Issuu on Google+

Footprinting and R econnaissance Module

0 2


Ethical Hacking a n d C o u n te rm e a s u re s F o o tp rin tin g a n d R e c o n n a issa n c e

Exam 3 1 2-50 C ertified Ethical H acker

F o o t p r in t in g

a n d

R e c o n n a is s a n c e M o d u le 0 2

E th ic a l H a c k in g a n d C o u n te r m e a s u r e s v 8 M o d u l e 0 2 : F o o t p r i n t i n g a n d R e c o n n a is s a n c e E xa m 3 1 2 -5 0

M o d u le 0 2 P ag e 92

Ethical H acking a n d C o u n te rm e a s u re s C opyright Š by EC-C0UnCil All Rights R eserved. R ep ro d u ctio n is Strictly P ro h ib ite d .


Ethical Hacking a n d C o u n te rm e a s u re s F o o tp rin tin g a n d R e c o n n a issa n c e

S e c u r it y ABO UT US

Exam 3 1 2 -5 0 C ertified Ethical H acker

N e w s

PRO DUCTS

NEWS

F a ceb o ok a 'tre a s u re tro v e ' o f P e rs o n a lly Id e n tifia b le In fo rm a tio n

April 1a 2012

Facebook contains a "treasure trove" of personally identifiable information that hackers manage to get their hands on. A report by Imperva revealed that users' "general personal information" can often include a date of birth, home address and sometimes mother's maiden name, allowing hackers to access this and other websites and applications and create targeted spearphishing campaigns. It detailed a concept I call "friend-mapping", where an attacker can get further knowledge of a user’s circle of friends; having accessed their account and posing as a trusted friend, they can cause mayhem. This can include requesting the transfer of funds and extortion. Asked why Facebook is so important to hackers, Imperva senior security strategist Noa Bar-Yosef said: "People also add work friends on Facebook so a team leader can be identified and this can lead to corporate data being accessed, project work being discussed openly, while geo-location data can be detailed for military intelligence." "Hacktivism made up 58 per cent of attacks in the Verizon Data Breach Intelligence Report, and they are going after information on Facebook that can be used to humiliate a person. All types of attackers have their own techniques."

http://www.scmogazineuk.com

Copyright © by EG-G*ancil. All Rights Reserved. Reproduction Is Strictly Prohibited.

‫״‬ am us u ii

S e c u r ity N e w s ‫״־‬ F a c e b o o k a ,t r e a s u r e t r o v e ‫ ״‬o f P e r s o n a l l y I d e n t i f i a b l e In fo r m a tio n

Source: h ttp ://w w w .scm a ga zin e uk.co m Facebook contains a "treasure tro v e " o f p erson a lly id e n tifia b le in fo rm a tio n th a t hackers manage to get th e ir hands on. A re p o rt by Im perva revealed th a t users' "general personal in fo rm a tio n " can o fte n include a date o f b irth , hom e address and som etim es m o the r's m aiden name, a llow ing hackers to access this and o th e r w ebsites and applications and create targe te d spearphishing campaigns. It detailed a concept I call "frie n d -m a p p in g ", w here an a ttacker can get fu rth e r know ledge o f a user's circle o f friends; having accessed th e ir account and posing as a tru ste d frie n d, th e y can cause m ayhem . This can include requesting the tra n sfe r o f funds and e xto rtio n . Asked w hy Facebook is so im p o rta n t to hackers, Im perva se nior se curity strategist Noa BarYosef said: ‫ ״‬People also add w o rk friends on Facebook so a team leader can be id e n tifie d and this can lead to co rp orate data being accessed, p ro ject w o rk being discussed openly, w hile geolocation data can be detailed fo r m ilita ry intelligence."

M o d u le 0 2 P ag e 93

Ethical H acking a n d C o u n te rm e a s u re s C opyright © by EC-C0UnCil All Rights R eserved. R ep ro d u ctio n is Strictly P ro h ib ite d .


Ethical Hacking a n d C o u n te rm e a s u re s F o o tp rin tin g a n d R e c o n n a issa n c e

Exam 3 1 2 -5 0 C ertified Ethical H acker

"H acktivism made up 58 per cent o f attacks in the V erizon Data Breach Inte llige n ce R eport, and th e y are going a fte r in fo rm a tio n on Facebook th a t can be used to h um ilia te a person. All types o f attackers have th e ir own techniques." On how attackers get a password in the firs t place, Imperva claim ed th a t d iffe re n t keyloggers are used, w hile phishing kits th a t create a fake Facebook login page have been seen, and a m ore p rim itive m ethod is a brute force attack, w here the a ttacker repeatedly a tte m p ts to guess the user's password. In m ore extrem e cases, a Facebook a d m in is tra to rs rights can be accessed. A lthough it said th a t this requires m ore e ffo rt on the hacker side and is n ot as prevalent, it is the "h o ly g ra il" o f attacks as it provides the hacker w ith data on all users. On p ro te ctio n , Bar-Yosef said the ro ll-o u t o f SSL across the w h o le w ebsite, ra the r than ju s t at the login page, was effective, b ut users still needed to o p t in to this.

By Dan Raywood h t t p : / / w w w . s c m a g a z i n e . c o m . a u / F e a t u r e / 2 6 5 0 6 5 , d ig i t i a l - i n v e s t i g a t i o n s - h a v e - m a t u r e d . a s p x

M o d u le 0 2 P ag e 94

Ethical H acking a n d C o u n te rm e a s u re s C opyright Š by EC-C0UnCil All Rights R eserved. R ep ro d u ctio n is Strictly P ro h ib ite d .


Ethical Hacking a n d C o u n te rm e a s u re s F o o tp rin tin g a n d R e c o n n a issa n c e

M o d u le

Exam 3 1 2-50 C ertified Ethical H acker

O b je c t iv e s

J

F o o tp r in tin g T e rm in o lo g y

J

W H O IS F o o tp r in tin g

J

W h a t Is F o o tp r in tin g ?

J

DNS F o o tp r in tin g

J

O b je c tiv e s o f F o o tp r in tin g

J

N e tw o r k F o o tp r in tin g

J

F o o tp r in tin g th r o u g h S ocial

J

F o o tp r in tin g T h re a ts

C E H

E n g in e e rin g

W

J

F o o tp r in tin g th r o u g h S ocial

E m a il F o o tp r in tin g

J

F o o tp r in tin g T ools

J

C o m p e titiv e In te llig e n c e

J

F o o tp r in tin g C o u n te rm e a s u re s

J

F o o tp r in tin g U s in g G o o g le

J

F o o tp r in tin g P en T e s tin g

J

W e b s ite F o o tp r in tin g

J

N e tw o r k in g S ites

Copyright © by EC-G*ancil. All Rights Reserved. Reproduction is Strictly Prohibited.

t t t f

M o d u le

O b je c tiv e s

This m odule w ill make you fam iliarize w ith th e follo w in g : e

F o otp rin tin g Term inologies

©

WHOIS F o otp rin tin g

e

W h a t Is Footprinting?

©

DNS F o otp rin tin g

©

O bjectives o f F o otp rin tin g

©

N e tw o rk F o otp rin tin g

©

F o otp rin tin g Threats

©

F o otp rin tin g throu g h Social

e

F ootp rin tin g throu g h Search Engines

©

W ebsite F ootprinting

©

Email F o otp rin tin g

©

F o otp rin tin g Tools

©

C om petitive Intelligence

©

F o otp rin tin g Counterm easures

©

F o otp rin tin g Using Google

©

F o otp rin tin g Pen Testing

Engineering

M o d u le 0 2 P ag e 9 5

©

F o otp rin tin g throu g h Social N etw orking Sites

Ethical H acking a n d C o u n te rm e a s u re s C opyright © by EC-C0UnCil All Rights R eserved. R ep ro d u ctio n is Strictly P ro h ib ite d .


Ethical Hacking a n d C o u n te rm e a s u re s F o o tp rin tin g a n d R e c o n n a issa n c e

M o d u le

Exam 3 1 2 -5 0 C ertified Ethical H acker

F lo w

Ethical hacking is legal hacking conducted by a p en e tratio n te ste r in o rd er to evaluate the security o f an IT in fra s tru c tu re w ith the perm ission o f an organization. The concept o f ethical hacking cannot be explained or cannot be p erform ed in a single step; th e re fo re , it has been divided in to several steps. F o otp rin tin g is the firs t step in ethical hacking, w here an a ttacker trie s to gather in fo rm a tio n abo u t a target. To help you b e tte r und e rstan d fo o tp rin tin g , it has been d istrib u te d into various sections:

Xj

C J

M o d u le 0 2 P ag e 9 6

F o o tp rin tin g Concepts

[|EJ

F o o tp rin tin g Tools

F o o tp rin tin g Threats

Fo o tPr in t' ng C ounterm easures

F o o tp rin tin g M e th o d o lo g y

F o o tp rin tin g P e n e tra tio n Testing

Ethical H acking a n d C o u n te rm e a s u re s C opyright Š by EC-C0UnCil All Rights R eserved. R ep ro d u ctio n is Strictly P ro h ib ite d .


Ethical Hacking a n d C o u n te rm e a s u re s F o o tp rin tin g a n d R e c o n n a issa n c e

Exam 3 1 2-50 C ertified Ethical H acker

The F o o tp rin tin g Concepts section fam iliarizes you w ith fo o tp rin tin g , fo o tp rin tin g term in o lo g y, w hy fo o tp rin tin g is necessary, and th e objectives o f fo o tp rin tin g .

M o d u le 0 2 P ag e 9 7

Ethical H acking a n d C o u n te rm e a s u re s C opyright Š by EC-C0UnCil All Rights R eserved. R ep ro d u ctio n is Strictly P ro h ib ite d .


Ethical Hacking a n d C o u n te rm e a s u re s F o o tp rin tin g a n d R e c o n n a issa n c e

Exam 3 1 2-50 C ertified Ethical H acker

F o o t p r in t in g T e r m in o lo g y

Open Source or Passive Information Gathering

CEH

Active Information Gathering

Collect inform ation about a target from the publicly accessible sources

Gather inform ation through social engineering on-site visits, interviews, and questionnaires

Anonymous Footprinting

Pseudonymous Footprinting

Gather inform ation from sources where the au thor o f the info rm atio n cannot

Collect inform ation that might be published under a diffe ren t name in

be identified or traced

an attem pt to preserve privacy

Organizational or Private Footprinting

Internet Footprinting

Collect inform ation from an organization's web-based calendar and em ail services

Collect inform ation about a target from the Internet

Copyright © by EC-G*ancil. All Rights Reserved. Reproduction is Strictly Prohibited.

OO ooo —O O

F o o tp r in tin g

T e r m in o lo g y

Before going deep in to the concept, it is im p o rta n t to know th e basic te rm in o lo g y used in fo o tp rin tin g . These term s help you understand the concept o f fo o tp rin tin g and its structures.

!,n'nVn'nVI

O p e n S o u rc e o r P a s s iv e I n f o r m a t io n G a t h e r in g Open source or passive in fo rm a tio n gathering is the easiest way to collect in fo rm a tio n

about the ta rg e t organization. It refers to the process o f gathering in fo rm a tio n fro m the open sources, i.e., publicly available sources. This requires no d ire ct contact w ith the ta rg e t o rg an iza tion . Open sources may include newspapers, television, social n e tw o rkin g sites, blogs, etc. Using these, you can gather in fo rm a tio n such as n e tw o rk boundaries, IP address reachable via the Inte rn e t, operating systems, w eb server so ftw a re used by the ta rg e t n etw o rk, TCP and UDP services in each system, access co n tro l mechanisms, system architecture, in tru sion d etection systems, and so on. A c tiv e I n f o r m a t io n G a th e r in g In active in fo rm a tio n gathering, process attackers m ainly focus on the em ployees o f

M o d u le 0 2 P ag e 9 8

Ethical H acking a n d C o u n te rm e a s u re s C opyright © by EC-C0UnCil All Rights R eserved. R ep ro d u ctio n is Strictly P ro h ib ite d .


Ethical Hacking a n d C o u n te rm e a s u re s F o o tp rin tin g a n d R e c o n n a issa n c e

Exam 3 1 2 -5 0 C ertified Ethical H acker

th e ta rg e t organization. Attackers try to e xtract in fo rm a tio n fro m the em ployees by conducting social engineering: on-site visits, interview s, questionnaires, etc. A n o n y m o u s F o o tp r in tin g This refers to the process o f collecting in fo rm a tio n fro m sources anonym ously so th a t yo ur e ffo rts cannot be traced back to you. <—

—i P s e u d o n y m o u s F o o t p r i n t i n g Pseudonymous fo o tp rin tin g refers to the process o f collecting in fo rm a tio n fro m the

sources th a t have been published on the In te rn e t b ut is n ot d ire ctly linked to the a u th o r's nam e. The in fo rm a tio n may be published under a d iffe re n t name or the a u th o r may have a w ell-established pen name, or the a u th o r may be a co rp orate or gove rn m e n t official and be p ro h ib ite d fro m posting under his or her original nam e. Irrespective o f the reason fo r hiding the a uth or's name, collecting in fo rm a tio n fro m such sources is called pseudonym ous. r

*s

V

t

4

THI

4

4•

O r g a n iz a t io n a l o r P r iv a te F o o t p r in t in g Private f o o tp r in t" " in g involves collecting in fo rm a tio n fro m an organization's w e b based calendar and em ail services. |

|

I n te r n e t F o o tp r in tin g In te rn e t fo o tp rin tin g refers to the process o f collecting in fo rm a tio n o f th e ta rg e t

organization's connections to the Internet.

M o d u le 0 2 P ag e 9 9

Ethical H acking a n d C o u n te rm e a s u re s C opyright © by EC-C0UnCil All Rights R eserved. R ep ro d u ctio n is Strictly P ro h ib ite d .


Ethical Hacking a n d C o u n te rm e a s u re s F o o tp rin tin g a n d R e c o n n a issa n c e

W

Exam 3 1 2 -5 0 C ertified Ethical H acker

h a t I s

F o o t p r in t in g ?

|

F o o tp r in tin g is th e p ro c e s s o f c o lle c tin g as m u c h in fo r m a t io n as p o s s ib le a b o u t a ta r g e t n e tw o r k , f o r id e n tify in g v a rio u s w a y s to in tr u d e in to an o r g a n iz a tio n 's n e t w o r k s y s te m

Process involved in Footprinting a Target

©

D eterm ine th e op eratin g system

Collect basic in fo rm a tio n about th e target and its n e tw o rk

P erform techniques such as W hois, DNS, n e tw o rk and organizational queries

used, pla tfo rm s running , w eb server versions, etc.

di i iH a

a f, ‫ י‬a a ■

©

Find vuln e ra b ilitie s and exploits fo r launching attacks

Copyright © by EC-G*ancil. All Rights Reserved. Reproduction is Strictly Prohibited.

W h a t Is F o o tp r in tin g ? F o otprinting, the firs t step in ethical hacking, refers to the process o f collecting in fo rm a tio n about a ta rg e t n e tw o rk and its environ m e n t. Using fo o tp rin tin g you can find various ways to in tru d e in to th e ta rg e t organization's n e tw o rk system. It is considered ‫ ״‬m e th o d o lo g ic a l" because critical in fo rm a tio n is sought based on a previous discovery. Once you begin the fo o tp rin tin g process in a m ethodological m anner, you w ill obtain the b lu e p rin t o f the security p ro file o f the ta rg e t organization. Here the te rm "b lu e p rin t" is used because the result th a t you get at the end o f fo o tp rin tin g refers to the unique system p ro file of the ta rg e t organization. There is no single m etho d olog y fo r fo o tp rin tin g as you can trace in fo rm a tio n in several routes. However, this a ctivity is im p o rta n t as all crucial in fo rm a tio n needs to be gathered before you begin hacking. Hence, you should carry o u t the fo o tp rin tin g precisely and in an organized m anner. You can collect in fo rm a tio n about the ta rg e t organization throu g h the means o f fo o tp rin tin g in fo u r steps: 1.

Collect basic in fo rm a tio n about the ta rg e t and its n e tw o rk

2.

D eterm ine the operating system used, p latform s running, w eb server versions, etc.

M o d u le 0 2 P ag e 100

Ethical H acking a n d C o u n te rm e a s u re s C opyright © by EC-C0UnCil All Rights R eserved. R ep ro d u ctio n is Strictly P ro h ib ite d .


Ethical Hacking a n d C o u n te rm e a s u re s F o o tp rin tin g a n d R e c o n n a issa n c e

Exam 3 1 2 -5 0 C ertified Ethical H acker

3.

Perform techniques such as W hois, DNS, n e tw o rk and organizational queries

4.

Find vu ln era b ilitie s and exploits fo r launching attacks

F urtherm ore, we w ill discuss how to collect basic in fo rm a tio n , d e te rm in e ope ra tin g system o f ta rg e t co m puter, p la tfo rm s running, and w eb server versions, various m ethods o f fo o tp rin tin g , and how to find and e x p lo it v u ln e ra b ilitie s in detail.

M o d u le 0 2 P ag e 101

Ethical H acking a n d C o u n te rm e a s u re s C opyright Š by EC-C0UnCil All Rights R eserved. R ep ro d u ctio n is Strictly P ro h ib ite d .


Ethical Hacking a n d C o u n te rm e a s u re s F o o tp rin tin g a n d R e c o n n a issa n c e

W

h y

Exam 3 1 2 -5 0 C ertified Ethical H acker

F o o t p r in t in g ?

C E H Urti*W

I'n'n'r'n'n'

itkM l lUckw

W h y F o o tp r in tin g ? For attackers to build a hacking strategy, th e y need to gather in fo rm a tio n about the

ta rg e t organization's n etw o rk, so th a t th e y can find the easiest way to break in to the o rg a n iza tio n 's se curity p e rim e te r. As m en tion e d previously, fo o tp rin tin g is the easiest way to gather in fo rm a tio n abo u t the ta rg e t organization; this plays a vital role in the hacking process. F o o tp rin tin g helps to : •

K now S ecurity Posture

P erform ing fo o tp rin tin g on the ta rg e t organization in a system atic and m ethodical m anner gives the com plete p ro file o f the organization's security posture. You can analyze this re p o rt to figure o u t loopholes in the security posture o f yo u r ta rg e t organization and the n you can build y o u r hacking plan accordingly. •

Reduce A tta ck Area

By using a com bination o f too ls and techniques, attackers can take an unknow n e n tity (for exam ple XYZ O rganization) and reduce it to a specific range o f dom ain names, n e tw o rk blocks, and individual IP addresses o f systems d ire ctly connected to the Inte rn e t, as w ell as m any o th e r details pertaining to its se curity posture. Build In fo rm a tio n Database M o d u le 0 2 P ag e 102

Ethical H acking a n d C o u n te rm e a s u re s C opyright © by EC-C0UnCil All Rights R eserved. R ep ro d u ctio n is Strictly P ro h ib ite d .


Ethical Hacking a n d C o u n te rm e a s u re s F o o tp rin tin g a n d R e c o n n a issa n c e

A detailed

fo o tp rin t

Exam 3 1 2 -5 0 C ertified Ethical H acker

provides

m axim um

in fo rm a tio n

about the

ta rg e t organization.

A ttackers can build th e ir ow n in fo rm a tio n database about security weakness o f the targe t organization. This database can then be analyzed to find the easiest way to break in to the organization's security p erim eter. â&#x20AC;˘

D raw N e tw o rk M ap

C om bining fo o tp rin tin g techniques w ith too ls such as Tracert allows the a ttacker to create n e tw o rk diagrams o f the ta rg e t organization's n e tw o rk presence. This n e tw o rk map represents th e ir understanding o f the ta rg e ts In te rn e t fo o tp rin t. These n e tw o rk diagrams can guide the attack.

M o d u le 0 2 P ag e 103

Ethical H acking a n d C o u n te rm e a s u re s C opyright Š by EC-C0UnCil All Rights R eserved. R ep ro d u ctio n is Strictly P ro h ib ite d .


Ethical Hacking a n d C o u n te rm e a s u re s F o o tp rin tin g a n d R e c o n n a issa n c e

Exam 3 1 2-50 C ertified Ethical H acker

O b je c t iv e s

O

O

Collect Network Information

1v Collect System Information

C E H

0

Domain name

‫׳‬-* Networking protocols

0

Internal domain names

0

VPN Points

0 0

Network blocks IP addresses of the reachable systems

0 0

ACLs IDSes running

0

Rogue websites/private websites

0

Analog/digital telephone numbers

0

TCP and UDP services running

0

Authentication mechanisms

0

Access control Mechanisms and ACL's

tf

System Enumeration

‫ג‬

U s e r a n d g ro u p n a m e s

‫־‬

S y ste m a rc h ite c tu re

*

S y ste m b a n n e rs

*

R e m o te s y ste m ty p e

R o u tin g ta b le s

S y ste m n a m e s

:

S N M P in fo r m a tio n

:

P a s s w o rd s

0

Employee details

0

Comments in HTML source code

0 0

Collect Organization’s Information

o f F o o t p r in t in g

Organization's website Company directory

0

Location details

0

Address and phone numbers

0

Security policies implemented

0

Web server links relevant to the organization

0

Background of the organization

0

News articles/press releases

Copyright © by EC-G*ancil. All Rights Reserved. Reproduction is Strictly Prohibited.

O b je c tiv e s o f F o o t p r in t in g The

m ajor

in fo rm a tio n ,

system

objectives

o f fo o tp rin tin g

in fo rm a tio n ,

and

the

include

collecting

organizational

the

in fo rm a tio n .

ta rg e t's

n e tw o rk

By carrying

o ut

fo o tp rin tin g at various n e tw o rk levels, you can gain in fo rm a tio n such as: n e tw o rk blocks, n e tw o rk services and applications, system a rchitecture, intrusion d ete ction systems, specific IP addresses, and access co n tro l mechanisms. W ith fo o tp rin tin g , in fo rm a tio n such as em ployee names, phone num bers, contact addresses, designation, and w o rk experience, and so on can also be obtained. C o lle c t N e tw o r k I n f o r m a t io n The n e tw o rk in fo rm a tio n can be gathered by p erfo rm ing a W hois database analysis, trace ro u tin g , etc. includes: Q

Domain name

Q

Internal dom ain names

Q

N e tw o rk blocks

©

IP addresses o f the reachable systems

-‫י‬

Rogue w e b site s/p riva te w ebsites

M o d u le 0 2 P ag e 104

Ethical H acking a n d C o u n te rm e a s u re s C opyright © by EC-COUIICil All Rights R eserved. R ep ro d u ctio n is Strictly P ro h ib ite d .


Ethical H acking a n d C o u n te rm e a s u re s F o o tp rin tin g a n d R e c o n n a issa n c e

Q

TCP and UDP services running

©

Access co n tro l mechanisms and ACLs

©

N e tw orking protocols

©

VPN points

Q

ACLs

9

IDSes running

©

A na lo g /d ig ita l telephone num bers

©

A u th e n tica tio n mechanisms

©

System e nu m eration

Exam 3 1 2-50 C ertified Ethical H acker

C o lle c t S y s te m I n f o r m a t io n

Q

User and group names

©

System banners

Q

Routing tables

Q

SNMP in fo rm a tio n

©

System arch itectu re

©

Remote system type

Q

System names

Q

Passwords

C o lle c t O r g a n iz a t io n ’ s I n f o r m a t io n Q

Employee details

Q

O rganization's w ebsite

Q

Company d ire cto ry

Q

Location details

Q

Address and phone num bers

Q

Com m ents in HTML source code

Q

Security policies im p lem ented

Q

W eb server links relevant to the organization

©

Background o f the organization

U

News articles/press releases

M o d u le 0 2 P ag e 105

Ethical H acking a n d C o u n te rm e a s u re s C opyright © by EC-C0UltCil All Rights R eserved. R ep ro d u ctio n is Strictly P ro h ib ite d .


Ethical Hacking a n d C o u n te rm e a s u re s F o o tp rin tin g a n d R e c o n n a issa n c e

M o d u le

Exam 3 1 2 -5 0 C ertified Ethical H acker

F lo w

So far, we discussed fo o tp rin tin g concepts, and now we w ill discuss the threa ts associated w ith fo o tp rin tin g :

‫ף‬

F o o tp rin tin g Concepts

F o o tp rin tin g Tools

F o o tp rin tin g C ounterm easures

o ‫ ר‬F o o tp rin tin g Threats

O L)

F o o tp rin tin g M e th o d o lo g y

xi ‫?* ר‬

F o o tp rin tin g P e n e tra tio n Testing

The F ootp rin tin g Threats section fam iliarizes you w ith the threa ts associated w ith fo o tp rin tin g such

as

social

M o d u le 0 2 P ag e 106

engineering,

system

and

n e tw o rk

attacks,

corporate

espionage,

etc.

Ethical H acking a n d C o u n te rm e a s u re s C opyright © by EC-C0UnCil All Rights R eserved. R ep ro d u ctio n is Strictly P ro h ib ite d .


Ethical Hacking a n d C o u n te rm e a s u re s F o o tp rin tin g a n d R e c o n n a issa n c e

Exam 3 1 2 -5 0 C ertified Ethical H acker

F o o t p r in t in g

J

T h r e a ts

A tta c k e rs g a th e r v a lu a b le s y s te m a n d n e tw o r k in fo r m a t io n su ch as a c c o u n t d e ta ils , o p e r a tin g s y s te m a n d in s ta lle d a p p lic a tio n s , n e tw o r k c o m p o n e n ts , s e rv e r n a m e s , d a ta b a s e s c h e m a d e ta ils , e tc . fr o m f o o t p r in t in g te c h n iq u e s

Types off T h re a ts

I n f o r m a t io n

P riv a c y

C o rp o ra te

B u s in e s s

L e a ka g e

Loss

E s p io n a g e

Loss

J .

J

Copyright © by EG-G*ancil. All Rights Reserved. Reproduction is Strictly Prohibited.

F o o tp r in tin g

T h re a ts

‫ם‬-0-‫ם‬ As discussed previously, attackers p erfo rm fo o tp rin tin g as the firs t step in an a tte m p t to hack a ta rg e t o rg an iza tion . In the fo o tp rin tin g phase, attackers try to collect valuable system level in fo rm a tio n such as account details, operating system and o th e r so ftw a re versions, server names, and database schema details th a t w ill be useful in the hacking process. The fo llo w in g are various threa ts due to fo o tp rin tin g : S o c ia l E n g in e e r in g W ith o u t

using

any

intrusion

m ethods,

hackers

d ire ctly

and

in d ire ctly

collect

in fo rm a tio n throu g h persuasion and various o th e r means. Here, crucial in fo rm a tio n is gathered by th e hackers throu g h em ployees w ith o u t th e ir consent.

©J

S y s te m a n d N e tw o r k A tta c k s F ootp rin tin g helps an a ttacker to p erfo rm system and n e tw o rk attacks. Through

fo o tp rin tin g , a ttackers can g ath er in fo rm a tio n related to the ta rg e t organization's system co nfig u ra tion , operating system running on the m achine, and so on. Using this in fo rm a tio n , attackers can find the vu ln era b ilitie s present in the ta rg e t system and then can exploit those

M o d u le 02 P ag e 107

Ethical H acking a n d C o u n te rm e a s u re s C opyright © by EC-C0UnCil All Rights R eserved. R ep ro d u ctio n is Strictly P ro h ib ite d .


Ethical Hacking a n d C o u n te rm e a s u re s F o o tp rin tin g a n d R e c o n n a issa n c e

Exam 3 1 2 -5 0 C ertified Ethical H acker

v u ln e ra b ilitie s . Thus, attackers can take co ntro l over a ta rg e t system. Sim ilarly, attackers can also take co n tro l over the e ntire n etw o rk.

&p a » ,

In fo r m a tio n L e a k a g e

L 3 3

In fo rm a tio n leakage can be a great th re a t to any organization and is o fte n overlooked.

If sensitive organizational in fo rm a tio n falls in to the hands o f attackers, then th e y can build an attack plan based on the in fo rm a tio n , o r use it fo r m o n e ta ry benefits. G P ‫—יי‬

P r iv a c y L

o s s

‫ ׳‬W ith the help o f fo o tp rin tin g , hackers are able to access the systems and netw orks o f

the com pany and even escalate the privileges up to adm in levels. W h a te ve r privacy was m aintained by the com pany is co m p lete ly lost. C o r p o r a t e E s p io n a g e C orporate espionage is one o f the m ajor threa ts to com panies as co m p e tito rs can spy and a tte m p t to steal sensitive data th ro u g h fo o tp rin tin g . Due to this type o f espionage, co m p e tito rs are able to launch sim ilar products in the m arket, affecting the m arket position o f a com pany. B u s in e s s L o s s F o otp rin tin g has a m ajor e ffe ct on businesses such as online businesses and o th e r ecom m erce w ebsites, banking and financial related businesses, etc. Billions o f dollars are lost every year due to m alicious attacks by hackers.

M o d u le 0 2 P ag e 108

Ethical H acking a n d C o u n te rm e a s u re s C opyright © by EC-C0UnCil All Rights R eserved. R ep ro d u ctio n is Strictly P ro h ib ite d .


Ethical Hacking a n d C o u n te rm e a s u re s F o o tp rin tin g a n d R e c o n n a issa n c e

M o d u le

Exam 3 1 2-50 C ertified Ethical H acker

F lo w

Now th a t you are fa m ilia r w ith fo o tp rin tin g concepts and threats, we w ill discuss the fo o tp rin tin g m ethodology. The fo o tp rin tin g m e thodology section discusses various techniques used to collect in fo rm a tio n about the ta rg e t o rg a n iza tio n fro m d iffe re n t sources.

x

F o o tp rin tin g Concepts

‫ן־דיןן‬

F o o tp rin tin g Threats

G O

M o d u le 0 2 P ag e 109

F o o tp rin tin g M e th o d o lo g y

F o o tp rin tin g Tools

F o o tp rin tin g C ounterm easures

v!

F o o tp rin tin g P e n e tra tio n Testing

Ethical H acking a n d C o u n te rm e a s u re s C opyright © by EC-C0UnCil All Rights R eserved. R ep ro d u ctio n is Strictly P ro h ib ite d .


Ethical Hacking a n d C o u n te rm e a s u re s F o o tp rin tin g a n d R e c o n n a issa n c e

Exam 3 1 2 -5 0 C ertified Ethical H acker

F o o t p r in t in g M e t h o d o lo g y

Footprinting through Search Engines

WHOIS Footprinting

Website Footprinting

DNS Footprinting

Email Footprinting

Network Footprinting

Competitive Intelligence

Footprinting through Social Engineering

Footprinting using Google

Footprinting through Social Networking Sites

E H

Copyright © by EG-G*ancil. All Rights Reserved. Reproduction is Strictly Prohibited.

I— ^ F o o tp r in tin g

M e th o d o lo g y

The fo o tp rin tin g m etho d olog y is a procedural way o f co lle ctin g in fo rm a tio n about a ta rg e t organization fro m all available sources. It deals w ith gathering in fo rm a tio n abo u t a targe t organization,

d e te rm in in g URL, location, establishm ent details, num ber o f em ployees, the

specific range o f dom ain names, and contact in fo rm a tio n . This in fo rm a tio n can be gathered fro m various sources such as search engines, W hois databases, etc. Search engines are the main in fo rm a tio n sources w here you can find valuable in fo rm a tio n about y o u r ta rg e t o rg an iza tion . Therefore, firs t we w ill discuss fo o tp rin tin g throu g h search engines. Here we are going to discuss how and w h a t in fo rm a tio n we can collect throu g h search engines. Examples o f search engines include: w w w .g o o g le .c o m ,w w w .y a h o o .c o m ,w w w .bing.com

M o d u le 0 2 P ag e 110

Ethical H acking a n d C o u n te rm e a s u re s C opyright © by EC-C0UnCil All Rights R eserved. R ep ro d u ctio n is Strictly P ro h ib ite d .


Ethical Hacking a n d C o u n te rm e a s u re s F o o tp rin tin g a n d R e c o n n a issa n c e

F o o tp r in tin g

Exam 3 1 2 -5 0 C ertified Ethical H acker

th ro u g h

S e a rc h

E n g in e s

A tta cke rs use search e n gines to e x tra c t in fo rm a tio n a b o u t a ta r g e t such as te c h n o lo g y p la tfo rm s , e m p lo y e e de ta ils, login pages, in tra n e t p o rta ls , etc. w h ic h

Microsoft »0aMus•»»!*•>>**•rcicspthi Mciim*Cxivxaco MC.rr 1nmAnmw

helps in p e rfo rm in g social e n g in e e rin g and

M icrosoft

o th e r ty p e s o f ad vanced system a ttacks ndP»>bur*, Ajn4 1V:

J

■ MCDMTzerperator

nth■

Search e n g in e cache m a y p ro v id e s e n s itiv e i1m:amiiwm 1yw<n•wm ■MiMSOOS<11Mr*& IIMl tv|h*tiV.row*Midm Int 31aptntnj

in fo rm a tio n th a t has been re m o v e d fro m

11bM-nar«'MI*1he•hut tot• crtMdan■MmjMhiM trfQur•* *rtV/Kti *1mMarot* •‫«»>»*״‬ Snc. in• 1*101 11• <pnu>V'‫• «׳‬tn«w •-••‫* אי‬an s* ‫יי‬

th e W o rld W id e W eb (W W W )

F o o tp r in tin g th r o u g h

S e a r c h E n g in e s

w , -----

A w eb search engine is designed to search fo r in fo rm a tio n on the W orld W ide W eb. The search results are generally presented in a line o f results o fte n referred to as search engine results pages (SERPs). In the present w o rld , many search engines a llo w you to e xtract a ta rg e t organization's in fo rm a tio n such as technology platform s, em ployee details, login pages, in tra n e t portals, and so on. Using this in fo rm a tio n , an a ttacker may build a hacking stra teg y to break in to the ta rg e t organization's n e tw o rk and may carry o u t o th e r types o f advanced system attacks. A Google search could reveal submissions to forum s by security personnel th a t reveal brands o f fire w a lls or a n tiviru s s o ftw a re in use at the target. Som etim es even n e tw o rk diagrams are fou n d th a t can guide an attack. If you w a n t to fo o tp rin t the ta rg e t organization, fo r exam ple XYZ pvt ltd, the n type XYZ pvt ltd in the Search box o f the search engine and press Enter. This w ill display all the search results containing the keywords "XYZ pvt ltd ." You can even n arro w dow n the results by adding a specific keyw ord w h ile searching. Furtherm ore, we w ill discuss o th e r fo o tp rin tin g tech n iq ue s such as w ebsite fo o tp rin tin g and em ail Footprinting. For exam ple, consider an organization, perhaps M icroso ft. Type M icro so ft in the Search box o f a search engine and press Enter; this w ill display all the results containing in fo rm a tio n about M icroso ft. Browsing the results may provide critical in fo rm a tio n such as physical lo ca tion ,

M o d u le 0 2 P ag e 111

Ethical H acking a n d C o u n te rm e a s u re s C opyright © by EC-C0UnCil All Rights R eserved. R ep ro d u ctio n is Strictly P ro h ib ite d .


Ethical Hacking a n d C o u n te rm e a s u re s F o o tp rin tin g a n d R e c o n n a issa n c e

Exam 3 1 2 -5 0 C ertified Ethical H acker

co nta ct address, the services o ffered, n um ber o f em ployees, etc. th a t may prove to be a valuable source fo r hacking. O © wcbcachc.googleusercontent.com

scarch?q-cache:ARbFVg INvoJ:cn.wikipcdia.org/wiki/Micn &

,‫|ן‬

This is Google's cache of http i/e n wikipedia 0rgAviki/Microsoft t is a snapshot of the page as it appeared on 17 Jul 2012 13:15:03 GMT The current page could have changed in the meantirre Learn more Text-only /ersicn

Create account & Log in

Read

View source

View history

Microsoft - 47'38*22 55‫״‬N 122‘74242‫־‬W

From Wikipedia. the free encyclopedia

Main page Contents Featured content Current events Random artide Donate to vviKipeaia Interaction

Help About Wikipedia Community portal Recent changes Contact Wikipedia

► Print/export ▼ Languages

Microsoft Corporation (NASDAQ: MSFTt? ) is ar American multinational corporation headquartered n ReJrrond. Washington. United States that develops, manufactures licenses, and supports a wide range cf products ard services rolatod to computing. Tho company was foundoc by Bill Gatos and Paul Allen on Apr J 4. 1975. Microsoft is the world's largest software corporation measured by revenues Microsoft was established to develop and sell BASC inteipieteis foi the Altai! 8800 II rose 1 0 dominate the home computer operating system market wth MS-OOS n the mid• 1980s followed by the Microsoft Wndows line of operating systems The company’s 1986 initial public oferng. and subsequent rise in the share price, created ar estimated three billionaires and 12.000 millionaires from Microsoft employees Since the 1990s. the company has increasingly dr\ersrf1 ed from the operating system market. In May 2011 Microsoft acquired Skype for $8 5 billion in its largest acquisition to date PI

Microsort corporation M

ic r o s o f t ‫׳‬

Type

Rjblc

Traded as

NASDAQ: MSFT ^ SEHK: 4333 (£> Cow Jones Industrial Average component NASDAQ-100 component S&P50D component

Induttry

Computer tofiwar• Onlir• t#rvic♦• Video gorroo

Founded

Albuquerque, New Mexico, United States (April 4,1975)

Founder(•)

Bill Gates, Paul Alien

Headquarters Microsoft Redmond Campts,

FIGURE 2 .1 : S c re e n s h o t s h o w in g in fo r m a tio n a b o u t M ic ro s o ft

As an ethical hacker, if you find any sensitive in fo rm a tio n o f yo u r com pany in the search engine result pages, you should

rem ove th a t in fo rm a tio n . A lthough you

rem ove the sensitive

in fo rm a tio n , it may still be available in a search engine cache. Therefore, you should also check the search engine cache to ensure th a t the sensitive data is rem oved p e rm a n e n tly.

M o d u le 0 2 P ag e 112

Ethical H acking a n d C o u n te rm e a s u re s C opyright © by EC-C0UnCil All Rights R eserved. R ep ro d u ctio n is Strictly P ro h ib ite d .


Ethical Hacking a n d C o u n te rm e a s u re s F o o tp rin tin g a n d R e c o n n a issa n c e

F in d in g

Exam 3 1 2-50 C ertified Ethical H acker

C o m p a n y ’s E x t e r n a l a n d C E H

In te rn a l U R L s

Tools to Search Internal URLs

Search fo r th e ta rg e t com pany's exte rna l URL in a search engine such as Google o r Bing Interna l URLs pro v id e an in sig h t in to d iffe re n t d e p a rtm e n ts and business u n its in

5

h ttp ://n e w s .n e tc ra ft.c o m

6

h ttp ://w w w .w e b m a ste r-a .c o m / lin k -e x tra c to r-in te rn a l.p h p

an organization You m ay fin d an in te rn a l com pany's URL by tria l and e rro r m e th o d

A Internal URL’s of microsoft.com t)

su p p o rt.m ic ro so ft.c o m

e

o ffic e .m ic ro so ft.c o m

s

se a rc h .m ic ro so ft.c o m

0

m sd n .m ic ro so ft.c o m

O u p d a te .m ic ro so ft.co m 6

tech n et.m ic ro so ft.co m

0

w in d o w s.m icro so ft.co m

f j ^

,

Copyright © by EG-G(IIIICil. All Rights Reserved. Reproduction is Strictly Prohibited.

F in d in g

C o m p a n y ’s E x te rn a l a n d In te r n a l U R L s

A com pany's external and internal URLs provide a lo t o f useful in fo rm a tio n to the attacker. These URLs describe the com pany and provide details such as the com pany mission and vision, history, products or services o ffered, etc. The URL th a t is used o u tsid e th e co rp o ra te n e tw o rk fo r accessing the com pany's vault server via a fire w a ll is called an external URL. It links d ire ctly to the com pany's external w eb page. The ta rg e t com pany's external URL can be dete rm ine d w ith the help o f search engines such as Google o r Bing. If you w a n t to find the external URL o f a com pany, fo llo w these steps: 1.

Open any o f the search engines, such as Google or Bing.

2.

Type th e name o f the ta rg e t com pany in the Search box and press Enter.

The in terna l URL is used fo r accessing the com pany's va ult server d ire ctly inside th e corporate n etw o rk. The in terna l URL helps to access the internal fun ctio ns o f a com pany. M ost companies use com m on fo rm a ts fo r in terna l URLs. Therefore, if you know th e e xte rn a l URL o f a com pany, you can p redict an in terna l URL throu g h tria l and error. These in terna l URLs provide insight into d iffe re n t d ep a rtm e nts and business units in an organization. You can also find the in terna l URLs o f an organization using tools such as netcraft. Tools to Search In te rn a l URLs

M o d u le 0 2 P ag e 113

Ethical H acking a n d C o u n te rm e a s u re s C opyright © by EC-C0UnCil All Rights R eserved. R ep ro d u ctio n is Strictly P ro h ib ite d .


Ethical Hacking a n d C o u n te rm e a s u re s F o o tp rin tin g a n d R e c o n n a issa n c e

Exam 3 1 2 -5 0 C ertified Ethical H acker

N e tc ra ft Source: h ttp ://n e w s .n e tc ra ft.c o m N e tcra ft deals w ith w eb server, w eb hosting m arke t-sh are analysis, and operating system d ete ction . It provides free anti-phishing to o lb a r (Net cra ft to o lb a r) fo r Firefox as w ell as In te rn e t Explorer browsers. The n etcra ft to o lb a r avoids phishing attacks and p rotects the In te rn e t users fro m fraudsters. It checks th e risk rate as w ell as the hosting location o f the w ebsites we visit. L in k E x tra c to r Source: h ttp ://w w w .w e b m a s te r-a .c o m /lin k -e x tra c to r-in te rn a l.p h p Link E xtractor is a link extraction u tility th a t allows you to choose betw een external and internal URLs, and w ill re turn a plain list o f URLs linked to or an h tm l list. You can use this u tility to c o m p e tito r sites. Examples o f in te rn a l URLs o f m icro so ft.co m : ©

su pp o rt.m icro so ft.co m

©

o ffice .m icroso ft.co m

©

search.m icrosoft.com

©

m sdn.m icrosoft.com

©

u pd ate.m icrosoft.com

©

tech n e t.m icro so ft.co m

©

w in d ow s.m icro so ft.co m

M o d u le 0 2 P ag e 114

Ethical H acking a n d C o u n te rm e a s u re s C opyright © by EC-C0UnCil All Rights R eserved. R ep ro d u ctio n is Strictly P ro h ib ite d .


Ethical Hacking a n d C o u n te rm e a s u re s F o o tp rin tin g a n d R e c o n n a issa n c e

Exam 3 1 2 -5 0 C ertified Ethical H acker

P u b lic a n d R e s t r ic t e d W e b s it e s

C E H Urt1fw4

ilh iu l lUtbM

WelcometoMicrosoft Irocua

Dt+noaSz

Sicuity Stifpcrt Su

http://www.microsoft.com

Public Website

http://offlce.microsoft.com

http://answers.microsoft.com

R estricted Website Copyright © by EG-G(IIIICil. All Rights Reserved. Reproduction is Strictly Prohibited.

P u b lic

a n d R e s t r ic t e d W e b s ite s

—___ , A public w ebsite is a w ebsite designed to show the presence o f an organization on the Inte rn e t. It is designed to a ttra c t custom ers and p artners. It contains in fo rm a tio n such as com pany history, services and products, and contact in fo rm a tio n o f the organization. The fo llo w in g screenshot is an exam ple o f a public w ebsite: Source: h ttp ://w w w .m ic ro s o ft.c o m

M o d u le 0 2 P ag e 115

Ethical H acking a n d C o u n te rm e a s u re s C opyright © by EC-C0UnCil All Rights R eserved. R ep ro d u ctio n is Strictly P ro h ib ite d .


Ethical Hacking a n d C o u n te rm e a s u re s F o o tp rin tin g a n d R e c o n n a issa n c e

Exam 3 1 2 -5 0 C ertified Ethical H acker

FIGURE 2 .2 : A n e x a m p le o f p u b lic w e b s ite

A restricted w ebsite is a w ebsite th a t is available to only a fe w people. The people may be em ployees o f an organization, m em bers o f a d ep a rtm e n t, etc. R estrictions can be applied based on the IP num ber, dom ain or subnet, username, and password. Restricted

or

private

w ebsites

of

m icrosoft.com

include:

h ttp ://te c h n e t.m ic ro s o ft.c o m ,

h ttp ://w in d o w s .m ic ro s o ft.c o m , h ttp ://o ffic e .m ic ro s o ft.c o m , and h ttp ://a n s w e rs .m ic ro s o ft.c o m .

M o d u le 0 2 P ag e 116

Ethical H acking a n d C o u n te rm e a s u re s C opyright Š by EC-C0UnCil All Rights R eserved. R ep ro d u ctio n is Strictly P ro h ib ite d .


Ethical Hacking a n d C o u n te rm e a s u re s F o o tp rin tin g a n d R e c o n n a issa n c e

4‫־‬

C

Exam 3 1 2-50 C ertified Ethical H acker

Hc*w*OT*<r©10‫״‬U0*n

M icrosoft |TechNet Wi*• I TKMCINfMS

IVMUAIIOM

iMMI

IK

fVINIl

.<*<»%

Supl**•'

U*VKTU*I%

<

IKHM lM kOC

Discover the New Office for IT Prc ‫י י » *זי‬0*

|(«4a> tNc«r

iecK ew r Shw1»ew1 » 1 >•

I Tc<»C«mer Ntw Office 10*IT*tot

IW ftM T IjcMno« W I *o

I V^* < jq *o‫ ׳‬S«e 0*Ve X i l n t e w

I«K «‫*׳‬er

bcneJO Il ‫י‬

E ZESZ1

N BO U n

lUMOtt

■WACtt

U V f jm

MW—.0*01

Welcome to Office

F - .

ML

i

with Office

365

FIGURE 2 .3 : E xam p le s o f P u b lic a n d R e s tric te d w e b s ite s

M o d u le 0 2 P ag e 117

Ethical H acking a n d C o u n te rm e a s u re s C opyright © by EC-C0UnCil All Rights R eserved. R ep ro d u ctio n is Strictly P ro h ib ite d .


Ethical Hacking a n d C o u n te rm e a s u re s F o o tp rin tin g a n d R e c o n n a issa n c e

C

o lle c t

Exam 3 1 2 -5 0 C ertified Ethical H acker

L o c a tio n

I n f o r m

a t io n

C E H

Use Google Earth tool to get the location of the place

C o lle c t L o c a tio n I n f o r m a t io n In fo rm a tio n such as physical location o f the organization plays a vital role in the hacking process. This in fo rm a tio n can be obtained using the fo o tp rin tin g technique. In a ddition to physical location, we can also collect in fo rm a tio n such as surrounding public Wi-Fi hotspots th a t may prove to be a way to break in to th e ta rg e t o rg a n iza tio n 's n e tw o rk . A ttackers w ith the know ledge o f a ta rg e t organization's location may a tte m p t d um pste r diving, surveillance, social engineering, and o th e r non-technical attacks to

gather much

m ore

in fo rm a tio n abo u t the ta rg e t organization. Once the location o f the ta rg e t is know n, detailed sa tellite images o f the location can be obtained using various sources available on the In te rn e t such as h ttp ://w w w .g o o g le .c o m /e a rth and h ttp s://m a p s.g o o g le .co m . A ttackers can use this in fo rm a tio n to gain u n a u th o rize d access to buildings, w ired and wireless netw orks, systems, and so on. Exam ple: earth .g oo g le.co m Google Earth is a valuable to o l fo r hacking th a t allows you to fin d a location, point, and zoom in to th a t location to explore. You can even access 3D images th a t depict m ost o f the Earth in high-resolution detail.

M o d u le 0 2 P ag e 118

Ethical H acking a n d C o u n te rm e a s u re s C opyright Š by EC-C0UnCil All Rights R eserved. R ep ro d u ctio n is Strictly P ro h ib ite d .


Ethical Hacking a n d C o u n te rm e a s u re s F o o tp rin tin g a n d R e c o n n a issa n c e

* Pldcwe

Exam 3 1 2 -5 0 C ertified Ethical H acker

* ‫יג*י‬

U, PI0C63 C ‫ ט‬farperar/Phcej

* Liytit S 0

Je

Q«>flr«wr1cvyec

O S fto•*

5

O BuMngo t£ '* :troct >‘osv

* HrBcrln <rdLateti □ Q ►011c ‫ ם י‬o ‫**־׳־‬ 5. 0

*

OflHory

&Dt

• □ v ODCviAwirvrwvt Ftaeeeofiwrroit ‫ ס ם י‬Mo• B fcffim FIGURE 2 .4 : G o o g le E arth s h o w in g lo c a tio n

Exam ple: m aps.google.com Google Maps provides a S treet V iew fe a tu re th a t provides you w ith a series o f images o f building, as w ell as its surroundings, including WI-FI n e tw o rks. A ttackers may use Google Maps to find or locate entrances to buildings, security cameras, gates, places to hide, w eak spots in p e rim e te r fences, and u tility resources like e le ctricity connections, to measure distance betw een d iffe re n t objects, etc.

.‫־‬

=ssa

C fi https' maps.google.fc •You

Starch

Imago*

Mall

.» \ l

Oocuinont•

Calondai

Shot

ConUctt

Map •

Google G«t ArtcM**•

My piac•!

A

oo

<

Om Okxh S«*fchn#*rby S*v»tom*p mor*»

*•port • poC4«m. U«C* L*M• H«lp Ooogi• U«e* ■•M i: Ooo#• rwim 01 Um • * ‫*♦יי‬

FIGURE 2 .5 : G o o g le M a p s s h o w in g a S tre e t V ie w

M o d u le 0 2 P ag e 119

Ethical H acking a n d C o u n te rm e a s u re s C opyright © by EC-C0UnCil All Rights R eserved. R ep ro d u ctio n is Strictly P ro h ib ite d .


Ethical Hacking a n d C o u n te rm e a s u re s F o o tp rin tin g a n d R e c o n n a issa n c e

Exam 3 1 2-50 C ertified Ethical H acker

P e o p le

S e a r c h

C E H

In f o r m a t io n a b o u t a n in d iv id u a l c a n b e

T h e p e o p le search re tu rn s th e fo llo w in g

f o u n d a t v a r io u s p e o p le s e a rc h

in fo rm a tio n a b o u t a p e rs o n :

w e b s ite s

frfi

Residential addresses and email addresses

S

Contact numbers and date of birth

S

Photos and social networking profiles

£

Blog URLs

S Satellite pictures of private residencies

P‘P*

! i s

2!;‫״‬

K

ttje

O.I*

,

tan CA.U»we*•«*•■<*U http://w w w .spokeo.com

http://pipl.com

Copyright © by EG-C*ancil. All Rights Reserved. Reproduction is Strictly Prohibited.

P e o p le

S e a rc h

You can use the public record w ebsites to find in fo rm a tio n about

people's email

addresses, phone num bers, house addresses, and o th e r in fo rm a tio n . Using this in fo rm a tio n you can try to obtain bank details, cre d it card details, m obile num bers, past history, etc. There are m any people search online services available th a t help find people, h ttp ://p ip l.c o m and h ttp ://w w w .s p o k e o .c o m are examples o f people search services th a t a llow you to search fo r the people w ith th e ir name, em ail, username, phone, or address. These people search services m ay p ro vid e in fo rm a tio n such as: Q

Residential addresses and em ail addresses

O

Contact num bers and date o f b irth

Q

Photos and social n e tw o rkin g profiles

©

Blog URLs

©

Satellite pictures o f p riva te residences

M o d u le 0 2 P ag e 120

Ethical H acking a n d C o u n te rm e a s u re s C opyright © by EC-C0UnCil All Rights R eserved. R ep ro d u ctio n is Strictly P ro h ib ite d .


Ethical Hacking a n d C o u n te rm e a s u re s F o o tp rin tin g a n d R e c o n n a issa n c e

M o d u le 0 2 P ag e 121

Exam 3 1 2-50 C ertified Ethical H acker

Ethical H acking a n d C o u n te rm e a s u re s C opyright Š by EC-C0UnCil All Rights R eserved. R ep ro d u ctio n is Strictly P ro h ib ite d .


E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s

Exam

312-50 C e r t i f i e d

E t h ic a l H a c k e r

F o o t p r in t in g a n d R e c o n n a is s a n c e

People Search Online Services CEH M M

Zaba Search

123 People Search

http://www.zabasearch.com

http://www.123people, com

C

Zoomlnfo

%

http://www.zoominfo.com

PeekYou http://www.peekyou.com

W ink People Search

Intelius

http://wink.com

http://www.intelius.com

AnyW ho

PeopleSmart

http://www.anywho.com

&

http://www.peoplesmart.com

m o• I P V / >— J

http://www.whitepages.com

People Lookup

WhitePages

https://www.peoplelookup.com

Copyright © by EG-G(IIIICil. All Rights Reserved. Reproduction is Strictly Prohibited.

.3 ;►

P e o p le

‫׳׳‬

S e a r c h

O

n l i n e

S e r v ic e s

A t p r e s e n t, m a n y I n t e r n e t u s e rs a re u s in g p e o p le s e a rc h e n g in e s t o fin d

in fo rm a tio n

a b o u t o t h e r p e o p le . M o s t o fte n p e o p le s e a rc h e n g in e s p ro v id e p e o p le 's n a m e s , a d d re s s e s , a n d c o n ta c t d e ta ils . S o m e does,

b u s in e s s e s

p e o p le

owned

by

se a rc h a

e n g in e s

p e rs o n ,

m ay

c o n ta c t

a ls o

reveal th e

n u m b e rs,

ty p e

com pany

o f w o rk

e m a il

an

in d iv id u a l

a d d re ss e s ,

m o b ile

n u m b e r s , fa x n u m b e r s , d a te s o f b ir t h , p e r s o n a l - m a il a d d re s s e s , e tc . T h is i n f o r m a t i o n p r o v e s t o b e h ig h ly b e n e fic ia l f o r a tta c k e r s t o la u n c h a tta c k s . S o m e o f t h e p e o p le s e a rc h e n g in e s a re lis te d as f o llo w s :

Z a b a

S e a r c h

S o u rce : h ttp ://w w w .z a b a s e a rc h .c o m Zaba

S e a rch

is

a

p e o p le

s e a rch

e n g in e

n u m b e r , c u r r e n t lo c a tio n , e tc . o f p e o p le

th a t in t h e

p ro v id e s

in fo rm a tio n

such

as

a d d re ss,

US. It a llo w s y o u t o s e a r c h f o r p e o p l e

phone b y th e ir

name.

Z o o m ln f o S o u rce : h ttp ://w w w .z o o m in fo .c o m

M o d u le

02 P a g e 122

E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s C o p y r ig h t © b y E C -C

0U n C il

A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d .


E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s

Exam

312-50 C e r t i f i e d

E t h ic a l H a c k e r

F o o t p r in t in g a n d R e c o n n a is s a n c e

Zoom

I n f o is a b u s i n e s s p e o p l e d i r e c t o r y u s i n g w h i c h y o u c a n f i n d

p ro fe s s io n a l

p ro file s ,

b io g ra p h ie s , w o r k

h is to rie s ,

a ffilia tio n s ,

b u s in e s s c o n ta c ts , p e o p le 's

lin k s t o

e m p lo y e e

p ro file s

w ith

v e rifie d c o n ta c t in fo rm a tio n , a n d m o re .

W ‫צ_ו‬

in k

P e o p le

S e a rc h

E. S o u rce : h ttp ://w in k .c o m

W i n k P e o p l e S e a r c h is a p e o p l e s e a r c h e n g i n e t h a t p r o v i d e s i n f o r m a t i o n a b o u t p e o p l e b y n a m e a n d l o c a t io n . It g iv e s p h o n e n u m b e r , a d d r e s s , w e b s it e s , p h o t o s , w o r k , s c h o o l, e tc .

‫״‬

A n y W

h o

S o u rce : h ttp ://w w w .a n y w h o .c o m A n y W h o is a w e b s i t e t h a t h e l p s y o u f i n d

in f o r m a t io n a b o u t p e o p le , t h e ir b u s in e s s e s , a n d t h e ir

l o c a t i o n s o n l i n e . W i t h t h e h e l p o f a p h o n e n u m b e r , y o u c a n g e t a ll t h e d e t a i l s o f a n i n d i v i d u a l .

P e o p le

L o o k u p

S o u rc e: h ttp s ://w w w .p e o p le lo o k u p .c o m P e o p l e L o o k u p is a p e o p l e s e a r c h e n g i n e t h a t a l l o w s y o u t o f i n d , l o c a t e , a n d t h e n c o n n e c t w i t h p e o p l e . It a ls o a llo w s y o u t o lo o k u p a p h o n e n u m b e r , s e a rc h f o r c e ll n u m b e r s , f i n d a n a d d r e s s o r p h o n e n u m b e r , a n d s e a r c h f o r p e o p l e in t h e U S. T h is d a t a b a s e u s e s i n f o r m a t i o n f r o m

p u b lic

re co rd s.

1 2 3

P e o p le

S e a r c h

S ource: h t t p : / / w w w . 1 2 3 p e o p l e . c o m 123

P e o p le S e a rc h

is a p e o p l e

s e a rc h to o l th a t a llo w s y o u

to

fin d

in fo rm a tio n

such

as p u b lic

re c o rd s , p h o n e n u m b e r s , a d d re s s e s , im a g e s , v id e o s , a n d e m a il a d d re s s e s .

P e e k Y o u S o u rce : h ttp ://w w w .p e e k y o u .c o m PeekYou

is

a

p e o p le

se a rc h

e n g in e

th a t

a llo w s

you

to

se a rch

fo r

p ro file s

and

c o n ta c t

i n f o r m a t i o n o f p e o p l e in I n d i a a n d c i t i e s ' t o p e m p l o y e r s a n d s c h o o l s . It a l l o w s y o u t o s e a r c h f o r th e p e o p le w ith th e ir n a m e s o r u s e rn a m e s .

I n t e liu s S o u rce : h ttp ://w w w .in te liu s .c o m I n t e l i u s is a p u b l i c r e c o r d s b u s i n e s s t h a t p r o v i d e s i n f o r m a t i o n s e r v i c e s .

It a llo w s y o u t o s e a rc h

f o r t h e p e o p l e in U S w i t h t h e i r n a m e , a d d r e s s , p h o n e n u m b e r , o r e m a i l a d d r e s s .

M o d u le

02 P a g e 123

E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s C o p y r ig h t © b y E C -C

0U n C il

A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d .


E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s

Exam

312-50 C e r t i f i e d

E t h ic a l H a c k e r

F o o t p r in t in g a n d R e c o n n a is s a n c e

P e o p le S m a r t S o u rce : h ttp ://w w w .p e o p le s m a r t.c o m

P e o p l e S m a r t is a p e o p l e s e a r c h s e r v i c e t h a t a l l o w s y o u t o f i n d p e o p l e ' s w o r k i n f o r m a t i o n w i t h t h e i r n a m e , c i t y , a n d s t a t e . In a d d i t i o n , i t a l l o w s y o u t o

p e rfo rm

re ve rse p h o n e

lo o k u p s , e m a il

s e a rc h e s , s e a rc h e s b y a d d re s s , a n d c o u n ty se a rch e s.

M o d u le

02 P a g e 124

E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s C o p y r ig h t Š b y E C -C

0U n C il

A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d .


E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s

Exam

312-50 C e r t i f i e d

E t h ic a l H a c k e r

F o o t p r in t in g a n d R e c o n n a is s a n c e

W h ite P a g e s S o u rce : h ttp ://w w w .w h ite p a g e s .c o m W h ite P a g e s

is a p e o p l e

se a rc h

e n g in e

th a t

p ro v id e s

in fo rm a tio n

about

p e o p le

by

nam e

and

lo c a tio n . U s in g t h e p h o n e n u m b e r , y o u c a n f in d t h e p e r s o n 's a d d re s s .

M o d u le

02 P a g e 125

E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s C o p y r ig h t Š b y E C -C

0U n C il

A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d .


E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s

312-50 C e r t i f i e d

Exam

E t h ic a l H a c k e r

F o o t p r in t in g a n d R e c o n n a is s a n c e

People SearchonSocial Networking Services

CEH

http://www.facebook. com

http://www.Iinkedin.com r Google♦ ft

R30er Feoerer

mrtKbm IlH 1 ti t tIKSt Bo—1

m

towp»m 1*»

‫י־‬ I M S « ‫*־‬ http://twitter.com

https://plus,google,com Copyright © by EG-G(IIIICil. All Rights Reserved. Reproduction is Strictly Prohibited.

P e o p le

S e a r c h

o n

S o c ia l

N

e t w

o r k i n g

S e r v ic e s

S e a r c h i n g f o r p e o p l e o n s o c i a l n e t w o r k i n g w e b s i t e s is e a s y . S o c i a l n e t w o r k i n g s e r v i c e s a re

th e

o n lin e

s e rv ic e s ,

p la tfo rm s ,

or

s ite s

th a t

fo c u s

on

fa c ilita tin g

th e

b u ild in g

of

s o c ia l

n e t w o r k s o r s o c i a l r e l a t i o n s a m o n g p e o p l e . T h e s e w e b s i t e s p r o v i d e i n f o r m a t i o n t h a t is p r o v i d e d b y u se rs. H e re , p e o p le a re d ir e c tly o r in d ir e c tly re la te d t o e a c h o th e r b y c o m m o n in te re s t, w o r k lo c a tio n , o r e d u c a tio n a l c o m m u n itie s , e tc . S o c ia l n e t w o r k i n g s ite s a l l o w a re

u p d a te d

in

a n n o u n c e m e n ts

rea l tim e . and

p e o p le t o s h a re in f o r m a t io n q u ic k ly a n d e f f e c tiv e ly as th e s e s ite s

It a llo w s

in v ita tio n s ,

u p d a tin g

and

fa c ts

about

u p c o m in g

so o n . T h e r e f o r e , s o c ia l

o r c u rr e n t e v e n ts ,

n e tw o rk in g

s ite s

p ro v e

rece n t to

be

a

g re a t p la t f o r m f o r s e a rc h in g p e o p le a n d t h e ir r e la te d in fo r m a tio n . T h r o u g h p e o p le s e a rc h in g o n s o c i a l n e t w o r k i n g s e r v i c e s , y o u c a n g a t h e r c r it ic a l i n f o r m a t i o n t h a t w i l l b e h e l p f u l in p e r f o r m i n g s o c ia l e n g in e e r in g o r o t h e r k in d s o f a tta c k s . M a n y s o c ia l n e t w o r k i n g s ite s a llo w v is it o r s t o s e a rc h f o r p e o p le w i t h o u t r e g is t r a t io n ; t h is m a k e s p e o p le s e a r c h in g o n s o c ia l n e t w o r k i n g s ite s a n e a s y ta s k f o r y o u . Y o u c a n s e a rc h a p e r s o n u s in g n a m e , e m a i l , o r a d d r e s s . S o m e s i t e s a l l o w y o u t o c h e c k w h e t h e r a n a c c o u n t is c u r r e n t l y i n u s e o r n o t. T h is a llo w s y o u t o c h e c k t h e s ta tu s o f t h e p e r s o n y o u a re lo o k in g fo r. S o m e o f s o c ia l n e t w o r k i n g s e rv ic e s a re as f o llo w s :

M o d u le

02 P a g e 126

E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s C o p y r ig h t © b y E C -C

0U n C il

A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d .


E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s

Exam

312-50 C e r t i f i e d

E t h ic a l H a c k e r

F o o t p r in t in g a n d R e c o n n a is s a n c e

F a c e b o o k S o u rce : h ttp ://w w w .fa c e b o o k .c o m F a c e b o o k a llo w s y o u t o s e a rc h f o r p e o p le , t h e ir f r ie n d s , c o lle a g u e s , a n d p e o p le liv in g a ro u n d

th e m

and

o th e rs

p ro fe s s io n a l in fo r m a tio n

w ith

w hom

th e y

a re

a ffilia te d .

In

a d d itio n , y o u

can

a ls o

s u c h as t h e ir c o m p a n y o r b u s in e s s , c u r r e n t lo c a tio n , p h o n e

fin d

th e ir

n u m b e r,

e m a i l ID , p h o t o s , v i d e o s , e t c . It a l l o w s y o u t o s e a r c h f o r p e o p l e b y u s e r n a m e o r e m a i l a d d r e s s .

facebook

Carmen f lectra

Sear<* for people, pieces and tv ig i About *

Anefere of *emd-wett. Carmen grew near Cmanno•. 900. and got her frtt b»M* whan a tcout for *nnce apottod her danang and e*ed her to come and audfton for

Can«an wroto a book, >to»* toBeSexy'wfvtftwat pubftrfted by Random Houae. In •‫ •י‬book Carman conveyi *tat a sold t*d*r«tandng • f one• •vw •alf • »«a cora

Canoe* a Mothe fe e of Me* factor ,a brand that ‫ ״‬a• W t J *moot 100 year! ago and • •nwedetaJy Mad to >10»1‫«׳‬aod1 *oat beeutAJ facaa. Carmen'• partner*? Me! factor V a tu rt n rv and pm M!r«

FIGURE 2.7: Facebook a social networking service to search for people across the world

L in k e d ln 1

J

S o u rce : h ttp ://w w w .lin k e d in .c o m

L i n k e d l n is a s o c i a l n e t w o r k i n g w e b s i t e f o r p r o f e s s i o n a l p e o p l e . I t a l l o w s y o u t o f i n d p e o p l e b y n a m e , k e y w o r d , c o m p a n y , s c h o o l, e tc . S e a rc h in g f o r p e o p le o n such

as n a m e , d e s ig n a tio n , n a m e

L in k e d ln g iv e s y o u in f o r m a t io n

o f c o m p a n y , c u r r e n t lo c a tio n , a n d

e d u c a tio n

q u a lific a tio n s ,

b u t t o u s e L in k e d ln y o u n e e d t o b e r e g is t e r e d w i t h t h e s ite .

T w it t e r S o u rce : h ttp ://tw itte r .c o m

M o d u le

02 P a g e 127

E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s C o p y r ig h t © b y E C -C

0U n C il

A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d .


E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s

Exam

312-50 C e r t i f i e d

E t h ic a l H a c k e r

F o o t p r in t in g a n d R e c o n n a is s a n c e

T w itte r

is

a

s o c ia l

n e tw o rk in g

s e rv ic e

th a t

a llo w s

p e o p le

to

send

and

re a d

te x t

m essages

( t w e e t s ) . E v e n u n r e g is t e r e d u s e rs c a n r e a d t w e e t s o n t h is s ite .

FIGURE 2.9: Twitter screenshot

M o d u le

02 P a g e 128

E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s C o p y r ig h t Š b y E C -C

0U n C il

A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d .


E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s

Exam

312-50 C e r t i f i e d

E t h ic a l H a c k e r

F o o t p r in t in g a n d R e c o n n a is s a n c e

G o o g le + S o u rce : h ttp s ://p lu s .g o o g le .c o m G o o g l e + is a s o c i a l n e t w o r k i n g s i t e t h a t a i m s t o

m a k e s h a rin g o n th e w e b

re a l life . Y o u c a n g ra b a lo t o f u s e fu l in f o r m a t io n a b o u t u s e rs f r o m

m o r e lik e s h a r in g in

th is s ite a n d u s e it t o

hack

t h e ir s y s te m s .

FIGURE 2.10: Google+ screenshot

M o d u le

02 P a g e 129

E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s C o p y r ig h t Š b y E C -C

0U n C il

A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d .


E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s

Exam

312-50 C e r t i f i e d

E t h ic a l H a c k e r

F o o t p r in t in g a n d R e c o n n a is s a n c e

Gather Information from Financial Services

CEH

Copyright Š by EG-G*ancil. All Rights Reserved. Reproduction Is Strictly Prohibited.

(>^

G

j

a t h e r

I n f o r m

a t i o n

f r o m

F i n a n c i a l

S e r v ic e s

F in a n c ia l s e rv ic e s s u c h as G o o g le F in a n c e , Y a h o o ! F in a n c e , a n d so o n p r o v id e a lo t o f u s e fu l

in fo rm a tio n

such

as

th e

m a rke t

v a lu e

of

a

c o m p a n y 's

c o m p e t it o r d e ta ils , e tc . T h e in fo r m a t io n o ffe r e d v a rie s f r o m

sh a re s,

com pany

p ro file ,

o n e s e r v i c e t o t h e n e x t . In o r d e r t o

a v a il t h e m s e lv e s o f s e rv ic e s s u c h as e - m a il a le r t s a n d p h o n e a le rts , u s e rs n e e d t o r e g is t e r o n t h e fin a n c ia l

s e rv ic e s . T h is

g iv e s

an

o p p o rtu n ity

fo r

an

a tta c k e r to

g ra b

u s e fu l

in fo rm a tio n

fo r

h a c k in g . M any

fin a n c ia l

a c c o u n ts .

firm s

A tta c k e rs

re ly can

on

web

o b ta in

access,

s e n s itiv e

p e rfo rm in g and

p riv a te

tra n s a c tio n s , in fo rm a tio n

t h e f t , k e y lo g g e rs , e tc . A tta c k e r s ca n e v e n g ra b th is in f o r m a t io n a n d e x p lo it it w i t h t h e

of

and

user

u s e rs

access to

u s in g

th e ir

in fo rm a tio n

b y im p le m e n tin g c y b e rc rim e s ,

h e lp o f n o n - v u ln e r a b le th r e a ts ( s o ftw a r e d e s ig n f la w e x a m p le ; b re a k in g

a u th e n tic a tio n m e c h a n is m ). T h e fo llo w in g a re s o m e o f n o n -v u ln e ra b le th re a ts : Q

S e rv ic e f lo o d in g B ru te fo rc e a tta c k

S

M o d u le

P h is h in g

02 P a g e 130

E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s C o p y r ig h t Š b y E C -C

0U n C il

A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d .


E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s

Exam

312-50 C e r t i f i e d

E t h ic a l H a c k e r

F o o t p r in t in g a n d R e c o n n a is s a n c e

FIGURE 2.11: Examples of financial services website for gathering information

M o d u le

02 P a g e 131

E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s C o p y r ig h t Š b y E C -C

0U n C il

A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d .


E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s

Exam

312-50 C e r t i f i e d

E t h ic a l H a c k e r

F o o t p r in t in g a n d R e c o n n a is s a n c e

Footprinting through JobSites

CEH

Urt1fw4

You can gather company's infrastructure details from job postings

ilh iu l lUtbM

L o o k fo r th e se :

En:e‫־‬p3« Applicators EngincerfCBA

position larorauTio■

Aboa Us‫־‬ Sanre ISfti. t * WarJ k B»c\v» Faraiy c£ ( nnpjw t h».‫־‬r h«t>rornuylmc bowmt to inlxtp’-l'adin( *slutkm in even *wt of andlwrwflft

Wr04 town niciK*

e

Job req u irem en ts

6

Em ployee's profile

A C

© H ardw are in fo rm a tio n

£ H |

© S oftw a re in form a tion

tvHikuk *vl fu rirc w rt arr>^< to th* tcol< rnvl tfthiology rijtfhWp fcffli aireeed V * o il if pmvSnj. "Smice of 1‫־»וז' ז‬.‫*ו>ן‬1*‫ ז‬Fxrflm‫־‬r '

!0

0

W t eitaxi ths1aoe fe\el of Mrvke our aosl ■*witm* aisrt otr u iv k tu v V { otf« Tftprttr. r lastnri and benefits, but out tbrtiztli it on timJ‫ ־‬iltu f We fosta• a cisual but h*d uoriar.fi mwcnrxctt. ottmizt ftn

pati weafcepnfe apraantngticniwtha1

E x a m p le s o f J o b W e b s it e s

1 00

•AwnW m l <nf«|W« ‫׳‬o»* Ihiw ‫ « ׳‬afpW-tmon tnA-.i nri• for rorpotafr ««141 "Tm n.‫־‬l»V> hi* it nit 'nrit^l 1!‫ י‬Vfcrtoti'rt US. VfrtowA .’rt: 0 an4 t'nAH Vfotigag. Nfirtotoft ShatrPomt Cnrm TUm VUtou* CRM \ ‫«׳‬-‫ י| > י‬M il Smrt 200< m<1200S Tram FoaJatM 'fO t aid 201(1, MiniwA SC0M. ‫ון‬1‫ י\ז»ז«מןיו‬rinflopwl * 4 m n and r*vn \rtw r nvk •**‫« '׳«־‬rt?rd by Ihe ‫־‬omp‫׳‬nv

1 1

■ot K K « M r« d bldb

C0N1AU IMOMMAIMI

?00B3a1r|u1n tla*g kiuwtr tlg< oCWfcxJcwt « vn 2COV2008 Actvr Oarv u•• MkanMMUjodndnctuitkaig (TCP IP vo4.DS'S *kIDHCP! Mu-.; k*r>c ; i pmciL t vMh. ju l >out|j wmU^ k n e w u f NOciuvjH SQL 2303 aul :0)8 Vkiwud ‫ י‬01 ( ‫ ״ז״ו‬#^ * lyxcai. WiumA 5>ka1rP.«t. MkicxA CRM dul NLlivmA SCOM Mint !m<c Pjdc* C• aui Pov»ct SbcB*.1Iftiikj ■.!*» ladw■( amlNctwuak fiaWu.luc l>c>t co ‫״‬. ‫ ״‬c'iocjcb. SQL etc xvl cr MCTS, MCSE * lu lu CdutiUa Siiaicc u Network ttn—n; or <q avd<«t «

h ttp ://w w w .m on ster.com

«

h ttp ://w w w .ca reerb u ild er.com

«

h ttp ://w w w .d ice .co m

*

h ttp ://w w w .sim p lyh ire d .co m

^

© h ttp ://w w w .in d eed .co m

1

1 1■

»

© h ttp ://w w w .u sa jo b s.g ov

Copyright © by EG-GWIIICil. All Rights Reserved. Reproduction is Strictly Prohibited.

F o o t p r i n t i n g A tta c k e rs

can

v e rs io n s , c o m p a n y 's fo o tp rin tin g

v a rio u s

t h r o u g h

g a th e r

v a lu a b le

in fra s tr u c tu r e jo b

s ite s

J o b

in fo rm a tio n

d e ta ils , a n d

u s in g

S it e s about

d a ta b a s e

d iffe re n t

used

by th e

schem a

te c h n iq u e s .

r e q u ir e m e n t s f o r jo b o p e n in g s , a tta c k e r s m a y b e a b le t o in fo rm a tio n , a n d te c h n o lo g ie s

th e

k e y e m p l o y e e s lis t w i t h t h e i r e m a il a d d r e s s e s . T h is i n f o r m a t i o n

o f an

s y s te m ,

s o ftw a re

o rg a n iz a tio n , th r o u g h

D e p e n d in g

s tu d y th e

c o m p a n y . M o s t o f th e

an a tta c k e r . F o r e x a m p le , if a c o m p a n y w a n ts t o

o p e ra tin g

upon

th e

p o s te d

h a rd w a re , n e tw o rk -re la te d c o m p a n y 's w e b s ite s h a v e a

m a y p ro ve to

b e b e n e fic ia l f o r

h ire a p e rs o n f o r a N e t w o r k A d m in is t r a t io n

jo b , it p o s ts t h e r e q u ir e m e n t s r e la te d t o t h a t p o s itio n .

M o d u le

02 P a g e 132

E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s C o p y r ig h t © b y E C -C

0U n C il

A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d .


E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s

Exam

312-50 C e r t i f i e d

E t h ic a l H a c k e r

F o o t p r in t in g a n d R e c o n n a is s a n c e

Network Administrator. Active Directory C u n *. E K h in g •

MD 17123M546706 42319173004

Design and vnpiemert Ik Iv k iI ukA ooi on M Mnd9K i Boca Raton. FL 33417

JofcSUhn

0

rT/S * a r e Development

,gitfgiT.te « g — > ______________ Support ♦using VWndows ncto*ng V M Directory 2003. SMS. SUS. C1»« SOL Server. SOL C M * * . Ewhange 55. Eahange 2003. VH ware. Vertas backup i04wir«. h court and M « n securty. [ ‫» ו » ו ו י‬ Recwery wivkm . RMO technologies. and F«re/SAN <*s*

KMlorU■

E

facebook

• 5 or more years experience wortang n IT *nplemerAng and supportng a glottal business > Pnor npenerxt r Wppdtng a global W» dM I St r m and Doma* Infrastoxtiire ‫י‬ *nplementng and supportng D w lw y. C#t> Metalrame. SOL Server. SOL Ctaster. DNS. DHCP. WHS. and Etthange 2003 m an Enlerpnse ecMronmert ‫ י‬Vny strong systems toutirsiioolng staffs ‫ י‬Eipenenc* m provMkng 24-hour support to a global enlerpnse as part of an orvcal rotaton • Effectwe interpersonal staffs wdh fie abffffr to be persuasae • OVwr staffs Bmttng Effect*■* Teams. Acton Onerted Pttr Relaffonships, Customer Focus. Pnortr Seteng. ProWeffi SoMng, and Business Acumen ‫ ן‬Bachelor***■* Degree or equivalent eipenence ‫ י‬MCSE (2003) certtcafton a plus. Cffra Certffkabon a plus

FIGURE 2 .1 2 : G a th e rin g in fo r m a tio n th r o u g h Job w e b s ite s

U s u a lly a tta c k e r s lo o k f o r t h e f o llo w in g in f o r m a t io n : •

Job re q u ire m e n ts

E m p lo y e e 's p r o file

H a rd w a re in fo rm a tio n

S o ftw a re in fo rm a tio n

E x a m p le s o f jo b w e b s ite s in c lu d e : Q

h ttp / /w w w . m o n s te r.c o m

Q

h t t p / / w w w . c a r e e r b u ild e r.c o m

S

h ttp / / w w w .d ic e .c o m -C

h ttp / / w w w .in d e e d .c o m

Q

h t t p / / w w w . u s a jo b s .g o v

a

M o d u le

4- ‫׳‬ 4- ‫׳‬

CD S

/ / w w w .s im p lv h ire d .c o m

02 P a g e 133

E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s C o p y r ig h t © b y E C -C

0U n C il

A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d .


E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s

Exam

312-50 C e r t i f i e d

E t h ic a l H a c k e r

F o o t p r in t in g a n d R e c o n n a is s a n c e

Monitoring Target Using Alerts

E x a m p le s of A lert S e rv ic e s

Alerts are the content m onitoring services th a t provide up-to-date inform ation based

M â&#x20AC;&#x153;

o n i t o r i n g

A le rts

in fo rm a tio n

a re

based

th e on

T a r g e t s c o n te n t

your

U s i n g

m o n ito rin g

p re fe re n c e ,

CEH

A l e r t s

s e rv ic e s

u s u a lly v ia

th a t

e m a il

p ro v id e

or SMS.

a u to m a te d

In o r d e r t o

u p -to -d a te

g e t a le rts , y o u

n e e d t o re g is te r o n th e w e b s ite a n d y o u s h o u ld s u b m it e ith e r an e m a il o r p h o n e n u m b e r t o th e s e rv ic e . A tta c k e r s ca n g a th e r th is s e n s itiv e

in fo rm a tio n

fro m

th e

a le r t s e rv ic e s a n d

u s e it f o r

f u r t h e r p ro c e s s in g o f a n a tta c k .

I ^ jl

G o o g le

A le r ts

S o u rce : h ttp ://w w w .g o o g le .c o m /a le r ts G o o g le

A le rts

c o n te n t fro m

is

a

c o n te n t

m o n ito rin g

s e rv ic e

th a t

a u to m a tic a lly

n o tifie s

u s e rs

when

new

n e w s , w e b , b lo g s , v id e o , a n d / o r d is c u s s io n g r o u p s m a tc h e s a s e t o f s e a rc h t e r m s

s e le c te d b y th e u s e r a n d s to re d b y th e G o o g le A le rts s e rv ic e . G o o g l e A l e r t s a id s in m o n i t o r i n g a d e v e l o p i n g n e w s s t o r y a n d k e e p i n g c u r r e n t o n a c o m p e t i t o r o r in d u s try .

M o d u le

02 P a g e 134

E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s C o p y r ig h t Š b y E C -C

0U n C il

A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d .


E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s

Exam

312-50 C e r t i f i e d

E t h ic a l H a c k e r

F o o t p r in t in g a n d R e c o n n a is s a n c e

C o o g i• A lert • Security N ew *

G

o o g l e

A le rts

Tkta

lu ilo n i bkokad HiMyc■.

27new results •j

New»

Security News

1

Sinae Ra a 1a Land Dtaflli-Bteftla A jia d a la n trC iic lg

S e a rch query

N#vr Yoric Time* BEIRUT Lebanon — The hilling on Wednesday of President Bashat al-Assads key security aides ‫ וזי‬a brazen bombog attack close to Mr Assads own res«d©nce. called H»Yaft Trei into question the ability of a government that depends on an insular group of loyalists to

S e c u rity N ew s

S t t «!

R e su lt type

How often

H ow many:

?ft

San Jose Mercury Mews Turns out < Mas 3s easy as using a rug to scale a razor *iro topped security fence at a small Utah arpoit in the rroddie cf night slipping past security bearding an idle empty S0-passeog?r SlcyWest Airhnes )«t and rewng up the engines. He Clashed the ...

Once a day

? te n t; gn thi?

Only the b est re su lts

BEIRUT'AMMAN (Reuters) - Mystery surrounded the whereabouts of Syr an President Basha* 31Assad cn Thursday a day after 3 oomoer killed and wounded his security cnefs and rebels closed in on the centre of Damascus vowing to *liberate" the capital.

@ ya ho o c o m

CREATE ALERT

.

K ti-StanfltASMiantramMiiajmutmaaostmi Reuters 5 1 9 ?tpnts ?‫»ח‬ .h?

Your email

te a t r

Everything

>

SlfM Lgflfofg InPCT

Manage your alerts

W al Street Journal BEIRUT—Syrian rebels pierced the innermost circle 01 President Bashar a -Asssds regime wKh a bomb blast that kiled thiee riigh-lewl officials and raised questions about the aMity of the courftry's security forces to sustain the embattled government Syne

w ii stmt a —<

FIGURE 2.13: Google Alert services screenshot Yahoo!

A le rts

is

a v a ila b le

at

h ttp ://a le rts .y a h o o .c o m

and

G ig a

A le rt

is

a v a ila b le

at

h t t p : / / w w w . g ig a a le r t . c o m : th e s e a re t w o m o r e e x a m p le s o f a le r t s e rv ic e s .

M o d u le

02 P a g e 135

E t h i c a l H a c k i n g a n d C o u n t e r m e a s u r e s C o p y r i g h t © b y E C - C O lM C il A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d .


E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s

Exam

312-50 C e r t i f i e d

E t h ic a l H a c k e r

F o o t p r in t in g a n d R e c o n n a is s a n c e

Footprinting Methodology

CEH

Footprinting through Search Engines

WHOIS Footprinting

Website Footprinting

DNS Footprinting

Email Footprinting

Network Footprinting

Competitive Intelligence

Footprinting through Social Engineering

Footprinting using Google

Footprinting through Social Networking Sites

Copyright Š by EG-G(IIIICil. All Rights Reserved. Reproduction is Strictly Prohibited.

F o o t p r i n t i n g

M

e t h o d o l o g y

So fa r, w e h a v e d is c u s s e d t h e fir s t s te p o f f o o t p r in t in g v ia s e a rc h

e n g in e s .

Now

we

w ill d is c u s s w e b s it e

fo o tp rin tin g .

fir s t p la c e w h e r e y o u ca n g e t s e n s itiv e in f o r m a t io n p e r s o n s in t h e c o m p a n y , u p c o m i n g fo o tp rin tin g

c o n c e p t,

m irro rin g

m e t h o d o l o g y , i.e ., f o o t p r i n t i n g An

o r g a n iz a tio n 's

w e b s ite

is a

s u c h as n a m e s a n d c o n ta c t d e ta ils o f c h ie f

p r o je c t d e ta ils , a n d so o n . T h is s e c tio n c o v e rs t h e w e b s it e

w e b s ite s , th e

to o ls

used

fo r

m irro rin g ,

and

m o n ito r in g

w eb

u p d a te s .

M o d u le

02 P a g e 136

E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s C o p y r ig h t Š b y E C -C

0U n C il

A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d .


E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s

Exam

312-50 C e r t i f i e d

E t h ic a l H a c k e r

F o o t p r in t in g a n d R e c o n n a is s a n c e

CEH

W e b s ite F o o t p r in t in g Information obtained from target's website enables an attacker to build a detailed map of website's structure and architecture

Browsing the target website may provide: -

Software used and its version

t

Operating system used

t:

Sub-directories and parameters

t

Filename, path, database field name, or query

-

Scripting platform Contact details and

CM S

details

Use Zaproxy, Burp Suite, Firebug, etc. to view headers that provide: w

Connection status and content-type

~

Accept-Ranges

-

Last-Modified information

t;

X-Powered-By information Web server in use and its version

W

e b s i t e

I t is

F o o t p r i n t i n g

p o s s ib le

fo r

an

a tta c k e r to

b u ild

a d e ta ile d

m ap

o f a w e b s ite 's

s tru c tu re

and

a r c h i t e c t u r e w i t h o u t ID S b e i n g t r i g g e r e d o r w i t h o u t r a i s i n g a n y s y s a d m i n s u s p i c i o n s . It c a n b e a c c o m p lis h e d e i t h e r w i t h t h e h e lp o f s o p h is t ic a t e d f o o t p r i n t i n g t o o ls o r j u s t w i t h t h e b a s ic t o o ls t h a t c o m e a lo n g w it h th e o p e r a tin g s y s te m , s u c h as t e ln e t a n d a b r o w s e r . U s i n g t h e N e t c r a f t t o o l y o u c a n g a t h e r w e b s i t e i n f o r m a t i o n s u c h a s IP a d d r e s s , r e g i s t e r e d n a m e a n d a d d re s s o f th e d o m a in o w n e r, d o m a in m ay

not

g iv e

a ll

th e s e

d e ta ils

fo r

e ve ry

n a m e , h o s t o f t h e s ite , O S d e ta ils , e tc . B u t t h is t o o l s ite .

In

such

cases,

you

s h o u ld

b ro w se

th e

ta rg e t

w e b s ite . B ro w s in g th e ta r g e t w e b s ite w ill p ro v id e y o u w ith th e fo llo w in g in fo r m a tio n : Q

S o ftw a re

used

and

its v e r s i o n : Y o u

can fin d

n o t o n ly th e

s o ftw a re

in u s e b u t a ls o t h e

v e rs io n e a s ily o n t h e o f f - t h e - s h e lf s o f t w a r e - b a s e d w e b s ite . Q

O p e r a t in g s y s t e m u s e d : U s u a lly t h e o p e r a t in g s y s t e m c a n a ls o b e d e t e r m i n e d .

9

S u b -d ire c to rie s a n d

p a ra m e te rs : Y ou can re v e a l th e s u b -d ire c to rie s a n d

p a ra m e te rs by

m a k i n g a n o t e o f a ll t h e U R L s w h i l e b r o w s i n g t h e t a r g e t w e b s i t e .

M o d u le

02 P a g e 137

E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s C o p y r ig h t Š b y E C -C

0U n C il

A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d .


E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s

Exam

312-50 C e r t i f i e d

E t h ic a l H a c k e r

F o o t p r in t in g a n d R e c o n n a is s a n c e

F ile n a m e ,

p a th ,

d a ta b a s e

fie ld

nam e,

or

q u e ry :

You

s h o u ld

a n a ly z e

a n y th in g

a fte r

a

q u e r y t h a t lo o k s lik e a f i le n a m e , p a t h , d a t a b a s e f ie ld n a m e , o r q u e r y c a r e f u lly t o c h e c k w h e t h e r it o ffe rs o p p o r t u n it ie s f o r SQ L in je c tio n . -‫י‬

S c rip tin g

p la tfo rm : W ith

th e

h e lp o f th e

s c rip t file n a m e

e x te n s io n s su ch

as .p h p , .a s p ,

. j s p , e t c . y o u c a n e a s i l y d e t e r m i n e t h e s c r i p t i n g p l a t f o r m t h a t t h e t a r g e t w e b s i t e is u s i n g . S

C o n ta c t d e ta ils a n d C M S d e ta ils : T h e c o n ta c t p a g e s u s u a lly o f f e r d e ta ils s u c h as n a m e s , phone

n u m b e rs , e m a il a d d re s s e s , a n d

use th e s e d e ta ils t o p e r fo r m C M S s o ft w a r e a llo w s

lo c a tio n s

o f a d m in

or su p p o rt

p e o p le . Y ou

can

a s o c ia l e n g in e e r in g a tta c k .

U R L r e w r i t i n g in o r d e r t o d is g u is e t h e

s c rip t file n a m e e x te n s io n s .

In t h i s c a s e , y o u n e e d t o p u t l i t t l e m o r e e f f o r t t o d e t e r m i n e t h e s c r i p t i n g p l a t f o r m . U s e P a ro s P ro x y , B u r p S u ite , F ire b u g , e tc . t o v i e w h e a d e r s t h a t p r o v id e : Q

C o n n e c tio n s ta tu s a n d c o n te n t-ty p e

Q

A c c e p t-ra n g e s

©

L a s t-M o d ifie d in fo r m a tio n

Q

X -P o w e re d -B y in fo rm a tio n

©

W e b s e r v e r in u s e a n d its v e r s i o n

S o u rce : h ttp ://p o r ts w ig g e r .n e t T h e f o l l o w i n g is a s c r e e n s h o t o f B u r p S u i t e s h o w i n g h e a d e r s o f p a c k e t s i n t h e i n f o r m a t i o n p a n e :

FIGURE 2.14: Burp Suite show ing headers o f packets in th e in fo rm a tio n pane

M o d u le

02 P a g e 138

E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s C o p y r ig h t © b y E C -C

0U n C il

A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d .


E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s

Exam

312-50 C e r t i f i e d

E t h ic a l H a c k e r

F o o t p r in t in g a n d R e c o n n a is s a n c e

W e b s it e F o o t p r i n t i n g

CEH

Urt1fw4

( C o n t ’d )

Examining HTML source provides:

ilh iu l lUtbM

Examining cookies may provide:

© Comments in the source code

6 Software in use and its behavior

9 Contact details of web developer or admin

© Scripting platforms used

© File system structure 9 Script type

Copyright © by EG-G(IIIICil. All Rights Reserved. Reproduction is Strictly Prohibited.

W

e b s i t e

F o o t p r i n t i n g

( C

o n t ’ d )

E x a m in e t h e H T M L s o u rc e c o d e . F o llo w t h e c o m m e n t s t h a t a re e it h e r c r e a te d b y t h e C M S s y s te m o r in s e rte d w h a t 's r u n n i n g in t h e

m a n u a lly . T h e s e c o m m e n t s m a y p r o v id e c lu e s t o h e lp y o u u n d e r s t a n d

b a c k g r o u n d . T h is m a y e v e n p r o v id e c o n t a c t d e ta ils o f t h e w e b

a d m in o r

d e v e lo p e r. O b s e r v e a ll t h e to

reve a l th e

li n k s a n d i m a g e t a g s , in o r d e r t o m a p t h e f i l e s y s t e m s t r u c t u r e . T h is a l l o w s y o u

e x is te n c e o f h id d e n

d ir e c t o r ie s a n d file s . E n te r f a k e d a t a

to

d e te rm in e

h o w th e

s c rip t w o rk s .

M o d u le

02 P a g e 139

E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s C o p y r ig h t © b y E C -C

0U n C il

A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d .


E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s

Exam

312-50 C e r t i f i e d

E t h ic a l H a c k e r

F o o t p r in t in g a n d R e c o n n a is s a n c e

T

1

1

1

V e w « j u < e w w w j n <rc•.

C

ft

T

H

‫ץ‬

© view sourivwww.microsoft.com en-us/defaultaspx

f t

\ A

I

21< ' DOCTYPC hriwi PUBLIC • —/ /W3C//DTD XHTML 1*0 Trtnsicififltl//CNa s < h t m l d i r ‫ " ־‬l t r " l a n g “ ‫ ״‬e n • x m l : l a r . g “ * e r.■ x m l n s “ ‫ ״‬h t t p : / / w w w . w 3 . o r g / 1 9 9 9 / x h t m l • x m l n s : b ~ ' u r n : s c h e m a s - m c r o s o f t - c o m : m s c o m : b *> « < h e a d x t tle > M i c r o s o f t C o r p o r a t i o n : S o f t w a r e , S m a r t p h o n e s , O n l i n e , S a x e s , C lo u d C o m p u tin g , IT B u s i n e s s T e c h n o lo g y , D o w n lo a d s 0 < / t l t l e x m e t a h t t p - e q u i v 'X - U A - C o s p a t l b l e ■ c o n t e n t • “ I E - 1 0 * / x m e t a h t t p e q u v ” "C n t e n t - T y p e ” c o n t e n t ~ * t e x t / h t m l : c ! i a r s e t “ u t f - 8 " / x m e t a h t t p e q ‫ ״‬v * " X -U A -IE 9 -T e x tL a y c u tM e trie s * c o n t e n t« " s n a p - v e r t c a l " /> ‫ ־‬o e n p t ty p e ‫ " ״‬t e x t ^ a v a s c n p t - > v a r Q o s I n i t T i m e ■ < new D a t e ( ) ) • g e t T i m e ( ) ; 9 v a r Q o s L o a d T im * • • ‫; י‬ v a r Q o s P a g e U n • e n c o d e U R I ( w in d o w , l o c a t i o n ) ; v a r Q o sB a se S rc • w in d o w .l o c a t io n .p r o to c o l ♦ ‫ י‬/ / e . 1 E i c r o ‫ צ‬o f t . c o m / t r a n ^ _ p l x e l . a 3 p x ? r o u t e * 6 4 D E ^ c t r l - 9 C 5 A 4 t z • ‫ י‬+ ( (n e w D a t e ( ) ) . g e t T i m e z o n e O f f s e t () / 6 0 ) ♦ • t c o t - S t q o s . u n ■ • ♦ Q o s P a g e tJ r i; d o c u m e n t.w rite ( " c lin k r e l ” " 3 ty le s h e e t■ ty p e “ ‫ ״‬t e x t / c s s • h r e f • " ' ♦ Q o s S u ild U rl( • l n i t ‘ ) ♦ • " / > ') ; f u n c t i o n Q o s B u ild U n (n ) ( 14 v a r t i m e » (n e w D a t e ( ) ) . g e t T u s e ( ) ; v a r c d - w in d o w .c o o k ie D is a b le d ; i f (ty p e o f cd “ * u n d e f in e d * ) cd • 1 ; / / D e f a u lt t o 1 (c o o k ie s d is a b le d ) i f th e w ed cs s c r i p t h a s not se t i t yet r e t u r n Q o sB a se S rc ♦ * t e d • ' • c d ♦ • t q o s . t i ■ ' ♦ Q o s I n itT m e ♦ • 4 t s ■ ' ♦ t i m e + , * q o s . t l “ • ♦ Q o s L o a d T lm e ♦ • i q o s . n • 1 ♦ n ;

1 1

1 1

1

1

0

1

t»l }

v

FIGURE 2 .1 5 : S c re e n s h o t s h o w in g M ic ro s o ft s c rip t w o rk s

E x a m in e c o o k ie s s e t b y t h e s e r v e r t o d e t e r m i n e t h e s o f t w a r e r u n n i n g a n d its b e h a v i o r . Y o u c a n a ls o i d e n t i f y t h e s c r i p t in p l a t f o r m s b y o b s e r v i n g s e s s io n s a n d o t h e r s u p p o r t i n g c o o k i e s .

X

Cook** ar*d site data Sit•

Remove •fl

Locally stored data

Od«yM<u(1(y.(0<n

3 (oobn

100bcttbuy.com

2 coobes

Search cookies A

N«me

_utmx

Content.

192B742S2.1342a46«22.1.1 utmcs‫ ״‬lOOmoney ‫״‬n|utmccn‫־‬ (r«fen*l>futmcmd=refen*ljutmcct‫' ־‬lendmg/moneydeel•

Domim

>««■»*> .100bestbuy.com

P«th

/

Send for

Aity bnd of connection

Accrv.4>teto script

Yes

Created

Monday. Juty 16. 2012 &S3^1 AM

bp*•*:

Mondey. Jjnu.ry U. 2013 *5341 PM

y

Remove www.tOObestbuy.com

1cookie

www.100nests.com

1 cook*

125rf.com

}co«bet

www.t23d.com

2 cootaes. Local storage v OK

FIGURE 2 .1 6 : S h o w in g d e ta ils a b o u t th e s o ftw a re ru n n in g in a s y s te m b y e x a m in in g c o o kie s

M o d u le

02 P a g e 140

E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s C o p y r ig h t © b y E C -C

0U n C il

A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d .


E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s

Exam

312-50 C e r t i f i e d

E t h ic a l H a c k e r

F o o t p r in t in g a n d R e c o n n a is s a n c e

M i r r o r i n g E n t ir e W e b s ite J

Mirroring an entire website onto the local system enables an attacker to dissect and identify vulnerabilities; it also assists in finding directory structure and other valuable information without multiple requests to web server

J

Web mirroring tools allow you to download a website to a local directory, building recursively all directories, HTML, images, flash, videos, and other files from the server to your computer

O rig in a l W e b site

CEH

M irro re d W e b s ite Copyright © by EG-G(IIIICil. All Rights Reserved. Reproduction is Strictly Prohibited.

1‫־‬

‫ך‬

M

i r r o r i n g

W e b s ite T h is c a n

a n

m irro rin g

be d o n e w ith

th e

E n t i r e

is t h e h e lp

W

e b s i t e

p ro c e s s o f c r e a tin g a n e x a c t re p lic a

of web

o f th e

o rig in a l w e b s ite .

m ir r o r in g to o ls . T h e s e to o ls a llo w y o u

to

d o w n lo a d

a

w e b s i t e t o a lo c a l d i r e c t o r y , r e c u r s i v e l y b u i l d i n g a ll d i r e c t o r i e s , H T M L , i m a g e s , f l a s h , v i d e o s a n d o t h e r file s f r o m

th e s e rv e r to y o u r c o m p u te r.

W e b s ite m ir r o r in g has th e f o llo w in g b e n e fits : Q

I t is h e l p f u l f o r o f f l i n e s i t e b r o w s i n g . W e b s i t e m i r r o r i n g h e lp s in c r e a t i n g a b a c k u p s it e f o r t h e o r i g i n a l o n e .

Q

A w e b s ite c lo n e c a n b e c re a te d .

Q

W e b s ite

m irro rin g

is

u s e fu l

to

te s t

th e

s ite

at

th e

tim e

of

w e b s ite

d e s ig n

and

d e v e lo p m e n t. Q

M o d u le

I t is p o s s i b l e t o d i s t r i b u t e t o m u l t i p l e s e r v e r s i n s t e a d o f u s i n g o n l y o n e s e r v e r .

02 P a g e 141

E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s C o p y r ig h t © b y E C -C

0U n C il

A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d .


E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s

Exam

312-50 C e r t i f i e d

E t h ic a l H a c k e r

F o o t p r in t in g a n d R e c o n n a is s a n c e

O rig in a l W e b s ite

M irro re d W e b s ite

FIGURE 2.17: JuggyBoy's O riginal and M irro re d w e b site

M o d u le

02 P a g e 142

E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s C o p y r ig h t Š b y E C -C

0U n C il

A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d .


E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s

Exam

312-50 C e r t i f i e d

E t h ic a l H a c k e r

F o o t p r in t in g a n d R e c o n n a is s a n c e

W e b s i t e M i r r o r i n g T o o ls

W

e b s i t e

M

i r r o r i n g

H T T r a c k

Š

CEH

T o o ls

W e b

S ite

C o p ie r

S o u rce : h ttp ://w w w .h ttr a c k .c o m H T T r a c k is a n o f f l i n e b r o w s e r u t i l i t y . I t a l l o w s y o u t o d o w n l o a d a W o r l d W i d e W e b s i t e f r o m t h e In te rn e t to

a

lo c a l

o t h e r file s f r o m

d ire c to ry ,

b u ild in g

re c u rs iv e ly

a ll

d ire c to rie s ,

g e ttin g

HTM L,

im a g e s ,

t h e s e rv e r t o y o u r c o m p u t e r . H T T ra c k a rra n g e s t h e o rig in a l s ite 's r e la t iv e lin k -

s t r u c t u r e . O p e n a p a g e o f t h e " m i r r o r e d " w e b s i t e in y o u r b r o w s e r , b r o w s e t h e s i t e f r o m lin k ,

and

you

and

can

v ie w

th e

s ite

as

if y o u

w e re

o n lin e .

H T T ra ck

can

a ls o

u p d a te

an

lin k t o e x is tin g

m i r r o r e d s ite , a n d r e s u m e in t e r r u p t e d d o w n lo a d s .

M o d u le

02 P a g e 143

E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s C o p y r ig h t Š b y E C -C

0U n C il

A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d .


E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s

312-50 C e r t i f i e d

Exam

E t h ic a l H a c k e r

F o o t p r in t in g a n d R e c o n n a is s a n c e

‫י פ ד‬

Site mirroring in pfogress (2/2.10165 bytes) - [FR.wt1tt] File

Preference‫״‬.

Mirrcx

Log

W indow

Help

Sjy lo<«^ Mi s i. N

»

Wormetion

8) i. p I Bi

ByletM ved Tim• Tmnrfer rat•

Act** com ectcr*

992*6 221

Im fcsK jn rv d

2/2 ‫ו‬

» / ‫ > י‬5»9&/«( 2

Fte»cpd*ed

0 0

W (Action•

"WBtwirconi "

cont4»w«con <©

FIGURE 2.18: HTTrack Web Site Copier Screenshot S u r f O f flin e S o u rce : h ttp ://w w w .s u r fo fflin e .c o m S u rfO fflin e w e b s ite s

is

and

a

w e b s ite

d o w n lo a d

d o w n lo a d w e b

pages

s o ftw a re .

to

your

lo c a l

The

s o ftw a re

h a rd

d riv e .

a llo w s

A fte r

you

to

d o w n lo a d e n tire

d o w n lo a d in g

th e

ta rg e t

w e b s i t e , y o u c a n u s e S u r f O f f l i n e a s a n o f f l i n e b r o w s e r a n d v i e w d o w n l o a d e d w e b p a g e s in it. If y o u p r e f e r t o v i e w d o w n l o a d e d w e b p a g e s in a n o t h e r b r o w s e r , y o u c a n u s e t h e E x p o r t W i z a r d . S u r f O f f l i n e ' s E x p o r t W i z a r d a ls o a l l o w s y o u t o c o p y d o w n l o a d e d w e b s i t e s t o o t h e r c o m p u t e r s in o rd e r to v ie w th e m

la te r a n d p re p a re s w e b s ite s f o r b u rn in g t h e m t o a CD o r D V D . J

SurfOffline Professional 2.1 Unregistered trial version. You have 30 day(s) left F.4e

View

iL

Projects

£)

8rowver

Zi

I ** 1 ° 1 x

HHp

O

Hi> O

^

$

O Q j j

O Promts <5 New Project

JuggyboyQ uestion the Rules +

1m 1: http:.‫'׳‬/www-juggyb...

P fo y w i

Set

Sutus Connecting

Loaded b y t«

0

0

2: http7/www^u9gyb—

0

0

Conra tin g

J: http--//www.;1>ggyb...

0

0

Connecting

* http,/ / www /uggyfe..

0 0

0 0

Connecting Connecting

S: http://wwwjuggyb . ■

+

_______________________S>m.«g 0

10*6*4 11

Queued S1

v

(1 <tem(*) rem*rfMng) Downloading p*ctu»ehttp‫־‬.//ww

J

1

FIGURE 2.19: SurfOffline screenshot B la c k W

id o w

S o u rce : h ttp ://s o ftb v te la b s .c o m

M o d u le

02 P a g e 144

E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s C o p y r ig h t © b y E C -C

0U n C il

A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d .


E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s

Exam

312-50 C e r t i f i e d

E t h ic a l H a c k e r

F o o t p r in t in g a n d R e c o n n a is s a n c e

B la c k W id o w

is a w e b s i t e s c a n n e r f o r b o t h e x p e r t s a n d b e g i n n e r s .

It s c a n s w e b s i t e s ( it's a s ite

r i p p e r ) . It c a n d o w n l o a d a n e n t i r e w e b s i t e o r p a r t o f a w e b s i t e . It w i l l b u i l d a s it e s t r u c t u r e f ir s t , a n d t h e n d o w n l o a d s . It a llo w s y o u t o c h o o s e w h a t t o d o w n l o a d f r o m

M o d u le

02 P a g e 145

th e w e b s ite .

E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s C o p y r ig h t Š b y E C -C

0U n C il

A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d .


E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s

312-50 C e r t i f i e d

Exam

E t h ic a l H a c k e r

F o o t p r in t in g a n d R e c o n n a is s a n c e

X

1

M a o w A C o t p o r j B o n S c f t m n . V i w l c t o n n O r t n r G m v Clau d C a n c u in a It l u v n r t i T « t t n o io v r O om H o^t

l« W M »

^ »■ — [()»■ 0|V»» ' f j l « « t n g liw 1* • m

2J***'‫״‬

‫״‬

‫י‬

S ’**■

U h jh

W e lc o m e t o M ic ro s o ft * o* u cta

00

» « e *d

1

S*o^ »

Support

•wy

FIGURE 2.20: SurfOffline screenshot W

e b r ip p e r

S o u rce : h ttp ://w w w .c a llu n a - s o ftw a r e .c o m W e b R i p p e r is a n

In te rn e t sca n n e r and

d o w n lo a d e r.

v id e o s , a u d io , a n d e x e c u ta b le d o c u m e n ts f r o m t o f o l l o w t h e lin k s in a ll d i r e c t i o n s f r o m

It d o w n l o a d s

m a s s iv e a m o u n t o f im a g e s ,

a n y w e b s ite . W e b R ip p e r uses s p id e r - te c h n o lo g y

t h e s ta r t- a d d r e s s . It filte r s o u t t h e in t e r e s t in g file s , a n d

a d d s th e m to th e d o w n lo a d - q u e u e fo r d o w n lo a d in g . Y o u c a n r e s tr ic t d o w n lo a d e d ite m s b y file ty p e , m in im u m

file , m a x i m u m file , a n d im a g e s iz e . A ll

t h e d o w n lo a d e d lin k s c a n a ls o b e r e s t r ic t e d b y k e y w o r d s t o a v o id w a s t in g y o u r b a n d w i d t h .

Wrt>R»ppef 0 3 - Copyright (0 200S-2009 - StmsonSoft Ne M>

T00H *dp

□ H■!►Ixl ^|%| ® F<xsy3Mm

0S am sonS oft fiwemgW••

SucceeAiMee

fM ta

Seemed page•

Sutfcv*

Selected!ot ^

T a rg e te d [w w w !u q q y b o y c o m )634782117892930200

Oowteed* |

Sodtn|

St«je Rcojetfng header ReojeCng header f'egjeang herter Reaietfrg header Kcojetfng header

| Log

\

‫ז מ ג צי‬ “Cp W • car, * p e tix T c tr 5ng ■Cp 1‫ ״‬wti p jy o y cot n. conrw.‫ מ י מ י‬f mp WwfjgyK-y comvjxwwonShewe* e. tip /»w« pgsftcy car. ltd rflp/Afww^jggytoy camHe* artarxatrtage*.

W e b R ip p e r Th e ultim ate tool fo r wehsite ripping

001W Mai

0 12KES

FIGURE 2.21: Webripper screenshot

M o d u le

02 P a g e 146

E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s C o p y r ig h t © b y E C -C

0U n C il

A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d .


E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s

Exam

312-50 C e r t i f i e d

E t h ic a l H a c k e r

F o o t p r in t in g a n d R e c o n n a is s a n c e

W e b s i t e M i r r o r i n g T o o ls

(E H

( C o n t ’d )

Website Ripper Copier o

PageNest

‫ן‬

http://www.tensons.com

http://www.pagenest.com

Teleport Pro

Backstreet Browser

http://www.tenmax.com

http://www.spadixbd.com

Portable Offline Browser

Urt.fi•* | ttk.ul Mm Im

,__

Offline Explorer Enterprise

http://www.metaproducts.com

http://www.metaproducts.com

Proxy Offline Browser

GNU Wget

http://www.proxy-offline-browser.com

http://www.gnu.org

iMiser http://internetresearchtool.com

«

Hooeey Webprint

I 2‫־‬A Z J

http://www.hooeeywebprint.com

Copyright © by EG-G*ancil. All Rights Reserved. Reproduction is Strictly Prohibited.

W In

e b s i t e a d d itio n

M to

i r r o r i n g

th e

w e b s ite

T o o l s

m irro rin g

( C to o ls

o n t ’ d ) m e n tio n e d

p re v io u s ly ,

a fe w

m o re

w e ll-

k n o w n to o ls a re m e n tio n e d as fo llo w s : 9

W e b is te R ip p e r C o p ie r a v a ila b le a t h t t p : / / w w w . t e n s o n s . c o m

£

T e le p o r t P ro a v a ila b le a t h t t p : / / w w w . t e n m a x . c o m

©

P o rta b le O fflin e B r o w s e r a v a ila b le a t h t t p : / / w w w . m e t a p r o d u c t s . c o m

Q

P ro x y O fflin e B r o w s e r a v a ila b le a t h t t p : / / w w w . p r o x y - o f f lin e - b r o w s e r . c o m

Q

iM is e r a v a ila b le a t h t t p :/ / in t e r n e t r e s e a r c h t o o l.c o m

©

P a g e N e s t a v a ila b le a t h t t p : / / w w w . p a g e n e s t . c o m

0

B a c k s tre e t B r o w s e r a v a ila b le a t h t t p : / / w w w . s p a d ix b d . c o m

©

O fflin e E x p lo re r E n te rp ris e a v a ila b le a t h t t p : / / w w w . m e t a p r o d u c t s . c o m

9

G N U W g e t a v a ila b le a t h t t p : / / w w w . g n u . o r g H o o e e y W e b p r in t a v a ila b le a t h t t p : / / w w w . h o o e e y w e b p r in t . c o m

M o d u le

02 P a g e 147

E t h i c a l H a c k i n g a n d C o u n t e r m e a s u r e s C o p y r i g h t © b y E C - C O U I I C il A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d .


E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s

Exam

312-50 C e r t i f i e d

E t h ic a l H a c k e r

F o o t p r in t in g a n d R e c o n n a is s a n c e

Copyright Š by EG-G(IIIICil. All Rights Reserved. Reproduction is Strictly Prohibited.

E

I

---------------A rc h iv e

E x t r a c t h t t p :7 / w

W w

e b s i t e w

I n f o r m

a t i o n

f r o m

. a r c h i v e . o r g

is a n I n t e r n e t A r c h i v e W a y b a c k M a c h i n e t h a t a l l o w s y o u t o v i s i t a r c h i v e d v e r s i o n s o f

w e b s ite s . T h is a llo w s y o u t o g a t h e r in f o r m a t io n o n a c o m p a n y 's w e b p a g e s s in c e t h e ir c r e a tio n . As th e w e b s ite w w w .a r c h iv e .o r g ke e p s tra c k o f w e b p ages fr o m

th e tim e o f th e ir in c e p tio n , y o u

can re trie v e e v e n in fo rm a tio n th a t has b e e n re m o v e d fr o m th e ta r g e t w e b s ite .

M o d u le

02 P a g e 148

E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s C o p y r ig h t Š b y E C -C

0U n C il

A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d .


E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s

Exam

312-50 C e r t i f i e d

E t h ic a l H a c k e r

F o o t p r in t in g a n d R e c o n n a is s a n c e

~ ‫\~כ‬ »‫־־‬wayback.arch1vc.org'.)C

!‫' ' וו‬

ii

‫ ־‬: rosottxon

‫!■י י‬http://microsoft.com

\ J!" *

G o W a y to a c k l

1».h

t

3

7 8

9 1•

14

15

13

14 15

16 17

131415‫־‬517 18

10

11 12 13

19 J0j21

22

20

21 22 23 24

20 212223 24 25

17

18 19 20

21 22

23

23 24 25 26 ‫׳‬7 28 29

27

28

2758293•

24

23 26 27‘

28 29

30

9

10 11

16 17

18

12 13

30

31

1

23

9 1 0 )1 1

ft

7

9

10 11 12 14 15 16

MAY

45

6

7

12

13

14

5

<

10

11

12

13 14 15 16

17

18

10

19

20 21 ?2 2)

)4

25

17

26

27 28 29 3«

24

15

16 17

18 19

20

21

22

23 24

26 26

27

28

29

30 31

ft

7

8

101112 11 12 13

U

15

16

14

15

16 171919

1• 1® 20

21

22

23

31

22

23 24252»

75 26 27

2•

29

30

?8

29

30 31

FIGURE 2 .2 2 : In te r n e t A rc h iv e W a y b a c k M a c h in e s c re e n s h o t

M o d u le

02 P a g e 149

E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s C o p y r ig h t © b y E C -C

0U n C il

A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d .


E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s

Exam

312-50 C e r t i f i e d

E t h ic a l H a c k e r

F o o t p r in t in g a n d R e c o n n a is s a n c e

MonitoringWebUpdates Using WebsiteWatcher W ebsite W atcher auto m a tica lly checks w eb pages fo r updates and changes

1

[ *

WebSite-Watcher 2012(112) goot/narks £h«ck Took Jcnpt

Qptioni

y*ew fcjelp

a|

.cockmartcwsw.

28 days available

Byy Now

‫ם‬

j

♦l₪l^ rs

change SignIn http:Vww1At.hotmail.com fAcrosoft Corpotatioru Software ... http://www.rn!uoicft com 2012-07-18 1&2&22 —WebS«»e-Watch«f - Download http-7/www a^necom'dovmlea 200®-10-07 15515-27 WebSrte-Watcher - Support Forum http:/‫»'׳‬vww.a gne .com'fo»v»n'1 - 20CS-10-C7 15744:4s

11

Statu* Warning: wtiole content _ CK. mibafccril Redirection OK CK.php882 Plugin ptoCm.

1

e. Slay In

W e b S ite - W a tc h e H chpp

rpjjuw

Scfp^rwhot*;

Last check 15:1-4 2012-07-18 16:2*33 2008-10-07 15:4*30 2008-10-07 15:44:49

VWo<

Cown<o.*d'.

Buy Now

Siionoft

Download W rbSite-W alctwr WnbSlte• Wrtt< h r r 4 .4? I D o w lo ai | (4.3 *6)

21-hit• 00‫•ג‬

|w > rrf | ( o MB)

1

Sy«»‫׳‬n: MTintx/MaftfTA/2000/200VXP/Vteta V»fc an Hrnlcyy

I

Ifr«J insta■•««‫»*׳‬or. do ne< unanslal your •Jutfioflcopy o WebS**-W*tch«r -)‫״‬St install0

Page

T«t

Analyse

h ttp : //a ig n e s .c o m

Copyright © by EG-Gllincil. All Rights Reserved. Reproduction is Strictly Prohibited.

M

o n i t o r i n g

W

e b

U p d a t e s

U s i n g

W

e b s i t e

W

a t c h e r

S o u rce : h ttp ://w w w .a ig n e s .c o m W e b s i t e W a t c h e r is u s e d t o an

u p d a te

or change

k e e p tr a c k o f w e b s ite s f o r u p d a te s a n d a u to m a tic c h a n g e s . W h e n

o cc u rs , W e b s ite

W a tc h e r a u to m a tic a lly

d e te c ts

and

saves th e

la s t t w o

v e r s i o n s o n t o y o u r d i s k , a n d h i g h l i g h t s c h a n g e s i n t h e t e x t . I t is a u s e f u l t o o l f o r m o n i t o r i n g s i t e s t o g a in c o m p e t i t i v e a d v a n t a g e . B e n e fits : F re q u e n t

m anual

c h e c k in g

of

u p d a te s

is

not

re q u ire d .

W e b s ite

W a tc h e r

can

a u to m a tic a lly

d e te c t a n d n o tify u s e rs o f u p d a te s : Q

It a llo w s y o u t o

know

w h a t y o u r c o m p e tito r s a re d o in g

b y s c a n n in g y o u r c o m p e t it o r s ‫׳‬

w e b s ite s ©

T h e s ite ca n k e e p tr a c k o f n e w s o f t w a r e v e rs io n s o r d r iv e r u p d a te s

©

It s t o r e s im a g e s o f t h e m o d i f i e d w e b s i t e s t o a d is k

M o d u le

02 P a g e 150

E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s C o p y r ig h t © b y E C -C

0U n C il

A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d .


E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s

Exam

312-50 C e r t i f i e d

E t h ic a l H a c k e r

F o o t p r in t in g a n d R e c o n n a is s a n c e

FIGURE 2.23: W e b site w a tch e r m o n ito rin g w e b updates

M o d u le

02 P a g e 151

E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s C o p y r ig h t Š b y E C -C

0U n C il

A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d .


E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s

Exam

312-50 C e r t i f i e d

E t h ic a l H a c k e r

F o o t p r in t in g a n d R e c o n n a is s a n c e

Footprinting Methodology Footprinting through Search Engines

WHOIS Footprinting

Website Footprinting

DNS Footprinting

Email Footprinting

Network Footprinting

Competitive Intelligence

Footprinting through Social Engineering

Footprinting using Google

Footprinting through Social Networking Sites

CEH

Copyright Š by EG-G(IIIICil. All Rights Reserved. Reproduction is Strictly Prohibited.

F o o t p r i n t i n g

M

e t h o d o l o g y

So f a r w e h a v e d is c u s s e d F o o t p r in tin g t h r o u g h s e a rc h e n g in e s a n d w e b s it e f o o t p r in t in g , t h e t w o in itia l p h a s e s o f f o o t p r i n t i n g m e t h o d o l o g y . N o w w e w ill d is c u s s e m a i l f o o t p r i n t i n g .

WHOIS Footprinting

DNS Footprinting

Network Footprinting Footprinting th ro u g h Social Engineering Footprinting th ro u g h Social Networking Sites

T h is

s e c tio n

d e s c rib e s

how

to

tra c k

e m a il c o m m u n ic a tio n s ,

how

to

c o lle c t in fo r m a tio n

fro m

e m a il h e a d e rs , a n d e m a il tr a c k in g to o ls .

M o d u le

02 P a g e 152

E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s C o p y r ig h t Š b y E C -C

0U n C il

A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d .


E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s

Exam

312-50 C e r t i f i e d

E t h ic a l H a c k e r

F o o t p r in t in g a n d R e c o n n a is s a n c e

Tracking Email Communications c Eh

\ tm

(•ttifwtf 1 lt»K4l IlM

J

J

Attacker tracks email to gather info rm a tio n ab o ut the physical location o f an in d ivid u a l to perform social engineering th a t in tu rn may help in m apping ta rg e t organization's n e tw o rk Email tracking is a m ethod to m o n ito r and spy on th e delivered em ails to the intended recipient

When the email was received and read GPS location and map of the recipient

Set messages to expire after a specified time

Track PDF and other types of attachments

Time spent on reading the emails

Whether or not the recipient it visited any links sent to them

Copyright © by EG-G(IIIICil. All Rights Reserved. Reproduction is Strictly Prohibited.

T r a c k i n g

E

m

a i l

C

o m

m

u n i c a t i o n s

E m a i l t r a c k i n g is a m e t h o d t h a t h e l p s y o u t o m o n i t o r a s w e l l a s t o t r a c k t h e e m a i l s o f a p a r t i c u l a r u s e r . T h i s k i n d o f t r a c k i n g is p o s s i b l e t h r o u g h d i g i t a l l y t i m e s t a m p e d r e c o r d s t o r e v e a l th e

tim e

and

d a te

a p a rtic u la r

e m a il

was

re c e iv e d

or opened

by th e

ta rg e t.

A

lo t

o f e m a il

t r a c k i n g t o o l s a r e r e a d i l y a v a i l a b l e in t h e m a r k e t , u s i n g w h i c h y o u c a n c o l l e c t i n f o r m a t i o n s u c h a s IP a d d r e s s e s , m a i l s e r v e r s , a n d s e r v i c e p r o v i d e r f r o m use th is

in fo rm a tio n

to

b u ild

th e

h a c k in g

s tra te g y .

w h ic h th e m a il w a s s e n t. A tta c k e rs can

E x a m p le s

o f e m a il tra c k in g

to o ls

in c lu d e :

e M a ilT r a c k e r P r o a n d P a ra b e n E -m a il E x a m in e r. B y u s in g e m a il t r a c k in g t o o ls y o u c a n g a t h e r t h e f o llo w in g in f o r m a t io n a b o u t t h e v ic tim :

Geolocation:

E s tim a te s a n d d is p la y s t h e

lo c a tio n

o f th e

re c ip ie n t o n th e

m ap and m ay

e v e n c a lc u la te d is ta n c e f r o m y o u r lo c a tio n .

‫׳‬-

Read duration:

T h e d u ra tio n o f tim e s p e n t b y th e re c ip ie n t o n re a d in g th e m a il s e n t b y

th e se n d er.

‫׳‬-

Proxy detection:

Q Links:

P ro v id e s in f o r m a t io n a b o u t t h e t y p e o f s e rv e r u s e d b y t h e r e c ip ie n t.

A llo w s y o u to

check w h e th e r th e

lin k s s e n t t o t h e

re c ip ie n t th ro u g h

e m a il h a ve

b e e n c h e c k e d o r n o t.

M o d u le

02 P a g e 153

E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s C o p y r ig h t © b y E C -C

0U n C il

A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d .


E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s

Exam

312-50 C e r t i f i e d

E t h ic a l H a c k e r

F o o t p r in t in g a n d R e c o n n a is s a n c e

' ' Operating system: th e

re c ip ie n t.

The

T h is r e v e a ls in f o r m a t io n a b o u t t h e t y p e o f o p e r a t in g s y s te m a tta c k e r

can

use

th is

in fo rm a tio n

to

la u n c h

an

a tta c k

by

used by fin d in g

l o o p h o l e s in t h a t p a r t i c u l a r o p e r a t i n g s y s t e m .

Q Forward email:

W h e th e r o r n o t th e

e m a il s e n t t o y o u

is f o r w a r d e d

to

a n o th e r p e rs o n

c a n b e d e t e r m in e d e a s ily b y u s in g th is to o l.

M o d u le

02 P a g e 154

E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s C o p y r ig h t Š b y E C -C

0U n C il

A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d .


E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s

Exam

312-50 C e r t i f i e d

E t h ic a l H a c k e r

F o o t p r in t in g a n d R e c o n n a is s a n c e

Collecting Information from Email Header

CEH

D e liv o r e d - T o : _ @ g m a il.c o m The a d d re ss from w hich R e c e i v e d : b y 1 0 . 1 1 2 . 3 9 . 1 6 7 w i t h SMTP i d q 7 c j th e m essage w as sent F r i , 1 Ju n 2012 2 1 :2 4 :0 1 R e t u r n - P a t h : < ‫ •*״‬- e r m a @ g m a il.c o m > R e c e iv e d - S P F : p a s s ( g o o g le .c o m : d o m a in o f ‫־‬d e s i g n a t e s 1 0 . 2 2 4 . 2 0 5 . 1 3 7 s e n d e r ) c l i e n t ‫ ־‬i p = 1 0 . 2 2 4 . 2 0 5 . 377 S en d er's m ail server A u t h e n t i c a t i o n - R e s u l t s : |m ^ g o o g ^ ^ ^ o mm j3 | 1 0 .2 2 4 .2 0 5 .1 3 7 a s p e r m i ^ ? ? ^ SratpTml^H fc m ; d k i m = p a s s h e a d e r . i« ;_ •»«-*.. * rm a @ g m a il.c o m R e c e iv e d : fr o m r a r .g o o g le .c o m ([ 1 0 .2 2 4 .2 0 5 .1 3 7 ] ) D a t e a n d t im e re c e iv e d !h Y w ir.h SMTP Iri f r » ^ . . n ^ 8 5 7 0 q a b . 3 9 .1 3 1 b y t h e o r ig in a to r 's I F r i , 01 J u n 2Q 12 2 1 ; 2 4 : Q Q - 0 7 0 0 ( P D T )I —

-OTOOif^

a s p e rm itte d

1

email servers d = gm a 1 1 . c o m ; 3 = 2 0 1 2 0 1 1 3 ; h -m im e -v e rs io n : i n - r e p l y - t o : A u th e n tic a t io n s y s te m e c t : fro m :to : c o n te n t- ty p e ; used by sender's b h = T G E I P b 4 ti 7 g f Q G + g h h 7 0 k P j k x + T t / iA C lfl mail server b —K g u Z L T L fg 2 + Q Z X z Z K e x lN n v R c n D /‫־‬t‫־‬P 4 ‫־‬t-Nkl !2P-t ‫־‬75MxDR8 b1PK3eJ3U f/C saB ZW r>TTO X LaK O A G rP3B O t92M CZFxeU U Q 9uw L/xH A I.SnkoU TF.EA K G qO C 0 d 9 h D 5 9 D 3 0 X l8 K A C 7 Z m k b lG z X m V 4 D lW ffC L 8 9 4 R d H B O U o M zR w O W W Iib 9 5 a ll3 8 cq tlfP Z hrW F K h 5 x S n Z X sE 7 3 x Z P E Y zp 7 y ee C e Q u Y H Z N G slK x c0 7 x Q je Z u w + H W K /v R 6 x C h D Ja p Z 4 K 5 Z A fY Z m kIkF X + V dL Z qu7Y G F zy60H cuP 16y3/C 2fX H V d3uY < ‫ ״‬n M T /y e c v h C V 0 8 0 g 7 F K t6 /K z w -■ M I M E - V e r a io n : 1 . 0

R e c e iv e d ; b y 1 0 .2 2 4 .2 0 5 .1 3 7 w i t h SMTP i d fq9;

1040318;

F r i , 01 J u n 2 0 1 2 2 1 : 2 4 : 0 0 - 0 7 0 0 (PDT) R e c e i v e d : b y 1 0 . 2 2 9 . 2 3 0 . 7 9 w i t h HTTP; F r i I n - R e p l y - T o : <C A O Y W A T T lzdD X E 308D 2rhiE 4B er

A u n iq u e n u m b e r a s sig ne d

l.c o m >

. ‫־'חזי־׳'־׳‬.

Refer^aa » f aranrai • ( f anYHftTT 1rrinytr Infi n? rh i Fif■

j

D a te

b m .google.com to

'

itify them e:

nO’-E M JcgfgX + m U f j B t t 2 s y 2 d X A 0 m a i l . g m a i l .co m > ‫ ן‬o;1LUTIONS : : : ■ e r m a 6 g m a il.c o m > ‫ץ‬

u b j ‫— —ן‬

\ l . com ,

S en d er's fu ll n am e

‫) ־‬LUTIONS <

r 0 y a h o o .c o m >

Copyright © by EG-G(IIIICil. All Rights Reserved. Reproduction is Strictly Prohibited.

C An

o l l e c t i n g e m a il

header

I n f o r m is t h e

a t i o n

in fo rm a tio n

f r o m th a t

E

m

a i l

H e a d e r s

tra v e ls

w ith

e v e ry

e m a il.

It c o n t a i n s

th e

d e ta ils o f th e s e n d e r, r o u tin g in f o r m a t io n , d a te , s u b je c t, a n d re c ip ie n t. T h e p ro c e s s o f v ie w in g th e e m a il h e a d e r v a rie s w it h d iffe r e n t m a il p ro g ra m s . C o m m o n ly u s e d e m a il p ro g ra m s : ©

S m a rte rM a il W e b m a il

©

O u tlo o k E xp re ss 4 -6

e

O u tlo o k 2 0 0 0 -2 0 0 3

e

O u tlo o k 2 0 0 7

©

E u d o ra 4 .3 /5 .0

©

E n to u ra g e

©

N e ts c a p e M e s s e n g e r 4 .7

©

M a c M a il

T h e f o l l o w i n g is a s c r e e n s h o t o f a s a m p l e e m a i l h e a d e r .

M o d u le

02 P a g e 155

E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s C o p y r ig h t © b y E C -C

0U n C il

A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d .


E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s

Exam

312-50 C e r t i f i e d

E t h ic a l H a c k e r

F o o t p r in t in g a n d R e c o n n a is s a n c e

D e liv e r e d - T o : 8 .-»-»» ■«» !»«‫׳‬g ma i l . c o m R e c e iv e d : b y 1 0 . 1 1 2 . 39". 1 6 7 w i t h SMTP i d q 7 c s p 4 8 9 4 1 2 1 b k ; F r i , 1 J u n 2 0 1 2 2 1 : 2 4 : 0 1 - 0 7 0 0 (PDT) R e t u r n - P a t h : < »•-— - e r m a @ g m a il.c o m > R e c e iv e d - S P F : p a s s ( g o o g l e . c o m : d o m a in o f ■ 1 e n n a 0 g m a il.c o m d e s i g n a t e s 1 0 . 2 2 4 . 2 0 5 . 1 3 7 a s p e r m i t t e d s e n d e r) c li e n t - i p = 1 0 . 2 2 A u t h e n t i c a t i o n - R e s u l t s : p n r 7 g o o g l^ ^ o m » J 3 p f - p a 3 3 ( g o o g l e . c o m : d o m a in o f e r m a 8 g m a il. c o m d e s i g n a t e s 1 0 .2 2 4 .2 0 5 .1 3 7 a s p e r m it te d s e n a e rj s mt p . ma i l 3 - ‫ ׳ ־‬r m a g g m a i l . c o m ; d k im = p a s s h e a d e r. i= ; ? r m a 8 g m a il.c o m R e c e iv e d : f r o m m r . g o o g l e . c o m ( [ 1 0 . 2 2 4 . 2 0 5 . 1 3 7 ] ) h v i n . ? ? < 7 ‫ ו‬. ?>‫ ו‬5 - ‫ ר ו‬w i n , s m t p in ^ , 0 ^ < ; 7 8 » ; 7 0 ^ . ‫<>ר‬. 1 ‫ * « ר ר‬1 1 )‫ ו‬4 0 7 7 ‫( ר‬n u m _ h o p s = 1 ) ; | F n , 01 J u n 2 0 1 2 2 1 : 2 4 : 0 0 - 0 7 0 0 ( P D T )! D K I M - S ig n a t u r e : v = l / l ^ ^ r s a - s h a ^ ^ o / J c = r e l a x e d / r e l a x e d ; d= g m a i 1 . c o m ; ? 1 h = m im e - v e r s io n : in - r e p ly - t o : r e fe r e n c e s : d a t e : m e s s a g e - id : s u b je c t : f r o m : to :c o n te n t- ty p e ; b h = T G E IP b 4 ti7 g fQ G + g h h 7 0 k P jk x 4 T t/iA C lP P y W m N g Y H c = ; b ‫ ־‬K g u Z L T L fg 2 + Q Z X z Z K e x lN n v R c n D /+ P 4 + N k 5 N K S P tG 7 u H X D s fv /h G H 4 6 e 2 F + 7 5 M x D R 8 b lP K 3 e J 3 U f/C s a B Z W D IT O X L a K O A G rP 3 B O t9 2 M C Z F x e U U Q 9 u w L /x H A L S n k e U IE E e K G q O C o a 9 h D 5 9 D 3 o X I8 K A C 7 Z m k b lG z X m V 4 D lW ffC L 8 9 4 R a M B 0 U o M z R w 0 W W Iib 9 5 a lI3 8 c q tlfP Z h rW F K h 5 x S n Z X s E 7 3 x Z P E Y z p 7 y e c C e Q u Y H Z N G s lK x c 0 7 x Q je Z u w + H W K /v R 6 x C h D J a p Z 4 K5 Z A f Y Z m k I k F X -V d L Z q u Y G F z y H c u P l6 y S / C 2 fX H V d s u Y a m M T /y e c v h C V o 8 0 g 7 F K t 6 /K z w M I M E - V e r s io n : 1 . 0 R e c e iv e d : b y 1 0 . 2 2 4 . 2 0 5 . 1 3 7 w i t h SMTP i d f q 9 m r 6 7 0 4 5 8 6 q a b . 3 9 . 1 3 3 8 6 1 1 0 4 0 3 1 8 ; F r i , 01 J u n 2 0 1 2 2 1 : 2 4 : 0 0 - 0 7 0 0 (PDT) R e c e iv e d : b y 1 0 . 2 2 9 . 2 3 0 . 7 9 w i t h H T T P ; F r i , 1 J u n 2 0 1 2 2 1 : 2 3 : 5 9 - 0 7 0 0 (PDT) I n - R e p l y - T o : < C A O Y W A T T lz d D X E 3 o 8 D 2 r h iE 4 B e r2 M tV 0 u h r o 6 r 4 7 M u 7 c 8 u b p 8 E g @ m a il.g m a il.c o m > R e f e r o f l £ g a ^ ^ £ £ 2 i j i £ 2 £ l £ d f i J S £ 2 a 2 £ 2 i J i ^ 4 ^ e r 2 M tV O u h r o 6 r + 7 M u 7 c 8 u b p 8 E g 0 m a il. g m a i l . com > D a te : | S a t, 7 Jun 201? 0 9 :5 3 :5 9 40530 1 M e s s a g e - i t : <(!:A M ivo X 'fl !1cf£1‫־‬n £ 'w !iW < i5 z ih N n O - E M J c g fg X + m U fj B _ t t 2 s y 2 d X A 0 m a i l . g m a i l . com > S u b je j^ ^ ii‫_ ״‬ _ _ ji* ,_ 0 L U T I0 N S : : : F r o m :| ■■ ~ M ir z a |< ‫״‬- • - e r m a p g m a il. com > To: i f t s a m a i i . c om , • 1LU TI0N S < • •- * - - ‫־‬ - t i o n s 8 g m a i l. c o m > , — ... ■■ 1‫־‬ ■ a A k e r 8 y a h o o .c o m > ,

0120 1

4

7

60

^ <tm

FIGURE 2.24: Email header screenshot T h is e m a il h e a d e r c o n ta in s t h e f o llo w in g in f o r m a t io n : e

S e n d e r's m a il s e rv e r

e

D a ta a n d t im e re c e iv e d b y th e o r ig in a to r 's e m a il s e rv e rs

e e e e e e

A u t h e n t ic a tio n s y s te m u s e d b y s e n d e r 's m a il s e rv e r D a ta a n d t im e o f m e s s a g e s e n t A u n iq u e n u m b e r a s s ig n e d b y m r .g o o g le .c o m t o id e n t if y t h e m e s s a g e S e n d e r's fu ll n a m e S e n d e r s IP a d d r e s s T he a d d re ss fr o m

w h ic h th e m e s s a g e w a s s e n t

T h e a t t a c k e r c a n t r a c e a n d c o l l e c t a ll o f t h i s i n f o r m a t i o n b y p e r f o r m i n g a d e t a i l e d a n a l y s i s o f t h e c o m p le te e m a il h e a d e r.

M o d u le

02 P a g e 156

E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s C o p y r ig h t © b y E C -C

0U n C il

A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d .


E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s

Exam

312-50 C e r t i f i e d

E t h ic a l H a c k e r

F o o t p r in t in g a n d R e c o n n a is s a n c e

CEH

E m a i l T r a c k i n g T o o ls Email Lookup - Free Email Tracker T r a c e E m a il - T r a c k E m a il

Email Header A n a ly sis

IP Address: 72.52.192 147 (host.marhsttanrrediagroup.con) IP Address Country: Unred States ip continent north America IP Address City Location: Lansing IP Address Region: Michigan IP Address Latitude: *2.7257. IP Address longtitude: -84.636 Organ i ra t on: So jrcoDNS

tm aii Lookup wap (sn o w n id e ) M ap

Satellite

Bath Charter Township

Email Metrics

O on d

*w

‫־‬-

* ( f t

Lansing

E03t Lansing

/

I‫־‬

! ! ! ! ! ! ! ! I I j !.! ! f I ! I I ! 1 1 1 ‫י‬

IVac dfeta 82012 Gooole - Terms of Use Report a map e

E m a il L o o k u p - F re e E m a il T ra c k e r (http://www.ipaddresslocation.org)

P o lit e M a il (http://www.politemail.com)

Copyright © by EG-G(l1ncil. All Rights Reserved. Reproduction is Strictly Prohibited.

E

m

E m a il

a i l

T r a c k i n g

tra c k in g

to o ls

T o o l s

a llo w

you

to

tra c k

an

e m a il

and

e x tra c t

in fo rm a tio n

such

as

s e n d e r i d e n t i t y , m a i l s e r v e r , s e n d e r ' s IP a d d r e s s , e t c . Y o u c a n u s e t h e e x t r a c t e d i n f o r m a t i o n t o a tta c k t h e t a r g e t o r g a n iz a tio n 's s y s te m s b y s e n d in g m a lic io u s e m a ils . N u m e r o u s e m a il tr a c k in g t o o l s a r e r e a d i l y a v a i l a b l e in t h e m a r k e t . T h e f o llo w in g a re a f e w c o m m o n ly u s e d e m a il tr a c k in g to o ls :

e M a ilT r a c k e r P r o S o u rce : h ttp ://w w w .e m a iltra c k e r p ro .c o m e M a i l T r a c k e r P r o is a n e m a i l t r a c k i n g t o o l t h a t a n a l y z e s e m a i l h e a d e r s a n d r e v e a l s i n f o r m a t i o n s u c h a s s e n d e r ' s g e o g r a p h i c a l l o c a t i o n , IP a d d r e s s , e t c . I t a l l o w s y o u t o

r e v ie w t h e tr a c e s la te r

b y s a v in g a ll p a s t t r a c e s .

M o d u le

02 P a g e 157

E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s C o p y r ig h t © b y E C -C

0U n C il

A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d .


E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s

Exam

312-50 C e r t i f i e d

E t h ic a l H a c k e r

F o o t p r in t in g a n d R e c o n n a is s a n c e

«M*fTrKtfT*o v9Qh Advanced {(Woiv Tnjl a»y 3 of

M

• n*r» s M KTT» mt*•( n*van( on‫ »*ז‬vyv•**• (tt*

po^ndotftf) • ntrtiiwHTmMn*( 18382 14 17 12« 240 ‫ ע ב‬t 18087 385 80 231 217 17 80231217 2 80 231 2006 80 231 91 X 80 231 1382

m

(frt*e*l

*22

Teu arc <a day J ( *•1‫ צ‬4‫ « י‬in*.

V0M<M«<•w

!•jomnf on Mm (tkt port nctoM<A ■ T*#f• n no w nw n m ■ ! ontMt (t»» port «

1‫ ז ? ד‬. ‫ ג נ » י‬.‫ י‬STATIC w l M(Ot01 1‫* ׳ ׳‬. >.-0■'00 •-cor.‫ ו‬M.V-Mx'** MUU Mt Mjrrfe* M t lc « 1 *‫ ׳‬WYfttMar*•** mMS3 ‫»*״‬ *2 2 lc««2 W lN lto M * * M 3 mi u m Sh m < ♦21c«*2SV» *!>*»■«»» m M O w l(M t •*&•» ‫ «•״‬KMM »‫ ׳‬v * H

n793

Ooitiim *

• * v x aito U flU O'*« (»'<***••"

cJrp out of (M*. 10| « ttnKw* dala b m OOJlCt

FIGURE 2.25: eM ailTrackerP ro show ing geographical lo ca tio n o f sender

P o lit e M

a il

S o u rce : h ttp ://w w w .p o lite m a il.c o m P o l i t e M a i l is a n e m a i l t r a c k i n g t o o l f o r O u t l o o k . I t t r a c k s a n d

p ro v id e s c o m p le te

w h o o p e n e d y o u r m a il a n d w h ic h d o c u m e n t has b e e n o p e n e d , as w e ll as w h ic h c lic k e d

and

re a d .

It

o ffe rs

m a il

m e rg in g ,

s p lit

te s tin g ,

and

fu ll

lis t

d e ta ils a b o u t lin k s a re b e in g

m anagem ent

in c lu d in g

s e g m e n t in g . Y o u c a n c o m p o s e a n e m a il c o n t a i n i n g m a l ic io u s lin k s a n d s e n d it t o t h e e m p lo y e e s o f t h e t a r g e t o r g a n iz a t io n a n d k e e p t r a c k o f y o u r e m a il. If t h e e m p l o y e e c lic k s o n t h e lin k , h e o r s h e is i n f e c t e d

and you

w ill b e

n o tifie d . T hu s, y o u

c a n g a in c o n t r o l o v e r t h e

s y s te m

w ith

th e

h e lp o f th is to o l.

FIGURE 2.26: P o litem ail screenshot

NIC

E m

a il L o o k u p

-

F r e e

E m

a il T r a c k e r

W W W

S o u rce : h ttp ://w w w .ip a d d r e s s lo c a tio n .o rg

M o d u le

02 P a g e 158

E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s C o p y r ig h t © b y E C -C

0l 1n C i l

A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d .


E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s

Exam

312-50 C e r t i f i e d

E t h ic a l H a c k e r

F o o t p r in t in g a n d R e c o n n a is s a n c e

E m a i l L o o k u p is a n e m a i l t r a c k i n g t o o l t h a t d e t e r m i n e s t h e IP a d d r e s s o f t h e s e n d e r b y a n a l y z i n g th e

e m a il h e a d e r. Y ou can c o p y a n d

p a s te th e

e m a il h e a d e r in to th is e m a il tra c k in g to o l a n d

s ta r t tr a c in g e m a il.

M o d u le

02 P a g e 159

E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s C o p y r ig h t Š b y E C -C

0U n C il

A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d .


E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s

Exam

312-50 C e r t i f i e d

E t h ic a l H a c k e r

F o o t p r in t in g a n d R e c o n n a is s a n c e

E m a il L o o k u p - F re e

E m a il T ra c k e r

T ra c e E m a il • T ra c k E m a il

Email Header Analysis IP Address: 72.52.192.147 (host manhattanmed1agroup.com) IP Address Country: United States fe i IP Continent: North America IP Address City Location: Lansng IP Address Region: Michigan IP Address Latitude: 42 7257, IP Address Longtitude: -84 636 Organization: SourceDNS Email Lookup Map (show/hide)

FIGURE 2 .2 7 : E m ail L o o k u p S c re e n s h o t

M o d u le

02 P a g e 160

E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s C o p y r ig h t © b y E C -C

0l 1n C i l

A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d .


E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s

Exam

312-50 C e r t i f i e d

E t h ic a l H a c k e r

F o o t p r in t in g a n d R e c o n n a is s a n c e

CEH

E m a i l T r a c k i n g T o o ls ( C o n t ’d )

Read N o tify http://www.readnotify, com

© '—

P o in to fm a il http://www.pointofmail.com

S u p e r Em ail M a rk e tin g

D id T h e yR e a d lt http://www.didtheyreadit. com

S o ftw a re http://www.bulk-email-marketing-software.net

S '/

Trace Em ail http://whatism yipaddress. com

W hoR eadM e http://whoreadme.com

MSGTAG http://www.msgtag.com

G e tN o tify h ttn ■ / / iajiaj\aj nt>\ http://www.getnotify.com

Z e n d io http://www.zendio.com

'

a

J J S >

G -Lock A n a ly tic s http://glockanalytics.com

m

Copyright © by EG-G(IIIICil. All Rights Reserved. Reproduction is Strictly Prohibited.

E

m

a i l

M

T r a c k i n g

R e a d

---------

T o o l s

( C

o n t ’ d )

N o t if y

S o u rce : h ttp ://w w w .r e a d n o tify .c o m

R e a d N o t i f y p r o v i d e s a n e m a i l t r a c k i n g s e r v i c e . I t n o t i f i e s y o u w h e n a t r a c k e d e m a i l is o p e n e d , re -o p e n e d , o r fo rw a rd e d . d e liv e r y d e ta ils , d a te

Read

a n d tim e

l o c a t i o n , IP a d d r e s s o f t h e

N o tify tra c k in g

re p o rts c o n ta in

o f o p e n in g , g e o g ra p h ic lo c a tio n

re c ip ie n ts , r e fe r r e r d e ta ils

in fo rm a tio n

su ch as c o m p le te

o f r e c ip ie n t, v is u a liz e d

(i.e ., if a c c e s s e d v ia w e b

m ap of

e m a il a c c o u n t

e tc .), e tc .

^

D id T h e y R e a d lt S o u rce : h ttp ://w w w .d id th e y r e a d it.c o m

D i d T h e y R e a d l t is a n e m a i l t r a c k i n g u t i l i t y . I n o r d e r t o u s e t h i s u t i l i t y y o u n e e d t o s i g n u p f o r a n a c c o u n t.

Then

you

need

a d d re ss.

F o r e x a m p le ,

to

if y o u

add w e re

e lle n @ a o l.c o m .D id T h e y R e a d lt.c o m

".D id T h e y R e a d lt.c o m " s e n d in g

an

e -m a il to

to

th e

end

o f th e

r e c ip ie n t's

e -m a il

e lle n @ a o l.c o m , y o u 'd ju s t s e n d

in s te a d , a n d y o u r e m a il w o u ld

it t o

be tra c k e d , e lle n @ a o l.c o m

w o u ld n o t s e e t h a t y o u a d d e d .D id T h e y R e a d lt.c o m t o h e r e m a il a d d re s s . T h is u t ilit y tr a c k s e v e r y e m a il t h a t y o u s e n d in v is ib ly , w i t h o u t a l e r t i n g t h e r e c i p i e n t . If t h e u s e r o p e n s y o u r m a il, t h e n it

M o d u le

02 P a g e 161

E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s C o p y r ig h t © b y E C -C

0U n C il

A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d .


E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s

Exam

312-50 C e r t i f i e d

E t h ic a l H a c k e r

F o o t p r in t in g a n d R e c o n n a is s a n c e

in fo rm s

you

when

your

m a il

was

opened,

how

lo n g

your

e m a il

re m a in e d

open,

and

th e

g e o g r a p h ic lo c a tio n w h e r e y o u r e m a il w a s v ie w e d .

T r a c e E m a il S o u rce : h ttp ://w h a tis m y ip a d d re s s .c o m T h e T ra c e E m a il to o l a t t e m p t s t o

lo c a te th e

so u rce

IP a d d r e s s o f a n e m a i l b a s e d o n t h e

h e a d e rs . Y o u ju s t n e e d to c o p y a n d p a s te th e fu ll h e a d e rs o f th e ta r g e t e m a il in to th e

e m a il

H e a d e rs

b o x a n d t h e n c lic k t h e G e t S o u rc e b u t t o n . It s h o w s t h e e m a il h e a d e r a n a ly s is a n d re s u lts . T h is E m a il h e a d e r a n a ly s is t o o l d o e s n o t h a v e t h e a b ilit y t o d e t e c t f o r g e d e m a ils h e a d e r s . T h e s e fo rg e d

e m a il

h e a d e rs

a re

com m on

in

m a lic io u s

e m a il

and

s p a m . T h is

to o l

assum es

a ll

m a il

s e r v e r s a n d e m a i l c l i e n t s in t h e t r a n s m i s s i o n p a t h a r e t r u s t w o r t h y .

M S G T A G S o u rce : h ttp ://w w w .m s g ta g .c o m MSGTAG when

is W i n d o w s

e m a il tra c k in g

y o u r e m a ils a re

opened

and

s o ftw a re when

th a t uses a read

y o u r e m a ils a re

re c e ip t te c h n o lo g y to

a c tu a lly

te ll y o u

re a d . T h is s o f t w a r e

adds a

s m a l l t r a c k a n d t r a c e t a g t h a t is u n i q u e t o e a c h e m a i l y o u n e e d d e l i v e r y c o n f i r m a t i o n f o r . W h e n t h e e m a i l is o p e n e d a n e m a i l t r a c k i n g c o d e is s e n t t o t h e M S G T A G e m a i l t r a c k i n g s y s t e m a n d a n e m a il re a d c o n fir m a tio n

is d e l i v e r e d t o y o u . M S G T A G w i l l n o t i f y y o u w h e n t h e m e s s a g e is r e a d

v ia a n e m a il e d c o n f i r m a t i o n , a p o p - u p m e s s a g e , o r a n S M S t e x t m e s s a g e .

vSW ,

Z e n d io S o u rce : h ttp ://w w w .z e n d io .c o m

Z e n d io , th e th e

e m a il tra c k in g s o ftw a r e

e m a il, so y o u

can

fo llo w

a d d -in f o r O u tlo o k , n o tifie s y o u

u p , k n o w in g

when

th e y

read

it a n d

o n c e y o u r re c ip ie n t rea d s

if t h e y

c lic k e d

on

any

lin k s

i n c l u d e d in t h e e m a i l . P o in t o f m a il S o u rce : h ttp ://w w w .p o in to fm a il.c o m P o in to fm a il.c o m tra c k s

is a p r o o f o f r e c e i p t a n d

a tta c h m e n ts ,

and

le ts

you

r e a d in g s e rv ic e f o r e m a il.

m o d ify

or

d e le te

sent

It e n s u r e s

m essages.

It

read

re c e ip ts ,

p ro v id e s

d e ta ile d

i n f o r m a t i o n a b o u t t h e r e c ip ie n t , f u ll h is t o r y o f e m a il r e a d s a n d f o r w a r d s , lin k s a n d a t t a c h m e n t s tra c k in g , e m a il, a n d w e b a n d S M S t e x t n o tific a tio n s .

3

‫יו‬

S u p e r

E m

a il M

a r k e t in g

S o ftw a r e

S o u rce : h ttp ://w w w .b u lk - e m a il- m a rk e tin g -s o ftw a r e .n e t S u p e r E m a il M a r k e t i n g

S o ftw a re

is a p r o f e s s i o n a l a n d s t a n d a l o n e

b u lk m a ile r p r o g r a m . It has

t h e a b ilit y t o s e n d m a ils t o a lis t o f a d d re s s e s . It s u p p o r t s b o t h t e x t as w e ll as H T M L f o r m a t t e d e m a il s . A ll d u p lic a t e e m a il a d d re s s e s a re r e m o v e d a u t o m a t ic a ll y b y u s in g t h is a p p lic a t io n . E ach m a i l is s e n t i n d i v i d u a l l y t o t h e r e c i p i e n t s o t h a t t h e r e c i p i e n t c a n o n l y s e e h i s o r h e r e m a i l i n t h e

M o d u le

02 P a g e 162

E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s C o p y r ig h t © b y E C -C

0U n C il

A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d .


E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s

Exam

312-50 C e r t i f i e d

E t h ic a l H a c k e r

F o o t p r in t in g a n d R e c o n n a is s a n c e

e m a il h e a d e r . It s a v e s t h e e m a il a d d re s s e s o f t h e s u c c e s s fu l s e n t m a ils as w e ll as t h e fa ile d m a ils t o a te x t, CSV, T S V o r M ic r o s o f t E xce l file .

M o d u le

02 P a g e 163

E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s C o p y r ig h t Š b y E C -C

0U n C il

A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d .


E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s

Exam

312-50 C e r t i f i e d

E t h ic a l H a c k e r

F o o t p r in t in g a n d R e c o n n a is s a n c e

W " 5 ‫©׳‬

h o R e a d M e

o u rc e : h ttp ://w h o r e a d m e .c o m

W h o R e a d M e is a n e m a i l t r a c k i n g t o o l . I t is c o m p l e t e l y i n v i s i b l e t o r e c i p i e n t s . T h e r e c i p i e n t s w i l l h a v e n o id e a t h a t t h e e m a ils s e n t t o t h e m th e re c ip ie n t o p e n s th e s y s te m

a r e b e i n g t r a c k e d . T h e s e n d e r is n o t i f i e d e v e r y t i m e

m a il s e n t b y t h e s e n d e r . It tr a c k s in f o r m a t i o n s u c h as t y p e o f o p e r a t in g

a n d b r o w s e r u s e d , A c t i v e X C o n t r o l s , CSS v e r s i o n , d u r a t i o n

b e t w e e n t h e m a ils s e n t a n d

re a d tim e , e tc .

G e t N o t if y S o u rce : h t t o : / / w w w . g e tn o tify .c o m G e t N o t i f y is a n e m a i l t r a c k i n g t o o l t h a t s e n d s n o t i f i c a t i o n s w h e n t h e r e c i p i e n t o p e n s a n d r e a d s t h e m a il. It s e n d s n o t i f i c a t i o n s w i t h o u t t h e k n o w l e d g e o f r e c i p i e n t .

I

r

G ‫־‬L o c k

‫׳ —ץ‬

S o u rce : h ttp ://g lo c k a n a ly tic s .c o m

G -L o c k A n a ly tic s

A n a ly t ic s

is a n e m a i l t r a c k i n g

s e rv ic e . T h is a llo w s y o u

e m a ils a f t e r t h e y a re s e n t. T h is t o o l r e p o r t s t o y o u h o w

to

know

w h a t happens to

your

m a n y tim e s th e e m a il w a s p rin te d a n d

fo rw a rd e d .

M o d u le

02 P a g e 164

E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s C o p y r ig h t © b y E C -C

0U n C il

A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d .


E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s

Exam

312-50 C e r t i f i e d

E t h ic a l H a c k e r

F o o t p r in t in g a n d R e c o n n a is s a n c e

Footprinting Methodology

CEH

Footprinting through Search Engines

WHOIS Footprinting

Website Footprinting

DNS Footprinting

Email Footprinting

Network Footprinting

Competitive Intelligence

Footprinting through Social Engineering

Footprinting using Google

Footprinting through Social Networking Sites

Copyright Š by EG-G(IIIICil. All Rights Reserved. Reproduction is Strictly Prohibited.

F o o t p r i n t i n g The

next phase

M

e t h o d o l o g y

in f o o t p r i n t i n g

m e th o d o lo g y

a fte r e m a il fo o t p r in t in g

is c o m p e t i t i v e

in te llig e n c e . C o m p e titiv e in te llig e n c e

is a p r o c e s s t h a t g a t h e r s , a n a l y z e s , a n d d i s t r i b u t e s i n t e l l i g e n c e

about

p r o d u c t s , c u s t o m e r s , c o m p e t i t o r s , a n d t e c h n o l o g i e s u s i n g t h e I n t e r n e t . T h e i n f o r m a t i o n t h a t is g a th e re d s e c tio n

can

h e lp

m a n a g e rs

is a b o u t c o m p e t i t i v e

and

e x e c u tiv e s

in te llig e n c e

of

a

g a th e rin g

com pany and

m ake

so u rc e s

s tra te g ic

w h e re

you

d e c is io n s .

can

T h is

g e t v a lu a b le

in fo rm a tio n .

M o d u le

02 P a g e 165

E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s C o p y r ig h t Š b y E C -C

0U n C il

A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d .


E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s

Exam

312-50 C e r t i f i e d

E t h ic a l H a c k e r

F o o t p r in t in g a n d R e c o n n a is s a n c e

Competitive Intelligence Gathering J

0

C o m p e titive in telligence is th e process o f id e n tify in g , g a th e rin g , a n a lyzing, v e rify in g , and using in fo rm a tio n a b o u t yo u r co m p e tito rs fro m resources such as th e In te rn e t

J

C o m p e titive in telligence is n o n -in te rfe rin g and s u b tle in n a tu re 0

‫ר‬

S o u rc e s of C om petitive Intelligence ♦ 1

C o m p a n y w e b site s and e m p lo y m e n t ads

6‫׳‬

Social e ng in ee ring e m p lo ye e s

2

Search engines, Internet, and o n lin e d a tab ases

7

P ro d u ct c ata lo g u e s and re ta il o u tle ts

3

Press releases a nd a n n u al re po rts

A n a ly st a nd re g u la to ry re p o rts

-

Trade jo u rn a ls, con feren ces, and ne w sp a p e r

C u sto m e r a nd v e n d o r in te rv ie w s

5

P ate nt a nd tra d e m a rks

10

Agents, d istrib u to rs, and sup p lie rs

Copyright © by EG-G*ancil. All Rights Reserved. Reproduction is Strictly Prohibited.

C

o m

V a rio u s

p e t i t i v e to o ls

a re

I n t e l l i g e n c e re a d ily

a v a ila b le

in

G th e

a t h e r i n g m a rke t

fo r

th e

p u rp o se

of

c o m p e titiv e

in te llig e n c e g a th e rin g . A c q u is itio n th e

o f in fo rm a tio n

I n t e r n e t is d e f i n e d

o r g a n i z a t i o n . I t is n o n - i n t e r f e r i n g a n d s u b t l e

p r o p e r t y t h e f t c a rrie d th e

in te llig e n c e . C o m p e titiv e

e x te rn a l

g a th e rin g not

o u t th ro u g h

b u s in e s s

th e n

it

is

not

in n a t u r e

co m p a re d

h a c k in g o r in d u s tria l e s p io n a g e .

e n v iro n m e n t.

it s e c re tly . A c c o r d in g t o

u s e fu l,

in te llig e n c e

is n o t j u s t a b o u t

but also analyzing their products, customers, suppliers,

a n a ly z in g c o m p e tito r s th e

a b o u t p r o d u c ts , c o m p e t it o r s , a n d te c h n o lo g ie s o f a c o m p a n y u s in g

as c o m p e t it iv e

It

g a th e rs

in fo rm a tio n

Cl p r o f e s s i o n a l s , i f t h e

c a lle d

in te llig e n c e .

to th e

d ir e c t in te lle c tu a l

It m a in ly c o n c e n t r a t e s o n

e th ic a lly

in te llig e n c e

C o m p e titiv e

e tc . th a t im p a c t

and

le g a lly

in fo rm a tio n

in te llig e n c e

is

in s te a d g a th e re d

p e rfo rm e d

of is fo r

d e te rm in in g : ©

W h a t th e c o m p e tito r s a re d o in g

©

H o w c o m p e tito r s a re p o s itio n in g t h e ir p r o d u c ts a n d s e rv ic e s

Sources of Competitive Intelligence: C o m p a n y w e b s ite s a n d e m p lo y m e n t ads S

M o d u le

S e a rc h e n g in e s , In te r n e t, a n d o n lin e d a ta b a s e s

02 P a g e 166

E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s C o p y r ig h t © b y E C -C

0l i n C i l

A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d .


E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s

Exam

312-50 C e r t i f i e d

E t h ic a l H a c k e r

F o o t p r in t in g a n d R e c o n n a is s a n c e

e e e e e e e e

P ress re le a s e s a n d a n n u a l r e p o r ts T ra d e jo u rn a ls , c o n fe re n c e s , a n d n e w s p a p e rs P a te n ts a n d tra d e m a rk s S o c ia l e n g i n e e r i n g e m p l o y e e s P r o d u c t c a ta lo g s a n d re ta il o u tle ts A n a ly s t a n d r e g u la to r y re p o r ts C u s to m e r a n d v e n d o r in te rv ie w s A g e n ts , d is tr ib u to r s , a n d s u p p lie rs

C o m p e titiv e in fo rm a tio n

in te llig e n c e or

by

can

u tiliz in g

a

be

c a rrie d

c o m m e rc ia l

out

by

e ith e r

d a ta b a s e

e m p lo y in g

s e rv ic e ,

w h ic h

p e o p le in c u rs

to a

se a rch lo w e r

fo r

cost

th e th a n

e m p lo y in g p e rs o n n e l to d o th e s a m e th in g .

M o d u le

02 P a g e 167

E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s C o p y r ig h t Š b y E C -C

0U n C il

A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d .


E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s

Exam

312-50 C e r t i f i e d

E t h ic a l H a c k e r

F o o t p r in t in g a n d R e c o n n a is s a n c e

C o m

p e t it iv e

C o m

p a n y

I n t e llig e n c e

B e g in ?

H o w

- W

D id

h e n

it

D id

t h is

D e v e lo p ?

CEH

V is it T h e s e S ite s ♦------------------------------------------------------

When did it begin?

01. EDGAR Database http://www.sec.gov/edgar.shtml

♦-----------------------------------02. Hoovers How did it develop?

http://www.hoovers.com «________________________________

03. LexisNexis M

■2)

http://www.lexisnexis.com

♦-----------------------------------04. Business Wire ^

Hs)

http://www.businesswire.com

Copyright © by EG-Gtlincil. All Rights Reserved. Reproduction is Strictly Prohibited.

C

o m

p e t i t i v e

B e g i n ?

H o w

I n t e l l i g e n c e D

i d

i t

‫־‬

W

h e n

D

i d

t h i s

C

o m

p a n y

D e v e l o p ?

G a th e r in g c o m p e t it o r d o c u m e n t s a n d re c o r d s h e lp s im p r o v e p r o d u c t iv it y a n d p r o f i t a b i l i t y a n d s t i m u l a t e t h e g r o w t h . It h e lp s d e t e r m i n e t h e a n s w e r s t o t h e f o l l o w i n g :

When did it begin? T h ro u g h

c o m p e titiv e

in te llig e n c e , th e

h is to ry o f a c o m p a n y can

b e c o lle c t e d , s u c h as w h e n

a

p a r tic u la r c o m p a n y w a s e s ta b lis h e d . S o m e tim e s , c ru c ia l in f o r m a t io n t h a t is n 't u s u a lly a v a ila b le f o r o t h e r s c a n a ls o b e c o lle c t e d .

How did it develop? I t is v e r y b e n e f i c i a l t o

k n o w a b o u t h o w e x a c tly a p a rtic u la r c o m p a n y has d e v e lo p e d . W h a t a re

t h e v a rio u s s tr a te g ie s u s e d b y t h e c o m p a n y ? T h e ir a d v e r t is e m e n t p o lic y , c u s t o m e r r e la tio n s h ip m a n a g e m e n t, e tc . c a n b e le a rn e d .

Who leads it? T h is i n f o r m a t i o n

h e lp s a c o m p a n y

le a rn d e ta ils o f t h e

le a d in g p e rs o n

(d e c is io n

m a ke r) o f th e

com pany.

Where is it located?

M o d u le

02 P a g e 168

E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s C o p y r ig h t © b y E C -C

0U n C il

A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d .


E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s

312-50 C e r t i f i e d

Exam

E t h ic a l H a c k e r

F o o t p r in t in g a n d R e c o n n a is s a n c e

T h e lo c a tio n o f th e c o m p a n y a n d in fo r m a tio n

re la te d to v a rio u s b ra n c h e s a n d th e ir o p e ra tio n s

c a n b e c o lle c te d t h r o u g h c o m p e titiv e in te llig e n c e . You

can

use

th is

in fo rm a tio n

g a th e re d

th ro u g h

c o m p e titiv e

in te llig e n c e

to

b u ild

a

h a c k in g

s tra te g y . T h e f o llo w in g a re in f o r m a t io n r e s o u r c e s ite s t h a t h e lp u s e rs g a in c o m p e t i t i v e in t e llig e n c e .

E D G A R

‫ע‬ 0 1 c—3 A ll

S o u rce : h ttp ://w w w .s e c .g o v /e d g a r .s h tm l

c o m p a n ie s ,

fo re ig n

and

d o m e s tic ,

a re

re q u ire d

re p o rts , a n d o th e r fo rm s e le c tro n ic a lly th ro u g h

to

file

re g is tra tio n

s ta te m e n ts ,

EDGAR. A n y o n e can v ie w th e

p e rio d ic

ED G AR d a ta b a s e

f r e e l y t h r o u g h t h e I n t e r n e t ( w e b o r FTP). A ll t h e d o c u m e n t s t h a t a r e f i l e d w i t h t h e c o m m i s s i o n b y p u b lic c o m p a n ie s m a y n o t b e a v a ila b le o n ED G AR .

H o o v e r s M = ‫= ־־‬

I i

S o u rce : h ttp ://w w w .h o o v e r s .c o m

H o o v e r s is a b u s i n e s s r e s e a r c h c o m p a n y t h a t p r o v i d e s c o m p l e t e i n d u s t r i e s a ll o v e r t h e w o r l d . H o o v e r s p r o v i d e s p a t e n t e d

d e ta ils a b o u t c o m p a n ie s a n d

b u s in e s s -re la te d

I n t e r n e t , d a ta fe e d s , w ir e le s s d e v ic e s , a n d c o - b r a n d in g a g r e e m e n t s w it h It g iv e s c o m p l e t e econom y

and

in fo rm a tio n

a ls o

p ro v id e

a b o u t th e

th e

to o ls

o rg a n iz a tio n s ,

fo r c o n n e c tin g

to

in d u s trie s , th e

rig h t

and

in fo rm a tio n th ro u g h o t h e r o n lin e s e rv ic e s .

p e o p le

p e o p le ,

in

th a t d riv e

th e

o rd e r fo r g e ttin g

b u s in e s s d o n e .

L e x is N e x is S o u rce : h ttp ://w w w .le x is n e x is .c o m L e x i s N e x i s is a g l o b a l p r o v i d e r o f c o n t e n t - e n a b l e d p ro fe s s io n a ls

in

th e

le g a l,

ris k

m a n a g e m e n t,

w o rk flo w

s o lu tio n s d e s ig n e d s p e c ific a lly f o r

c o rp o ra te ,

g o v e rn m e n t,

la w

e n fo rc e m e n t,

a c c o u n t i n g , a n d a c a d e m i c m a r k e t s . It m a i n t a in s a n e l e c t r o n i c d a t a b a s e t h r o u g h w h i c h y o u c a n g e t le g a l a n d

p u b lic -re c o rd s

re la te d

in fo rm a tio n .

D o c u m e n ts

and

re co rd s

o f le g a l, n e w s , a n d

b u s in e s s s o u rc e s a re m a d e a c c e s s ib le t o c u s to m e r s .

B u s in e s s

W

ir e

S o u rce : h ttp ://w w w .b u s in e s s w ir e .c o m B u s i n e s s W i r e is a c o m p a n y t h a t f o c u s e s o n p r e s s r e l e a s e d i s t r i b u t i o n a n d r e g u l a t o r y d i s c l o s u r e . F u ll t e x t n e w s

re le a s e s , p h o to s , a n d

a n d o rg a n iz a tio n s a re d is tr ib u te d fin a n c ia l

m a rk e ts ,

in v e s to rs ,

o th e r m u ltim e d ia

c o n te n t fro m

th o u s a n d s o f c o m p a n ie s

b y th is c o m p a n y a c ro s s th e g lo b e t o jo u rn a lis ts , n e w s m e d ia ,

in fo rm a tio n

w e b s ite ,

d a ta b a s e s ,

and

g e n e ra l

a u d ie n c e s .

T h is

c o m p a n y h a s its o w n p a t e n t e d e l e c t r o n i c n e t w o r k t h r o u g h w h i c h it r e le a s e s its n e w s .

M o d u le

02 P a g e 169

E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s C o p y r ig h t © b y E C -C

0U n C il

A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d .


E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s

312-50 C e r t i f i e d

Exam

E t h ic a l H a c k e r

F o o t p r in t in g a n d R e c o n n a is s a n c e

Competitive Intelligence -What c Are the Company's Plans? ‫ך‬ ^^^P^^^^^^^ompetitiv^ntelligenc^Site^^™ fertMM

M a rke t W atch (h

ttp : //w w w .m a r k e tw a tc h .c o m )

The W all S treet Transcript

J twst.com

(h t t p : / / w w w .t w s t .c o m )

^

Lipper M arke tp la ce

\ /

E u ro m o n ito r

(h ttp : // w w w .e u r o m o n ito r .c o m )

Fagan Finder

(h t t p : // w w w .fa g a n fin d e r .c o m )

SEC Info

M a rk e t^

upper marketplace

(h ttp : // w w w .lip p e r m a r k e tp la c e .c o m )

I tUR OM ON M OR

J

^Fagan-^

Finder S E C I n fo

(h ttp : // w w w .s e c in fo .c o m )

The Search M o n ito r

Search M pmI to r

(h t t p : // w w w .th e s e a r c h m o n i to r .c o m )

Copyright © by EG-G*ancil. All Rights Reserved. Reproduction is Strictly Prohibited

C M M

o m

p e t i t i v e

I n t e l l i g e n c e

‫־‬

W

h a t

A r e

t h e

C

o m

p a n y 's

to P la n s ?

The

fo llo w in g

a re

a

fe w

m o re

e x a m p le s

of

w e b s ite s

th a t

a re

u s e fu l

to

g a th e r

v a lu a b le

in f o r m a t io n a b o u t v a rio u s c o m p a n ie s a n d t h e ir p la n s t h r o u g h c o m p e t it iv e in te llig e n c e :

M a r k e t W

a t c h

S o u rce : h ttp ://w w w .m a r k e tw a tc h .c o m M a rk e tW a tc h

tra c k s th e

p u ls e o f m a r k e ts . T h e s ite

p ro v id e s

b u s in e s s n e w s ,

in fo rm a tio n , re a l-tim e c o m m e n ta ry , a n d in v e s tm e n t to o ls a n d d a ta , w ith

p e rs o n a l fin a n c e

d e d ic a te d jo u rn a lis ts

g e n e r a tin g h u n d r e d s o f h e a d lin e s , s to rie s , v id e o s , a n d m a r k e t b rie fs a d a y .

S fli

T h e

Pi

S o u rce : h ttp ://w w w .tw s t.c o m

W

a ll

S tre e t T r a n s c r ip t

T h e W a l l S t r e e t T r a n s c r i p t is a w e b s i t e a s w e l l a s p a i d s u b s c r i p t i o n in d u s try

re p o rts .

It e x p re s s e s t h e

v ie w s

of m oney

m an a g e rs

and

p u b lic a tio n

e q u ity

t h a t p u b lis h e s

a n a ly s ts

o f d iffe re n t

in d u s tr y s e c to rs . In te rv ie w s w it h CEOs o f c o m p a n ie s a re p u b lis h e d .

L ip p e r

M o d u le

02 P a g e 170

M a r k e t p la c e

E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s C o p y r ig h t © b y E C -C

0l 1n C i l

A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d .


E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s

312-50 C e r t i f i e d

Exam

E t h ic a l H a c k e r

F o o t p r in t in g a n d R e c o n n a is s a n c e

S o u rce : h ttp ://w w w .lip p e r m a r k e tp la c e .c o m L ip p e r M a r k e tp la c e o ffe rs w e b -b a s e d s o lu tio n s t h a t a re h e lp fu l f o r id e n tify in g th e c o m p a n y . M a rk e tp la c e needed

h e l p s in q u a l i f y i n g p r o s p e c t s a n d

fo r tra n s fo rm in g

th e s e

p ro s p e c ts in to

p ro v id e s th e

c lie n ts . Its s o lu t io n s

m a rke t o f a

c o m p e titiv e

a llo w

in te llig e n c e

u se rs to

id e n tify

net

p u b lis h e s

re p o rts

on

flo w s a n d tra c k in s titu tio n a l tre n d s .

■ I l l 'l l ■

E u r o m o n it o r S o u rce : h ttp ://w w w .e u r o m o n ito r .c o m

E u ro m o n ito r

p ro v id e s

s tra te g y

rese a rch

fo r

consum er

m a rk e ts .

It

in d u s t r ie s , c o n s u m e r s , a n d d e m o g r a p h ic s . It p r o v id e s m a r k e t r e s e a r c h a n d s u r v e y s f o c u s e d o n y o u r o r g a n iz a tio n 's n e e d s .

F a g a n

F in d e r

R 1 Fagan

S o u rce : h ttp ://w w w .fa g a n fin d e r .c o m

F i n d e r is a c o l l e c t i o n

e n g in e s ,

p h o to

s h a rin g

o f i n t e r n e t t o o l s . I t is a d i r e c t o r y o f b l o g s i t e s , n e w s s i t e s , s e a r c h

s ite s ,

s c ie n c e

and

e d u c a tio n

s ite s ,

e tc .

S p e c ia liz e d

to o ls

such

as

T ra n s la tio n W iz a rd a n d U R L in fo a re a v a ila b le f o r fin d in g in fo r m a t io n a b o u t v a rio u s a c tio n s w it h a w e b page.

M ^

S E C >— ‫׳‬

I n f o

S o u rce : h ttp ://w w w .s e c in fo .c o m

SEC I n f o o f f e r s t h e U .S . S e c u r i t i e s a n d E x c h a n g e C o m m i s s i o n th e w e b , w ith

b illio n s o f lin k s a d d e d t o

In d u s try , a n d

B u s i n e s s , SIC C o d e , A r e a

(SEC) EDGAR

d a ta b a s e s e rv ic e o n

t h e SEC d o c u m e n t s . It a l l o w s y o u t o C o d e , A c c e s s io n

N u m b e r,

se a rch b y N a m e ,

F ile N u m b e r , C lK , T o p i c , Z IP

C o d e , e tc .

T h e

S e a r c h

M

o n it o r

S o u rce : h ttp ://w w w .th e s e a r c h m o n ito r .c o m T h e S e a rc h M o n it o r p ro v id e s r e a l- tim e c o m p e titiv e in te llig e n c e to m o n it o r a n u m b e r o f th in g s . It a llo w s y o u

to

m o n it o r m a r k e t s h a re , p a g e ra n k , a d c o p y , la n d in g

pages, and th e

y o u r c o m p e tito rs . W ith th e tr a d e m a r k m o n ito r , y o u can m o n ito r th e as y o u r

c o m p e tito r 's

b ra n d

and

w ith

th e

a ffilia te

m o n ito r;

you

can

budget of

b u zz a b o u t y o u rs as w e ll w a tc h

m o n ito r

ad

and

la n d in g p a g e c o p y .

M o d u le

02 P a g e 171

E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s C o p y r ig h t © b y E C -C

0U n C il

A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d .


E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s

312-50 C e r t i f i e d

Exam

E t h ic a l H a c k e r

F o o t p r in t in g a n d R e c o n n a is s a n c e

C o m O

p e t it iv e

p in io n s

I n t e l l i g e n c e

S a y

A b o u t

t h e

- W

C o m

h a t

CEH

E x p e r t

p a n y

C o m p ete PRO™

C opernic T rack er

http://w w w .com pete.com

http://www .copernic.com

ABI/INFORM Global

SEMRush

http://w w w .proquest.com

http://www .sem rush.com

Jo b lto rlal

A tten tio n M eter http://w w w .attentionm eter.com

a s !

http ://w w w .job ito ria l.co m

Copyright © by EG-G(IIIICil. All Rights Reserved. Reproduction Is Strictly Prohibited.

C

o m

t h e

p e t i t i v e C

o m

I n t e l l i g e n c e

‫ ־‬W

h a t

E x p e r t

O

p i n i o n s

S a y

A b o u t

p a n y

C o p e r n ic

T r a c k e r

S o u rce : h ttp ://w w w .c o p e r n ic .c o m C o p e rn ic

is w e b s i t e

a c k n o w le d g e s

you

tra c k in g c o n te n t

s o ftw a re .

It

c h a n g e s v ia

m o n ito rs

an

e m a il,

a c o m p e tito r 's if a n y.

The

w e b s ite

u p d a te d

c o n tin u o u s ly

pages

as w e ll

and

as th e

c h a n g e s m a d e in t h e s it e a r e h i g h l i g h t e d f o r y o u r c o n v e n i e n c e . Y o u c a n e v e n w a t c h f o r s p e c if ic k e y w o r d s , t o s e e t h e c h a n g e s m a d e o n y o u r c o m p e t i t o r 's s ite s .

S E M R u s h S o u rce : h ttp ://w w w .s e m r u s h .c o m SEM Rush

is a c o m p e t i t i v e

k e y w o rd s

and

re s u lts .

and

rese a rch

to o l.

A d W o r d s , as w e ll as a c o m p e t it o r s

N e ce ssa ry

a d v e rtis in g

k e y w o rd

m eans

th e ir

fo r

g a in in g

b u d g e t a llo c a tio n

in -d e p th to

s p e c ific

For any

s ite , y o u

lis t in t h e k n o w le d g e

o rg a n ic about

can and

g e t a lis t o f G o o g le p a id

w hat

G o o g le

s e a rc h

c o m p e tito rs

In te r n e t m a r k e tin g ta c tic s a re

a re

p ro v id e d

by

SEM Rush

M o d u le

02 P a g e 172

E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s C o p y r ig h t © b y E C -C

0U n C il

A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d .


E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s

Exam

312-50 C e r t i f i e d

E t h ic a l H a c k e r

F o o t p r in t in g a n d R e c o n n a is s a n c e

J o k it o r ia l S o u rce : h ttp ://w w w .io b ito r ia l.c o m J o b ito ria l

p ro v id e s

anonym ous

e m p lo y e e

re v ie w s

p o s te d

fo r

jo b s

at

th o u s a n d s

of

c o m p a n ie s a n d a llo w s y o u t o r e v ie w a c o m p a n y .

A t t e n t io n M e t e r S o u rce : h ttp ://w w w .a tte n tio n m e te r .c o m A tte n tio n M e te r C o m p e te , a nd

is a t o o l

Q u a n c a s t.

used

fo r c o m p a rin g

It g iv e s y o u

a n y w e b s ite

a s n a p s h o t o f tra ffic

you d a ta

w ant

(tra ffic )

by

u s in g A le x a ,

as w e ll as g r a p h s f r o m

A le x a ,

C o m p e te , a n d Q u a n tC a s t.

A B I / I N F O R M

G lo b a l

S o u rce : h ttp ://w w w .p r o a u e s t.c o m A B I/IN F O R M fin a n c ia l

G l o b a l is a b u s i n e s s d a t a b a s e . A B I / I N F O R M

in fo rm a tio n

d e te rm in e

b u s in e s s

fo r

re s e a rc h e rs

c o n d itio n s ,

at

a ll

m anagem ent

le v e ls .

G lo b a l o ffe rs t h e

W ith

te c h n iq u e s ,

A B I/IN F O R M b u s in e s s

la te s t b u s in e s s a n d G lo b a l,

tre n d s ,

u s e rs

can

m anagem ent

p ra c tic e a n d th e o r y , c o r p o r a t e s tr a te g y a n d ta c tic s , a n d t h e c o m p e t it iv e la n d s c a p e .

C o m p e te

IB

P R O

S o u rce : h ttp ://w w w .c o m p e te .c o m

C o m p e te

PRO

p ro v id e s

an

o n lin e

c o m p e titiv e

in te llig e n c e

s e rv ic e .

It c o m b i n e s

a ll t h e

s ite ,

s e a r c h , a n d r e f e r r a l a n a l y t i c s in a s i n g l e p r o d u c t .

M o d u le

02 P a g e 173

E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s C o p y r ig h t Š b y E C -C

0U n C il

A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d .


E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s

Exam

312-50 C e r t i f i e d

E t h ic a l H a c k e r

F o o t p r in t in g a n d R e c o n n a is s a n c e

Footprinting Methodology

CEH

Footprinting through Search \ Engines

WHOIS Footprinting

Website Footprinting

DNS Footprinting

Email Footprinting

Network Footprinting

Competitive Intelligence

Footprinting through Social Engineering

Footprinting using Google

Footprinting through Social Networking Sites

Copyright Š by EG-G(IIIICil. All Rights Reserved. Reproduction is Strictly Prohibited.

F o o t p r i n t i n g

M

e t h o d o l o g y

F o o t p r i n t i n g Though s im ila r to th e

G o o g le

is a s e a r c h

e n g in e .

G

o o g l e

e n g in e ,

p ro c e s s o f fo o tp r in tin g th ro u g h

w ith g a th e rin g in fo rm a tio n s p e c ific

u s i n g

s trin g s G o o g le

o f te x t

th e

p ro ce ss

o f fo o tp rin tin g

u s in g

G o o g le

is

not

s e a rc h e n g in e s . F o o t p r in tin g u s in g G o o g le d e a ls

b y G o o g l e h a c k i n g . G o o g l e h a c k i n g is a h a c k i n g t e c h n i q u e t o l o c a t e

w ith in

se a rc h

re s u lts

w ill f ilt e r f o r e x c e s s iv e

use

u s in g

an

advanced

o f advanced

s e a rc h

o p e ra to r o p e ra to rs

in and

G o o g le

se a rch

w ill d r o p

th e

re q u e s ts w it h th e h e lp o f a n In tru s io n P re v e n tio n S y s te m

M o d u le

02 P a g e 174

E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s C o p y r ig h t Š b y E C -C

0U n C il

A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d .


E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s

Exam

312-50 C e r t i f i e d

E t h ic a l H a c k e r

F o o t p r in t in g a n d R e c o n n a is s a n c e

Footprint Using Google Hacking Techniques

-‫ יי‬r~ j

F o o t p r i n t i n g

u s i n g

G

o o g l e

H

a c k i n g

T e c h n i q u e s

J_ G o o g le h a c k in g r e f e r s t o t h e a r t o f c r e a t in g c o m p l e x s e a r c h e n g in e q u e r ie s . If y o u c a n c o n s tru c t G o o g le

p ro p e r

se a rch

q u e rie s , y o u

re s u lts .

can

T h ro u g h

re trie v e

G o o g le

v a lu a b le

h a c k in g ,

an

d a ta

about

a tta c k e r

a ta rg e t

trie s

to

fin d

com pany

fro m

w e b s ite s

th a t

th e a re

v u ln e r a b le t o n u m e r o u s e x p lo it s a n d v u ln e r a b ilit ie s . T h is c a n b e a c c o m p lis h e d w i t h t h e h e lp o f G o o g le

h a c k in g

o p e ra to rs

h e lp

d a ta b a s e

(G H D B ),

in f i n d i n g

re q u ire d

o p e ra to rs , a tta c k e rs lo c a te

a

d a ta b a s e

te x t and

of

q u e rie s

a v o id in g

to

id e n tify

irre le v a n t

d a ta .

d a ta .

G o o g le

U s in g a d v a n c e d

s e n s itiv e

G o o g le

s p e c ific s tr in g s o f t e x t s u c h as s p e c ific v e rs io n s o f v u ln e r a b le

web

a p p lic a tio n s . S o m e o f t h e p o p u la r G o o g le o p e r a t o r s in c lu d e : Q

.Site:

Q

allinurl:

T h e .S ite o p e r a t o r in G o o g l e h e l p s t o f i n d o n l y p a g e s t h a t b e l o n g t o a s p e c i f i c U R L . T h is

o p e r a to r fin d s

th e

re q u ire d

pages

o r w e b s ite s

by

re s tric tin g

th e

re s u lts

c o n t a i n i n g a ll q u e r y t e r m s . Q

Inurl:

T h is w ill r e s t r ic t t h e r e s u lts t o o n ly w e b s ite s o r p a g e s t h a t c o n ta in t h e q u e r y t e r m s

t h a t y o u h a v e s p e c i f i e d in t h e U R L o f t h e w e b s i t e .

© allintitle:

It r e s t r i c t s r e s u lt s t o o n l y w e b p a g e s t h a t c o n t a i n a ll t h e q u e r y t e r m s t h a t y o u

h a v e s p e c ifie d .

M o d u le

02 P a g e 175

E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s C o p y r ig h t © b y E C -C

0U n C il

A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d .


E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s

Exam

312-50 C e r t i f i e d

E t h ic a l H a c k e r

q u e ry te rm

th a t you

F o o t p r in t in g a n d R e c o n n a is s a n c e

intitle:

It r e s t r ic t s r e s u lt s t o

h a v e s p e c ifie d .

It w i l l s h o w

o n ly th e

web

pages th a t c o n ta in

o n ly w e b s ite s th a t m e n tio n

th e

th e

q u e ry te rm

th a t you

have

used.

Š Inanchor:

It r e s tr ic ts r e s u lts t o p a g e s c o n t a in in g t h e q u e r y t e r m

t h a t y o u h a v e s p e c ifie d

in t h e a n c h o r t e x t o n lin k s t o t h e p a g e .

Q Allinanchor:

It r e s t r ic t s

re s u lts t o

pages c o n ta in in g

a ll q u e r y

te rm s

you

s p e c ify

in t h e

a n c h o r t e x t o n lin k s t o t h e p a g e .

M o d u le

02 P a g e 176

E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s C o p y r ig h t Š b y E C -C

0U n C il

A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d .


E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s

Exam

312-50 C e r t i f i e d

E t h ic a l H a c k e r

F o o t p r in t in g a n d R e c o n n a is s a n c e

What aHacker can dowith Google Hacking?

EH

A tta c k e r ga the rs:

E rro r

A d v is o rie s a n d se rve r

messages th a t

c o n ta in s e n s itiv e

v u ln e ra b ilitie s

in fo rm a tio n

Pages c o n ta in in g

Files c o n ta in in g

n e tw o rk o r

p a ssw o rd s

v u ln e ra b ility d a ta

Pages c o n ta in in g lo g o n p o rta ls

Copyright © by EG-G(IIIICil. All Rights Reserved. Reproduction is Strictly Prohibited.

W —

h a t

If t h e

C a n

a

H

ta rg e t w e b s ite

a c k e r

D o

w

is v u l n e r a b l e t o

i t h G o o g le

G

o o g l e

H

a c k i n g ?

h a c k in g , t h e n t h e

a tta c k e r ca n fin d

th e

f o l l o w i n g w i t h t h e h e l p o f q u e r i e s in G o o g l e h a c k i n g d a t a b a s e : Q

E rro r m e s s a g e s t h a t c o n ta in s e n s itiv e in fo r m a t io n

-‫י‬

F ile s c o n t a i n i n g p a s s w o r d s

Q

S e n s itiv e d ir e c to r ie s

Q

P ages c o n ta in in g lo g o n p o r ta ls Pages c o n ta in in g n e tw o r k o r v u ln e ra b ility d a ta

Q

M o d u le

A d v is o rie s a n d s e rv e r v u ln e ra b ilitie s

02 P a g e 177

E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s C o p y r ig h t © b y E C -C

0U n C il

A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d .


E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s

Exam

312-50 C e r t i f i e d

E t h ic a l H a c k e r

F o o t p r in t in g a n d R e c o n n a is s a n c e

Google Advance Search Operators

CEH

G o o g le s u p p o r t s s e v e ra l a d v a n c e d o p e r a t o r s t h a t h e lp in m o d ify in g t h e s e a rc h

[ c a c h e :]

D isp la ys th e w e b pages sto re d in th e G o o g le cache

[lin k :]

V

Lists w e b pages th a t h ave lin ks to th e sp e cifie d w e b page

[related :]

Lists w e b pages th a t are s im ila r t o a sp e cifie d w e b page

[ i n f o :]

P re se n ts s o m e in fo rm a tio n th a t G o o g le has a b o u t a p a rtic u la r w e b page

[ s i t e :]

R estricts th e re su lts to th o se w e b site s in th e g ive n d o m a in

[ a l l i n t i t l e :]

‫׳‬

i

t

[ i n t i t l e :]

[ a l l i n u r l :]

[ i n u r l :]

R estricts th e re su lts to th o se w e b site s w ith all o f th e search ke yw o rd s in th e title

R estricts th e re su lts to d o cu m e n ts co n ta in in g th e search k e yw o rd in th e t itle

R estricts th e re su lts to th o se w ith all o f th e search k e yw o rd s in th e URL

R estricts th e re su lts to d o cu m e n ts co n ta in in g th e search k e yw o rd in th e URL

Copyright © by EG-GtailCil. All Rights Reserved. Reproduction is Strictly Prohibited.

G

o o g l e

A d v a n c e

S e a r c h

O

p e r a t o r s

S o u rc e : h ttp ://w w w .g o o e le g u id e .c o m

Cache:

T h e C A C H E q u e r y d is p la y s G o o g le 's c a c h e d v e rs io n o f a w e b p a g e , in s te a d o f t h e c u r r e n t

v e rs io n o f th e page.

Example: cache:

w w w .e ff.o rg

w ill s h o w

G o o g le 's

cached

v e rs io n

o f th e

E le c tro n ic

F ro n tie r

F o u n d a tio n

h o m e page.

Note: link:

D o n o t p u t a s p a ce b e tw e e n c a c h e : a n d th e URL (w e b a d d re s s ).

L in k lis ts w e b

p a g e s t h a t h a v e lin k s t o t h e s p e c ifie d w e b

p a g e . F o r e x a m p le , t o fin d

pages

t h a t p o in t t o G o o g le G u id e 's h o m e p a g e , e n te r :

link:

w w w .g o o g le g u id e .c o m

N o t e : A c c o r d in g t o G o o g le 's d o c u m e n t a t i o n , " y o u c a n n o t c o m b in e a lin k : s e a rc h w i t h a r e g u la r k e y w o rd s e a rc h ."

M o d u le

02 P a g e 178

E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s C o p y r ig h t © b y E C -C

0U n C il

A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d .


E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s

312-50 C e r t i f i e d

Exam

E t h ic a l H a c k e r

F o o t p r in t in g a n d R e c o n n a is s a n c e

A ls o n o te t h a t w h e n y o u c o m b in e lin k : w it h a n o t h e r a d v a n c e d o p e r a t o r , G o o g le m a y n o t r e t u r n a ll t h e

p a g e s t h a t m a tc h . T h e f o llo w in g q u e rie s s h o u ld

y o u r e m o v e t h e -s ite : t e r m

related:

re tu rn

lo ts o f r e s u lts , as y o u c a n s e e if

in e a c h o f t h e s e q u e r i e s .

If y o u s t a r t y o u r q u e r y w i t h " r e l a t e d : " , t h e n G o o g le d is p la y s w e b s it e s s im ila r t o t h e s ite

m e n t i o n e d in t h e s e a r c h q u e r y .

Example:

re la te d :w w w . m ic ro s o ft.c o m

w ill p ro v id e

t h e G o o g le s e a rc h e n g in e r e s u lts p a g e w it h

w e b s ite s s im ila r t o m ic ro s o ft.c o m .

info: For

In fo w ill p re s e n t s o m e in fo r m a tio n th e c o r r e s p o n d in g w e b p a g e . in s ta n c e ,

G o tH o te l.c o m

Note:

in fo :g o th o te l.c o m

w ill

show

in fo rm a tio n

about

th e

n a tio n a l

h o te l

d ire c to ry

h o m e page.

T h e r e m u s t b e n o s p a c e b e t w e e n t h e in fo : a n d t h e w e b p a g e URL.

T h is f u n c t i o n a l i t y c a n a ls o b e o b t a i n e d b y t y p in g t h e w e b p a g e U R L d ir e c t ly in t o a G o o g le s e a rc h box.

site:

If y o u

in c lu d e

s ite :

in y o u r q u e r y , G o o g l e

w ill

r e s tric t y o u r s e a rc h

re s u lts t o

th e

s ite

or

d o m a in y o u s p e c ify . For

e x a m p le ,

School

a d m is s io n s

s ite :w w w . Is e .a c .u k

o f E c o n o m ic s ' s ite

and

[p e a c e

w ill

s ite :g o v

show

a d m is s io n s

] w ill fin d

pages

in fo rm a tio n

about

peace

fro m

w ith in

London th e

.g o v

d o m a in . Y o u c a n s p e c ify a d o m a in w i t h o r w i t h o u t a p e r io d , e .g ., e i t h e r as .g o v o r g o v . N o te : D o n o t in c lu d e a s p a c e b e tw e e n th e " s ite :" a n d th e d o m a in .

allintitle:

If y o u s t a r t y o u r q u e r y w i t h

a l l i n t i t l e : , G o o g l e r e s t r i c t s r e s u l t s t o t h o s e c o n t a i n i n g a ll

t h e q u e r y t e r m s y o u s p e c i f y in t h e t i t l e . F or e x a m p le , "d e te c t"

and

a llin title :

d e te c t

"p la g ia ris m "

in

p la g ia ris m th e

title .

w ill

T h is

re tu rn

o n ly

d o c u m e n ts

fu n c tio n a lity

can

a ls o

th a t c o n ta in

be

o b ta in e d

th e

w o rds

th ro u g h

th e

A d v a n c e d W e b S e a rch p a g e, u n d e r O c c u rre n c e s .

intitle:

T h e q u e ry in title : te r m

in s ta n c e ,

flu

s h o t in title :h e lp

r e s tr ic ts re s u lts t o w ill

re tu rn

d o c u m e n ts

d o c u m e n ts

th a t

c o n ta in in g te rm

m e n tio n

th e

in t h e

w o rd

title .

"h e lp "

For

in t h e i r

t i t l e s , a n d m e n t i o n t h e w o r d s " f l u " a n d " s h o t " a n y w h e r e in t h e d o c u m e n t ( t i t l e o r n o t ) . N o te : T h e re m u s t b e n o s p a ce b e tw e e n th e in title : a n d th e fo llo w in g w o r d .

allinurl:

I f y o u s t a r t y o u r q u e r y w i t h a l l i n u r l :, G o o g l e r e s t r i c t s r e s u l t s t o t h o s e c o n t a i n i n g a l l t h e

q u e r y t e r m s y o u s p e c i f y in t h e U R L . F o r e x a m p le , a llin u rl: g o o g le fa q a n d " f a q " in t h e

w ill r e tu r n

o n ly d o c u m e n ts th a t c o n ta in

th e

w o rd s

" g o o g le "

U R L, s u c h as " w w w . g o o g l e . c o m / h e l p / f a q . h t m l ." T h is f u n c t i o n a l i t y c a n a ls o b e

o b ta in e d th r o u g h th e A d v a n c e d W e b S e a rch p a g e, u n d e r O c c u rre n c e s . In

URLs,

w o rd s

a re

o fte n

run

to g e th e r.

They

need

not

be

run

to g e th e r

when

y o u 'r e

u s in g

a llin u rl.

inurl:

I f y o u i n c l u d e i n u r l : in y o u r q u e r y , G o o g l e w i l l r e s t r i c t t h e r e s u lt s t o d o c u m e n t s c o n t a i n i n g

t h a t w o r d in t h e U R L . F o r in s ta n c e , w h ic h

th e

nam ed

M o d u le

in u rk p rin t

s ite :w w w . g o o g le g u id e .c o m

URL c o n ta in s th e

" p rin t"

02 P a g e 179

on

th e

w o rd

G o o g le

" p rin t."

G u id e

It f in d s

w e b s ite .

se a rch e s

fo r

pages

PDF file s t h a t a re

The

q u e ry

on

in t h e

[ in u rk h e a lth y

G o o g le

G u id e

in

d ire c to ry o r fo ld e r e a tin g

] w ill

re tu rn

E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s C o p y r ig h t Š b y E C -C

0U n C il

A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d .


E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s

Exam

312-50 C e r t i f i e d

E t h ic a l H a c k e r

F o o t p r in t in g a n d R e c o n n a is s a n c e

d o c u m e n ts

th a t

m e n tio n

th e

w o rd s

" h e a lth y "

in t h e i r

URL, a n d

m e n tio n

th e

w o rd

"e a tin g "

a n y w h e r e in t h e d o c u m e n t .

Note:

M o d u le

T h e re m u s t b e n o s p a c e b e tw e e n th e in u rl: a n d th e f o llo w in g w o r d .

02 P a g e 180

E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s C o p y r ig h t Š b y E C -C

0U n C il

A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d .


E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s

Exam

312-50 C e r t i f i e d

E t h ic a l H a c k e r

F o o t p r in t in g a n d R e c o n n a is s a n c e

Finding Resources Using Google Advance Operator

f 1z .

_‫״‬ E! 5

Copyright © by EG-G(ancil. All Rights Reserved. Reproduction is Strictly Prohibited.

F i n d i n g

R e s o u r c e s

u s i n g

G

o o g l e

[ i n t i t l e : in tra n e t

B y u s in g t h e G o o g le A d v a n c e O p e r a t o r s y n ta x

• f i n t e x t : ‫ ״‬human as

w e ll

as

in fo rm a tio n

A d v a n c e

O

p e r a t o r

in u r l : in tra n e t

r e s o u r c e s ‫ ] ״‬: th e a tta c k e r ca n fin d p riv a te in fo r m a tio n o f a ta r g e t c o m p a n y

s e n s itiv e

in fo rm a tio n

g a th e re d

by

th e

about

a tta c k e rs

th e

can

be

e m p lo y e e s used

to

of

th a t

p e rfo rm

p a rtic u la r s o c ia l

com pany.

e n g in e e rin g

The

a tta c k s .

G o o g le w ill f ilt e r f o r e x c e s s iv e u s e o f a d v a n c e d s e a rc h o p e r a t o r s a n d w ill d r o p t h e r e q u e s ts w it h th e h e lp o f a n In tru s io n P r e v e n tio n S y s te m . T h e fo llo w in g

s c r e e n s h o t s h o w s a G o o g le s e a rc h e n g in e

re s u lts p a g e d is p la y in g th e

re s u lts o f

th e p re v io u s ly m e n tio n e d q u e ry :

M o d u le

02 P a g e 181

E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s C o p y r ig h t © b y E C -C

0U n C il

A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d .


E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s

Exam

312-50 C e r t i f i e d

E t h ic a l H a c k e r

F o o t p r in t in g a n d R e c o n n a is s a n c e

♦You

Search

Images

Mail

Documents

Calendar

Sites

Contacts

Maps

More ‫־‬

(inCitke intranet inurt intranet ♦intext 'human resource^

Search

About ?3 800 rest*s (0 16 second

Web

Humaj3LS«Purc»» Human Resource* Intranet > Department of Human Resources 14 Jun 2012-Human Resources — Home > Department of Human Resources > Human Resources Intranet Human Resources Intranet...

Images ).taps

Videos News

intranet*/ 6 Juo 2012 Human Resources 201V12 DeaAnes « 1Facu*y and Human Resources - - *Personnel Specials! assignments by Ur* (OOC)...

Shopping 4 ‫׳‬H

M

«

•—

orgI

More

Error Cookies are not enabled You must enable cooloes before you can log n Please log in This section 0 1the Human Resources *ebsite IS for UNC Health...

Show search tools

Intr»n»t Benefits (ot Human Resource Management

* - V intranet ben«4ts Vxhumaf1-r»sourc*-mana9♦ 3 Nov 2010 - Tags enterpnse 2 0 •nterpnse colaboration human resources noranel 2 0 intranets social crm Intranet Benefcs for Human Resowce...

Human Reiourcet I . . Intranet.

»*»«««■♦ ‫• *־‬du au/ hi Tht Faculty Human Resources Taam aims to work vnth acad*rr»c haads managers and staff to •nsur• that human resources a*«c• and actMties translatt into...

__________ Intranet Human Retourcet. intranet personnet/perps him Human Resources Employee Benefts and Resources Ag Leam provides education serwees for —• • contractors.‫״‬.

> • _ds |*p>dsjd*41 The Human Resources oftce is responsible tor prg.«jrv3vanous support services to all

FIGURE 2.28: Search engine show ing results fo r given Google Advance O p e ra to r syntax

M o d u le

02 P a g e 182

E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s C o p y r ig h t © b y E C -C

0U n C il

A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d .


E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s

Exam

312-50 C e r t i f i e d

E t h ic a l H a c k e r

F o o t p r in t in g a n d R e c o n n a is s a n c e

Google HackingTool: Google Hacking Database (GHDB)

Advisories andVulnerabilrt.es

G ( G

o o g l e

H

a c k i n g

T o o l :

CEH

Pages Containing Login Portals

G

o o g l e

H

a c k i n g

D a t a b a s e

H D B )

S o u rce : h ttp ://w w w .h a c k e r s fo r c h a rity .o r g T h e G o o g l e H a c k i n g d a t a b a s e ( G H D B ) is a d a t a b a s e o f q u e r i e s t h a t i d e n t i f y s e n s i t i v e d a t a . G H D B is a n H T M L / J a v a S c r i p t w r a p p e r a p p l i c a t i o n t h a t u s e s a d v a n c e d J a v a S c r i p t t e c h n i q u e s t o s c r a p e in fo rm a tio n

fro m

J o h n n y 's G o o g le

s c rip ts . T h e G o o g le

H a c k in g

H a c k in g

D a ta b a s e w it h o u t th e

D a ta b a s e e x p o s e s k n o w n

is s u e s w i t h

n e e d fo r h o s te d

s e rv e r-s id e

s o ftw a r e th a t ru n w e b s ite s .

T h e r e a re s o m e b u g s t h a t e x p o s e in f o r m a t io n t h a t m ig h t n o t w a r r a n t p u b lic re a d in g .

M o d u le

02 P a g e 183

E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s C o p y r ig h t Š b y E C -C

0U n C il

A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d .


E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s

E x a m 3 1 2 - 5 0 C e r t if ie d E t h ic a l H a c k e r

F o o t p r in t in g a n d R e c o n n a is s a n c e

C MW(

0 1

r ■ 6HM • Hadun far Over. •

1

«-

I www.rudcersf fChar ty.oro/‫ק‬1 ‫>ו‬ 1&,‫׳ ׳‬function! ■wmmaryttf. i -19 PAOJCCTC

ABOUT U

ES2]

C

0

10

*v‫׳‬whaelcmtocchanty. rg,<;)hdrv‫׳‬lunn n‫־‬tumm,vy&car 1/

- *

YouTttl OHOO - r U c ld i for Charity

HACKERSFORCHARITY.ORC

onoe

C*€>9

s: P1 g « contanng lopr porta* According a. Miaosoft ‫־‬M1u o *1ft (R) Outlook (TK) VJ*t! a .‫ ׳‬res•; * ‫ ג‬M*<‫׳־‬osofr Ftrturo* Artwe Servar C Application that t>veo you prvitc access to Ttus 1» U1* login pace f<x CokJFuson .*dnrivratcn AlOteualt m»n> »t 1h*M» are uirurM. t C1« s an Irdlcator of a dtfau't into laton and Th■* is default login pa$c for ColdFu»or1. Aimouch many ot tnese are secured, rm is an •ncicatcr of a dsfault installation, and iray bo

CHDe - M.«.k*r> F‫ **־‬Charity 0H 0e S‫ « «״‬t Ad/tsenes ard ViireraMtties

webmn is ‫ ג‬hen acrnrn irtar'ace fee Unix Coxes it 5! ‫ ־‬run or ‫ ג‬propriataiy wob co'vor isterirg on th* C«<0J t l>»‫׳‬t of 10090. 1t»> 1» 4 typical login page. Itfwi lein tlr become a targa* for SQL injection Comsac's amd* at I» « ., (‫־‬Op:/'ww>v.govcrrrrKrvsc<ur1ty.or5/art)Clca/S n»s » a typical login page, itfus ■ecentir bccotn* a j 1acr13/‫־‬dnn.10or .a taro■* for SQL injection. Comsoc's artid* at j NJp://wrwYr.goverrm«r«secunty.©rc/artjde!/S . VNC U a fenwte-corwoHed C«l«pp produa. ?004- ‫־‬VNC DftdC ’ r<T>*nd1no or rhe contlcuraBon. w rote u « « nay rot bo pr«*4nted •vth 3 pa»wo‫׳‬d. Cvor when

(H-» ‫ווו‬tart*eonn

2CO*03‫*•־‬ XO*-

2C04 0‫ צ‬-; 2 2004

Tic E»t‫ ׳‬l‫־‬rpi<t Pioductort contain} multiple vulnerabltes. Afucn cojM eoioited to alk>!v an Gf p-odjctrart a«3ccar to cceai u««r cr«d«ntjak or mount other atta Accorcare tol rmSoSaareh f»ttp^7*'«v‫׳‬.MCurtvfofuc.cofr\lb1d/0667. carsin v-aHeratilC• rerjior® n»1CoJe»C1 contan a buffer ov«ftov% vuln*r3Mlfy wfticti allow an XttrkM to Advanced Guestbook has an SQl r)e<‫־‬nor rWKjutMtwok which al 0*5 unauthomod acces*. 'jrvarrec guacfeook >oblem Aaadurfiotn thee, hit Aa!rw1‫ ־‬trw 00 01e 2.2 pen* following VP•ASP (Virtual PrograTTtirg ASP) has won v* a sp 3rwpe*n<1 cart awarih both in US anti France. is now m um

\‫כ‬

ct

v7.7

Vte

'

j t

i

CHWPtltifWt.■.

‫־‬

TH» 11 the (root page entry point to

X

e

C < C .

[_

"Miuo 71k" .

I m sis the loan page for MtcrosoTs Renote Deslax? W«b Connection, which a'low! rometo usart to ‫׳‬ | connect to (and optionally corttol) aum>

inul.r *o f‫׳‬an «3a1/Je fatltflogin asp

' •nttteftqjo

ITwm! aie Otiw Metafieiit* login ptxt^s. AtUKhws ran iica (txxo tn prr.fl• a s1*e and ran 1*e near!)re setup! of thi* application to acce*• the »t»

<

FIGURE 2.29: Screenshots showing Advisories and Vulnerabilities & pages containing login portals

M o d u le 0 2 P a g e 1 8 4

E t h i c a l H a c k i n g a n d C o u n t e r m e a s u r e s C o p y r i g h t © b y E C - C 0 l1 n C il A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d .


E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s

E x a m 3 1 2 - 5 0 C e r t if ie d E t h ic a l H a c k e r

F o o t p r in t in g a n d R e c o n n a is s a n c e

Google Hacking Tools

CEH

MetaGoofil http://www.edge-security,com

Goolink Scanner http://www.ghacks.net

SiteDigger

SearchDiggity

&

http://www.mcafee.com

http://www.stachliu. com

?&

Google Hacks http://code.google.com

Google HACK DB http://www.5ecpoint.com

BiLE Suite

Gooscan

http://www.sensepost.com

http://www.darknet.org. uk

Copyright © by EG-G(HIICil. All Rights Reserved. Reproduction is Strictly Prohibited.

G

o o g l e

B e s id e s

th e

H

a c k i n g

G o o g le

T o o l s

H a c k in g

D a ta b a s e

(G H D B )

to o l

fe a tu re d

s o m e o t h e r to o ls t h a t ca n h e lp y o u w it h G o o g le h a c k in g . T h e r e a re a f e w to o ls

m e n tio n e d

v u ln e ra b ilitie s ,

as

e rro r

fo llo w s .

U s in g

m essage

th e s e

to o ls ,

in fo rm a tio n

th a t

a tta c k e rs m ay

can

p re v io u s ly ,

th e re

a re

m o r e G o o g le h a c k in g

g a th e r

a d v is o rie s

reveal

a tta c k

p a th s ,

fo r

e x tra c tin g

and

s e n s itiv e

s e rve r file s ,

d ir e c to r ie s , lo g o n p o rta ls , e tc .

‫ג‬

M e t a g o o f il S o u rce : h ttp ://w w w .e d g e -s e c u r itv .c o m

M e ta g o o fil

is

an

in fo rm a tio n -g a th e rin g

to o l

d e s ig n e d

m e ta d a ta

of

p u b lic

d o c u m e n t s ( p d f , d o c , x ls , p p t , d o c x , p p t x , x ls x ) b e l o n g i n g t o a t a r g e t c o m p a n y . M e t a g o o f i l p e r f o r m s a s e a r c h in G o o g l e t o i d e n t i f y a n d d o w n l o a d t h e d o c u m e n t s t o a lo c a l d is k a n d t h e n e x tra c ts t h e m e ta d a ta w it h d if f e r e n t lib ra rie s s u c h as H a c h o ir, P d fM in e r ? , a n d o th e r s . W ith

th e

re s u lts ,

it

g e n e ra te s

a

re p o rt

w ith

u s e rn a m e s ,

s o ftw a re

v e rs io n s ,

and

s e rve rs

or

m a c h i n e n a m e s t h a t m a y h e l p p e n e t r a t i o n t e s t e r s in t h e i n f o r m a t i o n g a t h e r i n g p h a s e .

G o o lin k

M o d u le 0 2 P a g e 1 8 5

S c a n n e r

E t h i c a l H a c k i n g a n d C o u n t e r m e a s u r e s C o p y r i g h t © b y E C - C 0 U n C il A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d .


E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s

E x a m 3 1 2 - 5 0 C e r t if ie d E t h ic a l H a c k e r

F o o t p r in t in g a n d R e c o n n a is s a n c e

S o u rce : h ttp ://w w w .g h a c k s .n e t The

G o o lin k

v u ln e ra b le

Scanner re m o v e s

s ite 's

lin k s . T h u s ,

th e

cache

it a llo w s

fro m

you

to

your fin d

s e a rc h e s , a n d

v u ln e ra b le

c o lle c ts

s ite s w id e

and

open

d is p la y s

o n ly

G o o g le

and

to

g o o g le b o ts .

^ ‫י־‬

S ite D ig g e r S o u rce : h ttp ://w w w .m c a fe e .c o m

S ite D ig g e r

se a rch e s

G o o g le 's

cache

to

lo o k

fo r

v u ln e ra b ilitie s ,

e rro rs ,

c o n fig u ra tio n

is s u e s ,

p r o p r ie ta r y in fo r m a tio n , a n d in te r e s tin g s e c u rity n u g g e ts o n w e b s ite s .

G o o g le

H a c k s

£ * 4) S o u rce : h ttp ://c o d e .g o o g le .c o m G o o g le

Hacks

is

a

fu n c tio n a lity fro m

c o m p ila tio n

of

c a re fu lly

G o o g le 's s e a rc h a n d

c ra fte d

G o o g le

se a rch e s

m a p s e rv ic e s . It a llo w s y o u t o

th a t

v ie w

s e a rc h re s u lts , v ie w a m a p , s e a rc h f o r m u s ic , s e a rc h f o r b o o k s , a n d p e r f o r m

expose

a tim e lin e

novel of your

m a n y o t h e r s p e c ific

k in d s o f s e a rc h e s .

\ \

B iL E

S u ite

S o u rce : h ttp ://w w w .s e n s e p o s t.c o m B iL E s t a n d s f o r B i - d i r e c t i o n a l L i n k E x t r a c t o r . T h e B iL E s u i t e i n c l u d e s a c o u p l e o f P e r l s c r i p t s u s e d in e n u m e r a t i o n

p r o c e s s e s . E a c h P e r l s c r i p t h a s i t s o w n f u n c t i o n a l i t y . B i L E . p l is t h e f i r s t t o o l o r

P e r l s c r i p t in t h e and fro m

c o l l e c t i o n . B iL E l e a n s o n

t h e t a r g e t s ite , a n d

th e n

G o o g le a n d

a p p lie s a s im p le

H T T ra ck to

a u to m a te th e

s ta tis tic a l w e ig h in g

c o lle c tio n s to

a lg o rith m

to

deduce

w h ic h w e b s it e s h a v e t h e s t r o n g e s t r e la t io n s h ip s w i t h t h e t a r g e t s ite .

G o o g le

H a c k

H o n e y p o t

S o u rce : h ttp ://g h h .s o u rc e fo rg e .n e t G o o g le

H a c k H o n e y p o t is t h e

re a c tio n

to

a new

ty p e

o f m a lic io u s w e b

tr a ffic : se a rc h

e n g in e

h a c k e r s . I t is d e s i g n e d t o p r o v i d e r e c o n n a i s s a n c e a g a i n s t a t t a c k e r s t h a t u s e s e a r c h e n g i n e s a s a h a c k in g

to o l

a g a in s t

your

reso u rce s.

GHH

im p le m e n ts

th e

honeypot

th e o ry

to

p ro v id e

a d d itio n a l s e c u rity t o y o u r w e b p re s e n c e .

G M a p C a t c h e r

&

S o u rce : h ttp ://c o d e .g o o g le .c o m

G M a p C a tc h e r

is

an

o fflin e

m aps

v ie w e r.

It

d is p la y s

m aps

fro m

m any

p ro v id e rs

such

as:

C l o u d M a d e , O p e n S t r e e t M a p , Y a h o o M a p s , B i n g M a p s , N o k i a M a p s , a n d S k y V e c t o r . m a p s . p y is a GUI

p ro g ra m

used

to

b ro w s e

G o o g le

m ap.

W ith

th e

o fflin e

to g g le

b u tto n

unchecked,

it c a n

d o w n lo a d G o o g le m a p tile s a u t o m a t ic a lly . O n c e t h e file d o w n lo a d s , it re s id e s o n y o u r h a r d d is k . T h u s , y o u d o n 't n e e d t o d o w n l o a d it a g a in .

M o d u le 0 2 P a g e 1 8 6

E t h i c a l H a c k i n g a n d C o u n t e r m e a s u r e s C o p y r i g h t © b y E C - C 0 U n C il A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d .


E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s

E x a m 3 1 2 - 5 0 C e r t if ie d E t h ic a l H a c k e r

F o o t p r in t in g a n d R e c o n n a is s a n c e

S e a r c h D ig g it y

a -

â&#x20AC;Ť× â&#x20AC;Ź

S o u rce : h ttp ://w w w .s ta c h liu .c o m

S e a r c h D i g g i t y is t h e p r i m a r y a t t a c k t o o l o f t h e G o o g l e H a c k i n g D i g g i t y P r o j e c t . I t is S t a c h & L i u ' s M S W in d o w s G U I a p p lic a tio n t h a t s e rv e s as a fr o n t - e n d t o th e to o ls

such

D L P D ig g ity ,

as

G o o g le D ig g ity ,

M a lw a re D ig g ity ,

B in g D ig g ity ,

B in g

P o rtS c a n D ig g ity ,

m o s t r e c e n t v e rs io n s o f D ig g ity

L in k F ro m D o m a in D ig g ity ,

S H O D A N D ig g ity ,

C o d e S e a rc h D ig g ity ,

B in g B in a ry M a lw a re S e a rc h ,

and

N o tln M y B a c k Y a r d D ig g ity .

G o o g le

H A C K

D B

PHP S o u rce : h ttp ://w w w .s e c p o in t.c o m T h e a t t a c k e r c a n a ls o u s e t h e S e c P o in t G o o g le H A C K D B t o o l t o d e t e r m i n e s e n s it iv e i n f o r m a t i o n fro m

t h e t a r g e t s ite . T h is t o o l h e lp s a n a t t a c k e r t o e x t r a c t file s c o n t a i n i n g p a s s w o r d s , d a t a b a s e

file s , c le a r t e x t file s , c u s t o m e r d a ta b a s e file s , e tc .

G o o s c a n S o u rce : h ttp ://w w w .d a r k n e t.o r g .u k G o o s c a n is a t o o l t h a t a u t o m a t e s q u e r i e s a g a i n s t G o o g l e s e a r c h a p p l i a n c e s . T h e s e q u e r i e s a r e d e s ig n e d t o fin d p o te n tia l v u ln e ra b ilitie s o n w e b p a g es.

M o d u le 0 2 P a g e 1 8 7

E t h i c a l H a c k i n g a n d C o u n t e r m e a s u r e s C o p y r i g h t Š b y E C - C 0 U n C il A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d .


E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s

E x a m 3 1 2 - 5 0 C e r t if ie d E t h ic a l H a c k e r

F o o t p r in t in g a n d R e c o n n a is s a n c e

F o o t p r in t in g

M e t h o d o lo g y

C E H

Footprinting through Search Engines

WHOIS Footprinting

Website Footprinting

DNS Footprinting

Email Footprinting

Network Footprinting

Competitive Intelligence

Footprinting through Social Engineering

Footprinting using Google

Footprinting through Social Networking Sites

Copyright Š by EG-G(IIIICil. All Rights Reserved. Reproduction is Strictly Prohibited.

F o o t p r i n t i n g G a th e rin g o rg a n iz a tio n

is

M

e t h o d o l o g y

n e tw o rk -re la te d

v e ry

im p o r ta n t

in fo rm a tio n

when

such

h a c k in g

a

p e rfo rm

a w h o is

as

s y s te m .

w h o is So,

in fo rm a tio n

now

we

w ill

of

th e

ta rg e t

d is c u s s

w h o is

fo o tp rin tin g . W h o is

fo o tp rin tin g

fo c u s e s

on

how

to

lo o k u p ,

a n a ly z in g

th e

w h o is

lo o k u p

re s u lts , a n d t h e to o ls t o g a th e r w h o is in f o r m a t io n .

M o d u le 0 2 P a g e 1 8 8

E t h i c a l H a c k i n g a n d C o u n t e r m e a s u r e s C o p y r i g h t Š b y E C - C 0 U n C il A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d .


E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s

E x a m 3 1 2 - 5 0 C e r t if ie d E t h ic a l H a c k e r

F o o t p r in t in g a n d R e c o n n a is s a n c e

WHOIS Lookup

CEH

Urtifi•!

Ittiul lUckw

W HOIS databases are maintained by Regional In te rn e t Registries and contain the personal inform ation o f dom ain owners

WHOIS q u e ry re tu rn s: e e

Regional In te rn e t R e g istries (RIRs)

In fo rm a tio n o b ta in e d f r o m W H O IS d a t a b a s e a s s i s t s a n a t t a c k e r to :

Domain name details Contact details of domain

«

ow ner

Create detailed map of

A

a f r i

R T N

organizational network

Domain name servers 9

tt

NetRange

a

Gather personal information

£ )APNIC

that assists to perform social

W hen a domain has been

engineering

created e

6

Expiry records

RIPE

Gather other internal network details, etc.

6

j

Records last updated

Copyright © by EG-G*ancil. All Rights Reserved. Reproduction is Strictly Prohibited.

W

H O

I S

L o o k u p

W H O I S is a q u e r y a n d r e s p o n s e p r o t o c o l u s e d f o r q u e r y i n g d a t a b a s e s t h a t s t o r e s t h e re g is te re d b lo c k ,

or

u s e rs o r a s s ig n e e s o f a n an

R e g is trie s a n d

a u to n o m o u s c o n ta in

th e

s y s te m .

In te rn e t re so u rce , such

as a d o m a in

W H O IS

m a in ta in e d

p e rs o n a l in fo rm a tio n

c a lle d a L O O K U P t a b l e t h a t c o n t a i n s a ll t h e d o m a in ,

and

h o s t.

Anyone

d a ta b a s e s

can

connect

o f d o m a in

in fo rm a tio n

and

a re

q u e ry

to

o w n e rs .

s e rv e r

to

IP a d d r e s s

R e g io n a l

In te rn e t

They

m a in ta in

a re co rd

a s s o c ia te d w it h th is

n a m e , an by

a p a rtic u la r n e tw o rk ,

get

in fo rm a tio n

about

p a r tic u la r n e tw o r k s , d o m a in s , a n d h o s ts . A n a tta c k e r can se n d a q u e ry to th e a p p ro p ria te W H O IS s e rv e r to o b ta in th e in fo rm a tio n a b o u t th e

ta rg e t

d o m a in

name,

c o n ta c t

d e ta ils

of

its

o w n e r,

e x p iry

d a te ,

c re a tio n

d a te ,

e tc . T h e

W H O IS s e v e r w ill re s p o n d t o th e q u e r y w it h re s p e c tiv e in f o r m a t io n . T h e n , th e a tta c k e r c a n use th is in fo r m a tio n to c re a te a m a p o f th e o rg a n iz a tio n

n e t w o r k , t r i c k d o m a i n o w n e r s w i t h s o c ia l

e n g in e e r in g o n c e h e o r s h e g e ts c o n ta c t d e ta ils , a n d t h e n g e t in t e r n a l d e ta ils o f t h e n e t w o r k .

M o d u le 0 2 P a g e 1 8 9

E t h i c a l H a c k i n g a n d C o u n t e r m e a s u r e s C o p y r i g h t © b y E C - C 0 U n C il A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d .


E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s

E x a m 3 1 2 - 5 0 C e r t if ie d E t h ic a l H a c k e r

F o o t p r in t in g a n d R e c o n n a is s a n c e

WHOISLookup Result Analysis c EH (citifwd

Whois Record

1 Stata

My Who.

Domain Dossier

ItkKal Math•■

investigate domain3 and IP addresses

domain or IP address [juggyboy.com

Doxain JLdmr.13tratcr M icrosoft C orporation One M icrosoft Way Rsrinorei Hr. 93052 cs dom ain s@ r1lcroson.c1

0 domain whois record network whois record gncitymous [

+1.4250826060 Fex; +1.4259267229

0 DNS records

□ traceroute

□ service scan

J U

30]

log in | acccun

Bonaia Kane: nicrosoft.com A d d r e s s lo o k u p

Ee313*rar Sane: Marl3cnicor.com R e g istra r W10L3: w tiols.narttxm lcor.con R e g istra r Kcnepage: h ttp://vw V .r13rircnL tcr.rcn

canonical name j 1»00vhny.com. aliases

& dnir.13trative Contact: Dorain Adxilnlstracor M icrosoft C orporation One M icrosoft Kay Reancna WA 9BOS2 US d0rwa1n8fimicro9Qft.com +1.42S8828080 fcax: 4L.42S9367329

addresses

t

—•

D o m a in W h o is r e c o r d Queried wt10ivintt>rni<:.nt>t with "doi 1 juggyboy.c Doaaia Noses JUGGYBOY.COM

TecJxicol Contact. Zone Contact: msm H09tn«9t#r M icrosoft C orporation on• M icrosoft way Rectaond WA 98052 US m3nnstQmittoSOfl.com *1.1258828080 rax: 11. 12S93€"32S

R e gistrar: NETWORK 30UJTI0W3, LLC. *h: -.1 server: vnois .Retwor*solutions. cox R etercel URL: ftttp://w *.netw rfc501ut10ns.ccr,/enJJS/ N’a!a# 3*rv*r: &S19.WCRLOHTC.COM NAM S *rv»r: M520.WCBLON1C.COM s u c u a : c iic n tir a n s r e rP r o n i& ite d O pdated D ate: 03-feb-2009 C re a tio n D ata: 16-^ul-2003 E x p ir a tio n D a te : : - ‫ר‬

6012014

c re a te d on........................... : 1991-05-01. Expires on............................: 2021-03-02. Record l a s t upaatea o n ..: 2011-03-14.

» > l a s t update o f who la d a ta b a s e : Thu, 19 J a l 2012 0 4 9 : 3 6 : ‫ ל���OTC 4 Q uened wt10is.netw ork50lu tions.cnm with juggyboy.com ...

Donaia se rv e rs in l i s t e d order:

R egistrant: ns3.1Ksrt.net n 3 4 .a s ft .a c t

«M«RMNK

r .s l.tt3 rt.n e t as 3 act

m mm

03 r t

h ttp ://w h o is .d o m a in to o ls .c o m

h ttp ://c e n tralops. ne t/co Copyright © by EG-G*ancil. All Rights Reserved. Reproduction is Strictly Prohibited.

W

H O

A

I S

w h o is

L o o k u p lo o k u p

R e s u l t

can

h ttp ://w h o is .d o m a in to o ls .c o m

be

to

p e rfo rm

d o m a in to o ls .c o m

w

w h o is

s e rv ic e

p e rfo rm e d

W h o is

s e rv ic e s

such

as

lo o k u p

p ro v id e s

by w h o is

m e n t io n e d W h o is s e rv ic e s . B o th th e s e s e rv ic e s a llo w e n te rin g

th e

in fo rm a tio n

a d m in is tra tiv e c o n ta c t in fo rm a tio n , c re a te d D o m a in

u s in g

o r h t t p : / / c e n t r a l o p s . n e t / c o . H e re y o u c a n s e e t h e r e s u lt a n a ly s is

o f a W h o is lo o k u p o b ta in e d w ith th e t w o you

A n a l y s i s

ta rg e t's such

as

d o m a in re g is tra n t

or

IP

a d d re s s.

in fo rm a tio n ,

a n d e x p ir y d a t e , a lis t o f d o m a i n

The

e m a il,

s e rv e rs , e tc . T h e

D o s s ie r a v a ila b le a t h t t p : / / c e n t r a l o p s . n e t / c o / g iv e s t h e a d d re s s lo o k u p , d o m a in W h o is

re c o rd , n e tw o r k w h o is re c o rd , a n d D N S re c o rd s in fo r m a tio n .

M o d u le 0 2 P a g e 1 9 0

E t h i c a l H a c k i n g a n d C o u n t e r m e a s u r e s C o p y r i g h t © b y E C - C 0 U n C il A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d .


E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s

E x a m 3 1 2 - 5 0 C e r t if ie d E t h ic a l H a c k e r

F o o t p r in t in g a n d R e c o n n a is s a n c e

WhimRecord SiteProfile Registration Server Stats MyWhois R e g is tra n t: Domain A d m i n i s t r a t o r M i c r o s o f t C o r p o r a ti o n One M i c r o s o f t Way Reds-ond WA 98052 US d p n a in sc X m c ro so flc o m + 1 .4 2 5 8 8 2 8 0 8 0 F ax : + 1 .4 2 5 9 3 6 3 2 9 ‫ל‬

Dom ain D ossier |

I n v e s t i g a t e d o m a in s a n d I P a d d r e s s e s

dom ain or !P a d d re s s ]ug9yCoy.com

domain whois record

0 DNS records

□ traceroute 2

•‫ ׳‬9° J user anonymous [ balance: 47 units

30] PfJ11tr.fi

lo f in | a cco un t info

,!,Lit

D o z a m tta x e : n i c r o 3 0 f t .c 0 m R e g i s t r a r M ane: M a rte n o n ito r.c o m R e g i s t r a r W hois: w h o is . !n a rlato n i t o r . c a n R e g i s t r a r H o n e p ag e: h ttp ://w w w .m a rJ a n c n t o r . c o t

1

1

A d s r i n i s t r a t i v e C o n ta c t : Domain A d n l n l s t r a t o r

Address lookup canonical name juooyboy.com. aliases a d d re s s e s

6

Microsoft Corporation One M i c r o s o f t Way Redmond WA 98052 US d ornains@ m cf soft.com + 1 .4 2 5 8 8 2 8 0 8 0 F ax : 4-1.4 2 5 9 3 6 3 2 9 ‫ל‬

10

T e c h n i c a l C o n ta c t , Zone C o n ta c t : MSN H o s tm a s te r M i c r o s o f t C o r p o r a ti o n One M i c r o s o f t Way Redirond KA 98052 US n snf s t@ m itro so flc o m ♦1*4258828080 F ax: + 1 .4 2 5 9 3 6 7 3 2 9

1 1

C re a te d o n : 1 9 9 1 -0 5 - 0 1 . E x p ire s o n 2 0 2 1 -0 5 - 0 2 . R e c o rd l a s t u p d a te d o n . . : 2 0 1 1 -0 8 - 1 4 .

1

D o m a in W h o is r e c o r d Q u e rie d w h o i s .in te r n ic .n e t w ith "dom ju g g y b o y .c o m ‫ ״‬... D cxein Name: JUGGYBOY.COM R e g i s t r a r : NETWORK SOLUTIONS, LLC. ¥ h o i s S e r v e r : w h o is .n e t v f o r lf s o lu t i o n s .c o j n

R e fe r r a l URL: h ttp ://w vfw .n etw orJc3clu tion3.co1r/en US/ Vane S e rv e r: HS19.WORLDNIC.COM Nase S e r v e r : HS20.WORLDNIC.COM S ta t u s : c l i c n t T r a n s f e r F r o h i b i t e d U pdated D a te : 0 3 -fe b -2 0 0 9 C r e a tio n D a te : 1 6 - ) u l- 2 0 0 2 E x p i r a ti o n D a te : 16- j ‫׳‬j 1-2014 » > L ast update o f w hois d a ta b a se : Thu, 19 Ju l 2012 0 7 :4 9 :3 6 UTC < « Q u e ried w h o ib .n e tw o r k b o lu tio n b .c o iii w ith " ju g g y b o y x o iH ‫ ״‬...

Domain s e r v e r s i n l i s t e d o r d e r :

R e g is tra n t: n s 5 .n s f t.n e t n s 4 .n s f t.n e t n s l.n s ft.n e t n s 3 .n s f t.n e t n s 2 .n s ft.n e t

h t t p ://w h o is .d o m a in to o ls .c o m

h tt p ://c e n tr a lo p s .n e t/c o

FIGURE 2 .3 0 : W h o is se rvice s s c re e n s h o ts

M o d u le 0 2 P a g e 1 9 1

E t h i c a l H a c k i n g a n d C o u n t e r m e a s u r e s C o p y r i g h t © b y E C - C 0 U n C il A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d .


E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s

E x a m 3 1 2 - 5 0 C e r t if ie d E t h ic a l H a c k e r

F o o t p r in t in g a n d R e c o n n a is s a n c e

WHOISLookupTool: SmartWhois CEH Urtffi•* IthKjl lUckM

Sm artW hois - Evaluation V ersion F ie Query Edit Y!r/» Settings Help

2? •

b

j

c r a iji

P. host or dcmarc J m!cr050ft.c<

14

miacsoft.com ^ mcney.de

»E53

tt Free SAS i ProXad 8, rue de la ville l"Evcque 75006 Paris phone -33 1 73 50 20 00 fax *■33 1 73 50 25 01 hQstmastcfCPptoxad.nct (3

free SAS i ProXad rue de 14 ville l"Evec|ue 75006 P«ri» phone-33 173 50 20 00 fax: *33 1 73 502501 r.ojtmcitcri’cfo.od.nct

( | frMml-g20.frM.fi [212.27.60.19] ( ® J ''*•ns2-q2C.frM.fr [21227 60.20]

IJ

c" uUpdated: pr*at*d 29/12/2006 17/02/2004 Source: whois.nic.fr

Completed at 19-07-2012 12:4*01 PM Processing ‫ם‬me 1.6$ seconds V1r«VM>Liter

http://www.tamos,com Copyright © by EG-G*ancil. All Rights Reserved. Reproduction is Strictly Prohibited.

B

C

W

H O

I S

L o o k u p

T o o l :

S m

a r t W

h o i s

S o u rce : h ttp ://w w w .ta r n o s .c o m S m a r t W h o i s is a u s e f u l n e t w o r k i n f o r m a t i o n in fo rm a tio n

a b o u t an

u tility t h a t a llo w s y o u t o

IP a d d r e s s , h o s t n a m e , o r d o m a i n , i n c l u d i n g

l o o k u p a ll t h e a v a ila b le

c o u n try , s ta te

o r p ro v in c e ,

c ity , n a m e o f t h e n e t w o r k p r o v i d e r , a d m i n i s t r a t o r , a n d t e c h n i c a l s u p p o r t c o n t a c t i n f o r m a t i o n . It a ls o a s s is ts y o u in f i n d i n g t h e o w n e r o f t h e d o m a i n , t h e o w n e r ' s c o n t a c t i n f o r m a t i o n , t h e o w n e r o f t h e IP a d d r e s s b l o c k , r e g i s t e r e d d a t e o f t h e d o m a i n , e t c .

M o d u le 0 2 P a g e 1 9 2

E t h i c a l H a c k i n g a n d C o u n t e r m e a s u r e s C o p y r i g h t © b y E C - C 0 U n C il A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d .


E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s

E x a m 3 1 2 - 5 0 C e r t if ie d E t h ic a l H a c k e r

F o o t p r in t in g a n d R e c o n n a is s a n c e

Sm aitW hois ‫ ־‬Evaluation Version F ile

Q u e ry

E d it

V ie w

IP, h o s t o r d o m a in :

Q

S e ttin g s

H e lp

V

m ic r o s o f t c o m

‫־׳‬£> Q u e r y »

m a t m ic r o s o ft .c o m m o n e y .d e

Qnjgjfcfr 8 8.19 0 2S 4.12

Free S A S / P r o X a d I 8, ru e d e la v ille I 'E v e q u c 75008 P a ris p h o n e : ♦33 1 73 50 20 00 fax: ♦33 1 7 3 5 0 2 5 01 h o s t m a s t e r g p fQ x id .n e t Free S A S / P r o X a d I 8. ru e d e la v ille l" F v e q u e 75008 P a ris

phene ♦ 33 173 50 20 00 fax: ♦33 173 5025 01 freensl-g20iree.fr (212.27.60.19]

1freens2-g20iree.fr[212.27.60.20] Google Page Rank: 7

1Alexa Traffic Rank: 11,330 Created: 29/12/2008 Updated: 17/02/2004 Source: whois.nicir Completed at 19*07-2012 12:44:01 PM Processing time: 1.63 seconds Vievy s o u r c e

FIGURE 2.31: SmartWhois screenshot

M o d u le 0 2 P a g e 1 9 3

E t h i c a l H a c k i n g a n d C o u n t e r m e a s u r e s C o p y r i g h t © b y E C - C 0 U n C il A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d .


E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s

E x a m 3 1 2 - 5 0 C e r t if ie d E t h ic a l H a c k e r

F o o t p r in t in g a n d R e c o n n a is s a n c e

W H O IS

O n lin e T o o ls

SmartWhois

Whois

http://smartwhois.com

http://tools.whois.net

‫ה־ז‬

n

L o o k u p

Better Whois

1 1

DNSstuff

%

http://www. betterwhois. com

C E H

http://www.dnsstuff, com

m im r ‫־ = ■ ־‬

Whois Source

m

Network Solutions Whois

S'

p y y

http://www.whois.sc

Web Wiz

WebToolHub

§ fc ]

http://www.webwiz.co. uk/domain‫־‬ tools/whois-lookup.htm

http://www.webtooll 1•whois-lookup. aspx

http://www.networksolutions.com

Network-Tools.com

Ultra Tools

http://network-tools.com

https://www.ultratools.com/whois/home

Copyright © by EG-G*ancil. All Rights Reserved. Reproduction is Strictly Prohibited.

W

H O

I S

S im ila r t o

L o o k u p

T o o l s

S m a rtW h o is , th e r e

a re

n u m e r o u s to o ls a v a ila b le

in t h e

m a rk e t to

r e trie v e

W h o is in fo rm a tio n . A f e w a re m e n tio n e d as fo llo w s :

p p

C o u n t r y W

h o is

----------S o u r c e : h t t p : / / w w w . t a m o s . c o m C o u n t r y W h o i s is a u t i l i t y f o r i d e n t i f y i n g t h e g e o g r a p h i c l o c a t i o n o f a n I P a d d r e s s . C o u n t r y W h o i s can

be

used

to

a n a ly z e

s e r v e r lo g s , c h e c k e m a i l a d d r e s s

h e a de rs,

id e n tify

o n lin e

c r e d it ca rd

f r a u d , o r in a n y o t h e r i n s t a n c e w h e r e y o u n e e d t o q u i c k l y a n d a c c u r a t e l y d e t e r m i n e t h e c o u n t r y o f o r i g i n b y IP a d d r e s s .

L a n W

h o is

S o u rce : h ttp ://la n tric k s .c o m L a n W h o ls

p ro v id e s

h e lp s

d e te rm in e

you

re g is te re d , a n d th e

in fo rm a tio n who,

a b o u t d o m a in s

w h e re ,

in fo rm a tio n

y o u r s e a r c h r e s u l t in t h e f o r m

and

when

and th e

a d d re s s e s o n

d o m a in

or

s ite

th e you

I n t e r n e t . T h is a re

p ro g ra m

in te re s te d

in

was

a b o u t t h o s e w h o s u p p o r t it n o w . T h is t o o l a llo w s y o u t o s a v e

o f an a rc h iv e t o v ie w

it la te r. Y o u c a n p r in t a n d s a v e t h e s e a rc h

r e s u l t in H T M L f o r m a t .

M o d u le 0 2 P a g e 1 9 4

E t h i c a l H a c k i n g a n d C o u n t e r m e a s u r e s C o p y r i g h t © b y E C - C 0 U n C il A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d .


E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s

E x a m 3 1 2 - 5 0 C e r t if ie d E t h ic a l H a c k e r

F o o t p r in t in g a n d R e c o n n a is s a n c e

P

t ■j i^

t

B a tc h

I P

C o n v e r t e r

* S o u rce : h ttp ://w w w .n e tw o r k m o s t.c o m

B a tc h

IP C o n v e r t e r

is a

n e tw o rk

to o l

to

w o rk

w ith

IP a d d r e s s e s .

It c o m b i n e s

C o n v e r t e r , B a tc h P in g , T r a c e r t , W h o i s , W e b s i t e S c a n n e r , a n d C o n n e c t i o n in te rfa c e

as w e ll as a n

I P - t o - C o u n t r y C o n v e r t e r . It a llo w s y o u

to

D o m a in -to -IP

M o n i t o r in t o a s in g le

lo o k u p th e

IP a d d r e s s f o r a

s in g le o r lis t o f d o m a in n a m e s a n d v ic e v e rs a .

I

r 1‫־‬

C a lle r I P S o u rce : h ttp ://w w w .c a lle r ip p ro .c o m

C a lle rIP

is b a s i c a l l y IP a n d

c o n n e c tio n

m ade

a d d re s se s o n

th e

to

p o rt m o n ito rin g

y o u r c o m p u te r.

w o rld

m ap. The

s o ftw a re

t h a t d is p la y s t h e

It a ls o a llo w s y o u

W h o is

re p o rtin g

to

fin d

fe a tu re

th e

in c o m in g

o rig in

p ro v id e s

key

and

o u tg o in g

o f a ll c o n n e c t i n g

IP

in fo rm a tio n

such

as

fo r one

or

w h o a n IP is r e g i s t e r e d t o a l o n g w i t h c o n t a c t e m a i l a d d r e s s e s a n d p h o n e n u m b e r s .

® 1—

‫׳‬

W

h o ls

L o o k u p

M

u l t i p l e

A d d r e s s e s

S o u rce : h ttp ://w w w .s o b o ls o ft.c o m T h is s o f t w a r e

o ffe rs

a s o lu tio n U se rs can

fo r

u se rs w h o

s im p ly e n te r

w a n t to

lo o k

o w n e rs h ip

m ore

IP a d d r e s s e s .

o p t io n s f o r lo o k u p s ite s : w h o is . d o m a in t o o ls . c o m , w h o is - s e a r c h . c o m , a n d w h o is . a r in . n e t .

r e s u lt in g lis t s h o w s t h e

b e tw e e n

lo o k u p s , t o

o r lo a d

a v o id

th e m

fro m

d e ta ils

th re e

T h e u s e r ca n s e t a d e la y p e rio d

IP a d d r e s s e s

up

lo c k o u ts f r o m

a file . T h e r e

a re

th e s e w e b s ite s . T h e

IP a d d r e s s e s a n d d e t a i l s o f e a c h . I t a l s o a l l o w s y o u t o s a v e r e s u l t s t o a

t e x t file .

W

h o ls

A n a ly z e r

P r o

S o u rce : h ttp ://w w w .w h o is a n a lv z e r .c o m T h is t o o l a llo w s y o u t o a c c e s s in f o r m a t io n a b o u t a r e g is t e r e d d o m a in w o r l d w i d e ; y o u c a n v ie w th e d o m a in fin d in g th e

o w n e r n a m e , d o m a in lo c a tio n

n a m e , a n d c o n ta c t d e ta ils o f d o m a in

o f a s p e c ific d o m a in . Y o u

can

s im u lt a n e o u s ly . T h is t o o l g iv e s y o u t h e a b ilit y t o

o w n e r . It a ls o h e l p s in

a ls o s u b m i t m u l t i p l e

p rin t o r save th e

q u e rie s w it h

th is to o l

r e s u lt o f t h e q u e r y in H T M L

fo rm a t.

H o tW h o is S o u rce : h ttp ://w w w .tia ls o ft.c o m H o tW h o is c ity ,

is a n

a d d re s s,

m e c h a n is m

IP t r a c k i n g t o o l t h a t c a n

c o n ta c t

phone

n u m b e rs,

re v e a l v a lu a b le and

e m a il

in fo rm a tio n , such

a d d re s se s

of

an

IP

r e s o r t s t o a v a r i e t y o f R e g io n a l I n t e r n e t R e g is trie s , t o o b t a i n

a b o u t IP a d d r e s s . W i t h

as c o u n tr y , s ta te ,

p ro v id e r.

The

q u e ry

IP W h o i s i n f o r m a t i o n

H o tW h o is y o u c a n m a k e w h o is q u e rie s e v e n if t h e re g is tra r, s u p p o r tin g

a p a rtic u la r d o m a in , d o e s n 't h a v e th e w h o is s e rv e r its e lf.

M o d u le 0 2 P a g e 1 9 5

E t h i c a l H a c k i n g a n d C o u n t e r m e a s u r e s C o p y r i g h t © b y E C - C 0 U n C il A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d .


E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s

E x a m 3 1 2 - 5 0 C e r t if ie d E t h ic a l H a c k e r

F o o t p r in t in g a n d R e c o n n a is s a n c e

W

h o is

2 0 1 0

P r o

S o u rce : h ttp ://la p s h in s .c o m W h o i s 2 0 1 0 P R O is n e t w o r k i n f o r m a t i o n

s o f tw a r e th a t a llo w s y o u to

l o o k u p a ll t h e

a v a ila b le

in f o r m a t io n a b o u t a d o m a in n a m e , in c lu d in g c o u n tr y , s ta te o r p r o v in c e , c ity , a d m in is t r a t o r , a n d te c h n ic a l s u p p o r t c o n ta c t in fo rm a tio n .

(W )

A c t iv e W h o is S o u rce : h ttp ://w w w .jo h n r u .c o m

A c t i v e W h o i s is a n e t w o r k t o o l t o f i n d i n f o r m a t i o n a b o u t t h e o w n e r s o f IP a d d r e s s e s o r I n t e r n e t d o m a in s . Y o u ca n d e te r m in e th e c o u n tr y , p e rs o n a l a n d p o s ta l a d d re s s e s o f th e o w n e r, a n d /o r u s e r s o f IP a d d r e s s e s a n d d o m a i n s .

W

h o is T h is D o m a in

S o u rce : h ttp ://w w w .n ir s o ft.n e t W h o is T h is D o m a in a b o u t a re g is te re d

is a d o m a i n

r e g is tra tio n

lo o k u p

u tility

th a t

d o m a i n . It a u t o m a t i c a l l y c o n n e c t s t o t h e

a llo w s

you

to

get

in fo rm a tio n

rig h t W H O IS s e rv e r a n d

re trie v e s

t h e W H O I S r e c o r d o f t h e d o m a i n . It s u p p o r t s b o t h g e n e r ic d o m a i n s a n d c o u n t r y c o d e d o m a in s .

M o d u le 0 2 P a g e 1 9 6

E t h i c a l H a c k i n g a n d C o u n t e r m e a s u r e s C o p y r i g h t Š b y E C - C 0 U n C il A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d .


E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s

E x a m 3 1 2 - 5 0 C e r t if ie d E t h ic a l H a c k e r

F o o t p r in t in g a n d R e c o n n a is s a n c e

W H O IS

‫ה־ז‬

n

1 1

L o o k u p

O n lin e T o o ls

SmartWhois

Whois

http://smartwhois.com

http://tools.whois.net

Better Whois

DNSstuff

%

http://www. betterwhois. com

C E H

http://www.dnsstuff, com

m im r ‫־ = ■ ־‬

Whois Source

m

Network Solutions Whois

S'

p y y

http://www.whois.se

Web Wiz

WebToolHub

§ fc ]

http://www.webwiz.co. uk/domain‫־‬ tools/whois-lookup.htm

http://www.webtooll 1•whois-lookup. aspx

http://www.networksolutions.com

Network-Tools.com

Ultra Tools

http://network-tools.com

https://www.ultratools.com/whois/home

Copyright © by EG-G*ancil. All Rights Reserved. Reproduction is Strictly Prohibited.

W

H O

I S

L o o k u p

O

n l i n e

T o o ls

In a d d i t i o n t o t h e W h o i s l o o k u p t o o l s m e n t i o n e d s o f a r , a f e w

o n lin e W h o is lo o k u p to o ls

a re lis te d as fo llo w s : Q

S m a r tW h o is a v a ila b le a t h t t p : / / s m a r t w h o is . c o m

Q

B e tte r W h o is a v a ila b le a t h t t p : / / w w w . b e t t e r w h o is . c o m

O

W h o is S o u rc e a v a ila b le a t h ttp ://w w w .w h o is .s e

Q

W e b W iz a v a ila b le a t h t t p : / / w w w . w e b w iz . c o . u k / d o m a in - t o o ls / w h o is - lo o k u p . h t m

Q

N e tw o rk -T o o ls .c o m

Q

W h o is a v a ila b le a t h t t p : / / t o o ls . w h o is . n e t

©

D N S s tu ff a v a ila b le a t h ttp ://w w w .d n s s tu ff.c o m

Q

N e t w o r k S o lu tio n s W h o is a v a ila b le a t h t t p : / / w w w . n e t w o r k s o l u t io n s . c o m

S

W e b T o o lH u b a v a ila b le a t h t t p :/ / w w w . w e b t o o lh u b . c o m / t n 5 6 1 3 8 1 - w h o is - lo o k u p . a s p x

Q

U ltra T o o ls a v a ila b le a t h t t p s : / / w w w . u lt r a t o o ls . c o m / w h o is / h o m e

M o d u le 0 2 P a g e 1 9 7

a v a ila b le a t h t t p : / / n e t w o r k - t o o ls . c o m

E t h i c a l H a c k i n g a n d C o u n t e r m e a s u r e s C o p y r i g h t © b y E C - C 0 U n C il A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d .


E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s

E x a m 3 1 2 - 5 0 C e r t if ie d E t h ic a l H a c k e r

F o o t p r in t in g a n d R e c o n n a is s a n c e

Footprinting Methodology Footprinting through Search Engines

WHOIS Footprinting

Website Footprinting

DNS Footprinting

Email Footprinting

Network Footprinting

Competitive Intelligence

Footprinting through Social Engineering

Footprinting using Google

Footprinting through Social Networking Sites

CEH

Copyright Š by EG-G*ancil. All Rights Reserved. Reproduction is Strictly Prohibited.

F o o t p r i n t i n g -------

M

e t h o d o l o g y

T h e n e x t p h a s e i n f o o t p r i n t i n g m e t h o d o l o g y is D N S f o o t p r i n t i n g .

T h is s e c tio n d e s c rib e s h o w t o e x t r a c t D N S in f o r m a t io n a n d t h e D N S in t e r r o g a t i o n to o ls .

M o d u le 0 2 P a g e 1 9 8

E t h i c a l H a c k i n g a n d C o u n t e r m e a s u r e s C o p y r i g h t Š b y E C - C 0 U n C il A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d .


E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s

E x a m 3 1 2 - 5 0 C e r t if ie d E t h ic a l H a c k e r

F o o t p r in t in g a n d R e c o n n a is s a n c e

E x t r a c t in g

CEH

D N S I n f o r m a t io n

(•rtifwd

ilk. (41 •UthM

0

0 A ttacker can gather DNS inform ation to determ ine key hosts in the netw o rk and can perform social engineering attacks

3

0

DNS records provide important information about location and type of servers R e co rd

0

D N S I n te r r o g a tio n T o o ls

D e s c r ip t io n

T yp e A

2

©

http://www.dnsstuff.com

©

http://network-tools.com

P o in ts t o a h o s t's IP ad d re s s

MX

P o in ts t o d o m a in 's m a il se rv e r

NS

P o in ts t o h o s t's n a m e se rv e r

CNAM E

C a n o n ic a l n a m in g a llo w s a lia se s to a h ost

SOA

In d ic a te a u th o r ity fo r d o m a in

SRV

S e rv ic e re c o rd s

PTR

M a p s IP a d d re s s t o a h o s tn a m e

RP

R e sp o n sib le p e rso n

H IN FO

H o s t in fo r m a t io n re c o r d in c lu d e s C P U t y p e an d O S

T XT

U n s tru c tu r e d te x t re c o rd s

Copyright © by EG-G*ancil. All Rights Reserved. Reproduction is Strictly Prohibited.

E x t r a c t i n g

D N S

DNS fo o tp rin tin g

I n f o r m

a llo w s y o u

to

a t i o n

o b ta in

in fo rm a tio n

about

DNS zone

d a ta . T h is

DNS

z o n e d a t a i n c l u d e s D N S d o m a i n n a m e s , c o m p u t e r n a m e s , IP a d d r e s s e s , a n d m u c h m o r e a b o u t a p a rtic u la r n e tw o rk . T h e a tta c k e r p e rfo r m s D N S fo o t p r in t in g o b ta in

th e

d e te rm in e

in fo rm a tio n key

h o s ts

about

in t h e

DNS.

He

n e tw o rk

or

and

she

th e n

th e n

uses

p e rfo rm s

o n t h e t a r g e t n e t w o r k in o r d e r t o th e

g a th e re d

DNS

s o c ia l e n g in e e r in g

in fo rm a tio n

a tta c k s to

to

g a th e r

m o re in fo rm a tio n . DNS fo o tp rin tin g can be p e rfo rm e d

u s in g D N S in t e r r o g a t io n t o o ls s u c h as w w w . D N S s t u f f . c o m .

B y u s i n g w w w . D N S s t u f f . c o m , i t is p o s s i b l e t o e x t r a c t D N S i n f o r m a t i o n s e rv e r e x te n s io n s ,

DNS

lo o k u p s ,

W h o is

lo o k u p s ,

e tc .

If y o u

w ant

a b o u t IP a d d r e s s e s , m a i l

in fo rm a tio n

a b o u t a ta rg e t

c o m p a n y , i t is p o s s i b l e t o e x t r a c t i t s r a n g e o f IP a d d r e s s e s u t i l i z i n g t h e I P r o u t i n g l o o k u p o f D N S s tu ff. If t h e t a r g e t n e t w o r k a llo w s u n k n o w n , u n a u t h o r iz e d u s e rs t o t r a n s f e r D N S z o n e d a ta , t h e n i t is e a s y f o r y o u t o

o b ta in th e

in fo rm a tio n

a b o u t DNS w ith

th e

h e lp o f th e

DNS in te rro g a tio n

to o l. O nce you re sp o n d

to

send th e you

w ith

q u e r y u s in g t h e a re co rd

DNS in te rro g a tio n

s tru c tu re th a t c o n ta in s

to o l to

th e

in fo rm a tio n

DN S se rv e r, th e a b o u t th e

s e rv e r w ill

ta rg e t DNS. DNS

re c o rd s p ro v id e im p o r ta n t in fo r m a tio n a b o u t lo c a tio n a n d ty p e o f s e rve rs. Q

A - P o i n t s t o a h o s t ' s IP a d d r e s s

M o d u le 0 2 P a g e 1 9 9

E t h i c a l H a c k i n g a n d C o u n t e r m e a s u r e s C o p y r i g h t © b y E C - C 0 U n C il A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d .


E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s

E x a m 3 1 2 - 5 0 C e r t if ie d E t h ic a l H a c k e r

F o o t p r in t in g a n d R e c o n n a is s a n c e

Q

M X ‫ ־‬P o in ts t o d o m a in 's m a il s e rv e r

Q

NS - P o in ts t o h o s t's n a m e s e rv e r

Q

C N A M E - C a n o n ic a l n a m in g a llo w s a lia s e s t o a h o s t

Q

S O A - In d ic a te a u t h o r it y f o r d o m a in

Q

SR V - S e rv ic e r e c o r d s

Q

P T R - M a p s IP a d d r e s s t o a h o s t n a m e

6

RP - R e s p o n s i b l e p e r s o n

£

H IN F O - H o s t in f o r m a t io n r e c o r d in c lu d e s C PU t y p e a n d OS

A f e w m o r e e x a m p le s o f D N S in t e r r o g a tio n to o ls t o s e n d a D N S q u e r y in c lu d e : 6

h ttp ://w w w .d n s s tu ff.c o m

©

h ttp ://n e tw o rk -to o ls .c o m

M o d u le 0 2 P a g e 2 0 0

E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s C o p y r ig h t © b y

EC-C0l1ncil

A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d .


E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s

E x a m 3 1 2 - 5 0 C e r t if ie d E t h ic a l H a c k e r

F o o t p r in t in g a n d R e c o n n a is s a n c e

E x t r a c t in g

D N S I n f o r m a t io n

C E H

( C o n t ’d )

T h is t o o l i s v e r y u s e f u l t o p e r f o r m a D N S q u e r y o n a n y h o s t . E a c h d o m a in

(•rtifwtf | EthKJi ■UckM

^ Perform DNS query

n a m e (Ex a m p le : d n s q u e r ie s . c o m ) i s s t r u c t u r e d in h o s t s (e x : u e r ie s , c o m ) a n d t h e D N S ( D o m a in N a m e S y s t e m ) a llo w

Q 10

t o t r a n s la t e t h e d o m a in n a m e o r t h e h o s t n a m e in an IP A d d r e s s c o n t a c t v ia t h e T C P / I P p r o t o c o l. T h e r e a r e s e r v e r a l t y p e s o f q u e r ie microsoft.com s,

c o r r e s p o n d in g t o a ll t h e I m p le m e n t a b le t y p e s o f D N S r e c o r d s s u c h a s A re c o rd , M X . A A A A , C N A M E an d SOA.

Results for checks on m icro so ft.co m H ost

TTL

C la s s

ly p e

D e ta ils

m ic r o s o f t .c o m !J

3381

IN

TXT

FbU F 6 D bkE * A w 1 / v / i9 x g D i3 K V r llZ u s 5 v 8 L 6 tb lQ Z k G r Q ‫ ׳‬r V Q K J i8 C jQ b B tW t£ 6 4 e y 4 N JJv /j5 J6 5 P lg g V Y N a b d Q —

m ic r o s o f t .c o m

3381

IN

TXT

v - s p f Include: s p f- a . m lc r o s o f t .c o m Include :_ s p f- b .m fc ro s o ft.c o m 1 n c lu d e :_ sp f‫־‬c. m lc r o s o ft .c o m 1nclu de:_spf-ssg• a . m ic r o s o ft .c o m ip 4 : l 3 1 . 1 0 7 .1 1 5 .2 1 5 ip i : 1 3 1 .1 0 7 .1 1 5 .2 1 4 ip 4 :2 0 5 .2 4 8 .1 0 6 .6 4 ip 4 : 2 0 5 .2 4 8 .1 0 6 .3 0 ip 4 :2 0 5 .2 4 8 .1 0 6 .3 2 * all

1

m lc r o s o f t .c o m ^

3381

IN

MX

1 0 m a ll. m e s s a g ln g . m lc r o s o n . c o m ! J

m ic io b u f t . c o iii J

3381

IN

SOA

n s 1 .m s f t. n e t m b n h b t .m ia b f t .c m 2 01 2 0 7 1 6 0 2 3C0 6 00 2 4 1 9 2 0 0 3 600

m ic r o s o f t .c o m

3381

IN

A

6 4 .4 .1 1 .3 7 (£)

3381

IN

m ic r o s o f t .c o m

00 0

A

6 5.5 5 .5 8 .7 0 1 $

141531 IN

NS

n s 5 .m s ft.n e t

m ic r o s o f t .c o m

141531 IN

NS

n s 2 .m s ft.n e t

m ic r o s o f t .c o m ^

141531 IN

NS

n s 1 .m s f t.n e t (g)

m ic r o s o f t .c o m $

141531 IN

NS

n s 3 .m s f t.n e t $

m ic r o s o f t .c o m $

141531 IN

NS

n s 4 .m s f t.n e t yj}

m ic r o s o f t .c o m

'J

h ttp ://w w w .d n s q u e r ie s .c o m

Copyright © by EG-GtailCil. All Rights Reserved. Reproduction is Strictly Prohibited.

E x t r a c t i n g

D N S

I n f o r m

a t i o n

( C

o n t ’ d )

S o u rce : h ttp ://w w w .d n s q u e rie s .c o m P e rfo rm p e rfo rm in

h o s ts

DNS

q u e ry

a v a ila b le

at

h ttp ://w w w .d n s q u e rie s .c o m

is

a

to o l

th a t

you

to

a D N S q u e r y o n a n y h o s t . E a c h d o m a i n n a m e ( e x a m p l e : d n s q u e r i e s . c o m ) is s t r u c t u r e d (ex:

w w w .d n s q u e rie s .c o m ) a n d

th e

DNS

(D o m a in

Nam e

S y s te m )

a llo w s

t r a n s l a t e t h e d o m a i n n a m e o r t h e h o s t n a m e i n a n IP a d d r e s s t o c o n t a c t v i a t h e T he re

a llo w s

a re

se ve ra l

ty p e s

of

q u e rie s ,

c o rre s p o n d in g

to

a ll

th e

anyone

TCP/IP

im p le m e n ta b le

to

p ro to c o l.

ty p e s

of

DNS

re c o rd s su ch as a re c o rd , M X , A A A A , C N A M E , a n d SOA. Now

le t's s e e h o w t h e

DNS in te r r o g a tio n to o l re trie v e s in fo r m a tio n

b ro w s e r and ty p e h ttp ://w w w .d n s q u e rie s .c o m

a b o u t th e

DNS. G o to th e

a n d p re s s E n te r. T h e D N S q u e ry 's h o m e s ite w ill

b e d i s p l a y e d in t h e b r o w s e r . E n t e r t h e d o m a i n n a m e o f y o u r i n t e r e s t in t h e

P e rfo rm

a re

Run

e n te rin g

M ic ro s o ft.c o m )

and

c lic k

th e

D N S q u e r y 's H o s tN a m e fie ld (h e re w e

to o l

b u tto n ;

th e

DNS

in fo rm a tio n

fo r

M i c r o s o f t . c o m w i l l b e d i s p l a y e d as s h o w n in t h e f o l l o w i n g f i g u r e .

M o d u le 0 2 P a g e 2 0 1

E t h i c a l H a c k i n g a n d C o u n t e r m e a s u r e s C o p y r i g h t © b y E C - C 0 U n C il A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d .


E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s

E x a m 3 1 2 - 5 0 C e r t if ie d E t h ic a l H a c k e r

F o o t p r in t in g a n d R e c o n n a is s a n c e

T h is t o o l is v e r y u s e f u l t o p e r f o r m a D N S q u e r y o n a n y h o s t . E a c h d o m a in n a m e ( F x a m p le : d n s q u e r ie s . c o m ) is s t r u c t u r e d in h o s t s (ex:

Q Perform DNS query

w w w . d n s q u 9 r ie s . c o m ) a n d t h e D N S ( D o m a in Nam© S y s t e m ) a llo w o v o r y b o d y t o t r a n s la t o t h o d o m a in n a m o o r t h o h o s t n a m e in an IP A d d r o s s t o c o n t a c t v ia t h e T C P / I P p r o t o c o l. T h e r e a r e s e r v e r ^ t y p e s o f q u e r ie s , c o r r e s p o n d in g t o dll t h e im p le m e n ld b le t y p e s o f D N S r e c o r d s s u c h ‫ ל«־‬A r e c o r d , M X , A A A A , C N A M E a n d SO A .

H o s t fla m e :

[mcrosoftcom Type: ANY

0

|

R un to o h T

Results fo r checks on m 1crosoft.com H ost

TTL

C la s s

Type

m ic r o s o ft .c o m

3381

IN

TXT

F b U F 6 D b k E * A v v l/w i9 x g D i8 K V rllZ u s 5 v 8 L 6 tb lQ Z k G rQ / ‫ ׳‬V Q K Ji8 C jQ b B tW tE 6 4 e y 4 N JJ v v j5 J6 5 P lg g W N a b d Q -‫־‬

D e ta ils

micr030ft.c0m

3381

IN

TXT

v= spf ln c lu d e :_ s p f-a .m fc r o s o fL c o m ln d u d e :_ s p f ‫ ־‬b .m fc r o s o ft.c o m ln c lu d e :_ s p f ‫־‬ a . m ic r o s o ft.c o m i p 4 : l 3 l . l C 7 . 1 l 5 . 2 l 5 i p 4 : l 3 l .1 0 7 .1 1 5 .2 1 4 ip 4 :2 G 5 .2 4 8 .1 0 0 .6 4 ip 4 :2 0 5 .2 4 3 .1 06.30 ip 4 :2 0 5 .2 4 8 .1 0 6 .3 2 ' a l l

m ic r o s o ft .c o m

3381

IN

MX

10 mail.mes5aging.micro50ft.c0m

m ic r o s o t t. c o m ^

3381

IN

SOA

n s l.m s ft .n e t m s n h s t .m ic r o s o f t . c o m 2 01 2 0 7 1 6 0 2 300 6 0 0 2 4 1 9 20 0 3 600

m ic r o s o ft .c o m

3381

IN

A

64.4.11.37 sJ

m ic r o s o ft .c o m

3381

IN

A

6 5 55.58.201

microsoh.com ^

141531

IN

NS

n s 5 .m s f t.n e t {gj

m ic r o s o t t. c o m ^

141531

IN

NS

n s 2 .m s lt .n e t $

m ic r o s o ft .c o m C J

141531

IN

NS

n s 1 .m s ft.n e t !£}

m ic r o s o ft .c o m Q

141531

IN

NS

n s 3 .m s ft.n e t

n1icr050ft.c0m ^

141531

IN

NS

rr54.t1tsft.net ' j

1

c . m lc r o s o ft.c o m 1 n d u d e :_ s p f-s sg

FIGURE 2 .3 2 : S c re e n s h o t s h o w in g DNS in fo r m a tio n f o r M ic ro s o ft.c o m

M o d u le 0 2 P a g e 2 0 2

E t h i c a l H a c k i n g a n d C o u n t e r m e a s u r e s C o p y r i g h t © b y E C - C 0 U n C il A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d .


E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s

E x a m 3 1 2 - 5 0 C e r t if ie d E t h ic a l H a c k e r

F o o t p r in t in g a n d R e c o n n a is s a n c e

DNS Interrogation Tools DIG

A

‫ח‬

DNSWatch

http://www.kloth.net

ffjp slli

CEH

____ ‫נ‬

http://www.dns watch, info

myDNSTools

DomainTools

http://www.mydnstools.info

http://www.domaintools.com

Professional Toolset

1rv ' - ,

(0 m

http://www.dnsstuff. com

DNS http://e-dns.org

DNS Records

DNS Lookup Tool

http://net work-tools.com

http://www.webwiz. co.uk

DNSData View

DNS Query Utility

http://www.nirsoft.net

http://www.webmaster-toolkit. com

Copyright © by EG-G(HIICil. All Rights Reserved. Reproduction is Strictly Prohibited.

D N S

I n t e r r o g a t i o n

T o o l s

A f e w m o r e w e ll- k n o w n D N S in t e r r o g a t i o n t o o ls a re lis te d as fo llo w s : ©

D IG a v a ila b le a t h t t p : / / w w w . k l o t h . n e t

©

m y D N S T o o ls a v a ila b le a t h ttp ://w w w .m y d n s to o ls .in fo

©

P ro fe s s io n a l T o o ls e t a v a ila b le a t h t t p : / / w w w . d n s s t u f f . c o m

©

D N S R e c o rd s a v a ila b le a t h t t p : / / n e t w o r k - t o o ls . c o m

©

D N S D a ta V ie w a v a ila b le a t h t t p : / / w w w . n i r s o f t . n e t

©

D N S W a tc h a v a ila b le a t h ttp ://w w w .d n s w a tc h .in fo

©

D o m a in T o o ls P ro a v a ila b le a t h ttp ://w w w .d o m a in to o ls .c o m

©

D N S a v a ila b le a t h t t p :/ / e - d n s . o r g

©

D N S L o o k u p T o o l a v a ila b le a t h t t p : / / w w w . w e b w iz . c o . u k

©

D N S Q u e ry U tility a v a ila b le a t h t t p : / / w w w . w e b m a s t e r - t o o lk i t . c o m

M o d u le 0 2 P a g e 2 0 3

E t h i c a l H a c k i n g a n d C o u n t e r m e a s u r e s C o p y r i g h t © b y E C - C 0 U n C il A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d .


E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s

E x a m 3 1 2 - 5 0 C e r t if ie d E t h ic a l H a c k e r

F o o t p r in t in g a n d R e c o n n a is s a n c e

Footprinting Methodology Footprinting through Search Engines

CEH

WHOIS Footprinting

‫*ך‬

Website Footprinting

DNS Footprinting

Email Footprinting

Network Footprinting

Competitive Intelligence

Footprinting through Social Engineering Footprinting through Social Networking Sites

Copyright © by EG-G(HIICil. All Rights Reserved. Reproduction is Strictly Prohibited.

F o o t p r i n t i n g The in fo rm a tio n .

next So,

s te p

now

we

a fte r w ill

M

e t h o d o l o g y

re trie v in g d is c u s s

th e

n e tw o rk

DNS

in fo rm a tio n

fo o tp rin tin g ,

is

to

g a th e r

a m e th o d

n e tw o rk -re la te d

o f g a th e rin g

n e tw o rk -

re la te d in fo rm a tio n . T h is

s e c tio n

d e s c rib e s

how

to

lo c a te

n e tw o rk

range,

d e te rm in e

th e

o p e ra tin g

s y s te m ,

T ra c e ro u te , a n d th e T ra c e ro u te to o ls .

M o d u le 0 2 P a g e 2 0 4

E t h i c a l H a c k i n g a n d C o u n t e r m e a s u r e s C o p y r i g h t © b y E C - C 0 U n C il A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d .


E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s

E x a m 3 1 2 - 5 0 C e r t if ie d E t h ic a l H a c k e r

F o o t p r in t in g a n d R e c o n n a is s a n c e

CEH

Locate the Network Range J

Q u e rie d

207 46 232 182 207.46. 0. 0 207 46 255.255 207.46 0/16

w h o is .a r in .n e t

N e tR a n g e :

w ith

"n

.

.

C ID R :

Find the range of IP addresses using ARIN whois database search tool

J

IthKJI lUckM

N e tw o r k W h o is R e c o rd

Network range information obtained assists an attacker to create a map of the target's network

J

(citifwd

.

.

" . . .

.

.

O rig in A S : N e tN a m e :

M IC R O S O F T -G L O B A L -N E T N E T -

N e tH a n d le :

You can find the range of IP addresses and the subnet mask used by the target organization from Regional Internet Registry (RIR)

-

N S

.M S F T .N E T

N a m e S e rv e r:

N S

.M S F T .N E T

N a m e S e rv e r:

N S

.M S F T .N E T

N a m e S e rv e r:

N S

.M S F T .N E T

N a m e S e rv e r:

N S

.M S F T .N E T

-

-

h t tp : / /w

207 46 0 0-1 -

-

A s s ig n m e n t

2 4 1 5 3 1997 03-31 2004 12-09

R e f:

-

-

-

N a m e S e rv e r:

U p d a te d :

h o is .a r in .n e t/r e s t/n e t/N E T -

-

O rg N a m e :

M

Orgld:

MSFT

A d d re s s :

O ne

ic ro s o ft M

C o rp

ic ro s o ft

C ity :

R edm ond

S ta te P r o v :

WA

W ay

O rg A b u se P h o n e :

98052 1998 07-10 2009 11-10 231 1 425 882-8080

O rg A b u s e E m a il:

a b u s e @ h o tm a il. com

PostalCode:

US

C o u n try :

-

R e g D a te :

-

U p d a te d :

N e tw o rk

-

N E T -

D ir e c t

R e g D a te :

Atta cker

207 46 0 0-1 207 0 0 0-0

P a r e n t: N e tT y p e :

R e f:

h t t p : //w h o is . a r i n .n e t/re s t/o rg /M S F T

O r g A b u s e H a n d le

ABU SE

O rg A k u se N a m e :

A b u se +

-

-A R IN

-

O rg A b u se R e f: h t t p : / /w h o is . a r i n .n e t/re s t/p o c /A B U S E

231

-A R IN

Copyright © by EG-Gtancil. All Rights Reserved. Reproduction is Strictly Prohibited.

»‫־‬ L o c a t e

‫ז‬-‫נ‬

To

p e rfo rm

in fo rm a tio n fo r, an d

t h e

N

e t w

n e tw o rk

o r k

R a n g e

fo o tp rin tin g ,

you

need

to

g a th e r

b a s ic

and

im p o rta n t

a b o u t th e t a r g e t o rg a n iz a tio n su ch as w h a t th e o rg a n iz a tio n d o e s , w h o th e y w o r k

w h a t ty p e

o f w o rk

th e y

p e rfo rm . The

a n s w e rs to

th e s e

q u e s tio n s

g iv e

you

an

id e a

a b o u t th e in te rn a l s tr u c tu r e o f th e ta r g e t n e tw o rk . A fte r g a th e rin g th e ran g e

a fo re m e n tio n e d

o f a ta rg e t s y s te m .

in fo rm a tio n , an a tta c k e r can p ro c e e d to fin d th e

He o r she can g e t m o re

d e ta ile d

r e g i o n a l r e g i s t r y d a t a b a s e r e g a r d i n g IP a l l o c a t i o n a n d t h e

in fo rm a tio n

fro m

th e

n e tw o rk

a p p ro p ria te

n a tu r e o f th e a llo c a tio n . A n a tta c k e r

c a n a ls o d e t e r m i n e t h e s u b n e t m a s k o f t h e d o m a in . H e o r s h e c a n a ls o t r a c e t h e r o u t e b e t w e e n th e

s y s te m

and

th e

ta rg e t

s y s te m .

Two

p o p u la r

tra c e ro u te

to o ls

a re

N e o T ra ce

and

V is u a l

R o u te . O b ta in in g

p riv a te

A u th o rity

(IA N A )

In te rn e ts :

IP a d d r e s s e s c a n has

rese rve d

th e

be u s e fu l fo r an a tta c k e r. T h e fo llo w in g

1 0 .0 .0 .0 -1 0 .2 5 5 .2 5 5 .2 5 5

(1 0 /8

th re e

b lo c k s o f t h e

p re fix ),

In t e r n e t A s s ig n e d

N u m b e rs

IP a d d r e s s s p a c e f o r p r i v a t e

1 7 2 .1 6 .0 .0 -1 7 2 .3 1 .2 5 5 .2 5 5

(1 7 2 .1 6 /1 2

p re fix ) , a n d 1 9 2 .1 6 8 . 0 .0 - 1 9 2 .1 6 8 .2 5 5 .2 5 5 ( 1 9 2 .1 6 8 /1 6 p re fix ). The

n e tw o rk

ran g e

g iv e s

you

an

id e a

about

how

th e

n e tw o rk

is ,

w h ic h

m a c h in e s

in

th e

n e t w o r k s a re a liv e , a n d it h e lp s t o id e n t i f y t h e n e t w o r k t o p o lo g y , a c c e s s c o n t r o l d e v ic e , a n d OS

M o d u le 0 2 P a g e 2 0 5

E t h i c a l H a c k i n g a n d C o u n t e r m e a s u r e s C o p y r i g h t © b y E C - C 0 U n C il A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d .


E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s

E x a m 3 1 2 - 5 0 C e r t if ie d E t h ic a l H a c k e r

F o o t p r in t in g a n d R e c o n n a is s a n c e

u s e d in t h e t a r g e t n e t w o r k . T o f i n d t h e

n e tw o rk ra n g e o f th e ta rg e t n e tw o rk , e n te r th e s e rve r

IP a d d r e s s ( t h a t w a s g a t h e r e d i n W H O I S f o o t p r i n t i n g ) i n t h e A R I N w h o i s d a t a b a s e s e a r c h t o o l o r you

can

go

to

th e

A R IN

w e b s ite

(h t t p s ://w w w .a r in .n e t/k n o w le d g e /r ir s .h tm l) a n d

e n te r

th e

s e r v e r IP i n t h e S E A R C H W h o i s t e x t b o x . Y o u w i l l g e t t h e n e t w o r k r a n g e o f t h e t a r g e t n e t w o r k . I f th e

D N S s e rv e r s a re n o t s e t u p c o r r e c t ly , t h e a t t a c k e r h a s a g o o d c h a n c e o f o b t a i n i n g a lis t o f

in te r n a l m a c h in e s o n t h e s e rv e r . A ls o , s o m e t im e s if a n a t t a c k e r tr a c e s a r o u t e t o a m a c h in e , h e o r s h e c a n g e t t h e i n t e r n a l IP a d d r e s s o f t h e g a t e w a y , w h i c h m i g h t b e u s e f u l . N e tw o rk

W h o is

Q u e rie d w h o is . a r i n . n e t w it h

R e c o rd

"n 2 0 7 .4 6 .2 3 2 .1 8 2 ",

2 0 7 .4 6 .0 .0 - 2 0 7 .4 6 .2 5 5 .2 5 5 N e tR a n g e : 2 0 7 .4 6 .0 .0 /1 6 C ID R : O rig in A S : MICROSOFT-GLOBAL-NET NetN am e: N E T -207 -46-0 -0-1 N e tH a n d le : N E T -20 7 -0 -0 -0 -0 P a re n t: D i r e c t A s s ig n m e n t N e tT yp e : N S 2 .MSFT.NET N am eS e rve r: N S 4 .MSFT.NET N am eS e rve r: NS1.MSFT.NET N am eS e rve r: NS5.MSFT.NET N am eS e rve r: NS3.MSFT.NET N am eS erver: 1997-03-31 R eg D a te : 2 0 04-12-09 U p d a ted : h ttp ://w h o is .a r i n .n e t/re s t/n e t/N E T R e f: 2 0 7 -4 6 -0 -0 -1 M i c r o s o f t Corp O rgN a m e : MS FT O rg ld : One M i c r o s o f t Way A ddress: Redmond C ity : WA S ta te P ro v : 98052 P o s ta lC o d e : US C o u n try : 1998-0 7 -1 0 R eg D a te : 2 0 0 9-1 1 -1 0 U p d a ted : h t t p : / /w h o is .a r i n . n e t/re s t/o rg /M S F T R e f: O r g A b u s e H a n d l e : ABUSE23 1 - A R I N OrgAbuseName: Abuse O rgA buseP hone: + 1 -4 25-882-8080 O rg A b u s e E m a il: e k b u s e @ h o tm a il.c o m O rgA b use R e f: h t t p : / / w h o i s . a r i n . n e t/re s t/p o c /A B U S E 2 3 1 -A R IN

Y o u n e e d t o u s e m o r e t h a n o n e t o o l t o o b t a in n e t w o r k in f o r m a t i o n as s o m e t im e s a s in g le t o o l is n o t c a p a b l e o f d e l i v e r i n g t h e i n f o r m a t i o n y o u w a n t .

M o d u le 0 2 P a g e 2 0 6

E t h i c a l H a c k i n g a n d C o u n t e r m e a s u r e s C o p y r i g h t Š b y E C - C 0 U n C il A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d .


E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s

E x a m 3 1 2 - 5 0 C e r t if ie d E t h ic a l H a c k e r

F o o t p r in t in g a n d R e c o n n a is s a n c e

Determine the Operating System c EH (•itifwd tUMJl NM hM

Use the Netcraft tool to determine the OSes in use by the target organization

Copyright © by EC-CaHCil. All Rights Reserved. Reproduction is Strictly Prohibited.

\ D

e t e r m

i n e

t h e

O

p e r a t i n g

S y s t e m

S o u rce : h ttp ://n e w s .n e tc ra ft.c o m S o f a r w e h a v e c o l l e c t e d i n f o r m a t i o n a b o u t IP a d d r e s s e s , n e t w o r k r a n g e s , s e r v e r n a m e s , e t c . o f th e

ta rg e t

n e tw o rk .

Now

it's

tim e

to

fin d

out

th e

OS

r u n n in g

on

th e

ta rg e t

n e tw o rk .

The

t e c h n i q u e o f o b t a i n i n g i n f o r m a t i o n a b o u t t h e t a r g e t n e t w o r k O S is c a l l e d O S f i n g e r p r i n t i n g . T h e N e tc r a ft to o l w ill h e lp y o u t o fin d o u t th e OS r u n n in g o n th e ta r g e t n e tw o r k . L e t's s e e h o w N e t c r a f t h e lp s y o u d e t e r , o m e t h e O S o f t h e t a r g e t n e t w o r k . Open

th e

h ttp ://n e w s .n e tc ra ft.c o m

s ite

in y o u r

b ro w se r and

ty p e

th e

d o m a in

nam e

of your

t a r g e t n e t w o r k in t h e W h a t ' s t h a t s it e r u n n i n g ? f i e l d ( h e r e w e a r e c o n s i d e r i n g t h e d o m a i n n a m e ‫ ״‬M i c r o s o f t . c o m " ) . It d is p la y s a ll t h e s it e s a s s o c i a t e d w i t h t h a t d o m a i n a l o n g w i t h t h e o p e r a t i n g s y s t e m r u n n in g o n e a c h s ite .

M o d u le 0 2 P a g e 2 0 7

E t h i c a l H a c k i n g a n d C o u n t e r m e a s u r e s C o p y r i g h t © b y E C - C 0 U n C il A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d .


E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s

E x a m 3 1 2 - 5 0 C e r t if ie d E t h ic a l H a c k e r

F o o t p r in t in g a n d R e c o n n a is s a n c e

OS, Wab Scrrcr aad Mosang Mi‫ כ‬lory for wlnOo/o./ricrosoft.coai

riE T C R ^ F T *kBtxkOwiMi

rae»o-^

S earch W eb by Domain

M1UOS08-88/7.5 Mier6<w8-8S/7 5 Micre&Jt IIS/7 ( Miaoso8-83/7 5

lft-JUl-2012 14•Jul-901? 8 ‫ י‬Jun 2012

M 55 175 113 M W 175183

M ac** Cap Acre** Cap! Merc s»« Cap Macso• Cap MCTCSJtCCfp

r s c ic p

14-Ju1-2012‫׳‬ 18-May-2012 14-May-2012 10‫־‬Apr-2012

55 55 175183

Miacsat-iis5 /‫׳‬ Micrcs:>MS/7 6 Mierc sot HC/7 6

F5 e»G-P F5 BIC-P F6 6ICP

Miacso«-«S/7 5 Mieroso8-flS/7 5 Uiaeco• IS/75

12-Apr-2012 18-Uar-?01? 11 Mar-2012

r* fk;-p

I E>pb(0 1.045.745w#&:la s u<1t«dbyus9rs ofth• Npicrafl Toolbar

3rdAugust 2012

fiM fchr

•*arch .!p.

I

|

3

s*« contains

f£WC-P P5 NG-P H fclG-P GIC-P

ft

lookup!

a te contains .net :‫ ׳‬aft.com

Results fo r m icro soft

6((£8133

5555.176183 85 56 175183 56 52103 234 55 52 103234 55 52 103 ?34 65 5€ 175 183

Ucreot Cat Were5 ‫ •ג‬Cap M a cs* Cap U a c s * Cap lAacsot Cap

1 Found 252 sites Site

Site Report First seen

1. w .x n :f5 J 0 f:.:« r1 1

2.

:u»pert.m tro5eft.to‫״׳‬

1

3-

f'e c s 'f.fo r

1

4.

1

5. ‫־‬r s d 1‫־‬.merosoftcom

1

67.

1

n»nd9M .TkfM «f(.tom

ca-m1:ro*oftxom soaal tochncc.microsoft.ccm

8. ■'tswara.nnicroioft.coni 9. MNM<pd«ta.n«lcnaoftcD«n 10. aooal.msdn.iTtKroBoft.tom 11■ } • m1!f01»H,t«1« 12• *»«d0»<«upd»ta.‫׳‬nKr©«©ft.<0m 13. n ffd it•

r#‫׳‬r1

14. »1«.m«r91alWf»f>alatftr,nyr IS. search.mKroicft.ccm 16. ***(.m icroioftator• com 17. :o ^ r .mtcrotoHorV11to.com IB. M0r.1nKr0B0H.c0m

a e a a a £1 a a £1 (U a a a a a a a a

Netblock

OS Mac: UpOTie - the Dm* since last reboot >3explained la the fAO

(1M1) 2*120*24:13

august 1995

microsoft corp

otrix netscaler

octobar 1997

microsoft corp

unicnown

Sle >wvwpassport con

60

Uax 129

august 1909

mieroaoft torp

otrix n atari to*

www‫ ׳‬encarta.com

52

56

juoa 1998

microsoft corp

w rio o a * * 2 0 0 8 ‫־‬%♦‫־‬

asi‫׳‬oue• com MMMrcarpeiAteem

48 46

91 81

?

mada com

41

£6

!

rriacsotcomt* mtreso* iu mjrat• hcrro microcoHcom

39 38 38

39 50 84

!

c9lm acso8.com

66

<

* mw 12:2:1 r*1 n‫׳‬Krc«08c0m wwwmancanvlw caficcant

33 32 20 20

77 *6 £2 £0

wnoows s*rr*» 2W8 intro** Pf&C-P rsoG -r

K.ac»o« ‫י‬S/7 5 WlCTCSOf-M‫־‬IP*/‫׳‬l2 0 IMac40MS/7 4 ItK T C M U t^f u.acsol-lC/7 5

wwwoficccom 08k • nMcmalt cent Mogs tacftnatcam

20 35 36

185 110 20

F6BG-P

IWa«$0MV/5 U1ac«08-iS/7 5

wwwrn»uesot.con1 lemincom men ca p IA/EC0U msnccra

24 92 32 20 !8

45 ?4 36 51 79

saptennbor 1998 microsoft coro

otrix netsealor

novombor 1998 microsoft corp

unoow n

august 2008

microsoft coro

citnx notscalor

august 2009

microsoft imttod

window■ ‫ ! ׳ ״‬e 2008

may2007

‫ *״‬r f i w . « >«0 ‫ ׳‬2 ‫« כ‬

august 2008

otrix notacotor

novombor 2001 ms hotm••!

ctrix n t ttta l• ‫׳‬

fabwary 1999

microsoft corp

- rS o ‫*״‬

faboary 3003

microsoft corp

wr«<M1 ■••var ?90S

novombor ?008 •Itam ai torhnelooiet January 1997

ao-v•2308 ‫־׳‬

linuv

a<ama‫ ׳‬international ‫ ה‬v Itoux

bio-c

novombor 2008 d« ltal rlvor iroiand ltd.

f5

docombor 2010 microsoft corp

window• s«%a• 21303

october ‫ ג‬00 ‫כ‬

w rcova S*2008 ‫־♦\־‬

microsoft corp

Avtraoe

Server

OS J

v/11«o*3 S»r.‫־‬a 2CC8

U1ac308-1S/7 5

reoG-p wnflows Sfr.tr2i<X inertx»«

UtCTCSOMS/7 Q l/Krcsot-IS/7 5

&$F

Uiereso• IS/7 £ Macs©*-*2/7: lft<yc90MSS7 5 U*<reco*-IS/7 5

FSBCP

w!‫ ז « » י‬Sana 2CC3

Iitacc08 li/7 8 U atM H V T S

! CiMi n«C«ral*r F5BC P

IM OCKOM SM0 U>ae sol 1V7 8 U tacso•18/7 0

>

IAOCSOt-13/7 3

FIGURE 2.3 3 : N e tc r a ft s h o w in g th e o p e ra tin g s y s te m th a t is in use b y M ic ro s o ft

M o d u le 0 2 P a g e 2 0 8

E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s C o p y r ig h t © b y E C - C 0 lin C il A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d .


E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s

E x a m 3 1 2 - 5 0 C e r t if ie d E t h ic a l H a c k e r

F o o t p r in t in g a n d R e c o n n a is s a n c e

D

e t e r m

((IL * ' ‫* “׳׳'־״‬

i n e

t h e

S H O D A N

O

p e r a t i n g

S e a r c h

S y s t e m

( C

o n t ’ d )

E n g in e

S o u rce : h ttp ://w w w .s h o d a n h a .c o m

U s e S H O D A N s e a rc h e n g in e t h a t le ts y o u f in d s p e c ific c o m p u t e r s ( r o u t e r s , s e rv e r s , e tc .) u s in g a v a r ie ty o f filte rs .

Ex

p o s e

O

n l in e

D

e v ic e s

.

W ebcam s. Ro uters.

,vA >j

P O W E R P L A N T S . IP H O N E S . W I N D T U R B IN E S .

£ * ‫*׳׳‬

R E FR IG E R A T O R S . V O IP P H O N E S .

Take a Tour

Free Sion Up

Papular Search Querios: RuggotiConi oyposod via loln ot Wired: hT1f£ /w w w .w 1ro<].car11f]rGaCeveV2012/0'Un1ggQdco1n-iH C M ooti (-ull O iscloctrc: http:/'soc...

U2

D e v e lo p e r API ■ Ond out how 10 accc33 the Qhodan ilHtalMSH with P/lhon. Pw1 ot Ruby

©

Le a r n M o r e

Fo l l o w M e

Gel rnorc oat c f ycur 5 c j‫־‬cf‫־‬c3 and find •*‫ ־‬mfnmaton rwwl

>**1

FIGURE 2 .3 4 : SHODAN S earch E ngine s c re e n s h o t

M o d u le 0 2 P a g e 2 0 9

E t h i c a l H a c k i n g a n d C o u n t e r m e a s u r e s C o p y r i g h t © b y E C - C 0 U n C il A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d .


E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s

E x a m 3 1 2 - 5 0 C e r t if ie d E t h ic a l H a c k e r

F o o t p r in t in g a n d R e c o n n a is s a n c e

* SHODAN

Search

Services HTTP HTTP Alternate FTP SNMP UPnP

Error 6,692.080 164,711 13.543 9,022 6.392

66.77.20.147 W indow s XP B1znews24.com A d d e d on 25 09 2012

H T T P 1.0 4 0 3 F o rb id d e n

S e r v e r M ic r o s o ft-I IS 6 .0

C o n te n t-L e n g th 218 C o n te n t •T y p e : te x th tm l

Arin gton

IIS E x p o rt: T h is w e b site w a s e x p o rte d u sm g U S E x p o rt v 4 J c lie n t s 2 .b n 2 4 .c o m

X -P o w e re d -B y : A S P .N E T D a te : T u e ? 25 S e p 2 0 1 2 0 1 :5 3 :0 0 G M T

Top Countries United States China United Kingdom Germany Canada

3,352,389 506,298 362,793 247,985 246,968

www.net.cn) 112.127.180.133 HiChina W eb Solutions (Bering) Lim ited A d d e d on 25 0 9 2 0 1 2

H T T P 1.0 2 0 0 O K

H

L a s t-M o d ifie d W ed. 2 2 J u n 2011 1 0 :28:46 G M T

Chaoyang

C o n te n t- T y p e : te x th tm l

A cc ep t-R an g e s: b y te s E T ag: " 0 8 3 b 4 2 sc 7 3 0 c c l:0 "

Top Cities Englewood Beijing Columbus Dallas Seoul

Server. M ic r o s o ft-I IS 7.5

170,677 111,663 107,163 90.899 86,213

Top Organizations Verio W eb Hosting 97,784 HiChina W eb Solutions ... 52,629 Ecommerce Corporation 43,967 GoDaddy.com, LLC 33,234 Comcast Business Commu... 32,203

X -P o w e r e d - B y A S P N E T X -U A -C o m p a tib le E - E m u la te I E 7 D ate: T u e , 25 S e p 2 0 1 2 0 1 :5 3 :0 2 G M T C o n te n t •L ength: 5304

The page must be viewed over a secure channel 41.216.174.82 W in dow s XP V D T C o m m u n ic a t io n s L im it e d A d d e d on 25 0 9 2 0 1 2

II

H T T P 1 .0 4 0 3 F o rb id d e n C o n ten t-L en g th : 1409 C o n te n t- T y p e : te x th tm l S e r v e r M ic r o s o ft-I IS 6 .0 X -P o w e r e d - B y A S P N E T D a te : T u e , 25 S e p 2 0 1 2 0 1 :5 9 :2 0 G M T

IIS7 110.142.89.161 T elstra Internet A d d e d on 25 09 2012

H T T P 1.0 2 0 0 O K

e f l W entw orth F a ls

L a s t-M o d ifie d : S a t, 2 0 N o v 2 0 1 0 0 3 :13:31 G M T

C o n te n t- T y p e : te x th tm l

A c c ep t-R an g e s: b y te s E T ag: “3 a 2 4 cb e 8 6 0 S 8 c b l :0" S e r v e r M ic r o s o ft-I IS 7.5 X -P o w e re d -B y : A S P N E T D a te : T u e , 25 S e p 2 0 1 2 0 1 :5 2 :5 0 G M T

FIGURE 2 .3 5 : SH O D AN s c re e n s h o t

M o d u le 0 2 P a g e 2 1 0

E t h i c a l H a c k i n g a n d C o u n t e r m e a s u r e s C o p y r i g h t © b y E C - C 0 U n C il A l l R ig h t s R e s e r v e d , R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d .


E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s

E x a m 3 1 2 - 5 0 C e r t if ie d E t h ic a l H a c k e r

F o o t p r in t in g a n d R e c o n n a is s a n c e

CEH

Traceroute Traceroute programs work on the concept of ICMP protocol and use the TTL field in the header of ICMP packets to discover the routers on the path to a target host IP Source

Router Hop IC M P E cho re q u e s t

Router Hop

Router Hop

Destination Host

TTL = 1

T r a c e r o u t e F in d in g t h e

ro u te

o f th e

t a r g e t h o s t is n e c e s s a r y t o

a tta c k s a n d o t h e r re la tiv e a tta c k s . T h e r e fo r e , y o u th e

n e t w o r k . T h is c a n

be

a c c o m p lis h e d

w ith

th e

t e s t a g a i n s t m a n - i n ‫־‬t h e ‫ ־‬m i d d l e

n e e d to fin d th e h e lp

o f th e

ro u te

T ra c e ro u te

o f t h e t a r g e t h o s t in u tility

p ro v id e d

w ith

m o s t o p e r a t i n g s y s t e m s . It a l l o w s y o u t o t r a c e t h e p a t h o r r o u t e t h r o u g h w h i c h t h e t a r g e t h o s t p a c k e ts t r a v e l in t h e n e t w o r k . T r a c e r o u t e u s e s t h e I C M P p r o t o c o l c o n c e p t a n d T T L ( T i m e t o L i v e ) f i e l d o f IP h e a d e r t o f i n d t h e p a t h o f t h e t a r g e t h o s t in t h e n e t w o r k . T he T ra c e ro u te th e

u tility can d e ta il th e

n u m b e r o f ro u te rs th e

b e tw e e n tw o

In te rn e t

P ro to c o l num ber

c a lle d of

T im e

ro u te rs

d e c r e m e n t th e TTL c o u n t fie ld p a c k e t w ill

be

d is c a rd e d

IP p a c k e t s t r a v e l b e t w e e n

p a c k e ts tra v e l th r o u g h , th e

r o u te r s , a n d , if t h e

and

ro u n d

trip

r o u te r s h a v e D N S e n trie s , th e

n e t w o r k a ffilia tio n , as w e ll as th e

m a x im u m

p a th

g e o g ra p h ic

To a

L iv e

packet

in t h e an

lo c a tio n .

(T T L ). m ay

The

tra n s it.

fie ld

Each

m essage

w ill

be

d u ra tio n

in t r a n s i t i n g

ro u te rs a n d th e ir

b y e x p lo itin g a fe a tu r e is

ro u te r

IC M P h e a d e r b y o n e . W h e n

e rro r

tim e

s y s t e m s . It c a n t r a c e

n a m e s o f th e

It w o r k s

TTL

tw o

in te rp re te d th a t th e

tra n s m itte d

to

h a n d le s

a

o f th e

in d ic a te

th e

packet

w ill

c o u n t re a c h e s z e ro , th e to

th e

o rig in a to r

o f th e

p a c k e t.

M o d u le 0 2 P a g e 2 1 1

E t h i c a l H a c k i n g a n d C o u n t e r m e a s u r e s C o p y r i g h t © b y E C - C 0 U n C il A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d .


E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s

E x a m 3 1 2 - 5 0 C e r t if ie d E t h ic a l H a c k e r

F o o t p r in t in g a n d R e c o n n a is s a n c e

It s e n d s o u t a p a c k e t d e s t i n e d f o r t h e d e s t i n a t i o n s p e c i f i e d . It s e t s t h e T T L f i e l d in t h e p a c k e t t o o n e . T h e f i r s t r o u t e r in t h e

p a th

re c e iv e s t h e

p a c k e t, d e c r e m e n ts th e TTL v a lu e

b y o n e , a n d if

t h e r e s u l t i n g T T L v a l u e is 0 , i t d i s c a r d s t h e p a c k e t a n d s e n d s a m e s s a g e b a c k t o t h e o r i g i n a t i n g h o s t to in fo rm

i t t h a t t h e p a c k e t h a s b e e n d i s c a r d e d . It r e c o r d s t h e IP a d d r e s s a n d D N S n a m e o f

t h a t r o u t e r , a n d s e n d s o u t a n o t h e r p a c k e t w i t h a T T L v a lu e o f t w o . T h is p a c k e t m a k e s it t h r o u g h t h e f i r s t r o u t e r , t h e n t i m e s - o u t a t t h e n e x t r o u t e r in t h e p a t h . T h i s s e c o n d r o u t e r a ls o s e n d s a n e r r o r m e s s a g e b a c k t o t h e o r i g i n a t i n g h o s t . T r a c e r o u t e c o n t i n u e s t o d o t h i s , a n d r e c o r d s t h e IP a d d re s s a n d n a m e o f e a c h r o u t e r u n til a p a c k e t fin a lly re a c h e s t h e t a r g e t h o s t o r u n til it d e c id e s t h a t t h e h o s t is u n r e a c h a b l e . I n t h e p r o c e s s , i t r e c o r d s t h e t i m e i t t o o k f o r e a c h p a c k e t t o t r a v e l ro u n d

trip

to

each

ro u te r.

re s p o n s e w ill b e se n d to

F in a lly ,

th e

when

it

re a ch e s

s e n d e r. T h u s, th is

th e

u tility

d e s tin a tio n ,

h e lp s t o

th e

reve a l th e

n o rm a l

IC M P

p in g

IP a d d r e s s e s o f t h e

i n t e r m e d i a t e h o p s in t h e r o u t e o f t h e t a r g e t h o s t f r o m t h e s o u r c e . IP S ource

R o u te r H op ICMP Echo request

R o u te r H op

R o u te r H op

D e s tin a tio n H ost

TTl =1

.................................«

............................................................................................................................... ' a

a

a

HTSTSW S

a

A A A

A

ICMP error message ICMP Echo request

-‫•• א‬ ...............................

A Mi A

A

■■■■■■■■■■■‫ י‬A A A

A

"—

1‫־‬

ICMP error message ICMP Echo request

ICMP error message ICMP Echo request

H I :::: A

AA A A

|

1

ICMP Echo Reply

FIGURE 2 .3 6 : W o rk in g o f T ra c e ro u te p ro g ra m

How to use the tracert command G o to th e c o m m a n d p ro m p t an d ty p e th e t r a c e r t

c o m m a n d a l o n g w i t h d e s t i n a t i o n IP a d d r e s s

o r d o m a in n a m e as fo llo w s :

C :\> tra c e rt

2 1 6 .23 9.3 6.1 0

T ra c in g r o u te t o n s 3 .g o o g le .c o m

124

[2 1 6 .2 3 9 .3 6 .1 0 ] o v e r a m a x im u m

1

1 2 6 2 ms

1 8 6 ms

2

2 7 9 6 ms

3 0 6 1 ms

3 4 3 6 ms

1 9 5 .2 29.252.130

3

1 5 5 ms

2 1 7 ms

1 5 5 ms

195.229.252.114

2171

ms

1 4 0 5 ms

5

2 6 8 5 ms

1 2 8 0 ms

6 5 5 ms

d x b - e m i x - r a . g e 6 3 0 3 . e m i x . ae

6

2 0 2 ms

5 3 0 ms

9 9 9 ms

d x b - e m i x - r b . s o l O O . e m i x . ae

609

ms

M o d u le 0 2 P a g e 2 1 2

1124

ms

1748

ms

195.229.252.10

4

7

1530

ms

o f 30 hops:

ms

194.170.2.57 [1 9 5 .2 2 9 .3 1 .9 9 ] [1 9 5 .2 2 9 .0 .2 3 0 ]

ia rl-s o -3 -2 -0 .T h a m e s s id e .c w .n e t

[1 6 6 .6 3 .2 1 4 .6 5 ]

E t h i c a l H a c k i n g a n d C o u n t e r m e a s u r e s C o p y r i g h t © b y E C - C 0 U n C il A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d .


E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s

E x a m 3 1 2 - 5 0 C e r t if ie d E t h ic a l H a c k e r

F o o t p r in t in g a n d R e c o n n a is s a n c e

8 1 6 2 2 ms 9

2377

2 4 9 8 ms

ms

2 0 6 1 ms

9 6 8 ms

5 9 3 ms

e q ix v a -g o o g le -g ig e .g o o g le .c o m 2 16 .239.48.193

10

3 5 4 6 ms

3 6 8 6 ms

3 0 3 0 ms 2 1 6 . 2 3 9 . 4 8 . 8 9

11

1 8 0 6 ms

1 5 2 9 ms

8 1 2 ms 2 1 6 . 3 3 . 9 8 . 1 5 4

12

1 1 0 8 ms

1 6 8 3 ms

2 0 6 2 ms n s 3 . g o o g l e . c o m

Trace

[206.223.115.21]

[2 1 6.239.36.10]

co m p le te .

M o d u le 0 2 P a g e 2 1 3

E t h i c a l H a c k i n g a n d C o u n t e r m e a s u r e s C o p y r i g h t Š b y E C - C 0 U n C il A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d .


E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s

E x a m 3 1 2 - 5 0 C e r t if ie d E t h ic a l H a c k e r

F o o t p r in t in g a n d R e c o n n a is s a n c e

Traceroute Analysis Attackers co n d u c t tra ce ro u te to extract in fo rm a tio n a bo u t: n e tw o rk to p o lo g y , tru sted ro u te rs, and fire w a ll lo ca tio n s For exam ple: a fter running several tra c e ro u te s, an attacker m ight o bta in th e fo llo w in g in fo rm atio n:

J

»

traceroute 1.10.10.20, second to last hop is 1.10.10.1

»

traceroute 1 10.20.10, third to last hop is 1.10.10.1

&

traceroute 1 10.20.10, second to last hop is 1.10.10.50

»

traceroute 1 10.20.15, third to last hop is 1.10.10.1

a

traceroute 1 10.20.15, second to last hop is 1.10.10.50

ED

n o

By putting this in fo rm a tio n together, attackers can draw th e n e tw o rk dia g ra m

IIIIIIIIIIIIIIIIIIII 1.10.10.20

1.10.20.10

B a s tio n H ost

W e b S e rv e r

1.10.20.50

H acker

F ire w a ll

1.10.20. M a il S e rv e r

Copyright © by EG-G*ancil. All Rights Reserved. Reproduction is Strictly Prohibited.

T r a c e r o u t e s‫־־־‬

W e

in te rm e d ia te

have

seen

A n a l y s i s

how

d e v ic e s s u c h

th e T ra c e ro u te

u tility

h e lp s y o u

to

fin d

o u t th e

as r o u te r s , fir e w a lls , e tc . p r e s e n t b e t w e e n

s o u rc e

IP a d d r e s s e s o f and

d e s tin a tio n .

Y o u ca n d r a w th e n e tw o r k to p o lo g y d ia g ra m

b y a n a ly z in g th e T r a c e r o u te re s u lts . A f t e r r u n n in g

se ve ra l tra c e ro u te s , y o u

o u t th e

n e tw o rk .

w ill b e a b le t o fin d

lo c a tio n

o f a p a rtic u la r h o p

in t h e t a r g e t

L e t's c o n s i d e r t h e f o l l o w i n g t r a c e r o u t e r e s u lt s o b t a i n e d :

9

tra ce ro u te

1 .1 0 .1 0 .2 0 ,

second

9

tra ce ro u te

1 . 1 0 . 22 00 .. 11 00 .

th ird

tra ce ro u te

1 .1 0 .2 0 .1 0

second

tra ce ro u te

1 .1 0 .2 0 .1 5

th ird

tra ce ro u te

1 .1 0 .2 0 .1 5

second

to to to to to

la s t la s t

hop hop

la s t la s t

hop hop

la s t

hop

is is is is is

1 .1 0 .1 0 .1 1 .1 0 .1 0 .1 1 .1 0 .1 0 .5 0 1 .1 0 .1 0 .1 1 .1 0 .1 0 .5 0

B y a n a ly z in g th e s e re s u lts , a n a tta c k e r ca n d r a w t h e n e t w o r k d ia g ra m

o f t h e t a r g e t n e t w o r k as

fo llo w s :

M o d u le 0 2 P a g e 2 1 4

E t h i c a l H a c k i n g a n d C o u n t e r m e a s u r e s C o p y r i g h t © b y E C - C 0 U n C il A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d .


E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s

E x a m 3 1 2 - 5 0 C e r t if ie d E t h ic a l H a c k e r

F o o t p r in t in g a n d R e c o n n a is s a n c e

1.10.20.10 W eb Server

DMZ ZONE

§ Hacker

......... In te rn e t

1.10.10.1 Router

1.10.10.50 Firewall

1.10.20.50 Firew all 1.10.20.15 M ail S erv er

FIGURE 2 .3 7 : D ia g ra m m a tic a l re p re s e n ta tio n o f th e ta r g e t n e tw o rk

M o d u le 0 2 P a g e 2 1 5

E t h i c a l H a c k i n g a n d C o u n t e r m e a s u r e s C o p y r i g h t Š b y E C - C 0 U n C il A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d .


E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s

E x a m 3 1 2 - 5 0 C e r t if ie d E t h ic a l H a c k e r

F o o t p r in t in g a n d R e c o n n a is s a n c e

P a th

A n a ly z e r

P ro

and

V is u a lR o u te

2010

a re

th e

tw o

to o ls

s im ila r

to

T ra c e ro u te

i n t e n d e d t o t r a c e r o u t e t h e t a r g e t h o s t in a n e t w o r k . P a th

< P a th ro u te

A n a ly z e r

P r o

S o u rce : h ttp ://w w w .p a th a n a ly z e r .c o m A n a ly z e r fro m

P ro

so u rce

is a g r a p h i c a l - u s e r - i n t e r f a c e - b a s e d to

d e s tin a tio n

g ra p h ic a lly .

It

n u m b e r , i t s IP a d d r e s s , h o s t n a m e , A S N , n e t w o r k

a ls o

tra c e

ro u tin g

p ro v id e s

name,

to o l

th a t show s

in fo rm a tio n

such

you

as t h e

th e hop

% lo s s , la t e n c y , a v g . la t e n c y , a n d s td .

d e v . a b o u t e a c h h o p i n t h e p a t h . Y o u c a n a l s o m a p t h e l o c a t i o n o f t h e IP a d d r e s s i n t h e n e t w o r k w i t h t h i s t o o l . It a l l o w s y o u t o d e t e c t f ilt e r s , s t a t e fu l f ir e w a l ls , a n d o t h e r a n o m a lie s a u t o m a t i c a l l y in th e n e tw o rk .

M o d u le 0 2 P a g e 2 1 6

E t h i c a l H a c k i n g a n d C o u n t e r m e a s u r e s C o p y r i g h t Š b y E C - C 0 U n C il A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d .


E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s

E x a m 3 1 2 - 5 0 C e r t if ie d E t h ic a l H a c k e r

F o o t p r in t in g a n d R e c o n n a is s a n c e

V is u a lR o u te

2 0 1 0

S o u rce : h ttp ://w w w .v is u a lr o u te .c o m T h i s is a n o t h e r g r a p h i c a l - u s e r - b a s e d t r a c i n g t o o l t h a t d i s p l a y s h o p - b y - h o p you to

a n a ly s is . It e n a b le s

i d e n t i f y t h e g e o g r a p h i c a l l o c a t i o n o f t h e r o u t e r s , s e r v e r s , a n d o t h e r IP d e v i c e s . I t is a b l e

to p ro v id e th e tra c in g in fo r m a tio n

in t h r e e f o r m s : as a n o v e r a l l a n a ly s is , in a d a t a t a b l e , a n d as

a g e o g r a p h i c a l v i e w o f t h e r o u t i n g . T h e d a t a t a b l e c o n t a i n s i n f o r m a t i o n s u c h a s h o p n u m b e r , IP a d d r e s s , n o d e n a m e , g e o g r a p h i c a l l o c a t i o n , e t c . a b o u t e a c h h o p in t h e r o u t e . F e a tu re s : 9

H o p -b y -h o p tra c e ro u te s

9

R e ve rse tr a c in g

^

H is to ric a l a n a ly s is

9

P a c k e t lo s s r e p o r t i n g

9

R e ve rse DNS

9

P in g p l o t t i n g

9

P o rt p ro b in g

9

F i r e f o x a n d IE p l u g i n

M o d u le 0 2 P a g e 2 1 7

E t h i c a l H a c k i n g a n d C o u n t e r m e a s u r e s C o p y r i g h t Š b y E C - C 0 U n C il A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d .


E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s

E x a m 3 1 2 - 5 0 C e r t if ie d E t h ic a l H a c k e r

F o o t p r in t in g a n d R e c o n n a is s a n c e

Frfe Ed«t Options View M *p

t from

1

v ►ttp://

My Compute*

‫־‬s -

VisualRoute 2010 ‫ ־‬Business Edition • Tnal day 1 of IS Tools H*4p

v».n-KT0«0ftaH

•0

1

v

I «ct

00

PM

‫? ״‬f

Mm • lo o lv

61»q

Kgre to m o vt this view f

.

y

S#tv•* t% stopped

www m*cf * « com (65 55 57 8 0 ) £ f| _ O M .m a

lo o t s , j Run o o c•

® Tr«c«f ou le to w w w j« K

10

to n .c o n

1

‫ ״ ז‬9‫י‬ To L o c a t io n

A a J • rtformfton ‫^ ן‬h<k and www m icrosoft c om (65 5 5 57 80) M 1cro*oft Corp

RTT

• /•/•

oa

1

in general thr* rout• is reason ably q u ic k ,* th hop* !♦*ponding

Redm ond. W A . U S A

N e tw o rk

F ir e w a ll

/ V A n a ly s is

on average within 122m s However, all h ops after hop 10 in network ]Network for 207 46 47 18)* !•*pond particularly *lowtjr RTT

Mot responding to pings

116 3 m * /2 9 6 m *

‫ ״‬1 ‫־*״‬

P acket Loss

36 l% / 1 0 0 %

O pen to http request* on port 80 P o rt P r o b e

R unning *enter M icro*o!WIS/7 5

P a c k e t lo s s

R esp on ded in 9543m * AH

R o u te le n g th A t least 17 hops A lt e r n a te ‫״‬

4 hop(*) hare alternate route* (Hop{*) 1 2 .1 3 .1 4

& 15)

ro u te s ?

O Tracer out• to w n w in K i otoH .com

You are on day l of a IS day tria l. For purchase inform ation d id t h e re or en ter a license key. Your database is 338 days out of da te d ick here to update. li t i t tim e u s e S pe< u l offe t ? Q kfc h g t 10 J M f c l H t f l i B f t « 1 V b m B P V t g 1 *‫ ־‬t t t i f l f l i l * H o u rs O nly!

FIGURE 2 .3 9 : V is u a lR o u te 2 0 1 0 s c re e n s h o t

M o d u le 0 2 P a g e 2 1 8

E t h i c a l H a c k i n g a n d C o u n t e r m e a s u r e s C o p y r i g h t © b y E C - C 0 U n C il A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d .


E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s

E x a m 3 1 2 - 5 0 C e r t if ie d E t h ic a l H a c k e r

F o o t p r in t in g a n d R e c o n n a is s a n c e

Traceroute Tools

CEH

( C o n t ’d )

p^j

N e t w o r k P in g e r

M a g ic N e tT ra c e

http:/'/www. networkpinger.com

http://www.tialsoft.com

0!

G E O S p id e r 1^1 | r l

http://www.oreware, com

3 D T r a c e r o u te

http://www.d3tr.de

v T ra c e

A n a lo g X H y p e rT ra c e

http://vtrace.pl

http://www.analogx.com

N e tw o r k S y s te m s T ra c e ro u te

http://www.net.princeton.edu

Si

R o a d k il's T ra c e R o u te

P in g P lo tte r

Mot

http://www. roadkil. net

http://www.pingplotter, com

V4V

Copyright © by EG-G*ancil. All Rights Reserved. Reproduction is Strictly Prohibited.

T r a c e r o u t e A fe w

T o o l s

m o re tra c e ro u te

( C

o n t ’ d )

to o ls s im ila r to

P a th A n a ly z e r P ro a n d V is u a lR o u te 2 0 1 0 a re

lis te d as fo llo w s : S

N e t w o r k P in g e r a v a ila b le a t h t t p : / / w w w . n e t w o r k p i n g e r . c o m

£

G E O S p id e r a v a ila b le a t h t t p : / / w w w . o r e w a r e . c o m

Q

v T ra c e a v a ila b le a t h t t p :/ / v t r a c e . p l

Q

T r o u t a v a ila b le a t h t t p : / / w w w . m c a f e e . c o m

Q

R o a d k il's T ra c e R o u te a v a ila b le a t h t t p : / / w w w . r o a d k i l . n e t

Q

M a g ic N e tT ra c e a v a ila b le a t h t t p : / / w w w . t ia ls o f t . c o m

0

3 D T ra c e ro u te a v a ila b le a t h ttp ://w w w .d 3 tr .d e

Q

A n a lo g X H y p e rT ra c e a v a ila b le a t h t t p :/ / w w w .a n a lo g x . c o m

Q

N e t w o r k S y s te m s T ra c e ro u te a v a ila b le a t h t t p : / / w w w . n e t . p r i n c e t o n . e d u

Q

P in g P l o t t e r a v a ila b le a t h t t p : / / w w w . p i n g p l o t t e r . c o m

M o d u le 0 2 P a g e 2 1 9

E t h i c a l H a c k i n g a n d C o u n t e r m e a s u r e s C o p y r i g h t © b y E C - C 0 U n C il A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d .


E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s

E x a m 3 1 2 - 5 0 C e r t if ie d E t h ic a l H a c k e r

F o o t p r in t in g a n d R e c o n n a is s a n c e

F o o t p r in t in g

M e t h o d o lo g y

C E H

Footprinting through Search Engines

WHOIS Footprinting

Website Footprinting

DNS Footprinting

Email Footprinting

Network Footprinting

Competitive Intelligence

Footprinting through Social Engineering

Footprinting using Google

Footprinting through Social Networking Sites

Copyright Š by EG-G ouid. A ll Rights Reserved. Reproduction isStrictly Prohibited.

s

F o o t p r i n t i n g So fa r w e

M

e t h o d o l o g y

h a v e d is c u s s e d v a r io u s te c h n iq u e s o f g a t h e r in g

in fo rm a tio n e ith e r w ith th e

h e lp o f o n lin e r e s o u r c e s o r to o ls . N o w w e w ill d is c u s s f o o t p r i n t i n g t h r o u g h th e a rt o f g ra b b in g in fo rm a tio n fr o m

s o c ia l e n g in e e r in g ,

p e o p le b y m a n ip u la tin g th e m .

T h is s e c tio n c o v e rs t h e s o c ia l e n g in e e r in g c o n c e p t a n d t e c h n iq u e s u s e d t o g a t h e r in f o r m a t io n .

M o d u le 0 2 P a g e 2 2 0

E t h i c a l H a c k i n g a n d C o u n t e r m e a s u r e s C o p y r i g h t Š b y E C - C 0 U n C il A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d .


