They need either one Manually easy or Hard1. Go to dnschecker..docx

They need either one Manually easy or Hard
1. Go to dnschecker.org input "www.motionborg.com"
· Go through the text records (A, AAAA, CNAME, MX, NS,
PTR, SRV, SOA, TXT, CAA) In a word document copy and
paste the information (Blue Text) of all the Text Record
information
2. Use Sam Spade to get more information about the network,
what ever you find put it in the word document as
well. Sam Spade Video (If you do not like this video
Google Sam Spade Footprinting)
Manually-Hard
3. Use Command Prompt: Run Traceroute on
www.motionborg.com to get more details see document here
4. Use Command Prompt to Use nslookup see document here
They need either Manyally Hard or Easy.
I had done the Manually-Hard
Useful Links
https://kb.intermedia.net/article/682
https://kb.intermedia.net/Article/819
Use this links and try to find out some answers and prepare
some matter to this.
· Is the site www.motionborg.com secure with SSL? is the site
vulnerable to script injection attacks?
· Look at the source code does anything stand out to you?
· What did you find out about the network?
· Are other networks connected to it?

· Is it a Linux or Windows server
· Based on your findings what are some vulnerabilities
·
Note: It is really easy to get stuck in the Matrix, do not dive to
in-depth - just the surface of gathering information.
Tracert www.motionborg.com
Then run the command : nslookup motionborg.com
Next run nslookup motionborg.com B.ROOT-SERVERS.NET
Next run nslookup motionborg.com m.gtld-servers.net
Next run : -q=CNAME motionborg.com
ns35.domaincontrol.com
Is the site www.motionborg.com secure with SSL?
Not secure :
is the site vulnerable to script injection attacks?
No
https://suip.biz/?act=sqlmap

No
Linux
Based on your findings what are some vulnerabilities
https://www.scu.edu/is/secure/resources-and-information/ssl-
vulnerabilities-/
They need either one Manually easy or Hard
1. Go to dnschecker.org input "www.motionborg.com"
· Go through the text records (A, AAAA, CNAME, MX, NS,
PTR, SRV, SOA, TXT, CAA) In a word document copy and
paste the information (Blue Text) of all the Text Record
information
2. Use Sam Spade to get more information about the network,
what ever you find put it in the word document as
well. Sam Spade Video (If you do not like this video
Google Sam Spade Footprinting)
Manually-Hard
They need either Manyally Hard or Easy.
I had done the Manually-Hard

Useful Links
https://kb.intermedia.net/article/682
https://kb.intermedia.net/Article/819
Use this links and try to find out some answers and prepare
some matter to this.
· Is the site www.motionborg.com secure with SSL? is the site
vulnerable to script injection attacks?
· Are other networks connected to it?
· Based on your findings what are some vulnerabilities
·
Note: It is really easy to get stuck in the Matrix, do not dive to
in-depth - just the surface of gathering information.
Tracert www.motionborg.com
Then run the command : nslookup motionborg.com
Next run nslookup motionborg.com B.ROOT-SERVERS.NET
Next run nslookup motionborg.com m.gtld-servers.net
Next run : -q=CNAME motionborg.com
ns35.domaincontrol.com

Footprinting and
Reconnaissance
Module 02
Exam 312-50 Certified Ethical HackerEthical Hacking and
Countermeasures
Footprinting and Reconnaissance
Footprinting and
Reconnaissance
Module 02
Ethical Hacking and Countermeasures v8
M o dule 02: Footprinting and Reconnaissance
Exam 312-50
Ethical Hacking and Countermeasures Copyright © by EC-
C0UnCil
All Rights Reserved. Reproduction is Strictly Prohibited.
Module 02 Page 92
Countermeasures
Security News
PRODUCTSABOUT US

Copyright © by EG-G*ancil. All Rights Reserved. Reproduction
is Strictly Prohibited.
N E W S
Facebook a 'treasure trove' of April 1a 2012
Personally Identifiab le Inform ation
Facebook contains a "treasure trove" of personally identifiable
information that hackers
manage to get their hands on.
A report by Imperva revealed that users' "general personal
information" can often include
a date of birth, home address and sometimes mother's maiden
name, allowing hackers to
access this and other websites and applications and create
targeted spearphishing campaigns.
It detailed a concept I call "friend-mapping", where an attacker
can get further knowledge of
a user’s circle of friends; having accessed their account and
posing as a trusted friend, they can
cause mayhem. This can include requesting the transfer of funds
and extortion.
Asked why Facebook is so important to hackers, Imperva senior
security strategist Noa Bar-Yosef
said: "People also add work friends on Facebook so a team
leader can be identified and this can lead
to corporate data being accessed, project work being discussed
openly, while geo-location data can be
detailed for military intelligence."
"Hacktivism made up 58 per cent of attacks in the Verizon Data
Breach Intelligence Report, and they
are going after information on Facebook that can be used to
humiliate a person. All types of attackers
have their own techniques." http://www.scmogazineuk.com

‫״־‬ spmasweN ytiruceS ‫״‬
uii Facebook a ,treasure trove‫״‬ of Personally Identifiable
Information
Source: http://www.scmagazineuk.com
Facebook contains a "treasure trove" of personally identifiable
information that hackers
manage to get their hands on.
A report by Imperva revealed that users' "general personal
information" can often include a
date of birth, home address and sometimes mother's maiden
name, allowing hackers to access
this and other websites and applications and create targeted
spearphishing campaigns.
It detailed a concept I call "friend-mapping", where an attacker
can get further knowledge of a
user's circle of friends; having accessed their account and
posing as a trusted friend, they can
cause mayhem. This can include requesting the transfer of funds
and extortion.
Asked why Facebook is so important to hackers, Imperva senior
security strategist Noa Bar-
Yosef said: ‫״‬People also add work friends on Facebook so a
team leader can be identified and
this can lead to corporate data being accessed, project work
being discussed openly, while geo-
location data can be detailed for military intelligence."
C0UnCil

Module 02 Page 93
http://www.scmogazineuk.com
http://www.scmagazineuk.com
Countermeasures
"Hacktivism made up 58 per cent of attacks in the Verizon Data
Breach Intelligence Report,
and they are going after information on Facebook that can be
used to humiliate a person. All
types of attackers have their own techniques."
On how attackers get a password in the first place, Imperva
claimed that different keyloggers
are used, while phishing kits that create a fake Facebook login
page have been seen, and a
more primitive method is a brute force attack, where the
attacker repeatedly attempts to guess
the user's password.
In more extreme cases, a Facebook administrators rights can be
accessed. Although it said that
this requires more effort on the hacker side and is not as
prevalent, it is the "holy grail" of
attacks as it provides the hacker with data on all users.
On protection, Bar-Yosef said the roll-out of SSL across the
whole website, rather than just at
the login page, was effective, but users still needed to opt into
this.
By Dan Raywood

http://www.scmagazine.com.au/Feature/265065,digitial-
investigations-have-matured.aspx
C0UnCil
Module 02 Page 94
http://www.scmagazine.com.au/Feature/265065,digitial-
investigations-have-matured.aspx
Countermeasures
C EHModule Objectives
J Footprinting Terminology J WHOIS Footprinting
J What Is Footprinting? J DNS Footprinting
J Objectives of Footprinting J Network Footprinting
J Footprinting Threats J Footprinting through Social
Engineering
W J Footprinting through Social
J Website Footprinting Networking Sites
J Email Footprinting J Footprinting Tools
J Competitive Intelligence J Footprinting Countermeasures
J Footprinting Using Google J Footprinting Pen Testing
Copyright © by EC-G*ancil. All Rights Reserved. Reproduction

M odule O bjectives
This module will make you familiarize with the following:
e Footprinting Terminologies © WHOIS Footprinting
e What Is Footprinting? © DNS Footprinting
© Objectives of Footprinting © Network Footprinting
© Footprinting Threats © Footprinting through Social
Engineering
e Footprinting through Search Engines
Footprinting through Social©
© Website Footprinting Networking Sites
© Email Footprinting © Footprinting Tools
© Competitive Intelligence © Footprinting Countermeasures
© Footprinting Using Google © Footprinting Pen Testing
C0UnCil
Module 02 Page 95
t
t
t
f

Countermeasures
M odule Flow
Ethical hacking is legal hacking conducted by a penetration
tester in order to evaluate
the security of an IT infrastructure with the permission of an
organization. The concept of
ethical hacking cannot be explained or cannot be performed in a
single step; therefore, it has
been divided into several steps. Footprinting is the first step in
ethical hacking, where an
attacker tries to gather information about a target. To help you
better understand footprinting,
it has been distributed into various sections:
Xj Footprinting Concepts [|EJ Footprinting Tools
Footprinting Threats FootPrint'ng Countermeasures
C J Footprinting Methodology Footprinting Penetration Testing
C0UnCil
Module 02 Page 96

Countermeasures
The Footprinting Concepts section familiarizes you with
footprinting, footprinting terminology,
why footprinting is necessary, and the objectives of
footprinting.
C0UnCil
Module 02 Page 97
Countermeasures
Footprinting Terminology CEH
Active Information Gathering
Gather information through social
engineering on-site visits, interviews,
and questionnaires
Pseudonymous Footprinting
Collect information that might be
published under a different name in
an attempt to preserve privacy
Open Source or Passive
Information Gathering

Collect information about a target from
the publicly accessible sources
Anonymous Footprinting
Gather information from sources where
the author of the information cannot
be identified or traced
Internet Footprinting
Collect information about a target
from the Internet
Organizational or Private
Footprinting
Collect information from an organization's
web-based calendar and email services
00 -
ooo
—00‫־‬ Footprinting Term inology
Before going deep into the concept, it is important to know the
basic terminology
used in footprinting. These terms help you understand the
concept of footprinting and its
structures.

