1. Maltego Basics
Now in this lecture, I’d like to give you an overview of a tool that we’re going to be using often in this course. This tool is excellent for gathering information and can be used to gather information about almost anything. You can gather information about people, websites, computers, businesses, phone numbers, and pretty much anything else. Everything you can think of You can add to this tool and try to extract information related to that entity. The tool is called Multigo, and it’s going to become your best friend when it comes to information gathering. Now, like I said, the tool can be used to gather information about anything. However, using the tool is the same. So it makes no difference whether your target is a website, a person, a phone number, or a company. Using the tool is exactly the same, but only the information that you’ll be getting is going to be different. So in this lecture, we’re going to have a quick overview of this tool, and then we’re going to be using it more in the next lectures. So first of all, to run the tool, just go to More Applications right here and then just type in Multigo, and you can see that the tool comes up in here and it’s called Multigo CE.
The first time you run the tool, you’ll be asked to log in with a username and a password. If you don’t have one, you’ll have to register through the wizard that you’ll see. So just create a new username and password, and then they’ll send you an activation link to your email, activate your account, and then you’ll be able to log in and use the tool. Now, as you can see, I’ve already logged in, and it’s offering me to use one of the already-made templates for gathering information. I’m not going to use any of that. So I’m just going to click on the council right here. In here, you can see that we have the home page for the tool. And from here, you can add more transformers to the tool. Basically, transformers are plugins that allow you to gather information about specific things. So you can literally just click on “install” on any of these, and it’ll basically add more transformers or more things that you can do with Multigo.
A lot of these extra transformers will ask you to log in with a username and password or use a certain API. For now, we’re just going to use the built-in transformers, and I’m just going to go on right here to create a new graph. And this is Multigo’s primary workplace. So in the middle, we have our graph. So here’s where you’re going to see your entities and where you’re going to see the information. In here, you’ll have an overview of the graph, and in here, you’ll have details about each entity in the graph, and in here, at the bottom right, you’ll be able to change the properties for each of these entities. All of this is empty now, and all of this is vague, I know, for you. But once we start using the tool, it’ll start making sense right away. On the left, we have our entities. They’re organised into categories right here, depending on the type of these entities.
So, for example, if we click on the infrastructure, it will allow you to add a domain name. You can add MX records, you can add URLs, or you can add a website. So you can literally just drag and drop the entity that you want. And now we have a website in the graph, and from here we can start gathering information about this website. There are a lot of different types of entities. So you can add a device from this point. You can, for example, if we go to personal, see that you can actually just add a person. So literally, you can just add a person, give their first name and their second name, and then you’ll be able to gather information about this person. You can also add a phone number. Again, put the phone number down and start gathering information about it. And one of the really cool categories right here is the social links, which will allow you to add Facebook entities. It’ll allow you to access GitHub, Foursquare, LinkedIn, Instagram, and other social networks.
And with that, once you add them, you’ll be able to gather information about these entities. And obviously, this information will really help you when it comes to trying to exploit that person and hack into their system. Now, once you add the entity in here, if we click on the website, for example, I’m just going to go on the property view, and you’ll see that here I can modify the properties for this website. So, for example, the first thing that we need to change is to put the name of our target website in here. And once we do that, we can right-click and select what type of information we want to gather. Now, I’m not going to run any Transformers in this video. We’re going to do it in our next videos. For now, I’m just giving you a quick overview of the tool: how to add entities, how to run transformers, and what do we mean by all of these things? I know a lot of this is still a bit vague, but we’re going to be using this tool a lot in the course, and it’s going to become very easy for you.
And as I said, you’re going to be able to use it to gather information about anything, and it’s really going to help you enhance your social engineering skills. Please note that right now you are using the free version of Multigo. The free version is great at gathering all sorts of information, but it doesn’t allow you to use search engines or a few other features. That’s why in the next lectures I’m going to be using the paid version. You can actually request a free trial through the link in the resources of this lecture. Just explain to them that you are a student, and they’ll happily give you trial access, which you can use to do everything that I’m going to show you in the next lectures. I know there are a lot of other free information gathering tools, but in my opinion, they do not even come close to Multigo. Multigo is the best at gathering information, which is why I use it and teach it to my students. Think of it this way: If you are learning how to design, would you rather learn how to do it using paint, which is free? Or would you want to use the best design software, such as Photoshop?
2. Discovering Websites, Links & Social Accounts Associated With Target
In this video, I’d like to show you how to target a person. So we’re going to start with literally just a name—just a person’s name. And then we’ll see how we can gather information about that person and then build up an attack strategy as well. And as we do that, I’m going to show you some more features of Multigo and how to configure a few more settings. So I’m going to start a new document by clicking on the plus sign right here. I’m going to look for personal information and a specific person. And right here we have a person-entity.
Now, as I said in this example, I’m going to assume that I have a target and I know their name. I know their first name and their second name. And again, that target is me. And my first name is Zaid, and my second name is Sabi. So I’m going to go here on the property list. I’m going to set the first name; just double-click it. I’m going to set it to Zade, and then I’m going to set the surname to Sabi. And I’m just going to set this to capital letters. It doesn’t really matter, but it just looks better. Now let’s see what information we can gather about this entity. Again, as usual, all we have to do is right-click it and see what we can get. So I’m already in the “Patriot” category, and I’m going to go to all Transformers, and you can see we can get associated emails. We can transfer this to you already a person.We can try to get a phone number. We can try to get a Twitter account. You can try all of these. For now, I’m going to try to get a website or websites for this person. Now this is going to ask you if you want to look for a specific domain name. I’m going to assume that I know nothing, so I’m just going to put a space in here in both entries. So that just means to look up any websites that are associated with this person. Now you can see that we managed to get a number of websites right here, and all of these websites are associated with Zaid Sabi.
Now, that doesn’t really mean that these websites are actually associated with your target, because there could be another person named Zait Sabi. So you’ll have to go on each one of these and see which one is actually related to that person. For example, if we click on Facebook here, I’m going to double-click it to see what information is there. And I’m going to go on the properties, and you’ll see that we have the Facebook URLs that are associated with that person with that name. Now I’m going to copy all of these and just put them in a text file so we can read them better. And as you can see, we have three profiles. In a real-life situation, you should look through each of these profiles to see which one is related to your person. I’m not going to do that because the three of them are actually not related to me at all. So this is really not useful. and you’ll just move in. In this case, you’ll just come back, move into the next entity, and see what’s useful. And I highly recommend you delete the ones that are not useful because they’ll just make it harder to look through things. So you can just click it, press delete, and that will delete it for you. Now, the LinkedIn profile is right here; again, you can double-click it and see which profile it links you to. But again, it’s not my own profile, and you can see that once you actually go to the URL.
So for now, I’m just going to delete that, and you can see the rest of the stuff here is actually all related to me. So it’s all related to your target. And you can try to double-click on each one of them. Go to the properties, look for the URL, and open it in your browser. When you do that, you’ll get the information that’s related to that person, and hopefully it will help you form some sort of attack strategy or help you get even more information. For now, because I’ve already looked at all of them, I’m going to focus on one of them, which is the Udemy link. So, for the information about me on Udemy, I’m going to double-click it like we did before and go to properties. And you can see that we have a URL or a description here. I’m going to copy that. I’m going to put it in my text file right here. And I’m just going to copy the URL and open it in my browser right here. So you can see that this URL is related to our target person. And you can see that it’s leading us to a course that’s taught by myself. Now, this is not really useful.
As you can see, the target person is teaching online courses, which isn’t very useful. However, if we go back and look at the other URLs, we can see that this had two URLs. If I scroll back to the left, we can see that we have the first URL right here. And this URL is my profile URL. So I’m going to copy it again and paste it in the browser. And as you can see, this is displaying the target person’s profile. You can see that it’s the same name. You can see their picture. So you know this is your target. You can see a description of what they do, but you probably already know that. But you can see some useful stuff. For example, you can see that they used to work with a company called Isecurity. So, similar to what we did previously, you can research Information Security, add their website as a target, and then gather all of the information that we were able to gather to build a strategy against Zade. Now we’re not going to do that because we’ve already done something like that. So we’re going to try to see what other information we can get. What’s really useful in this is that we can see that the person is sharing a few links. So they’re sharing their YouTube channel, their LinkedIn profile, their Facebook page, and their own blog. You can go ahead and look through all of these things to learn more about that person. Keep in mind that I’m setting goals for myself, which is to be a computer and information technology savvy individual.
