02. Footprinting and Reconnaissance Flashcards
What is FOOTPRINTING?
Footprinting is the first step of any attack on information systems in which an attacker collects information about a target network to identify various ways to intrude into the system.
What is PASSIVE FOOTPRINTING?
Gathering information about the target without direct interaction.
What is ACTIVE FOOTPRINTING?
Gathering information about the target with direct interaction.
Give three examples of Organisation Information recovered from FOOTPRINTING.
employee details, telephone numbers, branch and location details, background of the organisation, web technologies, news articles, press releases, related documents
Give three examples of Network Information recovered from FOOTPRINTING.
domain and sub-domains, network blocks, network topology, trusted routers, firewalls, IP addresses of reachable systems, Whois records, DNS records
Give three examples of System Information recovered from FOOTPRINTING.
web server OS, location of web servers, publicly available email addresses, usernames and passwords
What is [cache:]? (GOOGLE HACKING)
Displays the web pages stored in the google cache.
What is [link:]? (GOOGLE HACKING)
Lists web pages that have links to the specified web page.
What is [related:]? (GOOGLE HACKING)
Lists web pages that are similar to the specified web page.
What is [info:]? (GOOGLE HACKING)
Presents some information that Google has abbout a particular web page.
What is [site:]? (GOOGLE HACKING)
Restricts the results to those websites in the given domain.
What is [allintitle:]? (GOOGLE HACKING)
Restricts the results to those websites containing all the search keywords in the title.
What is [intitle:]? (GOOGLE HACKING)
Restricts the results to documents containing the search keyword in the title.
What is [allinurl:]? (GOOGLE HACKING)
Restricts the results to those containing all the search keywords in the URL.
What is [inurl:]? (GOOGLE HACKING)
Restricts the results to documents containing the search keyword in the URL.
What is [location:]? (GOOGLE HACKING)
Finds information for a specific location.
What is the GOOGLE HACKING DATABASE? (GHDB)
The Google Hacking Database (GHDB) is an authoritative source for querying the ever-widening reach of the Google search engine.
What is the DEEP WEB?
It consists of web pages and contents that are hidden and unindexed and cannot be located using traditional web browsers and search engines. It can be accessed by search engines like Tor Browser and The WWW Virtual Library.
What is WEBSITE FOOTPRINTING?
Website footprinting refers to the monitoring and analysis of the target organisation’s website for information.
What may examining the HTML source code provide?
Comments present in the source code, Contact details of the web developer or admin, File system structure and script type
What may examining COOKIES provide?
Software in use and its behaviour, Scripting platforms used
What are WEB SPIDERS?
Web spiders, like Web Data Extractor and ParseHub, perform automated searches on the target website and collect specified information such as employee names and email addresses. Attackers use the collected information to perform footprinting and social engineering attacks.
What is USER-DIRECTED SPIDERING? (three steps)
Attackers use standard web browsers to walk through the target website functionalities. The incoming and outgoing traffic of the target website is monitored and analyzed by tools that include features of both a web spider and an intercepting proxy. Attackers use tools like Burp Suite and WebScarab to perform user-directed spidering
What is the purpose of MIRRORING an ENTIRE WEBSITE?
Mirroring an entire website onto a local system enables an attacker to browse a website offline; it also assists in finding directory structure and other valuable information from the mirrored copy without sending multiple requests to the web server.
What do WEB MIRRORING tools do?
Web mirroring tools (like HTTrack Web Site Copier, and Cyotek WebCopy) allow you to download a website to a local directory, recursively building all directories, HTML, images, flash, videos, and other files from the server to your computer.
What is the purpose of TRACKING EMAIL COMMUNICATIONS?
Attackers track emails to gather information about a target recipient, such as IP addresses, geolocation, browser and OS details, etc.
What is the WHOIS LOOKUP?
Whois databases are maintained by the Regional Internet Registries and contain personal information of domain owners.
What is the purpose of FINDING IP GEOLOCATION INFORMATION?
IP geolocation helps to identify information such as couuntry, region/state, city, ZIP/postal code, time zone, connection speed, ISP (hosting company), domain name, IDD country code, area code, mobile carrier, and elevation. Finding this information helps attackers with launching social engineering attacks, like spamming or phishing
What does NETWORK RANGE INFORMATION tell an attacker?
Network range information assists attackers in creating a map of the target network.
