Hello, Everyone welcomes back again. Today I discuss with you our first lesson which is Information Gathering Of Web application. First of all, I want to say why we need to know the Information Gathering About Web application? 🙁 Okay! let me explain, Suppose you want to admission to the school, So, At first you gather some information about that school, that school is good or not, how many teachers are there, Faculty features good or not? etc……. So why did you gather information about that school? Huh! Because you want to start your study in that school, So, the Same case will happen when you attack the web application, such as you need to gather information about of target web application. Information gathering is the first phase of any hacking. If you don’t know about phases of hacking please read the article at first.
So, don’t waste any time late’s come to the main point. 🙂
We will understand that what we are the target to achieve via Information Gathering and how that information is going to help us with web application Penetration testing. 🙂
The IP address is the most important thing real address which is behind any domain name which is resolved by nameservers. Every system, everything which deserves the place on the internet that thing has a unique address which is called IP address. (127.0.0.1) it’s a local IP address for every system . IP Address will help us to find out the target in the network as well as find open ports and other exploitable services on the target system while attacking.
Who is Tool:-
We discuss that on Phases of the hacking part. But in here I discuss again for you, So. who is is a very nice tool kit to gather some raw and juicy information to the target. Such as It shows the registration Details of the website, Registered the domain and which date did he registered it on, when will it expire, etc. This raw information may help you in Social engineering like sending an email to the website owner on his registered email.
WHO IS LOOKUP TOOLS
An application that is running over an Operating system and serves the web requests coming to the system. Such as Apache, Tomcat, IIS, etc are web servers running on an operating system when any web request is sent to a system they handle it and they are responsible for giving out the response. Many times you can get Exploits related to a web server and getaway into the system using that exploit, and if you know which web server is being used then it will help you to find out the default directories or known vulnerabilities for that web server.
Login Pages: –
It’s the most important part while you’re attacking or testing on any web application. Because every web application has a login page for accessing the control over the application. Where you need to put username and password, It’s like a locked door. 🙂 if you break that security then you can get full control of your target 🙂
If you do not know what is sub-domains are then you are in the right place, Sub-domain is domains maintained under a domain, for example, paypal.com is a domain name then login.paypal.com is a sub-domain inside it. We need to collect all available subdomains for a website. In most cases you may find a hidden or private domain where they are maintaining something private and such applications are usually left vulnerable and exposed due to no one can get access to them.
Other Domains On the Same Server:-
Some times you’re unable to find the vulnerability in a Website then you can do a Reverse IP Domain Lookup and find out other websites on the same server and you can p0wn them to get access to the server and make your way towards the target.
Web Application Firewall:–
(WAF) This is the most important part while we are attacking or testing. Because when we are entering the attack on our target then we phase with the security of web application which called (WAF) Web Application Firewall. Then we need to know about the firewall and how to bypass it otherwise you can’t be able to attack web application :)https://www.youtube.com/watch?v=XUzaEipi4SE&feature=youtu.be