< All Advanced Penetration Testing Notes

lsec0ni | Advanced Penetration Testing | Module 4 - Information Gathering

By: lsec0ni | Related Course: Advanced Penetration Testing | Published: January 18, 2017 | Modified: January 20, 2017
Join Cybrary

NotepadInformation Gathering (part 2) Domain Name Services

whois

Domain by proxy – pay extra to hide information like registrant name, organisation etc…

nslookup

for mail server, set type=mx

for name server, set type = ns

Zone files – zone transfer- all dns information – transfer form pri to sec dns etc…-  *should be turned off* – otherwise can get all information about your org easily from DNS

How to check if zone transfer is allowed by target domain (e.g. zonetransfer.me that allows zone transfer)?

1. Check what are the name servers for

host -t ns zonetransfer.me

2. Try a domain zone transfer:

host -l zonetransfer.me (nameserver)

fierce = Automated dns scanner for all hosts on a particular domain

e.g. > fierce -dns microsoft.com

 


NotepadInformation Gathering (part 3) Targeting

1.Finding Target Email Addresses for future attacks

theharvester = look through different search engines to fine email addresses.

2. netcraft.com = finds technology used on site and other information

3. Maltego = gui type to find different contexts about a specific target

4. shodan = looks for exposed devices, IOT, webcams etc…works by grabbing banners

 


NotepadInformation Gathering (part 4) recon-ng and

recon-ng = metasploit-ish exploit framework

google dorks


Notepadnformation Gathering (part 5) NMAP

nmap


< All Advanced Penetration Testing Notes
Join Cybrary

Our Revolution

We believe Cyber Security training should accessible for everyone, everywhere. Everyone deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is the world's largest community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

We recommend always using caution when following any link

Are you sure you want to continue?

Continue
Cancel