0
Information Gathering
Prepared By : Mr. Abhijeet A. More
OWNER OF PERFECT TRAINING CENTER
Information Gathering
Information Gathering
 Information gathering refers to gathering information

about the issue you‟re facing and the ways ...
Information Gathering
 Synthesis here refers to analyzing what you‟ve learned

from your information gathering, and const...
Why gather information?
 It will help you avoid reinventing the wheel.
 It will help you to gain a deep understanding of...
Information Gathering Tools
Maltego
www.paterva.com
Maltego is an intelligence and forensics application. It
allows for th...
What is Maltego?
 Maltego is a unique platform developed to deliver a clear

threat picture to the environment that an or...
About Maltego
 Maltego is an intelligence and forensics application. It

allows for the mining and gathering of informati...
Tools
 Nmap (Network Mapper) is a security scanner originally

written by Gordon Lyonused to discover hosts and services ...
NMAP
NMAP Objective
 Find open TCP and/or UDP listeners on a single or range of

TCP/IP Addresses

 Find out software version...
Is Nmap the best tool?
 Yes it is
 Long history of development and support

 Active user base, used in many products
 ...
History of Nmap
 First released September 1, 1997 in Phrack 51 “The Art of









Portscanning”
http://www.insecu...
Host Discovery
 TCP SYN Probe (-PS<portlist>)
 TCP ACK Probe (-PA<portlist>)

 UDP Probe (-PU<portlist>)
 ICMP Echo Re...
Most valuable TCP „ping‟ Ports?

 80 (HTTP)
 25 (SMTP)
 22 (SSH)
 443 (HTTPS)
 21 (FTP)
 113 (AUTH)
 23 (TELNET)
 ...
TCP SYN or ACK Probes?
 Send both!

 Purpose is to find hosts that are up
 We do not care whether the port is active ye...
Most valuable UDP “Ping” Port
 Pick a high numbered one

 Anything that responds with ICMP is up
 Most things respond w...
Most Valuable ICMP “Ping” Types
 Echo Request (-PE)


…plus either Timestamp (-PP)



…or Netmask (-PM)
ARP Ping Probing
 Useful only on same subnet

 VERY reliable and much faster
 Sends raw ethernet ARP requests
 Automat...
Intense Discovery!
 # nmap –sP –PE –PP –PS21,22,23,25,80,113,21339




–PA80,113,443,10042 –source-port 53 –n
–T4 –iR 1...
Tools
 Whois Lookup

 www.dnsstuff.com
 www.centralops.net
Thank you!!
Upcoming SlideShare
Loading in...5
×

Information gathering

455

Published on

The Most Important Step To Done Any Kind of Attack...

Published in: Education
0 Comments
2 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
455
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
19
Comments
0
Likes
2
Embeds 0
No embeds

No notes for slide

Transcript of "Information gathering"

  1. 1. Information Gathering Prepared By : Mr. Abhijeet A. More OWNER OF PERFECT TRAINING CENTER
  2. 2. Information Gathering
  3. 3. Information Gathering  Information gathering refers to gathering information about the issue you‟re facing and the ways other organizations and communities have addressed it  You can gather information using both existing sources and natural examples
  4. 4. Information Gathering  Synthesis here refers to analyzing what you‟ve learned from your information gathering, and constructing a coherent program or approach by taking ideas from a number of sources and putting them together to create something that meets the needs of the community and population you‟re working with  Synthesis involves extracting the functional elements of both the analysis of the issue and approaches to it  Functional elements are those that are indispensable either to understanding the issue, or to implementing a particular program
  5. 5. Why gather information?  It will help you avoid reinventing the wheel.  It will help you to gain a deep understanding of the issue     so that you can address it properly. You need all the tools possible to create the best program you can. It‟s likely that most solutions aren‟t one size fits all. It can help you ensure your program is culturally sensitive. Knowing what‟s been done in a variety of other circumstances and understanding the issue from a number of different viewpoints may give you new insights and new ideas for your program.
  6. 6. Information Gathering Tools Maltego www.paterva.com Maltego is an intelligence and forensics application. It allows for the mining and gathering of information as well as the representation of this information in a meaningful way.
  7. 7. What is Maltego?  Maltego is a unique platform developed to deliver a clear threat picture to the environment that an organization owns and operates  Maltego‟s unique advantage is to demonstrate the complexity and severity of single points of failure as well as trust relationships that exist currently within the scope of your infrastructure
  8. 8. About Maltego  Maltego is an intelligence and forensics application. It allows for the mining and gathering of information as well as the representation of this information in a meaningful way.  Coupled with its graphing libraries Maltego allows us to identify previously unknown relationships between information, persons and information about persons.  As such, it is a useful tool in the IT security field to map an organization's people and relationships. A valuable aid in exploring the social-engineering attack vector in pentesting investigations.
  9. 9. Tools  Nmap (Network Mapper) is a security scanner originally written by Gordon Lyonused to discover hosts and services on a computer network, thus creating a "map" of the network. To accomplish its goal, Nmap sends specially crafted packets to the target host and then analyzes the responses, etc.
  10. 10. NMAP
  11. 11. NMAP Objective  Find open TCP and/or UDP listeners on a single or range of TCP/IP Addresses  Find out software versions  Find out operating system type  Don‟t get caught doing it  Learn what you have on your network
  12. 12. Is Nmap the best tool?  Yes it is  Long history of development and support  Active user base, used in many products  Continuous development and improvements  “Industry Standard” port scanner  It‟s free, open and well documented.  Stay current! (4.00 as of this doc)
  13. 13. History of Nmap  First released September 1, 1997 in Phrack 51 “The Art of       Portscanning” http://www.insecure.org/nmap/p51-11.txt Many updates since then: OS Detection (Phrack 54) Idle scanning Version scanning ARP Scanning
  14. 14. Host Discovery  TCP SYN Probe (-PS<portlist>)  TCP ACK Probe (-PA<portlist>)  UDP Probe (-PU<portlist>)  ICMP Echo Request/Ping (-PE)  ICMP Timestamp Requset (-PP)  ICMP Netmask Request (-PM)  ARP Probes (-PR)
  15. 15. Most valuable TCP „ping‟ Ports?  80 (HTTP)  25 (SMTP)  22 (SSH)  443 (HTTPS)  21 (FTP)  113 (AUTH)  23 (TELNET)  53 (DNS)  554 (RTSP)  1723 (PPTP)
  16. 16. TCP SYN or ACK Probes?  Send both!  Purpose is to find hosts that are up  We do not care whether the port is active yet
  17. 17. Most valuable UDP “Ping” Port  Pick a high numbered one  Anything that responds with ICMP is up  Most things respond with ICMP
  18. 18. Most Valuable ICMP “Ping” Types  Echo Request (-PE)  …plus either Timestamp (-PP)  …or Netmask (-PM)
  19. 19. ARP Ping Probing  Useful only on same subnet  VERY reliable and much faster  Sends raw ethernet ARP requests  Automatically used if host/network is on the local subnet  Unless --send-ip option specified
  20. 20. Intense Discovery!  # nmap –sP –PE –PP –PS21,22,23,25,80,113,21339   –PA80,113,443,10042 –source-port 53 –n –T4 –iR 10000  [ … lots of IPs … ]  Host a.b.c.d appears to be up.  Host w.x.y.z appears to be up.  Nmap finished: 10000 IP addresses (699 hosts up) scanned in 2016.564 seconds
  21. 21. Tools  Whois Lookup  www.dnsstuff.com  www.centralops.net
  22. 22. Thank you!!
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×