Would you like to inspect the original subtitles? These are the user uploaded subtitles that are being translated: 1 00:00:01,020 --> 00:00:07,530 OK, time to cover another tool used for website numeration, which is called dirt. 2 00:00:08,340 --> 00:00:13,960 Now, this will be a rather quick video because this tool is not that big, but it is really useful. 3 00:00:14,580 --> 00:00:20,910 We use the trip to discover hidden directories on a website, or you can also consider it as a tool 4 00:00:20,910 --> 00:00:26,910 that is used to brute force directory names and see whether certain directory names exist on a website 5 00:00:26,910 --> 00:00:28,470 or if they don't. 6 00:00:29,340 --> 00:00:36,390 Now, as with almost any other tool that we use, we can run Derb straight from our terminal and to 7 00:00:36,390 --> 00:00:42,510 open the help menu if we can just type there, which will give us all of the available options that 8 00:00:42,510 --> 00:00:43,950 we can use with this tool. 9 00:00:44,700 --> 00:00:50,250 But since website numeration is not our main part of the course, we really want to get straight into 10 00:00:50,250 --> 00:00:51,070 podcasting. 11 00:00:51,130 --> 00:00:56,010 We'll just cover the basics of this tool, which you probably will always use like this. 12 00:00:56,020 --> 00:01:01,880 However, if you do want to check out all of the other options to see what else you can do with the 13 00:01:01,900 --> 00:01:08,490 tripto, but for this video, what we want to do is we want to discover some hidden directories. 14 00:01:08,490 --> 00:01:17,940 And to do that, all we have to type is there and then HTTP and then the IP address of our virtual machine. 15 00:01:19,440 --> 00:01:26,310 If we type it like this and press enter, it will start running without specifying any other option 16 00:01:26,310 --> 00:01:26,930 whatsoever. 17 00:01:27,210 --> 00:01:34,370 And you can see all of these output that we get are discovered directories on the website right here. 18 00:01:34,380 --> 00:01:37,560 We can see how many generated words did it create. 19 00:01:37,920 --> 00:01:42,650 And all of these words will be tested out as a possible directory on this website. 20 00:01:42,990 --> 00:01:45,240 Straight away, we managed to find some of them. 21 00:01:45,240 --> 00:01:49,710 As we can see, we have assets on the website. 22 00:01:49,740 --> 00:01:52,650 We have CGI been we have cross domain. 23 00:01:52,830 --> 00:01:57,990 And if you're wondering what is this in the brackets, this simply just gives us the code. 24 00:01:58,260 --> 00:02:04,410 And as we already know, code two hundred means that the page below that successfully, which also means 25 00:02:04,410 --> 00:02:06,570 that the page exists on that website. 26 00:02:07,550 --> 00:02:12,380 If it were to get some other code resulting in an error, then the toll would probably determine that 27 00:02:12,380 --> 00:02:13,790 that page does not exist. 28 00:02:13,800 --> 00:02:16,440 So it doesn't print it out right here. 29 00:02:17,120 --> 00:02:22,370 OK, so if we go all the way down, we can see that it already discovered a bunch of other directories. 30 00:02:22,700 --> 00:02:29,150 And what you would do is you would pretty much go through this and see whether you see anything interesting 31 00:02:29,150 --> 00:02:29,690 for us. 32 00:02:30,640 --> 00:02:34,470 For example, any administrator directly could possibly be interested. 33 00:02:35,140 --> 00:02:41,020 Of course, if you find something that has password's inside of its name, that would also be interesting 34 00:02:41,020 --> 00:02:44,340 because you never know what the website developer put there. 35 00:02:44,770 --> 00:02:50,290 Maybe they forgot to remove a certain directory from the test phase and they left it right there, which 36 00:02:50,290 --> 00:02:57,640 could possibly have perhaps the source code or some additional information, such as users or perhaps 37 00:02:57,640 --> 00:02:59,960 they made the entire database public. 38 00:02:59,980 --> 00:03:02,740 I mean, you never know, even though it is rare, it can. 39 00:03:02,740 --> 00:03:04,630 And it does happen sometimes. 