CEHv8 module 02 footprinting and reconnaissance

Asked why Facebook is so important to hackers, Imperva senior security strategist Noa Bar-Yosef said: "People also add work friends on Facebook so a team leader can be identified and thi

Trang 1

Footprinting and

R econn aissance

Trang 3

P e rs o n a lly Id e n tifia b le In fo rm a tio n

Facebook contains a "treasure trove" of personally identifiable information that hackers

manage to get their hands on

A report by Imperva revealed that users' "general personal information" can often include

a date of birth, home address and sometimes mother's maiden name, allowing hackers to

access this and other websites and applications and create targeted spearphishing campaigns

It detailed a concept I call "friend-mapping", where an attacker can get further knowledge of

a user’s circle of friends; having accessed their account and posing as a trusted friend, they can

cause mayhem This can include requesting the transfer of funds and extortion

Asked why Facebook is so important to hackers, Imperva senior security strategist Noa Bar-Yosef

said: "People also add work friends on Facebook so a team leader can be identified and this can lead

to corporate data being accessed, project work being discussed openly, while geo-location data can be

detailed for military intelligence."

"Hacktivism made up 58 per cent of attacks in the Verizon Data Breach Intelligence Report, and they

are going after information on Facebook that can be used to humiliate a person All types of attackers

I n f o r m a t i o n Source: h ttp ://w w w s c m a g a z in e u k c o m

Facebook contains a "trea su re tro v e " o f p e rso n a lly id e n tifia b le in fo rm a tio n th a t hackers manage to get th e ir hands on.

A re p o rt by Im perva revealed th a t users' "g eneral personal in fo rm a tio n " can o fte n include a date o f b irth , hom e address and som etim es m o th e r's m aiden nam e, a llo w in g hackers to access this and o th e r w ebsites and applications and create targe te d sp ea rp h ishing campaigns.

It detailed a concept I call "frie n d -m a p p in g ", w h e re an a tta cke r can get fu rth e r know ledge o f a user's circle o f frie n ds; having accessed th e ir account and posing as a tru s te d frie n d , th e y can cause m ayhem This can include requesting the tra n s fe r o f funds and e x to rtio n

Asked w h y Facebook is so im p o rta n t to hackers, Im perva se nior se cu rity stra teg ist Noa Bar- Yosef said: ״ People also add w o rk frie n ds on Facebook so a team leader can be id e n tifie d and this can lead to co rp orate data being accessed, p ro je ct w o rk being discussed openly, w h ile geo- location data can be detailed fo r m ilita ry in tellig en ce "

Ethical H acking a n d C o u n te rm e a s u re s C o p y rig h t © by EC-C0UnCil

M o d u le 0 2 P a g e 93

Trang 4

types o f attackers have th e ir ow n tech n iq ue s."

On how attackers get a password in th e firs t place, Im perva claim ed th a t d iffe re n t keyloggers are used, w h ile phishing kits th a t create a fake Facebook login page have been seen, and a

m ore p rim itiv e m e tho d is a b rute force attack, w here th e a tta cke r repeatedly a tte m p ts to guess

th e user's password.

In m ore extrem e cases, a Facebook a d m in is tr a to rs rights can be accessed A ltho u gh it said th a t this requires m ore e ffo rt on th e hacker side and is n o t as prevalent, it is the "h o ly g ra il" o f attacks as it provides th e hacker w ith data on all users.

On p ro te c tio n , Bar-Yosef said th e ro ll-o u t o f SSL across th e w h o le w ebsite, ra th e r tha n ju s t at

th e login page, was effective, b u t users still needed to o p t in to this.

By Dan Raywood

h t t p : / / w w w s c m a g a z i n e c o m a u / F e a t u r e / 2 6 5 0 6 5 , d ig i t i a l - i n v e s t i g a t i o n s - h a v e - m a t u r e d a s p x

Trang 5

J O b je c tiv e s o f F o o tp r in tin g J N e tw o r k F o o tp r in tin g

J F o o tp r in tin g T h re a ts J F o o tp r in tin g th r o u g h S ocial

E n g in e e rin g

W J F o o tp r in tin g th r o u g h S ocial

J C o m p e titiv e In te llig e n c e J F o o tp r in tin g C o u n te rm e a s u re s

J F o o tp r in tin g U s in g G o o g le J F o o tp r in tin g P en T e s tin g

M o d u l e O b j e c t i v e s

This m odule w ill make you fam ilia rize w ith th e fo llo w in g :

Engineering

F o otp rin tin g th ro u g h Social

©

M o d u le 0 2 P a g e 9 5

Trang 6

M o d u l e F l o w

Ethical hacking is legal hacking conducted by a p e n e tra tio n te s te r in o rd e r to evaluate

th e security o f an IT in fra s tru c tu re w ith the perm ission o f an organization The concept o f ethical hacking cannot be explained or cannot be p erfo rm ed in a single step; th e re fo re , it has been divided in to several steps F o otp rin tin g is th e firs t step in ethical hacking, w h e re an

a tta cke r trie s to gath er in fo rm a tio n a b o u t a targe t To help you b e tte r u n d e rsta n d fo o tp rin tin g ,

it has been d is trib u te d in to various sections:

Trang 7

F o o tp r in tin g a n d R e c o n n a is sa n c e

The F o o tp rin tin g Concepts section fam iliarizes you w ith fo o tp rin tin g , fo o tp rin tin g te rm in o lo g y ,

w h y fo o tp rin tin g is necessary, and th e objectives o f fo o tp rin tin g

M o d u le 0 2 P a g e 9 7

Trang 8

F o o t p r i n t i n g T e r m i n o l o g y C E H

Active Information GatheringGather inform ation through social engineering on-site visits, interviews, and questionnaires

Pseudonymous FootprintingCollect inform ation tha t might be published under a d iffe re n t name in

an attem pt to preserve privacy

Open Source or Passive Information GatheringCollect inform ation about a target from the publicly accessible sources

Anonymous FootprintingGather inform ation from sources where the au th o r o f th e info rm a tio n cannot

be identified or traced

Internet FootprintingCollect inform ation about a target from the Internet

Organizational or Private

FootprintingCollect inform ation from an organization's web-based calendar and em ail services

O p e n S o u r c e o r P a s s i v e I n f o r m a t i o n G a t h e r i n g

!,n'nVn'nVI

Open source or passive in fo rm a tio n gathering is the easiest way to colle ct in fo rm a tio n abo u t the ta rg e t organization It refers to th e process o f gathering in fo rm a tio n fro m th e open sources, i.e., publicly available sources This requires no d ire c t co nta ct w ith the ta rg e t

o rg a n iza tio n Open sources may include new spapers, television, social n e tw o rkin g sites, blogs, etc.

Using these, you can gather in fo rm a tio n such as n e tw o rk boundaries, IP address reachable via

th e In te rn e t, o pe ra tin g systems, w eb server so ftw a re used by th e ta rg e t n etw o rk, TCP and UDP services in each system , access co n tro l mechanism s, system a rch itectu re , in tru sion d e te ction systems, and so on.

Trang 9

th e ta rg e t organization A ttackers try to e xtract in fo rm a tio n fro m th e em ployees by conducting social e ng in e ering : on-site visits, interview s, questionnaires, etc.

This refers to th e process o f collecting in fo rm a tio n fro m sources anonym ously so th a t

y o u r e ffo rts cannot be traced back to you.

Pseudonym ous fo o tp rin tin g refers to th e process o f collecting in fo rm a tio n fro m the sources th a t have been published on th e In te rn e t b u t is n o t d ire c tly linked to the a u th o r's nam e The in fo rm a tio n may be published under a d iffe re n t name or the a u th o r m ay have a

w ell-established pen name, or the a u th o r may be a co rp orate or g ove rn m e n t official and be

p ro h ib ite d fro m posting under his or her original nam e Irrespective o f th e reason fo r hiding the

Private f o o t p r in t " " in g involves collecting in fo rm a tio n fro m an o rg an iza tion 's w e b - based calendar and em ail services.

Trang 10

W h a t I s F o o t p r i n t i n g ? |

F o o tp r in tin g is th e p ro c e s s o f c o lle c tin g as m u c h in f o r m a t io n as p o s s ib le

a b o u t a t a r g e t n e tw o r k , f o r id e n tify in g v a r io u s w a y s t o in tr u d e in to an

o r g a n iz a tio n 's n e t w o r k s y s te m

Process involved in Footprinting a Target

D ete rm ine th e o p e ra tin g system used, p la tfo rm s ru n n in g , w eb server versions, etc

©Find vu ln e ra b ilitie s and exp lo its

a f

■

P erform techniques such as W hois, DNS, n e tw o rk and organizational queries

W h a t I s F o o t p r i n t i n g ?

F o o tp rin tin g, the firs t step in ethical hacking, refers to the process o f collecting

in fo rm a tio n abo u t a ta rg e t n e tw o rk and its e n viro n m e n t Using fo o tp rin tin g you can fin d various ways to in tru d e in to th e ta rg e t organization's n e tw o rk system It is considered

״ m e th o d o lo g ic a l" because critical in fo rm a tio n is sought based on a previous discovery.

Once you begin the fo o tp rin tin g process in a m e thodological m anner, you w ill obta in th e

b lu e p rin t o f the security p ro file o f th e ta rg e t organization Here the te rm "b lu e p r in t" is used because th e result th a t you get at th e end o f fo o tp rin tin g refers to th e unique system p ro file of

th e ta rg e t organization.

There is no single m e th o d o lo g y fo r fo o tp rin tin g as you can trace in fo rm a tio n in several routes

H owever, this a c tiv ity is im p o rta n t as all crucial in fo rm a tio n needs to be gathered before you begin hacking Hence, you should carry o u t th e fo o tp rin tin g precisely and in an organized

m anner.

You can colle ct in fo rm a tio n abo u t th e ta rg e t organization th ro u g h th e means o f fo o tp rin tin g in

Trang 11

3 Perform techniques such as W hois, DNS, n e tw o rk and organizational queries

4 Find vu ln e ra b ilitie s and exploits fo r launching attacks

F u rthe rm ore, w e w ill discuss how to collect basic in fo rm a tio n , d e te rm in e o pe ra tin g system o f

ta rg e t c o m p ute r, p la tfo rm s running, and w eb server versions, various m ethods o f fo o tp rin tin g , and how to fin d and e x p lo it v u ln e ra b ilitie s in detail.

M o d u le 0 2 P a g e 101

Trang 12

W h y F o o t p r i n t i n g ? C E H

Urti*W itkM l lUckw

W h y F o o t p r i n t i n g ?

I'n'n'r'n'n'

For attackers to build a hacking strategy, th e y need to gather in fo rm a tio n abo u t th e

ta rg e t organization's n etw o rk, so th a t th e y can fin d th e easiest way to break in to the

o rg a n iz a tio n 's se c u rity p e rim e te r As m e n tion e d previously, fo o tp rin tin g is th e easiest w ay to gath er in fo rm a tio n a b o u t th e ta rg e t organization; this plays a vita l role in th e hacking process.

F o o tp rin tin g helps to :

P erform ing fo o tp rin tin g on th e ta rg e t organization in a system atic and m ethodical m anner gives th e co m p lete p ro file o f the organization's security posture You can analyze this re p o rt

to fig ure o u t loopholes in the security posture o f y o u r ta rg e t organization and th e n you can build y o u r hacking plan accordingly.

