WEBVTT 00:01.240 --> 00:06.680 Okay, now that we have installed Metasploitable in virtual machine. 00:07.000 --> 00:08.240 Okay, that is here. 00:09.760 --> 00:16.400 Now let's see and how we can hack a website. 00:16.440 --> 00:17.280 Okay. 00:17.320 --> 00:22.680 Whenever we are trying to access the internet, for example, we are opening a browser. 00:23.880 --> 00:32.000 We are searching for something, for example for google.com and it is trying to access the google.com. 00:32.000 --> 00:39.200 And between these two things okay, we have web application that is here installed in my system. 00:39.200 --> 00:42.840 For example, this browser that is here is a web application. 00:42.840 --> 00:51.320 And also we have the web server that is the real server that the real data is uh stored there, for 00:51.320 --> 00:55.320 example Facebook server okay, or Google server or anything. 00:56.480 --> 01:03.500 And now that I am for example searching on browser google.com this These google.com. 01:03.700 --> 01:05.740 The real server will not understand this. 01:05.780 --> 01:11.580 Okay, so between these two there is something else that is called DNS server. 01:11.580 --> 01:17.460 So this DNS server is responsible for changing this name or domain name to the IP. 01:17.460 --> 01:21.500 And also translating the IP back to real name okay. 01:22.300 --> 01:28.300 So uh, I mean that we can hack two things here. 01:28.340 --> 01:28.780 Okay. 01:29.380 --> 01:36.500 The first thing is, uh, we can do the attack or, uh, doing this hack stuff on web application, 01:36.500 --> 01:40.580 like, uh, Facebook and also other stuff. 01:40.580 --> 01:44.940 Okay, on the browser, the real website, for example, the interface. 01:45.380 --> 01:47.980 And also we have the web server. 01:48.020 --> 01:48.660 Okay. 01:48.700 --> 01:52.900 That means the real server, uh, we can do the attack on web server. 01:53.220 --> 01:55.620 And also there's two stuff. 01:55.660 --> 01:56.020 Okay. 01:56.900 --> 02:03.460 And the web server is just like for example web server in here we have our metasploitable here. 02:04.020 --> 02:06.040 Uh, that is the web server now. 02:06.080 --> 02:06.480 Okay. 02:07.240 --> 02:11.360 And also from here, which is the web application in my Kali Linux. 02:12.200 --> 02:13.840 Let me show you in real example. 02:13.880 --> 02:14.280 Okay. 02:15.160 --> 02:21.040 For example in here I use if ifconfig ifconfig. 02:21.040 --> 02:25.400 And you see we have an IP here called 10 to 10. 02:25.440 --> 02:26.800 0 to 13. 02:26.840 --> 02:27.480 Okay. 02:27.520 --> 02:35.720 Now in browser if I just try to access this IP because we are in the same network and also that is the 02:35.720 --> 02:39.400 metasploitable and that is a web server. 02:39.440 --> 02:40.360 Okay. 02:40.400 --> 02:45.400 Right now so ten 0 to 13. 02:45.400 --> 02:51.760 So you see that I can access the metasploitable that is running in the other virtual machine. 02:51.880 --> 02:57.400 And you see I have these all application for example phpMyAdmin. 02:57.400 --> 03:00.320 You see that it is a server. 03:00.360 --> 03:00.520 Okay. 03:00.560 --> 03:04.640 And also I have this one okay. 03:05.940 --> 03:10.980 And also I have a dvwa. 03:11.020 --> 03:14.860 This is another thing that we can hack this. 03:14.900 --> 03:15.740 Okay. 03:15.780 --> 03:21.260 So now if I hack the real server, which is the metasploitable, this is the server. 03:21.300 --> 03:21.500 Okay. 03:21.540 --> 03:25.380 If I hack the real server, I will be able to access a lot of things here. 03:25.380 --> 03:28.580 For example, I can access phpMyAdmin. 03:28.620 --> 03:31.660 The other website, the other website, the other website, the other website. 03:31.700 --> 03:32.340 Okay. 03:32.380 --> 03:39.980 I kind of have access in a lot of things, but if I hack the web application, for example, something 03:39.980 --> 03:49.140 that is into this browser and for example, this book, if I try to hack Facebook, I will be able to 03:49.180 --> 03:50.500 hack only one of these. 03:50.540 --> 03:50.740 Okay. 03:50.780 --> 03:52.140 For example, one thing. 03:52.620 --> 03:58.620 And also, if you are not able to do both of these, then we can do another thing that is called social 03:58.620 --> 04:01.340 engineering and we can target the human. 04:01.380 --> 04:01.820 Okay. 04:03.140 --> 04:07.740 So uh, or uh the client side okay. 04:07.780 --> 04:09.910 That is managed by human. 04:10.270 --> 04:17.230 So in here you see that we can have access to the Metasploitable. 04:17.670 --> 04:21.750 And here we will be creating our script. 04:21.790 --> 04:25.110 Python script to hack all this. 04:25.150 --> 04:25.750 Okay. 04:25.790 --> 04:30.630 For this, our script on this phpMyAdmin for example. 04:30.670 --> 04:31.350 Okay. 04:31.390 --> 04:36.470 And also in this website, this website a lot of websites you see here. 04:36.510 --> 04:37.150 Okay. 04:37.190 --> 04:40.270 We will be able to test our script on these tabs. 04:40.710 --> 04:46.390 And if we pass it then we will be using them on real website. 04:46.430 --> 04:47.230 Okay. 04:47.270 --> 04:52.030 And I have to tell you that never try to use a script. 04:52.390 --> 04:54.950 Your tools okay. 04:54.990 --> 04:57.510 On real system without permission. 04:57.870 --> 05:08.910 So in here we are using our own tools, our own virtual lab and try to to not to harm anyone okay. 05:08.950 --> 05:09.750 Anyone else. 05:10.010 --> 05:15.090 So in here, I showed you how you can have access. 05:15.130 --> 05:20.450 Access the Metasploitable server using its IP address from Kali Linux. 05:20.690 --> 05:30.450 Right now you see, I am in Kali Linux and I have access to this Metasploitable and Metasploit Metasploitable 05:30.490 --> 05:30.770 two. 05:30.810 --> 05:31.210 Okay. 05:32.050 --> 05:40.410 And also I give you a very short explanation about how this website, web application, server side, 05:40.410 --> 05:43.490 how this works and that is it. 05:43.490 --> 05:43.930 Okay. 05:43.970 --> 05:52.410 So let's move for the next section or for the next lecture to see how we can create our tools to use 05:52.410 --> 05:54.570 them to get information. 05:54.570 --> 05:54.970 Okay. 05:55.010 --> 06:06.570 Scan these applications okay these websites and get information and also try to hack them or if we are 06:06.610 --> 06:07.330 able or not. 06:07.370 --> 06:08.730 So let's go and see that. 06:09.810 --> 06:12.850 And thanks for watching.