1
00:00:00,060 --> 00:00:01,030
Welcome back, my friend.

2
00:00:01,050 --> 00:00:13,020
This is watching you and you are watching this session on discovering subdomains, you can ask why and

3
00:00:13,020 --> 00:00:13,200
why.

4
00:00:13,200 --> 00:00:16,210
To discover why, to discover subdomains.

5
00:00:17,100 --> 00:00:26,640
Well, we are still in the information gathering stage, so we have to get as much as information as

6
00:00:26,640 --> 00:00:36,460
possible that would help us to get the idea about the target or that could make our our way to hack

7
00:00:36,510 --> 00:00:37,840
the target easier.

8
00:00:38,820 --> 00:00:50,220
So let me give you an idea of organization, start ups, many companies before making their first application,

9
00:00:50,220 --> 00:00:53,250
first product, maybe a Web application, let's say.

10
00:00:53,580 --> 00:00:56,500
Let's take an example of an e-commerce site, OK?

11
00:00:56,550 --> 00:01:05,940
A company decided to launch an e-commerce platform for selling shoes very so far forward, launching

12
00:01:05,940 --> 00:01:07,970
any product, any platform.

13
00:01:08,250 --> 00:01:15,900
The first version, which is the beta version, beta version is like the it's like the it's a walking

14
00:01:15,900 --> 00:01:22,510
platform, but it doesn't carry all the required all the all the advanced features.

15
00:01:22,530 --> 00:01:29,700
It has the required things to do well and customer can buy customer can buy the product can take out

16
00:01:29,700 --> 00:01:32,580
and can get the delivery as well, product delivery as well.

17
00:01:32,910 --> 00:01:39,720
But it won't be having those finishing touch and security related stuff covered as well.

18
00:01:40,200 --> 00:01:45,600
So in those situations, those beaten site would become very, very helpful.

19
00:01:46,110 --> 00:01:54,420
Now, what I'm really referring to what happened is the developers, the organization or any developers

20
00:01:54,420 --> 00:02:00,480
of those company or even third party as well, they make a subdomain of the actual site, let's say

21
00:02:03,990 --> 00:02:06,990
buy shoes, buy shoes.

22
00:02:06,990 --> 00:02:08,290
Now, dot com, maybe.

23
00:02:08,310 --> 00:02:16,220
OK, now this will be having a beta site that would be hosted on the subdomain, lets it be done by

24
00:02:16,230 --> 00:02:17,520
shoes now dot com.

25
00:02:17,850 --> 00:02:24,900
And this is where the beta or the test site will be hosted and the regular site will be published on

26
00:02:24,900 --> 00:02:27,420
these main main domain itself.

27
00:02:27,420 --> 00:02:27,700
Right.

28
00:02:28,080 --> 00:02:35,730
So most of the time the French side would be the main domain would be very difficult to hack because

29
00:02:35,730 --> 00:02:38,040
that would be covered with a lot of security stuff.

30
00:02:38,040 --> 00:02:45,480
But the testing or the the another other testimonial would be easier to crack and easier to hack as

31
00:02:45,480 --> 00:02:45,770
well.

32
00:02:46,050 --> 00:02:54,630
And in fact, organization keep keep their one copy of application or another another sample site or

33
00:02:54,630 --> 00:03:01,200
many other applications as well on the multiple subdomain that could be their vendors, that could be

34
00:03:01,200 --> 00:03:03,900
for development, for testing many stuff.

35
00:03:03,900 --> 00:03:04,160
Right.

36
00:03:04,560 --> 00:03:11,010
And somehow if we get the access to that domain is that subdomain, we might give the access to the

37
00:03:11,010 --> 00:03:12,740
customer information as well.

38
00:03:12,780 --> 00:03:13,070
Right.

39
00:03:13,470 --> 00:03:16,980
So let's let's understand one thing.

40
00:03:17,640 --> 00:03:23,550
When you understand subdomain from the business point of view, it could be anything, maybe by dot

41
00:03:23,570 --> 00:03:30,750
example, dot com to a customer can have that general site where we don't have a login page or something.

42
00:03:31,050 --> 00:03:37,380
But when you want to buy something, you this this site will be redirected to Bidart.

43
00:03:37,620 --> 00:03:38,600
Example, dot com.

44
00:03:39,000 --> 00:03:43,860
It could be a retail dot example, dot com, it could be stored, for example, documents.

45
00:03:43,860 --> 00:03:46,380
But this is valid for a site.

46
00:03:46,770 --> 00:03:53,670
People who are not just into e-commerce, they make use of subdomain for their e-commerce.

47
00:03:53,690 --> 00:03:53,930
Right.

48
00:03:54,210 --> 00:04:00,090
So that if somebody is interested to buy a product, they can go to the subdomain, they would be redirected

49
00:04:00,090 --> 00:04:00,960
to the subdomain.

50
00:04:01,170 --> 00:04:08,310
And people who are interested for any services that can log in to the example dot com right from the

51
00:04:08,310 --> 00:04:11,070
developer site, there are multiple use cases of it.

52
00:04:11,370 --> 00:04:17,490
It could be stage one, dot example, dot com stage one could be retests each step the way I told you.

53
00:04:17,490 --> 00:04:17,770
Right.

54
00:04:17,790 --> 00:04:25,560
So stage one could be related to the initial phase of this application, the MVP of the product, maybe

55
00:04:26,070 --> 00:04:28,260
this DOT example or comments about.

56
00:04:28,260 --> 00:04:28,590
Right.

57
00:04:28,890 --> 00:04:30,590
And then pre dot example.

58
00:04:30,600 --> 00:04:32,490
These are just the possible example.

59
00:04:32,490 --> 00:04:39,840
I'm not saying this is what the organization would be having, but is that a way to know what could

60
00:04:40,080 --> 00:04:44,070
what could be the subdomain for any site?

61
00:04:44,580 --> 00:04:47,720
Well, again, the same method, right?

62
00:04:47,820 --> 00:04:49,860
This is all, I guess, mechanism.

63
00:04:49,860 --> 00:04:54,720
And this all could be done with the same method for straight of a lovely method.

64
00:04:55,140 --> 00:04:59,780
But can we use the best, you know, because the buster is all for the.

65
00:04:59,920 --> 00:05:05,400
Acting the director for this will be making use of my many of the tools.

66
00:05:05,740 --> 00:05:09,890
There are many tools which are publicly available for free.

67
00:05:10,180 --> 00:05:16,420
There are many tools which are people with Gallie as well, would be making use of those for the same

68
00:05:16,420 --> 00:05:16,960
purpose.

69
00:05:16,990 --> 00:05:17,310
All right.

70
00:05:17,560 --> 00:05:25,600
So in the next station, we'll make use of some very advanced tools for scanning a site to discover

71
00:05:25,600 --> 00:05:26,570
the subdomains.

72
00:05:26,620 --> 00:05:26,960
All right.

73
00:05:27,520 --> 00:05:28,390
So we'll see you there.

74
00:05:28,570 --> 00:05:28,920
Thank you.