Scribd Logo
Hochladen

Willkommen bei Scribd!

  • Homework 1

    Hochgeladen von

    Enrico Cagliardi
    43 Ansichten4 Seiten

    Originaltitel

    Homework1.docx

    Copyright

    © © All Rights Reserved

    Verfügbare Formate

    DOCX, PDF, TXT oder online auf Scribd lesen

    Stufen Sie dieses Dokument als nützlich ein?

    Sind diese Inhalte unangemessen?

    Dieses Dokument melden

    Copyright:

    © All Rights Reserved
    Als DOCX, PDF, TXT herunterladen oder online auf Scribd lesen
    Markieren Sie unangemessene Inhalte
    43 Ansichten4 Seiten

    Homework 1

    Hochgeladen von

    Enrico Cagliardi

    Copyright:

    © All Rights Reserved
    Als DOCX, PDF, TXT herunterladen oder online auf Scribd lesen
    Markieren Sie unangemessene Inhalte
    von 4

    Homework #1 :

    The target site of this homework is www.masterdicucina.it : IP = 217.64.195.207

    1. (20 points) Select a web site.

    1) Use “Wget” or “Teleport Pro” to mirror the site. Look for comments within comment tags. Give
    screen dumps and explain what you found.

    2) Use “DirBuster” with a proxy feature through “privoxy” to enumerate hidden files and
    directories. Screen
    dump and explain the hidden files and directories you found.

    2. (20 points) Lookup “How I met your girlfriend” in the BlackHat 2010 demo to explain, in 0.5
    page,
    how this was done.
    3. (20 points) Select a person. Use on-line sites for phone book, social network, information, job,
    photo management, business directory, jigsaw.com, etc. to summarize, with screen dumps and
    explanations, what information you can get. If your target is not in US nor native English speaker,
    you might need to use on-line sites different from the textbook.
    4. (20 points) Google “XYZ resume firewall” and “XYZ resume intrusion detection” where “XYZ”
    is
    the name of your target company. Screen dump “useful” results and explain what you got.
    5. (20 points) Lookup Archive.org and Google cached results, and select a target web site. Compare
    the differences between an archived and cached copy with its current on-line web site. Give
    screen dump and explain the differences.
    6. (20 points) Find Google Hacking Database at hackersforcharity.org/ghdb/. Summarize what it
    has
    and select 3 strings to search. Screen dump and explain what you got.

    7. (20 points) Select a web site. Start from whois.iana.org to find its registry, registrar, and
    registrant.

    The authoritative registry for all it domains can be find by entering “it” in the iana.org site. We can
    find the following info :

    organisation: IIT - CNR


    address: Via Moruzzi, 1
    address: Pisa I-56124
    address: Italy

    Questo lo si può desumere anche dalla pagina https://www.iana.org/domains/root/db . In questa


    pagina se clicchiamo in corrispondenza del nostro dominio TLD arriviamo sulla pagina
    https://www.iana.org/domains/root/db/it.html dove troviamo , alla fine, le informazioni sul Whois
    server del registry che è :

    URL for registration services: http://www.nic.it/


    WHOIS Server: whois.nic.it

    Da questo sito , inserendo il mio dominio, ottengo le informazioni sul Registrar e sul Registrant :
    Registrar
    Organizzazione:Seeweb S.r.l.
    Nome:TOPHOST-REG
    Web:https://www.tophost.it
    DNSSEC:no

    Registrant
    Organizzazione:Roberto Bruzzese
    Indirizzo:
    Via Rossi 12
    00155 - Roma (RM)
    it
    Qui è contenuta l’informazione sui nameservers:

    Nameservers
    ns1.th.seeweb.it
    ns2.th.seeweb.it

    Also select an IP address. Start from arin.net to find who owns the IP address. Show your screen
    dump and explain.

    Il mio IP è IP = 217.64.195.207. Questo mi è stato assegnato in fase di registrazione. Ma se volessi


    fare il percorso inverso, e volessi conoscere , dato un IP , a chi esso fa riferimento.
    Vediamo quindi il processo inverso.
    Andiamo sul sito arin.net ed inseriamo il nostro indirizzo IP.
    L’IP in questione, che fa parte della rete più estesa 217.64.195.193 – 217.64.195.255
    appartiene a SEEWEB-CLOUD, √Seeweb s.r.l. Corso Lazio 9/a I-03100 Frosinone, cui
    dobbiamo fare riferimento per ulteriori informazioni.

    8. (20 points) Select a domain name. Use nslookup to dump its DNS records. Show your screen
    dump and explain.

    1. Dopo aver dato il commando nslookup Set the DNS Record type you wish to
    lookup by typing set type=## where ## is the record type, then
    hit Enter.  You may
    use A, AAAA, A+AAAA, ANY, CNAME, MX, NS, PTR, SOA, or SRV as
    the record type.

    Si evince il nome del server presso cui è ospitato l’IP in questione.

    9. (20 points) Select a domain name. Use traceroute or similar tools to find the access path to that
    domain. Show your screen dump and explain.
    Come si vede vi sono 15 hop dal mio dispositivo fino al sito target , oltrepassando il gateway, e
    numerosi firewall, motivo per cui si è dovuta usare l’opzione -I nel comando di traceroute.

    10. (bonus: 40 points) Follow the case study right before chapter 1. Select one target and run
    through all tools (Tor, Vidalia, Privoxy, tor-resolve, proxychains, Nmap, socat, nc). Screen dump
    the process and explain what you got in your screen.

    Das könnte Ihnen auch gefallen