312-50: CEH Certified Ethical Hacker (312-50v9) Certification Video Training Course

312-50: CEH Certified Ethical Hacker (312-50v9) certification video training course by prepaway along with practice test questions and answers, study guide and exam dumps provides the ultimate training package to help you pass.

FootPrinting - Reconnaissance and Information Gathering

8. Exercise: Footprinting Tool: Maltego

Now, I want you to do both of these exercises, the previous one, which was the footprinting tool, as well as the recon and multi-go, on your lab, whether you're using the online lab or the lab you built for yourself. In any case, both of these tools are included in Collie Linux.

Now, I've supplied a little video that I pulled from YouTube to kind of get you started a little bit. All right. But I want you to go through these labs piece by piece. In the lab exercise, I take the position that if somebody tells me something, I may remember it and talk about it. I'll remember a little bit more, and if I see it even more, but if I do it, that's when I really remember it. So this course is about trying to get you your certification, and we're going to guarantee you're going to get your certification.

So you need to do a couple of these things. So let's talk a little bit about Multigo. Multigo is what's called an interactive data mining tool. What it does is render directed graphs for link analysis. The tool is used in online investigations for finding relationships and gathering different pieces of information from various sources on the internet.

So, if I looked for Udemy.com and got some information from their domain registrar that said it was registered by a specific user, I could link those two pieces of information together and it would go out and search the Internet for all the places where it finds either Udemy.com or the specific guy who registered the domain. There's a whole host of things that you're going to see inside of Maltego, but it's most important for you guys to actually do these exercises. So please pause the videos right now and do the exercises.

9. Most Powerful Hacking Tool on the Internet Today

Now, in this lecture demonstration, I'm going to show you a hacking tool with which you may be familiar with. So in other words, can I show you the most powerful hacking tool on the Internet today? You're looking at it. So if you don't believe me, sit tight, folks; you're going to believe me. Now, Google is actually used as a basic footprinting tool. What's one of the reasons we're going to use it? We're going to use it primarily because we never touch their website.

Consequently, no one is ever going to call you or Google and ask, "Has somebody been messing with my website?" Of course not. This is how we look for things on the internet. But using the keywords I'm going to show you in the next couple of sessions, you'll be amazed at how much data we can get. So some of the tools, including Google, are search engines; of course, a tool called Site Digger is informational. I'm going to show you all the different ways that we can get this information in Alookup, trace routes, and the editor database.

Now, the thing that is important is that I can indeed download a number of these tools and run them from my desktop. It's not a really good idea to do that because whose IP address is going to end up in the log of their server? If you're wanting to be stealthy, you're going to want to use the online tools, where they're going to have to get a court order to go to that online person, who also has said that we're not even going to save any of our logs. We'll dump them daily and try to get them, though as you can see, it's not going to be easy for them to do that rather than just having your IP address. So you want to use as many of the online tools as possible. a little bit of a sample for our Google and query operators. Most of these can now be found by performing an advanced Google search.

But I'm going to show you some things that are not in here, and I think it's really going to cause you to be shaking in your boots. It contains a wealth of information. If given the proper queries, you can find a huge amount of information. In advanced searches, you can query languages, the file format, domain name sites, and whether it's in a URL where it's on the web page.

You can query the Google cache even if it's been deleted from your website. The Google cache lives for about a year for web pages that have links to a particular web page that are related to a particular web page—all kinds of stuff. It's really amazing when you think about it. Who even thought of this? Who came up with this particular idea?

This gentleman right here is a gentleman by the name of Johnny Long. And he's the one who came up with this idea. This is me at a conference with him when we both spoke at that conference at the same time. So Google can be modified in a number of different ways. We can be modified by the site. So a site would restrict it to a particular site. So if I wanted to look at CNN.com, I would go to CNN.com and then look for whatever I wanted to look at on CNN.

