Ethical Hacking Module 2: Footprinting and Reconnaissance

Footprinting and Reconnaissance is another interesting topic that comes under the heading of ethical hacking module 2.

Module Flow of Ethical Hacking module 2

This module can be described as the structure that starts with Footprinting concepts and then Footprinting threats are also described. After analyzing its threats, the methodologies of Footprinting are also significant that should be considered in a detailed manner.

The module 2 of ethical hacking course has also focused on:

  • Footprinting tools
  • Footprinting counter measures
  • Footprinting penetration testing

Footprinting and Reconnaissance

With the passage of time, the significance of Footprinting and Reconnaissance is increasing; therefore both these concepts should be understood separately.

What is Footprinting?

As far as the definition of Footprinting is concerned, this is a process in which six types of information gathering is performed.

Passive information gathering: The information is collected regarding target network by means of using accessible public networks.

Active information gathering: Collect information about a target through social engineering
Anonymous Footprinting: Information is attained from confidential sources in which the author of information is hidden or unidentified

Pseudonymous Footprinting: Collect information that might be published under a different name in an attempt to preserve privacy

Organizational or confidential Footprinting: Gather information with the help of using organizations’ email addresses and web based calendars

Internet Footprinting: The internet is another source of attaining information about a target

According to the concepts of Footprinting, it could be explained as the phenomenon of finding or examining information regarding target network as much as possible. The first and foremost purpose of gathering information is to use this information for the purpose of entering in an organization’s network system.

The various above mentioned types of Footprinting do perform the task of collecting information as much as possible through the help of applying various attributes and processes.

Process of Footprinting

There are four (4) Process Involved in Footprinting a Target:

Process of Footprinting

  • Collect Basic Information
  • Determine Operating System (OS)
  • Perform Techniques
  • Find Vulnerabilities

First of all basic information is collected about a target network and then the operating system, which is used is identified. At the same time, web servers and platforms are also analyzed during this process. There are various types of other techniques or approaches applied such as organizational queries, Whois DNS, and network queries. The other stage comes into play when risks or weaknesses are identified in order to take benefits in the form of launching attacks towards target network.

Methods used in Footprinting

There are different kinds of ways applied for the purpose of performing the task of Footprinting in a right manner.

Footprinting can be done through the help of search engines, websites, Whois, emails, networks, social engineering and so on. Footprinting could also be performed by means of social networking websites. Google can also be used in order to conduct the process of Footprinting in the desired way.

Monitoring target through Alerts

Footprinting Through Google Alert

As far as the significance of alerts services is concerned, this is the phenomenon in which content is examined or evaluated and users are informed by means of SMS or emails.

Examples of Alerts Websites:

https://www.google.com/alerts
http://www.gigaalert.com

Website Footprinting

During this process, target websites are focused in order to attain information so that attackers could plan website’s structure and architecture. After analyzing the websites attackers might get information and awareness about software and at the same time operating system and sub directories of websites can be identified as well. The website’s HTML sources and cookies could also provide valuable information to the attackers.

Website’s Analysis and Mirroring Tools

Mirror Website

There are different kinds of websites analysis tools through which attackers can identify or explore the vulnerabilities and directory structure.

Website Mirroring Tools

These tools can be assumed in the form of website ripper copier, page nest, teleport pro, backstreet browser, and portable offline browser.

This aspect should be taken into consideration that website information could be easily explored through www.archive.org.

Email Footprinting

Tracking Emails

In this concern, emails can be used in order to find the physical location of an individual so that social engineering activity could be performed. In this way, the mapping of target’s organization network should be done to a considerable level.

Collecting Information from Email Header

Email Footprinting Tools

There could be information attained by means of using email header and email tracking tools shall be applied for the purpose of attaining desired information. Email lookup is one of the most used tool in order to find required data. Email trackerpro, politemail, read notify, pointofmail, didtheyreadit, trace email, and whoread are also considered as email tracking tools.

Email Tracking Tools

Competitive Intelligence Gathering

This is another process through which information about the competitors could be identified, examined, and verified through the help of internet.

Sources of Competitive Intelligence

There are different kinds of sources of competitive intelligence such as:

  • employment ads
  • social engineering employees
  • press releases
  • annual reports
  • newspapers
  • trade journals
  • patents and trademarks
  • products catalogues

Footprinting Through Google hacking methods

Footprinting Through Google Hacking Techniques

Google hacking are used in order to develop search queries that could be further utilized to explore hidden and sensitive information about target organization network. There are other Google hacking methods that should be analyzed because of their importance and these are vulnerable targets and Google operators. Vulnerable targets are helpful for attackers as they provide support in finding risky targets. The Google operators are also assumed as one of the most significant Google hacking methods as these Google operators locate specific stings of text within the search results.

Google Advance Search Operators

Google advance search operators are:

  • [Cache:] Displays the web pages stored in the Google cache
  • [Link:] Lists we pages that have links to the specified web pages
  • [Related:] Lists web pages that are similar to a specified web page
  • [Info:] Present some information that Google has about a particular web page
  • [Site:] Restrict the result to those websites in the given domain
  • [Allintitle:] Restricts the results to those websites with all of the search keywords in the title
  • [Intitle:] Restrict the results to documents containing the search keyword in the title
  • [Allinurl:] Restrict the results to those with all of the search keywords in the URL
  • [inurl:] Res

Google Advance Operators

Cache is helpful in displaying the web pages and links are sufficient in linking to the specific web page.

Finding Resources using Google Advance Operator

{intitle:intranet inurl:intranet+intext:”human resources”}:, this combination of Google advance operator actually supports the access towards target company’s private network. The purpose of this access is to make sure the sensitive information is collected such as employee listings, along with contacts details that are helpful for social engineering endeavor.

Google Hacking Database (GHDB)

The advisories and vulnerabilities can be attained through the help of www.hackersforcharity.org in which pages do have login portals.

Google Hacking Tools

The Google hacking tools are mentioned as follows and these are:

WHOIS Footprinting

Whois databases are managed by regional internet registries and do have personal information of domain users.

WHOIS Lookup

WHOIS query returns:

  • Domain name details
  • Contact details of domain owner
  • Domain name servers
  • NetRange
  • When a domain has been created
  • Expiry records
  • Records last updated

Information obtained from WHOIS database assists an attackers to:

  • Create details map of organizational network
  • Gather personal information that assists to perform social engineering
  • Gather other internal network details, etc.

WHOIS Lookup Tools

These whois lookup tools are:

Whois LookuP Online Tools

These tools are:

DNS Footprinting

DNS Footprinting

The attackers need DNS information in order to determine key hosts in the network so that they can social engineering attacks. DNS records provide important information about location and type of servers.

DNS Interrogation Tools

These interrogation tools are:

Network Footprinting

In this concern, network range information is obtained in order to develop a map of target’s network. The range of IP addresses that can be attained by means of ARIN whois database search tool. The regional internet registry can be used in order to explore range of IP addresses along with subnet mask that has been used by target organization.

Operating System

There is need of using the Netcraft tool in order to establish the operating systems in use by the target organization.

The SHODAN search engine is helpful in exploring specific computers.

Traceroute

This notion actually works on the assumptions of ICM protocol and use the TTL field in the header of ICMP packets for the purpose of exploring the routers on path to a target host.

Traceroute

Traceroute Tools

These tools can be considered in the form of path analyzer pro and at the same time visual route 2010 is another tool as well.

The other tools are:

Footprinting Through Social Engineering

In this situation or scenario, the information is collected through the help of eavesdropping, shoulder surfing, and dumpster diving as well.

Eavesdropping is unusual or illegal way through which conversations are recorded. it could be recognized as any form of communication such as vidoes, audios, or written too.

Shoulder surfing is the way of attaining critical information in which attacker uses the shoulder of the users for this purpose.

Dumpster Driving is the way of looking information from someone’s trash. The information such as phone bills and contact information could be utilized in this scenario.

Footprinting through social networking sites

The information in this type of Footprinting is collected through the help of Facebook, as it is assumed as the treasure trove for attackers. There are 845 million active monthly users and at the same time 100 billion connections available on the Facebook. Twitter is also a very viable source of collecting information as 76% Twitter user’s posts statuses updates and at the same time 55% users use their Twitter accounts by means of cell phones or mobiles.

Social Engineering

Footprinting Tool

Maltego
Maltego is a kind of program through which relationships and real world links between people and other people’s groups (social networks), organizations could be identified. The websites, internet, infrastructure, phrases, documents and files can also be used for the purpose of exploring this kind of association.

Maltego

Additional Footprinting Tools

These additional Footprinting tools can be considered in the form of Prefix Whois, Netscan tools pro, Binging, Spiderzilla, Autonomous System Scanner (ASS). The Sam Spade, DNS Digger, and Robtex as well.

Footprinting Counter Measures

These countermeasures are assumed in such a manner that these measures are:

  • Set apart internal DNS and external DNS as well
  • The directory listings can be disabled and split DNS can be used
  • The employees should be educated in such a manner that they must know about social engineering tricks and risks
  • There is need of restricting unexpected input such as |;<>.
  • The domain level should be avoided so that cross linking shall not be created for the critical assets
  • The sensitive information should be encrypted and password protected to a certain extent

Conclusion

In a nutshell, it can be said that Footprinting is the phenomenon in which information is collected as much as possible about a target. During this phenomenon the attackers can use search engines in order to extract information about a target.

Author bio

Muhammad Haris

If you like Muhammad Haris posts, you can follow Smasheezy on Twitter. Subscribe to Smasheezy feed via RSS or EMAIL to receive instant updates.

Leave a Reply

Your email address will not be published. Required fields are marked *