[Script Info]
Title: 
[Events]
Format: Layer, Start, End, Style, Name, MarginL, MarginR, MarginV, Effect, Text
Dialogue: 0,0:00:00.96,0:00:03.54,Default,,0000,0000,0000,,Hello and welcome back to RedBlue Labs.
Dialogue: 0,0:00:03.54,0:00:04.98,Default,,0000,0000,0000,,Today's video is going to be a little bit
Dialogue: 0,0:00:04.98,0:00:06.24,Default,,0000,0000,0000,,different than the ones I've done in the
Dialogue: 0,0:00:06.24,0:00:08.16,Default,,0000,0000,0000,,past, where I'm actually going to be
Dialogue: 0,0:00:08.16,0:00:10.86,Default,,0000,0000,0000,,doing a walkthrough on a TryHackMe
Dialogue: 0,0:00:10.86,0:00:13.98,Default,,0000,0000,0000,,room. The room of choice for me today is
Dialogue: 0,0:00:13.98,0:00:17.82,Default,,0000,0000,0000,,actually "Introduction to OWASP Zap," and I
Dialogue: 0,0:00:17.82,0:00:20.10,Default,,0000,0000,0000,,chose this room because I personally
Dialogue: 0,0:00:20.10,0:00:24.18,Default,,0000,0000,0000,,really enjoy ZAP. I like
Dialogue: 0,0:00:24.18,0:00:26.64,Default,,0000,0000,0000,,the features that it has, and when I
Dialogue: 0,0:00:26.64,0:00:29.52,Default,,0000,0000,0000,,had this paragraph here,
Dialogue: 0,0:00:29.52,0:00:30.78,Default,,0000,0000,0000,,apparently the person who made this
Dialogue: 0,0:00:30.78,0:00:33.42,Default,,0000,0000,0000,,room prefers it over Burp. And honestly,
Dialogue: 0,0:00:33.42,0:00:35.22,Default,,0000,0000,0000,,it's a personal preference kind
Dialogue: 0,0:00:35.22,0:00:37.74,Default,,0000,0000,0000,,of thing. Many, many people use Burp. Some
Dialogue: 0,0:00:37.74,0:00:40.02,Default,,0000,0000,0000,,people use ZAP. I'm one of those people
Dialogue: 0,0:00:40.02,0:00:43.08,Default,,0000,0000,0000,,that uses ZAP regularly.
Dialogue: 0,0:00:43.08,0:00:45.84,Default,,0000,0000,0000,,Just a heads up, I do plan on editing
Dialogue: 0,0:00:45.84,0:00:48.12,Default,,0000,0000,0000,,this video, so it's going to be
Dialogue: 0,0:00:48.12,0:00:50.70,Default,,0000,0000,0000,,fairly fluid as I walk through
Dialogue: 0,0:00:50.70,0:00:54.24,Default,,0000,0000,0000,,things. So there you go. Now you know.
Dialogue: 0,0:00:54.24,0:00:55.98,Default,,0000,0000,0000,,If you're not familiar with
Dialogue: 0,0:00:55.98,0:01:00.66,Default,,0000,0000,0000,,what ZAP is, it's a proxy where you have
Dialogue: 0,0:01:00.66,0:01:04.44,Default,,0000,0000,0000,,your browser pointing to a proxy server
Dialogue: 0,0:01:04.44,0:01:06.18,Default,,0000,0000,0000,,that's running locally, so maybe on your
Dialogue: 0,0:01:06.18,0:01:08.76,Default,,0000,0000,0000,,Kali machine, and then you will
Dialogue: 0,0:01:08.76,0:01:11.10,Default,,0000,0000,0000,,go onto the website. So, you're sending
Dialogue: 0,0:01:11.10,0:01:13.20,Default,,0000,0000,0000,,traffic through the proxy over the
Dialogue: 0,0:01:13.20,0:01:15.66,Default,,0000,0000,0000,,website, and the website is going to
Dialogue: 0,0:01:15.66,0:01:17.28,Default,,0000,0000,0000,,go through the proxy back to you. So,
Dialogue: 0,0:01:17.28,0:01:19.08,Default,,0000,0000,0000,,you've got like a person in the middle
Dialogue: 0,0:01:19.08,0:01:21.72,Default,,0000,0000,0000,,that's handling that traffic, and then
Dialogue: 0,0:01:21.72,0:01:23.94,Default,,0000,0000,0000,,while that traffic's being handled, you
Dialogue: 0,0:01:23.94,0:01:26.04,Default,,0000,0000,0000,,can actually manipulate the data.
Dialogue: 0,0:01:26.04,0:01:28.62,Default,,0000,0000,0000,,So, let's go ahead and start our room. Oh, I
Dialogue: 0,0:01:28.62,0:01:30.60,Default,,0000,0000,0000,,got to join the room. And start that
Dialogue: 0,0:01:30.60,0:01:32.78,Default,,0000,0000,0000,,machine.
