CEHv8 module 12 hacking webservers

Update: customers are complaining that GoDaddy hosted e-mail accounts are down as well, along with GoDaddy phone service and all sites using GoDaddy's DNS service.Update 2: A member of A

Trang 1

M o d u l e 1 2

Trang 3

Update: customers are complaining that GoDaddy hosted e-mail accounts are down as well, along with GoDaddy phone service and all sites using GoDaddy's DNS service.

Update 2: A member of Anonymous known as AnonymousOwn3r is claiming responsibility, and makes it clear this is not an Anonymous collective action.

A tipster tells us that the technical reason for the failure is being caused by the inaccessibility of GoDaddy's DNS servers — specifically CNS1.SECURESERVER.NET, CNS2.SECURESERVER.NET, and CNS3.SECURESERVER.NET are failing to resolve.

Trang 5

M o d u le O b je c tiv e s C

tt*H4i Nath*

J Why Web Servers are Compromised? J How to Defend Against Web Server

J Webserver Attack Methodology ־־ / ^ J Patch Management Tools

J Web Password Cracking Tools J Webserver Pen Testing

C o p y rig h t © b y IG -C O H C il A ll R ig h ts R eserved R e p ro d u c tio n is S tr ic tly P ro h ib ite d

Trang 8

H acking W e b s e rv e rs

־ J - ►

8 0 %

6 4 6 % כ

FIGURE 12.1: Web Server Market Shares

Ethical H acking a n d C o u n te rm e a s u re s C o p y rig h t © by EC-C0UnCil

M o d u le 12 P a g e 1607

Trang 9

Open Source Webserver CEH Architecture

Attacks Site Admin

Trang 11

IIS Web Server Architecture CEH

In te rn e t In fo rm a tio n Services (IIS) fo r W indow s Server is a fle x ib le , secure, and easy-to-m anage w eb server fo r ho sting an ything

on th e w eb

HTTP Protocol Stack (HTTP.SYS)

-3

׳

A p a ch e HTTP se rve r IT o ccu p ie s a ro u n d 17.4% o f th e t o t a l m a rk e t s h a re It s u p p o rts HTTP, HTTPS, FTP, FTPS, SMTP, and NNTP.

The d ia g ra m th a t fo llo w s illu s tra te s th e basic c o m p o n e n ts o f IIS w e b s e rv e r a rc h ite c tu re :

Trang 12

Client

HTTP Protocol Stack (HTTP.SYSI

Internet

AppD om ain

ManagedModules

FormsAuthentication

FIGURE 12.3: IIS W eb Server A rchitecture

M o d u le 12 P a g e 1611

Trang 13

CEH Website Defacement

Next target - microsoft.com

J W eb defacem ent occurs when

an in tru d e r m aliciously alters

visual appearance o f a w eb

page by inserting o r

su b stitu tin g provocative and

fre q u e n tly offending data

J Defaced pages exposes visitors

to som e propaganda o r

misleading info rm a tio n until

th e unauthorized change is

discovered and corrected

C o p y rig h t © b y EG -G (IIIIC il A ll R ig h ts R ese rve d R e p ro d u c tio n Is S tr ic tly P ro h ib ite d

Website Defacement

W e b s ite d e fa c e m e n t is a process o f ch a n g in g th e c o n te n t o f a w e b s ite o r w e b page

by h a cke rs H ackers b re a k in to th e w e b servers and w ill a lte r th e h o ste d w e b s ite by c re a tin g

s o m e th in g n e w

W e b d e fa c e m e n t occurs w h e n an in tr u d e r m a lic io u s ly a lte rs th e visual a p p e a ra n c e o f a w e b page by in s e rtin g o r s u b s titu tin g p ro v o c a tiv e and fr e q u e n tly o ffe n s iv e d a ta D efaced pages expose v is ito rs to p ro p a g a n d a o r m is le a d in g in fo rm a tio n u n til th e u n a u th o riz e d change is

d is c o v e re d and c o rre c te d

Trang 14

B O ®World Wide Web

י י

,

FIGURE 12.4: W ebsite D efacem ent

M o d u le 12 P a g e 1613

Trang 15

C o p y rig h t © b y EG -G (IIIIC il A ll R ig h ts R ese rve d R e p ro d u c tio n is S tr ic tly P ro h ib ite d