And even the target I targeted in my previous video was security. It’s an information technology company. And even with that, we were able to gather so much information. So when you’re targeting normal companies or normal people, it will be much easier to get effective information. So right now, if you actually go look at YouTube, look at LinkedIn, and look at Facebook, you really won’t get much. Even if you click on Facebook, you will discover that it will not take you anywhere. You need to log in. And even after logging in, you won’t get much useful information. What’s useful in my case is going to the blog and going to the about page, and what’s useful in this is that we have the target person’s email address and their Twitter account. So these details were not included on the nudist. And now we have two really useful pieces of information. So in the next video, we’ll see how we can use this information to gather even more information about our target and hopefully be able to build up an attack strategy.
3. Discovering Twitter Friends & Associated Accounts
Right, so now we have the email address of the target person and we have their Twitter account. So let’s start with Twitter and see what we can get from that. So I’m going to open the Twitter account for the target person right here. I’m going to copy the link, and we’re going to come here and we’re going to add a Twitter entity. So I’m just going to move all of this to the side, and we’re going to add a Twitter entity from the social network category. The problem here is that you’ll see that there is a tweet entity, but there is no Twitter entity. But Multigo actually has an entity for Twitter. It’s just not being shown here. And that’s why I said I wanted to spend more time using Multigo with you to show you how to access these settings. So we’re going to entities, and then we’re going to manage entities. And right here, you can add all of these entities.
So all of these entities are not added to the palette to the left in here. So if you see something in here that’s interesting to you, you can just click on it. So the one I’m currently interested in is Twitter affiliation, or membership in the Twitter social network. I’m going to click on the three little dots here. I’m going to go to the advanced settings, and I’m going to check this box, which says Pallet Item. Now, if I click on OK and close this, you’ll see that I have a Twitter entity showing up in here. So again, I’m going to use this as normal. I’m just going to drag and drop it. I’m going to set the name of it here, so that’s going to be myself, which is Zade. And we’re going to put the URL in here. So that’s the URL of the profile. And I’ve already copied that, so it’s this one. and my user ID is Zadalq. So I’m going to put that in here, and we’re good to go. Now we can gather information about this person based on their Twitter account.
So I’m going to right-click it and see what we can get. So we can get their tweets and see the tweets that they sent to people. We can transfer this to another person, we can get more details, and we can get followers. What I really want to do is get their friends’ contact information so that I can target them through their friends. So again, I’m just going to click on the play button here. And this particular transformer requires you to log in to Twitter. So as you can see now, Multigo is telling me that I have to log into Twitter to be able to gather information about this person. So I’m going to click yes; I’ll log in, no problem. And then I’m going to click on this sign-in button right here. And I’m just going to log in with a username and a password. So I’m going to actually use a different account than the one that we’re gathering information about. And now it’s asking me, “Do I want to authorise this app?” I’m going to say, “Yes, authorise it.” No problem. And that’s it. Now we’re logged in to Maltego. I’m going to go back to Maltego, and you can see that it’s telling me I can sign out using this button. So now I’m logged in, and if I close this, the search will start. So it’s now starting to look for Zade’s Twitter friends.
And as you can see now, I managed to track down the people who are friends with Zade, so we can see some really interesting stuff. Now, these are all just websites, so they’re not really very useful. We can go ahead and pretend to be a person from these websites, and there is a high chance that Zade will respond to it, but it’s not as good as using real people. So I’m actually going to delete these websites; I’m just going to click on “delete,” and we’re just going to organise them. And now we can see that Zade has three friends. And again, we can use all of these friends, right-click them, and try to gather more information about them. This is good so far. And in the next lecture, we’ll go back to where we were. So we now have information about the Twitter account. We’ll see how to gather information about the email address of that person.
