Information Gathering

nslookup

a command that queries the Domain Name System servers for resource records

2 modes of nslookup

interactive or non-interactive

interactive mode

allows a user to execute queries back-to-back without typing the entire command for each query

non interactive

nvolves typing the entire command for each query. With a known domain name, nslookup will enumerate all IP’s correlated to that IP, aka DNS query.

reverse nslookup

translates an ip address into DNS

4 nslookup options

MX, NS, SOA, any

Dig

a command that queries the Domain Name System servers for records relating to IP addresses, mail exchanges, and name servers.

provides user with more options and more verbose answers

How does dig work?

resolves names through the resolver libraries that are located on the OS

Dig query types

ANY, A, AAAA, CNAME, MX, SOA, NS, PTR

What does multiple IPs mean in dig

load balancer

Dig errors

NO ERROR, SERVFAIL, NXDOMAIN, REFUSED

Cyber Kill Chain Framework

Reconnaissance
Weaponization
Delivery
Exploitation
Installation
Command and Control
Action on Objectives

Enumeration

a technique that establishes a numeric understanding of the target and enables the identification and collection of important information about the target devices, users, networks and network resources; among other things.

Information gathering

gathering as much data as possible pertaining to a target(s).

Identify

key term for information gathering. To establish or indicate the who’s and the what’s

Exploit

to take advantage of a flaw/s or vulnerabilities within an OS.

Different types of exploit

Code - taking advantage of a flaw within a program’s instructions and manipulating it in a manner that was not intended by the creators.

Misconfiguration - a system’s setting that allows it to be manipulated by an unintended source

Human - poor OPSEC, cyber training, or restrictions in place.