Would you like to inspect the original subtitles? These are the user uploaded subtitles that are being translated:
1
00:00:00,360 --> 00:00:01,050
Welcome back.
2
00:00:01,440 --> 00:00:08,490
Let's discuss bug bounty a little bit, we mentioned it in the previous video, but what exactly is
3
00:00:08,490 --> 00:00:08,640
it?
4
00:00:09,730 --> 00:00:17,560
There is one thing that we know it has nothing to do with the real bugs bug bounty or hunting for bugs
5
00:00:17,740 --> 00:00:22,060
is mostly referred to as discovering vulnerabilities in a Web page.
6
00:00:23,050 --> 00:00:26,950
Now you can hunt for bugs in applications and other type of programs.
7
00:00:27,310 --> 00:00:35,290
But usually when someone says bug hunting or bug bounty, it's referred to as a website bug or unknowability.
8
00:00:36,190 --> 00:00:42,690
Now, these women abilities can be anything from past verbal abilities, maybe they are not encrypted
9
00:00:42,850 --> 00:00:49,570
well and the attacker can easily break them, or perhaps there is a database of vulnerability and the
10
00:00:49,570 --> 00:00:56,410
attacker can extract all of the information from the database, including usernames, passwords, emails
11
00:00:56,410 --> 00:01:00,190
and other personal information that shouldn't be public.
12
00:01:01,230 --> 00:01:07,000
Some vulnerabilities can also target not only websites, but client devices as well.
13
00:01:07,950 --> 00:01:13,110
By this, I mean that they're going to build things that could also be dangerous for the client that
14
00:01:13,110 --> 00:01:14,980
visits a vulnerable Web page.
15
00:01:15,630 --> 00:01:21,420
But don't worry, all of this is something that people talk about in the course and we will explain
16
00:01:21,420 --> 00:01:23,080
how all of these attacks work.
17
00:01:23,670 --> 00:01:29,130
For now, it's important that we mention what do we need before we even start hacking?
18
00:01:30,140 --> 00:01:36,530
So the first thing that we want to do is to create a virtual environment, and this is something that
19
00:01:36,530 --> 00:01:40,980
we mentioned in the previous video, we want to create a virtual machine that we will use for hacking.
20
00:01:41,450 --> 00:01:46,490
This will be our own personal machine that we're strictly going to use to run different tools and perform
21
00:01:46,490 --> 00:01:47,420
different attacks.
22
00:01:47,990 --> 00:01:53,900
But we will also be installing vulnerable virtual machines that are running a Web page that we can attack
23
00:01:53,900 --> 00:01:55,190
and that we can practice on.
24
00:01:55,850 --> 00:01:57,160
Why you might be asking?
25
00:01:57,470 --> 00:02:01,390
Well, we can't just target any website without permission.
26
00:02:02,120 --> 00:02:07,790
That is why we are going to create our own machine with a website that we can attack as much as we want.
27
00:02:08,590 --> 00:02:11,860
Second thing that we must get used to is Kelly Linux.
28
00:02:12,220 --> 00:02:15,800
Now, Kelly, Linux is an operating system the penetration testers use.
29
00:02:16,390 --> 00:02:20,560
You probably already know it, but we are going to use it inside of this course.
30
00:02:21,310 --> 00:02:26,230
It is a Linux based operating system that comes with a bunch of useful tools that hackers need.
31
00:02:26,770 --> 00:02:34,150
Out of all of that, the most important thing for us to learn is to introduce ourselves with basic command
32
00:02:34,150 --> 00:02:36,010
line usage inside of Linux.
33
00:02:36,550 --> 00:02:38,370
Don't worry, it will be nothing to advance.
34
00:02:38,380 --> 00:02:39,940
We just want to cover the basics.
35
00:02:41,070 --> 00:02:48,720
And the last but not least, we need some basic website structure, knowledge, we need to understand
36
00:02:48,720 --> 00:02:53,280
the basics of website development just so we can understand the attacks better.
37
00:02:54,030 --> 00:02:58,920
For this, we need to know what different programming languages in web development are used for, and
38
00:02:58,930 --> 00:03:00,380
we need to recognize them.
39
00:03:01,020 --> 00:03:06,680
So we will briefly cover HTML JavaScript and ask you out.
40
00:03:07,620 --> 00:03:08,910
Why do we need to cover this?
