User Account

All Pages

Mapping an organizations information systems

Assignment Help Management Information Sys
Reference no: EM131214506

Objective

Lab 1 is designed to provide you with hands-on, practical experience with information gathering tools and methodologies. Upon completion of lab 1, you will have an understanding of the following:

1. Footprinting - mapping an organization's information systems
 1. Google - advanced search operators allow you to easily find specific, relevant information
 2. WHOIS - query information related to Internet ownership of domain names, IP address blocks, or autonomous systems
 3. DNS Interrogation - obtaining information about an organization's computer names, IP addresses and other potential target information

2. Tools - as we investigate these footprinting techniques, we will explore the tools necessary to gather information

Materials

For the purposes of lab 1, you will need the following:
- All students: Complete the Google searches from your own system as long as you have an internet connection.
- All students: You can download the Kali VM and use it at home for this lab, or use a system of your choice (Windows XP/7/8). The CDM lab does not allow our course VMs to be connected to the internet, sorry :(

Procedures
1. Footprinting with Google

1. In this section we will experiment with Google's advanced operators to understand what types of information can easily be found on the web. Remember, the basic syntax of the advanced operator is operator:search_term. You can perform the following searches from your personal computer or connect to the lab as detailed in lab 0.

1. Let's begin with a simple example using the site: operator. Type the following command into Google site:digg.com free "desktop wallpaper". While the example may not be relevant to security, it goes to show how a search can easily be restricted to a specific site (digg.com) and piece of information (free desktop wallpapers).

2. The next operator filetype: allows us to search for pages that end in a particular file extension. Type the following command into Google filetype:conf apache. Based on

the results, are you starting to see how this is a powerful operator by itself? Consider the scenario where you are attempting to locate a particular type of configuration file that a company may have inadvertently posted to the Internet. Also try the following search filetype:reg "Terminal Server Client". This returns Microsoft Terminal Services connection settings registry files. They may contain encrypted passwords and IP addresses.

3. The next operator intitle: starts to show the real power of advanced operators. Type the following command into Google intitle:index.of "parent directory". The results show directory listings of an assortment of goodies, ranging from MP3s to source code. Let's try another search with this operator. Type the following into Google intitle:"Welcome to Windows 2000 internet Services". Though the number of results may not be exciting, the important thing to note is we can easily identify web applications with known vulnerabilities based on their title. Here are a few other searches you can use to further explore intitle:
- intitle:index.of ws_ftp.log
- intitle:"Nessus Scan Report" "This file was generated by Nessus"
- server-dbs "intitle:index of"

4. The next operator inurl: allows us to limit searches to documents containing the search term in the URL. For example, an amusing example of this is the following which you can type in Google inurl:view/index.shtml. This URL is associated with Axis webcams that are accessible over the Internet. You could spend hours looking through these feeds. For a search that is more related to security, try inurl:"nph- proxy.cgi" "Start browsing". The results contain an assortment of proxy servers at your disposal.

5. The next operator cache: enables us to browse to a sites webpage that may currently be down (either intentionally or unwillingly). Type the following command into Google cache: cache:malos-ojos.com. It's important to note the page is being served by Google's servers and not the hosting company. Think of a scenario where a company accidentally posts confidential information to their site, Google has time to cache the page, the company recognizes their mistake and pulls the page, but the content still exists thanks to Google.

6. Now let's take these operators and combine them to see what types of goodies we can dig up. First, type the following command in Google intitle:Remote.Desktop.Web.Connection inurl:tsweb. This search provides us with a set of machines that have login pages for Remote Desktop through TS Web Access. Lastly, type the following command into Google -inurl:(htm|html|php) intitle:"index of" +"last modified" +"parent directory" +description +size +(wma|mp3) "Darude". Can you piece together how this search works? Can you see how it can easily be modified to locate any filetype of your choice with any subject? Here are a few other searches you can explore that combine operators:
- intitle:index.of inurl:admin
- intitle:"EvoCam" inurl:"webcam.html"

2. Now that we have an understanding of how these operators work, let's consider a tool that can help automate these searches.

1. Install McAfee SiteDigger v3.0 (https://www.mcafee.com/us/downloads/free- tools/sitedigger.aspx).

2. Navigate through the start menu to Programs / Security Tools / Scanning Tools and click Foundstone SiteDigger v3.0.

3. Once the application has loaded, expand the two categories titled FSDB and GHDB as pictured below:

4. Each of these sub-categories contains search strings that can provide a wealth of knowledge

5. Further expand the category titled Files containing passwords listed under GHDB

6. Click the search string labeled enable password | secret "current configuration" - intext:the and make note of the description that appears in the Selected Entry Info textbox:

7. Select the checkbox next to this search string and click Scan. Results should populate in the ‘Results:' textbox as pictured below:

8. Double-click a link to open it in the default browser
9. Also note you can restrict your search to a specific site/domain

10. Spend some time searching through the different search strings and reading the ‘Entry Info' section. You will find a wealth of knowledge and possibly come up with some new searches you would like to perform

2. Footprinting with WHOIS & DNS Interrogation

1. In this section we will focus on footprinting with WHOIS and DNS interrogation. Both techniques allow us to mine information specific to an entity and its Internet resources. For the purposes of this lab, we will explore the www.cehjumpstart.com domain.

1. This section assumes you are using BT5 or Kali Linux to complete...

2. Open a terminal session by browsing to Applications / Accessories / Terminal in the top menu bar

3. Type man nslookup at the prompt and press enter. This will present the ‘man page' or manual for the application. Man pages include descriptions, syntax usage, and other information that can be referenced. Press q to return to the root@kali:~# prompt

4. Type nslookup and press enter to begin an interactive session

1. Type www.cehjumpstart.com and press enter. The result will include the server that was used to perform the query, and any answers that were received (74.220.219.78).

2. Note that the resulting IP address was listed under ‘Non-authoritative answer:'. Do you know why this is the case? Continue on and hopefully it will become clear.

3. Browse to www.networksolutions.com/whois/

4. In the ‘Search all WHOIS Records' textbox, type www.cehjumpstart.com and click Search

5. When the search is complete, scroll down on the resulting page and locate the Domain servers. Note the first item listed ns1.bluehost.com and return to the terminal prompt.

6. You should still be in an interactive session on nslookup. Type server ns1.bluehost.com and press enter.

7. Now, let's perform or original search over again using the bluehost.com nameserver instead of the default nameserver (which happens to be owned by Deron's ISP). Type www.cehjumpstart.com and press enter. Take note that the result does not include the ‘Non-authoritative answer:' heading.

5. So we've gathered that the cehjumpstart.com domain points to an IP address that his owned and hosted by bluehost.com. Curious what other IP addresses bluehost.com owns? Browse to www.arin.net.

1. In the ‘Search Whois' textbox enter the IP address from our nslookup command 74.220.219.78 and press enter. Your results should look similar to what is pictured below:

2. You now have a range of IP addresses that have been allotted to Bluehost Inc. You also know the autonomous system number. With these details in hand, you are prepared to move on to the next step in reconnaissance: ascertaining active machines. We will dive into this topic in lab 2.

3. Recall the following image from the slides for module 2. Keep this in mind as we move between the various stages of footprinting:

6. Browse to ip2location.com

1. In the ‘IP Address' textbox in the right column type 74.220.219.78 and press enter

2. While these locations may not be 100% accurate, the site does a great job of zeroing in on the best estimate. Consider the implications of understanding the physical location of an IP address.

3. Try entering your IP address and see how far off the site is

7. For our last exercise let's return to the Kali VM. If you are still inside interactive mode for nslookup, type exit and press enter.

8. At the root@kali:~# prompt type traceroute 74.220.219.78 and press enter

1. Each hop represents a router or device that is traversed as data packets make their way from the Kali VM to the server hosting the cehjumpstart.com domain.

2. What other information is this providing us? What about the two or three hops prior to the final destination that appear to be hosts on sub-domains of bluehost.com?

3. Also have a look at the corresponding IP addresses for these last few hops. These don't fall in the IP address block we identified earlier on arin.net. We just found a new set of IPs that we can begin to collect more information on.


3. Researching Your Targets

1. In this section we will do some independent research on a target and try to gather all the publicly available information we can as part of Footprinting. To do this, I'm asking you to:

1. Select a target organization. Some suggestions here are that you find a sizeable organization that has an internet presence but make sure it isn't so large that the research takes an unreasonable amount of time and effort.

2. Find all publicly available information using both resources we have talked about as well and new resources that you will identify through your own research. Make sure to NOT scan, ping, or send any packet to the target organization (we are NOT scanning people, only gathering public information).

3. For those who may be new to footprinting we would be interested in items like those mentioned in Module 2 - Slide 6 (i.e. domains they own, physical locations/addresses, people of interest, systems they may be running as witnessed in job posting or LinkedIn profiles of current and former employees, etc.)

4. Gather and present your information in you submission including a listing of all resources used. I listed some items of interest on the final page of the lab to get you started, feel free to modify and change/add as you see fit.

Additional Exercises
The following items are additional exercises related to the lab. Feel free to explore these topics on your own.
- Visit www.torproject.org to learn about TOR. It's a powerful tool that can be leveraged to maintain your anonymity online when performing certain reconnaissance tasks. For the simplest installation, download the Tor Browser Bundle, which is a self-contained executable with all the components you'll need.
- Visit www.paterva.com to learn about Maltego. Maltego can help mine data related to the items we talked about in this lab. But, that's only a portion of its functionality. Check out the site to learn about its full potential. Download and try the demo (if available) as it may be useful for #3 Researching Your Targets above.
- Use recon-ng, cree.py, or any other tools for this exercise that DO NOT actively scan the target system, site, or network. So be careful.

For this lab you must submit the following to COL (in a single file please):
- The coolest Google search string you could come up with that was used to dig up something interesting. I suggest you do some research on this topic and put together a search string that results in something good. Be creative! And please don't give me links that allow you to download books, movies, or books as I consider that to be weak.

- A screenshot of the links that your search returns.
- A short description of the search and why it was the most interesting and/or returns valuable information. One paragraph should suffice, and include why the information is useful and what you could possibly use it for in your submission.
- Again, no "free mp3" or "free music links" PLEASE!!!!
- The results of your research on your chosen target (see the following page for a sample list of items to include in a report).

IMPORTANT: Sample items that should be included in your report (make these look decent please):

- Target organization name
- Main address/HQ/datacenters
- Subsidiaries owned by the target
- Business structure (i.e. LLC, C-Corp, publically traded company, etc....sec.gov, hoovers.com, etc. may help here)
- All locations and associated address ranges (i.e. did you find a physical site without a range? Did you find generic ranges associated with the company, such as business-class DSL ranges not associated with the company name?)
- Important employees or employees of interest and their job titles or roles within the company. Choose one of these employees and expand your research...do they have a favorite hobby?
- Public facing sites of interties, such as domains, websites, portals, etc.
- Where are their name servers located (i.e. do they host them)? Where does email flow (i.e. do they use a 3rd party like Postini or accept mail directly?)
- Any other information you think may be relevant to footpriting that you find.
- A listing of the tools/sites you used in your research and a 1-2 sentence explanation of the research and why it was a valuable resource in your exercise.

