Would you like to inspect the original subtitles? These are the user uploaded subtitles that are being translated: 1 00:00:01,599 --> 00:00:06,720 okay let me show you how to figure out 2 00:00:04,240 --> 00:00:08,879 whether a dictionary attack is possible 3 00:00:06,719 --> 00:00:10,400 in the web application or not 4 00:00:08,880 --> 00:00:12,480 what i've got here is a login 5 00:00:10,400 --> 00:00:15,199 functionality and 6 00:00:12,480 --> 00:00:17,440 what you see is that i am asked to 7 00:00:15,199 --> 00:00:20,079 provide an email and password 8 00:00:17,440 --> 00:00:21,118 there is no captcha right there is no 9 00:00:20,079 --> 00:00:23,839 captcha 10 00:00:21,118 --> 00:00:24,480 so what i need to do is try to figure 11 00:00:23,839 --> 00:00:27,359 out 12 00:00:24,480 --> 00:00:27,920 whether the account is blocked after 13 00:00:27,359 --> 00:00:31,760 let's say 14 00:00:27,920 --> 00:00:34,000 12 or 15 unsuccessful login attempts 15 00:00:31,760 --> 00:00:36,160 if it is not then the great chances are 16 00:00:34,000 --> 00:00:36,640 that dictionary attacks is possible and 17 00:00:36,159 --> 00:00:39,199 you can 18 00:00:36,640 --> 00:00:40,719 report something like this right away to 19 00:00:39,200 --> 00:00:43,040 the program owner right 20 00:00:40,719 --> 00:00:44,800 so uh what i'm gonna do right now is 21 00:00:43,039 --> 00:00:47,439 i've got my own account 22 00:00:44,799 --> 00:00:48,238 and well i can play with my own account 23 00:00:47,439 --> 00:00:51,519 right 24 00:00:48,238 --> 00:00:55,119 so my account is like david 25 00:00:51,520 --> 00:00:57,039 example.com and 26 00:00:55,119 --> 00:00:59,439 right now i'm gonna provide some invalid 27 00:00:57,039 --> 00:01:03,198 password right whatever right 28 00:00:59,439 --> 00:01:06,079 whatever and i see 29 00:01:03,198 --> 00:01:08,959 wrong email and or password i'm gonna do 30 00:01:06,079 --> 00:01:13,280 it again for a second time 31 00:01:08,959 --> 00:01:15,599 and arbitrary password again 32 00:01:13,280 --> 00:01:16,640 and i see the same message wrong email 33 00:01:15,599 --> 00:01:19,039 and or password 34 00:01:16,640 --> 00:01:20,079 now what i'm gonna do is i'm gonna 35 00:01:19,040 --> 00:01:23,840 repeat 36 00:01:20,079 --> 00:01:26,959 this kind of activity like 12 37 00:01:23,840 --> 00:01:30,000 13 15 times and see 38 00:01:26,959 --> 00:01:30,478 if i can still do this kind of attack or 39 00:01:30,000 --> 00:01:32,879 not 40 00:01:30,478 --> 00:01:34,560 or in other words whether i'm blocked or 41 00:01:32,879 --> 00:01:37,280 not whether i can get access 42 00:01:34,560 --> 00:01:39,680 to my account after 15 unsuccessful 43 00:01:37,280 --> 00:01:42,799 login attempts or not right 44 00:01:39,680 --> 00:01:45,280 so right now i'm gonna post this video 45 00:01:42,799 --> 00:01:46,640 and i'm going to do this additional 12 46 00:01:45,280 --> 00:01:48,560 or 13 47 00:01:46,640 --> 00:01:50,399 login attempts manually of course i 48 00:01:48,560 --> 00:01:52,079 could do some kind of automation here 49 00:01:50,399 --> 00:01:52,719 but there is no need i can do it very 50 00:01:52,078 --> 00:01:54,319 quickly 51 00:01:52,719 --> 00:01:56,158 so i'm gonna pause the video and i'm 52 00:01:54,319 --> 00:01:58,559 going to come back to you after two 53 00:01:56,159 --> 00:01:58,560 minutes 54 00:01:58,799 --> 00:02:05,040 okay guys i tried to log 55 00:02:02,000 --> 00:02:07,840 in to my account 15 times with 56 00:02:05,040 --> 00:02:10,239 arbitrary passwords and i have been 57 00:02:07,840 --> 00:02:13,120 unsuccessful all the time 58 00:02:10,239 --> 00:02:14,080 let me right now try to do it for the 59 00:02:13,120 --> 00:02:17,920 16th 60 00:02:14,080 --> 00:02:20,480 time let's see 61 00:02:17,919 --> 00:02:22,079 again the same message wrong email and 62 00:02:20,479 --> 00:02:24,799 or password 63 00:02:22,080 --> 00:02:26,800 and now the question is whether well i 64 00:02:24,800 --> 00:02:28,319 am blocked or not right whether my 65 00:02:26,800 --> 00:02:31,599 account is blocked or not 66 00:02:28,318 --> 00:02:34,799 i'll provide my email and 67 00:02:31,598 --> 00:02:35,679 my password my real password because i 68 00:02:34,800 --> 00:02:39,120 just want to see 69 00:02:35,680 --> 00:02:42,319 if i have been blocked or not 70 00:02:39,120 --> 00:02:43,280 in this 15 or 16 unsuccessful login 71 00:02:42,318 --> 00:02:46,399 attempts right 72 00:02:43,280 --> 00:02:49,598 so let me provide my real 73 00:02:46,400 --> 00:02:49,599 password right now 74 00:02:49,680 --> 00:02:56,239 and what i can see is that well i am 75 00:02:53,080 --> 00:02:56,560 authenticated so definitely i have not 76 00:02:56,239 --> 00:03:00,080 been 77 00:02:56,560 --> 00:03:00,640 blocked throughout this process of 15 78 00:03:00,080 --> 00:03:03,200 let's say 79 00:03:00,639 --> 00:03:04,958 unsuccessful login attempts and it 80 00:03:03,199 --> 00:03:05,839 clearly shows that this kind of attack 81 00:03:04,959 --> 00:03:07,680 is possible 82 00:03:05,840 --> 00:03:09,680 it clearly shows that dictionary attack 83 00:03:07,680 --> 00:03:12,080 is possible and you can do it 84 00:03:09,680 --> 00:03:13,920 really quickly you know you can figure 85 00:03:12,080 --> 00:03:17,360 out whether this kind of 86 00:03:13,919 --> 00:03:18,000 attack is possible or not so i hope that 87 00:03:17,360 --> 00:03:21,200 everything is 88 00:03:18,000 --> 00:03:22,519 clear right now and we can jump to the 89 00:03:21,199 --> 00:03:25,518 next 90 00:03:22,519 --> 00:03:25,519 video 5896