Active Information Gathering

By


Active Information gathering

Viraj Dissanayake

  • The way of using the nmap, thehavester, dnsenum security tool packages
have been demonstrated in the lab session.


  1. Nmap(Network mapper) – A security scanner which use to discover hosts &
services on a network
  1. Netcat – A network analysis tool which use to open up TCP and UDP
connections between two hosts
  1. Thehavester – use to gather emails, subdomains, hosts, open ports details
  2. dnsenum – use to enumerate DNS information of a domain and to discover
non-contiguous IP blocks
  • Methodology


  • To represent two hosts, two virtual machines has been used which were
installed in the same pc/laptop. in this lab session.
  • Step 1 –  Establishing the connection between the two hosts
  • Step 2 -  Then used each of those mentioned packages for active
information gathering


1 – nmap 192.168.56.99/24 – this command scans a subnet

The results show that there are 12 open ports available in different services
2 – nmap 192.168.56.99-120 – This command scans a range of IPs.
3 – nmap –p 80 192.168.56.99 – Scans a single port
Displays the status of the port that has been scanned
4 – nmap –sS 192.168.56.99   (TCP SYN scan) – Determine whether the port is listening using the technique
called half-open scanning. Privilege level access will be needed to run this command.
If the privileges are not sufficient nmap –sT command can be used.
  
Difference of nmap –sS and nmap –sT
                      namp –sS                                                                                         nmap –sT
  • need privilege access                                                                            doesn’t need privilege access
  • doesn’t establish full TCP connection                                                need to establish full TCP connection
  • faster scans                                                                                             slower than SYN scans


5 – nmap –O 192.168.56.99 – use to detect the operating system of the target host
The scan results show that the target device use Windows 2000 server
6 – nmap –sV 192.168.56.99 – Use to scan for running services. This is equivalent to namp -A
Scan results display the running services and the version details
7 – nmap –sU 192.168.56.99 – use to perform UDP scans.
Scan results displays the UDP ports which are in open or filtered state
8 – nc –h – Use to display the netcat manual
9 – nc 192.168.56.99 80 – Use to connect to a web server on port 80
     This establish a TCP connection
10 – nc –l –p 80 – Use to listen to inbound connections from port 80
     
After establishing the TCP connection, two hosts can start communication by listening through the ports.
11 – nc 192.168.56.99 80
        HEAD /HTTP/1.0        - Use to identify the web server software of the target
Scanned results show that the target is using  Microsoft-IIS/5.0 Sever
12 – theharvester –d sliit.lk –l 10 –b google – use to search for email addresses from a domain by limiting
results to 10 using google as search engine
13 – dnsenum –h – displays the dnsennum manual
--dnsserver – use this option to translate the web address to IP address
--noreverce – Skip the operation of IP address to domain name translation
14 – dnsenum --dnsserver 8.8.8.8 --enum sliit.lk
Scan results shows the details of Name servers, Mail servers of the scanned domain
Zone transfer has been failed since the resend system is secured by SLIIT.
These scanned information are not getting saved.
To save the log, need to specify the path you want to save the file and use brute force to obtain all the sub
domains.
(Zone transfer – Use to replicate DNS databases across s set of DNS servers, by administrators)  
14 – dnsenum --dnsserver 8.8.8.8 --enum –f /usr/share/dnsenum/dns.txt --subfile /home/viraj/Documents
/AIA_Lab2.txt sliit.lk




Conclusion
  • These tools can be used to analyze assets, to prevent network attacks
  • Saving log files of the scans seems to be a good practice     
References –

Comments

Post a Comment

Popular posts from this blog

Cross Site Request Forgery attacks mitigation

By
Image
Secure Software Systems Author - Viraj Dissanayake Ø Introduction              This article will be focusing on the understanding of the CSRF and the implementation of the mitigating these kind of attacks. Ø Cross site request forgery              Before moving on to the Overview of CSRF attacks, make sure to have a clear idea of these terms Ø Web applications             Web applications are the main target of CSRF attacks             Web applications are services which exposed by organizations on the internet             Most of the web applications rely on three components §   The client – throughout this article we consider the browser as the client §   The web server – forward the client requests to the application server §   The backend – a database Ø Client side HTTP methods(GET/POST)              GET – The most common request sent by the browser to request for content. All the parameters are send in query parameter        
Read more

Splunk ES CI/CD pipeline

By
Image
Splunk Cloud CI/CD pipeline - GitOps   Dev stage     Workflow   When the co nfigurations get pushed to a feature branch or to the dev branch , the Jenkins pipeline get triggered . This would send a notification to the developer in the MS Teams channel acknowledging that the build process has been started.   The pipeline will execute the stages relevant to dev changeset. this includes running validations and generating changelogs .   The generated reports get send to the developer via MS Teams channel.   The changelog report includes the details about the changes that would take effect on Splunk staging environment (When changes get committed to staging branch).     W hen you push configurations to feature/dev branch Pipeline runs to execute terraform plan, but nothing is applied to any environment.   ( e . g : I f the developer places/remove s the Splunk app he’s developed from the Splunkapps /deployer-apps directory and pushes the changes in to a feature branch it will
Read more