E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s

E x a m 3 1 2 - 5 0 C e r t if ie d E t h ic a l H a c k e r

F o o t p r in t in g a n d R e c o n n a is s a n c e

FootprintingthroughSocial Engineering 0

r Ell E !z

J

Social e n g in e e rin g is th e a r t o f c o n v in c in g p e o p le to re v e a l c o n fid e n tia l

J

Social e n g in e e rs d e p e n d on th e fa c t th a t p e o p le are u n a w a re o f th e ir

0

n

in fo rm a tio n r \

4

1

r*

v a lu a b le in fo rm a tio n an d are careless a b o u t p ro te c tin g it 0

0

0

0

Social e n g in e e rs a tte m p t to g a ther: ‫ה‬

Social e n g in eers use th e s e te ch n iq u e s:

Credit card details and social security number

&

User names and passwords

S

Other personal information

S

Eavesdropping

S

Shoulder surfing

S

Dumpster diving

S

-

Security products in use

S

Operating systems and software

0

Impersonation on social networking sites

a

versions S

Network layout information

S

IP addresses and names of servers

0

m

0

0

0

Copyright © by EG-G(HIICil. All Rights Reserved. Reproduction Is Strictly Prohibited.

F o o t p r i n t i n g S o c ia l

e n g in e e rin g

t h r o u g h is a t o t a l l y

S o c ia l

E

n o n -te c h n ic a l

p e rs o n a n d o b ta in s c o n fid e n tia l in fo rm a tio n

a b o u t th e

n g i n e e r i n g p ro ce ss

in

w h ic h

an

a tta c k e r tric k s

a

t a r g e t i n s u c h a w a y t h a t t h e t a r g e t is

u n a w a r e o f t h e f a c t t h a t s o m e o n e is s t e a l i n g h i s o r h e r c o n f i d e n t i a l i n f o r m a t i o n . T h e a t t a c k e r a c t u a lly p la y s a c u n n in g g a m e w i t h t h e t a r g e t t o o b t a i n c o n f id e n t ia l i n f o r m a t io n . T h e a t t a c k e r ta k e s a d v a n ta g e

o f th e

h e lp in g

n a tu re

o f p e o p le

and

th e ir w e a k n e s s to

p ro v id e

c o n fid e n tia l

in fo rm a tio n . To p e rfo rm

s o c ia l e n g in e e r in g , y o u f i r s t n e e d t o g a in t h e c o n f i d e n c e o f a n a u t h o r i z e d u s e r a n d

th e n

h im

tric k

e n g in e e rin g

or

is t o

her

o b ta in

in to

re v e a lin g

re q u ire d

c o n fid e n tia l

c o n fid e n tia l

in fo rm a tio n .

in fo rm a tio n

and

h a c k in g a t t e m p t s s u c h as g a in in g u n a u t h o r iz e d

access to th e

e s p io n a g e ,

e tc . T h e

n e tw o rk

in tru s io n ,

c o m m it fra u d s ,

The

th e n

b a s ic

use th a t

goal

of

s o c ia l

in fo rm a tio n

fo r

s y s te m , id e n tity th e ft, in d u s tria l

in fo rm a tio n

o b ta in e d

th ro u g h

s o c ia l

e n g in e e r in g m a y in c lu d e c r e d it c a rd d e ta ils , s o c ia l s e c u r it y n u m b e r s , u s e r n a m e s a n d p a s s w o r d s , o th e r p e rs o n a l in fo rm a tio n , o p e ra tin g s y s te m s a n d s o ftw a re s e rv e rs , n e tw o r k la y o u t in fo rm a tio n , a n d

m uch

v e r s i o n s , IP a d d r e s s e s , n a m e s o f

m o r e . S o c ia l e n g in e e r s u s e t h is i n f o r m a t i o n t o

h a ck a s y s te m o r to c o m m it fra u d . S o c ia l e n g i n e e r i n g

can

be

p e rfo rm e d

in m a n y w a y s s u c h

as e a v e s d r o p p in g , s h o u ld e r s u rfin g ,

d u m p s t e r d iv in g , im p e r s o n a t i o n o n s o c ia l n e t w o r k i n g s ite s , a n d s o o n .

M o d u le 0 2 P a g e 2 2 1

E t h i c a l H a c k i n g a n d C o u n t e r m e a s u r e s C o p y r i g h t © b y E C - C 0 U n C il A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d .


E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s

E x a m 3 1 2 - 5 0 C e r t if ie d E t h ic a l H a c k e r

F o o t p r in t in g a n d R e c o n n a is s a n c e

C o lle c t I n f o r m

a t io n

S h o u ld e r S u r fin g ,

E a v e s d ro p p in g

U s in g

a n d

E a v e s d r o p p in g ,

D u m p s t e r D iv in g

&

Shoulder surfing is the procedure

listening o f conversations or

w here the attackers lo o k over

reading o f m essages

the user's sho ulder to gain

com m un ication such as audio,

»

video, or w ritten

U

™ [ j

6

Dum pster diving is looking for treasure in so m e o n e else's trash

«

critical inform ation

It is interception o f any form of

J *

C

D u m p s te r D iv in g

S h o u ld e r S u rfin g

Eavesdropping is un authorized

f

It involves collection o f phone bills, contact inform ation,

Attackers gather inform ation such

financial inform ation, operations

as passwords, personal

related inform ation, etc. from

identification num ber, account

the target com pany's trash bins,

num bers, credit card inform ation,

printer trash bins, user desk for

etc.

sticky notes, etc.

©

©

A

Copyright © by EG-G*ancil. All Rights Reserved. Reproduction is Strictly Prohibited.

C

o l l e c t

S u r f i n g , As m e n tio n e d

I n f o r m a n d

a t i o n

D

u m

u s i n g

p s t e r

D

E a v e s d r o p p i n g ,

S h o u l d e r

i v i n g

p re v io u s ly e a v e s d ro p p in g , s h o u ld e r s u rfin g , a n d d u m p s t e r d riv in g a re th e th r e e

te c h n iq u e s u se d to c o lle c t in fo r m a tio n f r o m

p e o p l e u s in g s o c ia l e n g i n e e r i n g . L e t's d is c u s s t h e s e

s o c ia l e n g in e e r in g t e c h n i q u e s t o u n d e r s t a n d h o w t h e y c a n b e p e r f o r m e d t o o b t a i n c o n f id e n t ia l in fo rm a tio n .

E a v e s d r o p p in g E a v e s d ro p p in g

is t h e

a c t o f s e c re tly lis te n in g to

th e

c o n v e rs a tio n s o f p e o p le

over a

p h o n e o r v id e o c o n f e r e n c e w i t h o u t t h e i r c o n s e n t . It a ls o in c lu d e s r e a d in g s e c r e t m e s s a g e s f r o m c o m m u n i c a t i o n m e d i a s u c h a s i n s t a n t m e s s a g i n g o r f a x t r a n s m i s s i o n s . T h u s , i t is b a s i c a l l y t h e a c t o f in t e r c e p t in g c o m m u n ic a t io n w i t h o u t t h e c o n s e n t o f t h e c o m m u n ic a t in g p a rtie s . T h e a tta c k e r g a in s

c o n fid e n tia l

in fo rm a tio n

by

ta p p in g

th e

phone

c o n v e rs a tio n ,

and

in te rc e p tin g

a u d io ,

v id e o , o r w r it t e n c o m m u n ic a tio n . ‫י‬ S h o u ld e r — «— -

W ith

S u r fin g

th is te c h n iq u e , an a t t a c k e r s ta n d s b e h in d th e v ic tim

a n d s e c re tly o b s e rv e s th e

v ic tim 's a c tiv itie s o n th e c o m p u t e r s u c h k e y s tro k e s w h ile e n te r in g u s e rn a m e s , p a s s w o rd s , e tc .

M o d u le 0 2 P a g e 2 2 2

E t h i c a l H a c k i n g a n d C o u n t e r m e a s u r e s C o p y r i g h t © b y E C - C 0 U n C il A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d .


E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s

E x a m 3 1 2 - 5 0 C e r t if ie d E t h ic a l H a c k e r

F o o t p r in t in g a n d R e c o n n a is s a n c e

T h is t e c h n iq u e c re d it

ca rd

is c o m m o n l y

in fo rm a tio n ,

and

used

to

s im ila r

g a in d a ta .

p a s s w o rd s , It c a n

be

P IN s, s e c u r it y

codes, account

p e rfo rm e d

a

in

cro w de d

n u m b e rs,

p la c e

as

it

is

is a l s o k n o w n a s t r a s h i n g , w h e r e t h e a t t a c k e r l o o k s f o r i n f o r m a t i o n

in

r e l a t i v e l y e a s y t o s t a n d b e h in d t h e v i c t i m w i t h o u t h is o r h e r k n o w l e d g e .

D u m p s t e r T h is t e c h n iq u e

D iv in g

th e t a r g e t c o m p a n y 's d u m p s te r . T h e a tta c k e r m a y g a in v ita l in f o r m a t io n c o n ta c t in fo r m a tio n , fin a n c ia l in fo r m a tio n , o p e r a tio n s - r e la te d codes,

p rin to u ts

o f s e n s itiv e

in fo rm a tio n ,

e tc . f r o m

th e

s u c h as p h o n e

b ills ,

in fo rm a tio n , p rin to u ts o f s o u rc e

ta rg e t c o m p a n y 's

tra s h

b in s ,

p rin te r

t r a s h b in s , a n d s tic k y n o t e s a t u s e rs ' d e s k s , e tc . T h e o b t a i n e d i n f o r m a t i o n c a n b e h e lp f u l f o r t h e a tta c k e r to c o m m it a tta c k s .

M o d u le 0 2 P a g e 2 2 3

E t h i c a l H a c k i n g a n d C o u n t e r m e a s u r e s C o p y r i g h t Š b y E C - C 0 U n C il A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d .


E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s

E x a m 3 1 2 - 5 0 C e r t if ie d E t h ic a l H a c k e r

F o o t p r in t in g a n d R e c o n n a is s a n c e

F o o t p r in t in g M e t h o d o lo g y

Footprinting through Search Engines

WHOIS Footprinting

Website Footprinting

DNS Footprinting

Email Footprinting

Network Footprinting

Competitive Intelligence

Footprinting through Social Engineering

Footprinting using Google

Footprinting through Social Networking Sites

Copyright Š by EG-G(IIIICil. All Rights Reserved. Reproduction is Strictly Prohibited.

F o o t p r i n t i n g Though th ro u g h

s o c ia l

M

fo o tp rin tin g e n g in e e rin g ,

fo o tp rin tin g

th ro u g h

w h e re a s

in

fo o tp rin tin g

a v a ila b le

on

s o c ia l

m e d iu m to p e rfo rm

e t h o d o l o g y

th ro u g h th e re

s o c ia l a re

som e

s o c ia l e n g in e e r in g , t h e th ro u g h

n e tw o rk in g

s o c ia l

s ite s .

n e tw o rk in g

s ite s

d iffe re n c e s

a tta c k e r tric k s

n e tw o rk in g

A tta c k e rs

can

sounds

s im ila r

b e tw e e n p e o p le

th e

in to

s ite s ,

th e

a tta c k e r

even

use

s o c ia l

to

tw o

fo o tp rin tin g m e th o d s .

In

re v e a lin g

in fo rm a tio n

g a th e rs

in fo rm a tio n

n e tw o rk in g

s ite s

as

a

s o c ia l e n g in e e r in g a tta c k s .

T h is s e c t io n e x p la in s h o w

a n d w h a t in fo rm a tio n

ca n b e c o lle c te d fr o m

s o c ia l n e t w o r k i n g s ite s

b y m e a n s o f s o c ia l e n g in e e r in g .

M o d u le 0 2 P a g e 2 2 4

E t h i c a l H a c k i n g a n d C o u n t e r m e a s u r e s C o p y r i g h t Š b y E C - C 0 U n C il A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d .


E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s

E x a m 3 1 2 - 5 0 C e r t if ie d E t h ic a l H a c k e r

F o o t p r in t in g a n d R e c o n n a is s a n c e

C o lle c t

I n f o r m

E n g i n e e r i n g

a t i o n

o n

t h r o u g h

S o c ia l

S o c ia l

N e t w o r k i n g

S ite s

Attackers g a ther sensitive in fo rm a tio n th ro u g h social e n g inee ring on social n e tw o rk in g w ebsites such as Facebook, M ySpace, Linkedln, T w itte r, P interest, G oogle+, etc.

I V Attackers create a fake p ro file on social n e tw o rk in g sites and th e n use th e false id e n tity to lure th e em ployees to give up th e ir sensitive in fo rm a tio n

Employees may post personal inform ation such as date of birth, educational and em ploym ent backgrounds, spouses names, etc. and information about their company such as potential clients and business partners, trade secrets of business, websites, company's upcoming news, mergers, acquisitions, etc.

Using th e details o f an em ployee o f th e ta rg e t organization, an attacker can co m p ro m ise a secured fa c ility

§

Copyright Š by EG-G*ancil. All Rights Reserved. Reproduction is Strictly Prohibited

C

o l l e c t

S o c ia l

I n f o r m

N

e t w

a t i o n

o r k i n g

t h r o u g h

S o c ia l

E n g i n e e r i n g

o n

S it e s

S o c ia l n e t w o r k i n g s ite s a re t h e o n l i n e s e r v ic e s , p l a t f o r m s , o r s ite s t h a t a l l o w p e o p l e t o c o n n e c t w i t h e a c h o t h e r a n d t o b u i l d s o c i a l r e l a t i o n s a m o n g p e o p l e . T h e u s e o f s o c i a l n e t w o r k i n g s i t e s is in c re a s in g T w itte r,

ra p id ly .

E x a m p le s

o f s o c ia l n e t w o r k i n g

P in te re s t, G o o g le + , a n d

fe a tu re s .

One

s ite

m ay

be

so on .

in te n d e d

Each

to

s ite s

in c lu d e

Facebook,

s o c ia l n e t w o r k in g

connect

frie n d s ,

s ite

fa m ily ,

M ySpace,

h a s its o w n e tc .

and

L in k e d ln ,

p u rp o s e

a n o th e r

m ay

and be

in t e n d e d t o s h a r e p r o f e s s io n a l p r o f ile s , e tc . T h e s e s o c ia l n e t w o r k i n g s ite s a re o p e n t o e v e r y o n e . A tta c k e rs

m ay

ta k e

b ro w s in g th ro u g h h im

or

her

m a in ta in

a d v a n ta g e

o f th e s e

to

g ra b

s e n s itiv e

in fo rm a tio n

fro m

u se rs

e ith e r

by

u s e rs ' p u b lic p ro file s o r b y c r e a tin g a fa k e p ro file a n d tric k in g u s e r t o b e lie v e

as a g e n u in e

u se r.

These

s ite s

a llo w

p ro fe s s io n a l p ro file s , a n d t o s h a re th e

p e o p le

to

s ta y

in fo rm a tio n w ith

c o n n e c te d

w ith

o th e rs , to

o t h e r s . O n s o c ia l n e t w o r k i n g

s ite s , p e o p l e m a y p o s t in f o r m a t i o n s u c h as d a t e o f b ir t h , e d u c a t io n a l i n f o r m a t i o n , e m p l o y m e n t b a c k g ro u n d s ,

s p o u s e 's

nam es,

e tc .

and

c o m p a n ie s

m ay

post

in fo rm a tio n

such

as

p o te n tia l

p a rtn e rs , w e b s ite s , a n d u p c o m in g n e w s a b o u t th e c o m p a n y . F o r a n a tta c k e r , th e s e s o c ia l n e t w o r k in g

s ite s c a n

b e g re a t s o u rc e s to fin d

in fo rm a tio n

about

t h e t a r g e t p e r s o n o r t h e c o m p a n y . T h e s e s ite s h e lp a n a t t a c k e r t o c o lle c t o n ly t h e in f o r m a t io n u p lo a d e d

by th e

M o d u le 0 2 P a g e 2 2 5

p e rs o n

o r th e

com pany.

A tta c k e rs

can

e a s ily

access

p u b lic

pages

o f th e s e

E t h i c a l H a c k i n g a n d C o u n t e r m e a s u r e s C o p y r i g h t Š b y E C - C 0 U n C il A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d .


E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s

E x a m 3 1 2 - 5 0 C e r t if ie d E t h ic a l H a c k e r

F o o t p r in t in g a n d R e c o n n a is s a n c e

a c c o u n t s o n t h e s ite s . T o o b t a i n m o r e i n f o r m a t i o n a b o u t t h e t a r g e t , a t t a c k e r s m a y c r e a t e a f a k e a c c o u n t a n d u s e s o c ia l e n g in e e r in g t o lu r e t h e v ic t im

to re v e a l m o r e in fo r m a tio n . F or e x a m p le ,

th e a tta c k e r can se n d a frie n d re q u e s t to th e ta rg e t p e rs o n fr o m

t h e fa k e a c c o u n t; if t h e v ic tim

a c c e p ts th e re q u e s t, th e n th e a tta c k e r ca n access e v e n th e r e s tric te d p a g es o f th e ta r g e t p e rs o n o n t h a t w e b s it e . T h u s , s o c ia l n e t w o r k i n g s ite s p r o v e t o

b e a v a lu a b le in fo r m a tio n

reso u rce fo r

a tta c k e rs .

M o d u le 0 2 P a g e 2 2 6

E t h i c a l H a c k i n g a n d C o u n t e r m e a s u r e s C o p y r i g h t Š b y E C - C 0 U n C il A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d .


E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s

E x a m 3 1 2 - 5 0 C e r t if ie d E t h ic a l H a c k e r

F o o t p r in t in g a n d R e c o n n a is s a n c e

InformationAvailable onSocial Networking Sites What Attacker Gets

What Users Do

Attacker Gets

Organizations Do

Contact info, U ser surveys .*

M a in ta in profile

lo ca tio n, etc.

CEH

Friends list,

jk

Connect to

frien ds info, etc.

A.

friends, chatting

Business strategies Business strategies J I

P ro m o te products

*

Product profile

...... Identity o f a

Share photos

fa m ily m em b ers

and video s

Social engineering

U ser suppo rt

..................................

Play gam es,

i

R e c ru itm e n t

join groups

Platform /technology '‫־‬: inform ation

Background check

Creates events

Type o f business

to hire em ployees

i

n Copyright © by EG-G(HIICil. All Rights Reserved. Reproduction is Strictly Prohibited.

I n f o r m So n e tw o rk in g

fa r,

a t i o n

we

s ite s ;

A

have

now

v a i l a b l e

d is c u s s e d

we

w ill

o n

how

d is c u s s

an

what

S o c ia l a tta c k e r

N

e t w

can

g ra b

in fo rm a tio n

an

n e tw o rk in g

s ite s

o r k i n g

S it e s

in fo rm a tio n

a tta c k e r

can

get

fro m

s o c ia l

fro m

s o c ia l

n e t w o r k i n g s ite s . P e o p le

u s u a lly

in fo rm a tio n

m a in ta in

about

th e m

p ro file s and

to

on get

s o c ia l

c o n n e c te d

w ith

o th e rs .

in

The

o rd e r p ro file

to

p ro v id e

g e n e ra lly

b a s ic

c o n ta in s

i n f o r m a t i o n s u c h as n a m e , c o n t a c t i n f o r m a t i o n ( m o b i l e n u m b e r , e m a il ID ), f r i e n d s ' i n f o r m a t i o n , in fo rm a tio n

a b o u t fa m ily

frie n d s

c h a t w ith

and

m e m b e rs ,

th e m .

th e ir

A tta c k e rs

S o c ia l n e t w o r k i n g s ite s a ls o a l l o w

in te re s ts ,

can

p e o p le to

a c tiv itie s ,

g a th e r s e n s itiv e s h a re

e tc .

P e o p le

in fo rm a tio n

u s u a lly

th ro u g h

c o n n e c t to th e ir

c h a ts .

p h o t o s a n d v id e o s w i t h t h e i r f r ie n d s . If t h e

p e o p le d o n 't s e t t h e ir p riv a c y s e ttin g s f o r t h e ir a lb u m s , th e n a tta c k e r s ca n see th e p ic tu re s a n d v id e o s s h a re d b y th e v ic tim . U se rs m a y jo in g ro u p s t o

p la y s g a m e s o r t o s h a re t h e ir v ie w s a n d

in te re s ts . A tta c k e r s c a n g r a b in f o r m a t io n a b o u t a v ic tim 's in te re s ts b y tr a c k in g t h e ir g ro u p s a n d th e n

can tr a p th e v ic tim

to

reveal m o re

in fo rm a tio n . U se rs m a y c re a te

e v e n ts to

n o tify o th e r

u s e rs o f g r o u p a b o u t u p c o m in g o c c a s io n s . W it h th e s e e v e n ts , a tta c k e r s ca n re v e a l t h e v ic tim 's a c t iv it ie s . L ik e in d iv id u a ls , o r g a n iz a t io n s a ls o u s e s o c ia l n e t w o r k i n g s ite s t o c o n n e c t w i t h p e o p le , p ro m o te

th e ir

M o d u le 0 2 P a g e 2 2 7

p ro d u c ts ,

and

to

g a th e r fe e d b a c k

about

th e ir

p ro d u c ts

or

s e rv ic e s ,

e tc .

The

E t h i c a l H a c k i n g a n d C o u n t e r m e a s u r e s C o p y r i g h t © b y E C - C 0 U n C il A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d .


E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s

E x a m 3 1 2 - 5 0 C e r t if ie d E t h ic a l H a c k e r

F o o t p r in t in g a n d R e c o n n a is s a n c e

a c t iv it ie s o f a n o r g a n iz a t io n o n t h e s o c ia l n e t w o r k in g s ite s a n d t h e

re s p e c tiv e in f o r m a t io n t h a t

a n a tt a c k e r ca n g ra b a re as fo llo w s :

W h a t O r g a n iz a tio n s D o

W h a t A tta c k e r G e ts

U se r s u rv e y s

B u s in e s s s t r a t e g ie s

P ro m o te p ro d u c ts

P ro d u c t p ro file

User su p p o rt

S o c ia l e n g in e e r in g

B a c k g ro u n d c h e c k t o h ire T y p e o f b u s in e s s e m p lo y e e s TABLE 2 .1 : W h a t o rg a n iz a tio n s Do a n d W h a t A tta c k e r G ets

M o d u le 0 2 P a g e 2 2 8

E t h i c a l H a c k i n g a n d C o u n t e r m e a s u r e s C o p y r i g h t Š b y E C - C 0 U n C il A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d .


E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s

E x a m 3 1 2 - 5 0 C e r t if ie d E t h ic a l H a c k e r

F o o t p r in t in g a n d R e c o n n a is s a n c e

Collecting FacebookInformation CEH F a c e b o o k is a T r e a s u re - tr o v e f o r A tta c k e r s E u ro p e

_

223,376,640

Middle East N. Americi^J^

18,241,080

174,586,680 V /‫ ' ■ ׳‬V 174,586,680

S T k ,'%‫׳־‬

«

1

L a t in A m e r ic a

141,612,220

N u m b e r of user using F a c e b o o k all over the world

8 4 5

,

r\ o

1 0 0

& m illion m onthly active users

*‫יי‬ O

M

W

2 5 0

billion connections

m illion photos uploaded daily

1 of every 5 of all page views

minutes tim e spent per visit

Copyright © by EG-G*ancil. All Rights Reserved. Reproduction is Strictly Prohibited.

C

o l l e c t i n g

F a c e b o o k

I n f o r m

a t i o n

F a c e b o o k is o n e o f t h e w o r l d ' s l a r g e s t s o c i a l n e t w o r k i n g s i t e s , h a v i n g m o r e t h a n 8 4 5 m i l l i o n m o n t h l y a c t i v e u s e r s a ll o v e r t h e w o r l d . It a l l o w s p e o p l e t o c r e a t e t h e i r p e r s o n a l p r o f i l e , a d d fr ie n d s , e x c h a n g e in s ta n t m essages, c r e a te o r jo in v a r io u s g r o u p s o r c o m m u n it ie s , a n d m u c h m o re . An

a tta c k e r can g ra b

in fo rm a tio n lo g in

to

B ro w s in g n u m b e r,

fro m

h is /h e r th e

p h o to s , a n d

a c c o u n t,

ta rg e t

e m a il

a ll t h e

F acebook, th e

p e rs o n 's

ID , f r i e n d

m uch

and

in fo rm a tio n

se a rch p ro file

in fo rm a tio n ,

m ore . T he

p ro v id e d

a tta c k e r s h o u ld fo r

e ith e r

th e

m ay

reveal

a

e d u c a tio n a l

a tta c k e r can

by th e

v ic tim

on

F ace b o o k. T o g ra b

h a v e a n a c tiv e a c c o u n t. T h e a tta c k e r s h o u ld ta rg e t

lo t

of

d e ta ils ,

use th is

p e rs o n

u s e fu l

or

in fo rm a tio n

p ro fe s s io n a l

in fo rm a tio n

o rg a n iz a tio n such

d e ta ils ,

fo r fu rth e r

p ro file .

as

phone

h is

in te re s ts ,

h a c k in g

p la n n in g ,

s u c h as s o c ia l e n g in e e r in g , t o re v e a l m o r e in f o r m a t io n a b o u t t h e ta r g e t.

M o d u le 0 2 P a g e 2 2 9

E t h i c a l H a c k i n g a n d C o u n t e r m e a s u r e s C o p y r i g h t © b y E C - C 0 U n C il A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d .


E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s

E x a m 3 1 2 - 5 0 C e r t if ie d E t h ic a l H a c k e r

F o o t p r in t in g a n d R e c o n n a is s a n c e

About

Basic Info

TheOtooal WinlegendFacebookPage. Johnlegendnewsong*Tonght’now on‫׳‬TireshQpe/£flh7&Ton0tf

facrbook

Biography

OUHflM

Cmt

U tfiod

Johnlurchedhacareerasasessonplayer andvocabt, corrbutrgtobestsekngreardngi bylairynHi, Ak>aKey*. Jay■ 2and*CanyeWestbefore recordnghsownirtrokenchanofTop10aborts••Getlifted(2004), Once Agan...Sm Mor•

Hornet0—1

SpmgfieU. OM

ArtistsWeAlsoIdee

General Manager

TheArftsi*Orgaruabon

‫״ ״ *י‬

Stev*Wonder, Ne-Yo, AJGreen, JeffBuddey

Carre•( location

NewYork

Recordngartist, concertperformerandtNantfropst Johnlegendhatwonnne Grammy*ward*andwa*namedoneofTmemagaane*100mo*trAjenftal

Estde, vaughnAnthony, KanyeWest. GoodM\jk

JohnlegendCALL>€(713)502-8008

Recordlabel GOOOMusc-Sony/Cotnt»a

Contact Info Webute

0

0

htip:/^www.) hriegend-c ffl hflp://www.rfw»meca‫״‬p«gn.org http://www‫״״‬yspaceco‫״‬j)ohrtegend http://www.y u% i)eccm/) hr*egend

0

0

Crete*JrtatsAgency

FacebookC 2012•Engtah(US)

About CreMeanAd CetteaPage Developer* Careers ‫־‬Privacy Cootoes-Term! Hefc>

FIGURE 2 .4 0 : F a ce b o o k s c re e n s h o t

M o d u le 0 2 P a g e 2 3 0

E t h i c a l H a c k i n g a n d C o u n t e r m e a s u r e s C o p y r i g h t © b y E C - C 0 U n C il A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d .


E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s

E x a m 3 1 2 - 5 0 C e r t if ie d E t h ic a l H a c k e r

F o o t p r in t in g a n d R e c o n n a is s a n c e

Collecting Twitter Information CEH Urt1fw<

ilhiul lUtbM

Wayne Rooney C» ~‫׳‬wayneR00ney

Japan

29.9 m illio n

A Twee* to Wayne Rooney

T iveets *1 im>

j QWaynaBocncy

g t j Pau' WcCartnej a = •‫־‬-/

11

Tweets

a

FOIWiina

1811 donl 0ut9 ur«Je18l8rd w*tjr 1‫־׳‬e Mi w« have 10 he*‫־‬ eve-ryttmj in french Hit? utterly rdcjom

JR

v m m m

cant tittleva aTheReaKC3fifKrtoano'a* c*f*n®ny *H0R88p#ct hedon**0 mjc'i «thecouWy >‫־‬ct4‫־‬o1C01r

•oympcs

r 'e s w ith la r g e s t ^

9 K1: 4 6 5

3 5 0

m illion accounts

m illion tw e e ts a day

7 6 %

5 5 %

W ‫ט‬

’•Jcov»*An<»VtfvJ

s Hopepaulmentr?»9I

*

#

Q Wayne Rooney 3wsyr<‫»־‬J4»v,,‫־‬ I Great riotory of Brrt»r aiiesiy. Dtl'eitnt

T w itte r u s e rs n o w p o s t

T w itte r users access th e

s ta tu s u p d a te s

p la tfo rm via th e ir m o b ile

r hb.oooonbefix6

1

Copyright © by EG-Gllincil. All Rights Reserved. Reproduction is Strictly Prohibited.

C

o l l e c t i n g

T w

i t t e r

I n f o r m

a t i o n

T w i t t e r is a n o t h e r p o p u l a r s o c i a l n e t w o r k i n g

s ite

used

by

p e o p le

to

send

and

rea d

t e x t - b a s e d m e s s a g e s . It a llo w s y o u t o f o l l o w y o u r f r ie n d s , e x p e r t s , f a v o r i t e c e le b r it ie s , e tc . T h is s i t e a l s o c a n b e a g r e a t s o u r c e f o r a n a t t a c k e r t o g e t i n f o r m a t i o n a b o u t t h e t a r g e t p e r s o n . T h i s is h e lp f u l in e x t r a c t i n g i n f o r m a t i o n s u c h a s p e r s o n a l i n f o r m a t i o n , f r i e n d th e

ta rg e t p o s te d

as tw e e ts , w h o m

th e

t a r g e t is f o l l o w i n g , t h e

in fo r m a tio n , a c tiv itie s o f

fo llo w e rs

o f th e

u se r, p h o to s

u p lo a d e d , e tc . T h e a t t a c k e r m a y g e t m e a n in g f u l in f o r m a t io n f r o m t h e t a r g e t u s e r's tw e e t s .

M o d u le 0 2 P a g e 2 3 1

E t h i c a l H a c k i n g a n d C o u n t e r m e a s u r e s C o p y r i g h t © b y E C - C 0 U n C il A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d .


E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s

E x a m 3 1 2 - 5 0 C e r t if ie d E t h ic a l H a c k e r

F o o t p r in t in g a n d R e c o n n a is s a n c e

Wayne Rooney O

* Follow

®wayneRooney h a p s /w w u . /acebooic.eom. ^ ’ayntMoon*i/

119*

http offca»waynoroen»y 00m

4,635.170

d T w e e t to W a y n e R o o n e y

TV/eets «j No repiiH

Q W eyneR ooney

i . ‫ י‬:: i ■:-*y

Paul M cCartney

Nearly tome ptc tw tte r coaV S O C T lllW 0 D t M M d by Wiyfl• Rooney

T w e e ts FoSowing

a

F o io w e r s F a v o rte s

P iers M organ

m • 2012Twetaf

j

3 M

:♦-!-‫־‬:•;j ‫־‬

0

l s ti < ‫ ו ח צ‬qu te understand w h y m e h e! w e h ave to hear e v e r y th r g ‫ מ‬FRENCH first7 Utterty ndicutous solym piccerem ony □ =K*«*!K ty Wayne Rooney Expand P m ills

rwvcni ■‫■׳‬ayca

U W

A-

940 ,.' f f !

vtrStacAV s

cant befteve . TheReaUVC3 a not part o f this cerem ony ‫ ־‬N o Resp ect he done s o much 4 the country Imao‫ = ״‬Lon do n2 0 l2 *O lym pics ‫ ש‬Rtfwwwd t y Wayne Rooney Expand Wayne Rooney

About Help Tam* Pnvaey

.», *♦«:•:‫< ׳‬,

, B e c k s s m ie on the boat w a s s o funny

Btog Stjtu* A Ad»**1‫*־‬ef* B1

H

Karl H yde ‫״״‬

‫׳‬v .H y i*

.‫־‬.ayneRooney themchaelowen becks to bght a footba■ and bet 1 straight ‫■ י״‬ to the Olympic stadum torch GO Rato— tea ty Wayna Rooney V«a> oonvarMOen • Ian Hicholls

a

.>‫_©״‬1af

WayneRooney macca « ctosrg t lad ca nl w a r ScouseAndProud * ‫ ש‬Rafaatad by Wayna Roonay v*■ oon»ar»at«n • Wayne Rooney

«R :■ :<»•‫׳׳‬

‫ ן‬Y e s the beetles Hope paul me a S flg n g later Representing frverpool B e s t band ev e r

. i >■*Rooney ‫ ן‬U r bean Fun n y Expand W ayne Rooney .vaynaReeaey G reat history o f b r t a r already Different to an y other cerem ony i , h ave se e n before

FIGURE 2 .4 1 : T w itte r s h o w in g u s e r's tw e e ts

M o d u le 0 2 P a g e 2 3 2

E t h i c a l H a c k i n g a n d C o u n t e r m e a s u r e s C o p y r i g h t © b y E C - C 0 U n C il A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d .


E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s

E x a m 3 1 2 - 5 0 C e r t if ie d E t h ic a l H a c k e r

F o o t p r in t in g a n d R e c o n n a is s a n c e

Collecting LinkedinInformation LinkedQr

•Go tacklaS«t>c*RotUlt Chris Stone Pn.jrHI■‫״יו׳‬:.U ‫׳‬.'. 1‫׳‬j.1

B P “

itv‫■•י־‬B-.1•FWi; urn

‫״־‬

C*rwl Progmmtn•Mnnnj>f Mfrclacfc*Bank 01.Ijium S«H.*mpt®y*d(( •‫•יי‬#• ‫יי׳‬. Pwl ‫*׳‬MdotOp!!**"• PtyKt$ * Sv&oc K *XA •*BankEtra PreatsmiTioManigwa MA Bjn*tu‫׳‬:<c O jt P1 »j ‫*׳‬-fT0i P>««r»1>wn ti *XA fcpxxtr MotM W sM nacorrmanMien* )p»ot*>I•*!*cannvnMOm WfltariM CanpjryW<6tM tip■.‫׳‬,*♦iMxtr

« » ai a ^

‫ *־‬a Hi « a n Y- -‫*»■•־‬1*.^ - 2

n e w m e m b e rs

jo in e v e ry s eco nd

2 , 4 4 7

$ 5 2 2

e m p lo y e e s lo c a te d

re v e n u e f o r 2 0 1 1

2

m illio n

m illio n c o m p a n ie s

ha ve L in k e d ln

a ro u n d th e w o rld

c o m p a n y pages

Copyright © by EG-G1IIIIC1I. All Rights Reserved. Reproduction is Strictly Prohibited.

C

o l l e c t i n g

S im ila r

to

L i n k e d l n

Facebook

and

I n f o r m

T w itte r,

a t i o n

L in k e d ln

is

a n o th e r

s o c ia l

n e tw o rk in g

p r o f e s s io n a ls . It a llo w s p e o p l e t o c r e a t e a n d m a n a g e t h e i r p r o f e s s i o n a l p r o f i l e

s ite

fo r

a n d id e n t i t y . It

a llo w s its u s e rs t o b u ild a n d e n g a g e w i t h t h e i r p r o f e s s io n a l n e t w o r k . H e n c e , t h is c a n b e a g r e a t in fo rm a tio n

reso u rce

e m p lo y m e n t

d e ta ils ,

m ore

th e

about

fo r

th e

a tta c k e r.

p a st e m p lo y m e n t

ta rg e t

p e rs o n .

The

The

a tta c k e r

d e ta ils , a tta c k e r

m ay

e d u c a tio n can

get

in fo rm a tio n

d e ta ils ,

c o lle c t

a ll

c o n ta c t th is

such d e ta ils ,

in fo rm a tio n

as

cu rre n t

and w ith

m uch th e

f o o t p r in t in g p ro ce ss.

M o d u le 0 2 P a g e 2 3 3

E t h i c a l H a c k i n g a n d C o u n t e r m e a s u r e s C o p y r i g h t © b y E C - C 0 U n C il A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d .


E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s

E x a m 3 1 2 - 5 0 C e r t if ie d E t h ic a l H a c k e r

F o o t p r in t in g a n d R e c o n n a is s a n c e

Linked 03• *«**‫ !״‬Ty!* bmc : Horn•

Profile

Contacts

Group*

Job■

inbox

Conpann

Non

Mora

< G o back 10 Search Results

C hris Stone

S ee e x p a n d e d

Programme Manager at Deutsche Bank Belgium Bru ssels Area B e lp u m

Management Consu»mg Connect Send InMari Save Chns's F

Current

P ro g ra m m e M a n a g e r at D eu tsch e B a n k B e lg iu m D irecto r a n d Co n s u lta n t a! P ro g ra m M a n a g e m e n t S olu tio n s sprl (S e lf e m p lo y e d )

Pa st

Education

Head of Operations Projects & Support Investment O m s k *! at A X A Bank Europe Programme Manager at A X A Bank Europe O utsourcing Programme & Procurement Manager at A X A B ek pu m O M il• • Henot-Watt Institute of Chartered Secretaries and Adm M st/ators

Recommendations Connections W ebsites Public Protoe

3 people have recommended Chns 500• connections Com pany W ebs4e http II be knkedn c o m W c ss to n e

FIGURE 2 .4 2 : L in k e d ln s h o w in g u s e r's p ro fe s s io n a l p ro file a n d id e n tity

M o d u le 0 2 P a g e 2 3 4

E t h i c a l H a c k i n g a n d C o u n t e r m e a s u r e s C o p y r i g h t © b y E C - C 0 U n C il A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d .


E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s

E x a m 3 1 2 - 5 0 C e r t if ie d E t h ic a l H a c k e r

F o o t p r in t in g a n d R e c o n n a is s a n c e

CollectingYoutube Information I CEH 3 rd

tm

M o s t v is ite d w e b s ite

«

a c c o rd in g t o A le x a

8 2 9 ,4 4 0

I

V id e o s u p lo a d e d

9 0 0 Sec

A v e ra g e tim e u se rs s p e n d o n Y o u T u b e e v e ry d a y

,G E E

Copyright © by EG-G*ancil. All Rights Reserved. Reproduction is Strictly Prohibited.

Q )

1]

C

o l l e c t i n g

Y o u T u b e

I n f o r m

Y o u T u b e is a w e b s i t e t h a t a l l o w s y o u t o

a t i o n u p l o a d , v i e w , a n d s h a r e v i d e o s a ll o v e r t h e

w o r ld . T h e a tta c k e r ca n s e a rc h f o r th e v id e o s re la te d t o th e ta r g e t a n d m a y c o lle c t in f o r m a t io n fro m th e m .

FIGURE 2 .4 3 : Y o u tu b e s h o w in g v id e o s re la te d t o ta r g e t

M o d u le 0 2 P a g e 2 3 5

E t h i c a l H a c k i n g a n d C o u n t e r m e a s u r e s C o p y r i g h t © b y E C - C 0 U n C il A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d .


E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s

E x a m 3 1 2 - 5 0 C e r t if ie d E t h ic a l H a c k e r

F o o t p r in t in g a n d R e c o n n a is s a n c e

TrackingUsers onSocial Networking Sites J

CEH

U sers m ay use fake id e n titie s on social netw orking sites. Attackers use to o ls such as G e t S o m e o n e s IP o r IP-G R ABB ER to track users' real identity

J

Steps to get so m e o n e 's IP address thro ugh chat o n F a ceb o o k using G e t S o m e o n e s IP tool: ©

G o to

http:/ / www.myiptest.com/staticpages/ index.php/how-about-you

© Three fields exist:

L in k fo r P e rso n

L in k fo r yo u

R e d ire c t U R L

Copy the generated link of

Enter any U R L you w ant

this field and send it to the

th e target to redirect to

O p en th e URL in this field and keep checkin g fo r

target via chat to get IP

ta rge t's IP

address

Link ID

kKp«rs4«1: http Ifwmi nyiptesi corr/img pk>?>d=z0eujbg1f?&Klnwwvr gruil con&rd‫=־‬yatoc c>rr&

IP

Ideu jb g1f2

kxyou: ‫> מזי‬N*ww myiptest corvstatKpages/ndex prp«'‫׳‬to<«f-aboutyou'*d=zc»Mbj1G&shw*jp

Proxy Refer Dateffime

8 5.93.218.204

NO

NO

201 2 -08 -0 6 1 3:04 4 4

h ttp ://w w w .m y ip te s t.c o m Copyright © by EG-G*ancil. All Rights Reserved. Reproduction is Strictly Prohibited.

T r a c k i n g ^

In

o rd e r

k n o w le d g e

about

cases,

w ill

you

to

U s e r s

S o c ia l

p ro te c t th e m s e lv e s

In te r n e t c rim e s

not

o n

get

exact

m ay

fro m

e t w

o r k i n g

In te rn e t fra u d

use fa k e

in fo rm a tio n

N

id e n titie s

about

th e

on

ta rg e t

and

S it e s a tta c k s ,

p e o p le

s o c ia l n e t w o r k in g u se r.

So

to

w ith

s ite s .

d e te rm in e

little

In s u c h th e

rea l

i d e n t i t y o f t h e t a r g e t u s e r , y o u c a n u s e t o o l s s u c h a s G e t S o m e o n e ' s IP o r I P - G R A B B E R t o t r a c k u s e rs ' re a l id e n titie s . If y o u w a n t t o t r a c e t h e i d e n t i t y o f p a r t i c u l a r u s e r, t h e n d o t h e f o l l o w i n g : •

O p e n y o u r w e b b ro w s e r , p a s te th e URL, a n d p re ss E n te r: h ttp ://w w w .m y ip te s t.c o m /s ta tic p a g e s /in d e x .p h p /h o w -a b o u t-v o u

N o tic e

th e

th re e

URL: http://, •

and

fie ld s a t th e

b o tto m

o f th e

web

pa g e, n a m e ly

Link for person, Redirect

Link for you.

T o g e t r e a l IP a d d r e s s o f t h e t a r g e t , c o p y t h e g e n e r a t e d

lin k o f t h e

Link for person

fie ld

a n d s e n d it t o t h e t a r g e t v ia c h a t. •

E n te r a n y

Open

th e

URL y o u URL

w a n t t h e t a r g e t t o r e d i r e c t t o in

p re s e n t

in

th e

L in k

for you

fie ld

the Redirect link: http:// in

a n o th e r

w in d o w ,

to

fie ld .

m o n ito r th e

t a r g e t ' s IP a d d r e s s d e t a i l s a n d a d d i t i o n a l d e t a i l s .

M o d u le 0 2 P a g e 2 3 6

E t h i c a l H a c k i n g a n d C o u n t e r m e a s u r e s C o p y r i g h t © b y E C - C 0 U n C il A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d .


E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s

E x a m 3 1 2 - 5 0 C e r t if ie d E t h ic a l H a c k e r

F o o t p r in t in g a n d R e c o n n a is s a n c e

Link for person: http //www myiptest com/1 mg php7!d=zdeujbg1f2&rdr=www gmail com&rdr=yahoo com& Redirect URL: http# www gmail com Link for you: http //www myipfest com/staticpages/index php/how-about-you?id=zdeujbg1f2&showjp:

L i n k ID

IP

P ro xy

R e fe r

D a te ffim e

z d e u jb g lf2

8 5 .9 3 .2 1 8 .2 0 4

NO

NO

2 0 1 2 -0 8 -0 6 1 3 :0 4 :4 4

FIGURE 2 .4 4 : T ra c in g id e n tity o f u s e r's

M o d u le 0 2 P a g e 2 3 7

E t h i c a l H a c k i n g a n d C o u n t e r m e a s u r e s C o p y r i g h t Š b y E C - C 0 U n C il A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d .


E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s

E x a m 3 1 2 - 5 0 C e r t if ie d E t h ic a l H a c k e r

F o o t p r in t in g a n d R e c o n n a is s a n c e

‫־‬

1 M

Footprinting Concepts

Footprinting Threats

Footprinting M ethodology

Footprinting Penetration Testing

Footprinting Countermeasures

Footprinting Tools

o d u l e

F l o w

F o o tp rin tin g can be p f: e r f o r m e d

w ith th e

h e lp o f to o ls . M a n y o rg a n iz a tio n s o ffe r to o ls

t h a t m a k e in fo r m a t io n g a th e r in g an e a s y jo b . T h e s e to o ls e n s u re th e m a x im u m

‫ף‬

Footprinting Concepts

| w ‫|־‬

Footprinting Threats

CD

Footprinting Methodology

F o o t p r in tin g T o o ls