1
00:00:01,960 --> 00:00:09,030
Today we're going to learn how to get information about the technologies used by the target website.

2
00:00:09,250 --> 00:00:14,350
So we're going to use a Web site called Netcraft and I'm going to put my target here and as you can

3
00:00:14,350 --> 00:00:16,950
see I already put it there security dot org.

4
00:00:17,260 --> 00:00:23,830
So I'm just going to hit enter and again first of all you'll see some basic information such as the

5
00:00:23,830 --> 00:00:27,580
website title the description the key words.

6
00:00:27,700 --> 00:00:36,140
And when the website was created scroll down you'll see the Web site itself the domain name the IP address

7
00:00:36,150 --> 00:00:40,190
just like we've seen in the previous video the domain register are.

8
00:00:40,190 --> 00:00:43,790
So the company who registered the domain for us for security.

9
00:00:44,400 --> 00:00:47,700
And you also see information about the organization.

10
00:00:47,880 --> 00:00:54,030
And here you can see it for this example because security is using privacy protection but usually you'll

11
00:00:54,030 --> 00:00:57,030
be able to see it and see more information.

12
00:00:57,030 --> 00:01:00,700
We can also see that it's hosted in Netherlands.

13
00:01:00,720 --> 00:01:05,300
We can see the name server which is the Knopf dot net.

14
00:01:05,360 --> 00:01:11,820
And again if you just go to them not dot net you'll discover that this is a Web site for web hosting.

15
00:01:11,900 --> 00:01:17,870
So we know this is a web hosting company in worst worst case scenarios we can use this or try to hack

16
00:01:17,900 --> 00:01:21,640
into them of itself to gain access to security.

17
00:01:23,840 --> 00:01:30,620
Scroll down you'll see history of the hosting company is that security used and we can see that the

18
00:01:30,620 --> 00:01:36,980
latest one is this one and so on and on Linux with Apache same server that we've seen in the previous

19
00:01:36,980 --> 00:01:41,600
video to point three point three one with Unix mode SSL and all the other add ons.

20
00:01:41,870 --> 00:01:50,480
Again this is very important to find vulnerabilities and exploits on our target computer in the security

21
00:01:50,480 --> 00:01:54,880
section you'll see if the website has any spam and you can see that it doesn't really have any spam

22
00:01:56,280 --> 00:02:04,080
scrolling down on the web trackers it will show you the third party resources or applications used on

23
00:02:04,110 --> 00:02:11,420
our target so we can see that our target uses Google Analytics Google CD and and other Google services.

24
00:02:11,430 --> 00:02:16,650
So this could also help us to find or gain access to the tablet computer.

25
00:02:18,220 --> 00:02:24,250
The technology is one of the most important tabs or sections in here because it shows us the technologies

26
00:02:24,250 --> 00:02:30,500
used on the target's Web site so we can see it use an Apache web server we already know that on the

27
00:02:30,500 --> 00:02:34,480
server side we can see that the Web site uses BHB.

28
00:02:34,700 --> 00:02:40,470
So this means the website can run can understand and run ph code.

29
00:02:40,520 --> 00:02:47,000
This is very important because in the future if we manage to run any kind of code on our target then

30
00:02:47,000 --> 00:02:53,480
we know this code should be sent as page code so for creating payloads in Meet asteroid or even evasion

31
00:02:53,810 --> 00:03:00,020
we should create them in PNH format and the target web site will be able to run them because it can

32
00:03:00,020 --> 00:03:07,380
support support ph we on the client side we can see that the Web site supports Javascript.

33
00:03:07,570 --> 00:03:13,960
So if you run javascript or if you manage to run javascript code on the website site it's not going

34
00:03:13,960 --> 00:03:15,860
to be executed on the Web site.

35
00:03:15,910 --> 00:03:22,630
Will be executed on the users who see the Web site because Javascript is a client that client side language

36
00:03:23,320 --> 00:03:26,200
and ph is a server side.

37
00:03:26,310 --> 00:03:31,590
So if we if we manage the wrong ph code it will be executed on the server itself.

38
00:03:31,800 --> 00:03:38,130
If you manage to run javascript it's going to be executed on the users or the people who visit the website

39
00:03:41,260 --> 00:03:42,450
Same here with Jay.

40
00:03:42,460 --> 00:03:44,910
This is just a framework for javascript.

41
00:03:46,380 --> 00:03:49,780
Scroll down we can see that the Web site uses WordPress.

42
00:03:50,070 --> 00:03:57,940
This is very important so Netcraft will also show you any web applications being used on the Web site.

43
00:03:58,080 --> 00:04:01,340
So Wordpress is just a web application so you can see other examples.

44
00:04:01,350 --> 00:04:08,220
In your case and it's open source web application that a lot of other web sites might have.

45
00:04:08,220 --> 00:04:15,250
The good thing about this is you can go and find exploits or vulnerabilities within this web application.

46
00:04:15,450 --> 00:04:23,140
If you are lucky enough to find an existing one then you can go ahead and exploited on the target website.

47
00:04:23,170 --> 00:04:27,730
So for example we have WordPress in our example and I'm going to go to exploit database

48
00:04:32,250 --> 00:04:35,940
and if we go on the search here.

49
00:04:36,030 --> 00:04:40,360
So I'm just going to type in wordpress here and see I'm not a robot.

50
00:04:41,970 --> 00:04:43,170
Then we're going to search

51
00:04:46,580 --> 00:04:52,030
and as you can see we've we managed to find a lot of the exploits related to WordPress.

52
00:04:52,040 --> 00:04:57,140
Now these are related to different versions of Wordpress so you need to make sure that you have the

53
00:04:57,140 --> 00:05:03,110
same version on your target and we'll have examples to see how to use exploits like these.

54
00:05:03,320 --> 00:05:07,200
But it just shows you how powerful information gathering is.

55
00:05:09,450 --> 00:05:12,710
Again going down you can see that the Web site uses C panel.

56
00:05:12,720 --> 00:05:16,490
This is another web application it's a hosting control panel.

57
00:05:16,560 --> 00:05:21,810
Again you can go on exploit database and see if you can find any vulnerabilities or exploits related

58
00:05:21,810 --> 00:05:29,770
to and you can also find other information such as that Web site uses HDMI and five uses VSS and all

59
00:05:29,780 --> 00:05:31,190
that kind of stuff.

60
00:05:31,190 --> 00:05:36,450
So Netcraft is really useful from what we managed to know that the website runs ph.

61
00:05:36,680 --> 00:05:43,550
Iran's javascript it uses WordPress so we can use Wordpress to hack into the website A.E. panel and

62
00:05:43,790 --> 00:05:50,030
we can also if we go up we also manage to know the Web Hosting or even we found that in the previous

63
00:05:50,030 --> 00:05:55,150
video that demin of is the web hosting company of this Web site.

64
00:05:55,280 --> 00:06:02,140
So in worst case scenarios we can try to hack into that web hosting and gain access to our target website.