Active Information Gathering
In active information gathering, we would directly engage with the target, for example, gathering
information about what ports are open on a particular target, what services they are running, and
what operating system they are using. However, the techniques involving active information gath-
ering would be very noisy at the other end. As they are easily detected by IDS, IPS, and firewalls
and generate a log of their presence, and hence are not recommended sometimes.
Passive Information Gathering
In passive information gathering, we do not directly engage with the target. Instead, we use search
engines, social media, and other websites to gather information about the target. This method
54
◾
Ethical Hacking and Penetration Testing Guide
is recommended, since it does not generate any log of presence on the target system. A common
example would be to use LinkedIn, Facebook, and other social networks to gather information
about the employees and their interests. This would be very useful when we perform phishing,
keylogging, browser exploitation, and other client side attacks on the employees.
Sources of Information Gathering
There are many sources of information; the most important ones are as follows:
Social media website
Search engines
Forums
Press releases
People search
Job sites
So let’s discuss some of these sources in detail along with some tools of the trade.
Copying Websites Locally
There are many tools that can be used to copy websites locally; however, one of the most compre-
hensive tool is httrack. It can be used to investigate the website further. For example, let’s suppose
that the file permissions of a configuration file are not set properly. The configuration might reveal
some important information, for example, username and password, about the target.
Information Gathering Techniques
◾
55
If you are on Linux, you can use Wget command to copy a webpage locally.
Wget http://
www.rafayhackingarticles.net
Another great tool is
Website Ripper Copier
, which has a few additional functions than
httrack.
Dostları ilə paylaş: |