CYB 403-LECTURE NOTE 2
5 PHASES IN PEN-TESTING
1. INFORMATION GATHERING
Information Gathering is the process of collecting various types of info against the
targeted device or victim or organization. This is the first and foremost step and it is
absolutely necessary to carry out
this vital step. The more useful information, the better, as an ethical hacker you'd be able
to devise a more tailored approach to breach the security in the most efficient manner.
Information gathering can be classified into two types:
i. Active reconnaissance;
ii. Passive reconnaissance
Footprinting is the technique to collect as much information as possible about the
targeted network/victim/system. The first step in attacking any network is to figure
out what to attack, to develop a "footprint" of the target network.
, Following are some branches of footprinting a learner should know before
gathering information
Open source footprinting
Network-based footprinting
DNS interrogation
Open source footprinting
This type of footprinting is the safest, and hackers can do this without the worry
about breaking laws. This is publicly available information. Examples of this type
include: finding someone's email address, phone number, scanning IP through
automated tools, search for their age, DOB, house address, etc.
Most companies provide information about their companies on their official website
without realizing that hackers can benefit from that information provided by them.
Network-based footprinting
The basic goal is to learn more about the network. There is a lot to discover,
including, but not limited to, the following:
a. Network address ranges
b. Host names
c. Exposed hosts
d. Applications exposed on those hosts
e. OS and application version information
f. Patch state of the host and the applications
DNS Interrogation
After identifying all the associated domains, you can begin to query the DNS.
DNS is a distributed database used to map IP addresses to hostnames and vice
versa. If DNS is config-ured insecurely, it is possible to obtain revealing information
about the organization.
Types of Footprinting
FOOTPRINTING TOOLS
A Whois domain lookup allows you to trace the ownership and tenure of a domain
name. Similar to how all houses are registered with a governing authority, all
domain name registries maintain a record of information about every domain name
purchased through them, along with who owns it, and the date till which it has been
purchased.
https://www.whois.com/whois/
Nmap is used to discover hosts and services on a computer network by sending
packets and analyzing the responses. Nmap provides a number of features for
probing computer networks, including host discovery and service and operating
system.
5 PHASES IN PEN-TESTING
1. INFORMATION GATHERING
Information Gathering is the process of collecting various types of info against the
targeted device or victim or organization. This is the first and foremost step and it is
absolutely necessary to carry out
this vital step. The more useful information, the better, as an ethical hacker you'd be able
to devise a more tailored approach to breach the security in the most efficient manner.
Information gathering can be classified into two types:
i. Active reconnaissance;
ii. Passive reconnaissance
Footprinting is the technique to collect as much information as possible about the
targeted network/victim/system. The first step in attacking any network is to figure
out what to attack, to develop a "footprint" of the target network.
, Following are some branches of footprinting a learner should know before
gathering information
Open source footprinting
Network-based footprinting
DNS interrogation
Open source footprinting
This type of footprinting is the safest, and hackers can do this without the worry
about breaking laws. This is publicly available information. Examples of this type
include: finding someone's email address, phone number, scanning IP through
automated tools, search for their age, DOB, house address, etc.
Most companies provide information about their companies on their official website
without realizing that hackers can benefit from that information provided by them.
Network-based footprinting
The basic goal is to learn more about the network. There is a lot to discover,
including, but not limited to, the following:
a. Network address ranges
b. Host names
c. Exposed hosts
d. Applications exposed on those hosts
e. OS and application version information
f. Patch state of the host and the applications
DNS Interrogation
After identifying all the associated domains, you can begin to query the DNS.
DNS is a distributed database used to map IP addresses to hostnames and vice
versa. If DNS is config-ured insecurely, it is possible to obtain revealing information
about the organization.
Types of Footprinting
FOOTPRINTING TOOLS
A Whois domain lookup allows you to trace the ownership and tenure of a domain
name. Similar to how all houses are registered with a governing authority, all
domain name registries maintain a record of information about every domain name
purchased through them, along with who owns it, and the date till which it has been
purchased.
https://www.whois.com/whois/
Nmap is used to discover hosts and services on a computer network by sending
packets and analyzing the responses. Nmap provides a number of features for
probing computer networks, including host discovery and service and operating
system.
