Passive Research Section 2 11/29/2018.

Slides:



Advertisements
Similar presentations
Module II Footprinting
Advertisements

Internet Applications INTERNET APPLICATIONS. Internet Applications Domain Name Service Proxy Service Mail Service Web Service.
NetScanTools ® LE Law Enforcement Version of NetScanTools ® from Northwest Performance Software, Inc. netscantools.com.
 Dynamic policies o Change as system security state/load changes o GAA architecture  Extended access control lists  Pre-, mid- and post-conditions,
ITIS 1210 Introduction to Web-Based Information Systems Chapter 44 How Firewalls Work How Firewalls Work.
Principles of Information Systems, Sixth Edition The Internet, Intranets, and Extranets Chapter 7.
Chapter 2 Gathering Target Information: Reconnaissance, Footprinting, and Social Engineering.
Chapter 5 Phase 1: Reconnaissance. Reconnaissance  Finding as much information about the target as possible before launching the first attack packet.
COS/PSA 413 Day 17. Agenda Lab 8 write-up grades –3 B’s, 1 C and 1 F –Answer the Questions!!! Capstone progress report 2 overdue Today we will be discussing.
Reconnaissance Steps. EC-Council Gathering information from Open Sources  Owner of IP-address range  Address Range  Domain Names  Computing Platforms.
MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 5 Introduction to DNS in Windows Server 2008.
MSIS 110: Introduction to Computers; Instructor: S. Mathiyalakan1 The Internet, Intranets, and Extranets Chapter 7.
Pro Exchange SPAM Filter An Exchange 2000 based spam filtering solution.
Windows Server 2008 Chapter 8 Last Update
Hands-On Microsoft Windows Server 2008 Chapter 8 Managing Windows Server 2008 Network Services.
Networking Basics: DNS IP addresses are usually paired with more human-friendly names: Domain Name System (DNS). internet.rutgers.edu HostnameOrganizationTop-level.
Principles of Information Systems, Sixth Edition The Internet, Intranets, and Extranets Chapter 7.
Footprinting Richard Newman “If you know the enemy and know yourself, you need not fear the result of a hundred battles. If you know yourself but not the.
Name Resolution Domain Name System.
Chapter 6 The World Wide Web. Web Pages Each page is an interactive multimedia publication It can include: text, graphics, music and videos Pages are.
DNS Related Commands Sayed Ahmed Computer Engineering, BUET, Bangladesh (Graduated on 2001 ) MSc, Computer Science, U of Manitoba, Canada
Postacademic Interuniversity Course in Information Technology – Module C1p1 Contents Data Communications Applications –File & print serving –Mail –Domain.
How Web Servers and the Internet Work by by: Marshall Brainby: Marshall Brain
Internet Concept and Terminology. The Internet The Internet is the largest computer system in the world. The Internet is often called the Net, the Information.
Attack Lifecycle Many attacks against information systems follow a standard lifecycle: –Stage 1: Info. gathering (reconnaissance) –Stage 2: Penetration.
SATAN Presented By Rick Rossano 4/10/00. OUTLINE What is SATAN? Why build it? How it works Capabilities Why use it? Dangers of SATAN Legalities Future.
Forensic and Investigative Accounting Chapter 14 Internet Forensics Analysis: Profiling the Cybercriminal © 2005, CCH INCORPORATED 4025 W. Peterson Ave.
CIS 450 – Network Security Chapter 3 – Information Gathering.
Attack Methods Chapter 4 Corporate IT Security Copyright 2002 Prentice-Hall.
Validating, Promoting, & Publishing Your Web Site Writing For the Web The Internet Writer’s Handbook 2/e.
Hour 7 The Application Layer 1. What Is the Application Layer? The Application layer is the top layer in TCP/IP's protocol suite Some of the components.
How to configure DNS for a Windows 2000 domain? 1.Start the Install/Remove Programs Control Panel Applet (Start - Settings - Control Panel - Add/Remove.
Assessing a Target System Source: Chapter 3 Computer Security Fundamentals Chuck Easttom Prentice Hall, 2006.
Module 3 – Information Gathering  Phase II  Controls Assessment  Scheduling ○ Information Gathering ○ Network Mapping ○ Vulnerability Identification.
Principles of Information Systems, Sixth Edition 1 The Internet, Intranets, and Extranets Chapter 7.
TCOM Information Assurance Management Casing the Establishment.
Footprinting and Scanning
Network Reconnaissance CS490 - Security in Computing Copyright © 2005 by Scott Orr and the Trustees of Indiana University.
Lesson 10—Networking BASICS1 Networking BASICS The Internet and Its Tools Unit 3 Lesson 10.
1 FRED – open source registry system CZ.NIC, z.s.p.o. Jaromír Talíř
Ip addressing: dhcp & dns
Introduction to the Internet
Penetration Testing Reconnaissance 2
Understand Names Resolution
Module 3: Enabling Access to Internet Resources
Internet, Intranet and Extranets
Footprinting and Scanning
CONNECTING TO THE INTERNET
CISC103 Web Development Basics: Web site:
Backdoor Attacks.
Instructor Materials Chapter 9: Testing and Troubleshooting
Internet, Intranet and Extranets
LINUX ADMINISTRATION 1
The Internet.
Working at a Small-to-Medium Business or ISP – Chapter 7
Exam 1 Review.
Internet Applications
Footprinting and Scanning
Working at a Small-to-Medium Business or ISP – Chapter 7
Internet, Intranet and Extranets
RECONNAISSANCE & ENUMERATION
FootPrinting CS391.
Working at a Small-to-Medium Business or ISP – Chapter 7
Learning objectives By the end of this unit you should: Explain
Information Technology Ms. Abeer Helwa
Acknowledgement Content from the book:
AbbottLink™ - IP Address Overview
INTERNET APPLICATIONS
Windows Name Resolution
Presentation transcript:

Passive Research Section 2 11/29/2018

Outline Objective Tools used for Passive Research Example results 11/29/2018

Uses of Passive Research Gather information for social engineering Quietly probe network in a difficult to detect manner Identify what resources are most valuable/interesting 11/29/2018

Objective Obtain information from the public domain that could potentially be used to bypass security controls Determine all entities associated with the target Identify networks, domains, staff and configuration, if possible 11/29/2018

What are we looking for Personal information about users/staff Organisational structure Details to map/identify network devices System configuration 11/29/2018

Tools used for Passive Research All resources can be checked without sending ‘suspicious’ packets to the target. Whois DNS interrogation Target’s homepage, news sites, linking sites Newsgroup postings Public Internet databases 11/29/2018

Whois Section 2.1 11/29/2018

Whois The following useful information can be obtained from a whois query: Organisational branches and subdivisions Domain names Network address ranges IT staff names, phone numbers Email address format Registrant: HSBC Holdings plc (HSBC5-DOM) 10 Lower Thames Street London, London EC3R 6AE UK Domain Name: HSBC.COM Administrative Contact, Technical Contact: Internet Systems (IS3036-ORG) dns.hsbc@HSBC.COM HSBC Bank PLC Griffin House, 41 Silver Street Head Sheffield, - S1 3GG UNITED KINGDOM +44 (0)114 282 7427 Fax- +44 (0)114 282 7345 11/29/2018

Useful information found For one bank, found a network connected to the Internet which they didn’t know existed. Identified administrator names which were then used for web searches. 11/29/2018

Tools used for whois Command line whois clients available for many Unix/Linux packages Web based http://www.whois.org http://www.demon.net/external/ http://www.samspade.org/ http://www.nettitude.com/iptools.html GUI based for windows Samspade.org (free and very good) Geektools.com Solarwinds 11/29/2018

Unix Whois demo 11/29/2018

Lab Use whois from the Unix command line to investigate entries Time: 10 minutes 11/29/2018

Example of a windows based whois tool 11/29/2018

Passive research - Ripe $ whois -h whois.nic.uk. "loud-fat-bloke.co.uk" 11/29/2018

Passive research - Ripe My network range 11/29/2018

Whois web interfaces http://www.samspade.org http://www.geektools.com/cgi-bin/proxy.cgi http://www.internic.net/alpha.html http://www.allwhois.com http://www.demon.net/external List of whois servers: http://www.geektools.com/dist/whoislist.gz 11/29/2018

Passive research - Ripe Me & my address!!!!! 11/29/2018

Passive research - Netcraft 11/29/2018

Passive research – DNS/Geektools 11/29/2018

Lab Use web based whois to search for information about a particular domain. Time: 15 minutes 11/29/2018

Domain Name System Section 4.2 11/29/2018

DNS interrogation Tools: Dig, Nslookup First choice: Zone transfer MX records Reverse lookups 11/29/2018

Useful information found Identified over 200 hosts through a single zone transfer of internal and external servers and gateways. Identified the IP addresses of firewalls that otherwise couldn’t be seen. 11/29/2018

‘dig’ 11/29/2018

DNS 11/29/2018

Lab Use web based DNS tools to investigate a company’s DNS entries Time: 10 minutes 11/29/2018

Using the target homepage Section 2.3 11/29/2018

Target’s homepage Determine if site is hosted at ISP or at target Quantify number of sites which may be attacked Determine if there is any non-public information buried in HTML comment tags. Review pages to identify server type Other items of interest: Location Merger or acquisition news Phone numbers Contact names and e-mail addresses Links to other organisations 11/29/2018

Tools to speed up a web page review Copy the site locally using an automated tool Search using Nimrod or ‘grep’ for keywords Example tool on Unix wget (http://www.gnu.org/software/wget/wget.html) Nimrod www.loud-fat-bloke.co.uk/tools.html Example tool on Windows Babelweb (http://www.hsc.fr/ressources/outils/babelweb) 11/29/2018

Useful information found Administrator contact details File configuration details Comments from programmers concerning configuration 11/29/2018

Lab Examine several companies’ web sites to see if they contain any useful information. Time: 15 minutes 11/29/2018

Newsgroups and the web Section 2.4 11/29/2018

Newsgroup posting and web search Objective To obtain newsgroup postings about an organisations employees and resources Example of a web based tool http://groups.google.com 11/29/2018

Useful information found Client chairman is a ‘male escort for hire’ Detailed firewall configuration Threats against companies by hacktivists Identified information about system administrators and operating system variants 11/29/2018

Lab Use http://groups.google.com to search for useful information about the contacts of a particular company Time: 30 minutes 11/29/2018

Lab Use Internet search engines to identify useful information about an organisation. Time: 15 minutes 11/29/2018

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.