By using a co m b ina tio n o f to o ls and techniques, attackers can take an unknow n e n tity (for

Trang 13

A detailed fo o tp rin t provides m axim um in fo rm a tio n abo u t th e ta rg e t organization

A ttackers can build th e ir ow n in fo rm a tio n database abo u t security weakness o f th e ta rg e t organization This database can the n be analyzed to fin d th e easiest w ay to break in to the organization's security p e rim e ter.

C om bining fo o tp rin tin g techniques w ith to o ls such as T racert allow s the a tta cke r to create

n e tw o rk diagram s o f th e ta rg e t o rganization's n e tw o rk presence This n e tw o rk map represents th e ir understanding o f th e ta r g e ts In te rn e t fo o tp r in t These n e tw o rk diagram s can guide the attack.

M o d u le 0 2 P a g e 103

Trang 14

0 IP addresses of the reachable systems

0 Rogue websites/private websites

0 TCP and UDP services running

0 Access control Mechanisms and ACL's

0 Comments in HTML source code

0 Security policies implemented

0 Web server links relevant to the organization

0 Background of the organization

0 News articles/press releases

• S y ste m n a m e s : P a s s w o rd s

Collect Organization’s

Information

O b j e c t i v e s o f F o o t p r i n t i n g

The m ajor objectives o f fo o tp rin tin g include collecting th e ta rg e t's n e tw o rk

in fo rm a tio n , system in fo rm a tio n , and th e organizational in fo rm a tio n By carrying o u t

fo o tp rin tin g at various n e tw o rk levels, you can gain in fo rm a tio n such as: n e tw o rk blocks,

n e tw o rk services and applications, system a rch itectu re , in tru sion d e te ctio n systems, specific IP addresses, and access co n tro l m echanisms W ith fo o tp rin tin g , in fo rm a tio n such as em ployee names, phone num bers, co nta ct addresses, designation, and w o rk experience, and so on can also be obtained.

C o l l e c t N e t w o r k I n f o r m a t i o n

The n e tw o rk in fo rm a tio n can be gathered by p e rfo rm in g a W h o is database analysis, tra ce ro u tin g , etc includes:

Q Dom ain name

Q Internal dom ain names

Trang 15

Q TCP and UDP services running

Q ACLs

9 IDSes running

Q Address and phone num bers

Q Com m ents in HTML source code

Q Security policies im p le m e n te d

Q W eb server links relevant to th e organization

U News articles/press releases

E thical H acking a n d C o u n te r m e a s u r e s C o p y rig h t © by EC-C0UltCil

M o d u le 0 2 P a g e 105

Trang 16

M o d u l e F l o w

So far, we discussed fo o tp rin tin g concepts, and now w e w ill discuss th e th re a ts

associated w ith fo o tp rin tin g :

ר * ? The F o o tp rin tin g Threats section fam iliarizes you w ith th e th re a ts associated w ith fo o tp rin tin g such as social engineering, system and n e tw o rk attacks, co rp orate espionage, etc.

Trang 17

The fo llo w in g are various th re a ts due to fo o tp rin tin g :

S o c i a l E n g i n e e r i n g

W ith o u t using any in tru sion m ethods, hackers d ire c tly and in d ire c tly collect

in fo rm a tio n th ro u g h persuasion and various o th e r means Here, crucial in fo rm a tio n is gathered

by th e hackers th ro u g h e m ployees w ith o u t th e ir consent.

S y s t e m a n d N e t w o r k A t t a c k s

© J

F o o tp rin tin g helps an a tta cke r to p e rfo rm system and n e tw o rk attacks Through

fo o tp rin tin g , a tta cke rs can g ath er in fo rm a tio n related to th e ta rg e t o rganization's system

c o n fig u ra tio n , ope ra tin g system running on the m achine, and so on Using this in fo rm a tio n , attackers can fin d th e vu ln e ra b ilitie s present in th e ta rg e t system and then can e xp lo it those

Trang 18

& p a » , I n f o r m a t i o n L e a k a g e

L 3 3 In fo rm a tio n leakage can be a great th re a t to any organization and is o fte n overlooked

If sensitive organizational in fo rm a tio n falls in to th e hands o f attackers, then th e y can build an attack plan based on th e in fo rm a tio n , o r use it fo r m o n e ta ry b en e fits.

