1 00:00:00,980 --> 00:00:07,430 Introduction to information gathering, information gathering is the first and one of the most important 2 00:00:07,430 --> 00:00:09,500 activities in penetration testing. 3 00:00:09,740 --> 00:00:15,890 This step is carried out in order to find out as much information as possible about how to get machine. 4 00:00:16,430 --> 00:00:22,880 The more information we have, the better our chances will be for exploiting the target. 5 00:00:23,740 --> 00:00:30,700 During the information gathering phase, our main focus is to collect facts about the target machines, 6 00:00:30,700 --> 00:00:34,900 such as the IP address, available services and open ports. 7 00:00:35,140 --> 00:00:40,960 This information plays a vital role in the process of penetration testing to achieve this goal. 8 00:00:41,140 --> 00:00:47,560 We will be and will be learning certain scanning techniques such as SMB scanning, SSL server scanning. 9 00:00:48,010 --> 00:00:56,290 FTP scanning is an enumeration, how it be scanning, and we are scanning the brute forcing by end of 10 00:00:56,290 --> 00:00:59,350 this course, actually in the middle of this course, of course. 11 00:00:59,770 --> 00:01:07,600 So information gathering footprinting and enumeration are terms that are used often used interchangeably, 12 00:01:07,900 --> 00:01:09,450 but they are still different. 13 00:01:09,460 --> 00:01:15,580 According to the Sun, standard footprinting is the ability to obtain essential information about an 14 00:01:15,580 --> 00:01:21,490 organization, so this information includes the technologies that are being used, such as internet, 15 00:01:21,490 --> 00:01:24,520 intranet, remote access and extra on it. 16 00:01:25,000 --> 00:01:30,250 In addition to the technologies, the security policies and procedures must be explored. 17 00:01:31,210 --> 00:01:37,690 So scanning consists of six steps in mapping out whether a network is performing and automating ping 18 00:01:37,690 --> 00:01:44,200 sweeper on the range of IP addresses and network blocks to determine if individual systems are alive. 19 00:01:45,250 --> 00:01:50,930 So integration involves active connections to a system and directed queries. 20 00:01:50,950 --> 00:01:57,310 So this is the type of information enumerated by hackers can be loosely grouped into categories such 21 00:01:57,310 --> 00:02:05,200 as network resources and shares, users and groups, applications and banners and network blocks. 22 00:02:05,950 --> 00:02:11,680 There are basically three types of techniques used in information gathering. 23 00:02:12,220 --> 00:02:15,700 So first is passive information gathering. 24 00:02:16,510 --> 00:02:23,470 This technique is used to gain information about the target without having any physical connectivity 25 00:02:23,650 --> 00:02:25,060 or access to it. 26 00:02:25,660 --> 00:02:33,310 So this means that we use other resources to gain information about a target, such as by using the 27 00:02:33,310 --> 00:02:37,690 WHO is query server, look up and so on. 28 00:02:38,720 --> 00:02:45,710 Suppose our target is an online application, but then a simple who is up can provide us with a lot 29 00:02:45,710 --> 00:02:51,230 of information about the web application, such as its IP address, its domains and subdomains. 30 00:02:51,950 --> 00:02:55,730 Uh, actually the location of server, of course, the hosting server and so on. 31 00:02:56,300 --> 00:03:03,770 So the this information can be very useful during penetration testing as it can widen our track of exploiting 32 00:03:03,770 --> 00:03:04,340 the target. 33 00:03:05,430 --> 00:03:09,960 And then secondly, we have active information gathering. 34 00:03:10,380 --> 00:03:17,400 So in this technique, a logical connection is to set up with the target in order to gain information. 35 00:03:17,790 --> 00:03:24,660 So this technique provides us with the next level of information which can directly supplement our understanding 36 00:03:24,660 --> 00:03:27,030 of the target security in port scanning. 37 00:03:27,030 --> 00:03:33,410 The target is the most widely used active scanning technique in which we focus on the open ports and 38 00:03:33,420 --> 00:03:35,640 available services running on a target. 39 00:03:36,120 --> 00:03:42,120 And lastly, we have social engineering, so this type of information gathering is similar to passive 40 00:03:42,120 --> 00:03:45,660 information gathering, but relies on Monero. 41 00:03:46,470 --> 00:03:53,130 So and the information leaked out in the form of printouts, telephone conversations, incorrect email 42 00:03:53,130 --> 00:03:54,180 ideas and so on. 43 00:03:54,630 --> 00:04:01,110 So the techniques for utilizing this method are numerous, and the ethos of information gathering is 44 00:04:01,110 --> 00:04:05,140 very different and social engineering is a category in itself. 45 00:04:05,160 --> 00:04:12,030 For example, hackers who use their domain names that sound similar with the spelling mistakes and set 46 00:04:12,030 --> 00:04:14,970 up a mail server to receive such a run or some emails. 47 00:04:15,750 --> 00:04:19,440 Such domains are known as doppelganger domains. 48 00:04:19,680 --> 00:04:22,650 This is the evil twin here. 49 00:04:23,340 --> 00:04:30,600 So the victims of social engineering are tricked into releasing desired information that they do not 50 00:04:30,600 --> 00:04:34,140 realize will be used to attack an enterprise network. 51 00:04:34,650 --> 00:04:40,770 For example, an employee in an intrepid enterprise company may be tricked into revealing an employee 52 00:04:40,770 --> 00:04:45,570 ID number to someone who's pretending to be someone he she trusts. 53 00:04:46,890 --> 00:04:52,770 While the employee number may not seem valuable to the employee, which makes it easier for him to reveal 54 00:04:52,770 --> 00:04:54,420 this information in the first place. 55 00:04:54,840 --> 00:05:01,260 So the social engineer and the social engineer can use that employee number in conjunction with the 56 00:05:01,260 --> 00:05:06,270 other information that has been gathered to get closer to finding your way into enterprise network.