1
00:00:00,550 --> 00:00:09,070
Now it's time to create our look in brute force, OK, for the application right now.

2
00:00:09,280 --> 00:00:14,830
Actually, I already uploaded this file, which is the brute force that bite so you can download it

3
00:00:14,830 --> 00:00:19,150
and writing the code step by step or tracing the code step by step.

4
00:00:19,540 --> 00:00:25,000
And already I have this file, which is RockYou that text.

5
00:00:25,240 --> 00:00:29,030
And actually this is the file, as you can see, it is here.

6
00:00:29,380 --> 00:00:37,030
So this is the file, the same fight as the Linux file, which is which contains a lot of text file.

7
00:00:37,030 --> 00:00:43,090
So Vacanti here, it will take a lot of time, as you can see, still bending as you can see it.

8
00:00:43,210 --> 00:00:43,900
Copy that.

9
00:00:44,200 --> 00:00:49,770
So it's if I get here, dude, this is to see the size of the file.

10
00:00:49,780 --> 00:00:52,750
You can see it is one hundred and forty four megabyte.

11
00:00:53,200 --> 00:00:56,830
And by the way, I already uploaded that for you if you want to use it.

12
00:00:57,890 --> 00:01:02,480
This is a huge wordlist, and by the way, if you have Kelly, you can find it.

13
00:01:02,780 --> 00:01:06,210
It's OK, but if you don't have it, you can download it and start with me.

14
00:01:06,440 --> 00:01:15,020
And by the way, I will use this you the text as a wordlist so we can check and check the users or the

15
00:01:15,020 --> 00:01:15,280
bus.

16
00:01:15,290 --> 00:01:17,780
What I mean for this specific user that we provide.

17
00:01:17,990 --> 00:01:19,980
Don't worry, we will handle that right away.

18
00:01:20,210 --> 00:01:21,200
But for me for now.

19
00:01:21,410 --> 00:01:28,130
OK, now but again, please don't use this to attack people to damage systems and so on.

20
00:01:28,190 --> 00:01:29,240
OK, I want you.

21
00:01:29,390 --> 00:01:31,210
I'm not responsible for anything of that.

22
00:01:31,250 --> 00:01:37,730
OK, please use it for you as a white hacker to have a career, to have a job, to defend people and

23
00:01:37,730 --> 00:01:38,060
so on.

24
00:01:38,270 --> 00:01:40,070
OK, now let's start.

25
00:01:40,880 --> 00:01:43,890
So this is the first thing which is that important.

26
00:01:44,150 --> 00:01:46,580
We already talked about this in the previous section.

27
00:01:46,910 --> 00:01:47,810
Now here I.

28
00:01:47,810 --> 00:01:52,500
I'm using something new, which is color and it is no big deal.

29
00:01:52,520 --> 00:01:58,050
Actually, it is just print cut out for a specific text or something, because as you can see from color,

30
00:01:58,070 --> 00:02:00,150
we imported colors here.

31
00:02:00,170 --> 00:02:05,570
So the colored function, as you can see, this found username or password will be printed as a green.

32
00:02:05,750 --> 00:02:08,610
And you can see that where it is.

33
00:02:08,630 --> 00:02:09,830
Yeah, yeah.

34
00:02:09,830 --> 00:02:10,790
You can see that here.

35
00:02:10,790 --> 00:02:13,440
The trying with the best will it will be printed as written.

36
00:02:13,500 --> 00:02:16,610
What we would like when we handed that right away step by step.

37
00:02:16,790 --> 00:02:22,530
But for now these are used just for coloring the text.

38
00:02:22,760 --> 00:02:26,890
OK, just to give you the vibe of a hacker or something anyway.

39
00:02:27,260 --> 00:02:27,860
No big deal.

40
00:02:28,070 --> 00:02:28,550
All right.

41
00:02:29,000 --> 00:02:30,900
So now let's have this.

42
00:02:30,950 --> 00:02:32,140
This is the first thing you are.

43
00:02:32,450 --> 00:02:35,660
This is a barrier between what these bejewelled.

