Introduction To Information Gathering

Introduction To Information Gathering

An introduction to Information Gathering

What is information gathering

Information gathering is an art of gathering information about your target. Before hacking into websites or Systems you have to gain as much information as possible about your target.

Gathering Information is extremely important. If the amount of data collected is not sufficient, or alternatively, if the target is tightly defended, no attack will be launched.

If the information gathered shows a poorly defended computer system, an attack will be launched, and unauthorized access will be gained. However, if the target is highly protected, the hacker will think twice before attempting to break in. It will be dependent upon the tools and systems that protect the target. Again, the key here is the amount of information he has gathered beforehand.

Types of information Gathering

In the computer hacking world, information gathering can be roughly divided into four major steps:

1. Foot printing
2. Scanning
3. Vulnerability assessment
4. Enumeration

Foot printing

The information collected by the hacker makes a unique footprint or a profile of an organization security posture. With foot printing, using rather simple tools, we gather information such as:

1. Administrative, technical, and billing contacts, which include employee names, email.
2. IP address range.
3. DNS servers .
4. Mail servers

And we can also identify some of the systems that are directly connected to the Internet. Most of the information here can be freely accessed on the Internet.

Scanning

The art of detecting which systems are alive and reachable via the Internet, and what services they offer, using techniques such as ping sweeps, port scans, and operating system identification, is called scanning. The kind of information collected here has to do with the following:

1. TCP/UDP services running on each system identified.
2. System architecture ( 64 bit, 32 bit).
3. Specific IP addresses of systems reachable via the Internet. 4. Operating system type.

Vulnerability analysis

also known as vulnerability assessment, is a process that defines, identifies, and classifies the security holes (vulnerabilities) in a computer, network, or communications infrastructure.

Enumeration

Enumeration is the process of extracting valid accounts or exported resource names from systems. The information is gathered using active connections to systems and queries, which is more intrusive in nature than foot printing and scanning. The techniques are mostly operating system specific, and can gather information such as:

1. User & group names.
2. System banners
3. Routing tables
4. SNMP information.

Also Check: Beginners Ethical Hacking Course

So above are the Introduction To Information Gathering. Hope you like this article, keep on sharing with others too. Also, share your experience with us in a comment box below.