WEBVTT 00:00.450 --> 00:03.100 Hello everyone and welcome back to part 26 of my land. 00:03.120 --> 00:08.430 Ethical Hacking course in this part we're going to look at more information gathering there's more tools 00:08.460 --> 00:12.300 that we can look up to gather information about a Web site. 00:12.810 --> 00:13.800 So the next tool. 00:13.860 --> 00:19.730 And this is specifically for the technology used on the Web sites and used to create the Web sites. 00:19.770 --> 00:26.580 So when we find that out we can also look our vulnerabilities within the application or type of programming 00:26.620 --> 00:29.460 the views to create the Web site. 00:29.490 --> 00:39.300 So if you take that craft site report and you it's the first one so the IRS should like a look like 00:39.300 --> 00:39.660 this. 00:39.660 --> 00:49.700 It will also be in the description like always give it a second to load and all you need to do is look 00:49.700 --> 00:50.850 open to the euro. 00:50.930 --> 00:55.240 So it already has like a default one for this Web site. 00:55.460 --> 01:01.760 You can type any sort of web site you URL here and get information for someone to type on my Web site 01:01.790 --> 01:07.560 which is code on command dot com so I'm just going to click enter and there's a description of my web 01:07.560 --> 01:08.500 site. 01:08.810 --> 01:13.010 The keywords and then net cruft risk rating. 01:13.010 --> 01:18.530 So this isn't really important because you can just find this out anyway by going on the Web sites and 01:18.530 --> 01:23.660 view in the source bow down here is quite useful. 01:23.690 --> 01:27.650 So the IP address of the Web site but you can just ping it anyway. 01:27.770 --> 01:32.810 Then we've got the operating system the server rooms on the Web site runs on and there's the web server 01:34.650 --> 01:38.000 now fish go down a little bit more as you can see here. 01:38.010 --> 01:39.380 These are Web trackers. 01:39.380 --> 01:45.600 So this is things like Google Analytics Google advertising add mob et cetera. 01:45.600 --> 01:50.020 So as you can see my web site has four from Google which is admirable. 01:50.020 --> 01:53.580 I am Google Ad Sense Tag Manager et cetera. 01:53.580 --> 02:00.680 So as you can see loads of these will use that sorts of things so here is suggestions with other popular 02:00.680 --> 02:01.630 sites that use it. 02:02.020 --> 02:06.100 So this BBC Ducati you can use the Google Tag Manager. 02:06.290 --> 02:13.940 Major geeks dot uses ad mob etc. Let me go down and here is the site technology so this is the most 02:13.940 --> 02:17.230 useful information that you can find about Web site. 02:18.380 --> 02:22.850 So what you want to look up is the service side. 02:22.850 --> 02:26.240 So this right here now it's got SSL enabled. 02:27.050 --> 02:31.760 So when you go to the Web site in fact it's on this one as well so as you can see here it says toolbar 02:31.760 --> 02:36.710 dot net craft e-commerce to secure connections so basically any information you pass across to this 02:36.700 --> 02:39.200 Web site is secure and encrypted. 02:39.200 --> 02:40.440 If I go to my Web site 02:43.820 --> 02:47.410 Clemenza let it load a second. 02:47.780 --> 02:49.760 As you can see it's also the same. 02:49.790 --> 02:51.770 So that's why SSL is. 02:52.130 --> 02:55.180 I'll discuss more about SSL and encryption et cetera. 02:55.280 --> 02:56.570 So just close my Web site now. 02:57.470 --> 03:02.720 And then there's p p enabled said the server does support BHP and it's also enabled. 03:03.440 --> 03:10.540 So that means that it's using BHP and it's in fact it is created with BHP and BHP is just a service 03:10.540 --> 03:12.940 added programming language. 03:13.610 --> 03:20.810 Basically Page who will interact your database your Web site's database with your Web site. 03:20.810 --> 03:26.180 So when you enter information like you log in or sign or pin factory register to my Web site that will 03:26.180 --> 03:30.860 send your information so it will create your username password pass on to the database and then your 03:30.860 --> 03:36.050 password will be encrypted your user name will be saved in the database and then that's for future use 03:36.050 --> 03:41.230 when you want to log back in it or just check the details that you enter with the details in the database. 03:41.300 --> 03:49.360 So BHP can be like a vulnerability or it can be manipulated then it's used in JavaScript. 03:49.370 --> 03:55.010 Now this isn't very useful because where we want to attack the website server or the Web site itself 03:55.040 --> 04:03.140 with vulnerabilities but the client side JavaScript only works on your actual computer if that makes 04:03.140 --> 04:03.680 sense. 04:03.680 --> 04:08.540 So when you visit the servers Web site on the Web site displays client side stuff will only affect you 04:08.540 --> 04:16.250 so javascript affects the behavior of the Web sites without rooms on your end not the server side. 04:16.250 --> 04:21.080 If we go down a little bit more does the advertising network so-called Google Ad Sense again we already 04:21.080 --> 04:27.110 knew that then this is probably the most important bit of information that we can find is that it's 04:27.110 --> 04:33.440 a page application so this is what is the Web site has been made with and what it runs on. 04:33.440 --> 04:35.590 So as you can see it's a page P application. 04:35.600 --> 04:43.460 Now if they created this Web site in this case it's my Web site so if I created with this with I think 04:43.460 --> 04:48.980 WordPress then it would say WordPress application and then you can search for wordpress vulnerabilities 04:50.120 --> 04:53.500 but in this case it's a page P HP application. 04:53.630 --> 04:58.120 And as you can see the technology that is used is a coding native framework. 04:58.200 --> 05:04.970 So this if a copy and Googling it's basically all just search google for it's essentially just a page 05:04.970 --> 05:12.920 P framework as you can see here but you can also search for like vulnerabilities and they go to some 05:12.920 --> 05:20.130 security vulnerabilities with code igniter so you get the idea with this. 05:20.130 --> 05:25.140 So you can search for the application it is made with the framework it's made with and then just search 05:25.140 --> 05:30.790 for vulnerabilities and then that Web site might have that vulnerability still on their Web site. 05:30.870 --> 05:35.550 Then there's other certain things like the doc type what type of hatred email it uses in the CSF that 05:35.550 --> 05:38.660 uses so it's external CSR assets not internal. 05:39.030 --> 05:42.160 Every website will have external CSX. 05:42.930 --> 05:46.340 Because the advantages of that outweigh the disadvantages. 05:46.350 --> 05:48.690 But we're not here to talk about CSX. 05:49.140 --> 05:56.970 So this is just an extra information gathering tool that you can use so there's one more left up to 05:56.980 --> 05:59.290 this but I'll leave this video here. 05:59.290 --> 06:04.940 So you already know now two methods of finding information about a server. 06:05.350 --> 06:11.500 Once you've got all the information what you're gonna do is we're gonna try to we're going to look at 06:11.500 --> 06:15.840 certain vulnerabilities basic vulnerabilities such as ask you all injection. 06:15.880 --> 06:20.760 Now that is pretty outdated at the moment but there's still some Web sites that still have it. 06:21.170 --> 06:29.430 Then we're gonna look at and try to think what we'll do what we'll do is we'll look at them sort of 06:29.430 --> 06:36.980 vulnerabilities to lay all them or look at it in more advanced ones and then we'll start to D face applied 06:36.990 --> 06:38.310 shells. 06:38.730 --> 06:43.870 And many of the things that you can do with web sites or to try to Penthouse Web sites. 06:44.010 --> 06:46.200 So I'll leave this video here for now. 06:46.200 --> 06:50.000 If it did help please if like comments if you stick with anything I'll be happy to help you describe 06:50.010 --> 06:50.880 for future content. 06:50.880 --> 06:52.590 And I will see you all in the next video.