Pages

Social Networking

FREE WEB HOSTING

Free Website Hosting

Information Gathering using Firefox

Authorised By Koushik Das on Friday, July 3, 2009
Labels: , , , , , , ,

The First and foremost step in hacking would be the “Information Gathering“, many of them use various different Tools for the network Reconnaissance, but here is a trick that reveals you how to gather Information about the target system just by using a Browser “Firefox”.

The Information Gathering includes the following basics,….

Domain name and IP address
Open Ports
Daemon Banner Grabbing
OS Finger Printing
Server name and Type

Well, Domain name is the prime thing that you need, at least to identify the target, obtaining the IP address can be done just by pinging.

For the Open port detection, you might better go for third party tools and once the open ports are obtained you can use the telnet for the Daemon Banner grabbing, to know what the actual process thats running on the port along with its version info, so that you can easily launch an exploit to compromise the security if the daemon running on the target is a vulnerable one.

Here comes the real tough part “OS Fingerprinting“, most of them use ‘Nmap’ for obtaining OS info and also it is the right choice for doing so.

Whois” - database will reveal what type of server is running on the target machine, but you can find it out just by using Firefox. You can really launch hell a lot of exploits if you know the server type on the target machine, and if it is IIS 6.0 or lesser, then it would make the task easier.

Open up the Firefox browser, and browse the target website just like a legitimate user, and once done with it open up a new tab (CTRL + T) and close the previous tab, type “about:cache” in the URL and hit enter and it will list you the following…

Memory cache device
Disk cache device
Offline cache device

Down below the “Disk cache device” click on the link that says “List Cache Entries“,
there you can see a brief history of the sites that you visited. Click on your target site’s link and it will display you the server type along with its version in a clear text, also you ca find the packet Header, Request method whether it is a Post or Get.
and down below you can analyze the payload of the datagram shown in hexa-decimal values.
This part is real interesting and looks similar to a Sniffer.

Now you got the server type and its version, and now you can launch exploits according to the version.

0 comments:

Post a Comment

Please Leave any suggestion or query as Comment So that I could upgrade my blog properly.

Search This Blog
 
Home | Gallery | Tutorials | Freebies | About Us | Contact Us

Copyright © 2009 Koushik Hacking Tricks |Designed by Templatemo |Converted to blogger by BloggerThemes.Net

Usage Rights

DesignBlog BloggerTheme comes under a Creative Commons License.This template is free of charge to create a personal blog.You can make changes to the templates to suit your needs.But You must keep the footer links Intact.