![]() ![]() As firewalls and other network devices can impede scanning, performing discovery scans from hosts on different points in the network will allow us to fill in the gaps. Once a draft topology has been created, we will perform the network discovery scan from several different hosts on the network. The network discovery scans will not check for open ports and system information. We will use tools such as nmap, zenmap and Angry IP scanner to create a Network Topology map. The initial step will involve mapping the network. ![]() In this part of the intelligence gathering exercise, we will assume that we obtained non-privileged access to the company network. Metasploit tools for social engineeringĪctive Intelligence Gathering: Intentionally deploying host scanning tools in order to gain info about systems, services.Relevant public legal, financial and business info.The following tools will be used in order to perform passive intel gathering: Summary of key legal, business and financial info.Social media graphs for identified company employees.Organisational charts for company management and departments, i.e.List of key business locations with opening hours, satellite imagery and snapshot of building security.These sources will include: the company website, office address information, satellite imagery of locations, public legal information, quarterly financial reports, company social media accounts, downloading mobile applications, social media accounts of key employees, cold calling office locations, checking DNS records, viewing previous version of the website using WayBackMachine, analyses of website document metadata and business registration information along with other sources.Īfter this intel is compiled, the following documentation will be produced: First we will gather non-technical information from publicly available sources. MethodsĪt this stage, we will assume we have no internal network access. Passive Intelligence Gathering: Relying on existing information that is avilable about the organization, systems or network. On an international scale, the company operates a global manufacturing and distribution network. In addition to their Headquarters, the company also operates branch offices in Texas, Florida and North Carolina. The company employs over 2000 full-time staff with. ![]() Target SummaryĪ leading manufacturer of construction and plumbing supplies. For developing this plan, I will refer guidelines set out in the Open Source Security Test Methodology Manual. I will create a fictional company for this example. In this excercise, I will write a brief passive and active intelligence gathering plan for an organisation. Nmap 10.0.2.4 -oA Activity 3.2: Write an Intelligence Gathering Plan In several situations you may need at output file for further anaylsis or to put into another script. It is best used if you are looking at specific hosts. We can re-run our scan and include -sV in order to determine the service versions running on the target host. It is also worth exploring some additional options with nmap. The full scan adds a section below determining the OS type of the target and additional ports were scanned. Note the difference in the results below. This will command will need to be with administrator permissions. This is just a quick scan, we can also use nmap to scan ALL open ports and determine the operationg system. Performing a simple port scan is… quite simple. The IP addresses of the two VMs are as follows: ![]() I will record the results and use the scan to determine the operating system’s version. In this lab I will use my Kali Linux VM to perform a port scan on my intentionally vulnerable Metasploitable VM. ![]()
0 Comments
Leave a Reply. |