4.1 Given a Scenarior, use the appropriate tool to access Organizational Security Flashcards
Tracert/Traceroute
This shows the route taken from a computer to a remote host—for example, a website. It can show any latency traveling through a particular router. It is like traffic going into a city center; the closer the traffic is to the center, the slower it is. It shows information for a maximum of 30 hops
Nslookup/Dig
Nslookup is a diagnostic tool for verifying the IP address of a hostname in the DNS server database. We can also use the set type=MX command, which brings back the DNS details on all mail servers in the domain.
Dig is the equivalent of nslookup in a Linux/Unix environment.
Ipconfig/ifconfig
These commands show the IP configuration. The Windows version is ipconfig, but Unix/Linux can use ifconfig.
Nmap
Nmap is a free and open-source network mapper that can be used to create an inventory of all of the devices on your network and can be used for banner grabbing.
Ping/Pathping
Ping is used to test connectivity to another host.
Pathping has the functionality of both ping packets and tracert. It also calculates statistics after the trace, showing the packet loss at each router it passes through
Netstat
Netstat is a native tool that is incorporated into a Windows operating system. It used to see the established connections and the listening ports. It can also let you know what services are running a computer. If you reboot the computer, all established ports will disappear.
Netcat
Netcat, or nc, is a utility for showing network connections in a Linux/Unix environment.
IP scanners
IP scanners can scan all IP addresses in a given range. It will show IP addresses that are active and responding, those that are active but not responding, and those that are inactive. An attacker could use an inactive IP address to gain access to your network as they know it is not allocated to anyone.
Arp
Address Resolution Protocol (ARP): ARP is used to translate the IP address to a MAC address; the arp -a command shows the ARP cache. An attacker could use ARPSpoof, ARPoison, and Ettercap to poison your ARP cache. These tools could be used to create ARP broadcasts by sending unsolicited ARP replies.
Curl
This is a command-line tool used to transfer data. It can also be used in banner grabbing; this fetches remote banner information from web servers. -s is silent and -I is fetching the HTTP headers.
The Harvester
This is a passive tool that comes with Kali Linux and we can use it to harvest the email addresses of an organization.
I want to search for the email addresses of a domain called mydomain.com, with a maximum search of 500 entries, and I want to have my source for searching as the google search engine. I would run the following syntax:
theHarvester -d mydomain.com -l 500 -b google
Sniper
This is a pen test reconnaissance tool that can be used for automated tests. This tool can be used by pen testers, bug bounty researchers, and security teams. It can look for vulnerabilities in your network, open ports, it can diagnose DNS issues, has Nmap capabilities, and it can find application weaknesses.
Scanless
This is a port scanner that can be anonymous so that the scan cannot be traced back to your IP address.
Dnsenum
This tool can identify DNS records, such as MX, mail exchange servers, NS, and host A records for a domain. This way, an attacker has an idea of how large your organization is and if it is worth attacking. The internal team can also run it to see what information is available to attackers.
Nessus
This is a remote scanning tool that can highlight vulnerabilities that can be exploited by hackers.
Cuckoo
This tool creates a sandbox that can be used for analyzing files for malware inspection.