Foot Printing

What Is Footprinting?
" Footprinting " is the first and most convenient way that hackers use to gather information 
about computer systems and the companies they belong to.  The purpose of footprinting to 
learn as much as you can about a system, it's remote access capabilities, its ports and 
services, and the aspects of its security.

In order to perform a successful hack on a system, it is best to know as much as you can, 
if not everything, about that system.  While there is nary a company in the world that 
isn't aware of hackers, most companies are now hiring hackers to protect their systems.  
And since footprinting can be used to attack a system, it can also be used to protect it.  
If you can find anything out about a system, the company that owns that system, with the 
right personell, can find out anything they want about you.

There is no single methodology for foot printing, as a hacker can choose several routes to trace the information. Foot printing therefore, needs to be carried out precisely and in an organized manner. The information unveiled at various network levels can include details of domain name, network blocks, network services and applications, system architecture, intrusion detection systems, specific IP addresses, access control mechanisms and related lists, phone numbers, contact addresses, authentication mechanisms and system enumeration.






















Open Source Footprinting
Open Source Footprinting is the easiest and safest way to go about finding information 
about a company.  Information that is available to the public, such as phone numbers, 
addresses, etc.  Performing whois requests, searching through DNS tables, and scanning 
certain IP addresses for open ports, are other forms of open source footprinting.  Most 
of this information is fairly easy to get, and getting it is legal, legal is always good.

Most companies post a shit load of information about themselves on their website.  A lot 
of this information can be very useful to hackers and the companies don't even realize it.  
It may also be helpful to skim through the webpage's HTML source  to look for comments.  
Comments in HTML code are the equivalent to the small captions under the pictures in high 
school science books.  Some comments found in the HTML can hold small tid-bits of info 
about the company, otherwise not found anywhere else.

Network Enumeration
Network Enumeration is the process of identifying domain names and associated networks.  
The process is performing various queries on the many whois databases found on the 
internet.  The result is the hacker now having the information needed to attack the system 
they are learning about.  Companie's domain names are listed with registrars, and the 
hacker would simply query the registrar to obtain the information they are looking for.  
The hacker simply needs to know which registrar the company is listed with.  There are 
five types of queries which are as follows:

 Registrar Query:  This query gives information on potential domains matching the 
 target.

 Organizational Query:  This is searching a specific registrar to obtain all 
 instances of the target's name.  The results show many different domains associated
 with the company.

 Domain Query:  A domain query is based off of results found in an organizational 
 query.  Using a domain query, you could find the company's address, domain name, 
 administrator and his/her phone number, and the system's domain servers.  The 
 administrative contact could be very useful to a hacker as it provides a purpose
 for a wardialer.  This is also where social engineering comes into play.  But 
 that's a talk for another time.  Many administrators now post false phone numbers 
 to protect themselves from this. 

 Network Query:  The fourth method one could use the American Registry for Internet 
 Numbers is to discover certain blocks owned by a company.  It's good to use a 
 broad search here, as well as in the registrar query.

 POC Query:  This query finds the many IP adresses a machine may have.

DNS Interrogation
After gathering the information needed using the above techniques, a hacker would begin to 
query the DNS.  A common problem with system adminstrators is allowing untrusted, or worse, 
unknown users, to perform a DNS Zone Transfer.  Many freeware tools can be found on the 
internet and can be used to perform DNS interrogation.  Tools such as nslookup, for PC, and 
AGnet Tools, for Mac, are some common programs used for this.

Other Helpful Techniques Used In Footprinting
 Ping Sweep:  Ping a range of IP addresses to find out which machines are awake.

 TCP Scans:  Scan ports on machines to see which services are offered.  TCP scans 
 can be performed by scanning a single port on a range of IPs, or by scanning a 
 range of ports on a single IP.  Both techniques yeild helpful information.

 UDP Scans:  Send garbage UDP packets to a desired port.  I normally don't perform 
 UDP scans a whole lot because most machines respond with an ICMP 'port unreachable' 
 message.  Meaning that no service is available.

 OS Indentification:  This involves sending illegal ICMP or TCP packets to a machine.  

The machine responds with unique invalid inputs and allows the hacker to find out what the 
target machine is running. 

On Our Next Post We Will Make a Tutorial On How to Use and Perform Footprinting In Backtrack / Kali Linux


If Any Problem Or Questions Comment Below...!!!
I hope you like this post please share it to many people ..!! :)


No comments :

Post a Comment