1 hour 43 minutes

Video Transcription

everyone. Welcome back to the core. So in the last video, we started off for a lab again. We just loved into Callie Lennox. We launched Firefox.
We verified that we're able to do indexing on the Mattila Days site.
We also then launched burb Sweet rebrand. We submitted that poll form on the site.
And with that we noticed in burps we were able to capture or information. So again we captured our choice, which was kismet and then the initials that we had placed in there as well. So that was our get request. Now, let's see if we can change the request method in here
that we were going to do that. It's just right. Click
and select the change request method option right here. It's about 1/4 of the way down on this box and you notice here it allowed us to change that to a post request.
All right, so the next thing we're going to do is just change our choice down here. So where we have kismet, we're just gonna put something else in there. We're gonna say, Tell net instead. And then let's change your initials as well. So instead of p p p. I'm gonna use t t t. And then we're just gonna select this Go Barton right here to submit that information.
All right. Next, we're just gonna minimize birth suite will go back to Firefox so we'll launch yet again against that orange icon on the top left there,
we'll go back to our pool,
and this time around, we're gonna select will select TCP Dump,
and I'm gonna change those initials. Teoh. Why? Why? Why? And we're just going to submit this vote again. Right next. Let's go back to burp. Sweets would minimize Firefox and bring up burb sweet again.
And if we never gave back to the proxy in http history tabs, you noticed that we can see the additional submission that we had done
are so next let's minimize birth. Sweden will go back to Firefox again.
So we're gonna go ahead and create and upload basically a simple backdoor. So it's not going to be extravagant. Malware, anything. It's just a very simple backdoor application. So let's select a loss. Top 10 sees me almost 2017 on the left side. Here we go back to the security Miss Configuration and we're gonna go to this unrestricted file upload option.
All right, so we're gonna go ahead and minimize fire Fox, Right now we're gonna launch Callie Lenox terminal window. So the way we do that, we can just click on this terminal icon right here on the left side. Once it launches, we're gonna type in the following command. So again, this command is listed on the step by step guide. It's also listed
in the instructions on the right side of the page here, if you need it there as well. But I'll be reading off
what I'm typing. It's we're in a type of echo all over case
we're gonna put an apostrophe symbol will put Thea
Little Triangle bracket.
We're gonna put a question mark than PHP
space system.
We'll put the left parentheses, E
we're gonna put the dollar sign to underscore and then capital G e t for the git request.
We'll put a bracket, will put command in quotations, will put in another bracket. We're gonna wrap up with our parentheses. E will put a semi colon.
We'll put a space. A question mark.
We'll do the other triangle symbol.
We're gonna put another apostrophe
and then we're gonna put desktop ford slash backdoor dot PHP and then go ahead and press enter on the keyboard. You notice in the background there that on the Cali limits desktop, you'll see a backdoor dot PHP file. Next, let's navigate back to Firefox. Will launch that again, and we're gonna select upload that file So you can either click this button right here to upload the file.
Or you can also click that little icon right there
and she'll see by default is gonna give us that backdoor dot PHP file. And we can just go ahead and upload that file, right? So you could see that we have uploaded the file. Now, the next thing we're going to do is we're gonna navigate
to a different you are l here. So we're gonna do http colon ford slash ford slash b Till a day ford slash Mattila Day again for slash index Stop PHP a question mark page and then equals and we're gonna give it the path of that file. So backdoor dot PHP and the command.
And so you noticed that that path is the same as we see
in the screen. There were says File up late, uploaded and sees me file move to we see Ford slash the temporary location of it. So TMP and then the backdoor dot PHP file that we had uploaded. Let's go ahead and process that so you can see that the command worked and it worked to execute that file. Now, what we could do from here is we could replace the value of i d. With
something else, right? We could replace it with something else we're trying to do.
We could grab user data, whatever we're trying to do here, whatever type of attack we can certainly do. So So, for example, we could use user i d. We can get information about the group's etcetera, etcetera. So in this lab, which took a look at a couple of things, we took a look at creating a malicious file and then uploading it to a surgery.
Aziz. Well, as we took a look at someone entering data in a form CF, remember the poll form
somebody entering data in that and then capturing that with a tool like birth suite.
So when we don't secure information when we're communicating via AP, I doing things like get or post requests.
Then a malicious attacker could grab the type of information. So again I put this lab in the course. Just you could get a visualization of what some different attacks might look like.

Up Next

Introduction to the OWASP API Security Top 10

The Introduction to the OWASP API Security Top 10 course will teach students why API security is needed. Students will get a brief refresher on the CIA triad and AAA, then move into learning about the OWASP Top 10 from an API security perspective.

Instructed By

Instructor Profile Image
Ken Underhill
Master Instructor at Cybrary
Master Instructor