Passive Information gathering refers to the process of
collecting information about a target network and its environment by passive
methods. The entire “information
gathering” is considered as a ״methodological”
procedure, because those critical information gathered, is categorized based on
a previous discovery. The Idea of information gathering is have an entire
blueprint of the network infrastructure of the target organization. The
blueprints will be probably unique for each and every branch. Passive
information gathering is completely harmless to the target organization since
we do not directly engage with the target organization. Technically speaking,
we have four intention while performing information gathering
1. Collect all available information, passively and actively
about the target and its network
2. Identify the operating system, platforms,
web server versions, etc.
3. Perform techniques such as Whois llokup, DNS fingerprinting, other network and
organizational queries
4. Find vulnerabilities and exploits for launching attacks
In this blog we’ll explore about the using passive method
for information gathering.
FINANCE
To know the financial posture of a target we can either use
google finance or yahoo finance, this will show whether the company is making
money or losing shares.
ALERTS
Alerts are generally used for receiving updates via mail or
sms for any update on a particular subject. This service is generally used for
competitive information gathering. As a pentester we can use it to monitor how
the updates of clients id flooded through internet.
ARCHIVE
The archive.org stores all most all version of every website
in internet. If you want to know how the previous version of the website looked
like, or else if you want to know the frequency of target updating their
website. Then archive is one of best for help
EMAIL
Generate a discussion with the support or front desk via
email. The email header will definitely have sender’s and receiver’s address, which
can be used track geo-location; it will also have IP address of the mail
server, authentication method used etc. I’m pasting one of my favorite email tracker.
If you want to track a email you’ve sent, like its path, destination, when did
the recipient open the document etc . can be done via service known as point of
mail
WHOIS LOOKUP
In simple word, WHOIS database is something that has information
of all users that owns a registered domain. Simply speaking if you want to know
owner of website, then that information can be retrieved from these databases. The
WHOIS table provide the personal information of the site owners, like email ,
physical address, phone number, IP address of the server, ports open, when was
the site registered, when will it expire etc.
DNS FOOTPRINTING
The DNS footprinting allows the pentester know more details
about the target organization. The pentester extract the DNS information from
DNS server. This information may have ip address, domain names, computer names,
mail servers etc. I’m adding commonly
see domain records
Address Mapping records (A)
IP Version 6 Address records (AAAA)
Canonical Name records (CNAME)
Host Information records (HINFO)
Integrated Services Digital Network records (ISDN)
Mail exchanger record (MX)
Name Server records (NS)
Reverse-lookup Pointer records (PTR)
Start of Authority records (SOA)
Text records (TXT)
GOOGLE DORKS
The very first method
is to use search engines. If robots.txt of a site has allowed the search
engines crawlers, the the crawlers/spiders will take all the information, which
may have sensitive URL, credentials etc. To use information from spiders, we
craft special search queries to list out such information.
inurl:certifiedhacker.com
Simply paste the above query in google and, this query will
return all the urls that have certified hacker in it. Such queries are called
google dorks and this method is generally known as Google hacking. You’ll see
lots of useful queries in google hacking database of exploit db.
Nice blog Thank you.
ReplyDeletePassive Networking
Structured Cabling
structured cabling companies
structured cabling solutions
nice
ReplyDeletePassive Networking
Structured Cabling