amit seminar foot printing
TRANSCRIPT
-
8/8/2019 AMIT SEMINAR Foot Printing
1/23
ASeminar Report
ONFOOTPRINTING
SUBMITTED BY
Amit Kumar RathaurRoll No.: - 0728710005B.Tech. 4 th YearVII th Semester
Department Of Computer Science & Engg.
NARAINA COLLEGE OF ENGINEERING & TECHNOLOGY,
KANPUR -208 020
2010-20111
-
8/8/2019 AMIT SEMINAR Foot Printing
2/23
Certificate
This is to certify that Amit Kumar Rathaur student of B.Tech,Computer Science & Engg.,Semester 7 th has completed theirSeminar on titled FOOTPRINTING satisfactory in partialrequirement of Bachelors in Information Technology In the year2010 11.
This is also certified that this report is entitled toFOOTPRINTING, is an original work of Amit Kumar Rathaur. It isfurther certified that he have done his work under guidance &supervision to the best of our knowledge
Mr. Atul Mathur Ms.
Ankita Gaur
2
-
8/8/2019 AMIT SEMINAR Foot Printing
3/23
ACKNOWLEDMENT
I would like to take this opportunity to thank my institute foroffering a course like Semiar to us, so that we can show ourskills and can get the idea about how to handle presentations.And can be familiar about the things related to how to developa project. I would also like to thank our faculties Ms. Ankita Gaur forproviding us the guidelines whenever needed. I would also like to thank our Head of the department Mr. AtulMathur for keeping an eye on us.
AMIT KUMAR
RATHAUR
(0728710005)
3
-
8/8/2019 AMIT SEMINAR Foot Printing
4/23
Module Objective
This module will familiarize you with the following:
~ Footprinting: An Introduction
~ Overview of the Reconnaissance Phase
~ Information Gathering Methodology of Hackers
~ Competitive Intelligence gathering
~ Tools that aid in Footprinting
~ Footprinting steps
4
-
8/8/2019 AMIT SEMINAR Foot Printing
5/23
Introduction
Footprinting is the process through which an attacker goes about surveying achosen target. Think of it as an organized military attack, you wouldn't blindlywalk into somewhere without having done some research into the target, evenhaving a large amount of firepower won't help. Footprinting is often an over-looked area of Internet security and stopping an attacker at this stage will mostlikely put off all but the most determined attacker.
If you were going to take a long drive to an unknown destination you wouldwant to know how to get there and whether it would be easier to take the car,train or plane; it's the same with an attack but in order to find out the best way to
get there a port scan would allow us to see what ports are available, thereforeallowing us to see what 'roads' we can use. An example of a good portscanner iseither BluesPortScanner or Nmap. Nmap provides detailed information andfunctions such as, Service and Version detection, timing and performance,Firewall / IDS evasion and Spoofing to prevent admins from isolating your IPaddress it also runs on both Windows (as shown below) Unix-Systems, Mac OSX and AmigaOS; There is also a GUI version available for Windows callednmapfe. Blues Port Scanner is a fast and resource friendly scanner that iscapable of scanning over 300 ports a second and offers TCP and UDP scanning,
It only runs on Windows and is a GUI. Nmap is run from the command prompt and provides you with a list of optionsand functions with which you can utilize it's many functions. The program can
be easily worked out from the on screen instructions and a few examplecommands are included that show off a few functions. By finding out whatservices and open ports a target has open and running, an attacker can use thisinformation to move onto the next stage of an attack.
Just running a port scan against the target won't be enough, if the target has is awebsite then reading every bit of information of the site can prove useful, for example administrator names and telephone numbers are all potential
passwords, this information can be easily accessed through a WHOIS lookup. AWHOIS lookup is a TCP based protocol which is used to query a database inorder to obtain information about a specific server, it was developed in order tohelp system admins find IP information, traditionally it was done using thecommand line but now many web based WHOIS tools exist and are a simplegoogle search away. Making sure that you don't use such easily guessable
passwords is something that can't be repeated enough times, as system adminsare constantly increasing their levels of software defense they are increasinglyforgetting that the weakest point in any network is the competence of the person
5
-
8/8/2019 AMIT SEMINAR Foot Printing
6/23
who sets it up; no amount of software or hardware defense can stop someone if the master password is left as 'password'.
Other things that can be done to obtain information about a target are a
TraceRoute, this is a simple program that traces the amount of hops to a target,it does this by sending a batch of packets and then increasing the TTL (time-to-live) of each successive batch by one in order to trace the amount of hops. Torun TraceRoute in Windows open the command prompt and type:Code:
tracert [-d] [-h maximum_hops] [-j host_list] [-w timeout] target_name
and in Linux:Code:
Usage: traceroute [-dFInrvx] [-g gateway] [-i iface] [-f first_ttl][-m max_ttl] [ -p port] [-q nqueries] [-s src_addr] [-t tos][-w waittime] [-z pausemsecs] host [packetlen]$ traceroute hostname
All these bits of information that are collected can all be valuable in a small or large way, depending on the skill of the system admin and the luck of theattacker.
The most useful part of this exercise will be the Nmap scan which can be usedto find services which might be vulnerable to exploits. A program calledMetasploit is a collection of exploits and payloads that can be launched against a
poorly patched server; please be aware though that most of the exploits found inMetasploit are dated and couldn't hack a paper bag.
I hope this article gave you an insight on what footprinting involves and a few
ways in which, through proper server administration, hack attempts can befoiled.
6
-
8/8/2019 AMIT SEMINAR Foot Printing
7/23
Revisiting Reconnaissance
Reconnaissance refers to the preparatory phase where an attacker seeks togather as much information as possible about a target of evaluation prior tolaunching an attack It involves network scanning, either external or internal,without authorization. a preliminary survey to gain information; especially : anexploratory military survey of enemy territory. also n. An inspection or exploration of an area, especially one made to gather military information.Reconnaissance is a term for efforts to gain information about an enemy, usuallyconducted before, or in service to, a larger operation. The French word enteredthe English language in 1810, at a time when British and other armies were at
war with Napoleon's French forces. Reconnaissance is an important componentof military and intelligence activities, as well as civilian undertakings designedto protect the public safety from hazards both natural and manmade.
In the military or espionage environment, reconnaissance can take the form of activities by scouts or other specialists. The use of what would now be called"human intelligence" in a reconnaissance capacity dates back to ancient times,when, according to the Christian Old Testament, 12 spies went into the land of Canaan to scout out the territory. Today, reconnaissance is the work of specialunits practicing a specialized craft.
Reconnaissance aircraft range from the U-2 and SR-71 Blackbird to the E-2CHawkeye and P-3 Orion. Additionally, the skies with reconnaissance satellitesoperated by the U.S. military, the National Security Agency, and military or intelligence services of other nations. Even some craft, most notablysubmarines, can serve a reconnaissance function.
Origin of RECONNAISSANCEFrench, literally, recognition, from Middle French reconoissance, from OldFrench reconoistre to recognize First Known Use: 1810.
Information Gathering Methodology7
-
8/8/2019 AMIT SEMINAR Foot Printing
8/23
~ Unearth initial information
~ Locate the network range
~ Ascertain active machines
~ Discover open ports/access points
~ Detect operating systems
~ Uncover services on ports
~ Map the network
Unearthing Initial InformationUnearth Initial Information Commonly IncludesDomain Name Lookups, Locations, Contacts, Telephone,E-mail
Information Sources
Search Engines and Websites Open SourceDomain and IP informationInformation about Registered DomainsSmart Whois Tools
Hacking ToolsSam SpadeProvides Whois and DNS Dig functionality
8
-
8/8/2019 AMIT SEMINAR Foot Printing
9/23
Footprinting Through Job Sites9
-
8/8/2019 AMIT SEMINAR Foot Printing
10/23
You can gather company infrastructure details from job postings Look for company infrastructure postings such as looking for system administrator tomanage Solaris 10 network This means that the company has Solaris networkson site E.g., www.jobsdb.com
Passive Information Gathering10
http://www.jobsdb.com/http://www.jobsdb.com/ -
8/8/2019 AMIT SEMINAR Foot Printing
11/23
To understand the current security status of a particular Information System,organizations perform either a Penetration Testing or other hacking techniques
Passive information gathering is done by finding out the details that are freelyavailable over the Internet and by various other techniques without directlycoming in contact with the organizations servers Organizational and other informative websites are exceptions as the information gathering activitiescarried out by an attacker do not raise suspicion
Competitive IntelligenceGathering
Business moves fast. Product cycles are measured in months, not years. Partners become rivals quicker than you can say breach of contract. So how can you possibly hope to keep up with your competitors if you can't keep an eye onthem? Competitive intelligence gathering is the process of gatheringinformation about your competitors from resources such as the Internet Thecompetitive intelligence is non- interfering and subtle in nature Competitiveintelligence is both a product and a process.
The various issues involved in competitive intelligence are:
Data gathering
Data analysis
Information verification
Information security
Cognitive hacking:
Single source
Multiple source11
-
8/8/2019 AMIT SEMINAR Foot Printing
12/23
Why Do You Need Competitive Intelligence?
~ Compare your products with that of your competitors' offerings~ Analyze your market positioning compared to the competitors~ Pull up list of competing companies in the market~ Extract salesperson's war stories on how deals are won and lost in the
competitive arena~ Produce a profile of CEO and the entire management staff of the competitor ~ Predict their tactics and methods based on their previous track record
Companies Providing CompetitiveIntelligence Services
Carratu International http://www.carratu.com
CI Center http://www.cicentre.com
CORPORATE CRIME MANAGEMENT http://www.assesstherisk.com
Marven Consulting Group http://www.marwen.ca
SECURITY SCIENCES CORPORATION http://www.securitysciences.com
Lubrinco http://www.lubrinco.com
DNS Enumerator12
http://www.lubrinco.com/http://www.lubrinco.com/ -
8/8/2019 AMIT SEMINAR Foot Printing
13/23
DNS Enumerator is an automated sub-domain retrieval tool It scans Google toextract the results
SpiderFoot
SpiderFoot is a free, open-source, domain footprinting tool which will scrapethe websites on that domain, as well as search Google, Netcraft, Whois, andDNS to build up information like:
Subdomains Affiliates Web server versions Users (i.e. /~user) Similar domains Email addresses Netblocks
13
-
8/8/2019 AMIT SEMINAR Foot Printing
14/23
Wikito Footprinting Tool14
-
8/8/2019 AMIT SEMINAR Foot Printing
15/23
Web Data Extractor ToolUse this tool to extract targeted companys contact data (email, phone, fax) fromthe Internet Extract url, meta tag (title, desc, keyword) for website promotion,
search directory creation, web research.
15
-
8/8/2019 AMIT SEMINAR Foot Printing
16/23
Additional Footprinting Tools
Whois NslookupARIN
Neo TraceVisualRoute TraceSmartWhoiseMailTrackerProWebsite watcher Google EarthGEO Spider HTTrack Web Copier E-mail Spider
16
-
8/8/2019 AMIT SEMINAR Foot Printing
17/23
Whois Lookup
Online Whois Toolswww.samspade.org
www.geektools.com
www.whois.net
www.demon.net
Nslookup17
http://www.samspade.org/http://www.geektools.com/http://www.whois.net/http://www.demon.net/http://www.samspade.org/http://www.geektools.com/http://www.whois.net/http://www.demon.net/ -
8/8/2019 AMIT SEMINAR Foot Printing
18/23
Nslookup is a program to query Internet domain name servers. Displaysinformation that can be used to diagnose Domain Name System (DNS)infrastructure Helps find additional IP addresses if authoritative DNS is knownfrom whois MX record reveals the IP of the mail server Both Unix andWindows come with a Nslookup client Third party clients are also available for example,Sam Spade
Extract DNS information
Using www.dnsstuff.com, you can extractDNS information such as:
Mail server extensions IP addresses
Locate the Network RangeCommonly includes:
18
-
8/8/2019 AMIT SEMINAR Foot Printing
19/23
Finding the range of IP addresses Discerning the subnet mask
Information Sources:
ARIN (American Registry of Internet Numbers) Traceroute
Hacking Tool:
NeoTrace Visual Route
ARIN:
ARIN allows searches on the whois database to locate information on anetworks autonomous system numbers (ASNs), network-related handles, andother related
point of contact (POC) ARIN whois allows querying the IP address to help findinformation on the strategy used for subnet addressing.
Traceroute:
Traceroute works by exploiting a feature of the Internet Protocol called TTL, or Time To Live Traceroute reveals the path IP packets travel between two systems
by sending out consecutive sets of UDP or ICMP packets with ever-increasing TTLs As each router processes an IP packet, it decrements the TTL. When theTTL reaches zero, that router sends back a "TTL exceeded" message (usingICMP) to the originator Routers with reverse DNS entries may reveal the name
of routers, network affiliation, and geographic location Trace RouteAnalysis:
Traceroute is a program that can be used to determine the path from source todestination By using this information, an attacker determines the layout of anetwork and the location of each device For example, after running severaltraceroutes, an attacker might obtain the following information:
traceroute 1.10.10.20, second to last hop is 1.10.10.1
traceroute 1.10.20.10, third to last hop is 1.10.10.1 traceroute 1.10.20.10, second to last hop is 1.10.10.5019
-
8/8/2019 AMIT SEMINAR Foot Printing
20/23
traceroute 1.10.20.15, third to last hop is 1.10.10.1 traceroute 1.10.20.15, second to last hop is 1.10.10.50
By putting this information together we can diagram the network
NeoTrace:
NeoTrace shows the traceroute output visually map view, node view, and IPview
VisualRoute Trace:
20
-
8/8/2019 AMIT SEMINAR Foot Printing
21/23
E-Mail SpidersHave you ever wondered how Spammers generate a huge mailing databases?They pick tons of e-mail addresses from searching the Internet All they need is aweb spidering tool picking up e-mail addresses and storing them to a databaseIf these tools are left running the entire night, they can capture hundreds of thousands of e-mail addresses
Tools: Web data Extractor
1st E-mail Address Spider
Steps to Perform Footprinting
21
-
8/8/2019 AMIT SEMINAR Foot Printing
22/23
Find companies external and internal URLsPerform whois lookup for personal detailsExtract DNS informationMirror the entire website and look up namesExtract archives of the websiteGoogle search for companys news and press releasesUse people search for personal information of employeesFind the physical location of the web server using the tool NeoTracerAnalyze companys infrastructure details from job postingsTrack the email using readnotify.com
CONCLUSION
Information gathering phase can be categorized broadly into seven phasesFootprinting renders a unique security profile of a target system Whois and
22
-
8/8/2019 AMIT SEMINAR Foot Printing
23/23
ARIN can reveal public information of a domain that can be leveraged further Traceroute and mail tracking can be used to target specific IP, and later for IPspoofing Nslookup can reveal specific users, and zone transfers can compromiseDNS security
23