Why Web Servers Are Compromised

T h e re are in h e re n t s e c u rity risks associated w ith w e b servers, th e local area n e tw o rk s

th a t h o s t w e b sites and users w h o access th e s e w e b s ite s using b ro w s e rs

th a t th e w e b s e rv e r can expose th e local area n e tw o rk (LAN) o r th e c o rp o ra te in tra n e t

to th e th re a ts th e In te rn e t poses This m ay be in th e fo rm o f viruses, T ro ja n s, a tta c k e rs ,

o r th e c o m p ro m is e o f in fo rm a tio n its e lf S o ftw a re bugs p re s e n t in large c o m p le x

p ro g ra m s are o fte n c o n s id e re d th e source o f im m in e n t s e c u rity lapses H o w e v e r, w e b servers th a t are large c o m p le x d e vices and also c o m e w ith th e s e in h e re n t risks In

a d d itio n , th e o p e n a rc h ite c tu re o f th e w e b servers a llo w s a rb itra ry s c rip ts to ru n on th e

s e rv e r side w h ile re p ly in g to th e re m o te re q u e sts A n y CGI s c rip t in s ta lle d a t th e site

m ay c o n ta in bugs th a t are p o te n tia l s e c u rity holes.

p o o rly c o n fig u re d w e b s e rv e r poses a n o th e r p o te n tia l h o le in th e local n e tw o rk 's

s e c u rity W h ile th e o b je c tiv e o f a w e b is to p ro v id e c o n tro lle d access to th e n e tw o rk , to o

m u ch o f c o n tro l can m ake a w e b a lm o s t im p o s s ib le to use In an in tr a n e t e n v iro n m e n t,

th e n e tw o rk a d m in is tra to r has to be c a re fu l a b o u t c o n fig u rin g th e w e b se rve r, so th a t

th e le g itim a te users are re co g n ize d and a u th e n tic a te d , and v a rio u s g ro u p s o f users assigned d is tin c t access p riv ile g e s

Trang 16

s u rfin g th e w e b a p p e a rs b o th safe and a n o n y m o u s H o w e v e r, a c tive c o n te n t, such as

A ctive X c o n tro ls and Java a p p le ts , m ake it possible fo r h a rm fu l a p p lic a tio n s , such as viru se s, to in v a d e th e user's syste m Besides, a c tiv e c o n te n t fro m a w e b s ite b ro w s e r can

be a c o n d u it fo r m a lic io u s s o ftw a re to bypass th e fire w a ll system and p e rm e a te th e local area n e tw o rk

The ta b le th a t fo llo w s show s th e causes and c o n se q u e n ce s o f w e b s e rv e r c o m p ro m is e s :

I n s t a l l i n g t h e s e r v e r w i t h d e f a u l t

s e t t i n g s

U nnecessa ry d e fa u lt, backup, o r sa m p le file s

I m p r o p e r f i l e a n d d i r e c t o r y p e r m i s s i o n s S e c u rity c o n flic ts w ith business ease -o f-u se

TABBLE 12.1: causes and consequences of w eb server com prom ises

M o d u le 12 P a g e 1615

Trang 17

Impact of Webserver Attacks CEH

Impact of Web Server Attacks

A tta c k e rs can cause v a rio u s kinds o f d a m a g e to an o rg a n iz a tio n by a tta c k in g a w e b

se rve r The d a m a g e in clu d e s:

a c c o u n t c o m p ro m is e If th e a tta c k e r is able to c o m p ro m is e a user a c c o u n t, th e n th e

a tta c k e r can gain a lo t o f u se fu l in fo rm a tio n A tta c k e r can use th e c o m p ro m is e d user

a c c o u n t to la u n ch fu r th e r a tta c k s on th e w e b server.

Q D ata ta m p e r in g : A tta c k e r can a lte r o r d e le te th e d a ta He o r she can even re p la ce th e

da ta w ith m a lw a re so th a t w h o e v e r c o n n e c ts to th e w e b s e rv e r also be co m e s

c o m p ro m is e d

0 W e b s ite d e fa c e m e n t: H ackers c o m p le te ly change th e o u tlo o k o f th e w e b s ite by

re p la c in g th e o rig in a l d a ta T h e y change th e w e b s ite lo o k by ch a n g in g th e visuals and

d is p la y in g d iffe r e n t pages w ith th e m essages o f th e ir o w n

o r she can use th e s e rv e r to launch f u r th e r a tta cks on v a rio u s w e b s ite s o r c lie n t system s.

