1
00:00:07,830 --> 00:00:13,590
OK, so now we're going to get into the Web application, security penetration testing piece, this

2
00:00:13,590 --> 00:00:15,000
is going to be five guys.

3
00:00:15,210 --> 00:00:17,590
The first I just want to show you some motivation for this.

4
00:00:17,880 --> 00:00:24,480
So if you go to hacker one dot com, you can get a list of vulnerabilities that were previously disclosed

5
00:00:24,480 --> 00:00:26,070
to legit companies.

6
00:00:26,360 --> 00:00:26,560
Right.

7
00:00:26,630 --> 00:00:33,150
So if we go to Y hacker, one of the go to activity right here, you click that it takes you here and

8
00:00:33,150 --> 00:00:36,870
you can see the bug types, for example, the company.

9
00:00:37,260 --> 00:00:42,630
How much money has been paid in bounties over the last nine days and then the amount that was given

10
00:00:42,630 --> 00:00:43,710
to this particular researcher.

11
00:00:44,730 --> 00:00:47,870
So access open redirects, right?

12
00:00:47,880 --> 00:00:52,590
If you just go through this list, you can see you can make a good bit of money.

13
00:00:53,990 --> 00:00:54,800
With bounty.

14
00:00:56,010 --> 00:01:00,390
And this list goes on and on, you know, I encourage you to actually go through here and you can read

15
00:01:00,390 --> 00:01:02,610
some of these reports, the ones that have full disclosure.

16
00:01:03,570 --> 00:01:09,360
Meaning the titles linkable, you can click it and get details, technical details on exactly how the

17
00:01:09,360 --> 00:01:10,230
bug was exploited.

18
00:01:14,340 --> 00:01:18,780
Like, for example, look at this one, that's crazy, right, but what I want to do is show you how

19
00:01:18,870 --> 00:01:22,460
we can set up this lab in our cyber range and truly get the hands on practice.

20
00:01:22,470 --> 00:01:23,520
We need to succeed.

21
00:01:24,480 --> 00:01:30,480
So if we go to a wasp dog, there is a vulnerability web applications directory.

22
00:01:31,260 --> 00:01:35,590
And the part that is interesting to us is a section for offline.

23
00:01:36,060 --> 00:01:41,990
So this is the defacto sort of repository of deliberately vulnerable Web applications.

24
00:01:42,390 --> 00:01:43,590
And you can scroll through here.

25
00:01:43,830 --> 00:01:46,230
There's dot net gote, there's bricks.

26
00:01:46,230 --> 00:01:48,330
These are all deliberately vulnerable Web applications.

27
00:01:48,330 --> 00:01:52,710
And you can download them here and you can even see the technologies that are being used anywhere.

28
00:01:52,710 --> 00:01:53,280
Application.

29
00:01:54,420 --> 00:01:59,970
So we've got a cloud goat dam, small, vulnerable web, I mean, there's so many different -- vulnerable

30
00:02:00,660 --> 00:02:04,290
file upload, you know, there's so many different applications here.

31
00:02:04,930 --> 00:02:08,130
A lot of them actually have vulnerabilities that map to the OOS.

32
00:02:08,130 --> 00:02:14,100
But top 10, which is what we're going to be working with in this tutorial session game utility, this

33
00:02:14,100 --> 00:02:14,940
is a really good one.

34
00:02:15,090 --> 00:02:18,700
You can look at the number of stars to kind of gauge how popular it is to shop.

35
00:02:18,750 --> 00:02:20,140
See, it's got four point 4000.

36
00:02:20,430 --> 00:02:21,690
So obviously this is pretty popular.

37
00:02:22,180 --> 00:02:23,660
That's what we're going to use in the cyber range.

38
00:02:23,880 --> 00:02:25,140
So if we click over to do shop.

39
00:02:26,090 --> 00:02:33,200
You can see that this is a flagship product that maps to the top 10 and buy flagship, it means that

40
00:02:33,200 --> 00:02:38,930
it has demonstrated its strategic value to OOS and the application security community as a whole.

41
00:02:39,590 --> 00:02:39,980
OK.

42
00:02:40,960 --> 00:02:41,780
Do shoppers right here.

43
00:02:42,130 --> 00:02:47,230
Probably the most modern and sophisticated, insecure Web application for security trainings.

44
00:02:48,080 --> 00:02:52,270
So this is what we definitely need and we can get it by going to the GitHub page.

45
00:02:52,280 --> 00:02:54,950
Would you shop and we just download it?

46
00:02:55,450 --> 00:02:58,810
The only thing I really like about it, you know, it's constantly being maintained and updated.

47
00:02:58,990 --> 00:02:59,770
Look at all the permits.

48
00:03:00,140 --> 00:03:04,480
Look at the last commit rate, relatively recent as of the time of this recording.

49
00:03:05,650 --> 00:03:09,760
And you can scroll through here and you can see, you know, pretty much what he can do and you can

50
00:03:09,760 --> 00:03:12,280
get a nice little tutorial on how to set it up in various places.

51
00:03:12,280 --> 00:03:12,550
Right.

52
00:03:12,730 --> 00:03:19,920
But we're not going to set ours up in, you know, Amazon, either the U.S. or Azure or Google Compute.

53
00:03:20,410 --> 00:03:21,640
We're going to set it up in our range.

54
00:03:23,030 --> 00:03:27,500
But in order to do that, you know, we need to make sure we have an operating system to host our Web

55
00:03:27,500 --> 00:03:31,150
application, so we will be using Gunta server for that.

56
00:03:31,550 --> 00:03:35,600
So if we go to Mutu Dotcom or we need to do is go to download.

57
00:03:36,570 --> 00:03:41,520
And then we want to get everyone to suffer and then we can scroll down and go to Emmanual server installation

58
00:03:41,880 --> 00:03:47,900
and we can grab the latest release, which at the time of recording is twenty point ten.

