Day 2
BASIC INFORMATION GATHERING
I am sorry if my english not fluently.
The basic rule for learning penetration testing is understanding step by step the pyramid phase :
System undercontroll
Information Gathering
Service Enumeration
Vulnerability Assesment
Exploit
Controlling system
Backdooring
House Kipping
Rootkit
Basic Information Gathering
The ultimate output of this step is a list all information from the system. Information gathering is the process of understanding structure of the target. Information gathering have pasive and active. The pasive infrmation gathering is never touch the live system and active information gathering in the process be in contact with system. In the active information gathering is difference by active and pasive. Pasive example using search engine to get information of target and active example using tools to touch system to get information.
Tool of Information Gathering are :
Active : Nmap, Zenmap, Autoscan, Netifera,.etc.
Pasive : Google, Yahoo, Bing,Shodan,Wireshark.etc
Information Gathering object for web application to learn as much about target, its business, and its organizational structure as we can. The output is a list of DNS domain names, reflecting the entire target, including all brands, divisions and local representations. By footprinting to mine as many DNS host name as posible from the domains collected and translate into ipaddress ranges and than you can verification with DNS ownership and list of ip address range to verify by other means that they are indeed asociated with target. Using tools PING, WHOIS, TRACEROUTE, SEARCH ENGINES, NSLOOKUP and various tools you can get information of target. If we get information output from target in the phase Information gathering lets to the next step phase is for Service Enumeration.
Service Enumeration
What is Service Enumeration?, Service Enumeration is a fancy terms for listing and identifying the specific services and resources that are offered by a target. By starting with a set of parameters like Ip address range, Domain Name Service (DNS) and open port on the system. Goal for service enumeration is a list of services that are known and reachable from the source. With the list of service we can go to deeper scanning, the core of this scaning is penetration testing. Tools for scanning in this phase are : Autoscan, Nmap, Zenmap, Netifera, Wireshark (analysis), scapy, maltego and various Open Source tools for scanning
In the bottom is a litle list for scanning tools :
Nmap.
Scanning system and port / services list of Ip address in the network by using command lines
Nmap -v -n PO -sS -p 1-65535 192.168.56.10/24
|
test1 | |
If you can see the “host down” its means the ip address is not use or a live. Nmap scanning port / services list of Ip address range in the network by showing open port. Looking for above screenshoot it is nice from the Ip address 192.168.0.21 we can get information about open port and services.
Next we try to scanning other ip address in the list, scanning with ip address 192.168.0.91 . Scanning type of packet sent TCP Syn packet, print version number and enable OS detection.
|
testing2 |
Zenmap
Zenmap is another tools for Information Gathering and Service Enumeration with GUI interface, lets to try scanning the target list Ip address in the network.
|
Testing 1 |
Resault of the scanning list Ip address range show in the above, we can known if the Ip address 192.168.0.21 showing information open port / services, Mac Address of machine, device type, OS version, TCP sequence predition, service info, host script result. Lets see more scanning with this tools.
Looks the next scanning screenshoot in the bottom. In the bottom result of opening port, protocol, services and version.
Next, result showing network topology.
In the above is showing host details result of scanning ip address 192.168.0.21 in the network
Autoscan
Auto scan is a one of many kinds tools GUI interface for scanning service enumeration. In this session scanning with same network.
To start using autoscan you must add a netwok what you will be scan. In this session I use local network with subnet mask 255.255.255.0. Connect to the host.
In next picture showing all live Ip address in the network
In this picture above autoscan showing all live ip address in the netwok . To activated intrusion alert mode you can get information if other human (other ip address) try to intrusion your system, look the picture in the bottom, autoscan showing alert notification because human (intruder) try to scanning my ip address, known the ip address intruder is 172.26.227.254 with mac address. Other human with other class of ip address in the network.
The intruder shutdown the system