Module 02 - Footprinting and Reconnaissance
Transcription
Module 02 - Footprinting and Reconnaissance
Footprinting and R econnaissance Module 0 2 Ethical Hacking a n d C o u n te rm e a s u re s F o o tp rin tin g a n d R e c o n n a issa n c e Exam 3 1 2-50 C ertified Ethical H acker F o o t p r in t in g a n d R e c o n n a is s a n c e M o d u le 0 2 E th ic a l H a c k in g a n d C o u n te r m e a s u r e s v 8 M o d u l e 0 2 : F o o t p r i n t i n g a n d R e c o n n a is s a n c e E xa m 3 1 2 -5 0 M o d u le 0 2 P ag e 92 Ethical H acking a n d C o u n te rm e a s u re s C opyright © by EC-C0UnCil All Rights R eserved. R ep ro d u ctio n is Strictly P ro h ib ite d . Ethical Hacking a n d C o u n te rm e a s u re s F o o tp rin tin g a n d R e c o n n a issa n c e S e c u r it y ABO UT US Exam 3 1 2 -5 0 C ertified Ethical H acker N e w s PRO DUCTS NEWS F a ceb o ok a 'tre a s u re tro v e ' o f P e rs o n a lly Id e n tifia b le In fo rm a tio n April 1a 2012 Facebook contains a "treasure trove" of personally identifiable information that hackers manage to get their hands on. A report by Imperva revealed that users' "general personal information" can often include a date of birth, home address and sometimes mother's maiden name, allowing hackers to access this and other websites and applications and create targeted spearphishing campaigns. It detailed a concept I call "friend-mapping", where an attacker can get further knowledge of a user’s circle of friends; having accessed their account and posing as a trusted friend, they can cause mayhem. This can include requesting the transfer of funds and extortion. Asked why Facebook is so important to hackers, Imperva senior security strategist Noa Bar-Yosef said: "People also add work friends on Facebook so a team leader can be identified and this can lead to corporate data being accessed, project work being discussed openly, while geo-location data can be detailed for military intelligence." "Hacktivism made up 58 per cent of attacks in the Verizon Data Breach Intelligence Report, and they are going after information on Facebook that can be used to humiliate a person. All types of attackers have their own techniques." http://www.scmogazineuk.com Copyright © by EG-G*ancil. All Rights Reserved. Reproduction Is Strictly Prohibited. ״ am us u ii S e c u r ity N e w s ״־ F a c e b o o k a ,t r e a s u r e t r o v e ״o f P e r s o n a l l y I d e n t i f i a b l e In fo r m a tio n Source: h ttp ://w w w .scm a ga zin e uk.co m Facebook contains a "treasure tro v e " o f p erson a lly id e n tifia b le in fo rm a tio n th a t hackers manage to get th e ir hands on. A re p o rt by Im perva revealed th a t users' "general personal in fo rm a tio n " can o fte n include a date o f b irth , hom e address and som etim es m o the r's m aiden name, a llow ing hackers to access this and o th e r w ebsites and applications and create targe te d spearphishing campaigns. It detailed a concept I call "frie n d -m a p p in g ", w here an a ttacker can get fu rth e r know ledge o f a user's circle o f friends; having accessed th e ir account and posing as a tru ste d frie n d, th e y can cause m ayhem . This can include requesting the tra n sfe r o f funds and e xto rtio n . Asked w hy Facebook is so im p o rta n t to hackers, Im perva se nior se curity strategist Noa BarYosef said: ״People also add w o rk friends on Facebook so a team leader can be id e n tifie d and this can lead to co rp orate data being accessed, p ro ject w o rk being discussed openly, w hile geolocation data can be detailed fo r m ilita ry intelligence." M o d u le 0 2 P ag e 93 Ethical H acking a n d C o u n te rm e a s u re s C opyright © by EC-C0UnCil All Rights R eserved. R ep ro d u ctio n is Strictly P ro h ib ite d . Ethical Hacking a n d C o u n te rm e a s u re s F o o tp rin tin g a n d R e c o n n a issa n c e Exam 3 1 2 -5 0 C ertified Ethical H acker "H acktivism made up 58 per cent o f attacks in the V erizon Data Breach Inte llige n ce R eport, and th e y are going a fte r in fo rm a tio n on Facebook th a t can be used to h um ilia te a person. All types o f attackers have th e ir own techniques." On how attackers get a password in the firs t place, Imperva claim ed th a t d iffe re n t keyloggers are used, w hile phishing kits th a t create a fake Facebook login page have been seen, and a m ore p rim itive m ethod is a brute force attack, w here the a ttacker repeatedly a tte m p ts to guess the user's password. In m ore extrem e cases, a Facebook a d m in is tra to rs rights can be accessed. A lthough it said th a t this requires m ore e ffo rt on the hacker side and is n ot as prevalent, it is the "h o ly g ra il" o f attacks as it provides the hacker w ith data on all users. On p ro te ctio n , Bar-Yosef said the ro ll-o u t o f SSL across the w h o le w ebsite, ra the r than ju s t at the login page, was effective, b ut users still needed to o p t in to this. By Dan Raywood h t t p : / / w w w . s c m a g a z i n e . c o m . a u / F e a t u r e / 2 6 5 0 6 5 , d ig i t i a l - i n v e s t i g a t i o n s - h a v e - m a t u r e d . a s p x M o d u le 0 2 P ag e 94 Ethical H acking a n d C o u n te rm e a s u re s C opyright © by EC-C0UnCil All Rights R eserved. R ep ro d u ctio n is Strictly P ro h ib ite d . Ethical Hacking a n d C o u n te rm e a s u re s F o o tp rin tin g a n d R e c o n n a issa n c e M o d u le Exam 3 1 2-50 C ertified Ethical H acker O b je c t iv e s J F o o tp r in tin g T e rm in o lo g y J W H O IS F o o tp r in tin g J W h a t Is F o o tp r in tin g ? J DNS F o o tp r in tin g J O b je c tiv e s o f F o o tp r in tin g J N e tw o r k F o o tp r in tin g J F o o tp r in tin g th r o u g h S ocial J F o o tp r in tin g T h re a ts C E H E n g in e e rin g W J F o o tp r in tin g th r o u g h S ocial E m a il F o o tp r in tin g J F o o tp r in tin g T ools J C o m p e titiv e In te llig e n c e J F o o tp r in tin g C o u n te rm e a s u re s J F o o tp r in tin g U s in g G o o g le J F o o tp r in tin g P en T e s tin g J W e b s ite F o o tp r in tin g J N e tw o r k in g S ites Copyright © by EC-G*ancil. All Rights Reserved. Reproduction is Strictly Prohibited. t t t f M o d u le O b je c tiv e s This m odule w ill make you fam iliarize w ith th e follo w in g : e F o otp rin tin g Term inologies © WHOIS F o otp rin tin g e W h a t Is Footprinting? © DNS F o otp rin tin g © O bjectives o f F o otp rin tin g © N e tw o rk F o otp rin tin g © F o otp rin tin g Threats © F o otp rin tin g throu g h Social e F ootp rin tin g throu g h Search Engines © W ebsite F ootprinting © Email F o otp rin tin g © F o otp rin tin g Tools © C om petitive Intelligence © F o otp rin tin g Counterm easures © F o otp rin tin g Using Google © F o otp rin tin g Pen Testing Engineering M o d u le 0 2 P ag e 9 5 © F o otp rin tin g throu g h Social N etw orking Sites Ethical H acking a n d C o u n te rm e a s u re s C opyright © by EC-C0UnCil All Rights R eserved. R ep ro d u ctio n is Strictly P ro h ib ite d . Ethical Hacking a n d C o u n te rm e a s u re s F o o tp rin tin g a n d R e c o n n a issa n c e M o d u le Exam 3 1 2 -5 0 C ertified Ethical H acker F lo w Ethical hacking is legal hacking conducted by a p en e tratio n te ste r in o rd er to evaluate the security o f an IT in fra s tru c tu re w ith the perm ission o f an organization. The concept o f ethical hacking cannot be explained or cannot be p erform ed in a single step; th e re fo re , it has been divided in to several steps. F o otp rin tin g is the firs t step in ethical hacking, w here an a ttacker trie s to gather in fo rm a tio n abo u t a target. To help you b e tte r und e rstan d fo o tp rin tin g , it has been d istrib u te d into various sections: Xj C J M o d u le 0 2 P ag e 9 6 F o o tp rin tin g Concepts [|EJ F o o tp rin tin g Tools F o o tp rin tin g Threats Fo o tPr in t' ng C ounterm easures F o o tp rin tin g M e th o d o lo g y F o o tp rin tin g P e n e tra tio n Testing Ethical H acking a n d C o u n te rm e a s u re s C opyright © by EC-C0UnCil All Rights R eserved. R ep ro d u ctio n is Strictly P ro h ib ite d . Ethical Hacking a n d C o u n te rm e a s u re s F o o tp rin tin g a n d R e c o n n a issa n c e Exam 3 1 2-50 C ertified Ethical H acker The F o o tp rin tin g Concepts section fam iliarizes you w ith fo o tp rin tin g , fo o tp rin tin g term in o lo g y, w hy fo o tp rin tin g is necessary, and th e objectives o f fo o tp rin tin g . M o d u le 0 2 P ag e 9 7 Ethical H acking a n d C o u n te rm e a s u re s C opyright © by EC-C0UnCil All Rights R eserved. R ep ro d u ctio n is Strictly P ro h ib ite d . Ethical Hacking a n d C o u n te rm e a s u re s F o o tp rin tin g a n d R e c o n n a issa n c e Exam 3 1 2-50 C ertified Ethical H acker F o o t p r in t in g T e r m in o lo g y Open Source or Passive Information Gathering CEH Active Information Gathering Collect inform ation about a target from the publicly accessible sources Gather inform ation through social engineering on-site visits, interviews, and questionnaires Anonymous Footprinting Pseudonymous Footprinting Gather inform ation from sources where the au thor o f the info rm atio n cannot Collect inform ation that might be published under a diffe ren t name in be identified or traced an attem pt to preserve privacy Organizational or Private Footprinting Internet Footprinting Collect inform ation from an organization's web-based calendar and em ail services Collect inform ation about a target from the Internet Copyright © by EC-G*ancil. All Rights Reserved. Reproduction is Strictly Prohibited. OO ooo —O O F o o tp r in tin g T e r m in o lo g y Before going deep in to the concept, it is im p o rta n t to know th e basic te rm in o lo g y used in fo o tp rin tin g . These term s help you understand the concept o f fo o tp rin tin g and its structures. !,n'nVn'nVI O p e n S o u rc e o r P a s s iv e I n f o r m a t io n G a t h e r in g Open source or passive in fo rm a tio n gathering is the easiest way to collect in fo rm a tio n about the ta rg e t organization. It refers to the process o f gathering in fo rm a tio n fro m the open sources, i.e., publicly available sources. This requires no d ire ct contact w ith the ta rg e t o rg an iza tion . Open sources may include newspapers, television, social n e tw o rkin g sites, blogs, etc. Using these, you can gather in fo rm a tio n such as n e tw o rk boundaries, IP address reachable via the Inte rn e t, operating systems, w eb server so ftw a re used by the ta rg e t n etw o rk, TCP and UDP services in each system, access co n tro l mechanisms, system architecture, in tru sion d etection systems, and so on. A c tiv e I n f o r m a t io n G a th e r in g In active in fo rm a tio n gathering, process attackers m ainly focus on the em ployees o f M o d u le 0 2 P ag e 9 8 Ethical H acking a n d C o u n te rm e a s u re s C opyright © by EC-C0UnCil All Rights R eserved. R ep ro d u ctio n is Strictly P ro h ib ite d . Ethical Hacking a n d C o u n te rm e a s u re s F o o tp rin tin g a n d R e c o n n a issa n c e Exam 3 1 2 -5 0 C ertified Ethical H acker th e ta rg e t organization. Attackers try to e xtract in fo rm a tio n fro m the em ployees by conducting social engineering: on-site visits, interview s, questionnaires, etc. A n o n y m o u s F o o tp r in tin g This refers to the process o f collecting in fo rm a tio n fro m sources anonym ously so th a t yo ur e ffo rts cannot be traced back to you. <— —i P s e u d o n y m o u s F o o t p r i n t i n g Pseudonymous fo o tp rin tin g refers to the process o f collecting in fo rm a tio n fro m the sources th a t have been published on the In te rn e t b ut is n ot d ire ctly linked to the a u th o r's nam e. The in fo rm a tio n may be published under a d iffe re n t name or the a u th o r may have a w ell-established pen name, or the a u th o r may be a co rp orate or gove rn m e n t official and be p ro h ib ite d fro m posting under his or her original nam e. Irrespective o f the reason fo r hiding the a uth or's name, collecting in fo rm a tio n fro m such sources is called pseudonym ous. r *s • V t 4 THI 4 • 4• O r g a n iz a t io n a l o r P r iv a te F o o t p r in t in g Private f o o tp r in t" " in g involves collecting in fo rm a tio n fro m an organization's w e b based calendar and em ail services. | | I n te r n e t F o o tp r in tin g In te rn e t fo o tp rin tin g refers to the process o f collecting in fo rm a tio n o f th e ta rg e t organization's connections to the Internet. M o d u le 0 2 P ag e 9 9 Ethical H acking a n d C o u n te rm e a s u re s C opyright © by EC-C0UnCil All Rights R eserved. R ep ro d u ctio n is Strictly P ro h ib ite d . Ethical Hacking a n d C o u n te rm e a s u re s F o o tp rin tin g a n d R e c o n n a issa n c e W Exam 3 1 2 -5 0 C ertified Ethical H acker h a t I s F o o t p r in t in g ? | F o o tp r in tin g is th e p ro c e s s o f c o lle c tin g as m u c h in fo r m a t io n as p o s s ib le a b o u t a ta r g e t n e tw o r k , f o r id e n tify in g v a rio u s w a y s to in tr u d e in to an o r g a n iz a tio n 's n e t w o r k s y s te m Process involved in Footprinting a Target © D eterm ine th e op eratin g system Collect basic in fo rm a tio n about th e target and its n e tw o rk P erform techniques such as W hois, DNS, n e tw o rk and organizational queries used, pla tfo rm s running , w eb server versions, etc. di i iH a a f, יa a ■ © Find vuln e ra b ilitie s and exploits fo r launching attacks Copyright © by EC-G*ancil. All Rights Reserved. Reproduction is Strictly Prohibited. W h a t Is F o o tp r in tin g ? F o otprinting, the firs t step in ethical hacking, refers to the process o f collecting in fo rm a tio n about a ta rg e t n e tw o rk and its environ m e n t. Using fo o tp rin tin g you can find various ways to in tru d e in to th e ta rg e t organization's n e tw o rk system. It is considered ״m e th o d o lo g ic a l" because critical in fo rm a tio n is sought based on a previous discovery. Once you begin the fo o tp rin tin g process in a m ethodological m anner, you w ill obtain the b lu e p rin t o f the security p ro file o f the ta rg e t organization. Here the te rm "b lu e p rin t" is used because the result th a t you get at the end o f fo o tp rin tin g refers to the unique system p ro file of the ta rg e t organization. There is no single m etho d olog y fo r fo o tp rin tin g as you can trace in fo rm a tio n in several routes. However, this a ctivity is im p o rta n t as all crucial in fo rm a tio n needs to be gathered before you begin hacking. Hence, you should carry o u t the fo o tp rin tin g precisely and in an organized m anner. You can collect in fo rm a tio n about the ta rg e t organization throu g h the means o f fo o tp rin tin g in fo u r steps: 1. Collect basic in fo rm a tio n about the ta rg e t and its n e tw o rk 2. D eterm ine the operating system used, p latform s running, w eb server versions, etc. M o d u le 0 2 P ag e 100 Ethical H acking a n d C o u n te rm e a s u re s C opyright © by EC-C0UnCil All Rights R eserved. R ep ro d u ctio n is Strictly P ro h ib ite d . Ethical Hacking a n d C o u n te rm e a s u re s F o o tp rin tin g a n d R e c o n n a issa n c e Exam 3 1 2 -5 0 C ertified Ethical H acker 3. Perform techniques such as W hois, DNS, n e tw o rk and organizational queries 4. Find vu ln era b ilitie s and exploits fo r launching attacks F urtherm ore, we w ill discuss how to collect basic in fo rm a tio n , d e te rm in e ope ra tin g system o f ta rg e t co m puter, p la tfo rm s running, and w eb server versions, various m ethods o f fo o tp rin tin g , and how to find and e x p lo it v u ln e ra b ilitie s in detail. M o d u le 0 2 P ag e 101 Ethical H acking a n d C o u n te rm e a s u re s C opyright © by EC-C0UnCil All Rights R eserved. R ep ro d u ctio n is Strictly P ro h ib ite d . Ethical Hacking a n d C o u n te rm e a s u re s F o o tp rin tin g a n d R e c o n n a issa n c e W h y Exam 3 1 2 -5 0 C ertified Ethical H acker F o o t p r in t in g ? C E H Urti*W I'n'n'r'n'n' itkM l lUckw W h y F o o tp r in tin g ? For attackers to build a hacking strategy, th e y need to gather in fo rm a tio n about the ta rg e t organization's n etw o rk, so th a t th e y can find the easiest way to break in to the o rg a n iza tio n 's se curity p e rim e te r. As m en tion e d previously, fo o tp rin tin g is the easiest way to gather in fo rm a tio n abo u t the ta rg e t organization; this plays a vital role in the hacking process. F o o tp rin tin g helps to : • K now S ecurity Posture P erform ing fo o tp rin tin g on the ta rg e t organization in a system atic and m ethodical m anner gives the com plete p ro file o f the organization's security posture. You can analyze this re p o rt to figure o u t loopholes in the security posture o f yo u r ta rg e t organization and the n you can build y o u r hacking plan accordingly. • Reduce A tta ck Area By using a com bination o f too ls and techniques, attackers can take an unknow n e n tity (for exam ple XYZ O rganization) and reduce it to a specific range o f dom ain names, n e tw o rk blocks, and individual IP addresses o f systems d ire ctly connected to the Inte rn e t, as w ell as m any o th e r details pertaining to its se curity posture. Build In fo rm a tio n Database M o d u le 0 2 P ag e 102 Ethical H acking a n d C o u n te rm e a s u re s C opyright © by EC-C0UnCil All Rights R eserved. R ep ro d u ctio n is Strictly P ro h ib ite d . Ethical Hacking a n d C o u n te rm e a s u re s F o o tp rin tin g a n d R e c o n n a issa n c e A detailed fo o tp rin t Exam 3 1 2 -5 0 C ertified Ethical H acker provides m axim um in fo rm a tio n about the ta rg e t organization. A ttackers can build th e ir ow n in fo rm a tio n database about security weakness o f the targe t organization. This database can then be analyzed to find the easiest way to break in to the organization's security p erim eter. • D raw N e tw o rk M ap C om bining fo o tp rin tin g techniques w ith too ls such as Tracert allows the a ttacker to create n e tw o rk diagrams o f the ta rg e t organization's n e tw o rk presence. This n e tw o rk map represents th e ir understanding o f the ta rg e ts In te rn e t fo o tp rin t. These n e tw o rk diagrams can guide the attack. M o d u le 0 2 P ag e 103 Ethical H acking a n d C o u n te rm e a s u re s C opyright © by EC-C0UnCil All Rights R eserved. R ep ro d u ctio n is Strictly P ro h ib ite d . Ethical Hacking a n d C o u n te rm e a s u re s F o o tp rin tin g a n d R e c o n n a issa n c e Exam 3 1 2-50 C ertified Ethical H acker O b je c t iv e s O O Collect Network Information 1v Collect System Information C E H 0 Domain name ׳-* Networking protocols 0 Internal domain names 0 VPN Points 0 0 Network blocks IP addresses of the reachable systems 0 0 ACLs IDSes running 0 Rogue websites/private websites 0 Analog/digital telephone numbers 0 TCP and UDP services running 0 Authentication mechanisms 0 Access control Mechanisms and ACL's tf System Enumeration ג U s e r a n d g ro u p n a m e s ־ S y ste m a rc h ite c tu re * S y ste m b a n n e rs * R e m o te s y ste m ty p e • R o u tin g ta b le s • S y ste m n a m e s : S N M P in fo r m a tio n : P a s s w o rd s 0 Employee details 0 Comments in HTML source code 0 0 Collect Organization’s Information o f F o o t p r in t in g Organization's website Company directory 0 Location details 0 Address and phone numbers 0 Security policies implemented 0 Web server links relevant to the organization 0 Background of the organization 0 News articles/press releases Copyright © by EC-G*ancil. All Rights Reserved. Reproduction is Strictly Prohibited. O b je c tiv e s o f F o o t p r in t in g The m ajor in fo rm a tio n , system objectives o f fo o tp rin tin g in fo rm a tio n , and the include collecting organizational the in fo rm a tio n . ta rg e t's n e tw o rk By carrying o ut fo o tp rin tin g at various n e tw o rk levels, you can gain in fo rm a tio n such as: n e tw o rk blocks, n e tw o rk services and applications, system a rchitecture, intrusion d ete ction systems, specific IP addresses, and access co n tro l mechanisms. W ith fo o tp rin tin g , in fo rm a tio n such as em ployee names, phone num bers, contact addresses, designation, and w o rk experience, and so on can also be obtained. C o lle c t N e tw o r k I n f o r m a t io n The n e tw o rk in fo rm a tio n can be gathered by p erfo rm ing a W hois database analysis, trace ro u tin g , etc. includes: Q Domain name Q Internal dom ain names Q N e tw o rk blocks © IP addresses o f the reachable systems -י Rogue w e b site s/p riva te w ebsites M o d u le 0 2 P ag e 104 Ethical H acking a n d C o u n te rm e a s u re s C opyright © by EC-COUIICil All Rights R eserved. R ep ro d u ctio n is Strictly P ro h ib ite d . Ethical H acking a n d C o u n te rm e a s u re s F o o tp rin tin g a n d R e c o n n a issa n c e Q TCP and UDP services running © Access co n tro l mechanisms and ACLs © N e tw orking protocols © VPN points Q ACLs 9 IDSes running © A na lo g /d ig ita l telephone num bers © A u th e n tica tio n mechanisms © System e nu m eration Exam 3 1 2-50 C ertified Ethical H acker C o lle c t S y s te m I n f o r m a t io n Q User and group names © System banners Q Routing tables Q SNMP in fo rm a tio n © System arch itectu re © Remote system type Q System names Q Passwords C o lle c t O r g a n iz a t io n ’ s I n f o r m a t io n Q Employee details Q O rganization's w ebsite Q Company d ire cto ry Q Location details Q Address and phone num bers Q Com m ents in HTML source code Q Security policies im p lem ented Q W eb server links relevant to the organization © Background o f the organization U News articles/press releases M o d u le 0 2 P ag e 105 Ethical H acking a n d C o u n te rm e a s u re s C opyright © by EC-C0UltCil All Rights R eserved. R ep ro d u ctio n is Strictly P ro h ib ite d . Ethical Hacking a n d C o u n te rm e a s u re s F o o tp rin tin g a n d R e c o n n a issa n c e M o d u le Exam 3 1 2 -5 0 C ertified Ethical H acker F lo w So far, we discussed fo o tp rin tin g concepts, and now we w ill discuss the threa ts associated w ith fo o tp rin tin g : ף F o o tp rin tin g Concepts F o o tp rin tin g Tools F o o tp rin tin g C ounterm easures o רF o o tp rin tin g Threats O L) F o o tp rin tin g M e th o d o lo g y xi ?* ר F o o tp rin tin g P e n e tra tio n Testing The F ootp rin tin g Threats section fam iliarizes you w ith the threa ts associated w ith fo o tp rin tin g such as social M o d u le 0 2 P ag e 106 engineering, system and n e tw o rk attacks, corporate espionage, etc. Ethical H acking a n d C o u n te rm e a s u re s C opyright © by EC-C0UnCil All Rights R eserved. R ep ro d u ctio n is Strictly P ro h ib ite d . Ethical Hacking a n d C o u n te rm e a s u re s F o o tp rin tin g a n d R e c o n n a issa n c e Exam 3 1 2 -5 0 C ertified Ethical H acker F o o t p r in t in g J T h r e a ts A tta c k e rs g a th e r v a lu a b le s y s te m a n d n e tw o r k in fo r m a t io n su ch as a c c o u n t d e ta ils , o p e r a tin g s y s te m a n d in s ta lle d a p p lic a tio n s , n e tw o r k c o m p o n e n ts , s e rv e r n a m e s , d a ta b a s e s c h e m a d e ta ils , e tc . fr o m f o o t p r in t in g te c h n iq u e s Types off T h re a ts I n f o r m a t io n P riv a c y C o rp o ra te B u s in e s s L e a ka g e Loss E s p io n a g e Loss J . J Copyright © by EG-G*ancil. All Rights Reserved. Reproduction is Strictly Prohibited. F o o tp r in tin g T h re a ts ם-0-ם As discussed previously, attackers p erfo rm fo o tp rin tin g as the firs t step in an a tte m p t to hack a ta rg e t o rg an iza tion . In the fo o tp rin tin g phase, attackers try to collect valuable system level in fo rm a tio n such as account details, operating system and o th e r so ftw a re versions, server names, and database schema details th a t w ill be useful in the hacking process. The fo llo w in g are various threa ts due to fo o tp rin tin g : S o c ia l E n g in e e r in g W ith o u t using any intrusion m ethods, hackers d ire ctly and in d ire ctly collect in fo rm a tio n throu g h persuasion and various o th e r means. Here, crucial in fo rm a tio n is gathered by th e hackers throu g h em ployees w ith o u t th e ir consent. ©J S y s te m a n d N e tw o r k A tta c k s F ootp rin tin g helps an a ttacker to p erfo rm system and n e tw o rk attacks. Through fo o tp rin tin g , a ttackers can g ath er in fo rm a tio n related to the ta rg e t organization's system co nfig u ra tion , operating system running on the m achine, and so on. Using this in fo rm a tio n , attackers can find the vu ln era b ilitie s present in the ta rg e t system and then can exploit those M o d u le 02 P ag e 107 Ethical H acking a n d C o u n te rm e a s u re s C opyright © by EC-C0UnCil All Rights R eserved. R ep ro d u ctio n is Strictly P ro h ib ite d . Ethical Hacking a n d C o u n te rm e a s u re s F o o tp rin tin g a n d R e c o n n a issa n c e Exam 3 1 2 -5 0 C ertified Ethical H acker v u ln e ra b ilitie s . Thus, attackers can take co ntro l over a ta rg e t system. Sim ilarly, attackers can also take co n tro l over the e ntire n etw o rk. &p a » , In fo r m a tio n L e a k a g e L 3 3 In fo rm a tio n leakage can be a great th re a t to any organization and is o fte n overlooked. If sensitive organizational in fo rm a tio n falls in to the hands o f attackers, then th e y can build an attack plan based on the in fo rm a tio n , o r use it fo r m o n e ta ry benefits. G P —יי P r iv a c y L o s s ׳W ith the help o f fo o tp rin tin g , hackers are able to access the systems and netw orks o f the com pany and even escalate the privileges up to adm in levels. W h a te ve r privacy was m aintained by the com pany is co m p lete ly lost. C o r p o r a t e E s p io n a g e C orporate espionage is one o f the m ajor threa ts to com panies as co m p e tito rs can spy and a tte m p t to steal sensitive data th ro u g h fo o tp rin tin g . Due to this type o f espionage, co m p e tito rs are able to launch sim ilar products in the m arket, affecting the m arket position o f a com pany. B u s in e s s L o s s F o otp rin tin g has a m ajor e ffe ct on businesses such as online businesses and o th e r ecom m erce w ebsites, banking and financial related businesses, etc. Billions o f dollars are lost every year due to m alicious attacks by hackers. M o d u le 0 2 P ag e 108 Ethical H acking a n d C o u n te rm e a s u re s C opyright © by EC-C0UnCil All Rights R eserved. R ep ro d u ctio n is Strictly P ro h ib ite d . Ethical Hacking a n d C o u n te rm e a s u re s F o o tp rin tin g a n d R e c o n n a issa n c e M o d u le Exam 3 1 2-50 C ertified Ethical H acker F lo w Now th a t you are fa m ilia r w ith fo o tp rin tin g concepts and threats, we w ill discuss the fo o tp rin tin g m ethodology. The fo o tp rin tin g m e thodology section discusses various techniques used to collect in fo rm a tio n about the ta rg e t o rg a n iza tio n fro m d iffe re n t sources. x F o o tp rin tin g Concepts ן־דיןן F o o tp rin tin g Threats G O M o d u le 0 2 P ag e 109 F o o tp rin tin g M e th o d o lo g y F o o tp rin tin g Tools F o o tp rin tin g C ounterm easures v! F o o tp rin tin g P e n e tra tio n Testing Ethical H acking a n d C o u n te rm e a s u re s C opyright © by EC-C0UnCil All Rights R eserved. R ep ro d u ctio n is Strictly P ro h ib ite d . Ethical Hacking a n d C o u n te rm e a s u re s F o o tp rin tin g a n d R e c o n n a issa n c e Exam 3 1 2 -5 0 C ertified Ethical H acker F o o t p r in t in g M e t h o d o lo g y Footprinting through Search Engines WHOIS Footprinting Website Footprinting DNS Footprinting Email Footprinting Network Footprinting Competitive Intelligence Footprinting through Social Engineering Footprinting using Google Footprinting through Social Networking Sites E H Copyright © by EG-G*ancil. All Rights Reserved. Reproduction is Strictly Prohibited. I— ^ F o o tp r in tin g M e th o d o lo g y The fo o tp rin tin g m etho d olog y is a procedural way o f co lle ctin g in fo rm a tio n about a ta rg e t organization fro m all available sources. It deals w ith gathering in fo rm a tio n abo u t a targe t organization, d e te rm in in g URL, location, establishm ent details, num ber o f em ployees, the specific range o f dom ain names, and contact in fo rm a tio n . This in fo rm a tio n can be gathered fro m various sources such as search engines, W hois databases, etc. Search engines are the main in fo rm a tio n sources w here you can find valuable in fo rm a tio n about y o u r ta rg e t o rg an iza tion . Therefore, firs t we w ill discuss fo o tp rin tin g throu g h search engines. Here we are going to discuss how and w h a t in fo rm a tio n we can collect throu g h search engines. Examples o f search engines include: w w w .g o o g le .c o m ,w w w .y a h o o .c o m ,w w w .bing.com M o d u le 0 2 P ag e 110 Ethical H acking a n d C o u n te rm e a s u re s C opyright © by EC-C0UnCil All Rights R eserved. R ep ro d u ctio n is Strictly P ro h ib ite d . Ethical Hacking a n d C o u n te rm e a s u re s F o o tp rin tin g a n d R e c o n n a issa n c e F o o tp r in tin g Exam 3 1 2 -5 0 C ertified Ethical H acker th ro u g h S e a rc h E n g in e s A tta cke rs use search e n gines to e x tra c t in fo rm a tio n a b o u t a ta r g e t such as te c h n o lo g y p la tfo rm s , e m p lo y e e de ta ils, login pages, in tra n e t p o rta ls , etc. w h ic h Microsoft »0aMus•»»!*•>>**•rcicspthi Mciim*Cxivxaco MC.rr 1nmAnmw helps in p e rfo rm in g social e n g in e e rin g and M icrosoft o th e r ty p e s o f ad vanced system a ttacks ndP»>bur*, Ajn4 1V: J ■ MCDMTzerperator nth■ Search e n g in e cache m a y p ro v id e s e n s itiv e i1m:amiiwm 1yw<n•wm ■MiMSOOS<11Mr*& IIMl tv|h*tiV.row*Midm Int 31aptntnj in fo rm a tio n th a t has been re m o v e d fro m 11bM-nar«'MI*1he•hut tot• crtMdan■MmjMhiM trfQur•* *rtV/Kti *1mMarot* •«»>»*״ Snc. in• 1*101 11• <pnu>V'• «׳tn«w •-••* איan s* יי th e W o rld W id e W eb (W W W ) F o o tp r in tin g th r o u g h S e a r c h E n g in e s w , ----- A w eb search engine is designed to search fo r in fo rm a tio n on the W orld W ide W eb. The search results are generally presented in a line o f results o fte n referred to as search engine results pages (SERPs). In the present w o rld , many search engines a llo w you to e xtract a ta rg e t organization's in fo rm a tio n such as technology platform s, em ployee details, login pages, in tra n e t portals, and so on. Using this in fo rm a tio n , an a ttacker may build a hacking stra teg y to break in to the ta rg e t organization's n e tw o rk and may carry o u t o th e r types o f advanced system attacks. A Google search could reveal submissions to forum s by security personnel th a t reveal brands o f fire w a lls or a n tiviru s s o ftw a re in use at the target. Som etim es even n e tw o rk diagrams are fou n d th a t can guide an attack. If you w a n t to fo o tp rin t the ta rg e t organization, fo r exam ple XYZ pvt ltd, the n type XYZ pvt ltd in the Search box o f the search engine and press Enter. This w ill display all the search results containing the keywords "XYZ pvt ltd ." You can even n arro w dow n the results by adding a specific keyw ord w h ile searching. Furtherm ore, we w ill discuss o th e r fo o tp rin tin g tech n iq ue s such as w ebsite fo o tp rin tin g and em ail Footprinting. For exam ple, consider an organization, perhaps M icroso ft. Type M icro so ft in the Search box o f a search engine and press Enter; this w ill display all the results containing in fo rm a tio n about M icroso ft. Browsing the results may provide critical in fo rm a tio n such as physical lo ca tion , M o d u le 0 2 P ag e 111 Ethical H acking a n d C o u n te rm e a s u re s C opyright © by EC-C0UnCil All Rights R eserved. R ep ro d u ctio n is Strictly P ro h ib ite d . Ethical Hacking a n d C o u n te rm e a s u re s F o o tp rin tin g a n d R e c o n n a issa n c e Exam 3 1 2 -5 0 C ertified Ethical H acker co nta ct address, the services o ffered, n um ber o f em ployees, etc. th a t may prove to be a valuable source fo r hacking. O © wcbcachc.googleusercontent.com scarch?q-cache:ARbFVg INvoJ:cn.wikipcdia.org/wiki/Micn & ,|ן This is Google's cache of http i/e n wikipedia 0rgAviki/Microsoft t is a snapshot of the page as it appeared on 17 Jul 2012 13:15:03 GMT The current page could have changed in the meantirre Learn more Text-only /ersicn Create account & Log in Read View source View history Microsoft - 47'38*22 55״N 122‘74242־W From Wikipedia. the free encyclopedia Main page Contents Featured content Current events Random artide Donate to vviKipeaia Interaction Help About Wikipedia Community portal Recent changes Contact Wikipedia ► Print/export ▼ Languages Microsoft Corporation (NASDAQ: MSFTt? ) is ar American multinational corporation headquartered n ReJrrond. Washington. United States that develops, manufactures licenses, and supports a wide range cf products ard services rolatod to computing. Tho company was foundoc by Bill Gatos and Paul Allen on Apr J 4. 1975. Microsoft is the world's largest software corporation measured by revenues Microsoft was established to develop and sell BASC inteipieteis foi the Altai! 8800 II rose 1 0 dominate the home computer operating system market wth MS-OOS n the mid• 1980s followed by the Microsoft Wndows line of operating systems The company’s 1986 initial public oferng. and subsequent rise in the share price, created ar estimated three billionaires and 12.000 millionaires from Microsoft employees Since the 1990s. the company has increasingly dr\ersrf1 ed from the operating system market. In May 2011 Microsoft acquired Skype for $8 5 billion in its largest acquisition to date PI Microsort corporation M ic r o s o f t ׳ Type Rjblc Traded as NASDAQ: MSFT ^ SEHK: 4333 (£> Cow Jones Industrial Average component NASDAQ-100 component S&P50D component Induttry Computer tofiwar• Onlir• t#rvic♦• Video gorroo Founded Albuquerque, New Mexico, United States (April 4,1975) Founder(•) Bill Gates, Paul Alien Headquarters Microsoft Redmond Campts, FIGURE 2 .1 : S c re e n s h o t s h o w in g in fo r m a tio n a b o u t M ic ro s o ft As an ethical hacker, if you find any sensitive in fo rm a tio n o f yo u r com pany in the search engine result pages, you should rem ove th a t in fo rm a tio n . A lthough you rem ove the sensitive in fo rm a tio n , it may still be available in a search engine cache. Therefore, you should also check the search engine cache to ensure th a t the sensitive data is rem oved p e rm a n e n tly. M o d u le 0 2 P ag e 112 Ethical H acking a n d C o u n te rm e a s u re s C opyright © by EC-C0UnCil All Rights R eserved. R ep ro d u ctio n is Strictly P ro h ib ite d . Ethical Hacking a n d C o u n te rm e a s u re s F o o tp rin tin g a n d R e c o n n a issa n c e F in d in g Exam 3 1 2-50 C ertified Ethical H acker C o m p a n y ’s E x t e r n a l a n d C E H In te rn a l U R L s Tools to Search Internal URLs Search fo r th e ta rg e t com pany's exte rna l URL in a search engine such as Google o r Bing Interna l URLs pro v id e an in sig h t in to d iffe re n t d e p a rtm e n ts and business u n its in 5 h ttp ://n e w s .n e tc ra ft.c o m 6 h ttp ://w w w .w e b m a ste r-a .c o m / lin k -e x tra c to r-in te rn a l.p h p an organization You m ay fin d an in te rn a l com pany's URL by tria l and e rro r m e th o d A Internal URL’s of microsoft.com t) su p p o rt.m ic ro so ft.c o m e o ffic e .m ic ro so ft.c o m s se a rc h .m ic ro so ft.c o m 0 m sd n .m ic ro so ft.c o m O u p d a te .m ic ro so ft.co m 6 tech n et.m ic ro so ft.co m 0 w in d o w s.m icro so ft.co m f j ^ , Copyright © by EG-G(IIIICil. All Rights Reserved. Reproduction is Strictly Prohibited. F in d in g C o m p a n y ’s E x te rn a l a n d In te r n a l U R L s A com pany's external and internal URLs provide a lo t o f useful in fo rm a tio n to the attacker. These URLs describe the com pany and provide details such as the com pany mission and vision, history, products or services o ffered, etc. The URL th a t is used o u tsid e th e co rp o ra te n e tw o rk fo r accessing the com pany's vault server via a fire w a ll is called an external URL. It links d ire ctly to the com pany's external w eb page. The ta rg e t com pany's external URL can be dete rm ine d w ith the help o f search engines such as Google o r Bing. If you w a n t to find the external URL o f a com pany, fo llo w these steps: 1. Open any o f the search engines, such as Google or Bing. 2. Type th e name o f the ta rg e t com pany in the Search box and press Enter. The in terna l URL is used fo r accessing the com pany's va ult server d ire ctly inside th e corporate n etw o rk. The in terna l URL helps to access the internal fun ctio ns o f a com pany. M ost companies use com m on fo rm a ts fo r in terna l URLs. Therefore, if you know th e e xte rn a l URL o f a com pany, you can p redict an in terna l URL throu g h tria l and error. These in terna l URLs provide insight into d iffe re n t d ep a rtm e nts and business units in an organization. You can also find the in terna l URLs o f an organization using tools such as netcraft. Tools to Search In te rn a l URLs M o d u le 0 2 P ag e 113 Ethical H acking a n d C o u n te rm e a s u re s C opyright © by EC-C0UnCil All Rights R eserved. R ep ro d u ctio n is Strictly P ro h ib ite d . Ethical Hacking a n d C o u n te rm e a s u re s F o o tp rin tin g a n d R e c o n n a issa n c e Exam 3 1 2 -5 0 C ertified Ethical H acker N e tc ra ft Source: h ttp ://n e w s .n e tc ra ft.c o m N e tcra ft deals w ith w eb server, w eb hosting m arke t-sh are analysis, and operating system d ete ction . It provides free anti-phishing to o lb a r (Net cra ft to o lb a r) fo r Firefox as w ell as In te rn e t Explorer browsers. The n etcra ft to o lb a r avoids phishing attacks and p rotects the In te rn e t users fro m fraudsters. It checks th e risk rate as w ell as the hosting location o f the w ebsites we visit. L in k E x tra c to r Source: h ttp ://w w w .w e b m a s te r-a .c o m /lin k -e x tra c to r-in te rn a l.p h p Link E xtractor is a link extraction u tility th a t allows you to choose betw een external and internal URLs, and w ill re turn a plain list o f URLs linked to or an h tm l list. You can use this u tility to c o m p e tito r sites. Examples o f in te rn a l URLs o f m icro so ft.co m : © su pp o rt.m icro so ft.co m © o ffice .m icroso ft.co m © search.m icrosoft.com © m sdn.m icrosoft.com © u pd ate.m icrosoft.com © tech n e t.m icro so ft.co m © w in d ow s.m icro so ft.co m M o d u le 0 2 P ag e 114 Ethical H acking a n d C o u n te rm e a s u re s C opyright © by EC-C0UnCil All Rights R eserved. R ep ro d u ctio n is Strictly P ro h ib ite d . Ethical Hacking a n d C o u n te rm e a s u re s F o o tp rin tin g a n d R e c o n n a issa n c e Exam 3 1 2 -5 0 C ertified Ethical H acker P u b lic a n d R e s t r ic t e d W e b s it e s C E H Urt1fw4 ilh iu l lUtbM WelcometoMicrosoft Irocua Dt+noaSz Sicuity Stifpcrt Su http://www.microsoft.com Public Website http://offlce.microsoft.com http://answers.microsoft.com R estricted Website Copyright © by EG-G(IIIICil. All Rights Reserved. Reproduction is Strictly Prohibited. P u b lic a n d R e s t r ic t e d W e b s ite s —___ , A public w ebsite is a w ebsite designed to show the presence o f an organization on the Inte rn e t. It is designed to a ttra c t custom ers and p artners. It contains in fo rm a tio n such as com pany history, services and products, and contact in fo rm a tio n o f the organization. The fo llo w in g screenshot is an exam ple o f a public w ebsite: Source: h ttp ://w w w .m ic ro s o ft.c o m M o d u le 0 2 P ag e 115 Ethical H acking a n d C o u n te rm e a s u re s C opyright © by EC-C0UnCil All Rights R eserved. R ep ro d u ctio n is Strictly P ro h ib ite d . Ethical Hacking a n d C o u n te rm e a s u re s F o o tp rin tin g a n d R e c o n n a issa n c e Exam 3 1 2 -5 0 C ertified Ethical H acker FIGURE 2 .2 : A n e x a m p le o f p u b lic w e b s ite A restricted w ebsite is a w ebsite th a t is available to only a fe w people. The people may be em ployees o f an organization, m em bers o f a d ep a rtm e n t, etc. R estrictions can be applied based on the IP num ber, dom ain or subnet, username, and password. Restricted or private w ebsites of m icrosoft.com include: h ttp ://te c h n e t.m ic ro s o ft.c o m , h ttp ://w in d o w s .m ic ro s o ft.c o m , h ttp ://o ffic e .m ic ro s o ft.c o m , and h ttp ://a n s w e rs .m ic ro s o ft.c o m . M o d u le 0 2 P ag e 116 Ethical H acking a n d C o u n te rm e a s u re s C opyright © by EC-C0UnCil All Rights R eserved. R ep ro d u ctio n is Strictly P ro h ib ite d . Ethical Hacking a n d C o u n te rm e a s u re s F o o tp rin tin g a n d R e c o n n a issa n c e 4־ C Exam 3 1 2-50 C ertified Ethical H acker Hc*w*OT*<r©10״U0*n M icrosoft |TechNet Wi*• I TKMCINfMS IVMUAIIOM iMMI IK fVINIl .<*<»% Supl**•' U*VKTU*I% < IKHM lM kOC Discover the New Office for IT Prc י י » *זי0* |(«4a> tNc«r iecK ew r Shw1»ew1 » 1 >• I Tc<»C«mer Ntw Office 10*IT*tot IW ftM T IjcMno« W I *o I V^* < jq *o ׳S«e 0*Ve X i l n t e w I«K «*׳er bcneJO Il י E ZESZ1 N BO U n lUMOtt ■WACtt U V f jm MW—.0*01 Welcome to Office F - . ML i with Office 365 FIGURE 2 .3 : E xam p le s o f P u b lic a n d R e s tric te d w e b s ite s M o d u le 0 2 P ag e 117 Ethical H acking a n d C o u n te rm e a s u re s C opyright © by EC-C0UnCil All Rights R eserved. R ep ro d u ctio n is Strictly P ro h ib ite d . Ethical Hacking a n d C o u n te rm e a s u re s F o o tp rin tin g a n d R e c o n n a issa n c e C o lle c t Exam 3 1 2 -5 0 C ertified Ethical H acker L o c a tio n I n f o r m a t io n C E H Use Google Earth tool to get the location of the place C o lle c t L o c a tio n I n f o r m a t io n In fo rm a tio n such as physical location o f the organization plays a vital role in the hacking process. This in fo rm a tio n can be obtained using the fo o tp rin tin g technique. In a ddition to physical location, we can also collect in fo rm a tio n such as surrounding public Wi-Fi hotspots th a t may prove to be a way to break in to th e ta rg e t o rg a n iza tio n 's n e tw o rk . A ttackers w ith the know ledge o f a ta rg e t organization's location may a tte m p t d um pste r diving, surveillance, social engineering, and o th e r non-technical attacks to gather much m ore in fo rm a tio n abo u t the ta rg e t organization. Once the location o f the ta rg e t is know n, detailed sa tellite images o f the location can be obtained using various sources available on the In te rn e t such as h ttp ://w w w .g o o g le .c o m /e a rth and h ttp s://m a p s.g o o g le .co m . A ttackers can use this in fo rm a tio n to gain u n a u th o rize d access to buildings, w ired and wireless netw orks, systems, and so on. Exam ple: earth .g oo g le.co m Google Earth is a valuable to o l fo r hacking th a t allows you to fin d a location, point, and zoom in to th a t location to explore. You can even access 3D images th a t depict m ost o f the Earth in high-resolution detail. M o d u le 0 2 P ag e 118 Ethical H acking a n d C o u n te rm e a s u re s C opyright © by EC-C0UnCil All Rights R eserved. R ep ro d u ctio n is Strictly P ro h ib ite d . Ethical Hacking a n d C o u n te rm e a s u re s F o o tp rin tin g a n d R e c o n n a issa n c e * Pldcwe Exam 3 1 2 -5 0 C ertified Ethical H acker * יג*י U, PI0C63 C טfarperar/Phcej * Liytit S 0 Je Q«>flr«wr1cvyec O S fto•* 5 O BuMngo t£ '* :troct >‘osv * HrBcrln <rdLateti □ Q ►011c ם יo **־׳־ 5. 0 * OflHory &Dt • □ v ODCviAwirvrwvt Ftaeeeofiwrroit ס ם יMo• B fcffim FIGURE 2 .4 : G o o g le E arth s h o w in g lo c a tio n Exam ple: m aps.google.com Google Maps provides a S treet V iew fe a tu re th a t provides you w ith a series o f images o f building, as w ell as its surroundings, including WI-FI n e tw o rks. A ttackers may use Google Maps to find or locate entrances to buildings, security cameras, gates, places to hide, w eak spots in p e rim e te r fences, and u tility resources like e le ctricity connections, to measure distance betw een d iffe re n t objects, etc. .־ =ssa C fi https' maps.google.fc •You Starch Imago* Mall .» \ l Oocuinont• Calondai Shot ConUctt Map • Google G«t ArtcM**• My piac•! A oo < Om Okxh S«*fchn#*rby S*v»tom*p mor*» *•port • poC4«m. U«C* L*M• H«lp Ooogi• U«e* ■•M i: Ooo#• rwim 01 Um • * *♦יי FIGURE 2 .5 : G o o g le M a p s s h o w in g a S tre e t V ie w M o d u le 0 2 P ag e 119 Ethical H acking a n d C o u n te rm e a s u re s C opyright © by EC-C0UnCil All Rights R eserved. R ep ro d u ctio n is Strictly P ro h ib ite d . Ethical Hacking a n d C o u n te rm e a s u re s F o o tp rin tin g a n d R e c o n n a issa n c e Exam 3 1 2-50 C ertified Ethical H acker P e o p le S e a r c h C E H In f o r m a t io n a b o u t a n in d iv id u a l c a n b e T h e p e o p le search re tu rn s th e fo llo w in g f o u n d a t v a r io u s p e o p le s e a rc h in fo rm a tio n a b o u t a p e rs o n : w e b s ite s frfi “ Residential addresses and email addresses S Contact numbers and date of birth S Photos and social networking profiles £ Blog URLs S Satellite pictures of private residencies P‘P* ! i s 2!;״ K ttje O.I* , tan CA.U»we*•«*•■<*U http://w w w .spokeo.com http://pipl.com Copyright © by EG-C*ancil. All Rights Reserved. Reproduction is Strictly Prohibited. P e o p le S e a rc h You can use the public record w ebsites to find in fo rm a tio n about people's email addresses, phone num bers, house addresses, and o th e r in fo rm a tio n . Using this in fo rm a tio n you can try to obtain bank details, cre d it card details, m obile num bers, past history, etc. There are m any people search online services available th a t help find people, h ttp ://p ip l.c o m and h ttp ://w w w .s p o k e o .c o m are examples o f people search services th a t a llow you to search fo r the people w ith th e ir name, em ail, username, phone, or address. These people search services m ay p ro vid e in fo rm a tio n such as: Q Residential addresses and em ail addresses O Contact num bers and date o f b irth Q Photos and social n e tw o rkin g profiles © Blog URLs © Satellite pictures o f p riva te residences M o d u le 0 2 P ag e 120 Ethical H acking a n d C o u n te rm e a s u re s C opyright © by EC-C0UnCil All Rights R eserved. R ep ro d u ctio n is Strictly P ro h ib ite d . Ethical Hacking a n d C o u n te rm e a s u re s F o o tp rin tin g a n d R e c o n n a issa n c e M o d u le 0 2 P ag e 121 Exam 3 1 2-50 C ertified Ethical H acker Ethical H acking a n d C o u n te rm e a s u re s C opyright © by EC-C0UnCil All Rights R eserved. R ep ro d u ctio n is Strictly P ro h ib ite d . E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s Exam 312-50 C e r t i f i e d E t h ic a l H a c k e r F o o t p r in t in g a n d R e c o n n a is s a n c e People Search Online Services CEH M M Zaba Search 123 People Search http://www.zabasearch.com http://www.123people, com C Zoomlnfo % http://www.zoominfo.com PeekYou http://www.peekyou.com W ink People Search Intelius http://wink.com http://www.intelius.com AnyW ho PeopleSmart http://www.anywho.com & http://www.peoplesmart.com m o• I P V / >— J http://www.whitepages.com People Lookup WhitePages https://www.peoplelookup.com S® Copyright © by EG-G(IIIICil. All Rights Reserved. Reproduction is Strictly Prohibited. .3 ;► P e o p le — ׳׳ S e a r c h O n l i n e S e r v ic e s A t p r e s e n t, m a n y I n t e r n e t u s e rs a re u s in g p e o p le s e a rc h e n g in e s t o fin d in fo rm a tio n a b o u t o t h e r p e o p le . M o s t o fte n p e o p le s e a rc h e n g in e s p ro v id e p e o p le 's n a m e s , a d d re s s e s , a n d c o n ta c t d e ta ils . S o m e does, b u s in e s s e s p e o p le owned by se a rc h a e n g in e s p e rs o n , m ay c o n ta c t a ls o reveal th e n u m b e rs, ty p e com pany o f w o rk e m a il an in d iv id u a l a d d re ss e s , m o b ile n u m b e r s , fa x n u m b e r s , d a te s o f b ir t h , p e r s o n a l - m a il a d d re s s e s , e tc . T h is i n f o r m a t i o n p r o v e s t o b e h ig h ly b e n e fic ia l f o r a tta c k e r s t o la u n c h a tta c k s . S o m e o f t h e p e o p le s e a rc h e n g in e s a re lis te d as f o llo w s : Z a b a S e a r c h S o u rce : h ttp ://w w w .z a b a s e a rc h .c o m Zaba S e a rch is a p e o p le s e a rch e n g in e n u m b e r , c u r r e n t lo c a tio n , e tc . o f p e o p le th a t in t h e p ro v id e s in fo rm a tio n such as a d d re ss, US. It a llo w s y o u t o s e a r c h f o r p e o p l e phone b y th e ir name. Z o o m ln f o S o u rce : h ttp ://w w w .z o o m in fo .c o m M o d u le 02 P a g e 122 E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s C o p y r ig h t © b y E C -C 0U n C il A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d . E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s Exam 312-50 C e r t i f i e d E t h ic a l H a c k e r F o o t p r in t in g a n d R e c o n n a is s a n c e Zoom I n f o is a b u s i n e s s p e o p l e d i r e c t o r y u s i n g w h i c h y o u c a n f i n d p ro fe s s io n a l p ro file s , b io g ra p h ie s , w o r k h is to rie s , a ffilia tio n s , b u s in e s s c o n ta c ts , p e o p le 's lin k s t o e m p lo y e e p ro file s w ith v e rifie d c o n ta c t in fo rm a tio n , a n d m o re . W צ_ו in k P e o p le S e a rc h E. S o u rce : h ttp ://w in k .c o m W i n k P e o p l e S e a r c h is a p e o p l e s e a r c h e n g i n e t h a t p r o v i d e s i n f o r m a t i o n a b o u t p e o p l e b y n a m e a n d l o c a t io n . It g iv e s p h o n e n u m b e r , a d d r e s s , w e b s it e s , p h o t o s , w o r k , s c h o o l, e tc . ״ A n y W h o S o u rce : h ttp ://w w w .a n y w h o .c o m A n y W h o is a w e b s i t e t h a t h e l p s y o u f i n d in f o r m a t io n a b o u t p e o p le , t h e ir b u s in e s s e s , a n d t h e ir l o c a t i o n s o n l i n e . W i t h t h e h e l p o f a p h o n e n u m b e r , y o u c a n g e t a ll t h e d e t a i l s o f a n i n d i v i d u a l . P e o p le L o o k u p S o u rc e: h ttp s ://w w w .p e o p le lo o k u p .c o m P e o p l e L o o k u p is a p e o p l e s e a r c h e n g i n e t h a t a l l o w s y o u t o f i n d , l o c a t e , a n d t h e n c o n n e c t w i t h p e o p l e . It a ls o a llo w s y o u t o lo o k u p a p h o n e n u m b e r , s e a rc h f o r c e ll n u m b e r s , f i n d a n a d d r e s s o r p h o n e n u m b e r , a n d s e a r c h f o r p e o p l e in t h e U S. T h is d a t a b a s e u s e s i n f o r m a t i o n f r o m p u b lic re co rd s. 1 2 3 P e o p le S e a r c h S ource: h t t p : / / w w w . 1 2 3 p e o p l e . c o m 123 P e o p le S e a rc h is a p e o p l e s e a rc h to o l th a t a llo w s y o u to fin d in fo rm a tio n such as p u b lic re c o rd s , p h o n e n u m b e r s , a d d re s s e s , im a g e s , v id e o s , a n d e m a il a d d re s s e s . P e e k Y o u S o u rce : h ttp ://w w w .p e e k y o u .c o m PeekYou is a p e o p le se a rc h e n g in e th a t a llo w s you to se a rch fo r p ro file s and c o n ta c t i n f o r m a t i o n o f p e o p l e in I n d i a a n d c i t i e s ' t o p e m p l o y e r s a n d s c h o o l s . It a l l o w s y o u t o s e a r c h f o r th e p e o p le w ith th e ir n a m e s o r u s e rn a m e s . I n t e liu s S o u rce : h ttp ://w w w .in te liu s .c o m I n t e l i u s is a p u b l i c r e c o r d s b u s i n e s s t h a t p r o v i d e s i n f o r m a t i o n s e r v i c e s . It a llo w s y o u t o s e a rc h f o r t h e p e o p l e in U S w i t h t h e i r n a m e , a d d r e s s , p h o n e n u m b e r , o r e m a i l a d d r e s s . M o d u le 02 P a g e 123 E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s C o p y r ig h t © b y E C -C 0U n C il A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d . E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s Exam 312-50 C e r t i f i e d E t h ic a l H a c k e r F o o t p r in t in g a n d R e c o n n a is s a n c e P e o p le S m a r t S o u rce : h ttp ://w w w .p e o p le s m a r t.c o m P e o p l e S m a r t is a p e o p l e s e a r c h s e r v i c e t h a t a l l o w s y o u t o f i n d p e o p l e ' s w o r k i n f o r m a t i o n w i t h t h e i r n a m e , c i t y , a n d s t a t e . In a d d i t i o n , i t a l l o w s y o u t o p e rfo rm re ve rse p h o n e lo o k u p s , e m a il s e a rc h e s , s e a rc h e s b y a d d re s s , a n d c o u n ty se a rch e s. M o d u le 02 P a g e 124 E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s C o p y r ig h t © b y E C -C 0U n C il A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d . E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s Exam 312-50 C e r t i f i e d E t h ic a l H a c k e r F o o t p r in t in g a n d R e c o n n a is s a n c e W h ite P a g e s S o u rce : h ttp ://w w w .w h ite p a g e s .c o m W h ite P a g e s is a p e o p l e se a rc h e n g in e th a t p ro v id e s in fo rm a tio n about p e o p le by nam e and lo c a tio n . U s in g t h e p h o n e n u m b e r , y o u c a n f in d t h e p e r s o n 's a d d re s s . M o d u le 02 P a g e 125 E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s C o p y r ig h t © b y E C -C 0U n C il A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d . E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s 312-50 C e r t i f i e d Exam E t h ic a l H a c k e r F o o t p r in t in g a n d R e c o n n a is s a n c e People SearchonSocial Networking Services CEH http://www.facebook. com http://www.Iinkedin.com r Google♦ ft R30er Feoerer mrtKbm IlH 1 ti t tIKSt Bo—1 m towp»m 1*» י־ I M S « *־ http://twitter.com https://plus,google,com Copyright © by EG-G(IIIICil. All Rights Reserved. Reproduction is Strictly Prohibited. P e o p le S e a r c h o n S o c ia l N e t w o r k i n g S e r v ic e s S e a r c h i n g f o r p e o p l e o n s o c i a l n e t w o r k i n g w e b s i t e s is e a s y . S o c i a l n e t w o r k i n g s e r v i c e s a re th e o n lin e s e rv ic e s , p la tfo rm s , or s ite s th a t fo c u s on fa c ilita tin g th e b u ild in g of s o c ia l n e t w o r k s o r s o c i a l r e l a t i o n s a m o n g p e o p l e . T h e s e w e b s i t e s p r o v i d e i n f o r m a t i o n t h a t is p r o v i d e d b y u se rs. H e re , p e o p le a re d ir e c tly o r in d ir e c tly re la te d t o e a c h o th e r b y c o m m o n in te re s t, w o r k lo c a tio n , o r e d u c a tio n a l c o m m u n itie s , e tc . S o c ia l n e t w o r k i n g s ite s a l l o w a re u p d a te d in a n n o u n c e m e n ts rea l tim e . and p e o p le t o s h a re in f o r m a t io n q u ic k ly a n d e f f e c tiv e ly as th e s e s ite s It a llo w s in v ita tio n s , u p d a tin g and fa c ts about u p c o m in g so o n . T h e r e f o r e , s o c ia l o r c u rr e n t e v e n ts , n e tw o rk in g s ite s p ro v e rece n t to be a g re a t p la t f o r m f o r s e a rc h in g p e o p le a n d t h e ir r e la te d in fo r m a tio n . T h r o u g h p e o p le s e a rc h in g o n s o c i a l n e t w o r k i n g s e r v i c e s , y o u c a n g a t h e r c r it ic a l i n f o r m a t i o n t h a t w i l l b e h e l p f u l in p e r f o r m i n g s o c ia l e n g in e e r in g o r o t h e r k in d s o f a tta c k s . M a n y s o c ia l n e t w o r k i n g s ite s a llo w v is it o r s t o s e a rc h f o r p e o p le w i t h o u t r e g is t r a t io n ; t h is m a k e s p e o p le s e a r c h in g o n s o c ia l n e t w o r k i n g s ite s a n e a s y ta s k f o r y o u . Y o u c a n s e a rc h a p e r s o n u s in g n a m e , e m a i l , o r a d d r e s s . S o m e s i t e s a l l o w y o u t o c h e c k w h e t h e r a n a c c o u n t is c u r r e n t l y i n u s e o r n o t. T h is a llo w s y o u t o c h e c k t h e s ta tu s o f t h e p e r s o n y o u a re lo o k in g fo r. S o m e o f s o c ia l n e t w o r k i n g s e rv ic e s a re as f o llo w s : M o d u le 02 P a g e 126 E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s C o p y r ig h t © b y E C -C 0U n C il A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d . E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s Exam 312-50 C e r t i f i e d E t h ic a l H a c k e r F o o t p r in t in g a n d R e c o n n a is s a n c e F a c e b o o k S o u rce : h ttp ://w w w .fa c e b o o k .c o m F a c e b o o k a llo w s y o u t o s e a rc h f o r p e o p le , t h e ir f r ie n d s , c o lle a g u e s , a n d p e o p le liv in g a ro u n d th e m and o th e rs p ro fe s s io n a l in fo r m a tio n w ith w hom th e y a re a ffilia te d . In a d d itio n , y o u can a ls o s u c h as t h e ir c o m p a n y o r b u s in e s s , c u r r e n t lo c a tio n , p h o n e fin d th e ir n u m b e r, e m a i l ID , p h o t o s , v i d e o s , e t c . It a l l o w s y o u t o s e a r c h f o r p e o p l e b y u s e r n a m e o r e m a i l a d d r e s s . facebook □ Carmen f lectra Sear<* for people, pieces and tv ig i About * Anefere of *emd-wett. Carmen grew near Cmanno•. 900. and got her frtt b»M* whan a tcout for *nnce apottod her danang and e*ed her to come and audfton for Can«an wroto a book, >to»* toBeSexy'wfvtftwat pubftrfted by Random Houae. In • •יbook Carman conveyi *tat a sold t*d*r«tandng • f one• •vw •alf • »«a cora Canoe* a Mothe fe e of Me* factor ,a brand that ״a• W t J *moot 100 year! ago and • •nwedetaJy Mad to >10»1«׳aod1 *oat beeutAJ facaa. Carmen'• partner*? Me! factor V a tu rt n rv and pm M!r« FIGURE 2.7: Facebook a social networking service to search for people across the world L in k e d ln 1 J S o u rce : h ttp ://w w w .lin k e d in .c o m L i n k e d l n is a s o c i a l n e t w o r k i n g w e b s i t e f o r p r o f e s s i o n a l p e o p l e . I t a l l o w s y o u t o f i n d p e o p l e b y n a m e , k e y w o r d , c o m p a n y , s c h o o l, e tc . S e a rc h in g f o r p e o p le o n such as n a m e , d e s ig n a tio n , n a m e L in k e d ln g iv e s y o u in f o r m a t io n o f c o m p a n y , c u r r e n t lo c a tio n , a n d e d u c a tio n q u a lific a tio n s , b u t t o u s e L in k e d ln y o u n e e d t o b e r e g is t e r e d w i t h t h e s ite . T w it t e r S o u rce : h ttp ://tw itte r .c o m M o d u le 02 P a g e 127 E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s C o p y r ig h t © b y E C -C 0U n C il A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d . E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s Exam 312-50 C e r t i f i e d E t h ic a l H a c k e r F o o t p r in t in g a n d R e c o n n a is s a n c e T w itte r is a s o c ia l n e tw o rk in g s e rv ic e th a t a llo w s p e o p le to send and re a d te x t m essages ( t w e e t s ) . E v e n u n r e g is t e r e d u s e rs c a n r e a d t w e e t s o n t h is s ite . FIGURE 2.9: Twitter screenshot M o d u le 02 P a g e 128 E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s C o p y r ig h t © b y E C -C 0U n C il A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d . E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s Exam 312-50 C e r t i f i e d E t h ic a l H a c k e r F o o t p r in t in g a n d R e c o n n a is s a n c e G o o g le + S o u rce : h ttp s ://p lu s .g o o g le .c o m G o o g l e + is a s o c i a l n e t w o r k i n g s i t e t h a t a i m s t o m a k e s h a rin g o n th e w e b re a l life . Y o u c a n g ra b a lo t o f u s e fu l in f o r m a t io n a b o u t u s e rs f r o m m o r e lik e s h a r in g in th is s ite a n d u s e it t o hack t h e ir s y s te m s . FIGURE 2.10: Google+ screenshot M o d u le 02 P a g e 129 E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s C o p y r ig h t © b y E C -C 0U n C il A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d . E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s Exam 312-50 C e r t i f i e d E t h ic a l H a c k e r F o o t p r in t in g a n d R e c o n n a is s a n c e Gather Information from Financial Services CEH Copyright © by EG-G*ancil. All Rights Reserved. Reproduction Is Strictly Prohibited. (>^ G j a t h e r I n f o r m a t i o n f r o m F i n a n c i a l S e r v ic e s F in a n c ia l s e rv ic e s s u c h as G o o g le F in a n c e , Y a h o o ! F in a n c e , a n d so o n p r o v id e a lo t o f u s e fu l in fo rm a tio n such as th e m a rke t v a lu e of a c o m p a n y 's c o m p e t it o r d e ta ils , e tc . T h e in fo r m a t io n o ffe r e d v a rie s f r o m sh a re s, com pany p ro file , o n e s e r v i c e t o t h e n e x t . In o r d e r t o a v a il t h e m s e lv e s o f s e rv ic e s s u c h as e - m a il a le r t s a n d p h o n e a le rts , u s e rs n e e d t o r e g is t e r o n t h e fin a n c ia l s e rv ic e s . T h is g iv e s an o p p o rtu n ity fo r an a tta c k e r to g ra b u s e fu l in fo rm a tio n fo r h a c k in g . M any fin a n c ia l a c c o u n ts . firm s A tta c k e rs re ly can on web o b ta in access, s e n s itiv e p e rfo rm in g and p riv a te tra n s a c tio n s , in fo rm a tio n t h e f t , k e y lo g g e rs , e tc . A tta c k e r s ca n e v e n g ra b th is in f o r m a t io n a n d e x p lo it it w i t h t h e of and user u s e rs access to u s in g th e ir in fo rm a tio n b y im p le m e n tin g c y b e rc rim e s , h e lp o f n o n - v u ln e r a b le th r e a ts ( s o ftw a r e d e s ig n f la w e x a m p le ; b re a k in g a u th e n tic a tio n m e c h a n is m ). T h e fo llo w in g a re s o m e o f n o n -v u ln e ra b le th re a ts : Q S e rv ic e f lo o d in g B ru te fo rc e a tta c k S M o d u le P h is h in g 02 P a g e 130 E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s C o p y r ig h t © b y E C -C 0U n C il A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d . E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s Exam 312-50 C e r t i f i e d E t h ic a l H a c k e r F o o t p r in t in g a n d R e c o n n a is s a n c e FIGURE 2.11: Examples of financial services website for gathering information M o d u le 02 P a g e 131 E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s C o p y r ig h t © b y E C -C 0U n C il A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d . E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s Exam 312-50 C e r t i f i e d E t h ic a l H a c k e r F o o t p r in t in g a n d R e c o n n a is s a n c e Footprinting through JobSites CEH Urt1fw4 You can gather company's infrastructure details from job postings ilh iu l lUtbM L o o k fo r th e se : En:e־p3« Applicators EngincerfCBA position larorauTio■ Aboa Us־ Sanre ISfti. t * WarJ k B»c\v» Faraiy c£ ( nnpjw t h».־r h«t>rornuylmc bowmt to inlxtp’-l'adin( *slutkm in even *wt of andlwrwflft Wr04 town niciK* e Job req u irem en ts 6 Em ployee's profile A C © H ardw are in fo rm a tio n £ H | © S oftw a re in form a tion tvHikuk *vl fu rirc w rt arr>^< to th* tcol< rnvl tfthiology rijtfhWp fcffli aireeed V * o il if pmvSnj. "Smice of 1־»וז' ז.*ו>ן1* זFxrflm־r ' !0 0 W t eitaxi ths1aoe fe\el of Mrvke our aosl ■*witm* aisrt otr u iv k tu v V { otf« Tftprttr. r lastnri and benefits, but out tbrtiztli it on timJ ־iltu f We fosta• a cisual but h*d uoriar.fi mwcnrxctt. ottmizt ftn pati weafcepnfe apraantngticniwtha1 E x a m p le s o f J o b W e b s it e s 1 00 •AwnW m l <nf«|W« ׳o»* Ihiw « ׳afpW-tmon tnA-.i nri• for rorpotafr ««141 "Tm n.־l»V> hi* it nit 'nrit^l 1! יVfcrtoti'rt US. VfrtowA .’rt: 0 an4 t'nAH Vfotigag. Nfirtotoft ShatrPomt Cnrm TUm VUtou* CRM \ «׳- י| > יM il Smrt 200< m<1200S Tram FoaJatM 'fO t aid 201(1, MiniwA SC0M. ון1 י\ז»ז«מןיוrinflopwl * 4 m n and r*vn \rtw r nvk •**« '׳«־rt?rd by Ihe ־omp׳nv 1 1 ■ot K K « M r« d bldb C0N1AU IMOMMAIMI ?00B3a1r|u1n tla*g kiuwtr tlg< oCWfcxJcwt « vn 2COV2008 Actvr Oarv u•• MkanMMUjodndnctuitkaig (TCP IP vo4.DS'S *kIDHCP! Mu-.; k*r>c ; i pmciL t vMh. ju l >out|j wmU^ k n e w u f NOciuvjH SQL 2303 aul :0)8 Vkiwud י01 ( ״ז״ו#^ * lyxcai. WiumA 5>ka1rP.«t. MkicxA CRM dul NLlivmA SCOM Mint !m<c Pjdc* C• aui Pov»ct SbcB*.1Iftiikj ■.!*» ladw■( amlNctwuak fiaWu.luc l>c>t co ״. ״c'iocjcb. SQL etc xvl cr MCTS, MCSE * lu lu CdutiUa Siiaicc u Network ttn—n; or <q avd<«t « h ttp ://w w w .m on ster.com « h ttp ://w w w .ca reerb u ild er.com « h ttp ://w w w .d ice .co m * h ttp ://w w w .sim p lyh ire d .co m ^ © h ttp ://w w w .in d eed .co m 1 1 1■ » © h ttp ://w w w .u sa jo b s.g ov Copyright © by EG-GWIIICil. All Rights Reserved. Reproduction is Strictly Prohibited. F o o t p r i n t i n g A tta c k e rs can v e rs io n s , c o m p a n y 's fo o tp rin tin g v a rio u s t h r o u g h g a th e r v a lu a b le in fra s tr u c tu r e jo b s ite s J o b in fo rm a tio n d e ta ils , a n d u s in g S it e s about d a ta b a s e d iffe re n t used by th e schem a te c h n iq u e s . r e q u ir e m e n t s f o r jo b o p e n in g s , a tta c k e r s m a y b e a b le t o in fo rm a tio n , a n d te c h n o lo g ie s th e k e y e m p l o y e e s lis t w i t h t h e i r e m a il a d d r e s s e s . T h is i n f o r m a t i o n o f an s y s te m , s o ftw a re o rg a n iz a tio n , th r o u g h D e p e n d in g s tu d y th e c o m p a n y . M o s t o f th e an a tta c k e r . F o r e x a m p le , if a c o m p a n y w a n ts t o o p e ra tin g upon th e p o s te d h a rd w a re , n e tw o rk -re la te d c o m p a n y 's w e b s ite s h a v e a m a y p ro ve to b e b e n e fic ia l f o r h ire a p e rs o n f o r a N e t w o r k A d m in is t r a t io n jo b , it p o s ts t h e r e q u ir e m e n t s r e la te d t o t h a t p o s itio n . M o d u le 02 P a g e 132 E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s C o p y r ig h t © b y E C -C 0U n C il A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d . E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s Exam 312-50 C e r t i f i e d E t h ic a l H a c k e r F o o t p r in t in g a n d R e c o n n a is s a n c e Network Administrator. Active Directory C u n *. E K h in g • MD 17123M546706 42319173004 Design and vnpiemert Ik Iv k iI ukA ooi on M Mnd9K i Boca Raton. FL 33417 JofcSUhn 0 rT/S * a r e Development ,gitfgiT.te « g — > ______________ Support ♦using VWndows ncto*ng V M Directory 2003. SMS. SUS. C1»« SOL Server. SOL C M * * . Ewhange 55. Eahange 2003. VH ware. Vertas backup i04wir«. h court and M « n securty. [ » ו » ו ו י Recwery wivkm . RMO technologies. and F«re/SAN <*s* KMlorU■ E facebook • 5 or more years experience wortang n IT *nplemerAng and supportng a glottal business > Pnor npenerxt r Wppdtng a global W» dM I St r m and Doma* Infrastoxtiire י *nplementng and supportng D w lw y. C#t> Metalrame. SOL Server. SOL Ctaster. DNS. DHCP. WHS. and Etthange 2003 m an Enlerpnse ecMronmert יVny strong systems toutirsiioolng staffs יEipenenc* m provMkng 24-hour support to a global enlerpnse as part of an orvcal rotaton • Effectwe interpersonal staffs wdh fie abffffr to be persuasae • OVwr staffs Bmttng Effect*■* Teams. Acton Onerted Pttr Relaffonships, Customer Focus. Pnortr Seteng. ProWeffi SoMng, and Business Acumen ןBachelor***■* Degree or equivalent eipenence יMCSE (2003) certtcafton a plus. Cffra Certffkabon a plus FIGURE 2 .1 2 : G a th e rin g in fo r m a tio n th r o u g h Job w e b s ite s U s u a lly a tta c k e r s lo o k f o r t h e f o llo w in g in f o r m a t io n : • Job re q u ire m e n ts • E m p lo y e e 's p r o file • H a rd w a re in fo rm a tio n • S o ftw a re in fo rm a tio n E x a m p le s o f jo b w e b s ite s in c lu d e : Q h ttp / /w w w . m o n s te r.c o m Q h t t p / / w w w . c a r e e r b u ild e r.c o m S h ttp / / w w w .d ic e .c o m -C h ttp / / w w w .in d e e d .c o m Q h t t p / / w w w . u s a jo b s .g o v a M o d u le 4- ׳ 4- ׳ CD S / / w w w .s im p lv h ire d .c o m 02 P a g e 133 E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s C o p y r ig h t © b y E C -C 0U n C il A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d . E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s Exam 312-50 C e r t i f i e d E t h ic a l H a c k e r F o o t p r in t in g a n d R e c o n n a is s a n c e Monitoring Target Using Alerts E x a m p le s of A lert S e rv ic e s Alerts are the content m onitoring services th a t provide up-to-date inform ation based M “ o n i t o r i n g A le rts in fo rm a tio n a re based th e on T a r g e t s c o n te n t your U s i n g m o n ito rin g p re fe re n c e , CEH A l e r t s s e rv ic e s u s u a lly v ia th a t e m a il p ro v id e or SMS. a u to m a te d In o r d e r t o u p -to -d a te g e t a le rts , y o u n e e d t o re g is te r o n th e w e b s ite a n d y o u s h o u ld s u b m it e ith e r an e m a il o r p h o n e n u m b e r t o th e s e rv ic e . A tta c k e r s ca n g a th e r th is s e n s itiv e in fo rm a tio n fro m th e a le r t s e rv ic e s a n d u s e it f o r f u r t h e r p ro c e s s in g o f a n a tta c k . I ^ jl G o o g le A le r ts S o u rce : h ttp ://w w w .g o o g le .c o m /a le r ts G o o g le A le rts c o n te n t fro m is a c o n te n t m o n ito rin g s e rv ic e th a t a u to m a tic a lly n o tifie s u s e rs when new n e w s , w e b , b lo g s , v id e o , a n d / o r d is c u s s io n g r o u p s m a tc h e s a s e t o f s e a rc h t e r m s s e le c te d b y th e u s e r a n d s to re d b y th e G o o g le A le rts s e rv ic e . G o o g l e A l e r t s a id s in m o n i t o r i n g a d e v e l o p i n g n e w s s t o r y a n d k e e p i n g c u r r e n t o n a c o m p e t i t o r o r in d u s try . M o d u le 02 P a g e 134 E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s C o p y r ig h t © b y E C -C 0U n C il A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d . E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s Exam 312-50 C e r t i f i e d E t h ic a l H a c k e r F o o t p r in t in g a n d R e c o n n a is s a n c e C o o g i• A lert • Security N ew * G o o g l e A le rts Tkta lu ilo n i bkokad HiMyc■. 27new results •j New» Security News 1 Sinae Ra a 1a Land Dtaflli-Bteftla A jia d a la n trC iic lg S e a rch query N#vr Yoric Time* BEIRUT Lebanon — The hilling on Wednesday of President Bashat al-Assads key security aides וזיa brazen bombog attack close to Mr Assads own res«d©nce. called H»Yaft Trei into question the ability of a government that depends on an insular group of loyalists to S e c u rity N ew s S t t «! R e su lt type How often H ow many: ?ft San Jose Mercury Mews Turns out < Mas 3s easy as using a rug to scale a razor *iro topped security fence at a small Utah arpoit in the rroddie cf night slipping past security bearding an idle empty S0-passeog?r SlcyWest Airhnes )«t and rewng up the engines. He Clashed the ... Once a day ? te n t; gn thi? Only the b est re su lts BEIRUT'AMMAN (Reuters) - Mystery surrounded the whereabouts of Syr an President Basha* 31Assad cn Thursday a day after 3 oomoer killed and wounded his security cnefs and rebels closed in on the centre of Damascus vowing to *liberate" the capital. @ ya ho o c o m CREATE ALERT . K ti-StanfltASMiantramMiiajmutmaaostmi Reuters 5 1 9 ?tpnts ?»ח .h? Your email te a t r Everything > SlfM Lgflfofg InPCT Manage your alerts W al Street Journal BEIRUT—Syrian rebels pierced the innermost circle 01 President Bashar a -Asssds regime wKh a bomb blast that kiled thiee riigh-lewl officials and raised questions about the aMity of the courftry's security forces to sustain the embattled government Syne w ii stmt a —< FIGURE 2.13: Google Alert services screenshot Yahoo! A le rts is a v a ila b le at h ttp ://a le rts .y a h o o .c o m and G ig a A le rt is a v a ila b le at h t t p : / / w w w . g ig a a le r t . c o m : th e s e a re t w o m o r e e x a m p le s o f a le r t s e rv ic e s . M o d u le 02 P a g e 135 E t h i c a l H a c k i n g a n d C o u n t e r m e a s u r e s C o p y r i g h t © b y E C - C O lM C il A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d . E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s Exam 312-50 C e r t i f i e d E t h ic a l H a c k e r F o o t p r in t in g a n d R e c o n n a is s a n c e Footprinting Methodology CEH Footprinting through Search Engines WHOIS Footprinting Website Footprinting DNS Footprinting Email Footprinting Network Footprinting Competitive Intelligence Footprinting through Social Engineering Footprinting using Google Footprinting through Social Networking Sites Copyright © by EG-G(IIIICil. All Rights Reserved. Reproduction is Strictly Prohibited. F o o t p r i n t i n g M e t h o d o l o g y So fa r, w e h a v e d is c u s s e d t h e fir s t s te p o f f o o t p r in t in g v ia s e a rc h e n g in e s . Now we w ill d is c u s s w e b s it e fo o tp rin tin g . fir s t p la c e w h e r e y o u ca n g e t s e n s itiv e in f o r m a t io n p e r s o n s in t h e c o m p a n y , u p c o m i n g fo o tp rin tin g c o n c e p t, m irro rin g m e t h o d o l o g y , i.e ., f o o t p r i n t i n g An o r g a n iz a tio n 's w e b s ite is a s u c h as n a m e s a n d c o n ta c t d e ta ils o f c h ie f p r o je c t d e ta ils , a n d so o n . T h is s e c tio n c o v e rs t h e w e b s it e w e b s ite s , th e to o ls used fo r m irro rin g , and m o n ito r in g w eb u p d a te s . M o d u le 02 P a g e 136 E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s C o p y r ig h t © b y E C -C 0U n C il A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d . E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s Exam 312-50 C e r t i f i e d E t h ic a l H a c k e r F o o t p r in t in g a n d R e c o n n a is s a n c e CEH W e b s ite F o o t p r in t in g Information obtained from target's website enables an attacker to build a detailed map of website's structure and architecture Browsing the target website may provide: - Software used and its version t Operating system used t: Sub-directories and parameters t Filename, path, database field name, or query - Scripting platform Contact details and CM S details Use Zaproxy, Burp Suite, Firebug, etc. to view headers that provide: w Connection status and content-type ~ Accept-Ranges - Last-Modified information t; X-Powered-By information Web server in use and its version W e b s i t e I t is F o o t p r i n t i n g p o s s ib le fo r an a tta c k e r to b u ild a d e ta ile d m ap o f a w e b s ite 's s tru c tu re and a r c h i t e c t u r e w i t h o u t ID S b e i n g t r i g g e r e d o r w i t h o u t r a i s i n g a n y s y s a d m i n s u s p i c i o n s . It c a n b e a c c o m p lis h e d e i t h e r w i t h t h e h e lp o f s o p h is t ic a t e d f o o t p r i n t i n g t o o ls o r j u s t w i t h t h e b a s ic t o o ls t h a t c o m e a lo n g w it h th e o p e r a tin g s y s te m , s u c h as t e ln e t a n d a b r o w s e r . U s i n g t h e N e t c r a f t t o o l y o u c a n g a t h e r w e b s i t e i n f o r m a t i o n s u c h a s IP a d d r e s s , r e g i s t e r e d n a m e a n d a d d re s s o f th e d o m a in o w n e r, d o m a in m ay not g iv e a ll th e s e d e ta ils fo r e ve ry n a m e , h o s t o f t h e s ite , O S d e ta ils , e tc . B u t t h is t o o l s ite . In such cases, you s h o u ld b ro w se th e ta rg e t w e b s ite . B ro w s in g th e ta r g e t w e b s ite w ill p ro v id e y o u w ith th e fo llo w in g in fo r m a tio n : Q S o ftw a re used and its v e r s i o n : Y o u can fin d n o t o n ly th e s o ftw a re in u s e b u t a ls o t h e v e rs io n e a s ily o n t h e o f f - t h e - s h e lf s o f t w a r e - b a s e d w e b s ite . Q O p e r a t in g s y s t e m u s e d : U s u a lly t h e o p e r a t in g s y s t e m c a n a ls o b e d e t e r m i n e d . 9 S u b -d ire c to rie s a n d p a ra m e te rs : Y ou can re v e a l th e s u b -d ire c to rie s a n d p a ra m e te rs by m a k i n g a n o t e o f a ll t h e U R L s w h i l e b r o w s i n g t h e t a r g e t w e b s i t e . M o d u le 02 P a g e 137 E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s C o p y r ig h t © b y E C -C 0U n C il A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d . E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s Exam 312-50 C e r t i f i e d E t h ic a l H a c k e r F o o t p r in t in g a n d R e c o n n a is s a n c e F ile n a m e , p a th , d a ta b a s e fie ld nam e, or q u e ry : You s h o u ld a n a ly z e a n y th in g a fte r a q u e r y t h a t lo o k s lik e a f i le n a m e , p a t h , d a t a b a s e f ie ld n a m e , o r q u e r y c a r e f u lly t o c h e c k w h e t h e r it o ffe rs o p p o r t u n it ie s f o r SQ L in je c tio n . -י S c rip tin g p la tfo rm : W ith th e h e lp o f th e s c rip t file n a m e e x te n s io n s su ch as .p h p , .a s p , . j s p , e t c . y o u c a n e a s i l y d e t e r m i n e t h e s c r i p t i n g p l a t f o r m t h a t t h e t a r g e t w e b s i t e is u s i n g . S C o n ta c t d e ta ils a n d C M S d e ta ils : T h e c o n ta c t p a g e s u s u a lly o f f e r d e ta ils s u c h as n a m e s , phone n u m b e rs , e m a il a d d re s s e s , a n d use th e s e d e ta ils t o p e r fo r m C M S s o ft w a r e a llo w s lo c a tio n s o f a d m in or su p p o rt p e o p le . Y ou can a s o c ia l e n g in e e r in g a tta c k . U R L r e w r i t i n g in o r d e r t o d is g u is e t h e s c rip t file n a m e e x te n s io n s . In t h i s c a s e , y o u n e e d t o p u t l i t t l e m o r e e f f o r t t o d e t e r m i n e t h e s c r i p t i n g p l a t f o r m . U s e P a ro s P ro x y , B u r p S u ite , F ire b u g , e tc . t o v i e w h e a d e r s t h a t p r o v id e : Q C o n n e c tio n s ta tu s a n d c o n te n t-ty p e Q A c c e p t-ra n g e s © L a s t-M o d ifie d in fo r m a tio n Q X -P o w e re d -B y in fo rm a tio n © W e b s e r v e r in u s e a n d its v e r s i o n S o u rce : h ttp ://p o r ts w ig g e r .n e t T h e f o l l o w i n g is a s c r e e n s h o t o f B u r p S u i t e s h o w i n g h e a d e r s o f p a c k e t s i n t h e i n f o r m a t i o n p a n e : FIGURE 2.14: Burp Suite show ing headers o f packets in th e in fo rm a tio n pane M o d u le 02 P a g e 138 E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s C o p y r ig h t © b y E C -C 0U n C il A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d . E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s Exam 312-50 C e r t i f i e d E t h ic a l H a c k e r F o o t p r in t in g a n d R e c o n n a is s a n c e W e b s it e F o o t p r i n t i n g CEH Urt1fw4 ( C o n t ’d ) Examining HTML source provides: ilh iu l lUtbM Examining cookies may provide: © Comments in the source code 6 Software in use and its behavior 9 Contact details of web developer or admin © Scripting platforms used © File system structure 9 Script type Copyright © by EG-G(IIIICil. All Rights Reserved. Reproduction is Strictly Prohibited. W e b s i t e F o o t p r i n t i n g ( C o n t ’ d ) E x a m in e t h e H T M L s o u rc e c o d e . F o llo w t h e c o m m e n t s t h a t a re e it h e r c r e a te d b y t h e C M S s y s te m o r in s e rte d w h a t 's r u n n i n g in t h e m a n u a lly . T h e s e c o m m e n t s m a y p r o v id e c lu e s t o h e lp y o u u n d e r s t a n d b a c k g r o u n d . T h is m a y e v e n p r o v id e c o n t a c t d e ta ils o f t h e w e b a d m in o r d e v e lo p e r. O b s e r v e a ll t h e to reve a l th e li n k s a n d i m a g e t a g s , in o r d e r t o m a p t h e f i l e s y s t e m s t r u c t u r e . T h is a l l o w s y o u e x is te n c e o f h id d e n d ir e c t o r ie s a n d file s . E n te r f a k e d a t a to d e te rm in e h o w th e s c rip t w o rk s . M o d u le 02 P a g e 139 E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s C o p y r ig h t © b y E C -C 0U n C il A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d . E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s Exam 312-50 C e r t i f i e d E t h ic a l H a c k e r F o o t p r in t in g a n d R e c o n n a is s a n c e T 1 1 1 V e w « j u < e w w w j n <rc•. C ft T H ץ © view sourivwww.microsoft.com en-us/defaultaspx f t \ A I 21< ' DOCTYPC hriwi PUBLIC • —/ /W3C//DTD XHTML 1*0 Trtnsicififltl//CNa s < h t m l d i r " ־l t r " l a n g “ ״e n • x m l : l a r . g “ * e r.■ x m l n s “ ״h t t p : / / w w w . w 3 . o r g / 1 9 9 9 / x h t m l • x m l n s : b ~ ' u r n : s c h e m a s - m c r o s o f t - c o m : m s c o m : b *> « < h e a d x t tle > M i c r o s o f t C o r p o r a t i o n : S o f t w a r e , S m a r t p h o n e s , O n l i n e , S a x e s , C lo u d C o m p u tin g , IT B u s i n e s s T e c h n o lo g y , D o w n lo a d s 0 < / t l t l e x m e t a h t t p - e q u i v 'X - U A - C o s p a t l b l e ■ c o n t e n t • “ I E - 1 0 * / x m e t a h t t p e q u v ” "C n t e n t - T y p e ” c o n t e n t ~ * t e x t / h t m l : c ! i a r s e t “ u t f - 8 " / x m e t a h t t p e q ״v * " X -U A -IE 9 -T e x tL a y c u tM e trie s * c o n t e n t« " s n a p - v e r t c a l " /> ־o e n p t ty p e " ״t e x t ^ a v a s c n p t - > v a r Q o s I n i t T i m e ■ < new D a t e ( ) ) • g e t T i m e ( ) ; 9 v a r Q o s L o a d T im * • • ; י v a r Q o s P a g e U n • e n c o d e U R I ( w in d o w , l o c a t i o n ) ; v a r Q o sB a se S rc • w in d o w .l o c a t io n .p r o to c o l ♦ י/ / e . 1 E i c r o צo f t . c o m / t r a n ^ _ p l x e l . a 3 p x ? r o u t e * 6 4 D E ^ c t r l - 9 C 5 A 4 t z • י+ ( (n e w D a t e ( ) ) . g e t T i m e z o n e O f f s e t () / 6 0 ) ♦ • t c o t - S t q o s . u n ■ • ♦ Q o s P a g e tJ r i; d o c u m e n t.w rite ( " c lin k r e l ” " 3 ty le s h e e t■ ty p e “ ״t e x t / c s s • h r e f • " ' ♦ Q o s S u ild U rl( • l n i t ‘ ) ♦ • " / > ') ; f u n c t i o n Q o s B u ild U n (n ) ( 14 v a r t i m e » (n e w D a t e ( ) ) . g e t T u s e ( ) ; v a r c d - w in d o w .c o o k ie D is a b le d ; i f (ty p e o f cd “ * u n d e f in e d * ) cd • 1 ; / / D e f a u lt t o 1 (c o o k ie s d is a b le d ) i f th e w ed cs s c r i p t h a s not se t i t yet r e t u r n Q o sB a se S rc ♦ * t e d • ' • c d ♦ • t q o s . t i ■ ' ♦ Q o s I n itT m e ♦ • 4 t s ■ ' ♦ t i m e + , * q o s . t l “ • ♦ Q o s L o a d T lm e ♦ • i q o s . n • 1 ♦ n ; 1 1 1 1 1 1 0 1 t»l } v FIGURE 2 .1 5 : S c re e n s h o t s h o w in g M ic ro s o ft s c rip t w o rk s E x a m in e c o o k ie s s e t b y t h e s e r v e r t o d e t e r m i n e t h e s o f t w a r e r u n n i n g a n d its b e h a v i o r . Y o u c a n a ls o i d e n t i f y t h e s c r i p t in p l a t f o r m s b y o b s e r v i n g s e s s io n s a n d o t h e r s u p p o r t i n g c o o k i e s . X Cook** ar*d site data Sit• Remove •fl Locally stored data Od«yM<u(1(y.(0<n 3 (oobn 100bcttbuy.com 2 coobes Search cookies A N«me _utmx Content. 192B742S2.1342a46«22.1.1 utmcs ״lOOmoney ״n|utmccn־ (r«fen*l>futmcmd=refen*ljutmcct' ־lendmg/moneydeel• Domim >««■»*> .100bestbuy.com P«th / Send for Aity bnd of connection Accrv.4>teto script Yes Created Monday. Juty 16. 2012 &S3^1 AM bp*•*: Mondey. Jjnu.ry U. 2013 *5341 PM y Remove www.tOObestbuy.com 1cookie www.100nests.com 1 cook* 125rf.com }co«bet www.t23d.com 2 cootaes. Local storage v OK FIGURE 2 .1 6 : S h o w in g d e ta ils a b o u t th e s o ftw a re ru n n in g in a s y s te m b y e x a m in in g c o o kie s M o d u le 02 P a g e 140 E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s C o p y r ig h t © b y E C -C 0U n C il A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d . E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s Exam 312-50 C e r t i f i e d E t h ic a l H a c k e r F o o t p r in t in g a n d R e c o n n a is s a n c e M i r r o r i n g E n t ir e W e b s ite J Mirroring an entire website onto the local system enables an attacker to dissect and identify vulnerabilities; it also assists in finding directory structure and other valuable information without multiple requests to web server J Web mirroring tools allow you to download a website to a local directory, building recursively all directories, HTML, images, flash, videos, and other files from the server to your computer O rig in a l W e b site CEH M irro re d W e b s ite Copyright © by EG-G(IIIICil. All Rights Reserved. Reproduction is Strictly Prohibited. 1־ ך M i r r o r i n g W e b s ite T h is c a n a n m irro rin g be d o n e w ith th e E n t i r e is t h e h e lp W e b s i t e p ro c e s s o f c r e a tin g a n e x a c t re p lic a of web o f th e o rig in a l w e b s ite . m ir r o r in g to o ls . T h e s e to o ls a llo w y o u to d o w n lo a d a w e b s i t e t o a lo c a l d i r e c t o r y , r e c u r s i v e l y b u i l d i n g a ll d i r e c t o r i e s , H T M L , i m a g e s , f l a s h , v i d e o s a n d o t h e r file s f r o m th e s e rv e r to y o u r c o m p u te r. W e b s ite m ir r o r in g has th e f o llo w in g b e n e fits : Q I t is h e l p f u l f o r o f f l i n e s i t e b r o w s i n g . W e b s i t e m i r r o r i n g h e lp s in c r e a t i n g a b a c k u p s it e f o r t h e o r i g i n a l o n e . Q A w e b s ite c lo n e c a n b e c re a te d . Q W e b s ite m irro rin g is u s e fu l to te s t th e s ite at th e tim e of w e b s ite d e s ig n and d e v e lo p m e n t. Q M o d u le I t is p o s s i b l e t o d i s t r i b u t e t o m u l t i p l e s e r v e r s i n s t e a d o f u s i n g o n l y o n e s e r v e r . 02 P a g e 141 E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s C o p y r ig h t © b y E C -C 0U n C il A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d . E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s Exam 312-50 C e r t i f i e d E t h ic a l H a c k e r F o o t p r in t in g a n d R e c o n n a is s a n c e O rig in a l W e b s ite M irro re d W e b s ite FIGURE 2.17: JuggyBoy's O riginal and M irro re d w e b site M o d u le 02 P a g e 142 E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s C o p y r ig h t © b y E C -C 0U n C il A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d . E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s Exam 312-50 C e r t i f i e d E t h ic a l H a c k e r F o o t p r in t in g a n d R e c o n n a is s a n c e W e b s i t e M i r r o r i n g T o o ls W e b s i t e M i r r o r i n g H T T r a c k © CEH T o o ls W e b S ite C o p ie r S o u rce : h ttp ://w w w .h ttr a c k .c o m H T T r a c k is a n o f f l i n e b r o w s e r u t i l i t y . I t a l l o w s y o u t o d o w n l o a d a W o r l d W i d e W e b s i t e f r o m t h e In te rn e t to a lo c a l o t h e r file s f r o m d ire c to ry , b u ild in g re c u rs iv e ly a ll d ire c to rie s , g e ttin g HTM L, im a g e s , t h e s e rv e r t o y o u r c o m p u t e r . H T T ra c k a rra n g e s t h e o rig in a l s ite 's r e la t iv e lin k - s t r u c t u r e . O p e n a p a g e o f t h e " m i r r o r e d " w e b s i t e in y o u r b r o w s e r , b r o w s e t h e s i t e f r o m lin k , and you and can v ie w th e s ite as if y o u w e re o n lin e . H T T ra ck can a ls o u p d a te an lin k t o e x is tin g m i r r o r e d s ite , a n d r e s u m e in t e r r u p t e d d o w n lo a d s . M o d u le 02 P a g e 143 E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s C o p y r ig h t © b y E C -C 0U n C il A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d . E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s 312-50 C e r t i f i e d Exam E t h ic a l H a c k e r F o o t p r in t in g a n d R e c o n n a is s a n c e י פ ד Site mirroring in pfogress (2/2.10165 bytes) - [FR.wt1tt] File Preference״. Mirrcx Log W indow Help Sjy lo<«^ Mi s i. N » Wormetion 8) i. p I Bi ByletM ved Tim• Tmnrfer rat• ■ Act** com ectcr* 992*6 221 Im fcsK jn rv d 2/2 ו » / > י5»9&/«( 2 Fte»cpd*ed 0 0 W (Action• "WBtwirconi " cont4»w«con <© FIGURE 2.18: HTTrack Web Site Copier Screenshot S u r f O f flin e S o u rce : h ttp ://w w w .s u r fo fflin e .c o m S u rfO fflin e w e b s ite s is and a w e b s ite d o w n lo a d d o w n lo a d w e b pages s o ftw a re . to your lo c a l The s o ftw a re h a rd d riv e . a llo w s A fte r you to d o w n lo a d e n tire d o w n lo a d in g th e ta rg e t w e b s i t e , y o u c a n u s e S u r f O f f l i n e a s a n o f f l i n e b r o w s e r a n d v i e w d o w n l o a d e d w e b p a g e s in it. If y o u p r e f e r t o v i e w d o w n l o a d e d w e b p a g e s in a n o t h e r b r o w s e r , y o u c a n u s e t h e E x p o r t W i z a r d . S u r f O f f l i n e ' s E x p o r t W i z a r d a ls o a l l o w s y o u t o c o p y d o w n l o a d e d w e b s i t e s t o o t h e r c o m p u t e r s in o rd e r to v ie w th e m la te r a n d p re p a re s w e b s ite s f o r b u rn in g t h e m t o a CD o r D V D . J SurfOffline Professional 2.1 Unregistered trial version. You have 30 day(s) left F.4e View iL Projects £) 8rowver Zi I ** 1 ° 1 x HHp O Hi> O ^ $ O Q j j O Promts <5 New Project JuggyboyQ uestion the Rules + 1m 1: http:.'׳/www-juggyb... P fo y w i Set Sutus Connecting Loaded b y t« 0 0 2: http7/www^u9gyb— 0 0 Conra tin g J: http--//www.;1>ggyb... 0 0 Connecting * http,/ / www /uggyfe.. 0 0 0 0 Connecting Connecting S: http://wwwjuggyb . ■ + _______________________S>m.«g 0 10*6*4 11 Queued S1 v (1 <tem(*) rem*rfMng) Downloading p*ctu»ehttp־.//ww J 1 FIGURE 2.19: SurfOffline screenshot B la c k W id o w S o u rce : h ttp ://s o ftb v te la b s .c o m M o d u le 02 P a g e 144 E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s C o p y r ig h t © b y E C -C 0U n C il A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d . E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s Exam 312-50 C e r t i f i e d E t h ic a l H a c k e r F o o t p r in t in g a n d R e c o n n a is s a n c e B la c k W id o w is a w e b s i t e s c a n n e r f o r b o t h e x p e r t s a n d b e g i n n e r s . It s c a n s w e b s i t e s ( it's a s ite r i p p e r ) . It c a n d o w n l o a d a n e n t i r e w e b s i t e o r p a r t o f a w e b s i t e . It w i l l b u i l d a s it e s t r u c t u r e f ir s t , a n d t h e n d o w n l o a d s . It a llo w s y o u t o c h o o s e w h a t t o d o w n l o a d f r o m M o d u le 02 P a g e 145 th e w e b s ite . E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s C o p y r ig h t © b y E C -C 0U n C il A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d . E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s 312-50 C e r t i f i e d Exam E t h ic a l H a c k e r F o o t p r in t in g a n d R e c o n n a is s a n c e X 1 M a o w A C o t p o r j B o n S c f t m n . V i w l c t o n n O r t n r G m v Clau d C a n c u in a It l u v n r t i T « t t n o io v r O om H o^t l« W M » ^ »■ — [()»■ 0|V»» ' f j l « « t n g liw 1* • m 2J***'״ ״ י S ’**■ U h jh W e lc o m e t o M ic ro s o ft * o* u cta 00 » « e *d 1 S*o^ » Support •wy FIGURE 2.20: SurfOffline screenshot W e b r ip p e r S o u rce : h ttp ://w w w .c a llu n a - s o ftw a r e .c o m W e b R i p p e r is a n In te rn e t sca n n e r and d o w n lo a d e r. v id e o s , a u d io , a n d e x e c u ta b le d o c u m e n ts f r o m t o f o l l o w t h e lin k s in a ll d i r e c t i o n s f r o m It d o w n l o a d s m a s s iv e a m o u n t o f im a g e s , a n y w e b s ite . W e b R ip p e r uses s p id e r - te c h n o lo g y t h e s ta r t- a d d r e s s . It filte r s o u t t h e in t e r e s t in g file s , a n d a d d s th e m to th e d o w n lo a d - q u e u e fo r d o w n lo a d in g . Y o u c a n r e s tr ic t d o w n lo a d e d ite m s b y file ty p e , m in im u m file , m a x i m u m file , a n d im a g e s iz e . A ll t h e d o w n lo a d e d lin k s c a n a ls o b e r e s t r ic t e d b y k e y w o r d s t o a v o id w a s t in g y o u r b a n d w i d t h . Wrt>R»ppef 0 3 - Copyright (0 200S-2009 - StmsonSoft Ne M> T00H *dp □ H■!►Ixl ^|%| ® F<xsy3Mm 0S am sonS oft fiwemgW•• SucceeAiMee fM ta Seemed page• Sutfcv* Selected!ot ^ T a rg e te d [w w w !u q q y b o y c o m )634782117892930200 Oowteed* | Sodtn| St«je Rcojetfng header ReojeCng header f'egjeang herter Reaietfrg header Kcojetfng header | Log \ ז מ ג צי “Cp W • car, * p e tix T c tr 5ng ■Cp 1 ״wti p jy o y cot n. conrw. מ י מ יf mp WwfjgyK-y comvjxwwonShewe* e. tip /»w« pgsftcy car. ltd rflp/Afww^jggytoy camHe* artarxatrtage*. W e b R ip p e r Th e ultim ate tool fo r wehsite ripping 001W Mai 0 12KES FIGURE 2.21: Webripper screenshot M o d u le 02 P a g e 146 E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s C o p y r ig h t © b y E C -C 0U n C il A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d . E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s Exam 312-50 C e r t i f i e d E t h ic a l H a c k e r F o o t p r in t in g a n d R e c o n n a is s a n c e W e b s i t e M i r r o r i n g T o o ls (E H ( C o n t ’d ) Website Ripper Copier o PageNest ן http://www.tensons.com http://www.pagenest.com Teleport Pro Backstreet Browser http://www.tenmax.com http://www.spadixbd.com Portable Offline Browser Urt.fi•* | ttk.ul Mm Im ,__ Offline Explorer Enterprise http://www.metaproducts.com http://www.metaproducts.com Proxy Offline Browser GNU Wget http://www.proxy-offline-browser.com http://www.gnu.org iMiser http://internetresearchtool.com « Hooeey Webprint I 2־A Z J http://www.hooeeywebprint.com Copyright © by EG-G*ancil. All Rights Reserved. Reproduction is Strictly Prohibited. W In e b s i t e a d d itio n M to i r r o r i n g th e w e b s ite T o o l s m irro rin g ( C to o ls o n t ’ d ) m e n tio n e d p re v io u s ly , a fe w m o re w e ll- k n o w n to o ls a re m e n tio n e d as fo llo w s : 9 W e b is te R ip p e r C o p ie r a v a ila b le a t h t t p : / / w w w . t e n s o n s . c o m £ T e le p o r t P ro a v a ila b le a t h t t p : / / w w w . t e n m a x . c o m © P o rta b le O fflin e B r o w s e r a v a ila b le a t h t t p : / / w w w . m e t a p r o d u c t s . c o m Q P ro x y O fflin e B r o w s e r a v a ila b le a t h t t p : / / w w w . p r o x y - o f f lin e - b r o w s e r . c o m Q iM is e r a v a ila b le a t h t t p :/ / in t e r n e t r e s e a r c h t o o l.c o m © P a g e N e s t a v a ila b le a t h t t p : / / w w w . p a g e n e s t . c o m 0 B a c k s tre e t B r o w s e r a v a ila b le a t h t t p : / / w w w . s p a d ix b d . c o m © O fflin e E x p lo re r E n te rp ris e a v a ila b le a t h t t p : / / w w w . m e t a p r o d u c t s . c o m 9 G N U W g e t a v a ila b le a t h t t p : / / w w w . g n u . o r g H o o e e y W e b p r in t a v a ila b le a t h t t p : / / w w w . h o o e e y w e b p r in t . c o m M o d u le 02 P a g e 147 E t h i c a l H a c k i n g a n d C o u n t e r m e a s u r e s C o p y r i g h t © b y E C - C O U I I C il A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d . E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s Exam 312-50 C e r t i f i e d E t h ic a l H a c k e r F o o t p r in t in g a n d R e c o n n a is s a n c e Copyright © by EG-G(IIIICil. All Rights Reserved. Reproduction is Strictly Prohibited. E I ---------------A rc h iv e E x t r a c t h t t p :7 / w W w e b s i t e w I n f o r m a t i o n f r o m . a r c h i v e . o r g is a n I n t e r n e t A r c h i v e W a y b a c k M a c h i n e t h a t a l l o w s y o u t o v i s i t a r c h i v e d v e r s i o n s o f w e b s ite s . T h is a llo w s y o u t o g a t h e r in f o r m a t io n o n a c o m p a n y 's w e b p a g e s s in c e t h e ir c r e a tio n . As th e w e b s ite w w w .a r c h iv e .o r g ke e p s tra c k o f w e b p ages fr o m th e tim e o f th e ir in c e p tio n , y o u can re trie v e e v e n in fo rm a tio n th a t has b e e n re m o v e d fr o m th e ta r g e t w e b s ite . M o d u le 02 P a g e 148 E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s C o p y r ig h t © b y E C -C 0U n C il A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d . E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s Exam 312-50 C e r t i f i e d E t h ic a l H a c k e r F o o t p r in t in g a n d R e c o n n a is s a n c e ~ \~כ »־־wayback.arch1vc.org'.)C !' ' וו ii ־: rosottxon !■י יhttp://microsoft.com \ J!" * G o W a y to a c k l 1».h t 3 7 8 9 1• 14 15 13 14 15 16 17 131415־517 18 10 11 12 13 19 J0j21 22 20 21 22 23 24 20 212223 24 25 17 18 19 20 21 22 23 23 24 25 26 ׳7 28 29 27 28 2758293• 24 23 26 27‘ 28 29 30 9 10 11 16 17 18 12 13 30 31 1 23 • 9 1 0 )1 1 ft 7 9 10 11 12 14 15 16 MAY 45 6 7 12 13 14 5 < 10 11 12 13 14 15 16 17 18 10 19 20 21 ?2 2) )4 25 17 26 27 28 29 3« 24 15 16 17 18 19 20 21 22 23 24 26 26 27 28 29 30 31 ft 7 8 101112 11 12 13 U 15 16 14 15 16 171919 1• 1® 20 21 22 23 31 22 23 24252» 75 26 27 2• 29 30 ?8 29 30 31 FIGURE 2 .2 2 : In te r n e t A rc h iv e W a y b a c k M a c h in e s c re e n s h o t M o d u le 02 P a g e 149 E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s C o p y r ig h t © b y E C -C 0U n C il A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d . E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s Exam 312-50 C e r t i f i e d E t h ic a l H a c k e r F o o t p r in t in g a n d R e c o n n a is s a n c e MonitoringWebUpdates Using WebsiteWatcher W ebsite W atcher auto m a tica lly checks w eb pages fo r updates and changes 1 [ * WebSite-Watcher 2012(112) goot/narks £h«ck Took Jcnpt Qptioni y*ew fcjelp a| .cockmartcwsw. 28 days available Byy Now ם j ♦l₪l^ rs change SignIn http:Vww1At.hotmail.com fAcrosoft Corpotatioru Software ... http://www.rn!uoicft com 2012-07-18 1&2&22 —WebS«»e-Watch«f - Download http-7/www a^necom'dovmlea 200®-10-07 15515-27 WebSrte-Watcher - Support Forum http:/»'׳vww.a gne .com'fo»v»n'1 - 20CS-10-C7 15744:4s 11 Statu* Warning: wtiole content _ CK. mibafccril Redirection OK CK.php882 Plugin ptoCm. 1 e. Slay In W e b S ite - W a tc h e H chpp rpjjuw Scfp^rwhot*; Last check 15:1-4 2012-07-18 16:2*33 2008-10-07 15:4*30 2008-10-07 15:44:49 VWo< Cown<o.*d'. Buy Now Siionoft Download W rbSite-W alctwr WnbSlte• Wrtt< h r r 4 .4? I D o w lo ai | (4.3 *6) 21-hit• 00•ג |w > rrf | ( o MB) 1 Sy«»׳n: MTintx/MaftfTA/2000/200VXP/Vteta V»fc an Hrnlcyy I Ifr«J insta■•««»*׳or. do ne< unanslal your •Jutfioflcopy o WebS**-W*tch«r -)״St install0 Page T«t Analyse h ttp : //a ig n e s .c o m Copyright © by EG-Gllincil. All Rights Reserved. Reproduction is Strictly Prohibited. M o n i t o r i n g W e b U p d a t e s U s i n g W e b s i t e W a t c h e r S o u rce : h ttp ://w w w .a ig n e s .c o m W e b s i t e W a t c h e r is u s e d t o an u p d a te or change k e e p tr a c k o f w e b s ite s f o r u p d a te s a n d a u to m a tic c h a n g e s . W h e n o cc u rs , W e b s ite W a tc h e r a u to m a tic a lly d e te c ts and saves th e la s t t w o v e r s i o n s o n t o y o u r d i s k , a n d h i g h l i g h t s c h a n g e s i n t h e t e x t . I t is a u s e f u l t o o l f o r m o n i t o r i n g s i t e s t o g a in c o m p e t i t i v e a d v a n t a g e . B e n e fits : F re q u e n t m anual c h e c k in g of u p d a te s is not re q u ire d . W e b s ite W a tc h e r can a u to m a tic a lly d e te c t a n d n o tify u s e rs o f u p d a te s : Q It a llo w s y o u t o know w h a t y o u r c o m p e tito r s a re d o in g b y s c a n n in g y o u r c o m p e t it o r s ׳ w e b s ite s © T h e s ite ca n k e e p tr a c k o f n e w s o f t w a r e v e rs io n s o r d r iv e r u p d a te s © It s t o r e s im a g e s o f t h e m o d i f i e d w e b s i t e s t o a d is k M o d u le 02 P a g e 150 E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s C o p y r ig h t © b y E C -C 0U n C il A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d . E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s Exam 312-50 C e r t i f i e d E t h ic a l H a c k e r F o o t p r in t in g a n d R e c o n n a is s a n c e FIGURE 2.23: W e b site w a tch e r m o n ito rin g w e b updates M o d u le 02 P a g e 151 E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s C o p y r ig h t © b y E C -C 0U n C il A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d . E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s Exam 312-50 C e r t i f i e d E t h ic a l H a c k e r F o o t p r in t in g a n d R e c o n n a is s a n c e Footprinting Methodology Footprinting through Search Engines WHOIS Footprinting Website Footprinting DNS Footprinting Email Footprinting Network Footprinting Competitive Intelligence Footprinting through Social Engineering Footprinting using Google Footprinting through Social Networking Sites CEH Copyright © by EG-G(IIIICil. All Rights Reserved. Reproduction is Strictly Prohibited. F o o t p r i n t i n g M e t h o d o l o g y So f a r w e h a v e d is c u s s e d F o o t p r in tin g t h r o u g h s e a rc h e n g in e s a n d w e b s it e f o o t p r in t in g , t h e t w o in itia l p h a s e s o f f o o t p r i n t i n g m e t h o d o l o g y . N o w w e w ill d is c u s s e m a i l f o o t p r i n t i n g . WHOIS Footprinting DNS Footprinting Network Footprinting Footprinting th ro u g h Social Engineering Footprinting th ro u g h Social Networking Sites T h is s e c tio n d e s c rib e s how to tra c k e m a il c o m m u n ic a tio n s , how to c o lle c t in fo r m a tio n fro m e m a il h e a d e rs , a n d e m a il tr a c k in g to o ls . M o d u le 02 P a g e 152 E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s C o p y r ig h t © b y E C -C 0U n C il A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d . E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s Exam 312-50 C e r t i f i e d E t h ic a l H a c k e r F o o t p r in t in g a n d R e c o n n a is s a n c e Tracking Email Communications c Eh \ tm (•ttifwtf 1 lt»K4l IlM J J Attacker tracks email to gather info rm a tio n ab o ut the physical location o f an in d ivid u a l to perform social engineering th a t in tu rn may help in m apping ta rg e t organization's n e tw o rk Email tracking is a m ethod to m o n ito r and spy on th e delivered em ails to the intended recipient When the email was received and read GPS location and map of the recipient Set messages to expire after a specified time Track PDF and other types of attachments Time spent on reading the emails Whether or not the recipient it visited any links sent to them Copyright © by EG-G(IIIICil. All Rights Reserved. Reproduction is Strictly Prohibited. T r a c k i n g E m a i l C o m m u n i c a t i o n s E m a i l t r a c k i n g is a m e t h o d t h a t h e l p s y o u t o m o n i t o r a s w e l l a s t o t r a c k t h e e m a i l s o f a p a r t i c u l a r u s e r . T h i s k i n d o f t r a c k i n g is p o s s i b l e t h r o u g h d i g i t a l l y t i m e s t a m p e d r e c o r d s t o r e v e a l th e tim e and d a te a p a rtic u la r e m a il was re c e iv e d or opened by th e ta rg e t. A lo t o f e m a il t r a c k i n g t o o l s a r e r e a d i l y a v a i l a b l e in t h e m a r k e t , u s i n g w h i c h y o u c a n c o l l e c t i n f o r m a t i o n s u c h a s IP a d d r e s s e s , m a i l s e r v e r s , a n d s e r v i c e p r o v i d e r f r o m use th is in fo rm a tio n to b u ild th e h a c k in g s tra te g y . w h ic h th e m a il w a s s e n t. A tta c k e rs can E x a m p le s o f e m a il tra c k in g to o ls in c lu d e : e M a ilT r a c k e r P r o a n d P a ra b e n E -m a il E x a m in e r. B y u s in g e m a il t r a c k in g t o o ls y o u c a n g a t h e r t h e f o llo w in g in f o r m a t io n a b o u t t h e v ic tim : Geolocation: E s tim a te s a n d d is p la y s t h e lo c a tio n o f th e re c ip ie n t o n th e m ap and m ay e v e n c a lc u la te d is ta n c e f r o m y o u r lo c a tio n . ׳- Read duration: T h e d u ra tio n o f tim e s p e n t b y th e re c ip ie n t o n re a d in g th e m a il s e n t b y th e se n d er. ׳- Proxy detection: Q Links: P ro v id e s in f o r m a t io n a b o u t t h e t y p e o f s e rv e r u s e d b y t h e r e c ip ie n t. A llo w s y o u to check w h e th e r th e lin k s s e n t t o t h e re c ip ie n t th ro u g h e m a il h a ve b e e n c h e c k e d o r n o t. M o d u le 02 P a g e 153 E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s C o p y r ig h t © b y E C -C 0U n C il A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d . E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s Exam 312-50 C e r t i f i e d E t h ic a l H a c k e r F o o t p r in t in g a n d R e c o n n a is s a n c e ' ' Operating system: th e re c ip ie n t. The T h is r e v e a ls in f o r m a t io n a b o u t t h e t y p e o f o p e r a t in g s y s te m a tta c k e r can use th is in fo rm a tio n to la u n c h an a tta c k by used by fin d in g l o o p h o l e s in t h a t p a r t i c u l a r o p e r a t i n g s y s t e m . Q Forward email: W h e th e r o r n o t th e e m a il s e n t t o y o u is f o r w a r d e d to a n o th e r p e rs o n c a n b e d e t e r m in e d e a s ily b y u s in g th is to o l. M o d u le 02 P a g e 154 E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s C o p y r ig h t © b y E C -C 0U n C il A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d . E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s Exam 312-50 C e r t i f i e d E t h ic a l H a c k e r F o o t p r in t in g a n d R e c o n n a is s a n c e Collecting Information from Email Header CEH D e liv o r e d - T o : _ @ g m a il.c o m The a d d re ss from w hich R e c e i v e d : b y 1 0 . 1 1 2 . 3 9 . 1 6 7 w i t h SMTP i d q 7 c j th e m essage w as sent F r i , 1 Ju n 2012 2 1 :2 4 :0 1 R e t u r n - P a t h : < •*״- e r m a @ g m a il.c o m > R e c e iv e d - S P F : p a s s ( g o o g le .c o m : d o m a in o f ־d e s i g n a t e s 1 0 . 2 2 4 . 2 0 5 . 1 3 7 s e n d e r ) c l i e n t ־i p = 1 0 . 2 2 4 . 2 0 5 . 377 S en d er's m ail server A u t h e n t i c a t i o n - R e s u l t s : |m ^ g o o g ^ ^ ^ o mm j3 | 1 0 .2 2 4 .2 0 5 .1 3 7 a s p e r m i ^ ? ? ^ SratpTml^H fc m ; d k i m = p a s s h e a d e r . i« ;_ •»«-*.. * rm a @ g m a il.c o m R e c e iv e d : fr o m r a r .g o o g le .c o m ([ 1 0 .2 2 4 .2 0 5 .1 3 7 ] ) D a t e a n d t im e re c e iv e d !h Y w ir.h SMTP Iri f r » ^ . . n ^ 8 5 7 0 q a b . 3 9 .1 3 1 b y t h e o r ig in a to r 's I F r i , 01 J u n 2Q 12 2 1 ; 2 4 : Q Q - 0 7 0 0 ( P D T )I — -OTOOif^ a s p e rm itte d 1 email servers d = gm a 1 1 . c o m ; 3 = 2 0 1 2 0 1 1 3 ; h -m im e -v e rs io n : i n - r e p l y - t o : A u th e n tic a t io n s y s te m e c t : fro m :to : c o n te n t- ty p e ; used by sender's b h = T G E I P b 4 ti 7 g f Q G + g h h 7 0 k P j k x + T t / iA C lfl mail server b —K g u Z L T L fg 2 + Q Z X z Z K e x lN n v R c n D /־t־P 4 ־t-Nkl !2P-t ־75MxDR8 b1PK3eJ3U f/C saB ZW r>TTO X LaK O A G rP3B O t92M CZFxeU U Q 9uw L/xH A I.SnkoU TF.EA K G qO C 0 d 9 h D 5 9 D 3 0 X l8 K A C 7 Z m k b lG z X m V 4 D lW ffC L 8 9 4 R d H B O U o M zR w O W W Iib 9 5 a ll3 8 cq tlfP Z hrW F K h 5 x S n Z X sE 7 3 x Z P E Y zp 7 y ee C e Q u Y H Z N G slK x c0 7 x Q je Z u w + H W K /v R 6 x C h D Ja p Z 4 K 5 Z A fY Z m kIkF X + V dL Z qu7Y G F zy60H cuP 16y3/C 2fX H V d3uY < ״n M T /y e c v h C V 0 8 0 g 7 F K t6 /K z w -■ M I M E - V e r a io n : 1 . 0 R e c e iv e d ; b y 1 0 .2 2 4 .2 0 5 .1 3 7 w i t h SMTP i d fq9; 1040318; F r i , 01 J u n 2 0 1 2 2 1 : 2 4 : 0 0 - 0 7 0 0 (PDT) R e c e i v e d : b y 1 0 . 2 2 9 . 2 3 0 . 7 9 w i t h HTTP; F r i I n - R e p l y - T o : <C A O Y W A T T lzdD X E 308D 2rhiE 4B er A u n iq u e n u m b e r a s sig ne d l.c o m > . ־'חזי־׳'־׳. Refer^aa » f aranrai • ( f anYHftTT 1rrinytr Infi n? rh i Fif■ j D a te b m .google.com to ' itify them e: nO’-E M JcgfgX + m U f j B t t 2 s y 2 d X A 0 m a i l . g m a i l .co m > ןo;1LUTIONS : : : ■ e r m a 6 g m a il.c o m > ץ u b j — —ן \ l . com , S en d er's fu ll n am e ) ־LUTIONS < r 0 y a h o o .c o m > Copyright © by EG-G(IIIICil. All Rights Reserved. Reproduction is Strictly Prohibited. C An o l l e c t i n g e m a il header I n f o r m is t h e a t i o n in fo rm a tio n f r o m th a t E m a i l H e a d e r s tra v e ls w ith e v e ry e m a il. It c o n t a i n s th e d e ta ils o f th e s e n d e r, r o u tin g in f o r m a t io n , d a te , s u b je c t, a n d re c ip ie n t. T h e p ro c e s s o f v ie w in g th e e m a il h e a d e r v a rie s w it h d iffe r e n t m a il p ro g ra m s . C o m m o n ly u s e d e m a il p ro g ra m s : © S m a rte rM a il W e b m a il © O u tlo o k E xp re ss 4 -6 e O u tlo o k 2 0 0 0 -2 0 0 3 e O u tlo o k 2 0 0 7 © E u d o ra 4 .3 /5 .0 © E n to u ra g e © N e ts c a p e M e s s e n g e r 4 .7 © M a c M a il T h e f o l l o w i n g is a s c r e e n s h o t o f a s a m p l e e m a i l h e a d e r . M o d u le 02 P a g e 155 E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s C o p y r ig h t © b y E C -C 0U n C il A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d . E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s Exam 312-50 C e r t i f i e d E t h ic a l H a c k e r F o o t p r in t in g a n d R e c o n n a is s a n c e D e liv e r e d - T o : 8 .-»-»» ■«» !»«׳g ma i l . c o m R e c e iv e d : b y 1 0 . 1 1 2 . 39". 1 6 7 w i t h SMTP i d q 7 c s p 4 8 9 4 1 2 1 b k ; F r i , 1 J u n 2 0 1 2 2 1 : 2 4 : 0 1 - 0 7 0 0 (PDT) R e t u r n - P a t h : < »•-— - e r m a @ g m a il.c o m > R e c e iv e d - S P F : p a s s ( g o o g l e . c o m : d o m a in o f ■ 1 e n n a 0 g m a il.c o m d e s i g n a t e s 1 0 . 2 2 4 . 2 0 5 . 1 3 7 a s p e r m i t t e d s e n d e r) c li e n t - i p = 1 0 . 2 2 A u t h e n t i c a t i o n - R e s u l t s : p n r 7 g o o g l^ ^ o m » J 3 p f - p a 3 3 ( g o o g l e . c o m : d o m a in o f e r m a 8 g m a il. c o m d e s i g n a t e s 1 0 .2 2 4 .2 0 5 .1 3 7 a s p e r m it te d s e n a e rj s mt p . ma i l 3 - ׳ ־r m a g g m a i l . c o m ; d k im = p a s s h e a d e r. i= ; ? r m a 8 g m a il.c o m R e c e iv e d : f r o m m r . g o o g l e . c o m ( [ 1 0 . 2 2 4 . 2 0 5 . 1 3 7 ] ) h v i n . ? ? < 7 ו. ?> ו5 - ר וw i n , s m t p in ^ , 0 ^ < ; 7 8 » ; 7 0 ^ . <>ר. 1 * « ר ר1 1 ) ו4 0 7 7 ( רn u m _ h o p s = 1 ) ; | F n , 01 J u n 2 0 1 2 2 1 : 2 4 : 0 0 - 0 7 0 0 ( P D T )! D K I M - S ig n a t u r e : v = l / l ^ ^ r s a - s h a ^ ^ o / J c = r e l a x e d / r e l a x e d ; d= g m a i 1 . c o m ; ? 1 h = m im e - v e r s io n : in - r e p ly - t o : r e fe r e n c e s : d a t e : m e s s a g e - id : s u b je c t : f r o m : to :c o n te n t- ty p e ; b h = T G E IP b 4 ti7 g fQ G + g h h 7 0 k P jk x 4 T t/iA C lP P y W m N g Y H c = ; b ־K g u Z L T L fg 2 + Q Z X z Z K e x lN n v R c n D /+ P 4 + N k 5 N K S P tG 7 u H X D s fv /h G H 4 6 e 2 F + 7 5 M x D R 8 b lP K 3 e J 3 U f/C s a B Z W D IT O X L a K O A G rP 3 B O t9 2 M C Z F x e U U Q 9 u w L /x H A L S n k e U IE E e K G q O C o a 9 h D 5 9 D 3 o X I8 K A C 7 Z m k b lG z X m V 4 D lW ffC L 8 9 4 R a M B 0 U o M z R w 0 W W Iib 9 5 a lI3 8 c q tlfP Z h rW F K h 5 x S n Z X s E 7 3 x Z P E Y z p 7 y e c C e Q u Y H Z N G s lK x c 0 7 x Q je Z u w + H W K /v R 6 x C h D J a p Z 4 K5 Z A f Y Z m k I k F X -V d L Z q u Y G F z y H c u P l6 y S / C 2 fX H V d s u Y a m M T /y e c v h C V o 8 0 g 7 F K t 6 /K z w M I M E - V e r s io n : 1 . 0 R e c e iv e d : b y 1 0 . 2 2 4 . 2 0 5 . 1 3 7 w i t h SMTP i d f q 9 m r 6 7 0 4 5 8 6 q a b . 3 9 . 1 3 3 8 6 1 1 0 4 0 3 1 8 ; F r i , 01 J u n 2 0 1 2 2 1 : 2 4 : 0 0 - 0 7 0 0 (PDT) R e c e iv e d : b y 1 0 . 2 2 9 . 2 3 0 . 7 9 w i t h H T T P ; F r i , 1 J u n 2 0 1 2 2 1 : 2 3 : 5 9 - 0 7 0 0 (PDT) I n - R e p l y - T o : < C A O Y W A T T lz d D X E 3 o 8 D 2 r h iE 4 B e r2 M tV 0 u h r o 6 r 4 7 M u 7 c 8 u b p 8 E g @ m a il.g m a il.c o m > R e f e r o f l £ g a ^ ^ £ £ 2 i j i £ 2 £ l £ d f i J S £ 2 a 2 £ 2 i J i ^ 4 ^ e r 2 M tV O u h r o 6 r + 7 M u 7 c 8 u b p 8 E g 0 m a il. g m a i l . com > D a te : | S a t, 7 Jun 201? 0 9 :5 3 :5 9 40530 1 M e s s a g e - i t : <(!:A M ivo X 'fl !1cf£1־n £ 'w !iW < i5 z ih N n O - E M J c g fg X + m U fj B _ t t 2 s y 2 d X A 0 m a i l . g m a i l . com > S u b je j^ ^ ii_ ״ _ _ ji* ,_ 0 L U T I0 N S : : : F r o m :| ■■ ~ M ir z a |< ״- • - e r m a p g m a il. com > To: i f t s a m a i i . c om , • 1LU TI0N S < • •- * - - ־ - t i o n s 8 g m a i l. c o m > , — ... ■■ 1־ ■ a A k e r 8 y a h o o .c o m > , 0120 1 4 7 60 ^ <tm FIGURE 2.24: Email header screenshot T h is e m a il h e a d e r c o n ta in s t h e f o llo w in g in f o r m a t io n : e S e n d e r's m a il s e rv e r e D a ta a n d t im e re c e iv e d b y th e o r ig in a to r 's e m a il s e rv e rs e e e e e e A u t h e n t ic a tio n s y s te m u s e d b y s e n d e r 's m a il s e rv e r D a ta a n d t im e o f m e s s a g e s e n t A u n iq u e n u m b e r a s s ig n e d b y m r .g o o g le .c o m t o id e n t if y t h e m e s s a g e S e n d e r's fu ll n a m e S e n d e r s IP a d d r e s s T he a d d re ss fr o m w h ic h th e m e s s a g e w a s s e n t T h e a t t a c k e r c a n t r a c e a n d c o l l e c t a ll o f t h i s i n f o r m a t i o n b y p e r f o r m i n g a d e t a i l e d a n a l y s i s o f t h e c o m p le te e m a il h e a d e r. M o d u le 02 P a g e 156 E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s C o p y r ig h t © b y E C -C 0U n C il A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d . E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s Exam 312-50 C e r t i f i e d E t h ic a l H a c k e r F o o t p r in t in g a n d R e c o n n a is s a n c e CEH E m a i l T r a c k i n g T o o ls Email Lookup - Free Email Tracker T r a c e E m a il - T r a c k E m a il Email Header A n a ly sis IP Address: 72.52.192 147 (host.marhsttanrrediagroup.con) IP Address Country: Unred States ip continent north America IP Address City Location: Lansing IP Address Region: Michigan IP Address Latitude: *2.7257. IP Address longtitude: -84.636 Organ i ra t on: So jrcoDNS tm aii Lookup wap (sn o w n id e ) M ap Satellite Bath Charter Township Email Metrics O on d *w ־- * ( f t Lansing E03t Lansing / I־ ! ! ! ! ! ! ! ! I I j !.! ! f I ! I I ! 1 1 1 י IVac dfeta 82012 Gooole - Terms of Use Report a map e E m a il L o o k u p - F re e E m a il T ra c k e r (http://www.ipaddresslocation.org) P o lit e M a il (http://www.politemail.com) Copyright © by EG-G(l1ncil. All Rights Reserved. Reproduction is Strictly Prohibited. E m E m a il a i l T r a c k i n g tra c k in g to o ls T o o l s a llo w you to tra c k an e m a il and e x tra c t in fo rm a tio n such as s e n d e r i d e n t i t y , m a i l s e r v e r , s e n d e r ' s IP a d d r e s s , e t c . Y o u c a n u s e t h e e x t r a c t e d i n f o r m a t i o n t o a tta c k t h e t a r g e t o r g a n iz a tio n 's s y s te m s b y s e n d in g m a lic io u s e m a ils . N u m e r o u s e m a il tr a c k in g t o o l s a r e r e a d i l y a v a i l a b l e in t h e m a r k e t . T h e f o llo w in g a re a f e w c o m m o n ly u s e d e m a il tr a c k in g to o ls : e M a ilT r a c k e r P r o S o u rce : h ttp ://w w w .e m a iltra c k e r p ro .c o m e M a i l T r a c k e r P r o is a n e m a i l t r a c k i n g t o o l t h a t a n a l y z e s e m a i l h e a d e r s a n d r e v e a l s i n f o r m a t i o n s u c h a s s e n d e r ' s g e o g r a p h i c a l l o c a t i o n , IP a d d r e s s , e t c . I t a l l o w s y o u t o r e v ie w t h e tr a c e s la te r b y s a v in g a ll p a s t t r a c e s . M o d u le 02 P a g e 157 E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s C o p y r ig h t © b y E C -C 0U n C il A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d . E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s Exam 312-50 C e r t i f i e d E t h ic a l H a c k e r F o o t p r in t in g a n d R e c o n n a is s a n c e «M*fTrKtfT*o v9Qh Advanced {(Woiv Tnjl a»y 3 of M • n*r» s M KTT» mt*•( n*van( on »*זvyv•**• (tt* po^ndotftf) • ntrtiiwHTmMn*( 18382 14 17 12« 240 ע בt 18087 385 80 231 217 17 80231217 2 80 231 2006 80 231 91 X 80 231 1382 m (frt*e*l *22 Teu arc <a day J ( *•1 צ4 « יin*. V0M<M«<•w !•jomnf on Mm (tkt port nctoM<A ■ T*#f• n no w nw n m ■ ! ontMt (t»» port « 1 ז ? ד. ג נ » י. יSTATIC w l M(Ot01 1* ׳ ׳. >.-0■'00 •-cor. וM.V-Mx'** MUU Mt Mjrrfe* M t lc « 1 * ׳WYfttMar*•** mMS3 »*״ *2 2 lc««2 W lN lto M * * M 3 mi u m Sh m < ♦21c«*2SV» *!>*»■«»» m M O w l(M t •*&•» «•״KMM » ׳v * H n793 Ooitiim * • * v x aito U flU O'*« (»'<***••" cJrp out of (M*. 10| « ttnKw* dala b m OOJlCt FIGURE 2.25: eM ailTrackerP ro show ing geographical lo ca tio n o f sender P o lit e M a il S o u rce : h ttp ://w w w .p o lite m a il.c o m P o l i t e M a i l is a n e m a i l t r a c k i n g t o o l f o r O u t l o o k . I t t r a c k s a n d p ro v id e s c o m p le te w h o o p e n e d y o u r m a il a n d w h ic h d o c u m e n t has b e e n o p e n e d , as w e ll as w h ic h c lic k e d and re a d . It o ffe rs m a il m e rg in g , s p lit te s tin g , and fu ll lis t d e ta ils a b o u t lin k s a re b e in g m anagem ent in c lu d in g s e g m e n t in g . Y o u c a n c o m p o s e a n e m a il c o n t a i n i n g m a l ic io u s lin k s a n d s e n d it t o t h e e m p lo y e e s o f t h e t a r g e t o r g a n iz a t io n a n d k e e p t r a c k o f y o u r e m a il. If t h e e m p l o y e e c lic k s o n t h e lin k , h e o r s h e is i n f e c t e d and you w ill b e n o tifie d . T hu s, y o u c a n g a in c o n t r o l o v e r t h e s y s te m w ith th e h e lp o f th is to o l. FIGURE 2.26: P o litem ail screenshot NIC E m a il L o o k u p - F r e e E m a il T r a c k e r W W W S o u rce : h ttp ://w w w .ip a d d r e s s lo c a tio n .o rg M o d u le 02 P a g e 158 E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s C o p y r ig h t © b y E C -C 0l 1n C i l A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d . E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s Exam 312-50 C e r t i f i e d E t h ic a l H a c k e r F o o t p r in t in g a n d R e c o n n a is s a n c e E m a i l L o o k u p is a n e m a i l t r a c k i n g t o o l t h a t d e t e r m i n e s t h e IP a d d r e s s o f t h e s e n d e r b y a n a l y z i n g th e e m a il h e a d e r. Y ou can c o p y a n d p a s te th e e m a il h e a d e r in to th is e m a il tra c k in g to o l a n d s ta r t tr a c in g e m a il. M o d u le 02 P a g e 159 E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s C o p y r ig h t © b y E C -C 0U n C il A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d . E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s Exam 312-50 C e r t i f i e d E t h ic a l H a c k e r F o o t p r in t in g a n d R e c o n n a is s a n c e E m a il L o o k u p - F re e E m a il T ra c k e r T ra c e E m a il • T ra c k E m a il Email Header Analysis IP Address: 72.52.192.147 (host manhattanmed1agroup.com) IP Address Country: United States fe i IP Continent: North America IP Address City Location: Lansng IP Address Region: Michigan IP Address Latitude: 42 7257, IP Address Longtitude: -84 636 Organization: SourceDNS Email Lookup Map (show/hide) FIGURE 2 .2 7 : E m ail L o o k u p S c re e n s h o t M o d u le 02 P a g e 160 E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s C o p y r ig h t © b y E C -C 0l 1n C i l A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d . E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s Exam 312-50 C e r t i f i e d E t h ic a l H a c k e r F o o t p r in t in g a n d R e c o n n a is s a n c e CEH E m a i l T r a c k i n g T o o ls ( C o n t ’d ) Read N o tify http://www.readnotify, com © '— P o in to fm a il http://www.pointofmail.com S u p e r Em ail M a rk e tin g D id T h e yR e a d lt http://www.didtheyreadit. com S o ftw a re http://www.bulk-email-marketing-software.net ■ S '/ Trace Em ail http://whatism yipaddress. com W hoR eadM e http://whoreadme.com MSGTAG http://www.msgtag.com G e tN o tify h ttn ■ / / iajiaj\aj nt>\ http://www.getnotify.com Z e n d io http://www.zendio.com ' — a J J S > G -Lock A n a ly tic s http://glockanalytics.com m Copyright © by EG-G(IIIICil. All Rights Reserved. Reproduction is Strictly Prohibited. E m a i l M T r a c k i n g R e a d --------- T o o l s ( C o n t ’ d ) N o t if y S o u rce : h ttp ://w w w .r e a d n o tify .c o m R e a d N o t i f y p r o v i d e s a n e m a i l t r a c k i n g s e r v i c e . I t n o t i f i e s y o u w h e n a t r a c k e d e m a i l is o p e n e d , re -o p e n e d , o r fo rw a rd e d . d e liv e r y d e ta ils , d a te Read a n d tim e l o c a t i o n , IP a d d r e s s o f t h e N o tify tra c k in g re p o rts c o n ta in o f o p e n in g , g e o g ra p h ic lo c a tio n re c ip ie n ts , r e fe r r e r d e ta ils in fo rm a tio n su ch as c o m p le te o f r e c ip ie n t, v is u a liz e d (i.e ., if a c c e s s e d v ia w e b m ap of e m a il a c c o u n t e tc .), e tc . ^ D id T h e y R e a d lt S o u rce : h ttp ://w w w .d id th e y r e a d it.c o m D i d T h e y R e a d l t is a n e m a i l t r a c k i n g u t i l i t y . I n o r d e r t o u s e t h i s u t i l i t y y o u n e e d t o s i g n u p f o r a n a c c o u n t. Then you need a d d re ss. F o r e x a m p le , to if y o u add w e re e lle n @ a o l.c o m .D id T h e y R e a d lt.c o m ".D id T h e y R e a d lt.c o m " s e n d in g an e -m a il to to th e end o f th e r e c ip ie n t's e -m a il e lle n @ a o l.c o m , y o u 'd ju s t s e n d in s te a d , a n d y o u r e m a il w o u ld it t o be tra c k e d , e lle n @ a o l.c o m w o u ld n o t s e e t h a t y o u a d d e d .D id T h e y R e a d lt.c o m t o h e r e m a il a d d re s s . T h is u t ilit y tr a c k s e v e r y e m a il t h a t y o u s e n d in v is ib ly , w i t h o u t a l e r t i n g t h e r e c i p i e n t . If t h e u s e r o p e n s y o u r m a il, t h e n it M o d u le 02 P a g e 161 E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s C o p y r ig h t © b y E C -C 0U n C il A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d . E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s Exam 312-50 C e r t i f i e d E t h ic a l H a c k e r F o o t p r in t in g a n d R e c o n n a is s a n c e in fo rm s you when your m a il was opened, how lo n g your e m a il re m a in e d open, and th e g e o g r a p h ic lo c a tio n w h e r e y o u r e m a il w a s v ie w e d . T r a c e E m a il S o u rce : h ttp ://w h a tis m y ip a d d re s s .c o m T h e T ra c e E m a il to o l a t t e m p t s t o lo c a te th e so u rce IP a d d r e s s o f a n e m a i l b a s e d o n t h e h e a d e rs . Y o u ju s t n e e d to c o p y a n d p a s te th e fu ll h e a d e rs o f th e ta r g e t e m a il in to th e e m a il H e a d e rs b o x a n d t h e n c lic k t h e G e t S o u rc e b u t t o n . It s h o w s t h e e m a il h e a d e r a n a ly s is a n d re s u lts . T h is E m a il h e a d e r a n a ly s is t o o l d o e s n o t h a v e t h e a b ilit y t o d e t e c t f o r g e d e m a ils h e a d e r s . T h e s e fo rg e d e m a il h e a d e rs a re com m on in m a lic io u s e m a il and s p a m . T h is to o l assum es a ll m a il s e r v e r s a n d e m a i l c l i e n t s in t h e t r a n s m i s s i o n p a t h a r e t r u s t w o r t h y . M S G T A G S o u rce : h ttp ://w w w .m s g ta g .c o m MSGTAG when is W i n d o w s e m a il tra c k in g y o u r e m a ils a re opened and s o ftw a re when th a t uses a read y o u r e m a ils a re re c e ip t te c h n o lo g y to a c tu a lly te ll y o u re a d . T h is s o f t w a r e adds a s m a l l t r a c k a n d t r a c e t a g t h a t is u n i q u e t o e a c h e m a i l y o u n e e d d e l i v e r y c o n f i r m a t i o n f o r . W h e n t h e e m a i l is o p e n e d a n e m a i l t r a c k i n g c o d e is s e n t t o t h e M S G T A G e m a i l t r a c k i n g s y s t e m a n d a n e m a il re a d c o n fir m a tio n is d e l i v e r e d t o y o u . M S G T A G w i l l n o t i f y y o u w h e n t h e m e s s a g e is r e a d v ia a n e m a il e d c o n f i r m a t i o n , a p o p - u p m e s s a g e , o r a n S M S t e x t m e s s a g e . vSW , Z e n d io S o u rce : h ttp ://w w w .z e n d io .c o m Z e n d io , th e th e e m a il tra c k in g s o ftw a r e e m a il, so y o u can fo llo w a d d -in f o r O u tlo o k , n o tifie s y o u u p , k n o w in g when th e y read it a n d o n c e y o u r re c ip ie n t rea d s if t h e y c lic k e d on any lin k s i n c l u d e d in t h e e m a i l . P o in t o f m a il S o u rce : h ttp ://w w w .p o in to fm a il.c o m P o in to fm a il.c o m tra c k s is a p r o o f o f r e c e i p t a n d a tta c h m e n ts , and le ts you r e a d in g s e rv ic e f o r e m a il. m o d ify or d e le te sent It e n s u r e s m essages. It read re c e ip ts , p ro v id e s d e ta ile d i n f o r m a t i o n a b o u t t h e r e c ip ie n t , f u ll h is t o r y o f e m a il r e a d s a n d f o r w a r d s , lin k s a n d a t t a c h m e n t s tra c k in g , e m a il, a n d w e b a n d S M S t e x t n o tific a tio n s . 3 יו S u p e r E m a il M a r k e t in g S o ftw a r e S o u rce : h ttp ://w w w .b u lk - e m a il- m a rk e tin g -s o ftw a r e .n e t S u p e r E m a il M a r k e t i n g S o ftw a re is a p r o f e s s i o n a l a n d s t a n d a l o n e b u lk m a ile r p r o g r a m . It has t h e a b ilit y t o s e n d m a ils t o a lis t o f a d d re s s e s . It s u p p o r t s b o t h t e x t as w e ll as H T M L f o r m a t t e d e m a il s . A ll d u p lic a t e e m a il a d d re s s e s a re r e m o v e d a u t o m a t ic a ll y b y u s in g t h is a p p lic a t io n . E ach m a i l is s e n t i n d i v i d u a l l y t o t h e r e c i p i e n t s o t h a t t h e r e c i p i e n t c a n o n l y s e e h i s o r h e r e m a i l i n t h e M o d u le 02 P a g e 162 E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s C o p y r ig h t © b y E C -C 0U n C il A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d . E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s Exam 312-50 C e r t i f i e d E t h ic a l H a c k e r F o o t p r in t in g a n d R e c o n n a is s a n c e e m a il h e a d e r . It s a v e s t h e e m a il a d d re s s e s o f t h e s u c c e s s fu l s e n t m a ils as w e ll as t h e fa ile d m a ils t o a te x t, CSV, T S V o r M ic r o s o f t E xce l file . M o d u le 02 P a g e 163 E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s C o p y r ig h t © b y E C -C 0U n C il A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d . E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s Exam 312-50 C e r t i f i e d E t h ic a l H a c k e r F o o t p r in t in g a n d R e c o n n a is s a n c e W " 5 ©׳ h o R e a d M e o u rc e : h ttp ://w h o r e a d m e .c o m W h o R e a d M e is a n e m a i l t r a c k i n g t o o l . I t is c o m p l e t e l y i n v i s i b l e t o r e c i p i e n t s . T h e r e c i p i e n t s w i l l h a v e n o id e a t h a t t h e e m a ils s e n t t o t h e m th e re c ip ie n t o p e n s th e s y s te m a r e b e i n g t r a c k e d . T h e s e n d e r is n o t i f i e d e v e r y t i m e m a il s e n t b y t h e s e n d e r . It tr a c k s in f o r m a t i o n s u c h as t y p e o f o p e r a t in g a n d b r o w s e r u s e d , A c t i v e X C o n t r o l s , CSS v e r s i o n , d u r a t i o n b e t w e e n t h e m a ils s e n t a n d re a d tim e , e tc . G e t N o t if y S o u rce : h t t o : / / w w w . g e tn o tify .c o m G e t N o t i f y is a n e m a i l t r a c k i n g t o o l t h a t s e n d s n o t i f i c a t i o n s w h e n t h e r e c i p i e n t o p e n s a n d r e a d s t h e m a il. It s e n d s n o t i f i c a t i o n s w i t h o u t t h e k n o w l e d g e o f r e c i p i e n t . I r G ־L o c k ׳ —ץ S o u rce : h ttp ://g lo c k a n a ly tic s .c o m G -L o c k A n a ly tic s A n a ly t ic s is a n e m a i l t r a c k i n g s e rv ic e . T h is a llo w s y o u e m a ils a f t e r t h e y a re s e n t. T h is t o o l r e p o r t s t o y o u h o w to know w h a t happens to your m a n y tim e s th e e m a il w a s p rin te d a n d fo rw a rd e d . M o d u le 02 P a g e 164 E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s C o p y r ig h t © b y E C -C 0U n C il A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d . E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s Exam 312-50 C e r t i f i e d E t h ic a l H a c k e r F o o t p r in t in g a n d R e c o n n a is s a n c e Footprinting Methodology CEH Footprinting through Search Engines WHOIS Footprinting Website Footprinting DNS Footprinting Email Footprinting Network Footprinting Competitive Intelligence Footprinting through Social Engineering Footprinting using Google Footprinting through Social Networking Sites Copyright © by EG-G(IIIICil. All Rights Reserved. Reproduction is Strictly Prohibited. F o o t p r i n t i n g The next phase M e t h o d o l o g y in f o o t p r i n t i n g m e th o d o lo g y a fte r e m a il fo o t p r in t in g is c o m p e t i t i v e in te llig e n c e . C o m p e titiv e in te llig e n c e is a p r o c e s s t h a t g a t h e r s , a n a l y z e s , a n d d i s t r i b u t e s i n t e l l i g e n c e about p r o d u c t s , c u s t o m e r s , c o m p e t i t o r s , a n d t e c h n o l o g i e s u s i n g t h e I n t e r n e t . T h e i n f o r m a t i o n t h a t is g a th e re d s e c tio n can h e lp m a n a g e rs is a b o u t c o m p e t i t i v e and e x e c u tiv e s in te llig e n c e of a g a th e rin g com pany and m ake so u rc e s s tra te g ic w h e re you d e c is io n s . can T h is g e t v a lu a b le in fo rm a tio n . M o d u le 02 P a g e 165 E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s C o p y r ig h t © b y E C -C 0U n C il A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d . E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s Exam 312-50 C e r t i f i e d E t h ic a l H a c k e r F o o t p r in t in g a n d R e c o n n a is s a n c e Competitive Intelligence Gathering J 0 C o m p e titive in telligence is th e process o f id e n tify in g , g a th e rin g , a n a lyzing, v e rify in g , and using in fo rm a tio n a b o u t yo u r co m p e tito rs fro m resources such as th e In te rn e t J C o m p e titive in telligence is n o n -in te rfe rin g and s u b tle in n a tu re 0 ר S o u rc e s of C om petitive Intelligence ♦ 1 C o m p a n y w e b site s and e m p lo y m e n t ads 6׳ Social e ng in ee ring e m p lo ye e s 2 Search engines, Internet, and o n lin e d a tab ases 7 P ro d u ct c ata lo g u e s and re ta il o u tle ts 3 Press releases a nd a n n u al re po rts A n a ly st a nd re g u la to ry re p o rts - Trade jo u rn a ls, con feren ces, and ne w sp a p e r C u sto m e r a nd v e n d o r in te rv ie w s 5 P ate nt a nd tra d e m a rks 10 Agents, d istrib u to rs, and sup p lie rs Copyright © by EG-G*ancil. All Rights Reserved. Reproduction is Strictly Prohibited. C o m V a rio u s p e t i t i v e to o ls a re I n t e l l i g e n c e re a d ily a v a ila b le in G th e a t h e r i n g m a rke t fo r th e p u rp o se of c o m p e titiv e in te llig e n c e g a th e rin g . A c q u is itio n th e o f in fo rm a tio n I n t e r n e t is d e f i n e d o r g a n i z a t i o n . I t is n o n - i n t e r f e r i n g a n d s u b t l e p r o p e r t y t h e f t c a rrie d th e in te llig e n c e . C o m p e titiv e e x te rn a l g a th e rin g not o u t th ro u g h b u s in e s s th e n it is not in n a t u r e co m p a re d h a c k in g o r in d u s tria l e s p io n a g e . e n v iro n m e n t. it s e c re tly . A c c o r d in g t o u s e fu l, in te llig e n c e is n o t j u s t a b o u t but also analyzing their products, customers, suppliers, a n a ly z in g c o m p e tito r s th e a b o u t p r o d u c ts , c o m p e t it o r s , a n d te c h n o lo g ie s o f a c o m p a n y u s in g as c o m p e t it iv e It g a th e rs in fo rm a tio n Cl p r o f e s s i o n a l s , i f t h e c a lle d in te llig e n c e . to th e d ir e c t in te lle c tu a l It m a in ly c o n c e n t r a t e s o n e th ic a lly in te llig e n c e C o m p e titiv e e tc . th a t im p a c t and le g a lly in fo rm a tio n in te llig e n c e is in s te a d g a th e re d p e rfo rm e d of is fo r d e te rm in in g : © W h a t th e c o m p e tito r s a re d o in g © H o w c o m p e tito r s a re p o s itio n in g t h e ir p r o d u c ts a n d s e rv ic e s Sources of Competitive Intelligence: C o m p a n y w e b s ite s a n d e m p lo y m e n t ads S M o d u le S e a rc h e n g in e s , In te r n e t, a n d o n lin e d a ta b a s e s 02 P a g e 166 E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s C o p y r ig h t © b y E C -C 0l i n C i l A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d . E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s Exam 312-50 C e r t i f i e d E t h ic a l H a c k e r F o o t p r in t in g a n d R e c o n n a is s a n c e e e e e e e e e P ress re le a s e s a n d a n n u a l r e p o r ts T ra d e jo u rn a ls , c o n fe re n c e s , a n d n e w s p a p e rs P a te n ts a n d tra d e m a rk s S o c ia l e n g i n e e r i n g e m p l o y e e s P r o d u c t c a ta lo g s a n d re ta il o u tle ts A n a ly s t a n d r e g u la to r y re p o r ts C u s to m e r a n d v e n d o r in te rv ie w s A g e n ts , d is tr ib u to r s , a n d s u p p lie rs C o m p e titiv e in fo rm a tio n in te llig e n c e or by can u tiliz in g a be c a rrie d c o m m e rc ia l out by e ith e r d a ta b a s e e m p lo y in g s e rv ic e , w h ic h p e o p le in c u rs to a se a rch lo w e r fo r cost th e th a n e m p lo y in g p e rs o n n e l to d o th e s a m e th in g . M o d u le 02 P a g e 167 E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s C o p y r ig h t © b y E C -C 0U n C il A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d . E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s Exam 312-50 C e r t i f i e d E t h ic a l H a c k e r F o o t p r in t in g a n d R e c o n n a is s a n c e C o m p e t it iv e C o m p a n y I n t e llig e n c e B e g in ? H o w - W D id h e n it D id t h is D e v e lo p ? CEH V is it T h e s e S ite s ♦------------------------------------------------------ When did it begin? 01. EDGAR Database http://www.sec.gov/edgar.shtml ♦-----------------------------------02. Hoovers How did it develop? http://www.hoovers.com «________________________________ 03. LexisNexis M ■2) http://www.lexisnexis.com ♦-----------------------------------04. Business Wire ^ Hs) http://www.businesswire.com Copyright © by EG-Gtlincil. All Rights Reserved. Reproduction is Strictly Prohibited. C o m p e t i t i v e B e g i n ? H o w I n t e l l i g e n c e D i d i t ־ W h e n D i d t h i s C o m p a n y D e v e l o p ? G a th e r in g c o m p e t it o r d o c u m e n t s a n d re c o r d s h e lp s im p r o v e p r o d u c t iv it y a n d p r o f i t a b i l i t y a n d s t i m u l a t e t h e g r o w t h . It h e lp s d e t e r m i n e t h e a n s w e r s t o t h e f o l l o w i n g : When did it begin? T h ro u g h c o m p e titiv e in te llig e n c e , th e h is to ry o f a c o m p a n y can b e c o lle c t e d , s u c h as w h e n a p a r tic u la r c o m p a n y w a s e s ta b lis h e d . S o m e tim e s , c ru c ia l in f o r m a t io n t h a t is n 't u s u a lly a v a ila b le f o r o t h e r s c a n a ls o b e c o lle c t e d . How did it develop? I t is v e r y b e n e f i c i a l t o k n o w a b o u t h o w e x a c tly a p a rtic u la r c o m p a n y has d e v e lo p e d . W h a t a re t h e v a rio u s s tr a te g ie s u s e d b y t h e c o m p a n y ? T h e ir a d v e r t is e m e n t p o lic y , c u s t o m e r r e la tio n s h ip m a n a g e m e n t, e tc . c a n b e le a rn e d . Who leads it? T h is i n f o r m a t i o n h e lp s a c o m p a n y le a rn d e ta ils o f t h e le a d in g p e rs o n (d e c is io n m a ke r) o f th e com pany. Where is it located? M o d u le 02 P a g e 168 E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s C o p y r ig h t © b y E C -C 0U n C il A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d . E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s 312-50 C e r t i f i e d Exam E t h ic a l H a c k e r F o o t p r in t in g a n d R e c o n n a is s a n c e T h e lo c a tio n o f th e c o m p a n y a n d in fo r m a tio n re la te d to v a rio u s b ra n c h e s a n d th e ir o p e ra tio n s c a n b e c o lle c te d t h r o u g h c o m p e titiv e in te llig e n c e . You can use th is in fo rm a tio n g a th e re d th ro u g h c o m p e titiv e in te llig e n c e to b u ild a h a c k in g s tra te g y . T h e f o llo w in g a re in f o r m a t io n r e s o u r c e s ite s t h a t h e lp u s e rs g a in c o m p e t i t i v e in t e llig e n c e . E D G A R ע 0 1 c—3 A ll S o u rce : h ttp ://w w w .s e c .g o v /e d g a r .s h tm l c o m p a n ie s , fo re ig n and d o m e s tic , a re re q u ire d re p o rts , a n d o th e r fo rm s e le c tro n ic a lly th ro u g h to file re g is tra tio n s ta te m e n ts , EDGAR. A n y o n e can v ie w th e p e rio d ic ED G AR d a ta b a s e f r e e l y t h r o u g h t h e I n t e r n e t ( w e b o r FTP). A ll t h e d o c u m e n t s t h a t a r e f i l e d w i t h t h e c o m m i s s i o n b y p u b lic c o m p a n ie s m a y n o t b e a v a ila b le o n ED G AR . H o o v e r s M = = ־־ I i S o u rce : h ttp ://w w w .h o o v e r s .c o m H o o v e r s is a b u s i n e s s r e s e a r c h c o m p a n y t h a t p r o v i d e s c o m p l e t e i n d u s t r i e s a ll o v e r t h e w o r l d . H o o v e r s p r o v i d e s p a t e n t e d d e ta ils a b o u t c o m p a n ie s a n d b u s in e s s -re la te d I n t e r n e t , d a ta fe e d s , w ir e le s s d e v ic e s , a n d c o - b r a n d in g a g r e e m e n t s w it h It g iv e s c o m p l e t e econom y and in fo rm a tio n a ls o p ro v id e a b o u t th e th e to o ls o rg a n iz a tio n s , fo r c o n n e c tin g to in d u s trie s , th e rig h t and in fo rm a tio n th ro u g h o t h e r o n lin e s e rv ic e s . p e o p le p e o p le , in th a t d riv e th e o rd e r fo r g e ttin g b u s in e s s d o n e . L e x is N e x is S o u rce : h ttp ://w w w .le x is n e x is .c o m L e x i s N e x i s is a g l o b a l p r o v i d e r o f c o n t e n t - e n a b l e d p ro fe s s io n a ls in th e le g a l, ris k m a n a g e m e n t, w o rk flo w s o lu tio n s d e s ig n e d s p e c ific a lly f o r c o rp o ra te , g o v e rn m e n t, la w e n fo rc e m e n t, a c c o u n t i n g , a n d a c a d e m i c m a r k e t s . It m a i n t a in s a n e l e c t r o n i c d a t a b a s e t h r o u g h w h i c h y o u c a n g e t le g a l a n d p u b lic -re c o rd s re la te d in fo rm a tio n . D o c u m e n ts and re co rd s o f le g a l, n e w s , a n d b u s in e s s s o u rc e s a re m a d e a c c e s s ib le t o c u s to m e r s . B u s in e s s W ir e S o u rce : h ttp ://w w w .b u s in e s s w ir e .c o m B u s i n e s s W i r e is a c o m p a n y t h a t f o c u s e s o n p r e s s r e l e a s e d i s t r i b u t i o n a n d r e g u l a t o r y d i s c l o s u r e . F u ll t e x t n e w s re le a s e s , p h o to s , a n d a n d o rg a n iz a tio n s a re d is tr ib u te d fin a n c ia l m a rk e ts , in v e s to rs , o th e r m u ltim e d ia c o n te n t fro m th o u s a n d s o f c o m p a n ie s b y th is c o m p a n y a c ro s s th e g lo b e t o jo u rn a lis ts , n e w s m e d ia , in fo rm a tio n w e b s ite , d a ta b a s e s , and g e n e ra l a u d ie n c e s . T h is c o m p a n y h a s its o w n p a t e n t e d e l e c t r o n i c n e t w o r k t h r o u g h w h i c h it r e le a s e s its n e w s . M o d u le 02 P a g e 169 E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s C o p y r ig h t © b y E C -C 0U n C il A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d . E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s 312-50 C e r t i f i e d Exam E t h ic a l H a c k e r F o o t p r in t in g a n d R e c o n n a is s a n c e Competitive Intelligence -What c Are the Company's Plans? ך ^^^P^^^^^^^ompetitiv^ntelligenc^Site^^™ fertMM M a rke t W atch (h ttp : //w w w .m a r k e tw a tc h .c o m ) The W all S treet Transcript J twst.com (h t t p : / / w w w .t w s t .c o m ) ^ Lipper M arke tp la ce \ / E u ro m o n ito r (h ttp : // w w w .e u r o m o n ito r .c o m ) Fagan Finder (h t t p : // w w w .fa g a n fin d e r .c o m ) SEC Info M a rk e t^ upper marketplace (h ttp : // w w w .lip p e r m a r k e tp la c e .c o m ) I tUR OM ON M OR J ^Fagan-^ Finder S E C I n fo (h ttp : // w w w .s e c in fo .c o m ) The Search M o n ito r Search M pmI to r (h t t p : // w w w .th e s e a r c h m o n i to r .c o m ) Copyright © by EG-G*ancil. All Rights Reserved. Reproduction is Strictly Prohibited C M M o m p e t i t i v e I n t e l l i g e n c e ־ W h a t A r e t h e C o m p a n y 's to P la n s ? The fo llo w in g a re a fe w m o re e x a m p le s of w e b s ite s th a t a re u s e fu l to g a th e r v a lu a b le in f o r m a t io n a b o u t v a rio u s c o m p a n ie s a n d t h e ir p la n s t h r o u g h c o m p e t it iv e in te llig e n c e : M a r k e t W a t c h S o u rce : h ttp ://w w w .m a r k e tw a tc h .c o m M a rk e tW a tc h tra c k s th e p u ls e o f m a r k e ts . T h e s ite p ro v id e s b u s in e s s n e w s , in fo rm a tio n , re a l-tim e c o m m e n ta ry , a n d in v e s tm e n t to o ls a n d d a ta , w ith p e rs o n a l fin a n c e d e d ic a te d jo u rn a lis ts g e n e r a tin g h u n d r e d s o f h e a d lin e s , s to rie s , v id e o s , a n d m a r k e t b rie fs a d a y . S fli T h e Pi S o u rce : h ttp ://w w w .tw s t.c o m W a ll S tre e t T r a n s c r ip t T h e W a l l S t r e e t T r a n s c r i p t is a w e b s i t e a s w e l l a s p a i d s u b s c r i p t i o n in d u s try re p o rts . It e x p re s s e s t h e v ie w s of m oney m an a g e rs and p u b lic a tio n e q u ity t h a t p u b lis h e s a n a ly s ts o f d iffe re n t in d u s tr y s e c to rs . In te rv ie w s w it h CEOs o f c o m p a n ie s a re p u b lis h e d . L ip p e r M o d u le 02 P a g e 170 M a r k e t p la c e E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s C o p y r ig h t © b y E C -C 0l 1n C i l A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d . E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s 312-50 C e r t i f i e d Exam E t h ic a l H a c k e r F o o t p r in t in g a n d R e c o n n a is s a n c e S o u rce : h ttp ://w w w .lip p e r m a r k e tp la c e .c o m L ip p e r M a r k e tp la c e o ffe rs w e b -b a s e d s o lu tio n s t h a t a re h e lp fu l f o r id e n tify in g th e c o m p a n y . M a rk e tp la c e needed h e l p s in q u a l i f y i n g p r o s p e c t s a n d fo r tra n s fo rm in g th e s e p ro s p e c ts in to p ro v id e s th e c lie n ts . Its s o lu t io n s m a rke t o f a c o m p e titiv e a llo w in te llig e n c e u se rs to id e n tify net p u b lis h e s re p o rts on flo w s a n d tra c k in s titu tio n a l tre n d s . ■ I l l 'l l ■ E u r o m o n it o r S o u rce : h ttp ://w w w .e u r o m o n ito r .c o m E u ro m o n ito r p ro v id e s s tra te g y rese a rch fo r consum er m a rk e ts . It in d u s t r ie s , c o n s u m e r s , a n d d e m o g r a p h ic s . It p r o v id e s m a r k e t r e s e a r c h a n d s u r v e y s f o c u s e d o n y o u r o r g a n iz a tio n 's n e e d s . F a g a n F in d e r R 1 Fagan S o u rce : h ttp ://w w w .fa g a n fin d e r .c o m F i n d e r is a c o l l e c t i o n e n g in e s , p h o to s h a rin g o f i n t e r n e t t o o l s . I t is a d i r e c t o r y o f b l o g s i t e s , n e w s s i t e s , s e a r c h s ite s , s c ie n c e and e d u c a tio n s ite s , e tc . S p e c ia liz e d to o ls such as T ra n s la tio n W iz a rd a n d U R L in fo a re a v a ila b le f o r fin d in g in fo r m a t io n a b o u t v a rio u s a c tio n s w it h a w e b page. M ^ S E C >— ׳ I n f o S o u rce : h ttp ://w w w .s e c in fo .c o m SEC I n f o o f f e r s t h e U .S . S e c u r i t i e s a n d E x c h a n g e C o m m i s s i o n th e w e b , w ith b illio n s o f lin k s a d d e d t o In d u s try , a n d B u s i n e s s , SIC C o d e , A r e a (SEC) EDGAR d a ta b a s e s e rv ic e o n t h e SEC d o c u m e n t s . It a l l o w s y o u t o C o d e , A c c e s s io n N u m b e r, se a rch b y N a m e , F ile N u m b e r , C lK , T o p i c , Z IP C o d e , e tc . T h e S e a r c h M o n it o r S o u rce : h ttp ://w w w .th e s e a r c h m o n ito r .c o m T h e S e a rc h M o n it o r p ro v id e s r e a l- tim e c o m p e titiv e in te llig e n c e to m o n it o r a n u m b e r o f th in g s . It a llo w s y o u to m o n it o r m a r k e t s h a re , p a g e ra n k , a d c o p y , la n d in g pages, and th e y o u r c o m p e tito rs . W ith th e tr a d e m a r k m o n ito r , y o u can m o n ito r th e as y o u r c o m p e tito r 's b ra n d and w ith th e a ffilia te m o n ito r; you can budget of b u zz a b o u t y o u rs as w e ll w a tc h m o n ito r ad and la n d in g p a g e c o p y . M o d u le 02 P a g e 171 E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s C o p y r ig h t © b y E C -C 0U n C il A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d . E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s 312-50 C e r t i f i e d Exam E t h ic a l H a c k e r F o o t p r in t in g a n d R e c o n n a is s a n c e C o m O p e t it iv e p in io n s I n t e l l i g e n c e S a y A b o u t t h e - W C o m h a t CEH E x p e r t p a n y C o m p ete PRO™ C opernic T rack er http://w w w .com pete.com http://www .copernic.com ABI/INFORM Global SEMRush http://w w w .proquest.com http://www .sem rush.com Jo b lto rlal A tten tio n M eter http://w w w .attentionm eter.com a s ! http ://w w w .job ito ria l.co m Copyright © by EG-G(IIIICil. All Rights Reserved. Reproduction Is Strictly Prohibited. C o m t h e p e t i t i v e C o m I n t e l l i g e n c e ־W h a t E x p e r t O p i n i o n s S a y A b o u t p a n y C o p e r n ic T r a c k e r S o u rce : h ttp ://w w w .c o p e r n ic .c o m C o p e rn ic is w e b s i t e a c k n o w le d g e s you tra c k in g c o n te n t s o ftw a re . It c h a n g e s v ia m o n ito rs an e m a il, a c o m p e tito r 's if a n y. The w e b s ite u p d a te d c o n tin u o u s ly pages as w e ll and as th e c h a n g e s m a d e in t h e s it e a r e h i g h l i g h t e d f o r y o u r c o n v e n i e n c e . Y o u c a n e v e n w a t c h f o r s p e c if ic k e y w o r d s , t o s e e t h e c h a n g e s m a d e o n y o u r c o m p e t i t o r 's s ite s . S E M R u s h S o u rce : h ttp ://w w w .s e m r u s h .c o m SEM Rush is a c o m p e t i t i v e k e y w o rd s and re s u lts . and rese a rch to o l. A d W o r d s , as w e ll as a c o m p e t it o r s N e ce ssa ry a d v e rtis in g k e y w o rd m eans th e ir fo r g a in in g b u d g e t a llo c a tio n in -d e p th to s p e c ific For any s ite , y o u lis t in t h e k n o w le d g e o rg a n ic about can and g e t a lis t o f G o o g le p a id w hat G o o g le s e a rc h c o m p e tito rs In te r n e t m a r k e tin g ta c tic s a re a re p ro v id e d by SEM Rush M o d u le 02 P a g e 172 E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s C o p y r ig h t © b y E C -C 0U n C il A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d . E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s Exam 312-50 C e r t i f i e d E t h ic a l H a c k e r F o o t p r in t in g a n d R e c o n n a is s a n c e J o k it o r ia l S o u rce : h ttp ://w w w .io b ito r ia l.c o m J o b ito ria l p ro v id e s anonym ous e m p lo y e e re v ie w s p o s te d fo r jo b s at th o u s a n d s of c o m p a n ie s a n d a llo w s y o u t o r e v ie w a c o m p a n y . A t t e n t io n M e t e r S o u rce : h ttp ://w w w .a tte n tio n m e te r .c o m A tte n tio n M e te r C o m p e te , a nd is a t o o l Q u a n c a s t. used fo r c o m p a rin g It g iv e s y o u a n y w e b s ite a s n a p s h o t o f tra ffic you d a ta w ant (tra ffic ) by u s in g A le x a , as w e ll as g r a p h s f r o m A le x a , C o m p e te , a n d Q u a n tC a s t. A B I / I N F O R M G lo b a l S o u rce : h ttp ://w w w .p r o a u e s t.c o m A B I/IN F O R M fin a n c ia l G l o b a l is a b u s i n e s s d a t a b a s e . A B I / I N F O R M in fo rm a tio n d e te rm in e b u s in e s s fo r re s e a rc h e rs c o n d itio n s , at a ll m anagem ent le v e ls . G lo b a l o ffe rs t h e W ith te c h n iq u e s , A B I/IN F O R M b u s in e s s la te s t b u s in e s s a n d G lo b a l, tre n d s , u s e rs can m anagem ent p ra c tic e a n d th e o r y , c o r p o r a t e s tr a te g y a n d ta c tic s , a n d t h e c o m p e t it iv e la n d s c a p e . C o m p e te IB P R O S o u rce : h ttp ://w w w .c o m p e te .c o m C o m p e te PRO p ro v id e s an o n lin e c o m p e titiv e in te llig e n c e s e rv ic e . It c o m b i n e s a ll t h e s ite , s e a r c h , a n d r e f e r r a l a n a l y t i c s in a s i n g l e p r o d u c t . M o d u le 02 P a g e 173 E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s C o p y r ig h t © b y E C -C 0U n C il A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d . E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s Exam 312-50 C e r t i f i e d E t h ic a l H a c k e r F o o t p r in t in g a n d R e c o n n a is s a n c e Footprinting Methodology CEH Footprinting through Search \ Engines WHOIS Footprinting Website Footprinting DNS Footprinting Email Footprinting Network Footprinting Competitive Intelligence Footprinting through Social Engineering Footprinting using Google Footprinting through Social Networking Sites Copyright © by EG-G(IIIICil. All Rights Reserved. Reproduction is Strictly Prohibited. F o o t p r i n t i n g M e t h o d o l o g y F o o t p r i n t i n g Though s im ila r to th e G o o g le is a s e a r c h e n g in e . G o o g l e e n g in e , p ro c e s s o f fo o tp r in tin g th ro u g h w ith g a th e rin g in fo rm a tio n s p e c ific u s i n g s trin g s G o o g le o f te x t th e p ro ce ss o f fo o tp rin tin g u s in g G o o g le is not s e a rc h e n g in e s . F o o t p r in tin g u s in g G o o g le d e a ls b y G o o g l e h a c k i n g . G o o g l e h a c k i n g is a h a c k i n g t e c h n i q u e t o l o c a t e w ith in se a rc h re s u lts w ill f ilt e r f o r e x c e s s iv e use u s in g an advanced o f advanced s e a rc h o p e ra to r o p e ra to rs in and G o o g le se a rch w ill d r o p th e re q u e s ts w it h th e h e lp o f a n In tru s io n P re v e n tio n S y s te m M o d u le 02 P a g e 174 E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s C o p y r ig h t © b y E C -C 0U n C il A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d . E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s Exam 312-50 C e r t i f i e d E t h ic a l H a c k e r F o o t p r in t in g a n d R e c o n n a is s a n c e Footprint Using Google Hacking Techniques - ייr~ j F o o t p r i n t i n g u s i n g G o o g l e H a c k i n g T e c h n i q u e s J_ G o o g le h a c k in g r e f e r s t o t h e a r t o f c r e a t in g c o m p l e x s e a r c h e n g in e q u e r ie s . If y o u c a n c o n s tru c t G o o g le p ro p e r se a rch q u e rie s , y o u re s u lts . can T h ro u g h re trie v e G o o g le v a lu a b le h a c k in g , an d a ta about a tta c k e r a ta rg e t trie s to fin d com pany fro m w e b s ite s th a t th e a re v u ln e r a b le t o n u m e r o u s e x p lo it s a n d v u ln e r a b ilit ie s . T h is c a n b e a c c o m p lis h e d w i t h t h e h e lp o f G o o g le h a c k in g o p e ra to rs h e lp d a ta b a s e (G H D B ), in f i n d i n g re q u ire d o p e ra to rs , a tta c k e rs lo c a te a d a ta b a s e te x t and of q u e rie s a v o id in g to id e n tify irre le v a n t d a ta . d a ta . G o o g le U s in g a d v a n c e d s e n s itiv e G o o g le s p e c ific s tr in g s o f t e x t s u c h as s p e c ific v e rs io n s o f v u ln e r a b le web a p p lic a tio n s . S o m e o f t h e p o p u la r G o o g le o p e r a t o r s in c lu d e : Q .Site: Q allinurl: T h e .S ite o p e r a t o r in G o o g l e h e l p s t o f i n d o n l y p a g e s t h a t b e l o n g t o a s p e c i f i c U R L . T h is o p e r a to r fin d s th e re q u ire d pages o r w e b s ite s by re s tric tin g th e re s u lts c o n t a i n i n g a ll q u e r y t e r m s . Q Inurl: T h is w ill r e s t r ic t t h e r e s u lts t o o n ly w e b s ite s o r p a g e s t h a t c o n ta in t h e q u e r y t e r m s t h a t y o u h a v e s p e c i f i e d in t h e U R L o f t h e w e b s i t e . © allintitle: It r e s t r i c t s r e s u lt s t o o n l y w e b p a g e s t h a t c o n t a i n a ll t h e q u e r y t e r m s t h a t y o u h a v e s p e c ifie d . M o d u le 02 P a g e 175 E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s C o p y r ig h t © b y E C -C 0U n C il A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d . E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s Exam 312-50 C e r t i f i e d E t h ic a l H a c k e r q u e ry te rm th a t you F o o t p r in t in g a n d R e c o n n a is s a n c e intitle: It r e s t r ic t s r e s u lt s t o h a v e s p e c ifie d . It w i l l s h o w o n ly th e web pages th a t c o n ta in o n ly w e b s ite s th a t m e n tio n th e th e q u e ry te rm th a t you have used. © Inanchor: It r e s tr ic ts r e s u lts t o p a g e s c o n t a in in g t h e q u e r y t e r m t h a t y o u h a v e s p e c ifie d in t h e a n c h o r t e x t o n lin k s t o t h e p a g e . Q Allinanchor: It r e s t r ic t s re s u lts t o pages c o n ta in in g a ll q u e r y te rm s you s p e c ify in t h e a n c h o r t e x t o n lin k s t o t h e p a g e . M o d u le 02 P a g e 176 E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s C o p y r ig h t © b y E C -C 0U n C il A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d . E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s Exam 312-50 C e r t i f i e d E t h ic a l H a c k e r F o o t p r in t in g a n d R e c o n n a is s a n c e What aHacker can dowith Google Hacking? EH A tta c k e r ga the rs: E rro r A d v is o rie s a n d se rve r messages th a t c o n ta in s e n s itiv e v u ln e ra b ilitie s in fo rm a tio n Pages c o n ta in in g Files c o n ta in in g n e tw o rk o r p a ssw o rd s v u ln e ra b ility d a ta Pages c o n ta in in g lo g o n p o rta ls Copyright © by EG-G(IIIICil. All Rights Reserved. Reproduction is Strictly Prohibited. W — h a t If t h e C a n a H ta rg e t w e b s ite a c k e r D o w is v u l n e r a b l e t o i t h G o o g le G o o g l e H a c k i n g ? h a c k in g , t h e n t h e a tta c k e r ca n fin d th e f o l l o w i n g w i t h t h e h e l p o f q u e r i e s in G o o g l e h a c k i n g d a t a b a s e : Q E rro r m e s s a g e s t h a t c o n ta in s e n s itiv e in fo r m a t io n -י F ile s c o n t a i n i n g p a s s w o r d s Q S e n s itiv e d ir e c to r ie s Q P ages c o n ta in in g lo g o n p o r ta ls Pages c o n ta in in g n e tw o r k o r v u ln e ra b ility d a ta Q M o d u le A d v is o rie s a n d s e rv e r v u ln e ra b ilitie s 02 P a g e 177 E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s C o p y r ig h t © b y E C -C 0U n C il A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d . E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s Exam 312-50 C e r t i f i e d E t h ic a l H a c k e r F o o t p r in t in g a n d R e c o n n a is s a n c e Google Advance Search Operators CEH G o o g le s u p p o r t s s e v e ra l a d v a n c e d o p e r a t o r s t h a t h e lp in m o d ify in g t h e s e a rc h [ c a c h e :] D isp la ys th e w e b pages sto re d in th e G o o g le cache [lin k :] V Lists w e b pages th a t h ave lin ks to th e sp e cifie d w e b page [related :] Lists w e b pages th a t are s im ila r t o a sp e cifie d w e b page [ i n f o :] P re se n ts s o m e in fo rm a tio n th a t G o o g le has a b o u t a p a rtic u la r w e b page [ s i t e :] R estricts th e re su lts to th o se w e b site s in th e g ive n d o m a in [ a l l i n t i t l e :] ׳ i t [ i n t i t l e :] [ a l l i n u r l :] [ i n u r l :] R estricts th e re su lts to th o se w e b site s w ith all o f th e search ke yw o rd s in th e title R estricts th e re su lts to d o cu m e n ts co n ta in in g th e search k e yw o rd in th e t itle R estricts th e re su lts to th o se w ith all o f th e search k e yw o rd s in th e URL R estricts th e re su lts to d o cu m e n ts co n ta in in g th e search k e yw o rd in th e URL Copyright © by EG-GtailCil. All Rights Reserved. Reproduction is Strictly Prohibited. G o o g l e A d v a n c e S e a r c h O p e r a t o r s S o u rc e : h ttp ://w w w .g o o e le g u id e .c o m Cache: T h e C A C H E q u e r y d is p la y s G o o g le 's c a c h e d v e rs io n o f a w e b p a g e , in s te a d o f t h e c u r r e n t v e rs io n o f th e page. Example: cache: w w w .e ff.o rg w ill s h o w G o o g le 's cached v e rs io n o f th e E le c tro n ic F ro n tie r F o u n d a tio n h o m e page. Note: link: D o n o t p u t a s p a ce b e tw e e n c a c h e : a n d th e URL (w e b a d d re s s ). L in k lis ts w e b p a g e s t h a t h a v e lin k s t o t h e s p e c ifie d w e b p a g e . F o r e x a m p le , t o fin d pages t h a t p o in t t o G o o g le G u id e 's h o m e p a g e , e n te r : link: w w w .g o o g le g u id e .c o m N o t e : A c c o r d in g t o G o o g le 's d o c u m e n t a t i o n , " y o u c a n n o t c o m b in e a lin k : s e a rc h w i t h a r e g u la r k e y w o rd s e a rc h ." M o d u le 02 P a g e 178 E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s C o p y r ig h t © b y E C -C 0U n C il A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d . E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s 312-50 C e r t i f i e d Exam E t h ic a l H a c k e r F o o t p r in t in g a n d R e c o n n a is s a n c e A ls o n o te t h a t w h e n y o u c o m b in e lin k : w it h a n o t h e r a d v a n c e d o p e r a t o r , G o o g le m a y n o t r e t u r n a ll t h e p a g e s t h a t m a tc h . T h e f o llo w in g q u e rie s s h o u ld y o u r e m o v e t h e -s ite : t e r m related: re tu rn lo ts o f r e s u lts , as y o u c a n s e e if in e a c h o f t h e s e q u e r i e s . If y o u s t a r t y o u r q u e r y w i t h " r e l a t e d : " , t h e n G o o g le d is p la y s w e b s it e s s im ila r t o t h e s ite m e n t i o n e d in t h e s e a r c h q u e r y . Example: re la te d :w w w . m ic ro s o ft.c o m w ill p ro v id e t h e G o o g le s e a rc h e n g in e r e s u lts p a g e w it h w e b s ite s s im ila r t o m ic ro s o ft.c o m . info: For In fo w ill p re s e n t s o m e in fo r m a tio n th e c o r r e s p o n d in g w e b p a g e . in s ta n c e , G o tH o te l.c o m Note: in fo :g o th o te l.c o m w ill show in fo rm a tio n about th e n a tio n a l h o te l d ire c to ry h o m e page. T h e r e m u s t b e n o s p a c e b e t w e e n t h e in fo : a n d t h e w e b p a g e URL. T h is f u n c t i o n a l i t y c a n a ls o b e o b t a i n e d b y t y p in g t h e w e b p a g e U R L d ir e c t ly in t o a G o o g le s e a rc h box. site: If y o u in c lu d e s ite : in y o u r q u e r y , G o o g l e w ill r e s tric t y o u r s e a rc h re s u lts t o th e s ite or d o m a in y o u s p e c ify . For e x a m p le , School a d m is s io n s s ite :w w w . Is e .a c .u k o f E c o n o m ic s ' s ite and [p e a c e w ill s ite :g o v show a d m is s io n s ] w ill fin d pages in fo rm a tio n about peace fro m w ith in London th e .g o v d o m a in . Y o u c a n s p e c ify a d o m a in w i t h o r w i t h o u t a p e r io d , e .g ., e i t h e r as .g o v o r g o v . N o te : D o n o t in c lu d e a s p a c e b e tw e e n th e " s ite :" a n d th e d o m a in . allintitle: If y o u s t a r t y o u r q u e r y w i t h a l l i n t i t l e : , G o o g l e r e s t r i c t s r e s u l t s t o t h o s e c o n t a i n i n g a ll t h e q u e r y t e r m s y o u s p e c i f y in t h e t i t l e . F or e x a m p le , "d e te c t" and a llin title : d e te c t "p la g ia ris m " in p la g ia ris m th e title . w ill T h is re tu rn o n ly d o c u m e n ts fu n c tio n a lity can a ls o th a t c o n ta in be o b ta in e d th e w o rds th ro u g h th e A d v a n c e d W e b S e a rch p a g e, u n d e r O c c u rre n c e s . intitle: T h e q u e ry in title : te r m in s ta n c e , flu s h o t in title :h e lp r e s tr ic ts re s u lts t o w ill re tu rn d o c u m e n ts d o c u m e n ts th a t c o n ta in in g te rm m e n tio n th e in t h e w o rd title . "h e lp " For in t h e i r t i t l e s , a n d m e n t i o n t h e w o r d s " f l u " a n d " s h o t " a n y w h e r e in t h e d o c u m e n t ( t i t l e o r n o t ) . N o te : T h e re m u s t b e n o s p a ce b e tw e e n th e in title : a n d th e fo llo w in g w o r d . allinurl: I f y o u s t a r t y o u r q u e r y w i t h a l l i n u r l :, G o o g l e r e s t r i c t s r e s u l t s t o t h o s e c o n t a i n i n g a l l t h e q u e r y t e r m s y o u s p e c i f y in t h e U R L . F o r e x a m p le , a llin u rl: g o o g le fa q a n d " f a q " in t h e w ill r e tu r n o n ly d o c u m e n ts th a t c o n ta in th e w o rd s " g o o g le " U R L, s u c h as " w w w . g o o g l e . c o m / h e l p / f a q . h t m l ." T h is f u n c t i o n a l i t y c a n a ls o b e o b ta in e d th r o u g h th e A d v a n c e d W e b S e a rch p a g e, u n d e r O c c u rre n c e s . In URLs, w o rd s a re o fte n run to g e th e r. They need not be run to g e th e r when y o u 'r e u s in g a llin u rl. inurl: I f y o u i n c l u d e i n u r l : in y o u r q u e r y , G o o g l e w i l l r e s t r i c t t h e r e s u lt s t o d o c u m e n t s c o n t a i n i n g t h a t w o r d in t h e U R L . F o r in s ta n c e , w h ic h th e nam ed M o d u le in u rk p rin t s ite :w w w . g o o g le g u id e .c o m URL c o n ta in s th e " p rin t" 02 P a g e 179 on th e w o rd G o o g le " p rin t." G u id e It f in d s w e b s ite . se a rch e s fo r pages PDF file s t h a t a re The q u e ry on in t h e [ in u rk h e a lth y G o o g le G u id e in d ire c to ry o r fo ld e r e a tin g ] w ill re tu rn E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s C o p y r ig h t © b y E C -C 0U n C il A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d . E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s Exam 312-50 C e r t i f i e d E t h ic a l H a c k e r F o o t p r in t in g a n d R e c o n n a is s a n c e d o c u m e n ts th a t m e n tio n th e w o rd s " h e a lth y " in t h e i r URL, a n d m e n tio n th e w o rd "e a tin g " a n y w h e r e in t h e d o c u m e n t . Note: M o d u le T h e re m u s t b e n o s p a c e b e tw e e n th e in u rl: a n d th e f o llo w in g w o r d . 02 P a g e 180 E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s C o p y r ig h t © b y E C -C 0U n C il A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d . E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s Exam 312-50 C e r t i f i e d E t h ic a l H a c k e r F o o t p r in t in g a n d R e c o n n a is s a n c e Finding Resources Using Google Advance Operator f 1z . _״ E! 5 Copyright © by EG-G(ancil. All Rights Reserved. Reproduction is Strictly Prohibited. F i n d i n g R e s o u r c e s u s i n g G o o g l e [ i n t i t l e : in tra n e t B y u s in g t h e G o o g le A d v a n c e O p e r a t o r s y n ta x • f i n t e x t : ״human as w e ll as in fo rm a tio n A d v a n c e O p e r a t o r in u r l : in tra n e t r e s o u r c e s ] ״: th e a tta c k e r ca n fin d p riv a te in fo r m a tio n o f a ta r g e t c o m p a n y s e n s itiv e in fo rm a tio n g a th e re d by th e about a tta c k e rs th e can be e m p lo y e e s used to of th a t p e rfo rm p a rtic u la r s o c ia l com pany. e n g in e e rin g The a tta c k s . G o o g le w ill f ilt e r f o r e x c e s s iv e u s e o f a d v a n c e d s e a rc h o p e r a t o r s a n d w ill d r o p t h e r e q u e s ts w it h th e h e lp o f a n In tru s io n P r e v e n tio n S y s te m . T h e fo llo w in g s c r e e n s h o t s h o w s a G o o g le s e a rc h e n g in e re s u lts p a g e d is p la y in g th e re s u lts o f th e p re v io u s ly m e n tio n e d q u e ry : M o d u le 02 P a g e 181 E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s C o p y r ig h t © b y E C -C 0U n C il A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d . E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s Exam 312-50 C e r t i f i e d E t h ic a l H a c k e r F o o t p r in t in g a n d R e c o n n a is s a n c e ♦You Search Images Mail Documents Calendar Sites Contacts Maps More ־ (inCitke intranet inurt intranet ♦intext 'human resource^ Search About ?3 800 rest*s (0 16 second Web Humaj3LS«Purc»» Human Resource* Intranet > Department of Human Resources 14 Jun 2012-Human Resources — Home > Department of Human Resources > Human Resources Intranet Human Resources Intranet... Images ).taps Videos News intranet*/ 6 Juo 2012 Human Resources 201V12 DeaAnes « 1Facu*y and Human Resources - - *Personnel Specials! assignments by Ur* (OOC)... Shopping 4 ׳H M « •— orgI More Error Cookies are not enabled You must enable cooloes before you can log n Please log in This section 0 1the Human Resources *ebsite IS for UNC Health... Show search tools Intr»n»t Benefits (ot Human Resource Management * - V intranet ben«4ts Vxhumaf1-r»sourc*-mana9♦ 3 Nov 2010 - Tags enterpnse 2 0 •nterpnse colaboration human resources noranel 2 0 intranets social crm Intranet Benefcs for Human Resowce... Human Reiourcet I . . Intranet. »*»«««■♦ • *־du au/ hi Tht Faculty Human Resources Taam aims to work vnth acad*rr»c haads managers and staff to •nsur• that human resources a*«c• and actMties translatt into... __________ Intranet Human Retourcet. intranet personnet/perps him Human Resources Employee Benefts and Resources Ag Leam provides education serwees for —• • contractors.