1/20/2024 0 Comments Ack this![]() Google Dorking is another open source information gathering technique in which google is being used to index websites, old versions and new versions for network log files, passwords, emails/usernames, penetration/bug reports, IOT devices such as cameras and more. Good soft targets are those who are non technical employees, so target employees who probably don’t have many technical skills, knowledge and ability, this is because their passwords will be the weakest.Īs the researcher you’re trying to collect meta-data in which can be used later in-order to bypass login fields, social engineering campaigns, and to try and make yourself look possibly like an employee. Companies like google and Facebook lock you out after three failed attempts in order to prevent password spraying, so finding an anime website, GTA website or movie torrent site that the target uses is a good way to perform brute force attacks as those sites might not have set their password fields to fail after three failed attempts. You should also include common passwords in a separate list and perform multiple attacks until one list returns a positive result, be careful of false positives. This will create a password list of fourteen thousand plus words in which can be used to brute force a password. A good way to do this is to create a script, take all the text from the websites homepage, have your script separate each word out and then create multiple variations of that same word. Password lists for brute force attacks can be customized and personalized for individual companies. ![]() So finding old employee information could serve useful. Looking for old employee information is a good idea as their login credentials might still be working and the system administrators might’ve forgotten to expire their credentials. Password(new and old) and other applications such as hydra, these applications either find already leaked information or brute force/dictionary attack common passwords and reveal the users current password. There are several techniques in which is used for open-source-intelligence gathering, these include checking if the employees email has been compromised in a data breach (and using applications such as h8mail to find their compromised OSI is the process of looking on social media sites, such as Instagram, Facebook, linked in, twitter and any other platform where employees of companies reveal their personal details, anything from their dogs name (Dogs name could be used in a word list to attempt a brute force attack on their password) to their home addresses, phone number, hobbies and interests. The start of the information gathering phase is going to start with basic open-source-intelligence.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |