1 / 12

Reconnaissance Steps

Reconnaissance Steps. Gathering information from Open Sources. Owner of IP-address range Address Range Domain Names Computing Platforms Network Architecture User(name) Information Physical Location Active Services. Gathering information from Open Sources. Technical Contact

axel
Download Presentation

Reconnaissance Steps

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Reconnaissance Steps

  2. Gathering information from Open Sources • Owner of IP-address range • Address Range • Domain Names • Computing Platforms • Network Architecture • User(name) Information • Physical Location • Active Services

  3. Gathering information from Open Sources • Technical Contact • Business Partners • Administrative Contacts • Email Addresses • Technology being used • Phone No's • Route to target's • Internet Accessible data

  4. Gathering information from Open Sources • Public Server's Banner Information. • DNS Servers • WEB Servers • SMTP Servers • Zones & Sub-domains • Locate Firewalls/Perimeter devices.

  5. Target's Website • Mirror the web • Use Grep or Similar • Scan for keywords • Banner Information • Applications • Cgi's • Cookie style • Scripting language • Code-reading • Weblogs info

  6. DNS • AXFR • Version • Zones & Sub-domains • Nmap -sL • DNSDig • Nslookup • Dig commands • Host commands • Active services

  7. SMTP • Verfy; email enumeration • Banner information • Bounced Emails • Email Header • Email mapping

  8. Search Engines (Google) • intitle: "index of /etc" • inurl: "config.php.bak" • site:"target.com" • filetype:".bak" • Cross-Links • Search for group postings • News Articles

  9. Traceroute • ISP information • Locate Firewalls • Network Infrastructure • Tcptraceroute • Firewalk

  10. Job Databases • Job requirements • Employee profile • Hardware information • Software information

  11. Personal Website • Employee job profile • Hardware information • Software information

  12. Ping • List of live systems • RTT, delays • N/W connectivity

More Related