Gathering

Target
Information
CHAPTER 2
Topics
2.1 TRACE FOOTPRINTING
TECHNIQUES USING TOOLS
2.2 EXPLAIN SOCIAL ENGINEERING
2.1 Trace Footprinting
techniques using tools
Reconnaissance
and Footprinting
 Reconnaissance
Reconnaissance is a set of processes and techniques
(Footprinting, Scanning & Enumeration) used to covertly
discover and collect information about a target system.
During reconnaissance, an ethical hacker attempts to
gather as much information about a target system as
possible, following the seven steps listed below −
Gather initial information
Determine the network range
Identify active machines
Discover open ports and access points
Fingerprint the operating system
Uncover services on ports
Map the network
 FOOTPRINTING
Footprinting is a part of reconnaissance process
which is used for gathering possible information
about a target computer system or network.
Footprinting could be both passive and active.
Reviewing a company’s website is an example of
passive footprinting, whereas attempting to gain
access to sensitive information through social
engineering is an example of active information
gathering.
 FOOTPRINTING

During this phase, a hacker can collect the following

information:
Domain name
IP Addresses
Namespaces
Employee information
Phone numbers
E-mails
Job Information
 INFORMATION TO BE GATHERED ABOUT A
TARGET

Any basic cybersecurity information gathering process often includes these

two types of data collection goals:
Collecting network data: Such as public, private and associated domain
names, network hosts, public and private IP blocks, routing tables, TCP
and UDP running services, SSL certificates, open ports and more.
Collecting system-related information: This includes user enumeration,
system groups, OS hostnames, OS system type (probably
by fingerprinting), system banners
COMMON WEBSITE
USED FOR
FOOTPRINTING
 1. DOMAIN NAME INFORMATION
You can use whois website to get detailed information about a domain name information
including its owner, its registrar, date of registration, expiry, name server, owner's contact
information, etc.
 2. FINDING IP ADDRESS
You can use ping command at your prompt. This
command is available on Windows as well as on
Linux OS.
Following is the example to find out the IP address of
tutorialspoint.com
3. Finding Hosting Company
Once you have the website address, you
can get further detail by using ip2location
website.
 4. IP Address Ranges
Small sites may have a single IP address associated with
them, but larger websites usually have multiple IP
addresses serving different domains and sub-domains.
You can obtain a range of IP addresses assigned to a
particular company using American Registry for Internet
Numbers (ARIN).
4. IP Address Ranges
 5. HISTORY OF
THE WEBSITE
It is very easy to get a complete history
of any website using www.archive.org
COMMON TOOL
USED FOR
FOOTPRINTING
INFORMATION GATHERING
METHODOLOGY
 INFORMATION GATHERING
USING SEARCH ENGINES

Information gathering can be done using technical and nontechnical

methods.
Technical methods rely on computer-aided techniques for collecting
information.
Using nontechnical techniques usually by using Google dork.
 INFORMATION GATHERING
USING SEARCH ENGINES

Basically, everytime we launch a search we make a query to the

web search engine: there are some particular expressions known to
the engine, called Advanced Search Operators, which make a
search more effective.
Queries built like these are also called “Google dorks”.
Try it!
2.2 Explain Social Engineering
 SOCIAL
ENGINEERING

Social engineering is the

psychological manipulation of
people into performing actions
or divulging confidential
information.
 HUMAN-BASED
SOCIAL
ENGINEERING
a. Impersonate as important user
b. Pose as third person
c. Call technical support
d. Shoulder surfing
e. Dumpster Diving
A. IMPERSONATE AS
IMPORTANT USER
Acting like someone else to get access to the
information.
They may act as a legitimate user and request for
information or they pose as a higher authority and
may ask for sensitive information or they pose as a
technical support person and try to gather
sensitive and confidential details.
B. POSE AS THIRD
PERSON
Posing as a fellow employee
An employee of a vendor or partner company, or
auditor
As a new employee requesting help
Pretending to be from a remote office and asking
for email access locally
As someone in authority
A system manufacturer offering a system update
or patch
C. CALL TECHNICAL
SUPPORT
A person who uses social engineering
to impersonate a tech support worker can have
devastating effects on a network.
This is an effective attack vector, because it can
give an attacker physical access to network
computers.
It only takes a matter of seconds for someone to
compromise a computer with physical access.
 C. SHOULDER SURFING

It is a direct observation technique like

looking over someone’s shoulder to know
the sensitive information like password,
pin numbers, etc.
E. DUMPSTER DIVING

Any confidential or sensitive document

should be properly shredded before
disposed into the dustbin.
If not, an attacker may just look into
the dustbin to access the confidential
information.
OTHER TYPES ARE HUMAN-
BASED ATTACKS ARE:
Tailgating: When an authorized person enters into a restricted
area, the unauthorised person also enters the restricted AREA
without the employee’s knowledge.
Piggybacking: Here the attacker may pose as an employee and ask
the authorised employee to allow him to enter along with him. He
may give fake reasons like he forgot his smart badge, etc.
Eavesdropping: Unauthorised listening to conversations thereby
collecting important data is called as eavesdropping.
Computer-Based
Social Engineering:
a. Insider attacks
b. Identity theft
c. Phishing attacks
d. Online scams
e. URL Obfuscation
 A. Insider attacks

An insider attack is very difficult to detect.

If a disgruntled employee wants to take revenge;
he can install malicious applications to steal/modify
information, causing significant damage to the
organization or he can be bribed by the competitor
to reveal or steal company secrets, intellectual
property information, etc.
 B. Identity theft

Identity theft is the deliberate use of someone

else's identity, usually as a method to gain a
financial advantage or obtain credit and other
benefits in the other person's name, and perhaps to
the other person's disadvantage or loss
C. Phishing attacks

Phishing involves sending an e-mail, usually posing as a

bank, credit-card company, or other financial
organization.
The e-mail requests that the recipient confirm banking
information or reset passwords or PIN numbers.
The user clicks the link in the e-mail and is redirected to
a fake website.
The hacker is then able to capture this information and
use it for financial gain or to perpetrate other attacks.
D. Online scams

Internet scams are different methodologies of Fraud,

facilitated by cybercriminals on the Internet.
Scams can happen in a myriad of ways- via phishing
emails, social media, SMS messages on mobile phone,
fake tech support phone calls, scareware and more.
The main purpose of these types of scams can range
from credit card theft, capturing user login and password
credentials and even identity theft.
D. URL Obfuscation

Is a web address that has been obscured or concealed

and has been made to imitate the original URL of a
legitimate website.
It is done to make users access a spoof website rather
than the intended destination.
Obfuscated URLs are one of the many phishing attacks
that can fool Internet users.
Social Engineering
Countermeasures
Train employees to demand proof of identity over the phone and in
person.
Define values for types of information, such as dial-in numbers, user
names, passwords, network addresses, etc. The greater the value, the
higher the security around those items should be maintained.
If someone requests privileged information, have employees find out
why they want it and whether they are authorized to obtain it.
Verify information contained in e-mails and use bookmarked links
instead of links in e-mails to go to company Web sites.
Dispose of sensitive documents securely, such as shredding or
incinerating.
Dispose of disks and devices securely by shredding floppy disks or
overwriting disks with all 1's, all 0's, then all random characters.
THANK YOU