ch 2

MODULE 02: FOOTPRINTING AND RECONNAISSANCE

Learning Objectives

  • LO#01: Explain Footprinting Concepts

  • LO#02: Demonstrate Footprinting through Search Engines

  • LO#03: Demonstrate Footprinting through Web Services

  • LO#04: Demonstrate Footprinting through Social Networking Sites

  • LO#05: Use Different Techniques for Website Footprinting

  • LO#06: Use Different Techniques for Email Footprinting

  • LO#07: Use Different Techniques for Whois Footprinting

  • LO#08: Use Different Techniques for DNS Footprinting

  • LO#09: Use Different Techniques for Network Footprinting

  • LO#10: Demonstrate Footprinting through Social Engineering

  • LO#11: Use Various Footprinting Tools

  • LO#12: Explain Footprinting Countermeasures

LO#01: Explain Footprinting Concepts

What is Footprinting?

  • Definition: Footprinting is the initial phase in an attack on information systems where an attacker collects information about a target network to find various ways to intrude into the system.

Types of Footprinting

  • Passive Footprinting:

    • Involves gathering information about the target without direct interaction.

  • Active Footprinting:

    • Involves gathering information about the target with direct interaction.

Information Obtained in Footprinting

  • Organization Information:

    • Employee details, branch and location details, organizational background, telephone numbers, web technologies used, news articles, press releases, and related documents.

  • Network Information:

    • Domain and sub-domains, network blocks, network topology, trusted routers, firewalls, reachable system IP addresses, Whois records, and DNS records.

  • System Information:

    • Information about webb servers, their OS, web server locations, publicly available email addresses, usernames, and passwords.

Footprinting Methodology

1. Footprinting Techniques

  • Through Search Engines:

    • Utilizes major search engines like Google, Bing, Yahoo!, etc., to extract technological platforms, employee details, login pages, etc.

  • Through Web Services:

    • Tools are used to gather information from various web services.

  • Through Social Networking Sites:

    • Examples include analyzing social network graphs, using people search services, and monitoring alerts/online reputation.

  • Email Footprinting:

    • Involves tracking email communication and analyzing email headers to uncover sensitive information.

  • Whois and DNS Footprinting:

    • Gathering information from Whois databases and DNS records.

  • Network Footprinting:

    • Techniques include IP geolocation lookup, traceroute, and eavesdropping, among others.

LO#02: Demonstrate Footprinting through Search Engines

Footprinting through Search Engines

  • Attackers utilize search engines to extract specific information about targets, such as technologies used, employee details, and sensitive files.

Major Search Engines:

  • Examples: Google, Bing, Yahoo!, Ask, AOL, Baidu, DuckDuckGo.

Advanced Search Operators in Google Hacking

  • Purpose: Create complex queries to extract sensitive information.

  • Common Operators:

    • [cache:]: Displays cached web pages.

    • [allintitle:]: Returns pages with specific keywords in the title.

    • [link:]: Lists web pages linking to a specified page.

    • [site:]: Restricts results to particular domains.

LO#03: Demonstrate Footprinting through Web Services

Finding a Company's TLDs and Sub-domains

  • Utilize search engines to identify a target company's URL and sub-domains.

  • Tools such as Sublist3r can automate the enumeration of sub-domains.

LO#04: Demonstrate Footprinting through Social Networking Sites

Information Gathering

  • Social networks can reveal various information useful for social engineering attacks, such as contacts, emails, and employment history.

  • Online services like Spokeo, Intelius, and LinkedIn enumeration tools (e.g., theHarvester) can assist in this process.

LO#05: Use Different Techniques for Website Footprinting

Website Footprinting Overview

  • Monitors and analyzes target organization's website to gather information such as software versions and contact details.

Techniques include:

  • Examining HTML Source: For comments, contact details, and file paths.

  • Analyzing Cookies: To identify behaviors and technologies used.

  • Using Web Spiders: Automated tools to collect specified information from the target's website.

LO#06: Use Different Techniques for Email Footprinting

Tracking Email Communications

  • Purpose: Monitor delivery of emails to extract information about recipients (e.g., IP addresses, geolocation).

Analyzing Email Headers:

  • Attackers collect detailed information, including sender’s identity, mail servers, and timestamps to build strategies for attacks.

LO#07: Use Different Techniques for Whois Footprinting

Whois Lookup Description

  • Whois databases maintain the personal information of domain owners.

  • Information obtained includes domain registration details, contact data, and historical data about domains.

LO#08: Use Different Techniques for DNS Footprinting

DNS Information Extraction

  • Purpose: DNS records shed light on server types and locations.

  • Tools like Security Trails can be used to query DNS records effectively.

Common DNS Records Types:

  • A Records: Point to IP addresses.

  • MX Records: Point to mail servers.

  • CNAME Records: Canonical names and aliases.

LO#09: Use Different Techniques for Network Footprinting

Identifying Network Ranges

  • Tools such as ARIN allow attackers to discover the IP address ranges used by target organizations, enabling them to map networks.

Traceroute Utility

  • Utilizes ICMP protocol to discover routers along a path to a target host, helping locate devices like routers and firewalls.

LO#10: Demonstrate Footprinting through Social Engineering

Social Engineering Techniques

  • Includes tactics such as eavesdropping, shoulder surfing, dumpster diving, and impersonation to extract confidential information.

Example Techniques:

  • Eavesdropping: Unauthorized listening into conversations.

  • Shoulder Surfing: Secretly observing the target.

LO#11: Use Various Footprinting Tools

Key Tools:

  • Maltego: Connects information between people, organizations, and websites.

  • Recon-ng: Web reconnaissance framework for open-source data gathering.

  • theHarvester: Tool for gathering emails and user information from various sources.

  • FOCA: Extracts metadata from documents.

LO#12: Explain Footprinting Countermeasures

Defensive Measures

  • Restrict employee access to social networking sites.

  • Educate staff on security practices and pseudonyms use.

  • Ensure critical information is secured and limit exposure in public forums.

Summary

In this module, we have discussed:

  • The concepts of footprinting and its importance in cyber security.

  • Various techniques and methodologies for effective footprinting.

  • Tools to conduct footprinting and countermeasures against it.