10 Sep 2019
Ethical hacking helps system administrators understand how to better protect the assets they manage.
Footprinting and Reconnaissance (method of discovery) is the first stage and involves gathering information about the target.
Footprinting: learning as much as possible about the target, including remote access capabilities, open ports and services, and what security mechanisms are in place.
Reconnaissance: gathering information about the location of a target by scouting or by setting up covert observation points.
Sequence of Steps
Competitive Intelligence (legal) to dig public information can be a great nontechnical approach to footprinting and reconnaissance.
Used in business to help a company learn about its competitors in order to make better business decisions.
Document the Findings: Its important to document any informations to help build a profile.
Using advanced operators and keywords that may possibly yield pages that contain sensitive information such as protected login screens.
Manipulating people to perform actions or reveal confidential information.
Defence: User Education, Authenication Mechanisms, Simply Questioning.
Dangers of Social Media:
Examples of Public Search Engines
Finding email addresses on public records/websites, crafting an email lists using gained knowledge of username conventions to target for phishing.
Reputation-based solutions for investigating email.
Email headers, tell the story of the journey, the stops etc
Download the entire website to examine the content, obtaining emails, phone number and other information.
You can sometimes see concealed comments, directories, links to protected content.
Free and Paid Tools for Website Mirroring/Extracting:
Open-source intelligence gathering tools
Generates a more targeted discovery
DNS uses port 53 over UDP or TCP (zone transfers only)
Dangers of DNS
When phishing, spoofing the brand in the hyperlink may get someone to click on the link.
Domain names and subdomain names can be used to trick a DNS server into transferring its zone file.
Domain Name Analyzer is an example of a domain name generator tool.
Internet Control Message Protcol (ICMP) resides in the network layer (OSI Layer 3), used by routers and intermediary devices to communicate updates or error information.
Also used for network troubleshooting and to test if a device is alive/available on the network.
Traces the route and provides the path and transit times.
Returns the FQDN and the IP address of each gate, used to help paint a picture of the network.
Combines features of ping and tracert.
Shows packet loss at any given router or link by computing statistics at the end.
nslookup and then enter what you want to search after
You can also set other options such as
set type=mx then
google.co.uk and you’ll get the MX records.
tool used to querying the DNS, native to Linux, installation is required for Windows machine and there are online tools such as toolbox.googleapps.com