Analysing Discovering Files In the following screenshot, we can see the result that the dirb tool was able to find a number of files. Some of the files we already know: In the following screenshot, we can see that favicon.ico is just an icon. The index.php is the index that we usually see. The  footer  and  header  are probably only style files. We can see that we discovered a login page. Now, we can find the target's username and password by exploiting a really complex vulnerability. Then we will end up not being able to log in because we could not find where to log in. In such cases, tools like  dirb  can be useful. We can see that the  phpinfo.php  file is usually very useful because it displays a lot of information about the PHP interpreter running on the web server, and as we can see in the following screenshot, the file contains a lot of information: The preceding informations are useful. Using this information, we can get to know some of the directories. From the preceding

  Discovering Subdomain In this section, we will study subdomain. We see subdomain everywhere, for example,  subdomain.target.com . Now, if we have  beta.facebook.com , we would have  mobile.facebook.com , or we might have  user.facebook.com . Suppose we google  mail.google.com , which takes us to Gmail. Subdomain is used in lot of cases, websites have subdomain for their own users, for example, for certain customers or for employees, so they are not advertised unless it is some sort of VIP customer. We will not see subdomain on search engine and we will never see a link leading to them, so they might contain exploits or vulnerabilities that will help us to gain access to the whole website, but we never knew about that exploits or vulnerabilities because they are never advertised. Another thing is, when a lot of big websites trying to add a new feature or install a new update to the website, then install it in a subdomain, so we have  beta.facebook.com , which contains a beta version o

  Robtex In this section, we are going to discuss how we can get comprehensive DNS information about the target website. Now we will discuss what DNS is. Suppose we type  GOOGLE.COM  in the URL, then it will be converted into an IP address using the  DNS SERVER . It contains a number of records, and each record pointing to a different IP and a different domain. Sometimes, records point to the same IP. In general, they request the domain name, it gets converted into an IP address, and on the basis of address, the information needs to be stored somewhere. We will query the  DNS SERVER  and see what information we get through it. The process is illustrated in the given diagram: We will use a website called Robtex (https://www.robtex.com/), and search  isecur1ty.org . Now, just click on  GO  and select the first result on the website. In the preceding screenshot, we get information about the website. We can see the  DNS  report,  Name servers  that have been used, and some  Mail servers .

  Netcraft In this section, we will learn how to get information about the technologies which is used by the target websites. To do this, we are going to use a website called as Netcraft ( https://www.netcraft.com ), and then we will put the target address, and select our target as  isecur1ty.org , and  click on the arrow  as shown in the following screenshot: After this, click on  Site Report  as shown in the following screenshot: In the given screenshot, we can see some basic information like  Site title ,  Site rank ,  Description ,  Keywords , and when the website was created: When we further scrolling down, we can see the website itself, the  Domain , the  IP address , and  Domain registrar , which is the company who registered the domain for isecur1ty: In the preceding screenshot, we would normally see information about the organization, but here, we can't because isecur1ty is using privacy protection. Usually, we should be able to see such information and even more. In the p

  Whois Lookup In this section, we are going to have a look at is Whois Lookup. It is a protocol that is used to find the owners of internet resources, for example, a domain, a server, an IP address. In this, we are not actually hacking, we are just retrieving information from a database about owners of stuff on the internet. For example, if we wanted to register a domain name like zaid.com we have to supply information about the person who is signing in like address, and then the domain name will be stored in our name and people will see that Zaid owns the domain name. That is all we are going to do. If we google Whois Lookup, we will see a lot of websites providing the services, so we are going to use  http://whois.domaintools.com , and enter our target domain name as  isecurity.org , and  press Search button  as shown in the following screenshot: In the following screenshot, we can see that we get a lot of information about our target website: We can see the email address that we ca

  Information Gathering In this section, we will discuss various techniques to gather information about the client using the Whois Lookup, Netcraft, and Robtex. Then we will see how we can attack a server by targeting websites that are hosted on that server. Moving towards the information gathering section, we will learn about subdomain and how they can be useful for performing attacks. Later we are going to look for files on the target system to gather some information and also analyze that data. Now, we will do information gathering before we start trying to exploit. Therefore, we are going to gather as much information as we can about the IP of the target, the technology that is used on the website, the domain name info, which programming language is used, what kind of server is installed on it, and what kind of database is being used. We will gather the company's information and its DNS records. We will also see subdomains that are not visible to other people and we can also fi

  Attacking a Website In this section, we are going to discuss attacking a website. For attacking websites, we have two approaches: We can use the methods of attacking a website method that we have learned so far. Because we know that a website is installed on a computer, we can try to attack and hack it just like any other computer. However, we know that a website is installed on a computer, we can try to attack and hack it just like any other computer. We can also use server-side attacks to see which operating system, web server or other applications are installed. If we find any vulnerabilities, we can use any of them to gain access to the computer. Another way to attack is client-side attacks. Because websites are managed and maintained by humans. This means that, if we manage to hack any of the administrators of the site, we will probably be able to get their username and password, and from there log in to their admin panel or to the  Secure Socket Shell (SSH) . Then we will be ab