1 00:00:00,120 --> 00:00:00,960 Welcome back, everyone. 2 00:00:00,990 --> 00:00:05,100 This is a speech and this session is about sensitive data leakage. 3 00:00:05,640 --> 00:00:12,780 Remember, we are still in the information gathering stage and we are still trying to get more and more 4 00:00:12,780 --> 00:00:14,370 information about our target. 5 00:00:14,580 --> 00:00:21,900 OK, so we have we have covered an idea about how to get the information from the target application 6 00:00:22,440 --> 00:00:30,200 about the boats and boats vulnerabilities, open borders services version of the software. 7 00:00:30,630 --> 00:00:38,330 We even got to know how to run one of the scanners like Nessa's and map open vasts as well. 8 00:00:38,340 --> 00:00:42,750 And even we got the idea about how to analyze the HTP as well. 9 00:00:43,170 --> 00:00:54,420 Now, this is about getting the idea about the any sensitive data which might have been left by the 10 00:00:54,420 --> 00:00:58,170 developer of the of the of the Web application. 11 00:00:59,700 --> 00:01:05,150 Not not intentionally, but maybe those are those are some of the hidden files. 12 00:01:05,760 --> 00:01:13,400 And so we we have to look for those files if those are possibly available. 13 00:01:13,920 --> 00:01:21,900 This this can be used by hackers to, you know, get get the idea about the U.S. ambassadors of the 14 00:01:21,900 --> 00:01:22,920 website itself. 15 00:01:23,310 --> 00:01:24,510 I'm not saying this. 16 00:01:24,750 --> 00:01:29,040 Those always be available, but most of the time, you know. 17 00:01:29,040 --> 00:01:29,310 Right. 18 00:01:29,460 --> 00:01:31,010 Humans make mistakes. 19 00:01:31,020 --> 00:01:37,070 So developers may leave some of the files as hard as those. 20 00:01:37,080 --> 00:01:44,040 Could be many kind of file, but would be focusing on some very sensitive file which are related to 21 00:01:44,040 --> 00:01:51,440 getting the credentials or maybe user database or maybe in back of file and all that stuff. 22 00:01:51,450 --> 00:01:51,640 Right. 23 00:01:52,410 --> 00:01:54,670 So let's understand a bit more about it. 24 00:01:55,260 --> 00:02:00,300 So first thing is we will be looking for back a file on the website. 25 00:02:00,330 --> 00:02:00,620 Right. 26 00:02:00,870 --> 00:02:01,800 So I understand this. 27 00:02:01,800 --> 00:02:09,510 When when you when the Web application is built, it is nothing more than just just a comprehensive 28 00:02:09,510 --> 00:02:11,410 storage of files. 29 00:02:11,430 --> 00:02:12,140 That's right. 30 00:02:12,450 --> 00:02:14,400 What do you see on a Web application? 31 00:02:14,430 --> 00:02:17,880 Just an images, text, videos and other stuff. 32 00:02:17,900 --> 00:02:18,130 Right. 33 00:02:18,540 --> 00:02:20,870 So this is all made up of files. 34 00:02:21,150 --> 00:02:24,150 You get multiple directories or folders. 35 00:02:24,510 --> 00:02:31,740 You just have one index page and multiple folders, multiple folders one might be getting one might 36 00:02:31,740 --> 00:02:40,500 be getting information about the front page, another that would be getting information about customer 37 00:02:40,500 --> 00:02:41,090 information. 38 00:02:41,100 --> 00:02:44,660 Another would be getting information about the product catalog. 39 00:02:45,050 --> 00:02:53,570 Another might gatti's the information about, you know, product, product keywords, the customer rating 40 00:02:53,580 --> 00:02:54,950 database and all the survey. 41 00:02:55,740 --> 00:03:01,410 So what we are looking for is the back of five will be looking for some sensitive file, which is can 42 00:03:01,410 --> 00:03:08,370 be backoffice, but end up with the extension A, not all of the stuff. 43 00:03:08,700 --> 00:03:09,900 This could be certain. 44 00:03:09,900 --> 00:03:15,260 Barometer's will be looking for some credentials from the directories itself. 