CEH Lab Manual - Footprinting Targets with Ping

CEH Lab Manual

Footprinting a n d
R e c o n n a i s s a n c e
M o d u l e 02

Module 0 2 - Footprinting and R e co n n a issa n ce

Footprinting a Target Network
F o o tp rin tin g re fe rs to u n co verin g a n d co lle ctin g a s m uch in fo rm a tio n a s p o ssib le
reg ard in g a ta rg e t n etn o rk

L a b S c e n a r io
Valuable
m
fonnation____

Penetration testing is much more than just running exploits against vulnerable

Test your
know
ledge

begins before penetration testers have even made contact w ith the vic tim ’s

sA

Web ex
ercise

them returns a shell, a penetration tester meticulously studies the environm ent

m

Workbook review

tester runs an exploit, he or she is nearly certain that it w ill be successful. Since

systems like we learned about

111

the previous module.

111

fact, a penetration test

systems. Rather than blindly throwing out exploits and praying that one o f
for potential weaknesses and their mitigating factors. By the time a penetration
failed exploits can

111

some cases cause a crash or even damage to a victim

system, or at the very least make the victim un-exploitable

111

the fiiUire,

penetration testers w on't get the best results, or deliver the most thorough
report to then‫ ־‬clients, i f they blindly turn an automated exploit machine on the
victim netw ork w ith no preparation.

L a b O b je c t iv e s
T he objective o f the lab is to extract inform ation concerning the target
organization that includes, but is not lim ited to:
■

IP address range associated w ith the target

■

Purpose o f organization and w h y does it exists

■

H o w big is the organization? W h a t class is its assigned IP Block?

■

Does the organization freely provide inform ation on the type o f
operating systems employed and netw ork topology 111 use?

■

Type o f firewall im plem ented, either hardware or software or
com bination o f both

■

Does the organization allow wireless devices to connect to wired
networks?

■

Type o f rem ote access used, either SSH or T N

■

Is help sought on I T positions that give inform ation on netw ork
services provided by the organization?

C E H Lab Manual Page 2

Ethical Hacking and Countemieasures Copyright © by EC-Council
All Rights Reserved. Reproduction is Stricdy Prohibited.


■

IdentitV organization’s users w h o can disclose their personal
inform ation that can be used fo r social engineering and assume such
possible usernames

& Tools
dem onstrated in
this lab are
available in
D:CEHToolsCEHv8
Module 02
Footprinting and
Reconnaissance

L a b E n v ir o n m e n t
Tins lab requires:
■

Windows Server 2012 as host machine

■

A web browser w ith an Internet connection

■

Administrative privileges to

11111 tools

L a b D u r a t io n
Time: 50 ]Minutes

O v e r v ie w o f F o o t p r in t in g
Before a penetration test even begins, penetration testers spend tune w ith their
clients working out the scope, mles, and goals ot the test. The penetration testers
may break

111 using any means

necessary, from information found

111 the

dumpster,

to web application security holes, to posing as the cable guy.
A fter pre-engagement activities, penetration testers begin gathering information
about their targets. O ften all the information learned from a client is the list o f IP
addresses a n d /o r web domains that are

111

scope. Penetration testers then learn as

much about the client and their systems as possible, from searching for employees
on social networking sites to scanning die perimeter for live systems and open ports.
Taking all the information gathered into account, penetration testers sftidv the
systems to find the best routes o f attack. Tins is similar to what an attacker would do
or what an invading army would do when trying to breach the perimeter. Then
penetration testers move into vulnerabilitv analysis, die first phase where they are
actively engaging the target. Some might say some port scanning does complete
connections. However, as cybercrime rates nse, large companies, government
organizations, and other popular sites are scanned quite frequendy. During
vulnerability analysis, a penetration tester begins actively probing the victim
systems for vulnerabilities and additional information. O nly once a penetration
tester has a hill view o f the target does exploitation begin. Tins is where all o f the
information that has been meticulously gathered comes into play, allowing you to be
nearly 100% sure that an exploit will succeed.
Once a system has been successfully compromised, the penetration test is over,
right? Actually, that's not nglit at all. Post exploitation is arguably the most
important part o f a penetration test. Once you have breached the perimeter there is
whole new set o f information to gather. Y o u may have access to additional systems
that are not available from the perimeter. The penetration test would be useless to a
client without reporting. Y o u should take good notes during the other phases,
because during reporting you have to tie evervdiing you found together 111 a way




everyone from the I T department who w ill be remediating the vulnerabilities to the
business executives who will be approving die budget can understand.
m

TASK 1
Overview

Lab T asks
Pick an organization diat you feel is worthy o f vour attention. Tins could be an
ed u c a tio n a l in stitu tion , a co m m e rcia l com pany.

01 perhaps

a nonprofit

charity.
Recommended labs to assist you

111 footprinting;

■

Basic N etw o rk Troubleshooting Using the ping u tility and nslookup Tool

■

People Search Using Anyw ho and Spokeo Online Tool

■

Analyzing D om ain and IP Address Queries Using Sm artW hois

■

N etw o rk Route Trace Using Path A nalyzer Pro

■

Tracing Emails Using e M a ilT ra c k e rP ro T oo l

■

Collecting Inform ation A bout a target’s Website Using Firebug

■

Mirroring Website Using H T T ra c k W eb S ite C opier Tool

■

Extracting Company’s Data Using W eb D ata E x tra c to r

■

Identifying Vulnerabilities and Inform ation Disclosures
using S earch Diggity

111 Search Engines

L a b A n a ly s is
Analyze and document the results related to die lab exercise. Give your opinion

011

your target’s security posture and exposure through public and tree information.

P L E A S E TALK TO YOUR I NSTRUCTOR IF YOU HAVE QUESTIONS
R EL A TE D TO THI S LAB.


Ethical Hacking and Countermeasures Copyright © by EC-Council


Lab

1

Using the Ping Utility
0 u tility
)1

P in g is a co m p uter n etw o rk a d m in is tra ti

u sed to te s t th e re a c h a b ility o f a

h o st on a n In te rn e tp ro to c o l (IP ) n e tw o rk a n d to m easure th e ro n n d - trip tim e fo r
m essages se n tfro m th e o rig in a tin g h o st to a d e stin a tio n com puter.

I CON KEY
[£ 7Valuable
Z
information
Test your
know
ledge_____
*

Web ex
ercise
Workbook review

As a professional p e n e tra tio n te s te r, you w ill need to check for the reachability
o f a com puter

111

a network. Ping is one o f the utilities that w ill allow you to

gather im portant inform ation like IP address, m axim um P a c k e t Fam e size,
etc. about the network com puter to aid

111 successful

penetration test.

Tins lab provides insight into the ping com m and and shows h ow to gather
inform ation using the ping command. T he lab teaches h ow to:
■
■

& Tools
dem onstrated in
this lab are
available in
D:CEHToolsCEHv8
Module 02
Footprinting and
Reconnaissance

Use ping
Em ulate the tracert (traceroute) com m and w ith ping

■

Find m axim um frame size for the network

■

Identity IC M P type and code for echo request and echo reply packets

L a b E n v ir o n m e n t
T o carry out tins lab you need:
A dm inistrative privileges to run tools

■

TCP/IP settings correctly configured and an accessible DNS server

■


■

Tins lab w ill w o rk 111 the C E H lab environm ent - on W indow s S erver
20 1 2 . W indow s 8, W indow s S erver 2 0 0 8 , and W indow s 7

All Rights Reserved. Reproduction is Strictly Prohibited.


L a b D u r a t io n
Tune: 10 Minutes

O v e r v ie w o f P in g
& PING stan s for
d
Packet Internet Groper.

The ping command sends Internet Control Message Protocol (ICMP) echo request

Ping com and S
m
yntax:
ping [-q] [-v] [-R [-c
]
Count] [-iWait] [-s
PacketSize] Host.

response process, ping measures the tune from transmission to reception, known as

packets to the target host and waits tor an ICMP response. D uring tins requestdie round-trip tim e, and records any loss o f packets.

Lab T asks
1.

Find the IP address tor h ttp :/ Avww.cert 1hedhacker.com

2.

T o launch S ta rt menu, hover the mouse cursor in the low er-left corner
o f the desktop

FIGURE 1 :W
.1 indow S
s erver 2012—
Desktopview
Locate IP Address

3.

Click Com m and Prom pt app to open the com m and pro m p t w in do w

FIGURE 1 : W
.2 indow S
s erver 2012— pps
A
Type ping w w w .c e rtifie d h a c k e r.c o m
For the com and,
m
ping -c count, specify the
num of echo requests to
ber
send.


111 the

com m and prom pt, and

press E nter to find out its IP address
b.

T h e displayed response should be similar to the one shown

111 the

following screenshot



Administrator: C:Windowssystem32cmd.exe

m The ping command,
“ping —wait,” m
i
eans wait
tim that is the num of
e,
ber
seconds to wait betw
een
each ping.

!‫* 'םי ־‬

'

C:)ping uuu.certifiedhacker.com
Pinging www.certifiedhacker.com [202.75.54.1011 with 32 bytes of data:
Request timed out.
Reply from 202.?5.54.101: bytes=32 time=267ms TTL=113
Reply fron 202.75.54.101: bytes=32 time=288ms TTL=113
Reply fron 202.75.54.101: bytes=32 time=525ms TTL=113
Ping statistics for 202.75.54.101:
Packets: Sent = 4, Received = 3, Lost = 1 <25z loss),
Approximate round trip times in m illi—
seconds:
Minimum = 267ms, M um = 525ms, Overage = 360m
axim
s
C:>

FIGURE 1 : The pingcom and toextract die IP ad re sfor w w
.3
m
ds
w .certifiedhacker.com

6. Y o u receive the IP address o f www.certifledhacker.com that is
2 0 2 .7 5 .5 4 .1 0 1
Y o u also get inform ation on Ping S ta tis tic s , such as packets sent,
packets received, packets lost, and A pp ro xim ate round-trip tim e
N o w , find out the m axim um frame size

011

the network. 111 the

com m and prom pt, type ping w w w .c e rtifie d h a c k e r.c o m - f - l 1 500
Finding Maximum
Frame Size

m Request time out is
displayed because either the
m
achine is down or it
im
plem
ents a packet
filter/firewall.

* ‫׳‬


:< ping www.certifiedhacker.com -f ‫0051 1 ־‬
!Pinging www.certifiedhacker.com [202.75.54.101] with 1500 bytes of data:
Packet needs to be fragmented but U set.
P
Packet needs to be fragmented but D set.
F
F
F
Packets: Sent = 4, Received = 0, Lost = 4 <100* loss).

FIGURE 1 The pingcom andforw w
.4:
m
w .certifiedhacker-comwidi ——
f 11500 options
9.

T h e display P a c k e t needs to be fragm ented but DF s e t means that the
frame is too large to be 011 the netw ork and needs to be fragmented.
Since w e used - f switch w ith the ping command, the packet was not
sent, and the ping command returned tins error

10. Type ping w w w .c e rtifie d h a c k e r.c o m - f - l 1 3 0 0

m In the ping command,
option —m
f eans don’t
fragm
ent.

! - ! = ■

X

'

Ic:>jping www.certifiedhacker.com - f -1 1300
Pinging www.certifiedhacker.com [202.75.54.101] with 1300 bytes of data:
Reply from 202.75.54.101: bytes=1300 time=392ms TTL=114
Packets: Sent = 4, Received = 4, Lost = 0 <0X loss),
Approximate round trip times in m illi—
seconds:
M um = 285ms, M um = 392ms, Average = 342m
inim
axim
s
C:>

FIGURE 1 : The pingcom and forw w
.5
m
w .certifiedhacker.comwith——
f 11300options




11. Y o u can see that the m axim um packet size is less than 1 5 0 0 bytes and
m ore than 1 3 0 0 bytes
In die ping com and,
m
“Ping— m
q,” eans quiet
output, only sum ary lines
m
at startup and com
pletion.

12. N o w , try different values until you find the m axim um frame size. F or
instance, ping w w w .c e rtifie d h a c k e r.c o m - f - l 1 4 7 3 replies w ith
P a c k e t needs to be fra g m e n te d but DF s e t and ping
w w w .c e rtifie d h a c k e r.c o m - f - l 1 4 7 2 replies w ith a su ccessfu l ping. I t
indicates that 1472 bytes is the m axim um frame size o il tins machine
netw ork
Note: T h e m axim um frame size w ill d iffer depending upon on the netw ork

I ‫ ־־‬I ‫ם‬

x

1

C:S)ping wow.cert i f iedhacker.com -f 1473 1‫־‬
Pin<jinc» www.certifiedhacker.com [202.75.54.1011 with 1473 bytes of data:
F
F
F
F
Packets: Sent = 4, Received = 0, Lost = 4 <100/ loss).
c a The router discards
packets when TTL reaches
0(Zero) value.
FIGURE 1.6: The pingcom andforw w
m
f 11473 options

1-1=' » '

C:>'ping www.certifiedhacker.com -f -1 1472
[Pinging www.certifiedhacker.com [202.75.54.101] with 1472 bytes of data:
Approximate round trip times in milli-seconds:
Minim
um = 282ms, M um = 359ms, Overage = 319m
axim
s

FIGURE 1.7: Hie pingcom and forw w
m
f 11472options

! The ping command,
“Ping— m
R,” eans record
route. It turns on route
recording for the Echo
Request packets, and
displays die route buffer on
returned packets (ignored
by m routers).
any


13. N o w , find out w hat happens w hen TTL (T im e to Live) expires. Ever}1
frame

011

the netw ork has T T L defined. I f T T L reaches 0, the router

discards the packet. This mechanism prevents the loss of p a c k e ts
14. 111 the com m and prom pt, type ping w w w .c e rtifie d h a c k e r.c o m -i 3.
T h e displayed response should be similar to the one shown
follow ing figure, but w ith a different IP address

111 the



Bl


1

C:>ping uuw.certifiedl1acker.com - i 3
Pinsrincf 17uu.certifiedhacker.com [202.75 .54.1011 uith 32 bytes of data:
Reply from 183.82.14.17: TTL expired in transit.
■Ping statistics for 202.75.54.101:
Packets: Sent = 4, Received = 4, Lost = 0 <0X loss).
lc:>
| <|

1
1
1

j

p

1<‫רדו‬

FIGURE 1 : The pingcom and forvwwcfi-rifierlhacker.co w -i 3 options
.8
m
m ith
15. Reply from 1 8 3 .8 2 .1 4 .1 7 : T T L exp ired in tra n s it means that the router
(183.82.14.17, stadents w ill have some other IP address) discarded the
frame, because its T T L has expired (reached 0)
T A S K

3

16. T he E m u late tra c e rt (traceroute) command, using ping - m anually,
found the route from your PC to w w w .cert 1fiedhacker.com

Em ulate T racert

17. T h e results you receive are different from those 111 tins lab. Y o u r results
may also be different from those o f the person sitting next to you
18.

111

the com m and prom pt, type ping w w w .c e rtifie d h a c k e r.c o m -i 1 -n

1. (Use

-11

1 in order to produce only one answer, instead o f receiving

four answers on W indow s or pinging forever on Linux.) T h e displayed
response should be similar to the one shown in the follow ing figure
C:>ping www.certifiedhacker.com — 1 — 1
i
n
Pinging www.certifiedhacker.com [202.75.54.101] with 32 bytes of da
Request timed out.

ca

In the ping com and,
m
the -i option represents
tim to live TTL.
e

Ping sta tis tic s for 202.75.54.101:
Packets: Sent = 1, Received = 0, Lost = 1 <100x 10ss>‫״‬
C:>

FIGURE 1 : The pingcom and for ™‫ ׳!י‬reitified1acker.comwith—1— 1options
.9
m
l
i n
19. 111 the com m and prom pt, type ping w w w .c e rtifie d h a c k e r.c o m -i 2 -n
1. T h e only difference between the previous ping com m and and tliis
one is - i 2. T h e displayed response should be similar to the one shown

111 the


follow ing figure



Adm
inistrator: C:W
indowssystem
32cm
d.exe
C:)ping www.certifiedhacker.com — 2 — 1
i
n

m 111 the ping command,

Request timed out.

-t m
eans to ping the
specified host until
stopped.

Ping sta tis tic s for 202.75.54.101:
C:>

FIGURE 1.10: The pingcom and for w w
m
w .certifiedl1acke1.comwith-i 2— 1options
n
1. Use -n 1

111 order

to produce only one answer (instead o f four on

W indow s or pinging forever on Linux). T h e displayed response should
be similar to the one shown

111 the

follow ing figure

C:)ping www.certifiedhacker.con - i 3 -n 1
Reply from 183.82.14.17: TTL expired in tra n s it.
s In the ping com and,
m
the -v option m
eans
verbose output, which lists
individual ICMP packets, a
s
well a echo responses.
s

C:>

FIGURE 1.11: Hie pingcom and for w w
m
w .certifiedl1acker.comwith—3— 1o
i n ptions
1. Use -n 1

111 order

to produce only one answer (instead o f four on

W indow s or pinging forever on Linux). T h e displayed response should
be similar to the one shown
G5J

111 the

following figure

Adm
inistrator: C:W
indowssystem
32cm
d.exe

H » l

>
‫־‬

'

D:>ping www.certifiedhacker.com - i 4 -n 1
Reply from 121.240.252.1: TTL expired in tra n s it.
Packets: Sent = 1, Received = 1, Lost = 0 <0X loss).

FIGURE 1.12: Hie pingcom and for w .certifiedhacker-comwith—4— 1o
m
ivw
i n ptions
£Q In the ping com and,
m
the —s e option m
1 12
eans to
send the buffer size.

22. W e have received the answer from the same IP address 111 tw o d iffe re n t
.
.
.
.
. . .
steps. H u s one identities the packet rnter; some packet filters do not
d e c re m e n t T T L and are therefore invisible




m 111 the ping command,
the -w option represents
the tim
eout in m
illiseconds
to wait for eachreply.

23. Repeat the above step until you reach th e IP address for
w w w .c e rtifie d h a c k e r.c o m

(111 this

case, 2 0 2 .7 5 .5 4 .1 0 1 )


E M

'

C:)ping www.certifiedhacker.com - i 10 -n 1
Pinging www.certifiedhacker.com [202.75.54.101] with 32 bytes of data:
Packets: Sent = 1, Received = 1, Lost = 0 <0x loss),
C:>

FIGURE 1.13: The pingcom andfor w w
m
w .certifiedhacker.comwith—10— 1options
i
n
24. H ere the successful ping to reach w w w .c e rtifie d h a c k e r.c o m is 15
hops. T he output w ill be similar to the trace route results

m Traceroute sends a
sequence of Internet
Control M
essage Protocol
(ICMP) echo request
packets addressed to a
destinationhost.

:>p 1ng www.cert1f 1 edhacker.com -1 12 -n 1
inging www.certifiedhacker.com [202.75.54.1011 with 32 bytes
equest timed out.
ing statistics for 202.75.54.101:
Packets: Sent = 1, Received = 0, Lost = 1 (100X loss),
:S)ping www.certifiedhacker.com - i 13 -n 1
inging v4ww.certifiedhacker.com [202.75.54.1011 with 32 bytes
eply from 1.9.244.26: TTL expired in transit.
Packets: Sent = 1, Received = 1, Lost = 0 <0x loss),
:S)ping www.certifiedhacker.com — 14 — 1
i
n
inging Hww.nRrtif1Rrthacker.com [202.75.54.1011 with 32 bytes
eply from 202.75.52.1: TTL expired in transit.
:>ping www.certifiedhacker.com - i 15 -n 1
inging www.certifiedhacker.com [202.75.54.1011 with 32 bytes
eply from 202.75.54.101: bytes=32 time=267ms TTL=114
pproximate round trip times in milli-seconds:
Minim
um = 267ms, M um = 267ms, Overage = 267m
axim
s

of data

of data

of data

of data

FIGURE 1.14: Hie pingcom and for w w 1tifiedhacker.comwith—15— 1options
m
w .ce
i
n
25. N o w , make a note o f all die IP addresses from w hich you receive the
reply during the ping to emulate tracert

L a b A n a ly s is
Docum ent all die IP addresses, reply request IP addresses, and their TJL'Ls.




T o o l /U t il it y

In fo rm a tio n C o lle c te d /O b je c tiv e s A c h ie v e d
I P A ddress: 202.75.54.101
P a c k e t Statistics:
■

P in g

Packets Sent — 4

■

Packets Received — 3

■

Packets Lost — 1

■

A pproxim ate Round T rip T im e — 360111s

M a x im u m F ra m e Size: 1472
T T L R esponse: 15 hops

P L E A S E TALK TO YOUR I NSTRUCTOR IF YOU HAVE QUESTIONS
R EL A T E D TO THI S LAB.

Q u e s t io n s
1.

H o w does tracert (trace route) find the route that the trace packets are
(probably) using?

2.

Is there any other answer ping could give us (except those few w e saw
before)?

3.

W e saw before:
‫י‬

Request timed out

‫י‬

Packet needs to be fragmented but D F set

‫י‬

Reply from X X X . X X X .X X X . X X : T I L expired

111 transit

W h a t IC M P type and code are used for the IC M P E cho request?
4.

W h y does traceroute give different results on different networks (and
sometimes on the same network)?

In te r n e t C o n n e c tio n R e q u ire d
0 Y es

□ No

P la tfo rm S u p p o rted
0 C lassro o m


D iLabs



Using the nslookup Tool
n slo o k u p is a n etw o rk a d m in istra tio n com m and-line to o l a v a ila b le fo r m an y
co m p uter o p e ra tin g system sfo r q u e ryin g th e D o m a in N a m e System (D N S ) to
o b ta in th e d o m ain nam e, th e IP

ad d ress m ap p in g , o r a n y o th e r sp e cific D N S reco rd .

[£ 7Valuable
Z
information

111 the previous lab, we gathered inform ation such as IP address. Ping
S ta tis tic s . M axim um F ram e Size, and T T L Response using the ping utility.

Test your
know
ledge_____
*

Using the IP address found, an attacker can perform further hacks like port

Web ex
ercise

located and dom ain name associated w ith the IP address.

!322 Workbook review

scanning, N etbios, etc. and can also tind country or region

111

w hich the IP is

111 the next step o f reconnaissance, you need to tind the DNS records. Suppose

111

a netw ork there are tw o dom ain name systems (D N S ) servers named A and

B, hosting the same A c tiv e D ire c to ry -In te g ra ted zone. Using the nslookup
tool an attacker can obtain the IP address o f the dom ain name allowing him or
her to find the specific IP address o f the person he or she is hoping to attack.
Though it is difficult to restrict other users to query w ith D N S server by using
nslookup com m and because tins program w ill basically simulate the process
that h ow other programs do the D N S name resolution, being a p enetration
te s te r you should be able to prevent such attacks by going to the zone’s
properties, on the Z on e T ra n s fe r tab, and selecting the option not to allow
zone transfers. Tins w ill prevent an attacker from using the nslookup command
to get a list o f your zone’s records, nslookup can provide you w ith a wealth o f
D N S server diagnostic inform ation.

The objective o f tins lab is to help students learn how to use the nslookup
command.
This lab will teach you how to:
■


Execute the nslookup command


Module 02 - Footprinting and Reconnaissance

■

F in d d ie I P a d d re s s o f a m a c h in e

■

C h a n g e th e s e rv e r y o u w a n t th e re s p o n s e fr o m

■

E l i c i t a n a u t h o r it a tiv e a n s w e r fr o m th e D N S s e rv e r

■

F in d n a m e s e rv e rs f o r a d o m a in

■

F in d C n a m e (C a n o n ic a l N a m e ) f o r a d o m a in

■
■

&
Tools
dem onstrated in
this lab are
available in
D:CEHToolsCEHv 8
Module 02
Footprinting and
Reconnaissance

F in d m a il s e rv e rs lo r a d o m a in
Id e n t if y v a r io u s D N S re s o u r c e re c o rd s

Lab Environment
T o c a n y o u t th e la b , y o u n e e d :
■

A d m in is t r a tiv e p r iv ile g e s to r u n to o ls

■

TCP/IP s e ttin g s c o r r e c t ly c o n fig u r e d a n d a n a c c e s s ib le D N S s e rv e r

■

T in s la b w ill w o r k

111

th e C E H

la b e n v ir o n m e n t -

011

Window s

S erver

2 0 1 2 . W indow s 8 , W indow s S erver 2 0 0 8 . a n d W indow s 7
■

I t th e

nslookup com m and d o e s n ’t w o r k , re s ta rt th e com m and

w in do w , a n d ty p e nslookup t o r th e in t e r a c t iv e m o d e .

Lab Duration
T im e : 5 M in u te s

Overview of nslookup
nslookup m e a n s nam e server lookup. T o e x e c u te q u e n e s , n s lo o k u p u se s d ie
o p e ra tin g s y s te m ’s lo c a l
o p e ra te s

111

Domain Nam e System (DNS) resolver library, n s lo o k u p

interactive

01‫־‬

non-interactive m o d e . W h e n u s e d in te r a c tiv e ly b y

in v o k in g it w id io u t a rg u m e n ts
seco n d

a rg u m e n t

c o n fig u ra tio n s

is

01‫־‬

w h e n d ie fir s t a rg u m e n t is - (m in u s sig n ) a n d d ie

host nam e

0 1 ‫ ־‬re q u e sts

01‫־‬

IP address, th e

w h e n p re s e n te d w ith th e

u ser

issu e s

a rg u m e n ts a re g iv e n , th e n th e c o m m a n d q u e rie s to d e fa u lt s e rv e r. T h e

sign) in v o k e s s u b c o m m a n d s w h ic h a re s p e c ifie d
p re c e d e n s lo o k u p c o m m a n d s .

nam e

01‫־‬

111

p a ra m e te r

nslookup prompt (> ). W h e n
011

110

- (minus

c o m m a n d lin e a n d s h o u ld

non-interactive mode. i.e . w h e n firs t a rg u m e n t is

internet address o f th e h o s t b e in g s e a rc h e d , p a ra m e te rs a n d th e q u e ry a re

s p e c ifie d as c o m m a n d lin e a rg u m e n ts

111

th e in v o c a tio n o f th e p ro g ra m . T h e

11011 -

in te r a c tiv e m o d e se a rch e s th e in fo rm a tio n fo r s p e c ifie d h o s t u s in g d e fa u lt n a m e
s e rv e r.
W it h n s lo o k u p y o u w ill e id ie r re c e iv e a n o n - a u d io n ta tiv e o r a u th o rita tiv e a n s w e r.
Y o u re c e iv e a

non-authoritative answ er b e c a u s e , b y d e fa u lt, n s lo o k u p ask s y o u r

n a m e s e rv e r to re c u rs e

111

o rd e r to re s o lv e y o u r q u e ry a n d b e c a u s e y o u r n a m e s e rv e r is

n o t a n a u th o rity fo r th e n a m e y o u a re a s k in g it a b o u t. Y o u c a n g e t a n

authoritative

answ er b y q u e ry in g th e a u th o rita tiv e n a m e s e rv e r fo r d ie d o m a in y o u a re in te re s te d

CEH Lab Manual Page 14

Ethical Hacking and Countemieasures Copyright © by EC-Comicil


Lab Tasks
1.

Lau nch

S ta rt m e n u b y h o v e r in g th e m o u s e c u r s o r

111

th e lo w e r - le ft

c o r n e r o f th e d e s k to p

S

TASK 1
Extract
Information
i j Windows Server 2012
fttn cM S w *2 1 ReleMQ
d s e e 02
nxtditeO tm
aiM •
1a a nc p fk
v lu tio o y *W
IP P R P G S

* 5 ; ‫ן ל ל ן יט י‬
F I G U R E 2 .1 : W i n d o w s S e r v e r 2 0 1 2 — D e s k t o p v i e w

2.

C lic k th e

Com m and Prom pt a p p to o p e n th e c o m m a n d p r o m p t

w in d o w

F I G U R E 2 .2 : W i n d o w s S e r v e r 2 0 1 2 — A p p s

,____

3.

T h e g e n e ra l

111 th e c o m m a n d p r o m p t, ty p e

4.

N o w , ty p e

nslookup, a n d p re s s E nter

c o m m a n d s y n t a x is
n s l o o k u p [ - o p t io n ] [ n a m e

|

-] [ s e r v e r ] .


help a n d p re s s Enter. T h e d is p la y e d re s p o n s e s h o u ld b e s im ila r

to d ie o n e s h o w n

111

th e fo llo w in g fig u re



ss

Administrator: C:Windowssystem32cmd.exe - nslookup

S

C :)n s lo o k u p
D e fa u lt S e rv e r:
n s l.b e a m n e t. in
A d dress:
2 0 2 .5 3 .8 .8

.S '

T y p in g " h e lp " o r " ? " a t

th e c o m m a n d p ro m p t
g e n e r a t e s a lis t o f a v a ila b le
com m and s.

> h e lp
Commands:
( i d e n t i f i e r s a re shown in u p p e rc a s e , LJ means o p t i o n a l )
NAME
- p r i n t in fo about th e hos t/d o m ain NAME u s in g d e f a u lt s e r v e r
NAME1 NAME2
- as abo ve, but use NAME2 as s e r v e r
h e lp o r ?
‫ ־‬p r i n t in fo on common commands
s e t OPTION
- s e t an o p tio n
a ll
- p r i n t o p tio n s * c u r r e n t s e r v e r and host
[no]debug
- p r i n t debugging in fo rm a tio n
[n o ld 2
‫ ־‬p r i n t e x h a u s tiv e debugging in fo rm a tio n
[n o Id e f name
- append domain name to each query
[n o !re c u rs e
- ask f o r r e c u r s iv e answer to qu e ry
[n o !s e a rc h
- use domain sea rc h l i s t
[no Ivc
- alw ays use a v i r t u a l c i r c u i t
domain =NAME
- s e t d e f a u lt domain name to NAME
s r c h l i s t = N 1 [ / N 2 / . . . / N 6 1 - s e t domain to N1 and s ea rc h l i s t to N 1 ,N 2, e t c .
ro o t =NAME
- s e t ro o t s e r v e r to NAME
re try = X
- s e t number o f r e t r i e s to X
t imeout=X
‫ ־־‬s e t i n i t i a l tim e -o u t i n t e r v a l to X seconds
- s e t q u e ry typ e ( e x . A,AAAA,A*AAAA,ANY,CNAME,MX,NS,PTR,
ty p e =X
S0A,SRU)
q u e ry ty p e =X
- same as type
c la s s ‫־‬X
— s e t q u e ry c la s s <ex . IN ( I n t e r n e t ) , ANY)
- use MS f a s t zone t r a n s f e r
[no]m sxf r
- c u r r e n t v e rs io n to use in IXFR t r a n s f e r re q u e s t
ix fr v e r = X
s e r v e r NAME
- s e t d e f a u l t s e r v e r to NAME, u s in g c u r r e n t d e f a u l t s e r v e r
ls e r w e r NAME
- s e t d e f a u lt s e r v e r to NAME, u s in g i n i t i a l s e r v e r
ro o t
- s e t c u r r e n t d e f a u l t s e r v e r to th e r o o t
Is [ o p t ] DOMAIN [> F IL E ] - l i s t addresses in DOMAIN ( o p t io n a l: o u tp u t to F IL E )
-a
‫־‬
l i s t c a n o n ic a l names and a lia s e s
-d
— l i s t a l l rec o rd s
- t TYPE
l i s t re c o rd s o f th e g iven RFC re c o rd ty p e ( e x . A,CNAME,MX,NS,
PTR e t c .>
view FILE
- s o r t an ' I s ' o u tp u t f i l e and view i t w ith pg
- e x i t th e program
e x it
>

F I G U R E 2 .3 : T h e n s l o o k u p c o m m a n d w i t h h e lp o p t i o n

5.

111 th e n s lo o k u p

6.

N o w , ty p e

interactive m o d e , ty p e “set type=a” a n d p re s s Enter

w w w .certifiedhacker.com a n d p re ss Enter. T h e d is p la y e d

re s p o n s e s h o u ld b e s im ila r to d ie o n e s h o w n

111

d ie fo llo w in g fig u re

Note: T h e D N S s e rv e r A d d re s s (2 0 2 .5 3 .8 .8 ) w ill b e d iffe r e n t fro m d ie o n e s h o w n

111

d ie s c re e n s h o t

F I G U R E 2 .4 : h i n s l o o k u p c o m m a n d , s e t t y p e = a o p t i o n

Use Elicit
Authoritative

7.

Y o u get
but

111

Authoritative o r Non-authoritative answer. T h e a n s w e r v a n e s ,

d iis la b , it is

Non-authoritative answ er

8.

L i n s lo o k u p in te r a c tiv e m o d e , ty p e

9.

N o w , ty p e

set type=cnam e a n d p re s s Enter

certifiedhacker.com a n d p re s s Enter

Note: T h e D N S s e rv e r a d d re ss (8 .8 .8 .8) w ill b e d iffe r e n t d ia n d ie o n e

111

s c re e n s h o t

10. T h e d is p la y e d re s p o n s e s h o u ld b e s im ila r to d ie o n e s h o w n as fo llo w s :
>


s e t

ty p e = c n a m e



>

c e r t if ie d h a c k e r .c o m

S e r v e r:

g o o g le - p u b lic - d n s - a . g o o g le . co m

A d d re s s :

r
Q

TASK

8 . 8.8. 8

Administrator: C:Windowssystem32cmd.exe ‫ ־‬ns...

‫ם‬

x

3

Find Cname

‫> : נ‬

n s lo o k u p

) e f a u

l t

S e r v e r :

I d d r e s s :

g o o g l e - p u b l i c - d n s - a . g o o g l e . c o n

8 . 8 . 8 . 8

>

s e t

t y p e = c n a n e

>

c e r t

i f i e d

J e r u

e r :

I d d r e s s :

: e r t

i f

h a c k e r . c o n

g o o g l e - p u b l i c ‫ ־‬d n s ‫ ־‬a

. g o o g le . c o n

8 . 8 . 8 . 8

i e d h a c k e r
p

r i n

a r y

. c o n
n a n e

r e s p o n s i b l e
s

e

r i a

l

=

s e r u e r
n

a

i l

=

n s 0 . n

a d d r

=

a d

o

y e a r l y f e e s . c o n

n i n . n o y e a r l y f e e s . c o n

3 5

r e f r e s h

=

9 0 0

(1 5

n in s >

r e

=

6 0 0

( 1 0

n

e x p i r e

=

8 6 4 0 0

d

T T L

t r y

e f a u l t

=

( 1

3 6 0 0

i n

s )

d a y )
( 1

h o u r >

II
I
F I G U R E 2.5:111 iis l o o k u p c o m m a n d , s e t t y p e = c n a m e o p t i o n

11. 111 iis lo o k u p in te r a c tiv e m o d e , ty p e

server 64.147.99.90 (o r a n y o th e r I P

a d d re ss y o u re c e iv e in th e p re v io u s ste p ) a n d p re s s
12. N o w , ty p e
13. T y p e

Enter.

set type=a a n d p re s s Enter.

w w w .certifiedhacker.com a n d p re s s Enter. T h e d is p la y e d re s p o n s e

s h o u ld b e s im ila r to th e o n e s h o w n

111

d ie fo llo w in g fig u re .

[SB Administrator: C:Windowssystem32cmd.exe - ns.‫ ״‬L^.

1 1 1 n s lo o k u p
c o m m a n d , r o o t o p tio n
m e a n s to set th e c u rre n t
d e fa u lt s e r v e r t o th e r o o t.

F I G U R E 2.6:111 n s l o o k u p c o m m a n d , s e t t y p e = a o p t i o n

14. I I y o u re c e iv e a

request tim ed out m e ssa g e , as s h o w n in th e p re v io u s

fig u re , d ie n y o u r fir e w a ll is p re v e n tin g y o u fro m s e n d in g D N S q u e rie s
o u ts id e y o u r L A N .




15. 111 n s lo o k u p in te r a c tiv e m o d e , ty p e
16. N o w , ty p e

set type=m x a n d p re s s Enter.

certifiedhacker.com a n d p re s s Enter. T h e d is p la y e d re s p o n s e

s h o u ld b e s im ila r to th e o n e s h o w n

111

d ie fo llo w in g fig u re .

‫ '׳‬T o m a k e q u e iy t y p e
o f N S a d e fa u lt o p t io n f o r
y o u r n s lo o k u p c o m m a n d s ,
p la c e o n e o f th e f o llo w in g
sta te m e n ts in th e
u s e r _ id .N S L O O K U P .E N V
d a t a s e t: s e t q u e r y t y p e = n s
o r q u e ry ty p e = n s .

F I G U R E 2 .7 : I n n s l o o k u p c o m m a n d , s e t t y p e = m x o p t i o n

Lab Analysis
D o c u m e n t a ll d ie I P a d d re ss e s, D N S s e rv e r n a m e s , a n d o d ie r D N S in fo rm a tio n .

T o o l/ U t ilit y

In f o r m a t io n C o lle c t e d / O b je c t iv e s A c h ie v e d
D N S S e r v e r N a m e : 2 0 2 .5 3 .8 .8
N o n - A u t h o r it a t iv e A n s w e r : 2 0 2 .7 5 .5 4 .1 0 1
C N A M E ( C a n o n ic a l N a m e o f a n a lia s )

n s lo o k u p

■

A lia s : c e r t 1 fie d h a c k e r .c o m

■

C a n o n ic a l n a m e : g o o g le - p u b l 1 c- d 11s - a .g o o g le .c o m

M X

P LE A S E

TA LK

TO

( M a i l E x c h a n g e r ) : m a 1 1 .c e rt1 fie d h a c k e r.c o m

Y O U R IN S T R U C T O R IF Y O U
R E L A T E D TO T H IS LAB.

H A V E

Q U E S T IO N S

Questions
1.

A n a ly z e a n d d e te rm in e e a c h o t th e t o llo w in g D N S re s o u r c e re c o rd s :
■


SO A



■
■

A

■

PT R

■

C N A M E

■

M X

■
2.

N S

SR Y

E v a lu a t e th e d iffe r e n c e b e tw e e n a n a u t h o r it a tiv e a n d n o n - a u d io r ita tiv e
a n s w e r.

3.

D e te r m in e w h e n y o u w ill r e c e iv e re q u e s t tim e o u t in n s lo o k u p .

In t e r n e t C o n n e c t io n R e q u ir e d
0

Yes

P la t f o r m
0


□

N o

S u p p o rte d

C la s s r o o m

□ !L a b s

Ethical Hacking and Countermeasures Copyright © by EC-Comicil


People Search Using th e AnyWho
Online Tool
A _n y W h o is an o n lin e w h ite p ag es p eo p le search d ire c to ry fo r q u ic k ly lo o k in g u p
in d iv id u a lp h o n e num bers.

Lab Scenario
Valuable
m fonnatioti______
Test your
knowledge

*d

W eb exercise

m

W orkbook review

Y o u h a v e a lre a d y le a rn e d d ia t d ie burst stag e
m u c h in fo r m a tio n as p o s s ib le .
re la te d to

111

111

p e n e tra tio n te s tin g is to g a th e r as

th e p re v io u s la b , y o u w e re a b le to tin d in fo rm a tio n

DNS records u s in g th e n s lo o k u p to o l. I f a n a tta c k e r d is c o v e rs a fla w

D N S s e rv e r, h e o r sh e w ill e x p lo it th e fla w to p e rfo rm

111

a

a c a c h e p o is o n in g a tta c k ,

m a k in g d ie s e rv e r c a c h e th e in c o r r e c t e n trie s lo c a lly a n d s e rv e th e m to o th e r u se rs
th a t m a k e th e sa m e re q u e st. A s a p e n e tra tio n te ste r, y o u m u s t a lw a y s b e c a u tio u s
a n d ta k e p re v e n tiv e m e a su re s a g a in s t a tta ck s ta rg e te d a t a n a m e s e rv e r b y

securely

configuring nam e servers to re d u c e th e a tta c k e r's a b ility to c o r m p t a z o n e file w id i
th e a m p lific a tio n re c o rd .
T o b e g in a p e n e tra tio n te st it is a ls o im p o rta n t to g a th e r in fo rm a tio n a b o u t a

user

location to in tru d e in to th e u s e r’s o rg a n iz a tio n s u c c e s s fu lly . 111 tin s p a rtic u la r la b , w e
w ill le a rn h o w to lo c a te a c lie n t o r u s e r lo c a tio n u s in g d ie AnyWho o n lin e to o l.

Lab Objectives
T h e o b je c tiv e o f d u s la b is to d e m o n s tra te th e fo o tp rin tin g te c h n iq u e to c o lle c t

confidential information o n a n o rg a n iz a tio n , s u c h as then: key personnel a n d th e ir
contact details, u s in g p e o p le s e a rc h s e rv ic e s . S tu d e n ts n e e d to p e rfo rm p e o p le
H Tools
dem onstrated in
this lab are
available in
D:CEHToolsCEHv 8
Module 02
Footprinting and
Reconnaissance


s e a rc h a n d p h o n e n u m b e r lo o k u p u s in g h ttp : / /w w w .a n y w h o .c o m .