4. Discovering Emails Of The Target’s Friends
Okay, now let’s see what we can get using the email of the target person. Now, if we hover over this or if we just copy the email address, it will copy the email of the person, which is [email protected]. So we’ll return to our multiplication. Go, and I’m going to add. I’m going to put this to the side, and we’re going to add a new entity. and this is going to be an email address.
So we’re going to go to Personal and we’re going to look for email addresses, drag and drop that, and set the email to the email of the target person from the properties. Again, I’m going to double-click it and type [email protected]. Now again, we actually got the email from here, from this icon right here, which leads us to the email of the person. So I didn’t guess it myself or just get it out of nowhere. I was able to get it by simply typing in the person’s name. Now, from this email, we’re going to try and see what information we can get. I’m going to right-click this as usual, and I’m going to transfer this to a domain name. Now again, you can transfer this to a person, a phone number, URL, or website, but I’m not going to do all of that because I’ve already done this on my own time. And the most useful is when we transfer it to a person. So there is a lot of trial and error in this. You’ll try things; it might not give you useful information; delete the bad entities; and just keep going so we can see that we have a domain name, icycurity.org. Now, from this website, I’m going to try to get the email addresses associated with this website. We’re going to go back and we’re going to look for email addresses, as you can see here. So I’m just going to click on “Run All” to run all the transformers that will get me email addresses associated with this domain. And if we go down, we have this domain protection email, which is not useful.
So I’m just going to delete it right away. And we have Am asking her at [email protected], which is the same person as this. Now another thing that we can do with the domain is transfer it to a website. And then, from this website, we’re going to look for email addresses associated with it. Great, now this is done. And if we go down, we can see. We now have two useless emails in front of us. So I’m going to delete these two, and we’ll have two good ones. So we have [email protected], which is the same as this person, which we got from Twitter, and we have [email protected]. Now, again, you can just keep going and try to gather more information about this target, but for now, I think this is enough. So we have enough information to begin devising an attack strategy for this individual. Now, in the next lecture, we’ll discuss all the information that we gathered and come up with ideas on how we can attack this person and hack into their system or their accounts.
5. Analysing The Gathered Info & Building An Attack Strategy
Okay, now let’s see what we can get using the email of the target person. Now if we hover over this or if we just copy the email address, it will copy the email of the person, which is [email protected]. So we’ll return to our multiplication. Go, and I’m going to add; I’m going to put this to the side, and we’re going to add a new entity, and this is going to be an email address. So we’re going to go to Personal and we’re going to look for email addresses, drag and drop that, and set the email to the email of the target person from the properties. Again, I’m going to double-click it and type [email protected]. Now again, we actually got the email from here, from this icon right here, which leads us to the email of the person. So I didn’t guess it myself or just get it out of nowhere. I actually managed to get it by only typing the name of the person. Now, from this email, we’re going to try and see what information we can get. I’m going to right-click this as usual, and I’m going to transfer this to a domain name. Now again, you can transfer this to a person, a phone number, URL, or website, but I’m not going to do all of that because I’ve already done this on my own time.
And the most useful is when we transfer it to a person. So there is a lot of trial and error in this. You’ll try things; it may or may not provide useful information; you’ll delete bad entities; just keep going so we can see that we have a domain name, which is icurity.org. Now, from this website, I’m going to try to get the email addresses associated with this website. We’re going to go back and we’re going to look for email addresses, as you can see here. So I’m just going to click on RunAll to run all the transformers that will get me email addresses associated with this domain. And if we go down, we have this domain protection email, which is not useful. So I’m just going to delete it right away. And we have Am [email protected], which is the same person as this. Now another thing that we can do from the domain is transfer it to a website, and then from this website, we’re going to look for email addresses associated with it. Great, now this is done. And if we go down, we can see. We now have two useless emails in front of us. So I’m going to delete these two, and we’ll have two good ones. So we have [email protected], which is the same as this person, which we got from Twitter, and we have [email protected]. Now, again, you can just keep going and try to gather more information about this target, but for now, I think this is enough. So we have enough information to begin devising an attack strategy for this individual. Now, in the next lecture, we’ll discuss all the information that we gathered and come up with ideas on how we can attack this person and hack into their system or their accounts.