44
00:02:35,810 --> 00:02:40,940
So you so the beautiful you are right here that you want to try and brute force on it.

45
00:02:41,190 --> 00:02:43,550
OK, now we have the user name here.

46
00:02:44,000 --> 00:02:46,420
Please enter the user name for the brute force.

47
00:02:46,430 --> 00:02:50,760
So you are using user route admin user one, whatever.

48
00:02:50,780 --> 00:02:52,310
OK, so it depends on you.

49
00:02:52,880 --> 00:02:56,600
And by the way, we can have a list this for this as well.

50
00:02:56,810 --> 00:02:58,930
But actually it is, it would be exponential.

51
00:02:58,940 --> 00:03:02,360
So it will take a it will take forever anyway.

52
00:03:02,360 --> 00:03:05,000
But we are assuming that we know the user.

53
00:03:05,240 --> 00:03:06,990
So that's why they use them.

54
00:03:07,080 --> 00:03:13,360
OK, now here we have the buzzword file and here you can see in the five to use.

55
00:03:13,370 --> 00:03:15,520
So you put the name of the file.

56
00:03:15,530 --> 00:03:22,510
But by the way, which is the RockYou, the text, this is the text file or the word file that has all

57
00:03:22,520 --> 00:03:23,570
the passwords inside it.

58
00:03:23,930 --> 00:03:29,090
And you can see that they are in the same division as the post posted by which is the program we are

59
00:03:29,270 --> 00:03:31,550
writing or we are interpreting.

60
00:03:32,030 --> 00:03:37,540
OK, now finally we have this variable, which is the login string.

61
00:03:37,640 --> 00:03:41,900
So here you can see that please enter a string that occurs when logging fits.

62
00:03:42,050 --> 00:03:47,960
So when you type root and with the password taught, for example, which is the inverse of root, it

63
00:03:47,960 --> 00:03:53,320
will give you login failed or an invalid credential or access denied or something like that.

64
00:03:53,420 --> 00:03:59,350
So you need to know that the target machine, what will give you when you watch it?

65
00:03:59,840 --> 00:04:02,880
OK, don't worry, we will handle all of that in this picture.

66
00:04:03,140 --> 00:04:07,050
So just follow me for now and we will reach that level.

67
00:04:07,920 --> 00:04:11,180
OK, now we have this function, which is the diff cracking.

68
00:04:11,390 --> 00:04:15,320
But before I go into it, actually, this is the main logic of the forcing.

69
00:04:15,560 --> 00:04:19,500
Before I go through it, I want to check here or I want to have a look here.

70
00:04:19,820 --> 00:04:27,660
So to understand this more so you can see here, actually this will be executed before or interpreted,

71
00:04:27,660 --> 00:04:34,250
let's say, before that cracking because we call the cracking from here and wait for me for now so you

72
00:04:34,250 --> 00:04:41,570
can see that you with open and here you can see that we are using the width and as statement.

73
00:04:41,600 --> 00:04:48,350
OK, so with this function, which is open Basswood fight the fight we opened for the Basswood, as

74
00:04:48,350 --> 00:04:49,760
you can see, which is this one.

75
00:04:50,680 --> 00:04:58,780
And as I read more so with that as a basswood, so which means that everything you opened here as read

76
00:04:58,930 --> 00:05:05,680
or all the best words that you have it here, open it as a buzzer to you so in there and we will start

77
00:05:05,890 --> 00:05:07,090
that right away.

78
00:05:07,150 --> 00:05:14,230
OK, so after that, you can see that we have a code in here with this w this inside that inside there

79
00:05:14,260 --> 00:05:15,640
with s statement.

80
00:05:15,850 --> 00:05:22,350
We are calling the cracking function OK, which is cracking the username that we insert here.

81
00:05:23,050 --> 00:05:25,510
We assuming it is user admin root whatever.

82
00:05:26,490 --> 00:05:31,180
And with the Warrell, which is they are we put here interbody, you are OK.

83
00:05:31,350 --> 00:05:38,000
So we are calling the cracking function with these arguments on these various bits that we thought here

84
00:05:38,490 --> 00:05:45,810
and using that with as statement by doing with open this file, which is the buzzword file as readable

85
00:05:45,990 --> 00:05:47,190
and as a buzzword.

86
00:05:47,820 --> 00:05:49,030
Make it as a buzzword.

87
00:05:49,070 --> 00:05:49,460
OK.

88
00:05:50,270 --> 00:05:59,280
OK, now actually after we use that with s statement and we call the cracking function, so now it is

89
00:05:59,280 --> 00:06:03,460
time to hand it the cracking function so you can see that we define a cracking function.

90
00:06:03,690 --> 00:06:06,060
This is the first parameter, by the way.

91
00:06:06,060 --> 00:06:07,290
I'm using username here.

92
00:06:07,470 --> 00:06:09,690
By the way, this is not the same variable.

93
00:06:09,750 --> 00:06:14,030
This is only for the scope of the tracking, not for this one.

94
00:06:14,280 --> 00:06:16,410
Don't don't get confused, please.

95
00:06:16,630 --> 00:06:19,230
OK, and the warrant here is not the same for this.

96
00:06:19,230 --> 00:06:22,160
You are I mean, as a variable, not as a value.

97
00:06:22,170 --> 00:06:22,430
Yeah.

98
00:06:22,440 --> 00:06:28,440
By the way, because we are basing this username as which is this one, as you can see, this variable

99
00:06:29,010 --> 00:06:34,920
that we are passing to the cracking function here, but we defined the name here is user name, by the

100
00:06:34,920 --> 00:06:35,040
way.

101
00:06:35,040 --> 00:06:42,570
I can put username to OK and user and you are to and I need to change the necessity here inside this

102
00:06:42,570 --> 00:06:48,780
function, OK, because this is username or this variable is not the same as this from the direct point

103
00:06:48,780 --> 00:06:50,200
to the same address.

104
00:06:50,220 --> 00:06:58,440
OK, anyway, for now, just for me it's listed as is which is username and you are in now here we have

105
00:06:58,440 --> 00:07:00,510
that for password and passwords.

106
00:07:00,700 --> 00:07:06,090
OK, now we already talked about the false statement and by the way, we are using the passwords that

107
00:07:06,090 --> 00:07:11,040
we use it with the open password but read as a password.

108
00:07:11,070 --> 00:07:12,180
All right, good.

109
00:07:12,660 --> 00:07:16,020
Now we are handling the best words one by one.

110
00:07:16,020 --> 00:07:22,650
So you can see that we open this password file, that they are OK for you file and you can see it is

111
00:07:23,040 --> 00:07:23,310
better.

112
00:07:23,310 --> 00:07:23,960
Huge, fine.

113
00:07:23,970 --> 00:07:28,310
So if I catch it here, you can see I'm still still printing.

114
00:07:28,330 --> 00:07:28,670
Yeah.

115
00:07:29,070 --> 00:07:29,990
So I interrupted.

116
00:07:30,630 --> 00:07:37,620
Alright, so you can see that it will start using this password one by one so and all of that will be

117
00:07:37,620 --> 00:07:39,370
inside the for loop which is this one.

118
00:07:39,390 --> 00:07:45,090
OK, so it will start with, with this one for example, until it reach or complete or whatever.

119
00:07:45,090 --> 00:07:46,200
It will start with this one.

120
00:07:46,200 --> 00:07:46,710
This one.

121
00:07:46,710 --> 00:07:50,560
This one until we got what we want or anyway we we handed that right away.

122
00:07:50,850 --> 00:07:55,860
So here we have after the first statement, which is the password, the password.

123
00:07:55,860 --> 00:07:58,500
Now it would be best for touchup again.

124
00:07:58,500 --> 00:08:03,200
We already saw that in the previous section as we don't need white spaces or whatever.

125
00:08:03,210 --> 00:08:05,160
So we are using this one.

126
00:08:05,460 --> 00:08:10,770
OK, now, Brent, now, as you can see now, we are using that colored function here that I mentioned,

127
00:08:10,770 --> 00:08:12,810
which is using the term library.

128
00:08:13,050 --> 00:08:16,500
So Sokolove by actually actually this is a function except a table.

129
00:08:16,830 --> 00:08:22,740
And with that first thing, which is, as you can see, the first thing and the second thing, which

130
00:08:22,740 --> 00:08:22,950
is.

131
00:08:23,980 --> 00:08:30,010
As you can see, so the first thing which is trying with the Basswood and the other thing, which is

132
00:08:30,010 --> 00:08:31,880
that cut out of this text, which is.

133
00:08:32,290 --> 00:08:33,610
All right, don't worry.

134
00:08:33,670 --> 00:08:35,760
We will handle that as hands on right away.

135
00:08:36,040 --> 00:08:39,640
But currently, let's understand the code first, then we can try it at.

136
00:08:40,490 --> 00:08:45,770
All right, so we just printing trying with the Basswood, which is we have it here after we strip it

137
00:08:46,460 --> 00:08:47,670
and we have it Azerrad.

138
00:08:47,750 --> 00:08:54,080
So this detail that we are trying this bastard currently so we don't need something or utility.

139
00:08:54,860 --> 00:09:00,800
So to give me a black screen and it is still rendering, we don't know the progress about it.

140
00:09:01,040 --> 00:09:06,450
No, we need to know where are we currently, what is the best work that we are currently trying on

141
00:09:06,500 --> 00:09:07,070
and so on.

142
00:09:07,130 --> 00:09:09,290
So that's why we are printing, trying on this.

143
00:09:09,330 --> 00:09:14,900
Bestway so now we have data and this is a variable inside that you can see that we have these things

144
00:09:15,080 --> 00:09:21,470
and you can see that the username with username, the password is password as a dictionary if you noticed,

145
00:09:21,710 --> 00:09:29,900
and the login as a login or the log in here is as a submit, OK, because here this is used for that

146
00:09:29,960 --> 00:09:35,710
login button when when we put the user name and when we put the password and so on.

147
00:09:35,900 --> 00:09:38,420
And you can see that the user name here is the user name.

148
00:09:38,420 --> 00:09:40,130
We have it here actually.

149
00:09:40,850 --> 00:09:42,350
We got it from the user name.

150
00:09:42,740 --> 00:09:44,870
And the best word here is the password.

151
00:09:44,900 --> 00:09:46,430
We got it after we strip it.

152
00:09:46,440 --> 00:09:47,630
OK, all right.

153
00:09:47,780 --> 00:09:53,110
Now you may get confused, but for me in the next step, we will understand actually in the next line.

154
00:09:53,420 --> 00:10:00,320
So here you can see we have a response variable and we are using the request post this time, OK, we

155
00:10:00,320 --> 00:10:06,050
don't use the gate and we have that you are in, which is the right way inserted here, which is this

156
00:10:06,050 --> 00:10:06,920
you are, by the way.

157
00:10:07,070 --> 00:10:07,460
Yeah.

158
00:10:07,790 --> 00:10:09,320
And data equals data.

159
00:10:09,320 --> 00:10:15,440
So the data here, this is used for the post function and the data at this time would be this data,

160
00:10:15,440 --> 00:10:17,270
which is this one that we have.

161
00:10:17,450 --> 00:10:23,600
That includes the username, as you can see, which is the username, the buzzword, which is the password

162
00:10:23,870 --> 00:10:24,800
after we serve it.

163
00:10:24,920 --> 00:10:28,370
And then again, which is submit, OK, because this is a post request.

164
00:10:29,400 --> 00:10:34,470
Now, you may get confused or you don't know what we are talking about, but don't worry, when we try

165
00:10:34,470 --> 00:10:36,750
this court, you would understand everything, OK?

166
00:10:37,350 --> 00:10:42,140
Now, if this Logan fence drink in various points, that to good.

167
00:10:42,390 --> 00:10:47,610
And you can see that the response here, which is this one after we got it from the requested post.

168
00:10:47,940 --> 00:10:51,330
So the response that content that the code.

