1
00:00:01,680 --> 00:00:08,060
So in this video, we'll be seeing how to take advantage of a example are perceived at BHP.

2
00:00:08,770 --> 00:00:14,250
OK, let's go to our website, that is we haven't shot in the world press.

3
00:00:15,900 --> 00:00:18,900
So this is our basic WordPress blog.

4
00:00:19,650 --> 00:00:29,790
Now, if you go to our piece that BHP and you'll see a similar server accepts post requests only, OK,

5
00:00:29,860 --> 00:00:33,170
I would expect a similar P.C. in brief.

6
00:00:33,600 --> 00:00:36,010
So these are pretty stands for remote places.

7
00:00:36,570 --> 00:00:40,050
So that means the server hosted some methods.

8
00:00:40,560 --> 00:00:44,620
You can run the methods and you can get the information.

9
00:00:45,540 --> 00:00:49,510
So, uh, what is the circle?

10
00:00:49,740 --> 00:00:56,430
So XML RPG stands for, uh, we need to craft a request in the form of XML data.

11
00:00:57,000 --> 00:01:01,430
So a summary similar to but, uh, we can create our own tags.

12
00:01:02,220 --> 00:01:05,380
So this example is used for transport purposes.

13
00:01:05,820 --> 00:01:11,760
So in order to transfer from one application to another application, XML can be used.

14
00:01:13,050 --> 00:01:21,240
So these tasks are different and XML, Passover, RFID tags and we extract the data and this XML are

15
00:01:21,240 --> 00:01:21,740
busy.

16
00:01:21,750 --> 00:01:27,170
We need to craft XML request that I should call it.

17
00:01:27,180 --> 00:01:28,920
The methods in this are busy.

18
00:01:29,070 --> 00:01:37,380
So those are some methods like 100 or 200 methods and you can call them using this request.

19
00:01:38,970 --> 00:01:42,870
OK, if you go to the buppie, uh, admin.

20
00:01:48,200 --> 00:01:52,880
So this is my login page admin and some password, blah, blah, blah.

21
00:01:54,140 --> 00:01:58,620
So now you can see the password entries for the user name is incorrect.

22
00:01:59,390 --> 00:02:04,280
Uh, that means, um, we can try another time and again.

23
00:02:04,700 --> 00:02:10,310
So we have an incorrect, uh, in sometimes a WordPress, uh, have some bronchus.

24
00:02:10,580 --> 00:02:15,480
I have only three are few limits, uh, position.

25
00:02:15,800 --> 00:02:25,760
So after like three attempts to uh then if you attempt the password from this, uh, server for September.

26
00:02:26,570 --> 00:02:34,970
So that's, uh, what you can do is, uh, we can if, uh, you can see this easy and you can try to

27
00:02:34,970 --> 00:02:37,930
fix all the methods available on the server.

28
00:02:38,210 --> 00:02:39,440
So let's, uh.

29
00:02:42,730 --> 00:02:52,210
That they have this machine one, not two, and let's, uh, go to the that similar pretty paid.

30
00:02:55,950 --> 00:03:03,880
Eight zero eight zero one press example are pieces that BHP so it's this, uh, policy question.

31
00:03:04,500 --> 00:03:06,180
So order to modify the request.

32
00:03:06,180 --> 00:03:13,970
We need to set the proxy on, make sure the Bapi set and the first page.

33
00:03:14,610 --> 00:03:21,240
Now you can click on Central Pillar and turn this off so changes get pushed.

34
00:03:23,180 --> 00:03:31,520
And pushed up in the bush and you can see parts that are not very fun because we did not send any data.

35
00:03:31,560 --> 00:03:32,910
No, we need to send the data.

36
00:03:33,710 --> 00:03:35,150
So we to take some.

37
00:03:43,910 --> 00:03:48,620
Version one and gaudiness, you would be afraid.

38
00:03:51,410 --> 00:03:58,770
So this is similar to this starting right, and then we need to set up my third my third call.

39
00:04:00,470 --> 00:04:06,320
So for every opening attack, there will be ending that matter.

40
00:04:06,560 --> 00:04:15,070
So in this, we need to define the method name, which method you want to actually call my third name.

41
00:04:15,650 --> 00:04:20,930
So I call this one the name.

