By using passive and indirect information gathering, you can discover information about targets without touching their systems. For example, you can use these techniques to identify network boundaries, identify the network maintainers, and even learn what operating system and web server software is in use on the target network.
whois Lookups:
Let’s begin by using whois lookup to find the names of secmaniac.net’s domain servers.
Machine A root@kali# whois secmaniac.net
Netcraft:
Netcraft (http://searchdns.netcraft.com/) is a web-based tool that we can use to find the IP address of a server hosting a particular website.
NSLookup:
To get additional server information, we’ll use Back|Track to leverage nslookup , a tool built into most operating systems, to find information about yahoo.com
Machine A root@kali# nslookup yahoo.com
whois Lookups:
Let’s begin by using whois lookup to find the names of secmaniac.net’s domain servers.
Machine A root@kali# whois secmaniac.net
Netcraft:
Netcraft (http://searchdns.netcraft.com/) is a web-based tool that we can use to find the IP address of a server hosting a particular website.
NSLookup:
To get additional server information, we’ll use Back|Track to leverage nslookup , a tool built into most operating systems, to find information about yahoo.com
Machine A root@kali# nslookup yahoo.com
No comments:
Post a Comment