1
00:00:00,500 --> 00:00:06,090
And as you know, we're going to see the Batsuit intruder, uh, you can see the see the section of

2
00:00:06,480 --> 00:00:14,310
the intruder and what you can do with this intruder is you can brute force these requests so you can

3
00:00:14,310 --> 00:00:16,410
see the target and you can see the positions.

4
00:00:16,650 --> 00:00:22,740
So this is a basic example they are given and the payroll positions you need to define which parts of

5
00:00:22,740 --> 00:00:24,410
the request you need to brute force.

6
00:00:24,420 --> 00:00:33,510
So you can see there is there are some areas between the distorter are so, um, this is this is a door.

7
00:00:34,200 --> 00:00:41,160
So you can see this in this sense, there is a valley with the green like P1 and P2 area.

8
00:00:41,340 --> 00:00:43,050
So these are the positions, values.

9
00:00:44,100 --> 00:00:50,490
And what you can do is you need to set some variables you need to build for supposing I want to for

10
00:00:50,520 --> 00:00:51,000
the key.

11
00:00:51,000 --> 00:00:54,420
I was at the content of the key to this.

12
00:00:54,750 --> 00:00:55,630
Darwell was.

13
00:00:56,190 --> 00:01:02,400
So in that way you can set these values and you can perform the, uh, some of these attacks, sniper

14
00:01:02,400 --> 00:01:04,940
attack, uh, battering ram, pitchfork and crushable.

15
00:01:05,070 --> 00:01:13,890
So the disadvantage exurbia, an intruder, this sniper attack used to enter and attacks.

16
00:01:14,190 --> 00:01:20,550
That means if you're going to need to add the usernames, are the passwords you need to brute force,

17
00:01:20,730 --> 00:01:25,160
are the data you need to, uh, replace in these variables.

18
00:01:25,770 --> 00:01:32,880
So if admin, I want to admin and I can add this risk so I can add the list in this balance.

19
00:01:33,390 --> 00:01:35,970
And this sniper is like is to end.

20
00:01:35,970 --> 00:01:42,120
It will check all the combinations and this battering ram one is two one one one at a time and then

21
00:01:42,330 --> 00:01:43,740
it will not check, one is two.

22
00:01:43,750 --> 00:01:50,910
And so in that these are four periods who, uh, only one parent.

23
00:01:50,910 --> 00:01:55,020
If you have multiple sets of parents, you can use this for rest of them.

24
00:01:56,670 --> 00:02:03,560
OK, well, you see it an example so that you get a clear understanding of my mother's variable.

25
00:02:03,570 --> 00:02:10,380
Two is running, uh, an IP address, one nine two zero one six zero zero one, not one.

26
00:02:15,170 --> 00:02:25,160
So as you can see, where will do and we need to go into this damnable Web application, so how do I

27
00:02:25,230 --> 00:02:31,900
know I got so the password Edwyn username and password is password.

28
00:02:33,080 --> 00:02:38,870
So after you going through some exercises knowing this, you know, we're going to sort of brute force

29
00:02:38,870 --> 00:02:42,540
success in order to set the bar.

30
00:02:42,830 --> 00:02:50,880
And I have already set my proxy to bar and there is a username and password admin and admin for type

31
00:02:50,900 --> 00:02:51,290
enter.

32
00:02:52,040 --> 00:02:58,580
It's just username and password and you can see the discerning the parameters, usernames and passwords

33
00:02:58,580 --> 00:02:58,950
go straight.

34
00:03:01,020 --> 00:03:10,080
So what we're going to do is we need to send it to the Saudis and this means this proxy and go through

35
00:03:10,080 --> 00:03:10,140
the.

36
00:03:12,400 --> 00:03:24,120
And you can see the latest request is this all of this request using this username and password, it

37
00:03:24,120 --> 00:03:30,670
is, uh, in order to take a look at this point, it says, OK, uh, but it is an error.

38
00:03:31,930 --> 00:03:33,610
So what we're going to do is right.

39
00:03:33,610 --> 00:03:34,240
Click on this.

40
00:03:34,240 --> 00:03:36,040
And to control the agency.

41
00:03:36,100 --> 00:03:40,220
Intruder is writing in the orange now on this, too.

42
00:03:40,240 --> 00:03:43,080
So there is a new tab has been opened for about request.

43
00:03:43,240 --> 00:03:44,320
You can see the positions.

44
00:03:44,560 --> 00:03:48,640
So this person has already identified some positions for you.

45
00:03:48,910 --> 00:03:53,740
We need to clear this up to clear all of these various positions.

46
00:03:53,920 --> 00:03:55,690
We can create this one.

47
00:03:56,260 --> 00:03:59,170
And what I want to do is I want to prep for this segment.

48
00:03:59,410 --> 00:04:03,640
So instead of it, I can pretend values and our values or whatever.

49
00:04:03,910 --> 00:04:11,770
And I can't I want to click at and now you can see that when this placeholder has been placed, now

50
00:04:11,770 --> 00:04:18,940
I want to do the same for the parser feel so no, whatever I do in this petrolist, it will be checked

51
00:04:18,950 --> 00:04:22,570
with every each and every combination of this one and the.

52
00:04:23,260 --> 00:04:25,080
So I went to placeholders, so.

