Ethical hacking | Information Systems homework help

Ethical Hacking Assignment

Reconnaissance Assignment:

Task -> Given a “Company Name” Now HACK!!

1)    HTTRACK – Clone a Website for Offline Analysis

First locate and copy website locally using a Website Copier called HTTRACK, this enable you to conduct offline analysis and searches on the multitude of webpages comprising the website.

Download and Install HTTRACK at http://www.httrack.com/

Video: https://www.youtube.com/watch?v=DNdNbYkr0X0

 Note: If you are trying to find information about a particular company for social engineering or trying to spoof a website or login, HTTrack is an excellent tool for both tasks. To create a clone website for dnsspoof or grab credentials for an Evil Twin, now you have the tool to do so! We will see this later

Clone this website: URL -> http://web.eng.fiu.edu/aperezpo

Then, using your favorite web browser open enter

Navigate and explore the website looking for information that can be used in this phase, such as phone numbers, email addresses, business relationships, employee names, social media connections etc.

Makes a list of any of this information you find and submit it as part of this assignment.

2)    Exhaustive web search engine using Google Hacking or Dorks (Smart searches):

http://www.starthacking.net/google-dorks/

http://www.digitaltrends.com/computing/directly-access-google-cached-pages/

a)    Search only the FIU website looking for cybersecurity and record the number of hits, compare this number to just typing cybersecurity.

site:fiu.edu cybersecurity      compared to  cybersecurity

b)    Search to find how many FIU webpages contain admin in the URL (hint: must combine multiple directives) Record how many hits found and explain why this would be valuable in conducting reconnaissance, what do we learn or find out? Try.

inURL:admin     and then     site:fiu.edu  inURL:admin

c) To reduce your digital footprint search the cache webpages instead of the live webpages for cybersecurity, use the following link to find a cached version of the page:

http://web.eng.fiu.edu/aperezpo Has anything changed?

http://webcache.googleusercontent.com/search?q=cache:http://web.eng.fiu.edu/aperezpo

Google has recently changed the ability to search the cached webpage, in the past we could do:

cache:fiu.edu  cybersecurity

to search all cached fiu.edu webpages for the term cybersecurity, now we must specify a specific webpage as in this exercise to get the cached version of a webpage. This was a great way to conduct passive reconnaissance, since the actual website is not searched, but instead the cached versions.

c)    Use the following website to explain the latest http://www.exploit-db.com google hack, please record it and explain what it does.

3)    The Email Harvester -> Discovery Emails Associated with a Domain

https://www.youtube.com/watch?v=0-OyZGbpSJk

Using Kali, run the harvester tool on the website: fiu.edu,  Show the results?

./theharvester.py –d fiu.edu –l 10 –b google

4)    Using WHOIS, NETCRAFT, HOST, NSLOOKUP, DIG

Pick two companies, one large and one not so large, like sears.com and gilbertsbakery.com with these two company domains use the tools identified on Linux (Kali) or Windows to get as much information as possible. Submit a report with the information you have learned and are there any differences between the two company reports. Be aware that doing is legal, since these are public databases that maintain all of this information; we are not accessing any information on these specific domains. Show the results for each company and the results obtained after running these tools. Describe what you have learned?

You can use the GUI or CLI tools or one of these websites or you can use any means you like

http://www.whois.net