Presentation is loading. Please wait.

Presentation is loading. Please wait.

Modern information gathering Dave van Stein 9 april 2009.

Published byOswin Cooper Modified over 8 years ago

Similar presentations

Presentation on theme: "Modern information gathering Dave van Stein 9 april 2009."— Presentation transcript:

1 Modern information gathering Dave van Stein 9 april 2009

2 Copyright © 2008 ps_testware Who Am I Dave van Stein 34 years Functional tester > 7 years Specializing in (Application) Security Testing “Certified Ethical Hacker”

3 Copyright © 2008 ps_testware Agenda Goal of the presentation What is Information Gathering ? Domain scanning Search engine ‘abuse’ Other tools Some Social Engineering Remedies Conclusions

4 Copyright © 2008 ps_testware Goal of this presentation Give insight in amount of information anonymously available on internet about your system (and users) Give insight in the amount and possibilities of tools freely available

5 Copyright © 2008 ps_testware Intermezzo: How to hack Identify entrypoint Gain access Secure access Do stuff Clear up the mess Come back another time (simplified procedure)

6 Copyright © 2008 ps_testware Information Gathering Information gathering scans for: –Domains and subdomains –IP adresses –Applications and technologies –Hotspots (known vulnerabilities) –Usernames and passwords –Sensitive information Not only identifying risks, but also risk on exposure and exploiting

7 Copyright © 2008 ps_testware Passive Reconnaissance Reconnaissance: –Information gathering, fingerprinting –Gaining information about a target Passive –Without making contact with target –No direct scanning, no intrusion –No logging and no alarm triggering !

8 Copyright © 2008 ps_testware Sources of information Public records –WHOIS: information about owner –DNS : information about IP adresses –Necessary for network functionality Search engines –Often little restrictions on websites –Cache all information gathered

9 Copyright © 2008 ps_testware Tools What do you need ? –Webbrowser –Internet access –Creativity Advanced and Automated scanning: –Specialized (offline) Tools

10 Copyright © 2008 ps_testware ‘Classic’ Domain Scanning Steps involved: –Get network information with ping and traceroute –Get DNS information with WHOIS and LOOKUP –Do DNS zone transfer for subdomains –Download website for extra info –Scan servers Problems: –DNS zone transfers often not authorized –Active connection with target => detectable

11 Copyright © 2008 ps_testware ‘Modern’ Domain Scanning Various websites –Anonymous –Combination of techniques –Sort results for nice presentation Search engine ‘tweaking’ –Additional information linked to domain → Some examples

12 Copyright © 2008 ps_testware Domain Scanning: ServerSniff Server Sniff –NS reports –Domain reports –Subdomains –Various (trace)routes –Various ping types –Shows robots.txt –Anonymous !

13 Copyright © 2008 ps_testware Domain Scanning: Server Sniff

14 Copyright © 2008 ps_testware Domain Scanning: Robtex Domain ‘Swiss Army Knife’ –Provides ALL information linked to a domain

15 Copyright © 2008 ps_testware Domain scanning: Robtex

16 Copyright © 2008 ps_testware Domain Scanning ‘on-the-fly’ Passive Recon (Firefox add-on)

17 Copyright © 2008 ps_testware Domain Scanning: Live search Finds subdomains with ‘IP:x.x.x.x’

18 Copyright © 2008 ps_testware Live search automated: Webshag

19 Copyright © 2008 ps_testware Other tools Spiderfoot / Wikto –Combine DNS / Google / Live Search / Yahoo –Subdomains –Directories –IP’s –Email adressess –Usernames –Systems in use

20 Copyright © 2008 ps_testware Maltego Intelligence and forensics tool Connects many different sources of info Represents in graphical way Very extensive capabilities Too much to cover in this presentation http://www.paterva.com/maltego

21 Copyright © 2008 ps_testware Modern Domain Scanning Anonymous Both online and offline Highly automated Graphical network mapping in less than 10 minutes ! Lots of additional information

22 Copyright © 2008 ps_testware Google Advanced search filetype: (or ext:) –Find documents of the specified type. E.g. PDF, XLS, DOC intext: –The terms must appear in the text of the page. intitle: –The terms must appear in the title of the page. inurl: –The terms must appear in the URL of the page.

23 Copyright © 2008 ps_testware Google Hacking Database www.johnny.ihackstuff.com (edit: http://johnny.ihackstuff.com/ghdb.php) Collection of queries for finding ‘interesting’ stuff Regular updates

24 Copyright © 2008 ps_testware GHD applications Goolag scanner Goolag Scanner is a Web auditing tool. It works by exploiting data- retention practices of popular search engines. –Contains Google Hacking Database –Automated Google queries –Automated result interpretation –Single host or general scan

25 Copyright © 2008 ps_testware Goolag scanner

26 Copyright © 2008 ps_testware More applications Modern vulnerability scanners use GHD: –IBM Rational Appscan –Acunetix Vulnerability Scanner –Others Several Firefox plug-ins for “on-the-fly” scanning

27 Copyright © 2008 ps_testware Google Hacking Database Possible results of GHD: –Identify systems in use (including version) –Identify known exploits –Locations of sensitive information –User-id’s & passwords –Logging files –Many other things

28 Copyright © 2008 ps_testware Yahoo search: file explorer File explorer for the web

29 Copyright © 2008 ps_testware Yahoo search: file explorer Examples

30 Copyright © 2008 ps_testware Other tools Metagoofil : extract metadata from documents on website –User names, server names, path locations, sofware + versions, MAC adresses (!) Wikiscanner : check comments made on Wikipedia by company or domain –Company IP ranges Several “Social Site” extractors –Linkedin, twitter, hyves, etc, etc, etc

31 Copyright © 2008 ps_testware Conclusions What search engines see, hackers can abuse Many tools are freely available Networks can be mapped with much detail in minutes Much information about your company, systems and users available on internet

32 Copyright © 2008 ps_testware Remedies (1/2) Limit access –Allow search engines only to see what they need to see. Make sure unauthorized users are not able to look into or even see files they do not need to see. Force possible intruders to use methods that can be scanned and monitored. Use the tools of hackers –Scan your systems with the tools hackers use and check the information that is found. Scan for error messages and other things that reveal information about the system and services and remove them. Check what spiders can see –Use a spider simulator to check what spiders can see and if your application still functions correctly.

