docCollecte d`informations
download 
Plainte Transcription
Collecte d`informations
http://sitedugaci.com/tutoriels_chapitre/9/4/la-collecte-desrenseignements.html Premiere ETAPE: (WHOIS SlayersOnline.net) Domain Name: SLAYERSONLINE.NET Registrar: OVH Sponsoring Registrar IANA ID: 433 Whois Server: whois.ovh.com Referral URL: http://www.ovh.com Name Server: KS393321.KIMSUFI.COM Name Server: NS.KIMSUFI.COM Status: clientDeleteProhibited Status: clientTransferProhibited Updated Date: 01-jun-2014 Creation Date: 22-jun-2004 Expiration Date: 22-jun-2015 The Registry database contains ONLY .COM, .NET, .EDU domains and Registrars. For more information on Whois status codes, please visit https://www.icann.org/resources/pages/epp-status-codes-2014-06-16-en. Domain Name: slayersonline.net Registry Domain ID: 123116579_DOMAIN_NET-VRSN Registrar WHOIS Server: whois.ovh.com Registrar URL: http://www.ovh.com Updated Date: 2014-06-01T21:56:19.0Z Creation Date: 2004-06-22T08:38:08.0Z Registrar Registration Expiration Date: 2015-06-22T08:38:08.0Z Registrar: OVH, SAS Registrar IANA ID: 433 Registrar Abuse Contact Email: [email protected] Registrar Abuse Contact Phone: +33.899498765 Domain Status: clientTransferProhibited Domain Status: clientDeleteProhibited Registry Registrant ID: Registrant Name: Cohen Jérôme Registrant Organization: Registrant Street: slayersonline.net, office #114091, c/o OwO, BP80157 Registrant City: 59053 Registrant State/Province: Registrant Postal Code: Roubaix Cedex 1 Registrant Country: FR Registrant Phone: +33.899498765 Registrant Phone Ext: Registrant Fax: Registrant Fax Ext: Registrant Email: [email protected] Registry Admin ID: Admin Name: Cohen Jérôme Admin Organization: Admin Street: slayersonline.net, office #114091, c/o OwO, BP80157 Admin City: 59053 Admin State/Province: Admin Postal Code: Roubaix Cedex 1 Admin Country: FR Admin Phone: +33.899498765 Admin Phone Ext: Admin Fax: Admin Fax Ext: Admin Email: [email protected] Registry Tech ID: Tech Name: Cohen Jérôme Tech Organization: Tech Street: slayersonline.net, office #114091, c/o OwO, BP80157 Tech City: 59053 Tech State/Province: Tech Postal Code: Roubaix Cedex 1 Tech Country: FR Tech Phone: +33.899498765 Tech Phone Ext: Tech Fax: Tech Fax Ext: Tech Email: [email protected] Name Server: ks393321.kimsufi.com Name Server: ns.kimsufi.com Utilisation de NETCRAFT (adresse :slayers-online.net) Deuxième ETAPE (Whois 176.31.111.202) Information related to '176.31.96.0 - 176.31.127.255' Abuse contact for '176.31.96.0 - 176.31.127.255' is '[email protected]' inetnum: 176.31.96.0 - 176.31.127.255 (bonne plage d’adresse) netname: OVH descr: OVH SAS descr: Dedicated servers descr: http://www.ovh.com country: FR admin-c: OK217-RIPE tech-c: OTC2-RIPE status: ASSIGNED PA mnt-by: OVH-MNT source: RIPE # Filtered role: OVH Technical Contact address: OVH SAS address: 2 rue Kellermann address: 59100 Roubaix address: France admin-c: OK217-RIPE tech-c: GM84-RIPE tech-c: SL10162-RIPE nic-hdl: OTC2-RIPE abuse-mailbox: [email protected] mnt-by: OVH-MNT source: RIPE # Filtered person: Octave Klaba address: OVH SAS address: 2 rue Kellermann address: 59100 Roubaix address: France phone: +33 9 74 53 13 23 nic-hdl: OK217-RIPE abuse-mailbox: [email protected] mnt-by: OVH-MNT source: RIPE # Filtered % Information related to '176.31.0.0/16AS16276' route: descr: descr: origin: mnt-by: source: 176.31.0.0/16 OVH ISP Paris, France AS16276 OVH-MNT RIPE # Filtered % This query was served by the RIPE Database Query Service version 1.76.1 (DB-1) Troisiéme ETAPE (nslookup: 176.31.111.202) 4 iéme etape : (en fouillant un peu sur internet on trouve d’autre info) : Connexion au serveur whois.afilias.net [383 ms] Domain Name:SLAYERSONLINE.INFO Domain ID: D8141786-LRMS Creation Date: 2004-11-23T11:06:47Z Updated Date: 2014-11-18T09:42:13Z Registry Expiry Date: 2015-11-23T11:06:47Z Sponsoring Registrar:OVH (R268-LRMS) Sponsoring Registrar IANA ID: 433 WHOIS Server: Referral URL: Domain Status: clientDeleteProhibited Domain Status: clientTransferProhibited Registrant ID:ovh546b1471qrpq Registrant Name:Jerome Cohen Registrant Organization: Registrant Street: slayersonline.info, office #114093 Registrant Street: c/o OwO, BP80157 Registrant City:Roubaix Cedex 1 Registrant State/Province: Registrant Postal Code:59053 Registrant Country:FR Registrant Phone:+33.899498765 Registrant Phone Ext: Registrant Fax: Registrant Fax Ext: Registrant Email:i5pfjr7s29g1pvj5k5cz[_(a)_]v.o-w-o.info Admin ID:ovh546b1471v9va Admin Name:Jerome Cohen Admin Organization: Admin Street: slayersonline.info, office #114093 Admin Street: c/o OwO, BP80157 Admin City:Roubaix Cedex 1 Admin State/Province: Admin Postal Code:59053 Admin Country:FR Admin Phone:+33.899498765 Admin Phone Ext: Admin Fax: Admin Fax Ext: Admin Email:qozto1t5sprf4tju7m4e[_(a)_]y.o-w-o.info Billing ID:ovh546b1471v9va Billing Name:Jerome Cohen Billing Organization: Billing Street: slayersonline.info, office #114093 Billing Street: c/o OwO, BP80157 Billing City:Roubaix Cedex 1 Billing State/Province: Billing Postal Code:59053 Billing Country:FR Billing Phone:+33.899498765 Billing Phone Ext: Billing Fax: Billing Fax Ext: Billing Email:qozto1t5sprf4tju7m4e[_(a)_]y.o-w-o.info Tech ID:ovh546b1471v9va Tech Name:Jerome Cohen Tech Organization: Tech Street: slayersonline.info, office #114093 Tech Street: c/o OwO, BP80157 Tech City:Roubaix Cedex 1 Tech State/Province: Tech Postal Code:59053 Tech Country:FR Tech Phone:+33.899498765 Tech Phone Ext: Tech Fax: Tech Fax Ext: Tech Email:qozto1t5sprf4tju7m4e[_(a)_]y.o-w-o.info Name Server:NS.KIMSUFI.COM Name Server:KS393321.KIMSUFI.COM Les serveurs DNS du domaine sont : ns.kimsufi.com. <=> 213.186.33.199 [FR] ks393321.kimsufi.com. <=> 176.31.111.202 [FR] Serveurs DNS du WhoIs sur whois.afilias.net [383 ms] ns.kimsufi.com. <=> 213.186.33.199 [FR] ks393321.kimsufi.com. <=> 176.31.111.202 [FR] Réponse de a2.info.afilias-nst.info. pour slayersonline.info. [5 ms] ns.kimsufi.com. <=> 213.186.33.199 [FR] ks393321.kimsufi.com. <=> 176.31.111.202 [FR] Réponse de f.root-servers.net pour info. [24 ms] a2.info.afilias-nst.info. <=> 199.249.113.1 [CA] b2.info.afilias-nst.org. <=> 199.249.121.1 [CA] c0.info.afilias-nst.info. <=> 199.254.49.1 [CA] b0.info.afilias-nst.org. <=> 199.254.48.1 [CA] a0.info.afilias-nst.info. <=> 199.254.31.1 [CA] d0.info.afilias-nst.org. <=> 199.254.50.1 [CA] mail.slayersonline.info. 86400 IN A 176.31.111.202 Les champs NS ne sont pas synchronisés avec le serveurs de nom de départ pour les serveurs suivants : ks393321.kimsufi.com. =====> o ns.kimsufi.com. <=> 213.186.33.199 [FR] o ks393321.kimsufi.com. <=> 176.31.111.202 [FR] Les serveurs suivants sont synchronisés (MX, NS, SOA, WWW identiques) avec le serveurs de nom de départ : ns.kimsufi.com. <=> 213.186.33.199 [FR] La version des serveurs DNS est exposée : ns.kimsufi.com. => [Secured] ks393321.kimsufi.com. => 9.8.4-rpz2+rl005.12-P1 202.111.31.176.in-addr.arpa. 86400 IN PTR ks393321.kimsufi.com. L'adresse IP peut être résolue en 176.31.111.202 [FR] <=> ks393321.kimsufi.com. Serveur ayant répondu : ns19.ovh.net. <=> 213.251.128.139 [FR] [48 ms] Starting Nmap 6.00 ( http://nmap.org ) at 2015-01-16 11:32 CET Nmap scan report for ks393321.kimsufi.com (176.31.111.202) Host is up (0.00049s latency). PORT STATE SERVICE 21/tcp open ftp 23/tcp closed telnet 25/tcp open smtp 43/tcp closed whois 53/tcp open domain 69/tcp closed tftp 80/tcp open http 110/tcp open pop3 116/tcp closed ansanotify 143/tcp open imap 194/tcp closed irc 443/tcp closed https 465/tcp closed smtps 585/tcp closed unknown 587/tcp closed submission 3306/tcp closed mysql 8443/tcp closed https-alt 10000/tcp closed snet-sensor-mgm 5 iéme étape : (scan des ports) Commande pour scan les ports : Nmap –sS –Pn 176.31.111.202 Commande pour scan les ports avec la version : nmap -sS –Pn -A 176.31.111.202 6ieme ETAPE: Service postgresql start msf > db_status [*] postgresql connected to msf3 msf > netstat -lt [*] exec: netstat -lt Connexions Internet actives (seulement serveurs) Proto Recv-Q Send-Q Adresse locale Adresse distante tcp 0 0 localhost:50505 *:* LISTEN tcp 0 0 *:3790 *:* LISTEN tcp 0 0 *:ssh *:* LISTEN tcp 0 0 localhost:postgresql *:* LISTEN tcp 0 0 localhost:3001 *:* LISTEN tcp 0 0 *:8834 *:* LISTEN tcp6 0 0 [::]:ssh [::]:* LISTEN tcp6 0 0 localhost:postgresql [::]:* LISTEN tcp6 0 0 [::]:8834 [::]:* LISTEN Etat msf > netstat -ltn [*] exec: netstat -ltn Connexions Internet actives (seulement serveurs) Proto Recv-Q Send-Q Adresse locale Adresse distante tcp 0 0 127.0.0.1:50505 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:3790 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN tcp 0 0 127.0.0.1:5432 0.0.0.0:* LISTEN tcp 0 0 127.0.0.1:3001 0.0.0.0:* LISTEN tcp 0 0 0.0.0.0:8834 0.0.0.0:* LISTEN tcp6 0 0 :::22 :::* LISTEN tcp6 0 0 ::1:5432 :::* LISTEN tcp6 0 0 :::8834 :::* LISTEN Etat 7iéme ETAPE: (Importation de résultats de Nmap dans Metaspoit) nmap -sS -Pn -A -oX Subnet1 176.31.111.202/24 a revoir 8 iéme ETAPE: Ensuite on fait : nmap –Pn –sI 176.31.111.42 176.31.111.161
Documents pareils
combattre le phishing
Domain ID: 2037045434_DOMAIN_COM-VRSN
Registrar WHOIS Server: whois.tucows.com
Registrar URL: http://tucowsdomains.com
Updated Date: 2016-06-23T03:20:55Z
Creation Date: 2016-06-23T03:20:55Z
Registr...
