Pipl com ou 123people com

Foot Printing

This hands-on guide demonstrates how to conduct "Footprinting of a network" The best way to ensure your infrastructure is secure is to understand the steps an intruder may use to footprint a reconnaissance a network.

Choose one of the below paths Easy or Hard provide screenshots and a summary of your findings, "If you do both, you will receive extra credit."

This exercise is exploratory (no right or wrong answer)

GUI - Easy

1. Go to dnschecker.org input "www.motionborg.com"

Go through the text records (A, AAAA, CNAME, MX, NS, PTR, SRV, SOA, TXT, CAA) In a word document copy and paste the information (Blue Text) of all the Text Record information
2. Use Sam Spade to get more information about the network, what ever you find put it in the word document as well. Sam Spade Video (If you do not like this video Google Sam Spade Footprinting)

Manually-Hard

3. Use Command Prompt: Run Traceroute on www.motionborg.com to get more details see document here

4. Use Command Prompt to Use nslookup see document here

Consider:

Is the site www.motionborg.com secure with SSL? is the site vulnerable to script injection attacks?
Look at the source code does anything stand out to you?
What did you find out about the network?
Are other networks connected to it?
Is it a Linux or Windows server
Based on your findings what are some vulnerabilities
Note: It is really easy to get stuck in the Matrix, do not dive to in-depth - just the surface of gathering information.

Footprinting and Reconnaissance

Module 02

Exam 312-50 Certified Ethical HackerEthical Hacking and Countermeasures Footprinting and Reconnaissance

Footprinting and Reconnaissance

Module 02

Ethical Hacking and Countermeasures v8 M o dule 02: Footprinting and Reconnaissance

Exam 312-50

Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil All Rights Reserved. Reproduction is Strictly Prohibited.

Module 02 Page 92

Exam 312-50 Certified Ethical HackerEthical Hacking and Countermeasures Footprinting and Reconnaissance

Security News PRODUCTSABOUT US

Copyright © by EG-G*ancil. All Rights Reserved. Reproduction is Strictly Prohibited.

N E W S

Facebook a 'treasure trove' of April 1a 2012 Personally Identifiab le Inform ation Facebook contains a "treasure trove" of personally identifiable information that hackers manage to get their hands on. A report by Imperva revealed that users' "general personal information" can often include a date of birth, home address and sometimes mother's maiden name, allowing hackers to access this and other websites and applications and create targeted spearphishing campaigns. It detailed a concept I call "friend-mapping", where an attacker can get further knowledge of a user’s circle of friends; having accessed their account and posing as a trusted friend, they can cause mayhem. This can include requesting the transfer of funds and extortion. Asked why Facebook is so important to hackers, Imperva senior security strategist Noa Bar-Yosef said: "People also add work friends on Facebook so a team leader can be identified and this can lead to corporate data being accessed, project work being discussed openly, while geo-location data can be detailed for military intelligence." "Hacktivism made up 58 per cent of attacks in the Verizon Data Breach Intelligence Report, and they are going after information on Facebook that can be used to humiliate a person. All types of attackers have their own techniques." http://www.scmogazineuk.com

״ Security Newsamps ״־ uii Facebook a ,treasure trove״ of Personally Identifiable

Information Source: http://www.scmagazineuk.com

Facebook contains a "treasure trove" of personally identifiable information that hackers manage to get their hands on.

A report by Imperva revealed that users' "general personal information" can often include a date of birth, home address and sometimes mother's maiden name, allowing hackers to access this and other websites and applications and create targeted spearphishing campaigns.

It detailed a concept I call "friend-mapping", where an attacker can get further knowledge of a user's circle of friends; having accessed their account and posing as a trusted friend, they can cause mayhem. This can include requesting the transfer of funds and extortion.

Asked why Facebook is so important to hackers, Imperva senior security strategist Noa Bar- Yosef said: ״People also add work friends on Facebook so a team leader can be identified and this can lead to corporate data being accessed, project work being discussed openly, while geo- location data can be detailed for military intelligence."

Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil All Rights Reserved. Reproduction is Strictly Prohibited.

Module 02 Page 93

http://www.scmogazineuk.com
http://www.scmagazineuk.com
Exam 312-50 Certified Ethical HackerEthical Hacking and Countermeasures Footprinting and Reconnaissance

"Hacktivism made up 58 per cent of attacks in the Verizon Data Breach Intelligence Report, and they are going after information on Facebook that can be used to humiliate a person. All types of attackers have their own techniques."

On how attackers get a password in the first place, Imperva claimed that different keyloggers are used, while phishing kits that create a fake Facebook login page have been seen, and a more primitive method is a brute force attack, where the attacker repeatedly attempts to guess the user's password.

In more extreme cases, a Facebook administrators rights can be accessed. Although it said that this requires more effort on the hacker side and is not as prevalent, it is the "holy grail" of attacks as it provides the hacker with data on all users.

On protection, Bar-Yosef said the roll-out of SSL across the whole website, rather than just at the login page, was effective, but users still needed to opt into this.

By Dan Raywood

http://www.scmagazine.com.au/Feature/265065,digitial-investigations-have-matured.aspx

Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil All Rights Reserved. Reproduction is Strictly Prohibited.

Module 02 Page 94

http://www.scmagazine.com.au/Feature/265065,digitial-investigations-have-matured.aspx
Exam 312-50 Certified Ethical HackerEthical Hacking and Countermeasures Footprinting and Reconnaissance

C EHModule Objectives

J Footprinting Terminology J WHOIS Footprinting

J What Is Footprinting? J DNS Footprinting

J Objectives of Footprinting J Network Footprinting

J Footprinting Threats J Footprinting through Social Engineering

W J Footprinting through Social J Website Footprinting Networking Sites J Email Footprinting J Footprinting Tools J Competitive Intelligence J Footprinting Countermeasures J Footprinting Using Google J Footprinting Pen Testing

Copyright © by EC-G*ancil. All Rights Reserved. Reproduction is Strictly Prohibited.

M odule O bjectives This module will make you familiarize with the following:

e Footprinting Terminologies © WHOIS Footprinting

e What Is Footprinting? © DNS Footprinting

© Objectives of Footprinting © Network Footprinting

© Footprinting Threats © Footprinting through Social Engineering

e Footprinting through Search Engines Footprinting through Social©

© Website Footprinting Networking Sites

© Email Footprinting © Footprinting Tools

© Competitive Intelligence © Footprinting Countermeasures

© Footprinting Using Google © Footprinting Pen Testing

Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil All Rights Reserved. Reproduction is Strictly Prohibited.

Module 02 Page 95

t t

t f

Exam 312-50 Certified Ethical HackerEthical Hacking and Countermeasures Footprinting and Reconnaissance

M odule Flow Ethical hacking is legal hacking conducted by a penetration tester in order to evaluate

the security of an IT infrastructure with the permission of an organization. The concept of ethical hacking cannot be explained or cannot be performed in a single step; therefore, it has been divided into several steps. Footprinting is the first step in ethical hacking, where an attacker tries to gather information about a target. To help you better understand footprinting, it has been distributed into various sections:

Xj Footprinting Concepts [|EJ Footprinting Tools

Footprinting Threats FootPrint'ng Countermeasures

C J Footprinting Methodology Footprinting Penetration Testing

Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil All Rights Reserved. Reproduction is Strictly Prohibited.

Module 02 Page 96

Exam 312-50 Certified Ethical HackerEthical Hacking and Countermeasures Footprinting and Reconnaissance

The Footprinting Concepts section familiarizes you with footprinting, footprinting terminology, why footprinting is necessary, and the objectives of footprinting.

Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil All Rights Reserved. Reproduction is Strictly Prohibited.

Module 02 Page 97

Exam 312-50 Certified Ethical HackerEthical Hacking and Countermeasures Footprinting and Reconnaissance

Footprinting Terminology CEH

Active Information Gathering

Gather information through social engineering on-site visits, interviews, and questionnaires

Pseudonymous Footprinting

Collect information that might be published under a different name in an attempt to preserve privacy

Open Source or Passive Information Gathering

Collect information about a target from the publicly accessible sources

Anonymous Footprinting

Gather information from sources where the author of the information cannot

be identified or traced

Internet Footprinting

Collect information about a target from the Internet

Organizational or Private Footprinting

Collect information from an organization's web-based calendar and email services

Copyright © by EC-G*ancil. All Rights Reserved. Reproduction is Strictly Prohibited.

00 - ooo

—00־ Footprinting Term inology Before going deep into the concept, it is important to know the basic terminology

used in footprinting. These terms help you understand the concept of footprinting and its structures.

Open Source or Passive Information Gathering !,n'nVn'nVI

Open source or passive information gathering is the easiest way to collect information about the target organization. It refers to the process of gathering information from the open sources, i.e., publicly available sources. This requires no direct contact with the target organization. Open sources may include newspapers, television, social networking sites, blogs, etc.

Using these, you can gather information such as network boundaries, IP address reachable via the Internet, operating systems, web server software used by the target network, TCP and UDP services in each system, access control mechanisms, system architecture, intrusion detection systems, and so on.

Active Information Gathering In active information gathering, process attackers mainly focus on the employees of

Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil All Rights Reserved. Reproduction is Strictly Prohibited.

Module 02 Page 98

Exam 312-50 Certified Ethical HackerEthical Hacking and Countermeasures Footprinting and Reconnaissance

the target organization. Attackers try to extract information from the employees by conducting social engineering: on-site visits, interviews, questionnaires, etc.

This refers to the process of collecting information from sources anonymously so that your efforts cannot be traced back to you.

<— —i Pseudonym ous Footprinting Pseudonymous footprinting refers to the process of collecting information from the

sources that have been published on the Internet but is not directly linked to the author's name. The information may be published under a different name or the author may have a well-established pen name, or the author may be a corporate or government official and be prohibited from posting under his or her original name. Irrespective of the reason for hiding the

Private footprint""ing involves collecting information from an organization's web- based calendar and email services.

| | Internet Footprinting Internet footprinting refers to the process of collecting information of the target

organization's connections to the Internet.

Anonymous Footprinting

author's name, collecting information from such sources is called pseudonymous. r *s • V t 4 THI 4 • 4 •Organizational or Private Footprinting

Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil All Rights Reserved. Reproduction is Strictly Prohibited.

Module 02 Page 99

Exam 312-50 Certified Ethical HackerEthical Hacking and Countermeasures Footprinting and Reconnaissance

W hat I s F o o tp rin tin g ? | Footprinting is the process of collecting as much information as possible about a target network, for identifying various ways to intrude into an organization's network system

Process involved in Footprinting a Target

Determine the operating system used, platforms running, web server versions, etc.

© Find vulnerabilities and exploitsfor launching attacks

Collect basic information about the target and its network©

di i iH a a a י ,af

■

Perform techniques such as Whois, DNS, network and organizational queries

Copyright © by EC-G*ancil. All Rights Reserved. Reproduction is Strictly Prohibited.

What Is Footprinting? Footprinting, the first step in ethical hacking, refers to the process of collecting

information about a target network and its environment. Using footprinting you can find various ways to intrude into the target organization's network system. It is considered .methodological" because critical information is sought based on a previous discovery״

Once you begin the footprinting process in a methodological manner, you will obtain the blueprint of the security profile of the target organization. Here the term "blueprint" is used because the result that you get at the end of footprinting refers to the unique system profile of the target organization.

There is no single methodology for footprinting as you can trace information in several routes. However, this activity is important as all crucial information needs to be gathered before you begin hacking. Hence, you should carry out the footprinting precisely and in an organized manner.

You can collect information about the target organization through the means of footprinting in four steps:

1. Collect basic information about the target and its network

2. Determine the operating system used, platforms running, web server versions, etc.

Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil All Rights Reserved. Reproduction is Strictly Prohibited.

Module 02 Page 100

Exam 312-50 Certified Ethical HackerEthical Hacking and Countermeasures Footprinting and Reconnaissance

3. Perform techniques such as Whois, DNS, network and organizational queries

4. Find vulnerabilities and exploits for launching attacks

Furthermore, we will discuss how to collect basic information, determine operating system of target computer, platforms running, and web server versions, various methods of footprinting, and how to find and exploit vulnerabilities in detail.

Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil All Rights Reserved. Reproduction is Strictly Prohibited.

Module 02 Page 101

Exam 312-50 Certified Ethical HackerEthical Hacking and Countermeasures Footprinting and Reconnaissance

W hy F o o tp rin tin g ? CEH Urti*W itkM l lUckw

Why Footprinting? I'n'n'r'n'n'

For attackers to build a hacking strategy, they need to gather information about the target organization's network, so that they can find the easiest way to break into the organization's security perimeter. As mentioned previously, footprinting is the easiest way to gather information about the target organization; this plays a vital role in the hacking process.

Footprinting helps to:

• Know Security Posture

Performing footprinting on the target organization in a systematic and methodical manner gives the complete profile of the organization's security posture. You can analyze this report to figure out loopholes in the security posture of your target organization and then you can build your hacking plan accordingly.

• Reduce Attack Area

By using a combination of tools and techniques, attackers can take an unknown entity (for example XYZ Organization) and reduce it to a specific range of domain names, network blocks, and individual IP addresses of systems directly connected to the Internet, as well as many other details pertaining to its security posture.

Build Information Database

Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil All Rights Reserved. Reproduction is Strictly Prohibited.

Module 02 Page 102

Exam 312-50 Certified Ethical HackerEthical Hacking and Countermeasures Footprinting and Reconnaissance

A detailed footprint provides maximum information about the target organization. Attackers can build their own information database about security weakness of the target organization. This database can then be analyzed to find the easiest way to break into the organization's security perimeter.

• Draw Network Map

Combining footprinting techniques with tools such as Tracert allows the attacker to create network diagrams of the target organization's network presence. This network map represents their understanding of the targets Internet footprint. These network diagrams can guide the attack.

Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil All Rights Reserved. Reproduction is Strictly Prohibited.

Module 02 Page 103

Exam 312-50 Certified Ethical HackerEthical Hacking and Countermeasures Footprinting and Reconnaissance

O bjectives of Footprinting CEH

Networking protocols *-׳ 0 VPN Points 0 ACLs 0 IDSes running 0 Analog/digital telephone numbers 0 Authentication mechanisms tf System Enumeration

0 Domain name 0 Internal domain names 0 Network blocks 0 IP addresses of the reachable systems 0 Rogue websites/private websites 0 TCP and UDP services running 0 Access control Mechanisms and ACL's

0 Comments in HTML source code 0 Security policies implemented 0 Web server links relevant to the

organization 0 Background of the organization 0 News articles/press releases

User and group names ג * System banners

System architecture ־ * Remote system type

1 v/1 >־ • Routing tables : SNMP information

• System names : Passwords

0 Employee details 0 Organization's website 0 Company directory 0 Location details 0 Address and phone numbers

O Collect

O Network Information

Collect System

Information

Collect Organization’s

Information

Copyright © by EC-G*ancil. All Rights Reserved. Reproduction is Strictly Prohibited.

O bjectives of Footprinting The major objectives of footprinting include collecting the target's network

information, system information, and the organizational information. By carrying out footprinting at various network levels, you can gain information such as: network blocks, network services and applications, system architecture, intrusion detection systems, specific IP addresses, and access control mechanisms. With footprinting, information such as employee names, phone numbers, contact addresses, designation, and work experience, and so on can also be obtained.

Collect Network Information The network information can be gathered by performing a Whois database analysis,

trace routing, etc. includes:

Q Domain name

Q Internal domain names

Q Network blocks

© IP addresses of the reachable systems

Rogue websites/private websites י-

Ethical Hacking and Countermeasures Copyright © by EC-COUIICil All Rights Reserved. Reproduction is Strictly Prohibited.

