Saturday, January 26, 2013

An introduction to Information Gathering

backtrack, backtrack 5, linux, hacking, tutorial, hacking tutorial, ethical hacking, pentest, penetration testing, pc, wpa, wpa2, metasploit, nmap, browser exploit, information gathering, footprinting


Information Gathering is the first step in penetration testing, and is also the most crucial part in the whole process itself, and every successful operation will heavily depend on it. This phase consistes of collecting all possible type of information about a given target. Any information whatever irrelevant it may seem, can be of the utmost importance. This includes network address range, live hosts, open ports and the services running on these ports, operating systems,and you can also collect emails or phone numbers that can be used later on for social engineering purposes.


A big arsenal of tools is available for the reconnaissance phase and they are pre- installed  in Backtrack. We cannot talk about Information gathering without mentioning nmap (Network Mapper). It is in fact a flexible and powerful utility for network discovery and security auditing.




backtrack, backtrack 5, linux, hacking, tutorial, hacking tutorial, ethical hacking, pentest, penetration testing, pc, wpa, wpa2, metasploit, nmap, browser exploit, information gathering, footprinting


figure 1: nmap in action



backtrack, backtrack 5, linux, hacking, tutorial, hacking tutorial, ethical hacking, pentest, penetration testing, pc, wpa, wpa2, metasploit, nmap, browser exploit, information gathering, footprinting

                                                                                 figure 2: nmap in action

Other alternatives for nmap are zenmap, dnmap, netifera, netcat and a dozen of other useful tools like dmitry. (i already posted a tutorial about Dmitry, if you are intersted, here is the link: http://backtrack-wifu.blogspot.com/2013/01/dmitry-footprinting-tool.html).


 We can also start with a dns lookup.




backtrack, backtrack 5, linux, hacking, tutorial, hacking tutorial, ethical hacking, pentest, penetration testing, pc, wpa, wpa2, metasploit, nmap, browser exploit, information gathering, footprinting



figure3: performing a whois lookup on facebook




backtrack, backtrack 5, linux, hacking, tutorial, hacking tutorial, ethical hacking, pentest, penetration testing, pc, wpa, wpa2, metasploit, nmap, browser exploit, information gathering, footprinting


figure 4: more whois data about facebook

I f you are that lazy, you can rely on online tools. A useful site for this purpose is: http://www.all-nettools.com/ which is of great help for beginners. It provides a lot of services like: whois lookup, tracerouting, nslookup etc...



backtrack, backtrack 5, linux, hacking, tutorial, hacking tutorial, ethical hacking, pentest, penetration testing, pc, wpa, wpa2, metasploit, nmap, browser exploit, information gathering, footprinting


figure 5: list services in all-net-tools



backtrack, backtrack 5, linux, hacking, tutorial, hacking tutorial, ethical hacking, pentest, penetration testing, pc, wpa, wpa2, metasploit, nmap, browser exploit, information gathering, footprinting


figure6: smart whois on cnn.com


You may also try http://www.dnsstuff.com/


backtrack, backtrack 5, linux, hacking, tutorial, hacking tutorial, ethical hacking, pentest, penetration testing, pc, wpa, wpa2, metasploit, nmap, browser exploit, information gathering, footprinting

figure 7: available service in dnsstuff.com


backtrack, backtrack 5, linux, hacking, tutorial, hacking tutorial, ethical hacking, pentest, penetration testing, pc, wpa, wpa2, metasploit, nmap, browser exploit, information gathering, footprinting

figure 8: performing an ip traceroute


To the surprise of many people, one of the first information gathering sources for a pentester is GOOGLE !! It can reveal a lot of valuable information that people may not want us to discover. This is possible with what is referred to as google hacks.

Let's look for a private directory for example:



backtrack, backtrack 5, linux, hacking, tutorial, hacking tutorial, ethical hacking, pentest, penetration testing, pc, wpa, wpa2, metasploit, nmap, browser exploit, information gathering, footprinting


figure 9: google hacks




backtrack, backtrack 5, linux, hacking, tutorial, hacking tutorial, ethical hacking, pentest, penetration testing, pc, wpa, wpa2, metasploit, nmap, browser exploit, information gathering, footprinting


figure 10: google hacks


You can also use other tools to trace email senders or for IDS or IPS identification. The only thing that you have to bear in mind, is that information gathering is an art, and if you master this art, everything else would be much easier. Another important thing here worth mentioning, which is documentation. This step consists of having a good and organized documentation for your findings. A lot of tools are also available for this task like: casefile,magictree and basket. I am going to post some tutorials about information gathering tools, and documentation tools as soon as possible. Hope you enjoyed.

                                                                                                                                        TO BE CONTINUED

0 commentaires: