Would you like to inspect the original subtitles? These are the user uploaded subtitles that are being translated: 1 00:00:00,270 --> 00:00:02,700 Hello everybody and welcome back. 2 00:00:02,700 --> 00:00:09,550 And right now we are slowly entering our foot printing section which will be the last part of the big 3 00:00:09,570 --> 00:00:15,900 intersection including the scanning section that we will do right after we cover the foot printing. 4 00:00:16,830 --> 00:00:18,420 Well before we begin. 5 00:00:18,450 --> 00:00:25,470 While our machine is starting up let us just explain a little bit more what the printing is. 6 00:00:25,560 --> 00:00:29,010 So first of all there are two types of foot printing. 7 00:00:29,010 --> 00:00:31,290 One is active and one is passive. 8 00:00:31,980 --> 00:00:39,080 Now the active foot printing basically requires some in some interaction with the target that you're 9 00:00:39,090 --> 00:00:45,570 trying to attack while the passive foot printing is basically just gathering all of the public available 10 00:00:45,570 --> 00:00:48,480 information for your target. 11 00:00:48,480 --> 00:00:55,740 So for example if your target has a Facebook account Twitter or basically any other account or any other 12 00:00:55,830 --> 00:01:02,220 source of information from which you can gather some of the valuable stuff you might need. 13 00:01:02,220 --> 00:01:10,650 Now let's say for example your target is a company and as a public information online you have the debt 14 00:01:10,650 --> 00:01:15,360 company for example uses Windows XP on their machines. 15 00:01:15,360 --> 00:01:22,380 You can already cut out the Linux exploits and Windows 10 or 7 exploits and you can basically just focus 16 00:01:22,410 --> 00:01:26,740 on writing up Windows XP exploit. 17 00:01:26,990 --> 00:01:32,490 Now we all know that nobody really uses XP anymore because it is vulnerable and it can. 18 00:01:32,490 --> 00:01:34,360 It is basically an open box. 19 00:01:34,680 --> 00:01:37,620 But that was just an example. 20 00:01:37,620 --> 00:01:44,790 There are lots of public information which you can find. 21 00:01:45,030 --> 00:01:45,320 Sorry. 22 00:01:45,330 --> 00:01:46,910 There was a cut in my recording. 23 00:01:47,100 --> 00:01:55,180 So basically what I was going to say is let's go to the some of the practical methods we Google hacking. 24 00:01:55,270 --> 00:01:57,440 We were comfortable with hacking in this material. 25 00:01:57,450 --> 00:01:59,260 So let me just log in. 26 00:01:59,280 --> 00:02:00,540 That's one two three four 27 00:02:03,310 --> 00:02:06,420 and as soon as this machine pulls up. 28 00:02:06,880 --> 00:02:13,120 Well I mean as soon as my desktop puts up we will open our folks and we will run some of the specific 29 00:02:13,120 --> 00:02:20,040 commands in the Google search bar in order to find some of the stuff we might need. 30 00:02:20,050 --> 00:02:23,430 Now this is just one of the tools for printing that we will cover. 31 00:02:23,710 --> 00:02:33,070 And basically the other ones which will be for example harvester Nikko Sheldon and who is we will cover 32 00:02:33,130 --> 00:02:35,270 in the next lectures but for now on. 33 00:02:35,600 --> 00:02:38,600 Let us just open our Firefox. 34 00:02:38,710 --> 00:02:47,530 So just click on your Firefox icon and basically since it will lead you to your Linux website you want 35 00:02:47,530 --> 00:02:50,150 to navigate to Google so just type here. 36 00:02:50,410 --> 00:02:54,490 The Google dot com I'm just waiting for my Firefox to open 37 00:02:59,940 --> 00:03:02,040 it is taking a little bit of time. 38 00:03:02,040 --> 00:03:02,730 Here we go. 39 00:03:02,730 --> 00:03:07,550 It is basically opening right now so you can just leave here. 40 00:03:07,560 --> 00:03:10,710 We can add another tab and go onto Google that com 41 00:03:25,770 --> 00:03:26,260 OK. 42 00:03:26,320 --> 00:03:33,400 Finally open now let's say for example that's Europe that you want to find all the Web sites that have 43 00:03:33,720 --> 00:03:40,510 a user input that could possibly be vulnerable to the SSL injection for example. 44 00:03:40,510 --> 00:03:50,740 So you just on Google search bar you just type here in your URL and then the two dots space and the 45 00:03:52,180 --> 00:04:05,110 apostrophe then index dot BHP question mark and then Heidi equals just find equals on my keyboard. 46 00:04:05,140 --> 00:04:05,930 Here we go. 47 00:04:05,950 --> 00:04:08,330 And then apostrophe once again. 48 00:04:08,380 --> 00:04:15,400 Now what this will do is it will find all the Web sites that end in the index the BHP question mark 49 00:04:15,430 --> 00:04:18,700 IDR equals and then some number. 50 00:04:18,700 --> 00:04:20,290 Now what does that mean. 51 00:04:20,290 --> 00:04:30,700 Well basically if we click on any of these pages check right here your connection is not secure. 52 00:04:30,860 --> 00:04:32,010 There you go. 53 00:04:32,290 --> 00:04:35,290 Let's go check the number one. 54 00:04:35,320 --> 00:04:38,790 I'm not sure why it says that. 55 00:04:38,870 --> 00:04:39,910 Well I have an idea. 56 00:04:39,950 --> 00:04:41,580 But here we go. 57 00:04:41,590 --> 00:04:48,770 So basically as you can see right here this Web site could possibly be vulnerable to these as your injection. 58 00:04:48,790 --> 00:04:57,140 We can check that easily with the apostrophe and if we tried to log in looking for the two incorrect 59 00:04:57,150 --> 00:04:58,770 e-mail address on passphrase. 60 00:04:58,780 --> 00:05:05,140 So basically this site is imponderable at least at the first try but we won't try it anymore since we 61 00:05:05,140 --> 00:05:06,880 shouldn't really do that. 62 00:05:06,940 --> 00:05:12,430 Basically I just want to show you how to feel throughout all of the Web sites that actually have a user 63 00:05:12,520 --> 00:05:17,140 input which could be vulnerable to the rescue all injection. 64 00:05:17,140 --> 00:05:23,200 So basically anywhere where you can type something and then the Web site page can process it could be 65 00:05:23,200 --> 00:05:30,100 vulnerable to the user input which could be a piece of code that you would tweak the server to run for 66 00:05:30,100 --> 00:05:31,940 you so. 67 00:05:31,950 --> 00:05:34,980 But more about that in the Web site hacking section. 68 00:05:34,980 --> 00:05:39,930 Now that was just one of the comments that we just got on Google. 69 00:05:39,930 --> 00:05:45,360 Once again I don't know why I call it in order to find the comments you might need. 70 00:05:45,360 --> 00:05:51,750 There is Google hacking database which basically you just type here can Google will hacking database 71 00:05:52,740 --> 00:05:59,490 and you click here on the first link and it will lead us to a Web site with bunch of the comments be 72 00:05:59,490 --> 00:06:02,820 used in order to find out the things we might need. 73 00:06:02,820 --> 00:06:07,650 For example passports or visa files or Excel files or anything. 74 00:06:07,650 --> 00:06:10,870 So let's just wait for this to open. 75 00:06:10,920 --> 00:06:12,680 Here it is. 76 00:06:12,810 --> 00:06:16,940 And as you can see it says right here it is the database Web site. 77 00:06:17,310 --> 00:06:23,610 The Google hacking database these are just a bunch of documents which you just copy and paste into Google 78 00:06:23,610 --> 00:06:28,350 search bar and it will list you all the files you are searching. 79 00:06:28,350 --> 00:06:30,260 I'm not really sure what these comments are. 80 00:06:30,270 --> 00:06:36,980 It says right here if we click on the one it will lead us to the command which is this one 81 00:06:39,670 --> 00:06:41,560 now I can only guess what this does. 82 00:06:41,560 --> 00:06:47,140 But we can read it in description doc or finding log in porters were well-known company websites hosted 83 00:06:47,590 --> 00:06:50,880 on famous hosting providers such as all of these. 84 00:06:51,070 --> 00:06:56,620 Basically so these commanders that we can try it out if we want to. 85 00:06:56,680 --> 00:07:00,750 It's not really that useful for us but why not. 86 00:07:00,760 --> 00:07:02,880 So you just copy command. 87 00:07:03,040 --> 00:07:06,100 You can do it from here or you can just copy it from here. 88 00:07:06,160 --> 00:07:11,020 It was the first one so we will just copy and paste it and we will see how it works. 89 00:07:11,650 --> 00:07:12,530 So here we are. 90 00:07:12,540 --> 00:07:18,250 They are all basically account log in as we can see account log in my account log in my account log 91 00:07:18,250 --> 00:07:26,260 in so it all throughout all of the websites which have a directory which is slash my account log in. 92 00:07:26,260 --> 00:07:30,760 Now let's see for example another one. 93 00:07:31,420 --> 00:07:34,060 These are as you can see listed with a date. 94 00:07:34,090 --> 00:07:39,300 So this one of them was yesterday we can go. 95 00:07:39,330 --> 00:07:43,550 Let's go off on this one entitled index of SS age. 96 00:07:43,560 --> 00:07:48,190 Now you can read right here that data you find web servers. 97 00:07:48,330 --> 00:07:54,420 A sage version has such keys as such log ins and SSA to dot EMC files as it says right here. 98 00:07:54,420 --> 00:07:57,800 I found a lot of servers using SSA to one point four. 99 00:07:57,810 --> 00:08:00,900 There are usually plus five years old and full of security holes. 100 00:08:00,930 --> 00:08:04,160 Search and exploit database for as each one turns up. 101 00:08:04,170 --> 00:08:06,760 Plus forty thousand exploits for these. 102 00:08:06,810 --> 00:08:11,660 Some may work so this could be a useful command for us. 103 00:08:11,760 --> 00:08:17,150 We can copy it and see what we find with it. 104 00:08:17,370 --> 00:08:25,800 We won't be attacking any of these since we don't have permission but it sure could be useful later 105 00:08:25,800 --> 00:08:26,000 on 106 00:08:30,940 --> 00:08:33,540 as you can see. 107 00:08:34,170 --> 00:08:37,040 We will not mess with this right now. 108 00:08:37,450 --> 00:08:44,110 What we want to do is only use these commands and we will cover hacking of websites later on but not 109 00:08:44,170 --> 00:08:44,970 on these Web. 110 00:08:44,980 --> 00:08:53,630 But on the Web sites that we do own which we will make in our own virtual environment so you'll need 111 00:08:53,630 --> 00:08:59,060 to use these commands only you can basically if you want to search for the example PDA files you can 112 00:08:59,060 --> 00:09:06,190 type here a quick search the and it will show you the EDF I believe too. 113 00:09:06,220 --> 00:09:08,780 Let's see how to find a PDA. 114 00:09:08,780 --> 00:09:15,040 File a man deliberately do not want that in text please find attached log in packs for it. 115 00:09:15,460 --> 00:09:21,850 Well let's see this could be a PDA file that could contain a password. 116 00:09:22,080 --> 00:09:24,260 I'm not sure if I can do it like this I. 117 00:09:24,260 --> 00:09:29,930 So you as you can see right here these all files are PDA files. 118 00:09:29,930 --> 00:09:33,820 You can see right here all of this is a PDA. 119 00:09:33,860 --> 00:09:35,910 Let's see if we open one. 120 00:09:35,930 --> 00:09:37,850 It will ask us to save these files. 121 00:09:37,850 --> 00:09:39,790 We do not want to save it. 122 00:09:39,820 --> 00:09:44,450 Basically this is just all of the PDA files available on the Internet. 