.c
om
cu
u
du
o
ng
th
an
co
ng
Information Gathering
CuuDuongThanCong.com
/>
.c
om
Contents
co
Passive information gathering
ng
What is information gathering
cu
u
du
o
ng
th
an
Active information gathering
CuuDuongThanCong.com
/>
.c
om
cu
u
du
o
ng
th
an
co
ng
1. What is information gathering
CuuDuongThanCong.com
/>
.c
om
1. What is information gathering
Information gathering is the first step in conducting a penetration test and is
co
ng
arguably the most important.
an
Information gathering is the process of collecting the information from
ng
th
different places about individual company, organization, Server, IP address or
cu
u
du
o
person.
CuuDuongThanCong.com
/>
.c
om
Information Gathering
Types of information gathering
co
an
cu
u
du
o
ng
th
Active information gathering
ng
Passive information gathering
CuuDuongThanCong.com
/>
.c
om
cu
u
du
o
ng
th
an
co
ng
2. Passive Information Gathering
CuuDuongThanCong.com
/>
.c
om
2. Passive Information Gathering
Passive information gathering focuses on collecting information archived
co
ng
on systems not located in our client’s network.
th
an
We try to gather as much information about our target network and
cu
u
du
o
ng
systems without connecting to them directly.
CuuDuongThanCong.com
/>
.c
om
Information Searches
Locate the target Web presence
co
ng
Gather search engine results regarding the target
an
Look for Web groups containing employee and/or company comments
th
Examine the personal Web sites of employees
du
o
ng
Search archival sites for additional information
u
Look for job postings submitted by the target
cu
Query the domain registrar
Domain name system (DNS) information
CuuDuongThanCong.com
/>
.c
om
Results
• The penetration tester will have a wealth of information regarding the
co
ng
target without ever visiting the target’s network.
th
an
• All passive information is gathered from third-party sources that have
du
o
u
cu
this data.
ng
collected information about our target, or have legal requirements to retain
CuuDuongThanCong.com
/>
.c
om
Tools
cu
u
du
o
ng
th
an
co
ng
Netcraft ()
CuuDuongThanCong.com
/>
.c
om
Tools
cu
u
du
o
ng
th
an
co
ng
Whois Lookups (root@kali:~# whois bulbsecurity.com)
CuuDuongThanCong.com
/>
.c
om
Tools
DNS Reconnaissance: Domain Name System(DNS) DNS is used to
co
ng
translate domain names into IP addresses and vice versa.
th
an
Record in DNS:
ng
A: Address
du
o
CNAME: Canonical Name
cu
u
MX: Mail Exchange
CuuDuongThanCong.com
/>
.c
om
CNAME cấu hình bí danh, nghĩa là 1 ip có thể gắn vào nhiều tên.
ng
1 IP có thể gắn nhiều CNAME
th
Ánh xạ tên miền vào địa chỉ IP.
ng
A
an
co
server.movie.edu. IN CNAME terminator.movie.edu.
u
Dùng để chuyển mail trên internet
cu
MX
du
o
Vd: terminator.movie.edu. IN A 192.168.11.100
t3h.com IN MX 0 mail.t3h.com.
CuuDuongThanCong.com
/>
.c
om
ng
co
an
th
ng
du
o
u
cu
CuuDuongThanCong.com
/>
cu
u
du
o
ng
th
an
co
ng
.c
om
DNS Reconnaissance
#nslookup –type=ns example.com 8.8.8.8
CuuDuongThanCong.com
/>
.c
om
DNS Reconnaissance
ng
#!/bin/sh
co
for HOSTNAME in `cat DomainNames.txt`
th
an
do
du
o
ng
echo "Getting name servers for [$HOSTNAME]"
done
cu
u
nslookup -type=ns $HOSTNAME 8.8.8.8
CuuDuongThanCong.com
/>
.c
om
DNS Reconnaissance
Domain Information Groper (Dig)
cu
u
du
o
ng
th
an
co
ng
#dig example.com
CuuDuongThanCong.com
/>
.c
om
Dig
cu
u
du
o
ng
th
an
co
ng
# dig +qr www.example.com any
CuuDuongThanCong.com
/>
.c
om
Dig
ng
Shortening the output
IN A 192.168.1.10
u
du
o
ng
th
an
44481
cu
example.com.
co
#dig +nocmd +noall +answer example.com
CuuDuongThanCong.com
/>
.c
om
Tool
Maltego: Paterva’s Maltego is a data-mining tool designed to visualize open
co
ng
source intelligence gathering.
cu
u
du
o
ng
th
an
#maltego
CuuDuongThanCong.com
/>
.c
om
ng
co
an
th
ng
du
o
u
cu
CuuDuongThanCong.com
/>
.c
om
ng
co
an
th
ng
du
o
u
cu
CuuDuongThanCong.com
/>
.c
om
ng
co
an
th
ng
du
o
u
cu
CuuDuongThanCong.com
/>
.c
om
Tools
cu
u
du
o
ng
th
an
co
ng
Searching for Email Addresses
CuuDuongThanCong.com
/>
.c
om
Tool
ng
cu
u
du
o
ng
th
an
co
/>
CuuDuongThanCong.com
/>