1
00:00:00,090 --> 00:00:01,780
Hello everybody and welcome back.

2
00:00:01,780 --> 00:00:08,940
And in this lecture we will cover one more foot printing tool which is basically called who is now the

3
00:00:08,940 --> 00:00:15,700
WHO is is an important for printing tool because it basically gives us a bunch of informations about

4
00:00:15,700 --> 00:00:17,480
the website that we scanned.

5
00:00:17,820 --> 00:00:23,670
Now the information can be used for multiple further attacks since the information that we get from

6
00:00:23,670 --> 00:00:30,540
the Web site from the voice command or program is basically who is who registered the website where

7
00:00:30,540 --> 00:00:31,450
is it registered.

8
00:00:31,470 --> 00:00:33,900
Which date does the registration expires.

9
00:00:33,930 --> 00:00:41,250
We get a bunch of addresses telephone numbers email addresses and bunch of the other options so let

10
00:00:41,250 --> 00:00:48,120
us just type here just who is it is installed in the clinic so you don't need to install it.

11
00:00:48,150 --> 00:00:50,030
You will have it already there.

12
00:00:50,130 --> 00:00:55,580
And as we can see what the usage is is who is then the option then the object.

13
00:00:55,590 --> 00:00:58,010
These are bunch of the options that you have.

14
00:00:58,050 --> 00:01:02,690
We will not cover it and we will just basically scan the site with the host option.

15
00:01:02,940 --> 00:01:05,670
So we will just type here.

16
00:01:05,670 --> 00:01:11,040
Let's scan a big site for example so we can so that we can get a bunch of the information.

17
00:01:11,040 --> 00:01:12,650
So CNN dot com.

18
00:01:13,050 --> 00:01:16,230
If you type here who is CNN dot com.

19
00:01:16,230 --> 00:01:25,770
It should print out a bunch of the publicly available information about that Web site let us just wait

20
00:01:25,770 --> 00:01:29,140
for this to finish it shouldn't take too long.

21
00:01:31,820 --> 00:01:32,950
Here we go now.

22
00:01:32,990 --> 00:01:39,350
First thing we see right here is that the notice one which says you're not authorized to access a query

23
00:01:39,440 --> 00:01:44,990
or who is database through the use of high volume automated electronic process or for the purpose or

24
00:01:44,990 --> 00:01:51,260
process or purposes of using data in any manner that violates those these Terms of Use.

25
00:01:53,180 --> 00:01:55,670
So basically this is not illegal.

26
00:01:55,670 --> 00:02:00,320
You can see right here by submitting a who is query you agree to abide by the following in terms of

27
00:02:00,320 --> 00:02:01,220
use.

28
00:02:01,370 --> 00:02:05,400
You agree that you may use the data only for lawful purposes.

29
00:02:05,450 --> 00:02:12,440
So basically you shouldn't be using any of these data for any of the attacks that will cover if you

30
00:02:12,440 --> 00:02:17,210
do not have permission to do so we'll just check out the data.

31
00:02:17,210 --> 00:02:19,300
We will not use it for any further attacks.

32
00:02:19,310 --> 00:02:23,100
So let's just see what we got from this comment.

33
00:02:23,300 --> 00:02:27,070
As you can see the first thing we have here is the domain name that we typed.

34
00:02:27,140 --> 00:02:35,420
CNN dot com the registry domain I.D. we can see that the registry who is server is this one.

35
00:02:35,420 --> 00:02:38,180
Now most of these commands do not really interest us.

36
00:02:38,180 --> 00:02:43,070
We can see this could be possibly interesting for us which is the name server it would be useful for

37
00:02:43,070 --> 00:02:44,850
some of these DNS attacks.

38
00:02:45,110 --> 00:02:50,500
But until then we will just check out all of these options.

39
00:02:50,510 --> 00:02:53,360
Let me just see if there is anything interesting right here.

40
00:02:53,360 --> 00:02:55,950
Register abuse contact e-mail.

41
00:02:55,970 --> 00:02:58,490
We can see an e-mail right here.

42
00:02:58,490 --> 00:03:05,940
Contact phone registry expiry date so we can see when does it expire.

43
00:03:06,090 --> 00:03:07,450
Creation Date.

44
00:03:07,590 --> 00:03:09,230
Updated date.

45
00:03:09,320 --> 00:03:12,900
It does go a little bit down here.

46
00:03:12,900 --> 00:03:13,800
Terms of Use.

47
00:03:13,800 --> 00:03:16,530
OK registry the main idea.

48
00:03:16,530 --> 00:03:20,010
This is basically all that we seen already.

49
00:03:22,500 --> 00:03:28,350
So here are some of the publicly available information so you can see the registrant email team group

50
00:03:28,410 --> 00:03:29,550
at Turner dot com.

51
00:03:29,550 --> 00:03:35,320
So for example if you were an attacker and you were hard to test a company and you test their their

52
00:03:35,380 --> 00:03:41,340
website ideas and you be a bunch of these emails you can use them for some of these further attacks

53
00:03:41,370 --> 00:03:48,390
such as a malware sending you can send a malware for example from this email is just a hypothetical

54
00:03:48,390 --> 00:03:49,720
example.

55
00:03:50,010 --> 00:03:55,710
It can be used for somebody for their attacks such as sending malware to this email and hopefully waiting

56
00:03:55,710 --> 00:04:02,540
for someone to open it then you will have a backdoor install on the inside of the company.

57
00:04:02,550 --> 00:04:09,950
So here we can see more of the publicly available options such as directs city state postal code country

58
00:04:10,910 --> 00:04:20,010
bunch of the other mobile phones emails as we said here down here we just see another email right here

59
00:04:20,160 --> 00:04:25,180
and the name server as we can see this can be useful.

60
00:04:25,290 --> 00:04:26,300
Let me just check you.

61
00:04:26,300 --> 00:04:34,340
That is that so basically you use this command in order to gather more information about the company.

62
00:04:34,570 --> 00:04:38,230
It surely can provide some of the information you might need.

63
00:04:38,830 --> 00:04:45,090
So in order to for example say this to a file as we did in the previous command in the previous lecture

64
00:04:45,100 --> 00:04:51,810
with Nick though let me just see if it has an option to save to a file.

65
00:04:51,940 --> 00:04:54,440
I'm not sure if it does but if it doesn't.

66
00:04:54,520 --> 00:04:58,540
You can do that with simply a digital screen.

67
00:04:58,760 --> 00:05:01,150
Here let me go to the root directory.

68
00:05:02,320 --> 00:05:03,930
So we're in the root directory.

69
00:05:03,940 --> 00:05:13,260
You can just appeared in command and you can type the arrow into result of the XY now.

70
00:05:13,320 --> 00:05:21,590
It won't print out anything here I believe and it will print all of the output into the result a text

71
00:05:21,680 --> 00:05:22,020
file.

72
00:05:22,770 --> 00:05:27,780
So when this finishes we should have a file with all of these things written to it.

73
00:05:27,810 --> 00:05:34,680
As you can see we didn't get any output but if we click here unless we could type here unless we can

74
00:05:34,680 --> 00:05:40,590
see the result that 60 let's get that file and we should have all of our information available in that

75
00:05:40,590 --> 00:05:45,360
file now so you can send it to someone if you want to or you can just have it.

76
00:05:45,420 --> 00:05:49,340
So you don't have to type the command every time in order to check something out.

77
00:05:49,440 --> 00:05:56,620
Now since I don't need a file I will just delete it and that's basically it for this program.

78
00:05:56,730 --> 00:05:59,590
You will find it useful sometimes and sometimes not.

79
00:05:59,610 --> 00:06:06,930
But in the next lecture we will cover the email harvesting which will use a program called harvester.

80
00:06:06,980 --> 00:06:09,440
I'm truly sure if it's installed.

81
00:06:15,180 --> 00:06:16,040
Yeah I'm sure.

82
00:06:16,040 --> 00:06:20,640
Yeah it is installed in the clinic so we will cover it in the next lecture.

83
00:06:20,800 --> 00:06:24,780
And until then you can practice these two programs that we covered.

84
00:06:24,840 --> 00:06:30,390
From now on including the Google hacking and NICTA and you can also practice with the WHO is program

85
00:06:31,320 --> 00:06:34,400
to find as much information as you can.

86
00:06:34,530 --> 00:06:38,820
Now the sit for this lecture and I hope I see you in next tutorial by.