on a website, etc. This information will help you later when exploiting the target
and discovering information.
It is completely legal to know the following things, as they are available to the public:
* First name
* Last name
* Where they are from
* What OS they run
* Their web browser
* Username (of the ISP, and websites they belong to)
* ISP
* IP address
* Phone number
* Street address
* Services/daemons running on their system
Now I will discuss some techniques used to find this information.
&& Google:
Google is a very powerful tool, and it is anonymous.
To learn more about a site just type site:type site name here
and you will see all of it's subdomain's indexed by Google.
You can also use this with usernames, emails, and other information you gather
(of course not using the "site:" string)
You would do that because user's may use the same email/username for multiple sites,
and there you could discover more about your target.
&& Emails
If you can get someone to email you back look in the headers of the email. From here
you can gain IP addresses, dates, what mail service they are running (thunderbird,
web based, etc.) and more info.
&& Finger
It runs on port 79, and using it you can find info about the server running it.
Using this you can get info such as owner's name, if the system is up, uptime/downtime,
and sometimes even a phone number and address.
Finger can be used by telnetting to port 79 (windows), Getting a Unix shell account and
using the finger command, or samspade, from samspade.org
&& whois
whois looks up info about a domain name, it checks InterNIC's database for information,
such as ISP, where they live, etc.
&& Port Scanning
This is very important, I reccommend Nmap for this, you can get it at
insecure.org, (check out the site, it's a great resource)
Basically Nmap will scan your target and check which ports are open,
closed, and filtered. Nmap is a powerful tool, I reccommend you get
familiar with it.
&& Services/Daemons
If you happen to find an open port you can telnet to it and check what is running on it,
the version, and you can sometimes exploit it. Check sites like Milw0rm.com and
insecure.in for possible exploits. Doing this is sometimes reffered to as banner grabbing.
&& social engineering
Asking the user!! Some of the best hackers used social engineering to get them closer to
their targets, take Mitnick as an example, he was very familiar with how computers and
phone networks worked, and used this to exploit the user to gain more information.
(Emails, secret info, etc.) Here I would incluse phishing attempts and IP catchers (which can be coded in PHP).
&& Whats's next?
Usually exploitation,
Reply me if u like it.
Thanx
No comments:
Post a Comment