Information Gathering Lecture

8/11/2019 Information Gathering Lecture

http://slidepdf.com/reader/full/information-gathering-lecture 1/16

Information Gathering



INFORMATION

GATHERING



Information Gathering

• “The more Information you have about the target , the

more is the chance od Successful exploitation ”



Sources of Information Gathering

• Social media website

• Search engines

• Forums

• Press releases• People search

• Job sites



Tools of the trade

• Here , we will be discussing about the tools that can behandy in the process of Information gathering.

• WinHTTrack:

• Out of many tools , WinHTTrack helps you to copy the whole website locallyto investigate the site for flaws / Useful Information.

• In linux , we use --> wget http://www.example.com

• website Ripper Cop ier :• Also used to copy a website locally, with some extra features.

http://www.example.com/




WinHTTrack Website Copier



Website Ripper Copier



Information Gathering with Whois

• Goal is to gather as much information as possible aboutthe target.

• Whois contains a database containing information about

all the websites on the web.• Like who owns the site , email address of the owner etc.

• Sites to look for:

• whois.domaintools.com

• Networks-tool.com

•



Domain Hosted on same server

• There are many ways to find different domains being

hosted on same server.

• There’s a method called “symlink bypassing” wherecompromises all the other sites by using the single site.

• Site - > Yougetsignal.com



Tracing location

• Identify the IP of the website/web server by using Ping

command as also to know if the server is alive.

• Ping www.abc.com

Now A tool like IPTracer can be used to trace the Location of the IP.

http://www.ip-adress.com/ip_tracer/yourip

http://www.abc.com/






http://www.abc.com/



Traceroute

• Useful tool to get the network topology.

• Like how firewalls , control Points , Load balancers etc are

implemented in the network.

• It uses the TTL (Time to Live) field from IP header

• Increments it to determine where the system is.

• TTL value decrements when it reaches a hop( router to

server is one hop )in the network.



• There are three different types of traceroute.

• 1. ICMP traceroute (which is used in Windows by default)

• 2. TCP traceroute• 3. UDP traceroute



Tools

• NeoTrace – GUI based tool to Map out the network.

• Cheops-ng – Tracing and fingerprinting the network.

• Burp suite – Proxy tool to intercept the request response

between browser and web server.

• Acunetix Vulnerability Scanner. – Used to scan a web forvulnerability.



• Whatweb – Its all in one tool for active footprinting of

webservers to identify web vulnerabilities like SQL

injection, cross site scripting , email address , server

version.

• Netcraft – contains a huge online database with useful

information on websites .

• Can be used for passive reconnaissance against the

target.



Google Hacking

• Site Used to search for all the web pages that areindexed by Google• Site: www.example.com

• Link Returns all the websites that are linked to the

website• link: www.example.com

• Intitle Is used to retuen some results with a specifictarget• Site: www.example.com intitle: ftp users

• Inurl: useful search query to return URLs with specifickeywords.

• Filetype: use to return specific filetype• Site: www.example.com filetype: pdf





Information Gathering Lecture

Documents

Transcript of Information Gathering Lecture