Week5 2023
Week5 2023
1
Week 5
Footprinting
CP70044E @2023 2
Today’s agenda
CP70044E @2023 3
What is Footprinting?
• Footprinting is the process of collecting as much information as
possible about a target network, for identifying various ways to
intrude into an organisation’s network system.
Source: https://zak-
learning.com/course/ethical-hacking-recon-
and-footprinting/
CP70044E @2023 4
Footprinting Purpose
CP70044E @2023 5
Footprinting Objectives
Collect Collect
Collect System
Network Organisation’s
Information
Information Information
Domain name
User and group names Employee details
Internal domain names
Organisation’s website
Network blocks System banners
Company directory
IP addresses of the reachable systems
Routing tables Location details
Rogue websites/private websites
CP70044E @2023 6
FOOTPRINTING
METHODOLOGY
CP70044E @2023 7
Footprinting Methodology
Footprinting
Footprinting Footprinting
using advanced Website
through search through social
engines Google hacking networking sites footprinting
techniques
CP70044E @2023 8
Footprinting through Search Engines
• Attackers use search engines to extract information about
target such as technology platforms, employee details,
login pages, intranet portals, etc.
• Search engines caches and Internet archives may also
provide sensitive information that has been removed from
the World Wide Web (WWW)
CP70044E @2023 9
A few examples
People search strategies
An interesting tool
http://www.wired.co.uk/article/ho
http://www.netcraft.com w-to-find-anyone
https://www.shodan.io
CP70044E @2023 10
Monitor targets using alerts
• Alertsare the content monitoring services that provide up-
to-date information based on your preference usually via
email or SMS in an automated manner.
• Examples:
• Google Alerts: http://www.google.com/alerts
• Twitter Alerts
• Giga Alert: http://www.gigaalert.com
CP70044E @2023 11
Information Gathering using Groups, Forums, and Blogs
• Groups, forums, and blogs provide
sensitive information about a target such
as public network information, system
information, personal information, etc.
CP70044E @2023 13
Google Hacking Databases
http://www.hackersforcharity.org http://www.exploit-db.com
CP70044E @2023 14
Footprinting through Social Networking Sites
CP70044E @2023 15
Website Footprinting
• Refers to monitoring and analysing the
target organisation’s website for
information.
• Browsing the target website may
provide:
• Software used and its version
• Operating system used
• Sub-directories and parameters
• Filename, path, database field name, or query
CP70044E @2023 16
Website Footprinting using Web Spiders
• Web spiders perform automated searches on the target website
and collect specified information such as employee names, email
addresses, etc.
• Attackers use the collected information to perform further
footprinting and social engineering attacks.
CP70044E @2023 17
Website Footprinting using Web Spiders
GSA Email Spider Web Data Extractor
• http://email.spider.gsa-online.de • http://www.webextractor.com
CP70044E @2023 18
Web Updates Monitoring Tools
CP70044E @2023 19
Email Tracking Tools
EmailTrackerPro PoliteMail
• http://emailtrackerpro.com • http://www.politemail.com
CP70044E @2023 20
WHOIS Lookup
• WHOIS databases are maintained by Regional Internet Registries and
contain the personal information of domain owners.
Information obtained
WHOIS query returns from WHOIS database
assists attacker to:
Domain name details
Expiry records
CP70044E @2023 21
WHOIS Lookup
• https://www.whois.com/whois/
• Compare the information from:
• Microsoft
• UWL
CP70044E @2023 22
DNS Footprinting
• An attacker can gather DNS information to determine key hosts in
the network and can perform social engineering attacks.
http://dnsstuff.com http://network-tools.com
CP70044E @2023 23
Locate the Network Range
• Network range information assists • http://whois.arin.net/ui/
attackers to create a map of the
target network
• Find the range of IP addresses
using ARIN whois database
search tool
• You can find the range of IP
addresses and the subnet mask
used by the target organisation
from Regional Internet Registry
(RIR)
CP70044E @2023 24
Traceroute
• Traceroute programs work on the concept of ICMP protocol and
use the TTL field in the header of ICMP packets to discover the
routers on the path to a target host.
CP70044E @2023 25
Traceroute Analysis
• Attackers conduct traceroute to extract information about: network
topology, trusted routers, and firewall locations.
• For example: after running several traceroutes, an attacker might obtain
the following information:
• traceroute 1.10.10.20, second to last hop is 1.10.10.1
• traceroute 1.10.20.10, third to last hop is 1.10.10.1
• traceroute 1.10.20.10, second to last hop is 1.10.10.50
• traceroute 1.10.20.15, third to last hop is 1.10.10.1
• traceroute 1.10.20.15, second to last hop is 1.10.10.50
• By putting this information together, attackers can draw the network diagram
CP70044E @2023 26
Traceroute Tools
Path Analyser Pro VisualRoute
• http://www.pathanalyzer.com • http://www.visualroute.com
CP70044E @2023 27
Additional Footprinting Tools
CP70044E @2023 28
FOOTPRINTING
COUNTERMEASURES
CP70044E @2023 29
How to protect?
• Restrict the employees access to social networking sites from organisation’s
network.
• Prevent search engines from caching a web page and use anonymous registration
services CP70044E @2023 30
How to protect? (cont.’)
• Enforce security policies to regulate the information that employees can reveal
to third parties
• Set apart internal and external DNS or use split DNS, and restrict zone transfer to
authorised servers
CP70044E @2023 31
FOOTPRINTING
PENETRATION TESTING
CP70044E @2023 32
Footprinting Pen Testing
• Footprinting pen testing is used to determine organisation’s publicly
available information
• The test attempts to gather as much information as possible about
the target organisation from the Internet and other publicly
accessible sources
Prevent DNS
record retrieval
from publically
available
servers
Footprinting
Pen Testing
helps to:
Prevent
social Prevent
engineering information
attempts leakage
CP70044E @2023 33
Methodology
Start
Get proper
authorisation
CP70044E @2023 34
Methodology (cont.)
Create a false identify on
Perform footprinting through
social networking sites such as
social networking sites
Facebook, LinkedIn, etc.
CP70044E @2023 35
Methodology (cont.)
Document all
findings
CP70044E @2023 36
Report Template
CP70044E @2023 37
Report Template (cont.)
CP70044E @2023 38
Summary
• Footprinting is the process of collecting as much information as possible about a target
network, for identifying various ways to intrude into an organisation’s network system
• It reduces attacker’s focus area to specific range of IP address, networks, domain names,
remote access, etc.
• Attackers use search engines to extract information about a target
• Attackers use social engineering tricks to gather sensitive information from social
networking websites such as Facebook, MySpace, etc.
• DNS records provide important information about location and type of servers
CP70044E @2023 40