1
00:00:00,120 --> 00:00:02,340
Hello everybody and welcome back.

2
00:00:02,370 --> 00:00:09,740
In the previous lecture we discussed what was an HDTV request and right now we will discuss what an

3
00:00:09,750 --> 00:00:11,790
age GDP responses.

4
00:00:12,060 --> 00:00:15,840
So as I said they are very similar to the responses.

5
00:00:15,840 --> 00:00:24,180
Basically what servers since back to us for example when we sent an HDP request with to get and then

6
00:00:24,180 --> 00:00:28,520
some in the name of some page we basically want the server to send us that page back.

7
00:00:29,190 --> 00:00:37,170
So it will send us the HDP response e the email code of that server and that's how we load the pages

8
00:00:38,690 --> 00:00:43,030
so that the C the basic structure of the HDP responds.

9
00:00:43,040 --> 00:00:50,550
Here I have a picture and let me just enlarge this a little bit as we can see it right here.

10
00:00:50,550 --> 00:00:53,390
The upper part is the header.

11
00:00:54,120 --> 00:00:56,580
The center of the HDP response.

12
00:00:56,580 --> 00:01:03,860
As I said the HDP responds the consisted of two things which is the header and the body in the header.

13
00:01:03,870 --> 00:01:10,770
We get these information about the server and in the body we basically get the content on the website

14
00:01:10,910 --> 00:01:14,000
each team our code which is basically just the page itself.

15
00:01:15,030 --> 00:01:22,730
So the HDP response starts with the protocol which is current version one point one and then the status

16
00:01:22,740 --> 00:01:30,780
code the state's code basically represents the to Congress right here as we can see it represents the

17
00:01:32,840 --> 00:01:35,450
operation was successfully done.

18
00:01:35,480 --> 00:01:41,480
Now you can also have some of the other codes right here for example if the number right here starts

19
00:01:41,480 --> 00:01:42,510
with four.

20
00:01:42,590 --> 00:01:48,650
That means that you have also an error in a request if the number of cures does for example with five.

21
00:01:48,890 --> 00:01:51,860
There is an error but this is not an error on the client side.

22
00:01:51,860 --> 00:01:53,870
This is an error on the server side.

23
00:01:53,930 --> 00:02:01,370
So the four hundred and then some number is the error in the request site or on decline site and the

24
00:02:01,410 --> 00:02:09,440
500 and then some number the error on the server side also as you said to means that operation was successfully

25
00:02:09,440 --> 00:02:13,930
done and the three hundred means redirection of the Web site.

26
00:02:13,940 --> 00:02:19,520
So for example you try to visit some of Web site and it redirects you to another Web site that will

27
00:02:19,520 --> 00:02:25,700
be specified with the status code of 310 something.

28
00:02:25,810 --> 00:02:29,760
Now there are some of the things that we need to remember right here.

29
00:02:29,840 --> 00:02:33,490
A date doesn't really matter to us that much.

30
00:02:33,490 --> 00:02:43,140
The server is basically important since it keeps us the version of the uh the version and type of the

31
00:02:43,140 --> 00:02:50,700
server itself as it says right here it is a patch 2.0 point sixty three Unix and it is useful for us

32
00:02:50,730 --> 00:02:57,810
attackers because we basically get the permission of the server and we can use it just paste in the

33
00:02:57,810 --> 00:03:01,080
Google and try to find any specific vulnerabilities for that version.

34
00:03:03,160 --> 00:03:08,770
So today some deep web sites even leap out this option.

35
00:03:08,770 --> 00:03:14,450
Right here in the A.P. response just because it is so valuable to the attackers.

36
00:03:14,560 --> 00:03:16,810
But most of them still have it.

37
00:03:16,810 --> 00:03:23,680
So who will be using this option as well in order to try to find and gather some of the other vulnerabilities

38
00:03:23,770 --> 00:03:27,260
for that specific version of the server.

39
00:03:27,300 --> 00:03:33,240
The next thing we are interested in is a thing that isn't freely specified envisage the response but

40
00:03:33,240 --> 00:03:38,090
it's basically a set slash asset minus cookie option.