Open Source or Passive Information Gathering
!,n'nVn'nVI
Open source or passive information gathering is the easiest way
to collect information
about the target organization. It refers to the process of
gathering information from the open
sources, i.e., publicly available sources. This requires no direct
contact with the target
organization. Open sources may include newspapers, television,
social networking sites, blogs,
etc.
Using these, you can gather information such as network
boundaries, IP address reachable via
the Internet, operating systems, web server software used by the
target network, TCP and UDP
services in each system, access control mechanisms, system
architecture, intrusion detection
systems, and so on.
Active Information Gathering
In active information gathering, process attackers mainly focus
on the employees of
C0UnCil
Module 02 Page 98
Countermeasures

the target organization. Attackers try to extract information
from the employees by conducting
social engineering: on-site visits, interviews, questionnaires,
etc.
This refers to the process of collecting information from sources
anonymously so that
your efforts cannot be traced back to you.
<— —i Pseudonym ous Footprinting
Pseudonymous footprinting refers to the process of collecting
information from the
sources that have been published on the Internet but is not
directly linked to the author's
name. The information may be published under a different name
or the author may have a
well-established pen name, or the author may be a corporate or
government official and be
prohibited from posting under his or her original name.
Irrespective of the reason for hiding the
Private footprint""ing involves collecting information from an
organization's web-
based calendar and email services.
| | Internet Footprinting
Internet footprinting refers to the process of collecting
information of the target
organization's connections to the Internet.
Anonymous Footprinting
author's name, collecting information from such sources is

called pseudonymous.
r *s • V t 4 THI 4 • 4 •Organizational or Private Footprinting
C0UnCil
Module 02 Page 99
Countermeasures
W hat I s F o o tp rin tin g ? |
Footprinting is the process of collecting as much information as
possible
about a target network, for identifying various ways to intrude
into an
organization's network system
Process involved in Footprinting a Target
Determine the operating system
used, platforms running, web
server versions, etc.
© Find vulnerabilities and exploitsfor launching attacks
Collect basic information about
the target and its network©
di i iH a
a a ‫י‬ ,af

■
Perform techniques such as Whois,
DNS, network and organizational
queries
What Is Footprinting?
Footprinting, the first step in ethical hacking, refers to the
process of collecting
information about a target network and its environment. Using
footprinting you can find
various ways to intrude into the target organization's network
system. It is considered
.methodological" because critical information is sought based
on a previous discovery‫״‬
Once you begin the footprinting process in a methodological
manner, you will obtain the
blueprint of the security profile of the target organization. Here
the term "blueprint" is used
because the result that you get at the end of footprinting refers
to the unique system profile of
the target organization.
There is no single methodology for footprinting as you can trace
information in several routes.
However, this activity is important as all crucial information
needs to be gathered before you
begin hacking. Hence, you should carry out the footprinting
precisely and in an organized
manner.

You can collect information about the target organization
through the means of footprinting in
four steps:
1. Collect basic information about the target and its network
2. Determine the operating system used, platforms running, web
server versions, etc.
C0UnCil
Module 02 Page 100
Countermeasures
3. Perform techniques such as Whois, DNS, network and
organizational queries
4. Find vulnerabilities and exploits for launching attacks
Furthermore, we will discuss how to collect basic information,
determine operating system of
target computer, platforms running, and web server versions,
various methods of footprinting,
and how to find and exploit vulnerabilities in detail.
C0UnCil

Module 02 Page 101
Countermeasures
W hy F o o tp rin tin g ? CEH
Urti*W itkM l lUckw
Why Footprinting?
I'n'n'r'n'n'
For attackers to build a hacking strategy, they need to gather
information about the
target organization's network, so that they can find the easiest
way to break into the
organization's security perimeter. As mentioned previously,
footprinting is the easiest way to
gather information about the target organization; this plays a
vital role in the hacking process.
Footprinting helps to:
• Know Security Posture
Performing footprinting on the target organization in a
systematic and methodical manner
gives the complete profile of the organization's security posture.
You can analyze this report
to figure out loopholes in the security posture of your target
organization and then you can
build your hacking plan accordingly.
• Reduce Attack Area

By using a combination of tools and techniques, attackers can
take an unknown entity (for
example XYZ Organization) and reduce it to a specific range of
domain names, network
blocks, and individual IP addresses of systems directly
connected to the Internet, as well as
many other details pertaining to its security posture.
Build Information Database
C0UnCil
Module 02 Page 102
Countermeasures
A detailed footprint provides maximum information about the
target organization.
Attackers can build their own information database about
security weakness of the target
organization. This database can then be analyzed to find the
easiest way to break into the
organization's security perimeter.
• Draw Network Map
Combining footprinting techniques with tools such as Tracert
allows the attacker to create
network diagrams of the target organization's network presence.

This network map
represents their understanding of the targets Internet footprint.
These network diagrams
can guide the attack.
C0UnCil
Module 02 Page 103
Countermeasures
O bjectives of Footprinting CEH
Networking protocols *-‫׳‬
0 VPN Points
0 ACLs
0 IDSes running
0 Analog/digital telephone numbers
0 Authentication mechanisms
tf System Enumeration
0 Domain name
0 Internal domain names
0 Network blocks
0 IP addresses of the reachable systems
0 Rogue websites/private websites
0 TCP and UDP services running
0 Access control Mechanisms and ACL's
0 Comments in HTML source code

0 Security policies implemented
0 Web server links relevant to the
organization
0 Background of the organization
0 News articles/press releases
User and group names ‫ג‬
* System banners
System architecture ‫־‬
* Remote system type
1 v/1 >‫־‬
• Routing tables
: SNMP information
• System names
: Passwords
0 Employee details
0 Organization's website
0 Company directory
0 Location details
0 Address and phone numbers
O Collect
O Network Information
Collect
System
Information
Collect

Organization’s
Information
O bjectives of Footprinting
The major objectives of footprinting include collecting the
target's network
information, system information, and the organizational
information. By carrying out
footprinting at various network levels, you can gain information
such as: network blocks,
network services and applications, system architecture,
intrusion detection systems, specific IP
addresses, and access control mechanisms. With footprinting,
information such as employee
names, phone numbers, contact addresses, designation, and
work experience, and so on can
also be obtained.
Collect Network Information
The network information can be gathered by performing a
Whois database analysis,
trace routing, etc. includes:
Q Domain name
Q Internal domain names
Q Network blocks
© IP addresses of the reachable systems

Rogue websites/private websites ‫י‬-
COUIICil
Module 02 Page 104
Countermeasures
Q TCP and UDP services running
© Access control mechanisms and ACLs
© Networking protocols
© VPN points
Q ACLs
9 IDSes running
© Analog/digital telephone numbers
© Authentication mechanisms
© System enumeration
Collect System Information
Q User and group names
© System banners
Q Routing tables
Q SNMP information
© System architecture
© Remote system type
Q System names

Q Passwords
Collect Organization’s Information
Q Employee details
Q Organization's website
Q Company directory
Q Location details
Q Address and phone numbers
Q Comments in HTML source code
Q Security policies implemented
Q Web server links relevant to the organization
© Background of the organization
U News articles/press releases
COUIlCil
Module 02 Page 105
Countermeasures
M odule Flow
So far, we discussed footprinting concepts, and now we will
discuss the threats
associated with footprinting:

slooT gnitnirptooF stpecnoC gnitnirptooF ‫ף‬
o Footprinting Threats ‫ר‬ Footprinting Countermeasures
C L ) Footprinting Methodology xi Footprinting Penetration
Testing
? * ‫ר‬
The Footprinting Threats section familiarizes you with the
threats associated with footprinting
such as social engineering, system and network attacks,
corporate espionage, etc.
C0UnCil
Module 02 Page 106
Countermeasures
Business
Footprinting Threats
J Attackers gather valuable system and network information
such as account
details, operating system and installed applications, network
components,
server names, database schema details, etc. from footprinting
techniques

Types off Threats
Information Privacy Corporate
Leakage Loss Espionage LossJ.J
Copyright © by EG-G*ancil. All Rights Reserved.
Reproduction is Strictly Prohibited.
Footprinting Threats
-‫ם‬0‫ם‬-
As discussed previously, attackers perform footprinting as the
first step in an attempt to
hack a target organization. In the footprinting phase, attackers
try to collect valuable system-
level information such as account details, operating system and
other software versions, server
names, and database schema details that will be useful in the
hacking process.
The following are various threats due to footprinting:
Social Engineering
Without using any intrusion methods, hackers directly and
indirectly collect
information through persuasion and various other means. Here,
crucial information is gathered
by the hackers through employees without their consent.
System and Network Attacks
© J
Footprinting helps an attacker to perform system and network
attacks. Through
footprinting, attackers can gather information related to the

target organization's system
configuration, operating system running on the machine, and so
on. Using this information,
attackers can find the vulnerabilities present in the target
system and then can exploit those
Module 02 Page 107 Ethical Hacking and Countermeasures
Copyright © by EC-C0UnCil
Countermeasures
vulnerabilities. Thus, attackers can take control over a target
system. Similarly, attackers can
also take control over the entire network.
&pa», Information Leakage
L 3 3 Information leakage can be a great threat to any
organization and is often overlooked.
If sensitive organizational information falls into the hands of
attackers, then they can build an
attack plan based on the information, or use it for monetary
benefits.
G P Privacy L o s s
‫—יי‬ssecca ot elba era srekcah ,gnitnirptoof fo pleh eht htiW ‫׳‬
the systems and networks of
the company and even escalate the privileges up to admin
levels. Whatever privacy was
maintained by the company is completely lost.

Corporate Espionage
Corporate espionage is one of the major threats to companies as
competitors can spy
and attempt to steal sensitive data through footprinting. Due to
this type of espionage,
competitors are able to launch similar products in the market,
affecting the market position of a
company.
Business Loss
Footprinting has a major effect on businesses such as online
businesses and other
ecommerce websites, banking and financial related businesses,
etc. Billions of dollars are lost
every year due to malicious attacks by hackers.
C0UnCil
Module 02 Page 108
Countermeasures
M odule Flow
Now that you are familiar with footprinting concepts and
threats, we will discuss the
footprinting methodology.

The footprinting methodology section discusses various
techniques used to collect information
about the target organization from different sources.
x Footprinting Concepts Footprinting Tools ‫ןןיד־ן‬
Footprinting Threats Footprinting Countermeasures
G O Footprinting Methodology v! Footprinting Penetration
Testing
C0UnCil
Module 02 Page 109
Countermeasures
EHFootprinting Methodology
WHOIS Footprinting
DNS Footprinting
Network Footprinting
Footprinting through Social
Engineering
Networking Sites

Footprinting through Search
Engines
Website Footprinting
Email Footprinting
Competitive Intelligence
Footprinting using Google
I— ^
Footprinting M ethodology
The footprinting methodology is a procedural way of collecting
information about a
target organization from all available sources. It deals with
gathering information about a target
organization, determining URL, location, establishment details,
number of employees, the
specific range of domain names, and contact information. This
information can be gathered
from various sources such as search engines, Whois databases,
etc.
Search engines are the main information sources where you can
find valuable information
about your target organization. Therefore, first we will discuss
footprinting through search
engines. Here we are going to discuss how and what information
we can collect through search
engines.

Examples of search engines include:
www.google.com,www.yahoo.com,www.bing.com
C0UnCil
Module 02 Page 110
http://www.bing.com
Countermeasures
Engines
Microsoft ■»0aMus •»»!*•>>** •rcicspthi
Mciim* Cxivxaco MC.rr 1 nm Anmw MCDMT zerperator
nd P»> b u r* , Ajn 4 1V: Mem* n th■
Microsoft
i 1m:am iiwm 1yw<n •wwt ■M1MSOOS <1 1M r*& IIMl tv |h*
tiV.row* Midm Int si ap**« nj
11bM-nar« 'M I*1 he •hut tot• crtMd an ■MmjM hiM trfQur•* *
r t V/ Kti *1m Marot*Snc• in• 1*101 11• <pnu>V '‫«׳‬ •tnnn̂ r •-
••‫יא‬ *an
s* ‫יי‬
Footprinting through Search Engines
w , --

A web search engine is designed to search for information on
the World Wide Web.
The search results are generally presented in a line of results
often referred to as search engine
results pages (SERPs). In the present world, many search
engines allow you to extract a target
organization's information such as technology platforms,
employee details, login pages,
intranet portals, and so on. Using this information, an attacker
may build a hacking strategy to
break into the target organization's network and may carry out
other types of advanced system
attacks. A Google search could reveal submissions to forums by
security personnel that reveal
brands of firewalls or antivirus software in use at the target.
Sometimes even network
diagrams are found that can guide an attack.
If you want to footprint the target organization, for example
XYZ pvt ltd, then type XYZ pvt ltd in
the Search box of the search engine and press Enter. This will
display all the search results
containing the keywords "XYZ pvt ltd." You can even narrow
down the results by adding a
specific keyword while searching. Furthermore, we will discuss
other footprinting techniques
such as website footprinting and email Footprinting.
For example, consider an organization, perhaps Microsoft. Type
Microsoft in the Search box of
a search engine and press Enter; this will display all the results
containing information about
Microsoft. Browsing the results may provide critical
information such as physical location,

Attackers use search engines to extract
information about a target such as
technology platforms, employee details,
login pages, intranet portals, etc. which
helps in performing social engineering and
other types of advanced system attacks
J Search engine cache may provide sensitive
information that has been removed from
the World Wide Web (WWW)
C0UnCil
Module 02 Page 111
Countermeasures
contact address, the services offered, number of employees, etc.
that may prove to be a
valuable source for hacking.
O © wcbcachc.googleusercontent.com scarch?q-cache:ARbFVg
INvoJ:en. wikipcdia.org/wiki/Micn & ,‫|ן‬
This i3 Google's cache of http i / e n wikipedia
0rgAviki/Microsoft t is a snapshot of the page as it appeared on
17 Jul 2012 13:15:03
GMT The current page could have changed in the meantirre
Learn more

Text-only /ersicn
Create account & Log in
Read View source View history
Microsoft
W‫־‬N 122‘74242‫״‬55 22*38'47 -
M icrosort c o rp o ra tio n
Microsoft‫׳‬
Type Rjblc
Traded as NASDAQ: MSFT ̂
SEHK: 4333 (£>
Cow Jones Industrial Average
component
NASDAQ-100 component
S&P50D component
Induttry Computer tofiwar•
Onlir• t#rvic♦•
Video gorroo
Founded Albuquerque, New Mexico,
United States (April 4,1975)
Founder(•) Bill Gates, Paul Alien
Headquarters Microsoft Redmond Campts,
From Wikipedia. the free encyclopedia
Microsoft Corporation (NASDAQ: MSFTt? ) is ar American
multinational corporation headquartered n ReJrrond.

Washington. United States that develops, manufactures
licenses, and supports a wide range cf products and services
rolatod to computing. Tho company was foundoc by Bill Gatos
and Paul Allen on Apr J 4. 1975. Microsoft is the world's
largest
software corporation measured by revenues
Microsoft was established to develop and sell BASC
inteipieteis foi the Altai! 8800 It rose to dominate the home
computer operating system market wth MS-OOS n the mid•
1980s followed by the Microsoft Wndows line of operating
systems The company’s 1986 initial public oferng. and
subsequent rise in the share price, created ar estimated three
billionaires and 12.000 millionaires from Microsoft employees
Since the 1990s. the company has increasingly d1ersrf1ed from
the operating system market. In May 2011 Microsoft acquired
Skype for $8 5 billion in its largest acquisition to date PI
Main page
Contents
Featured content
Current events
Random article
Donate to vviKipeaia
Interaction
Help
About Wikipedia
Community portal
Recent changes
Contact Wikipedia
► Print/export
▼ Languages
FIGURE 2.1: Screenshot showing information about Microsoft

As an ethical hacker, if you find any sensitive information of
your company in the search engine
result pages, you should remove that information. Although you
remove the sensitive
information, it may still be available in a search engine cache.
Therefore, you should also check
the search engine cache to ensure that the sensitive data is
removed permanently.
C0UnCil
Module 02 Page 112
Countermeasures
CEHFinding Company’s External and Internal URLs
Tools to Search Internal URLs
5 http://news.netcraft.com
6 http://www.webmaster-a.com/
link-extractor-internal.php
A
Internal URL’s of m icrosoft.com
f j ^ ,

t) support.microsoft.com
e office.microsoft.com
s search.microsoft.com
0 msdn.microsoft.com
O update.microsoft.com
6 technet.microsoft.com
0 windows.microsoft.com
Search for the target company's external URL
in a search engine such as Google or Bing
Internal URLs provide an insight into
different departments and business units in
an organization
You may find an internal company's URL by
trial and error method
Copyright © by EG-G(IIIICil. All Rights Reserved.
Finding Com pany’s External and Internal URLs
A company's external and internal URLs provide a lot of useful
information to the
attacker. These URLs describe the company and provide details
such as the company mission
and vision, history, products or services offered, etc. The URL
that is used outside the corporate
network for accessing the company's vault server via a firewall
is called an external URL. It links
directly to the company's external web page. The target
company's external URL can be
determined with the help of search engines such as Google or
Bing.

If you want to find the external URL of a company, follow these
steps:
1. Open any of the search engines, such as Google or Bing.
2. Type the name of the target company in the Search box and
press Enter.
The internal URL is used for accessing the company's vault
server directly inside the corporate
network. The internal URL helps to access the internal
functions of a company. Most companies
use common formats for internal URLs. Therefore, if you know
the external URL of a company,
you can predict an internal URL through trial and error. These
internal URLs provide insight into
different departments and business units in an organization. You
can also find the internal URLs
of an organization using tools such as netcraft.
Tools to Search Internal URLs
C0UnCil
Module 02 Page 113
http://news.netcraft.com
http://www.webmaster-a.com/
Countermeasures

Netcraft
Source: http://news.netcraft.com
Netcraft deals with web server, web hosting market-share
analysis, and operating
system detection. It provides free anti-phishing toolbar (Net
craft toolbar) for Firefox as well as
Internet Explorer browsers. The netcraft toolbar avoids phishing
attacks and protects the
Internet users from fraudsters. It checks the risk rate as well as
the hosting location of the
websites we visit.
Link Extractor
Source: http://www.webmaster-a.com/link-extractor-
internal.php
Link Extractor is a link extraction utility that allows you to
choose between external and internal
URLs, and will return a plain list of URLs linked to or an html
list. You can use this utility to
competitor sites.
Examples of internal URLs of microsoft.com:
© support.microsoft.com
© office.microsoft.com
© search.microsoft.com
© msdn.microsoft.com
© update.microsoft.com

© technet.microsoft.com
© windows.microsoft.com
C0UnCil
Module 02 Page 114
http://news.netcraft.com
http://www.webmaster-a.com/link-extractor-internal.php
Countermeasures
CEH
Urt1fw4 ilh iul lUtbM
Public and R estricted W ebsites
http://answers.microsoft.comhttp://offlce.microsoft.com
Restricted Website
Public and Restricted W ebsites
—___ , A public website is a website designed to show the
presence of an organization on the
Internet. It is designed to attract customers and partners. It
contains information such as

company history, services and products, and contact information
of the organization.
The following screenshot is an example of a public website:
Source: http://www.microsoft.com
h ttp ://w w w .m ic ro s o ft.c o m
Public Website
Welcome to Microsoft
Irocua Dt+noaSz Sicuity Stifpcrt Su
C0UnCil
Module 02 Page 115
http://answers.microsoft.com
http://offlce.microsoft.com
http://www.microsoft.com
Countermeasures
FIGURE 2.2: An example of public website
A restricted website is a website that is available to only a few
people. The people may be
employees of an organization, members of a department, etc.
Restrictions can be applied

based on the IP number, domain or subnet, username, and
password.
Restricted or private websites of microsoft.com include:
http://technet.microsoft.com,
http://windows.microsoft.com, http://office.microsoft.com, and
http://answers.microsoft.com.
C0UnCil
Module 02 Page 116
http://technet.microsoft.com
http://windows.microsoft.com
http://office.microsoft.com
http://answers.microsoft.com
Countermeasures
C ‫־‬4 Hc*w*OT*<r©10‫״‬U0*n
Microsoft | TechNet
W1*• lM«»l .<*<»%
I TKMCINfMS IVMUAIIOM fVINIl U*VKTU*I%
IKHMlMkOC
Discover the New Office for IT Prc
|(«4a> tNc«r iecK ewr Shw1»ew1 » 1 >•

I Tc<»C«mer Ntw Office 10* IT *tot IW ftM T tMfmqt 2011 *o
I <jq *o‫׳‬ S«e 0*Ve X i ln t e w I«K« ‫י‬ er bcneJOIl*‫׳‬
EZESZ1
NBOUn lunott ■WACtt U V fjm OOMQW
Welcome to Office
F - .
ML i with Office 365
FIGURE 2.3: Examples of Public and Restricted websites
C0UnCil
Module 02 Page 117
Countermeasures
Collect Location Information CEH
Use Google Earth tool to get the location of the place
Collect Location Information
Information such as physical location of the organization plays
a vital role in the
hacking process. This information can be obtained using the

footprinting technique. In addition
to physical location, we can also collect information such as
surrounding public Wi-Fi hotspots
that may prove to be a way to break into the target
organization's network.
Attackers with the knowledge of a target organization's location
may attempt dumpster diving,
surveillance, social engineering, and other non-technical attacks
to gather much more
information about the target organization. Once the location of
the target is known, detailed
satellite images of the location can be obtained using various
sources available on the Internet
such as http://www.google.com/earth and
https://maps.google.com. Attackers can use this
information to gain unauthorized access to buildings, wired and
wireless networks, systems,
and so on.
Example: earth.google.com
Google Earth is a valuable tool for hacking that allows you to
find a location, point, and zoom
into that location to explore. You can even access 3D images
that depict most of the Earth in
high-resolution detail.
C0UnCil
Module 02 Page 118
http://www.google.com/earth
https://maps.google.com

Countermeasures
* Pldcwe * ‫י*גי‬
U, PI0C63
C ‫ט‬ far per ar/Phces
* Liytit
S 0 Je Q«>flr«wr1 cvyec
OS fto•*
5 O BuMngo
t£ '* :troct >‘osv
* H r B c r l n <rd latcti
□ Q ►011c ‫י‬ ‫ם‬ o ‫**־׳־‬ *
5. 0 0fll»‫׳‬v
• □v >WC«1 Awirviwvi
& D t Ftaeeeofiwrroit‫י‬ ‫םס‬ Mo•B fcffim
FIGURE 2.4: Google Earth showing location
Example: maps.google.com
Google Maps provides a Street View feature that provides you
with a series of images of
building, as well as its surroundings, including WI-FI networks.
Attackers may use Google Maps
to find or locate entrances to buildings, security cameras, gates,
places to hide, weak spots in
perimeter fences, and utility resources like electricity

connections, to measure distance
between different objects, etc.
=ssa
.» lC fi https' maps.google.fc.‫־‬
•You Starch Imago* Mall Oocuinonl• Calondai Shot ConUctt
Map•
Google
G«t ArtcM**• My piac•! A oo <
Om Okxh S**fchn#*fby S*v»lom*p mor*»
*•port • P0C4«m . u«c* L*M • H«lp
Ooogi• u«e* ■ •Mi: 00««1• r«m1 01 um • * *♦‫יי‬
FIGURE 2.5: Google Maps showing a Street View
C0UnCil
Module 02 Page 119
Countermeasures
C EHP eo p le S ea rch
The people search returns the following
information about a person:

“ Residential addresses and email addresses
S Contact numbers and date of birth
S Photos and social networking profiles
£ Blog URLs
S Satellite pictures of private residencies
http://www.spokeo.com
Information about an individual can be
found at various people search
websites
frfi
P‘P*
! i s ,
K ttje O. I* tan CA. U» .we* •«*•■<* U!;2‫״‬
http://pipl.com
Copyright © by EG-C*ancil. All Rights Reserved. Reproduction
People Search
You can use the public record websites to find information
about people's email
addresses, phone numbers, house addresses, and other
information. Using this information you
can try to obtain bank details, credit card details, mobile
numbers, past history, etc. There are
many people search online services available that help find
people, http://pipl.com and
http://www.spokeo.com are examples of people search services

that allow you to search for
the people with their name, email, username, phone, or address.
These people search services may provide information such as:
Q Residential addresses and email addresses
O Contact numbers and date of birth
Q Photos and social networking profiles
© Blog URLs
© Satellite pictures of private residences
C0UnCil
Module 02 Page 120
http://pipl.com
http://pipl.com
Countermeasures
C0UnCil
Module 02 Page 121

Countermeasures
P eople Search O nline S erv ices CEH
123 People Search
h ttp ://w w w . 12 3people, com
PeekYou
http ://ww w.peekyou. comC
Intelius
http ://ww w.inte lius.com
PeopleSmart
http ://ww w.peoplesm art. com&
WhitePages
m o • I P http://www.whitepages.comV/ >—J
M Zaba Searchhttp://www.zabasearch.com
M % Zoomlnfo
http ://ww w.zoom info . com
Wink People Search
http ://w ink.com
AnyWho
http://www.anywho.com
People Lookup

S® https://www.peoplelookup.com
.3;► People Search Online Services
— At present, many Internet users are using people search
engines to find information ‫׳׳‬
about other people. Most often people search engines provide
people's names, addresses, and
contact details. Some people search engines may also reveal the
type of work an individual
does, businesses owned by a person, contact numbers, company
email addresses, mobile
numbers, fax numbers, dates of birth, personal -mail addresses,
etc. This information proves to
be highly beneficial for attackers to launch attacks.
Some of the people search engines are listed as follows:
Zaba Search
Source: http://www.zabasearch.com
Zaba Search is a people search engine that provides information
such as address, phone
number, current location, etc. of people in the US. It allows you
to search for people by their
name.
Zoomlnfo
Source: http://www.zoominfo.com
C0UnCil

Module 02 Page 122
http://www
http://www.peekyou
http://www.intelius.com
http://www.peoplesmart
http://www.whitepages.com
http://www.zabasearch.com
http://www.zoominfo
http://wink.com
https://www.peoplelookup.com
http://www.zabasearch.com
http://www.zoominfo.com
Countermeasures
Zoom Info is a business people directory using which you can
find business contacts, people's
professional profiles, biographies, work histories, affiliations,
links to employee profiles with
verified contact information, and more.
Wink People Search
.E ‫ו_צ‬
Source: http://wink.com
Wink People Search is a people search engine that provides
information about people by name
and location. It gives phone number, address, websites, photos,
work, school, etc.

ohWynA ‫״‬
Source: http://www.anywho.com
AnyWho is a website that helps you find information about
people, their businesses, and their
locations online. With the help of a phone number, you can get
all the details of an individual.
People Lookup
Source: https://www.peoplelookup.com
People Lookup is a people search engine that allows you to
find, locate, and then connect with
people. It also allows you to look up a phone number, search for
cell numbers, find an address
or phone number, and search for people in the US. This
database uses information from public
records.
123 People Search
Source: http://www.123people.com
123 People Search is a people search tool that allows you to
find information such as public
records, phone numbers, addresses, images, videos, and email
addresses.
PeekYou
Source: http://www.peekyou.com
PeekYou is a people search engine that allows you to search for
profiles and contact
information of people in India and cities' top employers and
schools. It allows you to search for
the people with their names or usernames.

Intelius
Source: http://www.intelius.com
Intelius is a public records business that provides information
services. It allows you to search
for the people in US with their name, address, phone number, or
email address.
C0UnCil
Module 02 Page 123
http://wink.com
https://www.peoplelookup.com
http://www.123people.com
http://www.peekyou.com
http://www.intelius.com
Countermeasures
PeopleSmart
Source: http://www.peoplesmart.com
People Smart is a people search service that allows you to find
people's work information with
their name, city, and state. In addition, it allows you to perform
reverse phone lookups, email
searches, searches by address, and county searches.

Copyright © by EC-C0UnCil
http://www.peoplesmart.com
Countermeasures
W hitePages
Source: http://www.whitepages.com
WhitePages is a people search engine that provides information
about people by name and
location. Using the phone number, you can find the person's
address.
C0UnCil
Module 02 Page 125
http://www.whitepages.com
Countermeasures
CEHPeople Search on Social Networking Services
h ttp ://w w w . I inked in. com

Google♦
f t R30er Feoerer
r
nirtKtnn llweMfjailtofeiledewlwpeiewlkw
!3a‫■׳‬ ‫י‬-
» i *‫־‬ i n s
h ttps ://p lus, google, com
http ://ww w.facebook. com
h ttp ://tw itte r.com
People Search on Social Networking Services
Searching for people on social networking websites is easy.
Social networking services
are the online services, platforms, or sites that focus on
facilitating the building of social
networks or social relations among people. These websites
provide information that is provided
by users. Here, people are directly or indirectly related to each
other by common interest, work
location, or educational communities, etc.
Social networking sites allow people to share information
quickly and effectively as these sites
are updated in real time. It allows updating facts about
upcoming or current events, recent
announcements and invitations, and so on. Therefore, social

networking sites prove to be a
great platform for searching people and their related
information. Through people searching on
social networking services, you can gather critical information
that will be helpful in performing
social engineering or other kinds of attacks.
Many social networking sites allow visitors to search for people
without registration; this makes
people searching on social networking sites an easy task for
you. You can search a person using
name, email, or address. Some sites allow you to check whether
an account is currently in use
or not. This allows you to check the status of the person you are
looking for.
Some of social networking services are as follows:
C0UnCil
Module 02 Page 126
http://www
http://www.facebook
http://twitter.com
Countermeasures
Facebook
Source: http://www.facebook.com

Facebook allows you to search for people, their friends,
colleagues, and people living
around them and others with whom they are affiliated. In
addition, you can also find their
professional information such as their company or business,
current location, phone number,
email ID, photos, videos, etc. It allows you to search for people
by username or email address.
Sear<* for people, places and tvig i□facebook
Carmen f lectra About *
A na*<ra of «ha md-watt. Carman graw near C mamas,
900. and got hor •‫״‬ ! braak *htn a tcout for fwc*
aponad har danang and a*ad har to cama and aud«on for
Carman *roto a bock. >to* toBaSaxv'wfvtftwat
oubkihad by Random noma In +* book Carman convayi
tm ascW irdifM ndngifontlnw M lfaN cor•
a•‫״‬ Carman * aiao the *ace of Ma* factor ,a brand that
W t J aknoat 100 yaari ago and • •nwadataJY Mad to
aod1 ‫«י»י‬ moat baauHU facaa. Carman • par mm»10»1‫<׳‬
.$•• . Mai factor *eahset her m Tv and pm
FIGURE 2.7: Facebook a social networking service to search for
people across the world
Linkedln
1 J Source: http://www.linkedin.com
Linkedln is a social networking website for professional people.
It allows you to find people by
name, keyword, company, school, etc. Searching for people on
Linkedln gives you information

such as name, designation, name of company, current location,
and education qualifications,
but to use Linkedln you need to be registered with the site.
Twitter
Source: http://twitter.com
C0UnCil
Module 02 Page 127
http://www.facebook.com
http://www.linkedin.com
http://twitter.com
Countermeasures
Twitter is a social networking service that allows people to send
and read text messages
(tweets). Even unregistered users can read tweets on this site.
FIGURE 2.9: Twitter screenshot
C0UnCil
Module 02 Page 128

Countermeasures
Google+
Source: https://plus.google.com
Google+ is a social networking site that aims to make sharing
on the web more like sharing in
real life. You can grab a lot of useful information about users
from this site and use it to hack
their systems.
FIGURE 2.10: Google+ screenshot
C0UnCil
Module 02 Page 129
https://plus.google.com
Countermeasures
CEHGather Information from Financial Services
Gather Information from Financial Services
(>̂ j

Financial services such as Google Finance, Yahoo! Finance, and
so on provide a lot of
useful information such as the market value of a company's
shares, company profile,
competitor details, etc. The information offered varies from one
service to the next. In order to
avail themselves of services such as e-mail alerts and phone
alerts, users need to register on the
financial services. This gives an opportunity for an attacker to
grab useful information for
hacking.
Many financial firms rely on web access, performing
transactions, and user access to their
accounts. Attackers can obtain sensitive and private information
of users using information
theft, key loggers, etc. Attackers can even grab this information
by implementing cybercrimes,
and exploit it with the help of non-vulnerable threats (software
design flaw example; breaking
authentication mechanism).
The following are some of non-vulnerable threats:
Q Service flooding
Brute force attack
S Phishing
C0UnCil
Module 02 Page 130

Countermeasures
FIGURE 2.11: Examples of financial services website for
gathering information
C0UnCil
Module 02 Page 131
Countermeasures
CEH
Urtifwl ilhiul lUtbM
Footprinting through Job Sites
Look for these:
e Job requirements
6 Employee's profile A C
© Hardware information £ H |
© Software information
Exam ples of Job W ebsites
» http://www.monster.com

« http://www.careerbuilder.com
« http://www.dice.com *
http://www.simplyhired.com ^
© http://www.indeed.com
© http://www.usajobs.gov
You can gather company's
infrastructure details from
job postings
position larorauTio■
Wr04 town niciK*
En:e‫־‬p 3« Applicators EngincerfCBA
Aboa Us‫־‬
Sanre ISfti. t * War J k B»cv» Faraiy c£ ( nnpjwt h».‫־‬r
h«t>rornuylmc
bowmt toinlntp’-l'adin( *slutkm in even *wt of andlwrwflft
tvHikuk *vl fwrir* v t t arr>^< »c th* tcol< mvl tci-hiolosr'
rtjtfhWp
fcffli <are<ed V* o il if proivSnj. "S m rf of I ' 1 ‫ז‬1*‫ןיו‬.‫״‬1‫>ז‬
Fxrflm‫־‬r '
Wt eitaxi ths1aoe feel of service !0 our no* ■*witm* aisrt otr
uivktuv V { otf« 0 inprttT. r taanrt and benefits, but out
tbrtiztli it on
timh iltuf We fosta• 1 cisual but h*d uoriar.fi mwcnrxctt.
ottmizt fin

pati weafcepnfe apraantngticniwtha1
C0N1AU IMOMMAIMI
•AwnW ml <n|1|W« ‫׳‬o»* afplrahon <nAu‫(׳‬r<> for <v<fpo«»!f
Vfcrtoti'rt US. Vfi-touA ‫יי‬l»V< hi* it ant mit*l 1‫־‬.Tm n" ‫*זן*זי‬
««141**»
F«<-k1afr 20!0 Mkl I'nrfvM Victim•* Nfirtotoft Sha*‫•׳‬ Point
Vf<‫־‬rn»r« Cnrm
TUm I«to«* CRM M il Smrt 200< m<1200S Tr«m
FoaJatM 'fOt awl 2010. MniwA SCOM. ‫ןו‬1‫י‬lwpolfnir ‫ז»ו«מןיו‬
*4mn md 0f»n «1 nv‫׳‬omp‫־‬irtrH kv Ihf 1 '‫•**־»׳‬ f nvk‫«׳‬
.o* K K « M r« d bldb
?00B3a1r|u1n tla*g luuwtr tlg< oC Wfexknv1 «1vn 2COV2008
Actvr
Oarv u•• MkanMMUjodndnctuitkaig (TCP IP ve14.DS'S
<*kIDHCP! Mu-.;
i*r>c ;ipmciLt *th. juJ *Haig wmU^ U n w u f NOciuvjH SQL
2303 aul
:0)8 I 201) 1ucM î1« lyxcai. WiumA 5>Va1rP.«1.
MkicxA CRM dul NLliomA SCOM Mu* 1‫»״‬.c
Pj dc* C • aui Pov»c1 SbcB *.1 Iftiikj
■.!*» ladw■( mid Ndwuik iifiawaluc l>c>l
co ‫״‬ ‫״‬. c'iocjcb. SQL etc xvl cr MCTS, MCSE
■a-Jido itgpcc ■1 Compute! Siiaicc u Network
ttn—n; or <quvdcat«
Copyright © by EG-Gtlincil. All Rights Reserved. Reproduction
Footprinting through Job Sites
Attackers can gather valuable information about the operating
system, software
versions, company's infrastructure details, and database schema

of an organization, through
footprinting various job sites using different techniques.
Depending upon the posted
requirements for job openings, attackers may be able to study
the hardware, network-related
information, and technologies used by the company. Most of the
company's websites have a
key employees list with their email addresses. This information
may prove to be beneficial for
an attacker. For example, if a company wants to hire a person
for a Network Administration
job, it posts the requirements related to that position.
C0UnCil
Module 02 Page 132
http://www.monster.com
http://www.careerbuilder.com
http://www.dice.com
http://www.simplyhired.com
http://www.indeed.com
http://www.usajobs.gov
Countermeasures
Network Administrator. Active Directory CIW*.
Euhange
Design and vnpiemort Ik Iv k iI ukAooi on N
,gitfgiT.te « g — >_____________

Support fusing VWndows tmtaitucljrf VM
OrtctofY 2003. SMS. SUS. C1»« SOL Sew. SOL
Clusters. Ewhange 55. Eahange 2003. vn war*, vertas
backip i0*wir«. h court and M«n securty. Master
Recwery wivkm. RMO technologies. and FOrt̂ AN <*s*
KMlorU■__________________
MD
17123M546706
42319173004
Boca Raton. FL 33417
J06 Mjfin
IT/Sofcare Devolopmert
• 5 or more years espenence *wttig ‫מ‬ IT *nplemerAng and
sgppodngiglobalbusntss
> Pnor nponorxt r supportng a global WladM l ttftW and
Doma* tofrastoxture
Ê rttfC .ywlwD MV gnisoppus dna gnlnonftlpn■ )kimm ‫י‬
Metalrafne. SOL Server. SOL Cluster. DNS. DHCP. WHS. and
Etthange 2003 m an Enterprise ecMronmert
VKy strong systems towweshoolng sMs ‫י‬
Eipenence m prowfcng 24-hour support to a gktoai erterpnse ‫י‬
as part of an orvcal rotaton
• Edectwe interpersonal sloiswdhfieabrtor to be persuasae
• Otttf stalls Bulling Elect*■* Teams, Acton Onerted Peer
RtlaftonsMps, Customer Focus. Pnor% Setng, ProWwi
SoMng, and Business Acumen1 Bachelor***•* Degree or
equwalerteipenence

MCSE (2003) certtcafton a plus. Cdra Certtcafton a plus ‫י‬
facebookE
FIGURE 2.12: Gathering information through Job websites
Usually attackers look for the following information:
• Job requirements
• Employee's profile
• Hardware information
• Software information
Examples of job websites include:
Q http //www. monster.com
Q http //www.careerbu ilder.com
S http //www.dice.com
a-
‫׳‬
4-
‫׳‬
4-CCD //www.simplvhired.com
S http //www.indeed.com
Q http //www. usajobs.gov

C0UnCil
Module 02 Page 133
http://www.careerbu
http://www.dice.com
http://www.simplvhired.com
http://www.indeed.com
Countermeasures
Monitoring Target Using Alerts C EH
Examples of Alert ServicesAlerts are the content monitoring
services
that provide up-to-date information based
Monitoring Targets Using Alerts
“ Alerts are the content monitoring services that provide
automated up-to-date
information based on your preference, usually via email or
SMS. In order to get alerts, you
need to register on the website and you should submit either an
email or phone number to the
service. Attackers can gather this sensitive information from the
alert services and use it for
further processing of an attack.
I^jl Google Alerts
Source: http://www.google.com/alerts

Google Alerts is a content monitoring service that automatically
notifies users when new
content from news, web, blogs, video, and/or discussion groups
matches a set of search terms
selected by the user and stored by the Google Alerts service.
Google Alerts aids in monitoring a developing news story and
keeping current on a competitor
or industry.
C0UnCil
Module 02 Page 134
http://www.google.com/alerts
Ethical Hacking and Countermeasures Exam 312-50 Certified
Ethical Hacker
27 new results •j Security News
Co og i• Alert • Security New*
Tkta lu ilo n i bkokad HiMyc■.
New»
Sinae Ra a 11 a Land Dtaflli-Bteftla AjiadalantrCiiclg
N#Vf Yoric Time*
BEIRUT Lebanon — The hilling on Wednesday of President
Bashat al-Assads key

security aides ‫יזו‬ a brazen bombog attack close to Mr Assads
own residonce. called Trei
into question the ability of a government that depends on an
insular group of loyalists to
S t t «! ?ft tea t r
San Jose Mercury Mews
Turr.s out < Mas 3s easy as using a rug to scale a ra20r *ire
topped security fence at a small Utah
arport in the rroddie cf night slipping past security bearding an
idle empty S0-passeog?r SkyWest
Aifhnes and rewng up the engines. He Clashed the ...
?tpnts m th!? .
Kti-Stan fltASMiantr amMiia jmutma aost mi
Reuters
BEIRUT'AMMAN (Reuters) - Mystery surrounded the
whereabouts of Syr an President Basha* 31-
Assad cn Thursday a day after a oomoer killed and wounded his
security cnefs anc rebels closed
in on the centre of Damascus vowing to *liberate" the capital.
5 1 9 ?tpnts ?‫ח‬ ».h? >
ftista Sira Laamra Inrcr Cirflg
W a l Street Journal
BEIRUT—Syrian rebels pierced the innermost circle 01
President Bashar a -Assads w ii st^«!
regime wKh a bomb blast that kiled thiee high-lewl officials
and raised questions about a — <
the aMity of the courftry's security forces to sustain the
embattled government Syna
Alerts
@yahoo com

Manage your alertsCREA TE A LERT
Google
Search query Security News
Result type Everything
How often Once a day
How many: Only the best results
Your email
FIGURE 2.13: Google Alert services screenshot
Yahoo! Alerts is available at http://alerts.yahoo.com and Giga
Alert is available at
http://www.gigaalert.com: these are two more examples of alert
services.
Copyright © by EC-COlMCil
http://alerts.yahoo.com
http://www.gigaalert.com
Countermeasures
Footprinting Methodology CEH

WHOIS Footprinting
DNS Footprinting
Engineering
Networking Sites
Engines
Email Footprinting
So far, we have discussed the first step of footprinting
methodology, i.e., footprinting
via search engines. Now we will discuss website footprinting.
An organization's website is a
first place where you can get sensitive information such as
names and contact details of chief
persons in the company, upcoming project details, and so on.
This section covers the website

footprinting concept, mirroring websites, the tools used for
mirroring, and monitoring web
updates.
C0UnCil
Module 02 Page 136
Countermeasures
W ebsite F o o tp rin tin g C EH
Information obtained from target's website enables an attacker
to
build a detailed map of website's structure and architecture
Browsing the target website may provide:
- Software used and its version
t Operating system used
t: Sub-directories and parameters
t Filename, path, database field name, or query
- Scripting platform
Contact details and CMS details
Use Zaproxy, Burp Suite, Firebug, etc. to view
headers that provide:
w Connection status and content-type
~ Accept-Ranges
- Last-Modified information

t; X-Powered-By information
Web server in use and its version
W ebsite Footprinting
It is possible for an attacker to build a detailed map of a
website's structure and
architecture without IDS being triggered or without raising any
sys admin suspicions. It can be
accomplished either with the help of sophisticated footprinting
tools or just with the basic tools
that come along with the operating system, such as telnet and a
browser.
Using the Netcraft tool you can gather website information such
as IP address, registered name
and address of the domain owner, domain name, host of the site,
OS details, etc. But this tool
may not give all these details for every site. In such cases, you
should browse the target
website.
Browsing the target website will provide you with the following
information:
Q Software used and its version: You can find not only the
software in use but also the
version easily on the off-the-shelf software-based website.
Q Operating system used: Usually the operating system can also
be determined.
9 Sub-directories and parameters: You can reveal the sub-
directories and parameters by
making a note of all the URLs while browsing the target

website.
C0UnCil
Module 02 Page 137
Countermeasures
Filename, path, database field name, or query: You should
analyze anything after a
query that looks like a filename, path, database field name, or
query carefully to check
whether it offers opportunities for SQL injection.
,Scripting platform: With the help of the script filename
extensions such as .php, .asp ‫י‬-
.jsp, etc. you can easily determine the scripting platform that
the target website is using.
S Contact details and CMS details: The contact pages usually
offer details such as names,
phone numbers, email addresses, and locations of admin or
support people. You can
use these details to perform a social engineering attack.
CMS software allows URL rewriting in order to disguise the
script filename extensions.
In this case, you need to put little more effort to determine the
scripting platform.

Use Paros Proxy, Burp Suite, Firebug, etc. to view headers that
provide:
Q Connection status and content-type
Q Accept-ranges
© Last-Modified information
Q X-Powered-By information
© Web server in use and its version
Source: http://portswigger.net
The following is a screenshot of Burp Suite showing headers of
packets in the information pane:
FIGURE 2.14: Burp Suite showing headers of packets in the
information pane
C0UnCil
Module 02 Page 138
http://portswigger.net
Countermeasures
CEH
Urt1fw4 ilh iul lUtbM

W ebsite F o o tp rin tin g
(Cont’d)
Examining cookies may provide:
6 Software in use and its behavior
© Scripting platforms used
Examining HTM L source provides:
© Comments in the source code
9 Contact details of web developer or admin
© File system structure
9 Script type
W ebsite Footprinting (Cont’d)
Examine the HTML source code. Follow the comments that are
either created by the
CMS system or inserted manually. These comments may provide
clues to help you understand
what's running in the background. This may even provide
contact details of the web admin or
developer.
Observe all the links and image tags, in order to map the file
system structure. This allows you
to reveal the existence of hidden directories and files. Enter
fake data to determine how the
script works.

C0UnCil
Module 02 Page 139
Countermeasures
T T H
V1ew « ju 1< ew w w jn 1<rc•. ‫ץ‬
C ft © view sour‫״‬ , www.microsoft.com en-us/defaultaspx f t
A I21 < 'DOCTYPC hriwi PUBLIC •—//W3C//DTD XHTML
1*0 Trtnsicififltl//CNa
s <html dir‫"־‬ltr" lang“‫״‬en• xml: lar.g“*er.■
xmlns“‫״‬http://www.w3.org/1999/xhtml•
xmlns :b1~'urn:schemas-m1crosoft-com:mscom:b1 *>
« <headxt1tle>
Microsoft Corporation: Software, Smartphones, Online, Saxes,
Cloud
Computing, IT Business Technology, Downloads
0 </tltlexmeta http-equiv'X-UA-Cospatlble■ content•“IE-10*
/xmeta http-
equ1v”"C0ntent-Type” content~*text/html: charset“utf-8"
/xmeta http-
eq1‫״‬v*"X-UA-IE9-TextLaycutMetries* content”"snap-vert1cal*
/>

o ‫־‬ e n p t type‫"״‬text^avascr1pt*>
var QosInitTime ■ <new Date()) •getTime () ;
9 var QosLoadTim* • •‫;י‬
var QosPageUn • encodeURI (window, location);
var QosBaseSrc • window.location.protocol ♦
new)) + ‫•י‬oft.com/tran^_plxel.a3px?route*64DE^ctrl-
9C5A4tz‫צ‬e.micro//‫י‬
Date()) .getTimezoneOffset () / 60) ♦ •tcot-Stqos.un■• ♦
QosPagetJri;
document.write("clink rel”"3tylesheet■ type“*text/css• href•"' ♦
QosSuildUrl(•lnit‘) ♦ •"/>');
function QosBuildUn (n) (
14 var time » (new Date ()).getTuse () ;
var cd - window.cookieDisabled;
if (typeof cd “ *undefined*)
cd • 1; // Default to 1 (cookies disabled) if the wedcs script has
not set it yet
return QosBaseSrc ♦ *ted•' • cd ♦ •tqos.ti■' ♦ QosInitTme ♦
•4ts■' ♦
time + ,*qos.tl“• ♦ QosLoadTlme ♦ •iqos.n•1 ♦ n;t»l } v
FIGURE 2.15: Screenshot showing Microsoft script works
Examine cookies set by the server to determine the software
running and its behavior. You can
also identify the script in platforms by observing sessions and
other supporting cookies.
Cook* * ar*d site data X
Sit• Locally stored data Remove $0 SeercH toofc*et

0d«yM<u11(y.«Kn J (oobn A
100bcttbuy.com 2 coobes
N«mc _utmx
Content. 1928742&2.1342446822.1.1 utmcv a lOOmoney -
*jtmccn‫־‬
(r«ferr*l)futmcmd=refen*l|utmcct‫־‬ 'lendmg/moneyde•!•
>««■»*>
Dom#«n .100bettbuy.com y
P*h /
Send for Aity krnd of connection
Accrv.4>teto script Yet
Created Mondey. Ju»y 161 2012 &S3̂ 1 AM
Expires: Mondey. Jjnu.ry U. 2013 *5341 PM
Remove
www.tOObestbuy.com 1 cookie
www.100nests.com 1 cootoe
125rf.com }co«bet
www.l23d.com 2 cootaes. local storage
v
OK
FIGURE 2.16: Showing details about the software running in a
system by examining cookies
C0UnCil

Module 02 Page 140
http://www.w3.org/1999/xhtml%e2%80%a2
http://www.tOObestbuy.com
http://www.100nests.com
http://www.l23d.com
Countermeasures
M irro r in g E n tire W ebsite C E H
Mirrored Website
Original Website
1‫־‬ ‫ך‬
Mirroring an Entire W ebsite
Website mirroring is the process of creating an exact replica of
the original website.
This can be done with the help of web mirroring tools. These
tools allow you to download a
website to a local directory, recursively building all directories,
HTML, images, flash, videos and
other files from the server to your computer.
Website mirroring has the following benefits:

Q It is helpful for offline site browsing.
Website mirroring helps in creating a backup site for the
original one.
Q A website clone can be created.
Q Website mirroring is useful to test the site at the time of
website design and
development.
Q It is possible to distribute to multiple servers instead of using
only one server.
J Mirroring an entire website onto the local system enables an
attacker to dissect and identify
vulnerabilities; it also assists in finding directory structure and
other valuable information
without multiple requests to web server
J Web mirroring tools allow you to download a website to a
local directory, building recursively
all directories, HTML, images, flash, videos, and other files
from the server to your computer
C0UnCil
Module 02 Page 141
Countermeasures

Original Website Mirrored Website
FIGURE 2.17: JuggyBoy's Original and Mirrored website
C0l1nCil
Module 02 Page 142
Countermeasures
W ebsite M ir ro r in g Tools CEH
W ebsite Mirroring Tools
©
HTTrack Web Site Copier
Source: http://www.httrack.com
HTTrack is an offline browser utility. It allows you to download
a World Wide Web site from the
Internet to a local directory, building recursively all directories,
getting HTML, images, and
other files from the server to your computer. HTTrack arranges
the original site's relative link-
structure. Open a page of the "mirrored" website in your
browser, browse the site from link to
link, and you can view the site as if you were online. HTTrack
can also update an existing
mirrored site, and resume interrupted downloads.

C0UnCil
Module 02 Page 143
http://www.httrack.com
Countermeasures
(setyb 56101.2/2) ssergorp ni gnirorrim etiS[ ‫פ‬ ‫ד‬- [FR.wt1tt‫י‬
Wormetion
BvletMvwj 992*6 lr*u •canred 2/2
Tim• 221 FiMwKUn ‫ו‬
Tmnrfer rat• oe/> (5e9&/») 0
Act** comeacr* 2 6*0n 0
W Actons
File Preference* Mirrcx Log Window Help
S jy lo<«̂» Mi si. N
8) i. p I
B i ■
*Wffltwircom
" cont4»w«con <©
FIGURE 2.18: HTTrack Web Site Copier Screenshot
SurfOffline

Source: http://www.surfoffline.com
SurfOffline is a website download software. The software
allows you to download entire
websites and download web pages to your local hard drive.
After downloading the target
website, you can use SurfOffline as an offline browser and view
downloaded web pages in it. If
you prefer to view downloaded webpages in another browser,
you can use the Export Wizard.
SurfOffline's Export Wizard also allows you to copy
downloaded websites to other computers in
order to view them later and prepares websites for burning them
to a CD or DVD.
J SurfOffline Professional 2.1 Unregistered trial version. You
have 30 day(s) left I ** 1 ° 1 x
F.4e View Projects 8rowver HHp
iL £) Zi O Hi> O ^ OQjj $
JuggyboyQ uestion the Rules
+ +
O Promts
<5 New Project
1m Pfoywi Set Loaded byt« Sutus1: http:.‫'׳‬/www.j1»ggyt>... 0 0
Connoting
2: http7/wwŵ u9gyb— 0 0 Connoting
J: http--//www.;1>ggyb... 0 0 Connecting
* http, // www /uggyb. 0 0 Connecting
S: http://www.;u9g>-b... 0 0 Connecting v J
■ __________>*»*mg. 0 10*6*4 11 Queued S1 (1 <tem(*)
rem**1rKj) Downloading picture http‫־‬.//ww 1

FIGURE 2.19: SurfOffline screenshot
BlackWidow
Source: http://softbvtelabs.com
C0UnCil
Module 02 Page 144
http://www.surfoffline.com
http://www.;u9g%3e-b
http://softbvtelabs.com
BlackWidow is a website scanner for both experts and
beginners. It scans websites (it's a site
ripper). It can download an entire website or part of a website.
It will build a site structure first,
and then downloads. It allows you to choose what to download
from the website.
Ethical Hacking and Countermeasures Exam 312-50 Certified
Ethical Hacker
C0UnCil
Module 02 Page 145

Countermeasures
X l« W M 1» MaowACotporjBon Scftmn. V iw lcto n n O rtnr
G m v Claud Co‫״‬ cw tn j It t«trw«og>OomHôt ‫י‬ ‫״‬
^ »■ — [()»■ 0|V»» Q»>» 2J***'‫״‬ S ’**■
'fj l« « tn g liw 1a• m U h jh
Welcome to Microsoft
*o*ucta 00» « e *d1 S * o ^ » Support •wy
FIGURE 2.20: SurfOffline screenshot
Webripper
Source: http://www.calluna-software.com
WebRipper is an Internet scanner and downloader. It downloads
massive amount of images,
videos, audio, and executable documents from any website.
WebRipper uses spider-technology
to follow the links in all directions from the start-address. It
filters out the interesting files, and
adds them to the download-queue for downloading.
You can restrict downloaded items by file type, minimum file,
maximum file, and image size. All
the downloaded links can also be restricted by keywords to
avoid wasting your bandwidth.
Wrt>R»ppef 03 - Copyright (0 200S-2009 - StmsonSoft
0 SamsonSoft
Ne M> T00H *dp
F<xsy3Mm fiwemgW•• SucceeAiMee fM ta Seemed page•

F<*rdpagee Sotte.n
□ H ■!►Ixl ^|%| ®
WebRipper
The u ltim ate tool for wehsite ripping
Selected!*
^ Tarqolod [www !uqqyboy com)634782117892930200
Oowteed* | Sodtn | | Log
St«je ‫יצגמז‬
Reojetfng header “Cp W • ccrr, *petixTctr png
ReojeCng header ■Cp 1‫״‬wti pjyoy cot n. conrw.‫ימ‬ ‫ימ‬ f
Regjecng healer Ĉp WwfjgyK-y comvjxwwonShewe* e.
Reaietfrg header tip /»w« pgsftcy car. ltd
Re«je*rg header KJp/A‫״‬ww,jgg»boy ccmHee. arter>c*rtag»
001M8M4 0 12KES
FIGURE 2.21: Webripper screenshot
C0UnCil
Module 02 Page 146
http://www.calluna-software.com
Countermeasures
W ebsite M ir ro r in g Tools (EH
(Cont’d) Urt.fi•* | ttk.ul MmIm

PageNest
http ://ww w.pagenest. com
Website Ripper Copiero h‫ן‬ ttp ://w w w . tensons.com
Backstreet Browser
h ttp ://w w w . spadixbd. com
Teleport Pro
h ttp ://w w w . tenmax.com
,__ Offline Explorer Enterprise
http://www.metaproducts.com
GNU Wget
http ://w w w .gnu.org
Portable Offline Browser
h ttp ://w w w .metaproducts.com
Proxy Offline Browser
http://www.proxy-offline-browser.com
« Hooeey Webprint
I 2 A Z ‫־‬ J http://www.hooeeywebprint.com
iMiser
http://internetresearchtool.com
W ebsite Mirroring Tools (Cont’d)
In addition to the website mirroring tools mentioned previously,
a few more well-

known tools are mentioned as follows:
9 Webiste Ripper Copier available at http://www.tensons.com
£ Teleport Pro available at http://www.tenmax.com
© Portable Offline Browser available at
Q Proxy Offline Browser available at http://www.proxy-offline-
browser.com
Q iMiser available at http://internetresearchtool.com
© PageNest available at http://www.pagenest.com
0 Backstreet Browser available at http://www.spadixbd.com
© Offline Explorer Enterprise available at
9 GNU Wget available at http://www.gnu.org
Hooeey Webprint available at http://www.hooeeywebprint.com
COUIICil
Module 02 Page 147
http://www.pagenest
http://www
http://www
http://www

http://www.gnu.org
http://www.hooeeywebprint.com
http://www.tensons.com
http://www.tenmax.com
http://www.pagenest.com
http://www.spadixbd.com
http://www.gnu.org
http://www.hooeeywebprint.com
Countermeasures
Extract W ebsite Information fromE I
------- http:7/www. archive. org
Archive is an Internet Archive Wayback Machine that allows
you to visit archived versions of
websites. This allows you to gather information on a company's
web pages since their creation.
As the website www.archive.org keeps track of web pages from
the time of their inception, you
can retrieve even information that has been removed from the
target website.

C0UnCil
Module 02 Page 148
http://www.archive.org
Countermeasures
~ ‫כ‬ ~
ii
Go Waytoackl
rosottcon: ‫־‬ C '.) wayback.arch1vc.org »‫־־‬
J!" * http://microsoft.com! ‫י‬ ■‫י‬ ' 'n i
13 14 15 16
20 21 22 23
27‘ 28 29 30
10 11 12 1‫נ‬
20 19 19 17
27 »2 25 24
31
10 11 12

17 18 19
24 23 26
14 15 16
31 22 23
28 29 30
ft 7 t 9 10 11 12
13 14 15 ‫־‬5 17 18 19
26 25 24 23 22 21 20
51 •3 29 58 27
10 11 12 13 U 15 16
17 1• 1® 20 21 22 23
24 75 26 27 2• 29 30
3 7 8 9 1•
13 14 15 16 17
20 21 22 23 24
27 28
5 ft 7 8 < 10 11
12 13 14 15 16 17 18

19 20 21 ?2 2) )4 25
26 27 28 29 3«
1».h
9 10 11 12 13 14 15
16 17 18 19 JO <21 22
23 24 25 26 ‫׳‬7 28 29
30 31
MAY
1 2 3 4 5 6 7
• 9 10 111 12 13 14
15 16 17 18 19 20 21
22 23 24 26 26 27 28
29 30 31
FIGURE 2.22: Internet Archive Wayback Machine screenshot
C0UnCil
Module 02 Page 149
http://microsoft.com

Countermeasures
Monitoring Web Updates Using
Website Watcher
Website Watcher automatically checks web pages for updates
and changes
WebSite-Watcher 2012 <12_2> .cockmartcwsw. 28 days
available
[ 11* goot/narks £h«ck Took Jcnpt Qptions Jftew tJelp Byy
Now
change Statu* Last check
Warning: whole content _ 13:14
2012-07-18 1&2&22 CK. mibafccril RecSrect.on 2012-07-18
16:2*33
200®-10-07 1fclS27 CK 2008-10-07 15:4*30
20CS-10-C7 15744:4s CK. pfcp6B2 Plugin proc... 2008-10-07
15:44:49
a| ‫ם‬ j 4|[b1̂ rs
Sign In http:Vww1At.hotmail.com
fAcrosoft Corporation: Software ... http://www.miuoicft com
WebS4e-Watcher - Download http-7/www a^ne com'dowmloa—
WebSrte-Watcher - Support Forum
http:/‫«'׳‬wrw.a1gne1.com'fo»v»n'11-
e . S l a y I nWebSite- Watche
Hchpp r p j j u w Scfp^rwhot*; VWo< EowpIo.kI■, Buy Now
Siionort

D ow nload W rb S ite -W a lc tw r
W ebSite Wrtt< h e r 4.4? 21-hit• 00‫•ג‬
ID ow loai | (4.3 MS) Im w cl (O MB)
»f̂ *«̂ r»*T4/2000̂00yXPA‫•«׳‬
V»fc1an H.rfcyy
If yo*J insta■ • «*‫»*׳‬or. 40 ‫״‬ot unanata■ your •ju sting copy oI
WebS«*-W*tch«r - just install 0
Page T«t Analysw
http://aignes.com
Copyright © by EG-Gllincil. All Rights Reserved. Reproduction
Monitoring Web Updates Using W ebsite Watcher
Source: http://www.aignes.com
Website Watcher is used to keep track of websites for updates
and automatic changes. When
an update or change occurs, Website Watcher automatically
detects and saves the last two
versions onto your disk, and highlights changes in the text. It is
a useful tool for monitoring sites
to gain competitive advantage.
Benefits:
Frequent manual checking of updates is not required. Website
Watcher can automatically
detect and notify users of updates:

Q It allows you to know what your competitors are doing by
scanning your competitors‫׳‬
websites
© The site can keep track of new software versions or driver
updates
© It stores images of the modified websites to a disk
C0l1nCil
Module 02 Page 150
http://www.miuoicft
http://aignes.com
http://www.aignes.com
Countermeasures
FIGURE 2.23: Website watcher monitoring web updates
C0UnCil
Module 02 Page 151

