The previous chapter describes how to use the tool. The following describes how to use other methods to query and collect target information
Social network to collect target information, such as information posted by the other company on Weibo, official accounts, etc.
Business Registration Information
Forum/News
For example, find out the potential security risks of the target company. For example, if your target company is in urgent need of security personnel, especially those in need of Web injection, you can infer that the target company has potential security risks of Web injection and try to inject them
Social engineering
Here is a website
archive.org/web/web.php
This site only collects information about the versions of websites on the Internet, every once in a while, and we can use this to query what versions the target companies have historically used
If you found each other through the history information of the administrator login page, such as E-mail, server group, web configuration, and so on, and through the front of a large number of information search, you can search to the target company staff name or personal information such as phone number information mail, to know the information as the late social engineering, and used to break his password to use, When it comes to the password, there will be a big chapter behind password cracking technology, now just a small tool, the password cracking dictionary crack password cracking common dictionary attack speculation Can also use violence, but in the crack of dictionary and brute force their efficiency is very low, the effect also is not very good, If you have any against cyber crime agreement each other open (can also open in Linux) in MySQL, you try to enter a password for more than 10 times / 10 times the following will ban on your IP, you will not be able to return to crack, the mainstream of the efficient methods are based on your personal information, as the custom of a password dictionary, This dictionary is not too big, usually only a few hundred or thousands, not hundreds of thousands of millions of password dictionary, why do individual customization of this dictionary with high efficiency, usually set their passwords are generally according to his own name, name, phone number, birthday, their pets, men and women friends name and a password,
There is a program that collects your personal information and generates a dictionary for you to blast your passwords with a very high probability of success
This program is not included in the Kali library and will need to be installed manually. Before installing Git, you need to install Git
This program is called:
CUPP—-Common User Password Profiler
If you do not have Git installed, download git first
apt-get update
apt-get install git
git clonehttps://github.com/Mebus/cupp.git install cupp pythub3 cupp. Py-lNote: before running, you must enter cupp directory, otherwise you can not use it directly. If you want to use it directly, you can move cupp.py to bin directory and use it directlyCopy the coderoot@kali:~/cupp# python3 cupp.py
___________
cupp.py! # Common
\ # User
\ ,__, # Passwords
\ (oo)____ # Profiler
(__) )\
||--|| * [ Muris Kurgas | [email protected] ]
[ Mebus | https://github.com/Mebus/]
usage: cupp.py [-h] [-i | -w FILENAME | -l | -a | -v] [-q]
Common User Passwords Profiler
optional arguments:
-h, --help show this help message and exit
-i, --interactive Interactive questions for user password profiling
-w FILENAME Use this option to improve existing dictionary, or WyD.pl
output to make some pwnsauce
-l Download huge wordlists from repository
-a Parse default usernames and passwords directly from
Alecto DB. Project Alecto uses purified databases of
Phenoelit and CIRT which were merged and enhanced
-v, --version Show the version of this program.
-q, --quiet Quiet mode (don't print banner)
Copy the code
Here are the commonly used parameters, if you want to go into their own hundred degrees of research
-h Use help
-i is interactive. When you use -i, it will ask you what user name you want to guess, who is the father and who is the mother. After input, it will generate a dictionary dedicated to this user
-l The program’s own dictionary file
We type PYTHon3 cupp.py -i to display the following
root@kali:~/cupp# python3 cupp.py -i
___________
cupp.py! # Common
\ # User
\ ,__, # Passwords
\ (oo)____ # Profiler
(__) )\
||--|| * [ Muris Kurgas | [email protected] ]
[ Mebus | https://github.com/Mebus/]
[+] Insert the information about the victim to make a dictionary
[+] If you don't know all the info, just hit enter when asked! ;) > First Name:Copy the code
It’ll prompt you to type in the information, type in the information of the victim who cracked the code, and if you don’t know all the information just press enter,
First name, first name
> First Name: 123
> Surname: Copy the code
It will then ask you to enter his or her Surname
> First Name: 123
> Surname: 123
> Nickname:Copy the code
“Nickname” is his Nickname after entering his last name
> First Name: 123
> Surname: 123
> Nickname: 123
> Birthdate (DDMMYYYY): Copy the code
After the nickname is entered, Birthdate represents its birthday. Note that the format is DDMMYYY which means birth, birth, month, and adulthood, for example, 1999.01.01. Enter 01011999 in this
> Nickname: 123
> Birthdate (DDMMYYYY):
> Partners) name: Copy the code
When the date of birth is complete, Partners name is for you to enter the name of his parents, or his partner
> Birthdate (DDMMYYYY):
> Partners) name:
> Partners) nickname: Copy the code
After entering your parent’s name, you will be asked to enter your parent’s nickname, or the nickname of your partner
> Partners) name:
> Partners) nickname:
> Partners) birthdate (DDMMYYYY): Copy the code
Then let the input parent’s birthday, or partner’s birthday format is the same as above
> Partners) nickname:
> Partners) birthdate (DDMMYYYY):
> Child's name: Copy the code
Child’s name: The name of his own Child
> Partners) birthdate (DDMMYYYY):
> Child's name: > Child's nickname: Copy the code
Nickname: “Child’s nickname.
