amit seminar foot printing

8/8/2019 AMIT SEMINAR Foot Printing

1/23

ASeminar Report

ONFOOTPRINTING

SUBMITTED BY

Amit Kumar RathaurRoll No.: - 0728710005B.Tech. 4 th YearVII th Semester

Department Of Computer Science & Engg.

NARAINA COLLEGE OF ENGINEERING & TECHNOLOGY,

KANPUR -208 020

2010-20111


2/23

Certificate

This is to certify that Amit Kumar Rathaur student of B.Tech,Computer Science & Engg.,Semester 7 th has completed theirSeminar on titled FOOTPRINTING satisfactory in partialrequirement of Bachelors in Information Technology In the year2010 11.

This is also certified that this report is entitled toFOOTPRINTING, is an original work of Amit Kumar Rathaur. It isfurther certified that he have done his work under guidance &supervision to the best of our knowledge

Mr. Atul Mathur Ms.

Ankita Gaur

2


3/23

ACKNOWLEDMENT

I would like to take this opportunity to thank my institute foroffering a course like Semiar to us, so that we can show ourskills and can get the idea about how to handle presentations.And can be familiar about the things related to how to developa project. I would also like to thank our faculties Ms. Ankita Gaur forproviding us the guidelines whenever needed. I would also like to thank our Head of the department Mr. AtulMathur for keeping an eye on us.

AMIT KUMAR

RATHAUR

(0728710005)

3


4/23

Module Objective

This module will familiarize you with the following:

~ Footprinting: An Introduction

~ Overview of the Reconnaissance Phase

~ Information Gathering Methodology of Hackers

~ Competitive Intelligence gathering

~ Tools that aid in Footprinting

~ Footprinting steps

4


5/23

Introduction

Footprinting is the process through which an attacker goes about surveying achosen target. Think of it as an organized military attack, you wouldn't blindlywalk into somewhere without having done some research into the target, evenhaving a large amount of firepower won't help. Footprinting is often an over-looked area of Internet security and stopping an attacker at this stage will mostlikely put off all but the most determined attacker.

If you were going to take a long drive to an unknown destination you wouldwant to know how to get there and whether it would be easier to take the car,train or plane; it's the same with an attack but in order to find out the best way to

get there a port scan would allow us to see what ports are available, thereforeallowing us to see what 'roads' we can use. An example of a good portscanner iseither BluesPortScanner or Nmap. Nmap provides detailed information andfunctions such as, Service and Version detection, timing and performance,Firewall / IDS evasion and Spoofing to prevent admins from isolating your IPaddress it also runs on both Windows (as shown below) Unix-Systems, Mac OSX and AmigaOS; There is also a GUI version available for Windows callednmapfe. Blues Port Scanner is a fast and resource friendly scanner that iscapable of scanning over 300 ports a second and offers TCP and UDP scanning,

It only runs on Windows and is a GUI. Nmap is run from the command prompt and provides you with a list of optionsand functions with which you can utilize it's many functions. The program can

be easily worked out from the on screen instructions and a few examplecommands are included that show off a few functions. By finding out whatservices and open ports a target has open and running, an attacker can use thisinformation to move onto the next stage of an attack.

Just running a port scan against the target won't be enough, if the target has is awebsite then reading every bit of information of the site can prove useful, for example administrator names and telephone numbers are all potential

passwords, this information can be easily accessed through a WHOIS lookup. AWHOIS lookup is a TCP based protocol which is used to query a database inorder to obtain information about a specific server, it was developed in order tohelp system admins find IP information, traditionally it was done using thecommand line but now many web based WHOIS tools exist and are a simplegoogle search away. Making sure that you don't use such easily guessable

passwords is something that can't be repeated enough times, as system adminsare constantly increasing their levels of software defense they are increasinglyforgetting that the weakest point in any network is the competence of the person

5


6/23

who sets it up; no amount of software or hardware defense can stop someone if the master password is left as 'password'.

Other things that can be done to obtain information about a target are a

TraceRoute, this is a simple program that traces the amount of hops to a target,it does this by sending a batch of packets and then increasing the TTL (time-to-live) of each successive batch by one in order to trace the amount of hops. Torun TraceRoute in Windows open the command prompt and type:Code:

tracert [-d] [-h maximum_hops] [-j host_list] [-w timeout] target_name

and in Linux:Code:

Usage: traceroute [-dFInrvx] [-g gateway] [-i iface] [-f first_ttl][-m max_ttl] [ -p port] [-q nqueries] [-s src_addr] [-t tos][-w waittime] [-z pausemsecs] host [packetlen]$ traceroute hostname

All these bits of information that are collected can all be valuable in a small or large way, depending on the skill of the system admin and the luck of theattacker.

