CEHv8 Module 02 Footprinting and Reconnaissance

Footprinting and R econnaissance M odule
0 2
Ethical Hacking a n d C o u n te rm e a s u re s F o o tp rin tin g a n d R e c o n n a issa n c e
Exam 3 1 2-50 C ertified Ethical H acker
F o o t p r in t in g
a n d
R e c o n n a is s a n c e
M o d u le 0 2
E th ic a l H a c k in g a n d C o u n te r m e a s u r e s v 8 M o d u l e 0 2 : F o o t p r i n t i n g a n d R e c o n n a is s a n c e E xa m 3 1 2 -5 0
M o d u le 0 2 P ag e 92
Ethical H acking a n d C o u n te rm e a s u re s C opyright by EC-C0UnCil All Rights R eserved. R ep ro d u ctio n is Strictly P ro h ib ite d .
Exam 3 1 2 -5 0 C ertified Ethical H acker
S e c u r it y
ABO UT US PRO DUCTS
N e w s
N E W S A pril 1a 2 0 1 2
F a ceb o ok a 'tre a s u re tro v e ' o f P e rs o n a lly Id e n tifia b le In fo rm a tio n
Facebook contains a "treasure trove" of personally identifiable information that hackers manage to get their hands on. A report by Imperva revealed that users' "general personal information" can often include a date of birth, home address and sometimes mother's maiden name, allowing hackers to access this and other websites and applications and create targeted spearphishing campaigns. It detailed a concept I call "friend-mapping", where an attacker can get further knowledge of a users circle of friends; having accessed their account and posing as a trusted friend, they can cause mayhem. This can include requesting the transfer of funds and extortion. Asked why Facebook is so important to hackers, Imperva senior security strategist Noa Bar-Yosef said: "People also add work friends on Facebook so a team leader can be identified and this can lead to corporate data being accessed, project work being discussed openly, while geo-location data can be detailed for military intelligence." "Hacktivism made up 58 per cent of attacks in the Verizon Data Breach Intelligence Report, and they are going after information on Facebook that can be used to humiliate a person. All types of attackers have their own techniques."
http://www.scmogazineuk.com
Copyright by EG-G*ancil. All Rights Reserved. Reproduction Is Strictly Prohibited.
am us u ii
S e c u r ity N e w s F a c e b o o k a ,t r e a s u r e t r o v e o f P e r s o n a l l y I d e n t i f i a b l e In fo r m a tio n
Source: h ttp ://w w w .scm a ga zin e uk.co m Facebook contains a "treasure tro v e " o f p erson a lly id e n tifia b le in fo rm a tio n th a t hackers manage to get th e ir hands on. A re p o rt by Im perva revealed th a t users' "general personal in fo rm a tio n " can o fte n include a date o f b irth , hom e address and som etim es m o the r's m aiden name, a llow ing hackers to access this and o th e r w ebsites and applications and create targe te d spearphishing campaigns. It detailed a concept I call "frie n d -m a p p in g ", w here an a ttacker can get fu rth e r know ledge o f a user's circle o f friends; having accessed th e ir account and posing as a tru ste d frie n d, th e y can cause m ayhem . This can include requesting the tra n sfe r o f funds and e xto rtio n . Asked w hy Facebook is so im p o rta n t to hackers, Im perva se nior se curity strategist Noa BarYosef said: People also add w o rk friends on Facebook so a team leader can be id e n tifie d and this can lead to co rp orate data being accessed, p ro ject w o rk being discussed openly, w hile geolocation data can be detailed fo r m ilita ry intelligence."
"H acktivism made up 58 per cent o f attacks in the V erizon Data Breach Inte llige n ce R eport, and th e y are going a fte r in fo rm a tio n on Facebook th a t can be used to h um ilia te a person. All types o f attackers have th e ir own techniques." On how attackers get a password in the firs t place, Imperva claim ed th a t d iffe re n t keyloggers are used, w hile phishing kits th a t create a fake Facebook login page have been seen, and a m ore p rim itive m ethod is a brute force attack, w here the a ttacker repeatedly a tte m p ts to guess the user's password. In m ore extrem e cases, a Facebook a d m in is tra to rs rights can be accessed. A lthough it said th a t this requires m ore e ffo rt on the hacker side and is n ot as prevalent, it is the "h o ly g ra il" o f attacks as it provides the hacker w ith data on all users. On p ro te ctio n , Bar-Yosef said the ro ll-o u t o f SSL across the w h o le w ebsite, ra the r than ju s t at the login page, was effective, b ut users still needed to o p t in to this.
By Dan Raywood
h t t p : / / w w w . s c m a g a z i n e . c o m . a u / F e a t u r e / 2 6 5 0 6 5 , d ig i t i a l - i n v e s t i g a t i o n s - h a v e - m a t u r e d . a s p x
M o d u le
O b je c t iv e s
C E H
J J J J
F o o tp r in tin g T e rm in o lo g y W h a t Is F o o tp r in tin g ? O b je c tiv e s o f F o o tp r in tin g F o o tp r in tin g T h re a ts
J J J J
W H O IS F o o tp r in tin g DNS F o o tp r in tin g N e tw o r k F o o tp r in tin g F o o tp r in tin g th r o u g h S ocial E n g in e e rin g
W
J J J J W e b s ite F o o tp r in tin g E m a il F o o tp r in tin g C o m p e titiv e In te llig e n c e F o o tp r in tin g U s in g G o o g le
F o o tp r in tin g th r o u g h S ocial N e tw o r k in g S ites
J J J
F o o tp r in tin g T ools F o o tp r in tin g C o u n te rm e a s u re s F o o tp r in tin g P en T e s tin g
Copyright by EC-G*ancil. All Rights Reserved. Reproduction is Strictly Prohibited.
t t t f
M o d u le
O b je c tiv e s
This m odule w ill make you fam iliarize w ith th e follo w in g : e e e F o otp rin tin g Term inologies W h a t Is Footprinting? O bjectives o f F o otp rin tin g F o otp rin tin g Threats F ootp rin tin g throu g h Search Engines W ebsite F ootprinting Email F o otp rin tin g C om petitive Intelligence F o otp rin tin g Using Google WHOIS F o otp rin tin g DNS F o otp rin tin g N e tw o rk F o otp rin tin g F o otp rin tin g throu g h Social Engineering F o otp rin tin g throu g h Social N etw orking Sites F o otp rin tin g Tools F o otp rin tin g Counterm easures F o otp rin tin g Pen Testing
M o d u le 0 2 P ag e 9 5
M o d u le
F lo w
Ethical hacking is legal hacking conducted by a p en e tratio n te ste r in o rd er to evaluate the security o f an IT in fra s tru c tu re w ith the perm ission o f an organization. The concept o f ethical hacking cannot be explained or cannot be p erform ed in a single step; th e re fo re , it has been divided in to several steps. F o otp rin tin g is the firs t step in ethical hacking, w here an a ttacker trie s to gather in fo rm a tio n abo u t a target. To help you b e tte r und e rstan d fo o tp rin tin g , it has been d istrib u te d into various sections:
Xj
F o o tp rin tin g Concepts
[|EJ
F o o tp rin tin g Tools
F o o tp rin tin g Threats
Fo o tPr in t' ng C ounterm easures
C J
F o o tp rin tin g M e th o d o lo g y
F o o tp rin tin g P e n e tra tio n Testing
The F o o tp rin tin g Concepts section fam iliarizes you w ith fo o tp rin tin g , fo o tp rin tin g term in o lo g y, w hy fo o tp rin tin g is necessary, and th e objectives o f fo o tp rin tin g .
F o o t p r in t in g T e r m in o lo g y
CEH
Open Source or Passive Information Gathering

Collect inform ation about a target from the publicly accessible sources
Active Information Gathering

Gather inform ation through social engineering on-site visits, interviews, and questionnaires
Anonymous Footprinting
Gather inform ation from sources where the au thor o f the info rm atio n cannot be identified or traced
Pseudonymous Footprinting
Collect inform ation that might be published under a diffe ren t name in an attem pt to preserve privacy
Organizational or Private Footprinting

Collect inform ation from an organization's web-based calendar and em ail services
Internet Footprinting
Collect inform ation about a target from the Internet
OO ooo
O O
F o o tp r in tin g
T e r m in o lo g y
Before going deep in to the concept, it is im p o rta n t to know th e basic te rm in o lo g y used in fo o tp rin tin g . These term s help you understand the concept o f fo o tp rin tin g and its structures. O p e n S o u rc e o r P a s s iv e I n f o r m a t io n G a t h e r in g Open source or passive in fo rm a tio n gathering is the easiest way to collect in fo rm a tio n about the ta rg e t organization. It refers to the process o f gathering in fo rm a tio n fro m the open sources, i.e., publicly available sources. This requires no d ire ct contact w ith the ta rg e t o rg an iza tion . Open sources may include newspapers, television, social n e tw o rkin g sites, blogs, etc. Using these, you can gather in fo rm a tio n such as n e tw o rk boundaries, IP address reachable via the Inte rn e t, operating systems, w eb server so ftw a re used by the ta rg e t n etw o rk, TCP and UDP services in each system, access co n tro l mechanisms, system architecture, in tru sion d etection systems, and so on. A c tiv e I n f o r m a t io n G a th e r in g In active in fo rm a tio n gathering, process attackers m ainly focus on the em ployees o f
!,n 'nVn'nVI
th e ta rg e t organization. Attackers try to e xtract in fo rm a tio n fro m the em ployees by conducting social engineering: on-site visits, interview s, questionnaires, etc. A n o n y m o u s F o o tp r in tin g This refers to the process o f collecting in fo rm a tio n fro m sources anonym ously so th a t yo ur e ffo rts cannot be traced back to you. < i P s e u d o n y m o u s F o o t p r i n t i n g Pseudonymous fo o tp rin tin g refers to the process o f collecting in fo rm a tio n fro m the sources th a t have been published on the In te rn e t b ut is n ot d ire ctly linked to the a u th o r's nam e. The in fo rm a tio n may be published under a d iffe re n t name or the a u th o r may have a w ell-established pen name, or the a u th o r may be a co rp orate or gove rn m e n t official and be p ro h ib ite d fro m posting under his or her original nam e. Irrespective o f the reason fo r hiding the a uth or's name, collecting in fo rm a tio n fro m such sources is called pseudonym ous. r *s O r g a n iz a t io n a l o r P r iv a te F o o t p r in t in g Private f o o tp r in t" " in g involves collecting in fo rm a tio n fro m an organization's w e b based calendar and em ail services. | | I n te r n e t F o o tp r in tin g In te rn e t fo o tp rin tin g refers to the process o f collecting in fo rm a tio n o f th e ta rg e t organization's connections to the Internet.
V t 4 THI 4
4
h a t I s
F o o t p r in t in g ?
F o o tp r in tin g is th e p ro c e s s o f c o lle c tin g as m u c h in fo r m a t io n as p o s s ib le a b o u t a ta r g e t n e tw o r k , f o r id e n tify in g v a rio u s w a y s to in tr u d e in to an o r g a n iz a tio n 's n e t w o r k s y s te m
Process involved in Footprinting a Target
Collect basic in fo rm a tio n about th e target and its n e tw o rk
D eterm ine th e op eratin g system used, pla tfo rm s running , w eb server versions, etc.
P erform techniques such as W hois, DNS, n e tw o rk and organizational queries
di i iH a
a f, a a
Find vuln e ra b ilitie s and exploits fo r launching attacks
W h a t Is F o o tp r in tin g ? F o otprinting, the firs t step in ethical hacking, refers to the process o f collecting in fo rm a tio n about a ta rg e t n e tw o rk and its environ m e n t. Using fo o tp rin tin g you can find various ways to in tru d e in to th e ta rg e t organization's n e tw o rk system. It is considered m e th o d o lo g ic a l" because critical in fo rm a tio n is sought based on a previous discovery. Once you begin the fo o tp rin tin g process in a m ethodological m anner, you w ill obtain the b lu e p rin t o f the security p ro file o f the ta rg e t organization. Here the te rm "b lu e p rin t" is used because the result th a t you get at the end o f fo o tp rin tin g refers to the unique system p ro file of the ta rg e t organization. There is no single m etho d olog y fo r fo o tp rin tin g as you can trace in fo rm a tio n in several routes. However, this a ctivity is im p o rta n t as all crucial in fo rm a tio n needs to be gathered before you begin hacking. Hence, you should carry o u t the fo o tp rin tin g precisely and in an organized m anner. You can collect in fo rm a tio n about the ta rg e t organization throu g h the means o f fo o tp rin tin g in fo u r steps: 1. 2. Collect basic in fo rm a tio n about the ta rg e t and its n e tw o rk D eterm ine the operating system used, p latform s running, w eb server versions, etc.
3. 4.
Perform techniques such as W hois, DNS, n e tw o rk and organizational queries Find vu ln era b ilitie s and exploits fo r launching attacks
F urtherm ore, we w ill discuss how to collect basic in fo rm a tio n , d e te rm in e ope ra tin g system o f ta rg e t co m puter, p la tfo rm s running, and w eb server versions, various m ethods o f fo o tp rin tin g , and how to find and e x p lo it v u ln e ra b ilitie s in detail.
h y
F o o t p r in t in g ?
C E H
Urti*W itkM l lUckw
I'n'n'r'n'n'
W h y F o o tp r in tin g ? For attackers to build a hacking strategy, th e y need to gather in fo rm a tio n about the
ta rg e t organization's n etw o rk, so th a t th e y can find the easiest way to break in to the o rg a n iza tio n 's se curity p e rim e te r. As m en tion e d previously, fo o tp rin tin g is the easiest way to gather in fo rm a tio n abo u t the ta rg e t organization; this plays a vital role in the hacking process. F o o tp rin tin g helps to : K now S ecurity Posture
P erform ing fo o tp rin tin g on the ta rg e t organization in a system atic and m ethodical m anner gives the com plete p ro file o f the organization's security posture. You can analyze this re p o rt to figure o u t loopholes in the security posture o f yo u r ta rg e t organization and the n you can build y o u r hacking plan accordingly. Reduce A tta ck Area
By using a com bination o f too ls and techniques, attackers can take an unknow n e n tity (for exam ple XYZ O rganization) and reduce it to a specific range o f dom ain names, n e tw o rk blocks, and individual IP addresses o f systems d ire ctly connected to the Inte rn e t, as w ell as m any o th e r details pertaining to its se curity posture. Build In fo rm a tio n Database
M o d u le 0 2 P ag e 102 Ethical H acking a n d C o u n te rm e a s u re s C opyright by EC-C0UnCil All Rights R eserved. R ep ro d u ctio n is Strictly P ro h ib ite d .
A detailed
fo o tp rin t
provides
m axim um
in fo rm a tio n
about the
ta rg e t organization.
A ttackers can build th e ir ow n in fo rm a tio n database about security weakness o f the targe t organization. This database can then be analyzed to find the easiest way to break in to the organization's security p erim eter. D raw N e tw o rk M ap
C om bining fo o tp rin tin g techniques w ith too ls such as Tracert allows the a ttacker to create n e tw o rk diagrams o f the ta rg e t organization's n e tw o rk presence. This n e tw o rk map represents th e ir understanding o f the ta rg e ts In te rn e t fo o tp rin t. These n e tw o rk diagrams can guide the attack.
O b je c t iv e s
o f F o o t p r in t in g
C E H
0 0 0 0
Domain name Internal domain names Network blocks IP addresses of the reachable systems Rogue websites/private websites TCP and UDP services running Access control Mechanisms and ACL's
-* Networking protocols 0 0 0 0 0 tf VPN Points ACLs IDSes running Analog/digital telephone numbers Authentication mechanisms System Enumeration
Collect Network Information
0 0 0
U s e r a n d g ro u p n a m e s S y ste m b a n n e rs R o u tin g ta b le s S N M P in fo r m a tio n
S y ste m a rc h ite c tu re R e m o te s y ste m ty p e S y ste m n a m e s P a s s w o rd s
1v
Collect System Information
0 0 0
Employee details Organization's website Company directory Location details Address and phone numbers
0 0 0 0 0
Comments in HTML source code Security policies implemented Web server links relevant to the organization Background of the organization News articles/press releases
Collect Organizations Information
0 0
O b je c tiv e s o f F o o t p r in t in g The in fo rm a tio n , m ajor system objectives o f fo o tp rin tin g and the include collecting the ta rg e t's n e tw o rk o ut
in fo rm a tio n ,
organizational
in fo rm a tio n .
By carrying
fo o tp rin tin g at various n e tw o rk levels, you can gain in fo rm a tio n such as: n e tw o rk blocks, n e tw o rk services and applications, system a rchitecture, intrusion d ete ction systems, specific IP addresses, and access co n tro l mechanisms. W ith fo o tp rin tin g , in fo rm a tio n such as em ployee names, phone num bers, contact addresses, designation, and w o rk experience, and so on can also be obtained. C o lle c t N e tw o r k I n f o r m a t io n The n e tw o rk in fo rm a tio n can be gathered by p erfo rm ing a W hois database analysis, trace ro u tin g , etc. includes: Q Q Q - Domain name Internal dom ain names N e tw o rk blocks IP addresses o f the reachable systems Rogue w e b site s/p riva te w ebsites
Ethical H acking a n d C o u n te rm e a s u re s C opyright by EC-COUIICil All Rights R eserved. R ep ro d u ctio n is Strictly P ro h ib ite d .
Ethical H acking a n d C o u n te rm e a s u re s F o o tp rin tin g a n d R e c o n n a issa n c e
Q Q 9
TCP and UDP services running Access co n tro l mechanisms and ACLs N e tw orking protocols VPN points ACLs IDSes running A na lo g /d ig ita l telephone num bers A u th e n tica tio n mechanisms System e nu m eration
C o lle c t S y s te m I n f o r m a t io n
Q Q Q Q Q
User and group names System banners Routing tables SNMP in fo rm a tio n System arch itectu re Remote system type System names Passwords
C o lle c t O r g a n iz a t io n s I n f o r m a t io n Q Q Q Q Q Q Q Q U Employee details O rganization's w ebsite Company d ire cto ry Location details Address and phone num bers Com m ents in HTML source code Security policies im p lem ented W eb server links relevant to the organization Background o f the organization News articles/press releases
Ethical H acking a n d C o u n te rm e a s u re s C opyright by EC-C0UltCil All Rights R eserved. R ep ro d u ctio n is Strictly P ro h ib ite d .
M o d u le
F lo w
So far, we discussed fo o tp rin tin g concepts, and now we w ill discuss the threa ts associated w ith fo o tp rin tin g :
o F o o tp rin tin g Threats
F o o tp rin tin g C ounterm easures
O L)
xi ?*
The F ootp rin tin g Threats section fam iliarizes you w ith the threa ts associated w ith fo o tp rin tin g such as social engineering, system and n e tw o rk attacks, corporate espionage, etc.
T h r e a ts
A tta c k e rs g a th e r v a lu a b le s y s te m a n d n e tw o r k in fo r m a t io n su ch as a c c o u n t d e ta ils , o p e r a tin g s y s te m a n d in s ta lle d a p p lic a tio n s , n e tw o r k c o m p o n e n ts , s e rv e r n a m e s , d a ta b a s e s c h e m a d e ta ils , e tc . fr o m f o o t p r in t in g te c h n iq u e s
Types off T h re a ts
I n f o r m a t io n L e a ka g e
P riv a c y Loss
C o rp o ra te E s p io n a g e
B u s in e s s Loss
J .
Copyright by EG-G*ancil. All Rights Reserved. Reproduction is Strictly Prohibited.
F o o tp r in tin g -0-
T h re a ts
As discussed previously, attackers p erfo rm fo o tp rin tin g as the firs t step in an a tte m p t to hack a ta rg e t o rg an iza tion . In the fo o tp rin tin g phase, attackers try to collect valuable system level in fo rm a tio n such as account details, operating system and o th e r so ftw a re versions, server names, and database schema details th a t w ill be useful in the hacking process. The fo llo w in g are various threa ts due to fo o tp rin tin g : S o c ia l E n g in e e r in g W ith o u t using any intrusion m ethods, hackers d ire ctly and in d ire ctly collect
in fo rm a tio n throu g h persuasion and various o th e r means. Here, crucial in fo rm a tio n is gathered by th e hackers throu g h em ployees w ith o u t th e ir consent. S y s te m a n d N e tw o r k A tta c k s F ootp rin tin g helps an a ttacker to p erfo rm system and n e tw o rk attacks. Through fo o tp rin tin g , a ttackers can g ath er in fo rm a tio n related to the ta rg e t organization's system co nfig u ra tion , operating system running on the m achine, and so on. Using this in fo rm a tio n , attackers can find the vu ln era b ilitie s present in the ta rg e t system and then can exploit those
M o d u le 02 P ag e 107
v u ln e ra b ilitie s . Thus, attackers can take co ntro l over a ta rg e t system. Sim ilarly, attackers can also take co n tro l over the e ntire n etw o rk. p a , & In fo r m a tio n L e a k a g e In fo rm a tio n leakage can be a great th re a t to any organization and is o fte n overlooked.
L 3 3
If sensitive organizational in fo rm a tio n falls in to the hands o f attackers, then th e y can build an attack plan based on the in fo rm a tio n , o r use it fo r m o n e ta ry benefits. G P P r iv a c y L
o s s
W ith the help o f fo o tp rin tin g , hackers are able to access the systems and netw orks o f
the com pany and even escalate the privileges up to adm in levels. W h a te ve r privacy was m aintained by the com pany is co m p lete ly lost. C o r p o r a t e E s p io n a g e C orporate espionage is one o f the m ajor threa ts to com panies as co m p e tito rs can spy and a tte m p t to steal sensitive data th ro u g h fo o tp rin tin g . Due to this type o f espionage, co m p e tito rs are able to launch sim ilar products in the m arket, affecting the m arket position o f a com pany. B u s in e s s L o s s F o otp rin tin g has a m ajor e ffe ct on businesses such as online businesses and o th e r ecom m erce w ebsites, banking and financial related businesses, etc. Billions o f dollars are lost every year due to m alicious attacks by hackers.
M o d u le
F lo w
Now th a t you are fa m ilia r w ith fo o tp rin tin g concepts and threats, we w ill discuss the fo o tp rin tin g m ethodology. The fo o tp rin tin g m e thodology section discusses various techniques used to collect in fo rm a tio n about the ta rg e t o rg a n iza tio n fro m d iffe re n t sources.
F o o tp rin tin g Threats
F o o tp rin tin g C ounterm easures
G O
v!
F o o t p r in t in g M e t h o d o lo g y
E H
Footprinting through Search Engines Website Footprinting
WHOIS Footprinting
DNS Footprinting
Email Footprinting
Network Footprinting Footprinting through Social Engineering Footprinting through Social Networking Sites
Competitive Intelligence
Footprinting using Google
I ^ F o o tp r in tin g M e th o d o lo g y
The fo o tp rin tin g m etho d olog y is a procedural way o f co lle ctin g in fo rm a tio n about a ta rg e t organization fro m all available sources. It deals w ith gathering in fo rm a tio n abo u t a targe t organization, d e te rm in in g URL, location, establishm ent details, num ber o f em ployees, the specific range o f dom ain names, and contact in fo rm a tio n . This in fo rm a tio n can be gathered fro m various sources such as search engines, W hois databases, etc. Search engines are the main in fo rm a tio n sources w here you can find valuable in fo rm a tio n about y o u r ta rg e t o rg an iza tion . Therefore, firs t we w ill discuss fo o tp rin tin g throu g h search engines. Here we are going to discuss how and w h a t in fo rm a tio n we can collect throu g h search engines. Examples o f search engines include: w w w .g o o g le .c o m ,w w w .y a h o o .c o m ,w w w .bing.com
F o o tp r in tin g E n g in e s
th ro u g h
S e a rc h
A tta cke rs use search e n gines to e x tra c t in fo rm a tio n a b o u t a ta r g e t such as te c h n o lo g y p la tfo rm s , e m p lo y e e de ta ils, login pages, in tra n e t p o rta ls , etc. w h ic h helps in p e rfo rm in g social e n g in e e rin g and o th e r ty p e s o f ad vanced system a ttacks
ndP >bur*, A jn4 1V: nth Microsoft 0aM us !*> > **rcicspthi Mciim*Cxivxaco M C .rr 1 nmAnmw M CDM Tzerperator
M icrosoft
i1 m :a miiwm 1yw < nwm M iM S O O S< 1 1 Mr* & IIMl tv|h *tiV .row *Midm Int 3 1aptntnj
11b M -n a r'MI* 1h ehut tot crtM da nM m jMhiM trfQ ur* *rtV /Kti *1m M arot* >* S nc. in 1*101 11 < p n u > V' tnw -* a n s*
Search e n g in e cache m a y p ro v id e s e n s itiv e in fo rm a tio n th a t has been re m o v e d fro m th e W o rld W id e W eb (W W W )
F o o tp r in tin g th r o u g h
w , -----
S e a r c h E n g in e s
A w eb search engine is designed to search fo r in fo rm a tio n on the W orld W ide W eb. The search results are generally presented in a line o f results o fte n referred to as search engine results pages (SERPs). In the present w o rld , many search engines a llo w you to e xtract a ta rg e t organization's in fo rm a tio n such as technology platform s, em ployee details, login pages, in tra n e t portals, and so on. Using this in fo rm a tio n , an a ttacker may build a hacking stra teg y to break in to the ta rg e t organization's n e tw o rk and may carry o u t o th e r types o f advanced system attacks. A Google search could reveal submissions to forum s by security personnel th a t reveal brands o f fire w a lls or a n tiviru s s o ftw a re in use at the target. Som etim es even n e tw o rk diagrams are fou n d th a t can guide an attack. If you w a n t to fo o tp rin t the ta rg e t organization, fo r exam ple XYZ pvt ltd, the n type XYZ pvt ltd in the Search box o f the search engine and press Enter. This w ill display all the search results containing the keywords "XYZ pvt ltd ." You can even n arro w dow n the results by adding a specific keyw ord w h ile searching. Furtherm ore, we w ill discuss o th e r fo o tp rin tin g tech n iq ue s such as w ebsite fo o tp rin tin g and em ail Footprinting. For exam ple, consider an organization, perhaps M icroso ft. Type M icro so ft in the Search box o f a search engine and press Enter; this w ill display all the results containing in fo rm a tio n about M icroso ft. Browsing the results may provide critical in fo rm a tio n such as physical lo ca tion ,
co nta ct address, the services o ffered, n um ber o f em ployees, etc. th a t may prove to be a valuable source fo r hacking.
O wcbcachc.googleusercontent.com
scarch?q-cache:ARbFVg INvoJ:cn.wikipcdia.org/wiki/Micn &
,|
This is Google's cache of http i/e n wikipedia 0 rgAviki/Microsoft t is a snapshot of the page as it appeared on 17 Jul 2012 13:15:03 GMT The current page could have changed in the meantirre Learn more Text-only /ersicn
Create account & Log in
Read
View source
View history
Microsoft
From Wikipedia. the free encyclopedia - 47'38*22 55N 12274242W Main page Contents Featured content Current events Random artide Donate to vviKipeaia Interaction
Microsoft Corporation (NASDAQ: MSFTt? ) is ar American multinational corporation headquartered n ReJrrond. Washington. United States that develops, manufactures licenses, and supports a wide range cf products ard services rolatod to computing. Tho company was foundoc by Bill Gatos and Paul Allen on Apr J 4. 1975. Microsoft is the world's largest software corporation measured by revenues Microsoft was established to develop and sell BASC inteipieteis foi the Altai! 8800 II rose 1 0 dominate the home computer operating system market wth MS-OOS n the mid 1980s followed by the Microsoft Wndows line of operating systems The companys 1986 initial public oferng. and subsequent rise in the share price, created ar estimated three billionaires and 12.000 millionaires from Microsoft employees Since the 1990s. the company has increasingly dr\ersrf1 ed from the operating system market. In May 2011 Microsoft acquired Skype for $8 5 billion in its largest acquisition to date PI
M icro so rt corporation M
Type Traded as
ic r o s o f t
Rjblc NASDAQ: MSFT ^ SEHK: 4333 ( > Cow Jones Industrial Average component NASDAQ-100 component S&P50D component Computer tofiwar Onlir t#rvic Video gorroo Albuquerque, New Mexico, United States (April 4,1975) Bill Gates, Paul Alien
Help
About Wikipedia Community portal Recent changes Contact Wikipedia
Induttry
Founded Founder()
Print/export Languages
Headquarters Microsoft Redmond Campts,
FIGURE 2 .1 : S c re e n s h o t s h o w in g in fo r m a tio n a b o u t M ic ro s o ft
As an ethical hacker, if you find any sensitive in fo rm a tio n o f yo u r com pany in the search engine result pages, you should rem ove th a t in fo rm a tio n . A lthough you rem ove the sensitive in fo rm a tio n , it may still be available in a search engine cache. Therefore, you should also check the search engine cache to ensure th a t the sensitive data is rem oved p e rm a n e n tly.
F in d in g
C o m p a n y s E x t e r n a l a n d C E H
In te rn a l U R L s
Search fo r th e ta rg e t com pany's exte rna l URL in a search engine such as Google o r Bing Interna l URLs pro v id e an in sig h t in to d iffe re n t d e p a rtm e n ts and business u n its in an organization You m ay fin d an in te rn a l com pany's URL by tria l and e rro r m e th o d 5 6
Tools to Search Internal URLs

h ttp ://n e w s .n e tc ra ft.c o m h ttp ://w w w .w e b m a ste r-a .c o m / lin k -e x tra c to r-in te rn a l.p h p
A
Internal URLs of microsoft.com
t) e s 0 su p p o rt.m ic ro so ft.c o m o ffic e .m ic ro so ft.c o m se a rc h .m ic ro so ft.c o m m sd n .m ic ro so ft.c o m
O u p d a te .m ic ro so ft.co m 6 0 tech n et.m ic ro so ft.co m w in d o w s.m icro so ft.co m
f j ^
Copyright by EG-G(IIIICil. All Rights Reserved. Reproduction is Strictly Prohibited.
F in d in g
C o m p a n y s E x te rn a l a n d In te r n a l U R L s
A com pany's external and internal URLs provide a lo t o f useful in fo rm a tio n to the attacker. These URLs describe the com pany and provide details such as the com pany mission and vision, history, products or services o ffered, etc. The URL th a t is used o u tsid e th e co rp o ra te n e tw o rk fo r accessing the com pany's vault server via a fire w a ll is called an external URL. It links d ire ctly to the com pany's external w eb page. The ta rg e t com pany's external URL can be dete rm ine d w ith the help o f search engines such as Google o r Bing. If you w a n t to find the external URL o f a com pany, fo llo w these steps: 1. 2. Open any o f the search engines, such as Google or Bing. Type th e name o f the ta rg e t com pany in the Search box and press Enter.
The in terna l URL is used fo r accessing the com pany's va ult server d ire ctly inside th e corporate n etw o rk. The in terna l URL helps to access the internal fun ctio ns o f a com pany. M ost companies use com m on fo rm a ts fo r in terna l URLs. Therefore, if you know th e e xte rn a l URL o f a com pany, you can p redict an in terna l URL throu g h tria l and error. These in terna l URLs provide insight into d iffe re n t d ep a rtm e nts and business units in an organization. You can also find the in terna l URLs o f an organization using tools such as netcraft. Tools to Search In te rn a l URLs
N e tc ra ft Source: h ttp ://n e w s .n e tc ra ft.c o m N e tcra ft deals w ith w eb server, w eb hosting m arke t-sh are analysis, and operating system d ete ction . It provides free anti-phishing to o lb a r (Net cra ft to o lb a r) fo r Firefox as w ell as In te rn e t Explorer browsers. The n etcra ft to o lb a r avoids phishing attacks and p rotects the In te rn e t users fro m fraudsters. It checks th e risk rate as w ell as the hosting location o f the w ebsites we visit. L in k E x tra c to r Source: h ttp ://w w w .w e b m a s te r-a .c o m /lin k -e x tra c to r-in te rn a l.p h p Link E xtractor is a link extraction u tility th a t allows you to choose betw een external and internal URLs, and w ill re turn a plain list o f URLs linked to or an h tm l list. You can use this u tility to c o m p e tito r sites. Examples o f in te rn a l URLs o f m icro so ft.co m : su pp o rt.m icro so ft.co m o ffice .m icroso ft.co m search.m icrosoft.com m sdn.m icrosoft.com u pd ate.m icrosoft.com tech n e t.m icro so ft.co m w in d ow s.m icro so ft.co m
P u b lic a n d R e s t r ic t e d W e b s it e s
C E H
Urt1fw4 ilh iu l lUtbM
W e lc o m etoM ic ro s o ft
Irocua
D t+ n o a S z
Sicuity S tifpcrt Su
http://www.microsoft.com
http://offlce.microsoft.com
http://answers.microsoft.com
Public Website
R estricted Website
P u b lic
a n d R e s t r ic t e d W e b s ite s
___ , A public w ebsite is a w ebsite designed to show the presence o f an organization on the Inte rn e t. It is designed to a ttra c t custom ers and p artners. It contains in fo rm a tio n such as com pany history, services and products, and contact in fo rm a tio n o f the organization. The fo llo w in g screenshot is an exam ple o f a public w ebsite: Source: h ttp ://w w w .m ic ro s o ft.c o m
FIGURE 2 .2 : A n e x a m p le o f p u b lic w e b s ite
A restricted w ebsite is a w ebsite th a t is available to only a fe w people. The people may be em ployees o f an organization, m em bers o f a d ep a rtm e n t, etc. R estrictions can be applied based on the IP num ber, dom ain or subnet, username, and password. Restricted or private w ebsites of m icrosoft.com include: h ttp ://te c h n e t.m ic ro s o ft.c o m , h ttp ://w in d o w s .m ic ro s o ft.c o m , h ttp ://o ffic e .m ic ro s o ft.c o m , and h ttp ://a n s w e rs .m ic ro s o ft.c o m .
Hc*w*OT*<r10U0*n
M icrosoft | TechNet
Wi* I TKMCINfMS IVMUAIIOM iMMI fVINIl IK .< * < % Supl**' <
U*VKTU*I%
IKHM lM kOC
Discover the New Office for IT Prc

|(4a> tNcr I Tc<Cmer Ntw Office 10*IT*tot I V^* < jq *o Se 0*Ve X i l n t e w *0* iecK ew r Shw1ew1 1 > IW ftM T IjcMno W I *o IK *er bcneJO Il
E ZESZ1
N BO U n
lUMOtt
W ACtt
U V f jm
M W .0*01
Welcome to Office
F - .
ML
with Office
365
FIGURE 2 .3 : E xam p le s o f P u b lic a n d R e s tric te d w e b s ite s
o lle c t
L o c a tio n
I n f o r m
a t io n
C E H
Use Google Earth tool to get the location of the place
C o lle c t L o c a tio n I n f o r m a t io n In fo rm a tio n such as physical location o f the organization plays a vital role in the hacking process. This in fo rm a tio n can be obtained using the fo o tp rin tin g technique. In a ddition to physical location, we can also collect in fo rm a tio n such as surrounding public Wi-Fi hotspots th a t may prove to be a way to break in to th e ta rg e t o rg a n iza tio n 's n e tw o rk . A ttackers w ith the know ledge o f a ta rg e t organization's location may a tte m p t d um pste r diving, surveillance, social engineering, and o th e r non-technical attacks to gather much m ore in fo rm a tio n abo u t the ta rg e t organization. Once the location o f the ta rg e t is know n, detailed sa tellite images o f the location can be obtained using various sources available on the In te rn e t such as h ttp ://w w w .g o o g le .c o m /e a rth and h ttp s://m a p s.g o o g le .co m . A ttackers can use this in fo rm a tio n to gain u n a u th o rize d access to buildings, w ired and wireless netw orks, systems, and so on. Exam ple: earth .g oo g le.co m Google Earth is a valuable to o l fo r hacking th a t allows you to fin d a location, point, and zoom in to th a t location to explore. You can even access 3D images th a t depict m ost o f the Earth in high-resolution detail.
* Pldcwe U, PI0C63 C farperar/Phcej
* *
* Liytit
S 0 5
O S fto*
Je
Q > flrw r1cvyec
* HrBcrln < rdL ateti Q 0 1 1 c o **
O BuMngo t '* :troct > os v
& D t
5. 0
v O D C v iA w irv rw v t F taeeeofiw rroit M o B fcffim FIGURE 2 .4 : G o o g le E arth s h o w in g lo c a tio n
OflHory
Exam ple: m aps.google.com Google Maps provides a S treet V iew fe a tu re th a t provides you w ith a series o f images o f building, as w ell as its surroundings, including WI-FI n e tw o rks. A ttackers may use Google Maps to find or locate entrances to buildings, security cameras, gates, places to hide, w eak spots in p e rim e te r fences, and u tility resources like e le ctricity connections, to measure distance betw een d iffe re n t objects, etc. C fi h ttp s 'm a p s .g o o g le .fc
You Starch Imago* Mall Oocuinont Calondai Shot ConUctt Map
=ssa
. \ l
Google
Gt ArtcM** My piac! A oo <
O m Okxh S*fchn#*rby S*vtom*p mor*
*port poC4m. U C * L*M H lp Ooogi Ue* M i: Ooo# rwim 0 1 Um * *
FIGURE 2 .5 : G o o g le M a p s s h o w in g a S tre e t V ie w
P e o p le
S e a r c h
C E H
In f o r m a t io n a b o u t a n in d iv id u a l c a n b e f o u n d a t v a r io u s p e o p le s e a rc h w e b s ite s
T h e p e o p le search re tu rn s th e fo llo w in g in fo rm a tio n a b o u t a p e rs o n : S Residential addresses and email addresses Contact numbers and date of birth Photos and social networking profiles Blog URLs
frfi
S Satellite pictures of private residencies
PP*
! i s
2 !;
ttje
O .I*
t a n C A .U w e * * < *U
http://w w w .spokeo.com
Copyright by EG-C*ancil. All Rights Reserved. Reproduction is Strictly Prohibited.
http://pipl.com
P e o p le
S e a rc h people's email
You can use the public record w ebsites to find in fo rm a tio n about
addresses, phone num bers, house addresses, and o th e r in fo rm a tio n . Using this in fo rm a tio n you can try to obtain bank details, cre d it card details, m obile num bers, past history, etc. There are m any people search online services available th a t help find people, h ttp ://p ip l.c o m and h ttp ://w w w .s p o k e o .c o m are examples o f people search services th a t a llow you to search fo r the people w ith th e ir name, em ail, username, phone, or address. These people search services m ay p ro vid e in fo rm a tio n such as: Q O Q Residential addresses and em ail addresses Contact num bers and date o f b irth Photos and social n e tw o rkin g profiles Blog URLs Satellite pictures o f p riva te residences
E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s F o o t p r in t in g a n d R e c o n n a is s a n c e
Exam
312-50 C e r t i f i e d
E t h ic a l H a c k e r
People Search Online Services C E H

M
M %
Zaba Search
http://www.zabasearch.com
123 People Search

http://www.123people, com
Zoomlnfo
http://www.zoominfo.com
PeekYou
http://www.peekyou.com
W ink People Search

http://wink.com
Intelius
http://www.intelius.com
AnyW ho
http://www.anywho.com
PeopleSmart
&
m o I P V / > J
http://www.peoplesmart.com
People Lookup
S
WhitePages
http://www.whitepages.com
https://www.peoplelookup.com
.3 ;
P e o p le
S e a r c h
n l i n e
S e r v ic e s in fo rm a tio n
A t p r e s e n t, m a n y I n t e r n e t u s e rs a re u s in g p e o p le s e a rc h e n g in e s t o fin d
a b o u t o t h e r p e o p le . M o s t o fte n p e o p le s e a rc h e n g in e s p ro v id e p e o p le 's n a m e s , a d d re s s e s , a n d c o n ta c t d e ta ils . S o m e does, b u s in e s s e s p e o p le by a se a rc h e n g in e s m ay a ls o reveal th e ty p e o f w o rk an in d iv id u a l m o b ile
owned
p e rs o n ,
c o n ta c t
n u m b e rs,
com pany
e m a il
a d d re ss e s ,
n u m b e r s , fa x n u m b e r s , d a te s o f b ir t h , p e r s o n a l - m a il a d d re s s e s , e tc . T h is i n f o r m a t i o n p r o v e s t o b e h ig h ly b e n e fic ia l f o r a tta c k e r s t o la u n c h a tta c k s . S o m e o f t h e p e o p le s e a rc h e n g in e s a re lis te d as f o llo w s :
Z a b a
S e a r c h
S o u rce : h ttp ://w w w .z a b a s e a rc h .c o m Zaba S e a rch is a p e o p le s e a rch e n g in e th a t in t h e p ro v id e s in fo rm a tio n such as a d d re ss, phone b y th e ir
n u m b e r , c u r r e n t lo c a tio n , e tc . o f p e o p le name.
US. It a llo w s y o u t o s e a r c h f o r p e o p l e
Z o o m ln f o S o u rce : h ttp ://w w w .z o o m in fo .c o m
M o d u le
02 P a g e 122
E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s C o p y r ig h t b y E C -C
0U n C il
A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d .
Exam
312-50 C e r t i f i e d
Zoom
I n f o is a b u s i n e s s p e o p l e d i r e c t o r y u s i n g w h i c h y o u c a n f i n d p ro file s , b io g ra p h ie s , w o r k h is to rie s , a ffilia tio n s ,
b u s in e s s c o n ta c ts , p e o p le 's e m p lo y e e p ro file s w ith
p ro fe s s io n a l
lin k s t o
v e rifie d c o n ta c t in fo rm a tio n , a n d m o re .
W _ E.
in k
P e o p le
S e a rc h
S o u rce : h ttp ://w in k .c o m W i n k P e o p l e S e a r c h is a p e o p l e s e a r c h e n g i n e t h a t p r o v i d e s i n f o r m a t i o n a b o u t p e o p l e b y n a m e a n d l o c a t io n . It g iv e s p h o n e n u m b e r , a d d r e s s , w e b s it e s , p h o t o s , w o r k , s c h o o l, e tc .
A n y W
h o
S o u rce : h ttp ://w w w .a n y w h o .c o m A n y W h o is a w e b s i t e t h a t h e l p s y o u f i n d in f o r m a t io n a b o u t p e o p le , t h e ir b u s in e s s e s , a n d t h e ir
l o c a t i o n s o n l i n e . W i t h t h e h e l p o f a p h o n e n u m b e r , y o u c a n g e t a ll t h e d e t a i l s o f a n i n d i v i d u a l .
P e o p le
L o o k u p
S o u rc e: h ttp s ://w w w .p e o p le lo o k u p .c o m P e o p l e L o o k u p is a p e o p l e s e a r c h e n g i n e t h a t a l l o w s y o u t o f i n d , l o c a t e , a n d t h e n c o n n e c t w i t h p e o p l e . It a ls o a llo w s y o u t o lo o k u p a p h o n e n u m b e r , s e a rc h f o r c e ll n u m b e r s , f i n d a n a d d r e s s o r p h o n e n u m b e r , a n d s e a r c h f o r p e o p l e in t h e U S. T h is d a t a b a s e u s e s i n f o r m a t i o n f r o m re co rd s. p u b lic
1 2 3
P e o p le
S e a r c h
S ource: h t t p : / / w w w . 1 2 3 p e o p l e . c o m 123 P e o p le S e a rc h is a p e o p l e s e a rc h to o l th a t a llo w s y o u to fin d in fo rm a tio n such as p u b lic
re c o rd s , p h o n e n u m b e r s , a d d re s s e s , im a g e s , v id e o s , a n d e m a il a d d re s s e s .
P e e k Y o u S o u rce : h ttp ://w w w .p e e k y o u .c o m PeekYou is a p e o p le se a rc h e n g in e th a t a llo w s you to se a rch fo r p ro file s and c o n ta c t
i n f o r m a t i o n o f p e o p l e in I n d i a a n d c i t i e s ' t o p e m p l o y e r s a n d s c h o o l s . It a l l o w s y o u t o s e a r c h f o r th e p e o p le w ith th e ir n a m e s o r u s e rn a m e s .
I n t e liu s S o u rce : h ttp ://w w w .in te liu s .c o m I n t e l i u s is a p u b l i c r e c o r d s b u s i n e s s t h a t p r o v i d e s i n f o r m a t i o n s e r v i c e s . It a llo w s y o u t o s e a rc h
f o r t h e p e o p l e in U S w i t h t h e i r n a m e , a d d r e s s , p h o n e n u m b e r , o r e m a i l a d d r e s s .
M o d u le
02 P a g e 123
0U n C il
Exam
312-50 C e r t i f i e d
P e o p le S m a r t S o u rce : h ttp ://w w w .p e o p le s m a r t.c o m
P e o p l e S m a r t is a p e o p l e s e a r c h s e r v i c e t h a t a l l o w s y o u t o f i n d p e o p l e ' s w o r k i n f o r m a t i o n w i t h t h e i r n a m e , c i t y , a n d s t a t e . In a d d i t i o n , i t a l l o w s y o u t o s e a rc h e s , s e a rc h e s b y a d d re s s , a n d c o u n ty se a rch e s. p e rfo rm re ve rse p h o n e lo o k u p s , e m a il
M o d u le
02 P a g e 124
0U n C il
Exam
312-50 C e r t i f i e d
W h ite P a g e s S o u rce : h ttp ://w w w .w h ite p a g e s .c o m W h ite P a g e s is a p e o p l e se a rc h e n g in e th a t p ro v id e s in fo rm a tio n about p e o p le by nam e and
lo c a tio n . U s in g t h e p h o n e n u m b e r , y o u c a n f in d t h e p e r s o n 's a d d re s s .
M o d u le
02 P a g e 125
0U n C il
Exam
312-50 C e r t i f i e d
People SearchonSocial N etw orking Services
C E H
http://www.facebook. com r Google

ft R30er Feoerer
http://www.Iinkedin.com
mrtKbm IlH 1 ti t tIKSt B o 1
towpm 1*
I M S * http://twitter.com https://plus,google,com
P e o p le
S e a r c h
o n
S o c ia l
e t w
o r k i n g
S e r v ic e s
S e a r c h i n g f o r p e o p l e o n s o c i a l n e t w o r k i n g w e b s i t e s is e a s y . S o c i a l n e t w o r k i n g s e r v i c e s a re th e o n lin e s e rv ic e s , p la tfo rm s , or s ite s th a t fo c u s on fa c ilita tin g th e b u ild in g of s o c ia l
n e t w o r k s o r s o c i a l r e l a t i o n s a m o n g p e o p l e . T h e s e w e b s i t e s p r o v i d e i n f o r m a t i o n t h a t is p r o v i d e d b y u se rs. H e re , p e o p le a re d ir e c tly o r in d ir e c tly re la te d t o e a c h o th e r b y c o m m o n in te re s t, w o r k lo c a tio n , o r e d u c a tio n a l c o m m u n itie s , e tc . S o c ia l n e t w o r k i n g s ite s a l l o w a re u p d a te d in rea l tim e . and p e o p le t o s h a re in f o r m a t io n q u ic k ly a n d e f f e c tiv e ly as th e s e s ite s u p d a tin g fa c ts about u p c o m in g o r c u rr e n t e v e n ts , s ite s p ro v e rece n t to be a
It a llo w s
a n n o u n c e m e n ts
in v ita tio n s ,
and
so o n . T h e r e f o r e , s o c ia l
n e tw o rk in g
g re a t p la t f o r m f o r s e a rc h in g p e o p le a n d t h e ir r e la te d in fo r m a tio n . T h r o u g h p e o p le s e a rc h in g o n s o c i a l n e t w o r k i n g s e r v i c e s , y o u c a n g a t h e r c r it ic a l i n f o r m a t i o n t h a t w i l l b e h e l p f u l in p e r f o r m i n g s o c ia l e n g in e e r in g o r o t h e r k in d s o f a tta c k s . M a n y s o c ia l n e t w o r k i n g s ite s a llo w v is it o r s t o s e a rc h f o r p e o p le w i t h o u t r e g is t r a t io n ; t h is m a k e s p e o p le s e a r c h in g o n s o c ia l n e t w o r k i n g s ite s a n e a s y ta s k f o r y o u . Y o u c a n s e a rc h a p e r s o n u s in g n a m e , e m a i l , o r a d d r e s s . S o m e s i t e s a l l o w y o u t o c h e c k w h e t h e r a n a c c o u n t is c u r r e n t l y i n u s e o r n o t. T h is a llo w s y o u t o c h e c k t h e s ta tu s o f t h e p e r s o n y o u a re lo o k in g fo r. S o m e o f s o c ia l n e t w o r k i n g s e rv ic e s a re as f o llo w s :
M o d u le
02 P a g e 126
0U n C il
Exam
312-50 C e r t i f i e d
F a c e b o o k S o u rce : h ttp ://w w w .fa c e b o o k .c o m F a c e b o o k a llo w s y o u t o s e a rc h f o r p e o p le , t h e ir f r ie n d s , c o lle a g u e s , a n d p e o p le liv in g a ro u n d th e m and o th e rs w ith w hom th e y a re a ffilia te d . In a d d itio n , y o u can a ls o fin d th e ir
p ro fe s s io n a l in fo r m a tio n
s u c h as t h e ir c o m p a n y o r b u s in e s s , c u r r e n t lo c a tio n , p h o n e
n u m b e r,
e m a i l ID , p h o t o s , v i d e o s , e t c . It a l l o w s y o u t o s e a r c h f o r p e o p l e b y u s e r n a m e o r e m a i l a d d r e s s .
facebook
Sear<* for people, pieces and tv ig i About *
Carmen f lectra
Anefere of *emd-wett. Carmen grew near Cmanno. 900. and got her frtt bM* whan a tcout for *nnce apottod her danang and e*ed her to come and audfton for
Canan wroto a book, >to* toBeSexy'wfvtftwat pubftrfted by Random Houae. In book Carman conveyi *tat a sold t*d*rtandng f one vw alf a cora
Canoe* a Mothe fe e of Me* factor ,a brand that a W t J *moot 100 year! ago and nwedetaJy Mad to > 10 1aod1 *oat beeutAJ facaa. Carmen' partner*? Me! factor V a tu rt n rv and pm M!r
FIGURE 2.7: Facebook a social networking service to search for people across the world
L in k e d ln
1
S o u rce : h ttp ://w w w .lin k e d in .c o m
L i n k e d l n is a s o c i a l n e t w o r k i n g w e b s i t e f o r p r o f e s s i o n a l p e o p l e . I t a l l o w s y o u t o f i n d p e o p l e b y n a m e , k e y w o r d , c o m p a n y , s c h o o l, e tc . S e a rc h in g f o r p e o p le o n such as n a m e , d e s ig n a tio n , n a m e L in k e d ln g iv e s y o u in f o r m a t io n e d u c a tio n q u a lific a tio n s ,
o f c o m p a n y , c u r r e n t lo c a tio n , a n d
b u t t o u s e L in k e d ln y o u n e e d t o b e r e g is t e r e d w i t h t h e s ite .
T w it t e r S o u rce : h ttp ://tw itte r .c o m
M o d u le
02 P a g e 127
0U n C il
Exam
312-50 C e r t i f i e d
T w itte r
is
s o c ia l
n e tw o rk in g
s e rv ic e
th a t
a llo w s
p e o p le
to
send
and
re a d
te x t
m essages
( t w e e t s ) . E v e n u n r e g is t e r e d u s e rs c a n r e a d t w e e t s o n t h is s ite .
FIGURE 2.9: Twitter screenshot
M o d u le
02 P a g e 128
0U n C il
Exam
312-50 C e r t i f i e d
G o o g le + S o u rce : h ttp s ://p lu s .g o o g le .c o m G o o g l e + is a s o c i a l n e t w o r k i n g s i t e t h a t a i m s t o m a k e s h a rin g o n th e w e b m o r e lik e s h a r in g in hack
re a l life . Y o u c a n g ra b a lo t o f u s e fu l in f o r m a t io n a b o u t u s e rs f r o m t h e ir s y s te m s .
th is s ite a n d u s e it t o
FIGURE 2.10: Google+ screenshot
M o d u le
02 P a g e 129
0U n C il
Exam
312-50 C e r t i f i e d
G ather Inform ation from Financial Services
C E H
Copyright by EG-G*ancil. All Rights Reserved. Reproduction Is Strictly Prohibited.
( > ^
a t h e r
I n f o r m
a t i o n
f r o m
F i n a n c i a l
S e r v ic e s
F in a n c ia l s e rv ic e s s u c h as G o o g le F in a n c e , Y a h o o ! F in a n c e , a n d so o n p r o v id e a lo t o f u s e fu l in fo rm a tio n such as th e m a rke t v a lu e of a c o m p a n y 's sh a re s, com pany p ro file ,
c o m p e t it o r d e ta ils , e tc . T h e in fo r m a t io n o ffe r e d v a rie s f r o m
o n e s e r v i c e t o t h e n e x t . In o r d e r t o
a v a il t h e m s e lv e s o f s e rv ic e s s u c h as e - m a il a le r t s a n d p h o n e a le rts , u s e rs n e e d t o r e g is t e r o n t h e fin a n c ia l h a c k in g . M any fin a n c ia l firm s re ly can on web access, p e rfo rm in g and p riv a te tra n s a c tio n s , in fo rm a tio n of and user access to th e ir s e rv ic e s . T h is g iv e s an o p p o rtu n ity fo r an a tta c k e r to g ra b u s e fu l in fo rm a tio n fo r
a c c o u n ts .
A tta c k e rs
o b ta in
s e n s itiv e
u s e rs
u s in g
in fo rm a tio n
t h e f t , k e y lo g g e rs , e tc . A tta c k e r s ca n e v e n g ra b th is in f o r m a t io n a n d e x p lo it it w i t h t h e
b y im p le m e n tin g c y b e rc rim e s ,
h e lp o f n o n - v u ln e r a b le th r e a ts ( s o ftw a r e d e s ig n f la w e x a m p le ; b re a k in g
a u th e n tic a tio n m e c h a n is m ). T h e fo llo w in g a re s o m e o f n o n -v u ln e ra b le th re a ts : Q S e rv ic e f lo o d in g B ru te fo rc e a tta c k S P h is h in g
M o d u le
02 P a g e 130
0U n C il
Exam
312-50 C e r t i f i e d
FIGURE 2.11: Examples of financial services website for gathering information
M o d u le
02 P a g e 131
0U n C il
Exam
312-50 C e r t i f i e d
Footprinting through JobSites

You can gather company's infrastructure details from job postings
Urt1fw4
C E H
ilh iu l lUtbM
L o o k fo r th e se :
e 6 Job req u irem en ts Em ployee's profile
A C H |
En:ep3 Applicators EngincerfCBA Aboa Us Sanre ISfti. t * WarJ k Bc\v Faraiy c ( nnpjw t h.r ht>rornuylmc bowmt to inlxtp-l'adin( *slutkm in even *wt of andlwrwflft tvHikuk *vl fu rirc w rt arr>^< to th* tcol< rnvl tfthiology rijtfhWp fcffli aireeed V * o il if pmvSnj. "Smice of 1 ' .> *1* Fxrflmr ' W t eitaxi ths 1aoe fe\el of Mrvke our aosl *witm* aisrt otr u iv k tu v V { otf Tftprttr. r lastnri and benefits, but out tbrtiztli it on timJ iltu f We fosta a cisual but h*d uoriar.fi mwcnrxctt. ottmizt ftn
position larorauTio
H ardw are in fo rm a tio n S oftw a re in form a tion
Wr04 town niciK*
! 0
pati weafcepnfe apraantngticniwtha1
E x a m p le s o f J o b W e b s it e s
AwnW m l <nf|W o* Ihiw afpW -tmon tnA-.i nri for rorpotafr 141 "Tm n.lV> hi* it nit 'nrit^l 1! Vfcrtoti'rt US. VfrtowA . rt: 0 an4 t'nAH Vfotigag. Nfirtotoft ShatrPomt Cnrm TUm VUtou* CRM \ - | > M il Smrt 200< m <1200S Tram FoaJatM 'fO t aid 201(1, MiniwA SC0M. 1 \rinflopwl * 4 m n and r*vn \rtw r nvk ** 'rt?rd by Ihe ompnv ot K K M r d bldb ?00B3a1r|u1n tla*g kiuwtr tlg< oCWfcxJcwt vn 2COV2008 Actvr Oarv u MkanMMUjodndnctuitkaig (TCP IP vo4.DS'S *kIDHCP! Mu-.; k*r>c ; i pmciL t vM h. ju l >out|j wmU^ k n e w u f NOciuvjH SQL 2303 aul :0)8 Vkiwud 01 ( #^ * lyxcai. WiumA 5>ka1rP.t. MkicxA CRM dul NLlivmA SCOM Mint !m <c P jdc* C aui Povct SbcB*.1Iftiikj .!* ladw( amlNctwuak fiaWu.luc l> c> t co . c'iocjcb. SQL etc xvl cr MCTS, MCSE * lu lu CdutiUa Siiaicc u Network ttn n; or <q avd<t
1 0 0

C0N1AU IMOMMAIMI
h ttp ://w w w .m on ster.com h ttp ://w w w .ca reerb u ild er.com h ttp ://w w w .d ice .co m h ttp ://w w w .sim p lyh ire d .co m * ^
1 1
1 1
h ttp ://w w w .in d eed .co m h ttp ://w w w .u sa jo b s.g ov
Copyright by EG-GWIIICil. All Rights Reserved. Reproduction is Strictly Prohibited.
F o o t p r i n t i n g A tta c k e rs v e rs io n s , c o m p a n y 's fo o tp rin tin g v a rio u s can
t h r o u g h v a lu a b le
J o b
S it e s about th e o p e ra tin g o f an s y s te m , s o ftw a re
g a th e r
in fo rm a tio n
in fra s tr u c tu r e jo b s ite s
d e ta ils , a n d
d a ta b a s e
schem a
o rg a n iz a tio n , th r o u g h upon th e p o s te d
u s in g
d iffe re n t
te c h n iq u e s .
D e p e n d in g
r e q u ir e m e n t s f o r jo b o p e n in g s , a tta c k e r s m a y b e a b le t o in fo rm a tio n , a n d te c h n o lo g ie s used by th e
s tu d y th e
h a rd w a re , n e tw o rk -re la te d c o m p a n y 's w e b s ite s h a v e a b e b e n e fic ia l f o r
c o m p a n y . M o s t o f th e
k e y e m p l o y e e s lis t w i t h t h e i r e m a il a d d r e s s e s . T h is i n f o r m a t i o n an a tta c k e r . F o r e x a m p le , if a c o m p a n y w a n ts t o
m a y p ro ve to
h ire a p e rs o n f o r a N e t w o r k A d m in is t r a t io n
jo b , it p o s ts t h e r e q u ir e m e n t s r e la te d t o t h a t p o s itio n .
M o d u le
02 P a g e 132
0U n C il
Exam
312-50 C e r t i f i e d
MD
17123M546706 42319173004
Network Administrator. Active Directory C u n *. E K h in g
Design and vnpiemert Ik Iv k iI ukA ooi on M Mnd 9 K i Boca Raton. FL 33417
JofcSUhn
rT/S * a r e Development
,gitfgiT.te g > ______________ Support using VWndows ncto*ng V M Directory 2003. SMS. SUS. C1 SOL Server. SOL C M * * . Ewhange 55. Eahange 2003. VH ware. Vertas backup i04wir. h court and M n securty. [ Recwery wivkm . RMO technologies. and Fre/SAN <*s*
K M lo rU
facebook
5 or more years experience wortang n IT *nplemerAng and supportng a glottal business > Pnor npenerxt r Wppdtng a global W dM I St r m and Doma* Infrastoxtiire *nplementng and supportng D w lw y. C#t> Metalrame. SOL Server. SOL Ctaster. DNS. DHCP. WHS. and Etthange 2003 m an Enlerpnse ecMronmert Vny strong systems toutirsiioolng staffs Eipenenc* m provMkng 24-hour support to a global enlerpnse as part of an orvcal rotaton Effectwe interpersonal staffs wdh fie abffffr to be persuasae OVwr staffs Bmttng Effect** Teams. Acton Onerted Pttr Relaffonships, Customer Focus. Pnortr Seteng. ProWeffi SoMng, and Business Acumen Bachelor**** Degree or equivalent eipenence MCSE (2003) certtcafton a plus. Cffra Certffkabon a plus
FIGURE 2 .1 2 : G a th e rin g in fo r m a tio n th r o u g h Job w e b s ite s
U s u a lly a tta c k e r s lo o k f o r t h e f o llo w in g in f o r m a t io n : Job re q u ire m e n ts E m p lo y e e 's p r o file H a rd w a re in fo rm a tio n S o ftw a re in fo rm a tio n
E x a m p le s o f jo b w e b s ite s in c lu d e : Q Q S CD S Q
M o d u le
h ttp / /w w w . m o n s te r.c o m h t t p / / w w w . c a r e e r b u ild e r.c o m h ttp / / w w w .d ic e .c o m -C

4- 4-
h ttp / / w w w .in d e e d .c o m h t t p / / w w w . u s a jo b s .g o v
02 P a g e 133
/ / w w w .s im p lv h ire d .c o m
0U n C il
Exam
312-50 C e r t i f i e d
M onitoring Target Using Alerts

Alerts are the content m onitoring services th a t provide up-to-date inform ation based
C E H
E x a m p le s of A lert S e rv ic e s
o n i t o r i n g a re th e on
T a r g e t s c o n te n t
U s i n g
A l e r t s th a t p ro v id e a u to m a te d u p -to -d a te
A le rts
m o n ito rin g
s e rv ic e s
in fo rm a tio n
based
your
p re fe re n c e ,
u s u a lly v ia
e m a il
or SMS.
In o r d e r t o
g e t a le rts , y o u
n e e d t o re g is te r o n th e w e b s ite a n d y o u s h o u ld s u b m it e ith e r an e m a il o r p h o n e n u m b e r t o th e s e rv ic e . A tta c k e r s ca n g a th e r th is s e n s itiv e f u r t h e r p ro c e s s in g o f a n a tta c k . in fo rm a tio n fro m th e a le r t s e rv ic e s a n d u s e it f o r
I ^ jl
G o o g le
A le r ts
S o u rce : h ttp ://w w w .g o o g le .c o m /a le r ts G o o g le A le rts is a c o n te n t m o n ito rin g s e rv ic e th a t a u to m a tic a lly n o tifie s u s e rs when new
c o n te n t fro m
n e w s , w e b , b lo g s , v id e o , a n d / o r d is c u s s io n g r o u p s m a tc h e s a s e t o f s e a rc h t e r m s
s e le c te d b y th e u s e r a n d s to re d b y th e G o o g le A le rts s e rv ic e . G o o g l e A l e r t s a id s in m o n i t o r i n g a d e v e l o p i n g n e w s s t o r y a n d k e e p i n g c u r r e n t o n a c o m p e t i t o r o r in d u s try .
M o d u le
02 P a g e 134
0U n C il
Exam
312-50 C e r t i f i e d
C o o g i A lert Security N ew *
o o g l e
A le rts
Tkta New
lu ilo n i bkokad HiMyc.
27new results j
Security News
S e a rch query
S e c u rity N ew s
N#vr Yoric Time* BEIRUT Lebanon The hilling on Wednesday of President Bashat al-Assads key security aides a brazen bombog attack close to Mr Assads own resdnce. called HYaft Trei into question the ability of a government that depends on an insular group of loyalists to S t t ! ?ft te a t r
Sinae Ra a 1 a Land Dtaflli-Bteftla A jia d a la n trC iic lg
R e su lt type
Everything
San Jose Mercury Mews Turns out < Mas 3s easy as using a rug to scale a razor *iro topped security fence at a small Utah arpoit in the rroddie cf night slipping past security bearding an idle empty S0-passeog?r SlcyWest Airhnes )t and rewng up the engines. He Clashed the ...
? te n t; gn thi? .
How often
Once a day
H ow many:
Only the b est re su lts
K tiS ta n fltA S M ia n tram M iiajm u tm aao stm i Reuters

BEIRUT'AMMAN (Reuters) - Mystery surrounded the whereabouts of Syr an President Basha* 31Assad cn Thursday a day after 3 oomoer killed and wounded his security cnefs and rebels closed in on the centre of Damascus vowing to *liberate" the capital.
5 1 9 ?tpnts ? .h?
>
Your email
@ ya ho o c o m Manage your alerts
CREATE ALERT
W al Street Journal BEIRUTSyrian rebels pierced the innermost circle 0 1 President Bashar a -Asssds regime wKh a bomb blast that kiled thiee riigh-lewl officials and raised questions about the aMity of the courftry's security forces to sustain the embattled government Syne
SlfM Lgflfofg InPCT
w ii stmt a <
FIGURE 2.13: Google Alert services screenshot

Yahoo! A le rts is a v a ila b le at h ttp ://a le rts .y a h o o .c o m and G ig a A le rt is a v a ila b le at
h t t p : / / w w w . g ig a a le r t . c o m : th e s e a re t w o m o r e e x a m p le s o f a le r t s e rv ic e s .
M o d u le
02 P a g e 135
E t h i c a l H a c k i n g a n d C o u n t e r m e a s u r e s C o p y r i g h t b y E C - C O lM C il A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d .
Exam
312-50 C e r t i f i e d
Footprinting Methodology
C E H
WHOIS Footprinting
DNS Footprinting
Email Footprinting
F o o t p r i n t i n g
e t h o d o l o g y m e t h o d o l o g y , i.e ., f o o t p r i n t i n g An o r g a n iz a tio n 's w e b s ite is a
So fa r, w e h a v e d is c u s s e d t h e fir s t s te p o f f o o t p r in t in g v ia s e a rc h e n g in e s . Now we w ill d is c u s s w e b s it e fo o tp rin tin g .
fir s t p la c e w h e r e y o u ca n g e t s e n s itiv e in f o r m a t io n p e r s o n s in t h e c o m p a n y , u p c o m i n g fo o tp rin tin g u p d a te s . c o n c e p t, m irro rin g
s u c h as n a m e s a n d c o n ta c t d e ta ils o f c h ie f
p r o je c t d e ta ils , a n d so o n . T h is s e c tio n c o v e rs t h e w e b s it e to o ls used fo r m irro rin g , and m o n ito r in g w eb
w e b s ite s , th e
M o d u le
02 P a g e 136
0U n C il
Exam
312-50 C e r t i f i e d
W e b s ite F o o t p r in t in g
Information obtained from target's website enables an attacker to build a detailed map of website's structure and architecture
C E H
Browsing the target website may provide:

t t: t Software used and its version Operating system used Sub-directories and parameters Filename, path, database field name, or query Scripting platform Contact details and
CM S
details
Use Zaproxy, Burp Suite, Firebug, etc. to view headers that provide:
w ~ t; Connection status and content-type Accept-Ranges Last-Modified information X-Powered-By information Web server in use and its version
e b s i t e p o s s ib le
F o o t p r i n t i n g fo r an a tta c k e r to b u ild a d e ta ile d m ap o f a w e b s ite 's s tru c tu re and
I t is
a r c h i t e c t u r e w i t h o u t ID S b e i n g t r i g g e r e d o r w i t h o u t r a i s i n g a n y s y s a d m i n s u s p i c i o n s . It c a n b e a c c o m p lis h e d e i t h e r w i t h t h e h e lp o f s o p h is t ic a t e d f o o t p r i n t i n g t o o ls o r j u s t w i t h t h e b a s ic t o o ls t h a t c o m e a lo n g w it h th e o p e r a tin g s y s te m , s u c h as t e ln e t a n d a b r o w s e r . U s i n g t h e N e t c r a f t t o o l y o u c a n g a t h e r w e b s i t e i n f o r m a t i o n s u c h a s IP a d d r e s s , r e g i s t e r e d n a m e a n d a d d re s s o f th e d o m a in o w n e r, d o m a in m ay not g iv e a ll th e s e d e ta ils fo r e ve ry n a m e , h o s t o f t h e s ite , O S d e ta ils , e tc . B u t t h is t o o l s ite . In such cases, you s h o u ld b ro w se th e ta rg e t
w e b s ite . B ro w s in g th e ta r g e t w e b s ite w ill p ro v id e y o u w ith th e fo llo w in g in fo r m a tio n : Q S o ftw a re used and its v e r s i o n : Y o u can fin d n o t o n ly th e s o ftw a re in u s e b u t a ls o t h e
v e rs io n e a s ily o n t h e o f f - t h e - s h e lf s o f t w a r e - b a s e d w e b s ite . Q 9 O p e r a t in g s y s t e m u s e d : U s u a lly t h e o p e r a t in g s y s t e m c a n a ls o b e d e t e r m i n e d . S u b -d ire c to rie s a n d p a ra m e te rs : Y ou can re v e a l th e s u b -d ire c to rie s a n d p a ra m e te rs by
m a k i n g a n o t e o f a ll t h e U R L s w h i l e b r o w s i n g t h e t a r g e t w e b s i t e .
M o d u le
02 P a g e 137
0U n C il
Exam
312-50 C e r t i f i e d
F ile n a m e ,
p a th ,
d a ta b a s e
fie ld
nam e,
or
q u e ry :
You
s h o u ld
a n a ly z e
a n y th in g
a fte r
q u e r y t h a t lo o k s lik e a f i le n a m e , p a t h , d a t a b a s e f ie ld n a m e , o r q u e r y c a r e f u lly t o c h e c k w h e t h e r it o ffe rs o p p o r t u n it ie s f o r SQ L in je c tio n . - S c rip tin g p la tfo rm : W ith th e h e lp o f th e s c rip t file n a m e e x te n s io n s su ch as .p h p , .a s p ,
. j s p , e t c . y o u c a n e a s i l y d e t e r m i n e t h e s c r i p t i n g p l a t f o r m t h a t t h e t a r g e t w e b s i t e is u s i n g . S C o n ta c t d e ta ils a n d C M S d e ta ils : T h e c o n ta c t p a g e s u s u a lly o f f e r d e ta ils s u c h as n a m e s , phone n u m b e rs , e m a il a d d re s s e s , a n d lo c a tio n s o f a d m in or su p p o rt p e o p le . Y ou can
use th e s e d e ta ils t o p e r fo r m C M S s o ft w a r e a llo w s
a s o c ia l e n g in e e r in g a tta c k . s c rip t file n a m e e x te n s io n s .
U R L r e w r i t i n g in o r d e r t o d is g u is e t h e
In t h i s c a s e , y o u n e e d t o p u t l i t t l e m o r e e f f o r t t o d e t e r m i n e t h e s c r i p t i n g p l a t f o r m . U s e P a ro s P ro x y , B u r p S u ite , F ire b u g , e tc . t o v i e w h e a d e r s t h a t p r o v id e : Q Q Q C o n n e c tio n s ta tu s a n d c o n te n t-ty p e A c c e p t-ra n g e s L a s t-M o d ifie d in fo r m a tio n X -P o w e re d -B y in fo rm a tio n W e b s e r v e r in u s e a n d its v e r s i o n
S o u rce : h ttp ://p o r ts w ig g e r .n e t T h e f o l l o w i n g is a s c r e e n s h o t o f B u r p S u i t e s h o w i n g h e a d e r s o f p a c k e t s i n t h e i n f o r m a t i o n p a n e :
FIGURE 2.14: Burp Suite show ing headers o f packets in th e in fo rm a tio n pane
M o d u le
02 P a g e 138
0U n C il
Exam
312-50 C e r t i f i e d
W e b s it e F o o t p r i n t i n g
( C o n t d )
Urt1fw4
C E H
ilh iu l lUtbM
Examining HTML source provides:

Comments in the source code 9 Contact details of web developer or admin File system structure 9 Script type
Examining cookies may provide:

6 Software in use and its behavior Scripting platforms used
e b s i t e
( C
o n t d )
E x a m in e t h e H T M L s o u rc e c o d e . F o llo w t h e c o m m e n t s t h a t a re e it h e r c r e a te d b y t h e C M S s y s te m o r in s e rte d w h a t 's r u n n i n g in t h e d e v e lo p e r. O b s e r v e a ll t h e to reve a l th e li n k s a n d i m a g e t a g s , in o r d e r t o m a p t h e f i l e s y s t e m s t r u c t u r e . T h is a l l o w s y o u d ir e c t o r ie s a n d file s . E n te r f a k e d a t a to d e te rm in e h o w th e m a n u a lly . T h e s e c o m m e n t s m a y p r o v id e c lu e s t o h e lp y o u u n d e r s t a n d a d m in o r
b a c k g r o u n d . T h is m a y e v e n p r o v id e c o n t a c t d e ta ils o f t h e w e b
e x is te n c e o f h id d e n
s c rip t w o rk s .
M o d u le
02 P a g e 139
0U n C il
Exam
312-50 C e r t i f i e d
T
V e w j u < e w w w j n <rc.
ft
view sourivwww.microsoft.com en-us/defaultaspx
f t
\ A I
21< ' D O C TYPC hriwi PUBLIC / /W3C//DTD XHTM L 1*0 Trtnsicififltl//CNa

s < h t m l d i r " l t r " l a n g e n x m l : l a r . g * e r. x m l n s h t t p : / / w w w . w 3 . o r g / 1 9 9 9 / x h t m l x m l n s : b ~ ' u r n : s c h e m a s - m c r o s o f t - c o m : m s c o m : b *> < h e a d x t tle > M i c r o s o f t C o r p o r a t i o n : S o f t w a r e , S m a r t p h o n e s , O n l i n e , S a x e s , C lo u d C o m p u tin g , IT B u s i n e s s T e c h n o lo g y , D o w n lo a d s 0 < / t l t l e x m e t a h t t p - e q u i v 'X - U A - C o s p a t l b l e c o n t e n t I E - 1 0 * / x m e t a h t t p e q u v "C n t e n t - T y p e c o n t e n t ~ * t e x t / h t m l : c ! i a r s e t u t f - 8 " / x m e t a h t t p e q v * " X -U A -IE 9 -T e x tL a y c u tM e trie s * c o n t e n t " s n a p - v e r t c a l " /> o e n p t ty p e " t e x t ^ a v a s c n p t - > v a r Q o s I n i t T i m e < new D a t e ( ) ) g e t T i m e ( ) ; 9 v a r Q o s L o a d T im * ; v a r Q o s P a g e U n e n c o d e U R I ( w in d o w , l o c a t i o n ) ; v a r Q o sB a se S rc w in d o w .l o c a t io n .p r o to c o l / / e . 1 E i c r o o f t . c o m / t r a n ^ _ p l x e l . a 3 p x ? r o u t e * 6 4 D E ^ c t r l - 9 C 5 A 4 t z + ( (n e w D a t e ( ) ) . g e t T i m e z o n e O f f s e t () / 6 0 ) t c o t - S t q o s . u n Q o s P a g e tJ r i; d o c u m e n t.w rite ( " c lin k r e l " 3 ty le s h e e t ty p e t e x t / c s s h r e f " ' Q o s S u ild U rl( l n i t ) " / > ') ; f u n c t i o n Q o s B u ild U n (n ) ( 14 v a r t i m e (n e w D a t e ( ) ) . g e t T u s e ( ) ; v a r c d - w in d o w .c o o k ie D is a b le d ; i f (ty p e o f cd * u n d e f in e d * ) cd 1 ; / / D e f a u lt t o 1 (c o o k ie s d is a b le d ) i f th e w ed cs s c r i p t h a s not se t i t yet r e t u r n Q o sB a se S rc * t e d ' c d t q o s . t i ' Q o s I n itT m e 4 t s ' t i m e + , * q o s . t l Q o s L o a d T lm e i q o s . n 1 n ;
1 1
1 1
tl }
FIGURE 2 .1 5 : S c re e n s h o t s h o w in g M ic ro s o ft s c rip t w o rk s
E x a m in e c o o k ie s s e t b y t h e s e r v e r t o d e t e r m i n e t h e s o f t w a r e r u n n i n g a n d its b e h a v i o r . Y o u c a n a ls o i d e n t i f y t h e s c r i p t in p l a t f o r m s b y o b s e r v i n g s e s s io n s a n d o t h e r s u p p o r t i n g c o o k i e s .
Cook** ar*d site data Sit OdyM < u(1(y.(0<n 100bcttbuy.com Locally stored data 3 (oobn 2 coobes Remove fl Search cookies
Nme Content.
_utmx 192B742S2.1342a4622.1.1 utmcs lOOmoney n|utmccn (rfen*l>futmcmd=refen*ljutmcct' lendmg/moneydeel >*> .100bestbuy.com / Aity bnd of connection Yes Monday. Juty 1 6 . 2012 &S3^1 AM Mondey. Jjnu.ry U. 2013 *5341 PM y
Domim Pth Send for Accrv.4>teto script Created bp**: Remove www.tOObestbuy.com www.100nests.com 125rf.com www.t23d.com 1cookie 1 cook* }cobet 2 cootaes. Local storage
v OK
FIGURE 2 .1 6 : S h o w in g d e ta ils a b o u t th e s o ftw a re ru n n in g in a s y s te m b y e x a m in in g c o o kie s
M o d u le
02 P a g e 140
0U n C il
Exam
312-50 C e r t i f i e d
M i r r o r i n g E n t ir e W e b s ite
J Mirroring an entire website onto the local system enables an attacker to dissect and identify vulnerabilities; it also assists in finding directory structure and other valuable information without multiple requests to web server Web mirroring tools allow you to download a website to a local directory, building recursively all directories, HTML, images, flash, videos, and other files from the server to your computer
CEH
O rig in a l W e b site
M irro re d W e b s ite
i r r o r i n g
a n
E n t i r e
e b s i t e o f th e o rig in a l w e b s ite . to d o w n lo a d a
W e b s ite T h is c a n
m irro rin g th e
is t h e h e lp
p ro c e s s o f c r e a tin g a n e x a c t re p lic a
be d o n e w ith
of web
m ir r o r in g to o ls . T h e s e to o ls a llo w y o u
w e b s i t e t o a lo c a l d i r e c t o r y , r e c u r s i v e l y b u i l d i n g a ll d i r e c t o r i e s , H T M L , i m a g e s , f l a s h , v i d e o s a n d o t h e r file s f r o m th e s e rv e r to y o u r c o m p u te r.
W e b s ite m ir r o r in g has th e f o llo w in g b e n e fits : Q I t is h e l p f u l f o r o f f l i n e s i t e b r o w s i n g . W e b s i t e m i r r o r i n g h e lp s in c r e a t i n g a b a c k u p s it e f o r t h e o r i g i n a l o n e . Q Q A w e b s ite c lo n e c a n b e c re a te d . W e b s ite m irro rin g is u s e fu l to te s t th e s ite at th e tim e of w e b s ite d e s ig n and
d e v e lo p m e n t. Q I t is p o s s i b l e t o d i s t r i b u t e t o m u l t i p l e s e r v e r s i n s t e a d o f u s i n g o n l y o n e s e r v e r .
M o d u le
02 P a g e 141
0U n C il
Exam
312-50 C e r t i f i e d
O rig in a l W e b s ite
M irro re d W e b s ite
FIGURE 2.17: JuggyBoy's O riginal and M irro re d w e b site
M o d u le
02 P a g e 142
0U n C il
Exam
312-50 C e r t i f i e d
W e b s i t e M i r r o r i n g T o o ls
CEH
e b s i t e
i r r o r i n g
T o o ls
H T T r a c k
W e b
S ite
C o p ie r
S o u rce : h ttp ://w w w .h ttr a c k .c o m H T T r a c k is a n o f f l i n e b r o w s e r u t i l i t y . I t a l l o w s y o u t o d o w n l o a d a W o r l d W i d e W e b s i t e f r o m t h e In te rn e t to a lo c a l d ire c to ry , b u ild in g re c u rs iv e ly a ll d ire c to rie s , g e ttin g HTM L, im a g e s , and
o t h e r file s f r o m
t h e s e rv e r t o y o u r c o m p u t e r . H T T ra c k a rra n g e s t h e o rig in a l s ite 's r e la t iv e lin k lin k t o e x is tin g
s t r u c t u r e . O p e n a p a g e o f t h e " m i r r o r e d " w e b s i t e in y o u r b r o w s e r , b r o w s e t h e s i t e f r o m lin k , and you can v ie w th e s ite as if y o u w e re o n lin e . H T T ra ck can a ls o u p d a te an
m i r r o r e d s ite , a n d r e s u m e in t e r r u p t e d d o w n lo a d s .
M o d u le
02 P a g e 143
0U n C il
Exam
312-50 C e r t i f i e d
Site mirroring in pfogress (2/2.10165 bytes) - [FR.wt1tt]

File Preference . Mirrcx Log W indow Help
Sjy lo < ^
M i s i. N
Bi
Wormetion ByletM ved Tim Tmnrfer rat Act** com ectcr* 992*6 221 / > 59&/( 2 Im fcsK jn rv d Ftecpd*ed 2/2 0 0
8 ) i. p I
W (Action
"WBtwirconi
"
cont4wcon <
FIGURE 2.18: HTTrack Web Site Copier Screenshot

S u r f O f flin e S o u rce : h ttp ://w w w .s u r fo fflin e .c o m S u rfO fflin e w e b s ite s is a w e b s ite d o w n lo a d pages to s o ftw a re . your lo c a l The h a rd s o ftw a re d riv e . a llo w s you to d o w n lo a d e n tire th e ta rg e t
and
d o w n lo a d w e b
A fte r
d o w n lo a d in g
w e b s i t e , y o u c a n u s e S u r f O f f l i n e a s a n o f f l i n e b r o w s e r a n d v i e w d o w n l o a d e d w e b p a g e s in it. If y o u p r e f e r t o v i e w d o w n l o a d e d w e b p a g e s in a n o t h e r b r o w s e r , y o u c a n u s e t h e E x p o r t W i z a r d . S u r f O f f l i n e ' s E x p o r t W i z a r d a ls o a l l o w s y o u t o c o p y d o w n l o a d e d w e b s i t e s t o o t h e r c o m p u t e r s in o rd e r to v ie w th e m la te r a n d p re p a re s w e b s ite s f o r b u rn in g t h e m t o a CD o r D V D .

J
F.4e View Projects
SurfOffline Professional 2.1 Unregistered trial version. You have 30 day(s) left
8rowver HHp
I ** 1 1 x
iL
O Promts
Zi
Hi> O
O Q j j
<5 New Project
JuggyboyQ uestion the Rules

+ +
1m 1: http:.'/www-juggyb...
P fo y w i
Set 0 0 0
Loaded b y t 0 0 0
Sutus Connecting Conra tin g Connecting
2: http7/wwwû9gyb
J: http--//www.; 1 >ggyb... * http,/ / www /uggyfe..
S : http://wwwjuggyb .
_______________________S>m.g 0
0 0
10*6*4 11
0 0 Queued S1
Connecting Connecting
(1 < tem (*) rem *rfM ng) Downloading p*ctuehttp .//ww
FIGURE 2.19: SurfOffline screenshot

B la c k W id o w
S o u rce : h ttp ://s o ftb v te la b s .c o m
M o d u le
02 P a g e 144
0U n C il
Exam
312-50 C e r t i f i e d
B la c k W id o w
is a w e b s i t e s c a n n e r f o r b o t h e x p e r t s a n d b e g i n n e r s .
It s c a n s w e b s i t e s ( it's a s ite
r i p p e r ) . It c a n d o w n l o a d a n e n t i r e w e b s i t e o r p a r t o f a w e b s i t e . It w i l l b u i l d a s it e s t r u c t u r e f ir s t , a n d t h e n d o w n l o a d s . It a llo w s y o u t o c h o o s e w h a t t o d o w n l o a d f r o m th e w e b s ite .
M o d u le
02 P a g e 145
0U n C il
Exam
312-50 C e r t i f i e d
l W M
M a o w A C o t p o r j B o n S c f t m n . V i w l c t o n n O r t n r G m v Clau d C a n c u in a It l u v n r t i T t t n o io v r O om H o^t
^ [() 0|V
' f j l t n g liw 1* m
U h jh
2J***'
S **
W e lc o m e t o M ic ro s o ft
* o* u cta
0 0
e *d
S*o^
Support
wy
FIGURE 2.20: SurfOffline screenshot

W e b r ip p e r
S o u rce : h ttp ://w w w .c a llu n a - s o ftw a r e .c o m W e b R i p p e r is a n In te rn e t sca n n e r and d o w n lo a d e r. It d o w n l o a d s m a s s iv e a m o u n t o f im a g e s ,
v id e o s , a u d io , a n d e x e c u ta b le d o c u m e n ts f r o m t o f o l l o w t h e lin k s in a ll d i r e c t i o n s f r o m
a n y w e b s ite . W e b R ip p e r uses s p id e r - te c h n o lo g y
t h e s ta r t- a d d r e s s . It filte r s o u t t h e in t e r e s t in g file s , a n d
a d d s th e m to th e d o w n lo a d - q u e u e fo r d o w n lo a d in g . Y o u c a n r e s tr ic t d o w n lo a d e d ite m s b y file ty p e , m in im u m file , m a x i m u m file , a n d im a g e s iz e . A ll
t h e d o w n lo a d e d lin k s c a n a ls o b e r e s t r ic t e d b y k e y w o r d s t o a v o id w a s t in g y o u r b a n d w i d t h .
Wrt>Rppef 0 3 - Copyright (0 200S-2009 - StmsonSoft Ne M> T00H *dp
H!Ixl ^|%|
F < xsy3M m fiwemgW SucceeAiMee fM ta
0S am sonS oft
Seemed page Sutfcv*
S elected!ot
^ T a rg e te d [w w w !u q q y b o y c o m )634782117892930200
O owteed* |
S o d t n|
| Log
\
W e b R ip p e r
Th e ultim ate tool fo r wehsite ripping
Stje Rcojetfng header ReojeCng header f'egjeang herter Reaietfrg header Kcojetfng header
Cp W car, * p e tix T c tr 5ng C p 1 wti p jy o y cot n. conrw. f mp WwfjgyK-y comvjxwwonShewe* e. tip /w pgsftcy car. ltd rflp/Afww^jggytoy camHe* artarxatrtage*.
001W Mai
0 12KES
FIGURE 2.21: Webripper screenshot
M o d u le
02 P a g e 146
0U n C il
Exam
312-50 C e r t i f i e d
W e b s i t e M i r r o r i n g T o o ls
( C o n t d )
(E H
Urt.fi* | ttk.ul M m Im
Website Ripper Copier

o http://www.tensons.com
PageNest
http://www.pagenest.com
Teleport Pro
http://www.tenmax.com
Backstreet Browser
http://www.spadixbd.com
Portable Offline Browser

http://www.metaproducts.com
__ ,
Offline Explorer Enterprise

http://www.metaproducts.com
Proxy Offline Browser

http://www.proxy-offline-browser.com
GNU Wget
http://www.gnu.org
iMiser
http://internetresearchtool.com
I 2A Z J
Hooeey Webprint
http://www.hooeeywebprint.com
W In
e b s i t e a d d itio n to
i r r o r i n g w e b s ite
T o o l s
( C to o ls
o n t d ) m e n tio n e d p re v io u s ly , a fe w m o re w e ll-
th e
m irro rin g
k n o w n to o ls a re m e n tio n e d as fo llo w s : 9 Q Q 0 9 W e b is te R ip p e r C o p ie r a v a ila b le a t h t t p : / / w w w . t e n s o n s . c o m T e le p o r t P ro a v a ila b le a t h t t p : / / w w w . t e n m a x . c o m P o rta b le O fflin e B r o w s e r a v a ila b le a t h t t p : / / w w w . m e t a p r o d u c t s . c o m P ro x y O fflin e B r o w s e r a v a ila b le a t h t t p : / / w w w . p r o x y - o f f lin e - b r o w s e r . c o m iM is e r a v a ila b le a t h t t p :/ / in t e r n e t r e s e a r c h t o o l.c o m P a g e N e s t a v a ila b le a t h t t p : / / w w w . p a g e n e s t . c o m B a c k s tre e t B r o w s e r a v a ila b le a t h t t p : / / w w w . s p a d ix b d . c o m O fflin e E x p lo re r E n te rp ris e a v a ila b le a t h t t p : / / w w w . m e t a p r o d u c t s . c o m G N U W g e t a v a ila b le a t h t t p : / / w w w . g n u . o r g H o o e e y W e b p r in t a v a ila b le a t h t t p : / / w w w . h o o e e y w e b p r in t . c o m
M o d u le
02 P a g e 147
E t h i c a l H a c k i n g a n d C o u n t e r m e a s u r e s C o p y r i g h t b y E C - C O U I I C il A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d .
Exam
312-50 C e r t i f i e d
E x t r a c t h t t p :7 / w
W w
e b s i t e w
I n f o r m
a t i o n
f r o m
---------------A rc h iv e
. a r c h i v e . o r g
is a n I n t e r n e t A r c h i v e W a y b a c k M a c h i n e t h a t a l l o w s y o u t o v i s i t a r c h i v e d v e r s i o n s o f
w e b s ite s . T h is a llo w s y o u t o g a t h e r in f o r m a t io n o n a c o m p a n y 's w e b p a g e s s in c e t h e ir c r e a tio n . As th e w e b s ite w w w .a r c h iv e .o r g ke e p s tra c k o f w e b p ages fr o m th e tim e o f th e ir in c e p tio n , y o u
can re trie v e e v e n in fo rm a tio n th a t has b e e n re m o v e d fr o m th e ta r g e t w e b s ite .
M o d u le
02 P a g e 148
0U n C il
Exam
312-50 C e r t i f i e d
~ \~
wayback.arch1vc.org'.)C : rosottxon G o W a y to a c k l
ii
\
J!" *
!' '
! http://microsoft.com
1.h
3 9 10 11
18
7 8
14 15
9 1 16 17
ft
10 11 12
12 13
14
15
13
131415517 18
20 212223 24 25
1 0
17 24
1 11 2 13
18 19 20 23 26 27
14 15 16
21 22 28 29
16 17
19 J0j21
22
20 27
21 22 23 24
28
23 30
23 24 25 26 7 28 29
30
2758293
31
M AY
1
15
23
45 12
7
14
9 1 0 )1 1
16 17 23 24 30 31
13
20 27
5
12 19 26
ft
<
10 17 )4
11 18 10 17 24 11 12 13 1 1 20 75 26 27 U 21 2 15 22 29 16 23 30 14 31 ?8 15 22 29
101112 16 171919 23 24252 30 31
18 19 26 26
21
28
13 14 15 16
20 21 ?2 2)
22 29
25
27 28 29 3
FIGURE 2 .2 2 : In te r n e t A rc h iv e W a y b a c k M a c h in e s c re e n s h o t
M o d u le
02 P a g e 149
0U n C il
Exam
312-50 C e r t i f i e d
M onitoringW ebU pdates U sing W ebsiteW atcher

W ebsite W atcher auto m a tica lly checks w eb pages fo r updates and changes
[ *
WebSite-Watcher 2012(112) goot/narks hck Took Jcnpt Qptioni y*ew fcjelp Byy Now
.cockmartcwsw.
28 days available
a|
ll^ rs
11 1
Statu* Warning: wtiole content _ CK. mibafccril Redirection OK CK.php882 Plugin ptoC m . Last check 1 5 :1 -4 2012-07-18 16:2*33 2008-10-07 15:4*30 2008-10-07 15:44:49
change SignIn http:Vww1 A t.hotm ail.com fAcrosoft Corpotatioru Software ... http://www.rn!uoicft com 2012-07-18 1&2&22 W ebSe-W atchf - Download http-7/www a^necom'dovmlea 200-10-07 15515-27 WebSrte-W atcher - Support Forum http:/' vww.a gne .com'fovn'1 - 20CS-10-C7 15744:4s
W e b S ite - W a tc h e
H chpp rpjjuw Scfp^rwhot*; VWo< Cown<o.*d'.
e. S la y In
Buy Now S i i o noft
Download W rbSite-W alctwr

WnbSlte Wrtt< h r r 4 .4? I D o w lo ai | (4.3 *6) 21-hit 00
|w > rrf | ( o M B)
Syn: MTintx/MaftfTA/2000/200VXP/Vteta Vfc an H r n l c y y
I frJ i n s t a * o r . do n e <u n a n s l a l your J u t f i o f lcopy o WebS**-W*tchr -) S ti n s t a l l0
Page
Tt
Analyse
h ttp : //a ig n e s .c o m
Copyright by EG-Gllincil. All Rights Reserved. Reproduction is Strictly Prohibited.
o n i t o r i n g
e b
U p d a t e s
U s i n g
e b s i t e
a t c h e r
S o u rce : h ttp ://w w w .a ig n e s .c o m W e b s i t e W a t c h e r is u s e d t o an u p d a te or change k e e p tr a c k o f w e b s ite s f o r u p d a te s a n d a u to m a tic c h a n g e s . W h e n W a tc h e r a u to m a tic a lly d e te c ts and saves th e la s t t w o
o cc u rs , W e b s ite
v e r s i o n s o n t o y o u r d i s k , a n d h i g h l i g h t s c h a n g e s i n t h e t e x t . I t is a u s e f u l t o o l f o r m o n i t o r i n g s i t e s t o g a in c o m p e t i t i v e a d v a n t a g e . B e n e fits : F re q u e n t m anual c h e c k in g of u p d a te s is not re q u ire d . W e b s ite W a tc h e r can a u to m a tic a lly
d e te c t a n d n o tify u s e rs o f u p d a te s : Q It a llo w s y o u t o w e b s ite s T h e s ite ca n k e e p tr a c k o f n e w s o f t w a r e v e rs io n s o r d r iv e r u p d a te s It s t o r e s im a g e s o f t h e m o d i f i e d w e b s i t e s t o a d is k know w h a t y o u r c o m p e tito r s a re d o in g b y s c a n n in g y o u r c o m p e t it o r s
M o d u le
02 P a g e 150
0U n C il
Exam
312-50 C e r t i f i e d
FIGURE 2.23: W e b site w a tch e r m o n ito rin g w e b updates
M o d u le
02 P a g e 151
0U n C il
Exam
312-50 C e r t i f i e d
C E H
WHOIS Footprinting
DNS Footprinting
Email Footprinting
e t h o d o l o g y
So f a r w e h a v e d is c u s s e d F o o t p r in tin g t h r o u g h s e a rc h e n g in e s a n d w e b s it e f o o t p r in t in g , t h e t w o in itia l p h a s e s o f f o o t p r i n t i n g m e t h o d o l o g y . N o w w e w ill d is c u s s e m a i l f o o t p r i n t i n g .
WHOIS Footprinting
DNS Footprinting
Network Footprinting Footprinting th ro u g h Social Engineering Footprinting th ro u g h Social Networking Sites
T h is
s e c tio n
d e s c rib e s
how
to
tra c k
e m a il c o m m u n ic a tio n s ,
how
to
c o lle c t in fo r m a tio n
fro m
e m a il h e a d e rs , a n d e m a il tr a c k in g to o ls .
M o d u le
02 P a g e 152
0U n C il
Exam
312-50 C e r t i f i e d
Tracking Em ail C om m unications c E h

(ttifwtf 1 ltK4l IlM
\ tm
Attacker tracks email to gather info rm a tio n ab o ut the physical location o f an in d ivid u a l to perform social engineering th a t in tu rn may help in m apping ta rg e t organization's n e tw o rk Email tracking is a m ethod to m o n ito r and spy on th e delivered em ails to the intended recipient
When the email was received and read Set messages to expire after a specified time GPS location and map of the recipient
Track PDF and other types of attachments Whether or not the recipient it visited any links sent to them
Time spent on reading the emails
T r a c k i n g
a i l
o m
u n i c a t i o n s
E m a i l t r a c k i n g is a m e t h o d t h a t h e l p s y o u t o m o n i t o r a s w e l l a s t o t r a c k t h e e m a i l s o f a p a r t i c u l a r u s e r . T h i s k i n d o f t r a c k i n g is p o s s i b l e t h r o u g h d i g i t a l l y t i m e s t a m p e d r e c o r d s t o r e v e a l th e tim e and d a te a p a rtic u la r e m a il was re c e iv e d or opened by th e ta rg e t. A lo t o f e m a il
t r a c k i n g t o o l s a r e r e a d i l y a v a i l a b l e in t h e m a r k e t , u s i n g w h i c h y o u c a n c o l l e c t i n f o r m a t i o n s u c h a s IP a d d r e s s e s , m a i l s e r v e r s , a n d s e r v i c e p r o v i d e r f r o m use th is in fo rm a tio n to b u ild th e h a c k in g s tra te g y . w h ic h th e m a il w a s s e n t. A tta c k e rs can o f e m a il tra c k in g to o ls in c lu d e :
E x a m p le s
e M a ilT r a c k e r P r o a n d P a ra b e n E -m a il E x a m in e r. B y u s in g e m a il t r a c k in g t o o ls y o u c a n g a t h e r t h e f o llo w in g in f o r m a t io n a b o u t t h e v ic tim :
Geolocation: -
E s tim a te s a n d d is p la y s t h e
lo c a tio n
o f th e
re c ip ie n t o n th e
m ap and m ay
e v e n c a lc u la te d is ta n c e f r o m y o u r lo c a tio n .
Read duration:
th e se n d er.
T h e d u ra tio n o f tim e s p e n t b y th e re c ip ie n t o n re a d in g th e m a il s e n t b y
Proxy detection:
P ro v id e s in f o r m a t io n a b o u t t h e t y p e o f s e rv e r u s e d b y t h e r e c ip ie n t. check w h e th e r th e lin k s s e n t t o t h e re c ip ie n t th ro u g h e m a il h a ve
Q Links:
A llo w s y o u to
b e e n c h e c k e d o r n o t.
M o d u le
02 P a g e 153
0U n C il
Exam
312-50 C e r t i f i e d
' ' Operating system:

th e re c ip ie n t. The
T h is r e v e a ls in f o r m a t io n a b o u t t h e t y p e o f o p e r a t in g s y s te m a tta c k e r can use th is in fo rm a tio n to la u n c h an a tta c k by
used by fin d in g
l o o p h o l e s in t h a t p a r t i c u l a r o p e r a t i n g s y s t e m .
Q Forward email:
W h e th e r o r n o t th e
e m a il s e n t t o y o u
is f o r w a r d e d
to
a n o th e r p e rs o n
c a n b e d e t e r m in e d e a s ily b y u s in g th is to o l.
M o d u le
02 P a g e 154
0U n C il
Exam
312-50 C e r t i f i e d
Collecting Inform ation from Em ail H eader

D e liv o r e d - T o : _ @ g m a il.c o m The a d d re ss from w hich R e c e i v e d : b y 1 0 . 1 1 2 . 3 9 . 1 6 7 w i t h SMTP i d q 7 c j th e m essage w as sent F r i , 1 Ju n 2012 2 1 :2 4 :0 1 R e t u r n - P a t h : < *- e r m a @ g m a il.c o m > R e c e iv e d - S P F : p a s s ( g o o g le .c o m : d o m a in o f d e s ig n a te s 1 0 .2 2 4 .2 0 5 .1 3 7 s e n d e r ) c l i e n t i p = 1 0 . 2 2 4 . 2 0 5 . 377 S en d er's m ail server A u t h e n t i c a t i o n - R e s u l t s : |m ^ g o o g ^ ^ ^ o mm j3 | 1 0 .2 2 4 .2 0 5 .1 3 7 a s p e r m i ^ ? ? ^ SratpTml^H fc m ; d k i m = p a s s h e a d e r . i ;_ -*.. * rm a @ g m a il.c o m R e c e iv e d : fr o m r a r .g o o g le .c o m ([ 1 0 .2 2 4 .2 0 5 .1 3 7 ] ) D a t e a n d t im e re c e iv e d !h Y w ir.h SMTP Iri f r ^ . . n ^ 8 5 7 0 q a b . 3 9 .1 3 1 b y t h e o r ig in a to r 's I F r i , 01 J u n 2Q 12 2 1 ; 2 4 : Q Q - 0 7 0 0 ( P D T )I
C E H
a s p e rm itte d
-OTOOif^
email servers
d = gm a 1 1 . c o m ; 3 = 2 0 1 2 0 1 1 3 ; h -m im e -v e rs io n : i n - r e p l y - t o : A u th e n tic a t io n s y s te m e c t : fro m :to : c o n te n t- ty p e ; used by sender's b h = T G E I P b 4 ti 7 g f Q G + g h h 7 0 k P j k x + T t / iA C lfl mail server b K g u Z L T L fg 2 + Q Z X z Z K e x lN n v R c n D /tP 4 t-Nkl !2P-t 75MxDR8 b1PK3eJ3U f/C saB ZW r>TTO X LaK O A G rP3B O t92M CZFxeU U Q 9uw L/xH A I.SnkoU TF.EA K G qO C 0 d 9 h D 5 9 D 3 0 X l8 K A C 7 Z m k b lG z X m V 4 D lW ffC L 8 9 4 R d H B O U o M zR w O W W Iib 9 5 a ll3 8 cq tlfP Z hrW F K h 5 x S n Z X sE 7 3 x Z P E Y zp 7 y ee C e Q u Y H Z N G slK x c0 7 x Q je Z u w + H W K /v R 6 x C h D Ja p Z 4 K 5 Z A fY Z m kIkF X + V dL Z qu7Y G F zy60H cuP 16y3/C 2fX H V d3uY < n M T /y e c v h C V 0 8 0 g 7 F K t6 /K z w - M I M E - V e r a io n : 1 . 0
R e c e iv e d ; b y 1 0 .2 2 4 .2 0 5 .1 3 7 w i t h SMTP i d fq9;
F r i , 01 J u n 2 0 1 2 2 1 : 2 4 : 0 0 - 0 7 0 0 (PDT) R e c e i v e d : b y 1 0 . 2 2 9 . 2 3 0 . 7 9 w i t h HTTP; F r i I n - R e p l y - T o : <C A O Y W A T T lzdD X E 308D 2rhiE 4B er
1040318;
A u n iq u e n u m b e r a s sig ne d
Referâa f aranrai ( f anYHftTT 1rrinytr Infi n? rh i Fif

D a te
l.c o m >
. ' '.
b m .google.com to
'
itify them e:
u b j
\ l . com ,
nO-E M JcgfgX + m U f j B t t 2 s y 2 d X A 0 m a i l . g m a i l .co m > o; 1 LUTIONS : : : e r m a 6 g m a il.c o m >

S en d er's fu ll n am e
) LUTIONS <
r 0 y a h o o .c o m >
C An
o l l e c t i n g e m a il header
I n f o r m is t h e
a t i o n
f r o m th a t
a i l w ith
H e a d e r s e v e ry e m a il. It c o n t a i n s th e
in fo rm a tio n
tra v e ls
d e ta ils o f th e s e n d e r, r o u tin g in f o r m a t io n , d a te , s u b je c t, a n d re c ip ie n t. T h e p ro c e s s o f v ie w in g th e e m a il h e a d e r v a rie s w it h d iffe r e n t m a il p ro g ra m s . C o m m o n ly u s e d e m a il p ro g ra m s : e e S m a rte rM a il W e b m a il O u tlo o k E xp re ss 4 -6 O u tlo o k 2 0 0 0 -2 0 0 3 O u tlo o k 2 0 0 7 E u d o ra 4 .3 /5 .0 E n to u ra g e N e ts c a p e M e s s e n g e r 4 .7 M a c M a il
T h e f o l l o w i n g is a s c r e e n s h o t o f a s a m p l e e m a i l h e a d e r .
M o d u le
02 P a g e 155
0U n C il
Exam
312-50 C e r t i f i e d
D e liv e r e d - T o : 8 .-- !g ma i l . c o m R e c e iv e d : b y 1 0 . 1 1 2 . 39". 1 6 7 w i t h SMTP i d q 7 c s p 4 8 9 4 1 2 1 b k ; F r i , 1 J u n 2 0 1 2 2 1 : 2 4 : 0 1 - 0 7 0 0 (PDT) R e t u r n - P a t h : < - - e r m a @ g m a il.c o m > R e c e iv e d - S P F : p a s s ( g o o g l e . c o m : d o m a in o f 1 e n n a 0 g m a il.c o m d e s i g n a t e s 1 0 . 2 2 4 . 2 0 5 . 1 3 7 a s p e r m i t t e d s e n d e r) c li e n t - i p = 1 0 . 2 2 A u t h e n t i c a t i o n - R e s u l t s : p n r 7 g o o g l^ ^ o m J 3 p f - p a 3 3 ( g o o g l e . c o m : d o m a in o f e r m a 8 g m a il. c o m d e s i g n a t e s 1 0 .2 2 4 .2 0 5 .1 3 7 a s p e r m it te d s e n a e rj s mt p . ma i l 3 - r m a g g m a i l . c o m ; d k im = p a s s h e a d e r. i= ; ? r m a 8 g m a il.c o m R e c e iv e d : f r o m m r . g o o g l e . c o m ( [ 1 0 . 2 2 4 . 2 0 5 . 1 3 7 ] ) h v i n . ? ? < 7 . ?> 5 - w i n , s m t p in ^ , 0 ^ < ; 7 8 ; 7 0 ^ . <>. 1 * 1 1 ) 4 0 7 7 ( n u m _ h o p s = 1 ) ; | F n , 01 J u n 2 0 1 2 2 1 : 2 4 : 0 0 - 0 7 0 0 ( P D T )! D K I M - S ig n a t u r e : v = l / l ^ ^ r s a - s h a ^ ^ o / J c = r e l a x e d / r e l a x e d ; d= g m a i 1 . c o m ; ? 1 h = m im e - v e r s io n : in - r e p ly - t o : r e fe r e n c e s : d a t e : m e s s a g e - id : s u b je c t : f r o m : to :c o n te n t- ty p e ; b h = T G E IP b 4 ti7 g fQ G + g h h 7 0 k P jk x 4 T t/iA C lP P y W m N g Y H c = ; b K g u Z L T L fg 2 + Q Z X z Z K e x lN n v R c n D /+ P 4 + N k 5 N K S P tG 7 u H X D s fv /h G H 4 6 e 2 F + 7 5 M x D R 8 b lP K 3 e J 3 U f/C s a B Z W D IT O X L a K O A G rP 3 B O t9 2 M C Z F x e U U Q 9 u w L /x H A L S n k e U IE E e K G q O C o a 9 h D 5 9 D 3 o X I8 K A C 7 Z m k b lG z X m V 4 D lW ffC L 8 9 4 R a M B 0 U o M z R w 0 W W Iib 9 5 a lI3 8 c q tlfP Z h rW F K h 5 x S n Z X s E 7 3 x Z P E Y z p 7 y e c C e Q u Y H Z N G s lK x c 0 7 x Q je Z u w + H W K /v R 6 x C h D J a p Z 4 K5 Z A f Y Z m k I k F X -V d L Z q u Y G F z y H c u P l6 y S / C 2 fX H V d s u Y a m M T /y e c v h C V o 8 0 g 7 F K t 6 /K z w M I M E - V e r s io n : 1 . 0 R e c e iv e d : b y 1 0 . 2 2 4 . 2 0 5 . 1 3 7 w i t h SMTP i d f q 9 m r 6 7 0 4 5 8 6 q a b . 3 9 . 1 3 3 8 6 1 1 0 4 0 3 1 8 ; F r i , 01 J u n 2 0 1 2 2 1 : 2 4 : 0 0 - 0 7 0 0 (PDT) R e c e iv e d : b y 1 0 . 2 2 9 . 2 3 0 . 7 9 w i t h H T T P ; F r i , 1 J u n 2 0 1 2 2 1 : 2 3 : 5 9 - 0 7 0 0 (PDT) I n - R e p l y - T o : < C A O Y W A T T lz d D X E 3 o 8 D 2 r h iE 4 B e r2 M tV 0 u h r o 6 r 4 7 M u 7 c 8 u b p 8 E g @ m a il.g m a il.c o m > R e f e r o f l g a ^ ^ 2 i j i 2 l d f i J S 2 a 2 2 i J i ^ 4 ^ e r 2 M tV O u h r o 6 r + 7 M u 7 c 8 u b p 8 E g 0 m a il. g m a i l . com > D a te : | S a t, 7 Jun 201? 0 9 :5 3 :5 9 40530 1 M e s s a g e - i t : <(!:A M ivo X 'fl !1cf1n 'w !iW < i5 z ih N n O - E M J c g fg X + m U fj B _ t t 2 s y 2 d X A 0 m a i l . g m a i l . com > S u b je j^ ^ ii_ _ _ ji* ,_ 0 L U T I0 N S : : : F r o m :| ~ M ir z a |< - - e r m a p g m a il. com > To: i f t s a m a i i . c om , 1LU TI0N S < - * - - - t i o n s 8 g m a i l. c o m > , ... 1 a A k e r 8 y a h o o .c o m > ,
0 120 1
60
^ < tm
FIGURE 2.24: Email header screenshot T h is e m a il h e a d e r c o n ta in s t h e f o llo w in g in f o r m a t io n : e e S e n d e r's m a il s e rv e r D a ta a n d t im e re c e iv e d b y th e o r ig in a to r 's e m a il s e rv e rs A u t h e n t ic a tio n s y s te m u s e d b y s e n d e r 's m a il s e rv e r D a ta a n d t im e o f m e s s a g e s e n t A u n iq u e n u m b e r a s s ig n e d b y m r .g o o g le .c o m t o id e n t if y t h e m e s s a g e S e n d e r's fu ll n a m e S e n d e r s IP a d d r e s s T he a d d re ss fr o m w h ic h th e m e s s a g e w a s s e n t
e e e e e e
T h e a t t a c k e r c a n t r a c e a n d c o l l e c t a ll o f t h i s i n f o r m a t i o n b y p e r f o r m i n g a d e t a i l e d a n a l y s i s o f t h e c o m p le te e m a il h e a d e r.
M o d u le
02 P a g e 156
0U n C il
Exam
312-50 C e r t i f i e d
E m a i l T r a c k i n g T o o ls
Email Lookup - Free Email Tracker
T r a c e E m a il - T r a c k E m a il
C E H
Email Header A n a ly sis
IP Address: 72.52.192 147 (host.marhsttanrrediagroup.con) IP Address Country: Unred States ip continent north America
IP Address City Location: Lansing IP Address Region: Michigan IP Address Latitude: *2.7257. IP Address longtitude: -84.636 Organ i ra t on: So jrcoDNS
tm aii Lookup wap (sn o w n id e )

M ap Satellite
Email Metrics
Bath Charter Township
O on d -
w *
* ( f t
Lansing
E03t Lansing
! ! ! ! ! ! ! ! I I j !.! ! f I ! I I ! 1 1 1 P o lit e M a il (http://www.politemail.com)
IVac dfeta 82012 Gooole - Terms of Use Report a map e
E m a il L o o k u p - F re e E m a il T ra c k e r (http://www.ipaddresslocation.org)
Copyright by EG-G(l1ncil. All Rights Reserved. Reproduction is Strictly Prohibited.
a i l
T r a c k i n g to o ls
T o o l s you to tra c k an e m a il and e x tra c t in fo rm a tio n such as
E m a il
tra c k in g
a llo w
s e n d e r i d e n t i t y , m a i l s e r v e r , s e n d e r ' s IP a d d r e s s , e t c . Y o u c a n u s e t h e e x t r a c t e d i n f o r m a t i o n t o a tta c k t h e t a r g e t o r g a n iz a tio n 's s y s te m s b y s e n d in g m a lic io u s e m a ils . N u m e r o u s e m a il tr a c k in g t o o l s a r e r e a d i l y a v a i l a b l e in t h e m a r k e t . T h e f o llo w in g a re a f e w c o m m o n ly u s e d e m a il tr a c k in g to o ls :
e M a ilT r a c k e r P r o S o u rce : h ttp ://w w w .e m a iltra c k e r p ro .c o m e M a i l T r a c k e r P r o is a n e m a i l t r a c k i n g t o o l t h a t a n a l y z e s e m a i l h e a d e r s a n d r e v e a l s i n f o r m a t i o n s u c h a s s e n d e r ' s g e o g r a p h i c a l l o c a t i o n , IP a d d r e s s , e t c . I t a l l o w s y o u t o b y s a v in g a ll p a s t t r a c e s . r e v ie w t h e tr a c e s la te r
M o d u le
02 P a g e 157
0U n C il
Exam
312-50 C e r t i f i e d
M*fTrKtfT*o v9Qh Advanced {(Woiv Tnjl ay 3 of
po^ ndotftf) ntrtiiwHTmMn*(

18382 14 17 12 240 t 18087 385 80 231 217 17 80231217 2 80 231 2006 80 231 91 X 80 231 1382 Teu arc <a day J ( *1 4 in*. 1 ? . . STATIC w l M(Ot01 1* . >.-0'00 -cor. M.V-Mx'** MUU Mt Mjrrfe* M t lc 1 * WYfttMar*** mMS3 * *2 2 lc2 W lN lto M * * M 3 mi u m Sh m < 21c*2SV *!>* m M O w l(M t *& KMM v * H
n*r s M KTT mt*( n*van( on *vyv** (tt* !jomnf on M m (tkt port nctoM<A T*#f n no w nw n m ! ontMt (t port
(fr t* e * l
* 22
Ooitiim *
V 0 M < M <w
n7 9 3
* v x aito U flU O'* ('<***"
cJrp out of (M*. 10 | ttnKw* dala b m OOJlCt
FIGURE 2.25: eM ailTrackerP ro show ing geographical lo ca tio n o f sender
P o lit e M
a il
S o u rce : h ttp ://w w w .p o lite m a il.c o m P o l i t e M a i l is a n e m a i l t r a c k i n g t o o l f o r O u t l o o k . I t t r a c k s a n d p ro v id e s c o m p le te d e ta ils a b o u t lin k s a re b e in g in c lu d in g
w h o o p e n e d y o u r m a il a n d w h ic h d o c u m e n t has b e e n o p e n e d , as w e ll as w h ic h c lic k e d and re a d . It o ffe rs m a il m e rg in g , s p lit te s tin g , and fu ll lis t
m anagem ent
s e g m e n t in g . Y o u c a n c o m p o s e a n e m a il c o n t a i n i n g m a l ic io u s lin k s a n d s e n d it t o t h e e m p lo y e e s o f t h e t a r g e t o r g a n iz a t io n a n d k e e p t r a c k o f y o u r e m a il. If t h e e m p l o y e e c lic k s o n t h e lin k , h e o r s h e is i n f e c t e d and you w ill b e n o tifie d . T hu s, y o u c a n g a in c o n t r o l o v e r t h e s y s te m w ith th e
h e lp o f th is to o l.
FIGURE 2.26: P o litem ail screenshot
N IC
W W W
E m
a il L o o k u p
F r e e
E m
a il T r a c k e r
S o u rce : h ttp ://w w w .ip a d d r e s s lo c a tio n .o rg
M o d u le
02 P a g e 158
0l 1 n C il
Exam
312-50 C e r t i f i e d
E m a i l L o o k u p is a n e m a i l t r a c k i n g t o o l t h a t d e t e r m i n e s t h e IP a d d r e s s o f t h e s e n d e r b y a n a l y z i n g th e e m a il h e a d e r. Y ou can c o p y a n d p a s te th e e m a il h e a d e r in to th is e m a il tra c k in g to o l a n d
s ta r t tr a c in g e m a il.
M o d u le
02 P a g e 159
0U n C il
Exam
312-50 C e r t i f i e d
E m a il L o o k u p - F re e T ra c e E m a il T ra c k E m a il
E m a il T ra c k e r
Email Header Analysis IP Address: 72.52.192.147 (host manhattanmed1agroup.com) IP Address Country: United States fe i IP Continent: North America IP Address City Location: Lansng IP Address Region: Michigan IP Address Latitude: 42 7257, IP Address Longtitude: -84 636 Organization: SourceDNS Email Lookup Map (show/hide)
FIGURE 2 .2 7 : E m ail L o o k u p S c re e n s h o t
M o d u le
02 P a g e 160
0l 1 n C il
Exam
312-50 C e r t i f i e d
E m a i l T r a c k i n g T o o ls
( C o n t d ) Read N o tify http://www.readnotify, com P o in to fm a il http://www.pointofmail.com
C E H
'
D id T h e yR e a d lt http://www.didtheyreadit. com
S u p e r Em ail M a rk e tin g S o ftw a re http://www.bulk-email-marketing-software.net
Trace Em ail http://whatism yipaddress. com
W hoR eadM e http://whoreadme.com
MSGTAG http://www.msgtag.com
G e tN o tify h ttn / / iajiaj\aj nt>\ http://www.getnotify.com
S '/
J J S >
Z e n d io http://www.zendio.com
a
'
G -Lock A n a ly tic s http://glockanalytics.com
a i l
T r a c k i n g
T o o l s
( C
o n t d )
M
---------
R e a d
N o t if y
S o u rce : h ttp ://w w w .r e a d n o tify .c o m
R e a d N o t i f y p r o v i d e s a n e m a i l t r a c k i n g s e r v i c e . I t n o t i f i e s y o u w h e n a t r a c k e d e m a i l is o p e n e d , re -o p e n e d , o r fo rw a rd e d . d e liv e r y d e ta ils , d a te Read N o tify tra c k in g re p o rts c o n ta in in fo rm a tio n su ch as c o m p le te m ap of
a n d tim e
o f o p e n in g , g e o g ra p h ic lo c a tio n
o f r e c ip ie n t, v is u a liz e d
l o c a t i o n , IP a d d r e s s o f t h e e tc .), e tc .
re c ip ie n ts , r e fe r r e r d e ta ils
(i.e ., if a c c e s s e d v ia w e b
e m a il a c c o u n t
D id T h e y R e a d lt S o u rce : h ttp ://w w w .d id th e y r e a d it.c o m
D i d T h e y R e a d l t is a n e m a i l t r a c k i n g u t i l i t y . I n o r d e r t o u s e t h i s u t i l i t y y o u n e e d t o s i g n u p f o r a n a c c o u n t. a d d re ss. Then you need to add w e re ".D id T h e y R e a d lt.c o m " s e n d in g an e -m a il to to th e end o f th e r e c ip ie n t's e -m a il it t o
F o r e x a m p le ,
if y o u
e lle n @ a o l.c o m , y o u 'd ju s t s e n d
e lle n @ a o l.c o m .D id T h e y R e a d lt.c o m
in s te a d , a n d y o u r e m a il w o u ld
be tra c k e d , e lle n @ a o l.c o m
w o u ld n o t s e e t h a t y o u a d d e d .D id T h e y R e a d lt.c o m t o h e r e m a il a d d re s s . T h is u t ilit y tr a c k s e v e r y e m a il t h a t y o u s e n d in v is ib ly , w i t h o u t a l e r t i n g t h e r e c i p i e n t . If t h e u s e r o p e n s y o u r m a il, t h e n it
M o d u le
02 P a g e 161
0U n C il
Exam
312-50 C e r t i f i e d
in fo rm s
you
when
your
m a il
was
opened,
how
lo n g
your
e m a il
re m a in e d
open,
and
th e
g e o g r a p h ic lo c a tio n w h e r e y o u r e m a il w a s v ie w e d .
T r a c e E m a il S o u rce : h ttp ://w h a tis m y ip a d d re s s .c o m T h e T ra c e E m a il to o l a t t e m p t s t o lo c a te th e so u rce IP a d d r e s s o f a n e m a i l b a s e d o n t h e e m a il
h e a d e rs . Y o u ju s t n e e d to c o p y a n d p a s te th e fu ll h e a d e rs o f th e ta r g e t e m a il in to th e
H e a d e rs
b o x a n d t h e n c lic k t h e G e t S o u rc e b u t t o n . It s h o w s t h e e m a il h e a d e r a n a ly s is a n d re s u lts . T h is E m a il h e a d e r a n a ly s is t o o l d o e s n o t h a v e t h e a b ilit y t o d e t e c t f o r g e d e m a ils h e a d e r s . T h e s e fo rg e d e m a il h e a d e rs a re com m on in m a lic io u s e m a il and s p a m . T h is to o l assum es a ll m a il
s e r v e r s a n d e m a i l c l i e n t s in t h e t r a n s m i s s i o n p a t h a r e t r u s t w o r t h y .
M S G T A G S o u rce : h ttp ://w w w .m s g ta g .c o m MSGTAG when is W i n d o w s e m a il tra c k in g opened and s o ftw a re when th a t uses a read re c e ip t te c h n o lo g y to re a d . T h is s o f t w a r e te ll y o u adds a
y o u r e m a ils a re
y o u r e m a ils a re
a c tu a lly
s m a l l t r a c k a n d t r a c e t a g t h a t is u n i q u e t o e a c h e m a i l y o u n e e d d e l i v e r y c o n f i r m a t i o n f o r . W h e n t h e e m a i l is o p e n e d a n e m a i l t r a c k i n g c o d e is s e n t t o t h e M S G T A G e m a i l t r a c k i n g s y s t e m a n d a n e m a il re a d c o n fir m a tio n is d e l i v e r e d t o y o u . M S G T A G w i l l n o t i f y y o u w h e n t h e m e s s a g e is r e a d
v ia a n e m a il e d c o n f i r m a t i o n , a p o p - u p m e s s a g e , o r a n S M S t e x t m e s s a g e .
vSW ,
Z e n d io S o u rce : h ttp ://w w w .z e n d io .c o m
Z e n d io , th e th e
e m a il tra c k in g s o ftw a r e can fo llo w
a d d -in f o r O u tlo o k , n o tifie s y o u when th e y read it a n d
o n c e y o u r re c ip ie n t rea d s c lic k e d on any lin k s
e m a il, so y o u
u p , k n o w in g
if t h e y
i n c l u d e d in t h e e m a i l . P o in t o f m a il S o u rce : h ttp ://w w w .p o in to fm a il.c o m P o in to fm a il.c o m tra c k s is a p r o o f o f r e c e i p t a n d and le ts you m o d ify r e a d in g s e rv ic e f o r e m a il. or d e le te sent It e n s u r e s It read re c e ip ts , d e ta ile d
a tta c h m e n ts ,
m essages.
p ro v id e s
i n f o r m a t i o n a b o u t t h e r e c ip ie n t , f u ll h is t o r y o f e m a il r e a d s a n d f o r w a r d s , lin k s a n d a t t a c h m e n t s tra c k in g , e m a il, a n d w e b a n d S M S t e x t n o tific a tio n s .
S u p e r
E m
a il M
a r k e t in g
S o ftw a r e
S o u rce : h ttp ://w w w .b u lk - e m a il- m a rk e tin g -s o ftw a r e .n e t S u p e r E m a il M a r k e t i n g S o ftw a re is a p r o f e s s i o n a l a n d s t a n d a l o n e b u lk m a ile r p r o g r a m . It has
t h e a b ilit y t o s e n d m a ils t o a lis t o f a d d re s s e s . It s u p p o r t s b o t h t e x t as w e ll as H T M L f o r m a t t e d e m a il s . A ll d u p lic a t e e m a il a d d re s s e s a re r e m o v e d a u t o m a t ic a ll y b y u s in g t h is a p p lic a t io n . E ach m a i l is s e n t i n d i v i d u a l l y t o t h e r e c i p i e n t s o t h a t t h e r e c i p i e n t c a n o n l y s e e h i s o r h e r e m a i l i n t h e
M o d u le
02 P a g e 162
0U n C il
Exam
312-50 C e r t i f i e d
e m a il h e a d e r . It s a v e s t h e e m a il a d d re s s e s o f t h e s u c c e s s fu l s e n t m a ils as w e ll as t h e fa ile d m a ils t o a te x t, CSV, T S V o r M ic r o s o f t E xce l file .
M o d u le
02 P a g e 163
0U n C il
Exam
312-50 C e r t i f i e d
W " 5
h o R e a d M e
o u rc e : h ttp ://w h o r e a d m e .c o m
W h o R e a d M e is a n e m a i l t r a c k i n g t o o l . I t is c o m p l e t e l y i n v i s i b l e t o r e c i p i e n t s . T h e r e c i p i e n t s w i l l h a v e n o id e a t h a t t h e e m a ils s e n t t o t h e m th e re c ip ie n t o p e n s th e s y s te m a r e b e i n g t r a c k e d . T h e s e n d e r is n o t i f i e d e v e r y t i m e
m a il s e n t b y t h e s e n d e r . It tr a c k s in f o r m a t i o n s u c h as t y p e o f o p e r a t in g b e t w e e n t h e m a ils s e n t a n d
a n d b r o w s e r u s e d , A c t i v e X C o n t r o l s , CSS v e r s i o n , d u r a t i o n
re a d tim e , e tc .
G e t N o t if y S o u rce : h t t o : / / w w w . g e tn o tify .c o m G e t N o t i f y is a n e m a i l t r a c k i n g t o o l t h a t s e n d s n o t i f i c a t i o n s w h e n t h e r e c i p i e n t o p e n s a n d r e a d s t h e m a il. It s e n d s n o t i f i c a t i o n s w i t h o u t t h e k n o w l e d g e o f r e c i p i e n t .
G L o c k
A n a ly t ic s
S o u rce : h ttp ://g lo c k a n a ly tic s .c o m is a n e m a i l t r a c k i n g s e rv ic e . T h is a llo w s y o u to know w h a t happens to your
G -L o c k A n a ly tic s
e m a ils a f t e r t h e y a re s e n t. T h is t o o l r e p o r t s t o y o u h o w fo rw a rd e d .
m a n y tim e s th e e m a il w a s p rin te d a n d
M o d u le
02 P a g e 164
0U n C il
Exam
312-50 C e r t i f i e d
C E H
WHOIS Footprinting
DNS Footprinting
Email Footprinting
F o o t p r i n t i n g The in te llig e n c e . C o m p e titiv e in te llig e n c e next phase
e t h o d o l o g y m e th o d o lo g y a fte r e m a il fo o t p r in t in g is c o m p e t i t i v e
in f o o t p r i n t i n g
is a p r o c e s s t h a t g a t h e r s , a n a l y z e s , a n d d i s t r i b u t e s i n t e l l i g e n c e
about
p r o d u c t s , c u s t o m e r s , c o m p e t i t o r s , a n d t e c h n o l o g i e s u s i n g t h e I n t e r n e t . T h e i n f o r m a t i o n t h a t is g a th e re d s e c tio n can h e lp m a n a g e rs and e x e c u tiv e s of a com pany and m ake s tra te g ic you d e c is io n s . T h is
is a b o u t c o m p e t i t i v e
in te llig e n c e
g a th e rin g
so u rc e s
w h e re
can
g e t v a lu a b le
in fo rm a tio n .
M o d u le
02 P a g e 165
0U n C il
Exam
312-50 C e r t i f i e d
Com petitive Intelligence Gathering

J C o m p e titive in telligence is th e process o f id e n tify in g , g a th e rin g , a n a lyzing, v e rify in g , and using in fo rm a tio n a b o u t yo u r co m p e tito rs fro m resources such as th e In te rn e t J C o m p e titive in telligence is n o n -in te rfe rin g and s u b tle in n a tu re 0 0
S o u rc e s of C om petitive Intelligence
1 C o m p a n y w e b site s and e m p lo y m e n t ads 6 Social e ng in ee ring e m p lo ye e s
2 3
-
Search engines, Internet, and o n lin e d a tab ases
P ro d u ct c ata lo g u e s and re ta il o u tle ts
Press releases a nd a n n u al re po rts
A n a ly st a nd re g u la to ry re p o rts
Trade jo u rn a ls, con feren ces, and ne w sp a p e r
C u sto m e r a nd v e n d o r in te rv ie w s
P ate nt a nd tra d e m a rks
10
Agents, d istrib u to rs, and sup p lie rs
o m
p e t i t i v e to o ls a re
I n t e l l i g e n c e re a d ily a v a ila b le in
G th e
a t h e r i n g m a rke t fo r th e p u rp o se of c o m p e titiv e
V a rio u s
in te llig e n c e g a th e rin g . A c q u is itio n th e o f in fo rm a tio n a b o u t p r o d u c ts , c o m p e t it o r s , a n d te c h n o lo g ie s o f a c o m p a n y u s in g in te llig e n c e . C o m p e titiv e in te llig e n c e is n o t j u s t a b o u t e tc . th a t im p a c t
I n t e r n e t is d e f i n e d
as c o m p e t it iv e
a n a ly z in g c o m p e tito r s th e
but also analyzing their products, customers, suppliers,

in n a t u r e co m p a re d to th e o u t th ro u g h h a c k in g o r in d u s tria l e s p io n a g e . It g a th e rs in fo rm a tio n
o r g a n i z a t i o n . I t is n o n - i n t e r f e r i n g a n d s u b t l e
d ir e c t in te lle c tu a l
p r o p e r t y t h e f t c a rrie d th e e x te rn a l b u s in e s s
It m a in ly c o n c e n t r a t e s o n and le g a lly in s te a d g a th e re d of is fo r
e n v iro n m e n t.
e th ic a lly
g a th e rin g not
it s e c re tly . A c c o r d in g t o th e n it is not c a lle d
Cl p r o f e s s i o n a l s , i f t h e in te llig e n c e .
in te llig e n c e
in fo rm a tio n is
u s e fu l,
C o m p e titiv e
in te llig e n c e
p e rfo rm e d
d e te rm in in g : W h a t th e c o m p e tito r s a re d o in g H o w c o m p e tito r s a re p o s itio n in g t h e ir p r o d u c ts a n d s e rv ic e s
Sources of Competitive Intelligence:

C o m p a n y w e b s ite s a n d e m p lo y m e n t ads S S e a rc h e n g in e s , In te r n e t, a n d o n lin e d a ta b a s e s
M o d u le
02 P a g e 166
0l i n C i l
Exam
312-50 C e r t i f i e d
e e e e e e e e
P ress re le a s e s a n d a n n u a l r e p o r ts T ra d e jo u rn a ls , c o n fe re n c e s , a n d n e w s p a p e rs P a te n ts a n d tra d e m a rk s S o c ia l e n g i n e e r i n g e m p l o y e e s P r o d u c t c a ta lo g s a n d re ta il o u tle ts A n a ly s t a n d r e g u la to r y re p o r ts C u s to m e r a n d v e n d o r in te rv ie w s A g e n ts , d is tr ib u to r s , a n d s u p p lie rs in te llig e n c e or by can a be c a rrie d out by e ith e r e m p lo y in g w h ic h p e o p le in c u rs to a se a rch lo w e r fo r th e th a n
C o m p e titiv e in fo rm a tio n
u tiliz in g
c o m m e rc ia l
d a ta b a s e
s e rv ic e ,
cost
e m p lo y in g p e rs o n n e l to d o th e s a m e th in g .
M o d u le
02 P a g e 167
0U n C il
Exam
312-50 C e r t i f i e d
C o m C o m
p e t it iv e p a n y
I n t e llig e n c e H o w
- W it
h e n
D id
t h is
B e g in ?
D id
D e v e lo p ?
C E H
When did it begin?
V is it T h e s e S ite s ------------------------------------------------------
01. EDGAR Database

http://www.sec.gov/edgar.shtml
-----------------------------------02. Hoovers
How did it develop? http://www.hoovers.com ________________________________
03. LexisNexis
M 2) http://www.lexisnexis.com
-----------------------------------04. Business Wire

^ Hs) http://www.businesswire.com
Copyright by EG-Gtlincil. All Rights Reserved. Reproduction is Strictly Prohibited.
o m
p e t i t i v e H o w
I n t e l l i g e n c e D i d i t
h e n
i d
t h i s
o m
p a n y
B e g i n ?
D e v e l o p ?
G a th e r in g c o m p e t it o r d o c u m e n t s a n d re c o r d s h e lp s im p r o v e p r o d u c t iv it y a n d p r o f i t a b i l i t y a n d s t i m u l a t e t h e g r o w t h . It h e lp s d e t e r m i n e t h e a n s w e r s t o t h e f o l l o w i n g :
When did it begin?

T h ro u g h c o m p e titiv e in te llig e n c e , th e h is to ry o f a c o m p a n y can b e c o lle c t e d , s u c h as w h e n a
p a r tic u la r c o m p a n y w a s e s ta b lis h e d . S o m e tim e s , c ru c ia l in f o r m a t io n t h a t is n 't u s u a lly a v a ila b le f o r o t h e r s c a n a ls o b e c o lle c t e d .
How did it develop?

I t is v e r y b e n e f i c i a l t o k n o w a b o u t h o w e x a c tly a p a rtic u la r c o m p a n y has d e v e lo p e d . W h a t a re
t h e v a rio u s s tr a te g ie s u s e d b y t h e c o m p a n y ? T h e ir a d v e r t is e m e n t p o lic y , c u s t o m e r r e la tio n s h ip m a n a g e m e n t, e tc . c a n b e le a rn e d .
Who leads it?

T h is i n f o r m a t i o n com pany. h e lp s a c o m p a n y le a rn d e ta ils o f t h e le a d in g p e rs o n (d e c is io n m a ke r) o f th e
Where is it located?
M o d u le
02 P a g e 168
0U n C il
Exam
312-50 C e r t i f i e d
T h e lo c a tio n o f th e c o m p a n y a n d in fo r m a tio n
re la te d to v a rio u s b ra n c h e s a n d th e ir o p e ra tio n s
c a n b e c o lle c te d t h r o u g h c o m p e titiv e in te llig e n c e . You can use th is in fo rm a tio n g a th e re d th ro u g h c o m p e titiv e in te llig e n c e to b u ild a h a c k in g
s tra te g y . T h e f o llo w in g a re in f o r m a t io n r e s o u r c e s ite s t h a t h e lp u s e rs g a in c o m p e t i t i v e in t e llig e n c e .
0 1 c3 A ll
E D G A R S o u rce : h ttp ://w w w .s e c .g o v /e d g a r .s h tm l fo re ig n and d o m e s tic , a re re q u ire d to file re g is tra tio n s ta te m e n ts , p e rio d ic
c o m p a n ie s ,
re p o rts , a n d o th e r fo rm s e le c tro n ic a lly th ro u g h
EDGAR. A n y o n e can v ie w th e
ED G AR d a ta b a s e
f r e e l y t h r o u g h t h e I n t e r n e t ( w e b o r FTP). A ll t h e d o c u m e n t s t h a t a r e f i l e d w i t h t h e c o m m i s s i o n b y p u b lic c o m p a n ie s m a y n o t b e a v a ila b le o n ED G AR .
H o o v e r s M = = I i S o u rce : h ttp ://w w w .h o o v e r s .c o m d e ta ils a b o u t c o m p a n ie s a n d in fo rm a tio n th ro u g h o t h e r o n lin e s e rv ic e s . p e o p le in th a t d riv e th e
H o o v e r s is a b u s i n e s s r e s e a r c h c o m p a n y t h a t p r o v i d e s c o m p l e t e i n d u s t r i e s a ll o v e r t h e w o r l d . H o o v e r s p r o v i d e s p a t e n t e d
b u s in e s s -re la te d
I n t e r n e t , d a ta fe e d s , w ir e le s s d e v ic e s , a n d c o - b r a n d in g a g r e e m e n t s w it h It g iv e s c o m p l e t e econom y and a ls o in fo rm a tio n p ro v id e th e a b o u t th e to o ls o rg a n iz a tio n s , to in d u s trie s , th e rig h t and
fo r c o n n e c tin g
p e o p le ,
o rd e r fo r g e ttin g
b u s in e s s d o n e .
L e x is N e x is S o u rce : h ttp ://w w w .le x is n e x is .c o m L e x i s N e x i s is a g l o b a l p r o v i d e r o f c o n t e n t - e n a b l e d p ro fe s s io n a ls in th e le g a l, ris k m a n a g e m e n t, w o rk flo w c o rp o ra te , s o lu tio n s d e s ig n e d s p e c ific a lly f o r g o v e rn m e n t, la w e n fo rc e m e n t,
a c c o u n t i n g , a n d a c a d e m i c m a r k e t s . It m a i n t a in s a n e l e c t r o n i c d a t a b a s e t h r o u g h w h i c h y o u c a n g e t le g a l a n d p u b lic -re c o rd s re la te d in fo rm a tio n . D o c u m e n ts and re co rd s o f le g a l, n e w s , a n d
b u s in e s s s o u rc e s a re m a d e a c c e s s ib le t o c u s to m e r s .
B u s in e s s
ir e
S o u rce : h ttp ://w w w .b u s in e s s w ir e .c o m B u s i n e s s W i r e is a c o m p a n y t h a t f o c u s e s o n p r e s s r e l e a s e d i s t r i b u t i o n a n d r e g u l a t o r y d i s c l o s u r e . F u ll t e x t n e w s re le a s e s , p h o to s , a n d o th e r m u ltim e d ia c o n te n t fro m th o u s a n d s o f c o m p a n ie s
a n d o rg a n iz a tio n s a re d is tr ib u te d fin a n c ia l m a rk e ts , in v e s to rs ,
b y th is c o m p a n y a c ro s s th e g lo b e t o jo u rn a lis ts , n e w s m e d ia , w e b s ite , d a ta b a s e s , and g e n e ra l a u d ie n c e s . T h is
in fo rm a tio n
c o m p a n y h a s its o w n p a t e n t e d e l e c t r o n i c n e t w o r k t h r o u g h w h i c h it r e le a s e s its n e w s .
M o d u le
02 P a g e 169
0U n C il
Exam
312-50 C e r t i f i e d
C om petitive Intelligence -W hat c A re the C om pany's Plans? ^ ^ ^ P ^ ^ ^ ^ ^ ^ ^ om petitiv^ ntelligenc^ Site^ ^

fertMM
M a rke t W atch (h
ttp : //w w w .m a r k e tw a tc h .c o m )
M a rk e t^
The W all S treet Transcript
(h t t p : / / w w w .t w s t .c o m )
J twst.com
upper marketplace
Lipper M arke tp la ce
(h ttp : // w w w .lip p e r m a r k e tp la c e .c o m )
\ /
E u ro m o n ito r
(h ttp : // w w w .e u r o m o n ito r .c o m )
I tUR OM ON M OR
Fagan Finder
(h t t p : // w w w .fa g a n fin d e r .c o m )
^Fagan-^
Finder S E C I n fo
Search M pmI to r
SEC Info
(h ttp : // w w w .s e c in fo .c o m )
The Search M o n ito r
(h t t p : // w w w .th e s e a r c h m o n i to r .c o m )
Copyright by EG-G*ancil. All Rights Reserved. Reproduction is Strictly Prohibited
C M M to
o m
p e t i t i v e
I n t e l l i g e n c e
h a t
A r e
t h e
o m
p a n y 's
P la n s ? The fo llo w in g a re a fe w m o re e x a m p le s of w e b s ite s th a t a re u s e fu l to g a th e r v a lu a b le
in f o r m a t io n a b o u t v a rio u s c o m p a n ie s a n d t h e ir p la n s t h r o u g h c o m p e t it iv e in te llig e n c e :
M a r k e t W
a t c h
S o u rce : h ttp ://w w w .m a r k e tw a tc h .c o m M a rk e tW a tc h tra c k s th e p u ls e o f m a r k e ts . T h e s ite p ro v id e s b u s in e s s n e w s , p e rs o n a l fin a n c e
in fo rm a tio n , re a l-tim e c o m m e n ta ry , a n d in v e s tm e n t to o ls a n d d a ta , w ith g e n e r a tin g h u n d r e d s o f h e a d lin e s , s to rie s , v id e o s , a n d m a r k e t b rie fs a d a y .
d e d ic a te d jo u rn a lis ts
S fli
T h e
a ll
S tre e t T r a n s c r ip t
Pi
in d u s try
S o u rce : h ttp ://w w w .tw s t.c o m p u b lic a tio n t h a t p u b lis h e s o f d iffe re n t
T h e W a l l S t r e e t T r a n s c r i p t is a w e b s i t e a s w e l l a s p a i d s u b s c r i p t i o n re p o rts . It e x p re s s e s t h e v ie w s of m oney m an a g e rs and
e q u ity
a n a ly s ts
in d u s tr y s e c to rs . In te rv ie w s w it h CEOs o f c o m p a n ie s a re p u b lis h e d .
L ip p e r
M a r k e t p la c e
M o d u le
02 P a g e 170
0l 1 n C il
Exam
312-50 C e r t i f i e d
S o u rce : h ttp ://w w w .lip p e r m a r k e tp la c e .c o m L ip p e r M a r k e tp la c e o ffe rs w e b -b a s e d s o lu tio n s t h a t a re h e lp fu l f o r id e n tify in g th e c o m p a n y . M a rk e tp la c e needed h e l p s in q u a l i f y i n g p r o s p e c t s a n d th e s e p ro s p e c ts in to p ro v id e s th e c o m p e titiv e u se rs to m a rke t o f a in te llig e n c e id e n tify net
fo r tra n s fo rm in g
c lie n ts . Its s o lu t io n s
a llo w
flo w s a n d tra c k in s titu tio n a l tre n d s .
I l l 'l l
E u r o m o n it o r S o u rce : h ttp ://w w w .e u r o m o n ito r .c o m
E u ro m o n ito r
p ro v id e s
s tra te g y
rese a rch
fo r
consum er
m a rk e ts .
It
p u b lis h e s
re p o rts
on
in d u s t r ie s , c o n s u m e r s , a n d d e m o g r a p h ic s . It p r o v id e s m a r k e t r e s e a r c h a n d s u r v e y s f o c u s e d o n y o u r o r g a n iz a tio n 's n e e d s .
F a g a n R 1 Fagan
F in d e r
S o u rce : h ttp ://w w w .fa g a n fin d e r .c o m o f i n t e r n e t t o o l s . I t is a d i r e c t o r y o f b l o g s i t e s , n e w s s i t e s , s e a r c h s c ie n c e and e d u c a tio n s ite s , e tc . S p e c ia liz e d to o ls such as
F i n d e r is a c o l l e c t i o n p h o to s h a rin g
e n g in e s ,
s ite s ,
T ra n s la tio n W iz a rd a n d U R L in fo a re a v a ila b le f o r fin d in g in fo r m a t io n a b o u t v a rio u s a c tio n s w it h a w e b page.
M
^ >
S E C
I n f o
S o u rce : h ttp ://w w w .s e c in fo .c o m
SEC I n f o o f f e r s t h e U .S . S e c u r i t i e s a n d E x c h a n g e C o m m i s s i o n th e w e b , w ith In d u s try , a n d C o d e , e tc . b illio n s o f lin k s a d d e d t o B u s i n e s s , SIC C o d e , A r e a
(SEC) EDGAR
d a ta b a s e s e rv ic e o n se a rch b y N a m e ,
t h e SEC d o c u m e n t s . It a l l o w s y o u t o C o d e , A c c e s s io n N u m b e r,
F ile N u m b e r , C lK , T o p i c , Z IP
T h e
S e a r c h
o n it o r
S o u rce : h ttp ://w w w .th e s e a r c h m o n ito r .c o m T h e S e a rc h M o n it o r p ro v id e s r e a l- tim e c o m p e titiv e in te llig e n c e to m o n it o r a n u m b e r o f th in g s . It a llo w s y o u to m o n it o r m a r k e t s h a re , p a g e ra n k , a d c o p y , la n d in g pages, and th e budget of
y o u r c o m p e tito rs . W ith th e tr a d e m a r k m o n ito r , y o u can m o n ito r th e as y o u r c o m p e tito r 's b ra n d and w ith th e a ffilia te m o n ito r; you can
b u zz a b o u t y o u rs as w e ll w a tc h m o n ito r ad and
la n d in g p a g e c o p y .
M o d u le
02 P a g e 171
0U n C il
Exam
312-50 C e r t i f i e d
C o m O
p e t it iv e S a y
I n t e l l i g e n c e A b o u t t h e
- W
h a t
E x p e r t
p in io n s
C o m
p a n y
C E H
C o m p ete PRO
http://w w w .com pete.com
C opernic T rack er
http://www .copernic.com
ABI/INFORM Global
http://w w w .proquest.com
SEMRush
http://www .sem rush.com
A tten tio n M eter

http://w w w .attentionm eter.com a s !
Jo b lto rlal
http ://w w w .job ito ria l.co m
Copyright by EG-G(IIIICil. All Rights Reserved. Reproduction Is Strictly Prohibited.
o m C
p e t i t i v e o m p a n y
I n t e l l i g e n c e
h a t
E x p e r t
p i n i o n s
S a y
A b o u t
t h e
C o p e r n ic
T r a c k e r
S o u rce : h ttp ://w w w .c o p e r n ic .c o m C o p e rn ic is w e b s i t e you tra c k in g c o n te n t s o ftw a re . It an m o n ito rs e m a il, a c o m p e tito r 's if a n y. The w e b s ite c o n tin u o u s ly as w e ll and
a c k n o w le d g e s
c h a n g e s v ia
u p d a te d
pages
as th e
c h a n g e s m a d e in t h e s it e a r e h i g h l i g h t e d f o r y o u r c o n v e n i e n c e . Y o u c a n e v e n w a t c h f o r s p e c if ic k e y w o r d s , t o s e e t h e c h a n g e s m a d e o n y o u r c o m p e t i t o r 's s ite s .
S E M R u s h S o u rce : h ttp ://w w w .s e m r u s h .c o m SEM Rush k e y w o rd s re s u lts . is a c o m p e t i t i v e and k e y w o rd rese a rch to o l. For any s ite , y o u o rg a n ic about can and g e t a lis t o f G o o g le p a id G o o g le s e a rc h a re by
A d W o r d s , as w e ll as a c o m p e t it o r s m eans fo r g a in in g in -d e p th to s p e c ific
lis t in t h e k n o w le d g e
N e ce ssa ry and
w hat
c o m p e tito rs p ro v id e d
a d v e rtis in g SEM Rush
th e ir
b u d g e t a llo c a tio n
In te r n e t m a r k e tin g ta c tic s a re
M o d u le
02 P a g e 172
0U n C il
Exam
312-50 C e r t i f i e d
J o k it o r ia l S o u rce : h ttp ://w w w .io b ito r ia l.c o m J o b ito ria l p ro v id e s anonym ous e m p lo y e e re v ie w s p o s te d fo r jo b s at th o u s a n d s of
c o m p a n ie s a n d a llo w s y o u t o r e v ie w a c o m p a n y .
A t t e n t io n M e t e r S o u rce : h ttp ://w w w .a tte n tio n m e te r .c o m A tte n tio n M e te r C o m p e te , a nd is a t o o l used fo r c o m p a rin g a n y w e b s ite you d a ta w ant (tra ffic ) by u s in g A le x a , A le x a ,
Q u a n c a s t.
It g iv e s y o u
a s n a p s h o t o f tra ffic
as w e ll as g r a p h s f r o m
C o m p e te , a n d Q u a n tC a s t.
A B I / I N F O R M
G lo b a l
S o u rce : h ttp ://w w w .p r o a u e s t.c o m A B I/IN F O R M fin a n c ia l d e te rm in e G l o b a l is a b u s i n e s s d a t a b a s e . A B I / I N F O R M fo r re s e a rc h e rs at a ll le v e ls . G lo b a l o ffe rs t h e A B I/IN F O R M b u s in e s s la te s t b u s in e s s a n d G lo b a l, u s e rs can
in fo rm a tio n b u s in e s s
W ith
c o n d itio n s ,
m anagem ent
te c h n iq u e s ,
tre n d s ,
m anagem ent
p ra c tic e a n d th e o r y , c o r p o r a t e s tr a te g y a n d ta c tic s , a n d t h e c o m p e t it iv e la n d s c a p e .
C o m p e te
P R O
IB
C o m p e te
S o u rce : h ttp ://w w w .c o m p e te .c o m PRO p ro v id e s an o n lin e c o m p e titiv e in te llig e n c e s e rv ic e . It c o m b i n e s a ll t h e s ite ,
s e a r c h , a n d r e f e r r a l a n a l y t i c s in a s i n g l e p r o d u c t .
M o d u le
02 P a g e 173
0U n C il
Exam
312-50 C e r t i f i e d
Footprinting through Search \ Engines Website Footprinting
C E H
WHOIS Footprinting
DNS Footprinting
Email Footprinting
e t h o d o l o g y
F o o t p r i n t i n g Though s im ila r to th e G o o g le
u s i n g
o o g l e th e p ro ce ss o f fo o tp rin tin g u s in g G o o g le is not
is a s e a r c h
e n g in e ,
p ro c e s s o f fo o tp r in tin g th ro u g h
s e a rc h e n g in e s . F o o t p r in tin g u s in g G o o g le d e a ls
w ith g a th e rin g in fo rm a tio n s p e c ific e n g in e . s trin g s G o o g le o f te x t
b y G o o g l e h a c k i n g . G o o g l e h a c k i n g is a h a c k i n g t e c h n i q u e t o l o c a t e se a rc h re s u lts use u s in g an advanced s e a rc h o p e ra to r o p e ra to rs in and G o o g le se a rch th e
w ith in
w ill f ilt e r f o r e x c e s s iv e
o f advanced
w ill d r o p
re q u e s ts w it h th e h e lp o f a n In tru s io n P re v e n tio n S y s te m
M o d u le
02 P a g e 174
0U n C il
Exam
312-50 C e r t i f i e d
F ootprint U sing G oogle H acking Techniques
- r~ j J_ G o o g le h a c k in g r e f e r s t o t h e a r t o f c r e a t in g c o m p l e x s e a r c h e n g in e q u e r ie s . If y o u c a n c o n s tru c t G o o g le p ro p e r q u e rie s , y o u T h ro u g h can re trie v e v a lu a b le an d a ta about a ta rg e t to fin d com pany w e b s ite s fro m th a t th e a re F o o t p r i n t i n g u s i n g G o o g l e H a c k i n g T e c h n i q u e s
se a rch
re s u lts .
G o o g le
h a c k in g ,
a tta c k e r
trie s
v u ln e r a b le t o n u m e r o u s e x p lo it s a n d v u ln e r a b ilit ie s . T h is c a n b e a c c o m p lis h e d w i t h t h e h e lp o f G o o g le h a c k in g h e lp d a ta b a s e in f i n d i n g (G H D B ), re q u ire d a d a ta b a s e of q u e rie s to id e n tify d a ta . s e n s itiv e d a ta . G o o g le G o o g le web
o p e ra to rs
te x t and
a v o id in g
irre le v a n t
U s in g a d v a n c e d
o p e ra to rs , a tta c k e rs lo c a te a p p lic a tio n s .
s p e c ific s tr in g s o f t e x t s u c h as s p e c ific v e rs io n s o f v u ln e r a b le
S o m e o f t h e p o p u la r G o o g le o p e r a t o r s in c lu d e : Q Q
.Site:
T h e .S ite o p e r a t o r in G o o g l e h e l p s t o f i n d o n l y p a g e s t h a t b e l o n g t o a s p e c i f i c U R L . T h is o p e r a to r fin d s th e re q u ire d pages o r w e b s ite s by re s tric tin g th e re s u lts
allinurl: Inurl:
c o n t a i n i n g a ll q u e r y t e r m s . Q T h is w ill r e s t r ic t t h e r e s u lts t o o n ly w e b s ite s o r p a g e s t h a t c o n ta in t h e q u e r y t e r m s
t h a t y o u h a v e s p e c i f i e d in t h e U R L o f t h e w e b s i t e .
allintitle:
It r e s t r i c t s r e s u lt s t o o n l y w e b p a g e s t h a t c o n t a i n a ll t h e q u e r y t e r m s t h a t y o u
h a v e s p e c ifie d .
M o d u le
02 P a g e 175
0U n C il
Exam
312-50 C e r t i f i e d
intitle:
used.
It r e s t r ic t s r e s u lt s t o It w i l l s h o w
o n ly th e
web
pages th a t c o n ta in th e
th e
q u e ry te rm
th a t you have
h a v e s p e c ifie d .
o n ly w e b s ite s th a t m e n tio n
q u e ry te rm
th a t you
Inanchor:
It r e s tr ic ts r e s u lts t o p a g e s c o n t a in in g t h e q u e r y t e r m
t h a t y o u h a v e s p e c ifie d
in t h e a n c h o r t e x t o n lin k s t o t h e p a g e .
Q Allinanchor:
It r e s t r ic t s
re s u lts t o
pages c o n ta in in g
a ll q u e r y
te rm s
you
s p e c ify
in t h e
a n c h o r t e x t o n lin k s t o t h e p a g e .
M o d u le
02 P a g e 176
0U n C il
Exam
312-50 C e r t i f i e d
W hat aH acker can dow ith G oogle H acking?

A tta c k e r ga the rs: A d v is o rie s a n d se rve r v u ln e ra b ilitie s E rro r
E H
messages th a t
c o n ta in s e n s itiv e in fo rm a tio n
Pages c o n ta in in g
n e tw o rk o r v u ln e ra b ility d a ta
Files c o n ta in in g
p a ssw o rd s
Pages c o n ta in in g
lo g o n p o rta ls
h a t
C a n
a c k e r
D o
i t h G o o g le
o o g l e
a c k i n g ? a tta c k e r ca n fin d th e
If t h e
ta rg e t w e b s ite
is v u l n e r a b l e t o
h a c k in g , t h e n t h e
f o l l o w i n g w i t h t h e h e l p o f q u e r i e s in G o o g l e h a c k i n g d a t a b a s e : Q - Q Q E rro r m e s s a g e s t h a t c o n ta in s e n s itiv e in fo r m a t io n F ile s c o n t a i n i n g p a s s w o r d s S e n s itiv e d ir e c to r ie s P ages c o n ta in in g lo g o n p o r ta ls Pages c o n ta in in g n e tw o r k o r v u ln e ra b ility d a ta Q A d v is o rie s a n d s e rv e r v u ln e ra b ilitie s
M o d u le
02 P a g e 177
0U n C il
Exam
312-50 C e r t i f i e d
Google Advance Search O perators

G o o g le s u p p o r t s s e v e ra l a d v a n c e d o p e r a t o r s t h a t h e lp in m o d ify in g t h e s e a rc h [ c a c h e :]
D isp la ys th e w e b pages sto re d in th e G o o g le cache
C E H
V
[lin k :]
Lists w e b pages th a t h ave lin ks to th e sp e cifie d w e b page
[related :]
Lists w e b pages th a t are s im ila r t o a sp e cifie d w e b page
[ i n f o :]
P re se n ts s o m e in fo rm a tio n th a t G o o g le has a b o u t a p a rtic u la r w e b page
[ s i t e :]
R estricts th e re su lts to th o se w e b site s in th e g ive n d o m a in
[ a l l i n t i t l e :]
R estricts th e re su lts to th o se w e b site s w ith all o f th e search ke yw o rd s in th e title
[ i n t i t l e :]
R estricts th e re su lts to d o cu m e n ts co n ta in in g th e search k e yw o rd in th e t itle
[ a l l i n u r l :]
R estricts th e re su lts to th o se w ith all o f th e search k e yw o rd s in th e URL
[ i n u r l :]
R estricts th e re su lts to d o cu m e n ts co n ta in in g th e search k e yw o rd in th e URL
Copyright by EG-GtailCil. All Rights Reserved. Reproduction is Strictly Prohibited.
o o g l e
A d v a n c e
S e a r c h
p e r a t o r s
S o u rc e : h ttp ://w w w .g o o e le g u id e .c o m
Cache:
T h e C A C H E q u e r y d is p la y s G o o g le 's c a c h e d v e rs io n o f a w e b p a g e , in s te a d o f t h e c u r r e n t
v e rs io n o f th e page.
Example: cache: Note: link: link:

w w w .e ff.o rg w ill s h o w G o o g le 's cached v e rs io n o f th e E le c tro n ic F ro n tie r F o u n d a tio n
h o m e page. D o n o t p u t a s p a ce b e tw e e n c a c h e : a n d th e URL (w e b a d d re s s ). p a g e s t h a t h a v e lin k s t o t h e s p e c ifie d w e b p a g e . F o r e x a m p le , t o fin d pages
L in k lis ts w e b
t h a t p o in t t o G o o g le G u id e 's h o m e p a g e , e n te r : w w w .g o o g le g u id e .c o m
N o t e : A c c o r d in g t o G o o g le 's d o c u m e n t a t i o n , " y o u c a n n o t c o m b in e a lin k : s e a rc h w i t h a r e g u la r k e y w o rd s e a rc h ."
M o d u le
02 P a g e 178
0U n C il
Exam
312-50 C e r t i f i e d
A ls o n o te t h a t w h e n y o u c o m b in e lin k : w it h a n o t h e r a d v a n c e d o p e r a t o r , G o o g le m a y n o t r e t u r n a ll t h e p a g e s t h a t m a tc h . T h e f o llo w in g q u e rie s s h o u ld in e a c h o f t h e s e q u e r i e s . re tu rn lo ts o f r e s u lts , as y o u c a n s e e if
y o u r e m o v e t h e -s ite : t e r m
related:
If y o u s t a r t y o u r q u e r y w i t h " r e l a t e d : " , t h e n G o o g le d is p la y s w e b s it e s s im ila r t o t h e s ite
m e n t i o n e d in t h e s e a r c h q u e r y .
Example: info:
For
re la te d :w w w . m ic ro s o ft.c o m
w ill p ro v id e
t h e G o o g le s e a rc h e n g in e r e s u lts p a g e w it h
w e b s ite s s im ila r t o m ic ro s o ft.c o m . In fo w ill p re s e n t s o m e in fo r m a tio n th e c o r r e s p o n d in g w e b p a g e . in s ta n c e , in fo :g o th o te l.c o m h o m e page. w ill show in fo rm a tio n about th e n a tio n a l h o te l d ire c to ry
G o tH o te l.c o m
Note:
box.
T h e r e m u s t b e n o s p a c e b e t w e e n t h e in fo : a n d t h e w e b p a g e URL.
T h is f u n c t i o n a l i t y c a n a ls o b e o b t a i n e d b y t y p in g t h e w e b p a g e U R L d ir e c t ly in t o a G o o g le s e a rc h
site:
For
If y o u
in c lu d e
s ite :
in y o u r q u e r y , G o o g l e
w ill
r e s tric t y o u r s e a rc h
re s u lts t o
th e
s ite
or
d o m a in y o u s p e c ify . e x a m p le , a d m is s io n s s ite :w w w . Is e .a c .u k and [p e a c e w ill show a d m is s io n s pages in fo rm a tio n peace fro m London th e .g o v
School
o f E c o n o m ic s ' s ite
s ite :g o v
] w ill fin d
about
w ith in
d o m a in . Y o u c a n s p e c ify a d o m a in w i t h o r w i t h o u t a p e r io d , e .g ., e i t h e r as .g o v o r g o v . N o te : D o n o t in c lu d e a s p a c e b e tw e e n th e " s ite :" a n d th e d o m a in .
allintitle:
If y o u s t a r t y o u r q u e r y w i t h
a l l i n t i t l e : , G o o g l e r e s t r i c t s r e s u l t s t o t h o s e c o n t a i n i n g a ll
t h e q u e r y t e r m s y o u s p e c i f y in t h e t i t l e . F or e x a m p le , "d e te c t" and a llin title : d e te c t in p la g ia ris m th e title . w ill re tu rn o n ly d o c u m e n ts can a ls o be th a t c o n ta in o b ta in e d th e w o rds th e
"p la g ia ris m "
T h is
fu n c tio n a lity
th ro u g h
A d v a n c e d W e b S e a rch p a g e, u n d e r O c c u rre n c e s .
intitle:
T h e q u e ry in title : te r m flu s h o t in title :h e lp
r e s tr ic ts re s u lts t o w ill re tu rn
d o c u m e n ts th a t
c o n ta in in g te rm th e w o rd
in t h e "h e lp "
title .
For
in s ta n c e ,
d o c u m e n ts
m e n tio n
in t h e i r
t i t l e s , a n d m e n t i o n t h e w o r d s " f l u " a n d " s h o t " a n y w h e r e in t h e d o c u m e n t ( t i t l e o r n o t ) . N o te : T h e re m u s t b e n o s p a ce b e tw e e n th e in title : a n d th e fo llo w in g w o r d .
allinurl:
I f y o u s t a r t y o u r q u e r y w i t h a l l i n u r l :, G o o g l e r e s t r i c t s r e s u l t s t o t h o s e c o n t a i n i n g a l l t h e
q u e r y t e r m s y o u s p e c i f y in t h e U R L . F o r e x a m p le , a llin u rl: g o o g le fa q a n d " f a q " in t h e w ill r e tu r n o n ly d o c u m e n ts th a t c o n ta in th e w o rd s " g o o g le "
U R L, s u c h as " w w w . g o o g l e . c o m / h e l p / f a q . h t m l ." T h is f u n c t i o n a l i t y c a n a ls o b e
o b ta in e d th r o u g h th e A d v a n c e d W e b S e a rch p a g e, u n d e r O c c u rre n c e s . In URLs, w o rd s a re o fte n run to g e th e r. They need not be run to g e th e r when y o u 'r e u s in g
a llin u rl.
inurl:
I f y o u i n c l u d e i n u r l : in y o u r q u e r y , G o o g l e w i l l r e s t r i c t t h e r e s u lt s t o d o c u m e n t s c o n t a i n i n g
t h a t w o r d in t h e U R L . F o r in s ta n c e , w h ic h nam ed th e in u rk p rin t s ite :w w w . g o o g le g u id e .c o m w o rd " p rin t." It f in d s se a rch e s fo r pages on G o o g le G u id e in
URL c o n ta in s th e on th e
PDF file s t h a t a re q u e ry
in t h e
d ire c to ry o r fo ld e r e a tin g ] w ill re tu rn
" p rin t"
G o o g le
G u id e
w e b s ite .
The
[ in u rk h e a lth y
M o d u le
02 P a g e 179
0U n C il
Exam
312-50 C e r t i f i e d
d o c u m e n ts
th a t
m e n tio n
th e
w o rd s
" h e a lth y "
in t h e i r
URL, a n d
m e n tio n
th e
w o rd
"e a tin g "
a n y w h e r e in t h e d o c u m e n t .
Note:
T h e re m u s t b e n o s p a c e b e tw e e n th e in u rl: a n d th e f o llo w in g w o r d .
M o d u le
02 P a g e 180
0U n C il
Exam
312-50 C e r t i f i e d
Finding R esources U sing G oogle A dvance O perator
f 1z .
_ E!
5
Copyright by EG-G(ancil. All Rights Reserved. Reproduction is Strictly Prohibited.
F i n d i n g
R e s o u r c e s
u s i n g
o o g l e
A d v a n c e
p e r a t o r
B y u s in g t h e G o o g le A d v a n c e O p e r a t o r s y n ta x
[ i n t i t l e : in tra n e t
in u r l : in tra n e t
f i n t e x t : human
as w e ll as
r e s o u r c e s ] : th e a tta c k e r ca n fin d p riv a te in fo r m a tio n o f a ta r g e t c o m p a n y

in fo rm a tio n by th e about th e be e m p lo y e e s used to of th a t p a rtic u la r s o c ia l com pany. The
s e n s itiv e g a th e re d
in fo rm a tio n
a tta c k e rs
can
p e rfo rm
e n g in e e rin g
a tta c k s .
G o o g le w ill f ilt e r f o r e x c e s s iv e u s e o f a d v a n c e d s e a rc h o p e r a t o r s a n d w ill d r o p t h e r e q u e s ts w it h th e h e lp o f a n In tru s io n P r e v e n tio n S y s te m . T h e fo llo w in g s c r e e n s h o t s h o w s a G o o g le s e a rc h e n g in e re s u lts p a g e d is p la y in g th e re s u lts o f
th e p re v io u s ly m e n tio n e d q u e ry :
M o d u le
02 P a g e 181
0U n C il
Exam
312-50 C e r t i f i e d
You
Search
Images
M ail
Documents
Calendar
Sites
Contacts
Maps
More
(inCitke intranet inurt intranet intext 'human resource^
Search
About ?3 800 rest*s (0 16 second
Web Images ).taps
Humaj3LSPurc Human Resource* Intranet > Department of Human Resources 14 Jun 2012-Human Resources Home > Department of Human Resources > Human Resources Intranet Human Resources Intranet...
Videos
News
intranet*/ 6 Juo 2012 Human Resources 201V12 DeaAnes 1Facu*y and Human Resources - - *Personnel Specials! assignments by Ur* (OOC)...
Shopping M ore Show search tools

