Would you like to inspect the original subtitles? These are the user uploaded subtitles that are being translated: 1 00:00:00,680 --> 00:00:01,400 Welcome back. 2 00:00:01,970 --> 00:00:07,640 In this video, we want to check out how we can get an IP address from a certain website as well as 3 00:00:07,640 --> 00:00:09,930 some additional information about it. 4 00:00:10,610 --> 00:00:16,970 So since we can't really do this with our own eyes, because this is a virtual machine that's hosting 5 00:00:16,970 --> 00:00:22,880 a website inside of our local network, so it doesn't really have a domain name or should I say a link. 6 00:00:23,210 --> 00:00:25,060 We already have its IP address right here. 7 00:00:25,070 --> 00:00:32,000 So we're just going to take a look at how we can get an IP address from some random website online to 8 00:00:32,000 --> 00:00:32,460 do that. 9 00:00:32,480 --> 00:00:37,590 Let's first open up our terminal and there are a couple comments that you will lose a lot. 10 00:00:38,420 --> 00:00:43,740 First comment, which we already performed in a previous lecture, is called Pink. 11 00:00:44,540 --> 00:00:50,100 Now, pink comment allows us to determine whether a host is online or offline. 12 00:00:50,570 --> 00:00:58,940 For example, if I type pink and then the IP address of my wesp virtual machine and press enter, it 13 00:00:58,940 --> 00:01:04,510 will continue pinging the virtual machine, which we can determine that this machine is up and running. 14 00:01:05,330 --> 00:01:07,700 Now, to stop this, let's press control. 15 00:01:07,700 --> 00:01:15,280 See, and besides using pink and then the IP address, we can also use Pink with our website name, 16 00:01:15,470 --> 00:01:20,690 for example, we can type in Google dot com and it will perform the same thing. 17 00:01:21,020 --> 00:01:27,500 And as we can see, we are also getting the response from Google dot com and in the brackets we're also 18 00:01:27,500 --> 00:01:29,340 getting an IP address. 19 00:01:29,660 --> 00:01:34,980 So with this comment, we did manage to get an IP address of Google dot com. 20 00:01:35,690 --> 00:01:42,290 Now, one thing to take in is that this comment or the comment doesn't necessarily always tell us the 21 00:01:42,290 --> 00:01:42,720 truth. 22 00:01:42,980 --> 00:01:47,720 Some websites might block ping probes and we might not be able to ping them. 23 00:01:47,720 --> 00:01:49,820 However, they could still be online. 24 00:01:49,970 --> 00:01:52,340 And we're going to take a look at that later on. 25 00:01:52,340 --> 00:01:57,170 But just keep it in mind for now that if the pinging doesn't work, it doesn't necessarily mean that 26 00:01:57,170 --> 00:01:58,610 the website is offline. 27 00:01:59,210 --> 00:02:07,880 OK, now another comment that you can use to determine the IP address of a website is called Post if 28 00:02:07,880 --> 00:02:08,630 you type post. 29 00:02:08,990 --> 00:02:11,330 And let's right now use, for example, Tesla. 30 00:02:11,780 --> 00:02:13,490 So Tesla dot com. 31 00:02:15,070 --> 00:02:21,760 It will tell us Tesla dot com has an address or one ninety nine, sixty six, eleven and then sixty 32 00:02:21,770 --> 00:02:28,030 two, it also gives us some additional information such as Tesla dot com mail is handled by this. 33 00:02:28,550 --> 00:02:33,580 OK, so this is additional information, but we are mostly interested in this. 34 00:02:34,300 --> 00:02:39,460 Don't worry, if you get the different IP address for these bigger websites, it's normal because they 35 00:02:39,460 --> 00:02:42,010 are not hosted only on one IP address. 36 00:02:42,580 --> 00:02:48,240 And the third way that we can determine is with the help of a command called NSA lookup. 37 00:02:48,310 --> 00:02:55,030 See, if I type NSA lookup dot com, it will give me a response of my server or my DNS server, or in 38 00:02:55,030 --> 00:02:59,680 this case, my router, which is hosted at the IP address of to the 168 that want one. 39 00:03:00,160 --> 00:03:03,040 And the answer to our question will be down here. 40 00:03:03,400 --> 00:03:10,990 The name that we searched is Tesla dot com and we got an IP address of one ninety nine six six eleven 41 00:03:10,990 --> 00:03:14,710 and then sixty two, which is the same IP address as we got right here. 42 00:03:15,970 --> 00:03:21,250 But besides getting an IP address, we can also extract some additional information that is publicly 43 00:03:21,250 --> 00:03:28,900 available, we can do that by using a tool called Who Is Now Who is a Tool, is used for gathering information 44 00:03:28,900 --> 00:03:33,600 about details of websites, registration that the owner of website provides. 45 00:03:34,480 --> 00:03:40,630 This usually provides us with some additional context, such as emails, phone numbers and also some 46 00:03:40,630 --> 00:03:41,790 physical addresses. 47 00:03:42,310 --> 00:03:43,200 Let's give it a try. 48 00:03:43,720 --> 00:03:47,020 So let's type who is Tesla dot com? 49 00:03:48,860 --> 00:03:55,180 Can we get bunch of reply right here, we can already see that we're getting some phone numbers right 50 00:03:55,180 --> 00:03:55,510 here. 51 00:03:56,030 --> 00:03:59,590 If you scroll a little bit up, we are getting name servers. 52 00:03:59,980 --> 00:04:06,610 We're getting some postal code street city, basically the physical address, including some phone numbers 53 00:04:06,610 --> 00:04:07,030 as well. 54 00:04:08,060 --> 00:04:15,530 We get information about Admon so we can see the admin name, the organization, Street, City and phone 55 00:04:15,530 --> 00:04:21,650 number, some other information as well, domain status if we go up. 56 00:04:22,540 --> 00:04:28,270 OK, so here is even more information, we get name servers right here, I believe these are the same 57 00:04:28,270 --> 00:04:30,000 as the ones that we passed below. 58 00:04:30,430 --> 00:04:34,320 We get more phone numbers, some email address as well. 59 00:04:34,690 --> 00:04:38,910 So we do get some information right here about the website. 60 00:04:39,700 --> 00:04:43,710 Usually these large outputs will be given for larger websites. 61 00:04:43,720 --> 00:04:49,180 For example, if you were to try who is command on some not that known website, it probably wouldn't 62 00:04:49,180 --> 00:04:55,600 give as much information as we got right here, as always, besides of using command line tools. 63 00:04:55,930 --> 00:04:57,520 Oops, what happened here? 64 00:04:57,530 --> 00:04:58,750 Let's clear the terminal. 65 00:04:59,440 --> 00:05:04,930 And besides using the command line tools that we will always use, you can also take a look at some 66 00:05:04,930 --> 00:05:11,890 website that will also give you information about a different website that is also called Passive Information 67 00:05:11,890 --> 00:05:12,430 Gathering. 68 00:05:12,730 --> 00:05:13,570 Why passive? 69 00:05:14,020 --> 00:05:20,370 Once we pinged our website and we used host and then look up and who is from our command line, we performed 70 00:05:20,380 --> 00:05:25,180 active information gathering because we pretty much interacted with the website the whole time. 71 00:05:25,870 --> 00:05:31,510 But once you do the same thing through a different website, it's called passive information gathering, 72 00:05:31,750 --> 00:05:37,630 because our Target website won't be able to see who searched that information for them because we never 73 00:05:37,630 --> 00:05:39,450 interacted with that website. 74 00:05:39,730 --> 00:05:43,070 We went through a third party website that did all of that for us. 75 00:05:43,660 --> 00:05:49,960 So, for example, we can type websites, IP and find some Web site that will determine the IP of our 76 00:05:49,960 --> 00:05:50,470 target. 77 00:05:50,860 --> 00:05:52,690 Let's visit this first one. 78 00:05:53,600 --> 00:05:57,200 Which is at Lync site twenty four x seven dot com. 79 00:05:58,320 --> 00:06:02,100 And it's pretty much does what it says, it finds an IP address. 80 00:06:02,130 --> 00:06:07,380 So if we were typed, for example, W w w Google dot com. 81 00:06:08,520 --> 00:06:16,740 Find IP, it would give us the IP address of w w w Google dot com and we can also get some other information 82 00:06:16,740 --> 00:06:19,680 if we go to DNS analysis right here. 83 00:06:21,930 --> 00:06:24,030 So we do get something right here. 84 00:06:24,060 --> 00:06:25,590 Here are the name servers. 85 00:06:26,070 --> 00:06:28,810 We got four of them as we should get. 86 00:06:28,860 --> 00:06:35,970 We also get the reverse lookup so we can also perform DNS analysis right here and gather information 87 00:06:36,210 --> 00:06:38,870 from this third party website as well. 88 00:06:39,830 --> 00:06:46,100 OK, awesome, but these are all basic things, so we're pretty much just getting the IP address of 89 00:06:46,100 --> 00:06:51,350 the website for now and we also performed some Google talking in order to find some useful information 90 00:06:51,350 --> 00:06:52,140 that we might need. 91 00:06:52,910 --> 00:06:58,070 We did perform Who is command that gave us some additional information, such as phone numbers, email 92 00:06:58,070 --> 00:07:00,620 addresses and physical location. 93 00:07:00,620 --> 00:07:02,480 But these are all basic stuff. 94 00:07:02,480 --> 00:07:05,270 We want to get to the technical side, our website. 95 00:07:05,960 --> 00:07:10,040 And in the next lecture, we are going to check out a tool called WhatsApp. 96 00:07:10,700 --> 00:07:12,740 That is the tool that you will also use a lot. 97 00:07:12,740 --> 00:07:16,890 And it's pretty useful in discovering technologies that are behind the website. 98 00:07:17,630 --> 00:07:20,720 Nonetheless, thank you for watching and I will see you in the next lecture. 10579