.c om cu u du o ng th an co ng Information Gathering CuuDuongThanCong.com https://fb.com/tailieudientucntt .c om Contents co  Passive information gathering ng  What is information gathering cu u du o ng th an  Active information gathering CuuDuongThanCong.com https://fb.com/tailieudientucntt .c om cu u du o ng th an co ng What is information gathering CuuDuongThanCong.com https://fb.com/tailieudientucntt .c om What is information gathering  Information gathering is the first step in conducting a penetration test and is co ng arguably the most important an  Information gathering is the process of collecting the information from ng th different places about individual company, organization, Server, IP address or cu u du o person CuuDuongThanCong.com https://fb.com/tailieudientucntt .c om Information Gathering  Types of information gathering co an cu u du o ng th  Active information gathering ng  Passive information gathering CuuDuongThanCong.com https://fb.com/tailieudientucntt .c om cu u du o ng th an co ng Passive Information Gathering CuuDuongThanCong.com https://fb.com/tailieudientucntt .c om Passive Information Gathering  Passive information gathering focuses on collecting information archived co ng on systems not located in our client’s network th an  We try to gather as much information about our target network and cu u du o ng systems without connecting to them directly CuuDuongThanCong.com https://fb.com/tailieudientucntt .c om Information Searches  Locate the target Web presence co ng  Gather search engine results regarding the target an  Look for Web groups containing employee and/or company comments th  Examine the personal Web sites of employees du o ng  Search archival sites for additional information u  Look for job postings submitted by the target cu  Query the domain registrar  Domain name system (DNS) information CuuDuongThanCong.com https://fb.com/tailieudientucntt .c om Results • The penetration tester will have a wealth of information regarding the co ng target without ever visiting the target’s network th an • All passive information is gathered from third-party sources that have du o u cu this data ng collected information about our target, or have legal requirements to retain CuuDuongThanCong.com https://fb.com/tailieudientucntt .c om Tools cu u du o ng th an co ng  Netcraft (http://www.netcraft.com) CuuDuongThanCong.com https://fb.com/tailieudientucntt cu u du o ng th an co ng c om nmap - TCP Syn Scan (-sS) CuuDuongThanCong.com https://fb.com/tailieudientucntt .c om ng co an th ng du o u cu CuuDuongThanCong.com https://fb.com/tailieudientucntt .c om Nmap - TCP Connect Scan (-sT): cu u du o ng th an co ng  Make full connections CuuDuongThanCong.com https://fb.com/tailieudientucntt .c om Nmap – UDP Scan (-sU)  Nmap sends a UDP packet to a port Depending on the port, the packet sent is co ng protocol specific an  If it receives a response, the port is considered open ng th  If the port is closed, Nmap will receive an ICMP Port Unreachable message du o  If Nmap receives no response whatsoever, then either the port is open and the filtered cu u program listening does not respond to Nmap’s query, or the traffic is being CuuDuongThanCong.com https://fb.com/tailieudientucntt .c om ng co an th ng du o u cu CuuDuongThanCong.com https://fb.com/tailieudientucntt cu u du o ng th an co ng c om nmap CuuDuongThanCong.com https://fb.com/tailieudientucntt .c om Check for live systems ICMP Scanning co th an  #nmap –sn 192.168.153.2 cu u du o ng  Options: -sn: Ping scan ng  #nmap –sn 192.168.153.0/24 CuuDuongThanCong.com https://fb.com/tailieudientucntt cu u du o ng th an co ng c om Ping Sweep Tools CuuDuongThanCong.com https://fb.com/tailieudientucntt .c om Check for open ports  Nmap cu u du o ng th an co ng  Netcat CuuDuongThanCong.com https://fb.com/tailieudientucntt .c om Nmap ng # nmap -sS 192.168.20.10-12 cu u du o ng th an co nmap -sS 192.168.20.10-12 -oA booknmap CuuDuongThanCong.com https://fb.com/tailieudientucntt cu u du o ng th an co ng c om Nmap CuuDuongThanCong.com https://fb.com/tailieudientucntt .c om Nmap - UDP Scans  In a UDP scan (-sU), Nmap sends a UDP packet to a port Depending on the co ng port, the packet sent is protocol specific an  If it receives a response, the port is considered open ng th  If the port is closed, Nmap will receive an ICMP Port Unreachable message du o  If Nmap receives no response whatsoever, then either the port is open and the filtered cu u program listening does not respond to Nmap’s query, or the traffic is being CuuDuongThanCong.com https://fb.com/tailieudientucntt .c om nmap ng #nmap -sS -sV 192.168.20.11 cu u du o ng th an co -sV: Probe open ports to determine service/version infoom CuuDuongThanCong.com https://fb.com/tailieudientucntt .c om Nmap –UDP scan ng  nmap -sU 192.168.20.10-12 cu u du o ng th an co  nmap -sS -p 3232 192.168.20.10 CuuDuongThanCong.com https://fb.com/tailieudientucntt cu u du o ng th an co ng c om Website Information gathering CuuDuongThanCong.com https://fb.com/tailieudientucntt ... CuuDuongThanCong.com https://fb.com/tailieudientucntt .c om Nmap ng # nmap -sS 1 92. 168 .20 .10- 12 cu u du o ng th an co nmap -sS 1 92. 168 .20 .10- 12 -oA booknmap CuuDuongThanCong.com https://fb.com/tailieudientucntt... Check for live systems ICMP Scanning co th an  #nmap –sn 1 92. 168.153 .2 cu u du o ng  Options: -sn: Ping scan ng  #nmap –sn 1 92. 168.153.0 /24 CuuDuongThanCong.com https://fb.com/tailieudientucntt... terminator.movie.edu u Dùng để chuyển mail internet cu MX du o Vd: terminator.movie.edu IN A 1 92. 168.11.100 t3h.com IN MX mail.t3h.com CuuDuongThanCong.com https://fb.com/tailieudientucntt .c