42
00:04:21,170 --> 00:04:27,450
And then what you need to do is you need to set the method so that all the methods available on a system

43
00:04:27,450 --> 00:04:30,100
in the system, not just the methods.

44
00:04:30,500 --> 00:04:32,150
So we need to set the parameters.

45
00:04:32,150 --> 00:04:36,680
The parameters are empty for this method and you can just set this up.

46
00:04:39,110 --> 00:04:46,250
So this should be fine motor car, the naming system method and then in does not send the request.

47
00:04:48,530 --> 00:04:51,290
Passerelle page, far from.

48
00:04:58,170 --> 00:05:00,450
Let me see whether the syntax error.

49
00:05:03,630 --> 00:05:04,920
But you have to this.

50
00:05:35,220 --> 00:05:39,090
OK, there is some spelling mistake here, I'm sorry for that.

51
00:05:43,350 --> 00:05:48,460
So now you can see we got all the metal and multicar.

52
00:05:48,480 --> 00:05:49,690
Well, that's true.

53
00:05:50,130 --> 00:05:55,170
I would allow you to run multiple methods in one request and.

54
00:05:56,310 --> 00:06:04,580
So if you got this, I'll put a stating that these methods are then only you need to proceed to further

55
00:06:05,400 --> 00:06:06,340
know what I can do.

56
00:06:06,550 --> 00:06:09,040
I can send them all back.

57
00:06:11,430 --> 00:06:16,250
So let me copy this one and I can say, no Democrats here.

58
00:06:17,260 --> 00:06:17,480
Hello.

59
00:06:17,760 --> 00:06:22,480
I'm calling that function and I'll send this and you'll get the return trip.

60
00:06:23,970 --> 00:06:28,370
So now we have to start and we can take advantage of these methods.

61
00:06:29,280 --> 00:06:36,540
And one thing is, uh, you can, uh, the denial-of-service on the server, so.

62
00:06:36,540 --> 00:06:38,700
But I don't encourage you to do this.

63
00:06:39,450 --> 00:06:42,150
Um, being back, not being.

64
00:06:48,210 --> 00:06:55,800
So ping, ping back, that ping requires, uh, two parameters, so inside the parameters we need to

65
00:06:55,800 --> 00:07:05,920
declare as spectrum one parameter and it's, uh, where you use of string.

66
00:07:05,940 --> 00:07:06,240
Right.

67
00:07:08,340 --> 00:07:10,890
So we need to send, uh.

68
00:07:11,270 --> 00:07:16,950
OK, so let me create a temporary hook.

69
00:07:19,810 --> 00:07:25,360
So that said, it creates a temporary end point to receive any requests.

70
00:07:29,310 --> 00:07:39,540
So this no paste here, after posting this, cross the string and then value.

71
00:07:40,650 --> 00:07:42,270
So this is one parameter.

72
00:07:42,330 --> 00:07:46,420
OK, let's copy the whole parameter here and paste here.

73
00:07:46,470 --> 00:07:56,370
You know, to send the second parameter as a normal blog, request something a link to a normal blog.

74
00:08:06,790 --> 00:08:16,270
So if you send this one so you can see some far zero for string and let's go to the book, and we did

75
00:08:16,270 --> 00:08:24,030
not see any request here because my application was not allowed to access 2012.

76
00:08:24,430 --> 00:08:32,640
But if you try on the normal server, it will send the request to this lab and other piece.

77
00:08:33,190 --> 00:08:35,650
You can change the, uh.

78
00:08:37,540 --> 00:08:38,470
Content.

79
00:08:41,740 --> 00:08:42,790
Content type.

80
00:08:45,740 --> 00:08:50,090
Content babies, uh, ritzier, that is texta.

81
00:08:50,630 --> 00:08:53,780
So that's why maybe sort of try again.

82
00:08:57,440 --> 00:09:05,000
So there is no recourse here because my sister was not allowed to connect to the outside network, so

83
00:09:05,000 --> 00:09:11,910
I'm pretty sure if you try your normal server, it should get a ping back from this server to this level.

84
00:09:12,290 --> 00:09:13,910
So I'm just quoting this.

85
00:09:14,270 --> 00:09:15,440
So this is only the more.

