Information Gathering and DNS Analysis For Web Applications

Day 2 Information Gathering For WebApp

DNS ANALYSIS 

Target :

is2c-dojo.com

is2c-dojo.net

spentera.com

1. Testing for www.is2c-dojo.net

Using ping to known the Ip Addreess for this site.

Using NSLOOKUP to known server address

Using APNIC

APNIC (Asia Pacific Network Information Centre) You can known RIR (Regional Internet Registry) from the target.

In the pictures showing completely information of this target.

dnsenum

Apps -> Information Gatherin ->  Network Analysis -> DNS Analysis -> dnsenum

By the picture you can see list of command for using dnsenum,

Test with comand ./dnsenum.pl is2c-dojo.net  not more information we can get with the command. Lets use other command line.

Not more information we known.

dnsmap

Apps -> Information Gatherin ->  Network Analysis -> DNS Analysis -> dnsmap

dnstuff

By using dnstuff in the web, the lack of stadards and centralization among WHOIS services further limits its usefulness.

Known information from this website tool we can get information like using WHOIS in the konsole but the dnsstuff showing map of the target registered.

2. Testing Target www.is2c-dojo.com

First step with ping and traceroute 

Ok, we can known the Ip Address target, in the next step scanning using dnstracer.

dnstracer

Apps -> Information Gatherin ->  Network Analysis -> DNS Analysis -> dnsmap

dnstracer comand :

Lets see by scanning the target we known information domain and subdomain trees with ip range for this target registered.

In the picture above i try to get more information for ns2.partnerit.us but i can't tracing this target.

3. Testing Target spentera.com with lbd

Ping and traceroute the target to known the ip address for target.

In this session trying to use lbd other open source tools in the Backtrack 5

lbd is use to cek of load DNS Loadballancing and HTTP-Loadbalancing but its not a good reason what i means, the DNS loadballancing not found for target.

Information Gathering Using Nmap, Autoscan, Zenmap

Day 2 

BASIC INFORMATION GATHERING 

I am sorry if my english not fluently.

The basic rule for learning penetration testing is understanding step by step the pyramid phase :

1. System undercontroll

• Information Gathering
• Service Enumeration
• Vulnerability Assesment
• Exploit

2. Controlling system

• Backdooring
• House Kipping
• Rootkit

Basic Information Gathering

The ultimate output of this step is a list all information from the system. Information gathering is the process of understanding structure of the target. Information gathering have pasive and active. The pasive infrmation gathering is never touch the live system and active information gathering in the process be in contact with system. In the active information gathering is difference by active and pasive. Pasive example using search engine to get information of target and active example using tools to touch system to get information.

Tool of Information Gathering are :

1. Active : Nmap, Zenmap, Autoscan, Netifera,.etc.
2. Pasive : Google, Yahoo, Bing,Shodan,Wireshark.etc

Information Gathering object for web application to learn as much about target, its business, and its organizational structure as we can. The output is a list of DNS domain names, reflecting the entire target, including all brands, divisions and local representations. By footprinting to mine as many DNS host name as posible from the domains collected and translate into ipaddress ranges and than you can verification with DNS ownership and list of ip address range to verify by other means that they are indeed asociated with target. Using tools PING, WHOIS, TRACEROUTE, SEARCH ENGINES, NSLOOKUP and various tools you can get information of target. If we get information output from target in the phase Information gathering lets to the next step phase is for Service Enumeration.

Service Enumeration

What is Service Enumeration?, Service Enumeration is a fancy terms for listing and identifying the specific services and resources that are offered by a target. By starting with a set of parameters like Ip address range, Domain Name Service (DNS) and open port on the system. Goal for service enumeration is a list of services that are known and reachable from the source. With the list of service we can go to deeper scanning, the core of this scaning is penetration testing. Tools for scanning in this phase are : Autoscan, Nmap, Zenmap, Netifera, Wireshark (analysis), scapy, maltego and various Open Source tools for scanning

In the bottom is a litle list for scanning tools :

Nmap.

Scanning system and port / services list of Ip address in the network by using command lines

Nmap -v -n PO -sS -p 1-65535 192.168.56.10/24

test1

 

If you can see the “host down” its means the ip address is not use or a live. Nmap scanning port / services list of Ip address range in the network by showing open port. Looking for above screenshoot it is nice from the Ip address 192.168.0.21 we can get information about open port and services.

Next we try to scanning other ip address in the list, scanning with ip address 192.168.0.91 . Scanning type of packet sent TCP Syn packet, print version number and enable OS detection.

testing2

 

Zenmap

Zenmap is another tools for Information Gathering and Service Enumeration with GUI interface, lets to try scanning the target list Ip address in the network. 

Testing 1

 

Resault of the scanning list Ip address range show in the above, we can known if the Ip address 192.168.0.21 showing information open port / services, Mac Address of machine, device type, OS version, TCP sequence predition, service info, host script result. Lets see more scanning with this tools.

Looks the next scanning screenshoot in the bottom. In the bottom result of opening port, protocol, services and version.

Next, result showing network topology.

Hosts viewer

In the above is showing host details result of scanning ip address 192.168.0.21 in the network 

Autoscan

Auto scan is a one of many kinds tools GUI interface for scanning service enumeration. In this session scanning with same network.

 

To start using autoscan you must add a netwok what you will be scan. In this session I use local network with subnet mask 255.255.255.0. Connect to the host.

In next picture showing all live Ip address in the network

In this picture above autoscan showing all live ip address in the netwok . To activated intrusion alert mode you can get information if other human (other ip address) try to intrusion your system, look the picture in the bottom, autoscan showing alert notification because human (intruder) try to scanning my ip address, known the ip address intruder is 172.26.227.254 with mac address. Other human with other class of ip address in the network.

The intruder shutdown the system

Indonesian Cyber ​​Crimes

There is Cyber Crimes in Indonesia :

• Cyber ​​crimes, the first time in 1986 her case "COMPUTER CRIME Unauthorized TRANSFER" in BNI 1946 BANK FUND NEW YORK AGENCY. (1986). This initial begins the meeting between Seno Adjie, RUDY DEMSY, Malik ELDY, AND ABDUL MALIK DARPI at a hotel in Jakarta. The essence of the conversation the four of them are plans to run a "big business" that requires a high cost. Rudy Demsy before resigning, as employee bank BNI 46 New York Agency, served as the local staff with the task of computer data compilation Demsy Besides, Rudy is also holding the "User ID" and "Enter Password". On December 31, 1986, Seno Adjie accompanied by his friend to pick up Rudy Demsy by bringing a set of PC go to "Best Western hotel queens long island express way" New York. there they started the action by transferring funds from new york BNI 46 branches to another bank account that already in sight. His next, on 2 January 1987, officers of the office of deputy security manager jakarta BNI 46 (Bambang Wresniwiro) received reports from the computer of debiting the account of BNI's New York office of $ 9,199,000.00. conducted research on the report, because both banks and JS Satoto leadership (which, after holding the password in NY ny sono) was never released the money for the 9 million dollars. Well from the research results in the conclusion of what has been called "Unauthorized Transfer" (nga legitimate transfer) funds belonging to BNI 46 new york through the "Electronic Transfer Payment". After learning these circumstances, the bank took steps BNI 46 rescue fund by way of: "Stop payment and retour" in the intermediary banks / bank purposes. Quote this effort was successful, except in the Banco de Occidente (Panama). where the cost of BNI should pay for the cancellation of "Forward Contract" of foreign currency in Switzerland is closed by its owners. Installment of $ 10,734.54 be paid directly at the cut by the Bank concerned at the time those funds retour je BNI 46 branches in New York.
•  Auction Yahoo Fraud, Seller register yahoo auction using credit card other person. and then he sold fraud from he sell. Buyer transfering money but the seller do not delivery what him sell.
• Fraud online stock. Company stock increase without sufficient supporting information. the risk of no real value is close to the price of these shares, the loss entire amount of investment with little or no opportunity to recoup the happen.
• Fraud online marketing (Multi Level Marketing) seeking the advantages of recruiting members, sell products or services are fictitious.
• Carding or Credit card Fraud. By using account credit card other persons and then he buying many items like this cars, apartement or etc. Victim get mysterious incurred on credit card bill for products or services.(Bandung)
• Deffacing homepage government Polri and KPU. Hacker deffacing home page or website with threat to government.
• Uploading the manipulation Indonesian artist picture Sandra Dewi. The original picture Sandra Dewi using full dress and the manipulation picture Sandra Dewi looks like the Porn artist star.
• Uploading the porn video Ariel peterpan - Luna Maya - Cut Tari (Indonesian artist) and porn video DPR staff with singer Indonesian dangdut. 
• In the year 2012 uploading porn video Zumi Zola
• Rob data from company because of  business competition (Solo)
• Rob the premium pulse telecomunication
• In the Yogyakarta web sales marketing fraud, she offer web application for company, company buy this service but the company do not get the services.
• Denial Distribute Of Service by human to company or internet cafe in Yogyakarta.
• Online gambling in Semarang

SET UP VIRTUAL PENETRATION TESTING LAB

1st Day, Lessons 1

Today, start to learning Information security but I don't have access to a live test environment or can't find system to run penetration tests against. Choosing virtual lab with virtual box its a good idea. It is a network diagram before setting up penetration lab.

Host   
192.168.56.1
255.255.255.0
    |
    |---------------> XP (Guest) 192.168.56.2 / 255.255.255.0
    |
    |---------------> Ubuntu (Guest) 192.168.56.9 / 255.255.255.0


These step to set up virtualbox :

1.  Add new machine for Windows XP and Ubuntu
2. Install Microsoft Windows XP or Ubuntu in the virtualbox
3. Open the network editor and than add host-only network.
4. Open the setting, change the network for adapter1 to enable network adapter, attached to host-only Adapter in the name of vboxnet0.
5. Set up ip address  For Windows : righ click My Network Places – Properties – Network Connections – Local Area Connections – Properties – Internet Protocol (TCP/IP) – Use The Following Ip Address and fill in the textbox with Ip Address and subnet mask.
   For Linux : you can write in the console example : ifconfig eth0 192.168.56.2/24
6. Test the host to guest and guest to host with ping, if you can see reply or live other ethernet, your network is runing.

Why use host only adapter?

By using this type of adapter, you’ll be able to access a private, virtual network consisting solely of your host and any guests. Any of the member machines can access each other, but nothing outside of this self-contained “network in a box” can get in. 

Lets see this screenshoot, the network is runing (host - guest xp)

host guest xp

 And than see hos to guest (ubuntu)

Host guest ubuntu