1
00:00:00,450 --> 00:00:01,350
‫Instructor: Hi.

2
00:00:01,350 --> 00:00:02,730
‫Within this lecture,

3
00:00:02,730 --> 00:00:07,530
‫we are gonna install the vAPI inside of our server.

4
00:00:07,530 --> 00:00:10,080
‫Right now, I'm inside of my server.

5
00:00:10,080 --> 00:00:13,440
‫I have connected via SSH,

6
00:00:13,440 --> 00:00:16,290
‫and it seems that I cannot type anything.

7
00:00:16,290 --> 00:00:20,490
‫So it means that I have lost the connection, I believe.

8
00:00:20,490 --> 00:00:23,100
‫So if you experience the same thing,

9
00:00:23,100 --> 00:00:25,410
‫make sure you close the terminal

10
00:00:25,410 --> 00:00:26,880
‫and open it one more time,

11
00:00:26,880 --> 00:00:28,800
‫and connect to your server again

12
00:00:28,800 --> 00:00:33,120
‫using the SSH or the web interface or PuTTY.

13
00:00:33,120 --> 00:00:34,920
‫As you can see, it says broken pipe,

14
00:00:34,920 --> 00:00:37,110
‫which means that I lost the connection.

15
00:00:37,110 --> 00:00:39,030
‫Okay, so it's easy.

16
00:00:39,030 --> 00:00:41,760
‫I'm going to do SSH one more time,

17
00:00:41,760 --> 00:00:45,180
‫and give my password, and hit Enter,

18
00:00:45,180 --> 00:00:47,640
‫and then I will be in.

19
00:00:47,640 --> 00:00:51,690
‫So as long as you are inside of your terminal like this,

20
00:00:51,690 --> 00:00:55,290
‫as long as you see this root at Ubuntu,

21
00:00:55,290 --> 00:00:56,940
‫then you're good to go.

22
00:00:56,940 --> 00:00:58,140
‫Now what I'm going to do,

23
00:00:58,140 --> 00:01:02,160
‫I'm going to open this GitHub repository one more time

24
00:01:02,160 --> 00:01:04,440
‫because that's exactly what we need

25
00:01:04,440 --> 00:01:06,060
‫in order to install this.

26
00:01:06,060 --> 00:01:07,140
‫Okay?

27
00:01:07,140 --> 00:01:11,100
‫So we need PHP, we need MySQL, MySQL,

28
00:01:11,100 --> 00:01:15,630
‫or we need other requirements or other dependencies as well.

29
00:01:15,630 --> 00:01:17,520
‫But you don't need to worry about those,

30
00:01:17,520 --> 00:01:20,070
‫because we need those inside of the server

31
00:01:20,070 --> 00:01:22,980
‫not inside of our own machine.

32
00:01:22,980 --> 00:01:25,260
‫Of course, we can try to run those on local hosts

33
00:01:25,260 --> 00:01:27,750
‫but it won't be as realistic as it is,

34
00:01:27,750 --> 00:01:32,750
‫and also it will require us to install a lot of things.

35
00:01:33,960 --> 00:01:37,620
‫Right now, I'm just going to copy this Git, okay?

36
00:01:37,620 --> 00:01:40,890
‫Git URL, rather than downloading the zip.

37
00:01:40,890 --> 00:01:42,990
‫I'm just gonna copy this,

38
00:01:42,990 --> 00:01:44,250
‫and come over here,

39
00:01:44,250 --> 00:01:49,080
‫and put it inside of the Apache server directory.

40
00:01:49,080 --> 00:01:51,960
‫So I'm going to run git clone of course.

41
00:01:51,960 --> 00:01:54,330
‫And a Git will be probably installed

42
00:01:54,330 --> 00:01:56,400
‫on the Ubuntu automatically.

43
00:01:56,400 --> 00:01:59,310
‫But let me see, I'm inside of the root.