The only pages that will be returned are those that match the URL CNN.com. The title of the website would be all entitled. Entitle would be the title. It has to be in the title. All in the URL means all of the keywords have to be within the URL. And in the URL, that basically means just that one keyword has to be in there. You notice we've got things like URLadmin in URL orders with file type PHP. All right, you can kind of see how we can make this look very, very interesting. So let's go on with our demonstration.

10. Instructor Demonstration - The Power of Google –A

Now, let me pop this over here. And this is a list of some Google hacks. And I'm going to put this in so you can download it. You can try some of these as well, but I'm going to utilize some of them. Okay, so let's start off with a couple of them that I'll just put in myself.

If I enter a URL in the format URL TS Web, Now, folks, what am I looking for here? I said that has to be part of the URL, and it also has to have the string Swab in there somewhere. Think about it. What items might have something like that? Let's see if we can find out. These are websites that happen to have terminal servers set up as a web, so we can go in to, say, this particular one. I could download it from the cache, perhaps, and Bing, bang, boom, here I am on their particular web server.

Now, I can tell right now that this particular one here is actually going to ask me for a username and a domain before it gives me the user. They started this in 2008. But I want to show you something that I had to say for one particular purpose here. Now, folks, you will also have an ISO file that you can download with various things. And I'll give you the URL to get that. It will have a directory called "Lab Items." We're going to take a look at this one, but before that, let's take a look at this. The very top of my list is a remote desktop connection for the University of Mexico. Okay, I'm going to look at the University of Mexico.

This is what it looked like in Server 2003. It didn't have that domain where I had to find out the domain user and stuff. All right. It basically just said, "Okay, well, do you want to get on the server?" Let me show you y, well, Okay, pick 1024 by 768 and click on Connect. Normally, you would see the dialogue box. To log on, press CTRL Alt Deleting. But look at this. Oh, my log box. Press CTRLA slew of Spanish-sounding names, with a diverse range of users. What do you suppose happened here? If you haven't figured it out, they upgraded from 2003 to 2008 and forgot to change this setting.

Now, I knew it wasn't going to last very long, and that's the reason I took the video of it. I can also determine which one of the users is the built-in administrator user that gives me certain powers or extra privileges in some operating systems. And I wonder, just looking at these, which one would be the built-in administrator? Or how about the one that isn't engaged? My wife, who's from Mexico, saw this once and said, "Should I write him a little note that says stupid?" Well, it might not be a bad idea, so let's try another couple of them. All right, let's go ahead and open up this file right here, and it says additional queries.

And I don't want them to run any videos in class. As you can imagine, You can have all kinds of videos, but you're going to see that I can find out virtually anything I want. So I'm going to take this one right here in text parent directory, in text MP3, and I'm just going to copy that. Move that guy out of the way. Move this one out of the way. And I'm going to go back out here and do a simple Google query appear. And I'm going to press this. Now if I wanted to find this, this gives me the addresses of all of these MP3 places on the internet, and I've got probably millions of them. Let's say, for example, we go in here instead of Italian... I'm not sure. Here we go.

All of these MP3 files Let's go back one paragraph and say, "Well, you know, maybe I'm more of what's good here." Maybe I'm more of an Ava fan. It has to be part of it and have the words "parent directory" on the page. MP3 must appear somewhere on the page, and ABBA must appear somewhere on the page. There we go. Bang, bang, bang. Here is a list of all the Abba songs. So as you can see, you can find pretty much anything that you want on here by just knowing the proper ways to look for things. You can look for virtually any type of PDF of your favorite book, and I guarantee you somebody has given it to somebody on the internet, and you'll be able to find that. Just put the title of the book at the end of the PDF. Okay, so what else could we do? Let's get.

11. Instructor Demonstration - The Power of Google –B

little bit creative here, guys. Do a search for colon pastebin.com? Now, if you don't know what Paste Bin is, it's a site that you can go to and take whatever's in your keyboard buffer, paste it in, and share it with either one person or a number of people.

A lot of instructors use this. They're doing online classes. because let me go give you that URL. Go to the paste bin, click this, and so on and so forth. But I can also say I want to search Papstein for certain things. Let's say I want to search it for, oh, I don't know, American Express cards. Let's see if I get anything there. Okay, he's one of the more balanced ones. Let us see what we have. Now, I'm going to pull up the cached version and see if I can see anything that looks like there's just one in here. But notice the American Express card, the code, all right, that's on the front of the card, and all of their information.

Now, if you are thinking, Tim, is this legal? It's not illegal for me to look. Now, I would not suggest you use any of these credit cards, but it is not illegal to look. And I would also venture to say these cards are going to be turned off as well, because this way the person using Papstein can send an anonymous email to someone with the Pay Spin code. Here's the code right here that they would send to them, and they could pick up these credit card numbers and pay them in Bitcoin or however they're going to do this.

So this is used for nefarious purposes as well, just like Google is. Google can be used for legitimate purposes, and it can be used for nefarious purposes as well. Let's try Visa. Oh, boy, a bunch of those aren't there. Okay. He says they're alive. I don't think I necessarily trust him. February 14, 2017 And today is April 10, so maybe the reason I'm picking up cash right here is because they brought them out of Pay Spin. But remember, Google keeps it for up to a year, and most people don't know that. So here we have all kinds of credit cards. Indonesia, I tell you, has an unbelievable number of cards that we have.

Let's try a couple of other things. How about if I did something like Shirley? Nobody would have that, would they? Oh, yes, indeed. These are individuals who have set up the private key and transferred it from one to the other. Now, yeah, you could argue and say, "Well, Tim, but you don't have the public key." That's not going to do you a whole lot of good. And it's also not going to do much good unless you know who it is. Well, I would agree with some of that, but there are some things you'll find in here where it tells you who it belongs to and the public and private keys. It's just ridiculous. Let's say, what else could we look for? Let's do a how-about about something really evil. How about a Social Security number? Oh, boy, I'll tell you what, this guy right here, there's a lot of them in here.

Jesse Wayne Silva This guy right here is really in bad shape because this is a really popular hacker tool. I guarantee you he's lost his identity, all right? We have his birth date, full legal name, and Social Security number. Those are the three pieces of information that I need to steal your identity. That's right. So I guarantee you this guy has had his identity stolen, okay? And this one is absolutely priceless, guys. We have logins that equal something and passwords that equal something else. And it's got to be in a file type called Excel. How many people do you know who store their passwords in an Excel spreadsheet? I find that a lot of schools do this type of thing. All right, let's take a look to see if we can open this. Oh boy. All right, so here's the contact person or email. Here's our login name and password. I tell you guys, it just makes me wonder if individuals really do think about what they're doing. I mean, this is just a boy.

Okay. And I'm sure you'll have a chance to play with some of this. I don't necessarily need to do anything else. Let's do a couple more here. What if I wanted to find, oh, I don't know, what would that be right here? Maybe it's an ISO file or an installation disk. It has to have "Microsoft" somewhere in the URL, and it has to be a file type of ISO. Well, there are about 30 results here where we could download a number of different ISOs, so on and so forth. Some of these you may have to tweak a little bit to get them to work, but you get the idea. I could handle ISO files. And how about, oh, I don't know, it has to have Adobe in the file?

All right. And here's somebody who has the Adobe Illustrator CS6 full version. Well, okay, fine. You get the idea. Alright, if I can also take a look at this one, which might be really interesting for you if I put it into Google, This is how hackers look for serial numbers. I'm going to put this right here. Now, I'm not showing you this, guys. So you'll know how to steal free software. I'm basically showing you this so you get a better idea of how easy it is. Okay, I'm going to look for Creative Cloud here. That's what it was. Okay. And here are a number of different serial numbers that you can get and look for for Photoshop creative with. Now you might be wondering, all right, Tim, what's this nine, four FBR? A very good question. It's quite simply: what happens is that 94 FBR is part of an Office 2000 Pro CD key.

It's widely distributed as it bypasses the activation requirements of Office 2000 Pro. By searching for the product name and 94 FBR, you guarantee two things: First, the pages returned are pages that specifically deal with the serial numbers of that product. A number of people use 9 4 FBR as their code for serial numbers. And one more thing. Because nine four FBR is a part of the serial number and only a part of it, you can be certain that any page returned is a serial number list page.

