Information gathering is the process of collecting the information from different places about any individual company, organization, server, IP address or person.
Information gathering is the first step of hacking and most of the time of hacker spend his time in this process. 90% of time of a hacker spend in information gathering.
Information gathering plays a very vital role for both investigating and attacking purposes.
Basic Civil Engineering first year Notes- Chapter 4 Building.pptx
Information gathering
1.
2. ./whoami
0 If You want to Hack some one First Hack Your self.
0 I am NOT a Hacker Just Learner as Security analyst.
3. Information Gathering
0 “If you know the enemy and know yourself you need
not fear the results of a hundred battles”
4. Session Flow
0 Information Gathering- Definition
0 Initial Info gathering of websites.
0 IP range Lookup
0 DNS information gathering.
0 Web Hosting info gathering.
0 Understanding hosting control Panels.
0 Subdomains.
0 Whois information.
5. Session Flow
0 Info Gathering using blogs & forums.
0 Info Gathering using search Engine
0 Info Gathering using Meta tags & Words.
0 People Search.
0 Info gathering using job portal websites.
6. What is Information
Gathering?
0 Information gathering is the process of collecting the
information from different places about any individual
company, organization, server, IP address or person.
0 Information gathering is the first step of hacking and most
of the time of hacker spend his time in this process. 90% of
time of a hacker spend in information gathering.
0 Information gathering plays a very vital role for both
investigating and attacking purposes.
7. Attacker’s Point of View
0 Attacker will first gather information like domain name, IP
address, IP range, operating system, services, control
panel, vulnerable services etc and later on exploit it.
0 Attackers use tools and social engineering to gather
information.
0 For attacking an individual person he will find his name,
address, date of birth, phone no and his personal
information and then use that information for attacking
that person.
8. Investigator’s Point of View
0 As an investigator information gathering is powerful
tool used in investigation.
0 Investigator will gather information like traces of
criminal, name, address, contact no, company
information etc before taking any legal action.
0 Investigators use tools and social networking sites to
gather information about criminal.
9. Whois
0 Whois is query to database to get following
information.
1. Owner of website.
2. Email id used to register domain.
3. Domain registrar.
4. Domain name server information.
5. Related websites
12. Reverse IP mapping
0 Reverse IP will give number of websites hosted on same
server.
0 If one website is vulnerable on the server then hacker
can easily root the server.
13. Trace Route
0 Trace route gives useful information regarding number of
servers between your computers & remote computers.
0 Useful for investigation as well as different attacks.
0 Visualroute, Neotrace.
15. Info. Gathering using Search
Engine
0 Search engines are efficient mediums to get specific
results according to your requirements.
0 Google, yahoo, bing etc..
0 search engine gives best results out of all.
16. Info Gathering Using Search
Engine
0 Maltego is an open source intelligence and forensics
application.
0 It allows for the mining and gathering of information as
well as the representation of this information in a
meaningful way.
0 Coupled with its graphing libraries, Maltego, allows you to
identify key relationships between information and
identify previously unknown relationships between them.
18. Information gathering using
forum/blogs
• Almost 80% internet users use blogs/forums for
knowledge sharing purpose.
• Information gathering from specific blog will also helpful
in investigations.
24. Information gathering using ESpiders
0 Email Spiders are automated soft wares which
captures email ids using spiders & store them on the
database. Spammers are using email spiders to collect
thousand emails for spamming purposes.
25.
26. Monitoring Targets Using
Google Alerts
0 Google Alerts is a content monitoring service that
automatically notifies users when new content from
news, web, blogs, video and/or discussion groups
matches a set of search terms selected by the & stored
by the Google Alerts Service.
0 Google Alerts help in monitoring a developing news
story & keeping current on a competitor or industry.
29. !! For Regarding any question contact me !!
http://www.maulikkotak.webnode.com
http://www.facebook.com/maulikkotakstar
http://www.twitter.com/maulikkotakstar