Scribd Logo
Upload

Welcome to Scribd!

  • 30 views

    Practicals 1

    Uploaded by

    Tarik Ameziane
    This document provides instructions for using various open-source tools and web services to gather information that could aid in targeting an organization. The key steps include: 1. Using DNS enumeration tools like dnsenum and dig to identify DNS records like mail servers, subdomains, and zone transfers. 2. Using metadata extraction tools like exiftool and strings on files from the target to find personally identifiable information like user names, email addresses, and internal details. 3. Leveraging automated tools like Shodan, Spiderfoot, and IPNeighbour to discover services, subdomains, geolocation and other technical details about domains and IP addresses. 4. Employing domain enumeration via the Recon-

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd

    Practicals 1

    Uploaded by

    Tarik Ameziane
    30 views2 pages
    This document provides instructions for using various open-source tools and web services to gather information that could aid in targeting an organization. The key steps include: 1. Using DNS enumeration tools like dnsenum and dig to identify DNS records like mail servers, subdomains, and zone transfers. 2. Using metadata extraction tools like exiftool and strings on files from the target to find personally identifiable information like user names, email addresses, and internal details. 3. Leveraging automated tools like Shodan, Spiderfoot, and IPNeighbour to discover services, subdomains, geolocation and other technical details about domains and IP addresses. 4. Employing domain enumeration via the Recon-

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    This document provides instructions for using various open-source tools and web services to gather information that could aid in targeting an organization. The key steps include: 1. Using DNS enumeration tools like dnsenum and dig to identify DNS records like mail servers, subdomains, and zone transfers. 2. Using metadata extraction tools like exiftool and strings on files from the target to find personally identifiable information like user names, email addresses, and internal details. 3. Leveraging automated tools like Shodan, Spiderfoot, and IPNeighbour to discover services, subdomains, geolocation and other technical details about domains and IP addresses. 4. Employing domain enumeration via the Recon-

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Download as pdf or txt
    30 views2 pages

    Practicals 1

    Uploaded by

    Tarik Ameziane
    This document provides instructions for using various open-source tools and web services to gather information that could aid in targeting an organization. The key steps include: 1. Using DNS enumeration tools like dnsenum and dig to identify DNS records like mail servers, subdomains, and zone transfers. 2. Using metadata extraction tools like exiftool and strings on files from the target to find personally identifiable information like user names, email addresses, and internal details. 3. Leveraging automated tools like Shodan, Spiderfoot, and IPNeighbour to discover services, subdomains, geolocation and other technical details about domains and IP addresses. 4. Employing domain enumeration via the Recon-

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Download as pdf or txt
    of 2

    PRACTICAL DAY 1 - Using Kali, free tools and web services for footprinting

    1. DNS HARVESTING:
    Execute the following command and observe the output. What useful informations can you find that can be used
    for attack? NOTE: For this practical we will be using zonetransfer.me, which is intentionally made for pen test learning

    a) DNS Enumeration
    dnsenum zonetransfer.me
    b) Zone transfer:
    dig axfr @nsztm1.digi.ninja zonetransfer.me

    2. Metadata Extraction

    In this lab we will learn how to find valuable data for structuring our attack in documents belonging to
    the target company. The files you will examine in this lab are:

    WidgetStatisticalAnalysis.xls

    WidgetStatisticalWhitepaper.doc

    WidgetStatisticalWhitepaper.pdf

    You can use any tools you want but all you really need is exiftool and strings (if some of these are not
    installed please install first).

    ExifTool syntax:

    exiftool filename

    To run strings:

    strings filename

    Try this for each of the files, and answers the following questions:

    a) What is the full name of user Bob? What is Bob’s nickname?


    b) What is Bob’s email address?
    c) What Personally Identifiable Information is located in the spreadsheet (.xls) file?
    d) What information is associated with the organization’s firewall ruleset?
    e) Look through the files to find all file system paths and URLs.

    3. Automated Tools and Services for Data Collection


    a) Go to shodan.com and create an account. Research inpt.ac.ma domain. What useful
    information can you see? Explore Shodan to learn more about its capabilities
    b) In your Kali please start Spiderfoot tool. Research inpt.ac.ma domain. What useful
    information can you see? Put all informations you believe can be used for the attack in a
    separate file! You can start the software with:
    spiderfoot -l 127.0.0.1:8000 (you can use any port that you choose)
    c) Go to www.ipneighbour.com and do a query on 3 domains of your choice. What data did we
    saw here?

    4. RECON-NG for Domain enumeration

    We will use Bing Web hostname enumerator module and try to find additional subdomains on the
    https://www.facebook.com/ website:
    a) Load the module:
    • recon/domainshosts/bing_domain_web
    • show info c (displays the information about the module)
    b) Set the target and execute (you can also use some of the domains identified in the previous
    practical)
    • load recon/domains-hosts/bing_domain_web
    • run

    5. Execute the command below using nmap. Check the output and assess the relevance to a
    potential penetration test.
    nmap --script dns-brute --script-args dns-brute.domain=inpt.ac.ma

    6. Go to https://centralops.net/co/ and enter a domain of your choice. Use all available options and
    let centralops do the scaning for you. Observe the output and analyze it.
    7.

    8. Search GitHub for MegaCorpOne account. Within this account let us try and find some sensitive
    information. Search for any files with the word “users” in the name: filename:users

    Try similar searches across entire GitHub (note, you will need to register and login)

    You might also like

    pFad - Phonifier reborn

    Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

    Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


    Alternative Proxies:

    Alternative Proxy

    pFad Proxy

    pFad v3 Proxy

    pFad v4 Proxy