Presentation is loading. Please wait.

Presentation is loading. Please wait.

Passive Research Section 2 11/29/2018.

Published byAlban Cooper Modified over 6 years ago

Similar presentations

Presentation on theme: "Passive Research Section 2 11/29/2018."— Presentation transcript:

1 Passive Research Section 2 11/29/2018

2 Outline Objective Tools used for Passive Research Example results
11/29/2018

3 Uses of Passive Research
Gather information for social engineering Quietly probe network in a difficult to detect manner Identify what resources are most valuable/interesting 11/29/2018

4 Objective Obtain information from the public domain that could potentially be used to bypass security controls Determine all entities associated with the target Identify networks, domains, staff and configuration, if possible 11/29/2018

5 What are we looking for Personal information about users/staff
Organisational structure Details to map/identify network devices System configuration 11/29/2018

6 Tools used for Passive Research
All resources can be checked without sending ‘suspicious’ packets to the target. Whois DNS interrogation Target’s homepage, news sites, linking sites Newsgroup postings Public Internet databases 11/29/2018

7 Whois Section 2.1 11/29/2018

8 Whois The following useful information can be obtained
from a whois query: Organisational branches and subdivisions Domain names Network address ranges IT staff names, phone numbers address format Registrant: HSBC Holdings plc (HSBC5-DOM) 10 Lower Thames Street London, London EC3R 6AE UK Domain Name: HSBC.COM Administrative Contact, Technical Contact: Internet Systems (IS3036-ORG) HSBC Bank PLC Griffin House, 41 Silver Street Head Sheffield, - S1 3GG UNITED KINGDOM +44 (0) Fax- +44 (0) 11/29/2018

9 Useful information found
For one bank, found a network connected to the Internet which they didn’t know existed. Identified administrator names which were then used for web searches. 11/29/2018

10 Tools used for whois Command line whois clients available for many Unix/Linux packages Web based GUI based for windows Samspade.org (free and very good) Geektools.com Solarwinds 11/29/2018

11 Unix Whois demo 11/29/2018

12 Lab Use whois from the Unix command line to investigate entries
Time: 10 minutes 11/29/2018

13 Example of a windows based whois tool
11/29/2018

14 Passive research - Ripe
$ whois -h whois.nic.uk. "loud-fat-bloke.co.uk" 11/29/2018

15 Passive research - Ripe
My network range 11/29/2018

16 Whois web interfaces http://www.samspade.org
List of whois servers: 11/29/2018

17 Passive research - Ripe
Me & my address!!!!! 11/29/2018

18 Passive research - Netcraft
11/29/2018

19 Passive research – DNS/Geektools
11/29/2018

20 Lab Use web based whois to search for information about a particular domain. Time: 15 minutes 11/29/2018

21 Domain Name System Section 4.2 11/29/2018

22 DNS interrogation Tools: Dig, Nslookup First choice: Zone transfer
MX records Reverse lookups 11/29/2018

23 Useful information found
Identified over 200 hosts through a single zone transfer of internal and external servers and gateways. Identified the IP addresses of firewalls that otherwise couldn’t be seen. 11/29/2018

24 ‘dig’ 11/29/2018

25 DNS 11/29/2018

26 Lab Use web based DNS tools to investigate a company’s DNS entries
Time: 10 minutes 11/29/2018

27 Using the target homepage
Section 2.3 11/29/2018

28 Target’s homepage Determine if site is hosted at ISP or at target
Quantify number of sites which may be attacked Determine if there is any non-public information buried in HTML comment tags. Review pages to identify server type Other items of interest: Location Merger or acquisition news Phone numbers Contact names and addresses Links to other organisations 11/29/2018

29 Tools to speed up a web page review
Copy the site locally using an automated tool Search using Nimrod or ‘grep’ for keywords Example tool on Unix wget ( Nimrod Example tool on Windows Babelweb ( 11/29/2018

30 Useful information found
Administrator contact details File configuration details Comments from programmers concerning configuration 11/29/2018

31 Lab Examine several companies’ web sites to see if they contain any useful information. Time: 15 minutes 11/29/2018

32 Newsgroups and the web Section 2.4 11/29/2018

33 Newsgroup posting and web search
Objective To obtain newsgroup postings about an organisations employees and resources Example of a web based tool 11/29/2018

34 Useful information found
Client chairman is a ‘male escort for hire’ Detailed firewall configuration Threats against companies by hacktivists Identified information about system administrators and operating system variants 11/29/2018

35 Lab Use to search for useful information about the contacts of a particular company Time: 30 minutes 11/29/2018

36 Lab Use Internet search engines to identify useful information about an organisation. Time: 15 minutes 11/29/2018

Download ppt "Passive Research Section 2 11/29/2018."

