Objectives of Footprinting Footprinting Threats Footprinting through Search Engines Website Footprinting Email Footprinting Competitive Intelligence Footprinting Using Google WHOIS Fo
Trang 2security News
cebook a "treasure trove’ of April 10, 2012
rsonally identifiable Information
book contains a " »ve" of personally identifiable information that hackers
age to get their hands on
2ort by Imperva revealed that users’ " , " can often include
te of birth, home address and sometimes mother's maiden name, allowing hackers to
ss this and other websites and applications and create targeted spearphishing campaigns =
tailed a concept I call " ing", where an attacker can get further knowledge of
>r's circle of friends; having accessed their account and posing as a trusted friend, they can
e mayhem This can include requesting the transfer of funds and extortion
d why Facebook is so important to hackers, Imperva senior security strategist Noa Bar-Yosef
“People also add work friends on Facebook so a team leader can be identified and this can lead
porate data being accessed, project work being discussed openly, while geo-location data can be
iled for military intelligence."
Trang 3
Footprinting Terminology
What Is Footprinting ? Objectives of Footprinting Footprinting Threats
Footprinting through Search Engines Website Footprinting
Email Footprinting Competitive Intelligence Footprinting Using Google
WHOIS Footprinting DNS Footprinting
Network Footprinting Footprinting through Social Engineering
Footprinting through Social Networking Sites
Footprinting Tools
Footprinting Countermeasures
Footprinting Pen Testing
Trang 4Module Flow at
Certified § E
Trang 5
Footprinting
Open Source or Passive
— Information Gathering
Collect information about a target from
a the publicly accessible sources
Active Information Gathering
Gather information through social
engineering on-site visits, interviews, ` and questionnaires
Pseudonymous Footprinting Collect information that might be
published under a different name in
an attempt to preserve privacy
Internet Footprinting Collect information about a target from the Internet
Trang 6What Is Footprinting?
Footprinting is the process of as much information as possible
about a target network, for identifying various ways to intrude into an
Process involved in Footprinting a Target
lo |
5
— Determine the operating syste:
Collect basic information about = [te | used platforms KG i _ the target and its network [ dh = se Gam etc
` Find vulnerabilities and exploit
for launching attacks
Trang 7
° Why Footprinting? đÍ
Footprinting allows It reduces attacker’s It allows attacker to It alloòồws attacker to ‹ attacker to know attack area to build their own a map or outline the about the complete specific range of IP information database target organization’s security posture of address, networks, about target network infrastructu
an organization domain names, organization“s security know about the actu
remote access, etc weakness to take environment that thi
appropriate actions are going to break
Trang 8
9 Domain name 2 Networking protocols
8 Internal domain names 2 VPN Points
© IP addresses of the reachable systems & IDSes running
- Collect 2 Rogue websites/private websites 2 Analog/digital telephone num
information @ Access control Mechanisms and ACUs 2 System Enumeration
System ‡ _ SNMP information $ Passwords Information
Information : °
Trang 10
“ Footprinting Threats
4 Attackers gather valuable system and network information such as account
details, operating system and installed applications, network components,
server names, database schema details, etc from footprinting techniques
$ ^
+
WM a
Trang 11
Module Flow
Footprinting ` ` Footprinting Concepts
Footprinting Tools
Trang 12Footprinting IMethodology đÍ
Certified Ff
Lhe eee eee eee ee eee ee ee sẽ
Footprinting through Search “ Engines
EEE EEE EERE EERE EE EEE EEE EEE EEE EEE EERE EEE EEE EEE EE EEE EEE
KH ng eee eee eee eee eee eee
-
POPP PPP PPP E PEEPS ESE EET EEE EEE EEE eee eee KD (Q.2 a jaalaalaaa.aaa a ae =
` l9 994944944944444444904104449941944490141019414994944944494941994996499964 9004994999690 9960944ee+se99
tˆ t4 449444449040 40444444444444444400440494494494444949444944496490444944949499494449 992v Footprinting through Social
PR PRR RPE) vẽ g WINàhiinH b Š CC K PPE PPT PP PPP PP PPP PPP PPP PPP PP PP PPP PP PPP PPP Pee PPP
dd dd ddddddddddsdddddddddddddddddddddasddddaadasad2ả2 sa, J ,AẠÀ\Ạ ddnnaốẽỐỀ dc iiiiioiiiibiioiiiiiiiiiiiiiiiiiiiiaiioioaiiiaiaaaiaaaaa.-ss.assssa =
Footprinting through Social
Trang 13Footprinting through
Attackers use search engines to extract information about a target such as technology platforms, employee details, login pages, intranet portals, etc which helps in performing social engineering and other types of advanced system attacks Search engine cache may provide sensitive
information that has been removed from
the World Wide Web (WWW)
‘hes ae Gougies cocts of tts ur Ìxá4da 6v bÂ42¿0
Wr De ad so (oul neve changed & the eee Lean o
mere » wate oon De
Pr ora? “4 ives _ “ae «ˆ' 9i 2x4art
Trang 14Finding Company’s
4 Search for the target company’s external URL Tools to Search Internal URLs
in a search engine such as Google or Bin
@ Internal URLs provide an insight into
different departments and business units in
an organization
®@ http://www.webmaster-a.com/
link-extractor-internal.php
4 You may find an internal company’s URL by
trial and error method
Internal URL’s of microsoft.com
= tw microsof support microsoft.com
—> I c6e@f #920164 Hzz*24 F#wlot thosk (or : ©
Drtoss ‘ors Bat 9e tên bàng Hm nar cụt se 9 office.microsoft.com te, Đã
th :¿zsf!t ce brat! se uu uel fierwes Duty : em,
Trang 15Public and Restricted Websites
Trang 16Collect Location Information (||
Trang 17Orr ion about an individual can be | The people search returns the following
ound at various people search information about a person:
= © Contact numbers and date of birth
* Blog URLs
Mewes (apr : ` A OS
lúc944 Lap ' ' us
` Wús sat: ( si, (44112049 *d/gfr<s
7 ` ou ' ' a “
›# 03» oa 1N fs -_` ©
os tee goede Lape Aleph 1.1%, Stl Pee tm rˆ š
ví N06 - 4341) (23JE, (2⁄4 A(CS€ un Th Payor M% e2 (sứ
`
ví
Trang 19
twee! tc Kate Vineet Tweets
m rong POUL
ay Kate Winslet an
Linieect |") ap
ose ww Me eum ¢ 8
la C@2@M<C b a# @69x2 6119 204066 Dol tha ams so verre He Masageemerr Consvter
Brac Pitt oo ene,
2446 - Devsupnen! Ce °
Yee + i»
vài (va el a Banaceda Newerks
Trang 20Gather Information from ral
Certified & &
Trang 21Seace 1984, he Word & Brows Family of Companees have been commecting
beemess to inchetry-Beading sohtions in very area of health meurance and benefit
seraces We ve beat 2 repatatios for proveting brekers, carmen, employers
trần thub< and fakes with access to the services tools and techeology that help
hem axceed We cal t providing, “Service of Uneqnalled Excelence”
We extend thes came level of service to our thost portant asset OF
ampleyees’ We offer competitive salaries and benefits, but our strength is ow
feu) caitre §=We foster a casual but hard working eevironment, organize fin
monthly events and regularly ecoguze ou employees through a variety of
programs We prowsie howe corperate traning to sharpen skills so ow
employees are not orfy successful n er current jobs, but can fobow acaen
pat We take pride = promotng fcen wehua!
Ý táo ls đc kău oí (gufý/ you woud Mer to be a part of please check out ts
cape ytecet opportranity anc joe) cur teas!
o Desrpeon
“he Frterpeee Apobe ators Engineer «rok is to plan, inptemeat, manage
aceurtetee and eapport core haenece apple ation eofbware for corpoente
re Sư “Tete mechictes, bet 6 ot limited ty Microsoft ITS, VMicrosatt
tha nen 10) O and Uridied Viessagne Micrmentt Share Point, Vicroseft Great
Plant Vierown? CRM Mierosnft SOL Server 2004 and 2008 Vieresatt Team
Foumtatoe Server 2008 ancl 2010 Miercentt SCOM, peoprietary developed
ofvworre aac open source apoheatons utikred by the company
ob Anewiedpe and Skis
Postion requires storeg knowledge of Wixdows server 2005 2008 Active
Decwwory achuieseation and octwercking (TCP IP ver4, DNS ax DHCP) Maus
heave cupeseece wih and wrong workin knewledse of Microsofl SQL 2005 and
2008, Microoodt Eachange 2010 messaging syweras, Microsoft Skare Pods
Sfkrescft CRM aed Micreseft SCOM Must have basic prog amuming aad
sgtune xi: Picfce C* aud Power Sbcli setipting experience Mus be
koewlodgcabic of scewer clase hardware and Network siũa»rttiác best
peoctices MCITP EA, seever, messaging, SOL etc and/or MCTS, MCSE
ctiicatios prefersecl Bachelor degree w) Coreputes Science a Netwesk
Engmeenng protessecnal tramang oc equrvalest expenence
You can gather company’s infrastructure details from
“iptese (mi nOGvcv e9
http://www.simplyhired.com http://www.indeed.com http://www.usajobs.gov
Trang 22Target Using Alerts
that provide up-to-date information based
on your preference usually via email or
SMS in an automated manner
© Google Alerts - http://www.google.com/alerts
® Yahoo! Alerts - http://alerts.yahoo.com
© Giga Alert - http://www.gigaalert.com
Mews Zi new f€ th tor Security News
a 2s Land Deadly Blow to Assaca inner
t taa mit (hai depends on an ine }
Result type Everything ° XU 22 n6 62NSNbkxusảeo
at j vat ity
How often Once a day v at
£6 £55200 ate! ery ne dose in
How many Only the best results x AMM eiters) - Mystery surrounded the wiereabouts of
4 tụ b ber billed and wo Ị t ` arity : ’
B í ecw TY fry cert Dasha a? › 2 —
a vt ' tíast “hạt tolled tiwee teoh deve Ncla ưM tai 1 est at °
CREATE ALERIT Manage your alerts ry of the try S Security Orces | stun ee eneamined roveInmMent Syria Ti -
Trang 23sẽ ee
LH nh on on nh ni nninnnnnannnnnannanandaiaiana and lan =
= GÀ ái an nha nans ni
PERE EEE EEE EEE ERE EEE EEE EEE EERE HEHEHE HEHEHE EEE EHH, =
Footprinting through Social
"
POPP PPPOE EES EPSPS EEE EEE EEE EEE Tee
Tete TT TT Teer eT eee Tee Tee TT eee eee TP eee eee eee Tee eT eee eee eee ee ee eT Tey TTT
Trang 24Footprinting
a1
Information obtained from target’s website enables an attacker to
build a detailed map of website’s structure and architecture
——
~ Sub-directories and parameters 3 m MT me.sonnesermasa esosea owen
~ Filename, path, database field name, or query is oot en ưng _-
~ Contact details and CMS details - , : ' = R¬ rangers eee ht bt
Use Zaproxy, Burp Suite, Firebug, etc to view - 4 = Ẳ
~— Connection status and content-type a Í “60
- X-Powered-By information > AE 2208 Uy Sidi
1
Trang 25Footprinting
(Cont’d)
Examining HTML source provides: Examining cookies may provide:
@ Scripting platforms used
©
© Contact details of web developer or admin
@ File system structure
Trang 26
Mirroring Entire Website | Cll
ee
Mirroring an entire website onto the local system enables an attacker to dissect and identify
vulnerabilities; it also assists in finding directory structure and other valuable information
without multiple requests to web server
Web mirroring tools allow you to download a website to a local directory, building recursively
all directories, HTML, images, flash, videos, and other files from the server to your computer
http://www.juggyboy.com i ; C:\juggyboy.com
` ~~
Trang 27_ Gio Quen jen G= g-
HTTrack Web Site Copier (http://www httrack.com)
Trang 29
Extract Website Information from ral
http://www.archive.org mod m
Internet Archive’s Wayback Machine allows you to visit archive
versions of websites
CC waybeciachive.org yw
INTERNET ARCHITVE http://microsoft.com Go Waydack!
Waubselmocr “1% bức: 1⁄⁄241£ cory has beer crawled 3.276 times pang 34 the was back to
Information Website
*
Trang 30Monitoring Web Updates Using
Website Watcher automatically checks web pages for updates and changes
® WebSite-Watcher 2012 (12.2) [bookmark wsw} 28 days available - 5
File Bookmarks Check [ool ‘Script Options View Hep Byy Now
_ | Wm | EỆœ+ Ø1 2 # [E314 @
okrnarks 0 FB Name « URL Last change Status Lest check
" o Sign in http://weww.hơtrnail com Warming s®hole cortert 13:14
„ t9 o Mecrosoft Comporstion: Softwere, http://www.rmicrcsoft com 2012-07-18 162522 OK intielced, Redirection 2012-07-18 16:25:33
Search Results 9 WebS#e-Watcher - Download http://www.aignes.com/downlos 2008-10-07 1527 Ox 2008-10-07 15:45:30
§ tren 0 WebSite-Watcher - Support Forum = http: //sww.aignes.com/Torum/\ OK phpSB2 Plugin proc 2008-10-07 15:44:49
> Trach 0
Bookmarks 2
ViedSite- Watcher 2 WebSite-Watcher - Download
[Page @ ¢ Eci/Uses: ata LE LL s sa ine eae a a ee a a ee a a a Se Ear 2273 271961430 hủ: cho loi rye ẠNU , xa ¬
Nome Products Hiog News Contact = -
Í you wets! @ cew vers oot wvst@ pur cxisteg copy of WebtSdte-Wetcher - just install the new
Page Text Analyses
Socamerks +
Trang 32
© Attacker tracks email to gather information about the physical location of an
individual to perform social engineering that in turn may help in mapping target organization’s network
© Email tracking is a method to monitor and spy on the delivered emails to the
intended recipient
When the email was
received and read
Track PDF and other types
Trang 33Collecting Information from
Email Header teat
eli ot @gmail.com The address from which
Received: by 10.112.39.167 with SMTP id qa/ca the
xoan message was sent
i 1 Jun 2012 21:24:01 02100 (4 :
1
ain of psignates 10.224.205.137
Received: from mr.google.com ([19.224.205.157]) : :
— ( by the originatorˆs
a J/relaxed: email servers
d=gma 1 Ì com; S=ZU1ZU01153 h=mime-version:in-reply-to: refers Authenticationsystem ject:from:to : Ree eas Lypes = used by senderˆs
bh=T T1 Tho 2 on số can? mail = aes b=KguZLTLig2+QZAzZKex1lNnvRenD/+P4+NkG pe 2 P+ 7 SMxDRE
bl PK3eJ3Uf /CsaBZWDITOXLaAKOAGr P 3ROt 92MCZFxelUO9uwL/ xHALSnkeUITEEeKGq0Cc ORIHDSIDIONTOKAC | EMKDIGZAMV ADIWE CLO I4RaMDOUCNZRWOWNT IDS Sal TICcgt +P
ZhrWFKhSxSnZ2XsE73xZPEYzp /yecCeQuYHZNGs 1K» tcO /xQ1eZuw+HWK/vR6xChDJap2á4
Received: by 10.229.230.79 with HTTP: Fri,
In ‘Reply-To: <CAOYWATT 1 zdDXE 2 O£ Det hiE4Be: é tua Ẻ 1 „ gma Ì 1.com> by mr.google.com to References: <CROYMATTIZODYE 2o2D2 rhikfsBe ail.gqmail.com>
Date:8Sat., 2 Jun 2012 09; 53:59 40550 identify the message Message-ID: <CAMSVvoATOqE|nFwewJ cớ NnO-EMJcgfgX+mULjB tt2sy2dxA@mail.gmail.com>
Trang 34ở
=
= * l,* 2đ) 22 ! {TA hư nbvd sự t0 xe (xe tước
ms * tho 1Œ tc 1! VÀ ‹©Muyê» siá^`ra( Muaryêy tia
ˆ tr re CFS tee! We Merwe =<z+3 Prewet
272 #2 towel WIN Arete SI et [Ec
=> se #52 tore! WE Mecet cd 40 eo Met Spee
‘iim VP 1 ehh ke ocean «Ft mode
—=—=——_ `" a
i MOS teeters tem late C2 tne MX
oer et © eet ere cv
Email Lookup - Free Email Tracker
Trace Email - Track Email
Email Header Analysis
IP Addrese: 72.52.192.147 (host.marhsttanmediagroup.com)
IP Address Country: United States —
IP Continent Iiorh Amerta
IP Address City Location: Lansing
IP Address Region: Michigan
IP Address Latitude: 42.7257,
IP Address Longtitude: -84 636 Organizaton: SourceDNS
Emat! Lookup Map (show/hide)
Trang 36TH Ga can na ni Eee ee eee nsnn aai
KH ng ng EEE EERE EERE EEE EEE EEE EEE HEHEHE EEE EEE EEE HEH HHO, =
Email Footprinting
= TS (La ải ải nan na na
= APPR PPP PPR PRES ERSTE EEE ETE EE EEE nan nan iabn na nan nn.ns.na.n.a.a da
Te Tee TTT TT TT Te Te TTT Tee Tee eee eee Te Tee Tee eee eee ee ee eee eee eee ee ee eee ee ee eee ee ee ) i ere rere ee ee TTT TT Tere TTT eee CTP Te TTT Te TPT ECT Eee eee Tee eT ee Te Tere ee eee Tee ee ee eee
Trang 37Competitive Intelligence
Gathering
2 Competitive intelligence is the process of identifying, gathering,
analyzing, verifying, and using information about your competitors
from resources such as the Internet
4 Competitive intelligence is non-interfering and subtle in nature
Sources of Competitive Intelligence
+
7 Product catalogues and retail outlets
2 Search engines, Internet, and online databases
8 Analyst and regulatory reports
Trang 39Competitive Intelligence Sites
Market Watch (http://www.marketwatch.com)
The Wall Street Transcript (http://www.twst.com)
Lipper Marketplace (http://www.lippermarketplace.com)
Euromonitor (http://www.euromonitor.com)
Fagan Finder (http://www.faganfinder.com)
SEC Info (http://www.secinfo.com)
The Search Monitor (http://www.thesearchmonitor.com)
MarketWatch íwSt.com
Trang 40Competitive Intelligence - What Expert ral
AttentionMeter
http://www.attentionmeter.com
mre Ley a Ee) http://www.jobitorial.com