1 00:00:00,090 --> 00:00:01,510 All right, so welcome back, everyone. 2 00:00:01,560 --> 00:00:07,230 This is first news, and this is a decision about discovering subdomains with Rickon in. 3 00:00:07,600 --> 00:00:09,000 OK, so let's get started. 4 00:00:09,870 --> 00:00:15,810 So we'll have to go back to our attacking machine. 5 00:00:17,800 --> 00:00:22,390 And it looks like the system has been. 6 00:00:23,720 --> 00:00:26,220 Stop for some reason, OK? 7 00:00:30,540 --> 00:00:40,890 Sorry about that, so it might take a few moments before we can get into it. 8 00:00:43,020 --> 00:00:43,920 All right, so. 9 00:00:54,590 --> 00:01:00,040 This might happen sometime when you are completely dependent on the water in the moment. 10 00:01:00,330 --> 00:01:05,810 OK, so we'll open the machine that's locking as a rude. 11 00:01:07,740 --> 00:01:17,480 OK, in order to launch a work on energy, you can just type Rickon Energy in here you go. 12 00:01:19,230 --> 00:01:21,030 Just wait for a couple of moments. 13 00:01:21,370 --> 00:01:22,810 Yeah, one wonderful. 14 00:01:23,370 --> 00:01:28,320 See, sometime this is the first time I'll be open up. 15 00:01:28,770 --> 00:01:32,040 OK, but for me, not for you. 16 00:01:32,040 --> 00:01:35,520 If you open this very first time, there might be some problems. 17 00:01:35,550 --> 00:01:36,750 There might be some problem. 18 00:01:36,750 --> 00:01:39,150 You knew this, right. 19 00:01:39,480 --> 00:01:45,240 And you probably won't find the solution from from the online resources. 20 00:01:45,690 --> 00:01:51,750 So usually what happens in the moment, your system, your Rickon energy, thumbs up, you won't find 21 00:01:51,750 --> 00:01:52,800 any of the modules. 22 00:01:52,980 --> 00:01:59,550 Currently, you can see modules are basically services for different activities so that for discovering 23 00:01:59,560 --> 00:02:03,960 any domains, for discovery emails, there are different domains that modules available. 24 00:02:03,990 --> 00:02:09,360 OK, so what really happened is you won't find those modules in the beginning. 25 00:02:09,360 --> 00:02:17,460 So let's say let me show you if I type modules load and you might find this option like. 26 00:02:18,860 --> 00:02:25,660 You see this, so I just type model loads, and when you click spacebar and you get to see all the most 27 00:02:25,670 --> 00:02:31,760 of these are the possible models for Rickon and in the Rickon, you will find companies. 28 00:02:31,790 --> 00:02:39,890 This is one more for company domain's for credentials, for hotspots, locations, everything. 29 00:02:39,890 --> 00:02:40,170 Right. 30 00:02:40,580 --> 00:02:44,820 So in the beginning, you probably won't find all these models available. 31 00:02:45,020 --> 00:02:55,720 So the solution is you have to dive market place, OK, type marketplace and store all OK. 32 00:02:56,120 --> 00:03:02,180 And when you do that, it's it's going to install all the modules one by one. 33 00:03:02,330 --> 00:03:07,100 OK, and this is you will find them on the very first time. 34 00:03:07,310 --> 00:03:07,660 OK. 35 00:03:07,740 --> 00:03:14,690 Once you do that, from next time onwards you want you won't be coming across this challenge because 36 00:03:14,690 --> 00:03:18,410 I have done it already so I won't be having the trouble. 37 00:03:18,800 --> 00:03:28,250 OK, so so our first phone starts with the recordings to take care of these subdomains. 38 00:03:28,250 --> 00:03:28,520 Right. 39 00:03:28,880 --> 00:03:30,860 So we can wait for a couple of seconds. 40 00:03:30,870 --> 00:03:38,090 So in case I have any updates, updated modules as well, I can get those properly. 41 00:03:38,510 --> 00:03:45,970 OK, so you see there are modules getting installed from for Discovery. 42 00:03:45,980 --> 00:03:51,580 There is some import Rickon, which is reconnaissance in the recon as well. 43 00:03:51,590 --> 00:03:58,280 There are some modules for about the company contacts contact such as email address numbers and everything, 44 00:03:58,820 --> 00:04:08,390 and then you get the company host for sure, reconnaissance for domains related to the company and then 45 00:04:08,390 --> 00:04:10,120 the domain contacts. 46 00:04:10,670 --> 00:04:17,690 So Hunter Hunter Io is about getting the email address truly plug ins. 47 00:04:17,730 --> 00:04:17,980 Right. 48 00:04:20,720 --> 00:04:21,950 There are some more as well. 49 00:04:21,950 --> 00:04:25,750 You can probably it can even make use of who is bulk as well. 50 00:04:26,970 --> 00:04:33,320 WikiLeaks, of course, who don't know that we can make use this or can't do it, can make use of WikiLeaks 51 00:04:33,350 --> 00:04:33,740 as well. 52 00:04:34,160 --> 00:04:41,420 Remember, there are some some plug ins which need the API key and how to get that. 53 00:04:41,720 --> 00:04:43,300 You have to go to those sites. 54 00:04:43,300 --> 00:04:54,290 For example, if you if you want to scan from Kelly from the recon tool for to the short run to by making 55 00:04:54,290 --> 00:05:02,600 use of showed an API, you have to get these children API first and then you attach or you insert that 56 00:05:02,600 --> 00:05:06,360 API to the recording and that's how it get connected. 57 00:05:06,380 --> 00:05:13,190 So from now onwards, whenever you search for any any vulnerabilities or any information, it goes through 58 00:05:13,190 --> 00:05:15,120 shodan and you get the response right. 59 00:05:16,370 --> 00:05:19,070 So it's still taking a couple of times. 60 00:05:20,420 --> 00:05:22,640 It's taking some more moments. 61 00:05:25,760 --> 00:05:26,150 All right. 62 00:05:30,200 --> 00:05:33,620 OK, so you can probably escape, there could be many. 63 00:05:33,890 --> 00:05:35,880 So I just suspended this. 64 00:05:36,650 --> 00:05:45,190 So let's get started in order to start the start the operation to detect the no means for the target. 65 00:05:45,620 --> 00:05:50,920 What you could probably do is you can you first have to create the workplace, OK? 66 00:05:51,380 --> 00:05:56,150 You have to first understand, you have to create some subdomain in the directory. 67 00:05:56,570 --> 00:06:02,000 You have to first understand there are multiple directories that you have to call it across. 68 00:06:02,480 --> 00:06:07,550 So for that, you have to specify what base posts you see. 69 00:06:15,010 --> 00:06:18,750 Sorry, I'm actually got out of the engine. 70 00:06:19,860 --> 00:06:20,810 I didn't look at it. 71 00:06:20,830 --> 00:06:23,440 OK, so the models are updated. 72 00:06:23,690 --> 00:06:31,180 What you can do is initially you can first said this is the work workspace, OK, so you can specify 73 00:06:31,180 --> 00:06:37,300 your workspaces and you can give a name like testing domains. 74 00:06:37,310 --> 00:06:39,520 Maybe this is just in the testing domain. 75 00:06:40,510 --> 00:06:40,790 The 76 00:06:44,580 --> 00:06:44,810 sorry. 77 00:06:45,500 --> 00:06:46,120 Oh, sorry. 78 00:06:46,330 --> 00:06:51,820 That's workspace is created and here we are. 79 00:06:52,090 --> 00:06:54,400 So we have just created a distinct domain. 80 00:06:54,400 --> 00:06:56,230 That's a workplace workspace. 81 00:06:56,230 --> 00:06:58,930 Sorry, that's our new workspace, the Fosters. 82 00:06:58,960 --> 00:07:06,640 And we have to insert a building so that you have to force insert any of the domain that you like to 83 00:07:06,640 --> 00:07:10,300 add into your system and then you can do that. 84 00:07:19,370 --> 00:07:28,220 So you can actually this is the way we go to the recording and we can create a workplace as we have 85 00:07:28,220 --> 00:07:34,930 created over the years, so you just have different workspaces, create maybe test. 86 00:07:35,910 --> 00:07:40,280 OK, this is the this is how the work workspaces are defined. 87 00:07:40,700 --> 00:07:45,330 Then you have to add your domain as a as a target for this. 88 00:07:45,350 --> 00:07:49,770 You can type insert beebee domain, OK. 89 00:07:50,000 --> 00:07:51,650 And sort of domains. 90 00:08:01,480 --> 00:08:03,060 Well, that's OK, sorry. 91 00:08:03,540 --> 00:08:10,530 That's Debbie insert domain's and once you get in here, you have to specify the target. 92 00:08:10,540 --> 00:08:17,820 Let's say I consider Twitter or Facebook, Twitter, you can make mention any note as well at this particular. 93 00:08:18,400 --> 00:08:18,670 That's. 94 00:08:19,180 --> 00:08:21,150 So this target has been added now. 95 00:08:21,520 --> 00:08:23,830 So let's launch our model again. 96 00:08:24,140 --> 00:08:31,810 So far, in order to add any modules for this, you have to mention that module modules load and then 97 00:08:31,810 --> 00:08:35,270 you specify the name of the model, which is Rickon domain. 98 00:08:35,320 --> 00:08:45,520 Also, you can even see that, OK, Rickon domains and which one we are looking for is this being domain, 99 00:08:45,820 --> 00:08:46,890 being domain. 100 00:08:47,320 --> 00:08:55,860 So basically a reconning will go to try to gather all the information to Bing search engine. 101 00:08:55,870 --> 00:08:58,750 OK, so you can type history. 102 00:08:58,960 --> 00:08:59,530 Bang. 103 00:09:03,490 --> 00:09:03,860 Domain. 104 00:09:04,840 --> 00:09:12,610 OK, so it has been selected now what search for the purpose and what you can do is now you can just 105 00:09:12,610 --> 00:09:21,880 run these modules and it once it gets started, it might take some force so that it will stop it from 106 00:09:21,880 --> 00:09:23,190 any possible lockdown. 107 00:09:24,110 --> 00:09:33,430 OK, so you see the search or scanning has been started and it's actually got some, but then it take 108 00:09:33,430 --> 00:09:38,080 a pause and it says is leaping to avoid any lock. 109 00:09:38,630 --> 00:09:38,980 Right. 110 00:09:39,550 --> 00:09:40,760 So this is how it works. 111 00:09:41,260 --> 00:09:44,850 So it can't even keep doing it every time. 112 00:09:44,860 --> 00:09:46,450 Otherwise it get locked out. 113 00:09:46,960 --> 00:09:50,640 The system may get locked down and might be taken as a bargain, in fact. 114 00:09:51,250 --> 00:09:56,830 So let's say if we you know, it might take a whole lot of time because Duder has a might be having 115 00:09:56,830 --> 00:09:58,020 multiple domains available. 116 00:09:58,300 --> 00:10:03,310 So you can stop at any moment of time, but you can do comptrollers, then you can type. 117 00:10:03,370 --> 00:10:06,960 So this is how it works. 118 00:10:07,360 --> 00:10:17,200 You get to see all these subdomain for this right to a deck and everything about how this has been selected 119 00:10:17,200 --> 00:10:17,940 and everything. 120 00:10:17,950 --> 00:10:18,210 Right. 121 00:10:18,760 --> 00:10:27,880 BuzzFeed, Leive Analytics Studio and Safety Legal Guide stream, all this stuff. 122 00:10:27,880 --> 00:10:28,110 Right. 123 00:10:28,510 --> 00:10:33,490 This is how we can actually load multiple subdomain. 124 00:10:33,490 --> 00:10:34,840 We can find those subdivisional. 125 00:10:34,990 --> 00:10:36,270 But wait for a second. 126 00:10:36,280 --> 00:10:44,050 We can't even get the hidden subdomains as well as there are some domains, subduct, some some subdomains 127 00:10:44,050 --> 00:10:46,960 which are easily discoverable. 128 00:10:47,050 --> 00:10:54,250 But there are some bits which you can't really detected from search engines for that to you, for in 129 00:10:54,250 --> 00:10:57,360 that case, we have to make use of some modules. 130 00:10:57,370 --> 00:10:58,350 And that is right. 131 00:10:58,360 --> 00:11:02,650 So we can we can apply innumerous. 132 00:11:02,680 --> 00:11:05,140 And the module is Rukun. 133 00:11:05,950 --> 00:11:11,830 And this is in this case, will be making use of brute force, brute force sort of attack. 134 00:11:14,220 --> 00:11:15,960 And then let's run this. 135 00:11:16,530 --> 00:11:25,410 OK, so this is going to run for all the possible subdomain that could exist for any possible sites. 136 00:11:25,440 --> 00:11:25,780 OK. 137 00:11:26,310 --> 00:11:35,780 And this is going to run all across all across the the the possible dictionary for for this upcoming. 138 00:11:35,790 --> 00:11:36,010 Right. 139 00:11:36,360 --> 00:11:44,460 You can stop anywhere if you feel it's done, although it might take a lot of time once it is done. 140 00:11:50,010 --> 00:12:00,090 OK, once it is done, you can get I'm so sorry, so, you know, you're good, you get to see all the 141 00:12:00,090 --> 00:12:02,090 possible hosting deals, right? 142 00:12:03,450 --> 00:12:06,300 And there are corresponding IP addresses as rather right. 143 00:12:07,170 --> 00:12:15,630 This is how you can get the subdomain information which are publicly available through the search engines. 144 00:12:16,200 --> 00:12:22,800 And also you can find the hidden subdomain as well by making use of brute force attack. 145 00:12:22,800 --> 00:12:23,070 Right. 146 00:12:24,060 --> 00:12:25,440 Isn't it really cool? 147 00:12:26,130 --> 00:12:29,510 That's what American energy brings to the table. 148 00:12:29,520 --> 00:12:29,790 Right. 149 00:12:30,570 --> 00:12:31,020 All right. 150 00:12:31,020 --> 00:12:34,050 So I hope you like this nation will get you in the next one. 151 00:12:34,380 --> 00:12:34,800 Thank you.