68
◾
Ethical Hacking and Penetration Testing Guide
File Analysis
Analyzing the files of the target could also reveal some interesting information such as the meta-
data (data about data) of a particular target. In Chapter 8, I will demonstrate a tool for analyzing
PDF documents, but for now, let’s look at the basics.
Foca
Foca is a very effective tool that is capable of analyzing files without downloading them. It can search
a wide variety of extensions from all the three big search engines (Google, Yahoo, and Bing). It’s also
capable of finding some vulnerabilities such as directory listing and DNS cache snooping.
Information Gathering Techniques
◾
69
Harvesting E-Mail Lists
Gathering information about e-mails of employees of an organization can give us a very broad
attack vector against the target. This method can be classified under passive reconnaissance since
we are not engaging with the target in any way, but would be using search engines to gather a list
of e-mails. These e-mail lists and usernames could be used later for social engineering attacks and
other brute force attacks. We will discuss this once we get to the exploitation phase. It’s quite a
tedious job to gather e-mails one by one with Google. Luckily, we have lots of built-in tools in
BackTrack that can take care of this. One of those tools is TheHarvester, written in Python. The
way is works is that it the data available publicly to gather e-mails of the target. This tool is available
in BackTrack by default under the /pentest/enumeration/google/harvester directory. To run the
tool from the directory, type the following command:
./theHarvester.py
Now, let’s say that we are performing a pentest on Microsoft.com and that we would like to
gather e-mail lists. We will issue the following command:
The
-l
parameter allows us to limit the number of search results; for example, here we have
limited it to 500 by assigning
–l 500
command. Along with it, you can see a
-b
parameter;
this tells TheHarvester to extract the results from Google. However, you can change it to Bing
or LinkedIn, and the tool will return the relevant results from the Bing search engine and
LinkedIn. You can also use
-all
parameter to make the tool search for results in all of these
websites.
70
◾
Ethical Hacking and Penetration Testing Guide
Next, we can search individual e-mails in pipl.com, which is one of the largest, high-quality
people search engines, and try to find relevant information.
Through this search, we’ve some interesting information for tharris@microsoft.com. So from
just a simple e-mail address, we were able to gather a complete profile.
This information could be very useful in performing social engineering attacks, stressing the
fact that humans are the weakest link.
With a little more digging, we’ve managed to find the LinkedIn and Facebook account of
Tim Harris.
Information Gathering Techniques
◾
Dostları ilə paylaş: |