Chapter 4 Footprinting & Reconnaissance

Question 1

PHASE 1 of the ethical hacking process!!

Answer 1

Footprinting - PASSIVELY gaining info about target

i.e. want just enough data to plan next phase of scanning

includes IP address ranges, Namespaces, Employee info, phone #s, facility info, job info, OS

Question 2

Phase 2

Answer 2

Scanning - ACTIVELY gaining info; footprinting helps identify targets but not all may be active, which is where scanning takes place

includes locating active hosts to target in later phase, pings, ping sweeps, port scans, tracert

Question 3

Phase 3

Answer 3

Enumeration - systematic probing of target w/ goal of obtaining user lists, routing tables, & protocols from the system; shifting from outside to inside to gather data

includes shares, users, groups, applications, protocols, banners, usernames, group info, passwords, device info, NW layout, services

Question 4

Phase 4

Answer 4

System Hacking - methodical approach including cracking passwords, escalating privileges, executing apps, hiding files, covering tracks, concealing evidence

Question 5

Footprinting, or reconnaissance definition

Answer 5

method of observing & collecting info about potential target w/ the intention of finding a way to attack

Question 6

Maltego

Answer 6

app that illustrates relationship between people, gruops, companies, etc (illustrates the dangers of social networking)

Question 7

Financial Services Info Types

Answer 7

Company officers, financials, sites, known risks, competitive analysis

Question 8

Job Site Info Type

Answer 8

Hardware/software details, org structure

Question 9

WhoReadMe.com

Answer 9

allows you to track emails & provides info on OS, browster type, location, etc

Question 10

Competitive Analysis

Answer 10

establishing what makes your product or service unique; looking at what competitors are doing to see how your target is moving

reports provide info such as project data, financial status, etc

Tools such as EDGAR (reports), LexisNexis (news), BusinessWire (status), CNBC (future plans)

Question 11

Google Hacking “cache:”

Answer 11

shows page in google cache (not the actual website)

Question 12

Whois

Answer 12

find domain name, IP info, etc

Question 13

Archive.org

Answer 13

(aka The Wayback Machine) allows you to find archived copies of websites form which you can extract information

Question 14

Netcraft

Answer 14

suite of tools used to obtain web server version, IP address, subnet data, OS info, subdomain info

Question 15

Link Extractor

Answer 15

this tool locates & extracts the internal and external URLs for a given location

Question 16

Tracert

Answer 16

follow the path of traffic from one point to another, find relative performance and latency between hops; find server names, etc

Question 17

Google Hacking

link:

Answer 17

sites that link to the one in the search term

Question 18

Google Hacking

info:

Answer 18

get details about a site

Question 19

Google Hacking

site:

Answer 19

Returns only result from specified site

Question 20

Google Hacking

allintitle:

Answer 20

Returns websites w/ specified words in their title

Question 21

Google Hacking

allinurl:

Answer 21

Returns websites w/ specified words in their url

Question 22

Google Hacking

filetype

Answer 22

Returns only results of that filetype (i.e. filetype:pdf)

Question 23

Google Hacking database

Answer 23

www.exploit-db.com/google-dorks/

Question 24

Active Info gathering

Answer 24

engaging target for info (i.e. social engineering)

Question 25

Pseudonymous Footprinting

Answer 25

gathering info from online sources posted by someone from the target but under a diff name