33 Copyright © 2008 ps_testware Remedies (2/2) Awareness –Be aware of all possible sources of information. Create awareness among employees. Assume all information will possibly abused Clean documents –Remove al metadata from documents before publishing. Audit frequently –Keep your knowledge up-to-date and scan regularly for information that can be found about your systems or hire professionals do to it for you.

34 Copyright © 2008 ps_testware Interesting books on the subject

Download ppt "Modern information gathering Dave van Stein 9 april 2009."

Similar presentations

NetScanTools ® LE Law Enforcement Version of NetScanTools ® from Northwest Performance Software, Inc. netscantools.com.

NetScanTools ® LE Law Enforcement Version of NetScanTools ® from Northwest Performance Software, Inc. netscantools.com.
Revealing the Secrets: Source Code Disclosure, Techniques, and Impacts.

Revealing the Secrets: Source Code Disclosure, Techniques, and Impacts.
1 Configuring Internet- related services (April 22, 2015) © Abdou Illia, Spring 2015.

1 Configuring Internet- related services (April 22, 2015) © Abdou Illia, Spring 2015.
Chapter 2 Gathering Target Information: Reconnaissance, Footprinting, and Social Engineering.

Chapter 2 Gathering Target Information: Reconnaissance, Footprinting, and Social Engineering.
FOCA 2.5 Chema Alonso. What’s a FOCA? FOCA on Linux?

FOCA 2.5 Chema Alonso. What’s a FOCA? FOCA on Linux?
Google Search Using internet search engine as a tool to find information related to creativity & innovation.

Google Search Using internet search engine as a tool to find information related to creativity & innovation.
INDEX  Ethical Hacking Terminology.  What is Ethical hacking?  Who are Ethical hacker?  How many types of hackers?  White Hats (Ethical hackers)

INDEX  Ethical Hacking Terminology.  What is Ethical hacking?  Who are Ethical hacker?  How many types of hackers?  White Hats (Ethical hackers)
Ahmad Radaideh.  Abstract  Introduction  Google Cached Content  GOOGLE HACKING Procedures  Google Advance Operators  Google hacking Result Categories.

Ahmad Radaideh.  Abstract  Introduction  Google Cached Content  GOOGLE HACKING Procedures  Google Advance Operators  Google hacking Result Categories.
 Single sign-on o Centralized and federated passport o Federated Liberty Alliance and Shibboleth  Authorization o Who can access which resource o ACM.

 Single sign-on o Centralized and federated passport o Federated Liberty Alliance and Shibboleth  Authorization o Who can access which resource o ACM.
Searching The Web Search Engines are computer programs (variously called robots, crawlers, spiders, worms) that automatically visit Web sites and, starting.

Searching The Web Search Engines are computer programs (variously called robots, crawlers, spiders, worms) that automatically visit Web sites and, starting.
Security Tools CS-480b Dick Steflik. CACLS Windows NT, W2000, XP Displays or modifies access control lists (ACLs) of files.

Security Tools CS-480b Dick Steflik. CACLS Windows NT, W2000, XP Displays or modifies access control lists (ACLs) of files.
07 December 2009Slide 1 of 1207 December 2009Slide 1 of 12 SQL Injection Primer By Nicole Gray, Cliff McCullough, Joe Hernandez.

07 December 2009Slide 1 of 1207 December 2009Slide 1 of 12 SQL Injection Primer By Nicole Gray, Cliff McCullough, Joe Hernandez.
07 December 2009Slide 1 of 9 SQL Injection Primer By Nicole Gray, Cliff McCullough, Joe Hernandez.

07 December 2009Slide 1 of 9 SQL Injection Primer By Nicole Gray, Cliff McCullough, Joe Hernandez.
Searching and Researching the World Wide: Emphasis on Christian Websites Developed from the book: Searching and Researching on the Internet and World Wide.

Searching and Researching the World Wide: Emphasis on Christian Websites Developed from the book: Searching and Researching on the Internet and World Wide.
Reconnaissance Steps. EC-Council Gathering information from Open Sources  Owner of IP-address range  Address Range  Domain Names  Computing Platforms.

Reconnaissance Steps. EC-Council Gathering information from Open Sources  Owner of IP-address range  Address Range  Domain Names  Computing Platforms.
1 Presentation ISS Security Scanner & Retina by Adnan Khairi 100183586.

1 Presentation ISS Security Scanner & Retina by Adnan Khairi
Authorization and Policy. Is principal P permitted to perform action A on object O? – Authorization system will provide yes/no answer Authorization.

Authorization and Policy. Is principal P permitted to perform action A on object O? – Authorization system will provide yes/no answer Authorization.
Penetration Testing.

Penetration Testing.
Penetration Testing Edmund Whitehead Rayce West. Introduction - Definition of Penetration Testing - Who needs Penetration Testing? - Penetration Testing.

Penetration Testing Edmund Whitehead Rayce West. Introduction - Definition of Penetration Testing - Who needs Penetration Testing? - Penetration Testing.
MIS 5211.001 Week 3 Site:

MIS Week 3 Site:

Similar presentations

Ads by Google