Information gath

  • View
    1.912

  • Download
    0

Embed Size (px)

DESCRIPTION

 

Text of Information gath

  • 1. INFORMATION GATHERING IN A PENTEST By : Syarif @3xu5 Cybercrime Investigation Center Mabes Polri Jakarta, 28 Januari 2012
  • 2. Agenda About Pentest ( Penetration Testing ) Pentest Phase How Important do Information Gathering Passive & Active Information Gathering Google Hack Netcraft Whois host dig
  • 3. About Pentest ( Penetration Testing ) A method to evaluate the security of computer system / network Practice ( attacking ) an IT System like a hacker do Find a security holes ( systemic weaknesses ) By pass security mechanism compromise an Organizations IT System Security Must have a permission from IT System owner ~ The Person is called a Pentester ~
  • 4. Pentest Phase Information Gathering Vulnerability Analysis Exploitation Post Exploitation Reporting
  • 5. How Important do Information Gath. Information Gath. Chance of Successful attack~
  • 6. Passive & Active Information Gathering Passive Information Gathering Active Information Gathering Google Hacking Netcraft Whois Nslookup Port Scanning Service Scanning Nmap Metasploit
  • 7. Google Hack was introduced by Johnny Long based on google basic usage information :http:// www.google.com/help/basics.html! More : http://www.google.com/help/ operators.html
  • 8. Google Hack ( contd ) Google basic search help
  • 9. Google Hack ( contd ) Operators and More Search help
  • 10. Google Hack ( contd ) Examples :
  • 11. Google Hack ( contd ) Examples :
  • 12. Google Hack ( contd ) Examples :
  • 13. Google Hack ( contd ) Other Examples :
  • 14. Google Hack ( contd ) Other Examples :
  • 15. Google Hack ( contd ) More Examples :
  • 16. Netcraft an Internet monitoring company based on England Uptimes OS detection web server
  • 17. Netcraft ( contd )
  • 18. Whois
  • 19. host
  • 20. dig
  • 21. REFERENCES http://www.pentest-standard.org/index.php/ PTES_Technical_Guidelines http://www.metasploit.com/about/penetration- testing-basics/ Metasploit The Penetration Testers Guide : David Kennedy , Jim OGorman, Devon Kearns, Mati Aharoni GHDB , http://johnny.ihackstuff.com/ghdb/

Recommended

View more >