- Extract information about target organization :
1. Internet Protocol (IP) address and IP range assosiated with the target
2. Purpose of organization and why exists
3. Size of organization
4. Class of its IP block
5. People and Contacts at the target
6. Types of Operating system (OS) and network topology in use
7. Type of firewall implemented either hardware or software or combination
8. Type of remoted access used either SSH or VPN
---> Open Source Information Gathering using Windows Command Line utilities
---> Windows Utilities :
1. ping
2. nslookup
3. tracert
---> Gather important information like :
1. IP address
2. Packet frame size
---> Open a command line
# ping -- this command use for help option for ping
# ping www.google.com -- to find host IP address and host is active or not
---> Collecting information about a target website using firebug
We use firefox for getiing information about HTML, Java Script, CSS, etc.
Aim is collecting server side technologies we also find out using Netcraft and Wappalyzer
---> firebug is a tool that get all the information in the above.
Mirroring Website Using HTTrack Web Site Copier
---> Web site mirroring creates a replica of an existing site. It allows you to download
a website to a local directory analyze the all directories. HTML images, flash, videos
and other files from the server on your computer.
---> We have difficult to perform footprinting on live website that's why we use website
mirroring to perform footprinting.
--> Tool : HTTrack
Advanced Network Route Tracing Using Path Analyzer Pro
---> In this we determined network nodes traversed towards the destination and can detect
complete route (path) form source to destination.
--> Path Analyzer Pro -- PApro27.msi
We extract accurate information about a network using Metasploit Framework
--> Firstly Start Postgresql using command
# service postgresql start
--> Open Metasploit console
# msfconsole
--> checking database was initiated or not to enter command
# db_status
--> To initated to database exit the metasploit and restart postgresql service
# msfdb init
--> Then we running the nmap in metasploit type a command and Enter
# nmap -Pn -sS -A -oX Test [ip/subnet]
--> After the scanning Nmap showing the total number of hosts active in subnet
--> Type db_import Test and Press Enter to import the test results.
--> Type hosts in metasploit display the hosts and their details as collected Nmap
--> Let's find service on individual machine showing services running on machine
# db_nmap -sS -A [IP address of machine]
--> Get Service Information of all the active machine in subnet type
# services
--> If we have exploit the machine in particular service or payload then use the module
# use [module name]
--> Now showing the option set Rhost and then exploit when we get a show options required
will be fill up that indicated by 'yes'
--> We gather the all information using various service running on the machine to exploit them.
