Would you like to inspect the original subtitles? These are the user uploaded subtitles that are being translated: 1 00:00:02,460 --> 00:00:10,010 In this video we'll see how we can get comprehensive DNS information about the target Web site. 2 00:00:10,080 --> 00:00:14,580 So just to give you a quick refresh on what the NSA is. 3 00:00:14,640 --> 00:00:21,670 So when you type in facebook dot com a DNS server will convert that name to an IP address. 4 00:00:21,700 --> 00:00:25,200 No the process is a bit more complicated. 5 00:00:25,230 --> 00:00:32,070 So the DNS server contains actually a number of records each pointing to a different domain or a TV 6 00:00:32,070 --> 00:00:35,700 out or to a different IP sometimes to the same IP. 7 00:00:36,330 --> 00:00:43,890 So but in general you requested domain name it gets converted to an IP address and dependent on that 8 00:00:44,250 --> 00:00:47,060 these information need to be stored somewhere. 9 00:00:47,070 --> 00:00:51,770 So we're going to query this DNS server and see what information we can get through it. 10 00:00:52,880 --> 00:00:58,670 Now we're going to use a Web site called reuptake dot com and I'm just gonna put the target Web site 11 00:00:58,730 --> 00:01:01,060 that I want to get information about. 12 00:01:01,190 --> 00:01:08,840 So I'm gonna type a security dot org and I'm gonna hit enter to get a report now. 13 00:01:08,870 --> 00:01:12,020 As you can see we will get a big report. 14 00:01:12,020 --> 00:01:20,330 So there is a lot of information in here but you can actually use the buttons in here to navigate to 15 00:01:20,330 --> 00:01:22,220 any of the sections below. 16 00:01:22,220 --> 00:01:27,710 So if you want to directly go to the records or to go through the FCO all you have to do is just click 17 00:01:27,710 --> 00:01:34,180 in here and you'll go directly to that section what we're going to do right now though we'll go over 18 00:01:34,180 --> 00:01:39,780 all the sections one by one and see what kind of information we got. 19 00:01:39,960 --> 00:01:46,080 Now keep in mind the order of this information might be different but you should have the same sections 20 00:01:47,230 --> 00:01:52,780 so and the analysis you can see we have general information about the target. 21 00:01:52,780 --> 00:01:59,770 So you can see that it's telling us that ice security has three name servers five mail servers and one 22 00:01:59,830 --> 00:02:01,200 IP address. 23 00:02:01,600 --> 00:02:10,540 We can see the name servers used by ICE security and digital ocean is the hosting company that ice security 24 00:02:10,540 --> 00:02:14,020 is using at the time of recording this lecture. 25 00:02:14,020 --> 00:02:21,250 So this is very very useful because you can go to digital ocean right now you'll see the hosting company 26 00:02:21,490 --> 00:02:28,450 and then you can pretend to be them and communicate with a security telling them that you're signing 27 00:02:28,450 --> 00:02:34,960 them up for a better hosting you're giving them something because they are a VIP customer and ask them 28 00:02:34,960 --> 00:02:36,050 to log in. 29 00:02:36,250 --> 00:02:42,930 Obviously they'll be logging in to a fake log in page and that way you'll steal their information. 30 00:02:43,150 --> 00:02:46,870 You can tell them that there is a policy change that they have to accept. 31 00:02:46,990 --> 00:02:51,010 And again asked them to log in and steal the information that way. 32 00:02:51,010 --> 00:02:56,320 Obviously you'll do this through a fake log in page and this is mostly social engineering. 33 00:02:56,380 --> 00:03:02,080 So it's nothing to do with web site hacking and I cover all this in my social engineering course but 34 00:03:02,410 --> 00:03:08,770 it's very useful because if you couldn't hack into the Web site through the applications installed then 35 00:03:08,770 --> 00:03:14,610 the only way to get in is using social engineering now below this. 36 00:03:14,630 --> 00:03:18,630 We can see that the target is using Google mail servers. 37 00:03:18,710 --> 00:03:20,900 So they're not handling their own e-mails. 38 00:03:20,900 --> 00:03:23,880 They're using Google to handle their emails. 39 00:03:23,900 --> 00:03:30,260 Again you can communicate with the target pretending to be Google and get them to do something or to 40 00:03:30,260 --> 00:03:38,930 log in to a fake page and steal information that way you can also see the IP address of this Web site 41 00:03:38,960 --> 00:03:43,920 which can be used to discover other Web sites installed on the same server. 42 00:03:43,940 --> 00:03:51,050 And this is very very useful because if you couldn't hack into your target's Web site through the applications 43 00:03:51,050 --> 00:03:58,080 installed on that Web site then you can try to hack into any Web site installed on the same server. 44 00:03:58,130 --> 00:04:03,700 And if you manage to do that then you can actually navigate to your target Web site because they're 45 00:04:03,710 --> 00:04:07,580 all essentially installed on the same computer. 46 00:04:07,670 --> 00:04:15,340 And we'll talk more about that in the next lecture and below right here we have a number of similar 47 00:04:15,340 --> 00:04:17,230 domains to our target. 48 00:04:17,230 --> 00:04:24,540 Now these might be completely irrelevant but you can have a look and see what you have navigating to 49 00:04:24,540 --> 00:04:25,950 the quick info. 50 00:04:25,960 --> 00:04:28,080 Again you can see the domain name. 51 00:04:28,200 --> 00:04:30,020 You can see the TLT. 52 00:04:30,630 --> 00:04:33,440 We have the IP address the name servers. 53 00:04:33,450 --> 00:04:39,750 Again like I said they're useful because they usually give us information about the domain hosting company 54 00:04:39,780 --> 00:04:43,320 or the hosting company hosting the Web site itself. 55 00:04:43,320 --> 00:04:46,170 And we also have the mail servers like we've seen before. 56 00:04:46,170 --> 00:04:47,350 It's Google Mail. 57 00:04:47,460 --> 00:04:56,800 So that all can be really really useful the reverse section will perform reverse DNS lookup. 58 00:04:56,800 --> 00:05:05,560 So as I said at the start of the lecture DNS is used to translate domain names into IP addresses and 59 00:05:05,560 --> 00:05:12,740 the reverse lookup we use the IP address to see which domains link to this IP address. 60 00:05:12,790 --> 00:05:18,900 And like I said previously this can be very very useful because we'll be able to discover other Web 61 00:05:18,900 --> 00:05:24,240 sites hosted on the same server and we can hack into any of these Web sites. 62 00:05:24,280 --> 00:05:26,770 And from there gain access to our target. 63 00:05:27,310 --> 00:05:34,460 But with the reverse lookup you won't always get all the Web sites installed on the same server. 64 00:05:34,510 --> 00:05:39,530 Therefore in the next lecture I will show you a better way of doing that. 65 00:05:39,670 --> 00:05:46,080 But if you really want to see the results of the reverse lookup you'll have to log in. 66 00:05:46,150 --> 00:05:48,790 So I'm actually going to open a new tab. 67 00:05:49,180 --> 00:05:55,410 I'm going to go to Rob Texas again and I'm going to click on log in right here. 68 00:05:55,540 --> 00:05:59,740 And the only way to log in to rob Texas right now is through Google. 69 00:05:59,740 --> 00:06:02,380 So I'm going to click on Google. 70 00:06:02,560 --> 00:06:08,050 I'm going to click my e-mail and that's it were logged in. 71 00:06:08,460 --> 00:06:19,250 So I'm going to close this and we're going to refresh in here and if we scroll down again to the reverse 72 00:06:19,340 --> 00:06:27,650 right here we have the results of the reverse lookup and you can either download this as the CSB or 73 00:06:27,650 --> 00:06:29,270 view it as a hasty e-mail. 74 00:06:29,630 --> 00:06:36,940 So I'm going to choose to view it as hey CML in a new tab and right here as you can see we only have 75 00:06:36,940 --> 00:06:43,010 that security on its own because that security is hosted on its own server. 76 00:06:43,030 --> 00:06:47,300 So there are no other Web sites installed on the same server. 77 00:06:47,590 --> 00:06:54,340 But like I said if there are other Web sites hosted on the same server then you'll be able to see them 78 00:06:54,340 --> 00:07:02,580 in here in the reverse lookup now going down we can see a more detailed breakdown of the DNS records 79 00:07:03,030 --> 00:07:07,200 so you can see here we have information about the record. 80 00:07:07,330 --> 00:07:14,400 This is the record that's used to translate the domain name into an IP address so you can see that a 81 00:07:14,400 --> 00:07:22,920 security dot org links to this IP address which is the IP address of the server hosting or containing 82 00:07:22,950 --> 00:07:26,810 the files of the Web site scrolling down. 83 00:07:26,810 --> 00:07:28,830 We have more FCO information. 84 00:07:28,830 --> 00:07:32,090 Search Engine Optimization info. 85 00:07:32,190 --> 00:07:36,220 We have the Web trust reputation of this Web site. 86 00:07:36,240 --> 00:07:40,800 We have the Alex our ranking and the share tab. 87 00:07:40,800 --> 00:07:43,990 We have the IP of the target Web site. 88 00:07:44,000 --> 00:07:49,000 Again like I said we can use this to get Web sites installed on the same server. 89 00:07:49,020 --> 00:07:54,140 We have a graph representation of all the information we gathered. 90 00:07:54,150 --> 00:07:56,180 We also have a history section. 91 00:07:56,190 --> 00:08:04,050 This is actually very very useful because you can use this to track all the changes to the DNS info 92 00:08:04,200 --> 00:08:08,910 of the target Web site so you can see when they started using Google. 93 00:08:08,940 --> 00:08:13,770 You can see when they started using digital ocean as their hosting provider. 94 00:08:13,770 --> 00:08:20,960 So if you scroll down we might actually be able to see that they were using a different provider. 95 00:08:20,960 --> 00:08:22,030 And here you go. 96 00:08:22,100 --> 00:08:25,790 We can see that they were using a different hosting company. 97 00:08:25,820 --> 00:08:27,090 This one right here. 98 00:08:27,240 --> 00:08:30,760 The more thing I hope I'm pronouncing that right. 99 00:08:31,370 --> 00:08:38,150 But right now as we can see they changed and they switched to a different hosting company Digital Ocean. 100 00:08:38,210 --> 00:08:44,660 So again you can even contact them pretending to be this company and tell them that you're going to 101 00:08:44,660 --> 00:08:52,220 sign them up for a better offer or pretend that they violated one of your terms and conditions and ask 102 00:08:52,220 --> 00:08:59,630 them to log in to do something when they log in you can serve them a fake file a backdoor or again use 103 00:08:59,630 --> 00:09:05,300 the log in information get them to log in through a fake Web page and steal the username and password. 104 00:09:05,420 --> 00:09:12,980 So information is always very very useful when it comes to hacking especially if you want to perform 105 00:09:13,010 --> 00:09:19,850 a social engineering attack which might be your last resort if you could not hack into the web site 106 00:09:20,060 --> 00:09:28,630 using the applications installed on it scrolling down we can see we have the WHO's information we had 107 00:09:28,630 --> 00:09:33,210 a full lecture on how to get this and how this can be useful. 108 00:09:33,250 --> 00:09:42,220 And finally we have the DNS block information which basically is a list of Web sites known to send spam 109 00:09:42,490 --> 00:09:48,700 so usually emails sent from these Web sites would be blocked or considered as Palm. 110 00:09:49,150 --> 00:09:56,590 So as you can see a very useful Web site that can be used to get information about this server used 111 00:09:56,590 --> 00:10:04,240 to host the target Web site and its relationship with other Web sites other servers which hosting companies 112 00:10:04,240 --> 00:10:05,570 are being used. 113 00:10:05,590 --> 00:10:11,620 And like I said all of this can be very very useful whether you want to target the Web site itself whether 114 00:10:11,620 --> 00:10:17,230 you want to target other Web sites or you can hack into your target Web site and even if you want to 115 00:10:17,230 --> 00:10:22,270 social engineer one of the admins to gain access to your target Web site. 12907