Professional Documents
Culture Documents
Countermeasures
Version 6
Mod le III
Module
Footprinting
Module Objective
Footprinting: An Introduction
Footprinting steps
Copyright © by EC-Council
EC-Council All Rights Reserved. Reproduction is Strictly Prohibited
Revisiting Reconnaissance
1
Reconnaissance
Reconnaissance refers to the
preparatory phase where an
attacker seeks to g
gather as much
information as possible about a
5 2 target of evaluation prior to
Clearing Tracks Scanning launching an attack
Copyright © by EC-Council
EC-Council All Rights Reserved. Reproduction is Strictly Prohibited
Defining Footprinting
Copyright © by EC-Council
EC-Council All Rights Reserved. Reproduction is Strictly Prohibited
Information Gathering
Methodology
Unearth initial information
Hacking tool
Sam Spade
Commonly includes:
• Domain name lookup
• Locations
• Contacts (telephone / mail)
Information Sources:
• Open source
• Whois
• Nslookup
Copyright © by EC-Council
EC-Council All Rights Reserved. Reproduction is Strictly Prohibited
Finding a Company’s URL
Search
Sea c for
o a co
company’s
pa y s U
URL us
using
g a sea
search
c eengine
g e suc
such as Goog
Googlee
Type the company’s name in the search engine to get the company’s
URL
Copyright © by EC-Council
EC-Council All Rights Reserved. Reproduction is Strictly Prohibited
Internal URL
Copyright © by EC-Council
EC-Council All Rights Reserved. Reproduction is Strictly Prohibited
Footprinting Through Job Sites
Job requirements
Employee
p y p profile
Hardware
information
Software
information
Copyright © by EC-Council
EC-Council All Rights Reserved. Reproduction is Strictly Prohibited
Passive Information Gathering
Copyright © by EC-Council
EC-Council All Rights Reserved. Reproduction is Strictly Prohibited
Footprinting Tools
• Whois
Wh i
• Nslookup
• ARIN
• Neo Trace
• VisualRoute Trace
• SmartWhois
• eMailTrackerPro
• Website watcher
• Google Earth
• GEO Spider
• HTTrack Web Copier
• E-mail Spider
Copyright © by EC-Council
EC-Council All Rights Reserved. Reproduction is Strictly Prohibited
Tool: Nslookup
Copyright © by EC-Council
EC-Council All Rights Reserved. Reproduction is Strictly Prohibited
Nslookup: Screenshot
Copyright © by EC-Council
EC-Council All Rights Reserved. Reproduction is Strictly Prohibited
Types of DNS Records
Copyright © by EC-Council
EC-Council All Rights Reserved. Reproduction is Strictly Prohibited
Traceroute
Traceroute
T t reveals
l th
the path
th IP packets
k t travel
t l between
b t two
t systems
t
by sending out consecutive sets of UDP or ICMP packets with ever-
increasing TTLs
Routers with reverse DNS entries may reveal the name of routers,
network affiliation,
affiliation and geographic location
Copyright © by EC-Council
EC-Council All Rights Reserved. Reproduction is Strictly Prohibited
Trace Route Analysis
Traceroute is a program that can be used to determine the path from source
to destination
• traceroute 1.10.10.20,
1 10 10 20 second to last hop is 1.10.10.1
1 10 10 1
• traceroute 1.10.20.10, third to last hop is 1.10.10.1
• traceroute 1.10.20.10, second to last hop is 1.10.10.50
• traceroute 1.10.20.15, third to last hop is 1.10.10.1
• traceroute 1.10.20.15,
1 10 20 15 second to last hop is 1.10.10.50
1 10 10 50
By putting this information together, you can diagram the network (see the next
slide)
Copyright © by EC-Council
EC-Council All Rights Reserved. Reproduction is Strictly Prohibited
Trace Route Analysis
Copyright © by EC-Council
EC-Council All Rights Reserved. Reproduction is Strictly Prohibited
Tool: NeoTrace (Now McAfee
Visual Trace)
Copyright © by EC-Council
EC-Council All Rights Reserved. Reproduction is Strictly Prohibited
Layer Four Traceroute
Mail Tracking is a tracking service that allows you to track when your mail was read, for
how long and how many times
times, and the place from where the mail has been posted
posted. It also
records forwards and passing of sensitive information (MS Office format)
Copyright © by EC-Council
EC-Council All Rights Reserved. Reproduction is Strictly Prohibited
robots.txt
All search
h engines
i comply
l to robots.txt
b
You might
Y i h not want private
i d
data and d sensitive
i i areas off a
site, such as script and binary locations indexed
~ Robots.txt
b ffile
l
User-agent: *
Disallow: /cgi-bin
Disallow: /cgi
/cgi-perl
perl
Disallow: /cgi-store
Copyright © by EC-Council
EC-Council All Rights Reserved. Reproduction is Strictly Prohibited
Tool: HTTrack Web Site Copier
Copyright © by EC-Council
EC-Council All Rights Reserved. Reproduction is Strictly Prohibited
Steps to Perform Footprinting
Whois and ARIN can reveal public information of a domain that can be
l
leveraged
d ffurther
th
Traceroute and mail tracking can be used to the target specific IP and
l t ffor IP spoofing
later fi
Nslookup can reveal specific users and zone transfers can compromise
DNS security
Copyright © by EC-Council
EC-Council All Rights Reserved. Reproduction is Strictly Prohibited