Myiptest com staticpages index php how about you

Footprinting and Reconnaissance

Module 02

Exam 312-50 Certified Ethical HackerEthical Hacking and Countermeasures Footprinting and Reconnaissance

Footprinting and Reconnaissance

Module 02

Ethical Hacking and Countermeasures v8 M o dule 02: Footprinting and Reconnaissance

Exam 312-50

Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil All Rights Reserved. Reproduction is Strictly Prohibited.

Module 02 Page 92

Exam 312-50 Certified Ethical HackerEthical Hacking and Countermeasures Footprinting and Reconnaissance

Security News PRODUCTSABOUT US

Copyright © by EG-G*ancil. All Rights Reserved. Reproduction is Strictly Prohibited.

N E W S

Facebook a 'treasure trove' of April 1a 2012 Personally Identifiab le Inform ation Facebook contains a "treasure trove" of personally identifiable information that hackers manage to get their hands on. A report by Imperva revealed that users' "general personal information" can often include a date of birth, home address and sometimes mother's maiden name, allowing hackers to access this and other websites and applications and create targeted spearphishing campaigns. It detailed a concept I call "friend-mapping", where an attacker can get further knowledge of a user’s circle of friends; having accessed their account and posing as a trusted friend, they can cause mayhem. This can include requesting the transfer of funds and extortion. Asked why Facebook is so important to hackers, Imperva senior security strategist Noa Bar-Yosef said: "People also add work friends on Facebook so a team leader can be identified and this can lead to corporate data being accessed, project work being discussed openly, while geo-location data can be detailed for military intelligence." "Hacktivism made up 58 per cent of attacks in the Verizon Data Breach Intelligence Report, and they are going after information on Facebook that can be used to humiliate a person. All types of attackers have their own techniques." http://www.scmogazineuk.com

״ Security Newsamps ״־ uii Facebook a ,treasure trove״ of Personally Identifiable

Information Source: http://www.scmagazineuk.com

Facebook contains a "treasure trove" of personally identifiable information that hackers manage to get their hands on.

A report by Imperva revealed that users' "general personal information" can often include a date of birth, home address and sometimes mother's maiden name, allowing hackers to access this and other websites and applications and create targeted spearphishing campaigns.

It detailed a concept I call "friend-mapping", where an attacker can get further knowledge of a user's circle of friends; having accessed their account and posing as a trusted friend, they can cause mayhem. This can include requesting the transfer of funds and extortion.

Asked why Facebook is so important to hackers, Imperva senior security strategist Noa Bar- Yosef said: ״People also add work friends on Facebook so a team leader can be identified and this can lead to corporate data being accessed, project work being discussed openly, while geo- location data can be detailed for military intelligence."

Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil All Rights Reserved. Reproduction is Strictly Prohibited.

Module 02 Page 93

http://www.scmogazineuk.com
http://www.scmagazineuk.com
Exam 312-50 Certified Ethical HackerEthical Hacking and Countermeasures Footprinting and Reconnaissance

"Hacktivism made up 58 per cent of attacks in the Verizon Data Breach Intelligence Report, and they are going after information on Facebook that can be used to humiliate a person. All types of attackers have their own techniques."

On how attackers get a password in the first place, Imperva claimed that different keyloggers are used, while phishing kits that create a fake Facebook login page have been seen, and a more primitive method is a brute force attack, where the attacker repeatedly attempts to guess the user's password.

In more extreme cases, a Facebook administrators rights can be accessed. Although it said that this requires more effort on the hacker side and is not as prevalent, it is the "holy grail" of attacks as it provides the hacker with data on all users.

On protection, Bar-Yosef said the roll-out of SSL across the whole website, rather than just at the login page, was effective, but users still needed to opt into this.

By Dan Raywood

http://www.scmagazine.com.au/Feature/265065,digitial-investigations-have-matured.aspx

Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil All Rights Reserved. Reproduction is Strictly Prohibited.

Module 02 Page 94

http://www.scmagazine.com.au/Feature/265065,digitial-investigations-have-matured.aspx
Exam 312-50 Certified Ethical HackerEthical Hacking and Countermeasures Footprinting and Reconnaissance

C EHModule Objectives

J Footprinting Terminology J WHOIS Footprinting

J What Is Footprinting? J DNS Footprinting

J Objectives of Footprinting J Network Footprinting

J Footprinting Threats J Footprinting through Social Engineering

W J Footprinting through Social J Website Footprinting Networking Sites J Email Footprinting J Footprinting Tools J Competitive Intelligence J Footprinting Countermeasures J Footprinting Using Google J Footprinting Pen Testing

Copyright © by EC-G*ancil. All Rights Reserved. Reproduction is Strictly Prohibited.

M odule O bjectives This module will make you familiarize with the following:

e Footprinting Terminologies © WHOIS Footprinting

e What Is Footprinting? © DNS Footprinting

© Objectives of Footprinting © Network Footprinting

© Footprinting Threats © Footprinting through Social Engineering

e Footprinting through Search Engines Footprinting through Social©

© Website Footprinting Networking Sites

© Email Footprinting © Footprinting Tools

© Competitive Intelligence © Footprinting Countermeasures

© Footprinting Using Google © Footprinting Pen Testing

Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil All Rights Reserved. Reproduction is Strictly Prohibited.

Module 02 Page 95

t t

t f

Exam 312-50 Certified Ethical HackerEthical Hacking and Countermeasures Footprinting and Reconnaissance

M odule Flow Ethical hacking is legal hacking conducted by a penetration tester in order to evaluate

the security of an IT infrastructure with the permission of an organization. The concept of ethical hacking cannot be explained or cannot be performed in a single step; therefore, it has been divided into several steps. Footprinting is the first step in ethical hacking, where an attacker tries to gather information about a target. To help you better understand footprinting, it has been distributed into various sections:

Xj Footprinting Concepts [|EJ Footprinting Tools

Footprinting Threats FootPrint'ng Countermeasures

C J Footprinting Methodology Footprinting Penetration Testing

Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil All Rights Reserved. Reproduction is Strictly Prohibited.

Module 02 Page 96

Exam 312-50 Certified Ethical HackerEthical Hacking and Countermeasures Footprinting and Reconnaissance

The Footprinting Concepts section familiarizes you with footprinting, footprinting terminology, why footprinting is necessary, and the objectives of footprinting.

Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil All Rights Reserved. Reproduction is Strictly Prohibited.

Module 02 Page 97

Exam 312-50 Certified Ethical HackerEthical Hacking and Countermeasures Footprinting and Reconnaissance

Footprinting Terminology CEH

Active Information Gathering

Gather information through social engineering on-site visits, interviews, and questionnaires

Pseudonymous Footprinting

Collect information that might be published under a different name in an attempt to preserve privacy

Open Source or Passive Information Gathering

Collect information about a target from the publicly accessible sources

Anonymous Footprinting

Gather information from sources where the author of the information cannot

be identified or traced

Internet Footprinting

Collect information about a target from the Internet

Organizational or Private Footprinting

Collect information from an organization's web-based calendar and email services

Copyright © by EC-G*ancil. All Rights Reserved. Reproduction is Strictly Prohibited.

00 - ooo

—00־ Footprinting Term inology Before going deep into the concept, it is important to know the basic terminology

used in footprinting. These terms help you understand the concept of footprinting and its structures.

Open Source or Passive Information Gathering !,n'nVn'nVI

Open source or passive information gathering is the easiest way to collect information about the target organization. It refers to the process of gathering information from the open sources, i.e., publicly available sources. This requires no direct contact with the target organization. Open sources may include newspapers, television, social networking sites, blogs, etc.

Using these, you can gather information such as network boundaries, IP address reachable via the Internet, operating systems, web server software used by the target network, TCP and UDP services in each system, access control mechanisms, system architecture, intrusion detection systems, and so on.

Active Information Gathering In active information gathering, process attackers mainly focus on the employees of

Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil All Rights Reserved. Reproduction is Strictly Prohibited.

Module 02 Page 98

Exam 312-50 Certified Ethical HackerEthical Hacking and Countermeasures Footprinting and Reconnaissance

the target organization. Attackers try to extract information from the employees by conducting social engineering: on-site visits, interviews, questionnaires, etc.

This refers to the process of collecting information from sources anonymously so that your efforts cannot be traced back to you.

<— —i Pseudonym ous Footprinting Pseudonymous footprinting refers to the process of collecting information from the

sources that have been published on the Internet but is not directly linked to the author's name. The information may be published under a different name or the author may have a well-established pen name, or the author may be a corporate or government official and be prohibited from posting under his or her original name. Irrespective of the reason for hiding the

Private footprint""ing involves collecting information from an organization's web- based calendar and email services.

| | Internet Footprinting Internet footprinting refers to the process of collecting information of the target

organization's connections to the Internet.

Anonymous Footprinting

author's name, collecting information from such sources is called pseudonymous. r *s • V t 4 THI 4 • 4 •Organizational or Private Footprinting

Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil All Rights Reserved. Reproduction is Strictly Prohibited.

Module 02 Page 99

Exam 312-50 Certified Ethical HackerEthical Hacking and Countermeasures Footprinting and Reconnaissance

W hat I s F o o tp rin tin g ? | Footprinting is the process of collecting as much information as possible about a target network, for identifying various ways to intrude into an organization's network system

Process involved in Footprinting a Target

Determine the operating system used, platforms running, web server versions, etc.

© Find vulnerabilities and exploitsfor launching attacks

Collect basic information about the target and its network©

di i iH a a a י ,af

■

Perform techniques such as Whois, DNS, network and organizational queries

Copyright © by EC-G*ancil. All Rights Reserved. Reproduction is Strictly Prohibited.

What Is Footprinting? Footprinting, the first step in ethical hacking, refers to the process of collecting

information about a target network and its environment. Using footprinting you can find various ways to intrude into the target organization's network system. It is considered .methodological" because critical information is sought based on a previous discovery״

Once you begin the footprinting process in a methodological manner, you will obtain the blueprint of the security profile of the target organization. Here the term "blueprint" is used because the result that you get at the end of footprinting refers to the unique system profile of the target organization.

There is no single methodology for footprinting as you can trace information in several routes. However, this activity is important as all crucial information needs to be gathered before you begin hacking. Hence, you should carry out the footprinting precisely and in an organized manner.

You can collect information about the target organization through the means of footprinting in four steps:

1. Collect basic information about the target and its network

2. Determine the operating system used, platforms running, web server versions, etc.

Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil All Rights Reserved. Reproduction is Strictly Prohibited.

Module 02 Page 100

Exam 312-50 Certified Ethical HackerEthical Hacking and Countermeasures Footprinting and Reconnaissance

3. Perform techniques such as Whois, DNS, network and organizational queries

4. Find vulnerabilities and exploits for launching attacks

Furthermore, we will discuss how to collect basic information, determine operating system of target computer, platforms running, and web server versions, various methods of footprinting, and how to find and exploit vulnerabilities in detail.

Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil All Rights Reserved. Reproduction is Strictly Prohibited.

Module 02 Page 101

Exam 312-50 Certified Ethical HackerEthical Hacking and Countermeasures Footprinting and Reconnaissance

W hy F o o tp rin tin g ? CEH Urti*W itkM l lUckw

Why Footprinting? I'n'n'r'n'n'

For attackers to build a hacking strategy, they need to gather information about the target organization's network, so that they can find the easiest way to break into the organization's security perimeter. As mentioned previously, footprinting is the easiest way to gather information about the target organization; this plays a vital role in the hacking process.

Footprinting helps to:

• Know Security Posture

Performing footprinting on the target organization in a systematic and methodical manner gives the complete profile of the organization's security posture. You can analyze this report to figure out loopholes in the security posture of your target organization and then you can build your hacking plan accordingly.

• Reduce Attack Area

By using a combination of tools and techniques, attackers can take an unknown entity (for example XYZ Organization) and reduce it to a specific range of domain names, network blocks, and individual IP addresses of systems directly connected to the Internet, as well as many other details pertaining to its security posture.

Build Information Database

Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil All Rights Reserved. Reproduction is Strictly Prohibited.

Module 02 Page 102

Exam 312-50 Certified Ethical HackerEthical Hacking and Countermeasures Footprinting and Reconnaissance

A detailed footprint provides maximum information about the target organization. Attackers can build their own information database about security weakness of the target organization. This database can then be analyzed to find the easiest way to break into the organization's security perimeter.

• Draw Network Map

Combining footprinting techniques with tools such as Tracert allows the attacker to create network diagrams of the target organization's network presence. This network map represents their understanding of the targets Internet footprint. These network diagrams can guide the attack.

Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil All Rights Reserved. Reproduction is Strictly Prohibited.

Module 02 Page 103

Exam 312-50 Certified Ethical HackerEthical Hacking and Countermeasures Footprinting and Reconnaissance

O bjectives of Footprinting CEH

Networking protocols *-׳ 0 VPN Points 0 ACLs 0 IDSes running 0 Analog/digital telephone numbers 0 Authentication mechanisms tf System Enumeration

0 Domain name 0 Internal domain names 0 Network blocks 0 IP addresses of the reachable systems 0 Rogue websites/private websites 0 TCP and UDP services running 0 Access control Mechanisms and ACL's

0 Comments in HTML source code 0 Security policies implemented 0 Web server links relevant to the

organization 0 Background of the organization 0 News articles/press releases

User and group names ג * System banners

System architecture ־ * Remote system type

1 v/1 >־ • Routing tables : SNMP information

• System names : Passwords

0 Employee details 0 Organization's website 0 Company directory 0 Location details 0 Address and phone numbers

O Collect

O Network Information

Collect System

Information

Collect Organization’s

Information

Copyright © by EC-G*ancil. All Rights Reserved. Reproduction is Strictly Prohibited.

O bjectives of Footprinting The major objectives of footprinting include collecting the target's network

information, system information, and the organizational information. By carrying out footprinting at various network levels, you can gain information such as: network blocks, network services and applications, system architecture, intrusion detection systems, specific IP addresses, and access control mechanisms. With footprinting, information such as employee names, phone numbers, contact addresses, designation, and work experience, and so on can also be obtained.

Collect Network Information The network information can be gathered by performing a Whois database analysis,

trace routing, etc. includes:

Q Domain name

Q Internal domain names

Q Network blocks

© IP addresses of the reachable systems

Rogue websites/private websites י-

Ethical Hacking and Countermeasures Copyright © by EC-COUIICil All Rights Reserved. Reproduction is Strictly Prohibited.

Module 02 Page 104

Exam 312-50 Certified Ethical HackerEthical Hacking and Countermeasures Footprinting and Reconnaissance

Q TCP and UDP services running © Access control mechanisms and ACLs © Networking protocols © VPN points

Q ACLs 9 IDSes running © Analog/digital telephone numbers © Authentication mechanisms © System enumeration

Collect System Information

Q User and group names

© System banners Q Routing tables Q SNMP information © System architecture © Remote system type Q System names Q Passwords

Collect Organization’s Information

Q Employee details Q Organization's website

Q Company directory Q Location details Q Address and phone numbers Q Comments in HTML source code

Q Security policies implemented Q Web server links relevant to the organization © Background of the organization

U News articles/press releases

Ethical Hacking and Countermeasures Copyright © by EC-COUIlCil All Rights Reserved. Reproduction is Strictly Prohibited.

Module 02 Page 105

Exam 312-50 Certified Ethical HackerEthical Hacking and Countermeasures Footprinting and Reconnaissance

M odule Flow So far, we discussed footprinting concepts, and now we will discuss the threats

associated with footprinting:

ף Footprinting Concepts Footprinting Tools

o Footprinting Threats ר Footprinting Countermeasures

C L ) Footprinting Methodology xi Footprinting Penetration Testing ר * ?

