Scribd
Upload
17 views31 pages

OWASP-Modern Information Gathering

Uploaded by

efrinrojava998
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
17 views31 pages

OWASP-Modern Information Gathering

Uploaded by

efrinrojava998
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 31

Modern information

gathering

Onderwerp: Modern Information Gathering


Datum: 26-JUN-2012
Aanwezigen: OWASP
Classificatie: Public
Who Am I

Dave van Stein

38 years

Tester > 11 years

(Application) Security Testing

“Certified Ethical Hacker”


Agenda

Goal of the presentation


What is Information Gathering ?
Domain scanning
Search engine ‘abuse’
Other tools
Some Social Engineering
Remedies
Conclusions
Goal of this presentation

Give insight in amount of information anonymously available on internet


about your system (and users)

Give insight in the amount and possibilities of tools freely available

Identify entrypoint
Gain access
Secure access
Do stuff
Clear up the mess
Come back another time

(simplified procedure)
‘Classic’ Domain Scanning

Steps involved:
Get network information with ping and traceroute
Get DNS information with WHOIS and LOOKUP
Do DNS zone transfer for subdomains
Download website for extra info
Scan servers

Problems:
DNS zone transfers often not authorized
Active connection with target => detectable
Modern Information Gathering

Interesting information:
Domains and subdomains
IP adresses
Applications and technologies
Hotspots (known vulnerabilities)
Usernames and passwords
Sensitive information

Passive
As little contact as possible with target
No direct scanning, no intrusion
No logging and no alarm triggering !
Sources of information

Public records WHOIS: information about owner


DNS : information about IP adresses

Search engines Often little restrictions on websites


Cache all information gathered
Tweaking provides additional information

Various websites Anonymous


Combine above techniques
Sort results for nice presentation

Advanced and Automated Specialized (offline) Tools


scanning
Shodanhq.com

Shodan
IP adresses
Server banner
X-Powered-by banner
Cookies

Search filters
City, Country, Geo
Hostname, ip address / net block
Os, port
date (before / after)
ssl cert version, bits, issuer
ssl cipher support, bit support , protocol
ServerSniff.net

Server Sniff
NS reports
Domain reports
Subdomains
Various (trace)routes
Various ping types
Shows robots.txt
Anonymous !
Domain Scanning: Server Sniff
Robtex.com
Domain Scanning: Robtex

Domain ‘Swiss Army Knife’


Provides ALL information linked to a domain
Domain scanning: Robtex
Google Advanced search

filetype: (or ext:)


Find documents of the specified type.
E.g. PDF, XLS, DOC

intext:
The terms must appear in the text of the page.

intitle:
The terms must appear in the title of the page.

inurl:
The terms must appear in the URL of the page.
Google Hacking Database

www.johnny.ihackstuff.com
(edit: http://johnny.ihackstuff.com/ghdb.php)

Collection of queries for


finding ‘interesting’ stuff

No longer updated

Possible results of GHD:


Identify systems in use (including version)
Identify known exploits
Locations of sensitive information
User-id’s & passwords
Logging files
Many other things
The NEW and IMPROVED GHDB
Bing.com

Finds subdomains with ‘IP:x.x.x.x’


Baidu

inurl:
intitle:
site:
Example
SearchDiggity
Stach & Liu
SEO Tools
Domain Scanning ‘on-the-fly’

Passive Recon (Firefox add-on)


FOCA
Maltego

Intelligence and forensics tool

Connects many different sources of info


Represents in graphical way
Very extensive capabilities
Maltego

Can also be used for social engineering


- Facebook & twitter
- Email adresses
- Phone numbers
- etc
theHarvester
Conclusions

What search engines see, hackers can abuse

Anonymous, online and offline, Highly automated

Many tools are freely available

Networks can be mapped with much detail in minutes

Much information about your company, systems and users


available on internet
Remedies (1/2)

Limit access
• Allow search engines only to see what they need to see.
• Make sure unauthorized users are not able to look into or even see files
they do not need to see.
• Force possible intruders to use methods that can be scanned and
monitored.

Use the tools of hackers


• Scan your systems with the tools hackers use and check the information
that is found.
• Scan for error messages and other things that reveal information about
the system and services and remove them.

Check what spiders can see


• Use a spider simulator to check what spiders can see and if your
application still functions correctly.
Remedies (2/2)

Awareness
• Be aware of all possible sources of information. Create awareness
among employees. Assume all information will possibly abused

Clean documents
• Remove al metadata from documents before publishing.

Audit frequently
• Keep your knowledge up-to-date and scan regularly for
information that can be found about your systems or hire
professionals do to it for you.
Interesting books on the subject

You might also like

pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy