Information Gathering : First

Step to Hacking
What is Information
Gathering?
What is Information Gathering??
• Information Gathering is the first step towards hacking. It is knowing
the System, Person or the victim we are targeting in order to be more
precise. The work we do in this section is very much in the name itself
– “Information Gathering”.
Now let us discuss why it is important.
• From a daily example, who can harm us the most? The answer is The
one who knows us very well. Today knowledge of someone and data
about someone is very important as today’s world is data-driven. The
more we know someone, the more harm we can cause as we know
the weak points and where to attack.
Where to Attack?
• Now let us come to some computer stuff, say a target organization is located in New-Delhi.
Now What all information we can collect in order to gain information from the organization’s Systems?
We can know the IP Address of the websites of Organisation. ( I will cover different ways and scenarios of
finding the IP Address in later Post.)
Now if you wonder that an IP-Address might be a very wide range to scan so we try to converge our scan
range, how will we?
• Let’s scan for the Open Ports on the IP-Address which will tell us more about the System for the
Applications installed, and which of the applications we can actually attack.
• We can further look the exploitdb database for any recent vulnerability that might be unpatched. From
unpatched I remember another thing to mention, sometimes a security of some update is rolled-out for a
system that might be installed but not in effect ( just in case) because server restart might take the
websites or services down for some time (which may be very less), but the patch won’t take effect
without restart, so you can try getting the last login time or system start time because sometimes it might
help.
• Information gathering in human scenario is little aid when attacking a person, like someone’s
birthday,mobile number, his/her spouse or partner or the one they are eyeing, his birthplace, the type of
movies he watches, his favourite actors or one-liners, some important dates, the pets, his siblings, and
more of these pieces of information in combinations with one other be his password we are hunting for.
So this information is very important when targeting someone. We will also learn how to generate a
password from all the information we have or collected to form a good password using all combinations.
Tools For Information Gathering
• 1. Nmap – The Network Mapper
2- Red Hawk
 Red Hawk
• Red Hawk is an open source tool that is utilized for data gathering and certain
defenselessness checking. Red Hawk recognizes Content Management Systems (CMS)
being used of an objective web application, IP address, web server record, Cloudflare
data, and [Link] information.
•
Red Hawk can identify WordPress, Drupal, Joomla, and Magento CMS. Other checking
highlights of Red Hawk incorporate WHOIS information gathering, Geo-IP query, Banner
getting, DNS lookup, port examining, sub-area data and MX records query. Red Hawk
searches for blunder based SQL injection, WordPress delicate documents, and
WordPress variant related vulnerabilities.
•

• Recon and mapping out our objective is a key advance before we start to hack or
adventure anything. This device robotizes this by observing what our focused on hand is
running and if there are any adventures for it. Lets introduce it from our terminal and
change to its registry, and after that run it.
3-Maltego
 Maltego
• Maltego is a software[1] used for open-source intelligence and forensics,
developed by Paterva.[2] Maltego focuses on providing a library of
transforms for discovery of data from open sources, and visualizing that
information in a graph format, suitable for link analysis and data mining.
• Maltego permits creating custom entities, allowing it to represent any type
of information in addition to the basic entity types which are part of the
software. The basic focus of the application is analyzing real-world
relationships (social networks and computer network nodes) between
people, groups, Webpages, domains, networks, internet infrastructure, and
affiliations with online services such as Twitter and Facebook. Among its
data sources are DNS records, whois records, search engines, online
social networks, various APIs and various meta data.[3]
• It is used by security researchers and private investigators.[4][5]
DMIRTY-Deep Magic Information Gathering
Tool
 DMIRTY
• DMitry (Deepmagic Information Gathering Tool) is a UNIX/(GNU)Linux Command
Line Application coded in C. DMitry has the ability to gather as much information
as possible about a host. Base functionality is able to gather possible subdomains,
email addresses, uptime information, tcp port scan, whois lookups, and more.
• The following is a list of the current features:
• An Open Source Project.
• Perform an Internet Number whois lookup.
• Retrieve possible uptime data, system and server data.
• Perform a SubDomain search on a target host.
• Perform an E-Mail address search on a target host.
• Perform a TCP Portscan on the host target.
• A Modular program allowing user specified modules
Metasploit
 Metasploit
• The Metasploit Project is a computer security project that provides
information about security vulnerabilities and aids in penetration
testing and IDS signature development. It is owned by Boston,
Massachusetts-based security company Rapid7.
• Its best-known sub-project is the open-source Metasploit
Framework, a tool for developing and executing exploit code against
a remote target machine. Other important sub-projects include the
Opcode Database, shellcode archive and related research.
• The Metasploit Project includes anti-forensic and evasion tools, some
of which are built into the Metasploit Framework. Metasploit is pre-
installed in the Kali Linux operating system