4. recon
TRANSCRIPT
-
8/10/2019 4. Recon
1/21
4. Culegerea de informaii(recunoaterea)
-
8/10/2019 4. Recon
2/21
2 Ion BICA
Rol
Primul pas n etapa de testare
Nu poi ataca ceea ce nu cunoti
Black-box / gray-box test
Obinerea a ct mai multor informaii despre int
Activitate non-intruziv pentru int
Se efectueaz de obicei manual ns poate fi i automatizatprin intermediul scripturilor
-
8/10/2019 4. Recon
3/21
3 Ion BICA
Perspective asupra intei
System view
tehnologii, dispozitive, sisteme de operare
Functional / logical view
rolul fiecrui dispozitiv / sistem Physical view
sedii, locaiile n care sunt dispuse echipamentele
Temporal view
programul de lucru
Social view
date despre angajai
Lifecycle view
fazele unui proces de business
Consequence view
daca producerea unui eveniment genereaz alt eveniment (e.g. accesulneautorizat n cldire duce la apariia poliiei / firmei de paz la faa locului)
-
8/10/2019 4. Recon
4/21
4 Ion BICA
De unde se pot obine informaii?
Paginile de web ale companiei / angajailor
Cutare pe Internet Google, Yahoo
Interogare baze de date publice
Whois
DNS
Social networks Facebook, LinkedIn
Social engineering
-
8/10/2019 4. Recon
5/21
5 Ion BICA
Paginile de web ale companiei
Vizitare pasiv a serverelor de Web
Adrese, persoane de contact, numere de telefon, e-mail,evenimente, etc
Mirror Web site
Wget, Teleport Pro
grep, findstr
Outlook Web Access / Webmail https://owa.abc.ro
https://outlook.abc.ro
https://webmail.abc.ro Virtual Private Network
http://vpn.abc.ro
http://www.abc.ro/vpn
-
8/10/2019 4. Recon
6/21
6 Ion BICA
Google Hacking
Johnny Long, Google Hacking for Penetration Testers,Syngress, 2005
Google search syntax filetype:doc filetype:pdf filetype:xls
intext:, intitle:, inurl:
allintext:, allintitle:, allinurl:
site:gov site:mil site:abc.ro related:www.abc.ro
http://www.googleguide.com/advanced_operators.html
Google cache
-
8/10/2019 4. Recon
7/21
7 Ion BICA
Google Hacking (cont.)
-
8/10/2019 4. Recon
8/21
8 Ion BICA
Google Hacking (cont.)
-
8/10/2019 4. Recon
9/21
9 Ion BICA
Google Hacking (cont.)
-
8/10/2019 4. Recon
10/21
10 Ion BICA
Whois
Gestiunea numelor de domeniu, adreselor IP, protocoalelor inumerelor de porturi n Internet:
Internet Assigned Numbers Authority (IANA)
http://www.iana.org
Internet Corporation for Assigned Names and Numbers (ICANN)
http://www.icann.org
Alocarea Adreselor IP - Regional Internet Registries (RIR) African Network Information Centre (AfriNIC) pentru Africa American Registry for Internet Numbers (ARIN) pentru SUA i Canada
Asia-Pacific Network Information Centre (APNIC) pentru Asia i
Australia Latin America and Caribbean Network Information Centre (LACNIC)
pentru America Latin
RIPE NCC pentru Europe, Orientul Mijlociu i Asia Central
-
8/10/2019 4. Recon
11/21
11 Ion BICA
IANA Search
-
8/10/2019 4. Recon
12/21
12 Ion BICA
ROTLD Search
-
8/10/2019 4. Recon
13/21
13 Ion BICA
RIPE Search
-
8/10/2019 4. Recon
14/21
14 Ion BICA
Interogri DNS
nslookup, dig, host
Tipuri de nregistrriSOA Indicates authority for the domain
NS Hosts or domains name server(s)MX Hosts or domains mail exchanger(s)
A A hosts IP address
PTR Hosts domain name, host identified by its IP address
SRV Service location record
HINFO Host information recordTXT Generic text record
CNAME Hosts canonical name (aliases)
RP Responsible person
$dig mta.ro SOA
Transfer de zone $dig @server domain AXFR
de regul, aceast operaie este restricionat n mod corespunztor
-
8/10/2019 4. Recon
15/21
15 Ion BICA
Interogri DNS (cont.)
-
8/10/2019 4. Recon
16/21
16 Ion BICA
Interogri DNS (cont.)
-
8/10/2019 4. Recon
17/21
17 Ion BICA
Recunoatere la nivel de reea
Traceroute descoperire rute, localizare firewall, routere, etc
tracert (Windows) folosete ICMP
traceroute (Linux)
folosete UDP
NeoTrace, VisualRoute, VisualLookout interfa grafic
-
8/10/2019 4. Recon
18/21
18 Ion BICA
tracert
-
8/10/2019 4. Recon
19/21
19 Ion BICA
NeoTrace
-
8/10/2019 4. Recon
20/21
20 Ion BICA
Unelte online
whois.net
www.dnsstuff.com
www.netcraft.com
www.samspade.com
-
8/10/2019 4. Recon
21/21
21 Ion BICA