SlideShare a Scribd company logo

Information gathering using windows command line utility

Download as PPTX, PDF
Vishal Kumar
Vishal Kumar

Information Gathering using Windows Command Line Utility. advance uses of command prompt, ping, trace route, finding the frame size, TTL, etc.

Education
1 of 22
Information Gathering using Windows Command Line Utility By: Vishal Kumar (CEH | CHFI | CISE | MCP) Lab - 1
Windows offers several powerful command line utilities that help attackers as well as Ethical Hackers and pen testers to gather open source information about the target of the evaluation. Overview of Window’s Command Line Utility.
 As a professional Ethical Hacker or Pen Tester, your first step will be to check for the reachability of a computer in the target network. Operating systems offers serval utilities that you can readily use for primary information-gathering. Windows command-line utilities such as Ping, Nslookup, and tracert gather important information like IP address, maximum Packet Frame size, etc. about a target network or system that form a base of security assessment and pen test. Lab Scenario
 This lab demonstrate how to use ping, Nslookup, and tracert utilities to gather information about a target. The lab teaches how to:  Use ping utilities to find the IP address of a target domain.  Use ping utility to emulate the tracert (traceroute) command  Find the maximum frame size for the network .  Identify Internet Control Message (ICMP) type and code for echo request and echo reply packets. Lab Objective
 Open the command prompt and type the following command: Ping www.theprohackers.in  Here you can see the response of ping command and the IP address of the target that is: 184.168.221.33 1. Finding IP Address of Target Domain
 PING stand for Packet Internet Groper.  Ping command syntax: ping [-q] [-v] [-R] [-c count] [-i Ward] [-s PacketSize] Host.  For the command, ping –c count, specify the number of echo request to send. 2. Finding the Maximum Frame Size of the Target Domain.  Now, find the maximum frame size on the network using the command utility.  Open the command prompt and type the command: ping www.theprohackers.in –f –l 1500
 The response, Packet needs to be fragmented but the DF set, means that the frame is too large to be on the network and need to be fragmented. Since we use the –f switch with the ping command, the packet was not sent, and return this error. Note:- -f switch sets the Do Not Fragment bit on the ping packet. By default, the ping packets allows fragmentation.  Try the different combination of packet size with the ping command until you get the echo reply. Note:- in the ping command, the –l size option means to send the buffer size.
 Observe the maximum packet size is less then 1500 bytes.  Now, try different values until you find the maximum frame size. Note:- The maximum frame size will differ depending upon the target network.
 Every frame on the network has TTL (Time to Live) defined. If TTL reach's 0, the router discard the packets. This mechanism prevents the loss of packets.  Type the command: ping www.theprohackers.in –i 3. this option sets Time to Live (-i) value as 3. Note:- The maximum value you can set for TTL is 255. 3. Now find what happen when the TTL (Time to Live) expires.
 Reply from the target: TTL expired in transit means the router (10.228.21.22) discard the frame, because the TTL has expired (reached 0).  Try the different value of TTL until you get the echo reply from the target.
 Here I find the echo reply when the TTL value in 50. try the different combination of TTL value until you can find the maximum value of TTL on the target network. Note:- In the ping command –n switch used to specify the number of packets to be sent (i.e. -n 2). 4. Emulate Tracert.
 Launch the command prompt and type the command: tracert www.theprohackers.in 
 So here is the output of the tracert command.  As you can see in the above snapshot, tracert command displays the complete route from the attacker machine to the target machine with the IP address and location. 5. Finding the Details using Nslookup command.
 Open the Run and type Nslookup and press Enter. This will open the command prompt with the nslooup with the Default server (DNS) name and Default Address (Address of DNS). 5.1 Obtaining IP Address of the Target Domain.  In the nslookup interactive mode, type set type=a and press Enter. Setting the type a configures nslookup to query for the IP address of a given domain.  Type the target domain www.theprohackers.in and press enter. This resolve the IP address and displays the result as shown.
5.2 Finding Cname of the Target Domain.  Type set type=cname and press enter. Note:-The CNAME lookup is done directly against the domain’s authoritative name server and list the CNAME records for the domain.
 Type the target domain www.theprohackers.in and hit enter. This will return the domain's authoritative name servers, along with the mail server address as shown in the below screenshot.
 Open the nslookup interactive mode and type set type=soa and hit enter.  Now the type the target domain that is www.theprohackers.in and press enter. This command will displays the Primary name server, mail server details. 5.3 Finding SoA (start of Authority) records of the Target Domain.
 In the above screenshot the primary name server is: ns47.domaincontrol.com and the mail address is: dns.jomax.net.
 Open the command prompt on the nslookup mode and type set type=a and press enter.  Now type the primary name server address of the target domain that is ns47.domaincontrol.com and hit enter. This command will display the name and IP address of the primary name server. 5.4 Finding the IP addr. of primary name server of the Target Domain
 In the above screenshot we can see the IP address of the primary name server the is xxx.xxx.xxx.xxx
 The authoritative name server store the records associated with the domain. So, if an attacker can determine the authoritative name server (primary name server) and obtain the associated IP address. He/she might attempt to exploit the sever to perform attacks which includes DoS, DDoS, URL redirection and so on… The conclusion…
For the videos relating to the Hacking please subscribe my YouTube channel: https://www.youtube.com/channel/UCcyYSi1sh1 SmyMlGfB-Vq6A For any query please mail us at theprohackers2017@gmail.com

Recommended

Software security
Software securitySoftware security
Software security
Roman Oliynykov
 
Cs8792 cns - unit i
Cs8792 cns - unit iCs8792 cns - unit i
Cs8792 cns - unit i
ArthyR3
 
Data security using rsa
Data security using rsaData security using rsa
Data security using rsa
LAKSHMI TEJA SAYABARAPU
 
Web Exploitation Security
Web Exploitation SecurityWeb Exploitation Security
Web Exploitation Security
Aman Singh
 
9780840024220 ppt ch09
9780840024220 ppt ch099780840024220 ppt ch09
9780840024220 ppt ch09
Kristin Harrison
 
Cia security model
Cia security modelCia security model
Cia security model
Imran Ahmed
 
Email security
Email securityEmail security
Email security
Indrajit Sreemany
 
Internet security protocol
Internet security protocolInternet security protocol
Internet security protocol
Mousmi Pawar
 

Recommended

Software security
Software securitySoftware security
Software security
Roman Oliynykov
 
Cs8792 cns - unit i
Cs8792 cns - unit iCs8792 cns - unit i
Cs8792 cns - unit i
ArthyR3
 
Data security using rsa
Data security using rsaData security using rsa
Data security using rsa
LAKSHMI TEJA SAYABARAPU
 
Web Exploitation Security
Web Exploitation SecurityWeb Exploitation Security
Web Exploitation Security
Aman Singh
 
9780840024220 ppt ch09
9780840024220 ppt ch099780840024220 ppt ch09
9780840024220 ppt ch09
Kristin Harrison
 
Cia security model
Cia security modelCia security model
Cia security model
Imran Ahmed
 
Email security
Email securityEmail security
Email security
Indrajit Sreemany
 
Internet security protocol
Internet security protocolInternet security protocol
Internet security protocol
Mousmi Pawar
 
cryptography
cryptographycryptography
cryptography
Abhijeet Singh
 
Code injection
Code injectionCode injection
Code injection
Gayatri Patel
 
Introduction to Software Security and Best Practices
Introduction to Software Security and Best PracticesIntroduction to Software Security and Best Practices
Introduction to Software Security and Best Practices
Maxime ALAY-EDDINE
 
Chapter 1_Cyber Security.pptx
Chapter 1_Cyber Security.pptxChapter 1_Cyber Security.pptx
Chapter 1_Cyber Security.pptx
PrinceKumar851167
 
Ceh v5 module 01 introduction to ethical hacking
Ceh v5 module 01 introduction to ethical hackingCeh v5 module 01 introduction to ethical hacking
Ceh v5 module 01 introduction to ethical hacking
Vi Tính Hoàng Nam
 
Computer viruses, types and preventions
Computer viruses, types and preventionsComputer viruses, types and preventions
Computer viruses, types and preventions
Prem Kumar Bonam
 
Email security presentation
Email security presentationEmail security presentation
Email security presentation
SubhradeepMaji
 
CRYPTOGRAPHY & NETWORK SECURITY - unit 1
CRYPTOGRAPHY & NETWORK SECURITY - unit 1CRYPTOGRAPHY & NETWORK SECURITY - unit 1
CRYPTOGRAPHY & NETWORK SECURITY - unit 1
RAMESHBABU311293
 
