Vous êtes sur la page 1sur 83

CEH Lab Manual

Footprinting a n d R e c o n n a i s s a n c e M o d u l e 02

Module 0 2 - Footprinting and R e co n n a issa n ce

Footprinting a Target Network


F o o tp rin tin g re fe rs to u n co verin g a n d co lle ctin g a s m uch in fo rm a tio n a s p o ssib le reg ard in g a ta rg e t n etn o rk

L a b S c e n a r io Valuable m fonnation____ Test your know ledge


sA m

Penetration testing is much more than just running exploits against vulnerable systems like we learned about

111

the previous module.

111

fact, a penetration test

begins before penetration testers have even made contact w ith the vic tim s systems. Rather than blindly throwing out exploits and praying that one o f them returns a shell, a penetration tester meticulously studies the environm ent for potential weaknesses and their mitigating factors. By the time a penetration tester runs an exploit, he or she is nearly certain that it w ill be successful. Since failed exploits can

Web ex ercise Workbook review

111

some cases cause a crash or even damage to a victim

system, or at the very least make the victim un-exploitable

111

the fiiUire,

penetration testers w on't get the best results, or deliver the most thorough report to then clients, i f they blindly turn an automated exploit machine on the victim netw ork w ith no preparation.

L a b O b je c t iv e s
T he objective o f the lab is to extract inform ation concerning the target organization that includes, but is not lim ited to: IP address range associated w ith the target Purpose o f organization and w h y does it exists H o w big is the organization? W h a t class is its assigned IP Block? Does the organization freely provide inform ation on the type o f operating systems employed and netw ork topology 111 use? Type o f firewall im plem ented, either hardware or software or com bination o f both Does the organization allow wireless devices to connect to wired networks? Type o f rem ote access used, either SSH or \ T N Is help sought on I T positions that give inform ation on netw ork services provided by the organization?

C E H Lab Manual Page 2

Ethical Hacking and Countemieasures Copyright by EC-Council All Rights Reserved. Reproduction is Stricdy Prohibited.

Module 0 2 - Footprinting and R e co n n a issa n ce

IdentitV organizations users w h o can disclose their personal inform ation that can be used fo r social engineering and assume such possible usernames

& Tools dem onstrated in this lab are available in D:\CEHTools\CEHv8 Module 02 Footprinting and Reconnaissance

L a b E n v ir o n m e n t
Tins lab requires: Windows Server 2012 as host machine A web browser w ith an Internet connection Administrative privileges to

11111 tools

L a b D u r a t io n
Time: 50 ]Minutes

O v e r v ie w o f F o o t p r in t in g
Before a penetration test even begins, penetration testers spend tune w ith their clients working out the scope, mles, and goals ot the test. The penetration testers may break

111 using any means

necessary, from information found

111 the

dumpster,

to web application security holes, to posing as the cable guy. A fter pre-engagement activities, penetration testers begin gathering information about their targets. O ften all the information learned from a client is the list o f IP addresses a n d /o r web domains that are

111

scope. Penetration testers then learn as

much about the client and their systems as possible, from searching for employees on social networking sites to scanning die perimeter for live systems and open ports. Taking all the information gathered into account, penetration testers sftidv the systems to find the best routes o f attack. Tins is similar to what an attacker would do or what an invading army would do when trying to breach the perimeter. Then penetration testers move into vulnerabilitv analysis, die first phase where they are actively engaging the target. Some might say some port scanning does complete connections. However, as cybercrime rates nse, large companies, government organizations, and other popular sites are scanned quite frequendy. During vulnerability analysis, a penetration tester begins actively probing the victim systems for vulnerabilities and additional information. O nly once a penetration tester has a hill view o f the target does exploitation begin. Tins is where all o f the information that has been meticulously gathered comes into play, allowing you to be nearly 100% sure that an exploit will succeed. Once a system has been successfully compromised, the penetration test is over, right? Actually, that's not nglit at all. Post exploitation is arguably the most important part o f a penetration test. Once you have breached the perimeter there is whole new set o f information to gather. Y o u may have access to additional systems that are not available from the perimeter. The penetration test would be useless to a client without reporting. Y o u should take good notes during the other phases, because during reporting you have to tie evervdiing you found together 111 a way

C E H Lab Manual Page 3

Ethical Hacking and Countemieasures Copyright by EC-Council All Rights Reserved. Reproduction is Stricdy Prohibited.

Module 0 2 - Footprinting and R e co n n a issa n ce

everyone from the I T department who w ill be remediating the vulnerabilities to the business executives who will be approving die budget can understand.
m

TASK 1
Overview

Lab T asks
Pick an organization diat you feel is worthy o f vour attention. Tins could be an ed u c a tio n a l in stitu tion , a co m m e rcia l com pany. charity. Recommended labs to assist you

01 perhaps

a nonprofit

111 footprinting;

Basic N etw o rk Troubleshooting Using the ping u tility and nslookup Tool People Search Using Anyw ho and Spokeo Online Tool Analyzing D om ain and IP Address Queries Using Sm artW hois N etw o rk Route Trace Using Path A nalyzer Pro Tracing Emails Using e M a ilT ra c k e rP ro T oo l Collecting Inform ation A bout a targets Website Using Firebug Mirroring Website Using H T T ra c k W eb S ite C opier Tool Extracting Companys Data Using W eb D ata E x tra c to r Identifying Vulnerabilities and Inform ation Disclosures using S earch Diggity

111 Search Engines

L a b A n a ly s is
Analyze and document the results related to die lab exercise. Give your opinion your targets security posture and exposure through public and tree information.

011

P L E A S E TALK TO YOUR I NSTRUCTOR IF YOU HAVE QUESTIONS R EL A TE D TO THI S LAB.

C E H Lab Manual Page 4

Ethical Hacking and Countermeasures Copyright by EC-Council All Rights Reserved. Reproduction is Stricdy Prohibited.

Module 0 2 - Footprinting and R e co n n a issa n ce

Lab

Footprinting a Target Network Using the Ping Utility


P in g is a co m p uter n etw o rk a d m in is tra ti

0 )1 u tility

u sed to te s t th e re a c h a b ility o f a

h o st on a n In te rn e tp ro to c o l (IP ) n e tw o rk a n d to m easure th e ro n n d - trip tim e fo r m essages se n tfro m th e o rig in a tin g h o st to a d e stin a tio n com puter.

I CON KEY [ Z 7Valuable information Test your know ledge_____ * Web ex ercise Workbook review

L a b S c e n a r io
As a professional p e n e tra tio n te s te r, you w ill need to check for the reachability o f a com puter

111

a network. Ping is one o f the utilities that w ill allow you to

gather im portant inform ation like IP address, m axim um P a c k e t Fam e size, etc. about the network com puter to aid

111 successful

penetration test.

L a b O b je c t iv e s
Tins lab provides insight into the ping com m and and shows h ow to gather inform ation using the ping command. T he lab teaches h ow to: Use ping Em ulate the tracert (traceroute) com m and w ith ping Find m axim um frame size for the network Identity IC M P type and code for echo request and echo reply packets

& Tools dem onstrated in this lab are available in D:\CEHTools\CEHv8 Module 02 Footprinting and Reconnaissance

L a b E n v ir o n m e n t
T o carry out tins lab you need: A dm inistrative privileges to run tools TCP/IP settings correctly configured and an accessible DNS server Tins lab w ill w o rk 111 the C E H lab environm ent - on W indow s S erver 20 1 2 . W indow s 8, W indow s S erver 2 0 0 8 , and W indow s 7

C E H Lab Manual Page 5

Ethical Hacking and Countermeasures Copyright by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited.

Module 0 2 - Footprinting and R e co n n a issa n ce

L a b D u r a t io n
Tune: 10 Minutes

O v e r v ie w o f P in g
& PING stan d s for Packet Internet Groper. Ping com m and S yntax: ping [-q] [-v] [-R ] [-c Count] [-iWait] [-s PacketSize] Host. The ping command sends Internet Control Message Protocol (ICMP) echo request packets to the target host and waits tor an ICMP response. D uring tins requestresponse process, ping measures the tune from transmission to reception, known as die round-trip tim e, and records any loss o f packets.

Lab T asks
1. 2. Find the IP address tor h ttp :/ Avww.cert 1hedhacker.com T o launch S ta rt menu, hover the mouse cursor in the low er-left corner o f the desktop

FIGURE 1 .1 :W indow sS erver 2012 Desktopview Locate IP Address 3. Click Com m and Prom pt app to open the com m and pro m p t w in do w

FIGURE 1 .2 :W indow sS erver 2012 A pps Type ping w w w .c e rtifie d h a c k e r.c o m For the com m and, ping -c count, specify the num ber of echo requests to send. press E nter to find out its IP address
b.

111 the

com m and prom pt, and

T h e displayed response should be similar to the one shown following screenshot

111 the

C E H Lab Manual Page 6

Ethical Hacking and Countermeasures Copyright by EC-Council All Rights Reserved. Reproduction is Stricdy Prohibited.

Module 0 2 - Footprinting and R e co n n a issa n ce

Administrator: C:\Windows\system32\cmd.exe

!* '

'

m The ping command, ping i wait, m eans wait tim e, that is the num ber of seconds to wait betw een each ping.

C:\)ping uuu.certifiedhacker.com Pinging www.certifiedhacker.com [202.75.54.1011 with 32 bytes of data: Request timed out. Reply from 202.?5.54.101: bytes=32 time=267ms TTL=113 Reply fron 202.75.54.101: bytes=32 time=288ms TTL=113 Reply fron 202.75.54.101: bytes=32 time=525ms TTL=113 Ping statistics for 202.75.54.101: Packets: Sent = 4, Received = 3, Lost = 1 <25z loss), Approximate round trip times in m illi seconds: Minimum = 267ms, M axim um = 525ms, Overage = 360m s C:\>

FIGURE 1 .3 : The pingcom m and toextract die IP ad d re s sfor w w w .certifiedhacker.com

6. Y o u receive the IP address o f www.certifledhacker.com that is


2 0 2 .7 5 .5 4 .1 0 1 Y o u also get inform ation on Ping S ta tis tic s , such as packets sent, packets received, packets lost, and A pp ro xim ate round-trip tim e N o w , find out the m axim um frame size

011

the network. 111 the

com m and prom pt, type ping w w w .c e rtifie d h a c k e r.c o m - f - l 1 500 Finding Maximum Frame Size
Administrator: C:\Windows\system32\cmd.exe

:\< ping www.certifiedhacker.com -f 1 1500 !Pinging www.certifiedhacker.com [202.75.54.101] with 1500 bytes of data: Packet needs to be fragmented but U P set. Packet needs to be fragmented but D F set. Packet needs to be fragmented but D F set. Packet needs to be fragmented but D F set. Ping statistics for 202.75.54.101: Packets: Sent = 4, Received = 0, Lost = 4 <100* loss).

m Request time out is displayed because either the m achine is down or it im plem ents a packet filter/firewall.

FIGURE 1 .4: The pingcom m andforw w w .certifiedhacker-comwidi f 11500 options 9. T h e display P a c k e t needs to be fragm ented but DF s e t means that the frame is too large to be 011 the netw ork and needs to be fragmented. Since w e used - f switch w ith the ping command, the packet was not sent, and the ping command returned tins error 10. Type ping w w w .c e rtifie d h a c k e r.c o m - f - l 1 3 0 0
Administrator: C:\Windows\system32\cmd.exe
! - ! = X '

m In the ping command, option fm eans dont fragm ent.

Ic:\>jping www.certifiedhacker.com - f -1 1300 Pinging www.certifiedhacker.com [202.75.54.101] with 1300 bytes of data: Reply from 202.75.54.101: bytes=1300 time=392ms TTL=114 Reply from 202.75.54.101: bytes=1300 time=362ms TTL=114 Reply from 202.75.54.101: bytes=1300 time=285ms TTL=114 Reply from 202.75.54.101: bytes=1300 time=331ms TTL=114 Ping statistics for 202.75.54.101: Packets: Sent = 4, Received = 4, Lost = 0 <0X loss), Approximate round trip times in m illi seconds: M inim um = 285ms, M axim um = 392ms, Average = 342m s C:\>

FIGURE 1 .5 : The pingcom m and forw w w .certifiedhacker.comwith f 11300options

C E H Lab Manual Page 7

Ethical Hacking and Countermeasures Copyright by EC-Council All Rights Reserved. Reproduction is Stricdy Prohibited.

Module 0 2 - Footprinting and R e co n n a issa n ce

11. Y o u can see that the m axim um packet size is less than 1 5 0 0 bytes and m ore than 1 3 0 0 bytes In die ping com m and, Ping q, m eans quiet output, only sum m ary lines at startup and com pletion. 12. N o w , try different values until you find the m axim um frame size. F or instance, ping w w w .c e rtifie d h a c k e r.c o m - f - l 1 4 7 3 replies w ith P a c k e t needs to be fra g m e n te d but DF s e t and ping w w w .c e rtifie d h a c k e r.c o m - f - l 1 4 7 2 replies w ith a su ccessfu l ping. I t indicates that 1472 bytes is the m axim um frame size o il tins machine netw ork Note: T h e m axim um frame size w ill d iffer depending upon on the netw ork
Administrator: C:\Windows\system32\cmd.exe I I x 1

C:S)ping wow.cert i f iedhacker.com -f 1473 1 Pin<jinc www.certifiedhacker.com [202.75.54.1011 with 1473 bytes of data: Packet needs to be fragmented but D F set. Packet needs to be fragmented but D F set. Packet needs to be fragmented but D F set. Packet needs to be fragmented but D F set. Ping statistics for 202.75.54.101: Packets: Sent = 4, Received = 0, Lost = 4 <100/ loss). c a The router discards packets when TTL reaches 0(Zero) value. FIGURE 1.6: The pingcom m andforw w w .certifiedhacker.comwith f 11473 options
Administrator: C:\Windows\system32\cmd.exe

1-1=' '

C:\>'ping www.certifiedhacker.com -f -1 1472 [Pinging www.certifiedhacker.com [202.75.54.101] with 1472 bytes of data: Reply from 202.75.54.101: bytes=1472 time=359ms TTL=114 Reply from 202.75.54.101: bytes=1472 time=320ms TTL=114 Reply from 202.75.54.101: bytes=1472 time=282ms TTL=114 Reply from 202.75.54.101: bytes=1472 time=317ms TTL=114 Ping statistics for 202.75.54.101: Packets: Sent = 4, Received = 4, Lost = 0 <0X loss), Approximate round trip times in milli-seconds: Minim um = 282ms, M axim um = 359ms, Overage = 319m s

FIGURE 1.7: Hie pingcom m and forw w w .certifiedhacker.comwith f 11472options

! The ping command, Ping R, m eans record route. It turns on route recording for the Echo Request packets, and displays die route buffer on returned packets (ignored by m any routers).

13. N o w , find out w hat happens w hen TTL (T im e to Live) expires. Ever}1 frame

011

the netw ork has T T L defined. I f T T L reaches 0, the router

discards the packet. This mechanism prevents the loss of p a c k e ts 14. 111 the com m and prom pt, type ping w w w .c e rtifie d h a c k e r.c o m -i 3. T h e displayed response should be similar to the one shown follow ing figure, but w ith a different IP address

111 the

C E H Lab Manual Page 8

Ethical Hacking and Countermeasures Copyright by EC-Council All Rights Reserved. Reproduction is Stricdy Prohibited.

Module 0 2 - Footprinting and R e co n n a issa n ce

Bl

Administrator: C:\Windows\system32\cmd.exe

C:\>ping uuw.certifiedl1acker.com - i 3 Pinsrincf 17uu.certifiedhacker.com [202.75 .54.1011 uith 32 bytes of data: Reply from 183.82.14.17: TTL expired in transit. Reply from 183.82.14.17: TTL expired in transit. Reply from 183.82.14.17: TTL expired in transit. Reply from 183.82.14.17: TTL expired in transit. Ping statistics for 202.75.54.101: Packets: Sent = 4, Received = 4, Lost = 0 <0X loss). lc:\> | <| 1 1 1 j

1<

FIGURE 1 .8 : The pingcom m and for\vwwcfi-rifierlhacker.co mw ith-i 3 options 15. Reply from 1 8 3 .8 2 .1 4 .1 7 : T T L exp ired in tra n s it means that the router (183.82.14.17, stadents w ill have some other IP address) discarded the frame, because its T T L has expired (reached 0)
T A S K 3

16. T he E m u late tra c e rt (traceroute) command, using ping - m anually, found the route from your PC to w w w .cert 1fiedhacker.com 17. T h e results you receive are different from those 111 tins lab. Y o u r results may also be different from those o f the person sitting next to you 18.

Em ulate T racert

111

the com m and prom pt, type ping w w w .c e rtifie d h a c k e r.c o m -i 1 -n

1. (Use

-11

1 in order to produce only one answer, instead o f receiving

four answers on W indow s or pinging forever on Linux.) T h e displayed response should be similar to the one shown in the follow ing figure Administrator: C:\Windows\system32\cmd.exe C:\>ping www.certifiedhacker.com i 1 n 1 Pinging www.certifiedhacker.com [202.75.54.101] with 32 bytes of da Request timed out. In the ping com m and, the -i option represents tim e to live TTL.

ca

Ping sta tis tic s for 202.75.54.101: Packets: Sent = 1, Received = 0, Lost = 1 <100x 10ss> C:\>

FIGURE 1 .9 : The pingcom m and for !reitified l1acker.comwith i 1 n 1options 19. 111 the com m and prom pt, type ping w w w .c e rtifie d h a c k e r.c o m -i 2 -n 1. T h e only difference between the previous ping com m and and tliis one is - i 2. T h e displayed response should be similar to the one shown

111 the

follow ing figure

C E H Lab Manual Page 9

Ethical Hacking and Countermeasures Copyright by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited.

Module 0 2 - Footprinting and R e co n n a issa n ce

Adm inistrator: C:\W indows\system 32\cm d.exe


C:\)ping www.certifiedhacker.com i 2 n 1

m 111 the ping command,


-t m eans to ping the specified host until stopped.

Pinging www.certifiedhacker.com [202.75.54.101] with 32 bytes of da Request timed out. Ping sta tis tic s for 202.75.54.101: Packets: Sent = 1, Received = 0, Lost = 1 <100X loss), C:\>

FIGURE 1.10: The pingcom m and for w w w .certifiedl1acke1.comwith-i 2 n 1options 20. 111 the com m and prom pt, type ping w w w .c e rtifie d h a c k e r.c o m -i 3 -n 1. Use -n 1

111 order

to produce only one answer (instead o f four on

W indow s or pinging forever on Linux). T h e displayed response should be similar to the one shown

111 the

follow ing figure

C:\)ping www.certifiedhacker.con - i 3 -n 1 Pinging www.certifiedhacker.com [202.75.54.101] with 32 bytes of da Reply from 183.82.14.17: TTL expired in tra n s it.
s In the ping com m and, the -v option m eans verbose output, which lists individual ICMP packets, a s well a s echo responses.

Ping statistics for 202.75.54.101: Packets: Sent = 1, Received = 1, Lost = 0 <0X loss), C:\>

FIGURE 1.11: Hie pingcom m and for w w w .certifiedl1acker.comwith i 3 n 1o ptions 21. 111 the com m and prom pt, type ping w w w .c e rtifie d h a c k e r.c o m -i 4 -n 1. Use -n 1

111 order

to produce only one answer (instead o f four on

W indow s or pinging forever on Linux). T h e displayed response should be similar to the one shown
G5J

111 the

following figure

Adm inistrator: C:\W indows\system 32\cm d.exe

H l

>

'

D:\>ping www.certifiedhacker.com - i 4 -n 1 Pinging www.certifiedhacker.com [202.75.54.101] with 32 bytes of da Reply from 121.240.252.1: TTL expired in tra n s it. Ping statistics for 202.75.54.101: Packets: Sent = 1, Received = 1, Lost = 0 <0X loss).

FIGURE 1.12: Hie pingcom m and for w ivw .certifiedhacker-comwith i 4 n 1o ptions Q In the ping com m and, the 1s 12e option m eans to send the buffer size. 22. W e have received the answer from the same IP address 111 tw o d iffe re n t . . . . . . . steps. H u s one identities the packet rnter; some packet filters do not d e c re m e n t T T L and are therefore invisible

C E H Lab Manual Page 10

Ethical Hacking and Countermeasures Copyright by EC-Council All Rights Reserved. Reproduction is Stricdy Prohibited.

Module 0 2 - Footprinting and R e co n n a issa n ce

m 111 the ping command, the -w option represents the tim eout in m illiseconds to wait for eachreply.

23. Repeat the above step until you reach th e IP address for w w w .c e rtifie d h a c k e r.c o m

(111 this

case, 2 0 2 .7 5 .5 4 .1 0 1 )

Administrator: C:\Windows\system32\cmd.exe C:\)ping www.certifiedhacker.com - i 10 -n 1

E M

'

Pinging www.certifiedhacker.com [202.75.54.101] with 32 bytes of data: Reply from 120.29.216.21: TTL expired in transit. Ping statistics for 202.75.54.101: Packets: Sent = 1, Received = 1, Lost = 0 <0x loss), C:\>

FIGURE 1.13: The pingcom m andfor w w w .certifiedhacker.comwith i 10 n 1options 24. H ere the successful ping to reach w w w .c e rtifie d h a c k e r.c o m is 15 hops. T he output w ill be similar to the trace route results
Administrator: C:\Windows\system32\cmd.exe

m Traceroute sends a sequence of Internet Control M essage Protocol (ICMP) echo request packets addressed to a destinationhost.

:\>p 1ng www.cert1f 1 edhacker.com -1 12 -n 1 inging www.certifiedhacker.com [202.75.54.1011 with 32 bytes equest timed out. ing statistics for 202.75.54.101: Packets: Sent = 1, Received = 0, Lost = 1 (100X loss), :S)ping www.certifiedhacker.com - i 13 -n 1 inging v4ww.certifiedhacker.com [202.75.54.1011 with 32 bytes eply from 1.9.244.26: TTL expired in transit. ing statistics for 202.75.54.101: Packets: Sent = 1, Received = 1, Lost = 0 <0x loss), :S)ping www.certifiedhacker.com i 14 n1 inging Hww.nRrtif1Rrthacker.com [202.75.54.1011 with 32 bytes eply from 202.75.52.1: TTL expired in transit. ing statistics for 202.75.54.101: Packets: Sent = 1, Received = 1, Lost = 0 <0X loss), :\>ping www.certifiedhacker.com - i 15 -n 1 inging www.certifiedhacker.com [202.75.54.1011 with 32 bytes eply from 202.75.54.101: bytes=32 time=267ms TTL=114 ing statistics for 202.75.54.101: Packets: Sent = 1, Received = 1, Lost = 0 <0X loss), pproximate round trip times in milli-seconds: Minim um = 267ms, M axim um = 267ms, Overage = 267m s

of data

of data

of data

of data

FIGURE 1.14: Hie pingcom m and for w w w .ce1tifiedhacker.comwith i 15 n 1options 25. N o w , make a note o f all die IP addresses from w hich you receive the reply during the ping to emulate tracert

L a b A n a ly s is
Docum ent all die IP addresses, reply request IP addresses, and their TJL'Ls.

C E H Lab Manual Page 11

Ethical Hacking and Countermeasures Copyright by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited.

Module 0 2 - Footprinting and R e co n n a issa n ce

T o o l /U t il it y

In fo rm a tio n C o lle c te d /O b je c tiv e s A c h ie v e d I P A ddress: 202.75.54.101 P a c k e t Statistics: Packets Sent 4 Packets Received 3 Packets Lost 1 A pproxim ate Round T rip T im e 360111s

P in g

M a x im u m F ra m e Size: 1472 T T L R esponse: 15 hops

P L E A S E TALK TO YOUR I NSTRUCTOR IF YOU HAVE QUESTIONS R EL A T E D TO THI S LAB.

Q u e s t io n s
1. H o w does tracert (trace route) find the route that the trace packets are (probably) using? 2. Is there any other answer ping could give us (except those few w e saw before)? 3. W e saw before: Request timed out Packet needs to be fragmented but D F set Reply from X X X . X X X .X X X . X X : T I L expired

111 transit

W h a t IC M P type and code are used for the IC M P E cho request? 4. W h y does traceroute give different results on different networks (and sometimes on the same network)?

In te r n e t C o n n e c tio n R e q u ire d 0 Y es P la tfo rm S u p p o rted 0 C lassro o m D iLabs No

C E H Lab Manual Page 12

Ethical Hacking and Countermeasures Copyright by EC-Council All Rights Reserved. Reproduction is Stricdy Prohibited.

Module 0 2 - Footprinting and R e co n n a issa n ce

Footprinting a Target Network Using the nslookup Tool


n slo o k u p is a n etw o rk a d m in istra tio n com m and-line to o l a v a ila b le fo r m an y co m p uter o p e ra tin g system sfo r q u e ryin g th e D o m a in N a m e System (D N S ) to o b ta in th e d o m ain nam e, th e IP ad d ress m ap p in g , o r a n y o th e r sp e cific D N S reco rd .

L a b S c e n a r io [ Z 7Valuable information Test your know ledge_____ * Web ex ercise


111 the previous lab, we gathered inform ation such as IP address. Ping S ta tis tic s . M axim um F ram e Size, and T T L Response using the ping utility. Using the IP address found, an attacker can perform further hacks like port scanning, N etbios, etc. and can also tind country or region located and dom ain name associated w ith the IP address. 111 the next step o f reconnaissance, you need to tind the DNS records. Suppose

111

w hich the IP is

!322 Workbook review

111

a netw ork there are tw o dom ain name systems (D N S ) servers named A and

B, hosting the same A c tiv e D ire c to ry -In te g ra ted zone. Using the nslookup tool an attacker can obtain the IP address o f the dom ain name allowing him or her to find the specific IP address o f the person he or she is hoping to attack. Though it is difficult to restrict other users to query w ith D N S server by using nslookup com m and because tins program w ill basically simulate the process that h ow other programs do the D N S name resolution, being a p enetration te s te r you should be able to prevent such attacks by going to the zones properties, on the Z on e T ra n s fe r tab, and selecting the option not to allow zone transfers. Tins w ill prevent an attacker from using the nslookup command to get a list o f your zones records, nslookup can provide you w ith a wealth o f D N S server diagnostic inform ation.

L a b O b je c t iv e s
The objective o f tins lab is to help students learn how to use the nslookup command. This lab will teach you how to: Execute the nslookup command

C E H Lab Manual Page 13

Ethical Hacking and Countermeasures Copyright by EC-Council All Rights Reserved. Reproduction is Stricdy Prohibited.

Module 02 - Footprinting and Reconnaissance

F in d d ie I P a d d re s s o f a m a c h in e C h a n g e th e s e rv e r y o u w a n t th e re s p o n s e fr o m E l i c i t a n a u t h o r it a tiv e a n s w e r fr o m th e D N S s e rv e r F in d n a m e s e rv e rs f o r a d o m a in F in d C n a m e (C a n o n ic a l N a m e ) f o r a d o m a in F in d m a il s e rv e rs lo r a d o m a in Id e n t if y v a r io u s D N S re s o u r c e re c o rd s

& Tools dem onstrated in this lab are available in D:\CEHTools\CEHv 8 Module 02 Footprinting and Reconnaissance

Lab Environment
T o c a n y o u t th e la b , y o u n e e d : A d m in is t r a tiv e p r iv ile g e s to r u n to o ls

TCP/IP s e ttin g s c o r r e c t ly c o n fig u r e d a n d a n a c c e s s ib le D N S s e rv e r


T in s la b w ill w o r k
111

th e C E H

la b e n v ir o n m e n t -

011

Window s

S erver

2 0 1 2 . W indow s 8 , W indow s S erver 2 0 0 8 . a n d W indow s 7


I t th e

nslookup com m and d o e s n t w o r k , re s ta rt th e com m and

w in do w , a n d ty p e nslookup t o r th e in t e r a c t iv e m o d e .

Lab Duration
T im e : 5 M in u te s

Overview of nslookup
nslookup m e a n s nam e server lookup. T o e x e c u te q u e n e s , n s lo o k u p u se s d ie
o p e ra tin g s y s te m s lo c a l o p e ra te s
111

Domain Nam e System (DNS) resolver library, n s lo o k u p


01

interactive
is

non-interactive m o d e . W h e n u s e d in te r a c tiv e ly b y
01

in v o k in g it w id io u t a rg u m e n ts seco n d a rg u m e n t

w h e n d ie fir s t a rg u m e n t is - (m in u s sig n ) a n d d ie
01

host nam e

IP address, th e

u ser

issu e s

p a ra m e te r
110

c o n fig u ra tio n s

0 1 re q u e sts

w h e n p re s e n te d w ith th e

nslookup prompt (> ). W h e n


011

a rg u m e n ts a re g iv e n , th e n th e c o m m a n d q u e rie s to d e fa u lt s e rv e r. T h e

- (minus

sign) in v o k e s s u b c o m m a n d s w h ic h a re s p e c ifie d
p re c e d e n s lo o k u p c o m m a n d s .
111

c o m m a n d lin e a n d s h o u ld

non-interactive mode. i.e . w h e n firs t a rg u m e n t is


111

nam e

01

internet address o f th e h o s t b e in g s e a rc h e d , p a ra m e te rs a n d th e q u e ry a re
th e in v o c a tio n o f th e p ro g ra m . T h e
11011 -

s p e c ifie d as c o m m a n d lin e a rg u m e n ts

in te r a c tiv e m o d e se a rch e s th e in fo rm a tio n fo r s p e c ifie d h o s t u s in g d e fa u lt n a m e s e rv e r. W it h n s lo o k u p y o u w ill e id ie r re c e iv e a n o n - a u d io n ta tiv e o r a u th o rita tiv e a n s w e r. Y o u re c e iv e a

non-authoritative answ er b e c a u s e , b y d e fa u lt, n s lo o k u p ask s y o u r


111

n a m e s e rv e r to re c u rs e

o rd e r to re s o lv e y o u r q u e ry a n d b e c a u s e y o u r n a m e s e rv e r is

n o t a n a u th o rity fo r th e n a m e y o u a re a s k in g it a b o u t. Y o u c a n g e t a n

authoritative

answ er b y q u e ry in g th e a u th o rita tiv e n a m e s e rv e r fo r d ie d o m a in y o u a re in te re s te d

CEH Lab Manual Page 14

Ethical Hacking and Countemieasures Copyright by EC-Comicil All Rights Reserved. Reproduction is Stricdy Prohibited.

Module 02 - Footprinting and Reconnaissance

Lab Tasks
1. Lau nch

S ta rt m e n u b y h o v e r in g th e m o u s e c u r s o r

111

th e lo w e r - le ft

c o r n e r o f th e d e s k to p

TASK 1
Extract Information
i j Windows Server 2012 fttn d cM sS e w e *2 0 1 2ReleMQ nxtditeO aiM tm 1 v a lu a tio nc o p y fk *W IP P R P G S * 5 ;
F I G U R E 2 .1 : W i n d o w s S e r v e r 2 0 1 2 D e s k t o p v i e w

2.

C lic k th e w in d o w

Com m and Prom pt a p p to o p e n th e c o m m a n d p r o m p t

F I G U R E 2 .2 : W i n d o w s S e r v e r 2 0 1 2 A p p s

,____

T h e g e n e ra l

3.
|

111 th e c o m m a n d p r o m p t, ty p e N o w , ty p e

nslookup, a n d p re s s E nter

c o m m a n d s y n t a x is n s l o o k u p [ - o p t io n ] [ n a m e -] [ s e r v e r ] .

4.

help a n d p re s s Enter. T h e d is p la y e d re s p o n s e s h o u ld b e s im ila r


111

to d ie o n e s h o w n

th e fo llo w in g fig u re

CEH Lab Manual Page 15

Ethical Hacking and Countermeasures Copyright by EC-Council All Rights Reserved. Reproduction is Stricdy Prohibited.

Module 02 - Footprinting and Reconnaissance

ss

Administrator: C:\Windows\system32\cmd.exe - nslookup

C :\)n s lo o k u p D e fa u lt S e rv e r: n s l.b e a m n e t. in A d dress: 2 0 2 .5 3 .8 .8 > h e lp Commands: ( i d e n t i f i e r s a re shown in u p p e rc a s e , LJ means o p t i o n a l ) NAME - p r i n t in fo about th e hos t/d o m ain NAME u s in g d e f a u lt s e r v e r NAME1 NAME2 - as abo ve, but use NAME2 as s e r v e r h e lp o r ? p r i n t in fo on common commands s e t OPTION - s e t an o p tio n a ll - p r i n t o p tio n s * c u r r e n t s e r v e r and host [no]debug - p r i n t debugging in fo rm a tio n [n o ld 2 p r i n t e x h a u s tiv e debugging in fo rm a tio n [n o Id e f name - append domain name to each query [n o !re c u rs e - ask f o r r e c u r s iv e answer to qu e ry [n o !s e a rc h - use domain sea rc h l i s t [no Ivc - alw ays use a v i r t u a l c i r c u i t domain =NAME - s e t d e f a u lt domain name to NAME s r c h l i s t = N 1 [ / N 2 / . . . / N 6 1 - s e t domain to N1 and s ea rc h l i s t to N 1 ,N 2, e t c . ro o t =NAME - s e t ro o t s e r v e r to NAME re try = X - s e t number o f r e t r i e s to X t imeout=X s e t i n i t i a l tim e -o u t i n t e r v a l to X seconds - s e t q u e ry typ e ( e x . A,AAAA,A*AAAA,ANY,CNAME,MX,NS,PTR, ty p e =X S0A,SRU) q u e ry ty p e =X - same as type c la s s X s e t q u e ry c la s s <ex . IN ( I n t e r n e t ) , ANY) - use MS f a s t zone t r a n s f e r [no]m sxf r - c u r r e n t v e rs io n to use in IXFR t r a n s f e r re q u e s t ix fr v e r = X s e r v e r NAME - s e t d e f a u l t s e r v e r to NAME, u s in g c u r r e n t d e f a u l t s e r v e r ls e r w e r NAME - s e t d e f a u lt s e r v e r to NAME, u s in g i n i t i a l s e r v e r ro o t - s e t c u r r e n t d e f a u l t s e r v e r to th e r o o t Is [ o p t ] DOMAIN [> F IL E ] - l i s t addresses in DOMAIN ( o p t io n a l: o u tp u t to F IL E ) -a l i s t c a n o n ic a l names and a lia s e s -d l i s t a l l rec o rd s - t TYPE l i s t re c o rd s o f th e g iven RFC re c o rd ty p e ( e x . A,CNAME,MX,NS, PTR e t c .> view FILE - s o r t an ' I s ' o u tp u t f i l e and view i t w ith pg - e x i t th e program e x it >

.S '

T y p in g " h e lp " o r " ? " a t

th e c o m m a n d p ro m p t g e n e r a t e s a lis t o f a v a ila b le com m and s.

F I G U R E 2 .3 : T h e n s l o o k u p c o m m a n d w i t h h e lp o p t i o n

5. 6.

111 th e n s lo o k u p N o w , ty p e

interactive m o d e , ty p e set type=a a n d p re s s Enter

w w w .certifiedhacker.com a n d p re ss Enter. T h e d is p la y e d
111

re s p o n s e s h o u ld b e s im ila r to d ie o n e s h o w n

d ie fo llo w in g fig u re
111

Note: T h e D N S s e rv e r A d d re s s (2 0 2 .5 3 .8 .8 ) w ill b e d iffe r e n t fro m d ie o n e s h o w n


d ie s c re e n s h o t

F I G U R E 2 .4 : h i n s l o o k u p c o m m a n d , s e t t y p e = a o p t i o n

Use Elicit Authoritative

7.

Y o u get but
111

Authoritative o r Non-authoritative answer. T h e a n s w e r v a n e s , Non-authoritative answ er set type=cnam e a n d p re s s Enter

d iis la b , it is

8. 9.

L i n s lo o k u p in te r a c tiv e m o d e , ty p e N o w , ty p e

certifiedhacker.com a n d p re s s Enter
111

Note: T h e D N S s e rv e r a d d re ss (8 .8 .8 .8) w ill b e d iffe r e n t d ia n d ie o n e

s c re e n s h o t

10. T h e d is p la y e d re s p o n s e s h o u ld b e s im ila r to d ie o n e s h o w n as fo llo w s : > s e t ty p e = c n a m e

CEH Lab Manual Page 16

Ethical Hacking and Countermeasures Copyright by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited.

Module 02 - Footprinting and Reconnaissance

>

c e r t if ie d h a c k e r .c o m g o o g le - p u b lic - d n s - a . g o o g le . co m 8 . 8.8. 8

S e r v e r: A d d re s s :

r
Q TASK 3

Administrator: C:\Windows\system32\cmd.exe ns...


:\ > n s lo o k u p l t S e r v e r : 8 . 8 . 8 . 8 g o o g l e - p u b l i c - d n s - a . g o o g l e . c o n

Find Cname

) e f a u

I d d r e s s :

> >

s e t c e r t

t y p e = c n a n e i f i e d h a c k e r . c o n . g o o g le . c o n

J e r u

e r :

g o o g l e - p u b l i c d n s a 8 . 8 . 8 . 8

I d d r e s s :

: e r t

i f

i e d h a c k e r p r i n a r y

. c o n n a n e n s e r u e r a i l = n s 0 . n = a d o y e a r l y f e e s . c o n

r e s p o n s i b l e s e r i a l = = = = 3 5

a d d r

n i n . n o y e a r l y f e e s . c o n

r e f r e s h r e t r y

9 0 0 6 0 0

(1 5 ( 1 0 ( 1

n in s > n i n s )

e x p i r e d e f a u l t

8 6 4 0 0 =

d a y ) ( 1 h o u r >

T T L

3 6 0 0

I I I
F I G U R E 2.5:111 iis l o o k u p c o m m a n d , s e t t y p e = c n a m e o p t i o n

11. 111 iis lo o k u p in te r a c tiv e m o d e , ty p e

server 64.147.99.90 (o r a n y o th e r I P Enter.

a d d re ss y o u re c e iv e in th e p re v io u s ste p ) a n d p re s s 12. N o w , ty p e 13. T y p e

set type=a a n d p re s s Enter.

w w w .certifiedhacker.com a n d p re s s Enter. T h e d is p la y e d re s p o n s e
111

s h o u ld b e s im ila r to th e o n e s h o w n

d ie fo llo w in g fig u re .

[SB Administrator: C:\Windows\system32\cmd.exe - ns. L^.

1 1 1 n s lo o k u p c o m m a n d , r o o t o p tio n m e a n s to set th e c u rre n t d e fa u lt s e r v e r t o th e r o o t.

F I G U R E 2.6:111 n s l o o k u p c o m m a n d , s e t t y p e = a o p t i o n

14. I I y o u re c e iv e a

request tim ed out m e ssa g e , as s h o w n in th e p re v io u s

fig u re , d ie n y o u r fir e w a ll is p re v e n tin g y o u fro m s e n d in g D N S q u e rie s o u ts id e y o u r L A N .

CEH Lab Manual Page 17

Ethical Hacking and Countermeasures Copyright by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited.

Module 02 - Footprinting and Reconnaissance

15. 111 n s lo o k u p in te r a c tiv e m o d e , ty p e 16. N o w , ty p e

set type=m x a n d p re s s Enter.

certifiedhacker.com a n d p re s s Enter. T h e d is p la y e d re s p o n s e
111

s h o u ld b e s im ila r to th e o n e s h o w n

d ie fo llo w in g fig u re .

' T o m a k e q u e iy t y p e o f N S a d e fa u lt o p t io n f o r y o u r n s lo o k u p c o m m a n d s , p la c e o n e o f th e f o llo w in g sta te m e n ts in th e u s e r _ id .N S L O O K U P .E N V d a t a s e t: s e t q u e r y t y p e = n s o r q u e ry ty p e = n s .

F I G U R E 2 .7 : I n n s l o o k u p c o m m a n d , s e t t y p e = m x o p t i o n

Lab Analysis
D o c u m e n t a ll d ie I P a d d re ss e s, D N S s e rv e r n a m e s , a n d o d ie r D N S in fo rm a tio n .

T o o l/ U t ilit y

In f o r m a t io n C o lle c t e d / O b je c t iv e s A c h ie v e d D N S S e r v e r N a m e : 2 0 2 .5 3 .8 .8 N o n - A u t h o r it a t iv e A n s w e r : 2 0 2 .7 5 .5 4 .1 0 1 C N A M E ( C a n o n ic a l N a m e o f a n a lia s ) A lia s : c e r t 1 fie d h a c k e r .c o m C a n o n ic a l n a m e : g o o g le - p u b l 1 c- d 11s - a .g o o g le .c o m ( M a i l E x c h a n g e r ) : m a 1 1 .c e rt1 fie d h a c k e r.c o m

n s lo o k u p

M X

P LE A S E

TA LK

TO

Y O U R IN S T R U C T O R IF Y O U R E L A T E D TO T H IS LAB.

H A V E

Q U E S T IO N S

Questions
1. A n a ly z e a n d d e te rm in e e a c h o t th e t o llo w in g D N S re s o u r c e re c o rd s : SO A

CEH Lab Manual Page 18

Ethical Hacking and Countermeasures Copyright by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited.

Module 02 - Footprinting and Reconnaissance

2.

N S A PT R C N A M E M X SR Y

E v a lu a t e th e d iffe r e n c e b e tw e e n a n a u t h o r it a tiv e a n d n o n - a u d io r ita tiv e a n s w e r.

3.

D e te r m in e w h e n y o u w ill r e c e iv e re q u e s t tim e o u t in n s lo o k u p .

In t e r n e t C o n n e c t io n R e q u ir e d 0 Yes S u p p o rte d !L a b s N o

P la t f o r m 0

C la s s r o o m

CEH Lab Manual Page 19

Ethical Hacking and Countermeasures Copyright by EC-Comicil All Rights Reserved. Reproduction is Stricdy Prohibited.

Module 02 - Footprinting and Reconnaissance

People Search Using th e AnyWho Online Tool


A _n y W h o is an o n lin e w h ite p ag es p eo p le search d ire c to ry fo r q u ic k ly lo o k in g u p in d iv id u a lp h o n e num bers.

Lab Scenario
Valuable m fonnatioti______ Test your knowledge Y o u h a v e a lre a d y le a rn e d d ia t d ie burst stag e m u c h in fo r m a tio n as p o s s ib le . re la te d to
111 111

p e n e tra tio n te s tin g is to g a th e r as

th e p re v io u s la b , y o u w e re a b le to tin d in fo rm a tio n
111

DNS records u s in g th e n s lo o k u p to o l. I f a n a tta c k e r d is c o v e rs a fla w

D N S s e rv e r, h e o r sh e w ill e x p lo it th e fla w to p e rfo rm

a c a c h e p o is o n in g a tta c k ,

*d m

W eb exercise W orkbook review

m a k in g d ie s e rv e r c a c h e th e in c o r r e c t e n trie s lo c a lly a n d s e rv e th e m to o th e r u se rs th a t m a k e th e sa m e re q u e st. A s a p e n e tra tio n te ste r, y o u m u s t a lw a y s b e c a u tio u s a n d ta k e p re v e n tiv e m e a su re s a g a in s t a tta ck s ta rg e te d a t a n a m e s e rv e r b y

securely

configuring nam e servers to re d u c e th e a tta c k e r's a b ility to c o r m p t a z o n e file w id i


th e a m p lific a tio n re c o rd . T o b e g in a p e n e tra tio n te st it is a ls o im p o rta n t to g a th e r in fo rm a tio n a b o u t a

user

location to in tru d e in to th e u s e rs o rg a n iz a tio n s u c c e s s fu lly . 111 tin s p a rtic u la r la b , w e w ill le a rn h o w to lo c a te a c lie n t o r u s e r lo c a tio n u s in g d ie AnyWho o n lin e to o l.

Lab Objectives
T h e o b je c tiv e o f d u s la b is to d e m o n s tra te th e fo o tp rin tin g te c h n iq u e to c o lle c t

confidential information o n a n o rg a n iz a tio n , s u c h as then: key personnel a n d th e ir contact details, u s in g p e o p le s e a rc h s e rv ic e s . S tu d e n ts n e e d to p e rfo rm p e o p le H Tools dem onstrated in this lab are available in D:\CEHTools\CEHv 8 Module 02 Footprinting and Reconnaissance
s e a rc h a n d p h o n e n u m b e r lo o k u p u s in g h ttp : / /w w w .a n y w h o .c o m .

Lab Environment
111

th e la b , y o u n e e d : A w e b b ro w s e r w ith a n In te r n e t c o n n e c tio n A d m in is tra tiv e p riv ile g e s to ru n to o ls T in s la b w ill w o r k


111 th e C E H la b e n v ir o n m e n t - o n W indow s S erver 2 0 1 2 . W indow s 8 , W indow s S erver 2 0 0 8 . a n d W indow s 7

CEH Lab Manual Page 20

Ethical Hacking and Countenneasures Copyright by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited.

Module 02 - Footprinting and Reconnaissance

Lab Duration
T u n e : 5 ]\ lu iu te s

Overview of AnyWho
A n y W h o is a p a rt o t d ie

ATTi fam ily o t b ra n d s , w liic h m o s tly to c u s e s o n lo c a l W hite Pages Y ellow Pages (F in d a B u s in e s s ).

se a rch e s t o r p ro d u c ts a n d s e rv ic e s . T lie site lis ts in fo rm a tio n fro m th e (F u id a P e r s o n / R e v e r s e L o o k u p ) a n d th e

Lab Tasks
1. Lau nch

S ta rt m e n u b y h o v e r in g th e m o u s e c u r s o r o il th e lo w e r- le ft

c o r n e r o f th e d e s k to p

A n y W h o a llo w y o u to

s e a r c h f o r l o c a l b u s in e s s e s b y n a m e to q u ic k ly fin d t h e i r Y e l l o w P a g e s l i s t in g s w i t h b a s ic d e ta ils a n d m a p s , p lu s a n y a d d it io n a l t im e a n d m o n e y - s a v in g fe a tu re s , s u c h as c o u p o n s , v id e o p r o f ile s o r o n lin e r e s e r v a t io n s . F I G U R E 3 .1 : W i n d o w s S e r v e r 2 0 1 2 D e s k t o p v i e w

8 W in d o w s Se rver 2012
Server 2 Window* Serve! 0 12 Rele< aeCandidate

fviluaiioft copy R u tld

KIWI

2.

C lic k th e

Google Chrom e a p p to la u n c h th e C h r o m e b r o w s e r

01

la u n c h

a n y o th e r b r o w s e r

F I G U R E 3 .2 : W i n d o w s S e r v e r 2 0 1 2 A p p s

TASK 1
People Search w ith AnyWho

3.

L i d ie b ro w s e r, ty p e k e y b o a rd

http://w ww .anywho.com . a n d p re s s Enter

011

d ie

CEH Lab Manual Page 21

Ethical Hacking and Countermeasures Copyright by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited.

Module 02 - Footprinting and Reconnaissance

4 * C

(wwanyAo;orj

A nyW ho
9< k .fc < S = LO O K U P

A n y W h o is p a r t o f t h e

A T T i fa m ily o f b r a n d s , w h ic h fo c u s e s o n lo c a l s e a rc h p ro d u c ts a n d s e rv ic e s .

White Pages | Find People By Name


Find a Person

Fad Pcoote aOu Wfrte Fages Directory


V yw i u k M ) fa rsn1Mfnux ff Tryn gro*rfyw ad*s? 01 w A x yxi s 1 irtfm fcar c # 10 r* 1w 1m 6 f 11 *0 rc co n d s? VirWw ertntM i a**cnliie *tie swe1 d iceto r/ *h reyoi car lad meto b vtte* nn* jdoeti wy o uc4n to1

c e y o r a p

* ! E ]

Br N im m > I By Awkm 1 By Ph4 n M in**

A ry1YownPap t 11 u :X M # 4 m * < t y< m t \p r x m rtm %0n(M*dt ton Kirntt* ranon ro t5 n cw * tar tre* vd ru m tr\ tn*acr*1gir

If* ! << ro

V# > lati 1rta * co n iro n rc lu d Ihi till In! n i m d d mat c tfy / tia l10iwcwy o u M itti
(g rM yJm i

F I G U R E 3 .3 : A n y W h o - H o m e P a g e h t t p : / / w w w . a n y w h o . c o m

4.

In p u t d ie n a m e o f d ie p e rs o n y o u w a n t to s e a rc h fo r in d ie s e c tio n a n d c lic k
W hitePage?|Peo p leFin:
< C

Find a Person
it

Find

ww wjnywho.com

c a

In c lu d e b o th th e firs t

a n d la s t n a m e w h e n s e a rc h in g th e A n y W h o W h ite Pag es. f t B s YELLOW PACES

FtnoirvPcopfe FaecestnoBjsnesscs

AnyWho

X WHITE PAGES

OREVERSE LOOKUP

AREA/ZIP CODE LOOKUP

UAPS

W h it e P a g e s | Fin d P e o p le B y N am e

Find a Person
| Christian 1 State [vl By Address I By Phone Number

Tind People in Our White Pages Directory


Are you starching for an old friend? Trying to verify an address? Oi maybe you see an unfamiliar phone number in your records? AnyWho provides a Tree online while pages directory where you can find people by their name, address or you can do a reverse lookjp by phone number The AnyWho White Pages is updated weekly with phone numbers of irdr/duals from across the nation For best results, include both the first and last name when searching the AnyWho White Pages a n d . if you have it. the ZIP Code

Rose City or ZIP By Mama

Personal identifying inform ation available on AnyW ho is n:t cro * Je J : AT&T and is provided sol elf by an uraflated find party. Intelm 3. Inc Full Disclaimer

F I G U R E 3 .4 : A n y W h o N a m e S e a r c h

5.

A n y W h o re d ire c ts y o u to

search results w ith d ie n a m e y o u h a v e e n te re d .

T h e n u m b e r o f re s u lts m ig h t v a n
Find a Person by Name . Byi!** ..ByAdd iv ii
Rose Chnstian By Phone Numbvf 't n t 'O 1501

City or 7IP Cnflc

1 1 1c o cvUtJIiy nteluv.com D htcM lnw 1 10 Listings Found for Rose Christian R ose A Christian m Y e l l o w P a g e s l is t in g s a m to Accreea 899( uape &Dnvng Drocncrs R ose B Christian M M I C m m + 0* O M W

Tind m o ie

infoimatlon

ftom

Intollus

(s e a rc h e s b y c a te g o ry o r n a m e ) a re o b ta in e d f r o m Y P .C O M a n d a re u p d a te d

M ore information for R ose A Christian Email and Otner Phone Lookup Get Detailed Background information Get Pucnc Records view Property & Area Information * view Social Network Pr&rilo M ore information for R ose B Christian Email anc other Phone Lookup * > Getoetaiso Backflround information * Get Public Records * view Praocitv &Area Information View Social Network Profile M ore Information for Rose C Christian Email 300 otner Phone lookup Get Dttilac Background Information G! Pjtl'C RtCOtdS * Wew Property & A/ea Information * * view Social Netarork Profile M ore information tor Ro E Christian

o n a r e g u l a r b a s is . Add toAddress B99k Rose C Christian W *% 9t t t

Wacs &Drtvhg DJectione

m m m m MM

A4 0(o/.Mim B 9 9 k > M a p s4D rivh gD ire c tio n &


Ro* E Christian

F I G U R E 3 .5 : A n y W h o P e o p l e S e a r c h R e s u lt s

CEH Lab Manual Page 22

Ethical Hacking and Countermeasures Copyright by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited.

Module 02 - Footprinting and Reconnaissance

task

6.

C lic k d ie

search results to see d ie a d d re ss d e ta ils a n d p h o n e n u m b e r o f

d ia t p e rs o n

View ing Person Information

Rose A Christian
Southfield PI, 0-f -SH ' 6 !re, MD 21212

Add to Address Book | Print

A re you R o se A Christian? Rem ove Listing

Information provided solely by Intelius

Get Directions


m T h e s e a rc h r e s u lts

Enter Address

Southfield PI.

re. MD 21212

>R e v e rse D irections

C e t D ir e c t io n s

d is p la y a d d re s s , p h o n e n u m b e r a n d d ir e c t io n s fo r t h e lo c a t io n .

Gul f of

O 'J J t t Z 'jr / jn d u i

-j 'jj l j !>./r-O

F I G U R E 3 .6 : A n y W h o - D e t a i l S e a r c h R e s u l t o f R o s e A C h r is t ia n

7.

S in u la d y , p e rfo rm a re v e rs e s e a rc h b y g iv in g p h o n e n u m b e r o r a d d re ss d ie

111

Reverse Lookup h e ld

y = l

T h e R everse P h o n e

0 w w /w .anyvrtx> .co m everse-lookup

L o o k u p s e r v ic e a llo w s v is it o r s t o e n t e r in a p h o n e n u m b e r a n d im m e d ia t e ly l o o k u p w h o i t is r e g i s t e r e d to .

AnyW ho
W flO ta OA rcc-f. Pitert m35 v * >

JL

kVHIfE PACES

KkfcKSt LOOKUP

AbWJPC006 LO O K U P

Reverse Lookup

R everse Lookup | Find People By Phone Number


AnyWho's Reverse Phone LooKup service allows visitors to enter * * num ber and im m ediately lookupw ho it is registered to. Perhaps you mssed an incom ing phone call and want to knoww ho * is before you call back. Type the phone num ber in to the search box andwell performa white pages reverse lookup search fni out exactly who it is registered to If we ha* a m atch far the pnone num ber well show you the registrant's first and last nam e, and maim g address If you w ant to do reverse phone lookupfo r a business phone num ber then check out Rwrse Lookup at YP.com.

|< 0 > s x r|
e 8185551212. (81 8)6 55-1 212 HP Cell phone num bers are no t ew ailable

Personal iiJ6nnr.inc inform ationavailable onA nyW ho is n pwaed b yA T&Tand is p rovided solerf b ya n i^affiatedthirdp arly inteliu s. Inc Full Di$daim er

F I G U R E 3 .7: A n y W h o R e v e r s e L o o k u p P a g e

CEH Lab Manual Page 23

Ethical Hacking and Countermeasures Copyright by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited.

Module 02 - Footprinting and Reconnaissance

R e v e r s e lo o k u p w ill re d ire c t y o u to d ie s e a rc h re s u lt p a g e w id i d ie d e ta ile d in fo rm a tio n o f d ie p e rs o n fo r p a rtic u la r p h o n e n u m b e r


01 em

a il a d d re ss

n > yp.com
^ C O

\
a n y w h o yp .ye llo w p a g e s .c o m / re v e rs e p h o n e lo o k u p ?fro m = a n y w h o _c o b ra & \

Rose A Christian
Southfield PI, - - lore. MD 21212

Are you Rose A Christian7 Remove Listing U n p u b lis h e d d ir e c to r y re c o r d s a re n o t d is p la y e d . I f y o u w a n t y o u r r e s id e n t ia l lis t in g r e m o v e d , y o u h a v e a c o u p le o f o p tio n s : T o h a v e y o u r lis t in g u n p u b lis h e d , c o n t a c t y o u r lo c a l te le p h o n e c o m p a n y . T o h a v e y o u r lis t in g re m o v e d fro m A n y W h o w it h o u t o b t a in in g a n u n p u b lis h e d te le p h o n e n u m b e r , f o llo w th e in s tr u c t io n s p r o v id e d in A n y W h o L is tin g R e m o v a l t o s u b m i t y o u r lis t in g f o r r e m o v a l. W yndhu rst M i d -G o v a n s La k e Ev e s h a m C h in q u a p in Pa r k B elvedere

Get Directions

Enter Address

Southfield PI. *K>re, MD 21212

Reverse Directions

Go va n sto w n

W Northern Pkwy t N '

Ro se b a n k

Dnwci
P ' *C a m e ro n V illa g e

' / /H e
W ooi

Chinqu4p
Pork K e n il w o r t h P ark Ro l a n d Park W in s t o n -G o v a n s

F I G U R E 3 .8 : A n y W h o - R e\ *e 1 s e L o o k u p S e a r c h R e s u l t

Lab Analysis
A n a ly z e a n d d o c u m e n t a ll th e re s u lts d is c o v e re d T o o l/ U t ilit y
111

d ie la b e x e rcise .

In f o r m a t io n C o lle c t e d / O b je c t iv e s A c h ie v e d W h it e P a g e s ( F i n d p e o p le b y n a m e ) : E x a c t lo c a tio n o f a p e rs o n w it h a d d re s s a n d p h o n e n u m b e r G e t D ir e c t io n s : P r e c is e r o u te to th e a d d re s s fo u n d t o r a p e rs o n R e v e r s e L o o k u p ( F i n d p e o p le b y p h o n e n u m b e r ): E x a c t lo c a tio n o f a p e rs o n w it h c o m p le te a d d re s s

A nyW ho

CEH Lab Manual Page 24

Ethical Hacking and Countermeasures Copyright by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited.

Module 02 - Footprinting and Reconnaissance

PLE A SE

TA LK

TO

Y O U R IN S T R U C T O R IF Y O U R E L A T E D TO T H IS LAB.

H A V E

Q U E ST IO N S

Questions
1. 2. 3. C a n v o u c o lle c t a ll th e c o n ta c t d e ta ils o f th e k e y p e o p le o f a n y o rg a n iz a tio n ? C a n y o u re m o v e y o u r re s id e n tia l lis tin g ? I t v e s , h o w ? I t y o u h a v e a n u n p u b lis h e d lis tin g , w h y d o e s y o u r in fo rm a tio n s h o w u p A nyW ho? 4. C a n y o u tin d a p e rs o n
111 111

A n y W h o th a t y o u k n o w h as b e e n a t th e sa m e

lo c a tio n fo r a y e a r o r le s s ? I f y e s , h o w ? 5. H o w c a n a lis tin g b e re m o v e d fro m A n y W h o ?

In t e r n e t C o n n e c t io n R e q u ir e d 0 Yes S u p p o rte d !L a b s N<

P la t f o r m 0

C la s s r o o m

CEH Lab Manual Page 25

Ethical Hacking and Countermeasures Copyright by EC-Council All Rights Reserved. Reproduction is Stricdy Prohibited.

Module 02 - Footprinting and Reconnaissance

People Search Using the Spokeo Online Tool


Sp o keo is a n o n lin e p eo p le search to o lp ro v id in g re a l- tim e in fo rm a tio n ab o u tp eo p le. T h is to o l h e lp s n ith o n lin e fo o tp rin tin g a n d a llo w s y o n to d isco ve r d e ta ils a b o u t p eo p le.

ICON

KEY

Lab Scenario
F o r a p e n e tra tio n te ste r, it is a lw a y s a d v is a b le to c o lle c t a ll p o s s ib le in fo rm a tio n a b o u t a c lie n t b e fo re b e g in n in g th e test. c o lle c tin g p e o p le in fo rm a tio n u s in g th e
111

(^ 7 Valuable
information Test your knowledge

th e p re v io u s la b , w e le a rn e d a b o u t

AnyWho o n lin e to o l; s im ila rly , th e re a re


111

m a n y to o ls a v a ila b le th a t c a n b e u se d to g a th e r in fo rm a tio n o n p e o p le , e m p lo y e e s , a n d o rg a n iz a tio n s to c o n d u c t a p e n e tra tio n test. tin s la b , y o u w ill le a rn to u se th e


111

W eb exercise W orkbook review

Spokeo o n lin e to o l to c o lle c t confidential information o f k e y p e rs o n s


m
o rg a n iz a tio n .

an

Lab Objectives
T h e o b je c tiv e o t tin s la b is to d e m o n s tra te th e fo o tp rin tin g te c ln n q u e s to c o lle c t

people information u sm g p e o p le s e a rc h s e rv ic e s . S tu d e n ts n e e d to p e rfo rm a p e o p le


s e a rc h u sm g h tt p :/ / w w w .s p o k e o .c o m .

Lab Environment
111

th e la b , y o u n e e d : A w e b b ro w s e r w ith a n In te r n e t c o im e c tio n A d m in is tr a tiv e p riv ile g e s to ru n to o ls T in s la b w ill w o r k


111

& Tools dem onstrated in this lab are available in D:\CEHTools\CEHv 8 Module 02 Footprinting and Reconnaissance

th e C E H

la b e n v ir o n m e n t - o n

W indow s S erver

2 0 1 2 . W indow s 8 , W indow s S erver 2 0 0 8 , a n d W indow s 7

Lab Duration
T n n e : 5 M in u te s

CEH Lab Manual Page 26

Ethical Hacking and Countermeasures Copyright by EC-Council All Rights Reserved. Reproduction is Stricdy Prohibited.

Module 02 - Footprinting and Reconnaissance

Overview of Spokeo
S p o k e o a g g re g ates v a s t q u a n titie s o f p u b lic d a ta a n d o rg a n iz e s d ie in fo rm a tio n in to e a s y - to - fo llo w p ro file s . In fo r m a t io n su c h as n a m e , e m a il a d d re ss , p h o n e n u m b e r, a d d re ss , a n d u s e r n a m e c a n b e e a s ily fo u n d u s in g th is to o l.

__________ Lab Tasks


~ task

1.

L a u n c h th e

S ta rt m e n u b y h o v e r in g th e m o u s e c u r s o r

111

th e lo w e r - le ft

People Search Spokeo

c o r n e r o f th e d e s k to p

: 8 W in d o w s Server 2012

w w i 1P"L

W' W

W in d o w sSe rv e r2 0 1 2R eled ieC an d id ateC aiacealn __________________________________________ E va lu a tio nc o p y .BuW84a

F I G U R E 4 .1 : W i n d o w s S e r v e r 2 0 1 2 D e s k t o p v i e w

2.

C lic k th e

Google Chrom e a p p to la u n c h th e C h r o m e b ro w s e r

Start
Windows IW r tto ll Adm inistr... Tools

A d m inistrator

Mwugor

Mannar

S p o k e o 's p e o p l e

Fa
Computer

*
Tad( Marager Hyppf-V Virtjal

Command Prompt

s e a rc h a llo w s y o u t o fin d o ld f r ie n d s , r e u n it e w i t h c la s s m a t e s , t e a m m a t e s a n d m ilit a r y b u d d ie s , o r f i n d lo s t a n d d is t a n t fa m ily .

Q V
1

*
Earth

rn
Gcoglc chrome

,1 '

^ Adobe Reader x

______

F I G U R E 4 .2 : W i n d o w s S e r v e r 2 0 1 2 - A p p s

3.

O p e n a w e b b ro w s e r, ty p e k e y b o a rd

http://w ww .spokeo.com , a n d p re s s Enter o n d ie

CEH Lab Manual Page 27

Ethical Hacking and Countermeasures Copyright by EC-Council All Rights Reserved. Reproduction is Stricdy Prohibited.

Module 02 - Footprinting and Reconnaissance

C 'iw iw vlw iecccrr

sp ck e o
N*m e tm *1 H n o * itvmna AMn>

[
m A p a rt fro m N a m e

Not your grandma's phone book

s e a rc h , S p o k e o s u p p o rts f o u r ty p e s o f s e a rc h e s : E m a il A d d re ss Phone N um ber U se rn am e R e s id e n tia l A d d r e s s

Qi

F I G U R E 4 .3 : S p o k e o h o m e p a g e h t t p : / A f w v p . s p o k e o . c o m

4.

T o b e g in d ie s e a rch , in p u t d ie n a m e o f d ie p e rs o n y o u w a n t to se a rc h fo r d ie
OMw * < *

111

Nam e fie ld a n d c lic k Search


" !***?. vw w uw k'OCC/n

sp ck e o
Emal R o m Chriatan Pnw* Uwrww M tn i

Not your grandma's phone book

c>

v
F I G U R E 4 .4 : S p o k e o N a m e S e a r c h

5.

S p o k e o re d ire c ts y o u to

search results w id i d ie n a m e y o u h a v e e n te re d

S p o k e o 's e m a i l s e a r c h

s c a n s t h r o u g h 9 0 + s o c ia l n e t w o r k s a n d p u b lic s o u r c e s t o f i n d d i e o w n e r 's n a m e , p h o t o s , a n d p u b lic p r o file s .

F I G U R E 4 .5 : S p o k e o P e o p l e S e a r c h R e s u lt s

CEH Lab Manual Page 28

Ethical Hacking and Countermeasures Copyright by EC-Council All Rights Reserved. Reproduction is Stricdy Prohibited.

Module 02 - Footprinting and Reconnaissance

F I G U R E 4 .6 : S p o k e o P e o p l e S e a r c h R e s u lt s

P u b lic p r o f ile s fr o m

s o c ia l n e t w o r k s a re a g g re g a te d in S p o k e o a n d m a n y p la c e s , in c lu d in g s e a r c h e n g in e s .

F I G U R E 4 .7 : S p o k e o P e o p l e S e a r c h R e s u lt s

8.

S e a rc h re s u lts d is p la y in g d ie and
< c

Address. Phone Number, Email Address. City

State, e tc.
on&7-t30#Alabarfl;3 & 7 3 3 G 1 9 3 1

C TW A.poo<e*n **rcKc- Rove

* SJ
4 -----1

s p e k e o
1 is 0Contantt ( M ,

Rom ChiMlan Pntar a C*y

s j

Rose Christian
di 1

v rant Oeuas Location Nttory 1 Fara*1 &*chrcu1 :J

SL
gyahoo.co Location Histor. ;'^ 1U iM iovnan. *L 1 6 1 1 7 ^

C onW ei Bunptc I it UM^orH-). Al J611J See taaSy Ir T e(M a * yfim ttnyttimnmtH artnte

M mk ISuus So* AvM lahl* U mii M So Available K ccultc Soo Available K cculfc

1 onetM & J osji Pre*la* I 0

F I G U R E 4 .8 : S p o k e o P e o p l e S e a r c h R e s u lt s

CEH Lab Manual Page 29

Ethical Hacking and Countermeasures Copyright by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited.

Module 02 - Footprinting and Reconnaissance

,m i
& = y A l l r e s u lt s w i l l b e d i s p l a y e d o n c e t h e s e a r c h is c o m p le t e d

9.

S e a rc h re s u lts d is p la y in g d ie

Location History

spckeo
| Location Hittory

F I G U R E 4 .9 : S p o k e o P e o p l e S e a r c h R e s u lt s

10. S p o k e o s e a rc h re s u lts d is p la y d ie

Family Background, Family Economic

Health a n d Family Lifestyle


C wJBdmw ^57& : ] O A I 0 b < 1 r r 3 C 7 3 > 6
Koe Christian -nteraClty

*\

s p c k e o

w iH yB a c fc p ro u n d

|
1 raudrtIn# rfNm M ir * * d

|Fam ily Eccroiric H > f> EfW W G anjM ino

F I G U R E 4 .1 0 : S p o k e o P e o p l e S e a r c h R e s u lt s I U k !! O n l i n e m a p s a n d s tre e t v i e w a re u s e d b y o v e r 3 0 0 ,0 0 0 w e b s i t e s , i n c l u d i n g m o s t o n lin e p h o n e b o o k s a n d r e a l e s ta te w e b s it e s . 1 7 *t3 0A latrtm a:367;

11. S p o k e o s e a rc h re s u lts d is p la y d ie

Neighborhood to r th e s e a rc h d o n e

s p ck e o

F I G U R E 4 . 1 1: S p o k e o P e o p l e S e a r c h R e s u lt s

CEH Lab Manual Page 30

Ethical Hacking and Countermeasures Copyright by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited.

Module 02 - Footprinting and Reconnaissance

12. S im ila rly , p e rfo rm a


m S p o k e o 's r e v e r s e p h o n e lo o k u p fu n c t io n s lik e a p e r s o n a l c a lle r - ID s y s t e m . S p o k e o 's r e v e r s e p h o n e n u m b e r s e a rc h a g g re g a te s h u n d r e d s o f m illio n s o f p h o n e b o o k r e c o r d s t o h e lp lo c a t e th e o w n e r 's n a m e , l o c a t i o n , tim e z o n e , e m a il a n d o th e r p u b lic in fo r m a t io n . s p o k e o

Reverse s e a rc h b y g iv in g p h o n e n u m b e r, a d d re ss , e m a il

a d d re ss , e tc . o rg a n iz a tio n

111

d ie

Search h e ld to fin d d e ta ils o f a k e y p e rs o n o r a n

ootejp .'scafch> S t=UO&P | ' [(*25 ) 002-6080 | < * ,

it -I

Tull Nam Av.ll.bl 9 > * n I 1

V rr !*OaUtH " **"- --- ------- _

WlrilNam

POfc

( )

AnM*

1> iw am om iw cm m r*ww . cm M w t

Locution Hlttcry

__

jr.!!
F I G U R E 4 .1 2 : S p o k e o R e v e r s e S e a r c h R e s u l t o f M i c r o s o f t R e d m o n d O f f i c e

Lab Analysis
A n a ly z e a n d d o c u m e n t a ll th e re s u lts d is c o v e re d T o o l/ U t ilit y
111

d ie la b e x e rcise .

In f o r m a t io n C o lle c t e d / O b je c t iv e s A c h ie v e d P r o f ile D e t a ils : C u rre n t A d d re s s Phone N um ber E m a il A d d r e s s M a r it a l S ta tu s E d u c a t io n O c c u p a t io n

L o c a t io n H is t o r y : In f o r m a t io n a b o u t w h e r e th e p e rs o n Sp okeo h a s liv e d a n d d e ta ile d p r o p e r t y in f o r m a t io n F a m il y B a c k g r o u n d : In f o r m a t io n a b o u t h o u s e h o ld m e m b e rs t o r th e p e rs o n y o u s e a rc h e d P h o to s & S o c ia l P r o f ile s : P h o t o s , v id e o s , a n d s o c ia l

n e t w o r k p r o file s N e ig h b o r h o o d : In f o r m a t io n a b o u t th e n e ig h b o r h o o d R e v e r s e L o o k u p : D e t a ile d in f o r m a t io n f o r th e s e a rc h d o n e u s in g p h o n e n u m b e rs

CEH Lab Manual Page 31

Ethical Hacking and Countermeasures Copyright by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited.

Module 02 - Footprinting and Reconnaissance

PLE A SE

TA LK

TO

Y O U R IN S T R U C T O R IF Y O U R E L A T E D TO T H IS LAB.

H A V E

Q U E ST IO N S

Questions
1. 2. 3. 4. H o w d o y o u c o lle c t a ll th e c o n ta c t d e ta ils o f k e y p e o p le u s in g S p o k e o ? Is it p o s s ib le to re m o v e y o u r re s id e n tia l lis tin g ? I f y e s , h o w ? H o w c a n y o u p e rfo rm a re v e rs e s e a rc h u s in g S p o k e o ? L is t th e k in d o f in fo rm a tio n th a t a re v e rs e p h o n e s e a rch a n d e m a il se a rch w ill y ie ld . In t e r n e t C o n n e c t io n R e q u ir e d 0 Yes S u p p o rte d !L a b s N o

P la t f o r m 0

C la s s r o o m

CEH Lab Manual Page 32

Ethical Hacking and Countermeasures Copyright by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited.

Module 02 - Footprinting and Reconnaissance

Analyzing Domain and IP Address Queries Using SmartWhois


S m a rtW h o is is a n e tw o rk in fo rm a tio n u tility th a t a llo w s y o n to lo o k u p m o st a v a ila b le in fo rm a tio n on a hostnam e, IP ad d ress, o r d o m ain .

Lab Scenario
Valuable information______ Test your knowledge = W eb exercise W orkbook review
111

th e p re v io u s k b , y o u le a rn e d to d e te rm in e a p e rs o n o r a n o rg a n iz a tio n s lo c a tio n

u s in g th e

Spokeo o n lin e to o l. O n c e a p e n e tra tio n te s te r h a s o b ta in e d th e u s e rs


c a b le g u v , o r th ro u g h a n y m e a n s o f s o c ia l

lo c a tio n , h e o r sh e c a n g a th e r p e rs o n a l d e ta ils a n d c o n fid e n tia l in fo rm a tio n fro m th e u s e r b y p o s in g as a n e ig h b o r, th e

e n g in e e rin g . 111 th is la b , y o u w ill le a rn to u se th e th e a v a ila b le in fo rm a tio n a b o u t a n y I P

SmartWhois to o l to lo o k u p a ll o l
01

a d d re ss , h o s tn a m e ,

d o m a in a n d u s in g

th e se in fo rm a tio n , p e n e tra tio n te ste rs g a m a cce ss to th e n e tw o rk o f th e p a rtic u la r o rg a n iz a tio n fo r w h ic h th e y w is h to p e rfo rm a p e n e tra tio n test.

Lab Objectives
T h e o b je c tiv e o f tin s la b is to h e lp s tu d e n ts a n a ly z e

domain a n d IP address q u e n e s.
011

T in s la b h e lp s y o u to g e t m o s t a v a ila b le in fo rm a tio n and

hostname, IP address,

domain.

Lab Environment
& Tools dem onstrated in this lab are available in D:\CEHTools\CEHv 8 Module 02 Footprinting and Reconnaissance
111

th e la b y o u n e e d : A c o m p u te r r u n n in g a n y v e r s io n o f A d m in is t r a to r p r iv ile g e s to r u n The

W indow s w it h In te rn e t a c c e s s

S m artW hois

Sm artW hois to o l, a v a ila b le 111 D:\CEH-T 00 ls\CEHv 8 M odule 02 Footprinting and R econnaissance\W H O IS Lookup Tools\Sm artW hois
d o w n lo a d a b le f r o m h t t p :/ / w w w .ta m o s .c o m

01

I f y o u d e c id e to d o w n lo a d th e la te s t v e r s io n , th e n
111

screen sh ots s h o w n

th e la b m ig h t d if f e r

CEH Lab Manual Page 33

Ethical Hacking and Countermeasures Copyright by EC-Council All Rights Reserved. Reproduction is Stricdy Prohibited.

Module 02 - Footprinting and Reconnaissance

Lab Duration
E Q h t t p :/ / w w w . . t a m o s . c o

T u n e : 5 M in u te s

Overview of SmartWhois
S m a r tW h o is is n e tw o rk in fo rm a tio n u tilit y th a t a llo w s y o u to lo o k u p m o s t a v a ila b le in fo rm a tio n p ro v in c e ,
011

hostname, IP address, o r domain, in c lu d in g c o u n try , sta te o r


of th e

c ity ,

n am e

netw ork

provider,

te c lu iic a l

s u p p o rt

c o n ta c t

in fo rm a tio n , a n d a d m in is tra to r.
m S m a r tW h o is c a n b e

S m a r tW h o is h e lp s y o u to s e a rc h fo r in fo rm a tio n s u c h as: T h e o w n e r o l th e d o m a in T h e d o m a in re g is tra tio n d a te a n d th e o w n e rs c o n ta c t in fo rm a tio n T h e o w n e r o f d ie I P a d d re ss b lo c k

c o n fig u r e d t o w o r k f r o m b e h in d a f ir e w a ll b y u s in g H T T P / H T T P S p ro x y s e rve rs. D iff e r e n t S O C K S v e r s i o n s a r e a ls o s u p p o r t e d .

Lab Tasks
N ote: I f y o u a re w o r k in g num ber 13
1. 2.
111

th e lL a b s e n v ir o n m e n t, d ir e c tly ju m p to

step

F o llo w th e w iz a r d - d r iv e n T o la u n c h th e

in s ta lla tio n s te p s a n d in s ta ll S m a r t W h o is .
111

S ta rt m e n u , h o v e r th e m o u s e c u r s o r

th e lo w e r- le ft

c o r n e r o f th e d e s k to p

S m a r t W h o is c a n save

o b t a in e d in f o r m a t io n t o a n a r c h i v e f i le . U s e r s c a n l o a d t h is a r c h iv e th e n e x t t im e t h e p r o g r a m is la u n c h e d a n d a d d m o r e in fo r m a t io n t o it . T h i s f e a t u r e a l l o w s y o u t o b u ild a n d m a in t a in y o u r o w n d a ta b a s e o f I P a d d resses a n d h o s t n a m e s. F I G U R E 5 .1 : W i n d o w s S e r v e r 2 0 1 2 D e s k t o p v i e w

3.

T o la u n c h

S m artW hois, c lic k Sm artW hois

111

apps

CEH Lab Manual Page 34

Ethical Hacking and Countermeasures Copyright by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited.

Module 02 - Footprinting and Reconnaissance

Start
Microsoft WcrG 2010 Ucrwoft Office 2010 jptoad Proxy Workben. Snagit 1 0 Start Googfe harm *u J Adobe Reader X Google Earth <&rt Googie Earn n _ Met ccnfigur.. MIB Compier GEO Mage NctTrazc

a
W11 RAR

p lr ^ ?


Snogit ! Editor

5
Uninstol

r
Dcrroin Name Pro

41
Uninstall or Repair

S
Visual IP Trace HyperTra. Updates

S' S
jlDtal VJatworir

Bl
Keqster AV Picture Vcwrr

T
AV Picture Vicwor

J
Run Client

t
R jr Server Path

VisualKc... ?010 Reqister HyporTra HyperIra.

&
Mg)Png

H
MTTflort ).ONFM

5r
Google Chtomt

Uninstall

f
SnurnMi

id
Hdp ?
FAQ

m
Uninstall UypwTia..

A
PingPlott Standard

\Aeb DMA

;<

C.

4.

*>

I?

F I G U R E 5 .2: W i n d o w s S e r v e r 2 0 1 2 A p p s

TAS K 1
Lookup IP

4.

The

Sm artW hois m a in w in d o w a p p e a rs
Sm artW hois - Evaluation Version

ro
File Query Edit View Settings Help

B|
IP, host or domain: 9

> 8

1) 8 8

There are no results to dtspl...

I f y o u n ee d to q u e ry a

n o n - d e fa u lt w h o is s e r v e r o r m a k e a s p e c ia l q u e r y c lic k V ie w W h o is C o n s o le

f r o m th e m e n u o r c lic k th e Q u e r y b u t t o n a n d s e le c t C u s to m Q u ery.

Ready
F IG U R E 5 .3 : T h e S m a r t W h o i s m a i n w i n d o w

D .

T y p e an

IP address, hostnam e, o r dom ain nam e

111

th e fie ld ta b . A

11

e x a m p le o f a d o m a in n a m e q u e ry is s h o w n as fo llo w s , w w w .g o o g le .c o m .
T IP, host or domain: 9 google.com
F IG U R E 5 .4 : A S m a r t W h o is d o m a in s e a rc h V

Quety

6.

N o w , c lic k th e

Query ta b to fin d a d ro p - d o w n lis t , a n d th e n c lic k As


111

Dom ain to e n te r d o m a in n a m e

th e fie ld .

CEH Lab Manual Page 35

Ethical Hacking and Countermeasures Copyright by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited.

Module 02 - Footprinting and Reconnaissance

S m a r t W h o i s is

c a p a b le o f c a c h in g q u e r y r e s u lt s , w h i c h r e d u c e s th e tim e n e e d e d t o q u e r y a n a d d re s s ; i f th e in fo r m a t io n i s i n t h e c a c h e f i l e i t is im m e d ia t e ly d is p la y e d a n d n o c o n n e c tio n s to th e w h o i s s e r v e r s a r e r e q u ir e d ..

F IG U R E

5 .5 : T h e S m a r t W h o i s S e l e c t i n g Q u e r y t y p e

7.

111 th e le f t p a n e o f th e w in d o w , th e d is p la y s d ie re s u lts o f y o u r

resu lt d is p la y s , a n d d ie r ig h t p a n e

query.

S m a r t W h o is c a n

p r o c e s s li s t s o f I P a d d re s s e s , h o s tn a m e s , o r d o m a in n a m e s s a v e d as p la in t e x t ( A S C I I ) o r U n i c o d e f i le s . T h e v a l i d f o r m a t f o r s u c h b a t c h f i le s is s im p le : E a c h lin e m u s t b e g in w it h a n I P a d d ress,

S m a rtW h o is Evaluation Version

File Query Edit View Settings Help

IP, host or domain: J

google.com

7]

< > Query

9009 le.c0 m

h o s tn a m e , o r d o m a in . I f y o u w a n t to p ro c e s s d o m a in n a m e s , th e y m u s t b e l o c a t e d i n a s e p a r a t e f i le fro m I P ad d resses a n d

h o s tn a m e s .

Dns Admin Google Inc. Please contact contact-admingSgoogle.com 1600 Amphitheatre Parkway Mountain View CA 94043 United States dns-admingoogle.com *1.6502530000 Fax: 1.6506188571

DNS Admin Google Inc. 1600 Amphitheatre Paricway Mountain View CA 94043 United States dns-admin@qooale.com 1.6506234000 Fax: . 1.6506188571 DNS Admin I Google Inc. 2400 E. Bayshore Pkwy Mountain View CA 94043 United States dns-adm1 ngi9009 le.c0 m 1.6503300100 Fax: 1.6506181499 ns4.google.com
1 ns3.google.com

F IG U R E

5 .6 : T h e S m a r t W h o i s D o m a i n q u e r y r e s u l t

8.

C lic k th e

C le a r ic o n

111

th e t o o lb a r to c le a r d ie h is to r y .

Sm a rtW h o is E valu atio n V ersion

File Query Edit View Settings Help

JT
t

^
F IG U R E 5 .7 : A

B>
S m a r t W h o is t o o lb a r

9.

T o p e r fo r m a s a m p le

host nam e query, ty p e w w w .fa c e b o o k .c o m .

Host Nam e Query

CEH Lab Manual Page 36

Ethical Hacking and Countermeasures Copyright by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited.

Module 02 - Footprinting and Reconnaissance

10. C lic k th e h o s tn a m e
IP, host or domain: i

Query ta b , a n d d ie n s e le c t As IP /H ostnam e a n d e n te r a
111

d ie fie ld .
v ^ c^ Q uery^ ^
F IG U R E 5 .8 : A S m a r t W h o is h o s t n a m e q u e ry

facebook.com

11.
m I f y o u w a n t to q u e ry a

111

th e le f t p a n e o f th e w in d o w , th e

resu lt d is p la y s , a n d query.

111

th e r ig h t

p a n e , th e te x t a re a d is p la y s th e re s u lts o f y o u r
Sm artW hois * Evaluation Version

d o m a in r e g is tr a tio n d a ta b a s e , e n t e r a d o m a in n a m e a n d h it th e E n t e r k e y w h ile h o ld in g th e C t r l k e y , o r ju s t s e le c t A s D o m a i n fr o m th e Q u e r y d ro p d o w n

File Query Edrt View Settings Help

3 ? * A

t 'T

B>

3>
< > Query

IP, host or domain: J www.facebook.com

U
3
Domain Administrator Facebook, Inc. 1 6 0 1 Willow Road Menlo Park CA 94025 United States domainffifb.com -1.6505434800 Far 1.65 0 5 43 4 8 00 Domain Administrator Facebook, Inc. 1 6 0 1 Willow Road Menlo Park CA 94025 United States domainfb.com -1.6505434800 Fax: 1.6505434800 Domain Administrator
1 Facebook, Inc.

1 6 0 1 Willow Road Menlo Park CA 94025 United States doma1 nffifb.com 1.6505434800 Fax: 1.6505434800 ns3.facebook.com , ns5.facebook.com

J
m I f y o u r e s a v i n g F IG U R E 5 .9 : A S m a r t W h o i s h o s t n a m e q u e r y r e s u lt r e s u lt s a s a t e x t file , y o u c a n s p e c if y t h e d a ta fie ld s t o b e s a v e d . F o r e x a m p le , y o u c a n e x c lu d e n a m e s e r v e r s o r b illin g c o n t a c t s f r o m th e o u t p u t f i le . C l i c k S e t t in g s ) O p t io n s ^ T e x t & X M L t o c o n fig u r e th e

12. C lic k th e

C le a r ic o n

111

th e t o o lb a r to c le a r th e h is to r y .

13. T o p e r fo r m a s a m p le

IP Address q u e ry , ty p e th e I P a d d re s s 1 0 .0 .0 .3
111

(W in d o w s 8 I P a d d re s s )
IP, host or domain: ^ 10.0.0.3

th e

IP, host or dom ain fie ld .

o p tio n s .

F IG U R E

5 .1 0 : A

S m a r t W h o is I P

ad d ress q u e ry

14. 111 th e le f t p a n e o f th e w in d o w , th e

resu lt d is p la y s , a n d query.

111

th e r ig h t

p a n e , th e te x t a re a d is p la y s th e re s u lts o f y o u r

CEH Lab Manual Page 37

Ethical Hacking and Countermeasures Copyright by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited.

Module 02 - Footprinting and Reconnaissance

^3
Tile Query Edt View Settings Help

SmartWhois - Evaluation Version

! I r

b
IP, hast or domain; | 9 10.0.0.3

b
v

! = { > Query

10.0.0.0 -10.255.255....

^
X X I .

10.0.0.3

10.0.0.0 10255.255.255 Internet Assigned Numbers Authority 4676 Admiralty Way, Suite 330 Marina del Rey CA 90292-6595 United States

H=y1

S m a r t W h o is s u p p o rts 69

c o m m a n d lin e p a ra m e te r s s p e c ify in g I P a d d r e s s / h o s t n a m e / d o m a in , a s w e l l as file s t o b e opened /saved.

Internet Corporation for Assigned Names and Number 1-310-301 5820 9buse1ana,org

y jj; Internet Corporation for Assigned Names aid Number A abuseO 301-5820 0- 1ana.0 rg [n
l > PRIVATE-ADDRESS-ABLK-RFC1918-IANA-RESERVED Updated: 2004-02-24 Source: whois.arin.net Completed at 7/30/2012 12:32:24 PM Processing time: 0.14 seconds View source

Done

_________________J
F IG U R E 5 .1 1 : T h e S m a r t W h o i s I P q u e r y r e s u lt

Lab Analysis
D o c u m e n t a ll th e I P a d d re s s e s / h o s tn a m e s f o r th e la b t o r f u r th e r in f o r m a t io n . T o o l/ U t ilit y In f o r m a t io n C o lle c t e d / O b je c t iv e s A c h ie v e d D o m a in n a m e q u e r y r e s u lt s : O w n e r o f th e w e b s ite H o s t n a m e q u e r y r e s u lt s : G e o g r a p h ic a l lo c a tio n o f S m a r t W h o is th e h o s te d w e b s ite IP a d d r e s s q u e r y r e s u lt s : O w n e r o f th e I P a d d re s s

b lo c k

PLE A SE

TA LK

TO

Y O U R IN S T R U C T O R IF YO U R E L A T E D TO T H IS LAB.

H A V E

Q U E ST IO N S

Questions
1. D e te rm in e w h e th e r y o u c a n u se S m a r tW h o is i f y o u a re b e h in d a fir e w a ll o r a p ro x y s e rv e r. 2. 3. W h y d o y o u g e t C o n n e c tio n tim e d o u t o r C o n n e c tio n fa ile d e rro rs ? Is it p o s s ib le to c a ll S m a r tW h o is d ire c d y fro m m y a p p lic a tio n ? I f y e s , h o w ?

CEH Lab Manual Page 38

Ethical Hacking and Countermeasures Copyright by EC-Council All Rights Reserved. Reproduction is Stricdy Prohibited.

Module 02 - Footprinting and Reconnaissance

4. 5.

W h a t a re L O C re c o rd s , a n d a re th e y s u p p o rte d b y S m a r tW h o is ? W h e n ru n n in g a b a tc h q u e ry , y o u g e t o n ly a c e rta in p e rc e n ta g e o f th e d o m a in s / IP a d d re sse s p ro c e s s e d . W h y a re s o m e o f th e re c o rd s u n a v a ila b le ?

In t e r n e t C o n n e c t io n R e q u ir e d Yes S u p p o rte d 0 !L a b s N o

P la t f o r m 0

C la s s r o o m

CEH Lab Manual Page 39

Ethical Hacking and Countermeasures Copyright by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited.

Module 02 - Footprinting and Reconnaissance

Lab

Network Route Trace Using Path Analyzer Pro


P a th A n a ly s e r P ro d e liv e rs ad van ced n e tw o rk ro u te tra c in g n ith p e rfo rm a n ce tests, D N S , w ho/s, a n d n e tiro rk re so lu tio n to in ve stig a te n e tiro rk issu es.

Lab Scenario
Valuable information______ Test your knowledge = W eb exercise W orkbook review U s in g th e in fo rm a tio n

IP address, hostname, domain, e tc. fo u n d


le a rn about th e a ll o rg a n iz a tio n s th e in fo rm a tio n n e tw o rk

111

th e p re v io u s

la b , a cce ss c a n b e g a in e d to a n o rg a n iz a tio n s n e tw o rk , w h ic h a llo w s a p e n e tra tio n te s te r to th o ro u g h ly e n v iro n m e n t in to fo r

p o s s ib le

v u ln e ra b ilitie s .

T a k in g

g a th e re d

a c c o u n t,

p e n e tra tio n te ste rs s tu d y th e sy ste m s to tin d d ie b e s t

routes of attack. T h e sa m e
te s te r y o u s h o u ld b e

task s c a n b e p e rfo rm e d b y a n a tta c k e r a n d th e re s u lts p o s s ib ly w ill p ro v e to b e v e r y fa ta l fo r a n o rg a n iz a tio n . c o m p e te n t to tra c e


111

s u c h cases, as a p e n e tra tio n

netw ork route, d e te rm in e netw ork path, a n d tro u b le s h o o t

netw ork issues. H e r e y o u w ill b e g u id e d to tra c e d ie n e tw o rk ro u te u s in g d ie to o l Path Analyzer Pro.

Lab Objectives
The o b je c t iv e o f tin s la b is to h e lp s tu d e n ts

research em ail addresses,

n e t w o r k p a th s , a n d I P

a d d re s s e s . T h is la b h e lp s to d e te rm in e w h a t I S P , r o u te r ,

o r s e rv e rs a re re s p o n s ib le f o r a

n e tw o rk problem.

Lab Environment
H Tools dem onstrated in this lab are available in D:\CEHTools\CEHv 8 Module 02 Footprinting and Reconnaissance
111

th e la b y o u n e e d :

D :\CEH-Tools\CEHv 8 M odule 02 Footprinting and R econ n a is s a n c e \T ra c e ro u te Tools\Path A nalyzer Pro


P a t h A n a ly z e r p ro : P a t h A n a ly z e r p r o is lo c a te d a t Y o u c a n a ls o d o w n lo a d th e la te s t v e r s io n o f

Path A n alyzer Pro fr o m

th e lin k h tt p :/ / w w w .p a t h a 11a ly z e r .c o m / d o w n lo a d .o p p I f y o u d e c id e to d o w n lo a d th e la te s t v e r s io n , th e n
111

screen sh ots s h o w n

th e la b m ig h t d if f e r

CEH Lab Manual Page 40

Ethical Hacking and Countemieasures Copyright by EC-Council All Rights Reserved. Reproduction is Stticdy Prohibited.

Module 02 - Footprinting and Reconnaissance

In s t a ll tin s t o o l o n D o u b le - c lic k

W indow s S erver 2 0 1 2

PAPro27.m si

F o llo w th e w iz a r d d r iv e n in s ta lla t io n to in s ta ll it A d m in is t r a t o r p r iv ile g e s to r u n

Path A nalyzer Pro

Lab Duration
T u n e : 10 M in u te s

Overview of Network Route Trace


T ra c e ro u te is a c o m p u te r n e t w o r k of p a c k e ts a c ro s s to o l an lo r m e a s u rin g p ro to c o l th e (IP )

route path a n d
n e tw o r k . The

tra n s it tim e s
T r a c e r o u t e is a s y s te m a d m in is t r a t o r s u t ilit y to tr a c e th e r o u te I P p a c k e ts ta k e fr o m a s o u rc e s y s te m t o s o m e d e s t in a t io n s y ste m .

In t e r n e t

tra c e ro u te t o o l is a v a ila b le o n a lm o s t a ll U n ix - lik e o p e r a tin g s y s te m s . V a r ia n t s , su ch as

tra c e p a th o n m o d e r n L in u x in s ta lla tio n s a n d tra c e rt o n M ic r o s o f t

W in d o w s o p e r a tin g s y s te m s w it h s im ila r f u n c tio n a lit y , a re a ls o a v a ila b le .

Lab Tasks
1. 2. F o llo w th e w iz a r d - d r iv e n in s ta lla t io n s te p s to in s ta ll P a t h A n a ly z e r P r o T o la u n c h th e

S ta rt m e n u , h o v e r th e m o u s e c u r s o r in th e lo w e r- le ft

c o r n e r o f th e d e s k to p

F I G U R E 6 .1 : W i n d o w s S e r v e r 2 0 1 2 D e s k t o p v i e w

3.

T o la u n c h

Path A nalyzer Pro, c lic k Path A nalyzer Pro

111

apps

Start
& P a t h A n a ly z e r P r o Server M < 1 nye1 Wncawi PuwerStiell Admimstr.. Tooh Mozilla Fkiefctt Path Aiktyiet Pt02J s u m m a r iz e s a g iv e n tra c e w it h in s e c o n d s b y g e n e r a t in g a s im p le r e p o r t w i t h a ll t h e im p o r t a n t in fo r m a t io n o n th e ta rg e t w e c a ll t h is d ie S y n o p s is .

A dm inistrator

f
Compute

m
Task Manager ttyp*f-V Manager

<0
hyperV Virtual Machine

&

Command Prompt

Google Chrome

Google fcarth

< o
Adobe Reader X

CEH Lab Manual Page 41

Ethical Hacking and Countermeasures Copyright by EC-Council All Rights Reserved. Reproduction is Stricdy Prohibited.

Module 02 - Footprinting and Reconnaissance

F I G U R E 6 .2 : W i n d o w ' s S e r v e r 2 0 1 2 A p p s

4. 5.

C lic k th e

E valu ate b u tto n

011

R e g is tr a t io n F o r m

T h e m a in w in d o w o f P a t h A n a ly z e r P r o a p p e a rs as s h o w n in th e f o llo w in g s c re e n s h o t

File Vgm Hep

Path Analyzer Pro

9
New

0092

PefcrercE

Paae Setup

rsr ini &


Print 'C Report

Exoort Export KM.

Chedc for Ibdstes

Help Port: 3 Smart 65535 C Trace |Onc-ttroe Trace

Trace N etw ork

StandardOptions Protoca)

< DIC M 5
IO
TO > O ucp

(J

N*T-f*rx/

*fji Svnooab | ( 3 Charts [ Q

Geo | yl loo | O

Sfcfa

source Pat I RcnJw [65535 ^

T r a c e sMods
I () Defaiit I C) FIN5*oc*tt fW/ Acvanced Probe Detak _cr g J of potkct Srrart 6^ T]

ASN

NetivorkNam e %

U fe tim
1 SC O Type-cf-55rvce () Urspcaficc O NWnte-Dday M3 x1mun T T 1 _ nr*sec0ncs

I
lrtai Seqjerce Mmfce

[*j Ran^orr |l
U J F IN P a c k e t s O n ly -

-$\

g e n e ra te s o n ly T C P p a c k e ts w it h th e F I N fla g s e t in acct^otu ^ r0 03la

o r d e r t o s o lic it a n R S T o r T C P re s e t p a c k e t as a r e s p o n s e f r o m th e ta rg e t. T h is o p tio n m a y g e t b e y o n d a fir e w a ll at th e ta rg e t, th u s g iv in g th e u s e r m o r e tr a c e d a ta , b u t it c o u ld b e m is c o n s t r u e d a s a m a lic io u s a tta c k .

F IG U R E

6 .3 : T h e P a t h A n a l y z e r P r o M a i n w i n d o w

6. S e le c t th e

IC M P p r o to c o l in th e Standard Options s e c tio n .


Standard Options Protocol
O

ICMP |
TCP

NAT-friendly

UDP

Source Port 1 I Random Tracing Mode ( ) D efault O O


F IG U R E

65535

-9-

A daptive FIN Packets Only

6 .4 : T h e P a t h A n a l y z e r P r o S t a n d a r d O p t i o n s

P a d i A n a ly z e r P r o

7.

U nder

A dvanced Probe D etails, c h e c k th e S m art o p tio n


111

111

th e

Length

s u m m a r iz e a ll t h e r e le v a n t b a c k g r o u n d in fo r m a t io n o n it s ta r g e t, b e i t a n I P a d d re ss, a h o s tn a m e , o r a n e m a il a d d ress.

of p a c k e t s e c tio n a n d le a v e th e r e s t o f th e o p tio n s
th e n d e fa u lt s e ttin g s .

tin s s e c tio n a t

Note: F ir e w a ll is r e q u ire d to b e d is a b le d f o r a p p r o p r ia te o u tp u t

CEH Lab Manual Page 42

Ethical Hacking and Countermeasures Copyright by EC-Council All Rights Reserved. Reproduction is Stricdy Prohibited.

Module 02 - Footprinting and Reconnaissance

P a d i A n a ly z e r P r o

Advanced Probe Details Length o f packet

b e n e f it s :

R e s e a rc h I P

ad d resses,

Smart

64

e m a il a d d re s s e s , a n d n e t w o r k p a th s * P in p o in t a n d tr o u b le s h o o t n e t w o r k a v a ila b ilit y a n d p e r f o r m a n c e is s u e s D e te r m in e w h a t I S P , r o u t e r , o r s e r v e r is r e s p o n s ib le f o r a n e t w o r k p r o b le m L o c a t e fire w a lls a n d o t h e r filt e r s t h a t m a y b e im p a c t in g c o n n e c t io n s V i s u a l l y a n a ly z e a n e t w o r k 's p a th c h a r a c t e r is t ic s * G r a p h p r o t o c o l la t e n c y , jitte r , a n d o t h e r f a c to r s F IG U R E

Lifetime 300 Type-of-Service () Unspecified O Minimize-Delay milliseconds

Maximum TTL 30 Initial Sequence Number 0 Random 1

6 .5 : T h e P a t h A n a l y z e r P r o A d v a n c e d P r o b e D e t a i l s w i n d o w

8.

111 th e

A dvanced T racin g D etails s e c tio n , th e o p tio n s r e m a in a t th e ir

T r a c e a c t u a l a p p lic a t io n s a n d p o r t s , n o t ju s t I P hops

d e fa u lt s e ttin g s . 9. C h eck

Stop on control m essages (ICM P)

111

th e

A dvan ce T racing

G e n e r a t e , p r in t , a n d e x p o r t a v a r ie t y o f im p r e s s iv e r e p o r ts

D etails s e c tio n
Advanced Tracing Details Work-ahead Limit 5 01 TTLs

P e rfo rm

c o n t in u o u s a n d

t i m e d t e s t s w i d i r e a lt im e r e p o r tin g a n d h is to r y

Minimum Scatter

20

milliseconds

Probes per TTL Minimum: Maximum:

10

V ] Stop on control messages flC M Pj


F IG U R E 6 .6 : T h e P a t h A n a l y z e r P r o A d v a n c e d T r a c i n g D e t a i l s w i n d o w

10. T o p e r fo r m th e tra c e a fte r c h e c k in g th e s e o p tio n s , s e le c t th e ta rg e t h o s t, fo r in s ta n c e w w w .g o o g le .c o m . a n d c h e c k th e P o r t :

S m art as d efa u lt

(65535).
T arg et: w w w.google.com 0 Sm art ]6 5 5 3 5 'Q ' I Trace | | One-time Trace

F IG U R E N o t e : P a t h A n a ly z e r P r o is n o t d e s ig n e d t o b e u s e d a s a n a t t a c k t o o l.

6 .7 : A

P a t h A n a ly z e r P r o A d v a n c e T r a c in g D e ta ils o p tio n

11. 111 th e d ro p - d o w n m e n u , s e le c t th e d u r a tio n o f tim e as


Target: ww w .google.com Po rt: 0 Sm a rt 65535 Trace

T im ed T ra c e
] [Timed Trace

F IG U R E

6 .8 : A

P a t h A n a ly 2 e r P r o A d v a n c e T r a c in g D e ta ils o p tio n

12. E n t e r th e

Type tim e o f tra c e

111

th e p r e v io u s ly m e n tio n e d fo r m a t as

H H : M M : SS.

CEH Lab Manual Page 43

Ethical Hacking and Countermeasures Copyright by EC-Council All Rights Reserved. Reproduction is Stricdy Prohibited.

Module 02 - Footprinting and Reconnaissance

3 Type time of trace!_ !_ [


Time o f trace (hh:mm:ss) <>

-0-3

Accept

Cancel

SB TASK 2
T race Reports
F IG U R E 6 .9 : T h e P a t h A n a l y z e r P r o T y p e t i m e o f t r a c e o p t i o n

<>

13. \ X lu le P a th A n a ly z e r P r o p e rfo rm s th is tra c e , th e a u to m a tic a lly to


T a rg et: vvww.google.com

T ra c e ta b c h a n g e s

Stop.
P o rt: 3 Sm art 180 Stop Timed Trace

F IG U R E

6 .1 0 : A

P a t h A n a ly z e r P r o T a r g e t O p t io n

14. T o se e th e tra c e re s u lts , c lic k th e

R eport ta b to d is p la y a lin e a r c h a rt

d epicting th e n u m b e r o f h o p s b e tw e e n y o u a n d th e ta rg e t.
Target vw w .Q O oge co rr
H = yj T h e A d v a n c e d P r o b e D e t a i l s s e t t in g s d e t e r m i n e h o w p r o b e s a re g e n e ra te d to p e r fo r m th e tra c e . T h e s e in c lu d e th e L e n g t h o f p a c k e t, L ife tim e , T y p e o f S e r v ic e , M a x im u m T T L , a n d In it ia l S e q u e n c e N u m b e r. |Hop No icplv n 4 No reply 6 7 8 9 IQ IP Adciesj Hostname .nt 5.29.static v... 98.static.52 1.95 ).145 2100.net ASN 13209 4755 4755 151&9 15169 15169 15169 Network Ncme % los 0.0c 0.00 OJM JJC D O C 3.X 0JX Krln Latency 3.96 4.30 1663 25T7 2582 2607 25.W Latency Avg Latency Max Latency 63179 77 61 13 567.27 62290 660.49 66022 71425 StdDev 165.07 227.13 176.7S 81.77 208.93 2C3.45 219.73 1 packets received from TTLs 1 through 2 1 1.17 r 1 29 1 pockets received from TTL 5 1 1.SZ 2 .95 ; 1145 7 M i 176 rric

| Titred T ra c e Loc (3 Stats

O Report 5 Svnoow 3 C harts vj G eo

257.78 lllllllllllllllllllllll127924 lllllllllllllllll llllllllllllllllll lllllllllllllllllll !lllllllllllllllllll lllllllllllllllllllll 251.84 260.64 276.13 275.12 309.08

GOOGLE GCOGLE GOOGLE GOOGLE

F IG U R E

6 .1 1 : A

P a t h A n a ly z e r P r o T a rg e t o p tio n

15. C lic k th e

Synopsis ta b , w h ic h d is p la y s a o n e - p a g e s u m m a r y o f y o u r

tra c e re s u lts .
Taroet: I wvw.gxgte.:om m L e n g th o f p a c k e t: Report | Sy-Kpnc | E Chorto j ^ Geo | [gj log | 1 > Stota Trace lined Trace

T h is o p t i o n a llo w s y o u to s e t th e le n g t h o f t h e p a c k e t f o r a tra c e . T h e m in im u m s iz e o f a p a c k e t , a s a g e n e r a l r u l e , is a p p r o x im a t e ly 6 4 b y te s , d e p e n d in g o n th e p r o t o c o l u s e d . T h e m a x i m u m s iz e o f a p a c k e t d e p e n d s o n d ie p h y s i c a l n e t w o r k b u t is g e n e r a lly 1 5 0 0 b y te s f o r a r e g u la r E t h e r n e t n e t w o r k o r 9 0 0 0 b y te s u s in g G ig a b it E t h e r n e t n e tw o r k in g w ith ju m b o fr a m e s .

Forward DNS (A records)

74.125236.176

R ev ers e DNS (PT R- iccotd) *r/vw.l.google.o Alternate Name w.vw.gocg o co.

REGISTRIES The orgamzaton name cn fi e at the registrar for this IP is Google Inc. and the organization associated *ith the originating autonomous system is Google Inc.
INTERCEPT The best point cf lav/u intercept is within the facilities of Google Inc..

F IG U R E

6 .1 2 : A

P a t h A n a ly z e r P r o T a r g e t o p tio n

CEH Lab Manual Page 44

Ethical Hacking and Countermeasures Copyright by EC-Council All Rights Reserved. Reproduction is Stricdy Prohibited.

Module 02 - Footprinting and Reconnaissance

16. C lic k th e

C harts ta b to v ie w th e re s u lts o f y o u r tra c e .


Port: @ Smait [80 Race | |Timed nace

TASK

3
Target: I mvw.goo^c.a: Repat 1 3 Synopsis | ^ Chars | U Geo | [g] Log | 51 Stats [

V iew Charts
^

: sa e g B S S

6 0 0 5 0 0 4 0 0

E 3 0 0 % z o o 1 0 0 0 A n o m a ly
m P a t h A n a ly z e r P r o u s e s S m a r t as t h e d e fa u lt L e n g t h o f p a c k e t. W h e n t h e S m a r t o p t i o n is c h e c k e d , d ie s o ftw a r e a u t o m a t i c a l l y s e le c t s d i e m in im u m s iz e o f p a c k e t s F IG U R E 6 .1 3 : T h e P a t h A n a l y z e r P r o C h a r t W i n d o w

b a se d o n th e p ro to c o l s e le c t e d u n d e r S t a n d a r d O p tio n s .

17. C lic k tra c e .

Geo, w h ic h d is p la y s a n im agin ary w o r ld m a p fo r m a t o t y o u r

TASK

V iew Im aginary Map

F IG U R E

6 .1 4 : T h e P a t h A n a l y z e r P r o c h a r t w i n d o w

CEH Lab Manual Page 45

Ethical Hacking and Countermeasures Copyright by EC-Council All Rights Reserved. Reproduction is Stricdy Prohibited.

