1
00:00:00,810 --> 00:00:08,370
Hi, within this lecture, we're going to continue solving our CTF and we're going to consider following

2
00:00:08,370 --> 00:00:09,620
our leads over here.

3
00:00:09,810 --> 00:00:14,700
So I'm going to just stop this nearby, sir, because again, we have what we need.

4
00:00:14,910 --> 00:00:20,430
Like, we know that there is a work press over here and we're going to follow that road.

5
00:00:20,700 --> 00:00:26,810
And over here, the Nito didn't even complete the scan over there.

6
00:00:27,120 --> 00:00:30,260
So we have a lot of things going on over here.

7
00:00:30,270 --> 00:00:34,020
So NICTA can take long, actually.

8
00:00:34,350 --> 00:00:37,600
Just bear in mind that sneak can take long.

9
00:00:37,800 --> 00:00:40,760
So maybe this can be your first step.

10
00:00:40,770 --> 00:00:46,270
Just run it in the background and just come back and see what happens later.

11
00:00:46,680 --> 00:00:52,150
And as you can see, we started getting some responses over here, but it's going to take long.

12
00:00:52,470 --> 00:00:56,770
And again, we have an admin folder over there, I believe.

13
00:00:56,790 --> 00:00:59,940
So let me try to go into the admin.

14
00:01:00,270 --> 00:01:05,190
So it's it actually isn't supposed to be here, right?

15
00:01:05,190 --> 00:01:11,910
Because it isn't the regular standard procedure for the WordPress.

16
00:01:11,910 --> 00:01:15,830
It's usually WP admin or WP log in.

17
00:01:16,440 --> 00:01:20,860
And again, I believe it redirects us to indexer BHP.

18
00:01:20,880 --> 00:01:23,040
So I don't know.

19
00:01:23,460 --> 00:01:29,080
There is nothing to pursue in the admin folder, I believe.

20
00:01:29,820 --> 00:01:32,370
So again, let me try this one.

21
00:01:32,400 --> 00:01:36,390
So as you can see, there is a page parameter over here.

22
00:01:36,390 --> 00:01:43,640
Maybe we can change it or maybe we can try something like directory traversal like we have found before.

23
00:01:44,100 --> 00:01:48,300
So I'm going to come over here, not here, but there.

24
00:01:48,630 --> 00:01:54,550
And I'm going to just write Questionmark, page 23 and here you go.

25
00:01:55,440 --> 00:01:58,160
So it just redirects us to index as well.

26
00:01:58,650 --> 00:02:05,970
So nothing happens with page parameter, but maybe we can just try page one or page zero or maybe we

27
00:02:05,970 --> 00:02:14,100
can just try directory traversal, as I said before, like this that dot slash atse password and see

28
00:02:14,100 --> 00:02:15,120
what happens.

29
00:02:15,750 --> 00:02:17,070
Nothing is happening.

30
00:02:17,070 --> 00:02:24,630
And in fact I believe none of this is working because it's all redirecting us to the original index

31
00:02:24,630 --> 00:02:25,220
page.

32
00:02:26,490 --> 00:02:34,570
So I believe it's better to follow the WP login or W or WordPress in general.

33
00:02:34,870 --> 00:02:42,030
OK, so over here we have the short list we already took, taking a look at that.

34
00:02:42,330 --> 00:02:47,300
So we plug in yet we we're definitely going to take a look at that, this one.

35
00:02:47,700 --> 00:02:52,710
OK, and we have seen that over here as well.

36
00:02:52,890 --> 00:02:56,310
And I believe we don't have WP admin this time.

37
00:02:56,310 --> 00:02:57,810
We have WP login.

38
00:02:58,530 --> 00:03:00,240
So far, so good.

39
00:03:00,630 --> 00:03:07,530
And we can just skip over here a little bit and see if we can find anything interesting, much more

40
00:03:07,530 --> 00:03:08,700
interesting over here.

