been sent, a blank line tells the remote server that the headers are done, at which
point it starts sending the response.
Example 3-24. Using nc to interact with a web server
root@rosebud:~# nc 192.168.86.1 80
GET / HTTP/1.1
Host: 192.168.86.1
HTTP/1.1
200
OK
Connection: Keep-Alive
Content-Length: 7597
Content-Type: text/html
Date: Mon,
01
Jan
2018
03:55:36 GMT
The output here shows just the headers, though they were followed by the HTML for
the page that was requested. One advantage to using
nc
over
telnet
is that netcat can
be used to set up a listener. This means you can create a sink to send network traffic
to. You could use it to just collect data from anyone who makes a connection to what‐
ever port you have it set to listen on. Additionally,
telnet
uses TCP. By default,
nc
also
uses TCP, but you can have
nc
use UDP. This can allow you to interact with any serv‐
ices that use UDP as the transport layer.
Summary
Information gathering will help your later work. It can also be used to turn up poten‐
tial vulnerabilities in the sense of information leakage. Spending time information
gathering can pay off, even if you really just want to get to the exploitation. The fol‐
lowing are some important ideas to take away from this chapter:
• You can use openly available sources to acquire information about targets.
• You can use Maltego to automatically gather openly available information.
• Tools like theHarvester can be used to automatically gather details about email
addresses and people.
• The Domain Name System (DNS) can contain a lot of details about a target orga‐
nization.
• Regional Internet Registries (RIRs) can be a source of a lot of details about IP
addresses and who owns them.
• The
nmap
program can be used for port scanning as well as for gathering details
about operating systems and application versions.
• Port scans are ultimately a way to find applications listening on those ports.