169
00:10:51,870 --> 00:10:59,190
So if we find the look in felt string that we entered here, that when that occurs, when we login fails,

170
00:11:00,030 --> 00:11:05,430
which means that we need to pass, which means that that this didn't work or else which means that,

171
00:11:05,430 --> 00:11:07,380
yeah, we found that we didn't find it.

172
00:11:07,560 --> 00:11:13,050
We didn't found that Logan for string, which means that yeah, we connect successfully, which means

173
00:11:13,290 --> 00:11:16,170
this time we need to break with the current function.

174
00:11:16,310 --> 00:11:16,610
Yeah.

175
00:11:16,640 --> 00:11:22,410
Found this username and we would with the username we found with a screen this time that that is added.

176
00:11:22,680 --> 00:11:28,770
And yet Brint found the password and again, the password we have here after we distribute it out.

177
00:11:29,400 --> 00:11:29,700
Yeah.

178
00:11:29,730 --> 00:11:30,690
As a green as well.

179
00:11:30,690 --> 00:11:32,870
And let's exit from this function.

180
00:11:32,880 --> 00:11:38,220
So as we don't need as you can see, this is an infinite loop, or maybe it's not an infinite, but

181
00:11:38,220 --> 00:11:46,530
it is a very huge actually, it is the same as the number of lines here inside this that this fight,

182
00:11:46,710 --> 00:11:47,870
which is the rockyou.

183
00:11:47,880 --> 00:11:54,990
So if I use this command, which is the word count nacelle, so this is to count the lines inside the

184
00:11:54,990 --> 00:11:59,940
robot you takes, you can see that we have a huge number of action.

185
00:11:59,960 --> 00:12:01,590
You can see there's a huge number of lines.

186
00:12:02,130 --> 00:12:04,050
So we will wait until that.

187
00:12:04,080 --> 00:12:05,400
This doesn't make sense.

188
00:12:05,580 --> 00:12:11,550
If we find the password and the username or the password for this username, then we are good to go.

189
00:12:11,730 --> 00:12:13,840
We don't need the other things right.

190
00:12:14,010 --> 00:12:17,910
OK, now imagine or let's assume that we didn't found anything.

191
00:12:17,910 --> 00:12:24,660
We still inside the bass bass bass until we reach the last command or the last password in this file,

192
00:12:24,660 --> 00:12:26,280
which is which is this number.

193
00:12:26,460 --> 00:12:34,560
OK, so after we finished the Q the text file and still we didn't find the password, it will get out

194
00:12:34,560 --> 00:12:38,760
from this tracking function and it will print password, not in the list.

195
00:12:38,790 --> 00:12:42,330
OK, so that's why we what the exit function here.

196
00:12:42,480 --> 00:12:47,610
So this exit function, it will exit from the current brute force, that python, which is this one.

197
00:12:47,740 --> 00:12:50,400
OK, so if we find it it will exit.

198
00:12:50,760 --> 00:12:57,480
If we didn't find it, it will still keep this until we get out from this cracking function and then

199
00:12:57,480 --> 00:12:59,070
we will print this password.

200
00:12:59,070 --> 00:13:00,390
Not in the least, by the way.

201
00:13:00,420 --> 00:13:01,770
This is my logic.

202
00:13:01,780 --> 00:13:03,360
You can use your own logic.

203
00:13:03,390 --> 00:13:07,560
Actually, there are a lot of critics out to do that and to do such as things.

204
00:13:07,790 --> 00:13:08,960
You need to try this out.

205
00:13:08,970 --> 00:13:13,350
Actually, it's getting boring here, so it's time to do this.

206
00:13:13,650 --> 00:13:15,000
So, yeah, by three.

207
00:13:15,420 --> 00:13:18,780
So brute force to try and enter.

208
00:13:19,050 --> 00:13:20,650
Please enter the orbit of the wall.

209
00:13:20,700 --> 00:13:26,850
By the way, I recommend you to download and install the meters plot of it, which is the ultimate machine.

210
00:13:26,850 --> 00:13:33,270
And here you can see that we have this thing, which is the DPW or the Web application.

211
00:13:33,270 --> 00:13:34,920
And actually this is something very popular.

212
00:13:35,370 --> 00:13:40,170
That is your Web application and so on to test your skills on hacking the.

