Ethical Hacking and Penetration Testing Guide

Information Gathering Techniques
◾ 
75
sniffing methods. Therefore, it is highly recommended to use either SSL 3.0 or TLS 1.0 for web 
pages where highly confidential information is being sent and received.
BackTrack has a great tool SSLSCAN preinstalled, which checks what version of SSL, 2.0 or 
3.0, a server is running. You can find SSLSCAN in the 
/pentest/enumeration
directory.
To scan a website with SSLSCAN, all you need to do is issue the following command from the 
/pentest/enumeration
directory.
sslscan paypal.com
So as you can see from the screenshot, all the SSL 2.0 ciphers are marked as failed and some 
SSL 3.0 ciphers are accepted and some rejected, indicating that the SSL version is 3.0. After the 
scan is finished, it would show you comprehensive results that would contain some useful infor-
mation about the certificate, its issuer, etc., that you can include in your penetration testing report.
Acunetix vulnerability scanner has a great script that automatically finds if the website is using 
an SSL 2.0 deprecated protocol. However, I would recommend you to use SSLSCAN, because 
from my experience, I have seen Acunetix generating false positives.
DNS Enumeration
Without a domain name, Google.com would just be 173.194.35.144, which is it’s IP. Imagine hav-
ing to memorize the IPs of all the websites you visit—surfing the Internet would become really 
difficult. That’s why DNS protocol was developed. It is responsible for translating an IP address to 
a domain name. DNS is one of the most important sources of information on public and private 
servers of the target.

Yüklə 22,44 Mb.

Dostları ilə paylaş: