SlideShare una empresa de Scribd logo
1 de 171
Descargar para leer sin conexión
Footprinting and
R econnaissance
Module 02
Ethical Hacking and Countermeasures
Footprinting and Reconnaissance

Exam 312-50 Certified Ethical Hacker

Footprinting and
R econnaissance
Module 02

Ethical Hacking and Countermeasures v8
M o d u l e 02: Foot prin ting and Reconnaissance
Exam 31 2- 50

Module 02 Page 92

Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil
All Rights Reserved. Reproduction is Strictly Prohibited.
Ethical Hacking and Countermeasures
Footprinting and Reconnaissance

Exam 312-50 Certified Ethical Hacker

Security News
ABOUT US

PRODUCTS

N EW S

F aceb o o k a 'tre a s u re tro v e' o f
P erso n ally Id e n tifia b le In fo rm ation

A ril 1a 2012
p

Facebook contains a "treasure trove" of personally identifiable information that hackers
manage to get their hands on.
A report by Imperva revealed that users' "general personal information" can often include
a date of birth, home address and sometimes mother's maiden name, allowing hackers to
access this and other websites and applications and create targeted spearphishing campaigns.
It detailed a concept I call "friend-mapping", where an attacker can get further knowledge of
a user’s circle of friends; having accessed their account and posing as a trusted friend, they can
cause mayhem. This can include requesting the transfer of funds and extortion.
Asked why Facebook is so important to hackers, Imperva senior security strategist Noa Bar-Yosef
said: "People also add work friends on Facebook so a team leader can be identified and this can lead
to corporate data being accessed, project work being discussed openly, while geo-location data can be
detailed for military intelligence."
"Hacktivism made up 58 per cent of attacks in the Verizon Data Breach Intelligence Report, and they
are going after information on Facebook that can be used to humiliate a person. All types of attackers
have their own techniques."

http://www.scmogazineuk.com

Copyright © by EG-G*ancil. All Rights Reserved. Reproduction is Strictly Prohibited.

‫״‬

am ps

uii

Security N ew s
‫״־‬
Facebook a ,treasure trove‫״‬of Personally Identifiable
Information

Source: http://www.scmagazineuk.com
Facebook contains a "treasure trove" of personally identifiable information that hackers
manage to get their hands on.
A report by Imperva revealed that users' "general personal information" can often include a
date of birth, home address and sometimes mother's maiden name, allowing hackers to access
this and other websites and applications and create targeted spearphishing campaigns.
It detailed a concept I call "friend-mapping", where an attacker can get further knowledge of a
user's circle of friends; having accessed their account and posing as a trusted friend, they can
cause mayhem. This can include requesting the transfer of funds and extortion.
Asked why Facebook is so important to hackers, Imperva senior security strategist Noa BarYosef said: ‫״‬People also add work friends on Facebook so a team leader can be identified and
this can lead to corporate data being accessed, project work being discussed openly, while geolocation data can be detailed for military intelligence."

Module 02 Page 93

Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil
All Rights Reserved. Reproduction is Strictly Prohibited.
Ethical Hacking and Countermeasures
Footprinting and Reconnaissance

Exam 312-50 Certified Ethical Hacker

"Hacktivism made up 58 per cent of attacks in the Verizon Data Breach Intelligence Report,
and they are going after information on Facebook that can be used to humiliate a person. All
types of attackers have their own techniques."
On how attackers get a password in the first place, Imperva claimed that different keyloggers
are used, while phishing kits that create a fake Facebook login page have been seen, and a
more primitive method is a brute force attack, where the attacker repeatedly attempts to guess
the user's password.
In more extreme cases, a Facebook adm inistrators rights can be accessed. Although it said that
this requires more effort on the hacker side and is not as prevalent, it is the "holy grail" of
attacks as it provides the hacker with data on all users.
On protection, Bar-Yosef said the roll-out of SSL across the whole website, rather than just at
the login page, was effective, but users still needed to opt into this.

By Dan Raywood
http://www.scmagazine.com.au/Feature/265065,digitial-investigations-have-matured.aspx

Module 02 Page 94

Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil
All Rights Reserved. Reproduction is Strictly Prohibited.
Ethical Hacking and Countermeasures
Footprinting and Reconnaissance

Exam 312-50 Certified Ethical Hacker

M odule O bjectives
J

Footprinting Terminology

J

WHOIS Footprinting

J

W hat Is Footprinting?

J

DNS Footprinting

J

Objectives of Footprinting

J

Network Footprinting

J

Footprinting Threats

J

Footprinting through Social
Engineering

J

J

Website Footprinting

CEH

Footprinting through Social
Networking Sites

W
J

Email Footprinting

J

Footprinting Tools

J

Competitive Intelligence

J

Footprinting Countermeasures

J

Footprinting Using Google

J

Footprinting Pen Testing

Copyright © by EC-G*ancil. All Rights Reserved. Reproduction is Strictly Prohibited.

t t t f

M odule O bjectives
This module will make you familiarize with the following:
e

Footprinting Terminologies

©

WHOIS Footprinting

e

W hat Is Footprinting?

©

DNS Footprinting

©

Objectives of Footprinting

©

Network Footprinting

©

Footprinting Threats

©

Footprinting through Social

e

Footprinting through Search Engines

©

Website Footprinting

©

Email Footprinting

©

Footprinting Tools

©

Competitive Intelligence

©

Footprinting Countermeasures

©

Footprinting Using Google

©

Footprinting Pen Testing

Engineering

Module 02 Page 95

©

Footprinting through Social
Networking Sites

Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil
All Rights Reserved. Reproduction is Strictly Prohibited.
Ethical Hacking and Countermeasures
Footprinting and Reconnaissance

Exam 312-50 Certified Ethical Hacker

M odule Flow
Ethical hacking is legal hacking conducted by a penetration tester in order to evaluate
the security of an IT infrastructure with the permission of an organization. The concept of
ethical hacking cannot be explained or cannot be performed in a single step; therefore, it has
been divided into several steps. Footprinting is the first step in ethical hacking, where an
attacker tries to gather information about a target. To help you better understand footprinting,
it has been distributed into various sections:

Xj

Footprinting Concepts

[|EJ

Footprinting Tools

Footprinting Threats

C

J

Module 02 Page 96

FootP rint'ng Countermeasures

Footprinting Methodology

Footprinting Penetration Testing

Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil
All Rights Reserved. Reproduction is Strictly Prohibited.
Ethical Hacking and Countermeasures
Footprinting and Reconnaissance

Exam 312-50 Certified Ethical Hacker

The Footprinting Concepts section familiarizes you with footprinting, footprinting terminology,
why footprinting is necessary, and the objectives of footprinting.

Module 02 Page 97

Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil
All Rights Reserved. Reproduction is Strictly Prohibited.
Ethical Hacking and Countermeasures
Footprinting and Reconnaissance

Exam 312-50 Certified Ethical Hacker

Footprinting Term inology
Open Source or Passive
Information Gathering

CEH

Active Information Gathering

Collect information about a target from
the publicly accessible sources

Gather information through social
engineering on-site visits, interviews,
and questionnaires

Anonymous Footprinting

Pseudonymous Footprinting

Gather information from sources where
the author of the information cannot

Collect information that might be
published under a different name in

be identified or traced

an attempt to preserve privacy

Organizational or Private
Footprinting

Internet Footprinting

Collect information from an organization's
web-based calendar and email services

Collect information about a target
from the Internet

Copyright © by EC-G*ancil. All Rights Reserved. Reproduction is Strictly Prohibited.

00 ooo
—

00

Footprinting Term inology

‫־‬

Before going deep into the concept, it is important to know the basic terminology
used in footprinting. These terms help you understand the concept of footprinting and its
structures.

!,n V 'nVI
'n n

Open Source or P assive Information G athering
Open source or passive information gathering is the easiest way to collect information

about the target organization. It refers to the process of gathering information from the open
sources, i.e., publicly available sources. This requires no direct contact with the target
organization. Open sources may include newspapers, television, social networking sites, blogs,
etc.
Using these, you can gather information such as network boundaries, IP address reachable via
the Internet, operating systems, web server software used by the target network, TCP and UDP
services in each system, access control mechanisms, system architecture, intrusion detection
systems, and so on.

Active Information Gathering
In active information gathering, process attackers mainly focus on the employees of

Module 02 Page 98

Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil
All Rights Reserved. Reproduction is Strictly Prohibited.
Ethical Hacking and Countermeasures
Footprinting and Reconnaissance

Exam 312-50 Certified Ethical Hacker

the target organization. Attackers try to extract information from the employees by conducting
social engineering: on-site visits, interviews, questionnaires, etc.

Anonym ous Footprinting
This refers to the process of collecting information from sources anonymously so that
your efforts cannot be traced back to you.

< — Pseudonym ous Footprinting
— i
Pseudonymous footprinting refers to the process of collecting information from the
sources that have been published on the Internet but is not directly linked to the author's
name. The information may be published under a different name or the author may have a
well-established pen name, or the author may be a corporate or government official and be
prohibited from posting under his or her original name. Irrespective of the reason for hiding the
author's name, collecting information from such sources is called pseudonymous.
*s

r

•
V
t
4
O rganizational or Private THI 4 • •
Footprinting
4

Private footp rint""ing involves collecting information from an organization's webbased calendar and email services.

|

|

Internet Footprinting
Internet footprinting refers to the process of collecting information of the target

organization's connections to the Internet.

Module 02 Page 99

Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil
All Rights Reserved. Reproduction is Strictly Prohibited.
Ethical Hacking and Countermeasures
Footprinting and Reconnaissance

Exam 312-50 Certified Ethical Hacker

W h a t I s F o o tp rin tin g ?

|

Footprinting is the process of collecting as much information as possible
about a target network, for identifying various ways to intrude into an
organization's network system

Process involved in Footprinting a Target

©

Determine the operating system

Collect basic information about
the target and its network

Perform techniques such as Whois,
DNS, network and organizational
queries

used, platforms running, web
server versions, etc.

di i iH a

af , ‫ י‬a a
■

©

Find vulnerabilities and exploits
for launching attacks

Copyright © by EC-G*ancil. All Rights Reserved. Reproduction is Strictly Prohibited.

What Is Footprinting?
Footprinting, the first step in ethical hacking, refers to the process of collecting
information about a target network and its environment. Using footprinting you can find
various ways to intrude into the target organization's network system. It is considered
‫״‬methodological" because critical information is sought based on a previous discovery.
Once you begin the footprinting process in a methodological manner, you will obtain the
blueprint of the security profile of the target organization. Here the term "blueprint" is used
because the result that you get at the end of footprinting refers to the unique system profile of
the target organization.
There is no single methodology for footprinting as you can trace information in several routes.
However, this activity is important as all crucial information needs to be gathered before you
begin hacking. Hence, you should carry out the footprinting precisely and in an organized
manner.
You can collect information about the target organization through the means of footprinting in
four steps:
1.

Collect basic information about the target and its network

2.

Determine the operating system used, platforms running, web server versions, etc.

Module 02 Page 100

Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil
All Rights Reserved. Reproduction is Strictly Prohibited.
Ethical Hacking and Countermeasures
Footprinting and Reconnaissance

Exam 312-50 Certified Ethical Hacker

3.

Perform techniques such as Whois, DNS, network and organizational queries

4.

Find vulnerabilities and exploits for launching attacks

Furthermore, we will discuss how to collect basic information, determine operating system of
target computer, platforms running, and web server versions, various methods of footprinting,
and how to find and exploit vulnerabilities in detail.

Module 02 Page 101

Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil
All Rights Reserved. Reproduction is Strictly Prohibited.
Ethical Hacking and Countermeasures
Footprinting and Reconnaissance

Exam 312-50 Certified Ethical Hacker

W h y F o o tp rin tin g ?

I'n'n'r'n'n'

CEH

Urti*W

itkM l lUckw

Why Footprinting?
For attackers to build a hacking strategy, they need to gather information about the

target organization's network, so that they can find the easiest way to break into the
organization's security perimeter. As mentioned previously, footprinting is the easiest way to
gather information about the target organization; this plays a vital role in the hacking process.
Footprinting helps to:
•

Know Security Posture

Performing footprinting on the target organization in a systematic and methodical manner
gives the complete profile of the organization's security posture. You can analyze this report
to figure out loopholes in the security posture of your target organization and then you can
build your hacking plan accordingly.
•

Reduce Attack Area

By using a combination of tools and techniques, attackers can take an unknown entity (for
example XYZ Organization) and reduce it to a specific range of domain names, network
blocks, and individual IP addresses of systems directly connected to the Internet, as well as
many other details pertaining to its security posture.
Build Information Database
Module 02 Page 102

Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil
All Rights Reserved. Reproduction is Strictly Prohibited.
Ethical Hacking and Countermeasures
Footprinting and Reconnaissance

A detailed footprint

Exam 312-50 Certified Ethical Hacker

provides

maximum

information

about the target organization.

Attackers can build their own information database about security weakness of the target
organization. This database can then be analyzed to find the easiest way to break into the
organization's security perimeter.
•

Draw Network Map

Combining footprinting techniques with tools such as Tracert allows the attacker to create
network diagrams of the target organization's network presence. This network map
represents their understanding of the targets Internet footprint. These network diagrams
can guide the attack.

Module 02 Page 103

Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil
All Rights Reserved. Reproduction is Strictly Prohibited.
Ethical Hacking and Countermeasures
Footprinting and Reconnaissance

Exam 312-50 Certified Ethical Hacker

O b jectiv es of F ootprinting

CEH

0

0

Rogue websites/private websites

0

TCP and UDP services running

0

Access control Mechanisms and ACL's

tf

System Enumeration

‫ג‬

O

IP addresses of the reachable systems

0
0
0
0
0

VPN Points

Network blocks

0

Collect
Network
Information

‫ -׳‬Networking protocols
*

Internal domain names

0

O

Domain name

0

User and group names

ACLs
IDSes running
Analog/digital telephone numbers
Authentication mechanisms

System architecture

*

Remote system type

• Routing tables

• System names

:

SNMP information

:

Passwords

0

1v
1/<
‫־‬

Collect
System
Information

‫־‬

* System banners

Employee details

0

Comments in HTML source code

0
0

Collect
Organization’s
Information

0

Address and phone numbers

Background of the organization

0

Location details

0

Web server links relevant to the
organization

0

Company directory

0

Security policies implemented

0

Organization's website

News articles/press releases

Copyright © by EC-G*ancil. All Rights Reserved. Reproduction is Strictly Prohibited.

O bjectives of Footprinting
The
information,

major
system

objectives

of footprinting

information,

and the

include

collecting the

organizational

information.

target's

network

By carrying

out

footprinting at various network levels, you can gain information such as: network blocks,
network services and applications, system architecture, intrusion detection systems, specific IP
addresses, and access control mechanisms. W ith footprinting, information such as employee
names, phone numbers, contact addresses, designation, and work experience, and so on can
also be obtained.

C ollect Network Information
The network information can be gathered by performing a W hois database analysis,
trace routing, etc. includes:
Q

Domain name

Q

Internal domain names

Q

Network blocks

©

IP addresses of the reachable systems

-‫ י‬Rogue websites/private websites

Module 02 Page 104

Ethical Hacking and Countermeasures Copyright © by EC-COUIICil
All Rights Reserved. Reproduction is Strictly Prohibited.
Ethical Hacking and Countermeasures
Footprinting and Reconnaissance

Q

Exam 312-50 Certified Ethical Hacker

TCP and UDP services running

© Access control mechanisms and ACLs
©

Networking protocols

© VPN points
Q

ACLs

9

IDSes running

© Analog/digital telephone numbers
© Authentication mechanisms
© System enumeration

C ollect System Information
Q

User and group names

© System banners
Q

Routing tables

Q

SNM P information

© System architecture
©

Remote system type

Q

System names

Q

Passwords

C ollect O rganization’s Information
Q

Employee details

Q

Organization's website

Q

Company directory

Q

Location details

Q

Address and phone numbers

Q

Comments in HTML source code

Q

Security policies implemented

Q

W eb server links relevant to the organization

©

Background of the organization

U

News articles/press releases

Module 02 Page 105

Ethical Hacking and Countermeasures Copyright © by EC-COUIlCil
All Rights Reserved. Reproduction is Strictly Prohibited.
Ethical Hacking and Countermeasures
Footprinting and Reconnaissance

Exam 312-50 Certified Ethical Hacker

M odule Flow
So far, we discussed footprinting concepts, and now we will discuss the threats
associated with footprinting:

‫ף‬

Footprinting Concepts

Footprinting Tools

Footprinting Countermeasures

o ‫ ר‬Footprinting Threats

C L)

Footprinting Methodology

Footprinting Penetration Testing

xi

‫? * ר‬
The Footprinting Threats section familiarizes you with the threats associated with footprinting
such

as

social

Module 02 Page 106

engineering,

system

and

network

attacks,

corporate

espionage,

etc.

Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil
All Rights Reserved. Reproduction is Strictly Prohibited.
Ethical Hacking and Countermeasures
Footprinting and Reconnaissance

Exam 312-50 Certified Ethical Hacker

Footprinting T hreats
J

Attackers gather valuable system and network information such as account
details, operating system and installed applications, network components,
server names, database schema details, etc. from footprinting techniques

Types off T h re a ts

Information
Leakage

Privacy
Loss

J

C o p yrigh t © b y

‫0ם‬- ‫ם‬

J.

EG-G*ancil. All

Corporate
Espionage

Business
Loss

Rights Reserved. Rep rod u ctio n is S trictly Prohibited.

Footprinting Threats
As discussed previously, attackers perform footprinting as the first step in an attempt to

hack a target organization. In the footprinting phase, attackers try to collect valuable systemlevel information such as account details, operating system and other software versions, server
names, and database schema details that will be useful in the hacking process.
The following are various threats due to footprinting:

Social E ngineering
W ithout

using any

intrusion

methods,

hackers

directly

and

indirectly

collect

information through persuasion and various other means. Here, crucial information is gathered
by the hackers through employees without their consent.

©J

System and Network Attacks
Footprinting helps an attacker to perform system and network attacks. Through

footprinting, attackers can gather information related to the target organization's system
configuration, operating system running on the machine, and so on. Using this information,
attackers can find the vulnerabilities present in the target system and then can exploit those

Module 02 Page 107

Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil
All Rights Reserved. Reproduction is Strictly Prohibited.
Ethical Hacking and Countermeasures
Footprinting and Reconnaissance

Exam 312-50 Certified Ethical Hacker

vulnerabilities. Thus, attackers can take control over a target system. Similarly, attackers can
also take control over the entire network.

pa»,

Inform ation L eakage

L 3 3

Information leakage can be a great threat to any organization and is often overlooked.

&

If sensitive organizational information falls into the hands of attackers, then they can build an
attack plan based on the information, or use it for monetary benefits.

G P
‫—יי‬

Privacy

L oss

‫ ׳‬With the help of footprinting, hackers are able to access the systems and networks of

the company and even escalate the privileges up to admin levels. W hatever privacy was
maintained by the company is completely lost.

Corporate Espionage
Corporate espionage is one of the major threats to companies as competitors can spy
and attempt to steal sensitive data through footprinting. Due to this type of espionage,
competitors are able to launch similar products in the market, affecting the market position of a
company.

B usin ess Loss
Footprinting has a major effect on businesses such as online businesses and other
ecommerce websites, banking and financial related businesses, etc. Billions of dollars are lost
every year due to malicious attacks by hackers.

Module 02 Page 108

Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil
All Rights Reserved. Reproduction is Strictly Prohibited.
Ethical Hacking and Countermeasures
Footprinting and Reconnaissance

Exam 312-50 Certified Ethical Hacker

M odule Flow
Now that you are familiar with footprinting concepts and threats, we will discuss the
footprinting methodology.
The footprinting methodology section discusses various techniques used to collect information
about the target organization from different sources.

x

Footprinting Concepts

‫ן־דיןן‬

Footprinting Threats

G O

Module 02 Page 109

Footprinting Methodology

Footprinting Tools

Footprinting Countermeasures

v!

Footprinting Penetration Testing

Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil
All Rights Reserved. Reproduction is Strictly Prohibited.
Ethical Hacking and Countermeasures
Footprinting and Reconnaissance

Exam 312-50 Certified Ethical Hacker

Footprinting M ethodology

Footprinting through Search

EH

W H O IS Footprinting

Engines
Website Footprinting

DNS Footprinting

Email Footprinting

Network Footprinting

Competitive Intelligence

Footprinting through Social
Engineering

Footprinting using Google

Footprinting through Social
Networking Sites

Copyright © by EG-G*ancil. All Rights Reserved. Reproduction is Strictly Prohibited.

I ^
—

Footprinting M ethodology
The footprinting methodology is a procedural way of collecting information about a

target organization from all available sources. It deals with gathering information about a target
organization,

determining URL, location, establishment details, number of employees, the

specific range of domain names, and contact information. This information can be gathered
from various sources such as search engines, Whois databases, etc.
Search engines are the main information sources where you can find valuable information
about your target organization. Therefore, first we will discuss footprinting through search
engines. Here we are going to discuss how and what information we can collect through search
engines.
Examples of search engines include: www.google.com ,www.yahoo.com ,www.bing.com

Module 02 Page 110

Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil
All Rights Reserved. Reproduction is Strictly Prohibited.
Ethical Hacking and Countermeasures
Footprinting and Reconnaissance

Exam 312-50 Certified Ethical Hacker

Footprinting through Search
Engines
Attackers use search engines to extract
information about a target such as
technology platforms, employee details,
login pages, intranet portals, etc. which
helps in performing social engineering and
other types of advanced system attacks

Microsoft
» a u •» •> • ic p i
0 M s »!*>* rc s th
*
M *C ivx co
ciim x a
M.r 1 A m
Cr nm n w

■
M D Tzerperator
CM

Microsoft
n P> u r*, A 41 : M * nt■
d» b
jn V em h

J

Search engine cache may provide sensitive
information that has been removed from
the World Wide Web (W W W )

i 1 :am iiwm1wn• w ■ 1 S O<M
m
y < w t MMOS 1 r*&
1

IIM
l

tv| *tiV wM In sa*« j
h .ro * idm t i p* n

1b -a«'MI1h • u to c d n M jM iM
1M r * e h t t• rtM a ■ m h
n
trfQr• *rt V/ K
u*
ti
* m a t*
1 Mro
S c in 111 1•<n> '‫ • «׳‬n ^ ••‫*אי‬an
n• • *0 1 pu V tn n r - •

s* ‫יי‬

Footprinting through Search Engines
w , --

A web search engine is designed to search for information on the World W ide Web.

The search results are generally presented in a line of results often referred to as search engine
results pages (SERPs). In the present world, many search engines allow you to extract a target
organization's information such as technology platforms, employee details, login pages,
intranet portals, and so on. Using this information, an attacker may build a hacking strategy to
break into the target organization's network and may carry out other types of advanced system
attacks. A Google search could reveal submissions to forums by security personnel that reveal
brands of firewalls or antivirus software in use at the target. Sometimes even network
diagrams are found that can guide an attack.
If you want to footprint the target organization, for example XYZ pvt ltd, then type XYZ pvt ltd in
the Search box of the search engine and press Enter. This will display all the search results
containing the keywords "XYZ pvt ltd." You can even narrow down the results by adding a
specific keyword while searching. Furthermore, we will discuss other footprinting techniques
such as website footprinting and email Footprinting.
For example, consider an organization, perhaps Microsoft. Type Microsoft in the Search box of
a search engine and press Enter; this will display all the results containing information about
Microsoft. Browsing the results may provide critical information such as physical location,

Module 02 Page 111

Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil
All Rights Reserved. Reproduction is Strictly Prohibited.
Ethical Hacking and Countermeasures
Footprinting and Reconnaissance

Exam 312-50 Certified Ethical Hacker

contact address, the services offered, number of employees, etc. that may prove to be a
valuable source for hacking.
O © wcbcachc.googleusercontent.com scarch?q-cache:ARbFVg INvoJ:en.wikipcdia.org/wiki/Micn & ,‫|ן‬
This i3 Google's cache of http i / e n wikipedia 0 rgAviki/Micro soft t is a snapshot of the page as it appeared on 17 Jul 2012 13:15:03
GMT The current page could have changed in the meantirre Learn more
Text-only /ersicn

Create account & Log in

Read View source View history

Microsoft
- 47'38*22 55‫״‬N 122‘74242‫־‬W

From Wikipedia. the free encyclopedia

Main page

Contents
Featured content
Current events
Random article

Donate to vviKipeaia

Microsoft Corporation (NASDAQ: MSFTt? ) is ar American
multinational corporation headquartered n ReJrrond.
Washington. United States that develops, manufactures
licenses, and supports a wide range cf products and services
rolatod to computing. Tho company was foundoc by Bill Gatos
and Paul Allen on Apr J 4. 1975. Microsoft is the world's largest
software corporation measured by revenues

Interaction

inteipieteis foi the Altai! 8800 It rose to dominate the home
computer operating system market wth MS-OOS n the m
id•
1980s followed by the Microsoft Wndows line of operating
systems The company’s 1986 initial public oferng. and
subsequent rise in the share price, created ar estimated three
billionaires and 12.000 millionaires from Microsoft employees
Since the 1990s. the company has increasingly d1
ersrf1 from
ed
the operating system market. In May 2011 Microsoft acquired
Skype for $8 5 billion in its largest acquisition to date PI

Microsoft‫׳‬
Type

Rjblc

Traded as

NASDAQ: MSFT ^
SEHK: 4 3 (
33£
>
Cow Jones Industrial Average
component

Microsoft was established to develop and sell BA SC

Help
About Wikipedia
Community portal

M ic ro s o rt c o rp o ra tio n

Recent changes

Contact Wikipedia

► Print/export
▼ Languages

NASDAQ-100com
ponent

S&P50D component
Induttry

Computer tofiwar•
Onlir• t#rvic♦•
Video gorroo

Founded

Albuquerque, New Mexico,
United States (April 4,1975)

Founder(•)

Bill Gates, Paul Alien

Headquarters

Microsoft Redmond Campts,

FIGURE 2.1: Screenshot showing information about Microsoft

As an ethical hacker, if you find any sensitive information of your company in the search engine
result pages, you should remove that information. Although you remove the sensitive
information, it may still be available in a search engine cache. Therefore, you should also check
the search engine cache to ensure that the sensitive data is removed permanently.

Module 02 Page 112

Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil
All Rights Reserved. Reproduction is Strictly Prohibited.
Ethical Hacking and Countermeasures
Footprinting and Reconnaissance

Exam 312-50 Certified Ethical Hacker

Finding Company’s External and
Internal URLs

To o ls to Search Internal UR Ls

Search for the target company's external URL
in a search engine such as Google or Bing
Internal URLs provide an insight into
different departments and business units in

CEH

5

http://news.netcraft.com

6

h t t p : / / w w w . webmaster-a.com/
l i n k - e x t r a c tor-internal.php

an organization
You may find an internal company's URL by
trial and error method

A
Internal U R L’s of m icrosoft.com
t s u p p o r t . m icrosoft.com
)
e

office.mi c r o s o f t . c o m

s

s e a r c h . m icrosoft.com

0

msdn. m i c r o s o f t . c o m

O

update.mi c r o s o f t . c o m

6

t e c h n e t . m icrosoft.com

0

windo w s . m i c r o s o f t . c o m

f j
^

,

Copyright © by EG-G(IIIICil. All Rights Reserved. Reproduction is Strictly Prohibited.

Finding C om pany’s External and Internal URLs
A company's external and internal URLs provide a lot of useful information to the
attacker. These URLs describe the company and provide details such as the company mission
and vision, history, products or services offered, etc. The URL that is used outside the corporate
network for accessing the company's vault server via a firewall is called an external URL. It links
directly to the company's external web page. The target company's external URL can be
determined with the help of search engines such as Google or Bing.
If you want to find the external URL of a company, follow these steps:
1.

Open any of the search engines, such as Google or Bing.

2. Type the name of the target company in the Search box and press Enter.
The internal URL is used for accessing the company's vault server directly inside the corporate
network. The internal URL helps to access the internal functions of a company. Most companies
use common formats for internal URLs. Therefore, if you know the external URL of a company,
you can predict an internal URL through trial and error. These internal URLs provide insight into
different departments and business units in an organization. You can also find the internal URLs
of an organization using tools such as netcraft.
Tools to Search Internal URLs

Module 02 Page 113

Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil
All Rights Reserved. Reproduction is Strictly Prohibited.
Ethical Hacking and Countermeasures
Footprinting and Reconnaissance

Exam 312-50 Certified Ethical Hacker

Netcraft
Source: http://news.netcraft.com
Netcraft deals with web server, web hosting market-share analysis, and operating
system detection. It provides free anti-phishing toolbar (Net craft toolbar) for Firefox as well as
Internet Explorer browsers. The netcraft toolbar avoids phishing attacks and protects the
Internet users from fraudsters. It checks the risk rate as well as the hosting location of the
websites we visit.

Link Extractor
Source: http://www.webmaster-a.com/link-extractor-internal.php
Link Extractor is a link extraction utility that allows you to choose between external and internal
URLs, and will return a plain list of URLs linked to or an html list. You can use this utility to
competitor sites.
Examples of internal URLs of microsoft.com:
© support.microsoft.com
© office.microsoft.com
© search.microsoft.com
©

msdn.microsoft.com

©

update.microsoft.com

© technet.microsoft.com
© windows.microsoft.com

Module 02 Page 114

Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil
All Rights Reserved. Reproduction is Strictly Prohibited.
Ethical Hacking and Countermeasures
Footprinting and Reconnaissance

Exam 312-50 Certified Ethical Hacker

P u b lic and R estricted W eb sites

CEH

Urt1fw4

ilh iu l lUtbM

Welcome to Microsoft
Irocua Dt+noaSz Sicuity Stifpcrt Su

h ttp ://w w w .m ic ro s o ft.c o m

Public W ebsite

http://offlce.microsoft.com

http://answers.microsoft.com

Restricted W ebsite
Copyright © by EG-G(IIIICil. All Rights Reserved. Reproduction is Strictly Prohibited.

Public and R estricted W ebsites
—___ , A public website is a website designed to show the presence of an organization on the
Internet. It is designed to attract customers and partners. It contains information such as
company history, services and products, and contact information of the organization.
The following screenshot is an example of a public website:
Source: http://www.microsoft.com

Module 02 Page 115

Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil
All Rights Reserved. Reproduction is Strictly Prohibited.
Ethical Hacking and Countermeasures
Footprinting and Reconnaissance

Exam 312-50 Certified Ethical Hacker

FIGURE 2.2: An example of public website

A restricted website is a website that is available to only a few people. The people may be
employees of an organization, members of a department, etc. Restrictions can be applied
based on the IP number, domain or subnet, username, and password.
Restricted

or

private

websites

of

microsoft.com

include:

http://technet.microsoft.com,

http://windows.microsoft.com, http://office.microsoft.com, and http://answers.microsoft.com.

Module 02 Page 116

Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil
All Rights Reserved. Reproduction is Strictly Prohibited.
Ethical Hacking and Countermeasures
Footprinting and Reconnaissance

4‫־‬

C

Exam 312-50 Certified Ethical Hacker

H *O *< 1 ‫״‬U0*n
c*w T r© 0

Microsoft | TechNet
W1
*•
I

TKMCINfMS

IVMUAIIOM

lM«»l

.< »
*%
<

fVINIl

U*VKTU*I%

IKHM lM kOC

Discover the N ew Office for IT Prc
|(«4a> tNc«r

iecK ew r Shw1»ew1 » 1 >•

I Tc< «m Ntw Office1* IT*tot
»C er
0

IW ftM T tM qt 20 *o
fm
11

I

I« K « ‫*׳‬er

< *o S«e0*Ve X i l n t e w
jq ‫׳‬

bcneJOIl ‫י‬

EZESZ1

NBOUn

lunott

■ A tt U V fjm
WC

OOMQW

Welcome to Office

F - .

ML

i

with Office 365

FIGURE 2.3: Examples of Public and Restricted websites

Module 02 Page 117

Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil
All Rights Reserved. Reproduction is Strictly Prohibited.
Ethical Hacking and Countermeasures
Footprinting and Reconnaissance

Exam 312-50 Certified Ethical Hacker

Collect Location Information

CEH

Use G o og le Earth tool to get th e location of th e place

C ollect Location Inform ation
Information such as physical location of the organization plays a vital role in the
hacking process. This information can be obtained using the footprinting technique. In addition
to physical location, we can also collect information such as surrounding public Wi-Fi hotspots
that may prove to be a way to break into the target organization's network.
Attackers with the knowledge of a target organization's location may attempt dumpster diving,
surveillance, social engineering, and other non-technical attacks to gather much more
information about the target organization. Once the location of the target is known, detailed
satellite images of the location can be obtained using various sources available on the Internet
such as http://www.google.com/earth and https://maps.google.com. Attackers can use this
information to gain unauthorized access to buildings, wired and wireless networks, systems,
and so on.
Example: earth.google.com
Google Earth is a valuable tool for hacking that allows you to find a location, point, and zoom
into that location to explore. You can even access 3D images that depict most of the Earth in
high-resolution detail.

Module 02 Page 118

Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil
All Rights Reserved. Reproduction is Strictly Prohibited.
Ethical Hacking and Countermeasures
Footprinting and Reconnaissance

* Pldcwe

Exam 312-50 Certified Ethical Hacker

* ‫יג*י‬

U, PI0C63
C ‫ ט‬farperar/Phces

* Liytit
S 0

Je Q«>flr«wr1cvyec

OS fto *
•

5

O BuMngo
t£ '* :troct >
‘osv
* H r B c r l n <rd latcti

□ Q ►1
0c
1

‫ם י‬o ‫***־‬
‫׳‬
‫־‬

5. 0

0fll»‫׳‬v

•□v >C A irv v
W1 w iwi
«

& D t F ee fiw it
ta eo rro

‫ םי‬M
‫ס‬o
•
B fc
ffim

FIGURE 2.4: Google Earth showing location

Example: maps.google.com
Google Maps provides a Street View feature that provides you with a series of images of
building, as well as its surroundings, including WI-FI networks. Attackers may use Google Maps
to find or locate entrances to buildings, security cameras, gates, places to hide, weak spots in
perimeter fences, and utility resources like electricity connections, to measure distance
between different objects, etc.

.‫־‬

=ssa
C
•You

.»  l

fi https' maps.google.fc
Starch

Imago*

Mall

Oocuinonl•

Calondai

Shot

ConUctt

Ma p •

Google
G«t ArtcM**•

My piac•!

A

oo

<

Om O kxh S**fchn#*fby S*v»lom*p mor*»

*•port •P0C . u«c* L*M •H«lp
4«m
O
oogi• u«e* ■
•Mi: 00««1• r«m1 01 um•* ‫*♦יי‬

FIGURE 2.5: Google Maps showing a Street View

Module 02 Page 119

Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil
All Rights Reserved. Reproduction is Strictly Prohibited.
Ethical Hacking and Countermeasures
Footprinting and Reconnaissance

Exam 312-50 Certified Ethical Hacker

P e o p le S e a r c h
Information about an individual can be
found at various people search
websites

C EH
The people search returns th e follow ing
inform ation ab ou t a person:
“

Contact numbers and date of birth

S

frfi

Residential addresses and email addresses

S

Photos and social networking profiles

£

Blog URLs

S

Satellite pictures of private residencies

P‘P
*

!is
2
!;‫״‬

K

ttje

O. I* tan

,

C .U .w • *• < U
A » e* « ■ *

http://www.spokeo.com

http://pipl.com

Copyright © by EG-C*ancil. All Rights Reserved. Reproduction is Strictly Prohibited.

People Search
You can use the public record websites to find information about

people's email

addresses, phone numbers, house addresses, and other information. Usingthis information you
can try to obtain bank details, credit card details, mobile numbers, past history, etc. There are
many people search online services available that help find people, http://pipl.com and
http://www.spokeo.com are examples of people search services that allow you to search for
the people with their name, email, username, phone, or address.
These people search services may provide information such as:
Q

Residential addresses and email addresses

O

Contact numbers and date of birth

Q

Photos and social networking profiles

©

Blog URLs

© Satellite pictures of private residences

Module 02 Page 120

Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil
All Rights Reserved. Reproduction is Strictly Prohibited.
Ethical Hacking and Countermeasures
Footprinting and Reconnaissance

Module 02 Page 121

Exam 312-50 Certified Ethical Hacker

Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil
All Rights Reserved. Reproduction is Strictly Prohibited.
Ethical Hacking and Countermeasures
Footprinting and Reconnaissance

Exam 312-50 Certified Ethical Hacker

P eo p le Search O n lin e S erv ic es
M
M

Zaba Search

%

123 People Search

http://ww w.zabasearch.com

h ttp ://w w w . 123people, com

C

Zoomlnfo
h ttp ://w w w .zo o m in fo . com

PeekYou
h ttp ://w w w .p e e kyo u . com

Wink People Search

Intelius

h ttp ://w in k.co m

h ttp ://w w w .inte liu s.com

&

h ttp ://w w w .pe op le sm a rt. com

m o • IP

AnyWho
http ://w w w .an yw h o.co m

http://w w w .w hite p ag es.co m

People Lookup
S®

CEH

PeopleSmart

WhitePages

https://w w w .peoplelookup.com

V/ >
—J

Copyright © by EG-G(IIIICil. All Rights Reserved. Reproduction is Strictly Prohibited.

.3;►

People Search O nline Services

— ‫ ׳׳‬At present, many Internet users are using people search engines to find information
about other people. Most often people search engines provide people's names, addresses, and
contact details. Some people search engines may also reveal the type of work an individual
does, businesses owned by a person, contact numbers, company email addresses, mobile
numbers, fax numbers, dates of birth, personal -mail addresses, etc. This information proves to
be highly beneficial for attackers to launch attacks.
Some of the people search engines are listed as follows:

Zaba Search
Source: http://www.zabasearch.com
Zaba Search is a people search engine that provides information such as address, phone
number, current location, etc. of people in the US. It allows you to search for people by their
name.

Zoom lnfo
Source: http://www.zoominfo.com

Module 02 Page 122

Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil
All Rights Reserved. Reproduction is Strictly Prohibited.
Ethical Hacking and Countermeasures
Footprinting and Reconnaissance

Exam 312-50 Certified Ethical Hacker

Zoom Info is a business people directory using which you can find business contacts, people's
professional profiles, biographies, work histories, affiliations, links to employee profiles with
verified contact information, and more.

‫צ_ו‬

E.

Wink P eople Search
Source: http://wink.com

Wink People Search is a people search engine that provides information about people by name
and location. It gives phone number, address, websites, photos, work, school, etc.

‫״‬

AnyWho
Source: http://www.anywho.com

AnyWho is a website that helps you find information about people, their businesses, and their
locations online. With the help of a phone number, you can get all the details of an individual.

P eople Lookup
Source: https://www.peoplelookup.com
People Lookup is a people search engine that allows you to find, locate, and then connect with
people. It also allows you to look up a phone number, search for cell numbers, find an address
or phone number, and search for people in the US. This database uses information from public
records.

123 P eople Search
Source: http://www.123people.com
123 People Search is a people search tool that allows you to find information such as public
records, phone numbers, addresses, images, videos, and email addresses.

PeekYou
Source: http://www.peekyou.com
PeekYou is a people search engine that allows you to search for profiles and contact
information of people in India and cities' top employers and schools. It allows you to search for
the people with their names or usernames.

Intelius
Source: http://www.intelius.com
Intelius is a public records business that provides information services. It allows you to search
for the people in US with their name, address, phone number, or email address.

Module 02 Page 123

Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil
All Rights Reserved. Reproduction is Strictly Prohibited.
Ethical Hacking and Countermeasures
Footprinting and Reconnaissance

Exam 312-50 Certified Ethical Hacker

PeopleSm art
Source: http://www.peoplesmart.com
People Smart is a people search service that allows you to find people's work information with
their name, city, and state. In addition, it allows you to perform reverse phone lookups, email
searches, searches by address, and county searches.

Module 02 Page 124

Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil
All Rights Reserved. Reproduction is Strictly Prohibited.
Ethical Hacking and Countermeasures
Footprinting and Reconnaissance

Exam 312-50 Certified Ethical Hacker

W hitePages
Source: http://www.whitepages.com
WhitePages is a people search engine that provides information about people by name and
location. Using the phone number, you can find the person's address.

Module 02 Page 125

Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil
All Rights Reserved. Reproduction is Strictly Prohibited.
Ethical Hacking and Countermeasures
Footprinting and Reconnaissance

Exam 312-50 Certified Ethical Hacker

People Search on Social
Networking Services

CEH

h ttp ://w w w .Iinked in. com

h ttp ://w w w .fa ce b o o k. com

r Google♦
ft

R30er Feoerer

n tn llweM
irtK n
fjailtofeiledewlwpeiewlkw

! ■‫ ׳‬3a ‫י‬

i i n s »‫*־‬
h ttp ://tw itte r.c o m

h ttps ://p lu s, google, com

Copyright © by EG-G(IIIICil. All Rights Reserved. Reproduction is Strictly Prohibited.

People Search on Social N etw orking Services
Searching for people on social networking websites is easy. Social networking services
are the online services, platforms, or sites that focus on facilitating the building of social
networks or social relations among people. These websites provide information that is provided
by users. Here, people are directly or indirectly related to each other by common interest, work
location, or educational communities, etc.
Social networking sites allow people to share information quickly and effectively as these sites
are updated in real time. It allows updating facts about upcoming or current events, recent
announcements and invitations, and so on. Therefore, social networking sites prove to be a
great platform for searching people and their related information. Through people searching on
social networking services, you can gather critical information that will be helpful in performing
social engineering or other kinds of attacks.
Many social networking sites allow visitors to search for people without registration; this makes
people searching on social networking sites an easy task for you. You can search a person using
name, email, or address. Some sites allow you to check whether an account is currently in use
or not. This allows you to check the status of the person you are looking for.
Some of social networking services are as follows:

Module 02 Page 126

Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil
All Rights Reserved. Reproduction is Strictly Prohibited.
Ethical Hacking and Countermeasures
Footprinting and Reconnaissance

Exam 312-50 Certified Ethical Hacker

Facebook
Source: http://www.facebook.com
Facebook allows you to search for people, their friends, colleagues, and people living
around them and others with whom they are affiliated. In addition, you can also find their
professional information such as their company or business, current location, phone number,
email ID, photos, videos, etc. It allows you to search for people by username or email address.
facebook

□

Carmen f lectra

Sear<* for people, places and tvig i
About *

A na*<raof «hamd-watt. Carmangraw near Cmamas,
900. and got hor • ! braak *htn a tcout for fw c*
‫״‬
aponad har danang and a*ad har to cama and aud«on for

Carman *roto a bock. >to* toBaSaxv'wfvtftwat
oubkihad by Random noma In +* book Carman convayi
tm ascW ird ifM n d n g ifo n tln w M lfaN co r•

Carman * aiao the *ace of Ma* factor,a brand that ‫• ״‬
a
W t J aknoat 10 yaari ago and • •nwadataJY Mad to
0
< «1‫»׳‬aod1 moat baauHU facaa. Carman•parm m
10
»‫י«י‬
Mai factor *eahset her mTv and pm ..$••

FIGURE 2.7: Facebook a social networking service to search for people across the world

L inkedln
1

J

Source: http://www.linkedin.com

Linkedln is a social networking website for professional people. It allows you to find people by
name, keyword, company, school, etc. Searching for people on Linkedln gives you information
such as name, designation, name of company, current location, and education qualifications,
but to use Linkedln you need to be registered with the site.

Twitter
Source: http://twitter.com

Module 02 Page 127

Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil
All Rights Reserved. Reproduction is Strictly Prohibited.
Ethical Hacking and Countermeasures
Footprinting and Reconnaissance

Exam 312-50 Certified Ethical Hacker

Twitter is a social networking service that allows people to send and read text messages
(tweets). Even unregistered users can read tweets on this site.

FIGURE 2.9: Twitter screenshot

Module 02 Page 128

Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil
All Rights Reserved. Reproduction is Strictly Prohibited.
Ethical Hacking and Countermeasures
Footprinting and Reconnaissance

Exam 312-50 Certified Ethical Hacker

G oogle+
Source: https://plus.google.com
Google+ is a social networking site that aims to make sharing on the web more like sharing in
real life. You can grab a lot of useful information about users from this site and use it to hack
their systems.

FIGURE 2.10: Google+ screenshot

Module 02 Page 129

Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil
All Rights Reserved. Reproduction is Strictly Prohibited.
Ethical Hacking and Countermeasures
Footprinting and Reconnaissance

Exam 312-50 Certified Ethical Hacker

Gather Inform ation from
Financial Services

CEH

Copyright © by EG-G*ancil. All Rights Reserved. Reproduction is Strictly Prohibited.

(>
^

Gather Inform ation from F inancial Services

j

Financial services such as Google Finance, Yahoo! Finance, and so on provide a lot of
useful information such as the market value of a company's shares, company profile,
competitor details, etc. The information offered varies from one service to the next. In order to
avail themselves of services such as e-mail alerts and phone alerts, users need to register on the
financial services. This gives an opportunity for an attacker to grab useful information for
hacking.
Many financial firms rely on web access, performing transactions, and user access to their
accounts. Attackers can obtain sensitive and private information of users using information
theft, key loggers, etc. Attackers can even grab this information by implementing cybercrimes,
and exploit it with the help of non-vulnerable threats (software design flaw example; breaking
authentication mechanism).
The following are some of non-vulnerable threats:
Q

Service flooding
Brute force attack

S

Phishing

Module 02 Page 130

Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil
All Rights Reserved. Reproduction is Strictly Prohibited.
Ethical Hacking and Countermeasures
Footprinting and Reconnaissance

Exam 312-50 Certified Ethical Hacker

FIGURE 2.11: Examples of financial services website for gathering information

Module 02 Page 131

Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil
All Rights Reserved. Reproduction is Strictly Prohibited.
Ethical Hacking and Countermeasures
Footprinting and Reconnaissance

Exam 312-50 Certified Ethical Hacker

CEH

Footprinting through Job Sites

Urtifwl

You can gather company's
infrastructure details from
job postings

Look fo r th ese:

p s io la ra T ■
o it n ro u io

Aboa Us‫־‬
Sanre ISfti. t * WarJ k B»cv» Faraiy c£( nnpjwt h».‫ ־‬h«t>rornuylm
r
c
bowmt toinlntp’-l'adin( *slutkm in even *wt of
andlwrwflft

e

Job requirements

6
En:e‫־‬p 3 Applicators EngincerfCBA
«

ilhiul lUtbM

Employee's profile

Wr04 town niciK*

© Hardware information

A C
£ H |

© Software information

tvHikuk *vl fwrir* v tt arr>^< »c th*
tcol< mvl tci-hiolosr' rtjtfhWp
fcffli <are<ed V* o il if proivSnj. "S m rf of I ' 1
‫ <1 1ז‬Fxrflm‫־‬r '
‫ז *וין.״‬
Wt eitaxi ths1aoe feel ofservice !0 our no* ■*witm* aisrt otr
uivktuv V { otf« 0inprttT. r taanrt and b
enefits, but out tbrtiztli it on
timh iltuf We fosta• 1 cisual b h*d uoriar.fi mwcnrxctt. ottmizt fin
ut

pati weafcepnfe apraantngticniwtha1

E xam p les o f Job W ebsites
»

.o* K K « M r « d bldb
?00B3a1r|u1n tla*g luuwtrtlg o W
< C fexknv1 «1vn 2CO
V2008 Actvr
Oarv u • MkanMMUjodndnctuitkaig (TCP IP ve14.DS'S <*kIDHCP! M •
u .;
i*r> ;ip
c mciLt *th. juJ *Haig wmU^ U n w u f NOciuvjH SQL 2303 aul
:0)8
I
201) 1
ucM^i1« lyxcai. WiumA 5 V rP.«1
> a1 .
MkicxA CRM dul NLliomA SCOM Mu* 1
‫.»״‬c
Pj dc* C• aui Pov»c1 SbcB *.1Iftiikj
■ ladw■( m Ndwuik iifiawaluc l>>
.!*»
id
cl
co‫ ״ .״‬c'iocjcb. SQL etc xvl cr MCTS, MCSE
■ o itgpcc ■Com
a-Jid
1
pute! Siiaicc u Network
ttn n; or <quvdcat«
—

C0N1AU IMOMMAIMI

http://www.monster.com

«

•AwnW m l < |1 « ‫׳‬o»*
n |W
afplrahon < A ‫ <(׳‬for < < o »!f
n ur >
v fp «
«**11 *‫" יז*ןז‬Tm n.‫־‬l»V< hi* it ant mit*l 1‫ יי‬Vfcrtoti'rt US. Vfi-touA
4»»
F <k
« - 1afr 20!0 Mkl I'nrfvM Victim•* Nfirtotoft Sha*‫•׳‬
Point V ‫־‬rn»r« Cnrm
f<
TUm I«to«* CRM
M il Sm rt 2 0 m 12
0 < < 00S
Tr«m
FoaJatM
'fOt awl 20 . MniwA SCOM. ‫מןיו1ון‬
10
«‫ יז»ו‬rinflopwl
*4m n md 0f»n «1 »‫׳‬f nvk•**‫ «־‬irtrH kv Ihf 1‫־‬o p
‫'׳‬
m ‫׳‬nv

http://www.careerbuilder.com

«

http://www.dice.com
http://www.simplyhired.com

*
^

© http://www.indeed.com
© http://www.usajobs.gov

Copyright © by EG-Gtlincil. All Rights Reserved. Reproduction is Strictly Prohibited.

Footprinting through Job Sites
Attackers can gather valuable information about the operating system, software
versions, company's infrastructure details, and database schema of an organization, through
footprinting various job sites using different techniques.

Depending

upon the

posted

requirements for job openings, attackers may be able to study the hardware, network-related
information, and technologies used by the company. Most of the company's websites have a
key employees list with their email addresses. This information may prove to be beneficial for
an attacker. For example, if a company wants to hire a person for a Network Administration
job, it posts the requirements related to that position.

Module 02 Page 132

Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil
All Rights Reserved. Reproduction is Strictly Prohibited.
Ethical Hacking and Countermeasures
Footprinting and Reconnaissance

Exam 312-50 Certified Ethical Hacker

M
D

17123M546706
439704
21130

BocaRaton. FL 3 4 7
31

J06 M
jfin
IT/Sofcare D
evolopm
ert

E

facebook

Network Administrator. Active Directory CIW*.
Euhange

Design and vnpiemort Ik Iv k iI ukAooi on N
,gitfgiT.te
« g — >_____________
Support fusing V n o s tmtaitucljrf
Wdw
VM
OrtctofY 2 0 . SMS. SUS. C»«
03
SOL Sew. SOL
Clusters. Ewhange 55. Eahange 2 0 . vn war*, vertas
03
backip i *wir«. h court and M«n securty. Master
Recwery wivkm. RM technologies. and FOrt^AN <s
O
**

1
0
Klo ■
Mr __________________
U

• 5 or m years espenence *wttig ‫ מ‬IT *nplem
ore
erAng and
sgppodngiglobalbusntss
>Pnor nponorxt r supportng a global Wlad l ttftW and
M
Doma* tofrastoxture
‫ י‬E^m m ik ( ■
npltfnonlng and supposingV M Dwlwy. Cfttr
M
etalrafne. SOL Server. SOL Cluster. DNS. DHCP. WHS. and
Etthange 2 0 man Enterprise ecM
03
ronm
ert
‫ י‬VKy strongsystemstowweshoolng sMs
‫ י‬Eipenence mpro fcn 2 - o r supportto a gktoai erterpnse
w g 4hu
as partofan orvcal rotaton
• Edectweinterpersonal sloiswdhfieabrtortobepersuasae
• Otttf stalls Bulling Elect*■ Team Acton Onerted Peer
*
s,
RtlaftonsMps, Custom Focus. Pnor% Setng, ProWwi
er
SoM andBusinessAcum
ng,
en
Bachelor***•* D
egreeor equwalerteipenence
‫ י‬MCSE (2003) certtcafton a plus. Cdra Certtcafton a plus

1

FIGURE 2.12: Gathering information through Job websites

Usually attackers look for the following information:
•

Job requirements

•

Employee's profile

•

Hardware information

•

Software information

Examples of job websites include:
Q

http //www. monster.com

Q

http //www.careerbu ilder.com

S

http //www.dice.com

C
D

a
4- ‫׳‬
4- ‫׳‬
-C

S

http //www.indeed.com

Q

http //www. usajobs.gov

//www.simplvhired.com

Module 02 Page 133

Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil
All Rights Reserved. Reproduction is Strictly Prohibited.
Ethical Hacking and Countermeasures
Footprinting and Reconnaissance

Exam 312-50 Certified Ethical Hacker

M onitoring Target Using Alerts
Alerts are the content monitoring services

C EH

Examples of A lert Services

that provide up-to-date information based

M onitoring Targets Using Alerts
“

Alerts are the content monitoring services that provide automated up-to-date

information based on your preference, usually via email or SMS. In order to get alerts, you
need to register on the website and you should submit either an email or phone number to the
service. Attackers can gather this sensitive information from the alert services and use it for
further processing of an attack.

I^jl G oogle Alerts
Source: http://www.google.com/alerts
Google Alerts is a content monitoring service that automatically notifies users when new
content from news, web, blogs, video, and/or discussion groups matches a set of search terms
selected by the user and stored by the Google Alerts service.
Google Alerts aids in monitoring a developing news story and keeping current on a competitor
or industry.

Module 02 Page 134

Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil
All Rights Reserved. Reproduction is Strictly Prohibited.
Ethical Hacking and Countermeasures
Footprinting and Reconnaissance

Google

Exam 312-50 Certified Ethical Hacker

C o o g i• A le rt • Security New*

Alerts

Tkta

lu ilo n i bkokad HiMyc■.
27 new results • Security News
j

New»

S n eRaa 1 L n DaliBetaA i d l n r i c g
ia
1 a a d tfl-tfl j a a a t C i l

Search query

N#Vf Yoric Time*
BEIRUT Lebanon — The hilling on Wednesday of President Bashat al-Assads key
security aides ‫ וזי‬a brazen bombog attack close to Mr Assads own residonce. called
into question the ability of a government that depends on an insular group of loyalists to

Security News

S t t «!

Result type

How often

?ft

Trei

te a t r

Everything
San Jose Mercury Mews
Turr.s out <Mas 3s easy as using a rug to scale a ra20r *ire topped security fence at a small Utah
arport in the rroddie cf night slipping past security bearding an idle empty S0-passeog?r SkyWest
Aifhnes
and rewng up the engines. He Clashed the ...

Once a day

?tpnts m th!?

.

K S nfltA iantramMiiajm a aost m
ti-ta SM
utm
i

How many:

Reuters
BEIRUT'AMMAN (Reuters) - Mystery surrounded the whereabouts of S y r an President Basha* 31Assad cn Thursday a day after a oomoer killed and wounded his security cnefs anc rebels closed
in on the centre of Damascus vowing to *liberate" the capital.

Only the best results

5 1 9 ?tp ?‫»ח‬
nts .h?

Your email

@yahoo com
C R EA TE A LER T

Manage your alerts

>

ftista Sira Laamra Inrcr Cirflg

W a l Street Journal
BEIRUT—Syrian rebels pierced the innermost circle 0 President Bashar a -Assads
1
regime wKh a bomb blast that kiled thiee high-lewl officials and raised questions about
the aMity of the courftry's security forces to sustain the embattled government Syna

w ii st^«!
a—<

FIGURE 2.13: Google Alert services screenshot

Yahoo!

Alerts

is available

at

http://alerts.yahoo.com

and

Giga

Alert

is available

at

http://www.gigaalert.com: these are two more examples of alert services.

Module 02 Page 135

Ethical Hacking and Countermeasures Copyright © by EC-COlMCil
All Rights Reserved. Reproduction is Strictly Prohibited.
Ethical Hacking and Countermeasures
Footprinting and Reconnaissance

Exam 312-50 Certified Ethical Hacker

Footprinting M ethodology

Footprinting through Search

CEH

W H O IS Footprinting

Engines
Website Footprinting

DNS Footprinting

Email Footprinting

Network Footprinting

Competitive Intelligence

Footprinting through Social
Engineering

Footprinting using Google

Footprinting through Social
Networking Sites

Copyright © by EG-G(IIIICil. All Rights Reserved. Reproduction is Strictly Prohibited.

Footprinting M ethodology
So far, we have discussed the first step of footprinting methodology, i.e., footprinting
via search engines. Now we will discuss website footprinting. An organization's website is a
first place where you can get sensitive information such as names and contact details of chief
persons in the company, upcoming project details, and so on. This section covers the website
footprinting concept, mirroring websites, the tools used for mirroring, and monitoring web
updates.

Module 02 Page 136

Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil
All Rights Reserved. Reproduction is Strictly Prohibited.
Ethical Hacking and Countermeasures
Footprinting and Reconnaissance

Exam 312-50 Certified Ethical Hacker

W e b site F o o tp rin tin g

C EH

Information obtained from target's website enables an attacker to
build a detailed m ap of w ebsite's structure and architecture

Browsing the target website may provide:
-

Software used and its version

t

Operating system used

t:

Sub-directories and parameters

t

Filename, path, database field name, or query

-

Scripting platform
Contact details and CMS details

Use Zaproxy, Burp Suite, Firebug, etc. to view
headers that provide:
w Connection status and content-type
~

Accept-Ranges

-

Last-Modified information

t;

X-Powered-By information
Web server in use and its version

W ebsite Footprinting
It is possible for an attacker to build a detailed map of a website's structure and
architecture without IDS being triggered or without raising any sys admin suspicions. It can be
accomplished either with the help of sophisticated footprinting tools or just with the basic tools
that come along with the operating system, such as telnet and a browser.
Using the Netcraft tool you can gather website information such as IP address, registered name
and address of the domain owner, domain name, host of the site, OS details, etc. But this tool
may not give all these details for every site. In such cases, you should browse the target
website.
Browsing the target website will provide you with the following information:
Q

Software used and its version: You can find not only the software in use but also the
version easily on the off-the-shelf software-based website.

Q

Operating system used: Usually the operating system can also be determined.

9

Sub-directories and parameters: You can reveal the sub-directories and parameters by
making a note of all the URLs while browsing the target website.

Module 02 Page 137

Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil
All Rights Reserved. Reproduction is Strictly Prohibited.
Ethical Hacking and Countermeasures
Footprinting and Reconnaissance

Exam 312-50 Certified Ethical Hacker

Filename, path, database field name, or query: You should analyze anything after a
query that looks like a filename, path, database field name, or query carefully to check
whether it offers opportunities for SQL injection.
-‫ י‬Scripting platform: With the help of the script filename extensions such as .php, .asp,
.jsp, etc. you can easily determine the scripting platform that the target website is using.
S

Contact details and CMS details: The contact pages usually offer details such as names,
phone numbers, email addresses, and locations of admin or support people. You can
use these details to perform a social engineering attack.
CMS software allows URL rewriting in order to disguise the script filename extensions.
In this case, you need to put little more effort to determine the scripting platform.

Use Paros Proxy, Burp Suite, Firebug, etc. to view headers that provide:
Q

Connection status and content-type

Q

Accept-ranges

©

Last-Modified information

Q

X-Powered-By information

© W eb server in use and its version
Source: http://portswigger.net
The following is a screenshot of Burp Suite showing headers of packets in the information pane:

FIGURE 2.14: Burp Suite showing headers of packets in the information pane

Module 02 Page 138

Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil
All Rights Reserved. Reproduction is Strictly Prohibited.
Ethical Hacking and Countermeasures
Footprinting and Reconnaissance

Exam 312-50 Certified Ethical Hacker

W e b site F o o tp rin tin g
(Cont’d)

Examining H TM L source provides:

CEH

Urt1fw4

ilh iu l lUtbM

Examining cookies may provide:

© Comments in the source code

6 Software in use and its behavior

9 Contact details of web developer or admin

© Scripting platforms used

© File system structure
9 Script type

Copyright © by EG-G(IIIICil. All Rights Reserved. Reproduction is Strictly Prohibited.

W ebsite Footprinting (Cont’d)
Examine the HTML source code. Follow the comments that are either created by the
CMS system or inserted manually. These comments may provide clues to help you understand
what's running in the background. This may even provide contact details of the web admin or
developer.
Observe all the links and image tags, in order to map the file system structure. This allows you
to reveal the existence of hidden directories and files. Enter fake data to determine how the
script works.

Module 02 Page 139

Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil
All Rights Reserved. Reproduction is Strictly Prohibited.
Ethical Hacking and Countermeasures
Footprinting and Reconnaissance

Exam 312-50 Certified Ethical Hacker

T
V ew « j u 1< e w w w jn 1<rc•.
1

C ft

T

H

‫ץ‬

ft

© view sour‫ , ״‬www.microsoft.com en-us/defaultaspx


A

2 < OT P h i PU
1 'D CYC riw BLIC • // 3 / D DX T L 1 Trtnsicififltl//CNa
— WC/ T HM *0
s <html dir‫"־‬ltr" lang“‫״‬en• xml:lar.g“*er.■ xmlns“‫״‬http://www.w3.org/1999/xhtml•
xmlns :b1 ~'urn:schemas-m1 crosoft-com:mscom:b1 *>
« <headxt 1 tle>
Microsoft Corporation: Software, Smartphones, Online, Saxes, Cloud
Computing, IT Business Technology, Downloads
0 </tltlexmeta http-equiv'X-UA-Cospatlble■ content•“IE-10* /xmeta httpequ1 v”"C0 ntent-Type” content~*text/html: charset“utf-8" /xmeta httpeq1 ‫״‬v*"X-UA-IE9-TextLaycutMetries* content”"snap-vert1 cal* />
‫ ־‬o e n p t type‫"״‬text^avascr 1 pt*>
var QosInitTime ■ <new Date()) •getTime ( ;
)
9 var QosLoadTim* • •‫;י‬
var QosPageUn • encodeURI (window, location);
var QosBaseSrc • window.location.protocol ♦
‫//י‬e.micro‫צ‬oft.com/tran^_plxel.a3px?route*64DE^ctrl-9C5A4tz•‫(( + י‬new
Date()) .getTimezoneOffset ( / 60) ♦ •tcot-Stqos.un■• ♦ QosPagetJri;
)
document.write("clink rel”"3tylesheet■ type“*text/css• href•"' ♦
QosSuildUrl(•lnit‘) ♦ •"/>');
function QosBuildUn (n) (
1
4
var time » (new Date ()).getTuse ( ;
)
var cd - window.cookieDisabled;
if (typeof cd “ *undefined*)
cd • 1; // Default to 1 (cookies disabled) if the wedcs script has
not set it yet
return QosBaseSrc ♦ *ted•' • cd ♦ •tqos.ti■' ♦ QosInitTme ♦ •4ts■' ♦
time + ,*qos.tl“ • ♦ QosLoadTlme ♦ •iqos.n•1 ♦ n;

t» }
l

I

v

FIGURE 2.15: Screenshot showing Microsoft script works

Examine cookies set by the server to determine the software running and its behavior. You can
also identify the script in platforms by observing sessions and other supporting cookies.
Cook* * ar*d site data
Sit•

X

Remove $0

Locally stored data

0d«yM<u11(y.«Kn
100bcttbuy.com

SeercH toofc*et

A

J (oobn
2 coobes

N«mc
Content.

_utmx
1928742&2.1342446822.1.1 utmcv a lOOmoney -*jtmccn‫־‬
(r«ferr*l)futmcmd=refen*l|utmcct‫' ־‬lendmg/moneyde•!•
>««■ »*>

Dom#«n

.100bettbuy.com

P*h

/

Send for

Aity krnd of connection

Accrv.4>teto script

Yet

Created

Mondey. Ju»y 1 12012 &S3^1 AM
6

Expires:

Mondey. Jjnu.ry U. 2013 *5341 PM

y

Remove
www.tOObestbuy.com

1cookie

www.100nests.com

1cootoe

125rf.com

}co«bet

www.l23d.com

2 cootaes. local storage

v
OK

FIGURE 2.16: Showing details about the software running in a system by examining cookies

Module 02 Page 140

Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil
All Rights Reserved. Reproduction is Strictly Prohibited.
Ethical Hacking and Countermeasures
Footprinting and Reconnaissance

Exam 312-50 Certified Ethical Hacker

M ir r o r in g E n tire W e b site
J

Mirroring an entire website onto the local system enables an attacker to dissect and identify
vulnerabilities; it also assists in finding directory structure and other valuable information

J

C EH

W eb mirroring tools allow you to download a website to a local directory, building recursively

without multiple requests to web server

all directories, HTML, images, flash, videos, and other files from the server to your computer

Original Website

M irrored Website
Copyright © by EG-G(IIIICil. All Rights Reserved. Reproduction is Strictly Prohibited.

1
‫־‬

‫ך‬

M irroring an Entire W ebsite
Website mirroring is the process of creating an exact replica of the original website.

This can be done with the help of web mirroring tools. These tools allow you to download a
website to a local directory, recursively building all directories, HTML, images, flash, videos and
other files from the server to your computer.
Website mirroring has the following benefits:
Q

It is helpful for offline site browsing.
Website mirroring helps in creating a backup site for the original one.

Q

A website clone can be created.

Q

Website mirroring is useful to test the site at the time of website design and
development.

Q

It is possible to distribute to multiple servers instead of using only one server.

Module 02 Page 141

Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil
All Rights Reserved. Reproduction is Strictly Prohibited.
Ethical Hacking and Countermeasures
Footprinting and Reconnaissance

Exam 312-50 Certified Ethical Hacker

Original Website

Mirrored Website

FIGURE 2.17: JuggyBoy's Original and Mirrored website

Module 02 Page 142

Ethical Hacking and Countermeasures Copyright © by EC-C0l1nCil
All Rights Reserved. Reproduction is Strictly Prohibited.
Ethical Hacking and Countermeasures
Footprinting and Reconnaissance

Exam 312-50 Certified Ethical Hacker

W e b site M ir r o r in g T ools

CEH

W ebsite M irroring Tools
©

HTTrack Web Site Copier
Source: http://www.httrack.com

HTTrack is an offline browser utility. It allows you to download a World W ide W eb site from the
Internet to a local directory, building recursively all directories, getting HTML, images, and
other files from the server to your computer. HTTrack arranges the original site's relative linkstructure. Open a page of the "mirrored" website in your browser, browse the site from link to
link, and you can view the site as if you were online. HTTrack can also update an existing
mirrored site, and resume interrupted downloads.

Module 02 Page 143

Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil
All Rights Reserved. Reproduction is Strictly Prohibited.
Ethical Hacking and Countermeasures
Footprinting and Reconnaissance

Exam 312-50 Certified Ethical Hacker

‫יפד‬

Site mirroring in progress (2/2.10165 bytes) - [FR.wt1
tt]
File

Preference*

Mirrcx Log Window Help

S jy lo<
«^

»M
i
si. N
8 i. p I
)
Bi ■

W etion
orm
BvletMvwj
T •
im
Tmnrfer rat•
Act** comeacr*

992*6
21
2

lr*u •canred
FiMwKUn

2

6*0n

o/ (59/)
e>e&
»

2/2
‫ו‬
0

0

W Actons

*W ircom
ffltw
"

cont4»w«con <©

FIGURE 2.18: HTTrack Web Site Copier Screenshot

SurfOffline
Source: http://www.surfoffline.com
SurfOffline is a website

download software. The software allows you to download entire

websites and download web pages to your local hard drive. After downloading

the target

website, you can use SurfOffline as an offline browser and view downloaded web pages in it. If
you prefer to view downloaded webpages in another browser, you can use the Export Wizard.
SurfOffline's Export Wizard also allows you to copy downloaded websites to other computers in
order to view them later and prepares websites for burning them to a CD or DVD.
J

SurfOffline Professional 2.1 Unregistered trial version. You have 30 day(s) left
F.4e

View

Projects

i
L

8rowver

I ** 1° 1 x

HHp

£ Zi O H>O ^ O Q j j
)
i

$

O Promts
<5 New Project

J u g g y b o y Q u e stio n the Rules
+

1m
1 http:.‫/'׳‬w
:
ww.j1» g t>
g y ...
2: http7/www^u9gyb—
J: http--//w w
w .;1>ggyb...
* http,// w w/uggyb.
w
S http://www.;u9g>
:
-b...

Pfoywi

*»*m
■ __________ > g. 0

Set
0
0
0
0
0
10*6*4 1
1

+

Loaded byt«
0
0
0
0
0
Queued S1

Sutus
Connoting
Connoting
Connecting
Connecting
Connecting

vJ

(1 < (*) rem
tem
**1rK D nloading picture http‫//־‬ww
j) ow
.

1

FIGURE 2.19: SurfOffline screenshot

BlackW idow
Source: http://softbvtelabs.com

Module 02 Page 144

Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil
All Rights Reserved. Reproduction is Strictly Prohibited.
Ethical Hacking and Countermeasures
Footprinting and Reconnaissance

Exam 312-50 Certified Ethical Hacker

BlackWidow is a website scanner for both experts and beginners. It scans websites (it's a site
ripper). It can download an entire website or part of a website. It will build a site structure first,
and then downloads. It allows you to choose what to download from the website.

Module 02 Page 145

Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil
All Rights Reserved. Reproduction is Strictly Prohibited.
Ethical Hacking and Countermeasures
Footprinting and Reconnaissance

1

X l« W M »

Exam 312-50 Certified Ethical Hacker

MaowACotporjBon Scftmn. V iw lcto n n O rtnr G m v Claud Co‫ ״‬cw tn j It

^ » — [()»■ 0|V»»
■
'fj l« « t n g liw 1 a• m

Q »
»>

t«trw «og>

Omot
o H^

‫״‬

‫י‬

2J***'‫ ״‬S ’ *
*■

U h jh

Welcome to Microsoft
*o*ucta

0
0

» « e *d

1

S*o^»

Support

•wy

FIGURE 2.20: SurfOffline screenshot

W ebripper
Source: http://www.calluna-software.com
WebRipper is an Internet scanner and downloader. It downloads massive amount of images,
videos, audio, and executable documents from any website. WebRipper uses spider-technology
to follow the links in all directions from the start-address. It filters out the interesting files, and
adds them to the download-queue for downloading.
You can restrict downloaded items by file type, minimum file, maximum file, and image size. All
the downloaded links can also be restricted by keywords to avoid wasting your bandwidth.
W R»ppef 03 -Copyright (0 200S-2009 -Stm
rt>
sonSoft
Ne M
>

T00H *dp

0 SamsonSoft

□ H■!►Ixl ^|%| ®
Fxsy3 m
< M

fiwemgW•• SucceeAiMee

fM ta

Seemedpage• F<*rdpagee

Sotte.n

Selected!*

^

Tarqolod [www !uqqyboy com)634782117892930200

Oowteed* | Sodtn |
St«je
Reojetfngheader
ReojeCng header
Regjecng healer
Reaietfrg header
Re«je*rg header

| Log 
‫ז מג צי‬
“Cp W •
ccrr, *petixTctr p
ng
■ p 1 p jyo y cot n. conrw.‫ מ י מ י‬f
C ‫״‬wti
^ p WwfjgyK-y comvjxwwonShewe* e.
C
tip /»w« pgsftcy car. ltd
KJp/A‫״‬ww,jgg»boy ccm
Hee. arter>c*rtag»

WebRipper
The u ltim ate tool for wehsite ripping

001M8M4

0 12KES

FIGURE 2.21: Webripper screenshot

Module 02 Page 146

Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil
All Rights Reserved. Reproduction is Strictly Prohibited.
Ethical Hacking and Countermeasures
Footprinting and Reconnaissance

Exam 312-50 Certified Ethical Hacker

W e b site M ir r o r in g T ools

(Cont’d)

o

Website Ripper Copier

PageNest

‫ן‬

h ttp ://w w w . tensons.com

(EH
Urt.fi•* | ttk.ul MmIm

h ttp ://w w w .p a g e n e st. com

Teleport Pro

Backstreet Browser

h ttp ://w w w . tenmax.com

h ttp ://w w w . spadixbd. com

Portable Offline Browser

_
,_

Offline Explorer Enterprise

h ttp ://w w w .metaproducts.com

http://w w w .m etaproducts.com

Proxy Offline Browser

GNU Wget

h ttp ://w w w .proxy-offline-brow ser.com

h ttp ://w w w .g n u .o rg

iMiser

«

Hooeey Webprint

I 2 ‫־‬A Z J

http://internetresearchtool.com

h ttp://w w w .hooeeyw ebprint.com

Copyright © by EG-G*ancil. All Rights Reserved. Reproduction is Strictly Prohibited.

W ebsite M irroring Tools (Cont’d)
In addition to the website mirroring tools mentioned previously, a few more wellknown tools are mentioned as follows:
9

Webiste Ripper Copier available at http://www.tensons.com

£

Teleport Pro available at http://www.tenmax.com

©

Portable Offline Browser available at http://www.metaproducts.com

Q

Proxy Offline Browser available at http://www.proxy-offline-browser.com

Q

iMiser available at http://internetresearchtool.com

©

PageNest available at http://www.pagenest.com

0

Backstreet Browser available at http://www.spadixbd.com

© Offline Explorer Enterprise available at http://www.metaproducts.com
9

GNU Wget available at http://www.gnu.org
Hooeey Webprint available at http://www.hooeeywebprint.com

Module 02 Page 147

Ethical Hacking and Countermeasures Copyright © by EC-COUIICil
All Rights Reserved. Reproduction is Strictly Prohibited.
Ethical Hacking and Countermeasures
Footprinting and Reconnaissance

Exam 312-50 Certified Ethical Hacker

Copyright © by EG-G(IIIICil. All Rights Reserved. Reproduction is Strictly Prohibited.

Extract W ebsite Inform ation from
------- http:7/w w w . arch ive. org
E

I

Archive is an Internet Archive W ayback Machine that allows you to visit archived versions of
websites. This allows you to gather information on a company's web pages since their creation.
As the website www.archive.org keeps track of web pages from the time of their inception, you
can retrieve even information that has been removed from the target website.

Module 02 Page 148

Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil
All Rights Reserved. Reproduction is Strictly Prohibited.
Ethical Hacking and Countermeasures
Footprinting and Reconnaissance

»‫־־‬

C

n i' '

Exam 312-50 Certified Ethical Hacker

'.) wayback.arch1vc.org

~ ‫ ~כ‬
ii 

‫ : ־‬rosottcon

‫! י י‬http://microsoft.com
■

J!" *

Go Waytoackl

1
».h

3
9

10 11

16 17

18

7 8

9 1•

12 13 14

15

13

14 15

16 17

131415‫81 715 ־‬

10

11 12 13

14 15

1
6

19 JO < 1
2

22

20

2 22
1

23 24

20 212223 24 25

17

18 19 20

21 22

23

28 29

27

28

2758293•

24

23 26 27‘

28 29

30

23 24 25 26

‫7׳‬

ft

7

t

9

10

11

12

30 3
1
MAY
1

2

3

•

9 10 111

4

5 6

7

12 13

14

5

7 8

<

1
0

11

12

13 14 15

16

17

18

10

19

20 21 ?2

2)

)4

25

17

26

27 28 29 3«

24

15

16

17

18

19 20

2
1

22

23

24

26

26 27

28

29

30

31

ft

1 11
01 2
11 12 13

U

15

16

14

15

16 171919

1• 1® 20

21

22

23

31

22

23 24252»

75 26 27

2 29 30
•

28

29

30 31

FIGURE 2.22: Internet Archive Wayback Machine screenshot

Module 02 Page 149

Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil
All Rights Reserved. Reproduction is Strictly Prohibited.
Ethical Hacking and Countermeasures
Footprinting and Reconnaissance

Exam 312-50 Certified Ethical Hacker

Monitoring Web Updates Using
Website Watcher
Website Watcher automatically checks web pages for updates and changes
WebSite-Watcher 2012 < 2 >
1 _2
[ 1*
1

goot/narks £h«ck Took Jcnpt Qptions Jftew tJelp

a|

.cockmartcwsw.

28 days available

Byy Now

‫ ם‬j 4|[b1 rs
^
change
http:Vww1 t.hotm
A
ail.com
http://www.miuoicftcom
2 1 - 7 1 1&2&22
020- 8
http-7/w a^ne com'dowmloa— 2 0 - 0 0 1fclS27
ww
0®1- 7
http:/
‫«'׳‬wrw.a1gne1.com'fo»v»n'1- 2 C - 0 C 1 7 4 s
1
0 S 1 - 7 5 4 :4

SignIn
fAcrosoft Corporation: Software ...
WebS4e-Watcher -Download
WebSrte-Watcher -SupportForum

Statu*
Warning:whole content _
CK. mibafccrilRecSrect.on
CK
CK. pfcp6B2 Plugin proc...

WebSite- Watche
Hchpp

r p jju w

Scfp^rwhot*;

VWo<

e.

EowpIo.kI■
,

Last check
1 :1
34
2 1 - 7 1 16:2*33
020- 8
2 0 - 0 0 15:4*30
081- 7
2 0 - 0 0 1 :4 :4
081- 7 5 4 9

S l a y In

Buy Now

Siionort

D o w n lo a d W rb S ite - W a lc tw r
W ebSite Wrtt< h e r 4
.4?
ID o w lo ai | (4.3 MS)

2 -hit• 0 ‫•ג‬
1
0

Im w c l (O MB)

» * ^ * 4 2 0 ^ 0X A
f^« r» T / 0 0 0 y P ‫•«׳‬

V»fc1an H.rfcyy

If yo*J insta■•«*‫»*׳‬or. 40 ‫״‬ot u anata■ your •justing copy oI WebS«*-W*tch«r - just install 0
n

Page

T«t

Analysw

http://aignes.com
Copyright © by EG-Gllincil. All Rights Reserved. Reproduction is Strictly Prohibited.

M onitoring Web Updates Using W ebsite W atcher
Source: http://www.aignes.com
Website W atcher is used to keep track of websites for updates and automatic changes. When
an update or change occurs, Website W atcher automatically detects and saves the last two
versions onto your disk, and highlights changes in the text. It is a useful tool for monitoring sites
to gain competitive advantage.
Benefits:
Frequent manual checking of updates is not required. Website W atcher can automatically
detect and notify users of updates:
Q

It allows you to know what your competitors are doing by scanning your competitors‫׳‬
websites

© The site can keep track of new software versions or driver updates
©

It stores images of the modified websites to a disk

Module 02 Page 150

Ethical Hacking and Countermeasures Copyright © by EC-C0l1nCil
All Rights Reserved. Reproduction is Strictly Prohibited.
Ethical Hacking and Countermeasures
Footprinting and Reconnaissance

Exam 312-50 Certified Ethical Hacker

FIGURE 2.23: Website watcher monitoring web updates

Module 02 Page 151

Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil
All Rights Reserved. Reproduction is Strictly Prohibited.
Ethical Hacking and Countermeasures
Footprinting and Reconnaissance

Exam 312-50 Certified Ethical Hacker

Footprinting M ethodology

Footprinting through Search

CEH

W H O IS Footprinting

Engines
Website Footprinting

DNS Footprinting

Email Footprinting

Network Footprinting

Competitive Intelligence

Footprinting through Social
Engineering

Footprinting using Google

Footprinting through Social
Networking Sites

Copyright © by EG-G(IIIICil. All Rights Reserved. Reproduction is Strictly Prohibited.

