Information gath
2 likes14,705 views
This document discusses information gathering techniques used during a penetration test. It outlines the phases of a pentest as information gathering, vulnerability analysis, exploitation, post exploitation, and reporting. Effective information gathering, such as using Google hacking, Netcraft, Whois, host, and dig commands, significantly increases the chances of a successful attack. Passive techniques include searching online databases and documents, while active techniques involve direct interaction with the target system through actions like port scanning. Gathering public information on a target prepares pentesters to find and analyze vulnerabilities before attempting exploitation.
Information gath
- 1. INFORMATION GATHERING IN A PENTEST By : Syarif @fl3xu5 Cybercrime Investigation Center Mabes Polri Jakarta, 28 Januari 2012
- 2. Agenda About Pentest ( Penetration Testing ) Pentest Phase How Important do Information Gathering Passive & Active Information Gathering Google Hack Netcraft Whois host dig
- 3. About Pentest ( Penetration Testing ) A method to evaluate the security of computer system / network Practice ( attacking ) an IT System like a ‘hacker’ do Find a security holes ( systemic weaknesses ) By pass security mechanism compromise an Organization’s IT System Security Must have a permission from IT System owner ~ The Person is called a Pentester ~
- 4. Pentest Phase Information Gathering Vulnerability Analysis Exploitation Post Exploitation Reporting
- 5. How Important do Information Gath. Information Gath. Chance of Successful attack~
- 6. Passive & Active Information Gathering Passive Information Gathering Active Information Gathering Google Hacking Netcraft Whois Nslookup Port Scanning Service Scanning Nmap Metasploit
- 7. Google Hack was introduced by Johnny Long based on google basic usage information :http:// www.google.com/help/basics.html! More : http://www.google.com/help/ operators.html
- 8. Google Hack ( cont’d ) Google basic search help
- 9. Google Hack ( cont’d ) Operators and More Search help
- 10. Google Hack ( cont’d ) Examples :
- 11. Google Hack ( cont’d ) Examples :
- 12. Google Hack ( cont’d ) Examples :
- 13. Google Hack ( cont’d ) Other Examples :
- 14. Google Hack ( cont’d ) Other Examples :
- 15. Google Hack ( cont’d ) More Examples :
- 16. Netcraft an Internet monitoring company based on England Uptimes OS detection web server
- 17. Netcraft ( cont’d )
- 18. Whois
- 19. host
- 20. dig
- 21. REFERENCES http://www.pentest-standard.org/index.php/ PTES_Technical_Guidelines http://www.metasploit.com/about/penetration- testing-basics/ Metasploit The Penetration Tester’s Guide : David Kennedy , Jim O’Gorman, Devon Kearns, Mati Aharoni GHDB , http://johnny.ihackstuff.com/ghdb/