1
00:00:11,930 --> 00:00:16,900
I will go back to another episode on how the heck so today we'll be discussing the use of Black Widow.

2
00:00:17,480 --> 00:00:23,240
So it is a Web application, hacking web application testing tool that he can use.

3
00:00:23,240 --> 00:00:24,620
And it is PYT on base.

4
00:00:24,620 --> 00:00:29,510
And of course, it will actually help you get her open source intelligence information, do fuzzing

5
00:00:29,510 --> 00:00:32,270
on open web application security, project vulnerabilities.

6
00:00:32,270 --> 00:00:37,910
So if you are trying and thinking about securing your Web servers, are you running some Web application

7
00:00:37,910 --> 00:00:39,050
service over the Internet?

8
00:00:39,050 --> 00:00:44,870
Look up a web, stop and think about your application, security framework and lifecycle and how you

9
00:00:44,870 --> 00:00:46,820
can actually protect a lot of your sites.

10
00:00:47,660 --> 00:00:51,490
And of course, moving on, we can actually see a very nice logo over here.

11
00:00:51,530 --> 00:00:54,950
So, of course, this is a python and two key capabilities.

12
00:00:55,340 --> 00:01:00,080
One is actually finding out more information about a Web server in question, and two is actually about

13
00:01:00,080 --> 00:01:05,170
using it to do fazing to find vulnerabilities on a Web application server immediately.

14
00:01:05,180 --> 00:01:11,000
So that is really helpful and useful in terms of speeding up the Web application penetration testing

15
00:01:11,300 --> 00:01:13,030
onto any Web servers.

16
00:01:13,460 --> 00:01:16,620
So without further ado, let us get started on today's tutorial.

17
00:01:17,000 --> 00:01:21,770
So over here we're running and I can open up terminal and of course, I can zoom in a little so it's

18
00:01:21,770 --> 00:01:22,760
easier for me to see.

19
00:01:22,790 --> 00:01:27,100
And I can go ahead and go into the Black Widow directory that I have downloaded.

20
00:01:27,530 --> 00:01:30,280
So once you do get Klown, you can actually go in straight there.

21
00:01:30,950 --> 00:01:35,690
So, of course, once we see the Black Widow, we can enter all the see all the information.

22
00:01:35,690 --> 00:01:42,260
So I can do a Klatt Black Widow and we can see all the information regarding the source code of Black

23
00:01:42,260 --> 00:01:43,430
Widow on Piton.

24
00:01:43,850 --> 00:01:48,590
So if you have time, I really encourage you to read through some of these really, really interesting

25
00:01:48,890 --> 00:01:50,570
source code of this.

26
00:01:50,570 --> 00:01:56,060
Attacking tools is going to be very helpful in terms of learning about building your own security tools

27
00:01:56,060 --> 00:01:56,780
and so on.

28
00:01:57,230 --> 00:01:59,010
And it is not that hard, actually.

29
00:01:59,060 --> 00:02:05,000
So anyway, moving forward to speed up the process of Turrill, the first thing we do is actually go

30
00:02:05,000 --> 00:02:11,330
into pseudo Wighton and of course we can actually enter Black Widow, followed by Deshu.

31
00:02:11,330 --> 00:02:18,280
And you go to enter the protocol of http dub dub, dub dot Loy Yang, young dot com, some testing on

32
00:02:18,290 --> 00:02:23,720
my own website just to find out if we can see any interesting information on the site.

33
00:02:24,020 --> 00:02:28,820
So go ahead and hit enter on debt and of course you will be prompted with the administrator password

34
00:02:28,820 --> 00:02:35,000
on colonics hit enter on that and you will be crawling through the entire site looking for static and

35
00:02:35,000 --> 00:02:40,700
dynamic you URLs and helping you speed up the process of crawling through the web server immediately.

36
00:02:41,000 --> 00:02:47,450
And this is really helpful because all this data is also going to be saved in site, US share and so

37
00:02:47,450 --> 00:02:47,690
on.

38
00:02:47,690 --> 00:02:52,720
So wonderful way for you to actually find out a lot of information regarding any Web servers.

39
00:02:53,310 --> 00:02:58,340
So the first thing you want to look out for, once we're in here, we can actually see that we have

40
00:02:58,640 --> 00:03:03,830
a lot of information and a lot of repeats of the Eurail else based on the different kind of payloads

41
00:03:03,830 --> 00:03:04,490
they're using.

42
00:03:04,490 --> 00:03:07,670
So here we can see external dynamic you URL.

43
00:03:07,670 --> 00:03:11,270
So this is for you to subscribe into the channel if you haven't already.

44
00:03:11,750 --> 00:03:16,940
So of course, scrolling down, we have the YouTube link, we got a link in laying Facebook and so on.

45
00:03:16,940 --> 00:03:18,740
So go ahead and have me on Facebook.

46
00:03:19,160 --> 00:03:21,860
And if you have any questions, there is a lot more interactive.

47
00:03:22,280 --> 00:03:26,270
And of course this is some of the articles of the population many years back.

48
00:03:26,270 --> 00:03:27,560
And I just left it there.

49
00:03:27,770 --> 00:03:33,650
And of course, I was also looking a lot into Klout, a lot into enterprise service, but service oriented

50
00:03:33,650 --> 00:03:34,880
architecture and so on.

51
00:03:35,690 --> 00:03:39,560
So, of course, we can see a lot of links here and we can scroll down further and you can actually

52
00:03:39,560 --> 00:03:43,610
find a lot of juicy information on other websites whenever you do all this crawling.

53
00:03:44,130 --> 00:03:48,830
But remember, doing all these scans could actually get into trouble, especially if you're probing

54
00:03:48,830 --> 00:03:51,920
for some of this information in a different manner.

55
00:03:52,220 --> 00:03:56,810
And of course, it is a gray area because all these are actually publicly available information.

56
00:03:56,810 --> 00:04:01,670
And at the same time, you're using it to do actually tasks on the Web server looking out for information.

57
00:04:01,670 --> 00:04:05,810
So it could be misconfiguration of the website, misconfiguration, a Web server.

58
00:04:06,290 --> 00:04:12,530
The administrator accidentally leave out some of the critical data information out onto the Internet

59
00:04:12,530 --> 00:04:15,440
that could also be cropped by some of these search engines.

60
00:04:15,890 --> 00:04:20,540
So, of course, scrolling all the way down, this is actually really helpful, especially look over

61
00:04:20,540 --> 00:04:20,840
here.

62
00:04:20,840 --> 00:04:26,480
We can see that this site is most likely running on WordPress and it is running on this specific team.

63
00:04:26,900 --> 00:04:31,190
And of course, this is actually giving you a lot of information about what the website is running on

64
00:04:31,190 --> 00:04:36,680
and potential ways for you to actually think about how you could actually go after the website.

65
00:04:37,370 --> 00:04:41,660
And, of course, scrolling all the way down, we are trying to find out more all the information that

66
00:04:41,660 --> 00:04:46,610
could be useful for us to look out for and potentially do some penetration testing on.

67
00:04:46,730 --> 00:04:51,950
So, of course, we are finding out more information, like a Vansickle injection, how to hack browser

68
00:04:51,950 --> 00:04:54,830
exploitation, social engineering framework and so on.

69
00:04:55,370 --> 00:04:57,920
And of course, all these are the links that are published before.

70
00:04:57,920 --> 00:05:00,830
And you can go and take a look at it for some of these tutorials.

71
00:05:01,400 --> 00:05:03,440
And of course, you're scrolling down.

72
00:05:03,470 --> 00:05:08,660
All this information has been compiled for you and is being placed into a text file so you can easily

73
00:05:08,660 --> 00:05:09,800
share it if you're doing.

74
00:05:09,900 --> 00:05:16,320
Penetration testing in a group and an next to take a look at is actually on the inject X so we can enter

75
00:05:16,400 --> 00:05:22,470
NWSL and here we can see inject X, Y, and of course, I have a Web application server running and

76
00:05:22,470 --> 00:05:27,240
I can enter, I have config and we can see the IP addresses one I two one six eight one on one for.

77
00:05:27,840 --> 00:05:32,820
So moving forward, what we will do is actually open any of your favorite web browser and we can surf

78
00:05:32,820 --> 00:05:34,620
into the web application server.

79
00:05:35,190 --> 00:05:39,600
So all you gotta do is enter one or two, one six eight one to one four hit enter on debt.

80
00:05:39,750 --> 00:05:46,080
And of course here we can click on Mutely Day and we can go into a top 10, a one injection SQL injection,

81
00:05:46,080 --> 00:05:48,480
extract data like on user information.

82
00:05:48,480 --> 00:05:52,800
So it could be any Web application server running on any Web farms.

83
00:05:53,160 --> 00:05:58,170
And here we can see like a username and password and we can enter one to three, one to three click

84
00:05:58,170 --> 00:05:59,420
on view account details.

85
00:05:59,790 --> 00:06:03,930
So this is a typical Web application server that you have a request on.

86
00:06:04,380 --> 00:06:08,730
And of course, here we got a response of authentication error, that username and password.

87
00:06:09,210 --> 00:06:12,030
So what we can do is copy the whole of your URL.

88
00:06:12,210 --> 00:06:17,330
And of course, we can go back to Black Widow, do a dot slash and jack acts.

89
00:06:17,340 --> 00:06:24,450
That Python followed by you on the perimeter of the Web page to click Boort hit enter on that.

90
00:06:24,690 --> 00:06:30,420
And it will actually force the parameter into the site, telling you about all the information that

91
00:06:30,420 --> 00:06:34,330
you can potentially get and all the vulnerabilities that we can discover.

92
00:06:34,710 --> 00:06:38,960
So here, very quickly, based on the payload, we can find out all the vulnerabilities.

93
00:06:39,360 --> 00:06:45,330
So the first one, we get a cross site scripting file and we got a sequel injection file and we got

94
00:06:45,330 --> 00:06:46,650
a sequel injection again.

95
00:06:46,800 --> 00:06:50,340
And of course, we get a Linux directory traversal.

96
00:06:50,730 --> 00:06:55,530
And of course, we have a Linux local file inclusion, renwood file inclusion.

97
00:06:56,040 --> 00:07:02,700
So with all this information in mind, we can actually immediately copy the Eurail with the payload

98
00:07:02,700 --> 00:07:05,090
and we'll be able to find out a lot more details.

99
00:07:05,610 --> 00:07:12,090
So, for example, over here we got the vulnerable user L and I can just copy the link address and we

100
00:07:12,090 --> 00:07:18,450
can go into a new tech and all I got to do is paste and go and immediately we can find out all the users

101
00:07:18,450 --> 00:07:20,640
inside the Web application server.

102
00:07:21,060 --> 00:07:26,690
And from here we can do a lot more probing capabilities to expand our penetration testing.

103
00:07:27,240 --> 00:07:30,980
So moving down, we can also see a Linux local for inclusion.

104
00:07:31,320 --> 00:07:37,140
So here we can actually also copy the information and of course, we can copy the Lync address.

105
00:07:37,140 --> 00:07:38,340
So it is the same.

106
00:07:38,700 --> 00:07:39,900
We can hit enter on debt.

107
00:07:39,930 --> 00:07:45,930
And of course this is the same, but we have a different payload here is using a popular vessel and

108
00:07:45,930 --> 00:07:52,290
here we are looking at a local file inclusion, meaning that a local file from and not a directory is

109
00:07:52,290 --> 00:07:54,810
available to this web application access.

110
00:07:55,500 --> 00:08:01,680
And of course, finally, we also have a remote file inclusion, meaning that we can actually use this

111
00:08:02,100 --> 00:08:08,880
to look up out of false outside of this Web application server so we can copy the link address, paste

112
00:08:08,880 --> 00:08:14,580
the information over here, and we can see that a particular payload is being included inside his Web

113
00:08:14,580 --> 00:08:16,060
server and that is dangerous to.

114
00:08:16,530 --> 00:08:20,970
So, of course, here we can see the information on and so on so we can copy the details.

115
00:08:21,510 --> 00:08:22,880
And of course, we have pasted over here.

116
00:08:22,890 --> 00:08:23,910
So this is the payload.

117
00:08:24,420 --> 00:08:32,340
And based on the information here, we can enter DDP and we can see test dot, Arachne, dash scanner,

118
00:08:32,340 --> 00:08:35,090
dot com and we can do a F again.

119
00:08:36,210 --> 00:08:39,180
Our AI mi five hit enter on that.

120
00:08:39,180 --> 00:08:42,230
And of course we get the same payload likewise over here.

121
00:08:42,240 --> 00:08:45,270
So it has been invaded into the Web application server.

122
00:08:45,540 --> 00:08:47,970
So I hope you've learned something valuable in today's tutorial.

123
00:08:47,970 --> 00:08:52,560
And I remember like sharing subscribe to the channel so that you can be kept abreast of the latest cybersecurity

124
00:08:52,560 --> 00:08:53,030
tutorial.

125
00:08:53,160 --> 00:08:54,660
Thank you so much once again for watching.