Module 02 Page 104

Exam 312-50 Certified Ethical HackerEthical Hacking and Countermeasures Footprinting and Reconnaissance

Q TCP and UDP services running © Access control mechanisms and ACLs © Networking protocols © VPN points

Q ACLs 9 IDSes running © Analog/digital telephone numbers © Authentication mechanisms © System enumeration

Collect System Information

Q User and group names

© System banners Q Routing tables Q SNMP information © System architecture © Remote system type Q System names Q Passwords

Collect Organization’s Information

Q Employee details Q Organization's website

Q Company directory Q Location details Q Address and phone numbers Q Comments in HTML source code

Q Security policies implemented Q Web server links relevant to the organization © Background of the organization

U News articles/press releases

Ethical Hacking and Countermeasures Copyright © by EC-COUIlCil All Rights Reserved. Reproduction is Strictly Prohibited.

Module 02 Page 105

Exam 312-50 Certified Ethical HackerEthical Hacking and Countermeasures Footprinting and Reconnaissance

M odule Flow So far, we discussed footprinting concepts, and now we will discuss the threats

associated with footprinting:

ף Footprinting Concepts Footprinting Tools

o Footprinting Threats ר Footprinting Countermeasures

C L ) Footprinting Methodology xi Footprinting Penetration Testing ר * ?

The Footprinting Threats section familiarizes you with the threats associated with footprinting such as social engineering, system and network attacks, corporate espionage, etc.

Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil All Rights Reserved. Reproduction is Strictly Prohibited.

Module 02 Page 106

Exam 312-50 Certified Ethical HackerEthical Hacking and Countermeasures Footprinting and Reconnaissance

Business

Footprinting Threats

J Attackers gather valuable system and network information such as account details, operating system and installed applications, network components, server names, database schema details, etc. from footprinting techniques

Types off Threats

Information Privacy Corporate Leakage Loss Espionage LossJ.J

Copyright © by EG-G*ancil. All Rights Reserved. Reproduction is Strictly Prohibited.

Footprinting Threats -ם0ם-

As discussed previously, attackers perform footprinting as the first step in an attempt to hack a target organization. In the footprinting phase, attackers try to collect valuable system- level information such as account details, operating system and other software versions, server names, and database schema details that will be useful in the hacking process.

The following are various threats due to footprinting:

Social Engineering Without using any intrusion methods, hackers directly and indirectly collect

information through persuasion and various other means. Here, crucial information is gathered by the hackers through employees without their consent.

System and Network Attacks © J

Footprinting helps an attacker to perform system and network attacks. Through footprinting, attackers can gather information related to the target organization's system configuration, operating system running on the machine, and so on. Using this information, attackers can find the vulnerabilities present in the target system and then can exploit those

Module 02 Page 107 Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil All Rights Reserved. Reproduction is Strictly Prohibited.

Exam 312-50 Certified Ethical HackerEthical Hacking and Countermeasures Footprinting and Reconnaissance

vulnerabilities. Thus, attackers can take control over a target system. Similarly, attackers can also take control over the entire network.

&pa», Information Leakage L 3 3 Information leakage can be a great threat to any organization and is often overlooked. If sensitive organizational information falls into the hands of attackers, then they can build an attack plan based on the information, or use it for monetary benefits.

G P Privacy L o s s יי—׳ With the help of footprinting, hackers are able to access the systems and networks of

the company and even escalate the privileges up to admin levels. Whatever privacy was maintained by the company is completely lost.

Corporate Espionage Corporate espionage is one of the major threats to companies as competitors can spy

and attempt to steal sensitive data through footprinting. Due to this type of espionage, competitors are able to launch similar products in the market, affecting the market position of a company.

Business Loss Footprinting has a major effect on businesses such as online businesses and other

ecommerce websites, banking and financial related businesses, etc. Billions of dollars are lost every year due to malicious attacks by hackers.

Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil All Rights Reserved. Reproduction is Strictly Prohibited.

Module 02 Page 108

Exam 312-50 Certified Ethical HackerEthical Hacking and Countermeasures Footprinting and Reconnaissance

M odule Flow Now that you are familiar with footprinting concepts and threats, we will discuss the

footprinting methodology.

The footprinting methodology section discusses various techniques used to collect information about the target organization from different sources.

x Footprinting Concepts Footprinting Tools ן־דיןן

Footprinting Threats Footprinting Countermeasures

G O Footprinting Methodology v! Footprinting Penetration Testing

Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil All Rights Reserved. Reproduction is Strictly Prohibited.