Senin, 23 Maret 2015

Blackbox: Gathering Information with Tool Fierce on Kali Linux

Tool like "Fierce" usually we use to check information DNS server, but this tool can use when we want to pentest with blackbox method. e.g: You dont know about topology network at this office, segmentation network, list assets (network equipment, server, workstation), etc.

Fierce is very useful to information gathering. You can use this tool, if the target use DHCP and all the assets have join domain or use DNS Name.

> The first step is open your fierce on kali linux OS:
# Application → Kali Linux → Information gathering → DNS Analysis → Fierce

App Fierce on Kali Linux
and then terminal will be open and there are some informations how to use fierce or you can type this command "fierce -h" with help option, and read all command on the fierce.

Fierce -help

> The second step is check your network settings (IP Address, Gateway, DNS):

Network Settings

Open your terminal, and type this commands:

# ifconfig
# route -n
# cat /etc/resolv.conf

If you have typed commands (ifconfig, route -n, cat /etc/resolv.conf), so you can know about DNS / Domain name your network.

> The third step, back to console and type fierce with command:
# fierce -dns

Fierce -dns yourdnsname

Jreeengg.... ^_^

If lucky, you will get information ip address from all networks which connected with your DNS name (different segmentation/vlan ip).

The next step, you can combine fierce with tools nmap/zenmap to more information gathering (to know port open, OS name, etc.) and vulnerability assessment (sorry i cannot explain this step).

# Pentester OS: Kali Linux VM
# IP Connection: DHCP
# Server DNS: Windows Server 2012
# Automatic detect DNS Name Company
# I dont know topology network
# All asset connect to DNS Name




0 komentar: