Foot printing is the method that is used for gathering information regarding target/victim system which will be utilized during attacks. It’s one in all the foremost convenient ways for the hackers to gather information regarding targets like laptop systems, devices, and networks. Hackers use this technique, to gather information about open ports of the target system, services running, and remote access possibilities.
Since it’s the initial part of hacking it’s very important to develop an accurate understanding of the whole method. The systematic footprinting of a target enables the attacker to get blueprint of the target’s security posture.
There are two types of Footprinting:
1. Passive footprinting
2. Active footprinting
Passive footprinting means that gathering information without interacting with the target directly. This type of footprinting is used when information gathering must not be detected by the target.
Active footprinting means that grouping information by interacting with the target directly. With this type of footprinting there’s a chance that the target becomes alert about information gathering.
Attackers use footprinting to gather information about:
Network information
• Domains
• Subdomains
• IP addresses
• Whois and DNS records
System information
• Web server operational systems
• Server locations
• Users
• Passwords
Organization information
• Employee information
• Organization’s background
• Phone numbers
• Locations
The objectives of footprinting are:
• Learn security posture Analyze the safety posture of the target, observe loopholes, and build a creative attack plan.
• Identify focus area using different tools and techniques, reduce the range of IP addresses.
• Find vulnerabilities and use the collected information to spot weaknesses within the target’s security.
• Map the network diagrammatically represent the target’s network and use it as a guide throughout the attack.
SITES USED FOR BACKGROUNG CHECKS:
1. USSeach
2. ChoicePoint
3. ZabaSearch
NOTE: If you can’t notice the information that you are trying to find or if you would like to dig deeper on a website with a straight forward keyword search, perform an advanced internet search. For example: If you want to find files on a particular website, use this strings “ site: www.(domain).com ” “ (keyword or file name) – to search for specific files on a particular website filetype :swf ” “ (company)_(name) – to search for Flash files that can possibly be decompiled to gain access to encrypted information ”.
Mapping the Network.
Whois: Provides information regarding DNS servers that are getting used by your domain and details regarding your service provider’s technical support. It additionally has a tool known as the DNSstuff, that performs the following: show which hosts handles that email for a specific Domain shows locations of hosts. See whether or not a specific host is blacklisted as a spam host. Show general information about domain’s registration except the Whois, we can get similar information about different domains by using the following site’s:
1. www.dot.gov – provides information regarding the government
2. www.nic.mil – provides information regarding the military
3. www.apnic.net – provides information on Asia Pacific Regional web register.
4. ws.arin.net/whois/index.html – provides information regarding the net register on some components of subequatorial continent, North America, and a few areas.
5. www.lacnic.net/en – provides information regarding Carribean and Latin American web registries.
6. www.db.ripe.net/whois – provides information regarding web register in African, European, Middle East, and Central Asian regions.
NOTE: Forums and Google teams also are USED.
Doing System Scans:
1. Use the information you found on your Whois searches to check how related hostnames and IP addresses is arranged.
2. Scan your internal hosts and known what possibly users might access. Keep in mind that an attacker might come from within your organization set up in one of your hosts, which can be very difficult to point out.
3. Check your system’s ping utility, or use a third-party utility that allows you to ping different addresses at the same time. You’ll be able to try this by using tools like NetScan Tools, fping (if you’re using Unix), or SuperScan. If you are not aware of what your gateway IP address is, you can search for your public IP address by going to www.whatismyip.com.
4. Do an outside-in scan of your system by scanning for open ports. To do that, you’ll be able to use tools like Nmap or Superscan, then check what others can see on your network traffic by using tools like Wireshark or Omnipeek. By doing this scan, you will be able to get an idea on what others can see once they scan your public IP address and then connect a digital computer right into a hub or switch on your router’s public aspect. Once you’re able to scan open ports, you will be ready to notice that outsiders who are doing sweeps on your open ports can simply find the following information:
1. VPN services that are running such as IPSEC, PPTP, and SSL.
2. Services that are running on your ports, such as email, database apps, and internet servers
3. Authentication demand for sharing across Networks.
4. Remote access services available on your system, like Remote Desktop, Secure Shell, VNC, and Windows Terminal Services.
TO FIND information regarding SYSTEM VULNERABILITIES DATABASE:
1. US-CERT Vulnerability Notes information (kb.cert.org)
2. Common Vulnerabilities and Exposures (cve.mitre.org/cve)
3. Government agency National Vulnerability information (nvd.nist.gov)