1

00:00:00,090 --> 00:00:01,510

All right, so welcome back, everyone.



2

00:00:01,560 --> 00:00:07,230

This is first news, and this is a decision about discovering subdomains with Rickon in.



3

00:00:07,600 --> 00:00:09,000

OK, so let's get started.



4

00:00:09,870 --> 00:00:15,810

So we'll have to go back to our attacking machine.



5

00:00:17,800 --> 00:00:22,390

And it looks like the system has been.



6

00:00:23,720 --> 00:00:26,220

Stop for some reason, OK?



7

00:00:30,540 --> 00:00:40,890

Sorry about that, so it might take a few moments before we can get into it.



8

00:00:43,020 --> 00:00:43,920

All right, so.



9

00:00:54,590 --> 00:01:00,040

This might happen sometime when you are completely dependent on the water in the moment.



10

00:01:00,330 --> 00:01:05,810

OK, so we'll open the machine that's locking as a rude.



11

00:01:07,740 --> 00:01:17,480

OK, in order to launch a work on energy, you can just type Rickon Energy in here you go.



12

00:01:19,230 --> 00:01:21,030

Just wait for a couple of moments.



13

00:01:21,370 --> 00:01:22,810

Yeah, one wonderful.



14

00:01:23,370 --> 00:01:28,320

See, sometime this is the first time I'll be open up.



15

00:01:28,770 --> 00:01:32,040

OK, but for me, not for you.



16

00:01:32,040 --> 00:01:35,520

If you open this very first time, there might be some problems.



17

00:01:35,550 --> 00:01:36,750

There might be some problem.



18

00:01:36,750 --> 00:01:39,150

You knew this, right.



19

00:01:39,480 --> 00:01:45,240

And you probably won't find the solution from from the online resources.



20

00:01:45,690 --> 00:01:51,750

So usually what happens in the moment, your system, your Rickon energy, thumbs up, you won't find



21

00:01:51,750 --> 00:01:52,800

any of the modules.



22

00:01:52,980 --> 00:01:59,550

Currently, you can see modules are basically services for different activities so that for discovering



23

00:01:59,560 --> 00:02:03,960

any domains, for discovery emails, there are different domains that modules available.



24

00:02:03,990 --> 00:02:09,360

OK, so what really happened is you won't find those modules in the beginning.



25

00:02:09,360 --> 00:02:17,460

So let's say let me show you if I type modules load and you might find this option like.



26

00:02:18,860 --> 00:02:25,660

You see this, so I just type model loads, and when you click spacebar and you get to see all the most



27

00:02:25,670 --> 00:02:31,760

of these are the possible models for Rickon and in the Rickon, you will find companies.



28

00:02:31,790 --> 00:02:39,890

This is one more for company domain's for credentials, for hotspots, locations, everything.



29

00:02:39,890 --> 00:02:40,170

Right.



30

00:02:40,580 --> 00:02:44,820

So in the beginning, you probably won't find all these models available.



31

00:02:45,020 --> 00:02:55,720

So the solution is you have to dive market place, OK, type marketplace and store all OK.



32

00:02:56,120 --> 00:03:02,180

And when you do that, it's it's going to install all the modules one by one.



33

00:03:02,330 --> 00:03:07,100

OK, and this is you will find them on the very first time.



34

00:03:07,310 --> 00:03:07,660

OK.



35

00:03:07,740 --> 00:03:14,690

Once you do that, from next time onwards you want you won't be coming across this challenge because



36

00:03:14,690 --> 00:03:18,410

I have done it already so I won't be having the trouble.



37

00:03:18,800 --> 00:03:28,250

OK, so so our first phone starts with the recordings to take care of these subdomains.



38

00:03:28,250 --> 00:03:28,520

Right.



39

00:03:28,880 --> 00:03:30,860

So we can wait for a couple of seconds.



40

00:03:30,870 --> 00:03:38,090

So in case I have any updates, updated modules as well, I can get those properly.



41

00:03:38,510 --> 00:03:45,970

OK, so you see there are modules getting installed from for Discovery.



42

00:03:45,980 --> 00:03:51,580

There is some import Rickon, which is reconnaissance in the recon as well.



43

00:03:51,590 --> 00:03:58,280

There are some modules for about the company contacts contact such as email address numbers and everything,



44

00:03:58,820 --> 00:04:08,390

and then you get the company host for sure, reconnaissance for domains related to the company and then



45

00:04:08,390 --> 00:04:10,120

the domain contacts.



46

00:04:10,670 --> 00:04:17,690

So Hunter Hunter Io is about getting the email address truly plug ins.



47

00:04:17,730 --> 00:04:17,980

Right.



48

00:04:20,720 --> 00:04:21,950

There are some more as well.



49

00:04:21,950 --> 00:04:25,750

You can probably it can even make use of who is bulk as well.



50

00:04:26,970 --> 00:04:33,320

WikiLeaks, of course, who don't know that we can make use this or can't do it, can make use of WikiLeaks



51

00:04:33,350 --> 00:04:33,740

as well.



52

00:04:34,160 --> 00:04:41,420

Remember, there are some some plug ins which need the API key and how to get that.



53

00:04:41,720 --> 00:04:43,300

You have to go to those sites.



54

00:04:43,300 --> 00:04:54,290

For example, if you if you want to scan from Kelly from the recon tool for to the short run to by making



55

00:04:54,290 --> 00:05:02,600

use of showed an API, you have to get these children API first and then you attach or you insert that



56

00:05:02,600 --> 00:05:06,360

API to the recording and that's how it get connected.



57

00:05:06,380 --> 00:05:13,190

So from now onwards, whenever you search for any any vulnerabilities or any information, it goes through



58

00:05:13,190 --> 00:05:15,120

shodan and you get the response right.



59

00:05:16,370 --> 00:05:19,070

So it's still taking a couple of times.



60

00:05:20,420 --> 00:05:22,640

It's taking some more moments.



61

00:05:25,760 --> 00:05:26,150

All right.



62

00:05:30,200 --> 00:05:33,620

OK, so you can probably escape, there could be many.



63

00:05:33,890 --> 00:05:35,880

So I just suspended this.



64

00:05:36,650 --> 00:05:45,190

So let's get started in order to start the start the operation to detect the no means for the target.



65

00:05:45,620 --> 00:05:50,920

What you could probably do is you can you first have to create the workplace, OK?



66

00:05:51,380 --> 00:05:56,150

You have to first understand, you have to create some subdomain in the directory.



67

00:05:56,570 --> 00:06:02,000

You have to first understand there are multiple directories that you have to call it across.



68

00:06:02,480 --> 00:06:07,550

So for that, you have to specify what base posts you see.



69

00:06:15,010 --> 00:06:18,750

Sorry, I'm actually got out of the engine.



70

00:06:19,860 --> 00:06:20,810

I didn't look at it.



71

00:06:20,830 --> 00:06:23,440

OK, so the models are updated.



72

00:06:23,690 --> 00:06:31,180

What you can do is initially you can first said this is the work workspace, OK, so you can specify



73

00:06:31,180 --> 00:06:37,300

your workspaces and you can give a name like testing domains.



74

00:06:37,310 --> 00:06:39,520

Maybe this is just in the testing domain.



75

00:06:40,510 --> 00:06:40,790

The



76

00:06:44,580 --> 00:06:44,810

sorry.



77

00:06:45,500 --> 00:06:46,120

Oh, sorry.



78

00:06:46,330 --> 00:06:51,820

That's workspace is created and here we are.



79

00:06:52,090 --> 00:06:54,400

So we have just created a distinct domain.



80

00:06:54,400 --> 00:06:56,230

That's a workplace workspace.



81

00:06:56,230 --> 00:06:58,930

Sorry, that's our new workspace, the Fosters.



82

00:06:58,960 --> 00:07:06,640

And we have to insert a building so that you have to force insert any of the domain that you like to



83

00:07:06,640 --> 00:07:10,300

add into your system and then you can do that.



84

00:07:19,370 --> 00:07:28,220

So you can actually this is the way we go to the recording and we can create a workplace as we have



85

00:07:28,220 --> 00:07:34,930

created over the years, so you just have different workspaces, create maybe test.



86

00:07:35,910 --> 00:07:40,280

OK, this is the this is how the work workspaces are defined.



87

00:07:40,700 --> 00:07:45,330

Then you have to add your domain as a as a target for this.



88

00:07:45,350 --> 00:07:49,770

You can type insert beebee domain, OK.



89

00:07:50,000 --> 00:07:51,650

And sort of domains.



90

00:08:01,480 --> 00:08:03,060

Well, that's OK, sorry.



91

00:08:03,540 --> 00:08:10,530

That's Debbie insert domain's and once you get in here, you have to specify the target.



92

00:08:10,540 --> 00:08:17,820

Let's say I consider Twitter or Facebook, Twitter, you can make mention any note as well at this particular.



93

00:08:18,400 --> 00:08:18,670

That's.



94

00:08:19,180 --> 00:08:21,150

So this target has been added now.



95

00:08:21,520 --> 00:08:23,830

So let's launch our model again.



96

00:08:24,140 --> 00:08:31,810

So far, in order to add any modules for this, you have to mention that module modules load and then



97

00:08:31,810 --> 00:08:35,270

you specify the name of the model, which is Rickon domain.



98

00:08:35,320 --> 00:08:45,520

Also, you can even see that, OK, Rickon domains and which one we are looking for is this being domain,



99

00:08:45,820 --> 00:08:46,890

being domain.



