1
00:00:00,210 --> 00:00:02,400
Hello everybody and welcome back.

2
00:00:02,400 --> 00:00:07,530
And in this tutorial we will start coding our basic authentication brute force.

3
00:00:07,650 --> 00:00:12,580
And this will be the last video in this article hacking beginner to advanced course.

4
00:00:12,600 --> 00:00:19,950
Now after you finish this you will have twenty five plus hours of ethical hacking videos where you can

5
00:00:20,220 --> 00:00:25,130
learn everything from basics to later a little bit more advanced stuff.

6
00:00:25,170 --> 00:00:32,600
Now basically right now as I said we want to code the brute force or in python.

7
00:00:32,700 --> 00:00:36,260
So let us first see what basic authentication is.

8
00:00:36,270 --> 00:00:42,680
So let us go on our terminal and just open up our burps ID.

9
00:00:43,330 --> 00:00:48,050
So we'll have to show you what a basic notification example looks like.

10
00:00:48,050 --> 00:00:54,530
So every time you go here you just close this from a previous video.

11
00:00:54,750 --> 00:00:58,430
And for example open up my router right here.

12
00:00:58,430 --> 00:01:04,220
It will open up this window which will require the username and password.

13
00:01:04,310 --> 00:01:07,670
So this is the example of a basic authentication.

14
00:01:07,670 --> 00:01:09,680
Now how do you know it's basic authentication.

15
00:01:09,740 --> 00:01:14,300
Well simply I will just show you right now as you can see right here it doesn't say is if you don't

16
00:01:14,300 --> 00:01:19,700
specify username and password protected object is the object the rampage server is protected.

17
00:01:19,700 --> 00:01:25,850
So right now in order for us to seeded it with these basic authentication we will open up our suit and

18
00:01:25,850 --> 00:01:30,460
we will inspect our packet before we actually start coding our brute force.

19
00:01:30,740 --> 00:01:32,780
So open the Burchett

20
00:01:36,290 --> 00:01:38,000
they should take a few seconds.

21
00:01:38,140 --> 00:01:44,410
And right after we open it we need to do the regular soft such as turning the intercept off and also

22
00:01:44,800 --> 00:01:48,880
the using the verb suit this proxy in our Firefox.

23
00:01:48,880 --> 00:01:58,110
So right here go intercept off now then right here you go to your three lines right here.

24
00:01:58,120 --> 00:01:59,640
Go to Preferences.

25
00:01:59,770 --> 00:02:04,420
Now if you skipped the Web site penetration testing section you will not know how to do this.

26
00:02:04,420 --> 00:02:06,430
That's why I'm spending once again.

27
00:02:06,430 --> 00:02:11,240
So scroll down all the way to the lower part where it says network proxy.

28
00:02:11,260 --> 00:02:17,200
Click on the settings right here and here instead of the no proxy you want to setup manual proxy configuration

29
00:02:17,590 --> 00:02:22,180
which will be HDP proxy on your local coast at Port 88.

30
00:02:22,570 --> 00:02:29,900
You want to make sure to select all of these to be the same and also use Sox 5 before we wi fi by them.

31
00:02:30,130 --> 00:02:31,380
So we want to Sox 5.

32
00:02:31,570 --> 00:02:32,090
Click here.

33
00:02:32,110 --> 00:02:33,140
OK.

34
00:02:33,340 --> 00:02:34,720
And now we are good to go.

35
00:02:34,930 --> 00:02:41,580
So right now if I just go right here and turn the intercept back on and call right here and the first

36
00:02:41,710 --> 00:02:46,870
page now you will see it will ask us for a back if we want to forward this packet.

37
00:02:46,870 --> 00:02:52,830
Right now it will prompt us for the username and password so we can type here anything.

38
00:02:53,800 --> 00:02:56,110
It doesn't really matter we click here OK.

39
00:02:56,560 --> 00:03:05,800
And here we have the the packet where we actually send the authentication for that page as we can see

40
00:03:05,800 --> 00:03:07,720
we know that it is basic authentication.

41
00:03:07,750 --> 00:03:13,030
As it says in the lower part of authentication or pardon me authorization basic.

42
00:03:14,020 --> 00:03:17,530
So this is the authorization that we will actually try to brute force.

43
00:03:17,530 --> 00:03:25,390
So this program will work for every website or every logon page or every quarter that uses basic authentication.

44
00:03:25,390 --> 00:03:27,230
Now this is the most simple use of it.

45
00:03:27,280 --> 00:03:33,090
So we'll will try to code the the program to actually use multiple threads in order to perform that

46
00:03:33,090 --> 00:03:33,920
route.

47
00:03:34,390 --> 00:03:40,630
After that we will add some of the passing options with our parser which will actually specify the options

48
00:03:40,660 --> 00:03:42,310
indices argument.

49
00:03:42,310 --> 00:03:48,220
Now what I mean by that is let me just close this right now since we do not need to repurpose it anymore.

50
00:03:48,220 --> 00:03:51,340
I just wanted to show you this what it looks like.

51
00:03:51,450 --> 00:03:57,810
And right here we can set back the preferences to be no proxy since we will not really be needing burp

52
00:03:57,820 --> 00:03:59,020
suit anymore.

53
00:03:59,110 --> 00:04:01,580
We only used it in order for me to show you.

54
00:04:01,580 --> 00:04:06,800
So just set everything back as normal and we can close this page.

55
00:04:07,390 --> 00:04:10,870
Now what I mean we will set be that we will be setting up options.

56
00:04:10,870 --> 00:04:17,590
I mean for example if you as Max changer it will ask you for these options or for the available options

57
00:04:17,590 --> 00:04:22,640
for this device or basically for these programs if you just type your Mac how Mac change does this how

58
00:04:22,640 --> 00:04:27,670
people say you need specify these options in order for it to perform these tasks right here.

59
00:04:28,000 --> 00:04:30,700
So will try to code something similar to this.

60
00:04:30,790 --> 00:04:35,620
We will add our own options and we will actually say which option does what.

61
00:04:35,620 --> 00:04:37,860
And then we will be able to run our program.

62
00:04:38,320 --> 00:04:45,660
So right here let us make a directory which is called for example brute force.

63
00:04:46,430 --> 00:04:50,290
Now let's change our direct route to the brute force.

64
00:04:50,410 --> 00:04:53,370
Here we do not have anything since we didn't code anything yet.

65
00:04:53,500 --> 00:04:57,260
But let us now our basic authentication not be why.

66
00:04:57,350 --> 00:05:03,310
So now basic out in the nation lot.

67
00:05:03,330 --> 00:05:06,890
B Why not a little bit long name but it doesn't really matter.

68
00:05:06,940 --> 00:05:11,950
You can call it anything you want as usual but the specified path to our python.

69
00:05:13,700 --> 00:05:19,570
Now let's see what really we really need to perform in order to code this properly.

70
00:05:19,570 --> 00:05:26,830
So we will actually need to import e threading library since we are using these threats in order to

71
00:05:26,830 --> 00:05:27,880
brute force.

72
00:05:27,880 --> 00:05:32,830
We will also need to import a deceased library which allows us to actually select the options to be

73
00:05:32,890 --> 00:05:35,600
as IndyMac changed program for example.

74
00:05:35,800 --> 00:05:40,870
What we will need to do we will need a file that will contain all the password lists that we will actually

75
00:05:40,870 --> 00:05:42,750
use in order to brute force.

76
00:05:42,820 --> 00:05:45,550
That is also something that we will need.

77
00:05:45,700 --> 00:05:50,530
What we will also need basically we can add some additional options such as for example banner for our

78
00:05:50,530 --> 00:05:51,280
program.

79
00:05:51,430 --> 00:05:55,720
And we also need the usage in order for users to know how they can use our program.

80
00:05:56,740 --> 00:05:58,630
So let us start off with this.

81
00:05:58,660 --> 00:06:05,380
So let us first in order for us to actually send anything over the Internet whether it is basic authentication

82
00:06:05,740 --> 00:06:11,590
or sending packets or this or that we need to import the requests library that library allows us to

83
00:06:11,590 --> 00:06:17,020
actually send packets and send usernames and passwords with a simple one line comment.

84
00:06:17,020 --> 00:06:23,330
So let us import requests then let us import threading.

85
00:06:23,340 --> 00:06:31,750
But let us a supporter be different so from threading import thread we also need to import.

86
00:06:31,770 --> 00:06:36,770
As I said before in order for us to parse the arguments way to import.

87
00:06:36,990 --> 00:06:40,140
Well from now on that will actually be at CES.

88
00:06:40,170 --> 00:06:45,880
So we can actually use the system arguments and to parse the options we actually need to import to get

89
00:06:45,930 --> 00:06:46,800
opt libraries.

90
00:06:46,800 --> 00:06:50,080
So import pops.

91
00:06:50,700 --> 00:06:53,690
Now we used all of these libraries instead of this one.

92
00:06:53,700 --> 00:06:57,960
So you will be not familiar with this library but it is not that hard.

93
00:06:57,960 --> 00:06:59,550
We have a few lines with it.

94
00:06:59,580 --> 00:07:02,210
So it won't really present any problem.

95
00:07:02,940 --> 00:07:08,550
And right now let us see what we can actually do in order to make our program work.

96
00:07:08,550 --> 00:07:15,840
So let us actually add a banner to our program so users get notified it looks pretty or so and that

97
00:07:15,840 --> 00:07:20,640
is very simple to do that to start a function called banner.

98
00:07:20,790 --> 00:07:26,970
It will not take any arguments we will just call it and we can print something that looks well that

99
00:07:27,330 --> 00:07:28,040
looks pretty.

