Information Gathering Techniques
◾
93
The confirmation e-mail is received within a few minutes. On viewing the e-mail header, we
will get the following information:
Next, we would use any e-mail tracer to check from where the e-mail originated. We will use the
following website to do that. The header will reveal the real IP address of the target.
http://www.ip2location.com/free/email-tracer
Intelligence Gathering Using Shodan
Shodan is a search engine for hackers.
Unlike Google, Bing, and Yahoo, which crawl for front-end
pages, Shodan crawls the web
for devices such as printers, security cameras, and routers, which are
94
◾
Ethical Hacking and Penetration Testing Guide
connected to the Internet. Shodan is dubbed as “the scariest search engine on the web.” Shodan
can help penetration testers find valuable information about the target.
Example 1: Default Passwords
The search query “admin+1234” is the default
password for most routers, so we used the search
query “admin+1234” to search for all the routers that have the default username and password.
Similarly, we can try searching with other default username and passwords such as admin/admin,
admin/password, etc.
Dostları ilə paylaş: 
