SUNIL KUMAR GOLEY TAMANG

Lab Assignments

SUNIL KUMAR GOLEY TAMANG

EC-Council University

COURSE#: Footprinting and Reconnaissance

Dr. Chike Patrick Chike

15/07/2024

1
 2
SUNIL KUMAR GOLEY TAMANG
Task 1) Gather information about a Target website using Ping

command Line Utility

1) Steps for the use of Ping command Line Utility to find information on a Target Website

Here we use ping command for the certifiedhacker.com

2) In this below picture we found the IP Address of the target and about the packets details like send, received
 3
SUNIL KUMAR GOLEY TAMANG
3) In this below figure we try to find the size of framework. let us, try 1500 but the response is Packets needs to

be fragmented but DF set.

4) Let us try different size to find the maximum size limit. Let’s put the value 1300. We get,
 4
SUNIL KUMAR GOLEY TAMANG
5) Let us try 1473 and run the command once more. Here, we can see we are near to the limit

6) Put the value 1472 and let’s see

We can see it has returned value and we can find that the maximum frame size is 1472 and has returned
successful ping.

7) Now what happens when TTL is expired? For this lets run a command, in this command we put the value of (-
i) from 2 until the TTL value is shown.
 5
SUNIL KUMAR GOLEY TAMANG

8) Let us add (-n)=1 value to check the life span of the packet. And the command seems like to be
 6
SUNIL KUMAR GOLEY TAMANG

Like this we run the command by changing the value of (-i) until we find the transmit value

At last we found the value 19 which gives TTL value and the IP Host can also be found here.

Answering the Questions given in the lab assignment

1) When would you use a local loopback test?
Loopback test means process of sending digital data streams from a source back to the same point
without any intentional modifications. It is usually used to determine whether a device works properly
or if there are any failing nodes in a network. When you create a local loopback, you create an internal
loop on the interface. It loops the traffic internally on PIC. Though we know that it does not test
transmit and received ports but test internal connection of PIC.
 7
SUNIL KUMAR GOLEY TAMANG

2) Explain the difference(s) between using ping and hping? When do you use the hping Utility?
The Difference between using Ping and hping are as follows:
Hping is a free TCP/IP packet generator and analyzer created by Salvatore Sanfilippo (also known as
Antirez) that is similar to the ping utility; however, it has more functionality than the sending of a
simple ICMP echo request that ping is usually used for. Hping can be used to send large volumes of
TCP traffic at a target while spoofing the source IP Addresses, making it appear random or even
originating from a specific user-defined source.
3) Differentiate between hping and nmap scanning tools?
NMAP is a more comprehensive tool that provides a wealth of features for network exploration,
management, and security auditing, while HPing is a specialized tool that focuses on low-level
network communication and testing. The choice between the two will depend on the specific needs
and requirements of the user.
4) At what point in network troubleshooting do you use the traceroute and nslookup utility tools?

If you are experiencing network connectivity issue, you can use nslookup to check whether a domain
name resolves to the correct IP address or to identify DNS servers that are not responding.
An Internet Protocol (IP) tracer is helpful for figuring out the routing hops data has to go through, as
well as response delays as it travels across nodes, which are what send the data toward its destination.
Traceroute also enables you to locate where the data was unable to be sent along, known as points of
failure.

5) Discuss two tools to gather information about a target website?

i) Network Mappers and Port Scanners
Network mappers and port scanners play a significant role in the information gathering process. A
network mapper like Nmap:
 Scan open ports
 Recognize services operating on those ports
 Generate visual maps based on data from regular scans to ensure the accuracy of network
information
They are vital in identifying network devices, components, and connections, and contribute to the
maintenance of precise records for thorough analysis and security evaluations.
These tools pinpoint open ports by dispatching packets to a range of ports on a network and
subsequently analyzing the responses. They also play a crucial role in identifying vulnerable services
by conducting port scanning on specified ports and analyzing responses from those services.

ii) Packet Sniffers and Protocol Analyzers

Another integral set of tools for information gathering are packet sniffers and protocol analyzers, like
Wireshark. They:
 Capture and analyze network packets to diagnose network issues and monitor network traffic
 Enable users to filter and drill down into the data
 Store captured information for offline analysis
By capturing live packet data and analyzing it in real-time, these tools offer valuable insights for network
troubleshooting and optimization.
Notable packet sniffers and protocol analyzers include:
 Wireshark
 Auvik
 ManageEngine NetFlow Analyzer
 8
SUNIL KUMAR GOLEY TAMANG
 SolarWinds Network Packet Sniffer
 Paessler PRTG
 Tcpdump
 WinDump
 NetworkMiner
 Colasoft

References

1) https://www.juniper.net/documentation/us/en/software/junos/interfaces-ethernet/topics/topic-map/ethernet-

fast-and-gigabit-loopback-testing.html#:~:text=A%20local%20loopback%20tests%20the,a%20local%20or

%20remote%20statement.

2) https://www.radware.com/security/ddos-knowledge-center/ddospedia/hping/#:~:text=Hping%20is%20a

%20free%20TCP,ping%20is%20usually%20used%20for.

3) https://www.google.com/search?q=3)+Differentiate+between+hping+and+nmap+scanning+tools

%3F&rlz=1C1CHBD_enNP1027NP1027&oq=3)%09Differentiate+between+hping+and+nmap+scanning+to

ols

%3F&gs_lcrp=EgZjaHJvbWUyBggAEEUYOTIHCAEQIRigATIHCAIQIRigATIHCAMQIRigATIHCAQQI

RigAdIBCDExODlqMGo0qAIAsAIA&sourceid=chrome&ie=UTF-8

4) https://www.google.com/search?

q=At+what+point+in+network+troubleshooting+do+you+use+the+traceroute+and+nslookup+utility+tools

%3F&sca_esv=458fc5d25ecd7a59&sca_upv=1&rlz=1C1CHBD_enNP1027NP1027&sxsrf=ADLYWIIhxHrd

5CkRSgc-wpTCdron34iGWQ

%3A1720826854650&ei=5ruRZo2uJ7CpkdUP0Nup4Ao&ved=0ahUKEwiNuZDL06KHAxWwVKQEHdBt

CqwQ4dUDCA8&uact=5&oq=At+what+point+in+network+troubleshooting+do+you+use+the+traceroute+a

nd+nslookup+utility+tools

%3F&gs_lp=Egxnd3Mtd2l6LXNlcnAiXkF0IHdoYXQgcG9pbnQgaW4gbmV0d29yayB0cm91Ymxlc2hvb3R

pbmcgZG8geW91IHVzZSB0aGUgdHJhY2Vyb3V0ZSBhbmQgbnNsb29rdXAgdXRpbGl0eSB0b29scz9IAF

AAWABwAHgBkAEAmAEAoAEAqgEAuAEDyAEA-AEBmAIAoAIAmAMAkgcAoAcA&sclient=gws-

wiz-serp

5) https://www.recordedfuture.com/threat-intelligence-101/intelligence-sources-collection/information-

gathering
 9
SUNIL KUMAR GOLEY TAMANG
6) https://www.techopedia.com/definition/25794/loopback-test

Task 2) Gathering information about a Target website using

Central OPS

1) Opening central ops website in windows 11

2) Here target website is www.certifiedhacker.com

 10
SUNIL KUMAR GOLEY TAMANG

3) A search result for the given target showing Address lookup, Domain

whois record, as shown in the screenshot

 11
SUNIL KUMAR GOLEY TAMANG

4) An Attacker can get information about network and domain through

this information gathering tool.
 Scroll down to view information such as Network Whois record and DNS record, as shown in the screenshot.
The attacker can use injection attack with this data to an organization.
 12
SUNIL KUMAR GOLEY TAMANG

Questions

Q) Describe any four social engineering techniques to gather

information.

The four social engineering techniques to gather information of an target are as follows:

I) Phising
Phising refers an attempt to steal sensitive information, typically in the form of usernames,

passwords, credit card numbers, bank account information or other important data in order to utilize

or sell the stolen information. By masquerading as a reputable source with an enticing request, an

attacker lures in the victim in order to trick them, similarly to how a fisherman uses bait to catch a

fish. As one of the most popular social engineering attack types, phising scams are email and text

message campaigns aimed at creating a sense of urgency, curiosity or fear in victims. It then prods

them into revealing sensitive information, clicking on links to malicious websites, or opening

attachments that contain malware. An example is an email sent to users of an online service that

alerts them of a policy violation requiring immediate action on their part, such as a required

password change. It includes a link to an illegitimate website—nearly identical in appearance to its

 13
SUNIL KUMAR GOLEY TAMANG
legitimate version—prompting the unsuspecting user to enter their current credentials and new

password. Upon form submittal the information is sent to the attacker. Given that identical, or near-

identical, messages are sent to all users in phishing campaigns, detecting and blocking them are

much easier for mail servers having access to threat sharing platforms.

II) Spear phising

Spearphishing, or CEO scam, stands out for its precision and high degree of personalization. Where a

classic phishing attack can be sent to thousands of people, spear phishing will focus on a much

smaller and more targeted panel of people. By usurping the identity of a CEO to trap an employee,

for example, the hacker ensures a higher climate of trust and unfortunately a maximum success rate.

This is a more targeted version of the phishing scam whereby an attacker chooses specific

individuals or enterprises. They then tailor their messages based on characteristics, job positions, and

contacts belonging to their victims to make their attack less conspicuous. Spear phishing requires

much more effort on behalf of the perpetrator and may take weeks and months to pull off. They’re

much harder to detect and have better success rates if done skilfully. A spear phishing scenario might

involve an attacker who, in impersonating an organization’s IT consultant, sends an email to one or

more employees. It’s worded and signed exactly as the consultant normally does; thereby deceiving

recipients into thinking it’s an authentic message. The message prompts recipients to change their

password and provides them with a link that redirects them to a malicious page where the attacker

now captures their credentials.

III) Reverse social engineering

Reverse Social Engineering (RSE) is a form of social engineering attack. It has the same aim as a

typical social engineering attack but with a completely different approach. It is a person-to-person

attack where the attacker makes direct contact with the target for compel them into divulging

sensitive information. In most cases, the hacker establishes contact with the target through emails and
 14
SUNIL KUMAR GOLEY TAMANG
social media platforms, using multiple schemes and pretending to be a benefactor or skilled security

personnel to convince them to provide access to their system/network. Though this technique may

seem outdated and ridiculous, it has proved highly effective, especially when the victim's

system/network shows signs of being compromised. Here an attacker obtains information through a

series of cleverly crafted lies. The scam is often initiated by a perpetrator pretending to need sensitive

information from a victim so as to perform a critical task. The attacker usually starts by establishing

trust with their victim by impersonating co-workers, police, bank and tax officials, or other persons

who have right-to-know authority. The pretexter asks questions that are ostensibly required to

confirm the victim’s identity, through which they gather important personal data.All sorts of

pertinent information and records is gathered using this scam, such as social security numbers,

personal addresses and phone numbers, phone records, staff vacation dates, bank records and even

security information related to a physical plant.

IV) Maltego
Maltego is software used for open source intelligent and forensics, developed by Paterva
from Pretoria, South Africa. Maltego focuses on providing a library of transforms for discovery of
data from open sources, and visualizing that information in a graph format. For effective and
successful penetration testing information gathering is the key. Maltego is one of the best
information gathering and data mining tools. In Maltego alone, users can query all types of data
thanks to data integrations with Shodan, WHOIS, TinEye, The Wayback Machine, VirusTotal,
ATT&CK, and MISP, Pipl, Orbis, and more.

References
1) https://www.imperva.com/learn/application-security/social-engineering-attack/

2) https://www.cloudflare.com/learning/access-management/phishing-attack/

3) https://www.mailinblack.com/ressources/glossaire/quest-ce-que-le-spearphishing/

4) https://aware.eccouncil.org/what-is-reverse-social-engineering.html

5) https://cybervie.com/blog/what-is-maltego-how-to-use-it-for-information-gathering/