Attachment:- assignment.rar

Reference no: EM131214506

Questions Cloud

Complete the flowchart for the separation and isolation : Complete flowchart for the separation and isolation of: p-chlorotoluene, p-chlorobenzoic acid, and p-chloroaniline. Identify all reagents required at each step to dissolve, separate, and isolate the three compounds.
Explaining why the process needs to be undertaken : Explaining why the process needs to be undertaken. Providing details regarding the information gathering process. How your employees themselves should be involved in the process, both during and AFTER the information is gathered.
What is basis in the stock publicly traded stock : Any taxable gift made by decedent within three years prior to death is includible in the decedent’s gross estate. The alternate valuation date for gift tax purposes is six months after the date of the transfer. Jack died on July 2, 2016. At his death..
Strengths and weaknesses of different approaches : Identify and discuss the strengths and weaknesses of different approaches (unitarist, pluralist, radical) to the study of the employment relationship.
Mapping an organizations information systems : Provide you with hands-on, practical experience with information gathering tools and methodologies. Upon completion of lab - Complete the Google searches from your own system as long as you have an internet connection.
Explain how each article relates to digital forensics : Summarize key areas of knowledge of the first concentration. Summarize key areas of knowledge of the second concentration.
Franchisees and managers recognise the need : What are some ways in which franchisees and managers recognise the need to make decisions (a) To what extent do they learn from feedback
Discuss all of the applicable employee laws : You are an HR and have to fire or keep employees, identify and discuss all of the applicable employee laws and how they apply to THIS employee situation. Give reasons for each termination or option to keep. If fire what if any severance is to be o..
Find the polarization of the field in the far field : Find the electric and magnetic fields in the far field if the currents in the antenna are in phase.

Reviews

Write a Review

 

Management Information Sys Questions & Answers

  Advancing technologydescribe the human implications of

advancing technologydescribe the human implications of advancing audio visual and internet capabilities to meet the

  Determine the final core levels of ftes for the icu

Determine the final core levels of FTEs for the ICU and CCU departments if RNs and LPNs work on a 4/40 and NAs work on a 5/40 scheduling plan.

  Brief explanation of a strategic management process

Brief explanation of a strategic management process - Analysis, Implementation and Evaluation - "Information systems infrastructure support" and "the strategic management process

  Create an argument for the hims development method

Create an argument for the HIMS development method you think would be the most effective in a health care organization. Justify your response

  How to prevent the hack attack

Preventing Computer Hacking - Describe the detailing of such an incident. What should the target company have done to prevent the "Hack Attack"?

  Explain role of the five components of information system

Explain the role of the five components of information system - define how you can use the five component model to guide learning and thinking about information systems

  Analyze major events and technological advantages

Include an examination of information systems in your work place or you may utilize any of the two Healthcare Virtual Organizations and an analysis of how a database structure was used 20 years ago in comparison with how it is used today.

  Analyze primary ways in which key federal initiatives impact

Determine the main advantages and disadvantages of the adoption of The HITECH (the Health Information Technology for Economic and Clinical Health) Act for health care professionals. Next, suggest one (1) strategy that the medical staff members cou..

  Explain how the system could be verified as operational

Describe the series of malicious events that led up to the incident. Identify who needs to be notified based on the type and severity of the incident. Outline how the incident could be contained.

  Implementation of a bi crm or bom applicationusing the

implementation of a bi crm or bom applicationusing the information gathered in the group project put together the

  How are investments analyzed for performance

Your task for this module's project piece is to conduct research to determine what investors want to know about their investments on a daily basis and over time. How are investments analyzed for performance

  Produce clinically relevant knowledge to providers

Patient misdiagnoses have been an ongoing problem leading to hospital readmissions - Provider can choose an more focused diagnosis allowing for improved medical treatments.

Free Assignment Quote

Assured A++ Grade

Get guaranteed satisfaction & time on delivery in every assignment order you paid with us! We ensure premium quality solution document along with free turntin report!

Submit Assignment

Academics

Major Subjects

Majors

Get In Touch

whatsapp: +1-415-670-9521

Phone: +1-415-670-9521

Email: [email protected]

TERMS & POLICIES

HELP & SUPPORT

All rights reserved! Copyrights ©2019-2020 ExpertsMind IT Educational Pvt Ltd