Pentesting custom TLS stacks
Pentesting custom TLS stacksPentesting custom TLS stacks
Pentesting custom TLS stacks
Alexandre Moneger
 
Operating Systems: Computer Security
Operating Systems: Computer SecurityOperating Systems: Computer Security
Operating Systems: Computer Security
Damian T. Gordon
 
Computer security design principles
Computer security design principlesComputer security design principles
Computer security design principles
Shaishav Dahal
 
Web security
Web securityWeb security
Web security
Subhash Basistha
 
Web security
Web securityWeb security
Web security
kareem zock
 
Security and Linux Security
Security and Linux SecuritySecurity and Linux Security
Security and Linux Security
Rizky Ariestiyansyah
 
Introduction to Cryptography
Introduction to CryptographyIntroduction to Cryptography
Introduction to Cryptography
Seema Goel
 
Basics of Information System Security
Basics of Information System SecurityBasics of Information System Security
Basics of Information System Security
chauhankapil
 
Keyloggers and Spywares
Keyloggers and SpywaresKeyloggers and Spywares
Keyloggers and Spywares
Ankit Mistry
 
Virus and worms
Virus and wormsVirus and worms
Virus and worms
Vikas Sharma
 
Ceh v5 module 02 footprinting
Ceh v5 module 02 footprintingCeh v5 module 02 footprinting
Ceh v5 module 02 footprinting
Vi Tính Hoàng Nam
 
OWASP Top 10 - 2017
OWASP Top 10 - 2017OWASP Top 10 - 2017
OWASP Top 10 - 2017
HackerOne
 
Pace IT - Admin Tools (Part 3)
Pace IT - Admin Tools (Part 3)Pace IT - Admin Tools (Part 3)
Pace IT - Admin Tools (Part 3)
Pace IT at Edmonds Community College
 
List Command at Run
List Command at RunList Command at Run
List Command at Run
Imam Dermawan
 

More Related Content

What's hot

OWASP Top 10 - 2017
OWASP Top 10 - 2017OWASP Top 10 - 2017
OWASP Top 10 - 2017
HackerOne
 

What's hot (20)

cryptography
cryptographycryptography
cryptography
 
Code injection
Code injectionCode injection
Code injection
 
Introduction to Software Security and Best Practices
Introduction to Software Security and Best PracticesIntroduction to Software Security and Best Practices
Introduction to Software Security and Best Practices
 
Chapter 1_Cyber Security.pptx
Chapter 1_Cyber Security.pptxChapter 1_Cyber Security.pptx
Chapter 1_Cyber Security.pptx
 
Ceh v5 module 01 introduction to ethical hacking
Ceh v5 module 01 introduction to ethical hackingCeh v5 module 01 introduction to ethical hacking
Ceh v5 module 01 introduction to ethical hacking
 
Computer viruses, types and preventions
Computer viruses, types and preventionsComputer viruses, types and preventions
Computer viruses, types and preventions
 
Email security presentation
Email security presentationEmail security presentation
Email security presentation
 
CRYPTOGRAPHY & NETWORK SECURITY - unit 1
CRYPTOGRAPHY & NETWORK SECURITY - unit 1CRYPTOGRAPHY & NETWORK SECURITY - unit 1
CRYPTOGRAPHY & NETWORK SECURITY - unit 1
 
Pentesting custom TLS stacks
Pentesting custom TLS stacksPentesting custom TLS stacks
Pentesting custom TLS stacks
 
Operating Systems: Computer Security
Operating Systems: Computer SecurityOperating Systems: Computer Security
Operating Systems: Computer Security
 
Computer security design principles
Computer security design principlesComputer security design principles
Computer security design principles
 
Web security
Web securityWeb security
Web security
 
Web security
Web securityWeb security
Web security
 
Security and Linux Security
Security and Linux SecuritySecurity and Linux Security
Security and Linux Security
 
Introduction to Cryptography
Introduction to CryptographyIntroduction to Cryptography
Introduction to Cryptography
 
Basics of Information System Security
Basics of Information System SecurityBasics of Information System Security
Basics of Information System Security
 
Keyloggers and Spywares
Keyloggers and SpywaresKeyloggers and Spywares
Keyloggers and Spywares
 
Virus and worms
Virus and wormsVirus and worms
Virus and worms
 
Ceh v5 module 02 footprinting
Ceh v5 module 02 footprintingCeh v5 module 02 footprinting
Ceh v5 module 02 footprinting
 
OWASP Top 10 - 2017
OWASP Top 10 - 2017OWASP Top 10 - 2017
OWASP Top 10 - 2017
 

Viewers also liked

File management ppt
File management pptFile management ppt
File management ppt
marotti
 

Viewers also liked (6)

Pace IT - Admin Tools (Part 3)
Pace IT - Admin Tools (Part 3)Pace IT - Admin Tools (Part 3)
Pace IT - Admin Tools (Part 3)
 
List Command at Run
List Command at RunList Command at Run
List Command at Run
 
100+ run commands for windows
100+ run commands for windows 100+ run commands for windows
100+ run commands for windows
 
ITE - Chapter 5
ITE - Chapter 5ITE - Chapter 5
ITE - Chapter 5
 
File management ppt
File management pptFile management ppt
File management ppt
 
File management
File managementFile management
File management
 

Similar to Information gathering using windows command line utility

Figure 3 TCP Session Hijacking Attack victims to execute the mali.pdf
Figure 3 TCP Session Hijacking Attack victims to execute the mali.pdfFigure 3 TCP Session Hijacking Attack victims to execute the mali.pdf
Figure 3 TCP Session Hijacking Attack victims to execute the mali.pdf
orderfabfirki
 
Please help with the below 3 questions, the python script is at the.pdf
Please help with the below 3 questions, the python script is at the.pdfPlease help with the below 3 questions, the python script is at the.pdf
Please help with the below 3 questions, the python script is at the.pdf
support58
 
Wireshark Lab IP v6.0Supplement to Computer Networking A Top-D.docx
Wireshark Lab IP v6.0Supplement to Computer Networking A Top-D.docxWireshark Lab IP v6.0Supplement to Computer Networking A Top-D.docx
Wireshark Lab IP v6.0Supplement to Computer Networking A Top-D.docx
alanfhall8953
 
Hunting for APT in network logs workshop presentation
Hunting for APT in network logs workshop presentationHunting for APT in network logs workshop presentation
Hunting for APT in network logs workshop presentation
OlehLevytskyi1
 
Wireshark ip sept_15_2009
Wireshark ip sept_15_2009Wireshark ip sept_15_2009
Wireshark ip sept_15_2009
wab030
 
HS1011 Data Communication and Networks 13 August 2015 HS101.docx
HS1011 Data Communication and Networks 13 August 2015 HS101.docxHS1011 Data Communication and Networks 13 August 2015 HS101.docx
HS1011 Data Communication and Networks 13 August 2015 HS101.docx
adampcarr67227
 
Lab-5 Scanning and Enumeration Reconnaissance and inform.docx
Lab-5 Scanning and Enumeration Reconnaissance and inform.docxLab-5 Scanning and Enumeration Reconnaissance and inform.docx
Lab-5 Scanning and Enumeration Reconnaissance and inform.docx
LaticiaGrissomzz
 
INFA 620Laboratory 4 Configuring a FirewallIn this exercise.docx
INFA 620Laboratory 4 Configuring a FirewallIn this exercise.docxINFA 620Laboratory 4 Configuring a FirewallIn this exercise.docx
INFA 620Laboratory 4 Configuring a FirewallIn this exercise.docx
carliotwaycave
 
Choose one of these three options A IPC using FIFO B Shar.pdf
Choose one of these three options A IPC using FIFO B Shar.pdfChoose one of these three options A IPC using FIFO B Shar.pdf
Choose one of these three options A IPC using FIFO B Shar.pdf
aghsports
 

Similar to Information gathering using windows command line utility (20)

Saad baig practical file
Saad baig practical fileSaad baig practical file
Saad baig practical file
 
Intimacy with MSF - Metasploit Framework
Intimacy with MSF - Metasploit FrameworkIntimacy with MSF - Metasploit Framework
Intimacy with MSF - Metasploit Framework
 
Figure 3 TCP Session Hijacking Attack victims to execute the mali.pdf
Figure 3 TCP Session Hijacking Attack victims to execute the mali.pdfFigure 3 TCP Session Hijacking Attack victims to execute the mali.pdf
Figure 3 TCP Session Hijacking Attack victims to execute the mali.pdf
 
Please help with the below 3 questions, the python script is at the.pdf
Please help with the below 3 questions, the python script is at the.pdfPlease help with the below 3 questions, the python script is at the.pdf
Please help with the below 3 questions, the python script is at the.pdf
 
Hacking Fundamentals - Jen Johnson , Miria Grunick
Hacking Fundamentals - Jen Johnson , Miria GrunickHacking Fundamentals - Jen Johnson , Miria Grunick
Hacking Fundamentals - Jen Johnson , Miria Grunick
 
Cyber security and ethical hacking 3
Cyber security and ethical hacking 3Cyber security and ethical hacking 3
Cyber security and ethical hacking 3
 
Footprinting LAB SETUP GUIDE.pdf
Footprinting LAB SETUP GUIDE.pdfFootprinting LAB SETUP GUIDE.pdf
Footprinting LAB SETUP GUIDE.pdf
 
ip_spoofing.pdf
ip_spoofing.pdfip_spoofing.pdf
ip_spoofing.pdf
 
Wireshark Lab IP v6.0Supplement to Computer Networking A Top-D.docx
Wireshark Lab IP v6.0Supplement to Computer Networking A Top-D.docxWireshark Lab IP v6.0Supplement to Computer Networking A Top-D.docx
Wireshark Lab IP v6.0Supplement to Computer Networking A Top-D.docx
 
Itep
ItepItep
Itep
 
Hunting for APT in network logs workshop presentation
Hunting for APT in network logs workshop presentationHunting for APT in network logs workshop presentation
Hunting for APT in network logs workshop presentation
 
80133823 backdor-nectcat-through-smb
80133823 backdor-nectcat-through-smb80133823 backdor-nectcat-through-smb
80133823 backdor-nectcat-through-smb
 
Wireshark ip sept_15_2009
Wireshark ip sept_15_2009Wireshark ip sept_15_2009
Wireshark ip sept_15_2009
 
HS1011 Data Communication and Networks 13 August 2015 HS101.docx
HS1011 Data Communication and Networks 13 August 2015 HS101.docxHS1011 Data Communication and Networks 13 August 2015 HS101.docx
HS1011 Data Communication and Networks 13 August 2015 HS101.docx
 
Osi model
Osi modelOsi model
Osi model
 
Lab-5 Scanning and Enumeration Reconnaissance and inform.docx
Lab-5 Scanning and Enumeration Reconnaissance and inform.docxLab-5 Scanning and Enumeration Reconnaissance and inform.docx
Lab-5 Scanning and Enumeration Reconnaissance and inform.docx
 
introducing PING comand
introducing PING comandintroducing PING comand
introducing PING comand
 
Network and Internet Security.docx
Network and Internet Security.docxNetwork and Internet Security.docx
Network and Internet Security.docx
 
INFA 620Laboratory 4 Configuring a FirewallIn this exercise.docx
INFA 620Laboratory 4 Configuring a FirewallIn this exercise.docxINFA 620Laboratory 4 Configuring a FirewallIn this exercise.docx
INFA 620Laboratory 4 Configuring a FirewallIn this exercise.docx
 
Choose one of these three options A IPC using FIFO B Shar.pdf
Choose one of these three options A IPC using FIFO B Shar.pdfChoose one of these three options A IPC using FIFO B Shar.pdf
Choose one of these three options A IPC using FIFO B Shar.pdf
 

More from Vishal Kumar

More from Vishal Kumar (20)

Threat Hunting Procedures and Measurement Matrice
Threat Hunting Procedures and Measurement MatriceThreat Hunting Procedures and Measurement Matrice
Threat Hunting Procedures and Measurement Matrice
 
The Complete Questionnaires About Firewall
The Complete Questionnaires About FirewallThe Complete Questionnaires About Firewall
The Complete Questionnaires About Firewall
 
E-mail Security Protocol - 2 Pretty Good Privacy (PGP)
E-mail Security Protocol - 2 Pretty Good Privacy (PGP)E-mail Security Protocol - 2 Pretty Good Privacy (PGP)
E-mail Security Protocol - 2 Pretty Good Privacy (PGP)
 
E-Mail Security Protocol - 1 Privacy Enhanced Mail (PEM) Protocol
E-Mail Security Protocol - 1 Privacy Enhanced Mail (PEM) ProtocolE-Mail Security Protocol - 1 Privacy Enhanced Mail (PEM) Protocol
E-Mail Security Protocol - 1 Privacy Enhanced Mail (PEM) Protocol
 
Privileges Escalation by Exploiting Client-Side Vulnerabilities Using Metasploit
Privileges Escalation by Exploiting Client-Side Vulnerabilities Using MetasploitPrivileges Escalation by Exploiting Client-Side Vulnerabilities Using Metasploit
Privileges Escalation by Exploiting Client-Side Vulnerabilities Using Metasploit
 
Exploiting Client-Side Vulnerabilities and Establishing a VNC Session
Exploiting Client-Side Vulnerabilities and Establishing a VNC SessionExploiting Client-Side Vulnerabilities and Establishing a VNC Session
Exploiting Client-Side Vulnerabilities and Establishing a VNC Session
 
Auditing System Password Using L0phtcrack
Auditing System Password Using L0phtcrackAuditing System Password Using L0phtcrack
Auditing System Password Using L0phtcrack
 
Dumping and Cracking SAM Hashes to Extract Plaintext Passwords
Dumping and Cracking SAM Hashes to Extract Plaintext PasswordsDumping and Cracking SAM Hashes to Extract Plaintext Passwords
Dumping and Cracking SAM Hashes to Extract Plaintext Passwords
 
Fundamental of Secure Socket Layer (SSL) | Part - 2
Fundamental of Secure Socket Layer (SSL) | Part - 2 Fundamental of Secure Socket Layer (SSL) | Part - 2
Fundamental of Secure Socket Layer (SSL) | Part - 2
 
The Fundamental of Electronic Mail (E-mail)
The Fundamental of Electronic Mail (E-mail)The Fundamental of Electronic Mail (E-mail)
The Fundamental of Electronic Mail (E-mail)
 
Fundamental of Secure Socket Layer (SSl) | Part - 1
Fundamental of Secure Socket Layer (SSl) | Part - 1Fundamental of Secure Socket Layer (SSl) | Part - 1
Fundamental of Secure Socket Layer (SSl) | Part - 1
 
The Fundamental of Secure Socket Layer (SSL)
The Fundamental of Secure Socket Layer (SSL)The Fundamental of Secure Socket Layer (SSL)
The Fundamental of Secure Socket Layer (SSL)
 
Hawkeye the Credential Theft Maalware
Hawkeye the Credential Theft MaalwareHawkeye the Credential Theft Maalware
Hawkeye the Credential Theft Maalware
 
Deep understanding on Cross-Site Scripting and SQL Injection
Deep understanding on Cross-Site Scripting and SQL InjectionDeep understanding on Cross-Site Scripting and SQL Injection
Deep understanding on Cross-Site Scripting and SQL Injection
 
Owasp top 10 security threats
Owasp top 10 security threatsOwasp top 10 security threats
Owasp top 10 security threats
 
Exploiting parameter tempering attack in web application
Exploiting parameter tempering attack in web applicationExploiting parameter tempering attack in web application
Exploiting parameter tempering attack in web application
 
Mirroring web site using ht track
Mirroring web site using ht trackMirroring web site using ht track
Mirroring web site using ht track
 
Collecting email from the target domain using the harvester
Collecting email from the target domain using the harvesterCollecting email from the target domain using the harvester
Collecting email from the target domain using the harvester
 
Introduction ethical hacking
Introduction ethical hackingIntroduction ethical hacking
Introduction ethical hacking
 
Social engineering
Social engineeringSocial engineering
Social engineering
 

Recently uploaded

Making and Justifying Mathematical Decisions.pdf
Making and Justifying Mathematical Decisions.pdfMaking and Justifying Mathematical Decisions.pdf
Making and Justifying Mathematical Decisions.pdf
Chris Hunter
 
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in DelhiRussian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
kauryashika82
 
Beyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global ImpactBeyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global Impact
PECB
 
Activity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdfActivity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdf
ciinovamais
 
1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdf1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdf
QucHHunhnh
 

Recently uploaded (20)

Making and Justifying Mathematical Decisions.pdf
Making and Justifying Mathematical Decisions.pdfMaking and Justifying Mathematical Decisions.pdf
Making and Justifying Mathematical Decisions.pdf
 
Holdier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdfHoldier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdf
 
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
 
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in DelhiRussian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
 
