1
00:00:00,210 --> 00:00:02,070
Hello everybody and welcome back.

2
00:00:02,070 --> 00:00:09,330
And let's continue from where we previously finished which was the burps and good fortune but we want

3
00:00:09,330 --> 00:00:15,450
to do right now is use our own tool we not our own poo but a different tool that is already installed

4
00:00:15,450 --> 00:00:22,710
in clinics which is called Hydra so if you type your Hydra it will give you the different option you

5
00:00:22,710 --> 00:00:24,170
can use for this too.

6
00:00:24,240 --> 00:00:30,330
Now we will do the same attack with the same user list and same password list just in on the same page

7
00:00:30,390 --> 00:00:35,700
in order to show you that this will work much faster than the previous scan which took around 30 seconds

8
00:00:37,390 --> 00:00:46,280
so the syntax can be a little bit hard for this for this tool.

9
00:00:46,350 --> 00:00:52,240
I will show you why it can be a little bit problematic if you do not know what you are doing so I'll

10
00:00:52,260 --> 00:00:56,340
make sure to explain every part of the syntax.

11
00:00:56,340 --> 00:01:03,750
Now before we even type anything you can see the usage or the example right here which is rather simple

12
00:01:04,520 --> 00:01:06,990
than the one that we will use at the end.

13
00:01:06,990 --> 00:01:09,540
So we do not care about it at the moment.

14
00:01:09,570 --> 00:01:13,220
Let's just clear the screen and let's just open our burps.

15
00:01:13,980 --> 00:01:19,730
Now let us go to the proxy and turn our intercept on in order to check out the packet that we will get

16
00:01:19,740 --> 00:01:20,860
once we type here.

17
00:01:20,860 --> 00:01:23,380
Any user name and any password so just type your anything.

18
00:01:25,170 --> 00:01:34,070
And what we are interested in this packet is the path that it took on the website in order to log into

19
00:01:34,110 --> 00:01:35,220
this page.

20
00:01:35,220 --> 00:01:42,540
So what you want to do right here is copy this page right here or this path right here and so just copy

21
00:01:42,540 --> 00:01:43,490
it.

22
00:01:43,590 --> 00:01:46,860
Now the principle behind this attack is the same for any page.

23
00:01:46,860 --> 00:01:50,820
So basically you go onto the any page you have permission to test.

24
00:01:50,850 --> 00:01:56,670
And if you in turn your into set on bank type a bunch of random words you just want to copy the page

25
00:01:56,700 --> 00:02:04,170
itself in order to specify the correct path that you will brute force so once you call it that you want

26
00:02:04,170 --> 00:02:09,780
to go on to your first of all what you want to do is turn the intercept off.

27
00:02:10,080 --> 00:02:12,780
So it gives us from Goldman a wrong password.

28
00:02:12,930 --> 00:02:22,400
And what we want to go right here type here Hydra and then type the IP address of our virtual machine

29
00:02:23,180 --> 00:02:25,760
which is referring to as a host.

30
00:02:25,760 --> 00:02:34,300
Now the next thing that we need to type right here is this HDP minus post mark.

31
00:02:34,310 --> 00:02:38,080
Now what are the main minus four minus post.

32
00:02:38,450 --> 00:02:45,890
What this means is basically that it is a post type request and that we that post type request we are

33
00:02:45,890 --> 00:02:47,470
filling in the form.

34
00:02:47,570 --> 00:02:54,790
So this right here is called form and a request type that we are using to send the form is post request

35
00:02:54,890 --> 00:02:56,630
and it will always be POST request.

36
00:02:56,630 --> 00:03:05,010
You cannot send form with the get request so once you type here a shitty P minus form minus post it

37
00:03:05,040 --> 00:03:06,540
just adhere the

38
00:03:09,400 --> 00:03:12,180
path between these two.

39
00:03:12,180 --> 00:03:14,790
So just add path right here.

40
00:03:15,490 --> 00:03:22,870
And once you add pad you do not want to close it what you want to do is type here two dots.

41
00:03:22,870 --> 00:03:23,920
This is just the syntax.

42
00:03:23,920 --> 00:03:32,320
So once you type here two dots after the path which want to type here is user name and then this upper

43
00:03:32,320 --> 00:03:38,270
arrow sign apparently goes user name equals just imagine this.

44
00:03:38,290 --> 00:03:39,700
Maybe it would be easier.

45
00:03:39,720 --> 00:03:45,060
So two dots user name equals can this upper arrow and type here.

46
00:03:45,150 --> 00:03:54,340
Big user then once again upper arrow then this sign that we just find that this sign right here I'm

47
00:03:54,340 --> 00:04:06,060
not really sure how it is called on English but I that sign and after that type you pass w the equals.

48
00:04:06,200 --> 00:04:14,810
And then once again the upper arrow and then pass and another upper arrow and then once again the same

49
00:04:14,810 --> 00:04:15,290
side.

50
00:04:16,160 --> 00:04:28,130
And then type you submit equals submit and then two dots once again and then wrong user name or password

51
00:04:28,310 --> 00:04:38,010
dot and then close this all so what happened right here is basically first here we specify the host

52
00:04:38,130 --> 00:04:40,770
which is the appearance of our machine.

