maltego - nambi rajesh

8/12/2019 Maltego - Nambi rajesh

1/6

Maltego Information Gathering Backtrack 5 R3 Nambi Rajesh

Introduction:

Information gathering or foot-printing is generally a first step of Ethical hacking/penetration testing

process. The more information you have the more chance of success, information gathering is the

important phase because all of the process of hacking based on information

Where to get it? Community edition (ree Edition also !vailable- "imited #ptions$

%o&nload via paterva.com also found on 'acktrack )*

+o saving, limited to transforms, etc

ull version has no limitations

)uns on "inu, # 0, 1indo&s

What does Maltego do? 2elps determine real &orld links bet&een 3eople

ocial +et&orks

Companies/#rgani4ations

1eb sites

Internet Infrastructure (%+, %omains, +etblocks$

3hrases

%ocuments and files

Starting Maltego

irst go to !pplications56'acktrack56Information 7athering56+et&ork !nalysis56%+ !nalysis5

68altego

The first time you login it &ill ask you to register your product. If you already have an account 9ustenter your email I% and pass&ord. #nce you validate your login it &ill update the transforms

+ambi ra9esh
http://www.google.co.in/url?sa=t&rct=j&q=&esrc=s&source=web&cd=1&ved=0CCcQFjAA&url=http%3A%2F%2Fwww.ehacking.net%2F2011%2F07%2Fmaltego-information-gathering-backtrack.html&ei=FpR7U5X0KcOQuAS6kIDgDg&usg=AFQjCNHkS_EugKSwRROpbZNVaHa91VX4zg&bvm=bv.67229260,d.c2Ehttp://www.google.co.in/url?sa=t&rct=j&q=&esrc=s&source=web&cd=1&ved=0CCcQFjAA&url=http%3A%2F%2Fwww.ehacking.net%2F2011%2F07%2Fmaltego-information-gathering-backtrack.html&ei=FpR7U5X0KcOQuAS6kIDgDg&usg=AFQjCNHkS_EugKSwRROpbZNVaHa91VX4zg&bvm=bv.67229260,d.c2E


2/6


What is logged? !3I key

I3 !ddress (yours$

The transform eecuted

The time it eecuted

:our user I% (&hich gives first name, last name and email address$

The ;uestions asked or the results are +#T logged 5 Ecept for a fe& transforms that use

&eb services

#nce the transforms are updated, click the Infrastructure and 3ersonal.

+ambi ra9esh


3/6


1e can also import other entities to the palette. !n eample is the 7oogle entity. 7##7"E is asearch engine &hich can be used to find specific information like server, routers, s&itches, etc

Infrastructure Reconnaissance:

8altego helps to gather a lot of information about the infrastructure.

+ambi ra9esh


4/6


In order to start gathering information, select the desired entity from the palette.In this eample, &e are going to scan a domain. elect the domain option from the palette and drag

the option to the &orkspace. Enter the target domain. +o& right-click on the entity and you should

be getting an &indo& that says ?)un Transform@ &ith additional relevant options.

)un the re;uired transform and find out information like the 80, + and I3 address. 1e can then

use transforms like


5/6


)ight-click on the


6/6


Barious entities in acebook &ere detected by using the transform ?toacebookaffiliation. Thismethod generally looks for a Facebook affiliation that matches closely to a persons name based on

the first and last name and weighs each result accordingly. With Maltego we can also find mutual

friends of two targeted persons in order to gather more information.

imilarly, &e can find if the user has uploaded any files in pastebin or any other public A)"s.

2aving all this information can be useful for performing a social engineering-based attack.

Conclusion :

Information gathering phase of all security related &ork

!ssessments

Investigations

3ublic information about a company or person

aves time

Easier to use then 7oogle ?hacking@

2its more then 9ust 7oogle

+ambi ra9esh

maltego - nambi rajesh

Documents