Ch1IntroducingWindowsXP.docVIP

Chapter 1 Footprinting Google Hacking Find sensitive data about a company from Google Completely stealthy—you never send a single packet to the target (if you view the cache) To find passwords: intitle:Index of passwd passwd.bak See links Ch 1a, 1b on my Web page (, click CNIT 124) Other fun searches Nessus reports (link Ch 1c) More passwords (link Ch 1d) Be The Bot See pages the way Googles bot sees them Custom User Agents Add the User Agent Switcher Firefox Extension Try this Nokia one for fun More in Project 2 Footprinting Gathering target information If you know the enemy and know yourself, you need not fear the result of a hundred battles. If you know yourself but not the enemy, for every victory gained you will also suffer a defeat. If you know neither the enemy nor yourself, you will succumb in every battle. Sun Tzu on the Art of War Environments and the Critical Information Attackers Can Identify Internet Domain name Network blocks Specific IP addresses of systems reachable via the Internet TCP and UDP services running on each system identified System architecture (for example, Sparc vs. x 86) Access control mechanisms and related access control lists (ACLs) Intrusion-detection systems (IDSs) System enumeration (user and group names, system banners, routing tables, and SNMP information) DNS hostnames Intranet Networking protocols in use (for example, IP, IPX, DecNET, and so on) Internal domain names Network blocks Specific IP addresses of systems reachable via the intranet TCP and UDP services running on each system identified System architecture (for example, SPARC vs. x 86) Access control mechanisms and related ACLs Intrusion-detection systems System enumeration (user and group names, system banners, routing tables, and SNMP information) Remote access Analog/digital telephone numbers Remote system type Authentication mechanisms VPNs and related protocols (IPSec and PPTP) Extranet Connection origination and destination Type of con