CEHv8 module 02 footprinting and reconnaissance
Bạn đang xem bản rút gọn của tài liệu. Xem và tải ngay bản đầy đủ của tài liệu tại đây (7.86 MB, 171 trang )
Footprinting and
R econnaissance
Module
0 2
Ethical Hacking a n d C o u n te rm e a s u re s
F o o tp rin tin g a n d R e c o n n a issa n c e
Exam 3 1 2-50 C ertified Ethical H acker
F o o t p r in t in g
a n d
R e c o n n a is s a n c e
M o d u le 0 2
E th ic a l H a c k in g a n d C o u n te r m e a s u r e s v 8
M o d u l e 0 2 : F o o t p r i n t i n g a n d R e c o n n a is s a n c e
E xa m 3 1 2 -5 0
M o d u le 0 2 P ag e 92
Ethical H acking a n d C o u n te rm e a s u re s C opyright © by EC-C0UnCil
All Rights R eserved. R ep ro d u ctio n is Strictly P ro h ib ite d .
Ethical Hacking a n d C o u n te rm e a s u re s
F o o tp rin tin g a n d R e c o n n a issa n c e
S e c u r it y
ABO UT US
Exam 3 1 2 -5 0 C ertified Ethical H acker
N e w s
PRO DUCTS
NEWS
F a ceb o ok a 'tre a s u re tro v e ' o f
P e rs o n a lly Id e n tifia b le In fo rm a tio n
April 1a 2012
Facebook contains a "treasure trove" of personally identifiable information that hackers
manage to get their hands on.
A report by Imperva revealed that users' "general personal information" can often include
a date of birth, home address and sometimes mother's maiden name, allowing hackers to
access this and other websites and applications and create targeted spearphishing campaigns.
It detailed a concept I call "friend-mapping", where an attacker can get further knowledge of
a user’s circle of friends; having accessed their account and posing as a trusted friend, they can
cause mayhem. This can include requesting the transfer of funds and extortion.
Asked why Facebook is so important to hackers, Imperva senior security strategist Noa Bar-Yosef
said: "People also add work friends on Facebook so a team leader can be identified and this can lead
to corporate data being accessed, project work being discussed openly, while geo-location data can be
detailed for military intelligence."
"Hacktivism made up 58 per cent of attacks in the Verizon Data Breach Intelligence Report, and they
are going after information on Facebook that can be used to humiliate a person. All types of attackers
have their own techniques."
Copyright © by EG-G*ancil. All Rights Reserved. Reproduction Is Strictly Prohibited.
״
am us
u ii
S e c u r ity N e w s
״־
F a c e b o o k a ,t r e a s u r e t r o v e ״o f P e r s o n a l l y I d e n t i f i a b l e
In fo r m a tio n
Source: h ttp ://w w w .scm a ga zin e uk.co m
Facebook contains a "treasure tro v e " o f p erson a lly id e n tifia b le in fo rm a tio n th a t hackers
manage to get th e ir hands on.
A re p o rt by Im perva revealed th a t users' "general personal in fo rm a tio n " can o fte n include a
date o f b irth , hom e address and som etim es m o the r's m aiden name, a llow ing hackers to access
this and o th e r w ebsites and applications and create targe te d spearphishing campaigns.
It detailed a concept I call "frie n d -m a p p in g ", w here an a ttacker can get fu rth e r know ledge o f a
user's circle o f friends; having accessed th e ir account and posing as a tru ste d frie n d, th e y can
cause m ayhem . This can include requesting the tra n sfe r o f funds and e xto rtio n .
Asked w hy Facebook is so im p o rta n t to hackers, Im perva se nior se curity strategist Noa BarYosef said: ״People also add w o rk friends on Facebook so a team leader can be id e n tifie d and
this can lead to co rp orate data being accessed, p ro ject w o rk being discussed openly, w hile geolocation data can be detailed fo r m ilita ry intelligence."
M o d u le 0 2 P ag e 93
Ethical H acking a n d C o u n te rm e a s u re s C opyright © by EC-C0UnCil
All Rights R eserved. R ep ro d u ctio n is Strictly P ro h ib ite d .
Ethical Hacking a n d C o u n te rm e a s u re s
F o o tp rin tin g a n d R e c o n n a issa n c e
Exam 3 1 2 -5 0 C ertified Ethical H acker
"H acktivism made up 58 per cent o f attacks in the V erizon Data Breach Inte llige n ce R eport,
and th e y are going a fte r in fo rm a tio n on Facebook th a t can be used to h um ilia te a person. All
types o f attackers have th e ir own techniques."
On how attackers get a password in the firs t place, Imperva claim ed th a t d iffe re n t keyloggers
are used, w hile phishing kits th a t create a fake Facebook login page have been seen, and a
m ore p rim itive m ethod is a brute force attack, w here the a ttacker repeatedly a tte m p ts to guess
the user's password.
In m ore extrem e cases, a Facebook a d m in is tra to rs rights can be accessed. A lthough it said th a t
this requires m ore e ffo rt on the hacker side and is n ot as prevalent, it is the "h o ly g ra il" o f
attacks as it provides the hacker w ith data on all users.
On p ro te ctio n , Bar-Yosef said the ro ll-o u t o f SSL across the w h o le w ebsite, ra the r than ju s t at
the login page, was effective, b ut users still needed to o p t in to this.
By Dan Raywood
h t t p : / / w w w . s c m a g a z i n e . c o m . a u / F e a t u r e / 2 6 5 0 6 5 , d ig i t i a l - i n v e s t i g a t i o n s - h a v e - m a t u r e d . a s p x
M o d u le 0 2 P ag e 94
Ethical H acking a n d C o u n te rm e a s u re s C opyright © by EC-C0UnCil
All Rights R eserved. R ep ro d u ctio n is Strictly P ro h ib ite d .
Ethical Hacking a n d C o u n te rm e a s u re s
F o o tp rin tin g a n d R e c o n n a issa n c e
M o d u le
Exam 3 1 2-50 C ertified Ethical H acker
O b je c t iv e s
J
F o o tp r in tin g T e rm in o lo g y
J
W H O IS F o o tp r in tin g
J
W h a t Is F o o tp r in tin g ?
J
DNS F o o tp r in tin g
J
O b je c tiv e s o f F o o tp r in tin g
J
N e tw o r k F o o tp r in tin g
J
F o o tp r in tin g th r o u g h S ocial
J
F o o tp r in tin g T h re a ts
C E H
E n g in e e rin g
W
J
F o o tp r in tin g th r o u g h S ocial
E m a il F o o tp r in tin g
J
F o o tp r in tin g T ools
J
C o m p e titiv e In te llig e n c e
J
F o o tp r in tin g C o u n te rm e a s u re s
J
F o o tp r in tin g U s in g G o o g le
J
F o o tp r in tin g P en T e s tin g
J
W e b s ite F o o tp r in tin g
J
N e tw o r k in g S ites
Copyright © by EC-G*ancil. All Rights Reserved. Reproduction is Strictly Prohibited.
t t t f
M o d u le
O b je c tiv e s
This m odule w ill make you fam iliarize w ith th e follo w in g :
e
F o otp rin tin g Term inologies
©
WHOIS F o otp rin tin g
e
W h a t Is Footprinting?
©
DNS F o otp rin tin g
©
O bjectives o f F o otp rin tin g
©
N e tw o rk F o otp rin tin g
©
F o otp rin tin g Threats
©
F o otp rin tin g throu g h Social
e
F ootp rin tin g throu g h Search Engines
©
W ebsite F ootprinting
©
Email F o otp rin tin g
©
F o otp rin tin g Tools
©
C om petitive Intelligence
©
F o otp rin tin g Counterm easures
©
F o otp rin tin g Using Google
©
F o otp rin tin g Pen Testing
Engineering
M o d u le 0 2 P ag e 9 5
©
F o otp rin tin g throu g h Social
N etw orking Sites
Ethical H acking a n d C o u n te rm e a s u re s C opyright © by EC-C0UnCil
All Rights R eserved. R ep ro d u ctio n is Strictly P ro h ib ite d .
Ethical Hacking a n d C o u n te rm e a s u re s
F o o tp rin tin g a n d R e c o n n a issa n c e
M o d u le
Exam 3 1 2 -5 0 C ertified Ethical H acker
F lo w
Ethical hacking is legal hacking conducted by a p en e tratio n te ste r in o rd er to evaluate
the security o f an IT in fra s tru c tu re w ith the perm ission o f an organization. The concept o f
ethical hacking cannot be explained or cannot be p erform ed in a single step; th e re fo re , it has
been divided in to several steps. F o otp rin tin g is the firs t step in ethical hacking, w here an
a ttacker trie s to gather in fo rm a tio n abo u t a target. To help you b e tte r und e rstan d fo o tp rin tin g ,
it has been d istrib u te d into various sections:
Xj
C J
M o d u le 0 2 P ag e 9 6
F o o tp rin tin g Concepts
[|EJ
F o o tp rin tin g Tools
F o o tp rin tin g Threats
Fo o tPr in t' ng C ounterm easures
F o o tp rin tin g M e th o d o lo g y
F o o tp rin tin g P e n e tra tio n Testing
Ethical H acking a n d C o u n te rm e a s u re s C opyright © by EC-C0UnCil
All Rights R eserved. R ep ro d u ctio n is Strictly P ro h ib ite d .
Ethical Hacking a n d C o u n te rm e a s u re s
F o o tp rin tin g a n d R e c o n n a issa n c e
Exam 3 1 2-50 C ertified Ethical H acker
The F o o tp rin tin g Concepts section fam iliarizes you w ith fo o tp rin tin g , fo o tp rin tin g term in o lo g y,
w hy fo o tp rin tin g is necessary, and th e objectives o f fo o tp rin tin g .
M o d u le 0 2 P ag e 9 7
Ethical H acking a n d C o u n te rm e a s u re s C opyright © by EC-C0UnCil
All Rights R eserved. R ep ro d u ctio n is Strictly P ro h ib ite d .
Ethical Hacking a n d C o u n te rm e a s u re s
F o o tp rin tin g a n d R e c o n n a issa n c e
Exam 3 1 2-50 C ertified Ethical H acker
F o o t p r in t in g T e r m in o lo g y
Open Source or Passive
Information Gathering
CEH
Active Information Gathering
Collect inform ation about a target from
the publicly accessible sources
Gather inform ation through social
engineering on-site visits, interviews,
and questionnaires
Anonymous Footprinting
Pseudonymous Footprinting
Gather inform ation from sources where
the au thor o f the info rm atio n cannot
Collect inform ation that might be
published under a diffe ren t name in
be identified or traced
an attem pt to preserve privacy
Organizational or Private
Footprinting
Internet Footprinting
Collect inform ation from an organization's
web-based calendar and em ail services
Collect inform ation about a target
from the Internet
Copyright © by EC-G*ancil. All Rights Reserved. Reproduction is Strictly Prohibited.
OO ooo
—O O
F o o tp r in tin g
T e r m in o lo g y
Before going deep in to the concept, it is im p o rta n t to know th e basic te rm in o lo g y
used in fo o tp rin tin g . These term s help you understand the concept o f fo o tp rin tin g and its
structures.
!,n'nVn'nVI
O p e n S o u rc e o r P a s s iv e I n f o r m a t io n G a t h e r in g
Open source or passive in fo rm a tio n gathering is the easiest way to collect in fo rm a tio n
about the ta rg e t organization. It refers to the process o f gathering in fo rm a tio n fro m the open
sources, i.e., publicly available sources. This requires no d ire ct contact w ith the ta rg e t
o rg an iza tion . Open sources may include newspapers, television, social n e tw o rkin g sites, blogs,
etc.
Using these, you can gather in fo rm a tio n such as n e tw o rk boundaries, IP address reachable via
the Inte rn e t, operating systems, w eb server so ftw a re used by the ta rg e t n etw o rk, TCP and UDP
services in each system, access co n tro l mechanisms, system architecture, in tru sion d etection
systems, and so on.
A c tiv e I n f o r m a t io n G a th e r in g
In active in fo rm a tio n gathering, process attackers m ainly focus on the em ployees o f
M o d u le 0 2 P ag e 9 8
Ethical H acking a n d C o u n te rm e a s u re s C opyright © by EC-C0UnCil
All Rights R eserved. R ep ro d u ctio n is Strictly P ro h ib ite d .
Ethical Hacking a n d C o u n te rm e a s u re s
F o o tp rin tin g a n d R e c o n n a issa n c e
Exam 3 1 2 -5 0 C ertified Ethical H acker
th e ta rg e t organization. Attackers try to e xtract in fo rm a tio n fro m the em ployees by conducting
social engineering: on-site visits, interview s, questionnaires, etc.
A n o n y m o u s F o o tp r in tin g
This refers to the process o f collecting in fo rm a tio n fro m sources anonym ously so th a t
yo ur e ffo rts cannot be traced back to you.
<—
—i P s e u d o n y m o u s F o o t p r i n t i n g
Pseudonymous fo o tp rin tin g refers to the process o f collecting in fo rm a tio n fro m the
sources th a t have been published on the In te rn e t b ut is n ot d ire ctly linked to the a u th o r's
nam e. The in fo rm a tio n may be published under a d iffe re n t name or the a u th o r may have a
w ell-established pen name, or the a u th o r may be a co rp orate or gove rn m e n t official and be
p ro h ib ite d fro m posting under his or her original nam e. Irrespective o f the reason fo r hiding the
a uth or's name, collecting in fo rm a tio n fro m such sources is called pseudonym ous.
r
*s
•
V
t
4
THI
4
•
4•
O r g a n iz a t io n a l o r P r iv a te F o o t p r in t in g
Private f o o tp r in t" " in g involves collecting in fo rm a tio n fro m an organization's w e b based calendar and em ail services.
|
|
I n te r n e t F o o tp r in tin g
In te rn e t fo o tp rin tin g refers to the process o f collecting in fo rm a tio n o f th e ta rg e t
organization's connections to the Internet.
M o d u le 0 2 P ag e 9 9
Ethical H acking a n d C o u n te rm e a s u re s C opyright © by EC-C0UnCil
All Rights R eserved. R ep ro d u ctio n is Strictly P ro h ib ite d .
Ethical Hacking a n d C o u n te rm e a s u re s
F o o tp rin tin g a n d R e c o n n a issa n c e
W
Exam 3 1 2 -5 0 C ertified Ethical H acker
h a t I s
F o o t p r in t in g ?
|
F o o tp r in tin g is th e p ro c e s s o f c o lle c tin g as m u c h in fo r m a t io n as p o s s ib le
a b o u t a ta r g e t n e tw o r k , f o r id e n tify in g v a rio u s w a y s to in tr u d e in to an
o r g a n iz a tio n 's n e t w o r k s y s te m
Process involved in Footprinting a Target
©
D eterm ine th e op eratin g system
Collect basic in fo rm a tio n about
th e target and its n e tw o rk
P erform techniques such as W hois,
DNS, n e tw o rk and organizational
queries
used, pla tfo rm s running , w eb
server versions, etc.
di i iH a
a f, יa a
■
©
Find vuln e ra b ilitie s and exploits
fo r launching attacks
Copyright © by EC-G*ancil. All Rights Reserved. Reproduction is Strictly Prohibited.
W h a t Is F o o tp r in tin g ?
F o otprinting, the firs t step in ethical hacking, refers to the process o f collecting
in fo rm a tio n about a ta rg e t n e tw o rk and its environ m e n t. Using fo o tp rin tin g you can find
various ways to in tru d e in to th e ta rg e t organization's n e tw o rk system. It is considered
״m e th o d o lo g ic a l" because critical in fo rm a tio n is sought based on a previous discovery.
Once you begin the fo o tp rin tin g process in a m ethodological m anner, you w ill obtain the
b lu e p rin t o f the security p ro file o f the ta rg e t organization. Here the te rm "b lu e p rin t" is used
because the result th a t you get at the end o f fo o tp rin tin g refers to the unique system p ro file of
the ta rg e t organization.
There is no single m etho d olog y fo r fo o tp rin tin g as you can trace in fo rm a tio n in several routes.
However, this a ctivity is im p o rta n t as all crucial in fo rm a tio n needs to be gathered before you
begin hacking. Hence, you should carry o u t the fo o tp rin tin g precisely and in an organized
m anner.
You can collect in fo rm a tio n about the ta rg e t organization throu g h the means o f fo o tp rin tin g in
fo u r steps:
1.
Collect basic in fo rm a tio n about the ta rg e t and its n e tw o rk
2.
D eterm ine the operating system used, p latform s running, w eb server versions, etc.
M o d u le 0 2 P ag e 100
Ethical H acking a n d C o u n te rm e a s u re s C opyright © by EC-C0UnCil
All Rights R eserved. R ep ro d u ctio n is Strictly P ro h ib ite d .
Ethical Hacking a n d C o u n te rm e a s u re s
F o o tp rin tin g a n d R e c o n n a issa n c e
Exam 3 1 2 -5 0 C ertified Ethical H acker
3.
Perform techniques such as W hois, DNS, n e tw o rk and organizational queries
4.
Find vu ln era b ilitie s and exploits fo r launching attacks
F urtherm ore, we w ill discuss how to collect basic in fo rm a tio n , d e te rm in e ope ra tin g system o f
ta rg e t co m puter, p la tfo rm s running, and w eb server versions, various m ethods o f fo o tp rin tin g ,
and how to find and e x p lo it v u ln e ra b ilitie s in detail.
M o d u le 0 2 P ag e 101
Ethical H acking a n d C o u n te rm e a s u re s C opyright © by EC-C0UnCil
All Rights R eserved. R ep ro d u ctio n is Strictly P ro h ib ite d .
Ethical Hacking a n d C o u n te rm e a s u re s
F o o tp rin tin g a n d R e c o n n a issa n c e
W
h y
Exam 3 1 2 -5 0 C ertified Ethical H acker
F o o t p r in t in g ?
C E H
Urti*W
I'n'n'r'n'n'
itkM l lUckw
W h y F o o tp r in tin g ?
For attackers to build a hacking strategy, th e y need to gather in fo rm a tio n about the
ta rg e t organization's n etw o rk, so th a t th e y can find the easiest way to break in to the
o rg a n iza tio n 's se curity p e rim e te r. As m en tion e d previously, fo o tp rin tin g is the easiest way to
gather in fo rm a tio n abo u t the ta rg e t organization; this plays a vital role in the hacking process.
F o o tp rin tin g helps to :
•
K now S ecurity Posture
P erform ing fo o tp rin tin g on the ta rg e t organization in a system atic and m ethodical m anner
gives the com plete p ro file o f the organization's security posture. You can analyze this re p o rt
to figure o u t loopholes in the security posture o f yo u r ta rg e t organization and the n you can
build y o u r hacking plan accordingly.
•
Reduce A tta ck Area
By using a com bination o f too ls and techniques, attackers can take an unknow n e n tity (for
exam ple XYZ O rganization) and reduce it to a specific range o f dom ain names, n e tw o rk
blocks, and individual IP addresses o f systems d ire ctly connected to the Inte rn e t, as w ell as
m any o th e r details pertaining to its se curity posture.
Build In fo rm a tio n Database
M o d u le 0 2 P ag e 102
Ethical H acking a n d C o u n te rm e a s u re s C opyright © by EC-C0UnCil
All Rights R eserved. R ep ro d u ctio n is Strictly P ro h ib ite d .
Ethical Hacking a n d C o u n te rm e a s u re s
F o o tp rin tin g a n d R e c o n n a issa n c e
A detailed
fo o tp rin t
Exam 3 1 2 -5 0 C ertified Ethical H acker
provides
m axim um
in fo rm a tio n
about the
ta rg e t organization.
A ttackers can build th e ir ow n in fo rm a tio n database about security weakness o f the targe t
organization. This database can then be analyzed to find the easiest way to break in to the
organization's security p erim eter.
•
D raw N e tw o rk M ap
C om bining fo o tp rin tin g techniques w ith too ls such as Tracert allows the a ttacker to create
n e tw o rk diagrams o f the ta rg e t organization's n e tw o rk presence. This n e tw o rk map
represents th e ir understanding o f the ta rg e ts In te rn e t fo o tp rin t. These n e tw o rk diagrams
can guide the attack.
M o d u le 0 2 P ag e 103
Ethical H acking a n d C o u n te rm e a s u re s C opyright © by EC-C0UnCil
All Rights R eserved. R ep ro d u ctio n is Strictly P ro h ib ite d .
Ethical Hacking a n d C o u n te rm e a s u re s
F o o tp rin tin g a n d R e c o n n a issa n c e
Exam 3 1 2-50 C ertified Ethical H acker
O b je c t iv e s
O
O
Collect
Network
Information
1v
Collect
System
Information
C E H
0
Domain name
׳-* Networking protocols
0
Internal domain names
0
VPN Points
0
0
Network blocks
IP addresses of the reachable systems
0
0
ACLs
IDSes running
0
Rogue websites/private websites
0
Analog/digital telephone numbers
0
TCP and UDP services running
0
Authentication mechanisms
0
Access control Mechanisms and ACL's
tf
System Enumeration
ג
U s e r a n d g ro u p n a m e s
־
S y ste m a rc h ite c tu re
*
S y ste m b a n n e rs
*
R e m o te s y ste m ty p e
•
R o u tin g ta b le s
•
S y ste m n a m e s
:
S N M P in fo r m a tio n
:
P a s s w o rd s
0
Employee details
0
Comments in HTML source code
0
0
Collect
Organization’s
Information
o f F o o t p r in t in g
Organization's website
Company directory
0
Location details
0
Address and phone numbers
0
Security policies implemented
0
Web server links relevant to the
organization
0
Background of the organization
0
News articles/press releases
Copyright © by EC-G*ancil. All Rights Reserved. Reproduction is Strictly Prohibited.
O b je c tiv e s o f F o o t p r in t in g
The
m ajor
in fo rm a tio n ,
system
objectives
o f fo o tp rin tin g
in fo rm a tio n ,
and
the
include
collecting
organizational
the
in fo rm a tio n .
ta rg e t's
n e tw o rk
By carrying
o ut
fo o tp rin tin g at various n e tw o rk levels, you can gain in fo rm a tio n such as: n e tw o rk blocks,
n e tw o rk services and applications, system a rchitecture, intrusion d ete ction systems, specific IP
addresses, and access co n tro l mechanisms. W ith fo o tp rin tin g , in fo rm a tio n such as em ployee
names, phone num bers, contact addresses, designation, and w o rk experience, and so on can
also be obtained.
C o lle c t N e tw o r k I n f o r m a t io n
The n e tw o rk in fo rm a tio n can be gathered by p erfo rm ing a W hois database analysis,
trace ro u tin g , etc. includes:
Q
Domain name
Q
Internal dom ain names
Q
N e tw o rk blocks
©
IP addresses o f the reachable systems
-י
Rogue w e b site s/p riva te w ebsites
M o d u le 0 2 P ag e 104
Ethical H acking a n d C o u n te rm e a s u re s C opyright © by EC-COUIICil
All Rights R eserved. R ep ro d u ctio n is Strictly P ro h ib ite d .
Ethical H acking a n d C o u n te rm e a s u re s
F o o tp rin tin g a n d R e c o n n a issa n c e
Q
TCP and UDP services running
©
Access co n tro l mechanisms and ACLs
©
N e tw orking protocols
©
VPN points
Q
ACLs
9
IDSes running
©
A na lo g /d ig ita l telephone num bers
©
A u th e n tica tio n mechanisms
©
System e nu m eration
Exam 3 1 2-50 C ertified Ethical H acker
C o lle c t S y s te m I n f o r m a t io n
Q
User and group names
©
System banners
Q
Routing tables
Q
SNMP in fo rm a tio n
©
System arch itectu re
©
Remote system type
Q
System names
Q
Passwords
C o lle c t O r g a n iz a t io n ’ s I n f o r m a t io n
Q
Employee details
Q
O rganization's w ebsite
Q
Company d ire cto ry
Q
Location details
Q
Address and phone num bers
Q
Com m ents in HTML source code
Q
Security policies im p lem ented
Q
W eb server links relevant to the organization
©
Background o f the organization
U
News articles/press releases
M o d u le 0 2 P ag e 105
Ethical H acking a n d C o u n te rm e a s u re s C opyright © by EC-C0UltCil
All Rights R eserved. R ep ro d u ctio n is Strictly P ro h ib ite d .
Ethical Hacking a n d C o u n te rm e a s u re s
F o o tp rin tin g a n d R e c o n n a issa n c e
M o d u le
Exam 3 1 2 -5 0 C ertified Ethical H acker
F lo w
So far, we discussed fo o tp rin tin g concepts, and now we w ill discuss the threa ts
associated w ith fo o tp rin tin g :
ף
F o o tp rin tin g Concepts
F o o tp rin tin g Tools
F o o tp rin tin g C ounterm easures
o רF o o tp rin tin g Threats
O L)
F o o tp rin tin g M e th o d o lo g y
xi
?* ר
F o o tp rin tin g P e n e tra tio n Testing
The F ootp rin tin g Threats section fam iliarizes you w ith the threa ts associated w ith fo o tp rin tin g
such
as
social
M o d u le 0 2 P ag e 106
engineering,
system
and
n e tw o rk
attacks,
corporate
espionage,
etc.
Ethical H acking a n d C o u n te rm e a s u re s C opyright © by EC-C0UnCil
All Rights R eserved. R ep ro d u ctio n is Strictly P ro h ib ite d .
Ethical Hacking a n d C o u n te rm e a s u re s
F o o tp rin tin g a n d R e c o n n a issa n c e
Exam 3 1 2 -5 0 C ertified Ethical H acker
F o o t p r in t in g
J
T h r e a ts
A tta c k e rs g a th e r v a lu a b le s y s te m a n d n e tw o r k in fo r m a t io n su ch as a c c o u n t
d e ta ils , o p e r a tin g s y s te m a n d in s ta lle d a p p lic a tio n s , n e tw o r k c o m p o n e n ts ,
s e rv e r n a m e s , d a ta b a s e s c h e m a d e ta ils , e tc . fr o m f o o t p r in t in g te c h n iq u e s
Types off T h re a ts
I n f o r m a t io n
P riv a c y
C o rp o ra te
B u s in e s s
L e a ka g e
Loss
E s p io n a g e
Loss
J .
J
Copyright © by EG-G*ancil. All Rights Reserved. Reproduction is Strictly Prohibited.
F o o tp r in tin g
T h re a ts
ם-0-ם
As discussed previously, attackers p erfo rm fo o tp rin tin g as the firs t step in an a tte m p t to
hack a ta rg e t o rg an iza tion . In the fo o tp rin tin g phase, attackers try to collect valuable system level in fo rm a tio n such as account details, operating system and o th e r so ftw a re versions, server
names, and database schema details th a t w ill be useful in the hacking process.
The fo llo w in g are various threa ts due to fo o tp rin tin g :
S o c ia l E n g in e e r in g
W ith o u t
using
any
intrusion
m ethods,
hackers
d ire ctly
and
in d ire ctly
collect
in fo rm a tio n throu g h persuasion and various o th e r means. Here, crucial in fo rm a tio n is gathered
by th e hackers throu g h em ployees w ith o u t th e ir consent.
©J
S y s te m a n d N e tw o r k A tta c k s
F ootp rin tin g helps an a ttacker to p erfo rm system and n e tw o rk attacks. Through
fo o tp rin tin g , a ttackers can g ath er in fo rm a tio n related to the ta rg e t organization's system
co nfig u ra tion , operating system running on the m achine, and so on. Using this in fo rm a tio n ,
attackers can find the vu ln era b ilitie s present in the ta rg e t system and then can exploit those
M o d u le 02 P ag e 107
Ethical H acking a n d C o u n te rm e a s u re s C opyright © by EC-C0UnCil
All Rights R eserved. R ep ro d u ctio n is Strictly P ro h ib ite d .
Ethical Hacking a n d C o u n te rm e a s u re s
F o o tp rin tin g a n d R e c o n n a issa n c e
Exam 3 1 2 -5 0 C ertified Ethical H acker
v u ln e ra b ilitie s . Thus, attackers can take co ntro l over a ta rg e t system. Sim ilarly, attackers can
also take co n tro l over the e ntire n etw o rk.
&p a » ,
In fo r m a tio n L e a k a g e
L 3 3
In fo rm a tio n leakage can be a great th re a t to any organization and is o fte n overlooked.
If sensitive organizational in fo rm a tio n falls in to the hands o f attackers, then th e y can build an
attack plan based on the in fo rm a tio n , o r use it fo r m o n e ta ry benefits.
G P
—יי
P r iv a c y L
o s s
׳W ith the help o f fo o tp rin tin g , hackers are able to access the systems and netw orks o f
the com pany and even escalate the privileges up to adm in levels. W h a te ve r privacy was
m aintained by the com pany is co m p lete ly lost.
C o r p o r a t e E s p io n a g e
C orporate espionage is one o f the m ajor threa ts to com panies as co m p e tito rs can spy
and a tte m p t to steal sensitive data th ro u g h fo o tp rin tin g . Due to this type o f espionage,
co m p e tito rs are able to launch sim ilar products in the m arket, affecting the m arket position o f a
com pany.
B u s in e s s L o s s
F o otp rin tin g has a m ajor e ffe ct on businesses such as online businesses and o th e r
ecom m erce w ebsites, banking and financial related businesses, etc. Billions o f dollars are lost
every year due to m alicious attacks by hackers.
M o d u le 0 2 P ag e 108
Ethical H acking a n d C o u n te rm e a s u re s C opyright © by EC-C0UnCil
All Rights R eserved. R ep ro d u ctio n is Strictly P ro h ib ite d .
Ethical Hacking a n d C o u n te rm e a s u re s
F o o tp rin tin g a n d R e c o n n a issa n c e
M o d u le
Exam 3 1 2-50 C ertified Ethical H acker
F lo w
Now th a t you are fa m ilia r w ith fo o tp rin tin g concepts and threats, we w ill discuss the
fo o tp rin tin g m ethodology.
The fo o tp rin tin g m e thodology section discusses various techniques used to collect in fo rm a tio n
about the ta rg e t o rg a n iza tio n fro m d iffe re n t sources.
x
F o o tp rin tin g Concepts
ן־דיןן
F o o tp rin tin g Threats
G O
M o d u le 0 2 P ag e 109
F o o tp rin tin g M e th o d o lo g y
F o o tp rin tin g Tools
F o o tp rin tin g C ounterm easures
v!
F o o tp rin tin g P e n e tra tio n Testing
Ethical H acking a n d C o u n te rm e a s u re s C opyright © by EC-C0UnCil
All Rights R eserved. R ep ro d u ctio n is Strictly P ro h ib ite d .
Ethical Hacking a n d C o u n te rm e a s u re s
F o o tp rin tin g a n d R e c o n n a issa n c e
Exam 3 1 2 -5 0 C ertified Ethical H acker
F o o t p r in t in g M e t h o d o lo g y
Footprinting through Search
Engines
WHOIS Footprinting
Website Footprinting
DNS Footprinting
Email Footprinting
Network Footprinting
Competitive Intelligence
Footprinting through Social
Engineering
Footprinting using Google
Footprinting through Social
Networking Sites
E H
Copyright © by EG-G*ancil. All Rights Reserved. Reproduction is Strictly Prohibited.
I— ^
F o o tp r in tin g
M e th o d o lo g y
The fo o tp rin tin g m etho d olog y is a procedural way o f co lle ctin g in fo rm a tio n about a
ta rg e t organization fro m all available sources. It deals w ith gathering in fo rm a tio n abo u t a targe t
organization,
d e te rm in in g URL, location, establishm ent details, num ber o f em ployees, the
specific range o f dom ain names, and contact in fo rm a tio n . This in fo rm a tio n can be gathered
fro m various sources such as search engines, W hois databases, etc.
Search engines are the main in fo rm a tio n sources w here you can find valuable in fo rm a tio n
about y o u r ta rg e t o rg an iza tion . Therefore, firs t we w ill discuss fo o tp rin tin g throu g h search
engines. Here we are going to discuss how and w h a t in fo rm a tio n we can collect throu g h search
engines.
Examples o f search engines include: w w w .g o o g le .c o m ,w w w .y a h o o .c o m ,w w w .bing.com
M o d u le 0 2 P ag e 110
Ethical H acking a n d C o u n te rm e a s u re s C opyright © by EC-C0UnCil
All Rights R eserved. R ep ro d u ctio n is Strictly P ro h ib ite d .
Ethical Hacking a n d C o u n te rm e a s u re s
F o o tp rin tin g a n d R e c o n n a issa n c e
F o o tp r in tin g
Exam 3 1 2 -5 0 C ertified Ethical H acker
th ro u g h
S e a rc h
E n g in e s
A tta cke rs use search e n gines to e x tra c t
in fo rm a tio n a b o u t a ta r g e t such as
te c h n o lo g y p la tfo rm s , e m p lo y e e de ta ils,
login pages, in tra n e t p o rta ls , etc. w h ic h
Microsoft
»0aMus•»»!*•>>**•rcicspthi
Mciim*Cxivxaco
MC.rr 1nmAnmw
helps in p e rfo rm in g social e n g in e e rin g and
M icrosoft
o th e r ty p e s o f ad vanced system a ttacks
ndP»>bur*, Ajn4 1V:
J
■
MCDMTzerperator
nth■
Search e n g in e cache m a y p ro v id e s e n s itiv e
i1m:amiiwm 1yw
tv|h*tiV.row*Midm Int 31aptntnj
in fo rm a tio n th a t has been re m o v e d fro m
11bM-nar«'MI*1he•hut tot• crtMdan■MmjMhiM
trfQur•* *rtV/Kti
*1mMarot* •«»>»*״
Snc. in• 1*101 11•
s* יי
th e W o rld W id e W eb (W W W )
F o o tp r in tin g th r o u g h
S e a r c h E n g in e s
w , -----
A w eb search engine is designed to search fo r in fo rm a tio n on the W orld W ide W eb.
The search results are generally presented in a line o f results o fte n referred to as search engine
results pages (SERPs). In the present w o rld , many search engines a llo w you to e xtract a ta rg e t
organization's in fo rm a tio n such as technology platform s, em ployee details, login pages,
in tra n e t portals, and so on. Using this in fo rm a tio n , an a ttacker may build a hacking stra teg y to
break in to the ta rg e t organization's n e tw o rk and may carry o u t o th e r types o f advanced system
attacks. A Google search could reveal submissions to forum s by security personnel th a t reveal
brands o f fire w a lls or a n tiviru s s o ftw a re in use at the target. Som etim es even n e tw o rk
diagrams are fou n d th a t can guide an attack.
If you w a n t to fo o tp rin t the ta rg e t organization, fo r exam ple XYZ pvt ltd, the n type XYZ pvt ltd in
the Search box o f the search engine and press Enter. This w ill display all the search results
containing the keywords "XYZ pvt ltd ." You can even n arro w dow n the results by adding a
specific keyw ord w h ile searching. Furtherm ore, we w ill discuss o th e r fo o tp rin tin g tech n iq ue s
such as w ebsite fo o tp rin tin g and em ail Footprinting.
For exam ple, consider an organization, perhaps M icroso ft. Type M icro so ft in the Search box o f
a search engine and press Enter; this w ill display all the results containing in fo rm a tio n about
M icroso ft. Browsing the results may provide critical in fo rm a tio n such as physical lo ca tion ,
M o d u le 0 2 P ag e 111
Ethical H acking a n d C o u n te rm e a s u re s C opyright © by EC-C0UnCil
All Rights R eserved. R ep ro d u ctio n is Strictly P ro h ib ite d .
Ethical Hacking a n d C o u n te rm e a s u re s
F o o tp rin tin g a n d R e c o n n a issa n c e
Exam 3 1 2 -5 0 C ertified Ethical H acker
co nta ct address, the services o ffered, n um ber o f em ployees, etc. th a t may prove to be a
valuable source fo r hacking.
O © wcbcachc.googleusercontent.com
scarch?q-cache:ARbFVg INvoJ:cn.wikipcdia.org/wiki/Micn &
,|ן
This is Google's cache of http i/e n wikipedia 0rgAviki/Microsoft t is a snapshot of the page as it appeared on 17 Jul 2012 13:15:03
GMT The current page could have changed in the meantirre Learn more
Text-only /ersicn
Create account & Log in
Read
View source
View history
Microsoft
- 47'38*22 55״N 122‘74242־W
From Wikipedia. the free encyclopedia
Main page
Contents
Featured content
Current events
Random artide
Donate to vviKipeaia
Interaction
Help
About Wikipedia
Community portal
Recent changes
Contact Wikipedia
► Print/export
▼ Languages
Microsoft Corporation (NASDAQ: MSFTt? ) is ar American
multinational corporation headquartered n ReJrrond.
Washington. United States that develops, manufactures
licenses, and supports a wide range cf products ard services
rolatod to computing. Tho company was foundoc by Bill Gatos
and Paul Allen on Apr J 4. 1975. Microsoft is the world's largest
software corporation measured by revenues
Microsoft was established to develop and sell BASC
inteipieteis foi the Altai! 8800 II rose 1 0 dominate the home
computer operating system market wth MS-OOS n the mid•
1980s followed by the Microsoft Wndows line of operating
systems The company’s 1986 initial public oferng. and
subsequent rise in the share price, created ar estimated three
billionaires and 12.000 millionaires from Microsoft employees
Since the 1990s. the company has increasingly dr\ersrf1 ed from
the operating system market. In May 2011 Microsoft acquired
Skype for $8 5 billion in its largest acquisition to date PI
Microsort corporation
M
ic r o s o f t ׳
Type
Rjblc
Traded as
NASDAQ: MSFT ^
SEHK: 4333 (£>
Cow Jones Industrial Average
component
NASDAQ-100 component
S&P50D component
Induttry
Computer tofiwar•
Onlir• t#rvic♦•
Video gorroo
Founded
Albuquerque, New Mexico,
United States (April 4,1975)
Founder(•)
Bill Gates, Paul Alien
Headquarters Microsoft Redmond Campts,
FIGURE 2 .1 : S c re e n s h o t s h o w in g in fo r m a tio n a b o u t M ic ro s o ft
As an ethical hacker, if you find any sensitive in fo rm a tio n o f yo u r com pany in the search engine
result pages, you should
rem ove th a t in fo rm a tio n . A lthough you
rem ove the sensitive
in fo rm a tio n , it may still be available in a search engine cache. Therefore, you should also check
the search engine cache to ensure th a t the sensitive data is rem oved p e rm a n e n tly.
M o d u le 0 2 P ag e 112
Ethical H acking a n d C o u n te rm e a s u re s C opyright © by EC-C0UnCil
All Rights R eserved. R ep ro d u ctio n is Strictly P ro h ib ite d .
Ethical Hacking a n d C o u n te rm e a s u re s
F o o tp rin tin g a n d R e c o n n a issa n c e
F in d in g
Exam 3 1 2-50 C ertified Ethical H acker
C o m p a n y ’s E x t e r n a l a n d
C E H
In te rn a l U R L s
Tools to Search Internal URLs
Search fo r th e ta rg e t com pany's exte rna l URL
in a search engine such as Google o r Bing
Interna l URLs pro v id e an in sig h t in to
d iffe re n t d e p a rtm e n ts and business u n its in
5
h ttp ://n e w s .n e tc ra ft.c o m
6
h ttp ://w w w .w e b m a ste r-a .c o m /
lin k -e x tra c to r-in te rn a l.p h p
an organization
You m ay fin d an in te rn a l com pany's URL by
tria l and e rro r m e th o d
A
Internal URL’s of microsoft.com
t)
su p p o rt.m ic ro so ft.c o m
e
o ffic e .m ic ro so ft.c o m
s
se a rc h .m ic ro so ft.c o m
0
m sd n .m ic ro so ft.c o m
O u p d a te .m ic ro so ft.co m
6
tech n et.m ic ro so ft.co m
0
w in d o w s.m icro so ft.co m
f j
^
,
Copyright © by EG-G(IIIICil. All Rights Reserved. Reproduction is Strictly Prohibited.
F in d in g
C o m p a n y ’s E x te rn a l a n d In te r n a l U R L s
A com pany's external and internal URLs provide a lo t o f useful in fo rm a tio n to the
attacker. These URLs describe the com pany and provide details such as the com pany mission
and vision, history, products or services o ffered, etc. The URL th a t is used o u tsid e th e co rp o ra te
n e tw o rk fo r accessing the com pany's vault server via a fire w a ll is called an external URL. It links
d ire ctly to the com pany's external w eb page. The ta rg e t com pany's external URL can be
dete rm ine d w ith the help o f search engines such as Google o r Bing.
If you w a n t to find the external URL o f a com pany, fo llo w these steps:
1.
Open any o f the search engines, such as Google or Bing.
2.
Type th e name o f the ta rg e t com pany in the Search box and press Enter.
The in terna l URL is used fo r accessing the com pany's va ult server d ire ctly inside th e corporate
n etw o rk. The in terna l URL helps to access the internal fun ctio ns o f a com pany. M ost companies
use com m on fo rm a ts fo r in terna l URLs. Therefore, if you know th e e xte rn a l URL o f a com pany,
you can p redict an in terna l URL throu g h tria l and error. These in terna l URLs provide insight into
d iffe re n t d ep a rtm e nts and business units in an organization. You can also find the in terna l URLs
o f an organization using tools such as netcraft.
Tools to Search In te rn a l URLs
M o d u le 0 2 P ag e 113
Ethical H acking a n d C o u n te rm e a s u re s C opyright © by EC-C0UnCil
All Rights R eserved. R ep ro d u ctio n is Strictly P ro h ib ite d .
Ethical Hacking a n d C o u n te rm e a s u re s
F o o tp rin tin g a n d R e c o n n a issa n c e
Exam 3 1 2 -5 0 C ertified Ethical H acker
N e tc ra ft
Source: h ttp ://n e w s .n e tc ra ft.c o m
N e tcra ft deals w ith w eb server, w eb hosting m arke t-sh are analysis, and operating
system d ete ction . It provides free anti-phishing to o lb a r (Net cra ft to o lb a r) fo r Firefox as w ell as
In te rn e t Explorer browsers. The n etcra ft to o lb a r avoids phishing attacks and p rotects the
In te rn e t users fro m fraudsters. It checks th e risk rate as w ell as the hosting location o f the
w ebsites we visit.
L in k E x tra c to r
Source: h ttp ://w w w .w e b m a s te r-a .c o m /lin k -e x tra c to r-in te rn a l.p h p
Link E xtractor is a link extraction u tility th a t allows you to choose betw een external and internal
URLs, and w ill re turn a plain list o f URLs linked to or an h tm l list. You can use this u tility to
c o m p e tito r sites.
Examples o f in te rn a l URLs o f m icro so ft.co m :
©
su pp o rt.m icro so ft.co m
©
o ffice .m icroso ft.co m
©
search.m icrosoft.com
©
m sdn.m icrosoft.com
©
u pd ate.m icrosoft.com
©
tech n e t.m icro so ft.co m
©
w in d ow s.m icro so ft.co m
M o d u le 0 2 P ag e 114
Ethical H acking a n d C o u n te rm e a s u re s C opyright © by EC-C0UnCil
All Rights R eserved. R ep ro d u ctio n is Strictly P ro h ib ite d .
Ethical Hacking a n d C o u n te rm e a s u re s
F o o tp rin tin g a n d R e c o n n a issa n c e
Exam 3 1 2 -5 0 C ertified Ethical H acker
P u b lic a n d R e s t r ic t e d W e b s it e s
C E H
Urt1fw4
ilh iu l lUtbM
WelcometoMicrosoft
Irocua
Dt+noaSz
Sicuity Stifpcrt Su
Public Website
R estricted Website
Copyright © by EG-G(IIIICil. All Rights Reserved. Reproduction is Strictly Prohibited.
P u b lic
a n d R e s t r ic t e d W e b s ite s
—___ , A public w ebsite is a w ebsite designed to show the presence o f an organization on the
Inte rn e t. It is designed to a ttra c t custom ers and p artners. It contains in fo rm a tio n such as
com pany history, services and products, and contact in fo rm a tio n o f the organization.
The fo llo w in g screenshot is an exam ple o f a public w ebsite:
Source: h ttp ://w w w .m ic ro s o ft.c o m
M o d u le 0 2 P ag e 115
Ethical H acking a n d C o u n te rm e a s u re s C opyright © by EC-C0UnCil
All Rights R eserved. R ep ro d u ctio n is Strictly P ro h ib ite d .
