1
00:00:00,180 --> 00:00:02,440
Hello everybody and welcome back.

2
00:00:02,440 --> 00:00:03,720
Name the previous tutorials.

3
00:00:03,720 --> 00:00:11,560
We showed some of the Emanuel attacks on the moral pages with the cross-eyed scripting attacks.

4
00:00:11,610 --> 00:00:17,470
So we showed you reflected the store and the based on Dom injection attack.

5
00:00:17,640 --> 00:00:23,610
Right now what I want to show you is which tool you can use in order to automate this process.

6
00:00:23,610 --> 00:00:33,300
So one of them which is already installed in the clinic's machine or the repository I believe it is

7
00:00:33,300 --> 00:00:35,340
called X as as you are.

8
00:00:35,640 --> 00:00:37,580
Let me just type here.

9
00:00:37,580 --> 00:00:39,210
Here it is.

10
00:00:39,210 --> 00:00:39,860
Here it is.

11
00:00:39,860 --> 00:00:44,460
The name gives us some banner and it also gives us some of the options.

12
00:00:44,760 --> 00:00:50,240
Now as you said it can be installed in clinics so you can just type this and you will see the same output.

13
00:00:50,340 --> 00:00:52,850
This tool right here it is.

14
00:00:52,890 --> 00:01:00,410
It is made to detect the access vulnerabilities and exploit them it can detect the stored access reflected

15
00:01:00,410 --> 00:01:03,230
exercise and access says based on Dom.

16
00:01:03,230 --> 00:01:08,300
We covered all of these three in the previous videos manually and now you can do them automatically

17
00:01:08,360 --> 00:01:10,010
with these two.

18
00:01:10,070 --> 00:01:13,090
So let us just find a page that we will scan.

19
00:01:13,100 --> 00:01:15,850
Let me just check once again intercept off.

20
00:01:16,430 --> 00:01:27,140
So we go to the Firefox let us visit our vulnerable or was little machine once again 168.

21
00:01:27,130 --> 00:01:30,050
That one that's six.

22
00:01:30,110 --> 00:01:35,490
And here let me just find out what was on that page once again.

23
00:01:35,870 --> 00:01:38,370
I believe it was this one budget.

24
00:01:38,390 --> 00:01:39,700
So let us just try it.

25
00:01:39,710 --> 00:01:46,520
Why not so just click on the budget and right here what we want to do is a

26
00:01:49,920 --> 00:01:52,230
just go on to this search.

27
00:01:52,470 --> 00:01:53,250
Yeah it's right here.

28
00:01:53,250 --> 00:01:54,810
I believe this is the one.

29
00:01:55,020 --> 00:02:00,720
So you have here this page which is one and to the ones here demanded six or whatever your IP addresses

30
00:02:00,990 --> 00:02:05,140
slash budgets slash search dot GSP.

31
00:02:05,170 --> 00:02:08,020
Now we can see that if we take anything here.

32
00:02:08,020 --> 00:02:10,580
So it just like anything.

33
00:02:10,750 --> 00:02:14,800
It will search for anything and it will store our anything.

34
00:02:14,800 --> 00:02:18,370
And we indeed some value very variable called Kill.

35
00:02:18,820 --> 00:02:24,290
So this sent over the get request as we can see right here now what we want to do.

36
00:02:24,290 --> 00:02:31,370
Let us say we want to automate the tool the access you are tool to find out some of the more abilities

37
00:02:31,670 --> 00:02:33,080
in this page.

38
00:02:33,080 --> 00:02:38,940
So let us just copy this link just in case since we will probably need it.

39
00:02:38,940 --> 00:02:48,080
Now let us just enlarge this and type help so access is E R minus minus help and we get here a bunch

40
00:02:48,080 --> 00:02:49,880
of options.

41
00:02:49,880 --> 00:02:55,820
So let me just check go up towards what we want to do.

42
00:02:55,990 --> 00:02:59,700
We want to specify the minus you option which is the URL.

43
00:02:59,710 --> 00:03:00,900
So here it is.

44
00:03:00,970 --> 00:03:01,700
This is a must.

45
00:03:01,710 --> 00:03:06,260
So we need to enter the target link in order to run this minus.

46
00:03:06,270 --> 00:03:18,550
Gia I believe sent payload using get yes we we are sending the payload using the get method which is

47
00:03:18,550 --> 00:03:20,150
the method on that page.

