1
00:00:02,060 --> 00:00:09,440
So this year, we are going to talk about this NICTA property scandal and this is kind of obligation

2
00:00:09,650 --> 00:00:14,870
for anyone other is an already discovered quiz.

3
00:00:15,740 --> 00:00:21,310
OK, now let's get the manual page or a simple homepage.

4
00:00:21,800 --> 00:00:23,540
And this is Nito minus help.

5
00:00:23,540 --> 00:00:28,450
And you can the most important thing is to set the horse.

6
00:00:28,700 --> 00:00:32,290
I need to set the pot and that it will do everything for you.

7
00:00:32,720 --> 00:00:38,600
And you can also open to a file and you can also disable the user's sorry SSN.

8
00:00:39,830 --> 00:00:41,270
And there was a phone.

9
00:00:41,270 --> 00:00:48,440
Alphatech So if there is any directory that use you for not for error, not phone, it will not check

10
00:00:48,440 --> 00:00:48,950
for that.

11
00:00:49,460 --> 00:00:51,800
I mean, it will not show up in the display.

12
00:00:51,890 --> 00:01:00,200
And you can also use SSL and you can put the time out and you can update this and you can also print

13
00:01:00,200 --> 00:01:01,870
out the banner or the version number.

14
00:01:02,900 --> 00:01:03,830
So.

15
00:01:06,500 --> 00:01:17,420
So returning to and minus, which previously we had done this, this zero one zero to test some of our

16
00:01:17,420 --> 00:01:20,130
Apache running on it and we this race to the bottom.

17
00:01:20,130 --> 00:01:21,000
But that is Eddie.

18
00:01:23,120 --> 00:01:30,170
Target with this one Bush name also diverters and the target for DLT and that date and time stamp.

19
00:01:33,110 --> 00:01:39,920
As you can see, it has been telling me that Sara is a right, you one point three point two zero and

20
00:01:40,610 --> 00:01:43,220
a modest Salvacion is two point eight point four.

21
00:01:44,390 --> 00:01:51,230
Uh, Sara Murray, I know why you tax hydrophone with, uh, for devices.

22
00:01:51,560 --> 00:01:56,170
So you can also see the anti jerking extreme options that are present.

23
00:01:56,180 --> 00:02:03,090
So you can, uh, in certain iframe in your own website, which is linking to this website.

24
00:02:03,090 --> 00:02:08,400
So this carjacking might occur for this website.

25
00:02:08,420 --> 00:02:11,960
So that is one of the vulnerability.

26
00:02:11,960 --> 00:02:14,270
And you can also see exercice production at this narrative.

27
00:02:14,570 --> 00:02:22,580
So you can just, uh, you can say that this is a good place to start searching factors or and you can

28
00:02:22,580 --> 00:02:26,180
see it is also telling that always, always will be.

29
00:02:26,180 --> 00:02:28,930
And is one of Texas where expert that.

30
00:02:30,100 --> 00:02:34,330
And also, it's that openness to this version appears to be out there.

31
00:02:34,350 --> 00:02:41,200
And so if I go to Google and type this open SSL zero point nine point three vulnerabilities and I can

32
00:02:41,200 --> 00:02:47,560
get some of these experts, I can use them on a server and the same amount of serendipity.

33
00:02:47,950 --> 00:02:55,210
And it was telling me that I don't actually get had options until we can see this output we got from

34
00:02:55,210 --> 00:02:55,390
that.

35
00:02:55,390 --> 00:03:02,610
And my scans it also we also got TDP and scrips without using those groups.

36
00:03:02,620 --> 00:03:03,430
Also, we got from.

37
00:03:05,890 --> 00:03:14,650
And you can see these are always we do we see these and you can just, uh, it's assuming that since

38
00:03:14,650 --> 00:03:17,610
the number of Apaches one point two one two zero.

39
00:03:17,920 --> 00:03:23,560
So they may be vulnerable to these, uh, uh, vulnerabilities.

40
00:03:24,700 --> 00:03:25,540
So you can see it.

41
00:03:25,540 --> 00:03:30,760
See, the surveillance trials are ruining our system by adding extra water.

42
00:03:31,210 --> 00:03:37,600
So you can if you had the mesh, you can read the hospital and you can also pretty much anything on

43
00:03:37,600 --> 00:03:38,140
the system.

44
00:03:38,770 --> 00:03:44,470
And you can see there is a little indexing for if you go to this IP address and you're looking at the

45
00:03:44,470 --> 00:03:48,400
directory indexing and you can check the files in that manner there.

46
00:03:49,480 --> 00:03:55,720
And that for the icons for Russell, we have got the directory indexing and this is just straight before

47
00:03:55,720 --> 00:03:56,680
and after BHP.

48
00:03:56,740 --> 00:03:58,180
So we need to look at this.

49
00:03:59,650 --> 00:04:02,710
And here we got some WordPress content.

50
00:04:02,710 --> 00:04:06,940
You can see teams or press teams and what press conference?

51
00:04:08,320 --> 00:04:08,990
And so on.

52
00:04:09,610 --> 00:04:16,980
So as you can see here, eight, seven, two, four requests are sent for to this observer to get all

53
00:04:17,110 --> 00:04:17,950
this information.

54
00:04:18,340 --> 00:04:22,860
So you can see you can say that this is pretty much an easy answer.

55
00:04:23,470 --> 00:04:29,800
If there is a Web application firewall, it may just alert the administrator that we are getting so

56
00:04:29,800 --> 00:04:32,810
many requests from single computer.

57
00:04:32,950 --> 00:04:36,100
That is our computer for door application.

58
00:04:37,290 --> 00:04:43,670
So the tree, if you have only the permission to do the Web application assessment, that only you need

59
00:04:43,680 --> 00:04:46,400
to use this little even at Malpaso.

60
00:04:46,420 --> 00:04:49,520
I forgot to say that even that makes so much noise.

61
00:04:49,560 --> 00:04:55,230
He so only if we had the permission to penetrate the network, then I'll let you use that in other ways,

62
00:04:55,890 --> 00:04:59,950
even though with digital scans your IP address may be compromised.

63
00:05:00,510 --> 00:05:07,130
So that's why I always have the permission to do the partition and then only use these tools like NICTA

64
00:05:07,380 --> 00:05:11,750
and then so that much so that these are pretty much auditioner total.

65
00:05:12,250 --> 00:05:19,050
You have to this mindset and the mindset people need to enumerate this web application for you and it

66
00:05:19,050 --> 00:05:21,330
will tell you all the information that it gathers.

67
00:05:22,800 --> 00:05:28,880
So that's our position into the scanner is very much helpful in the Web application assessment.

68
00:05:28,890 --> 00:05:30,480
And I hope you have understood.