Presentation is loading. Please wait.

Presentation is loading. Please wait.

Chapter 2 Gathering Target Information: Reconnaissance, Footprinting, and Social Engineering.

Similar presentations


Presentation on theme: "Chapter 2 Gathering Target Information: Reconnaissance, Footprinting, and Social Engineering."— Presentation transcript:

1 Chapter 2 Gathering Target Information: Reconnaissance, Footprinting, and Social Engineering

2 Reconnaissance Process of Information gathering –> pre-attack phase
Don’t determine what is important, just gather as much info as possible Info about people could help with social engineering Locate network addresses; ascertain active machines, discover open ports and access points, detect OSs, Uncover services on ports, map the network Eg: if open port = 80, OS=Linux, then App = ____

3 Reconnaissance Tools/Methods
- SpyFu and KeywordSpy - EDGAR database - web site - whois - DNS - network scanning - tracking, dumpster diving, - read career section of a company’s website

4 Information-Gathering Methodology
Footprinting: Mapping a Network Tools: DNS Lookup Whois NSLookup Sam Spade Neotrace: Automated network mapping Netcraft Web site: passive footprinting Nitko: Windows tool with GUI, can be used for footprinting web servers Way Back Machine & archive.org: old versions of websites EDGAR database

5 Information-Gathering Methodology
Tools (cont): Google operators Site: one of the most important operators used for searching the Websites in Google allows a user to search only for pages that are hosted on a specific server or in a specific domain Filetype,: search a specified file type Link: search for pages that link to other pages Cache: identifies version of a web page Intitle: search a specified text in the title of Web sites Inurl: search a specified text in the URL of Web sites Info: summary information for a site and provides links to other Google searches that might pertain to that site inanchor: searches the text representation of a link, not the actual URL

6 Information-Gathering Methodology
DNS Enumeration – finding DNS servers and their records NSLookup DNS Resolution Issues DNSstuff Whois SuperScan, Sam Space, WsPingPro Regional Internet Registries (RIR) ARIN: North America APNIC: Asia Pacific Region LACNIC: South/Central America/Caribbean RIPE NNC: Europe, Middle East, Central Asia AfriNCC: Africa (Illegal to give false information to ICANN)

7 Information-Gathering Methodology
DNS Records A: Forward lookup SOA: Start of Authority; 1st entry in file CNAME: Canonical Name MX: Mail Exchange SRV: Service PTR: Reverse pointer NS: Name Server Know components of SOA record (serial number, refresh rate, retry timer, expiry timer, TTL)

8 Information-Gathering Methodology
Traceroute Records the time taken for a round trip for each packet at each router Uses ICMP echo packets to display the FQDN and the IP address of each gateway along the route to the remote host ‘lft’: advancedTtraceroute tool Tracking Exchange Server Files: EDB, STM, Temp, Checkpoint Web based: History, Cookies, Temporary Internet folders Web Spiders

9 Information-Gathering Methodology
Social Engineering Phone In Person Impersonation Shoulder Surfing Dumpster Diving Phishing URL Obfuscation (Know how to convert Dec <-> Hex <-> IP)


Download ppt "Chapter 2 Gathering Target Information: Reconnaissance, Footprinting, and Social Engineering."

Similar presentations


Ads by Google