0 D ata t h e f t : Data is o n e o f th e m a in assets o f th e c o m p a n y A tta c k e rs can g e t access to

s e n s itiv e d a ta o f th e c o m p a n y like so u rce co d e o f a p a rtic u la r p ro g ra m

Trang 18

to log in to a n e tw o rk , be it a d e d ic a te d se rve r, s e m i-d e d ic a te d , o r v irtu a l p riv a te server

A tta c k e rs can p e rfo rm any a c tio n once th e y g e t ro o t access to th e source.

M o d u le 12 P a g e 1617

Trang 19

M o d u le F lo w

Module Flow

C o n s id e rin g th a t yo u b e ca m e fa m ilia r w ith th e w e b s e rv e r c o n c e p ts , w e m o ve fo rw a rd

to th e possible a tta c k s on w e b se rve r Each and e v e ry a c tio n on o n lin e is p e rfo rm e d w ith th e

h e lp o f w e b se rve r H ence, it is c o n s id e re d as th e c ritic a l so u rce o f an o rg a n iz a tio n This is th e sam e reason fo r w h ic h a tta c k e rs are ta rg e tin g w e b server T h e re are m a n y a tta c k te c h n iq u e used by th e a tta c k e r to c o m p ro m is e w e b se rve r N o w w e w ill discuss a b o u t th o s e a tta c k

te c h n iq u e s

a tta c k , HTTP re sp o n se s p littin g a tta c k , w e b cache p o is o n in g a tta c k , h ttp re sp o n se h ija ckin g ,

w e b a p p lic a tio n a tta cks, etc.

W e b s e r v e r P e n T e s t i n g J 3 W e b s e r v e r S e c u r i t y T o o l s

Trang 20

H a c k i n g W e b s e r v e r s

Server misconfiguration refers to configuration weaknesses in web infrastructure that can be

exploited to launch various attacks on web servers such as directory traversal, server intrusion,

and data theft

Remote Administration Functions

Unnecessary Services Enabled

Verbose debug/error

Anonymous or Default

Users/Passwords

Misconfigured/Default SSL Certificates Sample Configuration,

and Script Files

Web Server Misconfiguration

Trang 21

This configuration allows anyone to view th e server status page, w hich contains detailed info rm a tio n about

the current use o f the w eb server, including info rm a tio n a b out the cu rre n t hosts and requests being processed

This configuration gives verbose error m essages

C o p y rig h t © b y E G -G tlin c il A ll R ig h ts R ese rve d R e p ro d u c tio n is S tr ic tly P ro h ib ite d

Trang 22

Volume in drive C has no label

Volume Serial Number is D45E-9FEE

http://server.eom/s

cripts/ %5c /Wind

0ws/System32/cm

d.exe?/c+dir+c:\

Directory Traversal Attacks

1

E O images

O news

□ scripts

368 bytes ,115,200 byte s fre e

Trang 23

HTTP Response Splitting Attack CEH

(•rt1fw< itkNjI NmIm

Input = Jason

HTTP/1.1 200 OKSet-Cookie: author=Jason

Input = JasonTheHacker\r\nHTTP/l.l 200 OK\r\n

F irs t R e s p o n s e ( C o n tr o lle d b y A t t a c k e r )

Set-Cookle: author=JasonTheHacker HTTP/1.1200 OK

S e c o n d R e s p o n s e

HTTP/1.1 200 OK

y

HTTP response splitting attack involves adding

header response data into the input field so

that the server split the response into two

responses

The attacker can control the first response to

redirect user to a malicious website whereas

the other responses will be discarded by web

HTTP Response Splitting Attack

An HTTP re sp o n se a tta c k is a w e b -b a s e d a tta c k w h e re a s e rv e r is tric k e d by in je c tin g

n e w lines in to response h e a d e rs a lo n g w ith a rb itra ry code C ross-S ite S c rip tin g (XSS), Cross Site

R e q u e st F o rg e ry (CSRF), a n d SQL In je c tio n are so m e o f th e e xa m p le s fo r th is ty p e o f atta cks The a tta c k e r a lte rs a single re q u e s t to a p p e a r and be processed by th e w e b s e rv e r as tw o

re q u e sts The w e b s e rv e r in tu r n re sp o n d s to each re q u e s t This is a c c o m p lis h e d by a d d in g

h e a d e r response da ta in to th e in p u t fie ld An a tta c k e r passes m a lic io u s d a ta to a v u ln e ra b le

a p p lic a tio n , and th e a p p lic a tio n in clu d e s th e da ta in an HTTP re sp o n se h e a d e r The a tta c k e r can

c o n tro l th e fir s t response to re d ire c t th e user to a m a lic io u s w e b s ite , w h e re a s th e o th e r responses w ill be d is c a rd e d b y w e b b ro w s e r.

