About footprinting



FootprintingAbout footprintingFootprinting refers to the process of gathering information about a target system. It is the first step of an attack in which the attacker tries to learn as much as possible about the target to find a way to break into the system.There are two types of footprinting:Passive footprintingActive footprintingPassive footprinting means collecting information without interacting with the target directly. This type of footprinting is used when information gathering must not be detected by the target.Active footprinting means collecting information by interacting with the target directly. With this type of footprinting there is a chance that the target becomes aware of the information gathering.Attackers use footprinting to collect the following information:Network informationDomainsSubdomainsIP addressesWhois and DNS recordsSystem informationWeb server operating systemsServer locationsUsersPasswords Organization informationEmployee informationOrganization’s backgroundPhone numbersLocationsThe objectives of footprinting are to:Learn security postureAnalyze the security posture of the target, find loopholes, and create an attack plan.Identify focus areaUsing different tools and techniques, narrow down the range of IP addresses.Find vulnerabilitiesUse the collected information to identify weaknesses in the target’s security.Map the networkGraphically represent the target’s network and use it as a guide during the attack.Search engine and online resourcesSearch engines can be used to extract information about the target organization. Search results can include information about the target organization’s employees, intranet, login pages, and other information that could be useful to attackers. One way of gathering information using search engines is by utilizing google hacking techniques.Google hacking is a technique which attackers use to perform a complex search and extract important information about their targets. It involves using a set of search operators and building complex queries. The operators that are used in Google hacking are called dorks. Following are most commonly used dorks:dorkdefinitionexamplesiteLimits the results to the specified domain[course site:]allinurlLimits the results to the pages that have all the query terms in the URL.[allinurl: search google]inurlLimits the results only to those pages that have the query term in the URL[inurl: linuxacademy]allintitleLimits the results to the pages that have all the query terms in the title[allintitle: linux academy security]intitleLimits the results only to those pages that have the query term in the title[intitle: linux]inanchorLimits the results to the pages that have the query term in the anchor text of the page[course inanchor:linuxacademy]allinanchorLimits the results to the pages that have all the query terms in the anchor text of the page[allinanchor: linux academy cloud]cacheDisplays the cached versions of the queried page[cache:]linkLimits the results to the pages that contain the queried URL[link:]relatedShows sites that are similar or related to the queried URL[related:]infoShows the information for the queried site[info:]locationReturn information about the queried location[location: vegan restaurant]filetypeLimits the results to the specified domain[filetype:pdf linuxacademy]Sometimes there are multiple conditions that need to be taken into account when performing a search. In that case, Google Advanced Search and Advanced Image Search are used. Google advanced search provides a set of features that help perform complex searches. This type of search differs from using the search operators in that it does not require memorizing the operators. Advanced image search provides a set of search features that help perform complex image searches.Another source of information is the Google Hacking Database. It contains query terms for various types of files, including those that contain usernames and passwords.Whois. IP Geolocation, and DNS interrogationWhoisWhois refers to a query and response protocol which is used for retrieving information about assigned Internet resources. Whois databases contain domain owners’ personal information and are maintained by the Regional Internet Registries. There are two type of data models that exist:Thick whoisThin whoisThick whois contains all information from all registrars for the specified set of data. Thin whois contains limited information about the specified set of data.Whois query results typically include:Domain detailsDomain owner detailsDomain serverNet rangeDomain expirationCreation and last update datesRegional Internet Registries, which maintain the whois databases, include:ARIN (American Registry for Internet Numbers)AFRINIC (African Network Information Center)APNIC (Asia Pacific Network Information Center)RIPE (Reseaux IP Europeens Network Coordination Centre)LACNIC (Latin American and Caribbean Network Information Center)IP GeolocationIP geolocation helps find location information about a target such as country, city, postal code, ISP, and so on. With this information, hackers are able to perform social engineering attacks on the target.DNS InterrogationDNS footprinting refers to collecting information about DNS zone data, which includes information about key hosts in the network. DNS interrogation tools help attackers to perform DNS footprinting. Using these tools, attackers are able to obtain information about server types and their locations.Email FootprintingEmail footprinting refers to collecting information from emails by monitoring the email delivery and inspecting the headers. Information collected through email footprinting includes:IP address of the recipientGeolocation of the recipientDelivery informationVisited linksBrowser and OS informationReading timeEmail headers contain information about the sender, subject, and recipient. All this information is valuable to hackers when planning to attack their target. Information contained in email headers include:Sender’s nameIP/Email address of the senderMail serverMail server authentication systemSend and delivery stampUnique number of the messageIt is also possible to track emails using various tracking tools. Email tracking tools have the capability of tracking emails and inspecting their headers to extract useful information. The sender is notified of the email being delivered and opened by the recipient.Website FootprintingAbout Website FootprintingWebsite footprinting is a technique in which information about the target is collected by monitoring the target’s website. Hackers can map the entire website of the target without being noticed. Website footprinting gives information about:SoftwareOperating systemSubdirectoriesContact informationScripting platformQuery detailsBy examining the website headers, it is possible to obtain information about the following headers:Content-TypeAccept-RangesConnection StatusLast-Modified InformationX-powered-by InformationWeb Server InformationAdditional ways to gather information is through HTML Source Code and cookie examination. By examining the HTML source code, it is possible to extract information from the comments in the code, as well as gain insight into the file system structure by observing the links and image tags. Cookies too can reveal important information about the software that is running on the server and its behavior. Also, by inspecting sessions, it is possible to identify the scripting platforms.There are programs designed to help in website footprinting. These programs are called web spiders and they methodically browse a website in search of specific information. Information collected this way can help attackers perform social engineering attacks.Cloning websitesWebsite mirroring or website cloning refers to the process of duplicating a website. Mirroring a website helps in browsing the site offline, searching the website for vulnerabilities, and discovering valuable information. Websites may store documents of different format which in turn may contain hidden information and metadata that can be analyzed and used in performing an attack. This metadata can be extracted using various metadata extraction tools as well as help attackers perform social engineering work footprintingNetwork footprinting refers to the process of collecting information about the target’s network. During this process, attackers collect network range information and use the information to map the target’s network. Network range gives attackers an insight into how the network is structured and which machines belong to the network.Nmap and TracerouteNmapNmap is a tool used for network discovery. It uses raw IP packets to determine the available hosts on the network, the services offered by those hosts, operating systems they are running, firewall types that are being used, and other important characteristics. Nmap features include the ability to scan large networks as well as mapping out networks.TracerouteTraceroute programs are used for discovering routers that are on the path to the target host. This information helps with carrying out man-in-the-middle and other related attacks. Traceroute uses ICMP protocol and the TTL field in the IP header to discover the route. It records IP addresses and DNS names of discovered routers. The results of a traceroute help attackers collect information about network topology, trusted routers, as well as firewall locations. They can use this to create network diagrams and plan their attacks.CountermeasuresSome of the footprinting countermeasures include:Restricting access to social mediaEnforcing security policiesEducating employees about security threatsEncrypting sensitive informationDisabling protocols that are not requiredProper service configuration Footprinting ReportsFootprinting reports should include details about the performed tests, used techniques, and test results. It should also include a list of vulnerabilities and how they can be fixed. These reports should be kept highly confidential, so that they do not fall into wrong hands. ................
................

In order to avoid copyright disputes, this page is only a partial summary.

Google Online Preview   Download