1
00:00:10,090 --> 00:00:15,340
So let us get started with the last lecture of information gathering, and in this lecture, we will

2
00:00:15,340 --> 00:00:17,590
use a search engine showdown.

3
00:00:17,920 --> 00:00:23,050
Sudan is basically a tool which is used to get information about the devices which are connected to

4
00:00:23,050 --> 00:00:25,900
the Internet, for example, Iot devices.

5
00:00:26,320 --> 00:00:29,620
And it is really a useful information, useful tool.

6
00:00:29,620 --> 00:00:37,050
If you want to find out the information regarding Wi-Fi, then CCTV cameras, Iot devices, etc..

7
00:00:37,390 --> 00:00:41,950
So for this force, do we need to go to the browser on all browser?

8
00:00:42,220 --> 00:00:46,260
And then I will show you how to use Shuren to carry out valuable information.

9
00:00:46,270 --> 00:00:48,030
So let us get started.

10
00:00:51,000 --> 00:00:57,390
So as you can see, we have used the Google to launch showdown, so what you have to type is just type

11
00:00:57,390 --> 00:01:05,310
Suranne as it should be, and and then hit enter the first website, Shora and not IO is the website,

12
00:01:05,310 --> 00:01:07,060
which is very useful.

13
00:01:07,440 --> 00:01:14,270
Now here you can either register or create your account and then serve or you can just serve.

14
00:01:14,280 --> 00:01:19,770
But for the purpose of getting more information, I will click, login or register.

15
00:01:20,260 --> 00:01:23,210
I will register in front of you, so I will click register button.

16
00:01:23,220 --> 00:01:29,250
And if this window appears in front of you, you just have to fill in your username and password and

17
00:01:29,250 --> 00:01:30,990
then create an account for shodan.

18
00:01:31,380 --> 00:01:34,170
So I will now create account for myself.

19
00:01:36,150 --> 00:01:41,570
So right now, I'm in the front page of the show right now, once you register for the account, you'll

20
00:01:41,580 --> 00:01:42,960
get an activation email.

21
00:01:42,960 --> 00:01:46,950
Please click that link and then head on to the main page of Suranne.

22
00:01:47,400 --> 00:01:48,290
So what is your plan?

23
00:01:48,780 --> 00:01:54,560
As you can see on the screen, which is Suranne is your browser, which is used to basically search

24
00:01:54,580 --> 00:01:59,850
the devices which are connected to the Internet, for example, the Wi-Fi, then network security tools,

25
00:01:59,850 --> 00:02:02,510
CCTV cameras and much more.

26
00:02:03,000 --> 00:02:07,620
So what we just write in the search box will write, oh, that's a webcam.

27
00:02:10,160 --> 00:02:17,360
Let's see what let's see what we can get if you click search, we can get IP addresses of all the Web

28
00:02:17,360 --> 00:02:21,280
cameras which are being installed and connected to the Internet.

29
00:02:22,190 --> 00:02:30,170
And these the are actually the live webcams, so if the webcam is not configured, the hacker can click

30
00:02:30,170 --> 00:02:33,170
and, you know, just explode the camera.

31
00:02:33,170 --> 00:02:38,710
So I've clicked the first IP address here and see what I can get out of this IP address.

32
00:02:39,080 --> 00:02:45,050
Now, some IP addresses cannot be Lauder's will just go back and then check if we can get some other

33
00:02:45,050 --> 00:02:45,890
IP addresses.

34
00:02:49,540 --> 00:02:51,220
So I've clicked the IP address.

35
00:02:56,670 --> 00:03:02,370
So right now, I click IP address one fifty nine point one thirty eight point two, forty one point

36
00:03:02,370 --> 00:03:03,020
twenty five.

37
00:03:03,030 --> 00:03:09,450
And I've got the location that the country, the organization, the Internet service provider.

38
00:03:09,810 --> 00:03:16,070
The last update was on It's Too Late the day, which I have been shooting this video.

39
00:03:16,350 --> 00:03:22,400
Then I've also got the ports which are open like eighty, eighty, eighty one, eighty to eighty two

40
00:03:22,410 --> 00:03:23,130
also open.

