Would you like to inspect the original subtitles? These are the user uploaded subtitles that are being translated:
1
00:00:00,690 --> 00:00:03,880
Now let's translate this into our example.
2
00:00:03,880 --> 00:00:08,020
So in our example we're going to be targeting dimittis floatable machine.
3
00:00:08,020 --> 00:00:13,330
So our web server is going to be dimittis portable machine and we're not going to be using a DNS server
4
00:00:13,450 --> 00:00:18,670
so we're not going to be using a name like Facebook dotcom will be accessing the Web site directly use
5
00:00:18,670 --> 00:00:20,080
an IP address.
6
00:00:20,080 --> 00:00:25,960
So like we said before if we just go here to our portable machine I type in ifconfig you'll see that
7
00:00:25,960 --> 00:00:29,180
my IP is 10 20 14 to 14.
8
00:00:29,380 --> 00:00:38,080
And if I go here to my to upload it to my tally machine you'll see that if I type in 10 20 14 to 14
9
00:00:39,480 --> 00:00:42,150
you'll see that I can access my portable machine.
10
00:00:42,180 --> 00:00:51,270
So the web server here is dimittis Teutul machine itself the web applications are limited the page my
11
00:00:51,270 --> 00:00:53,100
admin DVD.
12
00:00:53,370 --> 00:00:59,070
And all of these so these are why applications and when you click on them you can see for example here
13
00:00:59,250 --> 00:01:00,700
it's written in BHB.
14
00:01:00,810 --> 00:01:03,540
So it's written in this programming language.
15
00:01:03,630 --> 00:01:08,750
It's also using a wide scale server which can be accessed through ph my Oddment.
16
00:01:08,760 --> 00:01:15,510
So these are just technologies used on the web server but the web server itself is the meat asteroidal
17
00:01:15,690 --> 00:01:17,820
machine here.
18
00:01:17,840 --> 00:01:23,900
So when you put the IP address when you put 10:24 into 14 we're actually accessing the floatable machine
19
00:01:24,200 --> 00:01:30,700
and inside dimittis voidable machine we have technologies we have interpretor that's run in PH.
20
00:01:30,830 --> 00:01:33,090
We have a web server and a database.
21
00:01:33,230 --> 00:01:37,660
And these are running the Web Application for us which is Matile today DVD.
22
00:01:37,700 --> 00:01:45,060
And all of them so when these components leave us to no one how we can hack a website so there is more
23
00:01:45,060 --> 00:01:50,330
than one thing that we can exploit to gain control over a website.
24
00:01:50,350 --> 00:01:54,700
Now the main thing the obvious things that you think of is the web applications.
25
00:01:54,710 --> 00:01:56,930
So it's the thing that you always interact with.
26
00:01:56,930 --> 00:02:02,460
For example in Facebook it's where you search for stuff and where you upload pictures where you write
27
00:02:02,460 --> 00:02:03,110
posts.
28
00:02:03,180 --> 00:02:07,920
All of these things are handled by the web application because it's the thing that you click the thing
29
00:02:07,920 --> 00:02:09,300
that you interact with.
30
00:02:09,300 --> 00:02:15,770
So for example if I go here on Matile day and I start browsing the web page this is my web application
31
00:02:15,780 --> 00:02:22,650
so every time I click on something it's being handled and executed by the web application on the web
32
00:02:22,650 --> 00:02:23,320
server.
33
00:02:23,610 --> 00:02:29,640
So if I could exploit this web application in some way if I could gain access to it if I could connect
34
00:02:29,640 --> 00:02:34,920
to the database because obviously this web application connects to the database then I'll be able to
35
00:02:34,920 --> 00:02:41,550
maybe gain control over the Web site and maybe even gain access to the web server and then get access
36
00:02:41,550 --> 00:02:43,260
to other web sites on the same server.
37
00:02:43,260 --> 00:02:46,110
We'll talk about all of that later in the course.
38
00:02:47,070 --> 00:02:52,560
The other way of gaining access to Web sites is using the computer itself.
39
00:02:52,560 --> 00:02:57,630
So let's say you claim your target was the VW 8 and you couldn't get in.
40
00:02:57,630 --> 00:03:00,870
You couldn't find an exploit in the web application itself.
41
00:03:00,900 --> 00:03:05,720
You tried everything you tried all the explosives will go to talk about and you just couldn't get in.
42
00:03:05,760 --> 00:03:11,430
Then your other option would be to exploit the programs installed on that computer because we said our
43
00:03:11,430 --> 00:03:17,090
web server or the Web site is installed on a normal computer just like your home computer.
44
00:03:17,110 --> 00:03:22,390
So if you couldn't get in use and do web applications what if there is one of the programs installed
45
00:03:22,390 --> 00:03:24,680
on the web computer on the computer itself.
46
00:03:24,720 --> 00:03:29,570
How does an exploit has a buffer overflow or remote execution exploit.
47
00:03:29,650 --> 00:03:35,020
What if the web server itself or the database program the program that's running the database itself
48
00:03:35,320 --> 00:03:41,290
had a remote root exploit that allows you to just gain access to the whole web server including all
49
00:03:41,290 --> 00:03:42,600
the Web sites inside it.
50
00:03:42,670 --> 00:03:48,250
So this will be really cool if you could get it if you couldn't find anything wrong with the applications
51
00:03:48,250 --> 00:03:52,100
installed on the web server on the operating system.
52
00:03:52,180 --> 00:03:56,800
Then you could target the humans because we know Web sites are managed by humans.
53
00:03:56,800 --> 00:04:02,260
For example Facebook you can't target mark or you can target the admins of Facebook for example.
54
00:04:02,260 --> 00:04:06,360
These admins obviously have more privileges on that website than new.
55
00:04:06,490 --> 00:04:12,220
And then they might be able to upload sensitive files to that Web site and then you can control it and
56
00:04:12,220 --> 00:04:14,830
Hockett by hacking into one of those people.
57
00:04:14,830 --> 00:04:19,870
So instead of maybe the Web site is very secure and the server is very secure and there is no way that
58
00:04:19,870 --> 00:04:25,540
you can get in but you can always exploit the humans using social engineering attacks and client side
59
00:04:25,540 --> 00:04:30,870
attacks to gain control or hack one of the people that manage that Target Web site and then maybe gain
60
00:04:30,940 --> 00:04:31,810
access to it.
61
00:04:33,640 --> 00:04:38,740
Now this course will be concerned with the web application penetration testing that's concerned with
62
00:04:38,740 --> 00:04:40,870
the first step with the first approach.
63
00:04:40,870 --> 00:04:46,870
So we're going to learn how to discover and exploit a large number of vulnerabilities that can be fine
64
00:04:46,960 --> 00:04:49,440
found in the web application itself.
65
00:04:49,450 --> 00:04:54,640
We're not going to be talking about server side attacks so the attacks that exploit the operating system
66
00:04:54,700 --> 00:04:59,680
and the applications installed on the operating system itself of the web server and we're not going
67
00:04:59,680 --> 00:05:05,620
to be talking about the client side attacks about attacking humans and how can their accounts and then
68
00:05:05,620 --> 00:05:07,160
gain access to the Web site.
69
00:05:07,450 --> 00:05:13,160
All of these these two the last two sections are actually covered into my general ethical hacking course
70
00:05:13,160 --> 00:05:18,700
so I have of course called them an ethical hacking from scratch work which covers those two aspects.
71
00:05:18,700 --> 00:05:24,140
Therefore in this course we're going to be focusing on the web application penetration testing sites
72
00:05:24,140 --> 00:05:29,480
so on how can the websites based on the web applications installed on that Web site.
8112
Can't find what you're looking for?
Get subtitles in any language from opensubtitles.com, and translate them here.