Module 2 Foot Printing

Objective Overview of the Reconnaissance Phase Introducing Footprinting Understanding the information gathering methodology of hackers Comprehending the Implications Learning some of the tools used for reconnaissance phase FootPrinting steps

Defining Footprinting Footprinting is the blueprinting of the security profile of an organization, undertaken in a methodological manner. Footprinting is one of the three pre-attack phases. The others are scanning and enumeration. Footprinting results in a unique organization profile with respect to networks (Internet / Intranet / Extranet / Wireless) and systems involved. An attacker will spend 90% of the time in profiling an organization and another 10% in launching the attack

Information Gathering Methodology Unearth initial information Locate the network range Ascertain active machines Discover open ports / access points Detect operating systems Uncover services on ports Map the Network

Unearthing Initial Information Commonly includes : Domain name lookup Locations Contacts (Telephone / mail) Information Sources : Open source Whois Nslookup Hacking Tool : Sam Spade

Finding a Company’s URL & Info. Search for a company’s URL using a search engine such as www.google.com Type the company’s name in the search engine to get the company URL Google provides rich information to perform passive reconnaissance Check newsgroups, forums, and blogs for sensitive information regarding the network

Satellite Picture of a Residence

SpiderFoot SpiderFoot is a free, open-source, domain footprinting tool which will scrape the websites on that domain, as well as search Google,Netcraft, Whois, and DNS to build up information like: Subdomains Affiliates Web server versions Users (i.e. /~user) Similar domains Email addresses Netblocks

Additional Footprinting Tools Whois Nslookup ARIN Neo Trace VisualRoute Trace SmartWhois eMailTrackerPro Website watcher Google Earth GEO Spider HTTrack Web Copier E-mail Spider

Whois Lookup With whois lookup, you can get personal and contact information For example, www.samspade.com

Whois Registrant: targetcompany (targetcompany-DOM) # Street Address City, Province State, Pin, Country Domain Name : targetcompany.COM Domain servers in listed order: NS1.WEBHOST.COM XXX.XXX.XXX.XXX NS2.WEBHOST.COM XXX.XXX.XXX.XXX Administrative Contact: Surname, Name (SNIDNo-ORG) t [email_address] targetcompany (targetcompany-DOM) # Street Address City, Province, State, Pin, Country Telephone: XXXXX Fax XXXXX Technical Contact : Surname, Name (SNIDNo-ORG) t [email_address] targetcompany (targetcompany-DOM) # Street Address City, Province, State, Pin, Country Telephone: XXXXX Fax XXXXX

Nslookup Nslookup is a program to query Internet domain name servers. Displays information that can be used to diagnose Domain Name System (DNS) infrastructure. Helps find additional IP addresses if authoritative DNS is known from whois. MX record reveals the IP of the mail server. Both Unix and Windows come with a Nslookup client. Third party clients are also available – E.g. Sam Spade

NSLookup options Switch Function nslookup Launches the nslookup program. host name Returns the IP address for the specified host name. NAME Displays information about the host/domain NAME using default server NAME1 NAME2 As above, but uses NAME2 as server help or? Displays information about common commands set OPTION Sets an option domain= NAME Sets default domain name to NAME. root = NAME Sets root server to NAME. retry= X Sets number of retries to X. timeout= X Sets initial timeout interval to X seconds. type= X

Locate the Network Range Commonly includes: Finding the range of IP addresses Discerning the subnet mask Information Sources: ARIN (American Registry of Internet Numbers) Traceroute Hacking Tool : NeoTrace Visual Route

Traceroute Traceroute works by exploiting a feature of the Internet Protocol called TTL, or Time To Live. Traceroute reveals the path IP packets travel between two systems by sending out consecutive UDP packets with ever-increasing TTLs . As each router processes a IP packet, it decrements the TTL. When the TTL reaches zero, it sends back a "TTL exceeded" message (using ICMP ) to the originator. Routers with DNS entries reveal the name of routers, network affiliation and geographic location .

Tool: NeoTrace (Now McAfee Visual Trace) NeoTrace shows the traceroute output visually – map view, node view and IP view

Tool: Path Analyzer Pro - http://vostrom.com

Tool: SmartWhois SmartWhois is a useful network information utility that allows you to find out all available information about an IP address, host name, or domain, including country, state or province, city, name of the network provider, administrator and technical support contact information Unlike standard Whois utilities, SmartWhois can find the information about a computer located in any part of the world, intelligently querying the right database and delivering all the related records within a few seconds.

Tool: eMailTrackerPro eMailTrackerPro is the e-mail analysis tool that enables analysis of an e-mail and its headers automatically and provides graphical results

Website Stealing Tool: Reamweaver Reamweaver has everything you need to instantly “steal" anyone's website, copying the real-time "look and feel" but letting you change any words, images, etc. that you choose When a visitor visits a page on your stolen (mirrored) website, Reamweaver gets the page from the target domain, changes the words as you specify, and stores the result (along with images, etc.) in the fake website With this tool your fake website will always look current, Reamweaver automatically updates the fake mirror when the content changes in the original website Download: http://www.eccouncil.org/ cehtools/reamweaver.zip

Module 2 Foot Printing

More Related Content

What's hot

Viewers also liked

Similar to Module 2 Foot Printing

More from leminhvuong

Recently uploaded

Module 2 Foot Printing