41
00:03:08,700 --> 00:03:10,980
But I don't think there there is.

42
00:03:10,980 --> 00:03:11,340
Right.

43
00:03:11,550 --> 00:03:21,210
So we get have to focus on the WP log in and I believe we haven't checked the robots tactics as well.

44
00:03:21,630 --> 00:03:24,870
So I'm going to take a look at that as well later on.

45
00:03:24,900 --> 00:03:32,840
So I'm going to come over here, OK, and delete this and come to we plug in and here you go.

46
00:03:32,880 --> 00:03:39,090
This is the login web page of the IRC press, and I'm going to go for the Channel 215 one more time,

47
00:03:39,360 --> 00:03:41,880
this time for weepie admin.

48
00:03:42,300 --> 00:03:42,690
Yep.

49
00:03:42,690 --> 00:03:45,990
They are redirecting us to the same page.

50
00:03:45,990 --> 00:03:49,770
As you can see, it's redirecting us to the WP login.

51
00:03:50,100 --> 00:03:54,750
So this is definitely going to be a WP login thingy going on over there.

52
00:03:55,320 --> 00:04:05,100
So we have the WordPress admin login and some other stuff going on over here, but they are all related

53
00:04:05,100 --> 00:04:07,470
with the WP login, I believe.

54
00:04:08,130 --> 00:04:17,490
OK, so let me see what what this is we have license to see, which won't give us anything I believe,

55
00:04:17,490 --> 00:04:19,260
but it's worth a shot anyway.

56
00:04:19,770 --> 00:04:22,920
So let me see if we have anything else.

57
00:04:23,460 --> 00:04:27,960
NUPE, let me come over here and just search for this one as well.

58
00:04:28,440 --> 00:04:34,770
So license that to let me delete the extra slash and here you go.

59
00:04:34,800 --> 00:04:38,520
This is just the license of the WordPress, I believe.

60
00:04:39,000 --> 00:04:47,910
So let me just go back and better yet, we can just go for the robots, that THC, which is the first

61
00:04:47,910 --> 00:04:50,790
thing that we should have been looking for anyway.

62
00:04:51,030 --> 00:04:53,220
As you can see, there are a couple of things over here.

63
00:04:53,220 --> 00:04:57,990
We have a society, dick and key, one of three to see.

64
00:04:58,740 --> 00:04:59,910
So we have.

65
00:05:00,210 --> 00:05:10,680
The first flag, I believe he was one of three texte, so I can get that easily from the URL and we

66
00:05:10,680 --> 00:05:13,610
have an F Society dictionary over here.

67
00:05:14,190 --> 00:05:18,820
So this makes me think that this is going to be a brute force thing.

68
00:05:19,680 --> 00:05:26,340
And also, if you don't know about 60, by the way, if you don't know whether this this is a system

69
00:05:26,340 --> 00:05:33,710
in order to say the crawlers of the websites like Google just don't look over here, OK?

70
00:05:33,810 --> 00:05:38,130
So don't look over key one, two, three, texte.

71
00:05:38,790 --> 00:05:43,910
And Google doesn't get that and doesn't index that we did scroller.

72
00:05:44,580 --> 00:05:52,310
But again, as Hecker's, we should look there first in order to see what's this allowed for the Google.

73
00:05:52,920 --> 00:05:57,930
So I'm going to come over here to my nose, start to extend just space, the section over there.

74
00:05:58,110 --> 00:06:00,770
This is our first flag, OK?

75
00:06:00,780 --> 00:06:02,940
It was pretty easy to get that.

76
00:06:03,600 --> 00:06:10,080
But again, I believe rather than flag, we should focus on the Z Society Dictionary over here.

77
00:06:10,290 --> 00:06:18,540
So I'm going to copy this and try to see what's inside of this dictionary and let me just save the file.

78
00:06:18,990 --> 00:06:24,310
It says that this is C source code, but I don't think that's what this.

79
00:06:24,350 --> 00:06:31,280
OK, so I'm just going to save this file and see the content of it.

80
00:06:31,680 --> 00:06:41,640
So if this is a dictionary, as we presume, then I believe we're going to have to do some kind of brute

81
00:06:41,640 --> 00:06:42,260
force thing.

82
00:06:42,690 --> 00:06:48,930
So I'm going to cut this and put this in my CTM folder on there, Mr. Robot, and pasted over there

83
00:06:49,200 --> 00:06:52,230
and just open it with any text editor like this.

84
00:06:52,620 --> 00:06:53,520
And here you go.

85
00:06:53,520 --> 00:06:57,990
There are a couple of words over here, like maybe hundreds or thousands of words.

86
00:06:58,350 --> 00:07:06,570
And they they should be some kind of password or username or both, we don't know yet.

87
00:07:06,770 --> 00:07:14,730
OK, so you can just take a look at all of those things and try to find some meaningful things.

88
00:07:15,240 --> 00:07:20,640
But again, there are a lot over here, so we cannot try them one by one.

89
00:07:21,300 --> 00:07:25,890
We have some kind of like generic ones like file in type.

90
00:07:27,300 --> 00:07:32,840
We have some kind of duplications, I believe, and we have a lot over here.

91
00:07:32,880 --> 00:07:33,230
Right.

92
00:07:33,240 --> 00:07:41,250
So it's going to take some time and maybe we can just take the unique values like we have seen in the

93
00:07:41,250 --> 00:07:46,770
Bendit to get rid of the duplicates over here.

94
00:07:47,070 --> 00:07:50,650
Like if we search for your UL, we have Bazra.

95
00:07:50,760 --> 00:07:54,570
Let's see if we have another Eurail over here like we have.

96
00:07:54,570 --> 00:07:57,920
Jodrell, edit the URL.

97
00:07:57,930 --> 00:08:04,740
Yeah, we have another Eurorail over here, which is only in case we have another basic URL.

98
00:08:04,740 --> 00:08:05,370
I believe.

99
00:08:05,820 --> 00:08:12,030
So definitely there are some duplicates and these are not alphabetically ordered.

100
00:08:12,030 --> 00:08:16,410
So it's going to be kind of challenging over here.

101
00:08:16,410 --> 00:08:16,790
Right.

102
00:08:17,250 --> 00:08:20,190
So I'm going to come over here and clear this up.

103
00:08:20,580 --> 00:08:28,290
So if you're on an SLA now, we know if societys over a year and it's seven meg and it's very big.

104
00:08:28,860 --> 00:08:31,710
So we have a lot of things going on over there.

105
00:08:31,710 --> 00:08:33,210
So it's going to take some time.

106
00:08:33,660 --> 00:08:39,930
And most probably we're going to have to brute force here so that we can just log in as a user.

107
00:08:40,680 --> 00:08:50,610
And we don't know if if they are here for user name or they are here for a password and we don't know

108
00:08:50,610 --> 00:08:52,020
if they are here for both.

109
00:08:52,860 --> 00:09:00,090
If we are given a dictionary, I believe most probably they're here for both so we can find the user

110
00:09:00,090 --> 00:09:02,820
name and we can find the password in that dictionary.

111
00:09:03,150 --> 00:09:05,280
Otherwise they wouldn't give us anything.

112
00:09:05,280 --> 00:09:11,880
And we can just go for the ready to use dictionaries like Rakolta Sixty or Medium Dear Busser like we

113
00:09:11,880 --> 00:09:12,930
have seen before.

114
00:09:13,500 --> 00:09:18,210
But this time we are given the dictionary and we are only given one.

115
00:09:18,210 --> 00:09:24,820
So I assume there's going to be usernames and passwords in the same dictionary so we can use weepie

116
00:09:24,850 --> 00:09:25,350
Skemp.

