Ethical Hacking and Penetration Testing Guide
◾ Ethical Hacking and Penetration Testing Guide File Analysis
Yüklə 22,44 Mb. Pdf görüntüsü
|
|
68
◾ Ethical Hacking and Penetration Testing Guide File Analysis Analyzing the files of the target could also reveal some interesting information such as the meta- data (data about data) of a particular target. In Chapter 8, I will demonstrate a tool for analyzing PDF documents, but for now, let’s look at the basics. Foca Foca is a very effective tool that is capable of analyzing files without downloading them. It can search a wide variety of extensions from all the three big search engines (Google, Yahoo, and Bing). It’s also capable of finding some vulnerabilities such as directory listing and DNS cache snooping. Information Gathering Techniques ◾ 69 Harvesting E-Mail Lists Gathering information about e-mails of employees of an organization can give us a very broad attack vector against the target. This method can be classified under passive reconnaissance since we are not engaging with the target in any way, but would be using search engines to gather a list of e-mails. These e-mail lists and usernames could be used later for social engineering attacks and other brute force attacks. We will discuss this once we get to the exploitation phase. It’s quite a tedious job to gather e-mails one by one with Google. Luckily, we have lots of built-in tools in BackTrack that can take care of this. One of those tools is TheHarvester, written in Python. The way is works is that it the data available publicly to gather e-mails of the target. This tool is available in BackTrack by default under the /pentest/enumeration/google/harvester directory. To run the tool from the directory, type the following command: ./theHarvester.py Now, let’s say that we are performing a pentest on Microsoft.com and that we would like to gather e-mail lists. We will issue the following command: The -l parameter allows us to limit the number of search results; for example, here we have limited it to 500 by assigning –l 500 command. Along with it, you can see a -b parameter; this tells TheHarvester to extract the results from Google. However, you can change it to Bing or LinkedIn, and the tool will return the relevant results from the Bing search engine and LinkedIn. You can also use -all parameter to make the tool search for results in all of these websites. 70 ◾ Ethical Hacking and Penetration Testing Guide Next, we can search individual e-mails in pipl.com, which is one of the largest, high-quality people search engines, and try to find relevant information. Through this search, we’ve some interesting information for tharris@microsoft.com. So from just a simple e-mail address, we were able to gather a complete profile. This information could be very useful in performing social engineering attacks, stressing the fact that humans are the weakest link. With a little more digging, we’ve managed to find the LinkedIn and Facebook account of Tim Harris. |