EPTHey guys, this is the second part of my blog, I got great feedback and ratings on my last blog so I am making a series. This series will consist of In depth tutorials within the blog on how I go about pen testing, we will start with the first step which is Information gathering. This blog will be about the beginning steps of Information Gathering, so lets get started.
Information Gathering: Pre Steps And Basic Commands
When you first start Pen-Testing you will be confused, with all of the commands and terminal screens floating text, people talking exploits and SQL Injection it is just to much. There are a Few Great Books to read to comprehend and understand everything (I recommend reading these books while reading my blogs/tutorials), I pulled a lot of the knowledge i have now from books like these.
Books:
- Ninja Hacking Link:http://www.amazon.com/Ninja-Hacking-Unconventional-Penetration-Techniques/dp/1597495883/ref=sr_1_1?s=books&ie=UTF8&qid=1362077854&sr=1-1&keywords=ninja hacking
- Metasploit: The Penetration Testers Guide Link:http://www.amazon.com/Metasploit-The-Penetration-Testers-Guide/dp/159327288X/ref=pd_sim_b_4
- SQL Injection: Attacks And Defense 2nd Edition Link: http://www.amazon.com/SQL-Injection-Attacks-Defense-Second/dp/1597499633
There are more books, but we will start there for now and go into others as we cover more topics, Now onto the Course.
First Steps
Information Gathering is one of if not the most important stage of the entire attack, it provides information that can actually be scary and throughout this course I recommend you try the commands we use on your personal machines and websites (if you have one) to see the results and the reason we tell you to not post your information everywhere you go.
BackTrack 5R3: Throughout this tutorial we will be using backtrack, I will not explain where to get backtrack as it is a broadly covered topic if you just search google. But if you are running a windows PC you will need Vmware player, this will act as a virtual machine on your OS (Operating System) and allow you to run BackTrack without having to actual install it onto your drive. To install back track onto this virtual machine search for a guide on google, it is very very easy.
What Is BackTrack?
If you had this question in your head while you were reading the last paragraph I am here to help. BackTrack is a version of linux that is used by network analyzers and Pen-Testers such as myself, it gives a broad range of tools about 80% of which we will never use within the tutorials. But it comes pre loaded with tools that we will use and is nice to look at and use, that is why we will be using it.
Whois Command
- When you are in backtrack 5R3 go to the top of your screen and you will see a terminal interface (Refer to Image 1)
![[image loading]](http://2.bp.blogspot.com/-gpeWCz2hFjc/UGfvLF-jZpI/AAAAAAAAAKM/-9MxYZQh9R4/s1600/bt_terminal.jpg)
-When you see the window open you are ready to go, now within the Terminal Type Whois www.(any website of yourchoice)
- You will see a bunch off lines start coming through and now you have done the first part of information Gathering. If you were testing a company you would use their website. Basically the whois command will give you all the information on the server there are using, this is very important because when you are testing a company you need to make sure you are testing only that company... you do not want to take out someone tied to them in some way such as there webhost or something like that, There is a very useful site to be used to find the IP Adress of a website and once we have that IP we can do a Whois against that IP. Here is the site you can use to find the IP of the IP of the targeted site: http://get-site-ip.com/
The Ip of the site can be used to find a lot of things but for now, we will be moving on and we will go into the specific coding in a different tutorial.
Port Searches:
Port searching is very important within pen-testing, it will allow you to figure out what is being run on different ports connected to the server. This is useful so you do not trip a port and get locked out of the system for good or for a period of time, disabling you from doing the job.
Google Hacking:
Google hacking is one of the best ways to find information on a target, you can use "Dorks" to find vulnerabilities in a website and places to attack. We will be going more over this in the next tutorial showing dorks that give a lot of "hope" in finding a vulnerability, but you have to adapt dorks to the website.
Alright guys, so that is the basics of information gathers, there are a lot more steps and we will cover those in the next tutorial which will be out within 2-3 days of this one, I received a lot of questions regarding how to get into the field so I will go over that now.
Getting Into The Field:
Alright so there are a few things you should know before going into a field such as this, most of the people that work in it and are successful were black hat (criminal) at a point in time, including myself. To get started study all of the languages you can, java, SQL Injection, Python, C++, C#, Database languages, etc...
I did not go to college or get any official training, I learned purely off of books and people around me. But computer science and programming degrees are always a good thing to have to get into the industry if you do not have some "Rep" or "Street Cred".
That is all for this blog/tutorial guys, there will be one featuring the code out soon.
Please Like this if you Liked it and leave feedback or questions for me and I will get to it as quick as possible.
Poll: Like This Blog/Tutorial
Like (14)
93%
Disklike (1)
7%
15 total votes
Disklike (1)
15 total votes
Your vote: Like This Blog/Tutorial
