All language subtitles for 3. E-Mail Address Gathering with Hunter.io

af Afrikaans
ak Akan
sq Albanian
am Amharic
ar Arabic Download
hy Armenian
az Azerbaijani
eu Basque
be Belarusian
bem Bemba
bn Bengali
bh Bihari
bs Bosnian
br Breton
bg Bulgarian
km Cambodian
ca Catalan
ceb Cebuano
chr Cherokee
ny Chichewa
zh-CN Chinese (Simplified)
zh-TW Chinese (Traditional)
co Corsican
hr Croatian
cs Czech
da Danish
nl Dutch
en English
eo Esperanto
et Estonian
ee Ewe
fo Faroese
tl Filipino
fi Finnish
fr French
fy Frisian
gaa Ga
gl Galician
ka Georgian
de German
el Greek
gn Guarani
gu Gujarati
ht Haitian Creole
ha Hausa
haw Hawaiian
iw Hebrew
hi Hindi
hmn Hmong
hu Hungarian
is Icelandic
ig Igbo
id Indonesian
ia Interlingua
ga Irish
it Italian
ja Japanese
jw Javanese
kn Kannada
kk Kazakh
rw Kinyarwanda
rn Kirundi
kg Kongo
ko Korean
kri Krio (Sierra Leone)
ku Kurdish
ckb Kurdish (Soranî)
ky Kyrgyz
lo Laothian
la Latin
lv Latvian
ln Lingala
lt Lithuanian
loz Lozi
lg Luganda
ach Luo
lb Luxembourgish
mk Macedonian
mg Malagasy
ms Malay
ml Malayalam
mt Maltese
mi Maori
mr Marathi
mfe Mauritian Creole
mo Moldavian
mn Mongolian
my Myanmar (Burmese)
sr-ME Montenegrin
ne Nepali
pcm Nigerian Pidgin
nso Northern Sotho
no Norwegian
nn Norwegian (Nynorsk)
oc Occitan
or Oriya
om Oromo
ps Pashto
fa Persian
pl Polish
pt-BR Portuguese (Brazil)
pt Portuguese (Portugal)
pa Punjabi
qu Quechua
ro Romanian
rm Romansh
nyn Runyakitara
ru Russian
sm Samoan
gd Scots Gaelic
sr Serbian
sh Serbo-Croatian
st Sesotho
tn Setswana
crs Seychellois Creole
sn Shona
sd Sindhi
si Sinhalese
sk Slovak
sl Slovenian
so Somali
es Spanish
es-419 Spanish (Latin American)
su Sundanese
sw Swahili
sv Swedish
tg Tajik
ta Tamil
tt Tatar
te Telugu
th Thai
ti Tigrinya
to Tonga
lua Tshiluba
tum Tumbuka
tr Turkish
tk Turkmen
tw Twi
ug Uighur
uk Ukrainian
ur Urdu
uz Uzbek
vi Vietnamese
cy Welsh
wo Wolof
xh Xhosa
yi Yiddish
yo Yoruba
zu Zulu
Would you like to inspect the original subtitles? These are the user uploaded subtitles that are being translated: 1 00:00:00,180 --> 00:00:05,140 So with this cause I want to take a very realistic approach. 2 00:00:05,160 --> 00:00:13,110 There are a lot of other courses out there especially even certification courses that feel like a tool 3 00:00:13,110 --> 00:00:20,700 regurgitation and it's about as many tools as you can utilize in most of them you'll never use again 4 00:00:20,700 --> 00:00:21,900 in your career. 5 00:00:21,900 --> 00:00:27,750 And I don't want that to be this cause I want you to step away from this course and you to have a realistic 6 00:00:27,780 --> 00:00:34,280 approach and a realistic methodology when it comes to doing what you do as a penetration tester. 7 00:00:34,440 --> 00:00:44,760 My approach when I first start is looking up items on websites regarding to users email format and breach 8 00:00:44,760 --> 00:00:45,440 credentials. 9 00:00:45,450 --> 00:00:50,640 And we're going to go down that path and then we'll start talking about other items of O.S. but this 10 00:00:50,640 --> 00:00:52,750 is the first place that I target. 11 00:00:53,010 --> 00:00:57,140 So we're going to start off first with a tool called Hunter dot I O. 12 00:00:57,620 --> 00:01:04,520 And I want you to just go out to Hunter Io you're going to see a sign up in the upper right hand corner. 13 00:01:04,530 --> 00:01:06,420 Go ahead and sign up. 14 00:01:06,420 --> 00:01:08,910 It does require a valid email address. 15 00:01:08,910 --> 00:01:12,690 Sign up get logged in and then meet me back at the video. 16 00:01:12,690 --> 00:01:16,110 Go ahead posit and then resume the video when you're ready. 17 00:01:16,230 --> 00:01:20,390 And then my machine's falling asleep so I'll see you when you get back. 18 00:01:20,430 --> 00:01:23,280 OK so now you're logged in. 19 00:01:23,310 --> 00:01:26,040 Your screen should look something like mine. 20 00:01:26,040 --> 00:01:33,090 Hundred I O is a domain search where we can do is we can type in something like Tesla dot com and you 21 00:01:33,090 --> 00:01:36,420 can see here it starts to bring up Tesla dot com. 22 00:01:36,420 --> 00:01:38,570 It's got four hundred and fifty three results. 23 00:01:39,000 --> 00:01:40,800 Let's go ahead and just click on this. 24 00:01:40,950 --> 00:01:46,890 Now with the free plan that we are on we get something like 20 searches a month so please be careful 25 00:01:46,890 --> 00:01:52,050 to not abuse the search feature and make sure you're searching for what you want. 26 00:01:52,050 --> 00:01:53,820 Why do I use this. 27 00:01:53,820 --> 00:01:56,510 Well it tells me some interesting things. 28 00:01:56,520 --> 00:02:01,560 One it gives me a list of people in the organization. 29 00:02:01,680 --> 00:02:04,620 I get the first name last name. 30 00:02:04,620 --> 00:02:11,550 I get a first initial last name format here and it tells me the most common pattern with her email addresses 31 00:02:12,210 --> 00:02:18,680 and we'll talk about why that's important in a second so I get up to four hundred fifty three results 32 00:02:18,680 --> 00:02:26,540 here I get to export NACA yes V.F. I want I can take these emails all of these and I have a lot of information 33 00:02:26,600 --> 00:02:32,270 right off the bat and this is all free to me and it even tells me where they got these resources from. 34 00:02:32,360 --> 00:02:38,360 They're looking online and they're digging it up like they're finding it and farms and other Web sites. 35 00:02:38,390 --> 00:02:40,010 This one's on the forms as well. 36 00:02:40,280 --> 00:02:42,630 So all these different email addresses. 37 00:02:42,740 --> 00:02:44,380 Very very good for us. 38 00:02:44,390 --> 00:02:50,930 Sometimes they even have departments in here you can click on them and look human resources or I mean 39 00:02:50,930 --> 00:02:55,550 engineering depending where they work like I might be interested in and who works at I.T. engineering 40 00:02:56,060 --> 00:02:57,860 obviously not Nikola Tesla. 41 00:02:58,070 --> 00:02:59,180 That's not true. 42 00:02:59,510 --> 00:02:59,770 OK. 43 00:02:59,780 --> 00:03:04,280 We've got a senior technical product manager we've got a staff software engineer. 44 00:03:04,730 --> 00:03:05,580 That's good. 45 00:03:05,600 --> 00:03:10,580 But you know maybe somebody like on the help desk might be really good to target or to have you know 46 00:03:10,580 --> 00:03:11,260 knowledge of. 47 00:03:11,270 --> 00:03:18,050 But this is a good way to just see who works where what their e-mail format is and how many names we 48 00:03:18,050 --> 00:03:24,000 can pull down now Tesla is a big company which could potentially work into our favor depending on their 49 00:03:24,000 --> 00:03:25,270 security. 50 00:03:25,320 --> 00:03:31,650 Now we're going to be talking about tasks called Passwords spraying and credential stuffing as methods 51 00:03:31,710 --> 00:03:33,400 of exploitation. 52 00:03:33,420 --> 00:03:38,580 We're going to get into that when we get into the actual scanning enumeration and exploitation phase 53 00:03:39,150 --> 00:03:48,210 and what it is and what we're after is being able to grab a valid list of names so we can gather here 54 00:03:48,210 --> 00:03:50,400 for four hundred and fifty three usernames. 55 00:03:50,400 --> 00:03:51,430 That's great. 56 00:03:51,840 --> 00:03:56,080 But on top of this that's probably not everybody that works there. 57 00:03:56,100 --> 00:04:00,110 So maybe we go out to LinkedIn and we see Bob Jones works there. 58 00:04:00,120 --> 00:04:02,240 So we know OK. 59 00:04:02,250 --> 00:04:04,060 His email address is probably B. 60 00:04:04,060 --> 00:04:08,000 Jones and then you see somebody like Richard Jones. 61 00:04:08,010 --> 00:04:11,960 So you probably could assume his is our Jones at Tesla dot com. 62 00:04:12,060 --> 00:04:18,750 Knowing this First Name Last Name format or how they structure their email is super important for later 63 00:04:18,750 --> 00:04:24,800 on when we perform attacks say we have a log in form and we have that log in form we want to log into 64 00:04:24,810 --> 00:04:31,680 it if we know the format of the email address we can send a bunch of valid email addresses to it as 65 00:04:31,680 --> 00:04:36,480 a user name and then we can do something like password spraying which is where we just take commonly 66 00:04:36,480 --> 00:04:38,560 used passwords like right now. 67 00:04:38,580 --> 00:04:48,090 It is November of 2019 we could say fall 20 19 Exclamation Point Fire that with every single email address 68 00:04:48,120 --> 00:04:52,630 that we find in hopefully one sticks and that's the idea behind password spraying. 69 00:04:52,680 --> 00:04:57,140 So this information here that we can gather is absolutely important. 70 00:04:57,210 --> 00:05:01,830 So I'm going to show you a couple more methods on how to gather this sort of information and how we 71 00:05:01,830 --> 00:05:06,460 can start to become malicious with the information that we gather and why this is all important. 72 00:05:06,510 --> 00:05:12,150 So I'll meet you over in the next video when we start talking more in-depth about user name enumeration 73 00:05:12,210 --> 00:05:13,830 through breach credentials. 7575

Can't find what you're looking for?
Get subtitles in any language from opensubtitles.com, and translate them here.