53
00:04:25,080 --> 00:04:27,220
Well, what do you want me to try?

54
00:04:27,220 --> 00:04:29,870
One tool for Perutz, one and two.

55
00:04:29,890 --> 00:04:31,320
So first I want to separate.

56
00:04:31,420 --> 00:04:40,750
One is like username, admin, nickel or temp etc. So you if you want to import from the order, you

57
00:04:40,750 --> 00:04:44,950
need to open the whole list and copy all this controversy and push it in here.

58
00:04:45,190 --> 00:04:54,170
Because in the community we cannot import directory at the firewall and you can only add in a portion.

59
00:04:54,220 --> 00:05:00,210
So that's why you need to control and controversy here so that these are for the user names and countries

60
00:05:00,220 --> 00:05:02,230
to decide to look at this one.

61
00:05:02,230 --> 00:05:04,090
And you can see parser.

62
00:05:04,240 --> 00:05:09,880
So I know this, uh, password that is a parser admin password.

63
00:05:09,880 --> 00:05:10,510
Let me.

64
00:05:13,730 --> 00:05:19,300
Oh, yeah, I'm just starting the answer just to make sure that you get the correct answer of the past

65
00:05:19,340 --> 00:05:19,970
six years.

66
00:05:20,480 --> 00:05:25,040
So that's where I'd been brought up to.

67
00:05:26,170 --> 00:05:28,560
I know what you want to do is you need to click on the.

68
00:05:30,620 --> 00:05:31,640
OK, OK.

69
00:05:34,660 --> 00:05:37,840
Now, as you can see, some requests going on.

70
00:05:39,410 --> 00:05:46,340
So as you can see, the parent one and parent has been executed on all the combinations possible.

71
00:05:46,730 --> 00:05:50,630
You can see this one to transfer to another section of the default.

72
00:05:50,630 --> 00:05:51,620
One had been admin.

73
00:05:52,190 --> 00:05:58,160
And as you can see, the second one is admin password, which you got the rent for for it.

74
00:05:58,160 --> 00:06:05,110
But right now, if you click on this remaining one, the actual password is admin and the password.

75
00:06:05,330 --> 00:06:07,560
But for remaining are the request.

76
00:06:07,670 --> 00:06:10,290
It failed, but we got some responsibility.

77
00:06:10,320 --> 00:06:11,990
Take a look at this response.

78
00:06:12,440 --> 00:06:13,480
Is two hundred OK?

79
00:06:13,640 --> 00:06:14,960
And we got the error.

80
00:06:15,500 --> 00:06:20,510
That is login for you so you can see username and password.

81
00:06:21,080 --> 00:06:27,560
So if you think, uh, Rike are these items are failed because they have the same rate.

82
00:06:27,660 --> 00:06:35,450
So this particular page will be given to you whenever the user name or password is incorrect.

83
00:06:35,450 --> 00:06:35,690
Right.

84
00:06:36,260 --> 00:06:39,770
Because electronical and temp and all these are failures.

85
00:06:39,980 --> 00:06:44,780
And I get the same content because the original page is the same.

86
00:06:45,260 --> 00:06:51,770
So if you type anything admin and blah, blah, blah, and you get the same page and the rest of the

87
00:06:51,770 --> 00:06:59,900
page will be the same, it's for to what you can see, there is one response that has gotten different,

88
00:07:00,470 --> 00:07:10,460
because if we login, the details can generate because the routing page and the report are not the same

89
00:07:11,210 --> 00:07:12,560
we can see here.

90
00:07:14,500 --> 00:07:19,320
I used to work under the area, so that is our record.

91
00:07:19,570 --> 00:07:27,510
So it just you can directly get this, uh, Carter user and the password using different click on this

92
00:07:27,510 --> 00:07:33,720
line to sort it in increasing order and click on again to sort it in decreasing what you can see, the

93
00:07:34,050 --> 00:07:36,970
highest bite will be displayed first.

94
00:07:38,500 --> 00:07:41,830
So I hope you understood this one.

95
00:07:41,860 --> 00:07:43,550
Let me try it again and password.

96
00:07:46,710 --> 00:07:51,930
So as you can see, we are going to the possibility that it is different than previous error messages,

97
00:07:52,140 --> 00:07:53,270
that username and password.

98
00:07:53,640 --> 00:07:56,100
So this is how you use the intruder.

99
00:07:56,280 --> 00:08:03,870
You can also do the excusing action in place of these usernames, but we will see them in a very interesting

100
00:08:04,320 --> 00:08:04,820
section.

101
00:08:04,830 --> 00:08:05,890
No need to worry about that.

102
00:08:05,910 --> 00:08:09,060
This is the basic quality of intruder in any request.

103
00:08:10,230 --> 00:08:14,500
If you want to brute force any of this parameter, you can use intruder.

104
00:08:14,650 --> 00:08:21,050
All you need to do is first capture the request and then send it to intruder and then put the positions

105
00:08:21,110 --> 00:08:24,160
as you like and then set the payload and just started.

106
00:08:24,720 --> 00:08:29,430
So I recommend you use a cluster bomb if you are to build our sniper for one.

107
00:08:29,440 --> 00:08:32,110
PELOSO So that's about this video.

108
00:08:32,280 --> 00:08:33,630
I hope you have understood.