100

00:08:47,320 --> 00:08:55,860

So basically a reconning will go to try to gather all the information to Bing search engine.



101

00:08:55,870 --> 00:08:58,750

OK, so you can type history.



102

00:08:58,960 --> 00:08:59,530

Bang.



103

00:09:03,490 --> 00:09:03,860

Domain.



104

00:09:04,840 --> 00:09:12,610

OK, so it has been selected now what search for the purpose and what you can do is now you can just



105

00:09:12,610 --> 00:09:21,880

run these modules and it once it gets started, it might take some force so that it will stop it from



106

00:09:21,880 --> 00:09:23,190

any possible lockdown.



107

00:09:24,110 --> 00:09:33,430

OK, so you see the search or scanning has been started and it's actually got some, but then it take



108

00:09:33,430 --> 00:09:38,080

a pause and it says is leaping to avoid any lock.



109

00:09:38,630 --> 00:09:38,980

Right.



110

00:09:39,550 --> 00:09:40,760

So this is how it works.



111

00:09:41,260 --> 00:09:44,850

So it can't even keep doing it every time.



112

00:09:44,860 --> 00:09:46,450

Otherwise it get locked out.



113

00:09:46,960 --> 00:09:50,640

The system may get locked down and might be taken as a bargain, in fact.



114

00:09:51,250 --> 00:09:56,830

So let's say if we you know, it might take a whole lot of time because Duder has a might be having



115

00:09:56,830 --> 00:09:58,020

multiple domains available.



116

00:09:58,300 --> 00:10:03,310

So you can stop at any moment of time, but you can do comptrollers, then you can type.



117

00:10:03,370 --> 00:10:06,960

So this is how it works.



118

00:10:07,360 --> 00:10:17,200

You get to see all these subdomain for this right to a deck and everything about how this has been selected



119

00:10:17,200 --> 00:10:17,940

and everything.



120

00:10:17,950 --> 00:10:18,210

Right.



121

00:10:18,760 --> 00:10:27,880

BuzzFeed, Leive Analytics Studio and Safety Legal Guide stream, all this stuff.



122

00:10:27,880 --> 00:10:28,110

Right.



123

00:10:28,510 --> 00:10:33,490

This is how we can actually load multiple subdomain.



124

00:10:33,490 --> 00:10:34,840

We can find those subdivisional.



125

00:10:34,990 --> 00:10:36,270

But wait for a second.



126

00:10:36,280 --> 00:10:44,050

We can't even get the hidden subdomains as well as there are some domains, subduct, some some subdomains



127

00:10:44,050 --> 00:10:46,960

which are easily discoverable.



128

00:10:47,050 --> 00:10:54,250

But there are some bits which you can't really detected from search engines for that to you, for in



129

00:10:54,250 --> 00:10:57,360

that case, we have to make use of some modules.



130

00:10:57,370 --> 00:10:58,350

And that is right.



131

00:10:58,360 --> 00:11:02,650

So we can we can apply innumerous.



132

00:11:02,680 --> 00:11:05,140

And the module is Rukun.



133

00:11:05,950 --> 00:11:11,830

And this is in this case, will be making use of brute force, brute force sort of attack.



134

00:11:14,220 --> 00:11:15,960

And then let's run this.



135

00:11:16,530 --> 00:11:25,410

OK, so this is going to run for all the possible subdomain that could exist for any possible sites.



136

00:11:25,440 --> 00:11:25,780

OK.



137

00:11:26,310 --> 00:11:35,780

And this is going to run all across all across the the the possible dictionary for for this upcoming.



138

00:11:35,790 --> 00:11:36,010

Right.



139

00:11:36,360 --> 00:11:44,460

You can stop anywhere if you feel it's done, although it might take a lot of time once it is done.



140

00:11:50,010 --> 00:12:00,090

OK, once it is done, you can get I'm so sorry, so, you know, you're good, you get to see all the



141

00:12:00,090 --> 00:12:02,090

possible hosting deals, right?



142

00:12:03,450 --> 00:12:06,300

And there are corresponding IP addresses as rather right.



143

00:12:07,170 --> 00:12:15,630

This is how you can get the subdomain information which are publicly available through the search engines.



144

00:12:16,200 --> 00:12:22,800

And also you can find the hidden subdomain as well by making use of brute force attack.



145

00:12:22,800 --> 00:12:23,070

Right.



146

00:12:24,060 --> 00:12:25,440

Isn't it really cool?



147

00:12:26,130 --> 00:12:29,510

That's what American energy brings to the table.



148

00:12:29,520 --> 00:12:29,790

Right.



149

00:12:30,570 --> 00:12:31,020

All right.



150

00:12:31,020 --> 00:12:34,050

So I hope you like this nation will get you in the next one.



151

00:12:34,380 --> 00:12:34,800

Thank you.