Docstoc

1_Reconnoissance_V

Document Sample
1_Reconnoissance_V Powered By Docstoc
					Ethical
Hacking

Phase I
Reconnaissance
Module Objectives

 Overview   of the Reconnaissance Phase
 Introducing   Footprinting
 Understandingthe information gathering
 methodology of hackers
 Comprehending the Implications

 Learning someof the tools used for
 reconnaissance phase
 Deploying countermeasures
Revisiting Reconnaissance

                                             Reconnaissance refers to
                                              the preparatory phase
                                              where an attacker seeks
  Reconnaissance
                        Clearing              to gather as much
                         Tracks
                                              information as possible
                                              about a target of
                                              evaluation prior to
                                              launching an attack.
                            Maintaining
Scanning
                              Access



              Gaining
               Access
Defining Footprinting

 Footprinting   is the blueprinting of the security
  profile of an organization, undertaken in a
  methodological manner.
 Footprinting is one of the two pre-attack
  phases. The other is enumeration.
 Footprinting  results in a unique organization
  profile with respect to networks (Internet /
  Intranet / Extranet / Wireless) and systems
  involved.
Information Gathering Methodology

   Unearth initial information
   Locate the network range
   Ascertain active machines
   Discover open ports / access points
   Detect operating systems
   Uncover services on ports
   Map the Network
 Unearthing Initial Information

 Commonly includes:
   • Domain name
     lookup
   • Locations
   • Contacts
     (Telephone / mail)
 Information Sources:
   • Whois
   • Nslookup
Whois
                                      Registrant:
                                       targetcompany (targetcompany-DOM)
                                       # Street Address
                                       City, Province
                                       State, Pin, Country
                                       Domain Name: targetcompany.COM




                       Administrative Contact:
                         Surname, Name (SNIDNo-ORG)    targetcompany@domain.com
                          targetcompany (targetcompany-DOM) # Street Address
                           City, Province, State, Pin, Country
                          Telephone: XXXXX Fax XXXXX
                       Technical Contact:
                         Surname, Name (SNIDNo-ORG) targetcompany@domain.com
                          targetcompany (targetcompany-DOM) # Street Address
                           City, Province, State, Pin, Country
                          Telephone: XXXXX Fax XXXXX



Domain servers in listed order:
     NS1.WEBHOST.COM            XXX.XXX.XXX.XXX
     NS2.WEBHOST.COM            XXX.XXX.XXX.XXX
Nslookup

 Nslookup  is a program to query Internet
  domain name servers. Displays information
  that can be used to diagnose Domain Name
  System (DNS) infrastructure.
 MX record reveals the IP of the mail server.
 Both Unix and Windows come with a Nslookup
  client.
Locate the Network Range

 Commonly includes:
  • Finding the range of IP
    addresses
  • Discerning the subnet
    mask
 Information    Sources:
  • Traceroute
 Hacking   Tool:
  • Traceroute
Traceroute

 Tracerouteis used to determine the route taken
 by packets across an IP network.
 In Windows   the same tool is called tracert.
Example

 Lab1: gathering information about
 wikipedia.org
  • whois (www.betterwhois.org)
     – Names of the DNS servers
     – ...
  • nslookup – obtain the DNS server's IP
  • traceroute – obtain the web server's name
  • nslookup – obtain the web server's IP
Tool: VisualRoute Trace
Tool: eMailTrackerPro




                  eMailTrackerPro is the e-mail
                  analysis tool that enables analysis
                  of an e-mail and its headers
                  automatically and provides
                  graphical results
Summary

   Information gathering.
   Footprinting renders a unique security profile of a
    target system.
   Whois can reveal public information of a domain that
    can be leveraged further.
   Traceroute and mail tracking can be used to target
    specific IP and later for IP spoofing.
   Nslookup can reveal specific users and zone transfers
    that can compromise DNS security.

				
DOCUMENT INFO