1
00:00:00,180 --> 00:00:01,013
‫Instructor: Hi.

2
00:00:01,013 --> 00:00:05,070
‫Within this lecture we are going to install our APK

3
00:00:05,070 --> 00:00:08,460
‫on our gain motion and we're going to run our server

4
00:00:08,460 --> 00:00:12,510
‫so that we will be ready to start our CTF.

5
00:00:12,510 --> 00:00:16,080
‫So I'm gonna run ifconfig and if you're on Windows,

6
00:00:16,080 --> 00:00:18,270
‫you're gonna run ipconfig.

7
00:00:18,270 --> 00:00:19,710
‫So remember this comment

8
00:00:19,710 --> 00:00:23,444
‫it shows us the current local IP that we have

9
00:00:23,444 --> 00:00:25,847
‫and we are gonna have to find it

10
00:00:25,847 --> 00:00:27,630
‫because we are going to use it.

11
00:00:27,630 --> 00:00:31,380
‫So mine is 192.168.121.

12
00:00:31,380 --> 00:00:32,820
‫So yours will be different.

13
00:00:32,820 --> 00:00:36,510
‫Just find yours by running ifconfig or ipconfig

14
00:00:36,510 --> 00:00:39,665
‫and then you can run Python app.py

15
00:00:39,665 --> 00:00:42,060
‫like we did in the previous lecture.

16
00:00:42,060 --> 00:00:44,910
‫Okay, so our app is running.

17
00:00:44,910 --> 00:00:46,350
‫Our server is running,

18
00:00:46,350 --> 00:00:50,277
‫and find the APK inside of this master folder

19
00:00:50,277 --> 00:00:52,477
‫and just drag it and drop it

20
00:00:52,477 --> 00:00:57,210
‫on the gain motion so that it will be installed like this.

21
00:00:57,210 --> 00:00:58,080
‫So here you go.

22
00:00:58,080 --> 00:01:01,620
‫Now it's installed and all you add to do is just come

23
00:01:01,620 --> 00:01:03,660
‫over here to preferences

24
00:01:03,660 --> 00:01:07,500
‫and just write the server IP and server port.

25
00:01:07,500 --> 00:01:08,940
‫So in our case,

26
00:01:08,940 --> 00:01:10,710
‫server IP is the local IP

27
00:01:10,710 --> 00:01:14,010
‫because we are running this on our local machine.

28
00:01:14,010 --> 00:01:18,900
‫So IP is 192.168.1.21 for me.

29
00:01:18,900 --> 00:01:22,410
‫So write your own IP and just hit submit

30
00:01:22,410 --> 00:01:26,700
‫and port is by default 8888 as you can see.

31
00:01:26,700 --> 00:01:29,160
‫So you don't have to change that.

32
00:01:29,160 --> 00:01:32,550
‫So over here you will see a usage guide.

33
00:01:32,550 --> 00:01:37,410
‫Okay, under the downloaded master folder.

34
00:01:37,410 --> 00:01:42,410
‫So as you can see, there is a username provided for us.

35
00:01:42,420 --> 00:01:44,610
‫We don't actually need that

36
00:01:44,610 --> 00:01:47,400
‫without even having this username.

37
00:01:47,400 --> 00:01:48,330
‫We can log

38
00:01:48,330 --> 00:01:51,990
‫into this application by exploiting some vulnerabilities

39
00:01:51,990 --> 00:01:54,390
‫but we are gonna see that later on.

40
00:01:54,390 --> 00:01:59,100
‫I'm going to write the password username that are given

41
00:01:59,100 --> 00:02:03,480
‫to us like this at one two thee dollar sign.

42
00:02:03,480 --> 00:02:06,120
‫Okay? Because the instructions,

43
00:02:06,120 --> 00:02:06,953
‫we need to

44
00:02:06,953 --> 00:02:10,440
‫follow the instructions first and then we can actually look

45
00:02:10,440 --> 00:02:12,390
‫for other vulnerabilities as well.

46
00:02:12,390 --> 00:02:15,690
‫So make sure you log in with this account

47
00:02:15,690 --> 00:02:18,210
‫or the other account that is given to us

48
00:02:18,210 --> 00:02:19,500
‫and here you go.

49
00:02:19,500 --> 00:02:22,110
‫Our app is working, as you can see,

50
00:02:22,110 --> 00:02:24,210
‫we got this log on the server.

51
00:02:24,210 --> 00:02:28,290
‫It says that correct credentials user is dinesh

52
00:02:28,290 --> 00:02:31,870
‫and we get to see the activities like this.

53
00:02:31,870 --> 00:02:32,730
‫For example,

54
00:02:32,730 --> 00:02:37,710
‫if I click over here we can see the account numbers.

55
00:02:37,710 --> 00:02:41,220
‫There is some amount to transfer over here and

56
00:02:41,220 --> 00:02:44,100
‫if we leave it blank, I believe it'll fail.

57
00:02:44,100 --> 00:02:46,230
‫Let me give some value like 10.

58
00:02:46,230 --> 00:02:48,660
‫Yeah, it says that transfer is successful,

59
00:02:48,660 --> 00:02:53,190
‫so it actually resembles a banking application.

60
00:02:53,190 --> 00:02:54,900
‫If I go to statements,

61
00:02:54,900 --> 00:02:58,247
‫it will show me the previous things that

62
00:02:58,247 --> 00:03:00,480
‫I have done over here.

63
00:03:00,480 --> 00:03:02,310
‫If I want to change the password

64
00:03:02,310 --> 00:03:05,220
‫I can come over here and try to change it.

65
00:03:05,220 --> 00:03:06,990
‫Okay, that's good.

66
00:03:06,990 --> 00:03:09,420
‫So maybe you can try to change your password

67
00:03:09,420 --> 00:03:12,480
‫like this in order to have a password to remember

68
00:03:12,480 --> 00:03:13,410
‫and here you go.

69
00:03:13,410 --> 00:03:16,470
‫It says that yeah you enter the password

70
00:03:16,470 --> 00:03:18,330
‫that is not complex enough

71
00:03:18,330 --> 00:03:20,940
‫like maybe you can try with other passwords as well.

72
00:03:20,940 --> 00:03:24,240
‫But as you can see it gives us some error

73
00:03:24,240 --> 00:03:27,631
‫and we are gonna see why is that the case,

74
00:03:27,631 --> 00:03:30,450
‫and I believe that's it.

75
00:03:30,450 --> 00:03:32,460
‫That's our application.

76
00:03:32,460 --> 00:03:34,620
‫Now it's time to find the vulnerabilities

77
00:03:34,620 --> 00:03:37,440
‫and it's time to find the exploits as well

78
00:03:37,440 --> 00:03:39,060
‫so that we can hack it.

79
00:03:39,060 --> 00:03:40,893
‫See you in next lecture.