1 00:00:01,960 --> 00:00:09,030 Today we're going to learn how to get information about the technologies used by the target website. 2 00:00:09,250 --> 00:00:14,350 So we're going to use a Web site called Netcraft and I'm going to put my target here and as you can 3 00:00:14,350 --> 00:00:16,950 see I already put it there security dot org. 4 00:00:17,260 --> 00:00:23,830 So I'm just going to hit enter and again first of all you'll see some basic information such as the 5 00:00:23,830 --> 00:00:27,580 website title the description the key words. 6 00:00:27,700 --> 00:00:36,140 And when the website was created scroll down you'll see the Web site itself the domain name the IP address 7 00:00:36,150 --> 00:00:40,190 just like we've seen in the previous video the domain register are. 8 00:00:40,190 --> 00:00:43,790 So the company who registered the domain for us for security. 9 00:00:44,400 --> 00:00:47,700 And you also see information about the organization. 10 00:00:47,880 --> 00:00:54,030 And here you can see it for this example because security is using privacy protection but usually you'll 11 00:00:54,030 --> 00:00:57,030 be able to see it and see more information. 12 00:00:57,030 --> 00:01:00,700 We can also see that it's hosted in Netherlands. 13 00:01:00,720 --> 00:01:05,300 We can see the name server which is the Knopf dot net. 14 00:01:05,360 --> 00:01:11,820 And again if you just go to them not dot net you'll discover that this is a Web site for web hosting. 15 00:01:11,900 --> 00:01:17,870 So we know this is a web hosting company in worst worst case scenarios we can use this or try to hack 16 00:01:17,900 --> 00:01:21,640 into them of itself to gain access to security. 17 00:01:23,840 --> 00:01:30,620 Scroll down you'll see history of the hosting company is that security used and we can see that the 18 00:01:30,620 --> 00:01:36,980 latest one is this one and so on and on Linux with Apache same server that we've seen in the previous 19 00:01:36,980 --> 00:01:41,600 video to point three point three one with Unix mode SSL and all the other add ons. 20 00:01:41,870 --> 00:01:50,480 Again this is very important to find vulnerabilities and exploits on our target computer in the security 21 00:01:50,480 --> 00:01:54,880 section you'll see if the website has any spam and you can see that it doesn't really have any spam 22 00:01:56,280 --> 00:02:04,080 scrolling down on the web trackers it will show you the third party resources or applications used on 23 00:02:04,110 --> 00:02:11,420 our target so we can see that our target uses Google Analytics Google CD and and other Google services. 24 00:02:11,430 --> 00:02:16,650 So this could also help us to find or gain access to the tablet computer. 25 00:02:18,220 --> 00:02:24,250 The technology is one of the most important tabs or sections in here because it shows us the technologies 26 00:02:24,250 --> 00:02:30,500 used on the target's Web site so we can see it use an Apache web server we already know that on the 27 00:02:30,500 --> 00:02:34,480 server side we can see that the Web site uses BHB. 28 00:02:34,700 --> 00:02:40,470 So this means the website can run can understand and run ph code. 29 00:02:40,520 --> 00:02:47,000 This is very important because in the future if we manage to run any kind of code on our target then 30 00:02:47,000 --> 00:02:53,480 we know this code should be sent as page code so for creating payloads in Meet asteroid or even evasion 31 00:02:53,810 --> 00:03:00,020 we should create them in PNH format and the target web site will be able to run them because it can 32 00:03:00,020 --> 00:03:07,380 support support ph we on the client side we can see that the Web site supports Javascript. 33 00:03:07,570 --> 00:03:13,960 So if you run javascript or if you manage to run javascript code on the website site it's not going 34 00:03:13,960 --> 00:03:15,860 to be executed on the Web site. 35 00:03:15,910 --> 00:03:22,630 Will be executed on the users who see the Web site because Javascript is a client that client side language 36 00:03:23,320 --> 00:03:26,200 and ph is a server side. 37 00:03:26,310 --> 00:03:31,590 So if we if we manage the wrong ph code it will be executed on the server itself. 38 00:03:31,800 --> 00:03:38,130 If you manage to run javascript it's going to be executed on the users or the people who visit the website 39 00:03:41,260 --> 00:03:42,450 Same here with Jay. 40 00:03:42,460 --> 00:03:44,910 This is just a framework for javascript. 41 00:03:46,380 --> 00:03:49,780 Scroll down we can see that the Web site uses WordPress. 42 00:03:50,070 --> 00:03:57,940 This is very important so Netcraft will also show you any web applications being used on the Web site. 43 00:03:58,080 --> 00:04:01,340 So Wordpress is just a web application so you can see other examples. 44 00:04:01,350 --> 00:04:08,220 In your case and it's open source web application that a lot of other web sites might have. 45 00:04:08,220 --> 00:04:15,250 The good thing about this is you can go and find exploits or vulnerabilities within this web application. 46 00:04:15,450 --> 00:04:23,140 If you are lucky enough to find an existing one then you can go ahead and exploited on the target website. 47 00:04:23,170 --> 00:04:27,730 So for example we have WordPress in our example and I'm going to go to exploit database 48 00:04:32,250 --> 00:04:35,940 and if we go on the search here. 49 00:04:36,030 --> 00:04:40,360 So I'm just going to type in wordpress here and see I'm not a robot. 50 00:04:41,970 --> 00:04:43,170 Then we're going to search 51 00:04:46,580 --> 00:04:52,030 and as you can see we've we managed to find a lot of the exploits related to WordPress. 52 00:04:52,040 --> 00:04:57,140 Now these are related to different versions of Wordpress so you need to make sure that you have the 53 00:04:57,140 --> 00:05:03,110 same version on your target and we'll have examples to see how to use exploits like these. 54 00:05:03,320 --> 00:05:07,200 But it just shows you how powerful information gathering is. 55 00:05:09,450 --> 00:05:12,710 Again going down you can see that the Web site uses C panel. 56 00:05:12,720 --> 00:05:16,490 This is another web application it's a hosting control panel. 57 00:05:16,560 --> 00:05:21,810 Again you can go on exploit database and see if you can find any vulnerabilities or exploits related 58 00:05:21,810 --> 00:05:29,770 to and you can also find other information such as that Web site uses HDMI and five uses VSS and all 59 00:05:29,780 --> 00:05:31,190 that kind of stuff. 60 00:05:31,190 --> 00:05:36,450 So Netcraft is really useful from what we managed to know that the website runs ph. 61 00:05:36,680 --> 00:05:43,550 Iran's javascript it uses WordPress so we can use Wordpress to hack into the website A.E. panel and 62 00:05:43,790 --> 00:05:50,030 we can also if we go up we also manage to know the Web Hosting or even we found that in the previous 63 00:05:50,030 --> 00:05:55,150 video that demin of is the web hosting company of this Web site. 64 00:05:55,280 --> 00:06:02,140 So in worst case scenarios we can try to hack into that web hosting and gain access to our target website.