hacking module 02
TRANSCRIPT
8/9/2019 Hacking Module 02
http://slidepdf.com/reader/full/hacking-module-02 1/28
NMCSP2008 Batch-I
Module II
Footprinting
8/9/2019 Hacking Module 02
http://slidepdf.com/reader/full/hacking-module-02 2/28
Scenario
Adam is furious. He had applied for the networkengineer job at targetcompany.com He believesthat he was rejected unfairly. He has a good trackrecord, but the economic slowdown has seen manylayoffs including his. He is frustrated ± he needs a
job and he feels he has been wronged. Late in theevening he decides that he will prove his mettle.
W hat do you think Adam would do?
W here would he start and how would he go about it? Are there any tools that can help him in his effort?
Can he cause harm to targetcompany.com?
As a security professional, where can you lay checkpoints and how can you deploy countermeasures?
8/9/2019 Hacking Module 02
http://slidepdf.com/reader/full/hacking-module-02 3/28
Module Objectives
Overview of the Reconnaissance Phase
Introducing Footprinting
Understanding the information gatheringmethodology of hackers
Comprehending the implications
Learning some of the tools used forreconnaissance phase
Deploying countermeasures
8/9/2019 Hacking Module 02
http://slidepdf.com/reader/full/hacking-module-02 4/28
Module Flow
Reconnaissance
Information gathering
Defining Footprinting
Hacking Tools
8/9/2019 Hacking Module 02
http://slidepdf.com/reader/full/hacking-module-02 5/28
Revisiting Reconnaissance
ClearingTracks
Maintaining Access
Gaining Access
Scanning
ReconnaissanceClearing
Tracks
Maintaining Access
Gaining Access
Scanning
Reconnaissance
Reconnaissance refers tothe preparatory phase
where an attacker seeksto gather as muchinformation as possibleabout a target of evaluation prior tolaunching an attack.
It involves network scanning, either externalor internal, withoutauthorization.
8/9/2019 Hacking Module 02
http://slidepdf.com/reader/full/hacking-module-02 6/28
Defining Footprinting
Footprinting is the blueprinting of the security profile of an organization, undertaken in amethodological manner.
Footprinting is one of the three pre-attack phases. The others are scanning andenumeration.
Footprinting results in a unique organizationprofile with respect to networks (Internet/Intranet/Extranet/ W ireless) and systemsinvolved.
8/9/2019 Hacking Module 02
http://slidepdf.com/reader/full/hacking-module-02 7/28
Information Gathering Methodology
Unearth initial information
Locate the network range
Ascertain active machines
Discover open ports/access points
Detect operating systems
Uncover services on ports
Map the Network
8/9/2019 Hacking Module 02
http://slidepdf.com/reader/full/hacking-module-02 8/28
Unearthing Initial Information
C ommonly includes:
Domain name lookup
Locations
Contacts (Telephone/mail)
I nformation Sources:
Open source
W hoisNslookup
Hacking Tool:
Sam Spade
8/9/2019 Hacking Module 02
http://slidepdf.com/reader/full/hacking-module-02 9/28
Passive Information Gathering
To understand the current security status of aparticular Information System, theorganizations carry out either a PenetrationTest or utilizing other hacking techniques.
Passive information gathering is done by finding out the details that are freely availableover the net and by various other techniques
without directly coming in contact with theorganization¶s servers.
8/9/2019 Hacking Module 02
http://slidepdf.com/reader/full/hacking-module-02 10/28
Competitive Intelligence Gathering
Competitive Intelligence Gathering is theprocess of gathering information fromresources such as the Internet.
The competitive intelligence is non-interferingand subtle in nature.
Competitive Intelligence is both a product andprocess.
8/9/2019 Hacking Module 02
http://slidepdf.com/reader/full/hacking-module-02 11/28
Competitive Intelligence Gathering (contd.)
The various issues involved in CompetitiveIntelligence are:
Data Gathering
Data Analysis Information Verification
Information Security
Cognitive Hacking
Single source
Multiple source
8/9/2019 Hacking Module 02
http://slidepdf.com/reader/full/hacking-module-02 12/28
Hacking Tools
W hois
Nslookup
ARIN
Neo Trace
VisualRoute Trace
Smart W hois
VisualLookout
eMailTrackerPro
8/9/2019 Hacking Module 02
http://slidepdf.com/reader/full/hacking-module-02 13/28
W hois
Registrant:targetcompany (targetcompany-DOM)# Street AddressCity, ProvinceState, Pin, Country Domain Name: targetcompany.COM
Domain servers in listed order:
NS1.WEBHOST.COM XXX.XXX.XXX.XXX
NS2.WEBHOST.COM XXX.XXX.XXX.XXX
Administrativ eContact:Surname, Name (SNIDNo-ORG) [email protected]
targetcompany (targetcompany-DOM) # Street AddressCity, Province, State, Pin, Country Telephone: XXXXX Fax XXXXX
Technical Contact:
Surname, Name (SNIDNo-ORG) [email protected] (targetcompany-DOM) # Street AddressCity, Province, State, Pin, Country Telephone: XXXXX Fax XXXXX
8/9/2019 Hacking Module 02
http://slidepdf.com/reader/full/hacking-module-02 14/28
Nslookup
http://www.btinternet.com/~simon.m.parker/IP-utils/nslookup_download.htm
Nslookup is a program to query Internet domain nameservers. Displays information that can be used to
diagnose Domain Name System (DNS) infrastructure. Helps find additional IP addresses if authoritative DNS
is known from whois.
MX record reveals the IP of the mail server.
