The content of this video is meant to be educational
and its aim is to advise on how to improve security
in the computational systems of the viewer.
Today we'll learn how to access a restricted area
protected by username and password
using Burp Suite and Hydra.
This video is sponsored by binaria.uno;
audit your company's security with a penetration test
or delegate your server administration.
For more information, visit www.binaria.uno.
Welcome, all of you my friends to a new Hackwise episode!
Many of you have been asking on my social networks
why do I not upload a course on ethical hacking?
And that's why, because you asked for it,
that today I'll start uploading videos about these topics
so together we can learn about the wonderful world
of information security.
So, my friends...
"Welcome to Hackwise Academy"
This new series, Hackwise Academy, has three different levels of complexity:
The first one being the basic level,
second one being intermediate
and finally the third level, advanced.
The practice we'll carry out today
is Intermediate level.
Remember that this video has been created
with an educational purpose in mind,
to learn how hackers can obtain our passwords
and that way, defend ourselves against these type of attacks.
To follow this video along, it is necessary
to prepare two virtual machines beforehand:
The first one must have Ubuntu Server installed,
and the second one must have Kali Linux installed on it.
If you don't know how to run these virtual machines yet,
I'll leave a video here where I show you how to do it
so you can watch it and learn.
In this video we'll use the following tools.
Virtualbox to run our virtual machines;
Ubuntu Server and Kali Linux for our operating systems
for our virtual machines acting as victim and attacker;
DVWA which will be our victim's site;
The Burp Suite proxy server;
and lastly, Hydra on Kali Linux which we'll use to
carry out a dictionary attack
(brute-force) for the passwords.
The attack we'll carry out on this video
consists in putting ourselves in the middle of the connection
between server and client
with the Burp Suite proxy, and capturing the cookie and Session ID
of the login system,
and then using Hydra with this information
to perform a dictionary attack to obtain the password.
First, we'll have to mount a LAMP server
to install and run DVWA on it.
It's called DVWA because of the name's initials,
"Damn Vulnerable Web Application"
which is a web application writen in PHP and MySQL
that was designed to be incredibly vulnerable.
This means that in this app, we can use different hacking techniques
to comprehend and learn their operation
in a controlled and perfectly legal environment.
Now, let's begin by installing our LAMP server
(Linux, Apache, MySQL, PHP)
We'll connect to our Ubuntu server
with a terminal window or PuTTY.
Then, we'll enter the command "sudo su -"
to open a shell with root privileges.
Now, we'll install Apache2 from the Ubuntu repositories.
And we'll also install the MySQL server.
Once the MySQL packages have been installed,
we'll run the following command:
mysql_secure_installation
and we'll follow the steps shown here.
Now, we'll install PHP and some libraries from repo
so it can be used with MySQL.
We'll use the command: "ifconfig"
to find out our server's IP adress and we'll copy that.
We'll restart the apache2 service to apply our changes
and we'll paste the IP address on our clipboard
to our favorite web browser.
As we can see, our Apache server is working properly.
Now that our LAMP server is ready,
we'll have to carry out extra installations and configurations
so DVWA will allow us to perform different attacks on it.
This is really important! Do not publish DVWA on a VPS.
I suggest that you mount both the victim and the attacking systems
in virtual machines on your computer
so you can shut them down when not needed
for security concerns.
Now, I'll show you how to install DVWA.
We'll visit www.dvwa.co.uk
and we'll copy the download link for DVWA.
Then, with the command "wget" we'll download
the DVWA zip file on our server's terminal window.
Install unzip...
so we can decompress the file we just downloaded.
We'll move the DVWA-master folder
to our Apache server's published sites folder.
Change directory to the config folder
to then make a copy of the DVWA sample config file
to set up DVWA's configuration.
Now, with our favorite text editor in our terminal window,
we'll open config.inc.php
and look for the lines where the username and
password are configured for the database
that will work with DVWA.
We'll save the changes and exit the text editor.
Now, we'll install php-gd
and change the permissions for /uploads/,
phpids_log and config as shown.
We'll open php.ini
and change the "allow_url_include" parameter to "On".
Lastly, restart the apache2 service to reflect the changes.
With these installations we're almost ready.
We just have to create and configure a database
to finish installing the system.
We'll run the command: "sudo mysql" to access as root
and then we create the databse "dvwa".
Afterwards, create a user named "dvwa"
with a password, that in this case will be "toor".
And we'll give all privileges to dvwa
so it can work with all tables in the database
called dvwa.
In our browser, we'll go to the adress
where DVWA is installed,
and we click on the "Create / Reset database" button.
And done! DVWA is installed,
and now we can access it with the username "admin"
and the default password "password".
Now that the victim's environment is fully installed and configured,
we'll open our Kali Linux VM to carry out our attack.
Remember that at this moment, our objective is
trying to calculate the DVWA password
with a dictionary attack.
In our Kali Linux VM
we'll open Burp Suite
and start a new project.
We'll go to the Proxy tab and then select "options"
where we can see the data of our proxy listener.
We'll open Firefox and go to the preferences in the browser.
Then, go to Advanced>Network,
and click on "Settings".
On this screen, select "Manual proxy configuration"
and we'll enter our proxy listener's data taken from
the Burp Suite screen.
Go to the "Brute Force" section on DVWA
to practice our brute force attack
on a login in our hacking lab.
We'll try to access the login on DVWA with fake credentials
so Burp Suite can capture all the information
of what happens when logging into the system.
On the Proxy Intercept tab in Burp Suite,
the data we'll need for our attack is shown.
Burp Suite has helped us obtain all the information
needed to carry out our attack.
Thanks to that, we'll attack using Hydra.
We'll open a terminal window on our Kali Linux
and start crafting our brute force attack
against our test login in our hacking lab.
We'll run the command:
"hydra [victim's IP] -l [username to be attacked] -p [route to the dictionary that we want to use on the attack]"
followed by the type of attack that in this case is
http-get and we'll input the route shown by Burp Suite
where the login request script is run
followed by the "username" and "password" variables"
that will be substituted by Hydra
on each access attempt.
And we'll write the text shown by our login when the password is incorrect,
so Hydra will detect if the attempt was unsuccesful.
Lastly, we'll write the cookie captured with Burp Suite
and we launch our attack.
At this moment Hydra is attempting to access
the brute force attack test login of DVWA
trying out each and every one of the passwords in the dictionary file.
And after a few seconds, it manages to hack the system
showing us the username and password.
We did it! We've hacked the system!
We managed to access with the username "admin" and password "password".
As seen, this is one of the attacks
that can be carried out on the DVWA test platform.
What do you think? Did you like it?
If this video reaches 5,000 likes and you subscribe to this channel,
I'll continue this Hackwise Academy series.
Help me find out what other technique you'd like to learn
by mentioning it on the comments.
This type of attacks can be easily prevented:
For example, as programmers, something we can do
would be keeping count of the login attempts to one username.
And when detecting a lot of failed attempts,
simply block the attacker's IP address.
If this video wasn't clear to you, don't feel bad!
You just need to learn a bit more.
But look, I suggest practicing with your friends
and study a bit about the command line
and the basics of PHP and MySQL.
Remember that this video can be watched as many times as you want.
I suggest pausing as many times as needed
to follow the procedure.
Come on, you can do it!
If you managed to finish this, the first practice of Hackwise Academy,
it'd be great if you sent me a screenshot of your results
to my social networks: Instagram or Twitter
using the hashtag #HackwiseAcademy
And well, my friends, that's all for today's video!
I want to send special thanks to our friends at binaria.uno
for sponsoring this, the first episode of Hackwise Academy.
Don't forget to subscribe, like this video and share it with your friends.
Remember that my name is César Gaytán,
@mrebola on Twitter, hackwisemx on Facebook,
mr.ebola on Instagram, until next time!
This video was sponsored by binaria.uno,
audit your company's security with a penetration test
or delegate your server administration.
For more information, visit www.binaria.uno
For more infomation >> ¡Golazo de Puebla! La Franja mete las que el Diablo perdona - Duration: 0:47. 
Không có nhận xét nào:
Đăng nhận xét