02 - FootPrinting

MODULE 2
Footprinting and Reconnaissance

Security news
Khoa CNTT – ĐH Nông Lâm TP. HCM 2015 2/91

Module Objectives

Footprinting Terminology

What is footprinting

Defining Footprinting
 Footprinting is the blueprinting of the security profile
of an organization, undertaken in a methodological
manner.
 Footprinting is one of the three pre-attack phases. The
others are scanning and enumeration.
 Footprinting results in a unique organization profile
with respect to networks (Internet / Intranet /
Extranet / Wireless) and systems involved.
 An attacker will spend 90% of the time in profiling an
organization and another 10% in launching the attack

Why footprinting

Objectives of footprinting

Footprinting Threats

Type of Threats
 Social engineering: Without using and the intrusion
methods, hacker directly and indirectly collect
information through the persuasion and various other
means.
 System and network attacks: Footprinting helps an
attacker to perform system and network attacks.
Through footprinting, attackers can gather information
related to the target organization's system configuration,
operating system running on the machine, and so on.
Using this information, attackers can find the
vulnerabilities present in the target system and then can
exploit those vulnerabilities. Thus, attackers can take
control over a target system. Similarly, attackers can
also take control over the entire network
Type of Threats
 Information leakage: Information leakage can be a
great threat to any organization and is often
overlooked. If sensitive organizational information falls
into the hands of attackers, then they can build an
attack plan based on the information, or use it for
monetary benefits.
 Privacy Loss: With the help of footprinting, hackers
are able to access the systems and networks of the
company and even escalate the privileges up to admin
levels. Whatever privacy was maintained by the
company is completely lost

Type of Threats
 Corporate Espionage: Corporate espionage is one
of the major threats to companies as competitors can
spy and attempt to steal sensitive data through
footprinting. Due to this type of espionage,
competitors are able to launch similar products in the
market, affecting the market position of a company
 Business Loss: Footprinting has a major effect on
businesses such as online businesses and other
ecommerce websites, banking and financial related
businesses, etc. Billions of dollars are lost every year
due to malicious attacks by hackers.

Footprinting Methodology
 The footprinting methodology is a procedural way of
collecting information about a target organization
from all available sources. It deals w ith gathering
inform ation about a target organization, determ ining
URL, location, establishment details, num ber of
employees, the specific range of domain names, and
contact inform ation. This inform ation can be
gathered from various sources such as search
engines, Whois databases, etc.
 Search engines are the main inform ation sources
where you can find valuable inform ation about your
target organization

Footprinting Methodology
 Footprinting through Search Engines
 Footprinting through Job Sites
 Email footprinting
 Footprinting using Google
 WHOIS Footprinting
 DNS Footprinting
 Network footprinting
 Footprinting through Social Engineering
 Footprinting Countermeasures
 Footprinting Penetration Testing

Footprinting through Search Engines
 Attackers use search engines to e xtract information
about a target such as technology platforms,
employee details, login pages, intranet portals, etc.
which helps in performing social engineering and
other types of advanced system attacks
 Search engine cache may provide sensitive
information that has been removed from the World
Wide Web (WWW)

Footprinting through Search Engines

Finding company’ external and internal URLs

Public and Restricted Websites

Public and Private Websites

earth.google.com

GoogleEarth

GoogleEarth Showing Pentagon

earth.google.com

Google Maps showing a Street View

People Search

People Search Website

Satellite Picture of a Residence

People Search Online Services

People Search on Social Networking Services
 Facebook:
 Linkedln
 Twitter
 Google+

Footprinting through Job Sites

Footprinting through Job Sites
 Usually attackers look for the following information:
 Job requirements
 Employee's profile
 Hardware information
 Software information

Website Footprinting

Website Footprinting

Mirroring Entire Website

Mirroring an Entire Website
 Website mirroring is the process of creating an exact
replica of the original website. This can be done with the
help of web mirroring tools. These tools allow you to
download a website to a local directory, recursively
building all directories, HTML, images, flash, videos
and other files from the server to your computer.
 Website mirroring has the following benefits:
 It is helpful for offline site browsing.
 Website mirroring helps in creating a backup site for the
original one.
 A website clone can be created.
 Website mirroring is useful to test the site at the time of
website design and development.
 It is possible to distribute to multiple servers instead of using
only one server.
Website Mirroring Tools

Monitoring Web Updates Using
Website Watcher
http://www.aignes.com/

How to Setup a Fake Website?

How to Setup a Fake Website?

Website Stealing Tool: Reamweaver
 Reamweaver has everything you need to
instantly “steal" anyone's website, copying
the real-time "look and feel" but letting
you change any words, images, etc. that
you choose
 When a visitor visits a page on your
stolen (mirrored) website, Reamweaver
gets the page from the target domain,
changes the words as you specify, and
stores the result (along with images, etc.)
in the fake website
 With this tool your fake website will
always look current, Reamweaver
automatically updates the fake mirror
when the content changes in the original
website
 Download: http://www.eccouncil.org/
cehtools/reamweaver.zip
Email footprinting
 Attacker tracks email to gather information about the physical
location of an individual to perform social engineering that in
turn may help in mapping target organization's network
 Email tracking is a method to monitor and spy on the delivered
emails to the intended recipient

Tracking Email Communications
 By using email tracking tools you can gather the following
information about the victim:
 Geolocation: Estimates and displays the location of the recipient
on the map and may even calculate distance from your location.
 Read duration: The duration of time spent by the recipient on
reading the mail sent by the sender.
 Proxy detection: Provides information about the type of server
used by the recipient.
 Links: Allows you to check whether the links sent to the recipient
through email have been checked or not.
 Operating system: This reveals information about the type of
operating system used by the recipient. The attacker can use this
information to launch an attack by finding loopholes in that
particular operating system.
 Forward email: Whether or not the email sent to you is forwarded
to another person can be determined easily by using this tool.
Email Header
 Email header contains the following information:
 Sender's mail server
 Data and time received by the originator's email
servers
 Authentication system used by sender's mail server
 Data and time of message sent
 A unique number assigned by mr.google.com to
identify the message
 Sender's full name
 Senders IP address
 The address from which the message was sent

Email Header

Tool: eMailTrackerPro
eMailTrackerPro is the e-mail analysis

tool that enables analysis of an e-mail
and its headers automatically and
provides graphical results

Tool: Free Email Tracker

Footprinting using Google
 Though Google is a search engine, the process of
footprinting using Google is not similar to the process of
footprinting through search engines. Footprinting using
Google deals with gathering information by Google
hacking. Google hacking is a hacking technique to locate
specific strings of text within search results using an
advanced operator in Google search engine. Google will
filter for excessive use of advanced search operators and
will drop the requests with the help of an Intrusion
Prevention System

Google Hacking Techniques

Some of the popular Google operators
 Site: The .Site operator in Google helps to find only pages that belong
to a specific URL.
 allinurl: This operator finds the required pages or websites by
restricting the results containing all query terms.
 Inurl: This will restrict the results to only websites or pages that
contain the query terms that you have specified in the URL of the
website.
 allintitle: It restricts results to only web pages that contain all the
query terms that you have specified.
 intitle: It restricts results to only the web pages that contain the
query term that you have specified. It will show only websites that
mention the query term that you have used.
 Inanchor: It restricts results to pages containing the query term that
you have specified in the anchor text on links to the page.
 Allinanchor: It restricts results to pages containing all query terms
you specify in the anchor text on links to the page.
What Can a Hacker Do with Google Hacking?

Google Advance Search Operators

Google Hacking Tools

WHOIS Footprinting

Whois Lookup
 With whois lookup, you can get personal and contact
information
 For example, www.samspade.com

Whois
Registrant:
targetcompany (targetcompany-DOM)
# Street Address
City, Province
State, Pin, Country
Domain Name: targetcompany.COM
Administrative Contact:
Surname, Name (SNIDNo-ORG) targetcompany@domain.com
targetcompany (targetcompany-DOM) # Street Address
City, Province, State, Pin, Country
Telephone: XXXXX Fax XXXXX
Technical Contact:
Surname, Name (SNIDNo-ORG) targetcompany@domain.com
targetcompany (targetcompany-DOM) # Street Address
City, Province, State, Pin, Country
Telephone: XXXXX Fax XXXXX
Domain servers in listed order:

NS1.WEBHOST.COM XXX.XXX.XXX.XXX
NS2.WEBHOST.COM XXX.XXX.XXX.XXX

Online Whois Tools

Tool: SmartWhois
SmartWhois is a useful network information
utility that allows you to find out all available
information about an IP address, host name, or
domain, including country, state or province, city,
name of the network provider, administrator and
technical support contact information
Unlike standard Whois utilities,

SmartWhois can find the
information about a computer
located in any part of the world,
intelligently querying the right
database and delivering all the
related records within a few
seconds.

WHOIS Lookup Online Tools
 SmartWhois available at http://smartwhois.com
 Better Whois available at http://www.betterwhois.com
 Whois Source available at http://www.whois.se
 Web Wiz available at http://www.webwiz.co.uk/domain-
tools/whois-lookup.htm
 Network-Tools.com available at http://network-tools.com
 Whois available at http://tools.whois.net
 DNSstuff available at http://www.dnsstuff.com
 Network Solutions Whois available at
http://www.networksolutions.com
 WebTooIHub available at
http://www.webtoolhub.com/tn561381-whois-lookup.aspx
 Ultra Tools available at https://www.ultratools.com/whois/home

DNS Footprinting

Extracting DNS Information
 Source: http://www.dnsqueries.com

DNS Interrogation Tools
 A few more well-known DNS interrogation tools are
listed as follows:
 DIG available at http://www.kloth.net
 myDNSTools available at http://www.mvdnstools.info
 Professional Toolset available at
http://www.dnsstuff.com
 DNS Records available at http://network-tools.com
 DNSData View available athttp://www.nirsoft.net
 DNSWatch available at http://www.dnswatch.info
 DomainTools Pro available at
http://www.domaintools.com
 DNS available at http://e-dns.org
 DNS Lookup Tool available at http://www.webwiz.co.uk
 DNS Query Utility available at http://www.webmaster-
toolkit.comKhoa CNTT – ĐH Nông Lâm TP. HCM 2015 61/91
Nslookup
 Nslookup is a program to query Internet domain name
servers. Displays information that can be used to
diagnose Domain Name System (DNS) infrastructure.
 Helps find additional IP addresses if authoritative DNS
is known from whois.
 MX record reveals the IP of the mail server.
 Both Unix and Windows come with a Nslookup client.
 Third party clients are also available – E.g. Sam Spade

NSLookup options
Switch Function
nslookup Launches the nslookup program.
host name Returns the IP address for the specified host
name.
NAME Displays information about the host/domain
NAME using default server
NAME1 NAME2 As above, but uses NAME2 as server
help or? Displays information about common
commands
set OPTION Sets an option
domain=NAME Sets default domain name to NAME.
root =NAME Sets root server to NAME.
retry=X Sets number of retries to X.
timeout=X Sets initial timeout interval to X seconds.
type=X
Types of DNS Records

Network footprinting

Determine the Operating System

Determine the Operating System

Traceroute
 Traceroute works by exploiting a feature of the Internet
Protocol called TTL, or Time To Live.
 Traceroute reveals the path IP packets travel between two
systems by sending out consecutive UDP packets with ever-
increasing TTLs .
 As each router processes a IP packet, it decrements the TTL.
When the TTL reaches zero, it sends back a "TTL exceeded"
message (using ICMP) to the originator.
 Routers with DNS entries reveal the name of routers, network
affiliation and geographic location.

Traceroute

Traceroute Analysis

Traceroute Tools

Tool: NeoTrace (Now McAfee Visual Trace)
NeoTrace shows the

traceroute output
visually – map view,
node view and IP view

Tool: VisualRoute Trace http://www.visualroute.com

Tool: Path Analyzer Pro - http://vostrom.com

Path Analyzer Pro Screenshot
http://www.pathanalyzer.com/



Footprinting through Social Engineering

Footprinting through Social Engineering

Collect Information through Social
Engineering on Social Networking Sites

Footprinting Tool: Maltego

Footprinting Tool: Domain Name Analyzer Pro
http://www.domainpunch.com

Footprinting Tool: Domain Name Analyzer Pro
 Domain Name Analyzer Professional is Windows
software for finding, managing, and maintaining
multiple domain names. It supports the display of
additional data (expiry and creation dates, name
server information), tagging domains, secondary
whois lookups

Footprinting Tool: Web Data Extractor

Additional Footprinting Tools
 Whois
 Nslookup
 ARIN
 Neo Trace
 VisualRoute Trace
 SmartWhois
 eMailTrackerPro
 Website watcher
 Google Earth
 GEO Spider
 HTTrack Web Copier
 E-mail Spider
Footprinting Countermeasures

Footprinting Countermeasures

Footprinting Penetration Testing
 Footprinting pen test is used to determine organization's publicly available
information on the Internet such as network architecture, operating systems,
applications, and users
 The tester attempts to gather as much information as possible about the target
organization from the Internet and other publicly accessible sources




02 - FootPrinting

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

02 - FootPrinting

Uploaded by

Copyright:

Available Formats

MODULE 2

Footprinting and Reconnaissance

Khoa CNTT – ĐH Nông Lâm TP. HCM 2015 2/91

Khoa CNTT – ĐH Nông Lâm TP. HCM 2015 3/91

Khoa CNTT – ĐH Nông Lâm TP. HCM 2015 4/91

Khoa CNTT – ĐH Nông Lâm TP. HCM 2015 5/91

Khoa CNTT – ĐH Nông Lâm TP. HCM 2015 6/91

Khoa CNTT – ĐH Nông Lâm TP. HCM 2015 7/91

Khoa CNTT – ĐH Nông Lâm TP. HCM 2015 8/91

Khoa CNTT – ĐH Nông Lâm TP. HCM 2015 9/91

Khoa CNTT – ĐH Nông Lâm TP. HCM 2015 11/91

Khoa CNTT – ĐH Nông Lâm TP. HCM 2015 12/91

Khoa CNTT – ĐH Nông Lâm TP. HCM 2015 13/91

Khoa CNTT – ĐH Nông Lâm TP. HCM 2015 14/91

Khoa CNTT – ĐH Nông Lâm TP. HCM 2015 15/91

Khoa CNTT – ĐH Nông Lâm TP. HCM 2015 16/91

Khoa CNTT – ĐH Nông Lâm TP. HCM 2015 17/91

Khoa CNTT – ĐH Nông Lâm TP. HCM 2015 18/91

Khoa CNTT – ĐH Nông Lâm TP. HCM 2015 19/91

Khoa CNTT – ĐH Nông Lâm TP. HCM 2015 20/91

Khoa CNTT – ĐH Nông Lâm TP. HCM 2015 21/91

Khoa CNTT – ĐH Nông Lâm TP. HCM 2015 22/91

Khoa CNTT – ĐH Nông Lâm TP. HCM 2015 23/91

Khoa CNTT – ĐH Nông Lâm TP. HCM 2015 24/91

Khoa CNTT – ĐH Nông Lâm TP. HCM 2015 25/91

Khoa CNTT – ĐH Nông Lâm TP. HCM 2015 26/91

Khoa CNTT – ĐH Nông Lâm TP. HCM 2015 27/91

Khoa CNTT – ĐH Nông Lâm TP. HCM 2015 28/91

Khoa CNTT – ĐH Nông Lâm TP. HCM 2015 29/91

Khoa CNTT – ĐH Nông Lâm TP. HCM 2015 30/91

Khoa CNTT – ĐH Nông Lâm TP. HCM 2015 31/91

Khoa CNTT – ĐH Nông Lâm TP. HCM 2015 32/91

Khoa CNTT – ĐH Nông Lâm TP. HCM 2015 33/91

Khoa CNTT – ĐH Nông Lâm TP. HCM 2015 34/91

Khoa CNTT – ĐH Nông Lâm TP. HCM 2015 36/91

Khoa CNTT – ĐH Nông Lâm TP. HCM 2015 37/91

Khoa CNTT – ĐH Nông Lâm TP. HCM 2015 38/91

Khoa CNTT – ĐH Nông Lâm TP. HCM 2015 39/91

Khoa CNTT – ĐH Nông Lâm TP. HCM 2015 41/91

Khoa CNTT – ĐH Nông Lâm TP. HCM 2015 43/91

Khoa CNTT – ĐH Nông Lâm TP. HCM 2015 44/91

eMailTrackerPro is the e-mail analysis

Khoa CNTT – ĐH Nông Lâm TP. HCM 2015 45/91

Khoa CNTT – ĐH Nông Lâm TP. HCM 2015 46/91

Khoa CNTT – ĐH Nông Lâm TP. HCM 2015 47/91

Khoa CNTT – ĐH Nông Lâm TP. HCM 2015 48/91

Khoa CNTT – ĐH Nông Lâm TP. HCM 2015 50/91

Khoa CNTT – ĐH Nông Lâm TP. HCM 2015 51/91

Khoa CNTT – ĐH Nông Lâm TP. HCM 2015 52/91

Khoa CNTT – ĐH Nông Lâm TP. HCM 2015 53/91

Khoa CNTT – ĐH Nông Lâm TP. HCM 2015 54/91

Domain servers in listed order:

Khoa CNTT – ĐH Nông Lâm TP. HCM 2015 55/91

Khoa CNTT – ĐH Nông Lâm TP. HCM 2015 56/91

Unlike standard Whois utilities,

Khoa CNTT – ĐH Nông Lâm TP. HCM 2015 57/91

Khoa CNTT – ĐH Nông Lâm TP. HCM 2015 58/91

Khoa CNTT – ĐH Nông Lâm TP. HCM 2015 59/91

Khoa CNTT – ĐH Nông Lâm TP. HCM 2015 60/91

Khoa CNTT – ĐH Nông Lâm TP. HCM 2015 62/91

Khoa CNTT – ĐH Nông Lâm TP. HCM 2015 64/91

Khoa CNTT – ĐH Nông Lâm TP. HCM 2015 65/91

Khoa CNTT – ĐH Nông Lâm TP. HCM 2015 66/91