213
00:13:40,860 --> 00:13:43,160
So actually, this is very good for the username.

214
00:13:43,350 --> 00:13:46,110
We have this one, anything and the password, anything.

215
00:13:46,260 --> 00:13:48,260
So you can see that we have a login fit.

216
00:13:48,270 --> 00:13:48,690
All right.

217
00:13:48,840 --> 00:13:49,770
Now let's return here.

218
00:13:49,950 --> 00:13:52,040
So what is that badge for the.

219
00:13:52,560 --> 00:13:57,020
As you can see, I just copy and paste it like this, as is press enter.

220
00:13:57,240 --> 00:13:58,540
Now, what is the username?

221
00:13:58,830 --> 00:14:05,310
So actually, by the way, if you can see that the username is maybe Ruwart, maybe admin, I don't

222
00:14:05,310 --> 00:14:05,630
know.

223
00:14:05,640 --> 00:14:06,670
So let's admin.

224
00:14:06,780 --> 00:14:08,000
I think it is admin.

225
00:14:08,010 --> 00:14:08,550
Yeah.

226
00:14:09,530 --> 00:14:15,230
And for the basswood, by the way, actually, this is something very simple because the user name is

227
00:14:15,230 --> 00:14:17,320
admin, by the way, and the password is password.

228
00:14:17,330 --> 00:14:20,300
So it is something very simple and easy.

229
00:14:20,330 --> 00:14:25,250
I didn't need to be programmed actually to point this out, but let's assume that it is something complex

230
00:14:25,250 --> 00:14:25,650
anyway.

231
00:14:25,910 --> 00:14:34,040
Now enter password use, which is rock you the text file that we have and enter the stream that occurs

232
00:14:34,040 --> 00:14:37,470
when logging fades, which is look and feel like this.

233
00:14:37,700 --> 00:14:38,950
So let's put it like this.

234
00:14:38,960 --> 00:14:43,670
And here you can see that trying this, trying this, trying this until we reach the password.

235
00:14:43,670 --> 00:14:47,350
So you can see that trying password admin basswood.

236
00:14:47,360 --> 00:14:48,500
So let's try this out.

237
00:14:48,510 --> 00:14:48,890
All right.

238
00:14:49,050 --> 00:14:50,930
Time for testing password.

239
00:14:51,620 --> 00:14:52,070
Yeah.

240
00:14:52,100 --> 00:14:57,830
Everything working as expected so you can see that yak's you change your password because it is very

241
00:14:57,830 --> 00:15:02,890
simple and very easy, but actually better than the simple stupid password anyway.

242
00:15:03,170 --> 00:15:09,320
Now you can see that we are able to log in to the page with this username and password and with very

243
00:15:09,650 --> 00:15:14,390
and you can see the way as you can see, this will give you the vibe of a hacker.

244
00:15:14,390 --> 00:15:18,500
As you can see, this is the cutout here is red and the carrot here is green.

245
00:15:18,500 --> 00:15:22,400
But you you can see that because I'm using already a green card up here.

246
00:15:22,760 --> 00:15:25,970
So you can see that this is why it is green.

247
00:15:25,970 --> 00:15:32,080
But actually the green skill here of the green color is not bright like this one.

248
00:15:32,450 --> 00:15:34,580
This is just for it to be fun.

249
00:15:34,880 --> 00:15:35,300
OK.

250
00:15:35,480 --> 00:15:37,820
And by the way, one last thing I want to mention, please.

251
00:15:37,820 --> 00:15:41,580
I want you to use this on a real target or machines.

252
00:15:41,630 --> 00:15:49,460
OK, so actually, I'm not responsible for any attacks, damages or anything that I'm teaching you and

253
00:15:49,460 --> 00:15:51,350
ethical hacking to use it to.

254
00:15:51,350 --> 00:15:56,370
Good for you and good for your company or your organization, country, institution, whatever.

255
00:15:56,420 --> 00:15:58,640
OK, so don't use it for bad purposes.

256
00:15:58,820 --> 00:15:59,720
Thanks for watching.