The Footprinting Threats section familiarizes you with the threats associated with footprinting such as social engineering, system and network attacks, corporate espionage, etc.

Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil All Rights Reserved. Reproduction is Strictly Prohibited.

Module 02 Page 106

Exam 312-50 Certified Ethical HackerEthical Hacking and Countermeasures Footprinting and Reconnaissance

Business

Footprinting Threats

J Attackers gather valuable system and network information such as account details, operating system and installed applications, network components, server names, database schema details, etc. from footprinting techniques

Types off Threats

Information Privacy Corporate Leakage Loss Espionage LossJ.J

Copyright © by EG-G*ancil. All Rights Reserved. Reproduction is Strictly Prohibited.

Footprinting Threats -ם0ם-

As discussed previously, attackers perform footprinting as the first step in an attempt to hack a target organization. In the footprinting phase, attackers try to collect valuable system- level information such as account details, operating system and other software versions, server names, and database schema details that will be useful in the hacking process.

The following are various threats due to footprinting:

Social Engineering Without using any intrusion methods, hackers directly and indirectly collect

information through persuasion and various other means. Here, crucial information is gathered by the hackers through employees without their consent.

System and Network Attacks © J

Footprinting helps an attacker to perform system and network attacks. Through footprinting, attackers can gather information related to the target organization's system configuration, operating system running on the machine, and so on. Using this information, attackers can find the vulnerabilities present in the target system and then can exploit those

Module 02 Page 107 Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil All Rights Reserved. Reproduction is Strictly Prohibited.

Exam 312-50 Certified Ethical HackerEthical Hacking and Countermeasures Footprinting and Reconnaissance

vulnerabilities. Thus, attackers can take control over a target system. Similarly, attackers can also take control over the entire network.

&pa», Information Leakage L 3 3 Information leakage can be a great threat to any organization and is often overlooked. If sensitive organizational information falls into the hands of attackers, then they can build an attack plan based on the information, or use it for monetary benefits.

G P Privacy L o s s יי—׳ With the help of footprinting, hackers are able to access the systems and networks of

the company and even escalate the privileges up to admin levels. Whatever privacy was maintained by the company is completely lost.

Corporate Espionage Corporate espionage is one of the major threats to companies as competitors can spy

and attempt to steal sensitive data through footprinting. Due to this type of espionage, competitors are able to launch similar products in the market, affecting the market position of a company.

Business Loss Footprinting has a major effect on businesses such as online businesses and other

ecommerce websites, banking and financial related businesses, etc. Billions of dollars are lost every year due to malicious attacks by hackers.

Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil All Rights Reserved. Reproduction is Strictly Prohibited.

Module 02 Page 108

Exam 312-50 Certified Ethical HackerEthical Hacking and Countermeasures Footprinting and Reconnaissance

M odule Flow Now that you are familiar with footprinting concepts and threats, we will discuss the

footprinting methodology.

The footprinting methodology section discusses various techniques used to collect information about the target organization from different sources.

x Footprinting Concepts Footprinting Tools ן־דיןן

Footprinting Threats Footprinting Countermeasures

G O Footprinting Methodology v! Footprinting Penetration Testing

Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil All Rights Reserved. Reproduction is Strictly Prohibited.

Module 02 Page 109

Exam 312-50 Certified Ethical HackerEthical Hacking and Countermeasures Footprinting and Reconnaissance

EHFootprinting Methodology

WHOIS Footprinting

DNS Footprinting

Network Footprinting

Footprinting through Social Engineering

Footprinting through Social Networking Sites

Footprinting through Search Engines

Website Footprinting

Email Footprinting

Competitive Intelligence

Footprinting using Google

Copyright © by EG-G*ancil. All Rights Reserved. Reproduction is Strictly Prohibited.

I— ^ Footprinting M ethodology The footprinting methodology is a procedural way of collecting information about a

target organization from all available sources. It deals with gathering information about a target organization, determining URL, location, establishment details, number of employees, the specific range of domain names, and contact information. This information can be gathered from various sources such as search engines, Whois databases, etc.

Search engines are the main information sources where you can find valuable information about your target organization. Therefore, first we will discuss footprinting through search engines. Here we are going to discuss how and what information we can collect through search engines.

Examples of search engines include: www.google.com,www.yahoo.com,www.bing.com

Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil All Rights Reserved. Reproduction is Strictly Prohibited.

Module 02 Page 110

http://www.bing.com
Exam 312-50 Certified Ethical HackerEthical Hacking and Countermeasures Footprinting and Reconnaissance

Footprinting through Search Engines

Microsoft ■»0aMus •»»!*•>>** •rcicspthi Mciim* Cxivxaco MC.rr 1 nm Anmw MCDMT zerperator

nd P»> b u r* , Ajn 4 1V: Mem* n th■ Microsoft

i 1m:am iiwm 1ywV '׳« •tnnn̂ r •-••אי *an

s* יי

Footprinting through Search Engines w , --

A web search engine is designed to search for information on the World Wide Web. The search results are generally presented in a line of results often referred to as search engine results pages (SERPs). In the present world, many search engines allow you to extract a target organization's information such as technology platforms, employee details, login pages, intranet portals, and so on. Using this information, an attacker may build a hacking strategy to break into the target organization's network and may carry out other types of advanced system attacks. A Google search could reveal submissions to forums by security personnel that reveal brands of firewalls or antivirus software in use at the target. Sometimes even network diagrams are found that can guide an attack.

If you want to footprint the target organization, for example XYZ pvt ltd, then type XYZ pvt ltd in the Search box of the search engine and press Enter. This will display all the search results containing the keywords "XYZ pvt ltd." You can even narrow down the results by adding a specific keyword while searching. Furthermore, we will discuss other footprinting techniques such as website footprinting and email Footprinting.

For example, consider an organization, perhaps Microsoft. Type Microsoft in the Search box of a search engine and press Enter; this will display all the results containing information about Microsoft. Browsing the results may provide critical information such as physical location,

Attackers use search engines to extract information about a target such as technology platforms, employee details, login pages, intranet portals, etc. which helps in performing social engineering and other types of advanced system attacks

J Search engine cache may provide sensitive information that has been removed from the World Wide Web (WWW)

Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil All Rights Reserved. Reproduction is Strictly Prohibited.

Module 02 Page 111

Exam 312-50 Certified Ethical HackerEthical Hacking and Countermeasures Footprinting and Reconnaissance

contact address, the services offered, number of employees, etc. that may prove to be a valuable source for hacking.

O © wcbcachc.googleusercontent.com scarch?q-cache:ARbFVg INvoJ:en. wikipcdia.org/wiki/Micn & ,ן|

This i3 Google's cache of http i / e n wikipedia 0rgAviki/Microsoft t is a snapshot of the page as it appeared on 17 Jul 2012 13:15:03 GMT The current page could have changed in the meantirre Learn more

Text-only /ersicn

Create account & Log in

Read View source View history

Microsoft W־N 122‘74242״55 22*38'47 -

M icrosort c o rp o ra tio n

Microsoft׳ Type Rjblc

Traded as NASDAQ: MSFT ̂ SEHK: 4333 (£> Cow Jones Industrial Average component NASDAQ-100 component S&P50D component

Induttry Computer tofiwar• Onlir• t#rvic♦• Video gorroo

Founded Albuquerque, New Mexico, United States (April 4,1975)