44
00:01:59,310 --> 00:02:02,250
‫I'm going to try to go back,

45
00:02:02,250 --> 00:02:04,380
‫and then if I say ls,

46
00:02:04,380 --> 00:02:08,790
‫then I can see the V-A-R, var.

47
00:02:08,790 --> 00:02:12,993
‫Then I'm gonna go into cd /var/www/html,

48
00:02:13,920 --> 00:02:15,270
‫but it doesn't exist.

49
00:02:15,270 --> 00:02:18,000
‫There is no such directory, great,

50
00:02:18,000 --> 00:02:20,910
‫which means that I don't have Apache.

51
00:02:20,910 --> 00:02:25,910
‫As you can see, I cannot go into the /var/www/html folder,

52
00:02:26,550 --> 00:02:29,250
‫which means that I don't have the Apache,

53
00:02:29,250 --> 00:02:31,230
‫but let me be certain.

54
00:02:31,230 --> 00:02:34,620
‫I'm going to run this Apache command

55
00:02:34,620 --> 00:02:37,650
‫and see if it's installed on my system or not.

56
00:02:37,650 --> 00:02:40,860
‫If it's not, then I'm just going to go ahead

57
00:02:40,860 --> 00:02:43,680
‫and actually install it.

58
00:02:43,680 --> 00:02:48,570
‫So inside of the var, I don't even have a www folder,

59
00:02:48,570 --> 00:02:51,270
‫which is again, an indication

60
00:02:51,270 --> 00:02:54,210
‫that my Apache service is not present.

61
00:02:54,210 --> 00:02:55,380
‫Here you go,

62
00:02:55,380 --> 00:03:00,380
‫service apache2 status gives me, could not be found.

63
00:03:00,480 --> 00:03:01,313
‫Okay.

64
00:03:01,313 --> 00:03:04,020
‫Then I'm gonna run apt install apache2,

65
00:03:04,020 --> 00:03:08,700
‫which will install the Apache2 on my Ubuntu server.

66
00:03:08,700 --> 00:03:11,220
‫Of course, I'm gonna say yes,

67
00:03:11,220 --> 00:03:12,260
‫but as you can see,

68
00:03:12,260 --> 00:03:16,230
‫it cannot fetch some of the archives.

69
00:03:16,230 --> 00:03:18,060
‫It cannot connect to the internet

70
00:03:18,060 --> 00:03:22,440
‫or it cannot connect to the server for some reason.

71
00:03:22,440 --> 00:03:24,150
‫I'm gonna ping the google.com.

72
00:03:24,150 --> 00:03:24,983
‫Here you go.

73
00:03:24,983 --> 00:03:25,816
‫It works.

74
00:03:25,816 --> 00:03:28,830
‫It's connected to the internet, obviously it's connected.

75
00:03:28,830 --> 00:03:30,360
‫Otherwise, we wouldn't be able

76
00:03:30,360 --> 00:03:33,630
‫to connect to the server at all.

77
00:03:33,630 --> 00:03:34,560
‫So what I'm gonna do,

78
00:03:34,560 --> 00:03:39,390
‫I'm gonna run apt update --fix-missing, okay?

79
00:03:39,390 --> 00:03:41,100
‫It's actually a very good idea

80
00:03:41,100 --> 00:03:43,680
‫to run apt update or apt upgrade,

81
00:03:43,680 --> 00:03:48,680
‫depending on your situation once you create a server.

82
00:03:48,750 --> 00:03:50,340
‫Now, we haven't done that,

83
00:03:50,340 --> 00:03:54,510
‫so most probably that's why we cannot install anything.

84
00:03:54,510 --> 00:03:57,300
‫So I'm gonna run apt update as well.

85
00:03:57,300 --> 00:03:58,133
‫Okay?

86
00:03:58,133 --> 00:03:59,130
‫And here we go.

87
00:03:59,130 --> 00:04:01,170
‫I believe this is now okay.

88
00:04:01,170 --> 00:04:05,010
‫So I'm gonna run apt install apache2 one more time.

89
00:04:05,010 --> 00:04:09,180
‫And I'm gonna say yes, obviously, and here you go.

90
00:04:09,180 --> 00:04:10,890
‫Yeah, right now it's progressing.

91
00:04:10,890 --> 00:04:13,110
‫It means that it's installing.

92
00:04:13,110 --> 00:04:15,780
‫It couldn't download the thing previously

93
00:04:15,780 --> 00:04:20,780
‫because we forgot to actually run apt upgrade or apt update.

94
00:04:22,860 --> 00:04:24,090
‫Here you go.

95
00:04:24,090 --> 00:04:26,490
‫So I'm gonna clear this thing right now.

96
00:04:26,490 --> 00:04:29,130
‫I should have www folder over here.

97
00:04:29,130 --> 00:04:32,430
‫So I'm gonna go cd /var, and run ls.

98
00:04:32,430 --> 00:04:33,390
‫Here you go.

99
00:04:33,390 --> 00:04:35,490
‫We have the www folder.

100
00:04:35,490 --> 00:04:37,800
‫Now I'm gonna go inside of that folder,

101
00:04:37,800 --> 00:04:40,470
‫and also inside of the html as well.

102
00:04:40,470 --> 00:04:44,070
‫Currently, I'm inside of the /var/www/html,

103
00:04:44,070 --> 00:04:47,280
‫and I can see the index.html over here.

104
00:04:47,280 --> 00:04:49,620
‫So this is our web server.

105
00:04:49,620 --> 00:04:53,370
‫So this is where I will run this command, git clone.

106
00:04:53,370 --> 00:04:57,510
‫And I'm going to run this https://github.com.

107
00:04:57,510 --> 00:05:00,240
‫So if you want, pause video here,

108
00:05:00,240 --> 00:05:02,010
‫just copy the comment, okay?

109
00:05:02,010 --> 00:05:04,500
‫git clone https://github.com,

110
00:05:04,500 --> 00:05:08,220
‫because that is exactly what you need to do,

111
00:05:08,220 --> 00:05:11,430
‫because it'll download all the codes inside of your server.

112
00:05:11,430 --> 00:05:14,439
‫And if you run ls, you can see this vapi here,

113
00:05:14,439 --> 00:05:17,280
‫V-A-P-I folder appearing in here.

114
00:05:17,280 --> 00:05:20,550
‫So you can go inside of that by running cd vapi.

115
00:05:20,550 --> 00:05:21,990
‫And here you go.

116
00:05:21,990 --> 00:05:25,080
‫Now we see all the contents, and in fact,

117
00:05:25,080 --> 00:05:28,260
‫we have seen them in our own computer before.

118
00:05:28,260 --> 00:05:32,850
‫Right now, I'm inside of the vapi directory.

119
00:05:32,850 --> 00:05:33,683
‫Okay?

120
00:05:33,683 --> 00:05:37,320
‫So let's go to readme and see how it's installed.

121
00:05:37,320 --> 00:05:41,130
‫So for the Docker installation, it's actually very easy.

122
00:05:41,130 --> 00:05:44,310
‫All you gotta do is just run this docker-compose up -d.

123
00:05:44,310 --> 00:05:45,143
‫Okay?

124
00:05:45,143 --> 00:05:47,670
‫So it has been Dockerized for us.

125
00:05:47,670 --> 00:05:51,180
‫So if you run this, it will just execute everything,

126
00:05:51,180 --> 00:05:53,700
‫install all the dependencies that you need,

127
00:05:53,700 --> 00:05:55,410
‫and run the server for you.

128
00:05:55,410 --> 00:05:57,390
‫It's very easy to do.

129
00:05:57,390 --> 00:06:01,050
‫All you gotta do is just copy this and paste it over here.

130
00:06:01,050 --> 00:06:05,567
‫Of course, we should be inside of the vapi folder.

131
00:06:08,040 --> 00:06:10,470
‫The docker-compose cannot be found,

132
00:06:10,470 --> 00:06:12,390
‫so we have to install this as well.

133
00:06:12,390 --> 00:06:17,130
‫So I'm gonna say apt install docker, first of all,

134
00:06:17,130 --> 00:06:19,170
‫and I'm gonna say yes.

135
00:06:19,170 --> 00:06:21,870
‫So it's gonna install the Docker.

136
00:06:21,870 --> 00:06:25,830
‫And I believe we have to install the Docker Compose as well.

137
00:06:25,830 --> 00:06:30,270
‫So apt install docker-compose.

138
00:06:30,270 --> 00:06:31,260
‫Yep, here you go.

139
00:06:31,260 --> 00:06:35,820
‫As you can see, this is around 360 megabytes,

140
00:06:35,820 --> 00:06:39,060
‫so it can take a little bit of time.

141
00:06:39,060 --> 00:06:41,190
‫So after this is installed,

142
00:06:41,190 --> 00:06:45,540
‫then you can use Docker to instantiate your API.

143
00:06:45,540 --> 00:06:47,700
‫Of course, without the Docker,

144
00:06:47,700 --> 00:06:50,310
‫you can manually install this as well,

145
00:06:50,310 --> 00:06:51,960
‫but if you're not a web developer,

146
00:06:51,960 --> 00:06:54,120
‫or if you don't have any kind of DevOps

147
00:06:54,120 --> 00:06:57,780
‫or backend development experience before,

148
00:06:57,780 --> 00:07:01,140
‫I really suggest you stick to the Dockerized thingy.

149
00:07:01,140 --> 00:07:01,973
‫Okay?

150
00:07:02,850 --> 00:07:03,720
‫So here you guys,

151
00:07:03,720 --> 00:07:07,290
‫you can see, it's almost done.

152
00:07:07,290 --> 00:07:12,180
‫And after you see the screen, you can clear the thing,

153
00:07:12,180 --> 00:07:16,290
‫and then run the docker-compose up -d one more time.

154
00:07:16,290 --> 00:07:18,270
‫This is all you gotta do.

155
00:07:18,270 --> 00:07:20,553
‫If you run docker-compose up -d,

156
00:07:21,420 --> 00:07:24,930
‫as you can see it started to pull the dependencies

157
00:07:24,930 --> 00:07:28,920
‫like it's actually installing MySQL right now.

158
00:07:28,920 --> 00:07:32,130
‫If you don't have PHP on the server, it will install it.

159
00:07:32,130 --> 00:07:34,860
‫If you don't have MySQL, it will install it.

160
00:07:34,860 --> 00:07:38,130
‫If you don't have anything else, it will install it.

161
00:07:38,130 --> 00:07:39,330
‫Very good.

162
00:07:39,330 --> 00:07:42,570
‫Now as you can see, we're gonna have to wait a little bit

163
00:07:42,570 --> 00:07:44,940
‫and see what's going on.

164
00:07:44,940 --> 00:07:47,670
‫And then after this is done,

165
00:07:47,670 --> 00:07:51,330
‫then we're going to actually run the API.

166
00:07:51,330 --> 00:07:54,780
‫By the way, it's step one of four.

167
00:07:54,780 --> 00:07:57,420
‫It's actually installing the PHP right now.

168
00:07:57,420 --> 00:07:59,700
‫I didn't even have that.

169
00:07:59,700 --> 00:08:01,530
‫And after this is completed,

170
00:08:01,530 --> 00:08:05,190
‫I believe, it will automatically run the API.

171
00:08:05,190 --> 00:08:08,370
‫And it will automatically run the API in the background,

172
00:08:08,370 --> 00:08:12,120
‫so that we won't have to do anything else at all.

173
00:08:12,120 --> 00:08:15,300
‫So if we look at the manually installing the server,

174
00:08:15,300 --> 00:08:18,720
‫as you can see, we need to set up the database manually.

175
00:08:18,720 --> 00:08:22,350
‫We're gonna have to install the MySQL manually,

176
00:08:22,350 --> 00:08:23,910
‫and so much more.