״. > • _ds |*p>dsjd*41 The Human Resources oftce is responsible tor prg.«jrv3vanous support services to all FIGURE 2.28: Search engine show ing results fo r given Google Advance O p e ra to r syntax M o d u le 02 P a g e 182 E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s C o p y r ig h t © b y E C -C 0U n C il A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d . E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s Exam 312-50 C e r t i f i e d E t h ic a l H a c k e r F o o t p r in t in g a n d R e c o n n a is s a n c e Google HackingTool: Google Hacking Database (GHDB) Advisories andVulnerabilrt.es G ( G o o g l e H a c k i n g T o o l : CEH Pages Containing Login Portals G o o g l e H a c k i n g D a t a b a s e H D B ) S o u rce : h ttp ://w w w .h a c k e r s fo r c h a rity .o r g T h e G o o g l e H a c k i n g d a t a b a s e ( G H D B ) is a d a t a b a s e o f q u e r i e s t h a t i d e n t i f y s e n s i t i v e d a t a . G H D B is a n H T M L / J a v a S c r i p t w r a p p e r a p p l i c a t i o n t h a t u s e s a d v a n c e d J a v a S c r i p t t e c h n i q u e s t o s c r a p e in fo rm a tio n fro m J o h n n y 's G o o g le s c rip ts . T h e G o o g le H a c k in g H a c k in g D a ta b a s e w it h o u t th e D a ta b a s e e x p o s e s k n o w n is s u e s w i t h n e e d fo r h o s te d s e rv e r-s id e s o ftw a r e th a t ru n w e b s ite s . T h e r e a re s o m e b u g s t h a t e x p o s e in f o r m a t io n t h a t m ig h t n o t w a r r a n t p u b lic re a d in g . M o d u le 02 P a g e 183 E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s C o p y r ig h t © b y E C -C 0U n C il A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d . E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s E x a m 3 1 2 - 5 0 C e r t if ie d E t h ic a l H a c k e r F o o t p r in t in g a n d R e c o n n a is s a n c e C MW( 0 1 r ■ 6HM • Hadun far Over. • 1 «- I www.rudcersf fChar ty.oro/ק1 >ו 1&,׳ ׳function! ■wmmaryttf. i -19 PAOJCCTC ABOUT U ES2] C 0 10 *v׳whaelcmtocchanty. rg,<;)hdrv׳lunn n־tumm,vy&car 1/ - * YouTttl OHOO - r U c ld i for Charity HACKERSFORCHARITY.ORC onoe C*€>9 s: P1 g « contanng lopr porta* According a. Miaosoft ־M1u o *1ft (R) Outlook (TK) VJ*t! a . ׳res•; * גM*<׳־osofr Ftrturo* Artwe Servar C Application that t>veo you prvitc access to Ttus 1» U1* login pace f<x CokJFuson .*dnrivratcn AlOteualt m»n> »t 1h*M» are uirurM. t C1« s an Irdlcator of a dtfau't into laton and Th■* is default login pa$c for ColdFu»or1. Aimouch many ot tnese are secured, rm is an •ncicatcr of a dsfault installation, and iray bo CHDe - M.«.k*r> F **־Charity 0H 0e S « «״t Ad/tsenes ard ViireraMtties webmn is גhen acrnrn irtar'ace fee Unix Coxes it 5! ־run or גpropriataiy wob co'vor isterirg on th* C«<0J t l>»׳t of 10090. 1t»> 1» 4 typical login page. Itfwi lein tlr become a targa* for SQL injection Comsac's amd* at I» « ., (־Op:/'ww>v.govcrrrrKrvsc<ur1ty.or5/art)Clca/S n»s » a typical login page, itfus ■ecentir bccotn* a j 1acr13/־dnn.10or .a taro■* for SQL injection. Comsoc's artid* at j NJp://wrwYr.goverrm«r«secunty.©rc/artjde!/S . VNC U a fenwte-corwoHed C«l«pp produa. ?004- ־VNC DftdC ’ r<T>*nd1no or rhe contlcuraBon. w rote u « « nay rot bo pr«*4nted •vth 3 pa»wo׳d. Cvor when (H-» וווtart*eonn 2CO*03*•־ XO*- 2C04 0 צ-; 2 2004 Tic E»t ׳l־rpi<t Pioductort contain} multiple vulnerabltes. Afucn cojM eoioited to alk>!v an Gf p-odjctrart a«3ccar to cceai u««r cr«d«ntjak or mount other atta Accorcare tol rmSoSaareh f»ttp^7*'«v׳.MCurtvfofuc.cofr\lb1d/0667. carsin v-aHeratilC• rerjior® n»1CoJe»C1 contan a buffer ov«ftov% vuln*r3Mlfy wfticti allow an XttrkM to Advanced Guestbook has an SQl r)e<־nor rWKjutMtwok which al 0*5 unauthomod acces*. 'jrvarrec guacfeook >oblem Aaadurfiotn thee, hit Aa!rw1 ־trw 00 01e 2.2 pen* following VP•ASP (Virtual PrograTTtirg ASP) has won v* a sp 3rwpe*n<1 cart awarih both in US anti France. is now m um \כ ct v7.7 Vte ' j t i CHWPtltifWt.■. ־ TH» 11 the (root page entry point to X e C < C . [_ "Miuo 71k" . I m sis the loan page for MtcrosoTs Renote Deslax? W«b Connection, which a'low! rometo usart to ׳ | connect to (and optionally corttol) aum> inul.r *o f׳an «3a1/Je fatltflogin asp ' •nttteftqjo ITwm! aie Otiw Metafieiit* login ptxt^s. AtUKhws ran iica (txxo tn prr.fl• a s1*e and ran 1*e near!)re setup! of thi* application to acce*• the »t» < FIGURE 2.29: Screenshots showing Advisories and Vulnerabilities & pages containing login portals M o d u le 0 2 P a g e 1 8 4 E t h i c a l H a c k i n g a n d C o u n t e r m e a s u r e s C o p y r i g h t © b y E C - C 0 l1 n C il A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d . E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s E x a m 3 1 2 - 5 0 C e r t if ie d E t h ic a l H a c k e r F o o t p r in t in g a n d R e c o n n a is s a n c e Google Hacking Tools CEH MetaGoofil http://www.edge-security,com Goolink Scanner http://www.ghacks.net SiteDigger SearchDiggity & http://www.mcafee.com http://www.stachliu. com ?& Google Hacks http://code.google.com Google HACK DB http://www.5ecpoint.com BiLE Suite Gooscan http://www.sensepost.com http://www.darknet.org. uk Copyright © by EG-G(HIICil. All Rights Reserved. Reproduction is Strictly Prohibited. G o o g l e B e s id e s th e H a c k i n g G o o g le T o o l s H a c k in g D a ta b a s e (G H D B ) to o l fe a tu re d s o m e o t h e r to o ls t h a t ca n h e lp y o u w it h G o o g le h a c k in g . T h e r e a re a f e w to o ls m e n tio n e d v u ln e ra b ilitie s , as e rro r fo llo w s . U s in g m essage th e s e to o ls , in fo rm a tio n th a t a tta c k e rs m ay can p re v io u s ly , th e re a re m o r e G o o g le h a c k in g g a th e r a d v is o rie s reveal a tta c k p a th s , fo r e x tra c tin g and s e n s itiv e s e rve r file s , d ir e c to r ie s , lo g o n p o rta ls , e tc . ג M e t a g o o f il S o u rce : h ttp ://w w w .e d g e -s e c u r itv .c o m M e ta g o o fil is an in fo rm a tio n -g a th e rin g to o l d e s ig n e d m e ta d a ta of p u b lic d o c u m e n t s ( p d f , d o c , x ls , p p t , d o c x , p p t x , x ls x ) b e l o n g i n g t o a t a r g e t c o m p a n y . M e t a g o o f i l p e r f o r m s a s e a r c h in G o o g l e t o i d e n t i f y a n d d o w n l o a d t h e d o c u m e n t s t o a lo c a l d is k a n d t h e n e x tra c ts t h e m e ta d a ta w it h d if f e r e n t lib ra rie s s u c h as H a c h o ir, P d fM in e r ? , a n d o th e r s . W ith th e re s u lts , it g e n e ra te s a re p o rt w ith u s e rn a m e s , s o ftw a re v e rs io n s , and s e rve rs or m a c h i n e n a m e s t h a t m a y h e l p p e n e t r a t i o n t e s t e r s in t h e i n f o r m a t i o n g a t h e r i n g p h a s e . G o o lin k M o d u le 0 2 P a g e 1 8 5 S c a n n e r E t h i c a l H a c k i n g a n d C o u n t e r m e a s u r e s C o p y r i g h t © b y E C - C 0 U n C il A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d . E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s E x a m 3 1 2 - 5 0 C e r t if ie d E t h ic a l H a c k e r F o o t p r in t in g a n d R e c o n n a is s a n c e S o u rce : h ttp ://w w w .g h a c k s .n e t The G o o lin k v u ln e ra b le Scanner re m o v e s s ite 's lin k s . T h u s , th e cache it a llo w s fro m you to your fin d s e a rc h e s , a n d v u ln e ra b le c o lle c ts s ite s w id e and open d is p la y s o n ly G o o g le and to g o o g le b o ts . ^ י־ S ite D ig g e r S o u rce : h ttp ://w w w .m c a fe e .c o m S ite D ig g e r se a rch e s G o o g le 's cache to lo o k fo r v u ln e ra b ilitie s , e rro rs , c o n fig u ra tio n is s u e s , p r o p r ie ta r y in fo r m a tio n , a n d in te r e s tin g s e c u rity n u g g e ts o n w e b s ite s . G o o g le H a c k s £ * 4) S o u rce : h ttp ://c o d e .g o o g le .c o m G o o g le Hacks is a fu n c tio n a lity fro m c o m p ila tio n of c a re fu lly G o o g le 's s e a rc h a n d c ra fte d G o o g le se a rch e s m a p s e rv ic e s . It a llo w s y o u t o th a t v ie w s e a rc h re s u lts , v ie w a m a p , s e a rc h f o r m u s ic , s e a rc h f o r b o o k s , a n d p e r f o r m expose a tim e lin e novel of your m a n y o t h e r s p e c ific k in d s o f s e a rc h e s . \ \ B iL E S u ite S o u rce : h ttp ://w w w .s e n s e p o s t.c o m B iL E s t a n d s f o r B i - d i r e c t i o n a l L i n k E x t r a c t o r . T h e B iL E s u i t e i n c l u d e s a c o u p l e o f P e r l s c r i p t s u s e d in e n u m e r a t i o n p r o c e s s e s . E a c h P e r l s c r i p t h a s i t s o w n f u n c t i o n a l i t y . B i L E . p l is t h e f i r s t t o o l o r P e r l s c r i p t in t h e and fro m c o l l e c t i o n . B iL E l e a n s o n t h e t a r g e t s ite , a n d th e n G o o g le a n d a p p lie s a s im p le H T T ra ck to a u to m a te th e s ta tis tic a l w e ig h in g c o lle c tio n s to a lg o rith m to deduce w h ic h w e b s it e s h a v e t h e s t r o n g e s t r e la t io n s h ip s w i t h t h e t a r g e t s ite . G o o g le H a c k H o n e y p o t S o u rce : h ttp ://g h h .s o u rc e fo rg e .n e t G o o g le H a c k H o n e y p o t is t h e re a c tio n to a new ty p e o f m a lic io u s w e b tr a ffic : se a rc h e n g in e h a c k e r s . I t is d e s i g n e d t o p r o v i d e r e c o n n a i s s a n c e a g a i n s t a t t a c k e r s t h a t u s e s e a r c h e n g i n e s a s a h a c k in g to o l a g a in s t your reso u rce s. GHH im p le m e n ts th e honeypot th e o ry to p ro v id e a d d itio n a l s e c u rity t o y o u r w e b p re s e n c e . G M a p C a t c h e r & S o u rce : h ttp ://c o d e .g o o g le .c o m G M a p C a tc h e r is an o fflin e m aps v ie w e r. It d is p la y s m aps fro m m any p ro v id e rs such as: C l o u d M a d e , O p e n S t r e e t M a p , Y a h o o M a p s , B i n g M a p s , N o k i a M a p s , a n d S k y V e c t o r . m a p s . p y is a GUI p ro g ra m used to b ro w s e G o o g le m ap. W ith th e o fflin e to g g le b u tto n unchecked, it c a n d o w n lo a d G o o g le m a p tile s a u t o m a t ic a lly . O n c e t h e file d o w n lo a d s , it re s id e s o n y o u r h a r d d is k . T h u s , y o u d o n 't n e e d t o d o w n l o a d it a g a in . M o d u le 0 2 P a g e 1 8 6 E t h i c a l H a c k i n g a n d C o u n t e r m e a s u r e s C o p y r i g h t © b y E C - C 0 U n C il A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d . E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s E x a m 3 1 2 - 5 0 C e r t if ie d E t h ic a l H a c k e r F o o t p r in t in g a n d R e c o n n a is s a n c e S e a r c h D ig g it y a - נ S o u rce : h ttp ://w w w .s ta c h liu .c o m S e a r c h D i g g i t y is t h e p r i m a r y a t t a c k t o o l o f t h e G o o g l e H a c k i n g D i g g i t y P r o j e c t . I t is S t a c h & L i u ' s M S W in d o w s G U I a p p lic a tio n t h a t s e rv e s as a fr o n t - e n d t o th e to o ls such D L P D ig g ity , as G o o g le D ig g ity , M a lw a re D ig g ity , B in g D ig g ity , B in g P o rtS c a n D ig g ity , m o s t r e c e n t v e rs io n s o f D ig g ity L in k F ro m D o m a in D ig g ity , S H O D A N D ig g ity , C o d e S e a rc h D ig g ity , B in g B in a ry M a lw a re S e a rc h , and N o tln M y B a c k Y a r d D ig g ity . G o o g le H A C K D B PHP S o u rce : h ttp ://w w w .s e c p o in t.c o m T h e a t t a c k e r c a n a ls o u s e t h e S e c P o in t G o o g le H A C K D B t o o l t o d e t e r m i n e s e n s it iv e i n f o r m a t i o n fro m t h e t a r g e t s ite . T h is t o o l h e lp s a n a t t a c k e r t o e x t r a c t file s c o n t a i n i n g p a s s w o r d s , d a t a b a s e file s , c le a r t e x t file s , c u s t o m e r d a ta b a s e file s , e tc . G o o s c a n S o u rce : h ttp ://w w w .d a r k n e t.o r g .u k G o o s c a n is a t o o l t h a t a u t o m a t e s q u e r i e s a g a i n s t G o o g l e s e a r c h a p p l i a n c e s . T h e s e q u e r i e s a r e d e s ig n e d t o fin d p o te n tia l v u ln e ra b ilitie s o n w e b p a g es. M o d u le 0 2 P a g e 1 8 7 E t h i c a l H a c k i n g a n d C o u n t e r m e a s u r e s C o p y r i g h t © b y E C - C 0 U n C il A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d . E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s E x a m 3 1 2 - 5 0 C e r t if ie d E t h ic a l H a c k e r F o o t p r in t in g a n d R e c o n n a is s a n c e F o o t p r in t in g M e t h o d o lo g y C E H Footprinting through Search Engines WHOIS Footprinting Website Footprinting DNS Footprinting Email Footprinting Network Footprinting Competitive Intelligence Footprinting through Social Engineering Footprinting using Google Footprinting through Social Networking Sites Copyright © by EG-G(IIIICil. All Rights Reserved. Reproduction is Strictly Prohibited. F o o t p r i n t i n g G a th e rin g o rg a n iz a tio n is M e t h o d o l o g y n e tw o rk -re la te d v e ry im p o r ta n t in fo rm a tio n when such h a c k in g a p e rfo rm a w h o is as s y s te m . w h o is So, in fo rm a tio n now we w ill of th e ta rg e t d is c u s s w h o is fo o tp rin tin g . W h o is fo o tp rin tin g fo c u s e s on how to lo o k u p , a n a ly z in g th e w h o is lo o k u p re s u lts , a n d t h e to o ls t o g a th e r w h o is in f o r m a t io n . M o d u le 0 2 P a g e 1 8 8 E t h i c a l H a c k i n g a n d C o u n t e r m e a s u r e s C o p y r i g h t © b y E C - C 0 U n C il A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d . E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s E x a m 3 1 2 - 5 0 C e r t if ie d E t h ic a l H a c k e r F o o t p r in t in g a n d R e c o n n a is s a n c e WHOIS Lookup CEH Urtifi•! Ittiul lUckw W HOIS databases are maintained by Regional In te rn e t Registries and contain the personal inform ation o f dom ain owners WHOIS q u e ry re tu rn s: e e Regional In te rn e t R e g istries (RIRs) In fo rm a tio n o b ta in e d f r o m W H O IS d a t a b a s e a s s i s t s a n a t t a c k e r to : Domain name details Contact details of domain « ow ner Create detailed map of A a f r i R T N organizational network Domain name servers 9 tt NetRange a Gather personal information £ )APNIC that assists to perform social W hen a domain has been engineering created e 6 Expiry records RIPE Gather other internal network details, etc. 6 j Records last updated Copyright © by EG-G*ancil. All Rights Reserved. Reproduction is Strictly Prohibited. W H O I S L o o k u p W H O I S is a q u e r y a n d r e s p o n s e p r o t o c o l u s e d f o r q u e r y i n g d a t a b a s e s t h a t s t o r e s t h e re g is te re d b lo c k , or u s e rs o r a s s ig n e e s o f a n an R e g is trie s a n d a u to n o m o u s c o n ta in th e s y s te m . In te rn e t re so u rce , such as a d o m a in W H O IS m a in ta in e d p e rs o n a l in fo rm a tio n c a lle d a L O O K U P t a b l e t h a t c o n t a i n s a ll t h e d o m a in , and h o s t. Anyone d a ta b a s e s can connect o f d o m a in in fo rm a tio n and a re q u e ry to o w n e rs . s e rv e r to IP a d d r e s s R e g io n a l In te rn e t They m a in ta in a re co rd a s s o c ia te d w it h th is n a m e , an by a p a rtic u la r n e tw o rk , get in fo rm a tio n about p a r tic u la r n e tw o r k s , d o m a in s , a n d h o s ts . A n a tta c k e r can se n d a q u e ry to th e a p p ro p ria te W H O IS s e rv e r to o b ta in th e in fo rm a tio n a b o u t th e ta rg e t d o m a in name, c o n ta c t d e ta ils of its o w n e r, e x p iry d a te , c re a tio n d a te , e tc . T h e W H O IS s e v e r w ill re s p o n d t o th e q u e r y w it h re s p e c tiv e in f o r m a t io n . T h e n , th e a tta c k e r c a n use th is in fo r m a tio n to c re a te a m a p o f th e o rg a n iz a tio n n e t w o r k , t r i c k d o m a i n o w n e r s w i t h s o c ia l e n g in e e r in g o n c e h e o r s h e g e ts c o n ta c t d e ta ils , a n d t h e n g e t in t e r n a l d e ta ils o f t h e n e t w o r k . M o d u le 0 2 P a g e 1 8 9 E t h i c a l H a c k i n g a n d C o u n t e r m e a s u r e s C o p y r i g h t © b y E C - C 0 U n C il A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d . E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s E x a m 3 1 2 - 5 0 C e r t if ie d E t h ic a l H a c k e r F o o t p r in t in g a n d R e c o n n a is s a n c e WHOISLookup Result Analysis c EH (citifwd Whois Record 1 Stata My Who. Domain Dossier ItkKal Math•■ investigate domain3 and IP addresses domain or IP address [juggyboy.com Doxain JLdmr.13tratcr M icrosoft C orporation One M icrosoft Way Rsrinorei Hr. 93052 cs dom ain s@ r1lcroson.c1 0 domain whois record network whois record gncitymous [ +1.4250826060 Fex; +1.4259267229 0 DNS records □ traceroute □ service scan J U 30] log in | acccun Bonaia Kane: nicrosoft.com A d d r e s s lo o k u p Ee313*rar Sane: Marl3cnicor.com R e g istra r W10L3: w tiols.narttxm lcor.con R e g istra r Kcnepage: h ttp://vw V .r13rircnL tcr.rcn canonical name j 1»00vhny.com. aliases & dnir.13trative Contact: Dorain Adxilnlstracor M icrosoft C orporation One M icrosoft Kay Reancna WA 9BOS2 US d0rwa1n8fimicro9Qft.com +1.42S8828080 fcax: 4L.42S9367329 addresses t —• D o m a in W h o is r e c o r d Queried wt10ivintt>rni<:.nt>t with "doi 1 juggyboy.c Doaaia Noses JUGGYBOY.COM TecJxicol Contact. Zone Contact: msm H09tn«9t#r M icrosoft C orporation on• M icrosoft way Rectaond WA 98052 US m3nnstQmittoSOfl.com *1.1258828080 rax: 11. 12S93€"32S R e gistrar: NETWORK 30UJTI0W3, LLC. *h: -.1 server: vnois .Retwor*solutions. cox R etercel URL: ftttp://w *.netw rfc501ut10ns.ccr,/enJJS/ N’a!a# 3*rv*r: &S19.WCRLOHTC.COM NAM S *rv»r: M520.WCBLON1C.COM s u c u a : c iic n tir a n s r e rP r o n i& ite d O pdated D ate: 03-feb-2009 C re a tio n D ata: 16-^ul-2003 E x p ir a tio n D a te : : - ר 6012014 c re a te d on........................... : 1991-05-01. Expires on............................: 2021-03-02. Record l a s t upaatea o n ..: 2011-03-14. » > l a s t update o f who la d a ta b a s e : Thu, 19 J a l 2012 0 4 9 : 3 6 : לOTC 4 Q uened wt10is.netw ork50lu tions.cnm with juggyboy.com ... Donaia se rv e rs in l i s t e d order: R egistrant: ns3.1Ksrt.net n 3 4 .a s ft .a c t «M«RMNK r .s l.tt3 rt.n e t as 3 act m mm 03 r t h ttp ://w h o is .d o m a in to o ls .c o m h ttp ://c e n tralops. ne t/co Copyright © by EG-G*ancil. All Rights Reserved. Reproduction is Strictly Prohibited. W H O A I S w h o is L o o k u p lo o k u p R e s u l t can h ttp ://w h o is .d o m a in to o ls .c o m be to p e rfo rm d o m a in to o ls .c o m w w h o is s e rv ic e p e rfo rm e d W h o is s e rv ic e s such as lo o k u p p ro v id e s by w h o is m e n t io n e d W h o is s e rv ic e s . B o th th e s e s e rv ic e s a llo w e n te rin g th e in fo rm a tio n a d m in is tra tiv e c o n ta c t in fo rm a tio n , c re a te d D o m a in u s in g o r h t t p : / / c e n t r a l o p s . n e t / c o . H e re y o u c a n s e e t h e r e s u lt a n a ly s is o f a W h o is lo o k u p o b ta in e d w ith th e t w o you A n a l y s i s ta rg e t's such as d o m a in re g is tra n t or IP a d d re s s. in fo rm a tio n , a n d e x p ir y d a t e , a lis t o f d o m a i n The e m a il, s e rv e rs , e tc . T h e D o s s ie r a v a ila b le a t h t t p : / / c e n t r a l o p s . n e t / c o / g iv e s t h e a d d re s s lo o k u p , d o m a in W h o is re c o rd , n e tw o r k w h o is re c o rd , a n d D N S re c o rd s in fo r m a tio n . M o d u le 0 2 P a g e 1 9 0 E t h i c a l H a c k i n g a n d C o u n t e r m e a s u r e s C o p y r i g h t © b y E C - C 0 U n C il A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d . E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s E x a m 3 1 2 - 5 0 C e r t if ie d E t h ic a l H a c k e r F o o t p r in t in g a n d R e c o n n a is s a n c e WhimRecord SiteProfile Registration Server Stats MyWhois R e g is tra n t: Domain A d m i n i s t r a t o r M i c r o s o f t C o r p o r a ti o n One M i c r o s o f t Way Reds-ond WA 98052 US d p n a in sc X m c ro so flc o m + 1 .4 2 5 8 8 2 8 0 8 0 F ax : + 1 .4 2 5 9 3 6 3 2 9 ל Dom ain D ossier | I n v e s t i g a t e d o m a in s a n d I P a d d r e s s e s dom ain or !P a d d re s s ]ug9yCoy.com domain whois record 0 DNS records □ traceroute 2 • ׳9° J user anonymous [ balance: 47 units 30] PfJ11tr.fi lo f in | a cco un t info ,!,Lit D o z a m tta x e : n i c r o 3 0 f t .c 0 m R e g i s t r a r M ane: M a rte n o n ito r.c o m R e g i s t r a r W hois: w h o is . !n a rlato n i t o r . c a n R e g i s t r a r H o n e p ag e: h ttp ://w w w .m a rJ a n c n t o r . c o t 1 1 A d s r i n i s t r a t i v e C o n ta c t : Domain A d n l n l s t r a t o r Address lookup canonical name juooyboy.com. aliases a d d re s s e s 6 Microsoft Corporation One M i c r o s o f t Way Redmond WA 98052 US d ornains@ m cf soft.com + 1 .4 2 5 8 8 2 8 0 8 0 F ax : 4-1.4 2 5 9 3 6 3 2 9 ל 10 T e c h n i c a l C o n ta c t , Zone C o n ta c t : MSN H o s tm a s te r M i c r o s o f t C o r p o r a ti o n One M i c r o s o f t Way Redirond KA 98052 US n snf s t@ m itro so flc o m ♦1*4258828080 F ax: + 1 .4 2 5 9 3 6 7 3 2 9 1 1 C re a te d o n : 1 9 9 1 -0 5 - 0 1 . E x p ire s o n 2 0 2 1 -0 5 - 0 2 . R e c o rd l a s t u p d a te d o n . . : 2 0 1 1 -0 8 - 1 4 . 1 D o m a in W h o is r e c o r d Q u e rie d w h o i s .in te r n ic .n e t w ith "dom ju g g y b o y .c o m ״... D cxein Name: JUGGYBOY.COM R e g i s t r a r : NETWORK SOLUTIONS, LLC. ¥ h o i s S e r v e r : w h o is .n e t v f o r lf s o lu t i o n s .c o j n R e fe r r a l URL: h ttp ://w vfw .n etw orJc3clu tion3.co1r/en US/ Vane S e rv e r: HS19.WORLDNIC.COM Nase S e r v e r : HS20.WORLDNIC.COM S ta t u s : c l i c n t T r a n s f e r F r o h i b i t e d U pdated D a te : 0 3 -fe b -2 0 0 9 C r e a tio n D a te : 1 6 - ) u l- 2 0 0 2 E x p i r a ti o n D a te : 16- j ׳j 1-2014 » > L ast update o f w hois d a ta b a se : Thu, 19 Ju l 2012 0 7 :4 9 :3 6 UTC < « Q u e ried w h o ib .n e tw o r k b o lu tio n b .c o iii w ith " ju g g y b o y x o iH ״... Domain s e r v e r s i n l i s t e d o r d e r : R e g is tra n t: n s 5 .n s f t.n e t n s 4 .n s f t.n e t n s l.n s ft.n e t n s 3 .n s f t.n e t n s 2 .n s ft.n e t h t t p ://w h o is .d o m a in to o ls .c o m h tt p ://c e n tr a lo p s .n e t/c o FIGURE 2 .3 0 : W h o is se rvice s s c re e n s h o ts M o d u le 0 2 P a g e 1 9 1 E t h i c a l H a c k i n g a n d C o u n t e r m e a s u r e s C o p y r i g h t © b y E C - C 0 U n C il A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d . E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s E x a m 3 1 2 - 5 0 C e r t if ie d E t h ic a l H a c k e r F o o t p r in t in g a n d R e c o n n a is s a n c e WHOISLookupTool: SmartWhois CEH Urtffi•* IthKjl lUckM Sm artW hois - Evaluation V ersion F ie Query Edit Y!r/» Settings Help 2? • b j c r a iji P. host or dcmarc J m!cr050ft.c< 14 miacsoft.com ^ mcney.de »E53 tt Free SAS i ProXad 8, rue de la ville l"Evcque 75006 Paris phone -33 1 73 50 20 00 fax *■33 1 73 50 25 01 hQstmastcfCPptoxad.nct (3 free SAS i ProXad rue de 14 ville l"Evec|ue 75006 P«ri» phone-33 173 50 20 00 fax: *33 1 73 502501 r.ojtmcitcri’cfo.od.nct ( | frMml-g20.frM.fi [212.27.60.19] ( ® J ''*•ns2-q2C.frM.fr [21227 60.20] IJ c" uUpdated: pr*at*d 29/12/2006 17/02/2004 Source: whois.nic.fr Completed at 19-07-2012 12:4*01 PM Processing םme 1.6$ seconds V1r«VM>Liter http://www.tamos,com Copyright © by EG-G*ancil. All Rights Reserved. Reproduction is Strictly Prohibited. B C W H O I S L o o k u p T o o l : S m a r t W h o i s S o u rce : h ttp ://w w w .ta r n o s .c o m S m a r t W h o i s is a u s e f u l n e t w o r k i n f o r m a t i o n in fo rm a tio n a b o u t an u tility t h a t a llo w s y o u t o IP a d d r e s s , h o s t n a m e , o r d o m a i n , i n c l u d i n g l o o k u p a ll t h e a v a ila b le c o u n try , s ta te o r p ro v in c e , c ity , n a m e o f t h e n e t w o r k p r o v i d e r , a d m i n i s t r a t o r , a n d t e c h n i c a l s u p p o r t c o n t a c t i n f o r m a t i o n . It a ls o a s s is ts y o u in f i n d i n g t h e o w n e r o f t h e d o m a i n , t h e o w n e r ' s c o n t a c t i n f o r m a t i o n , t h e o w n e r o f t h e IP a d d r e s s b l o c k , r e g i s t e r e d d a t e o f t h e d o m a i n , e t c . M o d u le 0 2 P a g e 1 9 2 E t h i c a l H a c k i n g a n d C o u n t e r m e a s u r e s C o p y r i g h t © b y E C - C 0 U n C il A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d . E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s E x a m 3 1 2 - 5 0 C e r t if ie d E t h ic a l H a c k e r F o o t p r in t in g a n d R e c o n n a is s a n c e Sm aitW hois ־Evaluation Version F ile Q u e ry E d it V ie w IP, h o s t o r d o m a in : Q S e ttin g s H e lp V m ic r o s o f t c o m ־׳£> Q u e r y » m a t m ic r o s o ft .c o m m o n e y .d e Qnjgjfcfr 8 8.19 0 2S 4.12 Free S A S / P r o X a d I 8, ru e d e la v ille I 'E v e q u c 75008 P a ris p h o n e : ♦33 1 73 50 20 00 fax: ♦33 1 7 3 5 0 2 5 01 h o s t m a s t e r g p fQ x id .n e t Free S A S / P r o X a d I 8. ru e d e la v ille l" F v e q u e 75008 P a ris phene ♦ 33 173 50 20 00 fax: ♦33 173 5025 01 freensl-g20iree.fr (212.27.60.19] 1freens2-g20iree.fr[212.27.60.20] Google Page Rank: 7 1Alexa Traffic Rank: 11,330 Created: 29/12/2008 Updated: 17/02/2004 Source: whois.nicir Completed at 19*07-2012 12:44:01 PM Processing time: 1.63 seconds Vievy s o u r c e FIGURE 2.31: SmartWhois screenshot M o d u le 0 2 P a g e 1 9 3 E t h i c a l H a c k i n g a n d C o u n t e r m e a s u r e s C o p y r i g h t © b y E C - C 0 U n C il A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d . E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s E x a m 3 1 2 - 5 0 C e r t if ie d E t h ic a l H a c k e r F o o t p r in t in g a n d R e c o n n a is s a n c e W H O IS O n lin e T o o ls SmartWhois Whois http://smartwhois.com http://tools.whois.net ה־ז n L o o k u p Better Whois 1 1 DNSstuff % http://www. betterwhois. com C E H http://www.dnsstuff, com m im r ־ = ■ ־ Whois Source m Network Solutions Whois S' p y y http://www.whois.sc Web Wiz WebToolHub § fc ] http://www.webwiz.co. uk/domain־ tools/whois-lookup.htm http://www.webtooll 1•whois-lookup. aspx http://www.networksolutions.com Network-Tools.com Ultra Tools http://network-tools.com https://www.ultratools.com/whois/home Copyright © by EG-G*ancil. All Rights Reserved. Reproduction is Strictly Prohibited. W H O I S S im ila r t o L o o k u p T o o l s S m a rtW h o is , th e r e a re n u m e r o u s to o ls a v a ila b le in t h e m a rk e t to r e trie v e W h o is in fo rm a tio n . A f e w a re m e n tio n e d as fo llo w s : p p C o u n t r y W h o is ----------S o u r c e : h t t p : / / w w w . t a m o s . c o m C o u n t r y W h o i s is a u t i l i t y f o r i d e n t i f y i n g t h e g e o g r a p h i c l o c a t i o n o f a n I P a d d r e s s . C o u n t r y W h o i s can be used to a n a ly z e s e r v e r lo g s , c h e c k e m a i l a d d r e s s h e a de rs, id e n tify o n lin e c r e d it ca rd f r a u d , o r in a n y o t h e r i n s t a n c e w h e r e y o u n e e d t o q u i c k l y a n d a c c u r a t e l y d e t e r m i n e t h e c o u n t r y o f o r i g i n b y IP a d d r e s s . L a n W h o is S o u rce : h ttp ://la n tric k s .c o m L a n W h o ls p ro v id e s h e lp s d e te rm in e you re g is te re d , a n d th e in fo rm a tio n who, a b o u t d o m a in s w h e re , in fo rm a tio n y o u r s e a r c h r e s u l t in t h e f o r m and when and th e a d d re s s e s o n d o m a in or s ite th e you I n t e r n e t . T h is a re p ro g ra m in te re s te d in was a b o u t t h o s e w h o s u p p o r t it n o w . T h is t o o l a llo w s y o u t o s a v e o f an a rc h iv e t o v ie w it la te r. Y o u c a n p r in t a n d s a v e t h e s e a rc h r e s u l t in H T M L f o r m a t . M o d u le 0 2 P a g e 1 9 4 E t h i c a l H a c k i n g a n d C o u n t e r m e a s u r e s C o p y r i g h t © b y E C - C 0 U n C il A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d . E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s E x a m 3 1 2 - 5 0 C e r t if ie d E t h ic a l H a c k e r F o o t p r in t in g a n d R e c o n n a is s a n c e P t ■j i^ t B a tc h I P C o n v e r t e r * S o u rce : h ttp ://w w w .n e tw o r k m o s t.c o m B a tc h IP C o n v e r t e r is a n e tw o rk to o l to w o rk w ith IP a d d r e s s e s . It c o m b i n e s C o n v e r t e r , B a tc h P in g , T r a c e r t , W h o i s , W e b s i t e S c a n n e r , a n d C o n n e c t i o n in te rfa c e as w e ll as a n I P - t o - C o u n t r y C o n v e r t e r . It a llo w s y o u to D o m a in -to -IP M o n i t o r in t o a s in g le lo o k u p th e IP a d d r e s s f o r a s in g le o r lis t o f d o m a in n a m e s a n d v ic e v e rs a . I r 1־ C a lle r I P S o u rce : h ttp ://w w w .c a lle r ip p ro .c o m C a lle rIP is b a s i c a l l y IP a n d c o n n e c tio n m ade a d d re s se s o n th e to p o rt m o n ito rin g y o u r c o m p u te r. w o rld m ap. The s o ftw a re t h a t d is p la y s t h e It a ls o a llo w s y o u W h o is re p o rtin g to fin d fe a tu re th e in c o m in g o rig in p ro v id e s key and o u tg o in g o f a ll c o n n e c t i n g IP in fo rm a tio n such as fo r one or w h o a n IP is r e g i s t e r e d t o a l o n g w i t h c o n t a c t e m a i l a d d r e s s e s a n d p h o n e n u m b e r s . ® 1— ׳ W h o ls L o o k u p M u l t i p l e A d d r e s s e s S o u rce : h ttp ://w w w .s o b o ls o ft.c o m T h is s o f t w a r e o ffe rs a s o lu tio n U se rs can fo r u se rs w h o s im p ly e n te r w a n t to lo o k o w n e rs h ip m ore IP a d d r e s s e s . o p t io n s f o r lo o k u p s ite s : w h o is . d o m a in t o o ls . c o m , w h o is - s e a r c h . c o m , a n d w h o is . a r in . n e t . r e s u lt in g lis t s h o w s t h e b e tw e e n lo o k u p s , t o o r lo a d a v o id th e m fro m d e ta ils th re e T h e u s e r ca n s e t a d e la y p e rio d IP a d d r e s s e s up lo c k o u ts f r o m a file . T h e r e a re th e s e w e b s ite s . T h e IP a d d r e s s e s a n d d e t a i l s o f e a c h . I t a l s o a l l o w s y o u t o s a v e r e s u l t s t o a t e x t file . W h o ls A n a ly z e r P r o S o u rce : h ttp ://w w w .w h o is a n a lv z e r .c o m T h is t o o l a llo w s y o u t o a c c e s s in f o r m a t io n a b o u t a r e g is t e r e d d o m a in w o r l d w i d e ; y o u c a n v ie w th e d o m a in fin d in g th e o w n e r n a m e , d o m a in lo c a tio n n a m e , a n d c o n ta c t d e ta ils o f d o m a in o f a s p e c ific d o m a in . Y o u can s im u lt a n e o u s ly . T h is t o o l g iv e s y o u t h e a b ilit y t o o w n e r . It a ls o h e l p s in a ls o s u b m i t m u l t i p l e p rin t o r save th e q u e rie s w it h th is to o l r e s u lt o f t h e q u e r y in H T M L fo rm a t. H o tW h o is S o u rce : h ttp ://w w w .tia ls o ft.c o m H o tW h o is c ity , is a n a d d re s s, m e c h a n is m IP t r a c k i n g t o o l t h a t c a n c o n ta c t phone n u m b e rs, re v e a l v a lu a b le and e m a il in fo rm a tio n , such a d d re s se s of an IP r e s o r t s t o a v a r i e t y o f R e g io n a l I n t e r n e t R e g is trie s , t o o b t a i n a b o u t IP a d d r e s s . W i t h as c o u n tr y , s ta te , p ro v id e r. The q u e ry IP W h o i s i n f o r m a t i o n H o tW h o is y o u c a n m a k e w h o is q u e rie s e v e n if t h e re g is tra r, s u p p o r tin g a p a rtic u la r d o m a in , d o e s n 't h a v e th e w h o is s e rv e r its e lf. M o d u le 0 2 P a g e 1 9 5 E t h i c a l H a c k i n g a n d C o u n t e r m e a s u r e s C o p y r i g h t © b y E C - C 0 U n C il A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d . E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s E x a m 3 1 2 - 5 0 C e r t if ie d E t h ic a l H a c k e r F o o t p r in t in g a n d R e c o n n a is s a n c e W h o is 2 0 1 0 P r o S o u rce : h ttp ://la p s h in s .c o m W h o i s 2 0 1 0 P R O is n e t w o r k i n f o r m a t i o n s o f tw a r e th a t a llo w s y o u to l o o k u p a ll t h e a v a ila b le in f o r m a t io n a b o u t a d o m a in n a m e , in c lu d in g c o u n tr y , s ta te o r p r o v in c e , c ity , a d m in is t r a t o r , a n d te c h n ic a l s u p p o r t c o n ta c t in fo rm a tio n . (W ) A c t iv e W h o is S o u rce : h ttp ://w w w .jo h n r u .c o m A c t i v e W h o i s is a n e t w o r k t o o l t o f i n d i n f o r m a t i o n a b o u t t h e o w n e r s o f IP a d d r e s s e s o r I n t e r n e t d o m a in s . Y o u ca n d e te r m in e th e c o u n tr y , p e rs o n a l a n d p o s ta l a d d re s s e s o f th e o w n e r, a n d /o r u s e r s o f IP a d d r e s s e s a n d d o m a i n s . W h o is T h is D o m a in S o u rce : h ttp ://w w w .n ir s o ft.n e t W h o is T h is D o m a in a b o u t a re g is te re d is a d o m a i n r e g is tra tio n lo o k u p u tility th a t d o m a i n . It a u t o m a t i c a l l y c o n n e c t s t o t h e a llo w s you to get in fo rm a tio n rig h t W H O IS s e rv e r a n d re trie v e s t h e W H O I S r e c o r d o f t h e d o m a i n . It s u p p o r t s b o t h g e n e r ic d o m a i n s a n d c o u n t r y c o d e d o m a in s . M o d u le 0 2 P a g e 1 9 6 E t h i c a l H a c k i n g a n d C o u n t e r m e a s u r e s C o p y r i g h t © b y E C - C 0 U n C il A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d . E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s E x a m 3 1 2 - 5 0 C e r t if ie d E t h ic a l H a c k e r F o o t p r in t in g a n d R e c o n n a is s a n c e W H O IS ה־ז n 1 1 L o o k u p O n lin e T o o ls SmartWhois Whois http://smartwhois.com http://tools.whois.net Better Whois DNSstuff % http://www. betterwhois. com C E H http://www.dnsstuff, com m im r ־ = ■ ־ Whois Source m Network Solutions Whois S' p y y http://www.whois.se Web Wiz WebToolHub § fc ] http://www.webwiz.co. uk/domain־ tools/whois-lookup.htm http://www.webtooll 1•whois-lookup. aspx http://www.networksolutions.com Network-Tools.com Ultra Tools http://network-tools.com https://www.ultratools.com/whois/home Copyright © by EG-G*ancil. All Rights Reserved. Reproduction is Strictly Prohibited. W H O I S L o o k u p O n l i n e T o o ls In a d d i t i o n t o t h e W h o i s l o o k u p t o o l s m e n t i o n e d s o f a r , a f e w o n lin e W h o is lo o k u p to o ls a re lis te d as fo llo w s : Q S m a r tW h o is a v a ila b le a t h t t p : / / s m a r t w h o is . c o m Q B e tte r W h o is a v a ila b le a t h t t p : / / w w w . b e t t e r w h o is . c o m O W h o is S o u rc e a v a ila b le a t h ttp ://w w w .w h o is .s e Q W e b W iz a v a ila b le a t h t t p : / / w w w . w e b w iz . c o . u k / d o m a in - t o o ls / w h o is - lo o k u p . h t m Q N e tw o rk -T o o ls .c o m Q W h o is a v a ila b le a t h t t p : / / t o o ls . w h o is . n e t © D N S s tu ff a v a ila b le a t h ttp ://w w w .d n s s tu ff.c o m Q N e t w o r k S o lu tio n s W h o is a v a ila b le a t h t t p : / / w w w . n e t w o r k s o l u t io n s . c o m S W e b T o o lH u b a v a ila b le a t h t t p :/ / w w w . w e b t o o lh u b . c o m / t n 5 6 1 3 8 1 - w h o is - lo o k u p . a s p x Q U ltra T o o ls a v a ila b le a t h t t p s : / / w w w . u lt r a t o o ls . c o m / w h o is / h o m e M o d u le 0 2 P a g e 1 9 7 a v a ila b le a t h t t p : / / n e t w o r k - t o o ls . c o m E t h i c a l H a c k i n g a n d C o u n t e r m e a s u r e s C o p y r i g h t © b y E C - C 0 U n C il A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d . E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s E x a m 3 1 2 - 5 0 C e r t if ie d E t h ic a l H a c k e r F o o t p r in t in g a n d R e c o n n a is s a n c e Footprinting Methodology Footprinting through Search Engines WHOIS Footprinting Website Footprinting DNS Footprinting Email Footprinting Network Footprinting Competitive Intelligence Footprinting through Social Engineering Footprinting using Google Footprinting through Social Networking Sites CEH Copyright © by EG-G*ancil. All Rights Reserved. Reproduction is Strictly Prohibited. F o o t p r i n t i n g ------- M e t h o d o l o g y T h e n e x t p h a s e i n f o o t p r i n t i n g m e t h o d o l o g y is D N S f o o t p r i n t i n g . T h is s e c tio n d e s c rib e s h o w t o e x t r a c t D N S in f o r m a t io n a n d t h e D N S in t e r r o g a t i o n to o ls . M o d u le 0 2 P a g e 1 9 8 E t h i c a l H a c k i n g a n d C o u n t e r m e a s u r e s C o p y r i g h t © b y E C - C 0 U n C il A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d . E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s E x a m 3 1 2 - 5 0 C e r t if ie d E t h ic a l H a c k e r F o o t p r in t in g a n d R e c o n n a is s a n c e E x t r a c t in g CEH D N S I n f o r m a t io n (•rtifwd ilk. (41 •UthM 0 0 A ttacker can gather DNS inform ation to determ ine key hosts in the netw o rk and can perform social engineering attacks 3 0 DNS records provide important information about location and type of servers R e co rd 0 D N S I n te r r o g a tio n T o o ls D e s c r ip t io n T yp e A 2 © http://www.dnsstuff.com © http://network-tools.com P o in ts t o a h o s t's IP ad d re s s MX P o in ts t o d o m a in 's m a il se rv e r NS P o in ts t o h o s t's n a m e se rv e r CNAM E C a n o n ic a l n a m in g a llo w s a lia se s to a h ost SOA In d ic a te a u th o r ity fo r d o m a in SRV S e rv ic e re c o rd s PTR M a p s IP a d d re s s t o a h o s tn a m e RP R e sp o n sib le p e rso n H IN FO H o s t in fo r m a t io n re c o r d in c lu d e s C P U t y p e an d O S T XT U n s tru c tu r e d te x t re c o rd s Copyright © by EG-G*ancil. All Rights Reserved. Reproduction is Strictly Prohibited. E x t r a c t i n g D N S DNS fo o tp rin tin g I n f o r m a llo w s y o u to a t i o n o b ta in in fo rm a tio n about DNS zone d a ta . T h is DNS z o n e d a t a i n c l u d e s D N S d o m a i n n a m e s , c o m p u t e r n a m e s , IP a d d r e s s e s , a n d m u c h m o r e a b o u t a p a rtic u la r n e tw o rk . T h e a tta c k e r p e rfo r m s D N S fo o t p r in t in g o b ta in th e d e te rm in e in fo rm a tio n key h o s ts about in t h e DNS. He n e tw o rk or and she th e n th e n uses p e rfo rm s o n t h e t a r g e t n e t w o r k in o r d e r t o th e g a th e re d DNS s o c ia l e n g in e e r in g in fo rm a tio n a tta c k s to to g a th e r m o re in fo rm a tio n . DNS fo o tp rin tin g can be p e rfo rm e d u s in g D N S in t e r r o g a t io n t o o ls s u c h as w w w . D N S s t u f f . c o m . B y u s i n g w w w . D N S s t u f f . c o m , i t is p o s s i b l e t o e x t r a c t D N S i n f o r m a t i o n s e rv e r e x te n s io n s , DNS lo o k u p s , W h o is lo o k u p s , e tc . If y o u w ant a b o u t IP a d d r e s s e s , m a i l in fo rm a tio n a b o u t a ta rg e t c o m p a n y , i t is p o s s i b l e t o e x t r a c t i t s r a n g e o f IP a d d r e s s e s u t i l i z i n g t h e I P r o u t i n g l o o k u p o f D N S s tu ff. If t h e t a r g e t n e t w o r k a llo w s u n k n o w n , u n a u t h o r iz e d u s e rs t o t r a n s f e r D N S z o n e d a ta , t h e n i t is e a s y f o r y o u t o o b ta in th e in fo rm a tio n a b o u t DNS w ith th e h e lp o f th e DNS in te rro g a tio n to o l. O nce you re sp o n d to send th e you w ith q u e r y u s in g t h e a re co rd DNS in te rro g a tio n s tru c tu re th a t c o n ta in s to o l to th e in fo rm a tio n DN S se rv e r, th e a b o u t th e s e rv e r w ill ta rg e t DNS. DNS re c o rd s p ro v id e im p o r ta n t in fo r m a tio n a b o u t lo c a tio n a n d ty p e o f s e rve rs. Q A - P o i n t s t o a h o s t ' s IP a d d r e s s M o d u le 0 2 P a g e 1 9 9 E t h i c a l H a c k i n g a n d C o u n t e r m e a s u r e s C o p y r i g h t © b y E C - C 0 U n C il A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d . E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s E x a m 3 1 2 - 5 0 C e r t if ie d E t h ic a l H a c k e r F o o t p r in t in g a n d R e c o n n a is s a n c e Q M X ־P o in ts t o d o m a in 's m a il s e rv e r Q NS - P o in ts t o h o s t's n a m e s e rv e r Q C N A M E - C a n o n ic a l n a m in g a llo w s a lia s e s t o a h o s t Q S O A - In d ic a te a u t h o r it y f o r d o m a in Q SR V - S e rv ic e r e c o r d s Q P T R - M a p s IP a d d r e s s t o a h o s t n a m e 6 RP - R e s p o n s i b l e p e r s o n £ H IN F O - H o s t in f o r m a t io n r e c o r d in c lu d e s C PU t y p e a n d OS A f e w m o r e e x a m p le s o f D N S in t e r r o g a tio n to o ls t o s e n d a D N S q u e r y in c lu d e : 6 h ttp ://w w w .d n s s tu ff.c o m © h ttp ://n e tw o rk -to o ls .c o m M o d u le 0 2 P a g e 2 0 0 E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s C o p y r ig h t © b y EC-C0l1ncil A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d . E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s E x a m 3 1 2 - 5 0 C e r t if ie d E t h ic a l H a c k e r F o o t p r in t in g a n d R e c o n n a is s a n c e E x t r a c t in g D N S I n f o r m a t io n C E H ( C o n t ’d ) T h is t o o l i s v e r y u s e f u l t o p e r f o r m a D N S q u e r y o n a n y h o s t . E a c h d o m a in (•rtifwtf | EthKJi ■UckM ^ Perform DNS query n a m e (Ex a m p le : d n s q u e r ie s . c o m ) i s s t r u c t u r e d in h o s t s (e x : u e r ie s , c o m ) a n d t h e D N S ( D o m a in N a m e S y s t e m ) a llo w Q 10 t o t r a n s la t e t h e d o m a in n a m e o r t h e h o s t n a m e in an IP A d d r e s s c o n t a c t v ia t h e T C P / I P p r o t o c o l. T h e r e a r e s e r v e r a l t y p e s o f q u e r ie microsoft.com s, c o r r e s p o n d in g t o a ll t h e I m p le m e n t a b le t y p e s o f D N S r e c o r d s s u c h a s A re c o rd , M X . A A A A , C N A M E an d SOA. Results for checks on m icro so ft.co m H ost TTL C la s s ly p e D e ta ils m ic r o s o f t .c o m !J 3381 IN TXT FbU F 6 D bkE * A w 1 / v / i9 x g D i3 K V r llZ u s 5 v 8 L 6 tb lQ Z k G r Q ׳r V Q K J i8 C jQ b B tW t£ 6 4 e y 4 N JJv /j5 J6 5 P lg g V Y N a b d Q — m ic r o s o f t .c o m 3381 IN TXT v - s p f Include: s p f- a . m lc r o s o f t .c o m Include :_ s p f- b .m fc ro s o ft.c o m 1 n c lu d e :_ sp f־c. m lc r o s o ft .c o m 1nclu de:_spf-ssg• a . m ic r o s o ft .c o m ip 4 : l 3 1 . 