Scribd
Upload
33 views40 pages

Week5 2023

The document discusses footprinting, which is the process of collecting information about a target network to identify ways to intrude. It covers the purpose of footprinting, which objectives it aims to achieve, and the methodology used, including tools for footprinting through search engines, social media, websites, email, networks and WHOIS lookups. The goals are to understand the target's security posture, infrastructure and vulnerabilities to focus attacks.

Uploaded by

Sajith Ihsan
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
33 views40 pages

Week5 2023

The document discusses footprinting, which is the process of collecting information about a target network to identify ways to intrude. It covers the purpose of footprinting, which objectives it aims to achieve, and the methodology used, including tools for footprinting through search engines, social media, websites, email, networks and WHOIS lookups. The goals are to understand the target's security posture, infrastructure and vulnerabilities to focus attacks.

Uploaded by

Sajith Ihsan
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 40

CritiX

Security Operations and Assurance

Alireza Esfahani, Lecturer in Cyber Security

BSc, MSc, PhD, PG Cert, FHEA, MIEEE, MECSO

University of West London

1
Week 5
Footprinting

CP70044E @2023 2
Today’s agenda

• Understand footprinting concepts


• Identify footprinting tools
• Review footprinting countermeasures
• Overview of footprinting pen testing

CP70044E @2023 3
What is Footprinting?
• Footprinting is the process of collecting as much information as
possible about a target network, for identifying various ways to
intrude into an organisation’s network system.

Source: https://zak-
learning.com/course/ethical-hacking-recon-
and-footprinting/

CP70044E @2023 4
Footprinting Purpose

Know Security Reduce Focus Identify Draw Network


Posture Area Vulnerabilities Map

Footprinting allows It reduces attacker’s It allows attacker to Providing a visual


attackers to know the focus area to specific identify vulnerabilities representation of an
external security posture range of IP address, in the target systems organization's
of the target organisation networks, domain in order to select network architecture.
names, remote appropriate exploits
access, etc.

CP70044E @2023 5
Footprinting Objectives

Collect Collect
Collect System
Network Organisation’s
Information
Information Information
Domain name
User and group names Employee details
Internal domain names
Organisation’s website
Network blocks System banners
Company directory
IP addresses of the reachable systems
Routing tables Location details
Rogue websites/private websites

TCP and UDP services running Address and phone numbers


SNMP information
Access control mechanisms and ACLs Commands in HTML source code

Networking protocols System architecture


Security policies implemented
VPN points
Remote system type Web server links relevant to the organisation
IDSes running
Background of the organisation
Analog/digital telephone numbers
System names
Authentication mechanisms News articles

System enumeration Passwords Press releases

CP70044E @2023 6
FOOTPRINTING
METHODOLOGY

CP70044E @2023 7
Footprinting Methodology

Footprinting
Footprinting Footprinting
using advanced Website
through search through social
engines Google hacking networking sites footprinting
techniques

Email Network WHOIS


footprinting DNS footprinting
footprinting footprinting

CP70044E @2023 8
Footprinting through Search Engines
• Attackers use search engines to extract information about
target such as technology platforms, employee details,
login pages, intranet portals, etc.
• Search engines caches and Internet archives may also
provide sensitive information that has been removed from
the World Wide Web (WWW)

CP70044E @2023 9
A few examples
People search strategies
An interesting tool
http://www.wired.co.uk/article/ho
http://www.netcraft.com w-to-find-anyone

Determining the Operating System

https://www.shodan.io

CP70044E @2023 10
Monitor targets using alerts
• Alertsare the content monitoring services that provide up-
to-date information based on your preference usually via
email or SMS in an automated manner.
• Examples:
• Google Alerts: http://www.google.com/alerts
• Twitter Alerts
• Giga Alert: http://www.gigaalert.com

CP70044E @2023 11
Information Gathering using Groups, Forums, and Blogs
• Groups, forums, and blogs provide
sensitive information about a target such
as public network information, system
information, personal information, etc.

• Register with fake profiles in Google


groups, Yahoo groups, etc. and try to join
the target organisation’s employee groups
where they share personal and company
information.

• Search for information by Fully Qualified


Domain Names (FQDNs), IP addresses, and
usernames in groups, forums and blogs.
CP70044E @2023 12
Footprinting using advanced Google hacking techniques
• Google hacking refers to • It helps attackers to find vulnerable targets.
creating complex search
queries in order to extract • Google supports several advanced operators
sensitive or hidden that help in modifying the search.
information. [cache:] Displays the web pages stored in the Google cache
[link:] Lists web pages that have links to the specified web page
• It uses advanced [related:] Lists web pages that are similar to a specified web page
Google search [info:] Presents some information hat Google has about a particular web page
operators to locate [site:] Restricts the results to those websites in the given domain
specific strings of [allintitle:] Restricts the results to those websites with all of the search keywords in the title
text within the [intitle:] Restricts the results to documents containing the search keyword in the title
search results. [allinurl:] Restricts the results to those with all of the search keywords in the URL
[inurl:] Restricts the results to documents containing the search keyword in the URL

CP70044E @2023 13
Google Hacking Databases

http://www.hackersforcharity.org http://www.exploit-db.com

CP70044E @2023 14
Footprinting through Social Networking Sites

CP70044E @2023 15
Website Footprinting
• Refers to monitoring and analysing the
target organisation’s website for
information.
• Browsing the target website may
provide:
• Software used and its version
• Operating system used
• Sub-directories and parameters
• Filename, path, database field name, or query

• UseBurp Suite, Zaproxy, Paros Proxy,


Website informer, etc. to view headers
that provide:
• Connection status and content type
• Accept-ranges
• Last-modified information
• X-Powered-By information
• Web sever in use and its version

CP70044E @2023 16
Website Footprinting using Web Spiders
• Web spiders perform automated searches on the target website
and collect specified information such as employee names, email
addresses, etc.
• Attackers use the collected information to perform further
footprinting and social engineering attacks.

CP70044E @2023 17
Website Footprinting using Web Spiders
GSA Email Spider Web Data Extractor

• http://email.spider.gsa-online.de • http://www.webextractor.com

CP70044E @2023 18
Web Updates Monitoring Tools

CP70044E @2023 19
Email Tracking Tools
EmailTrackerPro PoliteMail

• http://emailtrackerpro.com • http://www.politemail.com

CP70044E @2023 20
WHOIS Lookup
• WHOIS databases are maintained by Regional Internet Registries and
contain the personal information of domain owners.

Information obtained
WHOIS query returns from WHOIS database
assists attacker to:
Domain name details

Contact details of domain owners

Domain name servers

Gather personal information that


NetRange assists to perform social
engineering
When a domain has been created

Expiry records

Records last updated

CP70044E @2023 21
WHOIS Lookup
• https://www.whois.com/whois/
• Compare the information from:
• Microsoft
• UWL

CP70044E @2023 22
DNS Footprinting
• An attacker can gather DNS information to determine key hosts in
the network and can perform social engineering attacks.
http://dnsstuff.com http://network-tools.com

CP70044E @2023 23
Locate the Network Range
• Network range information assists • http://whois.arin.net/ui/
attackers to create a map of the
target network
• Find the range of IP addresses
using ARIN whois database
search tool
• You can find the range of IP
addresses and the subnet mask
used by the target organisation
from Regional Internet Registry
(RIR)

CP70044E @2023 24
Traceroute
• Traceroute programs work on the concept of ICMP protocol and
use the TTL field in the header of ICMP packets to discover the
routers on the path to a target host.

