Open main menu

CDOT Wiki β

Changes

SEC520/labs/Lab 2

14 bytes removed, 11:18, 31 January 2018
no edit summary
<h2> <span class="mw-headline">Introduction</span></h2>
<dl><dd><ul><li>This lab teaches various methods of <b>gathering information</b> from a <b>targeted computer system</b>. Normally, an individual or a company can be hired to perform <b>Penetration Testing</b> in order to detect weaknesses in an organization's computer system. The first phase (called the <b>"reconnaissance phase"</b>
is considered to be a "harmless activity", where a person can simply gather information to be used later in other aspects of penetration
testing (network <i>scanning</i> and <i>enumeration</i>).
</li></ul>
<table cellpadding="12">
<tbody><tr valign="top">
<td><b>Information Gathering</b></td>
<td><b>Foot-printing</b></td>
</td>
</tr>
</tbody></table>
<p><br>
</p>
the above-mentioned techniques, there are other techniques and tools to
help gather useful server information of a targeted organization.</p>
{{Admon/tip|sensepost.com|This is a website that is dedicated to internet security, and provides a platform to help gather information regarding a server. In fact,
examples from the textbook: <b>Penetration Tester's Open Source Toolkit</b> use examples from this website. We will be using this site for the majority of lab2...}}
<br>
search (i.e total number of links at the top of the search results), and record the total number of links for this type of search in
your lab logbook.</li>
<li>Now, enter the following directive in the Google search box: <b>site:sensepost.com</b><br>{{Admon/important|Enter Site Directive in Google Search Textbox|Don't enter the "site" directive in the URL textbox at the top of the web-browser - enter this directive in the Google SEARCH text; otherwise, the directive will not work. Also make certain remain in the google web-page when performing this operation...}}</li>
<li>You should notice a change in the display of links. How does this
search method differ from the previous search method using only the
just collected during this lab for penetration testing? (Record your
answer in your lab log-book)</li>
<li>Repeat the information-gathering process for the following URL: <b>linux.senecac.on.ca</b> for practice.<br>{{Admon/tip|Gathering Information in your Own Server at Home|Just for Interest, it is not that difficult to obtain SOME information regarding your own computer system at home. First, determine your IP address by using the <b>ifconfig</b> command for Linux, or the <b>ipconfig</b> command in windows. One very quick way to determine your IP Address is to simply type <b>IP Address</b> in the URL Window of your web-browser. Knowing your own IP Address at home is useful during the <b>link analysis</b> and <b>domain name expansion</b> steps in the next task...}}</li>
<li>Proceed to Task #2<br><br></li>
</ol>
categorize relationships between other websites, and the <i>"target"</i> website
called <b>"sensepost.com"</b>. You will be downloading, installing and running
serveral open-source tools (a series of packages packaged as <b>BiLE</b> (which stands for: <i>"Bi-directional Link Extraction"</i> tools) to asssist in obtaining this information.<br><br></p> {{Admon/important|Installing Dependencies for BiLE.pl, BiLE-Weigh.pl|You may need to download the <b>BiLE</b> Utilities, consisting of useful Perl Scripts. Your Kali Linux distribution most likely comes with Perl already loaded. On the other hand, prior to running these Perl Scripts, you may be required to first install the application called <b>HTTrack</b>. You can do this by installing "httrack" via "apt-get" or use a graphical application (such as <b>Synaptic Package Manager</b>)}}
<br /></li>
<li>Issue the command: <b>which httrack</b> to confirm that this dependent application has been installed (refer to warning message above).</li>
target website, as well as the output-file (generated by the BiLE.pl
Perl Script.</li>
<li>Issue the following command: <b> perl BiLE-weigh.pl sensepost.com output.sensepost.com.mine</b> (Assuming BiLE.pl Script and "output.sensepost.com" are contained in the current directory).<br><br> {{Admon/important|Error: Sort: open failed: +1: No such file or directory|If you run the <b>BiLE-Weigh.pl</b> command, and encounter the above error, then make the following editing changes for this script:<br><br><b>change following line:</b><nowiki> 'cat temp | sort -r -t ";" +1 -n &gt; @ARGV[1].sorted';</nowiki><br><br><b>to read:</b><nowiki> `cat temp | sort -r -t ":" -k 2 -n > @ARGV[1].sorted`;</nowiki><br><br>(Note: ` in this case is "Left-Tick" representing command substitution - not to be confused with a single-quote.<br /><br />}}<br><br></li>
<li>View the contents of the file "output.sensepost.com.sorted" in your
current directory. Notice the ranking of the relavance of links
<li> Issue the command: <b>perl tld-expand.pl sensepost.com.domains.txt sensepost.com.domains.variations.txt</b>. What do these variations represent in terms of reconnaissance? Record your finds in your lab log-book.</li>
<li>Proceed to Task #3<br><br></li>
</ol>
<p><b>Answer Task #2 observations / questions in your lab log book.</b>
<h2> <span class="mw-headline">Task #3: Foot-printing</span></h2>
<br>
As opposed to the Information Gathering phase (that collects information such as IP Addresses), the Foot-printing phase tends to gain a “clearer picture” of the structure of the organization's computer system. This can include <b>relationships among servers</b>, as well as noting <b>IP Address ranges</b>.
<br><br>
Footprinting (in simpler terms) means <b>Network Mapping</b>.
You will be using the information collected in Task #1 to assist with obtaining User information in this task.
<br>
{{Admon/important|Install metagoofil program|<br><br> The harvester program is already installed in your Kali system, but you will need to install the program metagoofil. Issue the command (as root):<br><br><b>apt-get install metagoofil</b><br><br>}}<br><br></li> 
<p>
INSTRUCTIONS:
</p><ol>
<li>Issue the command <b>theharvester --help</b>, to learn how to run this script again with the following options:<ul><li>Domain: <b>sensepost.com</b></li><li>Number of limited results: <b>100</b></li><li>Data Source: <b>google</b></li><li>Output filename: <b>~/sensepost.user</b><br><br></li></ul></li>
<li>Record any user information that you consider relevant (for penetration testing) in your lab log-book.</li>
<h2> <span class="mw-headline">Task #5: Verification / The "Tank" Server</span></h2>
<br>
{{Admon/important|Location of dnsmap Utility in Kali Linux|The <b>dnsmap</b> utility is a time-saving method of determining reverse dns lookups in a batch mode involving an input file of collected dns entries.<br><br>This utility is contained in your Kali Linux boot media under the file pathname: <b>/pentest/enumeration/dns/dnsmap</b>}}
<br>
It is important to "double-check" the validity of your collected information - in particular, your IP addresses. If any servers are no longer running, this can waste a tremendous amount of time during the scanning process. Remember: the longer a scan takes to execute, the more vulnerable you are as the penetration tester to detection.
<br><br>