In this post, I will explain everything about what is Information Gathering, what is it used for, how can you use it.
Are you a Computer User and you are interested in hacking, I think your answer is yes, then you have clicked on this post.
So if you are really interested in hacking and want to learn How to start Hacking, then complete this post, in this post I have told you about Active Information Gathering.
Information Gathering using Nmap
Now we need to move to guys getting active information.
In this phase, we can interact with the victim to get active information like open port services network topology and ability.
So you’re going to get more critical information. And this will be definitely a very useful one. While you are planning for the penetration testing.
But I have to warn you first that when it comes to active information this is actually kind of critical and you need to get approval for doing that.
So if you practice scanning and port scanning and later scanning make sure that you got the right approval or you are doing that in your own lap but do not start scanning different systems internally or online without getting that approval. This would get you some problems.
So let’s start with what exactly we are looking for when it comes to active information Gathering.
Active Information Gathering Using Kali Linux
First, we need to know if this system is live or not. And a simple way for doing that is using ping and Ping will allow you to test if the system is connected to the network or not or live or not.
Which is if I type ping and I put an IP of an existing computer inside my network 163 255 I can get a reply and pinging Linux is different in ways that it’s not just sending for packet and waiting for supply.
It’s a continuous process in windows when you looping it sent for a small packet. And if the victim got a specific protocol called ICMP up and running. Have to reply but you have to reply back with the same amount of packet and same size.
So ping is a way for doing that. Except most of the system right now if you have a computer that has Windows XP Windows installed on it by default the firewall is on the firewall will blocks ICMP so sometimes the system is on Senator.
It’s life but when you are using a ping you will not be able to know if the system is live or not. That’s why you’re going to see in a few minutes how to use another tool.
So number one I need to know if the systems that I will scan or the systems that are considered my victims life or not and when I’m saying life I mean that it’s connected to the network.
Active Information Gathering using Port 80
The second Information Gathering or the second piece of information I need to get is the open port.
Now what is exactly is a port. When when I’m talking or when I’m saying port what do I mean by port a port is a logical communication channel.
So any service on your computer needs to be or need to use a specific port for instance when you open your browser and type any Web site.
Open any Browser and type any Web site M.S. and Google.com anything.
Now this request for opening the page so I go here and I type for instant www.yahoo.com this request will go through port 80 this port.
Know how to deal with web pages because it used a specific service called HDTV. And this H2 TGP service knows how to send a request for a page how to receive requests for a page and so on.
So what I’m saying here is that only port 80 can deal with Web site requests and so on.
using another ports
Well if I’m trying to download something for the Internet from the internet I need port 21 support 21 is using a service called FTB that is dedicated to downloading.
If I need to connect to a system through a service called telnet and I type for instance telnet and an IP telnet are using port 23.
So my point here is that different services are working on different ports.
As an example, if you are working somewhere and you need to call the H.R. people definitely on your phone you have an extension for each other department and another extension for the finance department and insert the extension for the support team.
You don’t have one single number that allows you to reach everyone.The same concept is here that we have a different communication channel that allows us to use different services.
The second question is Is it the physical port.I mean can you open your computer and see what is port 80 and what is Port 23 and 20.No.Those are logical communication channels.
It’s not something physical is logical.Okay.
Active Information Using Nmap
The third question how many ports do I have in my system, I have sixty-five thousand five hundred and thirty-five. So I have a huge amount of ports. And those are divided into two different types or two different categories.
I have the support that is less than 1024. And those are known as well-known port. I mean if you scan your system and I see that port 80 is open this is a well-known port.
It should not disturb me but if I see that you have port 6 6 6 6 open which is higher than 1024 I should investigate what is opening this port.
It could be a virus. It could be someone hacking your Computer so all the ports that are above 1024 so actually need to be investigated somehow.
Now what I need to do right now is to scan my victim port.What port he got on his system running.
So I’m Bruce a very important tool called NMAP. It’s a very very important tool. While you are gathering active information this will be used for a different type of information.
So let’s start by getting the port of my victims so I’m going to type- ” Nmap -sS -O 192.168.163.250 ” and the IP of my victim is 192.168.163.250
This is a Windows machine. The ” -sS ” show me the open port. And what service is using those ports.
So I have port 135 open.What exactly is opening it.Because according to that I may check if the service is vulnerable and can be hacked or not.
And ” -O ” who will show me the operating system.So let’s see if I use this comment.What exactly are we getting.
So as you can see this was fast. I got all the open ports. So I have for instance port one step too.
Information that getting using NMAP
Five open and it has an R piece this is the Microsoft service running 139.So they actually are very very handy and if your fund those port open I’m going to show you how easy it is to compromise the system for four-five five.
So it seems that a lot of services are set. And when you see a huge amount of service that means that most probably you’ll be able to compromise the system because you need to check any reasonable service.
And if the service increase that means the probability of finding the vulnerability increase. So I’m getting all the services here and all the port all the service running on this computer.
I also was able to get the MAC address of this computer and this will help me with some layer to attack and I need it gives me that. This computer is a virtual machine.
It’s not a physical machine. And I was able to get the operating system it didn’t get the specific operating system it told me it could be Windows XP Service back 2 or 3 or Windows Server 2003.
Also, this is very useful at least I don’t know. I know that it’s not to understand or it’s not once the server 2012 those our very valuable information and were going to see later on how to utilize this information to compromises and then tell me that that network this is is one hope.
I mean this computer is directly connected to the network is not. There isn’t any traffic routing. I mean there is one on the same network.
So this is actually the information that getting using NMAP. So let’s see how to use Nmap in a little bit deeper way and get more information.
If you liked the blog post, then in the comment you can tell me your problem, what you did not understand.