- Mastering Kali Linux for Advanced Penetration Testing
- Robert W. Beggs
- 724字
- 2021-07-16 11:33:21
Obtaining user information
Many penetration testers gather user names and e-mail addresses, as this information is frequently used to log on to targeted systems.
The most commonly employed tool is the web browser, which is used to manually search the target organization's website as well as third-party sites such as LinkedIn or Jigsaw.
Some automated tools included with Kali can supplement the manual searches.
Tip
E-mail addresses of former employees can still be of use. When conducting social engineering attacks, directing information requests to a former employee usually results in a redirect that gives the attacker the "credibility" of having dealt with the previous employee. In addition, many organizations do not properly terminate employee accounts, and it is possible that these credentials may still give access to the target system.
Gathering names and e-mail addresses
The theharvester tool is a Python script that searches through popular search engines and other sites for e-mail addresses, hosts, and subdomains.
Using theharvester is relatively simple as there are only a few command switches to set. The options available are:
-d: This identifies the domain to be searched; usually the domain or target's website.- b: This identifies the source for extracting the data; it must be one of the following:Bing, BingAPI, Google, Google-Profiles, Jigsaw, LinkedIn, People123, PGP, or All
- l: This limit option instructstheharvesterto only harvest data from a specified number of returned search results.-f: This option is used to save the final results to an HTML and an XML file. If this option is omitted, the results will be displayed on the screen and not saved.
The following screenshot shows the results of a simple search of the Google indexes for the domain digitaldefence.ca:
Gathering document metadata
Document metadata refers to the information that is appended to documents so that applications can manage them during the creation and storage processes. Examples of metadata typically attached to documents include the following:
- The company or person who owns the application used to create the document
- The name of the document's author
- The time and date that the document was created
- The date when the file was last printed or modified; in some cases, it will identify who made the modifications
- The location on the computer network where the document was created
- Some files, especially those created by cameras or mobile devices, may include geographic tags that identify where the image was created
Metadata is not immediately visible to the end user, so most documents are published with the metadata intact. Unfortunately, this data leakage can reveal information that can be used by a tester or attacker to facilitate an attack. At a minimum, testers and attackers can harvest user names by comparing them to data in documents; they can identify persons associated with particular data types, such as annual financial reports or strategic planning.
As mobile devices become more common, the risks associated with geographical metadata have increased. Attackers look for locations (cottages, hotels, and restaurants that are frequently visited) as sites that may allow them to launch attacks against users who have let their guard down outside the corporate perimeter. For example, if an employee of the target organization regularly posts pictures to a social media website while waiting for a commuter train, an attacker may target that employee for a physical attack (theft of the mobile device), wireless attack, or even peek over the victim's shoulder to note the username and password.
On Kali, the tool Metagoofil performs a Google search to identify and download a target website's documents (doc, docx, pdf, pptx, xls, and xlsx) and extract usernames, a software version, path storage names, and a server, or workstation names, as shown in the following screenshot:
Metagoofil downloads the specified number of documents to a temporary folder, and extracts and organizes the relevant metadata. It also performs this function against files that have previously been downloaded and are now stored locally.
One of the first returns of Metagoofil is a list of the users that are found. The following is a screenshot of a truncated list:
Metagoofil also identifies servers and pathnames of the documents. If certain documents of interest are localized with a particular user (for example, drafts of financial reports found on an administrative assistant's workstation), that system can be targeted later during testing, as shown in the following screenshot:
- 白話網絡安全2:網安戰略篇
- 黑客大曝光:無線網絡安全(原書第3版)
- Kali Linux CTF Blueprints
- Kali Linux Social Engineering
- CSO進階之路:從安全工程師到首席安全官
- Rootkit和Bootkit:現代惡意軟件逆向分析和下一代威脅
- INSTANT Metasploit Starter
- 安全實戰之滲透測試
- 持續集成:軟件質量改進和風險降低之道
- Disaster Recovery Using VMware vSphere Replication and vCenter Site Recovery Manager
- Cybersecurity Threats,Malware Trends,and Strategies
- 數字政府網絡安全合規性建設指南:密碼應用與數據安全
- Web代碼安全漏洞深度剖析
- 黑客攻防與電腦安全從新手到高手(超值版)
- 網絡入侵檢測系統原理與應用