Tech updates which you need in your daily life...

Search This Blog

Sunday, 3 December 2017

Footprinting

FOOTPRINTING   (Part I)





What Is Footprinting?
Footprinting is the first and most convenient way that hackers use to gather information about computer systems and the companies they belong to. The purpose of footprinting to 
learn as much as you can about a system, it's remote access capabilities, its ports and services, and the aspects of   its   
security.
In order to perform a successful hack on a system, it is best to know as much as you can, if not everything, about that system. While there is nary a company in the world that isn't aware of hackers, most companies are now hiring hackers to protect their systems. And since footprinting can be used to attack a system, it can also be used to protect it. If you can find anything out about a system, the company that owns that system, with the right personell, can find out anything they want about you.

Techniques used for footprinting
Ping Sweep
Ping a range of IP addresses to find out which machines are awake.

how to ping?
go cmd type ping (then address)
Eg:  ping 192.168.70.14 or ping www.csice.org


TCP Scans:
Scan ports on machines to see which services are offered. TCP scans
can be performed by scanning a single port on a range of IPs, or by scanning a
range of ports on a single IP. Both techniques yield helpful information.

Open Source Footprinting
Open Source Footprinting is the easiest and safest way to go about finding information about a company. Information that is available to the public, such as phone numbers, addresses, etc. Performing whois requests, searching through DNS tables, and scanning certain IP addresses for open ports, are other forms of open source footprinting. Most of this information is fairly easy to get, and getting it is legal, legal is always good.
Most companies post a shit load of information about themselves on their website. A lot of this information can be very useful to hackers and the companies don't even realize it. It may also be helpful to skim through the webpage's HTML source to look for comments. Comments in HTML code are the equivalent to the small captions under the pictures in high school science books. Some comments found in the HTML can hold small tid-bits of info about the company, otherwise not found anywhere else.
Network Enumeration
Network Enumeration is the process of identifying domain names and associated networks. The process is performing various queries on the many whois databases found on the 
internet. The result is the hacker now having the information needed to attack the system they are learning about. Companies domain names are listed with registrars, and the 
hacker would simply query the registrar to obtain the information they are looking for. The hacker simply needs to know which registrar the company is listed with. There are 
five types of queries which are as follows:
Registrar Query: This query gives information on potential domains matching the 
target.
Organizational Query: This is searching a specific registrar to obtain all instances of the target's name. The results show many different domains associatedwith the company.
Domain Query: A domain query is based off of results found in an organizational query. Using a domain query, you could find the company's address, domain name, administrator and his/her phone number, and the system's domain servers. The administrative contact could be very useful to a hacker as it provides a purpose for a wardialer. This is also where social engineering comes into play. But that's a talk for another time. Many administrators now post false phone numbers to protect themselves from this.
Network Query: The fourth method one could use the American Registry for Internet Numbers is to discover certain blocks owned by a company. It's good to use a broad search here, as well as in the registrar query.
POC Query: This query finds the many IP adresses a machine may have.

DNS Interrogation
After gathering the information needed using the above techniques, a hacker would begin to query the DNS. A common problem with system administrators is allowing untrusted, or worse, unknown users, to perform a DNS Zone Transfer. Many freeware tools can be found on the internet and can be used to perform DNS interrogation. Tools such as nslookup, for PC, and A Gnet Tools, for Mac, are some common programs used for this.
Tools using:
The best tool to get the information about the website is by using whois go to 
To trace an E-MAIL 
eMailTrackerPro : It analyzes the e-mail header and provides the IP Address of the machine that sent the e-mail. This can then be used to track down the sender. This is especially helpful in preventing spamming and spoofing.
To knw where all servers u where connected now 
use the tool : callerip
To trace the path of website
Use    avast internet securtiy-->network utlities
or use  neo trace

DNS Enumeration 
By using sam spade we can do dns in windows
or in cmd : type (nslookup servername)

Part 2 is coming soon