46 Información adicional: - ESTADOS FINANCIEROS CONSOLIDADOS INTERMEDIOS POR EL PERÍODO TERMINA

iSMTP v1.6 - SMTP Server Tester, Alton Johnson ([email protected]) ---

Testing SMTP server [user enumeration]: 192.168.1.25:25 Emails provided for testing: 109

Performing SMTP VRFY test...

[-] 4Dgifts --- [ invalid ] [-] EZsetup --- [ invalid ] [+] ROOT --- [ success ] [+] adm --- [ success ]

CATEGORIES: I N F O R M A T I O N

G A T H E R I N G , S N I F F I N G / S P O O F I N GTAGS: I N F O G A T H E R I N G , R E C O N , S M T P , S N I F F I N G , S P O O F I N G

lbd

LBD PACKAGE DESCRIPT ION

lbd (load balancing detector) detects if a given domain uses DNS and/or HTTP Load-Balancing (via Server: and Date:

header and diffs between server answers).

Source: http://ge.mine.nu/code/lbd lbd Homepage | Kali lbd Repo

 Author: Stefan Behte

 License: GPLv2

TOOLS INCLUDED IN THE LBD PACKAGE

lbd–Loadbalancerdetector

root@kali:~# lbd

lbd - load balancing detector 0.1 - Checks if a given domain uses load-balancing.

Written by Stefan Behte (http://ge.mine.nu) Proof-of-concept! Might give false positives.

usage: /usr/bin/lbd [domain]

66

LBD USAGE EXAMPLE

Test to see if the target domain (example.com) is using a load balancer:

root@kali:~# lbd example.com

lbd - load balancing detector 0.1 - Checks if a given domain uses load-balancing.

Written by Stefan Behte (http://ge.mine.nu) Proof-of-concept! Might give false positives.

Checking for DNS-Loadbalancing: NOT FOUND Checking for HTTP-Loadbalancing [Server]:

ECS (sea/55ED) ECS (sea/1C15) FOUND

CATEGORIES: I N F O R M A T I O N G A T H E R I N GTAGS: I N F O G A T H E R I N G , R E C O N , W E B A P P S

MaltegoTeeth

MALTEGO TEETH PACKAG E DESCRIPTION

Maltego is a unique platform developed to deliver a clear threat picture to the environment that an organization owns and operates. Maltego’s unique advantage is to demonstrate the complexity and severity of single points of failure as well as trust relationships that exist currently within the scope of your infrastructure.

The unique perspective that Maltego offers to both network and resource based entities is the aggregation of information posted all over the internet – whether it’s the current configuration of a router poised on the edge of your network or the current whereabouts of your Vice President on his international visits, Maltego can locate, aggregate and visualize this information.

Maltego offers the user with unprecedented information. Information is leverage. Information is power. Information is Maltego.

What does Maltego do?

Maltego is a program that can be used to determine the relationships and real world links between:

 People

 Groups of people (social networks)

 Companies

 Organizations

 Web sites

 Internet infrastructure such as:

 Domains

67

 DNS names

 Netblocks

 IP addresses

 Phrases

 Affiliations

 Documents and files

 These entities are linked using open source intelligence.

 Maltego is easy and quick to install – it uses Java, so it runs on Windows, Mac and Linux.

 Maltego provides you with a graphical interface that makes seeing these relationships instant and accurate – making it possible to see hidden connections.

 Using the graphical user interface (GUI) you can see relationships easily – even if they are three or four degrees of separation away.

 Maltego is unique because it uses a powerful, flexible framework that makes customizing possible. As such, Maltego can be adapted to your own, unique requirements.

What can Maltego do for me?

 Maltego can be used for the information gathering phase of all security related work. It will save you time and will allow you to work more accurately and smarter.

 Maltego aids you in your thinking process by visually demonstrating interconnected links between searched items.

 Maltego provide you with a much more powerful search, giving you smarter results.

 If access to “hidden” information determines your success, Maltego can help you discover it.

Source: http://paterva.com/web6/products/maltego.php Maltego Homepage | Kali Maltego Teeth Repo

 Author: Paterva

 License: Commercial MALTEGO TEETH README

root@kali:~# cat /opt/Teeth/README.txt NB NB: This runs on Kali Linux

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

#Make directory /opt/Teeth/

#Copy tgz to /opt/Teeth/

#Untar

Load the config file called /opt/Teeth/etc/Maltego_config.mtz file into Maltego.

This is painless:

1) Open Maltego Tungsten (or Radium)

2) Click top left globe/sphere (Application button)

3) Import -> Import configuration, choose /opt/Teeth/etc/Maltego_config.mtz

68

Notes ---

Config file is in /opt/Teeth/etc/TeethConfig.txt Everything can be set in the config file.

Log file is /var/log/Teeth.log, tail -f it while you running transforms for real time logs of what's happening.

You can set DEBUG/INFO. DEBUG is useful for seeing progress - set in /opt/Teeth/units/TeethLib.py line 26

Look in cache/ directory. Here you find caches of:

1) Nmap results 2) Mirrors

3) SQLMAP results

You need to remove cache files by hand if you no longer want them.

You can run housekeep/clear_cache.sh but it removes EVERYTHING.

The WP brute transform uses Metasploit.Start Metasploit server so:

msfconsole -r /opt/Teeth/static/Teeth-MSF.rc It takes a while to start, so be patient.

In /housekeep is killswitch.sh - it's the same as killall python.

CATEGORIES: E X P L O I T A T I O N T O O L S , I N F O R M A T I O N G A T H E R I N G , P A S S W O R D A T T A C K S , W E B A P P L I C A T I O N STAGS: E X P L O I T A T I O N , G U I , P O R T S C A N N I N G , W E B A P P S

masscan

MASSCAN PACKAGE DESC RIPTION

This is the fastest Internet port scanner. It can scan the entire Internet in under 6 minutes, transmitting 10 million packets per second.

It produces results similar to nmap, the most famous port scanner. Internally, it operates more like scanrand, unicornscan, and ZMap, using asynchronous transmission. The major difference is that it’s faster than these other scanners. In addition, it’s more flexible, allowing arbitrary address ranges and port ranges.

NOTE: masscan uses a custom TCP/IP stack. Anything other than simple port scans will cause conflict with the local TCP/IP stack. This means you need to either use the -S option to use a separate IP address, or configure your operating system to firewall the ports that masscan uses.

Source: https://github.com/robertdavidgraham/masscan

69

masscan Homepage | Kali masscan Repo

 Author: Robert Graham

 License: A-GPL-3

TOOLS INCLUDED IN THE MASSCAN PACKAGE

In document ESTADOS FINANCIEROS CONSOLIDADOS INTERMEDIOS POR EL PERÍODO TERMINADO AL 31 DE MARZO DE 2022 EMPRESA NACIONAL DEL PETRÓLEO (página 54-58)