,690 ‫Genymotion actually runs with inside of VirtualBox. 51 00:02:45,690 --> 00:02:49,530 ‫Since we already have VirtualBox for this course 52 00:02:49,530 --> 00:02:54,090 ‫it will be pretty easy for us to install this and run this. 53 00:02:54,090 --> 00:02:54,923 ‫Okay? 54 00:02:54,923 --> 00:02:57,300 ‫And also this will teach you how to work 55 00:02:57,300 --> 00:02:58,710 ‫with Genymotion so that if you 56 00:02:58,710 --> 00:03:01,587 ‫ever need that in your under development life 57 00:03:01,587 --> 00:03:06,570 ‫or in your hacking life, it will be a good practice for you. 58 00:03:06,570 --> 00:03:07,590 ‫So what we are gonna do 59 00:03:07,590 --> 00:03:12,000 ‫we are going to try and hack into this application. 60 00:03:12,000 --> 00:03:14,850 ‫And actually let me show you the VirtualBox. 61 00:03:14,850 --> 00:03:15,780 ‫Okay? 62 00:03:15,780 --> 00:03:18,570 ‫So as you can see, Google Pixel Tree 63 00:03:18,570 --> 00:03:22,620 ‫which is this emulator is running all right now. 64 00:03:22,620 --> 00:03:26,670 ‫And if we come to these settings and to the network tab 65 00:03:26,670 --> 00:03:30,870 ‫we will see the related settings over here 66 00:03:30,870 --> 00:03:32,700 ‫that I have mentioned before. 67 00:03:32,700 --> 00:03:36,750 ‫So this will allow us to get the data from the server 68 00:03:36,750 --> 00:03:40,350 ‫which is the local home server and display it over here. 69 00:03:40,350 --> 00:03:44,040 ‫I'm gonna show you how to do that, don't worry. 70 00:03:44,040 --> 00:03:47,670 ‫But this is the thing that we are going to be hacking 71 00:03:47,670 --> 00:03:51,810 ‫during this section, and this is a great opportunity for us. 72 00:03:51,810 --> 00:03:54,810 ‫So we're gonna stop here, and within the next lecure 73 00:03:54,810 --> 00:03:57,180 ‫I'm going to share you the link 74 00:03:57,180 --> 00:04:00,630 ‫actually can find the link in the resources of this lecture. 75 00:04:00,630 --> 00:04:02,850 ‫And then I will show you how to install it. 76 00:04:02,850 --> 00:04:05,250 ‫And I then I will show you how to run it 77 00:04:05,250 --> 00:04:07,860 ‫and then how to hack it together. 78 00:04:07,860 --> 00:04:10,083 ‫So let's meet in the new lecture.