Countermeasures
Footprinting Methodology CEH
WHOIS Footprinting
DNS Footprinting
Engineering
Networking Sites
Engines
Email Footprinting
So far we have discussed Footprinting through search engines
and website footprinting,
the two initial phases of footprinting methodology. Now we will

discuss email footprinting.
WHOIS Footprinting
DNS Footprinting
Engineering
Networking Sites
This section describes how to track email communications, how
to collect information from
email headers, and email tracking tools.
C0UnCil
Module 02 Page 152
Countermeasures
Tracking Email Communications c(•ttifwtf 1 Ellt»K4l Nmhat
J Attacker tracks email to gather information about the physical
location of an
individual to perform social engineering that in turn may help in
mapping

target organization's network
J Email tracking is a method to monitor and spy on the
delivered emails to the
intended recipient
When the email was
received and read
GPS location and
map of the recipient
Time spent on reading
the emails
it
to them
Set messages to
expire after a specified time
Track PDF and other types
of attachments
Whether or
not the recipient
visited any links sent
Tracking Email Com munications
Email tracking is a method that helps you to monitor as well as
to track the emails of a

particular user. This kind of tracking is possible through
digitally time stamped records to reveal
the time and date a particular email was received or opened by
the target. A lot of email
tracking tools are readily available in the market, using which
you can collect information such
as IP addresses, mail servers, and service provider from which
the mail was sent. Attackers can
use this information to build the hacking strategy. Examples of
email tracking tools include:
eMailTrackerPro and Paraben E-mail Examiner.
By using email tracking tools you can gather the following
information about the victim:
Geolocation: Estimates and displays the location of the
recipient on the map and may
even calculate distance from your location.
Read duration: The duration of time spent by the recipient on
reading the mail sent by -‫׳‬
the sender.
.Proxy detection: Provides information about the type of server
used by the recipient -‫׳‬
Q Links: Allows you to check whether the links sent to the
recipient through email have
been checked or not.
C0UnCil
Module 02 Page 153

Countermeasures
' ' Operating system: This reveals information about the type of
operating system used by
the recipient. The attacker can use this information to launch an
attack by finding
loopholes in that particular operating system.
Q Forward email: Whether or not the email sent to you is
forwarded to another person
can be determined easily by using this tool.
C0UnCil
Module 02 Page 154
Countermeasures
CEHC ollecting Information from Email Header
designates 10.224.205.137 as permitted‫־‬
fcm; dkim=pass
The address from which
the message was sent

number assigned
.google.com to
itify theme:
Date and time received
by the originator's
email servers
Delivored-To: - _ 0gmc1il.com
Received: by 10.112.39.167 with SMTP id q7cj
Fri, 1 Jun 2012 21:24:01 - O T O O i f ^
Return-Path: < ‫•*״‬ - [email protected]>
Received-SPF: pass (google.com: domain of
sender) client‫־‬ip=10.224.205.1 377
Authentication-Results: |m^goog^^^om^
10.224.205.137 as p e r m i ^ ? ? ^
header. i«;_ •»«-*.. * [email protected]
Received: frommr.google.com ([10.224.205.137])
!hY wir.h SMTP Iri fr»^..n^8570qab.39.131
I Fri, 01 Jun 2Q12 21;24:QQ -0700 (PDT)I —
Sender's mail serverrrwl
SmtpTml^H
ect:from:to
75MxDR8‫־‬t2‫־‬P!
Authentication system
used by sender's

mail server
d=gma11.com; 3=20120113;
h-mime-version:in-reply-to:
:content-type;
bh=TGEIPb4ti7gfQG+ghh70kPj kx+Tt/iAClfl
b‫־‬KyuZLTLfg2-»-QZX;cZKexlNnvRcnD/ + P4+Nkl
A unique
l.com> j b m
bl PK3p J3Uf/CsaB7.Wr>TTOXI‫״‬aKOAGrP3BOt
92MCZFxeUUQ9uwL/xHAI‫״‬SnkoUTF.F.*»KGqOC
0a9hD59D30Xl8KAC7ZmkblGzXmV4DlWf
fCL894RaMBOU1*MzRwOWWIib95al I38cqt If P
ZhrWFKh5xSnZXsE73xZPEYzp7yeeCeQuYHZNGslKxc07xQje
Zuw+HWK/vR6xChDJapZ4
K5ZAfYZmkIkFX+VdLZqu7YGFzy60HcuP16y3/C2fXHVd3uY
<‫״‬nMT/yecvhCV080y7FKt6
/Kzw-■
MIME-Veraion: 1.0
Received; by 10.224.205.137 with SMTP id fq9;
Fri, 01 Jun 2012 21:24:00 -0700 (PDT)
Received: by 10.229.230.79 with HTTP; Fri
In-Reply-To: <CAOYWATTlzdDXE308D2rhiE4Ber
Referaaa
Date
1040318;
nO’-EMJcgfgX+mUf jB tt2sy2dXA0mail. gmail .com>
1LUTIONS : : :

■erma6gmail.com> ‫ץ‬
r0yahoo.com>Sender's full name
»f aranrai • ( f anYMftTT 1 rrinytr Infi n? rh i F df ■
ubj ‫;——ן‬o ‫ן‬
I . com.
> LUTIONS( ‫־‬
C ollecting Information from Email Headers
An email header is the information that travels with every
email. It contains the
details of the sender, routing information, date, subject, and
recipient. The process of viewing
the email header varies with different mail programs.
Commonly used email programs:
© SmarterMail Webmail
© Outlook Express 4-6
e Outlook 2000-2003
e Outlook 2007
© Eudora 4.3/5.0
© Entourage
© Netscape Messenger 4.7

© MacMail
The following is a screenshot of a sample email header.
C0UnCil
Module 02 Page 155
mailto:[email protected]
Countermeasures
Delivered-To: 8 .-»-»» ■«» !»«‫׳‬gmail.com
Received: by 10.112. 39". 167 with SMTP id q7csp4894121bk;
Fri, 1 Jun 2012 21:24:01 -0700 (PDT)
Return-Path: < »•-— [email protected]>
Received-SPF: pass (google.com: domain of ■ 1enna0gmail.com
designates 10.224.205.137 as permitted
sender) client-ip=10. 2 2
Authentication-Results: pnr7googl^^om»J 3pf-pa33
(google.com: domain of erma8gmail.com designates
10.224.205.137 as permitted senaerj smtp.mail3 -
ssap=mikd ;moc.liamggamr‫׳־־‬
header. i=; ?rma8gmail.com
Received: frommr.google.com ([10.224.205.137])
hv in.??<!■?05-137 win, s m t p in ^,0^<;78»;70^-
;(1 = spohmun) ‫ר‬771)4‫<>ר‬.‫ו)וו*«ררו‬

|Fn, 01 Jun 2012 21:24:00 -0700 (PDT)!
DKIM-Signature: v=l/l^^rsa-sha^^o/J c=relaxed/relaxed;
d=gma i 1. com; ? 01 2011
h=mime-version:in-reply-to:references:date:message-
id:subject:from:to
:content-type;
bh=TGEIPb4ti7gfQG+ghh70kPjkx4Tt/iAClPPyWmNgYHc=;
b‫־‬KguZLTLfg2+QZXzZKexlNnvRcnD/+P4+Nk5NKSPtG7uHX
Dsfv/hGH46e2P+75MxDR8
blPK3eJ3Uf/CsaBZWDITOXLaKOAGrP3BOt92MCZFxeUUQ9u
wL/xHALSnkeUIEEeKGqOC
oa9hD59D3oXI8KAC7ZmkblGzXmV4DlWffCL894RaMB0UoM
zRw0WWIib95alI38cqtlfP
ZhrWFKh5xSnZXsE73xZPEYzp7yecCeQuYHZNGslKxc07xQje
Zuw+HWK/vR6xChDJapZ4
K5 ZAf YZmkI kFX4‫־‬VdLZqu7YGFzy60HcuPl6yS/C2
fXHVdsuYamMT/yecvhCVo80g7FKt 6
/Kzw-
MIME-Version: 1.0
Received: by 10.224.205.137 with SMTP id
fq9mr6704586qab.39.1338611040318;
Fri, 01 Jun 2012 21:24:00 -0700 (PDT)
Received: by 10.229.230.79 with HTTP; Fri, 1 Jun 2012
21:23:59 -0700 (PDT)
In-Reply-To: <[email protected[•com>
Referoflfiga^^£^2iiJ^2Xlidfi2£ia2fiiiJi^4^er2MtVOuhro6r+7Mu
7c8ubp8Eg0mail. gmail. com>
Date:|Sat, 7 Jun 201? 09:53:59 40530 1
Message-it: <(!:AMivoX'fl!1cf£1‫־‬n£'w!iW<i5zihNnO-
EMJcgfgX+mUfjB_tt2sy2dXA0mail.gmail.com>
S u b j e j ^ ^ i i ‫״‬ _ _ _ji*,_0LUTI0NS :::
From:| ■ ■ ~ Mirza|< ‫״‬- • -ermapgmail.com>

To: iftsamaii.com,
• 1LUTI0NS < • • -* - - mg8snoit• ‫־‬ail.com>, — ... ■ ■ e
,<aAk_er8yahoo.com■‫׳‬ tm> ‫־‬1
FIGURE 2.24: Email header screenshot
This email header contains the following information:
e Sender's mail server
e Data and time received by the originator's email servers
e Authentication system used by sender's mail server
e Data and time of message sent
e A unique number assigned by mr.google.com to identify the
message
e Sender's full name
e Senders IP address
e The address from which the message was sent
The attacker can trace and collect all of this information by
performing a detailed analysis of the
complete email header.
C0UnCil
Module 02 Page 156
Countermeasures

They need either one Manually easy or Hard1. Go to dnschecker..docx

They need either one Manually easy or Hard1. Go to dnschecker..docx

Recommended

Recommended

More Related Content

Similar to They need either one Manually easy or Hard1. Go to dnschecker..docx

Similar to They need either one Manually easy or Hard1. Go to dnschecker..docx (20)

More from randymartin91030

More from randymartin91030 (20)

Recently uploaded

Recently uploaded (20)

They need either one Manually easy or Hard1. Go to dnschecker..docx