Professional Documents
Culture Documents
2008 Batch-I
Module II
Footprinting
Scenario
Reconnaissance refers to
the preparatory phase
Clearing
where an attacker seeks
Reconnaissance
Tracks to gather as much
information as possible
about a target of
evaluation prior to
Scanning
Maintaining launching an attack.
Access
It involves network
scanning, either external
Gaining
Access or internal, without
authorization.
Defining Footprinting
Commonly includes:
Domain name lookup
Locations
Contacts (Telephone/
mail)
Information Sources:
Open source
Whois
Nslookup
Hacking Tool:
Sam Spade
Passive Information Gathering
Whois
Nslookup
ARIN
Neo Trace
VisualRoute Trace
SmartWhois
VisualLookout
eMailTrackerPro
Whois
Registrant:
targetcompany (targetcompany-DOM)
# Street Address
City, Province
State, Pin, Country
Domain Name: targetcompany.COM
Administrative Contact:
Surname, Name (SNIDNo-ORG) targetcompany@domain.com
targetcompany (targetcompany-DOM) # Street Address
City, Province, State, Pin, Country
Telephone: XXXXX Fax XXXXX
Technical Contact:
Surname, Name (SNIDNo-ORG) targetcompany@domain.com
targetcompany (targetcompany-DOM) # Street Address
City, Province, State, Pin, Country
Telephone: XXXXX Fax XXXXX
http://www.btinternet.com/~simon.m.parker/IP-
utils/nslookup_download.htm
Nslookup is a program to query Internet domain name
servers. Displays information that can be used to
diagnose Domain Name System (DNS) infrastructure.
Helps find additional IP addresses if authoritative DNS
is known from whois.
MX record reveals the IP of the mail server.
Both Unix and Windows come with an Nslookup client.
Third party clients are also available – e.g. Sam Spade.
Scenario (contd.)
Ideally,
what is the extent of information that should be revealed to
Adam during this quest?
Are there any other means of gaining information? Can he use the
information at hand in order to obtain critical information?
What are the implications for the target company? Can he cause
harm to targetcompany.com at this stage?
Locate the Network Range
Commonly includes:
Finding the range of IP
addresses
Discerning the subnet mask
Information Sources:
ARIN (American Registry of
Internet Numbers)
Traceroute
Hacking Tool:
NeoTrace
Visual Route
ARIN
http://www.arin.net/whois/
ARIN allows for a search
of the whois database in
order to locate
information on a
network’s autonomous
system numbers (ASNs),
network-related handles
and other related point
of contact (POC).
ARIN whois allows for
the querying of the IP
address to help find
information on the
strategy used for subnet
addressing.
Screenshot: ARIN Whois Output
www.visualware.com/download/
http://www.softdepia.com/smartwhois_download_491.html
http://www.visualware.com/
VisualLookout provides high level
views as well as detailed and
historical views that provide traffic
information in real-time or on a
historical basis.
In addition the user can request a
"connections" window for any
server, which provides a real-time
view of all the active network
connections showing
who is connected,
what service is being used,
whether the connection is
inbound or outbound, and
how many connections are
active and how long they have
been connected.
Screenshot: VisualRoute Mail Tracker
Mail Tracking is a
tracking service that
allows the user to track
when his mail was read,
how long the message
was open and how often
it was read. It also
records forwards and
passing of sensitive
information (MS Office
format)
Summary