Reference no: EM132159580
Lab - Information Recon
Objectives - To learn how to use some of the tools used by hackers to gather information about a potential target, using different techniques on varied targets to improve the chances of success when attacking and/or compromising the site.
Lab Outcome:
- To complete the lab procedures To correctly answer the questions supplied in the lab
- Each question is worth one mark, no partial marks.
Background information: The capabilities and tools you will be using in this lab should not be used either on the Algonquin Corporate network or any other network connection without explicit authorization from the network administrator. Otherwise, you risk being mistaken for an attacker on that network!!
Section A - Preliminary Information
However, a large portion of the tools needed are in the Kali VM already.
Other similar tools and resources are available and can be used.
Just make sure you list what tools and/or sites you did use for each answer given.
Section B - Information from public records
Your goal here is to find information about Algonquin College.
Locate and identify the following information about Algonquin College.
Q1. What is name, email address and mailing address of the main administrative contact for the algonquincollege.com domain? Provide source of information.
Q2. What information is seen in Q1 about the admin that is a security risk? Explain why & provide an alternative.
Q3. Who's the domain registrar for the algonquincollege.com domain? Provide source of information.
Q4. Where are the DNS servers physically located for Algonquin? Provide source of information.
Q5. What are ALL of the official/real algonquincollege.com DNS server IP(s)? Provide source of information.
Q6. What are ALL of the official/real algonquincollege.com mail server IP(s)? Provide source of information.
Q7. What is the public IP address range(s) owned by Algonquin College? Provide source of information.
Q8. What specific web server software(s) does algonquincollege.com use, and associated IP addresses for the main web page?
Q9. Which country has the highest percentage of visitors that have gone to the main algonquincollege.com web site?
Algonquin has multiple campuses
Ottawa, Perth, Pembroke
Q10. Is Algonquin hosting the info sites locally (i.e. same servers as main) or not? Explain how you know.
Section C - Information research about a company
Your goal here is to learn information that you can gather about an organization.
Some guiding principle you can use:
If the company is publicly traded, that means they are mandated by some level of Corporate Governance to publish corporate info, Investor info and other key tidbits.
In the US, SEC filings for corporations contains a wealth of corporate info
Can be quite different in other countries, the details of Corporate governance and compliance varies from country to country.
If the company is incorporated, the process and laws require that key info be made public.
- A lot of the "About us" or "News" pages have a wealth of information available
- This is especially true if it isn't just a sole proprietorship incorporated just for tax purposes and/or an International company.
Most companies WANT to talk about themselves.
- Marketing and PR is built into corporate culture, fed by human ego and the need to tell others what you do and how well you do it.
- It's typically a rather painful and ongoing exercise for the CSO to turn around and verify what's put out and public info... and what's out there that shouldn't be!!
- Companies are typically information gluttons, to better understand their market and demographics. Privacy then works to ensure that non-public info companies acquire is maintained in an appropriate fashion... but...
Q11. How many people total are on the Acxiom's Board of Directors?
Q12. How many locations does Acxiom have active/open?
Q13. List 3 specific companies BY NAME that Acxiom does business with.
Section D - Information research in News Groups
Your goal here is to learn information that you can gather from Google searches about a problem an organization may be having.
Find information about a VPN problem that may have occurred for a company (or a client of the company) with a domain name of gtscad.com, question put out there by John Chapman.
Q14. What information did you find, specifically? Copy the content of the post(s) here.
Q15. What specific newsgroup(s)/forum(s) was the information posted to?
Q16. With what you know about the incident, people and companies involved, data mine (OSINT) and list any-and-all key "public" technical information you can find based on the person(s) involved and the company. (3-5 key elements minimum each to get full marks).
Q17. What should John have done to protect this information / public info from being used against his firm? Explain.
Section E - Information gathering about ... you!
Okay, using the techniques and tools you've used above, research and gather as much of the information you can find on the web about ... you!
Q18. Document everything of relevance that you found about yourself, along with where and how.
And "I didn't find anything" doesn't cut it WITHOUT strong justification - remember, I might check.
Q19. Was the first occurrence you found really about you ... or someone else with same name? Try and explain why.
Q20. How easy was it to find specific and relevant information about the actual you? Explain.
Q21. Based on what you have found and how, what kinds of details are necessary to ensure that researching an individual obtains both accurate results AND about the right person?
Section F - Data Mining - the quick demo
One example of a data mining tools is called Maltego.
Once that's done, start Maltego
- When prompted, enter your username, password, and any other required information.
- Be patient - the program can take a while to start up.
- In the left-hand window, near the bottom, drag and drop a Person into the Mining View pane.
- Double-click on the new Person icon and change the name to your own name.
- Right-click on the changed icon and select All Transforms to start the data mining process.
Q22. Did Maltego come up with new information/relationships you had not found before? Elaborate - what kind, how relevant, etc...
Q23. How accurate are the relationships Maltego found about you? Explain.
Attachment:- Assignment File.rar