Welcome to my course on python the purpose of this course is to help you learn python from a cyber security standpoint so the first part of this video we're going to be covering the basics and introduction into python so we're going to look at functions for Loops if statements as well as all the other important parts of python that you need to know and then we're going to move into scripting and we're going to Start writing our own cyber security tools and networking tools but after we finish that we're going to look at HTML and
CSS because at about the 5 hour mark we're going to move into server side programming and we're going to start looking at how to use Python to write serers side code so that way you can understand how vulnerable code works as well as secure code so we're going to use flask and Ginger 2 and you're going to be able to write out some vulnerable Code we're going to exploit it and then we're going to write out secure code we're going to look at SQL injection cross- site scripting server side request forgery open redirect and more
so my hope is that you will learn python from a security standpoint and for those of you who want to be bug bounty hunters or penetration testers that focus on web applications this is really going to help you be able to read python code understand how serers side code works And how to exploit it as well as being able to edit other people's Python scripts that you may come across on GitHub that you need to modify in order to get the exploit to work and at about the 10-hour Mark we're going to go ahead and
start exploiting some CTF so that way you can get a better understanding of exploiting some of the different vulnerabilities without code that you have written on the server so that way you can understand the code that you've Written and the code that other people has written and you'll better understand the exploits so let's go ahead and jump into this the links for the pie charm download is going to be in the description it'll take you straight to this page and if you are on Windows you can come over here for Windows or Linux and you
can download it um if you are running a Mac with the Silicon Valley chip you can click this right here and it'll automatically start the download You'll just click next next install and it will install for you and I already have it installed down here so we can go ahead and open this up you can create a new project I'm just going to use this project right here one of the first things we can do is just go ahead and delete this and we're going to be looking at the print function and the reason we're
going to be looking at print is because it is something that you are going to use all of the time we Are going to be printing to debug our code and printing to our terminal so that we can see the output later on of the tools that we make we need to be able to see what they're doing so that way we have that valuable information that our programs are supposed to be giving us so the first thing we're going to do is just type in the word print and there's several different ways to print
different information but we're going to start out with the basic hello world so You can add in your double quotes and even your single quotes whichever you would like and then we're just going to type in hello world and if we come over to our little run button over here and we hit run it's going to print to our console down here and it's going to tell us hello world now that seems pretty simple but there are a few things you should probably know and that is this right here is considered a string anytime you're
printing any information That is inside of single or double quotes you need to know that that is in fact a string because if we delete this and we try to run this it's going to give us this error and this going to tell us invalid syntax because it's trying to print these as variables instead of a string so we need to make sure that we have these inside of our double quotes and if you accidentally forget to close this off we're going to get this red squiggly telling us that There is an error and over
here will be our error as well and we should be able to hold our Mouse over it and it will tell us the problem we are missing the closed quote now let's say that this wasn't able to tell us the error that we had we could run it and and it's going to give us this error message down here and we could just copy it and take it to Google and paste it in probably the first couple of links in Google would tell us what our problem is and that is That we need this double
quote right here to get our code to work one thing you need to know about programming is that all programmers are there to do one thing and that is solve problems we write code and we write scripts in order to make our lives a lot easier as you're going to see lat later in this course when we get into our tool making we're going to be automating a lot of what we do on a day-to-day basis and we're even going to create some different ethical Hacking tools that will make our lives a lot easier so
in the most basic form this is the print statement which we're going to be using a lot and there's a lot more that we can do with print that we're going to see a little bit later on and this is a string and this is how we would print hello world to our console there are a few more things we can do with the print statement that are really simple that I want to show you right up front and first we if we wanted to print Let's say we believe in a Multiverse we want to
print hello world one hello world 2 and hello world 3 we can now run this and you're going to see that we have hello world 1 2 and three and we have them all on new lines here but let's say we were up here and we just said um comma hello world 2 and we run this you're going to see that this is all on one line but let's say our program needs to have columns and rows and we need this to be on a different Row we could delete our comma here and we can
just put in a back slash in and if we run this now you're going to see that we have it on a new line and in order to get these to line up we would delete that that space and now we have hello world 1 and hello world 2 but this is not the only way we can print this usually if I can get away with it I don't like to use the back slash in unless I really need something on a different line and so this is another Way to print hello world and to
get these on different lines but we can do a lot more with the print statement so instead of just putting something on a new line let's say we want to print our name we can say Ryan and then you can also put in a plus here and then we're going to put in John just like this and if we run this you're going to notice something interesting we have my name here all smashed together so if you're going to be printing something this way You'll need to have a space in one of these either right
here or right here and then if we run this you're going to see we have Ryan space John so it looks okay but you can also O come in here and add another set of quotes and you can just put in a space right here and then you'll have to add in another plus and now if we print this you're going to see we get the same output and if we delete our space here you're going to see that it is all together so this is another Way to concatenate or put together different strings and
there is more to this than just putting our strings together just like this so hopefully this all makes sense at this point but we can also save our name in variables so we can just say x equals and then remember that we need this to be a string and we can put our name and we can say y equals and then we can put in John just like this and now if we come down here and let's say we just want to Print the first my name we could just say print X and if we
run this it's going to print Ryan so this x right here is called a variable and its only purpose is to store the information over here so let's say I wanted to save an integer instead of my name I could just put in number five and then if I run this it's going to print the number five but we'll get to integers in just a second so we have my name right here and all the x is doing is saving this Information over here and Y is saving this information over here and in order to
print a variable we do not add in our quotations because if we add in our quotations it's going to assume this is a string and not a variable and it's just going to print X instead of printing our variable so we need to make sure that our variable is outside of quotes so our program knows that we're trying to print the variable instead of a string and so if we run this we get Ryan now what happens if we come in here and we say we want to print x + y when we go ahead
and run this we see that we do not have our space so let's say we want to add in our space well there's two ways we could do this we could just add a space in right here and then it's going to print but that is not the proper way to print or concatenate these two strings that are saved together in these variables what we would use is something called an F string and we'll Just go ahead and delete everything in here so that way you can understand how the FST string Works which we will
use in the future we put the F and then we put our quotes and now if we want to use our variables inside of our quotes we have to do some squiggly braces so if we put in X now inside of our FST string right here we can print this and you're going to get my name so we have this as an F string so now if we want to put a space in here between my name we can Just say print like this and then we can add in our squigglies and we can say
why and we should be able to print this and we get Ryan John and our space is right here so there is a lot more that we can do with the print statement but without giving you too much information too quickly I think we're going to stop right here and then as we need to learn more information about the print statement in the future I will go ahead and give you that information when the Time comes but this is the basics of the print statement and how we're going to get it to work and a
little bit of a Basics with variables which we're going to see how we can store information in variables in a little more detail coming up real quickly all right now let's go ahead and look at the input function instead of just having the print function right here so we'll go ahead and delete all of this and let's say we want an IP address so that we can run Our new tool or scan against an IP address instead of saying saying something like print what is the target IP question mark if we print this all it's
going to do is print and we can't actually do any input down here it's just printing what is the IP address but what we could do is take this and instead we can say input and now we have this input right here and it's going to say what is the IP address and if we run this now it's going to ask Us to input an IP address so we can say 10 10 10 10 and if we run this it's going to execute the code and complete with zero errors but nothing actually happened we want
to make sure that something's actually happening and first I like to have a space right here so we can go ahead and add a space right there but now that we have this input we we want to do something with this input so we can say that we want to print the IP address and so we can say the IP so we Want this to be be saved as a variable and something that's very interesting that we can do with inputs is we can save them inside of variables so we can actually say IP equals
and then it is going to equal this input right here and then we can print the IP which I typed in it so now we can print this IP address down here and we can say the IP is whatever so we'll come over here and we'll put in some quotes and we'll add in our plus and We'll say the IP you entered is and then we'll have the IP address so we can run this now and we can come down here and say 10 10 10 10 and if we run this it's going to print
the IP you entered is right here or we could say something like scanning the Target and then it'll have the IP address right here instead of just saying the IP you entered this would be more realistic if we were running a tool we would put something like this we're scanning the target of The IP address that was entered but there's also another way you can do all of this and make it look pretty simple so what we can do is just delete all of this and we can just say we want an input so we
can just say enter and that should load for us and we're going to ask for an IP address and we'll say what IP would you like to Target and we can add our question mark and our space but remember if we just run this we're not going to be able to add or put anything Down here this is just going to take our input and then it's going to run and it's going to finish out the code but what we could do is we could say something like print and then we can put all of
this inside of our print statement and remember because we have a open parentheses right here and here we are going to have to have two in order to close everything off and now we can type in what we're targeting over here so we could put in like our quotes right Here and we can say you are targeting and then this is going to Target the input that has been put over here so we can add our plus right here so now we should be able to Target the IP address let's run this and see if
it works so we can say what IP would we like to Target 10 10 10 10 and then if we hit enter it's going to print out for us you are targeting and this is the IP address that we have entered so you can see there are several different ways to do Almost anything in the world of programming we have our print statement and our input statement both right here with this concatenation right here or you can take the input and then pass it through a print statement a little bit later on like we saw
in the first example so you can go ahead and play around with the print statements and maybe make a print statement that takes the user's first name and then adds on through a different input the last name So go ahead and play with the print statements and the input statements and try and make your own input and print statements so the way you're very familiar with how to use these let's take a another look at variables so we'll go ahead and just comment this out and we want to take a look at variables and numbers
and then I also want to show you the link function so we've already talked a little bit about variables such as say x = 5 and then we can say y = 7 And then we could if we wanted to print and we can just say x + y and we can run this and in our console down here we get 12 which is right and if we if you remember if we put this inside of some quotations this is just going to print it for us as we have it written x + y because
our variables get sent through as variables without having the quotes but what if we say x equals Ryan and 7 equals John you remember that these need to have quotes around them Because they are strings and so we would need to have quotes in order to get this to work so if you just put X in here like this and we run this we're going to get an error because Ryan is not defined because it is a string but if we put five back in here and we run it we're going to get five down
here and it is going to work and if we say x + y what do you think is going to happen we run this and we get an error and the reason for this is one is an integer meaning it Is a number and one is a string and these cannot be added together they must be the same so we could take X right here and we could say we want to turn turn it into a string and so you could put it into quotes like this and now we have this Str Str which is
defining our X or rather redefining our X as a string and if we hit enter it says five John and if we wanted to we could just add a space in here and we could run this again and we get our space right here And this will change the X into a string now we could also do something like this that is Al going to be useful and you will be seeing this in the future and you will need to know how to do this cuz you're going to use it in the future is to
take this x right here and it is let's say it is a string so it is in quotes right here sometimes you'll get data back and it's going to be as a string but really you need the integer and you can Actually come down here and we can print this as a string and we're we're going to then show and then I want to show you that we can change this back to an integer because sometimes you will see this in the future so we'd have this back as seven and if we run this we're
going to have an error because we have the string is not an integer it needs to be an integer this five needs to be an integer for us to be able to add it so we could just say int for integer and Then we can do this and it will change our X back into an integer even though it has those quotations and then it will add this together so that it all works so I wanted to show you some variables and then I also wanted to show you there is a bunch of extra functions
within python that you're just going to have to learn about and when we get into our projects that we're going to be building later we'll be using things like the integers and the strings and the length Um really regularly so you will be able to see these and become familiar with them in the future I just didn't want to dump all of these on you in the future so I kind of am going to sprinkle some of this this information like the strings and integers throughout the progression of this course and as encouragement one thing
you have to remember in programming by now you are probably feeling overwhelmed and we're only 15 to 20 minutes into this course And you have to look at it this way in the world of programming you start out knowing nothing at all and the information every bit of information you get is new and so it's going to feel very overwhelming because you're going to be getting all of this new information right here and then eventually it'll start to round out like this and then you'll start to get just a little bit of new information every
now and then so as your experience goes on The more the learning curve starts to flatten out so if you see this the longer the experience you have the less learning you're going to be doing but in the beginning this curve right here really does go up exponentially and I remember that feeling of there is so much information but just keep going keep on studying and it will all click and sometime in the future you're going to look back and think this isn't that hard and you will remember the feeling Of being overwhelmed but programming
really isn't that difficult it just has a lot of information right here on the front end so I want you now to do this right here I want you to take a first name as a variable right here and then take a last name as a variable so you're going to have two variables and one's going to be a first name and a last name and then print to the console your name is and for my case it would be Ryan John and you're going to print it through These variables you've seen everything necessary at
this point in order to do our first task right here and so if you want you can pause this video and go ahead and try and Tackle this on your own but if you don't remember where to start just keep following along with the video and then if things start to click go ahead pause the video and solve it on your own because you're going to learn the best when you are practicing so let's let's go ahead and we'll delete All of this so we're going to take the first name as a variable so what
we can do is we can just say F name for first name and we're going to say it equals and we want an input and we can say what is your name question mark space and then we can come down here and we can say l name for last name and we will say equals input and then we want to say what is what is your last name question mark space and then we just want to print to The console which I apparently have spelled wrong here and I have variable spelled wrong but that's okay
and we're going to say this has an S right there and then we want to print your name is with these blanks right here so what we can do at this point is we can say say print quotes and your name is and then we have our variables and it is a we want to print F name and L name and I'm going to show you both ways you can do this and first you can add in our Fstring I prefer to use FST strings I think they are the easiest way to do something like
this so we can run this and see what our code looks like what is my first name Ryan what is my last name John and we have your name is Ryan John so we were able to write this little program by taking our first name last name and then printing it now you will see things done this way as well I think it is a little more csome but a lot of people don't use f strings and I'm not Sure why and they will add plus fname space plus L name space and so what we
can do now is guess the input because I think we're going to have to edit this and now let's go ahead and run the program and see what happens and your name is Ryan John and I thought this was going to happen and we can add in our single quotes with a space right here and I forgot to add in our plus and rerun this and now we should be able to go Ryan John and it prints our name your Name is Ryan John so I hope by now you can see why I really like
the F strings because it is is just a lot easier to do but you are going to see this quite often and if you do any kind of full stack development and you're doing backend development on the server side with JavaScript or node.js you do see things like this as well so this is something you're going to see outside of just python with these pluses and the quotes and so it is something you need To be aware of but in Python from now on you're probably going to just see me running an FST string because
I really like to pass my variables in with FST strings I just think it is easier and it looks better it's just so much easier to do this right here and pass my variables in so with that we're going to continue working with our variables and naming variables so before we move on to our next little challenge I want to talk a little bit about your variable names if You guys have been following my YouTube channel at all then you know that I'm really bad about naming my variables something that I can remember you need
to try your best to name your variable something so that when you come back like a month or two months or a year later you know what these variables mean so if this variable was just in and this variable was q and this program had a bunch of information inside of it I would have no idea what this variable Does and I wouldn't know what this variable does and it just makes it a lot more difficult so F name is how I would name this if I was really writing this program and this would be
L name and the reason I did that is so you could see good variable naming practices but sometimes you'll be running out of variables and you're going to have to get creative and naming your variables something that you can remember one other thing that you'll see that is Really common if you're naming your variable something that you're just running out of variable names you're struggling is to just create a comment like this and then write in a description these variables take take a first name and last name and then you'll have this right here to
explain to you when you come back what these variables do so this is going to be really helpful for you in the future when you are programming and you're struggling to Come up with a variable names you'll want to name your variables the best you can so that you can remember them so let's go ahead and delete this so we'll paste this in here and this program is going to first start out by putting a greeting to your program so just welcome thanks for using my program something like that ask user for a pet name
so it can be your pet a friend's pet or just the name of a pet if you were to have one and then ask the name of the city Where they are from and you're going to combine the pet name with the word cyber as a new Twitter handle and then add the city where they are from so the output is going to look like this your new Twitter handle and bio so you have the Twitter and the bio so it would be cyber Fred from Honolulu Fred is the name of my daughter's fish so
your program is going to put out the name of a pet cyber as your handle for your new hacker name and Then the place where you were born so mine would be cyber Fred and so this is what our program is going to do you can go ahead and try and use these instructions to create a program that is going to do this and if you're unsure where to start I'm going to go ahead and start this project and at any point if you feel like you can complete it on your own without watching the
video you can go ahead and do that because the best way to learn is going to be by Doing and writing code yourself okay so the first thing we want to do is create our greeting and we just want to say print quotes thanks for thanks for using my program just like this and we'll add in a exclamation point so we say thanks for using my program number two ask the user for the name of a pet so we'll say p name for our pet name equals and then we want an input what is the
name of a pet question mark and we want to remember to add our Space so that way when they type it will have this space like it does down here and if you wanted to be extra fancy you can add a back slash in right right here and they will now be able to enter their name on a new line but in the world of cyber security when you run most tools and the tools that we're going to write in the future we're pretty much never going to have anything on the new line so we'll
add a space in right here so that is the pet name and now we need a City that they were born in so we'll put Bame even though this is not a super great variable for a birth city of for the city where you were born we could put B city right here so it' be B City so birth city just like this and now we can put our input and we can ask for the city you were born in so we can say what city were you born in question mark space and now I'm
actually going to put these together because variables should Go together like that we'll double space and we will say we want to combine the names to create the Cy at Cyber and then from honu so now we can print and I'm going to use an FST string because I like those and you can use an FST string as well or you can add in the pluses for your concatenation and we're going to say your new Twitter handle and bio and then we'll add in a colon and we're going to say at and then we want
our print our squiggly braces and we Want the P name and actually we want this to have cyber right here and then we can add in our space from and then we want our squiggly squiggly braces and we're going to say B City just like this so This should print your new Twitter handle and bio cyber with our pet name from and our city so let's go ahead and run this and check the output thanks for using our program what is the name of a pet and I'm going to use Fred because that is my
daughter's fish's name the City I was born on Lulu and we should be able to hit enter and we get your new Twitter handle and bio cyber Fred from Honolulu so there you have it this is a pretty simple program and I really want you to get comfortable with Printing and taking in inputs you're going to be doing this a lot as you program tools in the future or as you are making your own exploits or you're automating them or even modifying exploits in the future because you're going to see it Printing And inputs all
the time and you will need to be able to modify the inputs because software changes over time and you are going to come across exploits that will exploit for you and you're going to need to change the input sometimes and you will need to get used to using print right here because I use print all the time for debugging my code to see when different functions or for loops and to make sure different areas of my code are actually being run so I'll put in print statements randomly to make sure my code is running in
the right order so that I can see what is happening so you should be very familiar at this point with variables inputs and print statements and now we're going to move into looking at different types of data and data types that we will be using in the future all right so let's look at some data types and so we can go ahead and delete this little program right here and we're going to look at Some data types so we'll just type in data types just in case you forget what we are dealing with so we've
already talked about strings and you can remember that strings are one type of data so we have number one right here and that is going to be strings and you know what a string is we can print hello world just like this and if we run it this is going to be ran as a string and just so you know you can actually do a type function like this and it will tell You what you are dealing with so if we run this now it's telling you that we are dealing with a string if we
delete this and we put in a number five and we run this we're going to see that we're dealing with an integer and if we put a 05 and we run this we're going to see that we have a float so you can test what you are dealing with by putting in the type function right here so that is just something that is helpful to know so we know what strings are because we Have dealt with them before and we have hello world just like this print we have a string so we'll go ahead and
comment this out but one thing I want to mention that you're going to need to know in the future dealing with this hello world if we print our string again and we have hello world we can index or subscript inside of this string right here and what I mean when I say this is we can add in some Square braces and if we put in a zero because computers always start Counting from zero this zero is going to grab for us this H right here and you can see that it printed for us an H
down here if you put a one in here you are going to print the E so go ahead and guess which number we need to put in here in order to print this little zero this little o right here so we can put in our four and we can test this and we were able to print the O right there so this is called subscripting and you will see this in the future especially when You're writing programs and you are wanting to cut maybe the first word and the third word out of some kind of
data so that you're able to grab just usernames and maybe their emails and you're wanting to do some brute forcing you will use this in the future um just to show you you are going to use all of the things we are talking about in the future I wrote this little program right here just a few days ago for my wife she is an accountant and she was dealing With some text and she needed to take a bunch of different inputs over here from this column and add all of these numbers together and have the
output down at the bottom and I had to do some subscripting I had to use an integer and I had to use a float all in one line you are going to see this a lot in the future even in the world of cyber security you're going to be writing programs where you are grabbing specific parts of data that you want to Brute Force against or maybe Create word list out of so you will see the subscripting in the future you will see integers and you will see floats not just in this course where you're
practicing but in real life when you're writing programs on your own in the future so we can do this subscripting right here and we have our strings so we'll go ahead and comment this out and the number two that you're going to see is going to be the integer which you are familiar with by now if we want to print An integer we can just print the number five and we can run it and as you seen earlier we can test it by saying we want to check the type and if we run this we
have typer we want the type and if we run this we get an integer so integers are just numbers but what's interesting about these numbers is you can have a different type of number which is going to be the float so the float is just any number that has a decimal in it so if we have a 67 and we run this our output is Going to be a float yes it is a number but this is going to be a float because it has this point which can move around within the number and you
may think you're not going to use floats in the future but if you doing any kind if you're doing any kind of programming with decimals you will want this because you're going to want to go out maybe to just the 100th place and you will have decimals that run out maybe 10 places and you don't want that and you're going To need to use the float so this is the float which is another data type and then lastly we are going to look at the Boolean and I use this all the time in while Loops
so you will see the Boolean and wall Loops which we will use in the very near future when we are dealing with our projects so a Boolean is going to be true or false statements so if something is true then we want our program to do something if something is false then we Want it to do something else and I've run my wall Loops as while true do this and then when false the while loop will quit so that we're not in in an infinite Loop so this is a Boolean and these are the data
types that you're going to see the most strings integers floats and Boolean all right now we're going to take a little bit of a shift and we're going to start looking at IFL statements or we can think about these as conditional statements or control flow So we want to control the flow of what is happening with if else statements and if there's anything you need to learn how to do in the world of programming it is to think in if else statements if something happens then I want this to happen and if that doesn't happen
then I want something else to happen so a simple way to think about this is we're going to create a simple project that is going to take a first number and then we're going to take in a second number And we're just going to see which number is bigger so the first thing we can do is we can just create an input and we're going to say what is the first number then we can add a space get out of that and we can say input and we need a second number and we can say
what is the second number and it tells us we have a typo up here so we have a first number and a second number so we can say F number equals and then we can say s number equals and really I don't like How that looks so we're going to go fnom and S num so we have first number and second number so our if statement would be if the first number is bigger then we want it to print something else if the second number is bigger we want to print that the second number is
bigger so we can just add in something that looks like this if F num is greater than the S num we want to print something so we'll say print the first Number is bigger and then else if this doesn't happen we need to come back to this first line right here because the if and the else need to be on the same line so else we want to print the second number is larger so we can run our program and see if our if statement works so what is the first number we'll have one and
the second number is two and it says the second number is larger so let's say we want to add in another if statement instead of Just having this else right here because what happens if we do the number two and then we hit enter and we have another number two and we hit enter we're going to have a second number is larger but it's really not because we just have this else statement so if the first number is not bigger than the second number it's just printing this but if the numbers are the same then
we need it to do something different different so we can make our else statement say the Numbers are the same and our if statement needs to now have an L if so instead of just having an else we have an if and then an else if right here which is something you're going to see in Python and so we can say else if our second number is larger than our first number we want to print the second number is larger like this now if we run this we can check our program our let's make our
second number larger than the first to make sure that it is working so It says your first number is larger because I entered that backwards so we have our first number is larger so let's do a one and a two and our second number is larger and if we do two and two the numbers are the same so this is an if statement and then an L if and then the else so this captures everything else right here and then we have our if statement so the number one and then our L if it's our
number two is larger and then if they are the same so this is Conditional statements and this is something you are going to see in the future so and I have a little challenge here for us to try and it's all right if you're not ready to complete this challenge we will do this together and let me comment this out and can follow along so we're going to make a little program that is going to have several if L if and else statements within it so we're going to write a program that prompts the user
to enter their score Whatever grade they got on a particular test maybe or homework and then it's going to tell them what grade they got back and here is our example if it's a 90 or above a 80 to an 89 it's going to be B and then so on and so forth so with these instructions the first thing it says is we need to do is ask them to enter their score so we're going to type in their score which is going to be our variable and we're going to ask for an input and
if you want you can not follow Along you can actually go ahead and write this yourself and see if you can figure it out it is a pretty simple program given we just did an L if statement and this is going to be pretty Sim similar to that so we're going to ask them for a score and we're going to say what was your test score just like this and now we're going to tell them what their grade is which is going to consist of it looks like four if statements and then one else so
we can Come in here and tell it if the score is greater than or equal to 90 then we want to print something so we'll print their grade is an a your grade is an a just like this and then we can do the same thing with the rest of these and this is going to be highlighted because we have a string instead of an integer as our score over here because our score is being entered in as a string so what we can do over here is we can actually make a second Line so
that you can see this and we can say score equals score and we want to change it to an integer so we can close this off and now our little error goes away so we're changing our score to an integer right here so now we can come back and we can say l if the score is greater than or equal to an 80 then they get a b and I'm actually going to just copy this so that way this goes a little quicker then they get a B right here and you may be thinking why
would we have This right here if it's an 80 then it's going to print it a b that's not actually how how this works because if the if as the program runs from top to bottom it's going to see this if statement this very first if statement and if this is true it's going to not run this right here or anything after this if statement it will just move on to the next bit of code because really if this was a program we were writing we'd have it in a function and it would Just skip
the rest of this code so we'll do one more LF and then we'll just do an lse statement so L if the score is greater than or equal to to 70 then we're going to print your grade is a c and then we're going to add in our else statement right here and we're going to say everything else we're going to print and we're going to say next time study more so now we have our if statement our L if statements two of Those and then our else statement right here so let's go ahead and
run our program and see what happens so if we run this and let's say we got a 9 91 and we hit enter our grade is an A and if we run it and and we got an 84 and we hit enter we got a B what happens if we got a 56 it's going to tell us that next time we need to study more so this is how you can run if statements and so if you followed along with this I want you to go ahead and delete this and you can Pause it with
just the instructions right here and see if you can remember how to write this on your own with your own if statements and your own L if statements you need to get really comfortable using IF statements you're going to use them all the time so go ahead and if you were able to do it on your own then great job if not go ahead and try and pause the video and follow the instructions and create your own program like we just did with our little Program here that we have completed I want to show you
that you can also do nested if statements so what we can do is we have this if statement right here and we will just cut this out right here we can ask for an age so we'll have age equals input and we can say what is your age and we're going to also need this to be an integer so we can wrap all of this inside of an integer and we can add a question mark and a space and so we have this age as an integer and we can say if Age is less than
10 then we are going to give them some extra credit points and we're going to say that they get an A plus so if your age is less than 10 meaning you're a child prodigy and you got above a 90 then you're going to get an A+ and then we can add in else everyone else who is over age 10 they get just a regular a they do not get this A+ so you could actually now copy this right here and we could paste it in for and do this the same thing for the B
Now it is bad practice to copy paste code because if I had a typo or some kind of bug I now have that time two but we are going to assume that we don't have a typo and we're going to say the same thing down here and we'll just leave this 70 if you get a 70 no matter what your age is you get a c there are no C pluses being handed out today so what we can do at this point is we can say what was our score our score was an 85 our
age is 5 years old it's going to Tell us we get a B+ because we are under 10 so this is called a n nested if statement so you can have multiple if statements in here so if the score is above a 90 which we can run right here and we can say our score is 92 then it's going to come right here and run this line of code and it's going to say what is your age and let's say this time we're 12 and we hit enter it's going to tell us we get an
A so it bypasses this because this if Statement is inside this if statement and it's going to tell us we are older than 10 so we're going to skip this we don't get an A because this right here is false and it's going to tell us we or it's going to tell we don't get a A+ we get an A because we are over the age of 10 and we can see that our 70 down here will still work so if our score is a 71 and we run this it does not ask for our
age because it doesn't matter everyone in this category gets a c so these are Nested if statements and you will see these in the future as well and and it may seem confusing to you right now but just remember this little chart right here that we are still in this phase right here where everything is new but when we start writing our actual projects you're going to be up here and you're going to see you will have seen all of these things already but it is very important and I can cannot stress this enough in
the world of programming Especially in something like python not necessarily in web development you need to be thinking in if else statements if somebody clicks on a button then I want my payload to execute if this page is refreshed will it send me back a reverse shell if then statements are going to be something you use not only in programming but also in your ethical hacking career so you need to be thinking in if else statements if I'm on a web page and I click a button how does The function work and can I exploit
it so if there is something written in code how can I exploit it so if this then that so if then statements you need to be familiar with these okay let's go ahead and have a look at Loops we're going to look at four Loops in this video but before we start looking at for lips we will also want to look at a list we have not seen lists just yet so a simple list that is commonly used when teaching these is fruits equals and we Will add in our square brackets and everything we put
in here should be separated by a comet for our list we can say apple banana and we can put Cherry right here so we have a list of fruits so this is pretty simple inside of our square brackets anything in here that is separated by a Comm is going to be our list so for Loops will be your best friend in the world of cyber security and programming in general so you will want to understand these Concepts a for Loop is the simplest Loop and it's one that I run the most often so what we're
going to say is for and we can use a fruit in fruits we want to print the fruit right here so here's what happens you're going to say for each fruit that is right here this is going to be apple and then it'll be banana and then it'll be Cherry in the fruits list so this is our list that we want to be looping through so every time this is going to go through this list the first this Variable right here is going to change into each one of these items in our list so for
fruit this is a new variable that is going to get assigned each time this Loop runs runs so the first time the fruit is going to print as Apple the second time it will print as banana and the third time it will print as Cherry so if we run this you going to see apple banana Cherry so for this right here and this fruit doesn't matter it doesn't matter what it is you're often going to See it as I and a lot of programs I use I a lot it as the variable and so if
we run this I is going to change into the item in the list each time as it Loops through so the for Loop will run and it's going to take the first item in the list and it is going to make that the variable here as I and then it's going to print it and then the second time it runs it'll go banana and the third time it'll run it'll be cherry and then whenever it's finished running it will Close out of the program so this is the basics of a for Loop and we can
also do things inside of our for Loop Beyond just looping through what is going on here let's say we want to print that we're going to have an apple pie a banana pie and a cherry pie we can just say that we have I plus and then the word Pi so if you look here we we will need our space and then Pi just like this so now if we run our for Loop we get apple pie banana pie and Cherry Pie And I don't know why I capitalize this when this isn't so rerun this
and we have our apple pie banana pie and cherry pie so Loops will be really helpful whenever you need to Loop through any kind of data which you will be doing quite often so this is a for Loop and how to use it all right another thing that you can do with for Loops that is really interesting is use range functions or you can count or they're really helpful with uh running a Specific number of Loops say we want to Loop through something five times we can actually make it so it Loops only five times
or the range is what is usually the most popular so we can say for a number in range of and you could just do one through and we'll just do 10 for now and then we can come down here and we can print the number and this needs our little semicolon to get that air to go away and if we run this you're going to see we have 1 2 3 4 all the way down to Nine right here so we have our little helpful for Loop right here and we can even do like in
range to 100 and we can do that and I believe we can even put a comma and like a two right here and this will pull down every number that is divisible by two okay we would need to do zero if we wanted to hit every number divisible by two so there we have all of the even numbers so there is a lot that you can do with the range function this is just something very basic okay so We're going to find all numbers divisible by three delete that so I've already shown you that we
can put a comma in here and put in our three and then we can change this to zero and run this and it's going to find all the numbers divisible by three but I want to do this with an if statement so you can practice using your if statement so go ahead and see if you can figure this out using an if statement and all we really have to do is come down here and just Type in if the number is divisible or modulo 3 and it equals equals zero then this should print for us
every number that is divisible by three so let's go ahead and run this and we're going to hit 3 6 9 12 15 18 and it did work for us so this is a for loop with an if statement and we're going to keep practicing for loops with if statements it's something that is quite common in the world of programming now that we have completed this challenge we're Going to do something that is going to use a for loop it's going to use an if statement and you're going to need to use something that looks
like this just as a clue there is a really popular coding challenge for beginners called FS buuz so I have already typed out the instructions here for you you need to write a program that is going to Loop through the numbers 1 through 100 and then you are going to print every number if it is divisible by three you're going To print fuzz if the number is divisible by five you will print buzz and if the number is divisible by both three and five you will print FS buuz so I want you to go ahead
and see if you can figure out how to solve this specific coding problem so what we can do is we can just start out with our for Loop for Num in range just like we had done before of 1 through 100 we want to do something so if num is divisible by three and we have our zero here we Can print Fizz so what we'll do is we'll just come down here and we'll say print and we'll put our quotes up so we can make this a string and we'll print fuzz and so we'll say
l if num is divisible by five percent sign here we can tell it we want to print buzz and now we can do our final L if and we're going to say l if num is divisible by both so we have divisible by three as our equals equals Zer and we need a space in here and is Our if our num is divisible by five equals equals our zero then we want to print Fizz Buzz just like this so this gets us our Fizz and our buzz and our Fizz buzz but now we want to
print all the other numbers so we can do an else and we can say else we are going to print the number that we were given or the number that it's looping through and this should work for us so you can see we're using our for Loop and our if statements and we should be able to run This and we get our FS buuz so we have three as a Fizz five as a buzz and six is divisible by three and let's see is what is going to be our first Fizz Buzz that we come
across okay so I realized that it is hitting our if statement right here and stopping so what we need to do is we'll just take this right here and we can copy our if statement and we can paste it in up here and delete that and we'll make it our first if statement so we'll say l if right here so now if It is divisible by both it will print fs buuz and then it will go through and check just three and five and the reason so for example we have number three right or number
15 was a Fizz was because I accidentally had this typed in backwards so now if we run this we should be able to come back up and see number 15 is a fizzbuzz because it is divisible by both of those so this is how you would solve this specific coding challenge fizzbuzz it is a really Popular one that is out there so maybe you have heard about it but for now we're going to go ahead and jump over to function and we're going to start looking at functions and writing some for loops and if statements
inside of our functions all right the time has come for functions I'm going to comment this out because we are going to come back and use that as a demonstration in just a little bit so the way functions work is we want to give a bit of Information that we can use over and over and we have some built-in functions that I have shown you previously so you will see that we have used the range function we have used the length function we have used print over and over and over I think we have the
string function so there's quite a few in here that we have used before and we've used integer now that I see it and so you should come back here and check out these different types of functions and What they do that are built in we've seen the float we have seen the type so these our functions and we're going to go ahead and figure out how to make our own functions in order to do what we want so back here we can just create a function by typing in Def and then we can use function
and it doesn't really matter what you call your function you just need to know what you call it so that you just need to know what you name your function so you can call your Function and make it actually do something later on in the code so we'll add in our parenthesis just like this and our semicolon at the end now we can do something very simply by just saying print and we want to print hello just like this and if we run this you're going to see that nothing happens nothing is printed down here
in our console so what we can have to do in order to get our functions to work is we have to call our functions which means Later on in the code you need to make sure that when you call your function it is at the same level that your function is written because if we tab this over and we call this our function still never gets called so right here if we run our code we have hello print out to the console because when the code goes through and reads all of this down here it
will finally get to this function and then it will print it'll call the function and it will print it so we Could actually copy this and you could put your function way up here and we can uncomment all of this code and we'll comment this out or I guess just delete it and so what will happen is the computer will read all of our code it will read this function right here it will skip over it because it has not been called yet it will run through all of our for loops and then at the
very end it's going to reach this function and say okay at this point in the code I'm supposed to come back here and print hello inside of this function so let's run it and see what happens and there you have it it ran all of the fizzbuzz challenge and then at the very end it printed hello even though it was before this code right here because our function was called back here so what is really important in understanding functions is they don't need to be in order it's when you call them that is important and
sometimes you're going to Pass in data from one function to another which is what I want to show you right now so this is a function right here let's bring it back down here so you can see this is what a function looks like and we can actually put a lot of information in here pretty much anytime I write any kind of code everything I do is going to be inside of functions so they're going to be something that you need to know and after you have figured out functions We're going to go ahead and
start making some tools and some progress in actually programming some stuff that's helpful for us in the world of cyber security so the way functions work is we have our function and what we do is we just tell it um do this and then we are going to tell it to to also do this and then we want to tell it to finally do this and so a function is going to have a bunch of information in it and it's going to go do this do this do this and we can Pass in variables from
somewhere else so let's actually put our FS buuz inside of a function and I will show you how this can work for us what we could do with our function up here is we will delete this we need to indent this to make sure it's all inside of our function properly spaced like this so one thing you can do with a function right here is you can cause you can call the function and you can pass in a bit of information so let's say we want to Run fizzbuzz but instead of going to 100 we
want the user to choose how far they would like to go so we'll just go ahead and we'll just type in choice just like this and we're going to pass in choice right here as well and then we're going to take an input so we'll say we need need a variable that we're going to call Choice equals and then we're going to make sure this is an integer and then we're going to ask what number would you like To choose just like this and now inside of our function down here we pass through this choice
so our number that is going to be prompted is going to be stored in this variable right here and now if we want this variable to get passed into our function right here we can we can pass it in down here where we call our function so we'll just type in choice just like this now our program should first prompt for our number that we choose so we can choose like the Number 50 and then it should read all of this code and do nothing with it and then it will come down here and call
this function and then it'll come back up here it'll pass in our choice into the function and it is going to get you used right here and then it will get used throughout the program so let's go ahead and try this oh I see that we have our integer but we never actually asked it for an input so we need to ask for an input and we'll delete this and move it Over here okay so now we can run our code it's going to say what is our choice we're going to say 50 it's going
to go ahead and run fizzbuzz all the way to 50 or 49 in this case and then it is going to stop and then we can let's say we want to run 100 we can type in 100 and fizzbuzz is going to run all the way down here to 99 just like it had before so this is how functions work nothing happens until we tell it to so if we wanted to print something before it runs The program we could say about to run the program and we want to print that we can run this
we can tell we at 50 the program is going to run and up here it tells us about to run the program and just to show you we can actually do sleep is we're gonna have to import sleep so you can ignore this but we can go import sleep or import time and now we can say sleep five time do sleep and it's going to run right here for 5 seconds for us so now if we run this It's going to pause right after this for 5 seconds and then the function will run so we'll
type in 50 it's going to say our program is about to run it will wait for 5 seconds and then this is going to call our function and execute it so functions are going to be really important in timing when you want your code to run and a lot of our cyber security tools that we're going to make in the rest of this course is going to use functions so let's go ahead and Continue practicing our functions okay so we'll go ahead and we'll just delete all of this and I have our new challenge for
us this is something I want you to do on your your own this is going to be really simple compared to what we just did with the fizzbuzz program you're going to create a program that takes an input asking the user for their name you're going to save the input into a variable you're going to pass the variable through a function and print Their name so you're going to use a function just like we had right here a function you're going to have a variable like this you're going to pass the variable in and then
you're going to call the function and pass the variable through down here so go ahead and see if you can figure that out and we're going to go ahead and work on this now so we're just going to create a function by like we had previously seen and we're just going to call it greeting just like This we will call our function and we are going to close this off and we want to print something inside of it so we're going to type our print and now we have the basics of our of what we're
trying to get out we need an input that's saved in a variable so we'll just call this name equals and then we're going to ask for an input and we can say what is your name and we can come down here and we can call the function Now by calling greeting and we're going to pass in name Right here and we're going to ask for the name to come through our function and now we want to print in an FST string hello space gly braces name like this and this should work for us and just
in case you're wondering how this will translate over to cyber security anytime I create a tool that I'm going to be using I always ask what is the IP so we'll do this as we're doing something with cyber security let's say we want to run in map we can just type In Recon we'll ask for an IP address so we'll save this as IP and then we will askp for an input and we would say what is the target IP address just like this and then we would create our function and let's say we wanted
to run in map we would type in our function and we'll just call it in map and we're going to be passing in the IP and we can come down here caller function in map and we're going to pass in IP right here now what do we want to do with this We're just going to print for now because that's all we've learned so we're going to print an F string and we're going to type in attacking and then we want our curly braces and the IP so we can stop our program that was running
run it and it's going to ask what is our Target our Target IP address 10 10 10 10 and now if we run this it's going to say attacking and the specific Target that we're attacking only what we would really do is we'd actually have it Do something inside of this function and it's really important to create your tools within functions because if one of your tools on an automated Recon let's say you have 20 tools you want to run and they're all inside of functions you can hit command C if one of your tools
has frozen or is hanging and it will automatically skip to the next function or the next tool that you call with your functions so creating your recon tools with functions in the future is going to Be really important so this is the basics of functions we're going to get really familiar with those in the future but for now let's go ahead and check out while loops and then we will start cre creating some tools okay we're going to do a project and we're going to create the game hangman and we're going to do this game
because this game is going to force us to use everything we have learned so far and then after we have created this game we'll move into Creating some cyber security tools but for now we need some kind of project that is going to force us to use everything we have covered so far to really ingrain into our memories the stuff we have covered covered so what we can do is delete all of this I'm going to go ahead and type out all of the tasks that you have to do in order to complete this Challenge
and then I'll come back and walk you through it okay so here is our task list and I really Think it would be helpful for you to start creating your own tasks list as you make your own projects because it's going to help you know what you need to do deck it's going to help you know what to do next and in which order you should be attacking your projects so the first thing we are to do is create a greeting create a word list randomly choose a word from the list which we've done before
ask the user to guess a letter so this will be an input and they will Input one letter and the bonus is to make the letter lowercase and you can use a built-in function to do this from the built-in functions word list I had showed you earlier in this course and then lastly we're going to check to see if the letter is in the word so this seems like a lot but just go ahead and start one by one and break it down and it becomes a lot more simple so go ahead try and do
this on your own and if you get stuck you can keep watching and We'll go through it so starting right out at the top the first thing we want to do is we want to print a greeting so we want to just say welcome to hangman just like this and the next one is create our word list so we can can create any word list we want so we'll just say words equals and we can have any words we want so we'll use hacker we can use Bounty and lastly we'll just use the word random
so we have created our word list randomly choose a word from The list you have created so now we are going to need to import a module and when you import modules you'll almost always import these at the top of your program so that way you can keep them all together so a module is just a set of python code that was written by someone else that we can import into our own projects and then we can use their functions so we've seen the built-in functions such as print or string or length or int so
if we had something we Wanted to make an integer we would do this right here and we can put it and we could put it in here and it would become an integer these are the built-in functions so importing allows us to import modules that will allow us to use code that other people have written so we can use their functions and we don't have to write them ourselves so and so we're going to be using these a lot and you're going to see them everywhere because it's a lot easier to use code That's already
written and just read the documentation than write the code yourself so we're going to import random and now we want to choose a word from our list and we'll call it our secret word and it is going to be random do choice and so it's randomly going to choose and then we want it to choose from our words list so the random function right here is going to be random. Choice and then it's going to call this method right here and it's Going to pull our words and so it's randomly going to choose a word
and it's going to save it as a variable secret word so that's how we're going to randomly choose our word and then next we're going to ask the user to guess a letter so as you might have guessed you should be able to do this this is pretty simple we're just going to take an input like this this and we're going to say um guess a letter and then the bonus down here is make the program take the input From the user and make it lowercase so this is actually a built-in function we can just
put lower just like this and now no matter what they put in right here it will be lowercase so we'll go ahead and print this so you can see when we run this you'll see that it is actually lowercase and we'll put some capital letters in here so you can see that works um and now finally check if the letter is in the word so this is going to be Our for Loop that we need so we can say four letter because we're going to be looping through whatever word gets picked so if it is
the word hacker it's going to Loop through and each letter it will go h a c k e r for this letter will change that variable every time the for Loop runs in the secret word and then we'll say if the letter double equals the guess which is going to be put in right here then we want to print it was the right word so we'll Just say right like this and else if it's anything else we're going to print wrong just like that so this should work for us let's go ahead and run our
code and it tells us we got our greeting guess a letter and we're going to guess a capital A which is going to be in none of our words right here there's no cap capital A so if our lower function works it will go ahead and make this lowercase for us and then see if it is in the word so it printed our guess Right here and it did print it lowercase so we know our lower function right here is working and then we have a bunch of wrong letters but we do have this right
letter right here so at the second letter is an a either means it is hacker or random so we would have to keep going but our code has quit because it only runs one time and we will tackle that later by putting all of this into a w Loop so that it continues to run until the guesses run out or we actually get The word correct so I'm going to go ahead and delete all of these comments I'm going to make us a new task list and we will continue working on this program I'm going
to clean this code up just a little bit we don't need to see that anymore and I'll put all of this together and create a new task list and and I'll bring you back once that is finished okay so I have typed out our new tasks for this little section of the project and there is one section that is Going to be kind of hard but you have seen it in the past we have already covered it but it may take a minute for you to remember how to do so let's go ahead and read
this we're going to create an empty list for each letter in the secret word which we have right here we're going to add an underscore for the blank it should look like this when you're done and it should be printed down to the console down here we are going to Loop through each of the Letters in the chosen word if the letter is actually in the word we're going to replace the underscore with the actual letter so that it would look like this so you can go ahead and give this a try or you can
follow along and we'll do this together so underneath of the secret word we're going to need to start down here because we are going to add our underscores here under the secret words so we'll have to start down here so the first thing we need to do is it Tells us we need to create an empty list as and that's going to be our display word so we'll just call it display word and it's going to equal our empty list right here and the reason we're creating this empty list is because in just a second
we're going to need to add our underscores into the display word list so in programming you're going to see something like that and you're also going to see something like empty string and it will just be quotes like this you Will see this often as well and you'll be adding information into the empty string but for now we're using an empty list so that we can add our information into the list as we need and I spelled four wrong but if you look at this you're going to see this for each letter in secret word
this should tell you what you're going to need to do you will need a for Loop so what we can do right down here is basically just copy this right here and we're going to type in four Letter in the C secret word we want to display and we're going to plus equals which we've seen in the past this is just going to add in whatever we're adding after it and we're going to add in our underscore so each time this for Loop is going to run however many times there are letters in a word
so let's say we use the word hacker it is going to run this for Loop six times because that's how many letters are in here and it's going to add six underscores now we Can also come in here and print the display because we want to see what is happening so we can print the display word and I want you to see something interesting is going to happen when we run this so if we run it look at what happens 1 2 3 4 why is it printing this way and the answer is because our
print statement is inside the for Loop so you can actually see how it prints every time the for Loop runs if we move this print statement outside of the the for Loop and now we run this Watch What Happens it only prints it one time so that is something interesting to note if you have something print like that which I have seen in students all the time I will get emails or comments or questions in a in any kind of programming tutor session and students will ask all the time why is it printing this way
why is it printing this over and over and over and the answer is you have it inside of a loop and it's printing every single Time the loop runs so we have here completed I believe all of these tasks right here we have our welcome and we have our empty letters and if we enter in a letter and hit enter it's going to run this Loop down here and it's going to tell us that we have wrong right wrong wrong wrong so this is either the the word hacker or random at this point so now
we need to come down here and change this for Loop and see what we need to do we need to Loop through each Of the letters in the chosen word and if the letter is in the word we need to replace this with the word so we should have it print right here this should have printed as an A and we're going to get rid of all this wrong and right down here so this can be a little bit challenging because we are going to need to use the range function and we're also going to
need to use the length and we need to use the range because we want it to Loop through a specific number of Times which is going to be the range this is going to tell us the range that it we want it to Loop through and then we're going to tell it we need the length because we want it to Loop through the length of however many times the secret word has letters so it's going to grab the secret word the length is going to count how many words are in there and the range is
going to Loop through however many times the length tells it to so that might be a little Confusing but I hope that it makes sense so now we need to find the position of of the specific letter that it is looping through and we need to change this to the position because we're trying to find the position for each letter so we can actually say letter equals the secret word and we want the position of the secret word and then if the letter is in the guess we want to display the word and we want
it to be in That position and that is going to equal the letter and I'll walk through this so you can see we forgot to tab over so we hit tab so if you're inside of these bra these Square braces or inside of anything in the in pie charm this works it won't work in VSS code you can actually hit the tab button and it will move over for you and I've got my cursor going all over it'll move outside of the square bracket the square brackets or any of these the colons or Anything so
I hit tab all the time and now we need to equal the letter okay so what we have going on is we changed our letter to the position because we're now looking for the position and not the letter in our for loop we're doing the letters up here so now we Chang the variable letter to the secret word position so it is still going to Loop through it's going to grab us the letter inside of the secret word right here so we go to the secret word which is going To grab the position as it
Loops through the letter and then if the letter is in the guess we're going to display the position of the letter so you remember our display word is up here so let's go ahead and run this and see what happens and if this works we'll delete this as well and actually I think we will print the display word down here so this should print for us um when the letter is entered where it is at that's what This right here is going to do so if we go ahead and run this it's going to tell
us to guess a letter we're going to guess a and it will now print for us this little display right here that our a goes right there so that's what this last print statement so we delete this and we run it it would run without actually printing where the letter is at see didn't print for us where the letter was so now what we can do is just delete this we'll put our print statement back In here we want to print the display word and now we should get rid of all of the wrong guesses
and let's that one must have been Bounty because the a didn't show up and there we have the guest letter show up so this may have been a little bit confusing but you have seen all of this in the past and so we'll keep on moving on it gets a little bit easier at this point it's not going to be quite so confusing this right here can be a lot to wrap your head around Just because you're doing a for Loop in the range of the secret word the position is actually going to hold the
letter right here but then we're also going to use this position to tell it however many times it's looped through to go into the display letter to replace the a so I kind of see how that could be a little bit confusing um if this was too confusing you're not understanding it finish watching the rest of us creating this game and then come back And watch it again and it will make sense so with that I'm going to go ahead and type up our next steps and clean up the code just a little bit and
then we will try to finish out this Hangman game okay what we are going to do at this point is we are going to use a while loop and we're going to keep on looping through our Cod code until all the letters have been guessed so right now if we type in a and we hit enter it tells us that the code is finished and We need to keep on being able to guess we need to guess more than one letter until everything has been completed and I'm telling you what you need to use you
need to use a while loop and this is pretty simple to do so why don't you go ahead and give this a try and if you can't figure out see if you can go to Google and maybe find some help but if you are getting stuck we are going to go ahead and fix this now and what we're going to do is we're just Going to say while not game over and I know this sounds really funny and it's worded really weird but I'm going to explain why I wrote it this way so let's go
ahead and copy this and tab it over so I wrote while not game over so it's like while the game is not over we want this to happen right here so you can name this anything you want and this is probably the best way to name this because you could delete the KN and put game over equals F false but that just I Think doesn't work as well it's not as easy to break so we're going to go ahead and say while the game is not over we want this to run but we need to
make this game over a variable in order to get this to leave us alone so we're going to type in gamecore over and we're going to say equals false so while the game is not over it's going to keep running so now if we hit run and we guess a letter this is going to be an infinite Loop and we are going to have a Problem so if we guess a letter it's just going to continue printing for all of eternity until our computer crashes and you can look at that that is all just the
the while loop running super fast and just being an infinite Loop so we need our Loop to break so what we need to do is one way to break this so that we can continue guessing is to cut the guess down here and we'll paste it in right here so now we can guess every single time the loop runs we'll get to Choose a new letter I also think it would be helpful if we printed the secret word so let's come up here secret word equals the random word so we'll print the secret word every
single time so that way we know what it is and we don't have to have this infinite Loop and we actually know how to spell the word and it works for us so this is just going to be for testing purposes so we have that there now if we play this it's going to tell us the word is random That's what we printed up here in the secret word so if we guess R it's going to let us guess an r and then if we say a n d o m it's going to spell out
for us random but it's still going it's still letting us guess we need our while loop to break so that it is not an infinite Loop so what we can do is we can come down here and we can just say if our underscore is no longer in the display word then we want to do something and we're going to print You win just like this and then we want to break it so we're going to type in our game over variable from up here and we're going to say game over equals true so the
game will be over so now if we rerun our code and the word is bounty we should be able to type in Bounty you in t y and it tells us you win and the code has finished so that is our Hangman game here for us and I think we'll stop this little game right here there is a little bit more we Could do such as you only get five guesses before you lose and we could make it break and say that you lose if a number of guesses has actually happened and I can actually
show you real quick how to do this instead of just giving you the challenge actually I'll type it out up here and I'll let you give it a shot okay so what I have typed out here we're going to create a variable as an integer starting at zero and when it gets to the number five the game is Going to end add a print statement and tell the user they get five guesses so what we can do is we can just add up here where we print our secret word we can just say print you
get five guesses just like this so they get five guesses we'll make that lowercase so now they get five guesses and we need to make an integer as a variable so we can just say num equals 0 and now we need to add one to this number each time a guess is made and if the guess is not inside of the Word then we are going to add one to number and if the number reaches five then the game is over so what we can do is we can just come down here and we can
say if the letter is in the secret word and we'll go below this if statement and we'll actually just go right here after this and we'll delete this so that our display word gets printed afterward and we can do this really simply we can just say if guess not in just like we did right here if this is not in the secret Word then we wanted to do something we're going to say num which is our variable up here which is zero and we're just going to say plus equals and then we'll say one just
like this so way we're able to add one each time to our number up here and then we're going to add another if statement we're going to say if the number actually gets bigger than or equal to the number five then we want to print U loser just like this and then we can break and say it's game over So game over equals true just like this so now this should work for us so we should be able to run our code and it tells us that we can't have the semicolon right here so let's
try this again and let's just put in a w CU that's in none of our words 5 * 2 3 4 five and it says we're a loser and we didn't get anything right but what can we do to improve this maybe we don't know how many guesses we have made we could add in that we want to limit the Number of guesses so we could just take this num plus equals 1 and we could take we could just say guesses underscore left equals num minus 5 and then we could just print our guesses left
just like this and I think this should work so if we run this and we hit W it's going to tell us we have -4 so we need to switch this around and we'll say five H messed up my code 5 minus num and now let's try this and see if we can get a positive number back w we have four Guesses left so we could actually say we want an FST string and we could say you have this many guesses left so we'll close that off we will make that an FST string so you
we'll say you have blank guesses left instead of just printing a random number and we can run this and we need to close off our quotes let's try this again and it tells tells us we have five guesses left we can hit in W and it's going to tell us we have four and then three and then two and then one and Then we're a loser so we have made this game work pretty well for us if we really wanted to we would delete this so it's not printing our display word every single time we
could deete print secret word and now if we run this it's going to tell us welcome to hangman we get five guesses we really don't know which word we have so we guess a it doesn't work so now if we guess a b we know this is going to be Bounty and let's make sure we're able to put all of our Guesses in with no problem and Bam we win so that is how you can create the Hangman game this is a pretty simple game where we get to use everything we have learned so far
so let's go ahead we're going to make a really simple programming tool now that is going to fuzz apis for us we're going to get to import some modules and I think this is only going to be like 20 lines of code so it'll be easier than this Hangman game right here and we're going to be Using hack the box for our fuzzer to actually fuzz against one of their boxes so let's go ahead and install pie charm on our Cy Linux machines and then we can get started creating our program okay the time has
come to go ahead and install py charm on our Cali Linux virtual machines so this link we have already in the description we can come over to downloads over here and we want to download the Community Edition and it should download here for us after just a Second it will have a little popup and while that is thinking if you are on a Mac with an M1 chip you may have to come over to your terminal and type in code and hit enter and it will ask you to download vs code and you will want
to download vs code and it may require you to enter in your password so pseudo apt install code if that doesn't work and then you will want to come to these little squares right here and click this and you're going to type in Python and you will install this one right here you will want to click install and I'll show you it looks just like this so that way you can use vs code as your text editor I'm going to be switching back and forth between VSS code and py charm so you'll see me use
both of them I really like to use vs code when I am putting things out down here to my terminal so I can see what the code is doing so you will see me jumping back and forth between vs code And also py charm so I do want to show you how to install pie charm because we're going to be doing our first project which is going to be in API fuzzer and I will be using pie charm for this so I'll go ahead and close out of this and we finally get our little popup
here and you can click save and this is going to save our download here to our downloads folder I'm going to go ahead and save that okay now that that has downloaded you can move over to your Downloads I have moved the file to my desktop because that's where I want it and we're going to just type in tar just like this and xvf z and just to make sure I have this as the right pie charm extension we can go ahead and hit enter and we'll hit enter again and this is going to take
a minute to unpack all of these plugins and now what we can do is LS and we can CD over to the pie charm folder and we'll CD into bin and then if you LS you Will see this bash file right here which is our py charm so we can say bash pycharm Dosh and I see that I typed in bassi so we'll type in bash and this should run for us and it is going to launch pie charm here for us and we're going to create our first project so let's go ahead and get
get started when you run into an API endpoint that needs to be tested and an example of this is one like HTTP SL slash and then we're going to Say 10 10 11.1 61 and when we run this this is what an API response looks like and when we hit a valid endpoint we'll get Json in return and so we'll see we'll see something like this it tells us that it's Json and it says that we have another endpoint which is V1 and we're going to go through this when you hit a page like this
and you're testing for an API there are a lot of fuzzers out there and not very many of these fuzzers work Very well for apis there is one and it's one that I like it is called fuff and it is run like this and you can you can fuzz apis with fuff and it works really well and it works really fast so it'll go really quick you can see how many requests it's sending and how quick and it sends down docs and API it gives us the status code but there's 's one problem let's say
we're fuzzing an API and there are 100 endpoints and we don't Want to go out and check every single one of these endpoints instead we would rather just see this message right here come in underneath of the word that had a response and so what we're going to do is build a tool like FFF only we're going to build ours in Python and it's going to tell us the word and then it is going to tell us underneath the response that we are receiving from the server and it's going to print the response underneath of
our Word and we'll go ahead and jump in and start this project okay to write this program I am going to use my Linux machine because in order to test it we're going to test it on hack the Box in this tutorial because I don't really want to be fuzzing somebody's API that is live and have it on camera so I'm going to be using the box back end from hack the Box there's not a lot of API endpoints but that shouldn't matter for the sake of our program we're going to Write the program in
here and we can test it on backend and then if you find a bug Bounty program or you have a client that wants you to test an API you can run your fuzzing tool against it and modify it if you need to our python API fuzzer is going to be a lot simpler to run but the module is going to be a little more comprehensive so as we go through this module I'll try to print out what is happening so you can see what the methods are doing as we go Along so with that we're
going to jump in you will need to import the module requests and for me I already have it on my Cali Linux machine but you may need to hold your mouse over this and then right here it will say install request and you will hit install we're also going to want to import system so we're going to go import CIS and this one should be automatically installed but if not you can follow the exact same steps as before we're going to going to start With just trying to get a response from the API that we
have running and we're going to see if our response is set up so we're going to say response or we'll just call it res equals this will be our variable for the request so we'll go ahead and say request right here just like this and then we're going to say. get and this is going to call this function right here and it's going to go out to the URL that we put in here and we're going to make the URL and FST String so that way we can put in a variable later we're not putting
in any variables here right now but we'll say HTTP SL slash 10 10 11.1 61 and now to test this API we're going to use one that we know exists as an endpoint and we just want to see what happens so we're going to say down here that we want to print the response and see what happened so we can run this and it tells us we get a 200 response meaning this endpoint is valid we know We can can get this response right here let's see if we can pull down the actual data from
the response we want to see the Json down here in our terminal so when we look at this we can see this is the Json that we want to receive back and we can come in here and we can say with this module now that we're using this request method we can come in here and we can say data equals and then we can say res. the we can say res. Json and and Now if we print this data it should print out for us the Json as well so we can come in here and
we can run our code and we can see we have a response it tells us the endpoint is V1 so now if we took this right here and we put this V1 after the API we can say V1 and we can run this and we'll see what we get we get a different endpoint right here and it says user admin and so this is how we can use this data from the response and And receiving this Json so we're going to build this out so that it will continue fuzzing for us we're going to delete
this V1 because we don't really need that and we're going to now see if we can figure out how to get our list piped into our program and we're going to start running it from our terminal over here instead of inside of our python project okay what I want you to do now is come over to your terminal and I've Already changed over to my desktop and you can go wherever you would like to save this but I'm going to go in my desktop and I'm going to make a directory and I'm going to call
it python you can call yours whatever you want you can call it API fuzzing or your fuzzer tool or literally anything you want and then we're going to want to make two files in here we will want to make a python file and we can go we can name it whatever we want you can make it Two different ways I'll show you two different ways to make it we can touch and I guess I'll call it fuzz. py and then we can actually instead of making a second file what we're going to do is just
grab a word list off of our Linux machine and so we're going to type in CP to copy and then we are going to copy our I think it's in usershare wordless small. txt so it'll be just like this we're going to copy it over to our working directory by putting that period There and now if we LS this I put that in the wrong spot so since I copied it over to my desktop and I don't want it in my desktop nor do I want fuzz. py in there I'm going to move the fuzz.
