1 00:00:01,160 --> 00:00:06,260 OK so now let's see if we can gather even more information about our target. 2 00:00:06,440 --> 00:00:11,390 So I've actually deleted all the useless files because they weren't in use and I kept the things that 3 00:00:11,390 --> 00:00:12,760 I'd like to focus on. 4 00:00:13,070 --> 00:00:19,280 So in a real life situation you want to go over each one of these entities and try and gather information 5 00:00:19,370 --> 00:00:23,050 about as much information as you can about each of them. 6 00:00:23,060 --> 00:00:29,210 For now I'm actually going to focus on the security not only and I'm going to try to find all the websites 7 00:00:29,330 --> 00:00:31,040 that exist on the same server. 8 00:00:31,190 --> 00:00:36,980 So like we said before if we couldn't hack into security itself then maybe we can exploit one of the 9 00:00:36,980 --> 00:00:41,170 Web sites on the same server and then gain access to security. 10 00:00:41,630 --> 00:00:47,160 So I'm just going to change this apology from here and use something like this one. 11 00:00:47,420 --> 00:00:52,580 And then I'm just going to drag this one on the side to put it down here because I'm going to be using 12 00:00:52,580 --> 00:00:54,500 that. 13 00:00:54,960 --> 00:00:57,020 This one. 14 00:00:57,370 --> 00:01:03,840 So I'm going to click it and I'm going to get its IP address I'm going to resolve it to IP address. 15 00:01:05,810 --> 00:01:11,670 And right now as you can see we have the IP address of the server where I see here at the dot org is 16 00:01:11,670 --> 00:01:21,440 stored on I'm going to click it and I'm going to try to get the DNS information from this IP address. 17 00:01:21,570 --> 00:01:28,170 So this will give me all the Web sites that exist on the same server and as you can see now it automatically 18 00:01:28,170 --> 00:01:37,900 changes the apology for me and we can see that this IP address to this. 19 00:01:38,140 --> 00:01:42,660 Now we can see that this IP address contains all of the servers. 20 00:01:42,670 --> 00:01:45,730 Now the server is actually owned by security. 21 00:01:45,850 --> 00:01:51,520 And as you can see that it doesn't have too many web sites so if this was just a normal web site you'd 22 00:01:51,520 --> 00:01:54,400 actually see a lot of Web sites with it on the same server. 23 00:01:54,480 --> 00:01:59,870 Well because this is on a VPN is owned by security by security only. 24 00:01:59,890 --> 00:02:04,560 So it's only we only have the Web sites that we want to have there so it's on our Web site. 25 00:02:04,600 --> 00:02:10,790 But again we still managed to get one two three three more Web sites instead of our Web site. 26 00:02:10,810 --> 00:02:16,560 So in case we can get access to this Web site then we can go and try to walk into any of these Web sites. 27 00:02:16,660 --> 00:02:22,990 And they're on the same server so we'll manage to hack into our target from the Web site on the same 28 00:02:22,990 --> 00:02:24,280 server. 29 00:02:24,440 --> 00:02:25,780 All of that didn't work. 30 00:02:25,810 --> 00:02:30,380 We can see that we have this arrow going into the IP. 31 00:02:30,400 --> 00:02:38,020 So usually the IP the Web sites are hosted by this IP so you can see the areas going from the IP to 32 00:02:38,020 --> 00:02:40,870 the Web site here to this website and this website. 33 00:02:40,860 --> 00:02:48,250 But right here we can see that the hosted by often dot net is going to the IP. 34 00:02:48,250 --> 00:02:53,570 So this is actually a hosting company and this is the company that we're renting the repeats from. 35 00:02:53,860 --> 00:02:55,850 So if we go to this Web site 36 00:03:03,820 --> 00:03:06,980 you can see that this is a hosting company. 37 00:03:07,330 --> 00:03:11,250 And that is where security is renting their servers from. 38 00:03:11,260 --> 00:03:16,720 So in worst case scenarios if you try to hack into security you can do it and then you try to hack into 39 00:03:16,720 --> 00:03:18,610 all of these Web sites and you can do it. 40 00:03:18,630 --> 00:03:23,380 And you looked for exploits in the server itself and you couldn't do it then you can try to hack into 41 00:03:23,380 --> 00:03:28,030 the data center on the website or on the company that's hosting security. 42 00:03:28,090 --> 00:03:34,060 And from there you can gain access to any web site hosted hosted by that company including your target 43 00:03:34,090 --> 00:03:38,000 which is security dot org. 44 00:03:38,000 --> 00:03:45,350 Now again you can go over any of these entities and try to gather information about it as well and maybe 45 00:03:45,350 --> 00:03:48,630 get information that will help you to gain access to your target. 46 00:03:48,860 --> 00:03:55,190 For example we can convert Bob Banty's to a domain like we did with security. 47 00:03:55,770 --> 00:04:06,080 And then from this domain I'm going to look for e-mail addresses associated with that domain. 48 00:04:06,230 --> 00:04:10,230 And as you can see now we have the abuse named Columb which is no use. 49 00:04:10,400 --> 00:04:16,690 But we also managed to get an e-mail of a person working in security which is a security guard or that's 50 00:04:16,700 --> 00:04:19,430 my actual my actual personal e-mail. 51 00:04:19,430 --> 00:04:25,280 So again if everything failed and you couldn't gain access to it then maybe you can try to target that 52 00:04:25,280 --> 00:04:31,580 person that works at security which is myself and maybe try to social engineer that person and hack 53 00:04:31,610 --> 00:04:37,170 into their computer and from there again gain access to the Web site. 54 00:04:37,180 --> 00:04:39,020 Now this is going to get into social engineering. 55 00:04:39,040 --> 00:04:43,510 So I'm not going to get into too much detail of that because now we're talking about web penetration 56 00:04:43,510 --> 00:04:48,190 testing so we're only concerned about the Web applications and the technologies used in that.