CEH Chapter 2 > Footprinting and Reconnaissance

Réussis tes devoirs et examens dès maintenant avec Quizwiz!

HINFO

Host Information

NS

Host Name Server

PTR

IP-Host Mapping

WHOIS Lookup

"WHOIS" finds information regarding domain name and ownership from its database, IP Address, Netblock data, Domain Name Servers and other information. Regional Internet Registries (RIR) maintain the WHOIS database.

Objectives of Footprinting

1. To know security posture 2..To reduce the focus area 3. To identify vulnerabilities 4. To draw network map

Lookup Results show a complete domain profile, including:

>Registrant information >Registrant organization >Registrant country >Domain name server information >IP address >IP location >ASN >Domain status >WHOIS history >IP history >Registrar history >Hosting history

Penetration testers or attackers can identify the following:

>When the company was established >Evolution of the company >Authority of the company >Background of the organization >Strategies and planning >Financial statistics >Other information

DNS Interrogation Tools

>http://www.dnsstuff.com >http://network-tools.com >http://www.kloth.net >http://www.mydn stools.info >http://www.nirsoft.net >http://www.dnswatch.info >http://www.domaintools.com >http://www.dnsqueries.com >http://www.ultratools.com >http://www.webmaster-toolkit.com

African Network Information Centre

AFRINIC > Africa

Asia-Pacific network Information Centre

APNIC > Asia, Australia, New Zealand and Neighboring countries

American Registry for Internet Numbers

ARIN > United States, Canada, several parts of the Caribbean Region and Antarctica

Tracking Email from an Email Header

An email is tracked by its header. You can track an email from its header and trace the email hop by hop along with IP addresses, Hop Name, and location. Several online and software applications offer email header tracking.

Extract Website Information

Archive.com is an online service that provides an archived version of websites. The result consists of a summary of the website including a summary on the MIME-type count, summary for TLD/HOST/Domain, a sitemap of the website and dates, calendar views, and other information.

Gathering Information from Financial Services

By just searching for your target organization, you can obtain their financial information. Service providers are Google (www.google.com/finance) and Yahoo (finance.yahoo.com).

CNAME

Canonical Naming that allows aliases to a host

Competitive Intelligence

Competitive Intelligence is an approach to collecting information and analyzing and gathering competitors' statistics. Competitive Intelligence is non-interfering as it is the process of collecting information through different resources. Some primary sources of competitive intelligence are: >Official Websites >Job Advertisements >Press Releases >Annual Reports >Product Catalogs >Analysis Reports >Regulatory Reports >Agents, Distributors, and Suppliers

DNS Footprinting

DNS lookup information is helpful for identifying a host within a targeted network.

MX

Domain's Mail Server

Dumpster Diving

Dumpster Diving is the process of looking for treasure in trash. This technique is old but still effective. It includes accessing the target's trash such as printer trash, user desk, company trash to find phone bills, contact information, financial information, source codes, and other helpful material.

Eavesdropping

Eavesdropping is a type of Social Engineering footprinting in which the social engineer gathers information by covertly listening to conversations. This includes listening, reading, and accessing any source of information without being detected.

Email Footprinting

Email plays an essential role in the running an organization's business. Email is one of the most popular, widely used, professional methods of communication and is used by every organization for communicating with partners, employees, competitors, contractors, and other people involved in the organization's daily business. Polite Mail is a handy tool for email footprinting. Polite Mail tracks email communication with Microsoft Outlook. Tracing an email using an email header can reveal the following information: >Destination address >Sender's IP address >Sender's Mail server >Time and Date information >Authentication system information of sender's mail server.

Countermeasures of Footprinting

Footprinting countermeasures include the following: >An organization's employees' access to social networking sites from the corporate network must be restricted >Devices and servers should be configured to avoid data leakage >Education, training, and awareness regarding footprinting, its impact, methodologies, and countermeasures should be provided to employees >Revealing sensitive information in annual reports, press releases, etc. should be avoided >Prevent search engines from caching web pages

Competitive Intelligence Gathering

For competitive information, you should visit websites like EDGAR, LexisNexis, Business Wire, and CNBC.

Google Hacking Database (GHDB)

Google hacking, also known as "Google Dorking", is a combination of computer hacking techniques for finding security holes within an organization's network and systems using Google search and other applications powered by Google.

Monitoring a Target Using Alerts

Google, Yahoo, and other alert services offer content monitoring services through an alert feature that notifies the subscriber about the latest and up-to-date information related to the subscribed topic.

Gathering Information Using Groups, Forums, and Blogs

Groups, forums, blogs, and communities can be a great source of sensitive information. Joining these platforms using a fake ID and accessing the target organization's group is not difficult for anyone these days. Any official and non-official group can become a source for the leakage of sensitive information.

