1 00:00:00,060 --> 00:00:01,180 Welcome back, everyone. 2 00:00:01,200 --> 00:00:10,670 This is a finish and we have started our most exciting journey, but Web application hacking, OK, 3 00:00:11,730 --> 00:00:17,070 now this is very similar to what we have done, but 4 00:00:19,800 --> 00:00:23,070 dogged Windows machine hacking done machine hacking. 5 00:00:24,540 --> 00:00:34,140 And if you recall, we have conceded things considered an example of how often often our country was 6 00:00:34,320 --> 00:00:34,990 or any. 7 00:00:35,640 --> 00:00:44,310 And Stewart, who's struggling with trying to attack another enemy, an immigrant, basically, and 8 00:00:44,310 --> 00:00:52,440 know what is happening, is before you can even think of attacking the target, you have to understand 9 00:00:52,860 --> 00:00:56,250 some detail about the dog in the territory. 10 00:00:56,250 --> 00:01:03,960 The geography, the better the location, the kind of people you would be attacking with the nature 11 00:01:03,960 --> 00:01:10,400 of them, what kind of weapons they have, what time, the day, what time they won't be available. 12 00:01:11,610 --> 00:01:15,870 This all consider considered a part of information gathering. 13 00:01:16,380 --> 00:01:24,000 And if you see, you will be covering as a part of of us vulnerability of those five from those five 14 00:01:24,000 --> 00:01:24,450 points. 15 00:01:25,200 --> 00:01:31,560 So in the information gathering, we'll be covering all possible information about the target website 16 00:01:31,560 --> 00:01:40,830 or web application that we can use it for our further exploitation and further go further to compromise 17 00:01:40,830 --> 00:01:42,420 our target web application. 18 00:01:42,450 --> 00:01:42,740 Right. 19 00:01:42,750 --> 00:01:43,890 So let's get started. 20 00:01:44,250 --> 00:01:50,910 Well, I'll give you an idea about what all parameters will be helpful as a part of information gathering 21 00:01:50,910 --> 00:01:51,360 stage. 22 00:01:51,690 --> 00:02:01,080 OK, so first, as we if we can gather the beheader information, even if you recall in the SDP in the 23 00:02:01,080 --> 00:02:03,210 demo in the lap is a lot. 24 00:02:03,210 --> 00:02:09,840 But itself, I have shown you how to get the information about the beheader that can be helpful and 25 00:02:10,110 --> 00:02:11,610 you get the idea about Target. 26 00:02:11,820 --> 00:02:14,790 So what's the version of it? 27 00:02:14,790 --> 00:02:23,430 And right then you can if you can get to see what are the bolts and services running on the target web 28 00:02:23,430 --> 00:02:29,660 application, that can be helpful as well, because once, you know, if there's any unwanted board 29 00:02:29,670 --> 00:02:34,260 open, you can probably exploit the target. 30 00:02:34,260 --> 00:02:40,400 Might make use of those unwanted bolts, usually by application works on ETN and 443. 31 00:02:40,410 --> 00:02:46,650 If there is any unwanted bolts or any other ports open, you can send your malicious traffic on those 32 00:02:46,650 --> 00:02:47,040 posts. 33 00:02:47,040 --> 00:02:49,530 And I bet you have services. 34 00:02:49,530 --> 00:02:57,330 Of course, there are many services who which are found to be infected, which are found to be vulnerable. 35 00:02:57,330 --> 00:03:05,730 If the target website or web application is not updated, we can make use of an attack. 36 00:03:05,730 --> 00:03:15,360 We can make use of an attack bait specifically to to to compromise the target by using that vulnerability. 37 00:03:15,840 --> 00:03:22,380 OK, so if we know about what these services is running on the Apache, let's say, for example, if 38 00:03:22,380 --> 00:03:24,990 it's Apache, what would be the wording of it? 39 00:03:24,990 --> 00:03:32,280 And if we get the idea, OK, if that specific Apache version is being affected, it's been impacted 40 00:03:32,280 --> 00:03:37,560 by many of these these sort of vulnerabilities, we can prepare the weapon accordingly. 41 00:03:37,560 --> 00:03:39,670 We can prepare to attack accordingly. 42 00:03:40,120 --> 00:03:43,020 So that's one thing, a known vulnerabilities. 43 00:03:43,290 --> 00:03:49,560 Of course, that's what we are going that if there is any known vulnerability about the target Web application 44 00:03:49,560 --> 00:03:54,880 Web site as well, that would be helpful for this will be making use of scanners. 45 00:03:55,650 --> 00:04:01,750 There are many open source and Web application scanners available. 46 00:04:01,960 --> 00:04:10,620 And NASA's Squillace next post and many more will be making use of each one of them in much more detail. 47 00:04:11,000 --> 00:04:18,150 OK, and this is why this this entire course would be so helpful, because you would be making use of 48 00:04:18,150 --> 00:04:27,300 what this is what is being used in the industry, what is being used in the current situation by all 49 00:04:27,300 --> 00:04:27,930 the industry. 