WEBVTT 00:00.570 --> 00:07.050 Gathering some domains is a great way to find new targets, and we can use the search engine subdomains 00:07.050 --> 00:07.900 collected, actually. 00:08.760 --> 00:15.390 So in order to do that, we have to use, we have to get started with it, starting with Metasploit 00:15.390 --> 00:17.400 Framework console and. 00:18.800 --> 00:26.900 We will use the actually model together subdomains about the domain from Yahoo and being so together 00:26.900 --> 00:28.410 subdomains for a MORTALIDAD domain. 00:28.430 --> 00:30.350 We just need to set the target domain. 00:30.350 --> 00:39.170 So let's quickly perform on a test, which means that I'm so versatile we will use we have to use oxygen 00:39.170 --> 00:50.300 models or use of ciliary gather a search engine, search engine, subdomains collector. 00:50.540 --> 00:57.500 And here let's see what options we have we have in Bing, Yahoo and IP search we have. 00:58.010 --> 01:02.780 Uh, as you can see, the required no targets, so we have to give the targets. 01:02.780 --> 01:14.660 So, uh, set targets, take bins that contact bins, dot com and uh, let's run axillary exploit here. 01:16.740 --> 01:20.820 A year searching being for subdomains from técnicas domain that. 01:35.330 --> 01:42.020 And now searching a Yahoo for subdomains from tech means that this is our web site. 01:44.200 --> 01:48.760 Unless you can see here, actually the London execution completed. 01:50.080 --> 01:50.560 So. 01:58.800 --> 02:01.440 And, you know, it's got to be this. 02:03.550 --> 02:06.580 You're one my exclusion completed. 02:07.060 --> 02:08.320 And what we have here. 02:10.790 --> 02:13.940 For example, so are these tech. 02:14.590 --> 02:23.210 Website is our most popular in Bing or Yahoo, and as you can see, we have not any output here, so 02:23.210 --> 02:28.070 we will use, for example, Microsoft, Microsoft, that Chrome here, for example. 02:30.160 --> 02:31.090 And let's run. 02:44.040 --> 02:49.290 Actually, indistinct pins that come to me, we have looked domains, actual subdomains as well. 02:49.710 --> 02:53.610 We have just an email subdomain indicating that. 02:54.910 --> 02:58.000 And it is not popular is being or Yahoo. 02:58.420 --> 03:04.240 And because of that, we can not couldn't seen any outputs here. 03:04.600 --> 03:13.750 So as you can see here we can we can see Microsoft's sub domain search, searching for being subdomains 03:13.750 --> 03:15.250 for this IP. 03:15.260 --> 03:23.590 This is, I think he found a Metasploit plant, this IP address from these match of the com. 03:24.190 --> 03:25.870 And here we can see. 03:26.380 --> 03:26.790 Um. 03:32.290 --> 03:33.340 The results here. 03:37.710 --> 03:42.000 And as you can see in my soul and like that, so. 03:48.210 --> 03:48.500 OK. 03:49.920 --> 03:55.930 So, uh, we interrupted because of that, we don't fund, as you can see, by using this, uh, actually 03:55.950 --> 03:57.810 model, you can, uh, fund. 03:58.980 --> 04:02.040 You can find the supplements of your Typekit domain. 04:02.040 --> 04:04.350 So the minimum, actually, it's not a target, of course. 04:04.360 --> 04:10.170 Uh, this is just impressive of, uh, technically and it's not illegal, as you know. 04:10.800 --> 04:17.790 So the search engine sub domains collector actually model helped us, uh, to find the new subdomains. 04:18.090 --> 04:24.270 And uh, so now that we have a good idea about the capabilities of some of the basic models, so let's 04:24.270 --> 04:27.180 try the big guns here in the next next year.