Upload
anhtuhu
View
234
Download
0
Embed Size (px)
Citation preview
8/8/2019 CEH v5 Module 02 Foot Printing
1/94
Ethical Hacking Version 5
Module IIFootprinting
8/8/2019 CEH v5 Module 02 Foot Printing
2/94
EC-CouncilCopyright by EC-Council
All Rights reserved. Reproduction is strictly prohibited
Scenario
Mason is fuming with anger! The notebook which he had orderedonline from Xmachi Inc., did not have the configuration that he hadrequested.
When contacted, the customer care department gave a cold response. Vengeance crept into his mind. Finally he decided to teach thenotebook manufacturer a lesson.
Being a Network Administrator of his firm, he knew exactly what he was supposed to do.
What will Mason do to defame the notebook manufacturer?
What information will Mason need to achieve his goal?
8/8/2019 CEH v5 Module 02 Foot Printing
3/94
EC-CouncilCopyright by EC-Council
All Rights reserved. Reproduction is strictly prohibited
Security News
Source Courtesy : http://www.securityfocus.com/news/11412
8/8/2019 CEH v5 Module 02 Foot Printing
4/94
EC-CouncilCopyright by EC-Council
All Rights reserved. Reproduction is strictly prohibited
Module Objective
This module will familiarize you with the following:
Overview of the Reconnaissance Phase
Footprinting: An Introduction
Information Gathering Methodology of Hackers
Competitive Intelligence gathering
Tools that aid in Footprinting
Footprinting steps
8/8/2019 CEH v5 Module 02 Foot Printing
5/94
EC-CouncilCopyright by EC-Council
All Rights reserved. Reproduction is strictly prohibited
Module Flow
Reconnaissance Phase
Steps to performFootprinting
Competitive Intelligence
Gathering
Information GatheringMethodology
Tools Used forFootprintingFootprinting
8/8/2019 CEH v5 Module 02 Foot Printing
6/94
EC-CouncilCopyright by EC-Council
All Rights reserved. Reproduction is strictly prohibited
Revisiting Reconnaissance
ClearingTracks
Maintaining Access
Gaining Access
Scanning
Reconnaissance ClearingTracks
Maintaining Access
Gaining Access
Scanning
Reconnaissance
Reconnaissance refers to the
preparatory phase where anattacker seeks to gather as
much information as possible
about a target of evaluationprior to launching an attack
It involves network scanning,
either external or internal,
without authorization
8/8/2019 CEH v5 Module 02 Foot Printing
7/94
EC-CouncilCopyright by EC-Council
All Rights reserved. Reproduction is strictly prohibited
Defining Footprinting
Footprinting is the blueprint of thesecurity profile of an organization,undertaken in a methodologicalmanner
Footprinting is one of the three pre-attack phases. The others are scanningand enumeration
An attacker will spend 90% of the timein profiling an organization andanother 10% in launching the attack
Footprinting results in a unique
organization profile with respect tonetworks (Internet/intranet/extranet/wireless) andsystems involved
8/8/2019 CEH v5 Module 02 Foot Printing
8/94
EC-CouncilCopyright by EC-Council
All Rights reserved. Reproduction is strictly prohibited
Information Gathering Methodology
Unearth initial information
Locate the network range
Ascertain active machines
Discover open ports/access points
Detect operating systems
Uncover services on ports
Map the network
8/8/2019 CEH v5 Module 02 Foot Printing
9/94
EC-CouncilCopyright by EC-Council
All Rights reserved. Reproduction is strictly prohibited
Unearthing Initial Information
Commonly includes :
Domain name lookup
Locations
Contacts (telephone /mail)
Information sources :
Open source
Whois
Nslookup
Hacking tool
Sam Spade
8/8/2019 CEH v5 Module 02 Foot Printing
10/94
EC-CouncilCopyright by EC-Council
All Rights reserved. Reproduction is strictly prohibited
Finding a Companys URL
Search for a companys URL using a search engine such as www.google.com
Type the companys name in the search engine to get the company URL
Google provides rich information to perform passive
reconnaissanceCheck newsgroups, forums, and blogs for sensitive informationregarding the network
8/8/2019 CEH v5 Module 02 Foot Printing
11/94
EC-CouncilCopyright by EC-Council
All Rights reserved. Reproduction is strictly prohibited
Internal URL
By taking a guess, you may find aninternal company URL
You can gain access to internalresources by typing an internal URL For example:
beta.xsecurity.com customers.xsecurity.com products.xsecurity.com Partners.xsecurity.com Intranet.xsecurity.com Asia.xsecurity.com Namerica.xsecurity.com Samerica.xsecurity.com
Japan.xsecurity.com London.xsecurity.com Hq.xsecurityc.om Finance.xsecurity.com www2.xsecurity.com www3.xsecurity.com
8/8/2019 CEH v5 Module 02 Foot Printing
12/94
EC-CouncilCopyright by EC-Council
All Rights reserved. Reproduction is strictly prohibited
Extracting Archive 0f a Website
You can get information on a company website since itslaunch at www.archive.org For example: www.eccouncil.org
You can see updates made to the website You can look for employee database, past products,
press releases, contact information, and more
8/8/2019 CEH v5 Module 02 Foot Printing
13/94
EC-CouncilCopyright by EC-Council
All Rights reserved. Reproduction is strictly prohibited
Archive.org Snapshot
8/8/2019 CEH v5 Module 02 Foot Printing
14/94
EC-CouncilCopyright by EC-Council
All Rights reserved. Reproduction is strictly prohibited
Google Search for Companys Info.
