all right, so we could do a few more things. Well, you know a lot more things that I'll show you a few more things. Another tool is recon on Dash in G. Who does this kind of medicine boy esque framework for reconnaissance there. The syntax is going to be very similar.
We could do a show modules,
see all of our available modules. You can course, try any of these will just look at one who get. It's very similar to medicine bullets. Does it use? And then the model we want told you re kon
contact that Eskridge on DDE have. I've been hoon. So this will basically search through
note email dumps on, see if our e mail addresses in them. So chances are your email has been in some dump that some point
if you use the Internet since so many things get dumped. So it's worse knowing so you could change your password,
Um, did contacts within ish grids
Have I been postponed? And if I said
sewers too good at both security dot com, I actually was dumped once.
It's found in the Adobe data dump. So my email address and associate ID password. Hodge was done so at one point
attack. But I've actually since changed my password too Good for me.
And you should do, say, if you are in any of these dumbs
well, again, there's also different modules you can use, uh,
fair amount of information and
Let's look at one more thing before we move on to actually attacking our virtual machines.
a few different places that host these. The best one the most up to date, I think, is this Google hacking database that exploit Devi. There's a original Google hacking databases
from Johnny Longley,
developer who first came up with this.
maintained butter it exploit. Do you be
people hacking, David? So what? This does this you just various Google operators like Site Colon are
as like having the text include a particular straying
like a file extension names things like that. So the different, like you can see some of them here, like in your l
in text, entitle different operators that you can use in Google searches to find particular information.
You could do specific searches or that what I like about this is it has, like categories here, like Who doesn't like passwords? So let's see vials containing passwords,
I always think, is a good example.
though here's the actual service so we can have that search run
he's a quick two. Huge your manuals, default passwords and
You know, I actually have an A t m lying around here's like zam Dura passwords. Santa's a
and then some. So it's like Apache PHP, my sequel.
I think Smallville FTP used in their affairs
fluting the trouble of having to actually install software. It comes as a package
so lonely people run them. So
cares their username and password, for example,
shoes did online. Oops,
Just by using this particular operators, we look for his amp their past where dot Texan for file type colon text
to do an awful lot with Google operators.
it's a good place to look for them. But really, you can just go to google dot com, play with different operators
like basic ones like you do,
but I say I want to say a password and I want the site to be.
They felt security that calm.
the simple one like those chances are it won't come up with anything particularly useful. And he's got my user guide for
hysteria. From then,
like my penetration testing class, would you? Password is action.
This is some curd from a block post,
so it may not actually be passwords, but as we saw sometimes it might, so you can use any
who go operators you want. But this database has some ones that have been known to come up with something interesting. That's a good place to start going to exploit. Dash DVD Out calm and Google Dash dorks.