Information Gathering Techniques
◾
95
Example 3: Default Passwords
Next, we will use Shodan to search for websites that have a “default-passwords” keyword in their
banners. The banners would most likely disclose the default passwords.
We will use the filter
“default password” to accomplish our goal.
As we can see, the server uses “default-password” “1234” to authenticate users. Furthermore,
Shodan can
be used to search for VLAN IDs, SNMP community strings, and security cameras.
Further Reading
◾
https://www.defcon.org/images/defcon-18/dc-18-presentations/Schearer/DEFCON-18-
Schearer-SHODAN.pdf
◾
http://www.slideshare.net/qqlan/icsscadaplc-googleshodanhq-cheat-sheet
Conclusion
We discussed various methods of active and passive reconnaissance and some real-world informa-
tion gathering techniques. Reconnaissance is the most essential phase of penetration testing. The
better you do it, the more successful you will be in the later phases.
97
Chapter 4
Target Enumeration and
Port Scanning Techniques
In this chapter we will discuss various methods for enumerating and scanning
a target or goal to
gain as much information about the alive targets on a network as possible. This is also part of the
information gathering phase, which,
as I had mentioned, is key to a successful pentest. This chap-
ter is very essential and is a building block for penetration testers, because later in Chapter 7 you
will realize how the information we have gathered in this chapter helps us to compromise targets.
The main goal of this chapter is to learn the following:
◾
Host discovery
◾
Scanning
for open ports
◾
Service and version detection
◾
OS detection
◾
Bypassing firewalls
We will use a variety of tools in demonstrating these tasks.
Dostları ilə paylaş: 
