Hello friends
I am Alpha_Cyb3r, am a hacker and In this tutorial we will understand and discuss what the purpose of Information Gathering is,
before starting to pentest or attack our Website.
First I will like to use a simple ideology to give an idea why information gathering is important
” now, let’s say you asked to rob a bank. You can’t just carry a gun and walk into the bank (well, you
could but a smart robber won’t do that because you will definitely get caught). ”
<!– just an example –>
So, what I am trying to imply is that you need to gather enough information about your target before
any thing else. This is actually the easiest and fun part, also known as reconnaissance.
Advantages of Information gathering / reconnaissance
* it gives us the idea of the right exploit to use
* it just shows the sign of how successful how attack will be
* the information we gather can also be use in the advanced exploitation section to populate password list
So this is why Information Gathering is the first phase of Penetration testing.
Now arises the question: what information are we going to collect and where are we going to get that information from?
Well, I will tell and show you both of these, step by step, in the next tutorials of Information Gathering.
So what information are we looking for ?? @Alpha_Cyb3r
IP Addresses:
Basically ” internet protocol addresses” are unique numbers assigned to you computer while connected to the internet
“you can say you identity number”. There are two types dynamic or static; we will mostly see “static”.
Also: “actually IP address is the real address behind any domain name which are resolved by the nameservers.”
Web Servers:
This is basically an application which is running over an operating system and serves to the web requests coming to the system.
This is the application that opens port 80 on our system. It always other people on the internet to request a page that we have
on our system. Examples of this application are: apache, iis, tomcat ..etc..
Many times you can get Exploits related to a webserver and find a way into the system using that exploit.
Operating Systems:
Of course you are not expecting me to tell you REALLY ?? Well, if you don’t know just ….. hmm. This is just the windows xp 7,8,10, linux, and mac. This is what makes our computer useful; Without them we cant run things like applications,browsers, etc. In short, we can’t use our computer without an OS.
Login Pages:
Well this is great this is just like you just found the door to the bank. This could be an admin or users login page. Now, we could break this later in our pentest.
Sub Domains:
Subdomains are domains maintained under a domain. For example, google.com is a domain name then mail.google.com is a subdomain inside it.
We need to collect all available sub domains for a website. In many cases you may find hidden or private domains where they are maintaining
something private and such applications are usually left vulnerable and exposed because of the assumption that no one can reach them.
Web Application tech stack enumeration :
At times we are targetting a public Web Application like wordpress, joomla and many others.
We also need to get all the information about the web Application tech stack so we can find any known Vulnerability
for that particular Version.
Reverse Domain:
At times you might not find vulnerability in the target web application. Now if they have out website than as the same web server, we could
do reverse domain lookup to find other sites and we might be able to pass through any of those to access the web server and make your way
toward the target “if it is in the scope of your testing”.
Conclusion: now you should have a general idea what information gathering is and “why”. Now you are ready for the next tutorial. Notice
that this is just the common thing to find. Of course you are not limited to the above. You can explore/research for more information, and also guys, make sure to check my blog for more information.
Comments
Post a Comment