Makes a list of any of this information you find and submit it as part of this assignment.

Ethical Hacking Assignment

 

Reconnaissance Assignment:

Task -> Given a “Company Name” Now HACK!!

1)    HTTRACK – Clone a Website for Offline Analysis

 

First locate and copy website locally using a Website Copier called HTTRACK, this enable you to conduct offline analysis and searches on the multitude of webpages comprising the website.

Download and Install HTTRACK at http://www.httrack.com/

Video: https://www.youtube.com/watch?v=DNdNbYkr0X0

Note: If you are trying to find information about a particular company for social engineering or trying to spoof a website or login, HTTrack is an excellent tool for both tasks. To create a clone website for dnsspoof or grab credentials for an Evil Twin, now you have the tool to do so! We will see this later

Clone this website: URL -> http://web.eng.fiu.edu/aperezpo

Then, using your favorite web browser open enter

 

Navigate and explore the website looking for information that can be used in this phase, such as phone numbers, email addresses, business relationships, employee names, social media connections etc.

 

Makes a list of any of this information you find and submit it as part of this assignment.

 

 

 

 

2)    Exhaustive web search engine using Google Hacking or Dorks (Smart searches):

http://www.starthacking.net/google-dorks/

http://www.digitaltrends.com/computing/directly-access-google-cached-pages/

 

a)    Search only the FIU website looking for cybersecurity and record the number of hits, compare this number to just typing cybersecurity.

site:fiu.edu cybersecurity      compared to  cybersecurity

b)    Search to find how many FIU webpages contain admin in the URL (hint: must combine multiple directives) Record how many hits found and explain why this would be valuable in conducting reconnaissance, what do we learn or find out? Try.

 

inURL:admin     and then     site:fiu.edu  inURL:admin

c) To reduce your digital footprint search the cache webpages instead of the live webpages for cybersecurity, use the following link to find a cached version of the page:

http://web.eng.fiu.edu/aperezpo Has anything changed?

http://webcache.googleusercontent.com/search?q=cache:http://web.eng.fiu.edu/aperezpo

Google has recently changed the ability to search the cached webpage, in the past we could do:

cache:fiu.edu  cybersecurity

to search all cached fiu.edu webpages for the term cybersecurity, now we must specify a specific webpage as in this exercise to get the cached version of a webpage. This was a great way to conduct passive reconnaissance, since the actual website is not searched, but instead the cached versions.

c)    Use the following website to explain the latest http://www.exploit-db.com google hack, please record it and explain what it does.

 

3)    The Email Harvester -> Discovery Emails Associated with a Domain

https://www.youtube.com/watch?v=0-OyZGbpSJk

Using Kali, run the harvester tool on the website: fiu.edu,  Show the results?

./theharvester.py –d fiu.edu –l 10 –b google

 

4)    Using WHOIS, NETCRAFT, HOST, NSLOOKUP, DIG

Pick two companies, one large and one not so large, like sears.com and gilbertsbakery.com with these two company domains use the tools identified on Linux (Kali) or Windows to get as much information as possible. Submit a report with the information you have learned and are there any differences between the two company reports. Be aware that doing is legal, since these are public databases that maintain all of this information; we are not accessing any information on these specific domains. Show the results for each company and the results obtained after running these tools. Describe what you have learned?

You can use the GUI or CLI tools or one of these websites or you can use any means you like

http://www.whois.net

http://searchdns.netcraft.com

http://www.dnsstuff.com/tools

http://network-tools.com/nslook/

http://dig-nslookup.nmonitoring.com/dns-dig-nslookup.html

A netblock is a range of IP addresses. ISP’s must be assigned addresses in blocks, and the larger the block that can be assigned to someone the better because that makes for less entries in the Internet routing tables for information on how to get to those addresses.

5)  Maltego –An  Intelligent Information Gathering Tool

a) Go to https://www.paterva.com/web6/ and download and install the community version for your platform. You need to register with your email and password to use it for a limited amount of time. This is a tools used by law enforcement to discovery relationships among various entities. The way it works is that it accesses various available data repositories, Whois, DNS, social media, etc. to discovery associations. For example, we could determine what DNSs are associated with a website or what domains are associated with a specific IP address, which friends do these people have in common, remember just about everything is linked or known through your email on the Internet.

Please see videos below to see how to perform many of the activities with this tool.

Tutorial 1: https://www.youtube.com/watch?v=3zlbUck_BLk

Tutorial 2: https://www.youtube.com/watch?v=ibtwjPJ5PGs

Tutorial 4: https://www.youtube.com/watch?v=FceN0T_a_uM

Tutorial 5: https://www.youtube.com/watch?v=42KhnNQS8AU

Do tutorials 1, 2, 4 and view tutorial 5. Please submit a print screen of tutorials 1 and 2, and then provide one or two paragraphs discussing the tutorials 4 and 5.