Presentation is loading. Please wait.

Presentation is loading. Please wait.

CS3695 – Network Vulnerability Assessment & Risk Mitigation – Supplemental Slides to Module #2 Footprinting and Reconnaissance Intelligence Gathering CEH.

Published byRoderick Griffin Modified over 9 years ago

Similar presentations

Presentation on theme: "CS3695 – Network Vulnerability Assessment & Risk Mitigation – Supplemental Slides to Module #2 Footprinting and Reconnaissance Intelligence Gathering CEH."— Presentation transcript:

1 CS3695 – Network Vulnerability Assessment & Risk Mitigation – Supplemental Slides to Module #2 Footprinting and Reconnaissance Intelligence Gathering CEH Ver. 8 By Scott Coté

2 Use of Footprinting Script kiddies, worms, viruses and the like usually do NOT footprint… –Just constantly scan with automated tools a pool of addresses A true Cracker will take the time (and it is a lot of time) to footprint a network… –End result should be a thorough knowledge of the network systems, IP addresses, services, etc…

3 Footprinting What is footprinting? –A systematic approach to re-create a complete profile of an organizations network and security posture… Internet, intranet, remote access and extranet Why is it necessary? –To ensure that all pieces of information related to the network and posture are known

4 Develop the Network To develop a snapshot of the target’s network –Identify the domain names and records associated with a specific target… –Domain names represent the targets presence on the Internet… –Many tools to this for you, but lets look at how they all work under the hood by doing it manually first!

5 Robots.txt Web sites use it to give instructions about their site to web robots –this is called The Robots Exclusion Protocol. It works likes this: –a robot wants to vists a Web site URL –Before it does so, it firsts checks for http://www.example.com/robots.txt –The "Disallow: x" tells the robot that it should not visit pages x on the site. These are publicly readable by everyone!

6 Example

7 whois? whois tool –Searches domain registries for information on a specific domain –Important tool with legitimate uses Notification of Sys Admin when there is a problem –Easily used for bad purposes by crackers

8 Example

9 whois… Wild Cards! Use of a wild card can also help Note: wildcards may differ by the type of search performed. RTFM.

10 whois…Digging Deeper! whois can be used to get more and more info depending on how you use it… Use pieces from one whois search to perform additional whois searches!

11

12 ARIN: American Registry for Internet Numbers ARIN will give you the IP addresses assigned to a target... Use one of the IP addresses (from the whois DNS server or an nslookup on www.target.com)

13 http://ceh.vn http://i-train.com.vn CEH, MCITP, CCNA, CCNP, VMware sPhere, LPI, Web Design

14 host –a geneseo.edu

15 http://www.iplocation.net/

16 Zone Transfers Domain Name Servers (DNS) –Map IP addresses to host names Valuable information knowing IP Addresses Creates a “blueprint” of a network May be able to do a Zone Transfer –Tool used to allow secondary DNS to get DNS records from Primary DNS

17 Results from a Zone Xfer Remember, a name can tell you a LOT!!!

18 DNS Mitigation: Internal And External DNS A smart company will split their DNS across two hosts –External DNS In the DMZ, contains just externally accessible host names –Internal DNS On the internal LAN, contains records on just those hosts accessible from the inside. –Never put them on the same host!

19 Mail Verification Use telnet to confirm mail addresses: –SMTP will allow the use of vrfy and expn vrfy is used to verfy an email address –Usually email addresses are the same as user accounts expn is used to see the real address of an alias –Good to know where it is actually going…

20 Mail Verification telnet mail.geneseo.edu 25 Trying 137.238.1.100... Connected to helios.geneseo.edu. Escape character is '^]'. 220 helios.geneseo.edu ESMTP Sendmail {omitted} vrfy bean 250 2.1.5 Samuel N Bean expn bean 250 2.1.5 Samuel N Bean vrfy root 250 2.1.5 Super-User expn root 250-2.1.5 Mark T. Valites 250-2.1.5 Kirk M. Anne 250 2.1.5 Super-User quit 221 2.0.0 helios.geneseo.edu closing connection Connection closed by foreign host.

21 Can you get an email from them? From: scott@coteconsulting.com Subject: Re: Intros Date: June 13, 2007 9:49:53 AM PDT To: {omitted}, rscote@nps.edu Received: from virginia.nps.edu ([205.155.65.26]) by virginia.nps.edu with Microsoft SMTPSVC(6.0.3790.1830); Wed, 13 Jun 2007 09:49:46 -0700 Received: from barracuda.nps.edu ([205.155.65.61]) by virginia.nps.edu with Microsoft SMTPSVC(6.0.3790.1830); Wed, 13 Jun 2007 09:49:46 -0700 Received: from smtp103.sbc.mail.mud.yahoo.com (smtp103.sbc.mail.mud.yahoo.com [68.142.198.202]) by barracuda.nps.edu (Spam Firewall) with SMTP id C87BB57468 for ; Wed, 13 Jun 2007 09:49:43 -0700 (PDT) Received: (qmail 48303 invoked from network); 13 Jun 2007 16:49:42 -0000 Received: from unknown (HELO ?10.0.1.2?) (rscote@pacbell.net@209.232.244.70 with login) by smtp103.sbc.mail.mud.yahoo.com with SMTP; 13 Jun 2007 16:49:42 -0000 Internal NAT Address! IP Address of the public host/router sent from, like a DLS IP Address! View the long headers of the email for possible IP addresses!! You may want to send and email to a bogus acccount at your target as well, to see how the mail server at the target handles it!

