1
00:00:00,240 --> 00:00:04,019
OK, now to demonstrate what we learned in that theory lecture.

2
00:00:04,620 --> 00:00:10,700
Now we would use the host command to find the IP address of example dot com.

3
00:00:11,160 --> 00:00:14,150
OK, or let's try that on Google dot com.

4
00:00:14,160 --> 00:00:14,760
No problem.

5
00:00:15,840 --> 00:00:22,590
So just like that, if you click it or press, you can see the usage is like this.

6
00:00:22,890 --> 00:00:24,990
It has a lot of features.

7
00:00:25,290 --> 00:00:31,260
And don't worry, we will have a good understanding of this tool because it is very important.

8
00:00:31,680 --> 00:00:34,590
Now, Horst, then the name of the domain.

9
00:00:34,650 --> 00:00:37,050
So Horst, Google Dotcom, OK?

10
00:00:37,320 --> 00:00:38,940
Or sometimes not Google.

11
00:00:38,940 --> 00:00:41,180
The Google Dotcom.

12
00:00:41,220 --> 00:00:41,610
OK.

13
00:00:41,820 --> 00:00:44,310
By the way, you can see that we have different results.

14
00:00:44,470 --> 00:00:47,970
WW instead of Google Dotcom, right?

15
00:00:48,630 --> 00:00:49,860
OK, now let's have a look.

16
00:00:50,070 --> 00:00:52,860
So you can see that Google Dotcom has this address.

17
00:00:54,170 --> 00:00:58,220
And here it has some stuff, demands or whatever.

18
00:00:58,970 --> 00:01:04,400
Also, we have here, and this is a different IP address, by the way.

19
00:01:04,730 --> 00:01:05,090
OK.

20
00:01:05,390 --> 00:01:07,640
And have IP V6, OK?

21
00:01:08,690 --> 00:01:10,430
OK, for now, no problem.

22
00:01:10,670 --> 00:01:11,480
So far, so good.

23
00:01:11,780 --> 00:01:20,180
Now if I want to have hosted for Facebook Dotcom, for example, it has different values as well.

24
00:01:20,780 --> 00:01:28,550
Now let's try this on Google Dotcom, but this time we will use the dashti option or flag and the type

25
00:01:28,850 --> 00:01:32,960
of the record we want to check, for example, the mixed record.

26
00:01:33,500 --> 00:01:36,770
So you can see that these are used for the Amex, by the way.

27
00:01:37,780 --> 00:01:45,100
The main exchange now, let's have another thing, which is text T60, and here you can see we are seeing

28
00:01:45,190 --> 00:01:46,120
some values.

29
00:01:46,570 --> 00:01:51,100
OK, so like the main verification domain, whatever.

30
00:01:51,730 --> 00:01:53,950
We verification and some values.

31
00:01:54,280 --> 00:01:58,840
Now here we are using the type that dashti, which is the type of the DNS records.

32
00:01:58,930 --> 00:02:02,650
OK, so just a minute.

33
00:02:03,340 --> 00:02:09,190
And here you can see that right forward slash next to search.

34
00:02:10,150 --> 00:02:10,880
Yeah, you can see.

35
00:02:10,880 --> 00:02:13,120
Here it is DST, which is the type.

36
00:02:13,510 --> 00:02:18,430
If you scroll down, you can see that we have different values like these.

37
00:02:18,940 --> 00:02:20,800
This option specify the quarry type.

38
00:02:21,250 --> 00:02:22,700
As you can see, see them.

39
00:02:22,780 --> 00:02:27,190
And as I saw a text, the key it's it's right.

40
00:02:27,190 --> 00:02:29,740
It now a good use.

41
00:02:30,740 --> 00:02:39,260
For what we learned from the best script situation is that we want to make a brute force look up mechanism,

42
00:02:39,260 --> 00:02:39,710
OK?

43
00:02:40,370 --> 00:02:42,800
It's clear the screen now actually it is a sin.

44
00:02:43,310 --> 00:02:45,620
So let's go to the desktop now.

45
00:02:45,650 --> 00:02:49,640
Let's open or make a list to the text.

46
00:02:50,090 --> 00:02:54,690
OK, now I can see that we have first shared values DNS.

47
00:02:55,940 --> 00:02:56,600
Let's see.

48
00:02:56,720 --> 00:03:03,650
Drive em, Gmail, whatever and images, etc., etc..

49
00:03:03,860 --> 00:03:05,900
OK, this is just arbitrary list.

50
00:03:06,320 --> 00:03:10,160
We want to use it for a search and search for sub domains inside it.

51
00:03:10,820 --> 00:03:15,530
Now here, let's use for command or for statement.

52
00:03:16,730 --> 00:03:17,450
So for.

53
00:03:18,570 --> 00:03:27,870
But step in and open the door, not saying with brackets to execute a command, which is just the text.

54
00:03:30,070 --> 00:03:39,400
Then what the semi-colon do, and we want to host the dollar sign something that Google Dotcom.

55
00:03:41,190 --> 00:03:45,630
The semicolon then done, OK, by the way, here you can.

56
00:03:46,140 --> 00:03:46,920
You need to put.

57
00:03:48,720 --> 00:03:50,830
Space or here and enter.

58
00:03:51,870 --> 00:03:53,620
You can see that for who will come.

59
00:03:53,640 --> 00:03:59,700
We didn't find first Google that compared to videos, whatever DFS, but drive we found it as you can

60
00:03:59,700 --> 00:04:01,800
see and hear, it's very quiet for it.

61
00:04:02,110 --> 00:04:05,070
Gmail is alias for this value or whatever.

62
00:04:05,670 --> 00:04:10,040
As you can see, Images is an alias for this and has IP addresses.

63
00:04:10,050 --> 00:04:16,980
So by this, we found out we can make a brute force, OK, which is something very good.

64
00:04:18,410 --> 00:04:23,000
OK, now another practice for what we learned using the command.

65
00:04:23,930 --> 00:04:25,150
Now let's put toast.

66
00:04:25,290 --> 00:04:26,330
We'll get it going again.

67
00:04:26,720 --> 00:04:28,340
It would show us these values.

68
00:04:28,370 --> 00:04:28,820
All right.

69
00:04:29,110 --> 00:04:30,290
You know, we're designing societies.

70
00:04:30,620 --> 00:04:36,800
I want to have just these values, as you can see for one, two three.

71
00:04:37,430 --> 00:04:37,910
OK.

72
00:04:38,060 --> 00:04:40,940
And I want them to be resolved to be sorted as well.

73
00:04:41,330 --> 00:04:42,320
How should I do that?

74
00:04:42,470 --> 00:04:44,390
We will use the Bible in that case.

75
00:04:44,750 --> 00:04:48,110
So here we don't need to have everything here.

76
00:04:48,410 --> 00:04:50,000
We just want the last.

77
00:04:50,670 --> 00:04:51,050
These.

78
00:04:51,980 --> 00:04:52,460
OK.

79
00:04:53,670 --> 00:04:55,320
So let's help tell.

80
00:04:57,100 --> 00:04:59,650
And one, two, three, four, five five.

81
00:05:01,050 --> 00:05:05,070
Or minus five, they mean you can see that, yeah, we have him here.

82
00:05:05,290 --> 00:05:06,420
OK, this is the first step.

83
00:05:06,620 --> 00:05:09,570
Then the output will be cut.

84
00:05:09,990 --> 00:05:11,400
That's David Delimiter.

85
00:05:11,490 --> 00:05:12,450
And it will be space.

86
00:05:12,450 --> 00:05:14,550
As you can see between each one is the space.

87
00:05:14,860 --> 00:05:16,620
And until we reach that one, we want.

88
00:05:16,620 --> 00:05:19,410
So one two three four five six.

89
00:05:19,440 --> 00:05:23,310
So we want to f that field would be six.

90
00:05:23,730 --> 00:05:24,960
OK, like this?

91
00:05:25,980 --> 00:05:31,770
As you can see, yeah, I made them stick is seven, actually not six, because here it is.

92
00:05:32,280 --> 00:05:33,090
This is the number.

93
00:05:33,450 --> 00:05:34,110
All right.

94
00:05:34,230 --> 00:05:34,740
Seven.

95
00:05:34,950 --> 00:05:35,580
No problem.

96
00:05:35,580 --> 00:05:36,780
Yeah, we have it here.

97
00:05:37,200 --> 00:05:43,980
So we got the domains, the sub domains and the noise zone for Google dot com.

98
00:05:44,310 --> 00:05:44,730
OK.

99
00:05:45,420 --> 00:05:48,180
By the way, we can make a best script for this.

100
00:05:49,280 --> 00:05:51,950
Still, we can get.

101
00:05:52,990 --> 00:05:53,720
Fancy resort.

102
00:05:54,000 --> 00:05:54,450
All right.

103
00:05:54,930 --> 00:05:56,970
Something for automation and all of that stuff.

104
00:05:57,540 --> 00:05:59,760
Now we have other tools in clinics.

105
00:06:00,740 --> 00:06:02,240
Which is the inner city corn.

106
00:06:02,600 --> 00:06:09,350
So the corn like that and as you can see here it is now, the usage is like that.

107
00:06:09,360 --> 00:06:11,510
That's the domain, which is Google dot com.

108
00:06:12,170 --> 00:06:18,680
And what tenacity or type and what the you want a SFR, for example.

109
00:06:18,980 --> 00:06:19,790
And the presenter.

110
00:06:20,480 --> 00:06:23,870
Now you can see that this will show us other options.

111
00:06:25,290 --> 00:06:26,130
Or other resorts?

112
00:06:27,020 --> 00:06:30,230
I mean, it seems that there is a problem here in this tool.

113
00:06:30,490 --> 00:06:33,120
Let's let's remove that dashti option.

114
00:06:35,860 --> 00:06:41,170
Yeah, you can see that we are seeing a different or more values than the host utility.

115
00:06:41,440 --> 00:06:47,050
So as you can see for you as an ethical hacker or hacker, you need a team member.

116
00:06:47,380 --> 00:06:55,550
You need to get used to everything, OK, you need to write your own tools and use all the tools or

117
00:06:55,690 --> 00:07:02,470
that ease of tools, not just using one tool, because some result may be different.

118
00:07:02,770 --> 00:07:04,960
And after all, we are attacking the system.

119
00:07:04,960 --> 00:07:10,350
So use whatever tools you want and actually not to one tool.

120
00:07:10,360 --> 00:07:15,490
Make sure you have many tools or you are learning or you have learnt many tools to use.

121
00:07:15,850 --> 00:07:17,680
OK, so that's why.

122
00:07:17,710 --> 00:07:24,010
So, as you can see, the DNS record is showing us more information than just as you can see.

123
00:07:24,310 --> 00:07:25,000
OK, cool.

124
00:07:26,050 --> 00:07:33,060
Again, we can use best script or automation to have a termination for subdomains or whatever, or IBS

125
00:07:33,070 --> 00:07:34,930
and etc., etc..

126
00:07:35,440 --> 00:07:40,450
Now there is another tool called DNS Enum, so a DNS enum like that.

127
00:07:42,080 --> 00:07:44,810
And here you can see it would show us values.

128
00:07:44,990 --> 00:07:47,960
So let's try it out for Google Dotcom.

129
00:07:48,410 --> 00:07:48,860
OK.

130
00:07:49,190 --> 00:07:55,880
And you can see the US is showing more verbose ism stein as you can see the host the name servers.

131
00:07:55,880 --> 00:07:57,770
Here it is, the host addresses.

132
00:07:57,800 --> 00:07:59,300
Here it is then.

133
00:07:59,870 --> 00:08:01,370
Or email exchange server.

134
00:08:01,490 --> 00:08:02,090
Here it is.

135
00:08:02,360 --> 00:08:06,650
And it will start trying on transfer or whatever.

136
00:08:07,130 --> 00:08:13,290
As you and as you can see, it is guessing as well as you can see brute forcing and using this and at

137
00:08:13,790 --> 00:08:15,170
the as the text file.

138
00:08:15,230 --> 00:08:18,360
This is something already exist in Kali Linux.

139
00:08:18,380 --> 00:08:18,770
All right.

140
00:08:19,280 --> 00:08:22,850
Now let's with a little bit just to find what we will see.

141
00:08:22,970 --> 00:08:30,350
By the way, you can see it will start showing us a lot of subdomains because we are forcing.

142
00:08:30,350 --> 00:08:32,630
So I want to press concurrency.

143
00:08:32,640 --> 00:08:33,650
So to stop it?

144
00:08:33,679 --> 00:08:34,039
OK?

145
00:08:34,909 --> 00:08:40,130
And here you can see we have a lot of directories or a lot of subdomains that's showing up.