Footprinting Concepts
The
first step to ethical hacking is Footprinting. Footprinting is the collection
of every possible information regarding the target and target network. This
collection of information helps in identifying different possible ways to enter
into the target network. This collection of information may have gathered
through publicly- available personal information and sensitive information from
any secret source. Typically, footprinting & reconnaissance is performing
social engineering attacks, system or network attacks, or through any other
technique. Active and passive methods of reconnaissance are also popular for gaining
information about target directly or indirectly. The overall purpose of this
phase is to keep interacting with the target to gain information without any
detection or alerting.
Pseudonymous
Footprinting
Pseudonymous
footprinting includes footprinting through online sources. In Pseudonymous
footprinting, information about a target is shared by posting with an assumed
name. This type information is shared with the real credential to avoid trace
to an actual source of information.
Internet
Footprinting
Internet
Footprinting includes the Footprinting and reconnaissance methods for gaining
information through the internet. In Internet Footprinting, processes such as
Google Hacking, Google Search, Google Application including search engines
other than Google as well.
Types of Footprinting
Objectives
of Footprinting
The
major objectives of Footprinting are: -
1.
To know security posture
2.
To reduce focus area
3.
Identify vulnerabilities
4.
Draw network map
Footprinting Methodology
It
is not a big deal to get information regarding anyone as the internet, social
media, official websites, and other resources have much information about their
users which are not sensitive, but a collection of information may fulfill the
requirements of an attacker and attacker can gather enough information by a
little effort. Below are more often techniques used by hackers: -
Footprinting
through Search Engines
Footprinting
through Advance Google Hacking Techniques
Footprinting
through Social Networking Sites
Footprinting
through Websites
Footprinting
through Email
Footprinting
through Competitive Intelligence
Footprinting
through WHOIS
Footprinting
through DNS
Footprinting
through Network
Footprinting
through Social Engineering
Footprinting through Search Engines
The
most basic option that is very responsive as well is Footprinting through
search engines. Search engines extract the information about an entity you have
searched for from the internet. You can open a web browser and through any
search engine like Google or Bing, search for any organization. The result
collects every available information on the internet.
For
example, Search for google shows information about the world’s most popular
search engine itself. This information includes the headquartering location,
the date on which the organization founded, names of founders, number of
employees, parent organization, and its official website. You can scroll to its
official website to get more information or any other websites to get
information about it.
Apart
from this publically available information, websites and search engine caches
can also serve the information that is not available, updated, or modified on
the official website.
Finding
Company’s Public and Restricted Websites
During
the collection of information, the attacker also collects the organization's
official Website information including its public and restricted URLs. Official
Websites can search through a search engine like Google, Bing, and others. To
find restricted URL of an organization, using trial and error method, using
different services which can fetch the information from Web sites such as
www.netcraft.com.
Collect
Location Information
After
the collection of basic information through search engines and different
services like Netcraft and Shodan. You can collect local information like the
physical location of headquarters with the surrounding, the location of branch
offices, and other related information from online location and map services.
Some of these most popular online services are: -
Google
Earth
Google
Map
Bing
Map
Wikimapia
Yahoo
Map
Other
Map and Location services
People
Search Online Services
There
are some online services, popularly used to identify the Phone numbers,
Addresses, and People.
Some of these websites include: -
www.publicbackgroundchecks.com
Gather
Information from Financial Services
There are some Financial Services powered by different search engines that provide financial information of International known organizations. By just searching for your targeted organization, you can get financial information from these organizations. Google and Yahoo are the most popular Online Financial Services.
finance.yahoo.com
Footprinting
through Job Sites
In Job Sites, Company’s offering the vacancies to people provide their organization’s information and portfolio as well is job post. This information includes Company location, Industry Information, Contact Information, number of employees, Job requirements, hardware, and software information. Similarly, on these job sites, by a fake job posting, personal information can be collected from a targeted individual. Some of the popular job sites are: -
Monitoring
Target Using Alerts
Google,
Yahoo, and other Alert services offer Content monitoring services with an alert
feature that notifies the subscriber with the latest and up-to-date information
related to the subscribed topic.
Information
Gathering Using Groups, Forums, and Blogs
Groups,
Forums, Blogs, and Communities can be a great source of sensitive information.
Joining with fake IDs on these platforms and reaching closest to the target
organization's group is not a big deal for anyone. Any official and
non-official group can leak sensitive information.
Module Objectives
Footprinting is a first step in the evaluation of the security posture of the target organization’s IT infrastructure. Through footprinting and reconnaissance, one can gather maximum information about a computer system or a network and about any devices connected to that network. In other words, footprinting provides security profile blueprint for an organization, and should be undertaken in a methodological manner.
This module starts with an introduction to footprinting concepts and provides insight into footprinting methodology. Later the module discusses footprinting tools and countermeasures.The module ends with an overview of penetration ('pen') testing steps that an ethical hacker
should follow to perform the security assessment of a target.
At the end of this module, you will be able to:
I Describe footprinting concepts
I Perform footprinting through search engines and advanced google hacking techniques
I Perform footprinting through web services and social networking sites
I Perform website footprinting, email footprinting, and competitive intelligence
I Perform Whois, DNS, and network footprinting
I Perform footprinting through social engineering
I Use different footprinting tools
I Apply footprinting best practice
I Perform footprinting penetration testing
All Rights Reserved. Reproduction is Strictly Prohibited.
What is Footprinting?
An essential aspect of footprinting identifying the level of risk associated with the organization’spublicly-accessible information. Footprinting, the first step in ethical hacking, refers to theprocess of collecting information about a target network and its environment. Using footprinting,
you can find a number of opportunities to penetrate and assess the target organization’snetwork.After you complete the footprinting process in a methodological manner, you will obtain the blueprint of the security profile of the target organization. Here the term "blueprint" refers to the unique system profile of the target organization acquired by footprinting.
There is no single methodology for footprinting, as information can be traced in a number of ways. However, the activity is important, as you need to gather all the crucial information about the target organization before beginning the hacking phase. For this reason, footprinting needs to be carried out in an organized manner.
Types of Footprinting
Footprinting can be categorized into Passive Footprinting and Active Footprinting.
. Passive Footprinting
Passive footprinting involves gathering information about the target without direct
interaction. It is a type of footprinting that is mainly useful when there is a requirement
that the information gathering activities are not to be detected by the target. Performing
passive footprinting is technically difficult, as active traffic is not sent to the target
organization from a host or from anonymous hosts or services over the Internet. We can
only collect the archived and stored information about the target using search engines,
social networking sites, and so on.
Passive footprinting techniques include:
0 Finding information through search engines
0 Finding the Top—level Domains (TLDs) and sub—domains of a target through web
servrces
0 Collecting location information on the target through web services
0 Performing people search using social networking sites and people search services
0 Gathering financial information about the target through financial services
0 Gathering infrastructure details of the target organization through job sites
0 Monitoring target using alert services
0 Gathering information using groups, forums, and blogs
0 Determining the operating systems in use by the target organization
0 Extracting information about the target using Internet archives
0 Performing competitive intelligence
0 Monitoring website traffic of the target
0 Tracking the online reputation of the target
0 Collecting information through social engineering on social networking sites
- Active Footprinting
Active footprinting involves gathering information about the target with direct
interaction. In active footprinting, the target may recognize the ongoing information
gathering process, as we overtly interact with the target network.
Active footprinting techniques include:
o Querying published name servers of the target
0 Extracting metadata of published documents and files
0 Gathering website information using web spidering and mirroring tools
0 Gathering information through email tracking
0 Performing Whois lookup
o Extracting DNS information
0 Performing traceroute analysis
0 Performing social engineering
Information Obtained in Footprinting
The major objectives of footprinting include collecting the network information, system
information, and the organizational information of the target By conducting footprinting across
different network levels, you can gain information such as network blocks, specific IP addresses,
employee details, and so on. Such information can help attackers in gaining access to sensitive
data or performing various attacks on the target network.
I Network Information: You can gather network information by performing Whois
database analysis, trace routing, and so on.
The information collected includes
0 Domain and sub-domains
0 Network blocks
0 IP addresses of the reachable systems
0 Whois record
0 DNS records, and related information
I System Information: You can gather system information by performing network
footprinting, DNS footprinting, website footprinting, email footprinting, and so on.
The information collected includes:
0 Web server OSes
0 Location of web servers
0 Users and passwords and so on.
I Organization Information: Such information about an organization is available from its
website. In addition, you can query the target's domain name against the Whois database
and obtain valuable information.
The information collected includes:
0 Employee details (Employee names, contact addresses, designation, and work
experience)
0 Address and mobile/telephone numbers
0 Location details
0 Background of the organization
0 Web technologies
0 News articles, press releases, and related documents
Attackers can access organizational information, and use such to identify key personnel
and launch social engineering attacks to extract sensitive data about the entity.
