Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Information gath

9,864 views

Published on

Published in: Education, Technology, Business

Information gath

  1. 1. INFORMATION GATHERING IN A PENTEST By : Syarif @fl3xu5 Cybercrime Investigation Center Mabes Polri Jakarta, 28 Januari 2012
  2. 2. Agenda About Pentest ( Penetration Testing ) Pentest Phase How Important do Information Gathering Passive & Active Information Gathering Google Hack Netcraft Whois host dig
  3. 3. About Pentest ( Penetration Testing ) A method to evaluate the security of computer system / network Practice ( attacking ) an IT System like a ‘hacker’ do Find a security holes ( systemic weaknesses ) By pass security mechanism compromise an Organization’s IT System Security Must have a permission from IT System owner ~ The Person is called a Pentester ~
  4. 4. Pentest Phase Information Gathering Vulnerability Analysis Exploitation Post Exploitation Reporting
  5. 5. How Important do Information Gath. Information Gath. Chance of Successful attack~
  6. 6. Passive & Active Information Gathering Passive Information Gathering Active Information Gathering Google Hacking Netcraft Whois Nslookup Port Scanning Service Scanning Nmap Metasploit
  7. 7. Google Hack was introduced by Johnny Long based on google basic usage information :http:// www.google.com/help/basics.html! More : http://www.google.com/help/ operators.html
  8. 8. Google Hack ( cont’d ) Google basic search help
  9. 9. Google Hack ( cont’d ) Operators and More Search help
  10. 10. Google Hack ( cont’d ) Examples :
  11. 11. Google Hack ( cont’d ) Examples :
  12. 12. Google Hack ( cont’d ) Examples :
  13. 13. Google Hack ( cont’d ) Other Examples :
  14. 14. Google Hack ( cont’d ) Other Examples :
  15. 15. Google Hack ( cont’d ) More Examples :
  16. 16. Netcraft an Internet monitoring company based on England Uptimes OS detection web server
  17. 17. Netcraft ( cont’d )
  18. 18. Whois
  19. 19. host
  20. 20. dig
  21. 21. REFERENCES http://www.pentest-standard.org/index.php/ PTES_Technical_Guidelines http://www.metasploit.com/about/penetration- testing-basics/ Metasploit The Penetration Tester’s Guide : David Kennedy , Jim O’Gorman, Devon Kearns, Mati Aharoni GHDB , http://johnny.ihackstuff.com/ghdb/

×