22 Viewing Mail Headers on (web)mail Clients Look at this URL for how to view the header info for several different webmail servers and email clients. –http://mail.google.com/support/bin/answer.py?h l=en&answer=22454

23 Page: 65

24 http://ceh.vn http://i-train.com.vn CEH, MCITP, CCNA, CCNP, VMware sPhere, LPI, Web Design Page: 69 Anonymity!! intitle:index.of Intitle:error Intitle:logon intitle:index.of Intitle:error Intitle:logon inurl:“/admin/* Don’t forget: 1.Extension Walking (*replacing.htm with.bak or.old) 2.Excluding pages or extensions: -www or -.htm 3.Filetype: look for certain file types such as.pdf or.doc 4.Look for default installs: Query for “Microsoft-IIS/5.0 server at” or apache 5.Limit to only current pages: append &as_qdr=d[# of days] i.e. &as_qdr=d50

25

26 http://w ww. exploit- db.com/ google- dorks/

27

28 End Results Some of the final products from a good foot-printing are: –Registered names –Range of IP addresses associated with target –Some idea on what the network might look like Routers, host name, etc –Idea of user accounts Taken from email addresses –Security posture

29 Foot-Printing is the 1st Step Remember… –Registered names lead to IP addresses –IP addresses lead to ports –Ports lead to services –Services lead to… Applications OS Protocols More? Exploitable? Enumeration… Step 3 Scanning… Step 2

Download ppt "CS3695 – Network Vulnerability Assessment & Risk Mitigation – Supplemental Slides to Module #2 Footprinting and Reconnaissance Intelligence Gathering CEH."

Similar presentations

The Internet.

The Internet.
Module II Footprinting

Module II Footprinting
DMZ (De-Militarized Zone)

DMZ (De-Militarized Zone)
NetScanTools ® LE Law Enforcement Version of NetScanTools ® from Northwest Performance Software, Inc. netscantools.com.

NetScanTools ® LE Law Enforcement Version of NetScanTools ® from Northwest Performance Software, Inc. netscantools.com.
 Dynamic policies o Change as system security state/load changes o GAA architecture  Extended access control lists  Pre-, mid- and post-conditions,

 Dynamic policies o Change as system security state/load changes o GAA architecture  Extended access control lists  Pre-, mid- and post-conditions,
ITIS 1210 Introduction to Web-Based Information Systems Chapter 44 How Firewalls Work How Firewalls Work.

ITIS 1210 Introduction to Web-Based Information Systems Chapter 44 How Firewalls Work How Firewalls Work.
1 Configuring Internet- related services (April 22, 2015) © Abdou Illia, Spring 2015.

1 Configuring Internet- related services (April 22, 2015) © Abdou Illia, Spring 2015.
Chapter 2 Gathering Target Information: Reconnaissance, Footprinting, and Social Engineering.

Chapter 2 Gathering Target Information: Reconnaissance, Footprinting, and Social Engineering.
© Copyright 1997, The University of New Mexico C-1 Internet Service Provider Services What to do once you’re connected.

© Copyright 1997, The University of New Mexico C-1 Internet Service Provider Services What to do once you’re connected.
Week 2 -1 Week 2: Footprinting What is Footprinting? –Systematic collection of information on an intended target with the goal to create a complete profile.

Week 2 -1 Week 2: Footprinting What is Footprinting? –Systematic collection of information on an intended target with the goal to create a complete profile.
CLIENT / SERVER ARCHITECTURE AYRİS UYGUR & NİLÜFER ÇANGA.

CLIENT / SERVER ARCHITECTURE AYRİS UYGUR & NİLÜFER ÇANGA.
91.580.203 Computer & Network Forensics Xinwen Fu Chapter 13 E-mail Investigations.

Computer & Network Forensics Xinwen Fu Chapter 13 Investigations.
Information Networking Security and Assurance Lab National Chung Cheng University 1 A Real World Attack: wu-ftp.

Information Networking Security and Assurance Lab National Chung Cheng University 1 A Real World Attack: wu-ftp.
Client Server and Protocols. Servers and Clients 4 A “server” is just a computer running a piece of software that provides resources to clients 4 A client.

Client Server and Protocols. Servers and Clients 4 A “server” is just a computer running a piece of software that provides resources to clients 4 A client.
CCNA Guide to Cisco Networking Fundamentals Fourth Edition Chapter 9 Network Services.

CCNA Guide to Cisco Networking Fundamentals Fourth Edition Chapter 9 Network Services.
Pro Exchange SPAM Filter An Exchange 2000 based spam filtering solution.

Pro Exchange SPAM Filter An Exchange 2000 based spam filtering solution.
Web Client/Server Communication A290/A590, Fall 2014 09/09/2014.

Web Client/Server Communication A290/A590, Fall /09/2014.
Hands-On Microsoft Windows Server 2008 Chapter 8 Managing Windows Server 2008 Network Services.

Hands-On Microsoft Windows Server 2008 Chapter 8 Managing Windows Server 2008 Network Services.
Penetration Testing Edmund Whitehead Rayce West. Introduction - Definition of Penetration Testing - Who needs Penetration Testing? - Penetration Testing.

Penetration Testing Edmund Whitehead Rayce West. Introduction - Definition of Penetration Testing - Who needs Penetration Testing? - Penetration Testing.
Reconnaissance & Enumeration Baseline, Monitor, Detect, Analyze, Respond, & Recover Hervey Allen Chris Evans Phil Regnauld September 3 – 4, 2009 Santiago,

Reconnaissance & Enumeration Baseline, Monitor, Detect, Analyze, Respond, & Recover Hervey Allen Chris Evans Phil Regnauld September 3 – 4, 2009 Santiago,

Similar presentations

Ads by Google