ATHENA CEH v7 module 02

Trang 1

Footprinting and

Module 2

CỊIEH Certified Fthical Hacker

Trang 2

There is a general misconception that

and the majority of internet users underestimate the risk

of illegal access to their data

In a recent survey conducted by Avira, 10% of Internet users confirmed they had been victims of some form of data theft, of whom

As cyber-criminals become more ingenious,

performance is now only possible with extensive security

protection

Greater sophistication of potentially unwanted applications (PUAs) means their

and small pay-offs are far more frequent

responses to online scams may be al! that is required

http://www.!twehb co za

AN Rights Reserved Reproduction ¡s Strwtiy Proihibited

Trang 3

WX Whatis Footprinting? W Network Footprinting

W > Objectives of Footprinting W Website Footprinting

> Footprinting Threats W E-mail Footprinting

'W Internet Footprinting amin, W Google Hacking

2 Competitive Intelligence WY Footprinting Tools

WY WHOIS Footprinting @ Footprinting Countermeasures

'@ DNS Footprinting Footprinting Pen Testing

Al Rights Reserved Reproduction ts Strictly Prohibited

Trang 5

4 Footprinting >

Open Source or Passive Information

Pseudonymous Footprinting

Trang 6

What is Footprinting?

Footprinting refers to uncovering and collecting as much information as possible

about a target network

Collect basic information

about the target and its

network

Find vulnerabilities and

exploits for launching

attacks

Performed by techniques such as Whois, DNS, network

and organizational queries

Trang 7

Objectives of Footprinting

` 3 : ® Internal domain names : © VPN Points

; © IP addresses of the reachable systems ; = IDSes running

Information - ™ TCP and UDP services running - "` Authentication mechanisms

4 * User and group names # System architecture

` = System banners =» Remote system type

* Routing tables - = System names Collect ayerem = SNMP information =» Passwords

Information

"1 — ; Employee details : = Address and phone numbers

G ` —= ) ea Organization's website zim Background on the organization

Collect Organization’s <= * Company directory > = News articles/press releases

Trang 9

Footprinting

rmation such as account details,

® Attackers gathers valuable inform !

operating system and other software versions, serv sr name NT TU

details from footprinting techniques a

Trang 12

Finding a Company’s URL

Web images Maps News Orkut Books Gmail more v Web History | Search settings | Sign in

oogle microsoft Search

About 199.000.0009 resuts (0.12 seconds) 1v anced searc?

“9 Everything Microsoft Corporation

Ñ New — sile fur — nefgere taLrerl ee amd news ews vw microsoft c ;

A Blogs Download Center 5 ways to speed up your PC

* More 7 Home Microso® Windows: Windows 7

/ Deœwr¿cađs internet Explorer &

KP Office The web

Pages from india Search mecroso®# com

.n Microsoft Download Center

La test

~ Search All Download CenterSearch Microsoft.com Microsoft Office Compatiteity Pack for Past 4 days Word, Excel, and PowerPort File Formats

tàu ke duy WWw rriicfrosof cormvdowriloaós/en/deSault aspx œclxeđ - Sưmnilat

Timeline Microsoft - Wikipedia, the free encyclopedia

~ More search tools Microsoft Corporation (NASDAQ: MSFT HKEX: 4338) its a public multinational corporation

based in Redmond Washington, USA that develops manufactures seo

en wikipedia org/wikivMicrosoft - 11 hours ago - Cached la

Trang 13

Locate ~erna - —©

Internal URLs provide an insight into different departments and business units in an organization

@ You may find an internal company’s URL by trial and error method

W Tools to search internal URLs:

= http://news.netcraft.com t

= http://www.webmaster-a.com/link-extractor-internal.php

support office jf windows

microsoft.com microsoft.com microsoft.com

technet update | > search

microsoft.com microsoft.com microsoft.com

Al Rights Reserved Reproduction is Strictly Prohibited

WW.ATHENA.EDU.VN

Trang 14

and Websites

Identify a company’s private and public websites

1 Aco - Marie leet

.THENA.EDU.VN

ko tVaA¿ ĐỀ Su Sa ted ¿ (ktseliesdkees #<† EC-7>esc2 Ms Lớn Muske [L) Feee kcoss Se«ck fog

Design Code Build Innovate

Trang 15

/VWWWW

search for Company’s Information

Search for a company’s

information in major search

Use complex keywords to

m1 search about a company

Trang 16

Tools to Extract Company’s Data

Web Data Extractor (http://www.webextractor.com)

Trang 17

Footprinting Through Search Engines

Attackers use search engines to extract information about a target such as technology platforms, employee details, login pages, intranet portals, etc which helps in performing social engineering and other types of advanced system attacks

J Search engine cache may provide sensitive information that has been removed from the World

Trang 18

to get the location of He

the place * ED Bee

Trang 19

mMNHew,Freasco Tortillasf°¿¡ Agi TY

fl Kiranicontinental indian Csne 4

: | CUE ulopa Technologies

* ^k1Ly SỀ¬(rogúe Grill i d*g2/ 3à /

- 2020 Me Twenty erty 4 POInter2 404252 314M 7400/29 /4862W@ eleV 1/1100 tí CÁ

Trang 20

2 Gil U Clinton ceae 79)

~ 96044 PACFICA, CA - wiew deta

= Residential addresses Gil =hdionvaas ve

E Ẹ PL NLOn (age: $2)

` Contact numbers Sar ENO SP = XIN ANNINE.SonI

oe mn LÔ entnes for Bil Clinton found m

Caiforrem, Florida, iexss, ew Jersey, lennesses, New Yors

|

E-mail addresses Your Report: Your Search:

: : : : : Name: Lori Ortiz

] Satellite pictures of the private residences peopl Seerch 120508 9G

¬ ` c ee ee PNasee 2) Samatha Ortlz

â@ View All , A

37

ge

|

You can find personal! information using online people search services

ATHENA

TRUNG TAM DAO TAO AN NINH MANG & QUAN TRI MANG

WWW.ATHENA.EDU.VN

Trang 21

People Search Using

ae yah technique known The most comprehensive people search on the web

information about people Name Email Username Phone

to a vast repository of underlying content, such as documents in online

databases that general- purpose

Trang 22

me sesrc ¡: Online Services

People Search c#estPeenìteaceh,zmn — ee ee ee ee em max le "

a ie De Fmail %s<¿‹al Seciirey 8 Social Net Search

How can we belp with yout poeple search tuday ? Pees Select from Free People Search, laste nt

suy a bị come People Search, of Protessicae! People Seat ches —-“.~—-

What & a People Search?

People Gearth te greet wee ts foc and cecorn oct wed) Sere, off frerate titwi M# %»C‹44 afer! Pebew Searth repets Powe Shrove MeTbErs

t“A+xvttv fvritxy ages, Oeteletes Hourdet edt cremiers, feltTw vele, reote

Trang 23

~2eop e Seare Online Services

& 3 Yahoo People Search = À, Address.com

http://people.yahoo com ¬ C http://wiww_address.com

Trang 24

People Search on - | © wor «oo Services

Facebook belps you connect and share with

the peogee in your hfe

Trang 25

Gather Information from

ewe Times “one

Microsoft “rr"'rr"" | (MSFT) ~ 1Ô 12 O09 meer

‘ea ) .tnraAoas Scottrade >

i TIẾP VvV '._``_ ue tay (———

ˆ lấn đô

.THENA.EDU.VN

Trang 26

Footprinting Through

You can gather a company’s

infrastructure details from

Exchange 2003 in an Enterprise ervironment

¢ Experience m providing 24-hour support to a global enterpnse

as part of an on-call rotation

e Effective interpersonal skills with the ability to be persuasive

e Other skilis Suilding Effective Tearns, Action Oriented Peer

Relationships, Customer Focus, Priority Setting, Protliem Solving, and Business Acumen

e Bachelorse™s Oegree or equivalent expenence

e MCSE (2003) certification a plus, Canx Certification a plus

Trang 27

Target Using Alerts

Google Alerts is a content monitoring service that automatically notifies users when new

content from news, web, blogs, video and/or discussion groups matches a set of search

terms selected by the user and stored by the Google Alerts service

Google Alerts help in monitoring a developing news story and keeping current on a

competitor or industry

xOOsle alert

Search

terms Preview :

Track your interests on the Web

Sign Up » Lag in» Type Everything

iow often once 4 day

Email length up to 20 results

Trang 28

Footprinting Footprinting Footprinting

+ m4 slr]

Website E-mail Google

Footprinting Footprinting Hacking

Trang 29

Competitive Intelligence Gathering

“Business moves fast Product cycles are measured in months, not years Partners become rivals quicker

than you can say “breach of contract.” So how can you possibly hope to keep up with your competitors if

you can't keep an eye on them?”

The competitive intelligence is non- Competitive intelligence is the process of

interfering and subtle in nature identifying, gathering, analyzing, verifying,

and using information about your competitors from resources such as the Internet

Trang 30

Pull up a list of competing companies in the market

Extract salespersons’ war stories on how deals are won

=Z

and lost in the competitive arena E

Produce a profile of the CEO and the entire management staff of the competitor

_

Trang 31

Competitive Intelligence -When Did this

Company Begin? How Did it Develop?

Visit These Sites

Trang 32

Competitive Intelligence - What

are the Company's Plans?

ABI/INFORM Global (http://www proquest.com )

Factiva (http://factiva.com)

Business Wire (http://www businesswire.com)

Market Watch (http://www.marketwatch.com)

Websitez (http://websitez.com)

Trang 33

= Your company » Your company »

Nelson Market Place

Trang 34

Competitive Intelligence Tools

¥ Van s http://vvvvwv.secinfo.com http://home_businesswire.com

—

C-SPAN ChoicePoint Online

http://www.cspan_org — http://vvvvv.choicepointonline com

Trang 35

v Melanxl

MU Ho

T† sx.ớẻ#nngx em

dene 14 OQ ^ ớ

Ác 2n m2 p2 ng Sen cào s43 c8 SỈ Su % + Beemete weg ord iw owl tebe es

Trang 36

c

®

Network Footprinting

Hacking

Trang 37

WHOIS Lookup

WHOIS databases are maintained by Regional Internet Registries and contain the personal

information of domain owners

WHOIS Lookup Tools

http://www.tamos.com

WHOIS Query Returns hÐ://nekeraFccrrr

1 Domain name details 4 ồ http://www.whois.net

2 Contact details of | http://www.iptools.com

Trang 38

WHOIS Lookup Result Analysis

Osi tergrt compart 25W

Myers et, Aretrepteteoss) 992226

1 # A - Saas Oo "»:io ret

weein servers an lietee order

BS WERLED ILA cot 294 22x 269 301 M5? WTPĐIXS*ILA Coot ?£t4 5X tát JDI

Surname, Name (SNIDNo-ORG} targetcompanyŒ@®domain.com

targetcompany (targetcompany-DOM) # Street Address

City, Province, State, Pin, Country

Telephone: XXXXX Fax XXXXX Technical Contact:

Surname, Name (SNIDNo-ORG) targetcompany@domain.com

targetcompany (targetcompany-DOM) # Street Address City, Province, State, Pin, Country

i

Domain servers in listed order:

NS1 WEBHOST.COM XXX MOOK KK KK NS2 WEBHOST.COM XXX MOOK KOK KKK

WWW.ATHENA.EDU.VN

Trang 39

WHOIS

Lookup Tools:

E'Ì MA

SmartWhois is a useful

network information utility

that allows you to look up all

the available information

administrator, and technical

support contact information

Pt) VN

“) SmactWhois —

Fale Query Edit View Settings Help

BP hostordomaire @ online.fr, money.de

tarmos.com

yazu

zdnet con

norogs.com or7w.com

hostmaster te proxad net

Techrmcal Contact for Proxad

Free SAS / ProXad

3, nue de la ville PEveque

75008 Paris

phone: +331 73 50 2000

fax +33 1 73 %2 25 01 bastm411e:proxad.ne1 freens] -g20.free.fr [212.27 60.19}

freens2-g20.free.fr (212.27 60.20]

Google Page Rank: 7 Alexa Traffic Rank: 6,129

Crested: 29/12/2008 Updstet nhyvernet+-npeOcorp.freefr Source whois.nic fr

Trang 40

WHOIS Lookup Tools

Trang 41

Sa http-//whois.drin net http://www_networksolutions.com

Trang 42

Footprinting

Campetitive intelligence

Network Footprinting

Trang 43

Extracting DNS Information

DNS Record Type DNS Records provide important information

about location and type of servers

Â - Points to a hosts IP address

MX - Points to domain’s mail server

NS - Points to host’s name server

CNAME - Canonical naming allows aliases to a host SOA - Indicate authority for domain

4 Tây _——— eee eee

en Al Rights Reserved Reproduction is Strictly Prohibited

&ATHENA

———————=-—

TRUNG TÂM ĐÀO TẠO AN NINH MẠNG & QUẢN TRỊ MẠNG

WWW.ATHENA.EDU.VN

Trang 44

Extracting

CheckONSs.NET is testing microsoft.com

Che ckDNS.NET is asking root servers about authoritative NS for domain

Got ONS list for "microsoft.com from e.gtid-servers.net or e.gtid-servers.net or e gtid-servers_net or e.gtid-servers.net or e.gtlđ-servers.net

Found NS record: nsi.msft.net{65.55 37.62], was resolved to IP address by e.otid-servers net ~

Found NS record: ns2.msft.net{[64.4.59.173], was resolved to IP address by e.gtid-servers.net 2

Found NS record: ns3.msft.net{213.199.161.77], was resolved to IP address by e.gtid-servers.net Xà Found NS record: ns4.meft.net{207 46.75.254], was resolved to IP eddress by e.gtid-servers net “ Found NS record: nsS.meft.net{65.55 226.140], was resolved to [IP address by e.gtld-servers.net «

#6666 Doman has 5 ONS serveris)

CheckDNs.NET is verifying if NS are alive

ONS server nsi.msft.net[65 55.37.62] is alive ond authoritative for domain microsoft.com @

DNS server ns2.msft.net[64 4.59.173] is alive snd authoritative for domain microsoft.com -

ONS server ns3.msft-net[213.199.161.77) is alive and authoritative for domain microsoft.com @ ONS server ns4.msft_net[207.46.75.254) is alive and authoritative for domain microsoft.com @

ONS server ns5.m.sft.net[6S.55.226.140] ¡is alive and authoritative for domain microsoft.com “

S server(s) are alive tà

CheckDNS.NET checks if all NS have the same version

All S your servers have the same zone version 2010070903 «2

Tiêu đề	ATHENA CEH v7 module 02
Trường học	Athena CEH University
Chuyên ngành	Cybersecurity and Ethical Hacking
Thể loại	Module
Năm xuất bản	2023
Thành phố	Hanoi

Định dạng
Số trang	84
Dung lượng	5,66 MB