> Child's name: > Child's nickname:
> Child's birthdate (DDMMYYYY): Copy the code
Child’s birthDate (DDMMYYYY), the birthday of his or her Child
> Child's nickname: > Child's birthdate (DDMMYYYY):
> Pet's name: Copy the code
He’s got a Pet’s name
> Child's birthdate (DDMMYYYY): > Pet's name:
> Company name: Copy the code
The name of his Company
> First Name: 123
> Surname: 123
> Nickname: 123
> Birthdate (DDMMYYYY):
> Partners) name:
> Partners) nickname:
> Partners) birthdate (DDMMYYYY):
> Child's name: > Child's nickname:
> Child's birthdate (DDMMYYYY): > Pet's name:
> Company name:
> Do you want to add some key words about the victim? Y/[N]: Copy the code
He will then prompt you to add information about the victim. If you have some information left in your hand, type Y. If you don’t have any, type N.
> Do you want to add some key words about the victim? Y/[N]: n
> Do you want to add special chars at the end of words? Y/[N]: Copy the code
You will then be prompted if you want to add a special symbol to the message, and if not, select n
> Do you want to add some key words about the victim? Y/[N]: n
> Do you want to add special chars at the end of words? Y/[N]: n
> Do you want to add some random numbers at the end of words? Y/[N]:Copy the code
You’ll also be prompted if you want to add random numbers to the end of the words, or n if you don’t
> Do you want to add some key words about the victim? Y/[N]: n
> Do you want to add special chars at the end of words? Y/[N]: n
> Do you want to add some random numbers at the end of words? Y/[N]:n
> Leet mode? (i.e. leet = 1337) Y/[N]: Copy the code
If you don’t want to add some random numbers select n, then the tool will generate a dictionary of passwords specific to that person
root@kali:~/cupp# python3 cupp.py -i
___________
cupp.py! # Common
\ # User
\ ,__, # Passwords
\ (oo)____ # Profiler
(__) )\
||--|| * [ Muris Kurgas | [email protected] ]
[ Mebus | https://github.com/Mebus/]
[+] Insert the information about the victim to make a dictionary
[+] If you don't know all the info, just hit enter when asked! ;) > First Name: 123 > Surname: 123 > Nickname: 123 > Birthdate (DDMMYYYY): > Partners) name: > Partners) nickname: > Partners) birthdate (DDMMYYYY): > Child's name:
> Child's nickname: > Child's birthdate (DDMMYYYY):
> Pet's name: > Company name: > Do you want to add some key words about the victim? Y/[N]: n > Do you want to add special chars at the end of words? Y/[N]: n > Do you want to add some random numbers at the end of words? Y/[N]:n > Leet mode? (i.e. leet = 1337) Y/[N]: n [+] Now making a dictionary... [+] Sorting list and removing duplicates... [+] Saving dictionary to 123.txt, counting 52 words. [+] Now load your pistolero with 123.txt and shoot! Good luck!Copy the code
He created a dictionary called 123.txt, which is a personal dictionary, and it has 52 passwords in it.
root@kali:~/cupp# ls
123.txt CHANGELOG.md cupp.cfg cupp.py LICENSE README.md test_cupp.pyCopy the code
We can cat this file and look at it
root@kali:~/cupp# cat 123.txt 1232008 1232009 1232010 1232011 1232012 1232013 1232014 1232015 1232016 1232017 1232018 1232019 1232020 123_2008 123_2009 123_2010 123_2011 123_2012 123_2013 123_2014 123_2015 123_2016 123_2017 123_2018 123_2019 123_2020 3212008 3212009 3212010 3212011 3212012 3212013 3212014 3212015 3212016 3212017 3212018 3212019 3212020 321_2008 321_2009 321 _2010Copy the code
The following information is about here, your input password dictionary, the custom dictionary use generic dictionary cracking efficiency higher than you many, many, the most representative is “hackers” the hero inside many times using cupp procedures password dictionary attack, it is worth noting that the habit of foreigners and Chinese people set the password, At present, there are more than 1 billion passwords leaked out, and the current program is basically based on the 1 billion data analysis to generate rules to crack user passwords. If your password rules are cracked, the generated dictionary will be especially special for you, and any of your information will not be safe
Picture Information Collection
MateData
This tool can query images of GPS information, no matter what device you use pictures, such as taking pictures with a camera, it will have a set, record the current photo site, if you take a closer look at your phone, you will find that you are in a city photo, your phone will have some record, record the current photo shooting time, location, This tool is to find the photo shooting GPS positioning, which is how many degrees east longitude, how many degrees north latitude and longitude latitude determined, will be to your physical location, we took photos of equipment, the basic positioning are open, now most of the mobile phone is the default open this function
These information are called: Exif image information records are photographic pictures, in this picture can be found Exif information
The average photographer only pays attention to the parameters of the camera, exposure time and so on. They pay attention to this information because they want to take a master-class photograph
But what the security people are most interested in is the GPS information in this image, and in addition to the GPS information and the device information, that information is stored in Exif image information
There is a tool in Kali that can extract Exif information from this photo, which is also a means of information collection
Type exif to open the file
root@kali:~# exifUsage: exif [option...] File -v, --version Displays software version -i, --ids displays IDS instead of information identifier name -t, --tag= Information identifier Select information identifier --ifd= ifD Select IFD-l- the list - a list of all EXIF information identification tags - |, - the content of the show - mnote shows MakerNote - remove logo or ifd delete information-s, --show-description Indicates the description of the display information-e, --extract-thumbnail extract thumbnail -r, --remove-thumbnail delete thumbnail -n, --insert-thumbnail=FILE Insert FILE as thumbnail --no-fixup does not fix identity information in FILE -o, --output=FILE Write data to FILE --set-value=STRING tag value -c, --create-exif create exif if data does not exist -m, --machine-readable will output in a machine-readable format (tab-separated) -w, --width= width -x, -- xmL-output will output in XML format-d--debug Displays debugging help options: -? , --help displays the help information --usage displays the short usage instructionsCopy the code
Below I use my mobile phone to take a picture, check
root@kali:~# exif 2.jpg EXIF information identifier in '2.jpg' (' MOTOROLA 'byte order): -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- - + -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- -- information identification | value --------------------+---------------------------------------------------------- Model |MI 8 Lite Software |platina-user 9 PKQ1.181007.001 9.5.9 release - keys Orientation | Top - left the Date and Time | 2019:11:13 13:45:19 YCbCr Positioning | Centered Resolution Unit | inches X - Resolution | Y - Resolution 72 | 72 Manufacturer | Xiaomi ISO Speed Ratings | 500 Exposure The Program | undefined F - Number | F / 1.9 Exposure Time | 1/17 SEC. Sensing way | single chip color area sensor Sub - second Time (Dig | 289460 Sub - second Time (Ori | 289460 Sub - second Time 289460 focal length | | | 3.9 mm Flash Flash Did not fire, compulsory flash mode ranging model | Center - weighted average scene captured type | standard Focal Lengthin35 mm | 24 the Date and Time (Digit | 2019:11:13 13:45:19 Pixel Dimension Y 4032 white balance | | automatic white balance Date and Time (Origi | 2019:13 13:45:19 brightness | - 1.32 EV (1.37cd/ m ^ 2) Pixel Dimension X | | | automatic exposure aperture 1.85 EV 3024 exposure mode (f / 1.9) Components Configura | | Y Cb Cr - color space sRGB scene type | Directly Photographed Shutter Speed | 4.06 EV (1/16 SEC.) Exif Version | Exif Version 2.2 FlashPixVersion | FlashPix Version 1.0 North or South N Latitude Latit | | 34, 26, 38.1480 East or West Longitu | E Longitude | 114, 20, 32.3088 led the Reference | Sea level led | 0.000 GPS Time (Atomic Clo | 05:45:17. 00 Name of GPS Processi | ASCII GPS Date |2019:11:13 Interoperability Ind|R98 Interoperability Ver|0100 --------------------+----------------------------------------------------------Copy the code
You can see above that the device I use is Mi 8, the shooting time, my northern latitude, southern latitude and many other information. These seemingly harmless pictures have actually hidden a lot of harmful information
The information you see with this property is the same as the exIF information we just saw, and if you use this information well, you can get a lot of valuable information
In addition to Exif, there is a specialized tool
Foca
This tool is designed to look at metadata
MetaData is what we call MetaData
Windows has this tool
Github.com/ElevenPaths…
To use this tool, you need to use the SQL Server database, SQL Server 2014 or later. If you do not have SQL Server 2014 installed on your computer, you will not be able to use it.
This tool is very simple to use,
After opening the software, drag the image into the FOCA tool
The left navigation bar will display the image’s metadata information, such as user, GPS, etc
There is another tool that I must master (the key tool). What I wrote in my notes is still the old version, which has been greatly updated at present. Please learn by yourself on Baidu
Passive information collection has been covered, and active information collection attacks will be covered later
Reprint please indicate the source!!