Presentation is loading. Please wait.

Presentation is loading. Please wait.

Information Gathering. Before an attack What information do we need? WHOIS details OS & web server details (NetCraft, whois.webhosting.info) DNS information,

Published byMatthew Little Modified over 10 years ago

Similar presentations

Presentation on theme: "Information Gathering. Before an attack What information do we need? WHOIS details OS & web server details (NetCraft, whois.webhosting.info) DNS information,"— Presentation transcript:

1 Information Gathering

2 Before an attack What information do we need? WHOIS details OS & web server details (NetCraft, whois.webhosting.info) DNS information, Zone transfers, reverse DNS lookups Open ports?

3 Information Gathering Legal issues Is gathering information on a target legal? Yes BUT, port scans are considered to be an attacks so check local laws for further information Other information gathering techniques are, for the most part, legal but please check before you proceed

4 Information Gathering WHOIS www.dk-hostmaster.dk www.whois.net What information to look for: Owner Administrative contact Technical contact

5 Information Gathering OS & web server details www.netcraft.com http://uptime.netcraft.com/up/graph?site=www.whitehouse.gov

6 Information Gathering DNS information www.whois.net What information to look for: Find the DNS server details Now what? C:\>nslookup > server > set type=any // return all records > ls –d

7 Information Gathering DNS information (cont.) Reverse DNS lookup Ping –a (we can also use nmap as described in the next section)

8 Information Gathering Open ports? We have to install a few things WinPcap 3.1: http://www.winpcap.org/install/default.htm Installer for Windows 95/98/ME/NT4/2000/XP/2003/Vista NMAP: http://www.insecure.org/nmap/nmap_download.html Latest stable Nmap command-line zipfile: nmap-3.93-win32.zip

9 Information Gathering Open ports (cont)? Performing a quick and simple port scan SYN scan: nmap –sS –P0 –p- (C:SYN; S:SYN/ACK; C:RST) CONNECT scan: nmap –sT –P0 –p- (three way handshake: C:SYN; S:SYN/ACK; C:ACK; C S; S C) SRC port: nmap –sS –P0 –p- -g53 Ping sweep: nmap –sP Reverse DNS: nmap –sP –R

10 Information Gathering Try it on a site you use Lets try one together Gather WHOIS details OS & web server details (NetCraft) DNS information, Zone transfers, reverse DNS lookups (www.dnsstuff.com)

11 Web applications

12 What are web applications? www.securityfocus.com www.ezenta.com www.reversing.be www.whitehouse.gov msdn.microsoft.com Any application that uses the HTTP protocol to communicate with its clients

13 Web applications What are web applications? (cont.) REQUEST: GET /html/default.asp HTTP/1.1 Host: www.ezenta.com Connection: close Accept-Encoding: gzip RESPONSE: HTTP/1.1 200 OK Connection: close Content-Type:text/html Content-Encoding:gzip

14 Web applications What are web applications? (cont.) Lets have a look at the raw data on the wire…

15

16 Web platforms

17 What technologies exist? JAVA (i.e. Servlets, JSP) ASP.NET (C#, J#, ASP, C++) PHP Lotus Notes Cold Fusion Native Code (i.e. ISAPI) CGI (i.e. Perl, C) BEA WebLogic IBM WebSphere Zope (i.e. Python)

18 Web platforms What is the difference? Programming language Performance Features Integration Stability Administration Ease of use Security What else?

19 Web platforms ASP Have tendency to be vulnerable, no/limited built-in facilities

20 Web platforms PHP Global variables can be problematic

21 Web platforms Lotus Notes ACLs on NSF files are often poorly configured

22 Web platforms CGI Native code = native code issues (b0f)

23 Web platforms Java and.NET security Source files can be decompiled and read Any secrets are exposed Connection string information User credentials Internal addresses What tools exist to help us? Java: DJ Decompiler ( http://members.fortunecity.com/neshkov/dj.html).NET: Salamander (http://www.remotesoft.com/salamander/)

24 Web platforms Native code versus web technologies Whats the difference between them with respect to getting the source? Native code = ASM VM code = byte code Reversing native code The original source code is not available Programme flow is harder to follow (IDA Pro can help) Reversing VM code The original code is readable DJ turns *.class, *.jar files into Java code Salamander: exes or dlls into VB or C#.NET

25 Web platforms Reversing demo Native code Java.NET

26 Web platforms Protection Dongles VM code: Obfuscation techniques Salamander HASP Native code: packers Exe Shield Armadillo ASProtect Anticrack

27 Web platforms Summary You dont have to break the law to gather info. Although port scanning in illegal Platforms, some better than others/more security aware

28 ?

