CHAPTER 2 GATHERING TARGET INFORMATION

Get Started. It's Free
or sign up with your email address
Rocket clouds
CHAPTER 2 GATHERING TARGET INFORMATION by Mind Map: CHAPTER 2 GATHERING TARGET INFORMATION

1. RECONNAISSANCE AND FOOTPRINTING

1.1. Is a method of observing and collecting information about a potential target with the intention of finding a way to attack the target.

1.2. Footprinting looks for information and later analyzes it, looking for weaknesses or potential vulnerabilities.

2. INFORMATION TO BE GATHERED ABOUT A TARGET

2.1. network information

2.2. operating system information

2.3. network blocks

2.4. network services

2.5. system architecture

2.6. intrusion detection & intrusion prevention system

3. INFORMATION TO BE GATHERED ABOUT A TARGET

3.1. Examining the company’s web site

3.2. Identifying key employees

3.3. Analyzing open position and job requests

3.4. Assessing affiliate, parent or sister companies

3.5. Finding technologies and software used by the organization

3.6. Determining network address and range

4. COMMON TOOLS USED FOR FOOTPRINTING

4.1. sam spade

4.2. nslookup

4.3. traceroute

4.4. nmap

4.5. neotrace

5. TOOLS TO EXTRACT COMPANY'S DATA

5.1. web data extractor

5.2. spiderfoot

5.3. robtext

6. INFORMATION GATHERING METHODOLOGY

6.1. unearth initial information

6.1.1. is the act of footprinting basic usually free available, information about a target.

6.2. locate the network range

6.2.1. neotrace and visual route

6.3. certain active machines

6.3.1. port scanner

6.3.2. detect os (telnet)

6.4. discover open ports/ access ports

6.4.1. a potential target computer runs many services

6.5. detect operating system

6.5.1. active banner grabbing

6.5.2. passive banner grabbing

6.5.3. tool: netcraf and telnet

6.6. uncover service on port

6.6.1. service running on specific port

6.7. mapping the network

6.7.1. manual mapping

6.7.2. automated mapping

7. DNS ENUMERATION

7.1. Is the process of locating all the DNS servers and their corresponding records for an organization.

7.2. A company may have both internal and external DNS servers that can yield information such as usernames, computer names, and IP addresses of potential target systems.

7.3. Tools to gain information

7.3.1. NSlookup

7.3.2. DNSstuff

7.3.3. American Registry for Internet Numbers (ARIN)

7.3.4. Whois

8. FOOTPRINTING USING GOOGLE HACKING TECHNIQUE

8.1. query string

8.2. vulnerability sites

8.3. google operators

9. WHAT A HACKER CAN DO WITH GOOGLE HACKING?

9.1. Advisories and server vulnerabilities

9.2. error messages that contain sensitive information

9.3. files containing passwords

9.4. sensitive directories

9.5. pages containing logon portals

9.6. pages containing network or vulnerability data

10. GOOGLE ANDVANCE SEARCH OPERATOR

10.1. site

10.2. file type

10.3. cache

10.4. link

10.5. intitle

10.6. inurl

11. SOCIAL ENGINEERING

11.1. is a nontechnical method of breaking into a system or network.

11.2. It’s the process of deceiving users of a system and convincing them to give out information that can be used to defeat or bypass security mechanisms.

11.3. HUMAN-BASED SOCIAL ENGINEERING

11.3.1. refers to person-to-person interaction to retrieve the desired information. An example is calling the help desk and trying to find out a password.

11.3.2. impersonate as important user.

11.3.3. pose as third person

11.3.4. call technical support

11.3.5. shoulder surfing

11.3.6. dumpster diving

11.4. COMPUTER-BASED SOCIAL ENGINEERING

11.4.1. refers to having computer software that attempts to retrieve the desired information. An example is sending a user an e-mail and asking them to reenter a password in a web page to confirm it. This social-engineering attack is also known as phishing.

11.4.2. computer based social engineering include the following

11.4.2.1. email attachments

11.4.2.2. fake website

11.4.2.3. pop up windows

11.4.3. Insider attacks

11.4.4. Identity theft

11.4.5. Phishing attacks

11.4.6. Online scams

11.4.7. Url obfuscation

12. DNS RECORDS

12.1. A (address)- maps a host name to an IP address

12.2. SOA (start of authority)-identifies the DNS server responsible for the domain information

12.3. CNAME (canonical name)- provides addtitonal names or alias for the address record

12.4. MX (mail exchange)- identifies the mail server for the domain

12.5. SRV (service)- identifies services such as directory services

12.6. PTR (pointer)- maps IP addresses to host names

12.7. NS (name server)- identifies other name servers for the domain.

13. SOCIAL ENGINEERING COUNTERMEASURES

13.1. documented and enforced security policies and security awareness programs.

13.2. the corporate security policy should address how and when accounts are set up and terminated.

13.3. the destruction of paper documents and physical access restriction are additional areas the security policy should address.