1 00:00:00,060 --> 00:00:01,030 Welcome back, my friend. 2 00:00:01,050 --> 00:00:13,020 This is watching you and you are watching this session on discovering subdomains, you can ask why and 3 00:00:13,020 --> 00:00:13,200 why. 4 00:00:13,200 --> 00:00:16,210 To discover why, to discover subdomains. 5 00:00:17,100 --> 00:00:26,640 Well, we are still in the information gathering stage, so we have to get as much as information as 6 00:00:26,640 --> 00:00:36,460 possible that would help us to get the idea about the target or that could make our our way to hack 7 00:00:36,510 --> 00:00:37,840 the target easier. 8 00:00:38,820 --> 00:00:50,220 So let me give you an idea of organization, start ups, many companies before making their first application, 9 00:00:50,220 --> 00:00:53,250 first product, maybe a Web application, let's say. 10 00:00:53,580 --> 00:00:56,500 Let's take an example of an e-commerce site, OK? 11 00:00:56,550 --> 00:01:05,940 A company decided to launch an e-commerce platform for selling shoes very so far forward, launching 12 00:01:05,940 --> 00:01:07,970 any product, any platform. 13 00:01:08,250 --> 00:01:15,900 The first version, which is the beta version, beta version is like the it's like the it's a walking 14 00:01:15,900 --> 00:01:22,510 platform, but it doesn't carry all the required all the all the advanced features. 15 00:01:22,530 --> 00:01:29,700 It has the required things to do well and customer can buy customer can buy the product can take out 16 00:01:29,700 --> 00:01:32,580 and can get the delivery as well, product delivery as well. 17 00:01:32,910 --> 00:01:39,720 But it won't be having those finishing touch and security related stuff covered as well. 18 00:01:40,200 --> 00:01:45,600 So in those situations, those beaten site would become very, very helpful. 19 00:01:46,110 --> 00:01:54,420 Now, what I'm really referring to what happened is the developers, the organization or any developers 20 00:01:54,420 --> 00:02:00,480 of those company or even third party as well, they make a subdomain of the actual site, let's say 21 00:02:03,990 --> 00:02:06,990 buy shoes, buy shoes. 22 00:02:06,990 --> 00:02:08,290 Now, dot com, maybe. 23 00:02:08,310 --> 00:02:16,220 OK, now this will be having a beta site that would be hosted on the subdomain, lets it be done by 24 00:02:16,230 --> 00:02:17,520 shoes now dot com. 25 00:02:17,850 --> 00:02:24,900 And this is where the beta or the test site will be hosted and the regular site will be published on 26 00:02:24,900 --> 00:02:27,420 these main main domain itself. 27 00:02:27,420 --> 00:02:27,700 Right. 28 00:02:28,080 --> 00:02:35,730 So most of the time the French side would be the main domain would be very difficult to hack because 29 00:02:35,730 --> 00:02:38,040 that would be covered with a lot of security stuff. 30 00:02:38,040 --> 00:02:45,480 But the testing or the the another other testimonial would be easier to crack and easier to hack as 31 00:02:45,480 --> 00:02:45,770 well. 32 00:02:46,050 --> 00:02:54,630 And in fact, organization keep keep their one copy of application or another another sample site or 33 00:02:54,630 --> 00:03:01,200 many other applications as well on the multiple subdomain that could be their vendors, that could be 34 00:03:01,200 --> 00:03:03,900 for development, for testing many stuff. 35 00:03:03,900 --> 00:03:04,160 Right. 36 00:03:04,560 --> 00:03:11,010 And somehow if we get the access to that domain is that subdomain, we might give the access to the 37 00:03:11,010 --> 00:03:12,740 customer information as well. 38 00:03:12,780 --> 00:03:13,070 Right. 39 00:03:13,470 --> 00:03:16,980 So let's let's understand one thing. 40 00:03:17,640 --> 00:03:23,550 When you understand subdomain from the business point of view, it could be anything, maybe by dot 41 00:03:23,570 --> 00:03:30,750 example, dot com to a customer can have that general site where we don't have a login page or something. 42 00:03:31,050 --> 00:03:37,380 But when you want to buy something, you this this site will be redirected to Bidart. 43 00:03:37,620 --> 00:03:38,600 Example, dot com. 44 00:03:39,000 --> 00:03:43,860 It could be a retail dot example, dot com, it could be stored, for example, documents. 45 00:03:43,860 --> 00:03:46,380 But this is valid for a site. 46 00:03:46,770 --> 00:03:53,670 People who are not just into e-commerce, they make use of subdomain for their e-commerce. 47 00:03:53,690 --> 00:03:53,930 Right. 48 00:03:54,210 --> 00:04:00,090 So that if somebody is interested to buy a product, they can go to the subdomain, they would be redirected 49 00:04:00,090 --> 00:04:00,960 to the subdomain. 50 00:04:01,170 --> 00:04:08,310 And people who are interested for any services that can log in to the example dot com right from the 51 00:04:08,310 --> 00:04:11,070 developer site, there are multiple use cases of it. 52 00:04:11,370 --> 00:04:17,490 It could be stage one, dot example, dot com stage one could be retests each step the way I told you. 53 00:04:17,490 --> 00:04:17,770 Right. 54 00:04:17,790 --> 00:04:25,560 So stage one could be related to the initial phase of this application, the MVP of the product, maybe 55 00:04:26,070 --> 00:04:28,260 this DOT example or comments about. 56 00:04:28,260 --> 00:04:28,590 Right. 57 00:04:28,890 --> 00:04:30,590 And then pre dot example. 58 00:04:30,600 --> 00:04:32,490 These are just the possible example. 59 00:04:32,490 --> 00:04:39,840 I'm not saying this is what the organization would be having, but is that a way to know what could 60 00:04:40,080 --> 00:04:44,070 what could be the subdomain for any site? 61 00:04:44,580 --> 00:04:47,720 Well, again, the same method, right? 62 00:04:47,820 --> 00:04:49,860 This is all, I guess, mechanism. 63 00:04:49,860 --> 00:04:54,720 And this all could be done with the same method for straight of a lovely method. 64 00:04:55,140 --> 00:04:59,780 But can we use the best, you know, because the buster is all for the. 65 00:04:59,920 --> 00:05:05,400 Acting the director for this will be making use of my many of the tools. 66 00:05:05,740 --> 00:05:09,890 There are many tools which are publicly available for free. 67 00:05:10,180 --> 00:05:16,420 There are many tools which are people with Gallie as well, would be making use of those for the same 68 00:05:16,420 --> 00:05:16,960 purpose. 69 00:05:16,990 --> 00:05:17,310 All right. 70 00:05:17,560 --> 00:05:25,600 So in the next station, we'll make use of some very advanced tools for scanning a site to discover 71 00:05:25,600 --> 00:05:26,570 the subdomains. 72 00:05:26,620 --> 00:05:26,960 All right. 73 00:05:27,520 --> 00:05:28,390 So we'll see you there. 74 00:05:28,570 --> 00:05:28,920 Thank you.