Hello, everyone, this is Dean Pompilio.
I am your subject matter expert for social engineering.
I'm going to be demonstrating a website called Showed in
You're Ella's showed in dot Io
and I urge you to create an account register with this website. If you think you'll end up using it,
you need to register in order to return more than one page of search results. So keep that in mind.
Anyways, we can see from this changing banner here
crawls the the Internet
and identifies a different I P addresses. I have some kind of service running,
and then it just doesn't banner grab of that service to determine
what the service's and and it saves that banner information. So when you do a search for a particular keyword or foreign I p address,
the key word will show up everywhere.
There's a system with that service running.
If you search for an I P address,
you'll see all of the service is running on that particular
So there's an Explorer link here that
I can show you a little bit more about popular searches, things, things that are recent,
and you can, you know, certainly drill down a little bit more and explore that
there's also a blogged.
And this is for people that want to get more information or or share what they've been working on.
We could see where all the users are.
So it might be worth doing if you really want to dig in deeper.
But for our purposes, what I'd like to describe
is the the idea of information gathering.
So if you are doing a pen tester, social engineering audit,
you're going to identify the organization you're going to do who is? Look up, for instance, to get to my P addresses, you're gonna try to find out
all the domain names that the organization has using Maybe a tool like multi. Go. Make sure you check out the multi go
demonstration that I that I do.
once you've got the I P address, then you can You can go to something like showed an There's other sites that will offer similar functionality, but this one's really nice.
So I'm going to use an I P address
that I discovered earlier. This is in Chico, California and as you see it locates
on Ah a map where this with this I p address exists,
we can see that there's several service is running on this particular system,
and then it looks like
perhaps a couple of different website or Web servers rather
so we can get into, Ah, some.
It looks like some file systems on that Web server. It's not really going to the Web page
that might be stuck. Let that run for a moment.
I was interested, though, is the Webcam X p. If you do a search for this term,
you can certainly turn up lots of Web cams that may not have any authentication.
really, that's a huge benefit for the pen tester
because they confined
another avenue, another channel,
to generate information about the target.
In this case, this particular, uh, target in Chico, California
looks like they've got a camera in some kind of a control room. Maybe this is a telescope.
It's kinda hard to tell. Sometimes these pan tilt zoom buttons are operational and you can move the camera around.
But we're not really concerned with that right now,
so let's go look at another I P address.
Remember, you're gathering I p addresses of your
of your pen testing target,
so we'll try this one.
This one is in Russia.
Looks like they have a webcam running as well.
And we see this is the banner grab information
and server identifies itself as webcam X p. That's why the
A search for that keyword found this particular device that's on a public facing website.
So if we go to the link,
we can see what the Webcam is looking at,
and this one appears to be looking at
the outside of a building. We've got three different sources for this camera, or there's three different cameras.
So depending on what kind of equipment
you can get different views.
A lot of people use these systems for their for their homes, in addition to using them for their businesses.
So worked with wise. If you are implementing
a network addressable security system, make sure that you haven't properly protected.
This is making the job a little too easy for the for the social engineer or just even for any regular hacker
Try another one here.
This is in McKinney, Texas,
So look at this. See what this webcam is? I think this one's point to get a park.
So the point is not to just randomly browse around i p addresses and webcams you want to be working with in the i p address
range that your target actually
And if you go to the Explorer link, you can certainly find lots of other information that you congrats about that target. That's why it's important to get the i P. Address. Put that into show Dan and see what service is. Show up.
And this helps to define the attack surface for that particular,
target of the pen test.
Okay, so I hope you'll enjoy using showed. And I think if you can create an account,
hang out in the blog's who what people are doing. You could learn a little bit about the community. So def definitely help you doing your digital information gathering phase.
All right. Thank you. And I'll see you in the next video.