1
00:00:01,740 --> 00:00:08,190
As usual the first thing that we do before we start trying to exploit or find any vulnerability is we

2
00:00:08,190 --> 00:00:14,010
do information gathering so we try to gather as much information as possible about the target and what

3
00:00:14,010 --> 00:00:15,860
applications are no different.

4
00:00:15,870 --> 00:00:23,670
So we're going to start by trying to get as much information as we can about the target IP address the

5
00:00:23,670 --> 00:00:25,040
domain name info.

6
00:00:25,060 --> 00:00:28,880
The technology is used on the Web sites of what programming languages use.

7
00:00:28,950 --> 00:00:31,640
What kind of server is installed on it.

8
00:00:31,800 --> 00:00:37,170
What kind of database is being used and where we're going to gather information about the company the

9
00:00:37,170 --> 00:00:38,550
DNS records.

10
00:00:38,550 --> 00:00:44,850
And we'll also see if we can find any files that are not being listed or any subdomains that are not

11
00:00:44,850 --> 00:00:46,950
visible to other to other people.

12
00:00:48,710 --> 00:00:55,500
So the first thing that we're going to have a look on is who is look up who's the Co.

13
00:00:55,550 --> 00:01:05,570
Is a protocol that's used to find owners of Internet resources for example server an IP address or domain.

14
00:01:05,570 --> 00:01:07,820
So we're actually not hacking or doing anything.

15
00:01:07,820 --> 00:01:13,490
We're literally just retrieving info from a database that contains information about owners of stuff

16
00:01:13,490 --> 00:01:15,180
on the Internet.

17
00:01:15,200 --> 00:01:21,830
So for example when you sign up when you sign up for a domain name if you wanted to register a domain

18
00:01:21,830 --> 00:01:24,480
name for yourself for example Zayd dot com.

19
00:01:24,560 --> 00:01:30,830
When I do that I have to supply information about myself my address and then the name will be stored

20
00:01:30,830 --> 00:01:35,180
in my own name and people can see that Zayde owns this domain name.

21
00:01:35,180 --> 00:01:37,100
So this is all we're going to do.

22
00:01:37,310 --> 00:01:41,180
If you Google who is look up you'll see a lot of websites providing the service.

23
00:01:41,180 --> 00:01:48,860
So I'm using the domain tools dot com and are just going to put my target domain name and I'm just going

24
00:01:48,860 --> 00:01:50,990
to use security dot org.

25
00:01:56,390 --> 00:02:02,160
So as you can see very simple and we get a lot of information about our target web site.

26
00:02:02,230 --> 00:02:07,080
You'll see the e-mail that you can use to contact the domain name info.

27
00:02:07,510 --> 00:02:13,900
Usually he'll be able to see the address of the company that has registered this domain name but we

28
00:02:13,900 --> 00:02:17,620
can see that this company is using privacy on their domain.

29
00:02:17,620 --> 00:02:19,380
So you can't really see the address.

30
00:02:19,520 --> 00:02:25,360
But if they have if they're not using privity you'll be able to see their address and more information

31
00:02:25,360 --> 00:02:26,970
about the actual company.

32
00:02:27,340 --> 00:02:29,560
So you want the domain name was created.

33
00:02:30,670 --> 00:02:34,150
You can see the IP address of security.

34
00:02:34,270 --> 00:02:42,110
So if you're doing this you should get this IP address and I'll show you how I do it.

35
00:02:43,190 --> 00:02:52,180
A security org you'll see it's the same domain name here same as same IP address your site.

36
00:02:52,610 --> 00:02:56,130
You can see the IP location which unseen status.

37
00:02:56,150 --> 00:03:04,860
Obviously it's active can also access the history but you need to register for that and obviously you

38
00:03:04,860 --> 00:03:10,140
can see the title here and something that's very useful here we can see that it's use an Apache web

39
00:03:10,140 --> 00:03:10,530
server.

40
00:03:10,530 --> 00:03:17,310
So this is software that can be used as a web server and we can see that I secured uses this web server

41
00:03:17,550 --> 00:03:20,450
and this version to point to point 3 1.

42
00:03:20,610 --> 00:03:23,610
So again we can use this to find exploits.

43
00:03:23,790 --> 00:03:29,920
We can see that it's using Unix the operating system of the web website of the server and it's using

44
00:03:29,920 --> 00:03:36,020
in the following items as well as use modern SSL and open SSL that right here.

45
00:03:36,240 --> 00:03:40,440
You can find more information about the company who registered this domain.

46
00:03:40,440 --> 00:03:46,700
So again security is using privacy so you want be able to see the address you can see that it's saying

47
00:03:47,000 --> 00:03:54,930
that the target person is used in the privacy protection but usually you'll be able to see phone numbers

48
00:03:55,170 --> 00:03:58,530
and addresses of that company.

49
00:03:58,540 --> 00:04:03,410
So as you can see very simple stuff but it's very helpful in the long run.

50
00:04:03,460 --> 00:04:08,770
Just to know what your target was their IP what services are they use and we can also hear actually

51
00:04:08,800 --> 00:04:13,340
didn't show you can see the name servers that are being used.

52
00:04:13,360 --> 00:04:18,160
And you can see that they are provided by a company called them dot net.

53
00:04:18,160 --> 00:04:25,590
Now if you go on them now you'll see that this is a hosting company.

54
00:04:25,640 --> 00:04:31,420
So if we go on the English version that you'll see that this is a hosting company and again you can

55
00:04:31,420 --> 00:04:37,990
even use this hosting company and try to social engineer your way maybe into hacking into your target

56
00:04:37,990 --> 00:04:39,140
into security.