40 00:03:05,840 --> 00:03:07,790 So nonetheless, let's see. 41 00:03:08,710 --> 00:03:15,430 To which point the to get and it's still discovering the rectory, so I'm just going to stop this because 42 00:03:16,060 --> 00:03:18,340 I don't really need it to finish till the end. 43 00:03:19,030 --> 00:03:24,570 Instead, I also want to show you another option that you can do with Therp, since if you type a straight 44 00:03:24,580 --> 00:03:31,780 command like this, which is just therap and then the IP address over HTP, it will use its usual list 45 00:03:31,780 --> 00:03:32,920 that it always uses. 46 00:03:33,130 --> 00:03:37,350 But what you can do is you can specify your own list right after the IP address. 47 00:03:37,390 --> 00:03:40,870 You can do something like user share word lists. 48 00:03:41,260 --> 00:03:44,680 And this is the path to word lists in Linux. 49 00:03:44,950 --> 00:03:48,760 So it's less user slash here and then slash wordlist. 50 00:03:49,060 --> 00:03:54,190 And if you want to see all of the options that you have inside of this wordlist directory, you can 51 00:03:54,190 --> 00:03:56,290 press tab twice fast. 52 00:03:58,070 --> 00:04:03,360 And here you will be able to see all of these subdirectories to this wordless directory. 53 00:04:03,740 --> 00:04:07,700 And since we are running therp, let's go to the third subdirectory. 54 00:04:10,520 --> 00:04:19,450 And inside their subdirectory, we have all of these files and all of these text files are certain lists, 55 00:04:20,030 --> 00:04:21,510 let's go with Commendatory. 56 00:04:23,810 --> 00:04:30,200 Which I do believe is Also-Ran by default, but nonetheless, let us just see how we can use a specified 57 00:04:30,200 --> 00:04:37,460 wordlist of our choice and all you have to do is press enter and it will pretty much do the same thing 58 00:04:37,460 --> 00:04:38,950 just with your wordlist. 59 00:04:38,960 --> 00:04:45,230 Instead, it will try to find all of those directories and it will print out the ones that exist. 60 00:04:46,010 --> 00:04:51,080 And if you wanted to, for example, make sure that the certain directory exists, what you can do is 61 00:04:51,080 --> 00:04:53,050 you can copy any of these directories. 62 00:04:53,060 --> 00:04:56,480 For example, let's go with this one, which is slash images. 63 00:04:57,350 --> 00:05:00,770 You can go to your Firefox and visit it like this. 64 00:05:00,770 --> 00:05:06,010 And we do see that images of the electorate does exist on our own virtual machine. 65 00:05:06,830 --> 00:05:08,870 You can do so with any other as well. 66 00:05:09,170 --> 00:05:11,390 Such as, for example, my admin. 67 00:05:12,370 --> 00:05:13,690 Let's copy the link. 68 00:05:14,700 --> 00:05:16,860 And let's face it right here. 69 00:05:17,690 --> 00:05:21,800 And it also loads my admin login screen. 70 00:05:22,760 --> 00:05:29,180 Also, all we left to do is cover two more important talks in the next video, we will cover and map, 71 00:05:29,390 --> 00:05:33,830 which will pretty much be just the basic cement map, because that is a huge tool. 72 00:05:33,980 --> 00:05:37,600 It has bunch of options and we're not getting into details with a map. 73 00:05:37,610 --> 00:05:41,150 However, we'll cover some of the basics of it in the next video. 74 00:05:41,360 --> 00:05:45,940 And then in the next section, we're going to dive deep into a tool called. 75 00:05:46,910 --> 00:05:52,670 Now, why are we going through all of these previous tools with only basic options and with purpose 76 00:05:52,670 --> 00:05:54,680 that we're going to go with advance options? 77 00:05:55,100 --> 00:05:57,040 Well, it's pretty simple purpose. 78 00:05:57,080 --> 00:05:59,360 It is a tool that you will use for bug bounty. 79 00:05:59,720 --> 00:06:05,450 Its main purpose is to actually use it for bug bounty, while as all of these tools that we covered 80 00:06:05,450 --> 00:06:12,710 by now you can use if you like, but you don't really have to, it's pretty much your choice nonetheless. 81 00:06:12,980 --> 00:06:15,140 More about Burset in the next section. 82 00:06:15,140 --> 00:06:18,880 And let's focus now on a map which we will cover in the next video. 83 00:06:19,430 --> 00:06:19,970 See you there. 9071