Information
Gathering:- Information Gathering can be divided into seven logical steps
1.
collecting initial Information (Footprinting)
2.
Determination of Network Range
3. Scoping out
Active Machines
4. Identifying Active Ports or Access Points
5. Operating System Fingerprinting
6. Service Fingerprinting
7. Network Mapping
4. Identifying Active Ports or Access Points
5. Operating System Fingerprinting
6. Service Fingerprinting
7. Network Mapping
Footprinting: Footprinting is defined as the process of creating a blueprint or map of an organization’s
network and systems. Information
gathering is also known as Footprinting an organization.
Footprinting is basically divided in to two types .
1. Active Footprinting
2. Passive Footprinting
In Active Footprinting needs our physical
presence to collect information of our victim. example of active Footprinting would be socially engineering a client to give
out confidential or privileged information. or visiting target company to
collect information related to the company network.
Passive
Footprinting do not needs our physical presence to collect information. Passive
can be considered as simply studying the victims website, or newspaper etc..
The
information the hacker is looking for during the Footprinting phase is anything
that
gives
clues as to the network architecture, server, and application types where
valuable data
is stored.
Before an attack or exploit can be launched, the operating system and version
as
well as
application types must be uncovered so the most effective attack can be
launched
against the
target. Here are some of the pieces of information to be gathered about a
target
during
Footprinting:
1. Domain
name
2. Network
blocks
3. Network
services and applications
4. System
architecture
5.
Intrusion detection system
6.
Authentication mechanisms
7.
Specific IP addresses
8. Access
control mechanisms
9. Phone
numbers
10.
Contact addresses
Once this
information is compiled, it can give a hacker better insight into the
organization,
where valuable information is stored, and how
it can be accessed.
Information Gathering Tools:
Using Whois:
To use the
Whois tool to gather information on the registrar or a domain name:
1. Go to the who.is website.
2. Enter your target company URL in the WHOIS
Lookup field and click the WHOIS button.
3. Examine the results and determine the
following:
Registered
address
Technical
and DNS contacts
Contact
email.
Contact
phone number
Expiration
date
4. Visit the company website and see if the
contact information from WHOIS matches
up to any
contact names, addresses, and email addresses listed on the website.
5.
If so, use Google to search on the employee
names or email addresses. You can learn
the email
naming convention used by the organization, and whether there is any
information
that should not be publicly available.
2.Using
Traceroute in Footprinting
Traceroute
is a packet-tracking tool that is available for most operating systems. It
operates
by sending
an Internet Control Message Protocol (ICMP) echo to each hop (router or
gateway)
along the path, until the destination address is reached. When ICMP messages
are sent
back from the router, the time to live (TTL) is decremented by one for each
router
along the
path. This allows a hacker to determine how many hops a router is from the
sender.
One problem
with using the traceroute tool is that it times out (indicated by an asterisk)
when it
encounters a firewall or a packet-filtering router. Although a firewall stops
the traceroute
tool from
discovering internal hosts on the network, it can alert an ethical hacker to
the
presence of a firewall; then, techniques for bypassing the firewall can be
used.
Notice in
Figure, the message first encounters the outbound ISP to reach the
Yahoo! web
server, and that the server’s IP address is revealed as 98.138.253.109. Knowing
this IP
address enables the ethical hacker to perform additional scanning on that host
during
the
scanning phase of the attack. The tracert command identifies routers located en
route to the destination’s network. Because routers are generally named
according to their physical location, tracert results help you locate these
devices.
Hacking Tools for Footprinting:
1.
domain name lookup
2.
Who.is
3.
Ns-lookup
4.
Sam spade
5.
Tracerout
6.
Neo Trace
7.
Visual lookup