Would you like to inspect the original subtitles? These are the user uploaded subtitles that are being translated: 1 00:00:00,480 --> 00:00:06,720 Welcome back, since this is our first video in information gathering, we're going to start off with 2 00:00:06,720 --> 00:00:07,890 something easy. 3 00:00:08,810 --> 00:00:13,370 Let us see how we can identify our target and get its I.P. address. 4 00:00:14,180 --> 00:00:18,740 We are going to check how we can do this both actively and passively. 5 00:00:19,730 --> 00:00:26,240 Let's do it with active information gathering first, so this means we are going to interact with our 6 00:00:26,240 --> 00:00:26,760 target. 7 00:00:27,680 --> 00:00:31,460 So just go on Google and pick a website that you want to use for this. 8 00:00:31,700 --> 00:00:33,650 It can be any Web site that you want. 9 00:00:33,860 --> 00:00:37,250 And you can also use the ones that will show in this video. 10 00:00:37,760 --> 00:00:39,170 First, open up your terminal. 11 00:00:40,600 --> 00:00:48,490 And what we're going to do for the first test, I'm going to use this website, this is just some university 12 00:00:48,490 --> 00:00:53,020 page that they picked and what we can do to get its I.P. address is to Pincott. 13 00:00:54,040 --> 00:01:00,850 Most of you will already be familiar with pink tulle, since it is installed by default on any operating 14 00:01:00,850 --> 00:01:05,020 system by pinging this website or any other website. 15 00:01:05,470 --> 00:01:09,190 Are sending something called ICMP packets to that website. 16 00:01:09,400 --> 00:01:14,420 And if we get responses back, that means that website is up and running. 17 00:01:14,920 --> 00:01:19,150 But what we also get besides that response is the IP address. 18 00:01:20,290 --> 00:01:21,340 So let's try it out. 19 00:01:21,760 --> 00:01:30,730 I will leave this link right here and I will just add at the beginning, think space and then hit enter. 20 00:01:32,240 --> 00:01:39,140 And it seems that we are not getting any responses back, but what we did get is an IP address. 21 00:01:39,740 --> 00:01:46,420 Here it is, and we are not getting responses back from this site because it is probably blocking ping 22 00:01:46,430 --> 00:01:48,770 probes, which some websites often do. 23 00:01:49,820 --> 00:01:53,830 Let us try another site to see how it looks once we get responses back. 24 00:01:54,380 --> 00:02:00,530 So to stop this, you can simply just press control, see, and it will tell us 32 packets transmitted 25 00:02:00,530 --> 00:02:02,600 and one hundred percent packet loss. 26 00:02:03,350 --> 00:02:10,130 Now, this doesn't mean that this website is offline, since if we visited this link right here or this 27 00:02:10,130 --> 00:02:13,010 IP address, we would open a page to that website. 28 00:02:13,730 --> 00:02:19,490 But just in case, let us see how it looks like once we get the response back from the comment. 29 00:02:20,390 --> 00:02:24,320 If we try to ping our big website, for example, like Facebook. 30 00:02:24,590 --> 00:02:28,220 So let's type thing Facebook dot com. 31 00:02:31,390 --> 00:02:39,190 Here we get an IP address on Facebook and we can control see, since we can notice that we are getting 32 00:02:39,190 --> 00:02:44,650 packets back, which means Facebook is up and running and also responding to our ICMP packets. 33 00:02:45,550 --> 00:02:51,370 Just to note, this IP address right here is just one of the IP addresses that Facebook uses. 34 00:02:52,060 --> 00:02:55,810 So for you, once you pinkert, you will probably get a different result. 35 00:02:56,450 --> 00:03:04,060 OK, what we saw right here is an example of active information gathering to get the IP address since 36 00:03:04,210 --> 00:03:06,940 we directly sent packets to these websites. 37 00:03:08,360 --> 00:03:13,160 Another tool you can use to get IP from a website is called A. Lookup. 38 00:03:14,180 --> 00:03:23,090 So if I go down here and type A. lookup and then the name of the website, which in our case, let's 39 00:03:23,090 --> 00:03:25,670 try with the first one, which is this one. 40 00:03:26,540 --> 00:03:29,180 And once again, you can test any website you want with this. 41 00:03:29,790 --> 00:03:32,600 It doesn't matter if I press enter. 42 00:03:34,220 --> 00:03:40,640 It will give me this response which says server and address right here, but this is not the IP address 43 00:03:40,850 --> 00:03:41,840 of this website. 44 00:03:42,110 --> 00:03:43,730 This is just my router. 45 00:03:44,180 --> 00:03:49,430 And for the result or where the IP address of this website is, is down here. 46 00:03:50,470 --> 00:03:57,610 Here it is, if we compare this one and we go back to the pink comment, you will notice the IP address 47 00:03:57,610 --> 00:03:58,180 is the same. 48 00:03:58,990 --> 00:04:01,150 So we got the same result, which is good. 49 00:04:02,140 --> 00:04:03,510 Let's try the same with Facebook. 50 00:04:03,520 --> 00:04:07,270 So just type right here and look up Facebook dot com. 51 00:04:10,700 --> 00:04:13,850 And we also get the IP address of Facebook. 52 00:04:15,520 --> 00:04:21,010 Now, if you wanted to do this passively, you would search for this information such as IP address 53 00:04:21,190 --> 00:04:24,470 over some other website, let us see how we can do that. 54 00:04:24,970 --> 00:04:27,430 First of all, we want to open our Firefox. 55 00:04:27,430 --> 00:04:33,220 And to do that, just click on this Chaltain icon in the top left corner and type Firefox. 56 00:04:34,640 --> 00:04:42,620 You should see Firefox Eker click on it and what we're going to look for is a website that provides 57 00:04:42,620 --> 00:04:45,800 us with IP address of a different website. 58 00:04:46,850 --> 00:04:52,280 And since I don't know any website that does that, I will simply just go right here in the search bar 59 00:04:53,030 --> 00:04:53,930 and type. 60 00:04:54,380 --> 00:04:58,580 What is an IP address of this website? 61 00:04:59,540 --> 00:05:06,650 If I press enter, it should probably give me a few results of different websites that will do exactly 62 00:05:06,680 --> 00:05:10,370 what we want, which is get the IP address of another website. 63 00:05:11,250 --> 00:05:19,350 And let's go with this one IP tracker, which is IP info, dot info, if I click on it, and down here 64 00:05:19,350 --> 00:05:26,730 we see something that says IP domain checker, we need to specify the IP address, the domain or your 65 00:05:26,730 --> 00:05:27,120 URL. 66 00:05:28,110 --> 00:05:34,950 And if we type the domain name of that first Web site, so if I type the same domain name. 67 00:05:37,110 --> 00:05:38,730 And click right here on Check. 68 00:05:39,900 --> 00:05:46,530 OK, so some security check, selectable traffic lights, let's select all traffic lights that we see 69 00:05:48,630 --> 00:05:54,450 and hear is the result, then you will notice that right here we get even more information. 70 00:05:54,810 --> 00:05:59,720 Then we ask for, for example, here is the IP address of this website. 71 00:06:00,510 --> 00:06:04,890 We also get from which country it is, as it says, right here in the brackets. 72 00:06:05,190 --> 00:06:09,780 And we also get its geolocation, which says even the city. 73 00:06:10,200 --> 00:06:13,220 We can also check it out on Google Maps if we wanted to. 74 00:06:14,480 --> 00:06:20,420 Down here, we get even more information, such as reverse DNS, here we get information about registration, 75 00:06:20,420 --> 00:06:23,180 date, modification, date, expiration date. 76 00:06:24,100 --> 00:06:29,480 Down here, we get some of the DNS servers and here we get its physical address. 77 00:06:29,950 --> 00:06:33,640 So this is the exact location to where this server is located. 78 00:06:34,730 --> 00:06:36,710 Now, this is just the same result, I believe. 79 00:06:37,040 --> 00:06:41,660 Down here, we also get some email addresses is we can notice this right here. 80 00:06:42,020 --> 00:06:46,550 All of this could be useful for us, depending on which type of attack we would plan. 81 00:06:47,210 --> 00:06:51,590 Now, of course, we are not going to be attacking this website since we do not have permission, but 82 00:06:51,800 --> 00:06:57,500 we are simply just gathering information to see what can we retrieve from the Internet about this website. 83 00:06:57,740 --> 00:07:02,660 And from now on, we are getting a bunch of information about it now. 84 00:07:02,660 --> 00:07:05,560 Similar response that we got right here. 85 00:07:06,230 --> 00:07:13,700 We can get using a tool called Who is Who is not only gives us an IP address of the specified domain, 86 00:07:13,760 --> 00:07:17,330 but also gives us a bunch of other information about that domain. 87 00:07:18,280 --> 00:07:21,850 It is already installed in clinics, so let's test it out. 88 00:07:22,060 --> 00:07:23,230 If I close this page. 89 00:07:24,960 --> 00:07:27,210 And type in my terminal, who is? 90 00:07:28,280 --> 00:07:31,550 The same domain name press enter. 91 00:07:32,860 --> 00:07:37,570 I will pretty much get the same information that they saw previously on the website. 92 00:07:39,330 --> 00:07:45,930 As we can see right here, we get those DNS servers, the registration date, modification date, expiration 93 00:07:45,930 --> 00:07:52,650 date, we get the physical address and some other things, such as ID number, tax I.D., which is not 94 00:07:52,650 --> 00:07:53,940 really of interest to us. 95 00:07:55,130 --> 00:08:02,470 And let us also test this tool on Facebook, since different websites might give different information, 96 00:08:02,960 --> 00:08:09,140 for example, if I do the same on Facebook, since it being a much bigger site, it will probably give 97 00:08:09,140 --> 00:08:11,310 us much more information as well. 98 00:08:11,930 --> 00:08:12,890 So let's type it. 99 00:08:12,890 --> 00:08:15,530 Who is Facebook dot com? 100 00:08:16,530 --> 00:08:23,190 Press enter, let me just enlarge the terminal so we can see everything clearly and if I scroll all 101 00:08:23,190 --> 00:08:24,030 the way up. 102 00:08:25,290 --> 00:08:31,210 We get some name servers that trade city, state, province, postal code. 103 00:08:31,230 --> 00:08:33,550 We also get some phone numbers right here. 104 00:08:34,440 --> 00:08:37,590 Here are some of the email addresses for Ditech email. 105 00:08:38,470 --> 00:08:42,810 So we get another email address right here and even more phone numbers. 106 00:08:43,930 --> 00:08:50,520 We get the city, the street, if I go all the way up, we can see that this is a hoy's response. 107 00:08:50,530 --> 00:08:54,860 So this all information is public to us and this would be pretty much it. 108 00:08:54,880 --> 00:08:58,630 This is all the information we get for Facebook using who is to. 109 00:09:00,000 --> 00:09:06,660 And by the way, in real penetration tests that you will perform, all of the interesting information 110 00:09:06,660 --> 00:09:09,630 is something that you want to write down in our report. 111 00:09:10,350 --> 00:09:16,980 For now, we only saw how we can get basic information, such as IP addresses, country origin, physical 112 00:09:16,980 --> 00:09:18,000 address and similar. 113 00:09:18,780 --> 00:09:24,660 But later, during information gathering and scanning, we might find something that shouldn't be out 114 00:09:24,660 --> 00:09:28,480 there on the Internet and that would be called information disclosure. 115 00:09:29,400 --> 00:09:33,840 It is something that client doesn't want to be seen, but it is still publicly available. 116 00:09:34,590 --> 00:09:38,480 So anything that you might think is interesting, you would write down. 117 00:09:39,360 --> 00:09:40,100 OK, great. 118 00:09:40,620 --> 00:09:46,830 Now we know how we can identify a target by getting its IP address and also getting its physical address 119 00:09:46,830 --> 00:09:48,860 and some other interesting information as well. 120 00:09:49,380 --> 00:09:53,760 And even though this isn't really hard information to get, it is a good beginning. 121 00:09:54,340 --> 00:09:55,650 Let us see in the next video. 122 00:09:55,840 --> 00:09:57,350 What else can we find out? 12743