CSCD 303 Lab 6
Human and Computer Reconnaissance Lab

Due: November 16, Thursday

Instructions

In this Lab you are going to do some background investigation into tools that will allow you, the prospective attacker to discover information about a target. The target can be a specific domain, network or range of IP addresses.

Specifically, you will be researching the purpose and functionality of dig, nslookup and the whois command. Read the tutorials and answer the questions. Some questions might require you to do some Internet research.

The second part of the lab is for you to answer some questions about Facebook vulnerability.


Tasks and Questions

For a brief overview of nslookup and dig, check this site out,
Infosecinstitute
For a brief overview of whois, see the next link,
Liquidweb Tutorial whois

Task 1. Reconnaissance
As a determined attacker you are going to do some Reconnaissance to discover information. As part of Reconnaissance, an attacker will try to locate DNS records for a target machine. This is called DNS enumeration.
Question 1a. What does DNS enumeration accomplish for an attacker?
To accomplish DNS enumeration, you will be using the dig tool via a web interface. Dig Web Interface
Type: ewu.edu in the box on the left of the page.Click ANY in the Type box.
Report on the results. You can cut and paste the results from the web site.
Question 1b. What did you discover about the ewu.edu. domain?
Name the name servers, mail server and the ip address of the A record.
Question 1c. Does dig run under Windows or Mac OSX or only Linux (at the command line)?

The next tools are nslookup and whois
Use this next website, Centralops.net to test both the nslookup command and see whois results, First, the nslookup command, Centralop Nslookup
Type: ewu.edu in the domain name box. For Query type, select A - IPv4 address
Question 1d. What does nslookup do? What answer did it return?

For the next few Questions, you will go to the link below to access the Whois command. This site, also will display DNS information.
Centralops.net
In the box, type: ewu.edu for the domain. Click go
See results displayed
Question 1e. What is the IP address range of ewu.edu?
Question 1f. What does whois do?
Question 1g. List some facts about EWU.EDU such as:
1. Contacts, Technical and Administrative
2. Date the domain expires.
3. Date the domain was first registered 5. Get creative, how could you find out more vulnerabilities using the information you have discovered? List some next steps in your reconnaissance of the EWU domain.


Task 2. Research some Facebook Vulnerabilities
Lets say your good friend or close relative has been hacked. How do you know? Their picture changed, their name changed, and you received strange messages from them that was not normal for them. So, you notify them. They send out notices that indeed they were hacked and they now have a new profile where you can re-friend them.
Question 2a.What can happen to you as a result of their compromised account? How are you vulnerable as a "friend"?
Note: It can take Facebook a while to shut down a bogus account.

Question 2b. Research a currant Facebook scam and report on it. Who are they targetting? What is the goal of the scam? How do you determine if it is truly a scam?

Deliverables

1. Type answers to the questions and send them in via email. Put CSCD303-Lab6 in the subject line