86
00:09:15,440 --> 00:09:19,670
And Plissken performing Internet service on the server.

87
00:09:22,800 --> 00:09:26,220
OK, now what we can do is we can.

88
00:09:28,760 --> 00:09:33,260
So, again, system that my thoughts.

89
00:09:35,110 --> 00:09:44,320
So let's cut this one, cut these parameters and let's end this, so now these are our values.

90
00:09:45,290 --> 00:09:54,170
That's one important method that exactly takes username and password as a parameter, since you don't

91
00:09:54,190 --> 00:09:55,210
get your.

92
00:09:56,020 --> 00:10:00,160
You can also, uh, pretty soon get push.

93
00:10:00,550 --> 00:10:01,510
Get that.

94
00:10:01,540 --> 00:10:08,230
So the method starting with that are called letters and the method starting with the set targets letters.

95
00:10:08,680 --> 00:10:11,110
So you can try and other method here.

96
00:10:11,650 --> 00:10:18,850
So you need to pass the parameter so that the p dot get.

97
00:10:21,620 --> 00:10:24,380
Not get users whelks.

98
00:10:28,790 --> 00:10:33,860
Users box and the parameters beyond the party's parameters.

99
00:10:33,890 --> 00:10:42,120
Those are, uh, username and password, it's admin and the password is going to be WordPress.

100
00:10:42,140 --> 00:10:43,220
So let's try this.

101
00:10:43,860 --> 00:10:48,140
But I'm Parum sperm value string where you, Pam?

102
00:10:48,650 --> 00:10:52,250
I think they should go below that.

103
00:10:52,250 --> 00:10:56,330
Send the request and you can see your incorrect username and password.

104
00:10:56,840 --> 00:11:05,480
Now, let me change this WordPress to admit and admit that the correct credentials and you can see we

105
00:11:05,480 --> 00:11:12,710
got some, uh, other than incorrect username and password, you got the easy admin.

106
00:11:12,860 --> 00:11:21,170
The value boolean is true and the order and you can see the title takes your name and the string.

107
00:11:21,380 --> 00:11:21,950
I tried.

108
00:11:22,280 --> 00:11:23,560
This is a criminal procedure.

109
00:11:23,960 --> 00:11:29,510
So that means you can, uh, put the placeholders here and you can for this one.

110
00:11:30,410 --> 00:11:37,290
So let me say, I mean, uh, bu and you can see in character is the name or password so you can send

111
00:11:37,290 --> 00:11:38,630
this to improve the.

112
00:11:42,730 --> 00:11:48,070
And clear our placeholders and put the over here and click on it.

113
00:11:48,190 --> 00:11:50,390
And now let's add a few pillows.

114
00:11:50,860 --> 00:11:52,690
It's a WordPress.

115
00:11:52,690 --> 00:12:03,440
I've been to admin three admin and then it's a WP admin password, password, one, two, three, and

116
00:12:03,460 --> 00:12:04,050
hit enter.

117
00:12:04,600 --> 00:12:06,000
Now, let's start there.

118
00:12:06,020 --> 00:12:06,310
Attack.

119
00:12:09,220 --> 00:12:14,320
So the two parties, four, not three, and you can see four.

120
00:12:14,960 --> 00:12:21,130
You can also do the and you can see the 200 status edman in the Capuzzo.

121
00:12:24,410 --> 00:12:31,040
So why do we need to put 467000 pissy when you have the login page so that maybe your important question,

122
00:12:31,760 --> 00:12:40,780
because the WordPress Web site can prevent you from setting a number of requests if you prefer for again,

123
00:12:40,830 --> 00:12:43,940
because then after that, it keeps you Brocki.

124
00:12:43,970 --> 00:12:51,830
So that's why it will be very painful when dealing with the, uh, when there is a limit to for sending

125
00:12:51,830 --> 00:12:56,170
the request so that we can use this examiner.

126
00:12:56,570 --> 00:12:58,580
So there will be no time limit for this.

127
00:12:58,590 --> 00:13:00,080
So there is no limit for this.

128
00:13:00,470 --> 00:13:06,820
You can just send them, uh, like five strings at the same time in one request.

129
00:13:07,750 --> 00:13:08,100
OK.

130
00:13:08,180 --> 00:13:12,020
Since this conversation, uh, we have only one threat.

131
00:13:12,950 --> 00:13:13,280
Right.

132
00:13:13,390 --> 00:13:20,060
So what we're going to do is we are going to write the simple Python script.

133
00:13:20,930 --> 00:13:23,750
So let's import our request module.

134
00:13:27,350 --> 00:13:33,530
So what we're going to send let's, uh, put the you are here.

135
00:13:43,550 --> 00:13:47,040
So this is the water and like some other data.

136
00:13:47,930 --> 00:13:54,880
So what is the maximum you can use that three quotations to denote the Multiple-entry?

137
00:13:55,940 --> 00:14:02,440
And you can just simply copy this one, copy this and paste here.

138
00:14:03,320 --> 00:14:08,690
I think Rick Mirabeau, the space newlines.

139
00:14:13,590 --> 00:14:16,190
She made sure these are these, uh.

140
00:14:19,200 --> 00:14:27,250
Eggs are quoted correctly and unable to properly even one mistake can, uh, you get the error.

141
00:14:28,230 --> 00:14:36,390
So we need to put this one place, the order here and we can say password's.

142
00:14:38,310 --> 00:14:42,560
And for now, I'm going to use a few passwords.

143
00:14:43,810 --> 00:14:51,240
Normally you can download a record accurately and you can place this in windows and then you can open

144
00:14:51,240 --> 00:14:59,400
the file as a file handler and you can put every time in a loop here so that you can also do that.

145
00:15:03,080 --> 00:15:04,480
So that's what piece.

146
00:15:06,980 --> 00:15:20,120
Admin, too, and the current one is the admin and then it's the admin and it's add another value password.

147
00:15:20,300 --> 00:15:22,380
One, two, three, one, two, three.

148
00:15:23,450 --> 00:15:30,820
So, OK, this is our second request that post staff you order.

149
00:15:31,040 --> 00:15:41,240
So what you need to post this data that I use our XML data available to use XML data and printout for

150
00:15:41,240 --> 00:15:41,560
that.

151
00:15:43,970 --> 00:15:46,550
Oh, OK, let's move this one.

152
00:15:49,080 --> 00:15:54,450
Who Deb and Ferritin Password's.

153
00:15:57,210 --> 00:16:06,840
So I even tried to do that every element of possible list and here that's, uh, not far Microfit.

154
00:16:09,890 --> 00:16:11,430
So they should be.

155
00:16:15,020 --> 00:16:16,760
So let me go and run this.

156
00:16:32,240 --> 00:16:38,090
So Peyton will press a similar policy is the filename and no to.

157
00:16:42,950 --> 00:16:50,760
So now you can see the first one is in Gutta, second one is incorrect and third one is correct.

158
00:16:50,990 --> 00:17:00,440
What is the third one that is adamant so you can filter through the responses so the normal error contains

159
00:17:00,530 --> 00:17:01,140
incorrect.

160
00:17:01,760 --> 00:17:03,890
OK, so that's common this.

161
00:17:04,580 --> 00:17:06,320
If not.

162
00:17:10,220 --> 00:17:22,280
In correct in order xD So bring to the valley of the password password found.

163
00:17:24,020 --> 00:17:25,430
Not for Mackoff, right?

164
00:17:26,210 --> 00:17:30,450
And then we can sit back because we already got the password.

165
00:17:31,550 --> 00:17:37,910
So let me it later run this again, create the screen and run this.

166
00:17:41,040 --> 00:17:46,860
So you're not get any help because we have comment at this time and we can see a password from Edmond,

167
00:17:47,730 --> 00:17:53,950
so you can see this Python script is definitely faster than community if we are professional.

168
00:17:54,540 --> 00:18:00,050
I recommend you to go for it because, uh, it may be faster than normal python.

169
00:18:00,810 --> 00:18:07,380
So that's what this video, this video we have seen how to brute force the username and password.

170
00:18:08,130 --> 00:18:11,310
Uh, you are busy.

171
00:18:12,060 --> 00:18:18,900
So indiscernible we can do the dangerous service and you can also go for the usernames and passwords

172
00:18:19,720 --> 00:18:21,990
without any, uh, limit.