What We Gather About Target System
Information Gathering is the fist phase of the system hacking. Every beginner asks what should i find before attack about the target system. During a network penetration test, the goal of information gathering is to gather as much information as possible about the target network and its systems. This can include both active and passive reconnaissance.
- VPN : VPN is a Virtual Privet Network . It is used for anonimity on the internet. we have to find the VPN connections of the target system if it used it.
- Email & Password : Email is a very important information we can do a lot of things if we get the email information of the target machine.
- IP Address : IP(internet protocol ) is the virtually name of the system in the network. a device is identified by the IP address.
- Firewall : Firewall information is very important for us to when it's come to the the hacking phase.
- Open & Close Ports : Open & Close Ports information should we gather for the next phase.
- Operating System : Operating system type is mostly demanding thing to know. it reduces the time of us So we can perform the specific system attack for that system.
- System Version : System Version is also include in the operating system information gathering so we can perform the specific attack for that system
- Domain Name : Domain name information gathering is come into the organisation information gathering. When a organisation own's a Domain Name.
- Network infrastructure information: This can include information about the network architecture, IP addresses of servers and devices, and the types of devices and operating systems present on the network.
- Service and application information: This can include information about the services and applications that are running on the network, such as web servers, email servers, and database servers.
- Vulnerability information : This can include information about known vulnerabilities in the network's systems and applications, as well as any patches or updates that have been applied.
- User and account information : This can include information about the users and accounts that have access to the network, as well as their roles and permissions.
- Network traffic : This can include information about the types of traffic that are present on the network, as well as any patterns or anomalies that might indicate a security issue.
Sources :
- Website
- Google Search
- Social Media
- Social Engineering
- Organisation's Website
- Who Is
Websites : Website can be a social media website or can be a organisations official website we can extract a lot of information about the target but it depend on the target which one of the device we are going to be hacked.
Lot of people are now giving a lot information about them selves on social media.
Search Engines : By the advance search engine techniques we can extract more information about the target. we will learn it in our next article
Whois : Whois is a query and response protocol that is used for querying the stored information in the database of the server which is publicly available.
we search here the domain name and ip address of the target system.
Social Engineering : Social Engineering is a very deep subject it is a dedicated a separate subject of ethical hacking. In social engineering a attacker try to extract useful information by interacting a person on call or face to face.
i will introduce a dedicated series on social engineering on my website.
NOTE : If you fine any mistake or weakness in my article please help us to improve our content.
This information can be used to identify potential vulnerabilities in the network and develop a plan for how to proceed with the penetration test.
Related Topics :
