Information Gathering (part 4) recon-ng and google operators

00:04

all right, so we could do a few more things. Well, you know a lot more things that I'll show you a few more things. Another tool is recon on Dash in G. Who does this kind of medicine boy esque framework for reconnaissance there. The syntax is going to be very similar.

00:25

We could do a show modules,

00:28

see all of our available modules. You can course, try any of these will just look at one who get. It's very similar to medicine bullets. Does it use? And then the model we want told you re kon

00:40

contact that Eskridge on DDE have. I've been hoon. So this will basically search through

00:48

note email dumps on, see if our e mail addresses in them. So chances are your email has been in some dump that some point

00:58

if you use the Internet since so many things get dumped. So it's worse knowing so you could change your password,

01:10

Um, did contacts within ish grids

01:15

Have I been postponed? And if I said

01:18

sewers too good at both security dot com, I actually was dumped once.

01:26

That's a run.

01:30

It's found in the Adobe data dump. So my email address and associate ID password. Hodge was done so at one point

01:41

attack. But I've actually since changed my password too Good for me.

01:47

And you should do, say, if you are in any of these dumbs

01:53

well, again, there's also different modules you can use, uh,

01:57

unsigned

02:00

fair amount of information and

02:02

this framework.

02:10

Let's look at one more thing before we move on to actually attacking our virtual machines.

02:20

We look for

02:22

single dorks,

02:24

a few different places that host these. The best one the most up to date, I think, is this Google hacking database that exploit Devi. There's a original Google hacking databases

02:36

from Johnny Longley,

02:38

developer who first came up with this.

02:39

But now it's

02:42

maintained butter it exploit. Do you be

02:46

people hacking, David? So what? This does this you just various Google operators like Site Colon are

02:53

as like having the text include a particular straying

03:00

like a file extension names things like that. So the different, like you can see some of them here, like in your l

03:07

in text, entitle different operators that you can use in Google searches to find particular information.

03:16

You could do specific searches or that what I like about this is it has, like categories here, like Who doesn't like passwords? So let's see vials containing passwords,

03:29

I always think, is a good example.

03:32

Etienne passwords,

03:35

though here's the actual service so we can have that search run

03:47

and don't look for

03:52

he's a quick two. Huge your manuals, default passwords and

03:55

teams.

03:59

You know, I actually have an A t m lying around here's like zam Dura passwords. Santa's a

04:06

basically website

04:09

and then some. So it's like Apache PHP, my sequel.

04:14

I think Smallville FTP used in their affairs

04:17

fluting the trouble of having to actually install software. It comes as a package

04:23

so lonely people run them. So

04:26

this is interesting

04:28

cares their username and password, for example,

04:32

For these websites,

04:35

shoes did online. Oops,

04:39

that's unfortunate.

04:42

Just by using this particular operators, we look for his amp their past where dot Texan for file type colon text

04:50

to do an awful lot with Google operators.

04:55

So

04:56

it's a good place to look for them. But really, you can just go to google dot com, play with different operators

05:02

like basic ones like you do,

05:09

but I say I want to say a password and I want the site to be.

05:13

They felt security that calm.

05:17

I think

05:19

the simple one like those chances are it won't come up with anything particularly useful. And he's got my user guide for

05:26

hysteria. From then,

05:28

like my penetration testing class, would you? Password is action.

05:32

This is some curd from a block post,

05:36

so it may not actually be passwords, but as we saw sometimes it might, so you can use any