According to OWASP, information gathering is a necessary step of a penetration test.
Information gathering is generally done on infrastructure and on people. In infrastructure recon, the attackers generally try to find the information about the host i.e., the mail exchanger record, name server record , shared resources, etc.,. For information gathering on people, the attackers try to gather information like email addresses, their public profiles, files publicly uploaded, etc., that can be used for performing a brute force, social engineering or Spear phishing.
What information can be found using Maltego:
With Maltego, we can find the relationships, which (people) are linked to, including their social profile, mutual friends, companies that are related to the information gathered, and websites.
If we want to gather information related to any infrastructure, we can gather relationship between domains, DNS names, and net blocks.
Architecture of Maltego:
The Maltego client sends the request to seed servers in XML format over HTTPS. The request from the seed server is given to the TAS servers which are passed on to the service providers. The request results are given back to the Maltego client. The advantage is that we can have our own TAS servers for more privacy. Currently Maltego has two types of server modules: professional and basic. The major differences between the two servers are the modules available. The professional server comes with CTAS, SQLTAS and the PTTAS and the basic server comes with CTAS
Starting Maltego:
First go to Applications–>Backtrack–>Information Gathering–>Network Analysis–>DNS Analysis–>Maltego
Once the transforms are updated, click the ‘Investigate’ tab and select the desired option from the palette. There are two main categories in the palette: Infrastructure and Personal. We can also import other entities to the palette. An example is the SHODAN entity. SHODAN is a search engine which can be used to find specific information like server, routers, switches, etc .,with the help of their banner.
Infrastructure Reconnaissance:
Maltego helps to gather a lot of information about the infrastructure. In order to start gathering information, select the desired entity from the palette. In this example, we are going to scan a domain. Select the domain option from the palette and drag the option to the workspace. Enter the target domain. Now right-click on the entity and you should be getting an window that says “Run Transform” with additional relevant options.
Run the required transform and find out information like the MX, NS and IP address. We can then use transforms like ‘IPAddressToNetblock’ to break a large netblock into smaller networks for better understanding.
Also we can find the shared domains. We can determine information like IP addresses for domains and other internal networks, the netblocks which are used by the target, etc.
Infrastructure Info gathering
Personal Reconnaissance:Maltego helps you find information about a person, like their email address, social profiles, mutual friends, various files shared on various URLs, etc. Select the desired option from the palette. Here I am going to select the option ‘Person’ and will enter the name of the person I will be trying to gather information about.
Right-click on the ‘Person’ option and select the desired transforms. First let’s find the email address related to the person and try to gather more information. With Maltego, we can find their SNS information from Facebook, Flickr, etc
Person Info Gathering
Similarly, we can find if the user has uploaded any files in pastebin or any other public URLs. Having all this information can be useful for performing a social engineering-based attack.
Download Link:(Windows)
http://www.paterva.com/web6/products/download.php
No comments:
Post a Comment