Module 3 – Information Gathering
Phase II Controls Assessment Scheduling
○ Information Gathering○ Network Mapping○ Vulnerability Identification○ Penetration○ Gaining Access & Privilege Escalation○ Enumerating Further○ Compromise Remote Users/Sites○ Maintaining Access○ Cover the Tracks
Heorot.net
Information Gathering
Locate the target Web presence
Examine the target using search engines
Search Web groups Search employee personal
Web sites Search Security & Exchange
Commission and finance sites Search uptime statistics sites Search system/network survey
sites Search on P2P networks
Search on Internet Relay Chat (IRC)
Search job databases Search newsgroups (NNTP) Gain information from domain
registrar Check for reverse DNS lookup
presence Check more DNS information Check Spam database lookup Check to change WHOIS
information
Heorot.net
Information Gathering
IMPORTANT!! This phase does not
involve “touching” the target
Information gathered may not be “Public Domain”
Tools:FirefoxDogpile.comAlexa.orgArchive.org
Document, document, document…Screenshots, screenshots, screenshots…
Heorot.net
Information Gathering
What to Document…
Website Address Web Server Type Server Locations Dates Listed Date Last Modified Web Links Internal Web Links External Web Server Directory Tree Technologies Used Encryption standards Web-Enabled Languages
Form Fields Form Variables Method of Form Postings Keywords Used Company contactability Meta Tags Comments Noted e-commerce Capabilities Services Offered on Net Products Offered on Net Features
Heorot.net
Information Gathering
Locate the target Web presenceCool tool called “nmap”
Heorot.net
Information Gathering
Examine the target using search engines
Rank 53,545 / Linking In: 2,415
Heorot.net
Information Gathering
Examine the target using search engines
Heorot.net
Information Gathering
Dates Listed / Modified
Heorot.net
Information Gathering
Search Web groups
Heorot.net
Information Gathering
Search newsgroups (NNTP)
http://freenews.maxbaud.net
Heorot.net
Information Gathering
Gain information from domain registrar Check to change WHOIS information
Heorot.net
Information Gathering
Check for reverse DNS lookup presence Check more DNS information
DNS
ReverseDNS
http://www.dnswatch.infoHeorot.net
Information Gathering
Why care about Reverse DNS?
Insecure.org
seclists.org
Heorot.net
Information Gathering
Check Spam database lookup
http://www.dnsbl.info
Heorot.net
Information Gathering
Search employee personal Web sites Search Security & Exchange Commission
and finance sites Search uptime statistics sites Search system/network survey sites Search on P2P networks Search on Internet Relay Chat (IRC) Search job databases
Heorot.net
Module 3 – Conclusion
Information Gathering What to Document Not “touching” the target Information may not be “Public Domain”
Heorot.net