Unit-V; Pricing (Pharma Marketing Management).pptx
Unit-V; Pricing (Pharma Marketing Management).pptxUnit-V; Pricing (Pharma Marketing Management).pptx
Unit-V; Pricing (Pharma Marketing Management).pptx
 
INDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptx
INDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptxINDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptx
INDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptx
 
PROCESS RECORDING FORMAT.docx
PROCESS RECORDING FORMAT.docxPROCESS RECORDING FORMAT.docx
PROCESS RECORDING FORMAT.docx
 
On National Teacher Day, meet the 2024-25 Kenan Fellows
On National Teacher Day, meet the 2024-25 Kenan FellowsOn National Teacher Day, meet the 2024-25 Kenan Fellows
On National Teacher Day, meet the 2024-25 Kenan Fellows
 
Beyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global ImpactBeyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global Impact
 
microwave assisted reaction. General introduction
microwave assisted reaction. General introductionmicrowave assisted reaction. General introduction
microwave assisted reaction. General introduction
 
Activity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdfActivity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdf
 
1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdf1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdf
 
Micro-Scholarship, What it is, How can it help me.pdf
Micro-Scholarship, What it is, How can it help me.pdfMicro-Scholarship, What it is, How can it help me.pdf
Micro-Scholarship, What it is, How can it help me.pdf
 
Ecological Succession. ( ECOSYSTEM, B. Pharmacy, 1st Year, Sem-II, Environmen...
Ecological Succession. ( ECOSYSTEM, B. Pharmacy, 1st Year, Sem-II, Environmen...Ecological Succession. ( ECOSYSTEM, B. Pharmacy, 1st Year, Sem-II, Environmen...
Ecological Succession. ( ECOSYSTEM, B. Pharmacy, 1st Year, Sem-II, Environmen...
 
Measures of Dispersion and Variability: Range, QD, AD and SD
Measures of Dispersion and Variability: Range, QD, AD and SDMeasures of Dispersion and Variability: Range, QD, AD and SD
Measures of Dispersion and Variability: Range, QD, AD and SD
 
Unit-IV- Pharma. Marketing Channels.pptx
Unit-IV- Pharma. Marketing Channels.pptxUnit-IV- Pharma. Marketing Channels.pptx
Unit-IV- Pharma. Marketing Channels.pptx
 
This PowerPoint helps students to consider the concept of infinity.
This PowerPoint helps students to consider the concept of infinity.This PowerPoint helps students to consider the concept of infinity.
This PowerPoint helps students to consider the concept of infinity.
 
ComPTIA Overview | Comptia Security+ Book SY0-701
ComPTIA Overview | Comptia Security+ Book SY0-701ComPTIA Overview | Comptia Security+ Book SY0-701
ComPTIA Overview | Comptia Security+ Book SY0-701
 
Class 11th Physics NEET formula sheet pdf
Class 11th Physics NEET formula sheet pdfClass 11th Physics NEET formula sheet pdf
Class 11th Physics NEET formula sheet pdf
 
psychiatric nursing HISTORY COLLECTION .docx
psychiatric nursing HISTORY COLLECTION .docxpsychiatric nursing HISTORY COLLECTION .docx
psychiatric nursing HISTORY COLLECTION .docx
 

