Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Module 2 Foot Printing


Published on

Published in: Technology
  • Be the first to comment

Module 2 Foot Printing

  2. 2. Objective <ul><li>Overview of the Reconnaissance Phase </li></ul><ul><li>Introducing Footprinting </li></ul><ul><li>Understanding the information gathering methodology of hackers </li></ul><ul><li>Comprehending the Implications </li></ul><ul><li>Learning some of the tools used for reconnaissance phase </li></ul><ul><li>FootPrinting steps </li></ul>
  3. 3. Defining Footprinting <ul><li>Footprinting is the blueprinting of the security profile of an organization, undertaken in a methodological manner. </li></ul><ul><li>Footprinting is one of the three pre-attack phases. The others are scanning and enumeration. </li></ul><ul><li>Footprinting results in a unique organization profile with respect to networks (Internet / Intranet / Extranet / Wireless) and systems involved. </li></ul><ul><li>An attacker will spend 90% of the time in profiling an organization and another 10% in launching the attack </li></ul>
  4. 4. Information Gathering Methodology <ul><li>Unearth initial information </li></ul><ul><li>Locate the network range </li></ul><ul><li>Ascertain active machines </li></ul><ul><li>Discover open ports / access points </li></ul><ul><li>Detect operating systems </li></ul><ul><li>Uncover services on ports </li></ul><ul><li>Map the Network </li></ul>
  5. 5. Unearthing Initial Information <ul><li>Commonly includes : </li></ul><ul><li>Domain name lookup </li></ul><ul><li>Locations </li></ul><ul><li>Contacts (Telephone / mail) </li></ul><ul><li>Information Sources : </li></ul><ul><li>Open source </li></ul><ul><li>Whois </li></ul><ul><li>Nslookup </li></ul><ul><li>Hacking Tool : </li></ul><ul><li>Sam Spade </li></ul>
  6. 6. Finding a Company’s URL & Info. <ul><li>Search for a company’s URL using a search engine such as </li></ul><ul><li>Type the company’s name in the search engine to get the company URL </li></ul><ul><li>Google provides rich information to perform passive reconnaissance </li></ul><ul><li>Check newsgroups, forums, and blogs for sensitive information regarding the network </li></ul>
  7. 7. People Search
  8. 8. People Search Website
  9. 9. Satellite Picture of a Residence
  10. 10. Public and Private Websites
  11. 11. DNS Enumerator
  12. 12. SpiderFoot <ul><li>SpiderFoot is a free, open-source, domain footprinting tool which will scrape the websites on that domain, as well as search Google,Netcraft, Whois, and DNS to build up information like: </li></ul><ul><ul><li>Subdomains </li></ul></ul><ul><ul><li>Affiliates </li></ul></ul><ul><ul><li>Web server versions </li></ul></ul><ul><ul><li>Users (i.e. /~user) </li></ul></ul><ul><ul><li>Similar domains </li></ul></ul><ul><ul><li>Email addresses </li></ul></ul><ul><ul><li>Netblocks </li></ul></ul>
  13. 13. SpiderFoot
  14. 14. Web Data Extractor Tool
  15. 15. Additional Footprinting Tools <ul><li>Whois </li></ul><ul><li>Nslookup </li></ul><ul><li>ARIN </li></ul><ul><li>Neo Trace </li></ul><ul><li>VisualRoute Trace </li></ul><ul><li>SmartWhois </li></ul><ul><li>eMailTrackerPro </li></ul><ul><li>Website watcher </li></ul><ul><li>Google Earth </li></ul><ul><li>GEO Spider </li></ul><ul><li>HTTrack Web Copier </li></ul><ul><li>E-mail Spider </li></ul>
  16. 16. Whois Lookup <ul><li>With whois lookup, you can get personal and contact information </li></ul><ul><ul><li>For example, </li></ul></ul>
  17. 17. Whois Registrant: targetcompany (targetcompany-DOM) # Street Address City, Province State, Pin, Country Domain Name : targetcompany.COM Domain servers in listed order: NS1.WEBHOST.COM XXX.XXX.XXX.XXX NS2.WEBHOST.COM XXX.XXX.XXX.XXX Administrative Contact: Surname, Name (SNIDNo-ORG) t [email_address] targetcompany (targetcompany-DOM) # Street Address City, Province, State, Pin, Country Telephone: XXXXX Fax XXXXX Technical Contact : Surname, Name (SNIDNo-ORG) t [email_address] targetcompany (targetcompany-DOM) # Street Address City, Province, State, Pin, Country Telephone: XXXXX Fax XXXXX
  18. 18. Online Whois Tools
  19. 19. Nslookup <ul><li>Nslookup is a program to query Internet domain name servers. Displays information that can be used to diagnose Domain Name System (DNS) infrastructure. </li></ul><ul><li>Helps find additional IP addresses if authoritative DNS is known from whois. </li></ul><ul><li>MX record reveals the IP of the mail server. </li></ul><ul><li>Both Unix and Windows come with a Nslookup client. </li></ul><ul><li>Third party clients are also available – E.g. Sam Spade </li></ul>
  20. 20. NSLookup options <ul><li>Switch Function </li></ul><ul><li>nslookup Launches the nslookup program. </li></ul><ul><li>host name Returns the IP address for the specified host name. </li></ul><ul><li>NAME Displays information about the host/domain NAME using default server </li></ul><ul><li>NAME1 NAME2 As above, but uses NAME2 as server </li></ul><ul><li>help or? Displays information about common commands </li></ul><ul><li>set OPTION Sets an option </li></ul><ul><li>domain= NAME Sets default domain name to NAME. </li></ul><ul><li>root = NAME Sets root server to NAME. </li></ul><ul><li>retry= X Sets number of retries to X. </li></ul><ul><li>timeout= X Sets initial timeout interval to X seconds. </li></ul><ul><li>type= X </li></ul>
  21. 21. Types of DNS Records
  22. 22. Locate the Network Range <ul><li>Commonly includes: </li></ul><ul><li>Finding the range of IP addresses </li></ul><ul><li>Discerning the subnet mask </li></ul><ul><li>Information Sources: </li></ul><ul><li>ARIN (American Registry of Internet Numbers) </li></ul><ul><li>Traceroute </li></ul><ul><li>Hacking Tool : </li></ul><ul><li>NeoTrace </li></ul><ul><li>Visual Route </li></ul>
  23. 23. Traceroute <ul><li>Traceroute works by exploiting a feature of the Internet Protocol called TTL, or Time To Live. </li></ul><ul><li>Traceroute reveals the path IP packets travel between two systems by sending out consecutive UDP packets with ever-increasing TTLs . </li></ul><ul><li>As each router processes a IP packet, it decrements the TTL. When the TTL reaches zero, it sends back a &quot;TTL exceeded&quot; message (using ICMP ) to the originator. </li></ul><ul><li>Routers with DNS entries reveal the name of routers, network affiliation and geographic location . </li></ul>
  24. 24. Trace Route Analysis
  25. 25. Trace Route Analysis
  26. 26. Tool: NeoTrace (Now McAfee Visual Trace) NeoTrace shows the traceroute output visually – map view, node view and IP view
  27. 27. Tool: VisualRoute Trace
  28. 28. Tool: Path Analyzer Pro -
  29. 29. Path Analyzer Pro Screenshot
  30. 30. Path Analyzer Pro Screenshot
  31. 31. Path Analyzer Pro Screenshot
  32. 32. GoogleEarth
  33. 33. GoogleEarth Showing Pentagon
  34. 34. Tool: SmartWhois SmartWhois is a useful network information utility that allows you to find out all available information about an IP address, host name, or domain, including country, state or province, city, name of the network provider, administrator and technical support contact information Unlike standard Whois utilities, SmartWhois can find the information about a computer located in any part of the world, intelligently querying the right database and delivering all the related records within a few seconds.
  35. 35. Tool: eMailTrackerPro eMailTrackerPro is the e-mail analysis tool that enables analysis of an e-mail and its headers automatically and provides graphical results
  36. 36. How to Setup a Fake Website?
  37. 37. How to Setup a Fake Website?
  38. 38. Website Stealing Tool: Reamweaver <ul><li>Reamweaver has everything you need to instantly “steal&quot; anyone's website, copying the real-time &quot;look and feel&quot; but letting you change any words, images, etc. that you choose </li></ul><ul><li>When a visitor visits a page on your stolen (mirrored) website, Reamweaver gets the page from the target domain, changes the words as you specify, and stores the result (along with images, etc.) in the fake website </li></ul><ul><li>With this tool your fake website will always look current, Reamweaver automatically updates the fake mirror when the content changes in the original website </li></ul><ul><li>Download: cehtools/ </li></ul>