WEBVTT 00:01.000 --> 00:01.640 Hi friends. 00:01.640 --> 00:02.240 Welcome back. 00:02.320 --> 00:09.640 In the previous lecture, we covered how to get some of the subdomain that is exist for a website. 00:09.680 --> 00:16.400 Now it is time to go and search for hidden path. 00:16.440 --> 00:17.240 Some hidden path. 00:17.280 --> 00:20.080 For example here you see we have the Matilda. 00:20.520 --> 00:21.560 Matilda here. 00:22.160 --> 00:26.200 And in here we may have some kind of hidden path. 00:26.200 --> 00:30.560 For example, we may have something like Login.php. 00:30.600 --> 00:31.440 Hit enter. 00:31.480 --> 00:35.280 You see, we have I found this, okay. 00:35.520 --> 00:37.360 And you see, now we have a login page. 00:37.360 --> 00:43.400 Sometimes we are not able to find this login page from the website itself. 00:43.520 --> 00:44.280 Okay. 00:44.320 --> 00:51.680 From here, for example, I am not able to find the login page and uh, not just the login page. 00:51.680 --> 00:57.440 And also we may have a lot of, uh, hidden path that we need. 00:57.480 --> 01:04.010 By finding them, we will be able to access a lot of Of information that may be good for us. 01:04.570 --> 01:10.650 So in here again I have a item path dot txt. 01:10.890 --> 01:12.330 There's also a text file. 01:12.690 --> 01:16.690 And you see I'm going to test this little thing here for example. 01:17.450 --> 01:22.610 CSS dot config dot c v dot login. 01:22.770 --> 01:29.010 And a lot of thing that may be very informative for us. 01:29.050 --> 01:29.250 Okay. 01:29.290 --> 01:31.410 That we can we could use it. 01:31.770 --> 01:32.010 So. 01:34.250 --> 01:38.250 Uh here as you see we have slash now instead of. 01:38.530 --> 01:39.770 Having the dot. 01:40.210 --> 01:43.330 And when I use login dot php. 01:43.370 --> 01:45.370 You see we have slash between these two. 01:45.410 --> 01:46.130 Okay. 01:46.170 --> 01:50.210 So that means this thing is inside a directory. 01:50.370 --> 01:53.730 And this model ID is in another directory. 01:53.730 --> 01:56.210 And it has for example a child directory. 01:56.210 --> 01:59.410 And it is uh this login page is inside that. 01:59.450 --> 02:00.250 Okay. 02:01.530 --> 02:06.170 Now I can access that with using a slash. 02:06.610 --> 02:08.490 So we can modify them. 02:08.610 --> 02:13.970 We can modify this code that is here very easily. 02:14.010 --> 02:16.050 The first thing we need to change the URL. 02:16.410 --> 02:19.810 So the URL right now is this one. 02:21.090 --> 02:23.090 Let me remove some of them. 02:23.090 --> 02:31.050 For example up to here I'm going to copy this and paste them into the URL that we have. 02:32.010 --> 02:37.530 So as you see we have HTTP and the HTTP is provided right in here. 02:37.530 --> 02:42.650 We don't need to have them in this part. 02:42.690 --> 02:42.930 Okay. 02:42.970 --> 02:45.930 Now we have this like this. 02:45.930 --> 02:48.290 And we need to open another file. 02:48.290 --> 02:51.530 As you see we right now we are opening the subdomain file. 02:52.770 --> 02:54.450 That is something we don't need. 02:55.130 --> 02:58.970 We need to open the hidden path. 03:00.730 --> 03:01.210 Okay. 03:03.580 --> 03:05.100 And I'm going to read that. 03:05.300 --> 03:11.500 And also you see we are opening that uh, with uh, a dot, okay. 03:12.660 --> 03:15.780 Separating the URL and word with a dot. 03:15.820 --> 03:18.820 Now it is time to change that to a slash. 03:19.580 --> 03:28.140 So and you see we have discover let's name it hidden. 03:30.260 --> 03:31.660 Or domain or directory. 03:35.020 --> 03:36.420 And that is it okay. 03:37.460 --> 03:40.220 Now let me save this and let's go back here. 03:40.260 --> 03:43.580 Try to execute the program and see what do we have. 03:43.620 --> 03:44.980 I'm going to clear this. 03:45.020 --> 03:45.500 Okay. 03:47.980 --> 03:48.660 Hit enter. 03:48.660 --> 03:51.300 You see we have an error somehow. 03:55.260 --> 03:56.060 Okay. 03:58.660 --> 03:59.340 In here. 03:59.340 --> 03:59.900 You see? 03:59.900 --> 04:01.500 We have something. 04:01.540 --> 04:01.940 Okay. 04:03.500 --> 04:05.180 let me see first. 04:15.340 --> 04:16.260 What happened? 04:20.340 --> 04:21.140 Okay. 04:23.700 --> 04:25.100 We have a problem here. 04:25.180 --> 04:27.140 Let's read the problem. 04:27.180 --> 04:29.940 It's telling me that invalid URL. 04:29.980 --> 04:31.700 Okay, this is the error. 04:31.700 --> 04:35.100 We have HTTP and then we have three slash here. 04:35.100 --> 04:40.500 And then we have the URL here which is not very good. 04:40.700 --> 04:41.140 Okay. 04:42.540 --> 04:44.660 We have the URL first. 