Unlock the full potential of your projects.
Show full map
Copy and edit map Copy

CHAPTER 2 GATHERING TARGET INFORMATION

Other
amira hamidun
Get Started. It's Free
or sign up with your email address
Similar Mind Maps Mind Map Outline
CHAPTER 2 GATHERING TARGET INFORMATION by Mind Map: CHAPTER 2 GATHERING TARGET INFORMATION

1. INFORMATION GATHERING METHODOLOGY

1.1. unearth initial information

1.1.1. is the act of footprinting basic usually free available, information about a target.

1.2. locate the network range

1.2.1. neotrace and visual route

1.3. certain active machines

1.3.1. port scanner

1.3.2. detect os (telnet)

1.4. discover open ports/ access ports

1.4.1. a potential target computer runs many services

1.5. detect operating system

1.5.1. active banner grabbing

1.5.2. passive banner grabbing

1.5.3. tool: netcraf and telnet

1.6. uncover service on port

1.6.1. service running on specific port

1.7. mapping the network

1.7.1. manual mapping

1.7.2. automated mapping

2. DNS ENUMERATION

2.1. Is the process of locating all the DNS servers and their corresponding records for an organization.

2.2. A company may have both internal and external DNS servers that can yield information such as usernames, computer names, and IP addresses of potential target systems.

2.3. Tools to gain information

2.3.1. NSlookup

2.3.2. DNSstuff

2.3.3. American Registry for Internet Numbers (ARIN)

2.3.4. Whois

3. FOOTPRINTING USING GOOGLE HACKING TECHNIQUE

3.1. query string

3.2. vulnerability sites

3.3. google operators

4. WHAT A HACKER CAN DO WITH GOOGLE HACKING?

4.1. Advisories and server vulnerabilities

4.2. error messages that contain sensitive information

4.3. files containing passwords

4.4. sensitive directories

4.5. pages containing logon portals

4.6. pages containing network or vulnerability data

5. GOOGLE ANDVANCE SEARCH OPERATOR

5.1. site

5.2. file type

5.3. cache

5.4. link

5.5. intitle

5.6. inurl

6. SOCIAL ENGINEERING

6.1. is a nontechnical method of breaking into a system or network.

6.2. It’s the process of deceiving users of a system and convincing them to give out information that can be used to defeat or bypass security mechanisms.

6.3. HUMAN-BASED SOCIAL ENGINEERING

6.3.1. refers to person-to-person interaction to retrieve the desired information. An example is calling the help desk and trying to find out a password.

6.3.2. impersonate as important user.

6.3.3. pose as third person

6.3.4. call technical support

6.3.5. shoulder surfing

6.3.6. dumpster diving

6.4. COMPUTER-BASED SOCIAL ENGINEERING

6.4.1. refers to having computer software that attempts to retrieve the desired information. An example is sending a user an e-mail and asking them to reenter a password in a web page to confirm it. This social-engineering attack is also known as phishing.

6.4.2. computer based social engineering include the following

6.4.2.1. email attachments

6.4.2.2. fake website

6.4.2.3. pop up windows

6.4.3. Insider attacks

6.4.4. Identity theft

6.4.5. Phishing attacks

6.4.6. Online scams

6.4.7. Url obfuscation

7. DNS RECORDS

7.1. A (address)- maps a host name to an IP address

7.2. SOA (start of authority)-identifies the DNS server responsible for the domain information

7.3. CNAME (canonical name)- provides addtitonal names or alias for the address record

7.4. MX (mail exchange)- identifies the mail server for the domain

7.5. SRV (service)- identifies services such as directory services

7.6. PTR (pointer)- maps IP addresses to host names

7.7. NS (name server)- identifies other name servers for the domain.

8. RECONNAISSANCE AND FOOTPRINTING

8.1. Is a method of observing and collecting information about a potential target with the intention of finding a way to attack the target.

8.2. Footprinting looks for information and later analyzes it, looking for weaknesses or potential vulnerabilities.

9. INFORMATION TO BE GATHERED ABOUT A TARGET

9.1. network information

9.2. operating system information

9.3. network blocks

9.4. network services

9.5. system architecture

9.6. intrusion detection & intrusion prevention system

10. INFORMATION TO BE GATHERED ABOUT A TARGET

10.1. Examining the company’s web site

10.2. Identifying key employees

10.3. Analyzing open position and job requests

10.4. Assessing affiliate, parent or sister companies

10.5. Finding technologies and software used by the organization

10.6. Determining network address and range

11. COMMON TOOLS USED FOR FOOTPRINTING

11.1. sam spade

11.2. nslookup

11.3. traceroute

11.4. nmap

11.5. neotrace

12. TOOLS TO EXTRACT COMPANY'S DATA

12.1. web data extractor

12.2. spiderfoot

12.3. robtext

13. SOCIAL ENGINEERING COUNTERMEASURES

13.1. documented and enforced security policies and security awareness programs.

13.2. the corporate security policy should address how and when accounts are set up and terminated.

13.3. the destruction of paper documents and physical access restriction are additional areas the security policy should address.