Similar presentations

Module II Footprinting

Module II Footprinting
Internet Applications INTERNET APPLICATIONS. Internet Applications Domain Name Service Proxy Service Mail Service Web Service.

Internet Applications INTERNET APPLICATIONS. Internet Applications Domain Name Service Proxy Service Mail Service Web Service.
NetScanTools ® LE Law Enforcement Version of NetScanTools ® from Northwest Performance Software, Inc. netscantools.com.

NetScanTools ® LE Law Enforcement Version of NetScanTools ® from Northwest Performance Software, Inc. netscantools.com.
 Dynamic policies o Change as system security state/load changes o GAA architecture  Extended access control lists  Pre-, mid- and post-conditions,

 Dynamic policies o Change as system security state/load changes o GAA architecture  Extended access control lists  Pre-, mid- and post-conditions,
ITIS 1210 Introduction to Web-Based Information Systems Chapter 44 How Firewalls Work How Firewalls Work.

ITIS 1210 Introduction to Web-Based Information Systems Chapter 44 How Firewalls Work How Firewalls Work.
Principles of Information Systems, Sixth Edition The Internet, Intranets, and Extranets Chapter 7.

Principles of Information Systems, Sixth Edition The Internet, Intranets, and Extranets Chapter 7.
Chapter 2 Gathering Target Information: Reconnaissance, Footprinting, and Social Engineering.

Chapter 2 Gathering Target Information: Reconnaissance, Footprinting, and Social Engineering.
Chapter 5 Phase 1: Reconnaissance. Reconnaissance  Finding as much information about the target as possible before launching the first attack packet.

Chapter 5 Phase 1: Reconnaissance. Reconnaissance  Finding as much information about the target as possible before launching the first attack packet.
COS/PSA 413 Day 17. Agenda Lab 8 write-up grades –3 B’s, 1 C and 1 F –Answer the Questions!!! Capstone progress report 2 overdue Today we will be discussing.

COS/PSA 413 Day 17. Agenda Lab 8 write-up grades –3 B’s, 1 C and 1 F –Answer the Questions!!! Capstone progress report 2 overdue Today we will be discussing.
Reconnaissance Steps. EC-Council Gathering information from Open Sources  Owner of IP-address range  Address Range  Domain Names  Computing Platforms.

Reconnaissance Steps. EC-Council Gathering information from Open Sources  Owner of IP-address range  Address Range  Domain Names  Computing Platforms.
MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 5 Introduction to DNS in Windows Server 2008.

MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 5 Introduction to DNS in Windows Server 2008.
MSIS 110: Introduction to Computers; Instructor: S. Mathiyalakan1 The Internet, Intranets, and Extranets Chapter 7.

MSIS 110: Introduction to Computers; Instructor: S. Mathiyalakan1 The Internet, Intranets, and Extranets Chapter 7.
Pro Exchange SPAM Filter An Exchange 2000 based spam filtering solution.

Pro Exchange SPAM Filter An Exchange 2000 based spam filtering solution.
Windows Server 2008 Chapter 8 Last Update 2012.05.31 1.0.0.

Windows Server 2008 Chapter 8 Last Update
Hands-On Microsoft Windows Server 2008 Chapter 8 Managing Windows Server 2008 Network Services.

Hands-On Microsoft Windows Server 2008 Chapter 8 Managing Windows Server 2008 Network Services.
Networking Basics: DNS IP addresses are usually paired with more human-friendly names: Domain Name System (DNS). internet.rutgers.edu HostnameOrganizationTop-level.

Networking Basics: DNS IP addresses are usually paired with more human-friendly names: Domain Name System (DNS). internet.rutgers.edu HostnameOrganizationTop-level.
Principles of Information Systems, Sixth Edition The Internet, Intranets, and Extranets Chapter 7.

Principles of Information Systems, Sixth Edition The Internet, Intranets, and Extranets Chapter 7.
Footprinting Richard Newman “If you know the enemy and know yourself, you need not fear the result of a hundred battles. If you know yourself but not the.

Footprinting Richard Newman “If you know the enemy and know yourself, you need not fear the result of a hundred battles. If you know yourself but not the.
Name Resolution Domain Name System.

Name Resolution Domain Name System.
Chapter 6 The World Wide Web. Web Pages Each page is an interactive multimedia publication It can include: text, graphics, music and videos Pages are.

Chapter 6 The World Wide Web. Web Pages Each page is an interactive multimedia publication It can include: text, graphics, music and videos Pages are.

Similar presentations

Ads by Google