1
00:00:00,270 --> 00:00:02,700
Hello everybody and welcome back.

2
00:00:02,700 --> 00:00:09,550
And right now we are slowly entering our foot printing section which will be the last part of the big

3
00:00:09,570 --> 00:00:15,900
intersection including the scanning section that we will do right after we cover the foot printing.

4
00:00:16,830 --> 00:00:18,420
Well before we begin.

5
00:00:18,450 --> 00:00:25,470
While our machine is starting up let us just explain a little bit more what the printing is.

6
00:00:25,560 --> 00:00:29,010
So first of all there are two types of foot printing.

7
00:00:29,010 --> 00:00:31,290
One is active and one is passive.

8
00:00:31,980 --> 00:00:39,080
Now the active foot printing basically requires some in some interaction with the target that you're

9
00:00:39,090 --> 00:00:45,570
trying to attack while the passive foot printing is basically just gathering all of the public available

10
00:00:45,570 --> 00:00:48,480
information for your target.

11
00:00:48,480 --> 00:00:55,740
So for example if your target has a Facebook account Twitter or basically any other account or any other

12
00:00:55,830 --> 00:01:02,220
source of information from which you can gather some of the valuable stuff you might need.

13
00:01:02,220 --> 00:01:10,650
Now let's say for example your target is a company and as a public information online you have the debt

14
00:01:10,650 --> 00:01:15,360
company for example uses Windows XP on their machines.

15
00:01:15,360 --> 00:01:22,380
You can already cut out the Linux exploits and Windows 10 or 7 exploits and you can basically just focus

16
00:01:22,410 --> 00:01:26,740
on writing up Windows XP exploit.

17
00:01:26,990 --> 00:01:32,490
Now we all know that nobody really uses XP anymore because it is vulnerable and it can.

18
00:01:32,490 --> 00:01:34,360
It is basically an open box.

19
00:01:34,680 --> 00:01:37,620
But that was just an example.

20
00:01:37,620 --> 00:01:44,790
There are lots of public information which you can find.

21
00:01:45,030 --> 00:01:45,320
Sorry.

22
00:01:45,330 --> 00:01:46,910
There was a cut in my recording.

23
00:01:47,100 --> 00:01:55,180
So basically what I was going to say is let's go to the some of the practical methods we Google hacking.

24
00:01:55,270 --> 00:01:57,440
We were comfortable with hacking in this material.

25
00:01:57,450 --> 00:01:59,260
So let me just log in.

26
00:01:59,280 --> 00:02:00,540
That's one two three four

27
00:02:03,310 --> 00:02:06,420
and as soon as this machine pulls up.

28
00:02:06,880 --> 00:02:13,120
Well I mean as soon as my desktop puts up we will open our folks and we will run some of the specific

29
00:02:13,120 --> 00:02:20,040
commands in the Google search bar in order to find some of the stuff we might need.

30
00:02:20,050 --> 00:02:23,430
Now this is just one of the tools for printing that we will cover.

31
00:02:23,710 --> 00:02:33,070
And basically the other ones which will be for example harvester Nikko Sheldon and who is we will cover

32
00:02:33,130 --> 00:02:35,270
in the next lectures but for now on.

33
00:02:35,600 --> 00:02:38,600
Let us just open our Firefox.

34
00:02:38,710 --> 00:02:47,530
So just click on your Firefox icon and basically since it will lead you to your Linux website you want

35
00:02:47,530 --> 00:02:50,150
to navigate to Google so just type here.

36
00:02:50,410 --> 00:02:54,490
The Google dot com I'm just waiting for my Firefox to open

37
00:02:59,940 --> 00:03:02,040
it is taking a little bit of time.

38
00:03:02,040 --> 00:03:02,730
Here we go.

39
00:03:02,730 --> 00:03:07,550
It is basically opening right now so you can just leave here.

40
00:03:07,560 --> 00:03:10,710
We can add another tab and go onto Google that com

41
00:03:25,770 --> 00:03:26,260
OK.

42
00:03:26,320 --> 00:03:33,400
Finally open now let's say for example that's Europe that you want to find all the Web sites that have

43
00:03:33,720 --> 00:03:40,510
a user input that could possibly be vulnerable to the SSL injection for example.

44
00:03:40,510 --> 00:03:50,740
So you just on Google search bar you just type here in your URL and then the two dots space and the

45
00:03:52,180 --> 00:04:05,110
apostrophe then index dot BHP question mark and then Heidi equals just find equals on my keyboard.

46
00:04:05,140 --> 00:04:05,930
Here we go.

47
00:04:05,950 --> 00:04:08,330
And then apostrophe once again.

48
00:04:08,380 --> 00:04:15,400
Now what this will do is it will find all the Web sites that end in the index the BHP question mark

49
00:04:15,430 --> 00:04:18,700
IDR equals and then some number.

50
00:04:18,700 --> 00:04:20,290
Now what does that mean.

51
00:04:20,290 --> 00:04:30,700
Well basically if we click on any of these pages check right here your connection is not secure.

52
00:04:30,860 --> 00:04:32,010
There you go.

53
00:04:32,290 --> 00:04:35,290
Let's go check the number one.

54
00:04:35,320 --> 00:04:38,790
I'm not sure why it says that.

55
00:04:38,870 --> 00:04:39,910
Well I have an idea.

56
00:04:39,950 --> 00:04:41,580
But here we go.

57
00:04:41,590 --> 00:04:48,770
So basically as you can see right here this Web site could possibly be vulnerable to these as your injection.

58
00:04:48,790 --> 00:04:57,140
We can check that easily with the apostrophe and if we tried to log in looking for the two incorrect

59
00:04:57,150 --> 00:04:58,770
e-mail address on passphrase.

60
00:04:58,780 --> 00:05:05,140
So basically this site is imponderable at least at the first try but we won't try it anymore since we

61
00:05:05,140 --> 00:05:06,880
shouldn't really do that.

62
00:05:06,940 --> 00:05:12,430
Basically I just want to show you how to feel throughout all of the Web sites that actually have a user

63
00:05:12,520 --> 00:05:17,140
input which could be vulnerable to the rescue all injection.

64
00:05:17,140 --> 00:05:23,200
So basically anywhere where you can type something and then the Web site page can process it could be

65
00:05:23,200 --> 00:05:30,100
vulnerable to the user input which could be a piece of code that you would tweak the server to run for

66
00:05:30,100 --> 00:05:31,940
you so.

67
00:05:31,950 --> 00:05:34,980
But more about that in the Web site hacking section.

68
00:05:34,980 --> 00:05:39,930
Now that was just one of the comments that we just got on Google.

69
00:05:39,930 --> 00:05:45,360
Once again I don't know why I call it in order to find the comments you might need.

70
00:05:45,360 --> 00:05:51,750
There is Google hacking database which basically you just type here can Google will hacking database

71
00:05:52,740 --> 00:05:59,490
and you click here on the first link and it will lead us to a Web site with bunch of the comments be

72
00:05:59,490 --> 00:06:02,820
used in order to find out the things we might need.

73
00:06:02,820 --> 00:06:07,650
For example passports or visa files or Excel files or anything.

74
00:06:07,650 --> 00:06:10,870
So let's just wait for this to open.

75
00:06:10,920 --> 00:06:12,680
Here it is.

76
00:06:12,810 --> 00:06:16,940
And as you can see it says right here it is the database Web site.

77
00:06:17,310 --> 00:06:23,610
The Google hacking database these are just a bunch of documents which you just copy and paste into Google

78
00:06:23,610 --> 00:06:28,350
search bar and it will list you all the files you are searching.

79
00:06:28,350 --> 00:06:30,260
I'm not really sure what these comments are.

80
00:06:30,270 --> 00:06:36,980
It says right here if we click on the one it will lead us to the command which is this one

81
00:06:39,670 --> 00:06:41,560
now I can only guess what this does.

