Show page

Differences

This shows you the differences between two versions of the page.

--- cns:laboratoare:laborator-01 [2012/10/15 17:15]
traian.popeea [Lab 1 - Collecting Information and Scanning]
+++ — (current)
@@ Line 1: / Line 1: @@
-====== Lab 1 - Collecting Information and Scanning ======
-The lab will be run on Linux.
-===== Collecting Information =====
-  * Passive activity - no interaction with the target
-  * Useful information:
-    * External IP addresses
-    * Employee phone numbers and e-mails
-    * Employee profiles (Facebook, Google+, LinkedIn, ...)
-    * Active hosts and services (internal penetration testing)
-  * Techniques:
-    * Google hacking
-    * Whois and DNS queries
-    * Using public databases: Netcraft.com , zone-h.com
-    * Web site inspection
-    * Network sniffing
-==== Google Hacking ====
-  * ''site:'' restricts the results of the query to the specified site: ''site:pub.ro "error in your SQL syntax"''
-  * ''intitle:'' / ''allintitle:'' - the keywords cand be found in the page title: ''intitle:"index of" intext:"parent directory"''
-  * ''filetype:'' specifies the file extension: ''filetype:doc site:pub.ro''
-  * Explicit Inclusion: ''+'': ''+123456 "yahoo.com" site:pastebin.com''
-  * Explicit Exclusion: ''-'': ''+virus –biology''
-  * More at: [[http://www.google.com/help/operators.html]] and [[http://www.hackersforcharity.org/ghdb/]]
-==== Google Hacking - Tasks ====
-Choose a site: xyz
-  * Search for all xls files that can be accesed on the xyz site
-  * Check if directory browsing is possible on the xyz site
-  * Search for subdomains of xyz
-  * Search for ''mysql dump filetype:sql''. What is the result?
-  * Search for live webcams: ''inurl:/view/index.shtml'' ''inurl:viewerFrame?Mode=''
-==== Whois Queries ====
-Useful information:
-  * DNS servers
-  * IP addresses
-  * Location and address
-  * Contact persons (name, phone, e-mail)
-  * Examples:
-    * ''whois cisco.com''
-    * ''whois 128.107.241.185''
-==== Whois Queries - Tasks ====
-  * Identify the IP addresses and location of xyz.
-==== DNS Queries ====
-  * Tools: dig, host, nslookup
-  * Query types: A, NS, MX, PTR, AXFR
-  * Examples:
-    * E-mail servers:
-      * ''dig pub.ro mx''
-      * ''host –t mx pub.ro''
-    * Reverse DNS:
-      * ''dig @ns1.roedu.net ptr 60.166.85.141.in-addr.arpa''
-      * ''host 141.85.166.60''
-==== DNS Queries - Tasks ====
-  * What are the DNS servers for xyz?
-  * For each of the previous servers, request a zone transfer (type=axfr)
-===== Scanning =====
-  * Activities involving interaction with the target
-  * Repeated queries in order to obtain different information:
-    * Live hosts
-    * Open ports
-    * Service versions
-    * Operating systems
-    * Network shares
-    * Local users
-==== Host Discovery ====
-  * ARP Ping
-  * ICMP Ping
-  * TCP SYN Ping
-  * UDP Ping
-==== Port Scanning ====
-  * SYN scan (half-connect)
-    * ''nmap -sS -p 445 192.168.1.1''
-    * ''hping -S -p 445 192.168.1.1''
-  * Connect scan (complete 3-way handshake)
-    * ''nmap -sT -p 445 192.168.1.1''
-    * ''telnet 192.168.1.1 445''
-    * ''netcat 192.168.1.1 445''
-  * ACK scan (checks if a port is filtered by a firewall, does not offer any information regarding the port (open/closed))
-    * ''nmap –sA –p 445 192.168.1.1''
-  * UDP scan
-    * ''nmap –sU –p 53 192.168.1.1''
-==== Nmap options ====
-  * Target specification
-    * ''nmap 192.168.1-254.1-254''
-    * ''nmap 192.168.0.0/16''
-    * ''nmap –iL iplist.txt''
-  * Port specification
-    * ''nmap –p21,22,80,445 192.168.1.1''
-    * ''nmap –p1-65535 192.168.1.1''
-    * default: 1660 ports
-  * Output file:
-    * ''nmap –oN output.txt 192.168.1.1''
-  * Scan speed
-    * ''nmap –T<0-5> 192.168.1.1'' (larger number is faster)
-  * Service version
-    * ''nmap –sV 192.168.1.1''
-  * Operating System detection
-    * ''nmap –O 192.168.1.1''
-==== Port Scanning - Tasks ====
-  * Using a single nmap command scan the entire vmnet8 subnet and determine:
-    * Active hosts
-    * Open ports
-    * Service versions
-    * Operating system
-    * The results will be save in an output file

Resources

Labs

Lectures

Assignments

Extra

cns/laboratoare/laborator-01.1350310525.txt.gz · Last modified: 2012/10/15 17:15 by traian.popeea

Show page Old revisions

Media Manager Back to top