Module 2 - Footprinting and Reconnaissance Flashcards
The first step of any attack on information systems in which an attacker collects information about a target network for identifying various ways to intrude into the system.
a. Banner Grabbing
b. Scanning/Enumeration
c. Reconnaissance/Footprinting
d. Gaining Access
e. Maintaining Access
c. Reconnaissance/Footprinting
Refers to the use of advanced Google search operators for creating complex search queries in order to extract sensitive or hidden information that helps attackers to find vulnerable targets.
Google Hacking
Footprinting through Search Engines:
Displays the web pages stored in the Google cache.
a. cache
b. link
c. related
d. info
e. site
f. allintitle
g. intitle
h. allinurl
i. inurl
j. location
a. cache
Footprinting through Search Engines:
Lists web pages that have links to the specified web page.
a. cache
b. link
c. related
d. info
e. site
f. allintitle
g. intitle
h. allinurl
i. inurl
j. location
b. link
Footprinting through Search Engines:
Restricts the results to those websites in the given domain.
a. cache
b. link
c. related
d. info
e. site
f. allintitle
g. intitle
h. allinurl
i. inurl
j. location
e. site
Footprinting through Search Engines:
Restricts the results to those with all of the search keywords in the URL.
a. cache
b. link
c. related
d. info
e. site
f. allintitle
g. intitle
h. allinurl
i. inurl
j. location
h. allinurl
Footprinting through Search Engines:
- An authoritative source for querying the ever-widening reach of the Google search engine.
- Common Vulnerabilities and Exposures (CVE) compliant archive of public exploits and corresponding vulnerable software.
Google Hacking Database (GHDB)
Website Footprinting:
Extracts metadata of public documents (pdf, doc, xls, ppt, docx, pptx, xlsx, etc.) belonging to a target company.
a. Burp Suite
b. Netcraft.com
c. Archive.org
d. Metagoofil
d. Metagoofil
Whois Footprinting:
Whois databases are maintained by ______ ______ _______ and contain personal information of domain owners.
Regional Internet Registries
Whois Footprinting:
Regional Internet Registries (RIRs): ARIN
a. North America & Canada
b. Africa
c. Europe
d. Latin America and Caribbean Islands
e. Asian/Pacific
a. North America & Canada
Whois Footprinting:
Regional Internet Registries (RIRs): AFRINIC
a. North America & Canada
b. Africa
c. Europe
d. Latin America and Caribbean Islands
e. Asian/Pacific
b. Africa
Whois Footprinting:
Regional Internet Registries (RIRs): RIPE NCC
a. North America & Canada
b. Africa
c. Europe
d. Latin America and Caribbean Islands
e. Asian/Pacific
c. Europe
Whois Footprinting:
Regional Internet Registries (RIRs): lacnic
a. North America & Canada
b. Africa
c. Europe
d. Latin America and Caribbean Islands
e. Asian/Pacific
d. Latin America & Caribbean
Whois Footprinting:
Regional Internet Registries (RIRs): APNIC
a. North America & Canada
b. Africa
c. Europe
d. Latin America and Caribbean Islands
e. Asian/Pacific
e. Asian/Pacific
DNS Footprinting:
Points to a host’s IP address:
a. A / AAAA (IPv6)
b. MX
c. CNAME
d. SOA
e. PTR
a. A / AAAA (IPv6)
DNS Footprinting:
Points to domain’s mail server.
a. A / AAAA (IPv6)
b. MX
c. CNAME
d. SOA
e. PTR
b. MX
DNS Footprinting:
Canonical naming allows aliases to a host.
a. A / AAAA (IPv6)
b. MX
c. CNAME
d. SOA
e. PTR
c. CNAME
DNS Footprinting:
Indicate authority for domain. (Start of Authority)
a. A / AAAA (IPv6)
b. MX
c. CNAME
d. SOA
e. PTR
d. SOA
DNS Footprinting:
Maps IP address to a hostname.
a. A / AAAA (IPv6)
b. MX
c. CNAME
d. SOA
e. PTR
e. PTR
Footprinting through Web Services:
_______ is a tool used determine the Operating Systems in use by the target organization.
a. Censys
b. SHODAN
c. Netcraft
d. Firebug
c. Netcraft
Website Footprinting:
This website allows you to visit archived versions of websites.
archive.org
Network Footprinting:
This command is used to see the path a packet travels from source to destination.
Traceroute
Footprinting through Social Engineering:
- Is unauthorized listening of conversations or reading of messages.
- It is interception of any form of communication such as audio, video, or written.
a. Shoulder Surfing
b. Dumpster Diving
c. Eavesdropping
c. Eavesdropping
Footprinting through Social Engineering:
- Is atechnique, where attackers secretly observe the target to gain critical information.
- Attackers gather information such as passwords, personal identification number, account numbers, credit card information, etc.
a. Shoulder Surfing
b. Dumpster Diving
c. Eavesdropping
a. Shoulder Surfing
Footprinting through Social Engineering:
- Is looking for treasure in someone else’s trash.
- It involves the collection of phone bills, contact information, financial information, operations-related information, etc. from the target company’s trash bins, printer trash bins, user desk for sticky notes, etc.
a. Shoulder Surfing
b. Dumpster Diving
c. Eavesdropping
b. Dumpster Diving
Footprinting Tools:
A program that can be used to determine the relationships and real world links between people, groups of people (social networks), companies, organizations, websites, internet infrastructure, phrases, documents, and files.
a. Metasploit
b. Maltego
c. Recon-ng
d. Foca
b. Maltego
Footprinting Pen Testing:
Perform footprinting through web services such as ______ to gather information about target organization’s website, employees, competitor, infrastructure, operating systems, etc.
a. Google
b. DNSstuff
c. Netcraft
d. LexisNexis
c. Netcraft
