Week 4-6 [Module 2]: Casing the Environment (Footprinting, and Scanning)

Ethical Hackers

They are tasked with the knowledge skills and experience to perform risk assessments and test systems for security related issues.

Unauthorized Hackers (Black-hat)

Malicious types of hackers who often use their technical skills and knowledge to seize control of computers and operating systems with the intent of stealing valuable data.

Authorized Hackers (White-hat)

They are expected to follow a code of ethics while also following established laws and access permissions when conducting their activities.

Grey-Hat Hackers

Individuals who exploit security vulnerabilities to spread public awareness that the vulnerability exists. They do not share the malicious intent commonly attributed to unauthorized hackers but they also don’t necessarily adhere to a code of ethics.

Roles of an Ethical Hacker

1. Obtain approval from the system owner before executing the security review. 2. Report any security breaches and vulnerabilities discovered within the system. 3. Wipe traces of the hack to ensure that malicious hackers cannot enter the system through identified loopholes.

Footprinting

The process of gathering information about a target system that can be used to execute a successful cyber attack.

Reconnaissance

The information-gathering stage of ethical hacking where you collect data about the target system. The goal is to identify as many potential attack vectors as possible.

Active Footprinting

Performing footprinting by getting in direct touch with the target machine.

Passive Footprinting

Collecting information about a system located at a remote distance from the attacker.

Organization’s Website

It’s the best place to begin for an attacker to look for open-source information which is information freely provided to clients customers or the general public.

Job Websites

Organizations share some confidential data on many JOB websites. For example a posting for "Lighttpd 2.0 Server Administrator" reveals that an organization uses the Lighttpd web server of version 2.0.

Social Media

Most people have the tendency to release most of their information online allowing hackers to create fake accounts to grab information.

Google Hacking

Using basic search techniques combined with advanced operators to do great damage.

Archive.org

A website that collects snapshots of all the websites at a regular interval of time allowing access to older versions of a website.

Wiretap

The attacker tries to record the personal conversation of the target victim with someone that’s being held over communication mediums like the Telephone.

Shoulder Surfing

Attacker tries to catch personal information like email id or password by looking over the victim’s shoulder while they are entering their details.

Sam Spade

A general-purpose Internet utility package with extra features to help in tracing the source of spam and other forms of Internet harassment.

NeoTrace

A well-known GUI route tracer program that graphically displays the route between you and the remote site including all intermediate nodes.

SpiderFoot

A free open-source tool available on Github written in Python that scrapes websites as well as Google Netcraft Whois and DNS.

DNS Enumerator

An automated sub-domain retrieval tool that scans Google to extract the results.

Web Data Extractor

Used to extract targeted company’s contact data (email phone fax) and extract url meta tag (title desc keyword).

Whois

A website that serves a good purpose for Hackers. Through this website information about the domain name email-id and domain owner can be traced.

SmartWhois

A tool that connects to an available database to provide information regarding a domain or host.

People Search (Intelius/Yahoo)

Used to find personal information like residential address contact numbers and satellite pictures of private residences.

Scanning

A network exploration technique used to identify the systems connected to an organization’s network.

Purpose of Scanning

To determine the perimeter of the target network; To provide a map of the network; To create a list of accessible computers; To know the possible applications and vulnerabilities; To know the operating system.

Pinger

A tool that sends an ICMP echo request to a range of IP addresses and lists all hosts that reply (e.g. NetScan Tools Hping).

Port Scanner

A tool that is used to detect services running in a computer and identify open ports (e.g. Netscan SuperScan NMAP).

War Dialers

Tools that are used to scan a range of phone numbers for vulnerable modems (e.g. THC-Scan ToneLoc).

TCP Connect Scan

A widely-used scanning technique in network security that helps identify the status of ports on a target system by establishing a full connection.

TCP SYN (Half-Open) Scan

A tactic used to determine the state of a communications port without establishing a full connection. Sometimes used to perform a DoS attack.

UDP Scan

On the Internet: Used to ID servers for DrDoS attacks. Internally: Used to ID open ports on machines.

Fingerprinting

Used to determine the operating system running in a computer.

Active Fingerprinting

Sends a packet to target computer and based on the response it guesses the OS running in the computer.

Passive Fingerprinting

Examines the packets for differences that can provide clues regarding the type of OS running.

Actionable Defenses

Avoid posting confidential data on social media; Avoid accepting unwanted friend requests; Proper configuration of web servers; Usage of footprinting techniques for identifying and removing sensitive information.