Information Gathering
Ways of gathering information:
- First Steps
- Open Source - Info out in the open
- Organization brochures/announcements
- Organization web-sites
- SEC's Edgar: http://www.sec.gov/edgarhp.htm
- News groups: http://groups.google.com
- Sister sites: using "link: URL" on http://www.altavista.com
- Spiders: shareware and freeware available
- Whois - Help
- by registrar:
> whois "microsoft."@whois.crsnic.net - by name:
> whois "name microsoft"@whois.networksolutions.com - by domain:
> whois microsoft.com@whois.networksolutions.com - by network:
> whois "microsoft."@whois.arin.net - by handle:
> whois "HANDLE MH37-ORG."@whois.networksolutions.com - nslookup
- Use DNS info gathered above to get more info. eg. 207.46.138.11
- start nslookup
> nslookup
> server server_number
> set type=any
> ls -d microsoft.com >> msftInfo.txt - DNS security - Microsoft Knowledge Base
- host
- host -l company.org
- host [options (-a|-v -t| -d -t) -c -C -l -r -R -t -T -v -n -N]
- dig
- send domain name query packets to name servers
- > dig @server domain query-type query-class
> dig domain
works in the above simple/interactive mode - Find if the above systems are active
- ping
- > ping ip#
- > ping -c count ip#
- > ping -t ip# [win]
- > ping -n count ip# [win]
- other options and features available in various implementations
- ping with nmap
- > nmap -sP -PI ip#
nmap is used for other types of scanning also - Check for an entry point
- strobe - files at FreeBSD.
- SATAN/SAINT - written by Dan Farmer and Wietse Venema.
- netcat / nc - written by Hobbit
- nmap - at insecure.org - written by Fyodor
- SuperScan - written by Robin Keir.
- ScanPort - written by DataSet.
- Which OS do they use?
- queso
- nmap - Insecure.org
- How does the network look?
- traceroute
- cheops
- Hackers Beware - Eric Cole
- Hacking Exoposed 2nd ed - Scambray, McClure, Kurtz
- http://www.linuxgazette.com/issue57/sharma.html
- http://www.linuxdoc.org/LDP/lasg/intrusion-scanning/
-
Last Modified: