GreyCampus Logo

About

Contact

Premium Resources
Training Courses
Free Resources
Open CampusBlogMock ExamsDownloadables

Footprinting Methodology | Ethical Hacking


Footprinting Methodology



Various methods used to collect information about the target organization. They are


Footprinting through Search Engines


This is a passive information gathering process where we gather information about the target from social media, search engines, various websites etc. Information gathered includes name, personal details, geographical location detrails, login pages, intranet portals etc. Even some target specific information like Operating system details, IP details, Netblock information, technologies behind web application etc can be gathered by searching through search engines


Eg: collecting information from Google, Bingo etc


Google Hacking:


Google hacking refers to collecting information using google dorks (keywords) by constructing search queries which result in finding sensitive information.details collected include compromised passwords, default credentials, competitor information, information related to a particular topic etc.


Eg:inurl:, site:, allintitle etc


Examining HTML Source and Examining Cookies:


Html source codes of a web application may give us an understanding of the application functionality, hidden fields, comments, variable names etc. Cookies are used to identify a user in his session. these cookies may be stored in the browser or passed in the URL, or in the HTTP header.


The entire website can be mirrored using tools like HTTtracker to gather information at our own phase.


Extract website Archives: older versions of website can be obtained
which may reveal some information related to the target.


eg: www.archive.org


Email Footprinting


email header reveals information about the mail server, original sender’s email id, internal IP addressing scheme, as well as the possible architecture of the target network


Competitive Intelligence


Competitive intelligence gathering is the process of gathering information about the competitors from resources such as the Internet.


Eg: company website, search engine, internet, online databases, press releases, annual reports, trade journals


Google Hacking/Google Dorks


This is a process of creating search queries to extract hidden information by using Google operators to search specific strings of text inside the search results.


Some google operators, site, allinurl, inurl, allintitle


Whois Footprinting


Whois databases and the servers are operated by RIR - Regional Internet Registries. These databases contain the personal information of Domain Owners. Whois is a Query response protocol used for querying Whois databases and its protocol is documented in RFC 3912. Whois utility interrogates the Internet domain name administration system and returns the domain ownership, address, location, phone numbers, and other details about a specified domain name.


DNS Footprinting


DNS is a naming system for computers that converts human-readable domain names into computer readable IP-addresses and vice versa.DNS uses UDP port 53 to serve its requests. A zone subsequently stores all information, or resource records, associated with a particular domain into a zone file; Resource records responded by the name servers should have the following fields:



  • Domain Name — Identifying the domain name or owner of the records


  • Record Types — Specifying the type of data in the resource record


  • Record Class — Identifying a class of network or protocol family in use


  • Time to Live (TTL) — Specifying the amount of time a record can be stored in cache before discarded.


  • Record Data — Providing the type and class dependent data to describe the resources.



A (address)—Maps a hostname to an IP address


SOA (Start of Authority)—Identifies the DNS server responsible for the domain information


CNAME (canonical name)—Provides additional names or aliases for the address record


MX (mail exchange)—Identifies the mail server for the domain


SRV (service)—Identifies services such as directory services


PTR (pointer)—Maps IP addresses to hostnames


NS (name server)—Identifies other name servers for the domain


HINFO = Host Information Records


DNS servers perform zone transfers to keep themselves up to date with the latest information. A zone transfer of a target domain gives a list of all public hosts, their respective IP addresses, and the record type.


Footprinting through Social Engineering:


Social media like twitter, facebook are searched to collect information like personal details, user credentials, other sensitive information using various social engineering techniques. Some of the techniques include



  • Eavesdropping: It is the process of intercepting unauthorized communication to gather information

  • Shoulder surfing: Secretly observing the target to gather sensitive information like passwords, personal identification information, account information etc

  • Dumpster Diving: This is a process of collecting sensitive information by looking into the trash bin. Many of the documents are not shredded before disposing them into the trash bin . Retrieving these documents from trash bin may reveal sensitive information regarding contact information, financial information, tender information etc.

  • Footprinting countermeasures:

    • Creating awareness among the employees and users about the dangers of social engineering

    • Limiting the sensitive information

    • encrypting sensitive information

    • using privacy services on whois lookup database

    • Disable directory listings in the web servers

    • Enforcing security policies






GreyCampus Logo
Company
AboutContactTerms of UsePrivacy Policy
Resources
BlogOpenCampus
Bootcamps
Data Science CoursePower BI CourseApplied Generative AI CourseCertificate Program in Data Science and Machine Learning