45 00:03:15,840 --> 00:03:16,170 Right. 46 00:03:16,710 --> 00:03:25,180 And BHP files that can be used for for understanding what all if we can gather some link. 47 00:03:25,470 --> 00:03:28,380 OK, and I'll show you how that would really be helpful. 48 00:03:29,190 --> 00:03:30,150 Directory structure. 49 00:03:30,160 --> 00:03:35,700 Of course, we get the idea about how the directory structure really looks like which file is stored 50 00:03:35,700 --> 00:03:41,760 under which which which is pretty much can be observed and can be gathered through a Web browser as 51 00:03:41,760 --> 00:03:42,000 well. 52 00:03:42,960 --> 00:03:49,290 But but there are some widely used tools which make this job even more better. 53 00:03:49,410 --> 00:03:59,640 OK, so the most popular tool for making use of it will be using it as well as the buster, the desires 54 00:03:59,640 --> 00:04:01,560 and former director Buster. 55 00:04:01,740 --> 00:04:08,580 So again, this is another project developed by OAC again, you know. 56 00:04:08,580 --> 00:04:08,850 Right. 57 00:04:08,850 --> 00:04:14,820 That the non-profit organization, that's the one they are the one who developed this tool. 58 00:04:15,150 --> 00:04:18,000 But we can we are not just limited to that. 59 00:04:18,000 --> 00:04:20,420 We can make use of my desk point as well. 60 00:04:21,210 --> 00:04:26,580 And it has got multiple auxiliary modules. 61 00:04:26,780 --> 00:04:32,740 OK, so we have seen the payloads, we have seen the exploit modules as well. 62 00:04:32,770 --> 00:04:39,570 Those auxiliary modules, which is majorly for generating activity related to information gathering, 63 00:04:39,570 --> 00:04:43,350 related to gathering information, passive scan, all the stuff. 64 00:04:43,350 --> 00:04:43,620 Right. 65 00:04:43,800 --> 00:04:47,820 So this is what we can make use of it and I'll show you how that flows. 66 00:04:48,810 --> 00:04:55,890 And now when it comes to the door buster, this is how the dashboard or the tool really looks like it 67 00:04:55,890 --> 00:04:57,660 is already in the galley. 68 00:04:58,210 --> 00:04:59,580 And remember the. 69 00:04:59,840 --> 00:05:07,940 This is the weird air buster walks is basically it guess the possible directors basically against the 70 00:05:07,940 --> 00:05:13,700 possibility trees and if it is a valid one, then to win. 71 00:05:13,700 --> 00:05:14,020 Right. 72 00:05:14,390 --> 00:05:24,320 So you can't simply go and get the all the directorate's normally is blocked by the developer to to 73 00:05:24,320 --> 00:05:33,800 to block the crawling of the pizza, but with these to the elbows to make use of brute force and wearing 74 00:05:33,800 --> 00:05:40,460 it, keep trying all the possible director mean and until it get the right one and they the hidden files 75 00:05:40,460 --> 00:05:41,460 and directories as well. 76 00:05:41,470 --> 00:05:47,540 And of course support both as GPS you are eligible for a soup. 77 00:05:47,540 --> 00:05:52,880 You can just mention Cole in Aden for CBS. 78 00:05:52,880 --> 00:05:56,060 You can just specify for 40 pre-bid one list. 79 00:05:56,060 --> 00:06:00,140 There are a whole list for small list medium. 80 00:06:00,140 --> 00:06:09,410 This is what you can make use of spoilers for static pages five to six pages four for web application, 81 00:06:09,410 --> 00:06:11,990 which might be a WordPress related or any other. 82 00:06:12,290 --> 00:06:22,760 You have to make use of medium woodenness, usually the smallest present and the user directly and users 83 00:06:22,760 --> 00:06:29,390 share then be at burster if I'm not wrong and then end up that you will find a wordlist wherein you 84 00:06:29,390 --> 00:06:31,000 will find the text file. 85 00:06:31,310 --> 00:06:33,440 I'll show you how that works in the next session. 86 00:06:33,860 --> 00:06:34,660 Will get you there. 87 00:06:34,710 --> 00:06:35,210 Thank you.