make cash

Information Gathering and Scanning



 ©                Why Information gathering?

• Information Gathering can reveal online footprints of criminal.

• Information Gathering can help investigator to profile criminals.

 ©                Information gathering of websites

We need to gather the following information about the website :

·         Whois Information
·         Owner of website.
·         Email id used to register domain.
·         Domain registrar.
·         Domain name server information.
·         Releted websites.

We can use website www.domaintools.com for this puropse.

 ©             Whois

Whois is query to database to get following information :

·         Owner of website.
·         Email id used to register domain.
·         Domain registrar.
·         Domain name server information.
·         Releted websites.



 ©                Reverse IP mapping

·         Reverse IP will give number of websites hosted on same server.

·         If one website is vulnerable on the server then hacker can easily root the server.

·         Domainbyip.com
·         Hacking For Beginne n g t e c h
• Trace Route







©             Information Gathering Using Search Engine

• Search engines are efficient mediums to get specific results according to your requirements.

• Google & yahoo search engine gives best results out of all.

• But Specifically using www.kartoo.com will give us good information about the search.


• This type of search engines retrieves results from different search engine & make relation or connections between those results.




• Maltego is an open source intelligence and forensics application.

• It allows for the mining and gathering of information as well as the representation of this information in a meaningful way.

• Coupled with its graphing libraries, Maltego, allows you to identify key relationships between information and identify previously unknown relationships between them.



• Almost 80% internet users use blogs/forums for knowledge sharing purpose.

• Information gathering from specific blog will also helpful in investigations.

• Information gathering from Social Networking websites can also reveal personal info about suspect.

• Many websites stored email id lists for newsletters. These email ids can also be retrieved using email spiders.









©            Detecting ‘live’ systems on target network

Ø  Why Detecting ‘live’ systems on tagret network ?

·         To determine the perimeter of the target network /system
·         To facilitate network mapping
·         To build an inventory of accessible systems on target network
·         Tools used for this :

o   War Dialers
o   Ping Utilities


©            War Dialers

·         A war dialer is a tool used to scan a large pool of telephone numbers to detect vulnerable modems to provide access to the system.

·         A demon dialer is a tool used to monitor a specific phone number and target its modem to gain access to the system.

·         Threat is high in systems with poorly configured remote access products providing entry to larger networks.

·         Tools include THC-Scan, ToneLoc, TBA etc.

The term war dialing implies the exploitation of an organization's telephone, dial, and private branch exchange (PBX) systems to infiltrate the internal network and use of computing resources during the actual attack. It may be surprising why we are discussing war dialing here as more PBX systems are coming with increased security configurations. However, the fact remains that there are as many insecure modems out there that can be compromised to gain access into the target system. What had initially caught the fancy of hackers in the movie 'war games', still manages to find carriers leading to compromise of systems. The war dialer in War Games is not very sophisticated as it only finds phone numbers which are suspected to be computer dial-in lines. A more aggressive version might actually attempt to determine the
operating system, and a very aggressive version might attempt to perform some automated break -in attempts itself. If A real scanner with this functionality will attempt to analyze the carrier information, the negotiation and presence of protocols and/or banners to attempt to determine the remote system. It will then attempt to use default username/password combinations for that system.



Share this article :

0 comments:

Post a Comment



 
Support : Bizwebs India | Premium Hosting Solutions | Get Everything About Your City
Copyright © 2010-13. TP's Hack World - All Rights Reserved
Template Created by Tushar Patel Modified by Bizwebs India
DMCA.com
Loading