Information Gathering

Information Gathering 2012 BackTrack Workshop Upstate ISSA Chapter

Agenda     

Intelligence Gathering Publicly Available Information Google Hacking DNS Enumeration Maltego

Intelligence Gathering 





Special Forces conduct successful operations based on intelligence The more information, the more successful the operation Most of pentesting engagement dedicated to reporting and information gathering

Publicly Available Information     

 

Website Analysis Whois Netcraft Mapping Physical Locations Social Media SHODAN Maltego

Website Analysis

What’s Hiding in the Code?

Whois whois –h org.whois-servers.net issa.org

Netcraft

Netcraft

Mapping Physical Locations

Mapping Physical Locations

Social Media

Social Media

SHODAN

Google Hacking     

goofile goohost gooscan metagoofil theHarvester

goofile

goohost

gooscan

gooscan

Metagoofil

Metagoofil

theHarvester ./theHarvester.py –d issa.org –l 500 –b google

DNS Enumeration    

DNS Record Types Zone Transfers dnsenum fierce

DNS Record Types     

 

SOA = Start of Authority NS = Name Server A = Address (Host) CNAME = Canonical Name (Alias) MX = Mail Exchanger SRV = Service Locator TXT = Text Data

Zone Transfer (IP Information) Ethernet adapter Wireless Network Connection: Connection-specific DNS Suffix . : test.com Description . . . . . . . . . . . : Intel(R) WiFi Link 1000 BGN Physical Address. . . . . . . . . : AA-BB-CC-DD-EE-FF Dhcp Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes IP Address. . . . . . . . . . . . : 192.168.10.28 Subnet Mask . . . . . . . . . . . : 255.255.255.0 Default Gateway . . . . . . . . . : 192.168.10.1 DHCP Server . . . . . . . . . . . : 192.168.10.150 DNS Servers . . . . . . . . . . . : 192.168.10.150 192.168.10.151 Primary WINS Server . . . . . . . : 192.168.10.150 Secondary WINS Server . . . . . . : 192.168.10.151 Lease Obtained. . . . . . . . . . : Monday, January 03, 2012 7:46:22 PM Lease Expires . . . . . . . . . . : Tuesday, January 04, 2012 3:46:22 AM

Zone Transfer (Conduct AXFR) D:\>nslookup Default Server: ns1.test.com Address: 192.168.10.150 > server 192.168.10.151 Default Server: ns2.test.com Address: 192.168.10.151 > set type=any > ls -d fluor.com

Zone Transfer (Results) Default Server: ns1.test.com Address: 192.168.10.10 > > [ns1.test.com] test.com. NS ns1.test.com test.com. NS ns2.test.com ns1 A 192.168.10.10 ns2 A 192.168.10.11 payroll A 192.168.10.199 server1 A 192.168.10.215 192.168.1.1 TXT "Core Switch GigabitEthernet 0/0" dnsserver CNAME ns1.test.com _kerberos._tcp.WashingtonDC._sites.dc._msdcs SRV priority=0, weight=100, port=88, server1.test.com _ldap._tcp.WashingtonDC._sites.dc._msdcs SRV priority=0, weight=100, port=389, server1.test.com

dnsenum

dnsenum

fierce

fierce

Maltego

Bookmarks   

johnny.ihackstuff.com securitytube.net paterva.com