Would you like to inspect the original subtitles? These are the user uploaded subtitles that are being translated: 1 00:00:00,690 --> 00:00:03,880 Now let's translate this into our example. 2 00:00:03,880 --> 00:00:08,020 So in our example we're going to be targeting dimittis floatable machine. 3 00:00:08,020 --> 00:00:13,330 So our web server is going to be dimittis portable machine and we're not going to be using a DNS server 4 00:00:13,450 --> 00:00:18,670 so we're not going to be using a name like Facebook dotcom will be accessing the Web site directly use 5 00:00:18,670 --> 00:00:20,080 an IP address. 6 00:00:20,080 --> 00:00:25,960 So like we said before if we just go here to our portable machine I type in ifconfig you'll see that 7 00:00:25,960 --> 00:00:29,180 my IP is 10 20 14 to 14. 8 00:00:29,380 --> 00:00:38,080 And if I go here to my to upload it to my tally machine you'll see that if I type in 10 20 14 to 14 9 00:00:39,480 --> 00:00:42,150 you'll see that I can access my portable machine. 10 00:00:42,180 --> 00:00:51,270 So the web server here is dimittis Teutul machine itself the web applications are limited the page my 11 00:00:51,270 --> 00:00:53,100 admin DVD. 12 00:00:53,370 --> 00:00:59,070 And all of these so these are why applications and when you click on them you can see for example here 13 00:00:59,250 --> 00:01:00,700 it's written in BHB. 14 00:01:00,810 --> 00:01:03,540 So it's written in this programming language. 15 00:01:03,630 --> 00:01:08,750 It's also using a wide scale server which can be accessed through ph my Oddment. 16 00:01:08,760 --> 00:01:15,510 So these are just technologies used on the web server but the web server itself is the meat asteroidal 17 00:01:15,690 --> 00:01:17,820 machine here. 18 00:01:17,840 --> 00:01:23,900 So when you put the IP address when you put 10:24 into 14 we're actually accessing the floatable machine 19 00:01:24,200 --> 00:01:30,700 and inside dimittis voidable machine we have technologies we have interpretor that's run in PH. 20 00:01:30,830 --> 00:01:33,090 We have a web server and a database. 21 00:01:33,230 --> 00:01:37,660 And these are running the Web Application for us which is Matile today DVD. 22 00:01:37,700 --> 00:01:45,060 And all of them so when these components leave us to no one how we can hack a website so there is more 23 00:01:45,060 --> 00:01:50,330 than one thing that we can exploit to gain control over a website. 24 00:01:50,350 --> 00:01:54,700 Now the main thing the obvious things that you think of is the web applications. 25 00:01:54,710 --> 00:01:56,930 So it's the thing that you always interact with. 26 00:01:56,930 --> 00:02:02,460 For example in Facebook it's where you search for stuff and where you upload pictures where you write 27 00:02:02,460 --> 00:02:03,110 posts. 28 00:02:03,180 --> 00:02:07,920 All of these things are handled by the web application because it's the thing that you click the thing 29 00:02:07,920 --> 00:02:09,300 that you interact with. 30 00:02:09,300 --> 00:02:15,770 So for example if I go here on Matile day and I start browsing the web page this is my web application 31 00:02:15,780 --> 00:02:22,650 so every time I click on something it's being handled and executed by the web application on the web 32 00:02:22,650 --> 00:02:23,320 server. 33 00:02:23,610 --> 00:02:29,640 So if I could exploit this web application in some way if I could gain access to it if I could connect 34 00:02:29,640 --> 00:02:34,920 to the database because obviously this web application connects to the database then I'll be able to 35 00:02:34,920 --> 00:02:41,550 maybe gain control over the Web site and maybe even gain access to the web server and then get access 36 00:02:41,550 --> 00:02:43,260 to other web sites on the same server. 37 00:02:43,260 --> 00:02:46,110 We'll talk about all of that later in the course. 38 00:02:47,070 --> 00:02:52,560 The other way of gaining access to Web sites is using the computer itself. 39 00:02:52,560 --> 00:02:57,630 So let's say you claim your target was the VW 8 and you couldn't get in. 40 00:02:57,630 --> 00:03:00,870 You couldn't find an exploit in the web application itself. 41 00:03:00,900 --> 00:03:05,720 You tried everything you tried all the explosives will go to talk about and you just couldn't get in. 42 00:03:05,760 --> 00:03:11,430 Then your other option would be to exploit the programs installed on that computer because we said our 43 00:03:11,430 --> 00:03:17,090 web server or the Web site is installed on a normal computer just like your home computer. 44 00:03:17,110 --> 00:03:22,390 So if you couldn't get in use and do web applications what if there is one of the programs installed 45 00:03:22,390 --> 00:03:24,680 on the web computer on the computer itself. 46 00:03:24,720 --> 00:03:29,570 How does an exploit has a buffer overflow or remote execution exploit. 47 00:03:29,650 --> 00:03:35,020 What if the web server itself or the database program the program that's running the database itself 48 00:03:35,320 --> 00:03:41,290 had a remote root exploit that allows you to just gain access to the whole web server including all 49 00:03:41,290 --> 00:03:42,600 the Web sites inside it. 50 00:03:42,670 --> 00:03:48,250 So this will be really cool if you could get it if you couldn't find anything wrong with the applications 51 00:03:48,250 --> 00:03:52,100 installed on the web server on the operating system. 52 00:03:52,180 --> 00:03:56,800 Then you could target the humans because we know Web sites are managed by humans. 53 00:03:56,800 --> 00:04:02,260 For example Facebook you can't target mark or you can target the admins of Facebook for example. 54 00:04:02,260 --> 00:04:06,360 These admins obviously have more privileges on that website than new. 55 00:04:06,490 --> 00:04:12,220 And then they might be able to upload sensitive files to that Web site and then you can control it and 56 00:04:12,220 --> 00:04:14,830 Hockett by hacking into one of those people. 57 00:04:14,830 --> 00:04:19,870 So instead of maybe the Web site is very secure and the server is very secure and there is no way that 58 00:04:19,870 --> 00:04:25,540 you can get in but you can always exploit the humans using social engineering attacks and client side 59 00:04:25,540 --> 00:04:30,870 attacks to gain control or hack one of the people that manage that Target Web site and then maybe gain 60 00:04:30,940 --> 00:04:31,810 access to it. 61 00:04:33,640 --> 00:04:38,740 Now this course will be concerned with the web application penetration testing that's concerned with 62 00:04:38,740 --> 00:04:40,870 the first step with the first approach. 63 00:04:40,870 --> 00:04:46,870 So we're going to learn how to discover and exploit a large number of vulnerabilities that can be fine 64 00:04:46,960 --> 00:04:49,440 found in the web application itself. 65 00:04:49,450 --> 00:04:54,640 We're not going to be talking about server side attacks so the attacks that exploit the operating system 66 00:04:54,700 --> 00:04:59,680 and the applications installed on the operating system itself of the web server and we're not going 67 00:04:59,680 --> 00:05:05,620 to be talking about the client side attacks about attacking humans and how can their accounts and then 68 00:05:05,620 --> 00:05:07,160 gain access to the Web site. 69 00:05:07,450 --> 00:05:13,160 All of these these two the last two sections are actually covered into my general ethical hacking course 70 00:05:13,160 --> 00:05:18,700 so I have of course called them an ethical hacking from scratch work which covers those two aspects. 71 00:05:18,700 --> 00:05:24,140 Therefore in this course we're going to be focusing on the web application penetration testing sites 72 00:05:24,140 --> 00:05:29,480 so on how can the websites based on the web applications installed on that Web site. 8112