Would you like to inspect the original subtitles? These are the user uploaded subtitles that are being translated:
1
00:00:02,460 --> 00:00:10,010
In this video we'll see how we can get comprehensive DNS information about the target Web site.
2
00:00:10,080 --> 00:00:14,580
So just to give you a quick refresh on what the NSA is.
3
00:00:14,640 --> 00:00:21,670
So when you type in facebook dot com a DNS server will convert that name to an IP address.
4
00:00:21,700 --> 00:00:25,200
No the process is a bit more complicated.
5
00:00:25,230 --> 00:00:32,070
So the DNS server contains actually a number of records each pointing to a different domain or a TV
6
00:00:32,070 --> 00:00:35,700
out or to a different IP sometimes to the same IP.
7
00:00:36,330 --> 00:00:43,890
So but in general you requested domain name it gets converted to an IP address and dependent on that
8
00:00:44,250 --> 00:00:47,060
these information need to be stored somewhere.
9
00:00:47,070 --> 00:00:51,770
So we're going to query this DNS server and see what information we can get through it.
10
00:00:52,880 --> 00:00:58,670
Now we're going to use a Web site called reuptake dot com and I'm just gonna put the target Web site
11
00:00:58,730 --> 00:01:01,060
that I want to get information about.
12
00:01:01,190 --> 00:01:08,840
So I'm gonna type a security dot org and I'm gonna hit enter to get a report now.
13
00:01:08,870 --> 00:01:12,020
As you can see we will get a big report.
14
00:01:12,020 --> 00:01:20,330
So there is a lot of information in here but you can actually use the buttons in here to navigate to
15
00:01:20,330 --> 00:01:22,220
any of the sections below.
16
00:01:22,220 --> 00:01:27,710
So if you want to directly go to the records or to go through the FCO all you have to do is just click
17
00:01:27,710 --> 00:01:34,180
in here and you'll go directly to that section what we're going to do right now though we'll go over
18
00:01:34,180 --> 00:01:39,780
all the sections one by one and see what kind of information we got.
19
00:01:39,960 --> 00:01:46,080
Now keep in mind the order of this information might be different but you should have the same sections
20
00:01:47,230 --> 00:01:52,780
so and the analysis you can see we have general information about the target.
21
00:01:52,780 --> 00:01:59,770
So you can see that it's telling us that ice security has three name servers five mail servers and one
22
00:01:59,830 --> 00:02:01,200
IP address.
23
00:02:01,600 --> 00:02:10,540
We can see the name servers used by ICE security and digital ocean is the hosting company that ice security
24
00:02:10,540 --> 00:02:14,020
is using at the time of recording this lecture.
25
00:02:14,020 --> 00:02:21,250
So this is very very useful because you can go to digital ocean right now you'll see the hosting company
26
00:02:21,490 --> 00:02:28,450
and then you can pretend to be them and communicate with a security telling them that you're signing
27
00:02:28,450 --> 00:02:34,960
them up for a better hosting you're giving them something because they are a VIP customer and ask them
28
00:02:34,960 --> 00:02:36,050
to log in.
29
00:02:36,250 --> 00:02:42,930
Obviously they'll be logging in to a fake log in page and that way you'll steal their information.
30
00:02:43,150 --> 00:02:46,870
You can tell them that there is a policy change that they have to accept.
31
00:02:46,990 --> 00:02:51,010
And again asked them to log in and steal the information that way.
32
00:02:51,010 --> 00:02:56,320
Obviously you'll do this through a fake log in page and this is mostly social engineering.
33
00:02:56,380 --> 00:03:02,080
So it's nothing to do with web site hacking and I cover all this in my social engineering course but
34
00:03:02,410 --> 00:03:08,770
it's very useful because if you couldn't hack into the Web site through the applications installed then
35
00:03:08,770 --> 00:03:14,610
the only way to get in is using social engineering now below this.
36
00:03:14,630 --> 00:03:18,630
We can see that the target is using Google mail servers.
37
00:03:18,710 --> 00:03:20,900
So they're not handling their own e-mails.
38
00:03:20,900 --> 00:03:23,880
They're using Google to handle their emails.
39
00:03:23,900 --> 00:03:30,260
Again you can communicate with the target pretending to be Google and get them to do something or to
40
00:03:30,260 --> 00:03:38,930
log in to a fake page and steal information that way you can also see the IP address of this Web site
41
00:03:38,960 --> 00:03:43,920
which can be used to discover other Web sites installed on the same server.
42
00:03:43,940 --> 00:03:51,050
And this is very very useful because if you couldn't hack into your target's Web site through the applications
43
00:03:51,050 --> 00:03:58,080
installed on that Web site then you can try to hack into any Web site installed on the same server.
44
00:03:58,130 --> 00:04:03,700
And if you manage to do that then you can actually navigate to your target Web site because they're
45
00:04:03,710 --> 00:04:07,580
all essentially installed on the same computer.
46
00:04:07,670 --> 00:04:15,340
And we'll talk more about that in the next lecture and below right here we have a number of similar
47
00:04:15,340 --> 00:04:17,230
domains to our target.
48
00:04:17,230 --> 00:04:24,540
Now these might be completely irrelevant but you can have a look and see what you have navigating to
49
00:04:24,540 --> 00:04:25,950
the quick info.
50
00:04:25,960 --> 00:04:28,080
Again you can see the domain name.
51
00:04:28,200 --> 00:04:30,020
You can see the TLT.
52
00:04:30,630 --> 00:04:33,440
We have the IP address the name servers.
53
00:04:33,450 --> 00:04:39,750
Again like I said they're useful because they usually give us information about the domain hosting company
54
00:04:39,780 --> 00:04:43,320
or the hosting company hosting the Web site itself.
55
00:04:43,320 --> 00:04:46,170
And we also have the mail servers like we've seen before.
56
00:04:46,170 --> 00:04:47,350
It's Google Mail.
57
00:04:47,460 --> 00:04:56,800
So that all can be really really useful the reverse section will perform reverse DNS lookup.
58
00:04:56,800 --> 00:05:05,560
So as I said at the start of the lecture DNS is used to translate domain names into IP addresses and
59
00:05:05,560 --> 00:05:12,740
the reverse lookup we use the IP address to see which domains link to this IP address.
60
00:05:12,790 --> 00:05:18,900
And like I said previously this can be very very useful because we'll be able to discover other Web
61
00:05:18,900 --> 00:05:24,240
sites hosted on the same server and we can hack into any of these Web sites.
62
00:05:24,280 --> 00:05:26,770
And from there gain access to our target.
63
00:05:27,310 --> 00:05:34,460
But with the reverse lookup you won't always get all the Web sites installed on the same server.
64
00:05:34,510 --> 00:05:39,530
Therefore in the next lecture I will show you a better way of doing that.
65
00:05:39,670 --> 00:05:46,080
But if you really want to see the results of the reverse lookup you'll have to log in.
66
00:05:46,150 --> 00:05:48,790
So I'm actually going to open a new tab.
67
00:05:49,180 --> 00:05:55,410
I'm going to go to Rob Texas again and I'm going to click on log in right here.
68
00:05:55,540 --> 00:05:59,740
And the only way to log in to rob Texas right now is through Google.
69
00:05:59,740 --> 00:06:02,380
So I'm going to click on Google.
70
00:06:02,560 --> 00:06:08,050
I'm going to click my e-mail and that's it were logged in.
71
00:06:08,460 --> 00:06:19,250
So I'm going to close this and we're going to refresh in here and if we scroll down again to the reverse
72
00:06:19,340 --> 00:06:27,650
right here we have the results of the reverse lookup and you can either download this as the CSB or
73
00:06:27,650 --> 00:06:29,270
view it as a hasty e-mail.
74
00:06:29,630 --> 00:06:36,940
So I'm going to choose to view it as hey CML in a new tab and right here as you can see we only have
75
00:06:36,940 --> 00:06:43,010
that security on its own because that security is hosted on its own server.
76
00:06:43,030 --> 00:06:47,300
So there are no other Web sites installed on the same server.
77
00:06:47,590 --> 00:06:54,340
But like I said if there are other Web sites hosted on the same server then you'll be able to see them
78
00:06:54,340 --> 00:07:02,580
in here in the reverse lookup now going down we can see a more detailed breakdown of the DNS records
79
00:07:03,030 --> 00:07:07,200
so you can see here we have information about the record.
80
00:07:07,330 --> 00:07:14,400
This is the record that's used to translate the domain name into an IP address so you can see that a
81
00:07:14,400 --> 00:07:22,920
security dot org links to this IP address which is the IP address of the server hosting or containing
82
00:07:22,950 --> 00:07:26,810
the files of the Web site scrolling down.
83
00:07:26,810 --> 00:07:28,830
We have more FCO information.
84
00:07:28,830 --> 00:07:32,090
Search Engine Optimization info.
85
00:07:32,190 --> 00:07:36,220
We have the Web trust reputation of this Web site.
86
00:07:36,240 --> 00:07:40,800
We have the Alex our ranking and the share tab.
87
00:07:40,800 --> 00:07:43,990
We have the IP of the target Web site.
88
00:07:44,000 --> 00:07:49,000
Again like I said we can use this to get Web sites installed on the same server.
89
00:07:49,020 --> 00:07:54,140
We have a graph representation of all the information we gathered.
90
00:07:54,150 --> 00:07:56,180
We also have a history section.
91
00:07:56,190 --> 00:08:04,050
This is actually very very useful because you can use this to track all the changes to the DNS info
92
00:08:04,200 --> 00:08:08,910
of the target Web site so you can see when they started using Google.
93
00:08:08,940 --> 00:08:13,770
You can see when they started using digital ocean as their hosting provider.
94
00:08:13,770 --> 00:08:20,960
So if you scroll down we might actually be able to see that they were using a different provider.
95
00:08:20,960 --> 00:08:22,030
And here you go.
96
00:08:22,100 --> 00:08:25,790
We can see that they were using a different hosting company.
97
00:08:25,820 --> 00:08:27,090
This one right here.
98
00:08:27,240 --> 00:08:30,760
The more thing I hope I'm pronouncing that right.
99
00:08:31,370 --> 00:08:38,150
But right now as we can see they changed and they switched to a different hosting company Digital Ocean.
100
00:08:38,210 --> 00:08:44,660
So again you can even contact them pretending to be this company and tell them that you're going to
101
00:08:44,660 --> 00:08:52,220
sign them up for a better offer or pretend that they violated one of your terms and conditions and ask
102
00:08:52,220 --> 00:08:59,630
them to log in to do something when they log in you can serve them a fake file a backdoor or again use
103
00:08:59,630 --> 00:09:05,300
the log in information get them to log in through a fake Web page and steal the username and password.
104
00:09:05,420 --> 00:09:12,980
So information is always very very useful when it comes to hacking especially if you want to perform
105
00:09:13,010 --> 00:09:19,850
a social engineering attack which might be your last resort if you could not hack into the web site
106
00:09:20,060 --> 00:09:28,630
using the applications installed on it scrolling down we can see we have the WHO's information we had
107
00:09:28,630 --> 00:09:33,210
a full lecture on how to get this and how this can be useful.
108
00:09:33,250 --> 00:09:42,220
And finally we have the DNS block information which basically is a list of Web sites known to send spam
109
00:09:42,490 --> 00:09:48,700
so usually emails sent from these Web sites would be blocked or considered as Palm.
110
00:09:49,150 --> 00:09:56,590
So as you can see a very useful Web site that can be used to get information about this server used
111
00:09:56,590 --> 00:10:04,240
to host the target Web site and its relationship with other Web sites other servers which hosting companies
112
00:10:04,240 --> 00:10:05,570
are being used.
113
00:10:05,590 --> 00:10:11,620
And like I said all of this can be very very useful whether you want to target the Web site itself whether
114
00:10:11,620 --> 00:10:17,230
you want to target other Web sites or you can hack into your target Web site and even if you want to
115
00:10:17,230 --> 00:10:22,270
social engineer one of the admins to gain access to your target Web site.
12907
Can't find what you're looking for?
Get subtitles in any language from opensubtitles.com, and translate them here.