SlideShare a Scribd company logo

ch01.ppt

Download as PPT, PDF
M
meghana092

Tcp

Economy & Finance
1 of 41
Chapter 1 Footprinting
Google Hacking Find sensitive data about a company from Google Completely stealthy—you never send a single packet to the target (if you view the cache) To find passwords: – intitle:"Index of" passwd passwd.bak See links Ch 1a, 1b on my Web page (samsclass.info, click CNIT 124)
Other fun searches Nessus reports (link Ch 1c) More passwords (link Ch 1d)
Be The Bot See pages the way Google's bot sees them
Custom User Agents Add the "User Agent Switcher" Firefox Extension Try this Nokia one for fun More in Project 2
Footprinting Gathering target information "If you know the enemy and know yourself, you need not fear the result of a hundred battles. If you know yourself but not the enemy, for every victory gained you will also suffer a defeat. If you know neither the enemy nor yourself, you will succumb in every battle." – Sun Tzu on the Art of War
Environments and the Critical Information Attackers Can Identify Internet Presence Intranet Remote Access (travelling employees) Extranet (vendors and business partners)
Internet Domain name Network blocks Specific IP addresses of systems reachable via the Internet TCP and UDP services running on each system identified System architecture (for example, Sparc vs. x 86) Access control mechanisms and related access control lists (ACLs) Intrusion-detection systems (IDSs) System enumeration (user and group names, system banners, routing tables, and SNMP information) DNS hostnames
Intranet Networking protocols in use (for example, IP, IPX, DecNET, and so on) Internal domain names Network blocks Specific IP addresses of systems reachable via the intranet TCP and UDP services running on each system identified System architecture (for example, SPARC vs. x 86) Access control mechanisms and related ACLs Intrusion-detection systems System enumeration (user and group names, system banners, routing tables, and SNMP information)
Remote access Analog/digital telephone numbers Remote system type Authentication mechanisms VPNs and related protocols (IPSec and PPTP)
Extranet Connection origination and destination Type of connection Access control mechanism
Internet Footprinting Step 1: Determine the Scope of Your Activities Step 2: Get Proper Authorization Step 3: Publicly Available Information Step 4: WHOIS & DNS Enumeration Step 5: DNS Interrogation Step 6: Network Reconnaissance
Step 1: Determine the Scope of Your Activities Entire organization Certain locations Business partner connections (extranets) Disaster-recovery sites
Step 2: Get Proper Authorization Ethical Hackers must have authorization in writing for their activities – "Get Out of Jail Free" card – Criminals omit this step Image from www.blackhatseo.fr
Step 3: Publicly Available Information Company web pages – Wget and Teleport Pro are good tools to mirror Web sites for local analysis (links Ch 1o & 1p) – Look for other sites beyond "www" – Outlook Web Access https://owa.company.com or https://outlook.company.com – Virtual Private Networks http://vpn.company.com or http://www.company.com/vpn
Step 3: Publicly Available Information Related Organizations Physical Address – Dumpster-diving – Surveillance – Social Engineering Tool: Google Earth (link Ch 1q)
Step 3: Publicly Available Information Phone Numbers, Contact Names, E-mail Addresses, and Personal Details Current Events – Mergers, scandals, layoffs, etc. create security holes Privacy or Security Policies, and Technical Details Indicating the Types of Security Mechanisms in Place
Step 3: Publicly Available Information Archived Information – The Wayback Machine (link Ch 1t) – Google Cache Disgruntled Employees Search Engines – SiteDigger seems to be out of date—I tried to get it to work with a Google AJAX key but it doesn't – Wikto is an alternative that might still work (link Ch 1u)
Step 3: Publicly Available Information Usenet – Groups.google.com Resumes
Step 4: WHOIS & DNS Enumeration Two organizations manage domain names, IP addresses, protocols and port numbers on the Internet – Internet Assigned Numbers Authority (IANA; http://www.iana.org) – Internet Corporation for Assigned Names and Numbers (ICANN; http://www.icann.org) – IANA still handles much of the day-to-day operations, but these will eventually be transitioned to ICANN
Step 4: WHOIS & DNS Enumeration Domain-Related Searches – Every domain name, like msn.com, has a top- level domain - .com, .net, .org, etc. If we surf to http://whois.iana.org, we can search for the authoritative registry for all of .com – .com is managed by Verisign
Step 4: WHOIS & DNS Enumeration
Step 4: WHOIS & DNS Enumeration Verisign Whois (link Ch 1v) – Search for ccsf.edu and it gives the Registrar Whois.educause.net Three steps: – Authoritative Registry for top-level domain – Domain Registrar – Finds the Registrant
Step 4: WHOIS & DNS Enumeration Automated tools do all three steps – Whois.com – Sam Spade – Netscan Tools Pro They are not perfect. Sometimes you need to do the three-step process manually.
Step 4: WHOIS & DNS Enumeration Once you've homed in on the correct WHOIS server for your target, you may be able to perform other searches if the registrar allows it You may be able to find all the domains that a particular DNS server hosts, for instance, or any domain name that contains a certain string – BUT a court decision in South Dakota just declared this illegal (link Ch 1o)
Step 4: WHOIS & DNS Enumeration How IP addresses are assigned: – The Address Supporting Organization (ASO http://www.aso.icann.org) allocates IP address blocks to – Regional Internet Registries (RIRs), which then allocate IPs to organizations, Internet service providers (ISPs), etc. – ARIN (http://www.arin.net) is the RIR for North and South America
Step 4: WHOIS & DNS Enumeration IP-Related Searches – To track down an IP address: Use arin.net (link Ch 1x) It may refer you to a different database Examples: – 147.144.1.1 – 61.0.0.2
Step 4: WHOIS & DNS Enumeration IP-Related Searches – Search by company name at arin.net to find IP ranges, and AS numbers – AS numbers are used by BGP (Border Gateway Protocol) to prevent routing loops on Internet routers (link Ch 1y) – Examples: Google, CCSF
Step 4: WHOIS & DNS Enumeration Administrative contact gives you name, voice and fax numbers Useful for social engineering Authoritative DNS Server can be used for Zone Transfer attempts – But Zone Transfers may be illegal now (link Ch 1s)
Step 4: WHOIS & DNS Enumeration Public Database Security Countermeasures – When an administrator leaves an organization, update the registration database – That prevents an ex-employee from changing domain information – You could also put in fake "honeytrap" data in the registration eBay's domain was hijacked (link Ch 1z1)
Step 5: DNS Interrogation Zone Transfers – Gives you a list of all the hosts when it works – Usually blocked, and maybe even illegal now – Demonstration (with Ubuntu) dig soa hackthissite.org – ANSWER shows SOA is dns1.nettica.com dig @ dns1.nettica.com hackthissite.org axfr
Step 5: DNS Interrogation Determine Mail Exchange (MX) Records – You can do it on Windows with NSLOOKUP in Interactive mode
Step 5: DNS Interrogation DNS Security Countermeasures – Restrict zone transfers to only authorized servers – You can also block them at the firewall DNS name lookups are UDP Port 53 Zone transfers are TCP Port 53
Step 5: DNS Interrogation DNS Security Countermeasures – Attackers could still perform reverse lookups against all IP addresses for a given net block – So, external nameservers should provide information only about systems directly connected to the Internet
Step 6: Network Reconnaissance Traceroute – Can find route to target, locate firewalls, routers, etc. Windows Tracert uses ICMP Linux Traceroute uses UDP by default
Tracert
NeoTrace NeoTrace combines Tracert and Whois to make a visual map (link Ch 1z2)
Step 6: Network Reconnaissance Cain & Abel has a customizable Traceroute function that lets you use any TCP or UCP port, or ICMP – Link Ch 1z4 – But it didn't work when I tried it on XP or Vista
Step 6: Network Reconnaissance Firewalk uses traceroute techniques to find ports and protocols that get past firewalls We will discuss Firewalk later (Chapter 11)
Step 6: Network Reconnaissance Countermeasures – Many of the commercial network intrusion- detection systems (NIDS) and intrusion prevention systems (IPS) will detect this type of network reconnaissance – Snort – the standard IDS(link Ch 1z5) – RotoRouter – Detects traceroutes and sends fake responses (link Ch 1z6)
Step 6: Network Reconnaissance Countermeasures – You may be able to configure your border routers to limit ICMP and UDP traffic to specific systems, thus minimizing your exposure – Last modified 1-21-08

Recommended

Hacking Fundamentals - Jen Johnson , Miria Grunick
Hacking Fundamentals - Jen Johnson , Miria GrunickHacking Fundamentals - Jen Johnson , Miria Grunick
Hacking Fundamentals - Jen Johnson , Miria Grunickamiable_indian
 
Module 2 Foot Printing
Module 2 Foot PrintingModule 2 Foot Printing
Module 2 Foot Printingleminhvuong
 
footscan.PPT
footscan.PPTfootscan.PPT
footscan.PPTssuserec53e73
 
Intro To Hacking
Intro To HackingIntro To Hacking
Intro To Hackingnayakslideshare
 
Reconnaissance - For pentesting and user awareness
Reconnaissance - For pentesting and user awarenessReconnaissance - For pentesting and user awareness
Reconnaissance - For pentesting and user awarenessLeon Teale
 
technical-information-gathering-slides.pdf
technical-information-gathering-slides.pdftechnical-information-gathering-slides.pdf
technical-information-gathering-slides.pdfMarceloCunha571649
 
Footprinting-and-the-basics-of-hacking
Footprinting-and-the-basics-of-hackingFootprinting-and-the-basics-of-hacking
Footprinting-and-the-basics-of-hackingSathishkumar A
 
Footprinting LAB SETUP GUIDE.pdf
Footprinting LAB SETUP GUIDE.pdfFootprinting LAB SETUP GUIDE.pdf
Footprinting LAB SETUP GUIDE.pdfsdfghj21
 

Recommended

Hacking Fundamentals - Jen Johnson , Miria Grunick
Hacking Fundamentals - Jen Johnson , Miria GrunickHacking Fundamentals - Jen Johnson , Miria Grunick
Hacking Fundamentals - Jen Johnson , Miria Grunickamiable_indian
 
Module 2 Foot Printing
Module 2 Foot PrintingModule 2 Foot Printing
Module 2 Foot Printingleminhvuong
 
footscan.PPT
footscan.PPTfootscan.PPT
footscan.PPTssuserec53e73
 
Intro To Hacking
Intro To HackingIntro To Hacking
Intro To Hackingnayakslideshare
 
Reconnaissance - For pentesting and user awareness
Reconnaissance - For pentesting and user awarenessReconnaissance - For pentesting and user awareness
Reconnaissance - For pentesting and user awarenessLeon Teale
 
technical-information-gathering-slides.pdf
technical-information-gathering-slides.pdftechnical-information-gathering-slides.pdf
technical-information-gathering-slides.pdfMarceloCunha571649
 
Footprinting-and-the-basics-of-hacking
Footprinting-and-the-basics-of-hackingFootprinting-and-the-basics-of-hacking
Footprinting-and-the-basics-of-hackingSathishkumar A
 
Footprinting LAB SETUP GUIDE.pdf
Footprinting LAB SETUP GUIDE.pdfFootprinting LAB SETUP GUIDE.pdf
Footprinting LAB SETUP GUIDE.pdfsdfghj21
 
Reconnaissance & Scanning
Reconnaissance & ScanningReconnaissance & Scanning
Reconnaissance & Scanningamiable_indian
 
Infrastructure Tracking with Passive Monitoring and Active Probing: ShmooCon ...
Infrastructure Tracking with Passive Monitoring and Active Probing: ShmooCon ...Infrastructure Tracking with Passive Monitoring and Active Probing: ShmooCon ...
Infrastructure Tracking with Passive Monitoring and Active Probing: ShmooCon ...OpenDNS
 
Modul 2 - Footprinting Scanning Enumeration.ppt
Modul 2 - Footprinting Scanning Enumeration.pptModul 2 - Footprinting Scanning Enumeration.ppt
Modul 2 - Footprinting Scanning Enumeration.pptcemporku
 
modul2-footprintingscanningenumeration.pdf
modul2-footprintingscanningenumeration.pdfmodul2-footprintingscanningenumeration.pdf
modul2-footprintingscanningenumeration.pdftehkotak4
 
Hhs en05 system_identification
Hhs en05 system_identificationHhs en05 system_identification
Hhs en05 system_identificationShoaib Sheikh
 
Penetration Testing Boot CAMP
Penetration Testing Boot CAMPPenetration Testing Boot CAMP
Penetration Testing Boot CAMPShaikh Jamal Uddin l CISM, QRadar, Hack Card Recovery Expert
 
Regional Internet Registry and Whois
Regional Internet Registry and WhoisRegional Internet Registry and Whois
Regional Internet Registry and WhoisAPNIC
 
Hacking 1224807880385377-9
Hacking 1224807880385377-9Hacking 1224807880385377-9
Hacking 1224807880385377-9Geoff Pesimo
 
Open source network forensics and advanced pcap analysis
Open source network forensics and advanced pcap analysisOpen source network forensics and advanced pcap analysis
Open source network forensics and advanced pcap analysisGTKlondike
 
Reconnaissance
ReconnaissanceReconnaissance
Reconnaissancemaroti164
 
Owasp modern information gathering
Owasp modern information gatheringOwasp modern information gathering
Owasp modern information gatheringKZA
 
Hacking
HackingHacking
Hackingrameswara reddy venkat
 
Hacking
HackingHacking
HackingRoshan Chaudhary
 
Module 5 Sniffers
Module 5 SniffersModule 5 Sniffers
Module 5 Sniffersleminhvuong
 
Hacking
HackingHacking
HackingSweta Leena Panda
 
Incident Response: Validation, Containment & Forensics
Incident Response: Validation, Containment & Forensics Incident Response: Validation, Containment & Forensics
Incident Response: Validation, Containment & ForensicsPriyanka Aash
 
Network security
Network securityNetwork security
Network securityGreater Noida Institute Of Technology
 
Content Navigation
Content NavigationContent Navigation
Content Navigationsanjoysanyal
 
Hacking tutorial
Hacking tutorialHacking tutorial
Hacking tutorialMSA Technosoft
 
Ch04 Footprinting and Social Engineering
Ch04 Footprinting and Social EngineeringCh04 Footprinting and Social Engineering
Ch04 Footprinting and Social Engineeringphanleson
 
Internal_Research_Supervisors_June.2022.pdf
Internal_Research_Supervisors_June.2022.pdfInternal_Research_Supervisors_June.2022.pdf
Internal_Research_Supervisors_June.2022.pdfmeghana092
 
Unit 3 JAVA Script.pptx
Unit 3 JAVA Script.pptxUnit 3 JAVA Script.pptx
Unit 3 JAVA Script.pptxmeghana092
 

More Related Content

Similar to ch01.ppt

Reconnaissance & Scanning
Reconnaissance & ScanningReconnaissance & Scanning
Reconnaissance & Scanningamiable_indian
 
Infrastructure Tracking with Passive Monitoring and Active Probing: ShmooCon ...
Infrastructure Tracking with Passive Monitoring and Active Probing: ShmooCon ...Infrastructure Tracking with Passive Monitoring and Active Probing: ShmooCon ...
Infrastructure Tracking with Passive Monitoring and Active Probing: ShmooCon ...OpenDNS
 
Modul 2 - Footprinting Scanning Enumeration.ppt
Modul 2 - Footprinting Scanning Enumeration.pptModul 2 - Footprinting Scanning Enumeration.ppt
Modul 2 - Footprinting Scanning Enumeration.pptcemporku
 
modul2-footprintingscanningenumeration.pdf
modul2-footprintingscanningenumeration.pdfmodul2-footprintingscanningenumeration.pdf
modul2-footprintingscanningenumeration.pdftehkotak4
 
Hhs en05 system_identification
Hhs en05 system_identificationHhs en05 system_identification
Hhs en05 system_identificationShoaib Sheikh
 
Regional Internet Registry and Whois
Regional Internet Registry and WhoisRegional Internet Registry and Whois
Regional Internet Registry and WhoisAPNIC
 
Hacking 1224807880385377-9
Hacking 1224807880385377-9Hacking 1224807880385377-9
Hacking 1224807880385377-9Geoff Pesimo
 
Open source network forensics and advanced pcap analysis
Open source network forensics and advanced pcap analysisOpen source network forensics and advanced pcap analysis
Open source network forensics and advanced pcap analysisGTKlondike
 
Reconnaissance
ReconnaissanceReconnaissance
Reconnaissancemaroti164
 
Owasp modern information gathering
Owasp modern information gatheringOwasp modern information gathering
Owasp modern information gatheringKZA
 
Module 5 Sniffers
Module 5 SniffersModule 5 Sniffers
Module 5 Sniffersleminhvuong
 
Incident Response: Validation, Containment & Forensics
Incident Response: Validation, Containment & Forensics Incident Response: Validation, Containment & Forensics
Incident Response: Validation, Containment & ForensicsPriyanka Aash
 
Content Navigation
Content NavigationContent Navigation
Content Navigationsanjoysanyal
 
Ch04 Footprinting and Social Engineering
Ch04 Footprinting and Social EngineeringCh04 Footprinting and Social Engineering
Ch04 Footprinting and Social Engineeringphanleson
 

Similar to ch01.ppt (20)

Reconnaissance & Scanning
Reconnaissance & ScanningReconnaissance & Scanning
Reconnaissance & Scanning
 
Infrastructure Tracking with Passive Monitoring and Active Probing: ShmooCon ...
Infrastructure Tracking with Passive Monitoring and Active Probing: ShmooCon ...Infrastructure Tracking with Passive Monitoring and Active Probing: ShmooCon ...
Infrastructure Tracking with Passive Monitoring and Active Probing: ShmooCon ...
 
Modul 2 - Footprinting Scanning Enumeration.ppt
Modul 2 - Footprinting Scanning Enumeration.pptModul 2 - Footprinting Scanning Enumeration.ppt
Modul 2 - Footprinting Scanning Enumeration.ppt
 
modul2-footprintingscanningenumeration.pdf
modul2-footprintingscanningenumeration.pdfmodul2-footprintingscanningenumeration.pdf
modul2-footprintingscanningenumeration.pdf
 
Hhs en05 system_identification
Hhs en05 system_identificationHhs en05 system_identification
Hhs en05 system_identification
 
Penetration Testing Boot CAMP
Penetration Testing Boot CAMPPenetration Testing Boot CAMP
Penetration Testing Boot CAMP
 
Regional Internet Registry and Whois
Regional Internet Registry and WhoisRegional Internet Registry and Whois
Regional Internet Registry and Whois
 
Hacking 1224807880385377-9
Hacking 1224807880385377-9Hacking 1224807880385377-9
Hacking 1224807880385377-9
 
Open source network forensics and advanced pcap analysis
Open source network forensics and advanced pcap analysisOpen source network forensics and advanced pcap analysis
Open source network forensics and advanced pcap analysis
 
Reconnaissance
ReconnaissanceReconnaissance
Reconnaissance
 
Owasp modern information gathering
Owasp modern information gatheringOwasp modern information gathering
Owasp modern information gathering
 
Hacking
HackingHacking
Hacking
 
Hacking
HackingHacking
Hacking
 
Module 5 Sniffers
Module 5 SniffersModule 5 Sniffers
Module 5 Sniffers
 
Hacking
HackingHacking
Hacking
 
Incident Response: Validation, Containment & Forensics
Incident Response: Validation, Containment & Forensics Incident Response: Validation, Containment & Forensics
Incident Response: Validation, Containment & Forensics
 
Network security
Network securityNetwork security
Network security
 
Content Navigation
Content NavigationContent Navigation
Content Navigation
 
Hacking tutorial
Hacking tutorialHacking tutorial
Hacking tutorial
 
Ch04 Footprinting and Social Engineering
Ch04 Footprinting and Social EngineeringCh04 Footprinting and Social Engineering
Ch04 Footprinting and Social Engineering
 

More from meghana092

Internal_Research_Supervisors_June.2022.pdf
Internal_Research_Supervisors_June.2022.pdfInternal_Research_Supervisors_June.2022.pdf
Internal_Research_Supervisors_June.2022.pdfmeghana092
 
Unit 3 JAVA Script.pptx
Unit 3 JAVA Script.pptxUnit 3 JAVA Script.pptx
Unit 3 JAVA Script.pptxmeghana092
 
Unit III CSS & JAVA Script.pdf
Unit III CSS & JAVA Script.pdfUnit III CSS & JAVA Script.pdf
Unit III CSS & JAVA Script.pdfmeghana092
 
ACA-Lect10.pptx
ACA-Lect10.pptxACA-Lect10.pptx
ACA-Lect10.pptxmeghana092
 
Week 1 Lec 1-5 with watermarking.pdf
Week 1 Lec 1-5 with watermarking.pdfWeek 1 Lec 1-5 with watermarking.pdf
Week 1 Lec 1-5 with watermarking.pdfmeghana092
 

More from meghana092 (6)

Internal_Research_Supervisors_June.2022.pdf
Internal_Research_Supervisors_June.2022.pdfInternal_Research_Supervisors_June.2022.pdf
Internal_Research_Supervisors_June.2022.pdf
 
Unit 3 JAVA Script.pptx
Unit 3 JAVA Script.pptxUnit 3 JAVA Script.pptx
Unit 3 JAVA Script.pptx
 
Unit III CSS & JAVA Script.pdf
Unit III CSS & JAVA Script.pdfUnit III CSS & JAVA Script.pdf
Unit III CSS & JAVA Script.pdf
 
Unit 1.pptx
Unit 1.pptxUnit 1.pptx
Unit 1.pptx
 
ACA-Lect10.pptx
ACA-Lect10.pptxACA-Lect10.pptx
ACA-Lect10.pptx
 
Week 1 Lec 1-5 with watermarking.pdf
Week 1 Lec 1-5 with watermarking.pdfWeek 1 Lec 1-5 with watermarking.pdf
Week 1 Lec 1-5 with watermarking.pdf
 

Recently uploaded

Log your LOA pain with Pension Lab's brilliant campaign
Log your LOA pain with Pension Lab's brilliant campaignLog your LOA pain with Pension Lab's brilliant campaign
Log your LOA pain with Pension Lab's brilliant campaignHenry Tapper
 
Instant Issue Debit Cards - School Designs
Instant Issue Debit Cards - School DesignsInstant Issue Debit Cards - School Designs
Instant Issue Debit Cards - School Designsegoetzinger
 
Call Girls Service Nagpur Maya Call 7001035870 Meet With Nagpur Escorts
Call Girls Service Nagpur Maya Call 7001035870 Meet With Nagpur EscortsCall Girls Service Nagpur Maya Call 7001035870 Meet With Nagpur Escorts
Call Girls Service Nagpur Maya Call 7001035870 Meet With Nagpur Escortsranjana rawat
 
The Economic History of the U.S. Lecture 18.pdf
The Economic History of the U.S. Lecture 18.pdfThe Economic History of the U.S. Lecture 18.pdf
The Economic History of the U.S. Lecture 18.pdfGale Pooley
 
How Automation is Driving Efficiency Through the Last Mile of Reporting
How Automation is Driving Efficiency Through the Last Mile of ReportingHow Automation is Driving Efficiency Through the Last Mile of Reporting
How Automation is Driving Efficiency Through the Last Mile of ReportingAggregage
 
03_Emmanuel Ndiaye_Degroof Petercam.pptx
03_Emmanuel Ndiaye_Degroof Petercam.pptx03_Emmanuel Ndiaye_Degroof Petercam.pptx
03_Emmanuel Ndiaye_Degroof Petercam.pptxFinTech Belgium
 
20240429 Calibre April 2024 Investor Presentation.pdf
20240429 Calibre April 2024 Investor Presentation.pdf20240429 Calibre April 2024 Investor Presentation.pdf
20240429 Calibre April 2024 Investor Presentation.pdfAdnet Communications
 
VVIP Pune Call Girls Katraj (7001035870) Pune Escorts Nearby with Complete Sa...
VVIP Pune Call Girls Katraj (7001035870) Pune Escorts Nearby with Complete Sa...VVIP Pune Call Girls Katraj (7001035870) Pune Escorts Nearby with Complete Sa...
VVIP Pune Call Girls Katraj (7001035870) Pune Escorts Nearby with Complete Sa...Call Girls in Nagpur High Profile
 
Bladex Earnings Call Presentation 1Q2024
Bladex Earnings Call Presentation 1Q2024Bladex Earnings Call Presentation 1Q2024
Bladex Earnings Call Presentation 1Q2024Bladex
 
fca-bsps-decision-letter-redacted (1).pdf
fca-bsps-decision-letter-redacted (1).pdffca-bsps-decision-letter-redacted (1).pdf
fca-bsps-decision-letter-redacted (1).pdfHenry Tapper
 
06_Joeri Van Speybroek_Dell_MeetupDora&Cybersecurity.pdf
06_Joeri Van Speybroek_Dell_MeetupDora&Cybersecurity.pdf06_Joeri Van Speybroek_Dell_MeetupDora&Cybersecurity.pdf
06_Joeri Van Speybroek_Dell_MeetupDora&Cybersecurity.pdfFinTech Belgium
 
(ANIKA) Budhwar Peth Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(ANIKA) Budhwar Peth Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...(ANIKA) Budhwar Peth Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(ANIKA) Budhwar Peth Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...ranjana rawat
 
Lundin Gold April 2024 Corporate Presentation v4.pdf
Lundin Gold April 2024 Corporate Presentation v4.pdfLundin Gold April 2024 Corporate Presentation v4.pdf
Lundin Gold April 2024 Corporate Presentation v4.pdfAdnet Communications
 
Instant Issue Debit Cards - High School Spirit
Instant Issue Debit Cards - High School SpiritInstant Issue Debit Cards - High School Spirit
Instant Issue Debit Cards - High School Spiritegoetzinger
 
Independent Lucknow Call Girls 8923113531WhatsApp Lucknow Call Girls make you...
Independent Lucknow Call Girls 8923113531WhatsApp Lucknow Call Girls make you...Independent Lucknow Call Girls 8923113531WhatsApp Lucknow Call Girls make you...
Independent Lucknow Call Girls 8923113531WhatsApp Lucknow Call Girls make you...makika9823
 
VIP Call Girls LB Nagar ( Hyderabad ) Phone 8250192130 | ₹5k To 25k With Room...
VIP Call Girls LB Nagar ( Hyderabad ) Phone 8250192130 | ₹5k To 25k With Room...VIP Call Girls LB Nagar ( Hyderabad ) Phone 8250192130 | ₹5k To 25k With Room...
VIP Call Girls LB Nagar ( Hyderabad ) Phone 8250192130 | ₹5k To 25k With Room...Suhani Kapoor
 
High Class Call Girls Nagpur Grishma Call 7001035870 Meet With Nagpur Escorts
High Class Call Girls Nagpur Grishma Call 7001035870 Meet With Nagpur EscortsHigh Class Call Girls Nagpur Grishma Call 7001035870 Meet With Nagpur Escorts
High Class Call Girls Nagpur Grishma Call 7001035870 Meet With Nagpur Escortsranjana rawat
 
letter-from-the-chair-to-the-fca-relating-to-british-steel-pensions-scheme-15...
letter-from-the-chair-to-the-fca-relating-to-british-steel-pensions-scheme-15...letter-from-the-chair-to-the-fca-relating-to-british-steel-pensions-scheme-15...
letter-from-the-chair-to-the-fca-relating-to-british-steel-pensions-scheme-15...Henry Tapper
 
VIP Kolkata Call Girl Serampore 👉 8250192130 Available With Room
VIP Kolkata Call Girl Serampore 👉 8250192130 Available With RoomVIP Kolkata Call Girl Serampore 👉 8250192130 Available With Room
VIP Kolkata Call Girl Serampore 👉 8250192130 Available With Roomdivyansh0kumar0
 
Vip B Aizawl Call Girls #9907093804 Contact Number Escorts Service Aizawl
Vip B Aizawl Call Girls #9907093804 Contact Number Escorts Service AizawlVip B Aizawl Call Girls #9907093804 Contact Number Escorts Service Aizawl
Vip B Aizawl Call Girls #9907093804 Contact Number Escorts Service Aizawlmakika9823
 

Recently uploaded (20)

Log your LOA pain with Pension Lab's brilliant campaign
Log your LOA pain with Pension Lab's brilliant campaignLog your LOA pain with Pension Lab's brilliant campaign
Log your LOA pain with Pension Lab's brilliant campaign
 
Instant Issue Debit Cards - School Designs
Instant Issue Debit Cards - School DesignsInstant Issue Debit Cards - School Designs
Instant Issue Debit Cards - School Designs
 
Call Girls Service Nagpur Maya Call 7001035870 Meet With Nagpur Escorts
Call Girls Service Nagpur Maya Call 7001035870 Meet With Nagpur EscortsCall Girls Service Nagpur Maya Call 7001035870 Meet With Nagpur Escorts
Call Girls Service Nagpur Maya Call 7001035870 Meet With Nagpur Escorts
 
The Economic History of the U.S. Lecture 18.pdf
The Economic History of the U.S. Lecture 18.pdfThe Economic History of the U.S. Lecture 18.pdf
The Economic History of the U.S. Lecture 18.pdf
 
How Automation is Driving Efficiency Through the Last Mile of Reporting
How Automation is Driving Efficiency Through the Last Mile of ReportingHow Automation is Driving Efficiency Through the Last Mile of Reporting
How Automation is Driving Efficiency Through the Last Mile of Reporting
 
03_Emmanuel Ndiaye_Degroof Petercam.pptx
03_Emmanuel Ndiaye_Degroof Petercam.pptx03_Emmanuel Ndiaye_Degroof Petercam.pptx
03_Emmanuel Ndiaye_Degroof Petercam.pptx
 
20240429 Calibre April 2024 Investor Presentation.pdf
20240429 Calibre April 2024 Investor Presentation.pdf20240429 Calibre April 2024 Investor Presentation.pdf
20240429 Calibre April 2024 Investor Presentation.pdf
 
VVIP Pune Call Girls Katraj (7001035870) Pune Escorts Nearby with Complete Sa...
VVIP Pune Call Girls Katraj (7001035870) Pune Escorts Nearby with Complete Sa...VVIP Pune Call Girls Katraj (7001035870) Pune Escorts Nearby with Complete Sa...
VVIP Pune Call Girls Katraj (7001035870) Pune Escorts Nearby with Complete Sa...
 
Bladex Earnings Call Presentation 1Q2024
Bladex Earnings Call Presentation 1Q2024Bladex Earnings Call Presentation 1Q2024
Bladex Earnings Call Presentation 1Q2024
 
fca-bsps-decision-letter-redacted (1).pdf
fca-bsps-decision-letter-redacted (1).pdffca-bsps-decision-letter-redacted (1).pdf
fca-bsps-decision-letter-redacted (1).pdf
 
06_Joeri Van Speybroek_Dell_MeetupDora&Cybersecurity.pdf
06_Joeri Van Speybroek_Dell_MeetupDora&Cybersecurity.pdf06_Joeri Van Speybroek_Dell_MeetupDora&Cybersecurity.pdf
06_Joeri Van Speybroek_Dell_MeetupDora&Cybersecurity.pdf
 
(ANIKA) Budhwar Peth Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(ANIKA) Budhwar Peth Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...(ANIKA) Budhwar Peth Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
(ANIKA) Budhwar Peth Call Girls Just Call 7001035870 [ Cash on Delivery ] Pun...
 
Lundin Gold April 2024 Corporate Presentation v4.pdf
Lundin Gold April 2024 Corporate Presentation v4.pdfLundin Gold April 2024 Corporate Presentation v4.pdf
Lundin Gold April 2024 Corporate Presentation v4.pdf
 
Instant Issue Debit Cards - High School Spirit
Instant Issue Debit Cards - High School SpiritInstant Issue Debit Cards - High School Spirit
Instant Issue Debit Cards - High School Spirit
 
Independent Lucknow Call Girls 8923113531WhatsApp Lucknow Call Girls make you...
Independent Lucknow Call Girls 8923113531WhatsApp Lucknow Call Girls make you...Independent Lucknow Call Girls 8923113531WhatsApp Lucknow Call Girls make you...
Independent Lucknow Call Girls 8923113531WhatsApp Lucknow Call Girls make you...
 
