Footprinting
and Reconnaissance
What the hell
is Footprinting?
Well in a layman and simple language “ Foot Printing in
Security terms is the process to gather as much possible information about the
Target Organization.”
Information
like:-
Physical
Location, Domain, Number of Employees, URL’s, VPN’s, Phone Numbers, IP Address
etcetra.
Footprinting
Threats?
1.
Social Engineering:- The easiest of all and can be done
without any tool.
2.
Business Loss
3.
Corporate Espionage
4.
Information Leak
5.
System and Network Attack
Objectives of
Footprinting
1.
Collect Network Information
2.
Collect System Information
3.
Collect Organizations Information
Footprinting
Different Methods.
1.
Footprinting through Social Media, this one
is the most easiest to do mostly attacker will create fake account/ids and
tries to gather as much as possible information about the target Organization.
2.
Footprinting through Search
Engines like bing, google and duckduckgo. My favorite is duckduckgo.
Attackers also look for cache and archives. Some of the good tools are
netcraft, shodan, pipl, Google Earth. in order to perform footpriting.
3.
Footprinting through the Job sites. Hackers will come to
know what tools and technology organization is working on.
4.
Target Monitoring through the Alerts like google alerts,
twitter alerts, yahoo alerts.
5.
Another good method is via Google Hacking databases and
Advance search queries. Query string can be used in search and can be used as
keywords. Also Google Advance Search Operators can be utilized. For example
“intitle index of” list down all the sites with index open. securityfocus.com,
hackersforcharity.org/ghdb are few sites where you can get most of the info.
6.
Website footprinting is monitoring the target organization
website. Web server details, directory structure, developers email id are some
of the common info. Also tools available where we can mirror the whole website.
Backdated website information can be extracted from archive.org.
7.
Email tracking is used to track the emails. Emails are
used to gather information in order to perform the social engineering and many
other attacks, Spam.
8.
DNS Information attackers can get the hosts in the
network. Hackers can get A, CNAME, PTR, MX, NS, HINFO records. There are lot of
command line utilities available to get the DNS information. nslookup and dig
are the most common among the tools.
9.
WHOis attackers perform WHOis to understand who is behind
a specific domain? ARIN, AFRINIC, RIPE. APNIC, LATNIC are the RIR’s (Regional Internet
Registry). We can get info from WHOis like email, domain owner, address, name
servers for the domain, registrar.
10.
Network Footprinting
11. Footprinting through
Social Engineering. Eavesdropping, Shoulder Surfing, Dumpster Diving.
No comments:
Post a Comment