59
00:03:48,700 --> 00:03:48,930
Right.

60
00:03:48,930 --> 00:03:53,190
So let's grab that and we'll come back to the video once the download finishes.

61
00:03:53,740 --> 00:03:54,690
I'll see you guys in a little bit.

62
00:03:55,140 --> 00:03:56,680
OK, so the download has finished.

63
00:03:56,700 --> 00:03:57,890
Let's go ahead and set it up.

64
00:03:58,410 --> 00:04:02,930
We're going to go to file new virtual machine Minova stance, right.

65
00:04:02,940 --> 00:04:05,190
Typical route to the location.

66
00:04:05,690 --> 00:04:08,580
You can see we've got our copy of a Mutu server.

67
00:04:08,580 --> 00:04:09,150
Load it up.

68
00:04:09,150 --> 00:04:11,650
We're going to click next name.

69
00:04:11,850 --> 00:04:14,040
There's a wasp juice shop.

70
00:04:15,800 --> 00:04:20,690
20 gigabytes of space should be good, well, stored as a single file for performance reasons.

71
00:04:22,410 --> 00:04:24,440
And this all looks good right now.

72
00:04:24,450 --> 00:04:29,070
We're on that, we'll flip it over to host only once we get everything updated.

73
00:04:29,250 --> 00:04:30,540
This ram's a little bit too much, though.

74
00:04:30,540 --> 00:04:32,510
We can decrease that by half.

75
00:04:33,480 --> 00:04:37,660
And we're installing a Mutu server because it doesn't have a GUI, which should also save on resources.

76
00:04:38,190 --> 00:04:42,720
So we're going to power it on this virtual machine after creation and click, finish, click into the

77
00:04:42,720 --> 00:04:43,140
window.

78
00:04:43,140 --> 00:04:45,440
And I'm going to ask you about the server control, OK?

79
00:04:45,450 --> 00:04:52,860
To escape the VM, I'm going to drag the name of WASP Juice Shop into our private folder.

80
00:04:56,070 --> 00:04:58,580
And it's looking pretty good, right?

81
00:04:58,620 --> 00:05:01,070
They wouldn't let this thing boot up and once it finishes, will come back.

82
00:05:01,940 --> 00:05:05,780
And one thing I did want to mention as it boots up is you don't need to keep all your vehicles running

83
00:05:05,780 --> 00:05:06,930
all the time, right?

84
00:05:06,950 --> 00:05:11,510
So if you want to save on the resources on your host, maybe you don't have thirty two gigabytes of

85
00:05:11,510 --> 00:05:12,130
RAM on your host.

86
00:05:12,140 --> 00:05:13,010
You only have 16.

87
00:05:13,520 --> 00:05:16,490
You know, you can just spin up whatever you need for the exercise you're running.

88
00:05:16,910 --> 00:05:22,190
So let's say you just want to pop the web server from the outside to see if you can pivot into a workstation

89
00:05:22,430 --> 00:05:23,440
on the internal LAN.

90
00:05:23,870 --> 00:05:27,680
Well you could disable PC too, like I did here, and free up a few resources.

91
00:05:28,190 --> 00:05:33,170
So you have to be strategic in what you have loaded what's running so that you can get maximum performance

92
00:05:33,170 --> 00:05:35,860
out of your lab and maximum utility out of it.

93
00:05:36,290 --> 00:05:42,610
So we're going to do we're just going to go for English and we can say update to the new installer.

94
00:05:42,620 --> 00:05:42,950
Sure.

95
00:05:43,110 --> 00:05:43,880
I like cutting edge.

96
00:05:47,220 --> 00:05:51,670
All right, so the keyboard is English, US will leave everything at us.

97
00:05:51,930 --> 00:05:54,090
We're going to click done all right.

98
00:05:54,090 --> 00:05:56,310
And we'll leave the default network interface in place.

99
00:05:57,150 --> 00:05:58,190
We're not using a proxy.

100
00:05:59,190 --> 00:06:04,440
We'll keep a default mirror and we will use the entire disk tab down to done.

101
00:06:04,860 --> 00:06:05,970
So this is looking good right now.

102
00:06:05,970 --> 00:06:08,930
I'm going to click done to start the installation.

103
00:06:09,610 --> 00:06:15,120
Now, this error message is saying that this will result in the hard disk being overwritten, which

104
00:06:15,120 --> 00:06:17,490
we understand is not an issue because this is in our lab.

105
00:06:18,470 --> 00:06:25,710
We're not over writing the host desk, this is the guest VM, which is currently clear of any data.

106
00:06:26,270 --> 00:06:30,470
So, yes, my name is going to be Duse Use.

107
00:06:31,790 --> 00:06:35,270
On the username is Jesus password,

108
00:06:38,570 --> 00:06:44,060
all right, done, and we don't need to install open SFH server and I don't know these server steps,

109
00:06:44,060 --> 00:06:45,670
are we just going to get done?

110
00:06:45,680 --> 00:06:46,750
We don't need server snaps.

111
00:06:47,300 --> 00:06:47,480
All right.

112
00:06:47,480 --> 00:06:49,180
So we're going to let this Runnable come back once again.

113
00:06:50,270 --> 00:06:50,550
All right.

114
00:06:50,550 --> 00:06:51,040
Very sweet.

115
00:06:51,070 --> 00:06:52,760
So it says all upgrades installed.

116
00:06:52,910 --> 00:06:58,640
So we should be good to go install comp. So we'll reboot and log in and we'll do that in the next lecture

117
00:06:58,970 --> 00:07:00,780
when we figure you shop.

118
00:07:00,790 --> 00:07:02,270
I'll see you guys in a little bit by.