information gath
DESCRIPTION
TRANSCRIPT
![Page 1: Information gath](https://reader034.vdocument.in/reader034/viewer/2022051012/545878f5af795953128b49c5/html5/thumbnails/1.jpg)
INFORMATION GATHERING IN A PENTEST
By : Syarif @fl3xu5
Cybercrime Investigation Center Mabes Polri Jakarta, 28 Januari 2012
![Page 2: Information gath](https://reader034.vdocument.in/reader034/viewer/2022051012/545878f5af795953128b49c5/html5/thumbnails/2.jpg)
Agenda
About Pentest ( Penetration Testing )
Pentest Phase
How Important do Information Gathering
Passive & Active Information Gathering
Google Hack
Netcraft
Whois
host
dig
![Page 3: Information gath](https://reader034.vdocument.in/reader034/viewer/2022051012/545878f5af795953128b49c5/html5/thumbnails/3.jpg)
About Pentest ( Penetration Testing )
A method to evaluate the security of computer system / network
Practice ( attacking ) an IT System like a ‘hacker’ do
Find a security holes ( systemic weaknesses )
By pass security mechanism
compromise an Organization’s IT System Security
Must have a permission from IT System owner
~ The Person is called a Pentester ~
![Page 4: Information gath](https://reader034.vdocument.in/reader034/viewer/2022051012/545878f5af795953128b49c5/html5/thumbnails/4.jpg)
Pentest Phase
Information Gathering
Vulnerability Analysis
Exploitation
Post Exploitation
Reporting
![Page 5: Information gath](https://reader034.vdocument.in/reader034/viewer/2022051012/545878f5af795953128b49c5/html5/thumbnails/5.jpg)
How Important do Information Gath.
Information Gath. Chance of Successful attack~
![Page 6: Information gath](https://reader034.vdocument.in/reader034/viewer/2022051012/545878f5af795953128b49c5/html5/thumbnails/6.jpg)
Passive & Active Information Gathering
Passive Information Gathering Active Information Gathering
Google Hacking
Netcraft
Whois
Nslookup
Port Scanning
Service Scanning
Nmap
Metasploit
![Page 7: Information gath](https://reader034.vdocument.in/reader034/viewer/2022051012/545878f5af795953128b49c5/html5/thumbnails/7.jpg)
Google Hack
was introduced by Johnny Long
based on google basic usage information :http://www.google.com/help/basics.html!
More : http://www.google.com/help/operators.html
![Page 8: Information gath](https://reader034.vdocument.in/reader034/viewer/2022051012/545878f5af795953128b49c5/html5/thumbnails/8.jpg)
Google Hack ( cont’d )
Google basic search help
![Page 9: Information gath](https://reader034.vdocument.in/reader034/viewer/2022051012/545878f5af795953128b49c5/html5/thumbnails/9.jpg)
Google Hack ( cont’d )
Operators and More Search help
![Page 10: Information gath](https://reader034.vdocument.in/reader034/viewer/2022051012/545878f5af795953128b49c5/html5/thumbnails/10.jpg)
Google Hack ( cont’d )
Examples :
![Page 11: Information gath](https://reader034.vdocument.in/reader034/viewer/2022051012/545878f5af795953128b49c5/html5/thumbnails/11.jpg)
Google Hack ( cont’d )
Examples :
![Page 12: Information gath](https://reader034.vdocument.in/reader034/viewer/2022051012/545878f5af795953128b49c5/html5/thumbnails/12.jpg)
Google Hack ( cont’d )
Examples :
![Page 13: Information gath](https://reader034.vdocument.in/reader034/viewer/2022051012/545878f5af795953128b49c5/html5/thumbnails/13.jpg)
Google Hack ( cont’d )
Other Examples :
![Page 14: Information gath](https://reader034.vdocument.in/reader034/viewer/2022051012/545878f5af795953128b49c5/html5/thumbnails/14.jpg)
Google Hack ( cont’d )
Other Examples :
![Page 15: Information gath](https://reader034.vdocument.in/reader034/viewer/2022051012/545878f5af795953128b49c5/html5/thumbnails/15.jpg)
Google Hack ( cont’d )
More Examples :
![Page 16: Information gath](https://reader034.vdocument.in/reader034/viewer/2022051012/545878f5af795953128b49c5/html5/thumbnails/16.jpg)
Netcraft
an Internet monitoring company based on England
Uptimes
OS detection
web server
![Page 17: Information gath](https://reader034.vdocument.in/reader034/viewer/2022051012/545878f5af795953128b49c5/html5/thumbnails/17.jpg)
Netcraft ( cont’d )
![Page 18: Information gath](https://reader034.vdocument.in/reader034/viewer/2022051012/545878f5af795953128b49c5/html5/thumbnails/18.jpg)
Whois
![Page 19: Information gath](https://reader034.vdocument.in/reader034/viewer/2022051012/545878f5af795953128b49c5/html5/thumbnails/19.jpg)
host
![Page 20: Information gath](https://reader034.vdocument.in/reader034/viewer/2022051012/545878f5af795953128b49c5/html5/thumbnails/20.jpg)
dig
![Page 21: Information gath](https://reader034.vdocument.in/reader034/viewer/2022051012/545878f5af795953128b49c5/html5/thumbnails/21.jpg)
REFERENCES
http://www.pentest-standard.org/index.php/PTES_Technical_Guidelines
http://www.metasploit.com/about/penetration-testing-basics/
Metasploit The Penetration Tester’s Guide : David Kennedy , Jim O’Gorman, Devon Kearns, Mati Aharoni
GHDB , http://johnny.ihackstuff.com/ghdb/