1 0 7 .1 1 5 .2 1 5 ip i : 1 3 1 .1 0 7 .1 1 5 .2 1 4 ip 4 :2 0 5 .2 4 8 .1 0 6 .6 4 ip 4 : 2 0 5 .2 4 8 .1 0 6 .3 0 ip 4 :2 0 5 .2 4 8 .1 0 6 .3 2 * all 1 m lc r o s o f t .c o m ^ 3381 IN MX 1 0 m a ll. m e s s a g ln g . m lc r o s o n . c o m ! J m ic io b u f t . c o iii J 3381 IN SOA n s 1 .m s f t. n e t m b n h b t .m ia b f t .c m 2 01 2 0 7 1 6 0 2 3C0 6 00 2 4 1 9 2 0 0 3 600 m ic r o s o f t .c o m 3381 IN A 6 4 .4 .1 1 .3 7 (£) 3381 IN m ic r o s o f t .c o m 00 0 A 6 5.5 5 .5 8 .7 0 1 $ 141531 IN NS n s 5 .m s ft.n e t m ic r o s o f t .c o m 141531 IN NS n s 2 .m s ft.n e t m ic r o s o f t .c o m ^ 141531 IN NS n s 1 .m s f t.n e t (g) m ic r o s o f t .c o m $ 141531 IN NS n s 3 .m s f t.n e t $ m ic r o s o f t .c o m $ 141531 IN NS n s 4 .m s f t.n e t yj} m ic r o s o f t .c o m 'J h ttp ://w w w .d n s q u e r ie s .c o m Copyright © by EG-GtailCil. All Rights Reserved. Reproduction is Strictly Prohibited. E x t r a c t i n g D N S I n f o r m a t i o n ( C o n t ’ d ) S o u rce : h ttp ://w w w .d n s q u e rie s .c o m P e rfo rm p e rfo rm in h o s ts DNS q u e ry a v a ila b le at h ttp ://w w w .d n s q u e rie s .c o m is a to o l th a t you to a D N S q u e r y o n a n y h o s t . E a c h d o m a i n n a m e ( e x a m p l e : d n s q u e r i e s . c o m ) is s t r u c t u r e d (ex: w w w .d n s q u e rie s .c o m ) a n d th e DNS (D o m a in Nam e S y s te m ) a llo w s t r a n s l a t e t h e d o m a i n n a m e o r t h e h o s t n a m e i n a n IP a d d r e s s t o c o n t a c t v i a t h e T he re a llo w s a re se ve ra l ty p e s of q u e rie s , c o rre s p o n d in g to a ll th e anyone TCP/IP im p le m e n ta b le to p ro to c o l. ty p e s of DNS re c o rd s su ch as a re c o rd , M X , A A A A , C N A M E , a n d SOA. Now le t's s e e h o w t h e DNS in te r r o g a tio n to o l re trie v e s in fo r m a tio n b ro w s e r and ty p e h ttp ://w w w .d n s q u e rie s .c o m a b o u t th e DNS. G o to th e a n d p re s s E n te r. T h e D N S q u e ry 's h o m e s ite w ill b e d i s p l a y e d in t h e b r o w s e r . E n t e r t h e d o m a i n n a m e o f y o u r i n t e r e s t in t h e P e rfo rm a re Run e n te rin g M ic ro s o ft.c o m ) and c lic k th e D N S q u e r y 's H o s tN a m e fie ld (h e re w e to o l b u tto n ; th e DNS in fo rm a tio n fo r M i c r o s o f t . c o m w i l l b e d i s p l a y e d as s h o w n in t h e f o l l o w i n g f i g u r e . M o d u le 0 2 P a g e 2 0 1 E t h i c a l H a c k i n g a n d C o u n t e r m e a s u r e s C o p y r i g h t © b y E C - C 0 U n C il A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d . E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s E x a m 3 1 2 - 5 0 C e r t if ie d E t h ic a l H a c k e r F o o t p r in t in g a n d R e c o n n a is s a n c e T h is t o o l is v e r y u s e f u l t o p e r f o r m a D N S q u e r y o n a n y h o s t . E a c h d o m a in n a m e ( F x a m p le : d n s q u e r ie s . c o m ) is s t r u c t u r e d in h o s t s (ex: Q Perform DNS query w w w . d n s q u 9 r ie s . c o m ) a n d t h e D N S ( D o m a in Nam© S y s t e m ) a llo w o v o r y b o d y t o t r a n s la t o t h o d o m a in n a m o o r t h o h o s t n a m e in an IP A d d r o s s t o c o n t a c t v ia t h e T C P / I P p r o t o c o l. T h e r e a r e s e r v e r ^ t y p e s o f q u e r ie s , c o r r e s p o n d in g t o dll t h e im p le m e n ld b le t y p e s o f D N S r e c o r d s s u c h ל«־A r e c o r d , M X , A A A A , C N A M E a n d SO A . H o s t fla m e : [mcrosoftcom Type: ANY 0 | R un to o h T Results fo r checks on m 1crosoft.com H ost TTL C la s s Type m ic r o s o ft .c o m 3381 IN TXT F b U F 6 D b k E * A v v l/w i9 x g D i8 K V rllZ u s 5 v 8 L 6 tb lQ Z k G rQ / ׳V Q K Ji8 C jQ b B tW tE 6 4 e y 4 N JJ v v j5 J6 5 P lg g W N a b d Q -־ D e ta ils micr030ft.c0m 3381 IN TXT v= spf ln c lu d e :_ s p f-a .m fc r o s o fL c o m ln d u d e :_ s p f ־b .m fc r o s o ft.c o m ln c lu d e :_ s p f ־ a . m ic r o s o ft.c o m i p 4 : l 3 l . l C 7 . 1 l 5 . 2 l 5 i p 4 : l 3 l .1 0 7 .1 1 5 .2 1 4 ip 4 :2 G 5 .2 4 8 .1 0 0 .6 4 ip 4 :2 0 5 .2 4 3 .1 06.30 ip 4 :2 0 5 .2 4 8 .1 0 6 .3 2 ' a l l m ic r o s o ft .c o m 3381 IN MX 10 mail.mes5aging.micro50ft.c0m m ic r o s o t t. c o m ^ 3381 IN SOA n s l.m s ft .n e t m s n h s t .m ic r o s o f t . c o m 2 01 2 0 7 1 6 0 2 300 6 0 0 2 4 1 9 20 0 3 600 m ic r o s o ft .c o m 3381 IN A 64.4.11.37 sJ m ic r o s o ft .c o m 3381 IN A 6 5 55.58.201 microsoh.com ^ 141531 IN NS n s 5 .m s f t.n e t {gj m ic r o s o t t. c o m ^ 141531 IN NS n s 2 .m s lt .n e t $ m ic r o s o ft .c o m C J 141531 IN NS n s 1 .m s ft.n e t !£} m ic r o s o ft .c o m Q 141531 IN NS n s 3 .m s ft.n e t n1icr050ft.c0m ^ 141531 IN NS rr54.t1tsft.net ' j 1 c . m lc r o s o ft.c o m 1 n d u d e :_ s p f-s sg FIGURE 2 .3 2 : S c re e n s h o t s h o w in g DNS in fo r m a tio n f o r M ic ro s o ft.c o m M o d u le 0 2 P a g e 2 0 2 E t h i c a l H a c k i n g a n d C o u n t e r m e a s u r e s C o p y r i g h t © b y E C - C 0 U n C il A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d . E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s E x a m 3 1 2 - 5 0 C e r t if ie d E t h ic a l H a c k e r F o o t p r in t in g a n d R e c o n n a is s a n c e DNS Interrogation Tools DIG A ח DNSWatch http://www.kloth.net ffjp slli CEH ____ נ http://www.dns watch, info myDNSTools DomainTools http://www.mydnstools.info http://www.domaintools.com Professional Toolset 1rv ' - , (0 m http://www.dnsstuff. com DNS http://e-dns.org DNS Records DNS Lookup Tool http://net work-tools.com http://www.webwiz. co.uk DNSData View DNS Query Utility http://www.nirsoft.net http://www.webmaster-toolkit. com Copyright © by EG-G(HIICil. All Rights Reserved. Reproduction is Strictly Prohibited. D N S I n t e r r o g a t i o n T o o l s A f e w m o r e w e ll- k n o w n D N S in t e r r o g a t i o n t o o ls a re lis te d as fo llo w s : © D IG a v a ila b le a t h t t p : / / w w w . k l o t h . n e t © m y D N S T o o ls a v a ila b le a t h ttp ://w w w .m y d n s to o ls .in fo © P ro fe s s io n a l T o o ls e t a v a ila b le a t h t t p : / / w w w . d n s s t u f f . c o m © D N S R e c o rd s a v a ila b le a t h t t p : / / n e t w o r k - t o o ls . c o m © D N S D a ta V ie w a v a ila b le a t h t t p : / / w w w . n i r s o f t . n e t © D N S W a tc h a v a ila b le a t h ttp ://w w w .d n s w a tc h .in fo © D o m a in T o o ls P ro a v a ila b le a t h ttp ://w w w .d o m a in to o ls .c o m © D N S a v a ila b le a t h t t p :/ / e - d n s . o r g © D N S L o o k u p T o o l a v a ila b le a t h t t p : / / w w w . w e b w iz . c o . u k © D N S Q u e ry U tility a v a ila b le a t h t t p : / / w w w . w e b m a s t e r - t o o lk i t . c o m M o d u le 0 2 P a g e 2 0 3 E t h i c a l H a c k i n g a n d C o u n t e r m e a s u r e s C o p y r i g h t © b y E C - C 0 U n C il A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d . E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s E x a m 3 1 2 - 5 0 C e r t if ie d E t h ic a l H a c k e r F o o t p r in t in g a n d R e c o n n a is s a n c e Footprinting Methodology Footprinting through Search Engines CEH WHOIS Footprinting *ך Website Footprinting DNS Footprinting Email Footprinting Network Footprinting Competitive Intelligence Footprinting through Social Engineering Footprinting through Social Networking Sites Copyright © by EG-G(HIICil. All Rights Reserved. Reproduction is Strictly Prohibited. F o o t p r i n t i n g The in fo rm a tio n . next So, s te p now we a fte r w ill M e t h o d o l o g y re trie v in g d is c u s s th e n e tw o rk DNS in fo rm a tio n fo o tp rin tin g , is to g a th e r a m e th o d n e tw o rk -re la te d o f g a th e rin g n e tw o rk - re la te d in fo rm a tio n . T h is s e c tio n d e s c rib e s how to lo c a te n e tw o rk range, d e te rm in e th e o p e ra tin g s y s te m , T ra c e ro u te , a n d th e T ra c e ro u te to o ls . M o d u le 0 2 P a g e 2 0 4 E t h i c a l H a c k i n g a n d C o u n t e r m e a s u r e s C o p y r i g h t © b y E C - C 0 U n C il A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d . E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s E x a m 3 1 2 - 5 0 C e r t if ie d E t h ic a l H a c k e r F o o t p r in t in g a n d R e c o n n a is s a n c e CEH Locate the Network Range J Q u e rie d 207 46 232 182 207.46. 0. 0 207 46 255.255 207.46 0/16 w h o is .a r in .n e t N e tR a n g e : w ith "n . . C ID R : Find the range of IP addresses using ARIN whois database search tool J IthKJI lUckM N e tw o r k W h o is R e c o rd Network range information obtained assists an attacker to create a map of the target's network J (citifwd . . " . . . . . O rig in A S : N e tN a m e : M IC R O S O F T -G L O B A L -N E T N E T - N e tH a n d le : You can find the range of IP addresses and the subnet mask used by the target organization from Regional Internet Registry (RIR) - N S .M S F T .N E T N a m e S e rv e r: N S .M S F T .N E T N a m e S e rv e r: N S .M S F T .N E T N a m e S e rv e r: N S .M S F T .N E T N a m e S e rv e r: N S .M S F T .N E T - - h t tp : / /w 207 46 0 0-1 - - A s s ig n m e n t 2 4 1 5 3 1997 03-31 2004 12-09 R e f: - - - N a m e S e rv e r: U p d a te d : h o is .a r in .n e t/r e s t/n e t/N E T - - O rg N a m e : M Orgld: MSFT A d d re s s : O ne ic ro s o ft M C o rp ic ro s o ft C ity : R edm ond S ta te P r o v : WA W ay O rg A b u se P h o n e : 98052 1998 07-10 2009 11-10 231 1 425 882-8080 O rg A b u s e E m a il: a b u s e @ h o tm a il. com PostalCode: US C o u n try : - R e g D a te : - U p d a te d : N e tw o rk - N E T - D ir e c t R e g D a te : Atta cker 207 46 0 0-1 207 0 0 0-0 P a r e n t: N e tT y p e : R e f: h t t p : //w h o is . a r i n .n e t/re s t/o rg /M S F T O r g A b u s e H a n d le ABU SE O rg A k u se N a m e : A b u se + - -A R IN - O rg A b u se R e f: h t t p : / /w h o is . a r i n .n e t/re s t/p o c /A B U S E 231 -A R IN Copyright © by EG-Gtancil. All Rights Reserved. Reproduction is Strictly Prohibited. »־ L o c a t e ז-נ To p e rfo rm in fo rm a tio n fo r, an d t h e N e t w n e tw o rk o r k R a n g e fo o tp rin tin g , you need to g a th e r b a s ic and im p o rta n t a b o u t th e t a r g e t o rg a n iz a tio n su ch as w h a t th e o rg a n iz a tio n d o e s , w h o th e y w o r k w h a t ty p e o f w o rk th e y p e rfo rm . The a n s w e rs to th e s e q u e s tio n s g iv e you an id e a a b o u t th e in te rn a l s tr u c tu r e o f th e ta r g e t n e tw o rk . A fte r g a th e rin g th e ran g e a fo re m e n tio n e d o f a ta rg e t s y s te m . in fo rm a tio n , an a tta c k e r can p ro c e e d to fin d th e He o r she can g e t m o re d e ta ile d r e g i o n a l r e g i s t r y d a t a b a s e r e g a r d i n g IP a l l o c a t i o n a n d t h e in fo rm a tio n fro m th e n e tw o rk a p p ro p ria te n a tu r e o f th e a llo c a tio n . A n a tta c k e r c a n a ls o d e t e r m i n e t h e s u b n e t m a s k o f t h e d o m a in . H e o r s h e c a n a ls o t r a c e t h e r o u t e b e t w e e n th e s y s te m and th e ta rg e t s y s te m . Two p o p u la r tra c e ro u te to o ls a re N e o T ra ce and V is u a l R o u te . O b ta in in g p riv a te A u th o rity (IA N A ) In te rn e ts : IP a d d r e s s e s c a n has rese rve d th e be u s e fu l fo r an a tta c k e r. T h e fo llo w in g 1 0 .0 .0 .0 -1 0 .2 5 5 .2 5 5 .2 5 5 (1 0 /8 th re e b lo c k s o f t h e p re fix ), In t e r n e t A s s ig n e d N u m b e rs IP a d d r e s s s p a c e f o r p r i v a t e 1 7 2 .1 6 .0 .0 -1 7 2 .3 1 .2 5 5 .2 5 5 (1 7 2 .1 6 /1 2 p re fix ) , a n d 1 9 2 .1 6 8 . 0 .0 - 1 9 2 .1 6 8 .2 5 5 .2 5 5 ( 1 9 2 .1 6 8 /1 6 p re fix ). The n e tw o rk ran g e g iv e s you an id e a about how th e n e tw o rk is , w h ic h m a c h in e s in th e n e t w o r k s a re a liv e , a n d it h e lp s t o id e n t i f y t h e n e t w o r k t o p o lo g y , a c c e s s c o n t r o l d e v ic e , a n d OS M o d u le 0 2 P a g e 2 0 5 E t h i c a l H a c k i n g a n d C o u n t e r m e a s u r e s C o p y r i g h t © b y E C - C 0 U n C il A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d . E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s E x a m 3 1 2 - 5 0 C e r t if ie d E t h ic a l H a c k e r F o o t p r in t in g a n d R e c o n n a is s a n c e u s e d in t h e t a r g e t n e t w o r k . T o f i n d t h e n e tw o rk ra n g e o f th e ta rg e t n e tw o rk , e n te r th e s e rve r IP a d d r e s s ( t h a t w a s g a t h e r e d i n W H O I S f o o t p r i n t i n g ) i n t h e A R I N w h o i s d a t a b a s e s e a r c h t o o l o r you can go to th e A R IN w e b s ite (h t t p s ://w w w .a r in .n e t/k n o w le d g e /r ir s .h tm l) a n d e n te r th e s e r v e r IP i n t h e S E A R C H W h o i s t e x t b o x . Y o u w i l l g e t t h e n e t w o r k r a n g e o f t h e t a r g e t n e t w o r k . I f th e D N S s e rv e r s a re n o t s e t u p c o r r e c t ly , t h e a t t a c k e r h a s a g o o d c h a n c e o f o b t a i n i n g a lis t o f in te r n a l m a c h in e s o n t h e s e rv e r . A ls o , s o m e t im e s if a n a t t a c k e r tr a c e s a r o u t e t o a m a c h in e , h e o r s h e c a n g e t t h e i n t e r n a l IP a d d r e s s o f t h e g a t e w a y , w h i c h m i g h t b e u s e f u l . N e tw o rk W h o is Q u e rie d w h o is . a r i n . n e t w it h R e c o rd "n 2 0 7 .4 6 .2 3 2 .1 8 2 ", 2 0 7 .4 6 .0 .0 - 2 0 7 .4 6 .2 5 5 .2 5 5 N e tR a n g e : 2 0 7 .4 6 .0 .0 /1 6 C ID R : O rig in A S : MICROSOFT-GLOBAL-NET NetN am e: N E T -207 -46-0 -0-1 N e tH a n d le : N E T -20 7 -0 -0 -0 -0 P a re n t: D i r e c t A s s ig n m e n t N e tT yp e : N S 2 .MSFT.NET N am eS e rve r: N S 4 .MSFT.NET N am eS e rve r: NS1.MSFT.NET N am eS e rve r: NS5.MSFT.NET N am eS e rve r: NS3.MSFT.NET N am eS erver: 1997-03-31 R eg D a te : 2 0 04-12-09 U p d a ted : h ttp ://w h o is .a r i n .n e t/re s t/n e t/N E T R e f: 2 0 7 -4 6 -0 -0 -1 M i c r o s o f t Corp O rgN a m e : MS FT O rg ld : One M i c r o s o f t Way A ddress: Redmond C ity : WA S ta te P ro v : 98052 P o s ta lC o d e : US C o u n try : 1998-0 7 -1 0 R eg D a te : 2 0 0 9-1 1 -1 0 U p d a ted : h t t p : / /w h o is .a r i n . n e t/re s t/o rg /M S F T R e f: O r g A b u s e H a n d l e : ABUSE23 1 - A R I N OrgAbuseName: Abuse O rgA buseP hone: + 1 -4 25-882-8080 O rg A b u s e E m a il: e k b u s e @ h o tm a il.c o m O rgA b use R e f: h t t p : / / w h o i s . a r i n . n e t/re s t/p o c /A B U S E 2 3 1 -A R IN Y o u n e e d t o u s e m o r e t h a n o n e t o o l t o o b t a in n e t w o r k in f o r m a t i o n as s o m e t im e s a s in g le t o o l is n o t c a p a b l e o f d e l i v e r i n g t h e i n f o r m a t i o n y o u w a n t . M o d u le 0 2 P a g e 2 0 6 E t h i c a l H a c k i n g a n d C o u n t e r m e a s u r e s C o p y r i g h t © b y E C - C 0 U n C il A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d . E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s E x a m 3 1 2 - 5 0 C e r t if ie d E t h ic a l H a c k e r F o o t p r in t in g a n d R e c o n n a is s a n c e Determine the Operating System c EH (•itifwd tUMJl NM hM Use the Netcraft tool to determine the OSes in use by the target organization Copyright © by EC-CaHCil. All Rights Reserved. Reproduction is Strictly Prohibited. \ D e t e r m i n e t h e O p e r a t i n g S y s t e m S o u rce : h ttp ://n e w s .n e tc ra ft.c o m S o f a r w e h a v e c o l l e c t e d i n f o r m a t i o n a b o u t IP a d d r e s s e s , n e t w o r k r a n g e s , s e r v e r n a m e s , e t c . o f th e ta rg e t n e tw o rk . Now it's tim e to fin d out th e OS r u n n in g on th e ta rg e t n e tw o rk . The t e c h n i q u e o f o b t a i n i n g i n f o r m a t i o n a b o u t t h e t a r g e t n e t w o r k O S is c a l l e d O S f i n g e r p r i n t i n g . T h e N e tc r a ft to o l w ill h e lp y o u t o fin d o u t th e OS r u n n in g o n th e ta r g e t n e tw o r k . L e t's s e e h o w N e t c r a f t h e lp s y o u d e t e r , o m e t h e O S o f t h e t a r g e t n e t w o r k . Open th e h ttp ://n e w s .n e tc ra ft.c o m s ite in y o u r b ro w se r and ty p e th e d o m a in nam e of your t a r g e t n e t w o r k in t h e W h a t ' s t h a t s it e r u n n i n g ? f i e l d ( h e r e w e a r e c o n s i d e r i n g t h e d o m a i n n a m e ״M i c r o s o f t . c o m " ) . It d is p la y s a ll t h e s it e s a s s o c i a t e d w i t h t h a t d o m a i n a l o n g w i t h t h e o p e r a t i n g s y s t e m r u n n in g o n e a c h s ite . M o d u le 0 2 P a g e 2 0 7 E t h i c a l H a c k i n g a n d C o u n t e r m e a s u r e s C o p y r i g h t © b y E C - C 0 U n C il A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d . E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s E x a m 3 1 2 - 5 0 C e r t if ie d E t h ic a l H a c k e r F o o t p r in t in g a n d R e c o n n a is s a n c e OS, Wab Scrrcr aad Mosang Mi כlory for wlnOo/o./ricrosoft.coai riE T C R ^ F T *kBtxkOwiMi rae»o-^ S earch W eb by Domain M1UOS08-88/7.5 Mier6<w8-8S/7 5 Micre&Jt IIS/7 ( Miaoso8-83/7 5 lft-JUl-2012 14•Jul-901? 8 יJun 2012 M 55 175 113 M W 175183 M ac** Cap Acre** Cap! Merc s»« Cap Macso• Cap MCTCSJtCCfp r s c ic p 14-Ju1-2012׳ 18-May-2012 14-May-2012 10־Apr-2012 55 55 175183 Miacsat-iis5 /׳ Micrcs:>MS/7 6 Mierc sot HC/7 6 F5 e»G-P F5 BIC-P F6 6ICP Miacso«-«S/7 5 Mieroso8-flS/7 5 Uiaeco• IS/75 12-Apr-2012 18-Uar-?01? 11 Mar-2012 r* fk;-p I E>pb(0 1.045.745w#&:la s u<1t«dbyus9rs ofth• Npicrafl Toolbar 3rdAugust 2012 fiM fchr •*arch .!p. I | 3 s*« contains f£WC-P P5 NG-P H fclG-P GIC-P ft lookup! a te contains .net : ׳aft.com Results fo r m icro soft 6((£8133 5555.176183 85 56 175183 56 52103 234 55 52 103234 55 52 103 ?34 65 5€ 175 183 Ucreot Cat Were5 •גCap M a cs* Cap U a c s * Cap lAacsot Cap 1 Found 252 sites Site Site Report First seen 1. w .x n :f5 J 0 f:.:« r1 1 2. :u»pert.m tro5eft.to״׳ 1 3- f'e c s 'f.fo r 1 4. 1 5. ־r s d 1־.merosoftcom 1 67. 1 n»nd9M .TkfM «f(.tom ca-m1:ro*oftxom soaal tochncc.microsoft.ccm 8. ■'tswara.nnicroioft.coni 9. MNM<pd«ta.n«lcnaoftcD«n 10. aooal.msdn.iTtKroBoft.tom 11■ } • m1!f01»H,t«1« 12• *»«d0»<«upd»ta.׳nKr©«©ft.<0m 13. n ffd it• r#׳r1 14. »1«.m«r91alWf»f>alatftr,nyr IS. search.mKroicft.ccm 16. ***(.m icroioftator• com 17. :o ^ r .mtcrotoHorV11to.com IB. M0r.1nKr0B0H.c0m a e a a a £1 a a £1 (U a a a a a a a a Netblock OS Mac: UpOTie - the Dm* since last reboot >3explained la the fAO (1M1) 2*120*24:13 august 1995 microsoft corp otrix netscaler octobar 1997 microsoft corp unicnown Sle >wvwpassport con 60 Uax 129 august 1909 mieroaoft torp otrix n atari to* www ׳encarta.com 52 56 juoa 1998 microsoft corp w rio o a * * 2 0 0 8 ־%♦־ asi׳oue• com MMMrcarpeiAteem 48 46 91 81 ? mada com 41 £6 ! rriacsotcomt* mtreso* iu mjrat• hcrro microcoHcom 39 38 38 39 50 84 ! c9lm acso8.com 3® 66 < * mw 12:2:1 r*1 n׳Krc«08c0m wwwmancanvlw caficcant 33 32 20 20 77 *6 £2 £0 wnoows s*rr*» 2W8 intro** Pf&C-P rsoG -r K.ac»o« יS/7 5 WlCTCSOf-M־IP*/׳l2 0 IMac40MS/7 4 ItK T C M U t^f u.acsol-lC/7 5 wwwoficccom 08k • nMcmalt cent Mogs tacftnatcam 20 35 36 185 110 20 F6BG-P IWa«$0MV/5 U1ac«08-iS/7 5 wwwrn»uesot.con1 lemincom men ca p IA/EC0U msnccra 24 92 32 20 !8 45 ?4 36 51 79 saptennbor 1998 microsoft coro otrix netsealor novombor 1998 microsoft corp unoow n august 2008 microsoft coro citnx notscalor august 2009 microsoft imttod window■ ! ׳ ״e 2008 may2007 *״r f i w . « >«0 ׳2 « כ august 2008 otrix notacotor novombor 2001 ms hotm••! ctrix n t ttta l• ׳ fabwary 1999 microsoft corp - rS o *״ faboary 3003 microsoft corp wr«<M1 ■••var ?90S novombor ?008 •Itam ai torhnelooiet January 1997 ao-v•2308 ־׳ linuv a<ama ׳international הv Itoux bio-c novombor 2008 d« ltal rlvor iroiand ltd. f5 docombor 2010 microsoft corp window• s«%a• 21303 october ג00 כ w rcova S*2008 ־♦\־ microsoft corp Avtraoe Server OS J v/11«o*3 S»r.־a 2CC8 U1ac308-1S/7 5 reoG-p wnflows Sfr.tr2i<X inertx»« UtCTCSOMS/7 Q l/Krcsot-IS/7 5 &$F Uiereso• IS/7 £ Macs©*-*2/7: lft<yc90MSS7 5 U*<reco*-IS/7 5 FSBCP w! ז « » יSana 2CC3 Iitacc08 li/7 8 U atM H V T S ! CiMi n«C«ral*r F5BC P IM OCKOM SM0 U>ae sol 1V7 8 U tacso•18/7 0 > IAOCSOt-13/7 3 FIGURE 2.3 3 : N e tc r a ft s h o w in g th e o p e ra tin g s y s te m th a t is in use b y M ic ro s o ft M o d u le 0 2 P a g e 2 0 8 E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s C o p y r ig h t © b y E C - C 0 lin C il A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d . E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s E x a m 3 1 2 - 5 0 C e r t if ie d E t h ic a l H a c k e r F o o t p r in t in g a n d R e c o n n a is s a n c e D e t e r m ((IL * ' * “׳׳'־״ i n e t h e S H O D A N O p e r a t i n g S e a r c h S y s t e m ( C o n t ’ d ) E n g in e S o u rce : h ttp ://w w w .s h o d a n h a .c o m U s e S H O D A N s e a rc h e n g in e t h a t le ts y o u f in d s p e c ific c o m p u t e r s ( r o u t e r s , s e rv e r s , e tc .) u s in g a v a r ie ty o f filte rs . Ex p o s e O n l in e D e v ic e s . W ebcam s. Ro uters. ,vA >j P O W E R P L A N T S . IP H O N E S . W I N D T U R B IN E S . £ * *׳׳ R E FR IG E R A T O R S . V O IP P H O N E S . Take a Tour Free Sion Up Papular Search Querios: RuggotiConi oyposod via loln ot Wired: hT1f£ /w w w .w 1ro<].car11f]rGaCeveV2012/0'Un1ggQdco1n-iH C M ooti (-ull O iscloctrc: http:/'soc... U2 D e v e lo p e r API ■ Ond out how 10 accc33 the Qhodan ilHtalMSH with P/lhon. Pw1 ot Ruby © Le a r n M o r e Fo l l o w M e Gel rnorc oat c f ycur 5 c j־cf־c3 and find •* ־mfnmaton rwwl >**1 FIGURE 2 .3 4 : SHODAN S earch E ngine s c re e n s h o t M o d u le 0 2 P a g e 2 0 9 E t h i c a l H a c k i n g a n d C o u n t e r m e a s u r e s C o p y r i g h t © b y E C - C 0 U n C il A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d . E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s E x a m 3 1 2 - 5 0 C e r t if ie d E t h ic a l H a c k e r F o o t p r in t in g a n d R e c o n n a is s a n c e * SHODAN Search Services HTTP HTTP Alternate FTP SNMP UPnP Error 6,692.080 164,711 13.543 9,022 6.392 66.77.20.147 W indow s XP B1znews24.com A d d e d on 25 09 2012 H T T P 1.0 4 0 3 F o rb id d e n S§ S e r v e r M ic r o s o ft-I IS 6 .0 C o n te n t-L e n g th 218 C o n te n t •T y p e : te x th tm l Arin gton IIS E x p o rt: T h is w e b site w a s e x p o rte d u sm g U S E x p o rt v 4 J c lie n t s 2 .b n 2 4 .c o m X -P o w e re d -B y : A S P .N E T D a te : T u e ? 25 S e p 2 0 1 2 0 1 :5 3 :0 0 G M T Top Countries United States China United Kingdom Germany Canada 3,352,389 506,298 362,793 247,985 246,968 www.net.cn) 112.127.180.133 HiChina W eb Solutions (Bering) Lim ited A d d e d on 25 0 9 2 0 1 2 H T T P 1.0 2 0 0 O K H L a s t-M o d ifie d W ed. 2 2 J u n 2011 1 0 :28:46 G M T Chaoyang C o n te n t- T y p e : te x th tm l A cc ep t-R an g e s: b y te s E T ag: " 0 8 3 b 4 2 sc 7 3 0 c c l:0 " Top Cities Englewood Beijing Columbus Dallas Seoul Server. M ic r o s o ft-I IS 7.5 170,677 111,663 107,163 90.899 86,213 Top Organizations Verio W eb Hosting 97,784 HiChina W eb Solutions ... 52,629 Ecommerce Corporation 43,967 GoDaddy.com, LLC 33,234 Comcast Business Commu... 32,203 X -P o w e r e d - B y A S P N E T X -U A -C o m p a tib le E - E m u la te I E 7 D ate: T u e , 25 S e p 2 0 1 2 0 1 :5 3 :0 2 G M T C o n te n t •L ength: 5304 The page must be viewed over a secure channel 41.216.174.82 W in dow s XP V D T C o m m u n ic a t io n s L im it e d A d d e d on 25 0 9 2 0 1 2 II H T T P 1 .0 4 0 3 F o rb id d e n C o n ten t-L en g th : 1409 C o n te n t- T y p e : te x th tm l S e r v e r M ic r o s o ft-I IS 6 .0 X -P o w e r e d - B y A S P N E T D a te : T u e , 25 S e p 2 0 1 2 0 1 :5 9 :2 0 G M T IIS7 110.142.89.161 T elstra Internet A d d e d on 25 09 2012 H T T P 1.0 2 0 0 O K e f l W entw orth F a ls L a s t-M o d ifie d : S a t, 2 0 N o v 2 0 1 0 0 3 :13:31 G M T C o n te n t- T y p e : te x th tm l A c c ep t-R an g e s: b y te s E T ag: “3 a 2 4 cb e 8 6 0 S 8 c b l :0" S e r v e r M ic r o s o ft-I IS 7.5 X -P o w e re d -B y : A S P N E T D a te : T u e , 25 S e p 2 0 1 2 0 1 :5 2 :5 0 G M T FIGURE 2 .3 5 : SH O D AN s c re e n s h o t M o d u le 0 2 P a g e 2 1 0 E t h i c a l H a c k i n g a n d C o u n t e r m e a s u r e s C o p y r i g h t © b y E C - C 0 U n C il A l l R ig h t s R e s e r v e d , R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d . E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s E x a m 3 1 2 - 5 0 C e r t if ie d E t h ic a l H a c k e r F o o t p r in t in g a n d R e c o n n a is s a n c e CEH Traceroute Traceroute programs work on the concept of ICMP protocol and use the TTL field in the header of ICMP packets to discover the routers on the path to a target host IP Source Router Hop IC M P E cho re q u e s t Router Hop Router Hop Destination Host TTL = 1 T r a c e r o u t e F in d in g t h e ro u te o f th e t a r g e t h o s t is n e c e s s a r y t o a tta c k s a n d o t h e r re la tiv e a tta c k s . T h e r e fo r e , y o u th e n e t w o r k . T h is c a n be a c c o m p lis h e d w ith th e t e s t a g a i n s t m a n - i n ־t h e ־m i d d l e n e e d to fin d th e h e lp o f th e ro u te T ra c e ro u te o f t h e t a r g e t h o s t in u tility p ro v id e d w ith m o s t o p e r a t i n g s y s t e m s . It a l l o w s y o u t o t r a c e t h e p a t h o r r o u t e t h r o u g h w h i c h t h e t a r g e t h o s t p a c k e ts t r a v e l in t h e n e t w o r k . T r a c e r o u t e u s e s t h e I C M P p r o t o c o l c o n c e p t a n d T T L ( T i m e t o L i v e ) f i e l d o f IP h e a d e r t o f i n d t h e p a t h o f t h e t a r g e t h o s t in t h e n e t w o r k . T he T ra c e ro u te th e u tility can d e ta il th e n u m b e r o f ro u te rs th e b e tw e e n tw o In te rn e t P ro to c o l num ber c a lle d of T im e ro u te rs d e c r e m e n t th e TTL c o u n t fie ld p a c k e t w ill be d is c a rd e d IP p a c k e t s t r a v e l b e t w e e n p a c k e ts tra v e l th r o u g h , th e r o u te r s , a n d , if t h e and ro u n d trip r o u te r s h a v e D N S e n trie s , th e n e t w o r k a ffilia tio n , as w e ll as th e m a x im u m p a th g e o g ra p h ic To a L iv e packet in t h e an lo c a tio n . (T T L ). m ay The tra n s it. fie ld Each m essage w ill be d u ra tio n in t r a n s i t i n g ro u te rs a n d th e ir b y e x p lo itin g a fe a tu r e is ro u te r IC M P h e a d e r b y o n e . W h e n e rro r tim e s y s t e m s . It c a n t r a c e n a m e s o f th e It w o r k s TTL tw o in te rp re te d th a t th e tra n s m itte d to h a n d le s a o f th e in d ic a te th e packet w ill c o u n t re a c h e s z e ro , th e to th e o rig in a to r o f th e p a c k e t. M o d u le 0 2 P a g e 2 1 1 E t h i c a l H a c k i n g a n d C o u n t e r m e a s u r e s C o p y r i g h t © b y E C - C 0 U n C il A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d . E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s E x a m 3 1 2 - 5 0 C e r t if ie d E t h ic a l H a c k e r F o o t p r in t in g a n d R e c o n n a is s a n c e It s e n d s o u t a p a c k e t d e s t i n e d f o r t h e d e s t i n a t i o n s p e c i f i e d . It s e t s t h e T T L f i e l d in t h e p a c k e t t o o n e . T h e f i r s t r o u t e r in t h e p a th re c e iv e s t h e p a c k e t, d e c r e m e n ts th e TTL v a lu e b y o n e , a n d if t h e r e s u l t i n g T T L v a l u e is 0 , i t d i s c a r d s t h e p a c k e t a n d s e n d s a m e s s a g e b a c k t o t h e o r i g i n a t i n g h o s t to in fo rm i t t h a t t h e p a c k e t h a s b e e n d i s c a r d e d . It r e c o r d s t h e IP a d d r e s s a n d D N S n a m e o f t h a t r o u t e r , a n d s e n d s o u t a n o t h e r p a c k e t w i t h a T T L v a lu e o f t w o . T h is p a c k e t m a k e s it t h r o u g h t h e f i r s t r o u t e r , t h e n t i m e s - o u t a t t h e n e x t r o u t e r in t h e p a t h . T h i s s e c o n d r o u t e r a ls o s e n d s a n e r r o r m e s s a g e b a c k t o t h e o r i g i n a t i n g h o s t . T r a c e r o u t e c o n t i n u e s t o d o t h i s , a n d r e c o r d s t h e IP a d d re s s a n d n a m e o f e a c h r o u t e r u n til a p a c k e t fin a lly re a c h e s t h e t a r g e t h o s t o r u n til it d e c id e s t h a t t h e h o s t is u n r e a c h a b l e . I n t h e p r o c e s s , i t r e c o r d s t h e t i m e i t t o o k f o r e a c h p a c k e t t o t r a v e l ro u n d trip to each ro u te r. re s p o n s e w ill b e se n d to F in a lly , th e when it re a ch e s s e n d e r. T h u s, th is th e u tility d e s tin a tio n , h e lp s t o th e reve a l th e n o rm a l IC M P p in g IP a d d r e s s e s o f t h e i n t e r m e d i a t e h o p s in t h e r o u t e o f t h e t a r g e t h o s t f r o m t h e s o u r c e . IP S ource R o u te r H op ICMP Echo request R o u te r H op R o u te r H op D e s tin a tio n H ost TTl =1 .................................« ............................................................................................................................... ' a a a HTSTSW S a A A A A ICMP error message ICMP Echo request -•• א ............................... A Mi A A ■■■■■■■■■■■ יA A A A "— 1־ ICMP error message ICMP Echo request ICMP error message ICMP Echo request H I :::: A AA A A | 1 ICMP Echo Reply FIGURE 2 .3 6 : W o rk in g o f T ra c e ro u te p ro g ra m How to use the tracert command G o to th e c o m m a n d p ro m p t an d ty p e th e t r a c e r t c o m m a n d a l o n g w i t h d e s t i n a t i o n IP a d d r e s s o r d o m a in n a m e as fo llo w s : C :\> tra c e rt 2 1 6 .23 9.3 6.1 0 T ra c in g r o u te t o n s 3 .g o o g le .c o m 124 [2 1 6 .2 3 9 .3 6 .1 0 ] o v e r a m a x im u m 1 1 2 6 2 ms 1 8 6 ms 2 2 7 9 6 ms 3 0 6 1 ms 3 4 3 6 ms 1 9 5 .2 29.252.130 3 1 5 5 ms 2 1 7 ms 1 5 5 ms 195.229.252.114 2171 ms 1 4 0 5 ms 5 2 6 8 5 ms 1 2 8 0 ms 6 5 5 ms d x b - e m i x - r a . g e 6 3 0 3 . e m i x . ae 6 2 0 2 ms 5 3 0 ms 9 9 9 ms d x b - e m i x - r b . s o l O O . e m i x . ae 609 ms M o d u le 0 2 P a g e 2 1 2 1124 ms 1748 ms 195.229.252.10 4 7 1530 ms o f 30 hops: ms 194.170.2.57 [1 9 5 .2 2 9 .3 1 .9 9 ] [1 9 5 .2 2 9 .0 .2 3 0 ] ia rl-s o -3 -2 -0 .T h a m e s s id e .c w .n e t [1 6 6 .6 3 .2 1 4 .6 5 ] E t h i c a l H a c k i n g a n d C o u n t e r m e a s u r e s C o p y r i g h t © b y E C - C 0 U n C il A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d . E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s E x a m 3 1 2 - 5 0 C e r t if ie d E t h ic a l H a c k e r F o o t p r in t in g a n d R e c o n n a is s a n c e 8 1 6 2 2 ms 9 2377 2 4 9 8 ms ms 2 0 6 1 ms 9 6 8 ms 5 9 3 ms e q ix v a -g o o g le -g ig e .g o o g le .c o m 2 16 .239.48.193 10 3 5 4 6 ms 3 6 8 6 ms 3 0 3 0 ms 2 1 6 . 2 3 9 . 4 8 . 8 9 11 1 8 0 6 ms 1 5 2 9 ms 8 1 2 ms 2 1 6 . 3 3 . 9 8 . 1 5 4 12 1 1 0 8 ms 1 6 8 3 ms 2 0 6 2 ms n s 3 . g o o g l e . c o m Trace [206.223.115.21] [2 1 6.239.36.10] co m p le te . M o d u le 0 2 P a g e 2 1 3 E t h i c a l H a c k i n g a n d C o u n t e r m e a s u r e s C o p y r i g h t © b y E C - C 0 U n C il A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d . E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s E x a m 3 1 2 - 5 0 C e r t if ie d E t h ic a l H a c k e r F o o t p r in t in g a n d R e c o n n a is s a n c e Traceroute Analysis Attackers co n d u c t tra ce ro u te to extract in fo rm a tio n a bo u t: n e tw o rk to p o lo g y , tru sted ro u te rs, and fire w a ll lo ca tio n s For exam ple: a fter running several tra c e ro u te s, an attacker m ight o bta in th e fo llo w in g in fo rm atio n: J » traceroute 1.10.10.20, second to last hop is 1.10.10.1 » traceroute 1 10.20.10, third to last hop is 1.10.10.1 & traceroute 1 10.20.10, second to last hop is 1.10.10.50 » traceroute 1 10.20.15, third to last hop is 1.10.10.1 a traceroute 1 10.20.15, second to last hop is 1.10.10.50 ED n o By putting this in fo rm a tio n together, attackers can draw th e n e tw o rk dia g ra m IIIIIIIIIIIIIIIIIIII 1.10.10.20 1.10.20.10 B a s tio n H ost W e b S e rv e r 1.10.20.50 H acker F ire w a ll 1.10.20. M a il S e rv e r Copyright © by EG-G*ancil. All Rights Reserved. Reproduction is Strictly Prohibited. T r a c e r o u t e s־־־ W e in te rm e d ia te have seen A n a l y s i s how d e v ic e s s u c h th e T ra c e ro u te u tility h e lp s y o u to fin d o u t th e as r o u te r s , fir e w a lls , e tc . p r e s e n t b e t w e e n s o u rc e IP a d d r e s s e s o f and d e s tin a tio n . Y o u ca n d r a w th e n e tw o r k to p o lo g y d ia g ra m b y a n a ly z in g th e T r a c e r o u te re s u lts . A f t e r r u n n in g se ve ra l tra c e ro u te s , y o u o u t th e n e tw o rk . w ill b e a b le t o fin d lo c a tio n o f a p a rtic u la r h o p in t h e t a r g e t L e t's c o n s i d e r t h e f o l l o w i n g t r a c e r o u t e r e s u lt s o b t a i n e d : 9 tra ce ro u te 1 .1 0 .1 0 .2 0 , second 9 tra ce ro u te 1 . 1 0 . 22 00 .. 11 00 . th ird tra ce ro u te 1 .1 0 .2 0 .1 0 second tra ce ro u te 1 .1 0 .2 0 .1 5 th ird tra ce ro u te 1 .1 0 .2 0 .1 5 second to to to to to la s t la s t hop hop la s t la s t hop hop la s t hop is is is is is 1 .1 0 .1 0 .1 1 .1 0 .1 0 .1 1 .1 0 .1 0 .5 0 1 .1 0 .1 0 .1 1 .1 0 .1 0 .5 0 B y a n a ly z in g th e s e re s u lts , a n a tta c k e r ca n d r a w t h e n e t w o r k d ia g ra m o f t h e t a r g e t n e t w o r k as fo llo w s : M o d u le 0 2 P a g e 2 1 4 E t h i c a l H a c k i n g a n d C o u n t e r m e a s u r e s C o p y r i g h t © b y E C - C 0 U n C il A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d . E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s E x a m 3 1 2 - 5 0 C e r t if ie d E t h ic a l H a c k e r F o o t p r in t in g a n d R e c o n n a is s a n c e 1.10.20.10 W eb Server DMZ ZONE § Hacker ......... In te rn e t 1.10.10.1 Router 1.10.10.50 Firewall 1.10.20.50 Firew all 1.10.20.15 M ail S erv er FIGURE 2 .3 7 : D ia g ra m m a tic a l re p re s e n ta tio n o f th e ta r g e t n e tw o rk M o d u le 0 2 P a g e 2 1 5 E t h i c a l H a c k i n g a n d C o u n t e r m e a s u r e s C o p y r i g h t © b y E C - C 0 U n C il A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d . E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s E x a m 3 1 2 - 5 0 C e r t if ie d E t h ic a l H a c k e r F o o t p r in t in g a n d R e c o n n a is s a n c e P a th A n a ly z e r P ro and V is u a lR o u te 2010 a re th e tw o to o ls s im ila r to T ra c e ro u te i n t e n d e d t o t r a c e r o u t e t h e t a r g e t h o s t in a n e t w o r k . P a th < P a th ro u te A n a ly z e r P r o S o u rce : h ttp ://w w w .p a th a n a ly z e r .c o m A n a ly z e r fro m P ro so u rce is a g r a p h i c a l - u s e r - i n t e r f a c e - b a s e d to d e s tin a tio n g ra p h ic a lly . It n u m b e r , i t s IP a d d r e s s , h o s t n a m e , A S N , n e t w o r k a ls o tra c e ro u tin g p ro v id e s name, to o l th a t show s in fo rm a tio n such you as t h e th e hop % lo s s , la t e n c y , a v g . la t e n c y , a n d s td . d e v . a b o u t e a c h h o p i n t h e p a t h . Y o u c a n a l s o m a p t h e l o c a t i o n o f t h e IP a d d r e s s i n t h e n e t w o r k w i t h t h i s t o o l . It a l l o w s y o u t o d e t e c t f ilt e r s , s t a t e fu l f ir e w a l ls , a n d o t h e r a n o m a lie s a u t o m a t i c a l l y in th e n e tw o rk . M o d u le 0 2 P a g e 2 1 6 E t h i c a l H a c k i n g a n d C o u n t e r m e a s u r e s C o p y r i g h t © b y E C - C 0 U n C il A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d . E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s E x a m 3 1 2 - 5 0 C e r t if ie d E t h ic a l H a c k e r F o o t p r in t in g a n d R e c o n n a is s a n c e V is u a lR o u te 2 0 1 0 S o u rce : h ttp ://w w w .v is u a lr o u te .c o m T h i s is a n o t h e r g r a p h i c a l - u s e r - b a s e d t r a c i n g t o o l t h a t d i s p l a y s h o p - b y - h o p you to a n a ly s is . It e n a b le s i d e n t i f y t h e g e o g r a p h i c a l l o c a t i o n o f t h e r o u t e r s , s e r v e r s , a n d o t h e r IP d e v i c e s . I t is a b l e to p ro v id e th e tra c in g in fo r m a tio n in t h r e e f o r m s : as a n o v e r a l l a n a ly s is , in a d a t a t a b l e , a n d as a g e o g r a p h i c a l v i e w o f t h e r o u t i n g . T h e d a t a t a b l e c o n t a i n s i n f o r m a t i o n s u c h a s h o p n u m b e r , IP a d d r e s s , n o d e n a m e , g e o g r a p h i c a l l o c a t i o n , e t c . a b o u t e a c h h o p in t h e r o u t e . F e a tu re s : 9 H o p -b y -h o p tra c e ro u te s 9 R e ve rse tr a c in g ^ H is to ric a l a n a ly s is 9 P a c k e t lo s s r e p o r t i n g 9 R e ve rse DNS 9 P in g p l o t t i n g 9 P o rt p ro b in g 9 F i r e f o x a n d IE p l u g i n M o d u le 0 2 P a g e 2 1 7 E t h i c a l H a c k i n g a n d C o u n t e r m e a s u r e s C o p y r i g h t © b y E C - C 0 U n C il A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d . E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s E x a m 3 1 2 - 5 0 C e r t if ie d E t h ic a l H a c k e r F o o t p r in t in g a n d R e c o n n a is s a n c e Frfe Ed«t Options View M *p t from 1 v ►ttp:// My Compute* ־s - VisualRoute 2010 ־Business Edition • Tnal day 1 of IS Tools H*4p v».n-KT0«0ftaH •0 1 v I «ct 00 PM ? ״f Mm • lo o lv 61»q Kgre to m o vt this view f . y S#tv•* t% stopped www m*cf * « com (65 55 57 8 0 ) £ f| _ O M .m a lo o t s , j Run o o c• ® Tr«c«f ou le to w w w j« K 10 to n .c o n 1 ״ ז9י To L o c a t io n A a J • rtformfton ^ ןh<k and www m icrosoft c om (65 5 5 57 80) M 1cro*oft Corp RTT • /•/• oa 1 in general thr* rout• is reason ably q u ic k ,* th hop* !♦*ponding Redm ond. W A . U S A N e tw o rk F ir e w a ll / V A n a ly s is on average within 122m s However, all h ops after hop 10 in network ]Network for 207 46 47 18)* !