Footprinting M ethodology
So far we have discussed Footprinting through search engines and website footprinting,
the two initial phases of footprinting methodology. Now we will discuss email footprinting.

W H O IS Footprinting

DNS Footprinting

Network Footprinting
Footprinting through Social
Engineering
Footprinting through Social
Networking Sites

This section describes how to track email communications, how to collect information from
email headers, and email tracking tools.

Module 02 Page 152

Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil
All Rights Reserved. Reproduction is Strictly Prohibited.
Ethical Hacking and Countermeasures
Footprinting and Reconnaissance

Exam 312-50 Certified Ethical Hacker

Tracking Email Communications

c El

(•ttifwtf 1 lt»K4l N hat
m

J

Attacker tracks email to gather information about the physical location of an
individual to perform social engineering that in turn may help in m apping
target organization's n etw o rk

J

Email tracking is a m ethod to m onitor and spy on th e delivered em ails to the
intended recipient

When the email was
received and read
Set messages to

GPS location and

expire after a specified time

map of the recipient

Track PDF and other types

Time spent on reading

of attachments

the emails
Whether or
not the recipient
it
visited any links sent to them

Copyright © by EG-G(IIIICil. All Rights Reserved. Reproduction is Strictly Prohibited.

Tracking Em ail C om m unications
Email tracking is a method that helps you to monitor as well as to track the emails of a
particular user. This kind of tracking is possible through digitally time stamped records to reveal
the time and date a particular email was received or opened by the target. A lot of email
tracking tools are readily available in the market, using which you can collect information such
as IP addresses, mail servers, and service provider from which the mail was sent. Attackers can
use this information to build the hacking strategy. Examples of email tracking tools include:
eMailTrackerPro and Paraben E-mail Examiner.
By using email tracking tools you can gather the following information about the victim:
Geolocation: Estimates and displays the location of the recipient on the map and may
even calculate distance from your location.
‫-׳‬

Read duration: The duration of time spent by the recipient on reading the mail sent by
the sender.

‫׳‬Q

Proxy detection: Provides information about the type of server used by the recipient.
Links: Allows you to check whether the links sent to the recipient through email have
been checked or not.

Module 02 Page 153

Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil
All Rights Reserved. Reproduction is Strictly Prohibited.
Ethical Hacking and Countermeasures
Footprinting and Reconnaissance

Exam 312-50 Certified Ethical Hacker

' ' Operating system: This reveals information about the type of operating system used by
the recipient. The attacker can use this information to launch an attack by finding
loopholes in that particular operating system.
Q

Forward email: W hether or not the email sent to you is forwarded to another person
can be determined easily by using this tool.

Module 02 Page 154

Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil
All Rights Reserved. Reproduction is Strictly Prohibited.
Ethical Hacking and Countermeasures
Footprinting and Reconnaissance

Exam 312-50 Certified Ethical Hacker

C ollecting Inform ation from
Em ail Header

CEH

Delivored-To:
_
0gmc1il.com
The address from which
Received: by 10.112.39.167 with SMTP id q7cj
the message was sent
Fri, 1 Jun 2012 21:24:01 - O T O O i f ^
Return-Path: < ‫- - •״‬erma@gmail.com>
*
Received-SPF: pass (google.com: domain of
‫ ־‬esignates 10.224.205.137 as permitted
d
sender) client‫־‬ip=10.224.205.1 377
Sender's mail server
Authentication-Results:| m ^ g o o g ^ ^ ^ o m ^ l
rrw
10.224.205.137 as p e r m i ^ ? ? ^ SmtpTml^H
fcm; dkim=pass
header.i«;_ • «*. * rma@gmail.com
» -.
Received: frommr.google.com ([10.224.205.137])
Date and time received
!hY
wir.h SMTP I i fr»^..n^8570qab.39.131
r
by the originator's
IFri, 01 Jun 2Q12 21;24:QQ -0700 (PDT)I —
email servers

d=gma11.com; 3=20120113;
h-mime-version:in-reply-to:
Authentication system
ect:from:to
:content-type;
used by sender's
bh=TGEIPb4ti7gfQG+ghh70kPj kx+Tt/iAClfl
mail server
b‫־‬KyuZLTLfg2-»-QZX;cZKexlNnvRcnD/ + P4+Nkl
! ‫57־‬MxDR8
2P t
‫־‬
bl PK3p J3Uf/CsaB7.Wr>TTOXI‫״‬
aKOAGrP3BOt 92MCZFxeUUQ9uwL/xHAI‫״‬
SnkoUTF.F.*»KGqOC
0a9hD59D30Xl8KAC7ZmkblGzXmV4DlWf fCL894RaMBOU1*MzRwOWWIib95al I38cqt If P
ZhrWFKh5xSnZXsE73xZPEYzp7yeeCeQuYHZNGslKxc07xQjeZuw+HWK/vR6xChDJapZ4
K5ZAfYZmkIkFX+VdLZqu7YGFzy60HcuP16y3/C2fXHVd3uY<‫״‬nMT/yecvhCV080y7FKt6
/Kzw-■
MIME-Veraion: 1.0
Received; by 10.224.205.137 with SMTP id fq9;
1040318;
Fri, 01 Jun 2012 21:24:00 -0700 (PDT)
Received: by 10.229.230.79 with HTTP; Fri
In-Reply-To: <CAOYWATTlzdDXE308D2rhiE4Ber
l.com>

Referaaa • ( f anYM
»f aranrai
ftTT1rrinytr Infi n? rh i Fdf ■

j

A unique number assigned
b m .google.com to

itify theme:

Date

nO’
-EMJcgfgX+mUf jB tt2sy2dXA0mail.gmail .com>
‫ ן‬o;LUTIONS :::
1
■erma6gmail.com>
‫ץ‬

ubj ‫— —ן‬

 I.com.
‫)־‬LUTIONS <

Sender's full name

r0yahoo.com>

Copyright © by EG-G(IIIICil. All Rights Reserved. Reproduction is Strictly Prohibited.

C ollecting Inform ation from Em ail Headers
An email header is the information that travels with every email. It contains the
details of the sender, routing information, date, subject, and recipient. The process of viewing
the email header varies with different mail programs.
Commonly used email programs:
© SmarterMail Webmail
© Outlook Express 4-6
e

Outlook 2000-2003

e

Outlook 2007

©

Eudora 4.3/5.0

©

Entourage

©

Netscape Messenger 4.7

©

MacMail

The following is a screenshot of a sample email header.

Module 02 Page 155

Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil
All Rights Reserved. Reproduction is Strictly Prohibited.
Ethical Hacking and Countermeasures
Footprinting and Reconnaissance

Exam 312-50 Certified Ethical Hacker

Delivered-To:
8
. » » ■ » ! « gmail.com
- - » « »‫׳‬
Received: by 10.112. 39". 167 with SMTP id q7csp4894121bk;
Fri, 1 Jun 2012 21:24:01 -0700 (PDT)
Return-Path: < »•-— -erma@gmail.com>
Received-SPF: pass (google.com: domain of
■
1enna0gmail.com designates 10.224.205.137 as permitted
sender) client-ip=10.2 2
Authentication-Results:pnr7googl^^om»J 3pf-pa33 (google.com: domain of
erma8gmail.com designates
10.224.205.137 as permitted senaerj smtp.mail3
- ‫׳־‬
‫־‬rmaggmail.com; dkim=pass
header. i=;
?rma8gmail.com
Received: f r o m m r . g o o g l e . c o m ([10.224.205.137])
hv in.??<!■?05-137 win, s m t p in ^ , 0 ^ < ; 7 8 » ; 7 0 ^ - ‫ ( ר ) 4ו)וו*«ררו.<>ר‬n u m h o p s = 1);
177
| F n , 01 Jun 2012 21:24:00 -0700 (PDT)!
DKIM-Signature: v=l/l^^rsa-sha^^o/J c=relaxed/relaxed;
d=gma i 1. com;
? 01 2011
h=mime-version:in-reply-to:references:date:message-id:subject:from:to
:content-type;
bh=TGEIPb4ti7gfQG+ghh70kPjkx4Tt/iAClPPyWmNgYHc=;
b‫־‬KguZLTLfg2+QZXzZKexlNnvRcnD/+P4+Nk5NKSPtG7uHXDsfv/hGH46e2P+75MxDR8
blPK3eJ3Uf/CsaBZWDITOXLaKOAGrP3BOt92MCZFxeUUQ9uwL/xHALSnkeUIEEeKGqOC
oa9hD59D3oXI8KAC7ZmkblGzXmV4DlWffCL894RaMB0UoMzRw0WWIib95alI38cqtlfP
ZhrWFKh5xSnZXsE73xZPEYzp7yecCeQuYHZNGslKxc07xQjeZuw+HWK/vR6xChDJapZ4
K5 ZAf YZmkI kFX 4‫־‬
VdLZqu 7 YGFzy 60 HcuPl6yS/C2 fXHVdsuYamMT/yecvhCVo80g7FKt 6
/KzwMIME-Version: 1.0
Received: by 10.224.205.137 with SMTP id fq9mr6704586qab.39.1338611040318;
Fri, 01 Jun 2012 21:24:00 -0700 (PDT)
Received: by 10.229.230.79 with HTTP; Fri, 1 Jun 2012 21:23:59 -0700 (PDT)
In-Reply-To: <CAOYWATTlzdDXE3o8D2rhiE4Ber2MtV0uhro6r47Mu7c8ubp8Eg@mail.gmail•com>
Referoflfiga^^£^2iiJ^2Xlidfi2£ia2fiiiJi^4^er2MtVOuhro6r+7Mu7c8ubp8Eg0mail.g m a i l .com>
Date:|Sat, 7 Jun 201? 09:53:59 40530 1
Message-it: <(!:AMivoX'fl
!1cf£1‫־‬
n£'w!iW<i5zihNnO-EMJcgfgX+mUfjB_tt2sy2dXA0mail.g m a i l .com>
S u b j e j ^ ^ i i ‫ _ _ _ ״‬j i * , _ 0 L U T I 0 N S :::
From:|
■■ ~
Mirza|< ‫- • -״‬ermapgmail.com>
To:
iftsamaii.com,
•
1LUTI0NS <
• -* - - ‫־‬
•
•tions8gmail.com>, — ..
.
■ ■ e 1 <tm
‫־‬
‫׳‬
■aAk_er8yahoo.com>,

FIGURE 2.24: Email header screenshot

This email header contains the following information:

e
e
e
e
e
e
e
e

Sender's mail server
Data and time received by the originator's email servers
Authentication system used by sender's mail server
Data and time of message sent
A unique number assigned by mr.google.com to identify the message
Sender's full name
Senders IP address
The address from which the message was sent

The attacker can trace and collect all of this information by performing a detailed analysis of the
complete email header.

Module 02 Page 156

Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil
All Rights Reserved. Reproduction is Strictly Prohibited.
Ethical Hacking and Countermeasures
Footprinting and Reconnaissance

Exam 312-50 Certified Ethical Hacker

E m a il T r a c k in g T ools

C EH

Em ail Lookup - Free Em ail Tracker
Trace Email - Track Email
Email Header Analysis
IP Address: 72.52.192 147 (ho8t.marhsttanrrediagro1
jp.con)
IP Address Country: Unred States
ip

con tinen t north America

IP Address City Location: Lansing
IP Address Region: Michigan
IP Address Latitude: *2.7257.
IP Address longtitude: -84.636
Organ i rat on: So jrcoDNS
tmaii Lookup wap (sno w n ide)

Map

Satellite

Bath Charter
Township

Email M e tric s

O ard
!5MH •

(105* »

UO t

1«M>

‫-־‬

w
W,* ‫י‬
( f t

Lansing

E 03t
Lansing

/

I‫־‬

!!!!!!!! 1 j!.!!! 1 ! 1 1
1
m 1!
Po liteM ail ( h tt p :/ / w w w .p o lite m a il.c o m )

IVac dfcta 82012 Gooole - Terms of Use Report a map e

Em ail Lookup - Free Em ail Tracker (http://www.ipaddresslocation.org)
Copyright © by EG-G(IIIICil. All Rights Reserved. Reproduction is Strictly Prohibited.

Em ail Tracking Tools
Email tracking tools allow you to track an email and extract information such as
sender identity, mail server, sender's IP address, etc. You can use the extracted information to
attack the target organization's systems by sending malicious emails. Numerous email tracking
tools are readily available in the market.
The following are a few commonly used email tracking tools:

eM ailTrackerPro
Source: http://www.emailtrackerpro.com
eMailTrackerPro is an email tracking tool that analyzes email headers and reveals information
such as sender's geographical location, IP address, etc. It allows you to review the traces later
by saving all past traces.

Module 02 Page 157

Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil
All Rights Reserved. Reproduction is Strictly Prohibited.
Ethical Hacking and Countermeasures
Footprinting and Reconnaissance

Exam 312-50 Certified Ethical Hacker

«M*fTrKtfT*o v9Qh Advanced {(Woiv Trul a»y 3 of M

• n*r» s M K mt*•(
TT»

n v n o ‫»ז‬vv*• t*
* a ( n * y•* (t
p ^ d tftf)
ono
• ntrtiiwHTmMn*(
18( 82 14 17

1«2 ‫»עב‬
2 *‫ג‬
18087 385
80231 217 17
80231217 2
80 231 2006
80 231 91 X
80 231 1382

1 ? ‫ י. ג נ »י. ז‬STATIC
‫ד‬

w l M(Ot01 1‫.* ׳ ׳‬

!• <0 o ‫ ו‬W - jm i MUU M M
A 0 !c r• .V W H
t jrrfe* Mt
level WTM to n i i mMS3 ‫»*״‬
*2 2 IC ‫ ; •״‬W IN ItoM * * M 3 mi
C
*$-2tC« 1
«

I9MW| O thrt tvKM• (tkt
A
port nctoM<A
■ T*#f• n no m wnw nm ■!
ontMt
(t»» port «

(frt*e*l
I W 4 SH■•

<♦21 « 2 V *>»«»mM O w
c * S » !* ■ »
<:2k m )
• & »‫ «״‬h m m »‫* ׳‬h
*• •
v

Ooitiim *

Tu•t a day J c fa tt * y in * . lo if ^ tM n o ia i U i ia it c r p t f d iM a
e r
'KMMU •w *

out of <M«. 10| « ttnuiw* drtabM OOJau

FIGURE 2.25: eMailTrackerPro showing geographical location of sender

PoliteM ail
Source: http://www.politemail.com
PoliteMail is an email tracking tool for Outlook. It tracks and provides complete details about
who opened your mail and which document has been opened, as well as which links are being
clicked and read. It offers mail merging, split testing, and full list management including
segmenting. You can compose an email containing malicious links and send it to the employees
of the target organization and keep track of your email. If the employee clicks on the link, he or
she is infected and you will be notified. Thus, you can gain control over the system with the
help of this tool.

FIGURE 2.26: Politemail screenshot

NIC

Em ail Lookup - Free Em ail Tracker

W W W

Source: http://www.ipaddresslocation.org

Module 02 Page 158

Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil
All Rights Reserved. Reproduction is Strictly Prohibited.
Ethical Hacking and Countermeasures
Footprinting and Reconnaissance

Exam 312-50 Certified Ethical Hacker

Email Lookup is an email tracking tool that determines the IP address of the sender by analyzing
the email header. You can copy and paste the email header into this email tracking tool and
start tracing email.

Module 02 Page 159

Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil
All Rights Reserved. Reproduction is Strictly Prohibited.
Ethical Hacking and Countermeasures
Footprinting and Reconnaissance

Exam 312-50 Certified Ethical Hacker

Email Lookup - Free Email Tracker
Trace Email • Track Email
Em ail H e a d e r A n a ly s is

IP A d d ress: 72.52.192.147 (host manhattanmed1
agroup.com)
IP A d d ress Country: United States f e i
IP Continent: North America
IP A d d ress City Location: Lansng
IP A d d ress Region: Michigan
IP A d d ress Latitude: 42 7257,
IP A d d ress Longtitude: -84 636
Organization: SourceDNS

Email Lookup Map (show/hide)

FIGURE 2.27: Email Lookup Screenshot

Module 02 Page 160

Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil
All Rights Reserved. Reproduction is Strictly Prohibited.
Ce hv8 module 02 footprinting and reconnaissance
Ce hv8 module 02 footprinting and reconnaissance
Ce hv8 module 02 footprinting and reconnaissance
Ce hv8 module 02 footprinting and reconnaissance
Ce hv8 module 02 footprinting and reconnaissance
Ce hv8 module 02 footprinting and reconnaissance
Ce hv8 module 02 footprinting and reconnaissance
Ce hv8 module 02 footprinting and reconnaissance
Ce hv8 module 02 footprinting and reconnaissance
Ce hv8 module 02 footprinting and reconnaissance
Ce hv8 module 02 footprinting and reconnaissance
Ce hv8 module 02 footprinting and reconnaissance
Ce hv8 module 02 footprinting and reconnaissance
Ce hv8 module 02 footprinting and reconnaissance
Ce hv8 module 02 footprinting and reconnaissance
Ce hv8 module 02 footprinting and reconnaissance
Ce hv8 module 02 footprinting and reconnaissance
Ce hv8 module 02 footprinting and reconnaissance
Ce hv8 module 02 footprinting and reconnaissance
Ce hv8 module 02 footprinting and reconnaissance
Ce hv8 module 02 footprinting and reconnaissance
Ce hv8 module 02 footprinting and reconnaissance
Ce hv8 module 02 footprinting and reconnaissance
Ce hv8 module 02 footprinting and reconnaissance
Ce hv8 module 02 footprinting and reconnaissance
Ce hv8 module 02 footprinting and reconnaissance
Ce hv8 module 02 footprinting and reconnaissance
Ce hv8 module 02 footprinting and reconnaissance
Ce hv8 module 02 footprinting and reconnaissance
Ce hv8 module 02 footprinting and reconnaissance
Ce hv8 module 02 footprinting and reconnaissance
Ce hv8 module 02 footprinting and reconnaissance
Ce hv8 module 02 footprinting and reconnaissance
Ce hv8 module 02 footprinting and reconnaissance
Ce hv8 module 02 footprinting and reconnaissance
Ce hv8 module 02 footprinting and reconnaissance
Ce hv8 module 02 footprinting and reconnaissance
Ce hv8 module 02 footprinting and reconnaissance
Ce hv8 module 02 footprinting and reconnaissance
Ce hv8 module 02 footprinting and reconnaissance
Ce hv8 module 02 footprinting and reconnaissance
Ce hv8 module 02 footprinting and reconnaissance
Ce hv8 module 02 footprinting and reconnaissance
Ce hv8 module 02 footprinting and reconnaissance
Ce hv8 module 02 footprinting and reconnaissance
Ce hv8 module 02 footprinting and reconnaissance
Ce hv8 module 02 footprinting and reconnaissance
Ce hv8 module 02 footprinting and reconnaissance
Ce hv8 module 02 footprinting and reconnaissance
Ce hv8 module 02 footprinting and reconnaissance
Ce hv8 module 02 footprinting and reconnaissance
Ce hv8 module 02 footprinting and reconnaissance
Ce hv8 module 02 footprinting and reconnaissance
Ce hv8 module 02 footprinting and reconnaissance
Ce hv8 module 02 footprinting and reconnaissance
Ce hv8 module 02 footprinting and reconnaissance
Ce hv8 module 02 footprinting and reconnaissance
Ce hv8 module 02 footprinting and reconnaissance
Ce hv8 module 02 footprinting and reconnaissance
Ce hv8 module 02 footprinting and reconnaissance
Ce hv8 module 02 footprinting and reconnaissance
Ce hv8 module 02 footprinting and reconnaissance
Ce hv8 module 02 footprinting and reconnaissance
Ce hv8 module 02 footprinting and reconnaissance
Ce hv8 module 02 footprinting and reconnaissance
Ce hv8 module 02 footprinting and reconnaissance
Ce hv8 module 02 footprinting and reconnaissance
Ce hv8 module 02 footprinting and reconnaissance
Ce hv8 module 02 footprinting and reconnaissance
Ce hv8 module 02 footprinting and reconnaissance
Ce hv8 module 02 footprinting and reconnaissance
Ce hv8 module 02 footprinting and reconnaissance
Ce hv8 module 02 footprinting and reconnaissance
Ce hv8 module 02 footprinting and reconnaissance
Ce hv8 module 02 footprinting and reconnaissance
Ce hv8 module 02 footprinting and reconnaissance
Ce hv8 module 02 footprinting and reconnaissance
Ce hv8 module 02 footprinting and reconnaissance
Ce hv8 module 02 footprinting and reconnaissance
Ce hv8 module 02 footprinting and reconnaissance
Ce hv8 module 02 footprinting and reconnaissance
Ce hv8 module 02 footprinting and reconnaissance
Ce hv8 module 02 footprinting and reconnaissance
Ce hv8 module 02 footprinting and reconnaissance
Ce hv8 module 02 footprinting and reconnaissance
Ce hv8 module 02 footprinting and reconnaissance
Ce hv8 module 02 footprinting and reconnaissance
Ce hv8 module 02 footprinting and reconnaissance
Ce hv8 module 02 footprinting and reconnaissance
Ce hv8 module 02 footprinting and reconnaissance
Ce hv8 module 02 footprinting and reconnaissance
Ce hv8 module 02 footprinting and reconnaissance
Ce hv8 module 02 footprinting and reconnaissance
Ce hv8 module 02 footprinting and reconnaissance
Ce hv8 module 02 footprinting and reconnaissance
Ce hv8 module 02 footprinting and reconnaissance
Ce hv8 module 02 footprinting and reconnaissance
Ce hv8 module 02 footprinting and reconnaissance
Ce hv8 module 02 footprinting and reconnaissance
Ce hv8 module 02 footprinting and reconnaissance
Ce hv8 module 02 footprinting and reconnaissance

Más contenido relacionado

La actualidad más candente

Ethical hacking/ Penetration Testing
Ethical hacking/ Penetration TestingEthical hacking/ Penetration Testing
Ethical hacking/ Penetration TestingANURAG CHAKRABORTY
 
Hacking,History Of Hacking,Types of Hacking,Types Of Hackers,Cyber Laws for ...
Hacking,History Of Hacking,Types of Hacking,Types  Of Hackers,Cyber Laws for ...Hacking,History Of Hacking,Types of Hacking,Types  Of Hackers,Cyber Laws for ...
Hacking,History Of Hacking,Types of Hacking,Types Of Hackers,Cyber Laws for ...Qazi Anwar
 
Introduction to foot printing
Introduction to foot printingIntroduction to foot printing
Introduction to foot printingCHETAN THAKRE
 
Its150 l1
Its150 l1Its150 l1
Its150 l1oz
 
Ethical Hacking PPT (CEH)
Ethical Hacking PPT (CEH)Ethical Hacking PPT (CEH)
Ethical Hacking PPT (CEH)Umesh Mahawar
 
Latest Top 10 Types of Cyber Security Threats
Latest Top 10 Types of Cyber Security ThreatsLatest Top 10 Types of Cyber Security Threats
Latest Top 10 Types of Cyber Security ThreatsB R SOFTECH PVT LTD
 
Ethical Hacking Powerpoint
Ethical Hacking PowerpointEthical Hacking Powerpoint
Ethical Hacking PowerpointRen Tuazon
 
Footprinting
FootprintingFootprinting
FootprintingDuah John
 
Module 1 - Information Assurance and Security 2.pdf
Module 1 - Information Assurance and Security 2.pdfModule 1 - Information Assurance and Security 2.pdf
Module 1 - Information Assurance and Security 2.pdfHumphrey Humphrey
 

La actualidad más candente (20)

3 s is for c servants
3 s is for c servants3 s is for c servants
3 s is for c servants
 
Ethical hacking/ Penetration Testing
Ethical hacking/ Penetration TestingEthical hacking/ Penetration Testing
Ethical hacking/ Penetration Testing
 
Hacking,History Of Hacking,Types of Hacking,Types Of Hackers,Cyber Laws for ...
Hacking,History Of Hacking,Types of Hacking,Types  Of Hackers,Cyber Laws for ...Hacking,History Of Hacking,Types of Hacking,Types  Of Hackers,Cyber Laws for ...
Hacking,History Of Hacking,Types of Hacking,Types Of Hackers,Cyber Laws for ...
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hacking
 
Introduction to foot printing
Introduction to foot printingIntroduction to foot printing
Introduction to foot printing
 
Its150 l1
Its150 l1Its150 l1
Its150 l1
 
Types of cyber attacks
Types of cyber attacksTypes of cyber attacks
Types of cyber attacks
 
Ethical Hacking PPT (CEH)
Ethical Hacking PPT (CEH)Ethical Hacking PPT (CEH)
Ethical Hacking PPT (CEH)
 
Ceh v5 module 03 scanning
Ceh v5 module 03 scanningCeh v5 module 03 scanning
Ceh v5 module 03 scanning
 
Latest Top 10 Types of Cyber Security Threats
Latest Top 10 Types of Cyber Security ThreatsLatest Top 10 Types of Cyber Security Threats
Latest Top 10 Types of Cyber Security Threats
 
Ethical Hacking Powerpoint
Ethical Hacking PowerpointEthical Hacking Powerpoint
Ethical Hacking Powerpoint
 
It101 lect9
It101 lect9It101 lect9
It101 lect9
 
Footprinting
FootprintingFootprinting
Footprinting
 
Memory
MemoryMemory
Memory
 
Router forensics
Router forensicsRouter forensics
Router forensics
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hacking
 
Hacking
HackingHacking
Hacking
 
cyber security and threats.pptx
cyber security and threats.pptxcyber security and threats.pptx
cyber security and threats.pptx
 
Social engineering
Social engineering Social engineering
Social engineering
 
Module 1 - Information Assurance and Security 2.pdf
Module 1 - Information Assurance and Security 2.pdfModule 1 - Information Assurance and Security 2.pdf
Module 1 - Information Assurance and Security 2.pdf
 

Similar a Ce hv8 module 02 footprinting and reconnaissance

Ce hv8 module 09 social engineering
Ce hv8 module 09 social engineeringCe hv8 module 09 social engineering
Ce hv8 module 09 social engineeringMehrdad Jingoism
 
Social Engineering: &quot;The Cyber-Con&quot;
Social Engineering: &quot;The Cyber-Con&quot;Social Engineering: &quot;The Cyber-Con&quot;
Social Engineering: &quot;The Cyber-Con&quot;abercius24
 
Common Weaknesses And Attacks Associated With E-Commerce...
Common Weaknesses And Attacks Associated With E-Commerce...Common Weaknesses And Attacks Associated With E-Commerce...
Common Weaknesses And Attacks Associated With E-Commerce...Gina Buck
 
Study on Phishing Attacks and Antiphishing Tools
Study on Phishing Attacks and Antiphishing ToolsStudy on Phishing Attacks and Antiphishing Tools
Study on Phishing Attacks and Antiphishing ToolsIRJET Journal
 
Research Paper on Spreading Awareness About Phishing Attack Is Effective In R...
Research Paper on Spreading Awareness About Phishing Attack Is Effective In R...Research Paper on Spreading Awareness About Phishing Attack Is Effective In R...
Research Paper on Spreading Awareness About Phishing Attack Is Effective In R...IRJET Journal
 
Airport IT&T 2013 John McCarthy
Airport IT&T 2013 John McCarthyAirport IT&T 2013 John McCarthy
Airport IT&T 2013 John McCarthyRussell Publishing
 
pypt.pptx.shshjsjdjjdhdhhdhdhdhdhhdhdjdjdjdjjrejjr
pypt.pptx.shshjsjdjjdhdhhdhdhdhdhhdhdjdjdjdjjrejjrpypt.pptx.shshjsjdjjdhdhhdhdhdhdhhdhdjdjdjdjjrejjr
pypt.pptx.shshjsjdjjdhdhhdhdhdhdhhdhdjdjdjdjjrejjrSurajGurushetti
 
GETTING STARTED WITH THE ETHICAL HACKING.pptx
GETTING STARTED WITH THE ETHICAL HACKING.pptxGETTING STARTED WITH THE ETHICAL HACKING.pptx
GETTING STARTED WITH THE ETHICAL HACKING.pptxBishalRay8
 
Ethical hacking and countermeasures
Ethical hacking and countermeasuresEthical hacking and countermeasures
Ethical hacking and countermeasuresIvan Palacios
 
IRJET- Phishing and Anti-Phishing Techniques
IRJET-  	  Phishing and Anti-Phishing TechniquesIRJET-  	  Phishing and Anti-Phishing Techniques
IRJET- Phishing and Anti-Phishing TechniquesIRJET Journal
 
Social engineering hacking attack
Social engineering hacking attackSocial engineering hacking attack
Social engineering hacking attackPankaj Dubey
 
Phishing: Analysis and Countermeasures
Phishing: Analysis and CountermeasuresPhishing: Analysis and Countermeasures
Phishing: Analysis and CountermeasuresIRJET Journal
 
Social engineering
Social engineeringSocial engineering
Social engineeringBola Oduyale
 
Ethical Hacking Interview Questions and Answers.pdf
Ethical Hacking Interview Questions and Answers.pdfEthical Hacking Interview Questions and Answers.pdf
Ethical Hacking Interview Questions and Answers.pdfShivamSharma909
 
Credential Harvesting Using Man in the Middle Attack via Social Engineering
Credential Harvesting Using Man in the Middle Attack via Social EngineeringCredential Harvesting Using Man in the Middle Attack via Social Engineering
Credential Harvesting Using Man in the Middle Attack via Social Engineeringijtsrd
 

Similar a Ce hv8 module 02 footprinting and reconnaissance (20)

Ce hv8 module 09 social engineering
Ce hv8 module 09 social engineeringCe hv8 module 09 social engineering
Ce hv8 module 09 social engineering
 
Social engineering
Social engineeringSocial engineering
Social engineering
 
Social Engineering: &quot;The Cyber-Con&quot;
Social Engineering: &quot;The Cyber-Con&quot;Social Engineering: &quot;The Cyber-Con&quot;
Social Engineering: &quot;The Cyber-Con&quot;
 
Common Weaknesses And Attacks Associated With E-Commerce...
Common Weaknesses And Attacks Associated With E-Commerce...Common Weaknesses And Attacks Associated With E-Commerce...
Common Weaknesses And Attacks Associated With E-Commerce...
 
Study on Phishing Attacks and Antiphishing Tools
Study on Phishing Attacks and Antiphishing ToolsStudy on Phishing Attacks and Antiphishing Tools
Study on Phishing Attacks and Antiphishing Tools
 
Cyber Security
Cyber SecurityCyber Security
Cyber Security
 
Research Paper on Spreading Awareness About Phishing Attack Is Effective In R...
Research Paper on Spreading Awareness About Phishing Attack Is Effective In R...Research Paper on Spreading Awareness About Phishing Attack Is Effective In R...
Research Paper on Spreading Awareness About Phishing Attack Is Effective In R...
 
Airport IT&T 2013 John McCarthy
Airport IT&T 2013 John McCarthyAirport IT&T 2013 John McCarthy
Airport IT&T 2013 John McCarthy
 
Ethical Hacking
Ethical HackingEthical Hacking
Ethical Hacking
 
pypt.pptx.shshjsjdjjdhdhhdhdhdhdhhdhdjdjdjdjjrejjr
pypt.pptx.shshjsjdjjdhdhhdhdhdhdhhdhdjdjdjdjjrejjrpypt.pptx.shshjsjdjjdhdhhdhdhdhdhhdhdjdjdjdjjrejjr
pypt.pptx.shshjsjdjjdhdhhdhdhdhdhhdhdjdjdjdjjrejjr
 
GETTING STARTED WITH THE ETHICAL HACKING.pptx
GETTING STARTED WITH THE ETHICAL HACKING.pptxGETTING STARTED WITH THE ETHICAL HACKING.pptx
GETTING STARTED WITH THE ETHICAL HACKING.pptx
 
Ethical hacking and countermeasures
Ethical hacking and countermeasuresEthical hacking and countermeasures
Ethical hacking and countermeasures
 
Unit 2
Unit 2Unit 2
Unit 2
 
Unit 2
Unit 2Unit 2
Unit 2
 
IRJET- Phishing and Anti-Phishing Techniques
IRJET-  	  Phishing and Anti-Phishing TechniquesIRJET-  	  Phishing and Anti-Phishing Techniques
IRJET- Phishing and Anti-Phishing Techniques
 
Social engineering hacking attack
Social engineering hacking attackSocial engineering hacking attack
Social engineering hacking attack
 
Phishing: Analysis and Countermeasures
Phishing: Analysis and CountermeasuresPhishing: Analysis and Countermeasures
Phishing: Analysis and Countermeasures
 
Social engineering
Social engineeringSocial engineering
Social engineering
 
Ethical Hacking Interview Questions and Answers.pdf
Ethical Hacking Interview Questions and Answers.pdfEthical Hacking Interview Questions and Answers.pdf
Ethical Hacking Interview Questions and Answers.pdf
 
Credential Harvesting Using Man in the Middle Attack via Social Engineering
Credential Harvesting Using Man in the Middle Attack via Social EngineeringCredential Harvesting Using Man in the Middle Attack via Social Engineering
Credential Harvesting Using Man in the Middle Attack via Social Engineering
 

Último

Bird eye's view on Camunda open source ecosystem
Bird eye's view on Camunda open source ecosystemBird eye's view on Camunda open source ecosystem
Bird eye's view on Camunda open source ecosystemAsko Soukka
 
Meet the new FSP 3000 M-Flex800™
Meet the new FSP 3000 M-Flex800™Meet the new FSP 3000 M-Flex800™
Meet the new FSP 3000 M-Flex800™Adtran
 
Igniting Next Level Productivity with AI-Infused Data Integration Workflows
Igniting Next Level Productivity with AI-Infused Data Integration WorkflowsIgniting Next Level Productivity with AI-Infused Data Integration Workflows
Igniting Next Level Productivity with AI-Infused Data Integration WorkflowsSafe Software
 
Building AI-Driven Apps Using Semantic Kernel.pptx
Building AI-Driven Apps Using Semantic Kernel.pptxBuilding AI-Driven Apps Using Semantic Kernel.pptx
Building AI-Driven Apps Using Semantic Kernel.pptxUdaiappa Ramachandran
 
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...Will Schroeder
 
NIST Cybersecurity Framework (CSF) 2.0 Workshop
NIST Cybersecurity Framework (CSF) 2.0 WorkshopNIST Cybersecurity Framework (CSF) 2.0 Workshop
NIST Cybersecurity Framework (CSF) 2.0 WorkshopBachir Benyammi
 
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDE
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDEADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDE
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDELiveplex
 
Artificial Intelligence & SEO Trends for 2024
Artificial Intelligence & SEO Trends for 2024Artificial Intelligence & SEO Trends for 2024
Artificial Intelligence & SEO Trends for 2024D Cloud Solutions
 
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPA
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPAAnypoint Code Builder , Google Pub sub connector and MuleSoft RPA
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPAshyamraj55
 
AI You Can Trust - Ensuring Success with Data Integrity Webinar
AI You Can Trust - Ensuring Success with Data Integrity WebinarAI You Can Trust - Ensuring Success with Data Integrity Webinar
AI You Can Trust - Ensuring Success with Data Integrity WebinarPrecisely
 
Introduction to Matsuo Laboratory (ENG).pptx
Introduction to Matsuo Laboratory (ENG).pptxIntroduction to Matsuo Laboratory (ENG).pptx
Introduction to Matsuo Laboratory (ENG).pptxMatsuo Lab
 
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019IES VE
 
OpenShift Commons Paris - Choose Your Own Observability Adventure
OpenShift Commons Paris - Choose Your Own Observability AdventureOpenShift Commons Paris - Choose Your Own Observability Adventure
OpenShift Commons Paris - Choose Your Own Observability AdventureEric D. Schabell
 
Cybersecurity Workshop #1.pptx
Cybersecurity Workshop #1.pptxCybersecurity Workshop #1.pptx
Cybersecurity Workshop #1.pptxGDSC PJATK
 
Machine Learning Model Validation (Aijun Zhang 2024).pdf
Machine Learning Model Validation (Aijun Zhang 2024).pdfMachine Learning Model Validation (Aijun Zhang 2024).pdf
Machine Learning Model Validation (Aijun Zhang 2024).pdfAijun Zhang
 
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve DecarbonizationUsing IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve DecarbonizationIES VE
 
Designing A Time bound resource download URL
Designing A Time bound resource download URLDesigning A Time bound resource download URL
Designing A Time bound resource download URLRuncy Oommen
 

Último (20)

Bird eye's view on Camunda open source ecosystem
Bird eye's view on Camunda open source ecosystemBird eye's view on Camunda open source ecosystem
Bird eye's view on Camunda open source ecosystem
 
Meet the new FSP 3000 M-Flex800™
Meet the new FSP 3000 M-Flex800™Meet the new FSP 3000 M-Flex800™
Meet the new FSP 3000 M-Flex800™
 
Igniting Next Level Productivity with AI-Infused Data Integration Workflows
Igniting Next Level Productivity with AI-Infused Data Integration WorkflowsIgniting Next Level Productivity with AI-Infused Data Integration Workflows
Igniting Next Level Productivity with AI-Infused Data Integration Workflows
 
Building AI-Driven Apps Using Semantic Kernel.pptx
Building AI-Driven Apps Using Semantic Kernel.pptxBuilding AI-Driven Apps Using Semantic Kernel.pptx
Building AI-Driven Apps Using Semantic Kernel.pptx
 
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
Apres-Cyber - The Data Dilemma: Bridging Offensive Operations and Machine Lea...
 
NIST Cybersecurity Framework (CSF) 2.0 Workshop
NIST Cybersecurity Framework (CSF) 2.0 WorkshopNIST Cybersecurity Framework (CSF) 2.0 Workshop
NIST Cybersecurity Framework (CSF) 2.0 Workshop
 
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDE
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDEADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDE
ADOPTING WEB 3 FOR YOUR BUSINESS: A STEP-BY-STEP GUIDE
 
Artificial Intelligence & SEO Trends for 2024
Artificial Intelligence & SEO Trends for 2024Artificial Intelligence & SEO Trends for 2024
Artificial Intelligence & SEO Trends for 2024
 
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPA
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPAAnypoint Code Builder , Google Pub sub connector and MuleSoft RPA
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPA
 
AI You Can Trust - Ensuring Success with Data Integrity Webinar
AI You Can Trust - Ensuring Success with Data Integrity WebinarAI You Can Trust - Ensuring Success with Data Integrity Webinar
AI You Can Trust - Ensuring Success with Data Integrity Webinar
 
Introduction to Matsuo Laboratory (ENG).pptx
Introduction to Matsuo Laboratory (ENG).pptxIntroduction to Matsuo Laboratory (ENG).pptx
Introduction to Matsuo Laboratory (ENG).pptx
 
20230104 - machine vision
20230104 - machine vision20230104 - machine vision
20230104 - machine vision
 
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
IESVE Software for Florida Code Compliance Using ASHRAE 90.1-2019
 
OpenShift Commons Paris - Choose Your Own Observability Adventure
OpenShift Commons Paris - Choose Your Own Observability AdventureOpenShift Commons Paris - Choose Your Own Observability Adventure
OpenShift Commons Paris - Choose Your Own Observability Adventure
 
Cybersecurity Workshop #1.pptx
Cybersecurity Workshop #1.pptxCybersecurity Workshop #1.pptx
Cybersecurity Workshop #1.pptx
 
Machine Learning Model Validation (Aijun Zhang 2024).pdf
Machine Learning Model Validation (Aijun Zhang 2024).pdfMachine Learning Model Validation (Aijun Zhang 2024).pdf
Machine Learning Model Validation (Aijun Zhang 2024).pdf
 
20150722 - AGV
20150722 - AGV20150722 - AGV
20150722 - AGV
 
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve DecarbonizationUsing IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
Using IESVE for Loads, Sizing and Heat Pump Modeling to Achieve Decarbonization
 
201610817 - edge part1
201610817 - edge part1201610817 - edge part1
201610817 - edge part1
 
Designing A Time bound resource download URL
Designing A Time bound resource download URLDesigning A Time bound resource download URL
Designing A Time bound resource download URL
 

Ce hv8 module 02 footprinting and reconnaissance

  • 2. Ethical Hacking and Countermeasures Footprinting and Reconnaissance Exam 312-50 Certified Ethical Hacker Footprinting and R econnaissance Module 02 Ethical Hacking and Countermeasures v8 M o d u l e 02: Foot prin ting and Reconnaissance Exam 31 2- 50 Module 02 Page 92 Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil All Rights Reserved. Reproduction is Strictly Prohibited.
  • 3. Ethical Hacking and Countermeasures Footprinting and Reconnaissance Exam 312-50 Certified Ethical Hacker Security News ABOUT US PRODUCTS N EW S F aceb o o k a 'tre a s u re tro v e' o f P erso n ally Id e n tifia b le In fo rm ation A ril 1a 2012 p Facebook contains a "treasure trove" of personally identifiable information that hackers manage to get their hands on. A report by Imperva revealed that users' "general personal information" can often include a date of birth, home address and sometimes mother's maiden name, allowing hackers to access this and other websites and applications and create targeted spearphishing campaigns. It detailed a concept I call "friend-mapping", where an attacker can get further knowledge of a user’s circle of friends; having accessed their account and posing as a trusted friend, they can cause mayhem. This can include requesting the transfer of funds and extortion. Asked why Facebook is so important to hackers, Imperva senior security strategist Noa Bar-Yosef said: "People also add work friends on Facebook so a team leader can be identified and this can lead to corporate data being accessed, project work being discussed openly, while geo-location data can be detailed for military intelligence." "Hacktivism made up 58 per cent of attacks in the Verizon Data Breach Intelligence Report, and they are going after information on Facebook that can be used to humiliate a person. All types of attackers have their own techniques." http://www.scmogazineuk.com Copyright © by EG-G*ancil. All Rights Reserved. Reproduction is Strictly Prohibited. ‫״‬ am ps uii Security N ew s ‫״־‬ Facebook a ,treasure trove‫״‬of Personally Identifiable Information Source: http://www.scmagazineuk.com Facebook contains a "treasure trove" of personally identifiable information that hackers manage to get their hands on. A report by Imperva revealed that users' "general personal information" can often include a date of birth, home address and sometimes mother's maiden name, allowing hackers to access this and other websites and applications and create targeted spearphishing campaigns. It detailed a concept I call "friend-mapping", where an attacker can get further knowledge of a user's circle of friends; having accessed their account and posing as a trusted friend, they can cause mayhem. This can include requesting the transfer of funds and extortion. Asked why Facebook is so important to hackers, Imperva senior security strategist Noa BarYosef said: ‫״‬People also add work friends on Facebook so a team leader can be identified and this can lead to corporate data being accessed, project work being discussed openly, while geolocation data can be detailed for military intelligence." Module 02 Page 93 Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil All Rights Reserved. Reproduction is Strictly Prohibited.
  • 4. Ethical Hacking and Countermeasures Footprinting and Reconnaissance Exam 312-50 Certified Ethical Hacker "Hacktivism made up 58 per cent of attacks in the Verizon Data Breach Intelligence Report, and they are going after information on Facebook that can be used to humiliate a person. All types of attackers have their own techniques." On how attackers get a password in the first place, Imperva claimed that different keyloggers are used, while phishing kits that create a fake Facebook login page have been seen, and a more primitive method is a brute force attack, where the attacker repeatedly attempts to guess the user's password. In more extreme cases, a Facebook adm inistrators rights can be accessed. Although it said that this requires more effort on the hacker side and is not as prevalent, it is the "holy grail" of attacks as it provides the hacker with data on all users. On protection, Bar-Yosef said the roll-out of SSL across the whole website, rather than just at the login page, was effective, but users still needed to opt into this. By Dan Raywood http://www.scmagazine.com.au/Feature/265065,digitial-investigations-have-matured.aspx Module 02 Page 94 Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil All Rights Reserved. Reproduction is Strictly Prohibited.
  • 5. Ethical Hacking and Countermeasures Footprinting and Reconnaissance Exam 312-50 Certified Ethical Hacker M odule O bjectives J Footprinting Terminology J WHOIS Footprinting J W hat Is Footprinting? J DNS Footprinting J Objectives of Footprinting J Network Footprinting J Footprinting Threats J Footprinting through Social Engineering J J Website Footprinting CEH Footprinting through Social Networking Sites W J Email Footprinting J Footprinting Tools J Competitive Intelligence J Footprinting Countermeasures J Footprinting Using Google J Footprinting Pen Testing Copyright © by EC-G*ancil. All Rights Reserved. Reproduction is Strictly Prohibited. t t t f M odule O bjectives This module will make you familiarize with the following: e Footprinting Terminologies © WHOIS Footprinting e W hat Is Footprinting? © DNS Footprinting © Objectives of Footprinting © Network Footprinting © Footprinting Threats © Footprinting through Social e Footprinting through Search Engines © Website Footprinting © Email Footprinting © Footprinting Tools © Competitive Intelligence © Footprinting Countermeasures © Footprinting Using Google © Footprinting Pen Testing Engineering Module 02 Page 95 © Footprinting through Social Networking Sites Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil All Rights Reserved. Reproduction is Strictly Prohibited.
  • 6. Ethical Hacking and Countermeasures Footprinting and Reconnaissance Exam 312-50 Certified Ethical Hacker M odule Flow Ethical hacking is legal hacking conducted by a penetration tester in order to evaluate the security of an IT infrastructure with the permission of an organization. The concept of ethical hacking cannot be explained or cannot be performed in a single step; therefore, it has been divided into several steps. Footprinting is the first step in ethical hacking, where an attacker tries to gather information about a target. To help you better understand footprinting, it has been distributed into various sections: Xj Footprinting Concepts [|EJ Footprinting Tools Footprinting Threats C J Module 02 Page 96 FootP rint'ng Countermeasures Footprinting Methodology Footprinting Penetration Testing Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil All Rights Reserved. Reproduction is Strictly Prohibited.
  • 7. Ethical Hacking and Countermeasures Footprinting and Reconnaissance Exam 312-50 Certified Ethical Hacker The Footprinting Concepts section familiarizes you with footprinting, footprinting terminology, why footprinting is necessary, and the objectives of footprinting. Module 02 Page 97 Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil All Rights Reserved. Reproduction is Strictly Prohibited.
  • 8. Ethical Hacking and Countermeasures Footprinting and Reconnaissance Exam 312-50 Certified Ethical Hacker Footprinting Term inology Open Source or Passive Information Gathering CEH Active Information Gathering Collect information about a target from the publicly accessible sources Gather information through social engineering on-site visits, interviews, and questionnaires Anonymous Footprinting Pseudonymous Footprinting Gather information from sources where the author of the information cannot Collect information that might be published under a different name in be identified or traced an attempt to preserve privacy Organizational or Private Footprinting Internet Footprinting Collect information from an organization's web-based calendar and email services Collect information about a target from the Internet Copyright © by EC-G*ancil. All Rights Reserved. Reproduction is Strictly Prohibited. 00 ooo — 00 Footprinting Term inology ‫־‬ Before going deep into the concept, it is important to know the basic terminology used in footprinting. These terms help you understand the concept of footprinting and its structures. !,n V 'nVI 'n n Open Source or P assive Information G athering Open source or passive information gathering is the easiest way to collect information about the target organization. It refers to the process of gathering information from the open sources, i.e., publicly available sources. This requires no direct contact with the target organization. Open sources may include newspapers, television, social networking sites, blogs, etc. Using these, you can gather information such as network boundaries, IP address reachable via the Internet, operating systems, web server software used by the target network, TCP and UDP services in each system, access control mechanisms, system architecture, intrusion detection systems, and so on. Active Information Gathering In active information gathering, process attackers mainly focus on the employees of Module 02 Page 98 Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil All Rights Reserved. Reproduction is Strictly Prohibited.
  • 9. Ethical Hacking and Countermeasures Footprinting and Reconnaissance Exam 312-50 Certified Ethical Hacker the target organization. Attackers try to extract information from the employees by conducting social engineering: on-site visits, interviews, questionnaires, etc. Anonym ous Footprinting This refers to the process of collecting information from sources anonymously so that your efforts cannot be traced back to you. < — Pseudonym ous Footprinting — i Pseudonymous footprinting refers to the process of collecting information from the sources that have been published on the Internet but is not directly linked to the author's name. The information may be published under a different name or the author may have a well-established pen name, or the author may be a corporate or government official and be prohibited from posting under his or her original name. Irrespective of the reason for hiding the author's name, collecting information from such sources is called pseudonymous. *s r • V t 4 O rganizational or Private THI 4 • • Footprinting 4 Private footp rint""ing involves collecting information from an organization's webbased calendar and email services. | | Internet Footprinting Internet footprinting refers to the process of collecting information of the target organization's connections to the Internet. Module 02 Page 99 Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil All Rights Reserved. Reproduction is Strictly Prohibited.
  • 10. Ethical Hacking and Countermeasures Footprinting and Reconnaissance Exam 312-50 Certified Ethical Hacker W h a t I s F o o tp rin tin g ? | Footprinting is the process of collecting as much information as possible about a target network, for identifying various ways to intrude into an organization's network system Process involved in Footprinting a Target © Determine the operating system Collect basic information about the target and its network Perform techniques such as Whois, DNS, network and organizational queries used, platforms running, web server versions, etc. di i iH a af , ‫ י‬a a ■ © Find vulnerabilities and exploits for launching attacks Copyright © by EC-G*ancil. All Rights Reserved. Reproduction is Strictly Prohibited. What Is Footprinting? Footprinting, the first step in ethical hacking, refers to the process of collecting information about a target network and its environment. Using footprinting you can find various ways to intrude into the target organization's network system. It is considered ‫״‬methodological" because critical information is sought based on a previous discovery. Once you begin the footprinting process in a methodological manner, you will obtain the blueprint of the security profile of the target organization. Here the term "blueprint" is used because the result that you get at the end of footprinting refers to the unique system profile of the target organization. There is no single methodology for footprinting as you can trace information in several routes. However, this activity is important as all crucial information needs to be gathered before you begin hacking. Hence, you should carry out the footprinting precisely and in an organized manner. You can collect information about the target organization through the means of footprinting in four steps: 1. Collect basic information about the target and its network 2. Determine the operating system used, platforms running, web server versions, etc. Module 02 Page 100 Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil All Rights Reserved. Reproduction is Strictly Prohibited.
  • 11. Ethical Hacking and Countermeasures Footprinting and Reconnaissance Exam 312-50 Certified Ethical Hacker 3. Perform techniques such as Whois, DNS, network and organizational queries 4. Find vulnerabilities and exploits for launching attacks Furthermore, we will discuss how to collect basic information, determine operating system of target computer, platforms running, and web server versions, various methods of footprinting, and how to find and exploit vulnerabilities in detail. Module 02 Page 101 Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil All Rights Reserved. Reproduction is Strictly Prohibited.
  • 12. Ethical Hacking and Countermeasures Footprinting and Reconnaissance Exam 312-50 Certified Ethical Hacker W h y F o o tp rin tin g ? I'n'n'r'n'n' CEH Urti*W itkM l lUckw Why Footprinting? For attackers to build a hacking strategy, they need to gather information about the target organization's network, so that they can find the easiest way to break into the organization's security perimeter. As mentioned previously, footprinting is the easiest way to gather information about the target organization; this plays a vital role in the hacking process. Footprinting helps to: • Know Security Posture Performing footprinting on the target organization in a systematic and methodical manner gives the complete profile of the organization's security posture. You can analyze this report to figure out loopholes in the security posture of your target organization and then you can build your hacking plan accordingly. • Reduce Attack Area By using a combination of tools and techniques, attackers can take an unknown entity (for example XYZ Organization) and reduce it to a specific range of domain names, network blocks, and individual IP addresses of systems directly connected to the Internet, as well as many other details pertaining to its security posture. Build Information Database Module 02 Page 102 Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil All Rights Reserved. Reproduction is Strictly Prohibited.
  • 13. Ethical Hacking and Countermeasures Footprinting and Reconnaissance A detailed footprint Exam 312-50 Certified Ethical Hacker provides maximum information about the target organization. Attackers can build their own information database about security weakness of the target organization. This database can then be analyzed to find the easiest way to break into the organization's security perimeter. • Draw Network Map Combining footprinting techniques with tools such as Tracert allows the attacker to create network diagrams of the target organization's network presence. This network map represents their understanding of the targets Internet footprint. These network diagrams can guide the attack. Module 02 Page 103 Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil All Rights Reserved. Reproduction is Strictly Prohibited.
  • 14. Ethical Hacking and Countermeasures Footprinting and Reconnaissance Exam 312-50 Certified Ethical Hacker O b jectiv es of F ootprinting CEH 0 0 Rogue websites/private websites 0 TCP and UDP services running 0 Access control Mechanisms and ACL's tf System Enumeration ‫ג‬ O IP addresses of the reachable systems 0 0 0 0 0 VPN Points Network blocks 0 Collect Network Information ‫ -׳‬Networking protocols * Internal domain names 0 O Domain name 0 User and group names ACLs IDSes running Analog/digital telephone numbers Authentication mechanisms System architecture * Remote system type • Routing tables • System names : SNMP information : Passwords 0 1v 1/< ‫־‬ Collect System Information ‫־‬ * System banners Employee details 0 Comments in HTML source code 0 0 Collect Organization’s Information 0 Address and phone numbers Background of the organization 0 Location details 0 Web server links relevant to the organization 0 Company directory 0 Security policies implemented 0 Organization's website News articles/press releases Copyright © by EC-G*ancil. All Rights Reserved. Reproduction is Strictly Prohibited. O bjectives of Footprinting The information, major system objectives of footprinting information, and the include collecting the organizational information. target's network By carrying out footprinting at various network levels, you can gain information such as: network blocks, network services and applications, system architecture, intrusion detection systems, specific IP addresses, and access control mechanisms. W ith footprinting, information such as employee names, phone numbers, contact addresses, designation, and work experience, and so on can also be obtained. C ollect Network Information The network information can be gathered by performing a W hois database analysis, trace routing, etc. includes: Q Domain name Q Internal domain names Q Network blocks © IP addresses of the reachable systems -‫ י‬Rogue websites/private websites Module 02 Page 104 Ethical Hacking and Countermeasures Copyright © by EC-COUIICil All Rights Reserved. Reproduction is Strictly Prohibited.
  • 15. Ethical Hacking and Countermeasures Footprinting and Reconnaissance Q Exam 312-50 Certified Ethical Hacker TCP and UDP services running © Access control mechanisms and ACLs © Networking protocols © VPN points Q ACLs 9 IDSes running © Analog/digital telephone numbers © Authentication mechanisms © System enumeration C ollect System Information Q User and group names © System banners Q Routing tables Q SNM P information © System architecture © Remote system type Q System names Q Passwords C ollect O rganization’s Information Q Employee details Q Organization's website Q Company directory Q Location details Q Address and phone numbers Q Comments in HTML source code Q Security policies implemented Q W eb server links relevant to the organization © Background of the organization U News articles/press releases Module 02 Page 105 Ethical Hacking and Countermeasures Copyright © by EC-COUIlCil All Rights Reserved. Reproduction is Strictly Prohibited.
  • 16. Ethical Hacking and Countermeasures Footprinting and Reconnaissance Exam 312-50 Certified Ethical Hacker M odule Flow So far, we discussed footprinting concepts, and now we will discuss the threats associated with footprinting: ‫ף‬ Footprinting Concepts Footprinting Tools Footprinting Countermeasures o ‫ ר‬Footprinting Threats C L) Footprinting Methodology Footprinting Penetration Testing xi ‫? * ר‬ The Footprinting Threats section familiarizes you with the threats associated with footprinting such as social Module 02 Page 106 engineering, system and network attacks, corporate espionage, etc. Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil All Rights Reserved. Reproduction is Strictly Prohibited.
  • 17. Ethical Hacking and Countermeasures Footprinting and Reconnaissance Exam 312-50 Certified Ethical Hacker Footprinting T hreats J Attackers gather valuable system and network information such as account details, operating system and installed applications, network components, server names, database schema details, etc. from footprinting techniques Types off T h re a ts Information Leakage Privacy Loss J C o p yrigh t © b y ‫0ם‬- ‫ם‬ J. EG-G*ancil. All Corporate Espionage Business Loss Rights Reserved. Rep rod u ctio n is S trictly Prohibited. Footprinting Threats As discussed previously, attackers perform footprinting as the first step in an attempt to hack a target organization. In the footprinting phase, attackers try to collect valuable systemlevel information such as account details, operating system and other software versions, server names, and database schema details that will be useful in the hacking process. The following are various threats due to footprinting: Social E ngineering W ithout using any intrusion methods, hackers directly and indirectly collect information through persuasion and various other means. Here, crucial information is gathered by the hackers through employees without their consent. ©J System and Network Attacks Footprinting helps an attacker to perform system and network attacks. Through footprinting, attackers can gather information related to the target organization's system configuration, operating system running on the machine, and so on. Using this information, attackers can find the vulnerabilities present in the target system and then can exploit those Module 02 Page 107 Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil All Rights Reserved. Reproduction is Strictly Prohibited.
  • 18. Ethical Hacking and Countermeasures Footprinting and Reconnaissance Exam 312-50 Certified Ethical Hacker vulnerabilities. Thus, attackers can take control over a target system. Similarly, attackers can also take control over the entire network. pa», Inform ation L eakage L 3 3 Information leakage can be a great threat to any organization and is often overlooked. & If sensitive organizational information falls into the hands of attackers, then they can build an attack plan based on the information, or use it for monetary benefits. G P ‫—יי‬ Privacy L oss ‫ ׳‬With the help of footprinting, hackers are able to access the systems and networks of the company and even escalate the privileges up to admin levels. W hatever privacy was maintained by the company is completely lost. Corporate Espionage Corporate espionage is one of the major threats to companies as competitors can spy and attempt to steal sensitive data through footprinting. Due to this type of espionage, competitors are able to launch similar products in the market, affecting the market position of a company. B usin ess Loss Footprinting has a major effect on businesses such as online businesses and other ecommerce websites, banking and financial related businesses, etc. Billions of dollars are lost every year due to malicious attacks by hackers. Module 02 Page 108 Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil All Rights Reserved. Reproduction is Strictly Prohibited.
  • 19. Ethical Hacking and Countermeasures Footprinting and Reconnaissance Exam 312-50 Certified Ethical Hacker M odule Flow Now that you are familiar with footprinting concepts and threats, we will discuss the footprinting methodology. The footprinting methodology section discusses various techniques used to collect information about the target organization from different sources. x Footprinting Concepts ‫ן־דיןן‬ Footprinting Threats G O Module 02 Page 109 Footprinting Methodology Footprinting Tools Footprinting Countermeasures v! Footprinting Penetration Testing Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil All Rights Reserved. Reproduction is Strictly Prohibited.
  • 20. Ethical Hacking and Countermeasures Footprinting and Reconnaissance Exam 312-50 Certified Ethical Hacker Footprinting M ethodology Footprinting through Search EH W H O IS Footprinting Engines Website Footprinting DNS Footprinting Email Footprinting Network Footprinting Competitive Intelligence Footprinting through Social Engineering Footprinting using Google Footprinting through Social Networking Sites Copyright © by EG-G*ancil. All Rights Reserved. Reproduction is Strictly Prohibited. I ^ — Footprinting M ethodology The footprinting methodology is a procedural way of collecting information about a target organization from all available sources. It deals with gathering information about a target organization, determining URL, location, establishment details, number of employees, the specific range of domain names, and contact information. This information can be gathered from various sources such as search engines, Whois databases, etc. Search engines are the main information sources where you can find valuable information about your target organization. Therefore, first we will discuss footprinting through search engines. Here we are going to discuss how and what information we can collect through search engines. Examples of search engines include: www.google.com ,www.yahoo.com ,www.bing.com Module 02 Page 110 Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil All Rights Reserved. Reproduction is Strictly Prohibited.
  • 21. Ethical Hacking and Countermeasures Footprinting and Reconnaissance Exam 312-50 Certified Ethical Hacker Footprinting through Search Engines Attackers use search engines to extract information about a target such as technology platforms, employee details, login pages, intranet portals, etc. which helps in performing social engineering and other types of advanced system attacks Microsoft » a u •» •> • ic p i 0 M s »!*>* rc s th * M *C ivx co ciim x a M.r 1 A m Cr nm n w ■ M D Tzerperator CM Microsoft n P> u r*, A 41 : M * nt■ d» b jn V em h J Search engine cache may provide sensitive information that has been removed from the World Wide Web (W W W ) i 1 :am iiwm1wn• w ■ 1 S O<M m y < w t MMOS 1 r*& 1 IIM l tv| *tiV wM In sa*« j h .ro * idm t i p* n 1b -a«'MI1h • u to c d n M jM iM 1M r * e h t t• rtM a ■ m h n trfQr• *rt V/ K u* ti * m a t* 1 Mro S c in 111 1•<n> '‫ • «׳‬n ^ ••‫*אי‬an n• • *0 1 pu V tn n r - • s* ‫יי‬ Footprinting through Search Engines w , -- A web search engine is designed to search for information on the World W ide Web. The search results are generally presented in a line of results often referred to as search engine results pages (SERPs). In the present world, many search engines allow you to extract a target organization's information such as technology platforms, employee details, login pages, intranet portals, and so on. Using this information, an attacker may build a hacking strategy to break into the target organization's network and may carry out other types of advanced system attacks. A Google search could reveal submissions to forums by security personnel that reveal brands of firewalls or antivirus software in use at the target. Sometimes even network diagrams are found that can guide an attack. If you want to footprint the target organization, for example XYZ pvt ltd, then type XYZ pvt ltd in the Search box of the search engine and press Enter. This will display all the search results containing the keywords "XYZ pvt ltd." You can even narrow down the results by adding a specific keyword while searching. Furthermore, we will discuss other footprinting techniques such as website footprinting and email Footprinting. For example, consider an organization, perhaps Microsoft. Type Microsoft in the Search box of a search engine and press Enter; this will display all the results containing information about Microsoft. Browsing the results may provide critical information such as physical location, Module 02 Page 111 Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil All Rights Reserved. Reproduction is Strictly Prohibited.
  • 22. Ethical Hacking and Countermeasures Footprinting and Reconnaissance Exam 312-50 Certified Ethical Hacker contact address, the services offered, number of employees, etc. that may prove to be a valuable source for hacking. O © wcbcachc.googleusercontent.com scarch?q-cache:ARbFVg INvoJ:en.wikipcdia.org/wiki/Micn & ,‫|ן‬ This i3 Google's cache of http i / e n wikipedia 0 rgAviki/Micro soft t is a snapshot of the page as it appeared on 17 Jul 2012 13:15:03 GMT The current page could have changed in the meantirre Learn more Text-only /ersicn Create account & Log in Read View source View history Microsoft - 47'38*22 55‫״‬N 122‘74242‫־‬W From Wikipedia. the free encyclopedia Main page Contents Featured content Current events Random article Donate to vviKipeaia Microsoft Corporation (NASDAQ: MSFTt? ) is ar American multinational corporation headquartered n ReJrrond. Washington. United States that develops, manufactures licenses, and supports a wide range cf products and services rolatod to computing. Tho company was foundoc by Bill Gatos and Paul Allen on Apr J 4. 1975. Microsoft is the world's largest software corporation measured by revenues Interaction inteipieteis foi the Altai! 8800 It rose to dominate the home computer operating system market wth MS-OOS n the m id• 1980s followed by the Microsoft Wndows line of operating systems The company’s 1986 initial public oferng. and subsequent rise in the share price, created ar estimated three billionaires and 12.000 millionaires from Microsoft employees Since the 1990s. the company has increasingly d1 ersrf1 from ed the operating system market. In May 2011 Microsoft acquired Skype for $8 5 billion in its largest acquisition to date PI Microsoft‫׳‬ Type Rjblc Traded as NASDAQ: MSFT ^ SEHK: 4 3 ( 33£ > Cow Jones Industrial Average component Microsoft was established to develop and sell BA SC Help About Wikipedia Community portal M ic ro s o rt c o rp o ra tio n Recent changes Contact Wikipedia ► Print/export ▼ Languages NASDAQ-100com ponent S&P50D component Induttry Computer tofiwar• Onlir• t#rvic♦• Video gorroo Founded Albuquerque, New Mexico, United States (April 4,1975) Founder(•) Bill Gates, Paul Alien Headquarters Microsoft Redmond Campts, FIGURE 2.1: Screenshot showing information about Microsoft As an ethical hacker, if you find any sensitive information of your company in the search engine result pages, you should remove that information. Although you remove the sensitive information, it may still be available in a search engine cache. Therefore, you should also check the search engine cache to ensure that the sensitive data is removed permanently. Module 02 Page 112 Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil All Rights Reserved. Reproduction is Strictly Prohibited.
  • 23. Ethical Hacking and Countermeasures Footprinting and Reconnaissance Exam 312-50 Certified Ethical Hacker Finding Company’s External and Internal URLs To o ls to Search Internal UR Ls Search for the target company's external URL in a search engine such as Google or Bing Internal URLs provide an insight into different departments and business units in CEH 5 http://news.netcraft.com 6 h t t p : / / w w w . webmaster-a.com/ l i n k - e x t r a c tor-internal.php an organization You may find an internal company's URL by trial and error method A Internal U R L’s of m icrosoft.com t s u p p o r t . m icrosoft.com ) e office.mi c r o s o f t . c o m s s e a r c h . m icrosoft.com 0 msdn. m i c r o s o f t . c o m O update.mi c r o s o f t . c o m 6 t e c h n e t . m icrosoft.com 0 windo w s . m i c r o s o f t . c o m f j ^ , Copyright © by EG-G(IIIICil. All Rights Reserved. Reproduction is Strictly Prohibited. Finding C om pany’s External and Internal URLs A company's external and internal URLs provide a lot of useful information to the attacker. These URLs describe the company and provide details such as the company mission and vision, history, products or services offered, etc. The URL that is used outside the corporate network for accessing the company's vault server via a firewall is called an external URL. It links directly to the company's external web page. The target company's external URL can be determined with the help of search engines such as Google or Bing. If you want to find the external URL of a company, follow these steps: 1. Open any of the search engines, such as Google or Bing. 2. Type the name of the target company in the Search box and press Enter. The internal URL is used for accessing the company's vault server directly inside the corporate network. The internal URL helps to access the internal functions of a company. Most companies use common formats for internal URLs. Therefore, if you know the external URL of a company, you can predict an internal URL through trial and error. These internal URLs provide insight into different departments and business units in an organization. You can also find the internal URLs of an organization using tools such as netcraft. Tools to Search Internal URLs Module 02 Page 113 Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil All Rights Reserved. Reproduction is Strictly Prohibited.
  • 24. Ethical Hacking and Countermeasures Footprinting and Reconnaissance Exam 312-50 Certified Ethical Hacker Netcraft Source: http://news.netcraft.com Netcraft deals with web server, web hosting market-share analysis, and operating system detection. It provides free anti-phishing toolbar (Net craft toolbar) for Firefox as well as Internet Explorer browsers. The netcraft toolbar avoids phishing attacks and protects the Internet users from fraudsters. It checks the risk rate as well as the hosting location of the websites we visit. Link Extractor Source: http://www.webmaster-a.com/link-extractor-internal.php Link Extractor is a link extraction utility that allows you to choose between external and internal URLs, and will return a plain list of URLs linked to or an html list. You can use this utility to competitor sites. Examples of internal URLs of microsoft.com: © support.microsoft.com © office.microsoft.com © search.microsoft.com © msdn.microsoft.com © update.microsoft.com © technet.microsoft.com © windows.microsoft.com Module 02 Page 114 Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil All Rights Reserved. Reproduction is Strictly Prohibited.
  • 25. Ethical Hacking and Countermeasures Footprinting and Reconnaissance Exam 312-50 Certified Ethical Hacker P u b lic and R estricted W eb sites CEH Urt1fw4 ilh iu l lUtbM Welcome to Microsoft Irocua Dt+noaSz Sicuity Stifpcrt Su h ttp ://w w w .m ic ro s o ft.c o m Public W ebsite http://offlce.microsoft.com http://answers.microsoft.com Restricted W ebsite Copyright © by EG-G(IIIICil. All Rights Reserved. Reproduction is Strictly Prohibited. Public and R estricted W ebsites —___ , A public website is a website designed to show the presence of an organization on the Internet. It is designed to attract customers and partners. It contains information such as company history, services and products, and contact information of the organization. The following screenshot is an example of a public website: Source: http://www.microsoft.com Module 02 Page 115 Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil All Rights Reserved. Reproduction is Strictly Prohibited.
  • 26. Ethical Hacking and Countermeasures Footprinting and Reconnaissance Exam 312-50 Certified Ethical Hacker FIGURE 2.2: An example of public website A restricted website is a website that is available to only a few people. The people may be employees of an organization, members of a department, etc. Restrictions can be applied based on the IP number, domain or subnet, username, and password. Restricted or private websites of microsoft.com include: http://technet.microsoft.com, http://windows.microsoft.com, http://office.microsoft.com, and http://answers.microsoft.com. Module 02 Page 116 Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil All Rights Reserved. Reproduction is Strictly Prohibited.
  • 27. Ethical Hacking and Countermeasures Footprinting and Reconnaissance 4‫־‬ C Exam 312-50 Certified Ethical Hacker H *O *< 1 ‫״‬U0*n c*w T r© 0 Microsoft | TechNet W1 *• I TKMCINfMS IVMUAIIOM lM«»l .< » *% < fVINIl U*VKTU*I% IKHM lM kOC Discover the N ew Office for IT Prc |(«4a> tNc«r iecK ew r Shw1»ew1 » 1 >• I Tc< «m Ntw Office1* IT*tot »C er 0 IW ftM T tM qt 20 *o fm 11 I I« K « ‫*׳‬er < *o S«e0*Ve X i l n t e w jq ‫׳‬ bcneJOIl ‫י‬ EZESZ1 NBOUn lunott ■ A tt U V fjm WC OOMQW Welcome to Office F - . ML i with Office 365 FIGURE 2.3: Examples of Public and Restricted websites Module 02 Page 117 Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil All Rights Reserved. Reproduction is Strictly Prohibited.
  • 28. Ethical Hacking and Countermeasures Footprinting and Reconnaissance Exam 312-50 Certified Ethical Hacker Collect Location Information CEH Use G o og le Earth tool to get th e location of th e place C ollect Location Inform ation Information such as physical location of the organization plays a vital role in the hacking process. This information can be obtained using the footprinting technique. In addition to physical location, we can also collect information such as surrounding public Wi-Fi hotspots that may prove to be a way to break into the target organization's network. Attackers with the knowledge of a target organization's location may attempt dumpster diving, surveillance, social engineering, and other non-technical attacks to gather much more information about the target organization. Once the location of the target is known, detailed satellite images of the location can be obtained using various sources available on the Internet such as http://www.google.com/earth and https://maps.google.com. Attackers can use this information to gain unauthorized access to buildings, wired and wireless networks, systems, and so on. Example: earth.google.com Google Earth is a valuable tool for hacking that allows you to find a location, point, and zoom into that location to explore. You can even access 3D images that depict most of the Earth in high-resolution detail. Module 02 Page 118 Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil All Rights Reserved. Reproduction is Strictly Prohibited.
  • 29. Ethical Hacking and Countermeasures Footprinting and Reconnaissance * Pldcwe Exam 312-50 Certified Ethical Hacker * ‫יג*י‬ U, PI0C63 C ‫ ט‬farperar/Phces * Liytit S 0 Je Q«>flr«wr1cvyec OS fto * • 5 O BuMngo t£ '* :troct > ‘osv * H r B c r l n <rd latcti □ Q ►1 0c 1 ‫ם י‬o ‫***־‬ ‫׳‬ ‫־‬ 5. 0 0fll»‫׳‬v •□v >C A irv v W1 w iwi « & D t F ee fiw it ta eo rro ‫ םי‬M ‫ס‬o • B fc ffim FIGURE 2.4: Google Earth showing location Example: maps.google.com Google Maps provides a Street View feature that provides you with a series of images of building, as well as its surroundings, including WI-FI networks. Attackers may use Google Maps to find or locate entrances to buildings, security cameras, gates, places to hide, weak spots in perimeter fences, and utility resources like electricity connections, to measure distance between different objects, etc. .‫־‬ =ssa C •You .» l fi https' maps.google.fc Starch Imago* Mall Oocuinonl• Calondai Shot ConUctt Ma p • Google G«t ArtcM**• My piac•! A oo < Om O kxh S**fchn#*fby S*v»lom*p mor*» *•port •P0C . u«c* L*M •H«lp 4«m O oogi• u«e* ■ •Mi: 00««1• r«m1 01 um•* ‫*♦יי‬ FIGURE 2.5: Google Maps showing a Street View Module 02 Page 119 Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil All Rights Reserved. Reproduction is Strictly Prohibited.
  • 30. Ethical Hacking and Countermeasures Footprinting and Reconnaissance Exam 312-50 Certified Ethical Hacker P e o p le S e a r c h Information about an individual can be found at various people search websites C EH The people search returns th e follow ing inform ation ab ou t a person: “ Contact numbers and date of birth S frfi Residential addresses and email addresses S Photos and social networking profiles £ Blog URLs S Satellite pictures of private residencies P‘P * !is 2 !;‫״‬ K ttje O. I* tan , C .U .w • *• < U A » e* « ■ * http://www.spokeo.com http://pipl.com Copyright © by EG-C*ancil. All Rights Reserved. Reproduction is Strictly Prohibited. People Search You can use the public record websites to find information about people's email addresses, phone numbers, house addresses, and other information. Usingthis information you can try to obtain bank details, credit card details, mobile numbers, past history, etc. There are many people search online services available that help find people, http://pipl.com and http://www.spokeo.com are examples of people search services that allow you to search for the people with their name, email, username, phone, or address. These people search services may provide information such as: Q Residential addresses and email addresses O Contact numbers and date of birth Q Photos and social networking profiles © Blog URLs © Satellite pictures of private residences Module 02 Page 120 Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil All Rights Reserved. Reproduction is Strictly Prohibited.
  • 31. Ethical Hacking and Countermeasures Footprinting and Reconnaissance Module 02 Page 121 Exam 312-50 Certified Ethical Hacker Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil All Rights Reserved. Reproduction is Strictly Prohibited.
  • 32. Ethical Hacking and Countermeasures Footprinting and Reconnaissance Exam 312-50 Certified Ethical Hacker P eo p le Search O n lin e S erv ic es M M Zaba Search % 123 People Search http://ww w.zabasearch.com h ttp ://w w w . 123people, com C Zoomlnfo h ttp ://w w w .zo o m in fo . com PeekYou h ttp ://w w w .p e e kyo u . com Wink People Search Intelius h ttp ://w in k.co m h ttp ://w w w .inte liu s.com & h ttp ://w w w .pe op le sm a rt. com m o • IP AnyWho http ://w w w .an yw h o.co m http://w w w .w hite p ag es.co m People Lookup S® CEH PeopleSmart WhitePages https://w w w .peoplelookup.com V/ > —J Copyright © by EG-G(IIIICil. All Rights Reserved. Reproduction is Strictly Prohibited. .3;► People Search O nline Services — ‫ ׳׳‬At present, many Internet users are using people search engines to find information about other people. Most often people search engines provide people's names, addresses, and contact details. Some people search engines may also reveal the type of work an individual does, businesses owned by a person, contact numbers, company email addresses, mobile numbers, fax numbers, dates of birth, personal -mail addresses, etc. This information proves to be highly beneficial for attackers to launch attacks. Some of the people search engines are listed as follows: Zaba Search Source: http://www.zabasearch.com Zaba Search is a people search engine that provides information such as address, phone number, current location, etc. of people in the US. It allows you to search for people by their name. Zoom lnfo Source: http://www.zoominfo.com Module 02 Page 122 Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil All Rights Reserved. Reproduction is Strictly Prohibited.
  • 33. Ethical Hacking and Countermeasures Footprinting and Reconnaissance Exam 312-50 Certified Ethical Hacker Zoom Info is a business people directory using which you can find business contacts, people's professional profiles, biographies, work histories, affiliations, links to employee profiles with verified contact information, and more. ‫צ_ו‬ E. Wink P eople Search Source: http://wink.com Wink People Search is a people search engine that provides information about people by name and location. It gives phone number, address, websites, photos, work, school, etc. ‫״‬ AnyWho Source: http://www.anywho.com AnyWho is a website that helps you find information about people, their businesses, and their locations online. With the help of a phone number, you can get all the details of an individual. P eople Lookup Source: https://www.peoplelookup.com People Lookup is a people search engine that allows you to find, locate, and then connect with people. It also allows you to look up a phone number, search for cell numbers, find an address or phone number, and search for people in the US. This database uses information from public records. 123 P eople Search Source: http://www.123people.com 123 People Search is a people search tool that allows you to find information such as public records, phone numbers, addresses, images, videos, and email addresses. PeekYou Source: http://www.peekyou.com PeekYou is a people search engine that allows you to search for profiles and contact information of people in India and cities' top employers and schools. It allows you to search for the people with their names or usernames. Intelius Source: http://www.intelius.com Intelius is a public records business that provides information services. It allows you to search for the people in US with their name, address, phone number, or email address. Module 02 Page 123 Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil All Rights Reserved. Reproduction is Strictly Prohibited.
  • 34. Ethical Hacking and Countermeasures Footprinting and Reconnaissance Exam 312-50 Certified Ethical Hacker PeopleSm art Source: http://www.peoplesmart.com People Smart is a people search service that allows you to find people's work information with their name, city, and state. In addition, it allows you to perform reverse phone lookups, email searches, searches by address, and county searches. Module 02 Page 124 Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil All Rights Reserved. Reproduction is Strictly Prohibited.
  • 35. Ethical Hacking and Countermeasures Footprinting and Reconnaissance Exam 312-50 Certified Ethical Hacker W hitePages Source: http://www.whitepages.com WhitePages is a people search engine that provides information about people by name and location. Using the phone number, you can find the person's address. Module 02 Page 125 Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil All Rights Reserved. Reproduction is Strictly Prohibited.
  • 36. Ethical Hacking and Countermeasures Footprinting and Reconnaissance Exam 312-50 Certified Ethical Hacker People Search on Social Networking Services CEH h ttp ://w w w .Iinked in. com h ttp ://w w w .fa ce b o o k. com r Google♦ ft R30er Feoerer n tn llweM irtK n fjailtofeiledewlwpeiewlkw ! ■‫ ׳‬3a ‫י‬ i i n s »‫*־‬ h ttp ://tw itte r.c o m h ttps ://p lu s, google, com Copyright © by EG-G(IIIICil. All Rights Reserved. Reproduction is Strictly Prohibited. People Search on Social N etw orking Services Searching for people on social networking websites is easy. Social networking services are the online services, platforms, or sites that focus on facilitating the building of social networks or social relations among people. These websites provide information that is provided by users. Here, people are directly or indirectly related to each other by common interest, work location, or educational communities, etc. Social networking sites allow people to share information quickly and effectively as these sites are updated in real time. It allows updating facts about upcoming or current events, recent announcements and invitations, and so on. Therefore, social networking sites prove to be a great platform for searching people and their related information. Through people searching on social networking services, you can gather critical information that will be helpful in performing social engineering or other kinds of attacks. Many social networking sites allow visitors to search for people without registration; this makes people searching on social networking sites an easy task for you. You can search a person using name, email, or address. Some sites allow you to check whether an account is currently in use or not. This allows you to check the status of the person you are looking for. Some of social networking services are as follows: Module 02 Page 126 Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil All Rights Reserved. Reproduction is Strictly Prohibited.
  • 37. Ethical Hacking and Countermeasures Footprinting and Reconnaissance Exam 312-50 Certified Ethical Hacker Facebook Source: http://www.facebook.com Facebook allows you to search for people, their friends, colleagues, and people living around them and others with whom they are affiliated. In addition, you can also find their professional information such as their company or business, current location, phone number, email ID, photos, videos, etc. It allows you to search for people by username or email address. facebook □ Carmen f lectra Sear<* for people, places and tvig i About * A na*<raof «hamd-watt. Carmangraw near Cmamas, 900. and got hor • ! braak *htn a tcout for fw c* ‫״‬ aponad har danang and a*ad har to cama and aud«on for Carman *roto a bock. >to* toBaSaxv'wfvtftwat oubkihad by Random noma In +* book Carman convayi tm ascW ird ifM n d n g ifo n tln w M lfaN co r• Carman * aiao the *ace of Ma* factor,a brand that ‫• ״‬ a W t J aknoat 10 yaari ago and • •nwadataJY Mad to 0 < «1‫»׳‬aod1 moat baauHU facaa. Carman•parm m 10 »‫י«י‬ Mai factor *eahset her mTv and pm ..$•• FIGURE 2.7: Facebook a social networking service to search for people across the world L inkedln 1 J Source: http://www.linkedin.com Linkedln is a social networking website for professional people. It allows you to find people by name, keyword, company, school, etc. Searching for people on Linkedln gives you information such as name, designation, name of company, current location, and education qualifications, but to use Linkedln you need to be registered with the site. Twitter Source: http://twitter.com Module 02 Page 127 Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil All Rights Reserved. Reproduction is Strictly Prohibited.
  • 38. Ethical Hacking and Countermeasures Footprinting and Reconnaissance Exam 312-50 Certified Ethical Hacker Twitter is a social networking service that allows people to send and read text messages (tweets). Even unregistered users can read tweets on this site. FIGURE 2.9: Twitter screenshot Module 02 Page 128 Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil All Rights Reserved. Reproduction is Strictly Prohibited.
  • 39. Ethical Hacking and Countermeasures Footprinting and Reconnaissance Exam 312-50 Certified Ethical Hacker G oogle+ Source: https://plus.google.com Google+ is a social networking site that aims to make sharing on the web more like sharing in real life. You can grab a lot of useful information about users from this site and use it to hack their systems. FIGURE 2.10: Google+ screenshot Module 02 Page 129 Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil All Rights Reserved. Reproduction is Strictly Prohibited.
  • 40. Ethical Hacking and Countermeasures Footprinting and Reconnaissance Exam 312-50 Certified Ethical Hacker Gather Inform ation from Financial Services CEH Copyright © by EG-G*ancil. All Rights Reserved. Reproduction is Strictly Prohibited. (> ^ Gather Inform ation from F inancial Services j Financial services such as Google Finance, Yahoo! Finance, and so on provide a lot of useful information such as the market value of a company's shares, company profile, competitor details, etc. The information offered varies from one service to the next. In order to avail themselves of services such as e-mail alerts and phone alerts, users need to register on the financial services. This gives an opportunity for an attacker to grab useful information for hacking. Many financial firms rely on web access, performing transactions, and user access to their accounts. Attackers can obtain sensitive and private information of users using information theft, key loggers, etc. Attackers can even grab this information by implementing cybercrimes, and exploit it with the help of non-vulnerable threats (software design flaw example; breaking authentication mechanism). The following are some of non-vulnerable threats: Q Service flooding Brute force attack S Phishing Module 02 Page 130 Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil All Rights Reserved. Reproduction is Strictly Prohibited.
  • 41. Ethical Hacking and Countermeasures Footprinting and Reconnaissance Exam 312-50 Certified Ethical Hacker FIGURE 2.11: Examples of financial services website for gathering information Module 02 Page 131 Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil All Rights Reserved. Reproduction is Strictly Prohibited.
  • 42. Ethical Hacking and Countermeasures Footprinting and Reconnaissance Exam 312-50 Certified Ethical Hacker CEH Footprinting through Job Sites Urtifwl You can gather company's infrastructure details from job postings Look fo r th ese: p s io la ra T ■ o it n ro u io Aboa Us‫־‬ Sanre ISfti. t * WarJ k B»cv» Faraiy c£( nnpjwt h».‫ ־‬h«t>rornuylm r c bowmt toinlntp’-l'adin( *slutkm in even *wt of andlwrwflft e Job requirements 6 En:e‫־‬p 3 Applicators EngincerfCBA « ilhiul lUtbM Employee's profile Wr04 town niciK* © Hardware information A C £ H | © Software information tvHikuk *vl fwrir* v tt arr>^< »c th* tcol< mvl tci-hiolosr' rtjtfhWp fcffli <are<ed V* o il if proivSnj. "S m rf of I ' 1 ‫ <1 1ז‬Fxrflm‫־‬r ' ‫ז *וין.״‬ Wt eitaxi ths1aoe feel ofservice !0 our no* ■*witm* aisrt otr uivktuv V { otf« 0inprttT. r taanrt and b enefits, but out tbrtiztli it on timh iltuf We fosta• 1 cisual b h*d uoriar.fi mwcnrxctt. ottmizt fin ut pati weafcepnfe apraantngticniwtha1 E xam p les o f Job W ebsites » .o* K K « M r « d bldb ?00B3a1r|u1n tla*g luuwtrtlg o W < C fexknv1 «1vn 2CO V2008 Actvr Oarv u • MkanMMUjodndnctuitkaig (TCP IP ve14.DS'S <*kIDHCP! M • u .; i*r> ;ip c mciLt *th. juJ *Haig wmU^ U n w u f NOciuvjH SQL 2303 aul :0)8 I 201) 1 ucM^i1« lyxcai. WiumA 5 V rP.«1 > a1 . MkicxA CRM dul NLliomA SCOM Mu* 1 ‫.»״‬c Pj dc* C• aui Pov»c1 SbcB *.1Iftiikj ■ ladw■( m Ndwuik iifiawaluc l>> .!*» id cl co‫ ״ .״‬c'iocjcb. SQL etc xvl cr MCTS, MCSE ■ o itgpcc ■Com a-Jid 1 pute! Siiaicc u Network ttn n; or <quvdcat« — C0N1AU IMOMMAIMI http://www.monster.com « •AwnW m l < |1 « ‫׳‬o»* n |W afplrahon < A ‫ <(׳‬for < < o »!f n ur > v fp « «**11 *‫" יז*ןז‬Tm n.‫־‬l»V< hi* it ant mit*l 1‫ יי‬Vfcrtoti'rt US. Vfi-touA 4»» F <k « - 1afr 20!0 Mkl I'nrfvM Victim•* Nfirtotoft Sha*‫•׳‬ Point V ‫־‬rn»r« Cnrm f< TUm I«to«* CRM M il Sm rt 2 0 m 12 0 < < 00S Tr«m FoaJatM 'fOt awl 20 . MniwA SCOM. ‫מןיו1ון‬ 10 «‫ יז»ו‬rinflopwl *4m n md 0f»n «1 »‫׳‬f nvk•**‫ «־‬irtrH kv Ihf 1‫־‬o p ‫'׳‬ m ‫׳‬nv http://www.careerbuilder.com « http://www.dice.com http://www.simplyhired.com * ^ © http://www.indeed.com © http://www.usajobs.gov Copyright © by EG-Gtlincil. All Rights Reserved. Reproduction is Strictly Prohibited. Footprinting through Job Sites Attackers can gather valuable information about the operating system, software versions, company's infrastructure details, and database schema of an organization, through footprinting various job sites using different techniques. Depending upon the posted requirements for job openings, attackers may be able to study the hardware, network-related information, and technologies used by the company. Most of the company's websites have a key employees list with their email addresses. This information may prove to be beneficial for an attacker. For example, if a company wants to hire a person for a Network Administration job, it posts the requirements related to that position. Module 02 Page 132 Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil All Rights Reserved. Reproduction is Strictly Prohibited.
  • 43. Ethical Hacking and Countermeasures Footprinting and Reconnaissance Exam 312-50 Certified Ethical Hacker M D 17123M546706 439704 21130 BocaRaton. FL 3 4 7 31 J06 M jfin IT/Sofcare D evolopm ert E facebook Network Administrator. Active Directory CIW*. Euhange Design and vnpiemort Ik Iv k iI ukAooi on N ,gitfgiT.te « g — >_____________ Support fusing V n o s tmtaitucljrf Wdw VM OrtctofY 2 0 . SMS. SUS. C»« 03 SOL Sew. SOL Clusters. Ewhange 55. Eahange 2 0 . vn war*, vertas 03 backip i *wir«. h court and M«n securty. Master Recwery wivkm. RM technologies. and FOrt^AN <s O ** 1 0 Klo ■ Mr __________________ U • 5 or m years espenence *wttig ‫ מ‬IT *nplem ore erAng and sgppodngiglobalbusntss >Pnor nponorxt r supportng a global Wlad l ttftW and M Doma* tofrastoxture ‫ י‬E^m m ik ( ■ npltfnonlng and supposingV M Dwlwy. Cfttr M etalrafne. SOL Server. SOL Cluster. DNS. DHCP. WHS. and Etthange 2 0 man Enterprise ecM 03 ronm ert ‫ י‬VKy strongsystemstowweshoolng sMs ‫ י‬Eipenence mpro fcn 2 - o r supportto a gktoai erterpnse w g 4hu as partofan orvcal rotaton • Edectweinterpersonal sloiswdhfieabrtortobepersuasae • Otttf stalls Bulling Elect*■ Team Acton Onerted Peer * s, RtlaftonsMps, Custom Focus. Pnor% Setng, ProWwi er SoM andBusinessAcum ng, en Bachelor***•* D egreeor equwalerteipenence ‫ י‬MCSE (2003) certtcafton a plus. Cdra Certtcafton a plus 1 FIGURE 2.12: Gathering information through Job websites Usually attackers look for the following information: • Job requirements • Employee's profile • Hardware information • Software information Examples of job websites include: Q http //www. monster.com Q http //www.careerbu ilder.com S http //www.dice.com C D a 4- ‫׳‬ 4- ‫׳‬ -C S http //www.indeed.com Q http //www. usajobs.gov //www.simplvhired.com Module 02 Page 133 Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil All Rights Reserved. Reproduction is Strictly Prohibited.
  • 44. Ethical Hacking and Countermeasures Footprinting and Reconnaissance Exam 312-50 Certified Ethical Hacker M onitoring Target Using Alerts Alerts are the content monitoring services C EH Examples of A lert Services that provide up-to-date information based M onitoring Targets Using Alerts “ Alerts are the content monitoring services that provide automated up-to-date information based on your preference, usually via email or SMS. In order to get alerts, you need to register on the website and you should submit either an email or phone number to the service. Attackers can gather this sensitive information from the alert services and use it for further processing of an attack. I^jl G oogle Alerts Source: http://www.google.com/alerts Google Alerts is a content monitoring service that automatically notifies users when new content from news, web, blogs, video, and/or discussion groups matches a set of search terms selected by the user and stored by the Google Alerts service. Google Alerts aids in monitoring a developing news story and keeping current on a competitor or industry. Module 02 Page 134 Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil All Rights Reserved. Reproduction is Strictly Prohibited.
  • 45. Ethical Hacking and Countermeasures Footprinting and Reconnaissance Google Exam 312-50 Certified Ethical Hacker C o o g i• A le rt • Security New* Alerts Tkta lu ilo n i bkokad HiMyc■. 27 new results • Security News j New» S n eRaa 1 L n DaliBetaA i d l n r i c g ia 1 a a d tfl-tfl j a a a t C i l Search query N#Vf Yoric Time* BEIRUT Lebanon — The hilling on Wednesday of President Bashat al-Assads key security aides ‫ וזי‬a brazen bombog attack close to Mr Assads own residonce. called into question the ability of a government that depends on an insular group of loyalists to Security News S t t «! Result type How often ?ft Trei te a t r Everything San Jose Mercury Mews Turr.s out <Mas 3s easy as using a rug to scale a ra20r *ire topped security fence at a small Utah arport in the rroddie cf night slipping past security bearding an idle empty S0-passeog?r SkyWest Aifhnes and rewng up the engines. He Clashed the ... Once a day ?tpnts m th!? . K S nfltA iantramMiiajm a aost m ti-ta SM utm i How many: Reuters BEIRUT'AMMAN (Reuters) - Mystery surrounded the whereabouts of S y r an President Basha* 31Assad cn Thursday a day after a oomoer killed and wounded his security cnefs anc rebels closed in on the centre of Damascus vowing to *liberate" the capital. Only the best results 5 1 9 ?tp ?‫»ח‬ nts .h? Your email @yahoo com C R EA TE A LER T Manage your alerts > ftista Sira Laamra Inrcr Cirflg W a l Street Journal BEIRUT—Syrian rebels pierced the innermost circle 0 President Bashar a -Assads 1 regime wKh a bomb blast that kiled thiee high-lewl officials and raised questions about the aMity of the courftry's security forces to sustain the embattled government Syna w ii st^«! a—< FIGURE 2.13: Google Alert services screenshot Yahoo! Alerts is available at http://alerts.yahoo.com and Giga Alert is available at http://www.gigaalert.com: these are two more examples of alert services. Module 02 Page 135 Ethical Hacking and Countermeasures Copyright © by EC-COlMCil All Rights Reserved. Reproduction is Strictly Prohibited.
  • 46. Ethical Hacking and Countermeasures Footprinting and Reconnaissance Exam 312-50 Certified Ethical Hacker Footprinting M ethodology Footprinting through Search CEH W H O IS Footprinting Engines Website Footprinting DNS Footprinting Email Footprinting Network Footprinting Competitive Intelligence Footprinting through Social Engineering Footprinting using Google Footprinting through Social Networking Sites Copyright © by EG-G(IIIICil. All Rights Reserved. Reproduction is Strictly Prohibited. Footprinting M ethodology So far, we have discussed the first step of footprinting methodology, i.e., footprinting via search engines. Now we will discuss website footprinting. An organization's website is a first place where you can get sensitive information such as names and contact details of chief persons in the company, upcoming project details, and so on. This section covers the website footprinting concept, mirroring websites, the tools used for mirroring, and monitoring web updates. Module 02 Page 136 Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil All Rights Reserved. Reproduction is Strictly Prohibited.
  • 47. Ethical Hacking and Countermeasures Footprinting and Reconnaissance Exam 312-50 Certified Ethical Hacker W e b site F o o tp rin tin g C EH Information obtained from target's website enables an attacker to build a detailed m ap of w ebsite's structure and architecture Browsing the target website may provide: - Software used and its version t Operating system used t: Sub-directories and parameters t Filename, path, database field name, or query - Scripting platform Contact details and CMS details Use Zaproxy, Burp Suite, Firebug, etc. to view headers that provide: w Connection status and content-type ~ Accept-Ranges - Last-Modified information t; X-Powered-By information Web server in use and its version W ebsite Footprinting It is possible for an attacker to build a detailed map of a website's structure and architecture without IDS being triggered or without raising any sys admin suspicions. It can be accomplished either with the help of sophisticated footprinting tools or just with the basic tools that come along with the operating system, such as telnet and a browser. Using the Netcraft tool you can gather website information such as IP address, registered name and address of the domain owner, domain name, host of the site, OS details, etc. But this tool may not give all these details for every site. In such cases, you should browse the target website. Browsing the target website will provide you with the following information: Q Software used and its version: You can find not only the software in use but also the version easily on the off-the-shelf software-based website. Q Operating system used: Usually the operating system can also be determined. 9 Sub-directories and parameters: You can reveal the sub-directories and parameters by making a note of all the URLs while browsing the target website. Module 02 Page 137 Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil All Rights Reserved. Reproduction is Strictly Prohibited.
  • 48. Ethical Hacking and Countermeasures Footprinting and Reconnaissance Exam 312-50 Certified Ethical Hacker Filename, path, database field name, or query: You should analyze anything after a query that looks like a filename, path, database field name, or query carefully to check whether it offers opportunities for SQL injection. -‫ י‬Scripting platform: With the help of the script filename extensions such as .php, .asp, .jsp, etc. you can easily determine the scripting platform that the target website is using. S Contact details and CMS details: The contact pages usually offer details such as names, phone numbers, email addresses, and locations of admin or support people. You can use these details to perform a social engineering attack. CMS software allows URL rewriting in order to disguise the script filename extensions. In this case, you need to put little more effort to determine the scripting platform. Use Paros Proxy, Burp Suite, Firebug, etc. to view headers that provide: Q Connection status and content-type Q Accept-ranges © Last-Modified information Q X-Powered-By information © W eb server in use and its version Source: http://portswigger.net The following is a screenshot of Burp Suite showing headers of packets in the information pane: FIGURE 2.14: Burp Suite showing headers of packets in the information pane Module 02 Page 138 Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil All Rights Reserved. Reproduction is Strictly Prohibited.
  • 49. Ethical Hacking and Countermeasures Footprinting and Reconnaissance Exam 312-50 Certified Ethical Hacker W e b site F o o tp rin tin g (Cont’d) Examining H TM L source provides: CEH Urt1fw4 ilh iu l lUtbM Examining cookies may provide: © Comments in the source code 6 Software in use and its behavior 9 Contact details of web developer or admin © Scripting platforms used © File system structure 9 Script type Copyright © by EG-G(IIIICil. All Rights Reserved. Reproduction is Strictly Prohibited. W ebsite Footprinting (Cont’d) Examine the HTML source code. Follow the comments that are either created by the CMS system or inserted manually. These comments may provide clues to help you understand what's running in the background. This may even provide contact details of the web admin or developer. Observe all the links and image tags, in order to map the file system structure. This allows you to reveal the existence of hidden directories and files. Enter fake data to determine how the script works. Module 02 Page 139 Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil All Rights Reserved. Reproduction is Strictly Prohibited.
  • 50. Ethical Hacking and Countermeasures Footprinting and Reconnaissance Exam 312-50 Certified Ethical Hacker T V ew « j u 1< e w w w jn 1<rc•. 1 C ft T H ‫ץ‬ ft © view sour‫ , ״‬www.microsoft.com en-us/defaultaspx A 2 < OT P h i PU 1 'D CYC riw BLIC • // 3 / D DX T L 1 Trtnsicififltl//CNa — WC/ T HM *0 s <html dir‫"־‬ltr" lang“‫״‬en• xml:lar.g“*er.■ xmlns“‫״‬http://www.w3.org/1999/xhtml• xmlns :b1 ~'urn:schemas-m1 crosoft-com:mscom:b1 *> « <headxt 1 tle> Microsoft Corporation: Software, Smartphones, Online, Saxes, Cloud Computing, IT Business Technology, Downloads 0 </tltlexmeta http-equiv'X-UA-Cospatlble■ content•“IE-10* /xmeta httpequ1 v”"C0 ntent-Type” content~*text/html: charset“utf-8" /xmeta httpeq1 ‫״‬v*"X-UA-IE9-TextLaycutMetries* content”"snap-vert1 cal* /> ‫ ־‬o e n p t type‫"״‬text^avascr 1 pt*> var QosInitTime ■ <new Date()) •getTime ( ; ) 9 var QosLoadTim* • •‫;י‬ var QosPageUn • encodeURI (window, location); var QosBaseSrc • window.location.protocol ♦ ‫//י‬e.micro‫צ‬oft.com/tran^_plxel.a3px?route*64DE^ctrl-9C5A4tz•‫(( + י‬new Date()) .getTimezoneOffset ( / 60) ♦ •tcot-Stqos.un■• ♦ QosPagetJri; ) document.write("clink rel”"3tylesheet■ type“*text/css• href•"' ♦ QosSuildUrl(•lnit‘) ♦ •"/>'); function QosBuildUn (n) ( 1 4 var time » (new Date ()).getTuse ( ; ) var cd - window.cookieDisabled; if (typeof cd “ *undefined*) cd • 1; // Default to 1 (cookies disabled) if the wedcs script has not set it yet return QosBaseSrc ♦ *ted•' • cd ♦ •tqos.ti■' ♦ QosInitTme ♦ •4ts■' ♦ time + ,*qos.tl“ • ♦ QosLoadTlme ♦ •iqos.n•1 ♦ n; t» } l I v FIGURE 2.15: Screenshot showing Microsoft script works Examine cookies set by the server to determine the software running and its behavior. You can also identify the script in platforms by observing sessions and other supporting cookies. Cook* * ar*d site data Sit• X Remove $0 Locally stored data 0d«yM<u11(y.«Kn 100bcttbuy.com SeercH toofc*et A J (oobn 2 coobes N«mc Content. _utmx 1928742&2.1342446822.1.1 utmcv a lOOmoney -*jtmccn‫־‬ (r«ferr*l)futmcmd=refen*l|utmcct‫' ־‬lendmg/moneyde•!• >««■ »*> Dom#«n .100bettbuy.com P*h / Send for Aity krnd of connection Accrv.4>teto script Yet Created Mondey. Ju»y 1 12012 &S3^1 AM 6 Expires: Mondey. Jjnu.ry U. 2013 *5341 PM y Remove www.tOObestbuy.com 1cookie www.100nests.com 1cootoe 125rf.com }co«bet www.l23d.com 2 cootaes. local storage v OK FIGURE 2.16: Showing details about the software running in a system by examining cookies Module 02 Page 140 Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil All Rights Reserved. Reproduction is Strictly Prohibited.
  • 51. Ethical Hacking and Countermeasures Footprinting and Reconnaissance Exam 312-50 Certified Ethical Hacker M ir r o r in g E n tire W e b site J Mirroring an entire website onto the local system enables an attacker to dissect and identify vulnerabilities; it also assists in finding directory structure and other valuable information J C EH W eb mirroring tools allow you to download a website to a local directory, building recursively without multiple requests to web server all directories, HTML, images, flash, videos, and other files from the server to your computer Original Website M irrored Website Copyright © by EG-G(IIIICil. All Rights Reserved. Reproduction is Strictly Prohibited. 1 ‫־‬ ‫ך‬ M irroring an Entire W ebsite Website mirroring is the process of creating an exact replica of the original website. This can be done with the help of web mirroring tools. These tools allow you to download a website to a local directory, recursively building all directories, HTML, images, flash, videos and other files from the server to your computer. Website mirroring has the following benefits: Q It is helpful for offline site browsing. Website mirroring helps in creating a backup site for the original one. Q A website clone can be created. Q Website mirroring is useful to test the site at the time of website design and development. Q It is possible to distribute to multiple servers instead of using only one server. Module 02 Page 141 Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil All Rights Reserved. Reproduction is Strictly Prohibited.
  • 52. Ethical Hacking and Countermeasures Footprinting and Reconnaissance Exam 312-50 Certified Ethical Hacker Original Website Mirrored Website FIGURE 2.17: JuggyBoy's Original and Mirrored website Module 02 Page 142 Ethical Hacking and Countermeasures Copyright © by EC-C0l1nCil All Rights Reserved. Reproduction is Strictly Prohibited.
  • 53. Ethical Hacking and Countermeasures Footprinting and Reconnaissance Exam 312-50 Certified Ethical Hacker W e b site M ir r o r in g T ools CEH W ebsite M irroring Tools © HTTrack Web Site Copier Source: http://www.httrack.com HTTrack is an offline browser utility. It allows you to download a World W ide W eb site from the Internet to a local directory, building recursively all directories, getting HTML, images, and other files from the server to your computer. HTTrack arranges the original site's relative linkstructure. Open a page of the "mirrored" website in your browser, browse the site from link to link, and you can view the site as if you were online. HTTrack can also update an existing mirrored site, and resume interrupted downloads. Module 02 Page 143 Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil All Rights Reserved. Reproduction is Strictly Prohibited.
  • 54. Ethical Hacking and Countermeasures Footprinting and Reconnaissance Exam 312-50 Certified Ethical Hacker ‫יפד‬ Site mirroring in progress (2/2.10165 bytes) - [FR.wt1 tt] File Preference* Mirrcx Log Window Help S jy lo< «^ »M i si. N 8 i. p I ) Bi ■ W etion orm BvletMvwj T • im Tmnrfer rat• Act** comeacr* 992*6 21 2 lr*u •canred FiMwKUn 2 6*0n o/ (59/) e>e& » 2/2 ‫ו‬ 0 0 W Actons *W ircom ffltw " cont4»w«con <© FIGURE 2.18: HTTrack Web Site Copier Screenshot SurfOffline Source: http://www.surfoffline.com SurfOffline is a website download software. The software allows you to download entire websites and download web pages to your local hard drive. After downloading the target website, you can use SurfOffline as an offline browser and view downloaded web pages in it. If you prefer to view downloaded webpages in another browser, you can use the Export Wizard. SurfOffline's Export Wizard also allows you to copy downloaded websites to other computers in order to view them later and prepares websites for burning them to a CD or DVD. J SurfOffline Professional 2.1 Unregistered trial version. You have 30 day(s) left F.4e View Projects i L 8rowver I ** 1° 1 x HHp £ Zi O H>O ^ O Q j j ) i $ O Promts <5 New Project J u g g y b o y Q u e stio n the Rules + 1m 1 http:.‫/'׳‬w : ww.j1» g t> g y ... 2: http7/www^u9gyb— J: http--//w w w .;1>ggyb... * http,// w w/uggyb. w S http://www.;u9g> : -b... Pfoywi *»*m ■ __________ > g. 0 Set 0 0 0 0 0 10*6*4 1 1 + Loaded byt« 0 0 0 0 0 Queued S1 Sutus Connoting Connoting Connecting Connecting Connecting vJ (1 < (*) rem tem **1rK D nloading picture http‫//־‬ww j) ow . 1 FIGURE 2.19: SurfOffline screenshot BlackW idow Source: http://softbvtelabs.com Module 02 Page 144 Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil All Rights Reserved. Reproduction is Strictly Prohibited.
  • 55. Ethical Hacking and Countermeasures Footprinting and Reconnaissance Exam 312-50 Certified Ethical Hacker BlackWidow is a website scanner for both experts and beginners. It scans websites (it's a site ripper). It can download an entire website or part of a website. It will build a site structure first, and then downloads. It allows you to choose what to download from the website. Module 02 Page 145 Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil All Rights Reserved. Reproduction is Strictly Prohibited.
  • 56. Ethical Hacking and Countermeasures Footprinting and Reconnaissance 1 X l« W M » Exam 312-50 Certified Ethical Hacker MaowACotporjBon Scftmn. V iw lcto n n O rtnr G m v Claud Co‫ ״‬cw tn j It ^ » — [()»■ 0|V»» ■ 'fj l« « t n g liw 1 a• m Q » »> t«trw «og> Omot o H^ ‫״‬ ‫י‬ 2J***'‫ ״‬S ’ * *■ U h jh Welcome to Microsoft *o*ucta 0 0 » « e *d 1 S*o^» Support •wy FIGURE 2.20: SurfOffline screenshot W ebripper Source: http://www.calluna-software.com WebRipper is an Internet scanner and downloader. It downloads massive amount of images, videos, audio, and executable documents from any website. WebRipper uses spider-technology to follow the links in all directions from the start-address. It filters out the interesting files, and adds them to the download-queue for downloading. You can restrict downloaded items by file type, minimum file, maximum file, and image size. All the downloaded links can also be restricted by keywords to avoid wasting your bandwidth. W R»ppef 03 -Copyright (0 200S-2009 -Stm rt> sonSoft Ne M > T00H *dp 0 SamsonSoft □ H■!►Ixl ^|%| ® Fxsy3 m < M fiwemgW•• SucceeAiMee fM ta Seemedpage• F<*rdpagee Sotte.n Selected!* ^ Tarqolod [www !uqqyboy com)634782117892930200 Oowteed* | Sodtn | St«je Reojetfngheader ReojeCng header Regjecng healer Reaietfrg header Re«je*rg header | Log ‫ז מג צי‬ “Cp W • ccrr, *petixTctr p ng ■ p 1 p jyo y cot n. conrw.‫ מ י מ י‬f C ‫״‬wti ^ p WwfjgyK-y comvjxwwonShewe* e. C tip /»w« pgsftcy car. ltd KJp/A‫״‬ww,jgg»boy ccm Hee. arter>c*rtag» WebRipper The u ltim ate tool for wehsite ripping 001M8M4 0 12KES FIGURE 2.21: Webripper screenshot Module 02 Page 146 Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil All Rights Reserved. Reproduction is Strictly Prohibited.
  • 57. Ethical Hacking and Countermeasures Footprinting and Reconnaissance Exam 312-50 Certified Ethical Hacker W e b site M ir r o r in g T ools (Cont’d) o Website Ripper Copier PageNest ‫ן‬ h ttp ://w w w . tensons.com (EH Urt.fi•* | ttk.ul MmIm h ttp ://w w w .p a g e n e st. com Teleport Pro Backstreet Browser h ttp ://w w w . tenmax.com h ttp ://w w w . spadixbd. com Portable Offline Browser _ ,_ Offline Explorer Enterprise h ttp ://w w w .metaproducts.com http://w w w .m etaproducts.com Proxy Offline Browser GNU Wget h ttp ://w w w .proxy-offline-brow ser.com h ttp ://w w w .g n u .o rg iMiser « Hooeey Webprint I 2 ‫־‬A Z J http://internetresearchtool.com h ttp://w w w .hooeeyw ebprint.com Copyright © by EG-G*ancil. All Rights Reserved. Reproduction is Strictly Prohibited. W ebsite M irroring Tools (Cont’d) In addition to the website mirroring tools mentioned previously, a few more wellknown tools are mentioned as follows: 9 Webiste Ripper Copier available at http://www.tensons.com £ Teleport Pro available at http://www.tenmax.com © Portable Offline Browser available at http://www.metaproducts.com Q Proxy Offline Browser available at http://www.proxy-offline-browser.com Q iMiser available at http://internetresearchtool.com © PageNest available at http://www.pagenest.com 0 Backstreet Browser available at http://www.spadixbd.com © Offline Explorer Enterprise available at http://www.metaproducts.com 9 GNU Wget available at http://www.gnu.org Hooeey Webprint available at http://www.hooeeywebprint.com Module 02 Page 147 Ethical Hacking and Countermeasures Copyright © by EC-COUIICil All Rights Reserved. Reproduction is Strictly Prohibited.
  • 58. Ethical Hacking and Countermeasures Footprinting and Reconnaissance Exam 312-50 Certified Ethical Hacker Copyright © by EG-G(IIIICil. All Rights Reserved. Reproduction is Strictly Prohibited. Extract W ebsite Inform ation from ------- http:7/w w w . arch ive. org E I Archive is an Internet Archive W ayback Machine that allows you to visit archived versions of websites. This allows you to gather information on a company's web pages since their creation. As the website www.archive.org keeps track of web pages from the time of their inception, you can retrieve even information that has been removed from the target website. Module 02 Page 148 Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil All Rights Reserved. Reproduction is Strictly Prohibited.
  • 59. Ethical Hacking and Countermeasures Footprinting and Reconnaissance »‫־־‬ C n i' ' Exam 312-50 Certified Ethical Hacker '.) wayback.arch1vc.org ~ ‫ ~כ‬ ii ‫ : ־‬rosottcon ‫! י י‬http://microsoft.com ■ J!" * Go Waytoackl 1 ».h 3 9 10 11 16 17 18 7 8 9 1• 12 13 14 15 13 14 15 16 17 131415‫81 715 ־‬ 10 11 12 13 14 15 1 6 19 JO < 1 2 22 20 2 22 1 23 24 20 212223 24 25 17 18 19 20 21 22 23 28 29 27 28 2758293• 24 23 26 27‘ 28 29 30 23 24 25 26 ‫7׳‬ ft 7 t 9 10 11 12 30 3 1 MAY 1 2 3 • 9 10 111 4 5 6 7 12 13 14 5 7 8 < 1 0 11 12 13 14 15 16 17 18 10 19 20 21 ?2 2) )4 25 17 26 27 28 29 3« 24 15 16 17 18 19 20 2 1 22 23 24 26 26 27 28 29 30 31 ft 1 11 01 2 11 12 13 U 15 16 14 15 16 171919 1• 1® 20 21 22 23 31 22 23 24252» 75 26 27 2 29 30 • 28 29 30 31 FIGURE 2.22: Internet Archive Wayback Machine screenshot Module 02 Page 149 Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil All Rights Reserved. Reproduction is Strictly Prohibited.
  • 60. Ethical Hacking and Countermeasures Footprinting and Reconnaissance Exam 312-50 Certified Ethical Hacker Monitoring Web Updates Using Website Watcher Website Watcher automatically checks web pages for updates and changes WebSite-Watcher 2012 < 2 > 1 _2 [ 1* 1 goot/narks £h«ck Took Jcnpt Qptions Jftew tJelp a| .cockmartcwsw. 28 days available Byy Now ‫ ם‬j 4|[b1 rs ^ change http:Vww1 t.hotm A ail.com http://www.miuoicftcom 2 1 - 7 1 1&2&22 020- 8 http-7/w a^ne com'dowmloa— 2 0 - 0 0 1fclS27 ww 0®1- 7 http:/ ‫«'׳‬wrw.a1gne1.com'fo»v»n'1- 2 C - 0 C 1 7 4 s 1 0 S 1 - 7 5 4 :4 SignIn fAcrosoft Corporation: Software ... WebS4e-Watcher -Download WebSrte-Watcher -SupportForum Statu* Warning:whole content _ CK. mibafccrilRecSrect.on CK CK. pfcp6B2 Plugin proc... WebSite- Watche Hchpp r p jju w Scfp^rwhot*; VWo< e. EowpIo.kI■ , Last check 1 :1 34 2 1 - 7 1 16:2*33 020- 8 2 0 - 0 0 15:4*30 081- 7 2 0 - 0 0 1 :4 :4 081- 7 5 4 9 S l a y In Buy Now Siionort D o w n lo a d W rb S ite - W a lc tw r W ebSite Wrtt< h e r 4 .4? ID o w lo ai | (4.3 MS) 2 -hit• 0 ‫•ג‬ 1 0 Im w c l (O MB) » * ^ * 4 2 0 ^ 0X A f^« r» T / 0 0 0 y P ‫•«׳‬ V»fc1an H.rfcyy If yo*J insta■•«*‫»*׳‬or. 40 ‫״‬ot u anata■ your •justing copy oI WebS«*-W*tch«r - just install 0 n Page T«t Analysw http://aignes.com Copyright © by EG-Gllincil. All Rights Reserved. Reproduction is Strictly Prohibited. M onitoring Web Updates Using W ebsite W atcher Source: http://www.aignes.com Website W atcher is used to keep track of websites for updates and automatic changes. When an update or change occurs, Website W atcher automatically detects and saves the last two versions onto your disk, and highlights changes in the text. It is a useful tool for monitoring sites to gain competitive advantage. Benefits: Frequent manual checking of updates is not required. Website W atcher can automatically detect and notify users of updates: Q It allows you to know what your competitors are doing by scanning your competitors‫׳‬ websites © The site can keep track of new software versions or driver updates © It stores images of the modified websites to a disk Module 02 Page 150 Ethical Hacking and Countermeasures Copyright © by EC-C0l1nCil All Rights Reserved. Reproduction is Strictly Prohibited.
  • 61. Ethical Hacking and Countermeasures Footprinting and Reconnaissance Exam 312-50 Certified Ethical Hacker FIGURE 2.23: Website watcher monitoring web updates Module 02 Page 151 Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil All Rights Reserved. Reproduction is Strictly Prohibited.
  • 62. Ethical Hacking and Countermeasures Footprinting and Reconnaissance Exam 312-50 Certified Ethical Hacker Footprinting M ethodology Footprinting through Search CEH W H O IS Footprinting Engines Website Footprinting DNS Footprinting Email Footprinting Network Footprinting Competitive Intelligence Footprinting through Social Engineering Footprinting using Google Footprinting through Social Networking Sites Copyright © by EG-G(IIIICil. All Rights Reserved. Reproduction is Strictly Prohibited. Footprinting M ethodology So far we have discussed Footprinting through search engines and website footprinting, the two initial phases of footprinting methodology. Now we will discuss email footprinting. W H O IS Footprinting DNS Footprinting Network Footprinting Footprinting through Social Engineering Footprinting through Social Networking Sites This section describes how to track email communications, how to collect information from email headers, and email tracking tools. Module 02 Page 152 Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil All Rights Reserved. Reproduction is Strictly Prohibited.
  • 63. Ethical Hacking and Countermeasures Footprinting and Reconnaissance Exam 312-50 Certified Ethical Hacker Tracking Email Communications c El (•ttifwtf 1 lt»K4l N hat m J Attacker tracks email to gather information about the physical location of an individual to perform social engineering that in turn may help in m apping target organization's n etw o rk J Email tracking is a m ethod to m onitor and spy on th e delivered em ails to the intended recipient When the email was received and read Set messages to GPS location and expire after a specified time map of the recipient Track PDF and other types Time spent on reading of attachments the emails Whether or not the recipient it visited any links sent to them Copyright © by EG-G(IIIICil. All Rights Reserved. Reproduction is Strictly Prohibited. Tracking Em ail C om m unications Email tracking is a method that helps you to monitor as well as to track the emails of a particular user. This kind of tracking is possible through digitally time stamped records to reveal the time and date a particular email was received or opened by the target. A lot of email tracking tools are readily available in the market, using which you can collect information such as IP addresses, mail servers, and service provider from which the mail was sent. Attackers can use this information to build the hacking strategy. Examples of email tracking tools include: eMailTrackerPro and Paraben E-mail Examiner. By using email tracking tools you can gather the following information about the victim: Geolocation: Estimates and displays the location of the recipient on the map and may even calculate distance from your location. ‫-׳‬ Read duration: The duration of time spent by the recipient on reading the mail sent by the sender. ‫׳‬Q Proxy detection: Provides information about the type of server used by the recipient. Links: Allows you to check whether the links sent to the recipient through email have been checked or not. Module 02 Page 153 Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil All Rights Reserved. Reproduction is Strictly Prohibited.
  • 64. Ethical Hacking and Countermeasures Footprinting and Reconnaissance Exam 312-50 Certified Ethical Hacker ' ' Operating system: This reveals information about the type of operating system used by the recipient. The attacker can use this information to launch an attack by finding loopholes in that particular operating system. Q Forward email: W hether or not the email sent to you is forwarded to another person can be determined easily by using this tool. Module 02 Page 154 Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil All Rights Reserved. Reproduction is Strictly Prohibited.
  • 65. Ethical Hacking and Countermeasures Footprinting and Reconnaissance Exam 312-50 Certified Ethical Hacker C ollecting Inform ation from Em ail Header CEH Delivored-To: _ 0gmc1il.com The address from which Received: by 10.112.39.167 with SMTP id q7cj the message was sent Fri, 1 Jun 2012 21:24:01 - O T O O i f ^ Return-Path: < ‫- - •״‬erma@gmail.com> * Received-SPF: pass (google.com: domain of ‫ ־‬esignates 10.224.205.137 as permitted d sender) client‫־‬ip=10.224.205.1 377 Sender's mail server Authentication-Results:| m ^ g o o g ^ ^ ^ o m ^ l rrw 10.224.205.137 as p e r m i ^ ? ? ^ SmtpTml^H fcm; dkim=pass header.i«;_ • «*. * rma@gmail.com » -. Received: frommr.google.com ([10.224.205.137]) Date and time received !hY wir.h SMTP I i fr»^..n^8570qab.39.131 r by the originator's IFri, 01 Jun 2Q12 21;24:QQ -0700 (PDT)I — email servers d=gma11.com; 3=20120113; h-mime-version:in-reply-to: Authentication system ect:from:to :content-type; used by sender's bh=TGEIPb4ti7gfQG+ghh70kPj kx+Tt/iAClfl mail server b‫־‬KyuZLTLfg2-»-QZX;cZKexlNnvRcnD/ + P4+Nkl ! ‫57־‬MxDR8 2P t ‫־‬ bl PK3p J3Uf/CsaB7.Wr>TTOXI‫״‬ aKOAGrP3BOt 92MCZFxeUUQ9uwL/xHAI‫״‬ SnkoUTF.F.*»KGqOC 0a9hD59D30Xl8KAC7ZmkblGzXmV4DlWf fCL894RaMBOU1*MzRwOWWIib95al I38cqt If P ZhrWFKh5xSnZXsE73xZPEYzp7yeeCeQuYHZNGslKxc07xQjeZuw+HWK/vR6xChDJapZ4 K5ZAfYZmkIkFX+VdLZqu7YGFzy60HcuP16y3/C2fXHVd3uY<‫״‬nMT/yecvhCV080y7FKt6 /Kzw-■ MIME-Veraion: 1.0 Received; by 10.224.205.137 with SMTP id fq9; 1040318; Fri, 01 Jun 2012 21:24:00 -0700 (PDT) Received: by 10.229.230.79 with HTTP; Fri In-Reply-To: <CAOYWATTlzdDXE308D2rhiE4Ber l.com> Referaaa • ( f anYM »f aranrai ftTT1rrinytr Infi n? rh i Fdf ■ j A unique number assigned b m .google.com to itify theme: Date nO’ -EMJcgfgX+mUf jB tt2sy2dXA0mail.gmail .com> ‫ ן‬o;LUTIONS ::: 1 ■erma6gmail.com> ‫ץ‬ ubj ‫— —ן‬ I.com. ‫)־‬LUTIONS < Sender's full name r0yahoo.com> Copyright © by EG-G(IIIICil. All Rights Reserved. Reproduction is Strictly Prohibited. C ollecting Inform ation from Em ail Headers An email header is the information that travels with every email. It contains the details of the sender, routing information, date, subject, and recipient. The process of viewing the email header varies with different mail programs. Commonly used email programs: © SmarterMail Webmail © Outlook Express 4-6 e Outlook 2000-2003 e Outlook 2007 © Eudora 4.3/5.0 © Entourage © Netscape Messenger 4.7 © MacMail The following is a screenshot of a sample email header. Module 02 Page 155 Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil All Rights Reserved. Reproduction is Strictly Prohibited.
  • 66. Ethical Hacking and Countermeasures Footprinting and Reconnaissance Exam 312-50 Certified Ethical Hacker Delivered-To: 8 . » » ■ » ! « gmail.com - - » « »‫׳‬ Received: by 10.112. 39". 167 with SMTP id q7csp4894121bk; Fri, 1 Jun 2012 21:24:01 -0700 (PDT) Return-Path: < »•-— -erma@gmail.com> Received-SPF: pass (google.com: domain of ■ 1enna0gmail.com designates 10.224.205.137 as permitted sender) client-ip=10.2 2 Authentication-Results:pnr7googl^^om»J 3pf-pa33 (google.com: domain of erma8gmail.com designates 10.224.205.137 as permitted senaerj smtp.mail3 - ‫׳־‬ ‫־‬rmaggmail.com; dkim=pass header. i=; ?rma8gmail.com Received: f r o m m r . g o o g l e . c o m ([10.224.205.137]) hv in.??<!■?05-137 win, s m t p in ^ , 0 ^ < ; 7 8 » ; 7 0 ^ - ‫ ( ר ) 4ו)וו*«ררו.<>ר‬n u m h o p s = 1); 177 | F n , 01 Jun 2012 21:24:00 -0700 (PDT)! DKIM-Signature: v=l/l^^rsa-sha^^o/J c=relaxed/relaxed; d=gma i 1. com; ? 01 2011 h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type; bh=TGEIPb4ti7gfQG+ghh70kPjkx4Tt/iAClPPyWmNgYHc=; b‫־‬KguZLTLfg2+QZXzZKexlNnvRcnD/+P4+Nk5NKSPtG7uHXDsfv/hGH46e2P+75MxDR8 blPK3eJ3Uf/CsaBZWDITOXLaKOAGrP3BOt92MCZFxeUUQ9uwL/xHALSnkeUIEEeKGqOC oa9hD59D3oXI8KAC7ZmkblGzXmV4DlWffCL894RaMB0UoMzRw0WWIib95alI38cqtlfP ZhrWFKh5xSnZXsE73xZPEYzp7yecCeQuYHZNGslKxc07xQjeZuw+HWK/vR6xChDJapZ4 K5 ZAf YZmkI kFX 4‫־‬ VdLZqu 7 YGFzy 60 HcuPl6yS/C2 fXHVdsuYamMT/yecvhCVo80g7FKt 6 /KzwMIME-Version: 1.0 Received: by 10.224.205.137 with SMTP id fq9mr6704586qab.39.1338611040318; Fri, 01 Jun 2012 21:24:00 -0700 (PDT) Received: by 10.229.230.79 with HTTP; Fri, 1 Jun 2012 21:23:59 -0700 (PDT) In-Reply-To: <CAOYWATTlzdDXE3o8D2rhiE4Ber2MtV0uhro6r47Mu7c8ubp8Eg@mail.gmail•com> Referoflfiga^^£^2iiJ^2Xlidfi2£ia2fiiiJi^4^er2MtVOuhro6r+7Mu7c8ubp8Eg0mail.g m a i l .com> Date:|Sat, 7 Jun 201? 09:53:59 40530 1 Message-it: <(!:AMivoX'fl !1cf£1‫־‬ n£'w!iW<i5zihNnO-EMJcgfgX+mUfjB_tt2sy2dXA0mail.g m a i l .com> S u b j e j ^ ^ i i ‫ _ _ _ ״‬j i * , _ 0 L U T I 0 N S ::: From:| ■■ ~ Mirza|< ‫- • -״‬ermapgmail.com> To: iftsamaii.com, • 1LUTI0NS < • -* - - ‫־‬ • •tions8gmail.com>, — .. . ■ ■ e 1 <tm ‫־‬ ‫׳‬ ■aAk_er8yahoo.com>, FIGURE 2.24: Email header screenshot This email header contains the following information: e e e e e e e e Sender's mail server Data and time received by the originator's email servers Authentication system used by sender's mail server Data and time of message sent A unique number assigned by mr.google.com to identify the message Sender's full name Senders IP address The address from which the message was sent The attacker can trace and collect all of this information by performing a detailed analysis of the complete email header. Module 02 Page 156 Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil All Rights Reserved. Reproduction is Strictly Prohibited.
  • 67. Ethical Hacking and Countermeasures Footprinting and Reconnaissance Exam 312-50 Certified Ethical Hacker E m a il T r a c k in g T ools C EH Em ail Lookup - Free Em ail Tracker Trace Email - Track Email Email Header Analysis IP Address: 72.52.192 147 (ho8t.marhsttanrrediagro1 jp.con) IP Address Country: Unred States ip con tinen t north America IP Address City Location: Lansing IP Address Region: Michigan IP Address Latitude: *2.7257. IP Address longtitude: -84.636 Organ i rat on: So jrcoDNS tmaii Lookup wap (sno w n ide) Map Satellite Bath Charter Township Email M e tric s O ard !5MH • (105* » UO t 1«M> ‫-־‬ w W,* ‫י‬ ( f t Lansing E 03t Lansing / I‫־‬ !!!!!!!! 1 j!.!!! 1 ! 1 1 1 m 1! Po liteM ail ( h tt p :/ / w w w .p o lite m a il.c o m ) IVac dfcta 82012 Gooole - Terms of Use Report a map e Em ail Lookup - Free Em ail Tracker (http://www.ipaddresslocation.org) Copyright © by EG-G(IIIICil. All Rights Reserved. Reproduction is Strictly Prohibited. Em ail Tracking Tools Email tracking tools allow you to track an email and extract information such as sender identity, mail server, sender's IP address, etc. You can use the extracted information to attack the target organization's systems by sending malicious emails. Numerous email tracking tools are readily available in the market. The following are a few commonly used email tracking tools: eM ailTrackerPro Source: http://www.emailtrackerpro.com eMailTrackerPro is an email tracking tool that analyzes email headers and reveals information such as sender's geographical location, IP address, etc. It allows you to review the traces later by saving all past traces. Module 02 Page 157 Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil All Rights Reserved. Reproduction is Strictly Prohibited.
  • 68. Ethical Hacking and Countermeasures Footprinting and Reconnaissance Exam 312-50 Certified Ethical Hacker «M*fTrKtfT*o v9Qh Advanced {(Woiv Trul a»y 3 of M • n*r» s M K mt*•( TT» n v n o ‫»ז‬vv*• t* * a ( n * y•* (t p ^ d tftf) ono • ntrtiiwHTmMn*( 18( 82 14 17 1«2 ‫»עב‬ 2 *‫ג‬ 18087 385 80231 217 17 80231217 2 80 231 2006 80 231 91 X 80 231 1382 1 ? ‫ י. ג נ »י. ז‬STATIC ‫ד‬ w l M(Ot01 1‫.* ׳ ׳‬ !• <0 o ‫ ו‬W - jm i MUU M M A 0 !c r• .V W H t jrrfe* Mt level WTM to n i i mMS3 ‫»*״‬ *2 2 IC ‫ ; •״‬W IN ItoM * * M 3 mi C *$-2tC« 1 « I9MW| O thrt tvKM• (tkt A port nctoM<A ■ T*#f• n no m wnw nm ■! ontMt (t»» port « (frt*e*l I W 4 SH■• <♦21 « 2 V *>»«»mM O w c * S » !* ■ » <:2k m ) • & »‫ «״‬h m m »‫* ׳‬h *• • v Ooitiim * Tu•t a day J c fa tt * y in * . lo if ^ tM n o ia i U i ia it c r p t f d iM a e r 'KMMU •w * out of <M«. 10| « ttnuiw* drtabM OOJau FIGURE 2.25: eMailTrackerPro showing geographical location of sender PoliteM ail Source: http://www.politemail.com PoliteMail is an email tracking tool for Outlook. It tracks and provides complete details about who opened your mail and which document has been opened, as well as which links are being clicked and read. It offers mail merging, split testing, and full list management including segmenting. You can compose an email containing malicious links and send it to the employees of the target organization and keep track of your email. If the employee clicks on the link, he or she is infected and you will be notified. Thus, you can gain control over the system with the help of this tool. FIGURE 2.26: Politemail screenshot NIC Em ail Lookup - Free Em ail Tracker W W W Source: http://www.ipaddresslocation.org Module 02 Page 158 Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil All Rights Reserved. Reproduction is Strictly Prohibited.
  • 69. Ethical Hacking and Countermeasures Footprinting and Reconnaissance Exam 312-50 Certified Ethical Hacker Email Lookup is an email tracking tool that determines the IP address of the sender by analyzing the email header. You can copy and paste the email header into this email tracking tool and start tracing email. Module 02 Page 159 Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil All Rights Reserved. Reproduction is Strictly Prohibited.
  • 70. Ethical Hacking and Countermeasures Footprinting and Reconnaissance Exam 312-50 Certified Ethical Hacker Email Lookup - Free Email Tracker Trace Email • Track Email Em ail H e a d e r A n a ly s is IP A d d ress: 72.52.192.147 (host manhattanmed1 agroup.com) IP A d d ress Country: United States f e i IP Continent: North America IP A d d ress City Location: Lansng IP A d d ress Region: Michigan IP A d d ress Latitude: 42 7257, IP A d d ress Longtitude: -84 636 Organization: SourceDNS Email Lookup Map (show/hide) FIGURE 2.27: Email Lookup Screenshot Module 02 Page 160 Ethical Hacking and Countermeasures Copyright © by EC-C0UnCil All Rights Reserved. Reproduction is Strictly Prohibited.