Footprinting and Social Engineering Flashcards
Footprinting is defined as the process of creating a blueprint or map of an organization’s network
and systems.
Footprinting is defined as the process of creating a blueprint or map of an organization’s network
and systems.
google hack commands
filetype
searches only within the text of a particular type of file. The file type to search
must be supplied after the colon. Don’t include a period before the file extension.
link
searches within hyperlinks for a search term and identifies linked pages
cache
identifies the version of a web page. The URL of the site must be supplied after
the colon.
intitle
searches for a term within the title of a document.
inurl
searches only within the URL (web address) of a document. The search term must
follow the colon.
Seven steps of information gathering
Footprinting Unearth Initial Information Locate the Network Range Ascertain Active Machines Discover Open Ports/Access Points Detect Operating Systems Uncover Services on Ports Map the Network
ARIN
American Registry for Internet Numbers
URL
Uniform Resource Locator
ICANN
Internet Corporation for Assigned Names and Numbers
RIPE NCC
Europe, the Middle East, and parts
of Central Asia)
LACNIC
Latin American and Caribbean Internet Addresses
Registry
APNIC
Asia Pacific Network Information Centre
Identify Different Types of DNS Records
The following list describes the common DNS record types and their use:
A (address)—Maps a host name to an IP address
SOA (Start of Authority)—Identifies the DNS server responsible for the domain information
CNAME (canonical name)—Provides additional names or aliases for the address record
MX (mail exchange)—Identifies the mail server for the domain
SRV (service)—Identifies services such as directory services
PTR (pointer)—Maps IP addresses to host names
NS (name server)—Identifies other name servers for the domain
packet-tracking tools
NeoTrace, VisualRoute, and VisualLookout
Email Tracking tools
eMailTracking Pro
MailTracking.com
Common Types Of Attacks?
Human-based Human-based social engineering refers to person-to-person interaction to retrieve
the desired information. An example is calling the help desk and trying to find out a password.
Computer-based Computer-based social engineering refers to having computer software
that attempts to retrieve the desired information. An example is sending a user an e-mail and
asking them to reenter a password in a web page to confirm it. This social-engineering attack
is also known as phishing.
Human-Based Social Engineering
Impersonating an employee or valid user Posing as an important user Using a third person Calling technical support Shoulder surfing Dumpster diving
What is the next step to be performed after footprinting?
Scanning
