Ethical Hacking and Penetration Testing Guide

Information Gathering Techniques
◾ 
93
The confirmation e-mail is received within a few minutes. On viewing the e-mail header, we 
will get the following information:
Next, we would use any e-mail tracer to check from where the e-mail originated. We will use the 
following website to do that. The header will reveal the real IP address of the target.
http://www.ip2location.com/free/email-tracer
Intelligence Gathering Using Shodan
Shodan is a search engine for hackers. Unlike Google, Bing, and Yahoo, which crawl for front-end 
pages, Shodan crawls the web for devices such as printers, security cameras, and routers, which are 

94
◾ 
Ethical Hacking and Penetration Testing Guide
connected to the Internet. Shodan is dubbed as “the scariest search engine on the web.” Shodan 
can help penetration testers find valuable information about the target.
Example 1: Default Passwords
The search query “admin+1234” is the default password for most routers, so we used the search 
query “admin+1234” to search for all the routers that have the default username and password. 
Similarly, we can try searching with other default username and passwords such as admin/admin, 
admin/password, etc.

Yüklə 22,44 Mb.

Dostları ilə paylaş: