Footprinting 2

Ethical Hacking - Footprinting Footprinting Overview Footprinting is the blueprinting of the security profile of an organization, undertaken in a methodological manner. Footprinting is a passive process of that is designed to profile an organization with respect to networks (Internet / Intranet / Extranet / Wireless). Footprinting Steps Internet Footprinting Get Proper Authorization Define the Scope of the Assessment Find Publicly Available Information Perform WHOIS & DNS Enumeration Attempt DNS Interrogation Perform Network Reconnaissance 1: Get Proper Authorization Ethical Hackers and professional penetration testers must obtain authorization in writing before beginning the security assessment 2: Define the Scope of the Assessment During discussions with the client you may determine the assessment scope will include: The entire organization Only certain locations Business partner connections The clients disaster-recovery sites 3: Find Publicly Available Information The first place to begin the security assessment is the company's web site following an initial review of the website you will next want to examine the following: Review Archived Information Examine The Wayback Machine Ripe the web site tools such as Wget and Teleport Pro Look for other sites beyond the main site of "www" such as: Outlook Web Access https://owa.company.com or https://outlook.company.com Virtual Private Networks (VPNs) http://vpn.company.com or http://www.company.com/vpn Examine any related organizations for backend connectivity Scan the web for: Phone Numbers, Contact Names, E-mail Addresses, and Personal Details Current Events Mergers, scandals, layoffs, etc. create security holes Privacy or Security Policies, and Technical Details Indicating the Types of Security Mechanisms in Place Extract data from Usenet Review Groups.google.com Search for Employee Resumes Perform Google Hacking Examine Web 2.0 sites Search Facebook Examine Blogs Find Disgruntled Employee Web Sites Map the Physical Address Google Maps / Google Earth Microsoft Live Visit the Physical Location and consider techniques such as: Dumpster-diving Surveillance Social Engineering 4: Perform WHOIS & DNS Enumeration Examine Internet Assigned Numbers Authority (IANA) and Regional Internet Registry (RIR) data: Manual Process - Three Steps: Authoritative Registry for top-level domain Domain Registrar Finds the Registrant Automated Process - Available Tools Whois.com Sam Spade SuperScan 5: Attempt DNS Interrogation Perform a Zone Transfer via Windows or Linux. When successful you will obtain a list of all the hosts and IP addresses. 6: Perform Network Reconnaissance Manual - Traceroute or Tracert Windows Tracert uses ICMP Linux Traceroute uses UDP by default Automatic - Neotrace, Trout or other traceroute software. Footprinting Resources Some sites useful sites for footprinting during a security assessment and ethical hack are listed here. These sites can be used to help you to find more information about an organization and its employees: www.trula.com - real estate www.zillow.com - real estate www.netronline.com - real estate www.whosarat.com - informants www.zabaseach.com - name, address, location info www.zoominfo.com - person & company data www.vitalrec.com - people info www.pipl.com - people search www.skipease.com/blog/ - people search www.pretrieve.com - people search www.publicdata.com - people search www.urapi.com - people search https://addons.mozilla.org/en-US/firefox/addon/1912 (who is this person) www.nndb.com - people activity tracker www.willyancey.com/finding.htm - online info www.courthousedirect.com - property records www.turboscout.com - multisearch engine tool www.theultimates.com - phone number lookup http://skipease.whitepages.com/reverse_address - address lookup www.thevault.com - company search / profile www.blogsearchengine.com - search blogs for info or person www.ccrs.info - China based company search /profile www.hoovers.com - company search / profile www.lexisnexis.com - company search / profile www.topix.net - region specific news articles www.pacer.uscourts.gov/natsuit.html - Court records www.oihweb.com - online investigation techniques www.linkedin.com - business person's network