• Log InLog In
  • Register
Liquid`
Team Liquid Liquipedia
EDT 03:49
CEST 09:49
KST 16:49
  • Home
  • Forum
  • Calendar
  • Streams
  • Liquipedia
  • Features
  • Store
  • EPT
  • TL+
  • StarCraft 2
  • Brood War
  • Smash
  • Heroes
  • Counter-Strike
  • Overwatch
  • Liquibet
  • Fantasy StarCraft
  • TLPD
  • StarCraft 2
  • Brood War
  • Blogs
Forum Sidebar
Events/Features
News
Featured News
Team TLMC #5 - Finalists & Open Tournaments0[ASL20] Ro16 Preview Pt2: Turbulence10Classic Games #3: Rogue vs Serral at BlizzCon9[ASL20] Ro16 Preview Pt1: Ascent10Maestros of the Game: Week 1/Play-in Preview12
Community News
Weekly Cups (Sept 8-14): herO & MaxPax split cups4WardiTV TL Team Map Contest #5 Tournaments1SC4ALL $6,000 Open LAN in Philadelphia8Weekly Cups (Sept 1-7): MaxPax rebounds & Clem saga continues29LiuLi Cup - September 2025 Tournaments3
StarCraft 2
General
#1: Maru - Greatest Players of All Time Weekly Cups (Sept 8-14): herO & MaxPax split cups Team Liquid Map Contest #21 - Presented by Monster Energy SpeCial on The Tasteless Podcast Team TLMC #5 - Finalists & Open Tournaments
Tourneys
Maestros of The Game—$20k event w/ live finals in Paris SC4ALL $6,000 Open LAN in Philadelphia Sparkling Tuna Cup - Weekly Open Tournament WardiTV TL Team Map Contest #5 Tournaments RSL: Revival, a new crowdfunded tournament series
Strategy
Custom Maps
External Content
Mutation # 491 Night Drive Mutation # 490 Masters of Midnight Mutation # 489 Bannable Offense Mutation # 488 What Goes Around
Brood War
General
BGH Auto Balance -> http://bghmmr.eu/ Pros React To: SoulKey's 5-Peat Challenge [ASL20] Ro16 Preview Pt2: Turbulence BW General Discussion ASL20 General Discussion
Tourneys
[ASL20] Ro16 Group D [ASL20] Ro16 Group C [Megathread] Daily Proleagues SC4ALL $1,500 Open Bracket LAN
Strategy
Simple Questions, Simple Answers Muta micro map competition Fighting Spirit mining rates [G] Mineral Boosting
Other Games
General Games
Path of Exile Stormgate/Frost Giant Megathread General RTS Discussion Thread Nintendo Switch Thread Borderlands 3
Dota 2
Official 'what is Dota anymore' discussion LiquidDota to reintegrate into TL.net
League of Legends
Heroes of the Storm
Simple Questions, Simple Answers Heroes of the Storm 2.0
Hearthstone
Heroes of StarCraft mini-set
TL Mafia
TL Mafia Community Thread
Community
General
US Politics Mega-thread Things Aren’t Peaceful in Palestine Canadian Politics Mega-thread Russo-Ukrainian War Thread The Big Programming Thread
Fan Clubs
The Happy Fan Club!
Media & Entertainment
Movie Discussion! [Manga] One Piece Anime Discussion Thread
Sports
2024 - 2026 Football Thread Formula 1 Discussion MLB/Baseball 2023
World Cup 2022
Tech Support
Linksys AE2500 USB WIFI keeps disconnecting Computer Build, Upgrade & Buying Resource Thread High temperatures on bridge(s)
TL Community
BarCraft in Tokyo Japan for ASL Season5 Final The Automated Ban List
Blogs
The Personality of a Spender…
TrAiDoS
A very expensive lesson on ma…
Garnet
hello world
radishsoup
Lemme tell you a thing o…
JoinTheRain
RTS Design in Hypercoven
a11
Evil Gacha Games and the…
ffswowsucks
Customize Sidebar...

Website Feedback

Closed Threads



Active: 1667 users

CyberSecurity: Part 1 Information gathering

Blogs > sc2effort
Post a Reply
sc2effort
Profile Blog Joined June 2011
Russian Federation269 Posts
March 01 2013 17:40 GMT
#1
Introduction:

Hey guys, this is the second part of my blog, I got great feedback and ratings on my last blog so I am making a series. This series will consist of In depth tutorials within the blog on how I go about pen testing, we will start with the first step which is Information gathering. This blog will be about the beginning steps of Information Gathering, so lets get started.


Information Gathering: Pre Steps And Basic Commands

When you first start Pen-Testing you will be confused, with all of the commands and terminal screens floating text, people talking exploits and SQL Injection it is just to much. There are a Few Great Books to read to comprehend and understand everything (I recommend reading these books while reading my blogs/tutorials), I pulled a lot of the knowledge i have now from books like these.

Books:

- Ninja Hacking Link:http://www.amazon.com/Ninja-Hacking-Unconventional-Penetration-Techniques/dp/1597495883/ref=sr_1_1?s=books&ie=UTF8&qid=1362077854&sr=1-1&keywords=ninja hacking

- Metasploit: The Penetration Testers Guide Link:http://www.amazon.com/Metasploit-The-Penetration-Testers-Guide/dp/159327288X/ref=pd_sim_b_4

- SQL Injection: Attacks And Defense 2nd Edition Link: http://www.amazon.com/SQL-Injection-Attacks-Defense-Second/dp/1597499633

There are more books, but we will start there for now and go into others as we cover more topics, Now onto the Course.

First Steps

Information Gathering is one of if not the most important stage of the entire attack, it provides information that can actually be scary and throughout this course I recommend you try the commands we use on your personal machines and websites (if you have one) to see the results and the reason we tell you to not post your information everywhere you go.

BackTrack 5R3: Throughout this tutorial we will be using backtrack, I will not explain where to get backtrack as it is a broadly covered topic if you just search google. But if you are running a windows PC you will need Vmware player, this will act as a virtual machine on your OS (Operating System) and allow you to run BackTrack without having to actual install it onto your drive. To install back track onto this virtual machine search for a guide on google, it is very very easy.

What Is BackTrack?

If you had this question in your head while you were reading the last paragraph I am here to help. BackTrack is a version of linux that is used by network analyzers and Pen-Testers such as myself, it gives a broad range of tools about 80% of which we will never use within the tutorials. But it comes pre loaded with tools that we will use and is nice to look at and use, that is why we will be using it.

Whois Command

- When you are in backtrack 5R3 go to the top of your screen and you will see a terminal interface (Refer to Image 1)

[image loading]

-When you see the window open you are ready to go, now within the Terminal Type Whois www.(any website of yourchoice)

- You will see a bunch off lines start coming through and now you have done the first part of information Gathering. If you were testing a company you would use their website. Basically the whois command will give you all the information on the server there are using, this is very important because when you are testing a company you need to make sure you are testing only that company... you do not want to take out someone tied to them in some way such as there webhost or something like that, There is a very useful site to be used to find the IP Adress of a website and once we have that IP we can do a Whois against that IP. Here is the site you can use to find the IP of the IP of the targeted site: http://get-site-ip.com/

The Ip of the site can be used to find a lot of things but for now, we will be moving on and we will go into the specific coding in a different tutorial.

Port Searches:

Port searching is very important within pen-testing, it will allow you to figure out what is being run on different ports connected to the server. This is useful so you do not trip a port and get locked out of the system for good or for a period of time, disabling you from doing the job.

Google Hacking:

Google hacking is one of the best ways to find information on a target, you can use "Dorks" to find vulnerabilities in a website and places to attack. We will be going more over this in the next tutorial showing dorks that give a lot of "hope" in finding a vulnerability, but you have to adapt dorks to the website.

Alright guys, so that is the basics of information gathers, there are a lot more steps and we will cover those in the next tutorial which will be out within 2-3 days of this one, I received a lot of questions regarding how to get into the field so I will go over that now.

Getting Into The Field:

Alright so there are a few things you should know before going into a field such as this, most of the people that work in it and are successful were black hat (criminal) at a point in time, including myself. To get started study all of the languages you can, java, SQL Injection, Python, C++, C#, Database languages, etc...

I did not go to college or get any official training, I learned purely off of books and people around me. But computer science and programming degrees are always a good thing to have to get into the industry if you do not have some "Rep" or "Street Cred".

That is all for this blog/tutorial guys, there will be one featuring the code out soon.
Please Like this if you Liked it and leave feedback or questions for me and I will get to it as quick as possible.

Poll: Like This Blog/Tutorial

Like (14)
 
93%

Disklike (1)
 
7%

15 total votes

Your vote: Like This Blog/Tutorial

(Vote): Like
(Vote): Disklike





****
5 time GM zerg Currently top masters
Al Bundy
Profile Joined April 2010
7257 Posts
March 01 2013 18:13 GMT
#2
Very interesting stuff right there. I'm a total newbie when it comes to that science but for some reason I find it quite intriguing. Thanks for sharing, looking forward to read more.
o choro é livre
sc2effort
Profile Blog Joined June 2011
Russian Federation269 Posts
March 01 2013 18:41 GMT
#3
Thanks! Yea it is a very interesting field. If you have any questions in the future shoot them at me
5 time GM zerg Currently top masters
FromShouri
Profile Blog Joined April 2012
United States862 Posts
Last Edited: 2013-03-01 21:12:17
March 01 2013 21:11 GMT
#4
Simpler way to find IP is to just open windows command prompt and ping the website. Here is a test for google.

"Pinging www.google.com [74.125.227.20] with 32 bytes of data:"

Now if you type 74.125.227.20 into the URL area of any browser it will take you to google.com

Granted like you said if there were multiple web servers you would get multiple results, but on smaller web sites it'll work fine.
Limited Edition, lets do some simple addition, $50 for a T-Shirt is just some ignorant bitch shit.
Ilikestarcraft
Profile Blog Joined November 2004
Korea (South)17727 Posts
March 01 2013 21:14 GMT
#5
Keep it up. Looking forward to next one.
"Nana is a goddess. Or at very least, Nana is my goddess." - KazeHydra
sc2effort
Profile Blog Joined June 2011
Russian Federation269 Posts
March 01 2013 21:42 GMT
#6
@fromshori

pinging the website is one way to do it... but what we are really looking for is the dns, I should have explained that better int the guide. You need the IP to the server not the ip to the website. Im going to go back and fix that. But like I said, information with all of the coding will be on the next blog.
5 time GM zerg Currently top masters
KurtistheTurtle
Profile Blog Joined December 2008
United States1966 Posts
March 01 2013 21:51 GMT
#7
I'm learning all kinds of coding languages right now in an attempt to enter the industry. This is actually one facet of it I didn't know about, but it really intrigues me...I've always had being able to bypass a login to enter a members-only area site as a nerdy goal of mine. But that's nefarious as it gets, promise!

I made a folder in my bookmark toolbar to check in on the series every day.
“Reject your sense of injury and the injury itself disappears."
FromShouri
Profile Blog Joined April 2012
United States862 Posts
March 01 2013 22:22 GMT
#8
On March 02 2013 06:42 sc2effort wrote:
@fromshori

pinging the website is one way to do it... but what we are really looking for is the dns, I should have explained that better int the guide. You need the IP to the server not the ip to the website. Im going to go back and fix that. But like I said, information with all of the coding will be on the next blog.


guess it depends if you want to mess their servers or their dns up
Limited Edition, lets do some simple addition, $50 for a T-Shirt is just some ignorant bitch shit.
ilovekimchi
Profile Joined February 2013
United States18 Posts
March 01 2013 22:43 GMT
#9
Do most people get into this industry with a degree? It seems like you would need one. How hard is it to get in without one?
sc2effort
Profile Blog Joined June 2011
Russian Federation269 Posts
March 02 2013 00:00 GMT
#10
No most do not, I dont have a degree and if you have the right rep within the community it isint too hard. Granted a degree would help, but you can get in just by knowing your stuff and being a social person as well as the "hacker" haha
5 time GM zerg Currently top masters
GoTuNk!
Profile Blog Joined September 2006
Chile4591 Posts
Last Edited: 2013-03-02 02:30:07
March 02 2013 02:27 GMT
#11
Hey, tbh I didn't understand much, but would like to know if you can help me with smth. I missclicked an email with a virus (there is a USP package for you bla bla) and I'm wondering if there is an alternative fix rather than formatting. It makes internet browsing slow (with lag) and attach the troll file to my emails. Already tried ad-aware and spybot SD and didn't work :'(
catplanetcatplanet
Profile Blog Joined March 2012
3830 Posts
March 02 2013 02:53 GMT
#12
On March 02 2013 06:11 FromShouri wrote:
Simpler way to find IP is to just open windows command prompt and ping the website. Here is a test for google.

"Pinging www.google.com [74.125.227.20] with 32 bytes of data:"

Now if you type 74.125.227.20 into the URL area of any browser it will take you to google.com

Granted like you said if there were multiple web servers you would get multiple results, but on smaller web sites it'll work fine.

Can't ping bing, btw. microsoft y u block stuff
I think it's finally time to admit it might not be the year of Pet
TheQuiff
Profile Blog Joined August 2012
Scotland91 Posts
March 02 2013 13:02 GMT
#13
This is brilliant and have taken a great deal on interest so for past week been studying coding atm just to have understand of codes. If i ever come across but been told learning Java isnt important so soon will carry on to study SQL and have all ready received those 3 books and about the real SQL injection.

Thanks SC2Effort
I'm Scottish, I'm not that scary
sc2effort
Profile Blog Joined June 2011
Russian Federation269 Posts
March 02 2013 15:40 GMT
#14
No probelm, glad you are interested.. I am, working on the next blog already, there will be more coding in it.
5 time GM zerg Currently top masters
3772
Profile Joined May 2010
Czech Republic434 Posts
March 03 2013 15:03 GMT
#15
A bit too short and general. The one before was a bit deeper, longer, but not too long.
sc2effort
Profile Blog Joined June 2011
Russian Federation269 Posts
March 04 2013 01:28 GMT
#16
alright ill take that into consideration thanks!
5 time GM zerg Currently top masters
Please log in or register to reply.
Live Events Refresh
Next event in 3h 11m
[ Submit Event ]
Live Streams
Refresh
StarCraft 2
ProTech74
StarCraft: Brood War
firebathero 1276
actioN 932
PianO 212
Leta 156
soO 65
Dewaltoss 60
Noble 45
Sharp 42
NaDa 14
Sacsri 12
Dota 2
NeuroSwarm134
XcaliburYe45
Counter-Strike
Stewie2K789
allub170
Super Smash Bros
Mew2King35
Other Games
ceh9386
C9.Mang0334
XaKoH 172
SortOf106
Pyrionflax68
Trikslyr26
Organizations
Other Games
gamesdonequick457
StarCraft 2
Blizzard YouTube
StarCraft: Brood War
BSLTrovo
sctven
[ Show 16 non-featured ]
StarCraft 2
• OhrlRock 30
• LUISG 18
• AfreecaTV YouTube
• intothetv
• Kozan
• IndyKCrew
• LaughNgamezSOOP
• Migwel
• sooper7s
StarCraft: Brood War
• iopq 2
• BSLYoutube
• STPLYoutube
• ZZZeroYoutube
League of Legends
• Lourlo1202
• Stunt445
• HappyZerGling123
Upcoming Events
LiuLi Cup
3h 11m
OSC
11h 11m
RSL Revival
1d 2h
Maru vs Reynor
Cure vs TriGGeR
The PondCast
1d 5h
RSL Revival
2 days
Zoun vs Classic
Korean StarCraft League
2 days
BSL Open LAN 2025 - War…
3 days
RSL Revival
3 days
BSL Open LAN 2025 - War…
4 days
RSL Revival
4 days
[ Show More ]
Online Event
4 days
Wardi Open
5 days
Monday Night Weeklies
5 days
Sparkling Tuna Cup
6 days
Liquipedia Results

Completed

Proleague 2025-09-10
Chzzk MurlocKing SC1 vs SC2 Cup #2
HCC Europe

Ongoing

BSL 20 Team Wars
KCM Race Survival 2025 Season 3
BSL 21 Points
ASL Season 20
CSL 2025 AUTUMN (S18)
LASL Season 20
RSL Revival: Season 2
Maestros of the Game
FISSURE Playground #2
BLAST Open Fall 2025
BLAST Open Fall Qual
Esports World Cup 2025
BLAST Bounty Fall 2025
BLAST Bounty Fall Qual
IEM Cologne 2025
FISSURE Playground #1

Upcoming

2025 Chongqing Offline CUP
BSL World Championship of Poland 2025
IPSL Winter 2025-26
BSL Season 21
SC4ALL: Brood War
BSL 21 Team A
Stellar Fest
SC4ALL: StarCraft II
EC S1
ESL Impact League Season 8
SL Budapest Major 2025
BLAST Rivals Fall 2025
IEM Chengdu 2025
PGL Masters Bucharest 2025
MESA Nomadic Masters Fall
Thunderpick World Champ.
CS Asia Championships 2025
ESL Pro League S22
StarSeries Fall 2025
TLPD

1. ByuN
2. TY
3. Dark
4. Solar
5. Stats
6. Nerchio
7. sOs
8. soO
9. INnoVation
10. Elazer
1. Rain
2. Flash
3. EffOrt
4. Last
5. Bisu
6. Soulkey
7. Mini
8. Sharp
Sidebar Settings...

Disclosure: This page contains affiliate marketing links that support TLnet.

Advertising | Privacy Policy | Terms Of Use | Contact Us

Original banner artwork: Jim Warren
The contents of this webpage are copyright © 2025 TLnet. All Rights Reserved.