module 2 foot printing

MODULE 2MODULE 2

FOOT PRINTINGFOOT PRINTING

Khoa CNTT – ĐH Nông Lâm TP. HCM 2008 2/38

ObjectiveObjective

Overview of the Reconnaissance Phase Introducing Footprinting Understanding the information gathering

methodology of hackers Comprehending the Implications Learning some of the tools used for

reconnaissance phase FootPrinting steps


Defining FootprintingDefining Footprinting Footprinting is the blueprinting of the security

profile of an organization, undertaken in a methodological manner.

Footprinting is one of the three pre-attack phases. The others are scanning and enumeration.

Footprinting results in a unique organization profile with respect to networks (Internet / Intranet / Extranet / Wireless) and systems involved.

An attacker will spend 90% of the time in profiling an organization and another 10% in launching the attack


Information Gathering MethodologyInformation Gathering Methodology

Unearth initial information Locate the network range Ascertain active machines Discover open ports / access

points Detect operating systems Uncover services on ports Map the Network


Unearthing Initial InformationUnearthing Initial InformationCommonly includes: Domain name lookup Locations Contacts (Telephone /

mail)Information Sources: Open source Whois NslookupHacking Tool: Sam Spade


Finding a Company’s URL & Info.Finding a Company’s URL & Info. Search for a company’s URL using a search

engine such as www.google.com Type the company’s name in the search engine

to get the company URL Google provides rich information to perform

passive reconnaissance Check newsgroups, forums, and blogs for

sensitive information regarding the network


People SearchPeople Search


People Search WebsitePeople Search Website


Satellite Picture of a ResidenceSatellite Picture of a Residence


Public and Private WebsitesPublic and Private Websites


DNS EnumeratorDNS Enumerator


SpiderFootSpiderFoot SpiderFoot is a free, open-source, domain

footprinting tool which will scrape the websites on that domain, as well as search Google,Netcraft, Whois, and DNS to build up information like: Subdomains Affiliates Web server versions Users (i.e. /~user) Similar domains Email addresses Netblocks


SpiderFootSpiderFoot


Web Data Extractor ToolWeb Data Extractor Tool


Additional Footprinting ToolsAdditional Footprinting Tools Whois Nslookup ARIN Neo Trace VisualRoute Trace SmartWhois eMailTrackerPro Website watcher Google Earth GEO Spider HTTrack Web Copier E-mail Spider


Whois LookupWhois Lookup With whois lookup, you can get personal and

contact information For example, www.samspade.com


WhoisWhois

Registrant: targetcompany (targetcompany-DOM) # Street Address City, Province State, Pin, Country Domain Name: targetcompany.COM

Domain servers in listed order: NS1.WEBHOST.COM XXX.XXX.XXX.XXX NS2.WEBHOST.COM XXX.XXX.XXX.XXX

Administrative Contact: Surname, Name (SNIDNo-ORG) [email protected] targetcompany (targetcompany-DOM) # Street Address City, Province, State, Pin, Country Telephone: XXXXX Fax XXXXXTechnical Contact: Surname, Name (SNIDNo-ORG) [email protected] targetcompany (targetcompany-DOM) # Street Address City, Province, State, Pin, Country Telephone: XXXXX Fax XXXXX


Online Whois ToolsOnline Whois Tools


NslookupNslookup Nslookup is a program to query Internet domain

name servers. Displays information that can be used to diagnose Domain Name System (DNS) infrastructure.

Helps find additional IP addresses if authoritative DNS is known from whois.

MX record reveals the IP of the mail server. Both Unix and Windows come with a Nslookup

client. Third party clients are also available – E.g. Sam

Spade


NSLookup optionsNSLookup optionsSwitch Function nslookup Launches the nslookup program. host name Returns the IP address for the specified

host name. NAME Displays information about the host/domain

NAME using default server NAME1 NAME2 As above, but uses NAME2 as server help or? Displays information about common

commands set OPTION Sets an option domain=NAME Sets default domain name to NAME. root =NAME Sets root server to NAME. retry=X Sets number of retries to X. timeout=X Sets initial timeout interval to X seconds. type=X


Types of DNS RecordsTypes of DNS Records


Locate the Network RangeLocate the Network Range

Commonly includes: Finding the range of IP

addresses Discerning the subnet

mask

Information Sources: ARIN (American Registry

of Internet Numbers) Traceroute

Hacking Tool: NeoTrace Visual Route


TracerouteTraceroute Traceroute works by exploiting a feature of the Internet

Protocol called TTL, or Time To Live. Traceroute reveals the path IP packets travel between

two systems by sending out consecutive UDP packets with ever-increasing TTLs .

As each router processes a IP packet, it decrements the TTL. When the TTL reaches zero, it sends back a "TTL exceeded" message (using ICMP) to the originator.

Routers with DNS entries reveal the name of routers, network affiliation and geographic location.


Trace Route AnalysisTrace Route Analysis


Tool: NeoTrace (Now McAfee Visual Tool: NeoTrace (Now McAfee Visual Trace)Trace)

NeoTrace shows the traceroute output visually – map view, node view and IP view


Tool: VisualRoute TraceTool: VisualRoute Trace


Tool: Path Analyzer Pro - Tool: Path Analyzer Pro - http://vostrom.comhttp://vostrom.com


Path Analyzer Pro ScreenshotPath Analyzer Pro Screenshot


GoogleEarthGoogleEarth


GoogleEarth Showing PentagonGoogleEarth Showing Pentagon


Tool: SmartWhoisTool: SmartWhoisSmartWhois is a useful network information utility that allows you to find out all available information about an IP address, host name, or domain, including country, state or province, city, name of the network provider, administrator and technical support contact information

Unlike standard Whois utilities, SmartWhois can find the information about a computer located in any part of the world, intelligently querying the right database and delivering all the related records within a few seconds.


Tool: eMailTrackerProTool: eMailTrackerPro

eMailTrackerPro is the e-mail analysis tool that enables analysis of an e-mail and its headers automatically and provides graphical results


How to Setup a Fake Website?How to Setup a Fake Website?


Website Stealing Tool: ReamweaverWebsite Stealing Tool: Reamweaver Reamweaver has everything you need to

instantly “steal" anyone's website, copying the real-time "look and feel" but letting you change any words, images, etc. that you choose

When a visitor visits a page on your stolen (mirrored) website, Reamweaver gets the page from the target domain, changes the words as you specify, and stores the result (along with images, etc.) in the fake website

With this tool your fake website will always look current, Reamweaver automatically updates the fake mirror when the content changes in the original website

Download: http://www.eccouncil.org/cehtools/reamweaver.zip

module 2 foot printing

Technology

contact information

initial information

domain footprinting

available information

nslookup nslookup

rich information

sensitive information

footprinting footprinting