Intelligence Gathering. n00bpentesting.com

Similar documents
Post Exploitation. n00bpentesting.com

Why do I need a pen test lab? Requirements. Virtual Machine Downloads

Penetration Testing Lab. Reconnaissance and Mapping Using Samurai-2.0

PTSv2 in pills: The Best First for Beginners who want to become Penetration Testers. Self-paced, online, flexible access

NCS 430 Penetration Testing Lab #2 Tuesday, February 10, 2015 John Salamy

Microsoft Software Update Services and Managed Symantec Anti-virus. Michael Satut TSS/Crown IT Support

IDS and Penetration Testing Lab ISA656 (Attacker)

Symantec Cyber Readiness Challenge Player s Manual

Author: Sumedt Jitpukdebodin. Organization: ACIS i-secure. ID: My Blog:

Make a folder named Lab3. We will be using Unix redirection commands to create several output files in that folder.

Automated Penetration Testing with the Metasploit Framework. NEO Information Security Forum March 19, 2008

1 Scope of Assessment

Vulnerability analysis

IDS and Penetration Testing Lab II

60467 Project 1. Net Vulnerabilities scans and attacks. Chun Li

Lab 10: Security Testing Linux Server

How to hack a website with Metasploit

A New Era. A New Edge. Phishing within your company

Vulnerability Assessment and Penetration Testing

Security Threat Kill Chain What log data would you need to identify an APT and perform forensic analysis?

Recon and Mapping Tools and Exploitation Tools in SamuraiWTF Report section Nick Robbins

Creating a Linux Virtual Machine using Virtual Box

Firewalls and Software Updates

Vulnerability Assessment Lab

Lab Objectives & Turn In

Penetration Testing Walkthrough


Penetration Testing Workshop

Hacking Techniques & Intrusion Detection

Professional Penetration Testing Techniques and Vulnerability Assessment ...

Penetration Testing LAB Setup Guide

CYCLOPE let s talk productivity

Penetration Testing. Presented by: Elham Hojati Advisor: Dr. Akbar Namin July 2014

Creating a Windows XP Virtual Machine using Virtual Box

During your session you will have access to the following lab configuration. CLIENT1 (Windows XP Workstation) /24

Learn Ethical Hacking, Become a Pentester

Metasploit Unleashed. Class 2: Information Gathering and Vulnerability Scanning. Georgia Weidman Director of Cyberwarface, Reverse Space

Penetration Testing with Kali Linux

Intelligent Power Protector User manual extension for Microsoft Virtual architectures: Hyper-V 6.0 Manager Hyper-V Server (R1&R2)

Penetration Testing. NTS330 Unit 1 Penetration V1.0. February 20, Juan Ortega. Juan Ortega, juaorteg@uat.edu. 1 Juan Ortega, juaorteg@uat.

Smartphone Pentest Framework v0.1. User Guide

INTRODUCTION: PENETRATION TEST A BUSINESS PERSPECTIVE:

Student installation of TinyOS

How To Use The Cisco Ace Module For A Load Balancing System

1 Recommended Readings. 2 Resources Required. 3 Compiling and Running on Linux

Part I - Gathering WHOIS Information

Course Duration: 80Hrs. Course Fee: INR (Certification Lab Exam Cost 2 Attempts)

Bringing the Eko VM Home (302)

Cisco Unified Intelligence Center for Advanced Users

Penetration Testing Scope Factors

AUTHOR CONTACT DETAILS

NETWORK SECURITY WITH OPENSOURCE FIREWALL

1.0 Hardware Requirements:

IS L06 Protect Servers and Defend Against APTs with Symantec Critical System Protection

Quick Start Guide for VMware and Windows 7

CUICAU: Cisco Unified Intelligence Center for Advanced Users v1.x

LOCKSS on LINUX. Network Data Transition 02/17/2011

Download Virtualization Software Download a Linux-based OS Creating a Virtual Machine using VirtualBox: VM name

Project Artillery Active Honeypotting. Dave Kennedy Founder, Principal Security Consultant

StruxureWare Data Center Expert Release Notes

Secure Messaging Server Console... 2

Dell UPS Local Node Manager USER'S GUIDE EXTENSION FOR MICROSOFT VIRTUAL ARCHITECTURES Dellups.com

Lab 7 - Exploitation 1. NCS 430 Penetration Testing Lab 7 Sunday, March 29, 2015 John Salamy

Web attacks and security: SQL injection and cross-site scripting (XSS)

Newsletter - September T o o l s W a t c h T e a m NJ OUCHN & MJ SOLER

Quick Start Guide for Parallels Virtuozzo

COURSE NAME: INFORMATION SECURITY INTERNSHIP PROGRAM

Metasploit: Penetration Testing in a Virtual Environment. (Final Draft) Christopher Steiner. Dr. Janusz Zalewski. CNT 4104 Fall 2011 Networks

Introduction to Operating Systems

Virtual Learning Tools in Cyber Security Education

Running a Default Vulnerability Scan

Build Your Own Security Lab

Kerem Kocaer 2010/04/14

Security-as-a-Service (Sec-aaS) Framework. Service Introduction

ANNEXURE-1 TO THE TENDER ENQUIRY NO.: DPS/AMPU/MIC/1896. Network Security Software Nessus- Technical Details

SAS University Edition: Installation Guide for Linux

StruxureWare Data Center Expert Release Notes

IDS and Penetration Testing Lab ISA 674

Implementing the Application Control Engine Service Module

Installing Hortonworks Sandbox 2.0 VirtualBox on Windows

Penetration Testing LAB Setup Guide

Penetration: from Application down to OS

Host Discovery with nmap

Monitor and Secure Linux System with Open Source Tripwire

Verax Service Desk Installation Guide for UNIX and Windows

Installing Hortonworks Sandbox 2.1 VirtualBox on Mac

Alinto Mail Server Pro

CRYPTUS DIPLOMA IN IT SECURITY

Anatomy of an ethical penetration test

CLC Server Command Line Tools USER MANUAL

Self Service Penetration Testing

inforouter V8.0 Server & Client Requirements

Quick Start Guide. User Manual. 1 March 2012

APPLICATION NOTE. How to build pylon applications for ARM

LEARNING COMPUTER SYSTEMS VULNERABILITIES EXPLOITATION THROUGH PENETRATION TEST EXPERIMENTS

Metasploit Pro Getting Started Guide

Running a Default Vulnerability Scan SAINTcorporation.com

Transcription:

Intelligence Gathering

Prerequisites Hardware Software Topics Covered A Note Before You Begin Lab 0ne Target Selection and OSINT Scenario Lab Tw0 - Footprinting What s Next? 3 3 3 4 4 4 5 5 13 17 2

Prerequisites Thank you for downloading the Lab Guide 0ne. This guide is designed to help the n00b penetration tester get their feet wet with some of the tools covered on while honing their skills following the Penetration Testing Execution Standard. Hardware Computer with Linux, Windows, or Mac OSX 4GB RAM Hard- drive with at least 50GB Software VirtualBox Virtualization Software http://www.virtualbox.org/wiki/downloads BackTrack 5 R1 Virtual Machine http://www.backtrack- linux.org/downloads Windows XP SP2 Virtual Machine Supply your own copy or use a NIST Image NIST - http://nvd.nist.gov/fdcc/download_fdcc.cfm Metasploitable Virtual Machine http://updates.metaspoit.com/data/metasploitable.zip.torrent 3

Topics Covered Target Selection Open Source Intelligence (OSINT) Footprinting A Note All guides will follow applicable sections of the Penetration Testing Execution Standard (PTES). It is highly recommended that any penetration tester or one who wants to move into this field should read and regularly reference the standard. It can be found here: http://www.pentest- standard.org/ Before You Begin It is important to update BackTrack, SET, and Metasploit before you begin each lesson. Updating these packages will ensure the latest tool updates and fixes are applied for better stability and exploit success. To Update BackTrack At the command prompt type: apt- get update && apt- get upgrade && apt- get dist- upgrade, press ENTER To Update Set At the command prompt type: cd /pentest/exploits/set && svn update, press ENTER To Update Metasploit At the command prompt type: cd /pentest/exploits/framework && svn update, press ENTER 4