Module 02 - Footprinting and Reconnaissance

18. N o w , c lic k th e

S ta ts ta b , w h ic h fe a tu r e s th e V ita l S ta tis tic s o f y o u r

TASK

5
Taiact; C'

c u r r e n t tra c e .
* av.google,:on 1 SjTooss 3 charts I O Geo |2 Slats ort: f Smart ---------------- q & 3 0 ' | Tracc iTimsdTrocc

V ital Statistics

Source 10.0.D2 (echO : WN-MSSRCK4K41J 10.0.02 (ethO: WNMSSELCK4K41 10.0.D2 (cthO: W N MSSELCK4K41 C.0.D2 (tr.hC : V/ N-MS5ELCK4K41 1C.0.02 (h0! W N-MSSELCK4K41 10.0.02 (cthO: WN MSSELCK4K41 10.0.02 (cthC . W N MSSELCK4K41 1C.0.02 (e.h C : W N-MS5RCK4K41 10.0.02 (h0- WN-MSSHCK4K41; 1C.0.02 (cthO: W N MSSELCK4K41 10.0.02 (ethO. WN-MSSELCK4K41 1C.0.02 (e.hC. W N MSSELCK4K41 10.0.02(*h0-WN-MSSH( K4K4I; 1C.0.0 ( cthC: W N MSSUCK4K41 10.0.02 (cthO. W NMSSCLCK4K41 10.0.02 (eh0: W N-MSSELCMK41 10.0.02 (h0 W N-MSSHl K4K4I; 1C.0.0 ( cshC: W N MSSELCMK-11 10.0.02 (ehO. W M-MSSELCK4K41

Target 74.125256.176 74.125236.176 74.125236.176 74.125236.176 74.125256.176 74.125236.176 74.125236.176 74.125236.176 74.125256.176 74.125236.176 74.125236.176 74.125236.176 74.125256.176 74.125236.176 74.125236.176 74.125236.1 6 74.125256.176 74.125236.176 74.125236.176

Protocol ICMP ICMP ICMP ICMP ICMP ICMP ICMP ICMP ICMP ICMP ICMP ICMP ICMP ICMP ICMP ICMP ICMP ICMP ICMP

Distance 1 0 10 10 10 1 0 10 10 10 1 0 1 0 1 0 1 0 10 1 0 10 10 10 10 10

Avg Latency 30908 323.98 353.61 37941 39016 404.82 417^4 435.14 42423 421.11 465.05 437.93 44992 446.94 443.51 497.68 5833 681.78 649.31

Trace Began 3 0 1 1 1 1 1 2 11 :55:11 UTC 30 Jul 12 11 :55:01 UTC Jul 3 0 121:UTC 54 :51 3C-Jul-12 1 *:54:41 UTC 3 0 *1 1 1 1 1 2 11:54:32 UTC 30-Jul-1211:54-22 UTC 3 0 Jul 1 2 11:54:12 UTC

Trace Ended 50-JuH2 1 1 :5 5 2 1 UTC 30-Jul-12 11:55:11 UTC 30 Jul-12 11 :55.01 UTC 30-Jul-12 11:54:51 UTC JO-iul-1 2 11:5441 UTC 30 Jul 12 11:54:32 UTC 30 Jul 12 11:5422 UTC 30-JuM2 11:54:12 UTC 50-luM2 11:542 UTC 30 Jul 1 2 11:53:52 UTC 30-Jul-l2 11:5343 UTC 30JuH2 11:53 33 UTC tO -JuU2 1 1 :55-24 UTC 30 Jul 1 2 11:53:14 UTC 30-Jul-1211;5304 UTC 30-JuM2 11:52.54 UTC J0-luU2 11:5245 UTC 30 Jul 1 2 11:52:35 UTC 30-Jul-1 2 11:5225 UTC

Filters 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2 2

3 c J u M 2 r : 5 4 a 2 1 r r c 3 0 1 1 1 1 1 2 11:5*52 UTC
30-Jul 12 11:53:43 UTC 121-3C*Jul :UTC 53:33 30JuM2l 1:5324 UTC J0-luM2 11:53:14UTC 30 Jul 1211:5304 UTC 30-Jul-1 2 11:52:54UTC 30-JuM2 11:52:45UTC 30-luH2 11:52:35UTC 30 Jul 12 11:5225 UTC 30-JuH2 11:52:15UTC

M a x im u m T T L : T h e

m a x im u m T i m e t o L i v e ( T T L ) is t h e m a x im u m n u m b e r o f h o p s to p ro b e in a n a tte m p t to re a c h th e ta rg e t. T h e d e fa u lt n u m b e r o f h o p s is s e t t o 3 0 . T h e M a x im u m T T L th a t c a n b e u s e d is 2 5 5 .

Source 10.0.02 (ethO: W N-MSSELCK4K41

Target 74.125256.176

Protocol ICMP

Distance 10

Avg Latency 46.5771

Trace Segan 30-JU-12 11:52:16 UTC

Trace Ended 50-Jul-121 1 :55-21 UTC

Filters 2

F IG U R E

6 .1 5 : T h e P a t h A n a l y z e ! P r o S t a t i s t i c s w i n d o w

19. N o w File View

Export th e r e p o r t b y c lic k in g Export o n th e to o lb a r.


Help

9
New Close Preferences
F IG U R E

f t Paae Setup Print

Export

Export KML

Check for Updates

Help j

6 .1 6 : T h e P a t h A n a l y z e r P r o S a v e R e p o r t A s w i n d o w

20. B v

d e fa u lt, th e r e p o r t w ill b e

saved

at

D:\Program Files (x 86 )\Path

A nalyzer Pro 2.7. H o w e v e r , y o u m a y c h a n g e it to y o u r p r e fe r r e d


lo c a tio n .

Save File
Program File...

Save Statistics As
Path Analyzer Pro 2.7 v C Search Path Analyzer Pro 2.7

z|

Organize

N e w folder Date m odified Type

1= - I
N o items m atch you r search.

Downloads Recent places

Libraries H
m T h e In it ia l S e q u e n c e

Docum ents M usic Pictures Videos

J* E 5

N u m b e r is s e t a s a c o u n t in g m e c h a n is m w it h in th e p a c k e t b e tw e e n th e s o u rc e a n d t h e t a r g e t . I t is s e t t o R a n d o m as th e d e f a u lt , b u t y o u c a n c h o o s e a n o th e r s t a r t in g n u m b e r b y u n c h e c k in g th e R a n d o m b u t t o n a n d fillin g in a n o t h e r n u m b e r . P le a s e N o t e : T h e In it ia l S e q u e n c e N u m b e r a p p lie s o n l y t o T C P c o n n e c t io n s .

1 % Com puter Local Disk (C:) la Local Disk (D:) ~ <

File name: Save as type:

Sam ple Report CSV Files (\c sv )

H ide Folders

F IG U R E

6 .1 7 : T h e P a t h A n a l y z e r P r o S a v e R e p o r t A s w i n d o w

CEH Lab Manual Page 46

Ethical Hacking and Countermeasures Copyright by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited.

Module 02 - Footprinting and Reconnaissance

Lab Analysis
D o c u m e n t th e I P a d d re s s e s th a t a re tra c e d f o r th e la b f o r f u r th e r in f o r m a t io n . T o o l/ U t ilit y In f o r m a t io n C o lle c t e d / O b je c t iv e s A c h ie v e d R e p o rt: P a t h A n a ly z e r P r o N u m b er o f hops I P a d d re s s H o s tn a m e A SN N e tw o rk n am e L a te n c y

S y n o p s is : D is p la y s s u m m a r y o f v a lu a b le in f o r m a t io n
011

D N S , R o u tin g , R e g is tr ie s , In t e r c e p t
111

C h a r t s : T r a c e re s u lts

th e fo r m o f c h a r t

G e o : G e o g r a p h ic a l v ie w o f th e p a th tra c e d S t a t s : S ta tis tic s o f th e tra c e

P LE A S E

TA LK

TO

Y O U R IN S T R U C T O R IF Y O U R E L A T E D TO T H IS LAB.

H A V E

Q U E ST IO N S

Questions
1. 2. 3. W h a t is d ie s ta n d a rd d e v ia tio n m e a s u re m e n t, a n d w h y is it im p o rta n t? I f y o u r tra c e fa ils o n th e firs t o r s e c o n d h o p , w h a t c o u ld b e th e p ro b le m ? D e p e n d in g o n y o u r T C P tra c in g o p tio n s , w h y c a n 't y o u g e t b e y o n d m y lo c a l n e tw o rk ? In t e r n e t C o n n e c t io n R e q u ir e d 0 Yes S u p p o rte d !L a b s N o

P la t f o r m 0

C la s s r o o m

CEH Lab Manual Page 47

Ethical Hacking and Countermeasures Copyright by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited.

Module 02 - Footprinting and Reconnaissance

Tracing an Email Using the eMailTrackerPro Tool


e M a ilT ra c k e rP ro is a to o l th a t a n a ly se s e n / a il h ead ers to d isclo se th e o rig in a l sen d er s lo ca tio n .

Lab Scenario
V a lu a b le 111

th e p re v io u s k b , y o u g a th e re d in fo rm a tio n s u c h as n u m b e r o f

hops b e tw e e n a

m fonnatioti______

h o s t a n d c lie n t, th ro u g h ro u te rs

IP address, e tc . A s y o u k n o w , d a ta p a c k e ts o fte n h a v e to g o
01

s
*d m

Test your knowledge W eb exercise W orkbook review

fire w a lls , a n d a h o p o c c u rs e a c h tim e p a c k e ts a re p a sse d to th e

n e x t ro u te r. T h e n u m b e r o f h o p s d e te rm in e s th e d is ta n c e b e tw e e n th e s o u rc e a n d d e s tin a tio n h o s t. A n a tta c k e r w ill a n a ly z e th e h o p s fo r d ie fir e w a ll a n d d e te rm in e d ie p ro te c tio n la y e rs to h a c k in to a n o rg a n iz a tio n o r a c lie n t. A tta c k e rs w ill d e fin ite ly trv to h id e d ie k tm e

identity a n d location w h ile in tru d in g in to a n o rg a n iz a tio n

01

c lie n t b y g a in in g ille g a l a ccess to o th e r u s e rs c o m p u te rs to a c c o m p lis h th e ir task s. I f a n a tta c k e r u se s e m a ils as a m e a n s o f a tta c k , it is v e r y e s s e n tia l fo r a p e n e tra tio n te s te r to b e fa m ilia r w id i and

em ail headers a n d d ie ir re la te d d e ta ils to b e a b le to track


111

prevent s u c h a tta c k s w ith a n o rg a n iz a tio n . e m a il u s in g th e eM ailTrackerPRo to o l.

tin s la b , y o u w ill le a rn to tra c e

Lab Objectives
T h e o b je c tiv e o f tin s la b is to d e m o n s tra te e m a il U a c in g S tu d e n ts w ill le a rn h o w to :

using eMailTrackerPro.

& Tools dem onstrated in this lab are available in D:\CEHTools\CEHv 8 Module 02 Footprinting and Reconnaissance

T ra c e a n e m a il to its tm e

geographical so u rc e

Collect N etw ork ( IS P ) a n d domain Whois in fo rm a tio n fo r a n y e m a il tra c e d

Lab Environment
111 th e la b , y o u n e e d th e e M a ilT r a c k e r P r o to o l. e M a ilT r a c k e r P r o is lo c a te d a t

D :\C E H -T o o ls \C E H v 8 M o d u le 0 2 Footprinting and R econ n aissan ce\E m ail T rackin g T o o ls\eM ailT rackerP ro

CEH Lab Manual Page 48

Ethical Hacking and Countermeasures Copyright by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited.

Module 02 - Footprinting and Reconnaissance

Y o u c a n a ls o d o w n lo a d d ie la te s t v e r s io n o f

e M a ilT ra c k e rP ro fr o m th e

lin k h ttp : / / w w w .e m a 11t r a c k e r p r o .c o m / d o w n lo a d .h tm l I f v o u d e c id e to d o w n lo a d th e la te s t v e r s io n , th e n


h i

screen sh ots s h o w n

th e la b m ig h t d if f e r

F o llo w th e

w izard -d riven in s ta lla t io n s te p s a n d in s ta ll th e t o o l Ja v a ru n tim e as a p a r t o l th e in s ta lla t io n W indow s S erver 2 0 1 2

T in s t o o l in s ta lls R u n tin s t o o l
111

A d m in is t r a tiv e p r iv ile g e s a re r e q u ire d to m il tin s t o o l T h is la b re q u ire s a v a lid e m a il a c c o u n t ! H otm ail,

G m ail, Y ahoo, etc .).

W e su g g e s t y o u s ig n u p w it h a n y o f th e s e s e rv ic e s to o b ta in a n e w e m a il a c c o u n t f o r tin s la b P le a s e d o n o t u s e y o u r e x e rc is e

real em ail acco un ts a n d passw ords

111

th e s e

Lab Duration
T u n e : 10 M in u te s
.____ e M a ilT r a c k e r P r o h e lp s i d e n t if y d ie t r u e s o u r c e o f e m a ils t o h e lp tr a c k s u s p e c ts , v e r if y th e s e n d e r o f a m e s s a g e , tra c e a n d r e p o r t e m a il a b u s e rs .

Overview of eMailTrackerPro
E m a il tr a c k in g is a m e th o d to in te n d e d r e c ip ie n t: W h e n a n e m a il m e s s a g e w a s r e c e iv e d a n d re a d I f d e s tr u c tiv e e m a il is s e n t T h e G P S lo c a tio n a n d m a p o f th e r e c ip ie n t T h e tim e s p e n t re a d in g th e e m a il W h e t h e r o r n o t th e r e c ip ie n t v is ite d a n y L in k s s e n t P D F s a n d o th e r ty p e s o f a tta c h m e n ts I f m e s s a g e s a re s e t to e x p ire a fte r a s p e c ifie d tim e
111

m onitor or spy o n e m a il d e liv e r e d to th e

th e e m a il

Lab Tasks
S. T A S K 1

1.

L a u n c h th e

S ta rt m e n u b y h o v e r in g th e m o u s e c u r s o r

111

th e lo w e r - le ft

Trace an Email

c o r n e r o f th e d e s k to p

CEH Lab Manual Page 49

Ethical Hacking and Countenneasures Copyright by EC-Council All Rights Reserved. Reproduction is Stricdy Prohibited.

Module 02 - Footprinting and Reconnaissance

W in d o w s Se rver 2012

W in d o w sServe!2 0 1 2ReleaCarvlKJaieO a ta c e n te !
Evaluationcopy.BuildM O O

JL. Liiu
2. O n th e

,E m
F I G U R E 7 .1 : W i n d o w s S e r v e r 2 0 1 2 D e s k t o p v i e w

S ta rt m e n u , c lic k e M a ilT ra c k e rP ro to la u n c h th e a p p lic a tio n

e M a ilT r a c k e r P r o

e M a ilT r a c k e r P r o

A d v a n c e d E d i t i o n in c lu d e s a n o n lin e m a il c h e c k e r w h ic h a llo w s y o u t o v i e w a ll y o u r e m a ils o n th e s e r v e r b e fo r e d e liv e r y to y o u r c o m p u te r.

F I G U R E 7 .2: W i n d o w s S e r v e r 2 0 1 2 A p p s

3. 4. 5.

C lic k

OK i f th e Edition S e le c tio n p o p - u p w in d o w a p p e a rs tracin g e m a il h e a d e rs w it h e M a ilT ra c k e rP ro

N o w y o u a re re a d y to s ta rt C lic k th e

T ra c e an em ail o p tio n to s ta rt th e tra c e

CEH Lab Manual Page 50

Ethical Hacking and Countermeasures Copyright by EC-Council All Rights Reserved. Reproduction is Stricdy Prohibited.

Module 02 - Footprinting and Reconnaissance

eMailTrackerPro v9.0h Advanced Edition Tria' day 8 of 1 5


Start here My Inbox My I race Reports

| ,-x '

eMailTrackerPro
I w a n t to :

License information

"ra:e an emal Log* < lp network responsible for an email address View my m txjx eMailTrackerf '10 tulcrals View previous traces Ftequenlly asked questions
Hnw 10 tiar.w an mnail Huai In 1:hnrk yiiui inlmK

H elp & L in k s

View 0Mai!TrackorPto m anual

H owto sotu pm ail accounts


m T h i s t o o l a ls o

H owto sotup ruloc foi om ails H ow to im port aettinqs

u n co vers co m m o n S P A M t a c t ic s .

Go staijv. to yol arecr

Copyrgh:(dflVfcjafyvare, Inc. 1 996-2011 8cf s I5da/tnsl. Ta applya licence cl.ck here or for purchaseinform ation cUk here
F I G U R E 7 .3 : T h e e M a iT T r a c k e r P r o M a i n w i n d o w

Irbcx * eNeirTadyrPio 5tar

vO.Oh(buiH 3375)

6.

C lic k m g

T ra c e an em ail w ill d ir e c t y o u to th e e M a ilT ra c k e rP ro by

V is u a lw a re w in d o w
7. S e le c t

T ra c e an em ail I have received. N o w , c o p y th e e m a il h e a d e r Em ail headers fie ld E n ter D etails a n d c lic k T ra c e


V isualware e M ailTracke rP ro Trial (d a y

fr o m th e e m a il y o u w is h to tra c e a n d p a s te it in under

8o f 1 5 )

------- 1* I
CQDfjgure I Help I About I

eMailTrackerPro by Visualware

: T rac e an email I have received

A received email message often contains information that can locate the computer where the message was composed, the company name and sender's ISP (rrv&e.info).
y = J T h e f ilt e r s y s te m in e M a i l T r a c k e r P r o a llo w s y o u t o c r e a t e c u s t o m filte r s to m a tc h y o u r in c o m in g m a il.

O Look up network responsible for an email add ress

An email address lookup will find information about the network responsible for mai sent from that address. It will not get any information about the sender of mail from an address but can stfl produce useful information.

Enter Details To proceed, paste the email headers in the box below (hfiw I.fjnd.th.h9ir$.?) Note: If you are using Microsoft Outlook, you can trace an em arf message drectly from Outlook by using the eMadTrackerPro shortcut on the toolbar.
Em ail h eaders____________________________________________________________________________________

R e tu rn -P a th : R e c e iv e d : id

< r i n i m a t t h e w s 0 g m a i l . com > ( [ 2 0 2 .5 3 .1 1 .1 3 0 ] ) -0 7 0 0 b y rn x .g o o g le .c o m w ith (PDT) (v e rs io n - T L S v l/S S L v 3


o o g l e . com >

f r o m WINMSSELCK4K41

w i6 3 m l5 6 8 1 2 9 8 p b c .3 5 .2 0 1 2 .0 7 .2 5 .2 1 .1 4 .4 1
<5 0 1 0 c 4 3 2 .

c ip h e r = O T H E R ) ; W ed, 2 5 J u l 2 0 1 2 2 1 : 1 4 : 4 2
M e s s a g e - ID :

8 6 f 1 4 4 0 a . 3 9 b c . 331c@ m x. g -0 7 0 0 (PDT)

D a c e : W ed,

25 J u l 2012 2 1 :1 4 :4 2

F ro m : M i c r o s o f t O u t l o o k < r i n i m a t t h e w s @ g m a i l . com >

F IG U R E

7 .4 : T h e e M a i l T r a c k e r P r o b y V i s u a l w a r e W i n d o w

CEH Lab Manual Page 51

Ethical Hacking and Countermeasures Copyright by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited.

Module 02 - Footprinting and Reconnaissance

TAS K 2
Finding Email H eader

Note: 111 O u t lo o k , t in d th e e m a il h e a d e r b y f o llo w in g th e s e s te p s :


D o u b le - c lic k th e e m a il to o p e n it in a n e w w in d o w C lic k th e s m a ll a r r o w b o x to o p e n
111

th e lo w e r- r ig h t c o r n e r o f th e

Tags to o lb a r

M essag e Options in f o r m a t io n b o x

U nder

In te rn e t headers, y o u w ill t in d th e Em ail header, as


111

d is p la y e d

th e s c re e n s h o t
1 Ij U . oI. Mim

------------ -'

hi > " < *


k -

J* r

jj

-I *-...

' "

U t. T llj i'H 'T O J Ml I W ttolKi (Vtnni AIM ( r< h *n 1 < t! *1 1 vrd

T h e abuse rep o rt

o p tio n fro m th e M y T r a c e R e p o r t s w in d o w a u t o m a t ic a lly la u n c h e s a b r o w s e r w in d o w w it h th e a b u s e r e p o r t in c lu d e d .

F IG U R E

7 .5 : F i n d i n g E m a i l H e a d e r i n O u d o o k 2 0 1 0

8. 9.

C lic k in g th e

T ra c e b u tto n w ill d ir e c t y o u to th e T ra c e report w in d o w Em ail

T h e e m a il lo c a tio n is tra c e d in a G U I w o r ld m a p . T h e lo c a tio n a n d I P a d d re s s e s m a y v a n 7 . Y o u c a n a ls o v ie w th e s u m m a ry b y s e le c tin g

Sum m ary section


10. T h e

011

th e r ig h t s id e o f th e w in d o w
111

T a b le s e c tio n r ig h t b e lo w th e M a p s h o w s th e e n tir e H o p

th e

r o u te w it h th e I P a n d s u s p e c te d lo c a tio n s f o r e a c h h o p

11. IP address m ig h t b e d if f e r e n t th a n th e o n e s h o w n

111

th e s c re e n s h o t

7 *
[File O ptions H elp

eMailTrackerPro v9.0h Advanced Edition Trial day 8 of 1 5

- *

Ihetrsce sccnplecc; the inform ationfoundisdisplayedo nthe nght

viwiRejwit
k m : To: .....

g ruriil. Klin

IE3 E a c h e m a i l m e s s a g e
in c lu d e s a n In t e r n e t h e a d e r w i t h v a lu a b le in f o r m a t io n , e M a i l T r a c k e r P r o a n a ly 2 es th e m essag e h e a d e r an d re p o rts th e I P ad d ress o f

Date: Wed. 25 Jul 2012 06:36:30 0700 (PDT) Subject: Getting started on Google* Location: [America j Misdirected: no AI>us4 Reporting: To automatically generate an email abuse report click here From IP: 209.85.216.199 System Information: There is no SMTP server running on this system (the port K closed). There is no HTTP server running on this system (the port isclosed). There is no HTTPS server running on this system (the port is closed). There is no FTP server running on this system (the port is closed).

th e c o m p u te r w h e r e th e m e s s a g e o r i g i n a t e d , it s e s tim a te d lo c a t io n , th e in d iv id u a l o r o r g a n iz a t io n th e I P a d d r e s s is r e g is t e r e d

to , th e n e t w o r k p r o v id e r , a n d a d d it io n a l in f o r m a t io n a s a v a ila b le

5 3 ID 1 1 1 3 1 4 1 5

115113.166.96 2 0 985 25 1 .3 5 66.2*99 4 92 &*.2331 7 5 .1 64.233174.178 72.U 23982 72.U 23965


T O OQ CO C T T C

1 1 5 .1 1 31 6 5 .9 B .static-

1
{A m & rjc d } {A m & rjc d j lA m o r/C d j {A m e r/c o ) lA m e n c Q j lA m e r K t )

Network Whois Domain Whois Email Header

1 You are cr cay 6 of a 15 aey t rial. To apply a licence Qick here or ter purchase intorrraticr Cickherc

F I G U R E 7 .6 : e M a i l T r a c k e r P r o E m a i l T r a c e R e p o r t

CEH Lab Manual Page 52

Ethical Hacking and Countermeasures Copyright by EC-Council All Rights Reserved. Reproduction is Stricdy Prohibited.

Module 02 - Footprinting and Reconnaissance

12. Y o u c a n v ie w th e c o m p le te tra c e r e p o r t

011

My

T ra c e R eports ta b
1 ~ DT *

TASK

3
r * eMailTrackerPro v9.0h Advanced Edttio. Trial day 8 of 15
Fie Options Help Stdithaiw Wy Inbox jllyTracc Rpmtejsub|c<: Guttings Previous Traces

T race Reports

Map

&
Subject

IITMI

Delete

&

Fiom IP

y
C O T r a c k i n g a n e m a i l is u s e fu l f o r id e n t ify in g th e c o m p a n y an d n e tw o rk p r o v id in g s e rv ic e f o r th e a d d ress.

yahoo.com @< ! @ yahoo.com com ...*yahoor jyahooeom 74 G 1

5619 56

Moeirg j< $ yah oo.com 2 0 2.5: Z endio T ria l Accourcuotom croorvico^zcndio.com 632 ? ?utf8?Brrw 1|cm = :qmoil co m 2 0 2 .5 Mwiinq g@yah0G .com
Q1 tt 11j UiI*m Io n ln u rt*|1ly1l/1^ifHf^|1l11' gangly : 1 2 0 ?9

! *oiTno reply daaaifctab p iu 3g nngi* r Trace intormation b u b > c!: ^ettivja n tic r ! 00)*+
N 6diecte1 1 0

Frcrc < 00 dii.ttett*;plj:.5:cqfc.ccn


Seniif T P 209 85 216.199

Abjs: >c<kess tScneFojtc)


Ucdtia: Kcun:ar **, cdfcr1a, use

Y o uare cnday Scf a 1 5day:r.a. Toapply a

eC lic khere cr far purchasein form ationC _ k


7 .7 : T h e e M a i l T r a c k e r P r o - M y T r a c e R e p o r t s t a b

F IG U R E

Lab Analysis
D o c u m e n t a ll th e liv e e m a ils d is c o v e r e d d u rin g th e la b w it h a ll a d d itio n a l in fo r m a t io n .
. e m a ilT r a c k e r P r o c a n d e t e c t a b n o r m a lit ie s i n t h e e m a il h e a d e r a n d w a r n y o u d ia t d ie e m a il m a y b e s p a m

T o o l/ U t ilit y

In f o r m a t io n C o lle c t e d / O b je c t iv e s A c h ie v e d M a p : L o c a t io n o f tra c e d e m a il T a b le : H o p
111 111

G U I m ap

th e r o u te w it h I P

E m a i l S u m m a r y : S u m m a r y o f th e tra c e d e m a il e M a ilT r a c k e r P r o F r o m & T o e m a il a d d re s s D a te S u b je c t L o c a t io n

T r a c e In f o r m a t io n : S u b je c t Sen d er IP L o c a t io n

CEH Lab Manual Page 53

Ethical Hacking and Countermeasures Copyright by EC-Council All Rights Reserved. Reproduction is Stricdy Prohibited.

Module 02 - Footprinting and Reconnaissance

PLE A SE

TA LK

TO

Y O U R IN S T R U C T O R IF Y O U R E L A T E D TO T H IS LAB.

H A V E

Q U E ST IO N S

Questions
1. W lia t is d ie d iffe r e n c e b e tw e e n tra c in g a n e m a il a d d re ss a n d tra c in g a n e m a il m e ssa g e ? 2. 3. 4. W h a t a re e m a il In te r n e t h e a d e rs ? W h a t d oes u n k n o w n m ean
111

th e ro u te ta b le o f d ie id e n tific a tio n re p o rt?

D o e s e M a ilT r a c k e r P r o w o r k w ith e m a il m e ssa g e s th a t h a v e b e e n fo rw a rd e d ?

5.

E v a lu a te w h e th e r a n e m a il m e ssa g e c a n b e tra c e d re g a rd le s s o f w h e n it w a s se n t.

In t e r n e t C o n n e c t io n R e q u ir e d 0 Yes S u p p o rte d !L a b s N o

P la t f o r m 0

C la s s r o o m

CEH Lab Manual Page 54

Ethical Hacking and Countermeasures Copyright by EC-Council All Rights Reserved. Reproduction is Stricdy Prohibited.

Module 02 - Footprinting and Reconnaissance

Collecting Information about a Target Website Using Firebug


F ire b u g in te g ra te s n ith F ire fo x , p ro rid in g a lo t o f develop w e n t to o ls a llo n in g jo n to e d it, debug, a n d m o n ito r C S S , H T M L , a n d Ja v a S c rip t liv e in a n y ire b p ag e.

Lab Scenario
/ Valuable
information______ Test your knowledge A s you a ll k n o w , e m a il is o n e o f th e im p o r ta n t to o ls th a t h a s b e e n c re a te d .
111

U n f o r t u n a t e ly , a tta c k e rs h a v e m is u s e d e m a ils to s e n d s p a m to c o m m u n ic a te s e c re t and lu d e th e m s e lv e s d e a lin g s . tra c e b e h in d


111

th e

sp am

e m a ils , it

w h ile

a tte m p tin g n e c e s s a ry

to fo r

u n d e rm in e p e n e tr a tio n

b u s in e s s te s te rs to

su ch

in s ta n c e s , f in d th e

becom es

sA m

W eb exercise W orkbook review

a n e m a il to

source of em ail e s p e c ia lly

w h e r e a c r im e h a s b e e n c o m m itte d u s in g e m a il. Y o u h a v e a lr e a d y le a rn e d in th e p r e v io u s la b h o w to fin d th e lo c a tio n b y tr a c in g a n e m a il u s in g e M a ilT r a c k e r P r o to p r o v id e s u c h in f o r m a t io n as w a s a c f t ia llv s e n t. T h e m a jo r it y o f p e n e tr a tio n te s te rs u s e th e M o z illa F ir e f o x as a w e b b r o w s e r t o r t h e ir p e n te s t a c t iv it ie s . 111 tin s la b , y o u w ill le a rn to u s e a p p lic a t io n p e n e tr a tio n te s t and g a th e r c o m p le te

city , s ta te , country, e tc . fr o m w h e r e th e e m a il

Firebug f o r a w e b
F ir e b u g can

in fo r m a t io n .

p r o v e to b e a u s e fu l c o d e o n s e rv e rs .

debugging t o o l th a t c a n h e lp y o u tra c k ro g u e J a v a S c rip t

Lab Objectives
T h e o b je c tiv e o f d u s la b is to h e lp s ftid e n ts le a rn e d itin g , d e b u g g in g , a n d m o n ito rin g C S S , H T M L , a n d Ja v a S c r ip t
111

a n y w e b s ite s .

H Tools dem onstrated in this lab are available in D:\CEHTools\CEHv 8 Module 02 Footprinting and Reconnaissance

Lab Environment
111

th e la b , y o u n e e d : A w e b b ro w s e r w ith a n In te r n e t c o n n e c tio n A d m in is tra tiv e p riv ile g e s to ru n to o ls T in s la b w ill w o r k


111 th e C E H la b e n v ir o n m e n t - o n W indow s S erver 2 0 1 2 , W indow s 8 , W indow s S erver 2 0 0 8 , a n d W indow s 7

CEH Lab Manual Page 55

Ethical Hacking and Countenneasures Copyright by EC-Council All Rights Reserved. Reproduction is Stricdy Prohibited.

Module 02 - Footprinting and Reconnaissance

Lab Duration
T u n e : 10 M in u te s

Overview of Firebug
F ir e b u g is a n a d d - o n to o l fo r M o z illa F ir e fo x . R u n n in g F ir e b u g d is p la y s in fo rm a tio n su c h as d ir e c to ry s tru c tu re , in te r n a l U R L s , c o o k ie s , s e ssio n ID s , e tc.

Lab Tasks
F ir e b u g in c lu d e s a lo t o f fe a tu re s s u c h as d e b u g g in g , H T M L in s p e c t in g , p r o f ilin g a n d e tc . w h ic h a re v e r y u s e fu l f o r w e b d e v e lo p m e n t .

1.

T o la u n c h th e

S ta rt m e n u , h o v e r th e m o u s e c u r s o r in th e lo w e r- le ft

c o r n e r o f th e d e s k to p

F I G U R E 8 .1 : W i n d o w s S e r v e r 2 0 1 2 D e s k t o p v i e w

2.

O i l th e

S ta rt m e n u , c lic k M ozilla F irefox to la u n c h th e b r o w s e r

Start
Seroei Mauger m F ir e b u g fe a tu re s : J a v a s c r i p t d e b u g g in g Ja v a s c r ip t C o m m a n d L in e M o n it o r d ie Ja v a s c r it P e rfo rm a n c e an d X m lH t t p R e q u e st L o g g in g T ra c in g In s p e c t H T M L an d E d it H T M L E d it C S S F I G U R E 8 .2: W i n d o w s S e r v e r 2 0 1 2 A p p s Central fane Wndows poyversheii Adm irostt.. T O O K Hyper-V Manager

Adm inistrator

O n

r
Task Manager

4
Hyper-V Virtual Machine..

Command Prompt

Google fcarth

Google Chrome

j 11 K

1 Mu/illa hretox

3.

T v p e th e U R L

h ttp s://getfirebug.com

111

th e F ir e f o x b r o w s e r a n d c lic k

In s ta ll Firebug

CEH Lab Manual Page 56

Ethical Hacking and Countermeasures Copyright by EC-Council All Rights Reserved. Reproduction is Stricdy Prohibited.

Module 02 - Footprinting and Reconnaissance

T ! *
** f rebog

| 9

e tfre C u q< o n r ~ |
W h a t is Firebug?
introCiKtion ana Features

f i \ ft c*
Docum entation
FA Qand v:

Community
D tscibswt foru*s anc

TAS K 1

:tp i. F ir e b u g
J
ta/~u rw Web Development Evolved.

Install Firebug
Other Versions Firebuc Lite Exi

Installing Firebug

The m ost pop ular and pow erfu l w eb d eve lo p m e n t tool


*P lrapct HTML and modify style and layout In real-time *0 Use tb most advanced JavaScript debugger available for any browser V Acairatety analyze network usage and performance ^ Extend Firebug and add features to make Firebug even more powerful *Get the information you need to got it done with Firebug. More ScfMWMlI

< A

Introduction to Firebug Hi bug pyl opntomalogllt Rob Cam pbell g lv*t * quick Introduction to Fit bug. v/vtch now -

More Features -

F I G U R E 8 .3: W i n d o w s S e r v e r 2 0 1 2 - A p p s

4.

C lic k in g C lic k th e

In s ta ll Firebug w ill r e d ir e c t to th e D ow nload Firebug p a g e Dow nload lin k to in s ta ll F ir e b u g


!_ ! : >

MMM
I ^ Dmnlud fifet A 1H gelfitebug coir

o v n l o d * /

-- e | * 1 0 s 1.

ft c-

Download Firebug
y j F ir e b u g in s p e c ts H T M L a n d m o d i f y s ty le a n d la y o u t in r e a l - t im e

Firebug for Firefox

Firebug 1.10 for Firefox 14: Recommended


Compjtlbtc with: FI1 fox 13-16 |l)own1rart| Release Notes. New 1 eatures

Finebug 1.9.2
Compatible with: Firefox 6-13 Powntoad. Retease notes

Firebug 1.8.4
Compatible with: Fliefox 5-9 Download, Release notes

Firebug 1.7.3
Compatible with: Firefox 3.6, 4, 5

F I G U R E 8 .4: W i n d o w s S e r v e r 2 0 1 2 A p p s

5.

O n th e

Add-Ons p a g e , c lic k th e b u tto n Add to F irefox to in itia te th e

A d d - O n in s ta lla t io n
^ Frbug; Acld-omfor R id a

L J
C |?Google

fi ; )* > V I U S1 btlpvy/add0ro.m o2il< 1 .0(g / w 1 US/firff0x / rtd d 0vWbug'

ft

R9 itcr or Loc in I Othor Applications *

F ir e b u g a d d s s e v e ra l

ADD-ONS
LXILMSJONS I PtKSONAS I IHLMLS I C0CLLCTI0NS M0RL-.

search for add ons

c o n fig u r a tio n o p tio n s to F ir e f o x . S o m e o f th e s e o p tio n s c a n b e c h a n g e d t h r o u g h d ie U I , o th e r s c a n b e m a n ip u la t e d o n ly v ia a b o u tx o n f ig . # * Extensions Firebug Welcome to Firefox Add-ons. Choose from thousands of extra features and styles to make Firefox your own

Firebug 1.10.1
by Joe Hewitt, Jan Odvarko, robcee, HrcbugWorfcLngGroup


1 , 3 8 1 user reviews 3 ,0 0 2 ,5 0 6 users

Firebug Integrates with Firefox to put a wealth of development tools at your fingertips while yx > ubrowse. You can edit, debug, and monitor CSS. HTM L, and JavaScript live in any web page...

Q Add to collection < Sharethis Add on

F I G U R E 8 .5 : W i n d o w s S e r v e r 2 0 1 2 A p p s

CEH Lab Manual Page 57

Ethical Hacking and Countermeasures Copyright by EC-Council All Rights Reserved. Reproduction is Stricdy Prohibited.

Module 02 - Footprinting and Reconnaissance

6.

C lic k th e

In s ta ll N ow b u tto n

111

th e

S o ftw a re In s ta lla tio n w in d o w

p a n e T T a b M in W id t h

S oftw are In sta lla tio n

d e s c rib e s m in im a l w id t h in p ix e ls o f t h e P a n e l ta b s in s id e d ie P a n e l B a r w h e n t h e r e is n o t e n o u g h h o r iz o n ta l s p ace .

Install add-ons only from authors whom you trust.


M a liciou s software can d a m a g e y o u r c o m p u te r o r violate y o u r privacy.

Y o u have asked to install the fo llo w in g item :

F ire b u g (A u th o rnot v e rifie d )


https://addons.m ozilla.org/firefox/dow nloads/latest/

1 8 4 B / a d d o n -1 8 4 3 -latest.xpi 7 src:

Install N o w

Cancel

F I G U R E 8 .6: W i n d o w s S e r v e r 2 0 1 2 A p p s

7.

O n c e th e F ir e b u g A d d - O n is in s ta lle d , i t w ill a p p e a r as a

grey colored

bug o n th e N avig atio n T o o lb ar as h ig h lig h te d in th e f o llo w in g


s c re e n s h o t
m s h o w F ir s t R u n P a g e s p e c ifie s w h e t h e r t o s h o w th e firs t r u n p a g e .

[s
8. 9.

1 1

Firebug:: Add-ons for Firefox ft Mozilla Corporation (US) http5://addon5.mozilla.o_______ C t ^ Google________ f i ft D

F I G U R E 8 .7: W i n d o w s S e r v e r 2 0 1 2 A p p s

C lic k th e C lic k th e

Firebug ic o n to v ie w th e F ir e b u g p a n e . Enable lin k to v ie w th e d e ta ile d in fo r m a t io n f o r C o n s o le

p a n e l. P e r f o r m th e sa m e fo r th e S c r ip t , N e t , a n d C o o k ie s p a n e ls

T h e c o n s o le p a n e l

o ffe rs a Ja v a S c r ip t c o m m a n d l i n e , lis t s a ll k in d s o f m e s s a g e s a n d o f fe r s a p r o f ile r fo r Ja v a S c rip t c o m m a n d s.

CEH Lab Manual Page 58

Ethical Hacking and Countermeasures Copyright by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited.

Module 02 - Footprinting and Reconnaissance

10. E n a b lin g th e C o n s o le p a n e l d is p la y s a ll th e re q u e s ts b y th e p a g e . T h e o n e h ig h lig h te d


m T h e C S S panel

111

th e s c re e n s h o t is th e

H eaders ta b

11.

111

th is la b , w e h a v e d e m o n s tra te d h tt p :/ / w w w .m ic r o s o ft .c o m

m a n ip u la t e s C S S r u le s . I t o f f e r s o p t i o n s f o r a d d in g , e d it in g a n d r e m o v in g C S S s t y le s o f d i e d i f f e r e n t f i le s o f a p a g e c o n ta in in g C S S . I t a ls o o f f e r s a n e d it in g m o d e , i n w h i c h y o u c a n e d it th e c o n t e n t o f d i e C S S f i le s d i r e c t l y v i a a t e x t a r e a .. C $1

12. T h e

H eaders ta b d is p la y s th e R e s p o n s e H e a d e r s a n d R e q u e s t H e a d e rs

b y d ie w e b s ite
-r xr^
P

* D- *

* U 9| W e lc o m e t o M ic ro s o ft
3cw rJoa41 Sccunty Support Bjy

.
[m m r | mm im vn pi UtiM M o t la o tM t M * | *I | Cnori Mn)1 n fc D ebug nf C o o ta e i

fi

UUf

F I G U R E 8 .9 : W i n d o w s S e r v e r 2 0 1 2 A p p s

13. S im ila r ly , th e re s t o f th e ta b s

111

th e C o n s o le p a n e l lik e

Param s.

Response, HTM L, a n d C ookies h o ld im p o r ta n t in f o r m a t io n a b o u t th e


w e b s ite
m T he H T M L panel

14. T h e H T M L p a n e l d is p la y s in f o r m a t io n s u c h as s o u rc e c o d e , in t e r n a l U R L s o f th e w e b s ite , e tc .
P H D *

d is p la y s d ie g e n e r a t e d H T M L / X M L o f d ie c u rre n d y o p e n e d page. It d if fe r s f r o m d ie n o r m a l s o u rc e c o d e v ie w , b e cau se i t a ls o d is p la y s a ll m a n ip u la t io n s o n th e D O M tre e . O n t h e r ig h t

Welcome to Microsoft
P 0 4 u ct D ow nloads Secisity Suppcrt Buy

s id e i t s h o w s t h e C S S s t y le s d e fin e d f o r d ie c u r r e n d y s e le c t e d ta g , d ie c o m p u t e d s t y le s f o r i t , l a y o u t in fo r m a t io n a n d d ie D O M v a r ia b le s a s s ig n e d t o i t in d if fe r e n t tab s. US, it* aL Lu.-t

<

| M m uj( S . * . . * D O M N r l

nUMUtUittt

F I G U R E 8 .1 0 : W i n d o w s S e r v e r 2 0 1 2 A p p s

15. T h e

N e t p a n e l s h o w s th e R equest s ta rt a n d R equest phases s ta rt and


011

elapsed tim e re la tiv e to th e R equest s ta rt b y h o v e r in g th e m o u s e


c u rs o r th e T im e lin e g ra p h f o r a re q u e s t

CEH Lab Manual Page 59

Ethical Hacking and Countermeasures Copyright by EC-Council All Rights Reserved. Reproduction is Stricdy Prohibited.

Module 02 - Footprinting and Reconnaissance

N e t P a n e l 's p u r p o s e is to m o n it o r H T T P tr a ff ic in it ia t e d b y a w e b p a g e a n d p r e s e n t a ll c o lle c t e d a n d c o m p u te d in fo r m a t io n to d i e u s e r . I t s c o n t e n t is c o m p o s e d o f a lis t o f e n t r ie s w h e r e e a c h e n t r y re p re s e n ts o n e re q u e s t/ re s p o n s e ro u n d t r i p m a d e b y d i e p a g e ..

F I G U R E 8 .1 1 : W i n d o w s S e r v e r 2 0 1 2 A p p s

16. E x p a n d a re q u e s t in th e N e t p a n e l to g e t d e ta ile d in f o r m a t io n o n P a r a m s , H e a d e r s , R e s p o n s e , C a c h e d , a n d C o o k ie s . T h e s c re e n s h o t th a t fo llo w s s h o w s th e C a c h e in f o r m a t io n


^ S c r ip t p a n e l d e b u g s Ja v a S c r ip t c o d e . T h e re fo re d ie s c r i p t p a n e l in t e g r a t e s a p o w e r f u l d e b u g g in g t o o l b a s e d o n f e a t u r e s li k e d if f e r e n t k in d s o f b r e a k p o in t s , s te p - b y - s te p e x e c u t io n o f s c rip ts , a d is p la y f o r th e v a ria b le s ta c k , w a t c h e x p r e s s io n s a n d m o r e .. UI UT 4uPMu4>l . .! r C :0> nxWtnMM 11* tuam iM i : v 1. 1 .. ^ ; T 1 1 ------------

i l ; ojw

fi'ft

D *

Welcome to Microsoft
,odwtj fcwnbads S ec u rity S upport

11 1

.A UN

w m w w w a m ^ ^ M

11

*MX. IfWm Kfifw |<M C mU

trJ z z

1 r 0 a n * C M 0 1 r 1 ~
<jnoe*ofU n ..j.*.

4 u m w luriJSK'i-MiMo. a i vucu.1ra.M MX.il m 1 1

F I G U R E 8 .1 2 : W i n d o w s S e r v e r 2 0 1 2 A p p s

17. E x p a n d a re q u e s t in th e C o o k ie s p a n e l to g e t in f o r m a t io n o n a c o o k ie V a lu e , R a w d a ta , ] S O N , e tc .

W c lc o m c t o M icro so ft
(* d u c t O ew w oM i S *c u 1ty S ea p o rt B u y
E x p o r t c o o k ie s fo r d i i s s it e - e x p o r t s a ll c o o k ie s o f d ie c u r r e n t w e b s i t e a s t e x t f i le . T h e r e f o r e d ie S a v e as d i a l o g is o p e n e d a l l o w i n g y o u t o s e le c t d ie p a t h a n d c h o o s e a n a m e fo r th e e x p o r t e d f ile . ft Coobn* Fto

C ti* jk

U.ictt ccciic-.)

F I G U R E 8 .1 3 : W i n d o w s S e r v e r 2 0 1 2 A p p s

CEH Lab Manual Page 60

Ethical Hacking and Countermeasures Copyright by EC-Council All Rights Reserved. Reproduction is Stricdy Prohibited.

Module 02 - Footprinting and Reconnaissance

Note: Y o u c a n h n d in f o r m a t io n re la te d to th e C S S , S c r ip t , a n d D O M p a n e l
th e r e s p e c tiv e ta b s .

011

Lab Analysis
C o lle c t in fo rm a tio n su c h as in te r n a l U R L s , c o o k ie d e ta ils , d ir e c to ry s tm e tin e , s e ssio n ID s . e tc . fo r d iffe r e n t w e b s ite s u s in g F ire b u g . T o o l/ U t ilit y In f o r m a t io n C o lle c t e d / O b je c t iv e s A c h ie v e d S e r v e r o n w h ic h t h e w e b s it e is h o s t e d : M ic r o s o f t IIS / 7 .5 D e v e lo p m e n t F r a m e w o r k : A S P . N E T H T M L S o u r c e C o d e u s in g Ja v a S c r ip t , j Q u e r y , F ir e b u g Ajax O t h e r W e b s it e In f o r m a t io n : In t e r n a l U R L s C o o k ie d e ta ils D ir e c t o r y s tru c tu re S e s s io n ID s

P LE A S E

TA LK

TO

Y O U R IN S T R U C T O R IF Y O U R E L A T E D TO T H IS LAB.

H A V E

Q U E ST IO N S

Questions
1. 2. D e te r m in e th e F ir e b u g e r r o r m e s s a g e th a t in d ic a te s a p ro b le m . A f t e r e d itin g p a g e s w it h in F ir e b u g , h o w c a n y o u o u tp u t a ll th e c h a n g e s th a t y o u h a v e m a d e to a s ite 's C S S ? 3. 111 th e F ir e b u g D O M m ean? 4. W h a t d o e s th e d if f e r e n t c o lo r lin e in d ic a t e N e t p a n e l? In t e r n e t C o n n e c t io n R e q u ir e d 0 Yes S u p p o rte d D iL a b s N o
111

p a n e l, w h a t d o th e d if f e r e n t c o lo r s o f th e v a r ia b le s

th e T im e lin e re q u e s t in th e

P la t f o r m 0

C la s s r o o m

CEH Lab Manual Page 61

Ethical Hacking and Countenneasures Copyright by EC-Council All Rights Reserved. Reproduction is Stricdy Prohibited.

Module 02 - Footprinting and Reconnaissance

Mirroring W ebsites Using the HTTrack Web Site Copier Tool


H T T rn c k W eb S ite C o p ie r is a n O fflin e h ron s e r u tility th a t a llo n s jo / / to don \nload a W o rld W id e W eb s ite th ro u g h th e In te rn e t to jo u r lo c a l d ire c to ry .

Lab Scenario
/ Valuable
information______ Test your knowledge W e b s it e s e rv e rs s e t c o o k ie s to h e lp a u th e n tic a te th e u s e r it th e u s e r lo g s s e c u re a re a o f th e w e b s ite . L o g in in f o r m a t io n is s to re d can e n te r and le a v e th e w e b s ite w ith o u t h a v in g
111 111

to a

a c o o k ie s o th e u s e r re - e n te r th e sa m e

to

a u th e n tic a tio n in f o r m a t io n o v e r a n d o v e r . You have le a rn e d


111

sA m

W eb exercise W orkbook review

th e

p r e v io u s

la b

to

e x tra c t in f o r m a t io n

fr o m

a w eb

a p p lic a t io n u s in g F ir e b u g . A s c o o k ie s a re tra n s m itte d b a c k a n d f o r t h b e tw e e n a b r o w s e r a n d w e b s ite , i f a n a tta c k e r o r u n a u th o riz e d p e rs o n g e ts d a ta tra n s m is s io n , th e a ls o u se s e n s itiv e F ir e b u g to c o o k ie in f o r m a t io n can be


111

b e tw e e n th e A
11

in te r c e p te d . d o w n lo a d e d

a tta c k e r c a n

se e w h a t Ja v a S c r ip t w a s

and

e v a lu a te d . A tt a c k e r s c a n m o d ify a re q u e s t b e fo r e i t s s e n t to th e s e r v e r u s in g T a m p e r d a ta . I t t h e y d is c o v e r a n y S Q L o r c o o k ie v u ln e r a b ilit ie s , a tta c k e rs c a n p e r fo r m a S Q L in je c tio n a tta c k a n d c a n ta m p e r w it h c o o k ie d e ta ils o f a re q u e s t b e fo r e i t s s e n t to b ro w s e rs in t o th e s e rv e r. A tt a c k e r s s e n s itiv e c a n u s e s u c h v u ln e r a b ilit ie s o ver in s e c u re to t r ic k The

s e n d in g

in f o r m a t io n

c h a n n e ls .

a tta c k e rs th e n s ip h o n o f f th e s e n s itiv e d a ta f o r u n a u th o riz e d a c c e s s p u rp o s e s . T h e r e fo re , as a p e n e tr a tio n te s te r, yo u s h o u ld have an u p d a te d a n tiv ir u s

p r o te c tio n p ro g ra m to a tta in In t e r n e t s e c u rity . 111 tin s la b , y o u w ill le a r n to m ir r o r a w e b s ite u s in g th e H T T r a c k W e b S ite

C o p ie r T o o l a n d as a p e n e tr a tio n te s te r y o u c a n p r e v e n t D - D o S a tta c k .

Lab Objectives
T h e o b je c tiv e o f tin s la b is to h e lp s tu d e n ts le a rn h o w to m ir r o r w e b s ite s .

Lab Environment
T o c a n y o u t th e la b , y o u n e e d :

CEH Lab Manual Page 62

Ethical Hacking and Countenneasures Copyright by EC-Council All Rights Reserved. Reproduction is Stricdy Prohibited.

Module 02 - Footprinting and Reconnaissance

W e b D a ta E x tr a c to r

lo c a te d a t

D:\CEH-Tools\CEHv 8 Module 02

& Tools dem onstrated in this lab are available in D:\CEHTools\CEHv 8 Module 02 Footprinting and Reconnaissance

Footprinting and R eco n n aissan ce\W eb site Mirroring T oo ls \H T T ra c k W eb site C opier


Y o u c a n a ls o d o w n lo a d th e la te s t v e r s io n o f

H T T ra c k W eb S ite C opier

fr o m th e lin k h t t p :/ / w w w .h tt r a c k .c o m / p a g e / 2 / e n / 111d e x .h tm l I f y o u d e c id e to d o w n lo a d th e la te s t v e r s io n , th e n
111

screen sh ots s h o w n

th e la b m ig h t d if f e r

F o llo w th e

W izard driven in s ta lla tio n p ro c e s s


111

T in s la b w ill w o r k

th e C E H

la b e n v ir o n m e n t - o n

W indow s S erver

2 0 1 2 . W indow s 8 , W indow S erver 2 0 0 8 , a n d W indow s 7


T o r u n t liis t o o l A d m in is t r a t iv e p r iv ile g e s a re re q u ire d

Lab Duration
T im e : 10 !M in u te s

Overview of Web Site Mirroring


W i n H T T r a c k arran g e s t h e o r i g i n a l s it e 's r e l a t i v e lin k - s t r u c t u r e .

Web mirroring a llo w s y o u to d o w n lo a d a w e b s ite to a lo c a l d ir e c to r}7 , b u ild in g


re c u rs iv e ly a ll

directories. HTML, images, flash, videos, a n d o d ie r h ie s fro m d ie

s e rv e r to y o u r c o m p u te r.

Lab Tasks
1. T o la u n c h th e

S ta rt m e n u , h o v e r th e m o u s e c u r s o r in th e lo w e r - le ft

c o r n e r o f th e d e s k to p

| | W in d o w s Server 2012

W intioMS o ivm201? ReleaseCandidate DaUcMt 1 ___________________E/dualicncopy. Buid 840!

T O
2.
W i n H T T r a c k w o r k s as a c o m m a n d - lin e p r o g r a m o r d ir o u g h a s h e ll f o r b o d i p r iv a te (c a p tu r e ) a n d p r o f e s s io n a l (o n - lin e w e b m ir r o r ) u se .

5 W
F I G U R E 9 .1: W i n d o w s S e r v e r 2 0 1 2 D e s k t o p v i e w

111 th e

S ta rt m e tr o a p p s , c lic k W in H TT rack to la u n c h th e a p p lic a d o n W in H TT rack

CEH Lab Manual Page 63

Ethical Hacking and Countermeasures Copyright by EC-Council All Rights Reserved. Reproduction is Stricdy Prohibited.

Module 02 - Footprinting and Reconnaissance

Start
Windows PowiefShe! Adm intstf... Tools Mozila Path Pro 2.7 copyng

A d m in is tr a to r^

UirvvjM

rL
Ccrpuw

W
T ask

&
Jjpor.V

HypV Virtual Machine...

id hfitcHy.trt

a
rwrirv

*
V

11
Command

4
Googb Chrcnie

a a
WirHfTr.. webste

C l
a

w r r \
Coojfc tanti

Adobe Kcafler X

(**Up

J:

1:T

F I G U R E 9 .2 : W i n d o w s S e r v e r 2 0 1 2 A p p s

TAS K 1
Mirroring a W ebsite

3.

111 th e W in H T T r a c k m a in w in d o w , c lic k

N e x t to c re a te a N e w P ro ject

WinHTTrack Website Copier [ New Project 1]


File Preferences Mirror Log V/indow Help

iB I

a Local Disk <D:> ^ DVD RW Drive <E:* E , . New Volume <F:>

Welcom eto WinHTTrack Website C o p ter! Please click onthe NEXTb u tto nto

ra c k

w e b s it e c o p ie i

Q u ic k ly u p d a te s

< 3ack

Neit ?

d o w n l o a d e d s it e s a n d r e s u m e s in te r r u p te d d o w n lo a d s (d u e to c o n n e c t io n b re a k , c ra s h , e tc .) F IG U R E 9 .3 : H T T r a c k W e b s i t e C o p i e r M a i n W i n d o w

J
4. E n t e r th e

p ro ject nam e

111

th e

P ro ject nam e h e ld . S e le c t th e B a s e p a th Next

to s to re th e c o p ie d file s . C lic k

CEH Lab Manual Page 64

Ethical Hacking and Countermeasures Copyright by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited.

Module 02 - Footprinting and Reconnaissance

H
File & ) W i z a r d t o s p e c ify w h ic h lin k s m u s t b e lo a d e d ( a c c e p t / r e f u s e : l i n k , a ll d o m a in , a ll d ir e c t o r y ) Preferences

WinHTTrack Website Copier [New Project 1]

1 -1

='

'

M irro r

_og

Window

Help | ]eg Project | |

1+ J Local Disk <0 13 l j L 0 C 3 I Disk < D :>


D V D P.\A Cnve <:>

New project name. Project category -hfo

1Si c i

N* *Yoiume

< ^;>

N e w p ro je c t

Base p a th ;

t:\NVWebSles

1 ..|

<ock

Not >

Ccnccl

Help

K J U M
F IG U R E 9 .4 : H T T r a c k W e b s i t e C o p i e r s e l e c t i n g a N e w P r o j e c t

5.

E n te r

w w w .c e rtifie d h a c k e r.c o m u n d e r W eb A ddresses: (URL) a n d S et options b u tto n


WinHTTrack Website Copier [ Test Projectwhtt]
Help MrTcrirg Mode Enter addresses) in URL box

th e n c lic k th e

File

reterences

V\1ndov\

B i j . local Disk <C>

B L CEH-Took
S T im e o u t a n d m in im u m

tra n s fe r ra te m a n a g e r to a b a n d o n s l o w e s t s it e s

, Irtel (fj | NfyWebSitc* | j ^ Jfi Program filc i S i. Program hies xto)

| Dowrioddweb e( )
Web Addr*t#: (URL)

5 45

U l , J

Sl i . Windows L .Q NTUSERDAT B , , Local D < lr < D >


DVD RW Dn/e < E:>

cortfiodhackor.comI

New '/olume < F:>

FWcrerccs ord r

D o w n l o a d i n g a s it e c a n

F IG U R E

9 .5 : H T T r a c k W e b s i t e C o p i e r S e l e c t a p r o j e c t a n a m e t o o r g a n i z e y o u r d o w n l o a d

o v e d o a d it, i f y o u h a v e a fa s t p ip e , o r i f y o u c a p tu r e t o o m a n y s im u lta n e o u s c g i (d y n a m ic a lly g e n e ra te d pages)

6. 7.

C lic k in g th e C lic k th e

S et options b u tto n w ill la u n c h th e W in H T T ra c k w in d o w

Scan Rules ta b a n d s e le c t th e c h e c k b o x e s f o r th e t ile ty p e s as OK

s h o w n in th e f o llo w in g s c re e n s h o t a n d c lic k

CEH Lab Manual Page 65

Ethical Hacking and Countermeasures Copyright by EC-Council All Rights Reserved. Reproduction is Stricdy Prohibited.

Module 02 - Footprinting and Reconnaissance

H
M IM E types Proxy | Browser ID Limits | S ca n Rules | ]

WinHTTrack
| | Log, Index. C a c h e R ow Control | Links | ] Experts Only Build | Spider

U sew ild c a rd stoe x c lu d eo rin c lu d eU R Lso rlin k s . Y o uc a np u tse v e ra l sc a ns trin g so nth es a m elin e . U ses p a ce sa ss e p a ra to rs . E x a m p le :+ * z ipw w w .* .c o mw w w .*e d u / c g ib in / * .c g i
m F i l e n a m e s w i t h o r ig in a l s t r u c t u r e k e p t o r s p lit t e d m o d e Cone h t m l fo ld e r , a n d o n e i m a g e f o l d e r ) , d o s 8 -3 f ile n a m e s o p t i o n a n d u se rd e fin e d s tru c tu re

T ip :T oh a veA LLG IFfile sin c lu d e d ,u s es o m e th in glik e+ w w w .s o m e w e b .c o m / 1 .g if. (+ * .g ifI g ifw ill in c lu d e / e x c lu d eA LLG IFsfr o m A LLs ite s )

OK

Cancel

H e lp

F IG U R E S3 H T M L p a r s in g a n d ta g a n a ly s is , in c lu d in g ja v a s c r ip t c o d e / e m b e d d e d H T M L code File Preferences

9 .6 : H T T r a c k W e b s i t e C o p i e r S e l e c t a p r o j e c t a n a m e t o o r g a n i z e y o u r d o w n l o a d

T h e n , c lic k

N ext
WinHTTrdck Website Copier ( Test Project.whtt]
Window Help

Mrror

cq

a - j^ Local Dsk <C:> 0 ^ CEH-Tooli

M irroring Mode -

& 1 dell
B inetpub ! )- j, Intel
I ^) ,i; MyV/d)Sites

Enter adJress(es)inURLb o x

j } Program . Files j Program files (x86) I il-- Uscr - j. Windows j L Q NTfStRDAT ] u Local Disk < D >
51 ^ DVD RW Drive < E;>

Download web ste(s) V/ob Addresses: (URL)


a certr'iedtacker.c

S i - New Volume < F;>

Pnefererces and mrroroptions:

..I
F IG U R E 9 .7 : H T T r a c k W e b s i t e C o p i e r S e l e c t a p r o j e c t a n a m e t o o r g a n i z e y o u r d o w n l o a d

9.

B y d e fa u lt, th e r a d io b u tto n w ill b e s e le c te d f o r

P r o s y s u p p o rt to

P lease adjust connection p a ra m e ters if n ecessary, then press F IN IS H to launch th e m irroring o peration Finish to s ta rt m ir r o r in g th e w e b s ite

m a x im iz e s p e e d , w it h o p t io n a l a u t h e n t ic a t io n

10. C lic k

CEH Lab Manual Page 66

Ethical Hacking and Countermeasures Copyright by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited.

Module 02 - Footprinting and Reconnaissance

WinHTTrack Website Copier - [Test Projeciwhtt]


File C D T h e t o o l lia s in t e g r a t e d D N S c a c h e a n d n a t iv e h ttp s a n d ip v 6 s u p p o r t j ||j Preferences Mirror .og Window Help Local Disk J> CEH Tool: netpub me! M/V/ebSites Program Files Program F les (x80)

j 0 J td d l
: Si j, j Si I Si j. j

Remcte conncct Connect to this provider | Do not use rem ote access connection

0 j. J503 i ra >. Windows


L - Q NTUStRXIAT

V D iscon nectw h enfnished


V Shutdaivn PC when fnished

S x a i Local Dklc <[>>


3 DVD F.V b Crive <E;> New Vo umc <R>

Onhdd
Tron3lcr schcdulod lor (hh/

r r r
C Save *tilings only do not lajrch download n

F IG U R E C D H T T r a c k c a n a ls o u p d a t e a n e x is tin g m ir r o r e d s it e a n d r e s u m e i n t e r r u p t e d d o w n l o a d s . H T T r a c k is fu lly c o n fig u r a b le b y o p t i o n s a n d b y filte r s

9 .8 : H T T r a c k W e b s i t e C o p i e r T y p e o r d r o p a r i d d r a g o n e o r s e v e r a l W e b a d d r e s s e s

11. S ite m ir r o r in g p ro g re s s w ill b e d is p la y e d as

111

th e f o llo w in g s c re e n s h o t

H
File preference: Miiro Log

Site mirroring in progress [2/14 ( ! 32794 ,(13 S bytes] [ Test Project.whtt]


Window Help

P ^ Local D is k < C >


: X CEH-Tods

j B -Jj del

| 0 M MyWcbSitcs I . ~ J1 Program Files Q | Progrom Files (86) I ra i . Users j 0 1 Windows ~ j j NTUSFR.DAT y - g Local Diik<0:>

j 0 ^ ln t e l

J . netpub

Inform atbn Bytes saved Tim : Transfer rate: Active connection# W }Actions:] scanning www cotifedhacker conv)s 1 1 ------1 I 1 1 1 1 1 1 1 1 1 SKIP SKIP SKIP SKIP -KIP SKIP SKIP SKIP SKIP SKIP SKIP SKIP SKIP 1 1 1 1 1 1 1 1 1 1 1 1 1 320.26K1B 2rrin22j OB/S (1.19KB/S) 1 Urks scanned: -le wrtten: *es updated 2/14( 13) 14 0 0

DVD RW DrK* <E : >


B r j Nevr Volume <F:>

J Lsz

H elp

C D F ilt e r b y file ty p e , lin k lo c a t io n , s tru c tu re d e p th , f i l e s iz e , s it e s iz e , a c c e p t e d o r r e f u s e d s it e s o r f i l e n a m e (w it h a d v a n c e d w ild c a r d s )..

F IG U R E

9 .9 : H T T r a c k W e b s i t e C o p i e r d i s p l a y i n g s it e m i r r o r i n g p r o g r e s s

12. W in H T T r a c k s h o w s th e m e s s a g e

M irroring operatio n c o m p le te o n c e B row se M irrored W eb site

th e s ite m ir r o r in g is c o m p le te d . C lic k

CEH Lab Manual Page 67

Ethical Hacking and Countermeasures Copyright by EC-Council All Rights Reserved. Reproduction is Stricdy Prohibited.

Module 02 - Footprinting and Reconnaissance

Site mirroring finished! [Test Project.whtt]


File Preferences Mirror .og Window Help 3 j* . Local Disk <C> E CEH-Tools

C lfc kE x itt oq u it1 / V n H T T r a c * . S e eO g f!fe (s )tre c e s s a ytoe n s u r eth a te v e r/ th rgisO K .


Tharks for using WinHTTrack1

Mrroring operation ccmplctc

Intel ; M (MyWebSiles | 0 I Program Files Q O p t i o n a l l o g f i le w i t h j 0 Program F les (x80) I J t Usen i g| j. Vndow; 1 Q NTUSBUJAT |- a ^ [ij Local Disk < [> .> DVD RW Crive <h> Nev/Voumc <F:>

e r r o r - lo g a n d c o m m e n t s lo g .

B rcw o oM rrcro dW o b aitc

M U M
F IG U R E 9 .1 0 : H T T r a c k W e b s i t e C o p i e r d i s p l a y i n g s it e m i r r o r i n g p r o g r e s s

13. C lic k in g th e

B row se M irrored W e b s ite b u tto n w ill la u n c h th e m ir r o r e d

w e b s ite f o r w w w .c e r t 1fie d h a c k e r .c o m . T h e U R L in d ic a te s th a t th e s ite is lo c a te d a t th e lo c a l m a c h in e

Note: I f th e w e b p a g e d o e s n o t o p e n f o r s o m e re a s o n s , n a v ig a te to th e
C ] U s e b a n d w id t h lim it s , c o n n e c t i o n l i m i t s , s iz e lim it s a n d t im e lim it s

d ir e c to r } w h e r e y o u h a v e m ir r o r e d th e w e b s ite a n d o p e n in d e x .h tm l w it h a n y w e b b ro w s e r

Downloads and support


Askquestions Downbacfe Help and how-to
fecole re a l hM nw tE jplxe

w <

acen 9 1 < ed u w ^ n <th e M xrovo fl (imnuMli

!tiv Mr

V _ V Chtl 1 c tIftaMM iK tttO ,

(S) **

S ecurity a n d updates
b!ran

F IG U R E

9 .1 1 : H T T r a c k W e b s i t e C o p i e r M i r r o r e d W e b s i t e I m a g e

14. A f e w w e b s ite s a re v e r y la rg e a n d w ill ta k e a lo n g tim e to m ir r o r th e


C D o n o t d o w n lo a d to o la r g e w e b s it e s : u s e filte r s ; t r y n o t t o d o w n lo a d d u r in g w o r k in g h o u rs

c o m p le te s ite 15. I f y o u w is h to s to p th e m ir r o r in g p ro c e s s p r e m a tu r e ly , c lic k th e

C ancel in

S ite m irroring progress w in d o w live hosted w e b s ite .

16. T h e s ite w ill w o r k lik e a

CEH Lab Manual Page 68

Ethical Hacking and Countermeasures Copyright by EC-Council All Rights Reserved. Reproduction is Stricdy Prohibited.

Module 02 - Footprinting and Reconnaissance

Lab Analysis
D o c u m e n t th e m irro re d w e b s ite d ire c to rie s , g e ttin g H T M L , im a g e s , a n d o th e r tile s. T o o l/ U t ilit y H T T ra c k W eb S it e C o p ie r In f o r m a t io n C o lle c t e d / O b je c t iv e s A c h ie v e d O f f lin e c o p y o f th e w e b s ite w w w .c e r tif ie d h a c k e r .c o m is c re a te d

P LE A S E

TA LK

TO

Y O U R IN S T R U C T O R IF Y O U R E L A T E D TO T H IS LAB.

H A V E

Q U E ST IO N S

Questions
5. H o w d o y o u r e tr ie v e th e file s th a t a re o u ts id e th e d o m a in w h ile m ir r o r in g a w e b s it e ? 6. 7. 8. 9. H o w d o y o u d o w n lo a d ftp tile s / s ite s ? C a n H T T r a c k p e r fo r m fo rm - b a s e d a u t h e n t ic a t io n ? C a n H T T r a c k e x e c u te H P - U X o r I S O H o w d o y o u g ra b a n e m a il a d d re s s
111

9 6 6 0 c o m p a tib le file s ? w e b p ag es?

In t e r n e t C o n n e c t io n R e q u ir e d Yes S u p p o rte d 0 !L a b s 0 N o

P la t f o r m 0

C la s s r o o m

CEH Lab Manual Page 69

Ethical Hacking and Countermeasures Copyright by EC-Comicil All Rights Reserved. Reproduction is Stricdy Prohibited.

Module 02 - Footprinting and Reconnaissance

Extracting a Companys Data Using Web Data Extractor


W eb D a ta E x tra c to r is u sed to e x tra c t targ e te d co m p a n j(s) co n tact d e ta ils o r d a ta such a s e m ails ; fa x , p h o n e th ro u g h w eb fo r resp o n sib le b ' 2 b co m m u n icatio n .

Lab Scenario
/ Valuable
information______ Test your knowledge 0 A tt a c k e r s c o n t in u o u s ly lo o k lo r th e e a s ie s t m e th o d to c o lle c t in fo r m a t io n . T h e r e a re m a n y to o ls a v a ila b le w it h w h ic h a tta c k e rs c a n e x tra c t a c o m p a n y s

d a ta b a s e . O n c e th e y h a v e a c c e s s to th e d a ta b a s e , th e y c a n g a th e r e m p lo y e e s e m a il a d d re s s e s a n d p h o n e n u m b e rs , th e c o m p a n y s in t e r n a l U R L s , e tc . W it h th e in f o r m a t io n g a th e re d , th e y c a n s e n d s p a m e m a ils to th e e m p lo y e e s to f ill th e ir m a ilb o x e s , h a c k in t o th e c o m p a n y s w e b s ite , a n d m o d ify th e in t e r n a l

sA m

W eb exercise W orkbook review

U R L s . T h e y m a y a ls o in s ta ll m a lic io u s v ir u s e s to m a k e th e d a ta b a s e in o p e r a b le . A s a n e x p e rt

pe n e tra tio n te s te r, y o u s h o u ld b e a b le to d u n k fr o m a n a tta c k e r s


011

p e r s p e c tiv e a n d t r y a ll p o s s ib le w a y s to g a th e r in f o r m a t io n You s h o u ld be a b le to c o lle c t a ll th e

organizations.
of an

co n fid en tial

inform ation

o r g a n iz a tio n a n d im p le m e n t s e c u r ity fe a tu re s to p r e v e n t c o m p a n y d a ta le a k a g e . 111 tin s la b , y o u w ill le a r n to u s e W e b d a ta . D a t a E x t r a c t o r to e x tra c t a c o m p a n y s

Lab Objectives
T h e o b je c tiv e o f tin s la b is to d e m o n s tra te h o w to e x tra c t a c o m p a n y s d a ta u s in g

Web Data Extractor. S m d e n ts w ill le a rn h o w to :


E x t r a c t M e t a T a g , E m a il, P h o n e / F a x f r o m th e w e b p a g e s

CEH Lab Manual Page 70

Ethical Hacking and Countermeasures Copyright by EC-Council All Rights Reserved. Reproduction is Stricdy Prohibited.

Module 02 - Footprinting and Reconnaissance

& 7 Tools dem onstrated in this lab are available in D:\CEHTools\CEHv 8 Module 02 Footprinting and Reconnaissance

Lab Environment
T o e a r n o u t th e la b y o u n e e d : W e b D a t a E x t r a c t o r lo c a te d a t

D :\CEH-Tools\CEHv 8 M odule 02 Footprinting and R econ naissance\A dditional Footprinting Tools\W eb D ata E x tra c to r W eb D ata E x tra c to r f r o m screen sh ots s h o w n

Y o u c a n a ls o d o w n lo a d th e la te s t v e r s io n o l

th e lin k h tt p :/ A v w w .w e b e x t r a c t o r .c o m / d o w n lo a d .h tm I f y o u d e c id e to d o w n lo a d th e la te s t v e r s io n , th e n
111

th e la b m ig h t d if f e r la b e n v ir o n m e n t 011

T h is la b w ill w o r k in th e C E H

W indow s S erver

2 0 1 2 , W indow s 8 , W indow s S erver 2 0 0 8 . a n d W indow s 7

W D E

s e n d q u e r ie s to

Lab Duration
T im e : 10 M in u te s

s e a r c h e n g in e s t o g e t m a t c h in g w e b s it e U R L s

Overview of Web Data Extracting


V V JD E w il l q u e r y 1 8 + p o p u l a r s e a rc h e n g in e s , e x t r a c t a ll m a t c h in g U R L s f r o m s e a r c h r e s u lts , r e m o v e d u p lic a t e U R L s a n d fin a lly v is it s th o s e w e b s it e s a n d e x tra c t d a ta f r o m th e re

W e b d a ta e x tra c tio n is a ty p e o f in fo r m a tio n re trie v a l d ia t c a n e x tra c t a u to m a tic a lly u n s tru c tu re d o r s e m i- s tm c tu re d w e b d a ta so u rc e s


111

a s tru c tu re d m a n n e r.

Lab Tasks
1. T o la u n c h th e

S ta rt m e n u , h o v e r th e m o u s e c u r s o r in th e lo w e r- le ft

c o r n e r o f th e d e s k to p

F IG U R E

1 0.1: W i n d o w s 8 D e s k t o p v i e w

TAS K 1

2.

111 th e

Extracting a W ebsite

S ta rt m e n u , c lic k W eb D ata E x tra c to r to la u n c h th e a p p lic a tio n W eb D ata E x tra c to r

CEH Lab Manual Page 71

Ethical Hacking and Countermeasures Copyright by EC-Council All Rights Reserved. Reproduction is Stricdy Prohibited.

Module 02 - Footprinting and Reconnaissance

Start

Admin A

Microsoft Office Picture...

Microsoft OneNote 2010

B
Microsoft Outlook 2010

a
Microsoft PowerPoint 2010

D
Mozilb Firefox

* ro fte

M ats

S k tD n te

a
Microsoft Excel 2010

a
Microsoft Publisher ?010

< 9
<>

m WDE - Phone,
Fax H arvester module is designed to spider the w eb for fresh Tel, FAX numbers targeted to th e group th at you w a n t to m arket your product or services to

1 *oiigm * *

V O cw

a
Microsoft Word ?010

181
Mrt (iidNli nllilol) m e9am *

ii

8i
Mcrosoft Organizer

Microsoft Office ?010 Unguag...

a
Snagit 10

a
AWittl h * Antivirus

10
Certificate for VBA_.

Microsoft Office ?010 Upload...

Snagit 10 Editor

&
Adobe Reader 9 >-

<
Adobe ExtendSc

%/}. r !

M
X b a xUVf G aw

Web Data Extractor

Bl

F I G U R E 1 0 .2 : W i n d o w s 8 A p p s

3.

W e b D a t a E x t r a c t o r s m a in w in d o w a p p e a rs . C lic k s e s s io n
W e b D ata Extractor 8.3

N e w to s ta rt a n e w

0 00 kbps

File

View

Help

&

I t h a s v a r io u s lim it e r s

o f s c a n n in g r a n g e - u r l filt e r , p a g e te x t filt e r , d o m a in filt e r - u s in g w h ic h y o u c a n e x tra c t o n ly th e lin k s o r d a ta y o u a c t u a lly n e e d fro m w e b pages, in s t e a d o f e x t r a c t in g a ll th e lin k s p r e s e n t t h e r e , as a r e s u lt , y o u c r e a t e y o u r o w n c u s t o m a n d ta r g e te d d a ta b a s e o f u r ls / lin k s c o lle c t io n

m New

Qpen

t? S t a r t

Cur speed Stofi I Merged list Urls

Avg speed 0 00 kbps Inactive sites URL processed 0 Traffic received 0 bytes

L$ess,on Meta tags Emails Phones Faxes Sites processed 0/0. Tim e: 0 msec

F IG U R E

1 0 .3 : T h e W e b D a t a E x t r a c t o r m a i n w i n d o w

C lic k in g

N ew o p e n s th e Session settings w in d o w .
111

T y p e a U R L rw w w .c e rt 1h e d h a c k e r.c o m )
H W e b D a ta E x tra c to r

d ie
111

S tartin g URL h e ld . S e le c t
th e s c re e n s h o t a n d c lic k

d ie c h e c k b o x e s fo r a ll th e o p tio n s as s h o w n

OK

a u t o m a t i c a l l y g e t lis t s o f m e t a - t a g s , e - m a ils , p h o n e a n d fa x n u m b e r s , e tc . a n d s to r e t h e m in d if fe r e n t fo rm a ts fo r fu tu re u se

CEH Lab Manual Page 72

Ethical Hacking and Countermeasures Copyright by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited.

Module 02 - Footprinting and Reconnaissance

Session settings

S o u r c eO f ls it e ln k sF ilt e rU R LF ilt e r :T e x tF ilt e r :D a t aP a r s e rC o n n e c t io n S e a r c he n g in e sS it e/D ir e c t o r y/G r o u p sU R Ll i S t a r t in g U R Lh t t p :/ / w w w .c e r t if ie d h a c k e r .c o m S p id e fi n < :R e t r ie v a ld e p t h OP r o c e s se x a c ta m o u n to fp a g e s


Save data

0 Jg ]

w th n fJU R L h t t p :/ / w w w . c e r t if ie d h a c k e r .c o m

3 F ix e d " S t a y w it h fu ll u d " a n d " F o l l o w o f fs it e lin k s " o p t io n s w h ic h fa ile d f o r s o m e s it e s b e f o r e

E x t r a c t e d d a t aw ib ea u t o m a t ic a llys a v e din t h es e le c t e dlo ld e ru s in g C S Vf o r m a t .Y o uc a ns a v ed a t ain t h ed if f e r e n tf o r m a tm a n u a lyu s in g S a v eb u lt o n o n t h ec o r r e s p o n d in g e x t r a c t e d d a t ap a g e F o ld e rC :\ U s e r s \ A d m in \ D o c u m e n t s \ W e b E x t r a c t o r \ D a t a \ c e r t 1 f ie d h a c k e rc o m E x tra c tM e t at a g s @E x t r a c te m a ils 0E x t r a c ts it eb o d y @E x t r a c tp h o n e s ME x t r a c tU R La sb a s eU R L @E x t r a c tf a x e s vl

F IG U R E

1 0 .4 : W e b D a t a E x t r a c t o r t h e S e s s i o n s e t t i n g w i n d o w '

6.

C lic k

S ta rt to in itia te th e d a ta e x tr a c tio n
W e b Data Extractor 8.3

8
New

Ed*

Qpen

Sterl

1 stofi 1

Jobs 0 / [5

Cw . speed 000kbps Avg speed 000kbps

1 1

Sites processed 0/ 0 Tine: 0m sec

URL processed 0 Trafflereceived 0bytes

& It supports operation through proxy-server and w orks very fast, as it is able of loading several pages sim ultaneously, and requires very fe w resources. Powerful, highly targeted email spider harvester
7.

F IG U R E

1 0 .5 : W e b D a t a E x t r a c t o r i n i t i a t i n g t h e d a t a e x t r a c t i o n w i n d o w s

W e b D a t a E x t r a c t o r w ill s ta rt c o lle c tin g th e in f o r m a t io n

(em ails,

phones, fa x e s , e tc .). O n c e th e d a ta e x tr a c tio n p ro c e s s is c o m p le te d , a n In fo rm atio n d ia lo g b o x a p p e a rs . C lic k OK

CEH Lab Manual Page 73

Ethical Hacking and Countermeasures Copyright by EC-Council All Rights Reserved. Reproduction is Stricdy Prohibited.

Module 02 - Footprinting and Reconnaissance

W e b Data Extractor 8.3

T=mn tr

9'
Cdit

Jobs |0 |/ [ir j O tort Ctofj

C ur. speed
Ag. peed

0.00kbp:
0.00 kbp*

Open

Session Meta tags (64) Em ails (6) Fhones(29) Faxes (2 7 ) M erged list Urls(638) Inactive sites Site processed: 1/1. T im e: 2:57 m in URL proressed 7 4 Traffic received 626.09Kb

m\
Web Data Extractor has finished toe session. You can check extracted data using the correspondent pages.

&

M e ta T a g E x tra c to r

m o d u le is d e s ig n e d t o e x t r a c t U R L , m e t a ta g (t id e , d e s c r ip t io n , k e y w o r d ) f r o m w e b - p a g e s , s e a r c h r e s u lt s , o p e n w e b d ir e c t o r ie s , lis t o f u r l s f r o m l o c a l f i le F IG U R E 1 0 .6 : W e b D a t a E x t r a c t o r D a t a E x t r a c t i o n w i n d o w s

T h e e x tra c te d in f o r m a t io n c a n b e v ie w e d b y c lic k in g th e ta b s
Web Data Extractor 8.3

m New

0
E< * Qpen

Start

Stop

Jobs 0 / 5

Cu speec Avg speed Inactive sites

0 00kbps 0 00kbps

I I

Meta lags Emais Phones Faxes M erged list Urls Sites processed 0/0 1T im e: 0m sec

Traffic received 0bytes

F IG U R E

1 0 .7 : W e b D a t a E x t r a c t o r D a t a E x t r a c t i o n w i n d o w s

S e le c t th e

M e ta tag s ta b to v ie w th e U R L , T id e , K e y w o r d s ,

D e s c r ip t io n , H o s t , D o m a in , a n d P a g e s iz e in f o r m a t io n
Web Data Extractor 8.3
File View Help

EQ if you w a n t WDE to stay w ith in firs t page, ju s t s e le c t "Process First P age Only". A settin g of 0" w ill process and look fo r d a ta in w h o le w e b s ite . A s e ttin g of "1" w ill process index or hom e page w ith asso cia ted file s under root dir only.

u
New E

E
O p r

Start

Jobs 0 j/ 5

C u r. ipeed 0 .C 0Japs
Avg. speed 0.C0 lops
U 1I5 (638)

Stop

[ Sesson | Mcto tags G4) | E n n afc(6] Phores (23) Faxes(27| M erg ed1 s t

Inactive sites

B
URL T itle K eyw ord* Descupticn H o st D o m a Page 5 iz Page l < M p ://cett1 edh a:ke1 c0 1 r/Bec1 Fe$ /1 ;h 1 cken _C 1 jffy.h hYour corrpany H eciDesdetail b o rn e keywads t A shat descrotion o fyou http://certf1 edhic c o m 8 /1 2 / 2 trtp //ccW1 eJk-ke1co*1 /R;i|jes/dppe_1 ;dket1 t1 1 l ,! o u r uonpany Recipesdetail Su m e keywuds 4 Asfwt (fescrption o fyou hU p.//cef(V iedM co cm 1 0 1 4 7 /1 2 / 2 htp://e*<ifi*dh*:k*tcov/R*cip*/Chick*n_with_b Your eonrpary R*cip*cd*Uil So n !kywadc 4 A sh o rt d4ccrotio1 o fyou hUp://c#rtfi*dh 1 co cm 9 5 9 4 /1 2 / 2 h tp://cettf1 edha:ke1covRecces/contact-u$.htm l Your corrparv C ontact js So m e kevwads 4 A shat descrbtion o fyou h ttp :/ / ce rtifio d h <c c o m 5 8 2 8 /1 2 / 2 o m 9 h tp://cetf1 edha:ke1cor/Recif:e$/honey_cake.hlm l Your corrpany Recipesdetail So m e keywads 4 A shat descrption o fyou http://certifiedhic c 3 5 5 /1 2 / 2 h tp ://cetf1 edha:ke1com/RecifesAebob.N m l Your corrpany Recipesdetail So m e keywads 4 A shat descrbtion o fyou h ttp ://certifiedhic c o m 8 3 9 7 /1 2 / 2 hup.//ce*rfdhacketcot/Rgcice3/1ncruhtm l Your corrpary M en u So m e keywads 4 A slot desciptiono fyou http ://certfied h <c co m 7 S0 9 /1 2 / 2 lvtp://ce*ifiedhoske1co/n5ciee/1ecipes.hlm l Your corrpary Recipe! So m e kcywcidi 4 A sh o rt descriptio no fyou hN p ://ccrtficd h <c c o m 1 2 7 1 /1 2 / 2 9E3 5 /1 htfp//c* ifi* d h A :4 c e 1eoiiv/Redpet/Chines^Peppe^Your corrpary Recipesdetail ?om k6yv* rds4Ashcrt d*e1 ip tio nofyou htlp//eerlifiedh; c h!tp://ce tf1 edha:ketcovRecice$/!ancoori chcken Your c o n rp a a > Recipesdetail So m e kevwads 4 A shat descrbtion o fvou h ttp :// ce rtifie d h <c c o m 8 6 2 /1 2 / 2 C 8 0 4 /1 h,tp://ce-tifiedha^e1cotvR2cipes/ecip es-d etail.h tmYour corrpany Recipesdetail So m e keywads 4 A shat descrption o fyou h ttp :// ce rtifie d h <c c o m 1 2 / 2 o m 1 3 2 7 4 /1 h!tp://cetifiedha:ke1covSocid M edia.'abcu t-u s.h tmU n ite Together s Better(creat keyword:, orphia:Abcier descriptior o f th is :http://certifiedhi c 1 2 / 2 c o m 1 1 5 8 4 /1 h 1 tp ://ce U1ejha^etcovR 5 c1 f:es/1 n e ru -ca teg D fy.h t Your corrpany M en ucategorySo m ekeywads 4 A shat descrotion o fyou http://certf1 e d h < 1 2 / 2 o m 1 h!tp://cetifiedha*e1cor1/R5cipes/ecipes-:ategory.lYour corrpany Recipescateg! So m e keywads 4 A shat descrbtion o fyou http ://ce rtfied h <c 1 2 4 5 1 /1 2 / 2 h,tp:/cetifiedho;ketcom/Socid M cdio/so m pleb lo g .I U nite Together e Better(crcot keyw ord*, ofpho-Abod descriptior of U n i 3 1 h ttp :/ / certifiedhi c2 1 6 3 9 /1 2 / 2 hitp7/ce hfie:trket com /Socid M edia/sam plecorte U nite- Together t sBetter(creat keyw ord;, o rph ra-Ab rie rd escrip tio n of Ih ish ttp //certifiedhi co m c 1 2 1 4 3 /1 2 / 2 h :tp ://cetifiedhackeicon/Spciel Media.sam pleloain. h ttp ://certifiedhi c o 1m 1 4 8 9 /1 2 / 2 htp://cetifiedhackeicom /Tjrbc M ex /iepngw .htc h ttp :/ /certfied h < c o 1 m 5 2 2 7 /1 2 / 2 h tp://cetifiedha^etcom/Sxicl M edia.sam pleporifc Unite Together s Better(creat keyw ord?, o rph ra:A b rie r descriptior of !h is 1h ttp :// ce rtifie d h <1 c o m 1 E2 5 9 /1 2 / 2 http://cethedhackeicom /U n der th e trees/b lo g .h tm l U n d er th e Trees h ttp://certifiedhi c o 1m 8 9 3 /1 2 / 2 frtp://cetifiedhacketconn/Under th e trees/contact.ht U n d e !th e Trees h ttp ://:ertried h < co cm 2 S6 3 /1 2 / 2

1 1 1 1 1 1 1 1 2 / 2 1 1 1 1 1 1 1 1 1 1 1 1

F IG U R E

1 0 .8 : W e b D a t a E x t r a c t o r E x t r a c t e d e m a i l s w i n d o w s

10. S e le c t

E m ails ta b to v ie w th e E m a il, N a m e , U R L , T it le , H o s t ,

K e y w o r d s d e n s ity , e tc . in f o r m a t io n re la te d to e m a ils

CEH Lab Manual Page 74

Ethical Hacking and Countermeasures Copyright by EC-Council All Rights Reserved. Reproduction is Stricdy Prohibited.

Module 02 - Footprinting and Reconnaissance

Web Data Extractor 8.3

N 5 V

H!

Edt

0 p5 n

Start

Stofi |

Jobs 0 / 5

C u r speed 0C Mkfapt Avg. tpscd 0 .0 Ckbps

1 1

Session M eta 095(64) | Enaih (6) |?hones |2 9 ) Fccs(27) M erg ed 1 s t U rls(G 3 3 ) Inactivesrei E n a il N arre con cact0 jrite reapazinecsm runitv. con tact 1 rro1n tro sp re .se D n fo 5ale5@ Tt!o:p*ew = f c sdes 5 L p p 0 t su pD crt@ n t otprev u e b aalia@dis3r.con aalia co rtact@ !> cn ap D tt.c o m contact URL T fc le H o st httpJ/cettifiedhackor.conv'Social M edU n it T o p e tk e*isB3 ttef(creat3c h ttp :< 7 cettified h a ck ef.c h ttD :/ l/ ce !t1 fied h 3 ck er.ccrrvc0Dcrate l( l ttD ://ce t 1 f e d h 3 c k 5 r.c o rr1 h ttp ://ceitified h 3 ckcr.co m 'co rp o rate k h ttp ./ 1 /ceitifiedh ackcr.com h ttp:J/cettifiedh 3 ckerco m / co rp cr^ ek h ttp < /cetifedhackercorr! h ttp^ /cettified h ack er.co m /P-fo lio /ccnP F o lio http://cetifed h acker.com h ttp ://co !tifio d h :1 ck o r.co n Y Ro ciposAoVou co r p a > y 3ecpos Htp:7cetifodh:jck0r.c

K e y w o r d sd e n s it yK e y iv c r c s
0 0 0 0

m WDE send queries to search engines to get matching w ebsite URLs. N ext it visits those matching w ebsites for data extraction. How many deep it spiders in the matching w ebsites depends on "Depth" setting of "External Site" tab

F IG U R E

1 0 .9 : W e b D a t a E x t r a c t o r E x t r a c t e d P h o n e d e t a i l s w i n d o w

11. S e le c t th e

Phones ta b to v ie w th e in f o r m a t io n re la te d to p h o n e lik e

P h o n e n u m b e r, S o u r c e , T a g , e tc .
Web Data Extractor 83

^
1 1

g *

Open

Start

9 1 St0Q |

Jobs 0 / 5

C ut. speed 0.00kbps Avg speed 000 kbos

j Session Metatags (64) Em ails(6) | Phenes (29)"| Faxes (2 7 ) M erged list Urls (6 3 8 1 Inactive sites Phone 1 8 0 0 1 2 3 9 8 6 5 6 3 1 8 0 0 1 2 3 9 8 6 5 6 3 1 8 0 0 1 2 3 9 8 6 5 6 3 1?345659863? 1 8 0 0 1 2 3 9 8 6 5 6 3 8 0 0 1 2 3 98 6 5 63 1 8 00 1 2 3 9 8 6 5 6 3 18 1 2 3 9 8 6 5 6 3 1 0 0 1 4 9 2 1 5 0 1 9 9 1 2 18 12 3 9 8 6 5 6 3 1 8 00 1 2 3 9 8 6 5 6 3 1 8 00 1 2 3 9 8 6 5 6 3 9 0 12 3 4 5 6 7 6 6 6 2 5 8 8 9 7 2 6 6 6 2 5 8 8 9 7 2 6 6 6 2 5 8 8 9 7 2 6 6 6 2 5 6 8 9 7 2 18 1 2 3 9 8 6 5 6 3 1 0 2 0 0 9 1 3 2 0 0 3 dace S 1 8 3 0 1 2 3 9 3 6 5 6 3 1 8 3 0 1 2 3 9 3 6 5 6 3 1 8 3 0 1 2 3 9 3 6 5 6 3 1 ?3 4 5 6 5 $ 8 6 3 ? 1 8 3 0 1 2 3 9 3 6 5 6 3 8 0 0 1 2 3 9 8 8 5 6 3 1 8 D 0 1 2 3 9 3 6 5 6 3 1 8 X 1 1 2 3 9 3 6 5 6 3 100-1492 1 5 0 19912 1 8 3 0 1 2 3 9 3 6 5 6 3 1 8 D 0 1 2 3 9 3 6 5 6 3 19X123 9 3 6 5 6 3 + 9 0123458 7 (6 6 5 )2 5 6 -89 7 2 (6 6 5 )2 5 6 8 5 7 2 Title H ost Keyw ords de Key / http://certifiedhacker.com /Online B :> o k r> a /a >Onlne 300kina: Siterru http://certifiedhackef.c1 http://certifiedhacker.com /Online B :> o * u n g / b c Onlne Booking. Brows http://certifiedhackef.c1 http://certifiedhacker.com /Online B^oking/c* Onine Booking: C h e c lhttp://certifiedhackef.c1 http7/certifiedhackef rom /Dnline Bsokinfl/ea Onine Booking Conta http7/eertifiedhaek c! call http://certifiedhacker.com /Online B 5 0 k*> g /c:*Onine Booking: Conta http://certifiedhackef.c1 http://certifiedhacker.com /Online Bxjking/ca Onine Booking: Conta http://certifiedhackef.c1 call http://certifiedhacker.com /'O nline Bookirtg/facOnine Booking: FAQ http://certifiedhackef.c1 call http://certifiedhacker.com /Online Bx> king/p3 i Onine 300king: S ite m <http://certifiedhackef.c1 http://certifiedhacker.com /Online B x > k in g / $ e <Onine 300king: Searc http://certifiedhackef.c1 http^/cortifiodhackor.convOnline Boking/sei Onine Booking: Searc htp://certifiedhackef.c! call http://certifiedhacker.com /Online B 5 0 k in g /se<Onine 300king: Searc http://certifiedhackef.c1 http://certifiedhacker.com /Online Booking/tenOnfine Booking: Typoc http://certifiedhackef.c1 call http://ccrtificdhackcr.com /Onlinc B50 kin g/h D l Onine D o okin g: Hotel http://ccrtifiedhacka.ci call Phone h ttp ://certifiedhacker.co m /P-folio/cDntaclhtri P-Foio h ttp ://certifiedhackef.c! http://certifiedhacker.com /Real Estates/page: Professional Real Esta htp://certifiedhackef.c! http://certifiedhacker.com /Real Eslates/pags: Professional Real Esta h ttp :/ //cerlifiedhackef.ci http://certifiedhacker.com /Real Estates/page: Professional Real Esta h ttp ://certifiedhackef.c! (6 6 0 )2 5 6 -85 7 2 http://certifiedhacker.com /Real Estates/page: Professional Real Esta h ttp //certifiedhackef.c! (660) 2 5 6 8 2 7 2 http://certifiedhacker.com /Real Estates/peg* Professional Real Esta h ttp //certifiedhackef.c! 1 8 3 0 1 2 3 9 3 6 5 6 3 call http://certifiedhacker.com /'Social Media/sarrpUnite Togetheris Bet h ttp //certifiedhackef.c! 102009 http://certifiedhacker.com /Under th e treesTbcUndef lie Trees h ttp //certifiedhackef.ci 132009 http://cert1 f1 edhacker.com /Under th e trees/bc Undef tie I fees h ttp://certifiedhackef.ci 77 xrw ?Air I Irvfef Tit h H r > / / p p rtiK p rlh A rlf r, httrv/ / ( * rrifiA rlh A rk A call call call

F IG U R E

1 0 .1 0 : W e b D a t a E x t r a c t o r E x t r a c t e d P h o n e d e t a i l s w i n d o w

12. S im ila r ly , c h e c k

fo r

th e

in f o r m a t io n

under

F a x e s, M e rg e d

lis t , U r ls

(6 3 8 ), In a c t iv e s ite s ta b s 13. T o s a v e th e s e s s io n , g o to

File a n d c lic k Save session

CEH Lab Manual Page 75

Ethical Hacking and Countermeasures Copyright by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited.

M odule 02 - Footprinting and R e co n n a issa n ce

File| View Help Edit session Open session Svc session Delete sesson Delete All sessions Start session Stop session Stop Queu ng sites bit ctti-s Jobs 0 J / 5 C ur. speed Avg. speed | s (29) Faxes (27) M erged list Urls (638 Inactive sites URL procesced 74 Traffic received 626.09 Kb

----

Web Data Extractor 8.3

S fe Save extracted links directly to disk file, so there is no limit in number of link extraction per session. It supports operation through proxy-server and works very fast, as it is able of loading several pages simultaneously, and requires very few resources

F IG U R E 10.11: W e b D a ta E x tra c to r E x tra c te d P h o n e d etails w in d o w

14. Specify the session name in the Save session dialog box and click OK
Web Data Extractor 8.3 [File View Hdp

'1^1' a
1 1

m0
New

<*

Qpen

p 1

Start

Stoc |

Jobs [0 |/

C u r. speed 0.0Dkbps Avg speed 00 3kbps

Ses$k>r Meta tegs (64) Em ails (6) Phones (29) Faxes (27) M erged list Urls (638) Inactive sites S*o piococcod 1 1. Tim e 4:12 m in

URL pcocesied 74 Tralfic receded 626.09 Kb Save session Please specify session nam e:

F IG U R E 10.12: W e b D a ta E x tra c to r E x tra cte d P h o n e d etails w in d o w

15. By default, the session will be saved at D:\Users\admin\Documents\WebExtractor\Data

C E H Lab Manual Page 76

Ethical Hacking and Countermeasures Copyright by EC-Council All Rights Reserved. Reproduction is Stricdy Prohibited.

M odule 02 - Footprinting and R e co n n a issa n ce

L a b A n a ly s is
Document all die Meta Tags, Emails, and Phone/Fax. T o o l/ U tility Information Collected/Objectives Achieved Meta tags Information: U R L, Title, Keywords, Description, Host. Domain, Page size, etc. Web Data Extractor E m a il Information: Email Address, Name, U R L, Title, Host, Keywords density, etc. Phone Information: Phone numbers, Source, Tag, etc.

PLEASE TALK TO YOUR INSTRUCTOR IF YOU HAVE QUESTIONS RELATED TO THIS LAB.
Q u e s t io n s
1. What does Web Data Extractor do? 2. 3. H ow would you resume an interrupted session 111 Web Data Extractor? Can you collect all the contact details of an organization?

Internet Connection Required Yes 0 No

Platform Supported 0 Classroom 0 iLabs

C E H Lab Manual Page 77

Ethical Hacking and Countermeasures Copyright by EC-Council All Rights Reserved. Reproduction is Stricdy Prohibited.

M odule 02 - Footprinting and R e co n n a issa n ce

I d e n tif y in g V u l n e r a b i li t i e s a n d I n f o r m a t io n D i s c l o s u r e s in S e a r c h E n g i n e s u s i n g S e a r c h D ig g ity
/V aluable m form ation___ Test your know ledge *4 W eb exercise
m

S e a rc hDiggity is t h eprimary attack to o lof t h eG o o g leHacking D ig gityProject It is a nMS Wind o n sGUIa p p lic a tio nthats e r v e sa safro n te n dt ot h elatestv e r s io n s of Diggity to o ls :G o o g le D ig g it y , BingDiggity, Bing LinkFrom Dom ainDiggity, C o d e S e a r c h D ig g ity , DLPDiggity, FlashDiggity, Maina re D ig g ity , Po/tSc a n D ig g ity , SHOD.4NDiggity, BingBina/yMalnareSearch, andNotlnMyBackYardDiggity.
L a b S c e n a r io
A n easy way to find vulnerabilities 111 websites and applications is to Google them, which is a simple method adopted by attackers. Using a Google code search, hackers can identify crucial vulnerabilities 111 application code stnngs, providing the entry point they need to break through application security. As an expert ethical hacker, you should use the same method to identify all the vulnerabilities and patch them before an attacker identities them to exploit vulnerabilities.

W orkbookreview

L a b O b je c t iv e s
The objective of tins lab is to demonstrate how to identity vulnerabilities and information disclosures 111 search engines using Search Diggity. Students will learn how to: H Tools demonstrated in this lab are available in D:\CEHTools\CEHv8 Module 02 Footprinting and Reconnaissance Extract Meta Tag, Email, Phone/Fax from the web pages

L a b E n v ir o n m e n t
T o carry out the lab. you need: Search Diggity is located at D:\CEH-Tools\CEHv8 Module 02 Footprinting and Reconnaissance\Google Hacking Tools\SearchDiggity

C E H Lab Manual Page 78

Ethical Hacking and Countenneasures Copyright by EC-Council A ll Rights Reserved. Reproduction is Stricdy Prohibited.

M odule 02 - Footprinting and R e co n n a issa n ce

You can also download the latest version of Search Diggity from the link http: / /www.stachliu.com/resources /tools /google-hacking-diggitvproject/attack-tools If you decide to download the latest version, then screenshots shown 111 the lab might differ Tins lab will work 111 the C E H lab environment - 011 Windows Server 2012. Windows 8. Windows Server 2008. and Windows 7

L a b D u r a tio n

Time: 10 Minutes
G o o g le D ig g ity is the p rim a ry G o o g le h ackin g to o l, u tiliz in g th e G o o g le JS O N / A T O M C u sto m S e arch A P I to id e n tify vu ln e ra b ilitie s and in fo rm a tio n d isclo su res v ia G o o g le searching.

O v e r v ie w o f S e a r c h D ig g it y
Search Diggity has a predefined query database that nuis against the website to scan die related queries.

Lab T asks
1. T o launch the Start menu, hover the mouse cursor 111 the lower-left corner of the desktop

F IG U R E 11.1: W in d o w s S e rve ! 2012D eskto p view

2. 1 1 1 the Start menu, to launch Search Diggity click the Search Diggity

Launch Search Diggity

S ta rt

A dm inistrator ^

MMMger

tools

MypV f/anaqer

1 Vy1hOt

a
*j
Control Panel

%
Hyper V Vliiijol Machine..

m
Command

?
Google Chrome

F"
Adobe Reader X

g
M ozilla

T
Internet Informal). Services..

F IG U R E 11.2: W in d o w s Server 2012 Start m enu

C E H Lab Manual Page 79

Ethical Hacking and Countermeasures Copyright by EC-Council All Rights Reserved. Reproduction is Stricdy Prohibited.

M odule 02 - Footprinting and R e co n n a issa n ce

3.

The Search Diggity main window appears with Google Diggity as the default

s s - . Q u e rie s S e le ct G o o g le d ork s (search q u eries) yo u w ish to use in scan b y ch eck in g a p p ro p riate boxes.
Queries r FS06 t GK>* l Q C iRibOfn l SharePoart 0ggrty Category Sutxsteqory search String Page Titfe Aggr$$M Google Custom sparer ID: Create Cautious

Wnja

> Usioe
> I ISLOONCW > f 1DLPOwty Initial * NonSWF seartfes & t ] FtashDggty lnai

Google Status: Ready

Download Progrss: Id 0.*n Fo 1>

F IG U R E 11.3: Search D im ity M a in w in d o w

4.

Select Sites/Domains/IP Ranges and type the domain name 111 the domain field. Click Add
Ooton? CodeSearch Srpl Advanced MH0 Brng llnkfromDomniri DLP Flash Mnlwor# PortSar HorTnMyfi.vfcvird BingMnlwnr# S Korinn

| m c r o s o f C . c o m I _( C l e a r
Page Ttie

IjlT.Tll

Quer*s

nF S D 6
t > Q GH06 > GHDBRebom ? p SharePDtit Diggty

H i d e

Category

Subcategory

Search Stnng

D o w n lo a d JB u tto n

S e le ct (h ig h lig h t) on e o r m o re re su lts in th e results p ain , d ie n c lic k th is b u tto n to d o w n lo ad d ie search re su lt file s lo c a lly to yo u r co m p u ter. B y d e fa u lt, d o w n lo ad s to

> 12 SLD3 > sldbnew > r DLPDigg.ty Intial Flash MorrS'AF Seerches

> t > FF i a s h D i g g t y In t ia l

Selected Result

D:\D iggityD ow nloa d s\.

Gooqk* Slatuk: Reedy

Download Protjrvvs: Id < *

F IG U R E 11.4: Search D im ity - Selecting Site s/D o m ain s/IP Ranges

C E H Lab Manual Page 80

Ethical Hacking and Countermeasures Copyright by EC-Council All Rights Reserved. Reproduction is Stricdy Prohibited.

M odule 02 - Footprinting and R e co n n a issa n ce

5.
Im p o rt B u tto n
^5

Im p o rt a tex t file lis t o f d o m a in s / IP rang es to scan. E a c h q u ery w ill be ru n ag ainst G o o g le w ith s i t e : y o u r d o m a in n a m e . co m ap pended to it.

The added domain name will be listed in the box below the Domain held
Search Diggiiy
File J SmuJe Codons r ~^eSeard1 Advanced Helo Bing LinkFromDomain | SU N | DLP Flash Settings MaHware PcriSczn HatfrMyBadcyard BingMalvsare Shodan

|- I

Le. exanfie.ccrn <or> 1 2 8 . 192.100.1

Query Appender * Pro

1 msm
---------------|B
b

microsoft.com [Remove]

9 I Hide URL

* Queries fr 1!! F5PB fr E: CHD6 fr C GHDeReborr fr (v sfiarcPon: oqgkv fr (lJ S1DB fr SI 06NEW fr IT OtPDlQqltY Iftlldl fr C Rash HanSMlF Searches - (T RashDig^Ty inrtial fr C SVVF Fk dng Generic fr SVVF Targeted 5eorches * Google Status: Red j Soloctod Result Subcategory Search String

de ar Page Title

Dotviihjad Progress: tzk! C? n Fo.dr

F IG U R E 11.5: Search D ig g ity D o m ain added

6.

Now , select a Query Irom left pane you wish to run against the website that you have added 111 the list and click Scan

aa t a s k

Run Query against a website

Note: 1 1 1 this lab, we have selected the query SWF Finding Generic. Similarly, you can select other queries to run against the added website
"5
oodons CodeScarfr HdO Bing LirkfrornDomam DLP Flash Settings Malware PortScan HotiftMyflxIcyard SingMalwnre Shodan

Seaich Diogity

,1 ' 1
. Caned 1 Oownloac]

< .Q 1 fcfll1 <> 12 6.192.100.1 1 1 microsort.com [Kcmove]

Proxies

lEOal
Clear Hide URL Subcategory search string
ps ge Title

F D 6 GHD6 O GHDBRebom SharePoinl t>ggiy SLOB O SLDBNEW DIPDigjjty T n rtio l Selected Result Category

W h e n scann in g is

Fiasf nodswf sarchs [ FiasjiDtggjty Initial_____ 117 SWF Prdr>g Gencric] fr n SWF Targeted Searches

kicke d o ff, th e selected q u e ry is ru n ag ainst the co m p lete w eb site.

boogie status: ReacJy

Download Progress: :de

holJt'

F IG U R E 11.6: Search D ig g ity Selecting query and Scanning

C E H Lab Manual Page 8 1

Ethical Hacking and Countermeasures Copyright by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited.

M odule 02 - Footprinting and R e co n n a issa n ce

7.
R e s u lts P a n e - A s ^

The following screenshot shows the scanning process


Search Dignity

scan ru n s, re su lts fo u n d w ill b eg in p o p u latin g in th is w in d o w pane.

x ftotinM/Backyard BingMalware S hodan

LinkFromDomain 5n r3 1 3 AcSarced Cancel Download

PortScan

> 128.192.100.1 Proxies | __________ Ceai rrecrosoft.com [Rer ove]

|
Hide URL rttp ://vww.mKTO?ott.com/europe/home.swt *

F5D6 GHDB GHOBRetoorr sliaroPoin: Digqty 5106 SLD6ICW Cntegory Subcntegory Search String Page T*e < exfcswt ste :mu Finland irrxrg F1ahD1gg!ty ]m l SWF Finding G

/napp01nt/flosh/Mapl'o1r1t FlastiDiggity ]m l SWF Finding G < ext:swt ste:m1< Start the Tour j http://vr//7v.rn1cr0xtt.com F-lastiDiaqity inn s w f Finding G < oxt:swf s1 tc:m1< cidc hrc - mic -ttp:,7vwMm1cr0Mft.com/learn1nq/elcarr1nq/Dcmosl Z S totted Result Not using Custom Swai 1 J> ID Request Delay Interval: [0m5 120000ms]. Not using proxies Simple Scan Started. [8/7/2012 6:53:23 pm ! Found 70 results) for query: ext:sv.151te:m!crosoft.c0fn .

O l P O i g g l t Y Ir t t l a i
Tosh NonSWF Searches HashDtg^ty ustal ( SWF Finding Grwr<

S im p le Sim p le

SWF Targeted Search

search te x t b ox w ill a llo w yo u to ru n on e sim p le q u e ry at a tim e, in stead o f u sin g th e Q u erie s ch eck b ox d ictio n arie s. F IG U R E 11.7: Search D ig g ity Scantling ill progress
Google Status: Scanning.. Download Progress: t i t ' r Fo d~r

All the URLs that contain the SW F extensions will be listed and the output will show the query results

ca

O u tp u t G e n e ra l

o u tp u t d e scrib in g the p rog ress o f th e scan and p aram eters used..

F IG U R E 11.8: Search D ig g ity - O u tp u t w in d o w

L a b A n a ly s is
Collect die different error messages to determine die vulnerabilities and note die information disclosed about the website. To o l/ U tility Search D igg ity Information Collected/Objectives Achieved Many error messages found relating to vulnerabilities

C E H Lab Manual Page 82

Ethical Hacking and Countermeasures Copyright by EC-Council All Rights Reserved. Reproduction is Strictly Prohibited.

M odule 02 - Footprinting and R e co n n a issa n ce

PLEASE TALK TO YOUR INSTRUCTOR IF YOU HAVE QUESTIONS RELATED TO THIS LAB.
Q u e s t io n s
Is it possible to export the output result for Google Diggity? If yes, how?

Internet Connection Required 0 Yes Platform Supported 0 Classroom !Labs No

C E H Lab Manual Page 83

Ethical Hacking and Countermeasures Copyright by EC-Comicil A ll Rights Reserved. Reproduction is Stricdy Prohibited.