Dialogue: 0,0:01:35.16,0:01:36.30,Default,,0000,0000,0000,,And we're going to start off with the
Dialogue: 0,0:01:36.30,0:01:39.54,Default,,0000,0000,0000,,first one. So, ZAP stands for
Dialogue: 0,0:01:39.54,0:01:43.38,Default,,0000,0000,0000,,Zed Attack Proxy.
Dialogue: 0,0:01:43.38,0:01:44.64,Default,,0000,0000,0000,,Woo.
Dialogue: 0,0:01:44.64,0:01:46.86,Default,,0000,0000,0000,,Day 148.
Dialogue: 0,0:01:46.86,0:01:49.74,Default,,0000,0000,0000,,So let's see if I can do that right now.
Dialogue: 0,0:01:49.74,0:01:51.72,Default,,0000,0000,0000,,Still waiting 18 seconds.
Dialogue: 0,0:01:51.72,0:01:54.18,Default,,0000,0000,0000,,Task 1 is done.
Dialogue: 0,0:01:54.18,0:01:55.98,Default,,0000,0000,0000,,Go to task 2.
Dialogue: 0,0:01:55.98,0:01:58.08,Default,,0000,0000,0000,,ZAP is a great tool that's totally slept
Dialogue: 0,0:01:58.08,0:02:00.66,Default,,0000,0000,0000,,on. You know, that is
Dialogue: 0,0:02:00.66,0:02:02.16,Default,,0000,0000,0000,,totally true.
Dialogue: 0,0:02:02.16,0:02:05.40,Default,,0000,0000,0000,,Go ahead and give this section a read.
Dialogue: 0,0:02:05.40,0:02:09.20,Default,,0000,0000,0000,,I've read the task.
Dialogue: 0,0:02:11.94,0:02:14.40,Default,,0000,0000,0000,,Installation.
Dialogue: 0,0:02:14.40,0:02:16.98,Default,,0000,0000,0000,,Okay, so I've actually already gone ahead
Dialogue: 0,0:02:16.98,0:02:19.26,Default,,0000,0000,0000,,and done that.
Dialogue: 0,0:02:19.26,0:02:21.12,Default,,0000,0000,0000,,There's a couple of ways you can
Dialogue: 0,0:02:21.12,0:02:24.06,Default,,0000,0000,0000,,do it. They've got the the tool right
Dialogue: 0,0:02:24.06,0:02:25.14,Default,,0000,0000,0000,,here. So,
Dialogue: 0,0:02:25.14,0:02:26.40,Default,,0000,0000,0000,,pretty straightforward. Just go to the
Dialogue: 0,0:02:26.40,0:02:28.80,Default,,0000,0000,0000,,website, and connect it into your Kali,
Dialogue: 0,0:02:28.80,0:02:31.14,Default,,0000,0000,0000,,and go ahead and just download it. I
Dialogue: 0,0:02:31.14,0:02:32.94,Default,,0000,0000,0000,,already have it installed, so that's
Dialogue: 0,0:02:32.94,0:02:34.26,Default,,0000,0000,0000,,easy to
Dialogue: 0,0:02:34.26,0:02:36.18,Default,,0000,0000,0000,,complete,
Dialogue: 0,0:02:36.18,0:02:38.70,Default,,0000,0000,0000,,and then open it up.
Dialogue: 0,0:02:38.70,0:02:42.02,Default,,0000,0000,0000,,Let's go over my machine,
Dialogue: 0,0:02:44.34,0:02:45.72,Default,,0000,0000,0000,,and I'm going to
Dialogue: 0,0:02:45.72,0:02:48.44,Default,,0000,0000,0000,,open it up.
Dialogue: 0,0:02:50.88,0:02:53.16,Default,,0000,0000,0000,,Hit the Windows button or the Command
Dialogue: 0,0:02:53.16,0:02:56.24,Default,,0000,0000,0000,,button, ZAP,
Dialogue: 0,0:02:57.71,0:02:59.69,Default,,0000,0000,0000,,power it on.
Dialogue: 0,0:03:04.32,0:03:07.14,Default,,0000,0000,0000,,Eventually, your ZAP will turn on, and you
Dialogue: 0,0:03:07.14,0:03:08.58,Default,,0000,0000,0000,,are ready to proceed with the rest of
Dialogue: 0,0:03:08.58,0:03:10.26,Default,,0000,0000,0000,,the room.
Dialogue: 0,0:03:10.26,0:03:13.70,Default,,0000,0000,0000,,Let's go check out task 4,
Dialogue: 0,0:03:15.24,0:03:17.28,Default,,0000,0000,0000,,and this task looks like we're doing
Dialogue: 0,0:03:17.28,0:03:21.66,Default,,0000,0000,0000,,an automated scan. Let's go
Dialogue: 0,0:03:21.66,0:03:23.46,Default,,0000,0000,0000,,ahead and run the command that it's
Dialogue: 0,0:03:23.46,0:03:26.00,Default,,0000,0000,0000,,asking for.
Dialogue: 0,0:03:29.40,0:03:32.52,Default,,0000,0000,0000,,Set up the Ajax spider. Looks like in
Dialogue: 0,0:03:32.52,0:03:34.20,Default,,0000,0000,0000,,task 5, we are actually going to be doing
Dialogue: 0,0:03:34.20,0:03:36.66,Default,,0000,0000,0000,,some manual scanning and we need to have
Dialogue: 0,0:03:36.66,0:03:39.84,Default,,0000,0000,0000,,our browser pointing to our ZAP proxy.
