1
00:00:05,090 --> 00:00:09,950
So far in this course, you've seen how to do lots of different types of hacking, but let's go to one

2
00:00:09,950 --> 00:00:12,770
of the most common types of hacking out there.

3
00:00:12,770 --> 00:00:19,310
Web hacking, hacking into a website or a Web application is something that people are going to try

4
00:00:19,310 --> 00:00:23,380
the second you put up any Web application or Web server.

5
00:00:23,690 --> 00:00:29,270
So you need to understand at least two of the most common classes of attacks and see how to protect

6
00:00:29,270 --> 00:00:29,810
from that.

7
00:00:30,110 --> 00:00:37,910
So what we're going to do is make use of our Mideast deployable VM, Métis floatable VM has some applications

8
00:00:37,910 --> 00:00:38,210
on it.

9
00:00:38,480 --> 00:00:40,780
It's got Devoir utility.

10
00:00:41,030 --> 00:00:45,050
It's also got a P, my admin and wiki and Web webapp.

11
00:00:45,290 --> 00:00:49,490
There are all kinds of rich things that we can run through in our midst floatable.

12
00:00:49,850 --> 00:00:54,200
All we need to do is set up our Métis portable box so that we can surf from it.

13
00:00:54,650 --> 00:00:59,360
And then we're going to hack into the Métis floatable box from our Windows 10 machine and from our local

14
00:00:59,360 --> 00:01:01,850
desktop computer just to show a little bit of variety.

15
00:01:02,210 --> 00:01:03,950
So come to Oracle Virtual Box.

16
00:01:03,950 --> 00:01:06,140
We're going to make sure that that Métis floatable to.

17
00:01:07,200 --> 00:01:10,770
Is running on our host only adapter.

18
00:01:10,800 --> 00:01:11,490
Very good.

19
00:01:12,840 --> 00:01:24,060
And remember to log in to meet exploitable use MSF admin and MSF aid in doing I-F config just to make

20
00:01:24,060 --> 00:01:30,090
sure that it's on the that three addresses and mine is, it turned out Odah three to five.

21
00:01:30,510 --> 00:01:37,230
So I'll be able to log in to this machine from tendo three dot five as my address.

22
00:01:37,270 --> 00:01:38,300
I'll go and minimize it.

23
00:01:38,310 --> 00:01:40,150
We don't even need to work in medicine floatable.

24
00:01:40,170 --> 00:01:46,650
It's running as a web server so that we'll be able to connect to it using this address from any of our

25
00:01:46,650 --> 00:01:48,960
other machines, including our local desktop machine.

26
00:01:49,990 --> 00:01:56,650
So minimize it and let's start our Windows 10 computer, first of all, make sure you're on the same

27
00:01:56,650 --> 00:02:02,830
network host only adapter of the box net zero hit, OK, and start your Windows 10 running.

28
00:02:04,350 --> 00:02:08,130
And we're going to use both browsers and Windows 10 to go ahead and open up.

29
00:02:09,390 --> 00:02:12,210
Google Chrome and your Edge browser.

30
00:02:13,470 --> 00:02:21,360
And we're going to surf to 10 oh dot three, five or whatever your manipulatable boxes address was,

31
00:02:21,360 --> 00:02:22,230
that one's good.

32
00:02:24,180 --> 00:02:31,440
We'll do the same thing from Chrom Tendo 3:00 to five, and we can see that we are able to connect from

33
00:02:31,440 --> 00:02:38,250
our Windows 10 computer using that 10 not Odah three to five address is the address of our Mideast floatable

34
00:02:38,250 --> 00:02:38,660
server.

35
00:02:39,530 --> 00:02:45,330
I'm going to use my Microsoft Edge first and I'm going to click on DV W.A..

36
00:02:45,690 --> 00:02:48,780
This is the darn vulnerable web application.

37
00:02:48,780 --> 00:02:52,320
Devoir Aydan vulnerable web application.

38
00:02:52,650 --> 00:02:57,630
Pardon the language, but we will use the username, admin and password.

39
00:02:57,630 --> 00:02:59,250
If you don't know that it's down.

40
00:02:59,250 --> 00:03:00,150
Here is a hint.

41
00:03:00,660 --> 00:03:01,890
Admin and password.

42
00:03:05,860 --> 00:03:09,550
And what we're going to see how to do are a couple of things now, there are lots of things you can

43
00:03:09,550 --> 00:03:12,100
learn from the darn vulnerable devoir.

44
00:03:12,550 --> 00:03:17,960
You can do file inclusion, you can do command execution, you can do SQL injection.

45
00:03:17,960 --> 00:03:21,280
And we're going to start off with skull and cross site scripting.

46
00:03:21,850 --> 00:03:30,670
But you can attack a Web server that's running on Almeida's floatable box and safely see how each of

47
00:03:30,670 --> 00:03:32,680
these types of attacks can happen.

48
00:03:32,980 --> 00:03:37,420
And that way you'll know a little bit more about how to protect the security of your own Web server

49
00:03:37,420 --> 00:03:38,590
or a Web application.

50
00:03:39,040 --> 00:03:43,390
So when we come back in the next lesson, we're going to tackle cross site scripting or we're going

51
00:03:43,390 --> 00:03:45,040
to see how to do that two different ways.

52
00:03:45,040 --> 00:03:51,580
And we're going to see how it differs between our Microsoft Edge browser and our Google Chrome browser.

53
00:03:52,210 --> 00:03:53,350
See you in the next lesson.