Maltego Lab Part 1

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *

Already have an account? Sign In »

2 hours 37 minutes
Video Transcription
Hey, everyone, welcome back to the course. So in the last video, we wrapped up our discussion on search engines as well. It's a Google hacking database and showdown.
In this video, we'll recover a tool called Multi Go Now I've gone ahead and actually launched the tool already sent to taste a minute or two to pull up now, but I'll walk you through the steps of how to do that.
So for this lab, you're going to need Cali lyrics and preferably you're running it out of virtual machine. I would not recommend running it on your local machine
so long into your Callie machine. Once you've done that, you're gonna click on applications at the very top left of the screen. You'll go to information gathering and then you'll click on multi. Go again. I've already done so, and it's already pulled up on the screen behind me.
Now I'm using the community addition, which is the same one you should be using unless you have a paid version of it.
If this is a first time you're running Malta, go. What you may have to do is you may see different options to install some different transforms here, you can go through it. Install which everyone's you want. Thio. I've already installed some of the most common ones, but again, it's kind of up to you on which ones you want installed. Now, as you can see here,
there are also one center commercial. So for the paid version,
there are some other searches that you could do is well. The's are basically little queries that you can run.
All right, so once we have multi go launched, you're gonna also need thio register for an account or log in if you already have one, but also register for an account if you don't have one and everything like that. So when you first log in the very first time, there will be a link that will a little message. It'll pop up saying, Hey, you know, log in or
ah, you know, register. And then you just click on that and then go register.
All right, once you've done all that, so if you haven't done any of that yet going balls of video get signed up for Malta. Go. If this is your first time, get logged in. You have to verify your email address
what you've done all that stuff.
Start the video again, and we're gonna start into our actual lab.
All right? So if he had to pause the video Welcome back. We're here at step four. So now what we're gonna do once, once we have multiple launch and we're logged in, we're gonna click that green plus sign near the top left of our screen there.
What that's gonna do is create a new graft for us, so you'll see if you have your mouths over top there, it'll create a new graft for you. So just go and click on that.
It might take a moment. Don't you actually create the graph and pull it up for us?
Sometimes it's a little slow, especially inside of our virtual machine.
All right, so it since I double click there, it looks like I have two graphs, and that's fine. We don't We don't worry about that too much. So it's x out of one of those.
All right, this is our graph. No,
what you'll see here in the background kind of faded is a sense for demo use only, Which basically means that we've got the free version of it. So this isn't something that we could, you know, realistically use in a real penetration test, we would want to have the paid version.
All right, So we see some different things here, and we're not sure really, really what all this stuff means. We're kind of like a wee look at this. I have no clue. Can What does that stuff mean? Well, that's fine. We're not gonna dive into all of this stuff today. What's gonna focus on getting some hands on in this lab? We're not gonna explain. Every minute detail of Malta go. That would be an entirely separate course,
which we may come out with at some point,
but definitely definitely a lot of things. You could do it here. I'll just mention it like that. And then today we're gonna do it. Just a couple of minor things.
All right, so let's go back to our lab document.
So what we're gonna do now is here it Step five, we're gonna left click and drag the email address one. So this one right here on our left,
we're gonna drink that onto our graph area. So let's go and do that now. sits left, click on it and just drag it over and it's drop it anywhere on your graph. It doesn't matter which place you do
all right, so you'll see a condom. Drops it in there. So let's go back to our lab document.
So now what? We're gonna do it. Step six. We want to change the email address that it's searching, so we're gonna double click on the email address and were to change that to support at Microsoft dot com.
So let's go into the notes were to double click to us, highlighted and then just start typing in their support
at Microsoft dot com.
Let's go back to our lab document.
All right, so we've gone ahead and put that in there. Now where it step seven. So we're gonna click the plus sign that's next to the transforms option on the left side. All right, so you'll see it actually is selected already for us. You see, that's a minus sign. It normally would look like that, so just click the plus sign. If it's like that, it's already open. You don't have to worry about it.
