Module 02 esd] . Presented by Professionals.Security News NEWS. Aaa MC bec Ear | Facebook a ‘treasure trove’ of BP 202 Personally Identifiable Information Facebook contains a “treasure trove" of personally identifiable information that hackers manage to get their hands on. Idetalled a concent | call “riend-mapping”, where an attacker can get further knowledge of ‘user's circle of friends; having accessed their account and posing es a trusted friend, they can ‘cause mayhem. This ean include requesting the transfer of funds and extortion. ‘Asked why Facebook sso important to hackers, Imperve senior cecurity strategict Noa Bor-Voset sald: “People also add work friends on Facebook so a team leader can be ident:fied and this can lead ‘to corporate data baing accessed, project work being discussed openly, while gec-location data can be tailed for military intelligence. eep://anowsemogazineu.com pe ee eeFootprinting Terminology What Is Footprinting? Objectives of Footprinting Footprinting Threats Footprinting through Search Engines =, Website Footprinting Email Footprinting Competit e Intelligence Footprinting Using Google | re WHOIS Footprinting DNS Footprinting Network Footprinting Footprinting through Social Engineering Footprinting through Social Networking Sites Footprinting Tools Footprinting Countermeasures Footprinting Pen Testing tenModule Flow Ca] Footprinting Concepts Footprinting Threats H Footprinting H] Methodology Footprinting Footprinting Counter- measures Footprinting Tools Penetration Testing Ce en eee toedFootprinting et duel Open Source or Passive Information Gathering Collect information about a target from the publicly accessible sources Anonymous Footprinting Gather information from sources where the author of the information cannot be identified or traced Organizational or Private Footprinting Collect Information from an organization's web-based calendar and email services Active Information Gathering Gather information through social engineering on-site visits, interviews, and questionnaires Pseudonymous Footprinting Collect information that might be published under a different name in an attempt to preserve privacy Internet Footprinting Collect information about e target from the internet ns a 5h aWhat Is Footprinting? Footprinting is the process of g as much information as possible about a target network, for identifying various ways to intrude into an = i [ e Collect baste Gen about res I =) @ Determine the operating system used, platforms running, web the target and its network Eo e server versions, ete eeeWhy Footprinting? 3 Know Reduce Build Information Draw Security Posture Attack Area Database Network Map eee ed ce ea Tea eee coy Cee ee ied Poe eke ati Bea ees een eta Sees Sea address, networks, Sec Dee Cre a cay Pens Cee re ee ec Fe ao Pee Cs Cea ata See Be eu ers Cec bce eae eau ie!Cee od eed eo eee ree reso Seo’ el Era eee Teer ed eee= & Ansloe/ gil User and Group Names Telephone Numbers a reward we Senices Neborking 7 | P| rota rate Webs } ween | — ere a = Ads pasa — eee oe Organization's Website Ps ee we) ye LG =B ewe ide) eae Ba Press Releases ofthe Organization Phone Numbers Erwioyee Details syRer manners ing og Remote system Type seater “Architecture la Lee Routing ss Web Server Linke Locstion Dette ae Tables system NomeModule Flow C/EH Footprinting Concepts Footprinting Threats Footprinting Methodology Footprinting Footprinting Counter- measures Footprinting Tools Penetration Testing ee ete eee ee eee aeFootprinting Threats Wi Attackers gather valuable system and network information such as account details, operating system and installed applications, network components, server names, database schema details, etc. from footprinting techniques Types of Threats aa Privacy | Corporate | Business panes Leakage Loss l Espionage IK Loss Information eeeModule Flow (qi | Footprinting Concepts Footprinting Threats Footprinting Methodology Footprinting Footprinting Penetration Counter- Testing measures Footprinting Tools ee ete Le ee eee ceeye Meee urd gre at leer M et ees Peer ee Footprinting Methodology ala Pers nn DNs i] Dees ard ee cciet eee eee) nee cit tice eet call Cee eee eeeFootprinting through Attackers use search engines to extract information about a target such as technology platforms, employee details, login pages, intranet portals, etc. which helps in performing social engineering and other types of advanced system attacks Search engine cache may provide sensitive information that has been removed from the World Wide Web (WWW) Gee ren oeFinding Company’s © Search for the target company’s external URL in a search engine such as Google or Bing ©@ Internal URLs provide an insight into different departments and business units in an organization ©@ You may find an internal company’s URL by trial and error method Tools to Search Internal URLs hetp://news .neteraft.com http://www webmaster-a.com/ Link-extractor-intemnal .php err Al Internal URL’s of microsoft.com oe ere cee = steerer or = - oer ——— wednte-microsatticom 9 cestmer-microcarticon a windows microsoft.comPublic and Restricted Websites Identify a company’s private and public websites ee er up: {fewnv.microsoft.com ‘new once micosoR com ep fonswers miesorecom Public Website J |Collect LocationInformation C|EH eee annotate tematic | Googe | Ce ee eeesrmation about an individual can be | thepeopie search retina te oR found at various people search information about a person: websites © Residential addresses and email addresses © Contect numbers and date of bith ¢— , @. Photes and social nefrey Ererptles © Blog uals |e © Satelite pictures of private residencies a =e | ae 5 a me au =n : q " : A - os =a #en> A i 4 an msn —a ——S : J | “hte:/foiptcom Tat ew spokeo com AltR tezerved, Reproduction i Strictly Prohibited.People Search ing) Zaba Search ee tt hcbescarcscom Fa a6, Zoominfo ) PeekYou Fh ,rensrereonteocon =e) rae Wink People Search stp /pvnecom ‘AnyWho @ ) — PeopleSmart bipyAmascpsho.com | ftp /A.peplesmartcom ft People Lookup ‘httpsi//wwrm.peoplelookup.com 123 People Search tto.//ew.1230c00ke.com Intelius tp /foe nteliuscom WhitePages ttp://ewneabitepages.com enedPeople Search on ‘nttn:/fuwnw. Facebook.com ‘htto://orwdinkedia.com hites/feviticncom ‘httos //plus.google.com copynghe © PeGather Information from (la ee eee toeFootprinting through laa EY ren pathercompany’s infrestructure details from b ti ‘emmesps _‘job postings Look for these: Job requirements Employee’: profile 2 Hardware information Software information Examples of Job Websites hetp://uwu.monstercom hip: /orwvesuroarbiider oer oa http://wwwcdice.com http://www. simplyhired.com 64) hetp://www.indeed.com http://www.usajobs.cov eee reTarget Using Alerts Alerts are the content monitoring services Examples of Alert Services that provide up-to-date information based on your preference usually via email or © Google Alerts - tpn google com/alets SMS in an automated manner © Yahoo! Alerts -http://alerts yahoo.com ) © Giga Alert - http://www gigaalert.com a Google aiers Seach query: Securty News CeeFootprinting IViethodology at [amencnr aie nner ie Pee Nees tt Mea ahr DNS Footprinting eras Dearie’ eee rea ett eee acu d Coe ee ated om ee ee eeda Website Footprinting a] Information obtained from target’s website enables an attacker to build a detailed map of website’s structure and architecture Browsing the target website may provide: © Software used its version. < Operating system used © Sub-directories and parameters Filename, path, database field name, or query © Scripting platform Contact details and CMs details Use Zaproxy, Burp Suite, Firebug, etc, to view headers that provide: © Connection status and content-type Accept-Ranges = Last Modified information X-Powered-By information = Web server in use and its version itp://portswigg TT Le eeFootprinting (Gont’d) Examining HTML source provides: Examining cookies may = © Comments in the source code © Software in use and its behavior c ts in th cs eH» e Contact details of web developer or admin | pla Rpaaniarichite — ao saree é | eeMirroring Entire Website | C/EH Mirroring an entire website onto the local system enables an attacker to dissect and identify vulnerabilities; it also assists in finding directory structure and other valuable information without multiple requests to web server Mirrored Website Sr eeeWebsite Mirroring Tools CIE Donte //urwm:surfoffline.com) \WebRipper (nttp:/Avww.calluna-software.com) IL All Rights Reserved. Reproduction is Strictly Prohibited.Tools (Cont'd) Website Ripper Copier PageNest pwn tensons.com fee /rowsepogenest.com uid! Teleport Pro Backstreet Browser ae) leper Bowe toe =. Portable Offline Browser "Offline Explorer Enterprise K D) rrinincroaticon ERD icevtrmmtanednccon Proxy Offline Browser GNU Wget BN itis estniprony aiiintr nesses tit http//wuwgnuorg Hooeey Webprint ttp://unnvhoceeywebprint.com iMiser bties//internetrescarchtocleom peeExtract Website Information from Website Information eet All Fights Reserved, Reproduction is Strictly Prohibited.Monitoring Web Updates Website Watcher eestewaere 2012/23 eden Alesis ‘ttp:/faignes.comFootprinting Viethodology ee eel ue cae Engines Mee oteT) Email Footprinting Competitive Intelligence Cee Tac Cala DOr uu DN Deen urd Ree nee at auc eet oie ety cities Se Ce eee ee een‘@ Attacker tracks email to gather information about the physical location of an individual to perform social engineering that in turn may help in mapping target organization’s network ‘@ Email tracking is a method to monitor and spy on the delivered emails to the intended recipient ‘When the email was fe received and read GPS location and map of the recipient ‘Time spent on rea the emails Set messages to expire after a specified time Track PDF and other types of attachments Whether or not the recipient visited any links sent to them CaerCollecting Information from clEH Email Header eat ada The address from which the message was sent p sionates Sendarsmalisenan) . (ate end time raceived bythe orzinetr's eal servers Ruthanticationsyrtem pects tron:to ‘unique umber assigned by rmzocele-cormt Menelythe message ee eee eedEmail Lookup - Free Emall Tracker mttaer Aransis eWallfrackerPr (itpi//nunncemaitrockerro.com) PoliteMail (http://www poltemail.com)Tools (Cont'd) Pointofmail ‘xp /fo potatofrnat. com Read Notify -:/Aumau react com Super Email Marketing Software | it://snw-bll email marketing sofowerenet | DidTheyReadit | | http://wwwadidtheyreadit.com WhoReadMe nto://vhoreodme.com Trace Email ‘nex /Auhaismytoateresscom MSGTAG GetNotify ttox/rowwrmegtog.com ttp:/;wgetnctifycom Zendio G-Lock Analytics btto://vewv.zendiowcon to /alockanaitiescom tosFootprinting iethodology fais Oars ca DNS unig Merete rd Email Footprinting Deas Lr Pema genet ces eer) eee cated Peers ue {Saas , Ge eee acdCompetitive Intelligence Gathering Q @ Competitive intelligence is the process of identifying, gathering, analyzing, verifying, and using information about your competitors from resources such as the Internet & Competitive intelligence is non-interfering and subtle in nature Sources of Competitive Intelligence 1 Company websites and employment ads © Social engineering employees 2) Search engines, intemet, and online databases, 7 Product catalogues and retail outlets 3) Press roteases and annual reports 8) Analyst and regulatory reports (Ap eto canteen, Peer (2p) eetone ant venoms (8) Piet ond vemat | (49) Hee stint eae: 1° by F6-Comcil allmughts Racerved, Reproduction Strictly Prohibited.Competitive Intelligence - 2 Visit These Sites When did it begin? eee eee i 01. EDGAR Database http://www.sec.gov/edgarshtml Sea 02. Hoovers i Cc ° i Whereisit 1) \__ How did it http://www.hoovers.com located? “7 ( Company FP" develop? a i ‘cS oO H 03. LexisNexis —— em http://worwlexisnexis.com 04. Business Wire i DO Who leads it? http://wwrw.businesswire.com Crs re SeeCompetitive Intelligence - v €Rq/<1 ee F bttoy//umusoechiunet Roadkil’s Trace Route i & 2 | ere 3D Traceroute heep/ fourm ddtrde AnalogX HyperTrace ttp:/fonw.analog.corm Network Systems Traceroute etp://rewaunctprincetonedu Ping Plotter etp:/poos-pingpleter.com eeFootprinting Methodology C/EH Pee eu ee aes WHO'S Footprinting Des Ly DNS aurd gre aa Network Footprinting ae nearer Tee Cec er secur une niet ee sa eee eeFootprinting through Social Engineering © @ Social engineering is the art of convincing people to reveal confidential information © Social engineers depend on the fact that people are unawere of their [_ __ Valuable information and are careless about protecting it @ C Social engineers attempt to gather: Social engineers use these techniques: anes Shoulder surfing © Credit card details and cacial security Q © Eavesdropping ‘© Usernames and passwords = © Other personal information a ae ane Sint e © Impersonation on social networking Operating systems and software = e versions = gs ‘s elec eeeiheraes prec dae iit ix @ oS @Collect Information Using , and Eavesdropping Shoulder Surfing © Eavesdropping is unauthorized © Shoulder surfing is the procedure listening of conversations or where the attackers look over reading of messages the user's shoulder to gain © Itis interception of any form of critical information communication such as audio, © Attackers gather information such video, or written as passwords, personal identification number, account numbers, credit card information, etc. Dumpster Dumpster diving is looking for ‘treasure in someone else's trash Itinvolves collection of phone bills, contact information, financial information, operations ‘elated information, etc. from the target company’s trash bins, printer trash bins, user desk for sticky notes, etc. © eryFootprinting Methodology Cal Peete aie ake ced Ween anne era lee eae et WHOIS Footprinting Dra ui Da gras ca Re eree eeeelD st acs eer Se ae ee eedCollect Information through Social Engineering on Attackers gather sensitive Information through social engineering on social ~ networking websites such as Facebook, MySpace, Linkedin, Twitter, | ( Pintarest, Googles, etc. a Attackers create a fake profile on social networking, identity to lure the employees to give up ERplByEEE Way post personal information such as date of birth, educational and ‘employment backgrounds, spouses names, etc. and information about thelr company such a5 potential clients and business partners, trade secrets of businass, websites, company’s upcoming news, mergers, acquisitions, atc, Using the details of an employee of the target organization, an attacker can 8 compromise a secured facility eenInformation Available on Social Networking Sites @ Mg Mera gee Cds Mees Aue oo Ce dae ee Coe Tce} ier Ce ee eedCollecting Information | C/EH Chae @) |) using Facebook alll over the world 845 95" | 100 8,8) 250 26 1/5 ee 20 @ 6°S oy ! million monthly | billion million photos active users connections uploaded daily LofeverySof | minutes time all page views | spent per visit ey eensCollecting Twitter Information pay es 29.9 million 107.7 million = 9 Indonesia Beal 19.5 million 33.3 million %, eo "0. io Sc o entries with argest = ° = 465 million accounts hi 16% 32% Twitter users now post status updates UK, Q Wayne Rooney 23.8 million see Japan coo 350 od million tweets a day 55% 8 Twitter users access the platform via their mobile Ce ee eae ee eee eee)Collecting Linkedin Information PRM CR ko (2 dee ee Us new members million million companies join every second employees located revenue for 2011 have Linkedin around the world company pages er nL ee eee cae eeCollecting Pb WGermuiket ete 3rd | Most visited website oS 900 | average time users spend according to Alexa Sec | on YouTube every day — > ] 2 billion | Views per day 1/10 | One of every 10 Internet users opens YouTube 829,440 | videos uploaded every dayon Social Networking Sites © Users may use fake identities on social networking sites. Attackers use tools such as Get Someones IP or IP-GRABBER to track users’ real identity | Steps to get someone's IP address through chat on Facebook using Get Someones IP tool: © Goto ntep://waw.uyiptest.con/sta © Three fields exict: (neneeeeameent ana Copy the generated link of, Enter any URL you want Open the URL in this field this field and send it to the the target to redirect to and keep checking for ‘targat via chat to get IP target's IP address np ete ray ih gets eet eee || Atto://www.myiptest.com ReproductiModule Flow C\EH Footprinting Concepts Footprinting Threats Footprinting H] Methodology Footprinting Footprinting Counter- measures Footprinting Tools Penetration TestingFootprinting Tool: Vialtego Maltego is a program that can be used to determine the relationships and real world links between people, groups of people (social networks), companies, organizations, websites, Internet infrastructure, phrases, documents, and files Internet Dom: hetp://unoa paterva com 5 ‘EGOFootprinting Tool: Setting Wit n oe omain Name \nformatio ; Oo — : sp: domeinpunch.comFootprinting Tool: Extract targeted company contact data (email, phone, fax) from web for responsible b2b communication © Extract URL, meta tag (title, description, keyword) for website promotion, search directory creation, web research Phone Numbers eePrefix Whols ‘to-Zewhots.or9 tt: /puwunatscantook.com a Te ND RS ennnes Autonomous System Scanner (ASS) tx/oweaenoetw.or9 | | ea NetScanTools Pro tor/owwrsdiggercom fad DNS DIGGER Netmask tte //ranohenoelteusora Binging stp: pau big com Spiderzilla It /filerite.mosdevorg Sam Spade eep /pimeumajergeeks com Robtex ttp://wnvratexcom All RightsTools Corsi) SpiderFoot httes//avembinarypoo.cor Dig Web Interface http://www.digwebinterface.com Zaba Search tt://wrn:cabasearch.com ActiveWhois tie:/fauriohore.com GeoTrace Domain Research Tool CallerIP ntip:/fuuons domainresearchtocl.com tts//wnewscalerippro.cam yoName ‘http://yoname.com ttp://mvn.nabber.org Ping-Probe (_ Domaintostingview s/f pg probe com ep fen bof net Hi & = &Module Flow C/EH Footprinting Concepts Footprinting Threats Footprinting Methodology Footprinting Footprinting Counter- measures Footprinting Tools Penetration Testing Ce ee tee eeeFootprinting Countermeasures Configure routers to restrict the responses to footprinting requests Lock the ports with the eultable firewall configuration Evaluate and limit the amount of information available before publishing it on the website/ Internet and disable the unnecessary ser Prevent cearch engines from exching a web page and use anonymous registration 9 Configure web servers to avoid information leakage and dizable unwanted protocols Use an IDS that can be configured to refuse suspicious traffic and pick up footprinting patterns Perform footprinting techniques and remove any sei information found Enforce eecurity policies to regulate the information that employees can reveal to third partiesFootprinting Countermeasures (Cont'd) Disable directory listings and use split-DNS. | | YY Educate employees about various social engineering tricks and risks on Y_Pesecunapected inpu suchas [<> WZ rach © by EModule Flow C/EH Footprinting Methodology Footprinting Threats Footprinting Concepts _ = @ Footprinting Footprinting Counter- measures Footprinting Tools Penetration Testing Nene ee ee© Footprinting pen testis used to determine organization’ publicly available information on the Internet such as network architecture, operating systems, applications, and! users © The tester attempts to gather as much information as possible about the target organization from the Internet and other publicly accessible sources 4 " Footprinting pen go | tprinting p Prevent information leakage testing helps administrator to: Prevent DNS record retrieval from publically available servers Prevent social engineering attemptsFootprinting Pen Testing (Corse) © START ¥ oa author v Define the scope of the assessment Use search engines "> suchas Google, Yahoo! Search, Bing, ete v = Use tools such as Perform website > ligarse footprinting 7 SS © Get proper authorization and define the scope of the assessment © Footprint search engines such as Google, Yahoo! Search, Ask, Bing, Dogpile, etc. to gather target organization's information such as employee details, login pages, Intranet portals, ete. that helps in performing social engineering and other types of advanced system attacks © Perform website footprinting using tools such as HTTrack Web Site Cop! BlackWidow, Webripper, etc. to build a detailed map of website's structure and architecture. eeeFootprinting Pen Testing (Cont'd) Use tools such as Perform email “> elMailfrackerPro, footprinting PoliteMail, etc. v Use tools such as Gather competitive its Intelligence Businazs Wire, te v Perform Googie Use tools such as GHDB, hacl aol Perform WHOIS footprinting Use tools such as WHOIS Lookup, SmartWheis, etc. e > Copynght © by £6 MetaGoofil, SiteDizgcr, ete. Perform email footprinting using tools such as eMailTrackerPro, PoliteMail, Email Lookup ~ Free Email Tracker, ctc. to gather information about the physical location of an individual to perform social engineering that in turn may help in. mapping target organization's network Gather compatitive intelligence using tools such as Hoovers, LexisNexis, Business Wire, ete. Perform Google hacking using tools such as GHDB, MataGoofil, SiteDiggar, etc. Perform WHOIS footprinting using tools such as WHOIS Lookup, SmartWhols, etc to cracte detailed map of organizational network, to gather personal information that assists to perform social engineering, and to gather other internal network details, ete. I all eghts Reserved. Repreducto aePerform DNS footprinting Use tools such as DIG, NSLookup ete, ree beriomnatwort|..|..» apagertg wae ie oe Petomserl a)...» Dosminnsoast Sra ery ‘ Perform footprinting through cocial networking zitez v peste erin Create a falce identity on > social networking sites such as Facebook, Linkedin, etc. ——) Cea Po Perform DNS footprinting using tools such as DIG, NsLookup, DNS Records, atc. to determine key hosts in the network and perform social engineering attacks Perform network footprinting using tool such as Path Analyzer Pro, VisualRoute 2010, Network Pinger, etc. to create a | map of the targat’s network Implement social engineering techniques such as eavesdropping, shoulder surfing, and dumpster diving that may help to gather more critical information about the target organization Gather target organization employees information from their personal profiles fon social networking sites such as, Facebook, Linkedin, Twitter, Google+, Pinterest, etc. that assist to perform social engineering At the end of pen testing document all the findings eeeFootprinting Pen Testing Report Templates ere eie niet erie eons ao ee Pere 1B Technology patiorme: ear Dt? Peo eet Pt eeccs Peres cos Tree CUS act ees ees C ereenteeecr Paes 4154 ee ee et Pes coer aco Paco eos eect ters Pee een’ Pete eee Pees De ee nea en ae ees ee cs Pe ems es Cee eee eeeent eons a cee Coe eee eet eer Cees coo Information obtained through DNS footorinting [mee es Dee ae eee ers Peer Percent Pr Popes aor Footprinting Pen Testing Report Templates (Conra) afi DNS Re ec aa ened Sens Ce on nd Sere ey Cee eas Ase Coy Information obtained through social networking sites een Ronee aad Ce es Educational and employment backgrounds: co Ce ee ee eeeModule Summary TE Footprinting is the process of collecting as much information as possible about a target network, for identifying various ways to intrude into an organization’s network system 1 Itreduces attacker's attack area to specific range of IP address, networks, domain names, remote access, etc. 1 Attackers use search engines to extract information about a target Information obtained from target’s website enables an attacker to build a detailed map of website's structure and architecture O Competitive intelligence is the process of identifying, gathering, analyzing, verifying, and using information about your competitors from resources such as the Internet DNS records provide important inform: n about location and type of servers (1 Attackers conduct traceroute to extract information about: network topology, trusted routers, and firewall locations Attackers gather sensitive information through social engineering on social networking websites such as Facebook, MySpace, Linkedin, Twitter, Pinterest, Google+, etc. eee enn eee ce