Foot-printing Methodologies : Information Enriched ! — Shahrukh A. Siddiqui
Footprinting methodologies are as follows
- Footprinting through search engines
- Footprinting Using Advanced Google Hacking Techniques
- Footprinting through social networking sites
- Website footprinting
- Email Footprinting
- Competitive Intelligence
- WHOIS Footprinting
- DNS Footprinting
- Network Footprinting
- Footprinting Through Social Engineering
Footprinting through Search Engines
- Attackers use search engines to extract information about a target such as technology platforms, employee details, login pages, intranet portals, etc. which helps in performing social engineering and other types of advanced system attacks.
- Search engine caches and internet archives may also provide sensitive information that has been removed from the World Wide Web [www]
Finding Company’s Public and Restricted Websites
- Search the target company’s external URL in a search engine such as Google, Bing, etc.
- Restricted URLs provide an insight into different departments and business units in an organization.
- You may find a company’s restricted URLs by trial and error method or by using a service such as Netcraft
We will introduce Kali Linux later, for now we were linking those tools official websites
Determining the Operating System
There are many ways to determine the OS of a system or target machine. by using Nmap scanners and various others, but we are not going to mention such here as we never introduced the topic Scanning yet. We will come to all these once again late. For now, we suggest these.
- Use the Netcraft tool to determine the OSes in use by the target organization.
- Use SHODAN search engine that lets you find specific computers9 routers, servers, etc) using a variety of filters.
Collecting Local Information
- Use Google earth tool to get physical location of the target.
- Tools for finding Geographical Location
People Search: Social Networking Sites/People Search Services
- Social networking sites are the greatest source of personal and organizational information.
- Information about an individual can be found at various people search websites
- The people search returns the following information about a person or organization
- residential addresses and email addresses
- Contact numbers and date of birth
- Photos and social networking Profiles
- Blog URLs
- Satellite pictures of private residencies
- Upcoming projects and operating environment
- People search Online services
Gathering Information from Financial Services
Footprinting Through Job Sites
- You can gather company’s infrastructure details from job posting.
- Look for these.
- Job requirements
- Employee’s Profile
- Hardware information
- Software information
- Examples Of Job Sites
Information Gathering Using Groups, Forums, and Blogs
- Groups, Forums, and blogs provide sensitive information about a target such as public network information, system Information, Personal Information, etc.
- Register with fake profiles in Google groups, Yahoo groups, etc. and try to join the target organization’s employee groups where they share personal and company information.
- Search for information by Fully Qualified Domain Names (FQDNs), IP addresses, and Usernames in groups, forums, and blogs.
Footprinting Using Advance Google Hacking Techniques
Query String: Google Hacking refers to creating complex search queries in order to extract sensitive or Hidden Information.
Vulnerable Targets: It helps attackers to find Vulnerable targets.
Google Operators: It uses advanced Google search operators to locate the specfic string of text within the search results.
Google Advanced Search Operators
Google supports several advanced operators that helps in modifying the search.
[cache: ] — -> Display the web pages stored in the Google cache
[link: ] — -> Lists web pages that have links to the specific web pages
[related: ] — -> Lists web pages that are similar to a specified web page
[info: ] — → Presents some information that Google has about a particular web page
[site: ] — -> Restricts the results to those websites in the given domain
[allintitle: ] — -> Restricts the results to those websites with all of the search keyword in the title
[intitle: ] — -> Restrict the results to documents containing the search keyword in the title
[allinurl: ] — -> Restricts the result to those with all of the search keyword in the URL
[inurl:] — -> Restricts the results to documents containing the search keyword in the URL
- Google Hacking Databases
- Information gathering Using Google Advanced Search
- Use Google advanced search option to find sites that may link back to the target company’s website
- This may extract information such as partners, vendors, clients, and other affiliations for target website
- With Google advanced search option, you can search web more precisely and accurately
Footprinting through Social Networking Sites
- Attackers use social engineering tricks to gather sensitive information for social networking websites such as Facebook, MySpace, LinkedIn, Twitter, Pinterest, Google+, etc.
- Attackers create a fake profile on social networking sites and then use the false identity to lure the employees to give their sensitive information.
- Employees may post personal information such as date of birth, educational and employment background, spouses names, etc. and information about their company such as potential clients and business partners, trade secrets of business, websites, company’s upcoming news, mergers, acquisitions, etc.
- Attackers collect information about employee’s interests by tracking their groups and then trick the employee to reveal more information.
Website Footprinting using Web Spiders
- Web spiders perform automated searches on the target website and collect specified information such as employee name, email addresses, etc.
- Attackers use the collected information to perform further footprinting and social engineering attacks
Mirroring Entire Website
There is not much to explain separately about This Footprinting, it is same as the rest but the tools we use to find information varies.
WHOIS databases are maintained by Regional Internet Registries and contain the personal information of domain owner.
WHOIS query returns:
- Domain name details
- Contact details of domain owner
- Domain name servers
- When a Domain has been created
- Expiry Records
- Records last Updated
Here are some WHOIS Lookup Tools
As already explained everything, now we are trying to know about the DNS information.
An attacker can gather DNS Information to determine key hosts in the network and can perform social engineering attacks.
DNS Interrogation Tools
Locate the Network Range
- Network range information assists attackers to create a map of the target network
- Find the range of IP Addresses using ARIN whois database search tool
- You can find the range of IP address and the subnet mask used by the target organization from Regional Internet Registry (RIR)
- TraceRoute programmes work on the concept of ICMP protocol and use the TTL field in the header of ICMP packets to discover the routes on the path to a target host.
- Attackers conduct traceroute to extract information about: network topology, trusted routers, and Firewall locations.
- By putting all these information together, attackers can draw the network diagram
Footprinting through Social Engineering
- Social Engineering is an art of exploiting human behavior to extract confidential Information
- Social Engineering depends on the fact that people are unaware of their valuable information and are careless about protecting it
- Social Engineering Attempt to gather:
- Credit card details and security number
- Usernames and Passwords
- Security products in use
- Operating systems and software versions
- Network layout information
- IP addresses and names of servers
- Social Engineering Techniques:
- Shoulder surfing
- Dumpster Diving
- Impersonation on social network sites
- Eavesdropping is unauthorized listening of conversations or reading messages
- It is interception of any form of communication such as audio, video, or written
- It is a technique, where attackers secretly observes the target to gain critical information
- Attackers gather information such as passwords, personal identification number, account numbers, credit card information, etc.
- It is looking for treasure in someone else’s trash
- It involves the collection of phone bills, contact information, financial information, operations related information, etc from the target company’s trash bins, user desk for sticky notes, etc.
Originally published at https://shahrukhathar.info on November 24, 2017.