Subscribe to Hacking Truths. Now, 14031 members!      RSS Feed Be Our Fan on Facebook Twitter SMS Alerts

Home » Penetration Testing

Gathering Information About Your Victim In Penetration Testing

18 August 2009 One Comment Posted By Amol Wagh
StumbleUpon.com
Share

The very first stage of hacking is PAG i.e Passive Attack Gathering.  In plain English we collect all the information about our victim network or a system for planning the attack. Remember following things are explained for a penetration testing scenario & not for hacking actual hacking.  So don’t misuse this information, team of hacking truths will not be responsible for anything you do with it.

So what type of information we need in Pre attack stage  ?

If you are planning to intruding in some network, you’ll need following information.

What is the primary domain name of that organization who’s network you are testing. This is basically needed in performing a black box & not a white box. Any ethical hacker is hired to test network’s vulnerabilities from outside & he have no idea of the subjected network.

We need these things before attack:

Primary Domain names , their IP addresses

There Name servers (e.g ns1.victim.com, ns2.victim.com & so on..)

Owner of domain names, their addresses & phone numbers.

Then we need to know the basic mail server details (we need to trace route fro that)

Operating systems & arrangement

Basic information about firewalls.

So, we perform some queries from global database of domain names like ‘who is query’ to accomplish our information gathering attack. It is called as passive as we do not directly intrude inside the network & still can access all these data by indirect attacks. So this step is called as passive attack gathering.

Tools to be used for Passive Attack Gathering:

Nslookup : for details of Ip’s & mail servers

Who.is : It is a website gives you all data about domain owner.

Visual lookout: Connection details are shown up

Traceroute: Shows you a results of rout trace query

Neo Trace or Visualtrace: Shows you graphical interface of route tracing

Email Tracker Pro: Its a website you can try for gaining IP addresses from emails.

So this is how information is gathered by passive attack. If you have any questions, please let us know by commenting here.

This post is made by Amol Wagh who blogs about Ethical Hacking & Exploits on Hackers Enigma Dot Com. You can Follow Amol on Twitter Here.

Popularity: 1% [?]


Enjoyed this article? Subscribe to Hacking Truths and get daily updates about new cool websites and programs in your email for free.


One Comment »

  • Mapping The Network Of A Victim Organization | Hacking Truths said:

    [...] hacking thing, as we discussed about how you can get information about your victim with the help of Passive Attack Gathering. Now what you have to do with this information ? The next step is known as Network [...]

    # 2 September 2009 at 11:37 pm

Note : If you have any Query related to the above Article please Post it to the Support Forum.

Leave your response!

Add your comment below, or trackback from your own site. You can also subscribe to these comments via RSS.

Be nice. Keep it clean. Stay on topic. No spam.

You can use these tags:
<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

This is a Gravatar-enabled weblog. To get your own globally-recognized-avatar, please register at Gravatar.