FOOTPRINTING
Footprinting is a part of reconnaissance process which is used for gathering possible information about a target computer system or network. Footprinting could be both passive and active.
Footprinting is a first and the important step because after this a penetration tester knows how the hacker sees this network.
To measure the security of a computer system, it is good to know more and more as you can because after this you will able to determine the path that a hacker will use to exploit this network.
Here is Scenario of the Footprinting -
The EC-Council divides footprinting and scanning into seven basic steps. These include
1. Information gathering
2. Determining the network range
3. Identifying active machines
4. Finding open ports and access points
5. OS fingerprinting
6. Fingerprinting services
7. Mapping the network
1. Information gathering
2. Determining the network range
3. Identifying active machines
4. Finding open ports and access points
5. OS fingerprinting
6. Fingerprinting services
7. Mapping the network
Information gathering means to find these:
zabasearch.com—Contains names, addresses, phone numbers, date of birth, and other information about individuals.
Inurl: This operator directs Google to search only within the specified URL of a document.
Example: inurl:search-text
Link: The link operator directs Google to search within hyperlinks for a specific term.
Example link:www.domain.com
Intitle: The intitle operator directs Google to search for a term within the title of a document.
Example intitle: “Index of...etc”
Internet: Domain name, network blocks, IP addresses open to Net, TCP and UDP services running, ACLs, IDSes
Intranet: Protocols (IP,NETBIOS), internal domain names, etc
| Remote Access: Phone numbers, remote control, telnet, authentication Extranet: Connection origination, destination, type, access control |
Website on an organisation is a first place from where penetration testing start, you can get the sensitive information about the network by using websites, you can get Phone Numbers, Contact Names, E-mail Addresses, and Personal Details. Beside the official website of the company an attacker might be use some social networking website like facebook to gather the appropriate information. Some other resources and a website that an attacker may use to get the maximum information about the organisation and it employees are:
zabasearch.com—Contains names, addresses, phone numbers, date of birth, and other information about individuals.
anywho.com—Phone book offering forward and reverse lookups.
maps.yahoo.com—Yahoo! map site.
You can use the facility of a search engine to perform footprinting,search engine like google, yahoo or altavista provide the plate form to gather the information. Advance google dorks may be use to get the information like:
Filetype: This operator directs Google to search only within the test of a particular type of file.
Example: filetype:xls
Example: filetype:xls
Inurl: This operator directs Google to search only within the specified URL of a document.
Example: inurl:search-text
Link: The link operator directs Google to search within hyperlinks for a specific term.
Example link:www.domain.com
Intitle: The intitle operator directs Google to search for a term within the title of a document.
Example intitle: “Index of...etc”
Footprinting helps to -
1. Know Security Posture – The data gathered will help us to get an overview of the security posture of the company such as details about the presence of a firewall, security configurations of applications etc.
2. Reduce Attack Area – Can identify a specific range of systems and concentrate on particular targets only. This will greatly reduce the number of systems we are focussing on.
3. Identify vulnerabilities – we can build an information database containing the vulnerabilities, threats, loopholes available in the system of the target organization.
4. Draw Network map – helps to draw a network map of the networks in the target organization covering topology, trusted routers, presence of server and other information.
1. Know Security Posture – The data gathered will help us to get an overview of the security posture of the company such as details about the presence of a firewall, security configurations of applications etc.
2. Reduce Attack Area – Can identify a specific range of systems and concentrate on particular targets only. This will greatly reduce the number of systems we are focussing on.
3. Identify vulnerabilities – we can build an information database containing the vulnerabilities, threats, loopholes available in the system of the target organization.
4. Draw Network map – helps to draw a network map of the networks in the target organization covering topology, trusted routers, presence of server and other information.
No comments:
Post a Comment