To learn the basics of information gathering as the first series of steps in penetration testing. Understand the basics of utilities such as “ping” and “tracert”. Understand the basics of Domain Name System (DNS) and “whois”. Familiarize ourselves with “dig,” a command line utility that is part of the BIND framework for DNS servers
1. INFSYS3848/6828 LAB: BASIC RECONNAISSANCE
Page 1 of 5
POINTS POSSIBLE: 100
DUE DATE: APRIL 15, 2016 by 11:59PM centraltime
SPECIAL NOTE: The TASK2 Portion of this lab MUSTbe carried out in the Virtual Lab (accessible
through https://tritonapps.umsl.edu) forthiscourseonly.Pleasecontactme as soon aspossible
if you do nothaveaccessto virtual lab.
PLEASE:
1. DO NOT DELETE/MODIFY any fileson the target machines.If youdelete filesor
make the machinesotherwise unavailable,yourclassmatesmaynot be able to
finishthe assignmentontime. PLEASE BE COURTEOUS.
2. Feel free to use any resource you wishto research the toolsand answersto lab
questions.However, write your answers in your ownwords. I will grade based
how completeyour answers are. That is,whether you took the time to learn!
3. NOTE: This labrequires INDIVIDUAL work. Discussionsforthe sake of learning
are fine andencouraged.
Lab Overview:
A potential attackeroftenbeginsbygatheringasmuchinformationaboutatargetas possible.Thisisthe
case forboth malicioushackingandethical hacking(penetrationtesting).Thus,itisessential forInfoSec
professionals tohave asolidfoundationinreconnaissance frombothperspectives.A greatdeal of
informationonapotential targetcanbe gatheredthroughpubliclyavailable sourcesandlegitimate
tools.
The thingswe will dointhislab themselvesare reallybasic.The ideaisyouspendtime learningabout
the backgroundon whatthese toolsaccomplishandhow.Soplease payattentiontoTask1 and do
complete the requiredreadings/videos.
Lab Purpose:
1. To learnthe basicsof informationgatheringasthe firstseriesof stepsinpenetrationtesting
2. Understandthe basicsof utilitiessuchas“ping” and “tracert”
3. Understandthe basicsof DomainName System(DNS) and“whois”
4. Familiarize ourselveswith“dig,”acommandline utilitythatispartof the BINDframeworkfor
DNS servers
Lab Tasks:
There are twotasks forthislab: Task1 and Task 2.
TASK 1
Before proceedingwith task2, please familiarize yourself withthe following basicconcepts:
1. “Whois”: http://en.wikipedia.org/wiki/Whois (veryquick skimthrough)
2. INFSYS3848/6828 LAB: BASIC RECONNAISSANCE
Page 2 of 5
a. Visitanyone of these sitesandtry lookingup infoondomainnamesyouknow of…(try
example.comorgoogle.comorperhapseven umsl.edu)
i. http://www.domaintools.com/
ii. http://whois.net/
iii. http://www.networksolutions.com/whois/index.jsp
b. If you wishyoumay use the “whois”tool fromthe commandline inyourUbuntu
installations (the one we didforLab1). Simplytype the followingatthe command
promptwhois domainname (replace domainnamewithanactual domainname
such as google.com).
i. If “whois”is notinstalled,youcouldeasilyinstall itusingapt-get(orgoogle for
instructions)
2. DomainName System(DNS) Conceptstoknow:
a. Domainsandsub-domains
b. How DNSqueries work
c. DNS Zones,Delegation,ZoneTransfers
DNS INFORMATION LINKS: Please gothroughthese inorder.
1) Basics:How DNS Worksby Barry Brown,watch entire playlist(especiallyforpeople with
no networkingbackground)
http://www.youtube.com/playlist?list=PL5DDE6309C9057EEA
2) Re-cap:
http://www.youtube.com/watch?feature=player_detailpage&v=ZBi8GCxk7NQ#t=13
3. DNS tools
a. NSLOOKUP
b. DIG
4. NetworkScanningtools
a. NMAP(visithttps://nmap.org/book/toc.html tolearnasmuchas youcan, try their
“IntroductionandOverview section,it’sinterestingandwill giveyouanideaon
Pentesting)
TOOLS INFORMATION LINKS:
1) Overviewof commonnetworkutilitiesinLinux:
http://www.youtube.com/watch?v=CigJXmUYXJY#aid=P9hrcMoKTHw
2) Overviewof DIG: http://www.youtube.com/watch?v=EMyVSyWXnak
3) Thisone cannot be carriedout in ourvirtual labbut isworth a watch to learnabout
the dangersof DNSzone transfers: http://www.youtube.com/watch?v=bdHl-
w3V_4w (SecurityTube.netVideo,showsafull zone transfer…yesthe accentis
Indian).
a. Obviously,please donot try this on any real target, eventhoughthe video
showsthe personblatantlydoingso!
I familiarizedmyself withall linksprovidedabove.
3. INFSYS3848/6828 LAB: BASIC RECONNAISSANCE
Page 3 of 5
TASK 2:
Imagine youare a penetrationtesterandyouare on assignmenttofindandreportvulnerabilitiesin
your client’sdatanetworkandhostswithinit.There are differentlevelsof informationprovidedto
penetrationtestersuponassignment.Sometimesthe clientsprovide the entire networkstructure and
informationonall hosts.Atothertimesthe clientdoesnotprovide anythingandessentiallyasksthe
testersto“hack in” justas a real hackerwould.
