Ceh v8 labs module 02 footprinting and reconnaissance
Upcoming SlideShare
Loading in...5
×
 

Ceh v8 labs module 02 footprinting and reconnaissance

on

  • 288 views

 

Statistics

Views

Total Views
288
Views on SlideShare
288
Embed Views
0

Actions

Likes
0
Downloads
79
Comments
0

0 Embeds 0

No embeds

Accessibility

Categories

Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

Ceh v8 labs module 02 footprinting and reconnaissance Ceh v8 labs module 02 footprinting and reconnaissance Document Transcript

  • CEH Lab Manual Footprinting a n d R e c o n n a i s s a n c e M o d u l e 02
  • Module 0 2 - Footprinting and R e co n n a issa n ce Footprinting a Target Network F o o tp rin tin g re fe rs to u n co verin g a n d co lle ctin g a s m uch in fo rm a tio n a s p o ssib le reg ard in g a ta rg e t n etn o rk L a b S c e n a r io Valuable m fonnation____ Penetration testing is much more than just running exploits against vulnerable Test your know ledge begins before penetration testers have even made contact w ith the vic tim ’s sA Web ex ercise them returns a shell, a penetration tester meticulously studies the environm ent m Workbook review tester runs an exploit, he or she is nearly certain that it w ill be successful. Since systems like we learned about 111 the previous module. 111 fact, a penetration test systems. Rather than blindly throwing out exploits and praying that one o f for potential weaknesses and their mitigating factors. By the time a penetration failed exploits can 111 some cases cause a crash or even damage to a victim system, or at the very least make the victim un-exploitable 111 the fiiUire, penetration testers w on't get the best results, or deliver the most thorough report to then‫ ־‬clients, i f they blindly turn an automated exploit machine on the victim netw ork w ith no preparation. L a b O b je c t iv e s T he objective o f the lab is to extract inform ation concerning the target organization that includes, but is not lim ited to: ■ IP address range associated w ith the target ■ Purpose o f organization and w h y does it exists ■ H o w big is the organization? W h a t class is its assigned IP Block? ■ Does the organization freely provide inform ation on the type o f operating systems employed and netw ork topology 111 use? ■ Type o f firewall im plem ented, either hardware or software or com bination o f both ■ Does the organization allow wireless devices to connect to wired networks? ■ Type o f rem ote access used, either SSH or T N ■ Is help sought on I T positions that give inform ation on netw ork services provided by the organization? C E H Lab Manual Page 2 Ethical Hacking and Countemieasures Copyright © by EC-Council All Rights Reserved. Reproduction is Stricdy Prohibited.
  • Module 0 2 - Footprinting and R e co n n a issa n ce ■ IdentitV organization’s users w h o can disclose their personal inform ation that can be used fo r social engineering and assume such possible usernames & Tools dem onstrated in this lab are available in D:CEHToolsCEHv8 Module 02 Footprinting and Reconnaissance L a b E n v ir o n m e n t Tins lab requires: ■ Windows Server 2012 as host machine ■ A web browser w ith an Internet connection ■ Administrative privileges to 11111 tools L a b D u r a t io n Time: 50 ]Minutes O v e r v ie w o f F o o t p r in t in g Before a penetration test even begins, penetration testers spend tune w ith their clients working out the scope, mles, and goals ot the test. The penetration testers may break 111 using any means necessary, from information found 111 the dumpster, to web application security holes, to posing as the cable guy. A fter pre-engagement activities, penetration testers begin gathering information about their targets. O ften all the information learned from a client is the list o f IP addresses a n d /o r web domains that are 111 scope. Penetration testers then learn as much about the client and their systems as possible, from searching for employees on social networking sites to scanning die perimeter for live systems and open ports. Taking all the information gathered into account, penetration testers sftidv the systems to find the best routes o f attack. Tins is similar to what an attacker would do or what an invading army would do when trying to breach the perimeter. Then penetration testers move into vulnerabilitv analysis, die first phase where they are actively engaging the target. Some might say some port scanning does complete connections. However, as cybercrime rates nse, large companies, government organizations, and other popular sites are scanned quite frequendy. During vulnerability analysis, a penetration tester begins actively probing the victim systems for vulnerabilities and additional information. O nly once a penetration tester has a hill view o f the target does exploitation begin. Tins is where all o f the information that has been meticulously gathered comes into play, allowing you to be nearly 100% sure that an exploit will succeed. Once a system has been successfully compromised, the penetration test is over, right? Actually, that's not nglit at all. Post exploitation is arguably the most important part o f a penetration test. Once you have breached the perimeter there is whole new set o f information to gather. Y o u may have access to additional systems that are not available from the perimeter. The penetration test would be useless to a client without reporting. Y o u should take good notes during the other phases, because during reporting you have to tie evervdiing you found together 111 a way C E H Lab Manual Page 3 Ethical Hacking and Countemieasures Copyright © by EC-Council All Rights Reserved. Reproduction is Stricdy Prohibited.
  • Module 0 2 - Footprinting and R e co n n a issa n ce everyone from the I T department who w ill be remediating the vulnerabilities to the business executives who will be approving die budget can understand. m TASK 1 Overview Lab T asks Pick an organization diat you feel is worthy o f vour attention. Tins could be an ed u c a tio n a l in stitu tion , a co m m e rcia l com pany. 01 perhaps a nonprofit charity. Recommended labs to assist you 111 footprinting; ■ Basic N etw o rk Troubleshooting Using the ping u tility and nslookup Tool ■ People Search Using Anyw ho and Spokeo Online Tool ■ Analyzing D om ain and IP Address Queries Using Sm artW hois ■ N etw o rk Route Trace Using Path A nalyzer Pro ■ Tracing Emails Using e M a ilT ra c k e rP ro T oo l ■ Collecting Inform ation A bout a target’s Website Using Firebug ■ Mirroring Website Using H T T ra c k W eb S ite C opier Tool ■ Extracting Company’s Data Using W eb D ata E x tra c to r ■ Identifying Vulnerabilities and Inform ation Disclosures using S earch Diggity 111 Search Engines L a b A n a ly s is Analyze and document the results related to die lab exercise. Give your opinion 011 your target’s security posture and exposure through public and tree information. P L E A S E TALK TO YOUR I NSTRUCTOR IF YOU HAVE QUESTIONS R EL A TE D TO THI S LAB. C E H Lab Manual Page 4 Ethical Hacking and Countermeasures Copyright © by EC-Council All Rights Reserved. Reproduction is Stricdy Prohibited.
  • Module 0 2 - Footprinting and R e co n n a issa n ce Lab 1 Footprinting a Target Network Using the Ping Utility 0 u tility )1 P in g is a co m p uter n etw o rk a d m in is tra ti u sed to te s t th e re a c h a b ility o f a h o st on a n In te rn e tp ro to c o l (IP ) n e tw o rk a n d to m easure th e ro n n d - trip tim e fo r m essages se n tfro m th e o rig in a tin g h o st to a d e stin a tio n com puter. I CON KEY [£ 7Valuable Z information Test your know ledge_____ * Web ex ercise Workbook review L a b S c e n a r io As a professional p e n e tra tio n te s te r, you w ill need to check for the reachability o f a com puter 111 a network. Ping is one o f the utilities that w ill allow you to gather im portant inform ation like IP address, m axim um P a c k e t Fam e size, etc. about the network com puter to aid 111 successful penetration test. L a b O b je c t iv e s Tins lab provides insight into the ping com m and and shows h ow to gather inform ation using the ping command. T he lab teaches h ow to: ■ ■ & Tools dem onstrated in this lab are available in D:CEHToolsCEHv8 Module 02 Footprinting and Reconnaissance Use ping Em ulate the tracert (traceroute) com m and w ith ping ■ Find m axim um frame size for the network ■ Identity IC M P type and code for echo request and echo reply packets L a b E n v ir o n m e n t T o carry out tins lab you need: A dm inistrative privileges to run tools ■ TCP/IP settings correctly configured and an accessible DNS server ■ C E H Lab Manual Page 5 ■ Tins lab w ill w o rk 111 the C E H lab environm ent - on W indow s S erver 20 1 2 . W indow s 8, W indow s S erver 2 0 0 8 , and W indow s 7 Ethical Hacking and Countermeasures Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited.
  • Module 0 2 - Footprinting and R e co n n a issa n ce L a b D u r a t io n Tune: 10 Minutes O v e r v ie w o f P in g & PING stan s for d Packet Internet Groper. The ping command sends Internet Control Message Protocol (ICMP) echo request Ping com and S m yntax: ping [-q] [-v] [-R [-c ] Count] [-iWait] [-s PacketSize] Host. response process, ping measures the tune from transmission to reception, known as packets to the target host and waits tor an ICMP response. D uring tins requestdie round-trip tim e, and records any loss o f packets. Lab T asks 1. Find the IP address tor h ttp :/ Avww.cert 1hedhacker.com 2. T o launch S ta rt menu, hover the mouse cursor in the low er-left corner o f the desktop FIGURE 1 :W .1 indow S s erver 2012— Desktopview Locate IP Address 3. Click Com m and Prom pt app to open the com m and pro m p t w in do w FIGURE 1 : W .2 indow S s erver 2012— pps A Type ping w w w .c e rtifie d h a c k e r.c o m For the com and, m ping -c count, specify the num of echo requests to ber send. C E H Lab Manual Page 6 111 the com m and prom pt, and press E nter to find out its IP address b. T h e displayed response should be similar to the one shown 111 the following screenshot Ethical Hacking and Countermeasures Copyright © by EC-Council All Rights Reserved. Reproduction is Stricdy Prohibited.
  • Module 0 2 - Footprinting and R e co n n a issa n ce Administrator: C:Windowssystem32cmd.exe m The ping command, “ping —wait,” m i eans wait tim that is the num of e, ber seconds to wait betw een each ping. !‫* 'םי ־‬ ' C:)ping uuu.certifiedhacker.com Pinging www.certifiedhacker.com [202.75.54.1011 with 32 bytes of data: Request timed out. Reply from 202.?5.54.101: bytes=32 time=267ms TTL=113 Reply fron 202.75.54.101: bytes=32 time=288ms TTL=113 Reply fron 202.75.54.101: bytes=32 time=525ms TTL=113 Ping statistics for 202.75.54.101: Packets: Sent = 4, Received = 3, Lost = 1 <25z loss), Approximate round trip times in m illi— seconds: Minimum = 267ms, M um = 525ms, Overage = 360m axim s C:> FIGURE 1 : The pingcom and toextract die IP ad re sfor w w .3 m ds w .certifiedhacker.com 6. Y o u receive the IP address o f www.certifledhacker.com that is 2 0 2 .7 5 .5 4 .1 0 1 Y o u also get inform ation on Ping S ta tis tic s , such as packets sent, packets received, packets lost, and A pp ro xim ate round-trip tim e N o w , find out the m axim um frame size 011 the network. 111 the com m and prom pt, type ping w w w .c e rtifie d h a c k e r.c o m - f - l 1 500 Finding Maximum Frame Size m Request time out is displayed because either the m achine is down or it im plem ents a packet filter/firewall. * ‫׳‬ Administrator: C:Windowssystem32cmd.exe :< ping www.certifiedhacker.com -f ‫0051 1 ־‬ !Pinging www.certifiedhacker.com [202.75.54.101] with 1500 bytes of data: Packet needs to be fragmented but U set. P Packet needs to be fragmented but D set. F Packet needs to be fragmented but D set. F Packet needs to be fragmented but D set. F Ping statistics for 202.75.54.101: Packets: Sent = 4, Received = 0, Lost = 4 <100* loss). FIGURE 1 The pingcom andforw w .4: m w .certifiedhacker-comwidi —— f 11500 options 9. T h e display P a c k e t needs to be fragm ented but DF s e t means that the frame is too large to be 011 the netw ork and needs to be fragmented. Since w e used - f switch w ith the ping command, the packet was not sent, and the ping command returned tins error 10. Type ping w w w .c e rtifie d h a c k e r.c o m - f - l 1 3 0 0 Administrator: C:Windowssystem32cmd.exe m In the ping command, option —m f eans don’t fragm ent. ! - ! = ■ X ' Ic:>jping www.certifiedhacker.com - f -1 1300 Pinging www.certifiedhacker.com [202.75.54.101] with 1300 bytes of data: Reply from 202.75.54.101: bytes=1300 time=392ms TTL=114 Reply from 202.75.54.101: bytes=1300 time=362ms TTL=114 Reply from 202.75.54.101: bytes=1300 time=285ms TTL=114 Reply from 202.75.54.101: bytes=1300 time=331ms TTL=114 Ping statistics for 202.75.54.101: Packets: Sent = 4, Received = 4, Lost = 0 <0X loss), Approximate round trip times in m illi— seconds: M um = 285ms, M um = 392ms, Average = 342m inim axim s C:> FIGURE 1 : The pingcom and forw w .5 m w .certifiedhacker.comwith—— f 11300options C E H Lab Manual Page 7 Ethical Hacking and Countermeasures Copyright © by EC-Council All Rights Reserved. Reproduction is Stricdy Prohibited.
  • Module 0 2 - Footprinting and R e co n n a issa n ce 11. Y o u can see that the m axim um packet size is less than 1 5 0 0 bytes and m ore than 1 3 0 0 bytes In die ping com and, m “Ping— m q,” eans quiet output, only sum ary lines m at startup and com pletion. 12. N o w , try different values until you find the m axim um frame size. F or instance, ping w w w .c e rtifie d h a c k e r.c o m - f - l 1 4 7 3 replies w ith P a c k e t needs to be fra g m e n te d but DF s e t and ping w w w .c e rtifie d h a c k e r.c o m - f - l 1 4 7 2 replies w ith a su ccessfu l ping. I t indicates that 1472 bytes is the m axim um frame size o il tins machine netw ork Note: T h e m axim um frame size w ill d iffer depending upon on the netw ork Administrator: C:Windowssystem32cmd.exe I ‫ ־־‬I ‫ם‬ x 1 C:S)ping wow.cert i f iedhacker.com -f 1473 1‫־‬ Pin<jinc» www.certifiedhacker.com [202.75.54.1011 with 1473 bytes of data: Packet needs to be fragmented but D set. F Packet needs to be fragmented but D set. F Packet needs to be fragmented but D set. F Packet needs to be fragmented but D set. F Ping statistics for 202.75.54.101: Packets: Sent = 4, Received = 0, Lost = 4 <100/ loss). c a The router discards packets when TTL reaches 0(Zero) value. FIGURE 1.6: The pingcom andforw w m w .certifiedhacker.comwith—— f 11473 options Administrator: C:Windowssystem32cmd.exe 1-1=' » ' C:>'ping www.certifiedhacker.com -f -1 1472 [Pinging www.certifiedhacker.com [202.75.54.101] with 1472 bytes of data: Reply from 202.75.54.101: bytes=1472 time=359ms TTL=114 Reply from 202.75.54.101: bytes=1472 time=320ms TTL=114 Reply from 202.75.54.101: bytes=1472 time=282ms TTL=114 Reply from 202.75.54.101: bytes=1472 time=317ms TTL=114 Ping statistics for 202.75.54.101: Packets: Sent = 4, Received = 4, Lost = 0 <0X loss), Approximate round trip times in milli-seconds: Minim um = 282ms, M um = 359ms, Overage = 319m axim s FIGURE 1.7: Hie pingcom and forw w m w .certifiedhacker.comwith—— f 11472options ! The ping command, “Ping— m R,” eans record route. It turns on route recording for the Echo Request packets, and displays die route buffer on returned packets (ignored by m routers). any C E H Lab Manual Page 8 13. N o w , find out w hat happens w hen TTL (T im e to Live) expires. Ever}1 frame 011 the netw ork has T T L defined. I f T T L reaches 0, the router discards the packet. This mechanism prevents the loss of p a c k e ts 14. 111 the com m and prom pt, type ping w w w .c e rtifie d h a c k e r.c o m -i 3. T h e displayed response should be similar to the one shown follow ing figure, but w ith a different IP address 111 the Ethical Hacking and Countermeasures Copyright © by EC-Council All Rights Reserved. Reproduction is Stricdy Prohibited.
  • Module 0 2 - Footprinting and R e co n n a issa n ce Bl Administrator: C:Windowssystem32cmd.exe 1 C:>ping uuw.certifiedl1acker.com - i 3 Pinsrincf 17uu.certifiedhacker.com [202.75 .54.1011 uith 32 bytes of data: Reply from 183.82.14.17: TTL expired in transit. Reply from 183.82.14.17: TTL expired in transit. Reply from 183.82.14.17: TTL expired in transit. Reply from 183.82.14.17: TTL expired in transit. ■Ping statistics for 202.75.54.101: Packets: Sent = 4, Received = 4, Lost = 0 <0X loss). lc:> | <| 1 1 1 j p 1<‫רדו‬ FIGURE 1 : The pingcom and forvwwcfi-rifierlhacker.co w -i 3 options .8 m m ith 15. Reply from 1 8 3 .8 2 .1 4 .1 7 : T T L exp ired in tra n s it means that the router (183.82.14.17, stadents w ill have some other IP address) discarded the frame, because its T T L has expired (reached 0) T A S K 3 16. T he E m u late tra c e rt (traceroute) command, using ping - m anually, found the route from your PC to w w w .cert 1fiedhacker.com Em ulate T racert 17. T h e results you receive are different from those 111 tins lab. Y o u r results may also be different from those o f the person sitting next to you 18. 111 the com m and prom pt, type ping w w w .c e rtifie d h a c k e r.c o m -i 1 -n 1. (Use -11 1 in order to produce only one answer, instead o f receiving four answers on W indow s or pinging forever on Linux.) T h e displayed response should be similar to the one shown in the follow ing figure Administrator: C:Windowssystem32cmd.exe C:>ping www.certifiedhacker.com — 1 — 1 i n Pinging www.certifiedhacker.com [202.75.54.101] with 32 bytes of da Request timed out. ca In the ping com and, m the -i option represents tim to live TTL. e Ping sta tis tic s for 202.75.54.101: Packets: Sent = 1, Received = 0, Lost = 1 <100x 10ss>‫״‬ C:> FIGURE 1 : The pingcom and for ™‫ ׳!י‬reitified1acker.comwith—1— 1options .9 m l i n 19. 111 the com m and prom pt, type ping w w w .c e rtifie d h a c k e r.c o m -i 2 -n 1. T h e only difference between the previous ping com m and and tliis one is - i 2. T h e displayed response should be similar to the one shown 111 the C E H Lab Manual Page 9 follow ing figure Ethical Hacking and Countermeasures Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited.
  • Module 0 2 - Footprinting and R e co n n a issa n ce Adm inistrator: C:W indowssystem 32cm d.exe C:)ping www.certifiedhacker.com — 2 — 1 i n m 111 the ping command, Pinging www.certifiedhacker.com [202.75.54.101] with 32 bytes of da Request timed out. -t m eans to ping the specified host until stopped. Ping sta tis tic s for 202.75.54.101: Packets: Sent = 1, Received = 0, Lost = 1 <100X loss), C:> FIGURE 1.10: The pingcom and for w w m w .certifiedl1acke1.comwith-i 2— 1options n 20. 111 the com m and prom pt, type ping w w w .c e rtifie d h a c k e r.c o m -i 3 -n 1. Use -n 1 111 order to produce only one answer (instead o f four on W indow s or pinging forever on Linux). T h e displayed response should be similar to the one shown 111 the follow ing figure C:)ping www.certifiedhacker.con - i 3 -n 1 Pinging www.certifiedhacker.com [202.75.54.101] with 32 bytes of da Reply from 183.82.14.17: TTL expired in tra n s it. s In the ping com and, m the -v option m eans verbose output, which lists individual ICMP packets, a s well a echo responses. s Ping statistics for 202.75.54.101: Packets: Sent = 1, Received = 1, Lost = 0 <0X loss), C:> FIGURE 1.11: Hie pingcom and for w w m w .certifiedl1acker.comwith—3— 1o i n ptions 21. 111 the com m and prom pt, type ping w w w .c e rtifie d h a c k e r.c o m -i 4 -n 1. Use -n 1 111 order to produce only one answer (instead o f four on W indow s or pinging forever on Linux). T h e displayed response should be similar to the one shown G5J 111 the following figure Adm inistrator: C:W indowssystem 32cm d.exe H » l > ‫־‬ ' D:>ping www.certifiedhacker.com - i 4 -n 1 Pinging www.certifiedhacker.com [202.75.54.101] with 32 bytes of da Reply from 121.240.252.1: TTL expired in tra n s it. Ping statistics for 202.75.54.101: Packets: Sent = 1, Received = 1, Lost = 0 <0X loss). FIGURE 1.12: Hie pingcom and for w .certifiedhacker-comwith—4— 1o m ivw i n ptions £Q In the ping com and, m the —s e option m 1 12 eans to send the buffer size. 22. W e have received the answer from the same IP address 111 tw o d iffe re n t . . . . . . . steps. H u s one identities the packet rnter; some packet filters do not d e c re m e n t T T L and are therefore invisible C E H Lab Manual Page 10 Ethical Hacking and Countermeasures Copyright © by EC-Council All Rights Reserved. Reproduction is Stricdy Prohibited.
  • Module 0 2 - Footprinting and R e co n n a issa n ce m 111 the ping command, the -w option represents the tim eout in m illiseconds to wait for eachreply. 23. Repeat the above step until you reach th e IP address for w w w .c e rtifie d h a c k e r.c o m (111 this case, 2 0 2 .7 5 .5 4 .1 0 1 ) Administrator: C:Windowssystem32cmd.exe E M ' C:)ping www.certifiedhacker.com - i 10 -n 1 Pinging www.certifiedhacker.com [202.75.54.101] with 32 bytes of data: Reply from 120.29.216.21: TTL expired in transit. Ping statistics for 202.75.54.101: Packets: Sent = 1, Received = 1, Lost = 0 <0x loss), C:> FIGURE 1.13: The pingcom andfor w w m w .certifiedhacker.comwith—10— 1options i n 24. H ere the successful ping to reach w w w .c e rtifie d h a c k e r.c o m is 15 hops. T he output w ill be similar to the trace route results Administrator: C:Windowssystem32cmd.exe m Traceroute sends a sequence of Internet Control M essage Protocol (ICMP) echo request packets addressed to a destinationhost. :>p 1ng www.cert1f 1 edhacker.com -1 12 -n 1 inging www.certifiedhacker.com [202.75.54.1011 with 32 bytes equest timed out. ing statistics for 202.75.54.101: Packets: Sent = 1, Received = 0, Lost = 1 (100X loss), :S)ping www.certifiedhacker.com - i 13 -n 1 inging v4ww.certifiedhacker.com [202.75.54.1011 with 32 bytes eply from 1.9.244.26: TTL expired in transit. ing statistics for 202.75.54.101: Packets: Sent = 1, Received = 1, Lost = 0 <0x loss), :S)ping www.certifiedhacker.com — 14 — 1 i n inging Hww.nRrtif1Rrthacker.com [202.75.54.1011 with 32 bytes eply from 202.75.52.1: TTL expired in transit. ing statistics for 202.75.54.101: Packets: Sent = 1, Received = 1, Lost = 0 <0X loss), :>ping www.certifiedhacker.com - i 15 -n 1 inging www.certifiedhacker.com [202.75.54.1011 with 32 bytes eply from 202.75.54.101: bytes=32 time=267ms TTL=114 ing statistics for 202.75.54.101: Packets: Sent = 1, Received = 1, Lost = 0 <0X loss), pproximate round trip times in milli-seconds: Minim um = 267ms, M um = 267ms, Overage = 267m axim s of data of data of data of data FIGURE 1.14: Hie pingcom and for w w 1tifiedhacker.comwith—15— 1options m w .ce i n 25. N o w , make a note o f all die IP addresses from w hich you receive the reply during the ping to emulate tracert L a b A n a ly s is Docum ent all die IP addresses, reply request IP addresses, and their TJL'Ls. C E H Lab Manual Page 11 Ethical Hacking and Countermeasures Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited.
  • Module 0 2 - Footprinting and R e co n n a issa n ce T o o l /U t il it y In fo rm a tio n C o lle c te d /O b je c tiv e s A c h ie v e d I P A ddress: 202.75.54.101 P a c k e t Statistics: ■ P in g Packets Sent — 4 ■ Packets Received — 3 ■ Packets Lost — 1 ■ A pproxim ate Round T rip T im e — 360111s M a x im u m F ra m e Size: 1472 T T L R esponse: 15 hops P L E A S E TALK TO YOUR I NSTRUCTOR IF YOU HAVE QUESTIONS R EL A T E D TO THI S LAB. Q u e s t io n s 1. H o w does tracert (trace route) find the route that the trace packets are (probably) using? 2. Is there any other answer ping could give us (except those few w e saw before)? 3. W e saw before: ‫י‬ Request timed out ‫י‬ Packet needs to be fragmented but D F set ‫י‬ Reply from X X X . X X X .X X X . X X : T I L expired 111 transit W h a t IC M P type and code are used for the IC M P E cho request? 4. W h y does traceroute give different results on different networks (and sometimes on the same network)? In te r n e t C o n n e c tio n R e q u ire d 0 Y es □ No P la tfo rm S u p p o rted 0 C lassro o m C E H Lab Manual Page 12 D iLabs Ethical Hacking and Countermeasures Copyright © by EC-Council All Rights Reserved. Reproduction is Stricdy Prohibited.
  • Module 0 2 - Footprinting and R e co n n a issa n ce Footprinting a Target Network Using the nslookup Tool n slo o k u p is a n etw o rk a d m in istra tio n com m and-line to o l a v a ila b le fo r m an y co m p uter o p e ra tin g system sfo r q u e ryin g th e D o m a in N a m e System (D N S ) to o b ta in th e d o m ain nam e, th e IP ad d ress m ap p in g , o r a n y o th e r sp e cific D N S reco rd . L a b S c e n a r io [£ 7Valuable Z information 111 the previous lab, we gathered inform ation such as IP address. Ping S ta tis tic s . M axim um F ram e Size, and T T L Response using the ping utility. Test your know ledge_____ * Using the IP address found, an attacker can perform further hacks like port Web ex ercise located and dom ain name associated w ith the IP address. !322 Workbook review scanning, N etbios, etc. and can also tind country or region 111 w hich the IP is 111 the next step o f reconnaissance, you need to tind the DNS records. Suppose 111 a netw ork there are tw o dom ain name systems (D N S ) servers named A and B, hosting the same A c tiv e D ire c to ry -In te g ra ted zone. Using the nslookup tool an attacker can obtain the IP address o f the dom ain name allowing him or her to find the specific IP address o f the person he or she is hoping to attack. Though it is difficult to restrict other users to query w ith D N S server by using nslookup com m and because tins program w ill basically simulate the process that h ow other programs do the D N S name resolution, being a p enetration te s te r you should be able to prevent such attacks by going to the zone’s properties, on the Z on e T ra n s fe r tab, and selecting the option not to allow zone transfers. Tins w ill prevent an attacker from using the nslookup command to get a list o f your zone’s records, nslookup can provide you w ith a wealth o f D N S server diagnostic inform ation. L a b O b je c t iv e s The objective o f tins lab is to help students learn how to use the nslookup command. This lab will teach you how to: ■ C E H Lab Manual Page 13 Execute the nslookup command Ethical Hacking and Countermeasures Copyright © by EC-Council All Rights Reserved. Reproduction is Stricdy Prohibited.
  • Module 02 - Footprinting and Reconnaissance ■ F in d d ie I P a d d re s s o f a m a c h in e ■ C h a n g e th e s e rv e r y o u w a n t th e re s p o n s e fr o m ■ E l i c i t a n a u t h o r it a tiv e a n s w e r fr o m th e D N S s e rv e r ■ F in d n a m e s e rv e rs f o r a d o m a in ■ F in d C n a m e (C a n o n ic a l N a m e ) f o r a d o m a in ■ ■ & Tools dem onstrated in this lab are available in D:CEHToolsCEHv 8 Module 02 Footprinting and Reconnaissance F in d m a il s e rv e rs lo r a d o m a in Id e n t if y v a r io u s D N S re s o u r c e re c o rd s Lab Environment T o c a n y o u t th e la b , y o u n e e d : ■ A d m in is t r a tiv e p r iv ile g e s to r u n to o ls ■ TCP/IP s e ttin g s c o r r e c t ly c o n fig u r e d a n d a n a c c e s s ib le D N S s e rv e r ■ T in s la b w ill w o r k 111 th e C E H la b e n v ir o n m e n t - 011 Window s S erver 2 0 1 2 . W indow s 8 , W indow s S erver 2 0 0 8 . a n d W indow s 7 ■ I t th e nslookup com m and d o e s n ’t w o r k , re s ta rt th e com m and w in do w , a n d ty p e nslookup t o r th e in t e r a c t iv e m o d e . Lab Duration T im e : 5 M in u te s Overview of nslookup nslookup m e a n s nam e server lookup. T o e x e c u te q u e n e s , n s lo o k u p u se s d ie o p e ra tin g s y s te m ’s lo c a l o p e ra te s 111 Domain Nam e System (DNS) resolver library, n s lo o k u p interactive 01‫־‬ non-interactive m o d e . W h e n u s e d in te r a c tiv e ly b y in v o k in g it w id io u t a rg u m e n ts seco n d a rg u m e n t c o n fig u ra tio n s is 01‫־‬ w h e n d ie fir s t a rg u m e n t is - (m in u s sig n ) a n d d ie host nam e 0 1 ‫ ־‬re q u e sts 01‫־‬ IP address, th e w h e n p re s e n te d w ith th e u ser issu e s a rg u m e n ts a re g iv e n , th e n th e c o m m a n d q u e rie s to d e fa u lt s e rv e r. T h e sign) in v o k e s s u b c o m m a n d s w h ic h a re s p e c ifie d p re c e d e n s lo o k u p c o m m a n d s . nam e 01‫־‬ 111 p a ra m e te r nslookup prompt (> ). W h e n 011 110 - (minus c o m m a n d lin e a n d s h o u ld non-interactive mode. i.e . w h e n firs t a rg u m e n t is internet address o f th e h o s t b e in g s e a rc h e d , p a ra m e te rs a n d th e q u e ry a re s p e c ifie d as c o m m a n d lin e a rg u m e n ts 111 th e in v o c a tio n o f th e p ro g ra m . T h e 11011 - in te r a c tiv e m o d e se a rch e s th e in fo rm a tio n fo r s p e c ifie d h o s t u s in g d e fa u lt n a m e s e rv e r. W it h n s lo o k u p y o u w ill e id ie r re c e iv e a n o n - a u d io n ta tiv e o r a u th o rita tiv e a n s w e r. Y o u re c e iv e a non-authoritative answ er b e c a u s e , b y d e fa u lt, n s lo o k u p ask s y o u r n a m e s e rv e r to re c u rs e 111 o rd e r to re s o lv e y o u r q u e ry a n d b e c a u s e y o u r n a m e s e rv e r is n o t a n a u th o rity fo r th e n a m e y o u a re a s k in g it a b o u t. Y o u c a n g e t a n authoritative answ er b y q u e ry in g th e a u th o rita tiv e n a m e s e rv e r fo r d ie d o m a in y o u a re in te re s te d CEH Lab Manual Page 14 Ethical Hacking and Countemieasures Copyright © by EC-Comicil All Rights Reserved. Reproduction is Stricdy Prohibited.
  • Module 02 - Footprinting and Reconnaissance Lab Tasks 1. Lau nch S ta rt m e n u b y h o v e r in g th e m o u s e c u r s o r 111 th e lo w e r - le ft c o r n e r o f th e d e s k to p S TASK 1 Extract Information i j Windows Server 2012 fttn cM S w *2 1 ReleMQ d s e e 02 nxtditeO tm aiM • 1a a nc p fk v lu tio o y *W IP P R P G S * 5 ; ‫ן ל ל ן יט י‬ F I G U R E 2 .1 : W i n d o w s S e r v e r 2 0 1 2 — D e s k t o p v i e w 2. C lic k th e Com m and Prom pt a p p to o p e n th e c o m m a n d p r o m p t w in d o w F I G U R E 2 .2 : W i n d o w s S e r v e r 2 0 1 2 — A p p s ,____ 3. T h e g e n e ra l 111 th e c o m m a n d p r o m p t, ty p e 4. N o w , ty p e nslookup, a n d p re s s E nter c o m m a n d s y n t a x is n s l o o k u p [ - o p t io n ] [ n a m e | -] [ s e r v e r ] . CEH Lab Manual Page 15 help a n d p re s s Enter. T h e d is p la y e d re s p o n s e s h o u ld b e s im ila r to d ie o n e s h o w n 111 th e fo llo w in g fig u re Ethical Hacking and Countermeasures Copyright © by EC-Council All Rights Reserved. Reproduction is Stricdy Prohibited.
  • Module 02 - Footprinting and Reconnaissance ss Administrator: C:Windowssystem32cmd.exe - nslookup S C :)n s lo o k u p D e fa u lt S e rv e r: n s l.b e a m n e t. in A d dress: 2 0 2 .5 3 .8 .8 .S ' T y p in g " h e lp " o r " ? " a t th e c o m m a n d p ro m p t g e n e r a t e s a lis t o f a v a ila b le com m and s. > h e lp Commands: ( i d e n t i f i e r s a re shown in u p p e rc a s e , LJ means o p t i o n a l ) NAME - p r i n t in fo about th e hos t/d o m ain NAME u s in g d e f a u lt s e r v e r NAME1 NAME2 - as abo ve, but use NAME2 as s e r v e r h e lp o r ? ‫ ־‬p r i n t in fo on common commands s e t OPTION - s e t an o p tio n a ll - p r i n t o p tio n s * c u r r e n t s e r v e r and host [no]debug - p r i n t debugging in fo rm a tio n [n o ld 2 ‫ ־‬p r i n t e x h a u s tiv e debugging in fo rm a tio n [n o Id e f name - append domain name to each query [n o !re c u rs e - ask f o r r e c u r s iv e answer to qu e ry [n o !s e a rc h - use domain sea rc h l i s t [no Ivc - alw ays use a v i r t u a l c i r c u i t domain =NAME - s e t d e f a u lt domain name to NAME s r c h l i s t = N 1 [ / N 2 / . . . / N 6 1 - s e t domain to N1 and s ea rc h l i s t to N 1 ,N 2, e t c . ro o t =NAME - s e t ro o t s e r v e r to NAME re try = X - s e t number o f r e t r i e s to X t imeout=X ‫ ־־‬s e t i n i t i a l tim e -o u t i n t e r v a l to X seconds - s e t q u e ry typ e ( e x . A,AAAA,A*AAAA,ANY,CNAME,MX,NS,PTR, ty p e =X S0A,SRU) q u e ry ty p e =X - same as type c la s s ‫־‬X — s e t q u e ry c la s s <ex . IN ( I n t e r n e t ) , ANY) - use MS f a s t zone t r a n s f e r [no]m sxf r - c u r r e n t v e rs io n to use in IXFR t r a n s f e r re q u e s t ix fr v e r = X s e r v e r NAME - s e t d e f a u l t s e r v e r to NAME, u s in g c u r r e n t d e f a u l t s e r v e r ls e r w e r NAME - s e t d e f a u lt s e r v e r to NAME, u s in g i n i t i a l s e r v e r ro o t - s e t c u r r e n t d e f a u l t s e r v e r to th e r o o t Is [ o p t ] DOMAIN [> F IL E ] - l i s t addresses in DOMAIN ( o p t io n a l: o u tp u t to F IL E ) -a ‫־‬ l i s t c a n o n ic a l names and a lia s e s -d — l i s t a l l rec o rd s - t TYPE l i s t re c o rd s o f th e g iven RFC re c o rd ty p e ( e x . A,CNAME,MX,NS, PTR e t c .> view FILE - s o r t an ' I s ' o u tp u t f i l e and view i t w ith pg - e x i t th e program e x it > F I G U R E 2 .3 : T h e n s l o o k u p c o m m a n d w i t h h e lp o p t i o n 5. 111 th e n s lo o k u p 6. N o w , ty p e interactive m o d e , ty p e “set type=a” a n d p re s s Enter w w w .certifiedhacker.com a n d p re ss Enter. T h e d is p la y e d re s p o n s e s h o u ld b e s im ila r to d ie o n e s h o w n 111 d ie fo llo w in g fig u re Note: T h e D N S s e rv e r A d d re s s (2 0 2 .5 3 .8 .8 ) w ill b e d iffe r e n t fro m d ie o n e s h o w n 111 d ie s c re e n s h o t F I G U R E 2 .4 : h i n s l o o k u p c o m m a n d , s e t t y p e = a o p t i o n Use Elicit Authoritative 7. Y o u get but 111 Authoritative o r Non-authoritative answer. T h e a n s w e r v a n e s , d iis la b , it is Non-authoritative answ er 8. L i n s lo o k u p in te r a c tiv e m o d e , ty p e 9. N o w , ty p e set type=cnam e a n d p re s s Enter certifiedhacker.com a n d p re s s Enter Note: T h e D N S s e rv e r a d d re ss (8 .8 .8 .8) w ill b e d iffe r e n t d ia n d ie o n e 111 s c re e n s h o t 10. T h e d is p la y e d re s p o n s e s h o u ld b e s im ila r to d ie o n e s h o w n as fo llo w s : > CEH Lab Manual Page 16 s e t ty p e = c n a m e Ethical Hacking and Countermeasures Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited.
  • Module 02 - Footprinting and Reconnaissance > c e r t if ie d h a c k e r .c o m S e r v e r: g o o g le - p u b lic - d n s - a . g o o g le . co m A d d re s s : r Q TASK 8 . 8.8. 8 Administrator: C:Windowssystem32cmd.exe ‫ ־‬ns... ­ ‫ם‬ x 3 Find Cname ‫> : נ‬ n s lo o k u p ) e f a u l t S e r v e r : I d d r e s s : g o o g l e - p u b l i c - d n s - a . g o o g l e . c o n 8 . 8 . 8 . 8 > s e t t y p e = c n a n e > c e r t i f i e d J e r u e r : I d d r e s s : : e r t i f h a c k e r . c o n g o o g l e - p u b l i c ‫ ־‬d n s ‫ ־‬a . g o o g le . c o n 8 . 8 . 8 . 8 i e d h a c k e r p r i n a r y . c o n n a n e r e s p o n s i b l e s e r i a l = s e r u e r n a i l = n s 0 . n a d d r = a d o y e a r l y f e e s . c o n n i n . n o y e a r l y f e e s . c o n 3 5 r e f r e s h = 9 0 0 (1 5 n in s > r e = 6 0 0 ( 1 0 n e x p i r e = 8 6 4 0 0 d T T L t r y e f a u l t = ( 1 3 6 0 0 i n s ) d a y ) ( 1 h o u r > II I F I G U R E 2.5:111 iis l o o k u p c o m m a n d , s e t t y p e = c n a m e o p t i o n 11. 111 iis lo o k u p in te r a c tiv e m o d e , ty p e server 64.147.99.90 (o r a n y o th e r I P a d d re ss y o u re c e iv e in th e p re v io u s ste p ) a n d p re s s 12. N o w , ty p e 13. T y p e Enter. set type=a a n d p re s s Enter. w w w .certifiedhacker.com a n d p re s s Enter. T h e d is p la y e d re s p o n s e s h o u ld b e s im ila r to th e o n e s h o w n 111 d ie fo llo w in g fig u re . [SB Administrator: C:Windowssystem32cmd.exe - ns.‫ ״‬L^. 1 1 1 n s lo o k u p c o m m a n d , r o o t o p tio n m e a n s to set th e c u rre n t d e fa u lt s e r v e r t o th e r o o t. F I G U R E 2.6:111 n s l o o k u p c o m m a n d , s e t t y p e = a o p t i o n 14. I I y o u re c e iv e a request tim ed out m e ssa g e , as s h o w n in th e p re v io u s fig u re , d ie n y o u r fir e w a ll is p re v e n tin g y o u fro m s e n d in g D N S q u e rie s o u ts id e y o u r L A N . CEH Lab Manual Page 17 Ethical Hacking and Countermeasures Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited.
  • Module 02 - Footprinting and Reconnaissance 15. 111 n s lo o k u p in te r a c tiv e m o d e , ty p e 16. N o w , ty p e set type=m x a n d p re s s Enter. certifiedhacker.com a n d p re s s Enter. T h e d is p la y e d re s p o n s e s h o u ld b e s im ila r to th e o n e s h o w n 111 d ie fo llo w in g fig u re . ‫ '׳‬T o m a k e q u e iy t y p e o f N S a d e fa u lt o p t io n f o r y o u r n s lo o k u p c o m m a n d s , p la c e o n e o f th e f o llo w in g sta te m e n ts in th e u s e r _ id .N S L O O K U P .E N V d a t a s e t: s e t q u e r y t y p e = n s o r q u e ry ty p e = n s . F I G U R E 2 .7 : I n n s l o o k u p c o m m a n d , s e t t y p e = m x o p t i o n Lab Analysis D o c u m e n t a ll d ie I P a d d re ss e s, D N S s e rv e r n a m e s , a n d o d ie r D N S in fo rm a tio n . T o o l/ U t ilit y In f o r m a t io n C o lle c t e d / O b je c t iv e s A c h ie v e d D N S S e r v e r N a m e : 2 0 2 .5 3 .8 .8 N o n - A u t h o r it a t iv e A n s w e r : 2 0 2 .7 5 .5 4 .1 0 1 C N A M E ( C a n o n ic a l N a m e o f a n a lia s ) n s lo o k u p ■ A lia s : c e r t 1 fie d h a c k e r .c o m ■ C a n o n ic a l n a m e : g o o g le - p u b l 1 c- d 11s - a .g o o g le .c o m M X P LE A S E TA LK TO ( M a i l E x c h a n g e r ) : m a 1 1 .c e rt1 fie d h a c k e r.c o m Y O U R IN S T R U C T O R IF Y O U R E L A T E D TO T H IS LAB. H A V E Q U E S T IO N S Questions 1. A n a ly z e a n d d e te rm in e e a c h o t th e t o llo w in g D N S re s o u r c e re c o rd s : ■ CEH Lab Manual Page 18 SO A Ethical Hacking and Countermeasures Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited.
  • Module 02 - Footprinting and Reconnaissance ■ ■ A ■ PT R ■ C N A M E ■ M X ■ 2. N S SR Y E v a lu a t e th e d iffe r e n c e b e tw e e n a n a u t h o r it a tiv e a n d n o n - a u d io r ita tiv e a n s w e r. 3. D e te r m in e w h e n y o u w ill r e c e iv e re q u e s t tim e o u t in n s lo o k u p . In t e r n e t C o n n e c t io n R e q u ir e d 0 Yes P la t f o r m 0 CEH Lab Manual Page 19 □ N o S u p p o rte d C la s s r o o m □ !L a b s Ethical Hacking and Countermeasures Copyright © by EC-Comicil All Rights Reserved. Reproduction is Stricdy Prohibited.
  • Module 02 - Footprinting and Reconnaissance People Search Using th e AnyWho Online Tool A _n y W h o is an o n lin e w h ite p ag es p eo p le search d ire c to ry fo r q u ic k ly lo o k in g u p in d iv id u a lp h o n e num bers. Lab Scenario Valuable m fonnatioti______ Test your knowledge *d W eb exercise m W orkbook review Y o u h a v e a lre a d y le a rn e d d ia t d ie burst stag e m u c h in fo r m a tio n as p o s s ib le . re la te d to 111 111 p e n e tra tio n te s tin g is to g a th e r as th e p re v io u s la b , y o u w e re a b le to tin d in fo rm a tio n DNS records u s in g th e n s lo o k u p to o l. I f a n a tta c k e r d is c o v e rs a fla w D N S s e rv e r, h e o r sh e w ill e x p lo it th e fla w to p e rfo rm 111 a a c a c h e p o is o n in g a tta c k , m a k in g d ie s e rv e r c a c h e th e in c o r r e c t e n trie s lo c a lly a n d s e rv e th e m to o th e r u se rs th a t m a k e th e sa m e re q u e st. A s a p e n e tra tio n te ste r, y o u m u s t a lw a y s b e c a u tio u s a n d ta k e p re v e n tiv e m e a su re s a g a in s t a tta ck s ta rg e te d a t a n a m e s e rv e r b y securely configuring nam e servers to re d u c e th e a tta c k e r's a b ility to c o r m p t a z o n e file w id i th e a m p lific a tio n re c o rd . T o b e g in a p e n e tra tio n te st it is a ls o im p o rta n t to g a th e r in fo rm a tio n a b o u t a user location to in tru d e in to th e u s e r’s o rg a n iz a tio n s u c c e s s fu lly . 111 tin s p a rtic u la r la b , w e w ill le a rn h o w to lo c a te a c lie n t o r u s e r lo c a tio n u s in g d ie AnyWho o n lin e to o l. Lab Objectives T h e o b je c tiv e o f d u s la b is to d e m o n s tra te th e fo o tp rin tin g te c h n iq u e to c o lle c t confidential information o n a n o rg a n iz a tio n , s u c h as then: key personnel a n d th e ir contact details, u s in g p e o p le s e a rc h s e rv ic e s . S tu d e n ts n e e d to p e rfo rm p e o p le H Tools dem onstrated in this lab are available in D:CEHToolsCEHv 8 Module 02 Footprinting and Reconnaissance CEH Lab Manual Page 20 s e a rc h a n d p h o n e n u m b e r lo o k u p u s in g h ttp : / /w w w .a n y w h o .c o m . Lab Environment 111 th e la b , y o u n e e d : ■ A w e b b ro w s e r w ith a n In te r n e t c o n n e c tio n ■ A d m in is tra tiv e p riv ile g e s to ru n to o ls ■ T in s la b w ill w o r k 111 th e C E H la b e n v ir o n m e n t - o n W indow s S erver 2 0 1 2 . W indow s 8 , W indow s S erver 2 0 0 8 . a n d W indow s 7 Ethical Hacking and Countenneasures Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited.
  • Module 02 - Footprinting and Reconnaissance Lab Duration T u n e : 5 ] lu iu te s Overview of AnyWho A n y W h o is a p a rt o t d ie ATTi fam ily o t b ra n d s , w liic h m o s tly to c u s e s o n lo c a l se a rch e s t o r p ro d u c ts a n d s e rv ic e s . T lie site lis ts in fo rm a tio n fro m th e (F u id a P e r s o n / R e v e r s e L o o k u p ) a n d th e W hite Pages Y ellow Pages (F in d a B u s in e s s ). Lab Tasks 1. Lau nch S ta rt m e n u b y h o v e r in g th e m o u s e c u r s o r o il th e lo w e r- le ft c o r n e r o f th e d e s k to p m A n y W h o a llo w y o u to s e a r c h f o r l o c a l b u s in e s s e s b y n a m e to q u ic k ly fin d t h e i r Y e l l o w P a g e s l i s t in g s w i t h b a s ic d e ta ils a n d m a p s , ■8 W in d o w s Se rver 2012 p lu s a n y a d d it io n a l t im e a n d m o n e y - s a v in g fe a tu re s , Window* Serve! 2 12 Rele< Candidate Server 0 ae fviluaiioft copy R tld u s u c h as c o u p o n s , v id e o ■ KIWI p r o f ile s o r o n lin e r e s e r v a t io n s . F I G U R E 3 .1 : W i n d o w s S e r v e r 2 0 1 2 — D e s k t o p v i e w 2. C lic k th e Google Chrom e a p p to la u n c h th e C h r o m e b r o w s e r 01‫־‬ la u n c h a n y o th e r b r o w s e r F I G U R E 3 .2 : W i n d o w s S e r v e r 2 0 1 2 — A p p s TASK 1 People Search w ith AnyWho CEH Lab Manual Page 21 3. L i d ie b ro w s e r, ty p e http://w ww .anywho.com . a n d p re s s Enter 011 d ie k e y b o a rd Ethical Hacking and Countermeasures Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited.
  • Module 02 - Footprinting and Reconnaissance 4 * C ‫♦ ־‬ (ww»anyA»o;orj A nyW ho 9 < .fc‫ ־‬S LO K P k <= O U u a A n y W h o is p a r t o f t h e White Pages | Find People By Name A T T i fa m ily o f b r a n d s , Find a Person Fad Pcoote ■ Ou‫ ־‬Wfrte Fages Directory a w h ic h fo c u s e s o n lo c a l V» yw u k M ) fa sn1Mfnux Tryn ro*»rfyw ad*«s»? i r ff g 01 ■ A yxi s» 1‫ י׳‬irtfm c 10 1w 6« 11 *‫ י0נ‬rc n s? wx fcar # r* 1m f co d VirWw ertntM a**♦cnliie *tie swe1 d r/ *h yoi i iceto «re car lad meto b tte* n»n* jdoeti wy uc4n to1 v o s e a rc h p ro d u c ts a n d cyr p eoa s e rv ic e s . ®!• ] *E ‫אז־‬A r‫׳‬y1Y»own«Pap 11 u M4■ * t <t px »t :X # m y m r < m %0»n(M*dt ton Kirntt*• ranon ro‫ ׳‬t«5 rtm n *» tar tre*« vd «« ru ♦tr *a‫׳‬cr*1gir cw m tn Br N m I By Awkm 1 By Ph4 « M im> n in**‫״‬ • V#«lati 1»rta * co iro rc d Ihi till In! n > n n lu • i m d mat« c / l•10iwcwy u • itti d• tfy tia o‫ ׳‬M ‫ י‬If*• !»<<ro « • »• (•g rM yJm i F I G U R E 3 .3 : A n y W h o - H o m e P a g e h t t p : / / w w w . a n y w h o . c o m 4. In p u t d ie n a m e o f d ie p e rs o n y o u w a n t to s e a rc h fo r in d ie s e c tio n a n d c lic k W Page?|Peo leFin: hite p < ‫־‬ c a C Find a Person Find it™ ^ © ww wjnywho.com In c lu d e b o th th e firs t AnyWho a n d la s t n a m e w h e n FtnoirvPcopfe FaecestnoBjsnesscs s e a rc h in g th e A n y W h o f t W h ite Pag es. X WHITE PAGES B s YELLOW PACES OREVERSE LOOKUP I AREA/ZIP CODE LOOKUP © UAPS W h it e P a g e s | Fin d P e o p le B y N am e ^ Find a Person Tind People in Our White Pages Directory Rose City or ZIP By Mama Are you starching for an old friend? Trying to verify an address? Oi maybe you see an unfamiliar phone number in your records? AnyWho provides a Tree online while pages directory where you can find people by their name, address or you can do a reverse lookjp by phone number | Christian 1 State [vl The AnyWho White Pages is updated weekly with phone numbers of irdr/duals from across the nation For best results, include both the first and last name when searching the AnyWho White Pages a d if you have it. the ZIP Code n. By Address I By Phone Number Personal identifying inform ation available on AnyW ho is n:t cro * Je J : ‫ י‬AT&T and is provided sol elf by an • uraflated find party. Intelm Inc Full Disclaimer 3. F I G U R E 3 .4 : A n y W h o — N a m e S e a r c h 5. A n y W h o re d ire c ts y o u to search results w ith d ie n a m e y o u h a v e e n te re d . T h e n u m b e r o f re s u lts m ig h t v a n ‫־‬ Find a Person by Name . Byi!•** ..ByAdd iv ii Rose Chnstian 1 1 1c« o cvUtJIiy nteluv.com D htcM lnw 1 10 Listings Found for Rose Christian R ose A Christian m Y e l l o w P a g e s l is t in g s (s e a rc h e s b y c a te g o ry o r » a m to Accreea 899( ” uape &Dnvng Drocncrs By Phone Numbvf City or 7IP Cnflc 't n t 'O ■ 1501 Tind m o ie infoimatlon ftom Intollus M ore information for R ose A Christian ‫ •י‬Email and Otner Phone Lookup ‫ יי‬Get Detailed Background information • Get Pucnc Records ‫״‬ ‫ ״‬view Property & Area Information * view Social Network Pr&rilo • n a m e ) a re o b ta in e d f r o m Y P .C O M a n d a re u p d a te d R ose B Christian • M M I C m m + 0* O M W o n a r e g u l a r b a s is . » Add toAddress B99k » Wacs &Drtvhg DJ‫־‬ectione Rose C Christian M ore information for R ose B Christian » Email anc other Phone Lookup * Getoetaiso Backflround information > * Get Public Records * view Praocitv &Area Information ‫•י‬View Social Network Profile » A4 (o/.Mim B 9 ‫ ״‬Mp 4D gD c n 0 9 k > a s rivh ire tio & M ore Information for Rose C Christian ‫ יי‬Email 300 otner Phone lookup “ Get Dttilac Background Information » G•! Pjtl'C RtCOtdS * Wew Property & A/ea Information ‫״‬ * view Social Netarork Profile * Ro*• E Christian M ore information tor Ro•• E Christian •W •*% 9t t t m m ‫ י״‬MM mm F I G U R E 3 .5 : A n y W h o P e o p l e S e a r c h R e s u lt s CEH Lab Manual Page 22 Ethical Hacking and Countermeasures Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited.
  • Module 02 - Footprinting and Reconnaissance task 2 6. C lic k d ie search results to see d ie a d d re ss d e ta ils a n d p h o n e n u m b e r o f d ia t p e rs o n View ing Person Information Rose A Christian Southfield PI, 0-f -SH ' 6 Add to Address Book | Print !re, MD 21212 A re you R o se A Christian? » Rem ove Listing Information provided solely by Intelius Get Directions □ Enter Address ‫ש‬ m Southfield PI. T h e s e a rc h r e s u lts 3 •‫־‬re. MD 21212 C e t D ir e c t io n s >R e v e rse D irections d is p la y a d d re s s , p h o n e n u m b e r a n d d ir e c t io n s fo r t h e lo c a t io n . Gul f of O 'J J t t Z 'jr / jn d u i -j 'jj l‫/׳.>! ׳‬r-O j F I G U R E 3 .6 : A n y W h o - D e t a i l S e a r c h R e s u l t o f R o s e A C h r is t ia n 7. S in u la d y , p e rfo rm a re v e rs e s e a rc h b y g iv in g p h o n e n u m b e r o r a d d re ss d ie y = l T h e R everse P h o n e 111 Reverse Lookup h e ld C 0 w /w w .anyvrtx> m •everse-lookup .co ‫׳‬ L o o k u p s e r v ic e a llo w s v is it o r s t o e n t e r in a p h o n e AnyW ho n u m b e r a n d im m e d ia t e ly W ta A flO O rcc-f. Pitert m35■ ‫>»«»׳‬ v* l o o k u p w h o i t is r e g i s t e r e d JL to . □ • Kk«‫׳‬fcKSt LOOKUP kVHIfE PACES R everse Lookup | Find People By Phone Number Reverse Lookup AnyWho's Reverse Phone LooKup service allows visitors to enter *‫ »ימא*ן ג י‬num and im ediately lookupw it is registered ber m ho to. Perhaps you mssed an incom phone call and want to ing knoww * is before you call back. Type the phone num in ho ber to the search box andwell performa white pages reverse lookup search ‫ פז‬fni out exactly who it is registered to If we ha*® a m atch far the pnone num well show you the registrant's first ber and last nam and maim address If you w to do reverse e, g ant phone lookupfo a business phone num then check out r ber Rwrse Lookup at YP.com. |<>» r| 0s « x e » 8185551212. (81 55-1 8)6 212 HP Cell phone num bers are no ew t ailable Personal iiJ6nnr.inc inform ationavailable onA ho nyW is n« pwaed b A and is p y T&T rovided solerf b a y n i^affiatedthirdp inteliu Inc Full Di$daim arly s. er A«bWJPC006 LO K P OU n F I G U R E 3 .7: A n y W h o R e v e r s e L o o k u p P a g e CEH Lab Manual Page 23 Ethical Hacking and Countermeasures Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited.
  • Module 02 - Footprinting and Reconnaissance R e v e r s e lo o k u p w ill re d ire c t y o u to d ie s e a rc h re s u lt p a g e w id i d ie d e ta ile d in fo rm a tio n o f d ie p e rs o n fo r p a rtic u la r p h o n e n u m b e r n yp.com > ^ - 01‫ ־‬em a il a d d re ss C O a n y w h o yp .ye llo w p a g e s .c o m / re v e rs e p h o n e lo o k u p ?fro m = a n y w h o _c o b ra & Rose A Christian ‫ ־‬Southfield PI, - - lore. MD 21212 Are you Rose A Christian7 » Remove Listing » U n p u b lis h e d Get Directions d ir e c to r y re c o r d s a re n o t d is p la y e d . I f y o u w a n t y o u r □ Enter Address r e s id e n t ia l lis t in g r e m o v e d , y o u h a v e a c o u p le o f ■Southfield PI. • *K>re, MD 21212 — o p tio n s : T o h a v e y o u r lis t in g •Reverse Directions u n p u b lis h e d , c o n t a c t y o u r lo c a l te le p h o n e c o m p a n y . T o h a v e y o u r lis t in g C h in q u a p in Pa r k ‫ ־‬B elvedere La k e Ev e s h a m re m o v e d fro m A n y W h o w it h o u t o b t a in in g a n Go va n sto w n u n p u b lis h e d te le p h o n e W Northern Pkwy t N° ' Ro se b a n k n u m b e r , f o llo w th e in s tr u c t io n s p r o v id e d in M i d -G o v a n s Dnwci A n y W h o L is tin g R e m o v a l t o s u b m i t y o u r lis t in g f o r ' /H / e W ooi P '‫ *׳‬C a m e ro n V illa g e W yndhu rst r e m o v a l. Chinqu4p Pork K e n il w o r t h P ark Ro l a n d Park W in s t o n -G o v a n s F I G U R E 3 .8 : A n y W h o - R e *e 1 s e L o o k u p S e a r c h R e s u l t Lab Analysis A n a ly z e a n d d o c u m e n t a ll th e re s u lts d is c o v e re d T o o l/ U t ilit y 111 d ie la b e x e rcise . In f o r m a t io n C o lle c t e d / O b je c t iv e s A c h ie v e d W h it e P a g e s ( F i n d p e o p le b y n a m e ) : E x a c t lo c a tio n o f a p e rs o n w it h a d d re s s a n d p h o n e n u m b e r A nyW ho G e t D ir e c t io n s : P r e c is e r o u te to th e a d d re s s fo u n d t o r a p e rs o n R e v e r s e L o o k u p ( F i n d p e o p le b y p h o n e n u m b e r ): E x a c t lo c a tio n o f a p e rs o n w it h c o m p le te a d d re s s CEH Lab Manual Page 24 Ethical Hacking and Countermeasures Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited.
  • Module 02 - Footprinting and Reconnaissance PLE A SE TA LK TO Y O U R IN S T R U C T O R IF Y O U R E L A T E D TO T H IS LAB. H A V E Q U E ST IO N S Questions 1. C a n v o u c o lle c t a ll th e c o n ta c t d e ta ils o f th e k e y p e o p le o f a n y o rg a n iz a tio n ? 2. C a n y o u re m o v e y o u r re s id e n tia l lis tin g ? I t v e s , h o w ? 3. I t y o u h a v e a n u n p u b lis h e d lis tin g , w h y d o e s y o u r in fo rm a tio n s h o w u p 111 A nyW ho? 4. C a n y o u tin d a p e rs o n 111 A n y W h o th a t y o u k n o w h as b e e n a t th e sa m e lo c a tio n fo r a y e a r o r le s s ? I f y e s , h o w ? 5. H o w c a n a lis tin g b e re m o v e d fro m A n y W h o ? In t e r n e t C o n n e c t io n R e q u ir e d 0 Yes P la t f o r m 0 CEH Lab Manual Page 25 □ N< S u p p o rte d C la s s r o o m □ !L a b s Ethical Hacking and Countermeasures Copyright © by EC-Council All Rights Reserved. Reproduction is Stricdy Prohibited.
  • Module 02 - Footprinting and Reconnaissance People Search Using the Spokeo Online Tool Sp o keo is a n o n lin e p eo p le search to o lp ro v id in g re a l- tim e in fo rm a tio n ab o u tp eo p le. T h is to o l h e lp s n ith o n lin e fo o tp rin tin g a n d a llo w s y o n to d isco ve r d e ta ils a b o u t p eo p le. ICON KEY (^ 7 Valuable information Test your knowledge — W eb exercise Lab Scenario F o r a p e n e tra tio n te ste r, it is a lw a y s a d v is a b le to c o lle c t a ll p o s s ib le in fo rm a tio n a b o u t a c lie n t b e fo re b e g in n in g th e test. c o lle c tin g p e o p le in fo rm a tio n u s in g th e 111 th e p re v io u s la b , w e le a rn e d a b o u t AnyWho o n lin e to o l; s im ila rly , th e re a re m a n y to o ls a v a ila b le th a t c a n b e u se d to g a th e r in fo rm a tio n o n p e o p le , e m p lo y e e s , a n d o rg a n iz a tio n s to c o n d u c t a p e n e tra tio n test. 111 tin s la b , y o u w ill le a rn to u se th e Spokeo o n lin e to o l to c o lle c t confidential information o f k e y p e rs o n s m W orkbook review 111 an o rg a n iz a tio n . Lab Objectives T h e o b je c tiv e o t tin s la b is to d e m o n s tra te th e fo o tp rin tin g te c ln n q u e s to c o lle c t people information u sm g p e o p le s e a rc h s e rv ic e s . S tu d e n ts n e e d to p e rfo rm a p e o p le s e a rc h u sm g h tt p :/ / w w w .s p o k e o .c o m . Lab Environment 111 & Tools dem onstrated in this lab are available in D:CEHToolsCEHv 8 Module 02 Footprinting and Reconnaissance th e la b , y o u n e e d : ■ A w e b b ro w s e r w ith a n In te r n e t c o im e c tio n ■ A d m in is tr a tiv e p riv ile g e s to ru n to o ls ■ T in s la b w ill w o r k 111 th e C E H la b e n v ir o n m e n t - o n W indow s S erver 2 0 1 2 . W indow s 8 , W indow s S erver 2 0 0 8 , a n d W indow s 7 Lab Duration T n n e : 5 M in u te s CEH Lab Manual Page 26 Ethical Hacking and Countermeasures Copyright © by EC-Council All Rights Reserved. Reproduction is Stricdy Prohibited.
  • Module 02 - Footprinting and Reconnaissance Overview of Spokeo S p o k e o a g g re g ates v a s t q u a n titie s o f p u b lic d a ta a n d o rg a n iz e s d ie in fo rm a tio n in to e a s y - to - fo llo w p ro file s . In fo r m a t io n su c h as n a m e , e m a il a d d re ss , p h o n e n u m b e r, a d d re ss , a n d u s e r n a m e c a n b e e a s ily fo u n d u s in g th is to o l. __________ Lab Tasks ~ task 1 1. People Search Spokeo S ta rt m e n u b y h o v e r in g th e m o u s e c u r s o r L a u n c h th e 111 th e lo w e r - le ft c o r n e r o f th e d e s k to p : 8 W in d o w s Server 2012 w w i 1P"L W' W W d w Se e 2 1 R ieC d ateC in o s rv r 0 2 eled an id aiacealn __________________________________________ E lu tio c p .BuW84a va a n o y 1 D H F I G U R E 4 .1 : W i n d o w s S e r v e r 2 0 1 2 — D e s k t o p v i e w 2. C lic k th e Google Chrom e a p p to la u n c h th e C h r o m e b ro w s e r Start Mwugor m Fa S p o k e o 's p e o p l e s e a rc h a llo w s y o u t o fin d Computer o ld f r ie n d s , r e u n it e w i t h Q c la s s m a t e s , t e a m m a t e s a n d A d m inistrator Windows IW r tto ll Adm inistr... Tools Mannar Hyppf-V Virtjal Command Prompt ‫יי‬ *‫־‬ Tad( Marager ^ rn * m ilit a r y b u d d ie s , o r f i n d lo s t a n d d is t a n t fa m ily . Earth V 1“ ‫״‬ ______ ^‫־־‬ © Adobe Reader x ‫' ״‘ 1 , ™ ״‬ ‫י‬ Gcoglc chrome T • F I G U R E 4 .2 : W i n d o w s S e r v e r 2 0 1 2 - A p p s 3. O p e n a w e b b ro w s e r, ty p e http://w ww .spokeo.com , a n d p re s s Enter o n d ie k e y b o a rd CEH Lab Manual Page 27 Ethical Hacking and Countermeasures Copyright © by EC-Council All Rights Reserved. Reproduction is Stricdy Prohibited.
  • Module 02 - Footprinting and Reconnaissance 4‫־‬ C 'iw vlw iw iecccrr sp ck e o N*m e tm *1 Ho n *• itvmna AMn> [ m A p a rt fro m N a m e Not your grandma's phone book s e a rc h , S p o k e o s u p p o rts f o u r ty p e s o f s e a rc h e s : • E m a il A d d re ss • Phone N um ber Qi • U se rn am e • R e s id e n tia l A d d r e s s F I G U R E 4 .3 : S p o k e o h o m e p a g e h t t p : / A f w v p . s p o k e o . c o m 4. T o b e g in d ie s e a rch , in p u t d ie n a m e o f d ie p e rs o n y o u w a n t to se a rc h fo r d ie O M w »<• ** ‫ד‬ ■ ‫»־‬ G 111 Nam e fie ld a n d c lic k Search "‫יי‬ ‫־.!*׳**?״‬ vw uw w k'OCC/n sp ck e o Emal Pnw* Uwrww M tn i R o m Chriatan Not your grandma's phone book c> • ‫ ״‬v m F I G U R E 4 .4 : S p o k e o — N a m e S e a r c h 5. m S p o k e o re d ire c ts y o u to search results w id i d ie n a m e y o u h a v e e n te re d S p o k e o 's e m a i l s e a r c h s c a n s t h r o u g h 9 0 + s o c ia l n e t w o r k s a n d p u b lic s o u r c e s t o f i n d d i e o w n e r 's n a m e , p h o t o s , a n d p u b lic p r o file s . F I G U R E 4 .5 : S p o k e o P e o p l e S e a r c h R e s u lt s CEH Lab Manual Page 28 Ethical Hacking and Countermeasures Copyright © by EC-Council All Rights Reserved. Reproduction is Stricdy Prohibited.
  • Module 02 - Footprinting and Reconnaissance F I G U R E 4 .6 : S p o k e o P e o p l e S e a r c h R e s u lt s m P u b lic p r o f ile s fr o m s o c ia l n e t w o r k s a re a g g re g a te d in S p o k e o a n d m a n y p la c e s , in c lu d in g s e a r c h e n g in e s . F I G U R E 4 .7 : S p o k e o P e o p l e S e a r c h R e s u lt s 8. S e a rc h re s u lts d is p la y in g d ie and < ‫־‬ c C »TW A.»po«o<e*n **rcKc- Rove s p e k e o 1 is Address. Phone Number, Email Address. City State, e tc. 0»Contantt on&»7-t30#Alaba‫׳‬rfl;3 7 3 1 3 &3G91 * SJ Rom ChiMlan Pntar a C*y 4 ------ ( M■ , 1 a 1 s j Rose Christian di v •rant Oeuas » © SL C onW ei — Bunptc• I it ‫ ־‬Location Nttory • S«o Available K ccultc See taaSy Ir•• gyahoo.co‫״‬ M ISuus mk So* AvM lahl* U M mii ■ UM^orH-). Al J611J 1 Soo Available K cculfc T (M a yfim e * ttnyttimnmtH• •artnt‫׳‬e 1 • Fara*1 &*ch«rcu1‫־‬ • :J Location Histor. 1 • onetM & J osji Pre*la* ‫׳‬ I 0 ;'^ U iovnan. *L 1 1 7 1 iM 61 ^ i » v F I G U R E 4 .8 : S p o k e o P e o p l e S e a r c h R e s u lt s CEH Lab Manual Page 29 Ethical Hacking and Countermeasures Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited.
  • Module 02 - Footprinting and Reconnaissance ,m i 9. S e a rc h re s u lts d is p la y in g d ie Location History & = y A l l r e s u lt s w i l l b e d i s p l a y e d o n c e t h e s e a r c h is c o m p le t e d spckeo | Location Hittory F I G U R E 4 .9 : S p o k e o P e o p l e S e a r c h R e s u lt s 10. S p o k e o s e a rc h re s u lts d is p la y d ie Family Background, Family Economic Health a n d Family Lifestyle C wJBdmw s p c k e o * ^57&‫ ] -־‬A 0 < r » C 3 6 ‫ :׳‬O I b 1 r 3 7 > Ko»e Christian -nteraClty w yB c p u d iH a fc ro n | 1 raudrtIn# rf‫«׳‬Nm• M•* d • ir *• |Fam Eccroiric H » f> ily «> • EfW G ino’ W anjM F I G U R E 4 .1 0 : S p o k e o P e o p l e S e a r c h R e s u lt s I U k !! O n l i n e m a p s a n d s tre e t v i e w a re u s e d b y o v e r 11. S p o k e o s e a rc h re s u lts d is p la y d ie Neighborhood to r th e s e a rc h d o n e 3 0 0 ,0 0 0 w e b s i t e s , i n c l u d i n g m o s t o n lin e p h o n e b o o k s 1 *t3 A 7 0«‫ ׳‬latrtm a:367; a n d r e a l e s ta te w e b s it e s . s p ck e o F I G U R E 4 . 1 1: S p o k e o P e o p l e S e a r c h R e s u lt s CEH Lab Manual Page 30 Ethical Hacking and Countermeasures Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited.
  • Module 02 - Footprinting and Reconnaissance 12. S im ila rly , p e rfo rm a m Reverse s e a rc h b y g iv in g p h o n e n u m b e r, a d d re ss , e m a il S p o k e o 's r e v e r s e p h o n e lo o k u p fu n c t io n s lik e a p e r s o n a l c a lle r - ID a d d re ss , e tc . 111 d ie Search h e ld to fin d d e ta ils o f a k e y p e rs o n o r a n o rg a n iz a tio n s y s t e m . S p o k e o 's r e v e r s e p h o n e n u m b e r s e a rc h ootejp .'scafch> t= S UO&P ■ it a g g re g a te s h u n d r e d s o f m illio n s o f p h o n e b o o k s p o k e o | ' [(•*25 002-6080 | ) <, * -I r e c o r d s t o h e lp lo c a t e th e o w n e r 's n a m e , l o c a t i o n , • Tull Nam Av.ll.bl• • 9 ‫*>״‬ • tim e z o n e , e m a il a n d o th e r • p u b lic in fo r m a t io n . Q WlrilNam Q POfc•“ “ ( ‫) י‬ n■ ■I ■■ 1 AnM*» V rr© !*•OaUtH • 1> am om iw cm r*»w»«w . cm M t iw m w "‫ --- - י־**־־"־‬- • __ Locution Hlttcry ------- _ jr.!! F I G U R E 4 .1 2 : S p o k e o R e v e r s e S e a r c h R e s u l t o f M i c r o s o f t R e d m o n d O f f i c e Lab Analysis A n a ly z e a n d d o c u m e n t a ll th e re s u lts d is c o v e re d T o o l/ U t ilit y 111 d ie la b e x e rcise . In f o r m a t io n C o lle c t e d / O b je c t iv e s A c h ie v e d P r o f ile D e t a ils : ■ C u rre n t A d d re s s ■ Phone N um ber ■ E m a il A d d r e s s ■ M a r it a l S ta tu s ■ E d u c a t io n ■ O c c u p a t io n L o c a t io n H is t o r y : In f o r m a t io n a b o u t w h e r e th e p e rs o n Sp okeo h a s liv e d a n d d e ta ile d p r o p e r t y in f o r m a t io n F a m il y B a c k g r o u n d : In f o r m a t io n a b o u t h o u s e h o ld m e m b e rs t o r th e p e rs o n y o u s e a rc h e d P h o to s & S o c ia l P r o f ile s : P h o t o s , v id e o s , a n d s o c ia l n e t w o r k p r o file s N e ig h b o r h o o d : In f o r m a t io n a b o u t th e n e ig h b o r h o o d R e v e r s e L o o k u p : D e t a ile d in f o r m a t io n f o r th e s e a rc h d o n e u s in g p h o n e n u m b e rs CEH Lab Manual Page 31 Ethical Hacking and Countermeasures Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited.
  • Module 02 - Footprinting and Reconnaissance PLE A SE TA LK TO Y O U R IN S T R U C T O R IF Y O U R E L A T E D TO T H IS LAB. H A V E Q U E ST IO N S Questions 1. H o w d o y o u c o lle c t a ll th e c o n ta c t d e ta ils o f k e y p e o p le u s in g S p o k e o ? 2. Is it p o s s ib le to re m o v e y o u r re s id e n tia l lis tin g ? I f y e s , h o w ? 3. H o w c a n y o u p e rfo rm a re v e rs e s e a rc h u s in g S p o k e o ? 4. L is t th e k in d o f in fo rm a tio n th a t a re v e rs e p h o n e s e a rch a n d e m a il se a rch w ill y ie ld . In t e r n e t C o n n e c t io n R e q u ir e d 0 Yes P la t f o r m 0 CEH Lab Manual Page 32 □ N o S u p p o rte d C la s s r o o m □ !L a b s Ethical Hacking and Countermeasures Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited.
  • Module 02 - Footprinting and Reconnaissance Analyzing Domain and IP Address Queries Using SmartWhois S m a rtW h o is is a n e tw o rk in fo rm a tio n u tility th a t a llo w s y o n to lo o k u p m o st a v a ila b le in fo rm a tio n on a hostnam e, IP ad d ress, o r d o m ain . Lab Scenario Valuable information______ 111 th e p re v io u s k b , y o u le a rn e d to d e te rm in e a p e rs o n o r a n o rg a n iz a tio n ’s lo c a tio n u s in g th e Spokeo o n lin e to o l. O n c e a p e n e tra tio n te s te r h a s o b ta in e d th e u s e r’s Test your knowledge = lo c a tio n , h e o r sh e c a n g a th e r p e rs o n a l d e ta ils a n d c o n fid e n tia l in fo rm a tio n fro m th e W eb exercise e n g in e e rin g . 111 th is la b , y o u w ill le a rn to u se th e W orkbook review u s e r b y p o s in g as a n e ig h b o r, th e c a b le g u v , o r th ro u g h th e a v a ila b le in fo rm a tio n a b o u t a n y I P a n y m e a n s o f s o c ia l SmartWhois to o l to lo o k u p a ll o l a d d re ss , h o s tn a m e , 01‫־‬ d o m a in a n d u s in g th e se in fo rm a tio n , p e n e tra tio n te ste rs g a m a cce ss to th e n e tw o rk o f th e p a rtic u la r o rg a n iz a tio n fo r w h ic h th e y w is h to p e rfo rm a p e n e tra tio n test. Lab Objectives T h e o b je c tiv e o f tin s la b is to h e lp s tu d e n ts a n a ly z e domain a n d IP address q u e n e s. T in s la b h e lp s y o u to g e t m o s t a v a ila b le in fo rm a tio n and 011 a hostname, IP address, domain. Lab Environment & Tools dem onstrated in this lab are available in D:CEHToolsCEHv 8 Module 02 Footprinting and Reconnaissance 111 th e la b y o u n e e d : ■ A c o m p u te r r u n n in g a n y v e r s io n o f ■ A d m in is t r a to r p r iv ile g e s to r u n ■ The 01‫־‬ ■ S m artW hois Sm artW hois to o l, a v a ila b le 111 D:CEH-T 00 lsCEHv 8 M odule 02 Footprinting and R econnaissanceW H O IS Lookup ToolsSm artW hois d o w n lo a d a b le f r o m h t t p :/ / w w w .ta m o s .c o m I f y o u d e c id e to d o w n lo a d th e la te s t v e r s io n , th e n 111 CEH Lab Manual Page 33 W indow s w it h In te rn e t a c c e s s screen sh ots s h o w n th e la b m ig h t d if f e r Ethical Hacking and Countermeasures Copyright © by EC-Council All Rights Reserved. Reproduction is Stricdy Prohibited.
  • Module 02 - Footprinting and Reconnaissance Lab Duration E Q h t t p :/ / w w w . ta m o s .c o ‫.׳‬ T u n e : 5 M in u te s Overview of SmartWhois S m a r tW h o is is n e tw o rk in fo rm a tio n u tilit y th a t a llo w s y o u to lo o k u p m o s t a v a ila b le in fo rm a tio n p ro v in c e , 011 c ity , a hostname, IP address, o r domain, in c lu d in g c o u n try , sta te o r n am e of netw ork th e provider, te c lu iic a l s u p p o rt c o n ta c t in fo rm a tio n , a n d a d m in is tra to r. m S m a r tW h o is c a n b e S m a r tW h o is h e lp s y o u to s e a rc h fo r in fo rm a tio n s u c h as: c o n fig u r e d t o w o r k f r o m ■ T h e o w n e r o l th e d o m a in ■ T h e d o m a in re g is tra tio n d a te a n d th e o w n e r’s c o n ta c t in fo rm a tio n ■ b e h in d a f ir e w a ll b y u s in g T h e o w n e r o f d ie I P a d d re ss b lo c k H T T P / H T T P S p ro x y s e rve rs. D iff e r e n t S O C K S v e r s i o n s a r e a ls o s u p p o r t e d . Lab Tasks N ote: I f y o u a re w o r k in g num ber 13 111 th e lL a b s e n v ir o n m e n t, d ir e c tly ju m p to 1. F o llo w th e w iz a r d - d r iv e n 2. T o la u n c h th e step in s ta lla tio n s te p s a n d in s ta ll S m a r t W h o is . S ta rt m e n u , h o v e r th e m o u s e c u r s o r 111 th e lo w e r- le ft c o r n e r o f th e d e s k to p m S m a r t W h o is c a n save o b t a in e d in f o r m a t io n t o a n a r c h i v e f i le . U s e r s c a n l o a d t h is a r c h iv e th e n e x t t im e t h e p r o g r a m is la u n c h e d F I G U R E 5 .1 : W i n d o w s S e r v e r 2 0 1 2 — D e s k t o p v i e w a n d a d d m o r e in fo r m a t io n t o it . T h i s f e a t u r e a l l o w s 3. T o la u n c h S m artW hois, c lic k Sm artW hois 111 apps y o u t o b u ild a n d m a in t a in y o u r o w n d a ta b a s e o f I P a d d resses a n d h o s t n a m e s. CEH Lab Manual Page 34 Ethical Hacking and Countermeasures Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited.
  • Module 02 - Footprinting and Reconnaissance Start Microsoft WcrG 2010 Ucrwoft Office 2010 jptoad‫״‬ Proxy Workben‫.״‬ a • ­ ‫לי‬ p lr ^ ? Snogit !‫ס‬ Editor jlDtal VJatworir 5 r 41 S Adobe Reader X Google Earth Uninstol Dcrroin Name Pro Uninstall or Repair Visual IP Trace HyperTra. Updates Bl S' ■ S <&rt Googie Earn n _ J T J Keqster AV Picture Vcwrr W11RAR Start Googfe harm *u AV Picture Vicwor Run Client Path VisualKc... ?010 Reqister HyporTra HyperIra. m A Hdp FAQ Uninstall UypwTia.. PingPlott• Standard ■ ? I? ‫ז הי‬ 4 Snagit 1 0 ‫ה‬ ‫•יי‬ & H 5r MTTflort ).ONFM Aeb DMA Google Chtomt Uninstall ;< C. o ‫־•י‬ id f SnurnMi 4. MIB Compier GEO Mage NctTrazc « t R jr Server • M«g)Png Met ccnfigur.. *> F I G U R E 5 .2: W i n d o w s S e r v e r 2 0 1 2 — A p p s TAS K 1 Lookup IP 4. The Sm artW hois m a in w in d o w a p p e a rs ro Sm artW hois - Evaluation Version File Query Edit View Settings Help B| > 8 1) 8 8 IP, host or domain: 9 There are no results to dtspl... m I f y o u n ee d to q u e ry a n o n - d e fa u lt w h o is s e r v e r o r m a k e a s p e c ia l q u e r y c lic k V ie w W h o is C o n s o le f r o m th e m e n u o r c lic k th e Q u e r y b u t t o n a n d s e le c t Ready C u s to m Q u ery. F IG U R E D . T y p e an 5 .3 : T h e S m a r t W h o i s m a i n w i n d o w IP address, hostnam e, o r dom ain nam e 111 th e fie ld ta b . A 11 e x a m p le o f a d o m a in n a m e q u e ry is s h o w n as fo llo w s , ‫ ־‬w w .g o o g le .c o m . w T IP, host or domain: 9 google.com V F IG U R E 6. N o w , c lic k th e 5 .4 : A Quety S m a r t W h o is d o m a in s e a rc h Query ta b to fin d a d ro p - d o w n lis t , a n d th e n c lic k As Dom ain to e n te r d o m a in n a m e CEH Lab Manual Page 35 ] 111 th e fie ld . Ethical Hacking and Countermeasures Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited.
  • Module 02 - Footprinting and Reconnaissance m S m a r t W h o i s is c a p a b le o f c a c h in g q u e r y r e s u lt s , w h i c h r e d u c e s th e tim e n e e d e d t o q u e r y a n a d d re s s ; i f th e in fo r m a t io n i s i n t h e c a c h e f i l e i t is im m e d ia t e ly d is p la y e d a n d n o c o n n e c tio n s to th e w h o i s s e r v e r s a r e r e q u ir e d .. F IG U R E 7. 5 .5 : T h e S m a r t W h o i s — S e l e c t i n g Q u e r y t y p e 111 th e le f t p a n e o f th e w in d o w , th e d is p la y s d ie re s u lts o f y o u r m resu lt d is p la y s , a n d d ie r ig h t p a n e query. S m a r t W h o is c a n S m a rtW h o is ‫ ־‬Evaluation Version p r o c e s s li s t s o f I P File Query Edit View Settings Help a d d re s s e s , h o s tn a m e s , o r d o m a in n a m e s s a v e d as p la in t e x t ( A S C I I ) o r IP, host or domain: J U n i c o d e f i le s . T h e v a l i d google.com 7] < Query ■ > ‫׳‬ f o r m a t f o r s u c h b a t c h f i le s is s im p le : E a c h lin e m u s t b e g in w it h a n I P 9009 le.c0 m a d d ress, n h o s tn a m e , o r d o m a in . I f y o u w a n t to p ro c e s s d o m a in n a m e s , th e y m u s t b e l o c a t e d i n a s e p a r a t e f i le fro m I P ad d resses a n d h o s tn a m e s . Dns Admin Google Inc. Please contact contact-admingSgoogle.com 1600 Amphitheatre Parkway Mountain View CA 94043 United States dns-admin©google.com *1.6502530000 Fax: ♦ 1.6506188571 DNS Admin ‫ ו‬Google Inc. 1600 Amphitheatre Paricway Mountain View CA 94043 United States dns-admin@qooale.com ♦1.6506234000 Fax: . 1.6506188571 DNS Admin I Google Inc. 2400 E. Bayshore Pkwy Mountain View CA 94043 United States dns-adm1 9009 le.c0 m ♦1.6503300100 Fax: ♦ ngi 1.6506181499 ns4.google.com 1 ns3.google.com F IG U R E 8. C lic k th e C le a r ic o n 5 .6 : T h e S m a r t W h o i s — D o m a i n q u e r y r e s u l t 111 th e t o o lb a r to c le a r d ie h is to r y . Sm a rtW h o is ‫ ־‬E valu atio n V ersion File Query Edit View Settings Help JT ^ B> F IG U R E — t 9. T o p e r fo r m a s a m p le 5 .7 : A S m a r t W h o is t o o lb a r host nam e query, ty p e w w w .fa c e b o o k .c o m . Host Nam e Query CEH Lab Manual Page 36 Ethical Hacking and Countermeasures Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited.
  • Module 02 - Footprinting and Reconnaissance 10. C lic k th e h o s tn a m e IP, host or domain: i Query ta b , a n d d ie n s e le c t As IP /H ostnam e a n d e n te r a 111 d ie fie ld . v ^ c^ Q uery^ ^ facebook.com F IG U R E 11. m I f y o u w a n t to q u e ry a 111 5 .8 : A S m a r t W h o is h o s t n a m e q u e ry th e le f t p a n e o f th e w in d o w , th e resu lt d is p la y s , a n d p a n e , th e te x t a re a d is p la y s th e re s u lts o f y o u r d o m a in r e g is tr a tio n 111 th e r ig h t query. Sm artW hois * Evaluation Version d a ta b a s e , e n t e r a d o m a in n a m e a n d h it th e E n t e r k e y w h ile h o ld in g th e C t r l k e y , o r ju s t s e le c t A s D o m a i n File Query Edrt View Settings Help 0 3 ? ‫ ״ £* ״‬A ■t 'T S B> 3> IP, host or domain: J www.facebook.com < Query > fr o m th e Q u e r y d ro p d o w n U Domain Administrator Facebook, Inc. 1 0 Willow Road 61 Menlo Park CA 94025 United States domainffifb.com -1.6505434800 Far «•1.65 5 4 00 0 43 8 3 Domain Administrator ‫ ו‬Facebook, Inc. 1 0 Willow Road 61 Menlo Park CA 94025 United States domain®fb.com -1.6505434800 Fax: ♦1.6505434800 Domain Administrator 1 Facebook, Inc. 1 0 Willow Road 61 Menlo Park CA 94025 United States doma1 nffifb.com ♦ 1.6505434800 Fax: « 1.6505434800 • ns3.facebook.com , ns5.facebook.com J m I f y o u ’r e s a v i n g r e s u lt s a s a t e x t file , y o u c a n F IG U R E 5 .9 : A S m a r t W h o i s h o s t n a m e q u e r y r e s u lt s p e c if y t h e d a ta fie ld s t o b e s a v e d . F o r e x a m p le , y o u 12. C lic k th e C le a r ic o n 111 th e t o o lb a r to c le a r th e h is to r y . c a n e x c lu d e n a m e s e r v e r s o r b illin g c o n t a c t s f r o m th e 13. T o p e r fo r m a s a m p le IP Address q u e ry , ty p e th e I P a d d re s s 1 0 .0 .0 .3 o u t p u t f i le . C l i c k S e t t in g s ‫ ) ־‬O p t io n s ‫ ^ ־‬T e x t & (W in d o w s 8 I P a d d re s s ) 111 th e IP, host or dom ain fie ld . X M L t o c o n fig u r e th e o p tio n s . IP, host or domain: ^ 10.0.0.3 F IG U R E 5 .1 0 : A S m a r t W h o is I P 14. 111 th e le f t p a n e o f th e w in d o w , th e ad d ress q u e ry resu lt d is p la y s , a n d p a n e , th e te x t a re a d is p la y s th e re s u lts o f y o u r CEH Lab Manual Page 37 111 th e r ig h t query. Ethical Hacking and Countermeasures Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited.
  • Module 02 - Footprinting and Reconnaissance ^3 SmartWhois - Evaluation Version ! ‫ ־־‬I ‫ ם‬r x ‫י‬ Tile Query Edt View Settings Help ■® j‫׳‬ b b v IP, hast or domain; | 9 10.0.0.3 L 0 10.0.0.0 -10.255.255.... ^ 10.0.0.3 X X H=y1 10.0.0.0 10255.255.255 I . Internet Assigned Numbers Authority 4676 Admiralty Way, Suite 330 Marina del Rey CA 90292-6595 United States S m a r t W h o is s u p p o rts 69 c o m m a n d lin e p a ra m e te r s !{ Query » = > s p e c ify in g I P Internet Corporation for Assigned Names and Number 1-310-301 •5820 9buse©1ana,org « • y Internet Corporation for Assigned Names aid Number jj; A abuseO1ana.0 rg » 301-5820■ ‫וג‬ 0‫-י‬ a d d r e s s / h o s t n a m e / d o m a in , a s w e l l as file s t o b e opened /saved. [n l ‫ > ־‬PRIVATE-ADDRESS-ABLK-RFC1918-IANA-RESERVED ‫־‬ Updated: 2004-02-24 Source: whois.arin.net Completed at 7/30/2012 12:32:24 PM Processing time: 0.14 seconds View source _________________J Done F IG U R E 5 .1 1 : T h e S m a r t W h o i s I P q u e r y r e s u lt Lab Analysis D o c u m e n t a ll th e I P a d d re s s e s / h o s tn a m e s f o r th e la b t o r f u r th e r in f o r m a t io n . T o o l/ U t ilit y In f o r m a t io n C o lle c t e d / O b je c t iv e s A c h ie v e d D o m a in n a m e q u e r y r e s u lt s : O w n e r o f th e w e b s ite H o s t n a m e q u e r y r e s u lt s : G e o g r a p h ic a l lo c a tio n o f S m a r t W h o is th e h o s te d w e b s ite IP a d d r e s s q u e r y r e s u lt s : O w n e r o f th e I P a d d re s s b lo c k PLE A SE TA LK TO Y O U R IN S T R U C T O R IF YO U R E L A T E D TO T H IS LAB. H A V E Q U E ST IO N S Questions 1. D e te rm in e w h e th e r y o u c a n u se S m a r tW h o is i f y o u a re b e h in d a fir e w a ll o r a p ro x y s e rv e r. 2. 3. CEH Lab Manual Page 38 W h y d o y o u g e t C o n n e c tio n tim e d o u t o r C o n n e c tio n fa ile d e rro rs ? Is it p o s s ib le to c a ll S m a r tW h o is d ire c d y fro m m y a p p lic a tio n ? I f y e s , h o w ? Ethical Hacking and Countermeasures Copyright © by EC-Council All Rights Reserved. Reproduction is Stricdy Prohibited.
  • Module 02 - Footprinting and Reconnaissance 4. W h a t a re L O C re c o rd s , a n d a re th e y s u p p o rte d b y S m a r tW h o is ? 5. W h e n ru n n in g a b a tc h q u e ry , y o u g e t o n ly a c e rta in p e rc e n ta g e o f th e d o m a in s / IP a d d re sse s p ro c e s s e d . W h y a re s o m e o f th e re c o rd s u n a v a ila b le ? In t e r n e t C o n n e c t io n R e q u ir e d □ Yes P la t f o r m 0 CEH Lab Manual Page 39 □ N o S u p p o rte d C la s s r o o m 0 !L a b s Ethical Hacking and Countermeasures Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited.
  • Module 02 - Footprinting and Reconnaissance Lab Network Route Trace Using Path Analyzer Pro P a th A n a ly s e r P ro d e liv e rs ad van ced n e tw o rk ro u te tra c in g n ith p e rfo rm a n ce tests, D N S , w ho/s, a n d n e tiro rk re so lu tio n to in ve stig a te n e tiro rk issu es. Lab Scenario Valuable information______ U s in g th e in fo rm a tio n IP address, hostname, domain, e tc. fo u n d 111 th e p re v io u s la b , a cce ss c a n b e g a in e d to a n o rg a n iz a tio n ’s n e tw o rk , w h ic h a llo w s a p e n e tra tio n Test your knowledge = W eb exercise W orkbook review te s te r to p o s s ib le th o ro u g h ly le a rn v u ln e ra b ilitie s . about T a k in g th e a ll o rg a n iz a tio n ’s th e in fo rm a tio n p e n e tra tio n te ste rs s tu d y th e sy ste m s to tin d d ie b e s t n e tw o rk e n v iro n m e n t g a th e re d in to fo r a c c o u n t, routes of attack. T h e sa m e task s c a n b e p e rfo rm e d b y a n a tta c k e r a n d th e re s u lts p o s s ib ly w ill p ro v e to b e v e r y fa ta l fo r a n o rg a n iz a tio n . c o m p e te n t to tra c e s u c h cases, as a p e n e tra tio n 111 te s te r y o u s h o u ld b e netw ork route, d e te rm in e netw ork path, a n d tro u b le s h o o t netw ork issues. H e r e y o u w ill b e g u id e d to tra c e d ie n e tw o rk ro u te u s in g d ie to o l Path Analyzer Pro. Lab Objectives The o b je c t iv e o f tin s n e t w o r k p a th s , a n d I P la b is to h e lp s tu d e n ts research em ail addresses, a d d re s s e s . T h is la b h e lp s to d e te rm in e w h a t I S P , r o u te r , o r s e rv e rs a re re s p o n s ib le f o r a n e tw o rk problem. Lab Environment H Tools dem onstrated in this lab are available in D:CEHToolsCEHv 8 Module 02 Footprinting and Reconnaissance 111 th e la b y o u n e e d : ■ D :CEH-ToolsCEHv 8 M odule 02 Footprinting and R econ n a is s a n c e T ra c e ro u te ToolsPath A nalyzer Pro ■ Y o u c a n a ls o d o w n lo a d th e la te s t v e r s io n o f P a t h A n a ly z e r p ro : P a t h A n a ly z e r p r o is lo c a te d a t ■ I f y o u d e c id e to d o w n lo a d th e la te s t v e r s io n , th e n 111 CEH Lab Manual Page 40 Path A n alyzer Pro fr o m th e lin k h tt p :/ / w w w .p a t h a 11a ly z e r .c o m / d o w n lo a d .o p p screen sh ots s h o w n th e la b m ig h t d if f e r Ethical Hacking and Countemieasures Copyright © by EC-Council All Rights Reserved. Reproduction is Stticdy Prohibited.
  • Module 02 - Footprinting and Reconnaissance W indow s S erver 2 0 1 2 ■ In s t a ll tin s t o o l o n ■ D o u b le - c lic k ■ F o llo w th e w iz a r d d r iv e n in s ta lla t io n to in s ta ll it ■ A d m in is t r a t o r p r iv ile g e s to r u n PAPro27.m si Path A nalyzer Pro Lab Duration T u n e : 10 M in u te s Overview of Network Route Trace T ra c e ro u te is a c o m p u te r n e t w o r k tra n s it tim e s of p a c k e ts a c ro s s to o l an lo r m e a s u rin g In t e r n e t p ro to c o l route path a n d th e (IP ) n e tw o r k . The tra c e ro u te t o o l is a v a ila b le o n a lm o s t a ll U n ix - lik e o p e r a tin g s y s te m s . V a r ia n t s , T r a c e r o u t e is a su ch as tra c e p a th o n m o d e r n L in u x in s ta lla tio n s a n d tra c e rt o n M ic r o s o f t s y s te m a d m in is t r a t o r s ’ u t ilit y to tr a c e th e r o u te I P W in d o w s o p e r a tin g s y s te m s w it h s im ila r f u n c tio n a lit y , a re a ls o a v a ila b le . p a c k e ts ta k e fr o m a s o u rc e s y s te m t o s o m e d e s t in a t io n s y ste m . Lab Tasks 1. F o llo w th e w iz a r d - d r iv e n in s ta lla t io n s te p s to in s ta ll P a t h A n a ly z e r P r o 2. T o la u n c h th e S ta rt m e n u , h o v e r th e m o u s e c u r s o r in th e lo w e r- le ft c o r n e r o f th e d e s k to p F I G U R E 6 .1 : W i n d o w s S e r v e r 2 0 1 2 — D e s k t o p v i e w 3. T o la u n c h Path A nalyzer Pro, c lic k Path A nalyzer Pro Start & 111 apps A dm inistrator £ P a t h A n a ly z e r P r o s u m m a r iz e s a g iv e n tra c e Server M 1 nye1 < w it h in s e c o n d s b y Wncawi PuwerStiell f — w i t h a ll t h e im p o r t a n t in fo r m a t io n o n th e ta rg e t— w e c a ll t h is d ie S y n o p s is . Task Manager Admimstr.. Tooh Mozilla Fkiefctt ttyp*f-V Manager hyperV Virtual Machine m Compute g e n e r a t in g a s im p le r e p o r t <0 * ‫יי‬ & Command Prompt Google Chrome ‫פי‬ < o Google fcarth Adobe Reader X j CEH Lab Manual Page 41 Path Aiktyiet Pt02J X Ethical Hacking and Countermeasures Copyright © by EC-Council All Rights Reserved. Reproduction is Stricdy Prohibited.
  • Module 02 - Footprinting and Reconnaissance F I G U R E 6 .2 : W i n d o w ' s S e r v e r 2 0 1 2 — A p p s E valu ate b u tto n 4. C lic k th e 5. T h e m a in w in d o w o f P a t h A n a ly z e r P r o a p p e a rs as s h o w n in th e 011 R e g is tr a t io n F o r m f o llo w in g s c re e n s h o t ‫מ‬ Path Analyzer Pro File Vgm Hep « 9 New Trace N etw ork 4 0092 P‫־‬efcrercE£ rsr ini & Paae Setup Print Exoort Export KM. Chedc for Ibdstes StandardOptions Protoca) Port: 3 Smart 65535 C < IC 5 DM IO TO > O ucp (J Help 'C‫ ‘׳‬Report N*T-f*rx»/ *fji Svnooab | ( 3 Charts [ Q Geo | yl loo | O Trace |Onc-ttroe Trace Sfcfa source Pat I □ RcnJw [65535 ^ Tae Mods r cs I (•) Defaiit I C) FIN5*oc*tt fW/ ASN NetivorkNam % e ‫ ־‬Acvanced Probe Detak _cr‫ ־‬J ‫ ־‬of potkct g‫׳‬ Srrart T] 6^ U tim fe 1 O SC nr*sec0ncs Type-cf-55rvce (•) Urspcaficc O NWnte-Dday M3x1mun T 1 T_ I” lr»tai Seqjerce Mmfce‫־׳‬ [*j Ran^orr |l U J F IN -$ P a c k e t s O n ly - g e n e ra te s o n ly T C P p a c k e ts w it h th e F I N fla g s e t in ‫־‬acct^otu o r d e r t o s o lic it a n R S T o r ^ r■0 03la T C P re s e t p a c k e t as a F IG U R E 6 .3 : T h e P a t h A n a l y z e r P r o M a i n w i n d o w r e s p o n s e f r o m th e ta rg e t. T h is o p tio n m a y g e t b e y o n d a fir e w a ll at th e 6. S e le c t th e ta rg e t, th u s g iv in g th e u s e r IC M P p r o to c o l in th e Standard Options s e c tio n . Standard Options Protocol m o r e tr a c e d a ta , b u t it c o u ld b e m is c o n s t r u e d a s a m a lic io u s a tta c k . © ICMP | O TCP 0 UDP □ NAT-friendly Source Port 1 I Random 65535 -9- Tracing Mode ( • ) D efault O A daptive O FIN Packets Only F IG U R E m P a d i A n a ly z e r P r o s u m m a r iz e a ll t h e r e le v a n t b a c k g r o u n d in fo r m a t io n o n 7. U nder 6 .4 : T h e P a t h A n a l y z e r P r o S t a n d a r d O p t i o n s A dvanced Probe D etails, c h e c k th e S m art o p tio n of p a c k e t s e c tio n a n d le a v e th e r e s t o f th e o p tio n s 111 111 th e Length tin s s e c tio n a t th e n ‫ ־‬d e fa u lt s e ttin g s . it s ta r g e t, b e i t a n I P a d d re ss, a h o s tn a m e , o r a n e m a il a d d ress. CEH Lab Manual Page 42 Note: F ir e w a ll is r e q u ire d to b e d is a b le d f o r a p p r o p r ia te o u tp u t Ethical Hacking and Countermeasures Copyright © by EC-Council All Rights Reserved. Reproduction is Stricdy Prohibited.
  • Module 02 - Footprinting and Reconnaissance m Advanced Probe Details Length o f packet P a d i A n a ly z e r P r o b e n e f it s : ■ R e s e a rc h I P 0 ad d resses, Smart 64 Lifetime e m a il a d d re s s e s , a n d n e t w o r k p a th s * 300 P in p o in t a n d milliseconds tr o u b le s h o o t n e t w o r k a v a ila b ilit y a n d Type-of-Service p e r f o r m a n c e is s u e s ■ (§) Unspecified D e te r m in e w h a t I S P , O r o u t e r , o r s e r v e r is r e s p o n s ib le f o r a n e t w o r k p r o b le m ■ Minimize-Delay Maximum TTL 30 L o c a t e fire w a lls a n d o t h e r filt e r s t h a t m a y b e im p a c t in g c o n n e c t io n s ■ Initial Sequence Number V i s u a l l y a n a ly z e a 0 Random 1 n e t w o r k 's p a th c h a r a c t e r is t ic s * jitte r , a n d o t h e r f a c to r s ■ F IG U R E 8. 111 th e 9. hops A dvanced T racin g D etails s e c tio n , th e o p tio n s r e m a in a t th e ir d e fa u lt s e ttin g s . T r a c e a c t u a l a p p lic a t io n s a n d p o r t s , n o t ju s t I P ■ 6 .5 : T h e P a t h A n a l y z e r P r o A d v a n c e d P r o b e D e t a i l s w i n d o w G r a p h p r o t o c o l la t e n c y , C h eck Stop on control m essages (ICM P) 111 th e A dvan ce T racing D etails s e c tio n G e n e r a t e , p r in t , a n d e x p o r t a v a r ie t y o f Advanced Tracing Details Work-ahead Limit im p r e s s iv e r e p o r ts ‫י‬ P e rfo rm c o n t in u o u s a n d 5 t i m e d t e s t s w i d i r e a l- 01 TTLs t im e r e p o r tin g a n d Minimum Scatter h is to r y 20 milliseconds Probes per TTL Minimum: Maximum: 10 V ] Stop on control messages flC M Pj F IG U R E 6 .6 : T h e P a t h A n a l y z e r P r o A d v a n c e d T r a c i n g D e t a i l s w i n d o w 10. T o p e r fo r m th e tra c e a fte r c h e c k in g th e s e o p tio n s , s e le c t th e ta rg e t h o s t, fo r in s ta n c e w w w .g o o g le .c o m . a n d c h e c k th e P o r t : S m art as d efa u lt (65535). T arg et: w w w.google.com 0 F IG U R E 6 .7 : A Sm art ]6 5 5 3 5 'Q ' I Trace | | One-time Trace P a t h A n a ly z e r P r o A d v a n c e T r a c in g D e ta ils o p tio n N o t e : P a t h A n a ly z e r P r o is n o t d e s ig n e d t o b e 11. 111 th e d ro p - d o w n m e n u , s e le c t th e d u r a tio n o f tim e as T im ed T ra c e u s e d a s a n a t t a c k t o o l. Target: ww w .google.com Po rt: 0 F IG U R E 12. E n t e r th e 6 .8 : A Sm a rt 65535 Trace ] [‫־‬Timed Trace P a t h A n a ly 2 e r P r o A d v a n c e T r a c in g D e ta ils o p tio n Type tim e o f tra c e 111 th e p r e v io u s ly m e n tio n e d fo r m a t as H H : M M : SS. CEH Lab Manual Page 43 Ethical Hacking and Countermeasures Copyright © by EC-Council All Rights Reserved. Reproduction is Stricdy Prohibited.
  • Module 02 - Footprinting and Reconnaissance £3 Type time of trace!_ !_ [ x Accept <> -0-3 Q 0 <> Time o f trace (hh:mm:ss) Cancel SB TASK 2 F IG U R E T race Reports 6 .9 : T h e P a t h A n a l y z e r P r o T y p e t i m e o f t r a c e o p t i o n T ra c e ta b c h a n g e s 13. X lu le P a th A n a ly z e r P r o p e rfo rm s th is tra c e , th e a u to m a tic a lly to T a rg et: Stop. vvww.google.com P o rt: F IG U R E 6 .1 0 : A 3 Sm art 180 Stop Timed Trace P a t h A n a ly z e r P r o T a r g e t O p t io n 14. T o se e th e tra c e re s u lts , c lic k th e R eport ta b to d is p la y a lin e a r c h a rt d epicting th e n u m b e r o f h o p s b e tw e e n y o u a n d th e ta rg e t. Target‫ ׳‬vw .Q oge co w O rr H = yj T h e A d v a n c e d P r o b e | Titred‫ ־‬ra e Tc O Report 5 ‫ ־‬Svnoow 3 C harts vj G eo Loc (3 Stats D e t a i l s s e t t in g s d e t e r m i n e h o w p r o b e s a re g e n e ra te d to p e r fo r m th e tra c e . T h e s e in c lu d e th e L e n g t h o f p a c k e t, L ife tim e , T y p e o f S e r v ic e , M a x im u m T T L , a n d In it ia l S e q u e n c e N u m b e r. IP Adciesj |Hop No icplv n 4 No reply 6 7 8 9 IQ Hostname packets received from TTLs 1 through 2 1 » 1.17 r» 1 29 1 pockets received from TTL 5 1 1.SZ 2 .95 ; 1145 ‫נ‬ 7 ■ M i 176 rric Network Ncme % lo»s 13209 4755 ‫ י‬v... 98.static.52 1.95 ).145 2100.net F IG U R E 15. C lic k th e ASN .n«t 5.29.static■ 6 .1 1 : A 4755 151&9 15169 15169 15169 Krln Latency Latency Avg Latency Max Latency StdDev 0.0c 0.00 GOOGLE GCOGLE GOOGLE GOOGLE 3.96 4.30 257.78 lllllllllllllllllllllll127924 63179 77 13 61 OJM JJC DC O 3.X 0JX 1663 25T7 2582 2607 25.W lllllllllllllllll llllllllllllllllll lllllllllllllllllll !lllllllllllllllllll lllllllllllllllllllll 567.27 62290 660.49 66022 71425 1 165.07 227.13 176.7S ‫77.18־‬ 208.93 2C3.45 219.73 251.84 260.64 276.13 275.12 309.08 P a t h A n a ly z e r P r o T a rg e t o p tio n Synopsis ta b , w h ic h d is p la y s a o n e - p a g e s u m m a r y o f y o u r tra c e re s u lts . Taroet: I wv»w.gxgte.:om m Trace lined Trace L e n g th o f p a c k e t: T h is o p t i o n a llo w s y o u to Report | Sy-Kpnc |‫־‬ E Chorto j ^ Geo | [gj log | 1 Stota >‫י‬ s e t th e le n g t h o f t h e p a c k e t f o r a tra c e . T h e m in im u m s iz e o f a p a c k e t , a s a Forward DNS (A records) 74.125■236.176 g e n e r a l r u l e , is a p p r o x im a t e ly 6 4 b y te s , d e p e n d in g o n th e p r o t o c o l u s e d . T h e m a x i m u m s iz e o f R ev ers e DNS (PT R- iccotd) *r/vw.l.google.o Alternate Name w.vw.gocg o co. a p a c k e t d e p e n d s o n d ie p h y s i c a l n e t w o r k b u t is g e n e r a lly 1 5 0 0 b y te s f o r a r e g u la r E t h e r n e t n e t w o r k o r 9 0 0 0 b y te s u s in g G ig a b it E t h e r n e t n e tw o r k in g w ith REGISTRIES The orgamzaton name cn fi e at the registrar for this IP is Google Inc. and the organization associated *ith the originating autonomous system is Google Inc. ju m b o fr a m e s . INTERCEPT The best point cf lav/u intercept is within the facilities of Google Inc.. F IG U R E CEH Lab Manual Page 44 6 .1 2 : A P a t h A n a ly z e r P r o T a r g e t o p tio n Ethical Hacking and Countermeasures Copyright © by EC-Council All Rights Reserved. Reproduction is Stricdy Prohibited.
  • Module 02 - Footprinting and Reconnaissance m 16. C lic k th e TASK C harts ta b to v ie w th e re s u lts o f y o u r tra c e . 3 Target: I mvw.goo^c.a: Port: @ Smait [80 ‫־‬Race | |Timed‫־‬ nace V iew Charts Repat 1 3■ Synopsis | ^ 0 Chars | U Geo | [g] Log | 51 Stats [ ‫^ כ‬ ; : sa e g ‫כ‬B S S 6 0 0 5 0 0 4 0 0 E 0 0 %3 zo o 1 0 0 0 Ao a n mly m . P a t h A n a ly z e r P r o u s e s S m a r t as t h e d e fa u lt L e n g t h o f p a c k e t. W h e n t h e S m a r t o p t i o n is c h e c k e d , d ie s o ftw a r e a u t o m a t i c a l l y s e le c t s d i e m in im u m s iz e o f p a c k e t s F IG U R E 6 .1 3 : T h e P a t h A n a l y z e r P r o C h a r t W i n d o w b a se d o n th e p ro to c o l s e le c t e d u n d e r S t a n d a r d O p tio n s . 17. C lic k Geo, w h ic h d is p la y s a n im agin ary w o r ld m a p fo r m a t o t y o u r tra c e . — TASK 4 V iew Im aginary Map F IG U R E CEH Lab Manual Page 45 6 .1 4 : T h e P a t h A n a l y z e r P r o c h a r t w i n d o w Ethical Hacking and Countermeasures Copyright © by EC-Council All Rights Reserved. Reproduction is Stricdy Prohibited.
  • Module 02 - Footprinting and Reconnaissance 18. N o w , c lic k th e TASK 5 V ital Statistics S ta ts ta b , w h ic h fe a tu r e s th e V ita l S ta tis tic s o f y o u r c u r r e n t tra c e . Taiact; * av».google,:on • C' 1 SjTooss ort: f✓ Smart ---------------- q ‫& ־‬ £3 charts I O Geo - 3 0 ' | Tracc iTimsdTrocc |2 ‫ ל‬Slats « Source m M a x im u m T T L : T h e m a x im u m T i m e t o L i v e ( T T L ) is t h e m a x im u m Target Protocol Distance Avg Latency Trace Began Trace Ended Filters 10.0.D2 (echO WN-MSSRCK4K41J : 10.0.02 (ethO: WNMSSELCK4K41 10.0.D2 (cthO: W N MSSELCK4K41 ‫־‬C.0.D2 (tr.hC V/ N-MS5ELCK4K41 ‫:׳‬ 1C.0.02 («h0! W N-MSSELCK4K41 10.0.02 (cthO: WN MSSELCK4K41 10.0.02 (cthC‫ .׳‬W N MSSELCK4K41 ‫־‬ 1C.0.02 (e‫.׳‬h • W N-MS5RCK4K41 C: 10.0.02 («h0- WN-MSSHCK4K41; 1C.0.02 (cthO: W N MSSELCK4K41 10.0.02 (ethO. WN-MSSELCK4K41 1C.0.02 (e.hC‫ .׳‬W N MSSELCK4K41 10.0.02(*h0-WN-MSSH( K4K4I; 1C.0.0 ‫( י‬cthC‫ :׳‬W N MSSUCK4K41 10.0.02 (cthO. W NMSSCLCK4K41 10.0.02 (e‫׳‬h0: W N-MSSELCMK41 10.0.02 («h0• W N-MSSHl K4K4I; 1C.0.0 ‫( י‬cshC‫ :׳‬W N MSSELCMK-11 10.0.02 (ehO. W M-MSSELCK4K41 74.125256.176 74.125236.176 74.125236.176 74.125236.176 74.125256.176 74.125236.176 74.125236.176 74.125236.176 74.125256.176 74.125236.176 74.125236.176 74.125236.176 74.125256.176 74.125236.176 74.125236.176 74.125236.1 ‫6ל‬ 74.125256.176 74.125236.176 74.125236.176 ICMP ICMP ICMP ICMP ICMP ICMP ICMP ICMP ICMP ICMP ICMP ICMP ICMP ICMP ICMP ICMP ICMP ICMP ICMP 1 0 10 10 10 1 0 10 10 10 1 0 1 0 1 0 1 0 10 1 0 10 10 10 10 10 30908 323.98 353.61 37941 39016 404.82 417^4 435.14 42423 421.11 465.05 437.93 44992 446.94 443.51 497.68 5833 681.78 649.31 3 - 1 1 1 11 0 1 1 - 2 :55:11 UTC 30 Jul 12 11 :55:01 UTC Jul 3 121‫:־‬UTC 54 0 :51 3C-Jul-12 1 :54:41 UTC * 3 *1 1 - 2 11:54:32 UTC 0 111 30-Jul-1211:54-22 UTC 3 Jul 1 11:54:12 UTC 0 2 50-JuH2 1 :5 - 1 UTC 1 52 30-Jul-12 11:55:11 UTC 30 Jul-12 11 :55.01 UTC 30-Jul-12 11:54:51 UTC JO-iul-1 11:5441 UTC 2 30 Jul 12 11:54:32 UTC 30 Jul 12 11:5422 UTC 30-JuM2 11:54:12 UTC 50-luM2 11:54€2 UTC 30 Jul 1 11:53:52 UTC 2 30-Jul-l2 11:5343 UTC 30‫־‬JuH2 11:53 33 UTC tO JuU2 1 :55-24 UTC 1 30 Jul 1 11:53:14 UTC 2 30-Jul-1211;5304 UTC 30-JuM2 11:52.54 UTC J0-luU2 11:5245 UTC 30 Jul 1 11:52:35 UTC 2 30-Jul-1 11:5225 UTC 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 311J1-1225a1c c u 11:5*52 UTC - M: 42r r r 3- 1 0 30-Jul 12 11:53:43 UTC 121-3C*Jul ‫: ו‬UTC 53:33 30‫־‬JuM2l 1:5324 UTC J0-luM2 11:53:14UTC 30 Jul 1211:5304 UTC 30-Jul-1 11:52:54UTC 2 30-JuM2 11:52:45UTC 30-luH2 11:52:35UTC 30 Jul 12 11:5225 UTC 30-JuH2 11:52:15UTC n u m b e r o f h o p s to p ro b e in a n a tte m p t to re a c h th e ta rg e t. T h e d e fa u lt n u m b e r o f h o p s is s e t t o 3 0 . T h e Source 10.0.02 (ethO: W N-MSSELCK4K41 Target Protocol 74.125256.176 ICMP Distance 10 Avg Latency Trace Segan 46.5771 30-JU-12 11:52:16 UTC Trace Ended 50-Jul-121 :55-21 UTC 1 Filters 2 M a x im u m T T L th a t c a n b e u s e d is 2 5 5 . F IG U R E 19. N o w File Export th e r e p o r t b y c lic k in g Export o n th e to o lb a r. View Help 9 New Close ® f t Paae Setup Print Preferences F IG U R E 20. B v 6 .1 5 : T h e P a t h A n a l y z e ! P r o S t a t i s t i c s w i n d o w Export Export KML Check for Updates Help j 6 .1 6 : T h e P a t h A n a l y z e r P r o S a v e R e p o r t A s w i n d o w d e fa u lt, th e r e p o r t w ill b e saved at D:Program Files (x 86 )Path A nalyzer Pro 2.7. H o w e v e r , y o u m a y c h a n g e it to y o u r p r e fe r r e d lo c a tio n . Save File ‫־‬m Save Statistics As « Organize Program File... ► Path Analyzer Pro 2.7 v C Search Path Analyzer Pro 2.7 z| 1= - ® I N e w folder Downloads Date m odified Type Recent places N o items m atch you r search. Libraries H m T h e In it ia l S e q u e n c e N u m b e r is s e t a s a c o u n t in g Docum ents J* M usic E Pictures 5 Videos m e c h a n is m w it h in th e p a c k e t b e tw e e n th e s o u rc e a n d t h e t a r g e t . I t is s e t t o R a n d o m as th e d e f a u lt , b u t 1 % Com puter y o u c a n c h o o s e a n o th e r s t a r t in g n u m b e r b y Local Disk (C:) la Local Disk (D:) ~ < u n c h e c k in g th e R a n d o m b u t t o n a n d fillin g in File name: Sam ple Report Save as type: CSV Files (c sv ) a n o t h e r n u m b e r . P le a s e N o t e : T h e In it ia l S e q u e n c e N u m b e r a p p lie s o n l y t o T C P c o n n e c t io n s . H ide Folders F IG U R E CEH Lab Manual Page 46 6 .1 7 : T h e P a t h A n a l y z e r P r o S a v e R e p o r t A s w i n d o w Ethical Hacking and Countermeasures Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited.
  • Module 02 - Footprinting and Reconnaissance Lab Analysis D o c u m e n t th e I P a d d re s s e s th a t a re tra c e d f o r th e la b f o r f u r th e r in f o r m a t io n . T o o l/ U t ilit y In f o r m a t io n C o lle c t e d / O b je c t iv e s A c h ie v e d R e p o rt: ■ N u m b er o f hops ■ I P a d d re s s ■ H o s tn a m e ‫י‬ A SN ■ P a t h A n a ly z e r P r o N e tw o rk n am e ■ L a te n c y S y n o p s is : D is p la y s s u m m a r y o f v a lu a b le in f o r m a t io n 011 D N S , R o u tin g , R e g is tr ie s , In t e r c e p t C h a r t s : T r a c e re s u lts 111 th e fo r m o f c h a r t G e o : G e o g r a p h ic a l v ie w o f th e p a th tra c e d S t a t s : S ta tis tic s o f th e tra c e P LE A S E TA LK TO Y O U R IN S T R U C T O R IF Y O U R E L A T E D TO T H IS LAB. H A V E Q U E ST IO N S Questions 1. W h a t is d ie s ta n d a rd d e v ia tio n m e a s u re m e n t, a n d w h y is it im p o rta n t? 2. I f y o u r tra c e fa ils o n th e firs t o r s e c o n d h o p , w h a t c o u ld b e th e p ro b le m ? 3. D e p e n d in g o n y o u r T C P tra c in g o p tio n s , w h y c a n 't y o u g e t b e y o n d m y lo c a l n e tw o rk ? In t e r n e t C o n n e c t io n R e q u ir e d 0 Yes P la t f o r m 0 CEH Lab Manual Page 47 □ N o S u p p o rte d C la s s r o o m □ !L a b s Ethical Hacking and Countermeasures Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited.
  • Module 02 - Footprinting and Reconnaissance Tracing an Email Using the eMailTrackerPro Tool e M a ilT ra c k e rP ro is a to o l th a t a n a ly se s e n / a il h ead ers to d isclo se th e o rig in a l sen d er’ s lo ca tio n . Lab Scenario V a lu a b le m fonnatioti______ s *d Test your knowledge W eb exercise 111 th e p re v io u s k b , y o u g a th e re d in fo rm a tio n s u c h as n u m b e r o f th ro u g h ro u te rs hops b e tw e e n a IP address, e tc . A s y o u k n o w , d a ta p a c k e ts o fte n h a v e to g o h o s t a n d c lie n t, 01‫־‬ fire w a lls , a n d a h o p o c c u rs e a c h tim e p a c k e ts a re p a sse d to th e n e x t ro u te r. T h e n u m b e r o f h o p s d e te rm in e s th e d is ta n c e b e tw e e n th e s o u rc e a n d d e s tin a tio n h o s t. A n a tta c k e r w ill a n a ly z e th e h o p s fo r d ie fir e w a ll a n d d e te rm in e d ie p ro te c tio n la y e rs to h a c k in to a n o rg a n iz a tio n o r a c lie n t. A tta c k e rs w ill d e fin ite ly trv m W orkbook review to h id e d ie k tm e identity a n d location w h ile in tru d in g in to a n o rg a n iz a tio n 01‫־‬ a c lie n t b y g a in in g ille g a l a ccess to o th e r u s e rs ’ c o m p u te rs to a c c o m p lis h th e ir task s. I f a n a tta c k e r u se s e m a ils as a m e a n s o f a tta c k , it is v e r y e s s e n tia l fo r a p e n e tra tio n te s te r to b e fa m ilia r w id i em ail headers a n d d ie ir re la te d d e ta ils to b e a b le to track prevent s u c h a tta c k s w ith a n o rg a n iz a tio n . e m a il u s in g th e eM ailTrackerPRo to o l. and 111 tin s la b , y o u w ill le a rn to tra c e Lab Objectives T h e o b je c tiv e o f tin s la b is to d e m o n s tra te e m a il U a c in g using eMailTrackerPro. S tu d e n ts w ill le a rn h o w to : & Tools dem onstrated in this lab are available in D:CEHToolsCEHv 8 Module 02 Footprinting and Reconnaissance CEH Lab Manual Page 48 geographical so u rc e ■ T ra c e a n e m a il to its tm e ■ Collect N etw ork ( IS P ) a n d domain Whois in fo rm a tio n fo r a n y e m a il tra c e d Lab Environment 111 th e la b , y o u n e e d th e e M a ilT r a c k e r P r o to o l. ■ D :C E H -T o o ls C E H v 8 M o d u le 0 2 Footprinting and R econ n aissan ceE m ail T rackin g T o o lseM ailT rackerP ro e M a ilT r a c k e r P r o is lo c a te d a t Ethical Hacking and Countermeasures Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited.
  • Module 02 - Footprinting and Reconnaissance ■ Y o u c a n a ls o d o w n lo a d d ie la te s t v e r s io n o f e M a ilT ra c k e rP ro fr o m th e lin k h ttp : / / w w w .e m a 11t r a c k e r p r o .c o m / d o w n lo a d .h tm l ■ I f v o u d e c id e to d o w n lo a d th e la te s t v e r s io n , th e n h i screen sh ots s h o w n th e la b m ig h t d if f e r w izard -d riven in s ta lla t io n s te p s a n d in s ta ll th e t o o l ■ F o llo w th e ■ T in s t o o l in s ta lls ■ R u n tin s t o o l ■ A d m in is t r a tiv e p r iv ile g e s a re r e q u ire d to m il tin s t o o l ■ T h is la b re q u ire s a v a lid e m a il a c c o u n t ! H otm ail, 111 Ja v a ru n tim e as a p a r t o l th e in s ta lla t io n W indow s S erver 2 0 1 2 G m ail, Y ahoo, etc .). W” e su g g e s t y o u s ig n u p w it h a n y o f th e s e s e rv ic e s to o b ta in a n e w e m a il a c c o u n t f o r tin s la b ■ P le a s e d o n o t u s e y o u r real em ail acco un ts a n d passw ords 111 th e s e e x e rc is e Lab Duration T u n e : 10 M in u te s .____ e M a ilT r a c k e r P r o h e lp s i d e n t if y d ie t r u e s o u r c e o f e m a ils t o h e lp Overview of eMailTrackerPro tr a c k s u s p e c ts , v e r if y th e s e n d e r o f a m e s s a g e , tra c e a n d r e p o r t e m a il a b u s e rs . E m a il tr a c k in g is a m e th o d to m onitor or spy o n e m a il d e liv e r e d to th e in te n d e d r e c ip ie n t: ■ W h e n a n e m a il m e s s a g e w a s r e c e iv e d a n d re a d ■ I f d e s tr u c tiv e e m a il is s e n t ■ T h e G P S lo c a tio n a n d m a p o f th e r e c ip ie n t ■ T h e tim e s p e n t re a d in g th e e m a il ■ W h e t h e r o r n o t th e r e c ip ie n t v is ite d a n y L in k s s e n t ■ P D F s a n d o th e r ty p e s o f a tta c h m e n ts ■ I f m e s s a g e s a re s e t to e x p ire a fte r a s p e c ifie d tim e 111 th e e m a il Lab Tasks •S. T A S K 1 Trace an Email CEH Lab Manual Page 49 1. L a u n c h th e S ta rt m e n u b y h o v e r in g th e m o u s e c u r s o r 111 th e lo w e r - le ft c o r n e r o f th e d e s k to p Ethical Hacking and Countenneasures Copyright © by EC-Council All Rights Reserved. Reproduction is Stricdy Prohibited.
  • Module 02 - Footprinting and Reconnaissance W in d o w s Se rver 2012 W d w Serve!2 1 Relea»CarvlKJaieO ta e te in o s 02 a cn ! Evaluationcopy.BuildM O O JL. Liiu ,E m F I G U R E 7 .1 : W i n d o w s S e r v e r 2 0 1 2 — D e s k t o p v i e w 2. O n th e S ta rt m e n u , c lic k e M a ilT ra c k e rP ro to la u n c h th e a p p lic a tio n e M a ilT r a c k e r P r o m e M a ilT r a c k e r P r o A d v a n c e d E d i t i o n in c lu d e s a n o n lin e m a il c h e c k e r w h ic h a llo w s y o u t o v i e w a ll y o u r e m a ils o n th e s e r v e r b e fo r e d e liv e r y to y o u r c o m p u te r. F I G U R E 7 .2: W i n d o w s S e r v e r 2 0 1 2 — A p p s OK i f th e Edition S e le c tio n p o p - u p w in d o w a p p e a rs 3. 4. N o w y o u a re re a d y to s ta rt 5. CEH Lab Manual Page 50 C lic k C lic k th e tracin g e m a il h e a d e rs w it h e M a ilT ra c k e rP ro T ra c e an em ail o p tio n to s ta rt th e tra c e Ethical Hacking and Countermeasures Copyright © by EC-Council All Rights Reserved. Reproduction is Stricdy Prohibited.
  • Module 02 - Footprinting and Reconnaissance |‫-°, ־‬x ' eMailTrackerPro v9.0h Advanced Edition Tria' day 8 of 1 5 Start here My Inbox My I race Reports eMailTrackerPro‫״‬ License information I w a n t to : "ra:e an emal H elp & L in k s Log* lp network responsible for an email address < View 0Mai!TrackorPto m anual View my m txjx eMailTrackerf '10 tulcrals View previous traces Ftequenlly asked questions Hnw 10 tiar.w an mnail Huai In 1:hnrk yiiui inlmK H to sotu m accounts ow p ail m T h i s t o o l a ls o H to sotup ruloc foi om ow ails u n co vers co m m o n S P A M H to im aettinqs ow port t a c t ic s . ‫ ח‬Go staijv. to yol arecr Irbcx *‫ ומר‬eNeirTadyrPio 5tar‫צ‬ • Copyrgh:(dflVfcjafyvare, Inc. 1 996-2011 8cf s I5da/tnsl. Ta applya licence cl.ck here or for purchaseinform ation cUk here vO.Oh(buiH 3375) F I G U R E 7 .3 : T h e e M a iT T r a c k e r P r o M a i n w i n d o w 6. C lic k m g T ra c e an em ail w ill d ir e c t y o u to th e e M a ilT ra c k e rP ro by V is u a lw a re w in d o w 7. S e le c t T ra c e an em ail I have received. N o w , c o p y th e e m a il h e a d e r fr o m th e e m a il y o u w is h to tra c e a n d p a s te it in under Em ail headers fie ld E n ter D etails a n d c lic k T ra c e V isualware e M ailTracke rP ro Trial (d a y 8o f 1 ) 5 ------- 1* I CQDfjgure I Help I About I ■ eMailTrackerPro by Visualware •: T rac e an email I have received A received email message often contains information that can locate the computer where the message was composed, the company name and sender's ISP (rrv&e.info). y = J T h e f ilt e r s y s te m in e M a i l T r a c k e r P r o a llo w s y o u t o c r e a t e c u s t o m filte r s O Look up network responsible for an email add ress An email address lookup will find information about the network responsible for mai sent from that address. It will not get any information about the sender of mail from an address but can stfl produce useful information. to m a tc h y o u r in c o m in g m a il. Enter Details To proceed, paste the email headers in the box below (hfiw I.fjnd.th£.h£9£i£r$.?) Note: If you are using Microsoft Outlook, you can trace an em message drectly from Outlook by using the arf eMadTrackerPro shortcut on the toolbar. Em ail h eaders____________________________________________________________________________________ R e tu rn -P a th : R e c e iv e d : id < r i n i m a t t h e w s 0 g m a i l . com > f r o m WINMSSELCK4K41 ( [ 2 0 2 .5 3 .1 1 .1 3 0 ] ) w i6 3 m l5 6 8 1 2 9 8 p b c .3 5 .2 0 1 2 .0 7 .2 5 .2 1 .1 4 .4 1 c ip h e r = O T H E R ) ; W ed, 2 5 J u l 2 0 1 2 2 1 : 1 4 : 4 2 M e s s a g e - ID : D a c e : W ed, <5 0 1 0 c 4 3 2 . -0 7 0 0 8 6 f 1 4 4 0 a . 3 9 b c . 331c@ m x. g 25 J u l 2012 2 1 :1 4 :4 2 -0 7 0 0 b y rn x .g o o g le .c o m w ith (v e rs io n - T L S v l/S S L v 3 (PDT) o o g l e . com > (PDT) F ro m : M i c r o s o f t O u t l o o k < r i n i m a t t h e w s @ g m a i l . com > F IG U R E CEH Lab Manual Page 51 7 .4 : T h e e M a i l T r a c k e r P r o b y V i s u a l w a r e W i n d o w Ethical Hacking and Countermeasures Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited.
  • Module 02 - Footprinting and Reconnaissance TAS K 2 Note: 111 O u t lo o k , t in d th e e m a il h e a d e r b y f o llo w in g th e s e s te p s : ■ D o u b le - c lic k th e e m a il to o p e n it in a n e w w in d o w ■ Finding Email H eader C lic k th e s m a ll a r r o w b o x to o p e n ‫י‬ U nder 111 th e lo w e r- r ig h t c o r n e r o f th e In te rn e t headers, y o u w ill t in d th e Em ail header, as d is p la y e d 111 th e s c re e n s h o t 1 U . oI. Ij J- hi >< «* "« k - *‫״ ״־‬r jj -I ‫—י‬ Tags to o lb a r M essag e Options in f o r m a t io n b o x Mim ------------ ‫יי״׳'־-־‬ ‫' "י״ “צי‬ *-... U T • 'T J Ml I «t. llj i'H O W ttolKi (Vtnni AIM ( ‫ י ם‬r < *n «1t•! *11vrd » h« < «‫׳‬ m T h e abuse rep o rt o p tio n fro m th e M y T r a c e R e p o r t s w in d o w a u t o m a t ic a lly la u n c h e s a b r o w s e r w in d o w w it h th e a b u s e r e p o r t in c lu d e d . F IG U R E 7 .5 : F i n d i n g E m a i l H e a d e r i n O u d o o k 2 0 1 0 T ra c e b u tto n w ill d ir e c t y o u to th e T ra c e report w in d o w 8. C lic k in g th e 9. T h e e m a il lo c a tio n is tra c e d in a G U I w o r ld m a p . T h e lo c a tio n a n d I P a d d re s s e s m a y v a n 7 Y o u c a n a ls o v ie w th e s u m m a ry b y s e le c tin g . Sum m ary section 10. T h e 011 Em ail th e r ig h t s id e o f th e w in d o w T a b le s e c tio n r ig h t b e lo w th e M a p s h o w s th e e n tir e H o p 111 th e r o u te w it h th e I P a n d s u s p e c te d lo c a tio n s f o r e a c h h o p 11. IP address m ig h t b e d if f e r e n t th a n th e o n e s h o w n ‫7׳‬ * 111 th e s c re e n s h o t ‫י *־״׳-י‬ eMailTrackerPro v9.0h Advanced Edition Trial day 8 of 1 5 [File O ptions H elp Ihetrsce sccnplecc; the inform ationfoundisdisplayedo the nght n | T ‫׳‬ viwiRejwit k m : — To: ..... — - IE3 E a c h e m a i l m e s s a g e Misdirected: no AI>us4 Reporting: To automatically generate an email » abuse report click here From IP: 209.85.216.199 in c lu d e s a n In t e r n e t h e a d e r w i t h v a lu a b le in f o r m a t io n , e M a i l T r a c k e r P r o a n a ly 2 es th e m essag e h e a d e r an d re p o rts th e I P System Information: ■ There is no SMTP server running on this system (the port K closed). ■ There is no HTTP server running on this system (the port isclosed). • There is no HTTPS server running on this system (the port is closed). • There is no FTP server running on this system (the port is closed). ad d ress o f th e c o m p u te r w h e r e th e m e s s a g e o r i g i n a t e d , it s e s tim a te d lo c a t io n , th e in d iv id u a l o r o r g a n iz a t io n th e I P a d d r e s s is r e g is t e r e d to , th e n e t w o r k p r o v id e r , a n d a d d it io n a l in f o r m a t io n a s a v a ila b le g ruriil. Klin Date: Wed. 25 Jul 2012 06:36:30 ■0700 (PDT) Subject: Getting started on Google* Location: [America j 5 3 ID 1 1 1 3 1 4 1 5 115113.166.96 2 985 25 .3 0 15 66.2*99 92 4 &*.2331 5 7 .1 64.233174.178 72.U 23982 72.U 23965 T OQ O T ‫ ־‬C O C C T 1 5 1 1 5 B static1 .1 3 6 .9 . 1 {A m & rjc d } {A m & rjc d j lA m o r/C d j {A m e r/c o ) lA m e n c Q j lA m e r K t ) Network Whois Domain Whois Email Header 1 You are cr cay 6 of a 15 aey t rial. To apply a licence Qick here or ter purchase intorrraticr Cickherc F I G U R E 7 .6 : e M a i l T r a c k e r P r o — E m a i l T r a c e R e p o r t CEH Lab Manual Page 52 Ethical Hacking and Countermeasures Copyright © by EC-Council All Rights Reserved. Reproduction is Stricdy Prohibited.
  • Module 02 - Footprinting and Reconnaissance 12. Y o u c a n v ie w th e c o m p le te tra c e r e p o r t TASK 011 My T ra c e R eports ta b 3 r ‫*׳‬ T race Reports eMailTrackerPro v9.0h Advanced Edttio‫ .״‬Trial day 8 of 15 1 ~ ‫ז‬DT * Fie Options Help Stdithaiw Wy Inbox jllyTracc R«pmtejsub|»c<: Guttings Previous Traces & Map a IITMI Subject & Delete © Fiom IP yahoo.com @< ! @ yahoo.com com ...*©yahoor j®yahooeom 74 G 1 y 5619 Moeirg j< yah $ oo.com 2 2.5: 0 Z endio T l Accourcuotom ria croorvico^zcndio.com 632 ? ‫ ?־‬utf8?Brrw = 1|cm • :®qmoil co m 22 • 0 .5 Mwiinq• ‫י‬ g@yah0G .com C O □ T r a c k i n g a n e m a i l is Q1» 11j »UiI*m o ln rt*|1ly‫1־‬l«/1^ifHf^|1l11'» gangly : 1 0 9 tt I n u 2? • ! ‫ •ז*׳‬oiTno ly daaaifctab pu g rep ■ i 3 nngi* r u s e fu l f o r id e n t ify in g th e c o m p a n y an d n e tw o rk • Trace intormation p r o v id in g s e rv ic e f o r th e b b c!: ^ettivja n tic ‫־‬r ! 00■)*+ u> a d d ress. N 6di‫׳‬ecte±10 1 Frcrc ‫ ץכ0׳0 ז‬dii.ttett*;plj:.5:cqfc.ccn < Seniif T 209 85 216.199 P Abjs: >c<kess tScneFojtc) Ucdtia‫ :־‬Kcun:ar ‫ ♦ז‬cdfcr1‫־‬a, use **, Y uare cnday Scf a 1 day:r.a. Toapply a o 5 eC khere cr far purchasein ationCk lic form _ F IG U R E 7 .7 : T h e e M a i l T r a c k e r P r o - M y T r a c e R e p o r t s t a b Lab Analysis D o c u m e n t a ll th e liv e e m a ils d is c o v e r e d d u rin g th e la b w it h a ll a d d itio n a l in fo r m a t io n . .‫ ם‬e m a ilT r a c k e r P r o c a n d e t e c t a b n o r m a lit ie s i n t h e T o o l/ U t ilit y In f o r m a t io n C o lle c t e d / O b je c t iv e s A c h ie v e d e m a il h e a d e r a n d w a r n y o u d ia t d ie e m a il m a y b e s p a m M a p : L o c a t io n o f tra c e d e m a il T a b le : H o p 111 111 G U I m ap th e r o u te w it h I P E m a i l S u m m a r y : S u m m a r y o f th e tra c e d e m a il ■ e M a ilT r a c k e r P r o F r o m & T o e m a il a d d re s s ■ D a te ■ S u b je c t ■ L o c a t io n T r a c e In f o r m a t io n : ■ Sen d er IP ■ CEH Lab Manual Page 53 S u b je c t ■ L o c a t io n Ethical Hacking and Countermeasures Copyright © by EC-Council All Rights Reserved. Reproduction is Stricdy Prohibited. 56
  • Module 02 - Footprinting and Reconnaissance PLE A SE TA LK TO Y O U R IN S T R U C T O R IF Y O U R E L A T E D TO T H IS LAB. H A V E Q U E ST IO N S Questions 1. W lia t is d ie d iffe r e n c e b e tw e e n tra c in g a n e m a il a d d re ss a n d tra c in g a n e m a il m e ssa g e ? 2. W h a t a re e m a il In te r n e t h e a d e rs ? 3. W h a t d oes “ u n k n o w n ” m ean 4. D o e s e M a ilT r a c k e r P r o w o r k w ith e m a il m e ssa g e s th a t h a v e b e e n 111 th e ro u te ta b le o f d ie id e n tific a tio n re p o rt? fo rw a rd e d ? 5. E v a lu a te w h e th e r a n e m a il m e ssa g e c a n b e tra c e d re g a rd le s s o f w h e n it w a s se n t. In t e r n e t C o n n e c t io n R e q u ir e d 0 Yes P la t f o r m 0 CEH Lab Manual Page 54 □ N o S u p p o rte d C la s s r o o m □ !L a b s Ethical Hacking and Countermeasures Copyright © by EC-Council All Rights Reserved. Reproduction is Stricdy Prohibited.
  • Module 02 - Footprinting and Reconnaissance Collecting Information about a Target Website Using Firebug F ire b u g in te g ra te s n ith F ire fo x , p ro rid in g a lo t o f develop w e n t to o ls a llo n in g jo n to e d it, debug, a n d m o n ito r C S S , H T M L , a n d Ja v a S c rip t liv e in a n y ire b p ag e. Lab Scenario / Valuable information______ Test your knowledge sA W eb exercise A s you a ll k n o w , e m a il is o n e o f th e im p o r ta n t to o ls th a t h a s b e e n c re a te d . U n f o r t u n a t e ly , a tta c k e rs h a v e m is u s e d e m a ils to s e n d s p a m to c o m m u n ic a te 111 s e c re t a tte m p tin g to n e c e s s a ry fo r and lu d e th e m s e lv e s u n d e rm in e b u s in e s s p e n e tr a tio n te s te rs to b e h in d d e a lin g s . tra c e 111 th e su ch sp am e m a ils , in s ta n c e s , a n e m a il to f in d th e it w h ile becom es source of em ail e s p e c ia lly w h e r e a c r im e h a s b e e n c o m m itte d u s in g e m a il. Y o u h a v e a lr e a d y le a rn e d in th e m W orkbook review p r e v io u s la b h o w to fin d th e lo c a tio n b y tr a c in g a n e m a il u s in g e M a ilT r a c k e r P r o to p r o v id e s u c h in f o r m a t io n as city , s ta te , country, e tc . fr o m w h e r e th e e m a il w a s a c f t ia llv s e n t. T h e m a jo r it y o f p e n e tr a tio n te s te rs u s e th e M o z illa F ir e f o x as a w e b b r o w s e r t o r t h e ir p e n te s t a c t iv it ie s . 111 tin s la b , y o u w ill le a rn to u s e a p p lic a t io n p e n e tr a tio n p r o v e to b e a u s e fu l te s t and g a th e r c o m p le te Firebug f o r a w e b in fo r m a t io n . F ir e b u g can debugging t o o l th a t c a n h e lp y o u tra c k ro g u e J a v a S c rip t c o d e o n s e rv e rs . Lab Objectives T h e o b je c tiv e o f d u s la b is to h e lp s ftid e n ts le a rn e d itin g , d e b u g g in g , a n d m o n ito rin g C S S , H T M L , a n d Ja v a S c r ip t H Tools dem onstrated in this lab are available in D:CEHToolsCEHv 8 Module 02 Footprinting and Reconnaissance CEH Lab Manual Page 55 111 a n y w e b s ite s . Lab Environment 111 th e la b , y o u n e e d : ■ A w e b b ro w s e r w ith a n In te r n e t c o n n e c tio n ■ A d m in is tra tiv e p riv ile g e s to ru n to o ls ■ T in s la b w ill w o r k 111 th e C E H la b e n v ir o n m e n t - o n W indow s S erver 2 0 1 2 , W indow s 8 , W indow s S erver 2 0 0 8 , a n d W indow s 7 Ethical Hacking and Countenneasures Copyright © by EC-Council All Rights Reserved. Reproduction is Stricdy Prohibited.
  • Module 02 - Footprinting and Reconnaissance Lab Duration T u n e : 10 M in u te s Overview of Firebug F ir e b u g is a n a d d - o n to o l fo r M o z illa F ir e fo x . R u n n in g F ir e b u g d is p la y s in fo rm a tio n su c h as d ir e c to ry s tru c tu re , in te r n a l U R L s , c o o k ie s , s e ssio n ID s , e tc. Lab Tasks F ir e b u g in c lu d e s a lo t 1. o f fe a tu re s s u c h as T o la u n c h th e S ta rt m e n u , h o v e r th e m o u s e c u r s o r in th e lo w e r- le ft c o r n e r o f th e d e s k to p d e b u g g in g , H T M L in s p e c t in g , p r o f ilin g a n d e tc . w h ic h a re v e r y u s e fu l f o r w e b d e v e lo p m e n t . F I G U R E 8 .1 : W i n d o w s S e r v e r 2 0 1 2 — D e s k t o p v i e w 2. O i l th e S ta rt m e n u , c lic k M ozilla F irefox to la u n c h th e b r o w s e r Start Seroei Mauger m O n F ir e b u g fe a tu re s : • Ja v a s c r ip t Central fane• M o n it o r d ie Ja v a s c r it w P e rfo rm a n c e an d X m lH t t p R e q u e st T ra c in g • S L o g g in g • Hyper-V Manager 4 ‫וי‬ Hyper-V Virtual Machine.. Command Prompt Google fcarth Google Chrome j 11 K • r Adm irostt.. TO OK ^ * C o m m a n d L in e • Wndows poyversheii Task Manager J a v a s c r i p t d e b u g g in g • Adm inistrator • 1 Mu/illa hretox In s p e c t H T M L an d —‫־‬ E d it H T M L • F I G U R E 8 .2: W i n d o w s S e r v e r 2 0 1 2 — A p p s E d it C S S 3. T v p e th e U R L h ttp s://getfirebug.com 111 th e F ir e f o x b r o w s e r a n d c lic k In s ta ll Firebug CEH Lab Manual Page 56 Ethical Hacking and Countermeasures Copyright © by EC-Council All Rights Reserved. Reproduction is Stricdy Prohibited.
  • Module 02 - Footprinting and Reconnaissance T ° *‫י‬ ‫!־־‬ ** f rebog ^ |• 9 f ft c* i ‫ ־‬tfre u <n~ e C q or | W h a t is Firebug? TAS K 1 Community introCiKtion ana Features ^ Docum entation FA and •v:« Q D tscibswt foru*s anc :tp i. F ir e b u g J Installing Firebug Install Firebug ta/~u rw Web Development Evolved. ‫י‬ Other Versions *P lrap«ct HTML and modify style and layout In real-time *0 Use tb• most advanced JavaScript debugger available for any browser V Acairatety analyze network usage and performance ^ Extend Firebug and add features to make Firebug even more powerful ♦‫ *׳‬Get the information you need to got it done with Firebug. Exi Introduction to Firebug Hi “ bug pyl opntomalogllt Rob Cam pbell g lv*‫׳‬t * quick Introduction to Fit •bug. v/vtch now - The m ost pop ular and pow erfu l w eb d eve lo p m e n t tool < A Firebuc Lite More ScfMWMlI ‘ More Features - F I G U R E 8 .3: W i n d o w s S e r v e r 2 0 1 2 - A p p s 4. C lic k in g In s ta ll Firebug w ill r e d ir e c t to th e D ow nload Firebug p a g e C lic k th e Dow nload lin k to in s ta ll F ir e b u g ■MMM‫־‬ I !_ !□ : > ‫ו‬ Dmnlud fifet ^ A 1H gelfitebug coir -- e |■1 0‫ ־‬s * ‫.1 ־‬ o»l«* vnod/ ft c- P Download Firebug y j F ir e b u g Firebug for Firefox in s p e c ts H T M L a n d m o d i f y s ty le a n d la y o u t in $ r e a l - t im e Firebug 1.10 for Firefox 14: Recommended Compjtlbtc with: FI1 © 13-16 fox |l)own1rart| Release Notes. New 1 eatures Finebug 1.9.2 Compatible with: Firefox 6-13 Powntoad. Retease notes Firebug 1.8.4 Compatible with: Fliefox 5-9 Download, Release notes Firebug 1.7.3 Compatible with: Firefox 3.6, 4, 5 F I G U R E 8 .4: W i n d o w s S e r v e r 2 0 1 2 — A p p s 5. O n th e Add-Ons p a g e , c lic k th e b u tto n Add to F irefox to in itia te th e A d d - O n in s ta lla t io n ^ F«rbug; Acld-omfor R id a ^ L± J fi ‫ • ;« ־)*י••יו‬V« I U 1 btlpvy/add0ro.m 2il<.0(g w‫־‬US/firff0xrtd 0‫׳‬vWbug' ‫״‬ > S o 1 /1 / d ‫־‬C ‫ ״ |?י‬Google P ft D ‫־‬ »‫- ׳‬ R«9 itcr or Loc in I Othor Applications * m F ir e b u g a d d s s e v e ra l ADD-ONS LXILMSJONS I PtKSONAS I IHLMLS I C0CLLCTI0NS M0RL-. F search for add ons c o n fig u r a tio n o p tio n s to F ir e f o x . S o m e o f th e s e Welcome to Firefox Add-ons. Choose from thousands of extra features and styles to make Firefox your own o p tio n s c a n b e c h a n g e d t h r o u g h d ie U I , o th e r s c a n b e m a n ip u la t e d o n ly v ia # * Extensions » Firebug ★★★ ★★ a b o u tx o n f ig . Firebug 1.10.1 by Joe Hewitt, Jan Odvarko, robcee, HrcbugWorfcLngGroup Firebug Integrates with Firefox to put a wealth of development tools at your fingertips while yx ubrowse. You can edit, debug, and monitor CSS. HTM L, and JavaScript live in > any web page... 1 , 3 8 1 user reviews 3 ,0 0 2 ,5 0 6 users Q Add to collection < Sharethis Add on F I G U R E 8 .5 : W i n d o w s S e r v e r 2 0 1 2 — A p p s CEH Lab Manual Page 57 Ethical Hacking and Countermeasures Copyright © by EC-Council All Rights Reserved. Reproduction is Stricdy Prohibited.
  • Module 02 - Footprinting and Reconnaissance 6. m C lic k th e In s ta ll N ow b u tto n 111 th e S o ftw a re In s ta lla tio n w in d o w S oftw are In sta lla tio n p a n e T T a b M in W id t h d e s c rib e s m in im a l w id t h in Install add-ons only from authors whom you trust. p ix e ls o f t h e P a n e l ta b s in s id e d ie P a n e l B a r w h e n t h e r e is n o t e n o u g h M a liciou s software can d a m a g e y o u r c o m p u te r o r violate y o u r privacy. h o r iz o n ta l s p ace . Y o u have asked to install the fo llo w in g item : F b g (Ath rnot vrifie ) ire u uo e d ‫׳‬ ‫׳‬ https://addons.m ozilla.org/firefox/dow nloads/latest/ 1 4 / a d d o n -1 4 -latest.xpi7 8B 83 src: Install N o w Cancel F I G U R E 8 .6: W i n d o w s S e r v e r 2 0 1 2 — A p p s 7. O n c e th e F ir e b u g A d d - O n is in s ta lle d , i t w ill a p p e a r as a grey colored bug o n th e N avig atio n T o o lb ar as h ig h lig h te d in th e f o llo w in g s c re e n s h o t m s h o w F ir s t R u n P a g e s p e c ifie s w h e t h e r t o s h o w th e firs t r u n p a g e . [s Firebug:: Add-ons for Firefox 1 1 ft Mozilla Corporation (US) http5://addon5.mozilla.o_______ C t ^ Google________ f i ‫ ־‬t‫־‬ f D F I G U R E 8 .7: W i n d o w s S e r v e r 2 0 1 2 — A p p s 8. 9. C lic k th e Firebug ic o n to v ie w th e F ir e b u g p a n e . C lic k th e Enable lin k to v ie w th e d e ta ile d in fo r m a t io n f o r C o n s o le p a n e l. P e r f o r m th e sa m e fo r th e S c r ip t , N e t , a n d C o o k ie s p a n e ls m T h e c o n s o le p a n e l o ffe rs a Ja v a S c r ip t c o m m a n d l i n e , lis t s a ll k in d s o f m e s s a g e s a n d o f fe r s a p r o f ile r fo r Ja v a S c rip t c o m m a n d s. CEH Lab Manual Page 58 Ethical Hacking and Countermeasures Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited.
  • Module 02 - Footprinting and Reconnaissance 10. E n a b lin g th e C o n s o le p a n e l d is p la y s a ll th e re q u e s ts b y th e p a g e . T h e o n e h ig h lig h te d m T h e C S S panel 11. 111 111 th e s c re e n s h o t is th e H eaders ta b th is la b , w e h a v e d e m o n s tra te d h tt p :/ / w w w .m ic r o s o ft .c o m m a n ip u la t e s C S S r u le s . I t o f f e r s o p t i o n s f o r a d d in g , e d it in g a n d r e m o v in g C S S 12. T h e H eaders ta b d is p la y s th e R e s p o n s e H e a d e r s a n d R e q u e s t H e a d e rs b y d ie w e b s ite s t y le s o f d i e d i f f e r e n t f i le s o f a p a g e c o n ta in in g C S S . I t C $1 a ls o o f f e r s a n e d it in g m o d e , ‫ ־‬r‫ ־‬r^» -x P * D- * ‫־‬ * ‫י‬U 9| ‫״יי‬ i n w h i c h y o u c a n e d it th e W e lc o m e t o M ic ro s o ft c o n t e n t o f d i e C S S f i le s d i r e c t l y v i a a t e x t a r e a .. 3cw rJoa41 Sccunty Support Bjy .‫״‬ fi [m m r» | mm im vn U pi tiM M t laotM t o M * | *I | Cnori Mn«)1 n D fc ebug nf» C o e o ta i • * » ‫^ ן ששש‬ UUf F I G U R E 8 .9 : W i n d o w s S e r v e r 2 0 1 2 — A p p s 13. S im ila r ly , th e re s t o f th e ta b s 111 th e C o n s o le p a n e l lik e Param s. Response, HTM L, a n d C ookies h o ld im p o r ta n t in f o r m a t io n a b o u t th e w e b s ite m T he H T M L panel d is p la y s d ie g e n e r a t e d 14. T h e H T M L p a n e l d is p la y s in f o r m a t io n s u c h as s o u rc e c o d e , in t e r n a l U R L s o f th e w e b s ite , e tc . H T M L / X M L o f d ie c u rre n d y o p e n e d page. It P H D ’ d if fe r s f r o m d ie n o r m a l * s o u rc e c o d e v ie w , b e cau se Welcome to Microsoft i t a ls o d is p la y s a ll m a n ip u la t io n s o n th e D O M P0u - 4 ct£ D nloads Secisity ow Suppcrt Buy tre e . O n t h e r ig h t s id e i t s h o w s t h e C S S s t y le s d e fin e d f o r d ie c u r r e n d y < ‫־‬ | m - (..«O Nl M u j S**D Mr . s e le c t e d ta g , d ie c o m p u t e d s t y le s f o r i t , l a y o u t in fo r m a t io n a n d d ie D O M v a r ia b le s a s s ig n e d t o i t in d if fe r e n t tab s. • US, • a»L Lu.-t it* nUMUtUittt F I G U R E 8 .1 0 : W i n d o w s S e r v e r 2 0 1 2 — A p p s 15. T h e N e t p a n e l s h o w s th e R equest s ta rt a n d R equest phases s ta rt and elapsed tim e re la tiv e to th e R equest s ta rt b y h o v e r in g th e m o u s e c u rs o r CEH Lab Manual Page 59 011 th e T im e lin e g ra p h f o r a re q u e s t Ethical Hacking and Countermeasures Copyright © by EC-Council All Rights Reserved. Reproduction is Stricdy Prohibited.
  • Module 02 - Footprinting and Reconnaissance N e t P a n e l 's p u r p o s e is to m o n it o r H T T P tr a ff ic in it ia t e d b y a w e b p a g e a n d p r e s e n t a ll c o lle c t e d a n d c o m p u te d in fo r m a t io n to d i e u s e r . I t s c o n t e n t is c o m p o s e d o f a lis t o f e n t r ie s w h e r e e a c h e n t r y re p re s e n ts o n e re q u e s t/ re s p o n s e ro u n d t r i p m a d e b y d i e p a g e .. F I G U R E 8 .1 1 : W i n d o w s S e r v e r 2 0 1 2 — A p p s 16. E x p a n d a re q u e s t in th e N e t p a n e l to g e t d e ta ile d in f o r m a t io n o n P a r a m s , H e a d e r s , R e s p o n s e , C a c h e d , a n d C o o k ie s . T h e s c re e n s h o t th a t fo llo w s s h o w s th e C a c h e in f o r m a t io n ^ ^ ;» 1 T S c r ip t p a n e l d e b u g s 1 ------------ M c i l ‫•; ־‬ojw fi'■ft D * - Ja v a S c r ip t c o d e . T h e re fo re Welcome to Microsoft d ie s c r i p t p a n e l in t e g r a t e s a ‫•,׳‬odwtj p o w e r f u l d e b u g g in g t o o l fcwnbads S u ec rity S upport b a s e d o n f e a t u r e s li k e M d if f e r e n t k in d s o f b r e a k p o in t s , s te p - b y - s te p . • • .!‫ו•־‬ r •: ‫י‬ v ■ 1. 1 ‫■י‬ .. e x e c u t io n o f s c rip ts , a d is p la y f o r th e v a ria b le • UI s ta c k , w a t c h e x p r e s s io n s • UT 4u«PMu4>l a n d m o r e .. »C» 11 1 .A UN :0‫>׳‬ nxWtnMM• 11‫* ׳‬tuam iM i w₪m₪₪₪₪₪₪₪w₪₪₪mM ₪₪₪₪w₪₪₪₪w₪a ₪₪^ ^ 11 ‫־‬ *••MX. IfWm Kfifw■• |<««M C U • m trJ z z “1 ‫ ״י™״‬a*M1 “‫• י‬r~ r 0 nC‫1 • 0׳‬ ‫״״׳‬ 4 u m w luriJSK'i-MiMo. a i vucu.1ra.M MX.il m 1 1 J ™ <jnoe*ofU «n . .‫.״‬j‫™.•*־.־‬ F I G U R E 8 .1 2 : W i n d o w s S e r v e r 2 0 1 2 — A p p s 17. E x p a n d a re q u e s t in th e C o o k ie s p a n e l to g e t in f o r m a t io n o n a c o o k ie V a lu e , R a w d a ta , ] S O N , e tc . W c lc o m c t o M icro so ft (*‫ ־‬d c O w i S u • u t• ew oM *c 1‫׳‬ty S p rt B y ea o u E x p o r t c o o k ie s fo r d i i s s it e - e x p o r t s a ll c o o k ie s o f d ie c u r r e n t ft• Coobn* Fto ‫־‬ Cjk ti* U.ictt ccciic-.) ‫־‬ w e b s i t e a s t e x t f i le . T h e r e f o r e d ie S a v e as d i a l o g is o p e n e d a l l o w i n g y o u t o s e le c t d ie p a t h a n d c h o o s e a n a m e fo r th e e x p o r t e d f ile . F I G U R E 8 .1 3 : W i n d o w s S e r v e r 2 0 1 2 — A p p s CEH Lab Manual Page 60 Ethical Hacking and Countermeasures Copyright © by EC-Council All Rights Reserved. Reproduction is Stricdy Prohibited.
  • Module 02 - Footprinting and Reconnaissance Note: Y o u c a n h n d in f o r m a t io n re la te d to th e C S S , S c r ip t , a n d D O M p a n e l 011 th e r e s p e c tiv e ta b s . Lab Analysis C o lle c t in fo rm a tio n su c h as in te r n a l U R L s , c o o k ie d e ta ils , d ir e c to ry s tm e tin e , s e ssio n ID s . e tc . fo r d iffe r e n t w e b s ite s u s in g F ire b u g . T o o l/ U t ilit y In f o r m a t io n C o lle c t e d / O b je c t iv e s A c h ie v e d S e r v e r o n w h ic h t h e w e b s it e is h o s t e d : M ic r o s o f t —IIS / 7 .5 D e v e lo p m e n t F r a m e w o r k : A S P . N E T H T M L S o u r c e C o d e u s in g Ja v a S c r ip t , j Q u e r y , Ajax F ir e b u g O t h e r W e b s it e In f o r m a t io n : ■ In t e r n a l U R L s ■ TA LK TO D ir e c t o r y s tru c tu re ■ P LE A S E C o o k ie d e ta ils ■ S e s s io n ID s Y O U R IN S T R U C T O R IF Y O U R E L A T E D TO T H IS LAB. H A V E Q U E ST IO N S Questions 1. D e te r m in e th e F ir e b u g e r r o r m e s s a g e th a t in d ic a te s a p ro b le m . 2. A f t e r e d itin g p a g e s w it h in F ir e b u g , h o w c a n y o u o u tp u t a ll th e c h a n g e s th a t y o u h a v e m a d e to a s ite 's C S S ? 3. 111 th e F ir e b u g D O M p a n e l, w h a t d o th e d if f e r e n t c o lo r s o f th e v a r ia b le s m ean? 4. W h a t d o e s th e d if f e r e n t c o lo r lin e in d ic a t e 111 th e T im e lin e re q u e s t in th e N e t p a n e l? In t e r n e t C o n n e c t io n R e q u ir e d 0 Yes P la t f o r m 0 CEH Lab Manual Page 61 □ N o D iL a b s S u p p o rte d C la s s r o o m Ethical Hacking and Countenneasures Copyright © by EC-Council All Rights Reserved. Reproduction is Stricdy Prohibited.
  • Module 02 - Footprinting and Reconnaissance Mirroring W ebsites Using the HTTrack Web Site Copier Tool H T T rn c k W eb S ite C o p ie r is a n O fflin e h ron s e r u tility th a t a llo n ‫ ׳‬jo / / to don nload s a W o rld W id e W eb s ite th ro u g h th e In te rn e t to jo u r lo c a l d ire c to ry . Lab Scenario / Valuable information______ W e b s it e s e rv e rs s e t c o o k ie s to h e lp a u th e n tic a te th e u s e r it th e u s e r lo g s m 111 Test your knowledge sA s e c u re a re a o f th e w e b s ite . L o g in in f o r m a t io n is s to re d can to W eb exercise You W orkbook review e n te r and le a v e th e w e b s ite w ith o u t h a v in g 111 to a a c o o k ie s o th e u s e r re - e n te r th e sa m e a u th e n tic a tio n in f o r m a t io n o v e r a n d o v e r . have le a rn e d 111 th e p r e v io u s la b to e x tra c t in f o r m a t io n fr o m a w eb a p p lic a t io n u s in g F ir e b u g . A s c o o k ie s a re tra n s m itte d b a c k a n d f o r t h b e tw e e n a b r o w s e r a n d w e b s ite , i f a n a tta c k e r o r u n a u th o riz e d p e rs o n g e ts d a ta tra n s m is s io n , th e a tta c k e r c a n a ls o u se s e n s itiv e F ir e b u g c o o k ie to in f o r m a t io n can be se e w h a t Ja v a S c r ip t w a s 111 b e tw e e n th e in te r c e p te d . d o w n lo a d e d A 11 and e v a lu a te d . A tt a c k e r s c a n m o d ify a re q u e s t b e fo r e i t ’s s e n t to th e s e r v e r u s in g T a m p e r d a ta . I t t h e y d is c o v e r a n y S Q L o r c o o k ie v u ln e r a b ilit ie s , a tta c k e rs c a n p e r fo r m a S Q L in je c tio n a tta c k a n d c a n ta m p e r w it h c o o k ie d e ta ils o f a re q u e s t b e fo r e i t ’s s e n t to b ro w s e rs in t o th e s e rv e r. A tt a c k e r s s e n d in g s e n s itiv e c a n u s e s u c h v u ln e r a b ilit ie s in f o r m a t io n o ver in s e c u re to t r ic k c h a n n e ls . The a tta c k e rs th e n s ip h o n o f f th e s e n s itiv e d a ta f o r u n a u th o riz e d a c c e s s p u rp o s e s . T h e r e fo re , as a p e n e tr a tio n te s te r, yo u s h o u ld have an u p d a te d a n tiv ir u s p r o te c tio n p ro g ra m to a tta in In t e r n e t s e c u rity . 111 tin s la b , y o u w ill le a r n to m ir r o r a w e b s ite u s in g th e H T T r a c k W e b S ite C o p ie r T o o l a n d as a p e n e tr a tio n te s te r y o u c a n p r e v e n t D - D o S a tta c k . Lab Objectives T h e o b je c tiv e o f tin s la b is to h e lp s tu d e n ts le a rn h o w to m ir r o r w e b s ite s . Lab Environment T o c a n y o u t th e la b , y o u n e e d : CEH Lab Manual Page 62 Ethical Hacking and Countenneasures Copyright © by EC-Council All Rights Reserved. Reproduction is Stricdy Prohibited.
  • Module 02 - Footprinting and Reconnaissance ■ & Tools dem onstrated in this lab are available in D:CEHToolsCEHv 8 Module 02 Footprinting and Reconnaissance W e b D a ta E x tr a c to r lo c a te d a t D:CEH-ToolsCEHv 8 Module 02 Footprinting and R eco n n aissan ceW eb site Mirroring T oo ls H T T ra c k W eb site C opier ■ Y o u c a n a ls o d o w n lo a d th e la te s t v e r s io n o f H T T ra c k W eb S ite C opier fr o m th e lin k h t t p :/ / w w w .h tt r a c k .c o m / p a g e / 2 / e n / 111d e x .h tm l ■ I f y o u d e c id e to d o w n lo a d th e la te s t v e r s io n , th e n 111 screen sh ots s h o w n th e la b m ig h t d if f e r W izard driven in s ta lla tio n p ro c e s s ■ F o llo w th e ■ T in s la b w ill w o r k 111 th e C E H la b e n v ir o n m e n t - o n W indow s S erver 2 0 1 2 . W indow s 8 , W indow S erver 2 0 0 8 , a n d W indow s 7 ■ T o r u n t liis t o o l A d m in is t r a t iv e p r iv ile g e s a re re q u ire d Lab Duration T im e : 10 !M in u te s Overview of Web Site Mirroring W i n H T T r a c k arran g e s t h e o r i g i n a l s it e 's r e l a t i v e lin k - s t r u c t u r e . Web mirroring a llo w s y o u to d o w n lo a d a w e b s ite to a lo c a l d ir e c to r}7 b u ild in g , re c u rs iv e ly a ll directories. HTML, images, flash, videos, a n d o d ie r h ie s fro m d ie s e rv e r to y o u r c o m p u te r. Lab Tasks 1. T o la u n c h th e S ta rt m e n u , h o v e r th e m o u s e c u r s o r in th e lo w e r - le ft c o r n e r o f th e d e s k to p | | W in d o w s Server 2012 W intioMS ivm201? ReleaseCandidate DaUcMt 1 o ___________________E/dualicncopy. Buid 840! T O ‫ ד5ז‬W ■ F I G U R E 9 .1: W i n d o w s S e r v e r 2 0 1 2 — D e s k t o p v i e w 2. W i n H T T r a c k w o r k s as a c o m m a n d - lin e p r o g r a m S ta rt m e tr o a p p s , c lic k W in H TT rack to la u n c h th e a p p lic a d o n W in H TT rack 111 th e o r d ir o u g h a s h e ll f o r b o d i p r iv a te (c a p tu r e ) a n d p r o f e s s io n a l (o n - lin e w e b m ir r o r ) u se . CEH Lab Manual Page 63 Ethical Hacking and Countermeasures Copyright © by EC-Council All Rights Reserved. Reproduction is Stricdy Prohibited.
  • Module 02 - Footprinting and Reconnaissance A m is a r ^ d in tr to Start Windows PowiefShe! UirvvjM Adm intstf... Tools Path Mozila copyng Pro 2.7 rL W & © Ccrpuw T ask Jjpor.V Hyp«‫־‬V Virtual Machine... 11 4 Command Googb Chrcnie * e id a hfitcHy.trt rwrirv■ a C l a ■ — (**Up • a Coojfc tanti V Adobe Kcafler X WirHfTr.. webste J: T 1:T w r r F I G U R E 9 .2 : W i n d o w s S e r v e r 2 0 1 2 — A p p s J TAS K 1 3. 111 th e W in H T T r a c k m a in w in d o w , c lic k Mirroring a W ebsite File Preferences Mirror a Local Disk <D:> ^ £ DVD RW Drive <E:* E , . New Volume <F:> £ 7 N e x t to c re a te a N e w P ro ject iB I WinHTTrack Website Copier ‫[ ־‬New Project 1] Log V/indow Help Welcom to WinHTTrack Website C p e o ter! Please click onthe NEXTb tto to u n ra c k < 3ack Q u ic k ly u p d a te s | Neit ? w e b s it e c o p ie i | d o w n l o a d e d s it e s a n d J r e s u m e s in te r r u p te d d o w n lo a d s (d u e to F IG U R E c o n n e c t io n b re a k , c ra s h , e tc .) 4. E n t e r th e 9 .3 : H T T r a c k W e b s i t e C o p i e r M a i n W i n d o w p ro ject nam e 111 th e to s to re th e c o p ie d file s . C lic k CEH Lab Manual Page 64 P ro ject nam e h e ld . S e le c t th e B a s e p a th Next Ethical Hacking and Countermeasures Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited.
  • Module 02 - Footprinting and Reconnaissance WinHTTrack Website Copier • [New Project 1] H File & ) W i z a r d t o s p e c ify w h ic h _og Window 1+ J Local Disk <0 13 l j L CI Disk < :> 03 D 1 -1 =' ‫ו ׳י‬ Help '‫־י‬ New project name. | ]eg Project Project category | | D D P.A Cnve <£:> V lin k s m u s t b e lo a d e d ( a c c e p t / r e f u s e : l i n k , a ll M r irro Preferences 1Si c i N*‫ *״‬Yoiume < ^;> -hfo d o m a in , a ll d ir e c t o r y ) Nw ro c e p jet Base p th a; t:NVWebSles <£ock 1 ..| | Not > | Ccnccl | Help | KU JM F IG U R E 5. E n te r 9 .4 : H T T r a c k W e b s i t e C o p i e r s e l e c t i n g a N e w P r o j e c t w w w .c e rtifie d h a c k e r.c o m u n d e r W eb A ddresses: (URL) a n d th e n c lic k th e S et options b u tto n WinHTTrack Website Copier ‫[ ־‬Test Projectwhtt] File £reterences ‫־:״‬ V1ndov Help - B i j . local Disk <C> B L CEH-Took S MrTcrirg Mode Enter addresses) in URL box T im e o u t a n d m in im u m , Irtel (fj | NfyWebSitc* | j ^ Jfi Program fil«c i S i. Program hies xto) tra n s fe r ra te m a n a g e r to a b a n d o n s l o w e s t s it e s j U, l€ J 55 4 | Dowrioddweb e( ) Web Addr*«t#«: (URL) Sl i . Windows L .Q NTUSERDAT B , , Local D lr < ‫>־‬ < D ‫ א‬cortfiodhackor.comI DVD RW Dn/e < E:> ₪ New '/olume < F:> FWcrerccs ord r 3 ^ F IG U R E D o w n l o a d i n g a s it e c a n 9 .5 : H T T r a c k W e b s i t e C o p i e r S e l e c t a p r o j e c t a n a m e t o o r g a n i z e y o u r d o w n l o a d o v e d o a d it, i f y o u h a v e a fa s t p ip e , o r i f y o u c a p tu r e 6. C lic k in g th e S et options b u tto n w ill la u n c h th e W in H T T ra c k w in d o w t o o m a n y s im u lta n e o u s c g i (d y n a m ic a lly g e n e ra te d pages) CEH Lab Manual Page 65 7. C lic k th e Scan Rules ta b a n d s e le c t th e c h e c k b o x e s f o r th e t ile ty p e s as s h o w n in th e f o llo w in g s c re e n s h o t a n d c lic k OK Ethical Hacking and Countermeasures Copyright © by EC-Council All Rights Reserved. Reproduction is Stricdy Prohibited.
  • Module 02 - Footprinting and Reconnaissance H * WinHTTrack M IM E types Proxy | Browser ID | S ca n Rules | ] Limits | | Log, Index. C a c h e R ow Control | Links ] | Experts Only Build | Spider U w c rd toe c d o in lu eU Lso lin s se ild a s x lu e r c d R r k. Y uc np tse e l sc ns g o th s m lin . o a u v ra a trin s n e a e e U s a sa s p ra rs se p ce s e a to . E a p : +z - w .* o - w .*e uc i- in*c i x mle * ip w w .c m w w d / g b /. g m F i l e n a m e s w i t h o r ig in a l s t r u c t u r e k e p t o r s p lit t e d m o d e Cone h t m l fo ld e r , a n d o n e i m a g e f o l d e r ) , d o s 8 -3 f ile n a m e s o p t i o n a n d u se rd e fin e d s tru c tu re T : T h veA G file in lu e ,u es mth glik + w .s mwb o /1 if. ip o a LL IF s c d d s o e in e w w o e e .c m’.g (+.g I - ifw in lu e e c d A G fr m LLs s * if “g ill c d / x lu e LL IFs o A ite ) OK F IG U R E S3 H T M L p a r s in g a n d ta g Cancel Hlp e 9 .6 : H T T r a c k W e b s i t e C o p i e r S e l e c t a p r o j e c t a n a m e t o o r g a n i z e y o u r d o w n l o a d T h e n , c lic k a n a ly s is , in c lu d in g N ext ja v a s c r ip t c o d e / e m b e d d e d WinHTTrdck Website Copier ‫( ־‬Test Project.whtt] H T M L code File Preferences Mrror ‫״‬cq a - j^ Local Dsk <C:> 0 ^ CEH-Tooli Window Help ‫־‬M irroring Mode - & 1 dell Enter adJress(es)inURLb x o B inetpub ! £ - j, Intel )I ^) ,i; MyV/d)Sites j £} Program Files . j Program files (x86) I il--± Uscr ₪ j. Windows j L Q NTfStRDAT £] u Local Disk < ‫־‬ D> 51 ^ Download web ste(s) V/ob Addresses: (URL) a certr'iedtacker.c ‫׳‬ DVD RW Drive < E;> S i - New Volume < F;> Pnefererces and mrroroptions: ..I F IG U R E 9. Q P r o s y s u p p o rt to 9 .7 : H T T r a c k W e b s i t e C o p i e r S e l e c t a p r o j e c t a n a m e t o o r g a n i z e y o u r d o w n l o a d P lease adjust connection p a ra m e ters if n ecessary, then press F IN IS H to launch th e m irroring o peration B y d e fa u lt, th e r a d io b u tto n w ill b e s e le c te d f o r m a x im iz e s p e e d , w it h o p t io n a l a u t h e n t ic a t io n CEH Lab Manual Page 66 10. C lic k Finish to s ta rt m ir r o r in g th e w e b s ite Ethical Hacking and Countermeasures Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited.
  • Module 02 - Footprinting and Reconnaissance WinHTTrack Website Copier - [Test Projeciwhtt] File C D T h e t o o l lia s in t e g r a t e d D N S c a c h e a n d n a t iv e Preferences Mirror j ||j Window Help Local Disk « J> CEH Tool: j 0‫־‬J dl ■d t : Si j, j Si I Si j. ₪ netpub me! M/V/ebSites Program Files j h ttp s a n d ip v 6 s u p p o r t .og Program F les (x80) Remcte conncct‫־‬ Connect to this provider ‫פ‬ | Do not use rem access connection ote V D nectw enfnished iscon h 0 j. J503 ■ i ra >. Windows V Shutdaivn PC when fnished L - Q NTUStRXIAT S x a i Local Dklc <[>> Onhdd DVD F.V Crive <E;> b New Vo umc <R> 3 Tron3lcr schcdulod lor (hh/ r r r C Save *tilings only do not lajrch download n F IG U R E 9 .8 : H T T r a c k W e b s i t e C o p i e r T y p e o r d r o p a r i d d r a g o n e o r s e v e r a l W e b a d d r e s s e s C D H T T r a c k c a n a ls o u p d a t e a n e x is tin g m ir r o r e d s it e a n d r e s u m e i n t e r r u p t e d d o w n l o a d s . H T T r a c k is fu lly c o n fig u r a b le b y o p t i o n s a n d b y filte r s 11. S ite m ir r o r in g p ro g re s s w ill b e d is p la y e d as H 111 th e f o llo w in g s c re e n s h o t x‫ז‬ Site mirroring in progress [2/14 ( ■! 32794 ,(13‫ ־‬S bytes] ‫[ ־‬Test Project.whtt] File preference: Miiro‫ ־׳‬Log Window Help P■ Local D is k < > ^ C : ₪ X CEH-Tods j B -Jj del Inform atbn ‫ ש‬J . ■netpub j 0 ^ lnl t e | 0 M MyWcbSitcs I ‫ ■ן.ן‬J1 Program Files ~ Q ‫|׳‬ Progrom Files (»86) I ra i . Users j 0 1 Windows ~ j j NTUSFR.DAT y - g Local Diik<0:> Bytes saved Tim : © Transfer rate: Active connection#‫׳‬ 320.26K1B 2rrin22j OB/S (1.19KB/S) 1 Urks scanned: -l«e wrtten: ‫*־‬es updated “ ‫״״‬ 2/14(♦ 13) 14 0 0 W }Actions:] scanning www cotifedhacker conv)s 1■ 1 ------1 I SKIP SKIP SKIP SKIP 1 1 1 1 1 1 1 1 1 1 1 1 1 DVD RW DrK* <E > : B r j Nevr Volume <F:> -KIP SKIP SKIP SKIP SKIP SKIP SKIP SKIP SKIP 1 1 1 1 1 1 1 1 1 J Lsz C D F ilt e r b y file ty p e , lin k F IG U R E H elp | 9 .9 : H T T r a c k W e b s i t e C o p i e r d i s p l a y i n g s it e m i r r o r i n g p r o g r e s s lo c a t io n , s tru c tu re d e p th , f i l e s iz e , s it e s iz e , a c c e p t e d o r r e f u s e d s it e s o r f i l e n a m e (w it h a d v a n c e d w ild c a r d s ).. CEH Lab Manual Page 67 12. W in H T T r a c k s h o w s th e m e s s a g e M irroring operatio n c o m p le te o n c e th e s ite m ir r o r in g is c o m p le te d . C lic k B row se M irrored W eb site Ethical Hacking and Countermeasures Copyright © by EC-Council All Rights Reserved. Reproduction is Stricdy Prohibited.
  • Module 02 - Footprinting and Reconnaissance Site mirroring finished! •[Test Project.whtt] File Preferences Mirror .og Window 3 j* . Local Disk <C> E CEH-Tools Mrroring operation ccmplctc C kEitt qit1 n T r c. lfc x o u / HTa* V S eOf!fe )tre e s ytoe s r thte e th isO. e g (s c s a nue a v r/ rg K Intel ; M (MyWebSiles | 0 I Program Files Q O p t i o n a l l o g f i le w i t h e r r o r - lo g a n d c o m m e n t s lo g . Help Tharks for using WinHTTrack1 j 0 Program F les (x80) I J t Usen i g| j. •Vndow; 1 Q NTUSBUJAT |- a ^ [ij ‫״‬ Local Disk < .> [> DVD RW Crive <h> Nev/Voumc <F:> B o M dW b rcw o rrcro o aitc MM U F IG U R E 13. C lic k in g th e 9 .1 0 : H T T r a c k W e b s i t e C o p i e r d i s p l a y i n g s it e m i r r o r i n g p r o g r e s s B row se M irrored W e b s ite b u tto n w ill la u n c h th e m ir r o r e d w e b s ite f o r w w w .c e r t 1fie d h a c k e r .c o m . T h e U R L in d ic a te s th a t th e s ite is lo c a te d a t th e lo c a l m a c h in e Note: I f th e w e b p a g e d o e s n o t o p e n f o r s o m e re a s o n s , n a v ig a te to th e C ] U s e b a n d w id t h lim it s , c o n n e c t i o n l i m i t s , s iz e lim it s a n d t im e lim it s d ir e c to r }‫ ־‬w h e r e y o u h a v e m ir r o r e d th e w e b s ite a n d o p e n in d e x .h tm l w it h a n y w e b b ro w s e r Downloads and support Downbacfe Ask‫־‬questions fecole re l a w» < ‫■!׳‬tiv• Mr ‫יזיי‬ Help and how-to hM t E nw jplxe‫־‬ acen 1 ed w «n th 9< u ^ < e M xrovo (imnuMli fl S ecurity a n d updates (S) “‫“**־‬ b!r«an V _ V Ch»tl 1tIftaMM iK , c tttO F IG U R E 9 .1 1 : H T T r a c k W e b s i t e C o p i e r M i r r o r e d W e b s i t e I m a g e 14. A f e w w e b s ite s a re v e r y la rg e a n d w ill ta k e a lo n g tim e to m ir r o r th e C□ D o n o t d o w n lo a d to o c o m p le te s ite la r g e w e b s it e s : u s e filte r s ; t r y n o t t o d o w n lo a d d u r in g w o r k in g h o u rs 15. I f y o u w is h to s to p th e m ir r o r in g p ro c e s s p r e m a tu r e ly , c lic k th e 16. T h e s ite w ill w o r k lik e a CEH Lab Manual Page 68 C ancel in S ite m irroring progress w in d o w live hosted w e b s ite . Ethical Hacking and Countermeasures Copyright © by EC-Council All Rights Reserved. Reproduction is Stricdy Prohibited.
  • Module 02 - Footprinting and Reconnaissance Lab Analysis D o c u m e n t th e m irro re d w e b s ite d ire c to rie s , g e ttin g H T M L , im a g e s , a n d o th e r tile s. T o o l/ U t ilit y In f o r m a t io n C o lle c t e d / O b je c t iv e s A c h ie v e d H T T ra c k W eb ■ S it e C o p ie r P LE A S E TA LK O f f lin e c o p y o f th e w e b s ite w w w .c e r tif ie d h a c k e r .c o m is c re a te d TO Y O U R IN S T R U C T O R IF Y O U R E L A T E D TO T H IS LAB. H A V E Q U E ST IO N S Questions 5. H o w d o y o u r e tr ie v e th e file s th a t a re o u ts id e th e d o m a in w h ile m ir r o r in g a w e b s it e ? 6. H o w d o y o u d o w n lo a d ftp tile s / s ite s ? 7. C a n H T T r a c k p e r fo r m fo rm - b a s e d a u t h e n t ic a t io n ? 8. C a n H T T r a c k e x e c u te H P - U X o r I S O 9. H o w d o y o u g ra b a n e m a il a d d re s s 111 9 6 6 0 c o m p a tib le file s ? w e b p ag es? In t e r n e t C o n n e c t io n R e q u ir e d □ Yes P la t f o r m 0 CEH Lab Manual Page 69 0 N o S u p p o rte d C la s s r o o m 0 !L a b s Ethical Hacking and Countermeasures Copyright © by EC-Comicil All Rights Reserved. Reproduction is Stricdy Prohibited.
  • Module 02 - Footprinting and Reconnaissance Extracting a Company’s Data Using Web Data Extractor W eb D a ta E x tra c to r is u sed to e x tra c t targ e te d co m p a n j(s) co n tact d e ta ils o r d a ta such a s e m ails ; fa x , p h o n e th ro u g h w eb fo r resp o n sib le b ' b co m m u n icatio n . 2 Lab Scenario / Valuable information______ A tt a c k e r s c o n t in u o u s ly lo o k lo r th e e a s ie s t m e th o d T h e r e a re m a n y to o ls a v a ila b le w it h w h ic h to c o lle c t in fo r m a t io n . a tta c k e rs c a n e x tra c t a c o m p a n y ’s Test your knowledge 0 d a ta b a s e . O n c e th e y h a v e a c c e s s to th e d a ta b a s e , th e y c a n g a th e r e m p lo y e e s ’ sA W eb exercise th e in f o r m a t io n g a th e re d , th e y c a n s e n d s p a m e m a ils to th e e m p lo y e e s to f ill m W orkbook review e m a il a d d re s s e s a n d p h o n e n u m b e rs , th e c o m p a n y ’s in t e r n a l U R L s , e tc . W it h th e ir m a ilb o x e s , h a c k in t o th e c o m p a n y ’s w e b s ite , a n d m o d ify th e in t e r n a l U R L s . T h e y m a y a ls o in s ta ll m a lic io u s v ir u s e s to m a k e th e d a ta b a s e in o p e r a b le . A s a n e x p e rt pe n e tra tio n te s te r, y o u s h o u ld b e a b le to d u n k fr o m a n a tta c k e r ’s p e r s p e c tiv e a n d t r y a ll p o s s ib le w a y s to g a th e r in f o r m a t io n You s h o u ld be a b le to c o lle c t a ll th e co n fid en tial 011 organizations. inform ation of an o r g a n iz a tio n a n d im p le m e n t s e c u r ity fe a tu re s to p r e v e n t c o m p a n y d a ta le a k a g e . 111 tin s la b , y o u w ill le a r n to u s e W e b D a t a E x t r a c t o r to e x tra c t a c o m p a n y ’s d a ta . Lab Objectives T h e o b je c tiv e o f tin s la b is to d e m o n s tra te h o w to e x tra c t a c o m p a n y ’s d a ta u s in g Web Data Extractor. S m d e n ts w ill le a rn h o w to : ■ CEH Lab Manual Page 70 E x t r a c t M e t a T a g , E m a il, P h o n e / F a x f r o m th e w e b p a g e s Ethical Hacking and Countermeasures Copyright © by EC-Council All Rights Reserved. Reproduction is Stricdy Prohibited.
  • Module 02 - Footprinting and Reconnaissance & 7 Tools dem onstrated in this lab are available in D:CEHToolsCEHv 8 Module 02 Footprinting and Reconnaissance Lab Environment T o e a r n ’ o u t th e la b y o u n e e d : D :CEH-ToolsCEHv 8 M odule 02 Footprinting and R econ naissanceA dditional Footprinting ToolsW eb D ata E x tra c to r ■ W e b D a t a E x t r a c t o r lo c a te d a t ■ Y o u c a n a ls o d o w n lo a d th e la te s t v e r s io n o l W eb D ata E x tra c to r f r o m th e lin k h tt p :/ A v w w .w e b e x t r a c t o r .c o m / d o w n lo a d .h tm ■ I f y o u d e c id e to d o w n lo a d th e la te s t v e r s io n , th e n 111 ■ screen sh ots s h o w n th e la b m ig h t d if f e r T h is la b w ill w o r k in th e C E H la b e n v ir o n m e n t - 011 W indow s S erver 2 0 1 2 , W indow s 8 , W indow s S erver 2 0 0 8 . a n d W indow s 7 m W ’D E s e n d q u e r ie s to s e a r c h e n g in e s t o g e t m a t c h in g w e b s it e U R L s Lab Duration T im e : 10 M in u te s Overview of Web Data Extracting V V JD E w il l q u e r y 1 8 + p o p u l a r s e a rc h e n g in e s , e x t r a c t a ll m a t c h in g U R L s W e b d a ta e x tra c tio n is a ty p e o f in fo r m a tio n re trie v a l d ia t c a n e x tra c t a u to m a tic a lly u n s tru c tu re d o r s e m i- s tm c tu re d w e b d a ta so u rc e s 111 a s tru c tu re d m a n n e r. f r o m s e a r c h r e s u lts , r e m o v e d u p lic a t e U R L s a n d fin a lly v is it s th o s e w e b s it e s a n d Lab Tasks e x tra c t d a ta f r o m th e re 1. T o la u n c h th e S ta rt m e n u , h o v e r th e m o u s e c u r s o r in th e lo w e r- le ft c o r n e r o f th e d e s k to p F IG U R E ~ TAS K 1 Extracting a W ebsite CEH Lab Manual Page 71 2. 1 0.1: W i n d o w s 8 — D e s k t o p v i e w S ta rt m e n u , c lic k W eb D ata E x tra c to r to la u n c h th e a p p lic a tio n W eb D ata E x tra c to r 111 th e Ethical Hacking and Countermeasures Copyright © by EC-Council All Rights Reserved. Reproduction is Stricdy Prohibited.
  • Module 02 - Footprinting and Reconnaissance Start Admin A Q ■ Microsoft Office Picture... B m Microsoft OneNote 2010 a Microsoft Outlook 2010 s Microsoft PowerPoint 2010 D a Microsoft Publisher ?010 a a Microsoft Office ?010 Unguag... Snagit 10 ‫נ ם‬ 1 *oiigm m WDE - Phone, Fax H arvester module is designed to spider the w eb for fresh Tel, FAX numbers targeted to th e group th at you w a n t to m arket your product or services to V cw O * ‫* ׳יי‬ 181 * Mrt (iidNli nllilol) • e9am m * B ii 8i Mcrosoft 10 Organizer < 9 Microsoft Word ?010 Microsoft Office ?010 Upload... S tD te k n M ats a Microsoft Excel 2010 * fte ro Mozilb Firefox 3 <> a a AWittl h ■ * Antivirus R %/}. r ! Certificate for VBA_. M • & < Web Data Extractor Snagit 10 Editor Adobe Reader 9 Adobe ExtendSc Bl P X a UVf G bx a‫״‬w >- F I G U R E 1 0 .2 : W i n d o w s 8 — A p p s 3. W e b D a t a E x t r a c t o r ’s m a in w in d o w a p p e a rs . C lic k N e w to s ta rt a n e w s e s s io n — W e b D ata Extractor 8.3 File & I t h a s v a r io u s lim it e r s o f s c a n n in g r a n g e - u r l filt e r , p a g e te x t filt e r , View m New Help £ Qpen t? Sat tr Cur speed L$ess,on Meta tags Emails Phones Faxes 0 00 kbps Avg speed 0 00 kbps Stofi I Merged list Urls Inactive sites d o m a in filt e r - u s in g w h ic h y o u c a n e x tra c t o n ly th e URL processed 0 Sites processed 0/0. Tim 0 msec e: Traffic received 0 bytes lin k s o r d a ta y o u a c t u a lly n e e d fro m w e b pages, in s t e a d o f e x t r a c t in g a ll th e lin k s p r e s e n t t h e r e , as a r e s u lt , y o u c r e a t e y o u r o w n c u s t o m a n d ta r g e te d d a ta b a s e o f u r ls / lin k s c o lle c t io n F IG U R E C lic k in g 1 0 .3 : T h e W e b D a t a E x t r a c t o r m a i n w i n d o w N ew o p e n s th e Session settings w in d o w . T y p e a U R L rw w w .c e rt 1h e d h a c k e r.c o m ) H W e b D a ta E x tra c to r 111 d ie d ie c h e c k b o x e s fo r a ll th e o p tio n s as s h o w n 111 S tartin g URL h e ld . S e le c t th e s c re e n s h o t a n d c lic k OK a u t o m a t i c a l l y g e t lis t s o f m e t a - t a g s , e - m a ils , p h o n e a n d fa x n u m b e r s , e tc . a n d s to r e t h e m in d if fe r e n t fo rm a ts fo r fu tu re u se CEH Lab Manual Page 72 Ethical Hacking and Countermeasures Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited.
  • Module 02 - Footprinting and Reconnaissance Session settings Suc O it lns Fltr UL Ftr Tx Ftr Dt Pre Cneto ore f e k i e R ile: et ile: aa asr onci n ls Sac eg e Se/Det r /G us ULl erh nins it ircoy r p R i o Satn UL hp/ w.crifehce.cm tri g R t :/wwet i dakr o t Sidfi pe n <Rtieadp • er vl et : h OPoeseata onopgs r cs xc m t f ae u £ 3 F ix e d " S t a y w it h fu ll u d " a n d " F o l l o w o f fs it e 0 Jg ] wn R ’ fJU L th hp/ w. etiehce.cm t :/ww rif dakr o t c Save data Etat d aawb at micllysvdinh slet dloeuin CVfr a.Yucnsv dt in xrce dt i e u a a ae t e e ce ldr s g S o t o a ae aa ot m t edfrnfr amulyuin Sv blt n nh crepnin etatd aapg h ifeet o t a a s g ae uo o t e orsodg xrce dt ae m n Fldr CUesAm ou et eEtat rDtetf dakrcm o e :srd inDcm sWbxrco aacr1iehce o n ® x c Mt tg E tra t eaas @Etate as xrc ml i 0 Etatst bd xrc ie oy @Etatpoe xrc hns MEtatULa bs UL xrc R s ae R @Etatfxs xrc ae vl lin k s " o p t io n s w h ic h fa ile d f o r s o m e s it e s b e f o r e F IG U R E 6. C lic k 1 0 .4 : W e b D a t a E x t r a c t o r t h e S e s s i o n s e t t i n g w i n d o w ' S ta rt to in itia te th e d a ta e x tr a c tio n W e b Data Extractor 8.3 8 V New Ed* £ Qpen Sterl Sites processed 0/ 0 Tine: 0m sec m 1 stofi 1 Jobs 0 / [5 Cw speed 000kbps . 1 Avg speed 000kbps 1 URL processed 0 Trafflereceived 0bytes & It supports operation through proxy-server and w orks very fast, as it is able of loading several pages sim ultaneously, and requires very fe w resources. Powerful, highly targeted email spider harvester F IG U R E 7. 1 0 .5 : W e b D a t a E x t r a c t o r i n i t i a t i n g t h e d a t a e x t r a c t i o n w i n d o w s W e b D a t a E x t r a c t o r w ill s ta rt c o lle c tin g th e in f o r m a t io n (em ails, phones, fa x e s , e tc .). O n c e th e d a ta e x tr a c tio n p ro c e s s is c o m p le te d , a n In fo rm atio n d ia lo g b o x a p p e a rs . C lic k OK CEH Lab Manual Page 73 Ethical Hacking and Countermeasures Copyright © by EC-Council All Rights Reserved. Reproduction is Stricdy Prohibited.
