· Information Gathering
· Scanning
· Gaining Access
· Maintaining Access
· Covering Tracks
In this post I’ll write about Information Gathering.
Information Gathering:
Information gathering is a very important technique in order to begin with hacking. It means to gather as much of information about the target either it can be a network, can be a company’s website anything you want. Information gathering can be classified in two groups:
· Active
· Passive
Active
Means you are directly interacting with the target.
For example: the telephone calls or by meeting with the person to extract its company’s info. Let’s consider an instance that a person is working in some company and got irritated with them and he decides to hack the company’s confidential data from some computer now as a member of the Company he has got some rights to talk to any official person in his company. So, he will just interact with them and will gather the information whatever is best for him. This means he comes under active information gathering Technique.
Passive
Means you are indirectly interacting with the target.
For example: Either on the news channel or by the source of internet. In this case if some cracker wants to crack the security of any website the best source of information gathering will be GOOGLE. He will just type the name of the company and all his information required to hack will be on GOOGLE.
Methods to gather the information:
· Ping technique: Ping technique is the best method to know the IP address of any website. Ping is actually used to check whether the connection between the target and the attacker’s machine is maintained or not.
o Go to Start -> cmd and click open
o Type command ‘ping <name of the website>’ ex: ping nptrick.tk
We get the IP address but what is the use of getting an IP address. This IP address plays actually a very vital role in any of the hacking technique. Everything depends simply on the ip address.
· Reverse Lookup: After finding the IP address its time for reverse lookup. Reverse lookup is a technique which is used to check for the hosting that the website on which an attacker is going to attack is on dedicated server or on shared server. A dedicated server will only hold a single website. And a shared server will hold number of websites hosted on one single website.
There are many online tools available that will check for the reverse lookup like:
But apart from these online tools crackers usually prefer http://www.bing.com/ . The above techniques of information gathering are the best ones but there are some others like Domain Analysis in which the information about the DNS (Domain Name Service) are available.
· Tools:
o Netifera: Netifera is a tool which is used to gather the information through one single click. It is a very powerful tool which gives you a complete platform to gather the information about the target whatever the website you want to attack……………
How to do it is very simple. This tool is pre-installed in BACKTRACK – A Linux OS. The information which a cracker will gather be:
1. IP ADDRESS
2. REVERSE LOOK UP ( Check for shared or Dedicated)
3. No. of websites hosted if it is shared
4. DNS (DOMAIN NAME SERVICES) etc.
Now NETIFERA gives all such kind of information like this:
HOW TO OPEN NETIFERA:
Backtrack -> Information Gathering -> Network Analysis -> Network Scanners -> Netifera