Chapter 2 Gathering Target Information: Reconnaissance, Footprinting, and Social Engineering.

Slides:

Advertisements

Similar presentations

Module II Footprinting

Advertisements

NetScanTools ® LE Law Enforcement Version of NetScanTools ® from Northwest Performance Software, Inc. netscantools.com.

This module will familiarize you with the following:  Overview of the Reconnaissance Phase  Footprinting: An Introduction  Information Gathering Methodology.

Web Server Administration

Domain Name System. DNS is a client/server protocol which provides Name to IP Address Resolution.

Copyright © 2007 by Scott Orr and the Trustees of Indiana University

DNS. DNS is a network service that enables clients to resolve names to IP address and vice-versa. Allows machines to be logically grouped by domain names.

1 DNS. 2 BIND DNS –Resolve names to IP address –Resolve IP address to names (reverse DNS) BIND –Berkeley Internet Name Domain system Version 4 is still.

TA : Eng.Hala O. Abu Radi.. Nslookup Command SYNOPSIS nslookup [-option... ] [host-to-find | -[server ] ] DESCRIPTION Nslookup is a program to query Internet.

Week 2 -1 Week 2: Footprinting What is Footprinting? –Systematic collection of information on an intended target with the goal to create a complete profile.

CS335 Networking & Network Administration Wednesday, May 26, 2010.

Domain Name System (DNS) Network Information Center (NIC) : HOSTS.TXT.

IT:Network:Apps.  Hosts  Root Servers  Zones  Name Resolution  Reverse and forward Lookups  CName  MX Records  NSLookup  IPconfig.

588 Section 7 Neil Spring May 18, Schedule Homework 2 review DNS Active Naming.

Chapter 5 Phase 1: Reconnaissance. Reconnaissance  Finding as much information about the target as possible before launching the first attack packet.

CSC586 Network Forensics IP Tracing/Domain Name Tracing.

Reconnaissance Steps. EC-Council Gathering information from Open Sources  Owner of IP-address range  Address Range  Domain Names  Computing Platforms.

Phishing Analysis. Ojectives Phishing Internet Protocol (IP) addresses Domain Name System (DNS) names Analyse “From” addresses Analyse URL’s Trace the.

Domain Name Services Oakton Community College CIS 238.

EC-Council’s Certified Ethical Hacker (CEH) Richard Henson May 2012.

 Find out initial information ◦ Open Source ◦ Whois ◦ Nslookup  Find out address range of the network ◦ ARIN (American registry for internet numbers)

Information Gathering Lesson 4. Steps for Gathering Information Find out initial information Open Source Whois Nslookup Find out address range of the.

Footprinting Richard Newman “If you know the enemy and know yourself, you need not fear the result of a hundred battles. If you know yourself but not the.

GOOGLE HACKING FOR PENETRATION TESTERS Chris Chromiak SentryMetrics March 27 th, 2007.

Network Reconnaissance

CNIT 124: Advanced Ethical Hacking. CASING THE ESTABLISHMENT CASE STUDY.

Introduction to the Internet. What is the Internet The Internet is a worldwide group of connected networks that allows public access to information and.

Petrozavodsk State University, Alex Moschevikin, 2003NET TECHNOLOGIES Domain Name System HISTORY File hosts (the size of Internet became more than 1000.

DNS Related Commands Sayed Ahmed Computer Engineering, BUET, Bangladesh (Graduated on 2001 ) MSc, Computer Science, U of Manitoba, Canada

DNS & SPAM SHAREPOINT 2010 IT:NETWORK:APPLICATIONS.

70-291: MCSE Guide to Managing a Microsoft Windows Server 2003 Network Chapter 6: Name Resolution.

70-291: MCSE Guide to Managing a Microsoft Windows Server 2003 Network, Enhanced Chapter 6: Name Resolution.

CIS 450 – Network Security Chapter 3 – Information Gathering.

CITA 310 Section 1 Name Resolution (Textbook Chapter 4)

Deploying a Web Application Presented By: Muhammad Naveed Date:

Communication Between Networks How the Internet Got Its Name.

DIYTP Assessing a System - Basics  Why?  Vulnerabilities  What to look at:  The six ‘P’s  Patch  Ports  Protect  Policies  Probe  Physical.

Day 14 Introduction to Networking. Unix Networking Unix is very frequently used as a server. –Server is a machine which “serves” some function Web Server.

How to configure DNS for a Windows 2000 domain? 1.Start the Install/Remove Programs Control Panel Applet (Start - Settings - Control Panel - Add/Remove.

Network Assessment How intrusion techniques contribute to system/network security Network and system monitoring System mapping Ports, OS, applications.

Phishing Lab. Lab 9: Phishing ● Step 1: Acquire Some Data ● Open the Phishing_Evidence document. This is the original in its initial format as.

Networked Systems Survivability CERT ® Coordination Center Software Engineering Institute Carnegie Mellon University Pittsburgh, PA © 2002 Carnegie.

Assessing a Target System Source: Chapter 3 Computer Security Fundamentals Chuck Easttom Prentice Hall, 2006.

Akademska in raziskovalna mreža Slovenije 1 Networking Basics Gorazd Božič Academic and Research Network of Slovenia

ROAD TO EXPLOITATION Dr. Andy Wu BCIS 4630 Fundamentals of IT Security.

IPv6. Why IPv6? Running out of IPv4 addresses Internet Assigned Numbers Authority allocated the last 5 /8 blocks on 3 Feb 2011 Internet Assigned Numbers.

Linux Operations and Administration

Footprinting and Scanning

4343 X2 – Outline The Domain Name System The Web.

Network Reconnaissance CS490 - Security in Computing Copyright © 2005 by Scott Orr and the Trustees of Indiana University.

Web Server Administration Chapter 4 Name Resolution.

OPTION section It is the first section of the named.conf User can use only one option statement and many option-value pair under the section. Syntax is.

Footprinting. Traditional Hacking The traditional way to hack into a system the steps include: Footprint: Get a big picture of what the network is Scan.

Footprinting/Scanning/ Enumeration Lesson 9. Footprinting External attack: Enables attackers to create a profile of an organization’s security posture.

4343 X2 – The Application Layer Tanenbaum Chapter 7.

COMP1321 Digital Infrastructures Richard Henson University of Worcester April 2016.

Modern information gathering Dave van Stein 9 april 2009.

Department of Computer Science Introduction to Information Security Chapter 7 Activity Security Assessment Semester 1.

WHAT IS FOOTPRINTING?. FOOTPRINTING  Active  Passive - Passive footprinting is a method in which the attacker never makes any contact with the target.

Tools We Are Going To Use

1 Internet Service DNS & BIND OPS335 Seneca College of Applied Technology.

Ip addressing: dhcp & dns

Footprinting and Scanning

IMPLEMENTING NAME RESOLUTION USING DNS

Intro to Ethical Hacking

Footprinting and Scanning

FootPrinting CS391.

Learning objectives By the end of this unit you should: Explain

Passive Research Section 2 11/29/2018.

Windows Name Resolution

Presentation transcript:

Chapter 2 Gathering Target Information: Reconnaissance, Footprinting, and Social Engineering

Reconnaissance Process of Information gathering –> pre-attack phase Don’t determine what is important, just gather as much info as possible Info about people could help with social engineering Locate network addresses; ascertain active machines, discover open ports and access points, detect OSs, Uncover services on ports, map the network Eg: if open port = 80, OS=Linux, then App = ____

Reconnaissance Tools/Methods - SpyFu and KeywordSpy - EDGAR database - www.Netcraft.com web site - whois - DNS - network scanning - email tracking, dumpster diving, - read career section of a company’s website

Information-Gathering Methodology Footprinting: Mapping a Network Tools: DNS Lookup Whois NSLookup Sam Spade Neotrace: Automated network mapping Netcraft Web site: passive footprinting Nitko: Windows tool with GUI, can be used for footprinting web servers Way Back Machine & archive.org: old versions of websites EDGAR database

Information-Gathering Methodology Tools (cont): Google operators Site: one of the most important operators used for searching the Websites in Google allows a user to search only for pages that are hosted on a specific server or in a specific domain www.googleguide.com/advanced-operators.html Filetype,: search a specified file type Link: search for pages that link to other pages Cache: identifies version of a web page Intitle: search a specified text in the title of Web sites Inurl: search a specified text in the URL of Web sites Info: summary information for a site and provides links to other Google searches that might pertain to that site inanchor: searches the text representation of a link, not the actual URL

Information-Gathering Methodology DNS Enumeration – finding DNS servers and their records NSLookup DNS Resolution Issues DNSstuff Whois SuperScan, Sam Space, WsPingPro Regional Internet Registries (RIR) ARIN: North America APNIC: Asia Pacific Region LACNIC: South/Central America/Caribbean RIPE NNC: Europe, Middle East, Central Asia AfriNCC: Africa (Illegal to give false information to ICANN)

Information-Gathering Methodology DNS Records A: Forward lookup SOA: Start of Authority; 1st entry in file CNAME: Canonical Name MX: Mail Exchange SRV: Service PTR: Reverse pointer NS: Name Server Know components of SOA record (serial number, refresh rate, retry timer, expiry timer, TTL) http://www.debianhelp.co.uk/dnsrecords.htm

Information-Gathering Methodology Traceroute Records the time taken for a round trip for each packet at each router Uses ICMP echo packets to display the FQDN and the IP address of each gateway along the route to the remote host ‘lft’: advancedTtraceroute tool Email Tracking Exchange Server Files: EDB, STM, Temp, Checkpoint Web based: History, Cookies, Temporary Internet folders Web Spiders

Information-Gathering Methodology Social Engineering Email Phone In Person Impersonation Shoulder Surfing Dumpster Diving Phishing URL Obfuscation (Know how to convert Dec <-> Hex <-> IP)