Information Gathering

Question 1

Reconnaissance for Information Leakage

Answer 1

Use Google Hacking Database

Search Operators

- Site:
- Inurl:
- Intitle:
- Intext: or inbody:
- Filetype:
- Cache:

Question 2

Fingerprint Web Server

Answer 2

Identifying the type and version of a web server

Banner Grabbing

Tools

- Telnet
- Openssl
- Netcraft
- Nikto
- Nmap (or Zenmap)

Question 3

Banner Grabbing

Answer 3

A technique used to gain information about a computer system on a network and the services running on its ports.

Administrators can use this to take inventory of the systems and services on their network.

Tools:

- Telnet
- nmap
- Netcat

Question 4

Enumerate Applications on a Webserver

Answer 4

Web application discovery is a process aimed at identifying web applications on a given IP address.

There are three factors influencing how many applications are related to a given DNS name (or an IP address):

	- Different Base URL
		○ Google hacking (site:)
	- Non-standard Ports
		○ nmap
		○ telnet
	- Virtual Hosts
		○ Reverse-IP Services

Question 5

Net Block

Answer 5

A range of consecutive IP addresses,

for instance: 196.25.0.0-196.25.255.255.

Question 6

Identify Application Entry Points

Answer 6

As you walk through an application, you should pay attention to all HTTP requests as well as every parameter and form field that is passed to the application.

You should use an intercepting proxy:

- ZAP
- Burp Suite
- Fiddler

Use the “OWASP Attack Surface Detector”