Founder(•) Bill Gates, Paul Alien

Headquarters Microsoft Redmond Campts,

From Wikipedia. the free encyclopedia

Microsoft Corporation (NASDAQ: MSFTt? ) is ar American multinational corporation headquartered n ReJrrond. Washington. United States that develops, manufactures licenses, and supports a wide range cf products and services rolatod to computing. Tho company was foundoc by Bill Gatos and Paul Allen on Apr J 4. 1975. Microsoft is the world's largest software corporation measured by revenues Microsoft was established to develop and sell BASC inteipieteis foi the Altai! 8800 It rose to dominate the home computer operating system market wth MS-OOS n the mid• 1980s followed by the Microsoft Wndows line of operating systems The company’s 1986 initial public oferng. and subsequent rise in the share price, created ar estimated three billionaires and 12.000 millionaires from Microsoft employees Since the 1990s. the company has increasingly d1\ersrf1ed from the operating system market. In May 2011 Microsoft acquired Skype for $8 5 billion in its largest acquisition to date PI

Main page Contents Featured content Current events Random article Donate to vviKipeaia

Interaction Help About Wikipedia Community portal Recent changes Contact Wikipedia

► Print/export

▼ Languages

FIGURE 2.1: Screenshot showing information about Microsoft

As an ethical hacker, if you find any sensitive information of your company in the search engine result pages, you should remove that information. Although you remove the sensitive information, it may still be available in a search engine cache. Therefore, you should also check the search engine cache to ensure that the sensitive data is removed permanently.

Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil All Rights Reserved. Reproduction is Strictly Prohibited.

Module 02 Page 112

Exam 312-50 Certified Ethical HackerEthical Hacking and Countermeasures Footprinting and Reconnaissance

CEHFinding Company’s External and Internal URLs

Tools to Search Internal URLs

5 http://news.netcraft.com 6 http://www.webmaster-a.com/

link-extractor-internal.php

A

Internal URL’s of m icrosoft.com

f j ^ ,

t) support.microsoft.com e office.microsoft.com s search.microsoft.com 0 msdn.microsoft.com O update.microsoft.com 6 technet.microsoft.com 0 windows.microsoft.com

Search for the target company's external URL in a search engine such as Google or Bing

Internal URLs provide an insight into different departments and business units in an organization

You may find an internal company's URL by trial and error method

Copyright © by EG-G(IIIICil. All Rights Reserved. Reproduction is Strictly Prohibited.

Finding Com pany’s External and Internal URLs A company's external and internal URLs provide a lot of useful information to the

attacker. These URLs describe the company and provide details such as the company mission and vision, history, products or services offered, etc. The URL that is used outside the corporate network for accessing the company's vault server via a firewall is called an external URL. It links directly to the company's external web page. The target company's external URL can be determined with the help of search engines such as Google or Bing.

If you want to find the external URL of a company, follow these steps:

1. Open any of the search engines, such as Google or Bing.

2. Type the name of the target company in the Search box and press Enter.

The internal URL is used for accessing the company's vault server directly inside the corporate network. The internal URL helps to access the internal functions of a company. Most companies use common formats for internal URLs. Therefore, if you know the external URL of a company, you can predict an internal URL through trial and error. These internal URLs provide insight into different departments and business units in an organization. You can also find the internal URLs of an organization using tools such as netcraft.

Tools to Search Internal URLs

Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil All Rights Reserved. Reproduction is Strictly Prohibited.

Module 02 Page 113

http://news.netcraft.com
http://www.webmaster-a.com/
Exam 312-50 Certified Ethical HackerEthical Hacking and Countermeasures Footprinting and Reconnaissance

Netcraft Source: http://news.netcraft.com

Netcraft deals with web server, web hosting market-share analysis, and operating system detection. It provides free anti-phishing toolbar (Net craft toolbar) for Firefox as well as Internet Explorer browsers. The netcraft toolbar avoids phishing attacks and protects the Internet users from fraudsters. It checks the risk rate as well as the hosting location of the websites we visit.

Link Extractor Source: http://www.webmaster-a.com/link-extractor-internal.php

Link Extractor is a link extraction utility that allows you to choose between external and internal URLs, and will return a plain list of URLs linked to or an html list. You can use this utility to competitor sites.

Examples of internal URLs of microsoft.com:

© support.microsoft.com

© office.microsoft.com

© search.microsoft.com

© msdn.microsoft.com

© update.microsoft.com

© technet.microsoft.com

© windows.microsoft.com

Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil All Rights Reserved. Reproduction is Strictly Prohibited.