׳

—

th e com pany and even escalate th e privileges up to adm in levels W h a te ve r p riva cy was

m aintained by th e com pany is co m p le te ly lost.

F o otp rin tin g has a m a jo r e ffe c t on businesses such as online businesses and o th e r

e com m erce w e b sites, banking and financial related businesses, etc Billions o f dollars are lost every year due to m alicious attacks by hackers.

Trang 19

M o d u l e F l o w

Now th a t you are fa m ilia r w ith fo o tp rin tin g concepts and threa ts, we w ill discuss th e

fo o tp rin tin g m ethodology.

The fo o tp rin tin g m e tho d olog y section discusses various techniques used to colle ct in fo rm a tio n abo u t th e ta rg e t o rg a n iz a tio n fro m d iffe re n t sources.

M o d u le 0 2 P a g e 109

Trang 20

E H

F o o t p r i n t i n g M e t h o d o l o g y

WHOIS Footprinting DNS Footprinting Network Footprinting Footprinting through Social Engineering

Footprinting through Social Networking Sites

Footprinting through Search Engines

W ebsite Footprinting Email Footprinting Competitive Intelligence Footprinting using Google

I— ^

F o o t p r i n t i n g M e t h o d o l o g y

The fo o tp rin tin g m e th o d o lo g y is a procedural way o f co lle c tin g in fo rm a tio n abo u t a

ta rg e t organization fro m all available sources It deals w ith gathering in fo rm a tio n a b o u t a ta rg e t organization, d e te rm in in g URL, location, esta b lish m e nt details, num be r o f em ployees, th e specific range o f dom ain names, and co nta ct in fo rm a tio n This in fo rm a tio n can be gathered fro m various sources such as search engines, W hois databases, etc.

Search engines are th e m ain in fo rm a tio n sources w here you can fin d valuable in fo rm a tio n abo u t y o u r ta rg e t o rg a n iza tio n T herefore, firs t we w ill discuss fo o tp rin tin g th ro u g h search engines Here w e are going to discuss how and w h a t in fo rm a tio n we can collect th ro u g h search engines.

Exam ples o f search engines in clu de : w w w g o o g le c o m ,w w w y a h o o c o m ,w w w b in g co m

Trang 21

nd P»> bur*, Ajn 4 1V: n th■

M icrosoft

i 1m:am iiwm 1yw<n •wm ■MiMSOOS <1 1M r*&

IIMl tv |h* tiV.row* Midm Int 31 aptntnj 11bM-nar« 'M I*1 he •hut tot• crtMd an ■MmjM hiM trfQur•* *rt V/ Kti *1m Marot* •״*»>»«

Snc in• 1*101 11• <pnu>V '׳« •tn«w •-••יא *an

in tra n e t portals, and so on Using this in fo rm a tio n , an a tta cke r may build a hacking s tra te g y to break in to th e ta rg e t organization's n e tw o rk and may carry o u t o th e r types o f advanced system attacks A Google search could reveal subm issions to fo ru m s by security personnel th a t reveal brands o f fire w a lls or a n tiv iru s s o ftw a re in use at the targe t Som etim es even n e tw o rk diagram s are fo u n d th a t can guide an attack.

If you w a n t to fo o tp rin t th e ta rg e t organization, fo r exam ple XYZ pvt ltd, th e n type XYZ pvt ltd in

th e Search box o f th e search engine and press Enter This w ill display all th e search results conta in in g the keyw ords "XYZ pvt ltd " You can even n a rro w dow n th e results by adding a specific keyw ord w h ile searching F urtherm ore, we w ill discuss o th e r fo o tp rin tin g tech n iq ue s such as w ebsite fo o tp rin tin g and em ail F ootprinting.

For exam ple, consider an organization, perhaps M icroso ft Type M ic ro s o ft in th e Search box o f

a search engine and press Enter; this w ill display all the results containing in fo rm a tio n abo u t

M icro so ft Browsing th e results may provide critical in fo rm a tio n such as physical lo ca tio n ,

A tta c ke rs use sea rch e n g in e s to e x tr a c t

Trang 22

&

O © wcbcachc.googleusercontent.com scarch?q-cache:ARbFVg INvoJ:cn.wikipcdia.org/wiki/Micn

This is Google's cache o f http i/en wikipedia 0rgAviki/Microsoft t is a snapshot of the page as it appeared on 17 Jul 2012 13:15:03 GMT The current page could have changed in the meantirre Learn more

Text-only /ersicn Create account & Log in Read View source View history

Cow Jones Industrial Average component

NASDAQ-100 component S&P50D component Induttry Computer tofiwar•

Onlir• t#rvic♦•

Video gorroo Founded Albuquerque, New Mexico, United States (April 4,1975) Founder(•) Bill Gates, Paul Alien Headquarters Microsoft Redmond Campts,

From Wikipedia the free encyclopedia

Microsoft Corporation (NASDAQ: MSFTt? ) is ar American multinational corporation headquartered n ReJrrond

Washington United States that develops, manufactures licenses, and supports a wide range cf products ard services rolatod to computing Tho company was foundoc by Bill Gatos and Paul Allen on Apr J 4 1975 Microsoft is the world's largest software corporation measured by revenues

Microsoft was established to develop and sell BASC inteipieteis foi the Altai! 8800 II rose 1 0 dominate the home computer operating system market wth MS-OOS n the mid•

1980s followed by the Microsoft Wndows line of operating systems The company’s 1986 initial public oferng and subsequent rise in the share price, created ar estimated three billionaires and 12.000 millionaires from Microsoft employees Since the 1990s the company has increasingly dr\ersrf 1 ed from the operating system market In May 2011 Microsoft acquired Skype for $8 5 billion in its largest acquisition to date PI

Main page Contents Featured content Current events Random artide Donate to vviKipeaia Interaction

Help

About Wikipedia Community portal Recent changes Contact Wikipedia

in fo rm a tio n , it may still be available in a search engine cache T herefore, you should also check

th e search engine cache to ensure th a t th e sensitive data is rem oved p e rm a n e n tly

Trang 23

Search fo r th e ta rg e t com pany's exte rn a l URL

in a search en gine such as G oogle o r Bing

In te rn a l URLs p ro v id e an in sig h t in to

d iffe re n t d e p a rtm e n ts and business u n its in

an organiza tion

You m ay fin d an in te rn a l com pany's URL by

tria l and e rro r m e th o d

F i n d i n g C o m p a n y ’ s E x t e r n a l a n d I n t e r n a l U R L s

A com pany's external and in terna l URLs provide a lo t o f useful in fo rm a tio n to th e attacker These URLs describe th e com pany and provide details such as th e com pany mission and vision, history, products or services o ffe re d , etc The URL th a t is used o u ts id e th e c o rp o ra te

n e tw o rk fo r accessing the com pany's v a ult server via a fire w a ll is called an external URL It links

d ire c tly to th e com pany's external w eb page The ta rg e t com pany's external URL can be

d e te rm in e d w ith th e help o f search engines such as G oogle o r Bing.