VIP Call Girls LB Nagar ( Hyderabad ) Phone 8250192130 | ₹5k To 25k With Room...
VIP Call Girls LB Nagar ( Hyderabad ) Phone 8250192130 | ₹5k To 25k With Room...VIP Call Girls LB Nagar ( Hyderabad ) Phone 8250192130 | ₹5k To 25k With Room...
VIP Call Girls LB Nagar ( Hyderabad ) Phone 8250192130 | ₹5k To 25k With Room...
 
High Class Call Girls Nagpur Grishma Call 7001035870 Meet With Nagpur Escorts
High Class Call Girls Nagpur Grishma Call 7001035870 Meet With Nagpur EscortsHigh Class Call Girls Nagpur Grishma Call 7001035870 Meet With Nagpur Escorts
High Class Call Girls Nagpur Grishma Call 7001035870 Meet With Nagpur Escorts
 
letter-from-the-chair-to-the-fca-relating-to-british-steel-pensions-scheme-15...
letter-from-the-chair-to-the-fca-relating-to-british-steel-pensions-scheme-15...letter-from-the-chair-to-the-fca-relating-to-british-steel-pensions-scheme-15...
letter-from-the-chair-to-the-fca-relating-to-british-steel-pensions-scheme-15...
 
VIP Kolkata Call Girl Serampore 👉 8250192130 Available With Room
VIP Kolkata Call Girl Serampore 👉 8250192130 Available With RoomVIP Kolkata Call Girl Serampore 👉 8250192130 Available With Room
VIP Kolkata Call Girl Serampore 👉 8250192130 Available With Room
 
Vip B Aizawl Call Girls #9907093804 Contact Number Escorts Service Aizawl
Vip B Aizawl Call Girls #9907093804 Contact Number Escorts Service AizawlVip B Aizawl Call Girls #9907093804 Contact Number Escorts Service Aizawl
Vip B Aizawl Call Girls #9907093804 Contact Number Escorts Service Aizawl
 

ch01.ppt

  • 2. Google Hacking Find sensitive data about a company from Google Completely stealthy—you never send a single packet to the target (if you view the cache) To find passwords: – intitle:"Index of" passwd passwd.bak See links Ch 1a, 1b on my Web page (samsclass.info, click CNIT 124)
  • 3. Other fun searches Nessus reports (link Ch 1c) More passwords (link Ch 1d)
  • 4. Be The Bot See pages the way Google's bot sees them
  • 5. Custom User Agents Add the "User Agent Switcher" Firefox Extension Try this Nokia one for fun More in Project 2
  • 6. Footprinting Gathering target information "If you know the enemy and know yourself, you need not fear the result of a hundred battles. If you know yourself but not the enemy, for every victory gained you will also suffer a defeat. If you know neither the enemy nor yourself, you will succumb in every battle." – Sun Tzu on the Art of War
  • 7. Environments and the Critical Information Attackers Can Identify Internet Presence Intranet Remote Access (travelling employees) Extranet (vendors and business partners)
  • 8. Internet Domain name Network blocks Specific IP addresses of systems reachable via the Internet TCP and UDP services running on each system identified System architecture (for example, Sparc vs. x 86) Access control mechanisms and related access control lists (ACLs) Intrusion-detection systems (IDSs) System enumeration (user and group names, system banners, routing tables, and SNMP information) DNS hostnames
  • 9. Intranet Networking protocols in use (for example, IP, IPX, DecNET, and so on) Internal domain names Network blocks Specific IP addresses of systems reachable via the intranet TCP and UDP services running on each system identified System architecture (for example, SPARC vs. x 86) Access control mechanisms and related ACLs Intrusion-detection systems System enumeration (user and group names, system banners, routing tables, and SNMP information)
  • 10. Remote access Analog/digital telephone numbers Remote system type Authentication mechanisms VPNs and related protocols (IPSec and PPTP)
  • 11. Extranet Connection origination and destination Type of connection Access control mechanism
  • 12. Internet Footprinting Step 1: Determine the Scope of Your Activities Step 2: Get Proper Authorization Step 3: Publicly Available Information Step 4: WHOIS & DNS Enumeration Step 5: DNS Interrogation Step 6: Network Reconnaissance
  • 13. Step 1: Determine the Scope of Your Activities Entire organization Certain locations Business partner connections (extranets) Disaster-recovery sites
  • 14. Step 2: Get Proper Authorization Ethical Hackers must have authorization in writing for their activities – "Get Out of Jail Free" card – Criminals omit this step Image from www.blackhatseo.fr
  • 15. Step 3: Publicly Available Information Company web pages – Wget and Teleport Pro are good tools to mirror Web sites for local analysis (links Ch 1o & 1p) – Look for other sites beyond "www" – Outlook Web Access https://owa.company.com or https://outlook.company.com – Virtual Private Networks http://vpn.company.com or http://www.company.com/vpn
  • 16. Step 3: Publicly Available Information Related Organizations Physical Address – Dumpster-diving – Surveillance – Social Engineering Tool: Google Earth (link Ch 1q)
  • 17. Step 3: Publicly Available Information Phone Numbers, Contact Names, E-mail Addresses, and Personal Details Current Events – Mergers, scandals, layoffs, etc. create security holes Privacy or Security Policies, and Technical Details Indicating the Types of Security Mechanisms in Place
  • 18. Step 3: Publicly Available Information Archived Information – The Wayback Machine (link Ch 1t) – Google Cache Disgruntled Employees Search Engines – SiteDigger seems to be out of date—I tried to get it to work with a Google AJAX key but it doesn't – Wikto is an alternative that might still work (link Ch 1u)
  • 19. Step 3: Publicly Available Information Usenet – Groups.google.com Resumes
  • 20. Step 4: WHOIS & DNS Enumeration Two organizations manage domain names, IP addresses, protocols and port numbers on the Internet – Internet Assigned Numbers Authority (IANA; http://www.iana.org) – Internet Corporation for Assigned Names and Numbers (ICANN; http://www.icann.org) – IANA still handles much of the day-to-day operations, but these will eventually be transitioned to ICANN
  • 21. Step 4: WHOIS & DNS Enumeration Domain-Related Searches – Every domain name, like msn.com, has a top- level domain - .com, .net, .org, etc. If we surf to http://whois.iana.org, we can search for the authoritative registry for all of .com – .com is managed by Verisign
  • 22. Step 4: WHOIS & DNS Enumeration
  • 23. Step 4: WHOIS & DNS Enumeration Verisign Whois (link Ch 1v) – Search for ccsf.edu and it gives the Registrar Whois.educause.net Three steps: – Authoritative Registry for top-level domain – Domain Registrar – Finds the Registrant
  • 24. Step 4: WHOIS & DNS Enumeration Automated tools do all three steps – Whois.com – Sam Spade – Netscan Tools Pro They are not perfect. Sometimes you need to do the three-step process manually.
  • 25. Step 4: WHOIS & DNS Enumeration Once you've homed in on the correct WHOIS server for your target, you may be able to perform other searches if the registrar allows it You may be able to find all the domains that a particular DNS server hosts, for instance, or any domain name that contains a certain string – BUT a court decision in South Dakota just declared this illegal (link Ch 1o)
  • 26. Step 4: WHOIS & DNS Enumeration How IP addresses are assigned: – The Address Supporting Organization (ASO http://www.aso.icann.org) allocates IP address blocks to – Regional Internet Registries (RIRs), which then allocate IPs to organizations, Internet service providers (ISPs), etc. – ARIN (http://www.arin.net) is the RIR for North and South America
  • 27. Step 4: WHOIS & DNS Enumeration IP-Related Searches – To track down an IP address: Use arin.net (link Ch 1x) It may refer you to a different database Examples: – 147.144.1.1 – 61.0.0.2
  • 28. Step 4: WHOIS & DNS Enumeration IP-Related Searches – Search by company name at arin.net to find IP ranges, and AS numbers – AS numbers are used by BGP (Border Gateway Protocol) to prevent routing loops on Internet routers (link Ch 1y) – Examples: Google, CCSF
  • 29. Step 4: WHOIS & DNS Enumeration Administrative contact gives you name, voice and fax numbers Useful for social engineering Authoritative DNS Server can be used for Zone Transfer attempts – But Zone Transfers may be illegal now (link Ch 1s)
  • 30. Step 4: WHOIS & DNS Enumeration Public Database Security Countermeasures – When an administrator leaves an organization, update the registration database – That prevents an ex-employee from changing domain information – You could also put in fake "honeytrap" data in the registration eBay's domain was hijacked (link Ch 1z1)
  • 31. Step 5: DNS Interrogation Zone Transfers – Gives you a list of all the hosts when it works – Usually blocked, and maybe even illegal now – Demonstration (with Ubuntu) dig soa hackthissite.org – ANSWER shows SOA is dns1.nettica.com dig @ dns1.nettica.com hackthissite.org axfr
  • 32. Step 5: DNS Interrogation Determine Mail Exchange (MX) Records – You can do it on Windows with NSLOOKUP in Interactive mode
  • 33. Step 5: DNS Interrogation DNS Security Countermeasures – Restrict zone transfers to only authorized servers – You can also block them at the firewall DNS name lookups are UDP Port 53 Zone transfers are TCP Port 53
  • 34. Step 5: DNS Interrogation DNS Security Countermeasures – Attackers could still perform reverse lookups against all IP addresses for a given net block – So, external nameservers should provide information only about systems directly connected to the Internet
  • 35. Step 6: Network Reconnaissance Traceroute – Can find route to target, locate firewalls, routers, etc. Windows Tracert uses ICMP Linux Traceroute uses UDP by default
  • 37. NeoTrace NeoTrace combines Tracert and Whois to make a visual map (link Ch 1z2)
  • 38. Step 6: Network Reconnaissance Cain & Abel has a customizable Traceroute function that lets you use any TCP or UCP port, or ICMP – Link Ch 1z4 – But it didn't work when I tried it on XP or Vista
  • 39. Step 6: Network Reconnaissance Firewalk uses traceroute techniques to find ports and protocols that get past firewalls We will discuss Firewalk later (Chapter 11)
  • 40. Step 6: Network Reconnaissance Countermeasures – Many of the commercial network intrusion- detection systems (NIDS) and intrusion prevention systems (IPS) will detect this type of network reconnaissance – Snort – the standard IDS(link Ch 1z5) – RotoRouter – Detects traceroutes and sends fake responses (link Ch 1z6)
  • 41. Step 6: Network Reconnaissance Countermeasures – You may be able to configure your border routers to limit ICMP and UDP traffic to specific systems, thus minimizing your exposure – Last modified 1-21-08