Information gathering using windows command line utility

  • 1. Information Gathering using Windows Command Line Utility By: Vishal Kumar (CEH | CHFI | CISE | MCP) Lab - 1
  • 2. Windows offers several powerful command line utilities that help attackers as well as Ethical Hackers and pen testers to gather open source information about the target of the evaluation. Overview of Window’s Command Line Utility.
  • 3.  As a professional Ethical Hacker or Pen Tester, your first step will be to check for the reachability of a computer in the target network. Operating systems offers serval utilities that you can readily use for primary information-gathering. Windows command-line utilities such as Ping, Nslookup, and tracert gather important information like IP address, maximum Packet Frame size, etc. about a target network or system that form a base of security assessment and pen test. Lab Scenario
  • 4.  This lab demonstrate how to use ping, Nslookup, and tracert utilities to gather information about a target. The lab teaches how to:  Use ping utilities to find the IP address of a target domain.  Use ping utility to emulate the tracert (traceroute) command  Find the maximum frame size for the network .  Identify Internet Control Message (ICMP) type and code for echo request and echo reply packets. Lab Objective
  • 5.  Open the command prompt and type the following command: Ping www.theprohackers.in  Here you can see the response of ping command and the IP address of the target that is: 184.168.221.33 1. Finding IP Address of Target Domain
  • 6.  PING stand for Packet Internet Groper.  Ping command syntax: ping [-q] [-v] [-R] [-c count] [-i Ward] [-s PacketSize] Host.  For the command, ping –c count, specify the number of echo request to send. 2. Finding the Maximum Frame Size of the Target Domain.  Now, find the maximum frame size on the network using the command utility.  Open the command prompt and type the command: ping www.theprohackers.in –f –l 1500
  • 7.  The response, Packet needs to be fragmented but the DF set, means that the frame is too large to be on the network and need to be fragmented. Since we use the –f switch with the ping command, the packet was not sent, and return this error. Note:- -f switch sets the Do Not Fragment bit on the ping packet. By default, the ping packets allows fragmentation.  Try the different combination of packet size with the ping command until you get the echo reply. Note:- in the ping command, the –l size option means to send the buffer size.
  • 8.  Observe the maximum packet size is less then 1500 bytes.  Now, try different values until you find the maximum frame size. Note:- The maximum frame size will differ depending upon the target network.
  • 9.  Every frame on the network has TTL (Time to Live) defined. If TTL reach's 0, the router discard the packets. This mechanism prevents the loss of packets.  Type the command: ping www.theprohackers.in –i 3. this option sets Time to Live (-i) value as 3. Note:- The maximum value you can set for TTL is 255. 3. Now find what happen when the TTL (Time to Live) expires.
  • 10.  Reply from the target: TTL expired in transit means the router (10.228.21.22) discard the frame, because the TTL has expired (reached 0).  Try the different value of TTL until you get the echo reply from the target.
  • 11.  Here I find the echo reply when the TTL value in 50. try the different combination of TTL value until you can find the maximum value of TTL on the target network. Note:- In the ping command –n switch used to specify the number of packets to be sent (i.e. -n 2). 4. Emulate Tracert.
  • 12.  Launch the command prompt and type the command: tracert www.theprohackers.in 
  • 13.  So here is the output of the tracert command.  As you can see in the above snapshot, tracert command displays the complete route from the attacker machine to the target machine with the IP address and location. 5. Finding the Details using Nslookup command.
  • 14.  Open the Run and type Nslookup and press Enter. This will open the command prompt with the nslooup with the Default server (DNS) name and Default Address (Address of DNS). 5.1 Obtaining IP Address of the Target Domain.  In the nslookup interactive mode, type set type=a and press Enter. Setting the type a configures nslookup to query for the IP address of a given domain.  Type the target domain www.theprohackers.in and press enter. This resolve the IP address and displays the result as shown.
  • 15. 5.2 Finding Cname of the Target Domain.  Type set type=cname and press enter. Note:-The CNAME lookup is done directly against the domain’s authoritative name server and list the CNAME records for the domain.
  • 16.  Type the target domain www.theprohackers.in and hit enter. This will return the domain's authoritative name servers, along with the mail server address as shown in the below screenshot.
  • 17.  Open the nslookup interactive mode and type set type=soa and hit enter.  Now the type the target domain that is www.theprohackers.in and press enter. This command will displays the Primary name server, mail server details. 5.3 Finding SoA (start of Authority) records of the Target Domain.
  • 18.  In the above screenshot the primary name server is: ns47.domaincontrol.com and the mail address is: dns.jomax.net.
  • 19.  Open the command prompt on the nslookup mode and type set type=a and press enter.  Now type the primary name server address of the target domain that is ns47.domaincontrol.com and hit enter. This command will display the name and IP address of the primary name server. 5.4 Finding the IP addr. of primary name server of the Target Domain
  • 20.  In the above screenshot we can see the IP address of the primary name server the is xxx.xxx.xxx.xxx
  • 21.  The authoritative name server store the records associated with the domain. So, if an attacker can determine the authoritative name server (primary name server) and obtain the associated IP address. He/she might attempt to exploit the sever to perform attacks which includes DoS, DDoS, URL redirection and so on… The conclusion…
  • 22. For the videos relating to the Hacking please subscribe my YouTube channel: https://www.youtube.com/channel/UCcyYSi1sh1 SmyMlGfB-Vq6A For any query please mail us at theprohackers2017@gmail.com