100
00:07:28,040 --> 00:07:35,880
So we can just go like I don't know we can just type here hashes that we print.

101
00:07:35,880 --> 00:07:51,010
Once again bring something like this for example our basic basic brute force.

102
00:07:51,130 --> 00:07:53,410
It doesn't really matter.

103
00:07:53,620 --> 00:07:55,470
You can name it anything you want.

104
00:07:55,480 --> 00:08:01,600
This just so it looks a little bit prettier so at the double quotes at the end and here let's print

105
00:08:01,600 --> 00:08:03,550
another row of the hashes

106
00:08:07,580 --> 00:08:09,830
so this is what I call a simple banner.

107
00:08:09,920 --> 00:08:16,560
And in order for us to run it you can just type your banner and save this file and check out if it works.

108
00:08:17,210 --> 00:08:21,760
Now this is something that we want to run for example at the beginning of every program.

109
00:08:21,800 --> 00:08:26,840
So it actually prints out this banner which can be a little bit prettier but it doesn't matter in our

110
00:08:26,840 --> 00:08:27,180
case.

111
00:08:27,200 --> 00:08:29,060
So let us continue this.

112
00:08:29,060 --> 00:08:31,520
Not really anything important.

113
00:08:31,560 --> 00:08:41,240
So what right now what we actually want to do is let the sexually cool D function where we will actually

114
00:08:41,240 --> 00:08:43,130
pass our arguments.

115
00:08:43,130 --> 00:08:48,830
So in those arguments we will actually specify all the things that people use in order to run a command

116
00:08:49,310 --> 00:08:52,880
and we will specify the other functions that we will use in our program.

117
00:08:53,420 --> 00:08:56,100
So let's call that function start.

118
00:08:56,120 --> 00:08:57,980
So start right here.

119
00:08:58,190 --> 00:09:02,030
And what we want to pass in this function is our arguments.

120
00:09:02,060 --> 00:09:08,990
So in order to pass multiple arguments select your R B and then the close brackets and then go basically

121
00:09:08,990 --> 00:09:12,140
to the to the function itself.

122
00:09:12,140 --> 00:09:16,760
But before we call the function itself let us actually call the main part of the program which will

123
00:09:16,760 --> 00:09:18,130
call this function.

124
00:09:18,290 --> 00:09:20,330
And in order to do that let's just type here.

125
00:09:20,390 --> 00:09:29,610
If that dash dash name that Def equals equals and then under the double the double code that dash may.

126
00:09:30,830 --> 00:09:32,320
This is something that Python has.

127
00:09:32,330 --> 00:09:34,310
So just copy this.

128
00:09:34,310 --> 00:09:37,770
It is the syntax for the python program and then try.

129
00:09:37,790 --> 00:09:39,590
We will run the try and accept.

130
00:09:39,590 --> 00:09:46,370
So we will try to run the program with easy arguments which is basically the arguments that we will

131
00:09:46,370 --> 00:09:54,320
specify in our terminal code or terminal command and what we want to try is actually run the commands

132
00:09:54,440 --> 00:09:57,080
one from the end above.

133
00:09:57,560 --> 00:10:05,750
Now why am I using one and then 2 1 and above is basically because the first the command or first actually

134
00:10:05,750 --> 00:10:09,590
word in our command will be the program name itself.

135
00:10:09,590 --> 00:10:12,710
So we do not want to pass that command as well.

136
00:10:12,710 --> 00:10:18,590
We only want to pass everything that comes after the program name which would be for example dash w

137
00:10:18,590 --> 00:10:20,950
or dash something else or we will see.

138
00:10:21,110 --> 00:10:24,710
So we only want to pass the arguments that are not the name of the program.

139
00:10:24,710 --> 00:10:26,790
So we go from day one and above.

140
00:10:26,960 --> 00:10:31,240
Now we can run this to accept keyboard interrupt

141
00:10:33,870 --> 00:10:44,740
so it actually stops once we interrupt with keyboard we can print interrupted.

142
00:10:44,870 --> 00:10:47,750
So this is our main part of the program.

143
00:10:47,750 --> 00:10:54,980
Basically what we call the trade now is a simple banner which will print out the the simple banner for

144
00:10:54,980 --> 00:10:55,370
us.

145
00:10:55,370 --> 00:11:01,130
Then we call that if name equals man try to start this function that we go code in the next video.

146
00:11:01,130 --> 00:11:07,610
In other in any other cases if we actually want to stop the program we can just press and a key and

147
00:11:07,610 --> 00:11:10,850
it will print interrupted and in full closed the program.

148
00:11:10,850 --> 00:11:15,150
So this is just our basic for our brute force sir.

149
00:11:15,170 --> 00:11:19,250
We will continue with these start functions in the next video and hope I see you there.

150
00:11:19,400 --> 00:11:19,640
But.