1 / 33

Information Gathering

Information Gathering. 2012 BackTrack Workshop Upstate ISSA Chapter. Agenda. Intelligence Gathering Publicly Available Information Google Hacking DNS Enumeration Maltego. Intelligence Gathering. Special Forces conduct successful operations based on intelligence

emery
Download Presentation

Information Gathering

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Information Gathering 2012 BackTrack Workshop Upstate ISSA Chapter

  2. Agenda • Intelligence Gathering • Publicly Available Information • Google Hacking • DNS Enumeration • Maltego

  3. Intelligence Gathering • Special Forces conduct successful operations based on intelligence • The more information, the more successful the operation • Most of pentesting engagement dedicated to reporting and information gathering

  4. Publicly Available Information • Website Analysis • Whois • Netcraft • Mapping Physical Locations • Social Media • SHODAN • Maltego

  5. Website Analysis

  6. What’s Hiding in the Code?

  7. Whois whois –h org.whois-servers.net issa.org

  8. Netcraft

  9. Netcraft

  10. Mapping Physical Locations

  11. Mapping Physical Locations

  12. Social Media

  13. Social Media

  14. SHODAN

  15. Google Hacking • goofile • goohost • gooscan • metagoofil • theHarvester

  16. goofile

  17. goohost

  18. gooscan

  19. gooscan

  20. Metagoofil

  21. Metagoofil

  22. theHarvester ./theHarvester.py –d issa.org –l 500 –b google

  23. DNS Enumeration • DNS Record Types • Zone Transfers • dnsenum • fierce

  24. DNS Record Types • SOA = Start of Authority • NS = Name Server • A = Address (Host) • CNAME = Canonical Name (Alias) • MX = Mail Exchanger • SRV = Service Locator • TXT = Text Data

  25. Zone Transfer (IP Information) Ethernet adapter Wireless Network Connection: Connection-specific DNS Suffix . : test.com Description . . . . . . . . . . . : Intel(R) WiFi Link 1000 BGN Physical Address. . . . . . . . . : AA-BB-CC-DD-EE-FF Dhcp Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes IP Address. . . . . . . . . . . . : 192.168.10.28 Subnet Mask . . . . . . . . . . . : 255.255.255.0 Default Gateway . . . . . . . . . : 192.168.10.1 DHCP Server . . . . . . . . . . . : 192.168.10.150 DNS Servers . . . . . . . . . . . : 192.168.10.150 192.168.10.151 Primary WINS Server . . . . . . . : 192.168.10.150 Secondary WINS Server . . . . . . : 192.168.10.151 Lease Obtained. . . . . . . . . . : Monday, January 03, 2012 7:46:22 PM Lease Expires . . . . . . . . . . : Tuesday, January 04, 2012 3:46:22 AM

  26. Zone Transfer (Conduct AXFR) D:\>nslookup Default Server: ns1.test.com Address: 192.168.10.150 > server 192.168.10.151 Default Server: ns2.test.com Address: 192.168.10.151 > set type=any > ls -d fluor.com

  27. Zone Transfer (Results) Default Server: ns1.test.com Address: 192.168.10.10 > > [ns1.test.com] test.com. NS ns1.test.com test.com. NS ns2.test.com ns1 A 192.168.10.10 ns2 A 192.168.10.11 payroll A 192.168.10.199 server1 A 192.168.10.215 192.168.1.1 TXT "Core Switch GigabitEthernet 0/0" dnsserver CNAME ns1.test.com _kerberos._tcp.WashingtonDC._sites.dc._msdcs SRV priority=0, weight=100, port=88, server1.test.com _ldap._tcp.WashingtonDC._sites.dc._msdcs SRV priority=0, weight=100, port=389, server1.test.com

  28. dnsenum

  29. dnsenum

  30. fierce

  31. fierce

  32. Maltego

  33. Bookmarks • johnny.ihackstuff.com • securitytube.net • paterva.com

More Related