1
00:00:12,320 --> 00:00:15,040
Hi and welcome back to another episode on How to Hack.

2
00:00:15,410 --> 00:00:21,920
So we are back again to our open web application security project, Web application penetration testing

3
00:00:21,920 --> 00:00:22,430
series.

4
00:00:23,210 --> 00:00:28,220
So once again, we have a look at the number of ways of inspecting a side.

5
00:00:28,220 --> 00:00:35,210
And of course, in on one of our videos, we actually look at the whole customer journey looking and

6
00:00:35,210 --> 00:00:36,840
inspecting about a site.

7
00:00:36,880 --> 00:00:42,500
So, again, I want to highlight at the moment, you get to a site, you don't just begin injecting

8
00:00:42,500 --> 00:00:48,260
different kind of payloads and running all your different scripts, running all your different injections.

9
00:00:48,850 --> 00:00:57,040
The first thing you want to do is to look at how a customer would actually walk through the entire site.

10
00:00:57,290 --> 00:01:00,630
So we will with the help of web developer.

11
00:01:00,650 --> 00:01:04,190
So let's say I click onto the network web developer.

12
00:01:04,910 --> 00:01:05,840
We can zoom a little more.

13
00:01:05,840 --> 00:01:06,890
So it's easier for you to see.

14
00:01:07,220 --> 00:01:15,020
So we can do a refresher reload and we can look at all the scripts that are being loaded as part of

15
00:01:15,020 --> 00:01:15,470
the site.

16
00:01:15,500 --> 00:01:20,840
OK, so I can zoom in a little more and we can see a number of JavaScript, so we can see runtime,

17
00:01:21,410 --> 00:01:27,380
we can see vendor, Polyphemus, main, et cetera, et cetera, so we can see all these different JavaScript

18
00:01:27,380 --> 00:01:32,190
kookie consent and all these different items are loaded as part of this.

19
00:01:32,210 --> 00:01:37,260
Of course, we also found application programming interfaces that can also be queried.

20
00:01:38,660 --> 00:01:40,430
So we see a lot of all these different data.

21
00:01:40,430 --> 00:01:46,430
And one of those things is really important to understand about how websites are being structured already,

22
00:01:46,430 --> 00:01:47,050
JavaScript.

23
00:01:47,060 --> 00:01:52,640
So, for example, over here, if I do a right click on Main Dash two zero one five.

24
00:01:53,450 --> 00:01:59,600
So again, we are trying to get our information as much as we can about the website before we launch

25
00:01:59,600 --> 00:02:00,770
a specific attack.

26
00:02:01,180 --> 00:02:07,730
And the purpose of doing that is so that we can bypass certain firewalls, we can bypass web application

27
00:02:07,730 --> 00:02:08,360
firewall.

28
00:02:08,360 --> 00:02:12,700
We can ensure that we do not trigger any kind of alarm systems.

29
00:02:12,980 --> 00:02:18,820
So, again, we want to fully understand, comprehend and map out how the entire site work.

30
00:02:19,040 --> 00:02:24,020
And of course, one of the best ways to understand about how Web application work is to, of course,

31
00:02:24,020 --> 00:02:29,900
build it entirely by yourself and see and map how those things work.

32
00:02:30,150 --> 00:02:36,560
OK, so going back to the tutorial, so over here, a main Dasht E two zero one five.

33
00:02:36,590 --> 00:02:41,690
So again, it will be our job to actually inspect all this different JavaScript.

34
00:02:41,690 --> 00:02:44,390
So I'm going to go ahead and copy.

35
00:02:44,650 --> 00:02:44,820
All right.

36
00:02:44,860 --> 00:02:49,730
I'm going to copy the URL and we'll open up a new tab and I'm going to pace it and hit, enter, indebt.

37
00:02:50,600 --> 00:02:54,760
So, of course, here we have the JavaScript and of course, it has been minify.

38
00:02:55,040 --> 00:02:56,330
So what do I mean by minified?

39
00:02:56,330 --> 00:03:04,460
Because the whole idea is get rid of as much indentation spaces as possible so that it is significantly

40
00:03:04,850 --> 00:03:11,690
can load a lot faster and you can save a lot more space in sending that data across.

41
00:03:11,830 --> 00:03:13,670
OK, so all we are going to copy everything.

42
00:03:13,670 --> 00:03:16,220
I'm going to copy everything to a right click copy.

43
00:03:16,670 --> 00:03:20,060
I'm going to go to this site, call on Minify.

44
00:03:20,090 --> 00:03:20,350
All right.

45
00:03:20,360 --> 00:03:25,400
So I'm going to paste a code here and I'm going to click zoom in a little more so it's easier for you

46
00:03:25,400 --> 00:03:25,930
to see.

47
00:03:25,940 --> 00:03:28,640
OK, so I'm going to click on and modify it.

48
00:03:29,180 --> 00:03:29,420
All right.

49
00:03:29,420 --> 00:03:39,920
So this makes it more human readable so that we can dissect the segments and look at how they're actually

50
00:03:40,520 --> 00:03:42,610
going to structure the JavaScript.

51
00:03:42,620 --> 00:03:47,900
So I'm going to copy again, I'm going to copy the unmodified JavaScript.

52
00:03:47,900 --> 00:03:50,420
I'm going to go into notepad plus plus.

53
00:03:50,420 --> 00:03:54,560
So NOPEC plus plus will give us a very nice way of looking at a situation.

54
00:03:54,570 --> 00:03:55,430
So I've already done that.

55
00:03:55,430 --> 00:04:01,340
So I'm going to pass it over here on to notepad, blah blah so we can actually look at all this very

56
00:04:01,340 --> 00:04:02,210
nice indentation.

57
00:04:02,210 --> 00:04:06,200
Makes it much easier for us to analyze what is going on.

58
00:04:06,200 --> 00:04:07,990
What is the purpose of the JavaScript?

59
00:04:08,540 --> 00:04:11,240
What can these JavaScript do for the website?

60
00:04:11,250 --> 00:04:14,060
How does it affect the customer journey?

61
00:04:14,690 --> 00:04:21,110
So as I scroll down, I can see, OK, we have no functions, we have computation, we have all these

62
00:04:21,110 --> 00:04:24,060
ways of redirecting users and so on and so forth.

63
00:04:24,080 --> 00:04:28,190
So one of those things that we can look for is, of course, direct.

64
00:04:28,430 --> 00:04:32,250
OK, so we can do a control if I'm going to go on to magnifier.

65
00:04:32,270 --> 00:04:36,080
So it's easier for you to see someone open a magnifier.

66
00:04:36,530 --> 00:04:37,700
I'm going to scroll over here.

67
00:04:37,700 --> 00:04:40,520
So, of course, you can see that we have this.

68
00:04:41,980 --> 00:04:49,330
Fine, so we can look, for example, for direct, so it could, again, be a way for us to find certain

69
00:04:49,330 --> 00:04:56,920
redirection links that could have otherwise been discarded as part of the updates to the website.

70
00:04:56,930 --> 00:05:04,330
So I'm going to click on Find What We Directly Phoenix so we can find like offset direction and so on,

71
00:05:04,330 --> 00:05:06,670
so we can find all this different information.

72
00:05:07,270 --> 00:05:09,190
Can we find more details?

73
00:05:09,460 --> 00:05:14,260
Can we find things more specifically about certain links?

74
00:05:14,500 --> 00:05:19,960
Can we find more items that would actually show us the redirection to a URL?

75
00:05:19,970 --> 00:05:21,470
So we see a lot of direction.

76
00:05:22,000 --> 00:05:23,860
So again, we can refine our searching.

77
00:05:23,860 --> 00:05:26,500
So, for example, if I had to redirect, can we find something else?

78
00:05:26,500 --> 00:05:27,880
So if I click Phoenix.

79
00:05:29,330 --> 00:05:36,710
Look what we got here, so he says show bitcoin, QR code, and of course, I'm going to zoom in a little

80
00:05:36,710 --> 00:05:38,270
more so it's easier for you to see.

81
00:05:38,970 --> 00:05:40,070
And we can look over here.

82
00:05:40,340 --> 00:05:45,550
There's a URL redirect to and we have this block chain dot info.

83
00:05:45,710 --> 00:05:48,320
So this, again, we can see the address.

84
00:05:48,950 --> 00:05:55,370
And of course, if I scroll down some more, we have the QR code and again, we are seeing all this

85
00:05:55,370 --> 00:05:56,280
different data.

86
00:05:56,480 --> 00:06:01,880
So again, all this redirection places at or scanned on IO and we can see the address.

87
00:06:02,240 --> 00:06:06,520
So this could be payment systems and we could possibly change it.

88
00:06:06,650 --> 00:06:12,200
And for example, if I look over here, use wallet and it puts an exclamation zero, what does that

89
00:06:12,200 --> 00:06:12,510
mean?

90
00:06:12,710 --> 00:06:15,050
What if I change zero to one?

91
00:06:15,320 --> 00:06:19,210
How would it affect the customer experience of the site?

92
00:06:19,340 --> 00:06:21,460
What would get loaded and what not get loaded?

93
00:06:21,480 --> 00:06:28,130
So all these all the questions that you have to be asking yourself as you are inspecting and analyzing

94
00:06:28,520 --> 00:06:35,090
the structure of the site and the way they're logically planning the activities, they will be executed

95
00:06:35,090 --> 00:06:36,440
as part of the customer journey.

96
00:06:37,220 --> 00:06:39,020
So what else can we find?

97
00:06:39,380 --> 00:06:46,130
So if you go back into open Web application security project over here, somewhere close to magnify

98
00:06:46,130 --> 00:06:46,730
for a moment.

