Step 2: Information Gathering

This might be the most fun part I have learnt so far in beginning hacking activity. In this step, it is more like doing data mining on a particular target. The data we can mine will cover the DNS of the website's sub domain, the server type, email address, etc. Consider that our target is a particular website for example: binus (dot) edu.

The basic requirement you need to have to gathering information is having your Virtual machine ready and install Backtrack, mine is Backtrack 5. Here is what its looks like:

As you can see, there are plenty tools you can use for each step of doing penetration testing. But be patient, we are still learning on the Information Gathering, and let us be structured, shall we?

I will be more focus on using one tool for gathering a website's information, it is called Maltego. Maltego is basically a forensic application. It offer you to mining and gathering information as well as the representation of this information in an easy to understand format since it is using GUI. Especially for us, beginners.

1. Choosing Maltego application
After you choose Network Analysis menu from the previous screen shot, choose DNS Analysis menu on the next menu, then choose Maltego on the bottom of the menu. You must first register in order of using this tools, so make sure that your Virtual Machine is connected to the internet. After the registration is completed, you will now be to play with maltego and it will appear just like this.


2. Determining the target website.
Drag and Drop "DNS Name" from the Infrastructure Palette to the Graph. Double Click the icon, and it will appear a pop up to enter the target website. It will looks like this.


3. Run Transformation
In this step, you will transform a DNS name to Domain, to IP address, or to Website by right clicking the icon and choose Run Transform -> All Transform. The result of each option will be looks like this.


4. Finding Subdomain
You don't really need to use all of the option available to do this.
Now you can get the list of available subdomains in binus (dot) edu. You can also find the mail server domain by right-clicking the Domain of binus(dot)edu, and choose All Transform -> To DNS Name [Find Commons DNS Names]. And it will appear just like this.


5. Finding Email of respective website
You can find any email address available in this domain. This time, I'm using transformation To Email Address [using Search Engine]. And the result will be like this.


Since now you can have the email address available on that domain, now you can even find the person who owns or manage the account. You can find it using the To Person option on the mail icon, and you can even find out whether they have subscribe on filckr or even myspace. You can even find out their telephone number if they have unaware to ever post it down to the Internet and let the search engine from this tool do the work.

IMPORTANT!
You should be aware as an Ethical Hacker this activity is only used for gathering information towards the target so that we can fix the format, or anything that will prevent this tools to finds such information any more of the respective website. You may not do this for stalker purpose, getting on their telephone number and text them "hey, I know who you are and I'm standing outside your door". Kindly bear in mind, that this is closely related with privacy issues. I hope you can do this activity in ethical way.

So fun to share things I just have learnt!

Step 1: Target Scoping

Step 1: Target Scoping
These are most likely the step when we first want to scop our target.
1. Gathering Client Requirements
Gathering client requirements provide a practical guideline on what information should be gathered from a client or customer in order to conduct the penetration testing successfully. Covering the data on types of penetration testing, infrastructure information, organization profile, budget outlook, time allocation, and the type of deliverables are some of the most important areas that should be cleared at this stage.

2. Preparing Test Plan
Preparing a test plan combines structured testing process, resource allocation, cost analysis, non-disclosure agreement, penetration testing contract, and rules of engagement. All these branches constitute a step-by-step process to prepare a formal test plan which should reflect the actual client requirements, legal and commercial prospects, resource and cost data, and the rules of engagement. Additionally, we have also provided an exemplary type of checklist which can
be used to ensure the integrity of a test plan.

3. Profiling Test Boundaries
Profiling test boundaries provides a guideline on what type of limitations and restrictions may occur while justifying the client requirements. These can be in the form of technology limitation, knowledge limitation, or other infrastructure restrictions posed by the client to control the process of penetration testing. These test boundaries can clearly be identified from the client requirements. There are certain procedures which can be followed to overcome these limitations.

4. Defining Business Objectives
Defining business objectives focus on key benefits that a client may get from the penetration testing service. This section provides a set of general objectives that is structured according to the assessment criteria and the industry achievement.

5. Project Management and Scheduling
Project management and scheduling is a vital part of a scope process. Once all the requirements have been gathered and aligned according to the test plan, it's time to allocate proper resources and timescale for each identified task.

The purpose of target scoping itself is to specify our target so that we can focus only on a particular target.

Steps to be an Ethical Hacker

Let us begin with some definition.

Hackers: a person who access computer system or network without authorization

Knowing this statement will directly told us that it has against some one's privacy of doing so. That is why there are many people called Script Kiddies or packet monkeys, which means inexperienced hackers, doing hacking activity without realising the rules available for cyber activity. However, hacking activity is sometimes necessary for security test purpose. Therefore, there is a term called Ethical Hackers, which means that they are employed by companies to perform penetration test or any hacking activity with the owner's permission. There are also steps to be an ethical hacker.

Steps:
1. Target Scoping
2. Information Gathering
3. Target Discovery
4. Enumerating Target
5. Vulnerability Mapping
6. Social Engineering
7. Target Exploitation
8. Privilage Escalation
9. Maintaining Access
10. Documenting and Reporting

Being ethical hacker is important to keep us in the green zone, by means here is to be able doing hacking activity by still abiding the rule applied in a particular hacking. So you can still doing your hobby without hurting some one's property or privacy.

Each and every step will be discussed more detail on the next blog I will create. Of course, with more interesting tools to be used.