1 00:00:00,360 --> 00:00:06,900 OK, so the next tool that we're going to use is actually a website called Search DNS, dot net craft 2 00:00:06,900 --> 00:00:07,650 dot com. 3 00:00:07,890 --> 00:00:14,130 So you can use this Web site, you know, to give you insight on DNS information for a given domain 4 00:00:14,340 --> 00:00:19,210 so you can potentially learn things like, you know, the names of all the subdomains that exist for 5 00:00:19,210 --> 00:00:19,860 a domain. 6 00:00:20,460 --> 00:00:29,310 Who owns that domain IP addresses of their servers, names, server addresses, DNS admin information. 7 00:00:29,580 --> 00:00:33,810 You know, where is where these servers that these websites hosted. 8 00:00:33,960 --> 00:00:40,170 And you can even learn the operating system sometimes that is actually running on this system. 9 00:00:40,410 --> 00:00:45,150 OK, so when you get back into Kaylin, just click the little icon right here and just open a Web browser 10 00:00:45,300 --> 00:00:49,800 and it's going to take you to like the home like callisthenics page, like by default. 11 00:00:50,010 --> 00:00:51,930 It's just a file that's on the system. 12 00:00:52,650 --> 00:00:57,990 Like a copy of the website is online so we can do its search. 13 00:00:58,410 --> 00:01:02,880 DNS, the next cruft dot com. 14 00:01:04,490 --> 00:01:10,130 And just give it a second to load and then we're going to have an option, so let's say a site contains 15 00:01:10,490 --> 00:01:16,490 let's just say we're doing doo doo doo doo doo Amazon.com. 16 00:01:16,490 --> 00:01:18,550 We just want to learn a little bit more about Amazon. 17 00:01:19,340 --> 00:01:21,300 So let's go ahead. 18 00:01:21,320 --> 00:01:25,560 So we accept these cookies we're learning about. 19 00:01:25,580 --> 00:01:27,760 So you see right here, this is Amazon.com. 20 00:01:27,770 --> 00:01:31,550 This is a subdomain and click on this to figure out information. 21 00:01:31,550 --> 00:01:36,230 But you can see right here as like a little sciver portraying click on and get more information. 22 00:01:36,410 --> 00:01:38,270 But it has the operating system right here. 23 00:01:38,270 --> 00:01:46,250 Obviously, Amazon.com is running Microsoft Windows Server 2012, which isn't really the best idea right 24 00:01:46,250 --> 00:01:48,260 now since it's 20 20. 25 00:01:48,740 --> 00:01:53,880 But we're getting different subdomains and just different information. 26 00:01:53,880 --> 00:01:56,370 And as a report like on each one that we can look at. 27 00:01:57,110 --> 00:01:58,070 So it's pretty neat. 28 00:01:58,430 --> 00:02:01,870 And you can gather just a lot more information on our website. 29 00:02:01,880 --> 00:02:05,180 So if you're doing like a penetration test, you can get all kinds of information that people don't 30 00:02:05,180 --> 00:02:06,050 know on the Internet. 31 00:02:06,290 --> 00:02:11,470 So you can see this is all publicly available information so that anyone can just go out and, you know, 32 00:02:11,480 --> 00:02:16,100 search the Internet for it is definitely something that's worth using when you're conducting like an 33 00:02:16,100 --> 00:02:17,410 external assessment. 34 00:02:17,540 --> 00:02:18,490 See, it's pretty good. 35 00:02:18,500 --> 00:02:21,920 You know, you can have you get an IP address right here. 36 00:02:22,130 --> 00:02:25,820 We have the operating system is pretty neat. 37 00:02:25,820 --> 00:02:30,980 So I recommend that you guys definitely add this to your arsenal if you don't like passive recognizer's.