- Whois, Netcraft, Registro.br public informations of the site. - archive.org Old informations in background of the site. - googlehacking- inurl,intext,filetype,intitle e etc - theharvester get emails,ips e etc. theHarvester -d "DOMINIUM" -l "List Numbers" - b "where search" - Ever active postgreseql before METASPLOIT, Postgresql Start the METASPLOIT database (msfdb init),msfconsole enters in metasploit. - Users Traces- mailtracking.com getting information the user when open the send mail virtual box, who send a archive pdf it getting all computer informations. - Spys.one list of the public proxys for use. - Spoofing, method used for encrypt information sent to recipient, causing that the recipient think that information was sent by another people. - Bypass, "Life Hack" used for overcome all barriers of security of easy mode. - SHODAN product: -> return just results who are the specific product. Example: product:MongoDB country: -> return just results who do country part defined. Example: country:br net: -> return just results who do networking part . Example: net:192.168.0.1/24 port: -> return just results who get functional service in the port. Example: port:27017 org: -> return just results who do part the organizations determined . Example: org:Google city: -> return just results who do part the determined city. Example: city:"João Pessoa" - -> This is a lógic operator who remove results obtained determined words. Example: -authentication NOT -> this logic operator has the same functions as the previous. Example: NOT authentication
- Censys (shodan for developers), database based for python.
- Maltego, software who automatic all collect process information for the target with graphics interface. - Mindmaps, put an possibilty for the final objective. (define the target, meet the target, get all time the) - Nmap,does a complet scanning the networking. Tag -sV give verssions from the server. - Scanning the port use hping3, syn+ack (SA) = port open, if return RA (reset ack) the port is closed, the user ever send SYN (send connection for port)Nmap -sS ever return the SYN, Nmap is perfect and completed in comparation put hping3, use the protocol SYN, doesn't big noise. - In nmap we can used the flag -sP for realize a scanning Ping Scan - Protocol TCP sends and receives data packets of server, Protocol UDP only sends data packets.
- Port protocol numbers.
20 File Transfer Protocol (FTP) Data Transfer 21 File Transfer Protocol (FTP) Command Control 22 Secure Shell (SSH) Secure Login 23 Telnet remote login service, unencrypted text messages 25 Simple Mail Transfer Protocol (SMTP) E-mail routing 53 Domain Name System (DNS) service 67,68 Dynamic Host Configuration Protocol (DHCP) 80 Hypertext Transfer Protocol (HTTP) used in the World Wide Web 110 Post Office Protocol (POP3) 119 Network News Transfer Protocol (NNTP) 123 Network Time Protocol (NTP) 143 Internet Message Access Protocol (IMAP) Management of digital mail 161 Simple Network Management Protocol (SNMP) 194 Internet Relay Chat (IRC) 443 HTTP Secure (HTTPS) HTTP over TLS/SSL
- Scanning using Handshake is complete,but it does a extreme noise in the target
recept. - Netcat show the completed connections, in the capture tcp the server send informations, banners,fonts codes, the nmap get the services captured from TCP and show the informations. - Ping is ICMP echo request and receive ICMP echo reply, Example: "The people speak Hi, another people reply".It's considered a technique called (ping pong).through the command ping is possible check if the IP is a valid IP. - FPing, through the fping it's possible automate the command Ping,It's localize the actives Ip's of automatic form. Example: fping -c1 -g 192.168.1.0 192.168.1.24 - Banners, Services Types and Versions of services. -