Mastering XSS Attacks: DVWA Exploits with Kali Linux & Metasploitable | Web Security Tutorial

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
Captions
[Music] Welcome to our explorations of cross side scripting or xss where we dive into the primary attack vectors reflected and St xss in this video we'll take a closer look at how this vulnerabilities manifest their potential impact and steps we can take to meet iate the risk why don't you join us as we are navigating the world of web security and learn how to defend against xss attacks buckle up let's get started Security in no time let's go over our Cali machine and we open Firefox and then we are going to go to the O stop 10 so we can search for xss and then uh to be successfully uh complete this lab you will need maxable and then KY Linux now we have videos on how to set up your own cyber security lab I will encourage you to go back to watch them so now the first one c s scripting or xss we can actually click on it to learn what it is cuz I encourage you I will encourage you to always go to Google and or stop 10 know to just learn on your own Wikipedia so now from here they tell you what this C scripting is it's an injection attack so with the Mal um the attack just inject malicious codes into uh a form for example if you go to your website you may see there's a contact form where you put your name phone number address and then if you go to log to your bank you see you have to put your username and password so attack is instead of like entering like a username and a password to enter scripts this is what we are going to demonstrate today we are going to just you know demonstrate how this works so now if you're curious you can come to the O sub 10 you you're going to see a bunch of uh injection attack but for the purpose of the of the video we are going to uh cover the stor xss and then the reflected xss so to do so we are going to go to our uh midable [Music] server and then uh what we can do we can go to [Music] dvwa and then put our username and our password the username is admin and password is password and once we logged in so what we are going to demonstrate today we are going to demonstrate the cze scripting for reflected installed so uh before we do anything else we have to make sure that that website is set to low for security because if we leave security to high we will not be able to demonstrate what we want to demonstrate so we're going to put it on low and hit submit good and right now we can go to uh try to do reflected uh accs attack so this attack is you know from the uh client you know like for example uh if you go there they say what is your name I should put there it cuz this is what was expected but in attire care what they can do to see if this website is uh susceptible to uh xss they can actually put some script like a JavaScript I can add uh something like you know create an [Music] allet here you go [Music] just this scrip sorry see here we go so you see that you know this is susceptible to xss because uh at the end of the video I'm going to just we are going to go over the o to see how to mitigate those risk so now if an attack a good that website they put that test they like oh yeah this is susceptable because the website actually run my screen so now I can click okay and then you can see that it just accept my uh the Alo input all right cool so now the stored uh accss is very different than reflected because stored accss actually stay into the database for example if you us a comeback later with an infected database whoever visit that website going to the script going to run with whatever the put there for example if the want to steal your cookies your session you can actually add it there as you can see I have a couple test there I can have another test I can call that test SSS and then I'm going to add the same [Music] script and then I can just say this time [Music] [Music] right close then I can just sign it and as you can see don't visit that website so now if I C know go back I can actually go try to go back to click okay and try to go back home and then go back to store accss you see now every time I go there you see don't visit the website because you know that's stored into the database like where visit that website going to be in trouble so now so what we can do you know a to Pro accesses so so now what we can do you know if we just go to uh to the O sub 10 as from the beginning here you see you know they tell you a bunch of things so so what we can search we can actually you know search for you know uh how to prevent accs there are multiple ways that you can prevent it you can use like content security policy you can use like you know input validations Etc but you know whatever I say I want it to be legit that's why you know we are coming right here to make sure that you know you I'm not trying to invent something but you see how they do it in the security world so right now if we come to the oops top 10 yeah kind of you know they give you like a bunch of you know way you know how like you know how it works how to defend it you know what you have to do to just you know protect against accss if we just read to all this and you can see know how to just uh go against accs and if you are a developer what I will invite you to do uh you can just say xss Mozilla uh and I think you know form the Mozilla can just you know give a lot of information you know about you know accesses what it is and how to prevent it so uh because it's very important when it comes to security you don't rely on only one security platform so uh and uh you know there you have it you know our exp exploration into the course side skting you know have been done so throughout that video so what we did we just go uh and demonstrate you know how reflected and stalled excesss work so understanding the hands and how and the potential thread deos they are very critical so remember the digital landscape is ever evolving but harmed with our knowledge and the right tools we can fortify our differences so keep learning stay secure don't forget to like share and subscribe and until next time this is the T [Music] guy
Info
Channel: That Cyber Guy Official
Views: 300
Rating: undefined out of 5
Keywords: XSS Attacks, DVWA Exploits, Kali Linux, Metasploitable, Web Security Tutorial, Reflected XSS, Stored XSS, Mitigation Techniques, Pentesting, OWASP, Cybersecurity
Id: 7tl6824Q43I
Channel Id: undefined
Length: 9min 34sec (574 seconds)
Published: Tue Mar 05 2024
Related Videos
Website Hacking Demos using Cross-Site Scripting (XSS) - it's just too easy!
David Bombal
310K
How to unlock Android screen pin code using kali linux |nethunter | termux
Android SecInfo
63K
Exploit Cross-Site Scripting(XSS) To Capture Cookies
TraceTheCode
32K
Password Hacking in Kali Linux
John Hammond
730K
3 - Cross Site Request Forgery (CSRF) (low/med/high) - Damn Vulnerable Web Application (DVWA)
CryptoCat
43K
Best FREE Vulnerability Scanner: Nessus Vs OpenVAS (Greenbone)
Pro Tech Show
26K
What is a Brute Force Attack? | A Practical Demonstration with Kali Linux and Metasploitable
That Cyber Guy Official
162
11 - XSS (Reflected) (low/med/high) - Damn Vulnerable Web Application (DVWA)
CryptoCat
39K
You will never ask about Kali Linux again! (Full guide about Kali Linux)
Hacker Joe
119K
How to find vulnerabilities and exploits
HailBytes
10K
12 - XSS (Stored) (low/med/high) - Damn Vulnerable Web Application (DVWA)
CryptoCat
31K
OWASP Top 10 2021 - The List and How You Should Use It
Cyber Citadel
72K
Scan Websites for Potential Vulnerabilities Using Vega in Kali Linux [Tutorial]
Null Byte
124K
Ethical Hacking 101: Web App Penetration Testing - a full course for beginners
freeCodeCamp.org
1.9M
The Beginner's Guide to Blind XSS (Cross-Site Scripting)
NahamSec
32K
5 best website pentesting tools on Kali Linux (tutorial)
Nour's tech talk
63K
Kali linux for Ethical Hackers 2021||Beginners to Advanced|| Tamil || Linux||
AJAK Cybersecurity
106K
Metasploit
David Bombal
390K
Kali Linux Explained!
Loi Liang Yang
152K
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.