Information Gathering

33
Information Gathering 2012 BackTrack Workshop Upstate ISSA Chapter

description

Information Gathering. 2012 BackTrack Workshop Upstate ISSA Chapter. Agenda. Intelligence Gathering Publicly Available Information Google Hacking DNS Enumeration Maltego. Intelligence Gathering. Special Forces conduct successful operations based on intelligence - PowerPoint PPT Presentation

Transcript of Information Gathering

Page 1: Information Gathering

Information Gathering

2012 BackTrack Workshop

Upstate ISSA Chapter

Page 2: Information Gathering

Agenda

Intelligence Gathering Publicly Available Information Google Hacking DNS Enumeration Maltego

Page 3: Information Gathering

Intelligence Gathering

Special Forces conduct successful operations based on intelligence

The more information, the more successful the operation

Most of pentesting engagement dedicated to reporting and information gathering

Page 4: Information Gathering

Publicly Available Information

Website Analysis Whois Netcraft Mapping Physical Locations Social Media SHODAN Maltego

Page 5: Information Gathering

Website Analysis

Page 6: Information Gathering

What’s Hiding in the Code?

Page 7: Information Gathering

Whois

whois –h org.whois-servers.net issa.org

Page 8: Information Gathering

Netcraft

Page 9: Information Gathering

Netcraft

Page 10: Information Gathering

Mapping Physical Locations

Page 11: Information Gathering

Mapping Physical Locations

Page 12: Information Gathering

Social Media

Page 13: Information Gathering

Social Media

Page 14: Information Gathering

SHODAN

Page 15: Information Gathering

Google Hacking

goofile goohost gooscan metagoofil theHarvester

Page 16: Information Gathering

goofile

Page 17: Information Gathering

goohost

Page 18: Information Gathering

gooscan

Page 19: Information Gathering

gooscan

Page 20: Information Gathering

Metagoofil

Page 21: Information Gathering

Metagoofil

Page 22: Information Gathering

theHarvester

./theHarvester.py –d issa.org –l 500 –b google

Page 23: Information Gathering

DNS Enumeration

DNS Record Types Zone Transfers dnsenum fierce

Page 24: Information Gathering

DNS Record Types

SOA = Start of Authority NS = Name Server A = Address (Host) CNAME = Canonical Name (Alias) MX = Mail Exchanger SRV = Service Locator TXT = Text Data

Page 25: Information Gathering

Zone Transfer (IP Information)

Ethernet adapter Wireless Network Connection:

Connection-specific DNS Suffix . : test.com Description . . . . . . . . . . . : Intel(R) WiFi Link 1000 BGN Physical Address. . . . . . . . . : AA-BB-CC-DD-EE-FF Dhcp Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes IP Address. . . . . . . . . . . . : 192.168.10.28 Subnet Mask . . . . . . . . . . . : 255.255.255.0 Default Gateway . . . . . . . . . : 192.168.10.1 DHCP Server . . . . . . . . . . . : 192.168.10.150 DNS Servers . . . . . . . . . . . : 192.168.10.150 192.168.10.151 Primary WINS Server . . . . . . . : 192.168.10.150 Secondary WINS Server . . . . . . : 192.168.10.151 Lease Obtained. . . . . . . . . . : Monday, January 03, 2012 7:46:22

PM Lease Expires . . . . . . . . . . : Tuesday, January 04, 2012 3:46:22

AM

Page 26: Information Gathering

Zone Transfer (Conduct AXFR)

D:\>nslookupDefault Server: ns1.test.comAddress: 192.168.10.150

> server 192.168.10.151Default Server: ns2.test.comAddress: 192.168.10.151

> set type=any> ls -d fluor.com

Page 27: Information Gathering

Zone Transfer (Results)

Default Server: ns1.test.comAddress: 192.168.10.10

> > [ns1.test.com] test.com. NS ns1.test.com test.com. NS ns2.test.com ns1 A 192.168.10.10 ns2 A 192.168.10.11 payroll A 192.168.10.199 server1 A 192.168.10.215 192.168.1.1 TXT "Core Switch GigabitEthernet 0/0" dnsserver CNAME ns1.test.com _kerberos._tcp.WashingtonDC._sites.dc._msdcs SRV priority=0,

weight=100, port=88, server1.test.com _ldap._tcp.WashingtonDC._sites.dc._msdcs SRV priority=0,

weight=100, port=389, server1.test.com

Page 28: Information Gathering

dnsenum

Page 29: Information Gathering

dnsenum

Page 30: Information Gathering

fierce

Page 31: Information Gathering

fierce

Page 32: Information Gathering

Maltego

Page 33: Information Gathering

Bookmarks

johnny.ihackstuff.com securitytube.net paterva.com