2 hours 37 minutes
Hey, everyone, welcome back to our course. So in the last video, we went ahead and started our re kon en G tool. We ran a few commands against it, and we were in the midst of scanning for some new host.
And if you hadn't watched that video go back to a go ahead, Paul is this wouldn't go back to that video. You will need to run those scans before we move through the rest of the lab.
So you'll see in the background there that I found four new host on my end. So question number two here that we were finishing up that last video with how many new host did you actually find with your scan? So it could be a different number than my number there.
Go ahead, answer that question. Once you're done, we're gonna type clear at our terminal window just to clear things up again. So again, we just want to keep things a little prettier for the lap,
and then we're gonna move on to step number 22. So step number 22. You were to type and show host so that we could see what show what host excuse me, are in the database,
so let's go and do that now. So show host.
You see, we got all sorts of information in there. So we see different host
address. Is there
all the way through. All right,
so let's go back to our lab document.
The next thing we're gonna do is type back, and then we're out of time. Clear again, just to clear things up.
And then what we're gonna do is run a brute force to find hidden sub domain. So let's go and do that now. So we'll take it back,
and then we'll type clear.
You see, we're back on our original command prompt there.
So what we're going to do now is we're gonna type in this command right here where it step 26. We're in a type and use brute underscore host.
So let's do that. Now, use
break, underscore, host, and then just press enter in your keyboard.
The next thing we're gonna do is show info. So it's going Type that in now.
Now, as with before, we can modify parameters. So, for example, we're gonna be using a ah word list file. So if we want to change the word list file. We could do so right in this path here we could put a different path in. We're just gonna use this default one for our purposes. Today, though.
Let's go back to our lab documents. So now what we're to do here in step 28 we're just gonna type in run and then press enter.
Now, this is gonna take a few minutes, but what we're gonna do is we're actually gonna probably do control. C two ended early because it may take quite a while. And just since we're performing a brute force so we'll see how long it's taken and will probably controls need to stop it at a certain point.
So just go ahead and type of run there and then enter
and you'll see it's going to start blasting things and eventually goes a dizzy all the way through,
and we're just gonna let it run for a little bit. As I mentioned, I just want to see if it's ah, you know, I know it's gonna take several minutes, but it shouldn't take too long. Hopefully on. We'll see if we can get all the way through it. and let it run.
So you'll see we're moving pretty quickly through the elf bit of things here. And it should hopefully be done pretty soon, and we'll let it run. So good deal. So again, it may take a couple of minutes or so You see that one take. Maybe, you know, 15 to 30 seconds or so. It wasn't too much time, and you'll see we got some information back, so let's go back to our lab document.
All right, So how many new hosts were found? So Question number three, How many new hosts were found? So, you see, on my end of things, I had 24 new host found, but on your end, it might be a different number. So jot that down How many new host you had found?
So the next thing just like before, we want to keep things clean. So we're gonna take the word clear in there, and then we're gonna do show host to take a look at the host in the database.
So go ahead, talk clear. Press Pinter, and then we're gonna type in show hosts
and press enter.
You'll see again that shows us are all our host in the database. Now you notice a difference here
from before is that many of these Have an i p. Address for us. So that's valuable information that we can use in our attack.
All right, so I kind of gave the answer wayto question for there. So on your end of things, though, do you see any i p addresses listed? So if yes, go ahead and just drop those in your form there
are. So the next thing we're gonna do is hear a step 31. We're gonna go ahead and type in the word back to go back, and then we're gonna type in clear.
So let's go and do that now sits back, enter and then clear enter to clear our screen.
All right, so now we're gonna do is we're to type in use. Interesting file, So use space. Interesting. Underscore files.
This is gonna allow us to see a lot of different things. So things, you know, even like the robot's dark text file, it allows us to see that. So this scan may take a long time. When when we actually go toe to the run portion of it, you can take upwards of, like 30 to 40 minutes
in many cases. So what we're gonna do is let it run for a little bit,
and then we'll utilize control, See, like we've been doing. So we don't have to sit here all day long and run the scan. So on your other things, if you want to pause the video when we get to the run portion of it and let it your end run forever, then you're welcome to do so. But for our purposes, I'm gonna just let it run for a little bit of time and then I'll go ahead and stop.
So first things first, we're gonna type in our use, Interesting files, command. So let's go and do that now
for use space, interesting
and they just press enter.
And our next step here is just clicking and typing and show info. And then we'll get to the run portion, as I mentioned.
So this type in show of info,
just like before we could change things in here if you want it to you. But we're not gonna do that for our purposes here. All we're going to do now is just talking, run and press enter
and you'll see it will start running it in the background. There.
Now, again is checking it against the word this. And as I mentioned, this takes a lot of time to do. Um, so keep that in mind that we don't want to let this run forever, but you're welcome to, but we don't want to necessarily let it run forever.
So I'll keep talking a little bit here. We'll let it run a little bit more this we could get some information. Now what you're noticing in the background there is. Well, let me make sure I don't give it away. But once you're noticing information, I'll put it like that. Um, we'll let it run for just another moment or so here.
And then we'll talk about some of the information that you're finding in there so we'll let it run. Probably five more seconds or so here. And then I'll go ahead and stop it again. You're welcome to let it run is long. She want to, but for our purposes, purposes. I don't want to run too long.
So what is to control? See to stop it at any time
All right, So now let's go on a question five here.
So, do you see any air coats in the scan results? So if you're not familiar with air codes and just hang tight, we'll answer that for you.
But do you see any air quotes in the this? I'll put it on.
All right. So for me, I do. Right. So one of the most common ones that a lot of people are probably familiar with is the 404 air. So, like, many have gone to websites and clicked on a page, and you get air message that the page cannot be found. So that's that for? For air message that you see there,
we've had some other ones. Here are three hundreds, etcetera. You can Google search these. I'm not seeing any 500. 500 would indicate a server side issue. Um, whereas a 400 would indicate a client side issue. So just f y I on that?
So question over five here. Do we see any air codes in the scan results? The answer to that is obviously yes, right.
All right. So in this lab, we just covered re kon and G which is a tool we can use for information gathering when covered in a very high against Microsoft dot com, our domain that we added. Now we were able to find some information like I p addresses air codes, et cetera.
In the next video, we're gonna cover social engineering, so we'll have a couple of abs. One will do reconnaissance on the other. One will do a sample phishing attack, and so we'll do a couple of labs there for social engineering.