UNDERSTANDINGS ANDBOXES - ROOTCON 6/Talks/ROOTCON 6 - Understan… · s andboxes $ see+ $ $ ...
Diving To ReconNG (Read-Only) - ROOTCON® Media Server 7/Talks/ROOTCON 7... · 2017-03-25 ·...
Transcript of Diving To ReconNG (Read-Only) - ROOTCON® Media Server 7/Talks/ROOTCON 7... · 2017-03-25 ·...
![Page 1: Diving To ReconNG (Read-Only) - ROOTCON® Media Server 7/Talks/ROOTCON 7... · 2017-03-25 · lookups, enumerating hostnames, enumerating subdomains,enumeratingcompanyemails,etc.](https://reader033.fdocuments.net/reader033/viewer/2022042309/5ed6ebdfff4a11075f770c84/html5/thumbnails/1.jpg)
Diving into recon-ng
~ primarch victus
![Page 2: Diving To ReconNG (Read-Only) - ROOTCON® Media Server 7/Talks/ROOTCON 7... · 2017-03-25 · lookups, enumerating hostnames, enumerating subdomains,enumeratingcompanyemails,etc.](https://reader033.fdocuments.net/reader033/viewer/2022042309/5ed6ebdfff4a11075f770c84/html5/thumbnails/2.jpg)
Who is primarch victus?●My name is Jay Turla
●I am one of the developers and contributors of the recon-ngframework
●I have been listed in the hall of fames of Adobe, Attack-Secure,Nokia, Microsoft, MailChimp, Constant Contract, SproutSocial, IntegraXor HMI, Puppet Labs, etc. for my responsibledisclosures of security vulnerabilities.
●One of the recipients of Freelancer.com's Whitehat Badge forreporting 2 vulnerabilities to their security team.
●I work as an I.T. Lecturer at the two branches of InformaticsCebu and as a security researcher at Infosec Institute.
![Page 3: Diving To ReconNG (Read-Only) - ROOTCON® Media Server 7/Talks/ROOTCON 7... · 2017-03-25 · lookups, enumerating hostnames, enumerating subdomains,enumeratingcompanyemails,etc.](https://reader033.fdocuments.net/reader033/viewer/2022042309/5ed6ebdfff4a11075f770c84/html5/thumbnails/3.jpg)
![Page 4: Diving To ReconNG (Read-Only) - ROOTCON® Media Server 7/Talks/ROOTCON 7... · 2017-03-25 · lookups, enumerating hostnames, enumerating subdomains,enumeratingcompanyemails,etc.](https://reader033.fdocuments.net/reader033/viewer/2022042309/5ed6ebdfff4a11075f770c84/html5/thumbnails/4.jpg)
Introduction
●Recon-ng is an open-source framework coded inpython by Tim Tomes a.k.a LaNMaSteR53.●Its interface is modeled after the look of the MetasploitFramework but it is not for exploitation or forspawning a meterpreter session or a shell, it is for web-based reconnaissance and information gathering.●It focuses Reconnaissance, Discovery, and Reportingwhich are steps 1, 2 and 4 of the Web ApplicationPenetration Testing Methodology.
![Page 5: Diving To ReconNG (Read-Only) - ROOTCON® Media Server 7/Talks/ROOTCON 7... · 2017-03-25 · lookups, enumerating hostnames, enumerating subdomains,enumeratingcompanyemails,etc.](https://reader033.fdocuments.net/reader033/viewer/2022042309/5ed6ebdfff4a11075f770c84/html5/thumbnails/5.jpg)
The Modules●Modules are categorized into Discovery, Experimental, Recon andReporting :)
![Page 6: Diving To ReconNG (Read-Only) - ROOTCON® Media Server 7/Talks/ROOTCON 7... · 2017-03-25 · lookups, enumerating hostnames, enumerating subdomains,enumeratingcompanyemails,etc.](https://reader033.fdocuments.net/reader033/viewer/2022042309/5ed6ebdfff4a11075f770c84/html5/thumbnails/6.jpg)
Discovery Modules
●Modules that can be used for finding exploitable fileslike file uploads, error logs, server statuses, phpinformation, etc.●Backup File Finder
●Examples: Dot Net Nuke Remote File UploadVulnerability Checker, GenericRestaurantMenuVulnerability Page Finder and Validator, DNS CacheSnooper, Webwiz Rich Text Editor File Upload PageFinder●This is the category where I contributed mostly.
![Page 7: Diving To ReconNG (Read-Only) - ROOTCON® Media Server 7/Talks/ROOTCON 7... · 2017-03-25 · lookups, enumerating hostnames, enumerating subdomains,enumeratingcompanyemails,etc.](https://reader033.fdocuments.net/reader033/viewer/2022042309/5ed6ebdfff4a11075f770c84/html5/thumbnails/7.jpg)
![Page 8: Diving To ReconNG (Read-Only) - ROOTCON® Media Server 7/Talks/ROOTCON 7... · 2017-03-25 · lookups, enumerating hostnames, enumerating subdomains,enumeratingcompanyemails,etc.](https://reader033.fdocuments.net/reader033/viewer/2022042309/5ed6ebdfff4a11075f770c84/html5/thumbnails/8.jpg)
The Recon Modules
●Used for domain lookups, dns lookups, mail hostlookups, enumerating hostnames, enumeratingsubdomains, enumerating company emails, etc.●Modules that leverages API's and Online Scanners
●Majority of the modules for recon-ng are categorizedhere●Examples: Flickr Geolocation Search, My-IP-Neighbors Lookup, McAfee Domain DNS Lookup,Yahoo Hostname Enumerator, Twitter Handles,punkSPIDER Vulnerabilty Finder
![Page 9: Diving To ReconNG (Read-Only) - ROOTCON® Media Server 7/Talks/ROOTCON 7... · 2017-03-25 · lookups, enumerating hostnames, enumerating subdomains,enumeratingcompanyemails,etc.](https://reader033.fdocuments.net/reader033/viewer/2022042309/5ed6ebdfff4a11075f770c84/html5/thumbnails/9.jpg)
![Page 10: Diving To ReconNG (Read-Only) - ROOTCON® Media Server 7/Talks/ROOTCON 7... · 2017-03-25 · lookups, enumerating hostnames, enumerating subdomains,enumeratingcompanyemails,etc.](https://reader033.fdocuments.net/reader033/viewer/2022042309/5ed6ebdfff4a11075f770c84/html5/thumbnails/10.jpg)
Reporting Modules●Used for creating a CSV or an HTML file containing the specified harvested data types.●Modules: CSV File Creator, HTML ReportGenerator, List Creator, and PushPin ReportGenerator●The Pushpin Report Generator creates amedia and map HTML report for all of thePushPin data stored in the database.
![Page 11: Diving To ReconNG (Read-Only) - ROOTCON® Media Server 7/Talks/ROOTCON 7... · 2017-03-25 · lookups, enumerating hostnames, enumerating subdomains,enumeratingcompanyemails,etc.](https://reader033.fdocuments.net/reader033/viewer/2022042309/5ed6ebdfff4a11075f770c84/html5/thumbnails/11.jpg)
![Page 12: Diving To ReconNG (Read-Only) - ROOTCON® Media Server 7/Talks/ROOTCON 7... · 2017-03-25 · lookups, enumerating hostnames, enumerating subdomains,enumeratingcompanyemails,etc.](https://reader033.fdocuments.net/reader033/viewer/2022042309/5ed6ebdfff4a11075f770c84/html5/thumbnails/12.jpg)
How You Can Help?●Prerequisites: Git and Python●Clone https://bitbucket.org/LaNMaSteR53/recon-ng
●Start playing with the framework●Think of a module that can be useful and start coding one●Push it!
![Page 13: Diving To ReconNG (Read-Only) - ROOTCON® Media Server 7/Talks/ROOTCON 7... · 2017-03-25 · lookups, enumerating hostnames, enumerating subdomains,enumeratingcompanyemails,etc.](https://reader033.fdocuments.net/reader033/viewer/2022042309/5ed6ebdfff4a11075f770c84/html5/thumbnails/13.jpg)
Basic Framework Usage
![Page 14: Diving To ReconNG (Read-Only) - ROOTCON® Media Server 7/Talks/ROOTCON 7... · 2017-03-25 · lookups, enumerating hostnames, enumerating subdomains,enumeratingcompanyemails,etc.](https://reader033.fdocuments.net/reader033/viewer/2022042309/5ed6ebdfff4a11075f770c84/html5/thumbnails/14.jpg)
Source Code Previews of Some Modules
![Page 15: Diving To ReconNG (Read-Only) - ROOTCON® Media Server 7/Talks/ROOTCON 7... · 2017-03-25 · lookups, enumerating hostnames, enumerating subdomains,enumeratingcompanyemails,etc.](https://reader033.fdocuments.net/reader033/viewer/2022042309/5ed6ebdfff4a11075f770c84/html5/thumbnails/15.jpg)
![Page 16: Diving To ReconNG (Read-Only) - ROOTCON® Media Server 7/Talks/ROOTCON 7... · 2017-03-25 · lookups, enumerating hostnames, enumerating subdomains,enumeratingcompanyemails,etc.](https://reader033.fdocuments.net/reader033/viewer/2022042309/5ed6ebdfff4a11075f770c84/html5/thumbnails/16.jpg)
![Page 17: Diving To ReconNG (Read-Only) - ROOTCON® Media Server 7/Talks/ROOTCON 7... · 2017-03-25 · lookups, enumerating hostnames, enumerating subdomains,enumeratingcompanyemails,etc.](https://reader033.fdocuments.net/reader033/viewer/2022042309/5ed6ebdfff4a11075f770c84/html5/thumbnails/17.jpg)
![Page 18: Diving To ReconNG (Read-Only) - ROOTCON® Media Server 7/Talks/ROOTCON 7... · 2017-03-25 · lookups, enumerating hostnames, enumerating subdomains,enumeratingcompanyemails,etc.](https://reader033.fdocuments.net/reader033/viewer/2022042309/5ed6ebdfff4a11075f770c84/html5/thumbnails/18.jpg)
DEMO!
-enuff with some talk sh***