Professional Documents
Culture Documents
Ethical Hacking Day 1
Ethical Hacking Day 1
Topology Discovery
Knowing the network style.
Discovering all devices in network that you are
connected to.
Kali linux can determine the devices connected
in a network using “netdiscover --help”.
netdiscover -i eth0
OS fingerprinting
OS Determination
Finding which OS is running on the
victims computer.
• Active Fingerprinting
• Passive Fingerprinting
Service Discovery
Services running in an OS.
Common Services; http [80], ftp [20], https
[443], ssh [22] , telnet [23].
Packet Capture
Copy the data between the client to
destination.
Using Wireshark, Network TAP , SPAN or
mirror port , or built in packet capture
features of firewalls or routers.
Log Review
Examining all the attempted access:
successful and unsuccessful attempt.
DNS Harvesting
Gathering DNS records to map the
network.
Hosts add, Servers, Mail Servers, etc.
WIRESHARK
http.request
- filetering all http packets.
ip.src == 192.168.254.136
-return packets that has a source ip of 192.165.254.136
ip.dst == 192.168.254.136
-return packets that has a destination ip of 192.165.254.136
ip.addr == 192.168.254.136
-return packets that has an ip of 192.168.254.136 either
src/desti.
ip.addr == 192.168.254.0/24
-return packets within the given network.
Tcp
-return all TCP's protocol.
http.request.method=="POST"
InformationInformation
Gathering or Reconnaisance
Gathering
or Reconnaissance
A. Footprinting
• IP address range
• Types of system and equipment (firewalls, routers, etc)
Information Gathering or Reconnaisance
•
•
OS
Applications and Version
• Key personnel (security person or IT person)
• Phone numbers
• Business relationships (to another company , competitor)
• Products
• Contracts
• Financial Data
• Security methods and procedure
• Network infrastructure
C. Footprinting Methods
Internet Searching
• Where footprint start
Information Gathering or Reconnaisance
• DIG DEEPER than just the first few pages
• Search engines, people searches, blogs, websites,
partner websites, FB, Linkedin, Google earth, Bing Maps,
Company sites, Business Sites
Google Hacking
- uses keywords to return specific information about
the target system.
- allinurl , inurl , allintitle, intitle
C. Footprinting Methods
Email Footprinting
- involves viewing headers to determine info about the
email as it has travelled from sender to receiver.
Information Gathering or Reconnaisance
- can give IP Add, server names, banners, username
format, etc.
WHOIS and DNS Footprinting
- whois is uses domain name registration to search for
organizational network info.
- DNS FP is used to determine the name servers and
other information about an organization.
NMAP (Network Mapper)
Information Gathering
- has the power to giveor
youReconnaisance
a mapping of a network
system.
man nmap
-manual/guide for using nmap.
Information Gathering or Reconnaisance
nmap -sn www.google.com
-ping scan of the given target, w/o ports shown.
nmap -A www.google.com
-OS, version, script scan, trace route.
nmap --top-ports 10 192.168.254.136
-display ports depending on given number; "10“.
nmap -p 80 192.168.254.136
-display a specific port depending on a port number;
"80“.
nmap -p T:80 192.168.254.136
-display a specific TCP port.
nmap -p U: 192.168.254.136
-display a specific UDP port.
Information Gathering or Reconnaisance
nmap --open 192.168.254.136
-display 4 open ports.
nmap -A -T4 192.168.254.136
-"T4" is for faster execution.
nmap -v 192.168.254.136
-"v" or verbose provides information while scanning.
nmap -oG - 192.168.254.0-255 -v
-readable scan the whole network wd complete info
while scanninng // wdo "oG", the result is unorganize.
DMITRY
Information
- can Gathering
get hostname or
andReconnaisance
ip address of the
target system.
Command:
dmitry -wnseo "host“
-all passive recon command.
dmitry -pbo "host“
-active recon command.
WHOIS
- gives the detailed domain information of your target
system.
Information Gathering
Some of the
▪ Registrar
or Reconnaisance
attributes in domain details, are:
▪ Admin
▪ Tech
▪ Name Server
▪ Geographical Location
▪ IP history
Command:
whois "domain name"
-ex. whois google.com
ARMITAGE
- Tabs in Armitage:
• Armitage
• View
• Hosts
• Attacks
• Workspaces
• Help
Numeric - 0123456789
alpha - ABCDEFGHI...Z
alpha-numeric - ABCDEFGHI...Z0123456789
loweralpha - abcdefghi...z
loweralpha-nnumeric - abcdefghi...z0123456789
mixalpha - abcdefghi...zABCDEFGHI...Z
mixalpha-numeric -abcdefghi...zABCDEFGHI...Z0123456789
DOWNLOADABLE TABLES:
- tables can downloaded from the Ophcrack website
Information Gathering
• For Windows or Reconnaisance
XP, Ophcrack supplies two alphanumeric
tables
• can crack 99.99% of all passwords under 14 characters,
consisting of a combination between letters and numbers —
"abcdefghijklmnopqrstuvwxyz0123456789"
• these hash tables contain 80 billion different hashes,
corresponding with 12 septillion possible passwords.
- tables_XP (sample Rainbow table)