Chapter 4 Footprinting & Reconnaissance Flashcards
PHASE 1 of the ethical hacking process!!
Footprinting - PASSIVELY gaining info about target
i.e. want just enough data to plan next phase of scanning
includes IP address ranges, Namespaces, Employee info, phone #s, facility info, job info, OS
Phase 2
Scanning - ACTIVELY gaining info; footprinting helps identify targets but not all may be active, which is where scanning takes place
includes locating active hosts to target in later phase, pings, ping sweeps, port scans, tracert
Phase 3
Enumeration - systematic probing of target w/ goal of obtaining user lists, routing tables, & protocols from the system; shifting from outside to inside to gather data
includes shares, users, groups, applications, protocols, banners, usernames, group info, passwords, device info, NW layout, services
Phase 4
System Hacking - methodical approach including cracking passwords, escalating privileges, executing apps, hiding files, covering tracks, concealing evidence
Footprinting, or reconnaissance
method of observing & collecting info about potential target w/ the intention of finding a way to attack
Finding NW information –> using ping and tracert
1) ping facebook.com –> IP address return + RTT (idea of connections performance & quality)
2) determine frame size on NW
ping facebook.com -f -l 1300
if pack is fragmented, decrease value until results show up
3) tracert
reveals info about path from local host to remote host
Terminology in Footprinting
1) Open source & Passive info gathering - using public resources to find info
2) Active Info gathering - engaging target for info (i.e. social engineering)
3) Pseudonymous Footprinting - gathering info from online sources posted by someone from the target but under a diff name
4) Internet Footprinting - using the internet to gain info
The Footprinting process
-
Using Search Engines
search through a lot of different engines;
Major search engines have an alert system for any updates that occur such as Google
after using search engines, move onto looking for information relating to the URL
Archive.org (aka The Wayback Machine) allows you to find archived copies of websites form which you can extract information
Netcraft - suite of tools used to obtain web server version, IP address, subnet data, OS info, subdomain info
Link Extractor - this tool locates & extracts the internal and external URLs for a given location
Public & Restricted Websites
websites that are not intended to be public but to be restricted to a few
Location and Geography
important to know location for dumpster diving, social engineering, & other techniques
use people search, google maps, google earth,
Social Networking & Information Gathering
can learn all about an individual and their relationships; good for social engineering
Maltego - a app that illustrates relationship between people, gruops, companies, etc (illustrates the dangers of social networking)
Financial Services for Info Gathering
Finance websites allows you to gather info about company officers, profiles, etc
Job Sites for Info
job postings tend to have a statement of desired skill sets, this can have important details such as OS info, HW info, employer/employee profile, SW info
Email for info
http://whoreadme.com –> allows you to track emails & provides info on OS, browster type, location, etc
