Ethical Hacking and Penetration Testing Guide
Information Gathering Techniques ............................................................................53
Yüklə 22,44 Mb. Pdf görüntüsü
|
|
3
Information Gathering Techniques ............................................................................53 Active Information Gathering ...........................................................................................53 Passive Information Gathering ..........................................................................................53 Sources of Information Gathering ................................................................................... 54 Copying Websites Locally ................................................................................................ 54 Information Gathering with Whois .........................................................................55 Finding Other Websites Hosted on the Same Server............................................... 56 Yougetsignal.com ............................................................................................................. 56 Tracing the Location ...............................................................................................57 Traceroute ................................................................................................................57 ICMP Traceroute .................................................................................................... 58 TCP Traceroute ...................................................................................................... 58 Usage ............................................................................................................. 58 UDP Traceroute ..................................................................................................... 58 Usage ............................................................................................................. 58 NeoTrace ..........................................................................................................................59 Cheops-ng.........................................................................................................................59 Enumerating and Fingerprinting the Webservers .................................................... 60 viii ◾ Contents Intercepting a Response ................................................................................................... 60 Acunetix Vulnerability Scanner .............................................................................. 62 WhatWeb ........................................................................................................................ 62 Netcraft ........................................................................................................................... 63 Google Hacking ..................................................................................................... 63 Some Basic Parameters ..................................................................................................... 64 Site .......................................................................................................................... 64 Example ........................................................................................................................... 64 TIP regarding Filetype......................................................................................................65 Google Hacking Database ...................................................................................... 66 Hackersforcharity.org/ghdb...............................................................................................67 Xcode Exploit Scanner ......................................................................................................67 File Analysis ............................................................................................................ 68 Foca ........................................................................................................................ 68 Harvesting E-Mail Lists ......................................................................................... 69 Gathering Wordlist from a Target Website ............................................................. 71 Scanning for Subdomains ....................................................................................... 71 TheHarvester .......................................................................................................... 72 Fierce in BackTrack ................................................................................................ 72 Scanning for SSL Version ........................................................................................74 DNS Enumeration .................................................................................................. 75 Interacting with DNS Servers .......................................................................................... 75 Nslookup ..........................................................................................................................76 DIG ..................................................................................................................................76 Forward DNS Lookup ............................................................................................ 77 Forward DNS Lookup with Fierce ................................................................................... 77 Reverse DNS .......................................................................................................... 78 Reverse DNS Lookup with Dig .............................................................................. 78 Reverse DNS Lookup with Fierce .................................................................................... 78 Zone Transfers ........................................................................................................ 79 Zone Transfer with Host Command ............................................................................... 79 Automating Zone Transfers ............................................................................................. 80 DNS Cache Snooping ............................................................................................. 80 What Is DNS Cache Snooping? ........................................................................................81 Nonrecursive Method ..............................................................................................81 Recursive Method ................................................................................................... 82 What Is the Likelihood of Name Servers Allowing Recursive/Nonrecursive Queries? ....... 83 Attack Scenario ................................................................................................................ 84 Automating DNS Cache Snooping Attacks ..................................................................... 84 Enumerating SNMP ............................................................................................... 84 Problem with SNMP ....................................................................................................... 84 Sniffing SNMP Passwords ............................................................................................... 84 OneSixtyOne ....................................................................................................................85 Snmpenum .......................................................................................................................85 SolarWinds Toolset ...........................................................................................................85 SNMP Sweep ................................................................................................................... 86 SNMP Brute Force and Dictionary ................................................................................. 86 Contents ◾ ix SNMP Brute Force Tool .................................................................................................. 86 SNMP Dictionary Attack Tool ........................................................................................ 87 SMTP Enumeration ........................................................................................................ 87 Detecting Load Balancers ....................................................................................... 88 Load Balancer Detector .......................................................................................... 89 Determining Real IP behind Load Balancers.......................................................... 89 Bypassing CloudFlare Protection ............................................................................ 90 Method 1: Resolvers ...................................................................................... 90 Method 2: Subdomain Trick ......................................................................... 92 Method 3: Mail Servers ................................................................................. 92 Intelligence Gathering Using Shodan .............................................................................. 93 Further Reading .............................................................................................................. 95 Conclusion ....................................................................................................................... 95 Yüklə 22,44 Mb. Dostları ilə paylaş:
|