Using Google, search company news and press releasesFrom this information, get the companys infrastructuredetails
8/8/2019 CEH v5 Module 02 Foot Printing
15/94
EC-CouncilCopyright by EC-Council
All Rights reserved. Reproduction is strictly prohibited
People Search
You can find personal information using People search
For example, http://people.yahoo.com For example, http://www.intellius.com You can get details like residential addresses, contactnumbers, date of birth, and change of location You can get satellite pictures of private residences
8/8/2019 CEH v5 Module 02 Foot Printing
16/94
EC-CouncilCopyright by EC-Council
All Rights reserved. Reproduction is strictly prohibited
People Search Website
8/8/2019 CEH v5 Module 02 Foot Printing
17/94
EC-CouncilCopyright by EC-Council
All Rights reserved. Reproduction is strictly prohibited
Satellite Picture of a Residence
8/8/2019 CEH v5 Module 02 Foot Printing
18/94
EC-CouncilCopyright by EC-Council
All Rights reserved. Reproduction is strictly prohibited
Footprinting Through Job Sites
You can gather company infrastructure detailsfrom job postings
Look for company infrastructure postings such aslooking for system administrator to manageSolaris 10 networkThis means that the company has Solaris networkson site
E.g., www.jobsdb.com
Job requirements
Employee profileHardware information
Software information
8/8/2019 CEH v5 Module 02 Foot Printing
19/94
EC-CouncilCopyright by EC-Council
All Rights reserved. Reproduction is strictly prohibited
Footprinting Through Job Sites
8/8/2019 CEH v5 Module 02 Foot Printing
20/94
EC-CouncilCopyright by EC-Council
All Rights reserved. Reproduction is strictly prohibited
Footprinting Through Job Sites
8/8/2019 CEH v5 Module 02 Foot Printing
21/94
EC-CouncilCopyright by EC-Council
All Rights reserved. Reproduction is strictly prohibited
Passive Information Gathering
To understand the current security status of a particular Information
System, organizations perform either a Penetration Testing or other
hacking techniques
Passive information gathering is done by finding out the details that
are freely available over the Internet and by various other techniques without directly coming in contact with the organizations servers
Organizational and other informative websites are exceptions as the
information gathering activities carried out by an attacker do notraise suspicion
8/8/2019 CEH v5 Module 02 Foot Printing
22/94
EC-CouncilCopyright by EC-Council
All Rights reserved. Reproduction is strictly prohibited
Competitive Intelligence Gathering
Business moves fast. Product cycles aremeasured in months, not years. Partners become rivals quicker than you can say breach of contract. So how can you possibly hope to keep up with your competitors if youcan't keep an eye on them?
Competitive intelligence gathering is theprocess of gathering information about yourcompetitors from resources such as theInternet
The competitive intelligence is non-interfering and subtle in nature
Competitive intelligence is both a product anda process
8/8/2019 CEH v5 Module 02 Foot Printing
23/94
EC-CouncilCopyright by EC-Council
All Rights reserved. Reproduction is strictly prohibited
Competitive Intelligence Gathering (contd)
The var ious issues involved in com petitive intelligence are: Data gathering
Data analysis Information verification
Information security
Cognitive hack ing:
Single source Multiple source
8/8/2019 CEH v5 Module 02 Foot Printing
24/94
EC-CouncilCopyright by EC-Council
All Rights reserved. Reproduction is strictly prohibited
Why Do You Need Competitive
Intelligence?Compare your products with that of yourcompetitors offerings
Analyze your market positioning compared to thecompetitorsPull up list of competing companies in themarket
Extract salespersons war stories on how dealsare won and lost in the competitive arenaProduce a profile of CEO and the entiremanagement staff of the competitorPredict their tactics and methods based on theirprevious track record
8/8/2019 CEH v5 Module 02 Foot Printing
25/94
EC-CouncilCopyright by EC-Council
All Rights reserved. Reproduction is strictly prohibited
Competitive Intelligence Resourcehttp://www.bidigital.com/ci/
8/8/2019 CEH v5 Module 02 Foot Printing
26/94
EC-CouncilCopyright by EC-Council
All Rights reserved. Reproduction is strictly prohibited
Companies Providing Competitive
Intelligence ServicesCarratu International
http://www.carratu.com
CI Center http://www.cicentre.com
CORPORATE CRIME MANAGEMENT http://www.assesstherisk.com
Marven Consulting Group http://www.marwen.ca
SECURITY SCIENCES CORPORATION http://www.securitysciences.com
Lubrinco http://www.lubrinco.com
8/8/2019 CEH v5 Module 02 Foot Printing
27/94
EC-CouncilCopyright by EC-Council
All Rights reserved. Reproduction is strictly prohibited
Competitive Intelligence - When Did ThisCompany Begin? How Did It Develop?
Laser D for Annual Reports to Stockholders & 10-Ks (Reference Room - workstation #12)
EDGAR database - for 10-K and other report filed with the SEC (alsoBusiness Database Selection Tool )
International Directory of Company Histories (Reference - HD 2721 D36)
Mergent Online - company history and joint ventures ( Business Database
Selection Tool )Notable Corporate Chronologies (Reference - HD 2721 N67 1995)
ORION , UCLA's Online Library Information System ( Business DatabaseSelection Tool )
Enter Search Terms: general electric [for books on GE] , click on button: Search Subject Words
8/8/2019 CEH v5 Module 02 Foot Printing
28/94
EC-CouncilCopyright by EC-Council
All Rights reserved. Reproduction is strictly prohibited
Competitive Intelligence - Who Leads ThisCompany?
ABI/INFORM Global (Business Database Selection Tool )Search for: microsoft in Subject; AND; biographies in
Subject; Search
Hoover's Online - Company Profile includes Key People. ( BusinessDatabase Selection Tool )
Also in print as Hoover's Handbook of American Business (Reference -
HG 4057 A28617)National Newspaper Index (Business Database Selection Tool )
Type in: exxon ; Search
Reference Book of Corpora te Managements (Reference Index Area,section 5)
Who's Who in Finance and Industry (Reference Index Area, section 5)
8/8/2019 CEH v5 Module 02 Foot Printing
29/94
EC-CouncilCopyright by EC-Council
All Rights reserved. Reproduction is strictly prohibited
Competitive Intelligence - What Are ThisCompany's Plans?
ABI/INFORM Global (Business Database Selection Tool )Search for: mci in Company/Org.; AND; alliances in Subject;OR; market strategy in Subject; Search
LexisNexis Academic (Business Database Selection Tool )Business; Industry & Market; Keyword: Palm; Industry:Computer & Telecom; Date: Previous six months; Search
Business & Industry (Web) (Business Database SelectionTool )200X BUS_IND, Open; Search/Modify, Company Name;Search/Modify, Business Subject, Modify: Company Forecasts; OK Factiva (Business Database Selection Tool )Enter free-text terms: intel near plans; Select date: in the last year; Select sources: All Content; Run Search
8/8/2019 CEH v5 Module 02 Foot Printing
30/94
EC-CouncilCopyright by EC-Council
All Rights reserved. Reproduction is strictly prohibited
Competitive Intelligence - What DoesExpert Opinion Say About The Company? ABI/INFORM Global [academics] ( BusinessDatabase Selection Tool )
First Call [analyst reports] ( Business DatabaseSelection Tool )FINDEX: Directory of Market ResearchReports (Reference - HF 5415.2 F493)Market Research Monitor (Business DatabaseSelection Tool )
Multex [analyst reports] ( Business DatabaseSelection Tool )
Nelson's Directory of Investment Research (Reference- HG 4907 N43) Wall Street Transcript "TWST Roundtable Forums"
and "CEO Forums" Features (Unbound Periodicals -2nd floor)[analysts' discussion of a given industry, see this
sample issue with Semiconductor Equipment Industry Roundtable]
8/8/2019 CEH v5 Module 02 Foot Printing
31/94
EC-CouncilCopyright by EC-Council
All Rights reserved. Reproduction is strictly prohibited
Competitive Intelligence - Who Are TheLeading Competitors?
