linux--Network Intelligence Collection (summary. Dry goods + combat)

Here is a piece of dry goods on the 2cto.com, and I have compiled some useful tools according to these dry goods http://m.2cto.com/article/201309/245214.html

A few simple steps from an attacker's perspective:

1, to determine their goals, the goal can be a network, Web applications, organizations or individuals. In our world, the search for information is also known as casing.

2. Advantageous collection techniques on various different goals:

　　A, the Internet

Valid data:

Company's archived data

Company website (Web page)

Privacy Policy used in the application

Security policies used in the application

Customer Information

Testimonials/Reviews

Precise location Details

Employee information (location, contact, area of interest, etc.).

Check the source code of the Web page comments can also obtain valid information

Command description: Whois "DNS"

--------------------------------------------------------------------------------------------------------------- -------------------------------------------------------

Using data to obtain authorization:

Hackers/attackers Use this information as usernames to obtain any authorized network, routers, etc., and hackers can use the following sources listed below for any employee of the phone number, physical address:

Www.phonenumbers.com

Www.411.com

Www.yellowpages.com

A phone number, you can also take advantage of social engineering techniques. Additional information can be from these sites such as:

Www.ussearch.com

Www.zabasearch.com

Www.pipl.com

Use information to find weaknesses:

The tool is an intelligence collection Maltego tool.

(3) Select parameters:

-A Search all databases

-C Find the smallest match that contains a Mnt-irt attribute

-D Returns the proxy object for the DNS reverse lookup at the same time (requires support for the RPSL protocol)

-F Fast Output raw data

-H Hide Legal Notice content

-I ATTR a reverse query

-l reduce accuracy to a level of query (requires support for RPSL protocol)

-L Find all low precision matches

-M find first level high accuracy match

-M find all high accuracy matches

-R Turn off recursive queries when querying contact information

-r display local domain name object copy

-X Exact Match

-h[Host] Connect to the specified host server

-p[Port] Connect to the specified port port

-t[Type] Query specified type Object header information

-t[Type] Find objects of the specified type

-v[Type] query specifies type Object redundancy information

-Q [version | type] Query specific server information (requires support for RPSL protocol)

B. Windows leverages

ACLs for these complex routers (access control lists). If enabled, you cannot do tracerouting from the client and other common tests. In this case, people can still 53,dns data by sending the port of the packet. So our command is a route trace as follows:

Traceroute –p-resources.infosecinstitute.com-sends a packet via 53 port, DNS, and obtains route tracking information from the complex router ACL access control list.

DNS=>IP, but IP! =>dns, so configuring DNS security is extremely important

Another important thing to check out Tracerouting is to ask for DNS enumeration. This is the most important part of network intelligence gathering. In general, this uses DNS hostnames to map to IP addresses and vice versa. DNS security must be configured, otherwise someone can get information for each bit of the entire organization through the region. Zone transfer is the most common and potential weakness of a server that is misconfigured. This can reveal valuable information about the target.

If the server has this vulnerability, it allows a second server to update itself from the primary server. This is why an attacker only performs zone transfers on a secondary server. This is why attackers only perform zone transfers on secondary servers. Therefore, many servers give information to all regions.

Command Description:

Valid information for mining DNS servers: Dig infosecinstitute.com

Staging zones and DNS enumeration (in the case of DNS server configuration Security): Dnsenum Dnsmap

linux--Network Intelligence Collection (summary. Dry goods + combat)