99
00:06:47,660 --> 00:06:51,170
OK, so we're back into the Juice Shop website.

100
00:06:51,920 --> 00:06:54,640
And if you look at these, you are at a top.

101
00:06:54,650 --> 00:07:00,410
So, again, if you look at Agrella top so we can see the URL here, so we can see, for example, we

102
00:07:00,410 --> 00:07:05,930
have the website name, part number and slash hacks slash search.

103
00:07:06,470 --> 00:07:13,370
So if I click onto left site tab and for example, if I click on customer feedback and over here we

104
00:07:13,370 --> 00:07:16,270
can see Hack's Contac.

105
00:07:17,050 --> 00:07:25,400
OK, so again, we are looking at all these different pages and we're thinking how are these being let

106
00:07:25,400 --> 00:07:25,910
into?

107
00:07:26,060 --> 00:07:27,650
What is the process?

108
00:07:28,310 --> 00:07:31,700
Could it be a direction from the JavaScript?

109
00:07:32,210 --> 00:07:35,120
OK, so this are the questions you have to be asking yourself all the time.

110
00:07:35,330 --> 00:07:43,750
So if I go back onto the notepad plus plus in which we have the unmodified original version of the JavaScript,

111
00:07:44,060 --> 00:07:48,120
so can we search specifically for those information as well?

112
00:07:48,470 --> 00:07:53,130
So, for example, if we go back into the USB juice shop, so we have contact.

113
00:07:53,630 --> 00:07:59,540
So if I go back into the search and I enter contact and I click on Find.

114
00:08:00,830 --> 00:08:03,830
OK, so we could contact email, we so and so forth.

115
00:08:04,370 --> 00:08:08,660
So are we able to find something a little more specific again?

116
00:08:08,870 --> 00:08:10,100
OK, so over here.

117
00:08:11,700 --> 00:08:15,660
We can find, for example, this is Log-in and so on, so forth, scoreboard.

118
00:08:15,910 --> 00:08:16,480
OK.

119
00:08:17,770 --> 00:08:27,240
And here we are seeing, OK, we have about we have delivery method, deluxe membership basket, Contac

120
00:08:27,250 --> 00:08:28,270
photo wall.

121
00:08:28,690 --> 00:08:35,710
This seems like the segment that actually has all these different addresses.

122
00:08:36,070 --> 00:08:37,720
So we have an administration.

123
00:08:38,240 --> 00:08:39,370
OK, can we try this?

124
00:08:39,370 --> 00:08:43,990
Let's go back to the site and enter and change this to administration.

125
00:08:44,830 --> 00:08:47,160
So let's go ahead and administration and hit enter.

126
00:08:47,900 --> 00:08:50,000
OK, so we can see over here.

127
00:08:50,560 --> 00:08:50,920
All right.

128
00:08:50,930 --> 00:08:53,500
So we can look at all this different data and information.

129
00:08:53,800 --> 00:08:54,220
All right.

130
00:08:55,120 --> 00:08:56,350
How about trying something else?

131
00:08:56,350 --> 00:08:57,040
Accounting.

132
00:08:57,460 --> 00:08:57,700
All right.

133
00:08:57,730 --> 00:09:01,440
How about Peyman, forget password scoreboard.

134
00:09:02,080 --> 00:09:03,870
Can we see those data?

135
00:09:03,880 --> 00:09:05,740
Can we see those information?

136
00:09:05,740 --> 00:09:08,540
Are we able to access to those data?

137
00:09:08,560 --> 00:09:11,590
So if I had to score Dashboard, can we gain access to it?

138
00:09:12,440 --> 00:09:14,430
Oh, yes, we found something here.

139
00:09:14,480 --> 00:09:15,920
So we found a scoreboard.

140
00:09:16,490 --> 00:09:23,900
All right, so we can find all this different data by looking specifically in JavaScript, which may

141
00:09:23,900 --> 00:09:29,660
be hiding some of these different pages, different lengths, different redirections.

142
00:09:29,870 --> 00:09:36,470
And we can also look and think about the activities that will be executed as part of the customer journey.

143
00:09:36,830 --> 00:09:37,240
All right.

144
00:09:37,640 --> 00:09:41,660
So let me know what else you find from inspecting the JavaScript.

145
00:09:42,330 --> 00:09:42,660
OK.

146
00:09:42,890 --> 00:09:46,250
And of course, I hope you have learned something valuable in today's tutorial.

147
00:09:46,250 --> 00:09:50,840
And if you like, what if just watch him to, like, share and subscribe to the channel so that you

148
00:09:50,840 --> 00:09:53,000
can be kept abreast of the latest cybersecurity.

149
00:09:53,000 --> 00:09:53,340
Tarryl.

150
00:09:53,510 --> 00:09:55,100
Thank you so much once again for watching.