官术网_书友最值得收藏!

Introduction

Information gathering is the first basic step towards penetration testing. This step is carried out to find out as much information about the target machine as possible. The more information we have, the better will be our chances of exploiting the target. During the information gathering phase, our main focus is to collect facts about the target machine, such as the IP address, available services, open ports. This information plays a vital role in the process of penetration testing. There are basically three types of techniques used in information gathering.

  • Passive information gathering
  • Active information gathering
  • Social engineering

Let us take a quick look at these processes:

  • Passive information gathering: This technique is used to gain information about the target without having any physical connectivity or access to it. This means that we use other sources to gain information about the target like using the whois query, Nslookup, and so on. Suppose our target is an online web application then a simple whois lookup can provide us a lot of information about the web application, like its IP address, its domains, and sub-domains, location of server, hosting server, and so on. This information can be very useful during penetration testing as it can widen our track of exploiting the target.
  • Active information gathering: In this technique, a logical connection is set up with the target in order to gain information. This technique provides us with the next level of information which can directly supplement us in understanding the target security. Port scanning; the target is the most widely used active scanning technique in which we focus on the open ports and available services running on the target.
  • Social engineering: This type of information gathering is similar to passive information gathering, but relies on human error and the information leaked out in the form of printouts, telephone conversations, or incorrect e-mail Ids, and so on. The techniques for utilizing this method are numerous and the ethos of information gathering is very different, hence, social engineering is a category in-itself. For example, hackers register domain-names that sound similar with spelling mistakes, and set up a mail server to receive such erroneous e-mails. Such domains are known as Doppelganger Domains, that is, the evil twin.

In this chapter, we will analyze the various passive and active techniques of information gathering in detail. In the starting two recipes, we will analyze the most commonly used and most commonly neglected techniques of passive information gathering, and then in later recipes we will focus on gaining information through port scanning. Metasploit has several built in scanning capabilities, as well as some third-party tools integrated with it to further enhance the process of port scanning. We will analyze both the inbuilt scanners, as well as some of the popular third-party scanners which work over the Metasploit framework. Let us move on to the recipes and start our process of gaining information about our target.

主站蜘蛛池模板: 新晃| 柘荣县| 浦北县| 五指山市| 泰兴市| 金堂县| 教育| 安庆市| 百色市| 四川省| 西昌市| 秦皇岛市| 井陉县| 乐亭县| 阳高县| 青河县| 方山县| 孝昌县| 高青县| 新昌县| 浦东新区| 诏安县| 厦门市| 洪泽县| 青田县| 调兵山市| 那坡县| 思南县| 平顶山市| 齐河县| 高碑店市| 合阳县| 云龙县| 大田县| 略阳县| 永泰县| 宾川县| 胶州市| 蛟河市| 咸阳市| 垫江县|