0:03 okay everybody now that we have the
0:06 juice shop deployed uh one of the first
0:08 things we have to do is activate the
0:10 scoreboard to see all the different
0:12 challenges that may be available um
0:14 um
0:16 as you see in this instance of the dew
0:18 shop i have this scoreboard link right
0:21 here uh this is an old instance that's
0:23 no longer active but
0:26 within this particular juice shop i was
0:28 able to activate the scoreboard i'm
0:30 going to show everybody how to do that
0:32 right now
0:34 so let's start off here i'm going to go
0:35 to here
0:41 and i accidentally just activated it
0:44 like a big stupid jerk
0:47 but that's okay let's uh go ahead and
0:50 just start off from the beginning so
0:52 the scoreboard is hidden um if you left
0:54 click over here and you haven't
0:56 completed this challenge yet uh we're
0:58 gonna show you how to get it so
1:00 for starters uh depending on what type
1:02 of browser you are using you're gonna
1:05 wanna inspect the source code uh using
1:06 dev tools
1:09 uh devtools is usually accessed by
1:12 hitting the f12 key on your keyboard or
1:15 by accessing your menu for your browser
1:17 in this example i'm using the firefox
1:19 web browser
1:22 and then you can easily find
1:29 and you could do basically web developer tools
1:31 tools
1:33 or alternatively like i said most
1:35 browsers just like
1:37 let you hit the f12 key so i'm hitting
1:39 the f12 key
1:42 so now that i am in um
1:43 the web
1:46 development tools um inspecting code is
1:48 usually one of the first things you do
1:51 on any website just to see if there are any
1:52 any
1:55 oddities or anything like that you don't
1:57 have to be a codemaster uh to kind of
1:59 figure out a lot of this stuff but it
2:01 does help to have a solid background in
2:03 html and javascript
2:05 to you know figure out what you're
2:06 looking at
2:08 now i will say this um
2:09 um
2:11 often uh
2:13 well i shouldn't say it shouldn't it
2:15 doesn't really happen so much anymore
2:16 but in the early days of web
2:18 applications uh there used to be
2:21 different comments in the code uh that
2:23 would like maybe reveal things that
2:24 really shouldn't be there maybe like an
2:26 admin link or
2:29 uh you know sometimes like there's been
2:31 known cases and again this is going back
2:34 a long way where there was a type of
2:36 like password that was defined
2:38 because in the early days of web
2:40 applications nobody really anticipated
2:44 any standard user uh being able to open
2:46 uh the development tools and look at the
2:48 source code or view the source
2:50 nowadays it's pretty common practice so
2:52 so
2:54 how do we find the scoreboard well uh
2:56 much like kind of that example i was
2:58 given earlier uh this
3:00 there was no link
3:03 with to the scoreboard on this web
3:05 application um so
3:05 you know
3:07 sometimes what happens is you know
3:10 somebody will post something up on a web
3:11 application and then you know somebody
3:13 goes oh no take that down we really
3:15 shouldn't have it there but it's still
3:17 accessible in some format you just don't
3:19 find a link to it
3:21 so now what we're going to do is look
3:24 for a link to the scoreboard so to do
3:26 this i'm going to click on the debugger
3:29 and i'm going to click on sources
3:31 and i'm going to locate
3:33 the main es
3:36 2018.js file okay i'm going to double
3:38 click on that
3:39 and then from there i'm going to hit
3:41 this little pretty print source so this
3:43 is going to take all this code that's here
3:44 here and
3:45 and
3:46 well make it a little more readable hopefully
3:48 hopefully
3:51 so now that i have that um what i can do
3:53 is i can do a search for
3:54 for uh
3:55 uh
3:56 basically the scoreboard i know i'm
3:58 looking for the scoreboard so i'm gonna
4:07 i'm going to hit ctrl f to initiate the
4:08 search function
4:14 now i can see references to the
4:17 scoreboard here but again if you're just
4:18 starting off you're not going to see the
4:20 scoreboard listed anywhere and that is
4:21 one of the challenges
4:23 i'm going to work my way backwards
4:25 looking for each iteration of score and
4:29 what i'm looking for is basically a
4:31 code that references router link and
4:33 router link um
4:35 um
4:36 for those of you that kind of know web
4:42 applications um it's kind of like a
4:45 h reference tag but you can't really use
4:47 it directly in html so
4:50 it's basically a mapping to another site
4:52 and that's maybe an easy way to think of it
4:53 it
4:54 so let's see if we can find anything
4:56 that mentions routered link with a
5:06 so i'm going through and i'm working my
5:07 way backwards you could work your way
5:10 forwards it doesn't really matter again
5:11 we're just kind of looking oh look at
5:13 that open scoreboard
5:17 and we see that we have scoreboard here
5:19 with a router link so now what this is
5:21 telling me is basically that
5:31 hit that
5:33 and now i have access to scoreboard if
5:35 it's your first time accessing the
5:36 scoreboard you guys see some little
5:38 fireworks here and you'll notice that
5:41 you have a challenge completed one out
5:42 of 12. okay
5:44 okay
5:46 to see all the different challenges uh
5:49 within this first level
5:50 you just click here if they're not
5:52 already active okay
5:55 our goal uh throughout this course is to
5:58 get through at least these first 12. um
6:01 i challenge you to maybe go on later on
6:03 and uh find
6:06 the higher levels and they get
6:07 more difficult
6:10 as the level goes up
6:12 scrolling down i see that i now have
6:15 and
6:17 basically it tells us it was a code
6:19 analysis and a tutorial
6:21 if we click on here it tells us
6:24 basically hey find the scoreboard right
6:28 so all good stuff there um
6:31 i'm gonna close this and that concludes
