2.1 Reflected XSS - Lab 1

Hi, everyone. Welcome back to the course. So in the last video, we learned about what caressing scripting is. We also talked about the different types. So if you remember, we talked about stored or as it's more commonly called persistent, we also talked about reflected which we're gonna be doing in this lab on then also Don based. So in this lab, Or as I mentioned, we gonna be doing the reflected across that scripting attack. This one's a very simple one. There's gonna be basically changing the u. R L and attempted to run our malicious script. So just make sure you're locked into the cyber, a website which you should be already. If you're watching this video and there in the catalog, you're gonna be searching for this long name here this introduction of a lost top 10 a seven et cetera, et cetera. Wth e. Easiest thing to do is just type in a seven and search for that and you'll see that I'll pull it up right up there for you.

‍

So go ahead and click on that and they cook the launch button right there, and it's gonna give you one more option here We just need to click that launch item button. It's gonna open that in a separate tab of our browser there. And it takes about a minute or so to actually pull two slaps. I'm gonna briefly pause a video while it pulls it up, and then we'll get started again. All right, Welcome back. So, you see, we've got our lab pulled up here now, a couple of housekeeping keeping items real quick. You'll notice some pop ups that might occur. Just go ahead and ex out of those, or you can read through if you want to. The other thing with these particular labs is you'll want to actually have to manually mark your progress in them.

‍

Now for the first lab here, it'll it will actually be this first lap that they have offered here. So you can go ahead mark through these, as you log in with, like Student, for example for the user's password. But the second lab that we're doing, I've kind of merged the last two labs. I've taken components from those so you'll actually want to go through those laugh separately on your own to get 100% on this entire lab and fire it. So I just want to mention that in advance that the very first lab are doing here. In this video, you'll be able to go through Mark through as we do the steps. However, for the next couple of labs, you just want to do those on your own and the next lab that we're doing. I've taken components of the last couple of labs. The other thing I want to mention is we're gonna be long in here in just a second, but you want to use the user name and password of student.

‍

If you try to use the traditional Callie lyrics, user name and password of root and tour, it's going to It's going to let you lock in. But you won't see the chrome option, which we actually will need to complete this lap. So just f Y I on that. If you log in and you don't see chrome, it's more than likely because you did not use student for the user name and password. All right, let's go back to our lab document real quick and you'll see here as we after we've launched our lab that here on step six, we're gonna be logging in this. I mentioned with the user name of student and the password of students.

‍

Let's go ahead and do that now. So a student all over case from both the user name and password. Now, once it locks us into Callie lyrics, we're gonna see the chrome option by using the student using a password. As I mentioned, if you try to use the normal Kelly Landis love and it's going to it's going to still love you in. But you will not see chrome here on the left side. Course we go back to our lab document. Our next step here and Step seven is to actually go ahead and launch Chrome's. Let's do that. Now Just go and click that little icon there. It looks like kind of a blue square near the top left of the menu there, and it should automatically open up the Mattila Day page for us. I'd like to expand this out just a little bit. All right, so let's go back to our lab document to see what we need to actually do.

‍

All right, so now we're gonna go down to the password generator option so here and Step eight through 11 we're gonna be selecting these different menu options. So let's go and do that. So we're gonna be here on the top left with a lost 2017. We're gonna then come over to a seven across state scripting. We're gonna go to reflected first order, and then we're gonna go down to the password generator. I usually have to scroll down the page a little bit. It's down here near the bottom and had to be careful with your mouth. Because sometimes if you just move your mouth a little bit, you see, it all disappears on you. So just keep that in mind that it can be frustrating. Just be patient with it, and you'll eventually get to the correct spot. All right, so we're going to pass for a generator. And now we're at this page here. So the first thing we're gonna do is actually change this anonymous Too quirky, as you'll see in the lab document here.

‍

So here, in step 12 were to change anonymous to acquire tea in that you are ill, and then we're just gonna press enter. And our goal is to see if we can find a user name that's mentioned in the girl. And by the way, if you haven't downloaded this lab document yet, the lab documents are available of the resource is section. If for some reason you don't see them and they're sending email to support at cyber dot idea to let them know sometimes it's a little buggy and they may disappear on us on, so just let us know we'll get him back in there for you. All right, So here, we're gonna come up to our u R l just click in there and then we're gonna take out anonymous, and we're typing quirky. All right, once you've typed that in this press Internet keyboard there, and we just want to see doesn't tell us the user name. Obviously, we're told that right, this password is for clarity. So we know that Quartey is the user name there. All right, let's go back to our lab document.

‍

So now we're just gonna right click on the page here, Step there, 13 and view the source, and then we're just gonna go look for the word Quartey in there. So we're gonna do that by doing control f So let's go and do that. Now sits right click good on the view page source on this stage here, you're just gonna do control f on your keyboard. We'll see it opens a little search box for you and then just type in where t and you'll see it will find that for you and you'll see here. It says this password is work Were D So we obviously know the user name is still Quartey. And again, we already knew that. All right, let's go back to our lab doctor, you know? So now our last up here is What I mentioned were to me, typing in the malicious code into our Eurail. It's not actually malicious. It's really just given us a little pop up saying it's malicious JavaScript, but you'll get the generalized idea of how easy it is for an attacker to do this type of attack, especially if they observe escaped Uriel that they have the Clipper.

‍

All right, so let's go ahead and start off by closing our of UK source option there and coming back to our main page here, and then we're gonna go ahead and type in all of this right here into the ur elsewhere. If I've been Corti s, So, uh, let me clarify here. We're gonna be typing it right after the word queer T. So right here will tie pin quality, which we already have, and they will take the rest of the string there, so we'll type in again. We have clarity, and there will type in our quotation mark a semi colon alert, left currency quotation, malicious space JavaScript, quotation left. Excuse me. Right. Parenthesis e semi colon verre space test X y Z equals quotation tests and then we'll hit, enter in.

‍

The goal here is to see a pop up that mentions malicious John screen. So we want to see a pop, a box that says malicious Java script. And if we do have that, we know that we were successful. So let's go ahead and type all this in now. So again, I already got the word queer attacked in there. So I'm gonna be a little lazy here and just leave that, not type it again. We'll put a quotation mark. You know, we've been mass out of the way there. We'll put a semi colon. Where to put the word alert.

‍

All lower case. We'll put a left parentheses. We're gonna put a quotation mark again. Malicious with a capital n Space Java script. All right, then put another quotation mark to close that out. A right parentheses. E a semicolon again. We're gonna put var trist x y z equals another quotation mark, And then the word tests. All right, so once you've typed all that in so again, we've already had Quartey in there. So we left that there. We talked in a quotation marks semi colon, The word alert. We put a left turn to see a quotation than malicious space. JavaScript. We ended that with a quotation that we did the right parentheses. E a cynical and ver test x y z We did the equal sign a quotation and then the word test all over case when she talked that long, sharing in there where it's gonna pressed, enter on the keyboard.

‍

And if you see what I see on my screen, you were successful, right? You should see that little puppet box that basically just says malicious drop Javascript. Obviously an attacker is not gonna give you something that easy. You're not gonna see a message that says, Hey, you're being hacked. But you get the generalized idea of how simple this type of attack is and why it's so common. The downside of this attack is if I close the browser something like that. Obviously the taxes no more. And the attacker would have to do that every single time unless they've done a stored attack where it's on the server. And every time I visit that website or someone visits that website, a Web page, they get re infected with it. All right, so in this video was just a simple example of a reflected cross site scripting attack. In the next video wording, go ahead and do a browser hook with a tool called beef.