Module 02 - Footprinting and Reconnaissance

Transcription

Module 02 - Footprinting and Reconnaissance
Footprinting and
R econnaissance
Module
0 2
Ethical Hacking a n d C o u n te rm e a s u re s
F o o tp rin tin g a n d R e c o n n a issa n c e
Exam 3 1 2-50 C ertified Ethical H acker
F o o t p r in t in g
a n d
R e c o n n a is s a n c e
M o d u le 0 2
E th ic a l H a c k in g a n d C o u n te r m e a s u r e s v 8
M o d u l e 0 2 : F o o t p r i n t i n g a n d R e c o n n a is s a n c e
E xa m 3 1 2 -5 0
M o d u le 0 2 P ag e 92
Ethical H acking a n d C o u n te rm e a s u re s C opyright © by EC-C0UnCil
All Rights R eserved. R ep ro d u ctio n is Strictly P ro h ib ite d .
Ethical Hacking a n d C o u n te rm e a s u re s
F o o tp rin tin g a n d R e c o n n a issa n c e
S e c u r it y
ABO UT US
Exam 3 1 2 -5 0 C ertified Ethical H acker
N e w s
PRO DUCTS
NEWS
F a ceb o ok a 'tre a s u re tro v e ' o f
P e rs o n a lly Id e n tifia b le In fo rm a tio n
April 1a 2012
Facebook contains a "treasure trove" of personally identifiable information that hackers
manage to get their hands on.
A report by Imperva revealed that users' "general personal information" can often include
a date of birth, home address and sometimes mother's maiden name, allowing hackers to
access this and other websites and applications and create targeted spearphishing campaigns.
It detailed a concept I call "friend-mapping", where an attacker can get further knowledge of
a user’s circle of friends; having accessed their account and posing as a trusted friend, they can
cause mayhem. This can include requesting the transfer of funds and extortion.
Asked why Facebook is so important to hackers, Imperva senior security strategist Noa Bar-Yosef
said: "People also add work friends on Facebook so a team leader can be identified and this can lead
to corporate data being accessed, project work being discussed openly, while geo-location data can be
detailed for military intelligence."
"Hacktivism made up 58 per cent of attacks in the Verizon Data Breach Intelligence Report, and they
are going after information on Facebook that can be used to humiliate a person. All types of attackers
have their own techniques."
http://www.scmogazineuk.com
Copyright © by EG-G*ancil. All Rights Reserved. Reproduction Is Strictly Prohibited.
‫״‬
am us
u ii
S e c u r ity N e w s
‫״־‬
F a c e b o o k a ,t r e a s u r e t r o v e ‫ ״‬o f P e r s o n a l l y I d e n t i f i a b l e
In fo r m a tio n
Source: h ttp ://w w w .scm a ga zin e uk.co m
Facebook contains a "treasure tro v e " o f p erson a lly id e n tifia b le in fo rm a tio n th a t hackers
manage to get th e ir hands on.
A re p o rt by Im perva revealed th a t users' "general personal in fo rm a tio n " can o fte n include a
date o f b irth , hom e address and som etim es m o the r's m aiden name, a llow ing hackers to access
this and o th e r w ebsites and applications and create targe te d spearphishing campaigns.
It detailed a concept I call "frie n d -m a p p in g ", w here an a ttacker can get fu rth e r know ledge o f a
user's circle o f friends; having accessed th e ir account and posing as a tru ste d frie n d, th e y can
cause m ayhem . This can include requesting the tra n sfe r o f funds and e xto rtio n .
Asked w hy Facebook is so im p o rta n t to hackers, Im perva se nior se curity strategist Noa BarYosef said: ‫ ״‬People also add w o rk friends on Facebook so a team leader can be id e n tifie d and
this can lead to co rp orate data being accessed, p ro ject w o rk being discussed openly, w hile geolocation data can be detailed fo r m ilita ry intelligence."
M o d u le 0 2 P ag e 93
Ethical H acking a n d C o u n te rm e a s u re s C opyright © by EC-C0UnCil
All Rights R eserved. R ep ro d u ctio n is Strictly P ro h ib ite d .
Ethical Hacking a n d C o u n te rm e a s u re s
F o o tp rin tin g a n d R e c o n n a issa n c e
Exam 3 1 2 -5 0 C ertified Ethical H acker
"H acktivism made up 58 per cent o f attacks in the V erizon Data Breach Inte llige n ce R eport,
and th e y are going a fte r in fo rm a tio n on Facebook th a t can be used to h um ilia te a person. All
types o f attackers have th e ir own techniques."
On how attackers get a password in the firs t place, Imperva claim ed th a t d iffe re n t keyloggers
are used, w hile phishing kits th a t create a fake Facebook login page have been seen, and a
m ore p rim itive m ethod is a brute force attack, w here the a ttacker repeatedly a tte m p ts to guess
the user's password.
In m ore extrem e cases, a Facebook a d m in is tra to rs rights can be accessed. A lthough it said th a t
this requires m ore e ffo rt on the hacker side and is n ot as prevalent, it is the "h o ly g ra il" o f
attacks as it provides the hacker w ith data on all users.
On p ro te ctio n , Bar-Yosef said the ro ll-o u t o f SSL across the w h o le w ebsite, ra the r than ju s t at
the login page, was effective, b ut users still needed to o p t in to this.
By Dan Raywood
h t t p : / / w w w . s c m a g a z i n e . c o m . a u / F e a t u r e / 2 6 5 0 6 5 , d ig i t i a l - i n v e s t i g a t i o n s - h a v e - m a t u r e d . a s p x
M o d u le 0 2 P ag e 94
Ethical H acking a n d C o u n te rm e a s u re s C opyright © by EC-C0UnCil
All Rights R eserved. R ep ro d u ctio n is Strictly P ro h ib ite d .
Ethical Hacking a n d C o u n te rm e a s u re s
F o o tp rin tin g a n d R e c o n n a issa n c e
M o d u le
Exam 3 1 2-50 C ertified Ethical H acker
O b je c t iv e s
J
F o o tp r in tin g T e rm in o lo g y
J
W H O IS F o o tp r in tin g
J
W h a t Is F o o tp r in tin g ?
J
DNS F o o tp r in tin g
J
O b je c tiv e s o f F o o tp r in tin g
J
N e tw o r k F o o tp r in tin g
J
F o o tp r in tin g th r o u g h S ocial
J
F o o tp r in tin g T h re a ts
C E H
E n g in e e rin g
W
J
F o o tp r in tin g th r o u g h S ocial
E m a il F o o tp r in tin g
J
F o o tp r in tin g T ools
J
C o m p e titiv e In te llig e n c e
J
F o o tp r in tin g C o u n te rm e a s u re s
J
F o o tp r in tin g U s in g G o o g le
J
F o o tp r in tin g P en T e s tin g
J
W e b s ite F o o tp r in tin g
J
N e tw o r k in g S ites
Copyright © by EC-G*ancil. All Rights Reserved. Reproduction is Strictly Prohibited.
t t t f
M o d u le
O b je c tiv e s
This m odule w ill make you fam iliarize w ith th e follo w in g :
e
F o otp rin tin g Term inologies
©
WHOIS F o otp rin tin g
e
W h a t Is Footprinting?
©
DNS F o otp rin tin g
©
O bjectives o f F o otp rin tin g
©
N e tw o rk F o otp rin tin g
©
F o otp rin tin g Threats
©
F o otp rin tin g throu g h Social
e
F ootp rin tin g throu g h Search Engines
©
W ebsite F ootprinting
©
Email F o otp rin tin g
©
F o otp rin tin g Tools
©
C om petitive Intelligence
©
F o otp rin tin g Counterm easures
©
F o otp rin tin g Using Google
©
F o otp rin tin g Pen Testing
Engineering
M o d u le 0 2 P ag e 9 5
©
F o otp rin tin g throu g h Social
N etw orking Sites
Ethical H acking a n d C o u n te rm e a s u re s C opyright © by EC-C0UnCil
All Rights R eserved. R ep ro d u ctio n is Strictly P ro h ib ite d .
Ethical Hacking a n d C o u n te rm e a s u re s
F o o tp rin tin g a n d R e c o n n a issa n c e
M o d u le
Exam 3 1 2 -5 0 C ertified Ethical H acker
F lo w
Ethical hacking is legal hacking conducted by a p en e tratio n te ste r in o rd er to evaluate
the security o f an IT in fra s tru c tu re w ith the perm ission o f an organization. The concept o f
ethical hacking cannot be explained or cannot be p erform ed in a single step; th e re fo re , it has
been divided in to several steps. F o otp rin tin g is the firs t step in ethical hacking, w here an
a ttacker trie s to gather in fo rm a tio n abo u t a target. To help you b e tte r und e rstan d fo o tp rin tin g ,
it has been d istrib u te d into various sections:
Xj
C J
M o d u le 0 2 P ag e 9 6
F o o tp rin tin g Concepts
[|EJ
F o o tp rin tin g Tools
F o o tp rin tin g Threats
Fo o tPr in t' ng C ounterm easures
F o o tp rin tin g M e th o d o lo g y
F o o tp rin tin g P e n e tra tio n Testing
Ethical H acking a n d C o u n te rm e a s u re s C opyright © by EC-C0UnCil
All Rights R eserved. R ep ro d u ctio n is Strictly P ro h ib ite d .
Ethical Hacking a n d C o u n te rm e a s u re s
F o o tp rin tin g a n d R e c o n n a issa n c e
Exam 3 1 2-50 C ertified Ethical H acker
The F o o tp rin tin g Concepts section fam iliarizes you w ith fo o tp rin tin g , fo o tp rin tin g term in o lo g y,
w hy fo o tp rin tin g is necessary, and th e objectives o f fo o tp rin tin g .
M o d u le 0 2 P ag e 9 7
Ethical H acking a n d C o u n te rm e a s u re s C opyright © by EC-C0UnCil
All Rights R eserved. R ep ro d u ctio n is Strictly P ro h ib ite d .
Ethical Hacking a n d C o u n te rm e a s u re s
F o o tp rin tin g a n d R e c o n n a issa n c e
Exam 3 1 2-50 C ertified Ethical H acker
F o o t p r in t in g T e r m in o lo g y
Open Source or Passive
Information Gathering
CEH
Active Information Gathering
Collect inform ation about a target from
the publicly accessible sources
Gather inform ation through social
engineering on-site visits, interviews,
and questionnaires
Anonymous Footprinting
Pseudonymous Footprinting
Gather inform ation from sources where
the au thor o f the info rm atio n cannot
Collect inform ation that might be
published under a diffe ren t name in
be identified or traced
an attem pt to preserve privacy
Organizational or Private
Footprinting
Internet Footprinting
Collect inform ation from an organization's
web-based calendar and em ail services
Collect inform ation about a target
from the Internet
Copyright © by EC-G*ancil. All Rights Reserved. Reproduction is Strictly Prohibited.
OO ooo
—O O
F o o tp r in tin g
T e r m in o lo g y
Before going deep in to the concept, it is im p o rta n t to know th e basic te rm in o lo g y
used in fo o tp rin tin g . These term s help you understand the concept o f fo o tp rin tin g and its
structures.
!,n'nVn'nVI
O p e n S o u rc e o r P a s s iv e I n f o r m a t io n G a t h e r in g
Open source or passive in fo rm a tio n gathering is the easiest way to collect in fo rm a tio n
about the ta rg e t organization. It refers to the process o f gathering in fo rm a tio n fro m the open
sources, i.e., publicly available sources. This requires no d ire ct contact w ith the ta rg e t
o rg an iza tion . Open sources may include newspapers, television, social n e tw o rkin g sites, blogs,
etc.
Using these, you can gather in fo rm a tio n such as n e tw o rk boundaries, IP address reachable via
the Inte rn e t, operating systems, w eb server so ftw a re used by the ta rg e t n etw o rk, TCP and UDP
services in each system, access co n tro l mechanisms, system architecture, in tru sion d etection
systems, and so on.
A c tiv e I n f o r m a t io n G a th e r in g
In active in fo rm a tio n gathering, process attackers m ainly focus on the em ployees o f
M o d u le 0 2 P ag e 9 8
Ethical H acking a n d C o u n te rm e a s u re s C opyright © by EC-C0UnCil
All Rights R eserved. R ep ro d u ctio n is Strictly P ro h ib ite d .
Ethical Hacking a n d C o u n te rm e a s u re s
F o o tp rin tin g a n d R e c o n n a issa n c e
Exam 3 1 2 -5 0 C ertified Ethical H acker
th e ta rg e t organization. Attackers try to e xtract in fo rm a tio n fro m the em ployees by conducting
social engineering: on-site visits, interview s, questionnaires, etc.
A n o n y m o u s F o o tp r in tin g
This refers to the process o f collecting in fo rm a tio n fro m sources anonym ously so th a t
yo ur e ffo rts cannot be traced back to you.
<—
—i P s e u d o n y m o u s F o o t p r i n t i n g
Pseudonymous fo o tp rin tin g refers to the process o f collecting in fo rm a tio n fro m the
sources th a t have been published on the In te rn e t b ut is n ot d ire ctly linked to the a u th o r's
nam e. The in fo rm a tio n may be published under a d iffe re n t name or the a u th o r may have a
w ell-established pen name, or the a u th o r may be a co rp orate or gove rn m e n t official and be
p ro h ib ite d fro m posting under his or her original nam e. Irrespective o f the reason fo r hiding the
a uth or's name, collecting in fo rm a tio n fro m such sources is called pseudonym ous.
r
*s
•
V
t
4
THI
4
•
4•
O r g a n iz a t io n a l o r P r iv a te F o o t p r in t in g
Private f o o tp r in t" " in g involves collecting in fo rm a tio n fro m an organization's w e b based calendar and em ail services.
|
|
I n te r n e t F o o tp r in tin g
In te rn e t fo o tp rin tin g refers to the process o f collecting in fo rm a tio n o f th e ta rg e t
organization's connections to the Internet.
M o d u le 0 2 P ag e 9 9
Ethical H acking a n d C o u n te rm e a s u re s C opyright © by EC-C0UnCil
All Rights R eserved. R ep ro d u ctio n is Strictly P ro h ib ite d .
Ethical Hacking a n d C o u n te rm e a s u re s
F o o tp rin tin g a n d R e c o n n a issa n c e
W
Exam 3 1 2 -5 0 C ertified Ethical H acker
h a t I s
F o o t p r in t in g ?
|
F o o tp r in tin g is th e p ro c e s s o f c o lle c tin g as m u c h in fo r m a t io n as p o s s ib le
a b o u t a ta r g e t n e tw o r k , f o r id e n tify in g v a rio u s w a y s to in tr u d e in to an
o r g a n iz a tio n 's n e t w o r k s y s te m
Process involved in Footprinting a Target
©
D eterm ine th e op eratin g system
Collect basic in fo rm a tio n about
th e target and its n e tw o rk
P erform techniques such as W hois,
DNS, n e tw o rk and organizational
queries
used, pla tfo rm s running , w eb
server versions, etc.
di i iH a
a f, ‫ י‬a a
■
©
Find vuln e ra b ilitie s and exploits
fo r launching attacks
Copyright © by EC-G*ancil. All Rights Reserved. Reproduction is Strictly Prohibited.
W h a t Is F o o tp r in tin g ?
F o otprinting, the firs t step in ethical hacking, refers to the process o f collecting
in fo rm a tio n about a ta rg e t n e tw o rk and its environ m e n t. Using fo o tp rin tin g you can find
various ways to in tru d e in to th e ta rg e t organization's n e tw o rk system. It is considered
‫ ״‬m e th o d o lo g ic a l" because critical in fo rm a tio n is sought based on a previous discovery.
Once you begin the fo o tp rin tin g process in a m ethodological m anner, you w ill obtain the
b lu e p rin t o f the security p ro file o f the ta rg e t organization. Here the te rm "b lu e p rin t" is used
because the result th a t you get at the end o f fo o tp rin tin g refers to the unique system p ro file of
the ta rg e t organization.
There is no single m etho d olog y fo r fo o tp rin tin g as you can trace in fo rm a tio n in several routes.
However, this a ctivity is im p o rta n t as all crucial in fo rm a tio n needs to be gathered before you
begin hacking. Hence, you should carry o u t the fo o tp rin tin g precisely and in an organized
m anner.
You can collect in fo rm a tio n about the ta rg e t organization throu g h the means o f fo o tp rin tin g in
fo u r steps:
1.
Collect basic in fo rm a tio n about the ta rg e t and its n e tw o rk
2.
D eterm ine the operating system used, p latform s running, w eb server versions, etc.
M o d u le 0 2 P ag e 100
Ethical H acking a n d C o u n te rm e a s u re s C opyright © by EC-C0UnCil
All Rights R eserved. R ep ro d u ctio n is Strictly P ro h ib ite d .
Ethical Hacking a n d C o u n te rm e a s u re s
F o o tp rin tin g a n d R e c o n n a issa n c e
Exam 3 1 2 -5 0 C ertified Ethical H acker
3.
Perform techniques such as W hois, DNS, n e tw o rk and organizational queries
4.
Find vu ln era b ilitie s and exploits fo r launching attacks
F urtherm ore, we w ill discuss how to collect basic in fo rm a tio n , d e te rm in e ope ra tin g system o f
ta rg e t co m puter, p la tfo rm s running, and w eb server versions, various m ethods o f fo o tp rin tin g ,
and how to find and e x p lo it v u ln e ra b ilitie s in detail.
M o d u le 0 2 P ag e 101
Ethical H acking a n d C o u n te rm e a s u re s C opyright © by EC-C0UnCil
All Rights R eserved. R ep ro d u ctio n is Strictly P ro h ib ite d .
Ethical Hacking a n d C o u n te rm e a s u re s
F o o tp rin tin g a n d R e c o n n a issa n c e
W
h y
Exam 3 1 2 -5 0 C ertified Ethical H acker
F o o t p r in t in g ?
C E H
Urti*W
I'n'n'r'n'n'
itkM l lUckw
W h y F o o tp r in tin g ?
For attackers to build a hacking strategy, th e y need to gather in fo rm a tio n about the
ta rg e t organization's n etw o rk, so th a t th e y can find the easiest way to break in to the
o rg a n iza tio n 's se curity p e rim e te r. As m en tion e d previously, fo o tp rin tin g is the easiest way to
gather in fo rm a tio n abo u t the ta rg e t organization; this plays a vital role in the hacking process.
F o o tp rin tin g helps to :
•
K now S ecurity Posture
P erform ing fo o tp rin tin g on the ta rg e t organization in a system atic and m ethodical m anner
gives the com plete p ro file o f the organization's security posture. You can analyze this re p o rt
to figure o u t loopholes in the security posture o f yo u r ta rg e t organization and the n you can
build y o u r hacking plan accordingly.
•
Reduce A tta ck Area
By using a com bination o f too ls and techniques, attackers can take an unknow n e n tity (for
exam ple XYZ O rganization) and reduce it to a specific range o f dom ain names, n e tw o rk
blocks, and individual IP addresses o f systems d ire ctly connected to the Inte rn e t, as w ell as
m any o th e r details pertaining to its se curity posture.
Build In fo rm a tio n Database
M o d u le 0 2 P ag e 102
Ethical H acking a n d C o u n te rm e a s u re s C opyright © by EC-C0UnCil
All Rights R eserved. R ep ro d u ctio n is Strictly P ro h ib ite d .
Ethical Hacking a n d C o u n te rm e a s u re s
F o o tp rin tin g a n d R e c o n n a issa n c e
A detailed
fo o tp rin t
Exam 3 1 2 -5 0 C ertified Ethical H acker
provides
m axim um
in fo rm a tio n
about the
ta rg e t organization.
A ttackers can build th e ir ow n in fo rm a tio n database about security weakness o f the targe t
organization. This database can then be analyzed to find the easiest way to break in to the
organization's security p erim eter.
•
D raw N e tw o rk M ap
C om bining fo o tp rin tin g techniques w ith too ls such as Tracert allows the a ttacker to create
n e tw o rk diagrams o f the ta rg e t organization's n e tw o rk presence. This n e tw o rk map
represents th e ir understanding o f the ta rg e ts In te rn e t fo o tp rin t. These n e tw o rk diagrams
can guide the attack.
M o d u le 0 2 P ag e 103
Ethical H acking a n d C o u n te rm e a s u re s C opyright © by EC-C0UnCil
All Rights R eserved. R ep ro d u ctio n is Strictly P ro h ib ite d .
Ethical Hacking a n d C o u n te rm e a s u re s
F o o tp rin tin g a n d R e c o n n a issa n c e
Exam 3 1 2-50 C ertified Ethical H acker
O b je c t iv e s
O
O
Collect
Network
Information
1v
Collect
System
Information
C E H
0
Domain name
‫׳‬-* Networking protocols
0
Internal domain names
0
VPN Points
0
0
Network blocks
IP addresses of the reachable systems
0
0
ACLs
IDSes running
0
Rogue websites/private websites
0
Analog/digital telephone numbers
0
TCP and UDP services running
0
Authentication mechanisms
0
Access control Mechanisms and ACL's
tf
System Enumeration
‫ג‬
U s e r a n d g ro u p n a m e s
‫־‬
S y ste m a rc h ite c tu re
*
S y ste m b a n n e rs
*
R e m o te s y ste m ty p e
•
R o u tin g ta b le s
•
S y ste m n a m e s
:
S N M P in fo r m a tio n
:
P a s s w o rd s
0
Employee details
0
Comments in HTML source code
0
0
Collect
Organization’s
Information
o f F o o t p r in t in g
Organization's website
Company directory
0
Location details
0
Address and phone numbers
0
Security policies implemented
0
Web server links relevant to the
organization
0
Background of the organization
0
News articles/press releases
Copyright © by EC-G*ancil. All Rights Reserved. Reproduction is Strictly Prohibited.
O b je c tiv e s o f F o o t p r in t in g
The
m ajor
in fo rm a tio n ,
system
objectives
o f fo o tp rin tin g
in fo rm a tio n ,
and
the
include
collecting
organizational
the
in fo rm a tio n .
ta rg e t's
n e tw o rk
By carrying
o ut
fo o tp rin tin g at various n e tw o rk levels, you can gain in fo rm a tio n such as: n e tw o rk blocks,
n e tw o rk services and applications, system a rchitecture, intrusion d ete ction systems, specific IP
addresses, and access co n tro l mechanisms. W ith fo o tp rin tin g , in fo rm a tio n such as em ployee
names, phone num bers, contact addresses, designation, and w o rk experience, and so on can
also be obtained.
C o lle c t N e tw o r k I n f o r m a t io n
The n e tw o rk in fo rm a tio n can be gathered by p erfo rm ing a W hois database analysis,
trace ro u tin g , etc. includes:
Q
Domain name
Q
Internal dom ain names
Q
N e tw o rk blocks
©
IP addresses o f the reachable systems
-‫י‬
Rogue w e b site s/p riva te w ebsites
M o d u le 0 2 P ag e 104
Ethical H acking a n d C o u n te rm e a s u re s C opyright © by EC-COUIICil
All Rights R eserved. R ep ro d u ctio n is Strictly P ro h ib ite d .
Ethical H acking a n d C o u n te rm e a s u re s
F o o tp rin tin g a n d R e c o n n a issa n c e
Q
TCP and UDP services running
©
Access co n tro l mechanisms and ACLs
©
N e tw orking protocols
©
VPN points
Q
ACLs
9
IDSes running
©
A na lo g /d ig ita l telephone num bers
©
A u th e n tica tio n mechanisms
©
System e nu m eration
Exam 3 1 2-50 C ertified Ethical H acker
C o lle c t S y s te m I n f o r m a t io n
Q
User and group names
©
System banners
Q
Routing tables
Q
SNMP in fo rm a tio n
©
System arch itectu re
©
Remote system type
Q
System names
Q
Passwords
C o lle c t O r g a n iz a t io n ’ s I n f o r m a t io n
Q
Employee details
Q
O rganization's w ebsite
Q
Company d ire cto ry
Q
Location details
Q
Address and phone num bers
Q
Com m ents in HTML source code
Q
Security policies im p lem ented
Q
W eb server links relevant to the organization
©
Background o f the organization
U
News articles/press releases
M o d u le 0 2 P ag e 105
Ethical H acking a n d C o u n te rm e a s u re s C opyright © by EC-C0UltCil
All Rights R eserved. R ep ro d u ctio n is Strictly P ro h ib ite d .
Ethical Hacking a n d C o u n te rm e a s u re s
F o o tp rin tin g a n d R e c o n n a issa n c e
M o d u le
Exam 3 1 2 -5 0 C ertified Ethical H acker
F lo w
So far, we discussed fo o tp rin tin g concepts, and now we w ill discuss the threa ts
associated w ith fo o tp rin tin g :
‫ף‬
F o o tp rin tin g Concepts
F o o tp rin tin g Tools
F o o tp rin tin g C ounterm easures
o ‫ ר‬F o o tp rin tin g Threats
O L)
F o o tp rin tin g M e th o d o lo g y
xi
‫?* ר‬
F o o tp rin tin g P e n e tra tio n Testing
The F ootp rin tin g Threats section fam iliarizes you w ith the threa ts associated w ith fo o tp rin tin g
such
as
social
M o d u le 0 2 P ag e 106
engineering,
system
and
n e tw o rk
attacks,
corporate
espionage,
etc.
Ethical H acking a n d C o u n te rm e a s u re s C opyright © by EC-C0UnCil
All Rights R eserved. R ep ro d u ctio n is Strictly P ro h ib ite d .
Ethical Hacking a n d C o u n te rm e a s u re s
F o o tp rin tin g a n d R e c o n n a issa n c e
Exam 3 1 2 -5 0 C ertified Ethical H acker
F o o t p r in t in g
J
T h r e a ts
A tta c k e rs g a th e r v a lu a b le s y s te m a n d n e tw o r k in fo r m a t io n su ch as a c c o u n t
d e ta ils , o p e r a tin g s y s te m a n d in s ta lle d a p p lic a tio n s , n e tw o r k c o m p o n e n ts ,
s e rv e r n a m e s , d a ta b a s e s c h e m a d e ta ils , e tc . fr o m f o o t p r in t in g te c h n iq u e s
Types off T h re a ts
I n f o r m a t io n
P riv a c y
C o rp o ra te
B u s in e s s
L e a ka g e
Loss
E s p io n a g e
Loss
J .
J
Copyright © by EG-G*ancil. All Rights Reserved. Reproduction is Strictly Prohibited.
F o o tp r in tin g
T h re a ts
‫ם‬-0-‫ם‬
As discussed previously, attackers p erfo rm fo o tp rin tin g as the firs t step in an a tte m p t to
hack a ta rg e t o rg an iza tion . In the fo o tp rin tin g phase, attackers try to collect valuable system level in fo rm a tio n such as account details, operating system and o th e r so ftw a re versions, server
names, and database schema details th a t w ill be useful in the hacking process.
The fo llo w in g are various threa ts due to fo o tp rin tin g :
S o c ia l E n g in e e r in g
W ith o u t
using
any
intrusion
m ethods,
hackers
d ire ctly
and
in d ire ctly
collect
in fo rm a tio n throu g h persuasion and various o th e r means. Here, crucial in fo rm a tio n is gathered
by th e hackers throu g h em ployees w ith o u t th e ir consent.
©J
S y s te m a n d N e tw o r k A tta c k s
F ootp rin tin g helps an a ttacker to p erfo rm system and n e tw o rk attacks. Through
fo o tp rin tin g , a ttackers can g ath er in fo rm a tio n related to the ta rg e t organization's system
co nfig u ra tion , operating system running on the m achine, and so on. Using this in fo rm a tio n ,
attackers can find the vu ln era b ilitie s present in the ta rg e t system and then can exploit those
M o d u le 02 P ag e 107
Ethical H acking a n d C o u n te rm e a s u re s C opyright © by EC-C0UnCil
All Rights R eserved. R ep ro d u ctio n is Strictly P ro h ib ite d .
Ethical Hacking a n d C o u n te rm e a s u re s
F o o tp rin tin g a n d R e c o n n a issa n c e
Exam 3 1 2 -5 0 C ertified Ethical H acker
v u ln e ra b ilitie s . Thus, attackers can take co ntro l over a ta rg e t system. Sim ilarly, attackers can
also take co n tro l over the e ntire n etw o rk.
&p a » ,
In fo r m a tio n L e a k a g e
L 3 3
In fo rm a tio n leakage can be a great th re a t to any organization and is o fte n overlooked.
If sensitive organizational in fo rm a tio n falls in to the hands o f attackers, then th e y can build an
attack plan based on the in fo rm a tio n , o r use it fo r m o n e ta ry benefits.
G P
‫—יי‬
P r iv a c y L
o s s
‫ ׳‬W ith the help o f fo o tp rin tin g , hackers are able to access the systems and netw orks o f
the com pany and even escalate the privileges up to adm in levels. W h a te ve r privacy was
m aintained by the com pany is co m p lete ly lost.
C o r p o r a t e E s p io n a g e
C orporate espionage is one o f the m ajor threa ts to com panies as co m p e tito rs can spy
and a tte m p t to steal sensitive data th ro u g h fo o tp rin tin g . Due to this type o f espionage,
co m p e tito rs are able to launch sim ilar products in the m arket, affecting the m arket position o f a
com pany.
B u s in e s s L o s s
F o otp rin tin g has a m ajor e ffe ct on businesses such as online businesses and o th e r
ecom m erce w ebsites, banking and financial related businesses, etc. Billions o f dollars are lost
every year due to m alicious attacks by hackers.
M o d u le 0 2 P ag e 108
Ethical H acking a n d C o u n te rm e a s u re s C opyright © by EC-C0UnCil
All Rights R eserved. R ep ro d u ctio n is Strictly P ro h ib ite d .
Ethical Hacking a n d C o u n te rm e a s u re s
F o o tp rin tin g a n d R e c o n n a issa n c e
M o d u le
Exam 3 1 2-50 C ertified Ethical H acker
F lo w
Now th a t you are fa m ilia r w ith fo o tp rin tin g concepts and threats, we w ill discuss the
fo o tp rin tin g m ethodology.
The fo o tp rin tin g m e thodology section discusses various techniques used to collect in fo rm a tio n
about the ta rg e t o rg a n iza tio n fro m d iffe re n t sources.
x
F o o tp rin tin g Concepts
‫ן־דיןן‬
F o o tp rin tin g Threats
G O
M o d u le 0 2 P ag e 109
F o o tp rin tin g M e th o d o lo g y
F o o tp rin tin g Tools
F o o tp rin tin g C ounterm easures
v!
F o o tp rin tin g P e n e tra tio n Testing
Ethical H acking a n d C o u n te rm e a s u re s C opyright © by EC-C0UnCil
All Rights R eserved. R ep ro d u ctio n is Strictly P ro h ib ite d .
Ethical Hacking a n d C o u n te rm e a s u re s
F o o tp rin tin g a n d R e c o n n a issa n c e
Exam 3 1 2 -5 0 C ertified Ethical H acker
F o o t p r in t in g M e t h o d o lo g y
Footprinting through Search
Engines
WHOIS Footprinting
Website Footprinting
DNS Footprinting
Email Footprinting
Network Footprinting
Competitive Intelligence
Footprinting through Social
Engineering
Footprinting using Google
Footprinting through Social
Networking Sites
E H
Copyright © by EG-G*ancil. All Rights Reserved. Reproduction is Strictly Prohibited.
I— ^
F o o tp r in tin g
M e th o d o lo g y
The fo o tp rin tin g m etho d olog y is a procedural way o f co lle ctin g in fo rm a tio n about a
ta rg e t organization fro m all available sources. It deals w ith gathering in fo rm a tio n abo u t a targe t
organization,
d e te rm in in g URL, location, establishm ent details, num ber o f em ployees, the
specific range o f dom ain names, and contact in fo rm a tio n . This in fo rm a tio n can be gathered
fro m various sources such as search engines, W hois databases, etc.
Search engines are the main in fo rm a tio n sources w here you can find valuable in fo rm a tio n
about y o u r ta rg e t o rg an iza tion . Therefore, firs t we w ill discuss fo o tp rin tin g throu g h search
engines. Here we are going to discuss how and w h a t in fo rm a tio n we can collect throu g h search
engines.
Examples o f search engines include: w w w .g o o g le .c o m ,w w w .y a h o o .c o m ,w w w .bing.com
M o d u le 0 2 P ag e 110
Ethical H acking a n d C o u n te rm e a s u re s C opyright © by EC-C0UnCil
All Rights R eserved. R ep ro d u ctio n is Strictly P ro h ib ite d .
Ethical Hacking a n d C o u n te rm e a s u re s
F o o tp rin tin g a n d R e c o n n a issa n c e
F o o tp r in tin g
Exam 3 1 2 -5 0 C ertified Ethical H acker
th ro u g h
S e a rc h
E n g in e s
A tta cke rs use search e n gines to e x tra c t
in fo rm a tio n a b o u t a ta r g e t such as
te c h n o lo g y p la tfo rm s , e m p lo y e e de ta ils,
login pages, in tra n e t p o rta ls , etc. w h ic h
Microsoft
»0aMus•»»!*•>>**•rcicspthi
Mciim*Cxivxaco
MC.rr 1nmAnmw
helps in p e rfo rm in g social e n g in e e rin g and
M icrosoft
o th e r ty p e s o f ad vanced system a ttacks
ndP»>bur*, Ajn4 1V:
J
■
MCDMTzerperator
nth■
Search e n g in e cache m a y p ro v id e s e n s itiv e
i1m:amiiwm 1yw<n•wm ■MiMSOOS<11Mr*&
IIMl
tv|h*tiV.row*Midm Int 31aptntnj
in fo rm a tio n th a t has been re m o v e d fro m
11bM-nar«'MI*1he•hut tot• crtMdan■MmjMhiM
trfQur•* *rtV/Kti
*1mMarot* •‫«»>»*״‬
Snc. in• 1*101 11• <pnu>V'‫• «׳‬tn«w •-••‫* אי‬an
s* ‫יי‬
th e W o rld W id e W eb (W W W )
F o o tp r in tin g th r o u g h
S e a r c h E n g in e s
w , -----
A w eb search engine is designed to search fo r in fo rm a tio n on the W orld W ide W eb.
The search results are generally presented in a line o f results o fte n referred to as search engine
results pages (SERPs). In the present w o rld , many search engines a llo w you to e xtract a ta rg e t
organization's in fo rm a tio n such as technology platform s, em ployee details, login pages,
in tra n e t portals, and so on. Using this in fo rm a tio n , an a ttacker may build a hacking stra teg y to
break in to the ta rg e t organization's n e tw o rk and may carry o u t o th e r types o f advanced system
attacks. A Google search could reveal submissions to forum s by security personnel th a t reveal
brands o f fire w a lls or a n tiviru s s o ftw a re in use at the target. Som etim es even n e tw o rk
diagrams are fou n d th a t can guide an attack.
If you w a n t to fo o tp rin t the ta rg e t organization, fo r exam ple XYZ pvt ltd, the n type XYZ pvt ltd in
the Search box o f the search engine and press Enter. This w ill display all the search results
containing the keywords "XYZ pvt ltd ." You can even n arro w dow n the results by adding a
specific keyw ord w h ile searching. Furtherm ore, we w ill discuss o th e r fo o tp rin tin g tech n iq ue s
such as w ebsite fo o tp rin tin g and em ail Footprinting.
For exam ple, consider an organization, perhaps M icroso ft. Type M icro so ft in the Search box o f
a search engine and press Enter; this w ill display all the results containing in fo rm a tio n about
M icroso ft. Browsing the results may provide critical in fo rm a tio n such as physical lo ca tion ,
M o d u le 0 2 P ag e 111
Ethical H acking a n d C o u n te rm e a s u re s C opyright © by EC-C0UnCil
All Rights R eserved. R ep ro d u ctio n is Strictly P ro h ib ite d .
Ethical Hacking a n d C o u n te rm e a s u re s
F o o tp rin tin g a n d R e c o n n a issa n c e
Exam 3 1 2 -5 0 C ertified Ethical H acker
co nta ct address, the services o ffered, n um ber o f em ployees, etc. th a t may prove to be a
valuable source fo r hacking.
O © wcbcachc.googleusercontent.com
scarch?q-cache:ARbFVg INvoJ:cn.wikipcdia.org/wiki/Micn &
,‫|ן‬
This is Google's cache of http i/e n wikipedia 0rgAviki/Microsoft t is a snapshot of the page as it appeared on 17 Jul 2012 13:15:03
GMT The current page could have changed in the meantirre Learn more
Text-only /ersicn
Create account & Log in
Read
View source
View history
Microsoft
- 47'38*22 55‫״‬N 122‘74242‫־‬W
From Wikipedia. the free encyclopedia
Main page
Contents
Featured content
Current events
Random artide
Donate to vviKipeaia
Interaction
Help
About Wikipedia
Community portal
Recent changes
Contact Wikipedia
► Print/export
▼ Languages
Microsoft Corporation (NASDAQ: MSFTt? ) is ar American
multinational corporation headquartered n ReJrrond.
Washington. United States that develops, manufactures
licenses, and supports a wide range cf products ard services
rolatod to computing. Tho company was foundoc by Bill Gatos
and Paul Allen on Apr J 4. 1975. Microsoft is the world's largest
software corporation measured by revenues
Microsoft was established to develop and sell BASC
inteipieteis foi the Altai! 8800 II rose 1 0 dominate the home
computer operating system market wth MS-OOS n the mid•
1980s followed by the Microsoft Wndows line of operating
systems The company’s 1986 initial public oferng. and
subsequent rise in the share price, created ar estimated three
billionaires and 12.000 millionaires from Microsoft employees
Since the 1990s. the company has increasingly dr\ersrf1 ed from
the operating system market. In May 2011 Microsoft acquired
Skype for $8 5 billion in its largest acquisition to date PI
Microsort corporation
M
ic r o s o f t ‫׳‬
Type
Rjblc
Traded as
NASDAQ: MSFT ^
SEHK: 4333 (£>
Cow Jones Industrial Average
component
NASDAQ-100 component
S&P50D component
Induttry
Computer tofiwar•
Onlir• t#rvic♦•
Video gorroo
Founded
Albuquerque, New Mexico,
United States (April 4,1975)
Founder(•)
Bill Gates, Paul Alien
Headquarters Microsoft Redmond Campts,
FIGURE 2 .1 : S c re e n s h o t s h o w in g in fo r m a tio n a b o u t M ic ro s o ft
As an ethical hacker, if you find any sensitive in fo rm a tio n o f yo u r com pany in the search engine
result pages, you should
rem ove th a t in fo rm a tio n . A lthough you
rem ove the sensitive
in fo rm a tio n , it may still be available in a search engine cache. Therefore, you should also check
the search engine cache to ensure th a t the sensitive data is rem oved p e rm a n e n tly.
M o d u le 0 2 P ag e 112
Ethical H acking a n d C o u n te rm e a s u re s C opyright © by EC-C0UnCil
All Rights R eserved. R ep ro d u ctio n is Strictly P ro h ib ite d .
Ethical Hacking a n d C o u n te rm e a s u re s
F o o tp rin tin g a n d R e c o n n a issa n c e
F in d in g
Exam 3 1 2-50 C ertified Ethical H acker
C o m p a n y ’s E x t e r n a l a n d
C E H
In te rn a l U R L s
Tools to Search Internal URLs
Search fo r th e ta rg e t com pany's exte rna l URL
in a search engine such as Google o r Bing
Interna l URLs pro v id e an in sig h t in to
d iffe re n t d e p a rtm e n ts and business u n its in
5
h ttp ://n e w s .n e tc ra ft.c o m
6
h ttp ://w w w .w e b m a ste r-a .c o m /
lin k -e x tra c to r-in te rn a l.p h p
an organization
You m ay fin d an in te rn a l com pany's URL by
tria l and e rro r m e th o d
A
Internal URL’s of microsoft.com
t)
su p p o rt.m ic ro so ft.c o m
e
o ffic e .m ic ro so ft.c o m
s
se a rc h .m ic ro so ft.c o m
0
m sd n .m ic ro so ft.c o m
O u p d a te .m ic ro so ft.co m
6
tech n et.m ic ro so ft.co m
0
w in d o w s.m icro so ft.co m
f j
^
,
Copyright © by EG-G(IIIICil. All Rights Reserved. Reproduction is Strictly Prohibited.
F in d in g
C o m p a n y ’s E x te rn a l a n d In te r n a l U R L s
A com pany's external and internal URLs provide a lo t o f useful in fo rm a tio n to the
attacker. These URLs describe the com pany and provide details such as the com pany mission
and vision, history, products or services o ffered, etc. The URL th a t is used o u tsid e th e co rp o ra te
n e tw o rk fo r accessing the com pany's vault server via a fire w a ll is called an external URL. It links
d ire ctly to the com pany's external w eb page. The ta rg e t com pany's external URL can be
dete rm ine d w ith the help o f search engines such as Google o r Bing.
If you w a n t to find the external URL o f a com pany, fo llo w these steps:
1.
Open any o f the search engines, such as Google or Bing.
2.
Type th e name o f the ta rg e t com pany in the Search box and press Enter.
The in terna l URL is used fo r accessing the com pany's va ult server d ire ctly inside th e corporate
n etw o rk. The in terna l URL helps to access the internal fun ctio ns o f a com pany. M ost companies
use com m on fo rm a ts fo r in terna l URLs. Therefore, if you know th e e xte rn a l URL o f a com pany,
you can p redict an in terna l URL throu g h tria l and error. These in terna l URLs provide insight into
d iffe re n t d ep a rtm e nts and business units in an organization. You can also find the in terna l URLs
o f an organization using tools such as netcraft.
Tools to Search In te rn a l URLs
M o d u le 0 2 P ag e 113
Ethical H acking a n d C o u n te rm e a s u re s C opyright © by EC-C0UnCil
All Rights R eserved. R ep ro d u ctio n is Strictly P ro h ib ite d .
Ethical Hacking a n d C o u n te rm e a s u re s
F o o tp rin tin g a n d R e c o n n a issa n c e
Exam 3 1 2 -5 0 C ertified Ethical H acker
N e tc ra ft
Source: h ttp ://n e w s .n e tc ra ft.c o m
N e tcra ft deals w ith w eb server, w eb hosting m arke t-sh are analysis, and operating
system d ete ction . It provides free anti-phishing to o lb a r (Net cra ft to o lb a r) fo r Firefox as w ell as
In te rn e t Explorer browsers. The n etcra ft to o lb a r avoids phishing attacks and p rotects the
In te rn e t users fro m fraudsters. It checks th e risk rate as w ell as the hosting location o f the
w ebsites we visit.
L in k E x tra c to r
Source: h ttp ://w w w .w e b m a s te r-a .c o m /lin k -e x tra c to r-in te rn a l.p h p
Link E xtractor is a link extraction u tility th a t allows you to choose betw een external and internal
URLs, and w ill re turn a plain list o f URLs linked to or an h tm l list. You can use this u tility to
c o m p e tito r sites.
Examples o f in te rn a l URLs o f m icro so ft.co m :
©
su pp o rt.m icro so ft.co m
©
o ffice .m icroso ft.co m
©
search.m icrosoft.com
©
m sdn.m icrosoft.com
©
u pd ate.m icrosoft.com
©
tech n e t.m icro so ft.co m
©
w in d ow s.m icro so ft.co m
M o d u le 0 2 P ag e 114
Ethical H acking a n d C o u n te rm e a s u re s C opyright © by EC-C0UnCil
All Rights R eserved. R ep ro d u ctio n is Strictly P ro h ib ite d .
Ethical Hacking a n d C o u n te rm e a s u re s
F o o tp rin tin g a n d R e c o n n a issa n c e
Exam 3 1 2 -5 0 C ertified Ethical H acker
P u b lic a n d R e s t r ic t e d W e b s it e s
C E H
Urt1fw4
ilh iu l lUtbM
WelcometoMicrosoft
Irocua
Dt+noaSz
Sicuity Stifpcrt Su
http://www.microsoft.com
Public Website
http://offlce.microsoft.com
http://answers.microsoft.com
R estricted Website
Copyright © by EG-G(IIIICil. All Rights Reserved. Reproduction is Strictly Prohibited.
P u b lic
a n d R e s t r ic t e d W e b s ite s
—___ , A public w ebsite is a w ebsite designed to show the presence o f an organization on the
Inte rn e t. It is designed to a ttra c t custom ers and p artners. It contains in fo rm a tio n such as
com pany history, services and products, and contact in fo rm a tio n o f the organization.
The fo llo w in g screenshot is an exam ple o f a public w ebsite:
Source: h ttp ://w w w .m ic ro s o ft.c o m
M o d u le 0 2 P ag e 115
Ethical H acking a n d C o u n te rm e a s u re s C opyright © by EC-C0UnCil
All Rights R eserved. R ep ro d u ctio n is Strictly P ro h ib ite d .
Ethical Hacking a n d C o u n te rm e a s u re s
F o o tp rin tin g a n d R e c o n n a issa n c e
Exam 3 1 2 -5 0 C ertified Ethical H acker
FIGURE 2 .2 : A n e x a m p le o f p u b lic w e b s ite
A restricted w ebsite is a w ebsite th a t is available to only a fe w people. The people may be
em ployees o f an organization, m em bers o f a d ep a rtm e n t, etc. R estrictions can be applied
based on the IP num ber, dom ain or subnet, username, and password.
Restricted
or
private
w ebsites
of
m icrosoft.com
include:
h ttp ://te c h n e t.m ic ro s o ft.c o m ,
h ttp ://w in d o w s .m ic ro s o ft.c o m , h ttp ://o ffic e .m ic ro s o ft.c o m , and h ttp ://a n s w e rs .m ic ro s o ft.c o m .
M o d u le 0 2 P ag e 116
Ethical H acking a n d C o u n te rm e a s u re s C opyright © by EC-C0UnCil
All Rights R eserved. R ep ro d u ctio n is Strictly P ro h ib ite d .
Ethical Hacking a n d C o u n te rm e a s u re s
F o o tp rin tin g a n d R e c o n n a issa n c e
4‫־‬
C
Exam 3 1 2-50 C ertified Ethical H acker
Hc*w*OT*<r©10‫״‬U0*n
M icrosoft |TechNet
Wi*•
I TKMCINfMS
IVMUAIIOM
iMMI
IK
fVINIl
.<*<»%
Supl**•'
U*VKTU*I%
<
IKHM lM kOC
Discover the New Office for IT Prc
‫י י » *זי‬0*
|(«4a> tNc«r
iecK ew r Shw1»ew1 » 1 >•
I Tc<»C«mer Ntw Office 10*IT*tot
IW ftM T IjcMno« W I *o
I V^* <
jq *o‫ ׳‬S«e 0*Ve X i l n t e w
I«K «‫*׳‬er
bcneJO Il ‫י‬
E ZESZ1
N BO U n
lUMOtt
■WACtt
U V f jm
MW—.0*01
Welcome to Office
F - .
ML
i
with Office
365
FIGURE 2 .3 : E xam p le s o f P u b lic a n d R e s tric te d w e b s ite s
M o d u le 0 2 P ag e 117
Ethical H acking a n d C o u n te rm e a s u re s C opyright © by EC-C0UnCil
All Rights R eserved. R ep ro d u ctio n is Strictly P ro h ib ite d .
Ethical Hacking a n d C o u n te rm e a s u re s
F o o tp rin tin g a n d R e c o n n a issa n c e
C
o lle c t
Exam 3 1 2 -5 0 C ertified Ethical H acker
L o c a tio n
I n f o r m
a t io n
C E H
Use Google Earth tool to get the location of the place
C o lle c t L o c a tio n I n f o r m a t io n
In fo rm a tio n such as physical location o f the organization plays a vital role in the
hacking process. This in fo rm a tio n can be obtained using the fo o tp rin tin g technique. In a ddition
to physical location, we can also collect in fo rm a tio n such as surrounding public Wi-Fi hotspots
th a t may prove to be a way to break in to th e ta rg e t o rg a n iza tio n 's n e tw o rk .
A ttackers w ith the know ledge o f a ta rg e t organization's location may a tte m p t d um pste r diving,
surveillance, social engineering, and o th e r non-technical attacks to
gather much
m ore
in fo rm a tio n abo u t the ta rg e t organization. Once the location o f the ta rg e t is know n, detailed
sa tellite images o f the location can be obtained using various sources available on the In te rn e t
such as h ttp ://w w w .g o o g le .c o m /e a rth and h ttp s://m a p s.g o o g le .co m . A ttackers can use this
in fo rm a tio n to gain u n a u th o rize d access to buildings, w ired and wireless netw orks, systems,
and so on.
Exam ple: earth .g oo g le.co m
Google Earth is a valuable to o l fo r hacking th a t allows you to fin d a location, point, and zoom
in to th a t location to explore. You can even access 3D images th a t depict m ost o f the Earth in
high-resolution detail.
M o d u le 0 2 P ag e 118
Ethical H acking a n d C o u n te rm e a s u re s C opyright © by EC-C0UnCil
All Rights R eserved. R ep ro d u ctio n is Strictly P ro h ib ite d .
Ethical Hacking a n d C o u n te rm e a s u re s
F o o tp rin tin g a n d R e c o n n a issa n c e
* Pldcwe
Exam 3 1 2 -5 0 C ertified Ethical H acker
* ‫יג*י‬
U, PI0C63
C ‫ ט‬farperar/Phcej
* Liytit
S 0
Je
Q«>flr«wr1cvyec
O S fto•*
5
O BuMngo
t£ '* :troct >‘osv
* HrBcrln <rdLateti
□ Q ►011c
‫ ם י‬o ‫**־׳־‬
5. 0
*
OflHory
&Dt
• □ v ODCviAwirvrwvt
Ftaeeeofiwrroit
‫ ס ם י‬Mo•
B fcffim
FIGURE 2 .4 : G o o g le E arth s h o w in g lo c a tio n
Exam ple: m aps.google.com
Google Maps provides a S treet V iew fe a tu re th a t provides you w ith a series o f images o f
building, as w ell as its surroundings, including WI-FI n e tw o rks. A ttackers may use Google Maps
to find or locate entrances to buildings, security cameras, gates, places to hide, w eak spots in
p e rim e te r fences, and u tility resources like e le ctricity connections, to measure distance
betw een d iffe re n t objects, etc.
.‫־‬
=ssa
C fi https' maps.google.fc
•You
Starch
Imago*
Mall
.» \ l
Oocuinont•
Calondai
Shot
ConUctt
Map •
Google
G«t ArtcM**•
My piac•!
A
oo
<
Om Okxh S«*fchn#*rby S*v»tom*p mor*»
*•port • poC4«m. U«C* L*M• H«lp
Ooogi• U«e* ■•M i: Ooo#• rwim 01 Um • * ‫*♦יי‬
FIGURE 2 .5 : G o o g le M a p s s h o w in g a S tre e t V ie w
M o d u le 0 2 P ag e 119
Ethical H acking a n d C o u n te rm e a s u re s C opyright © by EC-C0UnCil
All Rights R eserved. R ep ro d u ctio n is Strictly P ro h ib ite d .
Ethical Hacking a n d C o u n te rm e a s u re s
F o o tp rin tin g a n d R e c o n n a issa n c e
Exam 3 1 2-50 C ertified Ethical H acker
P e o p le
S e a r c h
C E H
In f o r m a t io n a b o u t a n in d iv id u a l c a n b e
T h e p e o p le search re tu rn s th e fo llo w in g
f o u n d a t v a r io u s p e o p le s e a rc h
in fo rm a tio n a b o u t a p e rs o n :
w e b s ite s
frfi
“
Residential addresses and email addresses
S
Contact numbers and date of birth
S
Photos and social networking profiles
£
Blog URLs
S Satellite pictures of private residencies
P‘P*
! i s
2!;‫״‬
K
ttje
O.I*
,
tan CA.U»we*•«*•■<*U
http://w w w .spokeo.com
http://pipl.com
Copyright © by EG-C*ancil. All Rights Reserved. Reproduction is Strictly Prohibited.
P e o p le
S e a rc h
You can use the public record w ebsites to find in fo rm a tio n about
people's email
addresses, phone num bers, house addresses, and o th e r in fo rm a tio n . Using this in fo rm a tio n you
can try to obtain bank details, cre d it card details, m obile num bers, past history, etc. There are
m any people search online services available th a t help find people, h ttp ://p ip l.c o m and
h ttp ://w w w .s p o k e o .c o m are examples o f people search services th a t a llow you to search fo r
the people w ith th e ir name, em ail, username, phone, or address.
These people search services m ay p ro vid e in fo rm a tio n such as:
Q
Residential addresses and em ail addresses
O
Contact num bers and date o f b irth
Q
Photos and social n e tw o rkin g profiles
©
Blog URLs
©
Satellite pictures o f p riva te residences
M o d u le 0 2 P ag e 120
Ethical H acking a n d C o u n te rm e a s u re s C opyright © by EC-C0UnCil
All Rights R eserved. R ep ro d u ctio n is Strictly P ro h ib ite d .
Ethical Hacking a n d C o u n te rm e a s u re s
F o o tp rin tin g a n d R e c o n n a issa n c e
M o d u le 0 2 P ag e 121
Exam 3 1 2-50 C ertified Ethical H acker
Ethical H acking a n d C o u n te rm e a s u re s C opyright © by EC-C0UnCil
All Rights R eserved. R ep ro d u ctio n is Strictly P ro h ib ite d .
E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s
Exam
312-50 C e r t i f i e d
E t h ic a l H a c k e r
F o o t p r in t in g a n d R e c o n n a is s a n c e
People Search Online Services CEH
M
M
Zaba Search
123 People Search
http://www.zabasearch.com
http://www.123people, com
C
Zoomlnfo
%
http://www.zoominfo.com
PeekYou
http://www.peekyou.com
W ink People Search
Intelius
http://wink.com
http://www.intelius.com
AnyW ho
PeopleSmart
http://www.anywho.com
&
http://www.peoplesmart.com
m o• I P
V / >— J
http://www.whitepages.com
People Lookup
WhitePages
https://www.peoplelookup.com
S®
Copyright © by EG-G(IIIICil. All Rights Reserved. Reproduction is Strictly Prohibited.
.3 ;►
P e o p le
—
‫׳׳‬
S e a r c h
O
n l i n e
S e r v ic e s
A t p r e s e n t, m a n y I n t e r n e t u s e rs a re u s in g p e o p le s e a rc h e n g in e s t o fin d
in fo rm a tio n
a b o u t o t h e r p e o p le . M o s t o fte n p e o p le s e a rc h e n g in e s p ro v id e p e o p le 's n a m e s , a d d re s s e s , a n d
c o n ta c t d e ta ils . S o m e
does,
b u s in e s s e s
p e o p le
owned
by
se a rc h
a
e n g in e s
p e rs o n ,
m ay
c o n ta c t
a ls o
reveal th e
n u m b e rs,
ty p e
com pany
o f w o rk
e m a il
an
in d iv id u a l
a d d re ss e s ,
m o b ile
n u m b e r s , fa x n u m b e r s , d a te s o f b ir t h , p e r s o n a l - m a il a d d re s s e s , e tc . T h is i n f o r m a t i o n p r o v e s t o
b e h ig h ly b e n e fic ia l f o r a tta c k e r s t o la u n c h a tta c k s .
S o m e o f t h e p e o p le s e a rc h e n g in e s a re lis te d as f o llo w s :
Z a b a
S e a r c h
S o u rce : h ttp ://w w w .z a b a s e a rc h .c o m
Zaba
S e a rch
is
a
p e o p le
s e a rch
e n g in e
n u m b e r , c u r r e n t lo c a tio n , e tc . o f p e o p le
th a t
in t h e
p ro v id e s
in fo rm a tio n
such
as
a d d re ss,
US. It a llo w s y o u t o s e a r c h f o r p e o p l e
phone
b y th e ir
name.
Z o o m ln f o
S o u rce : h ttp ://w w w .z o o m in fo .c o m
M o d u le
02 P a g e 122
E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s C o p y r ig h t © b y E C -C
0U n C il
A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d .
E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s
Exam
312-50 C e r t i f i e d
E t h ic a l H a c k e r
F o o t p r in t in g a n d R e c o n n a is s a n c e
Zoom
I n f o is a b u s i n e s s p e o p l e d i r e c t o r y u s i n g w h i c h y o u c a n f i n d
p ro fe s s io n a l
p ro file s ,
b io g ra p h ie s , w o r k
h is to rie s ,
a ffilia tio n s ,
b u s in e s s c o n ta c ts , p e o p le 's
lin k s t o
e m p lo y e e
p ro file s
w ith
v e rifie d c o n ta c t in fo rm a tio n , a n d m o re .
W
‫צ_ו‬
in k
P e o p le
S e a rc h
E.
S o u rce : h ttp ://w in k .c o m
W i n k P e o p l e S e a r c h is a p e o p l e s e a r c h e n g i n e t h a t p r o v i d e s i n f o r m a t i o n a b o u t p e o p l e b y n a m e
a n d l o c a t io n . It g iv e s p h o n e n u m b e r , a d d r e s s , w e b s it e s , p h o t o s , w o r k , s c h o o l, e tc .
‫״‬
A n y W
h o
S o u rce : h ttp ://w w w .a n y w h o .c o m
A n y W h o is a w e b s i t e t h a t h e l p s y o u f i n d
in f o r m a t io n a b o u t p e o p le , t h e ir b u s in e s s e s , a n d t h e ir
l o c a t i o n s o n l i n e . W i t h t h e h e l p o f a p h o n e n u m b e r , y o u c a n g e t a ll t h e d e t a i l s o f a n i n d i v i d u a l .
P e o p le
L o o k u p
S o u rc e: h ttp s ://w w w .p e o p le lo o k u p .c o m
P e o p l e L o o k u p is a p e o p l e s e a r c h e n g i n e t h a t a l l o w s y o u t o f i n d , l o c a t e , a n d t h e n c o n n e c t w i t h
p e o p l e . It a ls o a llo w s y o u t o lo o k u p a p h o n e n u m b e r , s e a rc h f o r c e ll n u m b e r s , f i n d a n a d d r e s s
o r p h o n e n u m b e r , a n d s e a r c h f o r p e o p l e in t h e U S. T h is d a t a b a s e u s e s i n f o r m a t i o n f r o m
p u b lic
re co rd s.
1 2 3
P e o p le
S e a r c h
S ource: h t t p : / / w w w . 1 2 3 p e o p l e . c o m
123
P e o p le S e a rc h
is a p e o p l e
s e a rc h to o l th a t a llo w s y o u
to
fin d
in fo rm a tio n
such
as p u b lic
re c o rd s , p h o n e n u m b e r s , a d d re s s e s , im a g e s , v id e o s , a n d e m a il a d d re s s e s .
P e e k Y o u
S o u rce : h ttp ://w w w .p e e k y o u .c o m
PeekYou
is
a
p e o p le
se a rc h
e n g in e
th a t
a llo w s
you
to
se a rch
fo r
p ro file s
and
c o n ta c t
i n f o r m a t i o n o f p e o p l e in I n d i a a n d c i t i e s ' t o p e m p l o y e r s a n d s c h o o l s . It a l l o w s y o u t o s e a r c h f o r
th e p e o p le w ith th e ir n a m e s o r u s e rn a m e s .
I n t e liu s
S o u rce : h ttp ://w w w .in te liu s .c o m
I n t e l i u s is a p u b l i c r e c o r d s b u s i n e s s t h a t p r o v i d e s i n f o r m a t i o n s e r v i c e s .
It a llo w s y o u t o s e a rc h
f o r t h e p e o p l e in U S w i t h t h e i r n a m e , a d d r e s s , p h o n e n u m b e r , o r e m a i l a d d r e s s .
M o d u le
02 P a g e 123
E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s C o p y r ig h t © b y E C -C
0U n C il
A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d .
E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s
Exam
312-50 C e r t i f i e d
E t h ic a l H a c k e r
F o o t p r in t in g a n d R e c o n n a is s a n c e
P e o p le S m a r t
S o u rce : h ttp ://w w w .p e o p le s m a r t.c o m
P e o p l e S m a r t is a p e o p l e s e a r c h s e r v i c e t h a t a l l o w s y o u t o f i n d p e o p l e ' s w o r k i n f o r m a t i o n w i t h
t h e i r n a m e , c i t y , a n d s t a t e . In a d d i t i o n , i t a l l o w s y o u t o
p e rfo rm
re ve rse p h o n e
lo o k u p s , e m a il
s e a rc h e s , s e a rc h e s b y a d d re s s , a n d c o u n ty se a rch e s.
M o d u le
02 P a g e 124
E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s C o p y r ig h t © b y E C -C
0U n C il
A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d .
E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s
Exam
312-50 C e r t i f i e d
E t h ic a l H a c k e r
F o o t p r in t in g a n d R e c o n n a is s a n c e
W h ite P a g e s
S o u rce : h ttp ://w w w .w h ite p a g e s .c o m
W h ite P a g e s
is a p e o p l e
se a rc h
e n g in e
th a t
p ro v id e s
in fo rm a tio n
about
p e o p le
by
nam e
and
lo c a tio n . U s in g t h e p h o n e n u m b e r , y o u c a n f in d t h e p e r s o n 's a d d re s s .
M o d u le
02 P a g e 125
E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s C o p y r ig h t © b y E C -C
0U n C il
A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d .
E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s
312-50 C e r t i f i e d
Exam
E t h ic a l H a c k e r
F o o t p r in t in g a n d R e c o n n a is s a n c e
People SearchonSocial
Networking Services
CEH
http://www.facebook. com
http://www.Iinkedin.com
r Google♦
ft
R30er Feoerer
mrtKbm IlH 1 ti t tIKSt Bo—1
m
towp»m 1*»
‫י־‬
I M S « ‫*־‬
http://twitter.com
https://plus,google,com
Copyright © by EG-G(IIIICil. All Rights Reserved. Reproduction is Strictly Prohibited.
P e o p le
S e a r c h
o n
S o c ia l
N
e t w
o r k i n g
S e r v ic e s
S e a r c h i n g f o r p e o p l e o n s o c i a l n e t w o r k i n g w e b s i t e s is e a s y . S o c i a l n e t w o r k i n g s e r v i c e s
a re
th e
o n lin e
s e rv ic e s ,
p la tfo rm s ,
or
s ite s
th a t
fo c u s
on
fa c ilita tin g
th e
b u ild in g
of
s o c ia l
n e t w o r k s o r s o c i a l r e l a t i o n s a m o n g p e o p l e . T h e s e w e b s i t e s p r o v i d e i n f o r m a t i o n t h a t is p r o v i d e d
b y u se rs. H e re , p e o p le a re d ir e c tly o r in d ir e c tly re la te d t o e a c h o th e r b y c o m m o n in te re s t, w o r k
lo c a tio n , o r e d u c a tio n a l c o m m u n itie s , e tc .
S o c ia l n e t w o r k i n g s ite s a l l o w
a re
u p d a te d
in
a n n o u n c e m e n ts
rea l tim e .
and
p e o p le t o s h a re in f o r m a t io n q u ic k ly a n d e f f e c tiv e ly as th e s e s ite s
It a llo w s
in v ita tio n s ,
u p d a tin g
and
fa c ts
about
u p c o m in g
so o n . T h e r e f o r e , s o c ia l
o r c u rr e n t e v e n ts ,
n e tw o rk in g
s ite s
p ro v e
rece n t
to
be
a
g re a t p la t f o r m f o r s e a rc h in g p e o p le a n d t h e ir r e la te d in fo r m a tio n . T h r o u g h p e o p le s e a rc h in g o n
s o c i a l n e t w o r k i n g s e r v i c e s , y o u c a n g a t h e r c r it ic a l i n f o r m a t i o n t h a t w i l l b e h e l p f u l in p e r f o r m i n g
s o c ia l e n g in e e r in g o r o t h e r k in d s o f a tta c k s .
M a n y s o c ia l n e t w o r k i n g s ite s a llo w v is it o r s t o s e a rc h f o r p e o p le w i t h o u t r e g is t r a t io n ; t h is m a k e s
p e o p le s e a r c h in g o n s o c ia l n e t w o r k i n g s ite s a n e a s y ta s k f o r y o u . Y o u c a n s e a rc h a p e r s o n u s in g
n a m e , e m a i l , o r a d d r e s s . S o m e s i t e s a l l o w y o u t o c h e c k w h e t h e r a n a c c o u n t is c u r r e n t l y i n u s e
o r n o t. T h is a llo w s y o u t o c h e c k t h e s ta tu s o f t h e p e r s o n y o u a re lo o k in g fo r.
S o m e o f s o c ia l n e t w o r k i n g s e rv ic e s a re as f o llo w s :
M o d u le
02 P a g e 126
E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s C o p y r ig h t © b y E C -C
0U n C il
A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d .
E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s
Exam
312-50 C e r t i f i e d
E t h ic a l H a c k e r
F o o t p r in t in g a n d R e c o n n a is s a n c e
F a c e b o o k
S o u rce : h ttp ://w w w .fa c e b o o k .c o m
F a c e b o o k a llo w s y o u t o s e a rc h f o r p e o p le , t h e ir f r ie n d s , c o lle a g u e s , a n d p e o p le liv in g
a ro u n d
th e m
and
o th e rs
p ro fe s s io n a l in fo r m a tio n
w ith
w hom
th e y
a re
a ffilia te d .
In
a d d itio n , y o u
can
a ls o
s u c h as t h e ir c o m p a n y o r b u s in e s s , c u r r e n t lo c a tio n , p h o n e
fin d
th e ir
n u m b e r,
e m a i l ID , p h o t o s , v i d e o s , e t c . It a l l o w s y o u t o s e a r c h f o r p e o p l e b y u s e r n a m e o r e m a i l a d d r e s s .
facebook
□
Carmen f lectra
Sear<* for people, pieces and tv ig i
About *
Anefere of *emd-wett. Carmen grew near Cmanno•.
900. and got her frtt b»M* whan a tcout for *nnce
apottod her danang and e*ed her to come and audfton for
Can«an wroto a book, >to»* toBeSexy'wfvtftwat
pubftrfted by Random Houae. In •‫ •י‬book Carman conveyi
*tat a sold t*d*r«tandng • f one• •vw •alf • »«a cora
Canoe* a Mothe fe e of Me* factor ,a brand that ‫ ״‬a•
W t J *moot 100 year! ago and • •nwedetaJy Mad to
>10»1‫«׳‬aod1 *oat beeutAJ facaa. Carmen'• partner*?
Me! factor V a tu rt
n rv and pm
M!r«
FIGURE 2.7: Facebook a social networking service to search for people across the world
L in k e d ln
1
J
S o u rce : h ttp ://w w w .lin k e d in .c o m
L i n k e d l n is a s o c i a l n e t w o r k i n g w e b s i t e f o r p r o f e s s i o n a l p e o p l e . I t a l l o w s y o u t o f i n d p e o p l e b y
n a m e , k e y w o r d , c o m p a n y , s c h o o l, e tc . S e a rc h in g f o r p e o p le o n
such
as n a m e , d e s ig n a tio n , n a m e
L in k e d ln g iv e s y o u in f o r m a t io n
o f c o m p a n y , c u r r e n t lo c a tio n , a n d
e d u c a tio n
q u a lific a tio n s ,
b u t t o u s e L in k e d ln y o u n e e d t o b e r e g is t e r e d w i t h t h e s ite .
T w it t e r
S o u rce : h ttp ://tw itte r .c o m
M o d u le
02 P a g e 127
E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s C o p y r ig h t © b y E C -C
0U n C il
A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d .
E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s
Exam
312-50 C e r t i f i e d
E t h ic a l H a c k e r
F o o t p r in t in g a n d R e c o n n a is s a n c e
T w itte r
is
a
s o c ia l
n e tw o rk in g
s e rv ic e
th a t
a llo w s
p e o p le
to
send
and
re a d
te x t
m essages
( t w e e t s ) . E v e n u n r e g is t e r e d u s e rs c a n r e a d t w e e t s o n t h is s ite .
FIGURE 2.9: Twitter screenshot
M o d u le
02 P a g e 128
E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s C o p y r ig h t © b y E C -C
0U n C il
A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d .
E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s
Exam
312-50 C e r t i f i e d
E t h ic a l H a c k e r
F o o t p r in t in g a n d R e c o n n a is s a n c e
G o o g le +
S o u rce : h ttp s ://p lu s .g o o g le .c o m
G o o g l e + is a s o c i a l n e t w o r k i n g s i t e t h a t a i m s t o
m a k e s h a rin g o n th e w e b
re a l life . Y o u c a n g ra b a lo t o f u s e fu l in f o r m a t io n a b o u t u s e rs f r o m
m o r e lik e s h a r in g in
th is s ite a n d u s e it t o
hack
t h e ir s y s te m s .
FIGURE 2.10: Google+ screenshot
M o d u le
02 P a g e 129
E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s C o p y r ig h t © b y E C -C
0U n C il
A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d .
E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s
Exam
312-50 C e r t i f i e d
E t h ic a l H a c k e r
F o o t p r in t in g a n d R e c o n n a is s a n c e
Gather Information from
Financial Services
CEH
Copyright © by EG-G*ancil. All Rights Reserved. Reproduction Is Strictly Prohibited.
(>^
G
j
a t h e r
I n f o r m
a t i o n
f r o m
F i n a n c i a l
S e r v ic e s
F in a n c ia l s e rv ic e s s u c h as G o o g le F in a n c e , Y a h o o ! F in a n c e , a n d so o n p r o v id e a lo t o f
u s e fu l
in fo rm a tio n
such
as
th e
m a rke t
v a lu e
of
a
c o m p a n y 's
c o m p e t it o r d e ta ils , e tc . T h e in fo r m a t io n o ffe r e d v a rie s f r o m
sh a re s,
com pany
p ro file ,
o n e s e r v i c e t o t h e n e x t . In o r d e r t o
a v a il t h e m s e lv e s o f s e rv ic e s s u c h as e - m a il a le r t s a n d p h o n e a le rts , u s e rs n e e d t o r e g is t e r o n t h e
fin a n c ia l
s e rv ic e s . T h is
g iv e s
an
o p p o rtu n ity
fo r
an
a tta c k e r to
g ra b
u s e fu l
in fo rm a tio n
fo r
h a c k in g .
M any
fin a n c ia l
a c c o u n ts .
firm s
A tta c k e rs
re ly
can
on
web
o b ta in
access,
s e n s itiv e
p e rfo rm in g
and
p riv a te
tra n s a c tio n s ,
in fo rm a tio n
t h e f t , k e y lo g g e rs , e tc . A tta c k e r s ca n e v e n g ra b th is in f o r m a t io n
a n d e x p lo it it w i t h t h e
of
and
user
u s e rs
access to
u s in g
th e ir
in fo rm a tio n
b y im p le m e n tin g c y b e rc rim e s ,
h e lp o f n o n - v u ln e r a b le th r e a ts ( s o ftw a r e d e s ig n f la w e x a m p le ; b re a k in g
a u th e n tic a tio n m e c h a n is m ).
T h e fo llo w in g a re s o m e o f n o n -v u ln e ra b le th re a ts :
Q
S e rv ic e f lo o d in g
B ru te fo rc e a tta c k
S
M o d u le
P h is h in g
02 P a g e 130
E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s C o p y r ig h t © b y E C -C
0U n C il
A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d .
E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s
Exam
312-50 C e r t i f i e d
E t h ic a l H a c k e r
F o o t p r in t in g a n d R e c o n n a is s a n c e
FIGURE 2.11: Examples of financial services website for gathering information
M o d u le
02 P a g e 131
E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s C o p y r ig h t © b y E C -C
0U n C il
A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d .
E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s
Exam
312-50 C e r t i f i e d
E t h ic a l H a c k e r
F o o t p r in t in g a n d R e c o n n a is s a n c e
Footprinting through JobSites
CEH
Urt1fw4
You can gather company's
infrastructure details from
job postings
ilh iu l lUtbM
L o o k fo r th e se :
En:e‫־‬p3« Applicators EngincerfCBA
position larorauTio■
Aboa Us‫־‬
Sanre ISfti. t * WarJ k B»c\v» Faraiy c£ ( nnpjw t h».‫־‬r h«t>rornuylmc
bowmt to inlxtp’-l'adin( *slutkm in even *wt of
andlwrwflft
Wr04 town niciK*
e
Job req u irem en ts
6
Em ployee's profile
A C
© H ardw are in fo rm a tio n
£ H |
© S oftw a re in form a tion
tvHikuk *vl fu rirc w rt arr>^< to th*
tcol< rnvl tfthiology rijtfhWp
fcffli aireeed V * o il if pmvSnj. "Smice of 1‫־»וז' ז‬.‫*ו>ן‬1*‫ ז‬Fxrflm‫־‬r '
!0
0
W t eitaxi ths1aoe fe\el of Mrvke our aosl ■*witm* aisrt otr
u iv k tu v V { otf« Tftprttr. r lastnri and benefits, but out tbrtiztli it on
timJ‫ ־‬iltu f We fosta• a cisual but h*d uoriar.fi mwcnrxctt. ottmizt ftn
pati weafcepnfe apraantngticniwtha1
E x a m p le s o f J o b W e b s it e s
1
00
•AwnW m l <nf«|W« ‫׳‬o»* Ihiw ‫ « ׳‬afpW-tmon tnA-.i nri• for rorpotafr
««141 "Tm n.‫־‬l»V> hi* it nit 'nrit^l 1!‫ י‬Vfcrtoti'rt US. VfrtowA
.’rt: 0 an4 t'nAH Vfotigag. Nfirtotoft ShatrPomt
Cnrm
TUm VUtou* CRM \ ‫«׳‬-‫ י| > י‬M il Smrt 200< m<1200S
Tram
FoaJatM
'fO t aid 201(1, MiniwA SC0M. ‫ון‬1‫ י\ז»ז«מןיו‬rinflopwl
* 4 m n and r*vn \rtw r nvk •**‫« '׳«־‬rt?rd by Ihe ‫־‬omp‫׳‬nv
1
1
■ot K K « M r« d bldb
C0N1AU IMOMMAIMI
?00B3a1r|u1n tla*g kiuwtr tlg< oCWfcxJcwt « vn 2COV2008 Actvr
Oarv u•• MkanMMUjodndnctuitkaig (TCP IP vo4.DS'S *kIDHCP! Mu-.;
k*r>c ; i pmciL t vMh. ju l >out|j wmU^ k n e w u f NOciuvjH SQL 2303 aul
:0)8 Vkiwud
‫ י‬01 ( ‫ ״ז״ו‬#^ * lyxcai. WiumA 5>ka1rP.«t.
MkicxA CRM dul NLlivmA SCOM Mint !m<c
Pjdc* C• aui Pov»ct SbcB*.1Iftiikj
■.!*» ladw■( amlNctwuak fiaWu.luc l>c>t
co ‫״‬. ‫ ״‬c'iocjcb. SQL etc xvl cr MCTS, MCSE
* lu lu
CdutiUa Siiaicc u Network
ttn—n; or <q avd<«t «
h ttp ://w w w .m on ster.com
«
h ttp ://w w w .ca reerb u ild er.com
«
h ttp ://w w w .d ice .co m
*
h ttp ://w w w .sim p lyh ire d .co m
^
© h ttp ://w w w .in d eed .co m
1
1
1■
»
© h ttp ://w w w .u sa jo b s.g ov
Copyright © by EG-GWIIICil. All Rights Reserved. Reproduction is Strictly Prohibited.
F o o t p r i n t i n g
A tta c k e rs
can
v e rs io n s , c o m p a n y 's
fo o tp rin tin g
v a rio u s
t h r o u g h
g a th e r
v a lu a b le
in fra s tr u c tu r e
jo b
s ite s
J o b
in fo rm a tio n
d e ta ils , a n d
u s in g
S it e s
about
d a ta b a s e
d iffe re n t
used
by th e
schem a
te c h n iq u e s .
r e q u ir e m e n t s f o r jo b o p e n in g s , a tta c k e r s m a y b e a b le t o
in fo rm a tio n , a n d te c h n o lo g ie s
th e
k e y e m p l o y e e s lis t w i t h t h e i r e m a il a d d r e s s e s . T h is i n f o r m a t i o n
o f an
s y s te m ,
s o ftw a re
o rg a n iz a tio n , th r o u g h
D e p e n d in g
s tu d y th e
c o m p a n y . M o s t o f th e
an a tta c k e r . F o r e x a m p le , if a c o m p a n y w a n ts t o
o p e ra tin g
upon
th e
p o s te d
h a rd w a re , n e tw o rk -re la te d
c o m p a n y 's w e b s ite s h a v e a
m a y p ro ve to
b e b e n e fic ia l f o r
h ire a p e rs o n f o r a N e t w o r k A d m in is t r a t io n
jo b , it p o s ts t h e r e q u ir e m e n t s r e la te d t o t h a t p o s itio n .
M o d u le
02 P a g e 132
E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s C o p y r ig h t © b y E C -C
0U n C il
A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d .
E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s
Exam
312-50 C e r t i f i e d
E t h ic a l H a c k e r
F o o t p r in t in g a n d R e c o n n a is s a n c e
Network Administrator. Active Directory C u n *.
E K h in g •
MD
17123M546706
42319173004
Design and vnpiemert Ik Iv k iI ukA ooi on M Mnd9K i
Boca Raton. FL 33417
JofcSUhn
0
rT/S * a r e Development
,gitfgiT.te
« g —
> ______________
Support ♦using VWndows
ncto*ng V M
Directory 2003. SMS. SUS. C1»«
SOL Server. SOL
C M * * . Ewhange 55. Eahange 2003. VH ware. Vertas
backup i04wir«. h court and M « n securty. [ ‫» ו » ו ו י‬
Recwery wivkm . RMO technologies. and F«re/SAN <*s*
KMlorU■
E
facebook
• 5 or more years experience wortang n IT *nplemerAng and
supportng a glottal business
> Pnor npenerxt r Wppdtng a global W» dM I St r m and
Doma* Infrastoxtiire
‫י‬
*nplementng and supportng
D w lw y. C#t>
Metalrame. SOL Server. SOL Ctaster. DNS. DHCP. WHS. and
Etthange 2003 m an Enlerpnse ecMronmert
‫ י‬Vny strong systems toutirsiioolng staffs
‫ י‬Eipenenc* m provMkng 24-hour support to a global enlerpnse
as part of an orvcal rotaton
• Effectwe interpersonal staffs wdh fie abffffr to be persuasae
• OVwr staffs Bmttng Effect*■* Teams. Acton Onerted Pttr
Relaffonships, Customer Focus. Pnortr Seteng. ProWeffi
SoMng, and Business Acumen
‫ ן‬Bachelor***■* Degree or equivalent eipenence
‫ י‬MCSE (2003) certtcafton a plus. Cffra Certffkabon a plus
FIGURE 2 .1 2 : G a th e rin g in fo r m a tio n th r o u g h Job w e b s ite s
U s u a lly a tta c k e r s lo o k f o r t h e f o llo w in g in f o r m a t io n :
•
Job re q u ire m e n ts
•
E m p lo y e e 's p r o file
•
H a rd w a re in fo rm a tio n
•
S o ftw a re in fo rm a tio n
E x a m p le s o f jo b w e b s ite s in c lu d e :
Q
h ttp / /w w w . m o n s te r.c o m
Q
h t t p / / w w w . c a r e e r b u ild e r.c o m
S
h ttp / / w w w .d ic e .c o m
-C
h ttp / / w w w .in d e e d .c o m
Q
h t t p / / w w w . u s a jo b s .g o v
a
M o d u le
4- ‫׳‬
4- ‫׳‬
CD
S
/ / w w w .s im p lv h ire d .c o m
02 P a g e 133
E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s C o p y r ig h t © b y E C -C
0U n C il
A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d .
E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s
Exam
312-50 C e r t i f i e d
E t h ic a l H a c k e r
F o o t p r in t in g a n d R e c o n n a is s a n c e
Monitoring Target Using Alerts
E x a m p le s of A lert S e rv ic e s
Alerts are the content m onitoring services
th a t provide up-to-date inform ation based
M
“
o n i t o r i n g
A le rts
in fo rm a tio n
a re
based
th e
on
T a r g e t s
c o n te n t
your
U s i n g
m o n ito rin g
p re fe re n c e ,
CEH
A l e r t s
s e rv ic e s
u s u a lly v ia
th a t
e m a il
p ro v id e
or SMS.
a u to m a te d
In o r d e r t o
u p -to -d a te
g e t a le rts , y o u
n e e d t o re g is te r o n th e w e b s ite a n d y o u s h o u ld s u b m it e ith e r an e m a il o r p h o n e n u m b e r t o th e
s e rv ic e . A tta c k e r s ca n g a th e r th is s e n s itiv e
in fo rm a tio n
fro m
th e
a le r t s e rv ic e s a n d
u s e it f o r
f u r t h e r p ro c e s s in g o f a n a tta c k .
I ^ jl
G o o g le
A le r ts
S o u rce : h ttp ://w w w .g o o g le .c o m /a le r ts
G o o g le
A le rts
c o n te n t fro m
is
a
c o n te n t
m o n ito rin g
s e rv ic e
th a t
a u to m a tic a lly
n o tifie s
u s e rs
when
new
n e w s , w e b , b lo g s , v id e o , a n d / o r d is c u s s io n g r o u p s m a tc h e s a s e t o f s e a rc h t e r m s
s e le c te d b y th e u s e r a n d s to re d b y th e G o o g le A le rts s e rv ic e .
G o o g l e A l e r t s a id s in m o n i t o r i n g a d e v e l o p i n g n e w s s t o r y a n d k e e p i n g c u r r e n t o n a c o m p e t i t o r
o r in d u s try .
M o d u le
02 P a g e 134
E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s C o p y r ig h t © b y E C -C
0U n C il
A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d .
E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s
Exam
312-50 C e r t i f i e d
E t h ic a l H a c k e r
F o o t p r in t in g a n d R e c o n n a is s a n c e
C o o g i• A lert • Security N ew *
G
o o g l e
A le rts
Tkta
lu ilo n i bkokad HiMyc■.
27new results •j
New»
Security News
1
Sinae Ra a 1a Land Dtaflli-Bteftla A jia d a la n trC iic lg
S e a rch query
N#vr Yoric Time*
BEIRUT Lebanon — The hilling on Wednesday of President Bashat al-Assads key
security aides ‫ וזי‬a brazen bombog attack close to Mr Assads own res«d©nce. called H»Yaft Trei
into question the ability of a government that depends on an insular group of loyalists to
S e c u rity N ew s
S t t «!
R e su lt type
How often
H ow many:
?ft
San Jose Mercury Mews
Turns out < Mas 3s easy as using a rug to scale a razor *iro topped security fence at a small Utah
arpoit in the rroddie cf night slipping past security bearding an idle empty S0-passeog?r SlcyWest
Airhnes )«t and rewng up the engines. He Clashed the ...
Once a day
? te n t; gn thi?
Only the b est re su lts
BEIRUT'AMMAN (Reuters) - Mystery surrounded the whereabouts of Syr an President Basha* 31Assad cn Thursday a day after 3 oomoer killed and wounded his security cnefs and rebels closed
in on the centre of Damascus vowing to *liberate" the capital.
@ ya ho o c o m
CREATE ALERT
.
K
ti-StanfltASMiantramMiiajmutmaaostmi
Reuters
5 1 9 ?tpnts ?‫»ח‬
.h?
Your email
te a t r
Everything
>
SlfM Lgflfofg InPCT
Manage your alerts
W al Street Journal
BEIRUT—Syrian rebels pierced the innermost circle 01 President Bashar a -Asssds
regime wKh a bomb blast that kiled thiee riigh-lewl officials and raised questions about
the aMity of the courftry's security forces to sustain the embattled government Syne
w ii stmt
a —<
FIGURE 2.13: Google Alert services screenshot
Yahoo!
A le rts
is
a v a ila b le
at
h ttp ://a le rts .y a h o o .c o m
and
G ig a
A le rt
is
a v a ila b le
at
h t t p : / / w w w . g ig a a le r t . c o m : th e s e a re t w o m o r e e x a m p le s o f a le r t s e rv ic e s .
M o d u le
02 P a g e 135
E t h i c a l H a c k i n g a n d C o u n t e r m e a s u r e s C o p y r i g h t © b y E C - C O lM C il
A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d .
E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s
Exam
312-50 C e r t i f i e d
E t h ic a l H a c k e r
F o o t p r in t in g a n d R e c o n n a is s a n c e
Footprinting Methodology
CEH
Footprinting through Search
Engines
WHOIS Footprinting
Website Footprinting
DNS Footprinting
Email Footprinting
Network Footprinting
Competitive Intelligence
Footprinting through Social
Engineering
Footprinting using Google
Footprinting through Social
Networking Sites
Copyright © by EG-G(IIIICil. All Rights Reserved. Reproduction is Strictly Prohibited.
F o o t p r i n t i n g
M
e t h o d o l o g y
So fa r, w e h a v e d is c u s s e d t h e fir s t s te p o f f o o t p r in t in g
v ia s e a rc h
e n g in e s .
Now
we
w ill d is c u s s w e b s it e
fo o tp rin tin g .
fir s t p la c e w h e r e y o u ca n g e t s e n s itiv e in f o r m a t io n
p e r s o n s in t h e c o m p a n y , u p c o m i n g
fo o tp rin tin g
c o n c e p t,
m irro rin g
m e t h o d o l o g y , i.e ., f o o t p r i n t i n g
An
o r g a n iz a tio n 's
w e b s ite
is a
s u c h as n a m e s a n d c o n ta c t d e ta ils o f c h ie f
p r o je c t d e ta ils , a n d so o n . T h is s e c tio n c o v e rs t h e w e b s it e
w e b s ite s , th e
to o ls
used
fo r
m irro rin g ,
and
m o n ito r in g
w eb
u p d a te s .
M o d u le
02 P a g e 136
E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s C o p y r ig h t © b y E C -C
0U n C il
A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d .
E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s
Exam
312-50 C e r t i f i e d
E t h ic a l H a c k e r
F o o t p r in t in g a n d R e c o n n a is s a n c e
CEH
W e b s ite F o o t p r in t in g
Information obtained from target's website enables an attacker to
build a detailed map of website's structure and architecture
Browsing the target website may provide:
-
Software used and its version
t
Operating system used
t:
Sub-directories and parameters
t
Filename, path, database field name, or query
-
Scripting platform
Contact details and
CM S
details
Use Zaproxy, Burp Suite, Firebug, etc. to view
headers that provide:
w
Connection status and content-type
~
Accept-Ranges
-
Last-Modified information
t;
X-Powered-By information
Web server in use and its version
W
e b s i t e
I t is
F o o t p r i n t i n g
p o s s ib le
fo r
an
a tta c k e r to
b u ild
a d e ta ile d
m ap
o f a w e b s ite 's
s tru c tu re
and
a r c h i t e c t u r e w i t h o u t ID S b e i n g t r i g g e r e d o r w i t h o u t r a i s i n g a n y s y s a d m i n s u s p i c i o n s . It c a n b e
a c c o m p lis h e d e i t h e r w i t h t h e h e lp o f s o p h is t ic a t e d f o o t p r i n t i n g t o o ls o r j u s t w i t h t h e b a s ic t o o ls
t h a t c o m e a lo n g w it h th e o p e r a tin g s y s te m , s u c h as t e ln e t a n d a b r o w s e r .
U s i n g t h e N e t c r a f t t o o l y o u c a n g a t h e r w e b s i t e i n f o r m a t i o n s u c h a s IP a d d r e s s , r e g i s t e r e d n a m e
a n d a d d re s s o f th e d o m a in o w n e r, d o m a in
m ay
not
g iv e
a ll
th e s e
d e ta ils
fo r
e ve ry
n a m e , h o s t o f t h e s ite , O S d e ta ils , e tc . B u t t h is t o o l
s ite .
In
such
cases,
you
s h o u ld
b ro w se
th e
ta rg e t
w e b s ite .
B ro w s in g th e ta r g e t w e b s ite w ill p ro v id e y o u w ith th e fo llo w in g in fo r m a tio n :
Q
S o ftw a re
used
and
its v e r s i o n : Y o u
can fin d
n o t o n ly th e
s o ftw a re
in u s e b u t a ls o t h e
v e rs io n e a s ily o n t h e o f f - t h e - s h e lf s o f t w a r e - b a s e d w e b s ite .
Q
O p e r a t in g s y s t e m u s e d : U s u a lly t h e o p e r a t in g s y s t e m c a n a ls o b e d e t e r m i n e d .
9
S u b -d ire c to rie s a n d
p a ra m e te rs : Y ou can re v e a l th e s u b -d ire c to rie s a n d
p a ra m e te rs by
m a k i n g a n o t e o f a ll t h e U R L s w h i l e b r o w s i n g t h e t a r g e t w e b s i t e .
M o d u le
02 P a g e 137
E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s C o p y r ig h t © b y E C -C
0U n C il
A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d .
E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s
Exam
312-50 C e r t i f i e d
E t h ic a l H a c k e r
F o o t p r in t in g a n d R e c o n n a is s a n c e
F ile n a m e ,
p a th ,
d a ta b a s e
fie ld
nam e,
or
q u e ry :
You
s h o u ld
a n a ly z e
a n y th in g
a fte r
a
q u e r y t h a t lo o k s lik e a f i le n a m e , p a t h , d a t a b a s e f ie ld n a m e , o r q u e r y c a r e f u lly t o c h e c k
w h e t h e r it o ffe rs o p p o r t u n it ie s f o r SQ L in je c tio n .
-‫י‬
S c rip tin g
p la tfo rm : W ith
th e
h e lp o f th e
s c rip t file n a m e
e x te n s io n s su ch
as .p h p , .a s p ,
. j s p , e t c . y o u c a n e a s i l y d e t e r m i n e t h e s c r i p t i n g p l a t f o r m t h a t t h e t a r g e t w e b s i t e is u s i n g .
S
C o n ta c t d e ta ils a n d C M S d e ta ils : T h e c o n ta c t p a g e s u s u a lly o f f e r d e ta ils s u c h as n a m e s ,
phone
n u m b e rs , e m a il a d d re s s e s , a n d
use th e s e d e ta ils t o p e r fo r m
C M S s o ft w a r e a llo w s
lo c a tio n s
o f a d m in
or su p p o rt
p e o p le . Y ou
can
a s o c ia l e n g in e e r in g a tta c k .
U R L r e w r i t i n g in o r d e r t o d is g u is e t h e
s c rip t file n a m e e x te n s io n s .
In t h i s c a s e , y o u n e e d t o p u t l i t t l e m o r e e f f o r t t o d e t e r m i n e t h e s c r i p t i n g p l a t f o r m .
U s e P a ro s P ro x y , B u r p S u ite , F ire b u g , e tc . t o v i e w h e a d e r s t h a t p r o v id e :
Q
C o n n e c tio n s ta tu s a n d c o n te n t-ty p e
Q
A c c e p t-ra n g e s
©
L a s t-M o d ifie d in fo r m a tio n
Q
X -P o w e re d -B y in fo rm a tio n
©
W e b s e r v e r in u s e a n d its v e r s i o n
S o u rce : h ttp ://p o r ts w ig g e r .n e t
T h e f o l l o w i n g is a s c r e e n s h o t o f B u r p S u i t e s h o w i n g h e a d e r s o f p a c k e t s i n t h e i n f o r m a t i o n p a n e :
FIGURE 2.14: Burp Suite show ing headers o f packets in th e in fo rm a tio n pane
M o d u le
02 P a g e 138
E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s C o p y r ig h t © b y E C -C
0U n C il
A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d .
E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s
Exam
312-50 C e r t i f i e d
E t h ic a l H a c k e r
F o o t p r in t in g a n d R e c o n n a is s a n c e
W e b s it e F o o t p r i n t i n g
CEH
Urt1fw4
( C o n t ’d )
Examining HTML source provides:
ilh iu l lUtbM
Examining cookies may provide:
© Comments in the source code
6 Software in use and its behavior
9 Contact details of web developer or admin
© Scripting platforms used
© File system structure
9 Script type
Copyright © by EG-G(IIIICil. All Rights Reserved. Reproduction is Strictly Prohibited.
W
e b s i t e
F o o t p r i n t i n g
( C
o n t ’ d )
E x a m in e t h e H T M L s o u rc e c o d e . F o llo w t h e c o m m e n t s t h a t a re e it h e r c r e a te d b y t h e
C M S s y s te m o r in s e rte d
w h a t 's r u n n i n g in t h e
m a n u a lly . T h e s e c o m m e n t s m a y p r o v id e c lu e s t o h e lp y o u u n d e r s t a n d
b a c k g r o u n d . T h is m a y e v e n p r o v id e c o n t a c t d e ta ils o f t h e w e b
a d m in o r
d e v e lo p e r.
O b s e r v e a ll t h e
to
reve a l th e
li n k s a n d i m a g e t a g s , in o r d e r t o m a p t h e f i l e s y s t e m s t r u c t u r e . T h is a l l o w s y o u
e x is te n c e o f h id d e n
d ir e c t o r ie s a n d file s . E n te r f a k e d a t a
to
d e te rm in e
h o w th e
s c rip t w o rk s .
M o d u le
02 P a g e 139
E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s C o p y r ig h t © b y E C -C
0U n C il
A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d .
E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s
Exam
312-50 C e r t i f i e d
E t h ic a l H a c k e r
F o o t p r in t in g a n d R e c o n n a is s a n c e
T
1
1
1
V e w « j u < e w w w j n <rc•.
C
ft
T
H
‫ץ‬
© view sourivwww.microsoft.com en-us/defaultaspx
f t
\
A
I
21< ' DOCTYPC hriwi PUBLIC • —/ /W3C//DTD XHTML 1*0 Trtnsicififltl//CNa
s < h t m l d i r ‫ " ־‬l t r " l a n g “ ‫ ״‬e n • x m l : l a r . g “ * e r.■ x m l n s “ ‫ ״‬h t t p : / / w w w . w 3 . o r g / 1 9 9 9 / x h t m l •
x m l n s : b ~ ' u r n : s c h e m a s - m c r o s o f t - c o m : m s c o m : b *>
« < h e a d x t tle >
M i c r o s o f t C o r p o r a t i o n : S o f t w a r e , S m a r t p h o n e s , O n l i n e , S a x e s , C lo u d
C o m p u tin g , IT B u s i n e s s T e c h n o lo g y , D o w n lo a d s
0 < / t l t l e x m e t a h t t p - e q u i v 'X - U A - C o s p a t l b l e ■ c o n t e n t • “ I E - 1 0 * / x m e t a h t t p e q u v ” "C n t e n t - T y p e ” c o n t e n t ~ * t e x t / h t m l : c ! i a r s e t “ u t f - 8 " / x m e t a h t t p e q ‫ ״‬v * " X -U A -IE 9 -T e x tL a y c u tM e trie s * c o n t e n t« " s n a p - v e r t c a l " />
‫ ־‬o e n p t ty p e ‫ " ״‬t e x t ^ a v a s c n p t - >
v a r Q o s I n i t T i m e ■ < new D a t e ( ) ) • g e t T i m e ( ) ;
9 v a r Q o s L o a d T im * • • ‫; י‬
v a r Q o s P a g e U n • e n c o d e U R I ( w in d o w , l o c a t i o n ) ;
v a r Q o sB a se S rc • w in d o w .l o c a t io n .p r o to c o l ♦
‫ י‬/ / e . 1 E i c r o ‫ צ‬o f t . c o m / t r a n ^ _ p l x e l . a 3 p x ? r o u t e * 6 4 D E ^ c t r l - 9 C 5 A 4 t z • ‫ י‬+ ( (n e w
D a t e ( ) ) . g e t T i m e z o n e O f f s e t () / 6 0 ) ♦ • t c o t - S t q o s . u n ■ • ♦ Q o s P a g e tJ r i;
d o c u m e n t.w rite ( " c lin k r e l ” " 3 ty le s h e e t■ ty p e “ ‫ ״‬t e x t / c s s • h r e f • " ' ♦
Q o s S u ild U rl( • l n i t ‘ ) ♦ • " / > ') ;
f u n c t i o n Q o s B u ild U n (n ) (
14
v a r t i m e » (n e w D a t e ( ) ) . g e t T u s e ( ) ;
v a r c d - w in d o w .c o o k ie D is a b le d ;
i f (ty p e o f cd “
* u n d e f in e d * )
cd • 1 ; / / D e f a u lt t o 1 (c o o k ie s d is a b le d ) i f th e w ed cs s c r i p t h a s
not se t i t yet
r e t u r n Q o sB a se S rc ♦ * t e d • ' • c d ♦ • t q o s . t i ■ ' ♦ Q o s I n itT m e ♦ • 4 t s ■ ' ♦
t i m e + , * q o s . t l “ • ♦ Q o s L o a d T lm e ♦ • i q o s . n • 1 ♦ n ;
1
1
1
1
1
1
0
1
t»l }
v
FIGURE 2 .1 5 : S c re e n s h o t s h o w in g M ic ro s o ft s c rip t w o rk s
E x a m in e c o o k ie s s e t b y t h e s e r v e r t o d e t e r m i n e t h e s o f t w a r e r u n n i n g a n d its b e h a v i o r . Y o u c a n
a ls o i d e n t i f y t h e s c r i p t in p l a t f o r m s b y o b s e r v i n g s e s s io n s a n d o t h e r s u p p o r t i n g c o o k i e s .
X
Cook** ar*d site data
Sit•
Remove •fl
Locally stored data
Od«yM<u(1(y.(0<n
3 (oobn
100bcttbuy.com
2 coobes
Search cookies
A
N«me
_utmx
Content.
192B742S2.1342a46«22.1.1 utmcs‫ ״‬lOOmoney ‫״‬n|utmccn‫־‬
(r«fen*l>futmcmd=refen*ljutmcct‫' ־‬lendmg/moneydeel•
Domim
>««■»*>
.100bestbuy.com
P«th
/
Send for
Aity bnd of connection
Accrv.4>teto script
Yes
Created
Monday. Juty 16. 2012 &S3^1 AM
bp*•*:
Mondey. Jjnu.ry U. 2013 *5341 PM
y
Remove
www.tOObestbuy.com
1cookie
www.100nests.com
1 cook*
125rf.com
}co«bet
www.t23d.com
2 cootaes. Local storage
v
OK
FIGURE 2 .1 6 : S h o w in g d e ta ils a b o u t th e s o ftw a re ru n n in g in a s y s te m b y e x a m in in g c o o kie s
M o d u le
02 P a g e 140
E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s C o p y r ig h t © b y E C -C
0U n C il
A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d .
E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s
Exam
312-50 C e r t i f i e d
E t h ic a l H a c k e r
F o o t p r in t in g a n d R e c o n n a is s a n c e
M i r r o r i n g E n t ir e W e b s ite
J
Mirroring an entire website onto the local system enables an attacker to dissect and identify
vulnerabilities; it also assists in finding directory structure and other valuable information
without multiple requests to web server
J
Web mirroring tools allow you to download a website to a local directory, building recursively
all directories, HTML, images, flash, videos, and other files from the server to your computer
O rig in a l W e b site
CEH
M irro re d W e b s ite
Copyright © by EG-G(IIIICil. All Rights Reserved. Reproduction is Strictly Prohibited.
1‫־‬
‫ך‬
M
i r r o r i n g
W e b s ite
T h is c a n
a n
m irro rin g
be d o n e w ith
th e
E n t i r e
is t h e
h e lp
W
e b s i t e
p ro c e s s o f c r e a tin g a n e x a c t re p lic a
of web
o f th e
o rig in a l w e b s ite .
m ir r o r in g to o ls . T h e s e to o ls a llo w y o u
to
d o w n lo a d
a
w e b s i t e t o a lo c a l d i r e c t o r y , r e c u r s i v e l y b u i l d i n g a ll d i r e c t o r i e s , H T M L , i m a g e s , f l a s h , v i d e o s a n d
o t h e r file s f r o m
th e s e rv e r to y o u r c o m p u te r.
W e b s ite m ir r o r in g has th e f o llo w in g b e n e fits :
Q
I t is h e l p f u l f o r o f f l i n e s i t e b r o w s i n g .
W e b s i t e m i r r o r i n g h e lp s in c r e a t i n g a b a c k u p s it e f o r t h e o r i g i n a l o n e .
Q
A w e b s ite c lo n e c a n b e c re a te d .
Q
W e b s ite
m irro rin g
is
u s e fu l
to
te s t
th e
s ite
at
th e
tim e
of
w e b s ite
d e s ig n
and
d e v e lo p m e n t.
Q
M o d u le
I t is p o s s i b l e t o d i s t r i b u t e t o m u l t i p l e s e r v e r s i n s t e a d o f u s i n g o n l y o n e s e r v e r .
02 P a g e 141
E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s C o p y r ig h t © b y E C -C
0U n C il
A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d .
E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s
Exam
312-50 C e r t i f i e d
E t h ic a l H a c k e r
F o o t p r in t in g a n d R e c o n n a is s a n c e
O rig in a l W e b s ite
M irro re d W e b s ite
FIGURE 2.17: JuggyBoy's O riginal and M irro re d w e b site
M o d u le
02 P a g e 142
E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s C o p y r ig h t © b y E C -C
0U n C il
A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d .
E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s
Exam
312-50 C e r t i f i e d
E t h ic a l H a c k e r
F o o t p r in t in g a n d R e c o n n a is s a n c e
W e b s i t e M i r r o r i n g T o o ls
W
e b s i t e
M
i r r o r i n g
H T T r a c k
©
CEH
T o o ls
W e b
S ite
C o p ie r
S o u rce : h ttp ://w w w .h ttr a c k .c o m
H T T r a c k is a n o f f l i n e b r o w s e r u t i l i t y . I t a l l o w s y o u t o d o w n l o a d a W o r l d W i d e W e b s i t e f r o m t h e
In te rn e t to
a
lo c a l
o t h e r file s f r o m
d ire c to ry ,
b u ild in g
re c u rs iv e ly
a ll
d ire c to rie s ,
g e ttin g
HTM L,
im a g e s ,
t h e s e rv e r t o y o u r c o m p u t e r . H T T ra c k a rra n g e s t h e o rig in a l s ite 's r e la t iv e lin k -
s t r u c t u r e . O p e n a p a g e o f t h e " m i r r o r e d " w e b s i t e in y o u r b r o w s e r , b r o w s e t h e s i t e f r o m
lin k ,
and
you
and
can
v ie w
th e
s ite
as
if y o u
w e re
o n lin e .
H T T ra ck
can
a ls o
u p d a te
an
lin k t o
e x is tin g
m i r r o r e d s ite , a n d r e s u m e in t e r r u p t e d d o w n lo a d s .
M o d u le
02 P a g e 143
E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s C o p y r ig h t © b y E C -C
0U n C il
A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d .
E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s
312-50 C e r t i f i e d
Exam
E t h ic a l H a c k e r
F o o t p r in t in g a n d R e c o n n a is s a n c e
‫י פ ד‬
Site mirroring in pfogress (2/2.10165 bytes) - [FR.wt1tt]
File
Preference‫״‬.
Mirrcx
Log
W indow
Help
Sjy lo<«^
Mi
s i. N
»
Wormetion
8) i. p I
Bi
ByletM ved
Tim•
Tmnrfer rat•
■
Act** com ectcr*
992*6
221
Im fcsK jn rv d
2/2
‫ו‬
» / ‫ > י‬5»9&/«(
2
Fte»cpd*ed
0
0
W (Action•
"WBtwirconi
"
cont4»w«con <©
FIGURE 2.18: HTTrack Web Site Copier Screenshot
S u r f O f flin e
S o u rce : h ttp ://w w w .s u r fo fflin e .c o m
S u rfO fflin e
w e b s ite s
is
and
a
w e b s ite
d o w n lo a d
d o w n lo a d w e b
pages
s o ftw a re .
to
your
lo c a l
The
s o ftw a re
h a rd
d riv e .
a llo w s
A fte r
you
to
d o w n lo a d e n tire
d o w n lo a d in g
th e
ta rg e t
w e b s i t e , y o u c a n u s e S u r f O f f l i n e a s a n o f f l i n e b r o w s e r a n d v i e w d o w n l o a d e d w e b p a g e s in it. If
y o u p r e f e r t o v i e w d o w n l o a d e d w e b p a g e s in a n o t h e r b r o w s e r , y o u c a n u s e t h e E x p o r t W i z a r d .
S u r f O f f l i n e ' s E x p o r t W i z a r d a ls o a l l o w s y o u t o c o p y d o w n l o a d e d w e b s i t e s t o o t h e r c o m p u t e r s in
o rd e r to v ie w th e m
la te r a n d p re p a re s w e b s ite s f o r b u rn in g t h e m t o a CD o r D V D .
J
SurfOffline Professional 2.1 Unregistered trial version. You have 30 day(s) left
F.4e
View
iL
Projects
£)
8rowver
Zi
I ** 1 ° 1 x
HHp
O
Hi> O
^
$
O Q j j
O Promts
<5 New Project
JuggyboyQ uestion the Rules
+
1m
1: http:.‫'׳‬/www-juggyb...
P fo y w i
Set
Sutus
Connecting
Loaded b y t«
0
0
2: http7/www^u9gyb—
0
0
Conra tin g
J: http--//www.;1>ggyb...
0
0
Connecting
* http,/ / www /uggyfe..
0
0
0
0
Connecting
Connecting
S: http://wwwjuggyb .
■
+
_______________________S>m.«g 0
10*6*4 11
Queued S1
v
(1 <tem(*) rem*rfMng) Downloading p*ctu»ehttp‫־‬.//ww
J
1
FIGURE 2.19: SurfOffline screenshot
B la c k W
id o w
S o u rce : h ttp ://s o ftb v te la b s .c o m
M o d u le
02 P a g e 144
E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s C o p y r ig h t © b y E C -C
0U n C il
A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d .
E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s
Exam
312-50 C e r t i f i e d
E t h ic a l H a c k e r
F o o t p r in t in g a n d R e c o n n a is s a n c e
B la c k W id o w
is a w e b s i t e s c a n n e r f o r b o t h e x p e r t s a n d b e g i n n e r s .
It s c a n s w e b s i t e s ( it's a s ite
r i p p e r ) . It c a n d o w n l o a d a n e n t i r e w e b s i t e o r p a r t o f a w e b s i t e . It w i l l b u i l d a s it e s t r u c t u r e f ir s t ,
a n d t h e n d o w n l o a d s . It a llo w s y o u t o c h o o s e w h a t t o d o w n l o a d f r o m
M o d u le
02 P a g e 145
th e w e b s ite .
E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s C o p y r ig h t © b y E C -C
0U n C il
A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d .
E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s
312-50 C e r t i f i e d
Exam
E t h ic a l H a c k e r
F o o t p r in t in g a n d R e c o n n a is s a n c e
X
1
M a o w A C o t p o r j B o n S c f t m n . V i w l c t o n n O r t n r G m v Clau d C a n c u in a It l u v n r t i T « t t n o io v r O om H o^t
l« W M »
^ »■ — [()»■ 0|V»»
' f j l « « t n g liw 1* • m
2J***'‫״‬
‫״‬
‫י‬
S ’**■
U h jh
W e lc o m e t o M ic ro s o ft
* o* u cta
00
» « e *d
1
S*o^ »
Support
•wy
FIGURE 2.20: SurfOffline screenshot
W
e b r ip p e r
S o u rce : h ttp ://w w w .c a llu n a - s o ftw a r e .c o m
W e b R i p p e r is a n
In te rn e t sca n n e r and
d o w n lo a d e r.
v id e o s , a u d io , a n d e x e c u ta b le d o c u m e n ts f r o m
t o f o l l o w t h e lin k s in a ll d i r e c t i o n s f r o m
It d o w n l o a d s
m a s s iv e a m o u n t o f im a g e s ,
a n y w e b s ite . W e b R ip p e r uses s p id e r - te c h n o lo g y
t h e s ta r t- a d d r e s s . It filte r s o u t t h e in t e r e s t in g file s , a n d
a d d s th e m to th e d o w n lo a d - q u e u e fo r d o w n lo a d in g .
Y o u c a n r e s tr ic t d o w n lo a d e d ite m s b y file ty p e , m in im u m
file , m a x i m u m file , a n d im a g e s iz e . A ll
t h e d o w n lo a d e d lin k s c a n a ls o b e r e s t r ic t e d b y k e y w o r d s t o a v o id w a s t in g y o u r b a n d w i d t h .
Wrt>R»ppef 0 3 - Copyright (0 200S-2009 - StmsonSoft
Ne M>
T00H *dp
□ H■!►Ixl ^|%| ®
F<xsy3Mm
0S am sonS oft
fiwemgW••
SucceeAiMee
fM ta
Seemed page•
Sutfcv*
Selected!ot
^
T a rg e te d [w w w !u q q y b o y c o m )634782117892930200
Oowteed* |
Sodtn|
St«je
Rcojetfng header
ReojeCng header
f'egjeang herter
Reaietfrg header
Kcojetfng header
| Log
\
‫ז מ ג צי‬
“Cp W •
car, * p e tix T c tr 5ng
■Cp 1‫ ״‬wti p jy o y cot n. conrw.‫ מ י מ י‬f
mp WwfjgyK-y comvjxwwonShewe* e.
tip /»w« pgsftcy car. ltd
rflp/Afww^jggytoy camHe* artarxatrtage*.
W e b R ip p e r
Th e ultim ate tool fo r wehsite ripping
001W Mai
0 12KES
FIGURE 2.21: Webripper screenshot
M o d u le
02 P a g e 146
E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s C o p y r ig h t © b y E C -C
0U n C il
A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d .
E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s
Exam
312-50 C e r t i f i e d
E t h ic a l H a c k e r
F o o t p r in t in g a n d R e c o n n a is s a n c e
W e b s i t e M i r r o r i n g T o o ls
(E H
( C o n t ’d )
Website Ripper Copier
o
PageNest
‫ן‬
http://www.tensons.com
http://www.pagenest.com
Teleport Pro
Backstreet Browser
http://www.tenmax.com
http://www.spadixbd.com
Portable Offline Browser
Urt.fi•* | ttk.ul Mm Im
,__
Offline Explorer Enterprise
http://www.metaproducts.com
http://www.metaproducts.com
Proxy Offline Browser
GNU Wget
http://www.proxy-offline-browser.com
http://www.gnu.org
iMiser
http://internetresearchtool.com
«
Hooeey Webprint
I 2‫־‬A Z J
http://www.hooeeywebprint.com
Copyright © by EG-G*ancil. All Rights Reserved. Reproduction is Strictly Prohibited.
W
In
e b s i t e
a d d itio n
M
to
i r r o r i n g
th e
w e b s ite
T o o l s
m irro rin g
( C
to o ls
o n t ’ d )
m e n tio n e d
p re v io u s ly ,
a fe w
m o re
w e ll-
k n o w n to o ls a re m e n tio n e d as fo llo w s :
9
W e b is te R ip p e r C o p ie r a v a ila b le a t h t t p : / / w w w . t e n s o n s . c o m
£
T e le p o r t P ro a v a ila b le a t h t t p : / / w w w . t e n m a x . c o m
©
P o rta b le O fflin e B r o w s e r a v a ila b le a t h t t p : / / w w w . m e t a p r o d u c t s . c o m
Q
P ro x y O fflin e B r o w s e r a v a ila b le a t h t t p : / / w w w . p r o x y - o f f lin e - b r o w s e r . c o m
Q
iM is e r a v a ila b le a t h t t p :/ / in t e r n e t r e s e a r c h t o o l.c o m
©
P a g e N e s t a v a ila b le a t h t t p : / / w w w . p a g e n e s t . c o m
0
B a c k s tre e t B r o w s e r a v a ila b le a t h t t p : / / w w w . s p a d ix b d . c o m
©
O fflin e E x p lo re r E n te rp ris e a v a ila b le a t h t t p : / / w w w . m e t a p r o d u c t s . c o m
9
G N U W g e t a v a ila b le a t h t t p : / / w w w . g n u . o r g
H o o e e y W e b p r in t a v a ila b le a t h t t p : / / w w w . h o o e e y w e b p r in t . c o m
M o d u le
02 P a g e 147
E t h i c a l H a c k i n g a n d C o u n t e r m e a s u r e s C o p y r i g h t © b y E C - C O U I I C il
A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d .
E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s
Exam
312-50 C e r t i f i e d
E t h ic a l H a c k e r
F o o t p r in t in g a n d R e c o n n a is s a n c e
Copyright © by EG-G(IIIICil. All Rights Reserved. Reproduction is Strictly Prohibited.
E
I
---------------A rc h iv e
E x t r a c t
h t t p :7 / w
W
w
e b s i t e
w
I n f o r m
a t i o n
f r o m
. a r c h i v e . o r g
is a n I n t e r n e t A r c h i v e W a y b a c k M a c h i n e t h a t a l l o w s y o u t o v i s i t a r c h i v e d v e r s i o n s o f
w e b s ite s . T h is a llo w s y o u t o g a t h e r in f o r m a t io n o n a c o m p a n y 's w e b p a g e s s in c e t h e ir c r e a tio n .
As th e w e b s ite w w w .a r c h iv e .o r g ke e p s tra c k o f w e b p ages fr o m
th e tim e o f th e ir in c e p tio n , y o u
can re trie v e e v e n in fo rm a tio n th a t has b e e n re m o v e d fr o m th e ta r g e t w e b s ite .
M o d u le
02 P a g e 148
E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s C o p y r ig h t © b y E C -C
0U n C il
A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d .
E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s
Exam
312-50 C e r t i f i e d
E t h ic a l H a c k e r
F o o t p r in t in g a n d R e c o n n a is s a n c e
~ ‫\~כ‬
»‫־־‬wayback.arch1vc.org'.)C
!‫' ' וו‬
ii
‫ ־‬: rosottxon
‫!■י י‬http://microsoft.com
\
J!" *
G o W a y to a c k l
1».h
t
3
7 8
9 1•
14
15
13
14 15
16 17
131415‫־‬517 18
10
11 12 13
19 J0j21
22
20
21 22 23 24
20 212223 24 25
17
18 19 20
21 22
23
23 24 25 26 ‫׳‬7 28 29
27
28
2758293•
24
23 26 27‘
28 29
30
9
10 11
16 17
18
12 13
30
31
1
23
•
9 1 0 )1 1
ft
7
9
10 11 12
14 15 16
MAY
45
6
7
12
13
14
5
<
10
11
12
13 14 15 16
17
18
10
19
20 21 ?2 2)
)4
25
17
26
27 28 29 3«
24
15
16 17
18 19
20
21
22
23 24
26 26
27
28
29
30 31
ft
7
8
101112
11 12 13
U
15
16
14
15
16 171919
1• 1® 20
21
22
23
31
22
23 24252»
75 26 27
2•
29
30
?8
29
30 31
FIGURE 2 .2 2 : In te r n e t A rc h iv e W a y b a c k M a c h in e s c re e n s h o t
M o d u le
02 P a g e 149
E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s C o p y r ig h t © b y E C -C
0U n C il
A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d .
E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s
Exam
312-50 C e r t i f i e d
E t h ic a l H a c k e r
F o o t p r in t in g a n d R e c o n n a is s a n c e
MonitoringWebUpdates Using
WebsiteWatcher
W ebsite W atcher auto m a tica lly checks w eb pages fo r updates and changes
1
[ *
WebSite-Watcher 2012(112)
goot/narks £h«ck Took Jcnpt
Qptioni
y*ew fcjelp
a|
.cockmartcwsw.
28 days available
Byy Now
‫ם‬
j
♦l₪l^ rs
change
SignIn
http:Vww1At.hotmail.com
fAcrosoft Corpotatioru Software ... http://www.rn!uoicft com
2012-07-18 1&2&22
—WebS«»e-Watch«f - Download
http-7/www a^necom'dovmlea 200®-10-07 15515-27
WebSrte-Watcher - Support Forum http:/‫»'׳‬vww.a gne .com'fo»v»n'1 - 20CS-10-C7 15744:4s
11
Statu*
Warning: wtiole content _
CK. mibafccril Redirection
OK
CK.php882 Plugin ptoCm.
1
e. Slay In
W e b S ite - W a tc h e
H chpp
rpjjuw
Scfp^rwhot*;
Last check
15:1-4
2012-07-18 16:2*33
2008-10-07 15:4*30
2008-10-07 15:44:49
VWo<
Cown<o.*d'.
Buy Now
Siionoft
Download W rbSite-W alctwr
WnbSlte• Wrtt< h r r 4 .4?
I D o w lo ai | (4.3 *6)
21-hit• 00‫•ג‬
|w > rrf | ( o MB)
1
Sy«»‫׳‬n: MTintx/MaftfTA/2000/200VXP/Vteta
V»fc an Hrnlcyy
I
Ifr«J insta■•««‫»*׳‬or. do ne< unanslal your •Jutfioflcopy o WebS**-W*tch«r -)‫״‬St install0
Page
T«t
Analyse
h ttp : //a ig n e s .c o m
Copyright © by EG-Gllincil. All Rights Reserved. Reproduction is Strictly Prohibited.
M
o n i t o r i n g
W
e b
U p d a t e s
U s i n g
W
e b s i t e
W
a t c h e r
S o u rce : h ttp ://w w w .a ig n e s .c o m
W e b s i t e W a t c h e r is u s e d t o
an
u p d a te
or change
k e e p tr a c k o f w e b s ite s f o r u p d a te s a n d a u to m a tic c h a n g e s . W h e n
o cc u rs , W e b s ite
W a tc h e r a u to m a tic a lly
d e te c ts
and
saves th e
la s t t w o
v e r s i o n s o n t o y o u r d i s k , a n d h i g h l i g h t s c h a n g e s i n t h e t e x t . I t is a u s e f u l t o o l f o r m o n i t o r i n g s i t e s
t o g a in c o m p e t i t i v e a d v a n t a g e .
B e n e fits :
F re q u e n t
m anual
c h e c k in g
of
u p d a te s
is
not
re q u ire d .
W e b s ite
W a tc h e r
can
a u to m a tic a lly
d e te c t a n d n o tify u s e rs o f u p d a te s :
Q
It a llo w s y o u t o
know
w h a t y o u r c o m p e tito r s a re d o in g
b y s c a n n in g y o u r c o m p e t it o r s ‫׳‬
w e b s ite s
©
T h e s ite ca n k e e p tr a c k o f n e w s o f t w a r e v e rs io n s o r d r iv e r u p d a te s
©
It s t o r e s im a g e s o f t h e m o d i f i e d w e b s i t e s t o a d is k
M o d u le
02 P a g e 150
E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s C o p y r ig h t © b y E C -C
0U n C il
A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d .
E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s
Exam
312-50 C e r t i f i e d
E t h ic a l H a c k e r
F o o t p r in t in g a n d R e c o n n a is s a n c e
FIGURE 2.23: W e b site w a tch e r m o n ito rin g w e b updates
M o d u le
02 P a g e 151
E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s C o p y r ig h t © b y E C -C
0U n C il
A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d .
E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s
Exam
312-50 C e r t i f i e d
E t h ic a l H a c k e r
F o o t p r in t in g a n d R e c o n n a is s a n c e
Footprinting Methodology
Footprinting through Search
Engines
WHOIS Footprinting
Website Footprinting
DNS Footprinting
Email Footprinting
Network Footprinting
Competitive Intelligence
Footprinting through Social
Engineering
Footprinting using Google
Footprinting through Social
Networking Sites
CEH
Copyright © by EG-G(IIIICil. All Rights Reserved. Reproduction is Strictly Prohibited.
F o o t p r i n t i n g
M
e t h o d o l o g y
So f a r w e h a v e d is c u s s e d F o o t p r in tin g t h r o u g h s e a rc h e n g in e s a n d w e b s it e f o o t p r in t in g ,
t h e t w o in itia l p h a s e s o f f o o t p r i n t i n g m e t h o d o l o g y . N o w w e w ill d is c u s s e m a i l f o o t p r i n t i n g .
WHOIS Footprinting
DNS Footprinting
Network Footprinting
Footprinting th ro u g h Social
Engineering
Footprinting th ro u g h Social
Networking Sites
T h is
s e c tio n
d e s c rib e s
how
to
tra c k
e m a il c o m m u n ic a tio n s ,
how
to
c o lle c t in fo r m a tio n
fro m
e m a il h e a d e rs , a n d e m a il tr a c k in g to o ls .
M o d u le
02 P a g e 152
E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s C o p y r ig h t © b y E C -C
0U n C il
A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d .
E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s
Exam
312-50 C e r t i f i e d
E t h ic a l H a c k e r
F o o t p r in t in g a n d R e c o n n a is s a n c e
Tracking Email Communications c Eh
\
tm
(•ttifwtf 1 lt»K4l IlM
J
J
Attacker tracks email to gather info rm a tio n ab o ut the physical location o f an
in d ivid u a l to perform social engineering th a t in tu rn may help in m apping
ta rg e t organization's n e tw o rk
Email tracking is a m ethod to m o n ito r and spy on th e delivered em ails to the
intended recipient
When the email was
received and read
GPS location and
map of the recipient
Set messages to
expire after a specified time
Track PDF and other types
of attachments
Time spent on reading
the emails
Whether or
not the recipient
it
visited any links sent to them
Copyright © by EG-G(IIIICil. All Rights Reserved. Reproduction is Strictly Prohibited.
T r a c k i n g
E
m
a i l
C
o m
m
u n i c a t i o n s
E m a i l t r a c k i n g is a m e t h o d t h a t h e l p s y o u t o m o n i t o r a s w e l l a s t o t r a c k t h e e m a i l s o f a
p a r t i c u l a r u s e r . T h i s k i n d o f t r a c k i n g is p o s s i b l e t h r o u g h d i g i t a l l y t i m e s t a m p e d r e c o r d s t o r e v e a l
th e
tim e
and
d a te
a p a rtic u la r
e m a il
was
re c e iv e d
or opened
by th e
ta rg e t.
A
lo t
o f e m a il
t r a c k i n g t o o l s a r e r e a d i l y a v a i l a b l e in t h e m a r k e t , u s i n g w h i c h y o u c a n c o l l e c t i n f o r m a t i o n s u c h
a s IP a d d r e s s e s , m a i l s e r v e r s , a n d s e r v i c e p r o v i d e r f r o m
use th is
in fo rm a tio n
to
b u ild
th e
h a c k in g
s tra te g y .
w h ic h th e m a il w a s s e n t. A tta c k e rs can
E x a m p le s
o f e m a il tra c k in g
to o ls
in c lu d e :
e M a ilT r a c k e r P r o a n d P a ra b e n E -m a il E x a m in e r.
B y u s in g e m a il t r a c k in g t o o ls y o u c a n g a t h e r t h e f o llo w in g in f o r m a t io n a b o u t t h e v ic tim :
Geolocation:
E s tim a te s a n d d is p la y s t h e
lo c a tio n
o f th e
re c ip ie n t o n th e
m ap and m ay
e v e n c a lc u la te d is ta n c e f r o m y o u r lo c a tio n .
‫׳‬-
Read duration:
T h e d u ra tio n o f tim e s p e n t b y th e re c ip ie n t o n re a d in g th e m a il s e n t b y
th e se n d er.
‫׳‬-
Proxy detection:
Q Links:
P ro v id e s in f o r m a t io n a b o u t t h e t y p e o f s e rv e r u s e d b y t h e r e c ip ie n t.
A llo w s y o u to
check w h e th e r th e
lin k s s e n t t o t h e
re c ip ie n t th ro u g h
e m a il h a ve
b e e n c h e c k e d o r n o t.
M o d u le
02 P a g e 153
E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s C o p y r ig h t © b y E C -C
0U n C il
A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d .
E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s
Exam
312-50 C e r t i f i e d
E t h ic a l H a c k e r
F o o t p r in t in g a n d R e c o n n a is s a n c e
' ' Operating system:
th e
re c ip ie n t.
The
T h is r e v e a ls in f o r m a t io n a b o u t t h e t y p e o f o p e r a t in g s y s te m
a tta c k e r
can
use
th is
in fo rm a tio n
to
la u n c h
an
a tta c k
by
used by
fin d in g
l o o p h o l e s in t h a t p a r t i c u l a r o p e r a t i n g s y s t e m .
Q Forward email:
W h e th e r o r n o t th e
e m a il s e n t t o y o u
is f o r w a r d e d
to
a n o th e r p e rs o n
c a n b e d e t e r m in e d e a s ily b y u s in g th is to o l.
M o d u le
02 P a g e 154
E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s C o p y r ig h t © b y E C -C
0U n C il
A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d .
E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s
Exam
312-50 C e r t i f i e d
E t h ic a l H a c k e r
F o o t p r in t in g a n d R e c o n n a is s a n c e
Collecting Information from
Email Header
CEH
D e liv o r e d - T o :
_
@ g m a il.c o m
The a d d re ss from w hich
R e c e i v e d : b y 1 0 . 1 1 2 . 3 9 . 1 6 7 w i t h SMTP i d q 7 c j
th e m essage w as sent
F r i , 1 Ju n 2012 2 1 :2 4 :0 1
R e t u r n - P a t h : < ‫ •*״‬- e r m a @ g m a il.c o m >
R e c e iv e d - S P F : p a s s ( g o o g le .c o m : d o m a in o f
‫־‬d e s i g n a t e s 1 0 . 2 2 4 . 2 0 5 . 1 3 7
s e n d e r ) c l i e n t ‫ ־‬i p = 1 0 . 2 2 4 . 2 0 5 . 377
S en d er's m ail server
A u t h e n t i c a t i o n - R e s u l t s : |m ^ g o o g ^ ^ ^ o mm
j3
|
1 0 .2 2 4 .2 0 5 .1 3 7 a s p e r m
i ^ ? ? ^ SratpTml^H
fc m ; d k i m = p a s s
h e a d e r . i« ;_ •»«-*.. * rm a @ g m a il.c o m
R e c e iv e d : fr o m r a r .g o o g le .c o m ([ 1 0 .2 2 4 .2 0 5 .1 3 7 ] )
D a t e a n d t im e re c e iv e d
!h Y
w ir.h SMTP Iri f r » ^ . . n ^ 8 5 7 0 q a b . 3 9 .1 3 1
b y t h e o r ig in a to r 's
I F r i , 01 J u n 2Q 12 2 1 ; 2 4 : Q Q - 0 7 0 0 ( P D T )I —
-OTOOif^
a s p e rm itte d
1
email servers
d = gm a 1 1 . c o m ; 3 = 2 0 1 2 0 1 1 3 ;
h -m im e -v e rs io n : i n - r e p l y - t o :
A u th e n tic a t io n s y s te m
e c t : fro m :to
: c o n te n t- ty p e ;
used by sender's
b h = T G E I P b 4 ti 7 g f Q G + g h h 7 0 k P j k x + T t / iA C lfl
mail server
b —K g u Z L T L fg 2 + Q Z X z Z K e x lN n v R c n D /‫־‬t‫־‬P 4 ‫־‬t-Nkl
!2P-t ‫־‬75MxDR8
b1PK3eJ3U f/C saB ZW r>TTO X LaK O A G rP3B O t92M CZFxeU U Q 9uw L/xH A I.SnkoU TF.EA K G qO C
0 d 9 h D 5 9 D 3 0 X l8 K A C 7 Z m k b lG z X m V 4 D lW ffC L 8 9 4 R d H B O U o M zR w O W W Iib 9 5 a ll3 8 cq tlfP
Z hrW F K h 5 x S n Z X sE 7 3 x Z P E Y zp 7 y ee C e Q u Y H Z N G slK x c0 7 x Q je Z u w + H W K /v R 6 x C h D Ja p Z 4
K 5 Z A fY Z m kIkF X + V dL Z qu7Y G F zy60H cuP 16y3/C 2fX H V d3uY < ‫ ״‬n M T /y e c v h C V 0 8 0 g 7 F K t6
/K z w -■
M I M E - V e r a io n : 1 . 0
R e c e iv e d ; b y 1 0 .2 2 4 .2 0 5 .1 3 7 w i t h SMTP i d fq9;
1040318;
F r i , 01 J u n 2 0 1 2 2 1 : 2 4 : 0 0 - 0 7 0 0 (PDT)
R e c e i v e d : b y 1 0 . 2 2 9 . 2 3 0 . 7 9 w i t h HTTP; F r i
I n - R e p l y - T o : <C A O Y W A T T lzdD X E 308D 2rhiE 4B er
A u n iq u e n u m b e r a s sig ne d
l.c o m >
. ‫־'חזי־׳'־׳‬.
Refer^aa
» f aranrai • ( f anYHftTT 1rrinytr Infi n? rh i Fif■
j
D a te
b m .google.com to
'
itify them e:
nO’-E M JcgfgX + m U f j B t t 2 s y 2 d X A 0 m a i l . g m a i l .co m >
‫ ן‬o;1LUTIONS : : :
■ e r m a 6 g m a il.c o m >
‫ץ‬
u b j ‫— —ן‬
\ l . com ,
S en d er's fu ll n am e
‫) ־‬LUTIONS <
r 0 y a h o o .c o m >
Copyright © by EG-G(IIIICil. All Rights Reserved. Reproduction is Strictly Prohibited.
C
An
o l l e c t i n g
e m a il
header
I n f o r m
is t h e
a t i o n
in fo rm a tio n
f r o m
th a t
E
m
a i l
H e a d e r s
tra v e ls
w ith
e v e ry
e m a il.
It c o n t a i n s
th e
d e ta ils o f th e s e n d e r, r o u tin g in f o r m a t io n , d a te , s u b je c t, a n d re c ip ie n t. T h e p ro c e s s o f v ie w in g
th e e m a il h e a d e r v a rie s w it h d iffe r e n t m a il p ro g ra m s .
C o m m o n ly u s e d e m a il p ro g ra m s :
©
S m a rte rM a il W e b m a il
©
O u tlo o k E xp re ss 4 -6
e
O u tlo o k 2 0 0 0 -2 0 0 3
e
O u tlo o k 2 0 0 7
©
E u d o ra 4 .3 /5 .0
©
E n to u ra g e
©
N e ts c a p e M e s s e n g e r 4 .7
©
M a c M a il
T h e f o l l o w i n g is a s c r e e n s h o t o f a s a m p l e e m a i l h e a d e r .
M o d u le
02 P a g e 155
E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s C o p y r ig h t © b y E C -C
0U n C il
A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d .
E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s
Exam
312-50 C e r t i f i e d
E t h ic a l H a c k e r
F o o t p r in t in g a n d R e c o n n a is s a n c e
D e liv e r e d - T o :
8
.-»-»» ■«» !»«‫׳‬g ma i l . c o m
R e c e iv e d : b y 1 0 . 1 1 2 . 39". 1 6 7 w i t h SMTP i d q 7 c s p 4 8 9 4 1 2 1 b k ;
F r i , 1 J u n 2 0 1 2 2 1 : 2 4 : 0 1 - 0 7 0 0 (PDT)
R e t u r n - P a t h : < »•-— - e r m a @ g m a il.c o m >
R e c e iv e d - S P F : p a s s ( g o o g l e . c o m : d o m a in o f
■
1 e n n a 0 g m a il.c o m d e s i g n a t e s 1 0 . 2 2 4 . 2 0 5 . 1 3 7 a s p e r m i t t e d
s e n d e r) c li e n t - i p = 1 0 . 2 2
A u t h e n t i c a t i o n - R e s u l t s : p n r 7 g o o g l^ ^ o m » J 3 p f - p a 3 3 ( g o o g l e . c o m : d o m a in o f
e r m a 8 g m a il. c o m d e s i g n a t e s
1 0 .2 2 4 .2 0 5 .1 3 7 a s p e r m it te d s e n a e rj s mt p . ma i l 3
- ‫ ׳ ־‬r m a g g m a i l . c o m ; d k im = p a s s
h e a d e r. i= ;
? r m a 8 g m a il.c o m
R e c e iv e d : f r o m m r . g o o g l e . c o m ( [ 1 0 . 2 2 4 . 2 0 5 . 1 3 7 ] )
h v i n . ? ? < 7 ‫ ו‬. ?>‫ ו‬5 - ‫ ר ו‬w i n , s m t p in ^ , 0 ^ < ; 7 8 » ; 7 0 ^ . ‫<>ר‬. 1 ‫ * « ר ר‬1 1 )‫ ו‬4 0 7 7 ‫( ר‬n u m _ h o p s = 1 ) ;
| F n , 01 J u n 2 0 1 2 2 1 : 2 4 : 0 0 - 0 7 0 0 ( P D T )!
D K I M - S ig n a t u r e : v = l / l ^ ^ r s a - s h a ^ ^ o / J c = r e l a x e d / r e l a x e d ;
d= g m a i 1 . c o m ;
?
1
h = m im e - v e r s io n : in - r e p ly - t o : r e fe r e n c e s : d a t e : m e s s a g e - id : s u b je c t : f r o m : to
:c o n te n t- ty p e ;
b h = T G E IP b 4 ti7 g fQ G + g h h 7 0 k P jk x 4 T t/iA C lP P y W m N g Y H c = ;
b ‫ ־‬K g u Z L T L fg 2 + Q Z X z Z K e x lN n v R c n D /+ P 4 + N k 5 N K S P tG 7 u H X D s fv /h G H 4 6 e 2 F + 7 5 M x D R 8
b lP K 3 e J 3 U f/C s a B Z W D IT O X L a K O A G rP 3 B O t9 2 M C Z F x e U U Q 9 u w L /x H A L S n k e U IE E e K G q O C
o a 9 h D 5 9 D 3 o X I8 K A C 7 Z m k b lG z X m V 4 D lW ffC L 8 9 4 R a M B 0 U o M z R w 0 W W Iib 9 5 a lI3 8 c q tlfP
Z h rW F K h 5 x S n Z X s E 7 3 x Z P E Y z p 7 y e c C e Q u Y H Z N G s lK x c 0 7 x Q je Z u w + H W K /v R 6 x C h D J a p Z 4
K5 Z A f Y Z m k I k F X -V d L Z q u Y G F z y
H c u P l6 y S / C 2 fX H V d s u Y a m M T /y e c v h C V o 8 0 g 7 F K t 6
/K z w M I M E - V e r s io n : 1 . 0
R e c e iv e d : b y 1 0 . 2 2 4 . 2 0 5 . 1 3 7 w i t h SMTP i d f q 9 m r 6 7 0 4 5 8 6 q a b . 3 9 . 1 3 3 8 6 1 1 0 4 0 3 1 8 ;
F r i , 01 J u n 2 0 1 2 2 1 : 2 4 : 0 0 - 0 7 0 0 (PDT)
R e c e iv e d : b y 1 0 . 2 2 9 . 2 3 0 . 7 9 w i t h H T T P ; F r i , 1 J u n 2 0 1 2 2 1 : 2 3 : 5 9 - 0 7 0 0 (PDT)
I n - R e p l y - T o : < C A O Y W A T T lz d D X E 3 o 8 D 2 r h iE 4 B e r2 M tV 0 u h r o 6 r 4 7 M u 7 c 8 u b p 8 E g @ m a il.g m a il.c o m >
R e f e r o f l £ g a ^ ^ £ £ 2 i j i £ 2 £ l £ d f i J S £ 2 a 2 £ 2 i J i ^ 4 ^ e r 2 M tV O u h r o 6 r + 7 M u 7 c 8 u b p 8 E g 0 m a il. g m a i l . com >
D a te : | S a t, 7 Jun 201? 0 9 :5 3 :5 9 40530 1
M e s s a g e - i t : <(!:A M ivo X 'fl !1cf£1‫־‬n £ 'w !iW < i5 z ih N n O - E M J c g fg X + m U fj B _ t t 2 s y 2 d X A 0 m a i l . g m a i l . com >
S u b je j^ ^ ii‫_ ״‬
_
_ ji* ,_ 0 L U T I0 N S : : :
F r o m :|
■■
~
M ir z a |<
‫״‬- •
- e r m a p g m a il. com >
To:
i f t s a m a i i . c om ,
•
1LU TI0N S <
• •- *
- - ‫־‬
- t i o n s 8 g m a i l. c o m > , — ...
■■
1‫־‬
■ a A k e r 8 y a h o o .c o m > ,
0120 1
4
7
60
^ <tm
FIGURE 2.24: Email header screenshot
T h is e m a il h e a d e r c o n ta in s t h e f o llo w in g in f o r m a t io n :
e
S e n d e r's m a il s e rv e r
e
D a ta a n d t im e re c e iv e d b y th e o r ig in a to r 's e m a il s e rv e rs
e
e
e
e
e
e
A u t h e n t ic a tio n s y s te m u s e d b y s e n d e r 's m a il s e rv e r
D a ta a n d t im e o f m e s s a g e s e n t
A u n iq u e n u m b e r a s s ig n e d b y m r .g o o g le .c o m t o id e n t if y t h e m e s s a g e
S e n d e r's fu ll n a m e
S e n d e r s IP a d d r e s s
T he a d d re ss fr o m
w h ic h th e m e s s a g e w a s s e n t
T h e a t t a c k e r c a n t r a c e a n d c o l l e c t a ll o f t h i s i n f o r m a t i o n b y p e r f o r m i n g a d e t a i l e d a n a l y s i s o f t h e
c o m p le te e m a il h e a d e r.
M o d u le
02 P a g e 156
E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s C o p y r ig h t © b y E C -C
0U n C il
A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d .
E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s
Exam
312-50 C e r t i f i e d
E t h ic a l H a c k e r
F o o t p r in t in g a n d R e c o n n a is s a n c e
CEH
E m a i l T r a c k i n g T o o ls
Email Lookup - Free Email Tracker
T r a c e E m a il - T r a c k E m a il
Email Header A n a ly sis
IP Address: 72.52.192 147 (host.marhsttanrrediagroup.con)
IP Address Country: Unred States
ip continent north America
IP Address City Location: Lansing
IP Address Region: Michigan
IP Address Latitude: *2.7257.
IP Address longtitude: -84.636
Organ i ra t on: So jrcoDNS
tm aii Lookup wap (sn o w n id e )
M ap
Satellite
Bath Charter
Township
Email Metrics
O on d
*w
‫־‬-
*
( f t
Lansing
E03t
Lansing
/
I‫־‬
! ! ! ! ! ! ! ! I I j !.! ! f I ! I I ! 1 1 1 ‫י‬
IVac dfeta 82012 Gooole - Terms of Use Report a map e
E m a il L o o k u p - F re e E m a il T ra c k e r (http://www.ipaddresslocation.org)
P o lit e M a il (http://www.politemail.com)
Copyright © by EG-G(l1ncil. All Rights Reserved. Reproduction is Strictly Prohibited.
E
m
E m a il
a i l
T r a c k i n g
tra c k in g
to o ls
T o o l s
a llo w
you
to
tra c k
an
e m a il
and
e x tra c t
in fo rm a tio n
such
as
s e n d e r i d e n t i t y , m a i l s e r v e r , s e n d e r ' s IP a d d r e s s , e t c . Y o u c a n u s e t h e e x t r a c t e d i n f o r m a t i o n t o
a tta c k t h e t a r g e t o r g a n iz a tio n 's s y s te m s b y s e n d in g m a lic io u s e m a ils . N u m e r o u s e m a il tr a c k in g
t o o l s a r e r e a d i l y a v a i l a b l e in t h e m a r k e t .
T h e f o llo w in g a re a f e w c o m m o n ly u s e d e m a il tr a c k in g to o ls :
e M a ilT r a c k e r P r o
S o u rce : h ttp ://w w w .e m a iltra c k e r p ro .c o m
e M a i l T r a c k e r P r o is a n e m a i l t r a c k i n g t o o l t h a t a n a l y z e s e m a i l h e a d e r s a n d r e v e a l s i n f o r m a t i o n
s u c h a s s e n d e r ' s g e o g r a p h i c a l l o c a t i o n , IP a d d r e s s , e t c . I t a l l o w s y o u t o
r e v ie w t h e tr a c e s la te r
b y s a v in g a ll p a s t t r a c e s .
M o d u le
02 P a g e 157
E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s C o p y r ig h t © b y E C -C
0U n C il
A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d .
E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s
Exam
312-50 C e r t i f i e d
E t h ic a l H a c k e r
F o o t p r in t in g a n d R e c o n n a is s a n c e
«M*fTrKtfT*o v9Qh Advanced {(Woiv Tnjl a»y 3 of
M
• n*r» s M KTT» mt*•(
n*van( on‫ »*ז‬vyv•**• (tt*
po^ndotftf)
• ntrtiiwHTmMn*(
18382 14 17
12« 240 ‫ ע ב‬t
18087 385
80 231 217 17
80231217 2
80 231 2006
80 231 91 X
80 231 1382
m
(frt*e*l
*22
Teu arc <a day J ( *•1‫ צ‬4‫ « י‬in*.
V0M<M«<•w
!•jomnf on Mm
(tkt
port nctoM<A
■ T*#f• n no
w nw n m ■ !
ontMt
(t»» port «
1‫ ז ? ד‬. ‫ ג נ » י‬.‫ י‬STATIC
w l M(Ot01 1‫* ׳ ׳‬.
>.-0■'00 •-cor.‫ ו‬M.V-Mx'** MUU Mt Mjrrfe* M t
lc « 1 *‫ ׳‬WYfttMar*•** mMS3 ‫»*״‬
*2 2 lc««2 W lN lto M * * M 3 mi
u m Sh m
< ♦21c«*2SV» *!>*»■«»» m M O w
l(M t
•*&•» ‫ «•״‬KMM »‫ ׳‬v * H
n793
Ooitiim *
• * v x aito U flU O'*« (»'<***••"
cJrp out of (M*. 10| « ttnKw* dala b m OOJlCt
FIGURE 2.25: eM ailTrackerP ro show ing geographical lo ca tio n o f sender
P o lit e M
a il
S o u rce : h ttp ://w w w .p o lite m a il.c o m
P o l i t e M a i l is a n e m a i l t r a c k i n g t o o l f o r O u t l o o k . I t t r a c k s a n d
p ro v id e s c o m p le te
w h o o p e n e d y o u r m a il a n d w h ic h d o c u m e n t has b e e n o p e n e d , as w e ll as w h ic h
c lic k e d
and
re a d .
It
o ffe rs
m a il
m e rg in g ,
s p lit
te s tin g ,
and
fu ll
lis t
d e ta ils a b o u t
lin k s a re b e in g
m anagem ent
in c lu d in g
s e g m e n t in g . Y o u c a n c o m p o s e a n e m a il c o n t a i n i n g m a l ic io u s lin k s a n d s e n d it t o t h e e m p lo y e e s
o f t h e t a r g e t o r g a n iz a t io n a n d k e e p t r a c k o f y o u r e m a il. If t h e e m p l o y e e c lic k s o n t h e lin k , h e o r
s h e is i n f e c t e d
and you
w ill b e
n o tifie d . T hu s, y o u
c a n g a in c o n t r o l o v e r t h e
s y s te m
w ith
th e
h e lp o f th is to o l.
FIGURE 2.26: P o litem ail screenshot
NIC
E m
a il L o o k u p
-
F r e e
E m
a il T r a c k e r
W W W
S o u rce : h ttp ://w w w .ip a d d r e s s lo c a tio n .o rg
M o d u le
02 P a g e 158
E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s C o p y r ig h t © b y E C -C
0l 1n C i l
A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d .
E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s
Exam
312-50 C e r t i f i e d
E t h ic a l H a c k e r
F o o t p r in t in g a n d R e c o n n a is s a n c e
E m a i l L o o k u p is a n e m a i l t r a c k i n g t o o l t h a t d e t e r m i n e s t h e IP a d d r e s s o f t h e s e n d e r b y a n a l y z i n g
th e
e m a il h e a d e r. Y ou can c o p y a n d
p a s te th e
e m a il h e a d e r in to th is e m a il tra c k in g to o l a n d
s ta r t tr a c in g e m a il.
M o d u le
02 P a g e 159
E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s C o p y r ig h t © b y E C -C
0U n C il
A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d .
E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s
Exam
312-50 C e r t i f i e d
E t h ic a l H a c k e r
F o o t p r in t in g a n d R e c o n n a is s a n c e
E m a il L o o k u p - F re e
E m a il T ra c k e r
T ra c e E m a il • T ra c k E m a il
Email Header Analysis
IP Address: 72.52.192.147 (host manhattanmed1agroup.com)
IP Address Country: United States fe i
IP Continent: North America
IP Address City Location: Lansng
IP Address Region: Michigan
IP Address Latitude: 42 7257,
IP Address Longtitude: -84 636
Organization: SourceDNS
Email Lookup Map (show/hide)
FIGURE 2 .2 7 : E m ail L o o k u p S c re e n s h o t
M o d u le
02 P a g e 160
E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s C o p y r ig h t © b y E C -C
0l 1n C i l
A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d .
E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s
Exam
312-50 C e r t i f i e d
E t h ic a l H a c k e r
F o o t p r in t in g a n d R e c o n n a is s a n c e
CEH
E m a i l T r a c k i n g T o o ls
( C o n t ’d )
Read N o tify
http://www.readnotify, com
©
'—
P o in to fm a il
http://www.pointofmail.com
S u p e r Em ail M a rk e tin g
D id T h e yR e a d lt
http://www.didtheyreadit. com
S o ftw a re
http://www.bulk-email-marketing-software.net
■
S '/
Trace Em ail
http://whatism yipaddress. com
W hoR eadM e
http://whoreadme.com
MSGTAG
http://www.msgtag.com
G e tN o tify
h ttn ■ / / iajiaj\aj nt>\
http://www.getnotify.com
Z e n d io
http://www.zendio.com
'
—
a
J J S >
G -Lock A n a ly tic s
http://glockanalytics.com
m
Copyright © by EG-G(IIIICil. All Rights Reserved. Reproduction is Strictly Prohibited.
E
m
a i l
M
T r a c k i n g
R e a d
---------
T o o l s
( C
o n t ’ d )
N o t if y
S o u rce : h ttp ://w w w .r e a d n o tify .c o m
R e a d N o t i f y p r o v i d e s a n e m a i l t r a c k i n g s e r v i c e . I t n o t i f i e s y o u w h e n a t r a c k e d e m a i l is o p e n e d ,
re -o p e n e d , o r fo rw a rd e d .
d e liv e r y d e ta ils , d a te
Read
a n d tim e
l o c a t i o n , IP a d d r e s s o f t h e
N o tify tra c k in g
re p o rts c o n ta in
o f o p e n in g , g e o g ra p h ic lo c a tio n
re c ip ie n ts , r e fe r r e r d e ta ils
in fo rm a tio n
su ch as c o m p le te
o f r e c ip ie n t, v is u a liz e d
(i.e ., if a c c e s s e d v ia w e b
m ap of
e m a il a c c o u n t
e tc .), e tc .
^
D id T h e y R e a d lt
S o u rce : h ttp ://w w w .d id th e y r e a d it.c o m
D i d T h e y R e a d l t is a n e m a i l t r a c k i n g u t i l i t y . I n o r d e r t o u s e t h i s u t i l i t y y o u n e e d t o s i g n u p f o r a n
a c c o u n t.
Then
you
need
a d d re ss.
F o r e x a m p le ,
to
if y o u
add
w e re
e lle n @ a o l.c o m .D id T h e y R e a d lt.c o m
".D id T h e y R e a d lt.c o m "
s e n d in g
an
e -m a il to
to
th e
end
o f th e
r e c ip ie n t's
e -m a il
e lle n @ a o l.c o m , y o u 'd ju s t s e n d
in s te a d , a n d y o u r e m a il w o u ld
it t o
be tra c k e d , e lle n @ a o l.c o m
w o u ld n o t s e e t h a t y o u a d d e d .D id T h e y R e a d lt.c o m t o h e r e m a il a d d re s s . T h is u t ilit y tr a c k s e v e r y
e m a il t h a t y o u s e n d in v is ib ly , w i t h o u t a l e r t i n g t h e r e c i p i e n t . If t h e u s e r o p e n s y o u r m a il, t h e n it
M o d u le
02 P a g e 161
E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s C o p y r ig h t © b y E C -C
0U n C il
A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d .
E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s
Exam
312-50 C e r t i f i e d
E t h ic a l H a c k e r
F o o t p r in t in g a n d R e c o n n a is s a n c e
in fo rm s
you
when
your
m a il
was
opened,
how
lo n g
your
e m a il
re m a in e d
open,
and
th e
g e o g r a p h ic lo c a tio n w h e r e y o u r e m a il w a s v ie w e d .
T r a c e E m a il
S o u rce : h ttp ://w h a tis m y ip a d d re s s .c o m
T h e T ra c e E m a il to o l a t t e m p t s t o
lo c a te th e
so u rce
IP a d d r e s s o f a n e m a i l b a s e d o n t h e
h e a d e rs . Y o u ju s t n e e d to c o p y a n d p a s te th e fu ll h e a d e rs o f th e ta r g e t e m a il in to th e
e m a il
H e a d e rs
b o x a n d t h e n c lic k t h e G e t S o u rc e b u t t o n . It s h o w s t h e e m a il h e a d e r a n a ly s is a n d re s u lts .
T h is E m a il h e a d e r a n a ly s is t o o l d o e s n o t h a v e t h e a b ilit y t o d e t e c t f o r g e d e m a ils h e a d e r s . T h e s e
fo rg e d
e m a il
h e a d e rs
a re
com m on
in
m a lic io u s
e m a il
and
s p a m . T h is
to o l
assum es
a ll
m a il
s e r v e r s a n d e m a i l c l i e n t s in t h e t r a n s m i s s i o n p a t h a r e t r u s t w o r t h y .
M S G T A G
S o u rce : h ttp ://w w w .m s g ta g .c o m
MSGTAG
when
is W i n d o w s
e m a il tra c k in g
y o u r e m a ils a re
opened
and
s o ftw a re
when
th a t uses a read
y o u r e m a ils a re
re c e ip t te c h n o lo g y to
a c tu a lly
te ll y o u
re a d . T h is s o f t w a r e
adds a
s m a l l t r a c k a n d t r a c e t a g t h a t is u n i q u e t o e a c h e m a i l y o u n e e d d e l i v e r y c o n f i r m a t i o n f o r . W h e n
t h e e m a i l is o p e n e d a n e m a i l t r a c k i n g c o d e is s e n t t o t h e M S G T A G e m a i l t r a c k i n g s y s t e m a n d a n
e m a il re a d c o n fir m a tio n
is d e l i v e r e d t o y o u . M S G T A G w i l l n o t i f y y o u w h e n t h e m e s s a g e is r e a d
v ia a n e m a il e d c o n f i r m a t i o n , a p o p - u p m e s s a g e , o r a n S M S t e x t m e s s a g e .
vSW ,
Z e n d io
S o u rce : h ttp ://w w w .z e n d io .c o m
Z e n d io , th e
th e
e m a il tra c k in g s o ftw a r e
e m a il, so y o u
can
fo llo w
a d d -in f o r O u tlo o k , n o tifie s y o u
u p , k n o w in g
when
th e y
read
it a n d
o n c e y o u r re c ip ie n t rea d s
if t h e y
c lic k e d
on
any
lin k s
i n c l u d e d in t h e e m a i l .
P o in t o f m a il
S o u rce : h ttp ://w w w .p o in to fm a il.c o m
P o in to fm a il.c o m
tra c k s
is a p r o o f o f r e c e i p t a n d
a tta c h m e n ts ,
and
le ts
you
r e a d in g s e rv ic e f o r e m a il.
m o d ify
or
d e le te
sent
It e n s u r e s
m essages.
It
read
re c e ip ts ,
p ro v id e s
d e ta ile d
i n f o r m a t i o n a b o u t t h e r e c ip ie n t , f u ll h is t o r y o f e m a il r e a d s a n d f o r w a r d s , lin k s a n d a t t a c h m e n t s
tra c k in g , e m a il, a n d w e b a n d S M S t e x t n o tific a tio n s .
3
‫יו‬
S u p e r
E m
a il M
a r k e t in g
S o ftw a r e
S o u rce : h ttp ://w w w .b u lk - e m a il- m a rk e tin g -s o ftw a r e .n e t
S u p e r E m a il M a r k e t i n g
S o ftw a re
is a p r o f e s s i o n a l a n d s t a n d a l o n e
b u lk m a ile r p r o g r a m . It has
t h e a b ilit y t o s e n d m a ils t o a lis t o f a d d re s s e s . It s u p p o r t s b o t h t e x t as w e ll as H T M L f o r m a t t e d
e m a il s . A ll d u p lic a t e e m a il a d d re s s e s a re r e m o v e d a u t o m a t ic a ll y b y u s in g t h is a p p lic a t io n . E ach
m a i l is s e n t i n d i v i d u a l l y t o t h e r e c i p i e n t s o t h a t t h e r e c i p i e n t c a n o n l y s e e h i s o r h e r e m a i l i n t h e
M o d u le
02 P a g e 162
E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s C o p y r ig h t © b y E C -C
0U n C il
A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d .
E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s
Exam
312-50 C e r t i f i e d
E t h ic a l H a c k e r
F o o t p r in t in g a n d R e c o n n a is s a n c e
e m a il h e a d e r . It s a v e s t h e e m a il a d d re s s e s o f t h e s u c c e s s fu l s e n t m a ils as w e ll as t h e fa ile d m a ils
t o a te x t, CSV, T S V o r M ic r o s o f t E xce l file .
M o d u le
02 P a g e 163
E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s C o p y r ig h t © b y E C -C
0U n C il
A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d .
E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s
Exam
312-50 C e r t i f i e d
E t h ic a l H a c k e r
F o o t p r in t in g a n d R e c o n n a is s a n c e
W
" 5 ‫©׳‬
h o R e a d M e
o u rc e : h ttp ://w h o r e a d m e .c o m
W h o R e a d M e is a n e m a i l t r a c k i n g t o o l . I t is c o m p l e t e l y i n v i s i b l e t o r e c i p i e n t s . T h e r e c i p i e n t s w i l l
h a v e n o id e a t h a t t h e e m a ils s e n t t o t h e m
th e re c ip ie n t o p e n s th e
s y s te m
a r e b e i n g t r a c k e d . T h e s e n d e r is n o t i f i e d e v e r y t i m e
m a il s e n t b y t h e s e n d e r . It tr a c k s in f o r m a t i o n s u c h as t y p e o f o p e r a t in g
a n d b r o w s e r u s e d , A c t i v e X C o n t r o l s , CSS v e r s i o n , d u r a t i o n
b e t w e e n t h e m a ils s e n t a n d
re a d tim e , e tc .
G e t N o t if y
S o u rce : h t t o : / / w w w . g e tn o tify .c o m
G e t N o t i f y is a n e m a i l t r a c k i n g t o o l t h a t s e n d s n o t i f i c a t i o n s w h e n t h e r e c i p i e n t o p e n s a n d r e a d s
t h e m a il. It s e n d s n o t i f i c a t i o n s w i t h o u t t h e k n o w l e d g e o f r e c i p i e n t .
I
r
G ‫־‬L o c k
‫׳ —ץ‬
S o u rce : h ttp ://g lo c k a n a ly tic s .c o m
G -L o c k A n a ly tic s
A n a ly t ic s
is a n e m a i l t r a c k i n g
s e rv ic e . T h is a llo w s y o u
e m a ils a f t e r t h e y a re s e n t. T h is t o o l r e p o r t s t o y o u h o w
to
know
w h a t happens to
your
m a n y tim e s th e e m a il w a s p rin te d a n d
fo rw a rd e d .
M o d u le
02 P a g e 164
E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s C o p y r ig h t © b y E C -C
0U n C il
A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d .
E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s
Exam
312-50 C e r t i f i e d
E t h ic a l H a c k e r
F o o t p r in t in g a n d R e c o n n a is s a n c e
Footprinting Methodology
CEH
Footprinting through Search
Engines
WHOIS Footprinting
Website Footprinting
DNS Footprinting
Email Footprinting
Network Footprinting
Competitive Intelligence
Footprinting through Social
Engineering
Footprinting using Google
Footprinting through Social
Networking Sites
Copyright © by EG-G(IIIICil. All Rights Reserved. Reproduction is Strictly Prohibited.
F o o t p r i n t i n g
The
next phase
M
e t h o d o l o g y
in f o o t p r i n t i n g
m e th o d o lo g y
a fte r e m a il fo o t p r in t in g
is c o m p e t i t i v e
in te llig e n c e .
C o m p e titiv e in te llig e n c e
is a p r o c e s s t h a t g a t h e r s , a n a l y z e s , a n d d i s t r i b u t e s i n t e l l i g e n c e
about
p r o d u c t s , c u s t o m e r s , c o m p e t i t o r s , a n d t e c h n o l o g i e s u s i n g t h e I n t e r n e t . T h e i n f o r m a t i o n t h a t is
g a th e re d
s e c tio n
can
h e lp
m a n a g e rs
is a b o u t c o m p e t i t i v e
and
e x e c u tiv e s
in te llig e n c e
of
a
g a th e rin g
com pany
and
m ake
so u rc e s
s tra te g ic
w h e re
you
d e c is io n s .
can
T h is
g e t v a lu a b le
in fo rm a tio n .
M o d u le
02 P a g e 165
E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s C o p y r ig h t © b y E C -C
0U n C il
A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d .
E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s
Exam
312-50 C e r t i f i e d
E t h ic a l H a c k e r
F o o t p r in t in g a n d R e c o n n a is s a n c e
Competitive Intelligence
Gathering
J
0
C o m p e titive in telligence is th e process o f id e n tify in g , g a th e rin g ,
a n a lyzing, v e rify in g , and using in fo rm a tio n a b o u t yo u r co m p e tito rs
fro m resources such as th e In te rn e t
J
C o m p e titive in telligence is n o n -in te rfe rin g and s u b tle in n a tu re
0
‫ר‬
S o u rc e s of C om petitive Intelligence
♦
1
C o m p a n y w e b site s and e m p lo y m e n t ads
6‫׳‬
Social e ng in ee ring e m p lo ye e s
2
Search engines, Internet, and o n lin e d a tab ases
7
P ro d u ct c ata lo g u e s and re ta il o u tle ts
3
Press releases a nd a n n u al re po rts
A n a ly st a nd re g u la to ry re p o rts
-
Trade jo u rn a ls, con feren ces, and ne w sp a p e r
C u sto m e r a nd v e n d o r in te rv ie w s
5
P ate nt a nd tra d e m a rks
10
Agents, d istrib u to rs, and sup p lie rs
Copyright © by EG-G*ancil. All Rights Reserved. Reproduction is Strictly Prohibited.
C
o m
V a rio u s
p e t i t i v e
to o ls
a re
I n t e l l i g e n c e
re a d ily
a v a ila b le
in
G
th e
a t h e r i n g
m a rke t
fo r
th e
p u rp o se
of
c o m p e titiv e
in te llig e n c e g a th e rin g .
A c q u is itio n
th e
o f in fo rm a tio n
I n t e r n e t is d e f i n e d
o r g a n i z a t i o n . I t is n o n - i n t e r f e r i n g a n d s u b t l e
p r o p e r t y t h e f t c a rrie d
th e
in te llig e n c e . C o m p e titiv e
e x te rn a l
g a th e rin g
not
o u t th ro u g h
b u s in e s s
th e n
it
is
not
in n a t u r e
co m p a re d
h a c k in g o r in d u s tria l e s p io n a g e .
e n v iro n m e n t.
it s e c re tly . A c c o r d in g t o
u s e fu l,
in te llig e n c e
is n o t j u s t a b o u t
but also analyzing their products, customers, suppliers,
a n a ly z in g c o m p e tito r s
th e
a b o u t p r o d u c ts , c o m p e t it o r s , a n d te c h n o lo g ie s o f a c o m p a n y u s in g
as c o m p e t it iv e
It
g a th e rs
in fo rm a tio n
Cl p r o f e s s i o n a l s , i f t h e
c a lle d
in te llig e n c e .
to th e
d ir e c t in te lle c tu a l
It m a in ly c o n c e n t r a t e s o n
e th ic a lly
in te llig e n c e
C o m p e titiv e
e tc . th a t im p a c t
and
le g a lly
in fo rm a tio n
in te llig e n c e
is
in s te a d
g a th e re d
p e rfo rm e d
of
is
fo r
d e te rm in in g :
©
W h a t th e c o m p e tito r s a re d o in g
©
H o w c o m p e tito r s a re p o s itio n in g t h e ir p r o d u c ts a n d s e rv ic e s
Sources of Competitive Intelligence:
C o m p a n y w e b s ite s a n d e m p lo y m e n t ads
S
M o d u le
S e a rc h e n g in e s , In te r n e t, a n d o n lin e d a ta b a s e s
02 P a g e 166
E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s C o p y r ig h t © b y E C -C
0l i n C i l
A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d .
E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s
Exam
312-50 C e r t i f i e d
E t h ic a l H a c k e r
F o o t p r in t in g a n d R e c o n n a is s a n c e
e
e
e
e
e
e
e
e
P ress re le a s e s a n d a n n u a l r e p o r ts
T ra d e jo u rn a ls , c o n fe re n c e s , a n d n e w s p a p e rs
P a te n ts a n d tra d e m a rk s
S o c ia l e n g i n e e r i n g e m p l o y e e s
P r o d u c t c a ta lo g s a n d re ta il o u tle ts
A n a ly s t a n d r e g u la to r y re p o r ts
C u s to m e r a n d v e n d o r in te rv ie w s
A g e n ts , d is tr ib u to r s , a n d s u p p lie rs
C o m p e titiv e
in fo rm a tio n
in te llig e n c e
or
by
can
u tiliz in g
a
be
c a rrie d
c o m m e rc ia l
out
by
e ith e r
d a ta b a s e
e m p lo y in g
s e rv ic e ,
w h ic h
p e o p le
in c u rs
to
a
se a rch
lo w e r
fo r
cost
th e
th a n
e m p lo y in g p e rs o n n e l to d o th e s a m e th in g .
M o d u le
02 P a g e 167
E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s C o p y r ig h t © b y E C -C
0U n C il
A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d .
E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s
Exam
312-50 C e r t i f i e d
E t h ic a l H a c k e r
F o o t p r in t in g a n d R e c o n n a is s a n c e
C o m
p e t it iv e
C o m
p a n y
I n t e llig e n c e
B e g in ?
H o w
- W
D id
h e n
it
D id
t h is
D e v e lo p ?
CEH
V is it T h e s e S ite s
♦------------------------------------------------------
When did it begin?
01. EDGAR Database
http://www.sec.gov/edgar.shtml
♦-----------------------------------02. Hoovers
How did it
develop?
http://www.hoovers.com
«________________________________
03. LexisNexis
M
■2)
http://www.lexisnexis.com
♦-----------------------------------04. Business Wire
^
Hs)
http://www.businesswire.com
Copyright © by EG-Gtlincil. All Rights Reserved. Reproduction is Strictly Prohibited.
C
o m
p e t i t i v e
B e g i n ?
H o w
I n t e l l i g e n c e
D
i d
i t
‫־‬
W
h e n
D
i d
t h i s
C
o m
p a n y
D e v e l o p ?
G a th e r in g c o m p e t it o r d o c u m e n t s a n d re c o r d s h e lp s im p r o v e p r o d u c t iv it y a n d p r o f i t a b i l i t y a n d
s t i m u l a t e t h e g r o w t h . It h e lp s d e t e r m i n e t h e a n s w e r s t o t h e f o l l o w i n g :
When did it begin?
T h ro u g h
c o m p e titiv e
in te llig e n c e , th e
h is to ry o f a c o m p a n y can
b e c o lle c t e d , s u c h as w h e n
a
p a r tic u la r c o m p a n y w a s e s ta b lis h e d . S o m e tim e s , c ru c ia l in f o r m a t io n t h a t is n 't u s u a lly a v a ila b le
f o r o t h e r s c a n a ls o b e c o lle c t e d .
How did it develop?
I t is v e r y b e n e f i c i a l t o
k n o w a b o u t h o w e x a c tly a p a rtic u la r c o m p a n y has d e v e lo p e d . W h a t a re
t h e v a rio u s s tr a te g ie s u s e d b y t h e c o m p a n y ? T h e ir a d v e r t is e m e n t p o lic y , c u s t o m e r r e la tio n s h ip
m a n a g e m e n t, e tc . c a n b e le a rn e d .
Who leads it?
T h is i n f o r m a t i o n
h e lp s a c o m p a n y
le a rn d e ta ils o f t h e
le a d in g p e rs o n
(d e c is io n
m a ke r) o f th e
com pany.
Where is it located?
M o d u le
02 P a g e 168
E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s C o p y r ig h t © b y E C -C
0U n C il
A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d .
E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s
312-50 C e r t i f i e d
Exam
E t h ic a l H a c k e r
F o o t p r in t in g a n d R e c o n n a is s a n c e
T h e lo c a tio n o f th e c o m p a n y a n d in fo r m a tio n
re la te d to v a rio u s b ra n c h e s a n d th e ir o p e ra tio n s
c a n b e c o lle c te d t h r o u g h c o m p e titiv e in te llig e n c e .
You
can
use
th is
in fo rm a tio n
g a th e re d
th ro u g h
c o m p e titiv e
in te llig e n c e
to
b u ild
a
h a c k in g
s tra te g y .
T h e f o llo w in g a re in f o r m a t io n r e s o u r c e s ite s t h a t h e lp u s e rs g a in c o m p e t i t i v e in t e llig e n c e .
E D G A R
‫ע‬
0 1
c—3
A ll
S o u rce : h ttp ://w w w .s e c .g o v /e d g a r .s h tm l
c o m p a n ie s ,
fo re ig n
and
d o m e s tic ,
a re
re q u ire d
re p o rts , a n d o th e r fo rm s e le c tro n ic a lly th ro u g h
to
file
re g is tra tio n
s ta te m e n ts ,
EDGAR. A n y o n e can v ie w th e
p e rio d ic
ED G AR d a ta b a s e
f r e e l y t h r o u g h t h e I n t e r n e t ( w e b o r FTP). A ll t h e d o c u m e n t s t h a t a r e f i l e d w i t h t h e c o m m i s s i o n
b y p u b lic c o m p a n ie s m a y n o t b e a v a ila b le o n ED G AR .
H o o v e r s
M =
‫= ־־‬
I
i
S o u rce : h ttp ://w w w .h o o v e r s .c o m
H o o v e r s is a b u s i n e s s r e s e a r c h c o m p a n y t h a t p r o v i d e s c o m p l e t e
i n d u s t r i e s a ll o v e r t h e w o r l d . H o o v e r s p r o v i d e s p a t e n t e d
d e ta ils a b o u t c o m p a n ie s a n d
b u s in e s s -re la te d
I n t e r n e t , d a ta fe e d s , w ir e le s s d e v ic e s , a n d c o - b r a n d in g a g r e e m e n t s w it h
It g iv e s c o m p l e t e
econom y
and
in fo rm a tio n
a ls o
p ro v id e
a b o u t th e
th e
to o ls
o rg a n iz a tio n s ,
fo r c o n n e c tin g
to
in d u s trie s ,
th e
rig h t
and
in fo rm a tio n th ro u g h
o t h e r o n lin e s e rv ic e s .
p e o p le
p e o p le ,
in
th a t d riv e
th e
o rd e r fo r g e ttin g
b u s in e s s d o n e .
L e x is N e x is
S o u rce : h ttp ://w w w .le x is n e x is .c o m
L e x i s N e x i s is a g l o b a l p r o v i d e r o f c o n t e n t - e n a b l e d
p ro fe s s io n a ls
in
th e
le g a l,
ris k
m a n a g e m e n t,
w o rk flo w
s o lu tio n s d e s ig n e d s p e c ific a lly f o r
c o rp o ra te ,
g o v e rn m e n t,
la w
e n fo rc e m e n t,
a c c o u n t i n g , a n d a c a d e m i c m a r k e t s . It m a i n t a in s a n e l e c t r o n i c d a t a b a s e t h r o u g h w h i c h y o u c a n
g e t le g a l a n d
p u b lic -re c o rd s
re la te d
in fo rm a tio n .
D o c u m e n ts
and
re co rd s
o f le g a l, n e w s , a n d
b u s in e s s s o u rc e s a re m a d e a c c e s s ib le t o c u s to m e r s .
B u s in e s s
W
ir e
S o u rce : h ttp ://w w w .b u s in e s s w ir e .c o m
B u s i n e s s W i r e is a c o m p a n y t h a t f o c u s e s o n p r e s s r e l e a s e d i s t r i b u t i o n a n d r e g u l a t o r y d i s c l o s u r e .
F u ll t e x t n e w s
re le a s e s , p h o to s , a n d
a n d o rg a n iz a tio n s a re d is tr ib u te d
fin a n c ia l
m a rk e ts ,
in v e s to rs ,
o th e r m u ltim e d ia
c o n te n t fro m
th o u s a n d s o f c o m p a n ie s
b y th is c o m p a n y a c ro s s th e g lo b e t o jo u rn a lis ts , n e w s m e d ia ,
in fo rm a tio n
w e b s ite ,
d a ta b a s e s ,
and
g e n e ra l
a u d ie n c e s .
T h is
c o m p a n y h a s its o w n p a t e n t e d e l e c t r o n i c n e t w o r k t h r o u g h w h i c h it r e le a s e s its n e w s .
M o d u le
02 P a g e 169
E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s C o p y r ig h t © b y E C -C
0U n C il
A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d .
E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s
312-50 C e r t i f i e d
Exam
E t h ic a l H a c k e r
F o o t p r in t in g a n d R e c o n n a is s a n c e
Competitive Intelligence -What c
Are the Company's Plans?
‫ך‬
^^^P^^^^^^^ompetitiv^ntelligenc^Site^^™
fertMM
M a rke t W atch (h
ttp : //w w w .m a r k e tw a tc h .c o m )
The W all S treet Transcript
J twst.com
(h t t p : / / w w w .t w s t .c o m )
^
Lipper M arke tp la ce
\ /
E u ro m o n ito r
(h ttp : // w w w .e u r o m o n ito r .c o m )
Fagan Finder
(h t t p : // w w w .fa g a n fin d e r .c o m )
SEC Info
M a rk e t^
upper marketplace
(h ttp : // w w w .lip p e r m a r k e tp la c e .c o m )
I tUR OM ON M OR
J
^Fagan-^
Finder
S E C I n fo
(h ttp : // w w w .s e c in fo .c o m )
The Search M o n ito r
Search M pmI to r
(h t t p : // w w w .th e s e a r c h m o n i to r .c o m )
Copyright © by EG-G*ancil. All Rights Reserved. Reproduction is Strictly Prohibited
C
M M
o m
p e t i t i v e
I n t e l l i g e n c e
‫־‬
W
h a t
A r e
t h e
C
o m
p a n y 's
to
P la n s ?
The
fo llo w in g
a re
a
fe w
m o re
e x a m p le s
of
w e b s ite s
th a t
a re
u s e fu l
to
g a th e r
v a lu a b le
in f o r m a t io n a b o u t v a rio u s c o m p a n ie s a n d t h e ir p la n s t h r o u g h c o m p e t it iv e in te llig e n c e :
M a r k e t W
a t c h
S o u rce : h ttp ://w w w .m a r k e tw a tc h .c o m
M a rk e tW a tc h
tra c k s th e
p u ls e o f m a r k e ts . T h e s ite
p ro v id e s
b u s in e s s n e w s ,
in fo rm a tio n , re a l-tim e c o m m e n ta ry , a n d in v e s tm e n t to o ls a n d d a ta , w ith
p e rs o n a l fin a n c e
d e d ic a te d jo u rn a lis ts
g e n e r a tin g h u n d r e d s o f h e a d lin e s , s to rie s , v id e o s , a n d m a r k e t b rie fs a d a y .
S fli
T h e
Pi
S o u rce : h ttp ://w w w .tw s t.c o m
W
a ll
S tre e t T r a n s c r ip t
T h e W a l l S t r e e t T r a n s c r i p t is a w e b s i t e a s w e l l a s p a i d s u b s c r i p t i o n
in d u s try
re p o rts .
It e x p re s s e s t h e
v ie w s
of m oney
m an a g e rs
and
p u b lic a tio n
e q u ity
t h a t p u b lis h e s
a n a ly s ts
o f d iffe re n t
in d u s tr y s e c to rs . In te rv ie w s w it h CEOs o f c o m p a n ie s a re p u b lis h e d .
L ip p e r
M o d u le
02 P a g e 170
M a r k e t p la c e
E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s C o p y r ig h t © b y E C -C
0l 1n C i l
A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d .
E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s
312-50 C e r t i f i e d
Exam
E t h ic a l H a c k e r
F o o t p r in t in g a n d R e c o n n a is s a n c e
S o u rce : h ttp ://w w w .lip p e r m a r k e tp la c e .c o m
L ip p e r M a r k e tp la c e o ffe rs w e b -b a s e d s o lu tio n s t h a t a re h e lp fu l f o r id e n tify in g th e
c o m p a n y . M a rk e tp la c e
needed
h e l p s in q u a l i f y i n g p r o s p e c t s a n d
fo r tra n s fo rm in g
th e s e
p ro s p e c ts in to
p ro v id e s th e
c lie n ts . Its s o lu t io n s
m a rke t o f a
c o m p e titiv e
a llo w
in te llig e n c e
u se rs to
id e n tify
net
p u b lis h e s
re p o rts
on
flo w s a n d tra c k in s titu tio n a l tre n d s .
■ I l l 'l l ■
E u r o m o n it o r
S o u rce : h ttp ://w w w .e u r o m o n ito r .c o m
E u ro m o n ito r
p ro v id e s
s tra te g y
rese a rch
fo r
consum er
m a rk e ts .
It
in d u s t r ie s , c o n s u m e r s , a n d d e m o g r a p h ic s . It p r o v id e s m a r k e t r e s e a r c h a n d s u r v e y s f o c u s e d o n
y o u r o r g a n iz a tio n 's n e e d s .
F a g a n
F in d e r
R
1
Fagan
S o u rce : h ttp ://w w w .fa g a n fin d e r .c o m
F i n d e r is a c o l l e c t i o n
e n g in e s ,
p h o to
s h a rin g
o f i n t e r n e t t o o l s . I t is a d i r e c t o r y o f b l o g s i t e s , n e w s s i t e s , s e a r c h
s ite s ,
s c ie n c e
and
e d u c a tio n
s ite s ,
e tc .
S p e c ia liz e d
to o ls
such
as
T ra n s la tio n W iz a rd a n d U R L in fo a re a v a ila b le f o r fin d in g in fo r m a t io n a b o u t v a rio u s a c tio n s w it h
a w e b page.
M
^
S E C
>— ‫׳‬
I n f o
S o u rce : h ttp ://w w w .s e c in fo .c o m
SEC I n f o o f f e r s t h e U .S . S e c u r i t i e s a n d E x c h a n g e C o m m i s s i o n
th e w e b , w ith
b illio n s o f lin k s a d d e d t o
In d u s try , a n d
B u s i n e s s , SIC C o d e , A r e a
(SEC) EDGAR
d a ta b a s e s e rv ic e o n
t h e SEC d o c u m e n t s . It a l l o w s y o u t o
C o d e , A c c e s s io n
N u m b e r,
se a rch b y N a m e ,
F ile N u m b e r , C lK , T o p i c , Z IP
C o d e , e tc .
T h e
S e a r c h
M
o n it o r
S o u rce : h ttp ://w w w .th e s e a r c h m o n ito r .c o m
T h e S e a rc h M o n it o r p ro v id e s r e a l- tim e c o m p e titiv e in te llig e n c e to m o n it o r a n u m b e r o f th in g s .
It a llo w s y o u
to
m o n it o r m a r k e t s h a re , p a g e ra n k , a d c o p y , la n d in g
pages, and th e
y o u r c o m p e tito rs . W ith th e tr a d e m a r k m o n ito r , y o u can m o n ito r th e
as y o u r
c o m p e tito r 's
b ra n d
and
w ith
th e
a ffilia te
m o n ito r;
you
can
budget of
b u zz a b o u t y o u rs as w e ll
w a tc h
m o n ito r
ad
and
la n d in g p a g e c o p y .
M o d u le
02 P a g e 171
E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s C o p y r ig h t © b y E C -C
0U n C il
A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d .
E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s
312-50 C e r t i f i e d
Exam
E t h ic a l H a c k e r
F o o t p r in t in g a n d R e c o n n a is s a n c e
C o m
O
p e t it iv e
p in io n s
I n t e l l i g e n c e
S a y
A b o u t
t h e
- W
C o m
h a t
CEH
E x p e r t
p a n y
C o m p ete PRO™
C opernic T rack er
http://w w w .com pete.com
http://www .copernic.com
ABI/INFORM Global
SEMRush
http://w w w .proquest.com
http://www .sem rush.com
Jo b lto rlal
A tten tio n M eter
http://w w w .attentionm eter.com
a s !
http ://w w w .job ito ria l.co m
Copyright © by EG-G(IIIICil. All Rights Reserved. Reproduction Is Strictly Prohibited.
C
o m
t h e
p e t i t i v e
C
o m
I n t e l l i g e n c e
‫ ־‬W
h a t
E x p e r t
O
p i n i o n s
S a y
A b o u t
p a n y
C o p e r n ic
T r a c k e r
S o u rce : h ttp ://w w w .c o p e r n ic .c o m
C o p e rn ic
is w e b s i t e
a c k n o w le d g e s
you
tra c k in g
c o n te n t
s o ftw a re .
It
c h a n g e s v ia
m o n ito rs
an
e m a il,
a c o m p e tito r 's
if a n y.
The
w e b s ite
u p d a te d
c o n tin u o u s ly
pages
as w e ll
and
as th e
c h a n g e s m a d e in t h e s it e a r e h i g h l i g h t e d f o r y o u r c o n v e n i e n c e . Y o u c a n e v e n w a t c h f o r s p e c if ic
k e y w o r d s , t o s e e t h e c h a n g e s m a d e o n y o u r c o m p e t i t o r 's s ite s .
S E M R u s h
S o u rce : h ttp ://w w w .s e m r u s h .c o m
SEM Rush
is a c o m p e t i t i v e
k e y w o rd s
and
re s u lts .
and
rese a rch
to o l.
A d W o r d s , as w e ll as a c o m p e t it o r s
N e ce ssa ry
a d v e rtis in g
k e y w o rd
m eans
th e ir
fo r
g a in in g
b u d g e t a llo c a tio n
in -d e p th
to
s p e c ific
For any
s ite , y o u
lis t in t h e
k n o w le d g e
o rg a n ic
about
can
and
g e t a lis t o f G o o g le
p a id
w hat
G o o g le
s e a rc h
c o m p e tito rs
In te r n e t m a r k e tin g ta c tic s a re
a re
p ro v id e d
by
SEM Rush
M o d u le
02 P a g e 172
E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s C o p y r ig h t © b y E C -C
0U n C il
A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d .
E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s
Exam
312-50 C e r t i f i e d
E t h ic a l H a c k e r
F o o t p r in t in g a n d R e c o n n a is s a n c e
J o k it o r ia l
S o u rce : h ttp ://w w w .io b ito r ia l.c o m
J o b ito ria l
p ro v id e s
anonym ous
e m p lo y e e
re v ie w s
p o s te d
fo r
jo b s
at
th o u s a n d s
of
c o m p a n ie s a n d a llo w s y o u t o r e v ie w a c o m p a n y .
A t t e n t io n M e t e r
S o u rce : h ttp ://w w w .a tte n tio n m e te r .c o m
A tte n tio n M e te r
C o m p e te , a nd
is a t o o l
Q u a n c a s t.
used
fo r c o m p a rin g
It g iv e s y o u
a n y w e b s ite
a s n a p s h o t o f tra ffic
you
d a ta
w ant
(tra ffic )
by
u s in g A le x a ,
as w e ll as g r a p h s f r o m
A le x a ,
C o m p e te , a n d Q u a n tC a s t.
A B I / I N F O R M
G lo b a l
S o u rce : h ttp ://w w w .p r o a u e s t.c o m
A B I/IN F O R M
fin a n c ia l
G l o b a l is a b u s i n e s s d a t a b a s e . A B I / I N F O R M
in fo rm a tio n
d e te rm in e
b u s in e s s
fo r
re s e a rc h e rs
c o n d itio n s ,
at
a ll
m anagem ent
le v e ls .
G lo b a l o ffe rs t h e
W ith
te c h n iq u e s ,
A B I/IN F O R M
b u s in e s s
la te s t b u s in e s s a n d
G lo b a l,
tre n d s ,
u s e rs
can
m anagem ent
p ra c tic e a n d th e o r y , c o r p o r a t e s tr a te g y a n d ta c tic s , a n d t h e c o m p e t it iv e la n d s c a p e .
C o m p e te
IB
P R O
S o u rce : h ttp ://w w w .c o m p e te .c o m
C o m p e te
PRO
p ro v id e s
an
o n lin e
c o m p e titiv e
in te llig e n c e
s e rv ic e .
It c o m b i n e s
a ll t h e
s ite ,
s e a r c h , a n d r e f e r r a l a n a l y t i c s in a s i n g l e p r o d u c t .
M o d u le
02 P a g e 173
E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s C o p y r ig h t © b y E C -C
0U n C il
A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d .
E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s
Exam
312-50 C e r t i f i e d
E t h ic a l H a c k e r
F o o t p r in t in g a n d R e c o n n a is s a n c e
Footprinting Methodology
CEH
Footprinting through Search \
Engines
WHOIS Footprinting
Website Footprinting
DNS Footprinting
Email Footprinting
Network Footprinting
Competitive Intelligence
Footprinting through Social
Engineering
Footprinting using Google
Footprinting through Social
Networking Sites
Copyright © by EG-G(IIIICil. All Rights Reserved. Reproduction is Strictly Prohibited.
F o o t p r i n t i n g
M
e t h o d o l o g y
F o o t p r i n t i n g
Though
s im ila r to th e
G o o g le
is a s e a r c h
e n g in e .
G
o o g l e
e n g in e ,
p ro c e s s o f fo o tp r in tin g th ro u g h
w ith g a th e rin g in fo rm a tio n
s p e c ific
u s i n g
s trin g s
G o o g le
o f te x t
th e
p ro ce ss
o f fo o tp rin tin g
u s in g
G o o g le
is
not
s e a rc h e n g in e s . F o o t p r in tin g u s in g G o o g le d e a ls
b y G o o g l e h a c k i n g . G o o g l e h a c k i n g is a h a c k i n g t e c h n i q u e t o l o c a t e
w ith in
se a rc h
re s u lts
w ill f ilt e r f o r e x c e s s iv e
use
u s in g
an
advanced
o f advanced
s e a rc h
o p e ra to r
o p e ra to rs
in
and
G o o g le
se a rch
w ill d r o p
th e
re q u e s ts w it h th e h e lp o f a n In tru s io n P re v e n tio n S y s te m
M o d u le
02 P a g e 174
E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s C o p y r ig h t © b y E C -C
0U n C il
A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d .
E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s
Exam
312-50 C e r t i f i e d
E t h ic a l H a c k e r
F o o t p r in t in g a n d R e c o n n a is s a n c e
Footprint Using Google Hacking
Techniques
-‫ יי‬r~ j
F o o t p r i n t i n g
u s i n g
G
o o g l e
H
a c k i n g
T e c h n i q u e s
J_
G o o g le h a c k in g r e f e r s t o t h e a r t o f c r e a t in g c o m p l e x s e a r c h e n g in e q u e r ie s . If y o u c a n
c o n s tru c t
G o o g le
p ro p e r
se a rch
q u e rie s , y o u
re s u lts .
can
T h ro u g h
re trie v e
G o o g le
v a lu a b le
h a c k in g ,
an
d a ta
about
a tta c k e r
a ta rg e t
trie s
to
fin d
com pany
fro m
w e b s ite s
th a t
th e
a re
v u ln e r a b le t o n u m e r o u s e x p lo it s a n d v u ln e r a b ilit ie s . T h is c a n b e a c c o m p lis h e d w i t h t h e h e lp o f
G o o g le
h a c k in g
o p e ra to rs
h e lp
d a ta b a s e
(G H D B ),
in f i n d i n g
re q u ire d
o p e ra to rs , a tta c k e rs lo c a te
a
d a ta b a s e
te x t and
of
q u e rie s
a v o id in g
to
id e n tify
irre le v a n t
d a ta .
d a ta .
G o o g le
U s in g a d v a n c e d
s e n s itiv e
G o o g le
s p e c ific s tr in g s o f t e x t s u c h as s p e c ific v e rs io n s o f v u ln e r a b le
web
a p p lic a tio n s .
S o m e o f t h e p o p u la r G o o g le o p e r a t o r s in c lu d e :
Q
.Site:
Q
allinurl:
T h e .S ite o p e r a t o r in G o o g l e h e l p s t o f i n d o n l y p a g e s t h a t b e l o n g t o a s p e c i f i c U R L .
T h is
o p e r a to r fin d s
th e
re q u ire d
pages
o r w e b s ite s
by
re s tric tin g
th e
re s u lts
c o n t a i n i n g a ll q u e r y t e r m s .
Q
Inurl:
T h is w ill r e s t r ic t t h e r e s u lts t o o n ly w e b s ite s o r p a g e s t h a t c o n ta in t h e q u e r y t e r m s
t h a t y o u h a v e s p e c i f i e d in t h e U R L o f t h e w e b s i t e .
© allintitle:
It r e s t r i c t s r e s u lt s t o o n l y w e b p a g e s t h a t c o n t a i n a ll t h e q u e r y t e r m s t h a t y o u
h a v e s p e c ifie d .
M o d u le
02 P a g e 175
E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s C o p y r ig h t © b y E C -C
0U n C il
A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d .
E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s
Exam
312-50 C e r t i f i e d
E t h ic a l H a c k e r
q u e ry te rm
th a t you
F o o t p r in t in g a n d R e c o n n a is s a n c e
intitle:
It r e s t r ic t s r e s u lt s t o
h a v e s p e c ifie d .
It w i l l s h o w
o n ly th e
web
pages th a t c o n ta in
o n ly w e b s ite s th a t m e n tio n
th e
th e
q u e ry te rm
th a t you
have
used.
© Inanchor:
It r e s tr ic ts r e s u lts t o p a g e s c o n t a in in g t h e q u e r y t e r m
t h a t y o u h a v e s p e c ifie d
in t h e a n c h o r t e x t o n lin k s t o t h e p a g e .
Q Allinanchor:
It r e s t r ic t s
re s u lts t o
pages c o n ta in in g
a ll q u e r y
te rm s
you
s p e c ify
in t h e
a n c h o r t e x t o n lin k s t o t h e p a g e .
M o d u le
02 P a g e 176
E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s C o p y r ig h t © b y E C -C
0U n C il
A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d .
E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s
Exam
312-50 C e r t i f i e d
E t h ic a l H a c k e r
F o o t p r in t in g a n d R e c o n n a is s a n c e
What aHacker can dowith
Google Hacking?
EH
A tta c k e r ga the rs:
E rro r
A d v is o rie s a n d se rve r
messages th a t
c o n ta in s e n s itiv e
v u ln e ra b ilitie s
in fo rm a tio n
Pages c o n ta in in g
Files c o n ta in in g
n e tw o rk o r
p a ssw o rd s
v u ln e ra b ility d a ta
Pages c o n ta in in g
lo g o n p o rta ls
Copyright © by EG-G(IIIICil. All Rights Reserved. Reproduction is Strictly Prohibited.
W
—
h a t
If t h e
C a n
a
H
ta rg e t w e b s ite
a c k e r
D o
w
is v u l n e r a b l e t o
i t h
G o o g le
G
o o g l e
H
a c k i n g ?
h a c k in g , t h e n t h e
a tta c k e r ca n fin d
th e
f o l l o w i n g w i t h t h e h e l p o f q u e r i e s in G o o g l e h a c k i n g d a t a b a s e :
Q
E rro r m e s s a g e s t h a t c o n ta in s e n s itiv e in fo r m a t io n
-‫י‬
F ile s c o n t a i n i n g p a s s w o r d s
Q
S e n s itiv e d ir e c to r ie s
Q
P ages c o n ta in in g lo g o n p o r ta ls
Pages c o n ta in in g n e tw o r k o r v u ln e ra b ility d a ta
Q
M o d u le
A d v is o rie s a n d s e rv e r v u ln e ra b ilitie s
02 P a g e 177
E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s C o p y r ig h t © b y E C -C
0U n C il
A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d .
E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s
Exam
312-50 C e r t i f i e d
E t h ic a l H a c k e r
F o o t p r in t in g a n d R e c o n n a is s a n c e
Google Advance Search
Operators
CEH
G o o g le s u p p o r t s s e v e ra l a d v a n c e d o p e r a t o r s t h a t h e lp in m o d ify in g t h e s e a rc h
[ c a c h e :]
D isp la ys th e w e b pages sto re d in th e G o o g le cache
[lin k :]
V
Lists w e b pages th a t h ave lin ks to th e sp e cifie d w e b page
[related :]
Lists w e b pages th a t are s im ila r t o a sp e cifie d w e b page
[ i n f o :]
P re se n ts s o m e in fo rm a tio n th a t G o o g le has a b o u t a p a rtic u la r w e b page
[ s i t e :]
R estricts th e re su lts to th o se w e b site s in th e g ive n d o m a in
[ a l l i n t i t l e :]
‫׳‬
i
t
[ i n t i t l e :]
[ a l l i n u r l :]
[ i n u r l :]
R estricts th e re su lts to th o se w e b site s w ith all o f th e search ke yw o rd s in th e title
R estricts th e re su lts to d o cu m e n ts co n ta in in g th e search k e yw o rd in th e t itle
R estricts th e re su lts to th o se w ith all o f th e search k e yw o rd s in th e URL
R estricts th e re su lts to d o cu m e n ts co n ta in in g th e search k e yw o rd in th e URL
Copyright © by EG-GtailCil. All Rights Reserved. Reproduction is Strictly Prohibited.
G
o o g l e
A d v a n c e
S e a r c h
O
p e r a t o r s
S o u rc e : h ttp ://w w w .g o o e le g u id e .c o m
Cache:
T h e C A C H E q u e r y d is p la y s G o o g le 's c a c h e d v e rs io n o f a w e b p a g e , in s te a d o f t h e c u r r e n t
v e rs io n o f th e page.
Example:
cache:
w w w .e ff.o rg
w ill s h o w
G o o g le 's
cached
v e rs io n
o f th e
E le c tro n ic
F ro n tie r
F o u n d a tio n
h o m e page.
Note:
link:
D o n o t p u t a s p a ce b e tw e e n c a c h e : a n d th e URL (w e b a d d re s s ).
L in k lis ts w e b
p a g e s t h a t h a v e lin k s t o t h e s p e c ifie d w e b
p a g e . F o r e x a m p le , t o fin d
pages
t h a t p o in t t o G o o g le G u id e 's h o m e p a g e , e n te r :
link:
w w w .g o o g le g u id e .c o m
N o t e : A c c o r d in g t o G o o g le 's d o c u m e n t a t i o n , " y o u c a n n o t c o m b in e a lin k : s e a rc h w i t h a r e g u la r
k e y w o rd s e a rc h ."
M o d u le
02 P a g e 178
E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s C o p y r ig h t © b y E C -C
0U n C il
A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d .
E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s
312-50 C e r t i f i e d
Exam
E t h ic a l H a c k e r
F o o t p r in t in g a n d R e c o n n a is s a n c e
A ls o n o te t h a t w h e n y o u c o m b in e lin k : w it h a n o t h e r a d v a n c e d o p e r a t o r , G o o g le m a y n o t r e t u r n
a ll t h e
p a g e s t h a t m a tc h . T h e f o llo w in g q u e rie s s h o u ld
y o u r e m o v e t h e -s ite : t e r m
related:
re tu rn
lo ts o f r e s u lts , as y o u c a n s e e if
in e a c h o f t h e s e q u e r i e s .
If y o u s t a r t y o u r q u e r y w i t h " r e l a t e d : " , t h e n G o o g le d is p la y s w e b s it e s s im ila r t o t h e s ite
m e n t i o n e d in t h e s e a r c h q u e r y .
Example:
re la te d :w w w . m ic ro s o ft.c o m
w ill p ro v id e
t h e G o o g le s e a rc h e n g in e r e s u lts p a g e w it h
w e b s ite s s im ila r t o m ic ro s o ft.c o m .
info:
For
In fo w ill p re s e n t s o m e in fo r m a tio n th e c o r r e s p o n d in g w e b p a g e .
in s ta n c e ,
G o tH o te l.c o m
Note:
in fo :g o th o te l.c o m
w ill
show
in fo rm a tio n
about
th e
n a tio n a l
h o te l
d ire c to ry
h o m e page.
T h e r e m u s t b e n o s p a c e b e t w e e n t h e in fo : a n d t h e w e b p a g e URL.
T h is f u n c t i o n a l i t y c a n a ls o b e o b t a i n e d b y t y p in g t h e w e b p a g e U R L d ir e c t ly in t o a G o o g le s e a rc h
box.
site:
If y o u
in c lu d e
s ite :
in y o u r q u e r y , G o o g l e
w ill
r e s tric t y o u r s e a rc h
re s u lts t o
th e
s ite
or
d o m a in y o u s p e c ify .
For
e x a m p le ,
School
a d m is s io n s
s ite :w w w . Is e .a c .u k
o f E c o n o m ic s ' s ite
and
[p e a c e
w ill
s ite :g o v
show
a d m is s io n s
] w ill fin d
pages
in fo rm a tio n
about
peace
fro m
w ith in
London
th e
.g o v
d o m a in . Y o u c a n s p e c ify a d o m a in w i t h o r w i t h o u t a p e r io d , e .g ., e i t h e r as .g o v o r g o v .
N o te : D o n o t in c lu d e a s p a c e b e tw e e n th e " s ite :" a n d th e d o m a in .
allintitle:
If y o u s t a r t y o u r q u e r y w i t h
a l l i n t i t l e : , G o o g l e r e s t r i c t s r e s u l t s t o t h o s e c o n t a i n i n g a ll
t h e q u e r y t e r m s y o u s p e c i f y in t h e t i t l e .
F or e x a m p le ,
"d e te c t"
and
a llin title :
d e te c t
"p la g ia ris m "
in
p la g ia ris m
th e
title .
w ill
T h is
re tu rn
o n ly
d o c u m e n ts
fu n c tio n a lity
can
a ls o
th a t c o n ta in
be
o b ta in e d
th e
w o rds
th ro u g h
th e
A d v a n c e d W e b S e a rch p a g e, u n d e r O c c u rre n c e s .
intitle:
T h e q u e ry in title : te r m
in s ta n c e ,
flu
s h o t in title :h e lp
r e s tr ic ts re s u lts t o
w ill
re tu rn
d o c u m e n ts
d o c u m e n ts
th a t
c o n ta in in g te rm
m e n tio n
th e
in t h e
w o rd
title .
"h e lp "
For
in t h e i r
t i t l e s , a n d m e n t i o n t h e w o r d s " f l u " a n d " s h o t " a n y w h e r e in t h e d o c u m e n t ( t i t l e o r n o t ) .
N o te : T h e re m u s t b e n o s p a ce b e tw e e n th e in title : a n d th e fo llo w in g w o r d .
allinurl:
I f y o u s t a r t y o u r q u e r y w i t h a l l i n u r l :, G o o g l e r e s t r i c t s r e s u l t s t o t h o s e c o n t a i n i n g a l l t h e
q u e r y t e r m s y o u s p e c i f y in t h e U R L .
F o r e x a m p le , a llin u rl: g o o g le fa q
a n d " f a q " in t h e
w ill r e tu r n
o n ly d o c u m e n ts th a t c o n ta in
th e
w o rd s
" g o o g le "
U R L, s u c h as " w w w . g o o g l e . c o m / h e l p / f a q . h t m l ." T h is f u n c t i o n a l i t y c a n a ls o b e
o b ta in e d th r o u g h th e A d v a n c e d W e b S e a rch p a g e, u n d e r O c c u rre n c e s .
In
URLs,
w o rd s
a re
o fte n
run
to g e th e r.
They
need
not
be
run
to g e th e r
when
y o u 'r e
u s in g
a llin u rl.
inurl:
I f y o u i n c l u d e i n u r l : in y o u r q u e r y , G o o g l e w i l l r e s t r i c t t h e r e s u lt s t o d o c u m e n t s c o n t a i n i n g
t h a t w o r d in t h e U R L .
F o r in s ta n c e ,
w h ic h
th e
nam ed
M o d u le
in u rk p rin t
s ite :w w w . g o o g le g u id e .c o m
URL c o n ta in s th e
" p rin t"
02 P a g e 179
on
th e
w o rd
G o o g le
" p rin t."
G u id e
It f in d s
w e b s ite .
se a rch e s
fo r
pages
PDF file s t h a t a re
The
q u e ry
on
in t h e
[ in u rk h e a lth y
G o o g le
G u id e
in
d ire c to ry o r fo ld e r
e a tin g
] w ill
re tu rn
E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s C o p y r ig h t © b y E C -C
0U n C il
A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d .
E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s
Exam
312-50 C e r t i f i e d
E t h ic a l H a c k e r
F o o t p r in t in g a n d R e c o n n a is s a n c e
d o c u m e n ts
th a t
m e n tio n
th e
w o rd s
" h e a lth y "
in t h e i r
URL, a n d
m e n tio n
th e
w o rd
"e a tin g "
a n y w h e r e in t h e d o c u m e n t .
Note:
M o d u le
T h e re m u s t b e n o s p a c e b e tw e e n th e in u rl: a n d th e f o llo w in g w o r d .
02 P a g e 180
E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s C o p y r ig h t © b y E C -C
0U n C il
A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d .
E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s
Exam
312-50 C e r t i f i e d
E t h ic a l H a c k e r
F o o t p r in t in g a n d R e c o n n a is s a n c e
Finding Resources Using Google
Advance Operator
f
1z .
_‫״‬
E!
5
Copyright © by EG-G(ancil. All Rights Reserved. Reproduction is Strictly Prohibited.
F i n d i n g
R e s o u r c e s
u s i n g
G
o o g l e
[ i n t i t l e : in tra n e t
B y u s in g t h e G o o g le A d v a n c e O p e r a t o r s y n ta x
• f i n t e x t : ‫ ״‬human
as
w e ll
as
in fo rm a tio n
A d v a n c e
O
p e r a t o r
in u r l : in tra n e t
r e s o u r c e s ‫ ] ״‬: th e a tta c k e r ca n fin d p riv a te in fo r m a tio n o f a ta r g e t c o m p a n y
s e n s itiv e
in fo rm a tio n
g a th e re d
by
th e
about
a tta c k e rs
th e
can
be
e m p lo y e e s
used
to
of
th a t
p e rfo rm
p a rtic u la r
s o c ia l
com pany.
e n g in e e rin g
The
a tta c k s .
G o o g le w ill f ilt e r f o r e x c e s s iv e u s e o f a d v a n c e d s e a rc h o p e r a t o r s a n d w ill d r o p t h e r e q u e s ts w it h
th e h e lp o f a n In tru s io n P r e v e n tio n S y s te m .
T h e fo llo w in g
s c r e e n s h o t s h o w s a G o o g le s e a rc h e n g in e
re s u lts p a g e d is p la y in g th e
re s u lts o f
th e p re v io u s ly m e n tio n e d q u e ry :
M o d u le
02 P a g e 181
E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s C o p y r ig h t © b y E C -C
0U n C il
A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d .
E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s
Exam
312-50 C e r t i f i e d
E t h ic a l H a c k e r
F o o t p r in t in g a n d R e c o n n a is s a n c e
♦You
Search
Images
Mail
Documents
Calendar
Sites
Contacts
Maps
More ‫־‬
(inCitke intranet inurt intranet ♦intext 'human resource^
Search
About ?3 800 rest*s (0 16 second
Web
Humaj3LS«Purc»» Human Resource* Intranet
>
Department of Human Resources
14 Jun 2012-Human Resources
— Home > Department of
Human Resources > Human Resources Intranet Human Resources Intranet...
Images
).taps
Videos
News
intranet*/
6 Juo 2012 Human Resources 201V12 DeaAnes «
1Facu*y and Human Resources
- - *Personnel Specials! assignments by Ur* (OOC)...
Shopping
4 ‫׳‬H
M
«
•—
orgI
More
Error Cookies are not enabled You must enable cooloes before you can log n Please
log in This section 0
1the Human Resources *ebsite IS for UNC Health...
Show search tools
Intr»n»t Benefits (ot Human Resource Management
* - V intranet ben«4ts Vxhumaf1-r»sourc*-mana9♦
3 Nov 2010 - Tags enterpnse 2 0 •nterpnse colaboration human resources noranel
2 0 intranets social crm Intranet Benefcs for Human Resowce...
Human Reiourcet I . . Intranet.
»*»«««■♦ ‫• *־‬du au/
hi
Tht Faculty Human Resources Taam aims to work vnth acad*rr»c haads managers
and staff to •nsur• that human resources a*«c• and actMties translatt into...
__________ Intranet Human Retourcet.
intranet personnet/perps him
Human Resources Employee Benefts and Resources Ag
Leam provides education serwees for —•
• contractors.‫״‬.
>
• _ds |*p>dsjd*41
The Human Resources oftce is responsible tor prg.«jrv3vanous support services to all
FIGURE 2.28: Search engine show ing results fo r given Google Advance O p e ra to r syntax
M o d u le
02 P a g e 182
E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s C o p y r ig h t © b y E C -C
0U n C il
A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d .
E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s
Exam
312-50 C e r t i f i e d
E t h ic a l H a c k e r
F o o t p r in t in g a n d R e c o n n a is s a n c e
Google HackingTool: Google
Hacking Database (GHDB)
Advisories andVulnerabilrt.es
G
( G
o o g l e
H
a c k i n g
T o o l :
CEH
Pages Containing Login Portals
G
o o g l e
H
a c k i n g
D a t a b a s e
H D B )
S o u rce : h ttp ://w w w .h a c k e r s fo r c h a rity .o r g
T h e G o o g l e H a c k i n g d a t a b a s e ( G H D B ) is a d a t a b a s e o f q u e r i e s t h a t i d e n t i f y s e n s i t i v e d a t a . G H D B
is a n H T M L / J a v a S c r i p t w r a p p e r a p p l i c a t i o n t h a t u s e s a d v a n c e d J a v a S c r i p t t e c h n i q u e s t o s c r a p e
in fo rm a tio n
fro m
J o h n n y 's G o o g le
s c rip ts . T h e G o o g le
H a c k in g
H a c k in g
D a ta b a s e w it h o u t th e
D a ta b a s e e x p o s e s k n o w n
is s u e s w i t h
n e e d fo r h o s te d
s e rv e r-s id e
s o ftw a r e th a t ru n w e b s ite s .
T h e r e a re s o m e b u g s t h a t e x p o s e in f o r m a t io n t h a t m ig h t n o t w a r r a n t p u b lic re a d in g .
M o d u le
02 P a g e 183
E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s C o p y r ig h t © b y E C -C
0U n C il
A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d .
E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s
E x a m 3 1 2 - 5 0 C e r t if ie d E t h ic a l H a c k e r
F o o t p r in t in g a n d R e c o n n a is s a n c e
C
MW(
0 1
r ■ 6HM • Hadun far Over. •
1
«-
I www.rudcersf fChar ty.oro/‫ק‬1
‫>ו‬
1&,‫׳ ׳‬function! ■wmmaryttf. i -19
PAOJCCTC
ABOUT U
ES2]
C
0
10
*v‫׳‬whaelcmtocchanty. rg,<;)hdrv‫׳‬lunn n‫־‬tumm,vy&car 1/
- *
YouTttl
OHOO - r U c ld i for Charity
HACKERSFORCHARITY.ORC
onoe
C*€>9
s: P1 g « contanng lopr porta*
According a. Miaosoft ‫־‬M1u o *1ft (R) Outlook (TK)
VJ*t! a .‫ ׳‬res•; * ‫ ג‬M*<‫׳־‬osofr Ftrturo* Artwe Servar C
Application that t>veo you prvitc access to
Ttus 1» U1*
login pace f<x CokJFuson
.*dnrivratcn AlOteualt m»n> »t 1h*M» are uirurM. t
C1« s an Irdlcator of a dtfau't into laton and
Th■* is
default login pa$c for ColdFu»or1.
Aimouch many ot tnese are secured, rm is an
•ncicatcr of a dsfault installation, and iray bo
CHDe - M.«.k*r> F‫ **־‬Charity
0H 0e
S‫ « «״‬t Ad/tsenes ard ViireraMtties
webmn is ‫ ג‬hen acrnrn irtar'ace fee Unix Coxes it
5! ‫ ־‬run or ‫ ג‬propriataiy wob co'vor isterirg on th*
C«<0J t l>»‫׳‬t of 10090.
1t»> 1» 4 typical login page. Itfwi lein tlr become a
targa* for SQL
injection Comsac's amd* at
I» « .,
(‫־‬Op:/'ww>v.govcrrrrKrvsc<ur1ty.or5/art)Clca/S
n»s » a typical login page, itfus ■ecentir bccotn* a
j
1acr13/‫־‬dnn.10or .a
taro■* for SQL
injection. Comsoc's artid* at
j NJp://wrwYr.goverrm«r«secunty.©rc/artjde!/S .
VNC U a fenwte-corwoHed C«l«pp produa.
?004- ‫־‬VNC
DftdC ’ r<T>*nd1no or rhe contlcuraBon. w rote u « « nay
rot bo pr«*4nted •vth 3 pa»wo‫׳‬d. Cvor when
(H-» ‫ווו‬tart*eonn
2CO*03‫*•־‬
XO*-
2C04
0‫ צ‬-; 2
2004
Tic E»t‫ ׳‬l‫־‬rpi<t Pioductort contain} multiple
vulnerabltes. Afucn cojM eoioited to alk>!v an Gf
p-odjctrart
a«3ccar to cceai u««r cr«d«ntjak or mount other
atta
Accorcare
tol
rmSoSaareh
f»ttp^7*'«v‫׳‬.MCurtvfofuc.cofr\lb1d/0667. carsin
v-aHeratilC•
rerjior® n»1CoJe»C1 contan a buffer ov«ftov%
vuln*r3Mlfy wfticti allow an XttrkM to
Advanced Guestbook
has an SQl r)e<‫־‬nor
rWKjutMtwok
which al 0*5 unauthomod acces*.
'jrvarrec guacfeook >oblem
Aaadurfiotn thee, hit Aa!rw1‫ ־‬trw 00 01e
2.2 pen*
following
VP•ASP (Virtual PrograTTtirg
ASP) has won
v* a sp 3rwpe*n<1 cart awarih both in
US anti France. is now m um
\‫כ‬
ct
v7.7
Vte
'
j t
i
CHWPtltifWt.■.
‫־‬
TH» 11 the (root page entry point to
X
e
C
<
C
.
[_
"Miuo 71k" .
I m sis the loan page for MtcrosoTs Renote Deslax?
W«b Connection, which a'low! rometo usart to ‫׳‬
| connect to (and optionally corttol) aum>
inul.r *o f‫׳‬an «3a1/Je
fatltflogin asp
' •nttteftqjo
ITwm! aie Otiw Metafieiit* login ptxt^s. AtUKhws
ran iica (txxo tn prr.fl• a s1*e and ran 1*e near!)re
setup! of thi* application to acce*• the »t»
<
FIGURE 2.29: Screenshots showing Advisories and Vulnerabilities & pages containing login portals
M o d u le 0 2 P a g e 1 8 4
E t h i c a l H a c k i n g a n d C o u n t e r m e a s u r e s C o p y r i g h t © b y E C - C 0 l1 n C il
A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d .
E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s
E x a m 3 1 2 - 5 0 C e r t if ie d E t h ic a l H a c k e r
F o o t p r in t in g a n d R e c o n n a is s a n c e
Google Hacking Tools
CEH
MetaGoofil
http://www.edge-security,com
Goolink Scanner
http://www.ghacks.net
SiteDigger
SearchDiggity
&
http://www.mcafee.com
http://www.stachliu. com
?&
Google Hacks
http://code.google.com
Google HACK DB
http://www.5ecpoint.com
BiLE Suite
Gooscan
http://www.sensepost.com
http://www.darknet.org. uk
Copyright © by EG-G(HIICil. All Rights Reserved. Reproduction is Strictly Prohibited.
G
o o g l e
B e s id e s
th e
H
a c k i n g
G o o g le
T o o l s
H a c k in g
D a ta b a s e
(G H D B )
to o l
fe a tu re d
s o m e o t h e r to o ls t h a t ca n h e lp y o u w it h G o o g le h a c k in g . T h e r e a re a f e w
to o ls
m e n tio n e d
v u ln e ra b ilitie s ,
as
e rro r
fo llo w s .
U s in g
m essage
th e s e
to o ls ,
in fo rm a tio n
th a t
a tta c k e rs
m ay
can
p re v io u s ly ,
th e re
a re
m o r e G o o g le h a c k in g
g a th e r
a d v is o rie s
reveal
a tta c k
p a th s ,
fo r
e x tra c tin g
and
s e n s itiv e
s e rve r
file s ,
d ir e c to r ie s , lo g o n p o rta ls , e tc .
‫ג‬
M e t a g o o f il
S o u rce : h ttp ://w w w .e d g e -s e c u r itv .c o m
M e ta g o o fil
is
an
in fo rm a tio n -g a th e rin g
to o l
d e s ig n e d
m e ta d a ta
of
p u b lic
d o c u m e n t s ( p d f , d o c , x ls , p p t , d o c x , p p t x , x ls x ) b e l o n g i n g t o a t a r g e t c o m p a n y .
M e t a g o o f i l p e r f o r m s a s e a r c h in G o o g l e t o i d e n t i f y a n d d o w n l o a d t h e d o c u m e n t s t o a lo c a l d is k
a n d t h e n e x tra c ts t h e m e ta d a ta w it h d if f e r e n t lib ra rie s s u c h as H a c h o ir, P d fM in e r ? , a n d o th e r s .
W ith
th e
re s u lts ,
it
g e n e ra te s
a
re p o rt
w ith
u s e rn a m e s ,
s o ftw a re
v e rs io n s ,
and
s e rve rs
or
m a c h i n e n a m e s t h a t m a y h e l p p e n e t r a t i o n t e s t e r s in t h e i n f o r m a t i o n g a t h e r i n g p h a s e .
G o o lin k
M o d u le 0 2 P a g e 1 8 5
S c a n n e r
E t h i c a l H a c k i n g a n d C o u n t e r m e a s u r e s C o p y r i g h t © b y E C - C 0 U n C il
A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d .
E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s
E x a m 3 1 2 - 5 0 C e r t if ie d E t h ic a l H a c k e r
F o o t p r in t in g a n d R e c o n n a is s a n c e
S o u rce : h ttp ://w w w .g h a c k s .n e t
The
G o o lin k
v u ln e ra b le
Scanner re m o v e s
s ite 's
lin k s . T h u s ,
th e
cache
it a llo w s
fro m
you
to
your
fin d
s e a rc h e s , a n d
v u ln e ra b le
c o lle c ts
s ite s w id e
and
open
d is p la y s
o n ly
G o o g le
and
to
g o o g le b o ts .
^ ‫י־‬
S ite D ig g e r
S o u rce : h ttp ://w w w .m c a fe e .c o m
S ite D ig g e r
se a rch e s
G o o g le 's
cache
to
lo o k
fo r
v u ln e ra b ilitie s ,
e rro rs ,
c o n fig u ra tio n
is s u e s ,
p r o p r ie ta r y in fo r m a tio n , a n d in te r e s tin g s e c u rity n u g g e ts o n w e b s ite s .
G o o g le
H a c k s
£ * 4)
S o u rce : h ttp ://c o d e .g o o g le .c o m
G o o g le
Hacks
is
a
fu n c tio n a lity fro m
c o m p ila tio n
of
c a re fu lly
G o o g le 's s e a rc h a n d
c ra fte d
G o o g le
se a rch e s
m a p s e rv ic e s . It a llo w s y o u t o
th a t
v ie w
s e a rc h re s u lts , v ie w a m a p , s e a rc h f o r m u s ic , s e a rc h f o r b o o k s , a n d p e r f o r m
expose
a tim e lin e
novel
of your
m a n y o t h e r s p e c ific
k in d s o f s e a rc h e s .
\ \
B iL E
S u ite
S o u rce : h ttp ://w w w .s e n s e p o s t.c o m
B iL E s t a n d s f o r B i - d i r e c t i o n a l L i n k E x t r a c t o r . T h e B iL E s u i t e i n c l u d e s a c o u p l e o f P e r l s c r i p t s u s e d
in e n u m e r a t i o n
p r o c e s s e s . E a c h P e r l s c r i p t h a s i t s o w n f u n c t i o n a l i t y . B i L E . p l is t h e f i r s t t o o l o r
P e r l s c r i p t in t h e
and fro m
c o l l e c t i o n . B iL E l e a n s o n
t h e t a r g e t s ite , a n d
th e n
G o o g le a n d
a p p lie s a s im p le
H T T ra ck to
a u to m a te th e
s ta tis tic a l w e ig h in g
c o lle c tio n s to
a lg o rith m
to
deduce
w h ic h w e b s it e s h a v e t h e s t r o n g e s t r e la t io n s h ip s w i t h t h e t a r g e t s ite .
G o o g le
H a c k
H o n e y p o t
S o u rce : h ttp ://g h h .s o u rc e fo rg e .n e t
G o o g le
H a c k H o n e y p o t is t h e
re a c tio n
to
a new
ty p e
o f m a lic io u s w e b
tr a ffic : se a rc h
e n g in e
h a c k e r s . I t is d e s i g n e d t o p r o v i d e r e c o n n a i s s a n c e a g a i n s t a t t a c k e r s t h a t u s e s e a r c h e n g i n e s a s a
h a c k in g
to o l
a g a in s t
your
reso u rce s.
GHH
im p le m e n ts
th e
honeypot
th e o ry
to
p ro v id e
a d d itio n a l s e c u rity t o y o u r w e b p re s e n c e .
G M a p C a t c h e r
&
S o u rce : h ttp ://c o d e .g o o g le .c o m
G M a p C a tc h e r
is
an
o fflin e
m aps
v ie w e r.
It
d is p la y s
m aps
fro m
m any
p ro v id e rs
such
as:
C l o u d M a d e , O p e n S t r e e t M a p , Y a h o o M a p s , B i n g M a p s , N o k i a M a p s , a n d S k y V e c t o r . m a p s . p y is a
GUI
p ro g ra m
used
to
b ro w s e
G o o g le
m ap.
W ith
th e
o fflin e
to g g le
b u tto n
unchecked,
it c a n
d o w n lo a d G o o g le m a p tile s a u t o m a t ic a lly . O n c e t h e file d o w n lo a d s , it re s id e s o n y o u r h a r d d is k .
T h u s , y o u d o n 't n e e d t o d o w n l o a d it a g a in .
M o d u le 0 2 P a g e 1 8 6
E t h i c a l H a c k i n g a n d C o u n t e r m e a s u r e s C o p y r i g h t © b y E C - C 0 U n C il
A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d .
E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s
E x a m 3 1 2 - 5 0 C e r t if ie d E t h ic a l H a c k e r
F o o t p r in t in g a n d R e c o n n a is s a n c e
S e a r c h D ig g it y
a
-
‫נ‬
S o u rce : h ttp ://w w w .s ta c h liu .c o m
S e a r c h D i g g i t y is t h e p r i m a r y a t t a c k t o o l o f t h e G o o g l e H a c k i n g D i g g i t y P r o j e c t . I t is S t a c h & L i u ' s
M S W in d o w s G U I a p p lic a tio n t h a t s e rv e s as a fr o n t - e n d t o th e
to o ls
such
D L P D ig g ity ,
as
G o o g le D ig g ity ,
M a lw a re D ig g ity ,
B in g D ig g ity ,
B in g
P o rtS c a n D ig g ity ,
m o s t r e c e n t v e rs io n s o f D ig g ity
L in k F ro m D o m a in D ig g ity ,
S H O D A N D ig g ity ,
C o d e S e a rc h D ig g ity ,
B in g B in a ry M a lw a re S e a rc h ,
and
N o tln M y B a c k Y a r d D ig g ity .
G o o g le
H A C K
D B
PHP
S o u rce : h ttp ://w w w .s e c p o in t.c o m
T h e a t t a c k e r c a n a ls o u s e t h e S e c P o in t G o o g le H A C K D B t o o l t o d e t e r m i n e s e n s it iv e i n f o r m a t i o n
fro m
t h e t a r g e t s ite . T h is t o o l h e lp s a n a t t a c k e r t o e x t r a c t file s c o n t a i n i n g p a s s w o r d s , d a t a b a s e
file s , c le a r t e x t file s , c u s t o m e r d a ta b a s e file s , e tc .
G o o s c a n
S o u rce : h ttp ://w w w .d a r k n e t.o r g .u k
G o o s c a n is a t o o l t h a t a u t o m a t e s q u e r i e s a g a i n s t G o o g l e s e a r c h a p p l i a n c e s . T h e s e q u e r i e s a r e
d e s ig n e d t o fin d p o te n tia l v u ln e ra b ilitie s o n w e b p a g es.
M o d u le 0 2 P a g e 1 8 7
E t h i c a l H a c k i n g a n d C o u n t e r m e a s u r e s C o p y r i g h t © b y E C - C 0 U n C il
A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d .
E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s
E x a m 3 1 2 - 5 0 C e r t if ie d E t h ic a l H a c k e r
F o o t p r in t in g a n d R e c o n n a is s a n c e
F o o t p r in t in g
M e t h o d o lo g y
C E H
Footprinting through Search
Engines
WHOIS Footprinting
Website Footprinting
DNS Footprinting
Email Footprinting
Network Footprinting
Competitive Intelligence
Footprinting through Social
Engineering
Footprinting using Google
Footprinting through Social
Networking Sites
Copyright © by EG-G(IIIICil. All Rights Reserved. Reproduction is Strictly Prohibited.
F o o t p r i n t i n g
G a th e rin g
o rg a n iz a tio n
is
M
e t h o d o l o g y
n e tw o rk -re la te d
v e ry
im p o r ta n t
in fo rm a tio n
when
such
h a c k in g
a
p e rfo rm
a w h o is
as
s y s te m .
w h o is
So,
in fo rm a tio n
now
we
w ill
of
th e
ta rg e t
d is c u s s
w h o is
fo o tp rin tin g .
W h o is
fo o tp rin tin g
fo c u s e s
on
how
to
lo o k u p ,
a n a ly z in g
th e
w h o is
lo o k u p
re s u lts , a n d t h e to o ls t o g a th e r w h o is in f o r m a t io n .
M o d u le 0 2 P a g e 1 8 8
E t h i c a l H a c k i n g a n d C o u n t e r m e a s u r e s C o p y r i g h t © b y E C - C 0 U n C il
A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d .
E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s
E x a m 3 1 2 - 5 0 C e r t if ie d E t h ic a l H a c k e r
F o o t p r in t in g a n d R e c o n n a is s a n c e
WHOIS Lookup
CEH
Urtifi•!
Ittiul lUckw
W HOIS databases are maintained by Regional In te rn e t Registries and contain the personal
inform ation o f dom ain owners
WHOIS q u e ry re tu rn s:
e
e
Regional In te rn e t
R e g istries (RIRs)
In fo rm a tio n o b ta in e d
f r o m W H O IS d a t a b a s e
a s s i s t s a n a t t a c k e r to :
Domain name details
Contact details of domain
«
ow ner
Create detailed map of
A
a f r i
R T N
organizational network
Domain name servers
9
tt
NetRange
a
Gather personal information
£ )APNIC
that assists to perform social
W hen a domain has been
engineering
created
e
6
Expiry records
RIPE
Gather other internal network
details, etc.
6
j
Records last updated
Copyright © by EG-G*ancil. All Rights Reserved. Reproduction is Strictly Prohibited.
W
H O
I S
L o o k u p
W H O I S is a q u e r y a n d r e s p o n s e p r o t o c o l u s e d f o r q u e r y i n g d a t a b a s e s t h a t s t o r e s t h e
re g is te re d
b lo c k ,
or
u s e rs o r a s s ig n e e s o f a n
an
R e g is trie s a n d
a u to n o m o u s
c o n ta in
th e
s y s te m .
In te rn e t re so u rce , such
as a d o m a in
W H O IS
m a in ta in e d
p e rs o n a l in fo rm a tio n
c a lle d a L O O K U P t a b l e t h a t c o n t a i n s a ll t h e
d o m a in ,
and
h o s t.
Anyone
d a ta b a s e s
can
connect
o f d o m a in
in fo rm a tio n
and
a re
q u e ry
to
o w n e rs .
s e rv e r
to
IP a d d r e s s
R e g io n a l
In te rn e t
They
m a in ta in
a re co rd
a s s o c ia te d w it h
th is
n a m e , an
by
a p a rtic u la r n e tw o rk ,
get
in fo rm a tio n
about
p a r tic u la r n e tw o r k s , d o m a in s , a n d h o s ts .
A n a tta c k e r can se n d a q u e ry to th e a p p ro p ria te W H O IS s e rv e r to o b ta in th e in fo rm a tio n a b o u t
th e
ta rg e t
d o m a in
name,
c o n ta c t
d e ta ils
of
its
o w n e r,
e x p iry
d a te ,
c re a tio n
d a te ,
e tc . T h e
W H O IS s e v e r w ill re s p o n d t o th e q u e r y w it h re s p e c tiv e in f o r m a t io n . T h e n , th e a tta c k e r c a n use
th is in fo r m a tio n to c re a te a m a p o f th e o rg a n iz a tio n
n e t w o r k , t r i c k d o m a i n o w n e r s w i t h s o c ia l
e n g in e e r in g o n c e h e o r s h e g e ts c o n ta c t d e ta ils , a n d t h e n g e t in t e r n a l d e ta ils o f t h e n e t w o r k .
M o d u le 0 2 P a g e 1 8 9
E t h i c a l H a c k i n g a n d C o u n t e r m e a s u r e s C o p y r i g h t © b y E C - C 0 U n C il
A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d .
E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s
E x a m 3 1 2 - 5 0 C e r t if ie d E t h ic a l H a c k e r
F o o t p r in t in g a n d R e c o n n a is s a n c e
WHOISLookup Result Analysis c EH
(citifwd
Whois Record
1 Stata
My Who.
Domain Dossier
ItkKal Math•■
investigate domain3 and IP addresses
domain or IP address [juggyboy.com
Doxain JLdmr.13tratcr
M icrosoft C orporation
One M icrosoft Way
Rsrinorei Hr. 93052
cs
dom ain s@ r1lcroson.c1
0 domain whois record
network whois record
gncitymous [
+1.4250826060 Fex; +1.4259267229
0 DNS records
□ traceroute
□ service scan
J U
30]
log in | acccun
Bonaia Kane: nicrosoft.com
A d d r e s s lo o k u p
Ee313*rar Sane: Marl3cnicor.com
R e g istra r W10L3: w tiols.narttxm lcor.con
R e g istra r Kcnepage: h ttp://vw V .r13rircnL tcr.rcn
canonical name j 1»00vhny.com.
aliases
& dnir.13trative Contact:
Dorain Adxilnlstracor
M icrosoft C orporation
One M icrosoft Kay
Reancna WA 9BOS2
US
d0rwa1n8fimicro9Qft.com +1.42S8828080 fcax: 4L.42S9367329
addresses
t
—•
D o m a in W h o is r e c o r d
Queried wt10ivintt>rni<:.nt>t with "doi 1 juggyboy.c
Doaaia Noses JUGGYBOY.COM
TecJxicol Contact. Zone Contact:
msm H09tn«9t#r
M icrosoft C orporation
on• M icrosoft way
Rectaond WA 98052
US
m3nnstQmittoSOfl.com *1.1258828080 rax: 11. 12S93€"32S
R e gistrar: NETWORK 30UJTI0W3, LLC.
*h: -.1 server: vnois .Retwor*solutions. cox
R etercel URL: ftttp://w *.netw rfc501ut10ns.ccr,/enJJS/
N’a!a# 3*rv*r: &S19.WCRLOHTC.COM
NAM S *rv»r: M520.WCBLON1C.COM
s u c u a : c iic n tir a n s r e rP r o n i& ite d
O pdated D ate: 03-feb-2009
C re a tio n D ata: 16-^ul-2003
E x p ir a tio n D a te : : - ‫ר‬
6012014
c re a te d on........................... : 1991-05-01.
Expires on............................: 2021-03-02.
Record l a s t upaatea o n ..: 2011-03-14.
» > l a s t update o f who la d a ta b a s e : Thu, 19 J a l 2012 0 4 9 : 3 6 : ‫ ל‬OTC 4
Q uened wt10is.netw ork50lu tions.cnm with juggyboy.com ...
Donaia se rv e rs in l i s t e d order:
R egistrant:
ns3.1Ksrt.net
n 3 4 .a s ft .a c t
«M«RMNK
r .s l.tt3 rt.n e t
as 3
act
m mm
03 r t
h ttp ://w h o is .d o m a in to o ls .c o m
h ttp ://c e n tralops. ne t/co
Copyright © by EG-G*ancil. All Rights Reserved. Reproduction is Strictly Prohibited.
W
H O
A
I S
w h o is
L o o k u p
lo o k u p
R e s u l t
can
h ttp ://w h o is .d o m a in to o ls .c o m
be
to
p e rfo rm
d o m a in to o ls .c o m
w
w h o is
s e rv ic e
p e rfo rm e d
W h o is
s e rv ic e s
such
as
lo o k u p
p ro v id e s
by
w h o is
m e n t io n e d W h o is s e rv ic e s . B o th th e s e s e rv ic e s a llo w
e n te rin g
th e
in fo rm a tio n
a d m in is tra tiv e c o n ta c t in fo rm a tio n , c re a te d
D o m a in
u s in g
o r h t t p : / / c e n t r a l o p s . n e t / c o . H e re y o u c a n s e e t h e r e s u lt a n a ly s is
o f a W h o is lo o k u p o b ta in e d w ith th e t w o
you
A n a l y s i s
ta rg e t's
such
as
d o m a in
re g is tra n t
or
IP
a d d re s s.
in fo rm a tio n ,
a n d e x p ir y d a t e , a lis t o f d o m a i n
The
e m a il,
s e rv e rs , e tc . T h e
D o s s ie r a v a ila b le a t h t t p : / / c e n t r a l o p s . n e t / c o / g iv e s t h e a d d re s s lo o k u p , d o m a in W h o is
re c o rd , n e tw o r k w h o is re c o rd , a n d D N S re c o rd s in fo r m a tio n .
M o d u le 0 2 P a g e 1 9 0
E t h i c a l H a c k i n g a n d C o u n t e r m e a s u r e s C o p y r i g h t © b y E C - C 0 U n C il
A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d .
E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s
E x a m 3 1 2 - 5 0 C e r t if ie d E t h ic a l H a c k e r
F o o t p r in t in g a n d R e c o n n a is s a n c e
WhimRecord SiteProfile Registration Server Stats MyWhois
R e g is tra n t:
Domain A d m i n i s t r a t o r
M i c r o s o f t C o r p o r a ti o n
One M i c r o s o f t Way
Reds-ond WA 98052
US
d p n a in sc X m c ro so flc o m + 1 .4 2 5 8 8 2 8 0 8 0 F ax : + 1 .4 2 5 9 3 6 3 2 9 ‫ל‬
Dom ain D ossier
|
I n v e s t i g a t e d o m a in s a n d I P a d d r e s s e s
dom ain or !P a d d re s s ]ug9yCoy.com
domain whois record
0 DNS records
□ traceroute 2
•‫ ׳‬9° J
user anonymous [
balance: 47 units
30]
PfJ11tr.fi
lo f in | a cco un t info
,!,Lit
D o z a m tta x e : n i c r o 3 0 f t .c 0 m
R e g i s t r a r M ane: M a rte n o n ito r.c o m
R e g i s t r a r W hois: w h o is . !n a rlato n i t o r . c a n
R e g i s t r a r H o n e p ag e: h ttp ://w w w .m a rJ a n c n t o r . c o t
1
1
A d s r i n i s t r a t i v e C o n ta c t :
Domain A d n l n l s t r a t o r
Address lookup
canonical name juooyboy.com.
aliases
a d d re s s e s
6
Microsoft Corporation
One M i c r o s o f t Way
Redmond WA 98052
US
d ornains@ m cf soft.com + 1 .4 2 5 8 8 2 8 0 8 0 F ax : 4-1.4 2 5 9 3 6 3 2 9 ‫ל‬
10
T e c h n i c a l C o n ta c t , Zone C o n ta c t :
MSN H o s tm a s te r
M i c r o s o f t C o r p o r a ti o n
One M i c r o s o f t Way
Redirond KA 98052
US
n snf s t@ m itro so flc o m ♦1*4258828080 F ax: + 1 .4 2 5 9 3 6 7 3 2 9
1 1
C re a te d o n
: 1 9 9 1 -0 5 - 0 1 .
E x p ire s o n
2 0 2 1 -0 5 - 0 2 .
R e c o rd l a s t u p d a te d o n . . : 2 0 1 1 -0 8 - 1 4 .
1
D o m a in W h o is r e c o r d
Q u e rie d w h o i s .in te r n ic .n e t w ith "dom ju g g y b o y .c o m ‫ ״‬...
D cxein Name: JUGGYBOY.COM
R e g i s t r a r : NETWORK SOLUTIONS, LLC.
¥ h o i s S e r v e r : w h o is .n e t v f o r lf s o lu t i o n s .c o j n
R e fe r r a l URL: h ttp ://w vfw .n etw orJc3clu tion3.co1r/en US/
Vane S e rv e r: HS19.WORLDNIC.COM
Nase S e r v e r : HS20.WORLDNIC.COM
S ta t u s : c l i c n t T r a n s f e r F r o h i b i t e d
U pdated D a te : 0 3 -fe b -2 0 0 9
C r e a tio n D a te : 1 6 - ) u l- 2 0 0 2
E x p i r a ti o n D a te : 16- j ‫׳‬j 1-2014
» > L ast update o f w hois d a ta b a se : Thu, 19 Ju l 2012 0 7 :4 9 :3 6 UTC < «
Q u e ried w h o ib .n e tw o r k b o lu tio n b .c o iii w ith " ju g g y b o y x o iH ‫ ״‬...
Domain s e r v e r s i n l i s t e d o r d e r :
R e g is tra n t:
n s 5 .n s f t.n e t
n s 4 .n s f t.n e t
n s l.n s ft.n e t
n s 3 .n s f t.n e t
n s 2 .n s ft.n e t
h t t p ://w h o is .d o m a in to o ls .c o m
h tt p ://c e n tr a lo p s .n e t/c o
FIGURE 2 .3 0 : W h o is se rvice s s c re e n s h o ts
M o d u le 0 2 P a g e 1 9 1
E t h i c a l H a c k i n g a n d C o u n t e r m e a s u r e s C o p y r i g h t © b y E C - C 0 U n C il
A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d .
E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s
E x a m 3 1 2 - 5 0 C e r t if ie d E t h ic a l H a c k e r
F o o t p r in t in g a n d R e c o n n a is s a n c e
WHOISLookupTool: SmartWhois CEH
Urtffi•* IthKjl lUckM
Sm artW hois - Evaluation V ersion
F ie Query Edit Y!r/» Settings Help
2? •
b
j
c r a iji
P. host or dcmarc J m!cr050ft.c<
14
miacsoft.com
^ mcney.de
»E53
tt
Free SAS i ProXad
8, rue de la ville l"Evcque
75006 Paris
phone -33 1 73 50 20 00
fax *■33 1 73 50 25 01
hQstmastcfCPptoxad.nct
(3
free SAS i ProXad
rue de 14 ville l"Evec|ue
75006 P«ri»
phone-33 173 50 20 00
fax: *33 1 73 502501
r.ojtmcitcri’cfo.od.nct
( | frMml-g20.frM.fi [212.27.60.19]
( ® J ''*•ns2-q2C.frM.fr [21227 60.20]
IJ
c"
uUpdated:
pr*at*d 29/12/2006
17/02/2004
Source: whois.nic.fr
Completed at 19-07-2012 12:4*01 PM
Processing ‫ם‬me 1.6$ seconds
V1r«VM>Liter
http://www.tamos,com
Copyright © by EG-G*ancil. All Rights Reserved. Reproduction is Strictly Prohibited.
B
C
W
H O
I S
L o o k u p
T o o l :
S m
a r t W
h o i s
S o u rce : h ttp ://w w w .ta r n o s .c o m
S m a r t W h o i s is a u s e f u l n e t w o r k i n f o r m a t i o n
in fo rm a tio n
a b o u t an
u tility t h a t a llo w s y o u t o
IP a d d r e s s , h o s t n a m e , o r d o m a i n , i n c l u d i n g
l o o k u p a ll t h e a v a ila b le
c o u n try , s ta te
o r p ro v in c e ,
c ity , n a m e o f t h e n e t w o r k p r o v i d e r , a d m i n i s t r a t o r , a n d t e c h n i c a l s u p p o r t c o n t a c t i n f o r m a t i o n . It
a ls o a s s is ts y o u in f i n d i n g t h e o w n e r o f t h e d o m a i n , t h e o w n e r ' s c o n t a c t i n f o r m a t i o n , t h e o w n e r
o f t h e IP a d d r e s s b l o c k , r e g i s t e r e d d a t e o f t h e d o m a i n , e t c .
M o d u le 0 2 P a g e 1 9 2
E t h i c a l H a c k i n g a n d C o u n t e r m e a s u r e s C o p y r i g h t © b y E C - C 0 U n C il
A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d .
E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s
E x a m 3 1 2 - 5 0 C e r t if ie d E t h ic a l H a c k e r
F o o t p r in t in g a n d R e c o n n a is s a n c e
Sm aitW hois ‫ ־‬Evaluation Version
F ile
Q u e ry
E d it
V ie w
IP, h o s t o r d o m a in :
Q
S e ttin g s
H e lp
V
m ic r o s o f t c o m
‫־׳‬£> Q u e r y »
m
a t m ic r o s o ft .c o m
m o n e y .d e
Qnjgjfcfr
8 8.19 0 2S 4.12
Free S A S / P r o X a d
I 8, ru e d e la v ille I 'E v e q u c
75008 P a ris
p h o n e : ♦33 1 73 50 20 00
fax: ♦33 1 7 3 5 0 2 5 01
h o s t m a s t e r g p fQ x id .n e t
Free S A S / P r o X a d
I 8. ru e d e la v ille l" F v e q u e
75008 P a ris
phene ♦ 33 173 50 20 00
fax: ♦33 173 5025 01
freensl-g20iree.fr (212.27.60.19]
1freens2-g20iree.fr[212.27.60.20]
Google Page Rank: 7
1Alexa Traffic Rank: 11,330
Created: 29/12/2008
Updated: 17/02/2004
Source: whois.nicir
Completed at 19*07-2012 12:44:01 PM
Processing time: 1.63 seconds
Vievy s o u r c e
FIGURE 2.31: SmartWhois screenshot
M o d u le 0 2 P a g e 1 9 3
E t h i c a l H a c k i n g a n d C o u n t e r m e a s u r e s C o p y r i g h t © b y E C - C 0 U n C il
A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d .
E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s
E x a m 3 1 2 - 5 0 C e r t if ie d E t h ic a l H a c k e r
F o o t p r in t in g a n d R e c o n n a is s a n c e
W H O IS
O n lin e T o o ls
SmartWhois
Whois
http://smartwhois.com
http://tools.whois.net
‫ה־ז‬
n
L o o k u p
Better Whois
1 1
DNSstuff
%
http://www. betterwhois. com
C E H
http://www.dnsstuff, com
m im r
‫־ = ■ ־‬
Whois Source
m
Network Solutions Whois
S'
p y y
http://www.whois.sc
Web Wiz
WebToolHub
§ fc ]
http://www.webwiz.co. uk/domain‫־‬
tools/whois-lookup.htm
http://www.webtooll
1•whois-lookup. aspx
http://www.networksolutions.com
Network-Tools.com
Ultra Tools
http://network-tools.com
https://www.ultratools.com/whois/home
Copyright © by EG-G*ancil. All Rights Reserved. Reproduction is Strictly Prohibited.
W
H O
I S
S im ila r t o
L o o k u p
T o o l s
S m a rtW h o is , th e r e
a re
n u m e r o u s to o ls a v a ila b le
in t h e
m a rk e t to
r e trie v e
W h o is in fo rm a tio n . A f e w a re m e n tio n e d as fo llo w s :
p p
C o u n t r y W
h o is
----------S o u r c e : h t t p : / / w w w . t a m o s . c o m
C o u n t r y W h o i s is a u t i l i t y f o r i d e n t i f y i n g t h e g e o g r a p h i c l o c a t i o n o f a n I P a d d r e s s . C o u n t r y W h o i s
can
be
used
to
a n a ly z e
s e r v e r lo g s , c h e c k e m a i l a d d r e s s
h e a de rs,
id e n tify
o n lin e
c r e d it ca rd
f r a u d , o r in a n y o t h e r i n s t a n c e w h e r e y o u n e e d t o q u i c k l y a n d a c c u r a t e l y d e t e r m i n e t h e c o u n t r y
o f o r i g i n b y IP a d d r e s s .
L a n W
h o is
S o u rce : h ttp ://la n tric k s .c o m
L a n W h o ls
p ro v id e s
h e lp s
d e te rm in e
you
re g is te re d , a n d th e
in fo rm a tio n
who,
a b o u t d o m a in s
w h e re ,
in fo rm a tio n
y o u r s e a r c h r e s u l t in t h e f o r m
and
when
and
th e
a d d re s s e s o n
d o m a in
or
s ite
th e
you
I n t e r n e t . T h is
a re
p ro g ra m
in te re s te d
in
was
a b o u t t h o s e w h o s u p p o r t it n o w . T h is t o o l a llo w s y o u t o s a v e
o f an a rc h iv e t o v ie w
it la te r. Y o u c a n p r in t a n d s a v e t h e s e a rc h
r e s u l t in H T M L f o r m a t .
M o d u le 0 2 P a g e 1 9 4
E t h i c a l H a c k i n g a n d C o u n t e r m e a s u r e s C o p y r i g h t © b y E C - C 0 U n C il
A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d .
E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s
E x a m 3 1 2 - 5 0 C e r t if ie d E t h ic a l H a c k e r
F o o t p r in t in g a n d R e c o n n a is s a n c e
P
t
■j i^
t
B a tc h
I P
C o n v e r t e r
*
S o u rce : h ttp ://w w w .n e tw o r k m o s t.c o m
B a tc h
IP C o n v e r t e r
is a
n e tw o rk
to o l
to
w o rk
w ith
IP a d d r e s s e s .
It c o m b i n e s
C o n v e r t e r , B a tc h P in g , T r a c e r t , W h o i s , W e b s i t e S c a n n e r , a n d C o n n e c t i o n
in te rfa c e
as w e ll as a n
I P - t o - C o u n t r y C o n v e r t e r . It a llo w s y o u
to
D o m a in -to -IP
M o n i t o r in t o a s in g le
lo o k u p th e
IP a d d r e s s f o r a
s in g le o r lis t o f d o m a in n a m e s a n d v ic e v e rs a .
I
r 1‫־‬
C a lle r I P
S o u rce : h ttp ://w w w .c a lle r ip p ro .c o m
C a lle rIP
is b a s i c a l l y IP a n d
c o n n e c tio n
m ade
a d d re s se s o n
th e
to
p o rt m o n ito rin g
y o u r c o m p u te r.
w o rld
m ap. The
s o ftw a re
t h a t d is p la y s t h e
It a ls o a llo w s y o u
W h o is
re p o rtin g
to
fin d
fe a tu re
th e
in c o m in g
o rig in
p ro v id e s
key
and
o u tg o in g
o f a ll c o n n e c t i n g
IP
in fo rm a tio n
such
as
fo r one
or
w h o a n IP is r e g i s t e r e d t o a l o n g w i t h c o n t a c t e m a i l a d d r e s s e s a n d p h o n e n u m b e r s .
® 1—
‫׳‬
W
h o ls
L o o k u p
M
u l t i p l e
A d d r e s s e s
S o u rce : h ttp ://w w w .s o b o ls o ft.c o m
T h is s o f t w a r e
o ffe rs
a s o lu tio n
U se rs can
fo r
u se rs w h o
s im p ly e n te r
w a n t to
lo o k
o w n e rs h ip
m ore
IP a d d r e s s e s .
o p t io n s f o r lo o k u p s ite s : w h o is . d o m a in t o o ls . c o m , w h o is - s e a r c h . c o m , a n d w h o is . a r in . n e t .
r e s u lt in g lis t s h o w s t h e
b e tw e e n
lo o k u p s , t o
o r lo a d
a v o id
th e m
fro m
d e ta ils
th re e
T h e u s e r ca n s e t a d e la y p e rio d
IP a d d r e s s e s
up
lo c k o u ts f r o m
a file . T h e r e
a re
th e s e w e b s ite s . T h e
IP a d d r e s s e s a n d d e t a i l s o f e a c h . I t a l s o a l l o w s y o u t o s a v e r e s u l t s t o a
t e x t file .
W
h o ls
A n a ly z e r
P r o
S o u rce : h ttp ://w w w .w h o is a n a lv z e r .c o m
T h is t o o l a llo w s y o u t o a c c e s s in f o r m a t io n a b o u t a r e g is t e r e d d o m a in w o r l d w i d e ; y o u c a n v ie w
th e d o m a in
fin d in g th e
o w n e r n a m e , d o m a in
lo c a tio n
n a m e , a n d c o n ta c t d e ta ils o f d o m a in
o f a s p e c ific d o m a in . Y o u
can
s im u lt a n e o u s ly . T h is t o o l g iv e s y o u t h e a b ilit y t o
o w n e r . It a ls o h e l p s in
a ls o s u b m i t m u l t i p l e
p rin t o r save th e
q u e rie s w it h
th is to o l
r e s u lt o f t h e q u e r y in H T M L
fo rm a t.
H o tW h o is
S o u rce : h ttp ://w w w .tia ls o ft.c o m
H o tW h o is
c ity ,
is a n
a d d re s s,
m e c h a n is m
IP t r a c k i n g t o o l t h a t c a n
c o n ta c t
phone
n u m b e rs,
re v e a l v a lu a b le
and
e m a il
in fo rm a tio n , such
a d d re s se s
of
an
IP
r e s o r t s t o a v a r i e t y o f R e g io n a l I n t e r n e t R e g is trie s , t o o b t a i n
a b o u t IP a d d r e s s . W i t h
as c o u n tr y , s ta te ,
p ro v id e r.
The
q u e ry
IP W h o i s i n f o r m a t i o n
H o tW h o is y o u c a n m a k e w h o is q u e rie s e v e n if t h e re g is tra r, s u p p o r tin g
a p a rtic u la r d o m a in , d o e s n 't h a v e th e w h o is s e rv e r its e lf.
M o d u le 0 2 P a g e 1 9 5
E t h i c a l H a c k i n g a n d C o u n t e r m e a s u r e s C o p y r i g h t © b y E C - C 0 U n C il
A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d .
E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s
E x a m 3 1 2 - 5 0 C e r t if ie d E t h ic a l H a c k e r
F o o t p r in t in g a n d R e c o n n a is s a n c e
W
h o is
2 0 1 0
P r o
S o u rce : h ttp ://la p s h in s .c o m
W h o i s 2 0 1 0 P R O is n e t w o r k i n f o r m a t i o n
s o f tw a r e th a t a llo w s y o u to
l o o k u p a ll t h e
a v a ila b le
in f o r m a t io n a b o u t a d o m a in n a m e , in c lu d in g c o u n tr y , s ta te o r p r o v in c e , c ity , a d m in is t r a t o r , a n d
te c h n ic a l s u p p o r t c o n ta c t in fo rm a tio n .
(W )
A c t iv e W h o is
S o u rce : h ttp ://w w w .jo h n r u .c o m
A c t i v e W h o i s is a n e t w o r k t o o l t o f i n d i n f o r m a t i o n a b o u t t h e o w n e r s o f IP a d d r e s s e s o r I n t e r n e t
d o m a in s . Y o u ca n d e te r m in e th e c o u n tr y , p e rs o n a l a n d p o s ta l a d d re s s e s o f th e o w n e r, a n d /o r
u s e r s o f IP a d d r e s s e s a n d d o m a i n s .
W
h o is T h is D o m a in
S o u rce : h ttp ://w w w .n ir s o ft.n e t
W h o is T h is D o m a in
a b o u t a re g is te re d
is a d o m a i n
r e g is tra tio n
lo o k u p
u tility
th a t
d o m a i n . It a u t o m a t i c a l l y c o n n e c t s t o t h e
a llo w s
you
to
get
in fo rm a tio n
rig h t W H O IS s e rv e r a n d
re trie v e s
t h e W H O I S r e c o r d o f t h e d o m a i n . It s u p p o r t s b o t h g e n e r ic d o m a i n s a n d c o u n t r y c o d e d o m a in s .
M o d u le 0 2 P a g e 1 9 6
E t h i c a l H a c k i n g a n d C o u n t e r m e a s u r e s C o p y r i g h t © b y E C - C 0 U n C il
A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d .
E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s
E x a m 3 1 2 - 5 0 C e r t if ie d E t h ic a l H a c k e r
F o o t p r in t in g a n d R e c o n n a is s a n c e
W H O IS
‫ה־ז‬
n
1 1
L o o k u p
O n lin e T o o ls
SmartWhois
Whois
http://smartwhois.com
http://tools.whois.net
Better Whois
DNSstuff
%
http://www. betterwhois. com
C E H
http://www.dnsstuff, com
m im r
‫־ = ■ ־‬
Whois Source
m
Network Solutions Whois
S'
p y y
http://www.whois.se
Web Wiz
WebToolHub
§ fc ]
http://www.webwiz.co. uk/domain‫־‬
tools/whois-lookup.htm
http://www.webtooll
1•whois-lookup. aspx
http://www.networksolutions.com
Network-Tools.com
Ultra Tools
http://network-tools.com
https://www.ultratools.com/whois/home
Copyright © by EG-G*ancil. All Rights Reserved. Reproduction is Strictly Prohibited.
W
H O
I S
L o o k u p
O
n l i n e
T o o ls
In a d d i t i o n t o t h e W h o i s l o o k u p t o o l s m e n t i o n e d s o f a r , a f e w
o n lin e W h o is lo o k u p to o ls
a re lis te d as fo llo w s :
Q
S m a r tW h o is a v a ila b le a t h t t p : / / s m a r t w h o is . c o m
Q
B e tte r W h o is a v a ila b le a t h t t p : / / w w w . b e t t e r w h o is . c o m
O
W h o is S o u rc e a v a ila b le a t h ttp ://w w w .w h o is .s e
Q
W e b W iz a v a ila b le a t h t t p : / / w w w . w e b w iz . c o . u k / d o m a in - t o o ls / w h o is - lo o k u p . h t m
Q
N e tw o rk -T o o ls .c o m
Q
W h o is a v a ila b le a t h t t p : / / t o o ls . w h o is . n e t
©
D N S s tu ff a v a ila b le a t h ttp ://w w w .d n s s tu ff.c o m
Q
N e t w o r k S o lu tio n s W h o is a v a ila b le a t h t t p : / / w w w . n e t w o r k s o l u t io n s . c o m
S
W e b T o o lH u b a v a ila b le a t h t t p :/ / w w w . w e b t o o lh u b . c o m / t n 5 6 1 3 8 1 - w h o is - lo o k u p . a s p x
Q
U ltra T o o ls a v a ila b le a t h t t p s : / / w w w . u lt r a t o o ls . c o m / w h o is / h o m e
M o d u le 0 2 P a g e 1 9 7
a v a ila b le a t h t t p : / / n e t w o r k - t o o ls . c o m
E t h i c a l H a c k i n g a n d C o u n t e r m e a s u r e s C o p y r i g h t © b y E C - C 0 U n C il
A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d .
E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s
E x a m 3 1 2 - 5 0 C e r t if ie d E t h ic a l H a c k e r
F o o t p r in t in g a n d R e c o n n a is s a n c e
Footprinting Methodology
Footprinting through Search
Engines
WHOIS Footprinting
Website Footprinting
DNS Footprinting
Email Footprinting
Network Footprinting
Competitive Intelligence
Footprinting through Social
Engineering
Footprinting using Google
Footprinting through Social
Networking Sites
CEH
Copyright © by EG-G*ancil. All Rights Reserved. Reproduction is Strictly Prohibited.
F o o t p r i n t i n g
-------
M
e t h o d o l o g y
T h e n e x t p h a s e i n f o o t p r i n t i n g m e t h o d o l o g y is D N S f o o t p r i n t i n g .
T h is s e c tio n d e s c rib e s h o w t o e x t r a c t D N S in f o r m a t io n a n d t h e D N S in t e r r o g a t i o n to o ls .
M o d u le 0 2 P a g e 1 9 8
E t h i c a l H a c k i n g a n d C o u n t e r m e a s u r e s C o p y r i g h t © b y E C - C 0 U n C il
A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d .
E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s
E x a m 3 1 2 - 5 0 C e r t if ie d E t h ic a l H a c k e r
F o o t p r in t in g a n d R e c o n n a is s a n c e
E x t r a c t in g
CEH
D N S I n f o r m a t io n
(•rtifwd
ilk. (41 •UthM
0
0
A ttacker can gather DNS inform ation to determ ine key hosts in
the netw o rk and can perform social engineering attacks
3
0
DNS records provide important information
about location and type of servers
R e co rd
0
D N S I n te r r o g a tio n T o o ls
D e s c r ip t io n
T yp e
A
2
©
http://www.dnsstuff.com
©
http://network-tools.com
P o in ts t o a h o s t's IP ad d re s s
MX
P o in ts t o d o m a in 's m a il se rv e r
NS
P o in ts t o h o s t's n a m e se rv e r
CNAM E
C a n o n ic a l n a m in g a llo w s a lia se s to a h ost
SOA
In d ic a te a u th o r ity fo r d o m a in
SRV
S e rv ic e re c o rd s
PTR
M a p s IP a d d re s s t o a h o s tn a m e
RP
R e sp o n sib le p e rso n
H IN FO
H o s t in fo r m a t io n re c o r d in c lu d e s C P U t y p e an d O S
T XT
U n s tru c tu r e d te x t re c o rd s
Copyright © by EG-G*ancil. All Rights Reserved. Reproduction is Strictly Prohibited.
E x t r a c t i n g
D N S
DNS fo o tp rin tin g
I n f o r m
a llo w s y o u
to
a t i o n
o b ta in
in fo rm a tio n
about
DNS zone
d a ta . T h is
DNS
z o n e d a t a i n c l u d e s D N S d o m a i n n a m e s , c o m p u t e r n a m e s , IP a d d r e s s e s , a n d m u c h m o r e a b o u t a
p a rtic u la r n e tw o rk . T h e a tta c k e r p e rfo r m s D N S fo o t p r in t in g
o b ta in
th e
d e te rm in e
in fo rm a tio n
key
h o s ts
about
in t h e
DNS.
He
n e tw o rk
or
and
she
th e n
th e n
uses
p e rfo rm s
o n t h e t a r g e t n e t w o r k in o r d e r t o
th e
g a th e re d
DNS
s o c ia l e n g in e e r in g
in fo rm a tio n
a tta c k s to
to
g a th e r
m o re in fo rm a tio n .
DNS fo o tp rin tin g can be p e rfo rm e d
u s in g D N S in t e r r o g a t io n t o o ls s u c h as w w w . D N S s t u f f . c o m .
B y u s i n g w w w . D N S s t u f f . c o m , i t is p o s s i b l e t o e x t r a c t D N S i n f o r m a t i o n
s e rv e r e x te n s io n s ,
DNS
lo o k u p s ,
W h o is
lo o k u p s ,
e tc .
If y o u
w ant
a b o u t IP a d d r e s s e s , m a i l
in fo rm a tio n
a b o u t a ta rg e t
c o m p a n y , i t is p o s s i b l e t o e x t r a c t i t s r a n g e o f IP a d d r e s s e s u t i l i z i n g t h e I P r o u t i n g l o o k u p o f D N S
s tu ff. If t h e t a r g e t n e t w o r k a llo w s u n k n o w n , u n a u t h o r iz e d u s e rs t o t r a n s f e r D N S z o n e d a ta , t h e n
i t is e a s y f o r y o u t o
o b ta in th e
in fo rm a tio n
a b o u t DNS w ith
th e
h e lp o f th e
DNS in te rro g a tio n
to o l.
O nce you
re sp o n d
to
send th e
you
w ith
q u e r y u s in g t h e
a re co rd
DNS in te rro g a tio n
s tru c tu re th a t c o n ta in s
to o l to
th e
in fo rm a tio n
DN S se rv e r, th e
a b o u t th e
s e rv e r w ill
ta rg e t DNS. DNS
re c o rd s p ro v id e im p o r ta n t in fo r m a tio n a b o u t lo c a tio n a n d ty p e o f s e rve rs.
Q
A - P o i n t s t o a h o s t ' s IP a d d r e s s
M o d u le 0 2 P a g e 1 9 9
E t h i c a l H a c k i n g a n d C o u n t e r m e a s u r e s C o p y r i g h t © b y E C - C 0 U n C il
A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d .
E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s
E x a m 3 1 2 - 5 0 C e r t if ie d E t h ic a l H a c k e r
F o o t p r in t in g a n d R e c o n n a is s a n c e
Q
M X ‫ ־‬P o in ts t o d o m a in 's m a il s e rv e r
Q
NS - P o in ts t o h o s t's n a m e s e rv e r
Q
C N A M E - C a n o n ic a l n a m in g a llo w s a lia s e s t o a h o s t
Q
S O A - In d ic a te a u t h o r it y f o r d o m a in
Q
SR V - S e rv ic e r e c o r d s
Q
P T R - M a p s IP a d d r e s s t o a h o s t n a m e
6
RP - R e s p o n s i b l e p e r s o n
£
H IN F O - H o s t in f o r m a t io n r e c o r d in c lu d e s C PU t y p e a n d OS
A f e w m o r e e x a m p le s o f D N S in t e r r o g a tio n to o ls t o s e n d a D N S q u e r y in c lu d e :
6
h ttp ://w w w .d n s s tu ff.c o m
©
h ttp ://n e tw o rk -to o ls .c o m
M o d u le 0 2 P a g e 2 0 0
E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s C o p y r ig h t © b y
EC-C0l1ncil
A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d .
E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s
E x a m 3 1 2 - 5 0 C e r t if ie d E t h ic a l H a c k e r
F o o t p r in t in g a n d R e c o n n a is s a n c e
E x t r a c t in g
D N S I n f o r m a t io n
C E H
( C o n t ’d )
T h is t o o l i s v e r y u s e f u l t o p e r f o r m a D N S q u e r y o n a n y h o s t . E a c h d o m a in
(•rtifwtf | EthKJi ■UckM
^ Perform DNS query
n a m e (Ex a m p le : d n s q u e r ie s . c o m ) i s s t r u c t u r e d in h o s t s (e x :
u e r ie s , c o m ) a n d t h e D N S ( D o m a in N a m e S y s t e m ) a llo w
Q 10
t o t r a n s la t e t h e d o m a in n a m e o r t h e h o s t n a m e in an IP A d d r e s s
c o n t a c t v ia t h e T C P / I P p r o t o c o l. T h e r e a r e s e r v e r a l t y p e s o f q u e r ie microsoft.com
s,
c o r r e s p o n d in g t o a ll t h e I m p le m e n t a b le t y p e s o f D N S r e c o r d s s u c h a s A
re c o rd , M X . A A A A , C N A M E an d SOA.
Results for checks on m icro so ft.co m
H ost
TTL
C la s s
ly p e
D e ta ils
m ic r o s o f t .c o m !J
3381
IN
TXT
FbU F 6 D bkE * A w 1 / v / i9 x g D i3 K V r llZ u s 5 v 8 L 6 tb lQ Z k G r Q ‫ ׳‬r V Q K J i8 C jQ b B tW t£ 6 4 e y 4 N JJv /j5 J6 5 P lg g V Y N a b d Q —
m ic r o s o f t .c o m
3381
IN
TXT
v - s p f Include: s p f- a . m lc r o s o f t .c o m Include :_ s p f- b .m fc ro s o ft.c o m 1 n c lu d e :_ sp f‫־‬c. m lc r o s o ft .c o m 1nclu de:_spf-ssg•
a . m ic r o s o ft .c o m ip 4 : l 3 1 . 1 0 7 .1 1 5 .2 1 5 ip i : 1 3 1 .1 0 7 .1 1 5 .2 1 4 ip 4 :2 0 5 .2 4 8 .1 0 6 .6 4 ip 4 : 2 0 5 .2 4 8 .1 0 6 .3 0
ip 4 :2 0 5 .2 4 8 .1 0 6 .3 2 * all
1
m lc r o s o f t .c o m ^
3381
IN
MX
1 0 m a ll. m e s s a g ln g . m lc r o s o n . c o m ! J
m ic io b u f t . c o iii J
3381
IN
SOA
n s 1 .m s f t. n e t m b n h b t .m ia b f t .c m 2 01 2 0 7 1 6 0 2 3C0 6 00 2 4 1 9 2 0 0 3 600
m ic r o s o f t .c o m
3381
IN
A
6 4 .4 .1 1 .3 7 (£)
3381
IN
m ic r o s o f t .c o m
00 0
A
6 5.5 5 .5 8 .7 0 1 $
141531 IN
NS
n s 5 .m s ft.n e t
m ic r o s o f t .c o m
141531 IN
NS
n s 2 .m s ft.n e t
m ic r o s o f t .c o m ^
141531 IN
NS
n s 1 .m s f t.n e t (g)
m ic r o s o f t .c o m $
141531 IN
NS
n s 3 .m s f t.n e t $
m ic r o s o f t .c o m $
141531 IN
NS
n s 4 .m s f t.n e t yj}
m ic r o s o f t .c o m
'J
h ttp ://w w w .d n s q u e r ie s .c o m
Copyright © by EG-GtailCil. All Rights Reserved. Reproduction is Strictly Prohibited.
E x t r a c t i n g
D N S
I n f o r m
a t i o n
( C
o n t ’ d )
S o u rce : h ttp ://w w w .d n s q u e rie s .c o m
P e rfo rm
p e rfo rm
in
h o s ts
DNS
q u e ry
a v a ila b le
at
h ttp ://w w w .d n s q u e rie s .c o m
is
a
to o l
th a t
you
to
a D N S q u e r y o n a n y h o s t . E a c h d o m a i n n a m e ( e x a m p l e : d n s q u e r i e s . c o m ) is s t r u c t u r e d
(ex:
w w w .d n s q u e rie s .c o m ) a n d
th e
DNS
(D o m a in
Nam e
S y s te m )
a llo w s
t r a n s l a t e t h e d o m a i n n a m e o r t h e h o s t n a m e i n a n IP a d d r e s s t o c o n t a c t v i a t h e
T he re
a llo w s
a re
se ve ra l
ty p e s
of
q u e rie s ,
c o rre s p o n d in g
to
a ll
th e
anyone
TCP/IP
im p le m e n ta b le
to
p ro to c o l.
ty p e s
of
DNS
re c o rd s su ch as a re c o rd , M X , A A A A , C N A M E , a n d SOA.
Now
le t's s e e h o w t h e
DNS in te r r o g a tio n to o l re trie v e s in fo r m a tio n
b ro w s e r and ty p e h ttp ://w w w .d n s q u e rie s .c o m
a b o u t th e
DNS. G o to th e
a n d p re s s E n te r. T h e D N S q u e ry 's h o m e s ite w ill
b e d i s p l a y e d in t h e b r o w s e r .
E n t e r t h e d o m a i n n a m e o f y o u r i n t e r e s t in t h e
P e rfo rm
a re
Run
e n te rin g
M ic ro s o ft.c o m )
and
c lic k
th e
D N S q u e r y 's H o s tN a m e fie ld (h e re w e
to o l
b u tto n ;
th e
DNS
in fo rm a tio n
fo r
M i c r o s o f t . c o m w i l l b e d i s p l a y e d as s h o w n in t h e f o l l o w i n g f i g u r e .
M o d u le 0 2 P a g e 2 0 1
E t h i c a l H a c k i n g a n d C o u n t e r m e a s u r e s C o p y r i g h t © b y E C - C 0 U n C il
A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d .
E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s
E x a m 3 1 2 - 5 0 C e r t if ie d E t h ic a l H a c k e r
F o o t p r in t in g a n d R e c o n n a is s a n c e
T h is t o o l is v e r y u s e f u l t o p e r f o r m a D N S q u e r y o n a n y h o s t . E a c h d o m a in
n a m e ( F x a m p le : d n s q u e r ie s . c o m ) is s t r u c t u r e d in h o s t s (ex:
Q Perform DNS query
w w w . d n s q u 9 r ie s . c o m ) a n d t h e D N S ( D o m a in Nam© S y s t e m ) a llo w
o v o r y b o d y t o t r a n s la t o t h o d o m a in n a m o o r t h o h o s t n a m e in an IP A d d r o s s
t o c o n t a c t v ia t h e T C P / I P p r o t o c o l. T h e r e a r e s e r v e r ^ t y p e s o f q u e r ie s ,
c o r r e s p o n d in g t o dll t h e im p le m e n ld b le t y p e s o f D N S r e c o r d s s u c h ‫ ל«־‬A
r e c o r d , M X , A A A A , C N A M E a n d SO A .
H o s t fla m e :
[mcrosoftcom
Type:
ANY
0
|
R un to o h T
Results fo r checks on m 1crosoft.com
H ost
TTL
C la s s
Type
m ic r o s o ft .c o m
3381
IN
TXT
F b U F 6 D b k E * A v v l/w i9 x g D i8 K V rllZ u s 5 v 8 L 6 tb lQ Z k G rQ / ‫ ׳‬V Q K Ji8 C jQ b B tW tE 6 4 e y 4 N JJ v v j5 J6 5 P lg g W N a b d Q -‫־‬
D e ta ils
micr030ft.c0m
3381
IN
TXT
v= spf ln c lu d e :_ s p f-a .m fc r o s o fL c o m ln d u d e :_ s p f ‫ ־‬b .m fc r o s o ft.c o m ln c lu d e :_ s p f ‫־‬
a . m ic r o s o ft.c o m i p 4 : l 3 l . l C 7 . 1 l 5 . 2 l 5 i p 4 : l 3 l .1 0 7 .1 1 5 .2 1 4 ip 4 :2 G 5 .2 4 8 .1 0 0 .6 4 ip 4 :2 0 5 .2 4 3 .1 06.30
ip 4 :2 0 5 .2 4 8 .1 0 6 .3 2 ' a l l
m ic r o s o ft .c o m
3381
IN
MX
10 mail.mes5aging.micro50ft.c0m
m ic r o s o t t. c o m ^
3381
IN
SOA
n s l.m s ft .n e t m s n h s t .m ic r o s o f t . c o m 2 01 2 0 7 1 6 0 2 300 6 0 0 2 4 1 9 20 0 3 600
m ic r o s o ft .c o m
3381
IN
A
64.4.11.37 sJ
m ic r o s o ft .c o m
3381
IN
A
6 5 55.58.201
microsoh.com ^
141531
IN
NS
n s 5 .m s f t.n e t {gj
m ic r o s o t t. c o m ^
141531
IN
NS
n s 2 .m s lt .n e t $
m ic r o s o ft .c o m C
J
141531
IN
NS
n s 1 .m s ft.n e t !£}
m ic r o s o ft .c o m Q
141531
IN
NS
n s 3 .m s ft.n e t
n1icr050ft.c0m ^
141531
IN
NS
rr54.t1tsft.net ' j
1
c . m lc r o s o ft.c o m 1 n d u d e :_ s p f-s sg
FIGURE 2 .3 2 : S c re e n s h o t s h o w in g DNS in fo r m a tio n f o r M ic ro s o ft.c o m
M o d u le 0 2 P a g e 2 0 2
E t h i c a l H a c k i n g a n d C o u n t e r m e a s u r e s C o p y r i g h t © b y E C - C 0 U n C il
A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d .
E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s
E x a m 3 1 2 - 5 0 C e r t if ie d E t h ic a l H a c k e r
F o o t p r in t in g a n d R e c o n n a is s a n c e
DNS Interrogation Tools
DIG
A
‫ח‬
DNSWatch
http://www.kloth.net
ffjp
slli
CEH
____ ‫נ‬
http://www.dns watch, info
myDNSTools
DomainTools
http://www.mydnstools.info
http://www.domaintools.com
Professional Toolset
1rv ' - ,
(0
m
http://www.dnsstuff. com
DNS
http://e-dns.org
DNS Records
DNS Lookup Tool
http://net work-tools.com
http://www.webwiz. co.uk
DNSData View
DNS Query Utility
http://www.nirsoft.net
http://www.webmaster-toolkit. com
Copyright © by EG-G(HIICil. All Rights Reserved. Reproduction is Strictly Prohibited.
D N S
I n t e r r o g a t i o n
T o o l s
A f e w m o r e w e ll- k n o w n D N S in t e r r o g a t i o n t o o ls a re lis te d as fo llo w s :
©
D IG a v a ila b le a t h t t p : / / w w w . k l o t h . n e t
©
m y D N S T o o ls a v a ila b le a t h ttp ://w w w .m y d n s to o ls .in fo
©
P ro fe s s io n a l T o o ls e t a v a ila b le a t h t t p : / / w w w . d n s s t u f f . c o m
©
D N S R e c o rd s a v a ila b le a t h t t p : / / n e t w o r k - t o o ls . c o m
©
D N S D a ta V ie w a v a ila b le a t h t t p : / / w w w . n i r s o f t . n e t
©
D N S W a tc h a v a ila b le a t h ttp ://w w w .d n s w a tc h .in fo
©
D o m a in T o o ls P ro a v a ila b le a t h ttp ://w w w .d o m a in to o ls .c o m
©
D N S a v a ila b le a t h t t p :/ / e - d n s . o r g
©
D N S L o o k u p T o o l a v a ila b le a t h t t p : / / w w w . w e b w iz . c o . u k
©
D N S Q u e ry U tility a v a ila b le a t h t t p : / / w w w . w e b m a s t e r - t o o lk i t . c o m
M o d u le 0 2 P a g e 2 0 3
E t h i c a l H a c k i n g a n d C o u n t e r m e a s u r e s C o p y r i g h t © b y E C - C 0 U n C il
A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d .
E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s
E x a m 3 1 2 - 5 0 C e r t if ie d E t h ic a l H a c k e r
F o o t p r in t in g a n d R e c o n n a is s a n c e
Footprinting Methodology
Footprinting through Search
Engines
CEH
WHOIS Footprinting
‫*ך‬
Website Footprinting
DNS Footprinting
Email Footprinting
Network Footprinting
Competitive Intelligence
Footprinting through Social
Engineering
Footprinting through Social
Networking Sites
Copyright © by EG-G(HIICil. All Rights Reserved. Reproduction is Strictly Prohibited.
F o o t p r i n t i n g
The
in fo rm a tio n .
next
So,
s te p
now
we
a fte r
w ill
M
e t h o d o l o g y
re trie v in g
d is c u s s
th e
n e tw o rk
DNS
in fo rm a tio n
fo o tp rin tin g ,
is
to
g a th e r
a m e th o d
n e tw o rk -re la te d
o f g a th e rin g
n e tw o rk -
re la te d in fo rm a tio n .
T h is
s e c tio n
d e s c rib e s
how
to
lo c a te
n e tw o rk
range,
d e te rm in e
th e
o p e ra tin g
s y s te m ,
T ra c e ro u te , a n d th e T ra c e ro u te to o ls .
M o d u le 0 2 P a g e 2 0 4
E t h i c a l H a c k i n g a n d C o u n t e r m e a s u r e s C o p y r i g h t © b y E C - C 0 U n C il
A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d .
E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s
E x a m 3 1 2 - 5 0 C e r t if ie d E t h ic a l H a c k e r
F o o t p r in t in g a n d R e c o n n a is s a n c e
CEH
Locate the Network Range
J
Q u e rie d
207 46 232 182
207.46. 0. 0 207 46 255.255
207.46 0/16
w h o is .a r in .n e t
N e tR a n g e :
w ith
"n
.
.
C ID R :
Find the range of IP addresses using ARIN
whois database search tool
J
IthKJI lUckM
N e tw o r k W h o is R e c o rd
Network range information obtained assists
an attacker to create a map of the target's
network
J
(citifwd
.
.
" . . .
.
.
O rig in A S :
N e tN a m e :
M IC R O S O F T -G L O B A L -N E T
N E T -
N e tH a n d le :
You can find the range of IP addresses and
the subnet mask used by the target
organization from Regional Internet
Registry (RIR)
-
N S
.M S F T .N E T
N a m e S e rv e r:
N S
.M S F T .N E T
N a m e S e rv e r:
N S
.M S F T .N E T
N a m e S e rv e r:
N S
.M S F T .N E T
N a m e S e rv e r:
N S
.M S F T .N E T
-
-
h t tp : / /w
207 46 0 0-1
-
-
A s s ig n m e n t
2
4
1
5
3
1997 03-31
2004 12-09
R e f:
-
-
-
N a m e S e rv e r:
U p d a te d :
h o is .a r in .n e t/r e s t/n e t/N E T -
-
O rg N a m e :
M
Orgld:
MSFT
A d d re s s :
O ne
ic ro s o ft
M
C o rp
ic ro s o ft
C ity :
R edm ond
S ta te P r o v :
WA
W ay
O rg A b u se P h o n e :
98052
1998 07-10
2009 11-10
231
1 425 882-8080
O rg A b u s e E m a il:
a b u s e @ h o tm a il. com
PostalCode:
US
C o u n try :
-
R e g D a te :
-
U p d a te d :
N e tw o rk
-
N E T -
D ir e c t
R e g D a te :
Atta cker
207 46 0 0-1
207 0 0 0-0
P a r e n t:
N e tT y p e :
R e f:
h t t p : //w h o is . a r i n .n e t/re s t/o rg /M S F T
O r g A b u s e H a n d le
ABU SE
O rg A k u se N a m e :
A b u se
+
-
-A R IN
-
O rg A b u se R e f:
h t t p : / /w h o is . a r i n .n e t/re s t/p o c /A B U S E
231
-A R IN
Copyright © by EG-Gtancil. All Rights Reserved. Reproduction is Strictly Prohibited.
»‫־‬
L o c a t e
‫ז‬-‫נ‬
To
p e rfo rm
in fo rm a tio n
fo r, an d
t h e
N
e t w
n e tw o rk
o r k
R a n g e
fo o tp rin tin g ,
you
need
to
g a th e r
b a s ic
and
im p o rta n t
a b o u t th e t a r g e t o rg a n iz a tio n su ch as w h a t th e o rg a n iz a tio n d o e s , w h o th e y w o r k
w h a t ty p e
o f w o rk
th e y
p e rfo rm . The
a n s w e rs to
th e s e
q u e s tio n s
g iv e
you
an
id e a
a b o u t th e in te rn a l s tr u c tu r e o f th e ta r g e t n e tw o rk .
A fte r g a th e rin g th e
ran g e
a fo re m e n tio n e d
o f a ta rg e t s y s te m .
in fo rm a tio n , an a tta c k e r can p ro c e e d to fin d th e
He o r she can g e t m o re
d e ta ile d
r e g i o n a l r e g i s t r y d a t a b a s e r e g a r d i n g IP a l l o c a t i o n a n d t h e
in fo rm a tio n
fro m
th e
n e tw o rk
a p p ro p ria te
n a tu r e o f th e a llo c a tio n . A n a tta c k e r
c a n a ls o d e t e r m i n e t h e s u b n e t m a s k o f t h e d o m a in . H e o r s h e c a n a ls o t r a c e t h e r o u t e b e t w e e n
th e
s y s te m
and
th e
ta rg e t
s y s te m .
Two
p o p u la r
tra c e ro u te
to o ls
a re
N e o T ra ce
and
V is u a l
R o u te .
O b ta in in g
p riv a te
A u th o rity
(IA N A )
In te rn e ts :
IP a d d r e s s e s c a n
has
rese rve d
th e
be u s e fu l fo r an a tta c k e r. T h e
fo llo w in g
1 0 .0 .0 .0 -1 0 .2 5 5 .2 5 5 .2 5 5
(1 0 /8
th re e
b lo c k s o f t h e
p re fix ),
In t e r n e t A s s ig n e d
N u m b e rs
IP a d d r e s s s p a c e f o r p r i v a t e
1 7 2 .1 6 .0 .0 -1 7 2 .3 1 .2 5 5 .2 5 5
(1 7 2 .1 6 /1 2
p re fix ) , a n d 1 9 2 .1 6 8 . 0 .0 - 1 9 2 .1 6 8 .2 5 5 .2 5 5 ( 1 9 2 .1 6 8 /1 6 p re fix ).
The
n e tw o rk
ran g e
g iv e s
you
an
id e a
about
how
th e
n e tw o rk
is ,
w h ic h
m a c h in e s
in
th e
n e t w o r k s a re a liv e , a n d it h e lp s t o id e n t i f y t h e n e t w o r k t o p o lo g y , a c c e s s c o n t r o l d e v ic e , a n d OS
M o d u le 0 2 P a g e 2 0 5
E t h i c a l H a c k i n g a n d C o u n t e r m e a s u r e s C o p y r i g h t © b y E C - C 0 U n C il
A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d .
E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s
E x a m 3 1 2 - 5 0 C e r t if ie d E t h ic a l H a c k e r
F o o t p r in t in g a n d R e c o n n a is s a n c e
u s e d in t h e t a r g e t n e t w o r k . T o f i n d t h e
n e tw o rk ra n g e o f th e ta rg e t n e tw o rk , e n te r th e s e rve r
IP a d d r e s s ( t h a t w a s g a t h e r e d i n W H O I S f o o t p r i n t i n g ) i n t h e A R I N w h o i s d a t a b a s e s e a r c h t o o l o r
you
can
go
to
th e
A R IN
w e b s ite
(h t t p s ://w w w .a r in .n e t/k n o w le d g e /r ir s .h tm l) a n d
e n te r
th e
s e r v e r IP i n t h e S E A R C H W h o i s t e x t b o x . Y o u w i l l g e t t h e n e t w o r k r a n g e o f t h e t a r g e t n e t w o r k . I f
th e
D N S s e rv e r s a re n o t s e t u p c o r r e c t ly , t h e a t t a c k e r h a s a g o o d c h a n c e o f o b t a i n i n g a lis t o f
in te r n a l m a c h in e s o n t h e s e rv e r . A ls o , s o m e t im e s if a n a t t a c k e r tr a c e s a r o u t e t o a m a c h in e , h e
o r s h e c a n g e t t h e i n t e r n a l IP a d d r e s s o f t h e g a t e w a y , w h i c h m i g h t b e u s e f u l .
N e tw o rk
W h o is
Q u e rie d w h o is . a r i n . n e t w it h
R e c o rd
"n 2 0 7 .4 6 .2 3 2 .1 8 2 ",
2 0 7 .4 6 .0 .0 - 2 0 7 .4 6 .2 5 5 .2 5 5
N e tR a n g e :
2 0 7 .4 6 .0 .0 /1 6
C ID R :
O rig in A S :
MICROSOFT-GLOBAL-NET
NetN am e:
N E T -207 -46-0 -0-1
N e tH a n d le :
N E T -20 7 -0 -0 -0 -0
P a re n t:
D i r e c t A s s ig n m e n t
N e tT yp e :
N S 2 .MSFT.NET
N am eS e rve r:
N S 4 .MSFT.NET
N am eS e rve r:
NS1.MSFT.NET
N am eS e rve r:
NS5.MSFT.NET
N am eS e rve r:
NS3.MSFT.NET
N am eS erver:
1997-03-31
R eg D a te :
2 0 04-12-09
U p d a ted :
h ttp ://w h o is .a r i n .n e t/re s t/n e t/N E T R e f:
2 0 7 -4 6 -0 -0 -1
M i c r o s o f t Corp
O rgN a m e :
MS FT
O rg ld :
One M i c r o s o f t Way
A ddress:
Redmond
C ity :
WA
S ta te P ro v :
98052
P o s ta lC o d e :
US
C o u n try :
1998-0 7 -1 0
R eg D a te :
2 0 0 9-1 1 -1 0
U p d a ted :
h t t p : / /w h o is .a r i n . n e t/re s t/o rg /M S F T
R e f:
O r g A b u s e H a n d l e : ABUSE23 1 - A R I N
OrgAbuseName:
Abuse
O rgA buseP hone:
+ 1 -4 25-882-8080
O rg A b u s e E m a il:
e k b u s e @ h o tm a il.c o m
O rgA b use R e f:
h t t p : / / w h o i s . a r i n . n e t/re s t/p o c /A B U S E 2 3 1 -A R IN
Y o u n e e d t o u s e m o r e t h a n o n e t o o l t o o b t a in n e t w o r k in f o r m a t i o n as s o m e t im e s a s in g le t o o l
is n o t c a p a b l e o f d e l i v e r i n g t h e i n f o r m a t i o n y o u w a n t .
M o d u le 0 2 P a g e 2 0 6
E t h i c a l H a c k i n g a n d C o u n t e r m e a s u r e s C o p y r i g h t © b y E C - C 0 U n C il
A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d .
E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s
E x a m 3 1 2 - 5 0 C e r t if ie d E t h ic a l H a c k e r
F o o t p r in t in g a n d R e c o n n a is s a n c e
Determine the Operating System c EH
(•itifwd tUMJl NM
hM
Use the Netcraft tool to determine the OSes in use by the target organization
Copyright © by EC-CaHCil. All Rights Reserved. Reproduction is Strictly Prohibited.
\
D
e t e r m
i n e
t h e
O
p e r a t i n g
S y s t e m
S o u rce : h ttp ://n e w s .n e tc ra ft.c o m
S o f a r w e h a v e c o l l e c t e d i n f o r m a t i o n a b o u t IP a d d r e s s e s , n e t w o r k r a n g e s , s e r v e r n a m e s , e t c . o f
th e
ta rg e t
n e tw o rk .
Now
it's
tim e
to
fin d
out
th e
OS
r u n n in g
on
th e
ta rg e t
n e tw o rk .
The
t e c h n i q u e o f o b t a i n i n g i n f o r m a t i o n a b o u t t h e t a r g e t n e t w o r k O S is c a l l e d O S f i n g e r p r i n t i n g . T h e
N e tc r a ft to o l w ill h e lp y o u t o fin d o u t th e OS r u n n in g o n th e ta r g e t n e tw o r k .
L e t's s e e h o w N e t c r a f t h e lp s y o u d e t e r , o m e t h e O S o f t h e t a r g e t n e t w o r k .
Open
th e
h ttp ://n e w s .n e tc ra ft.c o m
s ite
in y o u r
b ro w se r and
ty p e
th e
d o m a in
nam e
of your
t a r g e t n e t w o r k in t h e W h a t ' s t h a t s it e r u n n i n g ? f i e l d ( h e r e w e a r e c o n s i d e r i n g t h e d o m a i n n a m e
‫ ״‬M i c r o s o f t . c o m " ) . It d is p la y s a ll t h e s it e s a s s o c i a t e d w i t h t h a t d o m a i n a l o n g w i t h t h e o p e r a t i n g
s y s t e m r u n n in g o n e a c h s ite .
M o d u le 0 2 P a g e 2 0 7
E t h i c a l H a c k i n g a n d C o u n t e r m e a s u r e s C o p y r i g h t © b y E C - C 0 U n C il
A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d .
E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s
E x a m 3 1 2 - 5 0 C e r t if ie d E t h ic a l H a c k e r
F o o t p r in t in g a n d R e c o n n a is s a n c e
OS, Wab Scrrcr aad Mosang Mi‫ כ‬lory for wlnOo/o./ricrosoft.coai
riE T C R ^ F T
*kBtxkOwiMi
rae»o-^
S earch W eb by Domain
M1UOS08-88/7.5
Mier6<w8-8S/7 5
Micre&Jt IIS/7 (
Miaoso8-83/7 5
lft-JUl-2012
14•Jul-901?
8 ‫ י‬Jun 2012
M 55 175 113
M W 175183
M ac** Cap
Acre** Cap!
Merc s»« Cap
Macso• Cap
MCTCSJtCCfp
r s c ic p
14-Ju1-2012‫׳‬
18-May-2012
14-May-2012
10‫־‬Apr-2012
55 55 175183
Miacsat-iis5 /‫׳‬
Micrcs:>MS/7 6
Mierc sot HC/7 6
F5 e»G-P
F5 BIC-P
F6 6ICP
Miacso«-«S/7 5
Mieroso8-flS/7 5
Uiaeco• IS/75
12-Apr-2012
18-Uar-?01?
11 Mar-2012
r* fk;-p
I E>pb(0 1.045.745w#&:la s u<1t«dbyus9rs ofth• Npicrafl Toolbar
3rdAugust 2012
fiM fchr
•*arch .!p.
I
|
3
s*« contains
f£WC-P
P5 NG-P
H fclG-P
GIC-P
ft
lookup!
a te contains .net :‫ ׳‬aft.com
Results fo r m icro soft
6((£8133
5555.176183
85 56 175183
56 52103 234
55 52 103234
55 52 103 ?34
65 5€ 175 183
Ucreot Cat
Were5 ‫ •ג‬Cap
M a cs* Cap
U a c s * Cap
lAacsot Cap
1 Found 252 sites
Site
Site Report First seen
1. w .x n :f5 J 0 f:.:« r1
1
2.
:u»pert.m tro5eft.to‫״׳‬
1
3-
f'e c s 'f.fo r
1
4.
1
5. ‫־‬r s d 1‫־‬.merosoftcom
1
67.
1
n»nd9M .TkfM «f(.tom
ca-m1:ro*oftxom
soaal tochncc.microsoft.ccm
8. ■'tswara.nnicroioft.coni
9. MNM<pd«ta.n«lcnaoftcD«n
10. aooal.msdn.iTtKroBoft.tom
11■ } • m1!f01»H,t«1«
12• *»«d0»<«upd»ta.‫׳‬nKr©«©ft.<0m
13. n ffd it•
r#‫׳‬r1
14. »1«.m«r91alWf»f>alatftr,nyr
IS. search.mKroicft.ccm
16. ***(.m icroioftator• com
17. :o ^ r .mtcrotoHorV11to.com
IB. M0r.1nKr0B0H.c0m
a
e
a
a
a
£1
a
a
£1
(U
a
a
a
a
a
a
a
a
Netblock
OS
Mac: UpOTie - the Dm* since last reboot >3explained la the fAO
(1M1) 2*120*24:13
august 1995
microsoft corp
otrix netscaler
octobar 1997
microsoft corp
unicnown
Sle
>wvwpassport con
60
Uax
129
august 1909
mieroaoft torp
otrix n atari to*
www‫ ׳‬encarta.com
52
56
juoa 1998
microsoft corp
w rio o a * * 2 0 0 8 ‫־‬%♦‫־‬
asi‫׳‬oue• com
MMMrcarpeiAteem
48
46
91
81
?
mada com
41
£6
!
rriacsotcomt*
mtreso* iu
mjrat• hcrro microcoHcom
39
38
38
39
50
84
!
c9lm acso8.com
3®
66
<
* mw 12:2:1 r*1
n‫׳‬Krc«08c0m
wwwmancanvlw
caficcant
33
32
20
20
77
*6
£2
£0
wnoows s*rr*» 2W8
intro**
Pf&C-P
rsoG -r
K.ac»o« ‫י‬S/7 5
WlCTCSOf-M‫־‬IP*/‫׳‬l2 0
IMac40MS/7 4
ItK T C M U t^f
u.acsol-lC/7 5
wwwoficccom
08k • nMcmalt cent
Mogs tacftnatcam
20
35
36
185
110
20
F6BG-P
IWa«$0MV/5
U1ac«08-iS/7 5
wwwrn»uesot.con1
lemincom
men ca p
IA/EC0U
msnccra
24
92
32
20
!8
45
?4
36
51
79
saptennbor 1998 microsoft coro
otrix netsealor
novombor 1998 microsoft corp
unoow n
august 2008
microsoft coro
citnx notscalor
august 2009
microsoft imttod
window■ ‫ ! ׳ ״‬e 2008
may2007
‫ *״‬r f i w . « >«0 ‫ ׳‬2 ‫« כ‬
august 2008
otrix notacotor
novombor 2001 ms hotm••!
ctrix n t ttta l• ‫׳‬
fabwary 1999
microsoft corp
- rS o ‫*״‬
faboary 3003
microsoft corp
wr«<M1 ■••var ?90S
novombor ?008 •Itam ai torhnelooiet
January 1997
ao-v•2308 ‫־׳‬
linuv
a<ama‫ ׳‬international ‫ ה‬v Itoux
bio-c
novombor 2008 d« ltal rlvor iroiand ltd.
f5
docombor 2010 microsoft corp
window• s«%a• 21303
october ‫ ג‬00 ‫כ‬
w rcova S*2008 ‫־♦\־‬
microsoft corp
Avtraoe
Server
OS
J
v/11«o*3 S»r.‫־‬a 2CC8
U1ac308-1S/7 5
reoG-p
wnflows Sfr.tr2i<X
inertx»«
UtCTCSOMS/7 Q
l/Krcsot-IS/7 5
&$F
Uiereso• IS/7 £
Macs©*-*2/7:
lft<yc90MSS7 5
U*<reco*-IS/7 5
FSBCP
w!‫ ז « » י‬Sana 2CC3
Iitacc08 li/7 8
U atM H V T S
!
CiMi n«C«ral*r
F5BC P
IM
OCKOM
SM0
U>ae sol 1V7 8
U tacso•18/7 0
>
IAOCSOt-13/7 3
FIGURE 2.3 3 : N e tc r a ft s h o w in g th e o p e ra tin g s y s te m th a t is in use b y M ic ro s o ft
M o d u le 0 2 P a g e 2 0 8
E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s C o p y r ig h t © b y E C - C 0 lin C il
A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d .
E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s
E x a m 3 1 2 - 5 0 C e r t if ie d E t h ic a l H a c k e r
F o o t p r in t in g a n d R e c o n n a is s a n c e
D
e t e r m
((IL *
' ‫* “׳׳'־״‬
i n e
t h e
S H O D A N
O
p e r a t i n g
S e a r c h
S y s t e m
( C
o n t ’ d )
E n g in e
S o u rce : h ttp ://w w w .s h o d a n h a .c o m
U s e S H O D A N s e a rc h e n g in e t h a t le ts y o u f in d s p e c ific c o m p u t e r s ( r o u t e r s , s e rv e r s , e tc .) u s in g a
v a r ie ty o f filte rs .
Ex
p o s e
O
n l in e
D
e v ic e s
.
W ebcam s. Ro uters.
,vA >j
P O W E R P L A N T S . IP H O N E S . W I N D T U R B IN E S .
£ * ‫*׳׳‬
R E FR IG E R A T O R S . V O IP P H O N E S .
Take a Tour
Free Sion Up
Papular Search Querios: RuggotiConi oyposod via loln ot Wired: hT1f£ /w w w .w 1ro<].car11f]rGaCeveV2012/0'Un1ggQdco1n-iH C M ooti (-ull O iscloctrc: http:/'soc...
U2
D e v e lo p e r API
■ Ond out how 10 accc33 the Qhodan
ilHtalMSH with P/lhon. Pw1 ot Ruby
©
Le a r n M o r e
Fo l l o w M e
Gel rnorc oat c f ycur 5 c j‫־‬cf‫־‬c3
and find •*‫ ־‬mfnmaton
rwwl
>**1
FIGURE 2 .3 4 : SHODAN S earch E ngine s c re e n s h o t
M o d u le 0 2 P a g e 2 0 9
E t h i c a l H a c k i n g a n d C o u n t e r m e a s u r e s C o p y r i g h t © b y E C - C 0 U n C il
A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d .
E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s
E x a m 3 1 2 - 5 0 C e r t if ie d E t h ic a l H a c k e r
F o o t p r in t in g a n d R e c o n n a is s a n c e
* SHODAN
Search
Services
HTTP
HTTP Alternate
FTP
SNMP
UPnP
Error
6,692.080
164,711
13.543
9,022
6.392
66.77.20.147
W indow s XP
B1znews24.com
A d d e d on 25 09 2012
H T T P 1.0 4 0 3 F o rb id d e n
S§
S e r v e r M ic r o s o ft-I IS 6 .0
C o n te n t-L e n g th 218
C o n te n t •T y p e : te x th tm l
Arin gton
IIS E x p o rt: T h is w e b site w a s e x p o rte d u sm g U S E x p o rt v 4 J
c lie n t s 2 .b n 2 4 .c o m
X -P o w e re d -B y : A S P .N E T
D a te : T u e ? 25 S e p 2 0 1 2 0 1 :5 3 :0 0 G M T
Top Countries
United States
China
United Kingdom
Germany
Canada
3,352,389
506,298
362,793
247,985
246,968
www.net.cn)
112.127.180.133
HiChina W eb Solutions (Bering) Lim ited
A d d e d on 25 0 9 2 0 1 2
H T T P 1.0 2 0 0 O K
H
L a s t-M o d ifie d W ed. 2 2 J u n 2011 1 0 :28:46 G M T
Chaoyang
C o n te n t- T y p e : te x th tm l
A cc ep t-R an g e s: b y te s
E T ag: " 0 8 3 b 4 2 sc 7 3 0 c c l:0 "
Top Cities
Englewood
Beijing
Columbus
Dallas
Seoul
Server. M ic r o s o ft-I IS 7.5
170,677
111,663
107,163
90.899
86,213
Top Organizations
Verio W eb Hosting
97,784
HiChina W eb Solutions ... 52,629
Ecommerce Corporation
43,967
GoDaddy.com, LLC
33,234
Comcast Business Commu...
32,203
X -P o w e r e d - B y A S P N E T
X -U A -C o m p a tib le E - E m u la te I E 7
D ate: T u e , 25 S e p 2 0 1 2 0 1 :5 3 :0 2 G M T
C o n te n t •L ength: 5304
The page must be viewed over a secure channel
41.216.174.82
W in dow s XP
V D T C o m m u n ic a t io n s L im it e d
A d d e d on 25 0 9 2 0 1 2
II
H T T P 1 .0 4 0 3 F o rb id d e n
C o n ten t-L en g th : 1409
C o n te n t- T y p e : te x th tm l
S e r v e r M ic r o s o ft-I IS 6 .0
X -P o w e r e d - B y A S P N E T
D a te : T u e , 25 S e p 2 0 1 2 0 1 :5 9 :2 0 G M T
IIS7
110.142.89.161
T elstra Internet
A d d e d on 25 09 2012
H T T P 1.0 2 0 0 O K
e f l W entw orth F a ls
L a s t-M o d ifie d : S a t, 2 0 N o v 2 0 1 0 0 3 :13:31 G M T
C o n te n t- T y p e : te x th tm l
A c c ep t-R an g e s: b y te s
E T ag: “3 a 2 4 cb e 8 6 0 S 8 c b l :0"
S e r v e r M ic r o s o ft-I IS 7.5
X -P o w e re d -B y : A S P N E T
D a te : T u e , 25 S e p 2 0 1 2 0 1 :5 2 :5 0 G M T
FIGURE 2 .3 5 : SH O D AN s c re e n s h o t
M o d u le 0 2 P a g e 2 1 0
E t h i c a l H a c k i n g a n d C o u n t e r m e a s u r e s C o p y r i g h t © b y E C - C 0 U n C il
A l l R ig h t s R e s e r v e d , R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d .
E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s
E x a m 3 1 2 - 5 0 C e r t if ie d E t h ic a l H a c k e r
F o o t p r in t in g a n d R e c o n n a is s a n c e
CEH
Traceroute
Traceroute programs work on the concept of ICMP protocol and use the TTL field in
the header of ICMP packets to discover the routers on the path to a target host
IP Source
Router Hop
IC M P E cho re q u e s t
Router Hop
Router Hop
Destination Host
TTL = 1
T r a c e r o u t e
F in d in g t h e
ro u te
o f th e
t a r g e t h o s t is n e c e s s a r y t o
a tta c k s a n d o t h e r re la tiv e a tta c k s . T h e r e fo r e , y o u
th e
n e t w o r k . T h is c a n
be
a c c o m p lis h e d
w ith
th e
t e s t a g a i n s t m a n - i n ‫־‬t h e ‫ ־‬m i d d l e
n e e d to fin d th e
h e lp
o f th e
ro u te
T ra c e ro u te
o f t h e t a r g e t h o s t in
u tility
p ro v id e d
w ith
m o s t o p e r a t i n g s y s t e m s . It a l l o w s y o u t o t r a c e t h e p a t h o r r o u t e t h r o u g h w h i c h t h e t a r g e t h o s t
p a c k e ts t r a v e l in t h e n e t w o r k .
T r a c e r o u t e u s e s t h e I C M P p r o t o c o l c o n c e p t a n d T T L ( T i m e t o L i v e ) f i e l d o f IP h e a d e r t o f i n d t h e
p a t h o f t h e t a r g e t h o s t in t h e n e t w o r k .
T he T ra c e ro u te
th e
u tility can d e ta il th e
n u m b e r o f ro u te rs th e
b e tw e e n tw o
In te rn e t
P ro to c o l
num ber
c a lle d
of
T im e
ro u te rs
d e c r e m e n t th e TTL c o u n t fie ld
p a c k e t w ill
be
d is c a rd e d
IP p a c k e t s t r a v e l b e t w e e n
p a c k e ts tra v e l th r o u g h , th e
r o u te r s , a n d , if t h e
and
ro u n d
trip
r o u te r s h a v e D N S e n trie s , th e
n e t w o r k a ffilia tio n , as w e ll as th e
m a x im u m
p a th
g e o g ra p h ic
To
a
L iv e
packet
in t h e
an
lo c a tio n .
(T T L ).
m ay
The
tra n s it.
fie ld
Each
m essage
w ill
be
d u ra tio n
in t r a n s i t i n g
ro u te rs a n d th e ir
b y e x p lo itin g a fe a tu r e
is
ro u te r
IC M P h e a d e r b y o n e . W h e n
e rro r
tim e
s y s t e m s . It c a n t r a c e
n a m e s o f th e
It w o r k s
TTL
tw o
in te rp re te d
th a t
th e
tra n s m itte d
to
h a n d le s
a
o f th e
in d ic a te
th e
packet
w ill
c o u n t re a c h e s z e ro , th e
to
th e
o rig in a to r
o f th e
p a c k e t.
M o d u le 0 2 P a g e 2 1 1
E t h i c a l H a c k i n g a n d C o u n t e r m e a s u r e s C o p y r i g h t © b y E C - C 0 U n C il
A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d .
E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s
E x a m 3 1 2 - 5 0 C e r t if ie d E t h ic a l H a c k e r
F o o t p r in t in g a n d R e c o n n a is s a n c e
It s e n d s o u t a p a c k e t d e s t i n e d f o r t h e d e s t i n a t i o n s p e c i f i e d . It s e t s t h e T T L f i e l d in t h e p a c k e t t o
o n e . T h e f i r s t r o u t e r in t h e
p a th
re c e iv e s t h e
p a c k e t, d e c r e m e n ts th e TTL v a lu e
b y o n e , a n d if
t h e r e s u l t i n g T T L v a l u e is 0 , i t d i s c a r d s t h e p a c k e t a n d s e n d s a m e s s a g e b a c k t o t h e o r i g i n a t i n g
h o s t to in fo rm
i t t h a t t h e p a c k e t h a s b e e n d i s c a r d e d . It r e c o r d s t h e IP a d d r e s s a n d D N S n a m e o f
t h a t r o u t e r , a n d s e n d s o u t a n o t h e r p a c k e t w i t h a T T L v a lu e o f t w o . T h is p a c k e t m a k e s it t h r o u g h
t h e f i r s t r o u t e r , t h e n t i m e s - o u t a t t h e n e x t r o u t e r in t h e p a t h . T h i s s e c o n d r o u t e r a ls o s e n d s a n
e r r o r m e s s a g e b a c k t o t h e o r i g i n a t i n g h o s t . T r a c e r o u t e c o n t i n u e s t o d o t h i s , a n d r e c o r d s t h e IP
a d d re s s a n d n a m e o f e a c h r o u t e r u n til a p a c k e t fin a lly re a c h e s t h e t a r g e t h o s t o r u n til it d e c id e s
t h a t t h e h o s t is u n r e a c h a b l e . I n t h e p r o c e s s , i t r e c o r d s t h e t i m e i t t o o k f o r e a c h p a c k e t t o t r a v e l
ro u n d
trip
to
each
ro u te r.
re s p o n s e w ill b e se n d to
F in a lly ,
th e
when
it
re a ch e s
s e n d e r. T h u s, th is
th e
u tility
d e s tin a tio n ,
h e lp s t o
th e
reve a l th e
n o rm a l
IC M P
p in g
IP a d d r e s s e s o f t h e
i n t e r m e d i a t e h o p s in t h e r o u t e o f t h e t a r g e t h o s t f r o m t h e s o u r c e .
IP S ource
R o u te r H op
ICMP Echo request
R o u te r H op
R o u te r H op
D e s tin a tio n H ost
TTl =1
.................................«
............................................................................................................................... '
a
a
a
HTSTSW S
a
A A A
A
ICMP error message
ICMP Echo request
-‫•• א‬
...............................
A Mi A
A
■■■■■■■■■■■‫ י‬A A A
A
"—
1‫־‬
ICMP error message
ICMP Echo request
ICMP error message
ICMP Echo request
H I ::::
A
AA A A
|
1
ICMP Echo Reply
FIGURE 2 .3 6 : W o rk in g o f T ra c e ro u te p ro g ra m
How to use the tracert command
G o to th e c o m m a n d p ro m p t an d ty p e th e t r a c e r t
c o m m a n d a l o n g w i t h d e s t i n a t i o n IP a d d r e s s
o r d o m a in n a m e as fo llo w s :
C :\> tra c e rt
2 1 6 .23 9.3 6.1 0
T ra c in g r o u te t o n s 3 .g o o g le .c o m
124
[2 1 6 .2 3 9 .3 6 .1 0 ] o v e r a m a x im u m
1
1 2 6 2 ms
1 8 6 ms
2
2 7 9 6 ms
3 0 6 1 ms
3 4 3 6 ms
1 9 5 .2 29.252.130
3
1 5 5 ms
2 1 7 ms
1 5 5 ms
195.229.252.114
2171
ms
1 4 0 5 ms
5
2 6 8 5 ms
1 2 8 0 ms
6 5 5 ms
d x b - e m i x - r a . g e 6 3 0 3 . e m i x . ae
6
2 0 2 ms
5 3 0 ms
9 9 9 ms
d x b - e m i x - r b . s o l O O . e m i x . ae
609
ms
M o d u le 0 2 P a g e 2 1 2
1124
ms
1748
ms
195.229.252.10
4
7
1530
ms
o f 30 hops:
ms
194.170.2.57
[1 9 5 .2 2 9 .3 1 .9 9 ]
[1 9 5 .2 2 9 .0 .2 3 0 ]
ia rl-s o -3 -2 -0 .T h a m e s s id e .c w .n e t
[1 6 6 .6 3 .2 1 4 .6 5 ]
E t h i c a l H a c k i n g a n d C o u n t e r m e a s u r e s C o p y r i g h t © b y E C - C 0 U n C il
A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d .
E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s
E x a m 3 1 2 - 5 0 C e r t if ie d E t h ic a l H a c k e r
F o o t p r in t in g a n d R e c o n n a is s a n c e
8 1 6 2 2 ms
9
2377
2 4 9 8 ms
ms
2 0 6 1 ms
9 6 8 ms
5 9 3 ms
e q ix v a -g o o g le -g ig e .g o o g le .c o m
2 16 .239.48.193
10
3 5 4 6 ms
3 6 8 6 ms
3 0 3 0 ms 2 1 6 . 2 3 9 . 4 8 . 8 9
11
1 8 0 6 ms
1 5 2 9 ms
8 1 2 ms 2 1 6 . 3 3 . 9 8 . 1 5 4
12
1 1 0 8 ms
1 6 8 3 ms
2 0 6 2 ms n s 3 . g o o g l e . c o m
Trace
[206.223.115.21]
[2 1 6.239.36.10]
co m p le te .
M o d u le 0 2 P a g e 2 1 3
E t h i c a l H a c k i n g a n d C o u n t e r m e a s u r e s C o p y r i g h t © b y E C - C 0 U n C il
A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d .
E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s
E x a m 3 1 2 - 5 0 C e r t if ie d E t h ic a l H a c k e r
F o o t p r in t in g a n d R e c o n n a is s a n c e
Traceroute Analysis
Attackers co n d u c t tra ce ro u te to extract in fo rm a tio n a bo u t: n e tw o rk to p o lo g y , tru sted ro u te rs, and
fire w a ll lo ca tio n s
For exam ple: a fter running several tra c e ro u te s, an attacker m ight o bta in th e fo llo w in g in fo rm atio n:
J
»
traceroute 1.10.10.20, second to last hop is 1.10.10.1
»
traceroute 1 10.20.10, third to last hop is 1.10.10.1
&
traceroute 1 10.20.10, second to last hop is 1.10.10.50
»
traceroute 1 10.20.15, third to last hop is 1.10.10.1
a
traceroute 1 10.20.15, second to last hop is 1.10.10.50
ED
n
o
By putting this in fo rm a tio n together, attackers can draw th e n e tw o rk dia g ra m
IIIIIIIIIIIIIIIIIIII
1.10.10.20
1.10.20.10
B a s tio n H ost
W e b S e rv e r
1.10.20.50
H acker
F ire w a ll
1.10.20.
M a il S e rv e r
Copyright © by EG-G*ancil. All Rights Reserved. Reproduction is Strictly Prohibited.
T r a c e r o u t e
s‫־־־‬
W e
in te rm e d ia te
have
seen
A n a l y s i s
how
d e v ic e s s u c h
th e T ra c e ro u te
u tility
h e lp s y o u
to
fin d
o u t th e
as r o u te r s , fir e w a lls , e tc . p r e s e n t b e t w e e n
s o u rc e
IP a d d r e s s e s o f
and
d e s tin a tio n .
Y o u ca n d r a w th e n e tw o r k to p o lo g y d ia g ra m
b y a n a ly z in g th e T r a c e r o u te re s u lts . A f t e r r u n n in g
se ve ra l tra c e ro u te s , y o u
o u t th e
n e tw o rk .
w ill b e a b le t o fin d
lo c a tio n
o f a p a rtic u la r h o p
in t h e t a r g e t
L e t's c o n s i d e r t h e f o l l o w i n g t r a c e r o u t e r e s u lt s o b t a i n e d :
9
tra ce ro u te
1 .1 0 .1 0 .2 0 ,
second
9
tra ce ro u te
1 . 1 0 . 22 00 .. 11 00 .
th ird
tra ce ro u te
1 .1 0 .2 0 .1 0
second
tra ce ro u te
1 .1 0 .2 0 .1 5
th ird
tra ce ro u te
1 .1 0 .2 0 .1 5
second
to
to
to
to
to
la s t
la s t
hop
hop
la s t
la s t
hop
hop
la s t
hop
is
is
is
is
is
1 .1 0 .1 0 .1
1 .1 0 .1 0 .1
1 .1 0 .1 0 .5 0
1 .1 0 .1 0 .1
1 .1 0 .1 0 .5 0
B y a n a ly z in g th e s e re s u lts , a n a tta c k e r ca n d r a w t h e n e t w o r k d ia g ra m
o f t h e t a r g e t n e t w o r k as
fo llo w s :
M o d u le 0 2 P a g e 2 1 4
E t h i c a l H a c k i n g a n d C o u n t e r m e a s u r e s C o p y r i g h t © b y E C - C 0 U n C il
A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d .
E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s
E x a m 3 1 2 - 5 0 C e r t if ie d E t h ic a l H a c k e r
F o o t p r in t in g a n d R e c o n n a is s a n c e
1.10.20.10
W eb Server
DMZ ZONE
§
Hacker
.........
In te rn e t
1.10.10.1
Router
1.10.10.50
Firewall
1.10.20.50
Firew all
1.10.20.15
M ail S erv er
FIGURE 2 .3 7 : D ia g ra m m a tic a l re p re s e n ta tio n o f th e ta r g e t n e tw o rk
M o d u le 0 2 P a g e 2 1 5
E t h i c a l H a c k i n g a n d C o u n t e r m e a s u r e s C o p y r i g h t © b y E C - C 0 U n C il
A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d .
E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s
E x a m 3 1 2 - 5 0 C e r t if ie d E t h ic a l H a c k e r
F o o t p r in t in g a n d R e c o n n a is s a n c e
P a th
A n a ly z e r
P ro
and
V is u a lR o u te
2010
a re
th e
tw o
to o ls
s im ila r
to
T ra c e ro u te
i n t e n d e d t o t r a c e r o u t e t h e t a r g e t h o s t in a n e t w o r k .
P a th
<
P a th
ro u te
A n a ly z e r
P r o
S o u rce : h ttp ://w w w .p a th a n a ly z e r .c o m
A n a ly z e r
fro m
P ro
so u rce
is a g r a p h i c a l - u s e r - i n t e r f a c e - b a s e d
to
d e s tin a tio n
g ra p h ic a lly .
It
n u m b e r , i t s IP a d d r e s s , h o s t n a m e , A S N , n e t w o r k
a ls o
tra c e
ro u tin g
p ro v id e s
name,
to o l
th a t show s
in fo rm a tio n
such
you
as t h e
th e
hop
% lo s s , la t e n c y , a v g . la t e n c y , a n d s td .
d e v . a b o u t e a c h h o p i n t h e p a t h . Y o u c a n a l s o m a p t h e l o c a t i o n o f t h e IP a d d r e s s i n t h e n e t w o r k
w i t h t h i s t o o l . It a l l o w s y o u t o d e t e c t f ilt e r s , s t a t e fu l f ir e w a l ls , a n d o t h e r a n o m a lie s a u t o m a t i c a l l y in
th e n e tw o rk .
M o d u le 0 2 P a g e 2 1 6
E t h i c a l H a c k i n g a n d C o u n t e r m e a s u r e s C o p y r i g h t © b y E C - C 0 U n C il
A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d .
E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s
E x a m 3 1 2 - 5 0 C e r t if ie d E t h ic a l H a c k e r
F o o t p r in t in g a n d R e c o n n a is s a n c e
V is u a lR o u te
2 0 1 0
S o u rce : h ttp ://w w w .v is u a lr o u te .c o m
T h i s is a n o t h e r g r a p h i c a l - u s e r - b a s e d t r a c i n g t o o l t h a t d i s p l a y s h o p - b y - h o p
you to
a n a ly s is . It e n a b le s
i d e n t i f y t h e g e o g r a p h i c a l l o c a t i o n o f t h e r o u t e r s , s e r v e r s , a n d o t h e r IP d e v i c e s . I t is a b l e
to p ro v id e th e tra c in g in fo r m a tio n
in t h r e e f o r m s : as a n o v e r a l l a n a ly s is , in a d a t a t a b l e , a n d as
a g e o g r a p h i c a l v i e w o f t h e r o u t i n g . T h e d a t a t a b l e c o n t a i n s i n f o r m a t i o n s u c h a s h o p n u m b e r , IP
a d d r e s s , n o d e n a m e , g e o g r a p h i c a l l o c a t i o n , e t c . a b o u t e a c h h o p in t h e r o u t e .
F e a tu re s :
9
H o p -b y -h o p tra c e ro u te s
9
R e ve rse tr a c in g
^
H is to ric a l a n a ly s is
9
P a c k e t lo s s r e p o r t i n g
9
R e ve rse DNS
9
P in g p l o t t i n g
9
P o rt p ro b in g
9
F i r e f o x a n d IE p l u g i n
M o d u le 0 2 P a g e 2 1 7
E t h i c a l H a c k i n g a n d C o u n t e r m e a s u r e s C o p y r i g h t © b y E C - C 0 U n C il
A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d .
E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s
E x a m 3 1 2 - 5 0 C e r t if ie d E t h ic a l H a c k e r
F o o t p r in t in g a n d R e c o n n a is s a n c e
Frfe Ed«t Options View M *p
t from
1
v ►ttp://
My Compute*
‫־‬s -
VisualRoute 2010 ‫ ־‬Business Edition • Tnal day 1 of IS
Tools H*4p
v».n-KT0«0ftaH
•0
1
v
I «ct
00
PM
‫? ״‬f
Mm • lo o lv
61»q
Kgre to m o vt this view f
.
y
S#tv•* t% stopped
www m*cf * « com (65 55 57 8 0 ) £ f| _
O M .m a
lo o t s , j Run o o c•
® Tr«c«f ou le to w w w j« K
10
to n .c o n
1
‫ ״ ז‬9‫י‬
To
L o c a t io n
A a J • rtformfton ‫^ ן‬h<k and
www m icrosoft c om (65 5 5 57 80)
M 1cro*oft Corp
RTT
• /•/•
oa
1
in general thr* rout• is reason ably q u ic k ,* th hop* !♦*ponding
Redm ond. W A . U S A
N e tw o rk
F ir e w a ll
/ V A n a ly s is
on average within 122m s However, all h ops after hop 10 in
network ]Network for 207 46 47 18)* !•*pond particularly *lowtjr
RTT
■
Mot responding to pings
116 3 m * /2 9 6 m *
‫ ״‬1 ‫־*״‬
■
P acket Loss
36 l% / 1 0 0 %
O pen to http request* on port 80
P o rt P r o b e
R unning *enter M icro*o!WIS/7 5
P a c k e t lo s s
R esp on ded in 9543m *
AH
R o u te le n g th A t least 17 hops
A lt e r n a te
‫״‬
4 hop(*) hare alternate route* (Hop{*) 1 2 .1 3 .1 4
& 15)
ro u te s ?
O Tracer out• to w n w in K i otoH .com
You are on day l of a IS day tria l. For purchase inform ation d id t h e re or en ter a license key.
Your database is 338 days out of da te d ick here to update.
li t i t tim e u s e S pe< u l offe t ? Q kfc h g t 10 J M f c l H t f l i B f t « 1 V b m B P V t g 1 *‫ ־‬t t t i f l f l i l * H o u rs O nly!
FIGURE 2 .3 9 : V is u a lR o u te 2 0 1 0 s c re e n s h o t
M o d u le 0 2 P a g e 2 1 8
E t h i c a l H a c k i n g a n d C o u n t e r m e a s u r e s C o p y r i g h t © b y E C - C 0 U n C il
A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d .
E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s
E x a m 3 1 2 - 5 0 C e r t if ie d E t h ic a l H a c k e r
F o o t p r in t in g a n d R e c o n n a is s a n c e
Traceroute Tools
CEH
( C o n t ’d )
p^j
N e t w o r k P in g e r
M a g ic N e tT ra c e
http:/'/www. networkpinger.com
http://www.tialsoft.com
0!
G E O S p id e r
1^1 | r l
http://www.oreware, com
3 D T r a c e r o u te
http://www.d3tr.de
v T ra c e
A n a lo g X H y p e rT ra c e
http://vtrace.pl
http://www.analogx.com
N e tw o r k S y s te m s T ra c e ro u te
http://www.net.princeton.edu
Si
R o a d k il's T ra c e R o u te
P in g P lo tte r
Mot
http://www. roadkil. net
http://www.pingplotter, com
V4V
Copyright © by EG-G*ancil. All Rights Reserved. Reproduction is Strictly Prohibited.
T r a c e r o u t e
A fe w
T o o l s
m o re tra c e ro u te
( C
o n t ’ d )
to o ls s im ila r to
P a th A n a ly z e r P ro a n d V is u a lR o u te 2 0 1 0 a re
lis te d as fo llo w s :
S
N e t w o r k P in g e r a v a ila b le a t h t t p : / / w w w . n e t w o r k p i n g e r . c o m
£
G E O S p id e r a v a ila b le a t h t t p : / / w w w . o r e w a r e . c o m
Q
v T ra c e a v a ila b le a t h t t p :/ / v t r a c e . p l
Q
T r o u t a v a ila b le a t h t t p : / / w w w . m c a f e e . c o m
Q
R o a d k il's T ra c e R o u te a v a ila b le a t h t t p : / / w w w . r o a d k i l . n e t
Q
M a g ic N e tT ra c e a v a ila b le a t h t t p : / / w w w . t ia ls o f t . c o m
0
3 D T ra c e ro u te a v a ila b le a t h ttp ://w w w .d 3 tr .d e
Q
A n a lo g X H y p e rT ra c e a v a ila b le a t h t t p :/ / w w w .a n a lo g x . c o m
Q
N e t w o r k S y s te m s T ra c e ro u te a v a ila b le a t h t t p : / / w w w . n e t . p r i n c e t o n . e d u
Q
P in g P l o t t e r a v a ila b le a t h t t p : / / w w w . p i n g p l o t t e r . c o m
M o d u le 0 2 P a g e 2 1 9
E t h i c a l H a c k i n g a n d C o u n t e r m e a s u r e s C o p y r i g h t © b y E C - C 0 U n C il
A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d .
E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s
E x a m 3 1 2 - 5 0 C e r t if ie d E t h ic a l H a c k e r
F o o t p r in t in g a n d R e c o n n a is s a n c e
F o o t p r in t in g
M e t h o d o lo g y
C E H
Footprinting through Search
Engines
WHOIS Footprinting
Website Footprinting
DNS Footprinting
Email Footprinting
Network Footprinting
Competitive Intelligence
Footprinting through Social
Engineering
Footprinting using Google
Footprinting through Social
Networking Sites
Copyright © by EG-G ouid. A ll Rights Reserved. Reproduction isStrictly Prohibited.
s
F o o t p r i n t i n g
So fa r w e
M
e t h o d o l o g y
h a v e d is c u s s e d v a r io u s te c h n iq u e s o f g a t h e r in g
in fo rm a tio n e ith e r w ith th e
h e lp o f o n lin e r e s o u r c e s o r to o ls . N o w w e w ill d is c u s s f o o t p r i n t i n g t h r o u g h
th e a rt o f g ra b b in g in fo rm a tio n fr o m
s o c ia l e n g in e e r in g ,
p e o p le b y m a n ip u la tin g th e m .
T h is s e c tio n c o v e rs t h e s o c ia l e n g in e e r in g c o n c e p t a n d t e c h n iq u e s u s e d t o g a t h e r in f o r m a t io n .
M o d u le 0 2 P a g e 2 2 0
E t h i c a l H a c k i n g a n d C o u n t e r m e a s u r e s C o p y r i g h t © b y E C - C 0 U n C il
A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d .
E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s
E x a m 3 1 2 - 5 0 C e r t if ie d E t h ic a l H a c k e r
F o o t p r in t in g a n d R e c o n n a is s a n c e
FootprintingthroughSocial
Engineering
0
r Ell
E
!z
J
Social e n g in e e rin g is th e a r t o f c o n v in c in g p e o p le to re v e a l c o n fid e n tia l
J
Social e n g in e e rs d e p e n d on th e fa c t th a t p e o p le are u n a w a re o f th e ir
0
n
in fo rm a tio n
r \
4
1
r*
v a lu a b le in fo rm a tio n an d are careless a b o u t p ro te c tin g it
0
0
0
0
Social e n g in e e rs a tte m p t to g a ther:
‫ה‬
Social e n g in eers use th e s e te ch n iq u e s:
Credit card details and social security
number
&
User names and passwords
S
Other personal information
S
Eavesdropping
S
Shoulder surfing
S
Dumpster diving
S
-
Security products in use
S
Operating systems and software
0
Impersonation on social networking
sites
a
versions
S
Network layout information
S
IP addresses and names of servers
0
m
0
0
0
Copyright © by EG-G(HIICil. All Rights Reserved. Reproduction Is Strictly Prohibited.
F o o t p r i n t i n g
S o c ia l
e n g in e e rin g
t h r o u g h
is a t o t a l l y
S o c ia l
E
n o n -te c h n ic a l
p e rs o n a n d o b ta in s c o n fid e n tia l in fo rm a tio n
a b o u t th e
n g i n e e r i n g
p ro ce ss
in
w h ic h
an
a tta c k e r tric k s
a
t a r g e t i n s u c h a w a y t h a t t h e t a r g e t is
u n a w a r e o f t h e f a c t t h a t s o m e o n e is s t e a l i n g h i s o r h e r c o n f i d e n t i a l i n f o r m a t i o n . T h e a t t a c k e r
a c t u a lly p la y s a c u n n in g g a m e w i t h t h e t a r g e t t o o b t a i n c o n f id e n t ia l i n f o r m a t io n . T h e a t t a c k e r
ta k e s a d v a n ta g e
o f th e
h e lp in g
n a tu re
o f p e o p le
and
th e ir w e a k n e s s to
p ro v id e
c o n fid e n tia l
in fo rm a tio n .
To p e rfo rm
s o c ia l e n g in e e r in g , y o u f i r s t n e e d t o g a in t h e c o n f i d e n c e o f a n a u t h o r i z e d u s e r a n d
th e n
h im
tric k
e n g in e e rin g
or
is t o
her
o b ta in
in to
re v e a lin g
re q u ire d
c o n fid e n tia l
c o n fid e n tia l
in fo rm a tio n .
in fo rm a tio n
and
h a c k in g a t t e m p t s s u c h as g a in in g u n a u t h o r iz e d
access to th e
e s p io n a g e ,
e tc . T h e
n e tw o rk
in tru s io n ,
c o m m it fra u d s ,
The
th e n
b a s ic
use th a t
goal
of
s o c ia l
in fo rm a tio n
fo r
s y s te m , id e n tity th e ft, in d u s tria l
in fo rm a tio n
o b ta in e d
th ro u g h
s o c ia l
e n g in e e r in g m a y in c lu d e c r e d it c a rd d e ta ils , s o c ia l s e c u r it y n u m b e r s , u s e r n a m e s a n d p a s s w o r d s ,
o th e r p e rs o n a l in fo rm a tio n , o p e ra tin g s y s te m s a n d s o ftw a re
s e rv e rs , n e tw o r k la y o u t in fo rm a tio n , a n d
m uch
v e r s i o n s , IP a d d r e s s e s , n a m e s o f
m o r e . S o c ia l e n g in e e r s u s e t h is i n f o r m a t i o n t o
h a ck a s y s te m o r to c o m m it fra u d .
S o c ia l e n g i n e e r i n g
can
be
p e rfo rm e d
in m a n y w a y s s u c h
as e a v e s d r o p p in g , s h o u ld e r s u rfin g ,
d u m p s t e r d iv in g , im p e r s o n a t i o n o n s o c ia l n e t w o r k i n g s ite s , a n d s o o n .
M o d u le 0 2 P a g e 2 2 1
E t h i c a l H a c k i n g a n d C o u n t e r m e a s u r e s C o p y r i g h t © b y E C - C 0 U n C il
A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d .
E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s
E x a m 3 1 2 - 5 0 C e r t if ie d E t h ic a l H a c k e r
F o o t p r in t in g a n d R e c o n n a is s a n c e
C o lle c t I n f o r m
a t io n
S h o u ld e r S u r fin g ,
E a v e s d ro p p in g
U s in g
a n d
E a v e s d r o p p in g ,
D u m p s t e r D iv in g
&
Shoulder surfing is the procedure
listening o f conversations or
w here the attackers lo o k over
reading o f m essages
the user's sho ulder to gain
com m un ication such as audio,
»
video, or w ritten
U
™ [ j
6
Dum pster diving is looking for
treasure in so m e o n e else's trash
«
critical inform ation
It is interception o f any form of
J *
C
D u m p s te r D iv in g
S h o u ld e r S u rfin g
Eavesdropping is un authorized
f
It involves collection o f phone
bills, contact inform ation,
Attackers gather inform ation such
financial inform ation, operations
as passwords, personal
related inform ation, etc. from
identification num ber, account
the target com pany's trash bins,
num bers, credit card inform ation,
printer trash bins, user desk for
etc.
sticky notes, etc.
©
©
A
Copyright © by EG-G*ancil. All Rights Reserved. Reproduction is Strictly Prohibited.
C
o l l e c t
S u r f i n g ,
As m e n tio n e d
I n f o r m
a n d
a t i o n
D
u m
u s i n g
p s t e r
D
E a v e s d r o p p i n g ,
S h o u l d e r
i v i n g
p re v io u s ly e a v e s d ro p p in g , s h o u ld e r s u rfin g , a n d d u m p s t e r d riv in g a re th e th r e e
te c h n iq u e s u se d to c o lle c t in fo r m a tio n f r o m
p e o p l e u s in g s o c ia l e n g i n e e r i n g . L e t's d is c u s s t h e s e
s o c ia l e n g in e e r in g t e c h n i q u e s t o u n d e r s t a n d h o w t h e y c a n b e p e r f o r m e d t o o b t a i n c o n f id e n t ia l
in fo rm a tio n .
E a v e s d r o p p in g
E a v e s d ro p p in g
is t h e
a c t o f s e c re tly lis te n in g to
th e
c o n v e rs a tio n s o f p e o p le
over a
p h o n e o r v id e o c o n f e r e n c e w i t h o u t t h e i r c o n s e n t . It a ls o in c lu d e s r e a d in g s e c r e t m e s s a g e s f r o m
c o m m u n i c a t i o n m e d i a s u c h a s i n s t a n t m e s s a g i n g o r f a x t r a n s m i s s i o n s . T h u s , i t is b a s i c a l l y t h e a c t
o f in t e r c e p t in g c o m m u n ic a t io n w i t h o u t t h e c o n s e n t o f t h e c o m m u n ic a t in g p a rtie s . T h e a tta c k e r
g a in s
c o n fid e n tia l
in fo rm a tio n
by
ta p p in g
th e
phone
c o n v e rs a tio n ,
and
in te rc e p tin g
a u d io ,
v id e o , o r w r it t e n c o m m u n ic a tio n .
‫י‬
S h o u ld e r
— «— -
W ith
S u r fin g
th is te c h n iq u e , an a t t a c k e r s ta n d s b e h in d th e v ic tim
a n d s e c re tly o b s e rv e s th e
v ic tim 's a c tiv itie s o n th e c o m p u t e r s u c h k e y s tro k e s w h ile e n te r in g u s e rn a m e s , p a s s w o rd s , e tc .
M o d u le 0 2 P a g e 2 2 2
E t h i c a l H a c k i n g a n d C o u n t e r m e a s u r e s C o p y r i g h t © b y E C - C 0 U n C il
A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d .
E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s
E x a m 3 1 2 - 5 0 C e r t if ie d E t h ic a l H a c k e r
F o o t p r in t in g a n d R e c o n n a is s a n c e
T h is t e c h n iq u e
c re d it
ca rd
is c o m m o n l y
in fo rm a tio n ,
and
used
to
s im ila r
g a in
d a ta .
p a s s w o rd s ,
It c a n
be
P IN s, s e c u r it y
codes, account
p e rfo rm e d
a
in
cro w de d
n u m b e rs,
p la c e
as
it
is
is a l s o k n o w n a s t r a s h i n g , w h e r e t h e a t t a c k e r l o o k s f o r i n f o r m a t i o n
in
r e l a t i v e l y e a s y t o s t a n d b e h in d t h e v i c t i m w i t h o u t h is o r h e r k n o w l e d g e .
D u m p s t e r
T h is t e c h n iq u e
D iv in g
th e t a r g e t c o m p a n y 's d u m p s te r . T h e a tta c k e r m a y g a in v ita l in f o r m a t io n
c o n ta c t in fo r m a tio n , fin a n c ia l in fo r m a tio n , o p e r a tio n s - r e la te d
codes,
p rin to u ts
o f s e n s itiv e
in fo rm a tio n ,
e tc . f r o m
th e
s u c h as p h o n e
b ills ,
in fo rm a tio n , p rin to u ts o f s o u rc e
ta rg e t c o m p a n y 's
tra s h
b in s ,
p rin te r
t r a s h b in s , a n d s tic k y n o t e s a t u s e rs ' d e s k s , e tc . T h e o b t a i n e d i n f o r m a t i o n c a n b e h e lp f u l f o r t h e
a tta c k e r to c o m m it a tta c k s .
M o d u le 0 2 P a g e 2 2 3
E t h i c a l H a c k i n g a n d C o u n t e r m e a s u r e s C o p y r i g h t © b y E C - C 0 U n C il
A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d .
E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s
E x a m 3 1 2 - 5 0 C e r t if ie d E t h ic a l H a c k e r
F o o t p r in t in g a n d R e c o n n a is s a n c e
F o o t p r in t in g M e t h o d o lo g y
Footprinting through Search
Engines
WHOIS Footprinting
Website Footprinting
DNS Footprinting
Email Footprinting
Network Footprinting
Competitive Intelligence
Footprinting through Social
Engineering
Footprinting using Google
Footprinting through Social
Networking Sites
Copyright © by EG-G(IIIICil. All Rights Reserved. Reproduction is Strictly Prohibited.
F o o t p r i n t i n g
Though
th ro u g h
s o c ia l
M
fo o tp rin tin g
e n g in e e rin g ,
fo o tp rin tin g
th ro u g h
w h e re a s
in
fo o tp rin tin g
a v a ila b le
on
s o c ia l
m e d iu m to p e rfo rm
e t h o d o l o g y
th ro u g h
th e re
s o c ia l
a re
som e
s o c ia l e n g in e e r in g , t h e
th ro u g h
n e tw o rk in g
s o c ia l
s ite s .
n e tw o rk in g
s ite s
d iffe re n c e s
a tta c k e r tric k s
n e tw o rk in g
A tta c k e rs
can
sounds
s im ila r
b e tw e e n
p e o p le
th e
in to
s ite s ,
th e
a tta c k e r
even
use
s o c ia l
to
tw o
fo o tp rin tin g
m e th o d s .
In
re v e a lin g
in fo rm a tio n
g a th e rs
in fo rm a tio n
n e tw o rk in g
s ite s
as
a
s o c ia l e n g in e e r in g a tta c k s .
T h is s e c t io n e x p la in s h o w
a n d w h a t in fo rm a tio n
ca n b e c o lle c te d fr o m
s o c ia l n e t w o r k i n g s ite s
b y m e a n s o f s o c ia l e n g in e e r in g .
M o d u le 0 2 P a g e 2 2 4
E t h i c a l H a c k i n g a n d C o u n t e r m e a s u r e s C o p y r i g h t © b y E C - C 0 U n C il
A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d .
E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s
E x a m 3 1 2 - 5 0 C e r t if ie d E t h ic a l H a c k e r
F o o t p r in t in g a n d R e c o n n a is s a n c e
C o lle c t
I n f o r m
E n g i n e e r i n g
a t i o n
o n
t h r o u g h
S o c ia l
S o c ia l
N e t w o r k i n g
S ite s
Attackers g a ther sensitive in fo rm a tio n th ro u g h social e n g inee ring on social
n e tw o rk in g w ebsites such as Facebook, M ySpace, Linkedln, T w itte r,
P interest, G oogle+, etc.
I V
Attackers create a fake p ro file on social n e tw o rk in g sites and th e n use th e false
id e n tity to lure th e em ployees to give up th e ir sensitive in fo rm a tio n
Employees may post personal inform ation such as date of birth, educational and
em ploym ent backgrounds, spouses names, etc. and information about their company
such as potential clients and business partners, trade secrets of business, websites,
company's upcoming news, mergers, acquisitions, etc.
Using th e details o f an em ployee o f th e ta rg e t organization, an attacker can
co m p ro m ise a secured fa c ility
§
Copyright © by EG-G*ancil. All Rights Reserved. Reproduction is Strictly Prohibited
C
o l l e c t
S o c ia l
I n f o r m
N
e t w
a t i o n
o r k i n g
t h r o u g h
S o c ia l
E n g i n e e r i n g
o n
S it e s
S o c ia l n e t w o r k i n g s ite s a re t h e o n l i n e s e r v ic e s , p l a t f o r m s , o r s ite s t h a t a l l o w p e o p l e t o c o n n e c t
w i t h e a c h o t h e r a n d t o b u i l d s o c i a l r e l a t i o n s a m o n g p e o p l e . T h e u s e o f s o c i a l n e t w o r k i n g s i t e s is
in c re a s in g
T w itte r,
ra p id ly .
E x a m p le s
o f s o c ia l n e t w o r k i n g
P in te re s t, G o o g le + , a n d
fe a tu re s .
One
s ite
m ay
be
so on .
in te n d e d
Each
to
s ite s
in c lu d e
Facebook,
s o c ia l n e t w o r k in g
connect
frie n d s ,
s ite
fa m ily ,
M ySpace,
h a s its o w n
e tc .
and
L in k e d ln ,
p u rp o s e
a n o th e r
m ay
and
be
in t e n d e d t o s h a r e p r o f e s s io n a l p r o f ile s , e tc . T h e s e s o c ia l n e t w o r k i n g s ite s a re o p e n t o e v e r y o n e .
A tta c k e rs
m ay
ta k e
b ro w s in g th ro u g h
h im
or
her
m a in ta in
a d v a n ta g e
o f th e s e
to
g ra b
s e n s itiv e
in fo rm a tio n
fro m
u se rs
e ith e r
by
u s e rs ' p u b lic p ro file s o r b y c r e a tin g a fa k e p ro file a n d tric k in g u s e r t o b e lie v e
as a g e n u in e
u se r.
These
s ite s
a llo w
p ro fe s s io n a l p ro file s , a n d t o s h a re th e
p e o p le
to
s ta y
in fo rm a tio n w ith
c o n n e c te d
w ith
o th e rs , to
o t h e r s . O n s o c ia l n e t w o r k i n g
s ite s , p e o p l e m a y p o s t in f o r m a t i o n s u c h as d a t e o f b ir t h , e d u c a t io n a l i n f o r m a t i o n , e m p l o y m e n t
b a c k g ro u n d s ,
s p o u s e 's
nam es,
e tc .
and
c o m p a n ie s
m ay
post
in fo rm a tio n
such
as
p o te n tia l
p a rtn e rs , w e b s ite s , a n d u p c o m in g n e w s a b o u t th e c o m p a n y .
F o r a n a tta c k e r , th e s e s o c ia l n e t w o r k in g
s ite s c a n
b e g re a t s o u rc e s to fin d
in fo rm a tio n
about
t h e t a r g e t p e r s o n o r t h e c o m p a n y . T h e s e s ite s h e lp a n a t t a c k e r t o c o lle c t o n ly t h e in f o r m a t io n
u p lo a d e d
by th e
M o d u le 0 2 P a g e 2 2 5
p e rs o n
o r th e
com pany.
A tta c k e rs
can
e a s ily
access
p u b lic
pages
o f th e s e
E t h i c a l H a c k i n g a n d C o u n t e r m e a s u r e s C o p y r i g h t © b y E C - C 0 U n C il
A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d .
E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s
E x a m 3 1 2 - 5 0 C e r t if ie d E t h ic a l H a c k e r
F o o t p r in t in g a n d R e c o n n a is s a n c e
a c c o u n t s o n t h e s ite s . T o o b t a i n m o r e i n f o r m a t i o n a b o u t t h e t a r g e t , a t t a c k e r s m a y c r e a t e a f a k e
a c c o u n t a n d u s e s o c ia l e n g in e e r in g t o lu r e t h e v ic t im
to re v e a l m o r e in fo r m a tio n . F or e x a m p le ,
th e a tta c k e r can se n d a frie n d re q u e s t to th e ta rg e t p e rs o n fr o m
t h e fa k e a c c o u n t; if t h e v ic tim
a c c e p ts th e re q u e s t, th e n th e a tta c k e r ca n access e v e n th e r e s tric te d p a g es o f th e ta r g e t p e rs o n
o n t h a t w e b s it e . T h u s , s o c ia l n e t w o r k i n g s ite s p r o v e t o
b e a v a lu a b le in fo r m a tio n
reso u rce fo r
a tta c k e rs .
M o d u le 0 2 P a g e 2 2 6
E t h i c a l H a c k i n g a n d C o u n t e r m e a s u r e s C o p y r i g h t © b y E C - C 0 U n C il
A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d .
E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s
E x a m 3 1 2 - 5 0 C e r t if ie d E t h ic a l H a c k e r
F o o t p r in t in g a n d R e c o n n a is s a n c e
InformationAvailable onSocial
Networking Sites
What
Attacker Gets
What
Users Do
Attacker Gets
Organizations Do
Contact info,
U ser surveys .*
M a in ta in profile
lo ca tio n, etc.
CEH
Friends list,
jk
Connect to
frien ds info, etc.
A.
friends, chatting
Business strategies
Business strategies
J I
P ro m o te products
*
Product profile
......
Identity o f a
Share photos
fa m ily m em b ers
and video s
Social engineering
U ser suppo rt
..................................
Play gam es,
i
R e c ru itm e n t
join groups
Platform /technology '‫־‬:
inform ation
Background check
Creates events
Type o f business
to hire em ployees
i
n
Copyright © by EG-G(HIICil. All Rights Reserved. Reproduction is Strictly Prohibited.
I n f o r m
So
n e tw o rk in g
fa r,
a t i o n
we
s ite s ;
A
have
now
v a i l a b l e
d is c u s s e d
we
w ill
o n
how
d is c u s s
an
what
S o c ia l
a tta c k e r
N
e t w
can
g ra b
in fo rm a tio n
an
n e tw o rk in g
s ite s
o r k i n g
S it e s
in fo rm a tio n
a tta c k e r
can
get
fro m
s o c ia l
fro m
s o c ia l
n e t w o r k i n g s ite s .
P e o p le
u s u a lly
in fo rm a tio n
m a in ta in
about
th e m
p ro file s
and
to
on
get
s o c ia l
c o n n e c te d
w ith
o th e rs .
in
The
o rd e r
p ro file
to
p ro v id e
g e n e ra lly
b a s ic
c o n ta in s
i n f o r m a t i o n s u c h as n a m e , c o n t a c t i n f o r m a t i o n ( m o b i l e n u m b e r , e m a il ID ), f r i e n d s ' i n f o r m a t i o n ,
in fo rm a tio n
a b o u t fa m ily
frie n d s
c h a t w ith
and
m e m b e rs ,
th e m .
th e ir
A tta c k e rs
S o c ia l n e t w o r k i n g s ite s a ls o a l l o w
in te re s ts ,
can
p e o p le to
a c tiv itie s ,
g a th e r s e n s itiv e
s h a re
e tc .
P e o p le
in fo rm a tio n
u s u a lly
th ro u g h
c o n n e c t to
th e ir
c h a ts .
p h o t o s a n d v id e o s w i t h t h e i r f r ie n d s . If t h e
p e o p le d o n 't s e t t h e ir p riv a c y s e ttin g s f o r t h e ir a lb u m s , th e n a tta c k e r s ca n see th e p ic tu re s a n d
v id e o s s h a re d b y th e v ic tim . U se rs m a y jo in g ro u p s t o
p la y s g a m e s o r t o s h a re t h e ir v ie w s a n d
in te re s ts . A tta c k e r s c a n g r a b in f o r m a t io n a b o u t a v ic tim 's in te re s ts b y tr a c k in g t h e ir g ro u p s a n d
th e n
can tr a p th e v ic tim
to
reveal m o re
in fo rm a tio n . U se rs m a y c re a te
e v e n ts to
n o tify o th e r
u s e rs o f g r o u p a b o u t u p c o m in g o c c a s io n s . W it h th e s e e v e n ts , a tta c k e r s ca n re v e a l t h e v ic tim 's
a c t iv it ie s . L ik e in d iv id u a ls , o r g a n iz a t io n s a ls o u s e s o c ia l n e t w o r k i n g s ite s t o c o n n e c t w i t h p e o p le ,
p ro m o te
th e ir
M o d u le 0 2 P a g e 2 2 7
p ro d u c ts ,
and
to
g a th e r fe e d b a c k
about
th e ir
p ro d u c ts
or
s e rv ic e s ,
e tc .
The
E t h i c a l H a c k i n g a n d C o u n t e r m e a s u r e s C o p y r i g h t © b y E C - C 0 U n C il
A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d .
E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s
E x a m 3 1 2 - 5 0 C e r t if ie d E t h ic a l H a c k e r
F o o t p r in t in g a n d R e c o n n a is s a n c e
a c t iv it ie s o f a n o r g a n iz a t io n o n t h e s o c ia l n e t w o r k in g s ite s a n d t h e
re s p e c tiv e in f o r m a t io n t h a t
a n a tt a c k e r ca n g ra b a re as fo llo w s :
W h a t O r g a n iz a tio n s D o
W h a t A tta c k e r G e ts
U se r s u rv e y s
B u s in e s s s t r a t e g ie s
P ro m o te p ro d u c ts
P ro d u c t p ro file
User su p p o rt
S o c ia l e n g in e e r in g
B a c k g ro u n d c h e c k t o h ire
T y p e o f b u s in e s s
e m p lo y e e s
TABLE 2 .1 : W h a t o rg a n iz a tio n s Do a n d W h a t A tta c k e r G ets
M o d u le 0 2 P a g e 2 2 8
E t h i c a l H a c k i n g a n d C o u n t e r m e a s u r e s C o p y r i g h t © b y E C - C 0 U n C il
A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d .
E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s
E x a m 3 1 2 - 5 0 C e r t if ie d E t h ic a l H a c k e r
F o o t p r in t in g a n d R e c o n n a is s a n c e
Collecting FacebookInformation CEH
F a c e b o o k is a T r e a s u re - tr o v e f o r A tta c k e r s
E u ro p e
_
223,376,640
Middle East
N. Americi^J^
18,241,080
174,586,680
V /‫ ' ■ ׳‬V 174,586,680
S T k ,'%‫׳־‬
«
1
L a t in A m e r ic a
141,612,220
N u m b e r of user using F a c e b o o k all over the world
8 4 5
,
r\
o
1 0 0
&
m illion m onthly
active users
*‫יי‬
O
M
W
2 5 0
billion
connections
m illion photos
uploaded daily
1 of every 5 of
all page views
minutes tim e
spent per visit
Copyright © by EG-G*ancil. All Rights Reserved. Reproduction is Strictly Prohibited.
C
o l l e c t i n g
F a c e b o o k
I n f o r m
a t i o n
F a c e b o o k is o n e o f t h e w o r l d ' s l a r g e s t s o c i a l n e t w o r k i n g s i t e s , h a v i n g m o r e t h a n 8 4 5
m i l l i o n m o n t h l y a c t i v e u s e r s a ll o v e r t h e w o r l d . It a l l o w s p e o p l e t o c r e a t e t h e i r p e r s o n a l p r o f i l e ,
a d d fr ie n d s , e x c h a n g e in s ta n t m essages, c r e a te o r jo in v a r io u s g r o u p s o r c o m m u n it ie s , a n d m u c h
m o re . An
a tta c k e r can g ra b
in fo rm a tio n
lo g in
to
B ro w s in g
n u m b e r,
fro m
h is /h e r
th e
p h o to s , a n d
a c c o u n t,
ta rg e t
e m a il
a ll t h e
F acebook, th e
p e rs o n 's
ID , f r i e n d
m uch
and
in fo rm a tio n
se a rch
p ro file
in fo rm a tio n ,
m ore . T he
p ro v id e d
a tta c k e r s h o u ld
fo r
e ith e r
th e
m ay
reveal
a
e d u c a tio n a l
a tta c k e r can
by th e
v ic tim
on
F ace b o o k. T o g ra b
h a v e a n a c tiv e a c c o u n t. T h e a tta c k e r s h o u ld
ta rg e t
lo t
of
d e ta ils ,
use th is
p e rs o n
u s e fu l
or
in fo rm a tio n
p ro fe s s io n a l
in fo rm a tio n
o rg a n iz a tio n
such
d e ta ils ,
fo r fu rth e r
p ro file .
as
phone
h is
in te re s ts ,
h a c k in g
p la n n in g ,
s u c h as s o c ia l e n g in e e r in g , t o re v e a l m o r e in f o r m a t io n a b o u t t h e ta r g e t.
M o d u le 0 2 P a g e 2 2 9
E t h i c a l H a c k i n g a n d C o u n t e r m e a s u r e s C o p y r i g h t © b y E C - C 0 U n C il
A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d .
E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s
E x a m 3 1 2 - 5 0 C e r t if ie d E t h ic a l H a c k e r
F o o t p r in t in g a n d R e c o n n a is s a n c e
About
Basic Info
TheOtooal WinlegendFacebookPage. Johnlegendnewsong*Tonght’now
on‫׳‬TireshQpe/£flh7&Ton0tf
facrbook
Biography
OUHflM
Cmt
U tfiod
Johnlurchedhacareerasasessonplayer andvocabt, corrbutrgtobestsekngreardngi bylairynHi, Ak>aKey*. Jay■
2and*CanyeWestbefore
recordnghsownirtrokenchanofTop10aborts••Getlifted(2004), Once
Agan...Sm Mor•
Hornet0—1
SpmgfieU. OM
ArtistsWeAlsoIdee
General
Manager
TheArftsi*Orgaruabon
‫״ ״ *י‬
Stev*Wonder, Ne-Yo, AJGreen, JeffBuddey
Carre•(
location
NewYork
Recordngartist, concertperformerandtNantfropst Johnlegendhatwonnne
Grammy*ward*andwa*namedoneofTmemagaane*100mo*trAjenftal
Estde, vaughnAnthony, KanyeWest. GoodM\jk
JohnlegendCALL>€(713)502-8008
Recordlabel GOOOMusc-Sony/Cotnt»a
Contact Info
Webute
0
0
htip:/^www.) hriegend-c ffl
hflp://www.rfw»meca‫״‬p«gn.org
http://www‫״״‬yspaceco‫״‬j)ohrtegend
http://www.y u%
i)eccm/) hr*egend
0
0
Crete*JrtatsAgency
FacebookC 2012•Engtah(US)
About CreMeanAd CetteaPage Developer* Careers ‫־‬Privacy Cootoes-Term! Hefc>
FIGURE 2 .4 0 : F a ce b o o k s c re e n s h o t
M o d u le 0 2 P a g e 2 3 0
E t h i c a l H a c k i n g a n d C o u n t e r m e a s u r e s C o p y r i g h t © b y E C - C 0 U n C il
A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d .
E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s
E x a m 3 1 2 - 5 0 C e r t if ie d E t h ic a l H a c k e r
F o o t p r in t in g a n d R e c o n n a is s a n c e
Collecting Twitter Information CEH
Urt1fw<
ilhiul lUtbM
Wayne Rooney C»
~‫׳‬wayneR00ney
Japan
29.9 m illio n
A
Twee* to Wayne Rooney
T iveets *1 im>
j QWaynaBocncy
g t j Pau' WcCartnej
a
=
•‫־‬-/
11
Tweets
a
FOIWiina
1811 donl 0ut9 ur«Je18l8rd w*tjr 1‫־׳‬e Mi w« have 10 he*‫־‬
eve-ryttmj in french Hit? utterly rdcjom
JR
v m m m
cant tittleva aTheReaKC3fifKrtoano'a* c*f*n®ny
*H0R88p#ct hedon**0 mjc'i «thecouWy
>‫־‬ct4‫־‬o1C01r
•oympcs
r 'e s w ith la r g e s t ^
9
K1:
4 6 5
3 5 0
m illion accounts
m illion tw e e ts a day
7 6 %
5 5 %
W
‫ט‬
’•Jcov»*An<»VtfvJ
s Hopepaulmentr?»9I
*
#
Q
Wayne Rooney 3wsyr<‫»־‬J4»v,,‫־‬
I Great riotory of Brrt»r aiiesiy. Dtl'eitnt
T w itte r u s e rs n o w p o s t
T w itte r users access th e
s ta tu s u p d a te s
p la tfo rm via th e ir m o b ile
r hb.oooonbefix6
1
Copyright © by EG-Gllincil. All Rights Reserved. Reproduction is Strictly Prohibited.
—
C
o l l e c t i n g
T w
i t t e r
I n f o r m
a t i o n
T w i t t e r is a n o t h e r p o p u l a r s o c i a l n e t w o r k i n g
s ite
used
by
p e o p le
to
send
and
rea d
t e x t - b a s e d m e s s a g e s . It a llo w s y o u t o f o l l o w y o u r f r ie n d s , e x p e r t s , f a v o r i t e c e le b r it ie s , e tc . T h is
s i t e a l s o c a n b e a g r e a t s o u r c e f o r a n a t t a c k e r t o g e t i n f o r m a t i o n a b o u t t h e t a r g e t p e r s o n . T h i s is
h e lp f u l in e x t r a c t i n g i n f o r m a t i o n s u c h a s p e r s o n a l i n f o r m a t i o n , f r i e n d
th e
ta rg e t p o s te d
as tw e e ts , w h o m
th e
t a r g e t is f o l l o w i n g , t h e
in fo r m a tio n , a c tiv itie s o f
fo llo w e rs
o f th e
u se r, p h o to s
u p lo a d e d , e tc . T h e a t t a c k e r m a y g e t m e a n in g f u l in f o r m a t io n f r o m t h e t a r g e t u s e r's tw e e t s .
M o d u le 0 2 P a g e 2 3 1
E t h i c a l H a c k i n g a n d C o u n t e r m e a s u r e s C o p y r i g h t © b y E C - C 0 U n C il
A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d .
E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s
E x a m 3 1 2 - 5 0 C e r t if ie d E t h ic a l H a c k e r
F o o t p r in t in g a n d R e c o n n a is s a n c e
Wayne Rooney O
* Follow
®wayneRooney
h a p s /w w u . /acebooic.eom. ^ ’ayntMoon*i/
119*
http offca»waynoroen»y 00m
4,635.170
d
T w e e t to W a y n e R o o n e y
TV/eets «j No repiiH
Q W eyneR ooney
i . ‫ י‬:: i ■:-*y
Paul M cCartney
Nearly tome ptc tw tte r coaV S O C T lllW
0 D t M M d by Wiyfl• Rooney
T w e e ts
FoSowing
a
F o io w e r s
F a v o rte s
P iers M organ
m
• 2012Twetaf
j
3 M
:♦-!-‫־‬:•;j ‫־‬
0
l s ti <
‫ ו ח צ‬qu te understand w h y m e h e! w e h ave to hear
e v e r y th r g ‫ מ‬FRENCH first7 Utterty ndicutous solym piccerem ony
□ =K*«*!K ty Wayne Rooney
Expand
P m ills
rwvcni ■‫■׳‬ayca
U W
A-
940 ,.' f f !
vtrStacAV s
cant befteve . TheReaUVC3 a not part o f this cerem ony
‫ ־‬N o Resp ect he done s o much 4 the country Imao‫ = ״‬Lon do n2 0 l2
*O lym pics
‫ ש‬Rtfwwwd t y Wayne Rooney
Expand
Wayne Rooney
About Help Tam* Pnvaey
.», *♦«:•:‫< ׳‬,
, B e c k s s m ie on the boat w a s s o funny
Btog Stjtu* A
Ad»**1‫*־‬ef* B1
H
Karl H yde ‫״״‬
‫׳‬v .H y i*
.‫־‬.ayneRooney themchaelowen becks to bght a footba■ and
bet 1 straight ‫■ י״‬
to the Olympic stadum torch
GO Rato— tea ty Wayna Rooney
V«a> oonvarMOen •
Ian Hicholls
a
.>‫_©״‬1af
WayneRooney macca « ctosrg t lad ca nl w a r
ScouseAndProud *
‫ ש‬Rafaatad by Wayna Roonay
v*■ oon»ar»at«n •
Wayne Rooney
«R :■
:<»•‫׳׳‬
‫ ן‬Y e s the beetles Hope paul me a S flg n g later Representing
frverpool B e s t band ev e r
. i >■*Rooney
‫ ן‬U r bean Fun n y
Expand
W ayne Rooney .vaynaReeaey
G reat history o f b r t a r already Different to an y other cerem ony i ,
h ave se e n before
FIGURE 2 .4 1 : T w itte r s h o w in g u s e r's tw e e ts
M o d u le 0 2 P a g e 2 3 2
E t h i c a l H a c k i n g a n d C o u n t e r m e a s u r e s C o p y r i g h t © b y E C - C 0 U n C il
A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d .
E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s
E x a m 3 1 2 - 5 0 C e r t if ie d E t h ic a l H a c k e r
F o o t p r in t in g a n d R e c o n n a is s a n c e
Collecting LinkedinInformation
LinkedQr
•Go tacklaS«t>c*RotUlt
Chris Stone
Pn.jrHI■‫״יו׳‬:.U ‫׳‬.'.
1‫׳‬j.1
B P “
itv‫■•י־‬B-.1•FWi; urn
‫״־‬
C*rwl Progmmtn•Mnnnj>f Mfrclacfc*Bank 01.Ijium
S«H.*mpt®y*d((
•‫•יי‬#•
‫יי׳‬.
Pwl ‫*׳‬MdotOp!!**"• PtyKt$ * Sv&oc
K *XA
•*BankEtra
PreatsmiTioManigwa MA Bjn*tu‫׳‬:<c
O jt P1 »j ‫*׳‬-fT0i P>««r»1>wn
ti *XA
fcpxxtr MotM W sM
nacorrmanMien* )p»ot*>I•*!*cannvnMOm
WfltariM CanpjryW<6tM
tip■.‫׳‬,*♦iMxtr
« » ai a ^
‫ *־‬a Hi « a n
Y- -‫*»■•־‬1*.^ - 2
n e w m e m b e rs
jo in e v e ry s eco nd
2 , 4 4 7
$ 5 2 2
e m p lo y e e s lo c a te d
re v e n u e f o r 2 0 1 1
2
m illio n
m illio n c o m p a n ie s
ha ve L in k e d ln
a ro u n d th e w o rld
c o m p a n y pages
Copyright © by EG-G1IIIIC1I. All Rights Reserved. Reproduction is Strictly Prohibited.
C
o l l e c t i n g
S im ila r
to
L i n k e d l n
Facebook
and
I n f o r m
T w itte r,
a t i o n
L in k e d ln
is
a n o th e r
s o c ia l
n e tw o rk in g
p r o f e s s io n a ls . It a llo w s p e o p l e t o c r e a t e a n d m a n a g e t h e i r p r o f e s s i o n a l p r o f i l e
s ite
fo r
a n d id e n t i t y . It
a llo w s its u s e rs t o b u ild a n d e n g a g e w i t h t h e i r p r o f e s s io n a l n e t w o r k . H e n c e , t h is c a n b e a g r e a t
in fo rm a tio n
reso u rce
e m p lo y m e n t
d e ta ils ,
m ore
th e
about
fo r
th e
a tta c k e r.
p a st e m p lo y m e n t
ta rg e t
p e rs o n .
The
The
a tta c k e r
d e ta ils ,
a tta c k e r
m ay
e d u c a tio n
can
get
in fo rm a tio n
d e ta ils ,
c o lle c t
a ll
c o n ta c t
th is
such
d e ta ils ,
in fo rm a tio n
as
cu rre n t
and
w ith
m uch
th e
f o o t p r in t in g p ro ce ss.
M o d u le 0 2 P a g e 2 3 3
E t h i c a l H a c k i n g a n d C o u n t e r m e a s u r e s C o p y r i g h t © b y E C - C 0 U n C il
A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d .
E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s
E x a m 3 1 2 - 5 0 C e r t if ie d E t h ic a l H a c k e r
F o o t p r in t in g a n d R e c o n n a is s a n c e
Linked 03• *«**‫ !״‬Ty!* bmc : Horn•
Profile
Contacts
Group*
Job■
inbox
Conpann
Non
Mora
< G o back 10 Search Results
C hris Stone
S ee e x p a n d e d
Programme Manager at Deutsche Bank Belgium
Bru ssels Area B e lp u m
Management Consu»mg
Connect
Send InMari
Save Chns's F
Current
P ro g ra m m e M a n a g e r at D eu tsch e B a n k B e lg iu m
D irecto r a n d Co n s u lta n t a! P ro g ra m M a n a g e m e n t S olu tio n s sprl
(S e lf e m p lo y e d )
Pa st
Education
Head of Operations Projects & Support Investment O m s k *! at A X A
Bank Europe
Programme Manager at A X A Bank Europe
O utsourcing Programme & Procurement Manager at A X A
B ek pu m O
M il• •
Henot-Watt
Institute of Chartered Secretaries and Adm M st/ators
Recommendations
Connections
W ebsites
Public Protoe
3 people have recommended Chns
500• connections
Com pany W ebs4e
http II be knkedn c o m W c ss to n e
FIGURE 2 .4 2 : L in k e d ln s h o w in g u s e r's p ro fe s s io n a l p ro file a n d id e n tity
M o d u le 0 2 P a g e 2 3 4
E t h i c a l H a c k i n g a n d C o u n t e r m e a s u r e s C o p y r i g h t © b y E C - C 0 U n C il
A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d .
E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s
E x a m 3 1 2 - 5 0 C e r t if ie d E t h ic a l H a c k e r
F o o t p r in t in g a n d R e c o n n a is s a n c e
CollectingYoutube Information I CEH
3 rd
tm
M o s t v is ite d w e b s ite
«
a c c o rd in g t o A le x a
8 2 9 ,4 4 0
I
V id e o s u p lo a d e d
9 0 0
Sec
A v e ra g e tim e u se rs s p e n d
o n Y o u T u b e e v e ry d a y
,G E E
Copyright © by EG-G*ancil. All Rights Reserved. Reproduction is Strictly Prohibited.
Q )
1]
C
o l l e c t i n g
Y o u T u b e
I n f o r m
Y o u T u b e is a w e b s i t e t h a t a l l o w s y o u t o
a t i o n
u p l o a d , v i e w , a n d s h a r e v i d e o s a ll o v e r t h e
w o r ld . T h e a tta c k e r ca n s e a rc h f o r th e v id e o s re la te d t o th e ta r g e t a n d m a y c o lle c t in f o r m a t io n
fro m th e m .
FIGURE 2 .4 3 : Y o u tu b e s h o w in g v id e o s re la te d t o ta r g e t
M o d u le 0 2 P a g e 2 3 5
E t h i c a l H a c k i n g a n d C o u n t e r m e a s u r e s C o p y r i g h t © b y E C - C 0 U n C il
A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d .
E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s
E x a m 3 1 2 - 5 0 C e r t if ie d E t h ic a l H a c k e r
F o o t p r in t in g a n d R e c o n n a is s a n c e
TrackingUsers onSocial
Networking Sites
J
CEH
U sers m ay use fake id e n titie s on social netw orking sites. Attackers use to o ls such as G e t
S o m e o n e s IP o r IP-G R ABB ER to track users' real identity
J
Steps to get so m e o n e 's IP address thro ugh chat o n F a ceb o o k using G e t S o m e o n e s IP tool:
©
G o to
http:/ / www.myiptest.com/staticpages/ index.php/how-about-you
© Three fields exist:
L in k fo r P e rso n
L in k fo r yo u
R e d ire c t U R L
Copy the generated link of
Enter any U R L you w ant
this field and send it to the
th e target to redirect to
O p en th e URL in this field
and keep checkin g fo r
target via chat to get IP
ta rge t's IP
address
Link ID
kKp«rs4«1: http Ifwmi nyiptesi corr/img pk>?>d=z0eujbg1f?&Klnwwvr gruil con&rd‫=־‬yatoc c>rr&
IP
Ideu jb g1f2
kxyou: ‫> מזי‬N*ww myiptest corvstatKpages/ndex prp«'‫׳‬to<«f-aboutyou'*d=zc»Mbj1G&shw*jp
Proxy Refer Dateffime
8 5.93.218.204
NO
NO
201 2 -08 -0 6 1 3:04 4 4
h ttp ://w w w .m y ip te s t.c o m
Copyright © by EG-G*ancil. All Rights Reserved. Reproduction is Strictly Prohibited.
T r a c k i n g
^
In
o rd e r
k n o w le d g e
about
cases,
w ill
you
to
U s e r s
S o c ia l
p ro te c t th e m s e lv e s
In te r n e t c rim e s
not
o n
get
exact
m ay
fro m
e t w
o r k i n g
In te rn e t fra u d
use fa k e
in fo rm a tio n
N
id e n titie s
about
th e
on
ta rg e t
and
S it e s
a tta c k s ,
p e o p le
s o c ia l n e t w o r k in g
u se r.
So
to
w ith
s ite s .
d e te rm in e
little
In s u c h
th e
rea l
i d e n t i t y o f t h e t a r g e t u s e r , y o u c a n u s e t o o l s s u c h a s G e t S o m e o n e ' s IP o r I P - G R A B B E R t o t r a c k
u s e rs ' re a l id e n titie s .
If y o u w a n t t o t r a c e t h e i d e n t i t y o f p a r t i c u l a r u s e r, t h e n d o t h e f o l l o w i n g :
•
O p e n y o u r w e b b ro w s e r , p a s te th e URL, a n d p re ss E n te r:
h ttp ://w w w .m y ip te s t.c o m /s ta tic p a g e s /in d e x .p h p /h o w -a b o u t-v o u
•
N o tic e
th e
th re e
URL: http://,
•
and
fie ld s a t th e
b o tto m
o f th e
web
pa g e, n a m e ly
Link for person, Redirect
Link for you.
T o g e t r e a l IP a d d r e s s o f t h e t a r g e t , c o p y t h e g e n e r a t e d
lin k o f t h e
Link for person
fie ld
a n d s e n d it t o t h e t a r g e t v ia c h a t.
•
E n te r a n y
•
Open
th e
URL y o u
URL
w a n t t h e t a r g e t t o r e d i r e c t t o in
p re s e n t
in
th e
L in k
for you
fie ld
the Redirect link: http://
in
a n o th e r
w in d o w ,
to
fie ld .
m o n ito r th e
t a r g e t ' s IP a d d r e s s d e t a i l s a n d a d d i t i o n a l d e t a i l s .
M o d u le 0 2 P a g e 2 3 6
E t h i c a l H a c k i n g a n d C o u n t e r m e a s u r e s C o p y r i g h t © b y E C - C 0 U n C il
A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d .
E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s
E x a m 3 1 2 - 5 0 C e r t if ie d E t h ic a l H a c k e r
F o o t p r in t in g a n d R e c o n n a is s a n c e
Link for person: http //www myiptest com/1 mg php7!d=zdeujbg1f2&rdr=www gmail com&rdr=yahoo com&
Redirect URL: http# www gmail com
Link for you: http //www myipfest com/staticpages/index php/how-about-you?id=zdeujbg1f2&showjp:
L i n k ID
IP
P ro xy
R e fe r
D a te ffim e
z d e u jb g lf2
8 5 .9 3 .2 1 8 .2 0 4
NO
NO
2 0 1 2 -0 8 -0 6 1 3 :0 4 :4 4
FIGURE 2 .4 4 : T ra c in g id e n tity o f u s e r's
M o d u le 0 2 P a g e 2 3 7
E t h i c a l H a c k i n g a n d C o u n t e r m e a s u r e s C o p y r i g h t © b y E C - C 0 U n C il
A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d .
E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s
E x a m 3 1 2 - 5 0 C e r t if ie d E t h ic a l H a c k e r
F o o t p r in t in g a n d R e c o n n a is s a n c e
‫־‬
1 M
Footprinting
Concepts
Footprinting
Threats
Footprinting
M ethodology
Footprinting
Penetration
Testing
Footprinting
Countermeasures
Footprinting
Tools
o d u l e
F l o w
F o o tp rin tin g can be p
f: e r f o r m e d
w ith th e
h e lp o f to o ls . M a n y o rg a n iz a tio n s o ffe r to o ls
t h a t m a k e in fo r m a t io n g a th e r in g an e a s y jo b . T h e s e to o ls e n s u re th e m a x im u m
‫ף‬
Footprinting Concepts
| w ‫|־‬
Footprinting Threats
CD
Footprinting Methodology
F o o t p r in tin g T o o ls
Footprinting Countermeasures
vtv
Footprinting Penetration Testing
T h is s e c tio n d e s c rib e s t o o ls in t e n d e d f o r g r a b b in g in f o r m a t io n f r o m v a r io u s s o u rc e s .
M o d u le 0 2 P a g e 2 3 8
E t h i c a l H a c k i n g a n d C o u n t e r m e a s u r e s C o p y r i g h t © b y E C - C 0 U n C il
A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d .
E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s
E x a m 3 1 2 - 5 0 C e r t if ie d E t h ic a l H a c k e r
F o o t p r in t in g a n d R e c o n n a is s a n c e
Footprinting Tool: Maltego
F o o t p r i n t i n g
T o o l:
M
a l t e g o
S o u rce : h ttp ://p a te rv a .c o m
M a lte g o
is
in fo rm a tio n
an
open
g a th e rin g
so u rce
in te llig e n c e
and
fo re n s ic s
p h a s e o f a ll s e c u r i t y - r e l a t e d
a p p lic a tio n .
w o rk.
M a lte g o
It
can
be
is a p l a t f o r m
used
fo r
d e v e lo p e d
th e
to
d e l i v e r a c l e a r t h r e a t p i c t u r e t o t h e e n v i r o n m e n t t h a t a n o r g a n i z a t i o n o w n s a n d o p e r a t e s . It c a n
be used to
d e te rm in e th e
r e la tio n s h ip s a n d
re a l-w o rld
lin k s b e t w e e n
p e o p le , s o c ia l n e t w o r k s ,
c o m p a n i e s , o r g a n i z a t i o n s , w e b s i t e s , I n t e r n e t i n f r a s t r u c t u r e ( d o m a i n s , D N S n a m e s , N e t b l o c k s , IP
a d d re s s e s ) , p h ra s e s , a f f ilia t io n s , d o c u m e n t s , a n d file s .
I
!
‫—ך‬
M
----| | |
■
°
r
°
‫ ־‬V 1^
0
q
o
O
©
&
‫י‬-
0
9
o
o n
9
<
~
o
Or ‫״‬
'3 ‫־‬
°
°
‘
—
o
‘
r*
w m
Internet Domain
: J
^
O
W
c
-
Personal Information
FIGURE 2 .4 5 : M a lte g o s h o w in g In te r n e t D o m a in a n d p e rs o n a l in fo rm a tio n
M o d u le 0 2 P a g e 2 3 9
E t h i c a l H a c k i n g a n d C o u n t e r m e a s u r e s C o p y r i g h t © b y E C - C 0 l1 n C il
A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d .
E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s
E x a m 3 1 2 - 5 0 C e r t if ie d E t h ic a l H a c k e r
F o o t p r in t in g a n d R e c o n n a is s a n c e
FootprintingTool: Domain
Name Analyzer Pro
CEH
Setting W indow
http://www.domoinpunch.1
Copyright © by EG-Gtancil. All Rights Reserved. Reproduction Is Strictly Prohibited.
F o o t p r i n t i n g
T o o l :
D
o m
a i n
N
a m
e
A n a l y z e r
P r o
S o u rce : h ttp ://w w w .d o m a in p u n c h .c o m
D o m a in
Nam e
m a in ta in in g
c re a tio n
A n a ly z e r
m u ltip le
P ro fe s s io n a l
d o m a in
nam es.
is
It
W in d o w s
s u p p o rts
s o ftw a re
th e
d is p la y
fo r
of
fin d in g ,
a d d itio n a l
m a n a g in g ,
d a ta
and
(e x p iry
and
d a te s , n a m e s e rv e r in fo r m a tio n ) , ta g g in g d o m a in s , s e c o n d a ry w h o is lo o k u p s ( fo r th in
m o d e l w h o is T L D s lik e C O M , N ET, T V ).
T h e fo llo w in g
is a s c r e e n s h o t o f t h e
D o m a in
Nam e
A n a ly z e r P ro to o l s h o w in g
d o m a in
nam e
in fo rm a tio n :
M o d u le 0 2 P a g e 2 4 0
E t h i c a l H a c k i n g a n d C o u n t e r m e a s u r e s C o p y r i g h t © b y E C - C 0 U n C il
A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d .
E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s
E x a m 3 1 2 - 5 0 C e r t if ie d E t h ic a l H a c k e r
F o o t p r in t in g a n d R e c o n n a is s a n c e
TZ0''
Testdpng • Domain Name Analyze‫ ׳‬Pro
‫־‬
C‫»*׳־‬
Output
‫נ‬
(C■
‫ו‬
! ‫נ‬
A
1
_ Mrtc 0*t*t»
« ‫ ׳‬SMdrt
M
Doium
‫מ‬
lo o lu * 0o«u
9
SMn
mctosoftcom
uptnctml
VMiDoicom
cwtMhidutca■ U|Rm<*k1
WS5.M201
it»tu1 ‫׳‬
VWw
WDoalootupAt
M2W21MS3SPM
Mi.1n.1S2J(
mnM.W
1
/
cert fie d tw c k e f.c o m
‫ז‬1‫פ‬
CO*
COT
162*1? 11
Ml
Bar Domaai
m e doman certfeAadcer.com resokes to an ip Address [202.7S.S4.101].
So » is most Hceh not avaiafeie •or reparation triess your ISP,
- j UnknoMil network admmrt&ator or you h»»e sett* the local network to resohe al host names.
. <ft i)ph»t«S
may use the App Seangs and toaMe the ‫־‬Mranae Whois lootaos' option
t Hyph«n*te vog
I you war* the •hots data nstead th« guck ONS based check.
WWWDo‫״‬
fc fend»901
j j InAuctc‫״‬
NctoAuc 02
J T»99<4D0•
•j Unt»99«dl
■t [>NAf*0 0 1 1 1 W
1f c
NUU
D o m a in
* U S MO*
N a m e
•
M at V I
w O u#tqr J
*
In fo r m a tio n
FIGURE 2 .4 6 : D o m a in N a m e A n a ly z e r P ro s o ftw a re s h o w in g D o m a in N a m e In fo rm a tio n
M o d u le 0 2 P a g e 2 4 1
E t h i c a l H a c k i n g a n d C o u n t e r m e a s u r e s C o p y r i g h t © b y E C - C 0 U n C il
A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d .
E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s
E x a m 3 1 2 - 5 0 C e r t if ie d E t h ic a l H a c k e r
F o o t p r in t in g a n d R e c o n n a is s a n c e
FootprintingTool:WebData
Extractor
CEH
J
Extract targeted c o m p a n y co n ta ct data (em ail, p h o n e , fax) fro m w eb fo r respo nsible b2b co m m u n ic a tio n
J
Extract UR L, m eta tag (title, descrip tio n , keyw ord) fo r w ebsite p ro m o tio n , sea rch d irecto ry creatio n, w eb research
Copyright © by EG-G(HIICil. All Rights Reserved. Reproduction is Strictly Prohibited.
F o o t p r i n t i n g
T o o l :
W
e b
D a t a
E x t r a c t o r
S o u rce : h ttp ://w w w .w e b e x tr a c to r .c o m
W eb
D a t a E x t r a c t o r is a d a t a e x t r a c t o r t o o l . I t e x t r a c t s t a r g e t e d c o m p a n y c o n t a c t d a t a ( e m a i l ,
p h o n e , a n d fa x ) f r o m
th e w e b , e x tra c ts th e U R L a n d m e ta ta g (title , de sc, k e y w o rd ) fo r w e b s ite
p ro m o tio n ,
d ire c to ry
se a rch e s
c re a tio n ,
e tc . T h e
fo llo w in g
is a s c r e e n s h o t o f t h e
W eb
D a ta
E x tr a c to r s h o w in g m e ta ta g s :
M o d u le 0 2 P a g e 2 4 2
E t h i c a l H a c k i n g a n d C o u n t e r m e a s u r e s C o p y r i g h t © b y E C - C 0 l1 n C il
A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d .
E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s
E x a m 3 1 2 - 5 0 C e r t if ie d E t h ic a l H a c k e r
F o o t p r in t in g a n d R e c o n n a is s a n c e
W e b D a ta E xtractor 8 3
E‫׳‬le
yiew
m
Uelp
& ^ 1e « ‫ן‬
£dr
np»r> I £
Ult S1C£ I
littp//ceiUiedhackc
lYtp//cs1tfipdhacle
|y.t>//cc tfiedhocko
hrtp1//ce tfipdhacke
Iv.to://ce tficdhackc
hrlpr //ce tfiedhacke
t^icdhackc
tfiedhacke
h:b //:=■
■
N.t» //ooilficdhackc
tJicdhackc
http://cei tfiedhacke
tficdhackc
hrtto//coilificdhockc
http//esi tfledhacke
hf.t>.//o=1t^cdhackc
Uicdhackc
htlp //cei ttiedhacke
KtoV/ce Uiedhacke
Iv.tp //c s tfiedhacke
H:tp //OH tfiedhacke
http//co tfiodhack©
krto//c» tfiedhacke
http//c»3 tfiodhocko
hftn//ce rfiedhacke
Iv.tp//cc tficdhackc
hrtp//0“ tfi(»dhad:p
Iv.tp//cc tficdhackc
1ttp7/c®1rliArthArk a
http//ccitfiedhackc
tfiodhockc
1ttp//0il Hi^rthArle
lAtp//cc1tfioJhotko
tfisdhocko
http //oettt1»dh«cke
Ir.ly //tc tficdtiatkc
http//‫בכי‬tliodhaoko
1r.to//c»1Ifiedlidcke
Nip //0#1tf1*dh*cke
l*tu//c«1tfiodl1ackc
N.t»//ce
Job• 0
1
16 |
Cur tpecd
Av<3 stm 6
1bp.
11111,11
‫־*־‬ST<*»rr Hot!
Title
Domai
com,0nlr< Onlne Booking: I # bed•ing, hotel Drlhe Ecckr h»tp://cethfcd‫־‬o c
rrn /flnlr< f rlhf* Booking‫ ׳‬Hot brfking kclel
Ecckr h»‫־‬p f , c
c
conw'Onlr* Onlne Booking: P rr becking, kctelD rihe Ecckr http:‫׳׳‬/ca lifcd ‫־‬o c
corn/P-folirP-Folc
h r p ',c « 1if« * ‫־‬A e
corn/'P-foli: F Tolc
hlip://1califcd‫־‬o :
corVP-foli: P-Folc
M ip 7 ;c a tie d a c
corVP-foli: P‫־‬Folc
http, ^cahfccko c
conWReallProle^malRealEiraa enae.fea^-oteJttxwlFhrp^/cefiifeck.a c
corn/Real I FioIcs»b13‫־‬l Rral E; 0^ ‫נ>שו‬
‫כ=ו‬fc^«3cvdF ht‘p7‫ ׳‬c a h fc tio c
com/Real I Ftole^malR»aIE<r»a etta€,rea:>ote?t»DCMlFhtp://C«11f€<l‫־‬a c
com/ReollFtotes»bn3IRsalE:153 e;t3e. tea ^ofcjiwnalFhtip:(‫׳‬/ca lif ed‫־‬o c
conWReallFTole^malRealEuaa ettae, rea 3‫־‬ote ^ xia l FWcp:'/c«1‫׳‬f€cka c
com/Retic Ycu -OTtxxv - Fee Sonr k c y w d A ;Fat de^aiht)p:f i ccrhfcd‫־‬o c
com/'RecipYou corpary - Flee Soto keyword A tkcr* deiai W‘p:/,ce1hfe<f‫־‬a c
com/Recic Ycu c orpdrv-A tcSonetev-iod A :k a ! dKCiihUDV/cefiifetfa c
com/Reci;: Ycu corpa‫׳‬y Pee Sons k y w d A skat desai M 'p ^cah fcd -o c
com/Recic You corpary ‫ ־‬Ccr Son- key ‫!״‬ad A ;Frit desai ht:p //c & ffe c to c
com/Recif Ycu corpary Pee Sons key-‫«־‬crd A ska* de;cn h t'p :ccr hfed‫־‬o c
com/Recin Ycu corpary - Pet Son- keypad A ?krii daaihirp //c«iifecka c
com/Roci:Ycu corpary Fee Sons key Mad \ ska• dosai M‘p:/‫ ׳‬c€rhfccko c
conWRecir Ycu covpary - Pec Son• keyword A ?kcri <fe?rrih»TV«hf«1 v» c
com/'Rccic Ycu ooirpay Pee Sone keypad A :ka• desaih<tp://ca1ifcc1‫־‬o c
eorWReeipY c u eorpary •PeeSon• keyword A *km deiaihf p rwtif
c
com/‫׳‬Soeia Unite TogclSe1ijEkc>v»cd»,orp Ab»dow:«|h»tp:Aca1iFcel‫־‬o c
00‫ « ^ ית‬01‫ ז‬Yeu eonrpary • Pee Son* kpywrd A 1k n l d*1<‫־‬fih»rp / , r « 1if<‫־‬rk/» c
oom/Socia
h»*p:.‫׳‬/ca iifcd ‫־‬o c
com/Sona Unite • 1ogetftw it k \ *jv w il: 01 p A t*W n*K‫־‬m h»rp/,r#fM#rk,j» C
corn/S otia Unite -1 vqeltisi i> C\ cvv*u J». ot p A U d oc1. 11( U p '/<.ahfaJ o t
cont/Soei*Unite • 1 oget'w • fc \ ♦>v»e13:. orp Abref 0»f :■f h»‫׳‬p ‫׳‬,c«»hf«ck.* c
corWTuibc
I
0 0 1 1 ‫ י׳וזז‬ndo Unfia tho I r«
W‫־‬p: Z/cerWccko 0
h t 'p V / L t f t f e i J a C
corn/Undo UnOa the Tie
W‫־‬p: //C«fW«d-1* c
com/Und* Under the I r#
l ValifoJ o c
com/RcoitYcu -•j ii-a 1
‫ ׳‬-MerSon» keypad A tkcrtdeicn Wtp: ‫׳‬/cwWceJ-al co«n
tot Va'ifedo t
Page
12GG1
39498
5GG3
9307
8531
P0<‫ *׳‬i« f ‫׳‬r o Key
12012011
12-01■2011
1122--0011-22001111
12-012011
9464 12-01-2011
12-01-2011
12-01-2011
1122--0011--22001111
12-01-2011
12-01-2011
12-01-2011
12-01-2011
12-01-2011
12-012011
12-01-2011
12-012011
12-01-2011
12012011
12-01-2011
12012011
12012011
1
10049
3683
3089
4352
5767
5789
10147
10081
5762
9635
5828
9366
9594
8397
10804
1271G
8862
13274
12451
1409
16239
12143
16259
5227
8693
2963
5932
7909
11584
12-01•2011
12-01•201
12-01 2011
12-01•2011
12-012011
12-01•2011
□1
1122--0011•220J1111
12-01-2011
12-01•All I
12
LU11
12-01^011 1 0
FIGURE 2 .4 7 : W e b D ata E x tra c to r s h o w in g m e ta tag s
M o d u le 0 2 P a g e 2 4 3
E t h i c a l H a c k i n g a n d C o u n t e r m e a s u r e s C o p y r i g h t © b y E C - C 0 l1 n C il
A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d .
E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s
E x a m 3 1 2 - 5 0 C e r t if ie d E t h ic a l H a c k e r
F o o t p r in t in g a n d R e c o n n a is s a n c e
A d d it io n a l F o o t p r in t in g T o o ls
cL U
Prefix W hois
Netmask
http://pwhois.org
http://www.phenoelit-us.org
NetScanTools Pro
Binging
http://www.netscantools.com
http://www.blueinfy.com
Tctrace
Spiderzilla
http://www.phenoelit-us.org
http://spiderzilla.mo/dev.org
Autonom ous System
Scanner(ASS)
»
Sam Spade
http://www.majorgeeks.com
http://www.phenoelit-us.org
ifi
C E H
Robtex
DNS DIGGER
http://www.dnsdigger.com
n
<^KPj
http://www.robtex.com
Copyright © by EG-Gtancil. All Rights Reserved. Reproduction is Strictly Prohibited.
A
d d i t i o n a l
F o o t p r i n t i n g
T o o ls
In a d d i t i o n t o t h e f o o t p r i n t i n g t o o l s m e n t i o n e d p r e v i o u s l y , a f e w m o r e t o o l s a r e l i s t e d
as f o llo w s :
-‫י‬
P re fix W h o is a v a ila b le a t h t t p : / / p w h o is . o r g
S
N e tS c a n T o o ls P ro a v a ila b le a t h t t p : / / w w w . n e t s c a n t o o ls . c o m
Q
T c tra c e a v a ila b le a t h t t p : / / w w w . p h e n o e lit - u s . o r g
Q
A u t o n o m o u s S y s t e m S c a n n e r (A S S ) a v a i l a b l e a t h t t p : / / w w w . p h e n o e l i t - u s . o r g
£
D N S D IG G E R a v a ila b le a t h t t p : / / w w w . d n s d i g g e r . c o m
O
N e tm a s k a v a ila b le a t h t t p : / / w w w . p h e n o e lit - u s . o r g
S
B in g in g a v a ila b le a t h ttp ://w w w .b lu e in fy .c o m
Q
S p id e rz illa a v a ila b le a t h t t p :/ / s p id e r z illa . m o z d e v . o r g
S
S a m S p a d e a v a ila b le a t h t t p :/ / w w w .m a jo r g e e k s . c o m
S
R o b te x a v a ila b le a t h t t p : / / w w w . r o b t e x . c o m
M o d u le 0 2 P a g e 2 4 4
E t h i c a l H a c k i n g a n d C o u n t e r m e a s u r e s C o p y r i g h t © b y E C - C 0 U n C il
A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d .
E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s
E x a m 3 1 2 - 5 0 C e r t if ie d E t h ic a l H a c k e r
F o o t p r in t in g a n d R e c o n n a is s a n c e
A d d it io n a l F o o t p r in t in g T o o ls
( C o n t ’d )
§
‫■ץ‬
Dig Web Interface
SpiderFoot
http://www.digwebinterface.com
m
(? W
http://www.binarypool.com
Domain Research Tool
CallerIP
http://www.domainresearchtool.com
http://www.callerippro.com
ActiveW hois
Zaba Search
http://www.johnru.com
http://www.zabasearch.com
yoName
Ww
(E H
(•rtifwtf | tlfciijl ■UtkM
GeoTrace
http://yoname.com
http://www.nabber.org
j
Ping-Probe
DomainHostingView
http://www.ping-probe.com
http://www.nirsoft.net
Copyright © by EG-CtllllCil. All Rights Reserved. Reproduction Is Strictly Prohibited.
A
d d i t i o n a l
F o o t p r i n t i n g
T o o l s
( C
o n t ’ d )
A d d i t i o n a l f o o t p r i n t i n g t o o l s t h a t a r e h e l p f u l in g a t h e r i n g i n f o r m a t i o n a b o u t t h e t a r g e t
p e r s o n o r o r g a n iz a t io n a re lis te d as f o llo w s :
©
D ig W e b I n t e r f a c e a v a ila b le a t h t t p :/ / w w w .d ig w e b in t e r f a c e . c o m
Q
D o m a in R e s e a rc h T o o l a v a ila b le a t h t t p : / / w w w . d o m a in r e s e a r c h t o o l. c o m
Q
A c tiv e W h o is a v a ila b le a t h t t p : / / w w w . j o h n r u . c o m
Q
y o N a m e a v a ila b le a t h t t p : / / y o n a m e . c o m
6
P in g -P ro b e a v a ila b le a t h t t p : / / w w w . p in g - p r o b e . c o m
©
S p id e rF o o t a v a ila b le a t h t t p : / / w w w . b in a r y p o o l. c o m
0
C a lle rIP a v a ila b le a t h t t p : / / w w w . c a l l e r i p p r o . c o m
Q
Z a b a S e a rc h a v a ila b le a t h t t p :/ / w w w .z a b a s e a r c h . c o m
Q
G e o T ra c e a v a ila b le a t h t t p : / / w w w . n a b b e r . o r g
D o m a in H o s tin g V ie w a v a ila b le a t h t t p : / / w w w . n ir s o f t . n e t
M o d u le 0 2 P a g e 2 4 5
E t h i c a l H a c k i n g a n d C o u n t e r m e a s u r e s C o p y r i g h t © b y E C - C O U I I C il
A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d .
Ethical Hacking a n d C o u n te rm e a s u re s
F o o tp rin tin g a n d R e c o n n a issa n c e
M o d u le
Exam 3 1 2 -5 0 C ertified Ethical H acker
F lo w
So fa r we have discussed th e im portance o f fo o tp rin tin g , various ways in which
fo o tp rin tin g can be p erfo rm ed , and the tools th a t can be used fo r fo o tp rin tin g . Now we w ill
discuss the co unterm easures to be applied in o rd e r to avoid sensitive in fo rm a tio n disclosure.
x Footprinting Concepts
IHJ■ Footprinting Tools
Footprinting Threats
C L ) Footprinting Methodology
fo o tp rin tin g C ounterm easures
%
((
Footprinting Penetration Testing
This section lists various fo o tp rin tin g counterm easures to be applied at various levels.
M o d u le 0 2 P ag e 2 46
Ethical H acking a n d C o u n te rm e a s u re s C opyright © by EC-C0l1nCil
All Rights R eserved. R ep ro d u ctio n is Strictly P ro h ib ite d .
Ethical Hacking a n d C o u n te rm e a s u re s
F o o tp rin tin g a n d R e c o n n a issa n c e
Exam 3 1 2 -5 0 C ertified Ethical H acker
FootprintingCountermeasures CEH
fertiAH
itfciui IUck«
&
C onfigure routers to restrict th e responses
to fo o tp rin tin g requests
Lock the ports w ith the s uitab le fire w a ll
co nfig u ration
C onfigure w eb servers to avoid
in fo rm a tio n leakage and disab le
un w an ted protoco ls
Use an IDS th a t can be co nfigured to
refuse su sp iciou s tra ffic and pick up
fo o tp rin tin g patterns
Evaluate and lim it the am ount of inform ation
available before publishing it on the w eb site/
Internet and disable the unnecessary services
Perform fo o tp rin tin g tech n iq u es and
rem ove any sen sitive in fo rm a tio n
fou n d
Prevent search engines fro m caching a w eb
Enforce secu rity policies to regulate
page and use an on ym ous registration
th e in fo rm a tio n th a t em ployees can
services
reveal to th ird parties
&
Copyright © by EG-G(HIICil. All Rights Reserved. Reproduction is S trictly Prohibited.
F o o tp r in tin g
C o u n te rm e a s u re s
F o o tp rin tin g co unterm easures are the measures or actions taken to co u n te r or o ffse t
in fo rm a tio n disclosure. A fe w fo o tp rin tin g counterm easures are listed as follow s:
y
Configure routers to re strict the responses to fo o tp rin tin g requests.
9
Lock the ports w ith suitable fire w a ll co nfiguration.
Q
Evaluate and lim it the a m o un t o f in fo rm a tio n available before publishing it on
the
w e b s ite /In te rn e t and disable the unnecessary services.
Prevent search engines fro m caching a webpage and use anonym ous registration
services.
©
Configure w eb servers to avoid in fo rm a tio n leakage and disable unw anted protocols.
Q
Use an IDS th a t can be configured to refuse suspicious tra ffic and pick up fo o tp rin tin g
patterns.
Q
Perform fo o tp rin tin g techniques and rem ove any sensitive in fo rm a tio n found.
Q
Enforce security policies to regulate the in fo rm a tio n th a t em ployees can reveal to th ird
parties.
M o d u le 0 2 Page 247
Ethical H acking a n d C o u n te rm e a s u re s C opyright © by EC-C0UnCil
All Rights R eserved. R ep ro d u ctio n is Strictly P ro h ib ite d .
Ethical Hacking a n d C o u n te rm e a s u re s
F o o tp rin tin g a n d R e c o n n a issa n c e
Exam 3 1 2 -5 0 C ertified Ethical H acker
FootprintingCountermeasures CEH
(C o n t’d)
Set ap art internal DNS and external DNS
Disable directory listings and use split-DNS
Educate employees ab ou t various social engineering tricks and risks
Restrict unexpected input such as |; < >
Avoid domain-level cross-linking fo r th e critical assets
Encrypt and password protect th e sensitive in fo rm a tio n
Copyright © by EG-G(HIICil. All Rights Reserved. Reproduction is S trictly Prohibited.
F o o tp r in tin g
C o u n te rm e a s u re s (C o n t’d )
In a dd itio n to the counterm easures m entioned previously, you can apply the fo llo w in g
counterm easures as w ell:
Q
Set apart the in terna l DNS and external DNS.
£
Disable d ire cto ry listings and use split-DNS.
Q
Educate em ployees about various social e ngineering tricks and risks.
S
Restrict unexpected in p ut such as |; < >.
9
Avoid dom ain-level cross-linking fo r critical assets.
Q
Encrypt and password p ro te ct sensitive in fo rm a tio n .
©
Do n ot enable protocols th a t are n ot required.
Q
Always use TCP/IP and IPSec filte rs.
Configure IIS against banner grabbing.
M o d u le 0 2 P ag e 248
Ethical H acking a n d C o u n te rm e a s u re s C opyright © by EC-C0UnCil
All Rights R eserved. R ep ro d u ctio n is Strictly P ro h ib ite d .
Ethical Hacking a n d C o u n te rm e a s u re s
F o o tp rin tin g a n d R e c o n n a issa n c e
Exam 3 1 2 -5 0 C ertified Ethical H acker
So fa r we discussed all the necessary techniques and tools to te st th e security o f a
system or n etw o rk. Now it is the tim e to put all those tech n iq ue s in to practice. Testing the
security o f a system or n e tw o rk using sim ilar techniques as th a t o f an a ttacker w ith adequate
perm issions is know n as p e n e tra tio n te stin g . The p en e tratio n te st should be conducted to
check w h e th e r an a ttacker is able to reveal sensitive in fo rm a tio n in response to fo o tp rin tin g
a tte m p ts.
*j Footprinting Concepts
|!!J!
Footprinting Threats
QO
Footprinting Methodology
M o d u le 0 2 P ag e 249
Footprinting Tools
FootPrint'ng Countermeasures
)
F o o tp rin tin g P e n e tra tio n Testing
Ethical H acking a n d C o u n te rm e a s u re s C opyright © by EC-C0UnCil
All Rights R eserved. R ep ro d u ctio n is Strictly P ro h ib ite d .
Ethical Hacking a n d C o u n te rm e a s u re s
F o o tp rin tin g a n d R e c o n n a issa n c e
Exam 3 1 2 -5 0 C ertified Ethical H acker
P enetration testing is an evaluation m ethod o f system or n e tw o rk security. In this evaluation
m ethod, the pen te s te r acts as a m alicious o utsid e r and sim ulates an attack to find the security
loopholes.
M o d u le 0 2 P ag e 250
Ethical H acking a n d C o u n te rm e a s u re s C opyright © by EC-C0UnCil
All Rights R eserved. R ep ro d u ctio n is Strictly P ro h ib ite d .
Ethical Hacking a n d C o u n te rm e a s u re s
F o o tp rin tin g a n d R e c o n n a issa n c e
Exam 3 1 2-50 C ertified Ethical H acker
FootprintingPenTesting CEH
J
Footprinting pen test is used to determine organization's publicly available inform ation
on the Internet such as network architecture, operating systems, applications, and users
J
The tester attempts to gather as much information as possible about the target
organization from the Internet and other publicly accessible sources
^
0
0
Prevent in fo rm a tio n
leakage
Footprinting pen
testing helps
administrator to:
Prevent DNS record
Prevent social
re trieval fro m publically
available servers
engineering attem pts
Copyright © by EG-G(U(ICil. All Rights Reserved. Reproduction is S trictly Prohibited.
F o o tp r in tin g
P e n T e s tin g
A fo o tp rin tin g pen te st is used to d ete rm ine an organization's publicly available
in fo rm a tio n on th e In te rn e t such as n e tw o rk a rchitecture, ope ra tin g systems, applications, and
users. In this m ethod, the pen te ste r trie s to gather publicly available sensitive in fo rm a tio n o f
the ta rg e t by p retending to be an attacker. The ta rg e t may be a specific host or a n etw o rk.
The pen te ste r can p erfo rm any attack th a t an attacker could p erfo rm . The pen te ste r should
try all possible ways to gather as much in fo rm a tio n as possible in o rd e r to ensure m axim um
scope o f fo o tp rin tin g pen testing. If the pen te ste r finds any sensitive in fo rm a tio n on any
publicly available in fo rm a tio n resource, then he or she should e nte r the in fo rm a tio n and the
respective source in the report.
The m ajor advantages o f conducting p en e tra tio n testin g include:
©
It gives you the chance to p revent DNS record retrieval fro m publically available servers.
©
It helps you to avoid in fo rm a tio n leakage.
©
It prevents social engineering a tte m p ts.
M o d u le 0 2 P ag e 251
Ethical H acking a n d C o u n te rm e a s u re s C opyright © by EC-C0UnCil
All Rights R eserved. R ep ro d u ctio n is Strictly P ro h ib ite d .
Ethical Hacking a n d C o u n te rm e a s u re s
F o o tp rin tin g a n d R e c o n n a issa n c e
Exam 3 1 2 -5 0 C ertified Ethical H acker
FootprintingPenTesting CEH
+
(C o n t’d)
J
START
J
such as em ployee details, login pages,
intranet portals, etc. that helps in
perform ing social engineering and other
types of advanced system attacks
D efine the scope
o f th e assessment
J
‫>״‬
Use search engines
such as Google, Yahoo!
Search, Bing, etc.
' ‫״‬y
Use tools such as
HTTrack W eb Site Copier,
BlackW idow , etc.
P erform w ebsite
fo o tp rin tin g
Footprint search engines such as G oogle,
Yahoo! Search, Ask, Bing, D ogpile, etc. to
gather target organization's inform ation
w
P erform fo o tp rin tin g
thro u g h search engines
G et proper authorization and define the
scope of th e assessm ent
Perform w ebsite footprin tin g using tools
such as HTTrack W eb Site Copier,
B la ckW id o w , W eb rip p er, etc. to build a
detailed m ap o f w ebsite's structure and
architecture
!■1
— n
Copyright © by EG-G(HIICil. All Rights Reserved. Reproduction Is S trictly Prohibited.
F o o tp r in tin g
P e n T e s tin g ( C o n t’ d )
P enetration testing is a procedural way o f testin g the security in various steps. Steps
should be fo llo w e d one a fte r the o th e r in o rd e r to ensure m a xim u m scope o f testing. Here are
the steps involved in fo o tp rin tin g pen testing:
Step 1: Get proper authorization
Pen testin g should
be p e rfo rm e d w ith
perm ission. Therefore, the very firs t step in a
fo o tp rin tin g pen te st is to get p ro pe r a u th oriza tion fro m the concerned people, such as
adm inistrators.
Step 2: Define the scope of the assessment
Defining the scope o f the se curity assessm ent is th e p rerequisite fo r p en e tratio n testing.
Defining the scope o f assessment determ ines the range o f systems in the n e tw o rk to be tested
and the resources th a t can be used to test, etc. It also determ ines the pen teste r's lim itatio n s.
Once you define the scope, you should plan and gather sensitive in fo rm a tio n using various
fo o tp rin tin g techniques.
Step 3: Perform fo o tp rin tin g through search engines
M o d u le 0 2 P ag e 252
Ethical H acking a n d C o u n te rm e a s u re s C opyright © by EC-C0UnCil
All Rights R eserved. R ep ro d u ctio n is Strictly P ro h ib ite d .
Ethical Hacking a n d C o u n te rm e a s u re s
F o o tp rin tin g a n d R e c o n n a issa n c e
Exam 3 1 2 -5 0 C ertified Ethical H acker
F o otp rin t search engines such as Google, Yahoo! Search, Ask, Bing, Dogpile, etc. to gather the
ta rg e t organization's in fo rm a tio n such as em ployee details, login pages, in tra n e t portals, etc.
th a t can help in p erfo rm ing social engineering and o th e r types o f advanced system attacks.
Step 4: Perform website footprinting
Perform w ebsite fo o tp rin tin g using tools such as HTTrack W eb Site Copier, BlackW idow,
W e b rip pe r, etc. to build a detailed map o f the w e b site 's s tru c tu re and a rch ite ctu re .
M o d u le 0 2 P ag e 253
Ethical H acking a n d C o u n te rm e a s u re s C opyright © by EC-C0UnCil
All Rights R eserved. R ep ro d u ctio n is Strictly P ro h ib ite d .
Ethical Hacking a n d C o u n te rm e a s u re s
F o o tp rin tin g a n d R e c o n n a issa n c e
Exam 3 1 2 -5 0 C ertified Ethical H acker
FootprintingPenTesting ^ ‫ןן‬
(C o n t’d)
j
Urt.fi•* | ttk.ul Nm Im
Perform em ail footprin tin g using tools
such as e M a ilT ra ckerPro, P o lite M a il,
Em ail Lookup - Free Em ail Tracker, etc. to
gather inform ation about th e physical
location o f an individual to perform social
Use tools such as
eM ailTrackerPro,
P oliteM a il, etc.
P e r fo rm e m a il
fo o tp r in tin g
engineering that in turn may help in
m apping target organization's netw ork
V
G a th e r c o m p e titiv e
J
Use tools such as
Hoovers, LexisNexis,
Business W ire, etc.
;......
in te llig e n c e
Business W ire, etc.
J
y
P e rfo rm G o o g le
Perform G oogle hacking using tools such
as GHDB, M e ta G o o fil, SiteDigger, etc.
I......
h a c k in g
Use tools such as GHDB,
M e ta G oofil, SiteDigger, etc.
J
Perform W HOIS footprin tin g using tools
such as W HOIS Lookup, S m a rtW h ois, etc.
to create detailed m ap o f organizational
V
P e rfo rm W H O IS
G ather com p etitive intelligence using
tools such as Hoovers, LexisNexis,
netw ork, to gather personal inform ation
I......
fo o tp rin tin g
Use tools such as WHOIS
Lookup, Sm artW hois, etc.
that assists to perform social engineering,
and to gather oth er internal netw ork
details, etc.
Copyright © by EG-C*ancil. All Rights Reserved. Reproduction is S trictly Prohibited.
*
F o o tp r in tin g
P e n T e s tin g
(C o n t’d )
Step 5: Perform email footprinting
Perform em ail fo o tp rin tin g using too ls such as eM ailTrackerPro, P oliteM ail, Email Lookup - Free
Email Tracker, etc. to gather in fo rm a tio n about the physical location o f an individual to p erform
social e ngineering th a t in tu rn may help in m apping the ta rg e t organization's netw ork.
Step 6: Gather competitive intelligence
G ather c o m p e titive intelligence using tools such as Hoovers, SEC Info, Business W ire, etc. These
too ls help you to e xtract a co m p e tito r's in fo rm a tio n such as its establishm ent, location o f the
com pany, progress analysis, higher a uth oritie s, p ro du ct analysis, m arketing details, and much
more.
Step 7: Perform Google hacking
Perform Google hacking using too ls such as GHDB, M etaG oofil, SiteDigger, etc. It determ ines
the se curity lo o ph o les in the code and co nfig u ra tion o f the websites. Google hacking is usually
done w ith the help o f advanced Google operators th a t locate specific strings o f te x t such as
versions o f vulnerable web applications.
Step 8: Perform WHOIS footprinting
M o d u le 0 2 P ag e 254
Ethical H acking a n d C o u n te rm e a s u re s C opyright © by EC-C0UnCil
All Rights R eserved. R ep ro d u ctio n is Strictly P ro h ib ite d .
Ethical Hacking a n d C o u n te rm e a s u re s
F o o tp rin tin g a n d R e c o n n a issa n c e
Exam 3 1 2 -5 0 C ertified Ethical H acker
Perform the WHOIS fo o tp rin tin g te ch n iq u e to e xtract in fo rm a tio n about p articula r dom ains.
You can get in fo rm a tio n such as dom ain name, IP address, dom ain o w n e r name, registrant
name, and th e ir contact details including phone num bers, em ail IDs, etc. Tools such as
Sm artW hois, C ountryW hois, W hois Pro, and A ctiveW hois w ill
help you to
e xtract this
in fo rm a tio n . You can use this in fo rm a tio n to p erfo rm social e ngineering to obtain m ore
in fo rm a tio n .
M o d u le 0 2 P ag e 255
Ethical H acking a n d C o u n te rm e a s u re s C opyright © by EC-C0UnCil
All Rights R eserved. R ep ro d u ctio n is Strictly P ro h ib ite d .
Ethical Hacking a n d C o u n te rm e a s u re s
F o o tp rin tin g a n d R e c o n n a issa n c e
Exam 3 1 2 -5 0 C ertified Ethical H acker
FootprintingPenTesting ‫ ן‬g
(C o n t’d)
Pe‫־‬forrr DNS f ODtp-'rt'ng Ls’ng t i o s
;s DIG, NsLcon.jp, DHS Records, etc. to
se te 'T n e hey h osts 'n the ret‫*־‬w< and
pe‫־‬form soc'a e r j'r e e - 'r j attacks
tooSSJ—SSDIG,
Perform DNS
footprinting
USLookup etc.
Perform network
footprinting
‫״‬se too i i j — as Path
Analyzer Pro, VtsuaiRoute
20m . etc.
Perform Social
Engineering
~X/ e^ient team q jes sjffi
as esvesdrappmj, jriDuiaer
surfing, s‫ «־‬dumpster drying
Perform footprinting
through social
networking sites
V
j
Pe‫־‬form
footprints^ using too
such as Path Ana yzer Pro. VTsualRoute
2010, Networic Pinger, etc. to c ‫־‬eate a
‫׳‬ra p of the ta'get's netwo‫<־‬
Implement social e r j r e e - r j te :h r -Les
such as eavesdropping d o d d e r surf ng
and dum pster diving that ‫■זז‬ay help to
5att‫־‬e ‫׳ ־‬r o ‫־‬e criticar nfoHrat'on aboLtthe
ta ‫־‬get o tganaibon
Gatfce‫ ־‬ta ‫־‬get organ 2at on en‫־‬p oyees
info‫׳־‬ra t or. fron‫ ־‬the ‫ ־‬pe‫־‬sara p*0F es
on social netwo-icng ste s stc h as
Facebook, Linkedln, Tvitter, Google*,
Pinterest, e tc .th a ta s s s tto p e ‫־‬far‫׳‬r s3cia
eri-'nee-ln-
C‫־‬eate a se aent ty on
soca retw o 'd fg stessjm
as FsiebMfc, Lrkeain, etc
J At the end of per t e s t r • doc um ert e
the findings
C c c • fey
F o o tp r in tin g
r
*—
o
*Jl
Hcuarvae 0 -‫יג»בחש=יי‬-«- aShctfy *rr*fe1‫־‬taS
P e n T e s tin g ( C o n t’ d )
Step 9: Perform DNS footprinting
Perform DNS fo o tp rin tin g using too ls such as DIG, NsLookup, DNS Records, etc. to d ete rm ine
key hosts in the n e tw o rk and p erfo rm social e ngineering attacks. Resolve th e dom ain name to
learn abo u t its IP address, DNS records, etc.
Step 11: Perform network footprinting
Perform n e tw o rk fo o tp rin tin g using too ls such as Path Analyzer Pro, VisualRoute 2010, N e tw o rk
Pinger, etc. to create a map o f the ta rg e t's n etw o rk. N e tw o rk fo o tp rin tin g allows you to reveal
the n e tw o rk range and o th e r n e tw o rk in fo rm a tio n o f the ta rg e t n etw o rk. Using all this
in fo rm a tio n , you can draw the n e tw o rk diagram o f the ta rg e t netw ork.
Step 12: Perform social engineering
Im p le m e nt social engineering techniques such as eavesdropping, sh ou ld e r surfing, and
dum pste r diving th a t
may
help to
gather
m ore
critical
in fo rm a tio n
about th e
targe t
organization. Through social engineering you can gather ta rg e t o rg a n iza tio n 's em ployee
details, phone num bers, co nta ct address, em ail address, etc. You can use this in fo rm a tio n to
reveal even m ore in fo rm a tio n .
M o d u le 0 2 P ag e 256
Ethical H acking a n d C o u n te rm e a s u re s C opyright © by EC-C0UnCil
All Rights R eserved. R ep ro d u ctio n is Strictly P ro h ib ite d .
Ethical Hacking a n d C o u n te rm e a s u re s
F o o tp rin tin g a n d R e c o n n a issa n c e
Exam 3 1 2 -5 0 C ertified Ethical H acker
Step 13: Perform footprinting through social networking sites
Perform
fo o tp rin tin g
throu g h
social
n e tw o rkin g sites on the
em ployees o f the
ta rg e t
o rg a n iza tio n obtained in fo o tp rin tin g throu g h social engineering. You can gather in fo rm a tio n
fro m th e ir personal profiles on social n e tw o rkin g sites such as Facebook, Linkedln, T w itte r,
Google+, Pinterest, etc. th a t assists in p e rfo rm in g social engineering. You can also use people
search engines to obtain in fo rm a tio n abo u t ta rg e t person.
Step 14: Document all the findings
A fte r im p le m e n tin g all the fo o tp rin tin g tech n iq ue s, collect and d ocum ent all the in fo rm a tio n
obtained at every stage o f testing. You can use this d ocum ent to study, understand, and
analyze th e security posture o f the ta rg e t organization. This also enables you to fin d security
loopholes. Once you find security loopholes, you should suggest respective counterm easures to
the loopholes.
The fo llo w in g is a sum m ary o f fo o tp rin tin g p e n e tra tio n te stin g .
M o d u le 0 2 P ag e 257
Ethical H acking a n d C o u n te rm e a s u re s C opyright © by EC-C0UnCil
All Rights R eserved. R ep ro d u ctio n is Strictly P ro h ib ite d .
Ethical Hacking a n d C o u n te rm e a s u re s
F o o tp rin tin g a n d R e c o n n a issa n c e
Exam 3 1 2 -5 0 C ertified Ethical H acker
FootprintingPenTestingReport EH
Templates
Pen T e stin g R eport
Information obtained through search engines
Information obtained through people search
|J
E m ployee d e ta ils :
g
^
Login pages:
^
D a te o f b ir th :
C o n ta c t d e ta ils :
|J J
In tr a n e t p o rta ls :
£
Em ail ID:
^
T e ch n o lo g y p la tfo rm s :
^
P ho to s:
O th e rs:
O th e rs:
Information obtained through website footprinting
y j
O p e ra tin g e n v iro n m e n t:
^
Filesystem s tru c tu re :
jigp
Information obtained through Google
T
A d v is o rie s an d se rve r v u ln e ra b ilitie s :
S c rip tin g p la tfo rm s used:
A
Files c o n ta in in g pa ssw ords:
•W?
C o n ta c t d e ta ils :
i
0
CMS d e ta ils :
E rro r messages th a t c o n ta in s e n s itiv e in fo r m a tio n :
Pages c o n ta in in g n e tw o rk o r v u ln e ra b ility d a ta :
O th e rs:
O th e rs:
Information obtained through email footprinting
H
■
Information obtained through competitive intelligence
IP address:
£
GPS lo c a tio n :
H
A u th e n tic a tio n syste m used b y m a il serve r:
Financial d e ta ils :
P ro je c t plans:
O th e rs:
Others:
Copyright © by EG-G*ancil. All Rights Reserved. Reproduction is Strictly Prohibited.
F o o tp r in tin g
P e n
P e n T e s t in g R e p o r t T e m p la te s
T e s tin g
R e p o r t
P enetration testing is usually conducted to enhance the se curity p e rim e te r o f an
organization. As a pen te ste r you should gather sensitive in fo rm a tio n such as server details, the
operating system, etc. o f yo u r ta rg e t by conducting fo o tp rin tin g . Analyze the system and
n e tw o rk defenses by breaking into its security w ith adequate perm issions (i.e., ethically)
w ith o u t causing any damage. Find the loopholes and weaknesses in the n e tw o rk or system
security. Now explain all the v u ln e ra b ilitie s along w ith respective counterm easures in a re p ort,
i.e., the pen testin g re p ort. The pen testin g re p o rt is a re p o rt obtained a fte r p erfo rm ing
n e tw o rk p en e tratio n tests o r security audits. It contains all the details such as types o f tests
p erfo rm ed , the hacking tech n iq ue s used, and the results o f hacking activity. In a dd ition, the
re p o rt also contains the highlights o f security risks and vu ln era b ilitie s o f an organization. If any
vu ln e ra b ility is id e n tifie d during any test, the details o f th e cause o f vu ln e ra b ility along w ith the
counterm easures are suggested. The re p o rt should always be kept c o n fid e n tia l. If this
in fo rm a tio n falls in to the hands o f attacker, he o r she may use this in fo rm a tio n to launch
attacks.
The pen testing re p o rt should contain the fo llo w in g details:
M o d u le 0 2 P ag e 258
Ethical H acking a n d C o u n te rm e a s u re s C opyright © by EC-C0UnCil
All Rights R eserved. R ep ro d u ctio n is Strictly P ro h ib ite d .
Ethical Hacking a n d C o u n te rm e a s u re s
F o o tp rin tin g a n d R e c o n n a issa n c e
Exam 3 1 2 -5 0 C ertified Ethical H acker
P e n T e s tin g R e p o r t
Inform ation o b & in e d through search engines
Inform ation o b o in e d through people search
|J
Em ployee d etails
Q
Date o f birth:
£
Lofi n pages
Q
Contact d e ta is
r
Emai ID:
0
T echnology platforms:
^
Others:
Intranet portals:
Photos:
Q
O thers.
Inform ation obtained throi^ h website fpfplgfgQJtQf’
gg
O perating environm ent;
Inform ation obtained through Google
J
A dvisories and server vulnerabilities:
a
Sea5Js3!>Itr1*rture:
£ |
^
Scripting platform s used:
£
R e s containing p a ssw o rd s
^
Pages containing netw ork or vJ n era b iity data:
‫״‬W► Contact d e ta is :
£
CMS d e ta is :
^
Others:
Others:
Inform ation obtained through co m p e titiw intexigence
Inform ation obtained throi^ h em ail fefiJSBUDftOt
£
Error m e s s a g e s that contain scnath fe information:
IP w M reu :
£
Financial d e ta is :
^
GPS location:
B
Project plans:
m
Authentication sy ste m u sed by m a i ser v er
^
Others:
Others:
FIGURE 2.48: Pen Testing Report
M o d u le 0 2 P ag e 259
Ethical H acking a n d C o u n te rm e a s u re s C opyright © by EC-C0UnCil
All Rights R eserved. R ep ro d u ctio n is Strictly P ro h ib ite d .
Ethical Hacking a n d C o u n te rm e a s u re s
F o o tp rin tin g a n d R e c o n n a issa n c e
Exam 3 1 2 -5 0 C ertified Ethical H acker
FootprintingPenTestingReport
Templates
E5!
(C o n t d)
‫ב״‬
Pen T e stin g R eport
Information obtained through WHOIS footprinting
^
^
C o n ta c t d e ta ils o f d o m a in o w n e r:
|
Financial in fo rm a tio n :
O p e ra tin g e n v iro n m e n t:
%
N etra n g e :
U ser nam es an d p a ssw ords:
m
W h e n a d o m a in has been cre a te d :
N e tw o rk la y o u t in fo rm a tio n :
5 $
O th e rs:
1
Personal in fo rm a tio n :
m
D o m a in n a m e servers:
^5
Information obtained through social engineering
ft
D o m a in n a m e d e ta ils :
IP addresses a n d n am es o f servers:
ft
Information obtained through DNS footprinting
O th e rs:
L o c a tio n o f DNS servers:
^
T ype o f servers:
%A
O th e rs:
Information obtained through network footprinting
Information obtained through social netw orking sites
Range o f IP addresses:
B
Personal p ro file s :
S u b n e t m ask used b y th e ta r g e t o rg a n iz a tio n :
a
W o rk re la te d in fo rm a tio n :
^
OS's in use:
■
N ew s a n d p o te n tia l p a rtn e rs o f th e ta rg e t co m p a n y:
F ire w a ll lo c a tio n s :
£
E d u ca tio n a l a n d e m p lo y m e n t ba ckgrounds:
^
O th e rs:
1
O th e rs:
Copyright © by EG-C*ancil. All Rights Reserved. Reproduction is S trictly Prohibited.
F o o tp r in tin g
P e n T e s t in g R e p o r t T e m p la te s ( C o n t’ d )
Pen T e stin g R e p o rt
Inform ation obtained throi^ h WHOIS fooCjirifltnfc
|
Inform ation obtained through social engineering
Dom ain n am e details:
Q
Contact d etails o f dom ain o w n e r
£
■
Financial inform ation:
Dom ain nam e servers
ft
O perating en vironm ent:
Netrange:
ra
U sern am es and passwords:
?•
N etw ork layout information:
fcfc
W h en a dom ain has b e e n created:
^
O thers:
Inform ation obtained through D N S f £ £ $ B ! ^
^
ft
IP a d d r e s s e s and nam es o f servers:
* *
O thers:
Location o f DNS servers:
Type
^
Personal information:
of servers:
O thers:
Inform ation obtained throi^ h network foo tp rin t i/ift
| |
Range o f IP ad d resses:
4PQP S u b n et m as* u s e d by th e target organuation:
Inform ation obtained through social netw orking sites
■
Personal p ro fies:
■
W ort related information:
N e w s and potertiai partners of th e target company:
^
OS's in u se:
^
Rrewafl locations:
Educational and em p lo y m e n t b ack grou nd .
Others:
O thers:
a
FIGURE 2.49: Pen Testing R eport show ing in fo rm a tio n o b ta in e d th ro u g h fo o tp rin tin g and social engineering
M o d u le 0 2 P ag e 260
Ethical H acking a n d C o u n te rm e a s u re s C opyright © by EC-C0UnCil
All Rights R eserved. R ep ro d u ctio n is Strictly P ro h ib ite d .
Ethical Hacking a n d C o u n te rm e a s u re s
F o o tp rin tin g a n d R e c o n n a issa n c e
Exam 3 1 2 -5 0 C ertified Ethical H acker
Module Summary
| 0
□
Footprinting is the process o f collecting as much in fo rm a tio n as possible ab o ut a target
n etw ork, fo r id e ntifying various ways to in tru d e into an organization's ne tw o rk system
□
It reduces attacker's attack area to specific range o f IP address, networks, dom ain names,
rem ote access, etc.
□
Attackers use search engines to extract in fo rm a tio n about a target
□
In fo rm a tion obtained from target's w ebsite enables an attacker to build a detailed map o f
website's structu re and architecture
□
Com petitive intelligence is th e process o f identifying, gathering, analyzing, verifying, and using
in fo rm a tio n about yo u r com petitors from resources such as the Internet
□
DNS records provide im p o rta n t info rm a tio n ab o ut location and typ e o f servers
□
Attackers conduct trace ro u te to e xtract info rm a tio n about: n e tw o rk topology, trusted routers,
and firew all locations
□
Attackers gather sensitive info rm a tio n th ro u g h social engineering on social netw orking
websites such as Facebook, MySpace, Linkedln, Twitter, Pinterest, Google+, etc.
Copyright © by EG-C*ancil. All Rights Reserved. Reproduction is S trictly Prohibited.
M o d u le
S u m m a ry
F o otp rin tin g refers to uncovering and collecting as much in fo rm a tio n as possible about a
ta rg e t o f attack.
9
It reduces attacker's attack area to specific range o f IP address, netw orks, dom ain
names, rem ote access, etc.
©
A ttackers use search engines to e xtract in fo rm a tio n abo u t a target.
Info rm a tio n obtained fro m ta rg e t's w ebsite enables an a ttacker to build a detailed map
o f w ebsite's stru ctu re and architecture.
9
C om petitive intelligence is the process o f id e ntifyin g , gathering, analyzing, verifying, and
using in fo rm a tio n abo u t yo u r co m p e tito rs fro m resources such as the Inte rn e t.
9
DNS records provide im p o rta n t in fo rm a tio n about location and type o f servers.
Q
Attackers conduct tra ce ro u te to e xtract in fo rm a tio n about: n e tw o rk topology, tru sted
routers, and fire w a ll locations.
W Attackers gather sensitive in fo rm a tio n throu g h social engineering on social n e tw o rkin g
w ebsites such as Facebook, MySpace, Linkedln, T w itte r, Pinterest, Google+, etc.
M o d u le 0 2 Page 261
Ethical H acking a n d C o u n te rm e a s u re s C opyright © by EC-C0UnCil
All Rights R eserved. R ep ro d u ctio n is Strictly P ro h ib ite d .