Business Rankings Annual (Reference - HG 4057 A353)
Hoover's Online - Top Competitors free, MoreCompetitors available, use ( Business Database SelectionTool )
Market Share Reporter (Reference - HF 5410 M37)
U.S. Patent and Trademark Office [identify players in
emerging product areas, see also other patent resources ]Reference USA [companies by SICs andmore] ( Business Database Selection Tool )
TableBase (Web) [find market shares withinarticles] ( Business Database Selection Tool )
Ward's Business Directory of U.S. Private and PublicCompanies (Reference Room, Index Section 1)
World Market Share Reporter (Reference - HF 1416 W67)
8/8/2019 CEH v5 Module 02 Foot Printing
32/94
EC-CouncilCopyright by EC-Council
All Rights reserved. Reproduction is strictly prohibited
Public and Private Websites
A company might maintain public and private websites fordifferent levels of access
Footprint an organizations public www servers Example:
www.xsecurity.com
www.xsecurity.net
www.xsecurity.net
Footprint an organizations sub domains (private) Example:
http://partners.xsecurity.com
http://intranet.xsecurity.com
http://channels.xsecurity.com
http://www2.xsecurity.com
8/8/2019 CEH v5 Module 02 Foot Printing
33/94
EC-CouncilCopyright by EC-Council
All Rights reserved. Reproduction is strictly prohibited
DNS Enumerator
DNS Enumerator is an automated sub-domain retrieval toolIt scans Google to extract the results
8/8/2019 CEH v5 Module 02 Foot Printing
34/94
EC-CouncilCopyright by EC-Council
All Rights reserved. Reproduction is strictly prohibited
SpiderFoot
SpiderFoot is a free, open-source, domain footprinting tool which will scrape the websites on that domain, as well as search Google,
Netcraft, Whois, and DNS to build up information like:
Subdomains
Affiliates
Web server versions
Users (i.e. /~user)
Similar domains
Email addresses Netblocks
8/8/2019 CEH v5 Module 02 Foot Printing
35/94
EC-CouncilCopyright by EC-Council
All Rights reserved. Reproduction is strictly prohibited
SpiderFoot
8/8/2019 CEH v5 Module 02 Foot Printing
36/94
EC-CouncilCopyright by EC-Council
All Rights reserved. Reproduction is strictly prohibited
Sensepost Footprint Tools - 1 www.sensepost.com
BiLE.pl
BiLE leans on Google and HTTrack to automate the collections to and fromthe target site, and then applies a simple statistical weighing algorithm todeduce which websites have the strongest relationships with the target site
Command: perl BiLE.pl www.sensepost.com sp_bile_out.txt
BiLE-weigh.pl
BiLE-weigh, which takes the output of BiLE and calculates the significance of each site found
Command: perl bile-weigh.pl www.sensepost.com
sp_bile_out.txt.mine out.txt
tld-expand.pl
The tld-expand.pl script is used to find domains in any other TLDs
Command: perl exp-tld.pl [input file] [output file]
8/8/2019 CEH v5 Module 02 Foot Printing
37/94
EC-CouncilCopyright by EC-Council
All Rights reserved. Reproduction is strictly prohibited
Sensepost Footprint Tools - 2 www.sensepost.com
vet-IPrange.pl The results from the BiLE-weigh have listed a number of domains with
their relevance to target website Command:
per l vet-IPra nge.pl [input file] [tru e dom ain file] [output file]BiLE-weigh.pl
qtrace.pl qtrace is used to plot the boundaries of networks. It uses a heavily
modified traceroute using a #custom compiled hping# to performmultiple traceroutes to boundary sections of a class C network
Command: per l qtrace.pl [ip_addr ess_file] [output_file]
vet-mx.pl The tool performs MX lookups for a list of domains, and stores each IP it
gets in a file Command:
per l vet-m x.pl [inpu t file] [tru e dom ain file] [output file]
8/8/2019 CEH v5 Module 02 Foot Printing
38/94
EC-CouncilCopyright by EC-Council
All Rights reserved. Reproduction is strictly prohibited
Sensepost Footprint Tools - 3 www.sensepost.com
jarf-rev jarf-rev is used to perform a reverse DNS lookup on an IP range. All
reverse entries that match the filter file are displayed to screen Command:
perl jarf-rev [subnetblock]
pe rl jar f-r ev 192.168.37.1-192.168.37.118
jarf-dnsbrute The jarf-dnsbrute script is a DNS brute forcer, for when DNS zone
transfers are not allowed. jarf-dnsbrute will perform forward DNSlookups using a specified domain name with a list of names for hosts.
Command: perl jarf-dnsbru te [domain_nam e] [file_with_nam es]
8/8/2019 CEH v5 Module 02 Foot Printing
39/94
EC-CouncilCopyright by EC-Council
All Rights reserved. Reproduction is strictly prohibited
Wikito Footprinting Tool
8/8/2019 CEH v5 Module 02 Foot Printing
40/94
EC-CouncilCopyright by EC-Council
All Rights reserved. Reproduction is strictly prohibited
Web Data Extractor Tool
Use this tool to extracttargeted companyscontact data (email,
phone, fax) from theInternetExtract url, meta tag(title, desc, keyword) for website promotion,search directory creation, web research
8/8/2019 CEH v5 Module 02 Foot Printing
41/94
EC-CouncilCopyright by EC-Council
All Rights reserved. Reproduction is strictly prohibited
Additional Footprinting Tools
WhoisNslookup
ARINNeo Trace VisualRoute TraceSmartWhois
eMailTrackerPro Website watcherGoogle EarthGEO Spider
HTTrack Web CopierE-mail Spider
8/8/2019 CEH v5 Module 02 Foot Printing
42/94
EC-CouncilCopyright by EC-Council
All Rights reserved. Reproduction is strictly prohibited
Whois Lookup
With whois lookup, you can get personal and contactinformation For example, www.samspade.com
8/8/2019 CEH v5 Module 02 Foot Printing
43/94
EC-CouncilCopyright by EC-Council
All Rights reserved. Reproduction is strictly prohibited
Whois
Registrant:targetcompany (targetcompany-DOM)# Street AddressCity, ProvinceState, Pin, Country Domain Name : targetcompany.COM
Domain servers in listed order: NS1.WEBHOST.COM XXX.XXX.XXX.XXX NS2.WEBHOST.COM XXX.XXX.XXX.XXX
Administrative Contact:Surname, Name (SNIDNo-ORG) t [email protected] (targetcompany-DOM) # Street AddressCity, Province, State, Pin, Country Telephone: XXXXX Fax XXXXX
Technical Contact :Surname, Name (SNIDNo-ORG) t [email protected] (targetcompany-DOM) # Street AddressCity, Province, State, Pin, Country Telephone: XXXXX Fax XXXXX
8/8/2019 CEH v5 Module 02 Foot Printing
44/94
EC-CouncilCopyright by EC-Council
All Rights reserved. Reproduction is strictly prohibited
Online Whois Tools
www.samspade.org www.geektools.com www.whois.net www.demon.net
8/8/2019 CEH v5 Module 02 Foot Printing
45/94
EC-CouncilCopyright by EC-Council
All Rights reserved. Reproduction is strictly prohibited
Nslookup
http://www.btinternet.com/~simon.m.parker/IP-utils/nslookup_download.htm
Nslookup is a program to query Internet domain nameservers. Displays information that can be used todiagnose Domain Name System (DNS) infrastructureHelps find additional IP addresses if authoritative DNSis known from whoisMX record reveals the IP of the mail serverBoth Unix and Windows come with a Nslookup client
Third party clients are also available for example,Sam Spade
8/8/2019 CEH v5 Module 02 Foot Printing
46/94
EC-CouncilCopyright by EC-Council
All Rights reserved. Reproduction is strictly prohibited
Extract DNS information
Using www.dnsstuff.com , you can extractDNS information such as: Mail server extensions
IP addresses
8/8/2019 CEH v5 Module 02 Foot Printing
47/94
EC-CouncilCopyright by EC-Council
All Rights reserved. Reproduction is strictly prohibited
Snapshot
8/8/2019 CEH v5 Module 02 Foot Printing
48/94
EC-CouncilCopyright by EC-Council
All Rights reserved. Reproduction is strictly prohibited
Types of DNS Records
8/8/2019 CEH v5 Module 02 Foot Printing
49/94
EC-CouncilCopyright by EC-Council
All Rights reserved. Reproduction is strictly prohibited
Necrosoft Advanced DIG
Necrosoft AdvancedDIG (ADIG) is aTCP-based DNS
client that supportsmost of the availableoptions, including AXFR zone transfer
8/8/2019 CEH v5 Module 02 Foot Printing
50/94
EC-CouncilCopyright by EC-Council
All Rights reserved. Reproduction is strictly prohibited
Locate the Network Range
Commonly includes:
Finding the range of IP
addresses
Discerning the subnetmask
Information Sources: ARIN (American Registry
of Internet Numbers)
Traceroute
Hacking Tool:
NeoTrace
Visual Route
8/8/2019 CEH v5 Module 02 Foot Printing
51/94
EC-CouncilCopyright by EC-Council
All Rights reserved. Reproduction is strictly prohibited
ARIN
http://www.arin.net/whois/
ARIN allows searches on the whois database to locateinformation on a networksautonomous system numbers(ASNs), network-relatedhandles, and other relatedpoint of contact (POC)
ARIN whois allows querying
the IP address to help findinformation on the strategy used for subnet addressing
h h
8/8/2019 CEH v5 Module 02 Foot Printing
52/94
EC-CouncilCopyright by EC-Council
All Rights reserved. Reproduction is strictly prohibited
Screenshot: ARIN Whois Output
ARIN allows searches onthe whois database to locateinformation on a networksautonomous systemnumbers (ASNs), network-related handles, and otherrelated point of contact(POC).
T
8/8/2019 CEH v5 Module 02 Foot Printing
53/94
EC-Council Copyright by EC-Council All Rights reserved. Reproduction is strictly prohibited
Traceroute
Traceroute works by exploiting a feature of the InternetProtocol called TTL, or Time To Live
Traceroute reveals the path IP packets travel between twosystems by sending out consecutive sets of UDP or ICMPpackets with ever-increasing TTLs
As each router processes an IP packet, it decrements theTTL. When the TTL reaches zero, that router sends back a"TTL exceeded" message (using ICMP) to the originator
Routers with reverse DNS entries may reveal the name of routers, network affiliation, and geographic location
T R A l i
8/8/2019 CEH v5 Module 02 Foot Printing
54/94
EC-Council Copyright by EC-Council All Rights reserved. Reproduction is strictly prohibited
Trace Route Analysis
Traceroute is a program that can be used to determine the pathfrom source to destination
By using this information, an attacker determines the layout of anetwork and the location of each device
For example, after running several traceroutes, an attacker mightobtain the following information:
traceroute 1.10.10.20, second to last hop is 1.10.10.1
traceroute 1.10.20.10, third to last hop is 1.10.10.1
traceroute 1.10.20.10, second to last hop is 1.10.10.50
traceroute 1.10.20.15, third to last hop is 1.10.10.1
traceroute 1.10.20.15, second to last hop is 1.10.10.50
By putting this information together we can diagram the network (see the next slide)
T R t A l i
8/8/2019 CEH v5 Module 02 Foot Printing
55/94
EC-Council Copyright by EC-Council All Rights reserved. Reproduction is strictly prohibited
Trace Route Analysis
1.10.10.1Router
1.10.20.15Mail Server
1.10.20.50Firewall
1.10.10.50Firewall
1.10.20.10Web Server
20.20.10.20Bastion Host
DMZ ZONE
Hacker
3D T t
8/8/2019 CEH v5 Module 02 Foot Printing
56/94
EC-Council Copyright by EC-Council All Rights reserved. Reproduction is strictly prohibited
3D Traceroute
3D Traceroute is a full-blown
three-dimensional traceroute
program that allows you to
visually monitor Internet
connectivity
It offers an attractive and fast
loading 3D interface as well as
optional text results
Tool: NeoTrace (Now McAfee Visual
8/8/2019 CEH v5 Module 02 Foot Printing
57/94
EC-Council Copyright by EC-Council All Rights reserved. Reproduction is strictly prohibited
(
Trace)
NeoTrace shows thetraceroute output
visually map view,node view, and IP view
GEOSpider
8/8/2019 CEH v5 Module 02 Foot Printing
58/94
EC-Council Copyright by EC-Council All Rights reserved. Reproduction is strictly prohibited
GEOSpider
GEO Spider helps you todetect, identify andmonitor your network activity on world map
You can see website, IPaddress location on theEarth
GEO Spider can trace ahacker, investigate a website, trace a domainname
Geowhere Footprinting Tool
8/8/2019 CEH v5 Module 02 Foot Printing
59/94
EC-Council Copyright by EC-Council All Rights reserved. Reproduction is strictly prohibited
Geowhere Footprinting Tool
Geowhere handles many popular newsgroups to find answers to yourqueries in an easy and fast manner
Geowhere can also seek information from country specific search enginesfor better results
Use Geowhere to footprint an organization
Newsgroups Search
Mailing list finder Easy Web Search
Daily News
Geowhere Footprinting Tool
8/8/2019 CEH v5 Module 02 Foot Printing
60/94
EC-Council Copyright by EC-Council All Rights reserved. Reproduction is strictly prohibited
Geowhere Footprinting Tool
Tool: Path Analyzer Pro http://vostrom com
8/8/2019 CEH v5 Module 02 Foot Printing
61/94
EC-Council Copyright by EC-Council All Rights reserved. Reproduction is strictly prohibited
Tool: Path Analyzer Pro - http://vostrom.com
Path Analyzer Pro integrates is the world's most advanced route tracingsoftware with performance measurements, DNS, whois, and specializednetwork resolution in footprinting a target network
Research IP addresses, e-mail addresses, and network paths
Pinpoint and troubleshoot network availability and performance issues
Determine what ISP, router, or server is responsible for a network problem Locate firewalls and other filters that may be impacting your connections
Visually analyze a network's path characteristics
Graph protocol latency, jitter and other factors
Trace actual applications and ports, not just IP hops
Generate, print, and expor t a variety of impressive reports
Perform continuous and timed tests with real-time reporting and history
Note: This slide is not in your courseware
Path Analyzer Pro Screenshot
8/8/2019 CEH v5 Module 02 Foot Printing
62/94
EC-Council Copyright by EC-Council All Rights reserved. Reproduction is strictly prohibited
Path Analyzer Pro Screenshot
Note: This slide is not in your courseware
Path Analyzer Pro Screenshot
8/8/2019 CEH v5 Module 02 Foot Printing
63/94
EC-Council Copyright by EC-Council All Rights reserved. Reproduction is strictly prohibited
Path Analyzer Pro Screenshot
Note: This slide is not in your courseware
Path Analyzer Pro Screenshot
8/8/2019 CEH v5 Module 02 Foot Printing
64/94
EC-Council Copyright by EC-Council All Rights reserved. Reproduction is strictly prohibited
Path Analyzer Pro Screenshot
Note: This slide is not in your courseware
Path Analyzer Pro Screenshot
8/8/2019 CEH v5 Module 02 Foot Printing
65/94
EC-Council Copyright by EC-Council All Rights reserved. Reproduction is strictly prohibited
Path Analyzer Pro Screenshot
Note: This slide is not in your courseware
GoogleEarth
8/8/2019 CEH v5 Module 02 Foot Printing
66/94
EC-Council Copyright by EC-Council All Rights reserved. Reproduction is strictly prohibited
GoogleEarth
Google Earth puts aplanet's worth of imagery and other
geographicinformation right on your desktop You can footprint thelocation of a place
using GoogleEarth Valuable tool forHackers
GoogleEarth (Chicago)
8/8/2019 CEH v5 Module 02 Foot Printing
67/94
EC-Council Copyright by EC-Council All Rights reserved. Reproduction is strictly prohibited
GoogleEarth (Chicago)
GoogleEarth Showing Pentagon
8/8/2019 CEH v5 Module 02 Foot Printing
68/94
EC-Council Copyright by EC-Council All Rights reserved. Reproduction is strictly prohibited
g g g
Tool: VisualRoute Trace
8/8/2019 CEH v5 Module 02 Foot Printing
69/94
EC-Council Copyright by EC-Council All Rights reserved. Reproduction is strictly prohibited
www.visualware.com/download/
It shows the connection pathand the places where bottlenecks occur
Kartoo Search Enginekartoo com
8/8/2019 CEH v5 Module 02 Foot Printing
70/94
EC-Council Copyright by EC-Council
All Rights reserved. Reproduction is strictly prohibited
www.kartoo.com
Touchgraph Visual Browserwww touchgraph com
8/8/2019 CEH v5 Module 02 Foot Printing
71/94
EC-Council Copyright by EC-Council
All Rights reserved. Reproduction is strictly prohibited
www.touchgraph.com
Tool: SmartWhois
8/8/2019 CEH v5 Module 02 Foot Printing
72/94
EC-Council Copyright by EC-Council
All Rights reserved. Reproduction is strictly prohibited
http://www.softdepia.com/smartwhois_download _491.html
SmartWhois is a useful network information utility
that allows you to find out all available informationabout an IP address, host name, or domain,including country, state or province, city, name of the network provider, administrator, and technicalsupport contact information
Unlike standard Whois utilities,SmartWhois can find theinformation about a computerlocated in any part of the world,intelligently querying the rightdatabase and delivering all therelated records within a short time
VisualRoute Mail Tracker
8/8/2019 CEH v5 Module 02 Foot Printing
73/94
EC-Council Copyright by EC-Council
All Rights reserved. Reproduction is strictly prohibited
It show s the num ber of hops made an d therespective IP addr esses,the node nam e, location,time zone, and n etwor k
Tool: eMailTrackerPro
8/8/2019 CEH v5 Module 02 Foot Printing
74/94
EC-Council Copyright by EC-Council
All Rights reserved. Reproduction is strictly prohibited
eMailTrackerPro is the emailanalysis tool that enables analysisof an email and its headersautomatically, and providesgraphical results
Tool: Read Notify www readnotify com
8/8/2019 CEH v5 Module 02 Foot Printing
75/94
EC-Council Copyright by EC-Council
All Rights reserved. Reproduction is strictly prohibited
www.readnotify.com
Mail Tracking is a tracking service that allows you to track w hen your m ail wasread, for how long and how m any t imes, and the place from w here the m ail has been po sted. It also records forw ards an d passing of sensitive inform ation (MSOffice for ma t)
HTTrack Web Site Copier
8/8/2019 CEH v5 Module 02 Foot Printing
76/94
EC-Council Copyright by EC-Council
All Rights reserved. Reproduction is strictly prohibited
This tool mirrors anentire website to the
desktop You can footprint thecontents of an entire website locally ratherthan visiting theindividual pages Valuable footprintingtool
Web Ripper Tool
8/8/2019 CEH v5 Module 02 Foot Printing
77/94
EC-CouncilCopyright by EC-Council
All Rights reserved. Reproduction is strictly prohibited
robots.txt
8/8/2019 CEH v5 Module 02 Foot Printing
78/94
EC-CouncilCopyright by EC-Council
All Rights reserved. Reproduction is strictly prohibited
This page located at the root folder holds a list of directories and other resources on a site that the ownerdoes not want to be indexed by search engines
All search engines comply to r o b o t s . t x t You might not want private data and sensitive areas of asite, such as script and binary locations indexed
Robots.txt fileUser-agent: *
Disallow: /cgi-binDisallow: /cgi-perlDisallow: /cgi-store
Website Watcher
8/8/2019 CEH v5 Module 02 Foot Printing
79/94
EC-CouncilCopyright by EC-Council
All Rights reserved. Reproduction is strictly prohibited
Website watchers can be used to get updates on the website
Can be used for competitive advantages
Website Watcher
8/8/2019 CEH v5 Module 02 Foot Printing
80/94
EC-CouncilCopyright by EC-Council
All Rights reserved. Reproduction is strictly prohibited
Website Watcher
8/8/2019 CEH v5 Module 02 Foot Printing
81/94
EC-CouncilCopyright by EC-Council
All Rights reserved. Reproduction is strictly prohibited
Website Watcher
8/8/2019 CEH v5 Module 02 Foot Printing
82/94
EC-CouncilCopyright by EC-Council
All Rights reserved. Reproduction is strictly prohibited
How to Setup a Fake Website?