41
00:03:23,130 --> 00:03:26,250
And if I scroll down I can get the services.

42
00:03:26,250 --> 00:03:32,790
And if you closely observe this content header, you can see that it is it is powered by speed darknet.

43
00:03:33,090 --> 00:03:39,870
It is powered by using the Apache Fusion is Pinole Bujon then the languages and using English.

44
00:03:40,140 --> 00:03:47,670
And if you scroll down you will get a lot of information about the actual website or the web camera

45
00:03:47,670 --> 00:03:48,940
which is connected to the Internet.

46
00:03:50,250 --> 00:03:52,500
Now I will explore another camera.

47
00:03:52,500 --> 00:03:56,280
Um, let's say I get a webcam, so I will just click the arrow.

48
00:03:56,790 --> 00:04:00,930
And as you can see on the screen, we have got a live camera out here.

49
00:04:01,380 --> 00:04:04,740
Now, this this camera is actually not secured.

50
00:04:05,040 --> 00:04:07,260
So let us try doing some things.

51
00:04:07,920 --> 00:04:11,340
I will just go up and I will click source three JavaScript.

52
00:04:11,340 --> 00:04:15,520
I will just change anything that is the only source five.

53
00:04:15,540 --> 00:04:21,540
And they go, I can actually see that camera that is in Serbia and it is a live camera.

54
00:04:21,840 --> 00:04:23,790
I will again check another source.

55
00:04:24,600 --> 00:04:30,390
And if I let's say I this was the source, then you can see this is the live recording.

56
00:04:30,390 --> 00:04:33,030
So hackers can actually hack this.

57
00:04:33,450 --> 00:04:40,770
Now, if you go and if at the bottom you can see it is powered by a webcam, seven words and one point

58
00:04:40,770 --> 00:04:41,940
five point three zero.

59
00:04:42,240 --> 00:04:43,650
Now that is here on the Google.

60
00:04:45,890 --> 00:04:47,270
That is, it will end there.

61
00:04:47,300 --> 00:04:49,340
You can type webcam seven.

62
00:04:52,340 --> 00:04:54,800
And then just type the virgin.

63
00:04:55,750 --> 00:05:02,470
One point, five point, let us see what was the verdict and just see the Virgin again, it is one point

64
00:05:02,480 --> 00:05:08,590
yes, one point five point three, one point five point three point zero.

65
00:05:08,590 --> 00:05:11,080
And you can go there and find the default password.

66
00:05:11,680 --> 00:05:19,420
Just go down and click and you will get a lot of it if you just go to any random site, will find a

67
00:05:19,420 --> 00:05:20,320
lot of information.

68
00:05:20,320 --> 00:05:20,800
There you go.

69
00:05:20,800 --> 00:05:23,260
You have the login page of the game seven.

70
00:05:23,530 --> 00:05:29,290
And what hackers do is hackers try and brute force all these systems.

71
00:05:29,290 --> 00:05:33,070
I'm trying a random password admin, which is the default password for many servers.

72
00:05:33,370 --> 00:05:35,780
And the password is which means this is secure.

73
00:05:36,040 --> 00:05:39,340
But again, this page might have vulnerabilities.

74
00:05:39,700 --> 00:05:44,700
So now you can see here the wording is one point two point four point zero.

75
00:05:44,950 --> 00:05:51,430
So what hackers will do is hackers will go on to some websites where experts are already available and

76
00:05:51,430 --> 00:05:57,610
they can just enter the world number in the webcam number and they will find out that the experts and

77
00:05:57,610 --> 00:06:00,350
now you can see that the connection is not secure.

78
00:06:00,610 --> 00:06:08,650
This is not a secure website, which means that hackers can even hack this website.

79
00:06:10,330 --> 00:06:10,900
So.

80
00:06:11,940 --> 00:06:17,070
So we saw how you can actually gather a lot of information, so what you find out to find out which

81
00:06:17,070 --> 00:06:21,000
version of a camera was using, you also find out the default passwords.

82
00:06:21,010 --> 00:06:22,110
You got a login page.

83
00:06:22,470 --> 00:06:28,000
And what hackers can do is hackers can use automatic scanning tools to get the vulnerabilities.

84
00:06:28,170 --> 00:06:30,390
And this is why shorthand is really useful.

85
00:06:30,780 --> 00:06:36,020
Now, what we'll do is we'll go again and we will see another Web cam if it is live.

86
00:06:36,030 --> 00:06:37,070
And there you go.

87
00:06:37,320 --> 00:06:38,400
It is again live.

88
00:06:38,700 --> 00:06:45,840
So you can also get a function that you can actually tilt, zoom and change the angle so you can see

89
00:06:46,170 --> 00:06:47,510
if you click the buttons.

90
00:06:47,610 --> 00:06:51,210
This might change, but in our case, it's not changing.

91
00:06:51,210 --> 00:06:51,420
It's.

92
00:06:52,980 --> 00:06:59,340
So, uh, I guess the website is not functioning properly, so this is how Web cam really works.

93
00:06:59,550 --> 00:07:01,330
If it is, let's check on source.

94
00:07:01,350 --> 00:07:06,150
Do we actually have something inside the house?

95
00:07:06,600 --> 00:07:10,440
And this camera is actually, you know, connected to the Internet.

96
00:07:11,970 --> 00:07:17,210
So you can see as a security expert, this information is really very crucial.

97
00:07:17,490 --> 00:07:21,150
Now, go up in the search bar and let search verify.

98
00:07:26,490 --> 00:07:26,790
And.

99
00:07:27,820 --> 00:07:35,410
You can see all these wildfires are actually connected to the Internet and let us check one of the wildfires.

100
00:07:35,860 --> 00:07:38,580
Let's check the one in the Hong Kong.

101
00:07:38,950 --> 00:07:46,030
And yes, just if prompts, let's click advanced and go ahead accept the risk.

102
00:07:46,030 --> 00:07:46,240
And

103
00:07:49,360 --> 00:07:50,620
there you go again.

104
00:07:50,620 --> 00:07:57,430
Got some login page, which is how you like, you know, again, as a hacker or as a security expert,

105
00:07:57,430 --> 00:08:03,970
my first steam would be to crawl the Web site to use the FTTH to track a website, Koppio, to download

106
00:08:03,970 --> 00:08:06,490
the website, to check the virgin of the website.

107
00:08:06,490 --> 00:08:10,160
And then I will see if I find any experts available on the Internet.

108
00:08:10,990 --> 00:08:18,160
So this is how hackers use Suranne basically to find out all the devices which are connected to the

109
00:08:18,160 --> 00:08:18,670
Internet.

110
00:08:18,910 --> 00:08:25,920
And in this article, we also saw that the webcam, which was connected to the Internet, actually peeks

111
00:08:25,930 --> 00:08:27,040
inside of a house.

112
00:08:27,640 --> 00:08:31,650
So this is how Shonen is really very useful in getting a track.

113
00:08:31,660 --> 00:08:38,460
You can also find Iot devices like robots or computers which are connected to the Internet and are open.

114
00:08:38,860 --> 00:08:46,330
So again, using these tools requires your knowledge, your search filters, how you apply proper steps.

115
00:08:46,690 --> 00:08:49,710
And the most important is your target should be fixed.

116
00:08:49,960 --> 00:08:53,320
You can't just come here and say, I want to search your life and hack.

117
00:08:53,680 --> 00:08:55,510
It is a target based system.

118
00:08:55,520 --> 00:09:00,760
You should be forced, fixed your target and then use the information gathering tools.

119
00:09:01,060 --> 00:09:03,700
So this was all for this lecture.

120
00:09:03,700 --> 00:09:10,510
And from the next lecture we will see the second phase of ethical hacking, which is scanning and enumerating

121
00:09:10,510 --> 00:09:11,050
targets.

122
00:09:11,200 --> 00:09:13,890
So let us get started with the second phase.

123
00:09:14,290 --> 00:09:19,330
If you have any doubts, please feel free to ask us to read out sessions.