Dialogue: 0,0:03:39.84,0:03:42.24,Default,,0000,0000,0000,,So, there's a number of steps
Dialogue: 0,0:03:42.24,0:03:43.98,Default,,0000,0000,0000,,to do this, and actually,
Dialogue: 0,0:03:43.98,0:03:46.86,Default,,0000,0000,0000,,what will make this easier is in the
Dialogue: 0,0:03:46.86,0:03:48.66,Default,,0000,0000,0000,,dropdown that you see right now, I
Dialogue: 0,0:03:48.66,0:03:50.28,Default,,0000,0000,0000,,actually have a video that I've made
Dialogue: 0,0:03:50.28,0:03:51.90,Default,,0000,0000,0000,,where
Dialogue: 0,0:03:51.90,0:03:53.94,Default,,0000,0000,0000,,I actually go through this entire
Dialogue: 0,0:03:53.94,0:03:57.54,Default,,0000,0000,0000,,process. So, I'm going to skip ahead, and if
Dialogue: 0,0:03:57.54,0:03:58.62,Default,,0000,0000,0000,,you already have this set up, then that's
Dialogue: 0,0:03:58.62,0:04:00.60,Default,,0000,0000,0000,,great. Or, if you want to watch that video
Dialogue: 0,0:04:00.60,0:04:04.86,Default,,0000,0000,0000,,that I've made, go ahead and do that.
Dialogue: 0,0:04:04.86,0:04:09.48,Default,,0000,0000,0000,,What IP do we use for the proxy? Well, we
Dialogue: 0,0:04:09.48,0:04:11.70,Default,,0000,0000,0000,,would be pointing it to ourselves. So,
Dialogue: 0,0:04:11.70,0:04:17.00,Default,,0000,0000,0000,,that could be localhost or a bit--it's
Dialogue: 0,0:04:18.00,0:04:22.56,Default,,0000,0000,0000,,this one right over here. Bingo bango.
Dialogue: 0,0:04:22.56,0:04:25.22,Default,,0000,0000,0000,,With task 6, it looks like we are
Dialogue: 0,0:04:25.22,0:04:27.18,Default,,0000,0000,0000,,scanning an authenticated web
Dialogue: 0,0:04:27.18,0:04:29.04,Default,,0000,0000,0000,,application. So,
Dialogue: 0,0:04:29.04,0:04:32.04,Default,,0000,0000,0000,,in THM here, they give us some
Dialogue: 0,0:04:32.04,0:04:35.10,Default,,0000,0000,0000,,credentials that we need to use on the
Dialogue: 0,0:04:35.10,0:04:36.54,Default,,0000,0000,0000,,machine that they've got for us. So, let's
Dialogue: 0,0:04:36.54,0:04:41.34,Default,,0000,0000,0000,,go down and give the page here a read,
Dialogue: 0,0:04:41.34,0:04:44.40,Default,,0000,0000,0000,,and we are going to
Dialogue: 0,0:04:44.40,0:04:46.98,Default,,0000,0000,0000,,open up our browser on our Kali machine
Dialogue: 0,0:04:46.98,0:04:48.12,Default,,0000,0000,0000,,here.
Dialogue: 0,0:04:48.12,0:04:50.22,Default,,0000,0000,0000,,And here we go. We've got our
Dialogue: 0,0:04:50.22,0:04:51.84,Default,,0000,0000,0000,,spot here
Dialogue: 0,0:04:51.84,0:04:54.66,Default,,0000,0000,0000,,to authenticate.
Dialogue: 0,0:04:54.66,0:04:56.10,Default,,0000,0000,0000,,They're going to put in the credentials
Dialogue: 0,0:04:56.10,0:04:59.90,Default,,0000,0000,0000,,that TryHackMe has given me
Dialogue: 0,0:05:00.48,0:05:02.82,Default,,0000,0000,0000,,and authenticate. Let's go back and take
Dialogue: 0,0:05:02.82,0:05:04.92,Default,,0000,0000,0000,,a peek at the instructions here.
Dialogue: 0,0:05:04.92,0:05:07.50,Default,,0000,0000,0000,,Looks like we have or on the page that
Dialogue: 0,0:05:07.50,0:05:10.82,Default,,0000,0000,0000,,we need to be, and we need to go down to
Dialogue: 0,0:05:10.82,0:05:13.50,Default,,0000,0000,0000,,DVWA security
Dialogue: 0,0:05:13.50,0:05:16.08,Default,,0000,0000,0000,,as instructed.
Dialogue: 0,0:05:16.08,0:05:19.44,Default,,0000,0000,0000,,And I just want to do a double check here,
Dialogue: 0,0:05:19.44,0:05:22.26,Default,,0000,0000,0000,,navigate to that tab and set the
Dialogue: 0,0:05:22.26,0:05:24.54,Default,,0000,0000,0000,,security level to low and then hit
Dialogue: 0,0:05:24.54,0:05:26.28,Default,,0000,0000,0000,,submit.