48
00:03:20,200 --> 00:03:28,030
Website and we also want to specify I believe the Q option because we store our valuable in the queue.

49
00:03:28,030 --> 00:03:30,070
So let me just type right here.

50
00:03:30,130 --> 00:03:31,770
Let me just try it out.

51
00:03:31,780 --> 00:03:32,520
Not really sure.

52
00:03:32,530 --> 00:03:36,450
There is an option like that in the tool but let us try it.

53
00:03:36,460 --> 00:03:37,660
Why not.

54
00:03:37,660 --> 00:03:39,290
We delete the anything.

55
00:03:39,640 --> 00:03:43,750
And right now we want to delete this as well.

56
00:03:43,810 --> 00:03:46,350
So this is the page that we are searching for.

57
00:03:46,600 --> 00:03:52,000
Minus G for the get method and we want to add the parameter that we want to scan.

58
00:03:52,090 --> 00:03:54,420
So let me just find my question Mark.

59
00:03:54,420 --> 00:03:55,670
Not really sure where it is.

60
00:03:55,690 --> 00:03:56,890
There it is.

61
00:03:56,890 --> 00:03:59,290
And then queue equals.

62
00:03:59,740 --> 00:04:06,100
So it is scanning using method get and it is scanning parameter Q.

63
00:04:06,260 --> 00:04:11,160
So let us try to run this.

64
00:04:11,220 --> 00:04:18,800
It would basically at the parameter after uh it would basically add any any scripts that it will run

65
00:04:18,860 --> 00:04:20,940
on the server in the parameter queue.

66
00:04:20,960 --> 00:04:22,580
I believe that's how they.

67
00:04:22,730 --> 00:04:25,220
I believe that's how this should be specified let us try.

68
00:04:25,250 --> 00:04:32,560
So let me just run it and it says the server has not found anything matching the requested you already

69
00:04:33,650 --> 00:04:42,160
mosquitoes then need finder results in Jackson's one trying browser injection results server has not

70
00:04:42,160 --> 00:04:45,310
found anything matching the request.

71
00:04:45,310 --> 00:04:46,630
Now why is that.

72
00:04:46,630 --> 00:04:54,640
I have no idea browser support hashing cannot find any vulnerability.

73
00:04:54,640 --> 00:04:57,430
Try another combination or hack it manually.

74
00:04:57,430 --> 00:05:05,110
Well we were not hacking manually since we did it already but let us try some of the other options.

75
00:05:05,200 --> 00:05:06,250
I haven't really used this tool.

76
00:05:06,250 --> 00:05:13,740
That's why I don't know how to actually correctly put this so verbose.

77
00:05:13,740 --> 00:05:15,760
We do not need that.

78
00:05:15,780 --> 00:05:19,710
Select targets at least one of these options must be specified said the source.

79
00:05:19,910 --> 00:05:27,870
Okay so we did specify we said that you are out to the target select type of the HDP or HDP s connections.

80
00:05:27,930 --> 00:05:31,560
We said the get method.

81
00:05:31,630 --> 00:05:37,890
Okay so set access as a keyword in the places that you want to inject okay.

82
00:05:37,900 --> 00:05:42,700
So set access SS as keyword that could be possibly what we were missing.

83
00:05:42,700 --> 00:05:47,640
These options can be used to specify which parameters we want to use this payload set X access.

84
00:05:47,650 --> 00:05:52,900
So let us just set exercise right here and try once again.

85
00:05:53,470 --> 00:06:01,450
But as it said right here it says again the server has not found and that's not what we were hoping

86
00:06:01,450 --> 00:06:01,930
for.

87
00:06:05,150 --> 00:06:10,940
Cookie change or cookie Heather these are a bunch of irrelevant options at the moment through the sure

88
00:06:11,030 --> 00:06:13,540
but it doesn't want to work.

89
00:06:13,610 --> 00:06:17,930
Maybe if we specify it like this maybe we shouldn't really

90
00:06:20,480 --> 00:06:21,990
divide these two.

91
00:06:22,010 --> 00:06:29,260
Maybe we should just type it right like this that is targets minus G is not the correct you are all

92
00:06:29,990 --> 00:06:31,400
discarded.

93
00:06:31,440 --> 00:06:33,410
So and what about this.

94
00:06:34,950 --> 00:06:45,960
Okay so we just need the experiments and sometimes they do not give the example of usage of this command.

95
00:06:46,990 --> 00:06:47,950
You just tried

96
00:06:51,730 --> 00:06:54,130
maybe we need to specify it like this.

97
00:06:54,130 --> 00:07:02,110
So this is the website that we are searching for minus G now and we want to specify the path.

98
00:07:02,110 --> 00:07:05,250
So here what we want to delete is delete anything.

99
00:07:05,290 --> 00:07:14,030
So type here except access and then delete the previous part and let us try it like this checking your

100
00:07:14,030 --> 00:07:15,270
attack with payload.

101
00:07:15,320 --> 00:07:21,320
It doesn't give us that the server can be found but it says that it couldn't find any one abilities

102
00:07:21,320 --> 00:07:26,090
which is not what we were hoping for anyway.

103
00:07:26,100 --> 00:07:29,270
Not really sure why this doesn't work.

104
00:07:29,340 --> 00:07:34,470
Checking Euro tech with payload fail why does it fail.

105
00:07:34,470 --> 00:07:35,580
I have no idea.

106
00:07:35,580 --> 00:07:39,770
Let me just check one more thing.

107
00:07:40,030 --> 00:07:42,560
I can't seem to figure out why this doesn't work.

108
00:07:42,940 --> 00:07:45,200
Let me just try this once again.

109
00:07:46,470 --> 00:07:48,710
And it says fall for not found.

110
00:07:49,390 --> 00:07:49,890
No.

111
00:07:49,910 --> 00:07:51,260
Why is it not found.

112
00:07:51,260 --> 00:07:52,730
I have no idea.

113
00:07:52,760 --> 00:07:58,890
Could be a problem with my connection at the moment but it says right here that it is OK.

114
00:07:58,930 --> 00:08:00,700
Then what is it not found.

115
00:08:00,700 --> 00:08:03,430
The server has not found anything mentioned the request

116
00:08:06,120 --> 00:08:07,710
Oh wait wait wait wait.

117
00:08:07,710 --> 00:08:11,440
Tweet tweet tweet.

118
00:08:11,440 --> 00:08:14,600
Why does it add this slash right here.

119
00:08:14,760 --> 00:08:17,260
I do not want to add edit.

120
00:08:17,340 --> 00:08:18,210
Why did tell it.

121
00:08:18,210 --> 00:08:19,050
No idea.

122
00:08:19,050 --> 00:08:20,340
Let me just check the link.

123
00:08:20,340 --> 00:08:23,400
Maybe we copied something wrong.

124
00:08:23,400 --> 00:08:27,300
No this is the link and maybe it will work later on.

125
00:08:27,300 --> 00:08:28,260
Not really sure.

126
00:08:30,710 --> 00:08:42,730
But if it if we just do this and then paste once again and then we delete everything but this and this

127
00:08:44,110 --> 00:08:50,650
know sometimes you might need to experiment with a few options like this before you get it to work.

128
00:08:50,660 --> 00:08:53,970
He had a low check for the target discarded mosquitoes landed.

129
00:08:54,090 --> 00:08:57,280
Well it doesn't seem to work either.

130
00:08:57,290 --> 00:09:02,060
Let's try this.

131
00:09:02,630 --> 00:09:03,700
He's our target.

132
00:09:03,710 --> 00:09:05,710
Even online.

133
00:09:06,440 --> 00:09:07,090
It should be

134
00:09:10,670 --> 00:09:12,160
well it doesn't really matter.

135
00:09:12,160 --> 00:09:13,750
Let us go on to the next tool.

136
00:09:13,750 --> 00:09:15,700
Not really sure why this one doesn't work.

137
00:09:15,700 --> 00:09:18,800
I believe the syntax is correct.

138
00:09:18,880 --> 00:09:22,420
Let's just go on to the next tool which is the excessive sniper.

139
00:09:22,420 --> 00:09:29,520
This one might work a little bit better or it might actually work for different.

140
00:09:29,590 --> 00:09:36,010
So this tool does not come pre installed in these clinics so we will have to install it from GitHub

141
00:09:36,040 --> 00:09:46,630
so just open up your Firefox add a new tab and go to access sniper minus sniper and click on it to search

142
00:09:46,630 --> 00:09:52,100
it and you should also see a github link from where we will download it now.