41
00:03:38,160 --> 00:03:42,910
It is the server that is setting a cookie value for our selves.

42
00:03:42,930 --> 00:03:49,470
So it is basically sending a cookie value that it assigns to my machine in order to track my session

43
00:03:51,460 --> 00:03:54,180
so it is also an important thing.

44
00:03:54,410 --> 00:04:00,870
The here you can see that each other antibody response is divided by these blank line.

45
00:04:00,910 --> 00:04:07,360
So you need to remember it's like that you can basically just remember it as in the content or the body

46
00:04:07,420 --> 00:04:14,500
of the response it will be an HDMI code which is easy to recognize these arrows and basically always

47
00:04:14,500 --> 00:04:18,550
begins with these arrows and closes with these same arrows.

48
00:04:18,700 --> 00:04:24,480
So you will easily know what the HDMI code is now.

49
00:04:24,500 --> 00:04:28,440
That's some of the things that you need to know from the SDP response.

50
00:04:28,900 --> 00:04:36,550
But before we continue there is another thing that I want you to know which is the ATP methods available

51
00:04:37,800 --> 00:04:45,950
the methods are basically that just open my machine that is just log in.

52
00:04:45,950 --> 00:04:50,780
Now we covered one method already in our first ATP request video.

53
00:04:51,030 --> 00:04:53,240
We covered the get method.

54
00:04:53,280 --> 00:05:02,250
So basically when I type the Google dot com or let's say Facebook dot com I sent an SRT P request with

55
00:05:02,250 --> 00:05:07,680
the get method which basically just requested from the server this page.

56
00:05:07,770 --> 00:05:10,080
Now there are a few other methods.

57
00:05:10,080 --> 00:05:14,600
For example post had trays put delete options.

58
00:05:14,610 --> 00:05:18,170
Those are all bunch of the methods that you can send to the server.

59
00:05:18,240 --> 00:05:22,980
The most important for us would be the get method which we have that cover which is just requesting

60
00:05:22,980 --> 00:05:25,360
the website and the post method.

61
00:05:25,500 --> 00:05:30,580
Now the post method is basically sending some of the information to the server.

62
00:05:30,660 --> 00:05:33,930
Now you might be asking what kind of information do we want to send.

63
00:05:33,930 --> 00:05:39,170
Well a simple example would be a sending user username and password.

64
00:05:39,270 --> 00:05:41,270
It is done with the post method.

65
00:05:41,310 --> 00:05:45,720
So let me just open up the picture again so we open the request header.

66
00:05:46,350 --> 00:05:49,270
And here we can see the get method now instead of the get.

67
00:05:49,620 --> 00:05:52,450
If we did a post request it would type here.

68
00:05:52,480 --> 00:05:54,190
Post.

69
00:05:54,410 --> 00:05:58,500
So basically just feel testy.

70
00:05:59,060 --> 00:06:09,240
So the post request would be if we for example on email type here anything and pressed here log in.

71
00:06:09,320 --> 00:06:12,680
This is us sending a post request.

72
00:06:12,980 --> 00:06:15,020
Now it asks.

73
00:06:15,320 --> 00:06:17,310
Of course this isn't a valid account.

74
00:06:17,420 --> 00:06:24,200
We can see we've got someone named Pablo Canseco or whatever that name is.

75
00:06:24,980 --> 00:06:28,610
So that is sending the post request.

76
00:06:28,670 --> 00:06:35,950
Now I will explain it a little bit further once we get to the verb suit installation No not installation

77
00:06:36,010 --> 00:06:38,660
mode most likely configuration since it is.

78
00:06:38,690 --> 00:06:45,580
It can be a little bit difficult to configure first time so I will beat you to that process.

79
00:06:46,040 --> 00:06:51,740
Just for now unquote quotas and show you how you can scan with the things that we did learn already

80
00:06:53,150 --> 00:07:00,600
the available methods HDP methods on a certain website so for example you want to scan a website and

81
00:07:00,600 --> 00:07:07,440
see if there is a post method available had the method available the lead method available or any other

82
00:07:07,440 --> 00:07:08,210
method.

