OWASP

Course
Time
4 hours 32 minutes
Difficulty
Beginner
CEU/CPE
5

Video Transcription

00:01
Hi, everyone. Welcome back to the course. So in the last video we talked about broken off medication.
00:06
In this video, we're gonna jump into our last. We'll take a look at an example of broken authentications. Specifically, we're gonna alter a cookie in the Web browser, and we're to see if, from that alteration we can actually escalate privileges from a standard user account to potentially getting some kind of administrator account access.
00:23
So I've already gone ahead and launched the cyber lab environment. If you haven't done so yet, grand pauses for you to search for the whole last lab for broken authentication and we'll go and get you walked in.
00:34
Now it may take up to a minute or so to actually launch the lab again. A lot of that depends on your particular connection speed at where you're at
00:41
now, as soon as the lab launches will see these pop ups in the background and we'll see that in this particular lab environment throughout the entire course. As we use these labs, we'll see these pop up box is all we have to do is just click the next button and then the okay button close him out.
00:56
You'll also see that we get some random public's here. So talking about, you know Hey, you can check your score, etcetera. Of this particular environment, we this ex out of those as well. You're welcome to read through those on your own. I'm not going to read through them at all because I've already watched him, like, a 1,000,000 times.
01:11
All right, so now we're gonna go ahead and get loved into our Callie machine. So the way we do that, we're just gonna type in a user name of student all over case.
01:21
And now you'll notice this difference than if you had your own Callie instance which, you know, the user name and password is normal route and tour T o. R. In this case, we're just using the word student
01:30
for both easy name and password.
01:34
So once you got that in to see their hit and turn a keyboard and quit the signing button and same thing with a password with student all over case
01:41
and we'll go ahead, get logged in
01:45
now. We'll do as soon as that pulls up, we're gonna get we're gonna go disable the screen lock feature and that when we continue with, we can continue with the lab. Excuse me.
01:55
So that way we don't get it timed out on us. So we don't want this screen to lock up on us. In most cases, if you follow along, a step must be on a good pace to finish a lab with plenty of time left. But in some instances, if you if it's been a minute since you've actually done activity in the lab and may time out on you, So that's why I like to disable the screen lock. So that way you could actually
02:14
performed the lab and make sure it saves everything
02:15
as you continue through and finished the lab.
02:20
So we'll go ahead and do that real quick, and then we'll come back to our step by step lap guide.
02:23
So the way we disable the screen look, we just come appear at the top of right of R. Kelly machine cook that little arrow.
02:30
It's gonna pop out a little menu for us, and then we just click this bottom left icon here, this little settings icon. It looks like a little screwdriver in a monkey wrench.
02:38
Go ahead, click on that no might take a couple of seconds to pull it up for us.
02:43
Once it pulls it up, we're gonna go ahead and click on the privacy option of Inside of There is where we will actually see the screen lock feature.
02:51
So you see, here near the bottom left, we see privacy. Just go ahead and click on that. And then once that pulls up, you'll see screen lock as a top option. Let's go ahead and click on that. It's gonna pop up a little menu,
03:00
and then all we have to do is just click here to make this circle come to the far left,
03:06
just like that, and we're going to go.
03:07
So now we get his ex out of this window, and then this one is well, and we'll go ahead and get moving through our lab.
03:15
So the first step here is we're gonna open fire Fox. So on this menu on the left side here, Firefox will be the top left option. So it's gonna be a orange icon right here. Let's go ahead and click on that, and that should launch it for us.
03:27
But while it's doing that, we're gonna go back to our lab documents. So we've done Step five are ready. We went ahead and logged into our Callie machines. We used student for both the user name and password,
03:38
and now we just went ahead and launched Firefox. Now you'll see it might take him over to sew in the background, pull up, but eventually will pull up for us.
03:45
So we're using Mattila Day again in this lab. So again, as I mentioned, we're gonna be using this particular tool or this vulnerable application throughout these entire laughs.
03:55
So the first thing we're gonna do is we're gonna click horses, log in, register at the top of the page. So this one right here is Click on that.
04:02
It's gonna pull up a page for us here.
04:05
Now we see some options. Here we see user name and password box. We also see it. Please register here. Option.
04:12
So here is stepping. We're actually gonna click on that option. So we're gonna click on the please register here.
04:16
We're gonna click on that, and then what we're gonna do for all the fields at that screen. After that, we're just gonna use the word students. So we're just gonna create a student user camp.
04:26
So let's go ahead. Do that now. So click pre please register here
04:30
and that for all these fields were just gonna type in student all lower case and you can click through them or you can tap through them. Either way is fine.
04:39
I'm just gonna tap because that's a little easier.
04:42
All right, So once you've talked in student for all of those, all you have to do now is just click the create account. But
04:48
it's gonna prompt you saying, Do you want to remember the password? I just takes out of that. It really doesn't matter. You can click, Remember? There. It's not gonna actually remember it because each session of these labs, it's gonna be a different instance, But you can click it it. It's not really a big deal in this situation. Now, if you were running this, like on your own computer for some reason than
05:06
yes, you you normally don't want to save your
05:10
user name and password for anything that you're using notes like your banking password. That's what they don't do that because an attacker could come and just log in as you, for example, to your PayPal and clean you out so we don't want we don't want that to happen. So just f y I if you're not security conscious to be more security conscious and your activities in day to day life,
05:29
so I'll get off my soapbox now we'll get back to the lab.
05:31
All right,
05:32
so we went ahead and we created the student account. So now we're gonna go log in a student so we'll cook, log and register again like we had done before. Now that we're just gonna type student for the user name and password fields
05:44
And then what we want to do is take a look and see what account is loved into the top right of the screen.
05:49
Let's go and do that. Now we'll cook on log and register.
05:53
I take him over to sew to pull up, and then we're just gonna type in student all over case for the user name and password again. That's the account. We just created this President Turner keyboard again. It's gonna prompt us. And I was going to say never remember. So hopefully if it prompts me again
06:06
and then I want you to look at the top of right of the screen. Do you see anyone log in? And if so, what? User account is loved in.
06:15
All right, so we see it. Student account is years. Her account log in on That was pretty easy. That should be the account that we see. Since we're long creating the student count and loving and as it
06:25
Now, I'm gonna go ahead and Paul is a video here just a week and then crank out this last part. This takes just a few minutes to go ahead and configure this cookie here now. So go ahead. Paul's video will pick this lab back up in the next video.

Up Next

OWASP

Established in 2001, the Open Web Application Security Project (OWASP) offers free security tools and resources to help organizations protect critical apps. Cybrary’s OWASP training course covers the organization’s popular “Top 10” risk assessment.

Instructed By

Instructor Profile Image
Ken Underhill
Master Instructor at Cybrary
Master Instructor