The most useful part of this exercise will be the Nmap scan which can be usedto find services which might be vulnerable to exploits. A program calledMetasploit is a collection of exploits and payloads that can be launched against a

poorly patched server; please be aware though that most of the exploits found inMetasploit are dated and couldn't hack a paper bag.

I hope this article gave you an insight on what footprinting involves and a few

ways in which, through proper server administration, hack attempts can befoiled.

6


7/23

Revisiting Reconnaissance

Reconnaissance refers to the preparatory phase where an attacker seeks togather as much information as possible about a target of evaluation prior tolaunching an attack It involves network scanning, either external or internal,without authorization. a preliminary survey to gain information; especially : anexploratory military survey of enemy territory. also n. An inspection or exploration of an area, especially one made to gather military information.Reconnaissance is a term for efforts to gain information about an enemy, usuallyconducted before, or in service to, a larger operation. The French word enteredthe English language in 1810, at a time when British and other armies were at

war with Napoleon's French forces. Reconnaissance is an important componentof military and intelligence activities, as well as civilian undertakings designedto protect the public safety from hazards both natural and manmade.

In the military or espionage environment, reconnaissance can take the form of activities by scouts or other specialists. The use of what would now be called"human intelligence" in a reconnaissance capacity dates back to ancient times,when, according to the Christian Old Testament, 12 spies went into the land of Canaan to scout out the territory. Today, reconnaissance is the work of specialunits practicing a specialized craft.

Reconnaissance aircraft range from the U-2 and SR-71 Blackbird to the E-2CHawkeye and P-3 Orion. Additionally, the skies with reconnaissance satellitesoperated by the U.S. military, the National Security Agency, and military or intelligence services of other nations. Even some craft, most notablysubmarines, can serve a reconnaissance function.

Origin of RECONNAISSANCEFrench, literally, recognition, from Middle French reconoissance, from OldFrench reconoistre to recognize First Known Use: 1810.

Information Gathering Methodology7


8/23

~ Unearth initial information

~ Locate the network range

~ Ascertain active machines

~ Discover open ports/access points

~ Detect operating systems

~ Uncover services on ports

~ Map the network

Unearthing Initial InformationUnearth Initial Information Commonly IncludesDomain Name Lookups, Locations, Contacts, Telephone,E-mail

Information Sources

Search Engines and Websites Open SourceDomain and IP informationInformation about Registered DomainsSmart Whois Tools

Hacking ToolsSam SpadeProvides Whois and DNS Dig functionality

8


9/23

Footprinting Through Job Sites9


10/23

You can gather company infrastructure details from job postings Look for company infrastructure postings such as looking for system administrator tomanage Solaris 10 network This means that the company has Solaris networkson site E.g., www.jobsdb.com

Passive Information Gathering10
http://www.jobsdb.com/http://www.jobsdb.com/


11/23

To understand the current security status of a particular Information System,organizations perform either a Penetration Testing or other hacking techniques

Passive information gathering is done by finding out the details that are freelyavailable over the Internet and by various other techniques without directlycoming in contact with the organizations servers Organizational and other informative websites are exceptions as the information gathering activitiescarried out by an attacker do not raise suspicion

Competitive IntelligenceGathering

Business moves fast. Product cycles are measured in months, not years. Partners become rivals quicker than you can say breach of contract. So how can you possibly hope to keep up with your competitors if you can't keep an eye onthem? Competitive intelligence gathering is the process of gatheringinformation about your competitors from resources such as the Internet Thecompetitive intelligence is non- interfering and subtle in nature Competitiveintelligence is both a product and a process.

The various issues involved in competitive intelligence are:

Data gathering

Data analysis

Information verification

Information security

Cognitive hacking:

Single source

Multiple source11


12/23

Why Do You Need Competitive Intelligence?

~ Compare your products with that of your competitors' offerings~ Analyze your market positioning compared to the competitors~ Pull up list of competing companies in the market~ Extract salesperson's war stories on how deals are won and lost in the

competitive arena~ Produce a profile of CEO and the entire management staff of the competitor ~ Predict their tactics and methods based on their previous track record

Companies Providing CompetitiveIntelligence Services

Carratu International http://www.carratu.com

CI Center http://www.cicentre.com

CORPORATE CRIME MANAGEMENT http://www.assesstherisk.com

Marven Consulting Group http://www.marwen.ca

SECURITY SCIENCES CORPORATION http://www.securitysciences.com

Lubrinco http://www.lubrinco.com

DNS Enumerator12
http://www.lubrinco.com/http://www.lubrinco.com/


13/23

DNS Enumerator is an automated sub-domain retrieval tool It scans Google toextract the results

SpiderFoot

SpiderFoot is a free, open-source, domain footprinting tool which will scrapethe websites on that domain, as well as search Google, Netcraft, Whois, andDNS to build up information like:

Subdomains Affiliates Web server versions Users (i.e. /~user) Similar domains Email addresses Netblocks

13


14/23

Wikito Footprinting Tool14


15/23

Web Data Extractor ToolUse this tool to extract targeted companys contact data (email, phone, fax) fromthe Internet Extract url, meta tag (title, desc, keyword) for website promotion,

search directory creation, web research.

15


16/23

Additional Footprinting Tools

Whois NslookupARIN

Neo TraceVisualRoute TraceSmartWhoiseMailTrackerProWebsite watcher Google EarthGEO Spider HTTrack Web Copier E-mail Spider

16


17/23

Whois Lookup

Online Whois Toolswww.samspade.org

www.geektools.com

www.whois.net

www.demon.net

Nslookup17
http://www.samspade.org/http://www.geektools.com/http://www.whois.net/http://www.demon.net/http://www.samspade.org/http://www.geektools.com/http://www.whois.net/http://www.demon.net/


18/23

Nslookup is a program to query Internet domain name servers. Displaysinformation that can be used to diagnose Domain Name System (DNS)infrastructure Helps find additional IP addresses if authoritative DNS is knownfrom whois MX record reveals the IP of the mail server Both Unix andWindows come with a Nslookup client Third party clients are also available for example,Sam Spade

Extract DNS information

Using www.dnsstuff.com, you can extractDNS information such as:

Mail server extensions IP addresses

Locate the Network RangeCommonly includes:

18


19/23

Finding the range of IP addresses Discerning the subnet mask

Information Sources:

ARIN (American Registry of Internet Numbers) Traceroute

Hacking Tool:

NeoTrace Visual Route

ARIN:

ARIN allows searches on the whois database to locate information on anetworks autonomous system numbers (ASNs), network-related handles, andother related

point of contact (POC) ARIN whois allows querying the IP address to help findinformation on the strategy used for subnet addressing.

Traceroute:

Traceroute works by exploiting a feature of the Internet Protocol called TTL, or Time To Live Traceroute reveals the path IP packets travel between two systems

by sending out consecutive sets of UDP or ICMP packets with ever-increasing TTLs As each router processes an IP packet, it decrements the TTL. When theTTL reaches zero, that router sends back a "TTL exceeded" message (usingICMP) to the originator Routers with reverse DNS entries may reveal the name

of routers, network affiliation, and geographic location Trace RouteAnalysis:

Traceroute is a program that can be used to determine the path from source todestination By using this information, an attacker determines the layout of anetwork and the location of each device For example, after running severaltraceroutes, an attacker might obtain the following information:

traceroute 1.10.10.20, second to last hop is 1.10.10.1

traceroute 1.10.20.10, third to last hop is 1.10.10.1 traceroute 1.10.20.10, second to last hop is 1.10.10.5019


20/23

traceroute 1.10.20.15, third to last hop is 1.10.10.1 traceroute 1.10.20.15, second to last hop is 1.10.10.50

By putting this information together we can diagram the network

NeoTrace:

NeoTrace shows the traceroute output visually map view, node view, and IPview

VisualRoute Trace:

20


21/23

E-Mail SpidersHave you ever wondered how Spammers generate a huge mailing databases?They pick tons of e-mail addresses from searching the Internet All they need is aweb spidering tool picking up e-mail addresses and storing them to a databaseIf these tools are left running the entire night, they can capture hundreds of thousands of e-mail addresses

Tools: Web data Extractor

1st E-mail Address Spider

Steps to Perform Footprinting

21


22/23

Find companies external and internal URLsPerform whois lookup for personal detailsExtract DNS informationMirror the entire website and look up namesExtract archives of the websiteGoogle search for companys news and press releasesUse people search for personal information of employeesFind the physical location of the web server using the tool NeoTracerAnalyze companys infrastructure details from job postingsTrack the email using readnotify.com

CONCLUSION

Information gathering phase can be categorized broadly into seven phasesFootprinting renders a unique security profile of a target system Whois and

22


23/23

ARIN can reveal public information of a domain that can be leveraged further Traceroute and mail tracking can be used to target specific IP, and later for IPspoofing Nslookup can reveal specific users, and zone transfers can compromiseDNS security

23

amit seminar foot printing

Documents