Please enable JavaScript.
Coggle requires JavaScript to display documents.
M2 - Information Gathering, Network Scanning & Cloud Technologies -…
M2 - Information Gathering, Network Scanning & Cloud Technologies
Footprinting
-
- Domain Whois info
- E-mail contact details
- IP address and target range
- DNS records and subdomains
- OS fingerprinting
- Finding login pages, backup, admin pages
- Technology used by the target
- Vulnerability scanning
- Network scanning
- Office & people reconnaissance
Info Gathering
The goals:
- To obtain precise info
- To understand how the organization works
- To discover the best route of entry
Using
- Public tools
- Scanners
- Sending simple HTTP requests
-
Types of
Info Gathering
Active
-
By phone call, interview or f2f meeting
- control port scans for open ports on the target
- control scans to decide which of the services is running.
Passive
-
Target
-
-
-
4th - Web Server
- Server OS
- Services running
- Open Protocols
- Open Ports
- App & Frameworks
To identify
- network maintainers
- network boundaries
- what web server software
- OS is being used on the target network
- Domain Name
- Internal Domain Names
- Network Blocks
- IP add
- Rogue /private websites
- TCP & UDP service running
- Networking Protocols
- IDS running
- System enumeration
- User & group names
- System banners
- Routing Tables
- SNMP information
- System information
- Remote OS
- System names
- Passwords
- E-mail add.
- App. Frameworks
Attacker's PoV
1st gather information like
- IP add
- domain name
- OS
- IP range
- control panel
- vulnerable services
Attackers use social engineering & tools to collect
- address
- name
- phone number
- date of birth
Investigator's PoV
Investigator can gather info bfore taking any legal action like
- name
- traces of criminal
- contact number
- address
- company info etc. before taking any legal action
-
-
TCP/IP Layer
-
Header
- source & destination add
- a sequence number
- an acknowledgment num.
- a check sum
-
-
IP Address
Private IPv4
- 10.0.0.0 – 10.255.255.255
- 172.16.0.0 – 172.31.255.255
- 192.168.0.0 – 192.168.255.255
-
-
Subnet Masks
- Class A: 255.0.0.0
- Class B: 255.255.0.0
- Class C: 255.255.255.0
Internet Assigned Numbers Authority (IANA) assigns ASNs to Regional Internet Registries
(m/s 32 Part 1)