Trang 24

Input = Jason

HTTP/1.1 200 OK

Set-Cookie: author=Jason

Input = JasonTheHacker\r\nHTTP/l.l 200 OK\r\n

F irs t R e s p o n s e ( C o n tr o lle d b y A tta c k e r )

Set-Cookie; author=JasonTheHacker HTTP/1.1 200 OK

FIGURE 12.8: HTTP Response Splitting Attack

M o d u le 12 P a g e 1623

Trang 25

Web Cache Poisoning Attack CEH

Original Juggyboy page

A tta c k e r sends request to re m o ve p age fro m cache

N o rm al response a fte r clearing th e cache fo r juggyboy.com

A tta ck er sends m alicious request

th a t g ene rates tw o responses ( 4 and 6)

A tta c k e r gets first serv er response

A tta c k e r re q u e s ts d ju g g y b o y c o m

a gain t o g e n e ra te cache e n try

The second response of

Web Cache Poisoning Attack

Trang 26

p o in t ! t o :k e f's page

c le a rin g th e cache fo rju g g y b o y c o m

A tta c k e r sends m a lic io u s re q u e s t

th a t g e n e ra te s t w o re sp o n se s (4 and 6)

A tta c k e r g e ts f ir s t s e rv e r re s p o n s e

The res!

FIGURE 12.9: Web Cache Poisoning Attack

M o d u le 12 P a g e 1625

Trang 27

C o p y rig h t © b y EG-GtUIICil A ll R ig h ts R ese rve d R e p ro d u c tio n is S tr ic tly P ro h ib ite d

HTTP Response Hijacking

HTTP response h ija c k in g is a c c o m p lis h e d w ith a re sp o n se s p littin g re q u e s t In th is

a tta c k , in it ia lly th e a tta c k e r se n d s a re s p o n s e s p littin g re q u e s t t o th e w e b s e rv e r The s e rv e r

sp lits th e re sp o n se in to tw o and sends th e fir s t re sp o n se to th e a tta c k e r and th e second

re sp o n se to th e v ic tim On re c e iv in g th e re sp o n se fro m w e b se rve r, th e v ic tim re q u e s ts fo r service by g ivin g c re d e n tia ls A t th e sam e tim e , th e a tta c k e r re q u e s ts th e in d e x page T hen th e

w e b s e rv e r sends th e response o f th e v ic tim 's re q u e s t to th e a tta c k e r and th e v ic tim re m a in s

u n in fo rm e d

The d ia g ra m th a t fo llo w s sh o w s th e s te p -b y -s te p p ro c e d u re o f an HTTP re sp o n se h ija c k in g

a tta c k :

Trang 28

H acking W e b s e r v e r s

FIGURE 12.10: HTTP Response Hijacking

M o d u le 12 P a g e 1627

Trang 29

SSH B ru te fo rc e A tta c k CEH

C«rt1fW4 itfciul IU c I m (

1^1 SSH protocols are used to create an encrypted SSH tunnel between tw o hosts in order to transfer

unencrypted data over an insecure networkAttackers can bruteforce SSH login credentials to gain un auth orized access to a SSH tu n n e l

q SSH tunnels can be used to tra n s m it m alw ares and o th e r exploits to victim s w ith o u t being

A ttacker

SSH Brute Force Attack

SSH p ro to c o ls are used to c re a te an e n c ry p te d SSH tu n n e l b e tw e e n tw o hosts in o rd e r

to tra n s fe r u n e n c ry p te d da ta o v e r an in se cu re n e tw o rk In o rd e r to c o n d u c t an a tta c k on SSH, fir s t th e a tta c k e r scans th e e n tir e SSH s e rv e r t o id e n tify th e p o s s ib le v u ln e r a b ilitie s W ith th e

h e lp o f a b ru te fo rc e a tta c k , th e a tta c k e r gains th e lo g in c re d e n tia ls O nce th e a tta c k e r gains th e

lo g in c re d e n tia ls o f SSH, he o r she uses th e sam e SSH tu n n e ls to tra n s m it m a lw a re and o th e r

e x p lo its to v ic tim s w ith o u t b e in g d e te c te d

I

Mail Server

Attacker

Trang 30

J M a n -in -th e -M id d le (M ITM ) attacks allow an attacker to access sensitive in fo rm a tio n by in te rceptin g and a lte rin g com m unica tions betw een an end-user and webservers

J A ttacker acts as a proxy such th a t all th e com m unication betw een th e user and Webserver passes throug h him

Trang 31

FIGURE 12.12: M an-in-the-M iddle Attack

Trang 32

the y a r e a valid user

Attackers use d iffe re n t m ethods

such as social engineering, spoofing, phishing, using a Trojan

Horse o r virus, w iretapping, keystroke logging, etc

The m ost com m on passwords found are password, root, adm inistrator, admin, dem o, test, guest, qw erty, pet names, etc

Web Server Password Cracking

h a cke r can log in in to th e n e tw o rk as an a u th o riz e d p e rso n M o s t o f th e c o m m o n passw ords

A tta c k e rs use d iffe r e n t m e th o d s such as social e n g in e e rin g , s p o o fin g , p h ish in g , using a T ro ja n

h orse o r v iru s, w ire ta p p in g , k e y s tro k e logging , a b ru te fo rc e a tta c k , a d ic tio n a ry a tta c k , etc to crack passw ords.

Trang 33

or symbols to the password attempt

Trang 34

b ru te fo rc e a tta c k It also consists o f s y m b o ls and n u m b e rs P assw ord cra ckin g be co m e s

ea sie r w ith th is m e th o d

M o d u le 12 P a g e 1633

Trang 35

Web Application Attacks CEH

r Oss

rg e ,

enia'0f.s '°°s,a£ Z '

s׳»Pe,

T **0rv

Note: For complete coverage of web application attacks refer to Module 13: Hacking Web Applications

SL

Web Application Attacks

V u ln e r a b ilitie s in w e b a p p lic a tio n s ru n n in g on a w e b s e rv e r p ro v id e a b ro a d a tta c k

p a th fo r w e b s e rv e r c o m p ro m is e

D i r e c t o r y T r a v e r s a l

D ire c to ry tra v e rs a l is e x p lo ita tio n o f HTTP th ro u g h w h ic h a tta c k e rs are a ble to access

re s tric te d d ire c to rie s and e x e c u te c o m m a n d s o u ts id e o f th e w e b s e rv e r ro o t d ire c to ry

by m a n ip u la tin g a URL.

P a r a m e t e r / F o r m T a m p e r i n g

This ty p e o f ta m p e r in g a tta c k is in te n d e d to m a n ip u la te th e p a ra m e te rs exchang ed

b e tw e e n c lie n t and s e rv e r in o rd e r to m o d ify a p p lic a tio n d a ta , such as user c re d e n tia ls and p e rm is s io n s , p rice and q u a n tity o f p ro d u c ts , etc.

C o o k i e T a m p e r i n g

C ookie ta m p e rin g is th e m e th o d o f p o is o n in g o r ta m p e r in g w it h th e c o o k ie o f th e

c lie n t The phases w h e re m o s t o f th e a tta c k s are d o n e are w h e n s e n d in g a c o o k ie fro m

th e c lie n t side to th e se rve r P e rs is te n t and n o n -p e rs is te n t co o kie s can be m o d ifie d by using

d iffe r e n t to o ls

Trang 36

C o m m a n d I n j e c t i o n A t t a c k s

C o m m a n d in je c tio n is an a tta c k in g m e th o d in w h ic h a h a c k e r a lte rs th e c o n te n t o f th e

w e b page by using h tm l co d e and by id e n tify in g th e fo rm fie ld s th a t lack va lid

m

c o n s tra in ts

I B u f f e r O v e r f l o w A t t a c k s

M o s t w e b a p p lic a tio n s are desig n e d to su sta in som e a m o u n t o f d a ta If th a t a m o u n t

is e xce e d e d , th e a p p lic a tio n m ay crash o r m ay e x h ib it som e o th e r v u ln e ra b le

b e h a v io r The a tta c k e r uses th is a d v a n ta g e and flo o d s th e a p p lic a tio n s w ith to o m u ch da ta ,

w h ic h in tu r n causes a b u ffe r o v e rflo w a tta c k

A d e n ia l-o f-s e rv ic e a tta c k is a fo rm o f a tta c k m e th o d in te n d e d t o te r m in a te th e

o p e ra tio n s o f a w e b s ite o r a s e rv e r and m ake it u n a v a ila b le to access fo r in te n d e d

U n v a l i d a t e d I n p u t a n d F i l e i n j e c t i o n A t t a c k s

U n v a lid a te d in p u t and file in je c tio n a tta c k s re fe r to th e a tta c k s c a rrie d by s u p p ly in g

an u n v a lid a te d in p u t o r by in je c tin g file s in to a w e b a p p lic a tio n