py and I'm going to move it over into my python directory so we'll go home kie desktop Python and it should move and now we'll move over the Small. txt as well and I'm just going to copy this path and move that over now if I CD over to this directory and here are the two files our fuzzer right here is actually empty so I'm going to just write the I'm going to write the code over here in py charm because it'll tell us if we have any problems and then what we'll do is we'll
gedit and stick it in this fuzzer right here our python script but I want to add something to our small text here So that way we don't have have to wait for everything to run each time so I'll gedit our small. text just like this and I'm going to add in API right here and then we'll add in docs right here uh these are actual API endp points that we're going to be fuzzing on this box from hack the box and I don't want to have to wait for them to get way down inside this
file when it is fuzzing so I'm going to just stick those up at the top so that way we Can see what is happening and and what the responses are when we hit these end points now what we're going to do is because we have this CIS already imported now we're going to use it this is going to take a piped in file into our project here so what we will do is make a for Loop and we're going to say forward in and then we'll say sis. STD in and then we can move all
of this over inside of our for Loop and now we'll change this API right here we're going To change that to this word and now what we'll do is we can copy this right here and we'll come over to our python directory we can gedit the fuzzer we can paste this in save and I will run it and the way you'll run it is like this you're going to cat the small. text just like this and then you'll type in main Python 3 and then we'll type in the fuzz. py and when we run this
we should start to see some output okay my VPN had disconnected from hack the box so now if We come over here and we run it we'll start to see a response and here's what we're looking for we're looking for this response 200 we have an endpoint of V1 and then we have another response down here that says not authenticated and it's a 401 so now we need to figure out how to get rid of all of this other stuff because we only want the responses that actually give us back a helpful Json response from
the API request and this Is really going to be simple we're going to use one function and we're going to use one if else statement and then the code is done and we have created our API fuzzer right here so what we can do is put this entire thing inside of a function and we can say def Loop because that's how I like to name my looping functions we can just move all of this over and now we need to make an if else statement and so we have this request saved as inside of our
response so we'll Just move this down and we can say if the res. status code so it's going to tell us that we're going to have this it's going to give us status code which would be right here the response this right here so we're going to say if this res. status code equals equals 404 which is what we don't want to see here we don't want to see these 404s then we're going to go ahead and pass this if else cuz we don't want to get down here to the else And we're just going
to say call the loop again because we don't want to see these 404s and then everything else we want to print so we'll say else if it's not 44 we want to print the data which is going to be equal to the response a res. Json I keep forgetting that I named our response res and then we'll want to print the data so we'll print data now what we can do is just C we can ju we could delete that that wasn't what I wanted to do we can comment all this out And now let's
copy this right here and see what happens we want to gedit this we'll paste that in save it cross our fingers and it says we have we're missing our colon here so we can open this back up and we need to add this colon in we can save cross our fingers again and it stopped so let's go back over to our code and see what the problem is problem is really simple so I Just realized when we call this it automatically ends because we never call our Loop the first time so what we'll do is
call this Loop so Loop just like that now it'll call The Loop and it will run I think what else we want to do is now that we're printing this D data I think we also would like to Sprint the Response Code so we can see what we're getting out of this response code and so we can say res. status code and we can print that and I also think it would be Helpful for us to see the word for the API endpoint because we're not just going to want the data we're going to want
the actual word that shows us the API endpoint so we'll print the word now when we copy this we got to copy in our call to the function and we put this inside of our fuzzer I think this time it will work so we save it now we pipe that over and it says we have the endpoint it tells us the endpoint it tells us what word was the endpoint and It gives us the response so this is exactly what we wanted you can see this is running because this specific Server doesn't have any more
endpoint so we can just can cancel this and stop it so it tells us we have an API further down in the list too so we have this endpoint so now if we go API and then we type in V1 inside of our browser it'll start moving us on down the line and so you can let this run while you're doing other Recon on the Project and you have now built your own API fuzzer and you get the response so that way you don't have to go out and check out the every single API endpoint
manually because if you remember we type this in we see our API response and without our API fuzzer that we just made the way this would run is you would type in fuff because it is the best API fuzzer out there currently and you run this and it says docs and API but we don't get the response like we do over Here see this tells us we have the API we have a 200 and we have the response with this endpoint cuz sometimes this Json may have 10 15 lines and in order to see what
it has to say you'd have to come out here and say API enter and then it will tell you but with our fuzzer we made it says API and here's the response so we don't have to come to the browser type in API in order to see these endpoints okay let's keep building on our knowledge of functions and I want to Show you that there is more you can do with functions than just pass through one parameter we can actually pass through two different parameters of data so we'll just create a simple function here and
we'll call it attack and we will send through an IP and we're going to send through a URL so you can send it through information instead of just sending through it in one variable we can send it through in two and actually these are called parameters if you hear That somebody calls these parameters that's what they're actually supposed to be called but I like to call them variables especially when I'm teaching people what we're doing because we create variables all the time like IP equals and we can make this 10 10 and 10 10 and
now we can pass this through when we call the function down here we can say attack and then we pass in the IP it just makes a lot more sense to call these variables when I'm trying to teach People how to use these so the reason we're getting a bunch of Errors is we don't have anything in here which I think we can type pass in and it will ignore those errors there for us so that is one way to go about doing this this is a problem because it doesn't like that there are a
bunch of dots in there so we can pass through information that way we still have a problem because there's this right here but that's one way you can pass through information so If we wanted to we could come in here and print and we can print the IP and it's giving us this little error right here because it doesn't like your parameters to be named the same thing as a variable so we would want to change the name of that and it wants two spaces after that and I think it wants two spaces right here
to get rid of all those little squiggling lines but we can go ahead and run it I don't mind the little squiggly lines it just makes it Look pretty that's part of what pie charm is doing but you can see it prints our IP address down here now you can actually pass through data other ways then sending it through a parameter or a variable you can actually just come in straight down here and we would need to create this into a string and we can just say 10 10 10 10 and if we run this
now we're going to get the same output because we're able to pass the information through where we call our Function right here our function name we can call our function and we can pass through this information inside of this parameter and then it is going to get printed down here so we are able to pass through information but we can also pass through extra information by printing the I and the U both right here so we'll actually make this an F string and we can come in here and say Target IP is I and then
we can say and we'll call this a domain so we'll just call this the D And we'll change our parameter up here and we'll just say we're going to pass through D and it's going to print this for us and down here we can call this domain.com and that will all need to be inside of quotes So if we run this now you'll be able to see the target IP is 101101 and the domain is domain.com so we're able to pass in multiple different sets of data into our function and we're going to be using
this in just a second I'm going to show you why this will be Helpful to you so we'll make a really simple program that is going to take multiple sets of data and we're going to be using this in the future so I just want to walk you through how these functions can work with multiple sets of data so we can also take this and I'm going to leave this here we can delete this and now we can call our function down here and we can pass through information and we're actually going to call this
IP and URL and what we can do Here is now take in extra information so we'll make these variables and we'll say IP equals and we'll take an input and so we'll just call this IP 101 we actually need this to be a string and we'll call it 10 10 10 10 and we can call the URL over here our second variable and we can just call this domain.com and if we run this you're going to see that it goes ahead and runs for us but one thing you have probably noticed what we send in
right here as our IP and our URL we can Have this up here be anything this parameter is doing nothing but holding the data that is being sent through right now in this variable or we can just put in any kind of data right here and it is going to be passed through right here so we can call this whatever we want it does does not actually have to match what is down here because maybe we want to pass in something like 5 * 8 and we want to send this through we can run this
and we're going to get your IP Is 40 and your domain is domain.com so right here whatever information you get passed in in this right here before this comma is going to get passed in as I and whatever you pass in right here in this second set of data which is going to be this variable containing domain.com is going to get passed through in this D so this all does not need to match these name these parameters that are named up here they can be anything you want down here they can be variables it can
be Information it can be integers or it can be a string so if we wanted we could pass this in as a string and we can print it and now you see we have 5 * 8 down here so I'm just showing you that you can pass through multiple sets of data in multiple different ways so now I want to go go ahead and create a program and let's see if you can create this on your own I'm going to type out what I want you to do and then you go ahead and give it
a try and if you get stuck we'll Go ahead and solve this together okay so here is our program we're going to create we're going to create a program that calculates the square foot of a room or the square footage of a room and we're going to make a function that calculates two parameters that are passed in we're going to take two different inputs the width and the height and they're going to be stored in variables we're going to call the function like we previous previously Have done pass in the width and the height and
then we're going to multiply the width and the height and then we're going to print the final square footage of the room and this is going to be useful if you ever want to carpet your room or put in new flooring you're going to know how much square foot you need to have based solely on the measurements you take so you can go ahead and try and solve this or create this program all on your own but if you get stuck you can Come back and we're going to go ahead and type this out now
so the first thing we want to do as always is welcome everybody to our new program so we can say please enter the dimensions of the room in square feet and dimensions has an S not a t and we'll come down here and we're going to create our function and we're going to call it calculate area just like this and I believe we need two spaces right there we'll call our function and we are going to close This off let's go ahead and pass in the width and the height that we are going to need
and now we can type in pass so we don't get any errors and now we're going to take in our parameters right here we're on step number two so we need to take in our parameters we're going to call this width equals and then we're going to make it an integer so that way we're getting in the information in the correct way if you think you're going to have like 12.3 you would type in float Instead of an integer but we're going to work with whole numbers so I'm going to use integer just for the
sake of this program just to make it a little easier we want to take in an input and we want to have our user enter the width of the room and that all looks good so now we can come down here and get the height equals int just like before and we want to have an input and we want them to enter the height of the room and Tab out of that now we're going to call our Function so calculate the area we're going to pass in the width and the height and now we can
come back up here and edit our function so we'll delete this pass right here and we are going to do in area of the square footage so square fet equals w * H which and we're we need some spaces in here to make that look a little nicer and then we want to print and we're going to call this an F string right here and we'll say the total carpet area We'll just say the total square feet is and we'll pass in our this needs to be like that we're going to pass in the area
of square ft so this should be able to function for us now we're going to take in our variables we're going to pass them through over here our parameters are going to take the data multiply the data both are integers so that way the multiplication works and then we should print the total square fet so please Enter the dimensions of the room let's try a 12 by 13 and it's going to tell us the total square foot is 156 so this is is a simple example of why we would want to pass in two bits
of data for us it's more likely we're going to be passing in something like an IP address or a domain right here some domain name or maybe an IP address and a side arrange like we just don't know what we're going to use this for in the future but it is something you're going To see in the future and you need to know so this is a little bit of extended knowledge on functions okay we are going to create a password encryption program because we are in the field of cyber security we want our passwords
to be nice and secure so no one can guess them what is really common for people to do is have a bunch of different passwords for their email their Facebook their Instagram and they'll do a really good job of keeping their passwords all Different and not reusing their password but what happens is we can't remember all that so people store them in a Word document or a text file on their computer and anyone can open that up so let's see if we can encrypt our passwords with the super secure base 64 so what we want
to do is import base 64 and what we want to do is create a program that is going to encrypt our passwords with base 64 so I'm going to walk through and show you how we would Encrypt our passwords but then you're going to write a program all on your own that is going to decrypt your passwords from base 64 so I decided to include this into our projects because you need to get used to coming over to Google and typing in Python Bas 64 documentation and then clicking on this documentation so I'm going to
be using a lot of this stuff in here we're going to be using B 64. base64 in code for this project but when you make your own you're going to Be using B 64. b64 dcode and you're going to be passing through your parameters this is taking three parameters right here and we're going to be passing in only one parameter for the sake of our program but you need to get used to going okay I want to do this let's see if there is a python module for it going out to Google and typing in
Python and then whatever module you're looking for and in our case it's B 64 and then you want to look for the Documentation you'll want to read the documentation so that you can understand it we're going to be doing this incode we could use encoded bytes but I think we're going to try and work around it and we're going to be using a lot of these different functions that are inside of this module so let's come back over here to our program and we're going to start out like always and create a function and call
it encrypt and then we'll call it pass and then we're going To pass through a password and you can and you remember you can save this as anything we're going to do this and type in pass here so it's not yelling at us that we have problems and now one of the very simple first things we need to do as always is ask for the user password that we want to encrypt and we're going to save this as an input and it's going to be as a string so we don't need to worry about making
it a float or an integer and we can say enter your Password and then they're going to type in their password now what we need to do is call this function right here so we're going to call the encrypt password and we're going to pass in the user pass so whatever they enter in right here is going to be passed through into our function so we'll delete the pass right here and we're going to make a new variable that we're going to return else so that way we can use it and the return usage is
going to be something new that You have not seen before and we'll work around it but it is something you're going to see so you need to know it so we'll call this encrypt we'll we'll call call this encoded bytes and we're going to create this as a variable because we're going to want to pass this out of this function and print it down here what our password is when it is returned in base 64 so remember I got all of this from the documentation base 64 base 6 4 and we want to encode so
base 64 let's See if it gives us right here base 64 encode and then we want to encode the password and we want it to be encoded so we'll type in do encode and we have too many parentheses so we can delete those right there and we can come down here and now we want to return our encoded bytes or we can actually just say we want to print our encoded bytes and I want to show you what happens when we actually return this because you're going to see The Return function being Used quite often
in Python so let's go ahead and try this so we'll say what is the password so we'll type in pass and this right here is your base 64 part of the password this little quote and this quote right here with this B we would actually have to add another line of code in here which I think might get kind of confusing for you guys because it's going to be all of this only in a different order saved in a different variable in order to get rid of this and I decided to just write it like
this so the way it's not too confusing for you so if you look at this we have B 64. b64 incode and then we got our password. incode and that comes from over here the b64 right here do base64 incode and then we put our password in right here and we put do incode and we call the do encode method which we should be able to find in the documentation I'm not going to look through all that again but that's how we Do that we just read the documentation to see how we would use this
and that is how we create our own little program right here that is going to B 64 encode our passwords now we could copy this and save it somewhere on our computer and if anyone comes across it you would have your password encoded now anybody who knows much about cyber security is going to see these double equals and just assume this is B 64 and they're going to decode it but we are just using this as A stepping stone or a learning tool to create so what I want you to do is now create a
program like this one that is going to decode the password so you can come over here to the documentation read through it and see if you can modify this program so that it will decode our password okay so what I think I'm going to do is just delete this and we will start over and I'm actually going to delete that and we'll call this decrypt the password and if we come down here We'll do the same thing as we did before and type in pass and we will want to encode a string and we're going
to take this as an input and we're going to ask them to enter the base 64 string just like this so we will come down here and we're going to call our function and we're going to call it D encrypt and that is not how you would type this we'll just call this decode so the way we have it spelled right so we got decode the password right here so Decode pass we'll change this to decode past as well and we're going to pass through our encoded string right here that we have taken as an
input put a space right there now we can delete this and we want to decode the bytes that are sent through and we're going to go base 64. base 64d code this time so base 64 incode it's a little ways down let's just keep on typing so base 64 and we want decode which is right here and now we want to enter in our parameter that We have passed through right here which is going to be our password so we're going to say password and now we can come down here and we're going to decode
the data so we'll go decode data and we're going to say decoded bytes right here. decode and this should decode this for us and now we should be able to print our decoded data so we'll just say decoded data and we want this to be an FST string and then we'll print our decoded data Actually we'll just type in decoded password because that's actually what we're using here and we can pass this through as an FST string and we'll say decoded data right here so now if we run this I'm going to grab that base
64 that we had earlier as our password and we can paste this in this is the word pass and let's see if this runs your decoded password is pass so now we have created both an encoder and a decoder so we can save this and if we ever forget our Password we can come to this program and we can paste this in and we will be able to see our decoded password and we can encode all of our passwords and save them them safely on our computer so this is a I so I wanted to
show you this mostly because we're going to be importing b64 and you're going to need to read through this later on in this course we're going to be importing sockets and you will have to do quite a bit of reading and catching up on some Networking in order to use sockets and you're going to have to come over to the documentation and spend some time reading so that you know how to use sockets when we are creating our networking based tools all right we are going to to go ahead and talk about dictionaries so we're
going to delete this code that we have here and dictionaries are going to be similar to Json in that they have a key value so I actually have some example Json right Here that I want to show you so we have the the Json we have people and then we have it listed inside of these square brackets right here but really what I wanted to show you was inside of Json which probably most of you are familiar with if you have been doing any kind of penetration testing or ethical hacking at all on websites then
you you have probably seen Json before so this would be a key and this would be a pair so or the value so we have the key and the Value and I want you to notice that these are in quotations because these are being passed in as strings and then the age down here is not in quotations this will be different when we look at our dictionaries this would be passed through inside quotations but I wanted to show you Json uses key and value key and value so in dictionaries we're going to be using key
values I wanted you to see the Json so the way you'd be so maybe it would help you understand a Dictionary because it's the same thing with keys and values so a dictionary we can just call it a dictionary like we would a list we can say dictionary equals and then we're going to use curly braces instead of square braces and we're going to add in some quotations and then we're going to put in a semicolon so that is the key and the value is going to be my name and then if we want to
add something else in here we would just put a comma and then Quotations and we'll put age and then we put in a semicolon and we want to add in my age of 30 so we have the key right here and the value right here so key value and we'll be able to extract the value by identifying the key but we are not really ready for that so what we can do at this point is we can just print the dictionary so we'll print and then we'll put in here dictionary so we can run our
little code here and see what happens and we are given the entire Dictionary but what happens if we put inside of our Square braces if you remember in a list we would put zero or we' put one for whatever we want to extract and if we put a zero and we run this you might think you'll be getting the key and the value for the first item inside of the dictionary but you see we get an error that does not work for us so we do use square brackets just like we would for a list
but the difference is we're going to put in the key name so We can put in the key which is going to be name and if we run this we get the value right here we get Ryan so name is the key and we're able to pull the value right here you can see we're able to pull the value from the key if and that is how we would pull the value from the key right here but we are getting a little bit ahead of ourselves and what we need to remember is that everything inside
of these curly braces will need a key and a value and will be included Inside of the dictionary and the dictionary can have as many things as you want inside of here so if we wanted to add something to our dictionary what we can do is it is really simple we'll just type in dictionary and we can add Square braces and maybe we want to add an ID to our our user and we can just say ID and then equals 1 and now if we print this dictionary you will see what happens so we'll print
this and we have an ID of one being put down here so we Were able to add in a new key and it's value just simply by typing in dictionary and giving it an ID and one it's pretty simple when it comes to adding information into a dictionary if we wanted to empty the dictionary we could actually leave this right here so you can see that we're able to print the dictionary but then if you wanted to empty the dictionary all you would have to do is type in dictionary and put in some curly braces
and then come down Here and we can print the dictionary again and we need to have an equal sign in here and if we run this we're going to have an empty dictionary so if we want to empty our dictionary at some point in our code we can just empty it and it will be emptied the same thing can be said if we need to add to a dictionary so we need to create a dictionary and then maybe later on we are going to ask the user for some kind of input we can just add
to the Dictionary by putting something down below it and now if we run this we're going to get the ID of one added into our empty dictionary we saw this earlier when we created an empty list and then we added stuff into our list later so you can make an empty dictionary or you can clear the dictionary by doing this right here and one last thing that is going to be really helpful for you is looping through a dictionary so you might think it is going to be as simple As looping through a list but
it's a little different so we can type in for thing in the dictionary we're going to print thing and let's go ahead and run this and see what it gives us so it gives us name age ID we have all of the keys with none of the values but if we want to print the key we can just type in a print and we can say dictionary and we should be able to say thing just like we did earlier in the example and now we should print right here we will print The key and then
right under that we're going to print the value because it's going to Loop through and print each of them one and then the other so we have the name Ryan age 30 ID one so if we delete this we will print each item in the dictionary so we have the key and the value so we were able to print the value by just running the code this way so this is the dictionary it can be a little confusing at the beginning um dictionaries I don't really use them all That often you might see them in
the future but this is the dictionary it is something you need to be aware of okay it is time for our next little challenge here we are going to create a dictionary that will let you add a student and their grade you will need a while loop to complete this task you can go ahead and give this a try on your own and see if you can complete this little task here um if not we'll go ahead and get started and hopefully this will make Sense to you once we're done and if you are following
along for the first time and you are not able to complete this on your own just go through watch this video and don't write the code and then pause the video and go back and try to write the code without cheating and looking back at the code we've written so that way you can at least get some practice on this little challenge so we'll go ahead and start by creating a empty dictionary and if you remember This is what they look like and we're going to need a while loop so we'll say while not off
and it is going to look like this we need it to be on so we'll say off equals false so now we have our little file Loop ready for us and what we can do now is we're we're going to need to take in a name so we'll say name input and we'll just ask it to enter student name and this need needs to be in equals and then we can ask for a Grade and we want to enter the students we'll put student grade like this and now we will want to add in the
key and the value to our dictionary so here is what we talked about how to add to a dictionary we're to say the student grade we're going to put the key that we want to add into the square brackets and then we are going to add in our value by typing in grade so we have the student grade which is going to be our dictionary and we have the key And the value that we want to add to it so now we can print and we want to print student added successfully so we should be
able to space out of there and this is spelled wrong so we can get that to look nice now we also want to print the student grades so that way we can make sure our dictionary is actually working so we can type in the student grades and now we need our while loop to stop so we're Going to ask a prompt and we're going to say addore another and we'll just call this our other students so add another what another student and we can ask for an input and we can say would would you like
to add another student question mark and we're going to give the option of a y or an in so for yes or a no and if you remember from earlier we want to make this a lower just in case the user puts in a capital or a lower this will Automat automatically make it so it's going to be lowercase now we can come down here and we're going to say if the add another equals equals a y then we want to pass by this so that way it doesn't hit the else statement and then we'll
just add in an else statement and we're going to say off equals true which will break our little program right here so we can add a semicolon right there and now this should run for us here let's go ahead And give this a try enter a student's name we'll say James James gets say C because he's average and would we like to add another student let's say no and it exits the code I would like a space right here let's try this again and we'll try yes so we'll say James and he gets an a
because it's going to work this time and would you like to add another student yes and we're going to add Fred and he gets a c because he didn't do his homework and would we like To add another student no just Fred and James is good and it exits and so we have James right here who got an A and Fred right here who got a C so you can kind of see how you would use dictionaries in a real world program taking in information that you want to that you want to save as a
key so James and his grade would be an A okay at this point we're going to take a little bit of a shift and we're going to go from learning python to learning some web Basic fundamentals you're going to need to know the web fundamentals anyway if you want to be a bug bounty hunter or a penetration tester and the reason we're going to look at some web fundamentals right now such as HTML and CSS is because you're going to need to be able to scrape information off of different websites in order to really speed
up a lot of your hacking processes so we're going to go ahead and check out the web fundamentals and then we're going to Move into building some web scraping tools and dealing with and manipulating URLs so let's go ahead and jump into this and then right after that we're going to move into making some web scraping tools and some URL probing tools so let's go ahead and jump in this okay so here we are at codepen.io we're going to be starting out with basic HTML and how to understand it so you can come over here
and go to this web application and click Start coding and it will load Up for us what we need you might have a display that looks something like this or this I like it all the way over here to the right so that way my actual web site will look similar to the way you would see it in an actual browser we can come over here and minimize this and we can minimize this because we're not going to be dealing with CSS or JavaScript just yet and basic HTML and tags I want to show how
HTML tags look so HTML what is HTML it is the hypertext Markup language and it's the language of the internet there's also XML which is another markup language but we're not going to deal with that just yet because we are on HTML so when you come to HTML you can make static websites they will won't look very nice but you can make them and you can do this with just HTML and so let's just start coding along and you'll be able to understand it as we go so so let's say we're making a journal entry
to a book or we're just making a Table of contents you could start out with just a basic H1 and then you'll make another H1 only you're going to put a forward slash and we're going to close it out and then in here we can say this is a title and then it will render for us over here and we have this closing tag and this closing tag is actually really important because let's say I had bu me and as it loads this it's going to Put all of this in here and it puts it
all in Big Font and when we close this out like we already saw and the way you're supposed to do it will load it differently you can see the H1 makes the text really big and let's say we want to enclose this actually we'll enclose the Mi down here with an H2 just like this and you can see this has changed right here and you can see that it is smaller and if we make this let's say we want to make this in H4 you can see as the numbers go up the size of the
font gets smaller so the H1 is for the top heading and everything gets smaller and then you also have a paragraph tag that looks like this and in here would be what you would consider a paragraph so you can just write in here something and then we can close this out just like this and you'll be able to see that it renders just the same and now we have this paragraph tag so you have headings and paragraphs and You can format the text and the style with a CSS which we will do later but right
now I just want you to to have a basic understanding of how HTML works and get to and be familiar with these tags you can actually go to a documentation website for such as W3 schools and so for now I want you to get an understanding of these tags and you can go to W3 schools and read the documentation about all the different tags and we're going to see quite a few Different ones as we go along but these tags become really important for cross-site scripting and other vulnerability because we're going to have to learn
how to break out of these tags in order to insert our own malicious code in the future okay so now that we are familiar with a closing tag there are some kinds of tags that do not require a closing tag and these are typically tags that do not have any input like these all take Some kind of text that they render on the page there are some tags that are self-closing such as a Break Tag and this tag does not take any text or input and what it does is it spaces out these gaps right
here and there is also another tag called an HR tag and this will place a line underneath of the text this is usually done in like basic resumé style HTML websites you won't really see a whole lot of this in actual web applications and if you do usually Stuff like this is done with a border inside of CSS in a div but this is something to be aware of that there are self-closing tags within HTML and you will probably see these I want you to be familiar with all the different kinds of tags you are
going to be seeing when you're looking through source code and you're looking for vulnerabilities as well as trying to figure out how to get a cross-site scripting to work and it is always helpful to be familiar with the Tags because some tags may be blacklisted While others are not and they can be helpful in helping you break out of an HTML element in order to get a crossy scripting to work and another thing to be aware of if you see something like we just saw with the HR and we see this pop up on the
screen and we decide we want to add a size to it and we want to make it bigger or smaller and you can see this is running in pixels so if we do 39 that's going to be Really big I meant to make it just nine you can see that our line shows up and I I think you can also add a shadow but I don't remember how to do that with an HR tag if you ever see this and you're wondering wow I really like how this looks I would like to be able to
make a tag that looks just like this one on a web application you can inspect and you can actually just look to see exactly where it is at let me see if I can we'll grab this inspect and right Here you see the HR size 3 and it's really important to be familiar with inspecting specific things because it's possible in the future that you're going to have an input field and you are able to search it renders within the HTML and you're going to need to be able to inspect to see where the word is
within the HTML so that you know exactly what you need to do in order to break out of it to get your malicious code to run we'll get more into that in the future But for now let's continue with HTML and what it like what it looks like and becoming more familiar with it we're going to move on from here and we're actually going to install a text editor I'm going to have you install Visual Studio code if you're new or you can use whatever text editor you would like but I'm going to be using
vs code so what we can do is come over here and we can just type in vsvs code just like this and you will Come to this page right here you can click download and you can download it for whatever OS system you are using and you can go ahead and download it and then install it it's pretty simple to install and open up and when you're here you will want to make a new folder and I'm just going to leave it we can barely see my folder over here I'm going to rename it as
test app you can call yours whatever you would like and then we're going to open it up so we'll come over Here click open go to desktops and I named it test app right here and I can open this and it will open over here just like this and we can open up a new file and say index.html and when we hit enter it's going to open up our index.html because we're in vs code right here is where you go to install plugins I'm just going to have you install one plugin right now and we're
going to type in boiler plate I think you could just type in boil yes And it goes ahead and opens us up we want HTML boiler plate and you'll hit install right here I already have it installed and then we when we come back to our index.html if we just type in HTML we can go down to this five right here and hit enter and we will be given the boiler plate and now you can delete this right here this is how we want to keep this so we can save this right here and a
helpful tip to render what we have going on in a browser we can just Rightclick and we can just say we want to open with Google Chrome and it will open up a page for us like this I actually want to put that put this page over here so you can see it and if we just come over to our body right here and we just type in and let's make it in H1 and we'll just say hello world save this and if we come over here and refresh our page it will render for us
our hello world so now that we know everything is working we're going to Begin looking at a little more in in-depth Advanced HTML that we will need to know in order to break out of our HTML to perform crosslite scripting and insert JavaScript so with that I'll see you in the next video all right so we have our own little web application running over here and now we're going to enter a little bit in here so instead of this H1 we can enter our name and we'll make like an entry that we would see into
something something Kind of like a Wikipedia page so you have a name and then you're going to want a title and the title is going to be what goes on up here like create a plan or a react app we're going to go ahead and name it and this actually goes inside the head tag and so we can open this up title I guess I probably shouldn't open that up because if I close it off I think it'll automatically close it for me and we can say Ryan's site and then we'll save it and then
if You come over here and refresh this it should refresh for us we got your site and your name and you can add in a paragraph tag so we can say what do we want to say about ourselves right here inside this paragraph and we can say I am learning to become a hacker so this is true for all of us here and what we maybe we want to make this hacker right here we want it to be italicized and bold so we can come in here and we can say we want all of this
To be emphasized and it Clos that off there for us and we'll paste it over here and we'll save this and maybe we want the word hacker to be bold so we can come in here and say we want this to be strong and we can move this as well and now if we save this and refresh our page over here it has all become italicized I'm not sure why this didn't become bold for me I believe that's supposed to be bold but that's okay if It doesn't work for us my goal right now is
for you to be understanding that there are different tags and we can actually add in a Break Tag like say we want we decide we want this word hacker right here to be on the next line we can add in a break and we can refresh it and now we have it on the next line and maybe we decide after this that we want a line underneath everything and so we'll say we want the HR in here for the line break and if we refresh this we now Have our line so we're starting to get
a entry form here kind of like a Wikipedia page I actually should look at a Wikipedia page so I know what they actually look like but anyway my goal for us is to begin to understand these tags and we're going to look at a few more tags and then we're going to start looking at what goes inside these tags because sometimes you'll be inside of something that looks like this and you're going to have to figure out how To break out of this tag because your entry input will be saved inside of a source or
inside of something within a tag and so we're going to learn more about inputs over here in just a little bit for now we're going to look at a few more tags that are going to be really common and you're going to see a lot when you look at page Source now that I'm about to close this out I actually see that I spelled the word strong wrong here so if we save that and now we come Over here and we refresh our page it becomes bold for us there so inside of our HTML and
our tags we will need to spell things correctly otherwise The Interpreter will not know what we're doing or how to translate it into the web page okay with that I will see you in the next video now I want us to look at lists and in the next video we're going to look at image tags which are going to be really important because they're a main way to get an xss to work And so those will be coming up but for now we have our little web app that looks like this and underneath the HR
we're going to add in a list and the way to add in a list can be done with a ul and you just add in an li like this and now we're going to type into our list and we're going to go ahead and put in I have learned about tags and in our next one dang it and the python text editor you can hit Tab and It'll go past your uh tag for you and then you can go down to the next line so we'll add another list just like this and we're going to
say I have learned about list and then we can say lastly um next I will learn about image about image tags and now if we save this come over to our page and refresh it we have these bullet points just like this and if we wanted them to be numbers it's pretty simple you just would change this To an O like so and I forgot to save it and now we can refresh the page and we have one two three so these are lists and tags you'll see these sometimes you'll be able to have inputs
and and one of the really popular places to see something like this is inside of some kind of task manager or something you will see these in live programs or maybe in a penetration test where you are Testing some kind of application that is supposed to help you schedule and you'll be able to input lists and things like this and maybe there will be some way for you to inject either over here or over here but these are the LI tags and this is the O so when you see these in a page Source you
now know what is going to be going on now we're going to move on to the image tag and we're going to pop our first crossy scripting only we're going to use an alert because We're not going to be injecting it into anything but I want you to see how it works because you're going to see these image cross-site scripting a lot in the future they are really popular if you can get one to store for the cross-site scripting to pop every single time the page loads so with that we will move on in the
next video few more things to go over and learn before we are ready to start practicing crossy scripting elsewhere and the first thing we need to Cover is an image tag the image tag is going to be one that you're going to see a lot in ctfs and practicing crossy scripting because it will automatically render on the page whenever it is loaded or if there's some kind of submit button for an on error to cause an event so with that we will just start out with a basic understanding of inserting an image so if you
just type in IMG it should load for you you have this alt which is what's going to load if the Source doesn't work so we can just say Ryan because I'm going to use my image and if we save this and we'll say the source is lost so obviously there's not going to be any Source if we come over here and we refresh the page we see Ryan and it tells us a little image is not found but if we go out to say Google and we type in who am I and we type in
PhD security and then we go to images here I am right here and we can copy the image address right here make sure I'm trying To read those make sure that's right and if we paste this in here and then we save this huge link when we refresh our page our little browser that we have created right here is going to go out to this linked address that we have right here on YouTube to grab my image image and it's going to Ping it and make sure that we have permission to load this image right
here so if we save this and refresh you can see my image has popped up right there now I don't like where This is at so I'm going to delete this and that's one way to grab an image and you will probably see that in the future and you'll definitely see when images aren't loaded that's usually what's happening now I already got the photo over here same photo you will see this as well this is the most common way to load an image and it's also the most reliable way I actually want to put it
underneath my name because it'll look better in our little wiki page right Here so if we do our same thing and we say image and the source is just ryan. PNG because it is already loaded right here for us and we save it we can put in the alt we just say my name and we save it and we refresh it you see it moves up here and that is because it's grabbing the link right here now I think the most popular way to perform a cross-site scripting especially in ctfs that don't have any kind
of black listing it's going to look just like this Source you Just put some mumbo jumbo in there that's not going to work and then an ALT doesn't really matter what you're going to see is an on error and then it's going to do something and usually the do something is going to be alert and one and then save this refresh our page and you see the cross- site scripting pops right there for us and you'll see something like sometimes people will put in a one sometimes people will put in xss and sometimes you Can
just see a one two three save it we got too many closing brackets and on our page over here refresh we see this page says 1 two 3 and that is going to be probably the most common cross- site scripting that you're going to see in beginner ctfs and the reason you're going to see it done like that in the beginning is because this is really easy and your input isn't being stored anywhere we're going to get a little more complicated as we go along with the Cross- site scripting this is how you're going to
see images loaded in HTML and this is how you're going to see a lot of cross-site scripting performed you're going to see this image payload all over the place so if we come back to our payloads look we have image image image and you always see this on air and here's an onclick and you're just going to see a lot of these image tags here's another image tag and so you're going to want to be familiar with understanding The image tag and then how to perform the cross-site scripting with it as we go along things
are going to get more interesting and a lot more fun to try and break out of I know crossy scripting doesn't pay a lot of money usually but it is a lot of fun to break out of the HTML tags and bypass the bad characters so with that we're going to look at HRS and hyperlinks in the next section and then we're going to start looking at getting cross-site scripting to work for Us and then after that we're going to start looking at Cross site scripting and breaking out of HTML tags so with that I
will see you in the next video okay so we're here with our code for our very simple website that we have going on right here and so far we have just a static website with nothing really going on and I want to move on into HRS and we're going to build this inside of an anchor tag so right now if we refresh this page right here we're going to get Our xss so we're going to go ahead and comment this out I think you can just click at the end of the line yes you can
you can click at the end of the line and on a Mac you hit command SL or command question mark and it comments out the line there for us and below this we're going to add in our anchor tag which is just going to make us have a clickable link so we're going to go href which this is going to be the link that we are actually wanting to add to our website And we're going to just give something very basic like google.com so we can go https slash and then we go www.google.com and if
we save this and then we come over here and refresh you will see our link when we add it in over here Google I forgot to add that text in and I forgot to save it so we'll save it refresh our page and now we have this link right here and if we open link in new tab we are taken to Google so this is really simple and you Can actually I've actually been seeing these little anchor tags also in side of the source right here become a place for cross-site scripting I'm not really sure
why developers have been making it so your user input say there's like an input box or you can just come up here and you would do something like this and just add in a parameter of something equals and then xss script right here I've been seeing at least twice in the last month that right there that xss Would get stored either right here or right here and all we have to do is break out of these little links or the source or the H in order to get our cross- site scripting to work so we'll
just pretend for now rather than actually build an input because that's going to require some JavaScript in order to get it to be saved inside of this link but one of the things you should always do and always check for is if you can add in a parameter right here Like this or you're able to just insert something into like a text field and hit search like on a search bar on Amazon or Google and then you inspect the text like this you should always check to see if your information is getting stored in here
like this cross site scripting you should always come in here and look for the cross-site scripting or your keyword that you were able to put into the input so I want to just show you like how to break out of this for cross-site Scripting let's say we're able to add a parameter and it adds it into this Google.com the most recent one that I saw it was was actually a pending what I put in as a parameter down inside of a page one it was like something like this page one equals and this was at
the foot of the application so it would have looked something like this right here and if we save this comment that out and then we come Back over here and we refresh this it was down here at the bottom and it was like page one and within this page one it had my little cross-site scripting payload that I was adding in right here and so we'll pretend that is what we have going on is that we're able to add in a parameter and it's getting stored right here and we need to break out of this
in order to get our cross-site scripting to work because if you just come in here and type in script Alert and then you close this out nothing is going to happen and I'll show you we might even get an error we come over here we refresh it and nothing happens you click on it nothing happens we're not able to because what's going on right now is we're not breaking out of the current HTML and there's a couple of different ways to go about this and this is all going to be trial and error and sometimes
when I come across something like this in the wild I'll Just copy this and I will paste it into a text editor just like this because the colors are going to change when the payload is ready to work so you should be aware of copying this and bring it into a code sandbox or some kind of Text Editor to play around with it but I think this one is going to be pretty easy easy to break out of you just add in some quotations right here in order to close this out and then you can
add a closing tag and now if we save this and We come over here and we refresh the page we get our crossy scripting to work and they really are this easy to find in the wild especially if you're off the beaten path where payloads have not been tested and people haven't been looking for cross- site scripting like this the one that I found really was this simple all I had to do was come up here into to the URL and I just added in a random parameter so you can just add in for for
the sake of example a CB like a cash Buster even though we're not doing web cash poisoning and then you can just add in a parameter of um payload and then we would say equals and the way you would get this to store is you would type in our script that we put in just like this in order to close off this Anor tag and then we just add in our payload and so you'd go like this and you'd say script script spell it right script and then we would have alert and then we would
close Off our payload just like this and then you submit this this is how it worked for me and this right here was getting stored inside of the hre just like this this so that is one way to pull off a cross-site scripting inside of a anchor tag and sometimes you'll see these inside of something like this because if you're familiar with burp and you see the header tags and it sends a a refer header showing where you came from in Order to get to the next page it'll have in the previous website that you've
come from and I actually came across a website that was storing the previous URL inside the HTML in a hidden input field and all I had to do was copy it and then basically do the exact same thing we were doing earlier and just add in our script just like this in order to get the alert to work so you can look out for these in a lot of different places such as an an such as an HF or Inside of a source and just be aware that where you put things within the input it
may get stored randomly within the HTML and then all you have to do is be familiar with HTML such as closing off the quotes and then closing off the tag and then pulling off the cross- site scripting so with that we're going to move on and look at some more HTML in the next video all right so there's two things I really want to show you before we move on from HTML and we take just a Second to look at CSS and then we move into Java script and that is hidden information as well as
forms and so we'll just start out with forms and it will naturally lead into the hidden elements so a form is pretty much just what it sounds like it is one of those things that usually includes inputs and information that you're going to be taking in from the user so usually within a form you'll have a class which we're actually not going to mess with Until we get to the CSS and then you'll have some kind of action typically and this is going to take you somewhere and we're not going to mess with that really
either and then we're going to also see see a method which we're not going to mess with as well this is what would be sending the information to the server okay and now we're going to want to add in a label just like this and inside of this label we're going to delete that and we're just going to say your name so We have this your name right here so if we save it and we come over to our page and refresh you will see it pop up on our page and I added in this
little HR so that you could see the division of the information and right here is the your name so we have our label and now we want to take an input so what we will do is add in an input so we just say input just like this and it's going to be a type text and we're not going to mess with the ID or the name at this Point and if we save this you're going to see just a box appear over here and so it says your name and then we have this text
box we're going to end up adding a button as well so we will say we want a button and it's just going to say submit even though our button at this point is not going to do anything and we can save this and refresh and now we have your name with this text box and a submit button that does nothing and then lastly you're going to see within These forms is a password and you're going to see something like another input just like this and instead of the type text you're going to see a password
and if you save this and we come back over to our page and we look at this actually we're going to go ahead and add in a break because we want this on a new line so we save this we refresh it and that's pretty ugly and you'll see we have these little hidden dots just like here this is to secure the password and You'll see these a lot on web applications but now they've started adding in this little ey over here for you to be able to see what you're typing in because if you
know any HTML and CSS at all you know that you can just right click this and you can inspect and then you can come in here and just change this password to text and then look at it just like this and you can see the information that is being typed in here and this is why people when they use Public computer should never save their password because if you use a public computer and you log in and you accidentally hit save password then the next user can come in here and repopulate the password and look
at your email and password and have your information which would be very bad so don't use public computers to enter in literally any of your data that is important to you so there's one more thing I want to show you and that is the Hidden option and so we're going to actually use a div here and I want to show you that you can just type in Hidden right here and usually this hidden will be something other than the actual word hidden there's other ways to hide elements within HTML but we're going to use hidden
because it's really simple and then sometimes you'll see something like ID equals eight and then if we save this you I've never actually seen this in the wild only in ctfs so This is not going to be something you're probably going to encounter in the wild but you will probably see it in ctfs as I've seen it in several ctfs and you come over here and you refresh this page you can see that we have this div id8 and it's hidden and we can unhide this by just deleting the word hidden and now the ID
shows up on the actual page and usually within ctfs this id8 will be within a form and you would just change this8 to something else so you could Come down here and say we're going to change the ID to one which would typically be an admin and then you would hit the submit form and it would change your ID to one that's usually how it'll work in ctfs I've never actually seen this in the wild but it is something to be aware of that you can change this hidden to anything you can just delete it
and then you can change things within forms that have been hidden quite simply just by Changing it so that is something else to be aware of within the world of HTML and CSS all right so we have a future edit here and I just want to say the reason that this would work in most ctfs is because if there is no JavaScript to check the user ID input then when you hit the submit button it would go ahead and send it but in most cases there's going to be JavaScript to check such functions so a
lot of times this is not going to work and we will cover this More in the future but for now I have seen this in ctfs where you can change an ID because there's no JavaScript checking to make sure that the user client side input is what it is supposed to be and the next video we're going to give just a quick look at CSS because we're not trying to be web app developers I'm not going to spend a lot of time on CSS just going to give you a quick overview so that you know
what it is and when you see it you'll be able to Recognize it and know that it really isn't anything important to you unless you are crazy good and you can pull off some kind of remote code execution through a CSS injection which can happen but is really Advanced so we're going to just look at some simple basic CSS so that you are aware of what it is and you aren't questioning when you see it inside of some source code I'll see you in the next video all right we're going to have a look at
some CSS we're not Going to spend a ton of time working on our little website here making it look nice for me I am not a designer and I don't understand web design and fashion or anything like that or color coordinating so in the world of web development this is for me the most difficult part is making a website look nice some people are just gifted as designers and I am not one of them so I'm just going to show you how CSS Works into two different ways I'm going to Show you internal CSS and
I'm going to show you external CSS so that way when you come across cross CSS you know what you are looking at and you're familiar with it I'm not going to actually show you how to design a web app because that is not my area of expertise and it's not my gifting if we want to do some internal styling we can just come in here and type in style and we can hit enter and then we have this H1 right here that has our name in it so we could Just very easily just type in
H1 and then we open a set of curly braces and then we can just type in color and then we can just type in Aqua looks like a great color and then we close it off with our little coone there and we save it and we come over and refresh our page uh I see I didn't type in H1 typed in HR so we type in our H1 save it refresh and our color changes to blue and then maybe we want to change the word right here hacker there's another Way you can go around doing
internal styling and you can just come in here and say that you want a color and then we say we want pink and then we can save it this way and then if we refresh it our color works so there's several different ways you're going to see internal CSS and this right here is the most common this happens but it doesn't happen very often so when you're out in the wild you will see CSS function like this and you Can also do a lot more with this we're not going to cover it so you could
come in here to this H1 and you could type in something like padding and you can say padding left and then we could say like 200 pixels and then if we were to save this and come back over and refresh it you'll see that the name moved I'm not sure if there is a centered option let's check it out there is not so there's something called bootstraps that would really help you with your your styling If you were trying to become an an actual developer but we're not going to spend a ton of time with
that so you can do things like the padding left you could do a padding for the bottom if we wanted some space between our information here and you could say 100 pixels and you could save this and if you came over here and refresh it we'll get a padding over here so this is a little bit of Styling and one thing to be familiar with is a lot of times things are going to be broken up into divs so you would have something like this right here you would have a div and we'll just copy
this and cut and we can paste that right here and then we'll put another one we'll keep we'll put this right here and then we'll put one down here between our list that we have right here and then if we were to put something inside of here like we say this div we want to style it And we say style and then we want color and then we're going to make this entire color red it's going to be very bold and then we decided to make a different div and we wanted the entire color to
be let's say we'll make this entire color pink and we save this and we refresh our page you're going to see that everything within those divs actually changes colors except this overwrites what was written inside the div so we can actually just go ahead and Close this out right here and now if we come back and refresh you can see everything becomes red and pink within the specific div and so this is an introduction to internal CSS you can style it either up here like this or you can do some internal CSS and so the
divs are going to be like you can within HTML and CSS you can think of everything as being inside little boxes and there's actually a Chrome extension it will actually show you all of the boxes and It's called pesticide and you can install it if you want I'm not going to show it because the point of our course is not to learn how to be designers the point is for us to understand it CSS well enough to know what we're looking at so that we can figure out how we can exploit web applications when we
come across it so with that in the next video we're going to look at external CSS okay in this video we're going to look at an external stylesheet and then I'm going To show you why this was important for you to learn so the first thing we're going to do is we can just go ahead and delete these inline styles that we put in right here so that way we have our blank page like we did before and we can just go ahead and delete the style Al together and then if we save this and
go back to our page and refresh everything is back to how it was before now what we are going to do is come right here and we're going to add a folder just like This and we're going to call it CSS and then inside this folder we're going to add a new page and we're going to call it style.css and you can see our Visual Studio has recognized it as a stylesheet come back to our index.html and inside of the head tag up here we can type in link and it tells us that it has
this stylesheet and we have the hf2 and we want to link our CSS stylesheet just like this and it Auto saved for us and we can now save it and now you can come over to your stylesheet and if we wanted to do like we did before we can type in the H1 and we can type in color and we can say red and if we save this and come back over to our page page and refresh this our name is now red because that was the H1 we can do something like we did before
with these divs and we can say we want to give the div a color so we could say div one we want to have a Color of blue so we can come in here we put our period before the div and this is going to tell it that this is going to be our keyword and we can say color and we want blue just like this and then we'll make a div 2 so we'll say period div 2 I forgot this was div 1 and we can say we want the color of pink we'll go
div one right here and we can say style div one and I just realized that this is supposed to say class because we've given it a class Name over here and then if we give our second div a class of div 2 and we save this and we come over here and refresh it we now have the colors have changed within our div and our name color has changed so this would be a form of external CSS and I want to show you why it was important for you to know this and it's important to
know that the this file was named CSS and then we called it style.css if we come back over here and we just check out this color palette and We inspect the page and then you come over here to the sources you can actually click on this CSS right here yours might not be all in line like this you can click on the CSS click on the style page and then click the pretty right here to make it look pretty and you can see just like this what they have done it is organized just like ours
so this would be an anchor tag which would be clickable and they have red green blue not sure what the a is and Then they have the text decoration ation none and so you can see their stylesheet is called CSS just like ours and style.css and then it is formatted exactly the same way and this would be an external stylesheet and then if you come back to looking at the elements you can see the class right here the class names for how they decided to name their classes and organize what they look like based on
the CSS so now when you come in here and you inspect a page and you come Across a CSS file you'll know what you're looking at and you'll also be familiar with seeing class inside of the divs seeing these class names and that is going to wrap up for us the CSS internal and external I will see you in the next video okay we're going to be looking at some new modules we're going to be using beautiful soup to scrape information from a website so let's go ahead and I just Googled programmer in Wikipedia to
get to this page page so I'm going to now just view the page source so we can look at this on the page Source what we're going to do is be grabbing um different information from the page source so that is what we are going to be doing in this video so we're going to be grabbing different information from the page source so again all you do is right click and go view page source to get that page so over here we have a brand new tool that is I have named named spider. because This
is going to grab different Ur URLs for us and we're actually going to go ahead and give like some examples and then we're going to create this tool all together in the coming sections so what we can do to start out is just grab this URL so we have it in our tools so we can copy paste it as we need to use it and run that page to make sure our code is running and then we need to import so we're going to import a couple of different things we're going to import Requests which
you have actually seen previously and if it's not not installed just hold your mouse over it and then you will click install like you've seen before so we're also going to run from bs4 which is a beautiful soup we're going to import um beautiful soup so b e a beautiful soup like this and you'll just hold your mouse over this and you will click install and this is bs4 so hold your mouse over if it's red and click Install and you will have beautiful soup so I think we'll start out by just making this a
function and say get page so we'll do something like this we're going to pass in the parameter URL and we'll type pass for now because we need to call the page so we'll say get page and we're going to pass through a parameter which is going to be an input because we want to pass through our URLs that we would like to scrape for so now we can ask the question what URL would You like to scrape question mark and then space so our what we type in doesn't get smooshed Al together so now we
can come back up here and delete this pass and if you remember from using responses the response or the request module that we imported earlier we have to create a response equals request and then we want. get and it's going to get the request from the URL that we pass in so now we're going to create our soup equals beautiful soup which is going to Be a class and then we want to pass in the response that we just created do content which is the content that we grabbed and it's going to be parsing for
us HTML you can use HTML XML lxml um or whatever modules it has you can go read the documentation but for our purposes we're going to be using HTML so we're going to use the HTML parser now we can do something pretty simple and we can just print the soup and you're going to see just how easy it is to use beautiful Soup so we can just start grabbing information from the website so we'll just highlight this so we can paste it in we can run our program and which website would we like to scrape
we can run this in and it's going to tell us here is the first anchor tag so you can do something like this anchor tag you can do soup. findall and then you can pass in an a for your anchor tag which actually I believe when we run this method slf function you need this in Quotes so let's go ahead and try it this way and it now will find all of the anchor tags and if you remember we have anchor tags in here that will be connected to a lot of the H refs so
you can find different anchor Tags by doing something like that as a find all and that will grab all of them and I believe we also have a find method so if we just run find I think it grabs just the first one for us so let's see yes it grabs just the first one and instead of Finding all so you have the find method as well as to find all and find can be you'll use find when you want to grab like one specific URL so let's say we wanted to grab maybe just an
H1 what you would do is come down here and you would look for an H1 which I'm actually not seeing any in this page let's just say we want to grab some this right here with this ID you can just copy this right here and we'll copy this and you could come back over to your program and You could paste that in and let's run this we have too many quotes going on here so we should be able to run this as it is let's see if that works that is not going to work because
the ID needs to be outside of the quotes and that needs to go inside of the quotes now we should be able to run this highlight our URL and paste it in and it'll find that specific button for us and if we wanted I believe we could save this as a variable and we'll just call this VAR Equals and then if we want to adjust the text we could say print var. text I believe it is and let's see if this will work for us because I'm not actually sure if that would run let's try
var. string let's try that if it maybe it could be that our button doesn't actually have any information in it yeah it doesn't have the information to actually print so if we were to grab like the a title right here let's say we wanted to grab a title this will work For us a little better but just so you know you have this find to grab very specific information within the page Source like if we wanted to grab this entire div we would just highlight this and then we would paste that in and we would
use just that so if we wanted to let's see if we can find some information on this page that is actually typed out so down here you start to hit different bits of information being typed out so if we Wanted to grab this title right here and the title is count we could copy this and hopefully it's the only one and we can paste that in and this should print this should this one should actually print some text back because the page had text on it and it is getting an error because count doesn't exist
so let's try this again and let's delete delete our string because that's giving us an error see what information we're getting back Still not giving us information so another way we can actually grab information is we can just actually come up here and we can just tell it we want to print and let's say we wanted to print just that title that we saw ear earlier we can type in soup. tile do string um kind of like we were trying earlier and if we run this we should be able to paste that in and we
get programmer and Wikipedia as our Title page so we get this programmer up here and the Wikipedia as our title which would come from this page Source it's going to grab the title all the way from the top right here so we have that title and we're able to grab that so we're able to grab specific information I hope you're seeing how this is going to be beneficial to us as penetration testers or bug bounty hunters because typically what we want to grab is going to be this right here we're going to Want all the
links that are relevant to our specific URL so let's go ahead and we'll comment out this actually we'll just delete this because we don't really need it we're done with that and let's actually do something useful like grab all of the links out of here so what we can do is we can just say we want to grab all the tags so we'll say tag equals soup and we want to find and we want to find all and we want to find all the anchor tags and then within all of The anchor tags we want
to find all of the hre so if we run this right now look at what this looks like we're going to need to print the tag so that way you can actually see what it looks like so we'll print the tag and this information is not going to be that helpful to us we want the href so like we want this hre we want this atref because every one of those atfs is a potential Target for us on that specific web page so we're going to need to create a for Loop to grab Just those
tags so we can actually say four T in tag we want to get the URL um and since we're passing through the URL up here we could actually just call this like URL to and it's going to equal a t for each time it Loops through and we want to get just the atre so we can say get and we need to pass through the hre now what happens if we print the the URL to let's see if this will grab that for us we'll Comment this out because we don't want that to print so
let's try this and see we do we get all of these different URLs now sometimes when you run something like this it's going to take you like this this is not helpful to you as a penetration tester we want just the Wikipedia Pages or if we were targeting yahoo.com we want just domains that yahoo.com owns so let's go ahead and build out a real tool that you can use in real life um such as subl Lister or Some kind of tool that's going to grab you domains but we want live domains so we're going to
build two tools and we're going to build one that's going to grab domains and then we're going to build another tool that's going to test those domains and we're going to have an output of live domains that are going to be most likely in scope so a lot of these stuff a lot of the stuff like this right here that has nothing to do with Wikipedia would most likely be out of Scope this would be out of scope so we want the stuff that actually says Wikipedia and is owned by Wikipedia and is sending us
to Wikipedia pages so let's go ahead and build this out now so we'll just delete all of this and get started and let's just start over from the beginning so we want to import request just like we had earlier and we want beautiful soup so from bs4 we're going to import and we want beautiful soup and then from URL Lib so from the URL Library we would like to just import everything so that way we don't have to mess with it later and now we can actually start our program so we're going to set up
just the shell first and then I will explain what is going on and how we're going to build this project so we're just going to type out um visited URLs and the reason we're going to do this is we're going to use the set class right here and the the reason we're Using this is because it will identify all of the individual URLs so let's say we visit um multiple URLs we want to actually keep one at a time so let's say we go to yahoo.com and then it goes to yahoo.com and then on the
next page it says you can be referred to yahoo.com we just want one yahoo.com we don't want to crawl the web page 50 times because that popped up a bunch of times so this visited URLs which is spelled wrong um we just want to classify each one one Time so if it's a duplicate it's going to just delete it so if you're more interested in what this does you can just copy this and go out to Google and paste it in and you can read about how the set class works and we don't have to
worry about those duplicates that's what we're going to be doing with this with it in our program and then the next thing we're going to do is we're going to want a function and we're going to just call it we'll call it spider URLs Because that's what essentially we want want to do is spider the URLs and we're actually going to do something a little more interesting we're going to pass in the URL and then we want the key words in the URL and if you remember why we're doing this is because when we typed
in our last program and we ran it we were getting all kinds of URLs that were not actually related or in scope to our Target so we're going to pass in a keyword also and that is totally not Spelled right so we're going to pass in a keyword along with our URL so if our keyword is in the URL then it is going to print it out for us in a file so more specifically if we were attacking yahoo.com and Yahoo has links that will take you to Verizon or it will take you to AT&T
or or B or whatever really anything we don't want those URLs we want only the URLs that are related to Yahoo so it would be like sports. Yahoo.com or anything that has Yahoo in it so we want to pass in the URL along with a specific keyword that we want to see in the URL as well so that way we're tracking URLs that are going to be in scope for us so then what we're going to do is we're actually going to take in these two parameters the URL and the keyword and we're going to
save them in variables so we can say URL equals and we're going to have an input and in this input we're going to say enter the UR URL you want to scrape and then we can put a period and a space and then we also want the keyword and we're going to say keyword equals and it's going to be another input and we would like to say enter the key word to search for in the URL provided and then period space and then we want to pass those in to our function so now we can
say we want want to spider the URL and we want to pass in The URL and the keyword so now we are passing those parameters in and we'll just go ahead and put that way down at the bottom because we're done with this and now we're actually ready to start our program so this might seem a little confusing as we go through and make it but when we're done you'll be able to go through and read through this and it's all stuff we've covered before and so you'll be able to understand what is happening if
you would like you can go Ahead and try and write the code yourself and then if you get stuck you can come back and watch the video and I'm certain if you complete it we will not have written this the same way and I just notice that this is actually supposed to say URLs and that means we need to change that down here URLs okay so we're going to go ahead and get started with this project the first thing we want to do is we're going to enter a try statement because if you go Out
and you get a response and the response is bad or the URL gives you a 500 or a 401 one then we're going to have a problem so like always with our request module we've now seen twice previously we're going to go ahead and open up a response variable and it's going to be the request and it's going to get the URL so request.get and it wants to get the URL that we are passing through going to go ahead and try to get the request and if it is able to get the Request then we
want to do something with it and with that we're going to say if this does work so if it tries this it's not able to get the request then it's going to need an accept clause and we're going to type in here that we want to print out the error so we can just come down here and we can say print and we're going to make this and fstring and we'll just say request failed and then we can actually give it the URL that failed so we can just say request failed And it'll pass through
the URL so we'll be able to see the bad URLs but if the response works we want it to come down here and continue our code and because we H this accept if we hit this and the request fails you can type in return right here and it will stop the code so none of our if statements from this point forward will be ran so now if it works so if the response status is a 200 then we want to keep going with our code so we can say if this is a 200 then we
Want to try and grab the information from the site that we are actually trying to scrape so we're going to now type in our soup which you saw previously and it's soup and we're going to use the beautiful soup and we want the response just like before of the content and we're going to be using the HTML parser the same as we did before so we can type in html. parser and we want to grab all of the anchor tags and all of the H refs so you have seen a a lot Of this previously
and you can try and type this out if you remember it so we'll just type in the a tag and it's going to be the soup. find and we want to find all not just one of them so we want to find all the anchor tags and then we also want to grab the href out of here so we'll just type in href will that let us use href it will as a variable so we'll say href equals and then we're going to grab the tag right here our a tag and then we are going
to Type in the href which is what we're actually searching for so you should understand what is going on at this point um just to show you we're going to grab the anchor tags and inside of all the anchor tags we're going to grab the HRS let's see if we can find one so right here is an anchor tag and here is the hre so it would grab this right here as our link so that's what we're trying to grab so we have the a for the anchor tag and now it's going to grab the
hre Out of the anchor tag and we're going to Loop through these tags so we can hit enter and we can say for the tag in the a tags we want to do something in the hre just like this and let's see why is it giving us this error the object is not callable so we're not able to grab this out of here so actually I think this will go inside of our for Loop now that I'm looking at it and we're actually going to need to create an an empty list for our URLs and
so we can Take that hre and we can say the hre equals the tag and we're going to get the tag hre like this and let's actually see um this is going to be not the hre this is going to be our anchor tag so we're going to grab all the anchor tags and then we're going to Loop through all the tags our open list right here is empty and we're going to end up putting our HRS into this empty list right here so let's go ahead and see if we can figure out how to
get this in here and We can just say if href is not none and href does not equal the empty string just in case we get some empty HRS then we want to do something with this and we want to append this to our URL list right here so URL your url list. append and we're going to append the hre variable which is going to Loop through right here so let's see if we can actually print this at this point and let's print our URL list and see since that is inside of the for loop
It's going to print a bunch of times so we'll just move it back and see if this runs or if we get an error we have an error because we need our semicolon so let's go ahead and run this and we get an air on line 37 this is supposed to be an input not an integer so now let's try this again what URL would we like to scrape we'll just say https and we're going to use www.yahoo.com and I'm going to actually copy this and we'll paste it in here and Comment it out so
we don't have to keep retyping it we'll hit enter and the keyword we want to find is Yahoo and it does in fact make a list here for us so we know our code is working to this point and now we need to get this out of a list and we want to put it into a text file we want to get rid of the brackets we want to get rid of the the um quotes and we want to get rid of the comma so we have a little bit more here to do before this
is finished so at this point It really is pretty simple all we have to do is call our function we're going to pass in our URL our keyword which at this point we're actually not doing anything with with our keyword so I bet that if we just scroll over a little ways we're going to find URLs that don't have Yahoo in them so let's go ahead and walk through this code up to this point we have our URLs this is going to filter out any duplicates as you see down here we actually do have a
duplicate and that Is because we have not called this visited URLs yet to delete our duplicates but we are in fact going to get there so this will delete our duplicates we pass in our URL we're using our requests up here so we're getting the response from the request of the URL that we pass in which is yahoo.com so it's getting a 200 for the response and if it gets a 200 for the response it's going to come down here and run this code if the URL fails it's Going to give us a print of
the URL was failing so let's actually try that let's give it a bad URL so let's just do something like that and something like that and see what happens it's actually going to go out and try to scrape this and it's not going to find anything so apparently our accept Clause we can just go ahead and type in pass because that is not doing anything for us so it's not actually going to print any bad code for us which is okay um what we could do is In here inside of our if statement you could
put a time delay and say if there's no response within 5 seconds then close the program and maybe we'll go ahead and do that at the end and fix that up now our response is having a problem add a global statement so we'll just go ahead and put that back so that way we don't got to mess with that because it was working um let's see so we have our return statement if we hit a problem we'll add in an if statement Later on for the time delay we have our if the response is a
200 which it means our yahoo.com actually gives back a 200 there's actually a page then we're going to use our soup variable and we're going to use our beautiful soup and we're going to use the request which which we made which is going to have the content of the request and we're going to parse it with an HTML parser we create our tag right here anchor tag we want all the anchor tags off of yahoo.com so if we Just come over here and we type in yahoo.com and then we view the page Source we want
to grab all of the anchor tags so if we just hit command find we should be able to start going through so right here it shows an anchor tag right over here if I can scroll over just a tiny bit which I was unable to anyway it's going to have the anchor tag so like right here is an anchor tag and we can skip around and find right here's an anchor tag so it's Going to go through Yahoo this main page and grab all of the anchor tags for us and spit out all of the
domains down here at the bottom for us like we saw so we have our list of URLs and it's going to go through each tag so for every T you can name this whatever you want this variable so for each tag in our ankle an tag our anchor tag that we are pulling down right here we're going to grab the hre so our hre is going to be inside of the tag and we're going to grab that and Then if the HF is not equal to an empty string or it's none or um any other
issues that we're going to have our URL is going to append our hre to our empty list so that's where we are so far I hope that made sense um makes sense to me and um yeah and so let's keep on writing our code so now we are going to need another for Loop and so we can come up here we can comment out this because we know our code works up to that point so now we're going to Loop through our URLs that we just created right here so we have this list of URLs
we want to scrape out all of the duplicates so let's go ahead and delete the duplicates and get just those URLs that are actually beneficial to us and then let's also make sure they're in in scope by adding in our keyword which I don't know why I have that right there so we're going to add in this keyword into this for Loop right here so what we'll do is we'll say for the URL and that's really Not a good name for this because we're using URL up here and here and down here so we'll just
call this four we'll just do 4i we'll just call it a generic for Loop so 4i in URLs we're going to do something and we're going to say if I is not in the visit URLs we'll just go ahead and make this URLs too so that way you guys can actually understand it for me it makes sense to use I but um if you're new maybe using I is not the best way so for URLs too so if there's a URL in here if this URL is not in the visited URLs then we want to
add this to a list so we'll say visited URLs and we want to add visited URLs do add and then we want to add it to the URL and then if it's not we're going to join it so what we have right here is it's going to go through this URL set if it's a new URL firstly if it is a new URL that has not been visited it's going to actually go out and open up that link so if the program Has not visited that specific URL within the page our crawling program is going
to open up that URL and it's going to recursively look for different links that we have not yet found so it's going to scrape yahoo.com and if there are any links such as this link right here it will click on this link and then it's going to go in here it will view page source and then now it's going to go through all of this code as well and look for any links and let's say there Is a link inside of here let's see if we can find one right here it will click this link
and then it's going to hit command inspect that's going to right click and inspect actually we'll use view page Source because it shows up better it's going to view page source and it's going to scrape through all of the hrefs in this page and if there's an href in this page right here it's going to click on it like this one right here and then it's going to view page source And it's going to pull through all the links and you're going to start to see that you're going to have a gazillion Links come back
as potential subdomains or domains for you to look at that are related to yahoo.com so it's going to recursively just continue to open up links and that's what we're setting up right here here so if it has not been visited it's going to visit it if there's a link our program is going to click on it and it is going to open it Up and then it's going to search for our keyword which is going to be Yahoo and if Yahoo's in it it's going to give it to you as a potential as a potential
attack site um that you would personally need to go and check to make sure it's in scope so that's what this is doing right here it's taking these visited URLs and it's seeing if it has been visited or or it has not been visited so that's visited and now we can come down here and we can just say we'll call this URL join and it's going to equal the URL join and I am getting this from the lib parser that we imported so we're going to use URL join and we're going to join the URL
with the URL and you can just go ahead if yours was red like mine you can highlight it and click import I think it will automatically update up here it will right here import URL join I was hoping that importing all would solve that problem but it did not so you might have to hold your mouse over it and use That so this URL join right here is a function from the URL lib parser that we imported up there and it's going to construct an absolute URL so if our URL is used it's going to
take the relative URL and it is going to use the same base URL and it is going to join them together to construct a URL for us that it's going to go out and visit so the reason we are using URL join is to ensure that the URL that we are giving it is an absolute URL and it is Including the https so we're not going to be able to use a URL by saying just yahoo.com it's going to take https and or HTTP and then it will take the the do slash and then www.
um yahoo.com so we're using an absolute URL we're not using any URLs that are going to be just yahoo.com or anything like that it's going to have to be a full absolute URL and now we're going to check for the keyword so if the keyword that we are passing through up Here or we entered in down here is inside the URL then we're going to actually print that because that's what we want so if that's in the um what do we call that url. jooin then we want to print that so we'll print the URL
that has been joined so now what we want to do is actually come down here and call our function again so if we grab new URLs we want to go to those pages and scrape them so we'll just type in spider. URLs and we can just say right Here spider. URLs and we're going to pass pass through that new URL that we just created so that URL that we joined and we're going to send through our keyword so now this should pretty much complete our code it's going to take the keyword and if it's in
this URL this that we just pulled down right here this absolute URL it's going to print the URL so we get it down here and then it's going to recall our function and it's going to repass in new parameters which Will actually be our same key word and the new URL that we passed down so this is going to recursively search through all of yahoo.com and grab all of the domains so now we can just give an else statement because we got this if statement and we can come back because we need to line up
with this if statement and we're just going to say else and we want to pass so let's go ahead and give this a try um I think it'll work it might not we might have Have to do some debugging so let's go ahead and run this we're going to use yahoo.com and I accidentally highlighted the comment so we'll copy that so we have it and we're going to use yahoo.com and let's see it is now printing out the pages but we're getting a bunch of duplicates which means we have a problem in our code so
I'm going to debug it and I'll bring you back all right so I see our issue we have this is why you need to be able to read through Your code we're passing in this URLs to right here because I was getting too involved in naming this variable so you guys would un variable so you guys would understand it and it turns out I'm passing through the exact same URL every time because up here we are passing in our URLs do append the hre so that way we have this list up here remember we printed
and it was working for us but I passed in url instead of URLs I was passing in the exact same URL we have up Here over and over and over which is why that was printing over and over and over so now we pass in our url's list and we'll give this another another try we'll go ahead and copy this just to make sure that I have it on my clipboard paste enter Yahoo as our keyword and run this and that apparently was not the bug let's keep on looking okay I think I got it
working this time so what was happening was was we were passing in right here URL and URL so if we delete This we're passing through url url which was just getting this URL from our response and passing it through two times but what we need to pass through is this URL right here so we can copy this and we can space paste this in here now cross our fingers run our program copy yahoo.com and hope that we get all different domain s or targets for us to attack here we want anything that has Yahoo in
the URL and there we go so now It's just going to run recursively it's going to click this page and grab all the URLs off it it's going to go through and this is probably going to run for a really long time and it is going to give you a bazillion targets that you can check out and now we're going to create a second tool that is going to take all of these URLs right here I'm actually going to quit running this so I stop making request to yahoo.com and now we're going to create a
new program That's going to take all of these URLs right here and it's going to go out and test to see if they're live like if we click this is it going to open up a new page this one does and so it's going to see if all of these pages are live or if it's possible that we click on one and it gives us a 500 well that one doesn't but it is going to be similar to http probe which is where I got the idea for this make so let's go ahead and create
this probing tool before we start Creating our new project what I want you to do is just grab some of these URLs from down here and we'll just highlight a few and copy them then come over to a terminal open a new tab I'm going to CD to my desktop and then I'm going to gedit a file and I will just call this url. txt and I'm going to paste those URLs in that we just grabbed for our new tool that we're going to create which is going to Pro prob all of the different URLs
that we grabbed to make sure that They're live and they're valid targets for us to go out and check so that will save us a ton of time instead of just opening these one at a time our new program will open all of them up and probe them to see if they are alive if it gets a response back then it will put those into an out file for us so we can create a new project so I'm going to go new project and we will call this one probe so we'll just call it probe.