53
00:04:40,770 --> 00:04:45,870
Then we specify the type of request that we want to set which is we are filling in the form with the

54
00:04:45,870 --> 00:04:46,590
Post's request.

55
00:04:47,160 --> 00:04:53,630
And then we specify the path to the form which is this We copy that from the packet.

56
00:04:53,700 --> 00:04:57,530
Then after that comes the syntax which is separated with two dots.

57
00:04:57,550 --> 00:04:59,950
So two dots username equals.

58
00:04:59,980 --> 00:05:06,670
And now the Hydra syntax knows where to use the name means because it specified it between these two

59
00:05:06,670 --> 00:05:07,540
arrows.

60
00:05:07,540 --> 00:05:15,760
It will use all the usernames from our user to steal lists in order to put it between these two arrows

61
00:05:15,760 --> 00:05:19,180
every time it is a little bit hard syntax.

62
00:05:19,190 --> 00:05:22,390
So you will get used to it at the same time.

63
00:05:22,520 --> 00:05:29,510
The same is with the password which is separated with this sign from the username and password.

64
00:05:29,690 --> 00:05:35,240
In between these two arrows it will specify all of the passwords from our past to the external list.

65
00:05:35,240 --> 00:05:41,180
Now then you separate right here with the same sign as well and we type here.

66
00:05:41,180 --> 00:05:43,980
Submit equals submit and that's a myth.

67
00:05:44,000 --> 00:05:51,890
Is referring to this button right here which is basically submit so the button engaged to a male page

68
00:05:51,980 --> 00:05:53,060
is called submit.

69
00:05:53,180 --> 00:05:59,560
So with that here submit equal submit work just fine find right here.

70
00:05:59,560 --> 00:06:02,420
Why did it say it twice.

71
00:06:02,830 --> 00:06:03,550
Let me just.

72
00:06:03,630 --> 00:06:04,720
OK.

73
00:06:05,170 --> 00:06:06,520
Let me just clear the screen.

74
00:06:06,520 --> 00:06:10,090
Something happened on why that happened but it doesn't matter.

75
00:06:10,090 --> 00:06:14,940
So submit is referring to the button that we have to click in order to send our request.

76
00:06:15,220 --> 00:06:23,110
And with these two dots right here it is searching for the packet that doesn't have this string.

77
00:06:23,230 --> 00:06:27,110
It is the same principle as in the burbs suit just the syntax right.

78
00:06:27,110 --> 00:06:33,820
Here is a little bit harder since in burp suit everything was automated and we could do it easily here

79
00:06:33,850 --> 00:06:35,200
in the syntax.

80
00:06:35,200 --> 00:06:39,720
We need to specify after the button that we click but type of string.

81
00:06:39,730 --> 00:06:49,860
Are we not looking for in the packets so once you do that you just type here minus capital L and for

82
00:06:49,860 --> 00:06:54,960
the list and then just find the path to your using the text file.

83
00:06:55,140 --> 00:07:05,930
For me it is indeed directory and here they appear minus the peak for the passwords not to exceed.

84
00:07:05,980 --> 00:07:12,040
And once you type that you got the entire syntax written so near dark man written.

85
00:07:12,040 --> 00:07:18,790
So right now what you want to do is just type press enter and we can see that it started attacking and

86
00:07:18,850 --> 00:07:21,160
it should finish relatively fast.

87
00:07:21,160 --> 00:07:23,440
And as you can see right here it's already finished.

88
00:07:23,460 --> 00:07:28,630
And it found one valid user name and one valid password which is admin admin.

89
00:07:28,630 --> 00:07:30,580
And if we tried once again right here.

90
00:07:30,580 --> 00:07:33,190
So just type your admin admin.

91
00:07:33,220 --> 00:07:36,380
It will work again.

92
00:07:36,400 --> 00:07:40,930
So this is the syntax that we covered or the command that we covered.

93
00:07:40,930 --> 00:07:46,630
Now the prevention for this attack if you for example want to create your own web page is basically

94
00:07:46,630 --> 00:07:53,590
just block the user from trying to log in.

95
00:07:53,590 --> 00:07:56,890
After five failed attempts for example.

96
00:07:56,980 --> 00:08:03,700
Now this example this method of prevention the book first attack will basically make 90 percent of people

97
00:08:03,760 --> 00:08:09,430
quit after they notice that the website is blocking after a certain number of attempts.

98
00:08:09,430 --> 00:08:13,300
For example I believe the Instagram Twitter Facebook they all do that.

99
00:08:13,310 --> 00:08:21,790
But there are bypasses for that as well which is changing your IP address every time you finish brute

100
00:08:21,790 --> 00:08:22,330
forcing.

101
00:08:22,330 --> 00:08:24,410
For example my passwords.

102
00:08:24,460 --> 00:08:31,480
This more advanced thing and we will do it later on when we attack the social media's with our brute

103
00:08:31,480 --> 00:08:32,410
force.

104
00:08:32,440 --> 00:08:36,450
So that's about it for this lecture in the next one.

105
00:08:36,460 --> 00:08:40,580
Will cover some of the other attacks on our OS political machine.

106
00:08:41,320 --> 00:08:44,410
And until then I hope you have a great day and take a.