Ethical Hacking and Penetration Testing Guide


◾  Ethical Hacking and Penetration Testing Guide File Analysis



Yüklə 22,44 Mb.
Pdf görüntüsü
səhifə47/235
tarix07.08.2023
ölçüsü22,44 Mb.
#138846
1   ...   43   44   45   46   47   48   49   50   ...   235
Ethical Hacking and Penetration Testing Guide ( PDFDrive )

68
◾ 
Ethical Hacking and Penetration Testing Guide
File Analysis
Analyzing the files of the target could also reveal some interesting information such as the meta-
data (data about data) of a particular target. In Chapter 8, I will demonstrate a tool for analyzing 
PDF documents, but for now, let’s look at the basics.
Foca
Foca is a very effective tool that is capable of analyzing files without downloading them. It can search 
a wide variety of extensions from all the three big search engines (Google, Yahoo, and Bing). It’s also 
capable of finding some vulnerabilities such as directory listing and DNS cache snooping.


Information Gathering Techniques
◾ 
69
Harvesting E-Mail Lists
Gathering information about e-mails of employees of an organization can give us a very broad 
attack vector against the target. This method can be classified under passive reconnaissance since 
we are not engaging with the target in any way, but would be using search engines to gather a list 
of e-mails. These e-mail lists and usernames could be used later for social engineering attacks and 
other brute force attacks. We will discuss this once we get to the exploitation phase. It’s quite a 
tedious job to gather e-mails one by one with Google. Luckily, we have lots of built-in tools in 
BackTrack that can take care of this. One of those tools is TheHarvester, written in Python. The 
way is works is that it the data available publicly to gather e-mails of the target. This tool is available 
in BackTrack by default under the /pentest/enumeration/google/harvester directory. To run the 
tool from the directory, type the following command:
./theHarvester.py
Now, let’s say that we are performing a pentest on Microsoft.com and that we would like to 
gather e-mail lists. We will issue the following command:
The 
-l
 
parameter allows us to limit the number of search results; for example, here we have 
limited it to 500 by assigning 
–l 500
command. Along with it, you can see a 
-b
parameter; 
this tells TheHarvester to extract the results from Google. However, you can change it to Bing 
or LinkedIn, and the tool will return the relevant results from the Bing search engine and 
LinkedIn. You can also use 
-all
parameter to make the tool search for results in all of these 
websites.


70
◾ 
Ethical Hacking and Penetration Testing Guide
Next, we can search individual e-mails in pipl.com, which is one of the largest, high-quality 
people search engines, and try to find relevant information.
Through this search, we’ve some interesting information for tharris@microsoft.com. So from 
just a simple e-mail address, we were able to gather a complete profile.
This information could be very useful in performing social engineering attacks, stressing the 
fact that humans are the weakest link.
With a little more digging, we’ve managed to find the LinkedIn and Facebook account of 
Tim Harris.


Information Gathering Techniques
◾ 

Yüklə 22,44 Mb.

Dostları ilə paylaş:
1   ...   43   44   45   46   47   48   49   50   ...   235




Verilənlər bazası müəlliflik hüququ ilə müdafiə olunur ©azkurs.org 2024
rəhbərliyinə müraciət

gir | qeydiyyatdan keç
    Ana səhifə


yükləyin