1
00:00:00,390 --> 00:00:04,780
Let's cover a second example of using Hydra on our Web page.

2
00:00:05,430 --> 00:00:11,790
So in the previous video, we noticed that the tool can get a little bit harder with the syntax, with

3
00:00:11,790 --> 00:00:13,620
brute force to be warpage.

4
00:00:14,160 --> 00:00:17,300
And now we're going to go with the DV w a page.

5
00:00:18,090 --> 00:00:21,020
So we're already familiar with this login screen.

6
00:00:21,030 --> 00:00:25,480
We know that the username is admin and that the password is admin.

7
00:00:26,330 --> 00:00:33,140
But we want to see how we can get that username and password with the help, or of course, since this

8
00:00:33,140 --> 00:00:38,810
is something that we do for the educational purposes and we want to prove that it works, we will be

9
00:00:38,810 --> 00:00:44,480
adding the correct username and password in the users and in the passwords file.

10
00:00:45,110 --> 00:00:52,550
So in the users file from the previous video, we already have the admin username and in the password

11
00:00:52,550 --> 00:00:57,680
file we want to add the admin as a possibility right here.

12
00:00:58,100 --> 00:01:00,050
So let's add admin.

13
00:01:00,320 --> 00:01:06,920
And now once we craft our Hydra command, we should be able to get the correct credentials outputted

14
00:01:06,920 --> 00:01:07,460
for us.

15
00:01:08,210 --> 00:01:11,950
OK, time to craft a comment, which is the hard part of this talk.

16
00:01:13,010 --> 00:01:19,280
As we remember from the previous video, the first thing that we do is we specify the IP address of

17
00:01:19,280 --> 00:01:20,720
the target that we want to scan.

18
00:01:21,810 --> 00:01:27,970
Once we do that, we determine whether the credentials are being submitted with post request or with

19
00:01:27,990 --> 00:01:33,810
get request to do that, we can go to the page and go on page source.

20
00:01:35,090 --> 00:01:41,450
Then once again, we want to find the form where the usernames and passwords are being submitted, and

21
00:01:41,450 --> 00:01:45,200
here we will see that it is once again a post request.

22
00:01:45,920 --> 00:01:51,920
OK, so we're using HTP form that post.

23
00:01:52,880 --> 00:01:56,520
After we specified this, we open double quotes.

24
00:01:56,780 --> 00:02:03,390
Now comes the hard part, we need to specify first the path to the page that we want to put forth.

25
00:02:03,920 --> 00:02:11,690
So let's type in incorrect credentials, click on login and we get this path.

26
00:02:11,720 --> 00:02:15,050
So, Steve, w a log in DOT.

27
00:02:16,130 --> 00:02:17,210
Let's copy it.

28
00:02:18,050 --> 00:02:24,990
And let's face it right here, this is our first parameter inside double quotes the path to the page.

29
00:02:25,670 --> 00:02:31,880
Now comes the name of the username field, the name of the password field and the bottom name, as well

30
00:02:31,880 --> 00:02:33,320
as what to do with the bot.

31
00:02:34,040 --> 00:02:41,900
So once again, go back to the page source and find the code where the user name field is being labeled.

32
00:02:42,620 --> 00:02:43,430
Here it is.

33
00:02:43,880 --> 00:02:51,440
If we take a look right here, the name of the user name field is simply username, so we will type

34
00:02:51,440 --> 00:03:00,990
that in username equals then we type URL user Pereiro and then decide to separate it from the password.

35
00:03:01,670 --> 00:03:03,670
Now we want to find the password field.

36
00:03:03,980 --> 00:03:09,140
Here it is right below the username field and the name for it is password.

37
00:03:09,650 --> 00:03:14,090
So let's type that thing inside of our comment type.

38
00:03:14,240 --> 00:03:17,990
Password equals Upper Arrow Pass Popper.

39
00:03:19,030 --> 00:03:20,030
OK, awesome.

40
00:03:20,600 --> 00:03:27,320
And last part which we once again separate put this sign is the button itself.

41
00:03:28,010 --> 00:03:31,370
Let's go all the way down and here it's the button.

42
00:03:32,090 --> 00:03:37,250
The name of the bottom is login and we submit it right here.

43
00:03:37,940 --> 00:03:43,910
So we're going to specify that as login equals submit.

44
00:03:45,050 --> 00:03:50,150
And this will once again tell our Hydra command to submit the username and password once it types them

45
00:03:50,150 --> 00:03:50,330
in.

46
00:03:51,460 --> 00:03:59,950
And at the end, we have a third option for our double quotes parameter, which is going to be the incorrect

47
00:03:59,950 --> 00:04:06,140
message that we get for incorrect credentials since we typed in test and test his username and password.

48
00:04:06,670 --> 00:04:10,290
We got this message down here that says log in failed.

49
00:04:10,870 --> 00:04:18,940
So let's call it straight away and let's add it to the end of our comment based clipboard and close

50
00:04:18,940 --> 00:04:19,820
the double quotes.

51
00:04:20,380 --> 00:04:25,630
This should be enough for Hydra to be able to brute force the pitch and also determine which credentials

52
00:04:25,630 --> 00:04:27,580
are correct and which are not.

53
00:04:28,210 --> 00:04:28,990
At the end.

54
00:04:29,350 --> 00:04:36,490
All were left to do is specify capital for the users and capital P for the passwords list.

55
00:04:36,970 --> 00:04:38,410
And this is our entire command.

56
00:04:38,900 --> 00:04:39,880
Let's give it a try.

57
00:04:39,940 --> 00:04:47,470
If we run it, give it a couple seconds and it finishes the brute force once again in around one second

58
00:04:47,590 --> 00:04:47,940
time.

59
00:04:48,840 --> 00:04:54,600
We get the correct credentials right here, which are admin and admin, so we successfully brought forth

60
00:04:54,600 --> 00:04:58,440
this page and if we want to, we can log in right here.

61
00:05:00,440 --> 00:05:01,730
So we covered Hydra.

62
00:05:02,570 --> 00:05:08,570
Now we are officially done with the brute force part of this course, but in the next video, I also

63
00:05:08,570 --> 00:05:14,060
want to show you another possibility with Hydra that you can use besides brute forcing different Web

64
00:05:14,060 --> 00:05:21,200
pages, it will be a short video and you might find it useful in your penetration tests nonetheless.

65
00:05:21,560 --> 00:05:23,900
Thank you for watching and we'll see in the next lecture.