1 00:00:00,430 --> 00:00:08,980 Website enumeration, what is it and why do we do it and also why is this something that we should do 2 00:00:08,980 --> 00:00:10,480 before attacking the website? 3 00:00:11,200 --> 00:00:12,760 Well, it's quite simple. 4 00:00:13,270 --> 00:00:19,270 We want to learn as much as we can about our target before we perform any type of the attack. 5 00:00:19,960 --> 00:00:25,660 We want to know what we are dealing with and what is the structure behind the website that might look 6 00:00:25,660 --> 00:00:27,190 simple on first glance. 7 00:00:28,340 --> 00:00:33,890 Does it have forms that we can attack, where is it located, what is the website used for? 8 00:00:34,250 --> 00:00:38,200 Basically any information about the website could be useful for us. 9 00:00:39,180 --> 00:00:46,680 Imagine it like this, we as penetration testers have been given the task to test for vulnerabilities 10 00:00:46,920 --> 00:00:53,490 on some website and usually for us to be able to discover anyone more abilities on the website or any 11 00:00:53,490 --> 00:00:56,960 bugs, we must directly interact with it. 12 00:00:57,920 --> 00:01:04,489 Which simply just means we must open it up and experiment with different things that the website has, 13 00:01:05,120 --> 00:01:11,580 usually first thing that we want to do is discover the IP address of the website or domain. 14 00:01:12,260 --> 00:01:18,070 We can do that by using tools like A. Lookup or host, which we will take a look at later. 15 00:01:18,080 --> 00:01:20,120 But this is very simple to do. 16 00:01:20,690 --> 00:01:26,360 We just throw the domain name inside a tool and it will give us its IP address. 17 00:01:27,350 --> 00:01:33,710 Keep in mind that some bigger websites could have multiple IP addresses due to them being located and 18 00:01:33,710 --> 00:01:41,120 hosted on multiple servers, for example, Facebook being a big website, has ranges of IP addresses 19 00:01:41,690 --> 00:01:42,960 with an IP address. 20 00:01:42,980 --> 00:01:48,110 What we can do is we can, for example, locate the website physical location. 21 00:01:48,680 --> 00:01:54,380 We can throw that IP address in a scanner and discover some technical information about the server hosting 22 00:01:54,380 --> 00:01:59,960 that website, such as, for example, discovering open ports and services running on those open ports. 23 00:02:00,440 --> 00:02:05,570 And after we do that, we can, for example, look at the website structure. 24 00:02:06,430 --> 00:02:07,360 What is it made of? 25 00:02:07,690 --> 00:02:08,830 Does it have JavaScript? 26 00:02:09,039 --> 00:02:12,580 Does it have some third applications that it's running? 27 00:02:12,610 --> 00:02:14,360 That could potentially be vulnerable? 28 00:02:15,190 --> 00:02:17,250 All of that we want to know. 29 00:02:17,620 --> 00:02:22,340 We also want to know if perhaps the website has some login pages. 30 00:02:23,020 --> 00:02:25,910 Does it have a registration form where users sign up? 31 00:02:26,440 --> 00:02:33,130 Maybe we can try and find an administrator login page somewhere which shouldn't be accessible to regular 32 00:02:33,130 --> 00:02:34,270 users like us. 33 00:02:35,050 --> 00:02:39,250 Does it maybe have any other input fields outside of the registration forms? 34 00:02:40,180 --> 00:02:47,650 Why are we looking for user input fields where our website allows us to input something or to type something 35 00:02:47,650 --> 00:02:47,950 in? 36 00:02:48,640 --> 00:02:54,460 That is the place where we want to interact with it and perhaps make it run something that it shouldn't 37 00:02:54,460 --> 00:02:55,120 be running. 38 00:02:55,980 --> 00:03:03,150 An example of user input field would be, let's say, a website that has movies on it, and you have 39 00:03:03,180 --> 00:03:08,870 the search field where you type in a movie name, and that search field is user input field. 40 00:03:09,150 --> 00:03:15,840 And we would definitely be interested in checking it out and to see what we can do something else besides 41 00:03:15,840 --> 00:03:16,680 searching for a movie. 42 00:03:17,960 --> 00:03:25,160 We also want to figure out where is that website hosted on what type of server, what operating system 43 00:03:25,160 --> 00:03:27,460 is that machine running that's hosting the website? 44 00:03:28,340 --> 00:03:33,170 Does the server have some other ports open besides the ports that are used to host the website? 45 00:03:34,010 --> 00:03:39,320 Another possible thing that the website does, especially if it has some registration form or login 46 00:03:39,320 --> 00:03:42,560 form, is that it interacts with the database. 47 00:03:43,650 --> 00:03:50,130 It probably has a database that's storing all the user's information, such as usernames, passwords, 48 00:03:50,130 --> 00:03:56,790 emails, phone numbers and so on, so maybe we can get that database to respond to us with the information 49 00:03:56,790 --> 00:04:01,050 that it shouldn't give us, such as, for example, other users passwords. 50 00:04:01,320 --> 00:04:04,870 You never know all of these things is something that we want to check. 51 00:04:05,370 --> 00:04:12,120 We also want to see if the website has good encryption, maybe it has a weak encryption or no encryption 52 00:04:12,120 --> 00:04:12,540 at all. 53 00:04:12,750 --> 00:04:20,130 And someone with an attack like man in the middle could capture in plain text passwords that are going 54 00:04:20,130 --> 00:04:21,000 through that website. 55 00:04:22,019 --> 00:04:28,880 OK, I just gave you some examples as to why we want to learn as much as we can about our Target website 56 00:04:29,610 --> 00:04:32,220 now to do this, we can use different tools. 57 00:04:32,670 --> 00:04:36,920 Some of the tools that we use are and map NICTA Derb. 58 00:04:37,280 --> 00:04:44,460 We will also be visiting websites regularly over our browser and we will also cover possibly the most 59 00:04:44,460 --> 00:04:47,010 important tool for bug bounty hunters, which is. 60 00:04:48,570 --> 00:04:55,260 Anyway, let's not get lost in too much information straight away and let's start off with our website, 61 00:04:55,260 --> 00:04:57,520 numeration one task at a time. 62 00:04:58,290 --> 00:04:59,310 See you in the next video.