5.3 Broken Access Control Lab Instructions Part 2

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *

Already have an account? Sign In »

12 hours 9 minutes
Video Transcription
Hey, everyone, welcome back to the course. So in the last video, we modify the U. R L for a Firefox browser and we went ahead and ran it, and we noticed that we were able to get information about the e T c p a s s w d file.
So as I mentioned in the last video, we launched a burp Sweet. And it should pull up for us and you'll see it there in the background. Now all we're gonna do once we've actually opened it up as we're gonna go ahead and just minimize it and we'll go back to the Firefox browser,
we will be coming back to burbs. Sweet. But we need to run some commands first. So go ahead, just minimize it here.
And then you could just clicked back on the Firefox icon and then we'll pull up the browser for us.
Let's go back to our lab document here.
Now what we're gonna do is we're gonna write click on what's called a foxy proxy icon. So we're gonna click on that and it's on the right side of the U. R L bar. Here. We'll take a look at that in just a second, and we're gonna choose the option that says use proxies based on their predefined patterns and priority. So it should be the top option there in which we right click on it. So this little icon right here, that
that looks like a little simple. You see it like, you know, when there's no smoking your son like that,
the little circle with a red line through. That's what we're looking for is just right Click on that.
Then choose the very top option here as I mentioned the use proxies based on their predefined patterns
and priority. So that one there. Now, once you select that, you'll notice that that red circle goes away and we're good to go.
All right, let's go back to our lab document here. Now we're gonna go select that same file again. So, um,
in the source file, name dropped out menu were to select the same text that dash file dash viewer dot PHP file that we had done before.
So let's go ahead. Do that now. So it's this one right here, and then just click on view file.
So once we do that, once we click of you file. We're gonna go ahead and minimize Firefox and we're gonna go back to burbs. Sweet. So let's go ahead and do that now. So it's gonna minimize Firefox,
and then we're gonna click back on Burps Week.
Let's go back to our lab document.
So now what we're gonna do is we are going to click on the proxy tab and then we're gonna notice is that the intercept feature is turned on. So let's click on proxy here, the top left you notice that intercept is turned on, and that's what we have information showing.
All right, So we're gonna do ah, quick replacement here. And then we're gonna take a look to see information back in Firefox. So we're specifically we're gonna be looking for a database password to see if we have from a see any information regarding the database password. But first things first. Let's go ahead and alter the information that we see here. So,
on this very bottom line here
in the in the output that we see in the background the text dash file, viewer dash PHP, we want to replace that with classes. Ford slash my sequel handler dot PHP. So let's go ahead and do that together.
So we're gonna replace all of this, and I normally just leave the dot PHP there. Since I'm gonna be altering it,
we're gonna add classes and then afford slash, and then my sequel handler dot PHP.
So where classes ford slash.
Yeah, my sequel handler.
The PHP,
you know, save the PHP, so I don't need to type it. But if you deleted the dot PHP you need you'll need to go ahead and just type it in there. You'll see there we have our classes. Ford slash my sequel handler dot PHP. All right, so once we have that, we're gonna click this forward button at the top of left. So let's go and do that now.
And you'll never set When we turn the intercept on for burp Sweet. It's basically intercepting the packet for the information. The communication, If you will s o, for example, let's say that
we were growing up, you know? So it's kind of like growing up, you know, you got a phone call with your boyfriend or girlfriend. You know what Mom interjects there and starts talking it be similar to the situation. We're like you. You say something and then Mom says Okay, I got that information. Now I'm gonna send it on to your boyfriend, you know? Of course, Mom's gonna twist it right. You know, you're telling a boyfriend I love you. Mom's gonna say she hates you,
you know? So that's kind of what we're doing with births. We hear we're intercepting that communication stream
so we can control it and send the information back to the browser or, you know, whatever we're using.
All right, so we're gonna minimize burp. Sweet. Now we're gonna go back to fire Fox. So let's go ahead and click the Firefox icon. That'll pull that back up for us,
and we'll go back to our lab documents. So we're here at step 38
now what we should see on her page in, which is what we do see in the background, we see the contents of the mice equal handler dot PHP page. So I want you to take a look through the information here and just see if you notice any information regarding a database password. Oh,
well, to scroll down and just see, do we notice any information about a database password, eh? So we see some information. Database host, database, user name will. That's probably not good to see. Oh, boy, look at that database password. So we get some information about potential passwords that might be used in the database.
If we keep scrolling down, we get information about the database name,
properties of the objects, etcetera, etcetera. So you could see how an attacker
may be able to use this information for bad purposes And how it it's not something that you wanna have showing, um, on your systems, right?
And access control A kind of a high level. We we went in. We used a tool called Bob Sweet after we ran a command on. And then we changed the output. So again we put in my sequel for for
our Pass or my sequel, Admin for the Path. We sent the information back to our Web application and you'll see that it kicked back the information that we didn't want anyone to see. We're going in the database. So we do see that this particular database is vulnerable for this application is vulnerable to this type of attack,
which we already know.
Yes, since we're using this tool to learn about the these different attacks. But if you noticed this, if you ran this particular thing against your web application server, then you may want to get things fixed, right? You might wanna have a security team fix things that they're that they're finding these particular vulnerabilities on.
So, as I mentioned again in this video, we talked about broken access control and the next module. We're gonna cover security, Miss Kim Figure Asians, which you'll see a lot of security miss configurations out in the media in different avenues. And we'll talk about why it's important to figure things properly, and we'll take a look at some examples in the lab for that module.
Up Next