Module 02 Page 114

http://news.netcraft.com
http://www.webmaster-a.com/link-extractor-internal.php
Exam 312-50 Certified Ethical HackerEthical Hacking and Countermeasures Footprinting and Reconnaissance

CEH Urt1fw4 ilh iul lUtbM

Public and R estricted W ebsites

http://answers.microsoft.comhttp://offlce.microsoft.com

Restricted Website

Copyright © by EG-G(IIIICil. All Rights Reserved. Reproduction is Strictly Prohibited.

Public and Restricted W ebsites —___ , A public website is a website designed to show the presence of an organization on the

Internet. It is designed to attract customers and partners. It contains information such as company history, services and products, and contact information of the organization.

The following screenshot is an example of a public website:

Source: http://www.microsoft.com

h ttp ://w w w .m ic ro s o ft.c o m

Public Website

Welcome to Microsoft Irocua Dt+noaSz Sicuity Stifpcrt Su

Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil All Rights Reserved. Reproduction is Strictly Prohibited.

Module 02 Page 115

http://answers.microsoft.com
http://offlce.microsoft.com
http://www.microsoft.com
http://www.microsoft.com
Exam 312-50 Certified Ethical HackerEthical Hacking and Countermeasures Footprinting and Reconnaissance

FIGURE 2.2: An example of public website

A restricted website is a website that is available to only a few people. The people may be employees of an organization, members of a department, etc. Restrictions can be applied based on the IP number, domain or subnet, username, and password. Restricted or private websites of microsoft.com include: http://technet.microsoft.com, http://windows.microsoft.com, http://office.microsoft.com, and http://answers.microsoft.com.

Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil All Rights Reserved. Reproduction is Strictly Prohibited.

Module 02 Page 116

http://technet.microsoft.com
http://windows.microsoft.com
http://office.microsoft.com
http://answers.microsoft.com
Exam 312-50 Certified Ethical HackerEthical Hacking and Countermeasures Footprinting and Reconnaissance

C ־4 Hc*w*OT*

Microsoft | TechNet

W1*• lM«»l .<*<»%

I TKMCINfMS IVMUAIIOM fVINIl U*VKTU*I% IKHMlMkOC

Discover the New Office for IT Prc

|(«4a> tNc«r iecK ewr Shw1»ew1 » 1 >•

I Tc<»C«mer Ntw Office 10* IT *tot IW ftM T tMfmqt 2011 *o I

EZESZ1

NBOUn lunott ■WACtt U V fjm OOMQW

Welcome to Office

F - .

ML i with Office 365

FIGURE 2.3: Examples of Public and Restricted websites

Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil All Rights Reserved. Reproduction is Strictly Prohibited.

Module 02 Page 117

Exam 312-50 Certified Ethical HackerEthical Hacking and Countermeasures Footprinting and Reconnaissance

Collect Location Information CEH

Use Google Earth tool to get the location of the place

Collect Location Information Information such as physical location of the organization plays a vital role in the

hacking process. This information can be obtained using the footprinting technique. In addition to physical location, we can also collect information such as surrounding public Wi-Fi hotspots that may prove to be a way to break into the target organization's network.

Attackers with the knowledge of a target organization's location may attempt dumpster diving, surveillance, social engineering, and other non-technical attacks to gather much more information about the target organization. Once the location of the target is known, detailed satellite images of the location can be obtained using various sources available on the Internet such as http://www.google.com/earth and https://maps.google.com. Attackers can use this information to gain unauthorized access to buildings, wired and wireless networks, systems, and so on.

Example: earth.google.com

Google Earth is a valuable tool for hacking that allows you to find a location, point, and zoom into that location to explore. You can even access 3D images that depict most of the Earth in high-resolution detail.

Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil All Rights Reserved. Reproduction is Strictly Prohibited.

Module 02 Page 118

http://www.google.com/earth
https://maps.google.com