177
00:08:23,910 --> 00:08:27,600
‫So I don't think you should focus on that.

178
00:08:27,600 --> 00:08:31,050
‫I believe you should just run docker-compose up -d

179
00:08:31,050 --> 00:08:33,810
‫in order to make this up and running.

180
00:08:33,810 --> 00:08:36,270
‫And then we're going to focus

181
00:08:36,270 --> 00:08:38,193
‫on the penetration testing side.

182
00:08:39,330 --> 00:08:41,133
‫So here you go.

183
00:08:42,390 --> 00:08:44,160
‫I'm gonna wait a little bit.

184
00:08:44,160 --> 00:08:45,180
‫Ah, here you go.

185
00:08:45,180 --> 00:08:46,110
‫It's finished.

186
00:08:46,110 --> 00:08:49,470
‫It's finished, but I believe we got an error.

187
00:08:49,470 --> 00:08:52,080
‫So as you can see, we got an error over here.

188
00:08:52,080 --> 00:08:55,530
‫Maybe you didn't get that error, but I got.

189
00:08:55,530 --> 00:08:59,520
‫So let's see what kind of error do I get?

190
00:08:59,520 --> 00:09:04,520
‫So it says that the address is already in use,

191
00:09:05,040 --> 00:09:08,820
‫which means that we are using the port 80.

192
00:09:08,820 --> 00:09:09,653
‫Okay?

193
00:09:09,653 --> 00:09:12,483
‫It says that you are using the 0.0.0.0:80.

194
00:09:14,056 --> 00:09:17,520
‫So it cannot create the API.

195
00:09:17,520 --> 00:09:22,520
‫So something is using the port 80 in our own server.

196
00:09:23,580 --> 00:09:26,580
‫So I suspect it would be Apache2,

197
00:09:26,580 --> 00:09:28,860
‫because we have just installed it,

198
00:09:28,860 --> 00:09:30,690
‫but of course we can kill it.

199
00:09:30,690 --> 00:09:34,560
‫We can make it stop and just let the API do its thing.

200
00:09:34,560 --> 00:09:38,220
‫So what I'm gonna do, I'm gonna open another tab over here.

201
00:09:38,220 --> 00:09:40,440
‫Actually we don't need another tab.

202
00:09:40,440 --> 00:09:42,300
‫I can just do it over here,

203
00:09:42,300 --> 00:09:45,030
‫because I lost my connection somehow.

204
00:09:45,030 --> 00:09:47,940
‫I'm just gonna give my password one more time.

205
00:09:47,940 --> 00:09:50,640
‫I don't have to do everything from scratch.

206
00:09:50,640 --> 00:09:54,630
‫I know something is using the port 80.

207
00:09:54,630 --> 00:09:59,630
‫So I'm gonna go back to the same folder, cd /var/www/html,

208
00:10:00,510 --> 00:10:02,250
‫and if I run ls, yeah,

209
00:10:02,250 --> 00:10:05,310
‫I'm gonna go into vapi folder as well.

210
00:10:05,310 --> 00:10:08,250
‫Right now, if I run the Docker Compose one more time,

211
00:10:08,250 --> 00:10:12,120
‫it won't matter because the port 80 is in use.

212
00:10:12,120 --> 00:10:15,090
‫So I need to understand what is using port 80.

213
00:10:15,090 --> 00:10:17,992
‫In order to do that, you can run lsof.

214
00:10:17,992 --> 00:10:21,487
‫Okay, lsof -i with a :80.

215
00:10:22,380 --> 00:10:24,600
‫So this 80 stands for the port number.

216
00:10:24,600 --> 00:10:27,120
‫If you're looking for 80, just write 80.

217
00:10:27,120 --> 00:10:28,800
‫And here you go.

218
00:10:28,800 --> 00:10:31,890
‫Now, as you can see, Apache2 is using the port 80,

219
00:10:31,890 --> 00:10:36,890
‫and that is what is blocking us to launch the API.

