Information gathering
Upcoming SlideShare
Loading in...5

Information gathering



The Most Important Step To Done Any Kind of Attack...

The Most Important Step To Done Any Kind of Attack...



Total Views
Views on SlideShare
Embed Views



0 Embeds 0

No embeds



Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
Post Comment
Edit your comment

Information gathering Information gathering Presentation Transcript

  • Information Gathering Prepared By : Mr. Abhijeet A. More OWNER OF PERFECT TRAINING CENTER
  • Information Gathering
  • Information Gathering  Information gathering refers to gathering information about the issue you‟re facing and the ways other organizations and communities have addressed it  You can gather information using both existing sources and natural examples
  • Information Gathering  Synthesis here refers to analyzing what you‟ve learned from your information gathering, and constructing a coherent program or approach by taking ideas from a number of sources and putting them together to create something that meets the needs of the community and population you‟re working with  Synthesis involves extracting the functional elements of both the analysis of the issue and approaches to it  Functional elements are those that are indispensable either to understanding the issue, or to implementing a particular program
  • Why gather information?  It will help you avoid reinventing the wheel.  It will help you to gain a deep understanding of the issue     so that you can address it properly. You need all the tools possible to create the best program you can. It‟s likely that most solutions aren‟t one size fits all. It can help you ensure your program is culturally sensitive. Knowing what‟s been done in a variety of other circumstances and understanding the issue from a number of different viewpoints may give you new insights and new ideas for your program.
  • Information Gathering Tools Maltego Maltego is an intelligence and forensics application. It allows for the mining and gathering of information as well as the representation of this information in a meaningful way.
  • What is Maltego?  Maltego is a unique platform developed to deliver a clear threat picture to the environment that an organization owns and operates  Maltego‟s unique advantage is to demonstrate the complexity and severity of single points of failure as well as trust relationships that exist currently within the scope of your infrastructure
  • About Maltego  Maltego is an intelligence and forensics application. It allows for the mining and gathering of information as well as the representation of this information in a meaningful way.  Coupled with its graphing libraries Maltego allows us to identify previously unknown relationships between information, persons and information about persons.  As such, it is a useful tool in the IT security field to map an organization's people and relationships. A valuable aid in exploring the social-engineering attack vector in pentesting investigations.
  • Tools  Nmap (Network Mapper) is a security scanner originally written by Gordon Lyonused to discover hosts and services on a computer network, thus creating a "map" of the network. To accomplish its goal, Nmap sends specially crafted packets to the target host and then analyzes the responses, etc.
  • NMAP
  • NMAP Objective  Find open TCP and/or UDP listeners on a single or range of TCP/IP Addresses  Find out software versions  Find out operating system type  Don‟t get caught doing it  Learn what you have on your network
  • Is Nmap the best tool?  Yes it is  Long history of development and support  Active user base, used in many products  Continuous development and improvements  “Industry Standard” port scanner  It‟s free, open and well documented.  Stay current! (4.00 as of this doc)
  • History of Nmap  First released September 1, 1997 in Phrack 51 “The Art of       Portscanning” Many updates since then: OS Detection (Phrack 54) Idle scanning Version scanning ARP Scanning
  • Host Discovery  TCP SYN Probe (-PS<portlist>)  TCP ACK Probe (-PA<portlist>)  UDP Probe (-PU<portlist>)  ICMP Echo Request/Ping (-PE)  ICMP Timestamp Requset (-PP)  ICMP Netmask Request (-PM)  ARP Probes (-PR)
  • Most valuable TCP „ping‟ Ports?  80 (HTTP)  25 (SMTP)  22 (SSH)  443 (HTTPS)  21 (FTP)  113 (AUTH)  23 (TELNET)  53 (DNS)  554 (RTSP)  1723 (PPTP)
  • TCP SYN or ACK Probes?  Send both!  Purpose is to find hosts that are up  We do not care whether the port is active yet
  • Most valuable UDP “Ping” Port  Pick a high numbered one  Anything that responds with ICMP is up  Most things respond with ICMP
  • Most Valuable ICMP “Ping” Types  Echo Request (-PE)  …plus either Timestamp (-PP)  …or Netmask (-PM)
  • ARP Ping Probing  Useful only on same subnet  VERY reliable and much faster  Sends raw ethernet ARP requests  Automatically used if host/network is on the local subnet  Unless --send-ip option specified
  • Intense Discovery!  # nmap –sP –PE –PP –PS21,22,23,25,80,113,21339   –PA80,113,443,10042 –source-port 53 –n –T4 –iR 10000  [ … lots of IPs … ]  Host a.b.c.d appears to be up.  Host w.x.y.z appears to be up.  Nmap finished: 10000 IP addresses (699 hosts up) scanned in 2016.564 seconds
  • Tools  Whois Lookup  
  • Thank you!!