1
00:00:00,060 --> 00:00:07,290
‫So while configuring a Web app, one of the common mistakes is to give too much information inside a

2
00:00:07,290 --> 00:00:07,800
‫message.

3
00:00:08,160 --> 00:00:11,580
‫Let's analyze a few examples from a security point of view.

4
00:00:11,730 --> 00:00:18,270
‫Suppose that you were trying to log in to the system and you are compromising the username and password

5
00:00:18,270 --> 00:00:21,450
‫fields, and you don't know any valid username and password.

6
00:00:21,570 --> 00:00:26,700
‫You have a dictionary to try on both the username and the password fields.

7
00:00:26,850 --> 00:00:35,430
‫Your dictionary contains a thousand words you will try a thousand passwords for each username, so theoretically

8
00:00:35,430 --> 00:00:38,220
‫you have a thousand times a thousand tries.

9
00:00:39,210 --> 00:00:44,580
‫Now, if you see this message after an attempt, it probably means that you found a valid username.

10
00:00:46,110 --> 00:00:48,300
‫Now we can just focus on the password field.

11
00:00:48,660 --> 00:00:53,040
‫And this reduces the number of attempts from a million to a thousand.

12
00:00:55,020 --> 00:01:00,720
‫When you see this message, you understand that the username is controlled by the app independently,

13
00:01:01,050 --> 00:01:04,950
‫so forget about the password in the beginning and just focus on the username.

14
00:01:06,140 --> 00:01:10,160
‫When you find the username, try to find the password of that user.

15
00:01:11,120 --> 00:01:15,710
‫So you only have a thousand plus a thousand attempts in this case.

16
00:01:17,270 --> 00:01:20,090
‫This is another helpful message for the hacker.

17
00:01:22,960 --> 00:01:26,290
‫If the message is like this, you have no clue.

18
00:01:27,240 --> 00:01:30,870
‫You have to try every possible user and password combination.

19
00:01:33,270 --> 00:01:36,360
‫In some cases, you can see an error message like this.

20
00:01:37,050 --> 00:01:41,340
‫The developer probably prints the stack trace for debugging purposes.

21
00:01:41,910 --> 00:01:45,960
‫You can collect a lot of sensitive information with such a message.

22
00:01:46,260 --> 00:01:50,790
‫In this example, you will see that the application is written in Perl.

23
00:01:51,060 --> 00:01:58,590
‫Version 5.8 that ate the operating system of the server is Linux, etc. You get the point.

24
00:01:59,550 --> 00:02:06,840
‫So what is all this information we gather everything that we retrieve from the server or the app is

25
00:02:06,840 --> 00:02:16,170
‫information we can use http headers such as server or X powered by headers, error and warning messages

26
00:02:16,170 --> 00:02:18,780
‫that we saw some examples on the previous slide.

27
00:02:19,530 --> 00:02:26,400
‫Comment lines of the web pages may contain sensitive data talked about that before email addresses of

28
00:02:26,400 --> 00:02:28,740
‫the employees or employers.

29
00:02:29,190 --> 00:02:36,150
‫We can use those email addresses to guess the usernames of login pages, or we can use them for social

30
00:02:36,150 --> 00:02:37,290
‫engineering attacks.

31
00:02:37,770 --> 00:02:42,870
‫These are only some of the examples of the information that can be gathered from an application.

32
00:02:44,270 --> 00:02:48,530
‫Why are the search engines are the most typical examples of crawlers?

33
00:02:49,800 --> 00:02:55,500
‫And they let us run queries on the website, we can use the search engines to find out this sensitive

34
00:02:55,500 --> 00:02:59,820
‫information and weaknesses of an application using search engines.

35
00:03:00,570 --> 00:03:03,450
‫Google has advanced search techniques.

36
00:03:03,750 --> 00:03:06,060
‫There are a lot of keywords to use while Googling.

37
00:03:06,450 --> 00:03:08,880
‫Some of them are displayed in this slide.

38
00:03:09,030 --> 00:03:16,860
‫You can find a lot of different queries and W WW Dot Exploit Dash BBC.com Slash Google Dash Hacking

39
00:03:16,860 --> 00:03:18,690
‫Dash database address.

40
00:03:19,110 --> 00:03:25,770
‫So using these previously prepared queries, you can find weaknesses documents which contain usernames

41
00:03:25,770 --> 00:03:33,540
‫and passwords, sensitive folders, web services, error messages which contain sensitive data and backup,

42
00:03:33,720 --> 00:03:35,250
‫and or log files.

43
00:03:36,150 --> 00:03:43,080
‫So here there are just a few examples to show how we can use Google Advanced Search to find valuable

44
00:03:43,080 --> 00:03:43,710
‫information.

45
00:03:43,770 --> 00:03:53,670
‫For example, if we do a search with the words in you URL, Colon, Echo Dot UK and in your URL colon

46
00:03:53,670 --> 00:04:00,900
‫admin, we can find administrative panels of the web sites which have code at UK Super Domain.

47
00:04:06,110 --> 00:04:10,250
‫There are a lot of queries to find the critical points of an application.

48
00:04:11,320 --> 00:04:15,910
‫Thankfully, there are tools to automated these queries for us.

49
00:04:16,510 --> 00:04:24,010
‫Search Diggity found stone site digger and folk are just a few examples of these kinds of tools.