Let's go back to our lab document
so Now what we're gonna do is we're gonna click the plus sign That's next to the Have I been pawned? Option.
All right, so we have to scroll down here to find it usually near the bottom.
All right, so we see its way it on there. So it looks like that one was already selected as well. So that's a great thing. Sometimes they will do that for you.
So if there's a plus sign there, go ahead and click it. If it's just to the minus sign, you're all set.
All right, so let's go back to our lab document.
So now it's still were a step nine. So in step nine, what we're gonna do is we're gonna click thes two little arrows that are together. When did the have I been pawned? Option.
And what that's gonna do is run the scan for us. Now, there's a lot of different options in here, but some of those you need in a p I he for don't worry about too much what that is if you don't know what it is. But when you sign up for your account, they should give you an A P. I ke and then you basically we just copy and paste it into these other quarries that you want to run the ones that require an AP I keep
now for this lab. I want to keep it very, very easy for everybody. I don't want to have to worry about. What's my A p I ke? How do I find it? What do I do?
I want to just be able to run some searches without a lot of issue so you can get their hands on practice. So that's what we're doing these particular searches on. That's why we're not diving into some of the deeper surges of require the AP. I keep.
So enough talking, let's go ahead and get doing our lab here. So again, under the V two, have I been pawned? We're gonna click these two arrows on the right side,
so just click. Those might take a moment, so but you'll start seeing some information showing up down here. What you should also see is this will start showing us stuff in this area here.
So what? Let him run there for a minute?
Um, it might take a moment of soda to run through everything and take a look. And some of this depends on heavy search before on things, you know, what kind information have you gotten back and looks like it didn't take my support. There we go. So let me run that again.
Looks like it didn't take my change there. There we go. That looks a lot better. And we should she get should get more results.
And so we get a little air message. That's fine.
What is X out of those or just say okay to those? Don't worry about those air messages too much. It's just regarding our query.
So the main thing we want to see here is Do we get any information back on? And then also, what we should have gotten back is some more information on support at Microsoft dot com and basically mapping, you know, and it doesn't seem like minds cooperating today,
we'll see if we could run a different evil address. It looks like we're getting some stuff back.
But generally, what we should see is some mapping here. So I'm gonna show gonna change mine,
because it could just be the fact that I've ran this quarry a few times. And,
uh, we'll be yahoo dot com on my end. But go ahead, stick with Microsoft unless you're getting the same air messages
and if so, then go ahead and just run it on a different email address.
We'll see what kind information we get back for getting the same errors. I know I do need to probably update this. I know there's been some updates. The multi go so well. Stephen will let that run for a moment or so. See, if we get any results back,
but we're trying to see is if there's any email addresses associated with support at Microsoft dot com or whichever email you needed to put in there
again, If this tool is running properly, you should see some mapping going on the background there. It doesn't look like mine is gonna work on cooperate today,
and that's okay.
All right, so if you got a yes to question everyone, So if you did notice some mapping there than
which places were associated with support at Microsoft dot com, you know, and again, a lot of times those air not like Bill Gates email, there's going to be different. You know hacking websites. Where, uh, this email has been exploited.
All right. Yeah. It looks like my multi goes not cooperating today. That's and that's okay. Again. What you're going to see here in the background normally is just a actual mapping, and it looks like I keep throwing hairs here.
Well, that's fine. We'll keep moving on with the lab.
All right, so the next thing we're gonna do is we're gonna delete out this email one and just I just like to keep it clean, but you can leave that on there if you want to. Andi will go into searching and domain.
So all I'm going to do on my end of things, I'm just gonna right click on this,
and then I just click the little Red X to delete it. It's gonna prompt me, and I say yes
again. You don't have to do it that way. You can leave that alone. If you just want to add a domain, you could certainly do so.
And before we jump into anything more imaginative, pause the video there. Just so we could say in our tentative time frame there because we do have a probably a couple more minutes of this lab, so I'll go in positivity or no, we'll pick it back up by looking at a domain.
Up Next