Footprirvting a Target Network
Footprinting refers to uncovering and collecting as much information as possible regarding a target netn ork
Lab Scenario
Penetration testing is much more than just running exploits against vulnerable systems like we learned about 111 the previous module. 111 fact, a penetration test begins before penetration testers have even made contact with the victim’s systems. Rather than blindly throwing out exploits and praying that one of them returns a shell, a penetration tester meticulously studies the environment for potential weaknesses and their mitigating factors. By the time a penetration tester runs an exploit, he or she is nearly certain that it will be successful. Since failed exploits can 111 some cases cause a crash or even damage to a victim system, or at the very least make the victim un-exploitable 111 the tumre, penetration testers won't get the best results, or deliver the most thorough report to then־ clients, if they blindly turn an automated exploit machine on the
victim network with no preparation.
Lab Objectives
The objective of the lab is to extract information concerning the target organization that includes, but is not limited to:
■ IP address range associated with the target
■ Purpose of organization and why does it exists
■ How big is the organization? What class is its assigned IP Block?
■ Does the organization freely provide information on the type of operating systems employed and network topology 111 use?
■ Type of firewall implemented, either hardware or software or combination of both
■ Does the organization allow wireless devices to connect to wired networks?
■ Type of remote access used, either SSH or \T N
■ Is help sought on IT positions that give information on network services provided by the organization?
■ IdentitV organization’s users who can disclose their personal information that can be used for social engineering and assume such possible usernames
Lab Environment
Tins lab requires:
■ Windows Server 2012 as host machine
■ A web browser with an Internet connection
■ Administrative privileges to 11111 tools
Không có nhận xét nào:
Đăng nhận xét