Would you like to inspect the original subtitles? These are the user uploaded subtitles that are being translated: 1 00:00:00,180 --> 00:00:05,140 So with this cause I want to take a very realistic approach. 2 00:00:05,160 --> 00:00:13,110 There are a lot of other courses out there especially even certification courses that feel like a tool 3 00:00:13,110 --> 00:00:20,700 regurgitation and it's about as many tools as you can utilize in most of them you'll never use again 4 00:00:20,700 --> 00:00:21,900 in your career. 5 00:00:21,900 --> 00:00:27,750 And I don't want that to be this cause I want you to step away from this course and you to have a realistic 6 00:00:27,780 --> 00:00:34,280 approach and a realistic methodology when it comes to doing what you do as a penetration tester. 7 00:00:34,440 --> 00:00:44,760 My approach when I first start is looking up items on websites regarding to users email format and breach 8 00:00:44,760 --> 00:00:45,440 credentials. 9 00:00:45,450 --> 00:00:50,640 And we're going to go down that path and then we'll start talking about other items of O.S. but this 10 00:00:50,640 --> 00:00:52,750 is the first place that I target. 11 00:00:53,010 --> 00:00:57,140 So we're going to start off first with a tool called Hunter dot I O. 12 00:00:57,620 --> 00:01:04,520 And I want you to just go out to Hunter Io you're going to see a sign up in the upper right hand corner. 13 00:01:04,530 --> 00:01:06,420 Go ahead and sign up. 14 00:01:06,420 --> 00:01:08,910 It does require a valid email address. 15 00:01:08,910 --> 00:01:12,690 Sign up get logged in and then meet me back at the video. 16 00:01:12,690 --> 00:01:16,110 Go ahead posit and then resume the video when you're ready. 17 00:01:16,230 --> 00:01:20,390 And then my machine's falling asleep so I'll see you when you get back. 18 00:01:20,430 --> 00:01:23,280 OK so now you're logged in. 19 00:01:23,310 --> 00:01:26,040 Your screen should look something like mine. 20 00:01:26,040 --> 00:01:33,090 Hundred I O is a domain search where we can do is we can type in something like Tesla dot com and you 21 00:01:33,090 --> 00:01:36,420 can see here it starts to bring up Tesla dot com. 22 00:01:36,420 --> 00:01:38,570 It's got four hundred and fifty three results. 23 00:01:39,000 --> 00:01:40,800 Let's go ahead and just click on this. 24 00:01:40,950 --> 00:01:46,890 Now with the free plan that we are on we get something like 20 searches a month so please be careful 25 00:01:46,890 --> 00:01:52,050 to not abuse the search feature and make sure you're searching for what you want. 26 00:01:52,050 --> 00:01:53,820 Why do I use this. 27 00:01:53,820 --> 00:01:56,510 Well it tells me some interesting things. 28 00:01:56,520 --> 00:02:01,560 One it gives me a list of people in the organization. 29 00:02:01,680 --> 00:02:04,620 I get the first name last name. 30 00:02:04,620 --> 00:02:11,550 I get a first initial last name format here and it tells me the most common pattern with her email addresses 31 00:02:12,210 --> 00:02:18,680 and we'll talk about why that's important in a second so I get up to four hundred fifty three results 32 00:02:18,680 --> 00:02:26,540 here I get to export NACA yes V.F. I want I can take these emails all of these and I have a lot of information 33 00:02:26,600 --> 00:02:32,270 right off the bat and this is all free to me and it even tells me where they got these resources from. 34 00:02:32,360 --> 00:02:38,360 They're looking online and they're digging it up like they're finding it and farms and other Web sites. 35 00:02:38,390 --> 00:02:40,010 This one's on the forms as well. 36 00:02:40,280 --> 00:02:42,630 So all these different email addresses. 37 00:02:42,740 --> 00:02:44,380 Very very good for us. 38 00:02:44,390 --> 00:02:50,930 Sometimes they even have departments in here you can click on them and look human resources or I mean 39 00:02:50,930 --> 00:02:55,550 engineering depending where they work like I might be interested in and who works at I.T. engineering 40 00:02:56,060 --> 00:02:57,860 obviously not Nikola Tesla. 41 00:02:58,070 --> 00:02:59,180 That's not true. 42 00:02:59,510 --> 00:02:59,770 OK. 43 00:02:59,780 --> 00:03:04,280 We've got a senior technical product manager we've got a staff software engineer. 44 00:03:04,730 --> 00:03:05,580 That's good. 45 00:03:05,600 --> 00:03:10,580 But you know maybe somebody like on the help desk might be really good to target or to have you know 46 00:03:10,580 --> 00:03:11,260 knowledge of. 47 00:03:11,270 --> 00:03:18,050 But this is a good way to just see who works where what their e-mail format is and how many names we 48 00:03:18,050 --> 00:03:24,000 can pull down now Tesla is a big company which could potentially work into our favor depending on their 49 00:03:24,000 --> 00:03:25,270 security. 50 00:03:25,320 --> 00:03:31,650 Now we're going to be talking about tasks called Passwords spraying and credential stuffing as methods 51 00:03:31,710 --> 00:03:33,400 of exploitation. 52 00:03:33,420 --> 00:03:38,580 We're going to get into that when we get into the actual scanning enumeration and exploitation phase 53 00:03:39,150 --> 00:03:48,210 and what it is and what we're after is being able to grab a valid list of names so we can gather here 54 00:03:48,210 --> 00:03:50,400 for four hundred and fifty three usernames. 55 00:03:50,400 --> 00:03:51,430 That's great. 56 00:03:51,840 --> 00:03:56,080 But on top of this that's probably not everybody that works there. 57 00:03:56,100 --> 00:04:00,110 So maybe we go out to LinkedIn and we see Bob Jones works there. 58 00:04:00,120 --> 00:04:02,240 So we know OK. 59 00:04:02,250 --> 00:04:04,060 His email address is probably B. 60 00:04:04,060 --> 00:04:08,000 Jones and then you see somebody like Richard Jones. 61 00:04:08,010 --> 00:04:11,960 So you probably could assume his is our Jones at Tesla dot com. 62 00:04:12,060 --> 00:04:18,750 Knowing this First Name Last Name format or how they structure their email is super important for later 63 00:04:18,750 --> 00:04:24,800 on when we perform attacks say we have a log in form and we have that log in form we want to log into 64 00:04:24,810 --> 00:04:31,680 it if we know the format of the email address we can send a bunch of valid email addresses to it as 65 00:04:31,680 --> 00:04:36,480 a user name and then we can do something like password spraying which is where we just take commonly 66 00:04:36,480 --> 00:04:38,560 used passwords like right now. 67 00:04:38,580 --> 00:04:48,090 It is November of 2019 we could say fall 20 19 Exclamation Point Fire that with every single email address 68 00:04:48,120 --> 00:04:52,630 that we find in hopefully one sticks and that's the idea behind password spraying. 69 00:04:52,680 --> 00:04:57,140 So this information here that we can gather is absolutely important. 70 00:04:57,210 --> 00:05:01,830 So I'm going to show you a couple more methods on how to gather this sort of information and how we 71 00:05:01,830 --> 00:05:06,460 can start to become malicious with the information that we gather and why this is all important. 72 00:05:06,510 --> 00:05:12,150 So I'll meet you over in the next video when we start talking more in-depth about user name enumeration 73 00:05:12,210 --> 00:05:13,830 through breach credentials. 7575