Author Topic: Introduction to hacking and Basic Info gathering and recon tools  (Read 3631 times)

0 Members and 1 Guest are viewing this topic.

Offline khofo

  • EZ's Swashbuckler
  • Knight
  • **
  • Posts: 350
  • Cookies: 25
  • My humor is so black, it could go cotton picking.
    • View Profile

Introduction to hacking and Basic Info gathering and recon tools.




I-Introduction to hacking

1.Type of hackers: (I know this section is over-discussed but I felt the need to include it)



-Suicide Hacker: Hacks without hiding himself, and generally wants to be caught the internet’s attention whore.

-Spy Hacker: Works alone or with a team , steals sensitive info to sell it (secrets of fabrication for example)

-Cyber-Terrorist: Causes damage to anything (DOS, DDOS, leak sensitive info)

-  State Sponsored Hacker: Works for his country to hack other governments to steal intel (We all heard about Chinese hackers)

2.Hacktivism

The use of hacking skills to promote political or religious views (deface websites for delivering a message for example)3.      Computer Crimes:

-    Fraud
-    Obscene or offensive content
-     Harassment
-     Threats
-     Drug Trafficking
-     Cyber Terrorism
-     Cyber Warfare
-     Phishing
-     Dumpster Diving
-      Hacking WiFi or Bluetooth without permission
-     Using public exploits
-     Hacking someone’s PC
-      Spam


4.Ethical Hacking

Ethical Hacking is not Penetration testing,
Hacking is forcing a system or network to do things it’s not supposed to do, so Ethical Hacking is Attacking but with PERMISSION.
Penetration Testing will allow the owner of the network to know if vulnerabilities can be exploited. So EXPLOITING not finding the vulnerabilities.

 - Vulnerability Assessment

Only scan and find the vulnerabilities without exploiting

 - Security Auditing:

Evaluate a checklist to comply with certain standards.

   5. Penetration testing types:



-Net Services/devices: Try to get access to physical components on the target’s network to get sensitive info or simply to breach the network

-Client Side: The human being is always the weakest part of a network so the attacker can use social engineering techniques to get access to sensitive info (Spear Phishing is a great way to do that)

-Web App: Exploit vulnerabilities in the target’s website, this can be used to both get access to sensitive content and compromise the website

- Wireless (Including DOS): Wirelessly try to get access or compromise to the network via target’s Wi-Fi or wireless devices this can include jamming, MITM, spoofing, and a big range of attacks

- Physical: Physically penetrate the location to access the network, or breach the security to steal intel, equipment, or sabotage.


II-Reconnaissance and Info Gathering

1. Info Gathering

a-Intel about the client/target:Use:1

- Search Engines: To find general information and have an idea of the target2

- Website: Usually the website is a great place to look into, locations, numbers, emails are important info publicly available .
3

- Tech Support forums: The IT guy may have left some info about some issue he have, hardware used, intel that can be used later.4- Financial Business Article: Will give you an idea of the size of the company, and an idea about their IT spending.

b- The tools:

Organizing the info:

- Dradis (integrated in Kali) 


Copy the website:


- wget (LUI) 


- HTTrack (GUI windows only) 


-Harvesting Company emails:
- The Harvester: it's a very interesting tool which will allow the use of engines like google, bing, linkedin, PGP key server to find company emails as well as mini hosts. it can be used to evaluate the footprint of the target on the internet.

-Custom Wordlists
- CEWL is a tool that will spider the target website and create a custom wordlist which can be useful
-Info Intelligence:
Maltego is an awesome tool, it gives you the possibility of seeing the link between the services, people, locations and much more.


-GOOGLE:



Google is your bestfriend the subject is over-discussed I won't detail it.
-Search strategies
- Google Dorking


- People Search


This can be very useful to find out more about the people in the company
Are the most known and reliable for people search.
2. Reconnaissance
a- Metadata:
It's basically the data within the data, check more here
Tools:
- FOCA: Excellent tool with a GUI u can save all the data and organizes everything. Unfortunately it's only available on windows.

-Metagoofil: Delivers the same but under a LUI and is available on Linux and comes loaded with Kali

Image Metadata Extractor:

-Jeffrey's Exifviewer is very reliable.

-Metadata in images may include: Location, Camera, User, etc..

b-Gathering info about web server
For info like server type, script type etc.

-The best tool on Linux is whatweb

-On windows there is an awesome GUI: HttpRecon


-SSLscan is good for websites using Https

-Who.is or whois is of course at the base of any recon :p
c-For IP Geolocation:
-There is lots of web based tools but as a nice tool that combines the results of multiple services.
-It's a python script called Geoedge.py

-Load Balancing



Load Balancing is using software or hardware to distribute workload on multiple computers, CPU's, HDD's. For more about load balancing click here
Some tools for finding load balancers:
-Dig command
- Lbd.sh is a shell that will check for load balancers in my opinion it's better than Dig and of course finds DNS/HTTP load balancers too.

-Halberd is also a nice tool which displays the results in a nice manner:)

e-For Firewall detection:


I usually use WafW00f, it's the most wide spread WAF detector and it's very reliable.

f-DNS Enumeration



DNS is very important but there is a lot of tutorials out there and I did not feel the need to cover it here, but if you guys want I can fill this section.
« Last Edit: October 11, 2014, 12:14:07 pm by Khofo »
Quote from: #Evilzone
<Spacecow18> priests are bad ppl
<Insanity> Holy crap
Of course God isnt dead. He's out there partying with the Easter Bunny, Santa Clause, Tooth Fairy, and the Man on the moon...
Some of my work: Introduction to Physical Security

Offline Spectrum_963

  • Peasant
  • *
  • Posts: 83
  • Cookies: 20
  • Where shit goes down
    • View Profile
Re: Introduction to hacking and Basic Info gathering and recon tools
« Reply #1 on: October 05, 2014, 11:43:47 pm »
This is basically a list. You could add SOME explanation. Like for example, what do you mean by Client Side under pen testing? (don't say newbs should go google, you should at least add a summary or something.)
+1 anyways.
"The same human mind that creates the most beautiful works of art and extraordinary marvels of technology is equally responsible for the perversion of it's own perfection."

Offline Phage

  • VIP
  • Overlord
  • *
  • Posts: 1280
  • Cookies: 120
    • View Profile
Re: Introduction to hacking and Basic Info gathering and recon tools
« Reply #2 on: October 06, 2014, 01:01:56 am »
As Spectrum suggested, it would benefit the cause of this thread to add a few descriptions to the tools. Also, please, format the thread properly.
"Ruby devs do, in fact, get all the girls. No girl wants a python, but EVERY girl wants rubies" - connection

"It always takes longer than you expect, even when you take into account Hofstadter’s Law."

Offline khofo

  • EZ's Swashbuckler
  • Knight
  • **
  • Posts: 350
  • Cookies: 25
  • My humor is so black, it could go cotton picking.
    • View Profile
Re: Introduction to hacking and Basic Info gathering and recon tools
« Reply #3 on: October 06, 2014, 03:13:05 am »
I will add organization, info, links once I get home but because wrote this on google docs on mobile it does lack some things :)
As Spectrum suggested, it would benefit the cause of this thread to add a few descriptions to the tools. Also, please, format the thread properly.
This is basically a list. You could add SOME explanation. Like for example, what do you mean by Client Side under pen testing? (don't say newbs should go google, you should at least add a summary or something.)
+1 anyways.
« Last Edit: October 06, 2014, 03:14:01 am by Khofo »
Quote from: #Evilzone
<Spacecow18> priests are bad ppl
<Insanity> Holy crap
Of course God isnt dead. He's out there partying with the Easter Bunny, Santa Clause, Tooth Fairy, and the Man on the moon...
Some of my work: Introduction to Physical Security

Offline lucid

  • #Underground
  • Titan
  • **
  • Posts: 2683
  • Cookies: 243
  • psychonaut
    • View Profile
Re: Introduction to hacking and Basic Info gathering and recon tools
« Reply #4 on: October 07, 2014, 01:10:17 am »
So you figured you just HAD to post a tutorial while you were on the go? This is not even a tutorial, it is terribly formatted, and it most likely has bad information. You can't just post whatever shit you want because you are trying to contribute. That actually looks worse then not contributing. Also, if you are not particularly knowledgable on a subject, or the subject is of no real value to the forum, you shouldn't post. It makes the forum look bad and it makes other new people who are trying to learn confused with misinformation.

Don't post until you have something worthwhile, and that you actually know about.
"Hacking is at least as much about ideas as about computers and technology. We use our skills to open doors that should never have been shut. We open these doors not only for our own benefit but for the benefit of others, too." - Brian the Hacker

Quote
15:04  @Phage : I'm bored of Python

Offline khofo

  • EZ's Swashbuckler
  • Knight
  • **
  • Posts: 350
  • Cookies: 25
  • My humor is so black, it could go cotton picking.
    • View Profile
Re: Introduction to hacking and Basic Info gathering and recon tools
« Reply #5 on: October 07, 2014, 04:51:39 pm »
So you figured you just HAD to post a tutorial while you were on the go? This is not even a tutorial, it is terribly formatted, and it most likely has bad information. You can't just post whatever shit you want because you are trying to contribute. That actually looks worse then not contributing. Also, if you are not particularly knowledgable on a subject, or the subject is of no real value to the forum, you shouldn't post. It makes the forum look bad and it makes other new people who are trying to learn confused with misinformation.

Don't post until you have something worthwhile, and that you actually know about.

*taking notes* okay


EDIT: Done
« Last Edit: October 16, 2014, 06:16:43 pm by Khofo »
Quote from: #Evilzone
<Spacecow18> priests are bad ppl
<Insanity> Holy crap
Of course God isnt dead. He's out there partying with the Easter Bunny, Santa Clause, Tooth Fairy, and the Man on the moon...
Some of my work: Introduction to Physical Security

Offline M1lak0

  • Peasant
  • *
  • Posts: 129
  • Cookies: 10
    • View Profile
Re: Introduction to hacking and Basic Info gathering and recon tools
« Reply #6 on: October 16, 2014, 07:49:38 pm »
Well I will appriciate rather then finding faults.. I liked it and with a basic information anybody can get it.. Thankx for share to people who as starting with the basics.. :)
"Security is just an illusion"

Offline khofo

  • EZ's Swashbuckler
  • Knight
  • **
  • Posts: 350
  • Cookies: 25
  • My humor is so black, it could go cotton picking.
    • View Profile
Re: Introduction to hacking and Basic Info gathering and recon tools
« Reply #7 on: October 16, 2014, 09:43:25 pm »
Well I will appriciate rather then finding faults.. I liked it and with a basic information anybody can get it.. Thankx for share to people who as starting with the basics.. :)


If there is any mistake tell me I'll fix that, and yes this is a very basic introduction
Quote from: #Evilzone
<Spacecow18> priests are bad ppl
<Insanity> Holy crap
Of course God isnt dead. He's out there partying with the Easter Bunny, Santa Clause, Tooth Fairy, and the Man on the moon...
Some of my work: Introduction to Physical Security