3.3 Sensitive Data Exposure NIKTO Lab Instructions Part 2
12 hours 9 minutes
Hey, everyone, welcome back to the course. So in the last video, we went ahead and ran our nick no command, and we got our output. Now. We also went ahead and looked in the output air. Our scan results and we found the robots that t x t file. We found that in the results, and I mentioned the importance of that particular file.
If you haven't completed the first section of this video, then by all means policies, video, go back to the previous video and make sure you complete that because you will need the scan results as we move to the rest of this lab.
So now we're gonna do is we're gonna launch a Web browser so specifically, we're gonna launch fire Fox. The way we do that is to click this little orange and white icon at the very top of left here that's gonna launch the browser window for us.
Never take a moment or so to pull up here.
Once it launches, it should take you to the main utility a page. If for some reason you get an air message once it pulls up, then just click this Mattila Day icon here and it will refresh the page and no taking right to this one here.
If you continue to get airs for some reason, you may want to cancel out out of the lab and launch it again and just see what the issue might be.
So now what we're gonna do is in the U R l bar. We're gonna go ahead and type this in the address bar type Http Colon for its last ford slash Mattila Day for its last you till a day four slash robots dot t x t. So again, that's that file we were looking for before.
So let's go ahead and do that now. So let's take it step by step like we normally do.
We're just gonna type it. Http Colon force last ford slash me till today
four slash utility
ford slash robots dot t x t and then just press enter any keyboard when she got that in.
And what You're going to see some information back here and we'll talk about that in just a moment. I want you to answer a question number two here. So, do you see any files of directories after we went to this particular Uriel
are. So the answer is yes. Right. So we see some files there. We also see some potential directories. There s so we see that information right there on the screen.
All right, so the next thing we're gonna do here and step 10 as we're gonna replace the robots that t x t we're gonna replace that with passwords, Ford slash.
So we want to see and specifically we want to see if there's any files that elicit on this particular page.
So let's go and do that. Now
we're just going to eat out the robots that t x t
and what is gonna type in passwords
Unified, put enough essence stereo
passwords and then just afford slash and they just press enter any keyboard that'll go ahead and run it.
All right, so we see some information back there. So again, do we see any files listed on the page? Question number three.
So the answer is yes, right. We see this accounts dot t x t file.
All right, so we see a step 11. We're talking about that file, so we're gonna go ahead and click on it, and I want you to answer a question for now. So are there any user names passwords in that particular file? So let's take a look and see. Gonna click on accounts, not t x t.
So what do you see on your end? Do you see the user names and passwords,
right. Well, I do a Mayan. I see admin, and I see admin pass as a password. I see Adrian and I see some password is password, et cetera, et cetera, all the way down. So I do see usernames and passwords in this particular area.
So the next thing we're gonna do it. He's here in step 12. We're gonna go ahead and click the back button on the browser,
so it's going to do that now.
So now the next step is we're gonna replace the passwords
part of the girl. So this one right here were to replace that with PHP. My admin in a Ford slash.
Let's do that. Also, PHP my admin and then afford slash. Then just press enter in a keyboard.
All right, so you'll see we've got an air message here. And if you read through that, you'll notice that we're basically getting denied access.
So question number five here are you able to actually see interface for the database? And that's what we were trying to do there. Do you get an air message?
So the answer is No. We cannot access it. And yes, we do get in air vests. Right. So we see that accesses tonight, which is a good thing. We want to make sure that, um attacker, for instance, could not access are the interface for our database. Because then they could go deleting information, corrupting information, stealing information, whatever the case might be.
All right, so now we're just gonna minimize Firefox's cook, That little minus sign right there that will minimize that. We're gonna go back to our terminal window.
So we're here in step 15. We're back at the terminal window. We're gonna keep looking through the nick does scan results here. Specifically, we're gonna scroll down to see if we see a PHP info dot PHP file. It'll
so it might be a little ways down. So a foreword you and that one might be a little ways down here in the search results
and all this stuff that looks like writing characters. That's just what we call in coding s O, for example, I I would encode it so you couldn't read. It is essentially what I'm doing there
and we'll keep scrolling down. It should be a little further down without this. Click back up a little bit.
Let's make sure you should be a little further down what we're looking for again, we're looking for the PHP info dot PHP file. And as you're looking in the search results of a hint, you'll probably want to be kind of looking in this portion of your screen so that that's a little hint for you to make it a little easier. But let's go ahead and keep scrolling down here, and we've got all these other
I didn't hear
on these air vulnerability that or if I, that's a vulnerability. And that's why we see so many listings of those for this particular lab. And actually all the lads were doing in this course it's not gonna cover that particular aspect, but you will see that, and that's why we have so much in our particular search results for Nick.
Keep scrolling down here. We should be almost to it.
Yeah, we should you see it in just a little bit. We should see it start to change,
and then we'll take a look and see if we find what we're looking for here.
You know, I may have passed it. How? There we go. Should be getting it
s so we should be seeing it right around here.
So we're looking for the PHP. My admin. So do we see on one specifically looking for the PHP info dot PHP file, which should be in here. And generally speaking, should be in around this area
you'll see here.
I'm not saying that I am seeing the next part of our item here to find Let me scroll back up. I may have zoomed past. It
s so this is the type of stuff that we would normally in some capacity want to try to automate. If we were actually doing an attack, we will not. We would wanna automate this so we don't have to look through all the results of Nick Toe.
We'll see here if we can grab it.
It's normally down there near the bottom, but we'll take a look and see if we can find it. If we cannot find it, then our answer, of course, would be no to that particular question. But we should actually see it. The PHP dot info in our results here.
Yeah, let's take a look and just see. Go way back up to the top here.
All right, so we should be seeing it. If it's not at the bottom, we should see seeing it sometime.
You're there somewhere. Somewhere near the top part.
Let's take a look at sea. As I mentioned, generally speaking, it's down near the bottom, but we'll take a look. And I actually just saw it.
So it's hanging out the top this time around. So right here is our PHP dot info rescues. Mary PHP info dot PHP file.
All right, so we do have a yes. To that. We did find that particular file.
All right, so this this file and I kind of notated here. This file is used when we are debunking the server. So basically what? We're building out the server. It's one of the tools we use for debugging like a general user like myself. For like you, for example, shouldn't be able to access that.
All right, Now we're gonna go look for the dot get directory, which we actually had seen way down here. So if you scroll all the way down the search results, you'll see it down near the bottom Here. We had seen that before, pointing that out.
All right, you'll see. Right here. We have our dot get.
So let's take a look here.
Now, do you see that I get? Of course I've already entered that. We do see that. Now, the risk here is that this may you know that the directory may contain all the source code for the for this particular site. So the problem with that, as you can imagine, is an attacker can get that they can clone the website. The other aspect is thinking
obtained a historical information. So, for example,
developers. Ah, a lot of times will hard coded password in, and then go delete it out later. But if the attacker can access historical information, then they could potentially get that password and do whatever they want to with that pastor.
All right, so in this particular lab, we wrapped up our discussion on Nick tow. We were in a head and ran the command. We looked at our results. We looked through to see different areas of like Are we finding valuable information and we finding sensitive information that somebody else should not be seeing. And in this case, yes, which we come to new. We're ready. Since we're using a vulnerable application
In the next video, we're gonna cover a tool called Doorbuster. We're just gonna run that real quick and take a look at the output.