Dialogue: 0,0:05:26.28,0:05:28.92,Default,,0000,0000,0000,,And after that, we're going to pass our
Dialogue: 0,0:05:28.92,0:05:31.98,Default,,0000,0000,0000,,authentication token into ZAP so that we
Dialogue: 0,0:05:31.98,0:05:34.20,Default,,0000,0000,0000,,can use the tool to scan authenticated
Dialogue: 0,0:05:34.20,0:05:36.12,Default,,0000,0000,0000,,pages. Great.
Dialogue: 0,0:05:36.12,0:05:39.92,Default,,0000,0000,0000,,Let's do that.
Dialogue: 0,0:05:41.64,0:05:43.62,Default,,0000,0000,0000,,Low
Dialogue: 0,0:05:43.62,0:05:46.88,Default,,0000,0000,0000,,and submit.
Dialogue: 0,0:05:47.28,0:05:49.52,Default,,0000,0000,0000,,Okay,
Dialogue: 0,0:05:51.66,0:05:53.76,Default,,0000,0000,0000,,so we are going to open up the inspector
Dialogue: 0,0:05:53.76,0:05:56.06,Default,,0000,0000,0000,,here.
Dialogue: 0,0:06:07.80,0:06:10.50,Default,,0000,0000,0000,,Go to storage,
Dialogue: 0,0:06:10.50,0:06:14.28,Default,,0000,0000,0000,,and I'm going to grab the session key
Dialogue: 0,0:06:14.28,0:06:16.56,Default,,0000,0000,0000,,cookie here.
Dialogue: 0,0:06:29.72,0:06:33.12,Default,,0000,0000,0000,,And in ZAP, open the HTTP Sessions tab with the new
Dialogue: 0,0:06:33.12,0:06:35.70,Default,,0000,0000,0000,,tab button, which is that one there, and
Dialogue: 0,0:06:35.70,0:06:37.74,Default,,0000,0000,0000,,set the authenticated session to
Dialogue: 0,0:06:37.74,0:06:39.96,Default,,0000,0000,0000,,active. You might actually notice a
Dialogue: 0,0:06:39.96,0:06:41.94,Default,,0000,0000,0000,,slight disconnect between what you're
Dialogue: 0,0:06:41.94,0:06:44.10,Default,,0000,0000,0000,,seeing in the PHP session right now and
Dialogue: 0,0:06:44.10,0:06:45.66,Default,,0000,0000,0000,,what you saw about ten seconds earlier.
Dialogue: 0,0:06:45.66,0:06:48.72,Default,,0000,0000,0000,,They do look different. And the reason
Dialogue: 0,0:06:48.72,0:06:49.86,Default,,0000,0000,0000,,for that is because I actually
Dialogue: 0,0:06:49.86,0:06:52.80,Default,,0000,0000,0000,,rerecorded doing this particular task,
Dialogue: 0,0:06:52.80,0:06:54.84,Default,,0000,0000,0000,,and I wanted to make it pretty
Dialogue: 0,0:06:54.84,0:06:57.84,Default,,0000,0000,0000,,straightforward to see how we can see in
Dialogue: 0,0:06:57.84,0:07:01.62,Default,,0000,0000,0000,,ZAP the exact same session compared
Dialogue: 0,0:07:01.62,0:07:03.66,Default,,0000,0000,0000,,to the session that we can see in the
Dialogue: 0,0:07:03.66,0:07:06.66,Default,,0000,0000,0000,,inspector of the browser. So, that's what
Dialogue: 0,0:07:06.66,0:07:09.86,Default,,0000,0000,0000,,you're seeing on the screen right now.
Dialogue: 0,0:07:12.60,0:07:15.02,Default,,0000,0000,0000,,Because we have an authenticated session
Dialogue: 0,0:07:15.02,0:07:17.46,Default,,0000,0000,0000,,in our
Dialogue: 0,0:07:17.46,0:07:20.22,Default,,0000,0000,0000,,ZAP here, we're able to actually do a
Dialogue: 0,0:07:20.22,0:07:22.68,Default,,0000,0000,0000,,scan against our target and receive a
Dialogue: 0,0:07:22.68,0:07:25.74,Default,,0000,0000,0000,,lot more information because we now,
Dialogue: 0,0:07:25.74,0:07:29.52,Default,,0000,0000,0000,,at this point, have an authentication
Dialogue: 0,0:07:29.52,0:07:32.54,Default,,0000,0000,0000,,on the target.
Dialogue: 0,0:07:39.90,0:07:42.78,Default,,0000,0000,0000,,Alright, so that was task 6, and now
Dialogue: 0,0:07:42.78,0:07:44.58,Default,,0000,0000,0000,,we're moving on to task 7, which is
Dialogue: 0,0:07:44.58,0:07:47.16,Default,,0000,0000,0000,,brute-force directories. Let's open up
Dialogue: 0,0:07:47.16,0:07:49.20,Default,,0000,0000,0000,,the challenge and take a look at what
Dialogue: 0,0:07:49.20,0:07:50.88,Default,,0000,0000,0000,,are the requirements here.
Dialogue: 0,0:07:50.88,0:07:53.10,Default,,0000,0000,0000,,And so, essentially, we can actually use
Dialogue: 0,0:07:53.10,0:07:55.08,Default,,0000,0000,0000,,word lists
Dialogue: 0,0:07:55.08,0:07:59.04,Default,,0000,0000,0000,,and ZAP to do some brute-forcing to
Dialogue: 0,0:07:59.04,0:08:00.90,Default,,0000,0000,0000,,figure out what kind of directories,
Dialogue: 0,0:08:00.90,0:08:03.66,Default,,0000,0000,0000,,some directory enumeration that are on
Dialogue: 0,0:08:03.66,0:08:08.34,Default,,0000,0000,0000,,the web server. Let's go down. And when we
Dialogue: 0,0:08:08.34,0:08:10.50,Default,,0000,0000,0000,,have our sites here, when we do a
Dialogue: 0,0:08:10.50,0:08:12.90,Default,,0000,0000,0000,,right-click and we do a forced browse
Dialogue: 0,0:08:12.90,0:08:16.08,Default,,0000,0000,0000,,site, we can actually do this, do
Dialogue: 0,0:08:16.08,0:08:18.00,Default,,0000,0000,0000,,directory enumeration. I actually have
Dialogue: 0,0:08:18.00,0:08:19.38,Default,,0000,0000,0000,,another video where I do the exact same
Dialogue: 0,0:08:19.38,0:08:21.20,Default,,0000,0000,0000,,thing. So, you can see that in the dropdown
Dialogue: 0,0:08:21.20,0:08:22.98,Default,,0000,0000,0000,,as well if you want to be able to
Dialogue: 0,0:08:22.98,0:08:24.84,Default,,0000,0000,0000,,specifically watch that. But we're going
Dialogue: 0,0:08:24.84,0:08:26.22,Default,,0000,0000,0000,,to do the exact same thing here, and it's
Dialogue: 0,0:08:26.22,0:08:28.62,Default,,0000,0000,0000,,pretty straightforward. Let's go
Dialogue: 0,0:08:28.62,0:08:30.26,Default,,0000,0000,0000,,ahead and
Dialogue: 0,0:08:30.26,0:08:32.22,Default,,0000,0000,0000,,do a
Dialogue: 0,0:08:32.22,0:08:37.88,Default,,0000,0000,0000,,forced browse on our target system here.
Dialogue: 0,0:08:50.90,0:08:53.52,Default,,0000,0000,0000,,And then we just have to pick the
Dialogue: 0,0:08:53.52,0:08:56.28,Default,,0000,0000,0000,,list that we want. So, I'll use
Dialogue: 0,0:08:56.28,0:08:57.36,Default,,0000,0000,0000,,this one.
Dialogue: 0,0:08:57.36,0:09:00.66,Default,,0000,0000,0000,,But really, word lists are all over the
Dialogue: 0,0:09:00.66,0:09:02.34,Default,,0000,0000,0000,,place. You can use whatever word list
Dialogue: 0,0:09:02.34,0:09:05.42,Default,,0000,0000,0000,,works best for you.
Dialogue: 0,0:09:07.14,0:09:09.80,Default,,0000,0000,0000,,And hit play.
Dialogue: 0,0:09:12.54,0:09:16.46,Default,,0000,0000,0000,,Task 6 or task 7 complete.
Dialogue: 0,0:09:19.20,0:09:22.62,Default,,0000,0000,0000,,Okay, task 8. Let's check out
Dialogue: 0,0:09:22.62,0:09:25.32,Default,,0000,0000,0000,,what we've got here for brute-force web
Dialogue: 0,0:09:25.32,0:09:27.24,Default,,0000,0000,0000,,login.
Dialogue: 0,0:09:27.24,0:09:30.06,Default,,0000,0000,0000,,So, just like with the brute-force
Dialogue: 0,0:09:30.06,0:09:32.64,Default,,0000,0000,0000,,directories, we can actually use Hydra
Dialogue: 0,0:09:32.64,0:09:35.04,Default,,0000,0000,0000,,for this as well. But what we're doing in
Dialogue: 0,0:09:35.04,0:09:36.48,Default,,0000,0000,0000,,this room is demonstrating that we can
Dialogue: 0,0:09:36.48,0:09:38.70,Default,,0000,0000,0000,,use ZAP to do some of the similar tasks
Dialogue: 0,0:09:38.70,0:09:39.98,Default,,0000,0000,0000,,as well.
Dialogue: 0,0:09:39.98,0:09:42.74,Default,,0000,0000,0000,,What we're going to be doing also is
Dialogue: 0,0:09:42.74,0:09:45.72,Default,,0000,0000,0000,,fuzzing again. So, let's take a peek
Dialogue: 0,0:09:45.72,0:09:47.40,Default,,0000,0000,0000,,at some of the instructions that they
Dialogue: 0,0:09:47.40,0:09:51.06,Default,,0000,0000,0000,,give us here. So, we have a a login. So,
Dialogue: 0,0:09:51.06,0:09:52.50,Default,,0000,0000,0000,,we're going to be demonstrating on the
Dialogue: 0,0:09:52.50,0:09:55.38,Default,,0000,0000,0000,,brute-force part of things, and we're
Dialogue: 0,0:09:55.38,0:09:58.92,Default,,0000,0000,0000,,going to be doing an attack and fuzz on
Dialogue: 0,0:09:58.92,0:10:01.62,Default,,0000,0000,0000,,the spot, the moment in time when we are
Dialogue: 0,0:10:01.62,0:10:05.10,Default,,0000,0000,0000,,actually inputting the credentials. So, in
Dialogue: 0,0:10:05.10,0:10:06.42,Default,,0000,0000,0000,,here, they do
Dialogue: 0,0:10:06.42,0:10:10.20,Default,,0000,0000,0000,,find a test 1, 2, 3, and
Dialogue: 0,0:10:10.20,0:10:12.06,Default,,0000,0000,0000,,we'll do something similar to that.
Dialogue: 0,0:10:12.06,0:10:15.00,Default,,0000,0000,0000,,I have my own technique or word that I
Dialogue: 0,0:10:15.00,0:10:16.62,Default,,0000,0000,0000,,like to look for, and that's fine. You'll
Dialogue: 0,0:10:16.62,0:10:17.76,Default,,0000,0000,0000,,have your own that you like
Dialogue: 0,0:10:17.76,0:10:18.78,Default,,0000,0000,0000,,as well.
Dialogue: 0,0:10:18.78,0:10:20.34,Default,,0000,0000,0000,,So, we're going to find the GET and we're
Dialogue: 0,0:10:20.34,0:10:21.72,Default,,0000,0000,0000,,going to do a fuzz.
Dialogue: 0,0:10:21.72,0:10:24.42,Default,,0000,0000,0000,,Alright, then. I actually did all this in
Dialogue: 0,0:10:24.42,0:10:26.58,Default,,0000,0000,0000,,another video, so you'll see it in
Dialogue: 0,0:10:26.58,0:10:28.50,Default,,0000,0000,0000,,this dropdown on the screen here.
Dialogue: 0,0:10:28.50,0:10:30.90,Default,,0000,0000,0000,,Now, what's unique is that actually Kali
Dialogue: 0,0:10:30.90,0:10:33.90,Default,,0000,0000,0000,,comes with its own--it comes with tons
Dialogue: 0,0:10:33.90,0:10:35.70,Default,,0000,0000,0000,,of word lists, but it comes with a one
Dialogue: 0,0:10:35.70,0:10:37.68,Default,,0000,0000,0000,,called FastTrack. I've actually never
Dialogue: 0,0:10:37.68,0:10:41.28,Default,,0000,0000,0000,,used FastTrack. I use my own word lists,
Dialogue: 0,0:10:41.28,0:10:43.80,Default,,0000,0000,0000,,and that's fine too. But for this
Dialogue: 0,0:10:43.80,0:10:45.48,Default,,0000,0000,0000,,particular challenge, we will be using
Dialogue: 0,0:10:45.48,0:10:49.86,Default,,0000,0000,0000,,the fasttrack.txt.
Dialogue: 0,0:10:49.86,0:10:52.68,Default,,0000,0000,0000,,Alright, let's open up our ZAP machine
Dialogue: 0,0:10:52.68,0:10:55.32,Default,,0000,0000,0000,,and
Dialogue: 0,0:10:55.32,0:10:59.58,Default,,0000,0000,0000,,navigate to the HTTP for this. So, I'm
Dialogue: 0,0:10:59.58,0:11:01.02,Default,,0000,0000,0000,,going to
Dialogue: 0,0:11:01.02,0:11:04.34,Default,,0000,0000,0000,,open up my browser here.
Dialogue: 0,0:11:15.24,0:11:17.40,Default,,0000,0000,0000,,And because my browser is pointing to my
Dialogue: 0,0:11:17.40,0:11:20.82,Default,,0000,0000,0000,,proxy server, I'm going to see
Dialogue: 0,0:11:20.82,0:11:24.36,Default,,0000,0000,0000,,the websites actually populate inside of
Dialogue: 0,0:11:24.36,0:11:25.92,Default,,0000,0000,0000,,my sites here, and you can see them
Dialogue: 0,0:11:25.92,0:11:28.76,Default,,0000,0000,0000,,popping up there right now.
Dialogue: 0,0:11:29.04,0:11:32.07,Default,,0000,0000,0000,,And according to the instructions on TryHackMe,
Dialogue: 0,0:11:32.07,0:11:35.47,Default,,0000,0000,0000,,we will need to go to brute-force.
Dialogue: 0,0:11:36.60,0:11:38.82,Default,,0000,0000,0000,,And at this point, we're going to
Dialogue: 0,0:11:38.82,0:11:40.92,Default,,0000,0000,0000,,actually input
Dialogue: 0,0:11:40.92,0:11:42.60,Default,,0000,0000,0000,,some data that we're going to catch. So,
Dialogue: 0,0:11:42.60,0:11:45.06,Default,,0000,0000,0000,,we can see it populating here, which is
Dialogue: 0,0:11:45.06,0:11:46.52,Default,,0000,0000,0000,,great.
Dialogue: 0,0:11:49.50,0:11:52.80,Default,,0000,0000,0000,,I'm going to actually expand this,
Dialogue: 0,0:11:55.32,0:11:58.68,Default,,0000,0000,0000,,and we're going to send something to it.
Dialogue: 0,0:11:58.68,0:12:01.06,Default,,0000,0000,0000,,RedBlue.
Dialogue: 0,0:12:02.71,0:12:04.36,Default,,0000,0000,0000,,Password.
Dialogue: 0,0:12:05.58,0:12:09.26,Default,,0000,0000,0000,,And then I'm going to hit enter.
Dialogue: 0,0:12:15.24,0:12:17.22,Default,,0000,0000,0000,,So, it says incorrect,
Dialogue: 0,0:12:17.22,0:12:19.36,Default,,0000,0000,0000,,and that is fine.
Dialogue: 0,0:12:22.32,0:12:24.90,Default,,0000,0000,0000,,What I like to do, actually, is knowing
Dialogue: 0,0:12:24.90,0:12:28.14,Default,,0000,0000,0000,,because I know that I put RedBlue in
Dialogue: 0,0:12:28.14,0:12:32.30,Default,,0000,0000,0000,,there, I actually like to search on that
Dialogue: 0,0:12:32.30,0:12:37.74,Default,,0000,0000,0000,,and search for all, and then hit enter.
Dialogue: 0,0:12:37.74,0:12:40.92,Default,,0000,0000,0000,,And I've got a post here. We found the
Dialogue: 0,0:12:40.92,0:12:42.84,Default,,0000,0000,0000,,post where
Dialogue: 0,0:12:42.84,0:12:45.18,Default,,0000,0000,0000,,my password and name was put in there.
Dialogue: 0,0:12:45.18,0:12:48.72,Default,,0000,0000,0000,,Let's open up resend. And you can see my
Dialogue: 0,0:12:48.72,0:12:51.66,Default,,0000,0000,0000,,username here and the password there. So,
Dialogue: 0,0:12:51.66,0:12:53.48,Default,,0000,0000,0000,,what we're going to do is actually fuzz
Dialogue: 0,0:12:53.48,0:12:57.24,Default,,0000,0000,0000,,on that password there.
Dialogue: 0,0:12:57.24,0:12:59.16,Default,,0000,0000,0000,,So, we've got it selected, I'm going to
Dialogue: 0,0:12:59.16,0:13:00.60,Default,,0000,0000,0000,,remove that because I just do that every
Dialogue: 0,0:13:00.60,0:13:02.94,Default,,0000,0000,0000,,time. I'm going to double-click, and we're
Dialogue: 0,0:13:02.94,0:13:07.02,Default,,0000,0000,0000,,going to add the word list that it
Dialogue: 0,0:13:07.02,0:13:08.70,Default,,0000,0000,0000,,is recommending. So, in this case, it was
Dialogue: 0,0:13:08.70,0:13:09.100,Default,,0000,0000,0000,,FastTrack.
Dialogue: 0,0:13:11.28,0:13:14.82,Default,,0000,0000,0000,,We'll find word lists.
Dialogue: 0,0:13:14.82,0:13:17.88,Default,,0000,0000,0000,,File. Select.
Dialogue: 0,0:13:17.88,0:13:20.34,Default,,0000,0000,0000,,Bingo bango.
Dialogue: 0,0:13:20.34,0:13:22.68,Default,,0000,0000,0000,,Okay.
Dialogue: 0,0:13:22.68,0:13:24.18,Default,,0000,0000,0000,,Add.
Dialogue: 0,0:13:24.18,0:13:26.04,Default,,0000,0000,0000,,Okay.
Dialogue: 0,0:13:26.04,0:13:28.02,Default,,0000,0000,0000,,Options.
Dialogue: 0,0:13:28.02,0:13:31.16,Default,,0000,0000,0000,,Follow redirects
Dialogue: 0,0:13:33.00,0:13:36.50,Default,,0000,0000,0000,,and we are going to start the fuzzer.
Dialogue: 0,0:13:45.06,0:13:49.82,Default,,0000,0000,0000,,And we will investigate each of these
Dialogue: 0,0:13:50.04,0:13:53.00,Default,,0000,0000,0000,,reflected.
Dialogue: 0,0:14:04.68,0:14:06.72,Default,,0000,0000,0000,,We had a couple options that were
Dialogue: 0,0:14:06.72,0:14:08.04,Default,,0000,0000,0000,,good. Security
Dialogue: 0,0:14:08.04,0:14:12.98,Default,,0000,0000,0000,,and password. Let's try both of those.
Dialogue: 0,0:14:17.28,0:14:19.76,Default,,0000,0000,0000,,Password.
Dialogue: 0,0:14:24.96,0:14:29.18,Default,,0000,0000,0000,,So, we can see that this one is in fact
Dialogue: 0,0:14:29.18,0:14:31.62,Default,,0000,0000,0000,,the password that actually worked when
Dialogue: 0,0:14:31.62,0:14:33.84,Default,,0000,0000,0000,,we brute-forced it. So, it's just straight
Dialogue: 0,0:14:33.84,0:14:36.32,Default,,0000,0000,0000,,up password.
Dialogue: 0,0:14:36.90,0:14:39.30,Default,,0000,0000,0000,,There you go. So, that was
Dialogue: 0,0:14:39.30,0:14:43.04,Default,,0000,0000,0000,,brute-forcing with web login.
Dialogue: 0,0:14:43.04,0:14:45.30,Default,,0000,0000,0000,,ZAP extensions.
Dialogue: 0,0:14:45.30,0:14:47.64,Default,,0000,0000,0000,,So, ZAP's really cool and that it has
Dialogue: 0,0:14:47.64,0:14:49.26,Default,,0000,0000,0000,,a ton of extensions that we can actually
Dialogue: 0,0:14:49.26,0:14:51.54,Default,,0000,0000,0000,,add to
Dialogue: 0,0:14:51.54,0:14:56.10,Default,,0000,0000,0000,,our tool. And in this page, this part
Dialogue: 0,0:14:56.10,0:14:56.88,Default,,0000,0000,0000,,here, they're actually giving us
Dialogue: 0,0:14:56.88,0:14:59.46,Default,,0000,0000,0000,,instructions on where to find some of
Dialogue: 0,0:14:59.46,0:15:01.20,Default,,0000,0000,0000,,these tools. So, I recommend going ahead
Dialogue: 0,0:15:01.20,0:15:03.54,Default,,0000,0000,0000,,and actually locating these things, and
Dialogue: 0,0:15:03.54,0:15:04.92,Default,,0000,0000,0000,,and testing them out if you're enjoying
Dialogue: 0,0:15:04.92,0:15:07.14,Default,,0000,0000,0000,,ZAP. Then, learn more about these
Dialogue: 0,0:15:07.14,0:15:08.88,Default,,0000,0000,0000,,things, and maybe you can even build your
Dialogue: 0,0:15:08.88,0:15:12.23,Default,,0000,0000,0000,,own scripts that we can add. But for TryHackMe,
Dialogue: 0,0:15:12.23,0:15:13.62,Default,,0000,0000,0000,,we are
Dialogue: 0,0:15:13.62,0:15:16.98,Default,,0000,0000,0000,,happy with knowing that we can do that.
Dialogue: 0,0:15:16.98,0:15:19.26,Default,,0000,0000,0000,,Let's go on to task 10.
Dialogue: 0,0:15:21.30,0:15:24.72,Default,,0000,0000,0000,,And it's more documentation, though,
Dialogue: 0,0:15:24.72,0:15:27.78,Default,,0000,0000,0000,,I kind of find it funny about this
Dialogue: 0,0:15:28.92,0:15:31.38,Default,,0000,0000,0000,,particular section is that it...
Dialogue: 0,0:15:31.38,0:15:32.94,Default,,0000,0000,0000,,The author's, like, "Yeah that's pretty
Dialogue: 0,0:15:32.94,0:15:35.28,Default,,0000,0000,0000,,much all there is." Which is kind
Dialogue: 0,0:15:35.28,0:15:37.14,Default,,0000,0000,0000,,of true. Because Burp is so
Dialogue: 0,0:15:37.14,0:15:39.06,Default,,0000,0000,0000,,popular, it's got so much documentation
Dialogue: 0,0:15:39.06,0:15:40.56,Default,,0000,0000,0000,,on it,
Dialogue: 0,0:15:40.56,0:15:43.08,Default,,0000,0000,0000,,it's just so widely adopted that ZAP
Dialogue: 0,0:15:43.08,0:15:44.70,Default,,0000,0000,0000,,sort of has been put into the
Dialogue: 0,0:15:44.70,0:15:45.84,Default,,0000,0000,0000,,background.
Dialogue: 0,0:15:45.84,0:15:47.16,Default,,0000,0000,0000,,But I don't think that should be the
Dialogue: 0,0:15:47.16,0:15:49.20,Default,,0000,0000,0000,,case. It is actually a pretty cool tool,
Dialogue: 0,0:15:49.20,0:15:52.26,Default,,0000,0000,0000,,and it's been around a while, and it has...
Dialogue: 0,0:15:52.26,0:15:55.74,Default,,0000,0000,0000,,I just, I just, I enjoy using sound.
Dialogue: 0,0:15:55.74,0:15:57.90,Default,,0000,0000,0000,,There you go. So, we can finish this room
Dialogue: 0,0:15:57.90,0:16:01.58,Default,,0000,0000,0000,,with a completed.
Dialogue: 0,0:16:02.52,0:16:04.74,Default,,0000,0000,0000,,And bingo bango. There you go. We have
Dialogue: 0,0:16:04.74,0:16:08.52,Default,,0000,0000,0000,,finished the introduction to ZAP
Dialogue: 0,0:16:08.52,0:16:10.43,Default,,0000,0000,0000,,room. Thanks for watching.