How Easy Is It For Hackers To Brute Force Login Pages?!

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
Captions
and the most important thing of all before we get started is that if you get caught hacking make sure you do not tell them you learn it from this tutorial and you have no idea who is hackaloy and they ask you why is your browsing history showing hacker alloy just you have no idea it came up on the recommendation so now let's get started on the tutorial so right in front of us we already got the login screen and we can see entel your credentials b slash bug but of course we already found out a username who's going to log into this website and we found it either from the doc web from recently exposed databases of credentials and we can look at say a login name like for example acryloid so i can enter hecaloy and the problem now is we have no idea what exactly is the password so i can enter some random password go ahead and click login and look at the results right here okay so we got the following invalid credentials or user not activated let's go ahead and do a right click copy on it and what i'll do now is go under terminal and what we'll do is go ahead and launch burp suite as our interceptor so this is going to allow us the ability to intercept all the requests and run a brute force attack against the website so now let's go ahead and close on the update all right so we are on community edition so let's go ahead and click next and go ahead and click start burp so now that we are starting our burp suite all i got to do is go to the proxy tab and make sure the intercept is on i'll go back to the browser go to the top right corner under foxy proxy select burp suite and now what we'll do is enter heckler and enter the password view all right let's go ahead and click log in so here we have the interception and i can do a right click okay and send it over to intruder and here is the scary part okay because it's really easy to run brute force attack using any of these interceptors so we have the attack target like the hose the port number we have the positions all right so this is going to be an important place to take note of so we'll clear the security level as well as the php session id and what we are going to be targeting is actually the password field so let's go ahead and clear the login all right and clear the security level as well as form submit so once you clear all this you see that there's a password for you okay so now going under payloads you can go ahead and look under payload options click load okay and here we have 1000 common passwords so let's go ahead and double click on that and this will load up all the passwords right here okay as you can see we have one two three four five six password is password one two three four five six seven eight hacker loy is a cyber security professional to be thinking okay as a cybersecurity professional i'm sure he's using some complex password all right so there's no way we'll be able to use commonly used passwords against him all right and that's the part where it gets really exciting because you think all right that he is a professional hacker he would be using complex password but you'll be wrong all right reverse psychology one on one let's go take a look at what is the password so once you're ready all right go under options all right and scroll all the way down and you will see this particular area called grab dash match all right so go ahead and clear all of this click yes to clear the list and enter the following account paste it over here so let's go ahead and paste invalid credentials or user not activated all right so this is the error message that we're looking for when we are actually injecting into the website with all of our payload options so once you have that running go ahead and select add and flag results with response matching these expressions scroll all the way to the top on the top right corner and three two one click start attack all right click okay and there it is all right the attack is running right now and you can see right here i can go to the top left corner click pause because we got one peculiar result something standing out right here alright it's not showing invalid credentials as you can see right here and instead we're getting a different length of 578 so it is not an incorrect password and of course directly from here we'll be able to find out the password of hackloy as quickly and as simple as that and once i go back into the website i can go to top right corner okay i can turn off burp suite and i can do a refresh of the site okay let's go ahead and do a resend and go under hackaloy as the login field and enter the password one two three four five six seven eight click login and that's it all right it's game over we are in we managed to get the password of hacker loy and now that i've shown you my password and my password is one two three four five six seven eight it is only fair that you also put your password on the comments section right so go ahead and enter a password on the comment section so that i can help you review your password so once again i hope you learned something valuable in today's tutorial if you have any questions feel free to leave a comment below and i'll try my best to answer any of your questions like share subscribe and turn on notifications so that you can become abreast of the latest cyber security tutorial thank you so much once again for watching
Info
Channel: Loi Liang Yang
Views: 71,545
Rating: undefined out of 5
Keywords: hacker, hacking, cracker, cracking, kali linux, kali, metasploit, ethical hacking, ethical hacker, penetration testing, penetration tester, owasp
Id: Gz59MezA3r4
Channel Id: undefined
Length: 4min 29sec (269 seconds)
Published: Thu Aug 05 2021
Related Videos
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.