Information gahtering is generally divided into two categories, passive information gathering and active information gathering.
Passive information gathering can be defined as collecting information without making any active connections, like port scans, ... For this purpose, we can use search engines, on-line scanners and Internet archives, like Usenet, web page cashes,...
So, what is the most powerfull tool for this? I guess you know the answer... Google!
Beside Google, there are some more search engines that can be very usufull, like:
teoma.com
excite.com
metacrawler.com
Back to Google. Google has many advanced features, like operators, which can help us in finding informations.
You can see operators here: http://www.google.com/help/operators.html
We should not forget to search newsgroups, p2p networks, job and spam databases, b2b portals...
or to check whois database information or query dns information online.
All of this sources can yield useful information about our target.
Imagine a question on newsgroups like: "New patch for my apache version 2.0.59 is not working, can someone help?". You see your way here... :)
Or from job databases, you can see what your target(organization/company) requires from system administrator,... or something like that... and you got the picture slowly... :)
Another excellent resource is netcraft.com, which gives a lot of information about a given domain and much
more. Check it out...
That's it for now about passive information gathering...
First of all, what is penetration testing?
It's a process of establishing weaknesses in a computer infrastructure or network. A team of specialists uses real-world hacking techniques to exploit targeted system or network. This process is also known as Vulnerability Assessment or Ethical Hacking.
There are two main approaches of a comprehensive penetration test, black-box testing and white-box testing. Black-box testing is conducting a test with no prior knowledge of the infrastructure, while white-box testing is conducting a test with a complete knowledge of the network infrastructure.
Steps in penetration testing should be:
1. Information Gathering - gathering maximum information on the remote host/organization
2. Fingerprinting/Footprinting - getting detailed information on remote host
5. Evading Firewall Rules - firewall evasion techniques are used to bypass firewall rules
6. Vulnerability Scanning - identifying, understanding and verifying the weaknesses, misconfigurations and vulnerabilities associated with remote host
7. Exploiting Services - the weaknesses found in the remote services are exploited
8. Password Cracking - validating password strength
9. Denial of Service Testing - denial of service attacks
10. Escalation of Privileges - elevation id privileges is the type of rights the attacker gains over the remote system
Of course, some steps can have different order, some of steps are not so imortant as others, but it all depends of situation and system we are testing.
I'm going to write a lot about every step, you just keep visiting and reading :)
It's a process of establishing weaknesses in a computer infrastructure or network. A team of specialists uses real-world hacking techniques to exploit targeted system or network. This process is also known as Vulnerability Assessment or Ethical Hacking.
There are two main approaches of a comprehensive penetration test, black-box testing and white-box testing. Black-box testing is conducting a test with no prior knowledge of the infrastructure, while white-box testing is conducting a test with a complete knowledge of the network infrastructure.
Steps in penetration testing should be:
1. Information Gathering - gathering maximum information on the remote host/organization
2. Fingerprinting/Footprinting - getting detailed information on remote host
3. Newtork Surveying - combination of data collection, information gathering, and policy control
4. Services Identification - port scanning, finding vulnerable services5. Evading Firewall Rules - firewall evasion techniques are used to bypass firewall rules
6. Vulnerability Scanning - identifying, understanding and verifying the weaknesses, misconfigurations and vulnerabilities associated with remote host
7. Exploiting Services - the weaknesses found in the remote services are exploited
8. Password Cracking - validating password strength
9. Denial of Service Testing - denial of service attacks
10. Escalation of Privileges - elevation id privileges is the type of rights the attacker gains over the remote system
Of course, some steps can have different order, some of steps are not so imortant as others, but it all depends of situation and system we are testing.
I'm going to write a lot about every step, you just keep visiting and reading :)
posted by Jovica at 2:21 PM
|
1 comments
|
1 comments