Embedded Files
Before a penetration test even begins, penetration testers spend time with their clients working out the scope, rules, and goals of the test. The penetration testers may break in using any means necessary, from information found in the dumpster, to web application security holes, to posing as the cable guy. After pre-engagement activities, penetration testers begin gathering information about their targets.
Module Objective
Module Objective
The objective of the lab is to extract information concerning the target organization that includes, but is not limited to:
IP address range associated with the target
Purpose of organization and why does it exist
How big is the organization? What class is its assigned IP Block?
Does the organization freely provide information on the type of operating systems employed and network topology in use?
Type of firewall implemented, either hardware or software or combination of both
Does the organization allow wireless devices to connect to wired networks?
Type of remote access users, either SSH or VPN
Is help sought on IT positions that give information on network services provided by the organization?
Identify organization’s users who can disclose their personal information that can be used for social engineering and assume such possible usernames
Lab Objectives
Lab Objectives
The objective of this lab is to demonstrate how to extract a company’s data using Web Data Extractor. Students will learn how to:
Extract Meta Tag, Email, Phone/Fax from the web pages
Scenario
Scenario
A penetration test begins before penetration testers have even made contact with the victim’s systems. Rather than blindly throwing out exploits and praying that one of them returns a shell, a penetration tester meticulously studies the environment for potential weaknesses and their mitigating factors. By the time a penetration tester runs an exploit, he or she is nearly certain that it will be successful. Since failed exploits can in some cases cause a crash or even damage to a victim system, or at the very least make the victim un-exploitable in the future, penetration testers won't get the best results, or deliver the most thorough report to their clients, if they blindly turn an automated exploit machine on the victim network with no preparation.
Module Syllabus
Module Syllabus
Footprinting Terminologies
What is Footprinting?
Objectives of Footprinting
Footprinting Threats
Finding a Company’s URL
Locate Internal URLs
Public and Restricted Websites
Search for Company’s Information
Tools to Extract Company’s Data
Footprinting Through Search Engines
Collect Location Information
Satellite Picture of a Residence
People Search
People Search Using http://pipl.com
People Search Online Services
People Search on Social Networking Services
Gather Information from Financial Services
Footprinting Through Job Sites
Monitoring Target Using Alerts
Competitive Intelligence Gathering
Competitive Intelligence-When Did this Company Begin? How Did it Develop?
Competitive Intelligence-What are the Company's Plans?
Competitive Intelligence-What Expert Opinion Say About the Company?
Competitive Intelligence Tools
Competitive Intelligence Consulting Companies
WHOIS Lookup
WHOIS Lookup Result Analysis
WHOIS Lookup Tools: SmartWhois
WHOIS Lookup Tools
WHOIS Lookup Online Tools
Extracting DNS Information
DNS Interrogation Tools
DNS Interrogation Online Tools
Locate the Network Range
Traceroute
Traceroute Analysis
Traceroute Tool: 3D Traceroute
Traceroute Tool: LoriotPro
Traceroute Tool: Path Analyzer Pro
Traceroute Tools
Mirroring Entire Website
Website Mirroring Tools
Mirroring Entire Website Tools
Extract Website Information from http://www.archive.org
Monitoring Web Updates Using Website Watcher
Tracking Email Communications
Email Tracking Tools
Footprint Using Google Hacking Techniques
What Can a Hacker Do With Google Hacking?
Google Advanced Search Operators
Finding Resources using Google Advanced Operator
Google Hacking Tool: Google Hacking Database (GHDB)
Google Hacking Tools
Additional Footprinting Tools
Footprinting Countermeasures
Footprinting Pen Testing
Report abuse