Information gathering

This is our first step. We will dive directly to scanning the victims machine (Metasploitable) running in our vmware player using our attacking machine (Kali Linux) also running in our virtual machine that we both created lately. If you don't know about this please refer to the Getting Started page.

Nmap is a free security scanner built in to Kali Linux. We will use this frequently for scanning.

Ok now, Lets begin:

Fire up your Virtual Machines (Kali and Metasploitable)




Kali Linux running in vmware player



Metasploitable running in vmware issuing command "ifconfig"

In your metasploitable issue the following command to know the ip address

ifconfig
See that inet addr: 192.168.153.130 is address that we need to run the scan.

Now go back to our attacking machine (Kali) and issue the following command:

nmap 192.168.153.130


Just what we are looking for. Whole bunch of services running on open ports. Oh yeah! my hands are getting cold and sweaty.

Lets try to find out more on port 21/tcp which is a ftp service. means File Transfer Protocol, to see if this version is vulnerable. Issue the ff command:

nmap 192.168.153.130 -p 21 -sV
Explanation of the command:

-p 21 means we are only interested in port 21.
-sV to determine the service/version info


See the version of ftp service is vsftpd 2.3.4

Now that we have the information we need, it's time for Exploitation.

+*+*++*+*+*+*+*+*+*+*+*+*+*+*++*+*+*+*+*+*+*++*+*+*+*+*+*+*+*+*+*+*+*+*+

More about information gathering.

Information gathering is the step towards exploitation, it is not just scanning, it involve anything to be done to have more information regarding about your target. It aims in finding the vulnerability of the system to exploit. For example, your target is The example company having their website www.theexample.com. Now what? You might want to scan the site directly but wait, there are many software/hardware that will stand in your way such as Firewall. With a thorough gathering of information, you may find some low lying fruit out there covered by leaves that you can grab so easily, if you know what i'm saying. Think of this scenario, you've found a facebook group by the example company. Members of this group probably an employee of that company. In their profile you found out that name Boy IT is the IT security officer of their company. Then he posted, "going out of town with my family, my apprectice will take over, and he got a little trouble configuring our firewall, I hope it wont back down". Suddenly, a few days later, the apprentice posted, "what the heck, firewall is down, when will be my master be back, I can't get it on". Although this is a little bit impratical scenario. Another one is that, you collect the email addresses of the employees and use SET "Social engineer toolkit" attack for social engineering attack.

Other tools that you can use for information gathering
1. Whois Lookup
2. Netcraft
3. Nessus
4. OpenVAS
5. Maltego


Please post your comment so that I could improve my site.

Thanks

Code_in_the_Shell

No comments:

Post a Comment

Subscribe to: Comments (Atom)

Ubuntu disk usage analyzer

What is a disk usage analyzer? Disk Usage Analyzer is a graphical application to analyse disk usage. Disk Usage Analyzer can easily scan y...