1
00:00:00,690 --> 00:00:03,880
Now let's translate this into our example.

2
00:00:03,880 --> 00:00:08,020
So in our example we're going to be targeting dimittis floatable machine.

3
00:00:08,020 --> 00:00:13,330
So our web server is going to be dimittis portable machine and we're not going to be using a DNS server

4
00:00:13,450 --> 00:00:18,670
so we're not going to be using a name like Facebook dotcom will be accessing the Web site directly use

5
00:00:18,670 --> 00:00:20,080
an IP address.

6
00:00:20,080 --> 00:00:25,960
So like we said before if we just go here to our portable machine I type in ifconfig you'll see that

7
00:00:25,960 --> 00:00:29,180
my IP is 10 20 14 to 14.

8
00:00:29,380 --> 00:00:38,080
And if I go here to my to upload it to my tally machine you'll see that if I type in 10 20 14 to 14

9
00:00:39,480 --> 00:00:42,150
you'll see that I can access my portable machine.

10
00:00:42,180 --> 00:00:51,270
So the web server here is dimittis Teutul machine itself the web applications are limited the page my

11
00:00:51,270 --> 00:00:53,100
admin DVD.

12
00:00:53,370 --> 00:00:59,070
And all of these so these are why applications and when you click on them you can see for example here

13
00:00:59,250 --> 00:01:00,700
it's written in BHB.

14
00:01:00,810 --> 00:01:03,540
So it's written in this programming language.

15
00:01:03,630 --> 00:01:08,750
It's also using a wide scale server which can be accessed through ph my Oddment.

16
00:01:08,760 --> 00:01:15,510
So these are just technologies used on the web server but the web server itself is the meat asteroidal

17
00:01:15,690 --> 00:01:17,820
machine here.

18
00:01:17,840 --> 00:01:23,900
So when you put the IP address when you put 10:24 into 14 we're actually accessing the floatable machine

19
00:01:24,200 --> 00:01:30,700
and inside dimittis voidable machine we have technologies we have interpretor that's run in PH.

20
00:01:30,830 --> 00:01:33,090
We have a web server and a database.

21
00:01:33,230 --> 00:01:37,660
And these are running the Web Application for us which is Matile today DVD.

22
00:01:37,700 --> 00:01:45,060
And all of them so when these components leave us to no one how we can hack a website so there is more

23
00:01:45,060 --> 00:01:50,330
than one thing that we can exploit to gain control over a website.

24
00:01:50,350 --> 00:01:54,700
Now the main thing the obvious things that you think of is the web applications.

25
00:01:54,710 --> 00:01:56,930
So it's the thing that you always interact with.

26
00:01:56,930 --> 00:02:02,460
For example in Facebook it's where you search for stuff and where you upload pictures where you write

27
00:02:02,460 --> 00:02:03,110
posts.

28
00:02:03,180 --> 00:02:07,920
All of these things are handled by the web application because it's the thing that you click the thing

29
00:02:07,920 --> 00:02:09,300
that you interact with.

30
00:02:09,300 --> 00:02:15,770
So for example if I go here on Matile day and I start browsing the web page this is my web application

31
00:02:15,780 --> 00:02:22,650
so every time I click on something it's being handled and executed by the web application on the web

32
00:02:22,650 --> 00:02:23,320
server.

33
00:02:23,610 --> 00:02:29,640
So if I could exploit this web application in some way if I could gain access to it if I could connect

34
00:02:29,640 --> 00:02:34,920
to the database because obviously this web application connects to the database then I'll be able to

35
00:02:34,920 --> 00:02:41,550
maybe gain control over the Web site and maybe even gain access to the web server and then get access

36
00:02:41,550 --> 00:02:43,260
to other web sites on the same server.

37
00:02:43,260 --> 00:02:46,110
We'll talk about all of that later in the course.

38
00:02:47,070 --> 00:02:52,560
The other way of gaining access to Web sites is using the computer itself.

39
00:02:52,560 --> 00:02:57,630
So let's say you claim your target was the VW 8 and you couldn't get in.

40
00:02:57,630 --> 00:03:00,870
You couldn't find an exploit in the web application itself.

41
00:03:00,900 --> 00:03:05,720
You tried everything you tried all the explosives will go to talk about and you just couldn't get in.

42
00:03:05,760 --> 00:03:11,430
Then your other option would be to exploit the programs installed on that computer because we said our

43
00:03:11,430 --> 00:03:17,090
web server or the Web site is installed on a normal computer just like your home computer.

44
00:03:17,110 --> 00:03:22,390
So if you couldn't get in use and do web applications what if there is one of the programs installed

45
00:03:22,390 --> 00:03:24,680
on the web computer on the computer itself.

46
00:03:24,720 --> 00:03:29,570
How does an exploit has a buffer overflow or remote execution exploit.

47
00:03:29,650 --> 00:03:35,020
What if the web server itself or the database program the program that's running the database itself

48
00:03:35,320 --> 00:03:41,290
had a remote root exploit that allows you to just gain access to the whole web server including all

49
00:03:41,290 --> 00:03:42,600
the Web sites inside it.

50
00:03:42,670 --> 00:03:48,250
So this will be really cool if you could get it if you couldn't find anything wrong with the applications

51
00:03:48,250 --> 00:03:52,100
installed on the web server on the operating system.

52
00:03:52,180 --> 00:03:56,800
Then you could target the humans because we know Web sites are managed by humans.

53
00:03:56,800 --> 00:04:02,260
For example Facebook you can't target mark or you can target the admins of Facebook for example.

54
00:04:02,260 --> 00:04:06,360
These admins obviously have more privileges on that website than new.

55
00:04:06,490 --> 00:04:12,220
And then they might be able to upload sensitive files to that Web site and then you can control it and

56
00:04:12,220 --> 00:04:14,830
Hockett by hacking into one of those people.

57
00:04:14,830 --> 00:04:19,870
So instead of maybe the Web site is very secure and the server is very secure and there is no way that

58
00:04:19,870 --> 00:04:25,540
you can get in but you can always exploit the humans using social engineering attacks and client side

59
00:04:25,540 --> 00:04:30,870
attacks to gain control or hack one of the people that manage that Target Web site and then maybe gain

60
00:04:30,940 --> 00:04:31,810
access to it.

61
00:04:33,640 --> 00:04:38,740
Now this course will be concerned with the web application penetration testing that's concerned with

62
00:04:38,740 --> 00:04:40,870
the first step with the first approach.

63
00:04:40,870 --> 00:04:46,870
So we're going to learn how to discover and exploit a large number of vulnerabilities that can be fine

64
00:04:46,960 --> 00:04:49,440
found in the web application itself.

65
00:04:49,450 --> 00:04:54,640
We're not going to be talking about server side attacks so the attacks that exploit the operating system

66
00:04:54,700 --> 00:04:59,680
and the applications installed on the operating system itself of the web server and we're not going

67
00:04:59,680 --> 00:05:05,620
to be talking about the client side attacks about attacking humans and how can their accounts and then

68
00:05:05,620 --> 00:05:07,160
gain access to the Web site.

69
00:05:07,450 --> 00:05:13,160
All of these these two the last two sections are actually covered into my general ethical hacking course

70
00:05:13,160 --> 00:05:18,700
so I have of course called them an ethical hacking from scratch work which covers those two aspects.

71
00:05:18,700 --> 00:05:24,140
Therefore in this course we're going to be focusing on the web application penetration testing sites

72
00:05:24,140 --> 00:05:29,480
so on how can the websites based on the web applications installed on that Web site.