In thislab,all you knowabout yourclientistheirwebaddress http://www.foo.com andare tryingto
beginthe processof finding vulnerabilities.The firststeptofindingvulnerabilitiesistocarry out
“footprinting”reconnaissancetofigure outjustwhatour “attack surface”lookslike.
In thislabwe will learnthe mostbasicsof footprinting.We will learnaboutactuallyfinding
vulnerabilitiesinlaterlabs.
GETTING READY FOR THE EXERCISES
1) Loginto the Virtual Lab (instructionsonMyGateway/Docs&Assignments/Assignmentsand
Quizzes/).
2) Performthe exercisesgivenbelow withinyourKali Linux Machine (deliveredtoyouonce you
finishloggingintothe virtual lab)
EXERCISE 1:
One verysimple tool tofigure outif a “host” (anydevice withanaddressona network) isturnedonand
communicatingoverthe networkis“PING.” Of course,systemadministratorscanpreventhostsfrom
respondingtopings.
DO:
1) Checkout the website: InKali,openup the browser(Iceweasel,tinyglobe like iconintopleft).
In the addressbar type the URL http://www.foo.com tonotice thatthere isa site configured
withthat domain.
2) Openupthe commandline on Kali and ping(ping domainname i.e. ping
www.foo.com) the above domain.Afterafew echoeshit“CTRL+C” to cancel the pingprocess.
Obviously,thiswebsite isrunningonaserverandif the site isonwe did notreallyneedtoping
it to findif “itisup.” The pingdoesgive ussome basicinformation.
EXERCISE 1 QUESTIONS
Q 1.1) Is the computer correspondingto the domainname onand communicating?(YES/NO)
Yes
Q 1.2) Whatis the IP version 4 address of thiscomputer?
4. INFSYS3848/6828 LAB: BASIC RECONNAISSANCE
Page 4 of 5
192.168.2.5
Q 1.3) Whatdid we “attackers” learn from this simpleprocedure? (Be sure to read aboutping,what it
reveals (beyondthe IP address),whether it isgood or badto enable pingresponses or whether it
doesn’tmatter. Hint: start with findingoutwhat underlyingprotocol isused for pings.)
We learnedthatwhenwe pinganIP addressitbringsback how longit takesforyour computer
to communicate withthe serverandthe speedittakes.The underlyingprotocol isICMP
(InternetControl Message Protocol).Usingthe pingoptionisgoodforattackersto do sothey
understandhowthe serverworks.
EXERCISE 2:
In thisexercise we will use atool availableonmost*nix platformsforobtainingDNSinformation,called
DIG. Similarfunctionalityisavailable throughtoolssuchas“NSLOOKUP”(alsoavailable onWindows)
and “HOST”. Here we focuson “DIG”.
DO: (ifyou haven’twatched the videoson DIG mentionedabove,please doso)
At the commandline inKali,issue asimple digcommandforthe above domain:
dig www.foo.com
EXERCISE 2 QUESTIONS
Q 2.1) Examinethe QuestionSectionin the output ofthe abovecommand.What“question” didwe
ask in thisquery?
We askedwhatthe domainname serveris.
Q 2.2) Examinethe Answer Section.
a. Whatis the IP (version4) addressassociatedwith that name?
192.168.2.5
Q 2.3) Examinethe AuthoritySection.What type ofrecord is returned here? What isthe nameof the
name server associatedwiththis domain? (Don’tbe confusedwithits name, it does notmatter what it
is called,simplyreport the name in the record type NS)
a. Routerinformationisreturned.
b. Router1.infosys.com& router1.foo.com
Q 2.4) Examinethe Additional Section.Whatisthe IP address ofthe name server?
192.168.1.254 & 192.168.2.254
WRAPPING UPYOUR LAB SESSION:
Once you have carried out all exercises,please followthese stepscarefully:
5. INFSYS3848/6828 LAB: BASIC RECONNAISSANCE
Page 5 of 5
1. Simplyclose the “Remote Desktop” windowby clicking on the “X” inthe blue title bar.
a. No needto shut down the Kali Machine
2. You’re done and thank you.
--End lab --
LAB DELIVERABLES:
1) Please carryout all tasksas requestedincludingreading/watchingvideosunder“Task1”.
2) Please alsoconductthe exercisesunder“Task2” and provide completeanswerstothe
questionsundereachexercise.NOTE:There isa “rightanswer”to most of these questions.Iam
lookingforcomplete answersandinparticularyourinsightaboutthese exercises.
3) Type your answers in a separate document.Note thatyou will notbe able to copy paste
betweenyourKali machinesandyourcomputer. Youwill have totype youranswersin.
4) Name yourdocument“FirstName_LastName_Assignment4”
5) Submitcompleteddocumentthrough MyGateway.
GETTING HELP:
Call me (314-489-9733) / email (shajikhan@umsl.edu) anytime.Formore detailedhelp,pleasesee me
duringoffice hours orsetupappointment.Tutorsare alsoavailable.