In this section, we will explore diverse methodologies for acquiring information about a client, such as the Whois Lookup, Netcraft, and Robtex. Additionally, we will explore approaches for targeting servers by exploiting websites that are hosted on said server. In our information gathering segment, we will delve into subdomains, and explore their utility in executing attacks. We will conclude this section by exploring how to obtain valuable information by searching for files on the target system, and subsequently analyzing this data.
Prior to attempting any exploitation, we will conduct information gathering to acquire as much data as possible about the target’s IP address, the technology utilized on the website, domain name information, the programming language in use, the installed server type, and the database employed. We will retrieve the company’s information and its DNS records, as well as identify any hidden subdomains and files. We may employ any of the information gathering tools we previously utilized, such as Maltego, by inputting a website entity and initiating actions. Alternately, we could employ Nmap or Nexpose to evaluate the website’s infrastructure and gather any relevant information.
The following topics will be covered in this section:
- Whois Lookup
- Netcraft
- Robtex
- Website on the same server
- Information gathering form target websites
To enhance your understanding of the Information Gathering topic, we recommend visiting our website @ tutorials.freshersnow.com frequently.