83
00:07:08,460 --> 00:07:10,970
You can do that with a simple map screen.

84
00:07:11,310 --> 00:07:13,350
So we already covered and map before.

85
00:07:13,350 --> 00:07:19,020
So let's just go into our scripts folder which is under this path right here.

86
00:07:19,020 --> 00:07:20,320
Users share that map.

87
00:07:20,370 --> 00:07:25,580
Scripts and what we want to find is the ETP method script.

88
00:07:25,590 --> 00:07:27,480
So let me just type here.

89
00:07:27,540 --> 00:07:34,740
L S in order to list and interest try to correct the HDP.

90
00:07:34,890 --> 00:07:38,220
Yes I forgot the comment grab right here.

91
00:07:38,540 --> 00:07:40,350
As you can see there is a lot of them.

92
00:07:40,350 --> 00:07:41,740
So let me just type here.

93
00:07:41,760 --> 00:07:47,760
Alice Webb and then method may be lists like in type.

94
00:07:47,760 --> 00:07:50,870
Maybe it lists less options as we can see.

95
00:07:50,890 --> 00:07:58,690
There it is and this is the script that we want which is HDP minus method start N S E.

96
00:07:59,120 --> 00:08:06,440
So in order to run that on our OS with a machine that showed how to install before it just check you

97
00:08:06,460 --> 00:08:09,470
so the IP address is not one but nine.

98
00:08:09,670 --> 00:08:12,160
So we just write here and map.

99
00:08:12,160 --> 00:08:18,000
And then minus minus script and then equals.

100
00:08:18,000 --> 00:08:20,390
And now we will copy the script name

101
00:08:23,760 --> 00:08:28,380
pasted right here and then we'll specify specified reports that it should scan.

102
00:08:28,380 --> 00:08:32,010
So it shouldn't really scan all of the ports it isn't necessary.

103
00:08:32,010 --> 00:08:38,440
We know that the DP ports in U.S. ports are 80 and 443.

104
00:08:38,520 --> 00:08:45,660
Now we will also add the port 88 since it can be relatively commonly used as an alternative path to

105
00:08:45,680 --> 00:08:46,200
80.

106
00:08:46,260 --> 00:08:55,200
So let us just type here p minus p for the ports and type here 80 which the Port Authority which is

107
00:08:55,200 --> 00:08:59,540
the port for each DP s and port 88.

108
00:09:00,150 --> 00:09:04,230
And now at the end we want to specify our IP address of the target.

109
00:09:04,230 --> 00:09:09,240
So it is that one dot nine.

110
00:09:09,260 --> 00:09:10,740
Now let this run.

111
00:09:10,770 --> 00:09:14,940
I'm not really sure how long it should take it should finish relatively fast.

112
00:09:14,940 --> 00:09:24,420
Should we go and we can see that it keeps us the output port 80 DP open and GDP and available methods.

113
00:09:24,990 --> 00:09:31,890
We can see right here support methods get ahead post options and trace these are some of these GDP methods

114
00:09:32,700 --> 00:09:41,790
and potentially risky methods is trace so we can see that with this map script we can gather the available

115
00:09:41,790 --> 00:09:50,720
methods for any website with a specified port now in order for us to use the packets that are going

116
00:09:51,260 --> 00:09:59,600
to the website then back we need to use our proxy and for that proxy we will use purpose it which will

117
00:09:59,600 --> 00:10:08,360
let us see all of our packets that we are sending and to let us change them and also it is used for

118
00:10:08,360 --> 00:10:14,720
some of the attacks such as a simple brute forced onto the website the session hijacking and bunch of

119
00:10:14,810 --> 00:10:16,150
other attacks.

120
00:10:16,190 --> 00:10:20,750
Now the process of making the Burchett as your proxy can be a little tricky.

121
00:10:20,750 --> 00:10:24,140
So I will show you how to do that in the next video.

122
00:10:24,140 --> 00:10:26,660
And until then I hope you're having a great day.

123
00:10:26,690 --> 00:10:27,310
Take care.