Basics of Gathering Information
| First you must know what your target is, a regular computer, a website, an account
on a website, etc. This information will help you later when exploiting the target
and discovering information.
It is completely legal to know the following things, as they are available to the public: * First name * Last name * Where they are from * What OS they run * Their web browser * Username (of the ISP, and websites they belong to) * ISP * IP address * Phone number * Street address * Services/daemons running on their system Now I will discuss some techniques used to find this information. Google: Google is a very powerful tool, and it is anonymous. To learn more about a site just type site:type site name here and you will see all of it's subdomain's indexed by Google. You can also use this with usernames, emails, and other information you gather (of course not using the "site:" string) You would do that because user's may use the same email/username for multiple sites, and there you could discover more about your target. Emails: If you can get someone to email you back look in the headers of the email. From here you can gain IP addresses, dates, what mail service they are running (thunderbird, web based, etc.) and more info. Finger: It runs on port 79, and using it you can find info about the server running it. Using this you can get info such as owner's name, if the system is up, uptime/downtime, and sometimes even a phone number and address. Finger can be used by telnetting to port 79 (windows), Getting a Unix shell account and using the finger command, or samspade, from samspade.org Whois: Whois looks up info about a domain name, it checks InterNIC's database for information, such as ISP, where they live, etc. Port Scanning: This is very important, I reccommend Nmap for this, you can get it at insecure.org, (check out the site, it's a great resource) Basically Nmap will scan your target and check which ports are open, closed, and filtered. Nmap is a powerful tool, I reccommend you get familiar with it. Services/Daemons: If you happen to find an open port you can telnet to it and check what is running on it, the version, and you can sometimes exploit it. Check sites like Milw0rm.com and insecure.in for possible exploits. Doing this is sometimes reffered to as banner grabbing. Social Engineering: Asking the user!! Some of the best hackers used social engineering to get them closer to their targets, take Mitnick as an example, he was very familiar with how computers and phone networks worked, and used this to exploit the user to gain more information. (Emails, secret info, etc.) Here I would include phishing attempts and IP catchers (which can be coded in PHP). Whats's Next?: Usually exploitation, ;) Reply me if u like it. Thanx |