Hello, everyone, and welcome back to the course. You did fire me, but thanks True logs Amigo Vieira. And in the last video we talked about for the nobility, skins
in this well, we'll talk about brute force attacks and its logs.
The objectives off this video are
reviewed. The brute force attacks,
and it is Friday. Brute force attacks using the Web server logs.
but brute force attacks.
A brute force attack occurs when someone is trying to get access. Trust season are, in our case to a webpage.
There's usually drawn with more Pellegrin and password tries,
so the attacker is forcing the authentication
to perform the brute force attacks.
It's coming to use. Dictionaries are leaking information.
A dictionary is just a coma. Best word least
leaked information about hears it and passwords can make the attack much easier,
while the brute force attack
with tradition, there's the attack. You use a lot off gases and we use a lot of automation. The leaked information can have their user name and password that the attacker needs.
So the attacker you need to try fewer options.
That's why it's really important to change your password after some period of time or after you heard about leaked information from the website that you have on account
for the Web applications. The most common targets are http forms depending on the Web application
the farm can use, get a post methods.
You will see there is a difference between both requests.
And if you remember the old WASP, the brute force attack is related to a to the broken out education.
Just seen an example off the most common password. Check this Web page
in this attack. We use our life.
There is a vulnerable http. Four
Some tools will help us to perform that take.
We will use the Hydra
and Burb Community edition.
Here we have the logs of the take
notices the user name and password information on the log.
Many different was the name in pencil
checking the date in time. It's possible to see many requests in few time.
Well, didn't use ST seven requests in less than 10 seconds.
Here you have Martin. One of yours, a name, a stargate.
So if you're thinking that I'm using forgot his password,
menus and names doesn't make sense.
Also, you have a demonstrator, Loggins
as information the detail off one logline.
Here we can see a typical behavior off the brute force attack.
many requests to the logging Web page in a small period of time,
and different user name and password ST
here are not that simple.
In this case, only one user name is a target.
They use the Navy. Pablo is the target
notice that the behavior similar
It is my period of time from the same might be,
I said, before we can use Get a Post methods in. The less examples was easy to identify the username and the person
because of the get method.
Here we have an example off the requests using the post method
notice that we do not have the user name and password in the request. This happy is because the request is in the payload,
letting this course we want allies. They teach people a look. See, sits a log. Let's analyze.
Check this user Asians.
Hydra is a well know, too chipper for brute force attacks. It is also possible to see that we have made a request in a few period of time from the same i p
and all these requests are to the looking web page.
here. We have opposed,
but they use agent looks normal
Things will not be easy. You always need to ask. Is this unexpected behavior
say might be is more space between requests?
Look suspicious. You can see that the refer her and the requested page are the same.
This could be someone trying to log
the user types. They're wrong user name or password
and the looking Paige is reloaded. But could someone type user name and password in three or four seconds?
So our conclusion is this is an attack, a brute force attack.
In this video, we use judo's
th see Hydra and burb community magician.
The difference between both is the number off the requests with Hydra. We did men request in a smaller period of time. There are many of the tools to perform the brute force attacks.
Now some directions to identify the brute force attacks.
The first is look for men requests in I smile, period of time to the log in patients.
The same might be doing many requests
is a good indicator off the brute force attack. If our Web application uses scared,
look for different users of passwords for posting requests. Look the number off the requests in the time.
Don't forget to check the user. Asians
Post assessment question.
You always king defy a brute force attack analyzing just a user agent.
Is this information to or false?
This information is false. They use the name would help
barren attacker can change it. As we saw in some examples
for the next question on ELISA. Log below and identify the source
and what a talker is trying to do.
We can easily identify the source i p address.
They requested Page as a Logan page,
many user name and password combinations. And is my period of time
usually anti me straight? Oh, is important using a Why would someone trying to get at least a little access to this Web page
somebody we have the suicide be?
It's trying to perform a brute force attack,
and the attack is trying to obtain the administrator password
In today's video, we discussed
the brute force attack,
analyzed the two types off brute force attack using get in post methods
and you didn't find the attack analyzing the logs
and during their analyses, look for user's agents.
Men requests a nice small period of time
requests to the Logan Web pages
and suspicions user names like a demonstrator.
we will have a brief review off S K rejections and analyze the logs. She didn't fight the SQL injection attacks.