1 00:00:00,920 --> 00:00:01,630 Welcome back. 2 00:00:02,300 --> 00:00:05,030 Let's discuss security, misconfiguration. 3 00:00:05,970 --> 00:00:11,490 Now, in this lecture, we're going to check out default credentials, vulnerability. 4 00:00:12,300 --> 00:00:15,980 Now you might be asking, well, didn't we already do that? 5 00:00:15,990 --> 00:00:23,460 And isn't this something that belongs to broken authentication or brute force attacks or something like 6 00:00:23,460 --> 00:00:23,730 that? 7 00:00:24,480 --> 00:00:26,390 Well, it's a little bit different. 8 00:00:26,730 --> 00:00:32,640 We covered guessing the full credentials and brute forcing pages of client profiles. 9 00:00:33,150 --> 00:00:39,750 Now we want to take a look at the full credentials, vulnerability for an application that is implemented 10 00:00:39,750 --> 00:00:40,660 in the Web page. 11 00:00:41,160 --> 00:00:46,850 So this is not a user account on a Web page or something like that, which a user sets up. 12 00:00:47,160 --> 00:00:53,190 This is something that the server owner and the Web page owner sets up once using an application within 13 00:00:53,190 --> 00:00:53,890 a Web page. 14 00:00:54,690 --> 00:01:00,330 So we have a simple example right here in our own ASP top10 on our tri hack. 15 00:01:00,330 --> 00:01:03,510 We challenge and we're just going to cover it in this video. 16 00:01:03,750 --> 00:01:09,030 And then we will move on to a different vulnerability, because this is once again GE's default credentials, 17 00:01:09,030 --> 00:01:09,620 vulnerability. 18 00:01:09,630 --> 00:01:11,430 It's rather easy to perform. 19 00:01:11,850 --> 00:01:16,150 All you need to do is try to find the default credentials for a certain application. 20 00:01:16,830 --> 00:01:19,650 Nonetheless, let's go all the way down. 21 00:01:19,650 --> 00:01:25,650 And here it is, task number 19, which is security misconfiguration. 22 00:01:25,860 --> 00:01:28,560 Now, let's start our machine straight straightaway. 23 00:01:28,860 --> 00:01:32,040 And if you'd like, you can go and read through all of this. 24 00:01:32,400 --> 00:01:39,060 We also see that it does mention default passwords as one of the security configurations, whether it's 25 00:01:39,060 --> 00:01:45,990 once again from the user's perspective or from the servers perspective in both ways, there shouldn't 26 00:01:45,990 --> 00:01:48,880 be any default credentials on the Web page. 27 00:01:49,350 --> 00:01:54,510 However, this is something that developers are responsible for because they didn't really change the 28 00:01:54,510 --> 00:02:00,570 default credentials on the application that they hosted on their website and that anyone can access 29 00:02:00,570 --> 00:02:00,780 to. 30 00:02:01,960 --> 00:02:08,620 While our machine is starting, let's read through our challenge, this film showcases a security misconfiguration, 31 00:02:09,250 --> 00:02:13,220 deployed PVM and Hacken by exploiting the security misconfiguration. 32 00:02:13,630 --> 00:02:16,590 OK, so they didn't really tell us anything important. 33 00:02:17,200 --> 00:02:21,040 All they said is to deploy the VMS and find the flak. 34 00:02:21,700 --> 00:02:25,210 Let's wait for a couple more seconds for our VM to start. 35 00:02:25,750 --> 00:02:30,340 And once we get our IP address, let's hope it go right here and. 36 00:02:33,140 --> 00:02:40,760 OK, so this is the application that it opens, we have a login screen, we have swap theme which doesn't 37 00:02:40,760 --> 00:02:43,700 really do anything, and we have changed password. 38 00:02:44,970 --> 00:02:51,570 If you take a look right here, we also have this sign that says pensive notes and it tells us down 39 00:02:51,570 --> 00:02:56,490 here pensive notes and not taking up for people who like to think about their notes. 40 00:02:56,960 --> 00:02:58,650 So we already know this is an app. 41 00:02:59,310 --> 00:03:02,430 Let's try to perhaps Google it. 42 00:03:03,270 --> 00:03:05,790 We go pensive notes inside of our Google. 43 00:03:08,080 --> 00:03:14,470 And the first thing that we see is a GitHub project that is called Pensiveness, let's click on that. 44 00:03:15,640 --> 00:03:21,400 And we get the same message that we got on our Web application, pensive note is a note taking app for 45 00:03:21,400 --> 00:03:25,810 those who want to think and reflect about what they write later on. 46 00:03:26,620 --> 00:03:28,100 So we are on good place. 47 00:03:28,120 --> 00:03:29,550 This is the app we are looking for. 48 00:03:30,100 --> 00:03:36,470 If we go to information and installation down here, we will find this sentence. 49 00:03:36,490 --> 00:03:42,940 This is after downloading and compiling pensive notes log in using the default credentials, pensive 50 00:03:42,940 --> 00:03:44,330 and pensive notes. 51 00:03:45,040 --> 00:03:46,710 So we found default credentials. 52 00:03:46,770 --> 00:03:54,640 Let's see whether they work on our application if we type pencil and then pensive notes. 53 00:03:58,040 --> 00:04:03,470 Well, it does have the credentials and we get our flag right here. 54 00:04:04,540 --> 00:04:10,720 So this is another security risk that could happen once our website is using some type of an application 55 00:04:10,720 --> 00:04:19,360 that has logged in for this can also happen on something like TOMCATS, on IP and all of the other services 56 00:04:19,360 --> 00:04:22,240 that website can have nonetheless. 57 00:04:22,570 --> 00:04:28,000 I just wanted to mention this is another possible vulnerability and that it differs a little bit from 58 00:04:28,000 --> 00:04:31,480 regular default credentials that the user on a Web page can have. 59 00:04:31,960 --> 00:04:37,430 And now that we're done with this, we can move to the next vulnerability, which is called access. 60 00:04:38,260 --> 00:04:40,430 Thank you for watching and we'll see you in the next lecture.