Disclaimer This video is just for educational purpose only Like previous, this video has also been made completely for Vidya Gyan Sagar Saraswati Like last time, thank you and yes, turn off that ad blocker and do not download and watch it, please support me with this. Thank you, this is the image, I can also find its location. Do you know, this is the photo I have taken from my mobile. Now please come and let's see, it is coming. Social media accounts are hunted using Sherlock Hacker. I am 100% on One Pay, my account is also on Hacker One Pay, now you can find your friend, ok you can find anyone, in this way I found all the photos in Photos and Videos which are coming here Desktop Thums DB We save this database , you can see that we have extracted a lot of important information, we have extracted user names, their login pages, we have also extracted their photos, internal ones too, we have extracted the details of people, they have also been extracted. Well ported to me. Yes, I know. I am a little late but I can't do anything, it was my college and all these things, so in Part Two and Part Two, first of all, let me tell you that my audio is in the previous part, so it is not properly. It was coming because my Windows drivers were not running properly and the drivers of my mic were running properly but Kali Usam is running properly and in this video the audio will come properly in this part. I am telling you right now it will come properly. And if you say that the audio is not coming properly then it means that you are doing this deliberately because I have tested it myself. In this part, I first prepare all the topics and then shoot intro and outro. So I checked the audio is perfect and just nothing so first of all I am going to do the revision and after that I will tell you what is it and after that I will tell you there is only one module in it, we will know further in it. All the best will be fine for you, so before starting, we are going to do revision first, later I will solve your doubts. Okay, so let's start the revision, first of all I had taught about the basic operating systems in which Well, I don't think there is any need for revision in it, I have told you all the operating systems, after that I told you about the virtual installation in which I told you how the virtual install is done and all the settings etc., there should be no doubt in it. The installation was very easy and if its product does not work then no problem, you can also download the normal community edition, ok that will also work, don't worry, I have just seen it to interest you a bit, nothing else. Later I had told you how to do live boot of Kali, there is no problem in it, it was very easy, after that I told you all the things like basics in Kali basic commands etc. After that we saw numeric to binary conversion, it was quite easy, there was no difficulty in it. No, after that we saw computer memory basics, MBGB, those things and after that IP address part one. Now let us give some time to this. In the explanation about IP address, I told you that it has two types, classes of addressing. Ad Dressing and the second type is Classless Address. What is the difference between the two? We did classes in Classful Address, in which the problem with the classes was that at some places there were too many IP addresses and at some places there were very less. IP addresses were happening why the network portion and host portion were getting like this so there was a slight glitch there? What was happening in the class less dressing? We had no network portion, no host portion, there was no fix, no subnet mask was fixed. So, that's why the subnetting there was working perfectly. Now let's give a little more example. Let us assume that this is a circle. Okay, and this circle is this circle in the class full dressing. If I put a line in it. So you will see that it is getting divided into two parts, okay this means exactly 5050 is getting equal but what do I do if it is in line If I take it out and dress it classily, then I can draw this straight line in this way also, right on the side in the cup, okay, so this is the difference, class full dressing, class full in dressing. Along with the address, I cannot hit this line, I cannot hit it at all, it is not possible in that because its subnet mass is fixed, we had seen these things in it, OK and IP address part two, we also saw in that CIDR means Class Less Inter Domain. Routing means class less address, we saw it in that, after that Subnetting is very important, now I have given an example of a circle, if you cut a line in two parts, then assume that again it is a circle, we will take the range of this circle. 192.168 From 1.1 to 19 192.168 No No 192 255.255 255 So if I have to divide it, then I can divide only from the middle. Sorry, the range is wrong. 192.168 If I take this much till 255, then total will be 256 addresses. First will be Our network ID will be the last one, our broadcast OK, so total 254 is available with us, when I divide it, I can divide only and only 5050, meaning 128 and 128, yes, it will be like this, meaning 126 126, this will be all those network IDs. etc. but I can't do a little thing like this, I want 10 here and the rest here, I can't do this strange, this was the problem in our classy dressing, this was not the problem in class less address, the case is as you like. You can make it in portions, let's say I want 10 here, 10 here and the rest in between, then I could do all these things in it. Ok, clearly, it was quite easy. Subnetting, there is nothing difficult in it, so let me give one more example. Suppose there is a box, okay there is a box, I have filled it with 192.168 pixels from 1.1 to 255 and if I do this, if I divide this box into two parts, then you will see that its size is halved. And these are the two boxes, you must be getting their range above, okay, this happens in class full dressing and this happens because it has a fixed subnet mass, because it is classic, so its subnet mass is 255.255 25.0, networking. If you are not able to understand, then don't worry, I will make a course on networking. Even if you understand a little above, it will be fine. I am telling you so that there is no confusion, that is, if you do not think about it, then you will see that it is divided equally. Suppose I have to make one big and one small, this is not possible because the subnet mass is completely fixed and how is it converted, Subnet Mass IP Address, I have explained in detail in it, that is, how to convert it into binary and all these things, okay? I hope it is so clear, after that we saw IPV sit, there is no problem in it, easy by looking at MAC address, MAC address is a physical address, it cannot be changed and one of the benefits of it, I told you that when someone tracks, that way I had mentioned in it who can be tracked and there is one thing which I forgot to mention. Suppose someone blocks you, someone blocks you from a hotspot or someone with WiFi who is your friend can block you. If you give , you can reconnect by changing the MAC address. This was another benefit. I forgot to tell you that . After that, we saw how to change the MAC address. After that, we saw about ports, UDP, TCP ports. There is no doubt, I did not find it in the comments, so after that we see the URL, the DNS server was very easy, that too, information gathering using google2 security, WiFi, how to create a word list, how to make a word list, we need people like us. PS PIN means Part 2 of WiFi and Are You Hack? It was mentioned in the ending that the revision has been completed. Now we do the doubt solving. Those who work from it go sequence wise and not those who are in high demand. The first doubt was in the subnetting and that. The class one which I have already explained, you will not have any doubt about it in the revision and if you still have it, then go and see, I will not sit down to explain this in part two, otherwise our CIDR easy MAC address will go away at this very moment. Easy and Ports DNS server is also easy. In DNA server it will tell you that if we change someone's DNS address then he will put a fake DNS address. Even if he enters google.com, he will go to hacker or google.com. This is only then. You will understand when the concept of DNA Server is clear in that video, then assume that my DNA Server is 8.8 which is So when I enter google.com, I will go to google.com but I will go to the fake google.com. I understood that the hacker had set it for phishing and it was in the information gathering so address of Tor which I missed first. Let me make it clear, many people say that brother, anything can happen on the dark web, hacking is not at all just impossible, those who are telling you this, cut this clip and share it as much as you want, then those who tell you that It is said that all these things happen on Tor and there are curse websites, stories, red rooms, all these are fake. I have been using Tor for many years. I have been using Tor since the time I was in sixth standard till today. Nothing like this happened to me, I did a lot of research, nothing ever happens friend, are you crazy? Go to the comment section and ask the person who has told you the story, brother, what mantra is written in HTML, what is Om Bhagni Bhagva Dari Om Bat Swa in HTML? Writing the mantra, this is one myth and the third myth is why hackers track us on Tor. Are you crazy? Have I explained? After leaving the Tor 50 server, you go to that website, how will it track who will track us? On top of that, the encryption is different. This encryption is very dangerous encryption, how will someone track you, then these myths have become clear as much as it should be, this one which was just clicked was a clip, cut it and share it and ask for credit, man, okay, so what people are saying, brother dark, very dangerous. There is nothing like that, it means danger, but it is not so much that people tell you the story time, then he started watching the video and kept watching it and he was not able to move, why don't you throw anything so much, you know whom I am talking about. If I am doing it then yes then stay step is a phishing attack pipe phisher if it is not working then Z phisher I will show you Actually I was watching my description in the video I will tell you Pi phisher which is Git Hub banned you You will see that this is the fake one, you can see that it means the real one, Kesra, this has been disabled access to is diable due to violation because whatever it is, it was giving a custom link option and the cloud player is not known, there is no such ban. It should be because the rest of the topics and this is what Pi Fisher is, this is a fake Pi Fisher, okay this is fake, the solution to Pi Fisher is that you try Judd Fisher, OK Judd Fisher and if I can't tell you in every single tool. I taught you everything. If any of you were smart, you know what he would have used. Similar to it. Pi Fisher. This is how I taught you G-docking. If any of you were smart, he would have used this. If you understand, then how similar would he be? All the tools were there, they would have come, simple, you have to do the tools like Py Fisher, if you put them in this way then all the tools were there, they would have come. Now I had said that the root feature is the root feature, so here you can see that this is the root picture. You can try this one, what is there in it, there is no redirection option, now there is an option of redirection, after this video you will learn that in the version with HT track, the HTML that comes in the redirection, by doing a little customization, you can get the custom option. You can do redirection while selecting and there is no option of custom link in it, I can't do anything and you can see more tools like, there is another tool like open income no no black income is a tool this is also a phishing tool means many more If you search then you will find, if you understand then come back then I told you the root of phishing then try it and after that we saw information gathering using phone numbers. Okay now in this I will tell you if you are getting true call npm. Install npm not found package not located enable command line so the simple solution is so at install nut as it comes in it like if I just show it at the top of the screen if I open it and if I go to npm Install in this way, you will see that this brother is telling, but he himself is telling that if you understand the complete installation, then why do I need to ask, it is simple, there is no need to ask me in every single thing, sometimes find the solution yourself and If it comes that npm package is not located then what to do brother, I had told about that too, update it, if something comes like this, then you understand, then it is okay, now come back, I have already told the solution and in true color, if something comes, then that's it. Backup not found, then try once in the mobile to see whether the True Caller app is working or not, login properly once and try again, clear the True Caller as it is, after that we saw. Oh brother, there are so many questions and confusion on this, let me clear it. WiFi does not work in virtual. WiFi does not work in virtual. Let me also tell you why. Suppose this is a laptop. This box is a laptop. I keep a box inside this box whose name is Wiz. I download a software inside it. Whose name is vMware and inside it it runs the operating system, Kali system is not running, only one is running, that is why WiFi is possible in it and it does not work in mobile because we also run mobile in virtual mode . I had told ok, still people ask, I don't know why it is also virtual, after that we had seen how WP to pin security which was easy and that's it, all the doubts we had have been cleared, now I don't think any Now, if there is anyone else, what can I improve in this course, please tell me in the comments, let me say that you have to add music etc., add a little entertainment in between, tell me something like this, okay even if there is a doubt. You can tell and yes I am coming here please come here means don't put words that I can understand from text sometimes I need screenshot also ok then you can message there if you have less followers now If I am able to reply then let's start now. So now let us see what we are going to learn in this part. We had so many modules, right? Now in this part we are going to see only one module and that is Foot Printing and Recon. Sense, now you will say, did you wait so much, there is only one module left, let me tell you one thing, I am a little late but I can't do anything, my college load was so much and the second thing is that you should be happy because Think for yourself, I am teaching a module in one part for five hours, how much detail will it be in, think for yourself, okay, this is my speciality, now I am actually going to take two modules, one on Foot Printing and Resense and the other which is the third module of ours. Actually, the information gathering which we completed in the first part was not the first but it was also imaginary, so the third module of ours was Scanning Networks, neither is Scanning Networks, I was not going to take it in this but I could not gather. That little bit means that this module one extends quite a bit, so I have kept it in part three. Don't worry, part three will come soon, so it is like this. Okay, now what do we do, let's expand this module a little bit and see how this solution works. What are we going to learn in the module, so we will start with the third which is Zero G and this is the third of foot printing and recognitions, after that we will learn information gathering using images. Now you can do it brother, information gathering is a little bit. Printing is a small part of information gathering, so I was actually going to take this part in the previous video but I forgot, information gathering using images means how information is gathered from one image, image data is the second one. The topic Image Data, after that we will learn it contains the meta data of the image, let's say its location, from which mobile it was taken, when it was taken, where it was taken, all these things in Image Data, after that we will learn Share Lock, Who can find anyone on social media. After that we will learn how to extract information like email sub domain of a company etc. from the harvester, after that we will see the part two of the harvester robot.txt robot.txt is a file which I will explain in that part. After that we will learn how all the information is extracted from the domain of a website like who registered it, when it was registered, after that we will learn Photon, sorry, after that we will learn Net Craft and after that, just a little light with Photon similar tools. There is a difference in them, after that, Security Trails Recon is a part of Recon, which is a little big and a little interesting and also a lot of fun. After that, we will learn a track on how to clone a website, its files are indexed. We will learn how to clone CSS and all these files, after that we will learn AT Track, there is a Windows version, there is a Kali version, there is a Windows version, after that we will learn G-Rakan, in G-Rakan we will see how the rest of the tools which were there earlier are reconditioned. Yes, it is the same, there is only a little in it, its use is easy and some important documents are there on some websites, there are login pages, all this is there, it finds us and gives us sensitivity, after that we will learn OSAN Framework in which I will tell you. Whatever tools I have told you so far or Then from what I will tell you further, how similar tools are loaded, after that we will see that actually I did not want to put this but still I put it because it was quite popular, how a person is searched through this, this is the search engine of humans. After that we will learn bill cypher which I did not run properly in it but I will tell you how to run it so you must try there is a similar tool like reckon that is reckon as burst etc similar tool is bill cypher ok after that we will learn sean which is a It is a search engine that searches CCTV devices, smart bridge, smart TV, smart microwave, smart washing machine. What are all these things? What are all these things, IoT device, is shorn used to search for IoT device or web servers, all these things. Senses are similar to shorn bus senses. Which is a little above, means finding routers, finding servers, all these things or network administration routers etc., you should see them in that, after that we will learn that which is as many files as possible on a website. The document can extract all the same, similar to like, but what is that, it will save it to you, that is, you can save the file and on top of that, you can find its meta data etc. After that we will learn Os RF which is There is a bunch of tools. Bunch of tools is actually a tool in which bunch of different different features are given, you can see what is there in it, after that we will learn the meaning of meta data file , how to extract the meta data of a file. In 02 we saw that In this we will see the Mate data of an image, the Mate data of the file, like, who created that file, when it was created, all these things, after that we will learn how to spider foot the internal files on the website, that is, how to find the files which we cannot access. We will see that in Spider Foot, but it is not that it is wrong to access it, that is, there is nothing illegal, it is open search, if there is a bug in it, we will find it, so there is no need to worry about it, after that we will learn Aran which is Gives us information about an IP address that if you take an IP address of a website and enter it there, then its range etc. etc. all these things will be included in it and just like this our course This part will be over so let 's start now we will see a little bit of Foot Printing and Recess which is quite easy, that is, you should know a little bit about the basics of this topic, it is actually not included in our list. I have entered it myself and this is a zero topic, meaning we are going to start from zero. The next topic is the first topic, this is zero, meaning this three is quite easy, there is nothing difficult, so let's start with foot printing and recon. Sense, this is our module, so what is foot printing fruit? What am I saying? Foot printing is like making a map of your target, gathering information from public sources, meaning whatever your target is, let's say your target is demand for an example. Take the website m.com, then gathering all the publicly available information about that website is called foot printing, guess who is its owner, when was it opened, all these things, this is called foot printing from open source, okay. It means from public source, not that if you go directly to the employee and ask, it will not be called open source. Okay, what is Rakne Sense? Rakne Sense is like going on a scouting mission, actively looking for vulnerabilities in the target system and network. So Raksh means that you An AC mission means leave that mission aside, it means that you have a target, to find out what is vulnerable about that target or to find out its network. If m.com was ours, then its network is assumed to be that of m.com. If it has many IP addresses, then how is its network, which server does it belong to, meaning all these things, will it be called a network, or else it is called Dona, Recon Sense and the one who is vulnerable comes in scanning networks or modules in Mollywood with scanning networks. And the Vulnerable Scanning or Vulnerable Analysis was either in that module or we will see it in this topic also, but in this topic it is basic, meaning this model is very basic, in this part, recon is among those who teach very basic. Sense ok let's move ahead so let's see now there are types of foot printing types one type is passive foot printing what is passive foot printing let me tell you this evolve gathering information about target without directly interacting with it it includes methods like searching online database social media public Records Footprint and website to collect data means that passive means no direct interaction. Assuming there is a demand then I will not directly interact with that domain, scanning etc. I will not do anything like that, I will be a little passive i.e. side to side. I will look at his social media handles and see if anyone has posted articles about him. I will look for news etc. about him. This is called passive foot printing and the other type is active foot printing. Active foot printing means this is More direct approach where the attacker engages with the target system to gather information means directly scanning that domain, directly to that employee, means to the people around him, directly ask his employee, yes this is also possible, ask his employee That brother, it means that you can get some information, you can see all these things in the examples that include sending emails to collect information and using tools to prop target network for details. You should understand that sending mails is not spam mails, like yours, this is over, this is over, then you will have to review all these things that happen, no, this is it, active scanning, sorry, active foot printing. So, if you can see the example of passive and active passive, social media public record, then you will understand its difference. Okay, let's move ahead, now let us see the types of pause, sense types of one minute. Have you seen this definition? Okay, a little. C Okay, no one, this is a PPT, I will give you its link in the description. Okay, so now let's see the types of network. So, there are four types of networks, total one by one. Let me see for you, it is very easy, anything is difficult, network, this evolve scanning mapping. The target network infrastructure to identify by active host open ports and services running on two ports . That is what we are going to see in Open Puts and Services, that is what we are going to see in the module of Scanning Networks, which is not included in this because it is a bit big topic, so I could take only one module in one part, okay and so. This is called network keeping sense, simple extracting information about the network, open ports means there are ports as many as I told you and services run on them like HTTPs, all these other types are vulnerable scanning, this evolve scanning the Target system for non-vulnerable, what are the ports that are open, services run on them, HTTP, SSA, TCP, UDP, you know all these, there are many, there is FTP, there is also file transfer protocol, so these services are their opposites. There are versions like 1.0.1 or 2.0. Suppose the latest one is 5.1 and I am using 3.9 and some hacker came to know that I am using 3.9 and I am using this service on a port of one of my websites. On top of that, he can exploit it because it is an old version. If you understand, then it is called Vulnerable Scan. If it is done in this way, then the second type has become Vulnerable Scanning, an attacker's potential weakness that is exploited to gain unauthorized access. After doing this, we get access to the server, which means we reach the terminal of that website. Okay, if we move ahead, then these are two types and there are two types, a third one is physical recognition. Physical recognition, so in its name there is physical meaning. You will go directly inside the company, do some social engineering, etc. and all these things, from there, in these cases, the target is a physical location, evolve in the sense of physically visiting the site to gather information about security, major layout, access points, potential entry and Agist points means that where they go to its office, where the servers are kept, where the main office is, where it is accessed from, where it is managed, where the employees manage its security, all these things are physically maintained, if the sense increases OK, then it would be the last type. This is social engineering, which there is no need to tell, I might have told it before but still I will tell you that social engineering means going there physically and playing psychologically. Here you can see that while not strictly technical, social engineering is a meaningless technique that exploits human beings. psychology two Manipulate Individuals Into Developing Confidential Information Let me give you an example, that's all, OK, that's it, it was very easy, now let me explain it. Suppose my company is very big, understand where it is managed, where it is staffed. Secure means where do all the things come from, I have to gather information, now they will not let me go inside the office directly, I don't have an ID card, there is nothing, so here we can do a little social engineering by hiring a person. Do you know who you are? I am just going to fire you. I mean, this is psychology. Now the man in the Mercedes-Benz suit is very strict. If we can lose our job, then in such a situation, they will leave us inside. This is the biggest mistake. What is happening in some companies these days? Biometric scan is done in place of ID card. Even if there is no ID card, you are allowed to go inside only after biometric scan. Whatever happens, no one can climb inside, so this is what I told you. If you tell me , then in that way I can come inside. Now once I come inside, the work is done, I can explore everything. Yes, if what are the mains, then what are the girls standing at the counter called reservations? No no no counter help counter, whatever happens, that recession, am I not able to get used to the words? So whatever happens there, at the most I can say that he is my friend, it means CO etc. I can say like this, now after looking at my look, he Even if it seems true then it would leave me here and there and just see the information I can gather from there and if by mistake I enter the server room then I can put a pin drive there. And what will happen in that water draw, it is simple and I can come out peacefully, yes, at most, I can be captured in CCTV etc., wearing beard etc., wearing glasses, all these things can happen, I do not do this, I just I am telling you what social engineering is, I have explained it in depth, ok and that's it, there was nothing, it was very easy, put any question in the comment, now let's start, we will start with a very easy topic, we will gather information from Image Now you will say that what can come from an image, a lot can come, if suppose you have an image which means there is a person in that image and you do not know him, then you can find him through Image Information Gathering. Or is it another place, is it a photo of some place that you don't know, you have to find it, you can find it from that also, now you know what is there in it , if there is nothing, then let's start, you have come to the screen, okay, I will give you an image which Let me show you from which image we are going to do information gathering, so that image is this. Okay, now what we are going to do is also called information gathering or Oint. I will make a course on Oint later. It will not be very big, it will be finished in a single part of 5 hours, that is a very good thing, whether that set means open source intelligence tools or technology, I do not remember, whatever the technology is, we have this image and In this image, assume that I am a police officer, see what I am telling you now, I am just giving the idea that how even an image can help us, so I am doing some investigation and I find an image. Lo, someone has been kidnapped and I found the mobile phone of the one who has been kidnapped and I found this photo in it. I can say something like this, this guy is so smooth, he is quite handsome. Really, just look at him once. So let's say I don't know this person and I have to find out who this person is. Okay, so whatever is in the image, I can use it. Now you will see that now I don't know, so how can I find out that I am a So the most basic thing is that the police should ask the people, do they know who they are? Do they know who they are? And secondly, I should get information about this with the help of technology, so we are the ones who will start looking, so first of all, it is a cheap tool of ours. That's google.com, it's ok, it's not working, it's working, I 'm using ethernet , ok , ok, ok, it's here, I thought something else is here, the basic stuff here, now you will say that we also know this, what's in it? Wait man, this is just a tool, now I will go ahead and tell you a lot of tools, not a lot, I will tell you something unique, let's see if it is able to find something, otherwise it is searching the ID card, okay, let's find this guy, we still have to find it. no no none a little bit like this I do like this If nothing is coming, then there is no need to be disappointed because every time you will get the information very easily. If there is nothing like this then there is another tool, Yandex. Yes, it is a rare tool but it is much better than G. I would say only this. Images And here I put that image, I am not able to select it, maybe look now, friend, now if you say so then you should come here, I will tell you one thing about me and [music] is not able to find me but now here A lot of Sherlock Holmes kind of mind comes to mind, I will tell you what is the hint in this photo, I have taken a normal photo, I did not know that I will use this photo in the video later, but I have taken this very random photo, there are some things which are there. We would have seen that first of all, he is in some room, no, he is in some hall, one fan, two fans, three fans, then he is definitely wearing an ID card, which means he is a college and is not in uniform, but because of the ID. It turns out that this is a college, okay now what is it written on the ID, it is written upside down, one minute, now what will we do, now I will show you the image editor, it is actually written upside down, we reflect it, where did it go, where did it go, yes, zoom a little bit. Okay, now I will invert it, it is actually cropped, no, it is not rotated, I want to invert, what is called for invert, not in adjustment, I will show you that we will definitely get something from it, see what is there in resize, no, this is also not text. Adjustment, I right click on it, here actually the editor is bad, let's try Kava, we can make Kava Kava whatever we want, don't do one, go, a minute is coming, what, yes, sign up, I don't like this at all, I know I am back, I am back Back, I will find another tool, stay with me, okay stay with me, I will tell you, some output will definitely come, our crop does not have height and width [Music] Cancel, let's do one thing, we do direct search, we invert the image, no, no, invert, flip, yes, sorry, flip. Yes, that word was flip. Sorry, why didn't I remember? Flip will come now. No, it is not ok. Flip image. Flip horizontal left. Yes, it is right. Have you been watching Flip Flip? Is this zoom quite poor? Image Open Open Image Is it not happening? I save it, it is looking very strange upside down but let's find Kusro Wadia Kusro Wadia Institute of Technology Pune Dove see what is Institute of Techno Lazy Images, it is some college, okay now you know friend, I am looking at my own but I I am just showing you from a perspective that if I were a police officer and someone was doing the investigation, what would I do? Do you understand, I know which college I am in, okay, so this someone is coming from Wadia College, okay. Now if I were a hacker, if I could, for now, you can see that I have come to know that this is someone from Kusrowadi Institute, now what can I do, I can go to the college and ask there. Who is this smooth, who is this world's most handsome boy? Who is this in your college? Will you say yes brother? This is the world's most handsome boy, who is in our college. Is his name Mangesh Jagannath Khedkar and this is for computer engineering. For the first year, I demonstrated this type of information gathering in front of you with a photo. Now you have to take your own photo, it is for someone else, otherwise what will I do for someone else, then I will file a case, so brother, why did you take my photo? Okay, so I have taken a photo of myself from a third person perspective. Do you understand what I am saying? I told you how we can gather information. Now we know even more. Now if you assume that I am someone. Had it been a celebrity, it would have come anyway. Now that I have found out the audio of Kusro, okay, and seeing here in this photo, maybe I will add some Sarwad or just this, I will probably come on Linked In, okay it is coming. So something is coming, sometimes what happens is that some of the students who are there, along with their name, this is Ku Sarvaad which also comes, okay, it is visible that all these who are there are students. And I will definitely come in this, take a look, I will show you, find it, my account is a Lincoln, I do not use it, but it is Lincoln, right now I do not have time, I am showing you for making videos, Linkedin Mangesh, there are many people with the name Mangesh. I will come , look, I am here! Friend, how should I do it right now, here it is: Yes, it is done, okay, so as you can see, I have done it. Now suppose if someone had come to my place, you would have found some of his colleges, maybe look now, maybe you can find it by searching. That means he did not come up on Lincoln page only in the image search because I did not post my image anywhere and perhaps in that way also you could have searched his college and if he was on Lincoln page then in this way he would come up as if I have come. Don't put anything in it, don't follow me because I am not putting anything in it right now, I just created it, that's it, so this is how I got it, in some of its followers, in some connections, maybe there, I can investigate here. From this I came to know that this is my school. Now yes, the one thing that I was going to tell you was important was back back back yes now suppose I do a black attack. In the first case I told that I am doing some investigation and the investigation. While doing this, I discovered who I am, that is, I discovered who I am. Now suppose that I was doing some black hat hack, some bad hack was being done and I wanted that target, then with that target I could reach here. Gaya till Wadia College, now if I go directly, then who will tell me who is this person, why do you want it, they will ask directly, why do you want, what do you have to do, then what would the black attackers do, in this way they found the website of Wadia College, they hacked it. We will extract the list of students who will be there in its data, now because in that data there will be a photo of each one, when we take admission, we submit the photo, then whatever photo is there, it will be there, understand that every small -It's the little things that matter. In cyber security, if you give just a small hint to the hacker, then the whole thing is complete. Where did we start from a photo, how far we reached till hacking the website. Reach does not mean reaching, I am just telling you the creativity that the hackers think in this way and that's all. This topic was quite easy. I told you how important even the smallest thing is. I will further study in social engineering. I will tell you the Theory of Social Engineering which has been written by me myself. According to my experience, I have not read it anywhere but it is not in this part, it can be in the third and fourth part. It is quite interesting, it is okay, it will be a lot of fun. So I have just told you what can be done with the image. Now I can find the location of this image. You know, just now in front of you, I found that Wadia College is there, but still, let's say that I could not find it. By imaging the image, I can find the location. I can also find from which mobile it was taken. We are going to see this in the next topic. Okay, so just like it. Well, this is the beginning, let's move ahead. We are going to learn how the meta data of an image is extracted, I may have told you what is meta data, but I don't remember, whatever is the data of the data, it is called meta data, what does it mean? Are you watching a photo? Are you watching a video or are you watching a text document? Now what is there in the text? What is there in the text? Text is text. If something is written, then what is it? It is a data. Text data is in the photo. What are some people, nature, trees, water etc. What is that is also a data but image form has pixel form, what is video, that too a frame by frame, everything is visible in the video that is played, that is also a data. This is done in the video format, now who made that photo, suppose it is a photo, who made it, where was it made, that means, sorry, where was that photo taken, with which mobile was it taken and which mobile was the mobile with which it was taken, all these things happen. It is called meta data, meaning the data metadata of the data, so now in this topic we are going to learn, so I am going to show an image, you do not need to show the video because if you show the image then you will learn that too. I also showed one more thing, there is no need to show it, I will show only one thing, it is very interesting, it is quite interesting, okay, I was actually going to put this in part one, but what happened at that time, in the ending, I fell a little sick. So I forgot the meaning, but let me tell you now because this is also a part of foot printing, that is, it is a part, so let 's start, it has come on the screen, okay, so let me show you the photo, this is the photo I took from my mobile. You can see this smooth Okay, we will get some information about this smooth thing, okay, in the front or in the back, I must have shown you this, was there something here, let's go here, whatever it is, you have to open your browser, okay whatever it is and here you will get it. You have to search Image, Image Meta Data Extractor is fine, there is no need to understand anything about it, Image means Photo Meta Data, you know Extractor means it is fine, now its tools also come, some websites also have many things, I will prepare the website only. Because there is no need to download, so what are these free source tools, it is okay on assist five days, here and this image can be taken from any website, it is not necessary that you have to take it from me, it is okay, so the processing is going on okay and this extracting When the meta data is done, you can see that its file size is 3 MB. The file is modified, which means that I took it when I was making this video and today is the 7th. Yes, it is correct and the file type of the change is GPG, Little Indian. Do you know, it is a C phone and the model name is pixel, it is absolutely correct, my mobile is pixel 6 and ADR 10 plus software is something, something, something, okay, now you know what will happen with this, many things can happen with this, now I have come to know that If I have a pixel 6, I can do social engineering on it, I can call that guy and say, 'Yes sir, I have to come here,' that is, I can say something like this and I can make a fee in the service store like that. I will take the mobile and install a Trojan inside it, which means I can install spyware. I am a hacker who has the creativity, now look at the idea in front of you, I have created it, I do not do anything, I am just telling you. If you think about how the hackers are, then this small information can also be very useful. If you understand then move ahead, Orientation Harijan is fine tomorrow and the modified date that you can see is that it was created on 19th of the third month. One minute now, how is this year's day, let's see, yes, this is the fifth month, so okay, so this is in the third month, which means it is showing on the 19th of March at some 7:30 and right down to the millisecond. So this is very good information, now from this I can also find out when the photo is taken or see I told you that a hacker just needs an idea, even some small information can be very useful for him, if you understand then agree. Now, that is a normal photo. Okay, what I have shown you right now is a normal photo, if you assume that someone, you mean someone, is the target of a hacker and the photo of that person must be in Kashmir, someone must have gone for a walk, and that photo will be given to you. If you get it by mistake, then you can find out from it when he came to visit, okay creativity, I said no creativity is needed, so let's see what else is original, it is nothing, rightness value etc. etc. Okay, the flash which is off was. Okay, and the focal length is also visible, now you can see this from go6 for many photographs, I took this photo with the front camera, now I don't know what is its use, it means the same thing, creativity is required, some hacker should just have some idea. Now let me tell you about GPS, you will not get the location in some photos because some mobiles do not store the location, you must have seen that by going to the settings, there is an option like Save Location to Photo, that is , in some mobiles you must have seen it. You must have noticed that that option is not there in some mobiles and in some mobiles, what do you call it, there is a pre-default option to save, it is okay, so it is there in my mobile and I keep it because I value it. If I could have brought many, then maybe from one of my last photos, no one knows how to find me. Why have I kept it on? If I have to turn it off, then it is showing something that there is something in the North, there is something in the East near sea level. Don't it? Very coordinates are below I will tell you further let's see what it is and what is it Profile Date Time 2023 Ti 23rd March 3rd in 2023 Signature SP Maybe this could be something Maybe this is the manufacturing date of the mobile This could happen because I have seen in 2023 It was taken in June but it is possible that before that there were many manufacturers. Now at this time, if someone is doing an investigation, now let's say that you are a police officer and doing an investigation, a photo was found and his mobile, you came to know this. Once you know the time, you can go to that manufacturer and the company and ask which mobile was manufactured at that time and what is its IMEI number. Then you can track it with that IMEI number. Yes, see creativity, I told you, creativity means practice a little, stop rote memorization, okay, when you stop rote memorization, you will be able to think everything like me and then go back to the same, let's see what else is there, I need something useful, friend, useful means useful till now. There was a lot of information and I got it, look, I got the coordinates, we can see you and GPS latitude and longitude, now perhaps my location can also be found from this, see the accurate from coordinate to location or you have to search something like this and let's take this website. Block is still there, still taken, come on, no one but this one, let's see now, let's put this top, let's control 18 degree north, let's see what is coming, then it is not this, it must be wrong, the website is not correct, wait, let's look at the maps. Information gathering can be done through small things. Okay, no one will tell you, but take a minute and tell me, there is nothing like that and this also has to be put. Hey, copy it under Control C, do you know my course, specialty, do I teach it very calmly, something like this. Now let's see what is the location, I know I am putting something wrong, that's right, wait here, what do we have to do, I don't know how to put it, let's do one thing, wait from the coordinates, let's go back to the same website. Let's put it a little slowly, we are fine Lattu 18 degree ok, we put this much, what is the rest of this, can we put it like this also? Yes, I don't know how to put it like this, just a minute, sorry, I mean, I am waiting for a long time. Done, I don't remember how to enter it, yes, yes, got it, got it, okay, sorry, got it, 18 degrees north here, degrees 32 32, okay 32 3.79 3.79 3.79, okay, that's it, and what's next, 73 degrees 73 degrees north. Yes, yes, it is in the North, it is okay and it is in the East, 73 degrees East and 52 and here 47.0 47.0 7 0709 what was it 09 yes now please come let's see, it is coming, see I know this is the name of my college. Kusro Wadia Institute of Technology, we saw it in the information gathering. Okay, so now there are 10 12 colleges in one of my colleges, I don't know why they have done this but this is absolutely correct, it has come, it is accurate, it is absolutely accurate, here I am And I mean, it is my college only, but in one college, 10 colleges have been made. I told you that in one college, they have made 10 colleges, so out of them, I have Kusro. This is Mesco, not Maharashtra Education Society, Maharashtra Education Modern Education Society. Sorry, Modern Education. Now I don't know what is its full form, Society, but look at the information, we have gathered its exact location from Ekam, now what can I do, I can go to that location and hit it, okay, I am joking and you can see. I found out his location from an image, found out his phone, when was that phone made, I also found out when that photo was taken, and I gave ideas as to what can be done with these small things. So just practice it and there is no such thing as misusing it. What happens nowadays? Please someone about instagram2. It is used to find someone on social media. Suppose you have a friend and you want to find him/her. If you want but don't even know his account then I will show you the meaning from which second he can be on the platform, you will understand it directly. So let's start, first of all what we have to do is to open our terminal. I will give you the zoom , I don't have to do anything else, lion lock, just type this, it is okay, now the matter is that if yours is not installed, then there will come lion, not wound, do you want to install it, then press Y and enter. Give and after that if the error comes that package share lock not found something like this then do sudo AT update and after that it will be installed, so I have already done it, I do not need it, you can see how its users press dash H means help. To see the dash version, verbose means in complete detail. Suppose an error occurs in a tool, then to see it in detail, we use verbose. After that, the folder output which you can save if you want. If you want to do that, then the name of the folder, output means the same text. Exter means that by changing the IP address, you can extract the details in the CSV file, the site name in the Excel file, you can also put a specific site, can you put it on this site? So you will say that now how are we going to do it, there is a list inside it of all the social media agents, that list is there inside Share Law, we search for it on every platform, then if you want to do custom then the site name. Here you can put proxy etc. if you want to put Jason file time out, meaning if it is not there, then skip it. What happens is that sometimes it runs slow, meaning it takes time to load on a website. Here you can take the time i.e. maximum time should be spent on one website. Print all user names. If you are going to use this command, then share lock has to be put this much and space has to be put and end. You have to enter the user name, now suppose I have to search for myself, my popular nickname is Mangu Man, I can try this, okay, you don't have to do anything else, just enter it and wait, then this will be on all the social networks. If you start searching beyond the media's website, then a lot of people are coming , I am not on social media, but some are coming, okay , so total 43 results have come for this and academic etc., all these. I am not at all, I heard this for the first time from the website, maybe I am on Chase, let 's see, if we open the link, it will open, okay and it is showing Canada Mexico, so it is not there, after that, I am not on Duolingo. Where did Lingo go now? Here is fiverr.com. I am 100% in the project Hacker One. My account is also on Hacker One. I was thinking of doing a bug bowtie but I am not getting the time because a good time is needed. Look, this is me. So in this way, I have found me, now you can find your friend, okay, you can find anyone, in this way, yes, I have found an account, hacker forest ka ka see, now a strange man will come who will give my user name. This guy stole it, I don't know man, he took my username, took it and what not, I'm not on Reddit, I might be, I don't remember, I see this, we probably see it from the playlist, no, this is not me, not a minute. Yes , no, it's not me, I'm on Steam, maybe I play counter score, but this is my manga also coming but it's not me, okay, I mean the profile photo is the same everywhere, it's the same and the yay one is also not me. The same Katkala guy that we got earlier, this is the same [music] guy, he also used the username R, so that's why I want 69, you will see it, and okay, if you get it, then let's do one thing, if I want to find P, then I try in 69. Maybe my account will come, let 's see , you can see that it is taking some time to load, that is why there was a time out option, okay, so it got 15 results, out of which this one is mine only. Let's see, you can see that it is working . Now what do you do with my Instagram? So maybe it's me, no no, it's not me, I had my account, here it is of course I am here, so okay this is what is working. Now what do we do, let's see some hackers too, let's see David, we see David Bom Baal, if you know then it's good, if you don't know, then no one [music] git guy, see, we found it, this is David Mamal, if you know So let's see on Networking Expertise Yes, this and this, here it is, look, I found it here also, now it may be on Payne, look, it may also be on such social media platforms which you don't know, see, I found it on Payton Itna India. I am not so popular, Bayer is very popular and there is also F P, isn't it, otherwise it is okay, there are many of them on Telegram, it seems to be a CCN, this does not mean that it seems to be a pirated channel, look like I said it. Do you know what is the thing in India which is seen in tra hack? In India, people use the same platform which is mostly popular or your neighbor is using it. If you assume that like we mean mummy mummy ji, look at it, it is okay. So what does she do? Tell my mother, she is her own friend, that is, she creates an account with her friends wherever she is, so this is how it happens in India, it is not like this in foreign countries, what happens in foreign countries. There are new platforms of social media, they keep trying and trying, so now you saw the account of David Bumble, I got it in many places but look at me, it was not found in many places because I am not I am just sub domain and names of its employees. This is extracted by using a tool whose name is Harvester. Remember this extraction is not illegal, it is open source, so we just use a tool and the name of this tool is Harvester. It is quite easy and fun like This one was similar to the previous one but this is only for the website and just try it, start it, once you get on the screen then nothing, just open your terminal and here you have to enter 'The Harvester', remember that it is capital in this. If it comes not found then you have to install it and if it comes package not found then you have to update the sheet and it will be installed, I enter these are some of its commands which is the helpline, we have got it, not the helpline, sorry, we have got the manual for it. Of course, for H, you have to enter H domain. D means D, ACD, D, it will also work. What is limit, what does it do? You must know that there are many search engines, such as google.com, bing.com, yahoo.com, etc. Are all these search engine hacks also one I told you, so all these search engines are there, with the help of these search engines, they give us whatever information they are, so this limit is being shown because the results are quite a lot . Big ones come, okay sometimes, so we can impose this limit. Start means just to start we need to take a screenshot to check the DNS server. DNS resolve means from which DNS they are going to reach that domain. DNS, I taught you Cloudflare, there was another one, its name was something like this, it was something like this, file name, if you want the output and the source, this is the source, here you have to enter which one which search engine you are using. If you want to put it from i.e. if you want to do research then let's start using it which I will tell you: The harvester. Suppose I had tested earlier, you can see that for now we will do google.com. Okay, now this is DB. That is, if you want all the search engines to be included, then you can also enter all and if you want it to be from custom, then enter their names here, now you can see, I had entered 'Dang Dang', so still I will put whatever is in front of you and the result will come but not for a minute, but not for a minute, it gives better results, let's start small first, let's start with 'y' and then enter, I have already started this tool - Sometimes it takes a little more time but sometimes it happens quickly. Okay, so a lot has arrived. Let's see what it has done. No email address has been received from it. No email has been received from it. It means the email is not a support email. Or even an employee's email, sometimes it can also be extracted on a cheap website . For now, it is not needed. Just look at this, it has extracted it from all the domains. What is Google.com, a domain and this is If you understand that by putting about account dot, it is called a sub domain, then it has removed a lot of things. Now let me tell you what is its use, when all this work is done by the security analyst, he is given the task. It is given that our company, suppose you are working in a company, its name is, let's assume my company, its name is Mangesh K, maybe m.com, so on m.com first and I hire you as a security. Analyst, which is the main job of a hacker and here all these things have to be done, reports have to be made that this is from so many domains, this is all the domains, this is the sp address, this is all this. There are so many emails that you have provided and so many things are visible, so all these things are useful for making reports and sometimes what happens is that you are seeing all these domains, some of these are all domains. Whatever it is, it may be sensitive. Let's assume that for now, this is Google.com. It is important for Google.com. What do you say? Same condition is confidential. Google.com is as it is. It can be used wherever it is. Now remember here. This thing is sometimes useful for bug penetration testing, so what do we do like this, that is why there was an option to output the file, here the file name said, this is what is sometimes used for the output, report. All these things that can be extracted to make it are not needed for now, I am just telling you the use of the tool, so now let's see, I do one thing, I clear it, now you saw this result. Where did this come from? Where did it come from? Okay, now let's change it. Now let's look at Bing which is from Microsoft, so it will also take time, it will not be quick, so it has not given many results, it has given only a few. Okay, you have to try different search engines, now let's try Dug Dug, our Dug with Tir gives a lot of unique to Dug, sometimes it has given something unique, I have cleared the earlier one but first this Encrypted API Encrypted Two Factor to Factor Support This was nothing earlier, now as I said that sometimes some subdomains can be sensitive, so here I open the browser and if I paste it here, you will see. I am not able to reach here, either he must have set his own DNS for his app, where only he and only he can access the app, not me, this may also be the case, or it might have been closed, something was there earlier. This can also happen here, so this is what it is, sometimes you can get such information like OGS etc. policy support, if you are getting something like this then what do we do now let's try Tesla, ok Tesla ya dag dag go come back again This time we will see from the results, okay , maybe we can get something from the slightly less popular Tesla from Tesla Lan Musk, okay, it took a little more time, but if no one has come, then from here too. I found some shop service profiles, there could be something in the ownership, there could be something in the IR, there could be something inside too, digital courses, courses, none, there could be something in the outside also, there could be something in the admin panels, etc. This is how websites are. Let's see what is there so something is coming Tesla th is something like this means it will probably be a login portal for the employee so it will be small things information and like I said email found four emails which are it found press seatel Service Self Sir Serve Drive Tesla Details What I am showing you right now is from Tesla, security experts work there too, so they know that all the information is not allowed to be accessed by these tools, hence the result. This is not enough, if you try any cheap website then definitely the result will be as per your satisfaction and this tool was very easy, there was nothing difficult in it, definitely try it, visit the college website. Then you can try it on any website for practice. If there is nothing special in it , if you have any question, then put it in the comment. Let us move ahead, there is a lot of detail about the harvester, I forgot to go there, I had to tell you, that is why there is a part two. And now what I will show you is quite interesting, which I showed earlier, okay, so let's start, the first thing is to open the terminal, always zoom a little bit, I am okay, so the Haar Harvester, okay, now first. What we did was, I only entered this much about 'The Harvester', I was fine, so no he had given only this many options. Actually, later when I was checking the video, I remembered that I was forgetting something, so I was forgetting this. That when I am putting dash H, more options are coming. Look, okay, so this is what I had to tell you. Look, sometimes it can happen that I miss something, so it is not that you also forget, you One tool is to teach in detail. If I start teaching in detail, the course will become very big and one part will be completed in an hour, otherwise I would have to complete at least one module in one part. If I start teaching each and every tool in detail, then it is not going to be learned, otherwise I will teach you the basic use of the tool and you have to practice that, I cannot do everything, you also must practice yourself. And this is the most important thing in hacking, so whatever is available here, you can see in the sources which means which sources are available for you, so you can see here, right now I was doing a little research on this. What used to happen earlier, when I was starting out, I had learned that Harvester also had the option of Linton, so what would happen with it, whatever was our domain, it was related to it or whatever company it was, all the employees related to the organization would be available, that is, available on Linton. So their list comes together, just look at it, this is the use of the tool, if you search manually for EC Council employee, then such a direct list will not come. If you search at every place, EC Council, then so many people will come up. It is better to see each one of them, then see here, this is what is used, but when I again mean, I try everything to make sure everything is going well, then I record it. I tried, I saw that now there is no option of 'Lin', so what to do now, I too can't do anything. But there are many other good options, Hunter is there, we can try it once and maybe we can get emails from it, okay, Hunter is okay, let's see, it is saying that it needs an API, maybe it is missing API, okay I guess I don't have it and probably have to buy it. As far as I remember, zoom URL scan is the real sub domain finder, sub domains come from it, there is no need to tell anything about it, its name is Duck Duck Go, I told you Bing. Also I told you that Brave is nothing but a normal search engine and there is something else, so all these options are there, you have to try each one, I cannot teach you because I do not have that much time and you also have to see. But you must have time to practice because when you do it on your own, you remember those things. If I tell you, you can forget it, but when you do it on your own, you will remember it, so that was all and that. It was Linton's, if it was there, then if you find it, please do let me know in the comment that I have found it and its version, now you can see that the version it is showing is 4.6.2, so if you find that link, it is Ton's. Please tell me the option, it is very interesting, maybe I will teach it in the next part or there is no need to teach it, if you have found something, it becomes very easy, just put Lincoln in place of DB, please comment it. If you get it and have any question, put it in the comment. Moving forward, there is a small topic that I would like to tell you about, which no one teaches in the course, but it is very important and it is a bit of a rare topic, okay and very interesting. Also, which is robots.txt, what is this, this is a file which is there on every website, not every one, but some people are afraid that their website might be hacked by someone, that is, there is no fear, they keep this file for safety. We mean in files, what else is there in the files of the website, this is the very sensitive information which is inside the file, sometimes you can get it like the search engines which are there, our [music] has come on the screen, now what do we have to do? Our browser is to do this, we do not need any tool for this, we do not even need any website because it is inside the website itself, so we take any website, we take the same thing like y, let's yahoo.com, it is okay, it is a search engine which is It is coming, now what you have to do is to put a slash, enter it like this , robots.txt, okay, after entering, you will see that a file has come which is not easy to come, so it is saying La Sl. If there is any directory here or here, then it is saying that disallow all the directories and also the site map which has been given here, whatever happens, site map is a very important thing, it is an XML document. It is by the way, where the structure of the site is there, how we have to manage the structure, we have to do that there, now what we have to disable is to disable the search engine, suppose someone searches by mistake, users passwords now. This will not work because no one is crazy enough to upload a file publicly and keep it in an encrypted database, it is absolutely safe, but suppose someone uploads it from a cheap website and they have not managed it properly, then no one can If the user searches the password, something like this and if he manages the file, then the truth will appear in the search engine, then we will block it. This is the idea that we can disallow that this is what is not in the search engine. If that file should come , it blocks it, it tells the search engine to put a slash in it and that's it, it's okay, it's saying that whatever it is, it's not existing, okay, let's see what we have here. Oh no, it's not like that, paste yahoo.com here and it's fine, whatever it is is not being accessed, but no one can access this directory you are seeing, only the administrator can access it, that's why it is deleted. Because it will definitely contain some sensitive information, now what do we do if we look at some other website like google.com, if this website is a high level website, then there is something special in it, we cannot find it, if the spelling is wrong then it is okay. Here I got this result which is quite big, a little bit fine, so it is saying that user agent star means as many user agents as someone is doing [music], then payment etc. Well, it means that if you search payment in the search engine, something like this in maps payment. Your payment settings may not come up from search engines, so they might have disabled it, so you can access it only from settings, whatever is there from the map, what else is allowed to access, mark up, image shade, user agent, twittersignin. com excel file where table format name username password are their details. I have seen this myself. If you are doing training then it is very important for robot duty. Do not ever forget this. Always remember that in bug hunting there are some chances that this work will not work. It means there are very less chances of it being useful, starting from zero point, but it is always good to do this check and do not forget it, many people forget what it is and later they do not remember it and sometimes it means vulnerable or bug bug. They may face problems in hunting. Okay, so just put any question in the comment. Let's move ahead. Now we are going to learn about Hu Is or some people also call it Huj because it became a little fast, that's why and this. There is no phrase meaning who is who, it is not like that, it is the name of a technique which we can use to get the email from a domain, the email of the person who registered it, the phone number of the person who registered it, sometimes his name also comes where from its server. Its location is also included, many things which are important sensitive can be included, but nowadays it is not so, many people register with a provider, as if 'daddy has become a host', all these things which are privacy maintenance. But sometimes what happens is that some people take some cheap services to save money, they do not take care of the privacy, from there sometimes the privacy gets exploited, only then we see a lot of things. It is easy, there is nothing and it does not have any tool, meaning but it can also be a website, it can also have tools, you will get many options, then when we start, we have come to the screen, now we have to open our browser, it also has some tools. There are terminal ones, maybe we will see later but for now let's just look at the website. Okay, so you have to search. Who is Look Up? Okay, Who is Look Up? What is Look Up? What does Look Up mean? It is a technique like I said. A look up is a technique, if it is, then it is luck, just put it friend, there are many other websites which will come to you, you can see any one, it is okay, all the websites which are there are working the same, so there is a slight difference. It's great, so here let's assume that you can enter any domain, now for the example we will put google.com and search it. Okay, so it is telling that I will put a little zoom for you. Okay and it is telling that this is what Mark Monitor had registered, this domain is fine, let's see what is Mark Monitor? Mark Monitor was an American software company formed in 1999 and whatever it is, you will get all this information from here. You can also gather some information about this, you can also gather information about who is running the website, is it from his family, so all these things, whatever this is about social engineering, comes back to social engineering . So as you see Mark Monitor now I can find out who is the CEO of Mark Monitor what would I have done if I had done something bad is this Mark Monitor who has what he has got something maybe that google.com means some rights Maybe they can make some deal with them, meaning if I were to do a black attack then what they usually do is they would go to such a company and make a deal with them saying, brother, we need some information, we will give you money, give us that information. If we need data , then I am just giving this card, I am not implying anything, I am just telling how I think, okay, then after registering, you should register with a completely trusted service, that is, a trusted service. Have you understood the domain ? Coming back, this Mark Monitor is a website, okay, it had registered I NA ID, this I NA, you know, I have given the URL here, okay, I have also given it to you and I have given its email to you and we got its email and its A telephone number is fine, don't prefer the telephone number which is the one of support and this is the email with complaints, we have seen now the meaning is written on it and this mark monitor is a website, if suppose someone has gone somewhere on his own and registered. If it had been done then maybe its name would have appeared here but if this company has registered then the name of the company is appearing. Register Status Client Deleted Prove Transfer Prote Update. So something is visible that first the deleted transfer took place then the server transfer took place. Something is visible. and you can see that it is so old, first of all Which was created in 1997, which will expire in 2008 but Google.com will update it before that and this is what got updated here, the name servers are here, it is fine, it has some 25000 sub domains, wow, this much is too much, man. Come on, this number is none, you have found the IP address. You saw that we were not able to find the IP address in the harvester, but here we got it, okay, none, it is good, it is nothing special, finding the IP address is nothing special, it is very easy and Ho and 188 other sites hosted on this server It is also telling us its location in California Los Angeles google3 736 changes Ho g on 736 unique I address over 20 years Ok three registers with two drops meaning first time probably mark The monitor had registered it, deleted it, maybe then transferred it to our account and then maybe something like this happened and we have seen the register and here is the record which is there, we get to see a lot of things which you can see. Check that whatever website you are testing has city fax etc. Okay, so this is the information we are getting, now what do we do, we try another domain, how to explain something, let me do one thing for you, I will tell you the definition. What is name server? Name server is a computer application that implements network service to provide response to query or direct service. I hope this clears you up. If you are not a developer then maybe this search is not coming, then name servers are also shown here. To help , URL with IP address of web servers means that DNS is related to DNS. You can see that if you enter any name, then we will try to connect with the files that we have. I will make a course on networking, it should be clear in it. Don't worry, for now just take it lightly, this is the IP address they have and four other sites hosted on the server, it is telling again that it is Cannes City, it seems to be the register and no website, domain status is fine, what do you know? No, 178 changes in 18 years of 178 IP addresses, the host registers with one drop, which means a few people have registered, out of which one has been removed, it is something like this, meaning the whole thing, we don't even give a single sentence, we write very short hosting history, we don't need it. So this email we have seen earlier is fine and admin or something is visible, look this is the registrant email, probably the registrant fax, got his number and this number is different, this number is different, yes postal code also got it in San Francisco city and absolutely exact. We have got the address, maybe it belongs to the chat people who had registered, maybe I don't know, the admin is ok, this too and this is back to the name servers, ok, so now let's try another website, we will try three websites. And got the third number also and this is probably the exact location meta saw meta meta isn't it facebooksignup.in [music] so many changes host inger n means this is the server on host inger there they have hosted this website open provider from here He has registered the domain, it is fine, we are also getting the phone number, which probably belongs to him, you can register it, you can see that the Director for Privacy, like I said, if you do it with Trusted, then your privacy is maintained, if you are cheap. If you register a domain from a cheap website, then you will get such websites which do not have everyone's privacy, so you can see a lot of things, they have kept a lot of things hidden for the sake of privacy, and that's it, that's it, there was nothing just like that. While doing one thing, we try other websites also, a small topic, no matter it is big, it will be fine, but we check what results are coming on different sites, post them on our website , if we try it, then this technique is taken. Okay, I am telling you, I will put the zoom, I am showing the same thing for you on the status quo which I was showing there, but here I am showing it a little organized, there I was showing it in a neat manner, here P It is showing a little organized data like this, remember that this means it is fine for you, that is why it is saying domain admin in meta platforms and that is all it is showing, okay, no one else, so as you have seen, it was quite easy, we have used it. We can get the email, its location, on which server it has hosted that website, we can get the location of that server and who has registered, all these things can be found, how much and when has it been registered, how many domains are total, we can get many things. are the IP addresses of the name servers. Above we will do further scanning, I will teach you further, there are many things to try in this topic. If you have any question, please post it in the comment. Let us move ahead. NetCraft is a very important tool and this tool is quite popular and there are many companies. Let's use this tool, actually there is a website and it provides us with some services like extracting the report of the site, checking its DNS, suppose you have a company and you create a website for it, suppose my company is mhcet. Org domain which is stolen. Suppose he has stolen Mangesh's domain and on top of that he is doing phishing. He can do it either by removing such sites, which is a net craft, many companies use their brand. To protect, but it also provides many tools, let's say, getting a site report, getting its subdomains, who is the owner of that company or that website, all these things which we are going to see, so let's start first. We have to open our browser and here you have to search NetCraft, it is ok, NetCraft, so do not open the website directly, let me show you what this company does, so here in solutions, if we go to service. So here you can see a lot of things like phishing detection, conversation scam intelligence, brand protection, domain protection, domain and website takedown, these three options are the same, I don't know why they are given differently, cyber threat, social media protection, all these things which are meant to be provided. Karth and here you can see many of them, what we have to do is to come back and these are the research tools, we have to go here. Okay, so there are total four research tools out of which we are going to show you the site report. Rest you can explore, no one, I will tell you the use of each tool from basic or basic to a little medium, you have to practice by yourself to go deeper, okay then visit site report and okay here we are. And here you have to put any domain, for now I put tesla.svs, okay first scene, okay, there is something, let's do some research by looking at these sites atom, from this we should slowly research each and every thing. Because those who were bug hunters would have done the same thing Techno Law Techno [Music] Laws Cloud Comp Security Content Delivery Okay so tell me he is the owner but in reality he is not the owner or it seems like Tesla has hired him Cyber For security means, for security or for cloud computing, you must have done it. Ok, my technology, I had heard it somewhere else, I don't remember but it is ok and you can also give the hosting country. This mark is the monitor I saw in the previous one. When we used to extract information from a domain, maybe I saw it in Hui, we marked the monitor, this is the same, they registered the domain, IPv4 and virus total by the way, I will teach you later, virus total is quite interesting, it is a website. Actually it is good, it will be fun and this address is ok and it is some days ok, we have got so much information about the network, so SST LS by the way is a certificate which any site gets, so it says This is not an HTTPS site, if you are looking for an SSL certificate, the HTTP site report is correct. It is a certificate that certifies a company or a website that the website is using good encryption, which is SSL. Encryption is done by the way and you get a certificate for the same. When you register a domain, some domain providers give it to you, otherwise some you have to create it yourself, so let's see . Here the certificate is here, maybe it is fine, whatever it is, you should explore all the things, otherwise it will become bigger, so what is the center policy network, maybe they did a test on each IP address, describe mail on it, this is Done by SPF Record Containing a Series Rules Each Rule Consists of Qualifier Follow by Specification So something is a test Maybe from its name it seems like some test that they have done ok Let us take as much as we need Nothing is useless either Okay, now you can see that this can be a little useful, because this is an email, I think it's okay, D mark domain, best message authentication reporting and okay, so here you do some research, a website comes up email checker okay. There is an email is real and not, you can definitely check this email by going there and if it appears there If it is true then it means that this email can be of some use. Okay, the tracker which they have in Google 3 testing, then the extensions which are there, assume that you have a WordPress website, those who are developers must know what WordPress is and those who don't know, tell me. Let me tell you, WordPress is actually a website where you can create a website on top of it by taking templates without coding. Above I told you about a WordPress and what happens in it. Sorry, what happens in it when you build a website. Where you can apply extensions to your website. Suppose if your website is not appearing in the search, then there is some SO tool for search engine optimization. If there are such extensions that you can apply, then there are some extensions like this. That the access site is very fast, suppose there is such an extension and there is some vulnerable bug in that extension and suppose I find it, then I can exploit it and by exploiting it, I can access the entire website, that is, the data inside it. I can remove it, it depends on whether it is vulnerable, so there are small things like this, let's say this is Varnish ATTP, you can do research on this also, you can find any bug in it too, you are still in the beginning. You won't understand right now but later when I teach you will understand what I am doing right now, so this is also an informative thing for us Server Side SSL T K Cryptographic Protocol Communication Security Oh see I told you. First JavaScript is ok c Tag Manager Framework and Library is development application EPI is ok c Tag Manager's EPI du pal yeh kya n open source content management system content manage computer program ala publishing editing ok so they have also added an extension which is Now you can do research on the content of the website to be modified. Look, I told you it's the small things that matter, now you can do testing on it to see if there is any vulnerability in it. If it is available or not, then it can be exploited on top of that. There is also PHP Dripper. This is also no. This is not this. I think HTML is fine. Okay, so it was something like this, whatever tool we have and that's it, so you have. Saw Network Craft which is a very good tool, it gave a lot of information, I came to know which extension it uses and in that extension I can find any vulnerability and exploit it and can also report it. Yes, if I can exploit it, after reporting it, I may also get bug hunting. Bug hunting means finding someone vulnerable, reporting it to that site and in return they give you money. Simple bunting. So look at a small thing. I said, even a small thing can become big in the future, so it was quite easy, if you have any question, assume that nothing is going on, you are not understanding anything, put it in the comment, let 's move ahead, now we are going to learn. About Photon tool: Photon is a tool which is used to extract all the external and internal directories from the scripts running on the website. Never forget it. It can be useful to you in the future. When you go into penetration testing or bug hunting or web application hacking, then just look at this, what we are doing right now, we are doing foot printing, it is very important, let me tell you one thing or else I have started. I must have also told you in the beginning of the module, this is foot printing, scanning networks and after that we mentioned all these things which are important. When I was new to hacking, I had skipped this, I found it boring. It seemed useless but later when I started learning bug hunting, I came to know that this is what is most important if you do not want to go into web application hacking but want to go into some other field i.e. hacking. It does n't matter if you don't learn it, it's your choice. Okay, so let's start. First of all, we have to take our terminal, I will give you a little zoom and here you have to put photon and enter. Its manual will open when you enter Photon, it will say this is not installed Photon Photon is not installed Do you want to install it Y no and press Y and enter the password and when it gets installed then let's see what we have in this manual. What are you giving HD? Do means further, URL of the website, okay, cook regression, I am not going to tell you about each and every option, I am going to tell you the basic usage, you have to do it in depth, you have to do it, okay, threads means how many threads to use. What are you supposed to do ? You won't understand this now or later I will teach you what is a thread. Okay, Delayed means maybe I think it could be a verse. They haven't given anything further. They have given seeds. Okay, User Agent Excludes a lot of things here. Let 's see that the level is fine. Levels to crawl means what does it actually do? It scans as many directories as there are. If you give level one, it will do a normal scan. Level to level three, you can go very deep but it will take more time. Okay and there are many options, you have to check them, so I will tell you how to use them, you have to press dash U and you do not have to enter only the domain here, let's say I put Gu Gad Co, this is not to be entered. Now let us try some such websites which are less popular. Let's try Flipkart. Let's try flipkart.com and okay let's see, it will not give you the output directly but will store it in a file. Okay, we have put the spelling correctly . So okay, this is done, okay see, level one is done, we called zero JavaScript file internal in one URL, got a total of two requests and took 30 seconds and saved it here, now let me show you what is your output, how it looks, open. We will do the folder, here a folder of photon will come, not good, okay, here is flipkart.com and from it we found only one which is flipkart.com, now this website was a little secure, hence it did not give any results, let us do one thing. Let's try the other website, okay, let's try one, we are okay, it is doing something, progress, okay, rot, I taught you, okay, it has 38 URLs, it has got robots, it has 37 internal 38 external fobble fobble meaning how. Say, I am fine or leave it, I will tell you in web application hacking, I will make 39 requests in total, it takes so much time and is stored, see what has come, I delete the FUP, then see so many files have been created in total, four files are created, let's see one by one. Let's see the file, a little bit, how much, it doesn't zoom, yes, so there is an external URL that was found, let's see what is there on this URL, okay, so this is some help center, okay, no, let's see in the useful fable. Login is ok, let's check this one, maybe you won't have this login right now, but sometimes a different login may also come. Ok, ok let's check this one, this is the same, just in PHP, ok, this is also a different one. It is not useful internally and it can probably be useful, okay, there are many URLs which we can look at right now, this is a fake, you will not get anything, suppose you have a new website, there is someone in your college who has created a project. Have you been there or is someone doing an internship there, you can do this testing, it will definitely be useful there, now we are not going to get anything special on this ff, still let us try and see something. Does it look different to us, this page is available, so it could be that look, this is internal, it means that maybe after logging in or to the administrator or the server side, this directory is also visible. If you can see that there was something, you must explore it. Whichever site you test on, maybe you find something sensitive. If you find something sensitive, then report it. What is the word robot.txt? What is robots.txt? I told you that it is this. It blocks search engines or callers so that they cannot reach sensitive directories. I told you about this, so there might be something in it. Let's see in plugins, what is plugin by the way, it is not an extension. Like I said earlier, it is easily available because see what I said, it is usually because the owner only shared with, which means that only the people on the S side or the admin or the F staff can probably access it, so there is something here if Suppose you access it by mistake then it will come up as a sensitive file. What is it called a sensitive file exposure? Maybe I think it is the name of that vulnerable person. You can report it. 100 50 maybe you will get it. Now this is F off course. Nothing to be found here but it was a very good tool. It was a good tool. We will do one thing with it. Dash one way back from the machine we try one dash H I press I want to see dash dash way back yes that's right again dash dash way back sometimes what happens is what are some people for their practice who are in penetration testing They are there for their practice or for some bug hunting, what do they do? How can I tell you a little bit about the website? I mean, assume that it is 2024 now, when I am making the video, how was this website in 2020 and in 2015. How was it, what changes happened, some hackers use it to monitor it, they are fine with the bank, so now I don't know how much it will bring, don't bring too much, I do one thing, I put a limit on it, ok limit. What was the limit limit limit? It was on the limit . It had the option of one limit. As far as I remember, it seems that now they have taken it out. Still working, let's try. Dash dash limit. Do two. It doesn't work. Keep the level at one. It's okay. D'Elve. So that means it will not take much time and so the changes that have taken place from the website to here, where has it changed, if you have monitored it, then what has changed in that change too. Exactly assume that there is a directory and there is something in that directory. If there was a problem in the changed login, if you updated the login then what can you do later, you can also find vulnerabilities in the changes made by you or there is some extension or plugin like search engine optimization which helps in speeding up the website. For access, we saw that it is okay in NetCraft, so those extensions like that, have they updated anything in it? You can see all these things which are there or you can also see that some like this brother, this one, a plugin. Which manages some encryption for the transfer but they have not updated it. They have not updated it since 2014. Maybe we can get something in it, so the use of it can be here. Right now, whatever it is, it means it is working. But it will take time, so what do I do, I fast forward a little, no need, it failed, but nothing, you try, it was something like this tool photon, you put any question in the comment, it was very good, I like it. Moving on , now we are going to learn about a tool which is an alternative to NetCraft or you can say a little similar, its name is Security Trails, okay so it is nothing same to the same, it is just like that. We have to enter the domain and the information comes, so let's start, first of all we have to go to our browser and here you have to enter security trails, okay and after searching, then go to the first link and enter the domain here. So for example, first I enter facebook.com and enter, all the same results come up, it is just an alternative or a similar tool, my work in Net Craft is to tell you about such tools as are available, the more I will tell you. You will remember almost that much, so assume that if I told you just one thing, you would have forgotten it, but if I tell you two, and if you forget even one thing, then you will remember the other one. Okay, so let's see, we have put the FB here, his address has come and This is the address that came from me, this is the MS record, this is the record, the name is the server, the record is the way, this is the recorded text, OK, there is no special historical data here, right here, you will have to do a login. Let me tell you, there is no need to enter your email directly, you can also enter your drop mail, okay, I will copy it, sign up, put the name here, we are Ganesh Gai Tonde Company, Vimal, keep the password, accept anything, sorry, email here. Enter yes, ok, sign up, never never, verify, ok , let me verify, ok, and yes, it is verified, start, ok, so we were in the dashboard and here we had entered facebook.com, so we went to historical data, ok, so historical data. You can see its IP address and its first seen and last seen, you can see its last IP address means it was there a day before that, okay, it was there a day before that, a day before that This sorry is actually fine after four days, so it keeps changing and the advantage of changing the IP address is that no one can track you, that means you can track it, brother, there is nothing difficult in this, you will not have any scanning on you or anyone else. Cannot do testing for long time, this is the advantage of IP address and many more All but understand this much in simple language, there is a chance that you can see and its advantage is that you can see the IP address which was there earlier, it is not coming before this in 2022 but come on, there is no one, you can see. You can know that the older the IP address is, where is that IP address now, is that IP address free now, can I buy it and on top of that you can see the 10k plus from faceb00k sub domain and sub domain, I told you what happens. Is it google.com? What if I add further, now goole.com and goole.com, hey goole.com, so all these are domains and here you can see anything, there are many 100s, now I will tell you one thing. Let me tell you what many people do when they come into bug hunting and they do not target big companies, they target small companies because they think that if the big company is big then it will be very successful first. How many people would have done this, this does not happen, the bigger the company, the more you have seen, there are more than 10000 sub domains, some have exactly 10000 sub domains or not 10000, if any, I can select 5000 domains and sub domains. I can do it, I can do testing there, maybe I have found something there, so this map is big enough and there are not too many hunters for testing, do one thing and I will show you the numbers. How many total bug hunters are there, okay? How many hunters are there? So you can see about some hunters are working full time. Okay, 2000 is 500. The report is that it was done in April, so it is okay, it means there is not that much competition. If seen, but those who are there, they work very fast. Now you have seen that full time means you sit there the whole day, so you can see that it is very difficult for them to find vulnerable people, if there are five, let's say one. If a person does five reports, then how many are 10? 50, then 100 became 500 and Hajj became 5000. So you saw that there are 500 reports which were done last month in April, so there is not that much competition but if you enter, you will get a little It should be quite active, in future I will make a course on bug hunting, but it is going to be very late, so don't do it now, I will bring a course on bug hunting later, so this was our only tool, whatever it was for all the domains, you can select any of them . Maybe you may find something there, it was a very similar tool, right from NetCraft, if you have any questions, please post them in the comments. Moving forward, we are going to learn a tool which does the same job as all the previous tools. You can do it with the help of which its name is Recon D AG Recon Hype AG Recon Enz. Whatever you want, you can do it. Now you will say why I did not tell you this earlier, why did I tell you about so many tools. If I had told you in the beginning, then the earlier tools were there. If you try and you don't even remember, that's why I have kept it last, then you will say that still, it means doing it together, so what is the need for the rest. If you assume that the task has stopped, then that is why you have all the tools. You should know that the topic of this tool may be a bit big and it may take some time for you to understand because its commands are a little different. Now we are increasing the level of the tools a little . There may be a little load for you due to our hacking but don't worry, it is nothing, it becomes very easy after practice, listen to me, okay, so let's start, first of all we have to open our terminal and here But as usual, you have to enter zoom and here you have to enter Reckon DNG, look carefully when you enter, it may be that Rekon DNG is not installed, do you want to install and install it, okay, so when you start. If you do this, something like this will appear red, don't worry, this is nothing, it's just what is needed and the tool runs anyway, so here you can see some of the options it is giving us , do not select anything from these. Don't worry, I will teach you how this tool is. If I put it in help, it will list all the commands that are possible, but there are more commands which are not shown. This tool does not work directly. Some modules are required, let me give you an example, just like there is a browser, you install extensions in the browser, it is similar to this tool, some modules are required for it, in this way, by default when you install a new If you use the new module for the first time, no module will be installed and such a message may also appear, so first install it, I will tell you how to do it. The place is fine, you have to enter it like this, you have to do the install, it's fine and all and just enter, then all the models will be installed, then you can see, you will also get something like this, yes, it does not take much time, that means your Internet speed is up, okay so there are a lot of modules, now I can't do anything, so I will sit peacefully in the bus, okay, all the tools are installed, this is not a problem, just tell me that you do not have EPI key, if you want. So if you can enter the I key then we do not need it because in this time our work will be done, okay, so there was a trick to clear it, I do not remember how to clear, once I search how to clear. recon dash ng ng terminal ok ok no it is not coming no problem as it is visible to you here ok so now let me tell you how to use first of all I put help in it again ok so something like this From which you can create profiles in it, profiles or a folder. Now you will see that it is written here as Account and Default, so what is the default? Default is a folder in which you will be working, if we assume that you have to use it again and again. If you want to do testing on different sites, then you cannot do it by default, otherwise because it does not save all your work. Okay, so this is quite complicated, not complicated, it means unauthorized , so to do that, we have to create a work space. Create is fine and you have to give the name for now, I will give it. Whose recon sense do we work spaces? It is not doing this. Actually, I do one thing. Yes back, this tool itself has closed. Back closes the tool. Remember. Is it okay to keep it, so here I do help work spaces yes work spaces list sorry yes there was a list okay so now you will see that two work spaces are coming here out of which one is default and one is F let's say which site you have If you do the test then you can go to the site where you want to go, so I have to go, I have to load it, okay, the workspace in which you have to go, you have to press load and it is optional, but what does it do, it remains a little organized, so now we Let's do face or dot face book call maybe something is wrong but let's do one thing for help ok let's see DB is right mine is ok let 's do one thing let's see the options ok ok so let's leave it. Forgot that we actually do it but it is not that important so now there are many mods in it like I said like there are extensions in the browser it has mods so now you saw above that we installed it so now how to use it. There are many modules in it, you have to use that module according to your purpose, so what do we do now? Modules search. Hey, what is search? Suppose I have to do something brute, maybe you can see something like this here. Yes, this is the search option. Hey bye Dave, it searches as many models as you want, you can use your favorite one, so X path brute sa, what do I do now, this is easy, brute host people do it, so how to use it, modus is ok. By the way, I am pressing the tub, okay, that means I have to load the module like this, when you press the tub, it gets auto completed, I must have told you earlier about the basics in this ear and you have to load that one, why isn't it recon domain host? Yes, okay, now you can see that once we have come inside this module, now it does not have to be run directly, it has some options, I will tell you how to do it, when you type options, you can see that actually. It's not like that, wait, show options, no, this is also not option help, okay, options list, yes, you have to list the options, whatever model you are using and all the options are given in it, okay, so you can see that here. Options are given, one is given source and one is given word list, okay, so this is what is in the source, we have to enter our domain and here it is telling you required, yes yes, this is required and this is the word list which is Mango Bud Host Names. This part two host name word list is not necessary for now because it is of no use. If we enter the domain then the host names will come automatically. When is this required to be entered when you already know that means you will have to route over some sites. Now host names, if you do not know, host name means whatever type it is, host name is of that type only, if you know Don't know or are you facing any problem in finding it? If you have a word list then you can do the word list. When we go to the advanced level, I will tell you how to do this. Now, what do we have to do? We have to set the options correctly. You have to set it, what do you have to set, the source is ok, this is how the source came, here you have to enter that domain, now what we have to do is facebook.com, it is done, if I run it, then yes, it will work. So a lot is coming, okay so it looks like a hacker peel is coming, a little okay, so in the summary, 4 to 12 total 223 and pounds, so you can see that a lot, a lot, a lot has come now, right? Now the list which is there is quite big, now on the scroll here you must be seeing one minute here, yes, this is quite big, so we can make a report on it, we have a module for that, I will tell you how to do the module. Search is ok and report, now you will see what reporting is there in which file you need. For now I am going to take ATML, you can take whatever you want, ok, so I will do module, ok, load reporting, reporting HTML, ok. So you can see that this mobile, this module module, has been loaded, okay, now how to use it, we always have its options, if we look at the options list, then for this we need a creator's name, meaning customer. To whom you are going to give the report file name, whatever you want to give, if you do not give it, then by default, the result will be like this, then just run, if I do, then you are seeing that there is a customer name, it is required. So what do we do now, we set it, option set customer, you can give any name, I give it, mark is ok, mark is ok, so mark is ok, whatever is and s customer is set, now let's run it and see. It is saying that the name of the creator is also required, it is okay, if you give the name of the creator, then the name of the creator is also set, when you run the set, you can see the report genere at ho mon vape f, the result is ok, we open the folder as in the folder. That he had said in Mango Man which I am already, what was location dot reckon ng ok dot reckon ag dot run ng yup it is not giving this option so let's copy and paste it directly from it ok. In this way you can paste, it seems that this folder was hidden, so here you can see that this is the result, when you double click on it, then the HTML format or report that will be generated in this way is fine. A little zoom zoom zoom and a lot of information which is there when yes by the way interacts, okay in this way, there is so much information here, let me minimize it and here this one has got a lot of information and in this way You can submit the report if you want to submit it to someone or you are doing it for yourself. Okay, from which module, I took this IP address and all the sub-domains. Okay, one minute, one call. I am fine, the phone was only one, okay, so we say, all these domains have come, okay, now what we do is a little different module, which is there, we try to come back a little, we have to come back from this. Back to exit module Okay, okay, it's closed, let's run it again, were we in trouble? Okay, okay, we got into a mess, no show, no show, actually we have to do models, okay. So modus search is whatever you want, whatever that means, you should have a purpose, let 's say you have to do a directory fuzzing. Directory fuzzing means this is a website, let's say Mangesh K then slush, whatever files will be there, you don't know what. Right, on the website, you give a word list and inside that word list, you can say sl admin sl import file sl, whatever these things are, they are called direct functions, so you can do brute force like this, you can call them direct functions like this. We can do that but right now we will not do that because it is not included in it. We have another tool called Hacker. Yes, Hacker Target. Okay, this is also very good. Let's try this. We will load Modus Recon SL Domain Host Hacker Target. So this is what is loaded . That's it, now let's look at its options, it's ok, it needs the option of a source, it's more required, ok, and the current value is ok, nothing, ok, so the options set, set, is correct, spelling source, fp, na, yes, yes, remember what we said. The name given is workspace, it is not necessary that some domain related to it should come, ok facebook.com Okay, so the source is set, let's run, okay, so what is happening, now in this way, we are not going to see at all, we want the report, so again load the module reporting HTML, okay, it is done, okay, yes, it is set. We have to do the option set creator mongo file name, we also set one thing, because if it is the same as the previous file, then there should not be anything wrong, so assume the file name is that I have to give a name, face gives it the name of the file. Okay, let 's run it and see if the permission is something broken. Okay, we can't give it a face name because it's actually an HTML file, so maybe it doesn't look good. Permission nad, I did something like this, it doesn't work, we set the file, reset, something like this. What can I do by listing, I have a barred ATML, its value is good, so the options are set or not set, actually if I want to remove it, then what is the opposite of set, it is not remove, it is not auto correcting, so it means this is a Minute options, I just put this, I have the options unset, it was unset, okay, now yes, it is okay, now let's run it and see, okay, it is saying that it is needed, okay, so for this we will have to give the entire pass, but Remember, you cannot give the entire five because we have already done that, you have to create a file here, okay, create document, I create an MT file and name it, I face ATA to create this. Only after that, if you don't see it, then some error may come, I remember the file name is fine and complete, its location and have to be given, I hope this is clear, let's run it, it will be successful, so if we open it, it is fine. It's done and okay this one did the same thing as that one did okay one more module which is let's try and see something different let's say I search one thing and have to come out of it back modus actually I just put the modus ina I do n't want to load it, actually, I want it to come out, but when I press back, the tool that is there closes, unload is not good, there is no such option, okay, none, I think maybe there is overlap. Will it mean that if I run someone else then why Facebooksignup.in is not coming? Recon is good, so I like that because of that, let's keep working, come back, run again, we are fine with that, load the work spaces every time. There is no need to load, if you want to do it by default then you can do it. Okay, what were we going to do, what were we going to do, yes, we were going to do the DNS model, why is load recon not coming , modus load load recon, yes? What is happening now, what was its name, I have forgotten it. Let's search for the company. Okay, let's see what options it has. Need a source, source of input. Okay, look at the info. Yes, by the if, a little more information about the module. If it comes then it is ok then you will get its version through DNS lookup. Ok, use the UPI to query the DNS record belonging to a company. Ok, then its source is normal. Ok, we will go to the option set sources and just run the FB. Not supported between instances of non type int Something seems broken There is a problem with that module Back up and load it again Ok I remember what happened, we didn't load any module last time Maybe that's why the error came Now I remembered, load the modus, which one do we do, which one is this one, I know, I am feeling a little peace, but it feels good in peace, let us look at its options, we will find the source, it is fine, now let's run it and see, please. So what is happening to me Er 403 means block from me maybe or page not found 403 for hidden yes for without permission then it seems to block me no one is doing one thing do another model str I know I am a bit bored Yes, but my job is to help you practice. No directory, no, some different, different, different senses, no, no, they do not work. Modus list, which module, I don't have it, I can't see it, okay, let's search module, spelling , which one, please take time too. There is no need to buy from mine, you can also find it, so it's ok if you do the same, this was the only tool, it was a big tool and it took a little more time for us and yes, I am getting very hot, actually the fan runs. So the sound of the fan would come in the mic. So it's fun, I liked this tool and enjoyed it, definitely try it, it has all the mods which were listed above at the time of installation, it's okay to keep trying each one separately, it's fun and this What will happen is that you will also get some practice and if you have any question then put it in the comment. Let's move ahead. Now we will learn about a tool named HT Track which is used for two purposes, one is fishing. And the second one is testing, the main purpose of the person who created this tool was to use it only for testing but some people also use it for phishing because they have the creativity. What does this tool do? This tool is a website. It copies the file completely from top to top, that is, assume that this is my website, Mangesh Co., it is fine as usual and anyone who knows it can clone the extracted ATA file and sometimes- What happens sometimes is that the directory also gets cloned, sometimes its files also get cloned, so there is nothing much to say about it, you can see it directly, that is, I will show you directly, it will be easier to understand, so let's start . So first of all we have to open our terminal and I will zoom in a little and put here HT track is ok and enter it. So first of all if yours is not installed then it is a simple thing to install it if it is coming. If the package is not found, then you have to update it as usual. So here you will see that when you run HT Track, it is saying that a project should be named. For now, we will directly clone the big website like this. Can't do it because they have put a little security in it, now we are going to try a little normal, little low level website, I will show you one here, if I search Mangesh D.Co , then it is some such website. Okay, he has bought the domain, now this is the website, or if you know, COE P is a number one college in Pune, we can also clone this website, okay, like this, then you see. Look carefully if it is fine on the domain, remember, here we will give a path to Mangesh, if you want any more, then you can give it, I want to keep it as default, so I enter the URL, remember to give the complete URL. You don't have to give HTTPS, this is not to be given, actually, you have to give it like this, ATTP Madhyayan, so I had tried it earlier, when means before shooting the video, I try everything, then I checked that there is some error in it, not clone by tick. Hoti Mangesh's okay, just enter here you will see mirror website mirror website with wizard just go file indicated, I am going to show you only the first option or the second one is fine, rest all you check what is happening. Prox If you want to install then this is ok, no need additional options ok, no need, I have to buy ready to lunch here and whatever it is, cloning will start, mirroring and clone is done, more than this for some website. It takes time for some websites, this happens quickly, so here you have to come to this folder, you will see the website here, then we copied all the data on that site that we could, so slowly see . What did we copy? If we go to the cookies and zoom in a little bit, you can see that I have got some of the cookies. If you copy this I think it is called Base64 encryption and if I search here 64 here, if I put it and decode it, then it is giving something, okay, this way you can see, sometimes you will get information on this also, now you are in the beginning. So this here, this means this, this is not going to be of much use to you, let's see in some catch here in the new duty action, what is Roar, okay, okay, so as I said, this is for testing, now which The main thing is the same, if you do phishing for purpose, then this is the file, do you remember, there is a custom option in phishing, if suppose there is nothing in the list given by you, then use the custom option like this. It is okay to do it like this, so now when I open it, you can see that it has opened here, look carefully, what was the domain earlier, now it has opened normally, it is fully functional, everything is fine. There is a website, now I can test everything on it completely offline. Got it ok and what's inside it is the same here too ok ok come back what is there in this gif there is nothing ok let me close this so we have done one website let 's do another website which is Now let's say that whatever comes next to you, enter project name, etc., etc., if you want to skip it, then you can just enter it directly here, you are ok, I had tried it earlier also, and you have to enter it like this. Now what happens is, as I said, for some sites it takes a lot of time and for some sites it happens very quickly, so remember that even when this is happening, the things that are in your files are You can access it, just sometimes there may be a little delay in loading it, now if we open it, you will see that this website will not go directly inside the folder, when you do it, it will open like this. If it comes then this is the file, let's see whether it is functioning or not. Okay, so for now this function is not working because it has not been copied properly. Let 's wait a bit. For now, the CSS is getting copied. Okay, now let's check. We are fine, it is still not done. It seems to take time. As far as I know, let's just fast forward a bit. Now let's try one line, two lines have been completed. We are fine, it is still not done. Okay. No one, what is happening now, mission, ok, now let's try, three lines have passed, no, no one, maybe it has gone to the website, it will not run, this is where it is, okay, there is a lot of information coming here, all in modes, in themes, etc. If you look in the calendar CSS, we have copied a lot of things but our main index has not been done properly yet. Let us look at the departments. Computer Instruct Mechanical is fine. Maybe we can get some data in it or else. You may not be able to get some information, you may get it directly, even nowadays, no website is that cheap, okay, so you can see, look lightly, it is okay, is it loading what we want to load, is it loaded or not, okay? It seems to me that it takes time to do one thing, till then we try another website, we can't keep it sitting till it is done, A COE P, now we do some other website, okay, we do one thing, we search before any website. Is it working or not, believe me, if I search Carry No, there was a website of Mit Pat on which he had made April Fool Mit Pat Myth Pat Myth Pat Ya, but if I type Myth Pat Ko, it seems that he actually created April Fool on it. That's okay, no one, let's do something else, let 's assume that David Mamal, yes, David Mamal, so David co and copy shift v, this ATTP, remove the slash, also a, no, actually, it is saying that which is already a copy. If it is working then there cannot be two together, so by the way, if it still means that the work is finished, still if it is showing like this, then this folder here does not have to be deleted, it is fine, then this work is fine. When it starts doing this, let's see if it is working or not, okay, it is not done yet, okay, it will take too much time, I will clear it, I will close it, now let's see, okay, now it is done, that is, until it is completed. It seems that till it is done, it does not give the result and it seems completely that he was copying a lot. Okay, so now you can see that I am on a custom page and you can see a lot of things, all the things. Is it functional? Now what is its use? I have used it for sting. Let's say that here if I access maybe maybe let's try once. We don't do one thing. Let's try a hyperlink and put a little zoom. I am fine. So okay, there is nothing like hyperlink injection in it. Okay, maybe something like this. Let us see another one. By the hyperlink injection means run the HTML code in the code itself. Now this thing is run in HTML, why is it? Neither, if I put HTML in the search result, is there any error? Is something happening? This is called HTML injection, so it is okay. This is how testing is done or else. Suppose you have a website for practice and you want to take inspiration from it, then this can be used there too, okay, then I will delete it because I don't want this, this and this is also okay, now to David Bumble Let's try, okay, let's see, here's the index, okay, it didn't happen. Sometimes, as I had said, some of the websites that are there do not work on it, now let's do one thing, we would try the different options that we had, let's say I just press HT Track, I thought for a minute or delete it. ht track enter project david base pa normal i need url oh no going back david bamal co ok let me enter select the second option we might get some different results mirroring is happening ok its done let's see It happened or not, it's okay, so that website is a little better, that's why it's not happening, so now I have a homework for you, this is HT Track, it 's okay for you to find similar tools, I will not show it right now because it means a lot. It will be done and then you will have nothing left to do, so definitely try this. It is running on S computer Windows, so in the previous videos, there was some voice problem but this is not happening in Kali Nux. F6 69 is running fine in it. If you find any solution for this then please let me know. Because when it comes so muffled, the sound is strange. Okay, that's why I am doing it in Kali with Windows. The tutorial I will tell without a camera and without a camera means first I will record and after that I will comment on it and show it to you. Vij's groping was of a black snake and it was just fine, it was very good, I like this thing in fishing. You must try this, that is, don't do anything like this, just for testing, try the index.htm which is there in the custom option and see whether it is working or not. Do let me know if you have any question, put it in the comment, let's move forward. Next, we will see the version of H track which is quite good, that is, not too good, it is a little better as compared to our black nose version, this version is graphical and its installation is quite easy, just setup. It has to be downloaded and installed and it is operated graphically, meaning you do not need to enter commands like command prompt etc., you do not have to open any terminal, you just have to operate it graphically and I think perhaps it has a little more feature when I was watching the recording and one more thing that my mic is not working properly in Windows. I don't know why it is not working properly. I tried it in another laptop and it is working fine in it but in my laptop it is not working properly so that is why I mostly I record in Kali Nex and that is why you are not going to see my face in the further recording, that is, in the tutorial, I have just recorded and later made commentary on it, so it may seem a bit strange to you but there is no problem, it is very easy installation and Even if we start using it, first of all we have to open our browser and create a new tab and in the new tab we have to search 'track black', we have to search only for HQ carpet, so in this way and the first website is this. If you want to come up then click on the download section option there and you will see many options coming here, out of which we have to do this one, simply click on it and the downloading will start. I close it and wait, the download is done, I have to click, cut it, and minimize it, and next, accept it, next, choose the next location, and if this is the option, untick it, then tick it. So it doesn't matter, next and install, untick it and finish, so you can see that our program has started, we have to do ok and next we have to do more project name which was coming in the carpet like ours, in the same way. Coming to Same to Same, okay, I will minimize it . Okay, yes, I will give the project name here. For now, let's do whose COP. Let's do one thing for Mangesh because in Kali we had done it for Mangesh. So Mangesh, whatever is the category, you can give custom if you want and whatever location is there, whatever you want, I have to change the location, click on it here and wherever you want to give, I give it there. OK no no yes no here in the new folder yes ok then next end here the address to be entered is m.com oh by mistake yes Mangesh k ok then you can see many options which are coming here. Are like which first option were na our tooth download with wizard etc clone with wizard mirror with Which option was there in the same way but it is a little different so here are some URLs list yes list together if you have a big list of URLs then you can see them so what is there in the set option okay here But there are many different features which probably were not there in it, I think it is okay, I will close it. Next end, here also we are giving some options. Okay, so there is nothing to be done, just this VPN option is fine as per my opinion. There is a VPN option, if you want, you can put 'end finish' and it will start and that's it, you don't have to do anything, finish it and exit, if that means your work is done then you have to do it again. If you can do this, then go to the new folder here and here you can see that many of the files have come, it is okay, what will happen, yes, then this Mangesh folder and outside which are our files and the most important ones here. That index file is ours, when I open it, you will see that Mangesh's name is coming here, it is not category and we did not do it, that is why it is coming, so when I click on it, you can see that here we are. And okay, you will see that this is the domain and it was not the domain and this was ours, what do we call it, the file is there and here in the folder we will see, okay, so there is nothing special in the cookie as if we had created it. Did it in the same way and again let's see the session ID is fine and that is also the base64 code. Here what we did last time is the same index file inside m.com again and nothing happens inside this catch. It's normal, let me show it to you again, if you open it in read, you will see why this file has been created, okay, generator by win, there you can see the end and back, come back and that's it, that's it. Let me delete it, let me delete it too. Now let's do another website. This is actually our video that is being recorded. Okay, so the HT track is fine here. Next here is the project name. This time we do COP, otherwise one minute COP. It was not done, maybe it took a lot of time, now let's do one thing, let's see which part of the college we are from in Pune. Okay, if I remove it, then a lot of MTs are coming. Okay, MT, let's see, this original MT has come to us. Do you need a duplicate MT, Pune wala tee or else do one thing, let it be ok, Masa Chuse Institute of Technology, ok, copy its URL, give it the name of the project and paste it at this location, I will end with a slash. Remove it, yes next next finish and when it is done then you will see a error coming and as I said, some website is a sucker, hence this error comes, let's see whether we try it or not, it is showing operation complete. Let's finish it, exit and see, minimize it in the new folder, it's okay, it's done, let's see, we will open it, it's okay, it's not happening, like I said, some websites do not allow cloning, but still. We tried it, look here, it is also showing the same, ok, what happened inside this db.dot, yes, it is the same, this is also not happening, ok, I will close it, I will go back and delete it, delete it too and It was quite easy, there was nothing difficult, I demonstrated it to you, the first one is done, the second one is not ours because there is security on some websites and if you have any questions, please put them in the comments, it was quite good, this one was a little comfortable. S compared to that of our black nose but everyone has their preferences, they have their habits, whatever you like, you do it. If you have any question, please post it in the comments. Let's move ahead . Now we will see about GR Recon, actually about GR Recon. I am not a GR and this is the tool I told you earlier that the Reckoning tool is similar to that but it is much better than that, not better, it means it is much easier to use than that, its use is quite easy, you saw that it has a little C practice is required only then you can use it and there is no such need in this, its use is very easy, you just have to run it, enter the domain and all the information comes automatically. Yes, there are some features in it. It is less but I will tell you that it is not much better than that, it means a little better than that, so let's just see this, first of all we have to open our browser, okay yes, I reinstalled it because it was there earlier. There are a lot of glitches coming up a lot I was not able to record everything properly and because of that I got delayed, if not till today, then it would have come a little before the time when I would upload the course. If that deal has some glitches, I don't know what is there in it, so I Reinstalled and while reinstalling I changed the theme, I liked this and this is quite good, it means it is giving such a premium feeling, I am fine and yes by the way, by doing this, whatever is minimized means that those tabs are opened not minimized. Whatever you have opened, you have to search here G Reckon Git Up G Reckon Git Up, if you just do G Reckon then it will not come, let me show you in a minute, something like this will come up, okay then search G Reckon Git. You have to click here, you are fine and this installation is something like this but still he has not given a step in it which is to copy this link, we have to open the terminal, let me zoom it a little, yes, it is very good. The animation is by the way, meaning see it yourself, it is a very good animation, like I maximize it, minimize it, it is a very good animation, so here you have to enter the command git clone control shift and paste it and in this way whatever is there will come and If you enter then this cloning will start, you have to clear it, you have to go inside it - cd gr recon, else you can see that everything has been copied properly, let me clear it again, else now from this we don't have to do this. We have to install the requirements which are required in this, I will tell you how to do it, sudo pip install d r d r means install the requirements from a specific file. Those who know Python will know what the module is. No from the module , yes, it is the same module. To install it, you have to use pp install command. Suppose there are multiple, then there is no need to enter pp install pp install like this every time. We can write together inside a file and like this. If you can install from a file then dr. to install from a file and this is the name of the file . I might have told this earlier also but still now we have to enter the password here, so it is okay, this is done, I will clear it also. This time, now there are some files in it and out of which we have to do this one, OK, we have to run it, that is, we have to use python3 to run it, remember that only python2 is python, there are 3 such versions, so there is a difference in each version. There are different bugs, there are different features, this time you have to use python3, you do not have to put H, you have to enter Pan 3 like this, okay, and this tool will start by the way, the plugin also given here does one thing. First let's see what plugins are available, we don't have to do this brother, okay, okay, okay, still let's see, let's try. Yes, reckon, there are no plugins, okay, if there is no one, then put the site name here. Dad. No, you have to put normal, we do COP's, we have to enter OZ in OK, you can do anything, whatever you are testing on, testing is not illegal, first of all, testing is open source, so it is saying that That it did not happen because too many requests are coming for that website. Yes, I had tested it earlier also, so maybe this is the reason that it is not happening. Okay, let 's try. I mean, I test everything every time before recording. If it is running fine, then okay, now it is not running, no one, what do we do, run it again, go to another website, no one, it seems that the website has blocked it, that means a lot of requests are coming, so ok. Now let's try some other website. Let's say a normal website. We need a college website. Let's search. Okay , this is the domain. Do you want a real domain for a minute? I think maybe this is the domain. Oh this. What happened, I did not copy it, let's try it and it is looking for sub domain, it means it is fine, it is fine, so you can see all the sub domains, it has so many features, it is fine. Let me explain, sub domain, same sub domain, sub sub domain means sub domains of the domain, wow and sign up pages, all the sign up login pages, why because sometimes what happens is brute forcing is possible on the login pages, till now I have told you. Not told further, I will tell you about hacking in web applications, brute forcing can happen on some sign pages, sometimes SQL injection happens, but Chances of SQL injection are quite high in the SQL injection part and the same reason is that login pages and sometimes login pages which are meant for users and sometimes for admins are mistakenly called admin pages. If it gets hacked then the entire site is gone, that's why that feature is there, you don't have to do it, I am just explaining Direct Listening, Direct Listening means extracting all the possible data on a website, let me show you for a minute. I am giving a no, here it is ok, this is happening, not a direct lease, yes, this is how I was saying it, I mean, the number of slashes, the amount of content on a website, as much as it is possible, it is called that. Directly, now we start testing, we see what is there on each domain, now we see Robocom, we come down close to it, oh wow, there is also Spun Sirs, okay, so there is nothing in it, what is there in digital, okay there is something in this too. If it is not there in the admissions then admission will be done in research. What is the game? Is there no one? Okay, CCB, what is written? Center for Business Innovation, okay, we don't need it. Come on, what's the matter in schools? There is nothing. Okay , this one is done, looking for sign up, so all the pages with login and sign up will be found, okay, let's see what is the forgotten password, let's do one thing, I will remove it, what if I So look, we have got one login page and maybe it could be a student's or maybe an administrator's, I don't know and we have got one more, this one too, let's open it and see here. If there is any, then you can do testing on these login pages. I will tell you in some e-web applications with root forcing, SQL injection and bypass. For now, concentrate on testing, I will cover everything. Have a little patience and go into direct reasoning. We have got all these things in the direct list, that is, as many posts as possible, these can be folders, direct listening and here publicly exposed document which is an important document, sometimes it also becomes public, now of course this which There will not be any of these, this is normal or this will be the syllabus etc. Now what happens sometimes is this tool sometimes does not work properly, whatever you search for, something is missing in it because no no right It is true that sometimes it does not work properly. If let's say the result is very small then run that tool again. Now what we do is let's try it on some other website so that you can understand completely. Come in I don't want this now let's see again colleges in Pune let's try Savitri Bhai like this come and enter ok two minute request then it has blocked us maybe let's try again because this is the first I am doing a time test, I am fine, let's block the website, no one, but it looks like a cheap one, it seems like a cheap website, isn't it secure, they don't even have a certificate, whatever it is, it's fine, let's work with some other Indian Institute SIM. Let's try it, okay, there are quite a few, so let's check one by one, till then we will sit quietly, let's see what the suspicions are, what is the normal LMS, let 's see the button, it seems to be Dave Ping, as far as I know, and I have left one in the middle like this. Okay yes yes definitely this is developing and if it is left midway then what happens sometimes even in developing it is very sensitive and should never be left open like this, okay it should always be blocked which is the access of the user on such sub domains. These are all domains right and they have done something, okay, what else is this LMS to here also, same button, so this is the same thing, they have SFF shy staff, nothing like staff , sit sit nagpur career se apps apps What is in 'You are not authorized', it means something here, now you are not authorized, this can also be bypassed, perhaps you can bypass it through my method which I will teach you, it is a little advanced in the penetration testing course, but then No one, there is a solution for this too, but it will not happen every time, it is not like this, right now it looks like a cheap site, so maybe it is, but still, we are focusing on testing, I understood, okay SIM research, okay, I don't want everything. All domains are visible to us, what is there, not secure, okay yes, that is our children. How clever are you in login? Yes, this is the most important thing. Let's see one by one. Here we have got a login page which is secure. Received password, hey hey, SS Lcheck and login, wow, what is Designed by Atham Co? This small thing, these permissions are there, privacy row of active themes or they don't even have this, they don't even have a certificate, look this certificate is expired, come on, I have to go, yes brother, this is the domain, they think this is a theme which has many Okay, so sometimes there may be something on top of this, maybe access etc. and let's see, we have all the login pages, we will calmly see everything here too, as I said, why would I have to find the login page first? I also told you about direct listening, I told you that there are many things which we are getting, there is some Bill of Supply, 24000 IT Expenses, License Administration, some of their information is sensitive or whatever is there to show to the students. This is how testing is done, it is possible that testing is also done, you know, that means that document may be sensitive and they have left it open and look at this, publicly exposed document means the same but no, it is not the same, actually this is direct listing. Meaning, all the possible sites on top of that file, all the possible files on that site, all the possible folders on that site, remove them all, what is it called Declining Publicly Exposed Document, meaning all the documents PDF, Excel, S, CSV, and what is Jason, not Jason. But still we see that Professor Doctor, whoever he is, is it ok, hey, I have got his phone number too, ok, so he is a little bit, I think, the site should be secured, the phone number of anyone like this should not be given. Okay, it's Paste Bin, okay, this Paste Bin is the same, you might not know it for a minute, I know that Paste Bin stores the leaked data base and sometimes it also stores the old files, okay so there is something in it. But it found it, okay, that was it, it was very good, it was fun, it was 15 minutes long and I enjoyed it a lot, there are a lot of emulations in it, we have got it together, are there any other tools, it means age comparison to others. The tools were quite good. If you have any questions then let me know. Let us move ahead. Now we will look at the own framework. This is not a tool, it is a website and it does not do any work. It is just all the possible tools that we have for information gathering. For foot printing, Recon Sense gives a list of them and gives them a category wise meaning, it looks good in appearance, it is very organized, there is nothing to tell much about it, I am directly visible to you, so to start, first of all we have to You have to open the browser and here you have to search, Oscent Framework is very popular like this, O Framework is the first website and it has been loaded like this, okay now you know what is this, which are all the possible tools like I have mentioned. Earlier it was said that for information gathering, Ext gives a list of them for food printing. Okay, suppose I want information about the domain name, then you will see that it is giving categories of all the possible tools, that is, one Like about the domain, I have to find all the domains, so you can see that all these things are there, these are the tools to find them, okay, so as far as I remember, we also have a sub lister and more sub listers in the future. I will tell you, remember we tried The Harvester and DNS Recon can be one, it is not such a difficult thing to find sub domain, it is quite easy and in this way you can use whatever tools are there, let us assume that you need to find more tools. And if you are not able to find it, then in this way you can find it. Now I have to look for the records. For the records, which website did we see ? We have seen how it can be found and what we see: Domain Blacklist URL Exchange Social Analysis Okay, that's all about the domain, now we do information about IP, information about IP, host IPv6 Information about hacker target, you may know that we used it in Recon NG. Okay, this and these images are video search engines. Okay, let's assume that you have to find a video, some have to find a photo, some have to find a webcam. Out of this, there are no views in this, there should have come, come on, there is no one else for search, if you want to find search engine and these are the data tools for anal records like this, these data tools are fine, c videos, bang videos, yes, you will know this in this. Nothing special, it's quite good, it's got animation, it's organizing which is quite good. Now let's see some people searching in people search engine. There are many tools here, that is, to find your friends by their name, out of which this is Piku, which I am. I will tell you further that it is a very cheap tool, nothing special, it does not work in India, mostly it works in America because in India, most of the people use a specific platform which is popular social media platform, they do not go beyond the less popular one and this There are such tools, these search tools, they have a huge list and they are mostly used by the American people, it works a lot in foreign countries, it does not work in our India, and you see the telephone numbers, yes, yes, you can find the meaning in this also. Can you ever think that if you need someone's number, you will not get it in India, people from outside can get it. What are the tools for coding and decoding? What is there in that automation? Yes, this can be very good. Okay, so many things we need. I have received this phone Fuga, which is a true caller, which is similar to what I told you, okay, it is fine, word list, yes, word list, I will definitely need this and word list by the way, remember that for brute force, right, we used that WP hand. To crack the shake, we did this, what is it called, take a word list, it is the same here, if you need a word list, you will get it here, I close it and you see Threat Intelligence Training Documentation and more. There are many things which can be found here. What do we see in the email addresses? Email Search Hunter, Email to Address, OT Industries, The Harvester, but out of all the sites we visited, we got very few of them through email and those were help people . I don't remember, maybe we found many more, so if you forget any tool and want to find a simulator from it, you want to find a similar tool, then you can use this OSAN framework, it was very easy, there was nothing in it. It was very easy to use it. You can find different tools which I have told you till now. You can use it to find similar tools. S means open source intelligence. If you have any question, please put it in the comment . Let us move ahead. Let's see about such a search engine which searches people, whose name is PK, why is this not a search engine, it runs mostly in other countries, S Comp to India, it is very difficult to find people in India because it is very urban, hence another one. And the reason is that most of the people in our India are not socialized like this. Socialized does not mean that you go door to door and meet no one. I mean socialized. I mean that by using popular social media, you do this so that people accept that. Now one of your friends is what does he/she use the most? TikTok has been banned in India. Read it Quora Stack Offl would know who is a developer etc. This is also like a social media and there are many social media. Like Ek Duck We Chat, Ek We Chat is also there in India and outside, and there was an app that you use for gaming, that was its name, I can't remember it, it is popular, you also know, but whatever it is, it is in India. No, mostly through this search engine, we cannot find that much about the people of India, but we will try, I will show you, so let's start, first of all we have to open our browser, okay and here you have to search PQ, that's it. You can see that this is a search engine, here you have to put your name, I put Leonardo Di Capio, if you do not know, then look at this, this is my he is my favorite actor, now I remember the one from Titanic, okay that's it. I search actually he was Canadian no no no no no Spanish I don't know Spanish no no favorite doesn't mean that I don't have complete information about his horoscope American so you can see many people who are in this world have come in which This is the original, you can see it is showing Hollywood, so let me show you a profile photo, look at this, the one of the last one, okay, now let's see what else has been found, it is a public record and his phone number has been found. Do we have ok and what is this what is this ok this is loading what is this Search Unlimited Reports including arrest records etc. etc. Ok ok let's see the rest records here we are of no use to us but it is my job to show you I close it ok ok let me see let's wait and it is loading so current address Phone Number Email Address Social Profile Family Members Work and Wealth Info Marital Status Location History Once done, it will say Select the data you want to see. Now if you want to see more then you can select but for now I I will skip because it will become too big, it will take more time, let us skip, this is all I need: Offense Records B, Employment History, Property Ownership, Relationship Status, Contact Info, A, This is the same as before, it is taking too much time, now no, just friend, if this one said No brother, if you buy premium, I will report the site. I don't know from where but I will report. Yes, it is loading. Is the searching good? It is not done yet. Brother, it means it is very bad. So I said yes, you can also see this email. Yes Leo De Capio Leonard Leo De Capio Ya Possible emails which are possible Look at possible It is written possible Emails which can be And all the profiles of this which you can see or the coming personal is probably a website isn't it Okay, but yes, this has happened, yes by the way, if you don't know then Leonardo likes the environment very much, not the environment, sorry nature, and this email is the secondary address, maybe this is the home address, address information, this is also fax, look at the phone number. We also got it but this phone number could be the secretary's phone number. It is not so easy to get someone's phone number and what is this? It is the management company, okay, it was his phone number, okay no, it was the production, yes, it was the same. This was the company's phone. Picture of Picture Gallery from Feedback. Okay, so this much information is available from here. Okay, yes, please show me the home address. Brother, how much time is it taking? Not sure, not sure how much time should be taken, friend, and let's see what. What are we watching now, his name is okay, so this information is enough for us, like, maybe we have got his home address, yes, I agree, yes brother, please, please don't say, do the premium, yes, okay, now. Now it's over, now we will load more, you know, cancel it, I am not going to do it, it's done , just okay, so this time, when it will be loaded after two years, then you will see what is coming on it, but my job was to tell you. Tell me, I told you, give an example, now let's see the example of India. Okay, so I search on this, I try myself, I am not going to come 100% at all, but still, while doing one thing , I put India on this too. I am India, hey hey, my India is not giving the option, why is it ok, All States, ok, it is in the same place, or is it the US one, so I am thinking yes, as I said, this which works in foreign countries, does not work here. Mangesh Khedkar Spelling Okay, now if we see the list of all the people in the US with the name Mangesh, we will do one thing, we will see someone else, we will see Ganesh Cow, no wait, the best actors will do one thing, or look, he has come, we will look for the Joker. Joker means he is famous from the movie, that's why I am saying Joker, it is possible that it is showing a lot of blur because still we see it. Okay, recorded possible link, we see Facebook, no, it is not, something else has come, okay, New York, 43 years old. We look at the public record and come back, someone else looks at it, no, this is not coming, Samal Jackson can see the work, Samal, hey Samu, work also had to be done, it is not just being copied, let it be, let's see better. This never happens, but still this search engine was quite fine, there was nothing special in it, it was just quite easy. If you have any questions, please post them in the comments. Let's move ahead. Now we will see a tool which is simple from G-Recon and Recon. DNG means in this also many features have been given together and its usage is similar to that of G Reckon and the first one is Recondition G. It is a little easier than that, nothing, it is quite simple, so let's start the browser first. Open our end, here you have to search Bill Cypher Git Up, look carefully, Bill Cypher Git Up is the first website, click on it, the rest are fake tools because it is quite popular, so many people are using it. If you are making a fake then look at its here and you can see that it has much more features than the previous one, it has more features than that and install and run in it is ok so what is the installation python etc. I don't know the track. Why but that would need to be cloned, we have to do the CD installation path install requirement or it's doubled maybe once with a good peep th OK so let's just copy it, no, don't copy because this is the first one, this is my already. It's done but to solve that let's go full screen a little zoom zoom zoom control shift best enter the password and just wait Roar let's go none username for git up why yyyyy this should not come this should not come this Then it comes when it has been deleted. Now let's try, why shouldn't this happen, it is good for Windows also, ok, no screenshot, I still have my account but I don't remember it, it has been a long time, it will also ask for the password I have used. Control C Clear Okay, so there is definitely some problem in it, that is why it is not happening, let's try this one on Bill Cy, no, this is something else, what is clear, what is this clear, now what do we do, the slightly different ones do the trick. ABT clone, let's try now, it is not happening, ok, it was something like this, maybe I will do one thing, I will create an account and come back, ok, I have taken too much of my time, it went into verification, don't know why, so let's try now. It should be bill cyper git hub, this one and do this, we use control C, it is fine and we open the terminal full screen, control shift, we did not have to do git clone control shift, now try this, please, why was he asking for the user name, I know. I wasted 15 minutes in it, now it is asking for user name for verification, whatever happens is for good, there was nothing good in it, still let's do it, we go inside that tool, clear the CD bill cyber, LS now. Let's try bill cyber dot f ok and this also has to be done, let's do one thing and copy paste from here, I don't know why he is doing both of these but let's still do sudo no no no no let 's do it as told. There is a lot of time, why do I know that a lot of time will be spent in the verification, here you can see the time, you can see when I reached there, now I did not even ask, what a friend, ok yes, the installation is done, now let's run it with Python 3 bp ok and ts Okay, so let's see, now we are you want to collect information of website and IP address website? Yes, if you want to collect information of IP address, you can also do it. How to get IP address from phishing and then enter website address. OK then ATTP SG in kitna. Okay, let's try, okay, so many options are coming here and this is this word here, what is its name, what is this called abusive now abusive word abusive word yes so that's why I have blurred that DNS look up I look up Jio IP Look Up Subnet Look Up Port Scanner Port Scanner Don't Know Now When I Teach A Map Etc You Will Know Page Links Zone Transfer HTTP Headers Host Finder IP Locator Find Sher DNS Getter Know You Host DNS Reverse IP Look Up Email We do email gathering. Okay, we do email gathering. 15 subdomains and what else. Fine admin login pages, what was there before, sign up pages, login pages, what we used to look for, check and bypass cloud failure website host info, use what is there, about what is there. We have done 15th one, we do email address gathering, it is okay, we are waiting by the way, which is the phone, right, I had taken it in the rap, okay, that means, I had sung to a Narayanpur, you might not know, those who live in Pune, maybe they You must have known that if you get it there, then you took it like this, it is quite cool, okay, it takes a minute, let me tell you, there is no sound from the reduction, because I did not apply the reduction, so it is okay, so this is what is happening, okay, a roar has come. Let's see what is that Jason's good Jason and always Jason do you want to continue yes yes brother yes what happened to the website HTTP S what is its output not coming what seems to be stopped in the middle due to error and what was the cry of Jason Also try ATPG in this time and try something else like sub domain listening sub lister look at the website copy, this means bundle of tools, find admin use info reverse IP search We check your row, check your search parameter, what does it mean, this tool seems to have a lot of meanings, this tool is not well made but it is quite popular, so I have taken it as ATP Suppository in Hindi to make it simple. It seems that he is not getting it, it is not at high level, it is easy, it is host info scam, one working host in 20, please get it done yaar yes website, it seems that I am putting it wrong, https is not dead, wc org.in, maybe now it can be done. We take the first option - Invalid I Host Name. Okay, I understand that I have to enter only this much, so look, there are some, sometimes mistakes can happen in this way, it can happen to you as well, so now you understand that you have to enter it in this way. C-padji in now reverse ip lock, so in this way this tool was a very good tool, the limit that I had is over, maybe now after 24 hours it will work, you must try it, what is coming in this tool, there is something in it Not special, I have covered a lot of tools before too, so if it doesn't work, no problem, if you are facing something similar, then bad luck, just put any question in the comment, let's move forward, now we will look at a search engine. Whose name is Shan and this is the engine of hackers, many people also call it, if you search hacker search engine, then names like Shan, Hunter etc. will come. What is Shan, this is a search engine which is used for IT devices. Like webcams, CCTV cameras, routers, people use all these things, sometimes refrigerators which are smart refrigerators also search for them, it is nothing but a great tool, you will enjoy it, so let's start first of all, open the browser, this is a website. Search engine means that you have to search the website and this is the first website that will come, you can see the search engine, yes, it has some features, you have to sign up for it etc., there is no big deal in that and as much as you can I remember it also has some premium as you can see here okay so here you can search anything means there is an IoT search engine so IoT IT means I told CCTV etc refrigerator router okay so now if I search If I do Pune only, then all the CCTV cameras, smart smart washing machines, smart refrigerators, smart TVs that are possible in Pune will come. Now how do they come, how does it find, what happens, sometimes the CCTVs are given a public IP. The address is given and some people just access it like this, they access it directly or share it with someone, then whatever is there comes from there and sometimes what happens is that they do brute force. Like means brute force on IP address, how is direct listening, in the same way, you can also call it IP listening, try different IP addresses, filter which one is IoT, all these things, so in this way, these The search engine is working, so now you see that I have searched Pune, Pimpri in India, Chennai in India, Pune in India, Daman, all these things are coming, out of which I know Pimpri as much as I know Pimpri Pwd. Hoga, it is not a pimp, it is normal, this one, let's see, what is this one? Okay, whatever it is, Pune India location, F Network Solution Pvt. Ltd. and whatever version it is, we are also seeing the version, meaning when in port scanning, I will tell you the version. What happens in the scanning network, now you can see the time, now it is not known in minutes, in hours, whatever the router is, it is ok, the description is also given, broadband se and contact Aditya broadband engine boot enterprise ok location pu is showing this much and what is this Its response is OK, Alive, OK, so much has been received, now let's see more ports, it has so many ports open, it can be explored, which means we can't do it, let's see more regular view, where is it shown in Pune? Now, to see this CCTV, you will have to go to this IP address, when I click on it, it is not happening, I will paste it here, why refuse connect, why will you have to enter try? Let 's do unsafe port 161 , no, this is the response, it means on which port, what response is coming, it is the same, ok, it is not working, but here I am putting it, it is not working, what if we do a 2000 TR, it seems that it has stopped. You must have realized that if it is true then it is nothing, let 's try something else, we will turn it off, I will see more. Yes, I have seen this one, if I go to the top of Cy Ads, then it is not working, okay, it is not even responding, it has been shut down, and let's see Tata Tele Service, okay, something may be happening here, this is Mumbai. Do you have it? Yes, it is ok. So it is loading. What is this? What is this writing ? PS Number. It is showing firewall but firewall is not an IoT device. Host name is also showing some general information domain. Okay but. It is not loading, that means it is also closed. Yes, you will get good results by keeping it closed. Every time there is nothing like this, so I will wait and let's see what else is there, let's do one thing, I will show you. For which you are waiting, if we search webcam, then all the possible webcam CCTVs will be found in the search and you can see that many of them have come in this map. If you look, or the zoom is not happening, then you can see a little bit in it. You can see that this red red one has the highest number of devices, here it is 1000, here it is 900 or total, you can see where and how many of these products, whatever the meaning of Windows is, all these things of the server organizations which are coming ten. Set minute, copy paste this, maybe something is coming, it is not coming, okay, so it is closed, by the way, it also has filters, as far as I know, bro, what is there in images, I had logged in, you can also apply filters in it, okay Here you will know, like if I go here, then the file type will be PDF, this is what I used to put, PDF and whatever type I used to put next, it can also be like this, which It is called 'Shand'er King 'Shander King' and you can see the cheat sheet which will come 'Shander King' as it is, in this way you can see and it means in which location and in which country you need all these things. Which organization will come here, you can see that we need Microsoft in the United States, you can put multiple states in the United States, you can also install it, what should be the operating system, meaning it becomes easy to exploit, what should be the port number. What should be the device time and TS certificate etc. So what should be the device type which I want? Yes, printer also comes as I said, printer also needs webcam, we are ok with only webcam, if like this I put it. Like yes cam ok ok I do one thing one tap create account mail yes in this way you can use temporary email if you don't have your own then yes I told you earlier also you have to create create create register user If we give Ganesh Gai , then I will give the password. I am tooth 4 tooth 4. Okay, here's the email and create and this is what has been created here . Hey guys, now it will be done, let's do the work again. No, the password seems to have been mistyped, the username is already 12, it is happening, okay brother, it is giving enough suspense, till then let's see this cheat cheat, we are ok, the server too, yes the server is also exploited sometimes, we Maft Cisco IOS Fingerprint Web Yes Web also, if you want, meaning in ATPS, HTTP, Onion, you can do something like this, Database, Mango DB, a lot of things are coming, it is very good, so definitely use this cheat sheet, please check. Form and fix in this error, you are already ready to do one thing, brother, login, how to activate the account, maybe it will be done now, it is happening now, it seems that you had to activate, don't forget to activate, okay, so where are we on the device to do something like this? Now let's try the device webcam and see what is coming. Okay, so we have got this one, we have got a little zoom, okay, I have opened it and please, so you can see that it is asking for login. And it is quite easy to do brute force on it. Guest login is something like this. Guest end login is fine. If it is not happening then do one thing or see more . There will also be webcams or it will give you control over C&Y. Canon has got it in its mod. If you want to activate it then you can do it and this is probably live footage. Is this live footage? It is showing images from Just a minute, here in Japan this is ok and this one which is not even loading, let it be, see that it is loaded, I don't open it. In this and see this information, login successful, the following command are recognized, okay, okay, all the things that I am telling you, try even after applying papin, it is possible that it may not come back normal and what is this, is there live footage of it or not ? Kong Okay, sometimes in this way, the hackers of the company would see the CCTV footage and what the company says and sometimes get information from there or your neighbor's phone may come to your attention, perhaps you mean yourself. If you don't want to sit, then you can see it, okay, the video is getting very big, okay, it was quite easy, it was quite difficult, I didn't explore much, but you have to do it, I have told you the cheat, how to use it. And look at many tutorials, I will not teach you everything, I will just provide you basic usage, I will tell you basic to medium advanced, you have to practice by yourself, I can't do everything. Okay, if you have any question, put it in the comment. Let's move forward. Next, we will look at a search engine, its name is Senses, which is similar to Short N, but it is a little lighter than that, it is better. I would say this because the results of it are a little good. I have used webcam webcam. I have tried it but I did not find anything, I found only login pages etc. which means I check everything before recording and then when I do the recording, it has IoT devices, mostly it does not come with servers, whatever extra things like that. Servers like means that there are login pages and sometimes RDP servers. RDP, you may not know, Remote Desktop Protocol means something which are computers, for online sale, for sale, means to control online, to sell, that too sometimes. Once we come, let's just start, first of all we have to search our browser or cut ok and here we have to search for census, that's it, census search will come, click on it by the way, second thing is that we will come to their website. You have to go to Sensi Search and now let me show you that the API is also available here. Suppose you want to do it from the terminal, then you can use it from the terminal also, but I would recommend you to use it from here. Do the option here, you can see that it is giving the option of host and certificates from which we are going to see the host. Now and here you can see that search n ip address name protocol and field e is equal to value if we enter ip If you search the address then the IP address is the IP address related to that IP address. Suppose that if someone has bought an IP address then he can also buy a range for it, then the information about all the IP addresses in that range will come. What is going on above will also come up and if we search the name, let's say the name of a company, then all the servers related to the name of that company will be there. If let's say, there is probably no firewall there, webcam. It did not come, I tried but if it is possible, then all the people related to that company will come, if they search the protocol, then whatever protocol is assumed, if I enter http, then the protocol required to access that device means assume such protocol. Take HTTP, then such devices will come which I can access only through HTTP. Suppose I enter SSL, I enter TCP, then all these things will come and if the field value or field value is as high as I think, it is a dorking. If we search here, do one thing, search it later, I will show you the cheat sheet later, so what do we do for now, we simply search Pune, I will just put this, I will put Pune and many more, the results will come total. 179 662 results have come in so much time, now you will see that IP address etc. etc. is there, there is no meaning shown, it is not written that what is webcam, nothing like that, only labels are written, assume that you will see first. The first one is Tata Communication and Tata Communication formally here in Maharashtra India okay and this is its EP address okay so sense is allowed to inquiry registration use please create account and log in okay okay means I had tried earlier also right That's why it is showing none, I will do it later when the flower comes or whatever he is saying right now, right now we see that the basic information that it gives is that in the routing meaning levels, always pay attention to which type of device. From this we will know what network administration means. This is probably a router, okay, so it is showing network administration and this route which is used to control that device. Network administration, therefore, remote access means that you can operate it from anywhere in the world. They end the router and see that the host That SSA etc. means its encryption login etc., its MAC address is also coming here and this is HTTP and above it there is Engine and from here you can access it, if I put it here then you can see. Pune Wasi Room What does Sasi mean, what is the meaning of video call, something like this, what is here, to log in, SCO Wex does one thing, if we see what is Cisco Webs, then we will know SCO Webs Wex American Company. A Sales Conferencing Video Contact Service Application It Was Okay In the images we can see what is actually good Okay, so one thing, they have made this for their conference room Okay system Name Pune Vi means all the Tata Communications companies in Pune Employees will be able to log in from here and have a conference which is done by many means all over the world. So, they can do it from here. Now you can see above this, it is not HTTPS, it is just HTTP, which means interception is possible in it and it is not secure. So suppose I go to that place, if you see this zoom zoom here on the map, you can see there was Mumbai, this is Jejuri, this is Saswad, a little bit more zoom or Swargate, then this is the exact location in Pune. It is not the real location, it means it is the approximate location, okay and this coordinate which is fake, okay, so I was saying that on this I can try brute force, I can try SQL injection, I can make a phishing out of it and What I was saying is that by going to that physical place, I can intercept what they say, their network, their router WiFi, if I hack it, I am just telling them how hackers do it, so I can intercept it . I am there and whatever is its user name, I can access it. Now it looks like it is a router, that is, the level of network administration was coming, so maybe the data is there in that router, so hackers can do this. Let's do this, first of all, what should they improve, this is from HTTP, it should be taken out of HTTP, sorry, HTTP should be taken out of HTTP and this IP address can be accessed by anyone, it should not be so, only those who have access in their DNS can access it. This will mean that they will have to create a separate DNS. Let's assume that for now, we will make it separate from Tata's company, hence we will make it separate from Tata DNA. And for all the employees, we will have to go to their settings and enter that DNS address there and in that DNS address, when this Only when they enter this access should they have to do so, only then it will remain sick and on top of that, I don't know whether brute force is possible or not, I will tell you further in IoT and OT hacking, if there is brute force on it, then they will also get the cool down of it. That should be removed, so what more information is there, let's see about it, the server of Annex is OK and 301 mood is permanently OK, if I access it from here, it is not there, I just did it, so everything is going well. But still it is showing that 301 mode is permanent, let's go to none, I can access it even with this protocol, but its details are not given here and this is something that has been found, okay, let's do one thing with this description. So if I search, what comes up we will know webs room kit images okay so it's something like this camera etc. If let's say I did that then maybe I can get access to it and I can use this camera. I can see ok video call room ok yes that's why it was named video call room ok and what is it we were here ok ok so there is a lot of confirmation which we have got if suppose there was a hacker who could have given something to Tata If he has to hack the entire server, then he can start with these small things also, they need improvement. Okay, so it means from here he can listen to their entire conference and maybe he can get some sensitive information and that sensitive information. Maybe he can do something, I am just telling okay and I have got one more, its location is in Maharashtra, India, Microsoft Windows, okay, let's see, Allen IB International Backbone, okay Database, Default File Sharing, Network Administration, Out Band Remote Access, so its which There are labels, you can see that one can be a database and one can also be a router. Maybe but I think it must be the router itself. Maybe that's why BS is written. Now if you zoom in on this one too, you will see that it is showing the same location of the swarm group, so you can understand that it is the same as for the previous one. If the location is shown then it is not accurate but it is approximate. Now let us see to access it we can access it through HTTP. No we can do this. If we see then yes it can be accessed but now you will see that there is nothing in it. It is not coming, only window server is coming, it means it is a server which can be accessed but it cannot be done in this way, you will see that as soon as I click on it, it is getting redirected to the IP address of the server. Today it has arrived with me, now on this server I can run port scanning which I will teach you in the module on scanning netters and from that if I find any service which is old then I can exploit it. After this, I will have full access to that server. For now, it is a bit much but still I told you that this data base seems to be of some Oracle, so it is okay, some things are there. Search Result Keyword Oracle Oracle Database 19 Result found, so maybe there may be something going on here too, we don't have to go too deep, let's access it and see what we mean by advanced here, we don't even have HTTPS, okay, so this is found Late Pack Enterprise and this is the user name. And there is a login page, it looks very cheap, so maybe there is SQL injection on it, let's try it at once, admin, admin, natu, dash, dash, okay, it is showing that the user name is not making sense. There is no injection , if possible, if we try a lot, then end here we can kill proof force also, so whatever it was, I am accessing it CP CP means control panel end queue login queue I don't know. ST Management Home Page Full OK It is telling something, this is OK, this is something, System Management Home Page is also showing copyright, Enterprise of Late Pay Card, so whatever it is, we can access it from this login page, if this login After getting the page and this is probably some database I think and if I log in to this then maybe I can get some data etc. and also let's see what is on top of it ok it is not loaded no ok This is not happening, let's also see by the way, you will see that the IP address is the same, just change the port, its fine, its ports are changing and I taught you about ports, so this guy also added it to that. If one of them was operational and they used it and it looks very cheap, you can see its copyright, it was in 2017, which means last time, it was probably working in 2017, now after 2017, a lot of changes should have happened by now. But they have not done this, I am getting to know from the copyrights that there can be a lot of vulnerabilities in it, if we do some testing on it, then for now, we will just do recon sense and food printing, so we have got a lot of information in this also. And let's see this third result. For this, the login page is set for remote access and the dew that is showing means it could be a server or a CCTV camera or even a router but there is no dew in the router. We see something happening, we can access it, we try the Advanced Process page is working OK, here it seems it is closed, let's come back to it, if it gives this result, it is fine, this result is Quantum Spark Security OK. Security Appla Check Point seems to be of the router, if I enter admin admin, I don't know actually but still try by default, sometimes some router is admin, admin can be admin, user can also be by the way, if I go to this Let's put the user now try Kutum Spark, let's search what is small business on Kutum, ok this is fire l, I thought it is just a router, yes you can see it is just a router, that means it is not actually a router, it is just The type of a router is fire and they have put this, if I access it, if brute force will work, then the copyright is good, this is the latest, so maybe they might have stopped the brute force, but this is not HTTPS, it is just If it is HTTP, then go there physically, where was it from? Hey, the third result was, isn't it our best telnet service, whatever, let's see. We have a little bit of location, it is fake, we will always find something else in the history, oh no, I don't care, I have power, fire wall, okay, they have installed fire wall, it means there is something, whatever it is, what was its name, best telnet services about it. What do we do, let 's check , we should put a little bit more, actually, this is also being done to log in, but come on, there is no one, there is something, I think there must be some wifi people and what else, okay, so. We had accessed this, okay now what should we do, slightly different results, if I search the name of a company, then only and only possible devices related to that company will come up, okay now I do webcam, if I search When I do a webcam, it says, login , okay, let's do it, I need to search, I need to log in, sign up, we do one thing, we sign up, we give the name, Pandu Pandu Jaado Nahi Pandu Takle, there is no organization. Required is telling, let's give the name Pandu PVT yes ok let's give the email which is not available in the phone, we will tap mail yes why no ok yes yes I did not copy how much time has gone by ok put the password on this please friend that phone number Should n't I ask? I don't have to enter the phone number. What's going on? Actually, I press that tab to switch, that 's why it's okay without adult lion. Brother, tractor email is not installed, so I don't want to do this temp mail. Is giving but still this is enough for our research, 15 minutes is enough for a search engine, that means there is more for this topic and you can check it, it was very good, it was fun, any question is in the comment. Now let's see a tool whose name is Foca and we are going to run it in Windows. And this is the graphical part of our GR, how we used to extract the document, etc., this tool also does the same . Sometimes it also removes sub-domains and this tool which is very easy to use in S Compute is our era. You must have seen that you have to do commands like installation etc. It has a little installation, sorry, it has a little easy installation and so on. It is very good to use and is quite popular and also works very well, there is no noise in it, so let's just start and yes, it is in Windows, so let's start with the commentary, so the first thing we need is our browser. Open our Brave End here you have to search SQL Server Download because to run it you have to run an L Server and don't know which is in our syllabus so I am telling you so L Server End Express Download is this. In this way you have to search, two options came up, you can do the below one and the above one also, for now, do the above one and you have to download it, remember it is compulsory, without it your tool is not going to work, okay. So I click on it and here it will run Express, so we have to select the basic one and accept and if you want to change it then you can change it and this installation will start, first it will be downloaded 200 We are going to install AB's internet and after that it will be installed, so let's just wait. What happened the first time, I had taken it earlier and I had not installed the SQL Server in it, so because of that, the tool did not run. So I am showing this because I came to know that it is compulsory for you too to download that server, you have to do it, see if you mean that it may make the laptop a little slow, a little more than this. It doesn't matter if you assume that your laptop is already slow and you don't care if something else is happening, then let it go, no problem, this is not compulsory, I am just telling this because it is graphical. And this is similar to it and if you want to do it in Windows then that is why I am telling you okay otherwise you can also do the reckoning so this installation has started now and it takes a little time so what can we do Let's first forward it, so it's okay, it has been installed and that's it, there was nothing there, so the connection string that is visible, you have to copy it in the connection string, that name. Okay, I will tell you why and just open a notepad, put it in there and close it, okay. Yes and cut it and close a new tab, now you have to search for it, now we will install it, you will get two options here, the one below is duplicate, you have to do the main one, the upper one is OK and come down. Here you will see its dependencies, what all are required. Suppose, if you do not have NET Framework, then install it. If you know Visual C, then install it and AQL Server, which we have done now and off course. We need Windows, so it 's okay, here click on the religious page, we have to click on it, here you will see many versions, out of which we have to take the latest one, we have to click on it and below that z The file is there, you have to download it, version 347 of F, whatever it is, click on it and the download will start, so you can see what I did first, when I was taking the first take, at that time, it was of SL server. Error was coming so I am taking this second take, this time we have installed the server, so this time whatever it is, I cancel it because I don't want to do it, I have already done it, I close it, so whatever it is. We minimize it, we have to go to the end pictures and here the zip file is visible to you. By the way, that zip file is of the server and you have to extract it and yes you extract it, extract it to the extract. If you have to extract it, otherwise if you extract it here, it will not settle down at all, there will be complete confusion, so if you extract it, then extract it and in this way, whatever is there will become systematic, then whatever application is there, it will be included in it. You have to run it and that's it, it will start, let's say some error comes, AL server etc., whatever we have copied, paste it there in Notepad. Did you understand that if someone comes then I close it, and here if he comes then do it, then you can see that this is an application, there is a network option here and expand it. If you give the option of server and client there and the option of document analysis domain, then in the project select project we give COE P. Actually, if you have not selected it already then you can give OK, then you give the project name here COP COP. We do this and remove it and in the end domain website we name it cg.in which we have done many times before. If you want to enter alternative domain then you can enter it. Okay and ATS yes okay that is the location. Wherever you want, create a new folder in our working pictures and name it COP OK and this is all right here and in create import it will be yes, if you want to import, you can import from there from the old one and then If you want to do further research then you can do it, you can see this in COP, our project has been created and here we have many options which we can see in the plugins and network, if you go to the document If we have to extract the document, let us assume that we can extract different PPT, PDF, etc., so we can extract it, then we will search engine there, page, bing, dog, go, select all and start, that is, the document which you need. Select that, for now I have selected all, that's why this is happening, okay, there is a big list of this, okay, if you want to stop, you can stop in the middle and here you will see some messages etc. and The source etc. set will also be visible. What is the set, I will explain in the Vulnerable Analysis section what is the security, there is nothing difficult in it, the source will also be visible and the message will also be visible. Okay, so whatever it is, perhaps it has already happened. Yes, it is fine. It has already happened. If the stop option is not coming now then it means that it has been done. Okay, so let us see where it is stored and if we see the size and meta data, we will see Malware Analysis means in that file. If there is any Malve etc. then in the pictures we will see in the COP whether it has arrived or not and then we will go to the certificates and see what the certificate is for, it seems that maybe it could be their SSL certificate but our documents have not arrived, why? If you haven't come here, you should come here, let's try the save lock file. We name it as A A A A in the pictures and here we see what is there. Okay, there is something in Robot Xtis T, this is not what we need document. Let's see the document. If I right click on it, what is coming and what are the settings? There should be settings. Why didn't it happen? Let's do one thing. Right click, yes, right click download, download all. Okay, so yes, now it will be done. So yes, there you can see on the left side of the folder, some things are coming and what are the options like Analyze all file, extract all meta data of the file, yes meta data means you can also extract the meta data of that file. Where was the file created? Okay, so this is happening, so let's just let it happen, so now let's see from the total 573 files, this will happen, we can't sit on it, let's see what else is there, so in the domain, if let's assume that you have the domain etc. If you want to find out, then you can find out that it means how many related domains of COP are there, all the domains are related domains, suppose cop.com c.in, you can see all these things by doing a dictionary search here also, suppose you do not know. You can enter the word list in it, let's search the web, yes brother, yes, we have to do it, yes, you can see that it is coming there, all domain search is ok, no, not all domain search, something else is coming, maybe now let's see it expanded. Let's do it, we can see that we have got this one, yes, okay, so this document which is saved, let's see, if we want to open this folder, okay, then here R is okay , let's see the COP. You can see that we have downloaded all the possible documents on that website, some of them may be sensitive, some may be non-sensitive, some may be informative or some may be quite informative. This can be dangerous. Let's go into its details. If we don't see anything, it means its extension is just showing the file. So let's do one thing. Let's take a file. Suppose if we take this file then inquire and something is visible in it. The date is 2 2018, okay, and that's it, there is nothing special in it, let's just close it, let's see what else is there, let's see the permission in the permission letter, permission letter is given to the letter head, nothing special, okay yes. You can see this PPT, maybe you will get something from the PPT, welcome to PCO, placement etc. Thank you, that's it, nothing else in this, I would have deleted it because I don't want it. Okay, what didn't happen? Once again, shift delete, delete this too. Also , if we close the delete , we will see what all is coming in the domain . In our OK Raji, we will see that there is nothing COP. Yes, here is some information that we are getting, probably all the files were there on that website. Yes, we found it and we did the same in Document Analysis and the same thing is coming in the domain too, but if you look at the above information, you can see that something like 2.47 is coming and Banto's server is there and Ache's server is there. All these things can also be done by Excel. If you search for the current version, latest version, you will see 2.4.5. But how can it be 2.4.7. It seems like there is some glitch in it or else you It may be like this also, we search for it, current and ba two versions, current current, put current, here also the same is showing, it is showing 24 points, so maybe it is something like this, whatever it is. It also has its IP address there and what is there in it, if you scan it then you can search which version is vulnerable in your particular version and it can be exploited from the exploitable. No, we will eat it later, I will take it a little higher. Yes, all those things are the same, that is, how many possible files are there in it. Not possible means all the available files, let us see what is there in the network. Yes, then there is loss in the network also by the You can use them , the option is coming there, it is good, then web search and start it, yes, yes, it is happening, it is ok, cloth it, let 's see in the cloth folder, whether anything came or not, no, it is ok, nothing came. OK, let's let this happen, OK, till then let's see what is there in it. Yes, OK, so we have got one result, OK, and one is its IP address. Let's expand it. Yes , OK , the same information is coming in this too. The domain which was coming in the previous one and the same DNS resolution is showing, one thing is fine, we have also got the range of Finger Printing Skype Ads, it is quite good. So you will know how many IP addresses they bought in total. By expanding this option, what is there in it? Yes, it has the same number of possible files and yes, it is visible that what is there in Linux left OK, its OS or Unknown Servers and yes in it. There is nothing, okay, there is nothing in it, so this was informative, so we got something, we got its range of ads, its server, we also got it and all the possible documents were also found and from that document we got the data. If you can extract it, that is your task and here you can see it in the parameters in the documents in the folders. By the way, I am doing commentary. Okay, you are recording this, I had said many different things. Yes, so in this you have the admin one. A parameter has been found, so you can see here it is saying Access Denied, so Access Denied means if we connect to the router of those routers and try to access it, then maybe we can get it successfully. So okay, we got a few things and that's it, that was the recording and so many things, it was very good, I liked it, it was quite fun too, we got a lot of things, that is the document or its meta data. You have to find and about the tool whose name is OS R A Framework is actually not a tool, it is a set of tools in which many different tools are coming and it is together meaning whose commands which are different are different. -For different uses, suppose what used to happen earlier was that we used to enter the command of one main tool which was our tool and then dash etc. It is not so in this, there are different commands in it for different uses. I will tell you what it is and I will also tell you how to install it, so let's just start, first of all we have to open our terminal and make it full screen and a little zoomed, then put the command here 'sd at install os r framework' and enter OK like this. You have to enter your password and it will be installed. I have already cleared it and here you have to enter ' Os Arf.' By the way, it is okay, it is not like that you will put os rf, dash and use it, it is not like this, I was saying this with a separate command, ok, so what do we do, one by one, I will use it and show you how to use it, so allies. Generator, this is what it is, it is not working, I have tried it, check it, let us try it, OK check it, verify the given email address match pattern, OK check five, if you enter it, you can see that the command is yes, it is real, blue is coming, it means real. And this is just enter, let's see what is its help, what is it, it requires Nix Nix file pattern and output file type, version, OK, so it needs D, and what does it do, verify if a given email address matches a. Pattern, so I do one thing, this is my temporary email, let's put it, let's see what is coming, okay mm, put it, did I think a minute, no, no, no, it was there, it was yes, what else is needed, it needs a pattern. Okay, let's put it in the pattern, but we don't know what to put in the pattern . We do one thing, we don't run it, what we do is run the domain . Now its manual has come and it might be looking a little bit black but adjust it a bit and let's see its use. A nickname means only one thing, which is its domain, it is the domain of a website, now it is the domain that is required to be entered. If domain is mail then we will enter mail. If phone is then we will enter phone, meaning we will enter phone number in this way, Nick means Nick and then extension, main etc., it is okay, this is a different domain, by the way, it is okay and this is e and okay. Okay, so Dn, you have to enter here which is your target website, that is COP ok dot oo rg in, you can see that I had already put it, now if you just enter, it will run normally, now it is like this. The output will come like this is that COE and this is its IP address but when you check this IP address, I have checked this IP address, you have to do IP tracking, I told you how to do it, that is, just information about the IP address, then IP. When you click , you will know that what is this, is it the address of the DNS server or is it the address of the server, so for now, let me show you what it is, copy it, I have to open the browser by Control Shift C. Yes, this is Framework like this if you forget how it's okay like this okay and Here you have to search an IP look up, this is how it is done, look up the IP and paste it here and get the IP details, we had seen this in Aran also but still and this is the name of the chip and you can see. That this is a VPN server and you can see its location etc., then whatever VPN server they have installed, the COP person said OK and let's see, now this much information is not enough. If you want to go deeper, you can write a command. Yes, do you know what it is? Okay, so now it will come in a little detail, like you will see that now a little more are coming, now the results will be a little different and if you want physical output, it means physical, not printed. I am saying that whatever is in this file is stored here. Do you understand? So see here, I have got something, I have got this one, I have got this one, this is also an email address, this is also an email address, this is also And this is its domain and we have also got an IP address and that's all the information. Okay, this tool is not that special but it was quite popular, that's why I am telling you now let's look at phone f to see phone f. You should not put a website instead of a D.A. It is fine in this way, do not use such a website, let me tell you what will happen if you put a website, then actually you have to enter a phone number and a little detail about the phone number comes. Like, is it from a scammer or something like that? Now you will see that this link is coming, now you will see that this link is just giving us in the format of URL, in reality this does not happen here. There is a number, have you understood that it means that a number has to be entered here, you are clear, so I will put it in a random number, just so that mine will not be written and no one else will have a doti ch pa 6 sa 8 9 10 bus. I don't know whose number it is but I have just put it at random so ok if something is a platform positive ok then let's see what information we get then it is fixed meaning this domain has been closed so it is English English I calls me From never phone is ok ok there is no information I think the number is wrong now enter the number I can't enter mine so I have you understand what I am saying yes so now no now let's see email f email The email file is correct, what was the email file, the email file was there, the mail file is OK, the mail file has to be entered and what is its use. If the mail is in any file, then the capital Mnix file will be created. OK. If so, try DM and I have a temporary email. Let's see if it is okay. So, whoever comes in our destiny, I understand that it is okay for this, then let's do one thing. The tool is running. If your If it is working, then tell me what else and what else we try to search. The search is quite good. It is similar to the share lock that we tried. Let us see what is its use. Why do we have to query it and the same. Same thing, why do I have to put a dash and here I have to put the user name, understand, you can also put the user name or the name, like, if I put 'mung man', what will I try, what will it find me or not, it is a bit ok, so it is saying that No data, nothing special, it works okay, let's try something a little different, oh, not the same, it's not the same, I have to remove this, I have to see what else is there, search some alternative header file, find the path, okay so Q. If I enter David David try Baml is ok then it is saying no data it seems this tool is not working properly if we enter dot com then yes brother yes it has created it yes yes you can see If there is no data found then it seems that there is no problem in it, it does not happen like this, I had tried it earlier also, whatever social media is there, means they must have the users from there, just like it used to be in Sherlock. Whatever data was coming from it but it is not coming then it was a very easy tool, nothing was difficult, do practice, if any error comes then tell us and let's move ahead. Now we are going to see the meta data of a file, meta data of an image. Whatever I have seen, we have seen it, meaning and in that I had said that I am not going to tell about the file, but there are some very knowledgeable people, still they ask in the comments that brother, how to extract the video, how to extract the PDF, so I am showing this. Okay, so remember, I had given you a PDF, sorry, in my description in the previous part, the link of the PPT is in the description below, if any of you would be smart. So he might have extracted its meta data or maybe not anyone because I have not learned it, meaning I have learned to extract meta data. Now let's look at the file one, image one, random file, any file, mp3 file, mp4 file, pdf file, ppt file, excel file, any one. File Okay, so let's start, first of all, I open my browser, I will show you, I have not downloaded that file, but if I put Mango Man First video, then please accept the disclaimer and its description here. I can take any one, so let's take the email address, we download the document, okay, whatever it is is being downloaded, yes, it is done, what to do now, we do not have to open it, it opens for a minute. Is it not there? Okay, so now here you have to search meta data data from and here you can see the PDF URL etc. etc. It is showing from PPT. Let's try out the meter data from. Ok a minute, not here. One thing to do is to do meta data from file, OK, any file, any file, yes, this is the website, I have used it many times, choose file and here it said, 'It's fine, it was said a minute ago, I am fine.' This one was there a minute ago, there are many now, I was in downloads, I was on home page, I had seen many files, whatever is the file with IPv6, you have to select it and load it. What is happening is that whatever your file is, that is, on which you find the meta data, it can be any file and it will be loaded and you can also export it. If you have to send it to someone, then the application etc. etc. is visible to us. So we got that this presentation format in Microsoft Office Power Point is wide screen, total is 10 slides, okay, nothing special, we need something unique, we need okay, one minute, got something, got something, yes, here it is, creator who is Mangesh, please accept that If you find any file, any application etc. then there is such a creator who is like if someone sells you a virus. In this way, if you want to find the creator, maybe there are some chances, it is not so possible in the application, but still you can probably find it in the creator or Then if there is any PDF file, the creator can be found in it, so now you can see Mangesh ji Khedkar and that's all, there are some more modified dates in it, maybe we will get 0 to 11 02 means 2 February, maybe 2 February, no, it means So, you will get the modification date also, you will get the creation date, yes, you can see it here, 2023 is perfect, so yes, just like this, we have got the data, there was nothing difficult in it and different files which are You have to try, that's all I can show you, I mean more than this, it will be a child's play, then what will you do, that's all, if you have any questions, put them in the comments, let's move forward, now we are going to see about this tour. Whose name is Spider Foot and the name is very strange but whatever this tool is, G Reckon is better than our rand AG Bill Siper. Yes, it is really good because it is graphical and the special thing about it is that it is black and down below. If you come, you can see this and its information which is written here and you can also see its features. If you want more users, you can also see the installation which is given here. This installation is a little big. I will tell you the easy thing, you don't have to do anything, just git clone it, okay, and that means you can do it with this too, but if you want, you can do it with my method too, then git clone it and paste it like this. Have to do it, let it be cloned, okay, so it is cloned, let's clear it. Has the CD come? Is it spider put? Clear it again. Otherwise, I will make it full screen and let's see what is there in it. The requirement is visible and we have to install it. Don't know how to do it? Install the requirement duty act. Okay, this is a little extra. Yes, so now its requirements will be installed. Okay, so it has been installed. Let's clear it. While doing this, what is there to run, here is a file, this is also a file, here is also a file, this is also a file, or this is also a file, maybe I think I have to run this, only the spider bursts and nothing else is written. Therefore, here also a folder is given and if we see how it has been done then first of all install the requirement and do one thing once. Let's do this and maybe something different will happen, install it, okay, now let's see how to run it, Python, yes, so as I said, it has to be run like this and this is the DLL, right, on this IP address, this is a private IP. The address is, if you know, then whatever is on this IP address, we have to host it, which means it will run web based, I said, we will access it from the browser, so dash L means local host or whatever you want. If you want, you can say DL, here you can give any IP address, it should be private, don't give it public, okay then end ports and ports too, you can give whatever you want, otherwise what do I do with it, I just copy it. There is no need to give anything else, in this also there will be control shift and enter and it will be executed. Okay , starting web server is done. Maybe if I want to access from Brave then maybe I can access. Dut Dut 1 What was we 5001 5001 So as you can see , this is what has been accessed graphically, there was nothing difficult to do in this way, it is called web best e, understood. Okay, so you can see in this scan, settings etc., light mode, dark mode etc. If you want, you can also do all these things, import keys API, extra features, this means this is a plugin, by the way, what you are seeing is this plugin, you can come here to enter their API keys etc. Okay and this is also something Maybe for proxy etc., all these things are there in the settings. For API chains, OK, in End Scans, if you have done any scan in the history, then it will appear here. End New Scan. Now let's do a new scan. Okay, whatever the scan name is. If you want to give it, you can give it. For now, what do we do? College people do it. We put the CoE P Dot Scan target of COP. Okay, you can buy by following automatically. Okay, sad org.in, put it like this and here. You can see what it means, what to do, I have explained what happens in the starting of the starting module and the footprint investigate is fine, we all do it, what to do is run scan now and this scanning will start, showing no data. Okay, it is not coming good and you can see that the scan is showing running, it is fine now, okay then let it happen, just wait and close it, do one thing till then let's see its features and if it is happening then web. Base, as I said, it has more than 200 modules, so out of all the tools I have mentioned so far, this is the biggest one. I think Raji can also be one because it also has modules and this and path semiconfin ok or json file. You can export a Json file in If you have never seen it, it is a little XML type, no, not XML type, I do one thing, I can see it to you, quite a few of you would know, but you would not know, the Json file is like this. You can see in the images, it is like this, it is okay, it is like this, it means you saw it, but you did not know its meaning, it looks like this, it is okay, so it can be extracted in that format also. This is what is happening ok SQL lite back end for custom querying ok Highly confident force Full documentation for dark web searching Also there is visualization and Docker file ok So many want more need more no spider foot this What is ok, this is something, maybe for extra features, ok, something is ok, ok, in users, you can see that is domain, sub domain, host name, network, subnet, CIDR meaning and what is the meaning of range of network, that SN SN, I have not yet. Taught you, I will teach you in a computer networking course. Email Address Phone Number User Names Person Names Bitcoin Address Yes Bitcoin is not going to be available but come on and the feature is quite good so I have kept it last so it is still showing running but Here we see the graph which is the data type, you can see here the name, company, country name, etc., what is this in the description category, the description category and the total elements it is getting and see the domain name, it has got two elements in the domain name, domain. One element found in the register and what is it? Some 14 elements found in the email address. In the internet name either yes means this data cannot be read completely or you get the total which is 90. Not even one found yet. Status running unique 78 so here. But let 's see, what is there, nothing here, yes, it's okay, a lot of information is coming here, look at the country name, India, okay, it's great now. Didn't want to come back, no no yes, I thought it was closed, we go inside it, we browse here and see what is there, give the domain name, we have found this and what is this, we do not see in it, it is okay, it is not loaded at all. And the source module is spider path, yes, it is okay, we are getting it also, we know the SSL certificate, what happens to you, let's look at the DNS records, we are okay, there is nothing special in it, email address yes, in the email address you can see that there are many All the emails are there, they are here and as far as I think all these emails are, they will be of help or else log in there and look at the one that has been received, the Admin MSR, so the Admin pages that I probably showed you earlier. No, I don't remember which GR Recon was there, neither was G Recon, nor was it ours. You must have seen that we search for login pages. On top of that, I showed you the one from MIT. I had tried COP before that and login pages were coming on it. Maybe the email address on those login pages, which is the user name, maybe the password, you have to find it, that is, in web application hacking, I will tell you how to do brute force etc. or you can also do phishing etc. Okay, so that means. We can extract the email address in this way, now let's see it is also in graph form, it will give you what it is, okay, okay, so this is our main site and its connections are like this, Jim, okay COP. In this way, in graph F also you will get what is there, which means you will get it. Okay, so I think this is all Gmail, that means, sorry, its email addresses are coming. Okay , what is there in the COP server is not coming. Okay, if we zoom a little, then like this. Whatever is visible, yes, by the way, sometimes what happens is, let's assume that an image is what it is and what some people do is link it to another site, now you can see it in Git Up. If it is uploaded then nothing will happen on Git up. Suppose it is linked to some such site which is publicly available, then by replacing that image, you can put some dangerous images in its place, due to which That image will be replaced on our main site. I understand what I am saying. Suppose I have a website which only contains photos, photos and photos and this is our college website. So, change the college website a little. Need a normal photo to decorate etc. and what they did was they took that link from my website and pasted that link here in their website so that that image got shown. Now let's assume that this image is changeable . The author may be someone else. If that author changes that image, then we will get the image in its place. The image in its place will also be displayed on YouTube. This is called a broken link. Yes, it is okay, this will be just an example image. Now there are many such examples, okay, so this is in graph form, scan settings, okay, let's see what is there in the log, okay, then let's go back to the summary. No, don't do the summary, in the collation browse, we will see the domain in it. All these have been found, which I have seen earlier too, separately, or together, okay, let's see what is the domain name, yes, this is all the domains, till now it has not taken the data element EP server, okay scan, which is right now. Public code repository is also running. Okay, what is this? So is there any source code? Microsoft etc. Let's see which one is this, otherwise we have got something. If we assume that this is the thing, if we call this If you replace it, the function of our main website is there and we can change it. It's probably not CSS. No, I don't actually know which one it is. It's been a long time since I used any language. HTML is fine, so assume that. If I go to this file by mistake, if I replace it, then this file, wherever it is used, what is this file showing, if I copy it, oh, the code is not getting copied properly. These numbers are also being copied along with it, but whatever it is, it is okay, this is the code, you will see its output on the site where you are testing and there is one here also, okay, let's open it in the dock. Type HTML is ok why use a framework the website single atm use frame because expand might so what have they done some extension which is a minute some extension which is they have put in place so what is this but don't know the source code a palettes good website Let's look inside what is D.P.Y. We are fine, so we have got something like this, if we assume that if this account gets deleted by mistake, then this file will no longer exist and I What can I do, if this account gets deleted then I can create a similar account and run the Python file of this type, then my file will come in place of the one that he has linked here . Got it? I have given an example of broken link which I will teach you in the course on penetration testing but still I have given you an example and let 's see what is there in it OK or in web content OK so yes so we used to copy websites etc. Do you remember? No , all these things have come to you directly from the HTML file, so if it is not correct from the HT track, then you can do it from here also, this was also a very good thing, I liked it, web content type text, HTML text. ATL OK OK OK, so this is not a direct release, this has also been done, this tool is really very good, this is the best tool that I have seen till now and let's see what is still running, ok User Name In this we see that we have got a user name and this is also a user name, maybe I think, Sup Account Source Mud, this module means module, which is the spider, if you use all the other modules and modules. You will have to enter whatever API you want and it is still showing as running because every single module is being used for searching. Okay, so now let's see what else is there in it. Yes, if we give it in the user name, then the source data element is here, then we login, we reduce the login pages which are there, if we extract them from G-reckon, if we take out the login pages and above the login page, if they forget the password and enter this user name. And if it says that OTP has been sent then it means that this user name is correct and there is a bug with OTP bypass, we can try, it will not work, still we can try. Now you will not understand what I am. Whatever I am saying , please assume that those who have completed the course and are still watching my video for revision, then they must be understanding it or you too can understand it, there is nothing difficult in it, there is an internal link. Let's see what is there, okay okay, here is the internal link, we have got it and okay, let's see what is there in this, it is the same direct gender type but something is different, internal means internal links after login. Maybe we can see what the link is, if we assume that I open it, what is visible , or it is in Marathi, if you know it, then it is good, if not, then the information that is here has been leaked like this. Now look friend, I mean, this should not be leaked like this. Have you understood that someone's name has been kept by himself? It should not be done like this at all. I will tell you, okay, I will close it and see if the exam cell procedure is ok in this. This is some old time table, the result is okay, this is also something, yes, it means it is not so important, it seems that it must have been made for their students, if it is found in the photos and videos , then those hacker people are the ones who have not seen it in their movies. You may not have seen such movies, that is, how would I know? Or you may have seen in some reels etc. that hackers are people or in some movie you may have seen it said twice, I may have seen how hackers people find images etc. Now this This is an image, what can I do on it, do you have any idea what can I do on this image, suppose there is my target in it, what can I do, use your brain, I will give you time, ok then Whatever I tell you, what can I do, all these students, first of all I tell them, whatever is written in the degree, Savitribai Phule Pune Vidyapeeth, OK, it is not clear yet, assume that someone must have got the clear, if this is also not clear. This is also not clear, Savitri Bhai said, Vidya Pat, I had done the COE, but whatever it is, if it was clear, then I would have got a lot of information from it, like his name, his roll number or date of birth, something like this, etc. I can get whatever is there above, but what a poor quality it is. Yes , it seems that there is a little bit of it in each one. If I look carefully, then accept that. If I can search for this boy or this person, then it seems that the degree photos of all the people are the same, I don't know what the degree is, whatever, there are a lot of photos which are coming here on the desktop. By saving this database , it is not opening. Actually, I do one thing, I open it from here, but it seems that there is something in it. DB means database, simple and there is something here also, okay, a lot of things. The thing that I have found on this is Parent Dictionary, I have to go to it, OK wow, yes, there are many more things, I have found this, what is this, maybe it is a video, no, I have to watch Parent Dictionary and I come here, I am okay, I will come back and What have we seen? Let's see the 25 minute clip and also the photos of 2017. We have these people here. Okay, so yes, this is enough. I am getting bored. Let's see 12 graduates here. So, one minute. Okay, let's go to port 443. Let 's see what is there in this, are there any PhD students, is there anything like this, but whatever it is, okay, this is also good, this information has a lot of value, we have got something in this too, and let's see, we can see any random, I have not seen anything, I have told you how much. Told that this means that this part is enough, it is still showing running, let's see what else has come web server, this is all you got, it is ok, URL use JavaScript, yes by the way, those who know JavaScript, bug hunting first, penetration. They can use it for testing. Now if we see what is inside it, then whatever this one probably is, if they can analyze it a little and change some things, that is, if they understand JavaScript, then they can play with it. Suppose there is a small bug there, then they will definitely know how to exploit that bug, this is necessary for bug detection and penetration testing, they will know it and see what is similar, similar domain, similar certificate, what is new Right OTC port this board is open and if maybe I can exploit it if it's running some old service then there is a login page look so let's do one thing what we do and user names user names user names If you supplied correct user name then it is ok, even if I enter it wrong, no one is telling me this. Even if I enter it here, it is telling me the same. Well, there is no one but it is ok, there is a login page. Got it maybe there I am the user name which is and here P is also a user name here P is also here P is okay and the user name is that we have got it and what is B to A membership what is this no none Open None Trust ATP Header Name Server DNS Record Linked URL Link External Resolve Hash Hash One Minute What Was One Minute One Minute Hacked Email Address What is it? Has this email been leaked? That's why I am telling you that hacked email address is something like this? Let's see if it works. I had told in the previous part that no data breach means that the email has been hacked. Even before I scanned it, it seems that many people have accessed this website which is probably a data breach. Which I had done, means it is quite affordable, what is the popular number one college in Pune and do not come to seek the website, enjoy, there is nothing like that for me, I would have told you, maybe I can take COE in the degree and then I will secure their website. I can't do it right now, okay, let's see, that's it, I'm bored, what's going on? Yes, you can see, we have extracted a lot of important information, we have extracted the user names, we have also extracted their login pages. We have taken out the photos which were internal, we have also taken out the details of the people and we have taken out a lot of things, we have also taken out a link to the source code of that website, what JavaScript is being run, etc., so many things. It was great, I really enjoyed it. Out of all the tools taught so far, this was the best. In my opinion, whatever questions you may have, put them in the comments. Let's move ahead. Now we will learn about a tool whose name is Aran and this is a very small topic, there is nothing difficult, I have taken it because it is quite popular and what it does is that it extracts the IP address of our website, its range and its subnet. What is this, from this we will know how many IP addresses that company has purchased and how much range they have and how much range they have and the number of IP addresses available in that range then how much total they have. If you want to support devices , then you have to search in this way, just put your search in your name, otherwise come to their website, we need a search, okay, you will come here, if you enter facebook.com here, then you can see it. That yes, it is clicking my email address and then you can see the results, some are not coming properly. If you understand, then I will tell you how to do it and the first thing you have to search here is the website. IP address, go to the website like this, IP address OK and here you have to enter the domain of the website like facebook.com, like this OK then it will come and here you will get the IPv6 address and IPv6 address. And below the extra questions means whatever will come. Okay, so this is the address that we have to copy. I copy it. I have to come here and paste it here. Okay, if you want to search, then from this address. It will give us all the related information. Okay, let's see what is there, so its range has come, let's assume that this IP address is in the range from 157.7 till here, they have bought these IP addresses. CIDR means Classley. Internet Domain Routing, I have taught you this in the part about Subnetting, do you remember? This is its notation. OK handle etc. Registration. You can see End Changes in 2015. Last change was done in 2021 and this is probably extra information here I think. Let's see OK, maybe it is the same information, is this file any but the file is not showing, which file is probably not, there is nothing special in it, OK and here also the same, this one and port 43 is fine and also know about these files. I have done further registration from this address, you can see that the last change is in 2004, which means in 2024, last month. Okay, and here this is their information, so what I was saying is that this notation is useful for us. Let me tell you how to do it, you have to search CIDR Subnet Calculator, we have done this before but still I will tell you, go to CIDR Subnet Calculator or any website and enter the IP address which is there, that is. Not that what we had taken is this one and paste it here, slash whatever notation will be there, put it on it, calculate and calculate whatever it is, then it has also given this range from where to where it can be and this here. How many IDs do they have in total? They have 65000 IP addresses. It is possible that this IP address may be included from server or included from computer or included from mobile. Mobiles will not be included but still CCTV cameras may also be included. Their webcams may be included. It can be as many things as possible. Let me tell you how a hacker will think with a total of 65000 servers. The tool is finished. One minute, this is my short kits not working. Yes, so let me tell you what a hacker will think. Now the hacker has come to know that He has taken total around 65000 IP addresses. Suppose he wants to take over all the servers, wants to encrypt them all, it is not possible right now but still wants to do it, then he knows how many total IP addresses he has and more than that. If it cannot be done at all then he will not let it happen at all, he will hijack everything, so the only advantage is that how much total has to be done, suppose now we know the Subnet also, then you can see that means how many portions will be network portion, host portion. If we came to know because of sub net, we would also know how many networks would be there, so this was the information, nothing special, if you have any question in this, please put it in the comment, that's all there was in this part, nothing else, so enough this time. I am as energetic as last time. Actually, last time I had fallen ill. I would have been very tired after that part. What happened at that time was that I used to edit in Clim Champ, then time, now I use Cap Coat, Viz version then. What happened was that there is a lot of storage in Clim Champ, it is such a poor editor, after that I never used it, that was that my storage would be so full, that is, it was not even the size of the video, the size of the video would be around 5GB, okay. He was taking 100GB, 100GB actually what happened was that when I was exporting and while exporting, the export was not done, everything got cleared, everything was gone, the storage got exhausted and everything got cleared, so this is what happened in the previous part. And because of that, there was a little delay in putting the part due to which I and I did not even have a backup file, so I had to take a retake of full five hours, that's why I fell ill, but this time it was perfect. Tha and wait part three, don't comment until you give a like. Now our audience has increased a bit. Now that I am uploading this video, from 5 5.8 subscribers, I give you 1 like. I give you 1 target. For part three of like, I will put it in part three. Okay, so just revise, do some practice