1 00:00:00,150 --> 00:00:01,060 Welcome back, everyone. 2 00:00:01,080 --> 00:00:09,780 This is a niche and this is yet another wonderful session on information gathering for sure, but this 3 00:00:09,780 --> 00:00:14,920 way, this time will be making use of SCDP enumeration. 4 00:00:15,420 --> 00:00:20,040 Now, what exactly does the end map? 5 00:00:20,070 --> 00:00:25,670 We can perform the entire application scanning just with one command. 6 00:00:25,980 --> 00:00:34,620 I like to like open vast Nessus, where you have to go to the command line, you know, the Web, they're 7 00:00:34,770 --> 00:00:40,140 using the graphical user interface and you have to select multiple options and all this stuff. 8 00:00:40,710 --> 00:00:42,310 Then map moppets quick. 9 00:00:42,720 --> 00:00:46,770 You just have to start a couple of commands and you're good to go. 10 00:00:47,480 --> 00:00:55,040 Remember, with SCDP information, what we have been doing earlier, we have done, in fact, earlier, 11 00:00:55,260 --> 00:01:01,380 though, to gather information, the intrusted file, the potentially risky file, what we have done 12 00:01:01,380 --> 00:01:08,550 with the DIA busters and any information, any information gathering tools as well that we have done 13 00:01:08,550 --> 00:01:11,810 with reconning and Nessa's scanners, open maps as well. 14 00:01:12,210 --> 00:01:15,300 We can do all of them with S2P being operation. 15 00:01:15,300 --> 00:01:23,700 It actually scan basically performed the spidering of the entire Web application and delu of under reports 16 00:01:25,140 --> 00:01:32,060 about what are the directories or one of the folders are basically explode. 17 00:01:32,070 --> 00:01:33,690 So you are open. 18 00:01:33,690 --> 00:01:36,820 So it can tell you this is the interesting file. 19 00:01:37,110 --> 00:01:39,450 This is the interesting directory basically. 20 00:01:39,450 --> 00:01:44,160 And then you can possibly possibly try and looking into it being a hacker. 21 00:01:44,160 --> 00:01:44,440 Right. 22 00:01:44,880 --> 00:01:47,630 So let's get started again. 23 00:01:47,650 --> 00:01:50,190 Will have to get back to work machine. 24 00:01:50,760 --> 00:01:57,840 And at this time with this data, we go to Autogen, which is over here last BWV. 25 00:02:00,640 --> 00:02:10,080 And well, as you already know, if you are following me thoroughly, it's on tendency toward one doctor 26 00:02:10,120 --> 00:02:16,190 that's over with this, but very aware of SPW. 27 00:02:16,240 --> 00:02:18,040 We basically being close. 28 00:02:18,240 --> 00:02:20,010 That's a broken Web application. 29 00:02:20,710 --> 00:02:23,890 And let's try it on the script. 30 00:02:23,890 --> 00:02:25,900 Name is SCDP Inam. 31 00:02:28,410 --> 00:02:33,030 What all you would need to do is you simply have to. 32 00:02:35,030 --> 00:02:37,800 Uh, you can make the script. 33 00:02:39,600 --> 00:02:44,870 Debbie, and then you can straight over to find the IP address if you want. 34 00:02:44,900 --> 00:02:45,170 Right. 35 00:02:45,770 --> 00:02:52,010 So that's that's pretty quick, right, that there's nothing you have to go doing it. 36 00:02:52,050 --> 00:02:55,790 Try and wait for us again and let's see what the response comes back. 37 00:02:57,630 --> 00:02:58,190 Lovely. 38 00:02:58,920 --> 00:03:06,420 Now what we get, we get to see what other ports open on the on the server, there's 20 to Bordewich 39 00:03:06,420 --> 00:03:12,330 is such a system, just four and waterlogging to the devices and eighty four. 40 00:03:12,810 --> 00:03:14,950 Of course, there are some more as well. 41 00:03:14,970 --> 00:03:18,840 One three nine one forty three four four three which is a steeps. 42 00:03:20,100 --> 00:03:28,140 These are open and if you see there is an SCDP numeration has been done and it finds that what press 43 00:03:28,140 --> 00:03:35,580 folder is available, which is the blogsite, this page, this and this and all the stuff, it was Domenik, 44 00:03:35,590 --> 00:03:38,480 some of which is you get the information as well. 45 00:03:38,850 --> 00:03:40,170 And this is the idea. 46 00:03:40,170 --> 00:03:43,570 You might get the get the point about right. 47 00:03:43,590 --> 00:03:51,240 We most of us, if the site is a WordPress, most of us know that we can log into the WordPress as an 48 00:03:51,240 --> 00:04:01,590 admin if we have the current arrangement with the WP login that PSP, which is usually with the same 49 00:04:02,760 --> 00:04:03,850 login page itself. 50 00:04:04,770 --> 00:04:11,700 And there are some interesting folders available as well, potentially interesting folders under this 51 00:04:11,700 --> 00:04:12,210 directory. 52 00:04:12,600 --> 00:04:17,140 CGI bin and icons are available here and images as well. 53 00:04:17,550 --> 00:04:24,090 And again, there are some more Apache Tomcat FAWZY four are not unauthorized. 54 00:04:25,080 --> 00:04:27,510 There's Docs folders available as well. 55 00:04:27,510 --> 00:04:29,370 Potentially intrusted folder where? 56 00:04:29,670 --> 00:04:36,480 Why potentially interesting because this is where this is can be can be explored to see. 57 00:04:36,480 --> 00:04:42,410 Is there any backfills or denigrations file has been stored, any old file or all the stuff. 58 00:04:42,420 --> 00:04:42,630 Right. 59 00:04:42,990 --> 00:04:52,530 So this is what we could probably do now if if you, if you want to see any specific directory itself. 60 00:04:52,530 --> 00:04:52,790 Right. 61 00:04:52,920 --> 00:05:00,510 Or maybe you see this over SBW, a broken web application is hosting multiple application in Third-rate 62 00:05:00,720 --> 00:05:05,540 and every application is get is actually into a different directory altogether. 63 00:05:05,880 --> 00:05:12,240 So if you just want to be focused on a specific application, which is a part of a specific directory, 64 00:05:12,750 --> 00:05:19,260 and let me show you how if let's say I want to reach out to this application, I just want to open it 65 00:05:19,620 --> 00:05:22,200 with the moment you click on it, you see the difference. 66 00:05:22,380 --> 00:05:24,980 It's basically in a different directory all together. 67 00:05:25,380 --> 00:05:32,280 So when somebody you want to access it, they should be knowing not just the host IP address, but also 68 00:05:32,280 --> 00:05:36,340 the directory as well in order to access to mutely. 69 00:05:36,360 --> 00:05:42,350 And I'm not sure if that's the way it has to be pronounced, but it's pretty weird. 70 00:05:42,360 --> 00:05:42,690 Yeah. 71 00:05:43,200 --> 00:05:45,360 So that's what we can go for. 72 00:05:45,360 --> 00:05:50,470 And let's say if you want to get get into it, what are you going to do. 73 00:05:50,550 --> 00:05:53,640 You can make use of, of. 74 00:05:54,480 --> 00:06:01,440 Yeah, you can make use of a base but you can define the directory as well if you would like to go in 75 00:06:01,440 --> 00:06:02,290 much more detail. 76 00:06:02,820 --> 00:06:08,700 So this even be applicable for any sort of scanning you might perform for it now. 77 00:06:08,820 --> 00:06:09,140 Right. 78 00:06:10,110 --> 00:06:18,150 What do you need to do is you need to define script and arguments with it and you basically have to 79 00:06:18,150 --> 00:06:28,280 define the base path and with this sorry base path. 80 00:06:28,290 --> 00:06:32,260 And that's where you basically define what is the director you're looking for. 81 00:06:32,390 --> 00:06:35,780 You specify what the director's slash. 82 00:06:36,870 --> 00:06:41,390 That's the key to the right. 83 00:06:41,700 --> 00:06:42,030 OK. 84 00:06:44,210 --> 00:06:46,010 All right, so that's done. 85 00:06:46,050 --> 00:06:49,770 And yeah, and then you define your target. 86 00:06:49,790 --> 00:06:52,770 So then zeroed out one 12. 87 00:06:54,530 --> 00:06:54,970 All right. 88 00:06:54,980 --> 00:07:00,380 So it looks pretty good, if not, than we are expected to have an error for sure. 89 00:07:00,650 --> 00:07:02,180 So now what what do you think? 90 00:07:02,180 --> 00:07:04,270 What's going to happen in this? 91 00:07:04,280 --> 00:07:13,180 You have seen the generic, you know, details about the entire site, irrespective of a specific domain. 92 00:07:13,520 --> 00:07:23,990 But you when when when you are specific about a specific application in our case at this, then you 93 00:07:23,990 --> 00:07:28,610 would see all the details specific to this application only. 94 00:07:29,900 --> 00:07:32,270 Look at Endor and let's see what comes. 95 00:07:35,780 --> 00:07:36,350 Lovely. 96 00:07:36,680 --> 00:07:47,270 You see, this is all related with the same application and yeah, so you probably can get the better 97 00:07:47,270 --> 00:07:54,320 idea and probably can get the insight about how how it would really make sense to you. 98 00:07:55,250 --> 00:08:03,860 It's pretty pretty much looking scene in a way about what the directory and other readers it is. 99 00:08:03,860 --> 00:08:12,440 And that's how we can go in detail and look into a specific directory and specific information about 100 00:08:12,440 --> 00:08:16,250 either the entire site or probably the directory itself. 101 00:08:16,310 --> 00:08:16,710 All right. 102 00:08:17,030 --> 00:08:19,240 So I hope this was helpful for you. 103 00:08:19,250 --> 00:08:20,640 Will catch in the next edition. 104 00:08:20,700 --> 00:08:21,400 And thank you.