117
00:09:25,860 --> 00:09:27,850
I mean in order to do brute force.

118
00:09:28,020 --> 00:09:34,260
If you just write weepie scan Dashti shop, you can see the documentation of the PvP scan and we have

119
00:09:34,260 --> 00:09:41,850
a lot of things here like enumeration would farseeing, like detection, service detection, version

120
00:09:41,850 --> 00:09:44,460
detection, plugin detection.

121
00:09:44,670 --> 00:09:52,080
So they're kind of it's kind of like all in one solution for the WordPress penetration test.

122
00:09:52,350 --> 00:09:54,660
And of course, we were going to use it as well.

123
00:09:54,990 --> 00:09:59,850
And but first, we're going to have to do it for the user name.

124
00:09:59,900 --> 00:10:05,000
And I believe we're going to have to do it for the password after we find the username so that it will

125
00:10:05,000 --> 00:10:08,930
make sense because we cannot find a password without a username.

126
00:10:09,200 --> 00:10:15,620
So first of all, I'm just going to search to see if we have any user that is valid inside of that f

127
00:10:15,620 --> 00:10:18,890
society that we got back from the about.

128
00:10:19,880 --> 00:10:24,980
And if we can find the user that we're going to find the password as well.

129
00:10:25,640 --> 00:10:32,750
So we can use WordPress, VP Schenn, we can use Hydra and we can use birthweight.

130
00:10:33,500 --> 00:10:37,650
So I'm going to try and show all of those things to you.

131
00:10:38,060 --> 00:10:44,210
OK, we're going to have to use a whip scan eventually anyway, because it's a WordPress weapon testing.

132
00:10:44,210 --> 00:10:48,380
I believe the CTF is about WordPress testing.

133
00:10:48,680 --> 00:10:51,920
And let me open the birthweight.

134
00:10:52,310 --> 00:11:01,220
Even though we can use Hydra, we're going to have a need for the burb suite anyway because we need

135
00:11:01,220 --> 00:11:04,470
to see some responses in order to use Hydra as well.

136
00:11:05,240 --> 00:11:06,650
I'm going to show you what I mean.

137
00:11:06,650 --> 00:11:14,870
Don't worry, since my proxy is up right now, I'm going to have to turn on my folks, your proxy,

138
00:11:14,870 --> 00:11:20,120
or just do the proxy settings for the Firefox.

139
00:11:20,360 --> 00:11:26,900
If you don't know how to use birthweight, please make sure check my weapon testing course or just go

140
00:11:26,900 --> 00:11:30,290
for the YouTube for a quick demonstration of it.

141
00:11:30,560 --> 00:11:33,980
Or you can just follow along with me.

142
00:11:34,400 --> 00:11:42,920
But I'm going to turn off the folks proxy, which will connect to the burb suite in order to transfer

143
00:11:42,920 --> 00:11:45,580
our requests and responses through the verb.

144
00:11:45,590 --> 00:11:48,130
So it's OK burps which is a proxy eventually.

145
00:11:48,860 --> 00:11:56,990
So here when we make a request or when we make sure we get a response, it will be captured in the suite

146
00:11:57,050 --> 00:12:03,830
first so that we can see them or we can analyze them or even we can change them and send some kind of

147
00:12:03,830 --> 00:12:05,780
different responses or requests.

148
00:12:06,380 --> 00:12:11,540
So I'm going to just try with atlatl or until one, two, three, five, four, six.

149
00:12:11,780 --> 00:12:18,560
OK, we don't have that kind of password or a username, but of course we get to see this.

150
00:12:18,710 --> 00:12:22,960
So I'm just going to write Clocky over here and send it to the intruder.

151
00:12:23,540 --> 00:12:27,050
Intruder is the brute forcing module for the burb suite.

152
00:12:27,260 --> 00:12:29,360
And don't worry, we're not going to use it.

153
00:12:29,360 --> 00:12:34,820
I'm just showing it to you that it's possible to do brute force with it.

154
00:12:35,090 --> 00:12:42,920
OK, I'm not going to turn this into a sweet lecture course, so I'm going to clear all of these parameters.

155
00:12:43,170 --> 00:12:50,750
If I add some variables over here, like to username and password in the request, I can come over here

156
00:12:50,750 --> 00:12:55,820
to pay Lawder Yapp in the payloads and I can just choose a list.

157
00:12:56,270 --> 00:13:02,210
And of course, we're going to have to change the attack type from here like a sniper is only for one

158
00:13:02,210 --> 00:13:02,990
parameter.

159
00:13:03,230 --> 00:13:10,730
If we come over here to some other attack, we can just choose a different kind of wordlist for different

160
00:13:10,730 --> 00:13:15,790
kind of parameters and we can just run it and see what happens.

161
00:13:15,800 --> 00:13:23,030
OK, this is cluster bombing and we can do brute forcing directly inside of it here as well.

162
00:13:23,540 --> 00:13:26,810
But again, we're not going to use this for this purpose.

163
00:13:27,020 --> 00:13:34,070
We have Hydra, we have WordPress log in and the of penetration testing course, but rather we're going

164
00:13:34,070 --> 00:13:39,920
to focus on the privileged escalation, on gaining access side of things.

165
00:13:40,400 --> 00:13:42,500
So I'm going to send this to repeater.

166
00:13:42,800 --> 00:13:45,710
So repeater is important in the repeater.

167
00:13:46,160 --> 00:13:48,050
Make sure you turn the intercept off.

168
00:13:48,050 --> 00:13:50,150
By the way, go back to repeater.

169
00:13:50,270 --> 00:13:52,760
Now, you can see this is an invalid user name.

170
00:13:53,240 --> 00:13:56,330
The user doesn't even exist.

171
00:13:56,330 --> 00:14:00,590
OK, so I'm going to come back to here in the repeater.

172
00:14:00,590 --> 00:14:03,260
We can just do as many repeats as we want.

173
00:14:03,440 --> 00:14:08,570
We can change the request and see what kind of response do we get from the server.

174
00:14:08,810 --> 00:14:10,730
That is why we use a repeater.

175
00:14:10,910 --> 00:14:15,440
We can do tests and see the response of the server at the right hand side.

176
00:14:15,770 --> 00:14:19,910
So, for example, I can just change the login name and password from here.

177
00:14:20,120 --> 00:14:25,820
And just directly he sent in order to see what kind of response do we get back from server.

178
00:14:26,840 --> 00:14:28,040
It's practical.

179
00:14:28,040 --> 00:14:29,450
It's easy to use.

180
00:14:29,750 --> 00:14:31,940
So why do we use this?

181
00:14:32,300 --> 00:14:38,690
Because I'm going to show you how to do a brute force thing with Hydra, OK?

182
00:14:39,140 --> 00:14:43,850
And for the drive, we're going to supply the Safe Society as a wordlist.

183
00:14:44,090 --> 00:14:51,020
And also we're going to go for the user name first, then we can go back and find the password with

184
00:14:51,020 --> 00:14:52,430
without even using Hydra.

185
00:14:52,450 --> 00:14:56,530
We can use some other tools as well so that we can see every one of them.

186
00:14:57,290 --> 00:14:59,780
So first of all, let me just.

187
00:15:00,420 --> 00:15:07,410
Stop blabbering about this and just go for Hydra and supply a user name wordlist for the password.

188
00:15:08,910 --> 00:15:15,480
As you can see, if we supply an invalid user name, we can get this invalid user name error message

189
00:15:15,690 --> 00:15:17,040
and this will be different.

190
00:15:17,040 --> 00:15:24,180
If we can find a valid user name, it will say that the password is wrong or something like that.