Lab Environment
111

th e la b , y o u n e e d :
■

A w e b b ro w s e r w ith a n In te r n e t c o n n e c tio n

■

A d m in is tra tiv e p riv ile g e s to ru n to o ls

■


111 th e C E H
la b e n v ir o n m e n t - o n W indow s S erver
2 0 1 2 . W indow s 8 , W indow s S erver 2 0 0 8 . a n d W indow s 7

Ethical Hacking and Countenneasures Copyright © by EC-Council


Lab Duration
T u n e : 5 ] lu iu te s

Overview of AnyWho
A n y W h o is a p a rt o t d ie

ATTi fam ily o t b ra n d s , w liic h m o s tly to c u s e s o n lo c a l

se a rch e s t o r p ro d u c ts a n d s e rv ic e s . T lie site lis ts in fo rm a tio n fro m th e
(F u id a P e r s o n / R e v e r s e L o o k u p ) a n d th e

W hite Pages

Y ellow Pages (F in d a B u s in e s s ).

Lab Tasks
1.

Lau nch

S ta rt m e n u b y h o v e r in g th e m o u s e c u r s o r o il th e lo w e r- le ft


m

A n y W h o a llo w y o u to

s e a r c h f o r l o c a l b u s in e s s e s
b y n a m e to q u ic k ly fin d
t h e i r Y e l l o w P a g e s l i s t in g s
w i t h b a s ic d e ta ils a n d m a p s ,

■8 W in d o w s Se rver 2012

p lu s a n y a d d it io n a l t im e
a n d m o n e y - s a v in g fe a tu re s ,

Window* Serve! 2 12 Rele< Candidate
Server 0
ae

fviluaiioft copy R tld
u

s u c h as c o u p o n s , v id e o

■
KIWI

p r o f ile s o r o n lin e
r e s e r v a t io n s .


2.

C lic k th e

Google Chrom e a p p to la u n c h th e C h r o m e b r o w s e r

01‫־‬

la u n c h

a n y o th e r b r o w s e r

F I G U R E 3 .2 : W i n d o w s S e r v e r 2 0 1 2 — A p p s

TASK 1
People Search
w ith AnyWho


3.

L i d ie b ro w s e r, ty p e

http://w ww .anywho.com . a n d p re s s Enter

011

d ie

k e y b o a rd



4 * C
‫♦ ־‬

(ww»anyA»o;orj

A nyW ho
9 < .fc‫ ־‬S LO K P
k <= O U

u

a

A n y W h o is p a r t o f t h e

White Pages | Find People By Name

A T T i fa m ily o f b r a n d s ,

Find a Person

Fad Pcoote ■ Ou‫ ־‬Wfrte Fages Directory
a

w h ic h fo c u s e s o n lo c a l

V» yw u k M ) fa sn1Mfnux Tryn ro*»rfyw ad*«s»?
i
r
ff
g
01 ■ A yxi s» 1‫ י׳‬irtfm c 10 1w 6« 11 *‫ י0נ‬rc n s?
wx
fcar # r* 1m f
co d
VirWw ertntM a**♦cnliie *tie swe1 d r/ *h yoi
i
iceto «re
car lad meto b tte* n»n* jdoeti wy uc4n to1
v
o

s e a rc h p ro d u c ts a n d

cyr p
eoa

s e rv ic e s .

®!• ]
*E

‫אז־‬A
r‫׳‬y1Y»own«Pap 11 u M4■ * t <t px
»t :X # m y m r
<
m %0»n(M*dt ton Kirntt*• ranon ro‫ ׳‬t«5
rtm
n *» tar tre*« vd «« ru ♦tr *a‫׳‬cr*1gir
cw
m tn

Br N m I By Awkm 1 By Ph4 « M
im>
n in**‫״‬

• V#«lati 1»rta * co iro rc d Ihi till In! n
>
n n lu •
i
m d mat« c / l•10iwcwy u • itti
d•
tfy tia
o‫ ׳‬M

‫ י‬If*• !»<<ro «
• »•

(•g rM yJm i

F I G U R E 3 .3 : A n y W h o - H o m e P a g e h t t p : / / w w w . a n y w h o . c o m

4.

In p u t d ie n a m e o f d ie p e rs o n y o u w a n t to s e a rc h fo r in d ie
s e c tio n a n d c lic k
W Page?|Peo leFin:
hite
p
<
‫־‬

c a

C

Find a Person

Find
it™

^

© ww wjnywho.com

In c lu d e b o th th e firs t

AnyWho

a n d la s t n a m e w h e n

FtnoirvPcopfe FaecestnoBjsnesscs

s e a rc h in g th e A n y W h o
f t

W h ite Pag es.

X WHITE PAGES

B s YELLOW PACES

OREVERSE LOOKUP

I

AREA/ZIP CODE LOOKUP

©

UAPS

W h it e P a g e s | Fin d P e o p le B y N am e

^

Find a Person

Tind People in Our White Pages Directory

Rose
City or ZIP
By Mama

Are you starching for an old friend? Trying to verify an address?
Oi maybe you see an unfamiliar phone number in your records?
AnyWho provides a Tree online while pages directory where you
can find people by their name, address or you can do a reverse
lookjp by phone number

| Christian
1
State [vl

The AnyWho White Pages is updated weekly with phone
numbers of irdr/duals from across the nation For best results,
include both the first and last name when searching the
AnyWho White Pages a d if you have it. the ZIP Code
n.

By Address I By Phone Number

Personal identifying inform
ation available on AnyW
ho
is n:t cro * Je J : ‫ י‬AT&T and is provided sol elf by an
•
uraflated find party. Intelm Inc Full Disclaimer
3.

F I G U R E 3 .4 : A n y W h o — N a m e S e a r c h

5.

A n y W h o re d ire c ts y o u to

search results w ith d ie n a m e y o u h a v e e n te re d .

T h e n u m b e r o f re s u lts m ig h t v a n ‫־‬
Find a Person by Name . Byi!•** ..ByAdd iv ii
Rose

Chnstian

1 1 1c« o cvUtJIiy nteluv.com D
htcM
lnw
1 10 Listings Found for Rose Christian
R ose A Christian
m

Y e l l o w P a g e s l is t in g s

(s e a rc h e s b y c a te g o ry o r

» a m to Accreea 899( ” uape &Dnvng Drocncrs

By Phone Numbvf

City or 7IP Cnflc

't n t 'O

■ 1501

Tind m o ie

infoimatlon

ftom

Intollus

M ore information for R ose A Christian
‫ •י‬Email and Otner Phone Lookup
‫ יי‬Get Detailed Background information
• Get Pucnc Records
‫״‬
‫ ״‬view Property & Area Information
* view Social Network Pr&rilo
•

n a m e ) a re o b ta in e d f r o m
Y P .C O M

a n d a re u p d a te d

R ose B Christian
• M M I C m m + 0* O M W

o n a r e g u l a r b a s is .
» Add toAddress B99k

» Wacs &Drtvhg DJ‫־‬ectione

Rose C Christian

M ore information for R ose B Christian
» Email anc other Phone Lookup
* Getoetaiso Backflround information
>
* Get Public Records
* view Praocitv &Area Information
‫•י‬View Social Network Profile

» A4 (o/.Mim B 9 ‫ ״‬Mp 4D gD c n
0
9 k > a s rivh ire tio &

M ore Information for Rose C Christian
‫ יי‬Email 300 otner Phone lookup
“ Get Dttilac Background Information
» G•! Pjtl'C RtCOtdS
* Wew Property & A/ea Information
‫״‬
* view Social Netarork Profile
*

Ro*• E Christian

M ore information tor Ro•• E Christian

•W •*% 9t t t

m m ‫ י״‬MM
mm

F I G U R E 3 .5 : A n y W h o P e o p l e S e a r c h R e s u lt s




task

2

6.

C lic k d ie

search results to see d ie a d d re ss d e ta ils a n d p h o n e n u m b e r o f

d ia t p e rs o n

View ing Person
Information

Rose A Christian
Southfield PI,
0-f -SH ' 6

Add to Address Book | Print

!re, MD 21212

A re you R o se A Christian? » Rem ove Listing

Information provided solely by Intelius

Get Directions

□

Enter Address

‫ש‬
m

Southfield PI.

T h e s e a rc h r e s u lts

3

•‫־‬re. MD 21212

C e t D ir e c t io n s

>R e v e rse D irections

d is p la y a d d re s s , p h o n e
n u m b e r a n d d ir e c t io n s fo r
t h e lo c a t io n .

Gul f of

O 'J J t t Z 'jr / jn d u i

-j 'jj l‫/׳.>! ׳‬r-O
j

F I G U R E 3 .6 : A n y W h o - D e t a i l S e a r c h R e s u l t o f R o s e A C h r is t ia n

7.

S in u la d y , p e rfo rm a re v e rs e s e a rc h b y g iv in g p h o n e n u m b e r o r a d d re ss
d ie

y = l

T h e R everse P h o n e

111

Reverse Lookup h e ld

C

0 w /w
w .anyvrtx> m •everse-lookup
.co ‫׳‬

L o o k u p s e r v ic e a llo w s
v is it o r s t o e n t e r in a p h o n e

AnyW ho

n u m b e r a n d im m e d ia t e ly

W ta A
flO O rcc-f. Pitert m35■ ‫>»«»׳‬
v*

l o o k u p w h o i t is r e g i s t e r e d

JL

to .

□

• Kk«‫׳‬fcKSt LOOKUP

kVHIfE PACES

R everse Lookup | Find People By
Phone Number

Reverse Lookup

AnyWho's Reverse Phone LooKup service allows visitors to enter
*‫ »ימא*ן ג י‬num and im ediately lookupw it is registered
ber
m
ho
to. Perhaps you mssed an incom phone call and want to
ing
knoww * is before you call back. Type the phone num in
ho
ber to
the search box andwell performa white pages reverse lookup
search ‫ פז‬fni out exactly who it is registered to If we ha*® a
m
atch far the pnone num well show you the registrant's first
ber
and last nam and maim address If you w to do reverse
e,
g
ant
phone lookupfo a business phone num then check out
r
ber
Rwrse Lookup at YP.com.

|<>» r|
0s «
x
e » 8185551212. (81 55-1
8)6 212

HP Cell phone num
bers are no ew
t ailable

Personal iiJ6nnr.inc inform
ationavailable onA ho
nyW
is n« pwaed b A and is p
y T&T
rovided solerf b a
y n
i^affiatedthirdp inteliu Inc Full Di$daim
arly
s.
er

A«bWJPC006 LO K P
OU

n

F I G U R E 3 .7: A n y W h o R e v e r s e L o o k u p P a g e




R e v e r s e lo o k u p w ill re d ire c t y o u to d ie s e a rc h re s u lt p a g e w id i d ie d e ta ile d
in fo rm a tio n o f d ie p e rs o n fo r p a rtic u la r p h o n e n u m b e r

n yp.com
>
^

-

01‫ ־‬em

a il a d d re ss

C

O

a n y w h o yp .ye llo w p a g e s .c o m / re v e rs e p h o n e lo o k u p ?fro m = a n y w h o _c o b ra &

Rose A Christian
‫ ־‬Southfield PI, - - lore. MD 21212

Are you Rose A Christian7 » Remove Listing
»
U n p u b lis h e d

Get Directions

d ir e c to r y re c o r d s a re n o t
d is p la y e d . I f y o u w a n t y o u r

□

Enter Address

r e s id e n t ia l lis t in g r e m o v e d ,
y o u h a v e a c o u p le o f

■Southfield PI. • *K>re, MD 21212
—

o p tio n s :
T o h a v e y o u r lis t in g

•Reverse Directions

u n p u b lis h e d , c o n t a c t y o u r
lo c a l te le p h o n e c o m p a n y .
T o h a v e y o u r lis t in g

C h in q u a p in
Pa r k ‫ ־‬B elvedere

La k e Ev e s h a m

re m o v e d fro m A n y W h o
w it h o u t o b t a in in g a n

Go va n sto w n

u n p u b lis h e d te le p h o n e

W Northern Pkwy t N° '

Ro se b a n k

n u m b e r , f o llo w th e
in s tr u c t io n s p r o v id e d in

M i d -G o v a n s

Dnwci

A n y W h o L is tin g R e m o v a l
t o s u b m i t y o u r lis t in g f o r

' /H
/ e
W ooi

P '‫ *׳‬C a m e ro n
V illa g e

W yndhu rst

r e m o v a l.

Chinqu4p
Pork
K e n il w o r t h P ark
Ro l a n d Park
W in s t o n -G o v a n s

F I G U R E 3 .8 : A n y W h o - R e *e 1 s e L o o k u p S e a r c h R e s u l t

Lab Analysis
A n a ly z e a n d d o c u m e n t a ll th e re s u lts d is c o v e re d
T o o l/ U t ilit y

111

d ie la b e x e rcise .

W h it e P a g e s ( F i n d p e o p le b y n a m e ) : E x a c t lo c a tio n
o f a p e rs o n w it h a d d re s s a n d p h o n e n u m b e r

A nyW ho

G e t D ir e c t io n s : P r e c is e r o u te to th e a d d re s s fo u n d
t o r a p e rs o n
R e v e r s e L o o k u p ( F i n d p e o p le b y p h o n e n u m b e r ):
E x a c t lo c a tio n o f a p e rs o n w it h c o m p le te a d d re s s




PLE A SE

TA LK

TO


H A V E

Q U E ST IO N S

Questions
1.

C a n v o u c o lle c t a ll th e c o n ta c t d e ta ils o f th e k e y p e o p le o f a n y o rg a n iz a tio n ?

2.

C a n y o u re m o v e y o u r re s id e n tia l lis tin g ? I t v e s , h o w ?

3.

I t y o u h a v e a n u n p u b lis h e d lis tin g , w h y d o e s y o u r in fo rm a tio n s h o w u p

111

A nyW ho?
4.

C a n y o u tin d a p e rs o n

111

A n y W h o th a t y o u k n o w h as b e e n a t th e sa m e

lo c a tio n fo r a y e a r o r le s s ? I f y e s , h o w ?
5.

H o w c a n a lis tin g b e re m o v e d fro m A n y W h o ?

0

Yes

P la t f o r m
0


□ N<
S u p p o rte d

C la s s r o o m

□ !L a b s



People Search Using the Spokeo
Online Tool
Sp o keo is a n o n lin e p eo p le search to o lp ro v id in g re a l- tim e in fo rm a tio n ab o u tp eo p le.
T h is to o l h e lp s n ith o n lin e fo o tp rin tin g a n d a llo w s y o n to d isco ve r d e ta ils a b o u t
p eo p le.

ICON

KEY

(^ 7 Valuable
information
Test your
knowledge
—

W eb exercise

Lab Scenario
F o r a p e n e tra tio n te ste r, it is a lw a y s a d v is a b le to c o lle c t a ll p o s s ib le in fo rm a tio n
a b o u t a c lie n t b e fo re b e g in n in g th e test.
c o lle c tin g p e o p le in fo rm a tio n u s in g th e

111

th e p re v io u s la b , w e le a rn e d a b o u t

AnyWho o n lin e to o l; s im ila rly , th e re a re

m a n y to o ls a v a ila b le th a t c a n b e u se d to g a th e r in fo rm a tio n o n p e o p le , e m p lo y e e s ,
a n d o rg a n iz a tio n s to c o n d u c t a p e n e tra tio n test.

111

tin s la b , y o u w ill le a rn to u se th e

Spokeo o n lin e to o l to c o lle c t confidential information o f k e y p e rs o n s
m

W orkbook review

111

an

o rg a n iz a tio n .

Lab Objectives
T h e o b je c tiv e o t tin s la b is to d e m o n s tra te th e fo o tp rin tin g te c ln n q u e s to c o lle c t

people information u sm g p e o p le s e a rc h s e rv ic e s . S tu d e n ts n e e d to p e rfo rm a p e o p le
s e a rc h u sm g h tt p :/ / w w w .s p o k e o .c o m .

Lab Environment
111

& Tools
dem onstrated in
this lab are
available in
D:CEHToolsCEHv 8
Module 02
Footprinting and
Reconnaissance

th e la b , y o u n e e d :
■

A w e b b ro w s e r w ith a n In te r n e t c o im e c tio n

■

A d m in is tr a tiv e p riv ile g e s to ru n to o ls

■


111

th e C E H

la b e n v ir o n m e n t - o n

W indow s S erver

2 0 1 2 . W indow s 8 , W indow s S erver 2 0 0 8 , a n d W indow s 7

Lab Duration
T n n e : 5 M in u te s




Overview of Spokeo
S p o k e o a g g re g ates v a s t q u a n titie s o f p u b lic d a ta a n d o rg a n iz e s d ie in fo rm a tio n in to
e a s y - to - fo llo w p ro file s . In fo r m a t io n su c h as n a m e , e m a il a d d re ss , p h o n e n u m b e r,
a d d re ss , a n d u s e r n a m e c a n b e e a s ily fo u n d u s in g th is to o l.

__________ Lab Tasks
~

task

1

1.

People Search
Spokeo

S ta rt m e n u b y h o v e r in g th e m o u s e c u r s o r

L a u n c h th e

111

th e lo w e r - le ft


: 8 W in d o w s Server 2012

w w i 1P"L

W' W

W d w Se e 2 1 R ieC d ateC
in o s rv r 0 2 eled an id aiacealn
__________________________________________ E lu tio c p .BuW84a
va a n o y

1

D

H


2.

C lic k th e

Google Chrom e a p p to la u n c h th e C h r o m e b ro w s e r

Start

Mwugor

m

Fa

S p o k e o 's p e o p l e

s e a rc h a llo w s y o u t o fin d

Computer

o ld f r ie n d s , r e u n it e w i t h

Q

c la s s m a t e s , t e a m m a t e s a n d

A d m inistrator

Windows
IW r tto ll

Adm
inistr...
Tools

Mannar

Hyppf-V
Virtjal

Command
Prompt

‫יי‬

*‫־‬
Tad(
Marager

^

rn

*

m ilit a r y b u d d ie s , o r f i n d
lo s t a n d d is t a n t fa m ily .

Earth

V
1“ ‫״‬

______

^‫־־‬

©

Adobe
Reader x

‫' ״‘ 1 , ™ ״‬
‫י‬

Gcoglc
chrome

T

•

F I G U R E 4 .2 : W i n d o w s S e r v e r 2 0 1 2 - A p p s

3.

O p e n a w e b b ro w s e r, ty p e

http://w ww .spokeo.com , a n d p re s s Enter o n d ie

k e y b o a rd




4‫־‬

C 'iw vlw
iw iecccrr

sp ck e o
N*m
e

tm
*1

Ho
n *•

itvmna

AMn>

[
m

A p a rt fro m N a m e

Not your grandma's phone book

s e a rc h , S p o k e o s u p p o rts
f o u r ty p e s o f s e a rc h e s :
• E m a il A d d re ss
• Phone N um ber

Qi

• U se rn am e
• R e s id e n tia l A d d r e s s

F I G U R E 4 .3 : S p o k e o h o m e p a g e h t t p : / A f w v p . s p o k e o . c o m

4.

T o b e g in d ie s e a rch , in p u t d ie n a m e o f d ie p e rs o n y o u w a n t to se a rc h fo r
d ie
O M w »<•
** ‫ד‬
■

‫»־‬

G

111

Nam e fie ld a n d c lic k Search
"‫יי‬

‫־.!*׳**?״‬

vw uw
w k'OCC/n

sp ck e o
Emal

Pnw*

Uwrww

M tn i

R o m Chriatan

Not your grandma's phone book

c>

• ‫ ״‬v

m

F I G U R E 4 .4 : S p o k e o — N a m e S e a r c h

5.

m

S p o k e o re d ire c ts y o u to

search results w id i d ie n a m e y o u h a v e e n te re d

S p o k e o 's e m a i l s e a r c h

s c a n s t h r o u g h 9 0 + s o c ia l
n e t w o r k s a n d p u b lic
s o u r c e s t o f i n d d i e o w n e r 's
n a m e , p h o t o s , a n d p u b lic
p r o file s .

F I G U R E 4 .5 : S p o k e o P e o p l e S e a r c h R e s u lt s





m

P u b lic p r o f ile s fr o m

s o c ia l n e t w o r k s a re
a g g re g a te d in S p o k e o a n d
m a n y p la c e s , in c lu d in g
s e a r c h e n g in e s .


8.

S e a rc h re s u lts d is p la y in g d ie
and
<
‫־‬

c

C »TW
A.»po«o<e*n **rcKc- Rove

s p e k e o
1 is

Address. Phone Number, Email Address. City

State, e tc.

0»Contantt

on&»7-t30#Alaba‫׳‬rfl;3 7 3 1 3
&3G91

* SJ

Rom ChiMlan Pntar a C*y

4

------

( M■ ,

1
a

1

s j

Rose Christian
di

v •rant Oeuas

»

©
SL

C onW ei
— Bunptc• I it

‫ ־‬Location Nttory
•

S«o Available K
ccultc

See taaSy Ir••

gyahoo.co‫״‬

M ISuus
mk
So* AvM
lahl* U M
mii ■

UM^orH-). Al J611J

1

Soo Available K
cculfc

T (M a yfim
e
*

ttnyttimnmtH• •artnt‫׳‬e

1 • Fara*1 &*ch«rcu1‫־‬
•
:J
Location Histor.
1 • onetM & J osji Pre*la*
‫׳‬
I 0

;'^ U iovnan. *L 1 1 7
1 iM
61

^

i

»

v





,m i

9.

S e a rc h re s u lts d is p la y in g d ie

Location History

& = y A l l r e s u lt s w i l l b e
d i s p l a y e d o n c e t h e s e a r c h is
c o m p le t e d

spckeo
| Location Hittory


10. S p o k e o s e a rc h re s u lts d is p la y d ie

Family Background, Family Economic

Health a n d Family Lifestyle
C

wJBdmw

s p c k e o

*

^57&‫ ] -־‬A 0 < r » C 3 6
‫ :׳‬O I b 1 r 3 7 >
Ko»e Christian -nteraClty

w yB c p u d
iH a fc ro n

|
1 raudrtIn# rf‫«׳‬Nm• M•* d
•
ir *•

|Fam Eccroiric H » f>
ily
«>
• EfW G ino’
W anjM

F I G U R E 4 .1 0 : S p o k e o P e o p l e S e a r c h R e s u lt s
I U k !! O n l i n e m a p s a n d
s tre e t v i e w a re u s e d b y o v e r

11. S p o k e o s e a rc h re s u lts d is p la y d ie

Neighborhood to r th e s e a rc h d o n e

3 0 0 ,0 0 0 w e b s i t e s , i n c l u d i n g
m o s t o n lin e p h o n e b o o k s

1 *t3 A
7 0«‫ ׳‬latrtm
a:367;

a n d r e a l e s ta te w e b s it e s .

s p ck e o

F I G U R E 4 . 1 1: S p o k e o P e o p l e S e a r c h R e s u lt s




12. S im ila rly , p e rfo rm a
m

Reverse s e a rc h b y g iv in g p h o n e n u m b e r, a d d re ss , e m a il

S p o k e o 's r e v e r s e

p h o n e lo o k u p fu n c t io n s
lik e a p e r s o n a l c a lle r - ID

a d d re ss , e tc .

111

d ie

Search h e ld to fin d d e ta ils o f a k e y p e rs o n o r a n

o rg a n iz a tio n

s y s t e m . S p o k e o 's r e v e r s e
p h o n e n u m b e r s e a rc h

ootejp
.'scafch> t=
S UO&P

■
it

a g g re g a te s h u n d r e d s o f
m illio n s o f p h o n e b o o k

s p o k e o

| ' [(•*25 002-6080 |
)

<,
*

-I

r e c o r d s t o h e lp lo c a t e th e
o w n e r 's n a m e , l o c a t i o n ,

•

Tull Nam Av.ll.bl•
•
9 ‫*>״‬
•

tim e z o n e , e m a il a n d o th e r

•

p u b lic in fo r m a t io n .

Q

WlrilNam

Q

POfc•“ “

( ‫) י‬

n■ ■I
■■

1

AnM*»

V rr© !*•OaUtH
•
1> am om iw cm r*»w»«w . cm M t
iw
m
w
"‫ --- - י־**־־"־‬-

•

__

Locution Hlttcry

------- _

jr.!!
F I G U R E 4 .1 2 : S p o k e o R e v e r s e S e a r c h R e s u l t o f M i c r o s o f t R e d m o n d O f f i c e

Lab Analysis
A n a ly z e a n d d o c u m e n t a ll th e re s u lts d is c o v e re d
T o o l/ U t ilit y

111

d ie la b e x e rcise .

P r o f ile D e t a ils :
■

C u rre n t A d d re s s

■

Phone N um ber

■

E m a il A d d r e s s

■

M a r it a l S ta tu s

■

E d u c a t io n

■

O c c u p a t io n

L o c a t io n H is t o r y : In f o r m a t io n a b o u t w h e r e th e p e rs o n
Sp okeo

h a s liv e d a n d d e ta ile d p r o p e r t y in f o r m a t io n
F a m il y B a c k g r o u n d : In f o r m a t io n a b o u t h o u s e h o ld
m e m b e rs t o r th e p e rs o n y o u s e a rc h e d
P h o to s &

S o c ia l P r o f ile s : P h o t o s , v id e o s , a n d s o c ia l

n e t w o r k p r o file s
N e ig h b o r h o o d : In f o r m a t io n a b o u t th e n e ig h b o r h o o d
R e v e r s e L o o k u p : D e t a ile d in f o r m a t io n f o r th e s e a rc h d o n e
u s in g p h o n e n u m b e rs




PLE A SE

TA LK

TO


H A V E

Q U E ST IO N S

Questions
1.

H o w d o y o u c o lle c t a ll th e c o n ta c t d e ta ils o f k e y p e o p le u s in g S p o k e o ?

2.

Is it p o s s ib le to re m o v e y o u r re s id e n tia l lis tin g ? I f y e s , h o w ?

3.

H o w c a n y o u p e rfo rm a re v e rs e s e a rc h u s in g S p o k e o ?

4.

L is t th e k in d o f in fo rm a tio n th a t a re v e rs e p h o n e s e a rch a n d e m a il se a rch
w ill y ie ld .

0

Yes

P la t f o r m
0


□

N o

S u p p o rte d

C la s s r o o m

□ !L a b s



Analyzing Domain and IP Address
Queries Using SmartWhois
S m a rtW h o is is a n e tw o rk in fo rm a tio n u tility th a t a llo w s y o n to lo o k u p m o st
a v a ila b le in fo rm a tio n on a hostnam e, IP

ad d ress, o r d o m ain .

Lab Scenario
Valuable
information______

111

th e p re v io u s k b , y o u le a rn e d to d e te rm in e a p e rs o n o r a n o rg a n iz a tio n ’s lo c a tio n

u s in g th e

Spokeo o n lin e to o l. O n c e a p e n e tra tio n te s te r h a s o b ta in e d th e u s e r’s

Test your
knowledge
=

lo c a tio n , h e o r sh e c a n g a th e r p e rs o n a l d e ta ils a n d c o n fid e n tia l in fo rm a tio n fro m th e

W eb exercise

e n g in e e rin g . 111 th is la b , y o u w ill le a rn to u se th e

W orkbook review

u s e r b y p o s in g as a n e ig h b o r, th e

c a b le g u v , o r th ro u g h

th e a v a ila b le in fo rm a tio n a b o u t a n y I P

a n y m e a n s o f s o c ia l

SmartWhois to o l to lo o k u p a ll o l

a d d re ss , h o s tn a m e ,

01‫־‬

d o m a in a n d u s in g

th e se in fo rm a tio n , p e n e tra tio n te ste rs g a m a cce ss to th e n e tw o rk o f th e p a rtic u la r
o rg a n iz a tio n fo r w h ic h th e y w is h to p e rfo rm a p e n e tra tio n test.

Lab Objectives
T h e o b je c tiv e o f tin s la b is to h e lp s tu d e n ts a n a ly z e

domain a n d IP address q u e n e s.

T in s la b h e lp s y o u to g e t m o s t a v a ila b le in fo rm a tio n
and

011

a

hostname, IP address,

domain.

Lab Environment
& Tools
dem onstrated in
this lab are
available in
D:CEHToolsCEHv 8
Module 02
Footprinting and
Reconnaissance

111

th e la b y o u n e e d :
■

A c o m p u te r r u n n in g a n y v e r s io n o f

■

A d m in is t r a to r p r iv ile g e s to r u n

■

The

01‫־‬

■

S m artW hois

Sm artW hois to o l, a v a ila b le 111 D:CEH-T 00 lsCEHv 8 M odule 02
Footprinting and R econnaissanceW H O IS Lookup ToolsSm artW hois
d o w n lo a d a b le f r o m h t t p :/ / w w w .ta m o s .c o m

I f y o u d e c id e to d o w n lo a d th e la te s t v e r s io n , th e n
111


W indow s w it h In te rn e t a c c e s s

screen sh ots s h o w n

th e la b m ig h t d if f e r



Lab Duration
E Q h t t p :/ / w w w . ta m o s .c o
‫.׳‬

T u n e : 5 M in u te s

Overview of SmartWhois
S m a r tW h o is is n e tw o rk in fo rm a tio n u tilit y th a t a llo w s y o u to lo o k u p m o s t a v a ila b le
in fo rm a tio n
p ro v in c e ,

011

c ity ,

a

hostname, IP address, o r domain, in c lu d in g c o u n try , sta te o r

n am e

of

netw ork

th e

provider,

te c lu iic a l

s u p p o rt

c o n ta c t

in fo rm a tio n , a n d a d m in is tra to r.
m

S m a r tW h o is c a n b e

S m a r tW h o is h e lp s y o u to s e a rc h fo r in fo rm a tio n s u c h as:

c o n fig u r e d t o w o r k f r o m

■

T h e o w n e r o l th e d o m a in

■

T h e d o m a in re g is tra tio n d a te a n d th e o w n e r’s c o n ta c t in fo rm a tio n

■

b e h in d a f ir e w a ll b y u s in g

T h e o w n e r o f d ie I P a d d re ss b lo c k

H T T P / H T T P S p ro x y
s e rve rs. D iff e r e n t S O C K S
v e r s i o n s a r e a ls o s u p p o r t e d .

Lab Tasks
N ote: I f y o u a re w o r k in g
num ber 13

111

th e lL a b s e n v ir o n m e n t, d ir e c tly ju m p to

1.

F o llo w th e w iz a r d - d r iv e n

2.

T o la u n c h th e

step

in s ta lla tio n s te p s a n d in s ta ll S m a r t W h o is .

S ta rt m e n u , h o v e r th e m o u s e c u r s o r

111

th e lo w e r- le ft


m

S m a r t W h o is c a n save

o b t a in e d in f o r m a t io n t o a n
a r c h i v e f i le . U s e r s c a n l o a d
t h is a r c h iv e th e n e x t t im e
t h e p r o g r a m is la u n c h e d


a n d a d d m o r e in fo r m a t io n
t o it . T h i s f e a t u r e a l l o w s

3.

T o la u n c h

S m artW hois, c lic k Sm artW hois

111

apps

y o u t o b u ild a n d m a in t a in
y o u r o w n d a ta b a s e o f I P
a d d resses a n d h o s t n a m e s.




Start
Microsoft
WcrG 2010

Ucrwoft
Office 2010
jptoad‫״‬

Proxy
Workben‫.״‬

a

•

‫לי‬

p lr ^ ?

Snogit !‫ס‬
Editor

jlDtal
VJatworir

5

r

41

S

Adobe
Reader X

Google
Earth

Uninstol

Dcrroin
Name Pro

Uninstall
or Repair

Visual IP
Trace

HyperTra.
Updates

Bl

S'
■
S

<&rt
Googie
Earn n _

J

T

J

Keqster
AV Picture
Vcwrr

W11RAR

Start
Googfe
harm *u

AV Picture
Vicwor

Run Client

Path

VisualKc...
?010

Reqister
HyporTra

HyperIra.

m

A

Hdp

FAQ

Uninstall
UypwTia..

PingPlott•
Standard

■
?

I?

‫ז הי‬

4

Snagit 1
0

‫ה‬
‫•יי‬

&

H

5r

MTTflort
).ONFM

Aeb DMA

Google
Chtomt

Uninstall

;<

C.

o

‫־•י‬

id

f
SnurnMi

4.

MIB
Compier

GEO

Mage
NctTrazc

«

t
R jr Server

•

M«g)Png

Met
ccnfigur..

*>

F I G U R E 5 .2: W i n d o w s S e r v e r 2 0 1 2 — A p p s

TAS K 1
Lookup IP

4.

The

Sm artW hois m a in w in d o w a p p e a rs

ro

Sm artW hois - Evaluation Version

File Query Edit View Settings Help

B|

> 8

1) 8 8

IP, host or domain: 9

There are no results to dtspl...

m

I f y o u n ee d to q u e ry a

n o n - d e fa u lt w h o is s e r v e r o r
m a k e a s p e c ia l q u e r y c lic k
V ie w

W h o is C o n s o le

f r o m th e m e n u o r c lic k th e
Q u e r y b u t t o n a n d s e le c t

Ready

C u s to m Q u ery.

F IG U R E

D
.

T y p e an

5 .3 : T h e S m a r t W h o i s m a i n w i n d o w

IP address, hostnam e, o r dom ain nam e

111

th e fie ld ta b . A

11

e x a m p le o f a d o m a in n a m e q u e ry is s h o w n as fo llo w s , ‫ ־‬w w .g o o g le .c o m .
w
T IP, host or domain: 9 google.com

V

F IG U R E

6.

N o w , c lic k th e

5 .4 : A

Quety

S m a r t W h o is d o m a in s e a rc h

Query ta b to fin d a d ro p - d o w n lis t , a n d th e n c lic k As

Dom ain to e n te r d o m a in n a m e


]

111

th e fie ld .



m

S m a r t W h o i s is

c a p a b le o f c a c h in g q u e r y
r e s u lt s , w h i c h r e d u c e s th e
tim e n e e d e d t o q u e r y a n
a d d re s s ; i f th e in fo r m a t io n
i s i n t h e c a c h e f i l e i t is
im m e d ia t e ly d is p la y e d a n d
n o c o n n e c tio n s to th e
w h o i s s e r v e r s a r e r e q u ir e d ..

F IG U R E

7.

5 .5 : T h e S m a r t W h o i s — S e l e c t i n g Q u e r y t y p e

111 th e le f t p a n e o f th e w in d o w , th e
d is p la y s d ie re s u lts o f y o u r

m

resu lt d is p la y s , a n d d ie r ig h t p a n e

query.

S m a r t W h o is c a n

S m a rtW h o is ‫ ־‬Evaluation Version

p r o c e s s li s t s o f I P


a d d re s s e s , h o s tn a m e s , o r
d o m a in n a m e s s a v e d as
p la in t e x t ( A S C I I ) o r

IP, host or domain: J

U n i c o d e f i le s . T h e v a l i d

google.com

7]

< Query ■
>
‫׳‬

f o r m a t f o r s u c h b a t c h f i le s
is s im p le : E a c h lin e m u s t
b e g in w it h a n I P

9009 le.c0 m

a d d ress,

n

h o s tn a m e , o r d o m a in . I f
y o u w a n t to p ro c e s s
d o m a in n a m e s , th e y m u s t
b e l o c a t e d i n a s e p a r a t e f i le
fro m I P

ad d resses a n d

h o s tn a m e s .

Dns Admin
Google Inc.
Please contact contact-admingSgoogle.com 1600 Amphitheatre Parkway
Mountain View CA 94043
United States
dns-admin©google.com *1.6502530000 Fax: ♦
1.6506188571

DNS Admin
‫ ו‬Google Inc.
1600 Amphitheatre Paricway
United States
dns-admin@qooale.com ♦1.6506234000 Fax: . 1.6506188571
DNS Admin
I Google Inc.
2400 E. Bayshore Pkwy
United States
dns-adm1 9009 le.c0 m ♦1.6503300100 Fax: ♦
ngi
1.6506181499
ns4.google.com
1 ns3.google.com

F IG U R E

8.

C lic k th e

C le a r ic o n

5 .6 : T h e S m a r t W h o i s — D o m a i n q u e r y r e s u l t

111

th e t o o lb a r to c le a r d ie h is to r y .

Sm a rtW h o is ‫ ־‬E valu atio n V ersion


JT

^

B>

F IG U R E

—

t

9.

T o p e r fo r m a s a m p le

5 .7 : A

S m a r t W h o is t o o lb a r

host nam e query, ty p e w w w .fa c e b o o k .c o m .

Host Nam e Query




10. C lic k th e
h o s tn a m e
IP, host or domain: i

Query ta b , a n d d ie n s e le c t As IP /H ostnam e a n d e n te r a
111

d ie fie ld .
v ^ c^ Q uery^ ^

facebook.com

F IG U R E

11.
m

I f y o u w a n t to q u e ry a

111

5 .8 : A

S m a r t W h o is h o s t n a m e q u e ry

th e le f t p a n e o f th e w in d o w , th e

resu lt d is p la y s , a n d

p a n e , th e te x t a re a d is p la y s th e re s u lts o f y o u r

d o m a in r e g is tr a tio n

111

th e r ig h t

query.

Sm artW hois * Evaluation Version

d a ta b a s e , e n t e r a d o m a in
n a m e a n d h it th e E n t e r k e y
w h ile h o ld in g th e C t r l k e y ,
o r ju s t s e le c t A s D o m a i n

File Query Edrt View Settings Help

0

3 ? ‫ ״ £* ״‬A

■t 'T

S

B>

3>

IP, host or domain: J www.facebook.com

< Query
>

fr o m th e Q u e r y d ro p d o w n

U
Domain Administrator
Facebook, Inc.
1 0 Willow Road
61
Menlo Park CA 94025
United States
domainffifb.com -1.6505434800 Far «•1.65 5 4 00
0 43 8

3

‫ ו‬Facebook, Inc.
1 0 Willow Road
61
Menlo Park CA 94025
United States
domain®fb.com -1.6505434800 Fax: ♦1.6505434800
1 Facebook, Inc.

1 0 Willow Road
61
Menlo Park CA 94025
United States
doma1
nffifb.com ♦
1.6505434800 Fax: « 1.6505434800
•
ns3.facebook.com
, ns5.facebook.com

J
m

I f y o u ’r e s a v i n g

r e s u lt s a s a t e x t file , y o u c a n

F IG U R E

5 .9 : A

S m a r t W h o i s h o s t n a m e q u e r y r e s u lt

s p e c if y t h e d a ta fie ld s t o b e
s a v e d . F o r e x a m p le , y o u

12. C lic k th e

C le a r ic o n

111

th e t o o lb a r to c le a r th e h is to r y .

c a n e x c lu d e n a m e s e r v e r s
o r b illin g c o n t a c t s f r o m th e

13. T o p e r fo r m a s a m p le

IP Address q u e ry , ty p e th e I P a d d re s s 1 0 .0 .0 .3

o u t p u t f i le . C l i c k
S e t t in g s ‫ ) ־‬O p t io n s ‫ ^ ־‬T e x t
&

(W in d o w s 8 I P a d d re s s )

111

th e

IP, host or dom ain fie ld .

X M L t o c o n fig u r e th e

o p tio n s .

IP, host or domain:

^

10.0.0.3

F IG U R E

5 .1 0 : A

S m a r t W h o is I P

14. 111 th e le f t p a n e o f th e w in d o w , th e

ad d ress q u e ry

resu lt d is p la y s , a n d

p a n e , th e te x t a re a d is p la y s th e re s u lts o f y o u r


111

th e r ig h t

query.



^3

SmartWhois - Evaluation Version

! ‫ ־־‬I ‫ ם‬r

x

‫י‬

Tile Query Edt View Settings Help

■®
j‫׳‬

b

b
v

IP, hast or domain; | 9 10.0.0.3

L

0

10.0.0.0 -10.255.255....

^

10.0.0.3

X X

H=y1

10.0.0.0 10255.255.255

I
.

Internet Assigned Numbers Authority
4676 Admiralty Way, Suite 330
Marina del Rey
CA
90292-6595
United States

S m a r t W h o is s u p p o rts
69

c o m m a n d lin e p a ra m e te r s

!{ Query »
=
>

s p e c ify in g I P

Internet Corporation for Assigned Names and Number
1-310-301 •5820
9buse©1ana,org

«
•

y Internet Corporation for Assigned Names aid Number
jj;
A abuseO1ana.0 rg
»
301-5820■ ‫וג‬
0‫-י‬

a d d r e s s / h o s t n a m e / d o m a in
, a s w e l l as file s t o b e
opened /saved.

[n

l ‫ > ־‬PRIVATE-ADDRESS-ABLK-RFC1918-IANA-RESERVED
‫־‬
Updated: 2004-02-24
Source: whois.arin.net
Completed at 7/30/2012 12:32:24 PM
Processing time: 0.14 seconds
View source

_________________J

Done

F IG U R E

5 .1 1 : T h e S m a r t W h o i s I P

q u e r y r e s u lt

Lab Analysis
D o c u m e n t a ll th e I P a d d re s s e s / h o s tn a m e s f o r th e la b t o r f u r th e r in f o r m a t io n .
T o o l/ U t ilit y

D o m a in n a m e q u e r y r e s u lt s : O w n e r o f th e w e b s ite
H o s t n a m e q u e r y r e s u lt s : G e o g r a p h ic a l lo c a tio n o f

S m a r t W h o is

th e h o s te d w e b s ite
IP

a d d r e s s q u e r y r e s u lt s : O w n e r o f th e I P a d d re s s

b lo c k

PLE A SE

TA LK

TO

Y O U R IN S T R U C T O R IF YO U

H A V E

Q U E ST IO N S

Questions
1.

D e te rm in e w h e th e r y o u c a n u se S m a r tW h o is i f y o u a re b e h in d a fir e w a ll o r
a p ro x y s e rv e r.

2.
3.


W h y d o y o u g e t C o n n e c tio n tim e d o u t o r C o n n e c tio n fa ile d e rro rs ?
Is it p o s s ib le to c a ll S m a r tW h o is d ire c d y fro m m y a p p lic a tio n ? I f y e s , h o w ?



4.

W h a t a re L O C re c o rd s , a n d a re th e y s u p p o rte d b y S m a r tW h o is ?

5.

W h e n ru n n in g a b a tc h q u e ry , y o u g e t o n ly a c e rta in p e rc e n ta g e o f th e
d o m a in s / IP a d d re sse s p ro c e s s e d . W h y a re s o m e o f th e re c o rd s u n a v a ila b le ?

□

Yes

P la t f o r m
0


□ N o
S u p p o rte d

C la s s r o o m

0

!L a b s



Lab

Network Route Trace Using Path
Analyzer Pro
P a th A n a ly s e r P ro d e liv e rs ad van ced n e tw o rk ro u te tra c in g n ith p e rfo rm a n ce tests,
D N S , w ho/s, a n d n e tiro rk re so lu tio n to in ve stig a te n e tiro rk issu es.

Lab Scenario
Valuable
information______

U s in g th e in fo rm a tio n

IP address, hostname, domain, e tc. fo u n d

111

th e p re v io u s

la b , a cce ss c a n b e g a in e d to a n o rg a n iz a tio n ’s n e tw o rk , w h ic h a llo w s a p e n e tra tio n
Test your
knowledge
=

W eb exercise
W orkbook review

te s te r

to

p o s s ib le

th o ro u g h ly

le a rn

v u ln e ra b ilitie s .

about

T a k in g

th e
a ll

o rg a n iz a tio n ’s
th e

in fo rm a tio n

p e n e tra tio n te ste rs s tu d y th e sy ste m s to tin d d ie b e s t

n e tw o rk

e n v iro n m e n t

g a th e re d

in to

fo r

a c c o u n t,

routes of attack. T h e sa m e

task s c a n b e p e rfo rm e d b y a n a tta c k e r a n d th e re s u lts p o s s ib ly w ill p ro v e to b e v e r y
fa ta l fo r a n o rg a n iz a tio n .
c o m p e te n t to tra c e

s u c h cases, as a p e n e tra tio n

111

te s te r y o u

s h o u ld b e

netw ork route, d e te rm in e netw ork path, a n d tro u b le s h o o t

netw ork issues. H e r e y o u w ill b e g u id e d to tra c e d ie n e tw o rk ro u te u s in g d ie to o l
Path Analyzer Pro.

Lab Objectives
The

o b je c t iv e

o f tin s

n e t w o r k p a th s , a n d I P

la b

is

to

h e lp

s tu d e n ts

research em ail addresses,

a d d re s s e s . T h is la b h e lp s to d e te rm in e w h a t I S P , r o u te r ,

o r s e rv e rs a re re s p o n s ib le f o r a

n e tw o rk problem.

Lab Environment
H Tools
dem onstrated in
this lab are
available in
D:CEHToolsCEHv 8
Module 02
Footprinting and
Reconnaissance

111

th e la b y o u n e e d :
■

D :CEH-ToolsCEHv 8
M odule 02 Footprinting and R econ n a is s a n c e T ra c e ro u te ToolsPath
A nalyzer Pro

■

Y o u c a n a ls o d o w n lo a d th e la te s t v e r s io n o f

P a t h A n a ly z e r p ro : P a t h A n a ly z e r p r o is lo c a te d a t

■

I f y o u d e c id e to d o w n lo a d th e la te s t v e r s io n , th e n
111


Path A n alyzer Pro fr o m

th e lin k h tt p :/ / w w w .p a t h a 11a ly z e r .c o m / d o w n lo a d .o p p

screen sh ots s h o w n

th e la b m ig h t d if f e r

All Rights Reserved. Reproduction is Stticdy Prohibited.


W indow s S erver 2 0 1 2

■

In s t a ll tin s t o o l o n

■

D o u b le - c lic k

■

F o llo w th e w iz a r d d r iv e n in s ta lla t io n to in s ta ll it

■

A d m in is t r a t o r p r iv ile g e s to r u n

PAPro27.m si

Path A nalyzer Pro

Lab Duration
T u n e : 10 M in u te s

Overview of Network Route Trace
T ra c e ro u te

is

a c o m p u te r n e t w o r k

tra n s it tim e s

of

p a c k e ts

a c ro s s

to o l
an

lo r

m e a s u rin g

In t e r n e t

p ro to c o l

route path a n d

th e
(IP )

n e tw o r k .

The

tra c e ro u te t o o l is a v a ila b le o n a lm o s t a ll U n ix - lik e o p e r a tin g s y s te m s . V a r ia n t s ,
T r a c e r o u t e is a

su ch

as

tra c e p a th o n m o d e r n L in u x in s ta lla tio n s a n d tra c e rt o n M ic r o s o f t

s y s te m a d m in is t r a t o r s ’
u t ilit y to tr a c e th e r o u te I P

W in d o w s o p e r a tin g s y s te m s w it h s im ila r f u n c tio n a lit y , a re a ls o a v a ila b le .

p a c k e ts ta k e fr o m a s o u rc e
s y s te m t o s o m e d e s t in a t io n
s y ste m .

Lab Tasks
1.

F o llo w th e w iz a r d - d r iv e n in s ta lla t io n s te p s to in s ta ll P a t h A n a ly z e r P r o

2.

T o la u n c h th e

S ta rt m e n u , h o v e r th e m o u s e c u r s o r in th e lo w e r- le ft



3.

T o la u n c h

Path A nalyzer Pro, c lic k Path A nalyzer Pro

Start
&

111

apps

A dm inistrator

£

P a t h A n a ly z e r P r o

s u m m a r iz e s a g iv e n tra c e

Server
M 1 nye1
<

w it h in s e c o n d s b y

Wncawi
PuwerStiell

f
—

w i t h a ll t h e im p o r t a n t
in fo r m a t io n o n th e ta rg e t—
w e c a ll t h is d ie S y n o p s is .

Task
Manager

Admimstr..
Tooh

Mozilla
Fkiefctt

ttyp*f-V
Manager

hyperV
Virtual
Machine

m

Compute

g e n e r a t in g a s im p le r e p o r t

<0

*

‫יי‬

&

Command
Prompt

Google
Chrome

‫פי‬

<
o

Google
fcarth

Adobe
Reader X

j


Path
Aiktyiet
Pt02J

X



F I G U R E 6 .2 : W i n d o w ' s S e r v e r 2 0 1 2 — A p p s

E valu ate b u tto n

4.

C lic k th e

5.

T h e m a in w in d o w o f P a t h A n a ly z e r P r o a p p e a rs as s h o w n in th e

011

R e g is tr a t io n F o r m

f o llo w in g s c re e n s h o t

‫מ‬

Path Analyzer Pro

File

Vgm

Hep

« 9
New

Trace N etw ork

4

0092

P‫־‬efcrercE£

rsr ini &

Paae Setup

Print

Exoort Export KM.

Chedc for Ibdstes

StandardOptions
Protoca)

Port: 3 Smart 65535 C

< IC 5
DM
IO

TO
>
O ucp

(J

Help

'C‫ ‘׳‬Report

N*T-f*rx»/

*fji Svnooab | ( 3 Charts [ Q

Geo | yl loo | O

Trace

|Onc-ttroe Trace

Sfcfa

source Pat
I □ RcnJw [65535

^

Tae Mods
r cs
I (•) Defaiit
I C) FIN5*oc*tt fW/

ASN

NetivorkNam %
e

‫ ־‬Acvanced Probe Detak
_cr‫ ־‬J ‫ ־‬of potkct
g‫׳‬
Srrart

T]

6^

U tim
fe
1 O
SC

nr*sec0ncs

Type-cf-55rvce
(•) Urspcaficc
O NWnte-Dday
M3x1mun T 1
T_

I”
lr»tai Seqjerce Mmfce‫־׳‬

[*j Ran^orr |l
U

J

F IN

-$

P a c k e t s O n ly -

g e n e ra te s o n ly T C P p a c k e ts
w it h th e F I N

fla g s e t in
‫־‬acct^otu

o r d e r t o s o lic it a n R S T o r

^

r■0 03la

T C P re s e t p a c k e t as a

F IG U R E

6 .3 : T h e P a t h A n a l y z e r P r o M a i n w i n d o w

r e s p o n s e f r o m th e ta rg e t.
T h is o p tio n m a y g e t
b e y o n d a fir e w a ll at th e

6. S e le c t th e

ta rg e t, th u s g iv in g th e u s e r

IC M P p r o to c o l in th e Standard Options s e c tio n .
Standard Options
Protocol

m o r e tr a c e d a ta , b u t it
c o u ld b e m is c o n s t r u e d a s a
m a lic io u s a tta c k .

©

ICMP |

O

TCP

0

UDP

□

NAT-friendly

Source Port
1 I Random

65535

-9-

Tracing Mode
( • ) D efault
O

A daptive

O

FIN Packets Only

F IG U R E

m

P a d i A n a ly z e r P r o

s u m m a r iz e a ll t h e r e le v a n t
b a c k g r o u n d in fo r m a t io n o n

7.

U nder

6 .4 : T h e P a t h A n a l y z e r P r o S t a n d a r d O p t i o n s

A dvanced Probe D etails, c h e c k th e S m art o p tio n

of p a c k e t s e c tio n a n d le a v e th e r e s t o f th e o p tio n s

111

111

th e

Length

tin s s e c tio n a t

th e n ‫ ־‬d e fa u lt s e ttin g s .

it s ta r g e t, b e i t a n I P
a d d re ss, a h o s tn a m e , o r a n
e m a il a d d ress.


Note: F ir e w a ll is r e q u ire d to b e d is a b le d f o r a p p r o p r ia te o u tp u t



m

Advanced Probe Details
Length o f packet

P a d i A n a ly z e r P r o

b e n e f it s :

■

R e s e a rc h I P

0

ad d resses,

Smart

64

Lifetime

e m a il a d d re s s e s , a n d
n e t w o r k p a th s
*

300

P in p o in t a n d

milliseconds

tr o u b le s h o o t n e t w o r k
a v a ila b ilit y a n d

Type-of-Service

p e r f o r m a n c e is s u e s
■

(§) Unspecified

D e te r m in e w h a t I S P ,

O

r o u t e r , o r s e r v e r is
r e s p o n s ib le f o r a
n e t w o r k p r o b le m
■

Minimize-Delay

Maximum TTL
30

L o c a t e fire w a lls a n d
o t h e r filt e r s t h a t m a y b e
im p a c t in g c o n n e c t io n s

■

Initial Sequence Number

V i s u a l l y a n a ly z e a

0

Random

1

n e t w o r k 's p a th
c h a r a c t e r is t ic s
*

jitte r , a n d o t h e r f a c to r s

■

F IG U R E

8.

111 th e

9.

hops

A dvanced T racin g D etails s e c tio n , th e o p tio n s r e m a in a t th e ir

d e fa u lt s e ttin g s .

T r a c e a c t u a l a p p lic a t io n s
a n d p o r t s , n o t ju s t I P

■

6 .5 : T h e P a t h A n a l y z e r P r o A d v a n c e d P r o b e D e t a i l s w i n d o w

G r a p h p r o t o c o l la t e n c y ,

C h eck

Stop on control m essages (ICM P)

111

th e

A dvan ce T racing

D etails s e c tio n

G e n e r a t e , p r in t , a n d
e x p o r t a v a r ie t y o f

Advanced Tracing Details
Work-ahead Limit

im p r e s s iv e r e p o r ts
‫י‬

P e rfo rm

c o n t in u o u s a n d

5

t i m e d t e s t s w i d i r e a l-

01 TTLs

t im e r e p o r tin g a n d

Minimum Scatter

h is to r y

20

milliseconds

Probes per TTL
Minimum:
Maximum:

10

V ] Stop on control messages flC M Pj
F IG U R E

6 .6 : T h e P a t h A n a l y z e r P r o A d v a n c e d T r a c i n g D e t a i l s w i n d o w

10. T o p e r fo r m th e tra c e a fte r c h e c k in g th e s e o p tio n s , s e le c t th e ta rg e t h o s t,
fo r in s ta n c e w w w .g o o g le .c o m . a n d c h e c k th e P o r t :

S m art as d efa u lt

(65535).
T arg et:

w w w.google.com

0

F IG U R E

6 .7 : A

Sm art

]6 5 5 3 5 'Q ' I

Trace

| | One-time Trace

P a t h A n a ly z e r P r o A d v a n c e T r a c in g D e ta ils o p tio n

N o t e : P a t h A n a ly z e r
P r o is n o t d e s ig n e d t o b e

11. 111 th e d ro p - d o w n m e n u , s e le c t th e d u r a tio n o f tim e as

T im ed T ra c e

u s e d a s a n a t t a c k t o o l.

Target:

ww w .google.com

Po rt: 0

F IG U R E

12. E n t e r th e

6 .8 : A

Sm a rt

65535

Trace

] [‫־‬Timed Trace

P a t h A n a ly 2 e r P r o A d v a n c e T r a c in g D e ta ils o p tio n

Type tim e o f tra c e

111

th e p r e v io u s ly m e n tio n e d fo r m a t as

H H : M M : SS.




£3 Type time of trace!_ !_ [

x

Accept

<>

-0-3

Q

0

<>

Time o f trace (hh:mm:ss)

Cancel

SB TASK 2
F IG U R E

T race Reports

6 .9 : T h e P a t h A n a l y z e r P r o T y p e t i m e o f t r a c e o p t i o n

T ra c e ta b c h a n g e s

13. X lu le P a th A n a ly z e r P r o p e rfo rm s th is tra c e , th e
a u to m a tic a lly to
T a rg et:

Stop.

vvww.google.com

P o rt:

F IG U R E

6 .1 0 : A

3

Sm art

180

Stop

Timed Trace

P a t h A n a ly z e r P r o T a r g e t O p t io n

14. T o se e th e tra c e re s u lts , c lic k th e

R eport ta b to d is p la y a lin e a r c h a rt

d epicting th e n u m b e r o f h o p s b e tw e e n y o u a n d th e ta rg e t.
Target‫ ׳‬vw .Q oge co
w O
rr
H = yj T h e A d v a n c e d P r o b e

| Titred‫ ־‬ra e
Tc

O Report 5 ‫ ־‬Svnoow 3 C
harts vj G
eo

Loc (3 Stats

D e t a i l s s e t t in g s d e t e r m i n e
h o w p r o b e s a re g e n e ra te d
to p e r fo r m th e tra c e . T h e s e
in c lu d e th e L e n g t h o f
p a c k e t, L ife tim e , T y p e o f
S e r v ic e , M a x im u m T T L ,
a n d In it ia l S e q u e n c e
N u m b e r.

IP Adciesj

|Hop
No icplv
n
4
No reply
6
7
8
9
IQ

Hostname

packets received from TTLs 1 through 2
1 » 1.17
r»
1
29
1
pockets received from TTL 5
1
1.SZ
2
.95
;
1145
‫נ‬
7
■
M i 176
rric

Network Ncme % lo»s

13209
4755

‫ י‬v...
98.static.52
1.95
).145
2100.net

F IG U R E

15. C lic k th e

ASN

.n«t
5.29.static■

6 .1 1 : A

4755
151&9
15169
15169
15169

Krln Latency

Latency

Avg Latency Max Latency

StdDev

0.0c
0.00

GOOGLE
GCOGLE
GOOGLE
GOOGLE

3.96
4.30

257.78
lllllllllllllllllllllll127924

63179
77 13
61

OJM
JJC
DC
O
3.X
0JX

1663
25T7
2582
2607
25.W

lllllllllllllllll
llllllllllllllllll
lllllllllllllllllll
!lllllllllllllllllll
lllllllllllllllllllll

567.27
62290
660.49
66022
71425

1

165.07
227.13
176.7S
‫77.18־‬
208.93
2C3.45
219.73

251.84
260.64
276.13
275.12
309.08

P a t h A n a ly z e r P r o T a rg e t o p tio n

Synopsis ta b , w h ic h d is p la y s a o n e - p a g e s u m m a r y o f y o u r

tra c e re s u lts .
Taroet: I wv»w.gxgte.:om
m

Trace

lined Trace

L e n g th o f p a c k e t:

T h is o p t i o n a llo w s y o u to

Report |

Sy-Kpnc |‫־‬
E

Chorto j ^

Geo | [gj log | 1 Stota
>‫י‬

s e t th e le n g t h o f t h e p a c k e t
f o r a tra c e . T h e m in im u m
s iz e o f a p a c k e t , a s a

Forward DNS (A records)

74.125■236.176

g e n e r a l r u l e , is
a p p r o x im a t e ly 6 4 b y te s ,
d e p e n d in g o n th e p r o t o c o l
u s e d . T h e m a x i m u m s iz e o f

R ev ers e DNS (PT R- iccotd) *r/vw.l.google.o
Alternate Name
w.vw.gocg o co.

a p a c k e t d e p e n d s o n d ie
p h y s i c a l n e t w o r k b u t is
g e n e r a lly 1 5 0 0 b y te s f o r a
r e g u la r E t h e r n e t n e t w o r k
o r 9 0 0 0 b y te s u s in g G ig a b it
E t h e r n e t n e tw o r k in g w ith

REGISTRIES
The orgamzaton name cn fi e at the registrar for this IP is Google Inc. and the organization associated *ith the originating autonomous system is Google Inc.

ju m b o fr a m e s .
INTERCEPT
The best point cf lav/u intercept is within the facilities of Google Inc..

F IG U R E


6 .1 2 : A

P a t h A n a ly z e r P r o T a r g e t o p tio n



m

16. C lic k th e

TASK

C harts ta b to v ie w th e re s u lts o f y o u r tra c e .

3
Target: I mvw.goo^c.a:

Port: @ Smait [80

‫־‬Race

| |Timed‫־‬
nace

V iew Charts
Repat 1 3■ Synopsis | ^

0

Chars | U

Geo | [g] Log | 51 Stats [

‫^ כ‬

;

: sa
e g
‫כ‬B

S
S

6
0
0
5
0
0
4
0
0

E 0
0
%3
zo
o
1
0
0
0
Ao a
n mly
m

.

P a t h A n a ly z e r P r o

u s e s S m a r t as t h e d e fa u lt
L e n g t h o f p a c k e t. W h e n
t h e S m a r t o p t i o n is
c h e c k e d , d ie s o ftw a r e
a u t o m a t i c a l l y s e le c t s d i e
m in im u m

s iz e o f p a c k e t s

F IG U R E

6 .1 3 : T h e P a t h A n a l y z e r P r o C h a r t W i n d o w

b a se d o n th e p ro to c o l
s e le c t e d u n d e r S t a n d a r d
O p tio n s .

17. C lic k

Geo, w h ic h d is p la y s a n im agin ary w o r ld m a p fo r m a t o t y o u r

tra c e .

—

TASK

4

V iew Im aginary
Map

F IG U R E


6 .1 4 : T h e P a t h A n a l y z e r P r o c h a r t w i n d o w



18. N o w , c lic k th e

TASK

5

V ital Statistics

S ta ts ta b , w h ic h fe a tu r e s th e V ita l S ta tis tic s o f y o u r

c u r r e n t tra c e .
Taiact;

* av».google,:on
•

C'

1

SjTooss

ort: f✓ Smart
---------------- q ‫& ־‬
£3 charts I O Geo

-

3
0

'

|

Tracc

iTimsdTrocc

|2 ‫ ל‬Slats

«

Source

m

M a x im u m T T L : T h e

m a x im u m T i m e t o L i v e
( T T L ) is t h e m a x im u m

Target

Protocol

Distance

Avg Latency

Trace Began

Trace Ended

Filters

10.0.D2 (echO WN-MSSRCK4K41J
:
10.0.02 (ethO: WNMSSELCK4K41
10.0.D2 (cthO: W N MSSELCK4K41
‫־‬C.0.D2 (tr.hC V/ N-MS5ELCK4K41
‫:׳‬
1C.0.02 («h0! W N-MSSELCK4K41
10.0.02 (cthO: WN MSSELCK4K41
10.0.02 (cthC‫ .׳‬W N MSSELCK4K41
‫־‬
1C.0.02 (e‫.׳‬h • W N-MS5RCK4K41
C:
10.0.02 («h0- WN-MSSHCK4K41;
1C.0.02 (cthO: W N MSSELCK4K41
10.0.02 (ethO. WN-MSSELCK4K41
1C.0.02 (e.hC‫ .׳‬W N MSSELCK4K41
10.0.02(*h0-WN-MSSH( K4K4I;
1C.0.0 ‫( י‬cthC‫ :׳‬W N MSSUCK4K41
10.0.02 (cthO. W NMSSCLCK4K41
10.0.02 (e‫׳‬h0: W N-MSSELCMK41
10.0.02 («h0• W N-MSSHl K4K4I;
1C.0.0 ‫( י‬cshC‫ :׳‬W N MSSELCMK-11
10.0.02 (ehO. W M-MSSELCK4K41

74.125256.176
74.125236.176
74.125236.176
74.125236.176
74.125256.176
74.125236.176
74.125236.176
74.125236.176
74.125256.176
74.125236.176
74.125236.176
74.125236.176
74.125256.176
74.125236.176
74.125236.176
74.125236.1 ‫6ל‬
74.125256.176
74.125236.176
74.125236.176

ICMP
ICMP
ICMP
ICMP
ICMP
ICMP
ICMP
ICMP
ICMP
ICMP
ICMP
ICMP
ICMP
ICMP
ICMP
ICMP
ICMP
ICMP
ICMP

1
0
10
10
10
1
0
10
10
10
1
0
1
0
1
0
1
0
10
1
0
10
10
10
10
10

30908
323.98
353.61
37941
39016
404.82
417^4
435.14
42423
421.11
465.05
437.93
44992
446.94
443.51
497.68
5833
681.78
649.31

3 - 1 1 1 11
0 1 1 - 2 :55:11 UTC
30 Jul 12 11
:55:01 UTC
Jul 3 121‫:־‬UTC 54
0
:51
3C-Jul-12 1 :54:41 UTC
*
3 *1 1 - 2 11:54:32 UTC
0 111
30-Jul-1211:54-22 UTC
3 Jul 1 11:54:12 UTC
0
2

50-JuH2 1 :5 - 1 UTC
1 52
30-Jul-12 11:55:11 UTC
30 Jul-12 11
:55.01 UTC
30-Jul-12 11:54:51 UTC
JO-iul-1 11:5441 UTC
2
30 Jul 12 11:54:32 UTC
30 Jul 12 11:5422 UTC
30-JuM2 11:54:12 UTC
50-luM2 11:54€2 UTC
30 Jul 1 11:53:52 UTC
2
30-Jul-l2 11:5343 UTC
30‫־‬JuH2 11:53 33 UTC
tO JuU2 1 :55-24 UTC
1
30 Jul 1 11:53:14 UTC
2
30-Jul-1211;5304 UTC
30-JuM2 11:52.54 UTC
J0-luU2 11:5245 UTC
30 Jul 1 11:52:35 UTC
2
30-Jul-1 11:5225 UTC
2

2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2
2

311J1-1225a1c
c u 11:5*52 UTC
- M: 42r
r r
3- 1
0
30-Jul 12 11:53:43 UTC
121-3C*Jul ‫: ו‬UTC 53:33
30‫־‬JuM2l 1:5324 UTC
J0-luM2 11:53:14UTC
30 Jul 1211:5304 UTC
30-Jul-1 11:52:54UTC
2
30-JuM2 11:52:45UTC
30-luH2 11:52:35UTC
30 Jul 12 11:5225 UTC
30-JuH2 11:52:15UTC

n u m b e r o f h o p s to p ro b e
in a n a tte m p t to re a c h th e
ta rg e t. T h e d e fa u lt n u m b e r
o f h o p s is s e t t o 3 0 . T h e

Source
10.0.02 (ethO: W N-MSSELCK4K41

Target

Protocol

74.125256.176

ICMP

Distance
10

Avg Latency

Trace Segan

46.5771

30-JU-12 11:52:16 UTC

Trace Ended
50-Jul-121 :55-21 UTC
1

Filters
2

M a x im u m T T L th a t c a n b e
u s e d is 2 5 5 .

F IG U R E

19. N o w
File

Export th e r e p o r t b y c lic k in g Export o n th e to o lb a r.

View

Help

9
New

Close

®
f t
Paae Setup Print

Preferences
F IG U R E

20. B v

6 .1 5 : T h e P a t h A n a l y z e ! P r o S t a t i s t i c s w i n d o w

Export

Export KML

Check for Updates

Help j

6 .1 6 : T h e P a t h A n a l y z e r P r o S a v e R e p o r t A s w i n d o w

d e fa u lt, th e r e p o r t w ill b e

saved

at

D:Program Files (x 86 )Path

A nalyzer Pro 2.7. H o w e v e r , y o u m a y c h a n g e it to y o u r p r e fe r r e d
lo c a tio n .

Save File

‫־‬m

Save Statistics As
«

Organize

Program File...

► Path Analyzer Pro 2.7

v

C

Search Path Analyzer Pro 2.7

z|

1= - ® I

N e w folder

Downloads

Date m odified

Type

Recent places
N o items m atch you r search.
Libraries
H
m

T h e In it ia l S e q u e n c e

N u m b e r is s e t a s a c o u n t in g

Docum ents

J*

M usic

E

Pictures

5

Videos

m e c h a n is m w it h in th e
p a c k e t b e tw e e n th e s o u rc e
a n d t h e t a r g e t . I t is s e t t o
R a n d o m as th e d e f a u lt , b u t

1 % Com puter

y o u c a n c h o o s e a n o th e r
s t a r t in g n u m b e r b y

Local Disk (C:)
la

Local Disk (D:)

~

<

u n c h e c k in g th e R a n d o m
b u t t o n a n d fillin g in

File name:

Sam ple Report

Save as type:

CSV Files (c sv )

a n o t h e r n u m b e r . P le a s e
N o t e : T h e In it ia l S e q u e n c e
N u m b e r a p p lie s o n l y t o
T C P c o n n e c t io n s .

H ide Folders

F IG U R E


6 .1 7 : T h e P a t h A n a l y z e r P r o S a v e R e p o r t A s w i n d o w


CEH Lab Manual - Footprinting Targets with Ping

CEH Lab Manual - Footprinting Targets with Ping

Recomendados

Recomendados

Más contenido relacionado

La actualidad más candente

La actualidad más candente (16)

Similar a CEH Lab Manual - Footprinting Targets with Ping

Similar a CEH Lab Manual - Footprinting Targets with Ping (20)

Último

Último (20)

CEH Lab Manual - Footprinting Targets with Ping