Download ppt "Information Gathering. Before an attack What information do we need? WHOIS details OS & web server details (NetCraft, whois.webhosting.info) DNS information,"

Similar presentations

Ethical Hacking Module IV Enumeration.

Ethical Hacking Module IV Enumeration.
Internet Applications INTERNET APPLICATIONS. Internet Applications Domain Name Service Proxy Service Mail Service Web Service.

Internet Applications INTERNET APPLICATIONS. Internet Applications Domain Name Service Proxy Service Mail Service Web Service.
Faith Allington Program Manager Microsoft Corporation WSV322.

Faith Allington Program Manager Microsoft Corporation WSV322.
Building International Applications with Visual Studio.NET Achim Ruopp International Program Manager Microsoft Corporation.

Building International Applications with Visual Studio.NET Achim Ruopp International Program Manager Microsoft Corporation.
Web Server Sun Peng What is server - Question  First thing first! We need a definition: What is a server? ?

Web Server Sun Peng What is server - Question  First thing first! We need a definition: What is a server? ?
NetScanTools ® LE Law Enforcement Version of NetScanTools ® from Northwest Performance Software, Inc. netscantools.com.

NetScanTools ® LE Law Enforcement Version of NetScanTools ® from Northwest Performance Software, Inc. netscantools.com.
 Dynamic policies o Change as system security state/load changes o GAA architecture  Extended access control lists  Pre-, mid- and post-conditions,

 Dynamic policies o Change as system security state/load changes o GAA architecture  Extended access control lists  Pre-, mid- and post-conditions,
Revealing the Secrets: Source Code Disclosure, Techniques, and Impacts.

Revealing the Secrets: Source Code Disclosure, Techniques, and Impacts.
Computer Security Fundamentals

Computer Security Fundamentals
Hands-On Ethical Hacking and Network Defense Second Edition Chapter 5 Port Scanning.

Hands-On Ethical Hacking and Network Defense Second Edition Chapter 5 Port Scanning.
Hands-On Ethical Hacking and Network Defense Chapter 5 Port Scanning.

Hands-On Ethical Hacking and Network Defense Chapter 5 Port Scanning.
Hands-On Ethical Hacking and Network Defense Chapter 5 Port Scanning Last updated 9-18-08.

Hands-On Ethical Hacking and Network Defense Chapter 5 Port Scanning Last updated
ITP 457 Network Security Network Hacking 101. Hacking Methodology (review) 1. Gather target information 2. Identify services and ports open on the target.

ITP 457 Network Security Network Hacking 101. Hacking Methodology (review) 1. Gather target information 2. Identify services and ports open on the target.
Web Security Model CSE 591 – Security and Vulnerability Analysis Spring 2015 Adam Doupé Arizona State University

Web Security Model CSE 591 – Security and Vulnerability Analysis Spring 2015 Adam Doupé Arizona State University
Introduction to Web Base Multimedia Application. Web base application TCP/IP (HTTP) protocol Using WWW technology & software Distributed environment.

Introduction to Web Base Multimedia Application. Web base application TCP/IP (HTTP) protocol Using WWW technology & software Distributed environment.
Web Servers How do our requests for resources on the Internet get handled? Can they be located anywhere? Global?

Web Servers How do our requests for resources on the Internet get handled? Can they be located anywhere? Global?
Introduction to Web Based Application. Web-based application TCP/IP (HTTP) protocol Using WWW technology & software Distributed environment.

Introduction to Web Based Application. Web-based application TCP/IP (HTTP) protocol Using WWW technology & software Distributed environment.
1 CS6320 – Why Servlets? L. Grewe 2 What is a Servlet? Servlets are Java programs that can be run dynamically from a Web Server Servlets are Java programs.

1 CS6320 – Why Servlets? L. Grewe 2 What is a Servlet? Servlets are Java programs that can be run dynamically from a Web Server Servlets are Java programs.
Definitions, Definitions, Definitions Lead to Understanding.

Definitions, Definitions, Definitions Lead to Understanding.
How Clients and Servers Work Together. Objectives Learn about the interaction of clients and servers Explore the features and functions of Web servers.

How Clients and Servers Work Together. Objectives Learn about the interaction of clients and servers Explore the features and functions of Web servers.

Similar presentations

Ads by Google