Information Gathering for a successful Hack

nmap for port scanning

The very first step of a successful hack is Enumeration. Enumeration, alias Reconnaissance is an information gathering process. Its also know as foot printing. As the saying goes ' Information is Power', the more information we can gather, the more there is a chance of a successful attack. Information can be anything about the system and related entities. Methods can be various, that can help us get information about the system or the person or the organisation.

There are several methods of information gathering some of them are discussed as follows. 

DNS Enumeration is done to find out information about target system/website. This helps us finding out the emails, usernames, ip address, computer names about the system. For this we can use tools like nslookup, whois lookup, dig, traceroute. These will help us find information about the ip address about the system and which will disclose even more information about the system like open ports, operating system, running services, etc.
traceroute

These days social engineering has become a great tool of information gathering. And of course social networks like Facebook, Foursquare, Twitter, Identica are full of information about our target. Targets website and blogs add additional information for us. Also, search engines like Google,Bing have been great source of information. Dumpster [looking for information in waste reports, papers of the target organization] diving has been great too.

Further more information gathering can be done by active and passive scanning of the target systems. Port scanning is a method of finding out systems that are running. Nmap / Zenmap have been very useful in port scanning.

Sniffing does help know more information about the system. Tools like wireshark, ettercap can capture traffics and manipulate the data. Data being transmitted over wire can be seen using sniffer tools.

We will be discussing on how to use these tools in coming posts. But for now, just know that, the more information about the target the more is the chance of hacking the system. So it has been very important step for hackers to find out as much information as possible about the system to be compromised. All ways 'remember information is power'

Comments

Post a Comment

Popular posts from this blog

Automate file upload in Selenium IDE

Image
Selenium IDE is an integrated development environment for Selenium tests. It records your interactions with websites to help you generate and maintain site automation, tests, and remove the need to manually step through repetitive tasks. Selenium IDE can be installed in Google Chrome from  here . For Firefox visit this  link . File upload in Selenium IDE cannot be automated simply by recording from the IDE. Because when we select the file input field, the dialog that opens up is a system window which cannot be controlled by Selenium IDE. Therefore, clicking the input file field to select a file will not work. Also the selected file path is changed to C:\fakepath\filename.extension. So to fix this issue, we need to configure the browser to support file upload and then instead of clicking the input field we set the file using ‘type’ selenium command which is shown below. First, to support file upload in Selenium IDE, configure your browser to support file upload: Visit ‘chrome://
Read more

How To Install and Configure Nextcloud

Image
  Original post: https://www.digitalocean.com/community/tutorials/how-to-install-and-configure-nextcloud-on-ubuntu-20-04 Step 1 – Installing Nextcloud We will be installing Nextcloud using the  Snap  packaging system. This packaging system, available on Ubuntu 20.04 by default, allows organizations to ship software, along with all associated dependencies and configuration, in a self-contained unit with automatic updates. This means that instead of installing and configuring a web and database server and then configuring the Nextcloud app to run on it, we can install the  snap  package which handles the underlying systems automatically. To download the Nextcloud snap package and install it on the system, type: sudo snap install nextcloud Copy The Nextcloud package will be downloaded and installed on your server. You can confirm that the installation process was successful by listing the changes associated with the snap: snap changes nextcloud Copy Output ID Status Spawn
Read more