• Log InLog In
  • Register
Liquid`
Team Liquid Liquipedia
EDT 11:50
CEST 17:50
KST 00:50
  • Home
  • Forum
  • Calendar
  • Streams
  • Liquipedia
  • Features
  • Store
  • EPT
  • TL+
  • StarCraft 2
  • Brood War
  • Smash
  • Heroes
  • Counter-Strike
  • Overwatch
  • Liquibet
  • Fantasy StarCraft
  • TLPD
  • StarCraft 2
  • Brood War
  • Blogs
Forum Sidebar
Events/Features
News
Featured News
Team TLMC #5 - Finalists & Open Tournaments0[ASL20] Ro16 Preview Pt2: Turbulence10Classic Games #3: Rogue vs Serral at BlizzCon9[ASL20] Ro16 Preview Pt1: Ascent10Maestros of the Game: Week 1/Play-in Preview12
Community News
BSL 2025 Warsaw LAN + Legends Showmatch0Weekly Cups (Sept 8-14): herO & MaxPax split cups4WardiTV TL Team Map Contest #5 Tournaments1SC4ALL $6,000 Open LAN in Philadelphia8Weekly Cups (Sept 1-7): MaxPax rebounds & Clem saga continues29
StarCraft 2
General
#1: Maru - Greatest Players of All Time Weekly Cups (Sept 8-14): herO & MaxPax split cups Team Liquid Map Contest #21 - Presented by Monster Energy SpeCial on The Tasteless Podcast Team TLMC #5 - Finalists & Open Tournaments
Tourneys
RSL: Revival, a new crowdfunded tournament series Maestros of The Game—$20k event w/ live finals in Paris Sparkling Tuna Cup - Weekly Open Tournament SC4ALL $6,000 Open LAN in Philadelphia WardiTV TL Team Map Contest #5 Tournaments
Strategy
Custom Maps
External Content
Mutation # 491 Night Drive Mutation # 490 Masters of Midnight Mutation # 489 Bannable Offense Mutation # 488 What Goes Around
Brood War
General
Soulkey on ASL S20 BW General Discussion ASL20 General Discussion ASL TICKET LIVE help! :D NaDa's Body
Tourneys
[ASL20] Ro16 Group D [Megathread] Daily Proleagues [ASL20] Ro16 Group C BSL 2025 Warsaw LAN + Legends Showmatch
Strategy
Simple Questions, Simple Answers Muta micro map competition Fighting Spirit mining rates [G] Mineral Boosting
Other Games
General Games
Stormgate/Frost Giant Megathread Borderlands 3 Path of Exile Nintendo Switch Thread General RTS Discussion Thread
Dota 2
Official 'what is Dota anymore' discussion LiquidDota to reintegrate into TL.net
League of Legends
Heroes of the Storm
Simple Questions, Simple Answers Heroes of the Storm 2.0
Hearthstone
Heroes of StarCraft mini-set
TL Mafia
TL Mafia Community Thread
Community
General
US Politics Mega-thread Things Aren’t Peaceful in Palestine UK Politics Mega-thread Canadian Politics Mega-thread Russo-Ukrainian War Thread
Fan Clubs
The Happy Fan Club!
Media & Entertainment
Movie Discussion! [Manga] One Piece Anime Discussion Thread
Sports
2024 - 2026 Football Thread Formula 1 Discussion MLB/Baseball 2023
World Cup 2022
Tech Support
Linksys AE2500 USB WIFI keeps disconnecting Computer Build, Upgrade & Buying Resource Thread High temperatures on bridge(s)
TL Community
BarCraft in Tokyo Japan for ASL Season5 Final The Automated Ban List
Blogs
i'm really bored guys
Peanutsc
I <=> 9
KrillinFromwales
The Personality of a Spender…
TrAiDoS
A very expensive lesson on ma…
Garnet
hello world
radishsoup
Lemme tell you a thing o…
JoinTheRain
RTS Design in Hypercoven
a11
Customize Sidebar...

Website Feedback

Closed Threads



Active: 1847 users

CyberSecurity: Part 1 Information gathering

Blogs > sc2effort
Post a Reply
sc2effort
Profile Blog Joined June 2011
Russian Federation269 Posts
March 01 2013 17:40 GMT
#1
Introduction:

Hey guys, this is the second part of my blog, I got great feedback and ratings on my last blog so I am making a series. This series will consist of In depth tutorials within the blog on how I go about pen testing, we will start with the first step which is Information gathering. This blog will be about the beginning steps of Information Gathering, so lets get started.


Information Gathering: Pre Steps And Basic Commands

When you first start Pen-Testing you will be confused, with all of the commands and terminal screens floating text, people talking exploits and SQL Injection it is just to much. There are a Few Great Books to read to comprehend and understand everything (I recommend reading these books while reading my blogs/tutorials), I pulled a lot of the knowledge i have now from books like these.

Books:

- Ninja Hacking Link:http://www.amazon.com/Ninja-Hacking-Unconventional-Penetration-Techniques/dp/1597495883/ref=sr_1_1?s=books&ie=UTF8&qid=1362077854&sr=1-1&keywords=ninja hacking

- Metasploit: The Penetration Testers Guide Link:http://www.amazon.com/Metasploit-The-Penetration-Testers-Guide/dp/159327288X/ref=pd_sim_b_4

- SQL Injection: Attacks And Defense 2nd Edition Link: http://www.amazon.com/SQL-Injection-Attacks-Defense-Second/dp/1597499633

There are more books, but we will start there for now and go into others as we cover more topics, Now onto the Course.

First Steps

Information Gathering is one of if not the most important stage of the entire attack, it provides information that can actually be scary and throughout this course I recommend you try the commands we use on your personal machines and websites (if you have one) to see the results and the reason we tell you to not post your information everywhere you go.

BackTrack 5R3: Throughout this tutorial we will be using backtrack, I will not explain where to get backtrack as it is a broadly covered topic if you just search google. But if you are running a windows PC you will need Vmware player, this will act as a virtual machine on your OS (Operating System) and allow you to run BackTrack without having to actual install it onto your drive. To install back track onto this virtual machine search for a guide on google, it is very very easy.

What Is BackTrack?

If you had this question in your head while you were reading the last paragraph I am here to help. BackTrack is a version of linux that is used by network analyzers and Pen-Testers such as myself, it gives a broad range of tools about 80% of which we will never use within the tutorials. But it comes pre loaded with tools that we will use and is nice to look at and use, that is why we will be using it.

Whois Command

- When you are in backtrack 5R3 go to the top of your screen and you will see a terminal interface (Refer to Image 1)

[image loading]

-When you see the window open you are ready to go, now within the Terminal Type Whois www.(any website of yourchoice)

- You will see a bunch off lines start coming through and now you have done the first part of information Gathering. If you were testing a company you would use their website. Basically the whois command will give you all the information on the server there are using, this is very important because when you are testing a company you need to make sure you are testing only that company... you do not want to take out someone tied to them in some way such as there webhost or something like that, There is a very useful site to be used to find the IP Adress of a website and once we have that IP we can do a Whois against that IP. Here is the site you can use to find the IP of the IP of the targeted site: http://get-site-ip.com/

The Ip of the site can be used to find a lot of things but for now, we will be moving on and we will go into the specific coding in a different tutorial.

Port Searches:

Port searching is very important within pen-testing, it will allow you to figure out what is being run on different ports connected to the server. This is useful so you do not trip a port and get locked out of the system for good or for a period of time, disabling you from doing the job.

Google Hacking:

Google hacking is one of the best ways to find information on a target, you can use "Dorks" to find vulnerabilities in a website and places to attack. We will be going more over this in the next tutorial showing dorks that give a lot of "hope" in finding a vulnerability, but you have to adapt dorks to the website.

Alright guys, so that is the basics of information gathers, there are a lot more steps and we will cover those in the next tutorial which will be out within 2-3 days of this one, I received a lot of questions regarding how to get into the field so I will go over that now.

Getting Into The Field:

Alright so there are a few things you should know before going into a field such as this, most of the people that work in it and are successful were black hat (criminal) at a point in time, including myself. To get started study all of the languages you can, java, SQL Injection, Python, C++, C#, Database languages, etc...

I did not go to college or get any official training, I learned purely off of books and people around me. But computer science and programming degrees are always a good thing to have to get into the industry if you do not have some "Rep" or "Street Cred".

That is all for this blog/tutorial guys, there will be one featuring the code out soon.
Please Like this if you Liked it and leave feedback or questions for me and I will get to it as quick as possible.

Poll: Like This Blog/Tutorial

Like (14)
 
93%

Disklike (1)
 
7%

15 total votes

Your vote: Like This Blog/Tutorial

(Vote): Like
(Vote): Disklike





****
5 time GM zerg Currently top masters
Al Bundy
Profile Joined April 2010
7257 Posts
March 01 2013 18:13 GMT
#2
Very interesting stuff right there. I'm a total newbie when it comes to that science but for some reason I find it quite intriguing. Thanks for sharing, looking forward to read more.
o choro é livre
sc2effort
Profile Blog Joined June 2011
Russian Federation269 Posts
March 01 2013 18:41 GMT
#3
Thanks! Yea it is a very interesting field. If you have any questions in the future shoot them at me
5 time GM zerg Currently top masters
FromShouri
Profile Blog Joined April 2012
United States862 Posts
Last Edited: 2013-03-01 21:12:17
March 01 2013 21:11 GMT
#4
Simpler way to find IP is to just open windows command prompt and ping the website. Here is a test for google.

"Pinging www.google.com [74.125.227.20] with 32 bytes of data:"

Now if you type 74.125.227.20 into the URL area of any browser it will take you to google.com

Granted like you said if there were multiple web servers you would get multiple results, but on smaller web sites it'll work fine.
Limited Edition, lets do some simple addition, $50 for a T-Shirt is just some ignorant bitch shit.
Ilikestarcraft
Profile Blog Joined November 2004
Korea (South)17727 Posts
March 01 2013 21:14 GMT
#5
Keep it up. Looking forward to next one.
"Nana is a goddess. Or at very least, Nana is my goddess." - KazeHydra
sc2effort
Profile Blog Joined June 2011
Russian Federation269 Posts
March 01 2013 21:42 GMT
#6
@fromshori

pinging the website is one way to do it... but what we are really looking for is the dns, I should have explained that better int the guide. You need the IP to the server not the ip to the website. Im going to go back and fix that. But like I said, information with all of the coding will be on the next blog.
5 time GM zerg Currently top masters
KurtistheTurtle
Profile Blog Joined December 2008
United States1966 Posts
March 01 2013 21:51 GMT
#7
I'm learning all kinds of coding languages right now in an attempt to enter the industry. This is actually one facet of it I didn't know about, but it really intrigues me...I've always had being able to bypass a login to enter a members-only area site as a nerdy goal of mine. But that's nefarious as it gets, promise!

I made a folder in my bookmark toolbar to check in on the series every day.
“Reject your sense of injury and the injury itself disappears."
FromShouri
Profile Blog Joined April 2012
United States862 Posts
March 01 2013 22:22 GMT
#8
On March 02 2013 06:42 sc2effort wrote:
@fromshori

pinging the website is one way to do it... but what we are really looking for is the dns, I should have explained that better int the guide. You need the IP to the server not the ip to the website. Im going to go back and fix that. But like I said, information with all of the coding will be on the next blog.


guess it depends if you want to mess their servers or their dns up
Limited Edition, lets do some simple addition, $50 for a T-Shirt is just some ignorant bitch shit.
ilovekimchi
Profile Joined February 2013
United States18 Posts
March 01 2013 22:43 GMT
#9
Do most people get into this industry with a degree? It seems like you would need one. How hard is it to get in without one?
sc2effort
Profile Blog Joined June 2011
Russian Federation269 Posts
March 02 2013 00:00 GMT
#10
No most do not, I dont have a degree and if you have the right rep within the community it isint too hard. Granted a degree would help, but you can get in just by knowing your stuff and being a social person as well as the "hacker" haha
5 time GM zerg Currently top masters
GoTuNk!
Profile Blog Joined September 2006
Chile4591 Posts
Last Edited: 2013-03-02 02:30:07
March 02 2013 02:27 GMT
#11
Hey, tbh I didn't understand much, but would like to know if you can help me with smth. I missclicked an email with a virus (there is a USP package for you bla bla) and I'm wondering if there is an alternative fix rather than formatting. It makes internet browsing slow (with lag) and attach the troll file to my emails. Already tried ad-aware and spybot SD and didn't work :'(
catplanetcatplanet
Profile Blog Joined March 2012
3830 Posts
March 02 2013 02:53 GMT
#12
On March 02 2013 06:11 FromShouri wrote:
Simpler way to find IP is to just open windows command prompt and ping the website. Here is a test for google.

"Pinging www.google.com [74.125.227.20] with 32 bytes of data:"

Now if you type 74.125.227.20 into the URL area of any browser it will take you to google.com

Granted like you said if there were multiple web servers you would get multiple results, but on smaller web sites it'll work fine.

Can't ping bing, btw. microsoft y u block stuff
I think it's finally time to admit it might not be the year of Pet
TheQuiff
Profile Blog Joined August 2012
Scotland91 Posts
March 02 2013 13:02 GMT
#13
This is brilliant and have taken a great deal on interest so for past week been studying coding atm just to have understand of codes. If i ever come across but been told learning Java isnt important so soon will carry on to study SQL and have all ready received those 3 books and about the real SQL injection.

