8/11/2019 Information Gathering Lecture
http://slidepdf.com/reader/full/information-gathering-lecture 1/16
Information Gathering
8/11/2019 Information Gathering Lecture
http://slidepdf.com/reader/full/information-gathering-lecture 2/16
INFORMATION
GATHERING
8/11/2019 Information Gathering Lecture
http://slidepdf.com/reader/full/information-gathering-lecture 3/16
Information Gathering
• “The more Information you have about the target , the
more is the chance od Successful exploitation ”
8/11/2019 Information Gathering Lecture
http://slidepdf.com/reader/full/information-gathering-lecture 4/16
8/11/2019 Information Gathering Lecture
http://slidepdf.com/reader/full/information-gathering-lecture 5/16
Sources of Information Gathering
• Social media website
• Search engines
• Forums
• Press releases• People search
• Job sites
8/11/2019 Information Gathering Lecture
http://slidepdf.com/reader/full/information-gathering-lecture 6/16
Tools of the trade
• Here , we will be discussing about the tools that can behandy in the process of Information gathering.
• WinHTTrack:
• Out of many tools , WinHTTrack helps you to copy the whole website locallyto investigate the site for flaws / Useful Information.
• In linux , we use --> wget http://www.example.com
• website Ripper Cop ier :• Also used to copy a website locally, with some extra features.
8/11/2019 Information Gathering Lecture
http://slidepdf.com/reader/full/information-gathering-lecture 7/16
WinHTTrack Website Copier
8/11/2019 Information Gathering Lecture
http://slidepdf.com/reader/full/information-gathering-lecture 8/16
Website Ripper Copier
8/11/2019 Information Gathering Lecture
http://slidepdf.com/reader/full/information-gathering-lecture 9/16
Information Gathering with Whois
• Goal is to gather as much information as possible aboutthe target.
• Whois contains a database containing information about
all the websites on the web.• Like who owns the site , email address of the owner etc.
• Sites to look for:
• whois.domaintools.com
• Networks-tool.com
•
8/11/2019 Information Gathering Lecture
http://slidepdf.com/reader/full/information-gathering-lecture 10/16
Domain Hosted on same server
• There are many ways to find different domains being
hosted on same server.
• There’s a method called “symlink bypassing” wherecompromises all the other sites by using the single site.
• Site - > Yougetsignal.com
8/11/2019 Information Gathering Lecture
http://slidepdf.com/reader/full/information-gathering-lecture 11/16
Tracing location
• Identify the IP of the website/web server by using Ping
command as also to know if the server is alive.
• Ping www.abc.com
Now A tool like IPTracer can be used to trace the Location of the IP.
http://www.ip-adress.com/ip_tracer/yourip
8/11/2019 Information Gathering Lecture
http://slidepdf.com/reader/full/information-gathering-lecture 12/16
Traceroute
• Useful tool to get the network topology.
• Like how firewalls , control Points , Load balancers etc are
implemented in the network.
• It uses the TTL (Time to Live) field from IP header
• Increments it to determine where the system is.
• TTL value decrements when it reaches a hop( router to
server is one hop )in the network.
8/11/2019 Information Gathering Lecture
http://slidepdf.com/reader/full/information-gathering-lecture 13/16
• There are three different types of traceroute.
• 1. ICMP traceroute (which is used in Windows by default)
• 2. TCP traceroute• 3. UDP traceroute
8/11/2019 Information Gathering Lecture
http://slidepdf.com/reader/full/information-gathering-lecture 14/16
Tools
• NeoTrace – GUI based tool to Map out the network.
• Cheops-ng – Tracing and fingerprinting the network.
• Burp suite – Proxy tool to intercept the request response
between browser and web server.
• Acunetix Vulnerability Scanner. – Used to scan a web forvulnerability.
8/11/2019 Information Gathering Lecture
http://slidepdf.com/reader/full/information-gathering-lecture 15/16
• Whatweb – Its all in one tool for active footprinting of
webservers to identify web vulnerabilities like SQL
injection, cross site scripting , email address , server
version.
• Netcraft – contains a huge online database with useful
information on websites .
• Can be used for passive reconnaissance against the
target.
8/11/2019 Information Gathering Lecture
http://slidepdf.com/reader/full/information-gathering-lecture 16/16
Google Hacking
• Site Used to search for all the web pages that areindexed by Google• Site: www.example.com
• Link Returns all the websites that are linked to the
website• link: www.example.com
• Intitle Is used to retuen some results with a specifictarget• Site: www.example.com intitle: ftp users
• Inurl: useful search query to return URLs with specifickeywords.
• Filetype: use to return specific filetype• Site: www.example.com filetype: pdf