Reconnaissance [Intel determines success.]
How you gather, manage and use intel determines how successful pentest will be.
The more information we have about target the easier it will be to carry out pentest. The information gathers phase is first arguably one of the most important phases of the penetration test. This where you set data about your target and answers to your question lies like what procedure tactics and technique you will be using for upcoming activities, for this reason, you need to exhaust any information sources you can about your target missing a small piece of information might be detrimental to your cause.
In a general act of information gathering is divided into two parts
1. Passive
2. Active
Passive information gathering is the process of collecting data about your target using publicly available information but you avoid direct contact of the target.
There many techniques but we will try out the Google Hacking technique.
site:"anywebsite.com"
execulision
site:"anywebsite.com" -site:"www.anywebsite.com"
site:"anywebsite.com" filetype:ppt "penetration testing"
intitle:"VNC viewer for Java"
inurl:"/control/userimage.html"
inurl:php?intext:CHARACTER_SETS,COLLATIONS intitle:phpmyadmin
intitle:"-N3t" filetype:php undetectable
execulision
site:"anywebsite.com" -site:"www.anywebsite.com"
site:"anywebsite.com" filetype:ppt "penetration testing"
intitle:"VNC viewer for Java"
inurl:"/control/userimage.html"
inurl:php?intext:CHARACTER_SETS,COLLATIONS intitle:phpmyadmin
intitle:"-N3t" filetype:php undetectable
----------------------------------------------------------------------------------------------------------
After Passive now its time become active with Active information gathering phase
Let's start with DNS enumeration
The Domain Name System (DNS) is the phonebook of the Internet. Humans access information online through domain names. Web browsers interact through Internet Protocol (IP) addresses. DNS translates domain names to IP addresses so browsers can load Internet resources.#
#DNS steps
>.Browse(Google.com)
..Hosts (static information on DNS)
...resolver's cache
....Local DNS
....ISP DNS
.....Root level DNS
......Top Level DNS
.......Authorativer server of Google's
>when DNS is resoved
.Authorativer server of Google's
..ISP DNS
...Local DNS
....resolver's cache
.....Browse(Google.com)
------------------------------------------------------------------------------------------------------------------
#We can interact with DNS with DNS clinets such as host dig and nslookup tools
Forward DNS lookup
host -t ns anywebsite.com
#discover mail service
host -t mx anywebsite.com
#host IP address
host www.anywebsite.com
#check for host
host idontexist.anywebsite.com
Forward DNS lookup
host -t ns anywebsite.com
#discover mail service
host -t mx anywebsite.com
#host IP address
host www.anywebsite.com
#check for host
host idontexist.anywebsite.com
-----------------------------------------------------
Comments
Post a Comment