1
00:00:02,460 --> 00:00:10,010
In this video we'll see how we can get comprehensive DNS information about the target Web site.

2
00:00:10,080 --> 00:00:14,580
So just to give you a quick refresh on what the NSA is.

3
00:00:14,640 --> 00:00:21,670
So when you type in facebook dot com a DNS server will convert that name to an IP address.

4
00:00:21,700 --> 00:00:25,200
No the process is a bit more complicated.

5
00:00:25,230 --> 00:00:32,070
So the DNS server contains actually a number of records each pointing to a different domain or a TV

6
00:00:32,070 --> 00:00:35,700
out or to a different IP sometimes to the same IP.

7
00:00:36,330 --> 00:00:43,890
So but in general you requested domain name it gets converted to an IP address and dependent on that

8
00:00:44,250 --> 00:00:47,060
these information need to be stored somewhere.

9
00:00:47,070 --> 00:00:51,770
So we're going to query this DNS server and see what information we can get through it.

10
00:00:52,880 --> 00:00:58,670
Now we're going to use a Web site called reuptake dot com and I'm just gonna put the target Web site

11
00:00:58,730 --> 00:01:01,060
that I want to get information about.

12
00:01:01,190 --> 00:01:08,840
So I'm gonna type a security dot org and I'm gonna hit enter to get a report now.

13
00:01:08,870 --> 00:01:12,020
As you can see we will get a big report.

14
00:01:12,020 --> 00:01:20,330
So there is a lot of information in here but you can actually use the buttons in here to navigate to

15
00:01:20,330 --> 00:01:22,220
any of the sections below.

16
00:01:22,220 --> 00:01:27,710
So if you want to directly go to the records or to go through the FCO all you have to do is just click

17
00:01:27,710 --> 00:01:34,180
in here and you'll go directly to that section what we're going to do right now though we'll go over

18
00:01:34,180 --> 00:01:39,780
all the sections one by one and see what kind of information we got.

19
00:01:39,960 --> 00:01:46,080
Now keep in mind the order of this information might be different but you should have the same sections

20
00:01:47,230 --> 00:01:52,780
so and the analysis you can see we have general information about the target.

21
00:01:52,780 --> 00:01:59,770
So you can see that it's telling us that ice security has three name servers five mail servers and one

22
00:01:59,830 --> 00:02:01,200
IP address.

23
00:02:01,600 --> 00:02:10,540
We can see the name servers used by ICE security and digital ocean is the hosting company that ice security

24
00:02:10,540 --> 00:02:14,020
is using at the time of recording this lecture.

25
00:02:14,020 --> 00:02:21,250
So this is very very useful because you can go to digital ocean right now you'll see the hosting company

26
00:02:21,490 --> 00:02:28,450
and then you can pretend to be them and communicate with a security telling them that you're signing

27
00:02:28,450 --> 00:02:34,960
them up for a better hosting you're giving them something because they are a VIP customer and ask them

28
00:02:34,960 --> 00:02:36,050
to log in.

29
00:02:36,250 --> 00:02:42,930
Obviously they'll be logging in to a fake log in page and that way you'll steal their information.

30
00:02:43,150 --> 00:02:46,870
You can tell them that there is a policy change that they have to accept.

31
00:02:46,990 --> 00:02:51,010
And again asked them to log in and steal the information that way.

32
00:02:51,010 --> 00:02:56,320
Obviously you'll do this through a fake log in page and this is mostly social engineering.

33
00:02:56,380 --> 00:03:02,080
So it's nothing to do with web site hacking and I cover all this in my social engineering course but

34
00:03:02,410 --> 00:03:08,770
it's very useful because if you couldn't hack into the Web site through the applications installed then

35
00:03:08,770 --> 00:03:14,610
the only way to get in is using social engineering now below this.

36
00:03:14,630 --> 00:03:18,630
We can see that the target is using Google mail servers.

37
00:03:18,710 --> 00:03:20,900
So they're not handling their own e-mails.

38
00:03:20,900 --> 00:03:23,880
They're using Google to handle their emails.

39
00:03:23,900 --> 00:03:30,260
Again you can communicate with the target pretending to be Google and get them to do something or to

40
00:03:30,260 --> 00:03:38,930
log in to a fake page and steal information that way you can also see the IP address of this Web site

41
00:03:38,960 --> 00:03:43,920
which can be used to discover other Web sites installed on the same server.

42
00:03:43,940 --> 00:03:51,050
And this is very very useful because if you couldn't hack into your target's Web site through the applications

43
00:03:51,050 --> 00:03:58,080
installed on that Web site then you can try to hack into any Web site installed on the same server.

44
00:03:58,130 --> 00:04:03,700
And if you manage to do that then you can actually navigate to your target Web site because they're

45
00:04:03,710 --> 00:04:07,580
all essentially installed on the same computer.

46
00:04:07,670 --> 00:04:15,340
And we'll talk more about that in the next lecture and below right here we have a number of similar

47
00:04:15,340 --> 00:04:17,230
domains to our target.

48
00:04:17,230 --> 00:04:24,540
Now these might be completely irrelevant but you can have a look and see what you have navigating to

49
00:04:24,540 --> 00:04:25,950
the quick info.

50
00:04:25,960 --> 00:04:28,080
Again you can see the domain name.

51
00:04:28,200 --> 00:04:30,020
You can see the TLT.

52
00:04:30,630 --> 00:04:33,440
We have the IP address the name servers.

53
00:04:33,450 --> 00:04:39,750
Again like I said they're useful because they usually give us information about the domain hosting company

54
00:04:39,780 --> 00:04:43,320
or the hosting company hosting the Web site itself.

55
00:04:43,320 --> 00:04:46,170
And we also have the mail servers like we've seen before.

56
00:04:46,170 --> 00:04:47,350
It's Google Mail.

57
00:04:47,460 --> 00:04:56,800
So that all can be really really useful the reverse section will perform reverse DNS lookup.

58
00:04:56,800 --> 00:05:05,560
So as I said at the start of the lecture DNS is used to translate domain names into IP addresses and

59
00:05:05,560 --> 00:05:12,740
the reverse lookup we use the IP address to see which domains link to this IP address.

60
00:05:12,790 --> 00:05:18,900
And like I said previously this can be very very useful because we'll be able to discover other Web

61
00:05:18,900 --> 00:05:24,240
sites hosted on the same server and we can hack into any of these Web sites.

62
00:05:24,280 --> 00:05:26,770
And from there gain access to our target.

63
00:05:27,310 --> 00:05:34,460
But with the reverse lookup you won't always get all the Web sites installed on the same server.

64
00:05:34,510 --> 00:05:39,530
Therefore in the next lecture I will show you a better way of doing that.

65
00:05:39,670 --> 00:05:46,080
But if you really want to see the results of the reverse lookup you'll have to log in.

66
00:05:46,150 --> 00:05:48,790
So I'm actually going to open a new tab.

67
00:05:49,180 --> 00:05:55,410
I'm going to go to Rob Texas again and I'm going to click on log in right here.

68
00:05:55,540 --> 00:05:59,740
And the only way to log in to rob Texas right now is through Google.

69
00:05:59,740 --> 00:06:02,380
So I'm going to click on Google.

70
00:06:02,560 --> 00:06:08,050
I'm going to click my e-mail and that's it were logged in.

71
00:06:08,460 --> 00:06:19,250
So I'm going to close this and we're going to refresh in here and if we scroll down again to the reverse

72
00:06:19,340 --> 00:06:27,650
right here we have the results of the reverse lookup and you can either download this as the CSB or

73
00:06:27,650 --> 00:06:29,270
view it as a hasty e-mail.

74
00:06:29,630 --> 00:06:36,940
So I'm going to choose to view it as hey CML in a new tab and right here as you can see we only have

75
00:06:36,940 --> 00:06:43,010
that security on its own because that security is hosted on its own server.

76
00:06:43,030 --> 00:06:47,300
So there are no other Web sites installed on the same server.

77
00:06:47,590 --> 00:06:54,340
But like I said if there are other Web sites hosted on the same server then you'll be able to see them

78
00:06:54,340 --> 00:07:02,580
in here in the reverse lookup now going down we can see a more detailed breakdown of the DNS records

79
00:07:03,030 --> 00:07:07,200
so you can see here we have information about the record.

80
00:07:07,330 --> 00:07:14,400
This is the record that's used to translate the domain name into an IP address so you can see that a

81
00:07:14,400 --> 00:07:22,920
security dot org links to this IP address which is the IP address of the server hosting or containing

82
00:07:22,950 --> 00:07:26,810
the files of the Web site scrolling down.

83
00:07:26,810 --> 00:07:28,830
We have more FCO information.

84
00:07:28,830 --> 00:07:32,090
Search Engine Optimization info.

85
00:07:32,190 --> 00:07:36,220
We have the Web trust reputation of this Web site.

86
00:07:36,240 --> 00:07:40,800
We have the Alex our ranking and the share tab.

87
00:07:40,800 --> 00:07:43,990
We have the IP of the target Web site.

88
00:07:44,000 --> 00:07:49,000
Again like I said we can use this to get Web sites installed on the same server.

89
00:07:49,020 --> 00:07:54,140
We have a graph representation of all the information we gathered.

90
00:07:54,150 --> 00:07:56,180
We also have a history section.

91
00:07:56,190 --> 00:08:04,050
This is actually very very useful because you can use this to track all the changes to the DNS info

92
00:08:04,200 --> 00:08:08,910
of the target Web site so you can see when they started using Google.

93
00:08:08,940 --> 00:08:13,770
You can see when they started using digital ocean as their hosting provider.

94
00:08:13,770 --> 00:08:20,960
So if you scroll down we might actually be able to see that they were using a different provider.

95
00:08:20,960 --> 00:08:22,030
And here you go.

96
00:08:22,100 --> 00:08:25,790
We can see that they were using a different hosting company.

97
00:08:25,820 --> 00:08:27,090
This one right here.

98
00:08:27,240 --> 00:08:30,760
The more thing I hope I'm pronouncing that right.

99
00:08:31,370 --> 00:08:38,150
But right now as we can see they changed and they switched to a different hosting company Digital Ocean.

100
00:08:38,210 --> 00:08:44,660
So again you can even contact them pretending to be this company and tell them that you're going to

101
00:08:44,660 --> 00:08:52,220
sign them up for a better offer or pretend that they violated one of your terms and conditions and ask

102
00:08:52,220 --> 00:08:59,630
them to log in to do something when they log in you can serve them a fake file a backdoor or again use

103
00:08:59,630 --> 00:09:05,300
the log in information get them to log in through a fake Web page and steal the username and password.

104
00:09:05,420 --> 00:09:12,980
So information is always very very useful when it comes to hacking especially if you want to perform

105
00:09:13,010 --> 00:09:19,850
a social engineering attack which might be your last resort if you could not hack into the web site

106
00:09:20,060 --> 00:09:28,630
using the applications installed on it scrolling down we can see we have the WHO's information we had

107
00:09:28,630 --> 00:09:33,210
a full lecture on how to get this and how this can be useful.

108
00:09:33,250 --> 00:09:42,220
And finally we have the DNS block information which basically is a list of Web sites known to send spam

109
00:09:42,490 --> 00:09:48,700
so usually emails sent from these Web sites would be blocked or considered as Palm.

110
00:09:49,150 --> 00:09:56,590
So as you can see a very useful Web site that can be used to get information about this server used

111
00:09:56,590 --> 00:10:04,240
to host the target Web site and its relationship with other Web sites other servers which hosting companies

112
00:10:04,240 --> 00:10:05,570
are being used.

113
00:10:05,590 --> 00:10:11,620
And like I said all of this can be very very useful whether you want to target the Web site itself whether

114
00:10:11,620 --> 00:10:17,230
you want to target other Web sites or you can hack into your target Web site and even if you want to

115
00:10:17,230 --> 00:10:22,270
social engineer one of the admins to gain access to your target Web site.