Thanks SC2Effort
I'm Scottish, I'm not that scary
sc2effort
Profile Blog Joined June 2011
Russian Federation269 Posts
March 02 2013 15:40 GMT
#14
No probelm, glad you are interested.. I am, working on the next blog already, there will be more coding in it.
5 time GM zerg Currently top masters
3772
Profile Joined May 2010
Czech Republic434 Posts
March 03 2013 15:03 GMT
#15
A bit too short and general. The one before was a bit deeper, longer, but not too long.
sc2effort
Profile Blog Joined June 2011
Russian Federation269 Posts
March 04 2013 01:28 GMT
#16
alright ill take that into consideration thanks!
5 time GM zerg Currently top masters
Please log in or register to reply.
Live Events Refresh
Next event in 18h 10m
[ Submit Event ]
Live Streams
Refresh
StarCraft 2
SpeCial 128
mcanning 115
ProTech83
JuggernautJason42
Codebar 1
StarCraft: Brood War
Britney 36603
Horang2 3262
Bisu 3005
EffOrt 1187
Mini 494
ZerO 439
Hyuk 428
Light 402
actioN 240
Soulkey 177
[ Show more ]
Soma 166
hero 140
Snow 139
Rush 106
ggaemo 86
Sea.KH 64
Hyun 62
Mind 51
Free 42
sorry 36
Aegong 32
Terrorterran 29
Yoon 27
ToSsGirL 27
JYJ23
PianO 22
Sexy 13
scan(afreeca) 13
HiyA 11
SilentControl 10
IntoTheRainbow 8
Dota 2
Gorgc7070
qojqva3892
Dendi998
Fuzer 252
XcaliburYe170
League of Legends
Trikslyr44
Counter-Strike
ScreaM628
markeloff165
oskar113
Other Games
gofns24628
tarik_tv19189
B2W.Neo942
Mlord433
Lowko393
FrodaN392
Hui .342
byalli231
RotterdaM224
ArmadaUGS114
XaKoH 95
QueenE77
NeuroSwarm40
ZerO(Twitch)18
Organizations
StarCraft 2
Blizzard YouTube
StarCraft: Brood War
BSLTrovo
sctven
[ Show 17 non-featured ]
StarCraft 2
• poizon28 24
• Kozan
• sooper7s
• AfreecaTV YouTube
• intothetv
• Migwel
• IndyKCrew
• LaughNgamezSOOP
StarCraft: Brood War
• FirePhoenix12
• Michael_bg 5
• STPLYoutube
• ZZZeroYoutube
• BSLYoutube
Dota 2
• WagamamaTV311
League of Legends
• Nemesis5036
• TFBlade302
Other Games
• Shiphtur204
Upcoming Events
RSL Revival
18h 10m
Zoun vs Classic
Map Test Tournament
19h 10m
Korean StarCraft League
1d 11h
BSL Open LAN 2025 - War…
1d 16h
RSL Revival
1d 18h
Reynor vs Cure
BSL Open LAN 2025 - War…
2 days
RSL Revival
2 days
Online Event
3 days
Wardi Open
3 days
Monday Night Weeklies
4 days
[ Show More ]
Sparkling Tuna Cup
4 days
LiuLi Cup
5 days
The PondCast
6 days
Liquipedia Results

Completed

Proleague 2025-09-10
Chzzk MurlocKing SC1 vs SC2 Cup #2
HCC Europe

Ongoing

BSL 20 Team Wars
KCM Race Survival 2025 Season 3
BSL 21 Points
ASL Season 20
CSL 2025 AUTUMN (S18)
LASL Season 20
RSL Revival: Season 2
Maestros of the Game
StarSeries Fall 2025
FISSURE Playground #2
BLAST Open Fall 2025
BLAST Open Fall Qual
Esports World Cup 2025
BLAST Bounty Fall 2025
BLAST Bounty Fall Qual
IEM Cologne 2025
FISSURE Playground #1

Upcoming

2025 Chongqing Offline CUP
BSL World Championship of Poland 2025
IPSL Winter 2025-26
BSL Season 21
SC4ALL: Brood War
BSL 21 Team A
Stellar Fest
SC4ALL: StarCraft II
EC S1
ESL Impact League Season 8
SL Budapest Major 2025
BLAST Rivals Fall 2025
IEM Chengdu 2025
PGL Masters Bucharest 2025
Thunderpick World Champ.
CS Asia Championships 2025
ESL Pro League S22
TLPD

1. ByuN
2. TY
3. Dark
4. Solar
5. Stats
6. Nerchio
7. sOs
8. soO
9. INnoVation
10. Elazer
1. Rain
2. Flash
3. EffOrt
4. Last
5. Bisu
6. Soulkey
7. Mini
8. Sharp
Sidebar Settings...

Disclosure: This page contains affiliate marketing links that support TLnet.

Advertising | Privacy Policy | Terms Of Use | Contact Us

Original banner artwork: Jim Warren
The contents of this webpage are copyright © 2025 TLnet. All Rights Reserved.