Loading presentation...

Present Remotely

Send the link below via email or IM

Copy

Present to your audience

Start remote presentation

  • Invited audience members will follow you as you navigate and present
  • People invited to a presentation do not need a Prezi account
  • This link expires 10 minutes after you close the presentation
  • A maximum of 30 users can follow your presentation
  • Learn more about this feature in our knowledge base article

Do you really want to delete this prezi?

Neither you, nor the coeditors you shared it with will be able to recover it again.

DeleteCancel

Make your likes visible on Facebook?

Connect your Facebook account to Prezi and let your likes appear on your timeline.
You can change this under Settings & Account at any time.

No, thanks

Information Gathering with Kali Linux Tools & Techniques

No description
by

Bhargav Tandel

on 18 September 2014

Comments (0)

Please log in to add your comment.

Report abuse

Transcript of Information Gathering with Kali Linux Tools & Techniques

Information Gathering with Kali Linux Tools & Techniques
Information Gathering
One of the most important stages of an attack is information gathering. To be able to launch an attack, we need to gather basic information about our target. So, the more information we get, the higher the probability of a successful attack.

In this session we are going to cover bellow topics
Service enumeration
Determining network range
Identifying active machines
Finding open ports
Operating system fingerprinting
Service fingerprinting
Threat assessment with Maltego
Mapping the network
Service enumeration
In this session, we will perform a few service enumeration tricks. Enumeration is a process that allows us to gather information from a network. We will examine
DNS enumeration
technique.
DNS enumeration is the process of locating all DNS servers and DNS entries for an organization. DNS enumeration will allow us to gather critical information about the organization such as usernames, computer names, IP addresses, and so on.
For DNS enumeration we are use
DNSenum
Tool.
Now Let's start by examining the DNS enumeration:

course outline
During that course we are going through following steps

1.
Information Gathering
2.
Vulnerability Assessment
3.
Exploiting Vulnerabilities
4.
Escalating Privileges
5.
Password Attacks

so we playing around that Tools and Techniques.

Let's start with Information Gathering.
DNS enumeration using DNSenum
We will utilize DNSenum for DNS enumeration. To start a DNS enumeration, open the Gnome terminal and enter the following command:
#dnsenum --enum google.com

There are some additional options we can run using DNSenum and they include
the following:
-- threads [number] allows you to set how many processes will run at once
-r allows you to enable recursive lookups
-d allows you to set the time delay in seconds between WHOIS requests
-o allows us to specify the output location
-w allows us to enable the WHOIS queries
you can you another tools and techniques to do same.
DNS Enumeration with fierce
To perform a domain scan with fierce tool that tries multiple techniques to
find all the IP addresses and hostnames used by a target.

you can use multiple options with that tool. Let's use one of them
#fierce -dns google.com

you can also use online tools to do that. we going to use one of them
https://pentest-tools.com

lots of technique available to enumerating DNS records.
you can also follow my Blog. I have write some articles on different topics
Link-
http://kungfuhacking.blogspot.com


Determining Network Range
With the gathered information obtained by following the previous step. we can now focus on determining the IP addresses range from the target network.
we use different tools for determine network range. I just start from dmitry.
#dmitry -wnspb google.com -o /root/Desktop/dmitry-result
When finished, we should now have a text document on the desktop with filename dmitry-result.txt, filled with information gathered from the target.
To issue an ICMP netmask request, use netmask tool
#netmask -s google.com
you can also use different tools from Kali menu #
Maltego is another cool tool for information gathering. We cover maltego in later topic in this video.
Identifying Active Machines
Before attempting a pentest, we first need to identify the active machines that are on the target network range.
A simple way would be by performing a ping on the target network. Of course, this can be rejected or known by a host, and we don't want that.
so in that case Using Nmap we can find if a host is up or not.
#nmap -sP 192.168.198.139
We can also use Nping (Nmap suite), which gives us a more detailed view.we can use different options with nping
#nping 192.168.198.137
We can also send some hex data to a specified port.
#nping -tcp -p 445 -data AF56A43D 192.168.198.137

By- Bhargav Tandel
Finding open ports
With the knowledge of the victim's network range and the active machines, we'll proceed with the port scanning process to retrieve the open TCP and UDP ports and access points.
To begin, launch a terminal window and enter the following command.
# nmap 192.168.198.139
We can also explicitly specify the ports to scan (in this case, we are specifying 1000 ports).
#nmap -p 1-1000 192.168.198.139
specify Nmap to scan all the organization's network on TCP port 22.
#nmap -p 22 192.168.198.*
We can output the result to a specified format from nmap
#nmap -p 22 192.168.198.* -oG /root/Desktop/result.txt
We can also use Zenmap for GUI version of nmap #
Operating system fingerprinting & Service Fingerprinting
At this point of the information gathering process, we should now have documented a list of IP addresses, active machines, and open ports identified from the target organization.
The next step in the process is determining the running operating system of the active machines in order to know the type of systems we're pentesting.
Using Nmap, we issue the following command with the -O option to enable the OS detection feature.
#nmap -O 192.168.198.139
Determining the services running on specific ports will ensure a successful pentest on the target network. It will also remove any doubts left resulting from the OS fingerprinting process.
so first we use nmap to do that we need to run following command.
#nmap -sV 192.168.198.139
Using amap, we can also identify the application running on a specific port or a range of ports
#amap -bq 192.168.198.139 1-500

Threat assessment with Maltego
In this session, we'll begin with the use of a special Kali edition of Maltego, which will aid us in the information gathering phase by representing the information obtained in an easy to understand format.
Maltego is an open source threat assessment tool that is designed to demonstrate the complexity and severity of a single point of failure on a network. It has the ability to aggregate information from both internal and external sources to provide a clear threat picture.
An account is required in order to use Maltego. To register for an account, go to
https:// www.paterva.com/web6/community/maltego/
we used Maltego to map the network. Maltego is an open source tool used for information gathering and forensics which was created by Paterva.
Maltego highly useful because we are able to utilize this automation to quickly gather information on our target, such as gathering e-mail addresses, servers, performing WHOIS lookups, and so on. #
Full transcript