123 00:09:44,480 --> 00:09:50,930 Let's just see the more accurate explanation of these command passwords and information on Target's 124 00:09:51,470 --> 00:09:57,970 employees customers also for spear phishing replace PDA extension with any other document essentially. 125 00:09:57,980 --> 00:09:59,520 Doc doc thanks Steve. 126 00:09:59,570 --> 00:09:59,930 Steve. 127 00:10:00,050 --> 00:10:04,020 Okay so that was PDA. 128 00:10:04,020 --> 00:10:08,570 If you can use any of these commands if you want to know what it does you just click on the command 129 00:10:10,430 --> 00:10:13,780 and this one really doesn't have any explanation. 130 00:10:13,780 --> 00:10:20,540 Let's just check out another one as you can see this command which is pretty huge. 131 00:10:21,510 --> 00:10:25,950 Well basically we'll help you to find out. 132 00:10:25,960 --> 00:10:29,020 Videos published in Google drives. 133 00:10:29,180 --> 00:10:30,440 So example. 134 00:10:30,470 --> 00:10:30,700 Yeah. 135 00:10:30,730 --> 00:10:31,160 OK. 136 00:10:31,370 --> 00:10:32,040 So PDA. 137 00:10:32,120 --> 00:10:32,790 And before. 138 00:10:33,560 --> 00:10:33,890 OK. 139 00:10:33,920 --> 00:10:38,230 So bunch of file extensions for videos. 140 00:10:38,370 --> 00:10:44,390 I'm not really sure why PPF is there but there is possibly a reason for that. 141 00:10:44,820 --> 00:10:56,700 So let's say now for example we do not want a PDA if I want excel file we just type here. 142 00:10:56,960 --> 00:10:59,340 They probably take Excel I'm not really sure. 143 00:11:01,670 --> 00:11:06,080 Is there a nature in their let's just check out real fast 144 00:11:12,050 --> 00:11:15,030 they just excel so let's see. 145 00:11:15,090 --> 00:11:22,600 Once again no matching records found show 50 to OK. 146 00:11:22,630 --> 00:11:24,890 So let me just try it like this. 147 00:11:24,940 --> 00:11:31,830 Now we set here on 120 comments so let me just check this out. 148 00:11:32,230 --> 00:11:38,440 Dot Excel s so finding in order to find an Excel file 149 00:11:41,340 --> 00:11:42,440 that doesn't really matter. 150 00:11:42,440 --> 00:11:43,160 So here we are. 151 00:11:43,160 --> 00:11:51,830 There is no doubt that there is an Excel file which is an excel file and basically if you click there 152 00:11:51,860 --> 00:11:57,500 we can see what else it could find a mix of log in portals and passwords. 153 00:11:59,180 --> 00:12:00,820 But this is a huge command. 154 00:12:00,920 --> 00:12:02,240 We will not use it right now. 155 00:12:03,170 --> 00:12:07,450 So that's all I want to show you. 156 00:12:07,470 --> 00:12:14,100 As you can see they basically explain for every command what it does such as for example this one or 157 00:12:14,100 --> 00:12:21,090 this one admin dashboard if we click on it you can see the explanation which is basically just a lot 158 00:12:21,090 --> 00:12:27,030 of logging portals and could be useful if you for example wanted to find some of the horrible sites 159 00:12:27,030 --> 00:12:34,080 to the specific attacks like we showed in the first in the first command or in the first string that 160 00:12:34,080 --> 00:12:41,520 we type into the Google which was that index not BHP question mark I.D. equals which would lead us to 161 00:12:41,520 --> 00:12:48,000 all of the Web sites with user input it could be possibly vulnerable to as injection. 162 00:12:48,000 --> 00:12:50,230 So that's about it for the Google hacking. 163 00:12:50,250 --> 00:12:55,730 Now if you want to you can scroll down and check out all of these other comments. 164 00:12:55,940 --> 00:12:59,100 It could be useful for you but we won't be doing that soon. 165 00:12:59,100 --> 00:13:05,820 There are lots of them and we will continue printing in the next lecture. 166 00:13:05,820 --> 00:13:08,070 So I hope I see you there and take care. 167 00:13:08,160 --> 00:13:08,430 Bye. 16088