CP70044E @2023 25
Traceroute Analysis
• Attackers conduct traceroute to extract information about: network
topology, trusted routers, and firewall locations.
• For example: after running several traceroutes, an attacker might obtain
the following information:
• traceroute 1.10.10.20, second to last hop is 1.10.10.1
• traceroute 1.10.20.10, third to last hop is 1.10.10.1
• traceroute 1.10.20.10, second to last hop is 1.10.10.50
• traceroute 1.10.20.15, third to last hop is 1.10.10.1
• traceroute 1.10.20.15, second to last hop is 1.10.10.50
• By putting this information together, attackers can draw the network diagram

CP70044E @2023 26
Traceroute Tools
Path Analyser Pro VisualRoute

• http://www.pathanalyzer.com • http://www.visualroute.com

CP70044E @2023 27
Additional Footprinting Tools

CP70044E @2023 28
FOOTPRINTING
COUNTERMEASURES

CP70044E @2023 29
How to protect?
• Restrict the employees access to social networking sites from organisation’s
network.

• Configure web servers to avoid information leakage

• Educate employees to use pseudonyms on blogs, groups, and forums

• Do no reveal critical information in press releases, annual reports, product


catalogues, etc.
• Limit the amount of information that you are publishing on the
website/Internet
• Use footprinting techniques to discover and remove any sensitive information
publicly available

• Prevent search engines from caching a web page and use anonymous registration
services CP70044E @2023 30
How to protect? (cont.’)
• Enforce security policies to regulate the information that employees can reveal
to third parties

• Set apart internal and external DNS or use split DNS, and restrict zone transfer to
authorised servers

• Disable directory listings in the web servers

• Educate employees about various social engineering tricks and risks

CP70044E @2023 31
FOOTPRINTING
PENETRATION TESTING

CP70044E @2023 32
Footprinting Pen Testing
• Footprinting pen testing is used to determine organisation’s publicly
available information
• The test attempts to gather as much information as possible about
the target organisation from the Internet and other publicly
accessible sources

Prevent DNS
record retrieval
from publically
available
servers

Footprinting
Pen Testing
helps to:

Prevent
social Prevent
engineering information
attempts leakage

CP70044E @2023 33
Methodology

Start

Get proper
authorisation

Perform Footprinting User search engines such as


through search engines Google, Bing, etc.

Perform Google Use tools such as GHDB, MetaGoofil,


hacking SiteDigger, etc.

CP70044E @2023 34
Methodology (cont.)
Create a false identify on
Perform footprinting through
social networking sites such as
social networking sites
Facebook, LinkedIn, etc.

Use tools such as HTTrack


Perform website footprinting Web Site Copier,
BlackWidow, etc.

Use tools such as


Perform email footprinting eMailTrackerPro, PoliteMail,
etc.

Gather competitive Use tools such as Hoovers,


intelligence LexisNexis, Business Wire, etc.

CP70044E @2023 35
Methodology (cont.)

Perform WHOIS Use tools such as SmartWhois,


footprinting Domain Dossier, etc.

Perform DNS Use tools such as DNSstuff,


footprinting DNS records, etc.

Perform network Use tools such as eMailTrackerPro, PoliteMail, etc.


footprinting

Perform Social Implement techniques such as eavesdropping,


Engineering shoulder surfing, and dumpster diving

Document all
findings

CP70044E @2023 36
Report Template

CP70044E @2023 37
Report Template (cont.)

CP70044E @2023 38
Summary
• Footprinting is the process of collecting as much information as possible about a target
network, for identifying various ways to intrude into an organisation’s network system

• It reduces attacker’s focus area to specific range of IP address, networks, domain names,
remote access, etc.
• Attackers use search engines to extract information about a target

• Attackers use social engineering tricks to gather sensitive information from social
networking websites such as Facebook, MySpace, etc.

• Information obtained from target’s websites enables an attacker to build a detailed


map of website’s structure and architecture

• Competitive intelligence is the process of identifying, gathering, analysing, verifying,


and using information about your competitors from resources such as the Internet

• DNS records provide important information about location and type of servers

• Attackers conduct traceroute to extract information about network toplogy, trusted


networks, and firewall locations CP70044E @2023 39
Thank you very much!

CP70044E @2023 40

You might also like