Page 194 - ICDEBI2018
P. 194
I International Journal of Trend in Scientific Research and Development (IJTSRD) ISSN: 2456International Journal of Trend in Scientific Research and Development (IJTSRD) ISSN: 2456nternational Journal of Trend in Scientific Research and Development (IJTSRD) ISSN: 2456-6470 | IF: 4.101
2.2 The vital Steps followed in a thoroughthorough organization. Science Address registries facilitate Address registries facilitate
Penetration Testing America to find them.
2.2.1 Intelligence or operation ARIN – yankee register for net Numbers. US yankee register for net Numbers. US
This is a awfully vital step a Pen tester should follow. This is a awfully vital step a Pen tester should follow. Region.
When the pre coming up with and also the goal the pre coming up with and also the goal RIPE - Réseaux science Européens. Réseaux science Européens. Could be a
definition, the pen tester should gather the maximum definition, the pen tester should gather the maximum cooperative fo-rum receptive all parties curious rum receptive all parties curious
about wide space science networks in Europebout wide space science networks in Europe.
amount data as potential regarding the target amount data as potential regarding the target net- a
work. vital to notice, this is often the case once it's a work. vital to notice, this is often the case once it's a APNIC – Asia Pacific Network data Centre. Asia Asia Pacific Network data Centre. Asia
recording machine testing and once the organization recording machine testing and once the organization Pacific region.
has not provided any data to the tester.
F
For instance, to seek out the block of science or instance, to seek out the block of science
A Pen tester should gather data from AN attacker’s A Pen tester should gather data from AN attacker’s addresses happiness to Google. Enter the key word addresses happiness to Google. Enter the key word
perspective. Something that's helpful to attackerthat's helpful to attackers is Google in http://whois.arin.net/ui. [1][5]Google in http://whois.arin.net/ui. [1][5]
critical to be collected:
Network Diagrams 2.2.1.4 DNS Registrars:
IP Addresses Use the Whois.net or the other who is databases to other who is databases to
s
Domain names seek out all the sub domains. lookup is another eek out all the sub domains. lookup is another
Device kind windows tool to seek out the science addresses related indows tool to seek out the science addresses related
w
Applications and their versions. t to the given name, to seek out the name server and for o the given name, to seek out the name server and for
Security defenses like IDS, IPS. z
zone transfers. AN example is as shown within the one transfers. AN example is as shown within the
screenshot below.
To gather this data we glance into:
A. Google & Social or skilled networking webGoogle & Social or skilled networking web-sites
B. Monster.com
C. science Registries
D. DNS Registrars
E. The Company’s web site.
2.2.1.1 Google & Social or skilled Networking Google & Social or skilled Networking
Websites:
Search with the keyword beside the corporate name. Search with the keyword beside the corporate name.
The relevant data from the search results will be The relevant data from the search results will be
selected. For example, search with the keyword example, search with the keyword „AS
A firewall‟ with the corporate name „Demo Bank with the corporate name „Demo Bank‟. A
LinkedIn profile of a worker performing at Demo worker performing at Demo
Bank will be obtained because the search resultssearch results. By
this we will get to understand that Demo this we will get to understand that Demo bank’s
network contains of AS a Firewall. Resumes of the Firewall. Resumes of the Figure 1: NS Lookup
employees provide out heap of knowledge.provide out heap of knowledge.
2.2.1.2 Monster.com: Name,
Open a DNS
admin, IPdmin, IP
Lot of knowledge will be obtained from the task Sites. Lot of knowledge will be obtained from the task Sites.
addresses,ddresses,
Search with the corporate name and also the list of Search with the corporate name and also the list of Techniques Source a Zone
search results seem, which provides data relating to search results seem, which provides data relating to Search name Transfer
the network de-vices or the applications victimization cations victimization servers
that the company’s network infrastructure is made.that the company’s network infrastructure is made. Google Who is Nslookup
Tools Search ARIN ls
2.2.1.3 Science Registries: Engine A Dig deeper
APNICPNIC
When the science Addresses aren't provided by the When the science Addresses aren't provided by the Sam spade
organization, the Pen tester has got to resolve the organization, the Pen tester has got to resolve the
block of science addresses be-longing to the longing to the
@ IJTSRD | Available Online @ www.ijtsrd.comwww.ijtsrd.com | Conference Issue: ICDEBI-2018 | | Oct 2018 Page: 186
