SUMMARY

SUMMARY

Introduction
Throughout this course, we have given you an overview of the different
phases during an ethical hacking exercise and we have given you
background information on good security design. In addition you
should have gained an understanding of some of the current security
vulnerabilities, exploits and attacks.
We will now summarize the ethical hacking process, most of which has
been outlined during the previous sessions.


Passive Information Gathering
Passive information gathering consists of numerous queries conducted
to find out what information can be discovered about the target
infrastructure. These queries are passive rather than active because
they normally involve no direct probing of the target; rather, public
databases and other information sources are used, and information
’leaking’ from the target network is examined.
• Determination of scope: public databases and other information
resources on the Internet are queried (Usenet groups, EDGAR,
search engines, etc.) to verify which IP addresses belong to the
target network and which devices can be used to get access to this
network indirectly. For example, security breaches often occur
when an organization fails to manage their Internet connections
during the process of acquiring or merging with another company.
Intruders often make use of such unexpected trusted paths.
• Website analysis: Any public web sites relating to the subject will be
scraped using a tool for off-line content checking. The HTML source
code will then be searched for valuable information, either from an
attack or social engineering perspective. This may include:
• Author names & software used
• Topology of web-server(s)
• Locations and format of any CGI or active pages
• Details of back-end resources
• Network enumeration: this step is performed to make sure all
domain names related to the target organization are known.
Querying InterNIC databases usually provides interesting
information including the name and contact details of the domain's
registrant, the DNS servers, the time the records were created and
updated, etc.


• DNS querying: If a DNS is configured insecurely, revealing
information can be obtained about the target organization. DNS
zone transfers can provide an attacker with internal IP address
information.
If the target network has been configured properly, the ideal result
should be that no unnecessary information is 'leaked' to the outside
world. (Unnecessary means that it is not essential to the correct and
efficient functioning of the infrastructure.)