Lab 0ne Target Selection and OSINT In this lab you will learn both active and passive intelligence gathering techniques. Scenario You have already scoped the penetration test, agreed to rules of engagement and are now embarking on the penetration test. During the first phases of this lab we will use a real company of your choosing to perform passive intelligence gathering also known as Open Source Intelligence, or OSINT. The client is 1. Visit the target client website. Attempt to determine the following: a) What do they do? b) Where they are located c) Leadership d) Emails 5

e) Phone Numbers 2. Visit Monster.com and search for job postings listed by the target client. What did you learn? 3. Visit Yahoo! Finance and search for the target client. What was the last reported revenue? Any recent stock transactions? What market are they listed on? 4. Google search for the client name you have chosen. What else did you find? 6

Let s look at a tool that we can use to capture some of this same information in an automated manner. 1) Start the Backtrack virtual machine 2) Login and startx 3) At the prompt type: cd /pentest 4) Then press ENTER 7

5) At the prompt type: ls, press ENTER This is like using the dir command in Windows to see the contents of a directory. 8

6) At the prompt type: cd enumeration/theharvester, press ENTER 9

7) At the command prompt type: ls, press ENTER This will give you the contents of the directory To run any script or program from the local directory in Linux prepend the filename with./ 10

8) At the prompt type:./theharvester, press ENTER The following help screen will appear giving you the options for the Python script. This is true for most scripts in Backtrack. If the script is run by itself the help information will be presented. 11

This tool is used to get information for a given domain like google.com from multiple sources in a single command. We can see that the available data sources are google, bing, bingapi, pgp, linkedin, gooogle- profiles, exalead, and all. Note: target domain in the command will be the company you have selected as your target. 9) At the prompt type:./theharvester d target domain b all, press ENTER Review the results from all the sources you selected for the target domain. Did the harvester script get any more information than what you gathered from the manual procedures? 12

Lab Tw0 - Footprinting Now that you have gathered open source intelligence the next step is to footprint the target. Footprinting is the method of finding active IP addresses, open service ports, etc. of the target. There are both passive and active footprinting techniques, but generally these are active, which means there is interaction with the target s network and systems. In order to move through this and the remaining labs through exploitation, you must use the metasploitable VM or one of the many vulnerable virtual systems available for download. Caution: You must not perform any of the following procedures on any system you do not have the explicit written permission of the target. It is highly recommended you only use the vulnerable virtual machine listed in the prerequisites section. You have been warned. Please see the Setting Up a Lab guide on for proper lab configuration using VirtualBox. 13

1) Start the BackTrack VM and metasploitable VM. In order to know what services are running on our vulnerable VM, we must perform a port scan. 2) In Backtrack, at the prompt type: nmap ss ip_address, press Enter We now know what service ports are open on the target system, but what versions of the software, and what operating system is running? Let s run another NMAP scan that will give us this information. 14

3) At the command prompt type: nmap sv O ip_address The NMAP output shows what version of software is running on each open port and provides the operating system that our target system is running. 15

Another method that can used to determine what software is running on an open service port is to banner grab. This is simply connecting to the target system on an open service port and capturing what the application on that port provides. Let s look at the port 80. We ll use NetCat. 4) At the command prompt type: nc target_ip 80 5) At the command prompt type: HEAD / HTTP 1.1, then press ENTER twice Now, that this information is collected, it can be used to search for vulnerabilities that have exploits available. We now know that the target is running Linux 2.6.x and multiple other services. 16

What s Next? The next step is Vulnerability Analysis. Please see Intro To Penetration Testing Lab Guide Tw0. 17

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information