py and we'll actually open it in a new Window just in case we need to come back over here and do something with those so we'll open up this new pie charm editor I'm going to adjust its size and we'll adjust this over shut that off and we'll delete all of this so we are going to see something new in this project but for the most part this is going to be a pretty simple project to do so we have seen in the past we're going to import the Cy because we're going to have to
run system commands and we're we're Going to import requests as we have previously so we'll import requests and maybe we need to reinstall it again so we now have requests and system so the first thing we're going to do as always is we're going to make a function and we'll just call it um URLs and then we are going to pass through a file that we're going to cat out so we're going to cat out this file so if we were over here we' type in cat url. txt list them but we're going to cut
them out and We're going to pipe them over to our probe. py like this so we're going to cut them out and it's going to go over to the probe. piy and then that will run our program for us so we're going to take this out file over here so we're going to pass that in as a parameter and we're going to call the out file just like this and close that off type in pass as we come down here and take in our output so we will say that we want to take our out
file just like this and It's going to equal the filtered out URL so basically what we're wanting to filter out so we'll just call this filtered url. txt which is the file we're going to cat into it and then we want to call our function then we'll want to call our function which is going to be URLs and we're going to pass in the out file so now we can come back up and start writing our code so the first thing we want to do is read the URLs so we're going to just take our
URLs that We are going to create so we'll call this URL 2 because this is going to be a new variable and it's going to take the system and we're going to STD in which means we're going to read the lines so we're going to say read and we want to also split the lines so each line is going to be split and we want to split lines like that not just split and we're going to use that here in just a second and we're going to need two lists we're going to need the URLs
that resolve and Those that don't so we'll type we'll type in res URLs and that's going to equal an empty list and then we're going to make another list and it's going to be bad URLs and it's going to be an empty list as well so now we can pass in the good URLs and the bad URLs from the file that we will be probing so now we're going to start our for Loop so we're going to say for URL in the URL we want to try and do something so we're going to say try
and we're going to send The response um which is going to be a new variable which is going to go out and try the to request out to the URL so we're going to type in a request so we want to make a request to the URL inside of our for Loop that is coming through in our URLs and we want to do something with this so if the response is a 200 then we want to say this is a valid URL or if it is a 301 or maybe there's something else you would like
to see maybe you want to see like a 500 Basically we're just going to be reading the response and if the response is something we want then we're going to put it into the URLs we need to look at so instead of calling this responsive URLs you could just put like um ones you want to look at you could name this something like good URLs or juicy URLs or something like that but for now we'll just leave this as we'll just leave it as good URLs so we have these good URLs and the bad URLs
and they're going to be Whatever we want them to be so we're going to just for the sake of this program we'll just leave it as a 200 so we'll say if response. status code equals equals 200 then we want to do something and we're going to add this to our good URLs we'll say good URLs do append and we're going to append the URL that is being passed through in our for Loop and if this doesn't work we're going to give an accept and then this is basically going to be everything else We'll say
requests. exceptions and missing schema so this will be all the rest of the requests and we're going to send that over to the bad URLs do append and we're going to append the URL so now we have two lists and even if this hits right here the accept we want to continue normally we would type in like a return and that will stop the code but right now we don't want to stop our code we want to continue on Reading our code because we want it to print into an outut an out file and the
easiest way to print to an out file is by opening a new file it's automatically going to create one I know we haven't covered this just yet because as penetration testers or ethical hackers or bug bounty hunters we're not going to be using data analysis tools such as pandas which is going to use with open a lot um but if we want to create a file or we're trying to read a file and we're Going to be reading in these lines instead of catting them out into the specific into the specific program we want to
run what you would do is you would type in with open and then we're going to type the file that we want to open and we can just call it our out file right here you see we have our out file and we're going to make it write because we want to write into the file and to write we use a w if we were to read like if this was a file we were Wanting to read we'd put an R but we want to write to the file and we're going to say as file
and then we want file. write and we want it to write each time onto a new line and then we want it to join these together so we're going to say join and we want it to join the good URLs and that looks right I hope it runs and we don't have any problems and then we want to just test our code and we'll say print and we'll make this an FST string and we'll print that the URLs are Being saved so we'll put saved URLs and we are going to make these in curly braces
and we will call this our out file so they're being saved to the out file and now we need to do an if statement and we'll say if invalid URLs actually we don't really need to do anything with the invalid URLs let's let's give this a try and we're going to to open up a terminal because we're going to need a terminal I'm actually going to just drag over that file that We saved and put it into this directory so I don't so I can just cat it out straight over here and we have our
url. text I'm going to drag this into the probe. py we'll refactor the code now if we LS it should be in here and there it is so now we can cat the url. txt and we're going to pipe it over to our main.py um we'll call Python 3 and then we want our main.py so let's see if this runs for us and what happens it created for us a filter. txt right here and here It is so these would be the valid URLs let's go ahead and like delete a few of these and make
sure that it is really working so we'll make we'll make sure we get some invalid URLs so on our valid URLs actually we're going to have to copy this CU I did that in the filtered one so we have 18 we so it did work we have 18 um URLs right here 17 URLs on our filtered text this time it should output less than 17 if the probing tool is working properly so we should be able To just C these URLs we'll let this run and it will rewrite this filtered URLs right here once it
has finished running and it should have less than 17 because we went ahead and messed up a few of these URLs and we'll check this file and see what it puts out so it tells us there was an error because those did not resolve and I actually already went ahead and ran this and got this connection error and the best thing you can do right here is go H we have this Connection error and you can copy paste and put this into Google which is exactly what I did and it brought me to the documentation
and we have this request exception and actually it's right here so we have the connection error and the connection error and what can we do with this rection ER correction error and after doing some reading I found that we need to run another accept so we can come back here and we can just type in an accept and This time we want to do the exact same thing we did up here and instead of missing schema we're going to run requests and we're going to run the exception Dot and let's see if we get it
in here we want connection error so I'm not seeing it so we'll just type in connection and it needs a Capital C connection error right there that top one and now we can just do the same thing we did before and we'll just say bad URLs do append and we'll append the URL and I'm not sure why I have so many curly braces in here and now we will just type in continue now if we run this hopefully it will work for us and we will no longer be getting this err so even if we
come over to our URLs and let's say there's something like typos and there's no way it's a real um page then it should just handle this error and just pass over it and we shouldn't get these errors anymore and since there's 21 of These and I know for sure like this one right here has a typo it should have aom it's going to run this anyway way and it's going to give us the valid ones that were responsive and we have 16 responsive URLs out of the 21 that we gave so if we were doing
like a a live penetration test or we were bug bounty hunting we would have wasted our time visiting four of these because they would not have resolved and this tool right here will make sure that all of The URLs resolve for us so here is the code for that and now we have this done this should work for us every single time and you can rerun it and you don't have to worry about filtering out this filtered url. text because it will just rewrite over this file right here every time we run it because it's
going to open this out file which is down here and then it's going to write and it's going to write to the file so that should overwrite it every single time For us okay so the setup for selenium is going to take a little while and I don't want you just to close out and think this is too hard I want to show you how cool this tool really is so if if you follow along with this video in the end you're going to have a program that and you're going to understand all of this
code and then you're going to have a program that goes out to GitHub for you and goes through the repost opens all the pages goes through all the links and Pulls out if there's any passwords or not stored in the code on the GitHub page and so it will look like this when you run it and it automatically went through all of those links on GitHub it pulled down this page right here it says a password was found at this link and so if we click on this link it'll take us to this page right
here and we can look at this and we can go to the raw and we can type in password and right here it tells us It has found password and the password is admin and it found this on this GitHub page so that is where we're going and if this tool looks like something you would like to add into your bug Bounty or penetration testing Arsenal then you can stick around and go through and make this tool with me we start with our program and using selenium there's a few things that you have to do
and I'm going to walk you through installing this both on Mac and windows you will Need your pie charm editor that we used in the first python for ethical hackers and now you are going to need Google Chrome installed and so I'll have this link down in the description if you don't have Google Chrome it is best if you use it you can also do it with Firefox but it's really easy if you just download Google Chrome and follow along with me and we're going to also need to install the Chrome web driver so what
you will need to do is download the Version of the Chrome driver that matches your Google Chrome installation in order to find out what version of Chrome you are running you will come up here click the three dots you will go down to help and you'll click about Google Chrome and then I am running this version right here in order for me to update my Google Chrome if it doesn't match any of these over here then I would just have to close out of chrome completely you just go and close the app And it will
automatically update and I am running this version right here 101.0 and I would come back over here and I would say 101.0 for me it would be this one I would click this and then it will bring you to this page looks exactly like this and it will tell you what version of software you're running and you will click that version so if you're running Windows as you're operating software you click windows Windows Mac Mac or Linux for Mac I use This one right here and when you install it remember where you put it because
we are going to need to know the complete file path in order to reach the Chrome driver I have mine stored right here in a folder on my desktop so if I if I open this up I have my Chrome driver right here and I will need to know where this is we will need to know the entire path and you can do this you can see the full path by clicking by right clicking and going to get info and then it will tell Us where the full path is at right here because it tells
us where and then we say Mac User Ryan desktop the folder is developer and then we hit the Chrome driver so you will need to go ahead and install Google Chrome and then install the Chrome driver and we will continue walking through how to finish setting up Selen when you have finished doing that after you have downloaded the zip go ahead and unzip it and it will automatically unzip Into your downloads and then you can drag it into a different folder like I have I've just made one called developer and you can go ahead and
drag yours out of your downloads or you can leave it in your downloads if you choose the only reason I move it out of my downloads is because sometimes I go and delete everything out of my downloads folder and I don't want to delete this if I am using it for the Mac users after you've downloaded this and you have moved it Into your location where you would like to keep it for me I'm going to just go like this I will open back up this folder I'm going to show you what we did earlier
just go to get info you can now copy this as your full path and then we can say our Chrome driver so we'll go CDP for our path and then you can paste it in here just like this and I believe we need our to go slash Chrome driver so we'll go slash Chrome driver and this entire thing will need to be inside quotations now I'm going to cover the installation of selenium for Windows users okay for our Windows users what we are going to do now is Click Chrome driver win32 and it will download
we will open up where this is it's going to say we want to how do you want to open this file we'll just say we'll just go ahead and open it it says we now have this chrome driver and it tells us that This is an application if you don't have any place in particular you want to store it go ahead and put it in your C drive but before we do that we'll just open this up we will make a new folder and do the same thing we did on the Mac and we will
say developer and we'll just leave this here here and we can go back to our downloads where we grabbed this folder the and we extracted our Chrome driver and we're going to put this into the Developer now the reason I had you do that is because when you look at the location of where this is stored it is really simple to get to it tells us that it is in c/d developer we can copy this we will put it inside of a string and then we will put slash and now we will do the same
thing we did on the Mac and we will say the Chrome driver path and now we have that stored as a variable sorry to my windows friends I forgot to mention that when you run this chrome Driver you will need the exe in order to get the executable to run and pretty much everything from this point on is going to be the same as I run it on my Mac if you have any problems please let me know in the comments and I will try to help you out okay we are ready to install selenium
so the way we're going to do this is we're going to import selenium just like this and because I have done it before and I have already installed it on my Mac this is Here and ready for me but what you may need to do is it will have a red squiggly line and it'll pop up a window like this and you're going to click install or import I can't remember which it is but I think it's install and you'll click install and it will take just a second to go ahead head and install that
and then what you are going to want to do is type in from selenium and then we're going to import the web driver now that you have installed Selenium and typed in from selenium import web driver we're going to initialize our web driver and we're going to type in driver equals web driver. Chrome because that's the browser we're using there are other browsers if you've chosen to go that path and now we're going to type in our execut able path and the reason this is yellow is because this has to be capitalized like This and
we're going to type in executable path which I believe is actually deprecated and I have not gone back and read the documentation for the new way to run this without the executable path but we're going to type in CDP it's just going to give us a error when we run this or it's just going to give us a warning saying that this say this version is deprecated for running the window the web driver but that's okay we will get our program to Run without it it just means that they are not updating the executable path
like this anymore and now what we're going to do is type in driver. getet and we're going to type in something like www.google.com and then once this is done we're going to want our driver to close the window so you can type and driver. close but I don't like to use driver. close personally because it just closes the window but we will be still running the Chrome down here in our Browser I want it to clo to quit I want it to close that window all the way out to save on my memory space on
my Mac so we're going to type driver. quit just like this and if you run this like I will and you were on a Windows it's automatically going to run for us it should open without any warnings and give us google.com and then it will close this page for us all right the reason this is giving this this air is because we need to type in HTTPS google.com now when we run this it should open up Google for us and close the file so that is how we run it but if you were on a
Mac if you're on Windows that worked for you and you didn't get any problems if you're on a Mac and this is the first time you've ever ran selenium you're going to get a little error that pops up with a window and it's going to say move to trash or cancel or close you're going to click cancel or close out of your two options You're going to come up here you're going to go system preferences you're going to go security and privacy and right here it will say that you tried to run a Chrome extension
and it was blocked you will click allow if you're not allowed to click allow you can unlock it by clicking this and typing in your password to unlock your Mac and then click allow and then you can relock it then when you close out of this and you rerun it it will give you the option To open anyway and you'll have a new popup and you will just click open and it will begin running and working for you just like this on your Mac now it is time to begin some of our web scraping okay
so we are at our screen and it looks like this I've decided to go ahead and show you how to get rid of this deprecating warning so when we run our program and it runs this right here telling us that the executable path has been deprecated just in case they stop Using this in the future I want to go ahead and show you the way to get rid of this I'm going to use running the executable path because I believe that it is faster and I might be wrong and that's okay and you can run
selenium however you choose you can run it the deprecated way or the current version I think they're at version 4 if you choose but but we'll have to import a few more services from selenium so we'll go from Selenium web driver. chrome. service import and then we're going to import service and then we're going to need to import the Chrome driver manager so we're going to go web driver manager. Chrome and we're going to import chrom Drive manager just like this now I'm going to comment this out because I'm going to use it as we
go through but you can delete this if you Want to use the non the non-deprecated version and I think you're still going to get these red inputs down here or these red warnings that's going to tell you like it's installing the newest version of the web driver every single time you run it but uh that's okay and we're going to type in s equals and then we're going to type in our service and then we're going to run our Chrome home driver manager and we're going to call this and Then we will call it the
install function and the reason we're going to do this is because every time you run this service it is going to check to see what version of Chrome you are running so we'll just comment this out so we're not getting this warning and this dot needs to go I did this wrong we'll go like this all right it is not wanting to work for me so we'll close it off manually and then we're going to hit dot install Right here we're going to call this method and then we have to close off this whole line
here and now we're going to turn this over to our driver and it's going to equal the web driver. Chrome and then we're going to use the service and it's going to equal s just like this now if we uncomment our driver down here we'll have no errors and when we run this it will now work For us and it's going to tell us we are using this is the version of Google Chrome that we're using if you remember we checked our version earlier and then we installed the Chrome driver and it tells us we
have the Chrome driver that matches our version and it is found in Cache so it now works this is the non-deprecated way to run this tool I decided to go ahead and show this to you like I said just in case the way right Here the deprecated version to get to the Chrome driver is no longer supported in the future all right I have gone ahead and commented out this code and I'm going to use the Chrome driver that is on my computer that we already installed there's one more thing we're going to need to
import in order to not get any deprecation errors and that is the buy we're going to import buy so we're going to type in from selenium do web Driver. Chrome or sorry not Chrome do common and then we're going to use buy and then we're going to import and then buy like this if I can get back there like this and this is another update with selenium the way I originally learned selenium we didn't have to use this but they have updated it again so we will need to use this bu module here so what
we're going to do is open up Amazon and I'm going to show you how this scrapes if you've ever wondered Why you have to answer questions to make sure you're not a robot you're going to find out in this course so if we come over to a web browser and we type in Amazon and we go to Amazon and let's say we want want to buy a new drill bit so we just say we want a drill set okay we're getting a drill set not a drill bit and we click on this drill and we
really want this drill but we don't want to pay $43 for it we want to pay $38 for it we can actually set up our web driver To go out and check this price for us so what we would do is we would inspect this and we can look for the class right here and it's going to tell us that it's 43 so you could set this up let's say instead of 43.9 we don't really care about the 99 Cents and we just want it to be less than 38 so 3799 would work we could
use this span but for the sake of getting the 99 involved we will use this one right here for our project so we'll go Ahead click on this and we're going to use this class right here and we're going to grabb a class out of these right here and we want to grab one that looks really unique that isn't going to be used anywhere else this class looks really unique to me so I'm going to go ahead and copy this and then we'll come back over to our Chrome driver and underneath of our google.com we're
going to type in price equals and then we want the driver to Scan through all of this Source right here the HTML and we are going to tell it we want to find an element and we want an element by a class name so we want to make sure we don't have Elements by class name we want a single element by the class name later we're going to use the one with the S and this is the deprecated ver version I forgot this is the version that I learned when I was Using this what we
do here now is we delete all of that and we delete that and we come in here and we say by. class name and in here we're going to put that class name that we just copied just like this the next thing we need to do is update this https right here and it needs to be this URL right here so that way our Chrome driver opens up the right URL scans through all the HTML it's going to look For the class name that possesses this and then we want it to print the price like
this so we'll say print and then we want to print the price so if we run this how it is right now I'll show you what our output is it gives us this as our output and this is not helpful so what we need to do in order to to grab the plain text is typee in text so now if we run it it's going to print out for us our 4399 and I'll show you what would be useful if we we're really going to turn this into a web scraper for us it really would
be useful to get rid of this 99 and just use this right here so you can see why it's printing the way it is this span 43.9 9 and it's given it to us on different lines so we should be able to copy let's try this class right here and this really is when you're making these going to be a lot of trial and error as You're going to see in a little bit when we make our new dumpster diving ethical hacking tool and we try to automate some of our Recon where're it's going to
be a lot of trial and error so we'll let this run and we get the dollar sign that is not what we want so we'll try this one and we will paste this in here and now we can run it and see what comes back and we grab just the 43 so now if We wanted this to run say every 20 minutes to see if Amazon has updated their price and brought it down below $38 we're going to put all of this inside of a function that is going to get called every 20 minutes and
we're going to have to import a new module for this and we're going to do that in the next section all right now that we have our web scraper working let's say we want it to go out and check the price every 5 minutes or 30 minutes or Whatever we want it to be and then let us print it into the console what we would do in this case is put this into a while loop and so what we can do is take this and we can say while on and then we want the on
to be true all the time so we'll say on equals true and this should be familiar to you if you have gone through the first part of our python for hackers and then we're going to need this inside of a function that gets Called every 4 seconds or 30 minutes and we'll need this inside of a function that gets called every so many minutes in our case I'm going to set it to only 5 seconds so that way we don't have to wait very long but in a real case scenario you would make this run
maybe once a day or every couple of hours to check the price but for now we're going to make a function and we're going to call it five we'll call it five Seconds we'll call our function and then we will need all of this to be inside of our function and now we need to call the function like this and we will say 5 seconds and then we are going to take this and we need this to sleep so we'll say time do sleep and you will need to import time up here if you have
not already and we're going to say sleep for 5 seconds now when we run this it's going to take 5 seconds it's going to Launch our driver go out check the price and print it down here in our console for us and then once it gets done doing that it's going to wait five more seconds and then it is going to launch the browser again and check the price for us and it will do this for all eternity because we are inside what's called an infinite Loop there's no way for this Loop to end and
so it's just going to keep on going and printing for us the price until we Stop the program so this isn't really helpful for us in the world of hacking so we're going to stop here I just want you to get this concept down of using selenium setting up functions using a while loop if we were to use this completely for our daily use we would have to make an if statement and say if the price is equal to or less than $38 then have it we would import another module and we would have it
send us an email or a text message saying the price Is ready for us to go and buy it but we're not going to finish this out because it's not really going to be helpful for us in the world of hacking so we'll move on to building our actual tool for hacking I have cleaned out my text editor here just to get it down to the Bare Bones of what we are going to need as we build this tool I have put this right here this is the GitHub repo that we're going to be going
through and dumpster diving for now this should work For any GitHub page if we program this right but I made this GitHub page just for us to test against to make sure our tool is running I didn't want to spam an actual GitHub account that is in use so this is just a GitHub account that I made for the purpose of showing you how to build this tool so what we're going to make in the end is a tool that when we run it it runs what Target would you like to run against and so
we're going to cop the URL of the GitHub page that we want to scan and when we run it it's going to go out to GitHub it's going to click on the repo it's going to click on the p on the code it's going to go to the raw and then it is going to tell us a password was found inside this page and so what you could do is just copy this or click on it and it will take you to this GitHub page and you can search for where this password was used so
we're going to make a very basic program just like this One and I hid a lot of the code it's down there I didn't want you to get a head start so as we make this tool when we're done it's going to be very basic but I would challenge you to make it your own and add to it different files that you wanted to search for different keywords make it print the entire line where the password's found so you don't actually have to go out to this page and check it these are things that I've
done I with my tool that I've made just like This and so I want to show you guys how to get started making this tool and then add on to it and make it your own okay as we go through building this tool there are a few things we're going to do at the beginning that I'm going to tell you to change at the end to make the tire the entire tool work well for you so what we're going to do at the beginning is we're just going to get rid of this right here because
we want to put in our repo that we're going to be Scanning against and I'll leave that GitHub repo up unless it ends up getting taken down by GitHub because it is getting scraped over and over and over by people from all over but until then I'm going to just leave this GitHub page up for you guys so we'll just put that inside of our GitHub page and now we can comment this out and it should open up that page for us and then quit and it did so there it ran and what we're going
to do in the end is we will change this And we will make this an input but we're going to cover that at the end when we get to that section now that we have it so it'll open up this page for us we want it to grab something for us by an element and because usually there's a bunch of repositories in here we're going to just use the repositories instead of getting the element by let's say the class name get the element we're going to make it get Elements by classmate by class name and
I'll show You what I mean in just a second so we'll go in here and we will say we need this class titled repo okay and this is what these will be titled as for us and we have this anchor tag right here so what we're going to do is we'll do the same thing we did in the last one we're going to say that the repository and we'll name this as we'll call this our res for resources and we're going to turn it into a variable and it's going to get for us all the
Repos by the class name so we'll say driver. find element and then we want this to be an S and the reason we want this to be an S is because we want to find all the elements and we're going to store them inside this variable now for this cause there is only one right here but this should work with many repos if you scan a GitHub page with many elements with the class name of repo so we'll go we'll Continue and type in buy. class name we don't want a class we want the class
like this class name and the class name is repo just like this now if we run this it will go and it will click this page and then it will close so what I want to do is I'm going to add in time. sleep and we'll make this 2 seconds so that we can see what happening and then we'll make another time dos sleep right here so that you can see that it clicks onto the Next page so we'll run this it's going to open wait 2 seconds and then it's going to open this repository
right here and close so now what we are so now what we need to do is make a for Loop so that way we can print the repos that are on this page and in this case there's only going to be one but we're going to go ahead and make this for Loop and we'll say 4 I in all these listed resources we want to print and we want to print I and what we Would do here is we'd say print i. text because we want to see it in the text format and then it
will quit for us I should have gotten rid of the sleep for us on n i i spell that wrong and uh that's okay I made that repository late at night and it's all right that it uh isn't quite right it's still a repository and we can still scan against it so it prints for us this repository right here so now that we know we can Loop through all of the resources that Have the element class name repo we need to figure out how can we click on those and there is a click function that
we're going to use later but right now I want us to go through and see how we can do this a different way it's going to be a little more complicated but it's always best to know there are multiple ways to do something especially in the world of coding and in the world of hacking all right because we're not going to use the click function we need to see what Happens when we click on this link right here now this is something in cyber security that you're going to need to always do when you're testing
a page not that we're testing GitHub but when you test a page it's always good practice to click and see what happens how to use the page to see what's going on and what we're going to do is check out this URL so this is the URL that we start out with and since since it just changes the repo name as into the new directory what We're going to need to do is take this directory and put it into a new link and get our web driver to open this up since we know we can
run this and I'll go ahead and comment out these times sleep because we don't need those no more since we know we can run this and we can get it to scrape all of the repositories and then print them down here now we can just save these into a list and then we can Loop through that list and get it to append that to our URL this is a little More complicated than the click function but it's helpful because we will need so that way we can get it to open every single repository that we
go through in the future when we go through a page that has a lot of repositories on it so what we will end up doing is making a list which you've seen in the past and if you want you can pause the video and see if you can figure out how to make a list on your own if you remember and so I'm just going to name our list as Links and we're going to make it empty and what we are going to do now is we're going to take this we're going to say links
do append which I don't think you've seen before and we want to append I so now if we take this and we move move it over and we print we need to append i. text so that way we get it right i. text and now we print the links right here we should get the repository to print from our list so we'll run this And give it a test and it says we have repository and we have the brackets and it is inside the list so what we will do now that we have this list
is we're going to make another for Loop and we can comment this out cuz we don't need that to print every time and in this for loop we're going to name it for L for the links inside the links list we're going to make a new we're going to make a new variable and we're going to call it Next page and this is when I tell you my variable naming becomes very poor because I'm not very creative and we're going to make this an F string and we're going to call the repo and if you
remember and we're going to call the repo but we need to first name it something so we need this URL to be assigned to a variable and so we'll just call this our repo and at the end we're going to change this because this is going to be an input and we're going to Make this a string just like this and now we have this repo right here and we'll add a slash so that way we don't have to later actually we'll delete the Slash and we'll add it down here in our string give us
some practice with that so we're going to take this repo and because it's a variable it needs to be in an FST string with these curly braces and we're going to add in our slash and then we will add in another variable which is going to be our l so what would Happen if we had a bunch of repos this is going to go through all of the links which we saved right here as our resources it's going to get all the links this for Loop is going to run through all these links and it's
going to put put them into our list that we have called links and if you remember this is where our repositories will be saved now we need to Loop through there and in this for loop it's going to Loop through our links and it's going to give Us a new URL so what this URL will look like after it runs through this this second for Loop is it will look like this and it will come out with our respository that I spelled wrong and it's going to open up this page and it will go and
click this link for us so this is the repo we want to attack it will click this and it will bring us to this page so let's try go ahead and try this we're going to run this with a sleep command when we are ready so what We need to do at this point is store our next page in a new link and we'll just call this our final link so we'll just call it f link and we will save this into a list and then we're going to append our new URL remembering what this
one right here is going to look like because it's going and looping through a second time of this links and it's making our new URL that we want to test which is going to be this one right here and we will tell this to append so We're going to do F link. append and we want to append the next page and we're going to want it to append to the next page right here so as we have this next page it if we print this it's going I'll show you what it looks like so if
we print this we can say print and then we're going to print the F link and we'll just go ahead and pull this back here and we will run this and it'll show us what our new URL looks like I accidentally left this Slash that's okay the browser would have just deleted the second slash so now if we run it again it's going to spit out for us this new link and if you copy this link or just click on it it will take you we'll just click on it it will take you to this
page and so that is how far we have gotten so now we have moved with selenium from this page to the next page and where we're headed is inside this main.py and then we're going to go into the raw and then we want to know if In any of this there is a password or some kind of keyword and so I'll just show you if we type in command find and we type in pass we'll see this password admin we're going to make our program go through all of these words and all these lines inside
this text and pull down the password for us so that's where we're headed but right now we got a few pages more we need to move we are right now on this landing page right here so we'll make we'll try and figure out how to Make it open this page and then go into the raw and then search for the password so we'll keep going in the next section okay it is time to call our first function so we can go ahead and comment out this print statement right here and we can call our first
function and we're going to call it above our for Loops because we need our function to be called above where the function needs to be located above where we call the function so we will call this Function we'll just call it a loop because we're going to Loop through all the links so we will call it like this we'll say Loop and then we're going to pass in the next page because that's what we want to go searching through in this function so this is red because we haven't declared our function and we'll declare it
up above and we will say Def and we'll call it our Loop and then we're going to pass in a function we'll actually just call it our next page so That way we understand what's happening next page and we have to add in our two dots there and now what do we want to do now that we can get to the next page now there's a couple of things we need to do the first thing is we need to open that new page so we're going to type in driver. get and then we want it
to open that next page so let's see what happens we can come right here we'll just not run the time function and have it sleep and See what happens so we'll run this and see if it opens the page and we can see it or it goes too quick it went too quick so we'll stop right here and we'll say time doleep and we'll sleep for 2 seconds that way we can see if it actually open the next page and it opens the next page and then it quits so now that we know we're able
to get to the next page we need to be able to open this file right here and get to this RAW button so in Order to do that what I think would be best is to inspect this link and see if we can find what these link links what specif we'll see what specific class these links all have in common so that way we can run selenium to pull all the links that would hold every single file within this repository so we can inspect this and it will tell us this is the line and so
we'll just go ahead and click this first class and see if it works so we'll just copy this and Now we'll need a new resource so we'll call this we'll just call it resource 2 because I'm terrible at naming variables and if I had more time to think about it I would probably come up with something better but you can name it whatever makes sense to you so if I made this tool and somebody else just saw it online they wouldn't be able to understand what's going on because I suck at naming variables but you
can name your variables better than me and So we're going to I'm going to let you name your own variables but I'm going to name mine resource to because I suck at naming variables so we're going to go driver Dot and we're going to do a f find elements just like this one and then we're going to say buy class name this should be getting familiar to you by now and then the class name is the one we just copied if this works it should be able to print for us that it should be able
to print for us this Class right here we'll see we can actually get it to print main.py so what we'll do is we'll print and then we'll print the resource 2. text okay apparently we don't need text we'll just print resource 2 and see what happens and that has run and it does need resource 2. text and the reason this is not working is because we needed to Loop through this links this resource that could be holding multiple this variable that could be holding multiple Links within it so like we did down here we will
need to go for and we we can call this I if we want but I'm going to change it so that way you don't get confused by all these different variables in our for Loops we'll call it 4 a in resource 2 and then we're going to print resource 2. text we're going to and we're going to print instead of resource 2. text we're going to print a. text so that way we can make sure it is printing for us The main.py so that way we can tell it to click on main.py so we can
and now what we're going to to do is we're going to do a comparison inside of an if statement we're going to comment this out and instead of getting this little error right here we're going to type in pass so that way it will ignore the air for us and we're going to say if the letters together is pi are in a. text then we want to do something we're Going to say print it worked Pi is in the text so now if we run this right here oh I see an error we're going to
get a problem it says it worked right here but the reason this right we get this right here is it says this is a local variable inside of this segment so this is really not good practice if you were working for a company as a programmer you wouldn't do this but we are not looking to work in a company as Programmers we're looking to use programming for hacking and so what we're going to do is we're make this a global variable we're going to say a is now a global variable and can be accessed anywhere
and it gets rid of this for us the reason you wouldn't want to make this Global let's say we made this this for loop with the I and we said it's Global now this I variable everywhere we used it is going to be everywhere in our code so we cannot use The variable a anywhere else outside of this because we have made it a global variable and that is really not good programming practice but for the sake of our tool it doesn't really matter so we're going to use it we'll run this and it should
work for us and it says it worked Pi is in the text what we'll do is we can do the same thing we did before and we can click on this main. pi and look at our URL so that the way we know how to structure it and then after This time I promise we'll use the click function or the click method actually and it'll make it much easier for us so the the way we would go about this we'll delete this is going to be similar if you want you can try and do something
like this and get the next page based off this URL that we see right here so if you want to take this challenge you can go ahead and do this now and for everyone else I'll walk you through it now we'll call this uh we'll just call It second page because I'm so good at naming variables and then we're going to make this an FST string just like we did down here and we're going to add all this together to get that new URL so we're going to go ahead and we're going to say repo
and let's see what did we name this one down here we named it we'll just call it repo because we have the repo up here we'll just copy this actually we'll just leave this so We'll just use the repo how it is and then we'll just add in this right here and we can copy that and paste it in and then we'll add our slash for the new page that we're going to want to go to and we'll add this variable in right here a. text so we'll say a. text and now if we print
second page we should get a URL printed that looks exactly like this and the reason we did it this way is because we're going to be looping through in this for Loop all of the links and we need these links right here so if there was let's say we had a main.py and then we had a CSS a main.css and then we had a index.js and then we had index.html or we had file.php and there's a whole bunch of files inside this program we would want to Loop through all of these files for us so
what we're going to do is set it up this way so you can add to it so an example would be like if Js Was in a.txt then it would do the JS instead of Pi for us so that's actually a challenge for you I'll show you how to add those on and then I'll let you complete the tool as you see fit so what we're going to do for now is we're just going to print this second page and it's going to open it and it's going to tell us right here and we can
even add in a time. sleep so that way you can see that it has worked so it did print for us right here okay okay so I Just noticed if you click this page it takes us to a page not found and when you compare the two URLs we're missing this repository right here so what we will need to do is add in an extra repository and let's actually see if we can just grab this next page right here so We're looping through what would be considered the next page where's our Links at okay so
we'll see if we can Loop through the next page right here so we'll add in instead of repo we need it To have that repository on it so we can say next page which is getting passed through our function and now let's print it and see if this works for us let's paused and we have the repository and if we click on it it brings us to the next page that we want and if we were going to add on to this program let's say like I was showing you if there's a JS inside the
file so like if this is a Javascript file F instead of python or maybe we want to check for JavaScript and Python and maybe later we want to add PHP we can do that and so we can say a. text and then we can say right here we need to close this off and then we could say this exact same thing and then we would print whatever it is that we want to test for so we would say we're going to go to a new page if a JavaScript is found then we're going to do
this and then we can add turn we would turn this into an LF and it would say okay there's no JavaScript File so because there's no Javascript file we're going to check for a python file and so we'll go ahead and run this make sure we have no errors and it's going to pass this Javascript file and it's going to go straight into the python file for us so we run this and it passes this right here and then it closes and it pulls down the main. pi so what you would do if you wanted
to make this a confir comprehensive tool you would say if there's PHP if there's JavaScript if there's a Json and any other kind of file that you might want to check for sensitive data but because the repo we're working with to build this tool doesn't have any of that I'm going to just leave it with python and I'm going to challenge you to make the if statements and the L if statements and the else statements all on your own and maybe you can go look at repos and see what you want the program to open
up to look for passwords now that we know That works we're going to comment out this sleep function because we don't need it we also don't need it to print the second page what we're going to do now is we're going to call a second function inside of this function so it's kind of getting like uh the movie Inception we have a function that we're calling inside of another function but we're going to do this one in a much easier method so we're going to go ahead and we're going to call this one Function is
going to be called going for raw and I'll show you why I'm naming it that going for raw this is going to be the best variable name I have ever come up with and then we're going to pass in the second page and then we'll make the function up here and we'll call it Def and we're going to call it going for raw we'll call the function we're going to pass in second page this is actually going to be the third page we might actually change This inside here this parameter in just a second so
what we are going to be doing is going for the raw so now that we are able to get to this page we want to click this button so that way we can get to this page so in order to click this button it is going to be so much easier than what we've been doing as we've been editing this right here the URL and adding to it what we're going to do is just click the button so we can inspect this right Here and see where is it we'll inspect see if it can pull
it up for me okay now now that we have inspected it and you can see when we hover over this right here we can see this RAW button so now what we need to do is the same thing we've been doing and we need to find a class and see if we can find a class that is used only with that button and get it to open up this raw so that way we land on this page right here we're just going to copy that class name that I just showed you right here and see
if that can open up this tab for us so now under this function what we're going to do is we're just going to say we're going to type in raw equals and then we're going to say driver. find elements actually this time instead of elements plural we're going to do just one element and we're going to say by do class name just like we have been and then we will type in we'll paste in our link right here and now what we're going To do is something really simple we're just going to say raw doclick
and it's going to click that button for us and then what we'll do is we'll come over here we'll click this okay now that we're able to get to this page we're going to tell it that we want the page source so we're going to want it to rightclick and say view page source and then we're going to grab all of this inside of an FST string and then see if we can find a password in it and what That's going to look like is something like this we want the HTML h HTML and we're
going to say driver. page source that way it grabs the page source for us like we I just showed you as the same as right clicking it and view page Source we want it to grab that and then we're going to put this into an FST string and we're just going to change the HTML we'll just use that same variable and we'll say HTML is going to be equal to this HTML inside of an fstring because we want it to be converted into a string so we'll say HTML so now we have this in a
string and just to check it we can say and just to check this we can say print and then we want to print HTML and now when we run this it's going to print all of that page source for us into our console and we want to make sure that it is in a string did I we have an Error let's see if we let's see if we can find the error here we need to use driver doget and then we need to get the second page right here so now if we run this it
should work and it clicked the button and it printed all of this for us and let's see if it printed here we have the tags for us and now that we have this printed and it's printed ins side of the HTML so we know we grabbed the entire page we can close out of this we Don't need this print statement what we're going to do now is really similar to what we did down here we're going to say if the password is in HTML we want it to print found password so we'll say print found
password and now we and run this and if it finds the word password inside of the HTML it's going to print found password and if we wanted to we can turn this into an FST string and it we can Get it to print for us the actual URL where the password was found and we can say something like this we'll make this an FST string and say we want to print second page so it'll say found the password and it'll print the page for us and we could click on this second page and go to
it we're getting this error here because we need to put this inside of our string so if we print this now it will tell us it found the password and it'll give us the page to go to right Here to check and see what is the context of this password now to finish off our tool so that way we can scrape any page on GitHub that we want remembering that we have to get to the page like this we can and go ahead and copy this and we're going to make an input and we're going
to name our input uh scrape scrape just like this and we will say equals and we're going to make this an input and we're going to say what Page would would you like to scrape just like this question mark space and now this scrape we're going to pass into our driver doget right here so we will pass in scrape we're going to have to make this an F string and we'll say scrape and then we'll highlight it and put it inside curly braces and now when we run this it should ask us for an input
what page would you like to scrape and then we put in our page making sure We remember the https and now when we run this it should run the page for us and now you can run it against other repos and it is a complete tool for you all right we are going to be creating a packet sniffer so you can go ahead and come up to file and new project right here and create a new project I have already done that so I'm going to go ahead and delete all of this start text and
I'm going to start out by importing socket and then we want to Come down here and say from scapy.all import and we want to import all and we may have to install this so you can just highlight you can just hover over it and then come down to in install package and then while that is running the code that I'm going to be using I came over to sockets and you have to understand a little bit of networking and then you can come over to the sockets documentation and read through here I'm going to try
and explain the different Types of socket functions that we're going to be using as we're writing the code but it may help you to come over here and just read through it so you have a better grasp and understanding of everything that is happening and you're going to need to make sure and watch that networking portion of the course because you are going to need to understand some networking in order to create this packet sniffer and we can start writing our code so the first Thing we want to do is create a packet sniffer so
we want to be able to capture all of the traffic on our device so we can just call this our sniffer do or sniffer uncore socket and it's going to equal the socket do socket and we need to call the socket function and that's spelled wrong so we need to call the socket class right here and we're going to put a bunch of information in here to actually grab the socket so we'll type This out and then I'll explain what's going on we'll say socket and then aore packet and right here is what we want
and then we're going to comma and we'll hit comma and then we'll type in socket and this time we want do sock like this with the raw data and then we want to convert the raw data so we're going to say socket N and we want s and we're going to change the type to three so let me explain what is happening right here so this part right here the a AF packet it specifies the address of the family within the socket and so it is being used to capture the packets at the link layer
so if you remember from the networking video we have the link layer and this is going to be capturing all the frames from the Ethernet from the link layer within the ethernet so this Is what the AF packet is doing the socket right here so this socket raw is going to be capturing all of the raw data on the lower L the lower layers of the protocol on the OSI model so such as the IP this is going to be grabbing that raw data and this needs a space right here so it will stop squiggling
at us and this right here is the protocol right here this is the protocol that is going to convert the numeric value from the network bite over into a host bite So that it will represent like the IP packets and then we're going to need to convert that so this is a probably the most complicated section of this entire tool that we're going to have to read and if you want to know more about what each one of these does you can just highlight this and come over to the documentation and you can hit command
find and type it in so right here it actually tells us what it's going to do it's going to convert the 16-bit Positive integers from the network to the host order on the machine where the host byte order is the same as the network by order so you can read through each one of these if you don't understand you can come back to our program and you can just call copy and then come back over here into the documentation and read what it is actually going to be doing so now what we need to do
is bind the interface so this is pretty simple if you're on a VPN You'll need to make sure to change this but for us we're going to type in we're going to make a variable and we're going to call it the interface just like this and we will pass through the Etho Z because that is the interface I want to be using and now we want to use use our variable up here that we created to capture all of this data and we're going to type in sniffer socket bind and we want to bind to
the interface that we just created and zero Just like this and now we need to try something so if there is some kind of information being passed through we want to try to capture it so we're going to say try and while for our while loop so this runs all the time so while true at least until we close the program we're going to say while the raw data we want to have the address and we want to sniff the socket and we want to receive from all ports this is going to Be really important
so we want to receive from right here we want to we want to receive from all 65,535 ports if if you are wanting to receive from just a specific Port you can put like Port 80 in here but we're going to put all ports right here so we're receiving from all ports and we want the packet to equal the raw data so we're going to say ether and we're going to grab the raw data and I got this little suggestion here I went ahead and Clicked it it said that I needed to import more from
Escape so I went ahead and did that I'm not sure if that was actually necessary but we'll leave it for now and then we'll come down and print the packet summary so we want to print the summary so we're still getting this little error here because it wants us to have an accept so we can come down here and say accept and now we want to do there's a keyboard Interruption such as like a control C and then we want to Close the sniffer so we'll say sniffer socket. close and that should close for us
let me run this real quick and see where our error is at okay so it turns out I had a typo in my keyboard interrupt so now if we run this we should be able to run it without an error but it says that we are going to have to run this as pseudo so what we can do is come over to our terminal and we can type in pseudo Python 3 and we want to run the sniffer program let's See what do we have we want to run main.py and this should run for us
now that we are running pseudo and if we type in our password this should start running for us here and what we can do is come out and refresh this page and see if we are capturing any packets and we are in fact capturing packets it's going to tell us the ethers the IP the UDP the DNS where we're sending this to and what is going on so you can read through this this is Like creating your own personal wire shark so this is pretty simple and you can save this and you'll be able to
see your own packet sniffers so you now have this and you can read through scapy and what all you can do with scapy and sockets and see if you can add on to this project but for now this is a pretty simple way to create your own wire shark and capture some data as well as learn in the process about networking because you're going to need to know This as you are pursuing your career in cyber security okay we are going to step up our programming here and we are now going to create a Port
scanner such as end map and we're going to make this run from our terminal down here so that is where we are headed so we can go ahead and click file new project we're going to create a new project I'm just going to call it Port scanner and we're going to go ahead and attach it to this window and replace that program and we can Delete this click on our Red Dot and we are ready to go so like last time we are going to be using using sockets so we can go ahead and import
socket and then we want to import subprocesses this time and we also want to import date and time so we'll type in date time and see if this will work for us so I think that's all we need to import this time so the first thing we want to do is we're going to take an input and we're going to take it as our Target IP so we can say Target equals and we're going to have our input and we're going to ask for a Target IP address so we can say enter the target IP
address just like this and we can take it like that we're actually going to create a function this time so we'll say Def and the port we want to scan so we'll call this port scan and we're going to take in our Target as our parameter here so we'll say Target and we can close this off type in pass for Just a second and we want to call the function so we're going to type in port scan and we're going to pass in our Target that we have right here so our Target variable and now
we can delete this pass here because we're ready to start putting in some information so just like we did with our packet sniffer we're going to start out with a try so if we are able to enter in a successful Target we want it to try and do something with This so the first thing we're going to do is we're just going to say our IP address is going to equal the target so we're going to set our IP address as our socket. getet host name like this and then we want to pass in our
Target just like that so now we have our IP address set with our Target so after we submit our Target name we want to actually print that our program is doing something so we'll just say that the target is printing something so we'll Actually just make this print and we'll make this an F string and we'll say scanning the Target and then we'll pass in the IP address so we can just put IP like that and so we have that Printing and we could add in here um the date and time which is why I
had this right here imported and to get our date and time to print we're actually not going to be able to run this as an FST string like I like to so we'll just say time Started and we have to come outside of our quotes put a comma and then type in date time and now with calling the function so the reason we are getting this little error right here is from our date time we're going to have to come to the front and say from date time we want to import date time now we
get that to go away for us and this needs to be indented so now we can can come down and we can start our actual Port scanner so now that it's Going to print everything for us and then give us an error it's going to tell us we need to indent um but it's actually already indented enough so we'll ignore that for now we need to create our for Loop so we can say for the port in range so whatever range of ports you want to scan I have a hack the Box running so I'm
actually going to just print I'm actually going to just scan like for 21 22 23 880 so you can see some are open some will be open and Some will not be open and then we can come down here create a variable socket and it's going to be just like we saw last time it's going to be socket dot socket and we're going to create a class here and we're going to tell it socket. AF init just like we saw previously and then we want to do socket do the socket only this time we're going
to use stream just like this and we are going to now say sock. setting and we're going to give it a Timeout this is similar to what you would see on inmap you're going to try and reach out to the IP address on that specific port and if it times out in a specific amount of time it's going to say that the connection is closed or or open so this is our attempt to connect to the actual Port so we're going to give it a timeout and then if there is a timeout then we're going
to put in an if statement but before then we need to put in our result so the result will be Sock. connect and we want this one right here and if it does connect we're going to tell it we want the IP and the port so let me close out of that and come down to the next line and down here we're going to put our if statement if the result is equal to false and then we're going to say that we want to print the port is open so we can put the zero here
if I can stop fat fingering and we can and we want to print down here we're going to say the Port like this and we're going to say that it's open and then we want to format it so do format the port like that and then we will want to close the socket so we'll say sock. close just like this and actually now that I'm looking at this we're not going to be able to pass in these ports right here in this way because we're doing a range I forgot that we're not taking an input
so up here it's actually going to Have to be like 20 through 90 so we can do this range of ports so it'll be 20 20 through 90 and I had a typo the reason this was red was because we needed a port up here to actually sa port instead of pot I'm sure that you guys caught that as you were following along and our little squiggly will go away as soon as we put in our exceptions so we'll come down here and we will say accept so if we have a problem we're going to
have socket and it's we're going to have it Give an error so we'll type in dot Gia erir just like this and then down here we wanted to do something so we can just say print host name could not be resolved and then we can come down and put another accept and we can say accept socket do error and then if we have an error we can do something pretty similar and we can just say print and we're going to print could not connect to the server so let's see if this will work for us
let's actually Give this a run so we'll go ahead and try it and we have an INT right here this should be an input so input now let's give this a run again and it says enter the IP address the hack the box that I have running is the same one I've been running and it is 11 183 it is the Box Ambassador and we get our first error that we get to try and debug so let's see what we have going on okay actually I believe this little port scan is going to be our
problem right here You can see that it tells us in um line 17 we have an issue so in line 17 I believe that Port should be Port not port scan so let's try this again 183 and it tells us Port 22 is open which it is open and then 80 is open so it actually skipped over the ports 20 21 uh 24 25 and all the rest but it did successfully do a port scan from ports 20 to 90 and these are ports that are indeed open I Believe on on this box for 3306
is open as well so if you wanted to You could run this and go 3306 it's going to take a lot longer to run the port scan but it should identify that Port as open as well so it's going to go ahead and run this port scan for us I'll bring you back once it has hit Port 3306 so you can see that it's actually Port scanning all the way through and I and in the future we will turn this program into a graphical user interface interface similar to like burp right here where we have
buttons and we Can put in some input um only it's going to be not near as complex as burp but we are going to make a graphical user interface so that way you guys can see how to use those and then also how to create classes out of objects which we are going to be doing in the very near future and it looks like it turns out we did not need to import the subprocesses so we could actually delete that and it looks like all we needed was the socket and the date time This is
still running for this port down here and we are going to be moving on and looking at some objectoriented programming and how we can create our own objects and classes this is going to be something that is really hard to grasp at the beginning but once you have a handle on it it's not that big of a deal and you will be able to create your own classes and objects okay so it tells us that Port 3000 was open not Port 3306 so with that let's go ahead and start Checking out some objectoriented programming and
and we will create some more projects after we get a good handle on how to use classes and objects and how we can create our own and let's go ahead and check this out now in this video we're going to be covering the basics of HTML and CSS and then how to continue practicing and hone your skills within HTML and CSS HTML and CSS is something that you really kind of need to practice on your own and get the feel For looking at websites that you think are really cool and then try to design them
yourselves so I'm going to walk you through how to practice with HTML and CSS and the most common parts of HTML and CSS and in this video I Do cover some of the basics of security in HTML and CSS and so one of the things we are going to be building is actually this website right here this is going to be kind of like our Capstone final project uh if that's what you'd like to call it And this is pretty simple but this is going to cover the basics of what we need in HTML and
CSS to get you started and it's pretty simp simple looking you're going to get to see a bunch of different areas of CSS just so you can see just how vast it can actually be and what you can do as a web designer so let's go ahead and jump into this the first thing we're going to do is download visual studio code that's what I'm going to be using in this video so You can go ahead and go to code. visual studio.com download I will have this link in the description and you're obviously going to
download and install this for whatever you're running on if it's Windows Linux or Mac and once that is finish downloading what you'll want to do is open it up and we'll click on these little boxes down here now I have quite a few extensions already installed but what I want you to install is actually called prettier so you can just Type that in right here click on it and then you will install it so before we actually start writing any code I want to talk a little bit about what HTML is HTML CSS and JavaScript
make up the front end of web development so let's go ahead and look at what this is okay so here we are we have some just using their home computer we have videos and emails and documents and stuff like that this is all going to be on the client side or the user side so this is Something that we're all familiar with and making this look pretty like we see right here in this picture is going to be done with HTML CSS and JavaScript now the way this actually works is we're not going to be
dealing a lot with the server but what happens is the side that we use as the client that we see in our web browser we're able to send a request to the server saying saying I want to get your website.com and then the server will send that back to us with the Response and then we're able to see it and when the server sends this what it will send back to us is the HTML the CSS and the JavaScript and so what are these well the HTML is the hypertext markup language which is going to
give us the basic building blocks of the website the CSS cascading stylesheets this is going to give us the style which is going to make it look pretty and the JavaScript gives it the functionality so what this looks like as an example is going to be The HTML would be the frame of a car it gives you the basic building blocks or the structure of what we are going to be building and then the CSS is what's going to make it look really cool it is going to give it that style or the flare as
you might like to think of it and then the JavaScript is going to be the motor or what's going to give it the functionality so if you have have a gas pedal and you want it to work you're going to need a motor so if you push in The gas pedal then you want it to do something you can think of it if I click on the button then I want it to do something if I push in the gas pedal then I want it to do something that is going to be your JavaScript so
let's go ahead and come back over here to our VSS code editor and we're going to click on these little pages right here but we would like to open up a new page so as we're going to open up a new page what I want want to do is come over here and Create a new folder and we will rename this and we'll just call it YouTube and we can just open up this folder by going file so we'll want to open up this folder by clicking on our VSS code editor we're going to click
on file and then we're going to want to open the folder and once you have opened your folder it should look like this you'll see the folder name right here and this welcome page but what we want to do is actually create a new file and we're Just going to call this index.html and this is where we're going to start our basic program so if we open up our folder now you're going to see we have this index.html you can actually doubleclick that and it's going to open for you a page here and put that
in the browser and so what we can do just to start out to make sure that this is actually working is we can start out with a basic header tag by just typing in H1 and closing soft and then we're going to just type in hello and we can hit save so that way that little ball right here goes away so we'll go ahead and save that and if we come back over to this page and we refresh it we see we have hello right here so now we know this is working here for us
and we're going to want to delete this and there is something called boiler plate in the world of HTML where you're going to have certain things like a dock type a header A body and maybe a flitter a nap bar things like that if you want to have the boiler plate which I usually like to have you can just put in an exclamation point and you're going to have this first one pop up right here and it's going to show you the boiler plate right here I'm going to go ahead and hit enter Because I
want to be using this because I want you to get used to seeing boiler plate and being familiar with where the head is and where your links go and Maybe the title of your page so if we save this right here and we refresh this you're going to see our title up here has now changed to a document and you can actually change this to my site and save it and we can come back over here and refresh and you can see that has changed so this is going to be the boiler plate and right
here inside of the body is where we're going to be building out our HTML website so a few things I also want to let you know is The HTML tags are not case sensitive so if we come in here and we type something in and we save this and we come over here and refresh it it's still going to work for us so this is not case sensitive though you're always pretty much I don't think I've ever seen this in cap with caps so you're going to see it in a lowercase but just know that
it's not case sensitive and you're also going to notice that we have these backs slashes right here these are the closing Tags and these are the opening tags so if we create a heading one so we type in this H1 right here we are going to see that we have this automatically closed because I think I have a another uh install right here you can install this if it's not automatically closing autoc close tag uh it's got almost 11 million installs so back here we have the closing tag and the opening tag so what we'll
do in this case is is our actual text goes right here it goes in between The opening tag and the closing tag this becomes important whenever we start dealing with divs so we have these divs right here because these are going to be kind of like little tiny boxes that will go around different sections of our code so you'll need to be familiar with the closing tags and the opening tags so the opening does not have the Slash the closing does in fact have the Slash if we come over here and we refresh we have
the text is really big because we are Using the H1 so what we could do with the H1 is you're going to notice instead of having like a font size in the world of HTML you have the heading sizes so you have a two you have the three you have the four the five and the six right here and if we save this and we come back over to our page and we refresh it you're going to see the text size actually changes here for us so this is 1 2 3 4 five and six
so this is kind of your text size These are all headings but usually when you do any kind of typing you're going to use what is the paragraph tag and you will put your text in here so this is a paragraph tag and we can save this and come back over to our page if we refresh it you'll see this is the size of the paragraph tag and these are going to be the most common tags that you see that include text and you will need to be aware of them okay we're going to go
ahead and delete this H6 through this H2 And we'll just kind of pretend like we are building out a portfolio at this point so we can just type in our name right here so we'll just type in Ryan John instead of having this say this is a paragraph We will put in here something like I am learning to code exclamation point and we'll go ahead and just make all of this in caps so we'll just do something like I'm learning to code so if we save this and we come back over here and we refresh
it says our Name and I am learning to code but let's say we actually want this in italicize and we want this on a new line there is a couple of HTML tags or elements that we can use for this so we can come in here and we can just say we want to emphasize this right here so we can copy or actually we'll just cut this and we'll paste it right here so if we save that and we come back over and refresh it you can see that this is now italicized and we want
our code on a new Line so we can just type in this BR right here and this will put that on a new line so if we save this and hit return it says our name and I am learning to code now let's say we like the way this looks but we want to have a page break right here underneath our name you can actually come to this element right here right in between and we want to put an HR and this is going to put that line so if we save this and we put
and we refresh you're going to See that we now have this line and it's hard to see but I think this line has a one pixel height and we can actually change that by coming over here to our HR and inside of our closing carrot we can just type in size equals and let's say we want to make it 10 and we come back over and we refresh this you can see now that it has become thicker and let's say we decide we don't like this we can comment this out by hitting command question mark
on a Mac or Control question mark on a Windows on Windows and now if we save this and we come back over here and refresh it it's going to be gone but it's still here in the code one thing I really like to do is comment stuff out because sometimes I might want to come back later and see maybe I really did like this and I can put it back in by just hitting control question mark and it is automatically back in or sometimes maybe I'm working on a project with somebody else I can Make
notes over here and say I am not sure I like how this looks and then I can highlight this and I can comment it out and it accidentally commented the entire thing but that's okay we can just move this over here and comment out the section that we want commented out so we can think maybe later I'm going to come back and change this and now we can save this if we come back over here and refresh we have our line I do not like that as a 10 so we'll just make that one Come
back over here and now we have our real thin line and we have our comment so we know maybe later we might want to come back and change this so this is the very basics of Designing with text on and now we're going to start looking at some more tags and maybe even look at our first tags that we can start to use for exploits if we want to move into the world of penetration testing or ethical hacking or if maybe you want to be a software developer you're going to need To know how to
make secure code so let's come back over to our text editor and check these out okay so we're going to be looking at some image tags and some iframes so the first thing we're going to want to do is find an image that we would like to use in our video right here I'm just going to use my little logo of my hacker guy so we have this logo.png right here here and an image if we want to embed an image it's pretty simple we can just put in the image tag And then the source
of the image so I'll just show you what this looks like we just type in image and the source is going to be the name of the image so we'll just type in logo.png and this all right here is if our image is broken what do we want this to show and we would just put in here something like we'll just put an image like this so now if we come over to our page and refresh it you're going to see we have our image so what we can do with our image is Change the
size but before we do I want to show you this little alt right here and show you why I typed an image right here so if we refresh this it's just going to say that this is a broken image so this is the text image and it's supposed to be an image right here and I'll show you real quick how to change the size it's pretty simple you just type in the height and let's say we wanted to do 300 and the width and we'll do 100 and we can save this and come Over here
and refresh and and our guy is really skinny I don't think I like the way that looks let's do a 300x300 and come back over here and refresh it he's still pretty skinny so maybe we'll change our height a little bit and this will probably make him too squatty oh that's all right so that is how we would add in an image so let's say we want that up by our name so I can go ahead and cut that and put it up here save and put it up here by our name it's Above our
little HR tag right there because we don't want to add any CSS I think I'm going to just leave the guy right here and I'll show you how to add in an iframe so this is how to add in an image and we're going to be doing more with images here in just a minute this is the basics of adding in an image right here so let's go ahead and add in an if frame now so an if frame is going to be putting in a specific website that you want displayed in your own website
The iframe and the image are often going to be used in some kind of cyber attacks or some kind of injection so you're going to see them a lot and you're going to get familiar with them in creating payloads if you want to go down the penetration tester route but I'll show you why the iframe can kind of be dangerous is you can add in an iframe and we could just say https slash and let's say www.bing.com And we want to change the height a little bit so I'm actually just going to delete this we
don't need the Border um and so we'll change the width to 800 pixels and we can make a height of 800 pixels as well so if we save this and we come over to our page and refresh you're going to see that we actually have like bing.com right here and you can search for stuff and it's actually going to work so you can kind of see how this can be dangerous if you're able to Embed bing.com and somebody thinks on Bing but you have a nav bar up here and you say log into to whatever
you make a fake login for bing.com and they clicked on this and actually use their login information you would be able to steal that from them so iframes can be dangerous but you can see how they work right here but they can also be useful if you are adding in some kind of advertisement on your website and you're trying to monetize it the Last thing I want to show you is the anchor tag so if we just go ahead and delete this we can add in an anchor tag just like this and so let's say
we have a page two and we want to go to this specific page two um what we can do is create a new file and we can just say page 2html and we can say this is our login page and we can save this and save this if we come back over here we're going to need to say uh go to page two save that If we come back over to our page and refresh it we're going to have this little button right here and if you click it it's going to tell us that it
is broken because we need to add in HTML right here now if we refresh this page and we click on this it's going to take us to what it says is our login page so an anchor tag is going to take you to a new page and what you can actually do with an anchor tag is it doesn't have to be within your website we could just say Https www.ol notes.com and we can save this and we can say create notes with AI save and we can refresh our page over here if we click this
we're going to actually be taken to a completely different website so you can see how anchor tags are useful you can create an anchor tag with a separate page in your own document or you can create an anchor tag and send you somewhere else you can create an iframe And embed something like aiol notes.com on your own website and then you can use this website within your own and then you can also create an image source like this but there is one last thing I want to show you we can actually delete this actually what
we'll do is we'll just comment this out because we're going to use some of this information and we can create an anchor tag and we can move our closing tag below our image and we can actually make this image an anchor tag Itself so if you click on the image it's going to take you to this website right here so we can copy this and put it in as our HRA and now if we save this we should be able to come over here refresh and you can see our image is now clickable you can
see it goes from a mouse to the little pointer clicker and if we click on it it's going to take us to AIC codes.com so that is the basics of the image and the anchor tags I would go ahead and encourage you To upload an image or to and try and get them to become clickable and and create an extra page like this page two or a login maybe build a little bit of it with your HTML so just create this page two over here and maybe just make this an H1 and say this is
our login page and then you can create a paragraph and you can say what what this is going to have you log into like just play around a little bit and make sure you have a grasp on what we have covered so far Because we're getting ready to make inputs and create a button so with that we'll just continue going I think where we'll make our buttons and our input is going to be over here on this page two so that way we just have it somewhere new so if you remember how to do this
shift exclamation point and enter gets us our boiler plate just like this and we'll just make an H1 and we'll call this our input right here and so the way we are Going to go about this is pretty simple we're just going to type in input right here and it's going to ask us what type type we want this to be I'll show you what the type text is in just a minute we're just going to leave it as text for now and we can come over here and just say we want to make a
placeholder and we'll call it a username and I'll just go ahead and actually copy this and I'll show you what this type text is because we can Change this to password and we would change this to password and now if we save this and we refresh our page come over to our other page which actually I did not make a way for us to get there so we'll just type it in the URL page tohtml so here it is so we have our username which we can type in username and our password is password so
the type password that I showed you right here is going to make these little Bubbles and if you actually right click On this and go to inspect you can come down here to where you see our HTML and we have this type password you can just change this to text right here and you can see now that it's going to be rendered as text but if we refresh it it's going to go back to a password so we can come over here and you can type this as text and if we refresh this you're going
to see it now as text and it's going to show up as text instead of those little bubbles so that is just What those do we're not actually going to do anything with that so then the next thing we want to do is create a button so you can have a button and you can just say click me and we can refresh this page and now we have this button but it actually does nothing so this is how You' create an input field and a button but I kind of want to show you how these
can be used uh negatively or dangerously by malicious actors so before I do that we're going to actually Have to add a little bit in here and I know this is outside the scope of HTML but we need a little bit of JavaScript added in here so with our button you really need it to do something so we can just say on click we want it to to do something so we're going to say we want it to reflect text and we'll call it as HTML and this is going to be a function so this
is right here so when we click our button it's going to call a function which we are going to write down here so We can just say script and we can create our function right here by just saying function reflect as HTML caller function open up our curly braces and this is not going to look familiar to you but I really do want you to see this so you can type this out if you want to follow along VAR is just our variable and we're going to be using the input text which we need to
name so we'll name this input text and we need to give this an ID and we're going to call it text input right Here input text so that way we can identify it down here as our variable and we're going to say equals document do get element by ID which is going to grab our element from up above and we're going to to grab the text input value and we want to do um document do get element by ID again and we want to have an output inside of our inner HTML sub way it'll reflect
on the screen so we're going to say inner HTML equals input text so all this is going to do is grab The text that we put inside of our little button right here and it's going to reflect it down below as long as we typed everything properly which I think we did so we can go ahead and refresh this and try it and we click our button and nothing happens and the reason that nothing is happening is because we need to actually render our output so we can just type in div right here and we
can give it an ID of our output so we can say output and the Reason this isn't working is because I named these different so this this needs to be the text input right here so we can type in text input and this should work for us and there it is so now we have it reflecting on our screen so I want to show you how you can use an image tag as well as the iframe or other tags in order to cause something malicious to happen on a web page now this isn't being stored
on a server because we don't have a server but it Should reflect here in our basic web page that we have just created so with our little button if we just type in like a basic cross- site scripting payload and we just type in alert one and we close off our script tag nothing is happening when we hit this little button so we can actually use an image tag as we saw earlier so if we type in image actually we'll type this over here so that way you can see it a little better so over
here if we Just type in our image tag and we give it a source of this will not work and if if it has an error in loading this then we want it to do something and we can just say on error equals alert and we can put in the one so the reason this is going to work as cross-site scripting is because it's going to try to load this but there's nothing here for it to load and then on the error it's going to alert one so if we copy this and we paste it
into our Little input and we hit click me we're going to have this cross- site scripting up which can be used for malicious purposes which we're going to cover in the near future as we cover JavaScript but for now we're just covering HTML and a little bit of CSS but this could be used for malicious purposes so that is how you can use an image tag for something bad but you can also use an iframe as well but the if frame is usually used more in a fishing technique Rather than just pulling off a a
cross- site scripting or something along that nature but you can do something something similar with an iframe so if we come back over here we can type out an if frame and if we have this Source right here we can just say that we actually don't need a source at all we don't need any of this we can just delete all of that and we can just say onload so once it loads we want it to do something and we can say equals and we Can type in JavaScript and we want it to alert one
just like we had it do before and I believe this looks right so we could copy this and come over here and paste it in and hit click me and our iframe tries to load but it doesn't load and it loads instead for us the JavaScript with the alert and I believe and there is our little if frame I believe we actually need the JavaScript to be in there I don't think it works with just the alert um maybe it does Some older versions of HTML will work without the JavaScript and it does work without
the JavaScript and I misspoke I think the older versions of HTML actually require the JavaScript to be in here to tell it to run the alert but I could be mistaken but I think that's why you sometimes see this payload with this JavaScript right here but you don't actually need it and here it creates our little um iframe for us so we click it and we get our crosslite scripting back Here so since we just covered iframes and image tags I wanted to show you that they can be used for malicious purposes as well and
you're going to see that if if you continue on this journey to be a developer or a cyber security professional so with that let's continue on okay so I think now what we will do is cover the unordered list the ordered list and the description tags so we'll just come down underneath of our script tag on our page two over here and I Think what we'll just start out with is like an H4 or an H3 doesn't really matter and we'll just say our list and what we can do is we'll just start with an
unored list so we'll just say ul and inside of here we're going to make our list and so we're going to say I like computers and we'll say I like code and I did not realize that we need this inside of our list I like coding and we'll make one more and we'll just say I like HTML just like this so If we save this what this will look like is is a little list over here so we have our list and this is going to be in bullets but we can actually change this to
something else by putting it inside of an o tag so if we actually just come right here and we say o we grab this closing tag and this is going to be an ordered list so we can save that and come over here and now we have 1 2 3 so this is our ordered list is going to give us our 1 two and three and the Unordered list is going to give us the bullet point so if we come over here and we can see that it is now in bullet points so an example
of using an ordered list is going to be inside of something like um items I need before I leave I would need socks I would need some shoes and maybe I need a hat and if we save this and we refresh you can see we have the unordered list and the order list and maybe we want these to be separated by a bar so we have our line separator Right here and we want a separator from up here and I actually just realized that I have this outside of the body tag which is not where
you would typically want this you'd want this inside the body tag save and we can put in another line and we can come over and refresh and we now have things separated right here like this and so I actually want to look at the div now because we have these little lines separating things but really inside of HTML you're going to See the div tag really quite often and I'll show you why I call I think of the Dig div tags as blocks and I will show you why I typically think of them that way
because Let's see we have this di tag we have a closing tag here we need an opening tag here so we should should now have div tag so I'll show you real quick um how this works so if we just come in here and we type in style and I know we're not covering CSS but we'll just make this Aqua this div right here From this opener to this close I see now we have a closing right here so what we'll do is we'll just delete this because we don't need that to reflect anything so
now this closing tag will close to this and this opening tag will close with this one right here so if we we make this div we'll give it a color as well and let's say we want to make the color blue we can save this now and if we come over here and refresh you're going to see that the style now has Changed our colors so another way to do this is let's actually grab this div tag right here and move it um because we have those lines and it'll make it a little more easy
to understand so if we come back over here now you have everything in this div is going to be aqua and everything in this one's blue and this one's black because they're inside of different dividers another way to see this to make this a little more clear is actually just go and change the Background color and we'll change the background color right here and we'll highlight this and say we want the background color to be blue so now if we refresh this you can see that it makes this whole div a different color so the
divs come in handy whenever we're designing complete landing page PES and we are trying to divide up the content and I'll actually just open up a simple page that we're going to make in the coming future in the next course on CSS and show you what I mean by dividing up the page all right so here it is so we have this we're going to make this in the future but this image right here would be in one div this right here would be in a second div and this would be inside of a third
div so that is how divs are used in separating content typically something like this so that you can actually break up the content sometimes you'll see divs with inside of divs and that would be this right here So this right here my goals is inside of a div inside of a bigger div and it's separate than these two divs um but we'll get there in the future I just want you to understand that they block off chunks of code so that is kind of what a div does and how they work now divs are different
than what we would think of as like a span so let's say down here we want to separate this again we want to add a paragraph tag and we want to type something in here we can Actually make a span and inside of the span you can type some text so I'm going to grab some dummy text and paste it in over here and if we save this and we come over to our page we refresh we see we have our dummy text inside of our paragraph inside of our span and I'm actually just going
to make this bigger so that way we can see it a little better move just close this off there we go and what we can do with a span is we can Actually just like color part of the text so we could just say that we want to style again and we can just say color and we'll just make it red and if we save that and come back over to our page and refresh you can see our text is a different color I don't use spans really ever um but it is something that you
might see in the future so it is something that you should be aware of all right for our Capstone project I think what we will do is make a little Wikipedia page like this we'll put our little logo up here with a clicker um with an hre so that way you can click on it and it will take you to like a different page or something and we'll make a programmer page and then we're going to organize it like this we're probably going to ignore putting some of these images on the side because we're going
to need to do some styling and we haven't covered that just yet so we're going to make a page Sim ilar to this With these bold words right here we'll have some links that we can click in here and we're going to try to do this so yeah let's go ahead and open up a new page and actually what I think I'll do is just make a wiki. HTML and we will start over right here so if you want you can go ahead and try to do this yourself or you can follow along so we'll
just start out by typing in programmer at the top as our title and we're going to be at wikii HTML so we can change this to Wiki. HTML and we are brought to this page and we can see our title is changed up here so we now have that title set up so the first thing I think we will do is we'll just put our little image inside of the head tag and we'll put it all the way up at the top left so we can create our little tag so we'll make our image tag
and we're going to make it our logo.png and we're going to save this and make sure that it shows up we can refresh and there it is we want to move It to the left a little bit and make it a lot smaller so we can delete our alt because I'm not worried about it and we can say width 250 actually we'll make it 150 and we'll do the height and what you're going to notice when we do things like this and we're actually setting up our images and our text is you're going to see
a lot of save come over to the page and refresh and we just want to look at it to make sure that it looks Nice like that right there didn't look nice and I totally just went the wrong direction with that so let's go 200 and 200 save and our little guy looks a little better um we'll make him a little bit shorter let's go 100 refresh that is good enough for me so we have our little guy right here we want to make him an anchor tag so we can copy this because inside of
our Wikipedia page this is an anchor tag and We'll make it take us to um our original page so we can just say our index.html and if we come over here now and we refresh this we and I see that this isn't working because we have a closing tag there so if we come back over here now and we refresh it we have our little button and you can click on it and it takes us to our Indo index.html so we have our little logo now what we want to do is get our text to
be over here towards the center and The dimensions that I'm going to use you might have to change because I'm on a widescreen computer and yours might be a little skinnier so we're going to do is start out with an H1 and we can open those up or we can leave them closed we'll leave them closed for now and we're just going to say programmer because that is what we have right here so we have this programmer and if we refresh we have it over here and let's grab some dummy text From this I guess
it won't actually be dummy text so we'll just grab this I don't actually want to copy any of the links and we have an HR for our line break right here so if we refresh this we'll see our line break and now we have what looks like some paragraph text text and I think I might actually just paste that in there twice so that way I have a little bit more in here and so what we want to do is bring all of this over so that it's kind of like centered and this Is actually
pretty simple to do um without knowing a whole lot of CSS so what we're going to do is we're going to create a really large div and we'll bring it down here and everything we're going to create is going to be inside this div so that way it's all centered and we're going to give it a style and we're just going to say we want the width to be 800 pixels and you might have to play around with that a little bit in order to get that to fit your Screen perfectly now what we want
to do is scoot this over so we can scroll back over here and we want this to be centered and we want no margin so we're going to say margin Auto for the left and the right and then lastly we are going to want to now we leave it like that I was going to say align the text but we don't actually want our text centered so if we refresh this it is now over here in the center so that looks pretty good um we can actually put an Input up here this is actually a
nav bar and we haven't covered that yet but we could actually put an input up here with a search button if we wanted to we could put it inside this head tag which is where your nav bar would go so we could actually say we want an input and it can be text and we want a button and it's going to be search and if we refresh that we have just that actually looks kind of ugly so I'm going to go ahead and delete that Because we're not going to spend time styling this so if
we refresh it we'll just go ahead and get rid of this little search bar itself and so the next thing we need to do is we need to make some of this Bold And we haven't covered this but if you wanted to tackle this on your own you could just Google how to make something bold with HT ML and it's going to tell you that you use what is called the emphasis so we would just type in em and we can move this closing tag to After the word programmer and if we come over here
now and we refresh this um I actually made it italicize because that is the wrong one I think it's actually called bold no it's called strong um so we can add in strong this is how you'd make it bold so we'll copy that paste over save it refresh it and now a programmer is bold right here so you can now see that this has been made bold I think we could actually add in emphasis this might Actually not work but we can try with trial and error see if we can get this to work just
with HTML tags so if we refresh this it does make it ital size so we have the ital size and the Bold right here on our word programmer so we have a little bit of bold um we have the article and the talk we I think we we I think we'll leave these how they are because what we're going to do is we're going to actually add in an Anor tag on computer program so let's see um let's Add one in on programming language we're going to add in an anchor tag and have this take
us to a different page so what we can do is just hit a hit enter it's going to create for us our anchor tag we'll move the closing to right here and where do we want the programming language to take us um let's say we want it to take us to this specific Wikipedia page we can just put that Wikipedia page in here and now if we save this and you see we have the anchor tag with the href The location we want it to take us so this should now be a clickable link for
us so if we come back over to our page and we refresh it we now have this right here as a clickable link and if we click on it it takes us to this link so there's a link inside of our programming little blip that we have right here so let's see what we could do now is actually add a new section so we'll just add the terminology so we can add that again as an H1 and now here might be When we might want to start adding divs because if we just go H1 paste
in terminology come over to our page refresh it maybe we want to do some kind of styling in the future you might want to create this in a second div so that you can change stuff within this specific section instead of having them come together so we'll leave it for now but that's just something to be aware of in the future That was supposed to be our line break so our horizontal line Refresh and there is our new line let's grab some of this terminology page I think this might actually copy that link for us
I hope not and it did not so we are able to actually just grab it looks like all of this and paste it in right here we can save it come back and what's funny about this is I actually forgot to add this paragraph tag so instead of scrolling all the way to the End here I'm just going to put it right there hit the delete button now it's on the bottom should be able to save this come back to our page refresh it and we have our little I think these are subscripts um we're
not going to be dealing with those and to be honest I don't think I've ever put one of those in anything I've ever developed before in my life and apparently I just added in a another paragraph tag and I am um Struggle Bus there we go so now if we Refresh with this page we can get rid of those so let's say we want to make programmer again um let's say we want to make it bold and we want it to be a clickable link you can go ahead and try and do that if you
want you can pause the video if not let's see if we can find the word programmer we'll just do it at this front one right here up top so programmer we can just make this an anchor tag like This cut that move this over here and let's say we're going to make this one take us to https www. AI college notes.com and we want to make this bold so what we have to do is add in the strong tags we can cut that put that over here and save it you're going to see that this
this is made bold and if we click on it it's going to take us to aiic coles.com so Let's see our Wikipedia page is coming together just a little bit I don't think we need to just keep adding a bunch of these different types of splits or divisions so what I think we can do now is let's just add in this type of software because that is something new that we haven't done so let's say we want to add that in right underneath of our paragraph tag it looks like there is a double space so
let's see if this will actually just space it for us and it Looks like it's a heading so let's just say it's a heading for paste in type of software refresh and it is all the way to the left which means it is outside of our div did I accidentally move our div all the way back here I did indeed so we'll just move that cut this paste save and refresh uh let's see H4 was a little small let's make it an H3 and we can refresh that looks a little better and now let's go
ahead and Add in some types of software we can just copy this right here and paste it in as a paragraph save refresh and we now have this types of software so let's go ahead and actually add in this globalization and a little box that says we're going to give you more information if you click this link so we can make this box and we'll change the background to gray just so you can see the how these divs are added In to this Wikipedia page so we'll go ahead and grab this globalization and we'll come
back move our div down we'll make this another another H1 add in the globalization add in our line break and do they have any information they do not let's actually grab both of these and put them in over here and then we'll put this in between them to make it look a little bit different so we'll grab Market changes in the UK which actually has nothing to Do with I think programming but we did we make that a H3 so we have this we'll add in our paragraph we'll copy this and we'll save it and
we'll come look over here let's go ahead and at this point we will add in our um little globalization box so what we're going to do is we're actually going to end up adding another div and this div up here we have is the width of 800 um so this is actually going to be inside of this div so I believe that what we can do is copy this Paste it in here and we need to have this stay say style and this should be width and apparently nothing is going to work from my copy
paste so we'll just retype the entire thing and I believe we can make this a 700 save it and we need to put something inside of it um we actually also need to change the background color was different so the background color was gray but for for the sake of actually getting our div to look right I'm going to make it something completely different so if we refresh our page our div is not showing up and that is because we don't have anything in here so if we refresh it we now have this div and
it is off to the side so we will need to come back to our style and we want to I believe what we want to do is let's change our height really quick so our box is a little bigger so we'll make this this like 300 pixels which will make our box I'll show you what It's going to do instead of our box being really skinny it's going to be much larger so now we have our box right here um what we need to do is move it over to the left just a bit and
the way to get this to scoot over just a little bit that box is just a little big now and it's bothering me we'll change that to 200 is we're going to have to make the position and we need it to be absolute and I think we should be able to just do Some padding to the left and these numbers are going to change for you um based on your screen size this isn't how you would make something responsive but we're not ready for that that's all more advanced CSS so if we come over here
and we refresh that we did not save this and we refresh and the reason that didn't work is because we have padding left we don't want the padding we just want it moved and we we should be able to come over here and now this has moved our box Over um let's go ahead and change our height back to 200 refresh and we have this little box right here and so that is the basics of how we would go about making the Wikipedia page so as you can see the Wikipedia page is mostly just going
to be HTML there's not a whole lot of fancy styling or css so it looks pretty good for our beginner guide to understanding HTML and HTML is pretty simple just play around maybe just try to make another Wikipedia page and Delete all of this code over here and see if you can remember how to make these little tags make things bold or italicized and add in a little div here and there to try and space things out so that is our beginner's guide to HTML and now we're going to move on to CSS before we
start the section on CSS I think that's really important for you to know that CSS is going to seem really overwhelming because everything we're about to see is new and everything you Do is going to have to manually be typed in and there's a lot of moving parts to CSS so if you look at this page right here this little guy right here to get him in the center is going to be at least five different areas of CSS you need to know how to move him over you need to know how to make a
section and put him in the center you need to know how to change the size so there's just a lot of stuff and so as we go through this it's going to seem really Overwhelming so how I learned this is looking at websites that I thought were really cool where I just wanted to know how to design something kind of like we did with the Wikipedia page and I would Google how to do something like make these three columns right here how do I get these three columns in the center of a section with a
background image and I would Google that and then I would go try to practice it so I'm going to show you the basics of CSS and then we're Going to go ahead and build this actual site right here it's pretty simple it's a static website no backend and of course we're not going to use any JavaScript because we haven't covered that yet so let's go ahead and start our designing with CSS so the best way I have found or the way I learned to use CSS when styling pages is I would go out to a
page that I really like the way that it looked and we're actually going to make this not because it's really Cool but because it's going to give you a an idea of a lot of the different elements and you are going to feel overwhelmed as we make it but you'll be able to see just how much you can do with HTML and CSS so right here what I would do is I would come to something like these three columns right here and I'd go okay I want to learn how to make these and I maybe
I'd mess with them in different ways but just real quickly is I'd find something that I liked on a Website and I would try to make it so the first thing we're going to do is start out with our boiler plate and we're going to create a div and then we are going to do some styling so this is going to add in some CSS and this will be very basic we're going to do a height of 100 pixels then we're going to do a width of 100 pixels and that's going to give us us
a box and then we're going to do a background color of blue and then I'm actually going to go ahead and copy This cuz we're going to need to do this three times so we'll paste paste and then we'll just change this blue actually we can just cover that up and we'll go red and then we'll do a green right here so we'll save that and if we come over to our page and refresh we have these three squares so now what we want to do is just try to get them in aign so one
of the things you should practice doing is like move this blue one over 100 pixels move this green one Up 100 pixels and then put the red one over here next to it and just get used to moving these blocks around because you're going to need to be able to do this in the future so what we could do with this green one right here is we could just move it over so we can come back up to our CSS and we can just add to it and we can just say that we want to
add in a margin so we can just say we want a margin to the bottom of the green one and we'll say 100 pixels and then if We come over here and we refresh this we can see that we have moved this red one down because added a margin so we need to actually add a um we need to add a margin to the left and then let's see if we can get this box to move up so instead of a margin bottom what we ended up needing was a margin top and we need to
add a mar margin to the left and we'll also add that 100 pixels so we'll go ahead and save that move this over a little bit so we can see it so we'll Save this move this over and again now I moved it the wrong way so we moved it over but then we need to move it what I think we could do is just add in a minus right here now we have 00 pixels refresh and we have now effectively moved the green one right here so now we want to move this red one
over here and get all three of them in a line so we could actually just copy this right here paste it and we need to move to the left 200 pixels cuz our blocks are 100 pixels and We could just make this minus 200 and refresh and wow our red block is now off the screen so we need to keep this actually at 100 pixels so if we refresh this there's a red block and you can see this is really how I basically learned CSS was I would come in here and I would just visit
a page like this right here and then I would Google how to do certain things and I often practiced with these different colored blocks right here just moving them around so if We wanted to get these over here like this to be in a line like this without having to mess around with all of this there is something called um the display flex and we could just type this in in one section so in this body because everything is in this body body normally what you do is you would type in a section I was
going to do this in the body but I'll just show you the right way to do this we'll put this in a section right here that needs to be Deleted and we could style this and you would say display flex and then if we now come over here and refresh this page and they have not moved they should have moved so let's actually try and justify oh they did the reason they didn't move is because the display Flex puts them in a line so if we actually delete this um I did that too early so
they didn't move because they weren't supposed to so if we refresh this they're going to be over here if we want them in a line we can go Um back to where we had so style display Flex I was confused because I was thinking that they should have moved but that's is how they were supposed to be so if we wanted to now move them over I think to the center we can go justify content Center and if we save this we refresh and there it's in the center so effectively How I Learned was I
wanted to create something like this and I would go to Google and be like how do I get three divs in a row or I need two Divs in a column and then two more divs next to those in a column and two divs next to those in a column so you'd have about me goals um another about me and goals and another one over here and another one over here basically I just Googled how to do stuff and that's going to be what you need to do but I want to actually walk you through
this section on CSS just so you can get an idea of how much stuff there is and you are going to feel overwhelmed but that is Okay CSS is not that hard you just basically know what you need to do and that you can do it and then Google and read about how to do it and you will get used to seeing all of this kind of stuff because you'll do it enough or you'll see it enough that it just becomes a lot easier to remember so we got this over here in the center now
maybe we want to space them out you could add some padding if if you wanted to each one and you could actually do that down here by Just typing in margin which you have previously seen and we can do margin right and let's say we want to try 30 pixels that might not be enough but we can space that one out and we could copy this and just paste it in down here save it I actually think we'll try 100 because 30 was just a little too close together and if we refresh this I guess
that actually didn't move him over as much as I would have liked um that's because I did 10 so let's put a full Space of 100 pixels and boom they're spaced out and maybe we want them down in the center of the section like this what we would do is come back up to the section because that's what we want to adjust as everything and I think this is just aine items the center and let's see I think I think this is how we do that that is not and I actually forgot that is because
you have to set the height of the section like how big do you want it um and I if I'm remembering right to do The height of the entire page so if your ta page is like this big or this big you have to set the height to 100 um I think it's VH and I I'm not sure if we could do percent to we could try that in a second so now it will stay in the center of your web page no matter how big or small it is because you set that height um
let's see if we could do 100% because I actually am not sure that might work might not work uh refresh it does not work it does need to be VH in fact So This is How I Learned CSS was just playing around with things like this and maybe I was like okay well I want to change the color to the background of this section and you could just go background color and we could make it like beige and you could save it or maybe you would want to set an image like this as your background
image and I'm going to show you how to do these things um in our actual project build when we build this page right here so Let's go ahead and switch over and open up a new folder and we'll start building this page right now so what I think we will do is just go ahead and type out all of the HTML and then we'll come back and style it in just a second so this is what we are going for but the HTML will look very very plain when we get done typing it but we'll
go ahead and start the HTML so we can just change our title to like my website and then we'll come down here in between the body tags and I Haven't shown this yet but one of the things that you're going to notice is we have these sections right here usually you can separate these with divs but it is also pretty common practice to separate these with sections which we have not seen yet so I guess we will go ahead and use our first set of sections so we'll make our first section and then inside of
here we're going to make our first div and this really is going to be pretty simple um the first thing we're Going to do is import our image into our HTML so let's go ahead and save this I'm going to open up this page the index.html and I'm going to put it over here inside this tab so there it is we'll close out of that pull this page back over and we're going to import our image and the reason I open that up is so we can see our image once it actually Imports so now
we will import our logo or the picture of you if you're making this as an actual portfolio so what We're going to do is we're going to make an image we're going to say the image is going to be the logo and the alt so if our image fails we can put um just logo or you would put like your name or something right here instead of just logo so we have the logo we have the image if we save it and we come over here and we refresh it bam there is our gigantic logo
so we're going to actually add our styling later So I'm just going to leave this as it is with really big Zeus character over here so the next thing we are going to want to do is add in our name which is going to go underneath of it so we see right here uh we have my name is so we're going to go ahead and add in an H1 so we have our H1 and we'll just say my name is just like I had previously in the example and then we're going to call that good
because that's all we have over here and in the next section we are Going to have these about me goals and skills so we can go ahead and type in a new section so in the first section we need our first of three divs I believe that we're going to end up making and then we're going to need an H2 we're going to call this about me we make that capitalized and then we're going to have a paragraph tag and we'll just say um what I have over here I think I have in insert details
about yourself here can I we'll just put um yeah I guess I'll just Type that out insert details about yourself here period And I think that's going to be good for this first one then we're going to do my goals which is going to be inside of a new div and we call this my goals um I don't know if I would actually have this as my goals I inside of this I think we need an H another H2 forgot to put our tags around this so we'll cut that and move it over here and
underneath of my goals we will add another paragraph and we'll say my Goals and aspirations are to become dot dot dot so you can fill that out and then then our last div that we are going to add in here is uh my skills so we can come back over here H2 my skills we'll put the Z because we're awesome and we will add in our last paragraph We can type in my technical skills are off the charts period and now I think that's good so let's make sure we save this Refresh this page and
you're going to see there's are my name which is going to be in this section up here and then you can see this looks very different than this over here you can definitely tell the styling is going to make a big big difference so we have all of that showing up we're going to need our last section and inside of this section we're going to need one more div and we're going to make an H2 and I think we have a contact me so we have the we so in the H2 we have contact me
and then we have a paragraph tag and it is um interested in working together let's chat and then we have another paragraph tag and we have our email so we'll just say email your your at mail.com and then we have another paragraph tag and this is our phone number and we'll say 1 2 3 4 5 6 7 8 9 0 and if we come back over here I think that looks right let's refresh the page and now we have all of our content on the page pretty crazy that we're going to turn just this
a little bit of HTML right here into this right here so now is when the actual styling is going to start I'm going to try to go slow so that I can explain what we're doing in The Styling so the first thing we want to do is use our background image uh I think this Cloud's image right here is The one we're going to use for our first section and I think what we're going to do is we're actually going to make our style inside of our um actual HTML and then we'll link it into
our style sheet or we'll create a stylesheet and Link it later and I'll show you how to do that but for now we're just going to do all of our styling right here on this page so the first thing you have to do is create the style or the CSS which is going to go inside of these style tags And the only other time you wouldn't need to have style tags is if you create a separate file and we'll call it style style.css and you're going to see our little logo here changes to represent this
is CSS then you wouldn't need these style tags you could just type in your CSS into this file directly which I will show you here at the end of this section so the first thing I think we'll do is actually just make a um ID for this right here or a class so we'll make a Class which is going to Define what class we're using here so what we could use up here for our I guess class is what we would call it we'll just use header like this and then we open up curly braces
and whenever you do any kind kind of styling you will need to use curly braces even if you're in the style sheet over here so this will be our header class and we are going to put in our image right here so we will say we want our background image and the Great thing about CSS is everything is pretty much named exactly how you would like it so a background image inside of this specific section so this section is going to have whatever background image is inside of the class class header which we can add
in right here so now if we put in a background image right here we are going to see that inside of that first section so our background image is going to be we'll say URL and inside of this is going to be single quotes and It's clouds.jpg and I think if we save that that should work for us and we refresh and now we have our clouds behind our gigantic Zeus logo here and let's go ahead and fix our image right here and we'll give this guy a name so we'll say we're going to give
this a class we're going to make another class right here so that we can actually format this guy so he's not quite so gigantic and we'll just call this our profile image and so what we'll do is Come back up here and we need to add another class so we'll say profile need our DOT at the front profile Das image and you will need to use this dot for anything that you want to make a name for but let's say we wanted to make a style for just an H1 we actually would not need to
put that little dot in front of it and this will automatically style all the H1s if it hasn't already if there's already an element you can just name the element And you don't have to put that dot in front of it so if we were to change something for the body um and we wanted to change everything inside of the body tags we would be able just to type in body and open this up and we could just say our background color of red and if we save that everything inside the body tag which is
everything we have in our HTML if we refresh this over here is going to change to red so that is just what you see when you see these dots That kind of means this a custom name that you have made up so our profile image obviously is not a tag it is something that we have added in so let's go ahead and we're going to give this guy some styling so let's display and we want to display in a block and we want there to be no margin so the we'll give it the margin of
zero and auto and if I remember right this is left and right and this is actually this is up and down and this is left and right um and then We want to give it a width of how big do we want it let's just say 500 pixels we'll give that a try and we can say let's just try this and see what this looks like so refresh and there he is he is now much smaller and he is in the center and we will go ahead and get rid of this here in just a
second um we'll probably move this name over and we'll try to get rid of this little outline right here so the first thing we want to do is add our background size see if we Can get rid of this little line right here oh that actually is going to make it so we can do our Parallax um let's align our text so we can do text align uh the center and that should move this text over to the center and it does we'll give it a little bit of padding and we'll say padding um we
want to do 20 pixels and then we want to do zero and that should move it up a little and it did give a little padding down there to the bottom I think what we'll do is we'll also do The Parallax so for The Parallax which is when you scroll the image doesn't move um but this little line moves and it makes it so the the image looks stationary um for The Parallax what we can do is the background I think it's attachment down here and we'll do fixed and if we save that refresh this
page but we can't actually scroll yet so we're not actually going to able to see That um and let's go ahead and see if we can create a a body tag um so we'll do our body and I think we'll change our font and maybe we'll change our font color just right here so I think the font color is just color and we'll just use white as our color and if we refresh this it gives us our color change right here and inside of the body um we'll do a margin of zero and we'll do
a padding of zero and then we can change our font If we want to change our font so you can change your font with font family and we'll just do this right here this looks good um and we'll save this and we'll refresh it and there we have gotten rid of that border that we did have and now it goes our image goes all the way to the edge I think the last thing we want to do is just make our sections take up an entire page or the entire screen at a time which is
what we have right here where you see this takes up the ENT Entire screen and then you scroll so what we can do for that is add in a section for the sections um so we'll just do I think it's the minimum height is 100 is it v h I think and if we refresh this page there that did it that makes it full size we're going to need to move this guy down so he's centered um but we'll do that just a second and with that we can do the display play flex and that
should put everything so that it will be responsive and that puts It over here to the side which we don't want and we can do an align items Center believe that will put us back in the middle it did not it also messed up our bottom um this is going to make these centered because we did the flex for all of the sections so this is going to apply to every single section that we are adding this to so we'll justify the content to the center and then we'll text align to the center hopefully this
gets everything moved over for us and There he is now he's in the center and also look at what happened with our three divs right here as well as this down here is now in the center so you can see how the CSS is starting to take shape and then we want to scroll snap a line and we're just going to say start and this is going to help with our Parallax scrolling so now we can have that working and we'll need to add our background images for these to make sure those sections look different
here in Just a second so I think our header's done I think our profile image is done I think our body is good let's see let's go ahead and I guess work on our divs so we can come down to these three divs right here we can give them a class and we'll just just call them content block and we can just highlight this so way we don't misspell anything and we'll put it inside of all of these divs so that they have the exact same class now we can create the content block so we'll
give Our period content Das Block open that up and we can put in we want it to flex the basis and we'll see we want it to um let's just start out with something like 20% save refresh look at all this and you can see we now have this spaced out I think 20% looks looks okay um that looks that's more spaced out and what we have we'll leave it at 20 for now um and then let's just add we don't really need any padding um but we will end up adding Some OPAC it in
a minute whenever we add our image so let's go ahead and add our background image to this section so I'm actually just going to do this in line and we'll do our background image and I think we did the goals for this one so we'll type in goals. jpg and I bet that it's going to tell me I need this to go URL and this will need to be inside of parentheses because there's nothing after it okay so few things we going to end up having to uh adjust this image But one of the things
that I like to do with images that are really bold like this is add in some opacity so we can just say opacity which is actually just going to change the background to be more transparent so if we refresh this that didn't change our opacity uh maybe we will do less than one let's do like uh 0 2 and our image that actually changed the opacity for our um text here instead of the image so I think what we're going to have to do is I think What we're going to end up having to do
is add in another section so we'll have to do another con content section and this will need set of curly braces and this is going to need a period And I think we might end up having to add in the before and you're going to see that it adds responsive style to a pseudo element so this will actually make it so our text itself isn't affected by the opacity and it's just the image so we're going to have to add in our image that We have down here into this content block right here so we
should be able to delete this so we can actually come back up to our background image that we have right here and we could just do a background size this will need a semicolon if I want this to work so we want our background size and we want it to be we want it to cover not contain uh we want it to cover so let's Refresh um we didn't add in our so we could do is move this so that way our opacity is not on our Tex we'll save that um we need to add
in our content section to our actual section right here so we can make this our class content section so that way we can actually get our background image in here uh which for some reason is not displaying so oh it's not displaying because this is not inside of quotes So Now if we refresh this okay so sorry for the hard edit um as I was was making this I decided to go ahead and split the content section and the actual section for the content because you can't do one without the other and having it actually
display properly over here um so I didn't want to confuse you when everything was looking really uh terrible and then all of a sudden it comes together so I figured what I'll do is I'll just explain this so we're going To make the position relative which is going to make it relative to the screen we're going to change the color of our text to Black we're going to display the flex so that way if you like make your screen come in it'll actually like move this around and the reason you want to do Flex is
for like a mobile phone it will flex and so if the screen is bigger then it will all fit on one screen so that is the purpose of the flex and we want them to be in a row we Want to justify the content as around it um that makes it so everything fit fits properly we want to align the item Center and then we want to flex wrap which will also help with this adjusting of the screen size which is also just called making it responsive and when you do a Content section you have
to have this like empty string for the content otherwise nothing is going to show up we want to make our um top bottom right all at zero so the way it fits to the screen We already added our background image which you saw we want it to cover so that way there's no border around it it goes all the way around and we want it fixed so that way our Parallax when we actually scroll on the page will move the images in the background they'll stay put um but reveal more and more to us as
we scroll through it and then our opacity changes the darkness of or the transparency of the background image so you can adjust that if you would like to And then our content block which is actually the content we have right here the about me we already adjusted all of that so we want it Flex which is going to make it in a row we want the padding to make it go um side to side which we actually don't need this or this really we could delete both of those and just leave this and then save
this and if we refresh it then you can see didn't even make a difference um but that is the content blocks that we have right there And the last thing to do I think is just add our background image of the phone to this last section so we'll actually do this in line and so we could just say style um background color we don't want background color we want background image and I think the image that we are going to use is the contact um we have to do the URL over here and it needs
to be inside of quotes and we need our contact.jpg if we save that we refresh it there is our image But we are going to need to basically just copy all of this where is it all of this right here for this content section so what we could do is just type in um we want to add the class I'm actually not sure this is going to work but we're going to try it um content section does that keep it that did not adjust it um I guess we are going to have to go ahead
and do this the full proper way and make a new Section so I guess what we'll do is just delete this sorry for that I thought we could get away with making it real short inline style but I was apparently wrong so we'll just do the contact we'll make our curly braces and this one's going to go pretty quick so we just want our background our background image right here with the URL with the single quotes and it was contact.jpg save it make sure that it stays over Here and our image disappeared which means we
have a typo uh and our typo is actually that we just need to add this class down here to this bottom section um so we got to add this class paste that in there now if we refresh it there is our image comes back to us now we just got to do some formatting so we want to do the background size we want to cover so way there's no uh border around the edge we want to make it fixed so that way it will have that Parallax Which is going to be the background attachment we
want it to be fixed we want our text color to be black which I actually think it is already um so we'll just type in black and we want to align our text to Center which really it should already be centered we don't really need to I don't think we need to do that cuz we adjusted all of that inside of the body so let's go ahead and refresh this we have our contact right here which Scrolls up and down and I Believe that is a replica of what we have built over here so here
it is this is like a beginner's guide to CSS and I know that seemed like a lot and if this was my first time watching this I would be thinking this is way a lot but I really wanted you to just watch this and follow along because you need to see how many different areas of CSS there really are so that you can kind of get an idea of okay you can do just about anything with CSS so go out to your favorite uh Web browser like go out to a Facebook and try to copy
some of their stuff like we did with the Wikipedia and try to copy what they have and build like your own and just copy what's going on and also don't forget to play around with those red green and blue blocks and just move them around and make different divs and sections and make sure to play around with this this will give you a really great start of what you can do with CSS and I know that it seems like It's a lot and it's like going to be really hard to learn but it really is
not going to take you that long in a few days you'll be able to get the hang of this so if you just watch this video or this section on CSS maybe once or twice you will get the hang of it pretty quickly so the last thing I wanted to show you is we can actually take all of this CSS we can delete these style tags and we can put all of that over here and save it so that way our index.html is Much shorter as you can see and you can actually just link our
CSS by typing in link and our stylesheet and it is called style.css and if we save it now our when our page is loaded it's going to read this head tag it's going to see here's the reference for the style.css it'll grab it and apply all that CSS over here so if we now refresh our page you can see all of our CSS is still saved and if we wanted to add anything to it so let's say we want to change the content block So the distance between these two 10% we can save this over
here and if we free refresh it these are going to move and you can see actually think that just made it skinnier uh let's try back to 30 um yes it does it just makes our dibs a little skinnier so what you can so the point was you can actually see how the CSS works over here so if you wanted to add something else you do that over here in the style.css and because we have it linked over here it'll automatically Apply the CSS to our project all right we are going to be making a
transition from now just making some basic scripts into a little bit of web development and setting up our own server and there's a several reasons I want to use Python for our web development because this is a python course and by seeing the server side code even in Python you're going to be able to understand what is actually happening on on the server side so there's really two main reasons one You'll be able to be a web developer or so to speak and you'll know the server side as well as HTML and CSS and you'll
be able to make complete web applications you're going to understand databases and how apis work by actually using them and implementing them so that is a really big deal but also we're going to cover a lot of server side validation and a lot of mistakes that a lot of developers make in trying to validate things that come from the Client to the server so it sounds like it's going to be really difficult or there's a lot of information and there is kind of a lot information but it's really not that difficult and by actually seeing
the server side code you're going to be a lot better at knowing how to pull off exploits because you're going to understand how it was written on the server side rather than just what you see on the client side so we are going to be using flask for our Python framework that we're going to be developing in so I'm going to be developing this on Linux if you are on Windows I'm going to go ahead and leave a link in the description and maybe a YouTube video for how to set up a mySQL database when
that point gets there and if you're on Mac it's really simple I think it's three commands in the terminal you'll be able to install my SQL as well I'm going to be using Linux because it already has it installed and I'm really familiar with using it it's pretty simple to do if you have a virtual machine at this point I would encourage you to just use your Linux virtual machine as well because it'll make it a lot easier for you when we get to actually setting up SQL injection and the database so I'm going to
go ahead and open up my virtual machine and opening up VSS code okay a few things okay a few things that we need to cover before we move on to creating our server I've gone ahead and made a new folder right here and I created two files just app.py which is probably what I'm going to call my server and then a second page just for this demonstration but you should probably before you do anything if you've installed vs code you can actually just go pseudo app install spell that right install and we just want to
type in code OSS and this will get you the editor that I am using right here and then you Can just come over to your little drop down and just type in code and it is right here don't accidentally click this your computer is going to look like it's windows so make sure to hit the right button and you'll open this up and I'm going to come down to our extensions and what we want is just Python and the one that has Microsoft so this one right here and this is what I am using for
my python formatter SL editor over here okay so now that that is all done right Here this is something that you're going to see a lot in the world of python it's kind of confusing in the beginning and I usually don't use it because I'm not importing a bunch of files that I have created but when you create a python server you are going to be using this especially in flask so we are going to need to talk about it so this if main equals if name equals equals Main and then you call the main
function so essentially all this right here means is If the file name is main then it's going to call this main function okay now let's break it down just a little bit more this right here I don't like that it's called name um equals main because really this should be like if this is the main file that is being run then it's going to call all this code down here below it which is just going to be this main function so if we run this little play button right here it is going to run this
file and this file is Going to be the main file and if we came over here to this file and we ran this second file its name is going to be main because it is the main file that is being ran I hope that makes sense so let's go ahead and give a look at this so if we just come up here and we do something simple like uh print and let's just print the name of the file so if we just print name it's going to print this right here so let's go ahead and
run it and you'll see that we get main right Here so it's printing name but because this is the main file that we are running so it's the one that we click the main button on it is going to run this so actually over here this is going to import the app so we're importing this file right here so it's our own file if we run this it's going to print app because that is the name of this file it's an actual name and it is not the main file that got ran this second. PI
right here is the file got ran so it Actually prints the name of the file app and I'll show you again if we come back over here and we run this print statement and we print we're going to get Main and if we come over here and run this we're going to get app so it's the main file or the file that you run the program from that is going to be titled or given the name of underscore uncore maincore so we could make this a little more clear by let's put this inside of curly
braces and then put the Curly braces inside of quotes and we can make this an F string and say uh first actually we'll just say file name so we can use this twice so now if we run this you're going to see file name is name main right there so if we move this and we copy it or let's just cut it and we put it down here and we paste this we run it um you should know how functions run now so if the name of the file so basically if this is the main
file that gets ran is equal to Name so which it's going to be because we're going to run it right here then it's going to call this function and then it's going to call right here so it's got our main function it's going to call it and if we run this now you can see that everything inside of this gets ran but if we come back over to our uh second. Pi before when our print statement was out here it would run but if we run this now we're going to get no output because this
is not the main file And therefore this main function is not being called another way to see this is um because we have this if statement right here we could just say print and inside here we could just put ran directly and that actually needs to be inside of parentheses and then we can actually we need this as an if statement so if this is the main file that gets ran it's going to say ran directly and if it is not so we can actually come Down here and we can just say else and then
we're going to say print and it was ran from import so if we save that and we come over to our actually if we run it right here uh we have an error and it is because I put the quotes around our parentheses so now if we run this it's going to tell us it was ran directly because it was ran inside this file so the name was main but if we run this from over here we're going to get ran from import because the name was not Main of the file so this was ran
not directly so that I hope that makes sense let's try one more way so you can see um right now all we've seen right now is for this when it calls the main function when we run this we've getting we keep getting back main right here but we could call this main function from over here and we'll see if our name changes so if we call this function from our imported file over here what do you think will happen we can come over here And we can say app. Main and so we can call this
our app file right here so app. Main and if we save this and run it we're going to get the file of our name is actually app because we're calling the main function from this import and it's running this function and it's just ignoring this all together because we're calling that from over here so our app file over here is nam is app because it is not the main file and we could actually come down here and we could Print let's make this an FST string and we could just say second. Pi modules name is
and then we can put our curly braces and we can put in name and if we run this we're going to have spelled print wrong let's try this again and we get the file name is app which is run from over here file name is app because it is not the direct file and then we have the print statement right here running and it's being ran first so it is Main and the Reason I telling you this is because we are going to be importing files when we create our server and you will need to
understand this if name equals equals main um I haven't shown it yet because I don't really use it a whole lot in scripting because I usually just have a script and it's all inside one file and I don't really like running this because I'm not importing any modules and there's not any real need to do that and sometimes honestly if I'm running a Bunch of files I don't import this anyway because I know which file I'm running this from but a lot of python programmers would tell me that's really bad proper way to do this
is to run it this way I have just shown you so let's go ahead and move on to the next section I'm going to clean up my files and then I'll bring you back okay so I went ahead and opened up a Firefox because we're going to need this in order to look at our page a lot like we did with the HTML The only difference is we were rending rendering our HTML directly from a file so we were just opening a folder so we didn't really have a URL up here what we had instead
is the file path to the file on our local computer and now we're actually going to be setting up a server which would if we ran this in production use an IP address but we're going to be running this on our local machine so we're going to be spinning up a server on our local machine so what we can do Is open up our text editor and I'm going to actually type this out and then I am going to help you walk back through the code so that way you understand what is happening uh serers
side code is pretty easy um if you learn serers side code with just flask right here with python you'll be pretty good at doing this with nodejs PHP is a little more difficult because it's just the syntax is different but what we're going to be using with flask you'll be able to Understand nodejs pretty simply because it all runs very similarly so we'll just go ahead and start out by saying uh from flask import flask and if you have um any these have the red squiggly lines over it you can just hold your mouse over
it and install it and it should work for you so one thing that you're going to need to do inside of a flask server is create your app right here inside of other programming languages you don't necessarily need to do this App is already what it is going to be using so we're actually going to set the variable with flask unlike other languages so we can just say flask and then we're going to see that underscore uncore name right here so we are going to be using flask so we have to set this right here
this flask uncore name because it creates the flask instance or the class within flask for us to be using it is going to be like the central object that the routes go Through which is why we actually have this app right here it's going to set the routes for us which you're going to see in just a second and we set this right here so way it understands to locate all the resources which it sounds like a lot right now but you're going to see see how it works in just a second so down here
we just say app and then app. route so it's going to find the app right here which is the variable we just set and then it's going to define the Route and I think if you're from other places in the world you call this the root but I'm not really sure um but here in the US this is the route so the place where it can find the main folder so or the main file and because we don't have any other files what we're going to do is just say the root file which is going
to be right off of our server and then we can create a function and we can call it whatever we want we can just call it hello and that actually needs to not be In parenthesis we'll say Hello World from our server this is going to be our first time running this from a server and we're not passing in any parameters and then we can just return our hello world and it will need to be inside of quotes So we say hello world save this actually we actually need to add in our if uncore name
equals equals quotes uncore Main and then we need to call our app so app. run and I'll run this in just a second and then we'll Walk through the output so that way you understand what is happening down here so we have our flask right here input our flask we have our app that we set up um this app very aable that we set right here is going to use flask it's going to know where to look for our file so in a little bit we're going to create other files over here so we'll have
like an index.html and this is where that would go so that way the route would know to look for index.html we're calling our Function hello world and we're just going to return hello world and we could put the the HTML right here and start styling right from our server but I don't like that it's not very good practice um but I will show you how to do that here shortly and then we're going to call our if statement this needs to be moved over and we can save this I think that looks all right we
can run it I forgot our colon right here so let's try this again let's run it and Again man I am struggling with the typos let's try again and there it has run so we have this print out right here tells us this is a development server um don't use this in production development and we have our debug mode off we're going to turn this on in just a second you're going to see that we get a I think it's a PID number um in order to edit directly from our web page but it tells
us we can come over here to this location in our browser and it should Serve up our page for us and it does right here we have Hello World from our local host on Port 5000 so you have successfully just created your first server and you can see that we have the get request it's a 200 um we apparently are trying to call a favicon which we don't have set up um but here it is this is our basic server and we're going to go ahead and start doing a little more to this and we'll
start by turning the debug mode on because there's also a Vulnerability right there within the debug mode something to check for in Python applications the things we do to actually turn the debugger on is inside of our parentheses right here we just type in uh debug and equals true and this should turn our debugger on so now when we run our server um there's a couple of things that'll happen if we have an error it'll actually show it over here which could be classified as a vulnerability it would be information Disclosure it and we are
probably going to hit it on accident I don't want to cover it just yet I want to cover some different routes inside of the URL before we do but also the debug right here will allow it to when we hit command s or I think it's control s on a Mac that it'll actually rest start our server for us so we don't have to cancel it with contrl c and then rerun it up here so we're going to go ahead and turn this on already but I want to show you Some of the different things
we can do with the URL right now so what we could do is just copy this and paste it and instead of just having the forward slash we're just going to type in like page two just like this and we'll change our function to buy and we will change our word right here to buy so now this should we should be able to go to this page right here and it should return by World instead of hello world so let's go ahead and actually turn on our server so We need to run this make sure
everything is working you're going to notice down here that debugger mode is active and we get this pin right here so if we do want to edit from our actual browser we would enter this pin in right here so we can now come over here and we should be able to type in SL page 2 and we get by world right here so you're not going to see things like this very often what you're going to see is a forward slash like that so we'd have a forward slash2 That's a lot more common so let's
go ahead add in our forward slash save it and down here you're going to see that it says it's restarting our page it's going to reload which is really nice for us and now if we run this our page stays the same but if we leave this to like we had it we're going to see that the page is not found because we actually changed this route right here to have our bu World on page slash2 and I accidentally hit command save instead of refresh so We have this right here now there is a lot
more that we can do with this so sometimes you'll see inside of URLs uh like an username or an email or something displayed up here in the URL and the way that works is by adding in these little um brackets right here so by adding these carrots in around the number we can now access this as a variable so instead of saying buy world we would say um we actually need this as an FST string and we would say this is Page and then we could add in our curly braces because this is a variable
and then we would just say uh what did uh two because that's the name of our variable and it's going to display the number two um so what we'll do instead of that is we'll just say number and we'll change this to number just so that is a little more clear so we'll go ahead and save that and so if we run this over here we're going to get our type error this is the debug console which I wasn't Going to show you but I will now that we have hit this so we have an
error and let's say we want to debug this section right here we have a self viw function rule endpoint and this is because our endpoint right here is not right if we wanted to open up debug mode we would click this little button over here and we would put our pin which is right here we would highlight this and we would copy it and we would paste it right here and you can actually edit your code Directly from the console right here and the reason this is not working right here is because this is actually
supposed to be an integer so we would add an INT just like this and I believe that should work for us so now if we hit enter we still get that an unexpected ER keyword argument number and the reason for that is I forgot to pass in our number right here so if we save this and and if we come back here and we add in our page two with our forward slash we Now see this is page two so there was a little bit of debugging we had to do in order to get this
to work but if we change this to to like a six and we hit enter it's going to tell us this is now page six and that is because we have our integer and our number right here being passed through as a variable we have to actually pass it through into our function as a parameter and then we have it right here we're actually able to display it so this is some of the stuff You could do with a URL and you can really get creative by using like a username sometimes you'll see like a
username passor appear and if you were wanting to display their name like let's say in a nav bar which you'd see pretty regularly where it would say like hello username welcome to the web page or welcome to the site you could have that up here and you'd be able to pass that variable through and I'll show you how you could do that that so instead of Just like having page we could put in here just something like name and we'd have to change this to name and you could say welcome and then we would have
the name here so if they logged in and we sent over the name you should be able to put user and it'll say welcome user so this would be your user or you could put in right here welcome Ryan and you'll see just like this you can pass through different information through the URL so now you've seen the URL and You've gotten to witness the debug mode okay so we're going to use the file I created earlier second. pi to look at some nested functions we're going to look at them really quick because we have
already done some nested functions or what this is called a decorator function in the past but we haven't called it that so I just want to give you a little bit of a refresher here and then we will move on so if we just start out kind of like we have previously with A function and we're just going to add two numbers together so we'll just say number one and number two and then we just want to return number one and number two so we're going to just add these together very simply and return the
output so now what we could do is make this for an addition a subtraction a multiplication so we'll just say multiply make sure I spell that right and then we can divide and all we Got to do now is change this to divide make this multiply and this one be subtract so now if we wanted to run this we could very simply just say def um and we'll add this as our calculate and we're going to call whichever function we want to do at that specific time so what we do is we just add in
whatever what we want right here I'm going to add in Cal because that's what we're doing is calculating um this actual parameter right here what we're passing in can be Called whatever you would like but typically it's good practice to make it something that you can recognize um and then we'll give it number one and a number two and then under here we're just going to return the um calculation of number one and number two and the last thing to do is actually call the function and then we'll walk through it so we'll just say
um the function is going to be called calculate and we want to pass in Whichever one of these we want to do so in the beginning let's say we just want to add and we'll add number three plus number four and then we want to print um the result and in order to get the result we need to save this in a variable so we'll just call this result equals calculate so I believe this should work for us so what we have right here is a bunch of functions that we're not calling until we do
it down here so we Have this function which is the one that we're actually going to call right here so we're calling this function and we're passing in add so it's going to call this function and then we're going to pass in these numbers and then we're going to return the answer so what and then we're going to print it eventually down here so if we go ahead and run this you can see we get the number seven down here and let's say instead of adding we want to multiply we can save that run it
And we get number 12 so this is kind of how you can see the nested functions and these can get really complicated and we could really add to these but I don't really see the point in making this much more complicated than other than just showing you that we have a function right here and it's going to use the calculate which is going to be passed through as our multiply right down here when we actually call this function so we have a function that is getting Called right here and we're going to pass in another
function as a parameter so that's basically all the decorator functions are so right here we just have our decorator functions and they're just going to be functions passing in functions and so this is what you can think of um I don't really like to think of it that way when I'm doing these like uh when you're when you're doing some serers side programming in other languages um these are just the app rout And this is where you go and this is the function so there is another example we can look at to make this um
a little more clear is you can just say like we have a function and this would be our outside function and then we just want to print so we can just print the outside function just so you can see what this looks like and then um inside here we could say we want to print the or um call an inner function so we could say def inner and this is our inner Function function and down here we just want to print and we'll just print inner function just like that so what happens right here is
we can call our inner function right here um but if we run this nothing is going to be output because we need to have our semicolons right here to get no syntax errors and if we run this you see there's nothing put out right here and if we actually call our inner function from out here And we run this you're see that we get this syntax air because this is outside of this scope so this would need to be like a global function in order for this to call um but we are not able to
get to there so this function cannot call this function right here because it's inside of this one so it would need to be inside of here and if we were to just call the function the outer function right here um this will now will call this one and it will print this it'll Skip this function read this and come back and call that one so now now if we run this we're going to get outside function and inside function so if we close this off right here run it we get just the outside function and
you might be thinking at this point why would I ever do something like this and usually something like this comes in handy when you need a function um to test if there is some kind of functionality inside of a script that you want to work and if it Does work then you want it to do something so it's like call this function to see if we have the possibility to do this this if not then we're going to just pass out of this or break this function um and if it does work then we'll call
the inner function so if we give just like a really simple basic example is like um a equals 1 and so like if item number one actually works in our code then we want to do something and so we could just leave our Inner function right here and we'll come down below it and we'll say like if uh A minus 2 equals equals 1 then we want to call the inner function so a equal 1 1 - 2 is going to equal 1 okay I am not really sure when I was editing this video I
just realized that for some reason I took a pause and I for some reason put this one here instead of the A and I'm not really sure what that is but we're going to work through this and I will eventually put the a back in here So you can see the function work so that way we're grabbing this a and putting it down here so now if we run this we should get the outer function um I think this needs to be a three right here now if we run this we get the inner function
um because 1 - 2 gives us a negative number so we needed 3 - 2 in order to get the positive one so this is how this would work so we call this um function right here we see it we get a equals 1 and then we're going to have an if Statement and if this actually works then we want to call this other function so that is like a really basic example of why you would want to use something like this I use nested functions all the time because if something happens um and I
want more functionality then I need to call a second one but if the first function fails then I don't need to call the second function so that is how that would work so I guess I didn't even use the a right here so it would be let's do A and make the a number two so this is more like how it would work so we'd use a variable so a equals 2 if this works then we want to call this function so this is kind of how you can see how they will be useful and
we'll probably be using these in the future so let's go ahead and move on so the next thing I want to show you is going to be the actually rendering HTML in our page so let's say we want to just go back to our main page so let's go ahead and spin up Our server uh just copy this and paste it in so let's say we actually want want to render some HTML so let's say we want this hello world to be centered over here we can come back to our page and actually just delete
this hello world and we can just start over by making our single quotes and we need to add in an H1 and right here we' put in our hello world exclamation point and we need to close this off before I go back and start styling so so we'll close this off Now we need to come up and add our styling so if we save this and we come over here and refresh this you're going to see our hello world has changed because we're now rendering our HTML over here from our from our server but one
of the things is I don't like to render the HTML right here I'd rather have an HTML file which we'll see in a minute because when we decide to try and style this right here if there's any kind of typos um we don't get any auto Fill and if there's any typos then obviously it's not going to work so if we say style equals and we want to do some text alignment so add in our two double quotes we'll say text align and then we want it Center and if we refresh this hopefully that goes
over it does um I was a little worried that I was going to have some kind of typo or something CU I'm pretty sure the way this is supposed to be in HTML is That's supposed to be all together but Apparently the syntax doesn't really matter so we have our hello world right here and we could add in something else if we wanted to we can add in our single quotes and we could add in a paragraph tag and say this is a paragraph exclamation point and then close off our paragraph tag right here and
if we save this now our paragraph is rendered over here so this is the basics of rendering some HTML I want you to go ahead and play around with this and make some more Styling and maybe style up a little page it doesn't have to be too complicated but just practice some of your HTML that we just learned previously and rendering it here maybe even render some in a different page and then switch between the two pages maybe add a button um and you click on it and it'll take you to a different page so
with that go ahead and practice and then we will continue going okay so what we're about to do is look at moving our project that we made in The HTML and CSS portion of this course over into our actual environment that is going to be ran with our server so we're going to be serving up our index.html from our pre from our previous project into our server right now and if you skip the HTML and CSS portion of the course I'm going to go ahead and assume that you know how to create an index.html and
get the boiler play and create a button because that's what we're going to be doing in this portion Of the course that is going to work with our server so when you click the button it's actually going to go ahead and send the information over to the server and we're going to be able to use that data in the future but for now we're going to go ahead and set up our stylesheet our images and our index.html with our server in the next like 10 minutes and if you skipped the index.html portion you can go
ahead and watch this anyway because the way you Serve up the files in flask with python is different than you would with other programming languages so let's go ahead and check this out okay so we are back here at our vs code page we can go ahead and kick off our server let that get started um we're going to actually move this file remember this page we actually made in the HTML portion of the course um we're actually going to move it over so now that we have it running with the server so the big
difference is right Here it's running off of my home directory it's going to my user desktop the name of the folder and then the file so if I actually just close this I can show you like if we just open up this folder and then we right click this and we open up this index file it's just going to open it up and render it right here but we actually want to be able to run this with our server so I want to show you how to do this and then maybe just like delete all
the files and then Remake it yourself so if we close this come back to VSS code this is um pretty simple we'll go back to just the basics of like our boiler plate for the flask app and one thing that you don't have done right now that I do have is you're going to need to import this render template and don't forget your little Comm there otherwise you will get a syntax error so we can just say def home and create a new home function and then right here we will render our page so we
Can type in return and then we want to render the template and then we are going to put in the actual file name right here which we don't have yet so the way we would set up the file structure if we come over to the documentation we're actually told that generating HTML from the pyth with python is not very fun that's what we were doing earlier when we were actually writing in the H1s inside of like return the H1 and it could be really cumbersome And it could also cause a lot of problems so that's
what it's saying can be pretty cumbersome and we are able to render our HTML through render templates and it actually tells us how we can do that right here so we can just add in the HTML name within single quotes and it should render for us the problem is we this render templates to come from a templates folder and then also your static files such as images and CSS all come from a static folder so I guess the First thing we could do is create a new folder and we'll just call this one templates and
then we want to create another folder and this one is called Static so this is going to be our HTML page would go inside of here so we can open up this folder again and what we can do is put our index.html inside the templates and it should have been put in there and here it is so here is the page that we made earlier and now we want to move our images into the static and then We want to move this logo into the static as well so I think that is all of our
files that we need to this point let's go ahead and put in our index. HTML so right here we can put our index.html in we can come back over here and look at this it just tells us whatever it is so we can put in index.html save our file it says that we have a syntax error because I didn't have my semicolon now we can save that restart the Server and we want to go to this page down here this will probably be easier to just copy it from here copy paste and we we don't
get our images but we actually get our page served up to us so we have our page here and we're able to see that it's actually rendering and right here we can see it's no longer coming from a file but it's actually coming from our server so what we can do is come back over here um and It's pretty cool this is your server right here and you can see doesn't take a lot right here just to serve up the page but if we had like a login um and some kind of cookie set or
session management this is they would add like 100 lines of code so when you're serving a basic static files it's pretty simple but if you get into any kind of complicated um programming which we're going to do here in just a little bit you're going to see that are server can Actually start to get really big and have a lot of lines of code to it but for now we want our images to render so how will we go about that we can come back over to our index.html and we have all of this style
sheet right here so what I want you to do is have a go at copying this all out of here and putting it in a CSS file and then linking it over here and see if you can figure out how to move all of your CSS to a CSS page so go ahead and pause the video and Give that a try if not we'll go ahead and create that right now so the first thing we can do is come over to our static and we're going to add a file we actually just add it down
here and then drag it over to make sure that it works for us style.css that opens for us we can paste all of that in there and now we can just drag our stylesheet into the static and then we'll want to come back over to our index.html and we're just going to start Typing in link and it's going to tell us we have a relationship with a stylesheet and we want it to be I think it's inside I think we got to go static and then style and that should link that up for us so
if it does um these words are going to stay in the center and it does and and now we have our images so our static sheet has with moving our static sheet we now have our image our background images but you'll notice our logo is still missing and I'm not Entirely sure why that is the reason all of this started to work so the reason our stylesheet is now loading our background images but not our logo is because our logo is not in the same folder or same path as our static files so our CSS
sheets over here and it's looking for the images right here and it's able to find them but our index HTML is over here it is not in the same folder as the static folder so what we have to do is do we need to go backwards We do not we should be able to just put in our slash go to static and then add in our logo and I believe this should work for us let's refresh the page and Bam there is our logo so I hope it makes sense um what I mean by the
path to the folder if you've done any kind of ethical hacking by now I'm sure you know how to find folders and paths and understanding um it's the same as when you open up a terminal and I'll make this a little bigger if we CD over to Our desktop and then I think this what is this called This is called flask app and then we CD into the flask app and we LS you can see all of the files right here and then the folders right here so if we're inside of the templates folder and
we LS index.html is here so if we want to reach something outside of the index.html we would need to go back and then we would go into static and then we could LS and then here are the files so you have to move around within the files In order to reach them if they are not in the same folder so I hope that makes sense as to why our stylesheet worked with this clouds. PMG right here and over here in the index.html it didn't work because we weren't looking in the correct folder so with that
I think I want to give you a challenge and now just maybe it doesn't even need to be styled right but just maybe put a button in somewhere up here above this guy's head and then come over to your server And add in a new route and make it so when you click the button you will be able to be taken to a new page so I think we'll pause right here and then we will continue on okay so there is a little bit of a trick that I think you could have probably figured out
because we have covered it in the past in the web development in order to get this button to work because typically when you write a button you use JavaScript but we are not learning JavaScript we Are learning python HTML and CSS and we can make it with everything that we have learned so far so we will need a new file and we'll just call it about me. HTML and we'll just go ahead and move this into our templates and we can come over to our app and we can make a new route and we can
say app. route put it in single quotes slash about me and now we can make our function and say about Me caller function and what I always forget to do is put my colon right there and we want to return and we're going to render the template and we are going to render about me. HTML hope everything is spelled right that looks right I believe says that it's reloaded don't have a syntax eror at least now if we come back over to our HTML if you remember we can put in our um exclamation point and
hit enter we can change our title to about me like this And we can just put in some dummy text and we could just say um first we could just do like a H1 and say about me and we could put in a paragraph I'm not actually going to worry about styling it because we're just trying to get the button to work so that way we can see how our server can serve up a another page so we'll just say this page is all about me and and save this now comes the fun part when
we actually get to add in our button over in our Index.html we are going to put our button just above our logo and we can put him right here and we can just say we want to make a button by adding in a button right here and we can just say about me and if we save this let's come back over and refresh our page page bam there is our button but it does not do anything now typically what you would do is you would add JavaScript and you'd put on click we want to do
something like call function or something Else but we are not using any JavaScript we can also use the trusty anchor tag and we can surround our button inside of the anchor tag let's make that look nice so we can save that so now our anchor tag it should do something with our button when we click on it and we can just put in right here and we can just say template and we're going to go to the about me. HTML so let's try this and refresh hopefully it works first try and it says that our
templates about me h. HTML could not be find could not be found so we have a problem I bet maybe somebody out there has caught this let's go back to our app.py and it is I think because we're trying to render the HTML maybe we can actually just say about me oh I see what our problem is I don't have um return right here so now if we save this come back over here refresh it we have our about me page but we actually want to make sure that's too far make sure that we're on
our main Route page from our server we can refresh it to make sure that our code is up to date click our button and now our button brings us to a new page so what you can actually do what is really cool without open up like any kind of proxy you can see what is happening right here it makes a get request to the main page right here and then when we click on our button we get a get request to our server and it's going to serve up the about me right here and I
actually can't Remember if I have this specific VM setup to run with local host file I'll set this up and see if I do and it looks like I think this should work and you can see our request right here being sent to our header and we're able to actually stop it so you can see the host headers that flask automatically puts up and we catch those here in our proxy and we can send those forward so you can see our host um our get requests basically everything that we're able to see right Here we
can actually see from burp as well so we could forward that and shut that off and if you want to be able to intercept your request inside of burp as well uh you can open up a new tab and it's about config and it's dangerous in here say we know what we're doing um type in proxy and it's uh this one right here allow hijacking Local Host and you just click this little button and it will turn that on for you and then you'll be able to Intercept request right here with burp as well so
that's how you do that but that is outside of what we are learning and we have all of our stuff set up right here so I think at this point maybe a good challenge for you would be to style this and add some style to it um or maybe you can just delete this about me and make a login page see if you can take a few inputs and create a button and we'll see if we can set if we can start to set this up with a database And start looking at some vulnerabilities at
this point so before we move on I have decided I think it'd be a good idea to uh take this page right here and we'll create a little input and a button and maybe you can take this as a challenge and you can go ahead and create a form and take an input and create a button and we're going to turn it into some cross-site scripting with our server linked up right here and I'm going to show you how To make this like if somebody was doing this maybe in a test environment and forgot to
leave the ginger to default security measures in place um and then also maybe you want to figure out how to get crossy scripting on Ginger 2 which is going to be used with flask and then you can go out on bug Bounty programs and find um pages that are using Python and flask and then you would have a payload that's going to work with pretty much any website so I'm going to show You how to go ahead and do this but you can come over here and create your form first and then we'll go over
and Link it up to our server second so the first thing we want to do is just create the form and our action is going to we're actually going to send this over to the about- me and I'll show you where I get that so with flask and python you don't have to create your own API or use an API like you would with JavaScript so we can actually just send this over here to About me is where this is going to be sent and then the method is going to be a post so if
you've done any kind of ethical hacking or website penetration testing you'll understand the get and post if you've done any programming before then you will also understand the get and post this is a post request to the server so we're actually sending it some information and we want to do something with the information and we'll do that over on the server in just a Second but in the meantime we also want to have an input we can leave it as text um and we can just name it uh xss input and then we also are
going to have another input and we're going to call this our submit so we can just say submit and the value is going to be submit just like that and we want to render the information that we put into our button on the screen so we want it to reflect down underneath our input so what we're going to do is we'll just Create a div um we could create this as something else but we'll just leave it as a div and similar to ejs you can render the information from the server inside of these curly
braces and we'll just say this is going to be our user input and to shut off the ginger security measures for crossy scripting we can just say safe so this is basically going to take the user input from up here and it's going to reflect it right here and we're just going to Say that is automatically going to be safe like we're not expecting anything bad to come through which is not something you typically want to do and I can show you to shut this off you just would delete this and it will reflect it
down here and it'll automatically Escape any of the bad characters so you can try to bypass this in just a little bit and see if you can get any payloads to work if you can you'll have a good Heyday with bug Bounty programs that use flask And ginger too um but in the meantime let's go ahead and come back over to our server and we are going to have to add a little more information into our server so the first thing is um we need our user input this is what we want to be reflected
right here so we need our user input it is going to to start out as an empty string but then we're going to replace it with what is posted in the post request so we're going to say if the Request method is a post then we want to do something we're going to say our user input equals the request. form. get and so I'll explain this in just a second so you can see what I'm doing so this will be our xss input right here and hopefully I spelled everything right and we'll put our empty
quotes right here so this needs to be moved over so what we have right here is our request method so when We send this post request right here if this is a post request that is sent to about me which you have right here you have the about me and the post if that is sent over to our server we are going to take our user input right here and we're going to create this variable as an empty string and if the request method method is a post then we're going to do this we're going
to take our user input from the request form and we're going to get the cross site scripting Input which we have right here so inside this input we're going to take that and we're going to save that into our empty string right here and then we are going to render um not just the HTML but we want to render the user input which is going to equal the user input so let's go ahead and see let's run this and see what happens we get an error at the post and I just realized that maybe you
didn't update that I actually updated this before I started recording um so we Will you will need to update this little right here um if you're following along with the methods the get and post I was thinking that was probably my mistake but it was does not it is going to be it tells me right here after the post we are missing a colon so let's go ahead and add that in now we have a different error and it says from this should be form save run this again and it is up and going so
we can actually copy that we can actually just refresh this over Here and we have our submit but we actually need this to be a button instead of an input so let's go ahead and change that that means I have a typo so let's come over here there was two M save that I bet some of you guys caught that now we have this button you can also take this right here and you could just turn this into a button by creating a button and you could say type equals submit just like this and then
you could have your your button over here so you Could just say this submit and you could have your button name right here and you could actually have a button so let me save this and I'll show you if we save now we should have two buttons over here so you can see and both of them are working so you don't have to use the input you could use a button right there if you wanted to so either one of those would be fine but I had a typo right there that's why that was not
working so let's get rid of our second button here Save that save that and if we put something in here and we submit it it is going to be reflected down here now so our post request if you want to see how we made this we send this we make a post request to the about me this is going to be our server this is going to be the variable with the um input that we have right here and we can forward this and it gets sent over here so that is how that works uh
if you wanted to see the full process you could submit and do Intercept right here so we're going to intercept the response so we can see this is what gets sent back from the server and actually gets rendered over here on this page so if we forward that then it gets rendered standard so that is how that works so now what we could do is actually type out a simple cross- site scripting payload which I have already tested out right here and you could say alert one just like this and that needs to have a
close so Now if we submit this we get our cross- site scripting just the basic payloads are going to work because we have this in safe mode so if we actually delete this and save it and then we come back over here and we run that exact same payload that is not going to work because it is now Escaping The Bad characters with Ginger 2 so if you wanted to see if you could get cross site scripting to work right here you could practice on your own personal Website right here instead of on a live
website and if you get it to work right here it is probably going to work out in the wild so if you can get a crossy scripting to work here you can go through uh all the different GitHub pages with all the different payloads and test them out if you choose um but also I wanted to show you the um payload right here with the image tag right here so if we do the image source with uh empty right here just can be anything on Air alert and we need a t right there so alert
um nothing this should work for us it is not going to work because I forgot to put back our safe mode and if we just copy this and try this again hopefully it works so while I was editing this video I realized that the error that I'm not seeing when I was actually recording this is I needed to close off this string right here this string is open so that way it is not letting the cross scripting work um I wanted to show you The image source because this is a really common one that you're
going to see and apparently I have done something wrong to mess up my payload so let's go ahead and try this again and since that's not working let's just go ahead and typee it out so we can say image um our source is going to equal is said double quotes is that's single quotes it's single quotes so we can put our single quotes back in there and it doesn't really matter what the image Source is actually looking at and we have our on error equals and then we have this closing tag let's try something a
little different so instead of that we will try prompt and we can see if maybe prompt will work in instead of alert and it does not not really sure why that's not working but our original one is actually working so you can actually go through and test out different payloads if you would like let's actually try out um one that we Did earlier one that we saw earlier so we could say image and this is what I would recommend to you for you to go ahead and try a bunch of different payloads and see which
ones work so we'll just say source and we'll say on error we want to do do one that we tried earlier so let's say uh JavaScript alert and we can alert one which is really common and we can close off our tag right here and let's go ahead and Add in a closing image tag which I'm pretty sure we don't need to do um let's actually just leave it and then we can just copy it later okay so that one actually worked so you can just play around with the crosslite scripting at this point and
see which ones you can actually get to load and which ones work for you and you can also go ahead and delete the safe mode and play around with these um I think what we're going to do now is we're actually going to set Up a mySQL database over here so that way we can start to practice a little bit with databases and some SQL injection and understand the code to have a secure server sudden way we're not going to have anyone use SQL injection against us but I also before we do that I think
it'd be helpful for you to go ahead and create a another get in post so maybe just delete all of this and see if you can get familiar with taking information from your actual HTML Over here and understand okay the action means we're going to submit this to whatever route we have over here this route specifically is going to be the about me we're going to need the methods of get and post because we want to get information so I actually typed this out and I don't think I have it in the video but this
is just the methods that we want to accept so sometimes you'll see in burp you'll see it get postp put delete um but we're only going to be Dealing with get and post you can create your function you want to make your user input which we have from over here we're taking in the user input and then we're going to reflect it back over here on the screen so an example of how this would work is if you do something simple and go to google.com and we want to look at something we could just say
something and you're going to see our word is reflected okay let's go ahead and Mis Mistype something because um I guess it only reflects it right here if you spell something wrong so you can just type in something and so you see it says did you mean something here it actually doesn't reflect what we typed in I actually thought that it did but here's an example of like it actually taking something it reflect our something right here but it to fix are here so that is like an example of taking something that we actually type
in it'll send it to the Server it comes back and it is reflected right here at least part of it's reflected right here that would be a basic example of taking the user input and reflecting it back to the user uh most of the time when you see something like that it's going to be something stored in the database and then it is grabbed by the server from the database and then reflected to the user uh that's a little complicated but we we may or may not cover that in the future um when I use
databases I do have to do that sometimes so we'll have the if request method equals post instead of get because here's just a simple get request we just hit enter and I'll show you like we're not actually sending any information over we have this get request because we have not submitted anything but a post request is when we put this in here and hit the submit button that right there is the post so we are going to be checking if it is a Post request then we want to do something we're going to change our
user input the request form. getet and so this is going to be from the request form we want to get the crosslite scripting input which is this right here so we want to return return or render the template which is going to be our HTML and our HTML right here plus this variable is going to be sent over to be reflected right here so that's all we have going on right here I hope that's Not too confusing this is actually like really really simple server code so I think if you're if this is confusing um
you should go ahead and try to create this and maybe watch that section again of me just explaining what all of this is doing and you should be familiar in the next few sections of this video because we're going to be continuing to work through creating post and get requests especially as we start linking up our server we're going to be doing All of this again and hopefully it becomes more clear to you so let's go ahead and we'll I'll give you a challenge and then we'll do it in the next video so create a
new page over here call it login go back to our home route page right here and we can actually create a login page and then a button I so I want you to kind of copy this a little bit um you're going to make a page it's going to say login and you're going to say this is like our Login page or whatever you want create a form create an input for a text and instead of the name you can put username make one for password and then create a button and then we can go
ahead and try to just reflect the username on the page when they hit submit and then try to handle all of that action over here so the way you can get practice typing all of this out and then we'll go ahead and do all this together I just realized burp is in intercepting this and if you Want to on your index page instead of having just an about me you can put a login button right below that so that way you can practice creating another button that is going to take you to the actual login
page that we can start creating all this on so go ahead create the index. or create the login. HTML recreate all of this and this right here so that we have a username and a password and it'll reflect the user on the login page page once you have hit Submit I hope all that was not too difficult I'm going to create my file login. HTML I will drag it into my templates we will say move now I'm going to kind of cheat a little bit and I am going to just copy this I'm going to
take this second input copy it and I am going to just change this to password and I think something you could do as a little bit of a challenge to remember your CSS practice is to try and style it and make it look a little bit better uh If you want to so I am going to reflect the user input which will be on the server side so let's make sure I got all this right this will need to be login and password and username um you could type this in as password if you would
like I'm going to leave it as text so that way I can see it and and I'll actually be able to see what is being sent back and forth or I could just print it to the console but I'm just going to leave it as text for now and I'm also going to cheat just a little bit and I wouldn't recommend doing what I'm doing right here because um it'll be helpful for you to get used to retyping all this out and it is possible that I am more than likely going to have some kind
of typo because I forget to change something over here so I'm going to change this to the username which I think is what I saved this as over here where is that let's see this file right here this file uh Username so right there got that right we need to change this to login. HTML and I think on the index page what were we supposed to do we're supposed to make a button let's see if I can find the button right here that we made an anchor tag we'll copy this and we'll just put one
right below it we'll say login and the button is going to be login so let's go ahead and give this a try the server is Not running cuz I crashed it let's come back over here see if it actually works and the issue that I think we have right here is I didn't change this to something else so we'll just change this to login save that Rerun it says that it is live uh so we have the login page button it does in fact work let's just say Ryan password of John submit and it reflects
my first name down here okay so we have that working what we could do also if we wanted to um make this look Or function a little better is inside this div right here you could say uh welcome save refresh and when we type in our name right here submit we have welcome Ryan and I think um I'm not I don't usually code with python and flask I bet there's a way to put these together um but I have actually never tried it so we get an air yeah I'd have to look up how we
would do That because I've actually never tried to put any welcome or anything in addition with the actual username right here so that is something maybe you could Google and try to do but for now we're going to go ahead and try to set up our database and if you are on Windows you can check the link in the description for how to install MySQL on a Windows machine and for those of you who are on Mac it is going to be pretty simple you're going to need to install Homebrew and I'll also also put
a link in the description for you but it's pretty simple you just have to paste in three or four commands into your terminal um you have to curl the home brew install home brew install MySQL and then basically just launch it so it's pretty simple if you are on Mac it's a little more cumbersome if you are on Windows but I'm going to link two different videos on how to do that down in the description and you can go check Those out or if you are on Linux it's already done and you can just continue
following along with me and we'll go ahead and set up our database and our table and keep going so I'm going to assume you've gone ahead and installed okay so I'm going to go ahead and assume you have installed MySQL and watch those videos at this point we are going to go ahead and open up a terminal and the first thing you're going to want to do is actually start the MySQL server and The command for that looks like this so just sust system CTL actually we don't want restart we would want just start MySQL
you'll hit enter that should take a second or two to start up you will then just type in MySQL to log in it will look like this MySQL uh -- root- P you can hit enter and the password that you're going to use for this is whatever your password is for your current working machine that you're logged into whether it is your Mac User you're Logged into or you're logged into Linux it'll be whatever the root user password is for some people that actually may not work for me it works I actually changed mine to
just password so I can log in right here but if that does not work for you you can actually shut down your MySQL by typing in MySQL system CTL basically exactly what we did right here only you would use stop instead of start and then you you're going to type in this Command right here and it's Going to allow you to log in with no password and then you will set your password by typing in this command and the only thing that you will need to add is you exit and then a colon just like
this and you put in whatever you want your new password to be right here for the user if your username is not rote or your user is something else uh then you'll want to change root like right here you obviously wouldn't want to use root you'll want to use your name and Then the new password you want to use right there and whatever the new password is for that user it should now allow you to log in so once we're in here I actually might have spelled that wrong I did can't spell password and now
that we are logged in we're going to need to create our database so this is something I just want to mention that I don't actually have a lot of this memorized I have it inside of a specific set of notes that's Called create database because I create probably less than 10 databases a year and every single time I have to go back and look how to create a database and all of the columns because I don't have all of the syntax memorized so as you watch this as it looks confusing just know I don't have
all this memorized either and you probably never will because the odds that you're going to be setting up a datab base every single week is going to be pretty slim so the First thing we want to do is just type in create database and we'll just call it my DB and the thing I will forget often is you have to have this callon to close off your statement and I want DB and we hit enter now we have our database created so we should be able to say show databases is that right show database uh
show databases and we now have my DB right here so we can now go use my DB B if we Wanted to show all tables uh it's pretty similar to that right there we just type in show tables I think that's right and we have none set up in here right now so let's go ahead and create a table and we're going to call our table users and it should look like this we're going to say create table users and user ID so this is basically just going to be the first row of user ID
and every single time somebody signs up or creates an account then we're Going to automatically give them an ID so we're going to say uh ID it's going to be an integer uh so not null it'll always have something so this not null just means there's always going to be something in that specific column and we'll say Auto increment which means that it's just going to automatically create that in order so the first user is going to be 1 2 3 4 5 and so on and we're going to use that as the primary key
which I Think we'll probably use this when it comes to setting cookies and ey doors we'll just use this primary key to move around as different users for our ey door section when we actually create that so we can close that off I'm going to reread over this to make sure that it is all right and I don't have any typos um so let me bring you back once I finish doing that all right I think it looks good let's see Zero rows affected uh let's see we do have users I think It's describe users
does that show us yes it does so we have this user ID right here we also want to add in a usern a username and a password for our user so we are going to type I'm going to type these out and then so you don't have to watch me do that and you can pause the video and copy them down so you can type these out as well the first one is going to be alter tables uh alter table users so we're going to alter the table users which we have just Created and we're
going to add a column uh username and we're going to add in that we want characters and it is going to be not null as well so that way you have to have a user that way whenever we create users there's automatically going to be a user and lastly we want to create a column for passwords and later we'll add in a column I think for security purposes maybe we'll add in a cookie I haven't really decided yet but for now we're going to create one with Passwords and we can hit enter and now we
have passwords and if we go up and we describe users you're going to see we have user ID username and password so let's go ahead and try to create our first user I have already typed all this out we're going to say insert into users uh a username and a password with the value of Alice and password one two3 I actually think we'll change this to uh admin because that's really common and we'll just leave password one two Three and we forgot our closing colon and we'll add that in and let's go ahead and describe
users and see if this worked for us we want to uh actually what we want to do is select all from users and see there we go so we have user one and admin and password two3 so there is our first user already in the database here for us and if we created a second one like let's say we wanted to do the Alice um that she would show up as user to so now we want to link our Database over here to our server because we want our server to be able to put users
in and get information about users back so that way we can start practicing our SQL injection and we can also see how to create users um in our database with secure code and you can kind of see the back end of how this works with a server the database and how you can break the code as well okay as we get ready to start this I just want to start out by saying that all of this is going To be new so it's going to seem really confusing at first I'm going to try to go
really slow and explain every single line uh like I have in the past with like what this if statement does the Post username only we're going to do this for setting up our database so I'm going to try to go as slow as I can and be as clear as I can if you have any questions leave them down below because setting up a database can be confusing if you never done it before and you're Not used to working with databases and you don't know the SQL statements so I'm going to try to explain it
I might for the sake of redundancy do things multiple times just so you understand it so before we actually start messing with our login and turning this into an actual like login page that is going to produce for us a SQL injection for us to be able to practice and then also create like a secure login as well as a secure sign sign up we are going to just start With the login. HTML over here we're going to change this to uh just sign up like this and I don't want that to actually be a
tag so shouldn't have hit enter there but there we go we got the sign up and then we'll just change this as well to sign up even though this is going to be login um we are going to add a sign up here in a minute and we'll make that secure and we'll just leave the actual login as unsecure so we have our sign up and we'll just Say this is our sign up page and then we want to I think just change a little bit of this let's go ahead and right now we don't
have a placeholder in here they're just blank so if we had a user and we wanted them to know what they were doing we could just type in here like a placeholder and we can say username and we could add a placeholder down here we could just say placeholder and we would say password and for the Sake of making this actually look like a sign up page we'll actually change this to password as well so now when we come over here and we type in this box instead of having text it's going to be the
little bubbles so we can come back over here I think this mostly looks okay instead of using in user input um we'll just call this like a message so that way we actually can send a message back from our server that either you're logged in as a specific user or the Login failed and the reason we're doing a login First instead of a signup is because over here in our database we already created one user so we're going to use SQL injection to log in as the admin user then we'll create a sign up and
we'll securely sign up without being able to use SQL injection so we can come back over here I think that looks all right we'll come back over to our server code so now if we just refresh this we'll see that things have changed we Have our our title changed this is changed have our sign up page and that is now bubbles instead of text and the first thing I think we'll do is uh just start by by installing the actual SQL package that we need and we're going to be using SQL Alchemy so you can
just type in PIP in install right here flask and then we're going to use this right here so that is how you spell that out that is what we're going to be using and then we will Need to actually import this so we can say from flask uncore SQL Alchemy import SQL Alchemy I believe that looks right and it is not because we need this to say from so I believe that is actually right and the next thing we need to do is actually set up our configuration for for the database and something I want
to show you for setting up database configurations now this is the first database I have used with SQL Alchemy so I actually had to come over to the documentation and start reading so if you come to our database and we log in you can actually see what database we're using you can come over here and read about our database now what we're going to be typing out is a little bit different than what they have on their documentation because we're going to be using SQL Alchemy with flask this is just the general basic code that
you would use um this is not flask specific So I had to read through this and then also read through flash so if you're wondering how I learned this basically come over here and read that is how you're going to learn a lot of things that you don't know how to do so this is new for me this is the first time I've set up a database with flask and Alchemy so um when you read this just know that the way that I came up with the code that we're about to type out was purely
by reading the documentation and I'll Try to explain it so we have our app right here and we want our app to do something so we're going to say app.config and we're configuring um up a Alchemy database and so when you do that you have to type this out in all caps this is going to be a key this has to be exactly how it would be used with flas so this has to be in all caps I'm actually going to copy and paste it from the documentation so that way I don't spell anything wrong
you have to spell Everything exactly like this because you're is going to configure with flask and this is the key that flask is going to use in order to set up the database and then you can come over and this is going to look exactly like the documentation right here we're going to be using MySQL Pi MySQL then we're going to use our username which is going to be root our password which is for me is going to be password and it's going to be at Local Host because we're running This on our local computer
and then slm my DB so this is where I get this next part from is really just right there so come over here and we just type in MySQL plus and if we wanted to we could actually just like copy a lot of this we'll just copy just this part right here because that's what I haven't typed yet um we have the plus paste and our user my user is root my password is password and it's at local host and for me I type in SL mydb this is my database Name right here so we
have configured are my SQL database now we want to set up the tracking modifications this is something that I'm not actually sure we have to do but when I was reading about it I decided to go ahead and show the full setup so we're just going to come over here and we're going to type in and I'm actually going to copy this as well so I don't make any typos because this again is the key that flask is going to use has to be in all caps and we're Going to say equals false just like
that so I think that looks right and now our database is actually set up pretty simple now at this point all we want to do is say our database equals and then we're going to use SQL Alchemy and then we're going to say with our app so now when we use this later we can just type in DB to call this right here so again this right here is our app and we're configuring the key to reach out to our actual computer um This is going to sign into our actual database right here that is
what this code is doing we're using the MySQL the pi SQL and we're going to be logging in as our root user as our password and we're going to be going to our database so this is going to pull the information from the local host in our database my database so if this was launched on a live website and somebody got access to your code on your server they would have access to your root and your password They could log into your database and they're going to know what database you're using right here and they're
going to be able to pull down the US users because we're going to be using the users down in our statements a little bit later but this has to be in here sometimes people will create a separate file and put this in here and then they'll come up here and they'll import that file so that way they don't have this on their server code but Either way you can get to it so if you get code execution as a penetration tester one thing you should always be looking for is the password of the database and
the user and log in and see what information you can find because this has to be stored somewhere for the actual ual server and the program to connect to the database over here that is running on your Linux or Windows machine so that is what this does and that is how this works I think it's a Lot more straightforward with nodejs because it literally just says like uh DB name would be the name of your variable and it would be my DB and if we were using node SQL it would literally be something like username
equals and it would be root and then it would be password equals password and then you would say um host equals Local Host and so you can see like in nodejs this would be a lot easier I actually think this might be a colon in node.js uh the Syntax is now not fresh in my mind um for node.js but this would look a lot simpler than this right here but this is essentially what we're doing so when it tries to connect it's going to grab our database name which is my DB our username right here
our password right here and Local Host right here and then it's going to log in so that it can make statements so that is what that does I hope that is clear now if we come down to the login we're basically going to Just delete all of this and we're just going to go ahead and start over I'm typing this from scratch so we can go ahead and tab over so we have our correct spacing and if you remember what we want to send send over was the message and it is empty strings just like
we did before so if we save that we come over here you can see we're going to send over our message so that it shows up and is displayed in our HTML page so we have that there and just like We did previously we're going to have an if statement and if the request method is a post then we want to do something so we'll say post uh one thing I don't like about using vs code instead of py charm is in py charm you can just hit Tab and it'll move outside of that um
and inside of vs code you got to click out of it sometimes you can um just press the quote or whatever the button is it'll move over just a pet peeve of mine with using VSS code instead of pie Charm uh that has nothing to do with anything so the next thing we want to do is grab the username so from the username we want the request form and we want to get the username and so I'm going to explain this as we go and then once we're done I'll come back over and explain all
this code together so we have the username and we I get that from over here the username so the name of this is username and it's going to get the text or the Information that is put in right here where you see the username so if we come back over here you now understand like where this username came from it came from the form over here on the login page so right here this username so the next one we're going to use is the password because we need to get the password so what we could
do is you could just copy this and paste it but I'll retype it out um so that way I can just explain it again we have the Password and we want to do a request. form so the request from the post request it's going to grab the form which is this right here this form and it's going to look through everything inside this form and I just messed that up it's going to look through everything inside this form and it's going to grab whatever matches this password right here so when you see this password equals
so we're setting a variable and it's going to go to the request form so We're making a post request if the request is a if the request method is post from the request that is being sent over we're going to grab the form which I think I might have one saved over here so we have a post request right here it's going to grab the username or the password right there just so you can see what that looks like so this is the form that is being sent from our page right here over to the
server and this is it right here so it's going to grab this Password this information that's right there so we can take that and we can say get and single quotes password so we're grabbing in our password and now we get to make our query statement so we can just save this as query statement equals and we're going to make this an F string and so this is the actual statement that is going to be um sent to the database so if we were to come over to our database and we wanted to pass this
over instead of saying um what did we say Earlier select all from users uh we actually need to use my DB and now if we do that we pull down our user right here so this is a SQL statement so what we want to do in a login situation is we want to check so we'd say select username from users where username equals and I can't remember if this is single quotes or not and we' say admin uh single quote and it's going to grab our username right here so this is a statement so essentially
what we want To do is we're going to select the usernames and this is whatever this admin right here is what is going to be passed in as a username you'd pass in a username and the statement wherever it is over here is going to see if there's anything in this database with the username admin and if there is then we would add on to this specific statement and we would say the password equals and in this case it would be 1 2 3 so if we pass this in I'm Actually not sure what this
will do if we give it something Blake it's going to tell us that it does not exist so let's see if we type in what was the password 1 2 3 um we do get the user admin right here and it would send that back to our server so this essentially is what we're going to be making over on our server so our database query statement is going to select a username so select the username which is this column right here from the users table which we created earlier so If if we just type in
uh is it show tables uh you'll see that we have this users right here this is something we created and it's going to grab the name that we input right here so this is what we input from right here it's going to be admin and it's going to look for the password that we put in right here and if the password is wrong it's going to give this empty set and it's going to say the user does not exist if the user does exist it's going to grab the Username and send it back and display
it down here and say like welcome admin or something like that so if we come back over here we can type out our statement so we're going to retype this and we're going to say select username from users where username equals and so this is going to be our um vulnerable code right here so the way you would make this vulnerable is by adding in these single quotes so that way we can escape them and then We're going to pass in the variable username so this is is the username uh that we are passing over
from right here so whatever we put in right here is going to come through so if we wanted to break this you'd put in this single quote and this single quote would show up instead of username and so what happens if we put a single quote in here well it's going to break our query statement so if we come back over here retype this out and we say we want to Put in the username which is right here whatever the user passes from the form we're going to just directly insert that into our code so
we can say and password equals and we're going to have single quotes and we're going to do the exact same thing as we did before and we're going to say password so there's a few things in here that you'll probably notice that looks different than most SQL statements if you are looking at Code that like an actual SQL person's writing um this would be in all caps pretty sure we don't need all caps for the select from and where those are typically what you'll see in all caps so you'd see something like this if you
were on a try hack me or hack the Box CTF it would look like this um but it's not necessary to actually make these all caps it just is common practice that you're going to see I usually don't do it as you see over here because I think It's a waste of time for me to try and put those in caps just because that is how it's done I don't really like doing it that that way so I might not do that later that is going to be our query statement and right here if we
put a single quote that will break the statement so that way we can actually do some SQL injection and I'll actually show you in a little bit how to make this secure so the next thing we need to do is take the we're going to create a Variable and it's going to be result and it's going to be the DB engine. execute um and this is basically just telling it the server that we want to execute the query statement P so that way it will actually send this to the database and this is what we
get back so we're going to save that in the result so this will send it this is going to send the request the this statement to our database over here and our response which would be like this empty set or The admin is going to be sent back over here and it's going to be saved in result and we want to reflect the result onto the page for us but we'll do that in just a second before that we have to say the user equals and we're going to say the result do fetch one and
we got to call this method right here so the fetch one is just going to grab the um line back from over here and it's actually going to give us the user That's what this fetch one method does right here so we get the result back from the statement over here so we basically would receive all of this back from the server but we don't actually want to grab the user we want to grab the username so the fetch one is going to grab not the first option but the second one which is going to
be the user name from the result so we get the result back bam this is our result and we don't want to grab the first option We want to grab the second option which is going to be our admin right here and it's going to save that as our user so that's kind of what the fetch one does it takes our result that comes back from the database and it grabs the actual specific user which is why that is called user right there so now what we're going to do is we're going to create an
if statement we're going to say if user um so if we have a user come back Instead of a error message like um so let's say we actually get a user back right here instead of this empty set because we didn't get anything back and we put no password in if so if a user comes back we want to do something so we're going to say message equals and we're going to make this an F string and we'll say welcome and we'll welcome the specific user by saying uh let's grab the username so that is
the name that They signed up so we can just grab this username and we don't actually need to grab this one right here so we can use the username because that's the one that they signed up with and we can say welcome to the user and we'll just say else if the message doesn't contain anything then we're just going to say the message equals incorrect username or password so the message right here the Reason I save this as the message variable is because if we come over to our login we want to display the message
so we're going to be saying welcome to the user or we're going to be saying you gave us the wrong password now lastly this should be looking really familiar to you at this point we want to do what we do right here and we want to return or render back the login with the message so as we have seen previously we want to Return and we want to render the template and we're going to render uh the login. HTML and we want to send along with it the message variable and it will display the message
variable in the proper location so if we did all of this right and we actually imported all of our stuff and we installed SQL Alchemy properly and we have our database set up this should work at this time the odds are very slim because I always have Typos but let's go ahead and run this and it is running so let's see if we refresh this page and let's just try to log in as the admin let's give it a bad password submit and it actually works that kind of surprised me we get an incorrect username
and password but let's say we log in as admin and we give the right password of password 1 2 3 and remember if we want to check this we can inspect we can take this type password and we can turn it into text and we have Our password typed in as 1 two3 that looks good and we can submit this and we get welcome admin and so one thing that I like to do if I'm playing around I'm just trying to learn what is going on I love to run things through burp so we can
type in our password again I actually think I might have spelled that wrong this time but we'll be able to see it we can come over to our proxy we can intercept the request we can hit submit and we're able to see we have the admin And the password of 123 and just in case burp is not working um with your Local Host I can't remember if I showed you how to do this already or not uh you can set up your Local Host to work by going over to about config and you can run
this we can accept the risk and over here you just type in proxy and the one that says hijacking right here you want this will be set to false and you'll want to set it to true and you can do that by clicking this right here and When you have this little arrow it means you have done that properly and burp will actually work for you so that is how you set that up to work with Local Host so we can actually see what we have right here we have our post request it's coming from
our Local Host we're using Firefox a lot of this stuff right here is going to all be set up um by flask and Ginger 2 automatically and then we have our parameters down here so we have the admin and we have the password and Also this would be a vulnerability because you shouldn't be submitting um things in plain text like this and we also when we store over here another vulnerability is we would want to have this hashed I'm not actually going to go through how to Hash all this because it's just a lot of
extra server side code that you're probably not going to remember because I don't even remember I know we would need to install a hashing program I think it's called bcrypt in Order to encrypt these from our server but we're not actually going to mess with that but this would be something you would be uh this is something that you would find as a vulnerability you wouldn't want to do that it'd be bad practice uh you'd want to change that this also you wouldn't want to send this through in plain text so we have this setup
right here so you can look at this and if we wanted to you could send this to repeater which is what I guess do now And look at some SQL injection so if we came over here and we just delete the three we send this we see that we get an incorrect username or password and that's because our password is wrong and if we type in a three it's going to tell us welcome admin so now at this point we could start to mess with SQL injection but one more time I want to walk through
this as a hole now that it's done um so that way you can really really grasp what is Happening basic route that we have right here the slash login and we have the methods of get and post so a get request if we turn berp back on over here a get request is just us trying to get the basics of the page so right here we have a get request a post request is when we want to send information to the server and we want to see if we can get information back from our post
request so we're going to post this so we're posting this information to the server Right here a post request and then if we wanted to you could see what we get in response by saying do intercept where are you do intercept right here and we could forward this and then we see the response so we post something to the server it's going to tell us in response no that is what this right here does as our get and post request so our login function that we are calling when we run our login uh route right
here we will are storing our empty message so we need To create a variable that we can later uh change so right here we are creating the variable empty string because we don't have anything in it yet we're going to return it right there so we have our empty string if the request method is in fact a post then we want it to do something so when we saw in burp that we have this post request right here is if the server sees that this is post inside of the request method that has been sent
it's going to grab the Username from the form and the password from the form so it'll go to our HTML it'll look for a form and then it's going to look through the form and see if there's a username and a password and we can have multiple forms and we're actually going to have one that is a username and a password for a sign up here in a second but we'll have to call this like username for the sign up and the password for the signed up so that way when it goes through all the
forms On all the page it will grab specifically the username and the password so it looks for those right there it stores the username as the username right here and the password right here this is our query statement that is going to be sent to our database so we have the select users or the username so it's going to grab the username it's going to say select admin from the users table which is going to be our table up here so if we I think I Said show tables select all from users um we could
just say oh right here I did it recently so if we select our tables that's what it's doing so we have select the username select admin from the user's table where the username equals and then whatever username got passed in right here and the password equals whatever the password is right here and so if this and this comeback is true in this statement right here it's going to grab grab the user and we're going to be Able to add in our welcome sign so if this comes back false it's going to come down here to
this else right here so if there is a user sent back from the database like we saw right here yes there was a user sent back from this statement because this is a true statement we select admin so we're selecting a username from the users but the username we're selecting is admin and the password is 1 23 this is a true statement Therefore we get a user back we select username from right here so from users with admin and a blank password so just to show you again we could put in here uh wrong pass
and if we run this it's going to give back this empty set because this is the wrong password for the admin and because it's the wrong password it'll skip over the if statement this is no longer true because we did not get a user back and because we didn't get a user back it's going to Send this incorrect username and password so you see that right here we must have typed in admin some bad password and we get incorrect username and password but if we type in the right one and we say admin and we
give password one two 3 we are going to get the welcome correct password because the statement was true all right now that we understand this and if you don't understand it maybe you could rewatch it because this is really important that You grasp this in order to understand the SQL injection so now we can come back to our burp request we have our repeater right here if we wanted to uh do SQL injection because we don't know the actual password what we would do is come over here to test for SQL injection you're always going
to want to cause some kind of internal server error so you can just put in a single quote right here and we could send this over and we get this internal server error right Here and I believe believe if we come over here and we just send admin with a single quote we're going to get back an error and it's going to tell us what our error is and you could read it right here um basically it's improper syntax so we have a syntax problem if we scroll down it's going to tell us right here
is what is happening so we have our statement right here and we have these two quotes right here which breaks this statement and it no longer works and we Have in issues so we can come back to our burp and so we get this internal server air and just to be clear like sometimes people store cookies inside of databases and so instead of looking at this um let's see if we select all from users um instead of just having a username or user ID a username and a password sometimes you will see in here a
cookie and people will store the cookies in here and they will have on their server side code a button that Logs out and it will erase this cookie and it will be blank and there will be nothing there so that way there is no session and you can actually sometimes do a SQL injection through the cookie because this is stored in the database and they have the code written to check to see if there's an authenticated user like this instead of password it would just say cookie and you would have a column named as cookie
so sometimes you can use that instead of just looking at This password so if you had a cookie up here you could put in a single quote and see maybe that cookie is stored on the database but that is not where we're at right now so for the SQL injection we're just going to do a really really basic SQL injection just to bypass the login not that we're going to try to do too much and try to grab all of the users but what we're going to do at this point is you can actually just
put in the dash dash and if you send this you're going To notice that we get this internal server error so when I first mess with this you'll actually see um over here I have this Dash Dash and I submitted this and I was like dang what is the problem well there's a couple of things you can do first you can just delete that and you can put in the pound and you can send this and it's going to tell us we are logged in so if we come back over here and I don't think
I ever tried this one over here we can put in the pound Sign and you can submit this and it's going to tell us welcome admin and so we are able to log in and let's see we get this if you're wondering why this is right here it's because it's reflecting exactly what we put in right here so this is grabbing from the form exactly this user right here I believe if we put in right here just user this will reflect just the user so let's go ahead and give this a try because I have
not tried this we submit this and yeah you See admin without the quote and just to explain what I just did um because we're grabbing the result and the fetch one and and I explained this a minute ago um we're actually grabbing not the username CU this would be the First Column we want to grab the second column the fetch one is going to grab the admin so in the response it's going to grab this right here so that was why I could change this user right here to user instead of username so you could
actually have this As the user the username right here because we're grabbing the username that was put in and this is when we have the pound sign and if we use the user this is is going to be actually what's coming back from the database so now if we come back over here and we do the admin with the pound sign you're going to see that we have the admin with the pound sign um now let's come back over to burp so the problem I noticed is if you run this this is not going to
work um but I Realized if you had a space in right here due to the way the syntax is sent over from the server it's going to store this space and I guess this space is needed inside of the query statement that's sent to the database so we would need to send it this way and if you have the Double Dash and a space you will be able to log in also as the user before we move on to looking at the secure code I want to show you the union select statement so if you've
been around the Bug bounty hunting or web application hunting testing world at all then you're going to be familiar with Union statements so if we go over to burp then you will be familiar with a statement that something like this I'm going to go ahead and type it out and then bring you back so you don't got to watch me type it and we would have the admin just like we did before and then we close this off and the union select just means in addition to the previous query we want To make an additional
query and we would say Union select uh the password from the users and then we do the same comment out so it's going to grab the password for all the users or we could just say the username because we have this category as well so we could grab all of the users and I actually went ahead and add added another user so if we show all users you're going to see I added Bob and he has the same password as well so I added another user so that Way you could actually see it show up
over here so if we run this you'll see that I have a typo because we don't actually have this set up we have it to fetch one right now so it's set up to only grab one individual user from the database so we would say fetch all and if you used fetch all inside of of flask you would definitely not be reflecting the user over here in this message you would definitely keep the user that they typed in uh so some people might use Fetchall if they if they don't know what they're doing but you'd
really have to not know what you're doing so we have this statement right here and if we wanted to display all of them then we would need to add to our welcome statement and not just display this one username or even this one user so I can show you if we just type in user like we had previously and we we save this and we come back over and we send this you're going to see that we get our Users back but it is not in like super great format I guess I was going to
try to format it so it'd be easy to read but you can figure this out um so if we actually took this Union select statement and we copied this and we saw what this looked like as it reflected up on our screen you would see that is not what was supposed to happen we were supposed to get back this right here so and but if we add in the the pound sign we don't Actually need the Double Dash or we don't need the space afterward so you can see if we wanted to run a union
statement we get back the users right here we could also instead of just grabbing the usernames like I mentioned earlier we could just say we want the password for all the users and we have another typo so select the password from the users table and the problem again is that Double Dash we submit this we're going to get the admin and we get back Password one 23 so in this case we get back the user and the password and I'm actually not sure why it did that should have given us just password 123 twice but
I mean in the real world this would be great because you would have credentials now for the admin or the first user in the database which is typically going to be some kind of administrator so if somebody had SQL injection and they had fetch all you're going to be able to see everything Inside the database if they have just fetch one um we would have to actually try to fetch each one of these one at a time let's see is this one with the pound sign and you'd go okay we have the admin um and
then you'd have to try to figure out how to pull down other users in this case you're only going to be able to get the username but that would be uh okay I guess because we could still bypass this and log in as the admin with the simple Um admin and the pound sign so we could still log in as admin well with that um let's go ahead and check out some secure SQL code and I'll explain how that works so let's go ahead and create another submit form actually I think we'll just do this
on a completely different page so that way our server side variables um don't get confusing like if we created this inside the same login function we'd have to create like a username one username two password one and that could Just get confusing so actually what I think we'll do is we will just create a completely allnew app. route so we can just create this real quick and say app. route and I think actually what we I will do is just copy this just to get the basics of this started so we can just copy this
paste it in we can just call this one register and we can leave the methods and we will call this register as well and then we can start writing all of our code in Down here but before we get too far with this I think what we'll do is also create our new file and we'll create our Ser we'll create our HTML stuff first so that way we have all of our um variables already set and we know what we need to call this stuff over here so we can just make this and just call
it register. HTML and we can move this into our templates we can come over here and create our form so we really could just copy this stuff over here and paste it In on this side right here and then we can edit what we have right here so we would change this to register we can change this also to uh we'll just say create an account and we could say this is where we create accounts we'll also need to change this login right here to whatever we called this right here so we'll need to change
that to the register we'll paste that in to make sure just in case I have a typo that it will still work for me and I Think what we could do is just leave the rest of this it actually looks like that should work so let's go ahead and save that and we can come back to our server and we can start writing the server code now some of this is going to look like this up here it's going to look really familiar to you but some of it going to be a little different cuz
over here we're going to create the secure code and I want you to be able to uh see what the secure code looks like So actually instead of you just watching me retype all of this out um I'm going to copy paste this and then just edit the stuff that needs to be edited and then I'll walk you through what I've done and what I've changed and why it's secure okay so I have finished typing that out and here is what we have so we have our message let me just go ahead and space that
out out um our if is just the same as we saw previously we have our if this has a post in it so if the Request method has the post and if this is new to you you can go back and Rewind to where I explain this stuff to you so inside of our form which we have over here our form which is a post going to our register we're going to grab the username and the password and we're going to save them right here so our request form is going to get the username and
the password and we are going to check this query this is a check query so it's going to check to See if the username is going to equal the name that gets passed in and it's going to do this with this little placeholder so that way if you put in a single quote or a double quote it is not going to actually break our query right here so it's going to take this and it's going to you run the check query it's going to pass in the username so our username is going to get passed
in right here and this is the username that we Gra grab over here so it's checking the Username from the user where the username is equal to this specific variable so this username is going to take over this right here and then we shouldn't be able to do any kind of SQL injection with this right here and if the user exists so like let's say we want to create another user named Bob we're going to get this message back right here if it doesn't it's going to insert into the users the values uh this VAR
or username and our password and I'm Pretty sure with the insert into users you can create a payload if this is not written this way you can't do any kind of login or anything but you can actually like delete stuff or delete the users table Al together when you um are able to inject into insert into users instead of what we have up here so I'm actually not going to cover that um SQL injection because you would never do that you're never going to actually delete stuff from somebody's database if You find a SQL injection
that is an insert into you would not delete anything so we don't actually need to cover that but that is the difference between this right here and a select statement from SQL injection so I hope this makes sense we have these values are being passed in as variables so if we put in a single quote right here it will not break this string it's actually just going to store that single quote inside of our data base over here so if We put Bob with a with a single quote it's going to store that over here
with a single quote and we're going to do that in just a second so you can see it and then we're our message is going to read that the user has been created or right here that the user already exists let's go ahead and come over to slash register I didn't create a button for this on our homepage so we'll just have to put in the direct route to get to register and I don't know why that Didn't work let's try this again here we are we have made it to create an account so let's
just try Bob and we'll just sure we'll use that and if we submit this it's going to say the username already exists so that is in fact working the way we want it to so what happens if we type in um our admin I want out of there I want to type in admin I don't know why I'm getting this Sav login so we'll say admin and we'll put in our single quote and then We'll just use a random password we just call it password 1 2 3 just like we had before so we got
our admin with the single quote submit this it's going to say registration successful and the reason I'm not enjoying whatever is going on with this right here the reason this is working with the registration successful if we come back over here to our database and we select all users you're going to see that it just treated this as though it was part of a name the Reason you don't usually see something like this in a live website is because they're going to have blacklisted characters so you aren't going to see a bad character in any
kind of Gmail or anything like that so you could just allow users to create bad users and take up space on your database or on inside of your database or you could just like Blacklist some of the bad characters and you don't have to worry too much about it because if somebody puts in a bad Character and bypasses your Blacklist then worst case scenario you lose one space on your database so you really typically you'll see people do some kind of black listing so those characters aren't allowed and this will be a really good um
refresher for just some basic python scripting if we wanted to make a list of blacklisted characters we'll just call these uh bad chars equals and then we're going to put in a list of them here We'll just put in something simple so we can do our single quotes so we can do um double quotes and we could put in um like maybe this col right here I need to be consistent with these we'll just put in a couple because I don't actually care to make a bunch of these so we could just put in some
of these bad characters and then you would just write a simple function very basic simple python function like we have done in the first four or five Hours of this course just making basic functions we just say Def and then we would just say black list and so we'll call our function Blacklist and then we're just going to pass in a parameter right here and then we're going to say for um the characters in our bad character list we want to do something so we'd say if the character in the word so we'll just say
s because we're grabbing our parameter right here remember um lower right here lower so We'll call the lower method and then we're just going to say return true so this can stop what we have going on if there is in fact a bad character and then it won't post that to our database so we can say return um false so that should work um but now we need to make an if statement around our check statement so if we come right here we need to indent this so we're still inside this specific if statement and
we'll say if we have a if if it contains A bad character inside of our username right here then we can do this right here so it's going to run this if statement and see if this works if there is something inside I just realized that I was making a mistake we need to not change that we need to create something new so underneath here this needs a semicolon come right here or a colon we can come right here we can type in our message we want to be able to send a message uh that
no Hacking to the user and what we want to do is return and we're going to give them back the uh page that they just came from so we'll say return and we want to render template and we're going to send them back to register. HTML with our message so it can be displayed so message message equals message just like that so that says that it failed and we have a typo right here and a typo right here so we run this again and I Apparently don't know how to spell return because I now have
another typo let's see if this runs this time okay there we have it running let's go ahead and refresh this page and see what happens let's go ahead and type in admin single quote and anything any kind of password it says list object not calculable and uh now that I'm looking at this the reason we have this type error is because what I did was I grabbed this bad characters I didn't Pass through our actual function name down here to actually call the function I was thinking this was what we named our function so we
need to fix our function right there and save this and that should have fixed all of our problems so let's refresh this page delete this here let's type in admin single quote just something in there and it says no hacking so you see now this is not going to store into our database because we have this black list this Will save you space inside of your database if somebody is doing something like that that's kind of why you don't see um single quotes and things like that being accepted in usernames or emails whenever somebody signs
up it's typically because there is some kind of black list some people might have a white list because it's more secure but in this case uh I don't think that's necessary to do because if somebody is going to just fill up your database they Can do that with invalid emails just as as easy as they could with emails or usernames that have a single quote if that makes sense to you so again here's all we had to do was some basic python that you've seen a whole bunch of times by this point make a list
of Bad characters Loop through the bad characters with um our parameter right here so we add in this s but the S is actually being passed through as our parameter down here so actually instead Of using S what would probably make more sense is to just say uname so we have the username and down here you can see that when we call this what we're passing through is this username right here that's been taken by the user it's being passed through what we name this does not matter so we would just need to change that
s right there hopefully I don't have any typos again and you should be able to just redo this register and say Admin with a single quote submit and we're going to get no hacking so this parameter name right here U maybe it makes more sense for you to see this un name so this doesn't matter what you name this this name doesn't really matter um but youve we've already covered all of this in the past so then we take our message we're going to do the same thing as we've done in the past right here
don't need to explain it again and then if we Blacklist all we Need to do is make an if statement and say if there's something in The Blacklist of the username then it's going to call this function it's going to Loop through our list right here and if there's no bad characters then it's going to let us proceed and it's going to come on down to the next part of the code and it's going to take our username to see if it exists and right here you can't hack this because we're taking and right here
you can't hack this with SQL Injection because we're taking in this variable that is going to be stored in the database if it is something bad so this is the secure way in flask to write this and that is pretty much it the rest of it pretty straightforward so that is SQL in jection now let's go ahead and check out a new vulnerability if you have questions on this please let me know down in the comments and I will try to answer your questions in a separate video and cover the SQL injection with Python so
that way it's something that you're familiar with you see and if you have any questions I'd like to be able to answer those and clear that up all right we are going to be switching over to a new vulnerability and we're going to be looking at the open redirect right here and so this might be new to a few of you and this vulnerability can be considered very low in some cases like if you're just trying to use it for fishing attacks but if you're able to Get a server side request forgery which I'm going
to show you as we build out our application on the server side you'll be able to see that this can actually be something that can be a little more of a high risk of vulnerability but just starting out um what is open redirect open redirect is pretty simple so we are on mysite.com and we have just a page called open and the URL and it's going to send us to this website so if we see something up Inside of a URL that just says URL and then has this equals right here and it's going to
take us to another site maybe within our own website this is just going to take us to a different directory and inside of flask this is really popular because there is something just called re I think it's requests and you are able to just call this function or this method inside of your server this is something something you'll see a lot in flask applications Because it's really simple and people don't understand that it can be vulnerable so basically really simply put an open redirect is instead of something just taking us from my site to a
designated site right here we can change this to whatever we want and we could just change this to attacker.com and you would now be able to send this out to other people and they would see this right here and they would think okay well I'm just going to go to the Mysite.com and they might ignore this back here where it says attacker.com so for example if we take this right here over to burp and we put it just inside of this decoder right here for just simple purposes you can see this like we have attack
attacker.com and we could even delete the home right here and you'd say well I noticed this attacker.com and I would never click on that but what happens is sometimes people will do this and they'll take This and they can encode this with with URL and now look at this down here it just says mysite.com and then you have all of this over here with this URL encoding and a lot of people aren't going to know what's going on right here and so this is how a fishing attack would work with a open redirect you could
just say mysite.com people think they're going to whatever it is and then you actually have an CL you actually have a cloned website over here that Looks like mysite.com and then you just URL encode it so they don't know where they're going so that is one way that this could be used inside of fishing another way that this can be used is to grab I guess I already covered this a little bit so mysite.com um and you have attacker.com over here so think you're going to mysite.com you end up going to attacker.com I covered that
without looking at the slide but another way to steal information is you have mysite.com And we have this same page right here and then you're passing in the parameter reset and then you're going to have this token which or I spelled this wrong right here but that's okay so you have a token and this is your token and you're going to send this to uh attacker.com so let's say you have this mysite.com if you were able to send this to somebody and you're able to grab this open redirect uh what happens is you could steal
a token or cookie or a session by Redirecting somebody to your own page and the way this would work or the way this would leak just so you understand what is happening um if we are on google.com which we are and we click on hacker one right here if we were like signed in to Google or something and we wanted to steal some information uh what you would see inside of your console in the logs is that you were referred from google.com so we are actually on hacker 1.com so we click on hacker 1.com we
are Sent to hacker 1.com right here but we were brought from google.com so the attacker would actually see inside of this refer right here the site that you came from which would look like this right here this would be the refer if you actually clicked on it and went to attacker.com and they'd be able to see the token or the session so that is another way this would work another one is is a serers side redirect we're also going to look at serers side request Fory within this um but this is pretty simple this is
where I show you that we have the URL requests and then we just have this redirect um we have the redirect method which we have being called right here so we have this redirect and then it passes through the parameter of the URL and you can change this URL to anything you want which is why inside a flask this is something that is really common to see especially with young developers who don't know That this redirect can actually be used to take you to a malicious website so on our page vulnerable redirect um we call
our decorator function and then we have the URL so from the HTML it's going to get the URL that's being passed over from the HTML and then it's just going to redirect you to that page but what I think most people Miss is that we can actually open up a proxy and we're able to change this to whatever we want or sometimes you don't even need to open up A proxy you can just uh change this directly inside of the browser of the page so the last thing I want to mention on this is if
you're doing some kind of um ssrf with flask it's really hard to actually grab files with s srf but you can do an internal port scan which we're going to look at in just a minute so the last page I have here is let's go over to vs code open up our text editor that we have been using and we'll go ahead and get started coding this out and I Hope that this was helpful so this is kind of telling you where we're going to go um but now we're actually going to look at this
and just in case you're wondering this is a pretty common vulnerability that you should be aware of so let's go ahead and start typing this out so here we are on our vs code I am going to scroll down to the bottom so we just created this register we're going to not need that anymore I'm going to make a big space right here so we Have lots of room to create our route for our open redirect and then also we're going to need to create a new file I think I'm just going to call it
redirect HTML and then we'll just drag this up to our templates and we will move it and I think what we can do is just I'll just type this out um before we go ahead and start our server code just so we have the HTML set up and I'll try to explain this as we're going and then once we're All done with our server code we'll come back to this and I'll show you how all of it links together and is working so our title we can just call this redirect if we would like down
here in the body we're just going to start out with an H1 and we can just say uh open redirect so the way we have a page title on the front um we're going to make an image with a redirect and then we're also going to make a redirect with uh just a simple input so that way you can kind of See it in two different ways and hopefully get a grasp for what is happening so inside of our anchor tags we can put in our image I'm just going to use our logo that we
used earlier the same way we have been doing um image links so we'll just say static logo and then and we just are going to create a style for inline styling only because I don't want the image to be gigantic so we'll just say we want a height of 100 pixels and we'll make a width of 100 Pixels as well so that should make that clickable and now we can come back up here and we're going to make one of our routes it's just going to be called open and we're going to send it to
the parameter we're going to pass in parameter so we got URL equals and then just HTTP SL slash and then we're going to send it to our local server because we are running on a local host and we're running on for 5,000 so the way it will Actually reach out to our server so this is going to be us just this image when you click this image it's going to just send you back to our index.html or our homepage so that's all this is doing right now at this point and then we can also do
the same thing with a form so we can just come down here and type in form and our action is going to go to the route or go to our route of open we'll open this up and inside of our form we're going to want a label and we can Just say the label is for the U URL and we're going to say redirect two just so that way we understand like what we're doing inside of our form the put is going to be redirecting us to somewhere so our input type is going to be
text the URL name is going to be URL so that's we're able that way we're able to grab the information that is passed over we can put our ID we don't need an ID right here so what we could do is we could just put a placeholder and we can Say your url the basically this is just where we want to be directed to that's just going to be in the box so this actually we don't even need that if we don't want to um um have it in there so then we're going to also
create an input and this is going to be the type submit this is actually going to be our button so if we wanted to we could create this as a button instead and so we'll give it a value of go so I've shown you how to create buttons in set of inputs in the Past as well so this should give us our form and if we try to go to our redirect HTML right now nothing is going to happen because we have not created our route for it over here so if we wanted to see
what this looks like we need to go at app. Route and then we want to pass in the redirect we need a slash redirect which is the name of our HTML file right over here and we're going to give it just the method of get so we'll say Method equals inside of brackets inside of quotes get just like like this um we could put a post in here but we're not actually going to be making any post requests so we can just leave it with the get for now and then we're going to give it
our decorator function of redirect and we'll say page and then we want to return and all of this should be really familiar to you at this point because we have done this several times this is basically just setting up a Route that's going to send us the page that we just created so redirect HTML and if I have no typos when we open up Firefox and go to our page we should have that should have worked but I bet our server is not running now it's running and we run this and we're brought to our
page right here so if we go to redirect hit enter and we're brought to this page if we click our button we are brought back to not the homepage um we're actually given This redirect right here that is not taking us to our H page page for some reason but it should so uh the reason that's not taking us to our homepage is because I haven't set up the open um route yet which makes sense why that's not working and then our button is not working here so let's go ahead and just turn that into
a button real quick and what we'll do is we'll just say button and we're going to give it a type of submit and now if we come over here And refresh our page we did not give it any value so we could just type right here and say go save refresh the page and now we have our button that is working and we didn't give it any URL which is why you see this up here the open is not set up yet either which is why it's not found but our button actually works and it
is submitting what we have going on right there so now it is time to go over to our server again and actually create our open Redirect Mis configuration and I'll get and you'll get to see exactly how the open redirect and the open redirect with the server side request forgery works now this is going to be a bit more code than you would typically see in a vulnerable application so we're going to write a few extra lines like five extra lines just so you're able to see exactly what is happening rather than me just writing
it how it would actually be and you trying to exploit this blind or Guessing what is happening so we're going to add in a few extra lines and I'll tell you which lines are extra just so you're able to see what is happening so the first thing we're going to do as always is start out with our app route and I'm just going to copy this so I don't have to retype it we're going to call this open we can save this um we're not actually rendering a page so we don't need to create an
HTML page we're just trying to hit this route and you'll See if we were going to render a page we would put something like this in here and because we're not rendering a page we don't need to actually put anything in here and the next thing we need to do is call our decorator function and we'll just call it open as well and then we're going to say um our Target URL is going to be equal to our requests and Dot the arguments coming from the URL which is actually going to be the URL Itself
so all this line is doing which you should know by now whenever we're using the request and the get um we're getting the arguments from the URL so if we come over here we're going to be looking for this URL right here and we're going to be grabbing the information from that specific URL so over here we're going to get this URL and again it's just what's inside of here this is what we're going to be grabbing so if we come back over here we Can tell it that we want to save another variable as
action and it's going to be getting the request args just like we had previously and over here we're going to put in action and the redirect which reminds me we are going to need to import the redirect and you can actually just type in PIP install request right here because we're going to be using the request in order to use the open redirect um method or function so you can just hit pip install request I've Already done that and then you'll also want to import this up here at the top so we can comma paste
and put in the requests I'm not actually sure this is right we might get an error um because we might actually need to import something else up here but we'll figure that out whenever we get the err or we're at that point so let's come back down to our code and I think the easiest way for me to explain this line of code right here because you have this Action and this redirect right here um the action is something that shows up at the end of a URL and and so if we are doing something
like a open redirect you're going to see at the end of the URL uh something that looks like this let's just come up here to this redirect and we can just type in something to make it look fake and we'll just say question mark I guess it'll look real um but it'll be it is actually fake so this is what it would look like so this Action right here is what is going to be storing as this fetch so the action is going to do something and it's going to fetch the information um right here
from our URL that we are putting in as our open redirect so the action is going to grab that and then it's going to redirect so the get action redirect is a function or a method that is given like a dictionary um object in Python it tries to get the value associated with the key action right here if action Doesn't exist then it's going to default to the value redirect so that's kind of the best way I can explain what is going on um it'll make more sense once we actually start looking at the open
redirect and these URLs right here and what that looks like exactly so back over here we can come down to the next line and I'm just going to comment this so that you can actually see what is happening this is going to be the open redirection um part of the code so we Can say if action equals equals the redirect then we want to return the redirect Target URL so this is going to be the redirect method that I was talking about that comes that comes standard inside a flask so this is something that's really
common um and this target URL this could be any parameter basically whatever is being passed in right here in this URL so you could type in google.com and hit go and It's going to take you to google.com because the server is just taking whatever is sent in and sending you to that specific website typically to make this secure what you would have is you would actually hardcode in where you want the redirect to take you and it won't take you anywhere other than that but if you don't hardcode this in even if this was not
allowing you to type something in like this button you're not allowed to type in where you want to go You just click the button you could actually manipulate the code and then send it and it' still send you to wherever you want to go and could be used in fishing attacks because this is being passed in as a variable something that could be changed uh it's not hardcoded in so this right here would be the vulnerable part of the open redirect so if we wanted this to be like hardcoded so that somebody couldn't change it
what you would do if somebody Clicked on the button is you would say it's automatically going to take us to mysite.com and you wouldn't allow them to take you anywhere else you'd actually have like https uh or in this case I just put HTTP and you'd have this hardcoded in here so that it couldn't take you anywhere but this site right here so this is what it would look like if you were trying to make it secure or if you really did want to pass in a variable such as the target URL like This um
that is being passed over what you could do is you could use a white list and say only allow the redirect if it's if it contains mysite.com and has something inside of it which still could be vulnerable so you'd want to whitelist it with very specific things that they couldn't change to that is going to take them to places within the website so this is the vulnerable part of the code and I know this might sound like a lot right now it'll make sense as we start Exploiting it and you're able to see it so
let's go ahead and write the part of the code for the ssrf so this is the part that is going to have a bunch of extra lines so the way you can understand what is happening on the server side so the way it's not blind when we're actually exploiting this in the future it's going to give you information and you're going to be able to see exactly what is happening so these extra lines that we're going to Give right now are specifically for educational purposes this wouldn't actually happen on a production server so action equals
equals fetch so if the action is going to equal fetch we want to try and do something in the response we want it to give us a response and we want the requests right here doget the target URL and we're going to add a timeout so if the if it doesn't load in 5 seconds um then it's going to tell us in this Response that there was an error and this is so that way if we give it a false URL that isn't going to work um and we're trying to do some kind of ssrf
we're trying to grab some files off the server if it takes longer than 5 seconds it's going to basically say that that file doesn't exist or there's some kind of problem so if the response is a status code of 200 then we're going to return that we were able to re retrieve That specific file so we can say receed 200 or I guess in this case it could also be for the port scan so that way it might not be a specific file because with the way flask is set up it is really hard to
grab files off the server because it doesn't let you go outside of your specific application so the directory traversal is not possible to actually grab files so this would be more for the port scanning so we'll type in else so if the timeout happens else Um we want to return and we'll make another FST string and we'll say received a response do status code from the URL so uh we don't really need to type in from the target URL but we will just so the way we can see it inside of our error code so
the way you're actually able to understand what is happening when we're exploiting this that's the whole reason I'm putting this in here is so the way We actually get the information back so you can continue to learn and understand what is happening so we're going to add a few more lines I think it's going to be six more lines of code that is going to help us understand this when we're actually exploiting it so we're going to say I'm going to go ahead and type these out and then I'll walk you through them so that
way you don't have to continue watching me type this out so what we have here is the accept the request Connection um if the connection is refused so this is more for our port scan um and this would be more for the files I guess up here so this is for our port scan if we're trying to get a connection it's going to tell us the connection is refused if the connection times out it's going to tell us that it timed out and then we're going to get an exception and this is going to return
any errors that we might get and lastly we need to actually just return that we Can just say um specify action and URL parameters just in case there is anything else that could possibly go wrong and I think this should be it for our actual open redirect so let's go ahead and exploit it and then we'll come back to the code so that you can walk through it one more time and see exactly what's happening so now if we come back over here I think our uh server needs to be ran and we did get
an error that it says can I import request from flask so Apparently I have something wrong we'll go ahead and save that and I bet we get a couple errors and we might have to add some imports um but let's go ahead and try this so we refresh this page we click on this we get the redirect is not defined and that means we're going to have to import a file so we could actually just come over to Google and paste this in and see exactly what we need it is not defined it should tell
us if we need to import or something so it Says we need to import the redirect is what it looks like so let's come back over to our code and comma space save now let's come back over to our page let's try this again and our redirect works so I figured we were going to have to import something and we did in fact so if we are here on our redirect page let's just go ahead and delete that and come and we'll come directly to the redirect page so our URL looks blank so if we
go ahead and click this we're Going to be taken to our home page which is how that is supposed to work and if we wanted to let's look at this inside of our proxy turn this on we click the button and you can see right here this is where we would do something with this so if we actually send this to repeater we should be able to um turn that off come over to repeater we send this and it tells us you should be redirected automatically let's try a different port and if we send this
it doesn't work and That is because we need to add in our action equals fetch just like this right here so now if we send this we get a error back we're getting something different so let's go ahead and look through here this would be like an information disclosure which I was actually not expecting to happen we actually crashed our server and it's actually giving us the code this would be um a really good bug that I was not expecting to happen If you found this on a live program so you're actually getting the code
back from the server so let's go ahead and come back over to our text editor we have an error right here that request is not defined which means we need to import requests just like that I believe we need request with an S because that's what we're seeing down here save our changes come back over to burp now if we send this we get conf uh the Connection is refused so this is what I was expecting to happen so this would be more like a port scan so if we wanted to I am currently running
um burp Community I have burp Pro on here but we'll just leave it in community because that's what I have set up we could send this over to Intruder and let's say we wanted to do a port scan you could do like a simple port scan so if we wanted we could do numbers and we could do um because the Port that's actually going to return a good connection as Port 5000 we could just do like 4,995 and then we'll just go to um like 5,5 so way we don't have to do very many we're
going to do a step of one and I think that should work so we should be able to run this and there we go so we're looking for we're getting these stat St is 200 but we should be able to look at them and we want to look at the response and it's going to tell us Invalid oh it's because I didn't give it the actual page discard positions we want to delete that and delete that we don't actually want that around fetch we want to use the Intruder around the port number right here so
now if we come back over to our payload we run the attack this should work for us this time let's look at our response We're getting connection refused so we have the connection refused connection refused refused refused and then we hit 5,000 and we hit um received 200 okay and what you can also do with this is just look at the length and you can look at Port 5,000 had a different length so it's possible that the reason that it is different is because it actually got the 200 okay so the content received it length
is actually different so that is how you would do like an internal port Scan on a server to see if there's any internal ports for an ssrf and so now you can actually see we put this connection refused um inside of our code and I did this just so you would be able to see over here what was happening when we were doing our ssrf so you wouldn't actually have this inside of the code which is why I added this in for us to be able to see it this is for our ssrf you're able
to see that you have this connection right here is Refused and I wanted you to be able to see and exploit this and be able to know exactly what's going on now you can also do something else with this burp um attack with the ssrf we can delete that and let's just discard the attack come back over to repeater so let's go ahead and now look at this from our little box we have right here so our UR URL that we're going to put in we can actually try to use this for our redirect now
so let's say that we instead of clicking The button I guess we could do this from burp as well instead of doing it from here we could we would not want it to look like that we could actually say um that if this button so right now this button we'll just use the button like it's making us come over to our homepage what we could do with this button instead is come over to our proxy intercept and click on it and this will give you an idea of what this would actually look like if we
were to craft a Payload and send this out to somebody we could instead of saying we want to take you to HTTP slash we wanted to take you to a malicious website and just for the sake of the demonstration we're just going to go to google.com so we can say google.com I'm not entirely sure if we need www. but we'll put it in there just in case and if we now forward this it's going to take us to google.com so instead of Google what we would do is we Would send someone to a malicious website
and I kind of mentioned this in our slides earlier the way you would go about doing this so if we come up here to our repeater where we were instead of sending someone to Google what you could do is Let's Pretend This is um attack site.com you could actually just take this right here and copy it send it over to the decoder paste it and we want to encode as URL and then we could just copy this right here and we could put This into what we are crafting as our payload you could paste that
in and now nobody would know where they're going to and so you could actually send this to somebody so what the final product would look like is more like let's see what all did I copy now I don't even remember what I copied I copied the whole thing so it would need it would look like this and this would be the link that you would send to somebody so this is how an open redirect would work if you were to Try and submit this and also this is how a port scan an internal port scan
would work if you were trying to do an internal port scan with an ssrf with the open redirect so the vulnerability for the open redirect is right here and for the ssrf if the action equals fetch then we're going to do this right here and so this is kind of how you would be able to try to exploit open redirect I hope this makes sense uh if you guys have any questions or need something cleared up Please let me know down in the comments and I'll try to make another video on open redirect because there
are places with CTF that we can practice this the only problem is you don't get to see the code like you can right here and I feel like it's helpful to be able to see the code in order to understand the exploit so let me know down in the comments if you have any questions on this and I'll try to get to those all right so the next vulnerability that we are going to Be coding up is an idore and this is going to be a pretty simple idore but I want you to be able
to see the code on the back end so the way you can understand exactly how the idore works as always we are trying to Learn Python and security at the same time so I'm going to grab a set of old slides that I had previously made years ago talking about an idor and we're going to watch the video where I explain what an idore is first and kind of some business logic Errors so that way you can understand how the code actually works when you run into these and how to better exploit them in the
future so I'm going to so I'm going to insert the clip of the ID doors that I had previously made hey thanks for stopping by my channel in this video we're going to check out one of the easiest bugs that I think you can find in bug Bounty and it is also I believe number one in OAS top 10 and that is the idor and I was on try hackme And I was just looking through some new Labs that I had never done before it came across this idor lab I have never done it I
have never read any of the labs so let's go ahead and jump into it and I'll show you just how easy idors really can be so here we are what is an idore idore is an indirect object reference which really doesn't tell us anything basically I like to think of ey doors as like the Matrix where you have all of these different possible doors You can go through and you just start picking different doors to see what's behind them and one of the ways we can see what an Ido let's see if it gives us
an example it doesn't so I'm guessing we're supposed to type in indirect oh look right here we can just copy this insecure oh I think I said indirect insecure direct object reference right here we can paste that in submit it and it tells us we're right I want to see right here this is a Great example right here so an ID is going to be a good place to look for a idore and instead of having like 1,000 we could just change this to like 99 or 99,999 and you get to change those and see
if you can find something else there so we have this uh view site and what are we supposed to do imagine we have just signed up for an online service and you want to change your profile information we click on it we see this right here and I'm guessing we need to Change it to 1,000 so here we are we're clicking through here we have this site we have this 1 two 3 4 I bet you that we're supposed to change this right here to 1,000 and we have the idore so I hope you saw
how that worked let's see if that worked so it was at 1 2 3 4 right here and sometimes the ID door won't be passed through a parameter sometimes you'll see it like this with these slashes or you I wonder if we could send it as though it is a no we're Not going to be able to send it as z a parameter because we have this invoice over here so let's go ahead and check out the next one so we have a z a09 equals and it's tell it's talking about encoding so you have
this B 64 um you're going to see B 64 en coding so sometimes if you see B 64 inside of a URL or something like that you can decode it and see what number it is put in a new number B 64 encode it and then paste it in the URL I am guessing that is what We're doing so you have this Bas 64 and it's going to tell you what it is it is that is exactly what it's telling us we have this ID we re-encode it and then we can pass through the ID
door what is a common type of encoding on websites I'm going to guess that we're supposed to type in B 64 and that is right so let's check this one out we have hashed IDs and we have the number one two three and this right here is going to be md5 Sum and we it tells us we can put it into crack station this is actually something if you watch a lot of ipex videos he uses crack station quite a lot and I'm guessing we're supposed to take this and put it inside crack station and
it's going to tell us that it is one two 3 and it does md5 1 2 3 so we have this here what is a common algorithm used for hashing IDs so this is the base 64 encoding and it's looking for md5 for the hashing so we can just say Md5 submit and we're going to have down here I think right here we're going to actually go to a website and do a and actually exploit an idore which will be a lot more practical we'll just keep going through these for now if an IG door
cannot be detected using the above methods and excellent ways to use two accounts to swap between them in a bug Bounty program you are going to have to have two different accounts if you're testing for an idor and what you would Do is you would open up burp right here and you would send through each each of your accounts and you would capture the web request in your proxy and then you would send it back and forth and you would try to change your ID to the other account that you own's ID you cannot test
for idor unless you own two accounts so in a bug bounding program in the real world going to have to have two accounts for that anyway so it tells us we have to have two accounts but if we Find an idore in say like a hack the box or try hack me um you always want to go to account number one you're going to try to take over the admin account so it tells us what is the minimum number of accounts you need is to the two where are ID doors located and it tells us
that there's no answer needed we just need to read it um in this case right here we're going to see right here in this parameter sometimes you'll see it pass through like this like we saw Earlier but it tells us we don't need an answer um so yeah we'll go ahead and hit we know the answer to that and we'll go on to the Practical idore now it might take a second for this machine to launch see it is launching so once this launches I'll unpause the video and we'll check out what this wants us
to do I'm actually going to read it so you don't have to watch me read it and I'll bring you back okay so this looks like it has going ahead and ran for us we'll Paste this in here and it tells us that it wants us to create an account I believe we need to create an account we need to log in and then we'll try and do this the way they have it imaged right here through inspecting the elements um and then we'll do it through burp if it allows us to so where is
this right here um I believe we need to log in right here so we need to sign up we need to create an account so we'll just give that as our name here's our email we'll Just make our email the password as well and we can sign up and now we are logged in here and let's see um it told us to it gave the image of inspect Network we need to refresh our page and see what we get back so look through right here these get requests we have this ID 15 and it tells
us over here that we can go to this this page right here so we can copy that but before we do I want to see what happens If we send this through burp we get the customer names and we hit this right here this is what we would see and we would just go ahead and send this to repeater I would rather do things through burp than through this um but this is the example that they gave so we're going to go ahead and do the super because I want to so if we send this
here is our response it gives us our email and our username what are we looking for we're looking For the user ID of one so the ID door would be right here and we would just send with the user of one and we're going to grab Adam 84 as the username and then just paste that in that did not work so Adam 84 submit and we need Thea email address for user number three so what we would do is say this ID door now we want is number three and I accidentally hit enter so we'll
send this and we'll grab this email right here so this is how Idors work they are pretty simple to do and idors are the most common bug I believe they're number one on OS top 10 as soon as I finish this video I'm actually going to go look it up because I might be wrong on that but I'm pretty sure they're number one and I think hacker one put out at the beginning of the year the idors were the number one most common vulnerability found on hacker one bug Bounty programs so this is a very
easy bug that you can start Looking for right away and another great thing about the idor is it is really common I think it's the easiest to find and it's the most common vulnerability out there on bug mounty program so with that take this knowledge and have fun hunting for these in the wild thanks for watching before we start writing any code I think it'd be helpful to just come up here and make sure we add in our Imports because usually I forget to do that and let's make sure we try to get Them all
so I don't actually think we are going to need the session import but we'll go ahead and add it just in case and then we're going to go URL 4 and I think that should be all that we need for the Imports now let's come down to our login function so what we're going to end up doing is saving the user ID as our session cookie or token or manager or whatever you want to call it this is something that actually happens in real life and then we're going to switch it And we're going to
save in our actual username in the URL as our session token this is something that I actually see in the real world so you're going to get to understand how this works sometimes I'll see something like an email also stored as like the session ID and it will just be like URL encoded or base 64 encoded and all you have to do is decode it and Bam you can change it and take over somebody else's session it's a simple idore but we're going to see how This works with our code so I'm actually going to
just move this down here because we don't need to be looking at that and we'll move this down so that way we're just looking at this little bit of code and we're not getting confused so really we wrote this earlier and we don't have to change a whole lot in order to get this to work for us the first thing really all we have to change inside of our login function is we can just delete this message because instead Of sending the user a message or rendering hello whoever you are logged in we're going to
redirect them to another page that is going to be a logged in page that you should be an authenticated user to view now I'm not going to go through all the steps to set up a middleware in order to make sure that the session is authenticated and all that um we're just going to look at this in the basic form so we're going to go ahead and just turn type in a return Like always and we're going to use a redirect function so we just got done learning about open redirect and we use this redirect
right here so this should look familiar to you and we're going to pass in the URL for and if we were to leave this you might think right here this would be vulnerable but we're actually going to add in a little bit more we're going to add in something that is going to make it so you can't use an open redirect unless another Website is using literally exactly this exact same setup that we're going to be using so we can go welcome this is going to appear inside of the URL so we're going to use
the welcome and then this is going to be the name of like our page and so we can say um the user user ID equals and we can just say user and zero so this is going to grab just from the beginning of the user ID and then we can delete this else and we're going to actually we can leave our else because If this doesn't work then they typed in the wrong password so I think that is all we need to change right here on our login uh that is not true we need to
grab the actual user ID from down here so inside of our um query statement we need to add in the user ID and I'll show you where I'm getting this from so select the user ID and the username from users where the username which this is all the same so like where they log in so it's going to send the username and The password over here to our database so you got the username and the password and so we're saying we want to grab the user ID and the username where the username and the password
match so it's going to see if these two match from the user then it's going to send these two back over over to our server right here so we're grabbing the user ID and the username if the username and the password match so then we're going to grab just the user ID right here and I Believe that is all so the next part of this is we need to add a new route and this is part of where I was showing you um how we would manipulate a URL and get things to reflect on the
page earlier in the course at the very beginning and you might have been thinking this is pointless we're never going to use this well you would be wrong because we are about about to use it so what we would do is we're going to type in our welcome just like we saw earlier and you Also saw me pass in over here like my name or something so that way we could reflect it on the page well in this case we're going to pass in an integer and it's going to be the user ID and we
did see this as well right here so we're going to be passing in the integer as a user ID so this will be the variable that is going to display so if we log in as Bob it should say welcome um two and then we just change the two to a one so that is going to be our ID Door right there and then we also need to put in our methods equals and we're going to have just a get request so we'll say get that needs to be inside of single quotes so we'll go
ahead and put that in single quotes and then we need to add in our decorator function so we can say defa welcome and we're going to pass in the user ID so that way we have that and we're able to display it we need to make sure we put in our c right here now I think what I'm going to Do and you guys are familiar with me telling you copy pasting is typically bad practice and something you don't want to do um we're going to copy this because we're going to need it in just
a second um just so you're aware let's actually just grab that in a second we don't need to grab it yet so we can come down here and we're just going to say our query statement so we need to make our query statement that we're going to send to to the database to make sure we Get the right username and we can make this an FST string and we can say select username from users where user ID equals and we're going to put in our user ID right here so we're going to grab the username
from the users and we're going to grab the user ID ID where the user ID equals the user ID so the next thing I what I was saying we could just copy paste is we could just blow Our query statement we can copy this and paste it in right here make sure there that our indentions are right and the reason you don't copy paste is because you might have a bug and look at this um I spelled this wrong up here and in order to get the query statement we need to grab the query statement
but I must have mistyped it right here and had it autoc correct right there so that's actually spelled wrong that's why you typically don't copy paste your code Because I would have just created a bug and had to debug it later but I caught it and I might have another one that we might debug later but in the meantime we're going to go up here and we're going to say if the user is correct then we want to return an F string and we'll just say welcome to the user and we're going to pass in
the user zero so we can grab that first part of the user that is brought back and we can Just say you are loged there we go now our else statement is just going to say user not found so we just say else return user not found now I think this looks good um so essentially we didn't really change much in our login function if you're confused about our login function and this code we have right here you can go back and rewatch me explain this I went through this multiple times to try and make
sure we understood exactly what was happening Right here we actually don't need this um render message message but we'll just leave it for now uh we have a query statement which we've covered before and then we're just going to say if this is right we're going to return the user on the welcome page with this integer so we should now be able to go and make our HTML page so we can say new file and we called this I think we called it welcome. HTML we can drag this over here move replace and we can
just add in a Boiler plate we can change our title to something that we want so we can just say welcome and inside of the body we'll just make an H1 and we'll just say welcome and as you have seen in the past this is how we make our variable show up similar to ejs and we would just say username so that will get passed over here and then we could just add a paragraph tag and say you are logged in okay so if this was all done correctly this should work for us but we
have an Unexpected indant and I think that the unexpected indent is right here so let's go ahead and run this again and it says our code is working so let's go ahead and open up Firefox we're here on our main page we can click log in we can type in our password one two 3 and let's log in as Bob this time so we can submit and we get incorrect password so let's try password 1 two 3 we can make sure that this is spelled correctly so Text uh password spelled wrong passord one two 3
and we're going to sign in as Bob and it says welcome Bob you are logged in now remember remember we're using our user ID as our session so if we change this two to a one we are now logged in as admin so I hope you see how this works and if we we do have a third user um he's admin with the chicken mark that I showed you if we put in a single quote and our secure login SQL statement we do have a third admin right here Username so we can just move around
as different users this would be considered an idor now I don't have any middleware setup so technically you can just like come straight from here to typing in the welcome and two and accessing this typically you'd have a middleware with some kind of like session token or something like that um which would make this secure but this is the non-secure way that you would be able to see how the ID door works now typically you're Not going to see a number one or a two it does happen it's more common to see a username or
something being passed in over here and let me see if we can change this so instead of having this user ID it would be username because that is the name of our column right here so the username or it would be like an email or something like that so we have the user ID and we would just change this to username and this instead of being an Integer it would be a string and we would just use the username and I'm sure I'm probably going to miss one of these username username and I think this
is the last place we would say user name and if all of those were spelled right what we would do instead of having a one this would be like it's still not secure but I guess you could say it's more secure in the fact that you would have to Brute Force usernames So we come over here and say password one two 3 log in and we get this error right here and I'm not entirely sure where this error is coming from so I think what I'm going to do is just leave it here um so
that is how you would view an ID door and typically I wish I could have got this to work there's a double quote missing right here you would see something like this with a username typically instead of the number one how We had this earlier like this which is going to bring up the user and if I just come back here here we can undo this and get the IDS all back and I'm not sure what I just did and if we come back over here now typically you wouldn't see it with this one my
server died but it would be a username so I hope that makes sense to you and you now understand how the ID doors work and how the query statement works when developers use something from the actual database as a Session token or a way to navigate within a specific web page something something else that does happen is when there are developers that use middleware which we're not actually using and there's not any real point for us to set up any middle well and there's not really any point for us to set up any middleware for
this example they will still use something like this in the middleware will basically just make sure that you have an authenticated to cookie And it doesn't matter what the ID is so it'll be like you're authenticated but it doesn't care if you are going to admin or you're going somewhere else so that does happen as well even with people who set up middleware so that is how the idor works on the server side so the way we set this up is basically we were able to leave almost everything alone inside of our login and all
we do is we just take the query statement and we grab the user ID and we reflect it Inside of the URL and welcome that specific user to their dashboard and we display it inside of the ID up inside the URL so you could change it so it's pretty simple to to check for ID doors and to see them and this would be the serers side idore code within flask okay what I think we're going to do is leave our server code alone as it is right now but I have a Capstone project for you
I want you to create a vulnerability scanner that is basically just going to Come over to our page right here our login endpoint right here and it will check for different Bad characters inside the username and inside the password right here and it's going to run that so I'm going to use a beautiful soup just to give you a heads up but you could also use selenium if you wanted to for this project and then you're going to use requests as you've seen previously as well to see if you get back a 200 301 or
a 500 error code and What we're looking for with our vulnerability scanner is going to be an SQL injection vulnerability scanner so it'll check these for SQL injection it's not a super complicated program so I want you to go ahead and give it a run you might have to do some Googling to try and figure it out but if not let's go ahead and start programming up our vulnerability scanner for seel injection so we can come over here um I'm not sure do I have py charm installed I do not so I guess what I'll
do is just open up a new VSS code editor so we'll just hit code open up a new editor and I'll just start writing it here I suppose so before we do anything with this I guess I'm going to have to create a a new folder so I'll CD to my desktop CD desktop and I will just make a new directory and we'll call it um scanner because it doesn't really matter now if we come back over here and we open up our folder we should be able to go to Desktop and open up Scanner
and open this up then we will want to create a new file and we'll just call it scanner dop and now we can and start creating our vulnerability scanner here so the very first thing we want to do is import what we know we're going to need which is going to be request so we'll import requests and we will from bs4 import Bea utiful soup and it may have been a while since you I don't know what speed you're going through this course at um since You've seen this but this is all stuff we've used
in the past and so we want to check for bad character character so we can just say bad characters and we'll say equals and then we can give our bad characters over here I'm going to type out a few of them so you don't have to watch me type these out and then I'll bring you back okay I got a few bad characters right here there's a lot more but I don't really want to type all those out so I think what we'll do in This project that we haven't done in the past is actually
use the if name equals equals main which we have talked about briefly um so this is basically to call our main function that we want to call at the beginning and we've talked about this but we have not ran it yet so if name equals main which means if we run this from here then it's going to run our program so we're going to start out with the main function so we can just say def Main and call our main function And we'll say URL equals input and so we're going to want to take an
input so what URL do you want to actually scan for SQL injection and for us it's going to be this one right here so we can come back over to our scanner so we'll say we need an input and we'll just say enter URL to scan and now we're going to want to pass that into a function so we can just say inputs and we can save this as a variable that is going to call our function so we'll just Say fider input and we will pass through the URL that we grab from right here
and then we will say if not inputs um so if there's no input then we just just going to close out the program and we're going to say return but if something actually comes through we want to grab the results which is not what that was the results which is going to equal um test the inputs which is going to be another Function that we're going to end up calling so test inputs and we're going to grab the keys and value from the input so when it makes our request to the URL and it gets
back the 200 uh we want to be able to see that there was an actual 200 so it's going to grab all the information from the request module so we'll say inputs and we can pass through the URL and the inputs then from those we're going to want to Loop through that and we're going to say for the key and The value in the results do items so items an option items is not an option right here then we want to print out the key and the value so we'll say print and we're going to
want this to be an FST string and we'll say key and status code value and then we want the key to be inside of curly braces which that didn't work like I was hoping I was hoping I'd be able to just highlight those and it would automatically put those inside of Curly braces but that did not work for me so this is going to print the key and the value so what do we we have so far we're taking in the input right here we're going to spider the input URL and if it works then
it's going to call the spider input function which we haven't written written yet and then it will go through that and then it's going to call the test inputs function so now we need to write our spider input and our test input functions and then that will be The end of this program so it's pretty simple we're just going to say defa um we want to spider the inputs and remember we're going to pass through the URL and we're just going to say the response is going to be equal to the request.get URL so this
is our request module that we imported right here it's going to get the URL it's going to save the response we want to use beautiful soup um and so we need to set this up and if you remember from when we Previously used beautiful soup um this is basically setting up the pro the the import for beautiful soup inside of our variable right here so in the future we can just do soup. find or soup. get things like that so we're just going to say beautiful soup response. text so this is going to get the
response and we're going to use the html. parser and now we're going to create the form say form and I hope this is Familiar to you from when we previously used this uh find and then we're going to say the form and then if nothing comes back then we want to close out so we'll say if not form um we're going to print no form no form was found so basically it's going to look for this right here this form inside of the HTML so that's what we have going on right here so it's going
to go through HTML parser the soup is going to look for any kind of forms which is going to be this Right here our input forms and we could actually look at this over here so where is our login it's going to look for this form tag right here and then it's going to look for the inputs so that's what we have going so far so if there is no forms on the specific URL it's just going to say there's no forms and then it's going to return um nothing back into our console so return
nothing back to us um and if there is it's going to return the results form. find all and Then we're going to say in the input so this is going to grab all of the forms and it's going to return those out right here and then we're going to end up passing that into our testing the input so our next function is going to be def test inputs which we made down here where are you right here test the inputs and we're going to pass through the URL and the inputs like you see right down
here and I got a typo there so we got our URL and our inputs and then we want To make an empty dictionary so that way we have the keys and the value so we'll say the results equals empty dictionary which will be filled up with the um status codes and then we need a for Loop and we're going to say for the input field which you could actually make this say anything you want right here this is just so that it's easy and readable we're going to put the inputs right here so we're going
to Loop through all the inputs to test each character inside of Each one of the inputs and we're going to say name equals input field. getet and we're going to put in the name and then we'll say if the name has any kind of bad characters we're going to Loop through the bad characters so for the bad characters in we'll just we need to name this something other than bad bad characters so we'll just use the the 4i in our bad characters List then we want to send it over to the request so we can
Say payload equals name with our bad character and the response is going to equal the requests dopost so we're actually posting this to the server so we're actually going to say post instead of get because we're actually sending this over to our server so we're going to say post and we're going to say the URL and the data equals the payload which is Going to be the bad character and then we will say key so this is going to be our key um that we're going to end up displaying from down here so we want
to print our key and we're going to say key equals and we're going to make this an F string and we're going to say that we want our URL and the input field of the name and the payload which is just going to be our bad character right there and we should be able to pass that down here to Our print function and now we want to have our results we'll say the results and we're going to grab the key equals the response. status code and the reason we want the status code is so that
way we can see if it's a 200 a 300 or a 500 because an SQL ction typically is going to be a 500 so if we run this let's see if we got any typos and it appears that I need a colon right here so let's try this again it says enter the URL I'm shocked so far that this is working Without typos let's go ahead and highlight our URL and we can copy this and come back over to our terminal we'll paste it in right here and if we hit enter it works here for
us and you can see we have the 500 which is going to be the single quote and the 500 which is the single qu quote which is going to tell us that our server is giving us some kind of error and it is likely due to SQL injection so if we come over here and we just put in a single quote and we Hit submit we're going to get this error which means likely SQL injection is possible which we already knew because we wrote this code so with that this is our cap Zone project okay
as we move into the ctfs on SQL injection I have some node.js code that I have previously written on this channel around SQL injection where we can actually look at some node.js SQL injection code which should look really familiar to you after going through this python course with Using flask I decided to go ahead and show you the nodejs code just so you can see how similar the python flas code is to the node.js you're going to be able to see how this SQL injection is very similar the syntax in the code is a little
bit different but I think you'll be able to read the nodejs just fine and understand it so I went ahead and included that nodejs portion in this SQL injection crash course with our python included okay so right here is the code For our SQL database these queries right here are what is going to be sending our information to the database so here is our portfolio build and if we click on our SQL injection over here we're brought to our sequin rection page we can create a user right here so we'll make a new user just
like this we can submit our new user and we can check out our database and we can refresh it and we have our new user right here so if we come back over to our code let's look And see what's happening so we're taking in our input from our HTML it gets passed over through the API which I'm not going to show you because that's not the point of the video and we have our query right here so this is actually a secure input right here for SQL so this is you're not able to inject
into this because we're taking our user and our password and we're sending those in right here inside these little variables right here that are not that are not Going to be able to break our query statement so if we come back over here and we create a user with all of the bad characters so we'll just say bad and we'll throw in some of the bad characters and then we can actually just copy this and send it over here and if we submit this and we come back to our database and refresh it we have
all of our bad characters inside of our username because it doesn't break our statement and our server picks it up Right here with no problems at all through the API but on our vulnerable code right here you can see we have these queries so this W body this rec. body. user is actually going to take the input that we put from this login and it is going to to put all of it right here in this statement and then send the statement it doesn't just send over the variables so if we come over here and
we just add in a single quote it will break for us our statement and then we can Inject into it so I want to show you what this looks like so if we come over here and we put in these bad characters and we submit this we're getting this error and it's actually going to tell us like right here is we got this error but more importantly we crashed our server over here so we actually need to restart our server and when you see this error message or we crash our server this is what you
see when you're looking for SQL injection and you're putting in that SQL Quote everywhere to see if you can break this statement and the server will send back a response so we crashed our server so if we were on a live program we would know that this server is vulnerable to SQL injection and in the case of a login right here if we wanted to log in we can just say anything so we can just say bad characters like we did before we can put in our single quote and now we can put in or
1 = 1 and then we'll close this off with our semicolon and then we want Our hashtag to comment out everything after our statement our password doesn't really matter so you can put anything in and it's going to tell us that we are logged in and just to show you that this does work without the SQL statement if we go ahead and submit this it's going to tell us that we have the wrong username because it doesn't exist so we're actually able to bypass this login function because we have insecure code in our login function
but we have this Secure code for our create a user function if we wanted to we could actually write a statement that is very similar to this where we pass in these variables right down here and then our SQL injection would be fixed so inside of a nodejs server this is how you would write a SQL statement for secure code and insecure code and it's going to look really similar no matter what the programming languages and we can actually see over here our example of a Database this is this database server that I have linked
up to the node.js server so now you have a really good visual of what's happening on the database server what the database looks like the code on the actual server running the web application and then how it all works when you bring it all together inside of our portfolio build at this point we're going to be heading over to port swigger and if you want to just find the website really quickly you Can check the link in the description and we're going to start with bypassing a login function it's really simple and really easy but
it is something that you're going to run into especially in the world of certifications and ctfs so let's go ahead and check this out all right there are a few more things I want to show you in bypassing a login function so you can go ahead and open this up I've opened it up over here and when you read this it tells you that We're going to log in as the administrator user and I think this is too much help why this is the lowest level as apprentice in the w or in a CTF you're
not going to have this username and you're going to need to figure it out on your own so go ahead and open this lab and I want to show you why I think you're going to need to try and figure things out on your own when you're doing a CTF and we come over here and we say we want to log in or maybe You're really testing a login function and you come to the name and we put in a name here and then we intercept the request and we say okay one of the things
that I think is going to be helpful for for you is to not have that username because if you come in here sometimes you can just put in your single quote and then we can put in the 1 equals 1 you can type it out just like this and you can hit send but we're going to go ahead and send this over to Repeater because I want to show you that you can actually solve this lab this way you could send this and it's going to say 1 equals 1 and it's just going to log
you in as the first user in the database which is going to be the administrator and I forgot to put the dash dash so we'll put that in there and it's it's going to tell us not found but if we go back over to the main page it's going to follow the redirect and it's going to log Us in and it's going to Tell us congratulations you have solved the lab but the way we're supposed to go about doing this is typing in an actual username so there is going to be times when you need
to just type in like admin Das Dash okay actually we don't need the admin right here we actually need this over here and it is administrator which I have copy pasted to my clipboard which looks like this and then you can just have this quotation with a dash dash and the reason this is going to work is Because this is the true person or the true user that we're really trying to log into and then we put the single quote here to close off the entire statement and then we put in the Double Dash in
order to comment everything out of it since this user is true and we're commenting out everything after it this password doesn't matter we can have anything in here because it's just being commented out and the user that we're trying to log into is true and because This specific CTF told us we need to log in as administrator that means that if the user that we have is real then we're going to be able to log in so we should be able to just hit send and it should tell us that I already used the session
so we actually need to grab a new request over here you can actually see this work see our token's different so we should be able to send this over to repeater and now if we paste in administrator put in our single quote And our dash dash to comment everything out after it we should be able to send this and it's going to tell us that we are able to log in we can follow the redirect follow follow and okay we are now logged in so we can come over turn the Interceptor off and if we
wanted to actually get this to say problem solved we would do all of the same things only this time we would not send it to repeater if we want this to say lab solved so we could intercept this turn On proxy get that out of here come back over here paste in administrator quote- Dash and forward turn Interceptor off and it tells us we are now the administrator and we have been logged in so that is a couple different ways to bypass the login function now let's continue on okay so we're going to go ahead
and open up this lab right here and once this is open you can go ahead and access the lab and we'll let that load we're going to pull down the number Of columns that return that are returned from the query so what we're essentially trying to do is get a true statement back from the server or the database saying that there are this amount of columns so we're going to see if we can find the number of columns and remember we're going to get an error unless the statement is true so once we hit the
right number of columns it's going to send back to us a 200 okay meaning that is the amount of col columns in the Database so that's where we're headed with this specific lab and I actually think we're going to need to intercept and I think the SQL injection is going to be right here so let's send this to repeater and check to make sure put in our single quote and send it we get our internal server error so this is going to be where the SQL injection exists but before we check this out I think
it would be helpful to remind you what a a SQL statement looks like and so we'll Just gedit a random file and so you're going to need to remember this is how the statements look it's going to be something like select all which the star is all from users and this will be all caps where username equals and then we would have if we were actually writing this you can go back to that first video in this SQL injection section of the course and you can go back and check this out it's going to show
you like there would be something that looks Something like this and we would have the username which would be a variable that was passed in over from the client side through the API to the server and now to the database and we're just going to inject right here and we would just type in a single quote and this was going to break the statement and then we're going to write our own query right here and then we're going to comment out everything after it so that's kind of what the statement is going to look like
This should look familiar to you by now because I've shown you this before so we can just close out of that we can close without saving and we can come back here and we can actually write our Union statement in order to get this to work now when I do this I usually write my union statements in all lowercase because I don't understand why um SQL programmers everything is in caps lock so I just like to use lowercase because it's easier and it's too much Works to Hit caps lock and then start typing so I
just write in lowercase so we're going to go Union and and then we're going to type in select and then we're going to type in right here a row so you can actually put in like null you'll see sometimes people put in like one comma 2 comma three for the numbers of rows either one should be fine so we'll just type in null and this is going to test for is there one column in the database so we should be able to highlight all of This control U to URL encode it and send it and
we're going to get back in air so then in here you just type in comma null and you can send it we get an error comma null send it and we get back at 200 okay this means there are three columns in this database so if we come over here and we just let this proxy go it's probably going to tell us that we solved the challenge because we were able to find the number of columns in the table which is going to be three so Let's just try this real quick to make sure this
works we we can go comma 1 comma 2 comma 3 and we should be able to send this and we get an internal server error so it is expecting a null or some kind of string right here so it does not like integers being sent in so it does want to see null so in the future we are going to be checking to see if we can pass in strings in here to see if we're able to pull down information and so what I mean by passing in a string if The database is going to
let us make a statement or ask for information back it'll let us put it in quotes and we should be able to send it and it'll give us a 200 okay meaning we can insert into this column so this is getting into a little bit too much depth for us at this point so we'll go ahead and check out the next challenge and continue progressing forward all right we are going to be trying to solve this fourth lab right here so it says we are going To find a column containing text which I kind of
showed you a little bit of how to do this in the last video so we'll go ahead and open up the lab and we you already know where the SQL injection is um if you want you can go ahead and try and see if you can find how many columns are just like we did in the last video and then see if you can figure out how to insert a string in order to get back text so what we're going to do is send this to repeater we can go ahead and Shut that off actually
we'll send this and if we read our output over here it tells us we have a hint we need to make the database retrieve a string and it wants us to send this very specific string right here in order to solve the lab and we'll go ahead and copy this so now that we have it we can put in our single quote make sure we get that internal server air just like this and now we need to find the number of columns just like we did previously so We can just type in Union select and
then we're going to need to type in our null so we can say null and then we'll put Dash Dash and I'm just going to go ahead and put in a second one because we pretty much always know there's going to be at least two columns and you know what I forgot to do is URL encode that so let me type this back out and now we can highlight control U and send this we still get an error so let's see if There's three like there was last time and we get this 200 okay but
we still need to submit this string right here and what you can do with this is you can just put it in each one of these nles send it it says internal server err so that is not where that's going so we can put it in this one right here send it 200 okay and congratulations you have solved the lab but what I would do is I would keep checking this because we're going to need to pull down a username And a password which means we're going to need to inject into at least two columns
it's going to tell us okay so this line right here would be able to accept an input from us so it says we have solved this one and now we're going to keep going and it's going to keep building on top of this but if you would like you can come back over here and open up the fifth lab which one are we on 1 two 3 four five right here and we're going to do all of that same stuff In trying to receive data and you can go ahead and try and get this far
and see if you can figure out which columns allow you to have input and then we will pick up from there and solve whatever challenge it has next for us all right here we are we are going to be doing this laab right here we're going to be retrieving multiple values from a single column so we're just building on top of the previous lab where I showed you that we were only able to inject into one of The three columns this is usually pretty uncommon usually you'll be able to inject into more columns but in
this case it wants us to only inject into one column however I believe we need to pull down the usernames and passwords which reads we're trying to get data from two columns but we need to get it from one column it sounds really hard but it's actually extremely simple especially once you know that we're just using a simple SQL database and even if you Didn't know what database we were using such as like Oracle it's still pretty easy to figure out just by doing some guesswork so I've gone ahead and opened up the lab and
you can open it up too and you'll be brought to a page that looks like this and we're going to be trying to do a SQL injection in the same place we have been doing so you can click any one of these tabs because that's where the SQL injection is going to be we will send this over to repeater And we can send it make sure it all works looks great and we'll check to make sure this is where our SQL injection is at send it and we get our internal server air which is good
for us so we can type out our payload like we previously have now I'm going to go ahead and skip it this time and then I'll bring you back once I have it all typed out okay I have it all typed out and I actually put in three nles and this time we find out there's only two Columns and I accidentally messed those up so we have two columns this time and we need to see which one allows us to insert a string so if we put some quotes around that we still have our internal
server air so we'll take those quotes off and put them around this null over here and see if that's where we are supposed to insert our payload and it is so we get this 200 okay now at this point you're probably thinking how do I pull down the usernames and the Passwords I want to show you a little trick that if you're ever stuck and you know what you need to do but you can't figure out how you need to do it some SQL injection payloads can be insanely complicated and they can look like a
mumbo jumbo mess and one of the simplest things you can do if you know you need to run a SQL injection but you don't know what you need and but you don't know exactly the right syntax you can just highlight this right here and we Can copy it we need m multiple values from a single column because we're able to have two columns but we need multiple values meaning the username and the passwords which right here we need the username and the passwords from a single column so what we can do is go to our
great friend the Google machine we can hit enter and we're going to need to turn our proxy off if we actually want to get any information back from our request and we are going to just click On this first one right here you could even come down here stack over is a great place to go if you're a programmer you're best friends with stack Overflow so we can just scroll through here and it's going to tell us in Oracle this little pipe pipe quote Dash pipe pipe is going to be like an and for us
so it's going to say we want username and a password so whether we're using Oracle or Microsoft or postgress postgressql or My SQL it tells us what we're going to Kind of need to do here so we'll just go ahead and try the Oracle one first if that doesn't work we'll just work down the line so what we can do is come back over here I'm actually going to pull these apart so I can see exactly what this looks like CU we're not allowed to copy that so we can come back over to repeater and
we're just going to type in simply username add in two pipes and then our Quote- quote and then our two pipes again and we also want the passwords and we want to grab this information from the users table and I believe we're told that we want this from the users table right here so we're going from and then it's going to we're going to put in the users table so that is where I get the users table from right here from us from users so what we can do is highlight all of this we can
URL encode it we can hope For the best and that we don't have any typos and we can send it and we get a server error so that means we have a typo or something went wrong for us let's actually try and delete these plus signs because I don't think we need these right here let's try and send this do we need a space in here we do not and I see my typo we have passwords right here and I'm pretty sure that told us we want just a password so let's send this and we
get back and okay are there any Is there any information actually in here for us and there is see we have a user and we have a password we have a user and we have a password so that is how You' pull back a username and password or you're trying to get multiple values from a single column in the world of SQL injection so you just kind of know that if you can only inject into one place then you're going to need to Google how do you solve the problem that faces you which is what
I really Wanted to show you in this specific lab because if you come down here and you actually click the solution you can see that you have like this squiggly line right here but in the payload we used you just have a simple Dash you can have multiple ways to do something so even if we come back over here and let's say we check out this one right here from stack Overflow I bet that it is going to tell us what we need to do so you have the full statements here um in the stack
Over flow and let's see there's some videos that'll tell us I bet those are walkthroughs for this lab we can come to the write up and I bet this is also for the lab and it's going to have something in here for us let's see if they use a different payload they do not they use the same payload as what was given in the solution anyway one of the best things you can do is if you know what you need to do and you don't know how to do it is just Google the answer so
with That we are going to move on into the lab right here I forget which number we're on it looks like this is number seven so we're going to be working with Oracle and I'm pretty sure this is going to be pretty easy as well especially if we just Google what we're supposed to do so let's go ahead and open this up and get started with it all right we're going to go ahead and do this SQL injection finding the version for Oracle and then we're going to check out this One right here for my
SQL with Microsoft just because I want you to see the difference in how you craft the payloads and then we might do a blind SQL injection or two just because I regularly get questions on blind SQL injection then we're going to go check out SQL map and do some try hack me or hack the box and how to find SQL injection with SQL map so that is where we are headed you can go ahead and open up this lab right here I have already Opened it up you can click access lab and you're going to
be brought to a page that looks like this now we're going to do the same things we have been doing we're going to intercept the request click click on one of these things buttons over here to refine our search and send to repeater we can shut this off repeater send make sure everything is working put in our single quote and send it now we get the internal server airor but before we start crafting our Payload I think there is something you need to know in Oracle it is going to be a little different to craft
our payload we're still going to be doing a union select statement but with we need to pass in strings right here so you can just pass in to Strings it doesn't really matter what you put inside of the strings you just need to be able to see if we can get back a true statement but with Oracle we need to select the table we're going to be Pulling from and so we would say from Dual and if you are curious you can just copy this right here and or type it in we can go over
to Google and we can just type in dual or database and we can just hit enter so you can see what this is and actually we'll just type in what is dual Oracle database and it'll tell you dual is a table automatically created by an oracle by an Oracle database so when we type in this Duel that you see right here we need a table that actually exists in order to get our true statement back so that's why we put this from duel in here and we hadn't been doing that previously so we can go
ahead and click control U URL encode it and send it and see if we get back a 200 we don't which means we have a typo and I see that we don't have our Dash Dash and we send this and we get back our 200 okay right here so now we're trying to get back the version of The Oracle database this is pretty simple all you need to do is come back over here to Google and type in getting version SQL injection Oracle and we'll see what comes back pinest monkey is really great so we
can click pinest monkey and we see version right here right at the top and we just need to type in from this version right here like this so we can actually just copy that so we don't have to type out That dollar sign version we can come back over here and because we have these three columns we can delete two of them and we can paste that in right there so we have a column right here we're going to have this Plus show up right there we can URL encode it and send it and hope
for the best we get an internal server eror which means we have a typo and if we come back over to our payloads we need to have from select this Banner right here so we can actually go Union Select banner and then we're going to have our null from the version over here so we'll need to come back over to crafting our payload and we can just type in a plus and we can just type in Banner so now we have this Union select Banner our empty column from version right here we don't really need
that plus right there and then we comment out everything after it and that should work for us and it does not because we have to have a comma right there okay so my Typos ended up being there needed to be a comma right here and we had to delete the comma after our string right here so now we get this 200 okay let's see if we go back to the lab it tells us we have solved the lab so that is how you can kind of go about crafting your own payload in order to pull
down the version and I'm not entirely sure this is how the proper way to do it if this is what port swigger was looking for but this is how I would go about crafting my Own payloads so you can see ours looks a little different than this but there are many ways to solve a lot of hacking challenges or problems that you're going to face in the future and so this is kind of how I'd do it I would just Google around and craft my payload based off of the responses that I am getting inside
of burp so with that let's go ahead and check out the MySQL so you can go ahead and open this up we can access the lab just like this and We're going to go about doing this the same way we did the other one but you're going to be able to see that our payload is going to be a little different than what we have over here so we can come back over to proxy accessories send to repeater this should be really familiar to everybody by now we can shut that off put in our single
quote make sure this is where the SQL injection is and we get our internal server eror which means this is is where it's at so now we can Just go Union select just like we would have previously and if you didn't know um that this was Microsoft you can actually just type in how to craft a Microsoft payload for SQL injection and read through Google and you'll be able to figure it out so we should be able to go null null Das Dash I'm actually not sure how many columns we have and I do this
every time I forgot to URL encode it so select select not selection null comma Null D Dash URL encod it and we're going to need another plus right there send it we get an internal server error let's try are there three columns or is our payload wrong looks like we need to modify our payload and I actually believe Microsoft requires a hash like this at the end as a comment so let's delete these now and send this and we get a 200 okay okay which means we need a hash inside of Microsoft SQL In order
to comment out everything after our statement so now we have these NES but one thing I wanted to show you inside of Microsoft as well is you should be able to pass in these integers where we couldn't previously pass these in we had to have in null and I think most my SQL databases will allow you to pass in integers so we are able to pass these in right here I don't believe we're able to use integers inside of Oracle so you can kind of use that a Little bit to try and figure out what
is running on the back end of a server in the database so we have this right here now to find the MySQL version you can just copy this like we did before because we need to know what payload we need but we might be able to find it in here it doesn't look like it's going to show so let's just see if my SQL will work for us so we're going to do a select at at version so we can just copy that come Back over here and we'll just put it in this first section
I don't believe we need any quotations or anything so we'll send this and see if this works for us does not say that it is solved we have a server error let's check and type this over to N I see I copied too much of it so you guys probably caught that in the video we don't need two selects let's send this and we get a 200 and it says we have solved the lab which means in our Response it's going to tell us what the server or the database is running on the back end
so this is how you would go about doing a Microsoft SQL injection now let's go check out a blind SQL injection and then move on to some SQL map and enumerating on a c CTF on hack the box and then maybe we'll do some with tryck me as well all right so we are going to be looking at this lab right here and I decided to go with this blind SQL injection lab right here Because it is pretty simple to solve and some of these other ones require you to craft a payload and blind SQL
injection can be really hard and I'm going to show you why so go ahead and open up this lab right here you can open it up it's going to tell us that the application uses a tracking cookie for Analytics so we're going to guess that this time our eskill injection is going to be in the tracking cookie and if they hadn't told us this this lab would be very hard so I'm going To show you why this is if you come over to the lab and you open up your proxy and we intercept the request
and we click on one of these like we normally would and we send it to repeater we turn our requests off and we're over here in repeater what you can do is if you put in a single quote all over the place and you send this you're going to get back a 200 okay which means we're missing our internal server err which means we have no help in crafting our payload so if we Delete these little single quotes and send this payload again we're going to get the same thing now if I was on a
live program I'm going to show you that I would end up wasting a ton of time with this if I was on a live program and I was just putting in single quotes and I put one in right here at the end of this category where it has been you can see down here our bytes are 3,443 and no matter how many times I send this it stays the same but if I Delete my single quote and send this we get back 4,999 and if I was out in the wild doing this I would be
wasting my time trying to figure out what is different over here in the response trying to find the error or trying to figure out how to exploit something right here because there is a difference our little single quote does something but that is actually not where the SQL injection is so we have this $ 4,99 999 bytes and if We come over to this tracking ID which is where we're told the SQL injection is from over here we have this tracking cookie if we go ahead and put this single Cote in and send it it
comes back with the same amount of bytes so in the real world I would just assume that this is not vulnerable and I wouldn't want to waste my time with it so this is why blind SQL injection is so hard to find but we know this is where it is we don't know what version it's running so what We would do is we would come back out to Google and we would come and we could just start at Oracle and you can just hit command find and we're looking for a time delay and you could
just start copying these and pasting them in over here until you get something to time delay this would be a massive waste of time if you were in the real world and you were trying to find a blind SQL injection there are a lot better things to look for rather than just waste your Time doing something like this but because we are supposed to be solving this challenge I believe this one is postgressql so we can hit command find take us down to the time delay we're going to be using a select statement which means
we're going to be using Union select and then we're going to run this PG sleep 10 right here so we can copy this come back over to our tracking ID we're going to use a double pipe and the double pipe in Post SQL and I believe also in Oracle is just a concatenation onto the previous statement that is going to be made from the server to the database and if none of that makes sense you can go back to the beginning of this where we actually write the code for a database and you get to
see how the server works it's just concatenating onto the server code and sending that to the database so we can paste this in and then comment out everything after it and this should Sleep for us 10 seconds and it is going to work for us and then I'll bring you back once that works and so we should be able to come over here and it tells us congratulations the lab is solved so that's how you'd go about finding a blind SQL injection it takes a ton of time if you're going to do this in the
wild they're really difficult especially if you have no context and it doesn't tell you like it's in the tracking cookie you could spend a lot of time Like I would have searching up here for an SQL injection because our single quote actually causes our server to send back a different amount of btes to us so that is blind SQL injection now let's go ahead and check out SQL map so here we are on the box Rider I've gone ahead and typed administrative right here rather than having you watch me fuzz for this so at the
beginning this is going to look pretty simple just like we normally look for sill injection we can just put In some random characters and then we can turn our intercept on and we can sign in so this should look pretty familiar to you let's go ahead and send this to repeater if we come over here and we put our single quote in these different places and send these it doesn't appear that there is any SQL injection those are not single quotes so that would probably be why you guys are thinking I've lost my mind we
still have no internal server error which means if There is SQL injection it's going to be a blind SQL injection now just to be straightforward you can type pretty much anything right here and then just do a dash dash and then space Dash and this is going to comment everything out after this and if we send this it will actually allow us to log in to the admin panel I believe let's go ahead and try this just to make sure that this works we can shut this off come over here paste Something in and it
does not work for us so I bet if we do that same payload with admin in here we already have seen something like this where I said you need to do the administrator earlier in a different lab and it says welcome and we're in so you could fuzz for a specific user right here inside of burp if we grabbed this in here and we just forward all that and we sign in we could send this over to Intruder And you could fuzz for the user right over here and you were able to get this to
work or you could just use something like SQL map so what you can do is come in here and we can copy where is it copy to file right here and then we'll just save it into this SQL this old file that I have and we can save this yes we're going to go ahead and save it and actually what we need to do is save this we'll just save this like this so that way you can actually see it completely Run so we can come in here copy to file overwrite this again save this
to a file now I've already ran SQL map so that you don't have to wait for it to run and we can actually take a look at how this SQL statement is going to work for us if we weren't able to bypass a login and we actually needed to pull down users or usernames in order to solve this specific CTF we could come over here to our SQL map we can scroll up and you can see the statement this is just SQL map It's going to automatically be installed on your C links machine the request
is going to be made to the file that we saved this into so if we just cat out SQL like this you can actually see the post request right here that we saved so if we come up to the top the- R is the request the-- batch means it's just going to automatically answer all of the questions for us so if we scroll down and look at this it tells us that we have a database which is my SQL and then It says here is the payload that it was able to use in order to
see if this was actually injectable so we can go ahead and copy this payload and we can come back over here to our request in repeater and just to show you if we send this it's going to tell us that we are not logged in it's got incorrect credentials and if we just copy this and we paste this and send this specific statement I don't think we need to URL en code it it should sleep for 5 seconds And it'll pop up down here in this little corner that we waited for 5,000 milliseconds which is
going to be 5 seconds and you're going to be able to see okay this is as the SQL map says this is a blind right here time based blind SQL injection now when you look at this SQL statement this would be really hard to figure out like how many closing parentheses do we need and where these little quotes need to be and SQL map does all this for us and it's really Simple and saves a ton of time so this is why SQL map is such a handy tool and you're going to want to know
how to run it so when you run SQL map and you need to see if there's just an SQL injection this is probably right here the best way to run this and just see if it's injectable then if it is I'm glad this is done running um we can run a Das Das batch with the DBS you can see I accidentally ran it up here with a DB but you're going to want it with the run It with the DBS and this is going to pull down all of the databases for us and it's going
to spit it out nicely for us so here's the payload it's using and if we come down it should tell us where the database is are we have information schema which is going to be default you're going to see this on almost every database that you try SQL injection on and then we're going to have this riter right here which is going to be the database that We want to attack I actually have not ran it over here so you're going to be able to see what this looks like we can just paste that in
right there so we're going to run this Das Das batch with a Dash D and this is going to be the database writer and we want the tables and I think this is a dash dash tables it's going to tell us if we're wrong and it looks like I must be wrong and I accidentally put in an extra one instead of deleting so delete delete and run I'm In the wrong directory that's the problem CD over to a desktop and now we should be able to run this and it's going to pull down all of
the databases for us this will actually take a little while to run and then it's going to be pretty simple once we get that we're going to move over here and we're going to run the tables which we actually have right here we have the database and then we're going to pull down the table which I'm going to guess Is going to be something like passwords and usernames because that is typically what we want to Target when we're doing some kind of SQL injection so you can actually see right here it's running the time delay
and it's going to try to retrieve all of the tables for us and then we'll be able to pull down I don't actually know what's in here um the usernames and passwords hopefully and then I guess while this runs there is one more Injection payload that we are going to want to run so we can copy this and once we know what we're going to be using for a table like let's just say there was a user table we would run something like this and we're going to type a Das Dash dump and this will
dump all of the users inside of the users table and then you might have to delete this and come back and say okay now we want to dump all of the passwords within this table that is found Inside of this database so that is how SQL Map works this is going to be really important for you to know you're going to want to know it and you're going to want to use it so we do have a users right here so we could just come back over here and we would say we're going to dump
from the users table make sure it was users and not user it is users um and then we would just let this run and it's going to spit out everything that's inside of the users database inside of The users table for us so it says fetch in columns for tables the table users in the database writer and so you can see just how easy this is for us when we have a very tricky payload that looks like this right here to pull down the information and you can see it's actually retrieving it's going to have
the IDS it's telling us it's making good time and hopefully we're it looks like we're going to have IDs we're probably going to have a user and we're probably Going to have a password so I'm going to go ahead and let this run and then I'll bring you back once it is finished and maybe we can log in as one of the users that we pull back okay so rather than have you guys watch this run this is how SQL injection works and in the real real world of a CTF you would be able to
take the ID the username and the password and then you could come over here and you could log in as any of the users that you're able to pull back from this Database so thanks for watching let me know if you have any questions in the comments Below in this video we're going to talk about how to pull down passwords from a SQL database as well as authentication by bypass we're going to be using try hackme and you can actually access Juice Shop for free on try hackme that's what I'm going to be using it
is going to be a little bit buggy but I'll show you how to get around that if you want to follow along and it is Completely free you just have to make a try hackme account and then type in Juice Shop and you'll be brought to a page that looks similar to this you will have to download your VPN authentication which you can do by just scrolling up here clicking access clicking access room and then download and then connect through the VPN and then go ahead and start your machine I already have mine running and
have pulled open oos jop so the first thing I think we'll do is We'll just talk about bypassing the authentication because it is probably the most simple and then I'm going to show you how I found the SQL injection to actually pull down the database through this little search function by the login bypass authentication so we'll go ahead click account and you can click log in and you're going to be brought to a basic login page so we will want to turn our Interceptor on we'll type just anything in here we need to come back
Over here we'll hit log in and then we can come back over to burp we'll forward this and then we're brought to this little post request right here and so we're going to send this over to repeater and you can go ahead and send it and it's going to tell you that it doesn't log in for you once it decides to load and it tells us invalid email or password and just for the sake of bypassing this authentication making it actually look nice this is being sent Through as Json right here and that's why we
have this right here but we're actually going to send this through as X wwd dform and I think it is URL encoded let's just copy this right here and we'll paste that in and it should tell us URL encoded yep just like that so URL encoded and then in order to make this work we will delete delete delete equals and delete these and I'm just doing this so that you can see it will look a lot better and it's actually easier to try And Bypass or send data back and forth to the server and get
responses if you use the URL encoded it's just I like it better it's a lot easier in my opinion so this is how you would go about setting that up now if we send this we should get invalid over here and it works for us so we are now using this post request and we're using the URL encoded much much easier than using the Json down here I think so what we can do at this point is if you come back over Here and you put in your single quote and you send this we're going
to get an error so we get this little error right here object object so if we come back to burp and we send our single quote we're going to actually get to see what this looks like okay so we get our air back that actually took me quite a while to get this air like at least 15 seconds so we get this SQL light air right right here and you can just copy this um and we're going to need to use this a little Bit later so we can see the SQL statement select all from
users where email equals this and the password equals this over here what we're able to do with this is actually take this statement we're going to remember this SQL light error right here for later but we have select all from users where the email equals whatever email right here and a password which is what we just typed in right here and this is md5 so if you go and copy this and you take it To hashcat or some kind of decryptor on the web it'll actually tell you whatever password we typed in which is right
here so what we can do seeing this statement makes this really simple um what we can do is we can just comment out all of this after our statement so you can come over here and you can just type in leave our single quote we could type in or 1al 1 and then we'd run our Dash Dash and we actually need a plus right here for our space to make this URL encoded and now If we send this we're going to get an authentication that we are logged in right here as the admin we come
back here it just asks for the email and then that's it so what you can actually do with this SQL injection is come back to the main page and just look for a user right here like this Bender atj shop and we can copy this and we can actually just paste this in right here and then run the dash dash and bypass the login this way and we're going to be able to Log in okay and this is what I get for not actually testing these out before I record the video so what actually works
here now that I am thinking about it is we can delete this and we need our single quot over here so that way we're closing off the statement and commenting everything out so if we look at it over here we're going to get rid of all of this so we're going to put in the proper email and then we need to close off our statement over here so that the way it Works and we we can comment out everything after it so now if we send this we get logged in right here as this user
so we should be able to come back over here and paste this in we got our single quote and if we log in it should work for us and now we are this user over here so that's some authentication bypass right here but now we're actually going to try and pull down some users we'll pull down all the users and all the passwords for everybody who's ever Used this website right here so let's go ahead and check this out the way you would go about this if you installed Juice Shop locally on your machine is
to come up to the search bar and you can just type in like banana and we would catch this in our proxy here we'd come back over here and we would just hit enter and we would forward forward I accidentally forwarded too far so we'll just go ahead and turn that off and turn this back On and put in an S and we got this right here so we have this verified local xss challenge now the reason this is not actually pulling down the page that we need is because it's trying to see if we're
completing the xss challenge which obviously we're not so we can forward forward forward all of this and we're not actually actually ever going to see our get request that we are trying to make to the server so we can just hit continue all day long but what we are Able to do is come back to our login page or our login that we was looking at over here and we see we have this rest right here this means we're running a rest API and we have the users and then we have the login so what
we can do is come back over to this page and what we can do is come to the front here and we can just type in rest and then you will see that we are using the products right here so if we type in rest and then we type in products like this and you could Also find this by fuzzing the page and then we can now intercept this and see what it pulls back for us because it's we see this rest right here we're actually going to get Json in response which is going to
be really nice for us so if we send this to our repeater shut that off um actually we might even get we get an air Message over here so if we come back over here and we send this we get this internal server airror which means we're causing a problem and we Should be able to add a slash in there and now we get a success just like this so so now we know that this is an endpoint right here and we can put in our single quote at the end of bananas and we're going
to cause that internal server error right here and if we actually come back to the web page over here and we type this out the right way and we hit this forward slash and hit enter we are brought back to this Json response right here so we can actually Let's see if we delete this and hit enter we get back a a full list of all of the products in the server so if we look at this we can count these and we can go 1 2 3 4 five 6 7 8 nine now we
know there are going to be nine columns within the database that we are pulling back from so because we know there are nine columns we can just leave this this doesn't really matter because we're going to be injecting right here and we're going to be using a union select Just like this a union select and then we're going to put in our column cols right here but because we know there are nine columns what we can actually do is just start out with our nine columns if you in the wild you're probably not going to
get something back here that's going to tell you there are nine columns that you need to inject into but because we're able to count these we know that there are nine columns so what I'm going to do is I'm just going to fast forward Me going ahead and typing out nine columns okay that should be nine right there and what we can do at this point is we're going to say from and we actually should be able to send this and cause an error we get a bad request but if we come back over here
we have this SQL light air that I told you was going to be important we can copy this come back to Google paste it in and see what we are brought to so let's go ahead and click the schema table and that actually Tells us what we have right here there are three table names and we're just going to go with the first default table name and then we'll come back to burp and we can say from and we want that ql Master right here this schema so now what we are going to do is
actually we'll add our Dash Dash and then we'll highlight all of this and hit control U for URL encoding that looks all right and if everything was done right this would actually tell us that we don't Have an internal error so I have a typo somewhere I'm going to look for it and then I'll let you know where it was so the problem actually now is that I'm looking at this is going to be right here we have to close off the squl statement that comes before what we're trying to inject into so we should
be able to add these two parentheses and see if this works cross our fingers and it does and we have back all nine columns and we should be able to at this Point come back up here and we're going to look at the SQL right here so we're going to look at the SQL tables and we're going to be able to tell that let's see there is a table name with let's see if we can find there's users right here the table name users is now the one that we want to look at so instead
of using the SQL what was it the SQL light master we're going to use the users so we could use users and come back up here and from the User table we want the email and the password so we should be able to send this this and it should work for us and now we get the ID and the name and we're going to be able to get this is the md5 password right here for all of the accounts all right and that brings us to the end of our SQL injection crash course in this
video we're going to be looking at how we can access information on an internal Network through a server side request forgery the way this is Going to work is we're going to actually be able to access ports that we're not able to access from the outside of the network but because we're able to make internal requests through the server side request forgery making it look like we are on the internal Network we're able to enumerate different ports and files and information from the server and within the network and for this specific box it is going
to give us an email and a password okay so here we are I have opened up the box cic and I've gone ahead and went to P 60,000 right here and we are told We can surf the web anonymously but we're not to abuse it which is exactly what we are going to do so the first thing we can do because we know what we are going after is type in something and then we will catch this in the repeater so we can type in something just like this open up burp intercept on submit send
to repeater and we can turn this off and it should have our path for Us right here and if you send this it will hang for a little while because there's nothing there so we're not actually going to worry too much about that and before we go ahead and check out this ssrf what I did the first time because we have this URL and then this path right here there's two things you could check for when you see a URL is you can thank ssrf if this parameter right here is page or path or file
you can think local file inclusion so I Actually checked for local file inclusion first and then because this URL is right here you I thought ssrf so if we come over here and we type in HTTP and then we type in 127.0.0.1 and then because we're on Port 60,000 we can type in this right here and send it and we will eventually once this loads get back a response and our response has come back and that might take a while if you are following along and so we have This right here and I'm actually going
to send a second one to repeater just so we have it and now what we could do is because there are ports sometimes open on an internal Network that we're not able to access we can go ahead and fuzz this parameter right here and we'll use fuff for this so we can go to our terminal and we can just type in fuff and we'll leave what is here this is fine we'll change this to opt SEC list I think it's fuzzing and number three so We got these digits here that we're going to fuzz through
and we can just delete all of this and and we can say 127.0.0.1 and we want actually we'll type in fuzz right here but we need to add in the actual URL with the parameter to go right here and so if we hit enter we get told the job is complete which it should not go quite so fast I see I accidentally put too many T's right there And this is hanging and uh the first time I did this box I ran into this problem and I wanted to show this to you just because sometimes
you don't need to give up but change your path so we have this 127.0.0.1 and you should know that also what works instead of that is you can just go Local Host and if we run this it should change for us and start to run okay what I think we'll do is try and put this in Quotations because we have this question mark in here that is is being highlighted and that worked for us and we can filter out by the words so we can go filter W and we'll use one because we have one
word and so if we run this now it should run for us okay and it is started to run I didn't change anything uh it just eventually decided it wanted to work so now what we can do is come over to burp and come to our repeater and we can Start to paste in these ports and see if anything comes back on this port 88888 if you look through the HTML you can see we have these different pages in here and we have the PNG column generic images we have this doc right here and then
we hit this doc backup right here and it's a hre which would mean that it is a link we could check out on this page so we'll go ahead and paste it in here and visit this page and It doesn't work so we might need to re we might need to URL encode this and because this box is so laggy it might actually take a minute for it to pop up for me so I'm going to go ahead and highlight this and hit control U for URL and code stop and resend it and we get
the page back and if we scroll down through here we can see we have the admin and the password okay so this box does feel very CTF whenever you're walking through it but it does have some Really good enumeration within the ssrf that you could possibly come across if you're doing a penetration test on a network and on their internal Network they have ports open that you can reach only from within the network and you're able to use this ssrf to look like you're coming from within the network and access these ports and what is
happening on them now obviously you're probably not going to come across a password and username like we saw in This box but you might be able to find some information that will be really helpful to you and I'm sure the company that you're doing the penetration test on will be happy that you were able to find this but also things like this are helpful to be aware of if you doing any kind of certification you may actually see something like this on a certification exam a lot of people like to think certifications and the exams
are not very cfy but that's really not True a lot of the exams and courses are going to have very Capture the Flag feels to them and so it's good to practice things like server side request forgery along with this further enumeration of the network in this video we're going to be talking about cross-site scripting and I don't want to just show you how to do a simple alert with a xss we're actually going to be pulling off a cross-site scripting and I came across this Capture the Flag about A month ago I did it
and it's actually a really interesting box the box is schooled with hack the box and if you're interested in doing this box later it's really a fun one it's kind of a medium level box maybe even hard if you're new because cuz it really has a lot of steps to it but I thought this would make a really great video because a lot of times when you're new all you see is people show you how to do a simple alert but not actually how to steal a cookie And then take over somebody else's session so
that you can access their information inside their portal so we're going to go ahead and jump into it and check this out okay so here we are and I want to show you a little tip before I actually show you the cross site scripting if you're ever doing a capture the flag and you come across something that says you're going to have a announcement or or something like that and we're going to I believe the Announcements are in here and reminder for joining students and we're told right here this enrollment is for the course and
that doesn't really matter but it says that you're going to be removed from the course they're going to be manually checking something right here if you ever see something like this inside of a capture the flag then this is going to be a cue that there's probably some kind of automatic process running in the back end that is going to Be checking this so you know that somehow you need to be exploiting that I've seen this with FTP before where I got a file off an FTP server and it said it was going to be
checking all the files that were uploaded to it which meant we had to upload a document that then was executed on the back end so this in a capture the flag is going to tell you that some something's running on the back end and we need to exploit it and we're told that it's going to be In the profiles so we can come to the profile right here and then we're going to edit the profile and if you're looking for a crossy scripting there's a lot of different ways to look for them but if you're
going to come across one in a capture the flag you can just come in here and you can do something simple like put in a bold and then something or you can put in an emphasis or you can put in strong or some kind of tag like this and what will happen is it will Execute this so let's go ahead and close this off and then if we hit update it should emphasize this for us which is basically strong is just going to make it bold um an easier way to do that would just be
with the b instead of the strong but we have this right here so we know that is executing HTML I'm going to go ahead and type out the payload that we would need for this and if you wanted to check this you could actually go script like this and then a script tag And then we can put our Alert in here and then we could update the profile and it should pop in cross-site scripting for us and we have it right here so we know that cross site scripting works but I want to show you
how to actually steal the cookie and then my username will change up here so if we come in here what we will I'm going to type out and then I'll walk you through what is going on okay so we have our script tag and we're just going to put the source to The script as our IP address which you can see I have my IP address right here from hack the box and then we're going to have it go out and grab a file for us right here cross scripting do JS and then it's going
to execute that file for us and I don't think I need a closing script tag so we'll try this and if it doesn't work I can go and fix that so now what we'll do is go to our Cali machine over here and we have used the the python server in the past but the First thing we need to do is gedit and I've actually already written out the script here for us and we have a document. write this is just JavaScript so we're wanting the JavaScript to write something for us it's going to use
our IP address right here and then it's going to send the cookie to us so if you want to grab a bunch of different cross-site scripting payloads it's really simple you can just type in Cross scripting payload into Google and then Just search through GitHub pages and there there's going to be hundreds maybe even thousands of different cross scripting payloads that you can try to see if any of them will work if you don't know JavaScript and so we'll save this and now what's going to happen is we're going to host this up with a
python server so we'll type in pseudo python 2 and then we'll run this simple server right here and now we have it listening right here so this file is now Going to be accessible so what's happening is this is going to execute the server is going to reach out to our python server right over here that's listening and it's going to grab this file it's going to execute the JavaScript and then it's going to return us the cookie once it's executed on This Server so what would typically happen is you would put this cross-site scripting
onto a server and then you would have to wait for somebody to come to this page And execute the payload or view the profile in this specific case and then you would steal their cookie and you could potentially use that cookie to hijack their session so we can come down here and we'll click update profile we can come back to our little server over here and right here we have their session cookie and for us it's going to be the owner of this portal because he's the one that is checking the profiles to make sure
they're updated so what we Would do is we just inspect this come to the storage and paste this cookie in right here and then refresh the page I got ahead of myself and this was me refreshing the page and we were stealing my own cookie what we need to do is grab the cookie after the program has run the has looked at our page right here and now we can go to inspect right here storage cookie and paste in the cookie we just took and now if we refresh the page you can now see we're
logged in Right here as the owner of this page and so now we have access to all the things that this individual would have access to in this session