Now, let me caution you guys. There is no free lunch. I'll tell you right now, people put these cracked pieces of software on the internet for a reason. And the reason is to hope they have some nefarious person who will download them. And oftentimes, there's a little surprise in there. And I'm talking about the surprise of a botnet or the surprise of some type of exploit. If they get you to download and install something, if you've ever downloaded a serial crack file, it could be something with that surprise built in. Now, not that you would ever do that; I know you wouldn't. But if you ever did, let's just say you might have done that, all right? You downloaded that serial file, and you notice that when you double-click on it, it plays the music and gives you the capability of generating whatever serial numbers you want and all this kind of stuff.

You might have to play a little game, like atik tattoo or something, to get out. Why are they doing all that? I want to just dump the serial number out at the command prompt. They're doing that for a reason. What they've done is attach some kind of malware to the backside of it, and it needs a couple of seconds to load. So they want to make sure you're kept occupied while this is loading. Now, if you didn't want that to happen to you, all you would need to do would be to download the serials exe, bring it over to a virtual machine, put it in that virtual machine, run it, get your serial number, copy it, and copy just the serial number back into a downloaded product from the customer site. Not that you'd ever do it anyway, but just for the sake of discussion .

12. Instructor Demo: GoogleAlerts

In this lecture demo, we're going to be talking about the Google Hacking Database that Johnny Long put into the public domain. So let's go ahead and take a look at that. Right now I'm going to go ahead and open up a browser, and I just simply went to a web page in the browser. Let me go ahead and just grab it, and I'm just going to type in Google hacking databases.

And you can naturally see a large number of people that are hosting this database or have actual pointers to it; exploit DB has these, too, because offensive security is hosting it and it's in the public domain. And so, consequently, it's free for everyone to use. To alleviate this Google Hacking database, the best thing to do is, quote unquote, "Google hack yourself." So how would we do something like that? Well, it's very easy. We could just simply type in "site" and then "our site" and then put in whatever hacking string we want to use to see if we are vulnerable to that. If you're thinking to yourself that that sounds like a lot of trouble, well, you're probably right. So let me make it a little bit easier for you.

There are different ways that we can approach this. One of them is to let Google tell you if you have something that is determinable. What you would need to do is go out and get access to Johnny Long's database. Let's see if I can pull that up real quick. And you can see all of these different categories that he has. Various online devices, files containing juicy information, advisories, and vulnerabilities, some with passwords—all kinds of things. And these are the ways that we can find them.

So, naturally, we'd grab this right here and paste it into where we'd previously looked for Google. But preface that with site—colon whatever site you are wanting to test it on—and put that in. It still seems like a lot of repetitive things have a problem that is actually true. So we oftentimes find that after we find out the power of Google, we'll go ahead and do this for the first couple of months, but after that it seems like such drudgery. What if you could convince Google to tell you? I wonder if anyone has ever heard of Google Alerts. So landing on Google Alerts, you can see, for example, that I put in just one alert. So I'm looking for any web page that would happen to show up with my name and the word "security." Sometimes the press will report things that don't actually acknowledge what you've done.

And before they get all the way to the top of Google search, you may decide that you want to do something about that. As a result, you can determine how frequently it occurs, as it occurs at least once per day and at most once per week from all sources. I'm just going to play automatic language English in any region, with only the best results, and deliver it to my email address using that same idea. Why couldn't you type "let's just do another R1 quick"? Why couldn't you type in something like this and then paste in that Google hacking string? Now, it says that it doesn't have any particular results, but remember what we put in there as it happens. So when Google comes up with a Google search that matches something that you have done, Google will send you an email. How cool is that? As a result, you can now go in and create your own alert system for yourself. Google does the heavy lifting for you.

Prepaway's 312-50: CEH Certified Ethical Hacker (312-50v9) video training course for passing certification exams is the only solution which you need.