Download - Maltego - Nambi rajesh
-
8/12/2019 Maltego - Nambi rajesh
1/6
Maltego Information Gathering Backtrack 5 R3 Nambi Rajesh
Introduction:
Information gathering or foot-printing is generally a first step of Ethical hacking/penetration testing
process. The more information you have the more chance of success, information gathering is the
important phase because all of the process of hacking based on information
Where to get it? Community edition (ree Edition also !vailable- "imited #ptions$
%o&nload via paterva.com also found on 'acktrack )*
+o saving, limited to transforms, etc
ull version has no limitations
)uns on "inu, # 0, 1indo&s
What does Maltego do? 2elps determine real &orld links bet&een 3eople
ocial +et&orks
Companies/#rgani4ations
1eb sites
Internet Infrastructure (%+, %omains, +etblocks$
3hrases
%ocuments and files
Starting Maltego
irst go to !pplications56'acktrack56Information 7athering56+et&ork !nalysis56%+ !nalysis5
68altego
The first time you login it &ill ask you to register your product. If you already have an account 9ustenter your email I% and pass&ord. #nce you validate your login it &ill update the transforms
+ambi ra9esh
http://www.google.co.in/url?sa=t&rct=j&q=&esrc=s&source=web&cd=1&ved=0CCcQFjAA&url=http%3A%2F%2Fwww.ehacking.net%2F2011%2F07%2Fmaltego-information-gathering-backtrack.html&ei=FpR7U5X0KcOQuAS6kIDgDg&usg=AFQjCNHkS_EugKSwRROpbZNVaHa91VX4zg&bvm=bv.67229260,d.c2Ehttp://www.google.co.in/url?sa=t&rct=j&q=&esrc=s&source=web&cd=1&ved=0CCcQFjAA&url=http%3A%2F%2Fwww.ehacking.net%2F2011%2F07%2Fmaltego-information-gathering-backtrack.html&ei=FpR7U5X0KcOQuAS6kIDgDg&usg=AFQjCNHkS_EugKSwRROpbZNVaHa91VX4zg&bvm=bv.67229260,d.c2E -
8/12/2019 Maltego - Nambi rajesh
2/6
Maltego Information Gathering Backtrack 5 R3 Nambi Rajesh
What is logged? !3I key
I3 !ddress (yours$
The transform eecuted
The time it eecuted
:our user I% (&hich gives first name, last name and email address$
The ;uestions asked or the results are +#T logged 5 Ecept for a fe& transforms that use
&eb services
#nce the transforms are updated, click the Infrastructure and 3ersonal.
+ambi ra9esh
http://www.google.co.in/url?sa=t&rct=j&q=&esrc=s&source=web&cd=1&ved=0CCcQFjAA&url=http%3A%2F%2Fwww.ehacking.net%2F2011%2F07%2Fmaltego-information-gathering-backtrack.html&ei=FpR7U5X0KcOQuAS6kIDgDg&usg=AFQjCNHkS_EugKSwRROpbZNVaHa91VX4zg&bvm=bv.67229260,d.c2Ehttp://www.google.co.in/url?sa=t&rct=j&q=&esrc=s&source=web&cd=1&ved=0CCcQFjAA&url=http%3A%2F%2Fwww.ehacking.net%2F2011%2F07%2Fmaltego-information-gathering-backtrack.html&ei=FpR7U5X0KcOQuAS6kIDgDg&usg=AFQjCNHkS_EugKSwRROpbZNVaHa91VX4zg&bvm=bv.67229260,d.c2E -
8/12/2019 Maltego - Nambi rajesh
3/6
Maltego Information Gathering Backtrack 5 R3 Nambi Rajesh
1e can also import other entities to the palette. !n eample is the 7oogle entity. 7##7"E is asearch engine &hich can be used to find specific information like server, routers, s&itches, etc
Infrastructure Reconnaissance:
8altego helps to gather a lot of information about the infrastructure.
+ambi ra9esh
http://www.google.co.in/url?sa=t&rct=j&q=&esrc=s&source=web&cd=1&ved=0CCcQFjAA&url=http%3A%2F%2Fwww.ehacking.net%2F2011%2F07%2Fmaltego-information-gathering-backtrack.html&ei=FpR7U5X0KcOQuAS6kIDgDg&usg=AFQjCNHkS_EugKSwRROpbZNVaHa91VX4zg&bvm=bv.67229260,d.c2Ehttp://www.google.co.in/url?sa=t&rct=j&q=&esrc=s&source=web&cd=1&ved=0CCcQFjAA&url=http%3A%2F%2Fwww.ehacking.net%2F2011%2F07%2Fmaltego-information-gathering-backtrack.html&ei=FpR7U5X0KcOQuAS6kIDgDg&usg=AFQjCNHkS_EugKSwRROpbZNVaHa91VX4zg&bvm=bv.67229260,d.c2E -
8/12/2019 Maltego - Nambi rajesh
4/6
Maltego Information Gathering Backtrack 5 R3 Nambi Rajesh
In order to start gathering information, select the desired entity from the palette.In this eample, &e are going to scan a domain. elect the domain option from the palette and drag
the option to the &orkspace. Enter the target domain. +o& right-click on the entity and you should
be getting an &indo& that says ?)un Transform@ &ith additional relevant options.
)un the re;uired transform and find out information like the 80, + and I3 address. 1e can then
use transforms like
-
8/12/2019 Maltego - Nambi rajesh
5/6
Maltego Information Gathering Backtrack 5 R3 Nambi Rajesh
)ight-click on the
-
8/12/2019 Maltego - Nambi rajesh
6/6
Maltego Information Gathering Backtrack 5 R3 Nambi Rajesh
Barious entities in acebook &ere detected by using the transform ?toacebookaffiliation. Thismethod generally looks for a Facebook affiliation that matches closely to a persons name based on
the first and last name and weighs each result accordingly. With Maltego we can also find mutual
friends of two targeted persons in order to gather more information.
imilarly, &e can find if the user has uploaded any files in pastebin or any other public A)"s.
2aving all this information can be useful for performing a social engineering-based attack.
Conclusion :
Information gathering phase of all security related &ork
!ssessments
Investigations
3ublic information about a company or person
aves time
Easier to use then 7oogle ?hacking@
2its more then 9ust 7oogle
+ambi ra9esh
http://www.google.co.in/url?sa=t&rct=j&q=&esrc=s&source=web&cd=1&ved=0CCcQFjAA&url=http%3A%2F%2Fwww.ehacking.net%2F2011%2F07%2Fmaltego-information-gathering-backtrack.html&ei=FpR7U5X0KcOQuAS6kIDgDg&usg=AFQjCNHkS_EugKSwRROpbZNVaHa91VX4zg&bvm=bv.67229260,d.c2Ehttp://www.google.co.in/url?sa=t&rct=j&q=&esrc=s&source=web&cd=1&ved=0CCcQFjAA&url=http%3A%2F%2Fwww.ehacking.net%2F2011%2F07%2Fmaltego-information-gathering-backtrack.html&ei=FpR7U5X0KcOQuAS6kIDgDg&usg=AFQjCNHkS_EugKSwRROpbZNVaHa91VX4zg&bvm=bv.67229260,d.c2E