8/8/2019 CEH v5 Module 02 Foot Printing
83/94
EC-CouncilCopyright by EC-Council
All Rights reserved. Reproduction is strictly prohibited
Mirror the entire website from a target URL Example: www.xsecurity.com
Register a fake domain name which sounds like the real
website Example:
Original website URL: www.xsecurity.com Fake website URL: www.x-security.com
Host the mirrored website into fake URL websiteSend phishing e-mails to victim to the fake website You must continuously update your fake mirror with real website
Real Website
Fake Website
Note: This slide is not in yourcourseware
Website Stealing Tool: Reamweaver
8/8/2019 CEH v5 Module 02 Foot Printing
84/94
EC-CouncilCopyright by EC-Council
All Rights reserved. Reproduction is strictly prohibited
Reamweaver has everything you need toinstantly steal" anyone's website, copying thereal-time "look and feel" but letting youchange any words, images, etc. that you
choose When a visitor visits a page on your stolen(mirrored) website, Reamweaver gets thepage from the target domain, changes the words as you specify, and stores the result
(along with images, etc.) in the fake website With this tool your fake website will alwayslook current, Reamweaver automatically updates the fake mirror when the contentchanges in the original website
Download this tool fromhttp://www.eccouncil.org/cehtools/reamwea ver.zip
Note: This slide is not in yourcourseware
Reamweaver
Automatically updates the mirror copy
Real
Fake
Mirrored Fake Website
8/8/2019 CEH v5 Module 02 Foot Printing
85/94
EC-CouncilCopyright by EC-Council
All Rights reserved. Reproduction is strictly prohibited
Atlanta Credit Union
Note: This slideis not in yourcourseware
E-Mail Spiders
8/8/2019 CEH v5 Module 02 Foot Printing
86/94
EC-CouncilCopyright by EC-Council
All Rights reserved. Reproduction is strictly prohibited
Have you ever wondered how Spammers generate a huge mailingdatabases?
They pick tons of e-mail addresses from searching the Internet
All they need is a web spidering tool picking up e-mail addressesand storing them to a database
If these tools are left running the entire night, they can capture
hundreds of thousands of e-mail addresses
Tools:
Web data Extractor
1st E-mail Address Spider
1st E-mail Address Spider
8/8/2019 CEH v5 Module 02 Foot Printing
87/94
EC-CouncilCopyright by EC-Council
All Rights reserved. Reproduction is strictly prohibited
Power E-mail Collector Tool
8/8/2019 CEH v5 Module 02 Foot Printing
88/94
EC-CouncilCopyright by EC-Council
All Rights reserved. Reproduction is strictly prohibited
Power E-mail Collector is a powerful email address harvesting program
It can collect up to 750,000 unique valid email addresses per hour with aCable/DSL connection
It only collects valid email addresses
You do not have to worry about ending up with undeliverable addresses
How does it work? Just enter a domain that you want to collect email addresses from and press the
start button. The program opens up many simultaneous connections to thedomain and begins collecting addresses
Power E-mail Collector Tool
8/8/2019 CEH v5 Module 02 Foot Printing
89/94
EC-CouncilCopyright by EC-Council
All Rights reserved. Reproduction is strictly prohibited
Brute forced
usernames
Steps to Perform Footprinting
8/8/2019 CEH v5 Module 02 Foot Printing
90/94
EC-CouncilCopyright by EC-Council
All Rights reserved. Reproduction is strictly prohibited
Find companies external and internal URLs
Perform whois lookup for personal details
Extract DNS informationMirror the entire website and look up names
Extract archives of the website
Google search for companys news and press releasesUse people search for personal information of employees
Find the physical location of the web server using the toolNeoTracer
Analyze companys infrastructure details from job postings
Track the email using readnotify.com
What happened next?
8/8/2019 CEH v5 Module 02 Foot Printing
91/94
EC-CouncilCopyright by EC-Council
All Rights reserved. Reproduction is strictly prohibited
Mason footprints Xmachi Inc and gets some critical information which willhelp him in his assault on the notebook manufacturer.
Following is a partial list of information that Mason gathered Domains and Sub Domains
IP address and address range
Contact Details of some employees including the Network Administrator; it
included telephone number, email id, and address
Current Technologies
DNS information
Firewalls
Mason now has enough information to bring down the network of XmachiInc
Summary
8/8/2019 CEH v5 Module 02 Foot Printing
92/94
EC-CouncilCopyright by EC-Council
All Rights reserved. Reproduction is strictly prohibited
Information gathering phase can be categorized broadly into seven
phases
Footprinting renders a unique security profile of a target system
Whois and ARIN can reveal public information of a domain that can
be leveraged furtherTraceroute and mail tracking can be used to target specific IP, and
later for IP spoofing
Nslookup can reveal specific users, and zone transfers can
compromise DNS security
8/8/2019 CEH v5 Module 02 Foot Printing
93/94
EC-CouncilCopyright by EC-Council
All Rights reserved. Reproduction is strictly prohibited
8/8/2019 CEH v5 Module 02 Foot Printing
94/94
EC-CouncilCopyright by EC-Council
All Rights reserved. Reproduction is strictly prohibited