martes, 22 de septiembre de 2015

#moocHackingMU - Unidad 1, Tarea 1

https://mooc.mondragon.edu/courses/INFORMATICA/Seguridad/Hacking-etico/about

Como parte de las actividades detalladas en el curso en linea de hacking ético impartido por Mondragon Unibertsitatea, comparto los resultados de las actividades de la Unidad 1, Tarea 1



Como elementos introductorios se muestra el uso de tres simples herramientas que permiten obtener información básica de una web, para efectos de prueba utilizare como "objetivo" el sitio hackthissite.org


C:\>ping hackthissite.org

Pinging hackthissite.org [198.148.81.137] with 32 bytes of data:
Reply from 198.148.81.137: bytes=32 time=87ms TTL=51
Reply from 198.148.81.137: bytes=32 time=86ms TTL=51
Reply from 198.148.81.137: bytes=32 time=85ms TTL=51
Reply from 198.148.81.137: bytes=32 time=85ms TTL=51

Al igual que muchas otros sitios web, utilizan más de una IP publica.

C:\>nslookup hackthissite.org
Server:  google-public-dns-a.google.com
Address:  8.8.8.8

Non-authoritative answer:
Name:    hackthissite.org
Addresses:  2610:150:8007:0:198:148:81:139
          2610:150:8007:0:198:148:81:135
          2610:150:8007:0:198:148:81:138
          2610:150:8007:0:198:148:81:136
          2610:150:8007:0:198:148:81:137
          198.148.81.137
          198.148.81.135
          198.148.81.139
          198.148.81.138
          198.148.81.136

Una vez conociendo la(s) IP(s) publica(s) de nuestro objetivo, podemos obtener información adicional por medio del protocolo WhoIS, que para este caso me auxiliare de la herramienta web: http://ping.eu/ns-whois/
La información mas relevante esta resaltada. Al ser un sitio de prueba, la información es poco relevante, pero para un sitio real, la información es sin duda mas significativa. 
Domain Name    HACKTHISSITE.ORG
Domain ID    D99641092-LROR

Creation Date    2003-08-10T15:01:25Z
Updated Date    2015-09-15T12:56:12Z
Registry Expiry Date    2016-08-10T15:01:25Z
Sponsoring Registrar    eNom, Inc. (R39-LROR)
Sponsoring Registrar IANA ID    48
WHOIS Server:   
Referral URL:   
Domain Status    clientTransferProhibited -- http://www.icann.org/epp#clientTransferProhibited
Registrant ID    985ad17d6e34901c
Registrant Name    Whois Agent
Registrant Organization    Whois Privacy Protection Service, Inc.
Registrant Street    PO Box 639
Registrant Street    C/O hackthissite.org
Registrant City    Kirkland
Registrant State/Province    WA
Registrant Postal Code    98083
Registrant Country    US
Registrant Phone    +1.425274066

Registrant Phone Ext:   
Registrant Fax    +1.425974473
Registrant Fax Ext:   
Registrant Email    gqqwgkchj@whoisprivacyprotect.com
Admin ID    985ad17d6e34901c
Admin Name    Whois Agent
Admin Organization    Whois Privacy Protection Service, Inc.
Admin Street    PO Box 639
Admin Street    C/O hackthissite.org
Admin City    Kirkland
Admin State/Province    WA
Admin Postal Code    98083
Admin Country    US
Admin Phone    1.425274066
Admin Phone Ext:   
Admin Fax    1.425974473
Admin Fax Ext:   
Admin Email    gqqwgkchj@whoisprivacyprotect.com
Tech ID    985ad17d6e34901c
Tech Name    Whois Agent
Tech Organization    Whois Privacy Protection Service, Inc.
Tech Street    PO Box 639
Tech Street    C/O hackthissite.org
Tech City    Kirkland
Tech State/Province    WA
Tech Postal Code    98083
Tech Country    US
Tech Phone    +1.425274066
Tech Phone Ext:   
Tech Fax    +1.425974473
Tech Fax Ext:   
Tech Email    gqqwgkchj@whoisprivacyprotect.com
Name Server    B.NS.BUDDYNS.COM
Name Server    C.NS.BUDDYNS.COM
Name Server    E.NS.BUDDYNS.COM
Name Server    D.NS.BUDDYNS.COM
Name Server    NS1.HACKTHISSITE.ORG
Name Server    NS2.HACKTHISSITE.ORG
Name Server    F.NS.BUDDYNS.COM
Name Server:   
Name Server:   
Name Server:   
Name Server:   
Name Server:   
Name Server:   
DNSSEC    Unsigned

Por último podemos obtener información de los puertos y sistema operativa de nuestro objetivo utilizando NMAP 


Starting Nmap 6.00 ( http://nmap.org ) at 2015-09-22 23:31 EEST
Initiating Ping Scan at 23:31
Scanning hackthissite.org (198.148.81.137) [4 ports]
Completed Ping Scan at 23:31, 0.15s elapsed (1 total hosts)
Initiating SYN Stealth Scan at 23:31
Scanning hackthissite.org (198.148.81.137) [100 ports]
Discovered open port 80/tcp on 198.148.81.137
Discovered open port 443/tcp on 198.148.81.137
Discovered open port 22/tcp on 198.148.81.137
Completed SYN Stealth Scan at 23:31, 2.35s elapsed (100 total ports)
Initiating OS detection (try #1) against hackthissite.org (198.148.81.137)
Retrying OS detection (try #2) against hackthissite.org (198.148.81.137)

[+] Nmap scan report for hackthissite.org (198.148.81.137)
Host is up (0.12s latency).
Other addresses for hackthissite.org (not scanned): 198.148.81.139 198.148.81.135 198.148.81.136 198.148.81.138
Not shown: 97 filtered ports

PORT    STATE SERVICE
22/tcp  open  ssh
80/tcp  open  http
443/tcp open  https

Aggressive OS guesses: FreeBSD 7.0-RELEASE (98%), FreeBSD 7.1-RELEASE - 9.0-CURRENT (98%), FreeBSD 8.0-RELEASE (98%), FreeBSD 8.1-RELEASE (98%), OpenBSD 4.0 (x86) (97%), OpenBSD 3.9 - 4.2 (96%), OpenBSD 4.1 (96%), OpenBSD 4.1 - 4.7 (96%), OpenBSD 4.4 (96%), OpenBSD 4.9 - 5.0 (96%)
No exact OS matches for host (test conditions non-ideal).
Uptime guess: 0.000 days (since Tue Sep 22 23:31:18 2015)
IP ID Sequence Generation: Busy server or unknown class

OS detection performed. Please report any incorrect results at http://nmap.org/submit/ .

Nmap done: 1 IP address (1 host up) scanned in 10.97 seconds
           Raw packets sent: 290 (16.592KB) | Rcvd: 92 (5.950KB)

-------------------------------------------------------------
Mas información en redes sociales: 
#moocHackingMU
Página en Facebook

Grupo de Facebook

No hay comentarios: