Maltego - Discovering Websites, Hosting Provider & Emails

Lecture Transcript - Maltego - Discovering Websites, Hosting Provider & Emails

OK, so now let's see if we can gather even more information about our target.

So I've actually deleted all the useless files because they weren't in use and I kept the things that

I'd like to focus on.

So in real life situation, you want to go over each one of these entities and try and gather information

about as much information as you can about each of them.

For now, I'm actually going to focus on the security dot org only and I'm going to try to find all

the Web sites that exist on the same server.

So like we said before, if we couldn't hack into our security itself, then maybe we can exploit one

of the Web sites on the same server and then gain access to our security.

So I'm just going to change this apology from here and use something useful like this one.

And then I'm just going to drag this one on the side and actually put it down here, because I'm going

to be using that.

And put this one up.

OK, so I'm going to right click it.

And I'm going to get its IP address.

I'm going to resolve it to IP address.

And right now, as you can see, we have the IP address of the server where security dot org is stored

on.

So I'm going to right click it.

And I'm going to try to get the DNS information from this IP address, so this will give me all the

websites that exist on the same server.

And as you can see now, it automatically changes its apology for me.

And we can see that this IP address to this.

Now we can see that this I.P. address contains all of these servers, now the server is actually owned

by security and as you can see, that it doesn't have too many websites.

So if this was just a normal website, you'll actually see a lot of websites with it on the same server.

Well, because this is on a website owned by security, by security only.

So it's only we only have the websites that we want to have there.

So it's onto our websites.

But again, we still managed to get one to three, three more Web sites instead of our website.

So in case we couldn't gain access to this website, then we can go and try to hack into any of these

websites and they're on the same server.

So we manage to hack into our target from the websites on the same server of all of that.

The network, we can see that we have this arrow going into the IP.

So usually the IP, the websites are hosted by this IP.

So you can see the arrows going from the IP to the website here to this website and to this website.

But right here we can see that the hosted by DOT often dot net is going to the IP.

So this is actually a hosting company and this is the company that were renting the VPs from.

So if we go to this website.

You can see that this is a hosting company, it's and that is where security is renting their servers

from.

So in worst case scenarios, if you try to hack into our security, you can do it.

And then you try to hack into all of these websites and you can do it.

And you looked for exploit and the server itself and you can do it.

Then you can try to hack into the data center on the website or on the company that is hosting a security.

And from there, you can gain access to any website hosted hosted by that company, including your target,

which is a security dot org.

Now, again, you can go over any of these entities and try to gather information about it as well and

maybe get information that will help you to gain access to your target.

For example, we can convert bounty to a domain.

Like we did that with security and then from this domain, I'm going to look for email addresses associated

with that domain.

And as you can see now, we have the abuse at name dot com, which is no use, but we also managed to

get an email of a person working in security, which is a high security dot org.

That's my actually my actual personal email.

So, again, if everything failed and you couldn't gain access to it, then maybe you can try to target

that person that works at security, which is myself, and maybe try to social engineer that person

and hack into their computer.

And from there, again, gain access to the website.

Now, this is going to get into social engineering, so I'm not going to get into too much detail of

that because now we're talking about Web penetration testing.

So we're only concerned about the Web applications and the technology is used in that.



Complete and Continue  

Become a Member and Get Unlimited Access to 300+ Top Cyber Security Courses.