•*pond particularly *lowtjr RTT ■ Mot responding to pings 116 3 m * /2 9 6 m * ״1 ־*״ ■ P acket Loss 36 l% / 1 0 0 % O pen to http request* on port 80 P o rt P r o b e R unning *enter M icro*o!WIS/7 5 P a c k e t lo s s R esp on ded in 9543m * AH R o u te le n g th A t least 17 hops A lt e r n a te ״ 4 hop(*) hare alternate route* (Hop{*) 1 2 .1 3 .1 4 & 15) ro u te s ? O Tracer out• to w n w in K i otoH .com You are on day l of a IS day tria l. For purchase inform ation d id t h e re or en ter a license key. Your database is 338 days out of da te d ick here to update. li t i t tim e u s e S pe< u l offe t ? Q kfc h g t 10 J M f c l H t f l i B f t « 1 V b m B P V t g 1 * ־t t t i f l f l i l * H o u rs O nly! FIGURE 2 .3 9 : V is u a lR o u te 2 0 1 0 s c re e n s h o t M o d u le 0 2 P a g e 2 1 8 E t h i c a l H a c k i n g a n d C o u n t e r m e a s u r e s C o p y r i g h t © b y E C - C 0 U n C il A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d . E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s E x a m 3 1 2 - 5 0 C e r t if ie d E t h ic a l H a c k e r F o o t p r in t in g a n d R e c o n n a is s a n c e Traceroute Tools CEH ( C o n t ’d ) p^j N e t w o r k P in g e r M a g ic N e tT ra c e http:/'/www. networkpinger.com http://www.tialsoft.com 0! G E O S p id e r 1^1 | r l http://www.oreware, com 3 D T r a c e r o u te http://www.d3tr.de v T ra c e A n a lo g X H y p e rT ra c e http://vtrace.pl http://www.analogx.com N e tw o r k S y s te m s T ra c e ro u te http://www.net.princeton.edu Si R o a d k il's T ra c e R o u te P in g P lo tte r Mot http://www. roadkil. net http://www.pingplotter, com V4V Copyright © by EG-G*ancil. All Rights Reserved. Reproduction is Strictly Prohibited. T r a c e r o u t e A fe w T o o l s m o re tra c e ro u te ( C o n t ’ d ) to o ls s im ila r to P a th A n a ly z e r P ro a n d V is u a lR o u te 2 0 1 0 a re lis te d as fo llo w s : S N e t w o r k P in g e r a v a ila b le a t h t t p : / / w w w . n e t w o r k p i n g e r . c o m £ G E O S p id e r a v a ila b le a t h t t p : / / w w w . o r e w a r e . c o m Q v T ra c e a v a ila b le a t h t t p :/ / v t r a c e . p l Q T r o u t a v a ila b le a t h t t p : / / w w w . m c a f e e . c o m Q R o a d k il's T ra c e R o u te a v a ila b le a t h t t p : / / w w w . r o a d k i l . n e t Q M a g ic N e tT ra c e a v a ila b le a t h t t p : / / w w w . t ia ls o f t . c o m 0 3 D T ra c e ro u te a v a ila b le a t h ttp ://w w w .d 3 tr .d e Q A n a lo g X H y p e rT ra c e a v a ila b le a t h t t p :/ / w w w .a n a lo g x . c o m Q N e t w o r k S y s te m s T ra c e ro u te a v a ila b le a t h t t p : / / w w w . n e t . p r i n c e t o n . e d u Q P in g P l o t t e r a v a ila b le a t h t t p : / / w w w . p i n g p l o t t e r . c o m M o d u le 0 2 P a g e 2 1 9 E t h i c a l H a c k i n g a n d C o u n t e r m e a s u r e s C o p y r i g h t © b y E C - C 0 U n C il A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d . E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s E x a m 3 1 2 - 5 0 C e r t if ie d E t h ic a l H a c k e r F o o t p r in t in g a n d R e c o n n a is s a n c e F o o t p r in t in g M e t h o d o lo g y C E H Footprinting through Search Engines WHOIS Footprinting Website Footprinting DNS Footprinting Email Footprinting Network Footprinting Competitive Intelligence Footprinting through Social Engineering Footprinting using Google Footprinting through Social Networking Sites Copyright © by EG-G ouid. A ll Rights Reserved. Reproduction isStrictly Prohibited. s F o o t p r i n t i n g So fa r w e M e t h o d o l o g y h a v e d is c u s s e d v a r io u s te c h n iq u e s o f g a t h e r in g in fo rm a tio n e ith e r w ith th e h e lp o f o n lin e r e s o u r c e s o r to o ls . N o w w e w ill d is c u s s f o o t p r i n t i n g t h r o u g h th e a rt o f g ra b b in g in fo rm a tio n fr o m s o c ia l e n g in e e r in g , p e o p le b y m a n ip u la tin g th e m . T h is s e c tio n c o v e rs t h e s o c ia l e n g in e e r in g c o n c e p t a n d t e c h n iq u e s u s e d t o g a t h e r in f o r m a t io n . M o d u le 0 2 P a g e 2 2 0 E t h i c a l H a c k i n g a n d C o u n t e r m e a s u r e s C o p y r i g h t © b y E C - C 0 U n C il A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d . E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s E x a m 3 1 2 - 5 0 C e r t if ie d E t h ic a l H a c k e r F o o t p r in t in g a n d R e c o n n a is s a n c e FootprintingthroughSocial Engineering 0 r Ell E !z J Social e n g in e e rin g is th e a r t o f c o n v in c in g p e o p le to re v e a l c o n fid e n tia l J Social e n g in e e rs d e p e n d on th e fa c t th a t p e o p le are u n a w a re o f th e ir 0 n in fo rm a tio n r \ 4 1 r* v a lu a b le in fo rm a tio n an d are careless a b o u t p ro te c tin g it 0 0 0 0 Social e n g in e e rs a tte m p t to g a ther: ה Social e n g in eers use th e s e te ch n iq u e s: Credit card details and social security number & User names and passwords S Other personal information S Eavesdropping S Shoulder surfing S Dumpster diving S - Security products in use S Operating systems and software 0 Impersonation on social networking sites a versions S Network layout information S IP addresses and names of servers 0 m 0 0 0 Copyright © by EG-G(HIICil. All Rights Reserved. Reproduction Is Strictly Prohibited. F o o t p r i n t i n g S o c ia l e n g in e e rin g t h r o u g h is a t o t a l l y S o c ia l E n o n -te c h n ic a l p e rs o n a n d o b ta in s c o n fid e n tia l in fo rm a tio n a b o u t th e n g i n e e r i n g p ro ce ss in w h ic h an a tta c k e r tric k s a t a r g e t i n s u c h a w a y t h a t t h e t a r g e t is u n a w a r e o f t h e f a c t t h a t s o m e o n e is s t e a l i n g h i s o r h e r c o n f i d e n t i a l i n f o r m a t i o n . T h e a t t a c k e r a c t u a lly p la y s a c u n n in g g a m e w i t h t h e t a r g e t t o o b t a i n c o n f id e n t ia l i n f o r m a t io n . T h e a t t a c k e r ta k e s a d v a n ta g e o f th e h e lp in g n a tu re o f p e o p le and th e ir w e a k n e s s to p ro v id e c o n fid e n tia l in fo rm a tio n . To p e rfo rm s o c ia l e n g in e e r in g , y o u f i r s t n e e d t o g a in t h e c o n f i d e n c e o f a n a u t h o r i z e d u s e r a n d th e n h im tric k e n g in e e rin g or is t o her o b ta in in to re v e a lin g re q u ire d c o n fid e n tia l c o n fid e n tia l in fo rm a tio n . in fo rm a tio n and h a c k in g a t t e m p t s s u c h as g a in in g u n a u t h o r iz e d access to th e e s p io n a g e , e tc . T h e n e tw o rk in tru s io n , c o m m it fra u d s , The th e n b a s ic use th a t goal of s o c ia l in fo rm a tio n fo r s y s te m , id e n tity th e ft, in d u s tria l in fo rm a tio n o b ta in e d th ro u g h s o c ia l e n g in e e r in g m a y in c lu d e c r e d it c a rd d e ta ils , s o c ia l s e c u r it y n u m b e r s , u s e r n a m e s a n d p a s s w o r d s , o th e r p e rs o n a l in fo rm a tio n , o p e ra tin g s y s te m s a n d s o ftw a re s e rv e rs , n e tw o r k la y o u t in fo rm a tio n , a n d m uch v e r s i o n s , IP a d d r e s s e s , n a m e s o f m o r e . S o c ia l e n g in e e r s u s e t h is i n f o r m a t i o n t o h a ck a s y s te m o r to c o m m it fra u d . S o c ia l e n g i n e e r i n g can be p e rfo rm e d in m a n y w a y s s u c h as e a v e s d r o p p in g , s h o u ld e r s u rfin g , d u m p s t e r d iv in g , im p e r s o n a t i o n o n s o c ia l n e t w o r k i n g s ite s , a n d s o o n . M o d u le 0 2 P a g e 2 2 1 E t h i c a l H a c k i n g a n d C o u n t e r m e a s u r e s C o p y r i g h t © b y E C - C 0 U n C il A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d . E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s E x a m 3 1 2 - 5 0 C e r t if ie d E t h ic a l H a c k e r F o o t p r in t in g a n d R e c o n n a is s a n c e C o lle c t I n f o r m a t io n S h o u ld e r S u r fin g , E a v e s d ro p p in g U s in g a n d E a v e s d r o p p in g , D u m p s t e r D iv in g & Shoulder surfing is the procedure listening o f conversations or w here the attackers lo o k over reading o f m essages the user's sho ulder to gain com m un ication such as audio, » video, or w ritten U ™ [ j 6 Dum pster diving is looking for treasure in so m e o n e else's trash « critical inform ation It is interception o f any form of J * C D u m p s te r D iv in g S h o u ld e r S u rfin g Eavesdropping is un authorized f It involves collection o f phone bills, contact inform ation, Attackers gather inform ation such financial inform ation, operations as passwords, personal related inform ation, etc. from identification num ber, account the target com pany's trash bins, num bers, credit card inform ation, printer trash bins, user desk for etc. sticky notes, etc. © © A Copyright © by EG-G*ancil. All Rights Reserved. Reproduction is Strictly Prohibited. C o l l e c t S u r f i n g , As m e n tio n e d I n f o r m a n d a t i o n D u m u s i n g p s t e r D E a v e s d r o p p i n g , S h o u l d e r i v i n g p re v io u s ly e a v e s d ro p p in g , s h o u ld e r s u rfin g , a n d d u m p s t e r d riv in g a re th e th r e e te c h n iq u e s u se d to c o lle c t in fo r m a tio n f r o m p e o p l e u s in g s o c ia l e n g i n e e r i n g . L e t's d is c u s s t h e s e s o c ia l e n g in e e r in g t e c h n i q u e s t o u n d e r s t a n d h o w t h e y c a n b e p e r f o r m e d t o o b t a i n c o n f id e n t ia l in fo rm a tio n . E a v e s d r o p p in g E a v e s d ro p p in g is t h e a c t o f s e c re tly lis te n in g to th e c o n v e rs a tio n s o f p e o p le over a p h o n e o r v id e o c o n f e r e n c e w i t h o u t t h e i r c o n s e n t . It a ls o in c lu d e s r e a d in g s e c r e t m e s s a g e s f r o m c o m m u n i c a t i o n m e d i a s u c h a s i n s t a n t m e s s a g i n g o r f a x t r a n s m i s s i o n s . T h u s , i t is b a s i c a l l y t h e a c t o f in t e r c e p t in g c o m m u n ic a t io n w i t h o u t t h e c o n s e n t o f t h e c o m m u n ic a t in g p a rtie s . T h e a tta c k e r g a in s c o n fid e n tia l in fo rm a tio n by ta p p in g th e phone c o n v e rs a tio n , and in te rc e p tin g a u d io , v id e o , o r w r it t e n c o m m u n ic a tio n . י S h o u ld e r — «— - W ith S u r fin g th is te c h n iq u e , an a t t a c k e r s ta n d s b e h in d th e v ic tim a n d s e c re tly o b s e rv e s th e v ic tim 's a c tiv itie s o n th e c o m p u t e r s u c h k e y s tro k e s w h ile e n te r in g u s e rn a m e s , p a s s w o rd s , e tc . M o d u le 0 2 P a g e 2 2 2 E t h i c a l H a c k i n g a n d C o u n t e r m e a s u r e s C o p y r i g h t © b y E C - C 0 U n C il A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d . E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s E x a m 3 1 2 - 5 0 C e r t if ie d E t h ic a l H a c k e r F o o t p r in t in g a n d R e c o n n a is s a n c e T h is t e c h n iq u e c re d it ca rd is c o m m o n l y in fo rm a tio n , and used to s im ila r g a in d a ta . p a s s w o rd s , It c a n be P IN s, s e c u r it y codes, account p e rfo rm e d a in cro w de d n u m b e rs, p la c e as it is is a l s o k n o w n a s t r a s h i n g , w h e r e t h e a t t a c k e r l o o k s f o r i n f o r m a t i o n in r e l a t i v e l y e a s y t o s t a n d b e h in d t h e v i c t i m w i t h o u t h is o r h e r k n o w l e d g e . D u m p s t e r T h is t e c h n iq u e D iv in g th e t a r g e t c o m p a n y 's d u m p s te r . T h e a tta c k e r m a y g a in v ita l in f o r m a t io n c o n ta c t in fo r m a tio n , fin a n c ia l in fo r m a tio n , o p e r a tio n s - r e la te d codes, p rin to u ts o f s e n s itiv e in fo rm a tio n , e tc . f r o m th e s u c h as p h o n e b ills , in fo rm a tio n , p rin to u ts o f s o u rc e ta rg e t c o m p a n y 's tra s h b in s , p rin te r t r a s h b in s , a n d s tic k y n o t e s a t u s e rs ' d e s k s , e tc . T h e o b t a i n e d i n f o r m a t i o n c a n b e h e lp f u l f o r t h e a tta c k e r to c o m m it a tta c k s . M o d u le 0 2 P a g e 2 2 3 E t h i c a l H a c k i n g a n d C o u n t e r m e a s u r e s C o p y r i g h t © b y E C - C 0 U n C il A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d . E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s E x a m 3 1 2 - 5 0 C e r t if ie d E t h ic a l H a c k e r F o o t p r in t in g a n d R e c o n n a is s a n c e F o o t p r in t in g M e t h o d o lo g y Footprinting through Search Engines WHOIS Footprinting Website Footprinting DNS Footprinting Email Footprinting Network Footprinting Competitive Intelligence Footprinting through Social Engineering Footprinting using Google Footprinting through Social Networking Sites Copyright © by EG-G(IIIICil. All Rights Reserved. Reproduction is Strictly Prohibited. F o o t p r i n t i n g Though th ro u g h s o c ia l M fo o tp rin tin g e n g in e e rin g , fo o tp rin tin g th ro u g h w h e re a s in fo o tp rin tin g a v a ila b le on s o c ia l m e d iu m to p e rfo rm e t h o d o l o g y th ro u g h th e re s o c ia l a re som e s o c ia l e n g in e e r in g , t h e th ro u g h n e tw o rk in g s o c ia l s ite s . n e tw o rk in g s ite s d iffe re n c e s a tta c k e r tric k s n e tw o rk in g A tta c k e rs can sounds s im ila r b e tw e e n p e o p le th e in to s ite s , th e a tta c k e r even use s o c ia l to tw o fo o tp rin tin g m e th o d s . In re v e a lin g in fo rm a tio n g a th e rs in fo rm a tio n n e tw o rk in g s ite s as a s o c ia l e n g in e e r in g a tta c k s . T h is s e c t io n e x p la in s h o w a n d w h a t in fo rm a tio n ca n b e c o lle c te d fr o m s o c ia l n e t w o r k i n g s ite s b y m e a n s o f s o c ia l e n g in e e r in g . M o d u le 0 2 P a g e 2 2 4 E t h i c a l H a c k i n g a n d C o u n t e r m e a s u r e s C o p y r i g h t © b y E C - C 0 U n C il A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d . E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s E x a m 3 1 2 - 5 0 C e r t if ie d E t h ic a l H a c k e r F o o t p r in t in g a n d R e c o n n a is s a n c e C o lle c t I n f o r m E n g i n e e r i n g a t i o n o n t h r o u g h S o c ia l S o c ia l N e t w o r k i n g S ite s Attackers g a ther sensitive in fo rm a tio n th ro u g h social e n g inee ring on social n e tw o rk in g w ebsites such as Facebook, M ySpace, Linkedln, T w itte r, P interest, G oogle+, etc. I V Attackers create a fake p ro file on social n e tw o rk in g sites and th e n use th e false id e n tity to lure th e em ployees to give up th e ir sensitive in fo rm a tio n Employees may post personal inform ation such as date of birth, educational and em ploym ent backgrounds, spouses names, etc. and information about their company such as potential clients and business partners, trade secrets of business, websites, company's upcoming news, mergers, acquisitions, etc. Using th e details o f an em ployee o f th e ta rg e t organization, an attacker can co m p ro m ise a secured fa c ility § Copyright © by EG-G*ancil. All Rights Reserved. Reproduction is Strictly Prohibited C o l l e c t S o c ia l I n f o r m N e t w a t i o n o r k i n g t h r o u g h S o c ia l E n g i n e e r i n g o n S it e s S o c ia l n e t w o r k i n g s ite s a re t h e o n l i n e s e r v ic e s , p l a t f o r m s , o r s ite s t h a t a l l o w p e o p l e t o c o n n e c t w i t h e a c h o t h e r a n d t o b u i l d s o c i a l r e l a t i o n s a m o n g p e o p l e . T h e u s e o f s o c i a l n e t w o r k i n g s i t e s is in c re a s in g T w itte r, ra p id ly . E x a m p le s o f s o c ia l n e t w o r k i n g P in te re s t, G o o g le + , a n d fe a tu re s . One s ite m ay be so on . in te n d e d Each to s ite s in c lu d e Facebook, s o c ia l n e t w o r k in g connect frie n d s , s ite fa m ily , M ySpace, h a s its o w n e tc . and L in k e d ln , p u rp o s e a n o th e r m ay and be in t e n d e d t o s h a r e p r o f e s s io n a l p r o f ile s , e tc . T h e s e s o c ia l n e t w o r k i n g s ite s a re o p e n t o e v e r y o n e . A tta c k e rs m ay ta k e b ro w s in g th ro u g h h im or her m a in ta in a d v a n ta g e o f th e s e to g ra b s e n s itiv e in fo rm a tio n fro m u se rs e ith e r by u s e rs ' p u b lic p ro file s o r b y c r e a tin g a fa k e p ro file a n d tric k in g u s e r t o b e lie v e as a g e n u in e u se r. These s ite s a llo w p ro fe s s io n a l p ro file s , a n d t o s h a re th e p e o p le to s ta y in fo rm a tio n w ith c o n n e c te d w ith o th e rs , to o t h e r s . O n s o c ia l n e t w o r k i n g s ite s , p e o p l e m a y p o s t in f o r m a t i o n s u c h as d a t e o f b ir t h , e d u c a t io n a l i n f o r m a t i o n , e m p l o y m e n t b a c k g ro u n d s , s p o u s e 's nam es, e tc . and c o m p a n ie s m ay post in fo rm a tio n such as p o te n tia l p a rtn e rs , w e b s ite s , a n d u p c o m in g n e w s a b o u t th e c o m p a n y . F o r a n a tta c k e r , th e s e s o c ia l n e t w o r k in g s ite s c a n b e g re a t s o u rc e s to fin d in fo rm a tio n about t h e t a r g e t p e r s o n o r t h e c o m p a n y . T h e s e s ite s h e lp a n a t t a c k e r t o c o lle c t o n ly t h e in f o r m a t io n u p lo a d e d by th e M o d u le 0 2 P a g e 2 2 5 p e rs o n o r th e com pany. A tta c k e rs can e a s ily access p u b lic pages o f th e s e E t h i c a l H a c k i n g a n d C o u n t e r m e a s u r e s C o p y r i g h t © b y E C - C 0 U n C il A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d . E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s E x a m 3 1 2 - 5 0 C e r t if ie d E t h ic a l H a c k e r F o o t p r in t in g a n d R e c o n n a is s a n c e a c c o u n t s o n t h e s ite s . T o o b t a i n m o r e i n f o r m a t i o n a b o u t t h e t a r g e t , a t t a c k e r s m a y c r e a t e a f a k e a c c o u n t a n d u s e s o c ia l e n g in e e r in g t o lu r e t h e v ic t im to re v e a l m o r e in fo r m a tio n . F or e x a m p le , th e a tta c k e r can se n d a frie n d re q u e s t to th e ta rg e t p e rs o n fr o m t h e fa k e a c c o u n t; if t h e v ic tim a c c e p ts th e re q u e s t, th e n th e a tta c k e r ca n access e v e n th e r e s tric te d p a g es o f th e ta r g e t p e rs o n o n t h a t w e b s it e . T h u s , s o c ia l n e t w o r k i n g s ite s p r o v e t o b e a v a lu a b le in fo r m a tio n reso u rce fo r a tta c k e rs . M o d u le 0 2 P a g e 2 2 6 E t h i c a l H a c k i n g a n d C o u n t e r m e a s u r e s C o p y r i g h t © b y E C - C 0 U n C il A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d . E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s E x a m 3 1 2 - 5 0 C e r t if ie d E t h ic a l H a c k e r F o o t p r in t in g a n d R e c o n n a is s a n c e InformationAvailable onSocial Networking Sites What Attacker Gets What Users Do Attacker Gets Organizations Do Contact info, U ser surveys .* M a in ta in profile lo ca tio n, etc. CEH Friends list, jk Connect to frien ds info, etc. A. friends, chatting Business strategies Business strategies J I P ro m o te products * Product profile ...... Identity o f a Share photos fa m ily m em b ers and video s Social engineering U ser suppo rt .................................. Play gam es, i R e c ru itm e n t join groups Platform /technology '־: inform ation Background check Creates events Type o f business to hire em ployees i n Copyright © by EG-G(HIICil. All Rights Reserved. Reproduction is Strictly Prohibited. I n f o r m So n e tw o rk in g fa r, a t i o n we s ite s ; A have now v a i l a b l e d is c u s s e d we w ill o n how d is c u s s an what S o c ia l a tta c k e r N e t w can g ra b in fo rm a tio n an n e tw o rk in g s ite s o r k i n g S it e s in fo rm a tio n a tta c k e r can get fro m s o c ia l fro m s o c ia l n e t w o r k i n g s ite s . P e o p le u s u a lly in fo rm a tio n m a in ta in about th e m p ro file s and to on get s o c ia l c o n n e c te d w ith o th e rs . in The o rd e r p ro file to p ro v id e g e n e ra lly b a s ic c o n ta in s i n f o r m a t i o n s u c h as n a m e , c o n t a c t i n f o r m a t i o n ( m o b i l e n u m b e r , e m a il ID ), f r i e n d s ' i n f o r m a t i o n , in fo rm a tio n a b o u t fa m ily frie n d s c h a t w ith and m e m b e rs , th e m . th e ir A tta c k e rs S o c ia l n e t w o r k i n g s ite s a ls o a l l o w in te re s ts , can p e o p le to a c tiv itie s , g a th e r s e n s itiv e s h a re e tc . P e o p le in fo rm a tio n u s u a lly th ro u g h c o n n e c t to th e ir c h a ts . p h o t o s a n d v id e o s w i t h t h e i r f r ie n d s . If t h e p e o p le d o n 't s e t t h e ir p riv a c y s e ttin g s f o r t h e ir a lb u m s , th e n a tta c k e r s ca n see th e p ic tu re s a n d v id e o s s h a re d b y th e v ic tim . U se rs m a y jo in g ro u p s t o p la y s g a m e s o r t o s h a re t h e ir v ie w s a n d in te re s ts . A tta c k e r s c a n g r a b in f o r m a t io n a b o u t a v ic tim 's in te re s ts b y tr a c k in g t h e ir g ro u p s a n d th e n can tr a p th e v ic tim to reveal m o re in fo rm a tio n . U se rs m a y c re a te e v e n ts to n o tify o th e r u s e rs o f g r o u p a b o u t u p c o m in g o c c a s io n s . W it h th e s e e v e n ts , a tta c k e r s ca n re v e a l t h e v ic tim 's a c t iv it ie s . L ik e in d iv id u a ls , o r g a n iz a t io n s a ls o u s e s o c ia l n e t w o r k i n g s ite s t o c o n n e c t w i t h p e o p le , p ro m o te th e ir M o d u le 0 2 P a g e 2 2 7 p ro d u c ts , and to g a th e r fe e d b a c k about th e ir p ro d u c ts or s e rv ic e s , e tc . The E t h i c a l H a c k i n g a n d C o u n t e r m e a s u r e s C o p y r i g h t © b y E C - C 0 U n C il A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d . E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s E x a m 3 1 2 - 5 0 C e r t if ie d E t h ic a l H a c k e r F o o t p r in t in g a n d R e c o n n a is s a n c e a c t iv it ie s o f a n o r g a n iz a t io n o n t h e s o c ia l n e t w o r k in g s ite s a n d t h e re s p e c tiv e in f o r m a t io n t h a t a n a tt a c k e r ca n g ra b a re as fo llo w s : W h a t O r g a n iz a tio n s D o W h a t A tta c k e r G e ts U se r s u rv e y s B u s in e s s s t r a t e g ie s P ro m o te p ro d u c ts P ro d u c t p ro file User su p p o rt S o c ia l e n g in e e r in g B a c k g ro u n d c h e c k t o h ire T y p e o f b u s in e s s e m p lo y e e s TABLE 2 .1 : W h a t o rg a n iz a tio n s Do a n d W h a t A tta c k e r G ets M o d u le 0 2 P a g e 2 2 8 E t h i c a l H a c k i n g a n d C o u n t e r m e a s u r e s C o p y r i g h t © b y E C - C 0 U n C il A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d . E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s E x a m 3 1 2 - 5 0 C e r t if ie d E t h ic a l H a c k e r F o o t p r in t in g a n d R e c o n n a is s a n c e Collecting FacebookInformation CEH F a c e b o o k is a T r e a s u re - tr o v e f o r A tta c k e r s E u ro p e _ 223,376,640 Middle East N. Americi^J^ 18,241,080 174,586,680 V / ' ■ ׳V 174,586,680 S T k ,'%׳־ « 1 L a t in A m e r ic a 141,612,220 N u m b e r of user using F a c e b o o k all over the world 8 4 5 , r\ o 1 0 0 & m illion m onthly active users *יי O M W 2 5 0 billion connections m illion photos uploaded daily 1 of every 5 of all page views minutes tim e spent per visit Copyright © by EG-G*ancil. All Rights Reserved. Reproduction is Strictly Prohibited. C o l l e c t i n g F a c e b o o k I n f o r m a t i o n F a c e b o o k is o n e o f t h e w o r l d ' s l a r g e s t s o c i a l n e t w o r k i n g s i t e s , h a v i n g m o r e t h a n 8 4 5 m i l l i o n m o n t h l y a c t i v e u s e r s a ll o v e r t h e w o r l d . It a l l o w s p e o p l e t o c r e a t e t h e i r p e r s o n a l p r o f i l e , a d d fr ie n d s , e x c h a n g e in s ta n t m essages, c r e a te o r jo in v a r io u s g r o u p s o r c o m m u n it ie s , a n d m u c h m o re . An a tta c k e r can g ra b in fo rm a tio n lo g in to B ro w s in g n u m b e r, fro m h is /h e r th e p h o to s , a n d a c c o u n t, ta rg e t e m a il a ll t h e F acebook, th e p e rs o n 's ID , f r i e n d m uch and in fo rm a tio n se a rch p ro file in fo rm a tio n , m ore . T he p ro v id e d a tta c k e r s h o u ld fo r e ith e r th e m ay reveal a e d u c a tio n a l a tta c k e r can by th e v ic tim on F ace b o o k. T o g ra b h a v e a n a c tiv e a c c o u n t. T h e a tta c k e r s h o u ld ta rg e t lo t of d e ta ils , use th is p e rs o n u s e fu l or in fo rm a tio n p ro fe s s io n a l in fo rm a tio n o rg a n iz a tio n such d e ta ils , fo r fu rth e r p ro file . as phone h is in te re s ts , h a c k in g p la n n in g , s u c h as s o c ia l e n g in e e r in g , t o re v e a l m o r e in f o r m a t io n a b o u t t h e ta r g e t. M o d u le 0 2 P a g e 2 2 9 E t h i c a l H a c k i n g a n d C o u n t e r m e a s u r e s C o p y r i g h t © b y E C - C 0 U n C il A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d . E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s E x a m 3 1 2 - 5 0 C e r t if ie d E t h ic a l H a c k e r F o o t p r in t in g a n d R e c o n n a is s a n c e About Basic Info TheOtooal WinlegendFacebookPage. Johnlegendnewsong*Tonght’now on׳TireshQpe/£flh7&Ton0tf facrbook Biography OUHflM Cmt U tfiod Johnlurchedhacareerasasessonplayer andvocabt, corrbutrgtobestsekngreardngi bylairynHi, Ak>aKey*. Jay■ 2and*CanyeWestbefore recordnghsownirtrokenchanofTop10aborts••Getlifted(2004), Once Agan...Sm Mor• Hornet0—1 SpmgfieU. OM ArtistsWeAlsoIdee General Manager TheArftsi*Orgaruabon ״ ״ *י Stev*Wonder, Ne-Yo, AJGreen, JeffBuddey Carre•( location NewYork Recordngartist, concertperformerandtNantfropst Johnlegendhatwonnne Grammy*ward*andwa*namedoneofTmemagaane*100mo*trAjenftal Estde, vaughnAnthony, KanyeWest. GoodM\jk JohnlegendCALL>€(713)502-8008 Recordlabel GOOOMusc-Sony/Cotnt»a Contact Info Webute 0 0 htip:/^www.) hriegend-c ffl hflp://www.rfw»meca״p«gn.org http://www״״yspaceco״j)ohrtegend http://www.y u% i)eccm/) hr*egend 0 0 Crete*JrtatsAgency FacebookC 2012•Engtah(US) About CreMeanAd CetteaPage Developer* Careers ־Privacy Cootoes-Term! Hefc> FIGURE 2 .4 0 : F a ce b o o k s c re e n s h o t M o d u le 0 2 P a g e 2 3 0 E t h i c a l H a c k i n g a n d C o u n t e r m e a s u r e s C o p y r i g h t © b y E C - C 0 U n C il A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d . E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s E x a m 3 1 2 - 5 0 C e r t if ie d E t h ic a l H a c k e r F o o t p r in t in g a n d R e c o n n a is s a n c e Collecting Twitter Information CEH Urt1fw< ilhiul lUtbM Wayne Rooney C» ~׳wayneR00ney Japan 29.9 m illio n A Twee* to Wayne Rooney T iveets *1 im> j QWaynaBocncy g t j Pau' WcCartnej a = •־-/ 11 Tweets a FOIWiina 1811 donl 0ut9 ur«Je18l8rd w*tjr 1־׳e Mi w« have 10 he*־ eve-ryttmj in french Hit? utterly rdcjom JR v m m m cant tittleva aTheReaKC3fifKrtoano'a* c*f*n®ny *H0R88p#ct hedon**0 mjc'i «thecouWy >־ct4־o1C01r •oympcs r 'e s w ith la r g e s t ^ 9 K1: 4 6 5 3 5 0 m illion accounts m illion tw e e ts a day 7 6 % 5 5 % W ט ’•Jcov»*An<»VtfvJ s Hopepaulmentr?»9I * # Q Wayne Rooney 3wsyr<»־J4»v,,־ I Great riotory of Brrt»r aiiesiy. Dtl'eitnt T w itte r u s e rs n o w p o s t T w itte r users access th e s ta tu s u p d a te s p la tfo rm via th e ir m o b ile r hb.oooonbefix6 1 Copyright © by EG-Gllincil. All Rights Reserved. Reproduction is Strictly Prohibited. — C o l l e c t i n g T w i t t e r I n f o r m a t i o n T w i t t e r is a n o t h e r p o p u l a r s o c i a l n e t w o r k i n g s ite used by p e o p le to send and rea d t e x t - b a s e d m e s s a g e s . It a llo w s y o u t o f o l l o w y o u r f r ie n d s , e x p e r t s , f a v o r i t e c e le b r it ie s , e tc . T h is s i t e a l s o c a n b e a g r e a t s o u r c e f o r a n a t t a c k e r t o g e t i n f o r m a t i o n a b o u t t h e t a r g e t p e r s o n . T h i s is h e lp f u l in e x t r a c t i n g i n f o r m a t i o n s u c h a s p e r s o n a l i n f o r m a t i o n , f r i e n d th e ta rg e t p o s te d as tw e e ts , w h o m th e t a r g e t is f o l l o w i n g , t h e in fo r m a tio n , a c tiv itie s o f fo llo w e rs o f th e u se r, p h o to s u p lo a d e d , e tc . T h e a t t a c k e r m a y g e t m e a n in g f u l in f o r m a t io n f r o m t h e t a r g e t u s e r's tw e e t s . M o d u le 0 2 P a g e 2 3 1 E t h i c a l H a c k i n g a n d C o u n t e r m e a s u r e s C o p y r i g h t © b y E C - C 0 U n C il A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d . E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s E x a m 3 1 2 - 5 0 C e r t if ie d E t h ic a l H a c k e r F o o t p r in t in g a n d R e c o n n a is s a n c e Wayne Rooney O * Follow ®wayneRooney h a p s /w w u . /acebooic.eom. ^ ’ayntMoon*i/ 119* http offca»waynoroen»y 00m 4,635.170 d T w e e t to W a y n e R o o n e y TV/eets «j No repiiH Q W eyneR ooney i . י:: i ■:-*y Paul M cCartney Nearly tome ptc tw tte r coaV S O C T lllW 0 D t M M d by Wiyfl• Rooney T w e e ts FoSowing a F o io w e r s F a v o rte s P iers M organ m • 2012Twetaf j 3 M :♦-!-־:•;j ־ 0 l s ti < ו ח צqu te understand w h y m e h e! w e h ave to hear e v e r y th r g מFRENCH first7 Utterty ndicutous solym piccerem ony □ =K*«*!K ty Wayne Rooney Expand P m ills rwvcni ■■׳ayca U W A- 940 ,.' f f ! vtrStacAV s cant befteve . TheReaUVC3 a not part o f this cerem ony ־N o Resp ect he done s o much 4 the country Imao = ״Lon do n2 0 l2 *O lym pics שRtfwwwd t y Wayne Rooney Expand Wayne Rooney About Help Tam* Pnvaey .», *♦«:•:< ׳, , B e c k s s m ie on the boat w a s s o funny Btog Stjtu* A Ad»**1*־ef* B1 H Karl H yde ״״ ׳v .H y i* .־.ayneRooney themchaelowen becks to bght a footba■ and bet 1 straight ■ י״ to the Olympic stadum torch GO Rato— tea ty Wayna Rooney V«a> oonvarMOen • Ian Hicholls a .>_©״1af WayneRooney macca « ctosrg t lad ca nl w a r ScouseAndProud * שRafaatad by Wayna Roonay v*■ oon»ar»at«n • Wayne Rooney «R :■ :<»•׳׳ ןY e s the beetles Hope paul me a S flg n g later Representing frverpool B e s t band ev e r . i >■*Rooney ןU r bean Fun n y Expand W ayne Rooney .vaynaReeaey G reat history o f b r t a r already Different to an y other cerem ony i , h ave se e n before FIGURE 2 .4 1 : T w itte r s h o w in g u s e r's tw e e ts M o d u le 0 2 P a g e 2 3 2 E t h i c a l H a c k i n g a n d C o u n t e r m e a s u r e s C o p y r i g h t © b y E C - C 0 U n C il A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d . E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s E x a m 3 1 2 - 5 0 C e r t if ie d E t h ic a l H a c k e r F o o t p r in t in g a n d R e c o n n a is s a n c e Collecting LinkedinInformation LinkedQr •Go tacklaS«t>c*RotUlt Chris Stone Pn.jrHI■״יו׳:.U ׳.'. 1׳j.1 B P “ itv■•י־B-.1•FWi; urn ״־ C*rwl Progmmtn•Mnnnj>f Mfrclacfc*Bank 01.Ijium S«H.*mpt®y*d(( ••יי#• יי׳. Pwl *׳MdotOp!!**"• PtyKt$ * Sv&oc K *XA •*BankEtra PreatsmiTioManigwa MA Bjn*tu׳:<c O jt P1 »j *׳-fT0i P>««r»1>wn ti *XA fcpxxtr MotM W sM nacorrmanMien* )p»ot*>I•*!*cannvnMOm WfltariM CanpjryW<6tM tip■.׳,*♦iMxtr « » ai a ^ *־a Hi « a n Y- -*»■•־1*.^ - 2 n e w m e m b e rs jo in e v e ry s eco nd 2 , 4 4 7 $ 5 2 2 e m p lo y e e s lo c a te d re v e n u e f o r 2 0 1 1 2 m illio n m illio n c o m p a n ie s ha ve L in k e d ln a ro u n d th e w o rld c o m p a n y pages Copyright © by EG-G1IIIIC1I. All Rights Reserved. Reproduction is Strictly Prohibited. C o l l e c t i n g S im ila r to L i n k e d l n Facebook and I n f o r m T w itte r, a t i o n L in k e d ln is a n o th e r s o c ia l n e tw o rk in g p r o f e s s io n a ls . It a llo w s p e o p l e t o c r e a t e a n d m a n a g e t h e i r p r o f e s s i o n a l p r o f i l e s ite fo r a n d id e n t i t y . It a llo w s its u s e rs t o b u ild a n d e n g a g e w i t h t h e i r p r o f e s s io n a l n e t w o r k . H e n c e , t h is c a n b e a g r e a t in fo rm a tio n reso u rce e m p lo y m e n t d e ta ils , m ore th e about fo r th e a tta c k e r. p a st e m p lo y m e n t ta rg e t p e rs o n . The The a tta c k e r d e ta ils , a tta c k e r m ay e d u c a tio n can get in fo rm a tio n d e ta ils , c o lle c t a ll c o n ta c t th is such d e ta ils , in fo rm a tio n as cu rre n t and w ith m uch th e f o o t p r in t in g p ro ce ss. M o d u le 0 2 P a g e 2 3 3 E t h i c a l H a c k i n g a n d C o u n t e r m e a s u r e s C o p y r i g h t © b y E C - C 0 U n C il A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d . E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s E x a m 3 1 2 - 5 0 C e r t if ie d E t h ic a l H a c k e r F o o t p r in t in g a n d R e c o n n a is s a n c e Linked 03• *«** !״Ty!* bmc : Horn• Profile Contacts Group* Job■ inbox Conpann Non Mora < G o back 10 Search Results C hris Stone S ee e x p a n d e d Programme Manager at Deutsche Bank Belgium Bru ssels Area B e lp u m Management Consu»mg Connect Send InMari Save Chns's F Current P ro g ra m m e M a n a g e r at D eu tsch e B a n k B e lg iu m D irecto r a n d Co n s u lta n t a! P ro g ra m M a n a g e m e n t S olu tio n s sprl (S e lf e m p lo y e d ) Pa st Education Head of Operations Projects & Support Investment O m s k *! at A X A Bank Europe Programme Manager at A X A Bank Europe O utsourcing Programme & Procurement Manager at A X A B ek pu m O M il• • Henot-Watt Institute of Chartered Secretaries and Adm M st/ators Recommendations Connections W ebsites Public Protoe 3 people have recommended Chns 500• connections Com pany W ebs4e http II be knkedn c o m W c ss to n e FIGURE 2 .4 2 : L in k e d ln s h o w in g u s e r's p ro fe s s io n a l p ro file a n d id e n tity M o d u le 0 2 P a g e 2 3 4 E t h i c a l H a c k i n g a n d C o u n t e r m e a s u r e s C o p y r i g h t © b y E C - C 0 U n C il A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d . E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s E x a m 3 1 2 - 5 0 C e r t if ie d E t h ic a l H a c k e r F o o t p r in t in g a n d R e c o n n a is s a n c e CollectingYoutube Information I CEH 3 rd tm M o s t v is ite d w e b s ite « a c c o rd in g t o A le x a 8 2 9 ,4 4 0 I V id e o s u p lo a d e d 9 0 0 Sec A v e ra g e tim e u se rs s p e n d o n Y o u T u b e e v e ry d a y ,G E E Copyright © by EG-G*ancil. All Rights Reserved. Reproduction is Strictly Prohibited. Q ) 1] C o l l e c t i n g Y o u T u b e I n f o r m Y o u T u b e is a w e b s i t e t h a t a l l o w s y o u t o a t i o n u p l o a d , v i e w , a n d s h a r e v i d e o s a ll o v e r t h e w o r ld . T h e a tta c k e r ca n s e a rc h f o r th e v id e o s re la te d t o th e ta r g e t a n d m a y c o lle c t in f o r m a t io n fro m th e m . FIGURE 2 .4 3 : Y o u tu b e s h o w in g v id e o s re la te d t o ta r g e t M o d u le 0 2 P a g e 2 3 5 E t h i c a l H a c k i n g a n d C o u n t e r m e a s u r e s C o p y r i g h t © b y E C - C 0 U n C il A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d . E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s E x a m 3 1 2 - 5 0 C e r t if ie d E t h ic a l H a c k e r F o o t p r in t in g a n d R e c o n n a is s a n c e TrackingUsers onSocial Networking Sites J CEH U sers m ay use fake id e n titie s on social netw orking sites. Attackers use to o ls such as G e t S o m e o n e s IP o r IP-G R ABB ER to track users' real identity J Steps to get so m e o n e 's IP address thro ugh chat o n F a ceb o o k using G e t S o m e o n e s IP tool: © G o to http:/ / www.myiptest.com/staticpages/ index.php/how-about-you © Three fields exist: L in k fo r P e rso n L in k fo r yo u R e d ire c t U R L Copy the generated link of Enter any U R L you w ant this field and send it to the th e target to redirect to O p en th e URL in this field and keep checkin g fo r target via chat to get IP ta rge t's IP address Link ID kKp«rs4«1: http Ifwmi nyiptesi corr/img pk>?>d=z0eujbg1f?&Klnwwvr gruil con&rd=־yatoc c>rr& IP Ideu jb g1f2 kxyou: > מזיN*ww myiptest corvstatKpages/ndex prp«'׳to<«f-aboutyou'*d=zc»Mbj1G&shw*jp Proxy Refer Dateffime 8 5.93.218.204 NO NO 201 2 -08 -0 6 1 3:04 4 4 h ttp ://w w w .m y ip te s t.c o m Copyright © by EG-G*ancil. All Rights Reserved. Reproduction is Strictly Prohibited. T r a c k i n g ^ In o rd e r k n o w le d g e about cases, w ill you to U s e r s S o c ia l p ro te c t th e m s e lv e s In te r n e t c rim e s not o n get exact m ay fro m e t w o r k i n g In te rn e t fra u d use fa k e in fo rm a tio n N id e n titie s about th e on ta rg e t and S it e s a tta c k s , p e o p le s o c ia l n e t w o r k in g u se r. So to w ith s ite s . d e te rm in e little In s u c h th e rea l i d e n t i t y o f t h e t a r g e t u s e r , y o u c a n u s e t o o l s s u c h a s G e t S o m e o n e ' s IP o r I P - G R A B B E R t o t r a c k u s e rs ' re a l id e n titie s . If y o u w a n t t o t r a c e t h e i d e n t i t y o f p a r t i c u l a r u s e r, t h e n d o t h e f o l l o w i n g : • O p e n y o u r w e b b ro w s e r , p a s te th e URL, a n d p re ss E n te r: h ttp ://w w w .m y ip te s t.c o m /s ta tic p a g e s /in d e x .p h p /h o w -a b o u t-v o u • N o tic e th e th re e URL: http://, • and fie ld s a t th e b o tto m o f th e web pa g e, n a m e ly Link for person, Redirect Link for you. T o g e t r e a l IP a d d r e s s o f t h e t a r g e t , c o p y t h e g e n e r a t e d lin k o f t h e Link for person fie ld a n d s e n d it t o t h e t a r g e t v ia c h a t. • E n te r a n y • Open th e URL y o u URL w a n t t h e t a r g e t t o r e d i r e c t t o in p re s e n t in th e L in k for you fie ld the Redirect link: http:// in a n o th e r w in d o w , to fie ld . m o n ito r th e t a r g e t ' s IP a d d r e s s d e t a i l s a n d a d d i t i o n a l d e t a i l s . M o d u le 0 2 P a g e 2 3 6 E t h i c a l H a c k i n g a n d C o u n t e r m e a s u r e s C o p y r i g h t © b y E C - C 0 U n C il A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d . E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s E x a m 3 1 2 - 5 0 C e r t if ie d E t h ic a l H a c k e r F o o t p r in t in g a n d R e c o n n a is s a n c e Link for person: http //www myiptest com/1 mg php7!d=zdeujbg1f2&rdr=www gmail com&rdr=yahoo com& Redirect URL: http# www gmail com Link for you: http //www myipfest com/staticpages/index php/how-about-you?id=zdeujbg1f2&showjp: L i n k ID IP P ro xy R e fe r D a te ffim e z d e u jb g lf2 8 5 .9 3 .2 1 8 .2 0 4 NO NO 2 0 1 2 -0 8 -0 6 1 3 :0 4 :4 4 FIGURE 2 .4 4 : T ra c in g id e n tity o f u s e r's M o d u le 0 2 P a g e 2 3 7 E t h i c a l H a c k i n g a n d C o u n t e r m e a s u r e s C o p y r i g h t © b y E C - C 0 U n C il A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d . E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s E x a m 3 1 2 - 5 0 C e r t if ie d E t h ic a l H a c k e r F o o t p r in t in g a n d R e c o n n a is s a n c e ־ 1 M Footprinting Concepts Footprinting Threats Footprinting M ethodology Footprinting Penetration Testing Footprinting Countermeasures Footprinting Tools o d u l e F l o w F o o tp rin tin g can be p f: e r f o r m e d w ith th e h e lp o f to o ls . M a n y o rg a n iz a tio n s o ffe r to o ls t h a t m a k e in fo r m a t io n g a th e r in g an e a s y jo b . T h e s e to o ls e n s u re th e m a x im u m ף Footprinting Concepts | w |־ Footprinting Threats CD Footprinting Methodology F o o t p r in tin g T o o ls Footprinting Countermeasures vtv Footprinting Penetration Testing T h is s e c tio n d e s c rib e s t o o ls in t e n d e d f o r g r a b b in g in f o r m a t io n f r o m v a r io u s s o u rc e s . M o d u le 0 2 P a g e 2 3 8 E t h i c a l H a c k i n g a n d C o u n t e r m e a s u r e s C o p y r i g h t © b y E C - C 0 U n C il A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d . E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s E x a m 3 1 2 - 5 0 C e r t if ie d E t h ic a l H a c k e r F o o t p r in t in g a n d R e c o n n a is s a n c e Footprinting Tool: Maltego F o o t p r i n t i n g T o o l: M a l t e g o S o u rce : h ttp ://p a te rv a .c o m M a lte g o is in fo rm a tio n an open g a th e rin g so u rce in te llig e n c e and fo re n s ic s p h a s e o f a ll s e c u r i t y - r e l a t e d a p p lic a tio n . w o rk. M a lte g o It can be is a p l a t f o r m used fo r d e v e lo p e d th e to d e l i v e r a c l e a r t h r e a t p i c t u r e t o t h e e n v i r o n m e n t t h a t a n o r g a n i z a t i o n o w n s a n d o p e r a t e s . It c a n be used to d e te rm in e th e r e la tio n s h ip s a n d re a l-w o rld lin k s b e t w e e n p e o p le , s o c ia l n e t w o r k s , c o m p a n i e s , o r g a n i z a t i o n s , w e b s i t e s , I n t e r n e t i n f r a s t r u c t u r e ( d o m a i n s , D N S n a m e s , N e t b l o c k s , IP a d d re s s e s ) , p h ra s e s , a f f ilia t io n s , d o c u m e n t s , a n d file s . I ! —ך M ----| | | ■ ° r ° ־V 1^ 0 q o O © & י- 0 9 o o n 9 < ~ o Or ״ '3 ־ ° ° ‘ — o ‘ r* w m Internet Domain : J ^ O W c - Personal Information FIGURE 2 .4 5 : M a lte g o s h o w in g In te r n e t D o m a in a n d p e rs o n a l in fo rm a tio n M o d u le 0 2 P a g e 2 3 9 E t h i c a l H a c k i n g a n d C o u n t e r m e a s u r e s C o p y r i g h t © b y E C - C 0 l1 n C il A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d . E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s E x a m 3 1 2 - 5 0 C e r t if ie d E t h ic a l H a c k e r F o o t p r in t in g a n d R e c o n n a is s a n c e FootprintingTool: Domain Name Analyzer Pro CEH Setting W indow http://www.domoinpunch.1 Copyright © by EG-Gtancil. All Rights Reserved. Reproduction Is Strictly Prohibited. F o o t p r i n t i n g T o o l : D o m a i n N a m e A n a l y z e r P r o S o u rce : h ttp ://w w w .d o m a in p u n c h .c o m D o m a in Nam e m a in ta in in g c re a tio n A n a ly z e r m u ltip le P ro fe s s io n a l d o m a in nam es. is It W in d o w s s u p p o rts s o ftw a re th e d is p la y fo r of fin d in g , a d d itio n a l m a n a g in g , d a ta and (e x p iry and d a te s , n a m e s e rv e r in fo r m a tio n ) , ta g g in g d o m a in s , s e c o n d a ry w h o is lo o k u p s ( fo r th in m o d e l w h o is T L D s lik e C O M , N ET, T V ). T h e fo llo w in g is a s c r e e n s h o t o f t h e D o m a in Nam e A n a ly z e r P ro to o l s h o w in g d o m a in nam e in fo rm a tio n : M o d u le 0 2 P a g e 2 4 0 E t h i c a l H a c k i n g a n d C o u n t e r m e a s u r e s C o p y r i g h t © b y E C - C 0 U n C il A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d . E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s E x a m 3 1 2 - 5 0 C e r t if ie d E t h ic a l H a c k e r F o o t p r in t in g a n d R e c o n n a is s a n c e TZ0'' Testdpng • Domain Name Analyze ׳Pro ־ C»*׳־ Output נ (C■ ו ! נ A 1 _ Mrtc 0*t*t» « ׳SMdrt M Doium מ lo o lu * 0o«u 9 SMn mctosoftcom uptnctml VMiDoicom cwtMhidutca■ U|Rm<*k1 WS5.M201 it»tu1 ׳ VWw WDoalootupAt M2W21MS3SPM Mi.1n.1S2J( mnM.W 1 / cert fie d tw c k e f.c o m ז1פ CO* COT 162*1? 11 Ml Bar Domaai m e doman certfeAadcer.com resokes to an ip Address [202.7S.S4.101]. So » is most Hceh not avaiafeie •or reparation triess your ISP, - j UnknoMil network admmrt&ator or you h»»e sett* the local network to resohe al host names. . <ft i)ph»t«S may use the App Seangs and toaMe the ־Mranae Whois lootaos' option t Hyph«n*te vog I you war* the •hots data nstead th« guck ONS based check. WWWDo״ fc fend»901 j j InAuctc״ NctoAuc 02 J T»99<4D0• •j Unt»99«dl ■t [>NAf*0 0 1 1 1 W 1f c NUU D o m a in * U S MO* N a m e • M at V I w O u#tqr J * In fo r m a tio n FIGURE 2 .4 6 : D o m a in N a m e A n a ly z e r P ro s o ftw a re s h o w in g D o m a in N a m e In fo rm a tio n M o d u le 0 2 P a g e 2 4 1 E t h i c a l H a c k i n g a n d C o u n t e r m e a s u r e s C o p y r i g h t © b y E C - C 0 U n C il A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d . E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s E x a m 3 1 2 - 5 0 C e r t if ie d E t h ic a l H a c k e r F o o t p r in t in g a n d R e c o n n a is s a n c e FootprintingTool:WebData Extractor CEH J Extract targeted c o m p a n y co n ta ct data (em ail, p h o n e , fax) fro m w eb fo r respo nsible b2b co m m u n ic a tio n J Extract UR L, m eta tag (title, descrip tio n , keyw ord) fo r w ebsite p ro m o tio n , sea rch d irecto ry creatio n, w eb research Copyright © by EG-G(HIICil. All Rights Reserved. Reproduction is Strictly Prohibited. F o o t p r i n t i n g T o o l : W e b D a t a E x t r a c t o r S o u rce : h ttp ://w w w .w e b e x tr a c to r .c o m W eb D a t a E x t r a c t o r is a d a t a e x t r a c t o r t o o l . I t e x t r a c t s t a r g e t e d c o m p a n y c o n t a c t d a t a ( e m a i l , p h o n e , a n d fa x ) f r o m th e w e b , e x tra c ts th e U R L a n d m e ta ta g (title , de sc, k e y w o rd ) fo r w e b s ite p ro m o tio n , d ire c to ry se a rch e s c re a tio n , e tc . T h e fo llo w in g is a s c r e e n s h o t o f t h e W eb D a ta E x tr a c to r s h o w in g m e ta ta g s : M o d u le 0 2 P a g e 2 4 2 E t h i c a l H a c k i n g a n d C o u n t e r m e a s u r e s C o p y r i g h t © b y E C - C 0 l1 n C il A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d . E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s E x a m 3 1 2 - 5 0 C e r t if ie d E t h ic a l H a c k e r F o o t p r in t in g a n d R e c o n n a is s a n c e W e b D a ta E xtractor 8 3 E׳le yiew m Uelp & ^ 1e « ן £dr np»r> I £ Ult S1C£ I littp//ceiUiedhackc lYtp//cs1tfipdhacle |y.t>//cc tfiedhocko hrtp1//ce tfipdhacke Iv.to://ce tficdhackc hrlpr //ce tfiedhacke t^icdhackc tfiedhacke h:b //:=■ ■ N.t» //ooilficdhackc tJicdhackc http://cei tfiedhacke tficdhackc hrtto//coilificdhockc http//esi tfledhacke hf.t>.//o=1t^cdhackc Uicdhackc htlp //cei ttiedhacke KtoV/ce Uiedhacke Iv.tp //c s tfiedhacke H:tp //OH tfiedhacke http//co tfiodhack© krto//c» tfiedhacke http//c»3 tfiodhocko hftn//ce rfiedhacke Iv.tp//cc tficdhackc hrtp//0“ tfi(»dhad:p Iv.tp//cc tficdhackc 1ttp7/c®1rliArthArk a http//ccitfiedhackc tfiodhockc 1ttp//0il Hi^rthArle lAtp//cc1tfioJhotko tfisdhocko http //oettt1»dh«cke Ir.ly //tc tficdtiatkc http//בכיtliodhaoko 1r.to//c»1Ifiedlidcke Nip //0#1tf1*dh*cke l*tu//c«1tfiodl1ackc N.t»//ce Job• 0 1 16 | Cur tpecd Av<3 stm 6 1bp. 11111,11 ־*־ST<*»rr Hot! Title Domai com,0nlr< Onlne Booking: I # bed•ing, hotel Drlhe Ecckr h»tp://cethfcd־o c rrn /flnlr< f rlhf* Booking ׳Hot brfking kclel Ecckr h»־p f , c c conw'Onlr* Onlne Booking: P rr becking, kctelD rihe Ecckr http:׳׳/ca lifcd ־o c corn/P-folirP-Folc h r p ',c « 1if« * ־A e corn/'P-foli: F Tolc hlip://1califcd־o : corVP-foli: P-Folc M ip 7 ;c a tie d a c corVP-foli: P־Folc http, ^cahfccko c conWReallProle^malRealEiraa enae.fea^-oteJttxwlFhrp^/cefiifeck.a c corn/Real I FioIcs»b13־l Rral E; 0^ נ>שו כ=וfc^«3cvdF ht‘p7 ׳c a h fc tio c com/Real I Ftole^malR»aIE<r»a etta€,rea:>ote?t»DCMlFhtp://C«11f€<l־a c com/ReollFtotes»bn3IRsalE:153 e;t3e. tea ^ofcjiwnalFhtip:(׳/ca lif ed־o c conWReallFTole^malRealEuaa ettae, rea 3־ote ^ xia l FWcp:'/c«1׳f€cka c com/Retic Ycu -OTtxxv - Fee Sonr k c y w d A ;Fat de^aiht)p:f i ccrhfcd־o c com/'RecipYou corpary - Flee Soto keyword A tkcr* deiai W‘p:/,ce1hfe<f־a c com/Recic Ycu c orpdrv-A tcSonetev-iod A :k a ! dKCiihUDV/cefiifetfa c com/Reci;: Ycu corpa׳y Pee Sons k y w d A skat desai M 'p ^cah fcd -o c com/Recic You corpary ־Ccr Son- key !״ad A ;Frit desai ht:p //c & ffe c to c com/Recif Ycu corpary Pee Sons key-«־crd A ska* de;cn h t'p :ccr hfed־o c com/Recin Ycu corpary - Pet Son- keypad A ?krii daaihirp //c«iifecka c com/Roci:Ycu corpary Fee Sons key Mad \ ska• dosai M‘p:/ ׳c€rhfccko c conWRecir Ycu covpary - Pec Son• keyword A ?kcri <fe?rrih»TV«hf«1 v» c com/'Rccic Ycu ooirpay Pee Sone keypad A :ka• desaih<tp://ca1ifcc1־o c eorWReeipY c u eorpary •PeeSon• keyword A *km deiaihf p rwtif c com/׳Soeia Unite TogclSe1ijEkc>v»cd»,orp Ab»dow:«|h»tp:Aca1iFcel־o c 00 « ^ ית01 זYeu eonrpary • Pee Son* kpywrd A 1k n l d*1<־fih»rp / , r « 1if<־rk/» c oom/Socia h»*p:.׳/ca iifcd ־o c com/Sona Unite • 1ogetftw it k \ *jv w il: 01 p A t*W n*K־m h»rp/,r#fM#rk,j» C corn/S otia Unite -1 vqeltisi i> C\ cvv*u J». ot p A U d oc1. 11( U p '/<.ahfaJ o t cont/Soei*Unite • 1 oget'w • fc \ ♦>v»e13:. orp Abref 0»f :■f h»׳p ׳,c«»hf«ck.* c corWTuibc I 0 0 1 1 י׳וזזndo Unfia tho I r« W־p: Z/cerWccko 0 h t 'p V / L t f t f e i J a C corn/Undo UnOa the Tie W־p: //C«fW«d-1* c com/Und* Under the I r# l ValifoJ o c com/RcoitYcu -•j ii-a 1 ׳-MerSon» keypad A tkcrtdeicn Wtp: ׳/cwWceJ-al co«n tot Va'ifedo t Page 12GG1 39498 5GG3 9307 8531 P0< *׳i« f ׳r o Key 12012011 12-01■2011 1122--0011-22001111 12-012011 9464 12-01-2011 12-01-2011 12-01-2011 1122--0011--22001111 12-01-2011 12-01-2011 12-01-2011 12-01-2011 12-01-2011 12-012011 12-01-2011 12-012011 12-01-2011 12012011 12-01-2011 12012011 12012011 1 10049 3683 3089 4352 5767 5789 10147 10081 5762 9635 5828 9366 9594 8397 10804 1271G 8862 13274 12451 1409 16239 12143 16259 5227 8693 2963 5932 7909 11584 12-01•2011 12-01•201 12-01 2011 12-01•2011 12-012011 12-01•2011 □1 1122--0011•220J1111 12-01-2011 12-01•All I 12 LU11 12-01^011 1 0 FIGURE 2 .4 7 : W e b D ata E x tra c to r s h o w in g m e ta tag s M o d u le 0 2 P a g e 2 4 3 E t h i c a l H a c k i n g a n d C o u n t e r m e a s u r e s C o p y r i g h t © b y E C - C 0 l1 n C il A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d . E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s E x a m 3 1 2 - 5 0 C e r t if ie d E t h ic a l H a c k e r F o o t p r in t in g a n d R e c o n n a is s a n c e A d d it io n a l F o o t p r in t in g T o o ls cL U Prefix W hois Netmask http://pwhois.org http://www.phenoelit-us.org NetScanTools Pro Binging http://www.netscantools.com http://www.blueinfy.com Tctrace Spiderzilla http://www.phenoelit-us.org http://spiderzilla.mo/dev.org Autonom ous System Scanner(ASS) » Sam Spade http://www.majorgeeks.com http://www.phenoelit-us.org ifi C E H Robtex DNS DIGGER http://www.dnsdigger.com n <^KPj http://www.robtex.com Copyright © by EG-Gtancil. All Rights Reserved. Reproduction is Strictly Prohibited. A d d i t i o n a l F o o t p r i n t i n g T o o ls In a d d i t i o n t o t h e f o o t p r i n t i n g t o o l s m e n t i o n e d p r e v i o u s l y , a f e w m o r e t o o l s a r e l i s t e d as f o llo w s : -י P re fix W h o is a v a ila b le a t h t t p : / / p w h o is . o r g S N e tS c a n T o o ls P ro a v a ila b le a t h t t p : / / w w w . n e t s c a n t o o ls . c o m Q T c tra c e a v a ila b le a t h t t p : / / w w w . p h e n o e lit - u s . o r g Q A u t o n o m o u s S y s t e m S c a n n e r (A S S ) a v a i l a b l e a t h t t p : / / w w w . p h e n o e l i t - u s . o r g £ D N S D IG G E R a v a ila b le a t h t t p : / / w w w . d n s d i g g e r . c o m O N e tm a s k a v a ila b le a t h t t p : / / w w w . p h e n o e lit - u s . o r g S B in g in g a v a ila b le a t h ttp ://w w w .b lu e in fy .c o m Q S p id e rz illa a v a ila b le a t h t t p :/ / s p id e r z illa . m o z d e v . o r g S S a m S p a d e a v a ila b le a t h t t p :/ / w w w .m a jo r g e e k s . c o m S R o b te x a v a ila b le a t h t t p : / / w w w . r o b t e x . c o m M o d u le 0 2 P a g e 2 4 4 E t h i c a l H a c k i n g a n d C o u n t e r m e a s u r e s C o p y r i g h t © b y E C - C 0 U n C il A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d . E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s E x a m 3 1 2 - 5 0 C e r t if ie d E t h ic a l H a c k e r F o o t p r in t in g a n d R e c o n n a is s a n c e A d d it io n a l F o o t p r in t in g T o o ls ( C o n t ’d ) § ■ץ Dig Web Interface SpiderFoot http://www.digwebinterface.com m (? W http://www.binarypool.com Domain Research Tool CallerIP http://www.domainresearchtool.com http://www.callerippro.com ActiveW hois Zaba Search http://www.johnru.com http://www.zabasearch.com yoName Ww (E H (•rtifwtf | tlfciijl ■UtkM GeoTrace http://yoname.com http://www.nabber.org j Ping-Probe DomainHostingView http://www.ping-probe.com http://www.nirsoft.net Copyright © by EG-CtllllCil. All Rights Reserved. Reproduction Is Strictly Prohibited. A d d i t i o n a l F o o t p r i n t i n g T o o l s ( C o n t ’ d ) A d d i t i o n a l f o o t p r i n t i n g t o o l s t h a t a r e h e l p f u l in g a t h e r i n g i n f o r m a t i o n a b o u t t h e t a r g e t p e r s o n o r o r g a n iz a t io n a re lis te d as f o llo w s : © D ig W e b I n t e r f a c e a v a ila b le a t h t t p :/ / w w w .d ig w e b in t e r f a c e . c o m Q D o m a in R e s e a rc h T o o l a v a ila b le a t h t t p : / / w w w . d o m a in r e s e a r c h t o o l. c o m Q A c tiv e W h o is a v a ila b le a t h t t p : / / w w w . j o h n r u . c o m Q y o N a m e a v a ila b le a t h t t p : / / y o n a m e . c o m 6 P in g -P ro b e a v a ila b le a t h t t p : / / w w w . p in g - p r o b e . c o m © S p id e rF o o t a v a ila b le a t h t t p : / / w w w . b in a r y p o o l. c o m 0 C a lle rIP a v a ila b le a t h t t p : / / w w w . c a l l e r i p p r o . c o m Q Z a b a S e a rc h a v a ila b le a t h t t p :/ / w w w .z a b a s e a r c h . c o m Q G e o T ra c e a v a ila b le a t h t t p : / / w w w . n a b b e r . o r g D o m a in H o s tin g V ie w a v a ila b le a t h t t p : / / w w w . n ir s o f t . n e t M o d u le 0 2 P a g e 2 4 5 E t h i c a l H a c k i n g a n d C o u n t e r m e a s u r e s C o p y r i g h t © b y E C - C O U I I C il A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d . Ethical Hacking a n d C o u n te rm e a s u re s F o o tp rin tin g a n d R e c o n n a issa n c e M o d u le Exam 3 1 2 -5 0 C ertified Ethical H acker F lo w So fa r we have discussed th e im portance o f fo o tp rin tin g , various ways in which fo o tp rin tin g can be p erfo rm ed , and the tools th a t can be used fo r fo o tp rin tin g . Now we w ill discuss the co unterm easures to be applied in o rd e r to avoid sensitive in fo rm a tio n disclosure. x Footprinting Concepts IHJ■ Footprinting Tools Footprinting Threats C L ) Footprinting Methodology fo o tp rin tin g C ounterm easures % (( Footprinting Penetration Testing This section lists various fo o tp rin tin g counterm easures to be applied at various levels. M o d u le 0 2 P ag e 2 46 Ethical H acking a n d C o u n te rm e a s u re s C opyright © by EC-C0l1nCil All Rights R eserved. R ep ro d u ctio n is Strictly P ro h ib ite d . Ethical Hacking a n d C o u n te rm e a s u re s F o o tp rin tin g a n d R e c o n n a issa n c e Exam 3 1 2 -5 0 C ertified Ethical H acker FootprintingCountermeasures CEH fertiAH itfciui IUck« & C onfigure routers to restrict th e responses to fo o tp rin tin g requests Lock the ports w ith the s uitab le fire w a ll co nfig u ration C onfigure w eb servers to avoid in fo rm a tio n leakage and disab le un w an ted protoco ls Use an IDS th a t can be co nfigured to refuse su sp iciou s tra ffic and pick up fo o tp rin tin g patterns Evaluate and lim it the am ount of inform ation available before publishing it on the w eb site/ Internet and disable the unnecessary services Perform fo o tp rin tin g tech n iq u es and rem ove any sen sitive in fo rm a tio n fou n d Prevent search engines fro m caching a w eb Enforce secu rity policies to regulate page and use an on ym ous registration th e in fo rm a tio n th a t em ployees can services reveal to th ird parties & Copyright © by EG-G(HIICil. All Rights Reserved. Reproduction is S trictly Prohibited. F o o tp r in tin g C o u n te rm e a s u re s F o o tp rin tin g co unterm easures are the measures or actions taken to co u n te r or o ffse t in fo rm a tio n disclosure. A fe w fo o tp rin tin g counterm easures are listed as follow s: y Configure routers to re strict the responses to fo o tp rin tin g requests. 9 Lock the ports w ith suitable fire w a ll co nfiguration. Q Evaluate and lim it the a m o un t o f in fo rm a tio n available before publishing it on the w e b s ite /In te rn e t and disable the unnecessary services. Prevent search engines fro m caching a webpage and use anonym ous registration services. © Configure w eb servers to avoid in fo rm a tio n leakage and disable unw anted protocols. Q Use an IDS th a t can be configured to refuse suspicious tra ffic and pick up fo o tp rin tin g patterns. Q Perform fo o tp rin tin g techniques and rem ove any sensitive in fo rm a tio n found. Q Enforce security policies to regulate the in fo rm a tio n th a t em ployees can reveal to th ird parties. M o d u le 0 2 Page 247 Ethical H acking a n d C o u n te rm e a s u re s C opyright © by EC-C0UnCil All Rights R eserved. R ep ro d u ctio n is Strictly P ro h ib ite d . Ethical Hacking a n d C o u n te rm e a s u re s F o o tp rin tin g a n d R e c o n n a issa n c e Exam 3 1 2 -5 0 C ertified Ethical H acker FootprintingCountermeasures CEH (C o n t’d) Set ap art internal DNS and external DNS Disable directory listings and use split-DNS Educate employees ab ou t various social engineering tricks and risks Restrict unexpected input such as |; < > Avoid domain-level cross-linking fo r th e critical assets Encrypt and password protect th e sensitive in fo rm a tio n Copyright © by EG-G(HIICil. All Rights Reserved. Reproduction is S trictly Prohibited. F o o tp r in tin g C o u n te rm e a s u re s (C o n t’d ) In a dd itio n to the counterm easures m entioned previously, you can apply the fo llo w in g counterm easures as w ell: Q Set apart the in terna l DNS and external DNS. £ Disable d ire cto ry listings and use split-DNS. Q Educate em ployees about various social e ngineering tricks and risks. S Restrict unexpected in p ut such as |; < >. 9 Avoid dom ain-level cross-linking fo r critical assets. Q Encrypt and password p ro te ct sensitive in fo rm a tio n . © Do n ot enable protocols th a t are n ot required. Q Always use TCP/IP and IPSec filte rs. Configure IIS against banner grabbing. M o d u le 0 2 P ag e 248 Ethical H acking a n d C o u n te rm e a s u re s C opyright © by EC-C0UnCil All Rights R eserved. R ep ro d u ctio n is Strictly P ro h ib ite d . Ethical Hacking a n d C o u n te rm e a s u re s F o o tp rin tin g a n d R e c o n n a issa n c e Exam 3 1 2 -5 0 C ertified Ethical H acker So fa r we discussed all the necessary techniques and tools to te st th e security o f a system or n etw o rk. Now it is the tim e to put all those tech n iq ue s in to practice. Testing the security o f a system or n e tw o rk using sim ilar techniques as th a t o f an a ttacker w ith adequate perm issions is know n as p e n e tra tio n te stin g . The p en e tratio n te st should be conducted to check w h e th e r an a ttacker is able to reveal sensitive in fo rm a tio n in response to fo o tp rin tin g a tte m p ts. *j Footprinting Concepts |!!J! Footprinting Threats QO Footprinting Methodology M o d u le 0 2 P ag e 249 Footprinting Tools FootPrint'ng Countermeasures ) F o o tp rin tin g P e n e tra tio n Testing Ethical H acking a n d C o u n te rm e a s u re s C opyright © by EC-C0UnCil All Rights R eserved. R ep ro d u ctio n is Strictly P ro h ib ite d . Ethical Hacking a n d C o u n te rm e a s u re s F o o tp rin tin g a n d R e c o n n a issa n c e Exam 3 1 2 -5 0 C ertified Ethical H acker P enetration testing is an evaluation m ethod o f system or n e tw o rk security. In this evaluation m ethod, the pen te s te r acts as a m alicious o utsid e r and sim ulates an attack to find the security loopholes. M o d u le 0 2 P ag e 250 Ethical H acking a n d C o u n te rm e a s u re s C opyright © by EC-C0UnCil All Rights R eserved. R ep ro d u ctio n is Strictly P ro h ib ite d . Ethical Hacking a n d C o u n te rm e a s u re s F o o tp rin tin g a n d R e c o n n a issa n c e Exam 3 1 2-50 C ertified Ethical H acker FootprintingPenTesting CEH J Footprinting pen test is used to determine organization's publicly available inform ation on the Internet such as network architecture, operating systems, applications, and users J The tester attempts to gather as much information as possible about the target organization from the Internet and other publicly accessible sources ^ 0 0 Prevent in fo rm a tio n leakage Footprinting pen testing helps administrator to: Prevent DNS record Prevent social re trieval fro m publically available servers engineering attem pts Copyright © by EG-G(U(ICil. All Rights Reserved. Reproduction is S trictly Prohibited. F o o tp r in tin g P e n T e s tin g A fo o tp rin tin g pen te st is used to d ete rm ine an organization's publicly available in fo rm a tio n on th e In te rn e t such as n e tw o rk a rchitecture, ope ra tin g systems, applications, and users. In this m ethod, the pen te ste r trie s to gather publicly available sensitive in fo rm a tio n o f the ta rg e t by p retending to be an attacker. The ta rg e t may be a specific host or a n etw o rk. The pen te ste r can p erfo rm any attack th a t an attacker could p erfo rm . The pen te ste r should try all possible ways to gather as much in fo rm a tio n as possible in o rd e r to ensure m axim um scope o f fo o tp rin tin g pen testing. If the pen te ste r finds any sensitive in fo rm a tio n on any publicly available in fo rm a tio n resource, then he or she should e nte r the in fo rm a tio n and the respective source in the report. The m ajor advantages o f conducting p en e tra tio n testin g include: © It gives you the chance to p revent DNS record retrieval fro m publically available servers. © It helps you to avoid in fo rm a tio n leakage. © It prevents social engineering a tte m p ts. M o d u le 0 2 P ag e 251 Ethical H acking a n d C o u n te rm e a s u re s C opyright © by EC-C0UnCil All Rights R eserved. R ep ro d u ctio n is Strictly P ro h ib ite d . Ethical Hacking a n d C o u n te rm e a s u re s F o o tp rin tin g a n d R e c o n n a issa n c e Exam 3 1 2 -5 0 C ertified Ethical H acker FootprintingPenTesting CEH + (C o n t’d) J START J such as em ployee details, login pages, intranet portals, etc. that helps in perform ing social engineering and other types of advanced system attacks D efine the scope o f th e assessment J >״ Use search engines such as Google, Yahoo! Search, Bing, etc. ' ״y Use tools such as HTTrack W eb Site Copier, BlackW idow , etc. P erform w ebsite fo o tp rin tin g Footprint search engines such as G oogle, Yahoo! Search, Ask, Bing, D ogpile, etc. to gather target organization's inform ation w P erform fo o tp rin tin g thro u g h search engines G et proper authorization and define the scope of th e assessm ent Perform w ebsite footprin tin g using tools such as HTTrack W eb Site Copier, B la ckW id o w , W eb rip p er, etc. to build a detailed m ap o f w ebsite's structure and architecture !■1 — n Copyright © by EG-G(HIICil. All Rights Reserved. Reproduction Is S trictly Prohibited. F o o tp r in tin g P e n T e s tin g ( C o n t’ d ) P enetration testing is a procedural way o f testin g the security in various steps. Steps should be fo llo w e d one a fte r the o th e r in o rd e r to ensure m a xim u m scope o f testing. Here are the steps involved in fo o tp rin tin g pen testing: Step 1: Get proper authorization Pen testin g should be p e rfo rm e d w ith perm ission. Therefore, the very firs t step in a fo o tp rin tin g pen te st is to get p ro pe r a u th oriza tion fro m the concerned people, such as adm inistrators. Step 2: Define the scope of the assessment Defining the scope o f the se curity assessm ent is th e p rerequisite fo r p en e tratio n testing. Defining the scope o f assessment determ ines the range o f systems in the n e tw o rk to be tested and the resources th a t can be used to test, etc. It also determ ines the pen teste r's lim itatio n s. Once you define the scope, you should plan and gather sensitive in fo rm a tio n using various fo o tp rin tin g techniques. Step 3: Perform fo o tp rin tin g through search engines M o d u le 0 2 P ag e 252 Ethical H acking a n d C o u n te rm e a s u re s C opyright © by EC-C0UnCil All Rights R eserved. R ep ro d u ctio n is Strictly P ro h ib ite d . Ethical Hacking a n d C o u n te rm e a s u re s F o o tp rin tin g a n d R e c o n n a issa n c e Exam 3 1 2 -5 0 C ertified Ethical H acker F o otp rin t search engines such as Google, Yahoo! Search, Ask, Bing, Dogpile, etc. to gather the ta rg e t organization's in fo rm a tio n such as em ployee details, login pages, in tra n e t portals, etc. th a t can help in p erfo rm ing social engineering and o th e r types o f advanced system attacks. Step 4: Perform website footprinting Perform w ebsite fo o tp rin tin g using tools such as HTTrack W eb Site Copier, BlackW idow, W e b rip pe r, etc. to build a detailed map o f the w e b site 's s tru c tu re and a rch ite ctu re . M o d u le 0 2 P ag e 253 Ethical H acking a n d C o u n te rm e a s u re s C opyright © by EC-C0UnCil All Rights R eserved. R ep ro d u ctio n is Strictly P ro h ib ite d . Ethical Hacking a n d C o u n te rm e a s u re s F o o tp rin tin g a n d R e c o n n a issa n c e Exam 3 1 2 -5 0 C ertified Ethical H acker FootprintingPenTesting ^ ןן (C o n t’d) j Urt.fi•* | ttk.ul Nm Im Perform em ail footprin tin g using tools such as e M a ilT ra ckerPro, P o lite M a il, Em ail Lookup - Free Em ail Tracker, etc. to gather inform ation about th e physical location o f an individual to perform social Use tools such as eM ailTrackerPro, P oliteM a il, etc. P e r fo rm e m a il fo o tp r in tin g engineering that in turn may help in m apping target organization's netw ork V G a th e r c o m p e titiv e J Use tools such as Hoovers, LexisNexis, Business W ire, etc. ;...... in te llig e n c e Business W ire, etc. J y P e rfo rm G o o g le Perform G oogle hacking using tools such as GHDB, M e ta G o o fil, SiteDigger, etc. I...... h a c k in g Use tools such as GHDB, M e ta G oofil, SiteDigger, etc. J Perform W HOIS footprin tin g using tools such as W HOIS Lookup, S m a rtW h ois, etc. to create detailed m ap o f organizational V P e rfo rm W H O IS G ather com p etitive intelligence using tools such as Hoovers, LexisNexis, netw ork, to gather personal inform ation I...... fo o tp rin tin g Use tools such as WHOIS Lookup, Sm artW hois, etc. that assists to perform social engineering, and to gather oth er internal netw ork details, etc. Copyright © by EG-C*ancil. All Rights Reserved. Reproduction is S trictly Prohibited. * F o o tp r in tin g P e n T e s tin g (C o n t’d ) Step 5: Perform email footprinting Perform em ail fo o tp rin tin g using too ls such as eM ailTrackerPro, P oliteM ail, Email Lookup - Free Email Tracker, etc. to gather in fo rm a tio n about the physical location o f an individual to p erform social e ngineering th a t in tu rn may help in m apping the ta rg e t organization's netw ork. Step 6: Gather competitive intelligence G ather c o m p e titive intelligence using tools such as Hoovers, SEC Info, Business W ire, etc. These too ls help you to e xtract a co m p e tito r's in fo rm a tio n such as its establishm ent, location o f the com pany, progress analysis, higher a uth oritie s, p ro du ct analysis, m arketing details, and much more. Step 7: Perform Google hacking Perform Google hacking using too ls such as GHDB, M etaG oofil, SiteDigger, etc. It determ ines the se curity lo o ph o les in the code and co nfig u ra tion o f the websites. Google hacking is usually done w ith the help o f advanced Google operators th a t locate specific strings o f te x t such as versions o f vulnerable web applications. Step 8: Perform WHOIS footprinting M o d u le 0 2 P ag e 254 Ethical H acking a n d C o u n te rm e a s u re s C opyright © by EC-C0UnCil All Rights R eserved. R ep ro d u ctio n is Strictly P ro h ib ite d . Ethical Hacking a n d C o u n te rm e a s u re s F o o tp rin tin g a n d R e c o n n a issa n c e Exam 3 1 2 -5 0 C ertified Ethical H acker Perform the WHOIS fo o tp rin tin g te ch n iq u e to e xtract in fo rm a tio n about p articula r dom ains. You can get in fo rm a tio n such as dom ain name, IP address, dom ain o w n e r name, registrant name, and th e ir contact details including phone num bers, em ail IDs, etc. Tools such as Sm artW hois, C ountryW hois, W hois Pro, and A ctiveW hois w ill help you to e xtract this in fo rm a tio n . You can use this in fo rm a tio n to p erfo rm social e ngineering to obtain m ore in fo rm a tio n . M o d u le 0 2 P ag e 255 Ethical H acking a n d C o u n te rm e a s u re s C opyright © by EC-C0UnCil All Rights R eserved. R ep ro d u ctio n is Strictly P ro h ib ite d . Ethical Hacking a n d C o u n te rm e a s u re s F o o tp rin tin g a n d R e c o n n a issa n c e Exam 3 1 2 -5 0 C ertified Ethical H acker FootprintingPenTesting ןg (C o n t’d) Pe־forrr DNS f ODtp-'rt'ng Ls’ng t i o s ;s DIG, NsLcon.jp, DHS Records, etc. to se te 'T n e hey h osts 'n the ret*־w< and pe־form soc'a e r j'r e e - 'r j attacks tooSSJ—SSDIG, Perform DNS footprinting USLookup etc. Perform network footprinting ״se too i i j — as Path Analyzer Pro, VtsuaiRoute 20m . etc. Perform Social Engineering ~X/ e^ient team q jes sjffi as esvesdrappmj, jriDuiaer surfing, s «־dumpster drying Perform footprinting through social networking sites V j Pe־form footprints^ using too such as Path Ana yzer Pro. VTsualRoute 2010, Networic Pinger, etc. to c ־eate a ׳ra p of the ta'get's netwo<־ Implement social e r j r e e - r j te :h r -Les such as eavesdropping d o d d e r surf ng and dum pster diving that ■זזay help to 5att־e ׳ ־r o ־e criticar nfoHrat'on aboLtthe ta ־get o tganaibon Gatfce ־ta ־get organ 2at on en־p oyees info׳־ra t or. fron ־the ־pe־sara p*0F es on social netwo-icng ste s stc h as Facebook, Linkedln, Tvitter, Google*, Pinterest, e tc .th a ta s s s tto p e ־far׳r s3cia eri-'nee-ln- C־eate a se aent ty on soca retw o 'd fg stessjm as FsiebMfc, Lrkeain, etc J At the end of per t e s t r • doc um ert e the findings C c c • fey F o o tp r in tin g r *— o *Jl Hcuarvae 0 -יג»בחש=יי-«- aShctfy *rr*fe1־taS P e n T e s tin g ( C o n t’ d ) Step 9: Perform DNS footprinting Perform DNS fo o tp rin tin g using too ls such as DIG, NsLookup, DNS Records, etc. to d ete rm ine key hosts in the n e tw o rk and p erfo rm social e ngineering attacks. Resolve th e dom ain name to learn abo u t its IP address, DNS records, etc. Step 11: Perform network footprinting Perform n e tw o rk fo o tp rin tin g using too ls such as Path Analyzer Pro, VisualRoute 2010, N e tw o rk Pinger, etc. to create a map o f the ta rg e t's n etw o rk. N e tw o rk fo o tp rin tin g allows you to reveal the n e tw o rk range and o th e r n e tw o rk in fo rm a tio n o f the ta rg e t n etw o rk. Using all this in fo rm a tio n , you can draw the n e tw o rk diagram o f the ta rg e t netw ork. Step 12: Perform social engineering Im p le m e nt social engineering techniques such as eavesdropping, sh ou ld e r surfing, and dum pste r diving th a t may help to gather m ore critical in fo rm a tio n about th e targe t organization. Through social engineering you can gather ta rg e t o rg a n iza tio n 's em ployee details, phone num bers, co nta ct address, em ail address, etc. You can use this in fo rm a tio n to reveal even m ore in fo rm a tio n . M o d u le 0 2 P ag e 256 Ethical H acking a n d C o u n te rm e a s u re s C opyright © by EC-C0UnCil All Rights R eserved. R ep ro d u ctio n is Strictly P ro h ib ite d . Ethical Hacking a n d C o u n te rm e a s u re s F o o tp rin tin g a n d R e c o n n a issa n c e Exam 3 1 2 -5 0 C ertified Ethical H acker Step 13: Perform footprinting through social networking sites Perform fo o tp rin tin g throu g h social n e tw o rkin g sites on the em ployees o f the ta rg e t o rg a n iza tio n obtained in fo o tp rin tin g throu g h social engineering. You can gather in fo rm a tio n fro m th e ir personal profiles on social n e tw o rkin g sites such as Facebook, Linkedln, T w itte r, Google+, Pinterest, etc. th a t assists in p e rfo rm in g social engineering. You can also use people search engines to obtain in fo rm a tio n abo u t ta rg e t person. Step 14: Document all the findings A fte r im p le m e n tin g all the fo o tp rin tin g tech n iq ue s, collect and d ocum ent all the in fo rm a tio n obtained at every stage o f testing. You can use this d ocum ent to study, understand, and analyze th e security posture o f the ta rg e t organization. This also enables you to fin d security loopholes. Once you find security loopholes, you should suggest respective counterm easures to the loopholes. The fo llo w in g is a sum m ary o f fo o tp rin tin g p e n e tra tio n te stin g . M o d u le 0 2 P ag e 257 Ethical H acking a n d C o u n te rm e a s u re s C opyright © by EC-C0UnCil All Rights R eserved. R ep ro d u ctio n is Strictly P ro h ib ite d . Ethical Hacking a n d C o u n te rm e a s u re s F o o tp rin tin g a n d R e c o n n a issa n c e Exam 3 1 2 -5 0 C ertified Ethical H acker FootprintingPenTestingReport EH Templates Pen T e stin g R eport Information obtained through search engines Information obtained through people search |J E m ployee d e ta ils : g ^ Login pages: ^ D a te o f b ir th : C o n ta c t d e ta ils : |J J In tr a n e t p o rta ls : £ Em ail ID: ^ T e ch n o lo g y p la tfo rm s : ^ P ho to s: O th e rs: O th e rs: Information obtained through website footprinting y j O p e ra tin g e n v iro n m e n t: ^ Filesystem s tru c tu re : jigp Information obtained through Google T A d v is o rie s an d se rve r v u ln e ra b ilitie s : S c rip tin g p la tfo rm s used: A Files c o n ta in in g pa ssw ords: •W? C o n ta c t d e ta ils : i 0 CMS d e ta ils : E rro r messages th a t c o n ta in s e n s itiv e in fo r m a tio n : Pages c o n ta in in g n e tw o rk o r v u ln e ra b ility d a ta : O th e rs: O th e rs: Information obtained through email footprinting H ■ Information obtained through competitive intelligence IP address: £ GPS lo c a tio n : H A u th e n tic a tio n syste m used b y m a il serve r: Financial d e ta ils : P ro je c t plans: O th e rs: Others: Copyright © by EG-G*ancil. All Rights Reserved. Reproduction is Strictly Prohibited. F o o tp r in tin g P e n P e n T e s t in g R e p o r t T e m p la te s T e s tin g R e p o r t P enetration testing is usually conducted to enhance the se curity p e rim e te r o f an organization. As a pen te ste r you should gather sensitive in fo rm a tio n such as server details, the operating system, etc. o f yo u r ta rg e t by conducting fo o tp rin tin g . Analyze the system and n e tw o rk defenses by breaking into its security w ith adequate perm issions (i.e., ethically) w ith o u t causing any damage. Find the loopholes and weaknesses in the n e tw o rk or system security. Now explain all the v u ln e ra b ilitie s along w ith respective counterm easures in a re p ort, i.e., the pen testin g re p ort. The pen testin g re p o rt is a re p o rt obtained a fte r p erfo rm ing n e tw o rk p en e tratio n tests o r security audits. It contains all the details such as types o f tests p erfo rm ed , the hacking tech n iq ue s used, and the results o f hacking activity. In a dd ition, the re p o rt also contains the highlights o f security risks and vu ln era b ilitie s o f an organization. If any vu ln e ra b ility is id e n tifie d during any test, the details o f th e cause o f vu ln e ra b ility along w ith the counterm easures are suggested. The re p o rt should always be kept c o n fid e n tia l. If this in fo rm a tio n falls in to the hands o f attacker, he o r she may use this in fo rm a tio n to launch attacks. The pen testing re p o rt should contain the fo llo w in g details: M o d u le 0 2 P ag e 258 Ethical H acking a n d C o u n te rm e a s u re s C opyright © by EC-C0UnCil All Rights R eserved. R ep ro d u ctio n is Strictly P ro h ib ite d . Ethical Hacking a n d C o u n te rm e a s u re s F o o tp rin tin g a n d R e c o n n a issa n c e Exam 3 1 2 -5 0 C ertified Ethical H acker P e n T e s tin g R e p o r t Inform ation o b & in e d through search engines Inform ation o b o in e d through people search |J Em ployee d etails Q Date o f birth: £ Lofi n pages Q Contact d e ta is r Emai ID: 0 T echnology platforms: ^ Others: Intranet portals: Photos: Q O thers. Inform ation obtained throi^ h website fpfplgfgQJtQf’ gg O perating environm ent; Inform ation obtained through Google J A dvisories and server vulnerabilities: a Sea5Js3!>Itr1*rture: £ | ^ Scripting platform s used: £ R e s containing p a ssw o rd s ^ Pages containing netw ork or vJ n era b iity data: ״W► Contact d e ta is : £ CMS d e ta is : ^ Others: Others: Inform ation obtained through co m p e titiw intexigence Inform ation obtained throi^ h em ail fefiJSBUDftOt £ Error m e s s a g e s that contain scnath fe information: IP w M reu : £ Financial d e ta is : ^ GPS location: B Project plans: m Authentication sy ste m u sed by m a i ser v er ^ Others: Others: FIGURE 2.48: Pen Testing Report M o d u le 0 2 P ag e 259 Ethical H acking a n d C o u n te rm e a s u re s C opyright © by EC-C0UnCil All Rights R eserved. R ep ro d u ctio n is Strictly P ro h ib ite d . Ethical Hacking a n d C o u n te rm e a s u re s F o o tp rin tin g a n d R e c o n n a issa n c e Exam 3 1 2 -5 0 C ertified Ethical H acker FootprintingPenTestingReport Templates E5! (C o n t d) ב״ Pen T e stin g R eport Information obtained through WHOIS footprinting ^ ^ C o n ta c t d e ta ils o f d o m a in o w n e r: | Financial in fo rm a tio n : O p e ra tin g e n v iro n m e n t: % N etra n g e : U ser nam es an d p a ssw ords: m W h e n a d o m a in has been cre a te d : N e tw o rk la y o u t in fo rm a tio n : 5 $ O th e rs: 1 Personal in fo rm a tio n : m D o m a in n a m e servers: ^5 Information obtained through social engineering ft D o m a in n a m e d e ta ils : IP addresses a n d n am es o f servers: ft Information obtained through DNS footprinting O th e rs: L o c a tio n o f DNS servers: ^ T ype o f servers: %A O th e rs: Information obtained through network footprinting Information obtained through social netw orking sites Range o f IP addresses: B Personal p ro file s : S u b n e t m ask used b y th e ta r g e t o rg a n iz a tio n : a W o rk re la te d in fo rm a tio n : ^ OS's in use: ■ N ew s a n d p o te n tia l p a rtn e rs o f th e ta rg e t co m p a n y: F ire w a ll lo c a tio n s : £ E d u ca tio n a l a n d e m p lo y m e n t ba ckgrounds: ^ O th e rs: 1 O th e rs: Copyright © by EG-C*ancil. All Rights Reserved. Reproduction is S trictly Prohibited. F o o tp r in tin g P e n T e s t in g R e p o r t T e m p la te s ( C o n t’ d ) Pen T e stin g R e p o rt Inform ation obtained throi^ h WHOIS fooCjirifltnfc | Inform ation obtained through social engineering Dom ain n am e details: Q Contact d etails o f dom ain o w n e r £ ■ Financial inform ation: Dom ain nam e servers ft O perating en vironm ent: Netrange: ra U sern am es and passwords: ?• N etw ork layout information: fcfc W h en a dom ain has b e e n created: ^ O thers: Inform ation obtained through D N S f £ £ $ B ! ^ ^ ft IP a d d r e s s e s and nam es o f servers: * * O thers: Location o f DNS servers: Type ^ Personal information: of servers: O thers: Inform ation obtained throi^ h network foo tp rin t i/ift | | Range o f IP ad d resses: 4PQP S u b n et m as* u s e d by th e target organuation: Inform ation obtained through social netw orking sites ■ Personal p ro fies: ■ W ort related information: N e w s and potertiai partners of th e target company: ^ OS's in u se: ^ Rrewafl locations: Educational and em p lo y m e n t b ack grou nd . Others: O thers: a FIGURE 2.49: Pen Testing R eport show ing in fo rm a tio n o b ta in e d th ro u g h fo o tp rin tin g and social engineering M o d u le 0 2 P ag e 260 Ethical H acking a n d C o u n te rm e a s u re s C opyright © by EC-C0UnCil All Rights R eserved. R ep ro d u ctio n is Strictly P ro h ib ite d . Ethical Hacking a n d C o u n te rm e a s u re s F o o tp rin tin g a n d R e c o n n a issa n c e Exam 3 1 2 -5 0 C ertified Ethical H acker Module Summary | 0 □ Footprinting is the process o f collecting as much in fo rm a tio n as possible ab o ut a target n etw ork, fo r id e ntifying various ways to in tru d e into an organization's ne tw o rk system □ It reduces attacker's attack area to specific range o f IP address, networks, dom ain names, rem ote access, etc. □ Attackers use search engines to extract in fo rm a tio n about a target □ In fo rm a tion obtained from target's w ebsite enables an attacker to build a detailed map o f website's structu re and architecture □ Com petitive intelligence is th e process o f identifying, gathering, analyzing, verifying, and using in fo rm a tio n about yo u r com petitors from resources such as the Internet □ DNS records provide im p o rta n t info rm a tio n ab o ut location and typ e o f servers □ Attackers conduct trace ro u te to e xtract info rm a tio n about: n e tw o rk topology, trusted routers, and firew all locations □ Attackers gather sensitive info rm a tio n th ro u g h social engineering on social netw orking websites such as Facebook, MySpace, Linkedln, Twitter, Pinterest, Google+, etc. Copyright © by EG-C*ancil. All Rights Reserved. Reproduction is S trictly Prohibited. M o d u le S u m m a ry F o otp rin tin g refers to uncovering and collecting as much in fo rm a tio n as possible about a ta rg e t o f attack. 9 It reduces attacker's attack area to specific range o f IP address, netw orks, dom ain names, rem ote access, etc. © A ttackers use search engines to e xtract in fo rm a tio n abo u t a target. Info rm a tio n obtained fro m ta rg e t's w ebsite enables an a ttacker to build a detailed map o f w ebsite's stru ctu re and architecture. 9 C om petitive intelligence is the process o f id e ntifyin g , gathering, analyzing, verifying, and using in fo rm a tio n abo u t yo u r co m p e tito rs fro m resources such as the Inte rn e t. 9 DNS records provide im p o rta n t in fo rm a tio n about location and type o f servers. Q Attackers conduct tra ce ro u te to e xtract in fo rm a tio n about: n e tw o rk topology, tru sted routers, and fire w a ll locations. W Attackers gather sensitive in fo rm a tio n throu g h social engineering on social n e tw o rkin g w ebsites such as Facebook, MySpace, Linkedln, T w itte r, Pinterest, Google+, etc. M o d u le 0 2 Page 261 Ethical H acking a n d C o u n te rm e a s u re s C opyright © by EC-C0UnCil All Rights R eserved. R ep ro d u ctio n is Strictly P ro h ib ite d .