41
00:03:09,360 --> 00:03:15,180
Well, most of these attacks are based on injecting code from these programming languages, but let's
42
00:03:15,180 --> 00:03:16,650
not confuse ourselves right now.
43
00:03:17,010 --> 00:03:19,340
We'll talk about that when the time comes.
44
00:03:19,980 --> 00:03:25,800
Right now, I want to show you a quick little bug that is easy to perform, yet it's still considered
45
00:03:25,800 --> 00:03:27,090
a small vulnerability.
46
00:03:27,720 --> 00:03:33,930
Just so I can give you an insight on how easy can it be to sometimes discover a bug?
47
00:03:35,020 --> 00:03:41,500
So here I am on a Web page that I'm running inside of my local network and we can see that this Web
48
00:03:41,500 --> 00:03:44,280
page right here performs a simple task.
49
00:03:44,650 --> 00:03:47,980
It asks us to enter the background color that we would like to see.
50
00:03:48,460 --> 00:03:51,430
Whatever color we enter, the background will change color.
51
00:03:52,410 --> 00:03:59,700
So, for example, if I type red and said background color, nothing will change because it tells us
52
00:03:59,700 --> 00:04:03,780
to enter the color in this format and it even gives us an example.
53
00:04:04,320 --> 00:04:10,500
Now, this is not important for us, so let's just copy the example for the red color and let's paste
54
00:04:10,500 --> 00:04:11,930
it right here.
55
00:04:12,540 --> 00:04:16,980
If we set background color while it changes to red.
56
00:04:17,850 --> 00:04:21,570
But is this the only thing that this Web page can perform?
57
00:04:22,470 --> 00:04:28,170
What if we, for example, try to inject HTML code inside this input right here?
58
00:04:29,070 --> 00:04:30,470
Well, let's give it the try.
59
00:04:30,600 --> 00:04:39,270
The most simple HTML code we can enter is each one which stands for header size one and then test and
60
00:04:39,270 --> 00:04:41,610
then we close the tags for the header.
61
00:04:42,840 --> 00:04:50,520
Don't worry, if you don't notice, we will cover this as well, and if we set background color, it
62
00:04:50,520 --> 00:04:54,090
tells me the current background color is best.
63
00:04:54,780 --> 00:05:00,540
Just by looking at this, I can already tell that this is a bug in this webpage.
64
00:05:01,140 --> 00:05:06,840
You might not be able to tell it right now, but by the end of the course, recognizing these bugs will
65
00:05:06,840 --> 00:05:08,190
become second nature for you.
66
00:05:08,910 --> 00:05:10,950
So what did they notice here?
67
00:05:11,130 --> 00:05:18,990
Well, we typed some text in the size of a header one, and it seems that this website or web page executed
68
00:05:18,990 --> 00:05:19,200
it.
69
00:05:19,680 --> 00:05:25,530
It read it as an HTML code and it printed our text in size of header one.
70
00:05:26,580 --> 00:05:33,870
Even if we tried to, for example, underline by using you inside of the HTML tags and using header
71
00:05:33,870 --> 00:05:44,400
one and then typing test again, then we close header one and close underline text, we click said background
72
00:05:44,400 --> 00:05:44,760
color.
73
00:05:45,770 --> 00:05:53,840
Well, now we got our text written in size header one and also underlined, and this is called HTML
74
00:05:53,840 --> 00:06:01,310
injection, this is a bug for the Web page, allows you to input HTML code in some user input field,
75
00:06:01,310 --> 00:06:03,680
which in this case is this background color field.
76
00:06:04,100 --> 00:06:10,910
And the Web page will process it as HTML code so we can conclude that this user input is not filtered.
77
00:06:11,060 --> 00:06:14,900
Well, if this is too overwhelming for now, don't worry.
78
00:06:14,900 --> 00:06:18,200
We will explain all of this in details later in the course.
79
00:06:18,380 --> 00:06:24,470
I just want to show you a cool little bug that is so easy to find, yet it is discoverable in so many
80
00:06:24,470 --> 00:06:26,140
websites that are currently online.
81
00:06:26,810 --> 00:06:30,510
Now, enough of talking now that you explained bug bounty a little bit.
82
00:06:30,710 --> 00:06:35,150
Let's get straight into setting up our virtual environment, see in the next video.
9078
Can't find what you're looking for?
Get subtitles in any language from opensubtitles.com, and translate them here.