Information Gathering is the first step towards hacking. It is knowing the System, Person or the victim we are targeting in order to be more precise. The work we do in this section is very much in the name itself – “Information Gathering”.
Now let us discuss why it is important.
From a daily example, who can harm us the most? The answer is The one who knows us very well. Today knowledge of someone and data about someone is very important as today’s world is data-driven. The more we know someone, the more harm we can cause as we know the weak points and where to attack.
Where to Attack?
Now let us come to some computer stuff, say a target organization is located in New-Delhi.
Now What all information we can collect in order to gain information from the organization’s Systems?
We can know the IP Address of the websites of Organisation. ( I will cover different ways and scenarios of finding the IP Address in later Post.)
Now if you wonder that an IP-Address might be a very wide range to scan so we try to converge our scan range, how will we?
Let’s scan for the Open Ports on the IP-Address which will tell us more about the System for the Applications installed, and which of the applications we can actually attack.
We can further look the exploitdb database for any recent vulnerability that might be unpatched. From unpatched I remember another thing to mention, sometimes a security of some update is rolled-out for a system that might be installed but not in effect ( just in case) because server restart might take the websites or services down for some time (which may be very less), but the patch won’t take effect without restart, so you can try getting the last login time or system start time because sometimes it might help.
Information gathering in human scenario is little aid when attacking a person, like someone’s birthday,mobile number, his/her spouse or partner or the one they are eyeing, his birthplace, the type of movies he watches, his favourite actors or one-liners, some important dates, the pets, his siblings, and more of these pieces of information in combinations with one other be his password we are hunting for. So this information is very important when targeting someone. We will also learn how to generate a password from all the information we have or collected to form a good password using all combinations.
NOTE: I have just tried to cover a little info and intro on how Information Gathering can be useful, I will further cover many ways to do the same in different posts.