220
00:10:37,500 --> 00:10:40,290
‫So I'm gonna kill the Apache2,

221
00:10:40,290 --> 00:10:44,880
‫so that we can run the API in a proper way.

222
00:10:44,880 --> 00:10:47,070
‫So all you gotta do is just run kill,

223
00:10:47,070 --> 00:10:49,320
‫and write the PID number over here.

224
00:10:49,320 --> 00:10:51,180
‫This is the process id.

225
00:10:51,180 --> 00:10:53,133
‫So for me, it's 3428,

226
00:10:54,210 --> 00:10:57,840
‫and it will kill the Apache2 if I run the command again.

227
00:10:57,840 --> 00:11:00,990
‫As you can see, there is nothing using the port 80.

228
00:11:00,990 --> 00:11:03,780
‫So if you did not get this error,

229
00:11:03,780 --> 00:11:05,820
‫then you shouldn't do that, okay?

230
00:11:05,820 --> 00:11:07,680
‫You shouldn't bother doing it,

231
00:11:07,680 --> 00:11:09,360
‫but as you can see, I got the error.

232
00:11:09,360 --> 00:11:13,050
‫So I'm gonna run the docker-compose up -d one more time.

233
00:11:13,050 --> 00:11:15,900
‫Since our dependencies' already installed,

234
00:11:15,900 --> 00:11:18,330
‫I believe it will just start the API,

235
00:11:18,330 --> 00:11:19,980
‫and here you go.

236
00:11:19,980 --> 00:11:23,850
‫Now it says that starting API, it says, done.

237
00:11:23,850 --> 00:11:27,060
‫Now I believe it should be okay.

238
00:11:27,060 --> 00:11:28,830
‫Now, if I run ifconfig,

239
00:11:28,830 --> 00:11:32,370
‫you will see that a lot of things is going on over here,

240
00:11:32,370 --> 00:11:35,250
‫but what I'm gonna do, I'm gonna find my IP address.

241
00:11:35,250 --> 00:11:36,120
‫Here you go.

242
00:11:36,120 --> 00:11:37,620
‫Of course you can copy and paste it

243
00:11:37,620 --> 00:11:39,990
‫from the DigitalOcean as well,

244
00:11:39,990 --> 00:11:41,580
‫but I'm gonna run this,

245
00:11:41,580 --> 00:11:45,180
‫and paste it in my browser to see if it's running up.

246
00:11:45,180 --> 00:11:46,020
‫Here you go.

247
00:11:46,020 --> 00:11:48,900
‫Now it means that it's running.

248
00:11:48,900 --> 00:11:52,623
‫So it shows the Laravel, because it's written in PHP,

249
00:11:53,970 --> 00:11:56,550
‫but we are not interested in this right now.

250
00:11:56,550 --> 00:12:00,090
‫All you gotta do to reach the API itself,

251
00:12:00,090 --> 00:12:02,970
‫say /vapi over here.

252
00:12:02,970 --> 00:12:04,350
‫And here you go.

253
00:12:04,350 --> 00:12:09,330
‫Now we are inside of the vulnerable API documentation,

254
00:12:09,330 --> 00:12:11,400
‫which is exactly what we need.

255
00:12:11,400 --> 00:12:14,250
‫Now if you see the screen, then you are good to go.

256
00:12:14,250 --> 00:12:16,110
‫You are ready for pentesting.

257
00:12:16,110 --> 00:12:16,943
‫Of course,

258
00:12:16,943 --> 00:12:19,980
‫we're gonna install some tools for pentesting as well.

259
00:12:19,980 --> 00:12:23,730
‫But aside from that, we are good to go.

260
00:12:23,730 --> 00:12:27,210
‫Again, if you don't wanna set up your own server

261
00:12:27,210 --> 00:12:29,520
‫or if you don't wanna set up your own API,

262
00:12:29,520 --> 00:12:33,120
‫just take notes or just watch the lectures.

263
00:12:33,120 --> 00:12:35,670
‫I believe you will learn something in this section.