1
00:00:12,800 --> 00:00:17,810
Hey, guys, welcome back to another episode on How to Hack, and today we'll be discussing about server

2
00:00:17,810 --> 00:00:19,220
site request forgery.

3
00:00:19,580 --> 00:00:21,010
And once again, we're back to Web.

4
00:00:21,340 --> 00:00:28,290
SWEPCO is a vulnerable Web application platform for us to do all of a Web application penetration testing

5
00:00:28,290 --> 00:00:28,460
on.

6
00:00:28,890 --> 00:00:31,790
And in this case, we have a server site request forgery.

7
00:00:32,090 --> 00:00:38,990
So this is the part where a hacker can abuse functionalities in a service by manipulating and changing

8
00:00:38,990 --> 00:00:43,670
configurations, accessing internal resources and so on.

9
00:00:43,700 --> 00:00:46,580
So this is what we call a server site request forgery.

10
00:00:47,000 --> 00:00:53,810
And a lot of these attacks can come from unsanitized user input, directly inputting and changing sort

11
00:00:53,810 --> 00:00:56,610
of data that is being submitted to the user L..

12
00:00:56,850 --> 00:00:57,040
All right.

13
00:00:57,120 --> 00:01:04,070
So all these ways are able to let the hackers gain, control the server and run site instructions without

14
00:01:04,070 --> 00:01:05,090
altering successes.

15
00:01:05,160 --> 00:01:08,590
OK, so here on lesson number two, we have an example.

16
00:01:09,080 --> 00:01:14,900
So if I click on Steal the Cheese, I see over here, I change the channel, the display, Jerry.

17
00:01:14,900 --> 00:01:18,750
And it is this case, of course, is states you feel just due to cheese.

18
00:01:19,040 --> 00:01:22,900
So what we need to do now is actually to go ahead and start up berp.

19
00:01:22,910 --> 00:01:23,270
Sweet.

20
00:01:23,450 --> 00:01:27,740
So let me go ahead and sort of sweet, OK, sweet over here.

21
00:01:28,010 --> 00:01:30,290
And it will begin running burps environment.

22
00:01:30,470 --> 00:01:35,520
So I'll go ahead and click on Temporary Project, click next and click on Start Burp.

23
00:01:35,870 --> 00:01:39,440
OK, so once you do so you have burps sweet running.

24
00:01:39,560 --> 00:01:44,060
OK then we can go on 30 proxy tap and we can click and able.

25
00:01:44,490 --> 00:01:50,970
So in this case I'm going to change the you bind to port as one, two, three, four, four, eight.

26
00:01:51,110 --> 00:01:52,600
OK, click OK on that.

27
00:01:53,480 --> 00:02:00,350
So you have now your proxy intercept is on and I can go on dirty web browser again or so ago, the top

28
00:02:00,350 --> 00:02:04,940
right corner of your browser, click under menu and click on preferences.

29
00:02:05,300 --> 00:02:10,370
So once you're on preferences, scroll all the way down, scroll all the way down and you can click

30
00:02:10,370 --> 00:02:12,380
onto net work settings.

31
00:02:12,410 --> 00:02:18,860
So once you click on the network settings, so like manl proxy configuration and in my case one two

32
00:02:18,860 --> 00:02:23,180
seven zero zero one followed by Port eight eight eight eight.

33
00:02:23,210 --> 00:02:29,870
So this will allow Berp Suite to help intercept and look at all this data is being sent to and fro between

34
00:02:29,870 --> 00:02:31,660
a server and a browser.

35
00:02:31,670 --> 00:02:34,010
So go and click OK on that and begin.

36
00:02:34,370 --> 00:02:39,200
We're beginning to see all this data traffic coming in and out between the browser and the information.

37
00:02:39,230 --> 00:02:45,680
OK, so going back to the website, I can go and click on Stylesheets now go back to Bourbon Street

38
00:02:45,710 --> 00:02:50,030
and I'm going to drop this particular get I'll write a second one.

39
00:02:50,510 --> 00:02:52,840
And over here, this is the one that we're looking at.

40
00:02:53,210 --> 00:02:58,520
So in this case, right, we can look at the post, we can look at the host, we can look at the user

41
00:02:58,520 --> 00:03:00,920
agent data, the descent into the Web browser.

42
00:03:01,190 --> 00:03:07,600
So you can also do certain user agent manipulation, whether we may cover in subsequent Torosaurus.

43
00:03:08,090 --> 00:03:11,650
And then you have the sub language, you have the encoding and so on.

44
00:03:11,690 --> 00:03:11,900
All right.

45
00:03:11,940 --> 00:03:14,300
In case we have the J session ID.

46
00:03:14,720 --> 00:03:16,340
So we did a tutorial on that already.

47
00:03:16,670 --> 00:03:18,710
And if all these different kookie information.

48
00:03:19,400 --> 00:03:25,060
So over here, what's really interesting is that you are L or as part of the post and we have Tom Dot,

49
00:03:25,100 --> 00:03:32,300
PMG, Tom, and of course going back to the browser, going back to the website, he's changed a URL

50
00:03:32,630 --> 00:03:34,220
to display Jerry.

51
00:03:34,550 --> 00:03:40,280
So in case going back to suite, we can actually just change Tom to Jerry.

52
00:03:40,430 --> 00:03:40,840
All right.

53
00:03:41,180 --> 00:03:48,320
So based on the changes due to your URL, I can go in and click on forward, so click on Follow It on

54
00:03:48,320 --> 00:03:54,080
Bourbon Street and going back to the browser, it says you rock the RF.

55
00:03:54,130 --> 00:03:54,340
All right.

56
00:03:54,380 --> 00:03:56,120
So we manage to change.

57
00:03:56,120 --> 00:03:58,830
Do you are able to display a different image?

58
00:03:58,880 --> 00:04:04,940
Okay, so we were able to capture the data that was supposed to be post the Web server that would give

59
00:04:04,940 --> 00:04:06,170
us a return of result.

60
00:04:06,410 --> 00:04:12,050
And in this case, we manipulated data and now we were able to see all of the information inside the

61
00:04:12,050 --> 00:04:21,170
system so we could also try looking up certain other kind of images, oter kind of tax false documents

62
00:04:21,590 --> 00:04:24,170
and be able to post them straight into the Web server.

63
00:04:24,200 --> 00:04:24,390
All right.

64
00:04:24,410 --> 00:04:27,290
So that's the whole idea of service site request forgery.

65
00:04:27,740 --> 00:04:27,930
All right.

66
00:04:27,950 --> 00:04:36,240
So going to question number three is the following change to your URL to display the interface configuration

67
00:04:36,300 --> 00:04:37,700
with Iev config.

68
00:04:38,240 --> 00:04:40,160
So if you click on Run, I have config.

69
00:04:40,280 --> 00:04:40,560
All right.

70
00:04:40,610 --> 00:04:43,310
So I can go back here, I can drop all this lesson.

71
00:04:43,350 --> 00:04:50,240
So all this assen all the time into the Web application system to ensure that we have the lesson, overview

72
00:04:50,240 --> 00:04:50,780
and Manel.

73
00:04:51,710 --> 00:04:53,750
So quite a lot of them has been sent over already.

74
00:04:54,030 --> 00:04:54,430
OK.

75
00:04:57,350 --> 00:05:03,250
So I think I could go in and drop all of them and all I got to do is to just go ahead, go back to the

76
00:05:03,250 --> 00:05:04,110
cyclone change.

77
00:05:04,120 --> 00:05:06,040
I've to go back to sweet.

78
00:05:06,650 --> 00:05:12,820
OK, so here we have the following post Web Goat SRF task, too.

79
00:05:13,600 --> 00:05:16,240
And right at the bottom, we have to Eurail once again.

80
00:05:16,250 --> 00:05:16,390
Right.

81
00:05:16,400 --> 00:05:20,210
So if Imagists percent to catnapping.

82
00:05:20,530 --> 00:05:20,800
All right.

83
00:05:20,800 --> 00:05:27,070
So if you go and go in for this right now, we can drop the rest and we can go on a web.

84
00:05:27,070 --> 00:05:30,560
Godin's shows us an image of the cat.

85
00:05:31,270 --> 00:05:34,430
So in this case, we're going to change it to interface configuration.

86
00:05:34,430 --> 00:05:35,980
And I have conflict pro.

87
00:05:36,550 --> 00:05:41,360
So I'm going to drop all this information now and I'm going to go back to Web, go click on the command.

88
00:05:41,830 --> 00:05:42,280
All right.

89
00:05:42,580 --> 00:05:43,630
Go back to Sweet.

90
00:05:44,750 --> 00:05:51,920
OK, and we have to task, too, so all I got to do is just change days to TPE, all right, followed

91
00:05:51,920 --> 00:06:00,290
by the two dots double slash, followed by I-F config probe and see what we get as a result of it.

92
00:06:00,330 --> 00:06:01,610
Cluett and click forward.

93
00:06:02,770 --> 00:06:09,220
And we can go on the Web, go to gain indices over here, rock the SRF and we can see all the details

94
00:06:09,220 --> 00:06:09,430
here.

95
00:06:10,800 --> 00:06:16,290
All right, we have to force information and so on and so forth, so all this different data has been

96
00:06:16,290 --> 00:06:16,830
pulled in.

97
00:06:17,310 --> 00:06:22,050
And of course, if we go to the final lesson, right, so it's very important for us to be able to not

98
00:06:22,050 --> 00:06:26,790
just prevent cross site request forgery, but also in terms of service request forgery.

99
00:06:27,090 --> 00:06:34,320
What hackers could be using your system, your platform as a launch pad to run all this cyber attacks

100
00:06:34,320 --> 00:06:40,920
against all the devices or even against internal network devices, which could be a database system,

101
00:06:40,950 --> 00:06:44,430
which could be another computer and other network switch router.

102
00:06:44,430 --> 00:06:45,390
And the list goes on.

103
00:06:45,570 --> 00:06:45,840
All right.

104
00:06:45,840 --> 00:06:50,980
So once again, I hope you've learned something valuable in today's tutorial and you have any questions.

105
00:06:50,980 --> 00:06:52,200
Feel free to leave a comment below.

106
00:06:52,650 --> 00:06:57,000
Try my best to answer any of your queries and will share subscribe the channel so that you can be kept

107
00:06:57,000 --> 00:06:59,700
abreast of the latest cyber security to target.

108
00:06:59,730 --> 00:07:01,500
Thank you so much once again for watching.