Presentation is loading. Please wait.

Presentation is loading. Please wait.

Chapter 2 Gathering Target Information: Reconnaissance, Footprinting, and Social Engineering.

Published byRosalyn Gregory Modified over 9 years ago

Similar presentations

Presentation on theme: "Chapter 2 Gathering Target Information: Reconnaissance, Footprinting, and Social Engineering."— Presentation transcript:

1 Chapter 2 Gathering Target Information: Reconnaissance, Footprinting, and Social Engineering

2 Reconnaissance Process of Information gathering –> pre-attack phase
Don’t determine what is important, just gather as much info as possible Info about people could help with social engineering Locate network addresses; ascertain active machines, discover open ports and access points, detect OSs, Uncover services on ports, map the network Eg: if open port = 80, OS=Linux, then App = ____

3 Reconnaissance Tools/Methods
- SpyFu and KeywordSpy - EDGAR database - web site - whois - DNS - network scanning - tracking, dumpster diving, - read career section of a company’s website

4 Information-Gathering Methodology
Footprinting: Mapping a Network Tools: DNS Lookup Whois NSLookup Sam Spade Neotrace: Automated network mapping Netcraft Web site: passive footprinting Nitko: Windows tool with GUI, can be used for footprinting web servers Way Back Machine & archive.org: old versions of websites EDGAR database

5 Information-Gathering Methodology
Tools (cont): Google operators Site: one of the most important operators used for searching the Websites in Google allows a user to search only for pages that are hosted on a specific server or in a specific domain Filetype,: search a specified file type Link: search for pages that link to other pages Cache: identifies version of a web page Intitle: search a specified text in the title of Web sites Inurl: search a specified text in the URL of Web sites Info: summary information for a site and provides links to other Google searches that might pertain to that site inanchor: searches the text representation of a link, not the actual URL

6 Information-Gathering Methodology
DNS Enumeration – finding DNS servers and their records NSLookup DNS Resolution Issues DNSstuff Whois SuperScan, Sam Space, WsPingPro Regional Internet Registries (RIR) ARIN: North America APNIC: Asia Pacific Region LACNIC: South/Central America/Caribbean RIPE NNC: Europe, Middle East, Central Asia AfriNCC: Africa (Illegal to give false information to ICANN)

7 Information-Gathering Methodology
DNS Records A: Forward lookup SOA: Start of Authority; 1st entry in file CNAME: Canonical Name MX: Mail Exchange SRV: Service PTR: Reverse pointer NS: Name Server Know components of SOA record (serial number, refresh rate, retry timer, expiry timer, TTL)

8 Information-Gathering Methodology
Traceroute Records the time taken for a round trip for each packet at each router Uses ICMP echo packets to display the FQDN and the IP address of each gateway along the route to the remote host ‘lft’: advancedTtraceroute tool Tracking Exchange Server Files: EDB, STM, Temp, Checkpoint Web based: History, Cookies, Temporary Internet folders Web Spiders

9 Information-Gathering Methodology
Social Engineering Phone In Person Impersonation Shoulder Surfing Dumpster Diving Phishing URL Obfuscation (Know how to convert Dec <-> Hex <-> IP)

Download ppt "Chapter 2 Gathering Target Information: Reconnaissance, Footprinting, and Social Engineering."

Similar presentations

Module II Footprinting

Module II Footprinting
NetScanTools ® LE Law Enforcement Version of NetScanTools ® from Northwest Performance Software, Inc. netscantools.com.

NetScanTools ® LE Law Enforcement Version of NetScanTools ® from Northwest Performance Software, Inc. netscantools.com.
This module will familiarize you with the following:  Overview of the Reconnaissance Phase  Footprinting: An Introduction  Information Gathering Methodology.

This module will familiarize you with the following:  Overview of the Reconnaissance Phase  Footprinting: An Introduction  Information Gathering Methodology.
Web Server Administration

Web Server Administration
Domain Name System. DNS is a client/server protocol which provides Name to IP Address Resolution.

Domain Name System. DNS is a client/server protocol which provides Name to IP Address Resolution.
Copyright © 2007 by Scott Orr and the Trustees of Indiana University

Copyright © 2007 by Scott Orr and the Trustees of Indiana University
DNS. DNS is a network service that enables clients to resolve names to IP address and vice-versa. Allows machines to be logically grouped by domain names.

DNS. DNS is a network service that enables clients to resolve names to IP address and vice-versa. Allows machines to be logically grouped by domain names.
1 DNS. 2 BIND DNS –Resolve names to IP address –Resolve IP address to names (reverse DNS) BIND –Berkeley Internet Name Domain system Version 4 is still.

1 DNS. 2 BIND DNS –Resolve names to IP address –Resolve IP address to names (reverse DNS) BIND –Berkeley Internet Name Domain system Version 4 is still.
TA : Eng.Hala O. Abu Radi.. Nslookup Command SYNOPSIS nslookup [-option... ] [host-to-find | -[server ] ] DESCRIPTION Nslookup is a program to query Internet.

TA : Eng.Hala O. Abu Radi.. Nslookup Command SYNOPSIS nslookup [-option... ] [host-to-find | -[server ] ] DESCRIPTION Nslookup is a program to query Internet.
Week 2 -1 Week 2: Footprinting What is Footprinting? –Systematic collection of information on an intended target with the goal to create a complete profile.

Week 2 -1 Week 2: Footprinting What is Footprinting? –Systematic collection of information on an intended target with the goal to create a complete profile.
CS335 Networking & Network Administration Wednesday, May 26, 2010.

CS335 Networking & Network Administration Wednesday, May 26, 2010.
Domain Name System (DNS) Network Information Center (NIC) : HOSTS.TXT.

Domain Name System (DNS) Network Information Center (NIC) : HOSTS.TXT.
IT:Network:Apps.  Hosts  Root Servers  Zones  Name Resolution  Reverse and forward Lookups  CName  MX Records  NSLookup  IPconfig.

IT:Network:Apps.  Hosts  Root Servers  Zones  Name Resolution  Reverse and forward Lookups  CName  MX Records  NSLookup  IPconfig.
588 Section 7 Neil Spring May 18, 1999. Schedule Homework 2 review DNS Active Naming.

588 Section 7 Neil Spring May 18, Schedule Homework 2 review DNS Active Naming.
Chapter 5 Phase 1: Reconnaissance. Reconnaissance  Finding as much information about the target as possible before launching the first attack packet.

Chapter 5 Phase 1: Reconnaissance. Reconnaissance  Finding as much information about the target as possible before launching the first attack packet.
CSC586 Network Forensics IP Tracing/Domain Name Tracing.

CSC586 Network Forensics IP Tracing/Domain Name Tracing.
Reconnaissance Steps. EC-Council Gathering information from Open Sources  Owner of IP-address range  Address Range  Domain Names  Computing Platforms.

Reconnaissance Steps. EC-Council Gathering information from Open Sources  Owner of IP-address range  Address Range  Domain Names  Computing Platforms.
Phishing Analysis. Ojectives Phishing Internet Protocol (IP) addresses Domain Name System (DNS) names Analyse “From” addresses Analyse URL’s Trace the.

Phishing Analysis. Ojectives Phishing Internet Protocol (IP) addresses Domain Name System (DNS) names Analyse “From” addresses Analyse URL’s Trace the.
Domain Name Services Oakton Community College CIS 238.

Domain Name Services Oakton Community College CIS 238.
EC-Council’s Certified Ethical Hacker (CEH) Richard Henson May 2012.

EC-Council’s Certified Ethical Hacker (CEH) Richard Henson May 2012.

Similar presentations

Ads by Google