50 00:04:28,050 --> 00:04:36,870 OK, and then sensitive data leakage, if you can find any data of the target application that that 51 00:04:36,870 --> 00:04:45,870 you can possibly make use of it to understand the target, probably that that the application might 52 00:04:45,870 --> 00:04:53,400 be having some hidden files where you have credentials, user information, customer database that can 53 00:04:53,400 --> 00:04:55,350 be adapted for that customer site. 54 00:04:55,580 --> 00:04:55,890 Right. 55 00:04:56,580 --> 00:04:58,740 Finding email addresses, of course, if. 56 00:05:00,000 --> 00:05:05,940 You can probably guess the email address based on the domain name, but there could be a situation about 57 00:05:05,940 --> 00:05:09,930 how how effectively you can find the correct one. 58 00:05:10,380 --> 00:05:17,070 And what would be the use of it if you know the email addresses, if you know the most of the email 59 00:05:17,070 --> 00:05:18,840 addresses of the target site. 60 00:05:19,110 --> 00:05:22,800 You can probably plan your phishing attack accordingly. 61 00:05:22,800 --> 00:05:34,560 If you remember, we have made use of we made use of our payload to attack Windows Machine and for delivery 62 00:05:34,980 --> 00:05:37,320 because both the system was on the same lab. 63 00:05:37,530 --> 00:05:43,200 You made use of a drive by download wherein we will be made use of a batch of server. 64 00:05:43,590 --> 00:05:45,840 But this won't be most of the time useful. 65 00:05:45,870 --> 00:05:46,200 Right. 66 00:05:46,230 --> 00:05:53,310 So that's why the best strategy would be to send a phishing e-mail or probably social social engineering 67 00:05:53,310 --> 00:05:54,180 attack and everything. 68 00:05:54,600 --> 00:06:01,710 In case of phishing e-mail, we have to send our payload in such a way that, yes, user downloaded 69 00:06:01,710 --> 00:06:02,250 that file. 70 00:06:02,430 --> 00:06:08,250 OK, and that's why it is very, very important for us to give the email addresses right. 71 00:06:08,590 --> 00:06:10,220 The targets target site. 72 00:06:10,950 --> 00:06:16,110 And in fact, those email addresses has to be of people who are non technical. 73 00:06:17,010 --> 00:06:25,770 So good social engineering attacks make use of folks from H.R. team folks for a marketing team that's 74 00:06:25,820 --> 00:06:31,500 our team are very much susceptible, very much vulnerable to this attack because that's those are the 75 00:06:31,500 --> 00:06:39,940 folks we're seeing more and more, more and more files from the end user as a part of Fresu man. 76 00:06:40,300 --> 00:06:42,060 So I lose sleep and all the suffering. 77 00:06:42,630 --> 00:06:47,330 When you look at the finance team, those are the juicy folks. 78 00:06:47,340 --> 00:06:50,730 But at the same time, companies understand that. 79 00:06:50,730 --> 00:06:55,540 And for finance team and variety team, there are huge and admin team as well. 80 00:06:55,560 --> 00:06:57,590 There's a huge security already in place. 81 00:06:58,860 --> 00:07:05,070 And in fact, if you try to compromise the I.T. team, you get the email addresses of their own folks 82 00:07:05,280 --> 00:07:12,180 and they know the technology very well, but they might get the idea and they they might not download 83 00:07:12,180 --> 00:07:12,570 the file. 84 00:07:12,750 --> 00:07:13,350 Well, right. 85 00:07:13,350 --> 00:07:19,740 And they may get a load analysis of SSL until you get the idea. 86 00:07:19,740 --> 00:07:26,790 OK, what is the SSL version, dearest version and is there any vulnerability of those words as well? 87 00:07:26,790 --> 00:07:28,970 You can probably compromised the site again. 88 00:07:29,400 --> 00:07:35,810 So this is all carries the supporters of our information gathering speech now. 89 00:07:35,820 --> 00:07:43,140 And this itself will be having will be covering each of this block in much more detail than you have 90 00:07:43,140 --> 00:07:44,040 ever imagined. 91 00:07:44,170 --> 00:07:51,480 OK, so we'll be covering each of these points, each of these points in multiple segments, in multiple 92 00:07:51,720 --> 00:07:59,020 videos, and will be making use of many open source and commercial tools as well in order to districts 93 00:07:59,280 --> 00:08:01,290 to make it more and more realistic. 94 00:08:01,620 --> 00:08:10,140 And because the more you go closer to the industry, the more you understand the this industry of ethical 95 00:08:10,140 --> 00:08:14,140 hacking, cyber security or security testing, whatever you say. 96 00:08:14,430 --> 00:08:14,820 All right. 97 00:08:15,210 --> 00:08:16,920 So let's get started.