next generation web scanning new zealand a case study
play

Next generation web scanning New Zealand: A case study First - PowerPoint PPT Presentation

Sep 10, 2023 •216 likes •854 views

Next generation web scanning New Zealand: A case study First presented at KIWICON III 2009 By Andrew Horton aka urbanadventurer NZ Web Recon Goal: To scan all of New Zealand's web-space to see what's there. Requirements: Targets

  1. Next generation web scanning New Zealand: A case study First presented at KIWICON III 2009 By Andrew Horton aka urbanadventurer

  2. NZ Web Recon Goal: To scan all of New Zealand's web-space to see what's there. Requirements: – Targets – Scanning – Analysis Sounds easy, right? urbanadventurer (Andrew Horton) www.morningstarsecurity.com

  3. Targets urbanadventurer (Andrew Horton) www.morningstarsecurity.com

  4. Targets What does 'NZ web-space' mean? It could mean: • Geographically within NZ regardless of the TLD • The .nz TLD hosted anywhere • All of the above For this scan it means, IPs geographically within NZ urbanadventurer (Andrew Horton) www.morningstarsecurity.com

  5. Finding Targets We need creative methods to find targets urbanadventurer (Andrew Horton) www.morningstarsecurity.com

  6. DNS Zone Transfer urbanadventurer (Andrew Horton) www.morningstarsecurity.com

  7. Find IP addresses on IRC and by resolving lots of NZ websites 58.*.*.* 60.*.*.* 65.*.*.* 91.*.*.* 110.*.*.* 111.*.*.* 113.*.*.* 114.*.*.* 115.*.*.* 116.*.*.* 117.*.*.* 118.*.*.* 119.*.*.* 120.*.*.* 121.*.*.* 122.*.*.* 123.*.*.* 124.*.*.* 125.*.*.* 130.*.*.* 131.*.*.* 132.*.*.* 138.*.*.* 139.*.*.* 143.*.*.* 144.*.*.* 146.*.*.* 150.*.*.* 153.*.*.* 156.*.*.* 161.*.*.* 162.*.*.* 163.*.*.* 165.*.*.* 166.*.*.* 167.*.*.* 192.*.*.* 198.*.*.* 202.*.*.* 203.*.*.* 210.*.*.* 218.*.*.* 219.*.*.* 222.*.*.* 729,580,500 IPs. More than we want to try. urbanadventurer (Andrew Horton) www.morningstarsecurity.com

  8. IP address blocks in the IANA IPv4 Address Space Registry Prefix Designation Date Whois Status [1] ----- ------ ---- ----- ---------- 000/8 IANA - Local Identification 1981-09 RESERVED 001/8 IANA UNALLOCATED 002/8 RIPE NCC 2009-09 whois.ripe.net ALLOCATED 003/8 General Electric Company 1994-05 LEGACY 201/8 LACNIC 2003-04 whois.lacnic.net ALLOCATED 202/8 APNIC 1993-05 whois.apnic.net ALLOCATED 203/8 APNIC 1993-05 whois.apnic.net ALLOCATED 204/8 ARIN 1994-03 whois.arin.net ALLOCATED 205/8 ARIN 1994-03 whois.arin.net ALLOCATED 206/8 ARIN 1995-04 whois.arin.net ALLOCATED 207/8 ARIN 1995-11 whois.arin.net ALLOCATED 208/8 ARIN 1996-04 whois.arin.net ALLOCATED 209/8 ARIN 1996-06 whois.arin.net ALLOCATED 210/8 APNIC 1996-06 whois.apnic.net ALLOCATED 211/8 APNIC 1996-06 whois.apnic.net ALLOCATED This list has 663,255,000 IPs. More than we want to try. urbanadventurer (Andrew Horton) www.morningstarsecurity.com

  9. Failed methods to find targets • DNS Zone transfers from top level domain name servers • Learn IP address ranges for well known national websites and networks • All IP addresses allocated to APNIC (Asia Pacific NIC) We need new methods to find IP addresses and website hostnames for New Zealand urbanadventurer (Andrew Horton) www.morningstarsecurity.com

  10. geoipgen and the MaxMind GeoIP database Use MaxMind’s free database of IP to Country allocations Homepage: http://www.morningstarsecurity.com/research/geoipgen Produces 6,319,348 New Zealand IP addresses urbanadventurer (Andrew Horton) www.morningstarsecurity.com

  11. Scanning for TCP Port 80 with nmap Find the 75,964 web servers among 6 million IPs into nmap -i ./iplist -P0 -sT --open -n -p 80 – oG iplist.gnmap.log urbanadventurer (Andrew Horton) www.morningstarsecurity.com

  12. Reverse Resolving IP addresses Use adns-tools for fast, asynchronous resolving 31,973 IPs resolve to hostnames urbanadventurer (Andrew Horton) www.morningstarsecurity.com

  13. urbanadventurer (Andrew Horton) www.morningstarsecurity.com

  14. • Uses Bing search query IP parameter. • Example: ip:210.48.71.196 • Tested 75,964 NZ IPs found in the port scan • Discovered 11,872 IPs are indexed by bing.com • Found 89,265 virtual hostnames Homepage: http://www.morningstarsecurity.com/research/bing-ip2hosts urbanadventurer (Andrew Horton) www.morningstarsecurity.com

  15. Google.com urbanadventurer (Andrew Horton) www.morningstarsecurity.com

  16. Google.com There is a common misconception that Google scraping is no longer possible and is halted by Google’s bot detection. It is possible to search for a wide set of search terms and to retrieve a shallow set of the each result, i.e. 3 pages. searching aaa through to zzz found 58,602 hostnames searching every word in /usr/share/dict/words found 116,052 hostnames 126,408 unique NZ hostnames found with Google Homepage: http://www.morningstarsecurity.com/research/ urbanadventurer (Andrew Horton) www.morningstarsecurity.com

  17. DNS Zone Transfers Revisited urbanadventurer (Andrew Horton) www.morningstarsecurity.com

  18. DNS Zone Transfers Revisited Extracting domainnames urbanadventurer (Andrew Horton) www.morningstarsecurity.com

  19. DNS Zone Transfers Revisited Results Attempt a DNS zone transfer for each domain 135,591 unique domain names were found with reverse resolving IPs, Bing, and Google scanning. Tool: dns-enum.pl Found 560,352 hosts in 70,475 domains. urbanadventurer (Andrew Horton) www.morningstarsecurity.com

  20. DNS Brute Forcing – Not Implemented Guessing subdomains, eg. test.example.com, www2.example.com, intranet.example.com urbanadventurer (Andrew Horton) www.morningstarsecurity.com

  21. Final Target List • 699,413 unique hostnames found with reverse resolving, Google, Bing and zone transfers • Resolve the hostnames to IPs • Keep only the hostnames with IPs in the port scanned list of 75,964 IPs found with nmap • 75,964 IPs + 274,989 hostnames = 350,953 virtual hosts to test urbanadventurer (Andrew Horton) www.morningstarsecurity.com

  22. Scanning – Targets – Scanning – Analysis urbanadventurer (Andrew Horton) www.morningstarsecurity.com

  23. Traditional Web Scanners Nikto and Nessus • Time. Nikto takes too long because it guesses 1000s of URLs. • Impolite. Nikto has a big footprint with 1000s of lines in each web servers logs and it increases web server load. • Law. Some Nikto tests will attempt to exploit vulnerabilities so it is not suitable for use without permission. • Information. Pretty good Nmap • Time. Nmap is fast • Impolite. Nmap is polite, it makes only a few connections • Law. Unquestionable • Information. Scarce urbanadventurer (Andrew Horton) www.morningstarsecurity.com

  24. WhatWeb • Time. Fast • Polite. Doesn't trigger NIDS • Law. Unquestionable • Information. Rich • Instead of guessing URLs to identify systems, make better use of the information provided by the web server during an HTTP transaction. Homepage http://www.morningstarsecurity.com/research/whatweb urbanadventurer (Andrew Horton) www.morningstarsecurity.com

  25. WhatWeb Discover what powers websites by identifying: • content management systems (CMS) • blogging platforms • stats/analytics packages • javascript libraries • HTTP servers • Written in Ruby for Linux • OpenSource License • Plugin architecture urbanadventurer (Andrew Horton) www.morningstarsecurity.com

  26. WhatWeb • Passive and aggressive plugins • Passive plugins use information from: – The HTML page – HTTP headers – Cookies – URL • Lightweight like a search engine crawler • A single GET / HTTP/1.0 request urbanadventurer (Andrew Horton) www.morningstarsecurity.com

  27. WhatWeb • Aggressive plugins use information from: – Testing for URLs and identifying patterns in the HTML – Testing for URLs and recognising the MD5 hash of the response – Testing for URLs and simply noting they exist or return an HTTP status 200 code. • Can return an exact version of a CMS, can discover installed modules or plugins • Uses multiple HTTP requests urbanadventurer (Andrew Horton) www.morningstarsecurity.com

  28. WhatWeb urbanadventurer (Andrew Horton) www.morningstarsecurity.com

  29. WhatWeb Examples urbanadventurer (Andrew Horton) www.morningstarsecurity.com

  30. Passive & Aggressive Tests With aggressive tests it identifies the Joomla CMS version by retrieving a handful of URLs and recognising the MD5 hashes urbanadventurer (Andrew Horton) www.morningstarsecurity.com

  31. Aggressive Tests phpBB forum /docs/CHANGELOG.html urbanadventurer (Andrew Horton) www.morningstarsecurity.com

Recommend

Next generation web scanning New Zealand: A case study First presented at KIWICON III 2009 By

Next generation web scanning New Zealand: A case study First presented at KIWICON III 2009 By

Next generation web scanning New Zealand: A case study First presented at KIWICON III 2009 By Andrew Horton aka urbanadventurer NZ Web Recon Goal: To scan all of New Zealand's web-space to see what's there. Requirements: Targets

802 views • 61 slides
Operation of a Hydrothermal System with Increased Renewable Generation: New Zealand Case Study

Operation of a Hydrothermal System with Increased Renewable Generation: New Zealand Case Study

Operation of a Hydrothermal System with Increased Renewable Generation: New Zealand Case Study Hydro Power Scheduling Workshop Stavanger, Norway By Luke Schwartfeger, Dr. Alan Wood, Gari Bickers 12-13 th September 2018 Contents

368 views • 20 slides
Case study of Control of Intellectual Property (CIP) that uses I-TRIZ and idea generation Gen

Case study of Control of Intellectual Property (CIP) that uses I-TRIZ and idea generation Gen

J13 Case study of Control of Intellectual Property (CIP) that uses I-TRIZ and idea generation Gen Abiko (MINORU International Patent Office) 1. Purpose Through the case study of the small animal capture tool (rattrap), the method the

139 views • 11 slides
BP GoM: A Case Study of a Next Generation Undersea Fiber Optic System for Oil and Gas

BP GoM: A Case Study of a Next Generation Undersea Fiber Optic System for Oil and Gas

conference & convention enabling the next generation of networks & services BP GoM: A Case Study of a Next Generation Undersea Fiber Optic System for Oil and Gas Applications Rob Munier Jeremiah Mendez Derek Buffitt Tyco Electronics

628 views • 27 slides
BP GoM: A Case Study of a Next Generation Undersea Fiber Optic System for Oil and Gas

BP GoM: A Case Study of a Next Generation Undersea Fiber Optic System for Oil and Gas

conference & convention enabling the next generation of networks & services BP GoM: A Case Study of a Next Generation Undersea Fiber Optic System for Oil and Gas Applications Rob Munier Jeremiah Mendez Derek Buffitt Tyco Electronics

376 views • 26 slides
Museum of New Zealand 20 years of advances in fire modelling What are the benefits? A case study

Museum of New Zealand 20 years of advances in fire modelling What are the benefits? A case study

Te Papa Tongarewa Museum of New Zealand 20 years of advances in fire modelling What are the benefits? A case study Presented by Kevin Weller About Te Papa Built 1996 5 hectares 6 floors Large atriums Single compartment

737 views • 22 slides
Case study 2 Case study 2 Case study 2 Case study 2 Former Industrial Site, London: How has

Case study 2 Case study 2 Case study 2 Case study 2 Former Industrial Site, London: How has

Case study 2 Case study 2 Case study 2 Case study 2 Former Industrial Site, London: How has innovation helped to produce a cost effective remedial design? Challenging contaminant profile Taken a traditional / well understood remedial

912 views • 4 slides
Corporate Ecosystem Services Review URS Case Study December 17, 2012 CASE STUDY QUESTIONS

Corporate Ecosystem Services Review URS Case Study December 17, 2012 CASE STUDY QUESTIONS

New Zealand Pilot Corporate Ecosystem Services Review URS Case Study December 17, 2012 CASE STUDY QUESTIONS What are the ecosystem services that our Auckland water Clients impact on and depended on ? What risks and opportunities arise to

256 views • 9 slides
Positive Policy Pressures for Social Inclusion in Public Art Galleries: A New Zealand Case Study

Positive Policy Pressures for Social Inclusion in Public Art Galleries: A New Zealand Case Study

Federation of International Human Rights Museums Conference 2015 Te Papa Tongarewa Museum of New Zealand Claire Baker New Zealand claireadelebaker@gmail.com Positive Policy Pressures for Social Inclusion in Public Art Galleries: A New Zealand

348 views • 10 slides
Grappling with uncertainty in collaboration: a New Zealand case study Ronlyn Duncan, PhD Senior

Grappling with uncertainty in collaboration: a New Zealand case study Ronlyn Duncan, PhD Senior

IAIA2017 Le Centre Sheraton Montreal Hotel Montreal, Canada, 4 7 April, 2017 Grappling with uncertainty in collaboration: a New Zealand case study Ronlyn Duncan, PhD Senior Lecturer in Water Management Department of Environmental Management,

514 views • 29 slides
on Microhydroelectric Power Generation A Case Study of the Burnshire Dam: Woodstock, VA

on Microhydroelectric Power Generation A Case Study of the Burnshire Dam: Woodstock, VA

The Impact of River Flow on Microhydroelectric Power Generation A Case Study of the Burnshire Dam: Woodstock, VA Alex Barnes, Alex Pineda, Richard Rizzo ISAT 493 April 15 th , 2016 Origin of the Project Our work

1.27k views • 51 slides
Commercialisation, income generation & trading case study 3 Content of presentation

Commercialisation, income generation & trading case study 3 Content of presentation

Commercialisation, income generation & trading case study 3 Content of presentation Portsmouth - Why is this a focus for us? Strategy Transforming to a more entrepreneurial council Property Investment Fund Marketing our

784 views • 53 slides
Target Generation for Internet-wide IPv6 Scanning Austin Murdock, Frank Li, Paul Bramsen, Zakir

Target Generation for Internet-wide IPv6 Scanning Austin Murdock, Frank Li, Paul Bramsen, Zakir

Target Generation for Internet-wide IPv6 Scanning Austin Murdock, Frank Li, Paul Bramsen, Zakir Durumeric, Vern Paxson Background IPv4 scanning - Zmap . 2 Background 2 128 addresses => 10 30 years to scan 32 nybbles (hex

518 views • 28 slides
Integration of Waste Supply and Use Data into Regional Footprints: Case Study on the Generation

Integration of Waste Supply and Use Data into Regional Footprints: Case Study on the Generation

CIRP Life Cycle Engineering Conference 2018 Integration of Waste Supply and Use Data into Regional Footprints: Case Study on the Generation and Use of Waste from Consumption and Production Activities in Brussels Vanessa Zeller, Edgar Towa,

170 views • 13 slides
Electricity Generation Energy mix in Kenya and a case study of Kenya's SMR RTA 8 th July, 2019

Electricity Generation Energy mix in Kenya and a case study of Kenya's SMR RTA 8 th July, 2019

Electricity Generation Energy mix in Kenya and a case study of Kenya's SMR RTA 8 th July, 2019 Presented by Nduma Ruwah Technical Directorate, NuPEA Table of Contents Kenya Kenyas Vision Kenya Installed capacity Justification

702 views • 21 slides
Ocean ecosystem conservation and seafood security for future generation A case study of

Ocean ecosystem conservation and seafood security for future generation A case study of

Ocean ecosystem conservation and seafood security for future generation A case study of ecosystem g y y approach to fisheries and the adaptive management of the Shiretoko World Natural Heritage Site g

950 views • 37 slides
A New Generation of Handheld Laser Scanning (HLS) for Geotechnical Studies W K Leung

A New Generation of Handheld Laser Scanning (HLS) for Geotechnical Studies W K Leung

A New Generation of Handheld Laser Scanning (HLS) for Geotechnical Studies W K Leung Geotechnical Engineering Office 30 May 2019 Remote Sensing Techniques Photogrammetry (Aerial Unmanned Aerial Air-borne Light Detection and Photographs,

697 views • 21 slides
Combinatorial Test Set Generation: Concepts, Implementation, Case Study Drs. Vadim V. Zaytsev

Combinatorial Test Set Generation: Concepts, Implementation, Case Study Drs. Vadim V. Zaytsev

Combinatorial Test Set Generation: Concepts, Implementation, Case Study Drs. Vadim V. Zaytsev 22 June 2004 Legal stuff Supervisor: Prof.dr. Hendrik Brinksma, UT Ext.Supervisor: Dr.ing. Ralf L ammel, VU&CWI Hosting

421 views • 17 slides
Polyhedral AST generation is more than scanning polyhedra Tobias Grosser, Sven Verdoolaege, Albert

Polyhedral AST generation is more than scanning polyhedra Tobias Grosser, Sven Verdoolaege, Albert

s p c l.in f.e th z .c h @s p c l_e th Polyhedral AST generation is more than scanning polyhedra Tobias Grosser, Sven Verdoolaege, Albert Cohen ETH Zurich, Polly Labs, INRIA TOPLAS - Presented at PLDI16 15. June 2015, Santa

1.08k views • 81 slides
Climate change impact on the TN generation of Lake Rotokakahi catchment, New Zealand Wei Ye 1

Climate change impact on the TN generation of Lake Rotokakahi catchment, New Zealand Wei Ye 1

The 18 th AIM international Workshop Climate change impact on the TN generation of Lake Rotokakahi catchment, New Zealand Wei Ye 1 Wang Yao 2 David Hamilton 1 1 University of Waikato, New Zealand 2 Hohai University, China The 18 th AIM

598 views • 21 slides
Scanning electron microscopy methods in study of micro objects Members : Ana-Maria Panaitescu

Scanning electron microscopy methods in study of micro objects Members : Ana-Maria Panaitescu

Scanning electron microscopy methods in study of micro objects Members : Ana-Maria Panaitescu Iuliana Taran University of Bucharest,Faculty of Physics Supervisor: Orelovich Oleg JINR Laboratory: FLNR Scanning electron

744 views • 28 slides
Topical health issues in New Zealand Findings from the New Zealand Attitudes and Values Study

Topical health issues in New Zealand Findings from the New Zealand Attitudes and Values Study

Topical health issues in New Zealand Findings from the New Zealand Attitudes and Values Study Carol Lee School of Psychology www.nzavs.auckland.ac.nz Acknowledgements: The NZAVS has received support from a Templeton World Charity Foundation

628 views • 34 slides
Case Study: Implementing Legally Defensible Policies p g g y f and Procedures for Disposing of

Case Study: Implementing Legally Defensible Policies p g g y f and Procedures for Disposing of

Case Study: Implementing Legally Defensible Policies p g g y f and Procedures for Disposing of Paper Records After Scanning Bob Guz CRM Bob Guz, CRM Sr. Business Process Consultant Katherine Cranford, CRM, CIP Corporate Records Analyst

594 views • 43 slides
WATER AND ENERGY LINKAGES Case Study of Akanyaru Peat Production and Power Generation

WATER AND ENERGY LINKAGES Case Study of Akanyaru Peat Production and Power Generation

WATER AND ENERGY LINKAGES Case Study of Akanyaru Peat Production and Power Generation Project Jacqueline Nyirakamana, MBA Transboundary Water Resources Initiative Specialist Ministry of Natural Resources Kigali- Rwanda August,

776 views • 21 slides

More recommend