  • Module 02 - Footprinting and Reconnaissance T=mn‫ ־‬tr W e b Data Extractor 8.3 9' £ Cdit Open Jobs |0 |/ [ir j O tort C speed ur. 0.00kbp: A‫״‬g. ®peed Ctofj 0.00 kbp* Session Meta tags (64) Em (6) Fhones(29) Faxes (2 ) M ails 7 erged list Urls(638) Inactive sites URL proressed 7 4 Site processed: 1/1. T e: 2:57 m im in Traffic received 626.09Kb ‫־‬ m Web Data Extractor has finished toe session. You can check extracted data using the correspondent pages. & M e ta T a g E x tra c to r m o d u le is d e s ig n e d t o e x t r a c t U R L , m e t a ta g (t id e , d e s c r ip t io n , k e y w o r d ) f r o m w e b - p a g e s , s e a r c h r e s u lt s , o p e n w e b d ir e c t o r ie s , lis t o f u r l s f r o m l o c a l f i le F IG U R E 1 0 .6 : W e b D a t a E x t r a c t o r D a t a E x t r a c t i o n w i n d o w s T h e e x tra c te d in f o r m a t io n c a n b e v ie w e d b y c lic k in g th e ta b s Web Data Extractor 8.3 m New 0 Qpen E< * ® ‫יין‬ Stop Jobs 0 / 5 Cu speec Avg speed Start Meta lags Emais Phones Faxes M erged list Urls 0 00kbps 0 00kbps I I Inactive sites Sites processed 0/0 T e: 0m 1 im sec Traffic received 0bytes F IG U R E S e le c t th e 1 0 .7 : W e b D a t a E x t r a c t o r D a t a E x t r a c t i o n w i n d o w s M e ta tag s ta b to v ie w th e U R L , T id e , K e y w o r d s , D e s c r ip t io n , H o s t , D o m a in , a n d P a g e s iz e in f o r m a t io n Web Data Extractor 8.3 File View EQ if you w a n t WDE to stay w ith in firs t page, ju s t s e le c t "Process First P age Only". A settin g of ”0" w ill process and look fo r d a ta in w h o le w e b s ite . A s e ttin g of "1" w ill process index or hom e page w ith asso cia ted file s under root dir only. Help u New E E« O ‫־‬r p © p Start Stop Jobs 0 j/ 5 C r. ipeed 0 0Japs u .C ■‫ס ״‬ ‫־‬ Avg. speed 0.C0 lops [ Sesson | Mcto tags G4) | E n (6] Phores (23) Faxes(27| M ed1t n afc erg s U (638) 1I5 Inactive sites B URL T itle K ord* eyw Descupticn H sto a Page 5 Page l oD m iz < M ://cett1 a:ke1 1 p edh c0 r»/Bec1 /1 1 _C jffy.h Your corrpany • eciDesdetail b rn keywads t A shat descrotion o you http://certf1 c m ‫/ 1/ ו8 שו‬ Fe$ ;h cken 1 h H o e f edhi c o 22 trtp //ccW1 eJk»-ke1co*1 /R«;i|jes/dppe_1 ;dket11l ,!‘ u uonpany • t1 o r Recipesdetail Su e keywuds 4 Asfwt (fescrption o you hU m f p.//cef(V co 1 1 7 /1 / iedMc m 0 4 22 h’tp://e*<ifi*dh*:k*tco«v/R*cip*«/Chick*n_with_b• Your eonrpary • R*cip*cd*Uil So ‫ ־‬k«ywadc 4 A sh rt d4ccrotio1‫ ׳‬o you hUp://c#rtfi*dh co 9 9 n!• • o f 1c m 5 4 /1 / 22 h‫־‬ tp://cettf1 edha:ke1co«v‫׳‬Recces/contact-u$.htm Your corrparv • ontact js So e kevwads 4 A shat descrbtion o you h :/ ce d <c m 5 2 l C m ‫־‬ f ttp / rtifio h c o 88 /1 / 22 o h‫־‬ tp://cetf1 edha:ke1co«r»/Recif:e$/honey_cake.hlm Your corrpany • l Recipesdetail So e keywads 4 A shat descrption o you http://certifiedhic m 9 5 m ‫־‬ f c 35 /1 / 22 h‫//: ־‬cetf1 tp edha:ke1com/RecifesAebob.N l m Your corrpany • ecipesdetail So e keywads 4 A shat descrbtion o you h ://certifiedhic m 8 9 R m ‫־‬ f ttp c o 37 /1 / 22 hup.//ce*rf«dhacketco«t/‫׳‬Rgcice3/1ncruhtm l Your corrpary • en M u So e keywads 4 A slot desciptiono you http m f ://certfied <c m 7 9 h co S0 /1 / 22 lvtp://ce*ifiedhoske1co«/n5ciee«/1ecipes.hlm l Your corrpary Recipe! So e kcywcidi 4 A sh rt descriptio o you hN ://ccrtficd <c m 1 7 m ‫ ־‬o n f p h c o 21 /1 / 22 9E3 5 ‫1/ר‬ htfp//c*‫־‬ifi* h :4 e eoiiv/Redpet/Chines^Peppe^Your corrpary • » dA c1 Recipesdetail ?om k6yv*‫־‬ » rds4‫־‬Ashcrt d*«e1 tio ofyou htlp//eerlifiedh; c ip n h!tp://ce‫1 ־‬ tf edha:ketco«v‫׳‬Recice$/!ancoori chcken Your c n a > • o rp a Recipesdetail So e kevwads 4 A shat descrbtion o vou h :// rtifie h c m 8 6 m ‫־‬ f ttp ce d <c o £2 /1 / 22 C0 h,tp://ce-tifiedha^e1cotv‫׳‬R2cipes/‫׳‬ecip etail.h Your corrpany • es-d tm Recipesdetail So e keywads 4 A shat descrption o you h :// rtifie h c m 1 8 4 /1 / m ‫־‬ f ttp ce d <c o 22 o 37 h!tp://cetifiedha:ke1co«v‫׳‬Socid M edia.'abcu s.h U ite• Together s Better(creat keyword:, orphia:Abcier descriptior o th :http://certifiedhi c m 1 2 4 /1 / t-u tm n f is 1 22 h tp U1ejha^etco«v‫׳‬R c1 1 ://ce‫־‬ 5 f:es/1 e -ca D t Your corrpany • en categorySo ekeywads 4 A shat descrotion o you http://certf1d < o 1 5 4 /1 / n ru teg fy.h M u m ‫־‬ f e h c1m 1 8 22 h!tp://cetifiedha*e1cor1/R5cipes/ecipes-:ategory.lYour corrpany ■ Recipescateg! So e keywads 4 A shat descrbtion o you http rtfied <c1m 1 4 1 /1 / m ‫־‬ f ://ce h o 25 22 h,tp:/‫׳׳‬cetifiedho;ketcom/Socid M cdio/so pleb g U m lo .I nite Together e Better(crcot keyw ord*, ofpho-Abod descriptior of U3 1h :/ ‫׳‬certifiedhi6 3 n■ ttp ‫/׳‬ i 1c2 9 /1 / 22 hitp7/ce‫־‬ hfie:t»rket com ocid M /S edia/sam plecorte U nite- Together t Better(creat keyw s ord;, o ph b r d r ra-A rie escrip n tio of Ih h ‫־‬ is ttp//certifiedhi c 2 4 co 1 1 3 /1 / m 22 h ://cetifiedhackeicon/Spciel Media.’sam :tp pleloain. h ://certifiedhi o 1 8 ttp c1m 4 9 /1 / 22 htp://cetifiedhackeicom jrbc M /iepngw htc /T ex . h :/ ttp /certfied <o 5 2 h c1m 2 7 /1 / 22 h‫־‬ tp://cetifiedha^etcom/Sxicl M edia.’sam pleporifc Unite• Together s Better(creat keyw ord?, o ph A b r descriptior of !h 1h :// rtifie h 1o 1 5 r ra: rie is ttp ce d <c m E2 9 /1 / 22 http://cethedhackeicom n th trees/b g tm U d th Trees /U der e lo .h l n er e h ttp://certifiedhi o 8 9 c1m £ 3 /1 / 22 frtp://cetifiedhacketconn/Under th trees/contact.ht U d !‫־‬th Trees e ne e h ://:ertried <cm 2 3 ttp h co S6 /1 / 22 1 1 1 1 1 1 1 1 2 / 2 1 1 1 1 1 1 1 1 1 1 1 1 F IG U R E 10. S e le c t 1 0 .8 : W e b D a t a E x t r a c t o r E x t r a c t e d e m a i l s w i n d o w s E m ails ta b to v ie w th e E m a il, N a m e , U R L , T it le , H o s t , K e y w o r d s d e n s ity , e tc . in f o r m a t io n re la te d to e m a ils CEH Lab Manual Page 74 Ethical Hacking and Countermeasures Copyright © by EC-Council All Rights Reserved. Reproduction is Stricdy Prohibited.
  • Module 02 - Footprinting and Reconnaissance Web Data Extractor 8.3 ‫י‬ £ NV 5» Edt 5 H! 0 n p5 Start e Jobs 0 / 5 1 C r speed 0C kfapt u M Avg. tpscd 0 Ckbps .0 Stofi | 1 1 Session M 095(64) | Enaih (6) |?hones |2 ) Fc«cs(27) M ed 1t U (G 3 Inactivesrei eta 9 erg s rls 3 ) E n il -a N arre con 0 jrite reapazinecsm cact runitv. con tact 1 1 tro re D rro« n sp .s‫״‬e n fo 5ale5@ Tt!o:p*ew f =c sdes 5 p 0t Lp‫־‬ su crt@ t‫־‬ pD n otprev e ub aalia@dis3r.con aalia co rtact@ cn D c m !> ap tt. o contact m WDE send queries to search engines to get matching w ebsite URLs. N ext it visits those matching w ebsites for data extraction. How many deep it spiders in the matching w ebsites depends on "Depth" setting of "External Site" tab URL T le fc H st o httpJ/cettifiedhackor.conv'Social M U it© T p tk isB3 (creat3c h :< cettified a ef.c ed n o e e* ttef ttp 7 h ck h :/ ce fied 3 er.ccrrv‫׳‬c0Dcrate‫־‬ ttD l/ !t1 h ck l( l‫//: ־‬ce‫1־‬e h c 5 o ttD tf d 3 k r.c rr1 ‫־‬ h ://ceitified 3 ttp h ckcr.co ‫'׳‬co o k m rp rate‫־‬ h .//ceitifiedh ttp 1 ackcr.com h ttp:J/cettifiedh ckerco / rp e3 mco cr^ k h < ttp /ce‫׳‬tifedhackercorr! h /cettified ack m lio P■o ttp^ h er.co /P-fo /ccn F lio http://cetifed acker.com h h ://co d :1 o n ‫׳‬Ro ttp !tifio h ck r.co Y ciposAoVou co‫ ־‬p ‫3 >׳‬ecpos r» a y Htp:7‫׳‬cetifodh:jck0r.c F IG U R E 11. S e le c t th e Ky od dnit Ky cc ewr s esy eivr s 0 0 0 0 1 0 .9 : W e b D a t a E x t r a c t o r E x t r a c t e d P h o n e d e t a i l s w i n d o w Phones ta b to v ie w th e in f o r m a t io n re la te d to p h o n e lik e P h o n e n u m b e r, S o u r c e , T a g , e tc . ‫^ד‬ ‫חד‬ Web Data Extractor 83 0 m g * % Open Start 9 1 St0Q | Jobs 0 / 5 C speed 0.00kbps ut. 1 Avg speed 000 kbos 1 j Session Metatags (64) Em (6) | Phenes (29)"| Faxes (2 ) M ails 7 erged list Urls (6 8 Inactive sites 31 Phone 1013853 802966 1013853 802966 1013853 802966 1?345659863? 1013853 802966 8 0 2 98 5 0 1 3 6 63 1 00 2 9 6 6 8 13853 18‫3 5 8 3 1 ש‬ 2966 1042 019 1091 5192 18‫6 6 9 21 ש‬ 3853 1 00 2 9 6 6 8 13853 1 00 2 9 6 6 8 13853 9 12 4 6 0 357 66587 62892 66587 62892 66587 62892 66587 62692 18‫3 5 8 3 1 ש‬ 2966 120 009 120 303 ‫זלל‬ ‫חל‬ ‫מ‬ ‫׳‬dace S 18 0139 66 -3-2-353 18 0139 66 -3-2-353 18 0139 66 -3-2-353 ♦ ?3 4 6 5 8 3 1 -5-$6? 18 0139 66 -3-2-353 801 39 8 6 0-2-853 18 01 3 9 6 6 - D- 2 - 3 5 3 1811396 6 -X-2-353 100-1492 1 0 19912 5 18 0139 66 -3-2-353 18 01 3 9 6 6 - D- 2 - 3 5 3 19X123 9 6 6 353 + 0123458 9 7 (6 5 5 -89 2 6 )2 6 7 (6 5 2 6 8 7 6 ) 5-52 Title H ost Keyw de Key / ords http://certifiedhacker.com /Online B o r> /a Onlne 300kina: Siterru http://certifiedhackef.c1 :> k a > http://certifiedhacker.com /Online B o u g bc Onlne Booking. Brows http://certifiedhackef.c1 :> * n / ‫־‬ http://certifiedhacker.com /Online B^oking/c* Onine Booking: C e l■http://certifiedhackef.c1 hc http7/certifiedhackef rom /Dnline Bsokinfl/ea Onine Booking Conta http7/eertifiedhaek« c! call http://certifiedhacker.com /Online B 0 g Onine Booking: Conta http://certifiedhackef.c1 5 k*> /c:* http://certifiedhacker.com /Online Bxjking/ca Onine Booking: Conta http://certifiedhackef.c1 call http://certifiedhacker.com nline Bookirtg/facOnine Booking: FAQ http://certifiedhackef.c1 /'O call http://certifiedhacker.com /Online Bx> king/p3 Onine 300king: S m http://certifiedhackef.c1 i ite < http://certifiedhacker.com /Online B > in / e Onine 300king: Searc http://certifiedhackef.c1 x k g$< http^/cortifiodhackor.convOnline B»oking/sei Onine Booking: Searc ht‫׳‬p://certifiedhackef.c! call http://certifiedhacker.com /Online B 0 in /se<Onine 300king: Searc http://certifiedhackef.c1 5k g http://certifiedhacker.com /Online Booking/tenOnfine Booking: Typoc http://certifiedhackef.c1 call http://ccrtificdhackcr.com /Onlinc B50 g/h l Onine D okin Hotel http://ccrtifiedhacka.ci kin D o g: call Phone h ://certifiedhacker.co /P-folio/cDntaclhtri P-Foio ttp m h ://certifiedhackef.c! ttp http://certifiedhacker.com /Real Estates/page: Professional Real Esta ht‘p://certifiedhackef.c! http://certifiedhacker.com /Real Eslates/pags: Professional Real Esta h :/ ttp//cerlifiedhackef.ci http://certifiedhacker.com /Real Estates/page: Professional Real Esta h ://certifiedhackef.c! ttp (6 0 5 -85 2 6 )2 6 7 http://certifiedhacker.com /Real Estates/page: Professional Real Esta h //certifiedhackef.c! ttp (660) 2 6 8 7 5-22 http://certifiedhacker.com /Real Estates/peg* Professional Real Esta h //certifiedhackef.c! ttp 1 8 0 1 3 9 6 6 call -3-2-353 http://certifiedhacker.com /'Social Media/sarrpUnite • Togetheris Bet h //certifiedhackef.c! ttp 102009 http://certifiedhacker.com /Under th treesTbcUndef lie Trees e h //certifiedhackef.ci ttp 132009 http://cert11 fedhacker.com /Under th trees/bc Undef tie I fees e h ://certifiedhackef.ci ttp 77 xrw •?Air I Irvfef Tit hr ■/ p p A r, H / p rtiK rlh rlf« > httrv/ (‫ * ־‬rlh rk / • rrifiA A A F IG U R E call call call 1 0 .1 0 : W e b D a t a E x t r a c t o r E x t r a c t e d P h o n e d e t a i l s w i n d o w 12. S im ila r ly , c h e c k fo r th e in f o r m a t io n under F a x e s, M e rg e d lis t , U r ls (6 3 8 ), In a c t iv e s ite s ta b s 13. T o s a v e th e s e s s io n , g o to CEH Lab Manual Page 75 File a n d c lic k Save session Ethical Hacking and Countermeasures Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited.
  • M odule 02 - Footprinting and R e co n n a issa n ce Web Data Extractor 8.3 ---- File| View Help Edit session Jobs 0 J / 5 C speed ur. Avg. speed Open session S«vc session ctti-s | s (29) Faxes (27) M erged list Urls (638 Inactive sites Delete sesson URL procesced 74 Delete All sessions Traffic received 626.09 Kb Start session Stop session Stop Queu ng sites bit S Save extracted fe links directly to disk file, so there is no limit in number of link extraction per session. It supports operation through proxy-server and works very fast, as it is able of loading several pages simultaneously, and requires very few resources F IG U R E 10.11: W e b D a ta E x tra c to r E x tra c te d P h o n e d etails w in d o w 14. Specify the session name in the Save session dialog box and click OK '1^1®' a ‫׳‬ Web Data Extractor 8.3 [File View Hdp m0 New £<*» p 1« Qpen Start I £ Stoc | Jobs [0 |/ C r. speed 0.0Dkbps u 1 Avg speed 00 kbps 3 1 Ses$k>r Meta tegs (64) Em (6) Phones (29) Faxes (27) M ails erged list Urls (638) Inactive sites f S*o piococcod 1 1. Tim 4:12 m e in URL pcocesied 74 Tralfic receded 626.09 Kb Save session ‫־ ־‬ ‫נ^ו‬ Please specify session nam e: F IG U R E 10.12: W e b D a ta E x tra c to r E x tra cte d P h o n e d etails w in d o w 15. By default, the session will be saved at D:UsersadminDocumentsWebExtractorData C E H Lab Manual Page 76 Ethical Hacking and Countermeasures Copyright © by EC-Council All Rights Reserved. Reproduction is Stricdy Prohibited.
  • M odule 02 - Footprinting and R e co n n a issa n ce L a b A n a ly s is Document all die Meta Tags, Emails, and Phone/Fax. T o o l/ U tility Information Collected/Objectives Achieved Meta tags Information: U R L, Title, Keywords, Description, Host. Domain, Page size, etc. Web Data Extractor E m a il Information: Email Address, Name, U R L, Title, Host, Keywords density, etc. Phone Information: Phone numbers, Source, Tag, etc. PLEASE TALK TO YOUR INSTRUCTOR IF YOU HAVE QUESTIONS RELATED TO THIS LAB. Q u e s t io n s 1. What does Web Data Extractor do? 2. H ow would you resume an interrupted session 111 Web Data Extractor? 3. Can you collect all the contact details of an organization? Internet Connection Required □ Yes 0 No Platform Supported 0 Classroom C E H Lab Manual Page 77 0 iLabs Ethical Hacking and Countermeasures Copyright © by EC-Council All Rights Reserved. Reproduction is Stricdy Prohibited.
  • M odule 02 - Footprinting and R e co n n a issa n ce I d e n tif y in g V u l n e r a b i li t i e s a n d I n f o r m a t io n D i s c l o s u r e s in S e a r c h E n g i n e s u s i n g S e a r c h D ig g ity /V aluable m ation___ form Test your know ledge *4 W exercise eb m W orkbookreview S a hDiggity is t eprimary attack to lof t eG o leHacking D gityProject It e rc h o h og ig is a MS Wind n GUIa pc tio thats r e a afro t- n t t elatestv r io s n os p li a n ev s s n e d o h es n of Diggity to ls G o le ig it , BingDiggity, Bing LinkFrom o : o g D gy Dom ainDiggity, C d S ac Dg ity DLPDiggity, FlashDiggity, Maina D g , Po/tSc n ig ity o eerh i g , re ig ity aD g , SHOD.4NDiggity, BingBina/yMalnareSearch, andNotlnMyBackYardDiggity. L a b S c e n a r io A n easy way to find vulnerabilities 111 websites and applications is to Google them, which is a simple method adopted by attackers. Using a Google code search, hackers can identify crucial vulnerabilities 111 application code stnngs, providing the entry point they need to break through application security. As an expert ethical hacker, you should use the same method to identify all the vulnerabilities and patch them before an attacker identities them to exploit vulnerabilities. L a b O b je c t iv e s The objective of tins lab is to demonstrate how to identity vulnerabilities and information disclosures 111 search engines using Search Diggity. Students will learn how to: H Tools demonstrated in this lab are available in D:CEHToolsCEHv8 Module 02 Footprinting and Reconnaissance C E H Lab Manual Page 78 ■ Extract Meta Tag, Email, Phone/Fax from the web pages L a b E n v ir o n m e n t T o carry out the lab. you need: ■ Search Diggity is located at D:CEH-ToolsCEHv8 Module 02 Footprinting and ReconnaissanceGoogle Hacking ToolsSearchDiggity Ethical Hacking and Countenneasures Copyright © by EC-Council A ll Rights Reserved. Reproduction is Stricdy Prohibited.
  • M odule 02 - Footprinting and R e co n n a issa n ce ■ ■ ■ You can also download the latest version of Search Diggity from the link http: / /www.stachliu.com/resources /tools /google-hacking-diggitvproject/attack-tools If you decide to download the latest version, then screenshots shown 111 the lab might differ Tins lab will work 111 the C E H lab environment - 011 Windows Server 2012. Windows 8. Windows Server 2008. and Windows 7 L a b D u r a tio n Time: 10 Minutes G o o g le D ig g ity is the p rim a ry G o o g le h ackin g O v e r v ie w o f S e a r c h D ig g it y to o l, u tiliz in g th e G o o g le JS O N / A T O M C u sto m S e arch A P I to id e n tify vu ln e ra b ilitie s and Search Diggity has a predefined query database that nuis against the website to scan die related queries. in fo rm a tio n d isclo su res v ia G o o g le searching. Lab T asks 1. T o launch the Start menu, hover the mouse cursor 111 the lower-left corner of the desktop F IG U R E 11.1: W in d o w s S e rve ! 2012—D eskto p view 2. 1 1 the Start menu, to launch Search Diggity click the Search Diggity 1 Launch Search Diggity A dm inistrator ^ S ta rt MMMger tools a Myp«‫־‬V f/anaqer *j m Command ‫?״‬ F" Google Chrome * Control Panel % Hyper V Vliiijol Machine.. 1 Vy»1hOt Adobe Reader X o g • T M ozilla Internet Informal). Services.. © ‫י‬ F IG U R E 11.2: W in d o w s Server 2012 — Start m enu C E H Lab Manual Page 79 Ethical Hacking and Countermeasures Copyright © by EC-Council All Rights Reserved. Reproduction is Stricdy Prohibited.
  • M odule 02 - Footprinting and R e co n n a issa n ce 3. The Search Diggity main window appears with Google Diggity as the default s s - . Q u e rie s — S e le ct ‫ה‬ G o o g le d ork s (search Aggr«$$M q u eries) yo u w ish to use in Wnja Google Custom sparer‫ ־‬ID: Create Queries scan b y ch eck in g Cautious r ‫ ח‬FS06 a p p ro p riate boxes. Category t □ GK>* Sutxsteqory search String Page Titfe l □ Q C iRibOfn l □ SharePoart 0»ggrty > Usioe > I ISLOONCW > f 1DLPOwty Initial * NonSWF seartfes & t ] FtashDggty ln©ai Google Status: Ready Download Progrss: Id« 0‫*.׳‬n Fo 1> F IG U R E 11.3: Search D im ity —M a in w in d o w 4. Select Sites/Domains/IP Ranges and type the domain name 111 the domain field. Click Add Ooton? CodeSearch S«rpl« MH0 Brng llnkfromDomniri DLP Flash Mnlwor# PortS«ar HorTnMyfi.vfcvird BingMnlwnr# | csf.o m ocm rC o Advanced I Quer*s ‫ נ‬nFD ‫ ׳‬S6 Category t Q GH06 > Subcategory Search Stnng _( Ca lr e S Korinn IjlT.Tll H ie d Page Ttie > □ GHDBRebom £ 0 D o w n lo a d JB u tto n — S e le ct (h ig h lig h t) on e o r m o re re su lts in th e results p ain , d ie n c lic k th is b u tto n to d o w n lo ad d ie search ? p SharePDtit Diggty > 12 SLD3 > □ sldbnew > r DLPDigg.ty Intial Flash MorrS'AF Seerches > t FFsDgIna > i hi t t l a gy i Selected Result re su lt file s lo c a lly to yo u r co m p u ter. B y d e fa u lt, d o w n lo ad s to D:D iggityD ow nloa d s. Gooqk* Slatuk: Reedy Download Protjrvvs: Id • < * F IG U R E 11.4: Search D im ity - Selecting Site s/D o m ain s/IP Ranges C E H Lab Manual Page 80 Ethical Hacking and Countermeasures Copyright © by EC-Council All Rights Reserved. Reproduction is Stricdy Prohibited.
  • M odule 02 - Footprinting and R e co n n a issa n ce m 5. The added domain name will be listed in the box below the Domain held Im p o rt B u tto n — Im p o rt a tex t file lis t o f d o m a in s / IP rang es to ^5 scan. E a c h q u ery w ill be Search Diggiiy File Codons |- I ‫ם‬ x Helo ru n ag ainst G o o g le w ith J s i t e : y o u r d o m a in n a m e . co m ap pended to it. r ~^eSeard1 SmuJe Bing LinkFromDomain Advanced | SU N DLP Flash MaHware PcriSczn HatfrMyBadcyard Settings | Query Appender * BingMalvsare Shodan Le. exanfie.ccrn <or> 1 8 192.100.1 2. 1 msm ---------------- Pro‫־״־־‬ |B * b microsoft.com [Remove] 9 I de ar Queries Hide fr 1!! F5PB Subcategory fr E: CHD6 Search String Page Title URL fr C GHDeReborr fr (v sfiarcPon: oqgkv fr (lJ S1DB fr □ SI06NEW fr IT OtPDlQqltY Iftlldl fr C Rash HanSMlF Searches Soloctod Result - (T RashDig^Ty inrtial 1 fr C SVVF Fk dng Generic fr □ SVVF Targeted 5eorches j * Google Status: Red Dotviihjad Progress: tzk! C?‫ ־‬n Fo.d‫־‬r F IG U R E 11.5: Search D ig g ity —D o m ain added 6. aa t a s k 2 Run Query against a website Now , select a Query Irom left pane you wish to run against the website that you have added 111 the list and click Scan Note: 1 1 this lab, we have selected the query SWF Finding Generic. Similarly, 1 you can select other queries to run against the added website "5 Seaich Diogity oodons CodeScarfr ‫םי ־י‬ x HdO Bing LirkfrornDomam DLP ,‫1י״‬ ■ ' Flash Malware PortScan HotiftMyflxIcyard Settings 1 . Caned Oownloac] Proxies SingMalwnre Shodan < .Q 1 fcfll1 <»> 12 6.192.100.1 1 1 microsort.com [Kcmove] lEOal 1 Clear Hide □ F‫ ־‬D 6 Category □ GHD6 Subcategory search string ps ge Title URL O GHDBRebom □ SharePoinl t>ggiy □ SLOB O SLDBNEW □ DIPDigjjty T rtio n l m W h e n scann in g is Selected Result □ Fiasf nodswf s«arch«s [ FiasjiDtggjty Initial_____ kicke d o ff, th e selected 117 SWF Prdr>g Gencric] q u e ry is ru n ag ainst the fr n SWF Targeted Searches co m p lete w eb site. boogie status: ReacJy Download Progress: :de holJt' F IG U R E 11.6: Search D ig g ity — Selecting query and Scanning C E H Lab Manual Page 8 1 Ethical Hacking and Countermeasures Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited.
  • M odule 02 - Footprinting and R e co n n a issa n ce m 7. The following screenshot shows the scanning process R e s u lts P a n e - A s scan ru n s, re su lts fo u n d w ill ^ x - Search Dignity b eg in p o p u latin g in th is w in d o w pane. LinkFromDomain 5n 33 r 1 PortScan ftotinM/Backyard AcS‫׳‬arced BingMalware S hodan > 128.192.100.1 Cancel rrecrosoft.com [Rer ove] Proxies Download | _________ _ | Ceai Hide □ F5D6 □ GHDB Cntegory Subcntegory Search String Page T*e URL * rttp ://vww.mKTO?ott.com/europe/home.swt □ GHOBRetoorr < F1a«hD1gg!ty ]m SWF Finding G exfcswt ste :mu Finland irrxrg l ‫ ח‬sliaroPoin: Digqty /napp01nt/flosh/Mapl'o1r1t FlastiDiggity ]m SWF Finding G ext:swt ste:m1< Start the Tour j http://vr//7v.rn1cr0xtt.com l < 5106 ‫ט‬ F-lastiDiaqity inn s w f Finding G oxt:swf s1 c:m1< cidc h«rc - mic -ttp:,7vwMm1cr0Mft.com/learn1nq/elcarr1nq/Dcmosl Z < t □ SLD6ICW ‫ם‬O ig Irta lOlYtli Pgt S« totted Result □ Tosh NonSWF Searches □ HashDtg^ty ustal (✓ SWF Finding G»rwr< m S im p le — Sim p le ■ □ SWF Targeted Search Not using Custom Swai 1> ID J Request Delay Interval: [0m5 120000ms]. Not using proxies Simple Scan Started. [8/7/2012 6:53:23 pm ! Found 70 results) for query: ext:sv.151te:m!crosoft.c0fn . search te x t b ox w ill a llo w yo u to ru n on e sim p le q u e ry at a tim e, in stead o f Google Status: Scanning.. Download Progress: t i t ' - Fo d~r r» u sin g th e Q u erie s ch eck b ox F IG U R E 11.7: Search D ig g ity— Scantling ill progress d ictio n arie s. All the URLs that contain the SW F extensions will be listed and the output will show the query results ca O u tp u t — G e n e ra l o u tp u t d e scrib in g the p rog ress o f th e scan and p aram eters used.. F IG U R E 11.8: Search D ig g ity - O u tp u t w in d o w L a b A n a ly s is Collect die different error messages to determine die vulnerabilities and note die information disclosed about the website. To o l/ U tility Search D igg ity C E H Lab Manual Page 82 Information Collected/Objectives Achieved Many error messages found relating to vulnerabilities Ethical Hacking and Countermeasures Copyright © by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited.
  • M odule 02 - Footprinting and R e co n n a issa n ce PLEASE TALK TO YOUR INSTRUCTOR IF YOU HAVE QUESTIONS RELATED TO THIS LAB. Q u e s t io n s Is it possible to export the output result for Google Diggity? If yes, how? Internet Connection Required 0 Yes □ No Platform Supported 0 Classroom C E H Lab Manual Page 83 □ !Labs Ethical Hacking and Countermeasures Copyright © by EC-Comicil A ll Rights Reserved. Reproduction is Stricdy Prohibited.