C r o s s - S i t e R e q u e s t F o r g e r y ( C S R F ) A t t a c k

The u se r's w e b b ro w s e r is re q u e s te d by a m a lic io u s w e b page to send re q u e s ts to a

m a lic io u s w e b s ite w h e re v a rio u s v u ln e ra b le a c tio n s are p e rfo rm e d , w h ic h are n o t

in te n d e d by th e user This kind o f a tta c k is d a n g e ro u s in th e case o f fin a n c ia l w e b s ite s

S Q L I n j e c t i o n A t t a c k s

SQL in je c tio n is a co d e in je c tio n te c h n iq u e th a t uses th e s e c u rity v u ln e ra b ility o f a

d a ta b a se fo r atta cks The a tta c k e r in je c ts m a lic io u s code in to th e s trin g s th a t are la te r

on passed on to SQL S erver fo r e x e c u tio n

S e s s i o n H i j a c k i n g

n e g o tia te s th e real va lid w e b session c o n tro l m e c h a n is m to access th e a u th e n tic a te d

p a rts o f a w e b a p p lic a tio n

M o d u le 12 P a g e 1635

Trang 38

Web Server Attack Methodology

Trang 39

V u ln e ra b ility sca n n in g is a m e th o d o f fin d in g v a rio u s v u ln e r a b ilitie s a n d m is c o n fig u ra tio n s o f a

w e b s e rv e r V u ln e ra b ility sca n n in g is d o n e w ith th e h e lp o f v a rio u s a u to m a te d to o ls k n o w n as

v u ln e ra b le scanners.

S e s s i o n H i j a c k i n g

Session h ija c k in g is possible once th e c u rre n t session o f th e c lie n t is id e n tifie d C o m p le te

c o n tro l o f th e user session is ta k e n o v e r by th e a tta c k e r by m eans o f session h ija ckin g

H a c k i n g W e b S e r v e r P a s s w o r d s

A tta c k e rs use v a rio u s p a ssw o rd c ra ckin g m e th o d s like b ru te fo rc e atta cks, h y b rid

a tta c k s , d ic tio n a ry atta cks, etc and crack w e b s e rv e r p assw ords.

Trang 40

Domain Name: EBAY.COM Registrar: MARKM0N1T0R INC.

Whois Server: w hois.m aricw iitor.com Reterral URL: http://www.m arXmonicor.com Name Server: yC-ONSl.CDAYDNS.COM

N3m0 Sorvof: SJC DNS2.bBAYDNS.COM Namo sorvor: SMF DNS1.EBAYDNS.C0N Name sarver: SMF-DNSi.fcBAYDNS.COM Status: cll«r)tO(H«tcProhIhlt«d Status: clieritTrm sf«Pral1 ibit*d Status: dienWpdnteProhibited Status: serverDeieteProhibited Status: server TransferProh 1b itod Status: sorvorUDdateProhibital updated Date: I 5 ־sep-2010 Creation Date: 04-aug-l995 Expiration Date: 03-aug-2018

In form a tion gathering involves collecting info rm a tio n a b out the

targete d com pany

Attackers search th e In te rn e t, newsgroups, b u lle tin boards, etc

fo r info rm a tio n a b out th e com pany

Attackers use W hois, Traceroute, A ctive W hois, etc too ls and

query th e W hois databases to get th e details such as a dom ain

name, an IP address, o r an autonom ous system num ber

Note: For com plete coverage o f in fo rm a tio n ga therin g techniques

re fer to M o d u le 02: F o o tp rin tin g and Reconnaissance

h ttp ://www whois net

Every a tta c k e r b e fo re ha ckin g fir s t c o lle c ts all th e re q u ire d in fo rm a tio n such as v e rs io n s and

te c h n o lo g ie s b e in g used by th e w e b se rve r, etc A tta c k e rs search th e In te rn e t, n e w sg ro u p s,

b u lle tin boards, etc fo r in fo rm a tio n a b o u t th e c o m p a n y M o s t o f th e a tta c k e rs ' tim e is s p e n t in

th e phase o f in fo r m a tio n g a th e rin g o n ly T h a t's w h y in fo rm a tio n g a th e rin g is b o th an a rt as

w e ll as a science T h e re are m a n y to o ls th a t can be used fo r in fo rm a tio n g a th e rin g o r to g e t

d e ta ils such as a d o m a in nam e, an IP address, o r an a u to n o m o u s system n u m b e r The to o ls

Định dạng
Số trang	123
Dung lượng	5,7 MB