04:46.260 --> 04:46.540 Okay. 04:46.580 --> 04:47.620 This is the URL. 04:47.660 --> 04:49.580 It is okay. 04:49.620 --> 04:50.820 Now I found the problem. 04:50.860 --> 04:51.460 Okay. 04:51.500 --> 04:53.900 As you see here we have the word okay. 04:53.940 --> 04:58.820 Basically here we are saying that okay first we are opening that as a word list. 04:58.820 --> 05:01.460 And then we are moving inside each line. 05:01.500 --> 05:01.780 Okay. 05:01.820 --> 05:02.510 In here. 05:02.790 --> 05:05.870 And then we are reading each line line by line. 05:05.870 --> 05:09.910 And then we are adding that the first and then the second one the URL. 05:09.910 --> 05:11.110 So this is the problem. 05:12.430 --> 05:18.870 We have the hardened path for example the first one it will be having something like this. 05:18.870 --> 05:22.750 And then we will be having this one. 05:22.750 --> 05:32.590 Like what was that then .0.0. 13 and then blah blah blah blah. 05:33.070 --> 05:36.670 So this path doesn't exist because of that. 05:36.670 --> 05:40.550 It is giving me an error and it is not valid. 05:40.590 --> 05:41.030 Okay. 05:41.550 --> 05:50.430 So we have to handle that in here because in here we are using the word first and then the URL in the 05:50.430 --> 05:51.390 second part. 05:51.430 --> 05:59.110 Now instead of using URL here, I'm going to use the word here and then move back into word and use 05:59.110 --> 06:01.190 the URL here. 06:01.190 --> 06:02.750 Now I'm going to save this. 06:02.750 --> 06:09.630 Okay, let's deliver this one and execute this. 06:10.070 --> 06:16.150 Now you see that discovered hidden directories is equal to uh. 06:16.150 --> 06:17.030 This is okay. 06:17.070 --> 06:19.710 Classes created documentation filter. 06:20.710 --> 06:24.230 And you see, we are getting a lot of information here. 06:24.230 --> 06:29.710 For example, I'm going to take a look at this okay. 06:29.750 --> 06:30.990 Copy selection. 06:31.230 --> 06:36.670 Let's come here I am going to paste it here. 06:37.510 --> 06:39.590 You see we have this information here. 06:39.590 --> 06:43.350 Now I know that this path exists okay. 06:44.670 --> 06:52.670 And also if I came here you will see that I will find a very informative, uh, thing here. 06:52.670 --> 06:54.830 For example, we have login. 06:54.830 --> 06:55.070 Okay. 06:55.070 --> 07:03.440 That was something that we just found and also we have home footer header images is not very important 07:03.440 --> 07:06.640 and it's not very important login which is very important. 07:06.960 --> 07:07.200 Okay. 07:07.200 --> 07:09.360 We have something called password here. 07:09.400 --> 07:11.120 Okay I'm sure this is hidden. 07:12.240 --> 07:15.560 And let's copy this and also. 07:18.960 --> 07:21.800 See what we have. 07:23.560 --> 07:32.200 See this is one of the most important thing that you can use while you are going to hack through systems. 07:32.240 --> 07:32.600 Okay. 07:33.040 --> 07:38.640 So here you get one of the most important thing that is password okay. 07:38.880 --> 07:41.720 So account password. 07:41.760 --> 07:43.360 Some accounts for example admin. 07:43.360 --> 07:45.080 This is the password for admin. 07:45.120 --> 07:48.200 This for this one for John this one. 07:48.200 --> 07:50.040 And also this for this one. 07:50.040 --> 07:54.120 This is I like the smell of this one. 07:54.120 --> 07:54.840 And also. 07:59.360 --> 08:01.720 This is a very informative. 08:01.760 --> 08:03.120 This was very informative. 08:03.160 --> 08:03.560 Okay. 08:04.080 --> 08:11.400 Also we have PHP info which is very important to PHP info that PHP also. 08:11.400 --> 08:18.080 You see we have the style here that these are I'm sure directories maybe inside these. 08:18.400 --> 08:22.040 Also you are going to find something new okay. 08:22.080 --> 08:25.120 And if you want to find something new. 08:28.320 --> 08:29.880 You can use that as well. 08:29.880 --> 08:37.600 For example you you can use another loop to come inside this one and find more details like this. 08:38.960 --> 08:51.280 So and now you see in penetration testing we can use such kind of program that could find very, uh, 08:51.320 --> 08:52.840 hidden path for us. 08:52.840 --> 08:58.440 And we can search for very informative data, sensitive data and we can use it. 08:58.440 --> 08:59.200 Okay. 08:59.240 --> 09:02.160 Very beautiful, very good program. 09:02.200 --> 09:03.680 So thanks for watching.