143
00:09:52,360 --> 00:09:54,820
I didn't download it yet.

144
00:09:55,090 --> 00:09:56,810
At least I don't remember down the lead.

145
00:09:56,870 --> 00:09:58,220
So let us download.

146
00:09:58,630 --> 00:10:03,080
Let us download it together if our internet worked.

147
00:10:03,080 --> 00:10:03,980
Here it is.

148
00:10:04,130 --> 00:10:09,800
And here you just go on the first link which is GitHub and the access neighbor as it says right here

149
00:10:09,800 --> 00:10:16,240
it is an automatic access discovery tool so we will try to see if that one works.

150
00:10:16,570 --> 00:10:25,040
I'm not really sure why the previous one didn't so just copy the link and let's install it in our root

151
00:10:25,040 --> 00:10:29,820
directory so you get clone as we already know.

152
00:10:30,080 --> 00:10:36,700
And then we paste the link and then dot get it for clone the 4 and the directory unto our root directory.

153
00:10:36,710 --> 00:10:42,300
So let us go to the exercise sniper and see our files right here.

154
00:10:42,590 --> 00:10:48,560
We can see that this is the python file so let us just run it right away since it is green which means

155
00:10:48,560 --> 00:10:52,280
it is executable and let us run access sniper.

156
00:10:53,580 --> 00:10:56,430
It gives us the our available options.

157
00:10:56,430 --> 00:10:58,280
So what we can do.

158
00:10:58,560 --> 00:11:02,370
Options h help you or else so we will use that you url.

159
00:11:02,550 --> 00:11:08,390
We can use forms use arrangement crawl poor so random agent cookie.

160
00:11:08,400 --> 00:11:17,100
These are just bunch of the options used for the anon ization to anonymize yourself as we can see is

161
00:11:17,100 --> 00:11:20,150
can behind the forethought.

162
00:11:20,940 --> 00:11:22,800
And so on and so on we just want to.

163
00:11:22,800 --> 00:11:32,700
For now on use the you are all option so just type here typed on accesses sniper minus you for the URL

164
00:11:32,730 --> 00:11:39,920
and then lets paste whoops Yeah I copied the wrong you URL.

165
00:11:39,960 --> 00:11:45,490
Let this just go once again to the page itself and copy this year out

166
00:11:50,560 --> 00:11:53,530
okay so we will just delete it from here.

167
00:11:53,550 --> 00:11:59,990
Close this and then paste that you are not really sure now which your URL to we need.

168
00:12:00,060 --> 00:12:09,780
But let us just try it like this and we can see that it found result found access injection points in

169
00:12:09,780 --> 00:12:16,860
1 targets we can see that this tool has found the exercise injection finally something works so we can

170
00:12:16,860 --> 00:12:20,420
see target which is our target method get query string.

171
00:12:20,460 --> 00:12:23,610
Is this now what means by query string.

172
00:12:23,610 --> 00:12:30,430
This is just punch routine coded encoded characters and we can see injections one payload found free

173
00:12:30,430 --> 00:12:38,250
in each the amount so we can see that we successfully discovered the excess probability with this tool

174
00:12:38,650 --> 00:12:40,220
with the previous one we couldn't.

175
00:12:40,230 --> 00:12:43,170
Not really sure why but it doesn't matter.

176
00:12:43,170 --> 00:12:48,630
It matters that one of them worked probably the other one would work as well sometime.

177
00:12:49,080 --> 00:12:50,780
Maybe we specified something wrong.

178
00:12:50,790 --> 00:12:53,370
It doesn't really matter at the moment.

179
00:12:53,760 --> 00:12:59,880
What matters is that we successfully finish the web penetration testing section which was one of the

180
00:12:59,880 --> 00:13:05,180
first longer sections that we will do and we might cover some of the other attacks.

181
00:13:05,190 --> 00:13:12,030
Some of the more advanced attacks in the advanced section also used on Web sites but until then we will

182
00:13:12,030 --> 00:13:17,550
need to cover some of the other sections which will be divided the second section the mall where the

183
00:13:17,580 --> 00:13:24,650
methods point framework and punch of other sections so we can finish the up and trace testing right

184
00:13:24,650 --> 00:13:29,140
here and we will continue hacking in the next lectures.

185
00:13:29,240 --> 00:13:32,420
Now I hope I see you there and happy hacking my.