82
00:06:41,560 --> 00:06:47,140
But we can read it in description doc or finding log in porters were well-known company websites hosted

83
00:06:47,590 --> 00:06:50,880
on famous hosting providers such as all of these.

84
00:06:51,070 --> 00:06:56,620
Basically so these commanders that we can try it out if we want to.

85
00:06:56,680 --> 00:07:00,750
It's not really that useful for us but why not.

86
00:07:00,760 --> 00:07:02,880
So you just copy command.

87
00:07:03,040 --> 00:07:06,100
You can do it from here or you can just copy it from here.

88
00:07:06,160 --> 00:07:11,020
It was the first one so we will just copy and paste it and we will see how it works.

89
00:07:11,650 --> 00:07:12,530
So here we are.

90
00:07:12,540 --> 00:07:18,250
They are all basically account log in as we can see account log in my account log in my account log

91
00:07:18,250 --> 00:07:26,260
in so it all throughout all of the websites which have a directory which is slash my account log in.

92
00:07:26,260 --> 00:07:30,760
Now let's see for example another one.

93
00:07:31,420 --> 00:07:34,060
These are as you can see listed with a date.

94
00:07:34,090 --> 00:07:39,300
So this one of them was yesterday we can go.

95
00:07:39,330 --> 00:07:43,550
Let's go off on this one entitled index of SS age.

96
00:07:43,560 --> 00:07:48,190
Now you can read right here that data you find web servers.

97
00:07:48,330 --> 00:07:54,420
A sage version has such keys as such log ins and SSA to dot EMC files as it says right here.

98
00:07:54,420 --> 00:07:57,800
I found a lot of servers using SSA to one point four.

99
00:07:57,810 --> 00:08:00,900
There are usually plus five years old and full of security holes.

100
00:08:00,930 --> 00:08:04,160
Search and exploit database for as each one turns up.

101
00:08:04,170 --> 00:08:06,760
Plus forty thousand exploits for these.

102
00:08:06,810 --> 00:08:11,660
Some may work so this could be a useful command for us.

103
00:08:11,760 --> 00:08:17,150
We can copy it and see what we find with it.

104
00:08:17,370 --> 00:08:25,800
We won't be attacking any of these since we don't have permission but it sure could be useful later

105
00:08:25,800 --> 00:08:26,000
on

106
00:08:30,940 --> 00:08:33,540
as you can see.

107
00:08:34,170 --> 00:08:37,040
We will not mess with this right now.

108
00:08:37,450 --> 00:08:44,110
What we want to do is only use these commands and we will cover hacking of websites later on but not

109
00:08:44,170 --> 00:08:44,970
on these Web.

110
00:08:44,980 --> 00:08:53,630
But on the Web sites that we do own which we will make in our own virtual environment so you'll need

111
00:08:53,630 --> 00:08:59,060
to use these commands only you can basically if you want to search for the example PDA files you can

112
00:08:59,060 --> 00:09:06,190
type here a quick search the and it will show you the EDF I believe too.

113
00:09:06,220 --> 00:09:08,780
Let's see how to find a PDA.

114
00:09:08,780 --> 00:09:15,040
File a man deliberately do not want that in text please find attached log in packs for it.

115
00:09:15,460 --> 00:09:21,850
Well let's see this could be a PDA file that could contain a password.

116
00:09:22,080 --> 00:09:24,260
I'm not sure if I can do it like this I.

117
00:09:24,260 --> 00:09:29,930
So you as you can see right here these all files are PDA files.

118
00:09:29,930 --> 00:09:33,820
You can see right here all of this is a PDA.

119
00:09:33,860 --> 00:09:35,910
Let's see if we open one.

120
00:09:35,930 --> 00:09:37,850
It will ask us to save these files.

121
00:09:37,850 --> 00:09:39,790
We do not want to save it.

122
00:09:39,820 --> 00:09:44,450
Basically this is just all of the PDA files available on the Internet.

123
00:09:44,480 --> 00:09:50,930
Let's just see the more accurate explanation of these command passwords and information on Target's

124
00:09:51,470 --> 00:09:57,970
employees customers also for spear phishing replace PDA extension with any other document essentially.

125
00:09:57,980 --> 00:09:59,520
Doc doc thanks Steve.

126
00:09:59,570 --> 00:09:59,930
Steve.

127
00:10:00,050 --> 00:10:04,020
Okay so that was PDA.

128
00:10:04,020 --> 00:10:08,570
If you can use any of these commands if you want to know what it does you just click on the command

129
00:10:10,430 --> 00:10:13,780
and this one really doesn't have any explanation.

130
00:10:13,780 --> 00:10:20,540
Let's just check out another one as you can see this command which is pretty huge.

131
00:10:21,510 --> 00:10:25,950
Well basically we'll help you to find out.

132
00:10:25,960 --> 00:10:29,020
Videos published in Google drives.

133
00:10:29,180 --> 00:10:30,440
So example.

134
00:10:30,470 --> 00:10:30,700
Yeah.

135
00:10:30,730 --> 00:10:31,160
OK.

136
00:10:31,370 --> 00:10:32,040
So PDA.

137
00:10:32,120 --> 00:10:32,790
And before.

138
00:10:33,560 --> 00:10:33,890
OK.

139
00:10:33,920 --> 00:10:38,230
So bunch of file extensions for videos.

140
00:10:38,370 --> 00:10:44,390
I'm not really sure why PPF is there but there is possibly a reason for that.

141
00:10:44,820 --> 00:10:56,700
So let's say now for example we do not want a PDA if I want excel file we just type here.

142
00:10:56,960 --> 00:10:59,340
They probably take Excel I'm not really sure.

143
00:11:01,670 --> 00:11:06,080
Is there a nature in their let's just check out real fast

144
00:11:12,050 --> 00:11:15,030
they just excel so let's see.

145
00:11:15,090 --> 00:11:22,600
Once again no matching records found show 50 to OK.

146
00:11:22,630 --> 00:11:24,890
So let me just try it like this.

147
00:11:24,940 --> 00:11:31,830
Now we set here on 120 comments so let me just check this out.

148
00:11:32,230 --> 00:11:38,440
Dot Excel s so finding in order to find an Excel file

149
00:11:41,340 --> 00:11:42,440
that doesn't really matter.

150
00:11:42,440 --> 00:11:43,160
So here we are.

151
00:11:43,160 --> 00:11:51,830
There is no doubt that there is an Excel file which is an excel file and basically if you click there

152
00:11:51,860 --> 00:11:57,500
we can see what else it could find a mix of log in portals and passwords.

153
00:11:59,180 --> 00:12:00,820
But this is a huge command.

154
00:12:00,920 --> 00:12:02,240
We will not use it right now.

155
00:12:03,170 --> 00:12:07,450
So that's all I want to show you.

156
00:12:07,470 --> 00:12:14,100
As you can see they basically explain for every command what it does such as for example this one or

157
00:12:14,100 --> 00:12:21,090
this one admin dashboard if we click on it you can see the explanation which is basically just a lot

158
00:12:21,090 --> 00:12:27,030
of logging portals and could be useful if you for example wanted to find some of the horrible sites

159
00:12:27,030 --> 00:12:34,080
to the specific attacks like we showed in the first in the first command or in the first string that

160
00:12:34,080 --> 00:12:41,520
we type into the Google which was that index not BHP question mark I.D. equals which would lead us to

161
00:12:41,520 --> 00:12:48,000
all of the Web sites with user input it could be possibly vulnerable to as injection.

162
00:12:48,000 --> 00:12:50,230
So that's about it for the Google hacking.

163
00:12:50,250 --> 00:12:55,730
Now if you want to you can scroll down and check out all of these other comments.

164
00:12:55,940 --> 00:12:59,100
It could be useful for you but we won't be doing that soon.

165
00:12:59,100 --> 00:13:05,820
There are lots of them and we will continue printing in the next lecture.

166
00:13:05,820 --> 00:13:08,070
So I hope I see you there and take care.

167
00:13:08,160 --> 00:13:08,430
Bye.