Footprinting Methodology

Hackers often use the following techniques for gathering information: >Search Engines >Advanced Google Hacking Techniques >Social Networking Sites >Websites >Email >Competitive Intelligence >WHOIS >DNS >Network >Social Engineering

Shoulder Surfing

In Shoulder Surfing, information is collected by standing behind a target when he is dealing with sensitive information. By using this technique, passwords, account numbers, or other secret information can be gathered, depending upon the carelessness of the target.

Footprinting through Social Engineering

In footprinting, one of the easiest components to hack is human being itself. We can collect information from a human quite easily with social engineering. Some basic social engineering techniques are: >Eavesdropping >Shoulder Surfing >Dumpster Diving >Impersonation

Phishing

In the process of Phishing, emails sent to a targeted group contain messages that look legitimate. The recipient clicks the link provided in the email assuming that it as a legitimate link. Once the reader clicks the link, it redirects the user to a fake webpage that looks like an official website. For example, the recipient may be redirected to a fake bank webpage that then asks for sensitive information. Similarly, clicking on the link may download a malicious script onto the recipient's system to fetch information.

SDA

Indicate Authority for the Domain

People update their statuses

Information >Most recent personal information >Most recent location >Information about family & friends >Activities & Interests >Technology related information >Upcoming events information What Attacker Achieves >Platform & Technology related information >Target location >List of Employees / Friends / Family >Nature of business

People maintain their profiles

Information >Photo of the target >Contact number >Email address >Date of birth >Location >Work details What attackers Achieves >Personal information about a target including personal details, photo, etc. >Social engineering

Internet Footprinting

Internet Footprinting includes footprinting and reconnaissance methods for collecting information through the internet. Popular options for internet footprinting include the Google hacking database, Google Advanced Search, and some other search engines.

Latin America and Caribbean Network Information Centre

LACNIC > Latin America and parts of the caribbean region

Reseaux IP Europeens Network Coordination Centre

RIPE NCC > Europe, Russia, the Middle East and Central Asia

Maltego

Maltego is a data mining tool that is powered by Paterva. This interactive tool gathers data and shows the results in graphs for analysis. The major purpose of this data mining tool is an online investigation of relationships among different pieces of information obtained from various sources over the internet. By using Transform, Maltego automates the process of gathering information from different data sources. A node-based graph represents this information. There are three versions of Maltego client software, and they are mentioned below: >Maltego CE >Maltego Classic >Maltego XL

Mirroring an Entire Website

Mirroring a website is the process of replicating the entire website in a local directory. Downloading an entire website onto a local directory enables the attacker to use and inspect the website, its directories, and its structure. It also enables the attacker to find other vulnerabilities from this downloaded copy in an offline environment.

Footprinting through Job Sites

On Job Sites, organizations that offer job vacancies provide their organization's information and portfolio as well as the job post. This information includes the company's location, industry information, contact information, the number of employees, job requirements, and hardware and software information. Similarly, personal information can be collected from a targeted individual by posting a fake job vacancy on such sites. Some of the most popular job sites are: >www.linkedIn.com >www.monster.com >www.indeed.com >www.careerbuilder.com

Network Footprinting

One of the most important types of footprinting is Network Footprinting. Fortunately, there are several tools available that can be used for network footprinting to gain information about the target network.

Email Tracking Tools

Popular Email Tracking tools are as follows: >Polite Mail >Email Tracker Pro >Email Lookup >Yesware >Who Read Me >Contact Monkey >Read Notify >Did They Read It >Get Notify >Point of Mail >Trace Email >G-Lock Analytics

Recon-ng

Recon-ng is a full feature Web Reconnaissance framework used for gathering information as well as network detection. This tool is written in python and has independent modules, database interaction, and other features. You can download the software from www.bitbucket.org. This Open Source Web Reconnaissance tool requires the Kali Linux Operating system.

RP

Responsible Person

site:

Search for the results in the given domain

SRV

Service Records

Social Engineering

Social Engineering in information security refers to the technique of psychological manipulation. This trick is used to gather information from people through different social networking platforms for hacking and using the information to get close to the target.

Social Engineering

Social Engineering is the art of extracting sensitive information from people. Social Engineers play with human psychology and trick people into sharing their valuable information.

Google Advanced Search Operators

Some advanced operators can be used to modify a search for a specific topic using search engines. These advanced search operators make the search more focused and appropriate to a task.

Online People Search Services

Some of these websites include: >www.privateeye.com >www.peoplesearchnow.com >www.publicbackgroundchecks.com >www.anywho.com >www.intelius.com www.4 1 1 1.com >www.peoplefinders.com

FOCA stands for Fingerprinting Organizations with Collected Archives.

The FOCA tool finds metadata and other hidden information within a document on a website. Scanned searches can be downloaded and analyzed. FOCA is a powerful tool that can support various types of documents including Open Office, Microsoft Office, Adobe InDesign, PDF, SVG, etc. Search uses three search engines: Google, Bing, and DuckDuckGo.

A

The Host's IP Address

Tracking the Online Reputation of the Target

The reputation of an organization can be monitored through online services. Online Reputation Management (ORM) offers to monitor an organization's reputation.

Monitoring a Target Company's Website Traffic

There are some website monitoring tools that are being widely used by developers, attackers, and penetration testers to check the statistics of websites.

Traceroute

Tracert options are available in all Operating Systems as a command line feature. Visual traceroute, graphical, and other GUI-based traceroute applications are also available. Traceroute or Tracert command traces the path information from source to destination in the hop by hop manner. The result includes all hops between source and destination. The result also includes latency between these hops.

TXT

Unstructured Records

Determining the Operating System

Using websites such as Netcraft.com can also help in searching for Operating Systems that are in use by the targeted organizations. Simply go to the website www.netcraft.com and enter the target organization's official URL.

Website Footprinting

Website Footprinting includes monitoring and investigating the target organization's official website for gaining information such as the software being used, the versions of this software, Operating Systems, sub-directories, database, scripting information, and other details.

Footprinting

means gathering every possible piece of information related to the target and target network. The collected information helps in identifying different possible ways to enter into the target network. Usually, information is gathered from both public and secret sources.

Finding a Company's Public and Restricted Websites

an attacker also collects information of an organization's official website including its public and restricted URLs. The official website's URL can simply be obtained through search engines as previously explained. However, to find the restricted URL of an organization's website, the attacker will have to use different services that can fetch information from websites. www.netcraft.com

cache:

display the web pages stored in the cache

Footprinting through Search Engines

extract information from the internet about anything subject. You can open a web browser and use a search engine, such as Google or Bing, to search for anything you want. The search engine generates results showing every piece of information available on the internet.

OnWebChange

http://onwebchange.com

Page2RSS

http://page2rss.com

Black Widow

http://softbytelabs.com

NCollector Studio

http://www.calluna-software.com

Change Detection

http://www.changedetection.com

Follow That Page

http://www.followthatpage.com

GNU Wget

http://www.gnu.org.com

Hooeey Webprint

http://www.hooeeywebprint.com

Infominder

http://www.infominder.com

Offline Explorer Enterprise

http://www.metaproducts.com

Portable Offline Browser

http://www.metaproducts.com

Monitis

http://www.monitis.com/

PageNest

http://www.pagenest.com

Backstreet Browser

http://www.spadixbd.com

Surf offline Professional

http://www.surfoffline.com/

Teleport Pro

http://www.tenmax.com

Website Ripper Copier

http://www.tensons.com

Watch That Page

http://www.watchthatpage.com

Check4Change

https://addons.mozilla.org

LexisNexis

https://risk.lexisnexis.com

Alexa

https://www.alexa.com/

Win HTTrack Website Copier

https://www.httrack.com/page/2/

EDGAR

https://www.sec.gov/edgar.shtml

Web-Stat

https://www.web-stat.com/

Pseudonymous Footprinting

is the collection of information about a target through online sources. In Pseudonymous footprinting, information about a target is published over the internet by anyone other than the target. This type of information is shared without real credentials in order to avoid begin traced to the actual source of the information.

link:

list the websites with a link to a specific web page

intext:

search for documents containing a specific keyword

inurl:

search for documents containing a specific keyword in URL

intitle:

search for documents containing a specific keyword in the title

related:

search for similar web pages

allintext:

search for websites containing a specific keyword

allinurl:

search for websites containing a specific keyword in URL

allintitle:

search for websites containing a specific keyword in the title

Web Spiders or Web Crawlers

the internet bots used to perform regular and automated browsing on the World Wide Web. This crawling on a targeted website gathers specific information such as names and email addresses.

Collect Location

the physical location of the headquarters, what surrounds it, the location of branch offices, and other related information can Some of the most popular online services are: >Google Earth >Google Map >Bing Map >Wikimapia >Yahoo Map

Business Wire

www.businesswire.com/portal/site/home/

CNBC

www.cnbc.com

Hoovers

www.hoovers.com


Ensembles d'études connexes

Intermediate Macrotheory Exam 1 Study

View Set

Microscopic and macroscopic identification

View Set