Gathering Information About Your Victim In Penetration Testing
The very first stage of hacking is PAG i.e Passive Attack Gathering. In plain English we collect all the information about our victim network or a system for planning the attack. Remember following things are explained for a penetration testing scenario & not for hacking actual hacking. So don’t misuse this information, team of hacking truths will not be responsible for anything you do with it.
So what type of information we need in Pre attack stage ?
If you are planning to intruding in some network, you’ll need following information.
What is the primary domain name of that organization who’s network you are testing. This is basically needed in performing a black box & not a white box. Any ethical hacker is hired to test network’s vulnerabilities from outside & he have no idea of the subjected network.
We need these things before attack:
Primary Domain names , their IP addresses
There Name servers (e.g ns1.victim.com, ns2.victim.com & so on..)
Owner of domain names, their addresses & phone numbers.
Then we need to know the basic mail server details (we need to trace route fro that)
Operating systems & arrangement
Basic information about firewalls.
So, we perform some queries from global database of domain names like ‘who is query’ to accomplish our information gathering attack. It is called as passive as we do not directly intrude inside the network & still can access all these data by indirect attacks. So this step is called as passive attack gathering.
Tools to be used for Passive Attack Gathering:
Nslookup : for details of Ip’s & mail servers
Who.is : It is a website gives you all data about domain owner.
Visual lookout: Connection details are shown up
Traceroute: Shows you a results of rout trace query
Neo Trace or Visualtrace: Shows you graphical interface of route tracing
Email Tracker Pro: Its a website you can try for gaining IP addresses from emails.
So this is how information is gathered by passive attack. If you have any questions, please let us know by commenting here.
This post is made by Amol Wagh who blogs about Ethical Hacking & Exploits on Hackers Enigma Dot Com. You can Follow Amol on Twitter Here.
Popularity: 1% [?]
You might be interested in the following Articles
- Mapping The Network Of A Victim Organization
- Hacking With Nmap – The Network Mapping Tool
- Sending messages out over the network
- Best 5 Port Scanners
- Gmail chat tips and tricks round up
- Learn how to send your fake email
- Hacking hotmail passwords on a network
- DNN (DotNetNuke) Hacking
Enjoyed this article? Subscribe to Hacking Truths and get daily updates about new cool websites and programs in your email for free.
[...] hacking thing, as we discussed about how you can get information about your victim with the help of Passive Attack Gathering. Now what you have to do with this information ? The next step is known as Network [...]
[...] thing, as we discussed about how you can get information about your victim with the help of Passive Attack Gathering. Now what you have to do with this information ? The next step is known as Network [...]
hey upload it with snapshot
Note : If you have any Query related to the above Article please Post it to the Support Forum.
Leave your response!
Popular Posts
Follow Me
Free SMS Alerts
For Indian Users
Send START HACKING <cityname> to 575758
* for more info click here
Recent Posts
Most Commented
Categories
Archives
Translator
Introducing Myself
Blogroll