DISCLAIMER:
Any information that is used in this document is to outline how easy information about your network can be found, this information should not be used to exploit any host without the permission of the administrator and relevant people/organisations.
Introduction:
This document is very brief, it will not go into detail nor will it discuss how to install and configure the relevant tools to gather such information, this is why companies and outstanding individuals on the internet spead their own time, resources and money to produce such materials for you.
Example:
In this document we will use google. Google is one of the most valuable tools on the internet to gather information, also google is well known by all and a 'quick load' site.
Tools that will be used:
samspade
www.samspade.org
netcraft
www.netcraft.com
google
www.google.com
SamSpade
Whois: gathers valuable registration information about the domain, nameservers, registrant name, address, agents and much more.
06/26/04 20:36:44 whois google.co.uk
.uk is a domain of United Kingdom
(international dialing code 44)
Searches for .uk can be run at
http://www.britain.eu.net/naming-co/whois-form.html
whois -h whois.nic.uk google.co.uk ...
Domain Name:
google.co.uk
Registrant:
Google Inc
Registrant's Address:
2400 Bayshore Parkway
Mountain View
94043
CA
Registrant's Agent:
Alldomains.com, Inc. t/a Alldomains.com/NetCorps [Tag = ALLDOMAINS]
URL:
http://www.alldomains.com
Relevant Dates:
Registered on: 14-Feb-1999
Renewal Date: 14-Feb-2005
Last updated: 18-Oct-2002
Registration Status:
Registered until renewal date.
Name servers listed in order:
ns.google.com 216.239.32.10
ns2.google.com 216.239.34.10
WHOIS database last updated at 20:35:00 26-Jun-2004
--
(c) Nominet UK 1996 - 2004
For further information and terms of use please see
http://www.nic.uk/whois
Nominet reserves the right to withhold access to this service at any time.
Ping
Ping allows use to send a number of packets to the address and see its alive, the ping event will also display how long a round trip event took
06/26/04 20:38:38 ping google.co.uk
Ping google.co.uk (216.239.57.104) ...
1 Addr:216.239.57.104, RTT: 149ms, TTL: 236
2 Addr:216.239.57.104, RTT: 148ms, TTL: 236
3 Addr:216.239.57.104, RTT: 148ms, TTL: 236
4 Addr:216.239.57.104, RTT: 148ms, TTL: 236
5 Addr:216.239.57.104, RTT: 148ms, TTL: 236
6 Addr:216.239.57.104, RTT: 148ms, TTL: 236
7 Addr:216.239.57.104, RTT: 148ms, TTL: 236
8 Addr:216.239.57.104, RTT: 148ms, TTL: 236
9 Addr:216.239.57.104, RTT: 148ms, TTL: 236
10 Addr:216.239.57.104, RTT: 148ms, TTL: 236
DNS
The DNS tool in samspade allows use to gather details on the DNS servers for the network
06/26/04 20:40:08 dns google.co.uk
Canonical name: google.co.uk
Addresses:
216.239.57.104
216.239.59.104
216.239.39.104
IP Block
The IP Block tool allows user to discover the IP block thats owned by google. A scanner could be used for that block to check for open ports, operating system information, service information etc.
Trace Tool
The traceroute tool will allow you to trace the location of the machine by going through all hops.
For the purpose of this document I have not included the output as this will disclose my ip information
NETCRAFT
Netcraft.com is a tool that can tell us what operating system and http server is running for a domain. It will also tell us the last time a change was made, IP addresses and the netblock owner
More information can be found on by going to:
http://uptime.netcraft.com/up/graph?...w.google.co.uk
GOOGLE:
By using google you can search for specific information about a company, you could even search the companies site for more information using the following:
site:
www.google.co.uk password
This will search google.co.uk for all pages with password on, a index of these will be displayed once found.
Click here for more information:
http://www.google.co.uk/search?hl=en...password&meta=
