9/30/2020

Gathering Target
Information:
Reconnaissance,
Footprinting, and
Social Engineering.
Chapter 2:
Kimberly Graves

1
 9/30/2020

Reconnaissance
• The term reconnaissance comes from the
military and means to actively seek an
enemy’s intentions by Collecting and
gathering information about an enemy’s
composition and capabilities via direct
observation, usually by scouts or military
intelligence personnel trained in surveillance.
• In the world of ethical hacking,
reconnaissance applies to the process of
information gathering.

2
 9/30/2020

• Reconnaissance is a catchall term for watching

the hacking target and gathering information
about how, when, and where they do things. By
identifying patterns of behavior, of people or
systems, an enemy could find and exploit a
Loophole.

3
 9/30/2020

Information-Gathering Methodology

Information gathering can be broken into seven

logical steps (see Figure 1). Footprinting is
performed during the first two steps of
unearthing initial information and locating the
network range.

4
 9/30/2020

Image source: Kimberly Graves, CEH

5
 9/30/2020

Footprinting
• Footprinting is defined as the process of creating a
blueprint or map of an organization’s network and
systems. Information gathering is also known as
footprinting an organization.
• Footprinting begins by determining the target system,
application, or physical location of the target. Once this
information is known, specific information about the
organization is gathered using nonintrusive methods.
• For example, the organization’s own web page may
provide a personnel directory or a list of employee bios,
which may prove useful if the hacker needs to use a
social-engineering attack to reach the objective.

6
 9/30/2020

The information the hacker is looking for during

the footprinting phase is anything that gives
clues as to the network architecture, server, and
application types where valuable data is stored.
Before an attack or exploit can be launched, the
operating system and version as well as
application types must be uncovered so the most
effective attack can be launched against the
target.

7
 9/30/2020

Here are some of the pieces of information to be

gathered about a target during footprinting:
• Domain name
• Network blocks
• Network services and applications
• System architecture
• Intrusion detection system
• Authentication mechanisms
• Specific IP addresses
• Access control mechanisms
• Phone numbers
• Contact addresses

8
 9/30/2020

Some of the common tools used for footprinting

and information gathering are as follows:
• Domain name lookup
• Whois
• NSlookup
• Sam Spade

9
 9/30/2020

Understanding DNS Enumeration DNS

• DNS enumeration is the process of locating all
the DNS servers and their corresponding records
for an organization. A company may have both
internal and external DNS servers that can yield
information such as usernames, computer
names, and IP addresses of potential target
systems.
• NSlookup, DNSstuff, the American Registry for
Internet Numbers (ARIN), and Whois can all be used
to gain information that can then be used to
perform DNS enumeration.

10
 9/30/2020

Finding the Address Range of the Network

Every ethical hacker needs to understand how to find
the network range and subnet mask of the target
system. IP addresses are used to locate, scan, and
connect to target systems. You can find IP addresses
in Internet registries such as ARIN or the Internet
Assigned Numbers Authority (IANA).
An ethical hacker may also need to find the
geographic location of the target system or network.
This task can be accomplished by tracing the route a
message takes as it’s sent to the destination IP
address.
You can use tools like traceroute, VisualRoute, and
NeoTrace to identify the route to the target.

11
 9/30/2020

Additionally, as you trace your target network,

other useful information becomes available. For
example, you can obtain internal IP addresses of
host machines; even the Internet IP gateway of
the organization may be listed. These addresses
can then be used later in an attack or further
scanning processes.

12
 9/30/2020

Understanding Email Tracking

Email-tracking programs allow the sender of an
email to know whether the recipient reads,
forwards, modifies, or deletes an email. Most email-
tracking programs work by appending a domain
name to the email address, such as readnotify.com.
A single-pixel graphic file that isn’t noticeable to the
recipient is attached to the email. Then, when an
action is performed on the email, this graphic file
connects back to the server and notifies the sender
of the action.
Example: eMailTrackerPro.

13
 9/30/2020

Understanding Web Spiders

Spammers and anyone else interested in
collecting email addresses from the Internet can
use web spiders. A web spider combs websites
collecting certain information such as email
addresses. The web spider uses syntax such as
the @ symbol to locate email addresses and
then copies them into a list. These addresses are
then added to a database and may be used later
to send unsolicited emails.

14
 9/30/2020

Web spiders can be used to locate all kinds of

information on the Internet. A hacker can use a
web spider to automate the information-
gathering process. A method to prevent web
spidering of your website is to put the robots.txt
file in the root of your website with a listing of
directories that you want to protect from
crawling.

15
 9/30/2020

Social engineering
• is a manipulation technique used by
cybercriminals to trick people into giving up
confidential information.
• Social engineering relies on the basic human
instinct of trust to steal personal and corporate
information that can be used to commit further
cybercrimes.
common examples of social engineering are:
Phishing: tactics include deceptive emails, websites,
and text messages to steal information.

16
 9/30/2020

Spear Phishing: email is used to carry out targeted

attacks against individuals or businesses.

Baiting: an online and physical social engineering attack

that promises the victim a reward.

Malware: victims are tricked into believing that

Malware is installed on their computer and that if they
pay, the malware will be removed.

Pretexting: uses false identity to trick victims into giving

up information.
https://terranovasecurity.com/examples-of-social-engineering-attacks/

17
 9/30/2020

Quid Pro Quo: relies on an exchange of information or

service to convince the victim to act.

Tailgating: relies on human trust to give the criminal

physical access to a secure building or area.

Vishing: urgent voice mails convince victims they need to

act quickly to protect themselves from arrest or other
risk.
Water-Holing: an advanced social engineering attack that
infects both a website and its visitors with malware.

18
 9/30/2020

Examples of Social Engineering Attacks

Savvy cybercriminals know that social engineering works best when focussing on
human emotion and risk. Taking advantage of human emotion is much easier than
hacking a network or looking for security vulnerabilities.

These examples of social engineering emphasize how emotion is used to commit cyber
attacks:

Fear
You receive a voicemail that says you’re under investigation for tax fraud and that you
must call immediately to prevent arrest and criminal investigation. This social
engineering attack happens during tax season when people are already stressed
about their taxes. Cybercriminals prey on the stress and anxiety that comes with
filing taxes and use these fear emotions to trick people into complying with the
voicemail.

Greed
Imagine if you could simply transfer $10 to an investor and see this grow into $10,000
without any effort on your behalf? Cybercriminals use the basic human emotions of
trust and greed to convince victims that they really can get something for nothing.
A carefully worded baiting email tells victims to provide their bank account
information and the funds will be transferred the same day.

19
 9/30/2020

Examples of Social Engineering Attacks

Savvy cybercriminals know that social engineering works best when
focussing on human emotion and risk. Taking advantage of human
emotion is much easier than hacking a network or looking for security
vulnerabilities.

These examples of social engineering emphasize how emotion is used

to commit cyber attacks:

Fear
You receive a voicemail that says you’re under investigation for tax
fraud and that you must call immediately to prevent arrest and criminal
investigation. This social engineering attack happens during tax season
when people are already stressed about their taxes. Cybercriminals
prey on the stress and anxiety that comes with filing taxes and use
these fear emotions to trick people into complying with the voicemail.

20
 9/30/2020

Curiosity
Cybercriminals pay attention to events capturing a lot of news coverage
and then take advantage of human curiosity to trick social engineering
victims into acting. For example, after the second Boeing MAX8 plane
crash, cybercriminals sent emails with attachments that claimed to
include leaked data about the crash. In reality, the attachment installed
a version of the Hworm RAT on the victim’s computer.

Helpfulness
Humans want to trust and help one another. After doing research into a
company, cybercriminals target two or three employees in the
company with an email that looks like it comes from the targeted
individuals’ manager. The email asks them to send the manager the
password for the accounting database – stressing that the manager
needs it to make sure everyone gets paid on time. The email tone is
urgent, tricking the victims into believing that they are helping out their
manager by acting quickly.

21
 9/30/2020

Urgency
You receive an email from customer support at an
online shopping website that you frequently buy
from telling you that they need to confirm your credit card
information to protect your account. The email language
urges you to respond quickly to ensure that your credit
card information isn’t stolen by criminals. Without
thinking twice and because you trust the online store, you
send not only your credit card information but also your
mailing address and phone number. A few days later, you
receive a call from your credit card company telling you
that your credit card has been stolen and used for
thousands of dollars of fraudulent purchases.

22
 9/30/2020

23
9/30/2020

24