Hacking of Computer Networks. Dr. Hidaia Mahmood Alassouli

Читать онлайн.

Название Hacking of Computer Networks
Автор произведения Dr. Hidaia Mahmood Alassouli
Жанр Математика
Серия
Издательство Математика
Год выпуска 0
isbn 9783969443545
Hacking of Computer Networks - Dr. Hidaia Mahmood Alassouli
Скачать книгу
can use tool called countrywhois to get information about country of a domain.

       We can use tool called lanwhois to get same information from who.is.

       There is tool called alchemy eye to make monitoring for certain services in a target server. It can check the status of certain services on a server.

       Use robots.txt file to know what is not allowed on the website. Eg www.microsoft.com/robots.txt

       To search site in google write eg, site:tedata.com filetype:pdf. You can search the following in google

      Intitele: search in the title page

      Inurl: search in the url page

      Site: search on site

      Link: other sites that links to our subject

      Inanchor: search on hyperlinks

      Filetype: search to see pattern yet

       There is google hacking data base. You can find exploits in www.exploit-db.com in ghdb section.

       You can use sitedigger to get the dorks of any site.

       You can use theHarvester to get the emails of certain domain. From the backtrack write for example,

      #./theharvester.py –d Microsoft.com –l 500 –b google

       You can search emails using the exploitation tools in back track. Type in the command line msfconsole

      # msfconsole.

      From the command msf, write

      msf> search email

      It will bring all modules that have emails. Take one module

      Auxiliary /gather/ search_email_collector

      Write

      Msf> use Auxiliary /gather/ search_email_collector

      Then write " info "

      Msf> info

      Then write " set DOMAIN Microsoft.com"

      Msf> set DOMAIN Microsoft.com

      Then write "run"

      Msf> run

       You can use Maltego tool. When you run the program, choose company stalker, write the name of the company ie Microsoft.com. It will brings the email of the domain. Take the domain Microsoft.com, then click run transform.

       You can use piple search or facebook.

       You can use the website truecaller website to find the person of certain phone number .

       You can use metadata collector tools. Two tools used, metagofil, FOCA

       Metagofil tool is in backtrack. For example write

      #/pentest/enumeration/google/metagoofilo

      #./metagoofil.py –d Microsoft.com -t doc,pdf -l 200 –n 50 –o microsoftfiles –f results.com

      It will bring many emails and other information.

      You need to change downloader.py to be

Image

       Use foca to download files from certain servers.

       Use traceroute, tracert to traceout the connections in certain server.

       There is tool called tcptraceroute can bypass firewalls.

       You can use geospider as tracert tool.

       You can use trout tool.

       You can use visual ip trace.

       You can use www.bing.com to see all the web sites on the web server. Write the Ip and you will get all websites in the same server.

       To know the type of web server, we use whatweb tool in linux.

      #./whatweb www.microsoft.com

       We can use httprecon tool for same purpose to know the type of web server.

       We can use the site news.netcraft.com to get all information about web server.

       We can use the telnet command to know the type of web server

      # telnet 192.168.1.1 80

      # GET / HTTP / 1.0

       We can use netcat in linux to know the type of web server.

      # nc –n 192.168.28.139 80

      # GET / HTTP / 1.0

      We can use the tool httrack and wget for mirroring websites. You can use them to download and save websites.

       We can use in backtack THCSSLCheck tool

      # wine THCSSLCheck www.yahoo.com 443

      Or use the tool sslscan

      #sslscan www.cnn.com

       To detect the load balancing, we use the tool lbd (load balance dector)

      # ./lbd.sh www.yahoo.com

      It will try to find whether it is load balancing server. It will find the type of server, whether dns or http. It will check the dns load balancing and the http load balancing. Then it will tell whether load balancing made by http or dns

       You can detect the web application firewall. There is tool called wafw00f. The tool can detect some firewalls. Go to waffit in backtrack.

      #./wafw00f.py www.contra.gr

       Some websites can offer help in least time.Centralops.net can make service scan and network whois and domain whois and traceroute and find dns records. Other website can do the same purpose: network-tools.com and serversniff.net and mrdns.com.

       On firefox, add passiverecon addon and you can get from it all information about the web site you are browsing.

       Part 3: Scanning Methodology

      Part 3 of Certified Ethical Hacker (CEH) Course

      By

      Dr. Hidaia Mahmood Alassouli

      [email protected]

       Part 3: Scanning Methodology

      a) Scanning Methodology

      The steps for hacking: Reconnaissance, Scanning, Gaining Access, Maintaining Access, Covering Tracks

Image

      b) Understanding Packet Craft to Create Packet

Image

       Using scapy tool to send a packet

 Image Image

      c) Understanding the ping sweep technique.

Image

      It will find which devices are actives in the network. There are many tools to make ping sweep: angry and hping and nmap.

       Use

Скачать книгу