190 likes | 476 Views
Module 3 – Information Gathering. Phase II Controls Assessment Scheduling Information Gathering Network Mapping Vulnerability Identification Penetration Gaining Access & Privilege Escalation Enumerating Further Compromise Remote Users/Sites Maintaining Access Cover the Tracks.
E N D
Module 3 – Information Gathering • Phase II Controls Assessment Scheduling • Information Gathering • Network Mapping • Vulnerability Identification • Penetration • Gaining Access & Privilege Escalation • Enumerating Further • Compromise Remote Users/Sites • Maintaining Access • Cover the Tracks Heorot.net
Information Gathering • Locate the target Web presence • Examine the target using search engines • Search Web groups • Search employee personal Web sites • Search Security & Exchange Commission and finance sites • Search uptime statistics sites • Search system/network survey sites • Search on P2P networks • Search on Internet Relay Chat (IRC) • Search job databases • Search newsgroups (NNTP) • Gain information from domain registrar • Check for reverse DNS lookup presence • Check more DNS information • Check Spam databaselookup • Check to change WHOIS information Heorot.net
Information Gathering IMPORTANT!! • This phase does not involve “touching” the target • Information gathered may not be “Public Domain” • Tools: • Firefox • Dogpile.com • Alexa.org • Archive.org • Document, document, document…Screenshots, screenshots, screenshots… Heorot.net
Information Gathering What to Document… • Website Address • Web Server Type • Server Locations • Dates Listed • Date Last Modified • Web Links Internal • Web Links External • Web Server Directory Tree • Technologies Used • Encryption standards • Web-Enabled Languages • Form Fields • Form Variables • Method of Form Postings • Keywords Used • Company contactability • Meta Tags • Comments Noted • e-commerce Capabilities • Services Offered on Net • Products Offered on Net • Features Heorot.net
Information Gathering • Locate the target Web presence • Cool tool called “nmap” Heorot.net
Information Gathering • Examine the target using search engines Rank 53,545 / Linking In: 2,415 Heorot.net
Information Gathering • Examine the target using search engines Heorot.net
Information Gathering • Dates Listed / Modified Heorot.net
Information Gathering • Search Web groups Heorot.net
Information Gathering • Search newsgroups (NNTP) http://freenews.maxbaud.net Heorot.net
Information Gathering • Gain information from domain registrar • Check to change WHOIS information Heorot.net
Information Gathering • Check for reverse DNS lookup presence • Check more DNS information DNS ReverseDNS http://www.dnswatch.info Heorot.net
Information Gathering • Why care about Reverse DNS? Insecure.org seclists.org Heorot.net
Information Gathering • Check Spam database lookup http://www.dnsbl.info Heorot.net
Information Gathering • Search employee personal Web sites • Search Security & Exchange Commission and finance sites • Search uptime statistics sites • Search system/network survey sites • Search on P2P networks • Search on Internet Relay Chat (IRC) • Search job databases Heorot.net
Module 3 – Conclusion • Information Gathering • What to Document • Not “touching” the target • Information may not be “Public Domain” Heorot.net