1
00:00:00,210 --> 00:00:00,410
All right.

2
00:00:00,420 --> 00:00:06,150
Now on our application I'm already logged in as my testing at test dot com user.

3
00:00:06,150 --> 00:00:07,170
So if you're not logged in.

4
00:00:07,170 --> 00:00:09,310
Go ahead and do so now.

5
00:00:09,510 --> 00:00:14,940
We're going to abuse one feature and I do encourage you to come in here and look at all the different

6
00:00:14,940 --> 00:00:21,060
broken access controls that they have and just kind of get an understanding of all the different ways

7
00:00:21,060 --> 00:00:23,470
that you can manipulate things here OK.

8
00:00:24,450 --> 00:00:27,910
And gain access to places that you shouldn't.

9
00:00:27,990 --> 00:00:33,360
But the one that we're gonna be looking at is putting feedback in another user's name.

10
00:00:33,360 --> 00:00:35,190
This one I showed to you.

11
00:00:35,190 --> 00:00:40,170
I'm going to explain to you why I like this one because it's a nifty little trick you're going to see

12
00:00:40,170 --> 00:00:41,040
here.

13
00:00:41,070 --> 00:00:49,780
So let's go ahead and go to account or actually let's go over here and go to customer feedback so our

14
00:00:49,780 --> 00:00:54,360
goal is to leave feedback in another user's name.

15
00:00:54,520 --> 00:00:57,280
So I'm going to say mean thing you're terrible.

16
00:00:57,310 --> 00:00:59,240
I'm going to make this person look bad.

17
00:00:59,320 --> 00:01:01,270
I'm going to give a one star rating.

18
00:01:01,270 --> 00:01:04,390
Let's go ahead and solve the captcha using our pen dos.

19
00:01:04,390 --> 00:01:04,750
Right.

20
00:01:04,750 --> 00:01:09,210
So six minus five is one plus nine is 10.

21
00:01:09,370 --> 00:01:13,900
And if we submit this we just submit it as ourselves.

22
00:01:14,020 --> 00:01:17,240
Well we have to understand what's going on here.

23
00:01:17,260 --> 00:01:22,370
So what we can do is we can right click on this and say inspect element.

24
00:01:22,450 --> 00:01:23,820
Now why do I love this.

25
00:01:23,830 --> 00:01:25,880
And this might be hard to see.

26
00:01:25,930 --> 00:01:27,360
So just try to follow along.

27
00:01:28,180 --> 00:01:33,490
But I love this here because this is so realistic about as what Beth is about to happen.

28
00:01:33,490 --> 00:01:35,530
I'm so excited I'm stuttering.

29
00:01:35,890 --> 00:01:43,710
So with what's about to happen here a lot of times all log into an application or a web page even like

30
00:01:43,990 --> 00:01:49,660
big name vendors have I've seen this on where you go in there and you go and there's like a username

31
00:01:49,660 --> 00:01:54,580
and password field or you know what's your what's your security answer and you see it.

32
00:01:54,580 --> 00:01:57,480
And it's like All Stars right.

33
00:01:57,520 --> 00:02:03,580
Well something I like to do is I like to I like to inspect that element and see if it's holding the

34
00:02:03,580 --> 00:02:10,010
value there but it's just hiding it or masking it from us which is exactly what's happening here.

35
00:02:10,030 --> 00:02:14,450
So we inspected the element and you should be brought somewhere here like this div class.

36
00:02:14,620 --> 00:02:21,160
If we look up just a bit there's this input user I.D. right here and you could see that the text is

37
00:02:21,160 --> 00:02:22,960
actually hidden.

38
00:02:22,960 --> 00:02:25,140
So it says hidden right here.

39
00:02:25,180 --> 00:02:30,730
I want to go ahead and just delete that and see you what is going on here and what text is actually

40
00:02:30,730 --> 00:02:31,120
hidden.

41
00:02:32,540 --> 00:02:37,680
And you see it says 18 and the user I.D. of 18 they're just hiding this.

42
00:02:37,820 --> 00:02:39,520
This is not a good way to do this right.

43
00:02:39,530 --> 00:02:48,140
This is terrible but this honestly this is so true is you have this password field just like this where

44
00:02:48,140 --> 00:02:54,560
it's all blank out you right click on it and it says hidden you just set it to you delete it or you

45
00:02:54,560 --> 00:03:01,760
say false or you know you want to show these passwords or it'll say type feel type equals password and

46
00:03:01,760 --> 00:03:06,690
you say feel type equals text and guess what it will show everything in clear text.

47
00:03:06,710 --> 00:03:14,960
So this is a form of bypassing broken access control here or bypassing access control.

48
00:03:14,960 --> 00:03:18,680
So we are user I.D. 18 in this application.

49
00:03:18,680 --> 00:03:23,750
I'm just gonna go ahead and try to pick user I.D. number one which should be probably an admin or the

50
00:03:23,750 --> 00:03:28,370
first user created if they're incrementing these in numerical order.

51
00:03:28,370 --> 00:03:33,650
So let's go ahead and submit that and you can see it says Forge feedback.

52
00:03:33,650 --> 00:03:34,950
We have done it.

53
00:03:35,210 --> 00:03:39,800
So we just posted feedback in another user's name that's broken access control.

54
00:03:39,800 --> 00:03:41,990
We weren't supposed to do that.

55
00:03:41,990 --> 00:03:48,950
Another example is say we wanted to you know I think it's administrator or administration or something

56
00:03:48,950 --> 00:03:52,400
along those lines here if we wanted to try to navigate that page.

57
00:03:52,730 --> 00:03:55,470
Look it had it for a second and it blocked us.

58
00:03:55,580 --> 00:04:02,180
So we need to try to abuse all the features here that we possibly can.

59
00:04:02,210 --> 00:04:10,670
So keep these things in mind you know read up on this stuff try to understand what's going on and know

60
00:04:10,670 --> 00:04:17,090
that broken access control is a huge catch all for a lot of different attacks but understanding what

61
00:04:17,090 --> 00:04:20,900
it is for an interview process is gonna be super helpful.

62
00:04:20,900 --> 00:04:22,480
So that's it for this.

63
00:04:22,520 --> 00:04:25,810
We're gonna go ahead and move on to number six which is security.

64
00:04:25,820 --> 00:04:26,990
Miss configurations.