If you w a n t to fin d th e external URL o f a com pany, fo llo w these steps:

1 Open any o f the search engines, such as Google or Bing.

2 Type th e name o f th e ta rg e t com pany in th e Search box and press Enter.

The in terna l URL is used fo r accessing th e com pany's va u lt server d ire ctly inside th e co rp orate

n etw o rk The in terna l URL helps to access th e in terna l fu n ctio n s o f a com pany M ost com panies use com m on fo rm a ts fo r in terna l URLs T herefore, if you know th e e x te rn a l URL o f a com pany, you can p re dict an in terna l URL th ro u g h tria l and e rro r These in te rn a l URLs provide insight in to

d iffe re n t d e p a rtm e n ts and business units in an organization You can also find th e in terna l URLs

o f an organization using tools such as n etcra ft.

Tools to Search In te rn a l URLs

M o d u le 0 2 P a g e 113

Trang 24

Source: h ttp ://n e w s n e tc ra ft.c o m

N e tcra ft deals w ith w eb server, w eb hostin g m a rke t-sh are analysis, and ope ra tin g system d ete ction It provides free anti-phishing to o lb a r (N et c ra ft to o lb a r) fo r Firefox as w ell as

In te rn e t Explorer browsers The n e tc ra ft to o lb a r avoids phishing attacks and p ro te cts th e

In te rn e t users fro m fraudsters It checks th e risk rate as w ell as th e hosting location o f the

w ebsites w e visit.

L i n k E x t r a c t o r

Source: h ttp ://w w w w e b m a s te r-a c o m /lin k -e x tra c to r-in te rn a l.p h p

Link E xtractor is a link e xtractio n u tility th a t allow s you to choose betw een external and internal URLs, and w ill re tu rn a plain list o f URLs linked to or an h tm l list You can use this u tility to

Trang 25

R estricted W ebsite

P u b l i c a n d R e s t r i c t e d W e b s i t e s

— _ , A public w ebsite is a w eb site designed to show th e presence o f an organization on the

In te rn e t It is designed to a ttra c t custom ers and p a rtn e rs It contains in fo rm a tio n such as com pany history, services and products, and co nta ct in fo rm a tio n o f th e organization.

The fo llo w in g screenshot is an exam ple o f a public w ebsite:

Source: h ttp ://w w w m ic ro s o ft.c o m

http://www.microsoft.com

Public Website

Welcome to Microsoft

Irocua Dt+noaSz Sicuity Stifpcrt Su

M o d u le 0 2 P a g e 115

Trang 26

FIGURE 2 2 : A n e x a m p le o f p u b lic w e b s ite

A re stricte d w ebsite is a w ebsite th a t is available to only a fe w people The people may be

em ployees o f an organization, m em bers o f a d e p a rtm e n t, etc R estrictions can be applied based on th e IP num ber, dom ain or subnet, usernam e, and password.

Restricted o r private w ebsites o f m icroso ft.co m include: h ttp ://te c h n e t.m ic ro s o ft.c o m ,

h ttp ://w in d o w s m ic ro s o ft.c o m , h ttp ://o ffic e m ic ro s o ft.c o m , and h ttp ://a n s w e rs m ic ro s o ft.c o m

Trang 27

M icrosoft | TechNet

Wi*• iMMI IK <*<»% Supl**•' <

I TKMCINfMS IVMUAIIOM fVINIl U*VKTU*I% IK HM lM kOC

Discover the New Office for IT Prc

|(«4a> tNc«r יז* » י * י 0 iecK ew r Shw1»ew1» 1>•

I Tc<»C«mer Ntw Office 10* IT *tot IW ftM T IjcMno« W I *o

I V^* < jq *o׳ S«e 0*Ve X i l n t e w I« K « ׳*er bcneJO Il י

FIGURE 2 3 : E xa m p le s o f P u b lic a n d R e s tric te d w e b s ite s

M o d u le 0 2 P a g e 117

Trang 28

to physical location, we can also colle ct in fo rm a tio n such as su rrounding public W i-Fi hotspots

th a t may prove to be a w ay to break in to th e ta rg e t o rg a n iz a tio n 's n e tw o rk

A ttackers w ith th e know ledge o f a ta rg e t organization's location may a tte m p t d u m p ste r diving, surveillance, social engineering, and o th e r non-technical attacks to gather much m ore

in fo rm a tio n a b o u t the ta rg e t organization Once th e location o f th e ta rg e t is know n, detailed

sa te llite images o f th e location can be obta in ed using various sources available on the In te rn e t such as h ttp ://w w w g o o g le c o m /e a rth and h ttp s ://m a p s g o o g le c o m A ttackers can use this

in fo rm a tio n to gain u n a u th o riz e d access to buildings, w ired and w ireless netw orks, systems, and so on.

Exam ple: e a rth g o o g le co m

Google Earth is a valuable to o l fo r hacking th a t allow s you to fin d a location, p oint, and zoom

Trang 29

Exam ple: m aps.google.com

Google Maps provides a S treet V iew fe a tu re th a t provides you w ith a series o f images o f building, as w ell as its surroundings, including WI-FI n e tw o rk s A ttackers may use Google Maps

to fin d or locate entrances to buildings, security cameras, gates, places to hide, w eak spots in

p e rim e te r fences, and u tility resources like e le c tric ity connections, to m easure distance betw een d iffe re n t objects, etc.

=ssa » \ l

O m O kxh S«*fchn#*rby S*v»tom*p mor*»

*•port • poC4«m U«C* L*M • H«lp

Ooogi• U«e* ■ •M i: Ooo#• rwim 01 Um • * יי♦*

FIGURE 2 5 : G o o g le M a p s s h o w in g a S tre e t V ie w

M o d u le 0 2 P a g e 119

Trang 30

C E H

P e o p l e S e a r c h

T h e p e o p le sea rch re tu rn s th e fo llo w in g

in fo r m a t io n a b o u t a p e rs o n :

“ Residential addresses and email addresses

S Contact numbers and date o f birth

S Photos and social networking profiles

addresses, phone num bers, house addresses, and o th e r in fo rm a tio n Using this in fo rm a tio n you can try to obta in bank details, c re d it card details, m obile num bers, past history, etc There are

m any people search online services available th a t help fin d people, h ttp ://p ip l.c o m and

h ttp ://w w w s p o k e o c o m are exam ples o f people search services th a t a llo w you to search fo r

th e people w ith th e ir nam e, em ail, usernam e, phone, or address.

These people search services m ay p ro v id e in fo rm a tio n such as:

Q Residential addresses and em ail addresses

O Contact num bers and date o f b irth

Q Photos and social n e tw o rkin g profiles

Trang 31

M o d u le 0 2 P a g e 121

Trang 32

People Search Online Services CEH

Trang 36

mrtKbm IlH 1 t i t tIKSt Bo—1 tow p»m m 1*»

Trang 37

Carmen f lectra About *

Anefere of *emd-wett Carmen grew near Cmanno•

900 and got her frtt b»M* whan a tcout for *nnce apottod her danang and e*ed her to come and audfton for

Can«an wroto a book, >to»* toBeSexy'wfvtftwat pubftrfted by Random Houae In • י• book Carman conveyi

*tat a sold t*d*r«tandng • f one • •v w •alf • »«a cora Canoe* a Mothe fe e of Me* factor ,a brand that ״ a•

W t J *moot 100 year! ago and • •nwedetaJy Mad to

> 10»1׳«aod1 *oat beeutAJ facaa Carmen'• partner*?

Me! factor V a tu rt n rv and pm M!r«

FIGURE 2.7: Facebook a social networking service to search for people across the world

Trang 38

( t w e e t s ) E v e n u n r e g i s t e r e d u s e r s c a n r e a d t w e e t s o n t h i s s i t e

FIGURE 2.9: Twitter screenshot

Định dạng
Số trang	171
Dung lượng	7,86 MB