1
00:00:00,690 --> 00:00:08,970
OK, the last task for us for this section is something called session fixation, and we got a pretty

2
00:00:08,970 --> 00:00:16,500
good example of it inside of our Web application to navigate to it, make sure that you go to session

3
00:00:16,590 --> 00:00:21,380
management floss and under here you want to click on Session Fixation.

4
00:00:21,870 --> 00:00:23,730
And here is our challenge.

5
00:00:23,730 --> 00:00:26,280
So let's see what set we got.

6
00:00:26,280 --> 00:00:33,180
Stage one, your hacker, Joe, and you want to steal the session from Jane, send a prepared email

7
00:00:33,330 --> 00:00:36,990
to the victim, which looks like an official email from the bank.

8
00:00:37,440 --> 00:00:39,660
A template message is prepared below.

9
00:00:39,840 --> 00:00:48,570
You will need to add a session ID or shortened city in the link inside email altered link to include

10
00:00:48,570 --> 00:00:49,770
a session ID.

11
00:00:50,610 --> 00:00:55,100
OK, and we already mentioned or talked briefly about session fixation.

12
00:00:55,410 --> 00:01:03,270
It's simple as predetermining a session ID for someone then that someone could expand our link with

13
00:01:03,270 --> 00:01:04,860
a predetermined session ID.

14
00:01:05,160 --> 00:01:10,830
They log into their account and we can access their account because we do know their session ID and

15
00:01:10,830 --> 00:01:12,740
this is an example of how we can do it.

16
00:01:13,410 --> 00:01:14,600
Let's see what we need to do.

17
00:01:14,820 --> 00:01:19,560
So here is an email and in this email we have this sentence right here.

18
00:01:19,980 --> 00:01:23,670
Please use the following link to verify your account data.

19
00:01:24,540 --> 00:01:32,340
And here we have the link, which is in the statement, so a traffic equals webisodes slash attack and

20
00:01:32,340 --> 00:01:33,520
here are some parameters.

21
00:01:34,080 --> 00:01:38,230
Now, the first thing that I noticed is that this Web code is written incorrectly.

22
00:01:38,260 --> 00:01:43,140
We need to type capital W and capital G the same way that we have it right here.

23
00:01:44,620 --> 00:01:51,140
The second thing that is more important is us adding a session and a session.

24
00:01:51,160 --> 00:01:53,130
It is simply a link parameter.

25
00:01:53,290 --> 00:01:58,770
So we already see some link parameters and they're divided by this character right here.

26
00:01:59,290 --> 00:02:05,470
So all we need to do is to copy that same character and add another parameter at the end.

27
00:02:06,470 --> 00:02:07,320
Let's control.

28
00:02:07,340 --> 00:02:14,900
We need to add this character and then add our side parameter by typing as equals, and here we can

29
00:02:14,900 --> 00:02:17,160
pretty much type any session ID that we want.

30
00:02:17,180 --> 00:02:19,240
For example, let's go with Phi Phi Phi.

31
00:02:19,790 --> 00:02:22,190
This is the session ID that I've chosen.

32
00:02:22,520 --> 00:02:26,390
So now our altered link looks something like this.

33
00:02:27,140 --> 00:02:34,670
We have redcoat slash attack and then these three parameters, which our last one will be the session

34
00:02:34,670 --> 00:02:35,000
ID.

35
00:02:36,210 --> 00:02:40,530
Now, we as a hacker are sending this email to the victim.

36
00:02:41,250 --> 00:02:42,600
Let's send the email.

37
00:02:43,590 --> 00:02:45,850
And we completed stage right now.

38
00:02:45,870 --> 00:02:48,880
Stage two is now you are the victim.

39
00:02:48,900 --> 00:02:50,790
Jane, who received the email below.

40
00:02:51,030 --> 00:02:52,710
OK, so now we're acting like Jane.

41
00:02:53,280 --> 00:02:58,110
If you point on the link with your mouth, you will see that there is an essay included.

42
00:02:58,590 --> 00:03:00,270
Click on it to see what happens.

43
00:03:01,350 --> 00:03:07,320
OK, so let's pretend that this is the email that we got and here's the link that we altered, let's

44
00:03:07,320 --> 00:03:13,660
say that the victim clicks on this link and it leads it to a page where they can log in now here.

45
00:03:13,710 --> 00:03:19,410
Luckily, we got our username and password for the victim, which the username and password is.

46
00:03:20,310 --> 00:03:22,390
So let's type that in right here.

47
00:03:22,410 --> 00:03:27,030
These are the correct credentials that, of course, the hacker wouldn't know.

48
00:03:27,300 --> 00:03:30,840
But we're acting as both the hacker and the victim in this challenge.

49
00:03:31,170 --> 00:03:32,370
And let's log in.

50
00:03:33,180 --> 00:03:35,000
And we've completed stage three.

51
00:03:35,460 --> 00:03:40,610
It is time to steal the sessional use following link to reach goatherds financial.

52
00:03:40,950 --> 00:03:42,740
OK, so in this challenge, we're hackers.

53
00:03:43,590 --> 00:03:48,150
And if we go to the link now, we need to log in to the session.

54
00:03:48,360 --> 00:03:51,750
But we as a hacker don't really know the correct credentials.

55
00:03:51,750 --> 00:03:58,200
So we can type anything right here and see what type of link do we get just by looking at this link

56
00:03:58,200 --> 00:03:58,600
right here.

57
00:03:58,620 --> 00:04:04,070
We already see that there is a section I.D. parameter within the link that says no valid section.

58
00:04:04,890 --> 00:04:05,790
Let's give it a try.

59
00:04:05,820 --> 00:04:15,130
I'm going to go right here and turn on my intercept and I'm going to type in test as username and test

60
00:04:15,150 --> 00:04:17,010
as password, which is, of course, incorrect.

61
00:04:17,010 --> 00:04:19,890
But all we want to do is to intercept this request.

62
00:04:20,610 --> 00:04:21,300
Right now.

63
00:04:21,690 --> 00:04:28,230
We want to change this session ID to the number that we sent to the victim, which in our case or in

64
00:04:28,230 --> 00:04:30,140
my case is five five five.

65
00:04:30,690 --> 00:04:32,490
We don't need to alter anything else.

66
00:04:32,490 --> 00:04:34,230
We can leave the incorrect details.

67
00:04:34,410 --> 00:04:38,160
And if we forward this packet, go back.

68
00:04:38,610 --> 00:04:45,330
We have successfully logged in as Jane Giesbert changing the session ID that we sent to the victim over

69
00:04:45,330 --> 00:04:46,050
that email.

70
00:04:46,530 --> 00:04:49,710
And that is the end of the challenge as it says.

71
00:04:49,710 --> 00:04:52,320
Congratulations, you have completed this lesson.

72
00:04:53,170 --> 00:04:54,000
OK, awesome.

73
00:04:54,450 --> 00:04:58,590
We have covered some of the basic attacks over broken authentication.

74
00:04:58,830 --> 00:05:04,260
And in the next section, we will continue just with different types of the attacks that we call brute

75
00:05:04,260 --> 00:05:04,980
force attacks.

76
00:05:05,460 --> 00:05:08,910
Nonetheless, thank you for watching and I will see in the next lecture.