191
00:15:24,730 --> 00:15:28,790
In this case, I forget the error message of invalid username.

192
00:15:28,800 --> 00:15:35,220
We definitely know that this is going to be like not the thing that we are looking for, right.

193
00:15:35,670 --> 00:15:37,700
Because we want a valid username.

194
00:15:39,030 --> 00:15:41,520
So let's start typing Hydra.

195
00:15:42,390 --> 00:15:50,220
We in order to make it verbose and I shall in order to supply the list that we are going to work with.

196
00:15:50,460 --> 00:15:55,500
And by the way, this should be in the same folder when you run, unless you can see the society today.

197
00:15:56,130 --> 00:15:59,460
So I'm going to say, Haidara, we all associated.

198
00:15:59,830 --> 00:16:06,900
OK, so we're going to use this dictionary and we're going to supply a password because we're going

199
00:16:06,900 --> 00:16:08,840
to use this dictionary on the username.

200
00:16:09,090 --> 00:16:13,470
OK, so for the password, I'm just going to give like tests.

201
00:16:13,680 --> 00:16:17,340
You can give it anything you want because we're not looking for a password.

202
00:16:17,340 --> 00:16:20,880
We're only looking for not an invalid user.

203
00:16:20,970 --> 00:16:25,380
OK, so over here we have supplied the password.

204
00:16:25,380 --> 00:16:31,230
We have supplied the user name, user name list, not the user name itself, because we don't know the

205
00:16:31,230 --> 00:16:31,950
user name.

206
00:16:32,310 --> 00:16:38,400
And of course, we going to have to supply the tunnel to fifteen, which is our URL over here.

207
00:16:38,670 --> 00:16:44,100
And now this is the reason why we have brought up the website in the first place.

208
00:16:44,100 --> 00:16:51,750
Anyway, as you can see, we can see the request details over here and we're going to need those things.

209
00:16:52,500 --> 00:16:56,040
So as you can see, we need this thing.

210
00:16:56,370 --> 00:17:05,220
We need the log p, the VP submitting you over here, because that's how Hydro will know how to send

211
00:17:05,220 --> 00:17:07,290
the request back to the server.

212
00:17:07,890 --> 00:17:11,970
And as you can see, we had that post thing in the burb suite.

213
00:17:11,970 --> 00:17:16,260
So I'm going to make sure we write over here HTP post form.

214
00:17:17,010 --> 00:17:26,310
And after that we're going to have to specify the actual request parameters like paedophilia and stuff

215
00:17:26,310 --> 00:17:29,400
like that, because it's not common.

216
00:17:29,400 --> 00:17:32,220
It's specific to each website.

217
00:17:32,220 --> 00:17:37,060
OK, and the Hydra will not know where to send the URL request to.

218
00:17:37,380 --> 00:17:48,030
So we're going to just come over here to the website itself, actually, and get the URL parameters

219
00:17:48,030 --> 00:17:49,650
to write it over there.

220
00:17:49,830 --> 00:17:58,920
OK, so it will start with the Web log in P and after that we're going to have a column over here and

221
00:17:58,920 --> 00:18:01,050
just write the parameters like this.

222
00:18:01,770 --> 00:18:07,350
So of course we don't need redirect to, but we need these ones.

223
00:18:07,350 --> 00:18:13,650
So let me copy this and see if we can copy it only and pasted over here.

224
00:18:14,010 --> 00:18:14,930
Yeah, here you go.

225
00:18:15,600 --> 00:18:24,840
So what will happen over here is that the server understands this parameter, so it's looking for user

226
00:18:24,840 --> 00:18:32,700
name as log, it's looking for password SPW d and it's looking for submitting as WP submit.

227
00:18:32,910 --> 00:18:36,480
And this is different for every server, different for every Bergkamp.

228
00:18:36,480 --> 00:18:44,340
OK, so at the end of it I'm going to put a column over here and just write f invalid user name and

229
00:18:44,340 --> 00:18:46,410
this is the error message that we have.

230
00:18:46,680 --> 00:18:48,200
So what does it mean?

231
00:18:48,210 --> 00:18:55,980
It means that if we have this invalid user name, then Hidary will know that this is a failure and instead

232
00:18:55,980 --> 00:19:02,250
of giving password is one, two, three, and the user name is still re going to change this to variables

233
00:19:02,250 --> 00:19:03,960
that we have supplied over here.

234
00:19:04,500 --> 00:19:09,480
So rather than password, we can actually give anything to password.

235
00:19:09,480 --> 00:19:10,380
It won't matter.

236
00:19:10,650 --> 00:19:15,330
But you should know how it's done if if the case is a device.

237
00:19:15,660 --> 00:19:21,900
So just delete the article and write with this kind of syntax over here.

238
00:19:22,170 --> 00:19:32,430
User and for the password again, just delete it and as the same way just write pass so user and pass.

239
00:19:32,610 --> 00:19:38,400
So user will be replaced by this and password y b will be replaced by this.

240
00:19:38,910 --> 00:19:41,670
So password will be test in every request.

241
00:19:41,670 --> 00:19:42,960
So it won't make sense.

242
00:19:43,200 --> 00:19:50,520
But again, the reason that we are doing this is because of the need for the user name itself.

243
00:19:50,850 --> 00:19:57,300
So we're going to try every possible F society to get alternative over here to find the user that works.

244
00:19:58,080 --> 00:19:59,640
So if we can find the user.

245
00:20:00,060 --> 00:20:06,900
We can just brute force the password and I believe just control C in order to make the stop.

246
00:20:07,230 --> 00:20:09,050
I believe we have found it.

247
00:20:09,600 --> 00:20:10,470
Here you go.

248
00:20:10,740 --> 00:20:14,060
It shows the valid one in blue.

249
00:20:14,640 --> 00:20:16,770
So how does it understand it's valid?

250
00:20:16,770 --> 00:20:22,080
Because we have given the error message to the sweet, not the purpose.

251
00:20:22,530 --> 00:20:27,320
We took it from the euro, but we supplied it in the Hydra.

252
00:20:27,630 --> 00:20:30,030
And as you can see, this one didn't get that.

253
00:20:30,270 --> 00:20:32,280
And it's written in blue.

254
00:20:32,640 --> 00:20:38,280
And apparently the log in is Elliot and it shows password this test.

255
00:20:38,280 --> 00:20:40,370
But of course, it's not test.

256
00:20:40,680 --> 00:20:48,900
OK, I chose it in green because we have supplied error message as invalid username and then we give

257
00:20:48,900 --> 00:20:50,580
the Elliot as username.

258
00:20:50,760 --> 00:20:52,500
We should get something else.

259
00:20:52,710 --> 00:20:54,900
Let me try this and just write it.

260
00:20:55,260 --> 00:20:56,160
And here you go.

261
00:20:56,160 --> 00:21:00,060
It says that the password you entered for the username Aleut is incorrect.

262
00:21:00,390 --> 00:21:02,730
So Hydra did this job right.

263
00:21:02,880 --> 00:21:07,950
It found one that is working and we have now a user name.

264
00:21:08,220 --> 00:21:13,020
We don't know if this is a privileged user or just a regular user.

265
00:21:13,320 --> 00:21:20,880
Maybe if this doesn't work, we can just go scanning the further and we can wait a little bit more in

266
00:21:20,880 --> 00:21:24,720
order to see if there is some other users here in this list as well.

267
00:21:24,960 --> 00:21:29,790
But at least for right now, we have one user and we're just going to go for it.

268
00:21:30,300 --> 00:21:36,180
So I'm going to open my notes and just write Elliott over here and in order to take a note.

269
00:21:36,540 --> 00:21:39,690
So let's stop here and continue within the next lecture.