Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
0 2
F o o t p r in t in g
a n d
R e c o n n a is s a n c e
M o d u le 0 2
E th ic a l H a c k in g a n d C o u n te r m e a s u r e s v 8 M o d u l e 0 2 : F o o t p r i n t i n g a n d R e c o n n a is s a n c e E xa m 3 1 2 -5 0
M o d u le 0 2 P ag e 92
Ethical H acking a n d C o u n te rm e a s u re s C opyright by EC-C0UnCil All Rights R eserved. R ep ro d u ctio n is Strictly P ro h ib ite d .
S e c u r it y
ABO UT US PRO DUCTS
N e w s
N E W S A pril 1a 2 0 1 2
Facebook contains a "treasure trove" of personally identifiable information that hackers manage to get their hands on. A report by Imperva revealed that users' "general personal information" can often include a date of birth, home address and sometimes mother's maiden name, allowing hackers to access this and other websites and applications and create targeted spearphishing campaigns. It detailed a concept I call "friend-mapping", where an attacker can get further knowledge of a users circle of friends; having accessed their account and posing as a trusted friend, they can cause mayhem. This can include requesting the transfer of funds and extortion. Asked why Facebook is so important to hackers, Imperva senior security strategist Noa Bar-Yosef said: "People also add work friends on Facebook so a team leader can be identified and this can lead to corporate data being accessed, project work being discussed openly, while geo-location data can be detailed for military intelligence." "Hacktivism made up 58 per cent of attacks in the Verizon Data Breach Intelligence Report, and they are going after information on Facebook that can be used to humiliate a person. All types of attackers have their own techniques."
http://www.scmogazineuk.com
am us u ii
S e c u r ity N e w s F a c e b o o k a ,t r e a s u r e t r o v e o f P e r s o n a l l y I d e n t i f i a b l e In fo r m a tio n
Source: h ttp ://w w w .scm a ga zin e uk.co m Facebook contains a "treasure tro v e " o f p erson a lly id e n tifia b le in fo rm a tio n th a t hackers manage to get th e ir hands on. A re p o rt by Im perva revealed th a t users' "general personal in fo rm a tio n " can o fte n include a date o f b irth , hom e address and som etim es m o the r's m aiden name, a llow ing hackers to access this and o th e r w ebsites and applications and create targe te d spearphishing campaigns. It detailed a concept I call "frie n d -m a p p in g ", w here an a ttacker can get fu rth e r know ledge o f a user's circle o f friends; having accessed th e ir account and posing as a tru ste d frie n d, th e y can cause m ayhem . This can include requesting the tra n sfe r o f funds and e xto rtio n . Asked w hy Facebook is so im p o rta n t to hackers, Im perva se nior se curity strategist Noa BarYosef said: People also add w o rk friends on Facebook so a team leader can be id e n tifie d and this can lead to co rp orate data being accessed, p ro ject w o rk being discussed openly, w hile geolocation data can be detailed fo r m ilita ry intelligence."
M o d u le 0 2 P ag e 93
Ethical H acking a n d C o u n te rm e a s u re s C opyright by EC-C0UnCil All Rights R eserved. R ep ro d u ctio n is Strictly P ro h ib ite d .
"H acktivism made up 58 per cent o f attacks in the V erizon Data Breach Inte llige n ce R eport, and th e y are going a fte r in fo rm a tio n on Facebook th a t can be used to h um ilia te a person. All types o f attackers have th e ir own techniques." On how attackers get a password in the firs t place, Imperva claim ed th a t d iffe re n t keyloggers are used, w hile phishing kits th a t create a fake Facebook login page have been seen, and a m ore p rim itive m ethod is a brute force attack, w here the a ttacker repeatedly a tte m p ts to guess the user's password. In m ore extrem e cases, a Facebook a d m in is tra to rs rights can be accessed. A lthough it said th a t this requires m ore e ffo rt on the hacker side and is n ot as prevalent, it is the "h o ly g ra il" o f attacks as it provides the hacker w ith data on all users. On p ro te ctio n , Bar-Yosef said the ro ll-o u t o f SSL across the w h o le w ebsite, ra the r than ju s t at the login page, was effective, b ut users still needed to o p t in to this.
By Dan Raywood
h t t p : / / w w w . s c m a g a z i n e . c o m . a u / F e a t u r e / 2 6 5 0 6 5 , d ig i t i a l - i n v e s t i g a t i o n s - h a v e - m a t u r e d . a s p x
M o d u le 0 2 P ag e 94
Ethical H acking a n d C o u n te rm e a s u re s C opyright by EC-C0UnCil All Rights R eserved. R ep ro d u ctio n is Strictly P ro h ib ite d .
M o d u le
O b je c t iv e s
C E H
J J J J
J J J J
W
J J J J W e b s ite F o o tp r in tin g E m a il F o o tp r in tin g C o m p e titiv e In te llig e n c e F o o tp r in tin g U s in g G o o g le
J J J
t t t f
M o d u le
O b je c tiv e s
This m odule w ill make you fam iliarize w ith th e follo w in g : e e e F o otp rin tin g Term inologies W h a t Is Footprinting? O bjectives o f F o otp rin tin g F o otp rin tin g Threats F ootp rin tin g throu g h Search Engines W ebsite F ootprinting Email F o otp rin tin g C om petitive Intelligence F o otp rin tin g Using Google WHOIS F o otp rin tin g DNS F o otp rin tin g N e tw o rk F o otp rin tin g F o otp rin tin g throu g h Social Engineering F o otp rin tin g throu g h Social N etw orking Sites F o otp rin tin g Tools F o otp rin tin g Counterm easures F o otp rin tin g Pen Testing
M o d u le 0 2 P ag e 9 5
Ethical H acking a n d C o u n te rm e a s u re s C opyright by EC-C0UnCil All Rights R eserved. R ep ro d u ctio n is Strictly P ro h ib ite d .
M o d u le
F lo w
Ethical hacking is legal hacking conducted by a p en e tratio n te ste r in o rd er to evaluate the security o f an IT in fra s tru c tu re w ith the perm ission o f an organization. The concept o f ethical hacking cannot be explained or cannot be p erform ed in a single step; th e re fo re , it has been divided in to several steps. F o otp rin tin g is the firs t step in ethical hacking, w here an a ttacker trie s to gather in fo rm a tio n abo u t a target. To help you b e tte r und e rstan d fo o tp rin tin g , it has been d istrib u te d into various sections:
Xj
[|EJ
C J
F o o tp rin tin g M e th o d o lo g y
M o d u le 0 2 P ag e 9 6
Ethical H acking a n d C o u n te rm e a s u re s C opyright by EC-C0UnCil All Rights R eserved. R ep ro d u ctio n is Strictly P ro h ib ite d .
The F o o tp rin tin g Concepts section fam iliarizes you w ith fo o tp rin tin g , fo o tp rin tin g term in o lo g y, w hy fo o tp rin tin g is necessary, and th e objectives o f fo o tp rin tin g .
M o d u le 0 2 P ag e 9 7
Ethical H acking a n d C o u n te rm e a s u re s C opyright by EC-C0UnCil All Rights R eserved. R ep ro d u ctio n is Strictly P ro h ib ite d .
F o o t p r in t in g T e r m in o lo g y
CEH
Anonymous Footprinting
Gather inform ation from sources where the au thor o f the info rm atio n cannot be identified or traced
Pseudonymous Footprinting
Collect inform ation that might be published under a diffe ren t name in an attem pt to preserve privacy
Internet Footprinting
Collect inform ation about a target from the Internet
OO ooo
O O
F o o tp r in tin g
T e r m in o lo g y
Before going deep in to the concept, it is im p o rta n t to know th e basic te rm in o lo g y used in fo o tp rin tin g . These term s help you understand the concept o f fo o tp rin tin g and its structures. O p e n S o u rc e o r P a s s iv e I n f o r m a t io n G a t h e r in g Open source or passive in fo rm a tio n gathering is the easiest way to collect in fo rm a tio n about the ta rg e t organization. It refers to the process o f gathering in fo rm a tio n fro m the open sources, i.e., publicly available sources. This requires no d ire ct contact w ith the ta rg e t o rg an iza tion . Open sources may include newspapers, television, social n e tw o rkin g sites, blogs, etc. Using these, you can gather in fo rm a tio n such as n e tw o rk boundaries, IP address reachable via the Inte rn e t, operating systems, w eb server so ftw a re used by the ta rg e t n etw o rk, TCP and UDP services in each system, access co n tro l mechanisms, system architecture, in tru sion d etection systems, and so on. A c tiv e I n f o r m a t io n G a th e r in g In active in fo rm a tio n gathering, process attackers m ainly focus on the em ployees o f
!,n 'nVn'nVI
M o d u le 0 2 P ag e 9 8
Ethical H acking a n d C o u n te rm e a s u re s C opyright by EC-C0UnCil All Rights R eserved. R ep ro d u ctio n is Strictly P ro h ib ite d .
th e ta rg e t organization. Attackers try to e xtract in fo rm a tio n fro m the em ployees by conducting social engineering: on-site visits, interview s, questionnaires, etc. A n o n y m o u s F o o tp r in tin g This refers to the process o f collecting in fo rm a tio n fro m sources anonym ously so th a t yo ur e ffo rts cannot be traced back to you. < i P s e u d o n y m o u s F o o t p r i n t i n g Pseudonymous fo o tp rin tin g refers to the process o f collecting in fo rm a tio n fro m the sources th a t have been published on the In te rn e t b ut is n ot d ire ctly linked to the a u th o r's nam e. The in fo rm a tio n may be published under a d iffe re n t name or the a u th o r may have a w ell-established pen name, or the a u th o r may be a co rp orate or gove rn m e n t official and be p ro h ib ite d fro m posting under his or her original nam e. Irrespective o f the reason fo r hiding the a uth or's name, collecting in fo rm a tio n fro m such sources is called pseudonym ous. r *s O r g a n iz a t io n a l o r P r iv a te F o o t p r in t in g Private f o o tp r in t" " in g involves collecting in fo rm a tio n fro m an organization's w e b based calendar and em ail services. | | I n te r n e t F o o tp r in tin g In te rn e t fo o tp rin tin g refers to the process o f collecting in fo rm a tio n o f th e ta rg e t organization's connections to the Internet.
V t 4 THI 4
4
M o d u le 0 2 P ag e 9 9
Ethical H acking a n d C o u n te rm e a s u re s C opyright by EC-C0UnCil All Rights R eserved. R ep ro d u ctio n is Strictly P ro h ib ite d .
h a t I s
F o o t p r in t in g ?
D eterm ine th e op eratin g system used, pla tfo rm s running , w eb server versions, etc.
di i iH a
a f, a a
W h a t Is F o o tp r in tin g ? F o otprinting, the firs t step in ethical hacking, refers to the process o f collecting in fo rm a tio n about a ta rg e t n e tw o rk and its environ m e n t. Using fo o tp rin tin g you can find various ways to in tru d e in to th e ta rg e t organization's n e tw o rk system. It is considered m e th o d o lo g ic a l" because critical in fo rm a tio n is sought based on a previous discovery. Once you begin the fo o tp rin tin g process in a m ethodological m anner, you w ill obtain the b lu e p rin t o f the security p ro file o f the ta rg e t organization. Here the te rm "b lu e p rin t" is used because the result th a t you get at the end o f fo o tp rin tin g refers to the unique system p ro file of the ta rg e t organization. There is no single m etho d olog y fo r fo o tp rin tin g as you can trace in fo rm a tio n in several routes. However, this a ctivity is im p o rta n t as all crucial in fo rm a tio n needs to be gathered before you begin hacking. Hence, you should carry o u t the fo o tp rin tin g precisely and in an organized m anner. You can collect in fo rm a tio n about the ta rg e t organization throu g h the means o f fo o tp rin tin g in fo u r steps: 1. 2. Collect basic in fo rm a tio n about the ta rg e t and its n e tw o rk D eterm ine the operating system used, p latform s running, w eb server versions, etc.
M o d u le 0 2 P ag e 100
Ethical H acking a n d C o u n te rm e a s u re s C opyright by EC-C0UnCil All Rights R eserved. R ep ro d u ctio n is Strictly P ro h ib ite d .
3. 4.
Perform techniques such as W hois, DNS, n e tw o rk and organizational queries Find vu ln era b ilitie s and exploits fo r launching attacks
F urtherm ore, we w ill discuss how to collect basic in fo rm a tio n , d e te rm in e ope ra tin g system o f ta rg e t co m puter, p la tfo rm s running, and w eb server versions, various m ethods o f fo o tp rin tin g , and how to find and e x p lo it v u ln e ra b ilitie s in detail.
M o d u le 0 2 P ag e 101
Ethical H acking a n d C o u n te rm e a s u re s C opyright by EC-C0UnCil All Rights R eserved. R ep ro d u ctio n is Strictly P ro h ib ite d .
h y
F o o t p r in t in g ?
C E H
Urti*W itkM l lUckw
I'n'n'r'n'n'
W h y F o o tp r in tin g ? For attackers to build a hacking strategy, th e y need to gather in fo rm a tio n about the
ta rg e t organization's n etw o rk, so th a t th e y can find the easiest way to break in to the o rg a n iza tio n 's se curity p e rim e te r. As m en tion e d previously, fo o tp rin tin g is the easiest way to gather in fo rm a tio n abo u t the ta rg e t organization; this plays a vital role in the hacking process. F o o tp rin tin g helps to : K now S ecurity Posture
P erform ing fo o tp rin tin g on the ta rg e t organization in a system atic and m ethodical m anner gives the com plete p ro file o f the organization's security posture. You can analyze this re p o rt to figure o u t loopholes in the security posture o f yo u r ta rg e t organization and the n you can build y o u r hacking plan accordingly. Reduce A tta ck Area
By using a com bination o f too ls and techniques, attackers can take an unknow n e n tity (for exam ple XYZ O rganization) and reduce it to a specific range o f dom ain names, n e tw o rk blocks, and individual IP addresses o f systems d ire ctly connected to the Inte rn e t, as w ell as m any o th e r details pertaining to its se curity posture. Build In fo rm a tio n Database
M o d u le 0 2 P ag e 102 Ethical H acking a n d C o u n te rm e a s u re s C opyright by EC-C0UnCil All Rights R eserved. R ep ro d u ctio n is Strictly P ro h ib ite d .
A detailed
fo o tp rin t
provides
m axim um
in fo rm a tio n
about the
ta rg e t organization.
A ttackers can build th e ir ow n in fo rm a tio n database about security weakness o f the targe t organization. This database can then be analyzed to find the easiest way to break in to the organization's security p erim eter. D raw N e tw o rk M ap
C om bining fo o tp rin tin g techniques w ith too ls such as Tracert allows the a ttacker to create n e tw o rk diagrams o f the ta rg e t organization's n e tw o rk presence. This n e tw o rk map represents th e ir understanding o f the ta rg e ts In te rn e t fo o tp rin t. These n e tw o rk diagrams can guide the attack.
M o d u le 0 2 P ag e 103
Ethical H acking a n d C o u n te rm e a s u re s C opyright by EC-C0UnCil All Rights R eserved. R ep ro d u ctio n is Strictly P ro h ib ite d .
O b je c t iv e s
o f F o o t p r in t in g
C E H
0 0 0 0
Domain name Internal domain names Network blocks IP addresses of the reachable systems Rogue websites/private websites TCP and UDP services running Access control Mechanisms and ACL's
-* Networking protocols 0 0 0 0 0 tf VPN Points ACLs IDSes running Analog/digital telephone numbers Authentication mechanisms System Enumeration
0 0 0
1v
Collect System Information
0 0 0
Employee details Organization's website Company directory Location details Address and phone numbers
0 0 0 0 0
Comments in HTML source code Security policies implemented Web server links relevant to the organization Background of the organization News articles/press releases
0 0
O b je c tiv e s o f F o o t p r in t in g The in fo rm a tio n , m ajor system objectives o f fo o tp rin tin g and the include collecting the ta rg e t's n e tw o rk o ut
in fo rm a tio n ,
organizational
in fo rm a tio n .
By carrying
fo o tp rin tin g at various n e tw o rk levels, you can gain in fo rm a tio n such as: n e tw o rk blocks, n e tw o rk services and applications, system a rchitecture, intrusion d ete ction systems, specific IP addresses, and access co n tro l mechanisms. W ith fo o tp rin tin g , in fo rm a tio n such as em ployee names, phone num bers, contact addresses, designation, and w o rk experience, and so on can also be obtained. C o lle c t N e tw o r k I n f o r m a t io n The n e tw o rk in fo rm a tio n can be gathered by p erfo rm ing a W hois database analysis, trace ro u tin g , etc. includes: Q Q Q - Domain name Internal dom ain names N e tw o rk blocks IP addresses o f the reachable systems Rogue w e b site s/p riva te w ebsites
M o d u le 0 2 P ag e 104
Ethical H acking a n d C o u n te rm e a s u re s C opyright by EC-COUIICil All Rights R eserved. R ep ro d u ctio n is Strictly P ro h ib ite d .
Q Q 9
TCP and UDP services running Access co n tro l mechanisms and ACLs N e tw orking protocols VPN points ACLs IDSes running A na lo g /d ig ita l telephone num bers A u th e n tica tio n mechanisms System e nu m eration
C o lle c t S y s te m I n f o r m a t io n
Q Q Q Q Q
User and group names System banners Routing tables SNMP in fo rm a tio n System arch itectu re Remote system type System names Passwords
C o lle c t O r g a n iz a t io n s I n f o r m a t io n Q Q Q Q Q Q Q Q U Employee details O rganization's w ebsite Company d ire cto ry Location details Address and phone num bers Com m ents in HTML source code Security policies im p lem ented W eb server links relevant to the organization Background o f the organization News articles/press releases
M o d u le 0 2 P ag e 105
Ethical H acking a n d C o u n te rm e a s u re s C opyright by EC-C0UltCil All Rights R eserved. R ep ro d u ctio n is Strictly P ro h ib ite d .
M o d u le
F lo w
So far, we discussed fo o tp rin tin g concepts, and now we w ill discuss the threa ts associated w ith fo o tp rin tin g :
O L)
F o o tp rin tin g M e th o d o lo g y
xi ?*
The F ootp rin tin g Threats section fam iliarizes you w ith the threa ts associated w ith fo o tp rin tin g such as social engineering, system and n e tw o rk attacks, corporate espionage, etc.
M o d u le 0 2 P ag e 106
Ethical H acking a n d C o u n te rm e a s u re s C opyright by EC-C0UnCil All Rights R eserved. R ep ro d u ctio n is Strictly P ro h ib ite d .
F o o t p r in t in g
T h r e a ts
Types off T h re a ts
I n f o r m a t io n L e a ka g e
P riv a c y Loss
C o rp o ra te E s p io n a g e
B u s in e s s Loss
J .
F o o tp r in tin g -0-
T h re a ts
As discussed previously, attackers p erfo rm fo o tp rin tin g as the firs t step in an a tte m p t to hack a ta rg e t o rg an iza tion . In the fo o tp rin tin g phase, attackers try to collect valuable system level in fo rm a tio n such as account details, operating system and o th e r so ftw a re versions, server names, and database schema details th a t w ill be useful in the hacking process. The fo llo w in g are various threa ts due to fo o tp rin tin g : S o c ia l E n g in e e r in g W ith o u t using any intrusion m ethods, hackers d ire ctly and in d ire ctly collect
in fo rm a tio n throu g h persuasion and various o th e r means. Here, crucial in fo rm a tio n is gathered by th e hackers throu g h em ployees w ith o u t th e ir consent. S y s te m a n d N e tw o r k A tta c k s F ootp rin tin g helps an a ttacker to p erfo rm system and n e tw o rk attacks. Through fo o tp rin tin g , a ttackers can g ath er in fo rm a tio n related to the ta rg e t organization's system co nfig u ra tion , operating system running on the m achine, and so on. Using this in fo rm a tio n , attackers can find the vu ln era b ilitie s present in the ta rg e t system and then can exploit those
M o d u le 02 P ag e 107
Ethical H acking a n d C o u n te rm e a s u re s C opyright by EC-C0UnCil All Rights R eserved. R ep ro d u ctio n is Strictly P ro h ib ite d .
v u ln e ra b ilitie s . Thus, attackers can take co ntro l over a ta rg e t system. Sim ilarly, attackers can also take co n tro l over the e ntire n etw o rk. p a , & In fo r m a tio n L e a k a g e In fo rm a tio n leakage can be a great th re a t to any organization and is o fte n overlooked.
L 3 3
If sensitive organizational in fo rm a tio n falls in to the hands o f attackers, then th e y can build an attack plan based on the in fo rm a tio n , o r use it fo r m o n e ta ry benefits. G P P r iv a c y L
o s s
W ith the help o f fo o tp rin tin g , hackers are able to access the systems and netw orks o f
the com pany and even escalate the privileges up to adm in levels. W h a te ve r privacy was m aintained by the com pany is co m p lete ly lost. C o r p o r a t e E s p io n a g e C orporate espionage is one o f the m ajor threa ts to com panies as co m p e tito rs can spy and a tte m p t to steal sensitive data th ro u g h fo o tp rin tin g . Due to this type o f espionage, co m p e tito rs are able to launch sim ilar products in the m arket, affecting the m arket position o f a com pany. B u s in e s s L o s s F o otp rin tin g has a m ajor e ffe ct on businesses such as online businesses and o th e r ecom m erce w ebsites, banking and financial related businesses, etc. Billions o f dollars are lost every year due to m alicious attacks by hackers.
M o d u le 0 2 P ag e 108
Ethical H acking a n d C o u n te rm e a s u re s C opyright by EC-C0UnCil All Rights R eserved. R ep ro d u ctio n is Strictly P ro h ib ite d .
M o d u le
F lo w
Now th a t you are fa m ilia r w ith fo o tp rin tin g concepts and threats, we w ill discuss the fo o tp rin tin g m ethodology. The fo o tp rin tin g m e thodology section discusses various techniques used to collect in fo rm a tio n about the ta rg e t o rg a n iza tio n fro m d iffe re n t sources.
G O
F o o tp rin tin g M e th o d o lo g y
v!
M o d u le 0 2 P ag e 109
Ethical H acking a n d C o u n te rm e a s u re s C opyright by EC-C0UnCil All Rights R eserved. R ep ro d u ctio n is Strictly P ro h ib ite d .
F o o t p r in t in g M e t h o d o lo g y
E H
WHOIS Footprinting
DNS Footprinting
Email Footprinting
Network Footprinting Footprinting through Social Engineering Footprinting through Social Networking Sites
Competitive Intelligence
I ^ F o o tp r in tin g M e th o d o lo g y
The fo o tp rin tin g m etho d olog y is a procedural way o f co lle ctin g in fo rm a tio n about a ta rg e t organization fro m all available sources. It deals w ith gathering in fo rm a tio n abo u t a targe t organization, d e te rm in in g URL, location, establishm ent details, num ber o f em ployees, the specific range o f dom ain names, and contact in fo rm a tio n . This in fo rm a tio n can be gathered fro m various sources such as search engines, W hois databases, etc. Search engines are the main in fo rm a tio n sources w here you can find valuable in fo rm a tio n about y o u r ta rg e t o rg an iza tion . Therefore, firs t we w ill discuss fo o tp rin tin g throu g h search engines. Here we are going to discuss how and w h a t in fo rm a tio n we can collect throu g h search engines. Examples o f search engines include: w w w .g o o g le .c o m ,w w w .y a h o o .c o m ,w w w .bing.com
M o d u le 0 2 P ag e 110
Ethical H acking a n d C o u n te rm e a s u re s C opyright by EC-C0UnCil All Rights R eserved. R ep ro d u ctio n is Strictly P ro h ib ite d .
F o o tp r in tin g E n g in e s
th ro u g h
S e a rc h
A tta cke rs use search e n gines to e x tra c t in fo rm a tio n a b o u t a ta r g e t such as te c h n o lo g y p la tfo rm s , e m p lo y e e de ta ils, login pages, in tra n e t p o rta ls , etc. w h ic h helps in p e rfo rm in g social e n g in e e rin g and o th e r ty p e s o f ad vanced system a ttacks
ndP >bur*, A jn4 1V: nth Microsoft 0aM us !*> > **rcicspthi Mciim*Cxivxaco M C .rr 1 nmAnmw M CDM Tzerperator
M icrosoft
i1 m :a miiwm 1yw < nwm M iM S O O S< 1 1 Mr* & IIMl tv|h *tiV .row *Midm Int 3 1aptntnj
11b M -n a r'MI* 1h ehut tot crtM da nM m jMhiM trfQ ur* *rtV /Kti *1m M arot* >* S nc. in 1*101 11 < p n u > V' tnw -* a n s*
F o o tp r in tin g th r o u g h
w , -----
S e a r c h E n g in e s
A w eb search engine is designed to search fo r in fo rm a tio n on the W orld W ide W eb. The search results are generally presented in a line o f results o fte n referred to as search engine results pages (SERPs). In the present w o rld , many search engines a llo w you to e xtract a ta rg e t organization's in fo rm a tio n such as technology platform s, em ployee details, login pages, in tra n e t portals, and so on. Using this in fo rm a tio n , an a ttacker may build a hacking stra teg y to break in to the ta rg e t organization's n e tw o rk and may carry o u t o th e r types o f advanced system attacks. A Google search could reveal submissions to forum s by security personnel th a t reveal brands o f fire w a lls or a n tiviru s s o ftw a re in use at the target. Som etim es even n e tw o rk diagrams are fou n d th a t can guide an attack. If you w a n t to fo o tp rin t the ta rg e t organization, fo r exam ple XYZ pvt ltd, the n type XYZ pvt ltd in the Search box o f the search engine and press Enter. This w ill display all the search results containing the keywords "XYZ pvt ltd ." You can even n arro w dow n the results by adding a specific keyw ord w h ile searching. Furtherm ore, we w ill discuss o th e r fo o tp rin tin g tech n iq ue s such as w ebsite fo o tp rin tin g and em ail Footprinting. For exam ple, consider an organization, perhaps M icroso ft. Type M icro so ft in the Search box o f a search engine and press Enter; this w ill display all the results containing in fo rm a tio n about M icroso ft. Browsing the results may provide critical in fo rm a tio n such as physical lo ca tion ,
M o d u le 0 2 P ag e 111
Ethical H acking a n d C o u n te rm e a s u re s C opyright by EC-C0UnCil All Rights R eserved. R ep ro d u ctio n is Strictly P ro h ib ite d .
co nta ct address, the services o ffered, n um ber o f em ployees, etc. th a t may prove to be a valuable source fo r hacking.
O wcbcachc.googleusercontent.com
scarch?q-cache:ARbFVg INvoJ:cn.wikipcdia.org/wiki/Micn &
,|
This is Google's cache of http i/e n wikipedia 0 rgAviki/Microsoft t is a snapshot of the page as it appeared on 17 Jul 2012 13:15:03 GMT The current page could have changed in the meantirre Learn more Text-only /ersicn
Read
View source
View history
Microsoft
From Wikipedia. the free encyclopedia - 47'38*22 55N 12274242W Main page Contents Featured content Current events Random artide Donate to vviKipeaia Interaction
Microsoft Corporation (NASDAQ: MSFTt? ) is ar American multinational corporation headquartered n ReJrrond. Washington. United States that develops, manufactures licenses, and supports a wide range cf products ard services rolatod to computing. Tho company was foundoc by Bill Gatos and Paul Allen on Apr J 4. 1975. Microsoft is the world's largest software corporation measured by revenues Microsoft was established to develop and sell BASC inteipieteis foi the Altai! 8800 II rose 1 0 dominate the home computer operating system market wth MS-OOS n the mid 1980s followed by the Microsoft Wndows line of operating systems The companys 1986 initial public oferng. and subsequent rise in the share price, created ar estimated three billionaires and 12.000 millionaires from Microsoft employees Since the 1990s. the company has increasingly dr\ersrf1 ed from the operating system market. In May 2011 Microsoft acquired Skype for $8 5 billion in its largest acquisition to date PI
M icro so rt corporation M
Type Traded as
ic r o s o f t
Rjblc NASDAQ: MSFT ^ SEHK: 4333 ( > Cow Jones Industrial Average component NASDAQ-100 component S&P50D component Computer tofiwar Onlir t#rvic Video gorroo Albuquerque, New Mexico, United States (April 4,1975) Bill Gates, Paul Alien
Help
About Wikipedia Community portal Recent changes Contact Wikipedia
Induttry
Founded Founder()
Print/export Languages
FIGURE 2 .1 : S c re e n s h o t s h o w in g in fo r m a tio n a b o u t M ic ro s o ft
As an ethical hacker, if you find any sensitive in fo rm a tio n o f yo u r com pany in the search engine result pages, you should rem ove th a t in fo rm a tio n . A lthough you rem ove the sensitive in fo rm a tio n , it may still be available in a search engine cache. Therefore, you should also check the search engine cache to ensure th a t the sensitive data is rem oved p e rm a n e n tly.
M o d u le 0 2 P ag e 112
Ethical H acking a n d C o u n te rm e a s u re s C opyright by EC-C0UnCil All Rights R eserved. R ep ro d u ctio n is Strictly P ro h ib ite d .
F in d in g
C o m p a n y s E x t e r n a l a n d C E H
In te rn a l U R L s
Search fo r th e ta rg e t com pany's exte rna l URL in a search engine such as Google o r Bing Interna l URLs pro v id e an in sig h t in to d iffe re n t d e p a rtm e n ts and business u n its in an organization You m ay fin d an in te rn a l com pany's URL by tria l and e rro r m e th o d 5 6
A
Internal URLs of microsoft.com
t) e s 0 su p p o rt.m ic ro so ft.c o m o ffic e .m ic ro so ft.c o m se a rc h .m ic ro so ft.c o m m sd n .m ic ro so ft.c o m
f j ^
F in d in g
C o m p a n y s E x te rn a l a n d In te r n a l U R L s
A com pany's external and internal URLs provide a lo t o f useful in fo rm a tio n to the attacker. These URLs describe the com pany and provide details such as the com pany mission and vision, history, products or services o ffered, etc. The URL th a t is used o u tsid e th e co rp o ra te n e tw o rk fo r accessing the com pany's vault server via a fire w a ll is called an external URL. It links d ire ctly to the com pany's external w eb page. The ta rg e t com pany's external URL can be dete rm ine d w ith the help o f search engines such as Google o r Bing. If you w a n t to find the external URL o f a com pany, fo llo w these steps: 1. 2. Open any o f the search engines, such as Google or Bing. Type th e name o f the ta rg e t com pany in the Search box and press Enter.
The in terna l URL is used fo r accessing the com pany's va ult server d ire ctly inside th e corporate n etw o rk. The in terna l URL helps to access the internal fun ctio ns o f a com pany. M ost companies use com m on fo rm a ts fo r in terna l URLs. Therefore, if you know th e e xte rn a l URL o f a com pany, you can p redict an in terna l URL throu g h tria l and error. These in terna l URLs provide insight into d iffe re n t d ep a rtm e nts and business units in an organization. You can also find the in terna l URLs o f an organization using tools such as netcraft. Tools to Search In te rn a l URLs
M o d u le 0 2 P ag e 113
Ethical H acking a n d C o u n te rm e a s u re s C opyright by EC-C0UnCil All Rights R eserved. R ep ro d u ctio n is Strictly P ro h ib ite d .
N e tc ra ft Source: h ttp ://n e w s .n e tc ra ft.c o m N e tcra ft deals w ith w eb server, w eb hosting m arke t-sh are analysis, and operating system d ete ction . It provides free anti-phishing to o lb a r (Net cra ft to o lb a r) fo r Firefox as w ell as In te rn e t Explorer browsers. The n etcra ft to o lb a r avoids phishing attacks and p rotects the In te rn e t users fro m fraudsters. It checks th e risk rate as w ell as the hosting location o f the w ebsites we visit. L in k E x tra c to r Source: h ttp ://w w w .w e b m a s te r-a .c o m /lin k -e x tra c to r-in te rn a l.p h p Link E xtractor is a link extraction u tility th a t allows you to choose betw een external and internal URLs, and w ill re turn a plain list o f URLs linked to or an h tm l list. You can use this u tility to c o m p e tito r sites. Examples o f in te rn a l URLs o f m icro so ft.co m : su pp o rt.m icro so ft.co m o ffice .m icroso ft.co m search.m icrosoft.com m sdn.m icrosoft.com u pd ate.m icrosoft.com tech n e t.m icro so ft.co m w in d ow s.m icro so ft.co m
M o d u le 0 2 P ag e 114
Ethical H acking a n d C o u n te rm e a s u re s C opyright by EC-C0UnCil All Rights R eserved. R ep ro d u ctio n is Strictly P ro h ib ite d .
P u b lic a n d R e s t r ic t e d W e b s it e s
C E H
Urt1fw4 ilh iu l lUtbM
W e lc o m etoM ic ro s o ft
Irocua
D t+ n o a S z
Sicuity S tifpcrt Su
http://www.microsoft.com
http://offlce.microsoft.com
http://answers.microsoft.com
Public Website
R estricted Website
Copyright by EG-G(IIIICil. All Rights Reserved. Reproduction is Strictly Prohibited.
P u b lic
a n d R e s t r ic t e d W e b s ite s
___ , A public w ebsite is a w ebsite designed to show the presence o f an organization on the Inte rn e t. It is designed to a ttra c t custom ers and p artners. It contains in fo rm a tio n such as com pany history, services and products, and contact in fo rm a tio n o f the organization. The fo llo w in g screenshot is an exam ple o f a public w ebsite: Source: h ttp ://w w w .m ic ro s o ft.c o m
M o d u le 0 2 P ag e 115
Ethical H acking a n d C o u n te rm e a s u re s C opyright by EC-C0UnCil All Rights R eserved. R ep ro d u ctio n is Strictly P ro h ib ite d .
A restricted w ebsite is a w ebsite th a t is available to only a fe w people. The people may be em ployees o f an organization, m em bers o f a d ep a rtm e n t, etc. R estrictions can be applied based on the IP num ber, dom ain or subnet, username, and password. Restricted or private w ebsites of m icrosoft.com include: h ttp ://te c h n e t.m ic ro s o ft.c o m , h ttp ://w in d o w s .m ic ro s o ft.c o m , h ttp ://o ffic e .m ic ro s o ft.c o m , and h ttp ://a n s w e rs .m ic ro s o ft.c o m .
M o d u le 0 2 P ag e 116
Ethical H acking a n d C o u n te rm e a s u re s C opyright by EC-C0UnCil All Rights R eserved. R ep ro d u ctio n is Strictly P ro h ib ite d .
Hc*w*OT*<r10U0*n
M icrosoft | TechNet
Wi* I TKMCINfMS IVMUAIIOM iMMI fVINIl IK .< * < % Supl**' <
U*VKTU*I%
IKHM lM kOC
E ZESZ1
N BO U n
lUMOtt
W ACtt
U V f jm
M W .0*01
Welcome to Office
F - .
ML
with Office
365
M o d u le 0 2 P ag e 117
Ethical H acking a n d C o u n te rm e a s u re s C opyright by EC-C0UnCil All Rights R eserved. R ep ro d u ctio n is Strictly P ro h ib ite d .
o lle c t
L o c a tio n
I n f o r m
a t io n
C E H
C o lle c t L o c a tio n I n f o r m a t io n In fo rm a tio n such as physical location o f the organization plays a vital role in the hacking process. This in fo rm a tio n can be obtained using the fo o tp rin tin g technique. In a ddition to physical location, we can also collect in fo rm a tio n such as surrounding public Wi-Fi hotspots th a t may prove to be a way to break in to th e ta rg e t o rg a n iza tio n 's n e tw o rk . A ttackers w ith the know ledge o f a ta rg e t organization's location may a tte m p t d um pste r diving, surveillance, social engineering, and o th e r non-technical attacks to gather much m ore in fo rm a tio n abo u t the ta rg e t organization. Once the location o f the ta rg e t is know n, detailed sa tellite images o f the location can be obtained using various sources available on the In te rn e t such as h ttp ://w w w .g o o g le .c o m /e a rth and h ttp s://m a p s.g o o g le .co m . A ttackers can use this in fo rm a tio n to gain u n a u th o rize d access to buildings, w ired and wireless netw orks, systems, and so on. Exam ple: earth .g oo g le.co m Google Earth is a valuable to o l fo r hacking th a t allows you to fin d a location, point, and zoom in to th a t location to explore. You can even access 3D images th a t depict m ost o f the Earth in high-resolution detail.
M o d u le 0 2 P ag e 118
Ethical H acking a n d C o u n te rm e a s u re s C opyright by EC-C0UnCil All Rights R eserved. R ep ro d u ctio n is Strictly P ro h ib ite d .
* *
* Liytit
S 0 5
O S fto*
Je
& D t
5. 0
OflHory
Exam ple: m aps.google.com Google Maps provides a S treet V iew fe a tu re th a t provides you w ith a series o f images o f building, as w ell as its surroundings, including WI-FI n e tw o rks. A ttackers may use Google Maps to find or locate entrances to buildings, security cameras, gates, places to hide, w eak spots in p e rim e te r fences, and u tility resources like e le ctricity connections, to measure distance betw een d iffe re n t objects, etc. C fi h ttp s 'm a p s .g o o g le .fc
You Starch Imago* Mall Oocuinont Calondai Shot ConUctt Map
=ssa
. \ l
Google
Gt ArtcM** My piac! A oo <
FIGURE 2 .5 : G o o g le M a p s s h o w in g a S tre e t V ie w
M o d u le 0 2 P ag e 119
Ethical H acking a n d C o u n te rm e a s u re s C opyright by EC-C0UnCil All Rights R eserved. R ep ro d u ctio n is Strictly P ro h ib ite d .
P e o p le
S e a r c h
C E H
In f o r m a t io n a b o u t a n in d iv id u a l c a n b e f o u n d a t v a r io u s p e o p le s e a rc h w e b s ite s
T h e p e o p le search re tu rn s th e fo llo w in g in fo rm a tio n a b o u t a p e rs o n : S Residential addresses and email addresses Contact numbers and date of birth Photos and social networking profiles Blog URLs
frfi
PP*
! i s
2 !;
ttje
O .I*
t a n C A .U w e * * < *U
http://w w w .spokeo.com
Copyright by EG-C*ancil. All Rights Reserved. Reproduction is Strictly Prohibited.
http://pipl.com
P e o p le
S e a rc h people's email
You can use the public record w ebsites to find in fo rm a tio n about
addresses, phone num bers, house addresses, and o th e r in fo rm a tio n . Using this in fo rm a tio n you can try to obtain bank details, cre d it card details, m obile num bers, past history, etc. There are m any people search online services available th a t help find people, h ttp ://p ip l.c o m and h ttp ://w w w .s p o k e o .c o m are examples o f people search services th a t a llow you to search fo r the people w ith th e ir name, em ail, username, phone, or address. These people search services m ay p ro vid e in fo rm a tio n such as: Q O Q Residential addresses and em ail addresses Contact num bers and date o f b irth Photos and social n e tw o rkin g profiles Blog URLs Satellite pictures o f p riva te residences
M o d u le 0 2 P ag e 120
Ethical H acking a n d C o u n te rm e a s u re s C opyright by EC-C0UnCil All Rights R eserved. R ep ro d u ctio n is Strictly P ro h ib ite d .
M o d u le 0 2 P ag e 121
Ethical H acking a n d C o u n te rm e a s u re s C opyright by EC-C0UnCil All Rights R eserved. R ep ro d u ctio n is Strictly P ro h ib ite d .
E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s F o o t p r in t in g a n d R e c o n n a is s a n c e
Exam
312-50 C e r t i f i e d
E t h ic a l H a c k e r
Zoomlnfo
http://www.zoominfo.com
PeekYou
http://www.peekyou.com
Intelius
http://www.intelius.com
AnyW ho
http://www.anywho.com
PeopleSmart
&
m o I P V / > J
http://www.peoplesmart.com
People Lookup
S
WhitePages
http://www.whitepages.com
https://www.peoplelookup.com
.3 ;
P e o p le
S e a r c h
n l i n e
S e r v ic e s in fo rm a tio n
A t p r e s e n t, m a n y I n t e r n e t u s e rs a re u s in g p e o p le s e a rc h e n g in e s t o fin d
owned
p e rs o n ,
c o n ta c t
n u m b e rs,
com pany
e m a il
a d d re ss e s ,
Z a b a
S e a r c h
S o u rce : h ttp ://w w w .z a b a s e a rc h .c o m Zaba S e a rch is a p e o p le s e a rch e n g in e th a t in t h e p ro v id e s in fo rm a tio n such as a d d re ss, phone b y th e ir
n u m b e r , c u r r e n t lo c a tio n , e tc . o f p e o p le name.
US. It a llo w s y o u t o s e a r c h f o r p e o p l e
M o d u le
02 P a g e 122
E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s C o p y r ig h t b y E C -C
0U n C il
A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d .
E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s F o o t p r in t in g a n d R e c o n n a is s a n c e
Exam
312-50 C e r t i f i e d
E t h ic a l H a c k e r
Zoom
p ro fe s s io n a l
lin k s t o
v e rifie d c o n ta c t in fo rm a tio n , a n d m o re .
W _ E.
in k
P e o p le
S e a rc h
A n y W
h o
l o c a t i o n s o n l i n e . W i t h t h e h e l p o f a p h o n e n u m b e r , y o u c a n g e t a ll t h e d e t a i l s o f a n i n d i v i d u a l .
P e o p le
L o o k u p
1 2 3
P e o p le
S e a r c h
re c o rd s , p h o n e n u m b e r s , a d d re s s e s , im a g e s , v id e o s , a n d e m a il a d d re s s e s .
i n f o r m a t i o n o f p e o p l e in I n d i a a n d c i t i e s ' t o p e m p l o y e r s a n d s c h o o l s . It a l l o w s y o u t o s e a r c h f o r th e p e o p le w ith th e ir n a m e s o r u s e rn a m e s .
f o r t h e p e o p l e in U S w i t h t h e i r n a m e , a d d r e s s , p h o n e n u m b e r , o r e m a i l a d d r e s s .
M o d u le
02 P a g e 123
E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s C o p y r ig h t b y E C -C
0U n C il
A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d .
E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s F o o t p r in t in g a n d R e c o n n a is s a n c e
Exam
312-50 C e r t i f i e d
E t h ic a l H a c k e r
M o d u le
02 P a g e 124
E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s C o p y r ig h t b y E C -C
0U n C il
A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d .
E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s F o o t p r in t in g a n d R e c o n n a is s a n c e
Exam
312-50 C e r t i f i e d
E t h ic a l H a c k e r
W h ite P a g e s S o u rce : h ttp ://w w w .w h ite p a g e s .c o m W h ite P a g e s is a p e o p l e se a rc h e n g in e th a t p ro v id e s in fo rm a tio n about p e o p le by nam e and
lo c a tio n . U s in g t h e p h o n e n u m b e r , y o u c a n f in d t h e p e r s o n 's a d d re s s .
M o d u le
02 P a g e 125
E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s C o p y r ig h t b y E C -C
0U n C il
A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d .
E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s F o o t p r in t in g a n d R e c o n n a is s a n c e
Exam
312-50 C e r t i f i e d
E t h ic a l H a c k e r
C E H
http://www.Iinkedin.com
towpm 1*
I M S * http://twitter.com https://plus,google,com
Copyright by EG-G(IIIICil. All Rights Reserved. Reproduction is Strictly Prohibited.
P e o p le
S e a r c h
o n
S o c ia l
e t w
o r k i n g
S e r v ic e s
n e t w o r k s o r s o c i a l r e l a t i o n s a m o n g p e o p l e . T h e s e w e b s i t e s p r o v i d e i n f o r m a t i o n t h a t is p r o v i d e d b y u se rs. H e re , p e o p le a re d ir e c tly o r in d ir e c tly re la te d t o e a c h o th e r b y c o m m o n in te re s t, w o r k lo c a tio n , o r e d u c a tio n a l c o m m u n itie s , e tc . S o c ia l n e t w o r k i n g s ite s a l l o w a re u p d a te d in rea l tim e . and p e o p le t o s h a re in f o r m a t io n q u ic k ly a n d e f f e c tiv e ly as th e s e s ite s u p d a tin g fa c ts about u p c o m in g o r c u rr e n t e v e n ts , s ite s p ro v e rece n t to be a
It a llo w s
a n n o u n c e m e n ts
in v ita tio n s ,
and
so o n . T h e r e f o r e , s o c ia l
n e tw o rk in g
M o d u le
02 P a g e 126
E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s C o p y r ig h t b y E C -C
0U n C il
A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d .
E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s F o o t p r in t in g a n d R e c o n n a is s a n c e
Exam
312-50 C e r t i f i e d
E t h ic a l H a c k e r
F a c e b o o k S o u rce : h ttp ://w w w .fa c e b o o k .c o m F a c e b o o k a llo w s y o u t o s e a rc h f o r p e o p le , t h e ir f r ie n d s , c o lle a g u e s , a n d p e o p le liv in g a ro u n d th e m and o th e rs w ith w hom th e y a re a ffilia te d . In a d d itio n , y o u can a ls o fin d th e ir
p ro fe s s io n a l in fo r m a tio n
s u c h as t h e ir c o m p a n y o r b u s in e s s , c u r r e n t lo c a tio n , p h o n e
n u m b e r,
e m a i l ID , p h o t o s , v i d e o s , e t c . It a l l o w s y o u t o s e a r c h f o r p e o p l e b y u s e r n a m e o r e m a i l a d d r e s s .
Carmen f lectra
Anefere of *emd-wett. Carmen grew near Cmanno. 900. and got her frtt bM* whan a tcout for *nnce apottod her danang and e*ed her to come and audfton for
Canan wroto a book, >to* toBeSexy'wfvtftwat pubftrfted by Random Houae. In book Carman conveyi *tat a sold t*d*rtandng f one vw alf a cora
Canoe* a Mothe fe e of Me* factor ,a brand that a W t J *moot 100 year! ago and nwedetaJy Mad to > 10 1aod1 *oat beeutAJ facaa. Carmen' partner*? Me! factor V a tu rt n rv and pm M!r
FIGURE 2.7: Facebook a social networking service to search for people across the world
L in k e d ln
1
o f c o m p a n y , c u r r e n t lo c a tio n , a n d
b u t t o u s e L in k e d ln y o u n e e d t o b e r e g is t e r e d w i t h t h e s ite .
M o d u le
02 P a g e 127
E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s C o p y r ig h t b y E C -C
0U n C il
A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d .
E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s F o o t p r in t in g a n d R e c o n n a is s a n c e
Exam
312-50 C e r t i f i e d
E t h ic a l H a c k e r
T w itte r
is
s o c ia l
n e tw o rk in g
s e rv ic e
th a t
a llo w s
p e o p le
to
send
and
re a d
te x t
m essages
( t w e e t s ) . E v e n u n r e g is t e r e d u s e rs c a n r e a d t w e e t s o n t h is s ite .
M o d u le
02 P a g e 128
E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s C o p y r ig h t b y E C -C
0U n C il
A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d .
E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s F o o t p r in t in g a n d R e c o n n a is s a n c e
Exam
312-50 C e r t i f i e d
E t h ic a l H a c k e r
re a l life . Y o u c a n g ra b a lo t o f u s e fu l in f o r m a t io n a b o u t u s e rs f r o m t h e ir s y s te m s .
th is s ite a n d u s e it t o
M o d u le
02 P a g e 129
E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s C o p y r ig h t b y E C -C
0U n C il
A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d .
E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s F o o t p r in t in g a n d R e c o n n a is s a n c e
Exam
312-50 C e r t i f i e d
E t h ic a l H a c k e r
C E H
( > ^
a t h e r
I n f o r m
a t i o n
f r o m
F i n a n c i a l
S e r v ic e s
o n e s e r v i c e t o t h e n e x t . In o r d e r t o
a v a il t h e m s e lv e s o f s e rv ic e s s u c h as e - m a il a le r t s a n d p h o n e a le rts , u s e rs n e e d t o r e g is t e r o n t h e fin a n c ia l h a c k in g . M any fin a n c ia l firm s re ly can on web access, p e rfo rm in g and p riv a te tra n s a c tio n s , in fo rm a tio n of and user access to th e ir s e rv ic e s . T h is g iv e s an o p p o rtu n ity fo r an a tta c k e r to g ra b u s e fu l in fo rm a tio n fo r
a c c o u n ts .
A tta c k e rs
o b ta in
s e n s itiv e
u s e rs
u s in g
in fo rm a tio n
t h e f t , k e y lo g g e rs , e tc . A tta c k e r s ca n e v e n g ra b th is in f o r m a t io n a n d e x p lo it it w i t h t h e
b y im p le m e n tin g c y b e rc rim e s ,
h e lp o f n o n - v u ln e r a b le th r e a ts ( s o ftw a r e d e s ig n f la w e x a m p le ; b re a k in g
M o d u le
02 P a g e 130
E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s C o p y r ig h t b y E C -C
0U n C il
A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d .
E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s F o o t p r in t in g a n d R e c o n n a is s a n c e
Exam
312-50 C e r t i f i e d
E t h ic a l H a c k e r
M o d u le
02 P a g e 131
E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s C o p y r ig h t b y E C -C
0U n C il
A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d .
E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s F o o t p r in t in g a n d R e c o n n a is s a n c e
Exam
312-50 C e r t i f i e d
E t h ic a l H a c k e r
Urt1fw4
C E H
ilh iu l lUtbM
L o o k fo r th e se :
e 6 Job req u irem en ts Em ployee's profile
A C H |
En:ep3 Applicators EngincerfCBA Aboa Us Sanre ISfti. t * WarJ k Bc\v Faraiy c ( nnpjw t h.r ht>rornuylmc bowmt to inlxtp-l'adin( *slutkm in even *wt of andlwrwflft tvHikuk *vl fu rirc w rt arr>^< to th* tcol< rnvl tfthiology rijtfhWp fcffli aireeed V * o il if pmvSnj. "Smice of 1 ' .> *1* Fxrflmr ' W t eitaxi ths 1aoe fe\el of Mrvke our aosl *witm* aisrt otr u iv k tu v V { otf Tftprttr. r lastnri and benefits, but out tbrtiztli it on timJ iltu f We fosta a cisual but h*d uoriar.fi mwcnrxctt. ottmizt ftn
position larorauTio
! 0
E x a m p le s o f J o b W e b s it e s
AwnW m l <nf|W o* Ihiw afpW -tmon tnA-.i nri for rorpotafr 141 "Tm n.lV> hi* it nit 'nrit^l 1! Vfcrtoti'rt US. VfrtowA . rt: 0 an4 t'nAH Vfotigag. Nfirtotoft ShatrPomt Cnrm TUm VUtou* CRM \ - | > M il Smrt 200< m <1200S Tram FoaJatM 'fO t aid 201(1, MiniwA SC0M. 1 \rinflopwl * 4 m n and r*vn \rtw r nvk ** 'rt?rd by Ihe ompnv ot K K M r d bldb ?00B3a1r|u1n tla*g kiuwtr tlg< oCWfcxJcwt vn 2COV2008 Actvr Oarv u MkanMMUjodndnctuitkaig (TCP IP vo4.DS'S *kIDHCP! Mu-.; k*r>c ; i pmciL t vM h. ju l >out|j wmU^ k n e w u f NOciuvjH SQL 2303 aul :0)8 Vkiwud 01 ( #^ * lyxcai. WiumA 5>ka1rP.t. MkicxA CRM dul NLlivmA SCOM Mint !m <c P jdc* C aui Povct SbcB*.1Iftiikj .!* ladw( amlNctwuak fiaWu.luc l> c> t co . c'iocjcb. SQL etc xvl cr MCTS, MCSE * lu lu CdutiUa Siiaicc u Network ttn n; or <q avd<t
1 0 0
C0N1AU IMOMMAIMI
h ttp ://w w w .m on ster.com h ttp ://w w w .ca reerb u ild er.com h ttp ://w w w .d ice .co m h ttp ://w w w .sim p lyh ire d .co m * ^
1 1
1 1
t h r o u g h v a lu a b le
J o b
g a th e r
in fo rm a tio n
in fra s tr u c tu r e jo b s ite s
d e ta ils , a n d
d a ta b a s e
schem a
o rg a n iz a tio n , th r o u g h upon th e p o s te d
u s in g
d iffe re n t
te c h n iq u e s .
D e p e n d in g
s tu d y th e
c o m p a n y . M o s t o f th e
k e y e m p l o y e e s lis t w i t h t h e i r e m a il a d d r e s s e s . T h is i n f o r m a t i o n an a tta c k e r . F o r e x a m p le , if a c o m p a n y w a n ts t o
m a y p ro ve to
h ire a p e rs o n f o r a N e t w o r k A d m in is t r a t io n
jo b , it p o s ts t h e r e q u ir e m e n t s r e la te d t o t h a t p o s itio n .
M o d u le
02 P a g e 132
E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s C o p y r ig h t b y E C -C
0U n C il
A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d .
E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s F o o t p r in t in g a n d R e c o n n a is s a n c e
Exam
312-50 C e r t i f i e d
E t h ic a l H a c k e r
MD
17123M546706 42319173004
JofcSUhn
rT/S * a r e Development
,gitfgiT.te g > ______________ Support using VWndows ncto*ng V M Directory 2003. SMS. SUS. C1 SOL Server. SOL C M * * . Ewhange 55. Eahange 2003. VH ware. Vertas backup i04wir. h court and M n securty. [ Recwery wivkm . RMO technologies. and Fre/SAN <*s*
K M lo rU
5 or more years experience wortang n IT *nplemerAng and supportng a glottal business > Pnor npenerxt r Wppdtng a global W dM I St r m and Doma* Infrastoxtiire *nplementng and supportng D w lw y. C#t> Metalrame. SOL Server. SOL Ctaster. DNS. DHCP. WHS. and Etthange 2003 m an Enlerpnse ecMronmert Vny strong systems toutirsiioolng staffs Eipenenc* m provMkng 24-hour support to a global enlerpnse as part of an orvcal rotaton Effectwe interpersonal staffs wdh fie abffffr to be persuasae OVwr staffs Bmttng Effect** Teams. Acton Onerted Pttr Relaffonships, Customer Focus. Pnortr Seteng. ProWeffi SoMng, and Business Acumen Bachelor**** Degree or equivalent eipenence MCSE (2003) certtcafton a plus. Cffra Certffkabon a plus
U s u a lly a tta c k e r s lo o k f o r t h e f o llo w in g in f o r m a t io n : Job re q u ire m e n ts E m p lo y e e 's p r o file H a rd w a re in fo rm a tio n S o ftw a re in fo rm a tio n
E x a m p le s o f jo b w e b s ite s in c lu d e : Q Q S CD S Q
M o d u le
h ttp / / w w w .in d e e d .c o m h t t p / / w w w . u s a jo b s .g o v
02 P a g e 133
/ / w w w .s im p lv h ire d .c o m
E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s C o p y r ig h t b y E C -C
0U n C il
A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d .
E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s F o o t p r in t in g a n d R e c o n n a is s a n c e
Exam
312-50 C e r t i f i e d
E t h ic a l H a c k e r
C E H
E x a m p le s of A lert S e rv ic e s
o n i t o r i n g a re th e on
T a r g e t s c o n te n t
U s i n g
A l e r t s th a t p ro v id e a u to m a te d u p -to -d a te
A le rts
m o n ito rin g
s e rv ic e s
in fo rm a tio n
based
your
p re fe re n c e ,
u s u a lly v ia
e m a il
or SMS.
In o r d e r t o
g e t a le rts , y o u
I ^ jl
G o o g le
A le r ts
S o u rce : h ttp ://w w w .g o o g le .c o m /a le r ts G o o g le A le rts is a c o n te n t m o n ito rin g s e rv ic e th a t a u to m a tic a lly n o tifie s u s e rs when new
c o n te n t fro m
n e w s , w e b , b lo g s , v id e o , a n d / o r d is c u s s io n g r o u p s m a tc h e s a s e t o f s e a rc h t e r m s
s e le c te d b y th e u s e r a n d s to re d b y th e G o o g le A le rts s e rv ic e . G o o g l e A l e r t s a id s in m o n i t o r i n g a d e v e l o p i n g n e w s s t o r y a n d k e e p i n g c u r r e n t o n a c o m p e t i t o r o r in d u s try .
M o d u le
02 P a g e 134
E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s C o p y r ig h t b y E C -C
0U n C il
A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d .
E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s F o o t p r in t in g a n d R e c o n n a is s a n c e
Exam
312-50 C e r t i f i e d
E t h ic a l H a c k e r
C o o g i A lert Security N ew *
o o g l e
A le rts
Tkta New
27new results j
Security News
S e a rch query
S e c u rity N ew s
N#vr Yoric Time* BEIRUT Lebanon The hilling on Wednesday of President Bashat al-Assads key security aides a brazen bombog attack close to Mr Assads own resdnce. called HYaft Trei into question the ability of a government that depends on an insular group of loyalists to S t t ! ?ft te a t r
R e su lt type
Everything
San Jose Mercury Mews Turns out < Mas 3s easy as using a rug to scale a razor *iro topped security fence at a small Utah arpoit in the rroddie cf night slipping past security bearding an idle empty S0-passeog?r SlcyWest Airhnes )t and rewng up the engines. He Clashed the ...
? te n t; gn thi? .
How often
Once a day
H ow many:
5 1 9 ?tpnts ? .h?
>
Your email
CREATE ALERT
W al Street Journal BEIRUTSyrian rebels pierced the innermost circle 0 1 President Bashar a -Asssds regime wKh a bomb blast that kiled thiee riigh-lewl officials and raised questions about the aMity of the courftry's security forces to sustain the embattled government Syne
w ii stmt a <
h t t p : / / w w w . g ig a a le r t . c o m : th e s e a re t w o m o r e e x a m p le s o f a le r t s e rv ic e s .
M o d u le
02 P a g e 135
E t h i c a l H a c k i n g a n d C o u n t e r m e a s u r e s C o p y r i g h t b y E C - C O lM C il A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d .
E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s F o o t p r in t in g a n d R e c o n n a is s a n c e
Exam
312-50 C e r t i f i e d
E t h ic a l H a c k e r
Footprinting Methodology
Footprinting through Search Engines Website Footprinting
C E H
WHOIS Footprinting
DNS Footprinting
Email Footprinting
Network Footprinting Footprinting through Social Engineering Footprinting through Social Networking Sites
Competitive Intelligence
F o o t p r i n t i n g
s u c h as n a m e s a n d c o n ta c t d e ta ils o f c h ie f
w e b s ite s , th e
M o d u le
02 P a g e 136
E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s C o p y r ig h t b y E C -C
0U n C il
A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d .
E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s F o o t p r in t in g a n d R e c o n n a is s a n c e
Exam
312-50 C e r t i f i e d
E t h ic a l H a c k e r
W e b s ite F o o t p r in t in g
Information obtained from target's website enables an attacker to build a detailed map of website's structure and architecture
C E H
details
Use Zaproxy, Burp Suite, Firebug, etc. to view headers that provide:
w ~ t; Connection status and content-type Accept-Ranges Last-Modified information X-Powered-By information Web server in use and its version
e b s i t e p o s s ib le
I t is
a r c h i t e c t u r e w i t h o u t ID S b e i n g t r i g g e r e d o r w i t h o u t r a i s i n g a n y s y s a d m i n s u s p i c i o n s . It c a n b e a c c o m p lis h e d e i t h e r w i t h t h e h e lp o f s o p h is t ic a t e d f o o t p r i n t i n g t o o ls o r j u s t w i t h t h e b a s ic t o o ls t h a t c o m e a lo n g w it h th e o p e r a tin g s y s te m , s u c h as t e ln e t a n d a b r o w s e r . U s i n g t h e N e t c r a f t t o o l y o u c a n g a t h e r w e b s i t e i n f o r m a t i o n s u c h a s IP a d d r e s s , r e g i s t e r e d n a m e a n d a d d re s s o f th e d o m a in o w n e r, d o m a in m ay not g iv e a ll th e s e d e ta ils fo r e ve ry n a m e , h o s t o f t h e s ite , O S d e ta ils , e tc . B u t t h is t o o l s ite . In such cases, you s h o u ld b ro w se th e ta rg e t
w e b s ite . B ro w s in g th e ta r g e t w e b s ite w ill p ro v id e y o u w ith th e fo llo w in g in fo r m a tio n : Q S o ftw a re used and its v e r s i o n : Y o u can fin d n o t o n ly th e s o ftw a re in u s e b u t a ls o t h e
m a k i n g a n o t e o f a ll t h e U R L s w h i l e b r o w s i n g t h e t a r g e t w e b s i t e .
M o d u le
02 P a g e 137
E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s C o p y r ig h t b y E C -C
0U n C il
A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d .
E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s F o o t p r in t in g a n d R e c o n n a is s a n c e
Exam
312-50 C e r t i f i e d
E t h ic a l H a c k e r
F ile n a m e ,
p a th ,
d a ta b a s e
fie ld
nam e,
or
q u e ry :
You
s h o u ld
a n a ly z e
a n y th in g
a fte r
q u e r y t h a t lo o k s lik e a f i le n a m e , p a t h , d a t a b a s e f ie ld n a m e , o r q u e r y c a r e f u lly t o c h e c k w h e t h e r it o ffe rs o p p o r t u n it ie s f o r SQ L in je c tio n . - S c rip tin g p la tfo rm : W ith th e h e lp o f th e s c rip t file n a m e e x te n s io n s su ch as .p h p , .a s p ,
U R L r e w r i t i n g in o r d e r t o d is g u is e t h e
In t h i s c a s e , y o u n e e d t o p u t l i t t l e m o r e e f f o r t t o d e t e r m i n e t h e s c r i p t i n g p l a t f o r m . U s e P a ro s P ro x y , B u r p S u ite , F ire b u g , e tc . t o v i e w h e a d e r s t h a t p r o v id e : Q Q Q C o n n e c tio n s ta tu s a n d c o n te n t-ty p e A c c e p t-ra n g e s L a s t-M o d ifie d in fo r m a tio n X -P o w e re d -B y in fo rm a tio n W e b s e r v e r in u s e a n d its v e r s i o n
FIGURE 2.14: Burp Suite show ing headers o f packets in th e in fo rm a tio n pane
M o d u le
02 P a g e 138
E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s C o p y r ig h t b y E C -C
0U n C il
A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d .
E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s F o o t p r in t in g a n d R e c o n n a is s a n c e
Exam
312-50 C e r t i f i e d
E t h ic a l H a c k e r
W e b s it e F o o t p r i n t i n g
( C o n t d )
Urt1fw4
C E H
ilh iu l lUtbM
e b s i t e
F o o t p r i n t i n g
( C
o n t d )
b a c k g r o u n d . T h is m a y e v e n p r o v id e c o n t a c t d e ta ils o f t h e w e b
e x is te n c e o f h id d e n
s c rip t w o rk s .
M o d u le
02 P a g e 139
E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s C o p y r ig h t b y E C -C
0U n C il
A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d .
E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s F o o t p r in t in g a n d R e c o n n a is s a n c e
Exam
312-50 C e r t i f i e d
E t h ic a l H a c k e r
T
V e w j u < e w w w j n <rc.
ft
f t
\ A I
1 1
1 1
tl }
FIGURE 2 .1 5 : S c re e n s h o t s h o w in g M ic ro s o ft s c rip t w o rk s
E x a m in e c o o k ie s s e t b y t h e s e r v e r t o d e t e r m i n e t h e s o f t w a r e r u n n i n g a n d its b e h a v i o r . Y o u c a n a ls o i d e n t i f y t h e s c r i p t in p l a t f o r m s b y o b s e r v i n g s e s s io n s a n d o t h e r s u p p o r t i n g c o o k i e s .
Cook** ar*d site data Sit OdyM < u(1(y.(0<n 100bcttbuy.com Locally stored data 3 (oobn 2 coobes Remove fl Search cookies
Nme Content.
_utmx 192B742S2.1342a4622.1.1 utmcs lOOmoney n|utmccn (rfen*l>futmcmd=refen*ljutmcct' lendmg/moneydeel >*> .100bestbuy.com / Aity bnd of connection Yes Monday. Juty 1 6 . 2012 &S3^1 AM Mondey. Jjnu.ry U. 2013 *5341 PM y
Domim Pth Send for Accrv.4>teto script Created bp**: Remove www.tOObestbuy.com www.100nests.com 125rf.com www.t23d.com 1cookie 1 cook* }cobet 2 cootaes. Local storage
v OK
M o d u le
02 P a g e 140
E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s C o p y r ig h t b y E C -C
0U n C il
A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d .
E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s F o o t p r in t in g a n d R e c o n n a is s a n c e
Exam
312-50 C e r t i f i e d
E t h ic a l H a c k e r
M i r r o r i n g E n t ir e W e b s ite
J Mirroring an entire website onto the local system enables an attacker to dissect and identify vulnerabilities; it also assists in finding directory structure and other valuable information without multiple requests to web server Web mirroring tools allow you to download a website to a local directory, building recursively all directories, HTML, images, flash, videos, and other files from the server to your computer
CEH
O rig in a l W e b site
M irro re d W e b s ite
Copyright by EG-G(IIIICil. All Rights Reserved. Reproduction is Strictly Prohibited.
i r r o r i n g
a n
E n t i r e
e b s i t e o f th e o rig in a l w e b s ite . to d o w n lo a d a
W e b s ite T h is c a n
m irro rin g th e
is t h e h e lp
p ro c e s s o f c r e a tin g a n e x a c t re p lic a
be d o n e w ith
of web
m ir r o r in g to o ls . T h e s e to o ls a llo w y o u
w e b s i t e t o a lo c a l d i r e c t o r y , r e c u r s i v e l y b u i l d i n g a ll d i r e c t o r i e s , H T M L , i m a g e s , f l a s h , v i d e o s a n d o t h e r file s f r o m th e s e rv e r to y o u r c o m p u te r.
W e b s ite m ir r o r in g has th e f o llo w in g b e n e fits : Q I t is h e l p f u l f o r o f f l i n e s i t e b r o w s i n g . W e b s i t e m i r r o r i n g h e lp s in c r e a t i n g a b a c k u p s it e f o r t h e o r i g i n a l o n e . Q Q A w e b s ite c lo n e c a n b e c re a te d . W e b s ite m irro rin g is u s e fu l to te s t th e s ite at th e tim e of w e b s ite d e s ig n and
d e v e lo p m e n t. Q I t is p o s s i b l e t o d i s t r i b u t e t o m u l t i p l e s e r v e r s i n s t e a d o f u s i n g o n l y o n e s e r v e r .
M o d u le
02 P a g e 141
E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s C o p y r ig h t b y E C -C
0U n C il
A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d .
E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s F o o t p r in t in g a n d R e c o n n a is s a n c e
Exam
312-50 C e r t i f i e d
E t h ic a l H a c k e r
O rig in a l W e b s ite
M irro re d W e b s ite
M o d u le
02 P a g e 142
E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s C o p y r ig h t b y E C -C
0U n C il
A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d .
E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s F o o t p r in t in g a n d R e c o n n a is s a n c e
Exam
312-50 C e r t i f i e d
E t h ic a l H a c k e r
W e b s i t e M i r r o r i n g T o o ls
CEH
e b s i t e
i r r o r i n g
T o o ls
H T T r a c k
W e b
S ite
C o p ie r
S o u rce : h ttp ://w w w .h ttr a c k .c o m H T T r a c k is a n o f f l i n e b r o w s e r u t i l i t y . I t a l l o w s y o u t o d o w n l o a d a W o r l d W i d e W e b s i t e f r o m t h e In te rn e t to a lo c a l d ire c to ry , b u ild in g re c u rs iv e ly a ll d ire c to rie s , g e ttin g HTM L, im a g e s , and
o t h e r file s f r o m
m i r r o r e d s ite , a n d r e s u m e in t e r r u p t e d d o w n lo a d s .
M o d u le
02 P a g e 143
E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s C o p y r ig h t b y E C -C
0U n C il
A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d .
E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s F o o t p r in t in g a n d R e c o n n a is s a n c e
Exam
312-50 C e r t i f i e d
E t h ic a l H a c k e r
Sjy lo < ^
M i s i. N
Bi
Wormetion ByletM ved Tim Tmnrfer rat Act** com ectcr* 992*6 221 / > 59&/( 2 Im fcsK jn rv d Ftecpd*ed 2/2 0 0
8 ) i. p I
W (Action
"WBtwirconi
"
cont4wcon <
and
d o w n lo a d w e b
A fte r
d o w n lo a d in g
SurfOffline Professional 2.1 Unregistered trial version. You have 30 day(s) left
8rowver HHp
I ** 1 1 x
iL
O Promts
Zi
Hi> O
O Q j j
1m 1: http:.'/www-juggyb...
P fo y w i
Set 0 0 0
Loaded b y t 0 0 0
2: http7/www^u9gyb
J: http--//www.; 1 >ggyb... * http,/ / www /uggyfe..
S : http://wwwjuggyb .
_______________________S>m.g 0
0 0
10*6*4 11
0 0 Queued S1
Connecting Connecting
M o d u le
02 P a g e 144
E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s C o p y r ig h t b y E C -C
0U n C il
A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d .
E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s F o o t p r in t in g a n d R e c o n n a is s a n c e
Exam
312-50 C e r t i f i e d
E t h ic a l H a c k e r
B la c k W id o w
is a w e b s i t e s c a n n e r f o r b o t h e x p e r t s a n d b e g i n n e r s .
It s c a n s w e b s i t e s ( it's a s ite
r i p p e r ) . It c a n d o w n l o a d a n e n t i r e w e b s i t e o r p a r t o f a w e b s i t e . It w i l l b u i l d a s it e s t r u c t u r e f ir s t , a n d t h e n d o w n l o a d s . It a llo w s y o u t o c h o o s e w h a t t o d o w n l o a d f r o m th e w e b s ite .
M o d u le
02 P a g e 145
E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s C o p y r ig h t b y E C -C
0U n C il
A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d .
E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s F o o t p r in t in g a n d R e c o n n a is s a n c e
Exam
312-50 C e r t i f i e d
E t h ic a l H a c k e r
l W M
M a o w A C o t p o r j B o n S c f t m n . V i w l c t o n n O r t n r G m v Clau d C a n c u in a It l u v n r t i T t t n o io v r O om H o^t
^ [() 0|V
' f j l t n g liw 1* m
U h jh
2J***'
S **
W e lc o m e t o M ic ro s o ft
* o* u cta
0 0
e *d
S*o^
Support
wy
v id e o s , a u d io , a n d e x e c u ta b le d o c u m e n ts f r o m t o f o l l o w t h e lin k s in a ll d i r e c t i o n s f r o m
a n y w e b s ite . W e b R ip p e r uses s p id e r - te c h n o lo g y
t h e s ta r t- a d d r e s s . It filte r s o u t t h e in t e r e s t in g file s , a n d
t h e d o w n lo a d e d lin k s c a n a ls o b e r e s t r ic t e d b y k e y w o r d s t o a v o id w a s t in g y o u r b a n d w i d t h .
H!Ixl ^|%|
F < xsy3M m fiwemgW SucceeAiMee fM ta
0S am sonS oft
Seemed page Sutfcv*
S elected!ot
^ T a rg e te d [w w w !u q q y b o y c o m )634782117892930200
O owteed* |
S o d t n|
| Log
\
W e b R ip p e r
Th e ultim ate tool fo r wehsite ripping
Stje Rcojetfng header ReojeCng header f'egjeang herter Reaietfrg header Kcojetfng header
Cp W car, * p e tix T c tr 5ng C p 1 wti p jy o y cot n. conrw. f mp WwfjgyK-y comvjxwwonShewe* e. tip /w pgsftcy car. ltd rflp/Afww^jggytoy camHe* artarxatrtage*.
001W Mai
0 12KES
M o d u le
02 P a g e 146
E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s C o p y r ig h t b y E C -C
0U n C il
A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d .
E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s F o o t p r in t in g a n d R e c o n n a is s a n c e
Exam
312-50 C e r t i f i e d
E t h ic a l H a c k e r
W e b s i t e M i r r o r i n g T o o ls
( C o n t d )
(E H
Urt.fi* | ttk.ul M m Im
PageNest
http://www.pagenest.com
Teleport Pro
http://www.tenmax.com
Backstreet Browser
http://www.spadixbd.com
__ ,
GNU Wget
http://www.gnu.org
iMiser
http://internetresearchtool.com
I 2A Z J
Hooeey Webprint
http://www.hooeeywebprint.com
W In
e b s i t e a d d itio n to
i r r o r i n g w e b s ite
T o o l s
( C to o ls
o n t d ) m e n tio n e d p re v io u s ly , a fe w m o re w e ll-
th e
m irro rin g
k n o w n to o ls a re m e n tio n e d as fo llo w s : 9 Q Q 0 9 W e b is te R ip p e r C o p ie r a v a ila b le a t h t t p : / / w w w . t e n s o n s . c o m T e le p o r t P ro a v a ila b le a t h t t p : / / w w w . t e n m a x . c o m P o rta b le O fflin e B r o w s e r a v a ila b le a t h t t p : / / w w w . m e t a p r o d u c t s . c o m P ro x y O fflin e B r o w s e r a v a ila b le a t h t t p : / / w w w . p r o x y - o f f lin e - b r o w s e r . c o m iM is e r a v a ila b le a t h t t p :/ / in t e r n e t r e s e a r c h t o o l.c o m P a g e N e s t a v a ila b le a t h t t p : / / w w w . p a g e n e s t . c o m B a c k s tre e t B r o w s e r a v a ila b le a t h t t p : / / w w w . s p a d ix b d . c o m O fflin e E x p lo re r E n te rp ris e a v a ila b le a t h t t p : / / w w w . m e t a p r o d u c t s . c o m G N U W g e t a v a ila b le a t h t t p : / / w w w . g n u . o r g H o o e e y W e b p r in t a v a ila b le a t h t t p : / / w w w . h o o e e y w e b p r in t . c o m
M o d u le
02 P a g e 147
E t h i c a l H a c k i n g a n d C o u n t e r m e a s u r e s C o p y r i g h t b y E C - C O U I I C il A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d .
E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s F o o t p r in t in g a n d R e c o n n a is s a n c e
Exam
312-50 C e r t i f i e d
E t h ic a l H a c k e r
E x t r a c t h t t p :7 / w
W w
e b s i t e w
I n f o r m
a t i o n
f r o m
---------------A rc h iv e
. a r c h i v e . o r g
is a n I n t e r n e t A r c h i v e W a y b a c k M a c h i n e t h a t a l l o w s y o u t o v i s i t a r c h i v e d v e r s i o n s o f
M o d u le
02 P a g e 148
E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s C o p y r ig h t b y E C -C
0U n C il
A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d .
E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s F o o t p r in t in g a n d R e c o n n a is s a n c e
Exam
312-50 C e r t i f i e d
E t h ic a l H a c k e r
~ \~
wayback.arch1vc.org'.)C : rosottxon G o W a y to a c k l
ii
\
J!" *
!' '
! http://microsoft.com
1.h
3 9 10 11
18
7 8
14 15
9 1 16 17
ft
10 11 12
12 13
14
15
13
131415517 18
20 212223 24 25
1 0
17 24
1 11 2 13
18 19 20 23 26 27
14 15 16
21 22 28 29
16 17
19 J0j21
22
20 27
21 22 23 24
28
23 30
23 24 25 26 7 28 29
30
2758293
31
M AY
1
15
23
45 12
7
14
9 1 0 )1 1
16 17 23 24 30 31
13
20 27
5
12 19 26
ft
<
10 17 )4
11 18 10 17 24 11 12 13 1 1 20 75 26 27 U 21 2 15 22 29 16 23 30 14 31 ?8 15 22 29
18 19 26 26
21
28
13 14 15 16
20 21 ?2 2)
22 29
25
27 28 29 3
FIGURE 2 .2 2 : In te r n e t A rc h iv e W a y b a c k M a c h in e s c re e n s h o t
M o d u le
02 P a g e 149
E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s C o p y r ig h t b y E C -C
0U n C il
A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d .
E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s F o o t p r in t in g a n d R e c o n n a is s a n c e
Exam
312-50 C e r t i f i e d
E t h ic a l H a c k e r
WebSite-Watcher 2012(112) goot/narks hck Took Jcnpt Qptioni y*ew fcjelp Byy Now
.cockmartcwsw.
28 days available
a|
ll^ rs
11 1
Statu* Warning: wtiole content _ CK. mibafccril Redirection OK CK.php882 Plugin ptoC m . Last check 1 5 :1 -4 2012-07-18 16:2*33 2008-10-07 15:4*30 2008-10-07 15:44:49
change SignIn http:Vww1 A t.hotm ail.com fAcrosoft Corpotatioru Software ... http://www.rn!uoicft com 2012-07-18 1&2&22 W ebSe-W atchf - Download http-7/www a^necom'dovmlea 200-10-07 15515-27 WebSrte-W atcher - Support Forum http:/' vww.a gne .com'fovn'1 - 20CS-10-C7 15744:4s
W e b S ite - W a tc h e
H chpp rpjjuw Scfp^rwhot*; VWo< Cown<o.*d'.
e. S la y In
Buy Now S i i o noft
|w > rrf | ( o M B)
Page
Tt
Analyse
h ttp : //a ig n e s .c o m
o n i t o r i n g
e b
U p d a t e s
U s i n g
e b s i t e
a t c h e r
S o u rce : h ttp ://w w w .a ig n e s .c o m W e b s i t e W a t c h e r is u s e d t o an u p d a te or change k e e p tr a c k o f w e b s ite s f o r u p d a te s a n d a u to m a tic c h a n g e s . W h e n W a tc h e r a u to m a tic a lly d e te c ts and saves th e la s t t w o
o cc u rs , W e b s ite
M o d u le
02 P a g e 150
E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s C o p y r ig h t b y E C -C
0U n C il
A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d .
E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s F o o t p r in t in g a n d R e c o n n a is s a n c e
Exam
312-50 C e r t i f i e d
E t h ic a l H a c k e r
M o d u le
02 P a g e 151
E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s C o p y r ig h t b y E C -C
0U n C il
A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d .
E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s F o o t p r in t in g a n d R e c o n n a is s a n c e
Exam
312-50 C e r t i f i e d
E t h ic a l H a c k e r
Footprinting Methodology
Footprinting through Search Engines Website Footprinting
C E H
WHOIS Footprinting
DNS Footprinting
Email Footprinting
Network Footprinting Footprinting through Social Engineering Footprinting through Social Networking Sites
Competitive Intelligence
F o o t p r i n t i n g
e t h o d o l o g y
WHOIS Footprinting
DNS Footprinting
T h is
s e c tio n
d e s c rib e s
how
to
tra c k
e m a il c o m m u n ic a tio n s ,
how
to
c o lle c t in fo r m a tio n
fro m
e m a il h e a d e rs , a n d e m a il tr a c k in g to o ls .
M o d u le
02 P a g e 152
E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s C o p y r ig h t b y E C -C
0U n C il
A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d .
E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s F o o t p r in t in g a n d R e c o n n a is s a n c e
Exam
312-50 C e r t i f i e d
E t h ic a l H a c k e r
\ tm
Attacker tracks email to gather info rm a tio n ab o ut the physical location o f an in d ivid u a l to perform social engineering th a t in tu rn may help in m apping ta rg e t organization's n e tw o rk Email tracking is a m ethod to m o n ito r and spy on th e delivered em ails to the intended recipient
When the email was received and read Set messages to expire after a specified time GPS location and map of the recipient
Track PDF and other types of attachments Whether or not the recipient it visited any links sent to them
T r a c k i n g
a i l
o m
u n i c a t i o n s
E x a m p le s
Geolocation: -
E s tim a te s a n d d is p la y s t h e
lo c a tio n
o f th e
re c ip ie n t o n th e
m ap and m ay
e v e n c a lc u la te d is ta n c e f r o m y o u r lo c a tio n .
Read duration:
th e se n d er.
T h e d u ra tio n o f tim e s p e n t b y th e re c ip ie n t o n re a d in g th e m a il s e n t b y
Proxy detection:
P ro v id e s in f o r m a t io n a b o u t t h e t y p e o f s e rv e r u s e d b y t h e r e c ip ie n t. check w h e th e r th e lin k s s e n t t o t h e re c ip ie n t th ro u g h e m a il h a ve
Q Links:
A llo w s y o u to
b e e n c h e c k e d o r n o t.
M o d u le
02 P a g e 153
E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s C o p y r ig h t b y E C -C
0U n C il
A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d .
E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s F o o t p r in t in g a n d R e c o n n a is s a n c e
Exam
312-50 C e r t i f i e d
E t h ic a l H a c k e r
used by fin d in g
l o o p h o l e s in t h a t p a r t i c u l a r o p e r a t i n g s y s t e m .
Q Forward email:
W h e th e r o r n o t th e
e m a il s e n t t o y o u
is f o r w a r d e d
to
a n o th e r p e rs o n
c a n b e d e t e r m in e d e a s ily b y u s in g th is to o l.
M o d u le
02 P a g e 154
E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s C o p y r ig h t b y E C -C
0U n C il
A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d .
E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s F o o t p r in t in g a n d R e c o n n a is s a n c e
Exam
312-50 C e r t i f i e d
E t h ic a l H a c k e r
C E H
a s p e rm itte d
-OTOOif^
email servers
d = gm a 1 1 . c o m ; 3 = 2 0 1 2 0 1 1 3 ; h -m im e -v e rs io n : i n - r e p l y - t o : A u th e n tic a t io n s y s te m e c t : fro m :to : c o n te n t- ty p e ; used by sender's b h = T G E I P b 4 ti 7 g f Q G + g h h 7 0 k P j k x + T t / iA C lfl mail server b K g u Z L T L fg 2 + Q Z X z Z K e x lN n v R c n D /tP 4 t-Nkl !2P-t 75MxDR8 b1PK3eJ3U f/C saB ZW r>TTO X LaK O A G rP3B O t92M CZFxeU U Q 9uw L/xH A I.SnkoU TF.EA K G qO C 0 d 9 h D 5 9 D 3 0 X l8 K A C 7 Z m k b lG z X m V 4 D lW ffC L 8 9 4 R d H B O U o M zR w O W W Iib 9 5 a ll3 8 cq tlfP Z hrW F K h 5 x S n Z X sE 7 3 x Z P E Y zp 7 y ee C e Q u Y H Z N G slK x c0 7 x Q je Z u w + H W K /v R 6 x C h D Ja p Z 4 K 5 Z A fY Z m kIkF X + V dL Z qu7Y G F zy60H cuP 16y3/C 2fX H V d3uY < n M T /y e c v h C V 0 8 0 g 7 F K t6 /K z w - M I M E - V e r a io n : 1 . 0
R e c e iv e d ; b y 1 0 .2 2 4 .2 0 5 .1 3 7 w i t h SMTP i d fq9;
F r i , 01 J u n 2 0 1 2 2 1 : 2 4 : 0 0 - 0 7 0 0 (PDT) R e c e i v e d : b y 1 0 . 2 2 9 . 2 3 0 . 7 9 w i t h HTTP; F r i I n - R e p l y - T o : <C A O Y W A T T lzdD X E 308D 2rhiE 4B er
1040318;
A u n iq u e n u m b e r a s sig ne d
l.c o m >
. ' '.
b m .google.com to
'
itify them e:
u b j
\ l . com ,
) LUTIONS <
r 0 y a h o o .c o m >
C An
o l l e c t i n g e m a il header
I n f o r m is t h e
a t i o n
f r o m th a t
a i l w ith
H e a d e r s e v e ry e m a il. It c o n t a i n s th e
in fo rm a tio n
tra v e ls
T h e f o l l o w i n g is a s c r e e n s h o t o f a s a m p l e e m a i l h e a d e r .
M o d u le
02 P a g e 155
E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s C o p y r ig h t b y E C -C
0U n C il
A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d .
E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s F o o t p r in t in g a n d R e c o n n a is s a n c e
Exam
312-50 C e r t i f i e d
E t h ic a l H a c k e r
D e liv e r e d - T o : 8 .-- !g ma i l . c o m R e c e iv e d : b y 1 0 . 1 1 2 . 39". 1 6 7 w i t h SMTP i d q 7 c s p 4 8 9 4 1 2 1 b k ; F r i , 1 J u n 2 0 1 2 2 1 : 2 4 : 0 1 - 0 7 0 0 (PDT) R e t u r n - P a t h : < - - e r m a @ g m a il.c o m > R e c e iv e d - S P F : p a s s ( g o o g l e . c o m : d o m a in o f 1 e n n a 0 g m a il.c o m d e s i g n a t e s 1 0 . 2 2 4 . 2 0 5 . 1 3 7 a s p e r m i t t e d s e n d e r) c li e n t - i p = 1 0 . 2 2 A u t h e n t i c a t i o n - R e s u l t s : p n r 7 g o o g l^ ^ o m J 3 p f - p a 3 3 ( g o o g l e . c o m : d o m a in o f e r m a 8 g m a il. c o m d e s i g n a t e s 1 0 .2 2 4 .2 0 5 .1 3 7 a s p e r m it te d s e n a e rj s mt p . ma i l 3 - r m a g g m a i l . c o m ; d k im = p a s s h e a d e r. i= ; ? r m a 8 g m a il.c o m R e c e iv e d : f r o m m r . g o o g l e . c o m ( [ 1 0 . 2 2 4 . 2 0 5 . 1 3 7 ] ) h v i n . ? ? < 7 . ?> 5 - w i n , s m t p in ^ , 0 ^ < ; 7 8 ; 7 0 ^ . <>. 1 * 1 1 ) 4 0 7 7 ( n u m _ h o p s = 1 ) ; | F n , 01 J u n 2 0 1 2 2 1 : 2 4 : 0 0 - 0 7 0 0 ( P D T )! D K I M - S ig n a t u r e : v = l / l ^ ^ r s a - s h a ^ ^ o / J c = r e l a x e d / r e l a x e d ; d= g m a i 1 . c o m ; ? 1 h = m im e - v e r s io n : in - r e p ly - t o : r e fe r e n c e s : d a t e : m e s s a g e - id : s u b je c t : f r o m : to :c o n te n t- ty p e ; b h = T G E IP b 4 ti7 g fQ G + g h h 7 0 k P jk x 4 T t/iA C lP P y W m N g Y H c = ; b K g u Z L T L fg 2 + Q Z X z Z K e x lN n v R c n D /+ P 4 + N k 5 N K S P tG 7 u H X D s fv /h G H 4 6 e 2 F + 7 5 M x D R 8 b lP K 3 e J 3 U f/C s a B Z W D IT O X L a K O A G rP 3 B O t9 2 M C Z F x e U U Q 9 u w L /x H A L S n k e U IE E e K G q O C o a 9 h D 5 9 D 3 o X I8 K A C 7 Z m k b lG z X m V 4 D lW ffC L 8 9 4 R a M B 0 U o M z R w 0 W W Iib 9 5 a lI3 8 c q tlfP Z h rW F K h 5 x S n Z X s E 7 3 x Z P E Y z p 7 y e c C e Q u Y H Z N G s lK x c 0 7 x Q je Z u w + H W K /v R 6 x C h D J a p Z 4 K5 Z A f Y Z m k I k F X -V d L Z q u Y G F z y H c u P l6 y S / C 2 fX H V d s u Y a m M T /y e c v h C V o 8 0 g 7 F K t 6 /K z w M I M E - V e r s io n : 1 . 0 R e c e iv e d : b y 1 0 . 2 2 4 . 2 0 5 . 1 3 7 w i t h SMTP i d f q 9 m r 6 7 0 4 5 8 6 q a b . 3 9 . 1 3 3 8 6 1 1 0 4 0 3 1 8 ; F r i , 01 J u n 2 0 1 2 2 1 : 2 4 : 0 0 - 0 7 0 0 (PDT) R e c e iv e d : b y 1 0 . 2 2 9 . 2 3 0 . 7 9 w i t h H T T P ; F r i , 1 J u n 2 0 1 2 2 1 : 2 3 : 5 9 - 0 7 0 0 (PDT) I n - R e p l y - T o : < C A O Y W A T T lz d D X E 3 o 8 D 2 r h iE 4 B e r2 M tV 0 u h r o 6 r 4 7 M u 7 c 8 u b p 8 E g @ m a il.g m a il.c o m > R e f e r o f l g a ^ ^ 2 i j i 2 l d f i J S 2 a 2 2 i J i ^ 4 ^ e r 2 M tV O u h r o 6 r + 7 M u 7 c 8 u b p 8 E g 0 m a il. g m a i l . com > D a te : | S a t, 7 Jun 201? 0 9 :5 3 :5 9 40530 1 M e s s a g e - i t : <(!:A M ivo X 'fl !1cf1n 'w !iW < i5 z ih N n O - E M J c g fg X + m U fj B _ t t 2 s y 2 d X A 0 m a i l . g m a i l . com > S u b je j^ ^ ii_ _ _ ji* ,_ 0 L U T I0 N S : : : F r o m :| ~ M ir z a |< - - e r m a p g m a il. com > To: i f t s a m a i i . c om , 1LU TI0N S < - * - - - t i o n s 8 g m a i l. c o m > , ... 1 a A k e r 8 y a h o o .c o m > ,
0 120 1
60
^ < tm
FIGURE 2.24: Email header screenshot T h is e m a il h e a d e r c o n ta in s t h e f o llo w in g in f o r m a t io n : e e S e n d e r's m a il s e rv e r D a ta a n d t im e re c e iv e d b y th e o r ig in a to r 's e m a il s e rv e rs A u t h e n t ic a tio n s y s te m u s e d b y s e n d e r 's m a il s e rv e r D a ta a n d t im e o f m e s s a g e s e n t A u n iq u e n u m b e r a s s ig n e d b y m r .g o o g le .c o m t o id e n t if y t h e m e s s a g e S e n d e r's fu ll n a m e S e n d e r s IP a d d r e s s T he a d d re ss fr o m w h ic h th e m e s s a g e w a s s e n t
e e e e e e
T h e a t t a c k e r c a n t r a c e a n d c o l l e c t a ll o f t h i s i n f o r m a t i o n b y p e r f o r m i n g a d e t a i l e d a n a l y s i s o f t h e c o m p le te e m a il h e a d e r.
M o d u le
02 P a g e 156
E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s C o p y r ig h t b y E C -C
0U n C il
A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d .
E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s F o o t p r in t in g a n d R e c o n n a is s a n c e
Exam
312-50 C e r t i f i e d
E t h ic a l H a c k e r
E m a i l T r a c k i n g T o o ls
Email Lookup - Free Email Tracker
T r a c e E m a il - T r a c k E m a il
C E H
IP Address: 72.52.192 147 (host.marhsttanrrediagroup.con) IP Address Country: Unred States ip continent north America
IP Address City Location: Lansing IP Address Region: Michigan IP Address Latitude: *2.7257. IP Address longtitude: -84.636 Organ i ra t on: So jrcoDNS
Email Metrics
O on d -
w *
* ( f t
Lansing
E03t Lansing
E m a il L o o k u p - F re e E m a il T ra c k e r (http://www.ipaddresslocation.org)
a i l
T r a c k i n g to o ls
E m a il
tra c k in g
a llo w
M o d u le
02 P a g e 157
E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s C o p y r ig h t b y E C -C
0U n C il
A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d .
E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s F o o t p r in t in g a n d R e c o n n a is s a n c e
Exam
312-50 C e r t i f i e d
E t h ic a l H a c k e r
n*r s M KTT mt*( n*van( on *vyv** (tt* !jomnf on M m (tkt port nctoM<A T*#f n no w nw n m ! ontMt (t port
(fr t* e * l
* 22
Ooitiim *
V 0 M < M <w
n7 9 3
P o lit e M
a il
m anagem ent
h e lp o f th is to o l.
N IC
W W W
E m
a il L o o k u p
F r e e
E m
a il T r a c k e r
M o d u le
02 P a g e 158
E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s C o p y r ig h t b y E C -C
0l 1 n C il
A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d .
E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s F o o t p r in t in g a n d R e c o n n a is s a n c e
Exam
312-50 C e r t i f i e d
E t h ic a l H a c k e r
E m a i l L o o k u p is a n e m a i l t r a c k i n g t o o l t h a t d e t e r m i n e s t h e IP a d d r e s s o f t h e s e n d e r b y a n a l y z i n g th e e m a il h e a d e r. Y ou can c o p y a n d p a s te th e e m a il h e a d e r in to th is e m a il tra c k in g to o l a n d
s ta r t tr a c in g e m a il.
M o d u le
02 P a g e 159
E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s C o p y r ig h t b y E C -C
0U n C il
A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d .
E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s F o o t p r in t in g a n d R e c o n n a is s a n c e
Exam
312-50 C e r t i f i e d
E t h ic a l H a c k e r
E m a il L o o k u p - F re e T ra c e E m a il T ra c k E m a il
E m a il T ra c k e r
Email Header Analysis IP Address: 72.52.192.147 (host manhattanmed1agroup.com) IP Address Country: United States fe i IP Continent: North America IP Address City Location: Lansng IP Address Region: Michigan IP Address Latitude: 42 7257, IP Address Longtitude: -84 636 Organization: SourceDNS Email Lookup Map (show/hide)
FIGURE 2 .2 7 : E m ail L o o k u p S c re e n s h o t
M o d u le
02 P a g e 160
E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s C o p y r ig h t b y E C -C
0l 1 n C il
A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d .
E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s F o o t p r in t in g a n d R e c o n n a is s a n c e
Exam
312-50 C e r t i f i e d
E t h ic a l H a c k e r
E m a i l T r a c k i n g T o o ls
( C o n t d ) Read N o tify http://www.readnotify, com P o in to fm a il http://www.pointofmail.com
C E H
'
D id T h e yR e a d lt http://www.didtheyreadit. com
MSGTAG http://www.msgtag.com
S '/
J J S >
Z e n d io http://www.zendio.com
a
'
a i l
T r a c k i n g
T o o l s
( C
o n t d )
M
---------
R e a d
N o t if y
a n d tim e
o f o p e n in g , g e o g ra p h ic lo c a tio n
o f r e c ip ie n t, v is u a liz e d
l o c a t i o n , IP a d d r e s s o f t h e e tc .), e tc .
re c ip ie n ts , r e fe r r e r d e ta ils
(i.e ., if a c c e s s e d v ia w e b
e m a il a c c o u n t
D i d T h e y R e a d l t is a n e m a i l t r a c k i n g u t i l i t y . I n o r d e r t o u s e t h i s u t i l i t y y o u n e e d t o s i g n u p f o r a n a c c o u n t. a d d re ss. Then you need to add w e re ".D id T h e y R e a d lt.c o m " s e n d in g an e -m a il to to th e end o f th e r e c ip ie n t's e -m a il it t o
F o r e x a m p le ,
if y o u
in s te a d , a n d y o u r e m a il w o u ld
M o d u le
02 P a g e 161
E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s C o p y r ig h t b y E C -C
0U n C il
A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d .
E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s F o o t p r in t in g a n d R e c o n n a is s a n c e
Exam
312-50 C e r t i f i e d
E t h ic a l H a c k e r
in fo rm s
you
when
your
m a il
was
opened,
how
lo n g
your
e m a il
re m a in e d
open,
and
th e
g e o g r a p h ic lo c a tio n w h e r e y o u r e m a il w a s v ie w e d .
h e a d e rs . Y o u ju s t n e e d to c o p y a n d p a s te th e fu ll h e a d e rs o f th e ta r g e t e m a il in to th e
H e a d e rs
s e r v e r s a n d e m a i l c l i e n t s in t h e t r a n s m i s s i o n p a t h a r e t r u s t w o r t h y .
M S G T A G S o u rce : h ttp ://w w w .m s g ta g .c o m MSGTAG when is W i n d o w s e m a il tra c k in g opened and s o ftw a re when th a t uses a read re c e ip t te c h n o lo g y to re a d . T h is s o f t w a r e te ll y o u adds a
y o u r e m a ils a re
y o u r e m a ils a re
a c tu a lly
s m a l l t r a c k a n d t r a c e t a g t h a t is u n i q u e t o e a c h e m a i l y o u n e e d d e l i v e r y c o n f i r m a t i o n f o r . W h e n t h e e m a i l is o p e n e d a n e m a i l t r a c k i n g c o d e is s e n t t o t h e M S G T A G e m a i l t r a c k i n g s y s t e m a n d a n e m a il re a d c o n fir m a tio n is d e l i v e r e d t o y o u . M S G T A G w i l l n o t i f y y o u w h e n t h e m e s s a g e is r e a d
v ia a n e m a il e d c o n f i r m a t i o n , a p o p - u p m e s s a g e , o r a n S M S t e x t m e s s a g e .
vSW ,
Z e n d io , th e th e
e m a il, so y o u
u p , k n o w in g
if t h e y
i n c l u d e d in t h e e m a i l . P o in t o f m a il S o u rce : h ttp ://w w w .p o in to fm a il.c o m P o in to fm a il.c o m tra c k s is a p r o o f o f r e c e i p t a n d and le ts you m o d ify r e a d in g s e rv ic e f o r e m a il. or d e le te sent It e n s u r e s It read re c e ip ts , d e ta ile d
a tta c h m e n ts ,
m essages.
p ro v id e s
S u p e r
E m
a il M
a r k e t in g
S o ftw a r e
M o d u le
02 P a g e 162
E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s C o p y r ig h t b y E C -C
0U n C il
A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d .
E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s F o o t p r in t in g a n d R e c o n n a is s a n c e
Exam
312-50 C e r t i f i e d
E t h ic a l H a c k e r
M o d u le
02 P a g e 163
E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s C o p y r ig h t b y E C -C
0U n C il
A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d .
E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s F o o t p r in t in g a n d R e c o n n a is s a n c e
Exam
312-50 C e r t i f i e d
E t h ic a l H a c k e r
W " 5
h o R e a d M e
o u rc e : h ttp ://w h o r e a d m e .c o m
W h o R e a d M e is a n e m a i l t r a c k i n g t o o l . I t is c o m p l e t e l y i n v i s i b l e t o r e c i p i e n t s . T h e r e c i p i e n t s w i l l h a v e n o id e a t h a t t h e e m a ils s e n t t o t h e m th e re c ip ie n t o p e n s th e s y s te m a r e b e i n g t r a c k e d . T h e s e n d e r is n o t i f i e d e v e r y t i m e
m a il s e n t b y t h e s e n d e r . It tr a c k s in f o r m a t i o n s u c h as t y p e o f o p e r a t in g b e t w e e n t h e m a ils s e n t a n d
a n d b r o w s e r u s e d , A c t i v e X C o n t r o l s , CSS v e r s i o n , d u r a t i o n
re a d tim e , e tc .
G L o c k
A n a ly t ic s
G -L o c k A n a ly tic s
e m a ils a f t e r t h e y a re s e n t. T h is t o o l r e p o r t s t o y o u h o w fo rw a rd e d .
m a n y tim e s th e e m a il w a s p rin te d a n d
M o d u le
02 P a g e 164
E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s C o p y r ig h t b y E C -C
0U n C il
A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d .
E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s F o o t p r in t in g a n d R e c o n n a is s a n c e
Exam
312-50 C e r t i f i e d
E t h ic a l H a c k e r
Footprinting Methodology
Footprinting through Search Engines Website Footprinting
C E H
WHOIS Footprinting
DNS Footprinting
Email Footprinting
Network Footprinting Footprinting through Social Engineering Footprinting through Social Networking Sites
Competitive Intelligence
e t h o d o l o g y m e th o d o lo g y a fte r e m a il fo o t p r in t in g is c o m p e t i t i v e
in f o o t p r i n t i n g
is a p r o c e s s t h a t g a t h e r s , a n a l y z e s , a n d d i s t r i b u t e s i n t e l l i g e n c e
about
p r o d u c t s , c u s t o m e r s , c o m p e t i t o r s , a n d t e c h n o l o g i e s u s i n g t h e I n t e r n e t . T h e i n f o r m a t i o n t h a t is g a th e re d s e c tio n can h e lp m a n a g e rs and e x e c u tiv e s of a com pany and m ake s tra te g ic you d e c is io n s . T h is
is a b o u t c o m p e t i t i v e
in te llig e n c e
g a th e rin g
so u rc e s
w h e re
can
g e t v a lu a b le
in fo rm a tio n .
M o d u le
02 P a g e 165
E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s C o p y r ig h t b y E C -C
0U n C il
A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d .
E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s F o o t p r in t in g a n d R e c o n n a is s a n c e
Exam
312-50 C e r t i f i e d
E t h ic a l H a c k e r
S o u rc e s of C om petitive Intelligence
2 3
-
A n a ly st a nd re g u la to ry re p o rts
C u sto m e r a nd v e n d o r in te rv ie w s
10
o m
p e t i t i v e to o ls a re
I n t e l l i g e n c e re a d ily a v a ila b le in
G th e
a t h e r i n g m a rke t fo r th e p u rp o se of c o m p e titiv e
V a rio u s
I n t e r n e t is d e f i n e d
as c o m p e t it iv e
a n a ly z in g c o m p e tito r s th e
o r g a n i z a t i o n . I t is n o n - i n t e r f e r i n g a n d s u b t l e
d ir e c t in te lle c tu a l
p r o p e r t y t h e f t c a rrie d th e e x te rn a l b u s in e s s
It m a in ly c o n c e n t r a t e s o n and le g a lly in s te a d g a th e re d of is fo r
e n v iro n m e n t.
e th ic a lly
g a th e rin g not
Cl p r o f e s s i o n a l s , i f t h e in te llig e n c e .
in te llig e n c e
in fo rm a tio n is
u s e fu l,
C o m p e titiv e
in te llig e n c e
p e rfo rm e d
M o d u le
02 P a g e 166
E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s C o p y r ig h t b y E C -C
0l i n C i l
A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d .
E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s F o o t p r in t in g a n d R e c o n n a is s a n c e
Exam
312-50 C e r t i f i e d
E t h ic a l H a c k e r
e e e e e e e e
P ress re le a s e s a n d a n n u a l r e p o r ts T ra d e jo u rn a ls , c o n fe re n c e s , a n d n e w s p a p e rs P a te n ts a n d tra d e m a rk s S o c ia l e n g i n e e r i n g e m p l o y e e s P r o d u c t c a ta lo g s a n d re ta il o u tle ts A n a ly s t a n d r e g u la to r y re p o r ts C u s to m e r a n d v e n d o r in te rv ie w s A g e n ts , d is tr ib u to r s , a n d s u p p lie rs in te llig e n c e or by can a be c a rrie d out by e ith e r e m p lo y in g w h ic h p e o p le in c u rs to a se a rch lo w e r fo r th e th a n
C o m p e titiv e in fo rm a tio n
u tiliz in g
c o m m e rc ia l
d a ta b a s e
s e rv ic e ,
cost
e m p lo y in g p e rs o n n e l to d o th e s a m e th in g .
M o d u le
02 P a g e 167
E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s C o p y r ig h t b y E C -C
0U n C il
A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d .
E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s F o o t p r in t in g a n d R e c o n n a is s a n c e
Exam
312-50 C e r t i f i e d
E t h ic a l H a c k e r
C o m C o m
p e t it iv e p a n y
I n t e llig e n c e H o w
- W it
h e n
D id
t h is
B e g in ?
D id
D e v e lo p ?
C E H
V is it T h e s e S ite s ------------------------------------------------------
-----------------------------------02. Hoovers
How did it develop? http://www.hoovers.com ________________________________
03. LexisNexis
M 2) http://www.lexisnexis.com
o m
p e t i t i v e H o w
I n t e l l i g e n c e D i d i t
h e n
i d
t h i s
o m
p a n y
B e g i n ?
D e v e l o p ?
G a th e r in g c o m p e t it o r d o c u m e n t s a n d re c o r d s h e lp s im p r o v e p r o d u c t iv it y a n d p r o f i t a b i l i t y a n d s t i m u l a t e t h e g r o w t h . It h e lp s d e t e r m i n e t h e a n s w e r s t o t h e f o l l o w i n g :
Where is it located?
M o d u le
02 P a g e 168
E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s C o p y r ig h t b y E C -C
0U n C il
A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d .
E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s F o o t p r in t in g a n d R e c o n n a is s a n c e
Exam
312-50 C e r t i f i e d
E t h ic a l H a c k e r
T h e lo c a tio n o f th e c o m p a n y a n d in fo r m a tio n
re la te d to v a rio u s b ra n c h e s a n d th e ir o p e ra tio n s
c a n b e c o lle c te d t h r o u g h c o m p e titiv e in te llig e n c e . You can use th is in fo rm a tio n g a th e re d th ro u g h c o m p e titiv e in te llig e n c e to b u ild a h a c k in g
0 1 c3 A ll
E D G A R S o u rce : h ttp ://w w w .s e c .g o v /e d g a r .s h tm l fo re ig n and d o m e s tic , a re re q u ire d to file re g is tra tio n s ta te m e n ts , p e rio d ic
c o m p a n ie s ,
EDGAR. A n y o n e can v ie w th e
ED G AR d a ta b a s e
H o o v e r s is a b u s i n e s s r e s e a r c h c o m p a n y t h a t p r o v i d e s c o m p l e t e i n d u s t r i e s a ll o v e r t h e w o r l d . H o o v e r s p r o v i d e s p a t e n t e d
b u s in e s s -re la te d
fo r c o n n e c tin g
p e o p le ,
o rd e r fo r g e ttin g
b u s in e s s d o n e .
b u s in e s s s o u rc e s a re m a d e a c c e s s ib le t o c u s to m e r s .
B u s in e s s
ir e
a n d o rg a n iz a tio n s a re d is tr ib u te d fin a n c ia l m a rk e ts , in v e s to rs ,
in fo rm a tio n
c o m p a n y h a s its o w n p a t e n t e d e l e c t r o n i c n e t w o r k t h r o u g h w h i c h it r e le a s e s its n e w s .
M o d u le
02 P a g e 169
E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s C o p y r ig h t b y E C -C
0U n C il
A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d .
E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s F o o t p r in t in g a n d R e c o n n a is s a n c e
Exam
312-50 C e r t i f i e d
E t h ic a l H a c k e r
M a rke t W atch (h
ttp : //w w w .m a r k e tw a tc h .c o m )
M a rk e t^
(h t t p : / / w w w .t w s t .c o m )
J twst.com
upper marketplace
Lipper M arke tp la ce
(h ttp : // w w w .lip p e r m a r k e tp la c e .c o m )
\ /
E u ro m o n ito r
(h ttp : // w w w .e u r o m o n ito r .c o m )
I tUR OM ON M OR
Fagan Finder
(h t t p : // w w w .fa g a n fin d e r .c o m )
^Fagan-^
Finder S E C I n fo
Search M pmI to r
SEC Info
(h ttp : // w w w .s e c in fo .c o m )
(h t t p : // w w w .th e s e a r c h m o n i to r .c o m )
C M M to
o m
p e t i t i v e
I n t e l l i g e n c e
h a t
A r e
t h e
o m
p a n y 's
in f o r m a t io n a b o u t v a rio u s c o m p a n ie s a n d t h e ir p la n s t h r o u g h c o m p e t it iv e in te llig e n c e :
M a r k e t W
a t c h
d e d ic a te d jo u rn a lis ts
S fli
T h e
a ll
S tre e t T r a n s c r ip t
Pi
in d u s try
e q u ity
a n a ly s ts
in d u s tr y s e c to rs . In te rv ie w s w it h CEOs o f c o m p a n ie s a re p u b lis h e d .
L ip p e r
M a r k e t p la c e
M o d u le
02 P a g e 170
E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s C o p y r ig h t b y E C -C
0l 1 n C il
A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d .
E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s F o o t p r in t in g a n d R e c o n n a is s a n c e
Exam
312-50 C e r t i f i e d
E t h ic a l H a c k e r
S o u rce : h ttp ://w w w .lip p e r m a r k e tp la c e .c o m L ip p e r M a r k e tp la c e o ffe rs w e b -b a s e d s o lu tio n s t h a t a re h e lp fu l f o r id e n tify in g th e c o m p a n y . M a rk e tp la c e needed h e l p s in q u a l i f y i n g p r o s p e c t s a n d th e s e p ro s p e c ts in to p ro v id e s th e c o m p e titiv e u se rs to m a rke t o f a in te llig e n c e id e n tify net
fo r tra n s fo rm in g
c lie n ts . Its s o lu t io n s
a llo w
I l l 'l l
E u ro m o n ito r
p ro v id e s
s tra te g y
rese a rch
fo r
consum er
m a rk e ts .
It
p u b lis h e s
re p o rts
on
in d u s t r ie s , c o n s u m e r s , a n d d e m o g r a p h ic s . It p r o v id e s m a r k e t r e s e a r c h a n d s u r v e y s f o c u s e d o n y o u r o r g a n iz a tio n 's n e e d s .
F a g a n R 1 Fagan
F in d e r
S o u rce : h ttp ://w w w .fa g a n fin d e r .c o m o f i n t e r n e t t o o l s . I t is a d i r e c t o r y o f b l o g s i t e s , n e w s s i t e s , s e a r c h s c ie n c e and e d u c a tio n s ite s , e tc . S p e c ia liz e d to o ls such as
F i n d e r is a c o l l e c t i o n p h o to s h a rin g
e n g in e s ,
s ite s ,
M
^ >
S E C
I n f o
(SEC) EDGAR
d a ta b a s e s e rv ic e o n se a rch b y N a m e ,
t h e SEC d o c u m e n t s . It a l l o w s y o u t o C o d e , A c c e s s io n N u m b e r,
F ile N u m b e r , C lK , T o p i c , Z IP
T h e
S e a r c h
o n it o r
S o u rce : h ttp ://w w w .th e s e a r c h m o n ito r .c o m T h e S e a rc h M o n it o r p ro v id e s r e a l- tim e c o m p e titiv e in te llig e n c e to m o n it o r a n u m b e r o f th in g s . It a llo w s y o u to m o n it o r m a r k e t s h a re , p a g e ra n k , a d c o p y , la n d in g pages, and th e budget of
y o u r c o m p e tito rs . W ith th e tr a d e m a r k m o n ito r , y o u can m o n ito r th e as y o u r c o m p e tito r 's b ra n d and w ith th e a ffilia te m o n ito r; you can
b u zz a b o u t y o u rs as w e ll w a tc h m o n ito r ad and
la n d in g p a g e c o p y .
M o d u le
02 P a g e 171
E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s C o p y r ig h t b y E C -C
0U n C il
A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d .
E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s F o o t p r in t in g a n d R e c o n n a is s a n c e
Exam
312-50 C e r t i f i e d
E t h ic a l H a c k e r
C o m O
p e t it iv e S a y
I n t e l l i g e n c e A b o u t t h e
- W
h a t
E x p e r t
p in io n s
C o m
p a n y
C E H
C o m p ete PRO
http://w w w .com pete.com
C opernic T rack er
http://www .copernic.com
ABI/INFORM Global
http://w w w .proquest.com
SEMRush
http://www .sem rush.com
Jo b lto rlal
http ://w w w .job ito ria l.co m
o m C
p e t i t i v e o m p a n y
I n t e l l i g e n c e
h a t
E x p e r t
p i n i o n s
S a y
A b o u t
t h e
C o p e r n ic
T r a c k e r
S o u rce : h ttp ://w w w .c o p e r n ic .c o m C o p e rn ic is w e b s i t e you tra c k in g c o n te n t s o ftw a re . It an m o n ito rs e m a il, a c o m p e tito r 's if a n y. The w e b s ite c o n tin u o u s ly as w e ll and
a c k n o w le d g e s
c h a n g e s v ia
u p d a te d
pages
as th e
c h a n g e s m a d e in t h e s it e a r e h i g h l i g h t e d f o r y o u r c o n v e n i e n c e . Y o u c a n e v e n w a t c h f o r s p e c if ic k e y w o r d s , t o s e e t h e c h a n g e s m a d e o n y o u r c o m p e t i t o r 's s ite s .
S E M R u s h S o u rce : h ttp ://w w w .s e m r u s h .c o m SEM Rush k e y w o rd s re s u lts . is a c o m p e t i t i v e and k e y w o rd rese a rch to o l. For any s ite , y o u o rg a n ic about can and g e t a lis t o f G o o g le p a id G o o g le s e a rc h a re by
A d W o r d s , as w e ll as a c o m p e t it o r s m eans fo r g a in in g in -d e p th to s p e c ific
lis t in t h e k n o w le d g e
N e ce ssa ry and
w hat
c o m p e tito rs p ro v id e d
th e ir
b u d g e t a llo c a tio n
In te r n e t m a r k e tin g ta c tic s a re
M o d u le
02 P a g e 172
E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s C o p y r ig h t b y E C -C
0U n C il
A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d .
E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s F o o t p r in t in g a n d R e c o n n a is s a n c e
Exam
312-50 C e r t i f i e d
E t h ic a l H a c k e r
J o k it o r ia l S o u rce : h ttp ://w w w .io b ito r ia l.c o m J o b ito ria l p ro v id e s anonym ous e m p lo y e e re v ie w s p o s te d fo r jo b s at th o u s a n d s of
c o m p a n ie s a n d a llo w s y o u t o r e v ie w a c o m p a n y .
A t t e n t io n M e t e r S o u rce : h ttp ://w w w .a tte n tio n m e te r .c o m A tte n tio n M e te r C o m p e te , a nd is a t o o l used fo r c o m p a rin g a n y w e b s ite you d a ta w ant (tra ffic ) by u s in g A le x a , A le x a ,
Q u a n c a s t.
It g iv e s y o u
a s n a p s h o t o f tra ffic
as w e ll as g r a p h s f r o m
C o m p e te , a n d Q u a n tC a s t.
A B I / I N F O R M
G lo b a l
in fo rm a tio n b u s in e s s
W ith
c o n d itio n s ,
m anagem ent
te c h n iq u e s ,
tre n d s ,
m anagem ent
p ra c tic e a n d th e o r y , c o r p o r a t e s tr a te g y a n d ta c tic s , a n d t h e c o m p e t it iv e la n d s c a p e .
C o m p e te
P R O
IB
C o m p e te
s e a r c h , a n d r e f e r r a l a n a l y t i c s in a s i n g l e p r o d u c t .
M o d u le
02 P a g e 173
E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s C o p y r ig h t b y E C -C
0U n C il
A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d .
E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s F o o t p r in t in g a n d R e c o n n a is s a n c e
Exam
312-50 C e r t i f i e d
E t h ic a l H a c k e r
Footprinting Methodology
Footprinting through Search \ Engines Website Footprinting
C E H
WHOIS Footprinting
DNS Footprinting
Email Footprinting
Network Footprinting Footprinting through Social Engineering Footprinting through Social Networking Sites
Competitive Intelligence
F o o t p r i n t i n g
e t h o d o l o g y
F o o t p r i n t i n g Though s im ila r to th e G o o g le
u s i n g
is a s e a r c h
e n g in e ,
p ro c e s s o f fo o tp r in tin g th ro u g h
s e a rc h e n g in e s . F o o t p r in tin g u s in g G o o g le d e a ls
w ith in
w ill f ilt e r f o r e x c e s s iv e
o f advanced
w ill d r o p
re q u e s ts w it h th e h e lp o f a n In tru s io n P re v e n tio n S y s te m
M o d u le
02 P a g e 174
E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s C o p y r ig h t b y E C -C
0U n C il
A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d .
E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s F o o t p r in t in g a n d R e c o n n a is s a n c e
Exam
312-50 C e r t i f i e d
E t h ic a l H a c k e r
- r~ j J_ G o o g le h a c k in g r e f e r s t o t h e a r t o f c r e a t in g c o m p l e x s e a r c h e n g in e q u e r ie s . If y o u c a n c o n s tru c t G o o g le p ro p e r q u e rie s , y o u T h ro u g h can re trie v e v a lu a b le an d a ta about a ta rg e t to fin d com pany w e b s ite s fro m th a t th e a re F o o t p r i n t i n g u s i n g G o o g l e H a c k i n g T e c h n i q u e s
se a rch
re s u lts .
G o o g le
h a c k in g ,
a tta c k e r
trie s
o p e ra to rs
te x t and
a v o id in g
irre le v a n t
U s in g a d v a n c e d
s p e c ific s tr in g s o f t e x t s u c h as s p e c ific v e rs io n s o f v u ln e r a b le
S o m e o f t h e p o p u la r G o o g le o p e r a t o r s in c lu d e : Q Q
.Site:
allinurl: Inurl:
t h a t y o u h a v e s p e c i f i e d in t h e U R L o f t h e w e b s i t e .
allintitle:
It r e s t r i c t s r e s u lt s t o o n l y w e b p a g e s t h a t c o n t a i n a ll t h e q u e r y t e r m s t h a t y o u
h a v e s p e c ifie d .
M o d u le
02 P a g e 175
E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s C o p y r ig h t b y E C -C
0U n C il
A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d .
E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s F o o t p r in t in g a n d R e c o n n a is s a n c e
Exam
312-50 C e r t i f i e d
E t h ic a l H a c k e r
intitle:
used.
It r e s t r ic t s r e s u lt s t o It w i l l s h o w
o n ly th e
web
pages th a t c o n ta in th e
th e
q u e ry te rm
th a t you have
h a v e s p e c ifie d .
o n ly w e b s ite s th a t m e n tio n
q u e ry te rm
th a t you
Inanchor:
It r e s tr ic ts r e s u lts t o p a g e s c o n t a in in g t h e q u e r y t e r m
t h a t y o u h a v e s p e c ifie d
in t h e a n c h o r t e x t o n lin k s t o t h e p a g e .
Q Allinanchor:
It r e s t r ic t s
re s u lts t o
pages c o n ta in in g
a ll q u e r y
te rm s
you
s p e c ify
in t h e
a n c h o r t e x t o n lin k s t o t h e p a g e .
M o d u le
02 P a g e 176
E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s C o p y r ig h t b y E C -C
0U n C il
A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d .
E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s F o o t p r in t in g a n d R e c o n n a is s a n c e
Exam
312-50 C e r t i f i e d
E t h ic a l H a c k e r
E H
messages th a t
c o n ta in s e n s itiv e in fo rm a tio n
Pages c o n ta in in g
n e tw o rk o r v u ln e ra b ility d a ta
Files c o n ta in in g
p a ssw o rd s
Pages c o n ta in in g
lo g o n p o rta ls
h a t
C a n
a c k e r
D o
i t h G o o g le
o o g l e
a c k i n g ? a tta c k e r ca n fin d th e
If t h e
ta rg e t w e b s ite
is v u l n e r a b l e t o
h a c k in g , t h e n t h e
M o d u le
02 P a g e 177
E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s C o p y r ig h t b y E C -C
0U n C il
A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d .
E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s F o o t p r in t in g a n d R e c o n n a is s a n c e
Exam
312-50 C e r t i f i e d
E t h ic a l H a c k e r
C E H
V
[lin k :]
[related :]
[ i n f o :]
[ s i t e :]
[ a l l i n t i t l e :]
[ i n t i t l e :]
[ a l l i n u r l :]
[ i n u r l :]
o o g l e
A d v a n c e
S e a r c h
p e r a t o r s
S o u rc e : h ttp ://w w w .g o o e le g u id e .c o m
Cache:
T h e C A C H E q u e r y d is p la y s G o o g le 's c a c h e d v e rs io n o f a w e b p a g e , in s te a d o f t h e c u r r e n t
v e rs io n o f th e page.
L in k lis ts w e b
t h a t p o in t t o G o o g le G u id e 's h o m e p a g e , e n te r : w w w .g o o g le g u id e .c o m
M o d u le
02 P a g e 178
E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s C o p y r ig h t b y E C -C
0U n C il
A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d .
E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s F o o t p r in t in g a n d R e c o n n a is s a n c e
Exam
312-50 C e r t i f i e d
E t h ic a l H a c k e r
y o u r e m o v e t h e -s ite : t e r m
related:
m e n t i o n e d in t h e s e a r c h q u e r y .
Example: info:
For
re la te d :w w w . m ic ro s o ft.c o m
w ill p ro v id e
t h e G o o g le s e a rc h e n g in e r e s u lts p a g e w it h
w e b s ite s s im ila r t o m ic ro s o ft.c o m . In fo w ill p re s e n t s o m e in fo r m a tio n th e c o r r e s p o n d in g w e b p a g e . in s ta n c e , in fo :g o th o te l.c o m h o m e page. w ill show in fo rm a tio n about th e n a tio n a l h o te l d ire c to ry
G o tH o te l.c o m
Note:
box.
T h e r e m u s t b e n o s p a c e b e t w e e n t h e in fo : a n d t h e w e b p a g e URL.
T h is f u n c t i o n a l i t y c a n a ls o b e o b t a i n e d b y t y p in g t h e w e b p a g e U R L d ir e c t ly in t o a G o o g le s e a rc h
site:
For
If y o u
in c lu d e
s ite :
in y o u r q u e r y , G o o g l e
w ill
r e s tric t y o u r s e a rc h
re s u lts t o
th e
s ite
or
d o m a in y o u s p e c ify . e x a m p le , a d m is s io n s s ite :w w w . Is e .a c .u k and [p e a c e w ill show a d m is s io n s pages in fo rm a tio n peace fro m London th e .g o v
School
o f E c o n o m ic s ' s ite
s ite :g o v
] w ill fin d
about
w ith in
allintitle:
If y o u s t a r t y o u r q u e r y w i t h
a l l i n t i t l e : , G o o g l e r e s t r i c t s r e s u l t s t o t h o s e c o n t a i n i n g a ll
t h e q u e r y t e r m s y o u s p e c i f y in t h e t i t l e . F or e x a m p le , "d e te c t" and a llin title : d e te c t in p la g ia ris m th e title . w ill re tu rn o n ly d o c u m e n ts can a ls o be th a t c o n ta in o b ta in e d th e w o rds th e
T h is
fu n c tio n a lity
th ro u g h
A d v a n c e d W e b S e a rch p a g e, u n d e r O c c u rre n c e s .
intitle:
r e s tr ic ts re s u lts t o w ill re tu rn
d o c u m e n ts th a t
c o n ta in in g te rm th e w o rd
in t h e "h e lp "
title .
For
in s ta n c e ,
d o c u m e n ts
m e n tio n
in t h e i r
allinurl:
I f y o u s t a r t y o u r q u e r y w i t h a l l i n u r l :, G o o g l e r e s t r i c t s r e s u l t s t o t h o s e c o n t a i n i n g a l l t h e
U R L, s u c h as " w w w . g o o g l e . c o m / h e l p / f a q . h t m l ." T h is f u n c t i o n a l i t y c a n a ls o b e
o b ta in e d th r o u g h th e A d v a n c e d W e b S e a rch p a g e, u n d e r O c c u rre n c e s . In URLs, w o rd s a re o fte n run to g e th e r. They need not be run to g e th e r when y o u 'r e u s in g
a llin u rl.
inurl:
I f y o u i n c l u d e i n u r l : in y o u r q u e r y , G o o g l e w i l l r e s t r i c t t h e r e s u lt s t o d o c u m e n t s c o n t a i n i n g
URL c o n ta in s th e on th e
PDF file s t h a t a re q u e ry
in t h e
G o o g le
G u id e
w e b s ite .
The
[ in u rk h e a lth y
M o d u le
02 P a g e 179
E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s C o p y r ig h t b y E C -C
0U n C il
A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d .
E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s F o o t p r in t in g a n d R e c o n n a is s a n c e
Exam
312-50 C e r t i f i e d
E t h ic a l H a c k e r
d o c u m e n ts
th a t
m e n tio n
th e
w o rd s
in t h e i r
URL, a n d
m e n tio n
th e
w o rd
a n y w h e r e in t h e d o c u m e n t .
Note:
T h e re m u s t b e n o s p a c e b e tw e e n th e in u rl: a n d th e f o llo w in g w o r d .
M o d u le
02 P a g e 180
E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s C o p y r ig h t b y E C -C
0U n C il
A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d .
E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s F o o t p r in t in g a n d R e c o n n a is s a n c e
Exam
312-50 C e r t i f i e d
E t h ic a l H a c k e r
f 1z .
_ E!
5
F i n d i n g
R e s o u r c e s
u s i n g
o o g l e
A d v a n c e
p e r a t o r
B y u s in g t h e G o o g le A d v a n c e O p e r a t o r s y n ta x
[ i n t i t l e : in tra n e t
in u r l : in tra n e t
f i n t e x t : human
as w e ll as
s e n s itiv e g a th e re d
in fo rm a tio n
a tta c k e rs
can
p e rfo rm
e n g in e e rin g
a tta c k s .
th e p re v io u s ly m e n tio n e d q u e ry :
M o d u le
02 P a g e 181
E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s C o p y r ig h t b y E C -C
0U n C il
A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d .
E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s F o o t p r in t in g a n d R e c o n n a is s a n c e
Exam
312-50 C e r t i f i e d
E t h ic a l H a c k e r
You
Search
Images
M ail
Documents
Calendar
Sites
Contacts
Maps
More
Search
Humaj3LSPurc Human Resource* Intranet > Department of Human Resources 14 Jun 2012-Human Resources Home > Department of Human Resources > Human Resources Intranet Human Resources Intranet...
Videos
News
intranet*/ 6 Juo 2012 Human Resources 201V12 DeaAnes 1Facu*y and Human Resources - - *Personnel Specials! assignments by Ur* (OOC)...
Error Cookies are not enabled You must enable cooloes before you can log n Please log in This section 0 1 the Human Resources *ebsite IS for UNC Health... * - V intranet ben4ts V xhumaf1 -rsourc*-mana9 3 Nov 2010 - Tags enterpnse 2 0 nterpnse colaboration human resources noranel 2 0 intranets social crm Intranet Benefcs for Human Resowce... * *du au/ h i Tht Faculty Human Resources Taam aims to work vnth acad*rrc haads managers and staff to nsur that human resources a*c and actMties translatt into...
> _ds |*p>dsjd*41 The Human Resources oftce is responsible tor prg.jrv3 vanous support services to all
FIGURE 2.28: Search engine show ing results fo r given Google Advance O p e ra to r syntax
M o d u le
02 P a g e 182
E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s C o p y r ig h t b y E C -C
0U n C il
A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d .
E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s F o o t p r in t in g a n d R e c o n n a is s a n c e
Exam
312-50 C e r t i f i e d
E t h ic a l H a c k e r
C E H
Advisories andVulnerabilrt.es
G ( G
o o g l e H D B )
a c k i n g
T o o l :
o o g l e
a c k i n g
D a t a b a s e
s c rip ts . T h e G o o g le
D a ta b a s e e x p o s e s k n o w n
s o ftw a r e th a t ru n w e b s ite s .
T h e r e a re s o m e b u g s t h a t e x p o s e in f o r m a t io n t h a t m ig h t n o t w a r r a n t p u b lic re a d in g .
M o d u le
02 P a g e 183
E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s C o p y r ig h t b y E C -C
0U n C il
A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d .
E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s F o o t p r in t in g a n d R e c o n n a is s a n c e
E x a m 3 1 2 - 5 0 C e r t if ie d E t h ic a l H a c k e r
C
MW(
0 1
YouTttl
*vw h ae lcm to cch a n ty. rg ,< ;)h d rv lunn ntum m ,vy& car 1 /
1 0
- *
ES2]
H A C K E R SF O RC H A R IT Y .O R C
CHDe - M..k*r> F **Charity 0H 0e S t Ad/tsenes ard ViireraMtties Tic Et lrpi<t Pioductort contain} multiple vulnerabltes. Afucn cojM eoioited to alk>!v an G p-odjctrart a3ccar to cceai ur crdntjak or mount other f atta Accorcare tol rmSoSaareh fttp^7*'v.MCurtvfofuc.cofr\lb1d/0667. carsin v-aHeratilC rerjior n1CoJeC 1 contan a buffer ovftov% vuln*r3Mlfy wfticti allow an XttrkM to Advanced Guestbook has an SQl r)e< nor rWKjutMtwok which al 0*5 unauthomod acces*. 'jrvarrec guacfeook >oblem Aaadurfiotn thee, hit Aa!rw1 trw 00 01e 2.2 pen* following VPASP (Virtual PrograTTtirg ASP) has won v* a sp 3rwpe*n<1 cart awarih both in US anti France. is now m um
onoe
C * > 9
s: P1 g contanng lopr porta* According a. Miaosoft M 1 u o * 1ft (R) Outlook (TK) V J* t! a . res; * M *< osofr Ftrturo* Artwe Servar C Application that t>veo you prvitc access to Ttus 1 U1* login pace f<x CokJFuson .*dnrivratcn AlOteualt mn> t 1 h*M are uirurM. t C 1 s an Irdlcator of a dtfau't into laton and Th* is default login pa$c for ColdFuor1. Aimouch many ot tnese are secured, rm is an ncicatcr of a dsfault installation, and iray bo
2CO*03* XO*-
'
c t
j t
2C04 0 -; 2 2004
v 7 .7
webmn is hen acrnrn irtar'ace fee Unix Coxes it 5! run or propriataiy wob co'vor isterirg on th* C<0J t l>t of 10090. 1t> 1 4 typical login page. Itfwi lein tlr become a targa* for SQL injection Comsac's amd* at I ., (Op:/'ww>v.govcrrrrKrvsc<ur1ty.or5/art)Clca/S ns a typical login page, itfus ecentir bccotn* a j 1acr13/dnn.10or .a taro* for SQL injection. Comsoc's artid* at j NJp://wrwYr.goverrmrsecunty.rc/artjde!/S . VNC U a fenwte-corwoHed Clpp produa. ?004- VNC D ftdC r<T>*nd1no or rhe contlcuraBon. w rote u nay rot bo pr*4nted vth 3 pawod. Cvor when
(H - tart*eonn
C < C .
C H W P tltifW t. .
V te
[_
"Miuo 71k" .
I m sis the loan page for MtcrosoTs Renote Deslax? Wb Connection, which a'low! rometo usart to | connect to (and optionally corttol) aum>
' nttteftqjo
ITw m ! aie Otiw Metafieiit* login ptxt^s. AtUKhws ran iica (txxo tn prr.fl a s1*e and ran 1*e near!)re setup! of thi* application to acce* the t
<
FIGURE 2.29: Screenshots showing Advisories and Vulnerabilities & pages containing login portals
M o d u le 0 2 P a g e 1 8 4
E t h i c a l H a c k i n g a n d C o u n t e r m e a s u r e s C o p y r i g h t b y E C - C 0 l1 n C il A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d .
E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s F o o t p r in t in g a n d R e c o n n a is s a n c e
E x a m 3 1 2 - 5 0 C e r t if ie d E t h ic a l H a c k e r
C E H
Goolink Scanner
http://www.ghacks.net
SiteDigger
http://www.mcafee.com
&
SearchDiggity
http://www.stachliu. com
Google Hacks
http://code.google.com
& ?
Google HACK DB
http://www.5ecpoint.com
BiLE Suite
http://www.sensepost.com
Gooscan
http://www.darknet.org. uk
o o g l e th e
a c k i n g
T o o l s D a ta b a s e (G H D B ) to o l fe a tu re d p re v io u s ly , th e re a re
B e s id e s
G o o g le
H a c k in g
v u ln e ra b ilitie s ,
e rro r
m essage
in fo rm a tio n
reveal
s e n s itiv e
d ir e c to r ie s , lo g o n p o rta ls , e tc .
M e ta g o o fil
d o c u m e n t s ( p d f , d o c , x ls , p p t , d o c x , p p t x , x ls x ) b e l o n g i n g t o a t a r g e t c o m p a n y . M e t a g o o f i l p e r f o r m s a s e a r c h in G o o g l e t o i d e n t i f y a n d d o w n l o a d t h e d o c u m e n t s t o a lo c a l d is k a n d t h e n e x tra c ts t h e m e ta d a ta w it h d if f e r e n t lib ra rie s s u c h as H a c h o ir, P d fM in e r ? , a n d o th e r s . W ith th e re s u lts , it g e n e ra te s a re p o rt w ith u s e rn a m e s , s o ftw a re v e rs io n s , and s e rve rs or
m a c h i n e n a m e s t h a t m a y h e l p p e n e t r a t i o n t e s t e r s in t h e i n f o r m a t i o n g a t h e r i n g p h a s e .
G o o lin k
S c a n n e r
M o d u le 0 2 P a g e 1 8 5
E t h i c a l H a c k i n g a n d C o u n t e r m e a s u r e s C o p y r i g h t b y E C - C 0 U n C il A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d .
E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s F o o t p r in t in g a n d R e c o n n a is s a n c e
E x a m 3 1 2 - 5 0 C e r t if ie d E t h ic a l H a c k e r
S o u rce : h ttp ://w w w .g h a c k s .n e t The G o o lin k Scanner re m o v e s lin k s . T h u s , th e cache you fro m to your fin d s e a rc h e s , a n d c o lle c ts and to d is p la y s G o o g le o n ly and
v u ln e ra b le g o o g le b o ts .
s ite 's
it a llo w s
v u ln e ra b le
s ite s w id e
open
S ite D ig g e r
se a rch e s
G o o g le 's
cache
to
lo o k
fo r
v u ln e ra b ilitie s ,
e rro rs ,
c o n fig u ra tio n
is s u e s ,
G o o g le
H a c k s
* 4)
S o u rce : h ttp ://c o d e .g o o g le .c o m G o o g le Hacks is a c o m p ila tio n of c a re fu lly c ra fte d G o o g le se a rch e s th a t expose novel of your
G o o g le 's s e a rc h a n d
m a p s e rv ic e s . It a llo w s y o u t o
v ie w
a tim e lin e
s e a rc h re s u lts , v ie w a m a p , s e a rc h f o r m u s ic , s e a rc h f o r b o o k s , a n d p e r f o r m k in d s o f s e a rc h e s .
m a n y o t h e r s p e c ific
\ \
B iL E
S u ite
t h e t a r g e t s ite , a n d
a p p lie s a s im p le
s ta tis tic a l w e ig h in g
a lg o rith m
w h ic h w e b s it e s h a v e t h e s t r o n g e s t r e la t io n s h ip s w i t h t h e t a r g e t s ite .
G o o g le
H a c k
H o n e y p o t
a d d itio n a l s e c u rity t o y o u r w e b p re s e n c e .
G M a p C a t c h e r
&
S o u rce : h ttp ://c o d e .g o o g le .c o m is an o fflin e m aps v ie w e r. It d is p la y s m aps fro m m any p ro v id e rs such as:
G M a p C a tc h e r
M o d u le 0 2 P a g e 1 8 6
E t h i c a l H a c k i n g a n d C o u n t e r m e a s u r e s C o p y r i g h t b y E C - C 0 U n C il A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d .
E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s F o o t p r in t in g a n d R e c o n n a is s a n c e
E x a m 3 1 2 - 5 0 C e r t if ie d E t h ic a l H a c k e r
S e a r c h D i g g i t y is t h e p r i m a r y a t t a c k t o o l o f t h e G o o g l e H a c k i n g D i g g i t y P r o j e c t . I t is S t a c h & L i u ' s M S W in d o w s G U I a p p lic a tio n t h a t s e rv e s as a fr o n t - e n d t o th e to o ls such as G o o g le D ig g ity , B in g D ig g ity , B in g m o s t r e c e n t v e rs io n s o f D ig g ity C o d e S e a rc h D ig g ity , and
L in k F ro m D o m a in D ig g ity ,
D L P D ig g ity ,
M a lw a re D ig g ity ,
P o rtS c a n D ig g ity ,
S H O D A N D ig g ity ,
B in g B in a ry M a lw a re S e a rc h ,
N o tln M y B a c k Y a r d D ig g ity .
G o o g le PHP
H A C K
D B
M o d u le 0 2 P a g e 1 8 7
E t h i c a l H a c k i n g a n d C o u n t e r m e a s u r e s C o p y r i g h t b y E C - C 0 U n C il A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d .
E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s F o o t p r in t in g a n d R e c o n n a is s a n c e
E x a m 3 1 2 - 5 0 C e r t if ie d E t h ic a l H a c k e r
F o o t p r in t in g
M e t h o d o lo g y
C E H
WHOIS Footprinting
DNS Footprinting
Email Footprinting
Network Footprinting Footprinting through Social Engineering Footprinting through Social Networking Sites
Competitive Intelligence
n e tw o rk -re la te d im p o r ta n t
when
s y s te m .
now
d is c u s s
on
how
to
p e rfo rm
a w h o is
lo o k u p ,
a n a ly z in g
th e
w h o is
lo o k u p
re s u lts , a n d t h e to o ls t o g a th e r w h o is in f o r m a t io n .
M o d u le 0 2 P a g e 1 8 8
E t h i c a l H a c k i n g a n d C o u n t e r m e a s u r e s C o p y r i g h t b y E C - C 0 U n C il A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d .
E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s F o o t p r in t in g a n d R e c o n n a is s a n c e
E x a m 3 1 2 - 5 0 C e r t if ie d E t h ic a l H a c k e r
WHOIS Lookup
inform ation o f dom ain owners
Urtifi!
C E H
Ittiul lUckw
W HOIS databases are maintained by Regional In te rn e t Registries and contain the personal
WHOIS q u e ry re tu rn s:
e e Domain name details Contact details of domain ow ner Domain name servers 9 NetRange W hen a domain has been created e 6 Expiry records Records last updated
In fo rm a tio n o b ta in e d f r o m W H O IS d a t a b a s e a s s i s t s a n a t t a c k e r to :
Create detailed map of organizational network tt Gather personal information that assists to perform social engineering 6 Gather other internal network details, etc.
R T N
)APNIC
a
j
RIPE
H O
I S
L o o k u p
W H O I S is a q u e r y a n d r e s p o n s e p r o t o c o l u s e d f o r q u e r y i n g d a t a b a s e s t h a t s t o r e s t h e re g is te re d b lo c k , or u s e rs o r a s s ig n e e s o f a n an a u to n o m o u s c o n ta in th e s y s te m . In te rn e t re so u rce , such W H O IS d a ta b a s e s a re as a d o m a in m a in ta in e d o w n e rs . n a m e , an by IP a d d r e s s In te rn e t a re co rd
R e g io n a l m a in ta in
R e g is trie s a n d
p e rs o n a l in fo rm a tio n
o f d o m a in
They
in fo rm a tio n q u e ry to
a s s o c ia te d w it h th is s e rv e r to
and
get
p a r tic u la r n e tw o r k s , d o m a in s , a n d h o s ts . A n a tta c k e r can se n d a q u e ry to th e a p p ro p ria te W H O IS s e rv e r to o b ta in th e in fo rm a tio n a b o u t th e ta rg e t d o m a in name, c o n ta c t d e ta ils of its o w n e r, e x p iry d a te , c re a tio n d a te , e tc . T h e
e n g in e e r in g o n c e h e o r s h e g e ts c o n ta c t d e ta ils , a n d t h e n g e t in t e r n a l d e ta ils o f t h e n e t w o r k .
M o d u le 0 2 P a g e 1 8 9
E t h i c a l H a c k i n g a n d C o u n t e r m e a s u r e s C o p y r i g h t b y E C - C 0 U n C il A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d .
E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s F o o t p r in t in g a n d R e c o n n a is s a n c e
E x a m 3 1 2 - 5 0 C e r t if ie d E t h ic a l H a c k e r
Domain Dossier
0 domain whois record network whois record
Doxain JLdmr.13tratcr M icrosoft C orporation One M icrosoft Way Rsrinorei Hr. 93052
cs dom ain s@ r 1 lcroson.c1 +1.4250826060 Fex; +1.4259267229
traceroute
J U
Bonaia Kane: nicrosoft.com Ee313*rar Sane: Marl3cnicor.com R e g istra r W10L3: w tiols.narttxm lcor.con R e g istra r Kcnepage: h ttp://vw V .r13rircnL tcr.rcn & dnir.13trative Contact: Dorain Adxilnlstracor M icrosoft C orporation One M icrosoft Kay Reancna W A 9BOS2 US d0rwa1n8fimicro9Qft.com +1.42S8828080 fcax: 4L.42S9367329 TecJxicol Contact. Zone Contact: msm H09tn9t#r M icrosoft C orporation on M icrosoft way Rectaond W A 98052 US m3nnstQmittoSOfl.com *1.1258828080 rax: 11. 12S93"32S c re a te d on........................... : 1991-05-01. Expires on............................: 2021-03-02. Record l a s t upaatea o n ..: 2011-03-14. Donaia se rv e rs in l i s t e d order: ns3.1Ksrt.net
n 3 4 .a s ft .a c t A d d r e s s lo o k u p canonical name j 1 00vhny.com. aliases addresses
R e gistrar: N ETW O RK 30UJTI0W3, LLC. *h: -.1 server: vnois .Retwor*solutions. cox R etercel URL: ftttp://w *.netw rfc501ut10ns.ccr,/enJJS/ N a!a# 3*rv*r: &S19.W CRLO H TC.CO M
NAM S *rvr: M520.WCBLON1C.COM s u c u a : c iic n tir a n s r e rP r o n i& ite d O pdated D ate: 03-feb-2009 C re a tio n D ata: 16-^ul-2003 E x p ir a tio n D a te : : -
60 12 0 1 4
> l a s t update o f who la d a ta b a s e : Thu, 19 J a l 2012 0 4 9 : 3 6 : OTC 4 Q uened wt10is.netw ork50lu tions.cnm with juggyboy.com ...
M R M N K
m mm
h ttp ://w h o is .d o m a in to o ls .c o m h ttp ://c e n tralops. ne t/co Copyright by EG-G*ancil. All Rights Reserved. Reproduction is Strictly Prohibited.
W A
H O
I S
L o o k u p lo o k u p
R e s u l t be
A n a l y s i s p e rfo rm e d u s in g W h o is s e rv ic e s such as
w h o is
can
h ttp ://w h o is .d o m a in to o ls .c o m
d o m a in to o ls .c o m
s e rv ic e
p ro v id e s
in fo rm a tio n
in fo rm a tio n ,
e m a il,
a n d e x p ir y d a t e , a lis t o f d o m a i n
s e rv e rs , e tc . T h e
D o s s ie r a v a ila b le a t h t t p : / / c e n t r a l o p s . n e t / c o / g iv e s t h e a d d re s s lo o k u p , d o m a in W h o is
re c o rd , n e tw o r k w h o is re c o rd , a n d D N S re c o rd s in fo r m a tio n .
M o d u le 0 2 P a g e 1 9 0
E t h i c a l H a c k i n g a n d C o u n t e r m e a s u r e s C o p y r i g h t b y E C - C 0 U n C il A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d .
E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s F o o t p r in t in g a n d R e c o n n a is s a n c e
E x a m 3 1 2 - 5 0 C e r t if ie d E t h ic a l H a c k e r
I n v e s t i g a t e d o m a in s a n d I P a d d r e s s e s
Address lookup
canonical name juooyboy.com. aliases a d d re s s e s 6
A d s r i n i s t r a t i v e C o n ta c t : Domain A d n l n l s t r a t o r
Microsoft Corporation
One M i c r o s o f t Way Redmond W A 98052 US d ornains@ m cf soft.com + 1 .4 2 5 8 8 2 8 0 8 0 F ax : 4-1.4 2 5 9 3 6 3 2 9
D o m a in W h o is r e c o r d
Q u e rie d w h o i s .in te r n ic .n e t w ith "dom ju g g y b o y .c o m ... D cxein Name: JUGGYBOY.COM R e g i s t r a r : NETWORK SOLUTIONS, LLC.
h o i s S e r v e r : w h o is .n e t v f o r lf s o lu t i o n s .c o j n
10
T e c h n i c a l C o n ta c t , Zone C o n ta c t : MSN H o s tm a s te r M i c r o s o f t C o r p o r a ti o n One M i c r o s o f t Way Redirond KA 98052 US n snf s t@ m itro so flc o m 1*4258828080 F ax: + 1 .4 2 5 9 3 6 7 3 2 9
1 1
C re a te d o n : 1 9 9 1 -0 5 - 0 1 . E x p ire s o n 2 0 2 1 -0 5 - 0 2 . R e c o rd l a s t u p d a te d o n . . : 2 0 1 1 -0 8 - 1 4 .
R e fe r r a l URL: h ttp ://w vfw .n etw orJc3clu tion3.co1r/en US/ Vane S e rv e r: HS19.WORLDNIC.COM Nase S e r v e r : HS20.WORLDNIC.COM S ta t u s : c l i c n t T r a n s f e r F r o h i b i t e d U pdated D a te : 0 3 -fe b -2 0 0 9 C r e a tio n D a te : 1 6 - ) u l- 2 0 0 2 E x p i r a ti o n D a te : 16 - j j 1-2014 > L ast update o f w hois d a ta b a se : Thu, 19 Ju l 2012 0 7 :4 9 :3 6 UTC < Q u e ried w h o ib .n e tw o r k b o lu tio n b .c o iii w ith " ju g g y b o y x o iH ... R e g is tra n t:
h t t p ://w h o is .d o m a in to o ls .c o m
h tt p ://c e n tr a lo p s .n e t/c o
FIGURE 2 .3 0 : W h o is se rvice s s c re e n s h o ts
M o d u le 0 2 P a g e 1 9 1
E t h i c a l H a c k i n g a n d C o u n t e r m e a s u r e s C o p y r i g h t b y E C - C 0 U n C il A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d .
E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s F o o t p r in t in g a n d R e c o n n a is s a n c e
E x a m 3 1 2 - 5 0 C e r t if ie d E t h ic a l H a c k e r
2?
c r a iji
1 4
E53
tt
Free SAS i ProXad 8, rue de la ville l"Evcque 75006 Paris phone -33 1 73 50 20 00 fax * 3 3 1 73 50 25 01 hQstmastcfCPptoxad.nct (3 free SAS i ProXad rue de 14 ville l"Evec|ue 75006 Pri phone-33 173 50 20 00 fax: *33 1 73 502501 r.ojtmcitcricfo.od.nct
( | frMml-g20.frM.fi [2 1 2 .2 7 .6 0 .1 9 ]
( J ''*ns2-q2C.frM.fr [21227 60.20]
IJ
r*at*d 29/12/2006 c" Updated: u p 17/02/2004 Source: whois.nic.fr Completed at 19-07-2012 12:4*01 PM Processing me 1.6$ seconds V1 rVM>Liter
h t t p : / / w w w . t a m o s , c o m
Copyright by EG-G*ancil. All Rights Reserved. Reproduction is Strictly Prohibited.
H O
I S
L o o k u p
T o o l :
S m
a r t W
h o i s
IP a d d r e s s , h o s t n a m e , o r d o m a i n , i n c l u d i n g
c o u n try , s ta te
c ity , n a m e o f t h e n e t w o r k p r o v i d e r , a d m i n i s t r a t o r , a n d t e c h n i c a l s u p p o r t c o n t a c t i n f o r m a t i o n . It a ls o a s s is ts y o u in f i n d i n g t h e o w n e r o f t h e d o m a i n , t h e o w n e r ' s c o n t a c t i n f o r m a t i o n , t h e o w n e r o f t h e IP a d d r e s s b l o c k , r e g i s t e r e d d a t e o f t h e d o m a i n , e t c .
M o d u le 0 2 P a g e 1 9 2
E t h i c a l H a c k i n g a n d C o u n t e r m e a s u r e s C o p y r i g h t b y E C - C 0 U n C il A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d .
E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s F o o t p r in t in g a n d R e c o n n a is s a n c e
E x a m 3 1 2 - 5 0 C e r t if ie d E t h ic a l H a c k e r
IP, h o s t o r d o m a in :
m ic r o s o f t c o m
> Q u e r y
m
a t m ic r o s o ft .c o m m o n e y .d e
Q n jg jfc fr
8 8.19 0 2S 4.12
Free S A S / P r o X a d I 8, ru e d e la v ille I 'E v e q u c 75008 P a ris p h o n e : 33 1 73 50 20 00 fax: 33 1 7 3 5 0 2 5 01 h o s t m a s t e r g p fQ x id .n e t Free S A S / P r o X a d I 8. ru e d e la v ille l" F v e q u e 75008 P a ris
phene 33 173 50 20 00 fax: 33 173 5025 01 freensl-g20iree.fr (212.27.60.19] Google Page Rank: 7
M o d u le 0 2 P a g e 1 9 3
E t h i c a l H a c k i n g a n d C o u n t e r m e a s u r e s C o p y r i g h t b y E C - C 0 U n C il A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d .
E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s F o o t p r in t in g a n d R e c o n n a is s a n c e
E x a m 3 1 2 - 5 0 C e r t if ie d E t h ic a l H a c k e r
W H O IS
L o o k u p
O n lin e T o o ls
C E H
SmartWhois
http://smartwhois.com
Whois
http://tools.whois.net
1 1
Better Whois
http://www. betterwhois. com
%
m im r =
DNSstuff
http://www.dnsstuff, com
Whois Source
http://www.whois.sc
p y y
S'
Web Wiz
fc ] http://www.webwiz.co. uk/domain tools/whois-lookup.htm
WebToolHub
http://www.webtooll 1whois-lookup. aspx
Network-Tools.com
http://network-tools.com
Ultra Tools
https://www.ultratools.com/whois/home
H O
I S
L o o k u p
T o o l s a re n u m e r o u s to o ls a v a ila b le in t h e m a rk e t to r e trie v e
S im ila r t o
S m a rtW h o is , th e r e
p p
C o u n t r y W
h o is
f r a u d , o r in a n y o t h e r i n s t a n c e w h e r e y o u n e e d t o q u i c k l y a n d a c c u r a t e l y d e t e r m i n e t h e c o u n t r y o f o r i g i n b y IP a d d r e s s .
L a n W
h o is
S o u rce : h ttp ://la n tric k s .c o m L a n W h o ls h e lp s you p ro v id e s in fo rm a tio n who, a b o u t d o m a in s and when and th e a d d re s s e s o n or s ite th e you I n t e r n e t . T h is a re p ro g ra m in was
d e te rm in e
w h e re ,
d o m a in
in te re s te d
re g is te re d , a n d th e
in fo rm a tio n
a b o u t t h o s e w h o s u p p o r t it n o w . T h is t o o l a llo w s y o u t o s a v e it la te r. Y o u c a n p r in t a n d s a v e t h e s e a rc h
y o u r s e a r c h r e s u l t in t h e f o r m r e s u l t in H T M L f o r m a t .
o f an a rc h iv e t o v ie w
M o d u le 0 2 P a g e 1 9 4
E t h i c a l H a c k i n g a n d C o u n t e r m e a s u r e s C o p y r i g h t b y E C - C 0 U n C il A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d .
E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s F o o t p r in t in g a n d R e c o n n a is s a n c e
E x a m 3 1 2 - 5 0 C e r t if ie d E t h ic a l H a c k e r
P j i^
t
t
B a tc h *
I P
C o n v e r t e r
C o n v e r t e r , B a tc h P in g , T r a c e r t , W h o i s , W e b s i t e S c a n n e r , a n d C o n n e c t i o n in te rfa c e as w e ll as a n I P - t o - C o u n t r y C o n v e r t e r . It a llo w s y o u to
M o n i t o r in t o a s in g le IP a d d r e s s f o r a
lo o k u p th e
s in g le o r lis t o f d o m a in n a m e s a n d v ic e v e rs a .
r 1
C a lle rIP
is b a s i c a l l y IP a n d m ade th e to
p o rt m o n ito rin g
s o ftw a re
t h a t d is p la y s t h e to fin d th e
in c o m in g
and
o u tg o in g IP as
c o n n e c tio n
y o u r c o m p u te r. m ap. The
It a ls o a llo w s y o u re p o rtin g
o rig in key
o f a ll c o n n e c t i n g in fo rm a tio n such
a d d re s se s o n
w o rld
W h o is
fe a tu re
p ro v id e s
w h o a n IP is r e g i s t e r e d t o a l o n g w i t h c o n t a c t e m a i l a d d r e s s e s a n d p h o n e n u m b e r s .
h o ls
L o o k u p
u l t i p l e
A d d r e s s e s
S o u rce : h ttp ://w w w .s o b o ls o ft.c o m T h is s o f t w a r e m ore th re e o ffe rs a s o lu tio n U se rs can fo r u se rs w h o w a n t to lo o k up o w n e rs h ip th e m fro m d e ta ils fo r one or a re
IP a d d r e s s e s .
s im p ly e n te r
IP a d d r e s s e s
o r lo a d
a file . T h e r e
o p t io n s f o r lo o k u p s ite s : w h o is . d o m a in t o o ls . c o m , w h o is - s e a r c h . c o m , a n d w h o is . a r in . n e t . b e tw e e n lo o k u p s , t o a v o id lo c k o u ts f r o m th e s e w e b s ite s . T h e
IP a d d r e s s e s a n d d e t a i l s o f e a c h . I t a l s o a l l o w s y o u t o s a v e r e s u l t s t o a
h o ls
A n a ly z e r
P r o
o f a s p e c ific d o m a in . Y o u
s im u lt a n e o u s ly . T h is t o o l g iv e s y o u t h e a b ilit y t o fo rm a t.
p rin t o r save th e
r e s u lt o f t h e q u e r y in H T M L
H o tW h o is S o u rce : h ttp ://w w w .tia ls o ft.c o m H o tW h o is c ity , is a n IP t r a c k i n g t o o l t h a t c a n phone n u m b e rs, re v e a l v a lu a b le and e m a il in fo rm a tio n , such of an IP as c o u n tr y , s ta te , The q u e ry
a d d re s s,
c o n ta c t
a d d re s se s
p ro v id e r.
m e c h a n is m
r e s o r t s t o a v a r i e t y o f R e g io n a l I n t e r n e t R e g is trie s , t o o b t a i n
IP W h o i s i n f o r m a t i o n
a b o u t IP a d d r e s s . W i t h
M o d u le 0 2 P a g e 1 9 5
E t h i c a l H a c k i n g a n d C o u n t e r m e a s u r e s C o p y r i g h t b y E C - C 0 U n C il A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d .
E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s F o o t p r in t in g a n d R e c o n n a is s a n c e
E x a m 3 1 2 - 5 0 C e r t if ie d E t h ic a l H a c k e r
h o is
2 0 1 0
P r o
in f o r m a t io n a b o u t a d o m a in n a m e , in c lu d in g c o u n tr y , s ta te o r p r o v in c e , c ity , a d m in is t r a t o r , a n d te c h n ic a l s u p p o r t c o n ta c t in fo rm a tio n .
(W )
A c t i v e W h o i s is a n e t w o r k t o o l t o f i n d i n f o r m a t i o n a b o u t t h e o w n e r s o f IP a d d r e s s e s o r I n t e r n e t d o m a in s . Y o u ca n d e te r m in e th e c o u n tr y , p e rs o n a l a n d p o s ta l a d d re s s e s o f th e o w n e r, a n d /o r u s e r s o f IP a d d r e s s e s a n d d o m a i n s .
h o is T h is D o m a in
S o u rce : h ttp ://w w w .n ir s o ft.n e t W h o is T h is D o m a in a b o u t a re g is te re d is a d o m a i n r e g is tra tio n lo o k u p u tility th a t a llo w s you to get in fo rm a tio n re trie v e s
d o m a i n . It a u t o m a t i c a l l y c o n n e c t s t o t h e
rig h t W H O IS s e rv e r a n d
t h e W H O I S r e c o r d o f t h e d o m a i n . It s u p p o r t s b o t h g e n e r ic d o m a i n s a n d c o u n t r y c o d e d o m a in s .
M o d u le 0 2 P a g e 1 9 6
E t h i c a l H a c k i n g a n d C o u n t e r m e a s u r e s C o p y r i g h t b y E C - C 0 U n C il A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d .
E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s F o o t p r in t in g a n d R e c o n n a is s a n c e
E x a m 3 1 2 - 5 0 C e r t if ie d E t h ic a l H a c k e r
W H O IS
L o o k u p
O n lin e T o o ls
C E H
SmartWhois
http://smartwhois.com
Whois
http://tools.whois.net
1 1
Better Whois
http://www. betterwhois. com
%
m im r =
DNSstuff
http://www.dnsstuff, com
Whois Source
http://www.whois.se
p y y
S'
Web Wiz
fc ] http://www.webwiz.co. uk/domain tools/whois-lookup.htm
WebToolHub
http://www.webtooll 1whois-lookup. aspx
Network-Tools.com
http://network-tools.com
Ultra Tools
https://www.ultratools.com/whois/home
H O
I S
L o o k u p
n l i n e
T o o ls o n lin e W h o is lo o k u p to o ls
W e b W iz a v a ila b le a t h t t p : / / w w w . w e b w iz . c o . u k / d o m a in - t o o ls / w h o is - lo o k u p . h t m N e tw o rk -T o o ls .c o m a v a ila b le a t h t t p : / / n e t w o r k - t o o ls . c o m
W h o is a v a ila b le a t h t t p : / / t o o ls . w h o is . n e t D N S s tu ff a v a ila b le a t h ttp ://w w w .d n s s tu ff.c o m N e t w o r k S o lu tio n s W h o is a v a ila b le a t h t t p : / / w w w . n e t w o r k s o l u t io n s . c o m W e b T o o lH u b a v a ila b le a t h t t p :/ / w w w . w e b t o o lh u b . c o m / t n 5 6 1 3 8 1 - w h o is - lo o k u p . a s p x U ltra T o o ls a v a ila b le a t h t t p s : / / w w w . u lt r a t o o ls . c o m / w h o is / h o m e
M o d u le 0 2 P a g e 1 9 7
E t h i c a l H a c k i n g a n d C o u n t e r m e a s u r e s C o p y r i g h t b y E C - C 0 U n C il A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d .
E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s F o o t p r in t in g a n d R e c o n n a is s a n c e
E x a m 3 1 2 - 5 0 C e r t if ie d E t h ic a l H a c k e r
Footprinting Methodology
Footprinting through Search Engines Website Footprinting
C E H
WHOIS Footprinting
DNS Footprinting
Email Footprinting
Network Footprinting Footprinting through Social Engineering Footprinting through Social Networking Sites
Competitive Intelligence
F o o t p r i n t i n g -------
e t h o d o l o g y
T h e n e x t p h a s e i n f o o t p r i n t i n g m e t h o d o l o g y is D N S f o o t p r i n t i n g .
T h is s e c tio n d e s c rib e s h o w t o e x t r a c t D N S in f o r m a t io n a n d t h e D N S in t e r r o g a t i o n to o ls .
M o d u le 0 2 P a g e 1 9 8
E t h i c a l H a c k i n g a n d C o u n t e r m e a s u r e s C o p y r i g h t b y E C - C 0 U n C il A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d .
E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s F o o t p r in t in g a n d R e c o n n a is s a n c e
E x a m 3 1 2 - 5 0 C e r t if ie d E t h ic a l H a c k e r
E x t r a c t in g
0
D N S I n f o r m a t io n
(rtifwd
C E H
ilk. (41 UthM
0 A ttacker can gather DNS inform ation to determ ine key hosts in the netw o rk and can perform social engineering attacks
DNS records provide important information about location and type of servers
R e co rd T yp e A MX NS CNAM E SOA SRV PTR RP H IN FO T XT D e s c r ip t io n
D N S I n te r r o g a tio n T o o ls
P o in ts t o a h o s t's IP ad d re s s P o in ts t o d o m a in 's m a il se rv e r P o in ts t o h o s t's n a m e se rv e r C a n o n ic a l n a m in g a llo w s a lia se s to a h ost In d ic a te a u th o r ity fo r d o m a in S e rv ic e re c o rd s M a p s IP a d d re s s t o a h o s tn a m e R e sp o n sib le p e rso n H o s t in fo r m a t io n re c o r d in c lu d e s C P U t y p e an d O S U n s tru c tu r e d te x t re c o rd s
http://www.dnsstuff.com http://network-tools.com
D N S
I n f o r m to
a llo w s y o u
o b ta in
z o n e d a t a i n c l u d e s D N S d o m a i n n a m e s , c o m p u t e r n a m e s , IP a d d r e s s e s , a n d m u c h m o r e a b o u t a p a rtic u la r n e tw o rk . T h e a tta c k e r p e rfo r m s D N S fo o t p r in t in g o b ta in th e in fo rm a tio n key h o s ts about DNS. He and or she th e n uses o n t h e t a r g e t n e t w o r k in o r d e r t o th e g a th e re d DNS in fo rm a tio n to
d e te rm in e
in t h e
n e tw o rk
th e n
p e rfo rm s
s o c ia l e n g in e e r in g
a tta c k s to
g a th e r
B y u s i n g w w w . D N S s t u f f . c o m , i t is p o s s i b l e t o e x t r a c t D N S i n f o r m a t i o n s e rv e r e x te n s io n s , DNS lo o k u p s , W h o is lo o k u p s , e tc . If y o u w ant
in fo rm a tio n
c o m p a n y , i t is p o s s i b l e t o e x t r a c t i t s r a n g e o f IP a d d r e s s e s u t i l i z i n g t h e I P r o u t i n g l o o k u p o f D N S s tu ff. If t h e t a r g e t n e t w o r k a llo w s u n k n o w n , u n a u t h o r iz e d u s e rs t o t r a n s f e r D N S z o n e d a ta , t h e n i t is e a s y f o r y o u t o to o l. O nce you re sp o n d to send th e you w ith q u e r y u s in g t h e a re co rd DNS in te rro g a tio n to o l to th e DN S se rv e r, th e a b o u t th e s e rv e r w ill o b ta in th e in fo rm a tio n a b o u t DNS w ith th e h e lp o f th e DNS in te rro g a tio n
s tru c tu re th a t c o n ta in s
in fo rm a tio n
ta rg e t DNS. DNS
M o d u le 0 2 P a g e 1 9 9
E t h i c a l H a c k i n g a n d C o u n t e r m e a s u r e s C o p y r i g h t b y E C - C 0 U n C il A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d .
E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s F o o t p r in t in g a n d R e c o n n a is s a n c e
E x a m 3 1 2 - 5 0 C e r t if ie d E t h ic a l H a c k e r
Q Q Q Q Q Q 6
M o d u le 0 2 P a g e 2 0 0
E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s C o p y r ig h t b y
E C -C 0 l1 n cil
A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d .
E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s F o o t p r in t in g a n d R e c o n n a is s a n c e
E x a m 3 1 2 - 5 0 C e r t if ie d E t h ic a l H a c k e r
E x t r a c t in g
D N S I n f o r m a t io n
( C o n t d )
C E H
(rtifw tf | EthKJi U ck M
T h is t o o l i s v e r y u s e f u l t o p e r f o r m a D N S q u e r y o n a n y h o s t . E a c h d o m a in n a m e (Ex a m p le : d n s q u e r ie s . c o m ) i s s t r u c t u r e d in h o s t s (e x :
Q 10
u e r ie s , c o m ) a n d t h e D N S ( D o m a in N a m e S y s t e m ) a llo w t o t r a n s la t e t h e d o m a in n a m e o r t h e h o s t n a m e in an IP A d d r e s s c o n t a c t v ia t h e T C P / I P p r o t o c o l. T h e r e a r e s e r v e r a l t y p e s o f q u e r ie microsoft.com s,
c o r r e s p o n d in g t o a ll t h e I m p le m e n t a b le t y p e s o f D N S r e c o r d s s u c h a s A re c o rd , M X . A A A A , C N A M E an d SOA.
00 0
'J
h ttp ://w w w .d n s q u e r ie s .c o m
E x t r a c t i n g
D N S
I n f o r m
a t i o n
( C
o n t d )
S o u rce : h ttp ://w w w .d n s q u e rie s .c o m P e rfo rm p e rfo rm in h o s ts DNS q u e ry a v a ila b le at h ttp ://w w w .d n s q u e rie s .c o m is a to o l th a t a llo w s you to
t r a n s l a t e t h e d o m a i n n a m e o r t h e h o s t n a m e i n a n IP a d d r e s s t o c o n t a c t v i a t h e T he re a re se ve ra l ty p e s of q u e rie s , c o rre s p o n d in g to a ll th e
TCP/IP
p ro to c o l. of DNS
im p le m e n ta b le
ty p e s
P e rfo rm Run
to o l
M i c r o s o f t . c o m w i l l b e d i s p l a y e d as s h o w n in t h e f o l l o w i n g f i g u r e .
M o d u le 0 2 P a g e 2 0 1
E t h i c a l H a c k i n g a n d C o u n t e r m e a s u r e s C o p y r i g h t b y E C - C 0 U n C il A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d .
E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s F o o t p r in t in g a n d R e c o n n a is s a n c e
E x a m 3 1 2 - 5 0 C e r t if ie d E t h ic a l H a c k e r
[mcrosoftcom Type:
ANY 0 | R un to o h T
micr030ft.c0m
m ic r o s o ft .c o m m ic r o s o t t. c o m ^ m ic r o s o ft .c o m m ic r o s o ft .c o m
c . m lc r o s o ft.c o m 1 n d u d e :_ s p f-s sg
10 mail.mes5aging.micro50ft.c0m
n s l.m s ft .n e t m s n h s t .m ic r o s o f t . c o m 2 01 2 0 7 1 6 0 2 300 6 0 0 2 4 1 9 20 0 3 600
64.4.11.37 sJ
6 5 55.58.201 n s 5 .m s f t.n e t {gj n s 2 .m s lt .n e t $ n s 1 .m s ft.n e t !} n s 3 .m s ft.n e t rr54.t1tsft.net ' j
microsoh.com ^
m ic r o s o t t. c o m ^ m ic r o s o ft .c o m C J m ic r o s o ft .c o m Q
n1icr050ft.c0m ^
M o d u le 0 2 P a g e 2 0 2
E t h i c a l H a c k i n g a n d C o u n t e r m e a s u r e s C o p y r i g h t b y E C - C 0 U n C il A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d .
E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s F o o t p r in t in g a n d R e c o n n a is s a n c e
E x a m 3 1 2 - 5 0 C e r t if ie d E t h ic a l H a c k e r
C E H
DNSWatch
http://www.dns watch, info
myDNSTools
http://www.mydnstools.info
DomainTools
http://www.domaintools.com
ffjp slli
D N S
Professional Toolset
http://www.dnsstuff. com
(0 m
1 rv ' - ,
DNS
http://e-dns.org
DNS Records
http://net work-tools.com
DNSData View
http://www.nirsoft.net
I n t e r r o g a t i o n
T o o l s
A f e w m o r e w e ll- k n o w n D N S in t e r r o g a t i o n t o o ls a re lis te d as fo llo w s : D IG a v a ila b le a t h t t p : / / w w w . k l o t h . n e t m y D N S T o o ls a v a ila b le a t h ttp ://w w w .m y d n s to o ls .in fo P ro fe s s io n a l T o o ls e t a v a ila b le a t h t t p : / / w w w . d n s s t u f f . c o m D N S R e c o rd s a v a ila b le a t h t t p : / / n e t w o r k - t o o ls . c o m D N S D a ta V ie w a v a ila b le a t h t t p : / / w w w . n i r s o f t . n e t D N S W a tc h a v a ila b le a t h ttp ://w w w .d n s w a tc h .in fo D o m a in T o o ls P ro a v a ila b le a t h ttp ://w w w .d o m a in to o ls .c o m D N S a v a ila b le a t h t t p :/ / e - d n s . o r g D N S L o o k u p T o o l a v a ila b le a t h t t p : / / w w w . w e b w iz . c o . u k D N S Q u e ry U tility a v a ila b le a t h t t p : / / w w w . w e b m a s t e r - t o o lk i t . c o m
M o d u le 0 2 P a g e 2 0 3
E t h i c a l H a c k i n g a n d C o u n t e r m e a s u r e s C o p y r i g h t b y E C - C 0 U n C il A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d .
E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s F o o t p r in t in g a n d R e c o n n a is s a n c e
E x a m 3 1 2 - 5 0 C e r t if ie d E t h ic a l H a c k e r
Footprinting Methodology
Footprinting through Search Engines Website Footprinting
C E H
WHOIS Footprinting
DNS Footprinting
Email Footprinting
Network Footprinting Footprinting through Social Engineering Footprinting through Social Networking Sites
Competitive Intelligence
re trie v in g d is c u s s
now
n e tw o rk
fo o tp rin tin g ,
a m e th o d
o f g a th e rin g
T ra c e ro u te , a n d th e T ra c e ro u te to o ls .
M o d u le 0 2 P a g e 2 0 4
E t h i c a l H a c k i n g a n d C o u n t e r m e a s u r e s C o p y r i g h t b y E C - C 0 U n C il A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d .
E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s F o o t p r in t in g a n d R e c o n n a is s a n c e
E x a m 3 1 2 - 5 0 C e r t if ie d E t h ic a l H a c k e r
(citifwd
CE H
IthKJI lUckM . " . . .
N e tw o r k W h o is R e c o rd
J J
D ir e c t N S N S N S N S
2 4 1 5 3 1 9 9 70 3 -3 1 2 0 0 41 2 -0 9
ic ro s o ft M
A s s ig n m e n t
.M S F T .N E T .M S F T .N E T .M S F T .N E T .M S F T .N E T .M S F T .N E T
2 0 74 600 -1
-
h t tp : / /w M
O rg N a m e :
Orgld:
A d d re s s : C ity : S ta te P r o v :
PostalCode:
C o u n try : R e g D a te : U p d a te d : R e f: O r g A b u s e H a n d le O rg A k u se N a m e : O rg A b u se P h o n e : O rg A b u s e E m a il: O rg A b u se R e f:
Atta cker
9 8 0 5 2 1 9 9 80 7 -1 0 2 0 0 91 1 -1 0 2 3 1 14 2 58 8 2 -8 0 8 0
-
N e tw o rk
a b u s e @ h o tm a il. com
h t t p : / /w h o is . a r i n .n e t/re s t/p o c /A B U S E
2 3 1
-A R IN
-
fo r, an d
L o c a t e To
t h e
e t w
o r k
p e rfo rm
n e tw o rk
fo o tp rin tin g ,
in fo rm a tio n
w h a t ty p e
a b o u t th e in te rn a l s tr u c tu r e o f th e ta r g e t n e tw o rk . A fte r g a th e rin g th e ran g e a fo re m e n tio n e d in fo rm a tio n , an a tta c k e r can p ro c e e d to fin d th e d e ta ile d in fo rm a tio n fro m th e n e tw o rk
o f a ta rg e t s y s te m .
He o r she can g e t m o re
a p p ro p ria te
r e g i o n a l r e g i s t r y d a t a b a s e r e g a r d i n g IP a l l o c a t i o n a n d t h e
IP a d d r e s s s p a c e f o r p r i v a t e (1 7 2 .1 6 /1 2
1 0 .0 .0 .0 -1 0 .2 5 5 .2 5 5 .2 5 5
p re fix ),
1 7 2 .1 6 .0 .0 -1 7 2 .3 1 .2 5 5 .2 5 5
n e t w o r k s a re a liv e , a n d it h e lp s t o id e n t i f y t h e n e t w o r k t o p o lo g y , a c c e s s c o n t r o l d e v ic e , a n d OS
M o d u le 0 2 P a g e 2 0 5
E t h i c a l H a c k i n g a n d C o u n t e r m e a s u r e s C o p y r i g h t b y E C - C 0 U n C il A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d .
E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s F o o t p r in t in g a n d R e c o n n a is s a n c e
E x a m 3 1 2 - 5 0 C e r t if ie d E t h ic a l H a c k e r
u s e d in t h e t a r g e t n e t w o r k . T o f i n d t h e
n e tw o rk ra n g e o f th e ta rg e t n e tw o rk , e n te r th e s e rve r
s e r v e r IP i n t h e S E A R C H W h o i s t e x t b o x . Y o u w i l l g e t t h e n e t w o r k r a n g e o f t h e t a r g e t n e t w o r k . I f th e D N S s e rv e r s a re n o t s e t u p c o r r e c t ly , t h e a t t a c k e r h a s a g o o d c h a n c e o f o b t a i n i n g a lis t o f
in te r n a l m a c h in e s o n t h e s e rv e r . A ls o , s o m e t im e s if a n a t t a c k e r tr a c e s a r o u t e t o a m a c h in e , h e o r s h e c a n g e t t h e i n t e r n a l IP a d d r e s s o f t h e g a t e w a y , w h i c h m i g h t b e u s e f u l . N e tw o rk W h o is R e c o rd
Q u e rie d w h o is . a r i n . n e t w it h
"n 2 0 7 .4 6 .2 3 2 .1 8 2 ",
2 0 7 .4 6 .0 .0 - 2 0 7 .4 6 .2 5 5 .2 5 5 N e tR a n g e : 2 0 7 .4 6 .0 .0 /1 6 C ID R : O rig in A S : MICROSOFT-GLOBAL-NET NetN am e: N E T -207 -46-0 -0-1 N e tH a n d le : N E T -20 7 -0 -0 -0 -0 P a re n t: D i r e c t A s s ig n m e n t N e tT yp e : N S 2 .MSFT.NET N am eS e rve r: N S 4 .MSFT.NET N am eS e rve r: NS1.MSFT.NET N am eS e rve r: NS5.MSFT.NET N am eS e rve r: NS3.MSFT.NET N am eS erver: 1997-03-31 R eg D a te : 2 0 04-12-09 U p d a ted : h ttp ://w h o is .a r i n .n e t/re s t/n e t/N E T R e f: 2 0 7 -4 6 -0 -0 -1 M i c r o s o f t Corp O rgN a m e : MS FT O rg ld : One M i c r o s o f t Way A ddress: Redmond C ity : WA S ta te P ro v : 98052 P o s ta lC o d e : US C o u n try : 1998-0 7 -1 0 R eg D a te : 2 0 0 9-1 1 -1 0 U p d a ted : h t t p : / /w h o is .a r i n . n e t/re s t/o rg /M S F T R e f: O r g A b u s e H a n d l e : ABUSE23 1 - A R I N OrgAbuseName: Abuse O rgA buseP hone: + 1 -4 25-882-8080 O rg A b u s e E m a il: e k b u s e @ h o tm a il.c o m O rgA b use R e f: h t t p : / / w h o i s . a r i n . n e t/re s t/p o c /A B U S E 2 3 1 -A R IN
Y o u n e e d t o u s e m o r e t h a n o n e t o o l t o o b t a in n e t w o r k in f o r m a t i o n as s o m e t im e s a s in g le t o o l is n o t c a p a b l e o f d e l i v e r i n g t h e i n f o r m a t i o n y o u w a n t .
M o d u le 0 2 P a g e 2 0 6
E t h i c a l H a c k i n g a n d C o u n t e r m e a s u r e s C o p y r i g h t b y E C - C 0 U n C il A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d .
E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s F o o t p r in t in g a n d R e c o n n a is s a n c e
E x a m 3 1 2 - 5 0 C e r t if ie d E t h ic a l H a c k e r
Use the Netcraft tool to determine the OSes in use by the target organization
\ D e t e r m i n e t h e O p e r a t i n g S y s t e m
S o u rce : h ttp ://n e w s .n e tc ra ft.c o m S o f a r w e h a v e c o l l e c t e d i n f o r m a t i o n a b o u t IP a d d r e s s e s , n e t w o r k r a n g e s , s e r v e r n a m e s , e t c . o f th e ta rg e t n e tw o rk . Now it's tim e to fin d out th e OS r u n n in g on th e ta rg e t n e tw o rk . The
t e c h n i q u e o f o b t a i n i n g i n f o r m a t i o n a b o u t t h e t a r g e t n e t w o r k O S is c a l l e d O S f i n g e r p r i n t i n g . T h e N e tc r a ft to o l w ill h e lp y o u t o fin d o u t th e OS r u n n in g o n th e ta r g e t n e tw o r k . L e t's s e e h o w N e t c r a f t h e lp s y o u d e t e r , o m e t h e O S o f t h e t a r g e t n e t w o r k . Open th e h ttp ://n e w s .n e tc ra ft.c o m s ite in y o u r b ro w se r and ty p e th e d o m a in nam e of your
M o d u le 0 2 P a g e 2 0 7
E t h i c a l H a c k i n g a n d C o u n t e r m e a s u r e s C o p y r i g h t b y E C - C 0 U n C il A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d .
E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s F o o t p r in t in g a n d R e c o n n a is s a n c e
E x a m 3 1 2 - 5 0 C e r t if ie d E t h ic a l H a c k e r
riE T C R ^ F T
* kBtxkOwiMi
raeo-^
r* fk;-p
3 rdA u g u st 2 0 1 2
lookup!
M 1UOS08-88/7.5 Mier6<w8-8S/7 5 Micre&Jt IIS/7 ( Miaoso8-83/7 5 Miacsat-iis5 / Micrcs:>MS/7 6 M ierc sot HC/7 6 Miacso-S/7 5 Mieroso8-flS/7 5 Uiaeco IS/75
lft-JUl-2012 14Jul-901? 8 Jun 2012 14-Ju1-2012 18-M ay-2012 14-May-2012 10Apr-2012 12-Apr-2012 18-Uar-?01? 11 Mar-2012
6 (( 8 1 3 3
55 55 175183 5555.176183 85 56 175183 56 52103 234 55 52 103234 55 52 103 ?34 65 5 175 183
s* contains
ft
Ucreot Cat
Were5 Cap M a cs* Cap U a c s * Cap lAacsot Cap
Netblock
microsoft corp microsoft corp mieroaoft torp microsoft corp
O S
otrix netscaler unicnown otrix n atari to* w rio o a * * 2 0 0 8 % otrix netsealor unoow n citnx notscalor window ! e 2008 *r f i w . >0 2 otrix notacotor ctrix n t ttta l - rS o * Mac: UpOTie - the Dm* since last reboot >3explained la the fAO Sle >wvwpassport con www encarta.com asioue com MM MrcarpeiAteem mada com rriacsotcomt* mtreso* iu mjrat hcrro microcoHcom c9lm acso 8.com * mw 12:2:1 r*1 nKrc08c0m wwwmancanvlw caficcant wwwoficccom 08k nMcmalt cent Mogs tacftnatcam wwwrnuesot.con1 lemincom men ca p IA/EC0U msnccra Avtraoe 60 52 48 46 41 39 38 38 3 33 32 20 20 20 35 36 24 92 32 20 !8 Uax 129 56 91 81 6 39 50 84 66 77 *6 2 0 185 110 20 45 ?4 36 51 79 ! CiMi nCral*r F5BC P > J ? ! ! < OS v/11o*3 Sr. a 2CC8 reoG-p wnflows S f r . t r2i<X inertx (1M1) 2*120*24:13 Server U1ac308-1S/7 5
1
1
1
a e
a a a 1 a a 1 (U a a a a a a a a
& $ F
saptennbor 1998 microsoft coro novombor 1998 microsoft corp august 2008 august 2009 microsoft coro microsoft imttod
1 1
m a y2007
august 2008 novombor 2001 ms hotm! fabwary 1999 faboary 3003 microsoft corp microsoft corp
FSBCP
wnoows s*rr* 2W8 intro** Pf&C-P rsoG -r F6BG-P w ! Sana 2CC3
ao-v2308
K.aco S/7 5 WlCTCSOf-MIP*/ l2 0 IMac40MS/7 4 ItK T C M U t^f u.acsol-lC/7 5 IWa$0MV/5 U1ac 08-iS/7 5 Iitacc08 li/7 8 U atM H V T S
14. 1.mr91alWff>alatftr,nyr IS. search.mKroicft.ccm 16. ***(.m icroioftator com 17. :o ^ r .mtcrotoHorV11to.com IB. M0r.1nKr0B0H.c0m
novombor 2008 d ltal rlvor iroiand ltd. docombor 2010 microsoft corp october 00 microsoft corp
bio-c
I M O C K O M S M 0
U>ae sol 1V7 8 U tacso18/7 0 IAOCSOt-13/7 3
M o d u le 0 2 P a g e 2 0 8
E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s C o p y r ig h t b y E C - C 0 lin C il A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d .
E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s F o o t p r in t in g a n d R e c o n n a is s a n c e
E x a m 3 1 2 - 5 0 C e r t if ie d E t h ic a l H a c k e r
e t e r m
i n e
t h e
p e r a t i n g
S y s t e m
( C
o n t d )
((IL *
' * '
S H O D A N
S e a r c h
E n g in e
U s e S H O D A N s e a rc h e n g in e t h a t le ts y o u f in d s p e c ific c o m p u t e r s ( r o u t e r s , s e rv e r s , e tc .) u s in g a v a r ie ty o f filte rs .
Ex
p o s e
n l in e
e v ic e s
. ,vA >j
W ebcam s. Ro uters. P O W E R P L A N T S . IP H O N E S . W I N D T U R B IN E S . R E FR IG E R A T O R S . V O IP P H O N E S .
* *
Take a Tour
Free Sion Up
Papular Search Querios: RuggotiConi oyposod via loln ot Wired: hT1f /w w w .w 1ro<].car11f]rGaCeveV2012/0'Un 1ggQdco1n-iH C M ooti (-ull O iscloctrc: http:/'soc...
U2
D e v e lo p e r API
Ond out how 1 0 accc33 the Qhodan ilHtalMSH with P/lhon. Pw1 ot Ruby
Le a r n M o r e
Gel rnorc oat c f ycur 5 c jcfc3 and find * mfnmaton rwwl
Fo l l o w M e
> * * 1
M o d u le 0 2 P a g e 2 0 9
E t h i c a l H a c k i n g a n d C o u n t e r m e a s u r e s C o p y r i g h t b y E C - C 0 U n C il A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d .
E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s F o o t p r in t in g a n d R e c o n n a is s a n c e
E x a m 3 1 2 - 5 0 C e r t if ie d E t h ic a l H a c k e r
* SHODAN
Search
Services HTTP HTTP Alternate FTP SNMP UPnP 6,692.080 164,711 13.543 9,022 6.392
Error
66.77.20.147 W indow s XP B1znews24.com A d d e d on 25 09 2012 S Arin gton H T T P 1.0 4 0 3 F o rb id d e n C o n te n t-L e n g th 218 C o n te n t T y p e : te x th tm l S e r v e r M ic r o s o ft-I IS 6 .0 IIS E x p o rt: T h is w e b site w a s e x p o rte d u sm g U S E x p o rt v 4 J c lie n t s 2 .b n 2 4 .c o m X -P o w e re d -B y : A S P .N E T D a te : T u e ? 25 S e p 2 0 1 2 0 1 :5 3 :0 0 G M T
Top Countries United States China United Kingdom Germany Canada 3,352,389 506,298 362,793 247,985 246,968 www.net.cn)
112.127.180.133 HiChina W eb Solutions (Bering) Lim ited A d d e d on 25 0 9 2 0 1 2 H Chaoyang H T T P 1.0 2 0 0 O K C o n te n t- T y p e : te x th tm l L a s t-M o d ifie d W ed. 2 2 J u n 2011 1 0 :28:46 G M T A cc ep t-R an g e s: b y te s E T ag: " 0 8 3 b 4 2 sc 7 3 0 c c l:0 "
Top Cities Englewood Beijing Columbus Dallas Seoul 170,677 111,663 107,163 90.899 86,213
Top Organizations Verio W eb Hosting 97,784 HiChina W eb Solutions ... 52,629 Ecommerce Corporation 43,967 GoDaddy.com, LLC 33,234 Comcast Business Commu... 32,203
II
IIS7
110.142.89.161 T elstra Internet A d d e d on 25 09 2012 e f l W entw orth F a ls H T T P 1.0 2 0 0 O K C o n te n t- T y p e : te x th tm l L a s t-M o d ifie d : S a t, 2 0 N o v 2 0 1 0 0 3 :13:31 G M T A c c ep t-R an g e s: b y te s E T ag: 3 a 2 4 cb e 8 6 0 S 8 c b l :0" S e r v e r M ic r o s o ft-I IS 7.5 X -P o w e re d -B y : A S P N E T D a te : T u e , 25 S e p 2 0 1 2 0 1 :5 2 :5 0 G M T
FIGURE 2 .3 5 : SH O D AN s c re e n s h o t
M o d u le 0 2 P a g e 2 1 0
E t h i c a l H a c k i n g a n d C o u n t e r m e a s u r e s C o p y r i g h t b y E C - C 0 U n C il A l l R ig h t s R e s e r v e d , R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d .
E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s F o o t p r in t in g a n d R e c o n n a is s a n c e
E x a m 3 1 2 - 5 0 C e r t if ie d E t h ic a l H a c k e r
Traceroute
Traceroute programs work on the concept of ICMP protocol and use the TTL field in the header of ICMP packets to discover the routers on the path to a target host
IP Source
IC M P E cho re q u e s t
C E H
Router Hop Router Hop Destination Host
Router Hop
TTL = 1
T r a c e r o u t e F in d in g t h e ro u te o f th e t a r g e t h o s t is n e c e s s a r y t o t e s t a g a i n s t m a n - i n t h e m i d d l e ro u te o f t h e t a r g e t h o s t in u tility p ro v id e d w ith
n e e d to fin d th e h e lp o f th e
T ra c e ro u te
n u m b e r o f ro u te rs th e
p a c k e ts tra v e l th r o u g h , th e
tim e
b e tw e e n tw o
r o u te r s , a n d , if t h e
n a m e s o f th e
ro u te rs a n d th e ir o f th e th e w ill
b y e x p lo itin g a fe a tu r e is in te rp re te d th a t th e to a
TTL
in d ic a te packet
ro u te rs
packet
tra n s it.
Each
ro u te r
h a n d le s
in t h e an
IC M P h e a d e r b y o n e . W h e n m essage w ill be
c o u n t re a c h e s z e ro , th e to th e o rig in a to r o f th e
e rro r
tra n s m itte d
M o d u le 0 2 P a g e 2 1 1
E t h i c a l H a c k i n g a n d C o u n t e r m e a s u r e s C o p y r i g h t b y E C - C 0 U n C il A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d .
E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s F o o t p r in t in g a n d R e c o n n a is s a n c e
E x a m 3 1 2 - 5 0 C e r t if ie d E t h ic a l H a c k e r
It s e n d s o u t a p a c k e t d e s t i n e d f o r t h e d e s t i n a t i o n s p e c i f i e d . It s e t s t h e T T L f i e l d in t h e p a c k e t t o o n e . T h e f i r s t r o u t e r in t h e p a th re c e iv e s t h e p a c k e t, d e c r e m e n ts th e TTL v a lu e b y o n e , a n d if
t h e r e s u l t i n g T T L v a l u e is 0 , i t d i s c a r d s t h e p a c k e t a n d s e n d s a m e s s a g e b a c k t o t h e o r i g i n a t i n g h o s t to in fo rm i t t h a t t h e p a c k e t h a s b e e n d i s c a r d e d . It r e c o r d s t h e IP a d d r e s s a n d D N S n a m e o f
t h a t r o u t e r , a n d s e n d s o u t a n o t h e r p a c k e t w i t h a T T L v a lu e o f t w o . T h is p a c k e t m a k e s it t h r o u g h t h e f i r s t r o u t e r , t h e n t i m e s - o u t a t t h e n e x t r o u t e r in t h e p a t h . T h i s s e c o n d r o u t e r a ls o s e n d s a n e r r o r m e s s a g e b a c k t o t h e o r i g i n a t i n g h o s t . T r a c e r o u t e c o n t i n u e s t o d o t h i s , a n d r e c o r d s t h e IP a d d re s s a n d n a m e o f e a c h r o u t e r u n til a p a c k e t fin a lly re a c h e s t h e t a r g e t h o s t o r u n til it d e c id e s t h a t t h e h o s t is u n r e a c h a b l e . I n t h e p r o c e s s , i t r e c o r d s t h e t i m e i t t o o k f o r e a c h p a c k e t t o t r a v e l ro u n d trip to each ro u te r. th e F in a lly , when it re a ch e s u tility th e d e s tin a tio n , th e n o rm a l IC M P p in g
re s p o n s e w ill b e se n d to
s e n d e r. T h u s, th is
h e lp s t o
reve a l th e
IP a d d r e s s e s o f t h e
i n t e r m e d i a t e h o p s in t h e r o u t e o f t h e t a r g e t h o s t f r o m t h e s o u r c e .
IP S ource
ICMP Echo request
R o u te r H op
TTl =1
R o u te r H op
R o u te r H op
.................................
............................................................................................................................... '
a a a a
HTSTSW S
A A A
- ...............................
ICMP error message ICMP Echo request A Mi A A A A A A " 1
H I ::::
A
ICMP Echo Reply
AA A A
FIGURE 2 .3 6 : W o rk in g o f T ra c e ro u te p ro g ra m
C :\> tra c e rt
T ra c in g r o u te t o n s 3 .g o o g le .c o m
1 2 3 4 5 6 7
1 2 6 2 ms 2 7 9 6 ms 1 5 5 ms 2171 ms
1 8 6 ms 3 0 6 1 ms 2 1 7 ms 1 4 0 5 ms 1 2 8 0 ms 5 3 0 ms 1124 ms
124
ms
3 4 3 6 ms 1 5 5 ms 1530 ms
2 6 8 5 ms 2 0 2 ms 609 ms
6 5 5 ms 9 9 9 ms 1748 ms
ia rl-s o -3 -2 -0 .T h a m e s s id e .c w .n e t
M o d u le 0 2 P a g e 2 1 2
E t h i c a l H a c k i n g a n d C o u n t e r m e a s u r e s C o p y r i g h t b y E C - C 0 U n C il A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d .
E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s F o o t p r in t in g a n d R e c o n n a is s a n c e
E x a m 3 1 2 - 5 0 C e r t if ie d E t h ic a l H a c k e r
8 1 6 2 2 ms 9 10 11 12 Trace 2 4 9 8 ms
2377
ms
2 0 6 1 ms 5 9 3 ms
e q ix v a -g o o g le -g ig e .g o o g le .c o m 2 16 .239.48.193
[206.223.115.21]
9 6 8 ms 3 6 8 6 ms 1 5 2 9 ms 1 6 8 3 ms
3 5 4 6 ms 1 8 0 6 ms 1 1 0 8 ms
3 0 3 0 ms 2 1 6 . 2 3 9 . 4 8 . 8 9 8 1 2 ms 2 1 6 . 3 3 . 9 8 . 1 5 4 2 0 6 2 ms n s 3 . g o o g l e . c o m [2 1 6.239.36.10]
co m p le te .
M o d u le 0 2 P a g e 2 1 3
E t h i c a l H a c k i n g a n d C o u n t e r m e a s u r e s C o p y r i g h t b y E C - C 0 U n C il A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d .
E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s F o o t p r in t in g a n d R e c o n n a is s a n c e
E x a m 3 1 2 - 5 0 C e r t if ie d E t h ic a l H a c k e r
Traceroute Analysis
Attackers co n d u c t tra ce ro u te to extract in fo rm a tio n a bo u t: n e tw o rk to p o lo g y , tru sted ro u te rs, and fire w a ll lo ca tio n s For exam ple: a fter running several tra c e ro u te s, an attacker m ight o bta in th e fo llo w in g in fo rm atio n: & a J traceroute 1.10.10.20, second to last hop is 1.10.10.1 traceroute 1 10.20.10, third to last hop is 1.10.10.1 traceroute 1 10.20.10, second to last hop is 1.10.10.50 traceroute 1 10.20.15, third to last hop is 1.10.10.1 traceroute 1 10.20.15, second to last hop is 1.10.10.50
n o
E D
IIIIIIIIIIIIIIIIIIII
1 .1 0 .1 0 .2 0
B a s tio n H ost
1 .1 0 .2 0 .1 0
W e b S e rv e r
H acker
1.10.20.50
1 .1 0 .2 0 .
M a il S e rv e r
F ire w a ll
T r a c e r o u t e s W e have seen
how
in te rm e d ia te
d e v ic e s s u c h
as r o u te r s , fir e w a lls , e tc . p r e s e n t b e t w e e n
L e t's c o n s i d e r t h e f o l l o w i n g t r a c e r o u t e r e s u lt s o b t a i n e d :
9 9
1 .1 0 .1 0 .2 0 , 1 .1 0 .2 20 0 .. 1 10 0. 1 .1 0 .2 0 .1 0 1 .1 0 .2 0 .1 5 1 .1 0 .2 0 .1 5
to to to to to
la s t la s t la s t la s t la s t
is is is is is
1 .1 0 .1 0 .1 1 .1 0 .1 0 .1 1 .1 0 .1 0 .5 0 1 .1 0 .1 0 .1 1 .1 0 .1 0 .5 0
o f t h e t a r g e t n e t w o r k as
M o d u le 0 2 P a g e 2 1 4
E t h i c a l H a c k i n g a n d C o u n t e r m e a s u r e s C o p y r i g h t b y E C - C 0 U n C il A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d .
E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s F o o t p r in t in g a n d R e c o n n a is s a n c e
E x a m 3 1 2 - 5 0 C e r t if ie d E t h ic a l H a c k e r
1.10.20.10
W eb Server
DMZ ZONE
Hacker In te rn e t
.........
1.10.10.1
Router 1.10.10.50 Firewall 1.10.20.15 M ail S erv er 1.10.20.50 Firew all
M o d u le 0 2 P a g e 2 1 5
E t h i c a l H a c k i n g a n d C o u n t e r m e a s u r e s C o p y r i g h t b y E C - C 0 U n C il A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d .
E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s F o o t p r in t in g a n d R e c o n n a is s a n c e
E x a m 3 1 2 - 5 0 C e r t if ie d E t h ic a l H a c k e r
P a th
A n a ly z e r
P ro
and
V is u a lR o u te
2010
a re
th e
tw o
to o ls
s im ila r
to
T ra c e ro u te
i n t e n d e d t o t r a c e r o u t e t h e t a r g e t h o s t in a n e t w o r k . P a th A n a ly z e r P r o
<
P a th ro u te
S o u rce : h ttp ://w w w .p a th a n a ly z e r .c o m A n a ly z e r fro m P ro is a g r a p h i c a l - u s e r - i n t e r f a c e - b a s e d to d e s tin a tio n g ra p h ic a lly . It a ls o tra c e ro u tin g to o l th a t show s such you th e hop
so u rce
p ro v id e s
in fo rm a tio n
as t h e
n u m b e r , i t s IP a d d r e s s , h o s t n a m e , A S N , n e t w o r k
name,
% lo s s , la t e n c y , a v g . la t e n c y , a n d s td .
d e v . a b o u t e a c h h o p i n t h e p a t h . Y o u c a n a l s o m a p t h e l o c a t i o n o f t h e IP a d d r e s s i n t h e n e t w o r k w i t h t h i s t o o l . It a l l o w s y o u t o d e t e c t f ilt e r s , s t a t e fu l f ir e w a l ls , a n d o t h e r a n o m a lie s a u t o m a t i c a l l y in th e n e tw o rk .
M o d u le 0 2 P a g e 2 1 6
E t h i c a l H a c k i n g a n d C o u n t e r m e a s u r e s C o p y r i g h t b y E C - C 0 U n C il A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d .
E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s F o o t p r in t in g a n d R e c o n n a is s a n c e
E x a m 3 1 2 - 5 0 C e r t if ie d E t h ic a l H a c k e r
V is u a lR o u te
2 0 1 0
i d e n t i f y t h e g e o g r a p h i c a l l o c a t i o n o f t h e r o u t e r s , s e r v e r s , a n d o t h e r IP d e v i c e s . I t is a b l e in t h r e e f o r m s : as a n o v e r a l l a n a ly s is , in a d a t a t a b l e , a n d as
to p ro v id e th e tra c in g in fo r m a tio n
M o d u le 0 2 P a g e 2 1 7
E t h i c a l H a c k i n g a n d C o u n t e r m e a s u r e s C o p y r i g h t b y E C - C 0 U n C il A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d .
E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s F o o t p r in t in g a n d R e c o n n a is s a n c e
E x a m 3 1 2 - 5 0 C e r t if ie d E t h ic a l H a c k e r
s Mm lo o lv . y S#tv* t% stopped
t from
My Compute*
v ttp ://
v.n-KT00ftaH
I ct
00
PM
? f
Trcf ou le to w w w j K
1 0
to n .c o n
1
A a J rtformfton ^ h<k and / V A n a ly s is
9
To L o c a t io n N e tw o rk RTT F ir e w a ll P o rt P r o b e P a c k e t lo s s www m icrosoft c om (65 5 5 57 80) Redm ond. W A . U S A M 1cro*oft Corp // Mot responding to pings O pen to http request* on port 80 R unning *enter M icro*o!WIS/7 5 R esp on ded in 9543m * AH
6 1 q
oa
Kgre to m o vt this view f
in general thr* rout is reason ably q u ic k ,* th hop* !*ponding on average within 122m s However, all h ops after hop 10 in network ]Network for 207 46 47 18)* !*pond particularly *lowtjr
RTT
116 3 m * /2 9 6 m *
1 *
P acket Loss 36 l% / 1 0 0 % R o u te le n g th A t least 17 hops A lt e r n a te ro u te s ? 4 hop(*) hare alternate route* (Hop{*) 1 2 .1 3 .1 4 & 15)
You are on day l of a IS day tria l. For purchase inform ation d id t h e re or en ter a license key. Your database is 338 days out of da te d ick here to update. li t i t tim e u s e S pe< u l offe t ? Q kfc h g t 10 J M f c l H t f l i B f t 1 V b m B P V t g 1 * t t t i f l f l i l * H o u rs O nly!
FIGURE 2 .3 9 : V is u a lR o u te 2 0 1 0 s c re e n s h o t
M o d u le 0 2 P a g e 2 1 8
E t h i c a l H a c k i n g a n d C o u n t e r m e a s u r e s C o p y r i g h t b y E C - C 0 U n C il A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d .
E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s F o o t p r in t in g a n d R e c o n n a is s a n c e
E x a m 3 1 2 - 5 0 C e r t if ie d E t h ic a l H a c k e r
Traceroute Tools
( C o n t d )
C E H
M a g ic N e tT ra c e
p ^ j
1^1 | r l
N e t w o r k P in g e r
http:/'/www. networkpinger.com
http://www.tialsoft.com
G E O S p id e r
http://www.oreware, com
0!
3 D T r a c e r o u te
http://www.d3tr.de
v T ra c e
A n a lo g X H y p e rT ra c e
http://vtrace.pl
http://www.analogx.com
N e tw o r k S y s te m s T ra c e ro u te
http://www.net.princeton.edu
Si
R o a d k il's T ra c e R o u te
Mot
P in g P lo tte r
V4V
http://www.pingplotter, com
T r a c e r o u t e A fe w lis te d as fo llo w s : S Q Q Q Q 0 Q Q Q
T o o l s
( C
o n t d ) P a th A n a ly z e r P ro a n d V is u a lR o u te 2 0 1 0 a re
m o re tra c e ro u te
to o ls s im ila r to
N e t w o r k P in g e r a v a ila b le a t h t t p : / / w w w . n e t w o r k p i n g e r . c o m G E O S p id e r a v a ila b le a t h t t p : / / w w w . o r e w a r e . c o m v T ra c e a v a ila b le a t h t t p :/ / v t r a c e . p l T r o u t a v a ila b le a t h t t p : / / w w w . m c a f e e . c o m R o a d k il's T ra c e R o u te a v a ila b le a t h t t p : / / w w w . r o a d k i l . n e t M a g ic N e tT ra c e a v a ila b le a t h t t p : / / w w w . t ia ls o f t . c o m 3 D T ra c e ro u te a v a ila b le a t h ttp ://w w w .d 3 tr .d e A n a lo g X H y p e rT ra c e a v a ila b le a t h t t p :/ / w w w .a n a lo g x . c o m N e t w o r k S y s te m s T ra c e ro u te a v a ila b le a t h t t p : / / w w w . n e t . p r i n c e t o n . e d u P in g P l o t t e r a v a ila b le a t h t t p : / / w w w . p i n g p l o t t e r . c o m
M o d u le 0 2 P a g e 2 1 9
E t h i c a l H a c k i n g a n d C o u n t e r m e a s u r e s C o p y r i g h t b y E C - C 0 U n C il A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d .
E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s F o o t p r in t in g a n d R e c o n n a is s a n c e
E x a m 3 1 2 - 5 0 C e r t if ie d E t h ic a l H a c k e r
F o o t p r in t in g
M e t h o d o lo g y
C E H
WHOIS Footprinting
DNS Footprinting
Email Footprinting
Network Footprinting Footprinting through Social Engineering Footprinting through Social Networking Sites
Competitive Intelligence
F o o t p r i n t i n g So fa r w e
h a v e d is c u s s e d v a r io u s te c h n iq u e s o f g a t h e r in g
T h is s e c tio n c o v e rs t h e s o c ia l e n g in e e r in g c o n c e p t a n d t e c h n iq u e s u s e d t o g a t h e r in f o r m a t io n .
M o d u le 0 2 P a g e 2 2 0
E t h i c a l H a c k i n g a n d C o u n t e r m e a s u r e s C o p y r i g h t b y E C - C 0 U n C il A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d .
E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s F o o t p r in t in g a n d R e c o n n a is s a n c e
E x a m 3 1 2 - 5 0 C e r t if ie d E t h ic a l H a c k e r
FootprintingthroughSocial Engineering
0 J
r Ell E
!z
n r \ 4 1 r* 0 0
0
Social e n g in e e rs a tte m p t to g a ther: & S S S S Credit card details and social security number User names and passwords Other personal information Security products in use Operating systems and software versions Network layout information IP addresses and names of servers
0
Social e n g in eers use th e s e te ch n iq u e s: S S S S Eavesdropping Shoulder surfing Dumpster diving Impersonation on social networking sites
m
0 0
F o o t p r i n t i n g S o c ia l e n g in e e rin g
t h r o u g h is a t o t a l l y
S o c ia l
n g i n e e r i n g p ro ce ss in w h ic h an a tta c k e r tric k s a
n o n -te c h n ic a l a b o u t th e
t a r g e t i n s u c h a w a y t h a t t h e t a r g e t is
u n a w a r e o f t h e f a c t t h a t s o m e o n e is s t e a l i n g h i s o r h e r c o n f i d e n t i a l i n f o r m a t i o n . T h e a t t a c k e r a c t u a lly p la y s a c u n n in g g a m e w i t h t h e t a r g e t t o o b t a i n c o n f id e n t ia l i n f o r m a t io n . T h e a t t a c k e r ta k e s a d v a n ta g e in fo rm a tio n . To p e rfo rm th e n tric k s o c ia l e n g in e e r in g , y o u f i r s t n e e d t o g a in t h e c o n f i d e n c e o f a n a u t h o r i z e d u s e r a n d h im is t o or her in to re v e a lin g c o n fid e n tia l in fo rm a tio n . and th e n The b a s ic goal of s o c ia l fo r o f th e h e lp in g n a tu re o f p e o p le and th e ir w e a k n e s s to p ro v id e c o n fid e n tia l
e n g in e e rin g
o b ta in
re q u ire d
c o n fid e n tia l
in fo rm a tio n
use th a t
in fo rm a tio n
h a c k in g a t t e m p t s s u c h as g a in in g u n a u t h o r iz e d e s p io n a g e , n e tw o rk in tru s io n , c o m m it fra u d s ,
access to th e e tc . T h e
in fo rm a tio n
e n g in e e r in g m a y in c lu d e c r e d it c a rd d e ta ils , s o c ia l s e c u r it y n u m b e r s , u s e r n a m e s a n d p a s s w o r d s , o th e r p e rs o n a l in fo rm a tio n , o p e ra tin g s y s te m s a n d s o ftw a re s e rv e rs , n e tw o r k la y o u t in fo rm a tio n , a n d h a ck a s y s te m o r to c o m m it fra u d . S o c ia l e n g i n e e r i n g can be p e rfo rm e d in m a n y w a y s s u c h as e a v e s d r o p p in g , s h o u ld e r s u rfin g , m uch v e r s i o n s , IP a d d r e s s e s , n a m e s o f
m o r e . S o c ia l e n g in e e r s u s e t h is i n f o r m a t i o n t o
d u m p s t e r d iv in g , im p e r s o n a t i o n o n s o c ia l n e t w o r k i n g s ite s , a n d s o o n .
M o d u le 0 2 P a g e 2 2 1
E t h i c a l H a c k i n g a n d C o u n t e r m e a s u r e s C o p y r i g h t b y E C - C 0 U n C il A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d .
E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s F o o t p r in t in g a n d R e c o n n a is s a n c e
E x a m 3 1 2 - 5 0 C e r t if ie d E t h ic a l H a c k e r
C o lle c t I n f o r m
a t io n
U s in g
E a v e s d r o p p in g ,
f J *
S h o u ld e r S u r fin g ,
a n d
D u m p s t e r D iv in g
[ j
E a v e s d ro p p in g
Eavesdropping is un authorized listening o f conversations or reading o f m essages It is interception o f any form of com m un ication such as audio, video, or w ritten &
S h o u ld e r S u rfin g
Shoulder surfing is the procedure w here the attackers lo o k over the user's sho ulder to gain critical inform ation Attackers gather inform ation such as passwords, personal identification num ber, account num bers, credit card inform ation, etc. 6
D u m p s te r D iv in g
Dum pster diving is looking for treasure in so m e o n e else's trash It involves collection o f phone bills, contact inform ation, financial inform ation, operations related inform ation, etc. from the target com pany's trash bins, printer trash bins, user desk for sticky notes, etc.
C o l l e c t I n f o r m a n d D a t i o n u m S u r f i n g , As m e n tio n e d
u s i n g D p s t e r i v i n g
E a v e s d r o p p i n g ,
S h o u l d e r
te c h n iq u e s u se d to c o lle c t in fo r m a tio n f r o m
s o c ia l e n g in e e r in g t e c h n i q u e s t o u n d e r s t a n d h o w t h e y c a n b e p e r f o r m e d t o o b t a i n c o n f id e n t ia l in fo rm a tio n .
th is te c h n iq u e , an a t t a c k e r s ta n d s b e h in d th e v ic tim
M o d u le 0 2 P a g e 2 2 2
E t h i c a l H a c k i n g a n d C o u n t e r m e a s u r e s C o p y r i g h t b y E C - C 0 U n C il A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d .
E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s F o o t p r in t in g a n d R e c o n n a is s a n c e
E x a m 3 1 2 - 5 0 C e r t if ie d E t h ic a l H a c k e r
T h is t e c h n iq u e c re d it ca rd
is c o m m o n l y and
used
to
g a in d a ta .
p a s s w o rd s , It c a n be
P IN s, s e c u r it y p e rfo rm e d in
n u m b e rs, as it is
in fo rm a tio n ,
s im ila r
p la c e
r e l a t i v e l y e a s y t o s t a n d b e h in d t h e v i c t i m w i t h o u t h is o r h e r k n o w l e d g e .
D u m p s t e r T h is t e c h n iq u e
D iv in g is a l s o k n o w n a s t r a s h i n g , w h e r e t h e a t t a c k e r l o o k s f o r i n f o r m a t i o n s u c h as p h o n e in
th e t a r g e t c o m p a n y 's d u m p s te r . T h e a tta c k e r m a y g a in v ita l in f o r m a t io n c o n ta c t in fo r m a tio n , fin a n c ia l in fo r m a tio n , o p e r a tio n s - r e la te d codes, p rin to u ts o f s e n s itiv e in fo rm a tio n , e tc . f r o m th e
b ills ,
ta rg e t c o m p a n y 's
M o d u le 0 2 P a g e 2 2 3
E t h i c a l H a c k i n g a n d C o u n t e r m e a s u r e s C o p y r i g h t b y E C - C 0 U n C il A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d .
E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s F o o t p r in t in g a n d R e c o n n a is s a n c e
E x a m 3 1 2 - 5 0 C e r t if ie d E t h ic a l H a c k e r
F o o t p r in t in g M e t h o d o lo g y
WHOIS Footprinting
DNS Footprinting
Email Footprinting
Network Footprinting Footprinting through Social Engineering Footprinting through Social Networking Sites
Competitive Intelligence
th ro u g h th e re
e n g in e e rin g ,
som e
d iffe re n c e s
b e tw e e n p e o p le th e use in to
tw o
th ro u g h
s o c ia l e n g in e e r in g , t h e th ro u g h s o c ia l
re v e a lin g g a th e rs
fo o tp rin tin g s o c ia l
n e tw o rk in g can
a tta c k e r s o c ia l
n e tw o rk in g
s ite s .
A tta c k e rs
n e tw o rk in g
m e d iu m to p e rfo rm
T h is s e c t io n e x p la in s h o w
b y m e a n s o f s o c ia l e n g in e e r in g .
M o d u le 0 2 P a g e 2 2 4
E t h i c a l H a c k i n g a n d C o u n t e r m e a s u r e s C o p y r i g h t b y E C - C 0 U n C il A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d .
E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s F o o t p r in t in g a n d R e c o n n a is s a n c e
E x a m 3 1 2 - 5 0 C e r t if ie d E t h ic a l H a c k e r
C o lle c t
I n f o r m
a t i o n
t h r o u g h
S o c ia l S ite s
E n g i n e e r i n g
o n
S o c ia l
N e t w o r k i n g
Attackers g a ther sensitive in fo rm a tio n th ro u g h social e n g inee ring on social n e tw o rk in g w ebsites such as Facebook, M ySpace, Linkedln, T w itte r, P interest, G oogle+, etc.
I V
Attackers create a fake p ro file on social n e tw o rk in g sites and th e n use th e false id e n tity to lure th e em ployees to give up th e ir sensitive in fo rm a tio n
Employees may post personal inform ation such as date of birth, educational and em ploym ent backgrounds, spouses names, etc. and information about their company such as potential clients and business partners, trade secrets of business, websites, company's upcoming news, mergers, acquisitions, etc.
o l l e c t N
I n f o r m e t w
a t i o n
t h r o u g h
S o c ia l
E n g i n e e r i n g
o n
S o c ia l
o r k i n g
S it e s
P in te re s t, G o o g le + , a n d One s ite m ay be
s o c ia l n e t w o r k in g frie n d s ,
h a s its o w n e tc . and
p u rp o s e m ay
in te n d e d
connect
fa m ily ,
a n o th e r
b ro w s in g th ro u g h h im or her
u s e rs ' p u b lic p ro file s o r b y c r e a tin g a fa k e p ro file a n d tric k in g u s e r t o b e lie v e u se r. These s ite s a llo w p e o p le to s ta y c o n n e c te d w ith o th e rs , to
as a g e n u in e
m a in ta in
p ro fe s s io n a l p ro file s , a n d t o s h a re th e
in fo rm a tio n w ith
o t h e r s . O n s o c ia l n e t w o r k i n g
t h e t a r g e t p e r s o n o r t h e c o m p a n y . T h e s e s ite s h e lp a n a t t a c k e r t o c o lle c t o n ly t h e in f o r m a t io n u p lo a d e d by th e p e rs o n o r th e com pany. A tta c k e rs can e a s ily access p u b lic pages o f th e s e
M o d u le 0 2 P a g e 2 2 5
E t h i c a l H a c k i n g a n d C o u n t e r m e a s u r e s C o p y r i g h t b y E C - C 0 U n C il A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d .
E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s F o o t p r in t in g a n d R e c o n n a is s a n c e
E x a m 3 1 2 - 5 0 C e r t if ie d E t h ic a l H a c k e r
M o d u le 0 2 P a g e 2 2 6
E t h i c a l H a c k i n g a n d C o u n t e r m e a s u r e s C o p y r i g h t b y E C - C 0 U n C il A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d .
E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s F o o t p r in t in g a n d R e c o n n a is s a n c e
E x a m 3 1 2 - 5 0 C e r t if ie d E t h ic a l H a c k e r
C E H
Attacker Gets
jk A.
P ro m o te products
Product profile
......
Identity o f a fa m ily m em b ers Share photos and video s U ser suppo rt Social engineering
..................................
R e c ru itm e n t i Platform /technology ' : inform ation
Creates events
Type o f business
n
Copyright by EG-G(HIICil. All Rights Reserved. Reproduction is Strictly Prohibited.
I n f o r m So n e tw o rk in g fa r, s ite s ;
a t i o n have we
v a i l a b l e how
o n an
S o c ia l a tta c k e r
e t w g ra b
o r k i n g
S it e s fro m fro m s o c ia l s o c ia l
we now
d is c u s s e d w ill
can an
d is c u s s
what
in fo rm a tio n
a tta c k e r
in fo rm a tio n
about
c o n n e c te d
o th e rs .
The
g e n e ra lly
c o n ta in s
i n f o r m a t i o n s u c h as n a m e , c o n t a c t i n f o r m a t i o n ( m o b i l e n u m b e r , e m a il ID ), f r i e n d s ' i n f o r m a t i o n , in fo rm a tio n frie n d s and a b o u t fa m ily c h a t w ith m e m b e rs , th e ir can in te re s ts , a c tiv itie s , e tc . P e o p le u s u a lly c o n n e c t to th e ir c h a ts .
th e m .
A tta c k e rs
g a th e r s e n s itiv e s h a re
in fo rm a tio n
th ro u g h
S o c ia l n e t w o r k i n g s ite s a ls o a l l o w
p e o p le to
p h o t o s a n d v id e o s w i t h t h e i r f r ie n d s . If t h e
M o d u le 0 2 P a g e 2 2 7
E t h i c a l H a c k i n g a n d C o u n t e r m e a s u r e s C o p y r i g h t b y E C - C 0 U n C il A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d .
E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s F o o t p r in t in g a n d R e c o n n a is s a n c e
E x a m 3 1 2 - 5 0 C e r t if ie d E t h ic a l H a c k e r
a c t iv it ie s o f a n o r g a n iz a t io n o n t h e s o c ia l n e t w o r k in g s ite s a n d t h e a n a tt a c k e r ca n g ra b a re as fo llo w s :
re s p e c tiv e in f o r m a t io n t h a t
W h a t A tta c k e r G e ts B u s in e s s s t r a t e g ie s P ro d u c t p ro file S o c ia l e n g in e e r in g
T y p e o f b u s in e s s e m p lo y e e s
TABLE 2 .1 : W h a t o rg a n iz a tio n s Do a n d W h a t A tta c k e r G ets
M o d u le 0 2 P a g e 2 2 8
E t h i c a l H a c k i n g a n d C o u n t e r m e a s u r e s C o p y r i g h t b y E C - C 0 U n C il A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d .
E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s F o o t p r in t in g a n d R e c o n n a is s a n c e
E x a m 3 1 2 - 5 0 C e r t if ie d E t h ic a l H a c k e r
223,376,640
18,241,080
S T k ,'%
L a t in A m e r ic a
141,612,220
8 4 5
1 0 0
r\ o
* O
&
m illion m onthly active users billion connections
2 5 0
W
1 of every 5 of all page views minutes tim e spent per visit
o l l e c t i n g
F a c e b o o k
I n f o r m
a t i o n
in fo rm a tio n lo g in to
F acebook, th e a c c o u n t, and
h is /h e r th e e m a il
B ro w s in g n u m b e r,
ta rg e t
p e rs o n 's
p ro file
lo t
u s e fu l
in fo rm a tio n
ID , f r i e n d
in fo rm a tio n ,
e d u c a tio n a l use th is
d e ta ils ,
p ro fe s s io n a l
d e ta ils ,
in te re s ts , p la n n in g ,
p h o to s , a n d
m uch
m ore . T he
a tta c k e r can
in fo rm a tio n
fo r fu rth e r
h a c k in g
s u c h as s o c ia l e n g in e e r in g , t o re v e a l m o r e in f o r m a t io n a b o u t t h e ta r g e t.
M o d u le 0 2 P a g e 2 2 9
E t h i c a l H a c k i n g a n d C o u n t e r m e a s u r e s C o p y r i g h t b y E C - C 0 U n C il A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d .
E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s F o o t p r in t in g a n d R e c o n n a is s a n c e
E x a m 3 1 2 - 5 0 C e r t if ie d E t h ic a l H a c k e r
R e c o rd n ga rtis t, c o n c e rtp e rfo rm e ra n dtN an tfrop st J o h nle g e n dh a tw o nn n e G ra m m y* w a rd *a n dw a *n a m e do n eo fT m e m a g a a n e*1 0 0 m o * trA je n fta l Jo h nlurchedh ac a re e ra sase sso np la y e ra n dv o ca b t, corrbutrgtob e s tse k n greardngi b ylairynHi, A k > aK e y * . Ja y 2 a n d* C a n y eW e s tb e fo re re c o rd n ghso w nirtro k ench a no fT o p1 0a b o rts G e tlifte d(2 0 0 4 ), O n c e A g a n...S mM o r A rtistsW eA lsoI d e e Estd e, v a u g h nA n th o n y ,K a n y eW e st. G o o dM \ jk
Contact Info W ebute h tip :/ ^ w w w .) h rie g e n d -c f f l h flp :/ / w w w .rfw m e c a p g n .o rg h ttp :/ / w w w y s p a c ec o j)o h rte g e n d h ttp :/ / w w w .y u % i)e c c m / )h r* e g e n d
Crete*Jrta tsA g e n c y
F a c e b o o kC 2 0 1 2 E n g ta h( U S )
FIGURE 2 .4 0 : F a ce b o o k s c re e n s h o t
M o d u le 0 2 P a g e 2 3 0
E t h i c a l H a c k i n g a n d C o u n t e r m e a s u r e s C o p y r i g h t b y E C - C 0 U n C il A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d .
E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s F o o t p r in t in g a n d R e c o n n a is s a n c e
E x a m 3 1 2 - 5 0 C e r t if ie d E t h ic a l H a c k e r
Wayne Rooney C
~wayneR00ney
Japan
29.9 m illio n
A
Twee* to Wayne Rooney T iveets *1 im >
j Q W a y n a B o c n c y
Tweets FO IW iin a
a
JR K1:
g tj P a u 'W c C a rtn e j a = /
11
1811 donl 0ut9 urJe18l8rd w*tjr 1e Mi w have 10 he* eve-ryttmj in french Hit? utterly rdcjom
v m m m
r 'e s w ith la r g e s t ^
oym pcs
can t tittlev aa T h e R e a K C 3fifKrtoano'a* c*f*n n y * H 0 R 88p # c th ed o n **0 m jc'i th ecouWy > ct4 o 1 C 0 1 r
9 4 6 5 3 5 0 W * 7 6 %
Jcov*An<VtfvJ
m illion accounts
m illion tw e e ts a day
sH o p ep a u lm entr?9I
5 5 %
Q
Wayne Rooney 3wsyr<J4v,, I Great riotory of Brrtr aiiesiy. Dtl'eitnt
T w itte r u s e rs n o w p o s t s ta tu s u p d a te s
rh b .oo o o nb e fix6
o l l e c t i n g
T w
i t t e r
I n f o r m
T w i t t e r is a n o t h e r p o p u l a r s o c i a l n e t w o r k i n g
fo llo w e rs
u p lo a d e d , e tc . T h e a t t a c k e r m a y g e t m e a n in g f u l in f o r m a t io n f r o m t h e t a r g e t u s e r's tw e e t s .
M o d u le 0 2 P a g e 2 3 1
E t h i c a l H a c k i n g a n d C o u n t e r m e a s u r e s C o p y r i g h t b y E C - C 0 U n C il A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d .
E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s F o o t p r in t in g a n d R e c o n n a is s a n c e
E x a m 3 1 2 - 5 0 C e r t if ie d E t h ic a l H a c k e r
Wayne Rooney O
wayneRooney
h a p s /w w u . /acebooic.eom. ^ ayntMoon*i/
* Follow
A-
h ttp o ffca w a yn o ro e n y0 0 m
d
T w e e t to W a y n e R o o n e y Q W eyneR ooney Paul M cCartney T w e e ts FoSowing F o io w e r s F a v o rte s
TV/eets j No repiiH
i . :: i : * y
a
m
j
P iers M organ
l s ti < qu te understand w h y m e h e! w e h ave to hear e v e r y th r g FRENCH first7 Utterty ndicutous solym piccerem ony =K**!K ty Wayne Rooney Expand P m ills vtrStacAV s
:-!-:;j
rwvcni ayca
U W 2 0 1 2T w e ta f
Btog Stjtu* A Ad**1 *ef* B1
3 M
cant befteve . TheReaUVC3 a not part o f this cerem ony N o Resp ect he done s o much 4 the country Imao = Lon do n2 0 l2 *O lym pics Rtfwwwd t y Wayne Rooney Expand Wayne Rooney ., * ::< ,
H
a
Karl H yde
v .H y i*
..ayneRooney themchaelowen becks to bght a footba and bet 1 straight to the Olympic stadum torch GO Rato tea ty Wayna Rooney Va> oonvarMOen Ian Hicholls .>_1af
WayneRooney macca ctosrg t lad ca nl w a r ScouseAndProud * Rafaatad by Wayna Roonay v* oonaratn Wayne Rooney R : :<
. i >*Rooney U r bean Fun n y Expand W ayne Rooney .vaynaReeaey G reat history o f b r t a r already Different to an y other cerem ony i , h ave se e n before
M o d u le 0 2 P a g e 2 3 2
E t h i c a l H a c k i n g a n d C o u n t e r m e a s u r e s C o p y r i g h t b y E C - C 0 U n C il A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d .
E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s F o o t p r in t in g a n d R e c o n n a is s a n c e
E x a m 3 1 2 - 5 0 C e r t if ie d E t h ic a l H a c k e r
B P
C *rwl P rogmmtnM n n n j > f Mf r c l a c f c *B a n k0 1 . I j i u m S H . * m p t y * d ( ( # . Pwl * MdotO p ! ! * * " PtyKt$ * Sv&oc K *XA * B a n k E t r a P r e a t s m i T i oManigwa MA B j n *t u : < c O jt P1 j * f T 0i P > r 1 > w n ti *XA f c p xxtr MotM W s M n a c o r r m a n M i e n * )p o t * >I*!*cannvnMOm W f l t a r i M C a n p j r yW<6tM t i p . , * iMxtr
ai a ^
*a H i an Y - - *1 *.^ - 2
n e w m e m b e rs 2 , 4 4 7 e m p lo y e e s lo c a te d a ro u n d th e w o rld $ 5 2 2 m illio n
m illio n c o m p a n ie s
jo in e v e ry s eco nd
re v e n u e f o r 2 0 1 1
ha ve L in k e d ln c o m p a n y pages
o l l e c t i n g to
L i n k e d l n and
I n f o r m
a t i o n is a n o th e r s o c ia l n e tw o rk in g s ite fo r
S im ila r
T w itte r,
L in k e d ln
p r o f e s s io n a ls . It a llo w s p e o p l e t o c r e a t e a n d m a n a g e t h e i r p r o f e s s i o n a l p r o f i l e
a n d id e n t i t y . It
a llo w s its u s e rs t o b u ild a n d e n g a g e w i t h t h e i r p r o f e s s io n a l n e t w o r k . H e n c e , t h is c a n b e a g r e a t in fo rm a tio n e m p lo y m e n t m ore about reso u rce d e ta ils , th e fo r th e a tta c k e r. The a tta c k e r m ay get in fo rm a tio n c o n ta c t th is such d e ta ils , as cu rre n t m uch th e
p a st e m p lo y m e n t p e rs o n . The
d e ta ils , a tta c k e r
e d u c a tio n can
d e ta ils , a ll
and w ith
ta rg e t
c o lle c t
in fo rm a tio n
f o o t p r in t in g p ro ce ss.
M o d u le 0 2 P a g e 2 3 3
E t h i c a l H a c k i n g a n d C o u n t e r m e a s u r e s C o p y r i g h t b y E C - C 0 U n C il A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d .
E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s F o o t p r in t in g a n d R e c o n n a is s a n c e
E x a m 3 1 2 - 5 0 C e r t if ie d E t h ic a l H a c k e r
Linked 03 *** !T y!* bmc : Horn Profile Contacts Group* Job inbox Conpann Non Mora
C hris Stone
Programme Manager at Deutsche Bank Belgium
Bru ssels Area B e lp u m Management Consumg
S ee e x p a n d e d
Connect Send InMari Save Chns's F Current P ro g ra m m e M a n a g e r at D eu tsch e B a n k B e lg iu m D irecto r a n d Co n s u lta n t a! P ro g ra m M a n a g e m e n t S olu tio n s sprl (S e lf e m p lo y e d ) Pa st Head of Operations Projects & Support Investment O m s k *! at A X A Bank Europe Programme Manager at A X A Bank Europe O utsourcing Programme & Procurement Manager at A X A B ek pu m O M il Henot-Watt Institute of Chartered Secretaries and Adm M st/ators Recommendations Connections W ebsites Public Protoe 3 people have recommended Chns 500 connections Com pany W ebs4e http II be knkedn c o m W c ss to n e
Education
M o d u le 0 2 P a g e 2 3 4
E t h i c a l H a c k i n g a n d C o u n t e r m e a s u r e s C o p y r i g h t b y E C - C 0 U n C il A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d .
E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s F o o t p r in t in g a n d R e c o n n a is s a n c e
E x a m 3 1 2 - 5 0 C e r t if ie d E t h ic a l H a c k e r
M o s t v is ite d w e b s ite a c c o rd in g t o A le x a
tm
9 0 0 Sec
A v e ra g e tim e u se rs s p e n d o n Y o u T u b e e v e ry d a y
8 2 9 ,4 4 0
V id e o s u p lo a d e d
,G E E
Q )
1]
o l l e c t i n g
Y o u T u b e
I n f o r m
a t i o n u p l o a d , v i e w , a n d s h a r e v i d e o s a ll o v e r t h e
Y o u T u b e is a w e b s i t e t h a t a l l o w s y o u t o
FIGURE 2 .4 3 : Y o u tu b e s h o w in g v id e o s re la te d t o ta r g e t
M o d u le 0 2 P a g e 2 3 5
E t h i c a l H a c k i n g a n d C o u n t e r m e a s u r e s C o p y r i g h t b y E C - C 0 U n C il A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d .
E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s F o o t p r in t in g a n d R e c o n n a is s a n c e
E x a m 3 1 2 - 5 0 C e r t if ie d E t h ic a l H a c k e r
C E H
G o to
L in k fo r P e rso n
R e d ire c t U R L
L in k fo r yo u
Copy the generated link of this field and send it to the target via chat to get IP address
kKprs41: http Ifw m i nyiptesi corr/img pk>?>d=z0 eujbg1f?&Klnwwvr gruil con&rd =yatoc c> rr&
Link ID
Ideu jb g1f2
IP
8 5.93.218.204
h ttp ://w w w .m y ip te s t.c o m Copyright by EG-G*ancil. All Rights Reserved. Reproduction is Strictly Prohibited.
T r a c k i n g ^ In o rd e r about w ill to
U s e r s
o n
S o c ia l fro m
e t w
o r k i n g and
p ro te c t th e m s e lv e s m ay
In te rn e t fra u d id e n titie s th e on
k n o w le d g e cases, you
use fa k e
s o c ia l n e t w o r k in g u se r. So to
s ite s .
In s u c h th e rea l
not
in fo rm a tio n
about
ta rg e t
d e te rm in e
i d e n t i t y o f t h e t a r g e t u s e r , y o u c a n u s e t o o l s s u c h a s G e t S o m e o n e ' s IP o r I P - G R A B B E R t o t r a c k u s e rs ' re a l id e n titie s . If y o u w a n t t o t r a c e t h e i d e n t i t y o f p a r t i c u l a r u s e r, t h e n d o t h e f o l l o w i n g : O p e n y o u r w e b b ro w s e r , p a s te th e URL, a n d p re ss E n te r: h ttp ://w w w .m y ip te s t.c o m /s ta tic p a g e s /in d e x .p h p /h o w -a b o u t-v o u N o tic e th e th re e and fie ld s a t th e b o tto m o f th e web pa g e, n a m e ly
URL: http://,
T o g e t r e a l IP a d d r e s s o f t h e t a r g e t , c o p y t h e g e n e r a t e d a n d s e n d it t o t h e t a r g e t v ia c h a t.
E n te r a n y Open th e
URL y o u
URL
w a n t t h e t a r g e t t o r e d i r e c t t o in in th e L in k
fie ld .
p re s e n t
for you
fie ld
m o n ito r th e
t a r g e t ' s IP a d d r e s s d e t a i l s a n d a d d i t i o n a l d e t a i l s .
M o d u le 0 2 P a g e 2 3 6
E t h i c a l H a c k i n g a n d C o u n t e r m e a s u r e s C o p y r i g h t b y E C - C 0 U n C il A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d .
E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s F o o t p r in t in g a n d R e c o n n a is s a n c e
E x a m 3 1 2 - 5 0 C e r t if ie d E t h ic a l H a c k e r
Link for person: http //www myiptest com/1 mg php7!d=zdeujbg1f2&rdr=www gmail com&rdr=yahoo com& Redirect URL: http# www gmail com Link for you: http //www myipfest com/staticpages/index php/how-about-you?id=zdeujbg1f2&showjp:
L i n k ID
IP
P ro xy
R e fe r
D a te ffim e
z d e u jb g lf2
8 5 .9 3 .2 1 8 .2 0 4
NO
NO
2 0 1 2 -0 8 -0 6 1 3 :0 4 :4 4
M o d u le 0 2 P a g e 2 3 7
E t h i c a l H a c k i n g a n d C o u n t e r m e a s u r e s C o p y r i g h t b y E C - C 0 U n C il A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d .
E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s F o o t p r in t in g a n d R e c o n n a is s a n c e
E x a m 3 1 2 - 5 0 C e r t if ie d E t h ic a l H a c k e r
Footprinting Concepts
Footprinting Threats
Footprinting M ethodology
Footprinting Countermeasures
Footprinting Tools
1 M
o d u l e
t h a t m a k e in fo r m a t io n g a th e r in g an e a s y jo b . T h e s e to o ls e n s u re th e m a x im u m
Footprinting Concepts
|w |
F o o t p r in tin g T o o ls
Footprinting Threats
Footprinting Countermeasures
C D
Footprinting Methodology
vtv
T h is s e c tio n d e s c rib e s t o o ls in t e n d e d f o r g r a b b in g in f o r m a t io n f r o m v a r io u s s o u rc e s .
M o d u le 0 2 P a g e 2 3 8
E t h i c a l H a c k i n g a n d C o u n t e r m e a s u r e s C o p y r i g h t b y E C - C 0 U n C il A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d .
E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s F o o t p r in t in g a n d R e c o n n a is s a n c e
E x a m 3 1 2 - 5 0 C e r t if ie d E t h ic a l H a c k e r
F o o t p r i n t i n g
T o o l:
a l t e g o
S o u rce : h ttp ://p a te rv a .c o m M a lte g o is an open so u rce in te llig e n c e and fo re n s ic s w o rk. a p p lic a tio n . M a lte g o It can be used fo r th e to
in fo rm a tio n
g a th e rin g
p h a s e o f a ll s e c u r i t y - r e l a t e d
is a p l a t f o r m
d e v e lo p e d
c o m p a n i e s , o r g a n i z a t i o n s , w e b s i t e s , I n t e r n e t i n f r a s t r u c t u r e ( d o m a i n s , D N S n a m e s , N e t b l o c k s , IP a d d re s s e s ) , p h ra s e s , a f f ilia t io n s , d o c u m e n t s , a n d file s .
I ! M
----| | |
q '3
r 0 o
V 1 ^ O 0 o n 9
& 9
~ o Or <
w m
r*
: J ^
Internet Domain
Personal Information
M o d u le 0 2 P a g e 2 3 9
E t h i c a l H a c k i n g a n d C o u n t e r m e a s u r e s C o p y r i g h t b y E C - C 0 l1 n C il A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d .
E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s F o o t p r in t in g a n d R e c o n n a is s a n c e
E x a m 3 1 2 - 5 0 C e r t if ie d E t h ic a l H a c k e r
C E H
Setting W indow
h t t p : / / w w w .d o m o i n p u n c h .1
F o o t p r i n t i n g
T o o l :
o m
a i n
a m
A n a l y z e r
P r o
S o u rce : h ttp ://w w w .d o m a in p u n c h .c o m D o m a in Nam e A n a ly z e r P ro fe s s io n a l nam es. It is W in d o w s th e s o ftw a re d is p la y of fo r fin d in g , m a n a g in g , d a ta (e x p iry and and
m a in ta in in g c re a tio n
m u ltip le
d o m a in
s u p p o rts
a d d itio n a l
d a te s , n a m e s e rv e r in fo r m a tio n ) , ta g g in g d o m a in s , s e c o n d a ry w h o is lo o k u p s ( fo r th in
M o d u le 0 2 P a g e 2 4 0
E t h i c a l H a c k i n g a n d C o u n t e r m e a s u r e s C o p y r i g h t b y E C - C 0 U n C il A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d .
E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s F o o t p r in t in g a n d R e c o n n a is s a n c e
E x a m 3 1 2 - 5 0 C e r t if ie d E t h ic a l H a c k e r
TZ0''
1
A
ittu1 VWw Doium
( C
!
SMdrt
_ Mrtc 0*t*t
M
lo o lu * 0ou
SMn
9
WS5.M201
1
CO* COT
Mi.1n.1S2J(
mnM.W
Bar Domaai
m e doman certfeAadcer.com resokes to an ip Address [202.7S.S4.101]. So is most Hceh not avaiafeie or reparation triess your ISP, - j UnknoMil network admmrt&ator or you he sett* the local network to resohe al host names.
.< ft i)phtS may use the App Seangs and toaMe the Mranae Whois lootaos' option t Hyphn*te vog I you war* the hots data nstead th guck ONS based check.
W W WDo
fc fe n d 90 1
j j InAuctc
NctoAuc 02
J T 99<4D 0
j Unt99dl
t [>NAf*0 0 1 1 1 W
1f c
NUU
* U S MO*
M at V I
w O u#tqr J
D o m a in
N a m e
In fo r m a tio n
M o d u le 0 2 P a g e 2 4 1
E t h i c a l H a c k i n g a n d C o u n t e r m e a s u r e s C o p y r i g h t b y E C - C 0 U n C il A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d .
E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s F o o t p r in t in g a n d R e c o n n a is s a n c e
E x a m 3 1 2 - 5 0 C e r t if ie d E t h ic a l H a c k e r
C E H
Extract targeted c o m p a n y co n ta ct data (em ail, p h o n e , fax) fro m w eb fo r respo nsible b2b co m m u n ic a tio n Extract UR L, m eta tag (title, descrip tio n , keyw ord) fo r w ebsite p ro m o tio n , sea rch d irecto ry creatio n, w eb research
F o o t p r i n t i n g
T o o l :
e b
D a t a
E x t r a c t o r
S o u rce : h ttp ://w w w .w e b e x tr a c to r .c o m W eb D a t a E x t r a c t o r is a d a t a e x t r a c t o r t o o l . I t e x t r a c t s t a r g e t e d c o m p a n y c o n t a c t d a t a ( e m a i l , th e w e b , e x tra c ts th e U R L a n d m e ta ta g (title , de sc, k e y w o rd ) fo r w e b s ite d ire c to ry c re a tio n , e tc . T h e fo llo w in g is a s c r e e n s h o t o f t h e W eb D a ta
p h o n e , a n d fa x ) f r o m p ro m o tio n , se a rch e s
E x tr a c to r s h o w in g m e ta ta g s :
M o d u le 0 2 P a g e 2 4 2
E t h i c a l H a c k i n g a n d C o u n t e r m e a s u r e s C o p y r i g h t b y E C - C 0 l1 n C il A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d .
E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s F o o t p r in t in g a n d R e c o n n a is s a n c e
E x a m 3 1 2 - 5 0 C e r t if ie d E t h ic a l H a c k e r
1 6|
1 b p .
11111,11
littp//ceiUiedhackc lYtp//cs1tfipdhacle | y .t>//cc tfiedhocko hrtp1//ce tfipdhacke Iv .to ://ce tficdhackc h rlp r //ce tfiedhacke t^icdhackc tfiedhacke h:b / / : = N.t //ooilficdhackc tJicdhackc h ttp ://cei tfiedhacke tficdhackc h rtto//coilificdhockc http//esi tfledhacke t^cdhackc hf.t>.//o=1 Uicdhackc htlp //cei ttiedhacke KtoV/ce Uiedhacke Iv.tp //c s tfiedhacke H:tp //OH tfiedhacke http//co tfiodhack krto//c tfiedhacke http/ / c 3 tfiodhocko hftn//ce rfiedhacke Iv.tp//cc tficdhackc hrtp//0 tfi(dhad:p Iv.tp//cc tficdhackc 1ttp7/c 1rliArthArk a http//ccitfiedhackc tfiodhockc 1ttp//0il Hi^rthArle lAtp//cc1tfioJhotko tfisdhocko http //oettt 1 dhcke Ir.ly //tc tficdtiatkc http// tliodhaoko 1 r.to// c 1Ifiedlidcke Nip //0# 1tf1*dh*cke l*tu//c1 tfiodl1ackc
N .t //c e
*ST<*rr Hot! Title Domai com,0nlr< Onlne Booking: I # beding, hotel Drlhe Ecckr htp://cethfcdo c rrn /flnlr< f rlhf* Booking Hot brfking kclel Ecckr h pf , c c conw'Onlr* Onlne Booking: P rr becking, kctelD rihe Ecckr http:/ca lifcd o c corn/P-folirP-Folc h r p ',c 1 if * A e corn/'P-foli: F Tolc hlip://1 califcdo : corVP-foli: P-Folc M ip 7 ;c a tie d a c corVP-foli: PFolc http, ^cahfccko c conWReallProle^malRealEiraa enae.fea^-oteJttxwlFhrp^/cefiifeck.a c corn/Real I FioIcsb13 l Rral E; 0^ > =fc^3 cvdF htp7 c a h fc tio c com/Real I Ftole^malRaIE<ra etta,rea:>ote?tDCMlFhtp://C1 1 f<la c com/ReollFtotesbn3IRsalE:153 e;t 3 e. tea ^ofcjiwnalFhtip:(/ca lif edo c conWReallFTole^malRealEuaa ettae, rea 3 ote ^ xia l FWcp:'/c1fcka c com/Retic Ycu -OTtxxv - Fee Sonr k c y w d A ;Fat de^aiht)p:f i ccrhfcdo c com/'RecipYou corpary - Flee Soto keyword A tkcr* deiai Wp:/,ce1hfe<fa c com/Recic Ycu c orpdrv-A tcSonetev-iod A :k a ! dKCiihUDV/cefiifetfa c com/Reci;: Ycu corpay Pee Sons k y w d A skat desai M 'p ^cah fcd -o c com/Recic You corpary Ccr Son- key !ad A ;Frit desai ht:p //c & ffe c to c com/Recif Ycu corpary Pee Sons key-crd A ska* de;cn h t'p :ccr hfedo c com/Recin Ycu corpary - Pet Son- keypad A ?krii daaihirp //ciifecka c com/Roci:Ycu corpary Fee Sons key Mad \ ska dosai Mp:/ crhfccko c conWRecir Ycu covpary - Pec Son keyword A ?kcri <fe?rrihTVhf 1 v c com/'Rccic Ycu ooirpay Pee Sone keypad A :ka desaih<tp://ca1ifcc1o c eorWReeipY c u eorpary PeeSon keyword A *km deiaihf p rwtif c com/Soeia Unite TogclSe1 ijEkc>vcd,orp Abdow:|htp:Aca 1 iFcelo c 00 ^ 01 Yeu eonrpary Pee Son* kpywrd A 1k n l d*1< fihrp / , r 1 if<rk/ c oom/Socia h*p:./ca iifcd o c com/Sona Unite 1ogetftw it k \ *jv w il: 01 p A t*W n*Km hrp/,r#fM#rk,j C corn/S otia Unite -1 vqeltisi i> C\ cvv*u J. ot p A U d oc 1 . 1 1 ( U p '/<.ahfaJ o t cont/Soei*Unite 1 oget'w fc \ >ve13:. orp Abref 0f :f hp ,chfck.* c corWTuibc I 0 0 1 1 ndo Unfia tho I r W p: Z/cerWccko 0 h t 'p V / L t f t f e i J a C corn/Undo UnOa the Tie Wp: //CfWd-1 * c com/Und* Under the I r# l ValifoJ o c com/RcoitYcu -j ii-a 1 -MerSon keypad A tkcrtdeicn Wtp: /cwWceJ-al con
1 20 12 0 1 1 1 2 0 1 2 0 1 1 1 2 0 1 2 0 1 1 1 2 -0 1 -2 0 1 1 1 2 0 12 0 1 1 9 4 6 4 12-01-2011 1 2 0 1 2 0 1 1 1 2 0 1 2 0 1 1 1 2 0 1 2 0 1 1 1 2 -0 1 -2 0 1 1 1 2 0 1 2 0 1 1 1 2 0 1 2 0 1 1 1 2 0 1 2 0 1 1 1 2 0 1 2 0 1 1 1 2 0 1 2 0 1 1 1 2 0 12 0 1 1 1 2 0 1 2 0 1 1 1 2 0 12 0 1 1 1 2 0 1 2 0 1 1 1 20 12 0 1 1 1 2 0 1 2 0 1 1 1 20 12 0 1 1 1 20 12 0 1 1 1
10049 3683 3089 4352 5767 5789 10147 10081 5762 9635 5828 9366 9594 8397 10804 1271G 8862 13274 12451 1409 16239 12143 16259 5227 8693 2963 5932 7909 11584 12-01 2 0 1 1 12 -0 1201 12-01 2011 12 -0 12011 1 2 -0 1All I LU 11
P0< *i f r o Key
tot Va'ifedo t
1 2 0 12 0 1 1 1 2 0 1 2 0 1 1 1 1 2 0 1 2 0 1 1 1 2 0 1 2 J 1 1 1 2 0 1 2 0 1 1
12
12-01^011 1 0
M o d u le 0 2 P a g e 2 4 3
E t h i c a l H a c k i n g a n d C o u n t e r m e a s u r e s C o p y r i g h t b y E C - C 0 l1 n C il A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d .
E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s F o o t p r in t in g a n d R e c o n n a is s a n c e
E x a m 3 1 2 - 5 0 C e r t if ie d E t h ic a l H a c k e r
A d d it io n a l F o o t p r in t in g T o o ls
C E H
Prefix W hois
cL U http://pwhois.org
Netmask
http://www.phenoelit-us.org
NetScanTools Pro
http://www.netscantools.com
Binging
http://www.blueinfy.com
Tctrace
http://www.phenoelit-us.org
Spiderzilla
http://spiderzilla.mo/dev.org
Sam Spade
http://www.majorgeeks.com
ifi
A
DNS DIGGER
http://www.dnsdigger.com
n <^KPj
Robtex
http://www.robtex.com
d d i t i o n a l
F o o t p r i n t i n g
T o o ls
In a d d i t i o n t o t h e f o o t p r i n t i n g t o o l s m e n t i o n e d p r e v i o u s l y , a f e w m o r e t o o l s a r e l i s t e d as f o llo w s : - S Q Q O S Q S S P re fix W h o is a v a ila b le a t h t t p : / / p w h o is . o r g N e tS c a n T o o ls P ro a v a ila b le a t h t t p : / / w w w . n e t s c a n t o o ls . c o m T c tra c e a v a ila b le a t h t t p : / / w w w . p h e n o e lit - u s . o r g A u t o n o m o u s S y s t e m S c a n n e r (A S S ) a v a i l a b l e a t h t t p : / / w w w . p h e n o e l i t - u s . o r g D N S D IG G E R a v a ila b le a t h t t p : / / w w w . d n s d i g g e r . c o m N e tm a s k a v a ila b le a t h t t p : / / w w w . p h e n o e lit - u s . o r g B in g in g a v a ila b le a t h ttp ://w w w .b lu e in fy .c o m S p id e rz illa a v a ila b le a t h t t p :/ / s p id e r z illa . m o z d e v . o r g S a m S p a d e a v a ila b le a t h t t p :/ / w w w .m a jo r g e e k s . c o m R o b te x a v a ila b le a t h t t p : / / w w w . r o b t e x . c o m
M o d u le 0 2 P a g e 2 4 4
E t h i c a l H a c k i n g a n d C o u n t e r m e a s u r e s C o p y r i g h t b y E C - C 0 U n C il A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d .
E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s F o o t p r in t in g a n d R e c o n n a is s a n c e
E x a m 3 1 2 - 5 0 C e r t if ie d E t h ic a l H a c k e r
A d d it io n a l F o o t p r in t in g T o o ls
( C o n t d )
(E H
(rtifw tf | tlfciijl U tkM
SpiderFoot
http://www.binarypool.com
CallerIP
http://www.callerippro.com
ActiveW hois
http://www.johnru.com
Zaba Search
http://www.zabasearch.com
m
Ww
yoName
http://yoname.com
j
GeoTrace
http://www.nabber.org
(? W
Ping-Probe
http://www.ping-probe.com
DomainHostingView
http://www.nirsoft.net
d d i t i o n a l
F o o t p r i n t i n g
T o o l s
( C
o n t d )
A d d i t i o n a l f o o t p r i n t i n g t o o l s t h a t a r e h e l p f u l in g a t h e r i n g i n f o r m a t i o n a b o u t t h e t a r g e t p e r s o n o r o r g a n iz a t io n a re lis te d as f o llo w s : Q Q Q 6 0 Q Q D ig W e b I n t e r f a c e a v a ila b le a t h t t p :/ / w w w .d ig w e b in t e r f a c e . c o m D o m a in R e s e a rc h T o o l a v a ila b le a t h t t p : / / w w w . d o m a in r e s e a r c h t o o l. c o m A c tiv e W h o is a v a ila b le a t h t t p : / / w w w . j o h n r u . c o m y o N a m e a v a ila b le a t h t t p : / / y o n a m e . c o m P in g -P ro b e a v a ila b le a t h t t p : / / w w w . p in g - p r o b e . c o m S p id e rF o o t a v a ila b le a t h t t p : / / w w w . b in a r y p o o l. c o m C a lle rIP a v a ila b le a t h t t p : / / w w w . c a l l e r i p p r o . c o m Z a b a S e a rc h a v a ila b le a t h t t p :/ / w w w .z a b a s e a r c h . c o m G e o T ra c e a v a ila b le a t h t t p : / / w w w . n a b b e r . o r g D o m a in H o s tin g V ie w a v a ila b le a t h t t p : / / w w w . n ir s o f t . n e t
M o d u le 0 2 P a g e 2 4 5
E t h i c a l H a c k i n g a n d C o u n t e r m e a s u r e s C o p y r i g h t b y E C - C O U I I C il A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d .
M o d u le
F lo w
So fa r we have discussed th e im portance o f fo o tp rin tin g , various ways in which fo o tp rin tin g can be p erfo rm ed , and the tools th a t can be used fo r fo o tp rin tin g . Now we w ill discuss the co unterm easures to be applied in o rd e r to avoid sensitive in fo rm a tio n disclosure.
x Footprinting Concepts
IH J Footprinting Tools
Footprinting Threats
C L ) Footprinting Methodology
% ((
This section lists various fo o tp rin tin g counterm easures to be applied at various levels.
M o d u le 0 2 P ag e 2 46
Ethical H acking a n d C o u n te rm e a s u re s C opyright by EC-C0l1nCil All Rights R eserved. R ep ro d u ctio n is Strictly P ro h ib ite d .
&
C onfigure routers to restrict th e responses to fo o tp rin tin g requests C onfigure w eb servers to avoid in fo rm a tio n leakage and disab le un w an ted protoco ls
Use an IDS th a t can be co nfigured to refuse su sp iciou s tra ffic and pick up fo o tp rin tin g patterns
Evaluate and lim it the am ount of inform ation available before publishing it on the w eb site/ Internet and disable the unnecessary services
Perform fo o tp rin tin g tech n iq u es and rem ove any sen sitive in fo rm a tio n fou n d
Prevent search engines fro m caching a w eb page and use an on ym ous registration services
Enforce secu rity policies to regulate th e in fo rm a tio n th a t em ployees can reveal to th ird parties
&
F o o tp r in tin g
C o u n te rm e a s u re s
F o o tp rin tin g co unterm easures are the measures or actions taken to co u n te r or o ffse t in fo rm a tio n disclosure. A fe w fo o tp rin tin g counterm easures are listed as follow s: y 9 Q Configure routers to re strict the responses to fo o tp rin tin g requests. Lock the ports w ith suitable fire w a ll co nfiguration. Evaluate and lim it the a m o un t o f in fo rm a tio n available before publishing it on w e b s ite /In te rn e t and disable the unnecessary services. Prevent search engines fro m caching a webpage and use anonym ous registration services. Q Configure w eb servers to avoid in fo rm a tio n leakage and disable unw anted protocols. Use an IDS th a t can be configured to refuse suspicious tra ffic and pick up fo o tp rin tin g patterns. Q Q Perform fo o tp rin tin g techniques and rem ove any sensitive in fo rm a tio n found. Enforce security policies to regulate the in fo rm a tio n th a t em ployees can reveal to th ird parties. the
M o d u le 0 2 Page 247
Ethical H acking a n d C o u n te rm e a s u re s C opyright by EC-C0UnCil All Rights R eserved. R ep ro d u ctio n is Strictly P ro h ib ite d .
F o o tp r in tin g
C o u n te rm e a s u re s (C o n td )
In a dd itio n to the counterm easures m entioned previously, you can apply the fo llo w in g counterm easures as w ell: Q Q S 9 Q Q Set apart the in terna l DNS and external DNS. Disable d ire cto ry listings and use split-DNS. Educate em ployees about various social e ngineering tricks and risks. Restrict unexpected in p ut such as |; < >. Avoid dom ain-level cross-linking fo r critical assets. Encrypt and password p ro te ct sensitive in fo rm a tio n . Do n ot enable protocols th a t are n ot required. Always use TCP/IP and IPSec filte rs. Configure IIS against banner grabbing.
M o d u le 0 2 P ag e 248
Ethical H acking a n d C o u n te rm e a s u re s C opyright by EC-C0UnCil All Rights R eserved. R ep ro d u ctio n is Strictly P ro h ib ite d .
So fa r we discussed all the necessary techniques and tools to te st th e security o f a system or n etw o rk. Now it is the tim e to put all those tech n iq ue s in to practice. Testing the security o f a system or n e tw o rk using sim ilar techniques as th a t o f an a ttacker w ith adequate perm issions is know n as p e n e tra tio n te stin g . The p en e tratio n te st should be conducted to check w h e th e r an a ttacker is able to reveal sensitive in fo rm a tio n in response to fo o tp rin tin g a tte m p ts.
*j Footprinting Concepts
|!!J!
Footprinting Tools
Footprinting Threats
FootPrint'ng Countermeasures
QO
Footprinting Methodology
M o d u le 0 2 P ag e 249
Ethical H acking a n d C o u n te rm e a s u re s C opyright by EC-C0UnCil All Rights R eserved. R ep ro d u ctio n is Strictly P ro h ib ite d .
P enetration testing is an evaluation m ethod o f system or n e tw o rk security. In this evaluation m ethod, the pen te s te r acts as a m alicious o utsid e r and sim ulates an attack to find the security loopholes.
M o d u le 0 2 P ag e 250
Ethical H acking a n d C o u n te rm e a s u re s C opyright by EC-C0UnCil All Rights R eserved. R ep ro d u ctio n is Strictly P ro h ib ite d .
F o o tp r in tin g
P e n T e s tin g
A fo o tp rin tin g pen te st is used to d ete rm ine an organization's publicly available in fo rm a tio n on th e In te rn e t such as n e tw o rk a rchitecture, ope ra tin g systems, applications, and users. In this m ethod, the pen te ste r trie s to gather publicly available sensitive in fo rm a tio n o f the ta rg e t by p retending to be an attacker. The ta rg e t may be a specific host or a n etw o rk. The pen te ste r can p erfo rm any attack th a t an attacker could p erfo rm . The pen te ste r should try all possible ways to gather as much in fo rm a tio n as possible in o rd e r to ensure m axim um scope o f fo o tp rin tin g pen testing. If the pen te ste r finds any sensitive in fo rm a tio n on any publicly available in fo rm a tio n resource, then he or she should e nte r the in fo rm a tio n and the respective source in the report. The m ajor advantages o f conducting p en e tra tio n testin g include: It gives you the chance to p revent DNS record retrieval fro m publically available servers. It helps you to avoid in fo rm a tio n leakage. It prevents social engineering a tte m p ts.
M o d u le 0 2 P ag e 251
Ethical H acking a n d C o u n te rm e a s u re s C opyright by EC-C0UnCil All Rights R eserved. R ep ro d u ctio n is Strictly P ro h ib ite d .
>
!1
F o o tp r in tin g
P e n T e s tin g ( C o n t d )
P enetration testing is a procedural way o f testin g the security in various steps. Steps should be fo llo w e d one a fte r the o th e r in o rd e r to ensure m a xim u m scope o f testing. Here are the steps involved in fo o tp rin tin g pen testing:
M o d u le 0 2 P ag e 252
Ethical H acking a n d C o u n te rm e a s u re s C opyright by EC-C0UnCil All Rights R eserved. R ep ro d u ctio n is Strictly P ro h ib ite d .
F o otp rin t search engines such as Google, Yahoo! Search, Ask, Bing, Dogpile, etc. to gather the ta rg e t organization's in fo rm a tio n such as em ployee details, login pages, in tra n e t portals, etc. th a t can help in p erfo rm ing social engineering and o th e r types o f advanced system attacks.
M o d u le 0 2 P ag e 253
Ethical H acking a n d C o u n te rm e a s u re s C opyright by EC-C0UnCil All Rights R eserved. R ep ro d u ctio n is Strictly P ro h ib ite d .
Perform em ail footprin tin g using tools such as e M a ilT ra ckerPro, P o lite M a il, Em ail Lookup - Free Em ail Tracker, etc. to gather inform ation about th e physical location o f an individual to perform social engineering that in turn may help in m apping target organization's netw ork
P e r fo rm e m a il fo o tp r in tin g V G a th e r c o m p e titiv e in te llig e n c e y P e rfo rm G o o g le h a c k in g V P e rfo rm W H O IS fo o tp rin tin g I...... I...... ;......
Use tools such as eM ailTrackerPro, P oliteM a il, etc. J Use tools such as Hoovers, LexisNexis, Business W ire, etc. J Use tools such as GHDB, M e ta G oofil, SiteDigger, etc.
G ather com p etitive intelligence using tools such as Hoovers, LexisNexis, Business W ire, etc. Perform G oogle hacking using tools such as GHDB, M e ta G o o fil, SiteDigger, etc.
Perform W HOIS footprin tin g using tools such as W HOIS Lookup, S m a rtW h ois, etc. to create detailed m ap o f organizational netw ork, to gather personal inform ation
that assists to perform social engineering, and to gather oth er internal netw ork details, etc.
F o o tp r in tin g
P e n T e s tin g
(C o n td )
M o d u le 0 2 P ag e 254
Ethical H acking a n d C o u n te rm e a s u re s C opyright by EC-C0UnCil All Rights R eserved. R ep ro d u ctio n is Strictly P ro h ib ite d .
Perform the WHOIS fo o tp rin tin g te ch n iq u e to e xtract in fo rm a tio n about p articula r dom ains. You can get in fo rm a tio n such as dom ain name, IP address, dom ain o w n e r name, registrant name, and th e ir contact details including phone num bers, em ail IDs, etc. Tools such as Sm artW hois, C ountryW hois, W hois Pro, and A ctiveW hois w ill in fo rm a tio n . help you to e xtract this in fo rm a tio n . You can use this in fo rm a tio n to p erfo rm social e ngineering to obtain m ore
M o d u le 0 2 P ag e 255
Ethical H acking a n d C o u n te rm e a s u re s C opyright by EC-C0UnCil All Rights R eserved. R ep ro d u ctio n is Strictly P ro h ib ite d .
tooSS J S SD IG ,
USLookup etc.
Peform footprints^ using too such as Path Ana yzer Pro. VTsualRoute 2010, Networic Pinger, etc. to c eate a ra p of the ta'get's netwo< Implement social e r j r e e - r j te :h r -Les such as eavesdropping d o d d e r surf ng and dum pster diving that ay help to 5atte r o e criticar nfoHrat'on aboLtthe ta get o tganaibon Gatfce ta get organ 2at on enp oyees infora t or. fron the pesara p*0F es on social netwo-icng ste s stc h as Facebook, Linkedln, Tvitter, Google*, Pinterest, e tc .th a ta s s s tto p e farr s3cia eri-'nee-lnJ At the end of per t e s t r doc um ert e the findings
C c c fe y
*J l
H c u a rv a e 0 -= -- aS hctfy *rr*fe1 ta S
F o o tp r in tin g
r
P e n T e s tin g ( C o n t d )
Perform DNS fo o tp rin tin g using too ls such as DIG, NsLookup, DNS Records, etc. to d ete rm ine key hosts in the n e tw o rk and p erfo rm social e ngineering attacks. Resolve th e dom ain name to learn abo u t its IP address, DNS records, etc.
M o d u le 0 2 P ag e 256
Ethical H acking a n d C o u n te rm e a s u re s C opyright by EC-C0UnCil All Rights R eserved. R ep ro d u ctio n is Strictly P ro h ib ite d .
M o d u le 0 2 P ag e 257
Ethical H acking a n d C o u n te rm e a s u re s C opyright by EC-C0UnCil All Rights R eserved. R ep ro d u ctio n is Strictly P ro h ib ite d .
F o o tp r in tin gP e nT e stin gR e p o r t E H T e m p la te s
Pen T e stin g R eport
Information obtained through search engines
|J ^ |J J ^ E m ployee d e ta ils : Login pages: In tr a n e t p o rta ls : T e ch n o lo g y p la tfo rm s : O th e rs: g ^ ^
Others:
Copyright by EG-G*ancil. All Rights Reserved. Reproduction is Strictly Prohibited.
F o o tp r in tin g
P e n
P e n T e s t in g R e p o r t T e m p la te s
R e p o r t
T e s tin g
P enetration testing is usually conducted to enhance the se curity p e rim e te r o f an organization. As a pen te ste r you should gather sensitive in fo rm a tio n such as server details, the operating system, etc. o f yo u r ta rg e t by conducting fo o tp rin tin g . Analyze the system and n e tw o rk defenses by breaking into its security w ith adequate perm issions (i.e., ethically) w ith o u t causing any damage. Find the loopholes and weaknesses in the n e tw o rk or system security. Now explain all the v u ln e ra b ilitie s along w ith respective counterm easures in a re p ort, i.e., the pen testin g re p ort. The pen testin g re p o rt is a re p o rt obtained a fte r p erfo rm ing n e tw o rk p en e tratio n tests o r security audits. It contains all the details such as types o f tests p erfo rm ed , the hacking tech n iq ue s used, and the results o f hacking activity. In a dd ition, the re p o rt also contains the highlights o f security risks and vu ln era b ilitie s o f an organization. If any vu ln e ra b ility is id e n tifie d during any test, the details o f th e cause o f vu ln e ra b ility along w ith the counterm easures are suggested. The re p o rt should always be kept c o n fid e n tia l. If this in fo rm a tio n falls in to the hands o f attacker, he o r she may use this in fo rm a tio n to launch attacks. The pen testing re p o rt should contain the fo llo w in g details:
M o d u le 0 2 P ag e 258
Ethical H acking a n d C o u n te rm e a s u re s C opyright by EC-C0UnCil All Rights R eserved. R ep ro d u ctio n is Strictly P ro h ib ite d .
P e n T e s tin g R e p o r t
Inform ation o b & in e d through search engines
|J Em ployee d etails Lofi n pages Intranet portals: 0 ^ T echnology platforms: Others: Q Q r
Q
Sea5Js3!>Itr1* rture:
Scripting platform s used:
^
m
B ^
M o d u le 0 2 P ag e 259
Ethical H acking a n d C o u n te rm e a s u re s C opyright by EC-C0UnCil All Rights R eserved. R ep ro d u ctio n is Strictly P ro h ib ite d .
F o o tp r in tin gP e nT e stin gR e p o r t T e m p la te s E 5 !
(C o n t d)
Pen T e stin g R eport
Information obtained through WHOIS footprinting ^
^ D o m a in n a m e d e ta ils : C o n ta c t d e ta ils o f d o m a in o w n e r:
Personal in fo rm a tio n : Financial in fo rm a tio n : O p e ra tin g e n v iro n m e n t: U ser nam es an d p a ssw ords: N e tw o rk la y o u t in fo rm a tio n : IP addresses a n d n am es o f servers: O th e rs:
D o m a in n a m e servers: N etra n g e :
%
m
^5
5 $
ft
^
%A
O th e rs:
F o o tp r in tin g
P e n T e s t in g R e p o r t T e m p la te s ( C o n t d )
Pen T e stin g R e p o rt
ft ra ? ft
* *
Financial inform ation: O perating en vironm ent: U sern am es and passwords: N etw ork layout information: IP a d d r e s s e s and nam es o f servers: O thers:
of servers:
O thers:
Personal p ro fies: W ort related information: N e w s and potertiai partners of th e target company: Educational and em p lo y m e n t b ack grou nd . O thers:
FIGURE 2.49: Pen Testing R eport show ing in fo rm a tio n o b ta in e d th ro u g h fo o tp rin tin g and social engineering
M o d u le 0 2 P ag e 260
Ethical H acking a n d C o u n te rm e a s u re s C opyright by EC-C0UnCil All Rights R eserved. R ep ro d u ctio n is Strictly P ro h ib ite d .
| 0
Footprinting is the process o f collecting as much in fo rm a tio n as possible ab o ut a target n etw ork, fo r id e ntifying various ways to in tru d e into an organization's ne tw o rk system It reduces attacker's attack area to specific range o f IP address, networks, dom ain names,
In fo rm a tion obtained from target's w ebsite enables an attacker to build a detailed map o f website's structu re and architecture Com petitive intelligence is th e process o f identifying, gathering, analyzing, verifying, and using in fo rm a tio n about yo u r com petitors from resources such as the Internet DNS records provide im p o rta n t info rm a tio n ab o ut location and typ e o f servers Attackers conduct trace ro u te to e xtract info rm a tio n about: n e tw o rk topology, trusted routers, and firew all locations Attackers gather sensitive info rm a tio n th ro u g h social engineering on social netw orking websites such as Facebook, MySpace, Linkedln, Twitter, Pinterest, Google+, etc.
M o d u le
S u m m a ry
F o otp rin tin g refers to uncovering and collecting as much in fo rm a tio n as possible about a ta rg e t o f attack. 9 It reduces attacker's attack area to specific range o f IP address, netw orks, dom ain names, rem ote access, etc. A ttackers use search engines to e xtract in fo rm a tio n abo u t a target. Info rm a tio n obtained fro m ta rg e t's w ebsite enables an a ttacker to build a detailed map o f w ebsite's stru ctu re and architecture. 9 C om petitive intelligence is the process o f id e ntifyin g , gathering, analyzing, verifying, and using in fo rm a tio n abo u t yo u r co m p e tito rs fro m resources such as the Inte rn e t. 9 Q DNS records provide im p o rta n t in fo rm a tio n about location and type o f servers. Attackers conduct tra ce ro u te to e xtract in fo rm a tio n about: n e tw o rk topology, tru sted routers, and fire w a ll locations. W Attackers gather sensitive in fo rm a tio n throu g h social engineering on social n e tw o rkin g w ebsites such as Facebook, MySpace, Linkedln, T w itte r, Pinterest, Google+, etc.
M o d u le 0 2 Page 261
Ethical H acking a n d C o u n te rm e a s u re s C opyright by EC-C0UnCil All Rights R eserved. R ep ro d u ctio n is Strictly P ro h ib ite d .