module 2 foot printing
TRANSCRIPT
MODULE 2MODULE 2
FOOT PRINTINGFOOT PRINTING
Khoa CNTT – ĐH Nông Lâm TP. HCM 2008 2/38
ObjectiveObjective
Overview of the Reconnaissance Phase Introducing Footprinting Understanding the information gathering
methodology of hackers Comprehending the Implications Learning some of the tools used for
reconnaissance phase FootPrinting steps
Khoa CNTT – ĐH Nông Lâm TP. HCM 2008 3/38
Defining FootprintingDefining Footprinting Footprinting is the blueprinting of the security
profile of an organization, undertaken in a methodological manner.
Footprinting is one of the three pre-attack phases. The others are scanning and enumeration.
Footprinting results in a unique organization profile with respect to networks (Internet / Intranet / Extranet / Wireless) and systems involved.
An attacker will spend 90% of the time in profiling an organization and another 10% in launching the attack
Khoa CNTT – ĐH Nông Lâm TP. HCM 2008 4/38
Information Gathering MethodologyInformation Gathering Methodology
Unearth initial information Locate the network range Ascertain active machines Discover open ports / access
points Detect operating systems Uncover services on ports Map the Network
Khoa CNTT – ĐH Nông Lâm TP. HCM 2008 5/38
Unearthing Initial InformationUnearthing Initial InformationCommonly includes: Domain name lookup Locations Contacts (Telephone /
mail)Information Sources: Open source Whois NslookupHacking Tool: Sam Spade
Khoa CNTT – ĐH Nông Lâm TP. HCM 2008 6/38
Finding a Company’s URL & Info.Finding a Company’s URL & Info. Search for a company’s URL using a search
engine such as www.google.com Type the company’s name in the search engine
to get the company URL Google provides rich information to perform
passive reconnaissance Check newsgroups, forums, and blogs for
sensitive information regarding the network
Khoa CNTT – ĐH Nông Lâm TP. HCM 2008 7/38
People SearchPeople Search
Khoa CNTT – ĐH Nông Lâm TP. HCM 2008 8/38
People Search WebsitePeople Search Website
Khoa CNTT – ĐH Nông Lâm TP. HCM 2008 9/38
Satellite Picture of a ResidenceSatellite Picture of a Residence
Khoa CNTT – ĐH Nông Lâm TP. HCM 2008 10/38
Public and Private WebsitesPublic and Private Websites
Khoa CNTT – ĐH Nông Lâm TP. HCM 2008 11/38
DNS EnumeratorDNS Enumerator
Khoa CNTT – ĐH Nông Lâm TP. HCM 2008 12/38
SpiderFootSpiderFoot SpiderFoot is a free, open-source, domain
footprinting tool which will scrape the websites on that domain, as well as search Google,Netcraft, Whois, and DNS to build up information like: Subdomains Affiliates Web server versions Users (i.e. /~user) Similar domains Email addresses Netblocks
Khoa CNTT – ĐH Nông Lâm TP. HCM 2008 13/38
SpiderFootSpiderFoot
Khoa CNTT – ĐH Nông Lâm TP. HCM 2008 14/38
Web Data Extractor ToolWeb Data Extractor Tool
Khoa CNTT – ĐH Nông Lâm TP. HCM 2008 15/38
Additional Footprinting ToolsAdditional Footprinting Tools Whois Nslookup ARIN Neo Trace VisualRoute Trace SmartWhois eMailTrackerPro Website watcher Google Earth GEO Spider HTTrack Web Copier E-mail Spider
Khoa CNTT – ĐH Nông Lâm TP. HCM 2008 16/38
Whois LookupWhois Lookup With whois lookup, you can get personal and
contact information For example, www.samspade.com
Khoa CNTT – ĐH Nông Lâm TP. HCM 2008 17/38
WhoisWhois
Registrant: targetcompany (targetcompany-DOM) # Street Address City, Province State, Pin, Country Domain Name: targetcompany.COM
Domain servers in listed order: NS1.WEBHOST.COM XXX.XXX.XXX.XXX NS2.WEBHOST.COM XXX.XXX.XXX.XXX
Administrative Contact: Surname, Name (SNIDNo-ORG) [email protected] targetcompany (targetcompany-DOM) # Street Address City, Province, State, Pin, Country Telephone: XXXXX Fax XXXXXTechnical Contact: Surname, Name (SNIDNo-ORG) [email protected] targetcompany (targetcompany-DOM) # Street Address City, Province, State, Pin, Country Telephone: XXXXX Fax XXXXX
Khoa CNTT – ĐH Nông Lâm TP. HCM 2008 18/38
Online Whois ToolsOnline Whois Tools
Khoa CNTT – ĐH Nông Lâm TP. HCM 2008 19/38
NslookupNslookup Nslookup is a program to query Internet domain
name servers. Displays information that can be used to diagnose Domain Name System (DNS) infrastructure.
Helps find additional IP addresses if authoritative DNS is known from whois.
MX record reveals the IP of the mail server. Both Unix and Windows come with a Nslookup
client. Third party clients are also available – E.g. Sam
Spade
Khoa CNTT – ĐH Nông Lâm TP. HCM 2008 20/38
NSLookup optionsNSLookup optionsSwitch Function nslookup Launches the nslookup program. host name Returns the IP address for the specified
host name. NAME Displays information about the host/domain
NAME using default server NAME1 NAME2 As above, but uses NAME2 as server help or? Displays information about common
commands set OPTION Sets an option domain=NAME Sets default domain name to NAME. root =NAME Sets root server to NAME. retry=X Sets number of retries to X. timeout=X Sets initial timeout interval to X seconds. type=X
Khoa CNTT – ĐH Nông Lâm TP. HCM 2008 21/38
Types of DNS RecordsTypes of DNS Records
Khoa CNTT – ĐH Nông Lâm TP. HCM 2008 22/38
Locate the Network RangeLocate the Network Range
Commonly includes: Finding the range of IP
addresses Discerning the subnet
mask
Information Sources: ARIN (American Registry
of Internet Numbers) Traceroute
Hacking Tool: NeoTrace Visual Route
Khoa CNTT – ĐH Nông Lâm TP. HCM 2008 23/38
TracerouteTraceroute Traceroute works by exploiting a feature of the Internet
Protocol called TTL, or Time To Live. Traceroute reveals the path IP packets travel between
two systems by sending out consecutive UDP packets with ever-increasing TTLs .
As each router processes a IP packet, it decrements the TTL. When the TTL reaches zero, it sends back a "TTL exceeded" message (using ICMP) to the originator.
Routers with DNS entries reveal the name of routers, network affiliation and geographic location.
Khoa CNTT – ĐH Nông Lâm TP. HCM 2008 24/38
Trace Route AnalysisTrace Route Analysis
Khoa CNTT – ĐH Nông Lâm TP. HCM 2008 25/38
Trace Route AnalysisTrace Route Analysis
Khoa CNTT – ĐH Nông Lâm TP. HCM 2008 26/38
Tool: NeoTrace (Now McAfee Visual Tool: NeoTrace (Now McAfee Visual Trace)Trace)
NeoTrace shows the traceroute output visually – map view, node view and IP view
Khoa CNTT – ĐH Nông Lâm TP. HCM 2008 27/38
Tool: VisualRoute TraceTool: VisualRoute Trace
Khoa CNTT – ĐH Nông Lâm TP. HCM 2008 28/38
Tool: Path Analyzer Pro - Tool: Path Analyzer Pro - http://vostrom.comhttp://vostrom.com
Khoa CNTT – ĐH Nông Lâm TP. HCM 2008 29/38
Path Analyzer Pro ScreenshotPath Analyzer Pro Screenshot
Khoa CNTT – ĐH Nông Lâm TP. HCM 2008 30/38
Path Analyzer Pro ScreenshotPath Analyzer Pro Screenshot
Khoa CNTT – ĐH Nông Lâm TP. HCM 2008 31/38
Path Analyzer Pro ScreenshotPath Analyzer Pro Screenshot
Khoa CNTT – ĐH Nông Lâm TP. HCM 2008 32/38
GoogleEarthGoogleEarth
Khoa CNTT – ĐH Nông Lâm TP. HCM 2008 33/38
GoogleEarth Showing PentagonGoogleEarth Showing Pentagon
Khoa CNTT – ĐH Nông Lâm TP. HCM 2008 34/38
Tool: SmartWhoisTool: SmartWhoisSmartWhois is a useful network information utility that allows you to find out all available information about an IP address, host name, or domain, including country, state or province, city, name of the network provider, administrator and technical support contact information
Unlike standard Whois utilities, SmartWhois can find the information about a computer located in any part of the world, intelligently querying the right database and delivering all the related records within a few seconds.
Khoa CNTT – ĐH Nông Lâm TP. HCM 2008 35/38
Tool: eMailTrackerProTool: eMailTrackerPro
eMailTrackerPro is the e-mail analysis tool that enables analysis of an e-mail and its headers automatically and provides graphical results
Khoa CNTT – ĐH Nông Lâm TP. HCM 2008 36/38
How to Setup a Fake Website?How to Setup a Fake Website?
Khoa CNTT – ĐH Nông Lâm TP. HCM 2008 37/38
How to Setup a Fake Website?How to Setup a Fake Website?
Khoa CNTT – ĐH Nông Lâm TP. HCM 2008 38/38
Website Stealing Tool: ReamweaverWebsite Stealing Tool: Reamweaver Reamweaver has everything you need to
instantly “steal" anyone's website, copying the real-time "look and feel" but letting you change any words, images, etc. that you choose
When a visitor visits a page on your stolen (mirrored) website, Reamweaver gets the page from the target domain, changes the words as you specify, and stores the result (along with images, etc.) in the fake website
With this tool your fake website will always look current, Reamweaver automatically updates the fake mirror when the content changes in the original website
Download: http://www.eccouncil.org/cehtools/reamweaver.zip