Home|Ethical Hacking|
A footprinting phase of hack attack is the one where the hacker gathers as much information as he can about the target. A conclusive footprinting will lead him to an unique organization profile with respect to its network and system involved. The security profile of the target becomes visible after footprinting phase. An elegant hacker will spend his 90% time in footprinting, that is, profiling the target and then 10% to launch the attack.
Primary information of importance of target may be its network range, alive hosts, open ports and means to access them and the services running on them, the operating system and version etc.
The very first step and probably the most important step in footprinting, is to gather information about the target organization from google. Google search engine provides many really valuable information about an organization. Lets type "microsoft" in Google search and see what happens. Now we see the first result is provided with the url of the organization.
To find the ip address for any organization just go to your command prompt and ping the url. Lets ping the site of mozilla.
C:\>ping mozilla.com
Pinging mozilla.com [63.245.209.10] with 32 bytes of data:
Reply from 63.245.209.10: bytes=32 time=325ms TTL=244
Reply from 63.245.209.10: bytes=32 time=288ms TTL=244
Reply from 63.245.209.10: bytes=32 time=357ms TTL=244
Reply from 63.245.209.10: bytes=32 time=364ms TTL=244
Ping statistics for 63.245.209.10:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 288ms, Maximum = 364ms, Average = 333ms
So here the url is resolved in its IP address which is 63.245.209.10
The next phase in footprinting is to read all blogs, newspapers, forums and other stuffs to know as much as one can about the organization especially sensitive information about its security methods, appliances, vendors and other things.
Google search engine is really a good platform for footprinting, even if its for passive reconnaissance. To find the targets internal urls one can try the inurl operator and try a few intelligent guesses.
One major security loophole is that one can monitor a wide range of security cameras installed in various locations and being used by people to monitor anything over the internet. URLs used by security cameras are,
inurl:ViewerFrame?Mode=
inurl:ViewerFrame?Mode=Refresh
inurl:axis-cgi/jpg
inurl:axis-cgi/mjpg (motion-JPEG)
inurl:view/indexFrame.shtml
inurl:view/index.shtml
inurl:view/view.shtml
liveapplet
You may know about the details of this from John Bokma's site. John Bokma is a freelance pearl programmer and has been really helpful with his site. Now using these pages one can view the same things that the security personnel of the organization is viewing. Here is what I've found from one of the video servers and there are lot more interesting things up there than just a snapshot of some unknown street. All this contribute to a high degree in extensive footprinting.
Now in the footprinting phase, a hacker may also be interested in studying the contents of a site since its launch which he can do by viewing the cached pages of that site. Google always takes a snapshot of a page whenever its released over internet so that even if a page is removed or under construction or being modified one can still see the cached version.
If these cached pages are opened a frame will appear at the top of the page where the time when the page first appeared in internet is given along with other tips.
One can also search all the records once posted over internet from archive.org. Here is what I've found after launching a query on www.insecure.org.
Now to find the geographic location and other details of the target the hackers do several WHOIS queries. I've used the Domain Tool made by projectwhois.org to get the following result with the IP I've got for Mozilla.
Here we can get a list of domains hosted on a particular IP address by clicking "R" which stands for Reverse IP.
It will display the domains that are being hosted from the same IP address. Like this IP of Mizilla is hosting 6 domains viz 1billionplusu.com, 1billionplusyou.com, Mozilla.com etc.
The "P" or ping option will allow you to ping this IP with ICMP, TCP, UDP and SYN ACK packets with other predefined settings. For a DNS lookup click "D" and for a complete tracing of route click "T" or traceroute.
Now that they've found out the location i.e. address of the target they can gather more information about the organization. What about the actual geographic location? Well why not? Lets see what google earth gives us when we put the address of Mozilla Corporation and launch a query.
Footprinting can be both active and passive. A passive footprinting is one in which one doesn't have to come in direct contact with the organization to gather information. It is mainly dependent on all the free sources of information on the internet. Even the product descriptions and employment notices may serve as potential source of information. This method of footprinting is safe as its non-interfering. and subtle in nature.
PDF
0 comments:
Post a Comment