Both Unix and W indows come with an Nslookup client. Third party clients are also available ± e.g. Sam Spade.
8/9/2019 Hacking Module 02
http://slidepdf.com/reader/full/hacking-module-02 15/28
Scenario (contd.)
Adam knows that targetcompany is based in NJ.
However, he decides to check it out. He runs a
whois from an online whois client and notes the
domain information. He takes down the email IDs
and phone numbers. He also discerns the domain
server IP s and does an interactive Nslookup.
Ideally, what is the extent of information that should be revealed to
Adam during this quest?
Are there any other means of gaining information? Can he use the
information at hand in order to obtain critical information?
W hat are the implications for the target company? Can he cause
harm to targetcompany.com at this stage?
8/9/2019 Hacking Module 02
http://slidepdf.com/reader/full/hacking-module-02 16/28
Locate the Network Range
C ommonly includes:
Finding the range of IP
addresses
Discerning the subnet mask
I nformation Sources:
ARIN (American Registry of
Internet Numbers)
Traceroute
Hacking Tool:
NeoTrace
Visual Route
8/9/2019 Hacking Module 02
http://slidepdf.com/reader/full/hacking-module-02 17/28
8/9/2019 Hacking Module 02
http://slidepdf.com/reader/full/hacking-module-02 18/28
Screenshot: ARIN W hois Output
ARIN allows search on the whoisdatabase to locate information onnetworks autonomous systemnumbers (ASNs), network-relatedhandles and other related point of contact (POC).
8/9/2019 Hacking Module 02
http://slidepdf.com/reader/full/hacking-module-02 19/28
Traceroute
Traceroute works by exploiting a feature of the Internet
Protocol called TTL, or Time To Live.
Traceroute reveals the path IP packets travel between
two systems by sending out consecutive UDP packets
with ever-increasing TTLs .
As each router processes a IP packet, it decrements the
TTL. W
hen the TTL reaches zero, it sends back a "TTLexceeded" message (using ICMP) to the originator.
Routers with DNS entries reveal the name of routers,
network affiliation and geographic location.
8/9/2019 Hacking Module 02
http://slidepdf.com/reader/full/hacking-module-02 20/28
Tool: NeoTrace (Now McAfee Visual Trace)
NeoTrace shows thetraceroute output visually ± map view,node view and IP view
8/9/2019 Hacking Module 02
http://slidepdf.com/reader/full/hacking-module-02 21/28
Tool: VisualRoute Trace
www.visualware.com/download/
It shows the connection path andthe places where bottlenecks occur
8/9/2019 Hacking Module 02
http://slidepdf.com/reader/full/hacking-module-02 22/28
Tool: Smart W hois
http://www.softdepia.com/smartwhois_download_491.html
Smart W hois is a useful network information utility that allows you to find out all available informationabout an IP address, host name, or domain, includingcountry, state or province, city, name of the network
provider, administrator and technical support contactinformation.
Unlike standard W hois utilities,Smart W hois can find theinformation about a computer
located in any part of the world,intelligently querying the rightdatabase and delivering all therelated records within a few
seconds.
8/9/2019 Hacking Module 02
http://slidepdf.com/reader/full/hacking-module-02 23/28
Scenario (contd.)
Adam makes a few searches and gets someinternal contact information. He calls thereceptionist and informs her that HR had asked him to get in touch with a specific person in the IT division. I t¶s lunch hour, and he says he¶ d rather
e-mail the person concerned than disturb him. Hechecks up the mail id on newsgroups and stumbleson an IP recording. He traces the IP destination.
W hat preventive measures can you suggest to check theavailability of sensitive information?
W hat are the implications for the target company? Canhe cause harm to target company at this stage?
W hat do you think he can do with the information hehas obtained?
8/9/2019 Hacking Module 02
http://slidepdf.com/reader/full/hacking-module-02 24/28
Tool: VisualLookout
http://www.visualware.com/
VisualLookout provides high level views as well as detailed andhistorical views that provide trafficinformation in real-time or on ahistorical basis.
In addition the user can request a"connections" window for any server, which provides a real-time view of all the active network connections showing
w ho is connected,
w hat service is being used,
whether the connection isinbound or outbound, and
ho w many connections areactive and how long they have been connected.
8/9/2019 Hacking Module 02
http://slidepdf.com/reader/full/hacking-module-02 25/28
Screenshot: VisualRoute Mail Tracker
It shows the number of hops madeand the respective IP addresses,Node names, Locations, Timezones, Networks, etc.
8/9/2019 Hacking Module 02
http://slidepdf.com/reader/full/hacking-module-02 26/28
Tool: eMailTrackerPro
eMailTrackerPro is the e-mailanalysis tool that enables analysisof an e-mail and its headersautomatically providing graphical
results
8/9/2019 Hacking Module 02
http://slidepdf.com/reader/full/hacking-module-02 27/28
Tool: Mail Tracking (mailtracking.com)
Mail Tracking is atracking service thatallows the user to track when his mail was read,
how long the message was open and how oftenit was read. It alsorecords forwards andpassing of sensitiveinformation (MS Office
format)
8/9/2019 Hacking Module 02
http://slidepdf.com/reader/full/hacking-module-02 28/28
Summary
The information gathering phase can be categorized
broadly into seven phases.
Footprinting renders a unique security profile of a
target system. W hois and ARIN can reveal public information of a
domain that can be leveraged further.
Traceroute and mail tracking can be used to target
specific IPs and later for IP spoofing.
Nslookup can reveal specific users and zone transfers
can compromise DNS security.