How to Obtaining IP Address, Physical Address Using Whois Tools in Kali Linux
Welcome back, since this is our first video in information gathering, we're going to start off with
something easy.
Let us see how we can identify our target and get its I.P. address.
We are going to check how we can do this both actively and passively.
Let's do it with active information gathering first, so this means we are going to interact with our
target.
So just go on Google and pick a website that you want to use for this.
It can be any Web site that you want.
And you can also use the ones that will show in this video.
First, open up your terminal.
And what we're going to do for the first test, I'm going to use this website, this is just some university
page that they picked and what we can do to get its I.P. address is to Pincott.
Most of you will already be familiar with pink tulle since it is installed by default on any operating
system by pinging this website or any other website.
Are sending something called ICMP packets to that website.
And if we get responses back, that means that website is up and running.
But what we also get besides that response is the IP address.
So let's try it out.
I will leave this link right here and I will just add at the beginning, think space, and then hit enter.
And it seems that we are not getting any responses back, but what we did get is an IP address.
Here it is, and we are not getting responses back from this site because it is probably blocking ping
probes, which some websites often do.
Let us try another site to see how it looks once we get responses back.
So to stop this, you can simply just press control, see, and it will tell us 32 packets transmitted
and one hundred percent packet loss.
Now, this doesn't mean that this website is offline, since if we visited this link right here or this
IP address, we would open a page to that website.
But just in case, let us see how it looks like once we get the response back from the comment.
If we try to ping our big website, for example, like Facebook.
So let's type thing Facebook dot com.
Here we get an IP address on Facebook and we can control see, since we can notice that we are getting
packets back, which means Facebook is up and running and also responding to our ICMP packets.
Just to note, this IP address right here is just one of the IP addresses that Facebook uses.
So for you, once you pinkert, you will probably get a different result.
OK, what we saw right here is an example of active information gathering to get the IP address since
we directly sent packets to these websites.
Another tool you can use to get IP from a website is called A. Lookup.
So if I go down here and type A. lookup and then the name of the website, which in our case, let's
try with the first one, which is this one.
And once again, you can test any website you want with this.
It doesn't matter if I press enter.
It will give me this response which says server and address right here, but this is not the IP address
of this website.
This is just my router.
And for the result or where the IP address of this website is, is down here.
Here it is, if we compare this one and we go back to the pink comment, you will notice the IP address
is the same.
So we got the same result, which is good.
Let's try the same with Facebook.
So just type right here and look up Facebook dot com.
And we also get the IP address of Facebook.
Now, if you wanted to do this passively, you would search for this information such as IP address
over some other website, let us see how we can do that.
First of all, we want to open our Firefox.
And to do that, just click on this Chaltain icon in the top left corner and type Firefox.
You should see Firefox Eker click on it and what we're going to look for is a website that provides
us with the IP address of a different website.
And since I don't know any website that does that, I will simply just go right here in the search bar
and type.
What is the IP address of this website?
If I press enter, it should probably give me a few results of different websites that will do exactly
what we want, which is to get the IP address of another website.
And let's go with this one IP tracker, which is IP info, dot-info, if I click on it, and down here
we see something that says IP domain checker, we need to specify the IP address, the domain, or your
URL.
And if we type the domain name of that first Web site, so if I type the same domain name.
And click right here on Check.
OK, so some security check, selectable traffic lights, let's select all traffic lights that we see
and here is the result, then you will notice that right here we get even more information.
Then we ask for, for example, here is the IP address of this website.
We also get from which country it is, as it says, right here in the brackets.
And we also get its geolocation, which says even the city.
We can also check it out on Google Maps if we wanted to.
Down here, we get even more information, such as reverse DNS, here we get information about registration,
date, modification, date, expiration date.
Down here, we get some of the DNS servers and here we get its physical address.
So this is the exact location where this server is located.
Now, this is just the same result, I believe.
Down here, we also get some email addresses is we can notice this right here.
All of this could be useful for us, depending on which type of attack we would plan.
Now, of course, we are not going to be attacking this website since we do not have permission, but
we are simply just gathering information to see what can we retrieve from the Internet about this website.
And from now on, we are getting a bunch of information about it now.
Similar response that we got right here.
We can get using a tool called Who does not only give us an IP address of the specified domain,
but also gives us a bunch of other information about that domain.
It is already installed in clinics, so let's test it out.
If I close this page.
And type in my terminal, who is?
The same domain name press enter.
I will pretty much get the same information that they saw previously on the website.
As we can see right here, we get those DNS servers, the registration date, modification date, expiration
date, we get the physical address and some other things, such as ID number, tax I.D., which is not
really of interest to us.
And let us also test this tool on Facebook, since different websites might give different information,
for example, if I do the same on Facebook, since it being a much bigger site, it will probably give
us much more information as well.
So let's type it.
Who is Facebook dot com?
Press enter, let me just enlarge the terminal so we can see everything clearly, and if I scroll all
the way up.
We get some name servers that trade city, state, province, postal code.
We also get some phone numbers right here.
Here are some of the email addresses for the Ditech email.
So we get another email address right here and even more phone numbers.
We get the city, the street, if I go all the way up, we can see that this is a hoy's response.
So this all information is public to us and this would be pretty much it.
This is all the information we get for Facebook user who is to.
And by the way, in real penetration tests that you will perform, all of the interesting information
is something that you want to write down in our report.
For now, we only saw how we can get basic information, such as IP addresses, country origin, physical
address and similar.
But later, during information gathering and scanning, we might find something that shouldn't be out
there on the Internet and that would be called information disclosure.
It is something that client doesn't want to be seen, but it is still publicly available.
So anything that you might think is interesting, you would write down.
OK, great.
Now we know how we can identify a target by getting its IP address and also getting its physical address
and some other interesting information as well.
And even though this isn't really hard information to get, it is a good beginning.
