how hackers hack any website in 9 minutes 6 seconds?!

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

on the news we're seeing all these different type of hackers being able to dump out all of the usernames emails passwords credit card information and so on but the question is how do they do it and in today's tutorial you'll be seeing and learning exactly how to do just that it's crazy i know and before we get started kids hacking is legal if you get caught hacking do not tell them that you know who is mr hacker lawyer now the fundamental part of thing is that you first have a website and of course in this website this is where you have your users who may be surfing the site and they'll be able to look at all the content within the site you're hosting and of course this can be hosted on say your nginx or it could be hosted on say apigee which is again all these are very popular application servers that you can easily host on the internet to get all these different sites started and they can run all this processing all this different logic in it behind the scenes is typically a database server and this database server will be housing your username or your password and your credit card information and all these different details within them so what we can see here is all these different details are kept within the database and the application server when they connect to the database in order to retrieve this information to be able to check on your username your password and all of that and in terms of security majority of time what's happening here is that this access is strictly only provided to the application server meaning that no one else is able to gain access in the system so if a user tries to go directly into the database they'll be met with the inability to access into that service into that port because it is not open up to say the internet or to a typical user so what a hacker has to do down here in this case we have on the left side mr hackaloy which is your best friend your bff and here mr heckler lloyd would then have to target into the application server and has to inject what we call sql injection so now we'll be asking what exactly is sql so what the sql does for us is that sql sends instructions into the database to interact with it in order to retrieve all this different username password fields and make them available into the application server which can then run all these different logical checks for example the user who entered a password doesn't match the password over here under the username that's been supplied and going back to the hacker over here what sql injection is trying to do is to bypass some of these different logic so that we are then able to get unauthorized access into the database listing down all these different usernames passwords credit card information from the backend system so right in front of us with webgood.net and here we have the employee mail and of course here it says following are you looking to contact one of our employees use this phone to find an email quickly so again as i've said there's a backend database to do to look up for it so we can enter a name so i can start a find employee and we can see right here we have first name last name and email address so what we can do now is that there is a request heading into the server and what we can do is to go to the top right corner click on the foxy proxy click on the burp suite and once you're done with that go ahead and open up terminal and we can launch webstreet right from here so enter burp suite and here we're starting our website to be our interceptor so we can see all the different type of requests that are going over into the server and we can decide how we want to change up the request or perhaps even load the request to a separate software so in this case click next start burp and now we are getting burp suite community edition started and go under the proxy tab and we can see the intercept is on so once you have that what we can do now is to go ahead and click find employee again and we can see the interception right here so we have a post method going to sqlinjection.aspx so what we can do now is we can literally copy everything right here okay you can do a right-click and you can do the copy or you can copy the file whichever the case is so i can do a copy right here i can go back over into terminal and what i can do now is i can echo and i can copy and paste it over here and i can send this out to a file so i can enter say into a request.txt hit enter on that and i can do a cad request.txt so we have now save that request into a file next up we can take advantage of this file that we have saved and we can use a tool like say sql map and we can target this file by entering request.txt hit enter on that and right here sql map is sending payloads over in the target site so that we can find out where are the different vulnerable parameters that we can go after and right here we have already ran through the attack and we have locked the file over so we can see the following that the backend database is my sequel and right here we have different my sequel union query all right we have time based blind and as i scroll up a little further we can see the different parts of the vulnerable injection points that we can go after so you can see here we have the parameter so body content placeholder text name next up what we can do here is enter sql map and what we want to see now are all the different types of databases within it so i can go ahead and enter the following information and we can see right here we have a lot of different databases so we have bricks bwab all right we have get boo gallery and all this different databases within it and in this case we'll be targeting web good coins and we want to find out all the tables within it and to dump out all of their passwords in the customer table okay and all i got to do right now is go ahead and enter the following all right so dash d followed by web goat underscore coins dash dash table sorry so this will list out all the tables within this target database let's go ahead and do just that and right here we got a result this is crazy look at that 11 tables right here and the one that looks like what we are going after is going to be under customer login so let's go ahead and go after that so now i can change this over into dash t follow my customer login follow my double dash dump hit enter on that all right and this will give us the opportunity to dump up all of the passwords and right here we got it look at that all this of the different email addresses as well as the password field so you can see here email answer password and right here these are all the different passwords that we managed to find however it looks a little strange one thing for sure this password fields are not hashes because hashes typically have fixed length so in this case we can see that there are varied lengths based on the different passwords this looks like some form of encoding and they look pretty familiar i'm going to go ahead and grab the first password and let's see whether we're able to decode it so let's go ahead and enter the following all right so now what i'll do is go ahead and enter echo followed by the password that we just copied and paste and right here what we can do is use base64 followed by dash dash detail hit enter on that oh my look at that one two three four five six no wonder it looks so familiar because that is my password it's the best password in the world people think that hacker will be using a really complex and strong password but i choose to do reverse psychology 101 and obviously i don't just want one password i want all of the passes decoded so let's go ahead and do just that so what i'm going to do now is to save all these different fields into a text file and after which we can process it we can change up the format of it and begin decoding them at scale so let's go ahead and copy the whole chunk of it all right so let's go ahead and click copy selection so what i can do now is go ahead and enter echo all right followed by all of the information that we have copied and what i can do next is go ahead and paste them all over into say password.txt hit enter on that all right i'm going to go clear and i'll do a cad password.txt and i'll see what we get all right so we got all this different information right here and what we can do next go ahead and or in a bouquet followed by single code and this case we are going to print number eight all right so dollar eight and followed by the curly braces and then what we can do next is go ahead and enter the file so in this case we have password.txt followed by base64 and then what we can do now is go ahead and enter say base64 double dash decode hit enter on that and we got the information all right so we have one two three four five six password love one two three four five six seven eight princess sunshine i love you and so on so far so all this is a different path however we do have an invalid input and the reason for the error could be because of a vertical bar so let's say i go ahead and enter the following all right and we can see here we may have multiple of this vertical bar that may be producing the error okay so for example if i do the following or i echo with vertical bar and base64 decode hit enter and that we get an invalid input so in that case what we need to do is to be able to remove that from the list so that we're able to decode the rest of all those passwords so let's go ahead and enter the following all right so we have the awk print a password and here in this case we want to trim away that all right so we have tr d followed by the vertical bar again and now in this case we have base 64 dash dash d code and hopefully it works this time let's go ahead and hit enter on that there you go we got it we got all of the passwords right here all right and of course there's a cleaner way for us to run through the parsing of all those data so that we are getting the precision on the password field to pass the column and be able to run through all of that decode it is crazily fast isn't it how quickly we are able to find vulnerability of a website after which being able to exploit that vulnerability pulling out all of the information from the database system and be able to break all of that passwords and now that we have usernames and the password field we can literally do anything with those accounts we can try to log into the gmail their hotmail and the facebook account because they could be using the same password across all of these online accounts that they have turn the like share subscribe and turn on notifications so that you do not get hacked

Info

Channel: Loi Liang Yang

Views: 541,848

Rating: undefined out of 5

Keywords: hacker, hacking, cracker, cracking, kali linux, kali, metasploit, ethical hacking, ethical hacker, penetration testing, penetration tester, owasp

Id: bUH07lrBYgw

Channel Id: undefined

Length: 9min 6sec (546 seconds)

Published: Fri Jul 15 2022