4 H M orgI
Error Cookies are not enabled You must enable cooloes before you can log n Please log in This section 0 1 the Human Resources *ebsite IS for UNC Health... * - V intranet ben4ts V xhumaf1 -rsourc*-mana9 3 Nov 2010 - Tags enterpnse 2 0 nterpnse colaboration human resources noranel 2 0 intranets social crm Intranet Benefcs for Human Resowce... * *du au/ h i Tht Faculty Human Resources Taam aims to work vnth acad*rrc haads managers and staff to nsur that human resources a*c and actMties translatt into...
Intrnt Benefits (ot Human Resource Management
Human Reiourcet I . . Intranet.
__________ Intranet Human Retourcet.

intranet personnet/perps him Human Resources Employee Benefts and Resources A g Leam provides education serwees for contractors..
> _ds |*p>dsjd*41 The Human Resources oftce is responsible tor prg.jrv3 vanous support services to all
FIGURE 2.28: Search engine show ing results fo r given Google Advance O p e ra to r syntax
M o d u le
02 P a g e 182
0U n C il
Exam
312-50 C e r t i f i e d
G oogle H ackingT ool: G oogle H acking D atabase (G H D B )
C E H
Advisories andVulnerabilrt.es
Pages Containing Login Portals
G ( G
o o g l e H D B )
a c k i n g
T o o l :
o o g l e
a c k i n g
D a t a b a s e
S o u rce : h ttp ://w w w .h a c k e r s fo r c h a rity .o r g T h e G o o g l e H a c k i n g d a t a b a s e ( G H D B ) is a d a t a b a s e o f q u e r i e s t h a t i d e n t i f y s e n s i t i v e d a t a . G H D B is a n H T M L / J a v a S c r i p t w r a p p e r a p p l i c a t i o n t h a t u s e s a d v a n c e d J a v a S c r i p t t e c h n i q u e s t o s c r a p e in fo rm a tio n fro m J o h n n y 's G o o g le H a c k in g H a c k in g D a ta b a s e w it h o u t th e is s u e s w i t h n e e d fo r h o s te d s e rv e r-s id e
s c rip ts . T h e G o o g le
D a ta b a s e e x p o s e s k n o w n
s o ftw a r e th a t ru n w e b s ite s .
T h e r e a re s o m e b u g s t h a t e x p o s e in f o r m a t io n t h a t m ig h t n o t w a r r a n t p u b lic re a d in g .
M o d u le
02 P a g e 183
0U n C il
E x a m 3 1 2 - 5 0 C e r t if ie d E t h ic a l H a c k e r
C
MW(
I w w w .ru d ce rsf fC h a r ty .o ro / 1 > 1 & , fu n ctio n ! w m m a ry ttf. i -1 9

PAOJCCTC ABOUT U
0 1
r 6HM Hadun far Over.
YouTttl
*vw h ae lcm to cch a n ty. rg ,< ;)h d rv lunn ntum m ,vy& car 1 /
1 0
- *
ES2]
OHOO - r U c ld i for Charity
H A C K E R SF O RC H A R IT Y .O R C
CHDe - M..k*r> F **Charity 0H 0e S t Ad/tsenes ard ViireraMtties Tic Et lrpi<t Pioductort contain} multiple vulnerabltes. Afucn cojM eoioited to alk>!v an G p-odjctrart a3ccar to cceai ur crdntjak or mount other f atta Accorcare tol rmSoSaareh fttp^7*'v.MCurtvfofuc.cofr\lb1d/0667. carsin v-aHeratilC rerjior n1CoJeC 1 contan a buffer ovftov% vuln*r3Mlfy wfticti allow an XttrkM to Advanced Guestbook has an SQl r)e< nor rWKjutMtwok which al 0*5 unauthomod acces*. 'jrvarrec guacfeook >oblem Aaadurfiotn thee, hit Aa!rw1 trw 00 01e 2.2 pen* following VPASP (Virtual PrograTTtirg ASP) has won v* a sp 3rwpe*n<1 cart awarih both in US anti France. is now m um
onoe
C * > 9
s: P1 g contanng lopr porta* According a. Miaosoft M 1 u o * 1ft (R) Outlook (TK) V J* t! a . res; * M *< osofr Ftrturo* Artwe Servar C Application that t>veo you prvitc access to Ttus 1 U1* login pace f<x CokJFuson .*dnrivratcn AlOteualt mn> t 1 h*M are uirurM. t C 1 s an Irdlcator of a dtfau't into laton and Th* is default login pa$c for ColdFuor1. Aimouch many ot tnese are secured, rm is an ncicatcr of a dsfault installation, and iray bo
2CO*03* XO*-
'
c t
j t
2C04 0 -; 2 2004
v 7 .7
webmn is hen acrnrn irtar'ace fee Unix Coxes it 5! run or propriataiy wob co'vor isterirg on th* C<0J t l>t of 10090. 1t> 1 4 typical login page. Itfwi lein tlr become a targa* for SQL injection Comsac's amd* at I ., (Op:/'ww>v.govcrrrrKrvsc<ur1ty.or5/art)Clca/S ns a typical login page, itfus ecentir bccotn* a j 1acr13/dnn.10or .a taro* for SQL injection. Comsoc's artid* at j NJp://wrwYr.goverrmrsecunty.rc/artjde!/S . VNC U a fenwte-corwoHed Clpp produa. ?004- VNC D ftdC r<T>*nd1no or rhe contlcuraBon. w rote u nay rot bo pr*4nted vth 3 pawod. Cvor when
(H - tart*eonn
C < C .
C H W P tltifW t. .
TH 11 the (root page entry point to
V te
[_
"Miuo 71k" .
I m sis the loan page for MtcrosoTs Renote Deslax? Wb Connection, which a'low! rometo usart to | connect to (and optionally corttol) aum>
' nttteftqjo
inul.r *o fan 3a1/Je fatltflogin asp
ITw m ! aie Otiw Metafieiit* login ptxt^s. AtUKhws ran iica (txxo tn prr.fl a s1*e and ran 1*e near!)re setup! of thi* application to acce* the t
<
FIGURE 2.29: Screenshots showing Advisories and Vulnerabilities & pages containing login portals
M o d u le 0 2 P a g e 1 8 4
E t h i c a l H a c k i n g a n d C o u n t e r m e a s u r e s C o p y r i g h t b y E C - C 0 l1 n C il A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d .
Google Hacking Tools

MetaGoofil
http://www.edge-security,com
C E H
Goolink Scanner
http://www.ghacks.net
SiteDigger
http://www.mcafee.com
&
SearchDiggity
http://www.stachliu. com
Google Hacks
http://code.google.com
& ?
Google HACK DB
http://www.5ecpoint.com
BiLE Suite
http://www.sensepost.com
Gooscan
http://www.darknet.org. uk
Copyright by EG-G(HIICil. All Rights Reserved. Reproduction is Strictly Prohibited.
o o g l e th e
a c k i n g
T o o l s D a ta b a s e (G H D B ) to o l fe a tu re d p re v io u s ly , th e re a re
B e s id e s
G o o g le
H a c k in g
s o m e o t h e r to o ls t h a t ca n h e lp y o u w it h G o o g le h a c k in g . T h e r e a re a f e w to o ls m e n tio n e d as fo llo w s . U s in g th e s e to o ls , th a t a tta c k e rs m ay can g a th e r a tta c k
m o r e G o o g le h a c k in g a d v is o rie s p a th s , and s e rve r file s ,
v u ln e ra b ilitie s ,
e rro r
m essage
in fo rm a tio n
reveal
s e n s itiv e
d ir e c to r ie s , lo g o n p o rta ls , e tc .
M e t a g o o f il S o u rce : h ttp ://w w w .e d g e -s e c u r itv .c o m is an in fo rm a tio n -g a th e rin g to o l d e s ig n e d fo r e x tra c tin g m e ta d a ta of p u b lic
M e ta g o o fil
d o c u m e n t s ( p d f , d o c , x ls , p p t , d o c x , p p t x , x ls x ) b e l o n g i n g t o a t a r g e t c o m p a n y . M e t a g o o f i l p e r f o r m s a s e a r c h in G o o g l e t o i d e n t i f y a n d d o w n l o a d t h e d o c u m e n t s t o a lo c a l d is k a n d t h e n e x tra c ts t h e m e ta d a ta w it h d if f e r e n t lib ra rie s s u c h as H a c h o ir, P d fM in e r ? , a n d o th e r s . W ith th e re s u lts , it g e n e ra te s a re p o rt w ith u s e rn a m e s , s o ftw a re v e rs io n s , and s e rve rs or
m a c h i n e n a m e s t h a t m a y h e l p p e n e t r a t i o n t e s t e r s in t h e i n f o r m a t i o n g a t h e r i n g p h a s e .
G o o lin k
S c a n n e r
M o d u le 0 2 P a g e 1 8 5
E t h i c a l H a c k i n g a n d C o u n t e r m e a s u r e s C o p y r i g h t b y E C - C 0 U n C il A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d .
S o u rce : h ttp ://w w w .g h a c k s .n e t The G o o lin k Scanner re m o v e s lin k s . T h u s , th e cache you fro m to your fin d s e a rc h e s , a n d c o lle c ts and to d is p la y s G o o g le o n ly and
v u ln e ra b le g o o g le b o ts .
s ite 's
it a llo w s
v u ln e ra b le
s ite s w id e
open
S ite D ig g e r S o u rce : h ttp ://w w w .m c a fe e .c o m
S ite D ig g e r
se a rch e s
G o o g le 's
cache
to
lo o k
fo r
v u ln e ra b ilitie s ,
e rro rs ,
c o n fig u ra tio n
is s u e s ,
p r o p r ie ta r y in fo r m a tio n , a n d in te r e s tin g s e c u rity n u g g e ts o n w e b s ite s .
G o o g le
H a c k s
* 4)
S o u rce : h ttp ://c o d e .g o o g le .c o m G o o g le Hacks is a c o m p ila tio n of c a re fu lly c ra fte d G o o g le se a rch e s th a t expose novel of your
fu n c tio n a lity fro m
G o o g le 's s e a rc h a n d
m a p s e rv ic e s . It a llo w s y o u t o
v ie w
a tim e lin e
s e a rc h re s u lts , v ie w a m a p , s e a rc h f o r m u s ic , s e a rc h f o r b o o k s , a n d p e r f o r m k in d s o f s e a rc h e s .
m a n y o t h e r s p e c ific
\ \
B iL E
S u ite
S o u rce : h ttp ://w w w .s e n s e p o s t.c o m B iL E s t a n d s f o r B i - d i r e c t i o n a l L i n k E x t r a c t o r . T h e B iL E s u i t e i n c l u d e s a c o u p l e o f P e r l s c r i p t s u s e d in e n u m e r a t i o n P e r l s c r i p t in t h e and fro m p r o c e s s e s . E a c h P e r l s c r i p t h a s i t s o w n f u n c t i o n a l i t y . B i L E . p l is t h e f i r s t t o o l o r c o l l e c t i o n . B iL E l e a n s o n th e n G o o g le a n d H T T ra ck to a u to m a te th e c o lle c tio n s to to deduce
t h e t a r g e t s ite , a n d
a p p lie s a s im p le
s ta tis tic a l w e ig h in g
a lg o rith m
w h ic h w e b s it e s h a v e t h e s t r o n g e s t r e la t io n s h ip s w i t h t h e t a r g e t s ite .
G o o g le
H a c k
H o n e y p o t
S o u rce : h ttp ://g h h .s o u rc e fo rg e .n e t G o o g le H a c k H o n e y p o t is t h e re a c tio n to a new ty p e o f m a lic io u s w e b tr a ffic : se a rc h e n g in e
h a c k e r s . I t is d e s i g n e d t o p r o v i d e r e c o n n a i s s a n c e a g a i n s t a t t a c k e r s t h a t u s e s e a r c h e n g i n e s a s a h a c k in g to o l a g a in s t your reso u rce s. GHH im p le m e n ts th e honeypot th e o ry to p ro v id e
a d d itio n a l s e c u rity t o y o u r w e b p re s e n c e .
G M a p C a t c h e r
&
S o u rce : h ttp ://c o d e .g o o g le .c o m is an o fflin e m aps v ie w e r. It d is p la y s m aps fro m m any p ro v id e rs such as:
G M a p C a tc h e r
C l o u d M a d e , O p e n S t r e e t M a p , Y a h o o M a p s , B i n g M a p s , N o k i a M a p s , a n d S k y V e c t o r . m a p s . p y is a GUI p ro g ra m used to b ro w s e G o o g le m ap. W ith th e o fflin e to g g le b u tto n unchecked, it c a n
d o w n lo a d G o o g le m a p tile s a u t o m a t ic a lly . O n c e t h e file d o w n lo a d s , it re s id e s o n y o u r h a r d d is k . T h u s , y o u d o n 't n e e d t o d o w n l o a d it a g a in .
M o d u le 0 2 P a g e 1 8 6
S e a r c h D ig g it y S o u rce : h ttp ://w w w .s ta c h liu .c o m
S e a r c h D i g g i t y is t h e p r i m a r y a t t a c k t o o l o f t h e G o o g l e H a c k i n g D i g g i t y P r o j e c t . I t is S t a c h & L i u ' s M S W in d o w s G U I a p p lic a tio n t h a t s e rv e s as a fr o n t - e n d t o th e to o ls such as G o o g le D ig g ity , B in g D ig g ity , B in g m o s t r e c e n t v e rs io n s o f D ig g ity C o d e S e a rc h D ig g ity , and
L in k F ro m D o m a in D ig g ity ,
D L P D ig g ity ,
M a lw a re D ig g ity ,
P o rtS c a n D ig g ity ,
S H O D A N D ig g ity ,
B in g B in a ry M a lw a re S e a rc h ,
N o tln M y B a c k Y a r d D ig g ity .
G o o g le PHP
H A C K
D B
S o u rce : h ttp ://w w w .s e c p o in t.c o m T h e a t t a c k e r c a n a ls o u s e t h e S e c P o in t G o o g le H A C K D B t o o l t o d e t e r m i n e s e n s it iv e i n f o r m a t i o n fro m t h e t a r g e t s ite . T h is t o o l h e lp s a n a t t a c k e r t o e x t r a c t file s c o n t a i n i n g p a s s w o r d s , d a t a b a s e
file s , c le a r t e x t file s , c u s t o m e r d a ta b a s e file s , e tc .
G o o s c a n S o u rce : h ttp ://w w w .d a r k n e t.o r g .u k G o o s c a n is a t o o l t h a t a u t o m a t e s q u e r i e s a g a i n s t G o o g l e s e a r c h a p p l i a n c e s . T h e s e q u e r i e s a r e d e s ig n e d t o fin d p o te n tia l v u ln e ra b ilitie s o n w e b p a g es.
M o d u le 0 2 P a g e 1 8 7
M e t h o d o lo g y
C E H
WHOIS Footprinting
DNS Footprinting
Email Footprinting
F o o t p r i n t i n g G a th e rin g o rg a n iz a tio n fo o tp rin tin g . W h o is fo o tp rin tin g fo c u s e s is v e ry
e t h o d o l o g y in fo rm a tio n h a c k in g a such as w h o is So, in fo rm a tio n we w ill of th e ta rg e t w h o is
n e tw o rk -re la te d im p o r ta n t
when
s y s te m .
now
d is c u s s
on
how
to
p e rfo rm
a w h o is
lo o k u p ,
a n a ly z in g
th e
w h o is
lo o k u p
re s u lts , a n d t h e to o ls t o g a th e r w h o is in f o r m a t io n .
M o d u le 0 2 P a g e 1 8 8
WHOIS Lookup
inform ation o f dom ain owners
Urtifi!
C E H
Ittiul lUckw
W HOIS databases are maintained by Regional In te rn e t Registries and contain the personal
WHOIS q u e ry re tu rn s:
e e Domain name details Contact details of domain ow ner Domain name servers 9 NetRange W hen a domain has been created e 6 Expiry records Records last updated
In fo rm a tio n o b ta in e d f r o m W H O IS d a t a b a s e a s s i s t s a n a t t a c k e r to :
Create detailed map of organizational network tt Gather personal information that assists to perform social engineering 6 Gather other internal network details, etc.
Regional In te rn e t R e g istries (RIRs)

a f r i
R T N
)APNIC
a
j
RIPE
H O
I S
L o o k u p
W H O I S is a q u e r y a n d r e s p o n s e p r o t o c o l u s e d f o r q u e r y i n g d a t a b a s e s t h a t s t o r e s t h e re g is te re d b lo c k , or u s e rs o r a s s ig n e e s o f a n an a u to n o m o u s c o n ta in th e s y s te m . In te rn e t re so u rce , such W H O IS d a ta b a s e s a re as a d o m a in m a in ta in e d o w n e rs . n a m e , an by IP a d d r e s s In te rn e t a re co rd
R e g io n a l m a in ta in
R e g is trie s a n d
p e rs o n a l in fo rm a tio n
o f d o m a in
They
c a lle d a L O O K U P t a b l e t h a t c o n t a i n s a ll t h e d o m a in , and h o s t. Anyone can connect
in fo rm a tio n q u e ry to
a s s o c ia te d w it h th is s e rv e r to
a p a rtic u la r n e tw o rk , in fo rm a tio n about
and
get
p a r tic u la r n e tw o r k s , d o m a in s , a n d h o s ts . A n a tta c k e r can se n d a q u e ry to th e a p p ro p ria te W H O IS s e rv e r to o b ta in th e in fo rm a tio n a b o u t th e ta rg e t d o m a in name, c o n ta c t d e ta ils of its o w n e r, e x p iry d a te , c re a tio n d a te , e tc . T h e
W H O IS s e v e r w ill re s p o n d t o th e q u e r y w it h re s p e c tiv e in f o r m a t io n . T h e n , th e a tta c k e r c a n use th is in fo r m a tio n to c re a te a m a p o f th e o rg a n iz a tio n n e t w o r k , t r i c k d o m a i n o w n e r s w i t h s o c ia l
e n g in e e r in g o n c e h e o r s h e g e ts c o n ta c t d e ta ils , a n d t h e n g e t in t e r n a l d e ta ils o f t h e n e t w o r k .
M o d u le 0 2 P a g e 1 8 9
W H O ISLookup Result Analysis c E H

(citifwd ItkKal Math Whois Record 1 Stata My Who.
Domain Dossier
0 domain whois record network whois record
investigate domain3 and IP addresses
domain or IP address [juggyboy.com
Doxain JLdmr.13tratcr M icrosoft C orporation One M icrosoft Way Rsrinorei Hr. 93052
cs dom ain s@ r 1 lcroson.c1 +1.4250826060 Fex; +1.4259267229
0 DNS records service scan 30]
traceroute
J U
gncitymous [ log in | acccun
Bonaia Kane: nicrosoft.com Ee313*rar Sane: Marl3cnicor.com R e g istra r W10L3: w tiols.narttxm lcor.con R e g istra r Kcnepage: h ttp://vw V .r13rircnL tcr.rcn & dnir.13trative Contact: Dorain Adxilnlstracor M icrosoft C orporation One M icrosoft Kay Reancna W A 9BOS2 US d0rwa1n8fimicro9Qft.com +1.42S8828080 fcax: 4L.42S9367329 TecJxicol Contact. Zone Contact: msm H09tn9t#r M icrosoft C orporation on M icrosoft way Rectaond W A 98052 US m3nnstQmittoSOfl.com *1.1258828080 rax: 11. 12S93"32S c re a te d on........................... : 1991-05-01. Expires on............................: 2021-03-02. Record l a s t upaatea o n ..: 2011-03-14. Donaia se rv e rs in l i s t e d order: ns3.1Ksrt.net
n 3 4 .a s ft .a c t A d d r e s s lo o k u p canonical name j 1 00vhny.com. aliases addresses
D o m a in W h o is r e c o r d Queried wt10ivintt>rni<:.nt>t with "doi 1 juggyboy.c Doaaia Noses JUGGYBOY.COM
R e gistrar: N ETW O RK 30UJTI0W3, LLC. *h: -.1 server: vnois .Retwor*solutions. cox R etercel URL: ftttp://w *.netw rfc501ut10ns.ccr,/enJJS/ N a!a# 3*rv*r: &S19.W CRLO H TC.CO M
NAM S *rvr: M520.WCBLON1C.COM s u c u a : c iic n tir a n s r e rP r o n i& ite d O pdated D ate: 03-feb-2009 C re a tio n D ata: 16-ûl-2003 E x p ir a tio n D a te : : -
60 12 0 1 4
> l a s t update o f who la d a ta b a s e : Thu, 19 J a l 2012 0 4 9 : 3 6 : OTC 4 Q uened wt10is.netw ork50lu tions.cnm with juggyboy.com ...
R egistrant: r .s l.tt3 rt.n e t as 3 act

03 r t
M R M N K
m mm
h ttp ://w h o is .d o m a in to o ls .c o m h ttp ://c e n tralops. ne t/co Copyright by EG-G*ancil. All Rights Reserved. Reproduction is Strictly Prohibited.
W A
H O
I S
L o o k u p lo o k u p
R e s u l t be
A n a l y s i s p e rfo rm e d u s in g W h o is s e rv ic e s such as
w h o is
can
h ttp ://w h o is .d o m a in to o ls .c o m
o r h t t p : / / c e n t r a l o p s . n e t / c o . H e re y o u c a n s e e t h e r e s u lt a n a ly s is m e n t io n e d W h o is s e rv ic e s . B o th th e s e s e rv ic e s a llo w e n te rin g th e ta rg e t's such as d o m a in re g is tra n t or IP a d d re s s. The
o f a W h o is lo o k u p o b ta in e d w ith th e t w o you to p e rfo rm w w h o is lo o k u p by w h o is
d o m a in to o ls .c o m
s e rv ic e
p ro v id e s
in fo rm a tio n
in fo rm a tio n ,
e m a il,
a d m in is tra tiv e c o n ta c t in fo rm a tio n , c re a te d D o m a in
a n d e x p ir y d a t e , a lis t o f d o m a i n
s e rv e rs , e tc . T h e
D o s s ie r a v a ila b le a t h t t p : / / c e n t r a l o p s . n e t / c o / g iv e s t h e a d d re s s lo o k u p , d o m a in W h o is
re c o rd , n e tw o r k w h o is re c o rd , a n d D N S re c o rd s in fo r m a tio n .
M o d u le 0 2 P a g e 1 9 0
W h imR eco rd S iteP ro file R egistration S erv er S tats M yW h o is

R e g is tra n t: Domain A d m i n i s t r a t o r M i c r o s o f t C o r p o r a ti o n One M i c r o s o f t Way Reds-ond WA 98052 US d p n a in sc X m c ro so flc o m + 1 .4 2 5 8 8 2 8 0 8 0 F ax : + 1 .4 2 5 9 3 6 3 2 9 D o z a m tta x e : n i c r o 3 0 f t .c 0 m R e g i s t r a r M ane: M a rte n o n ito r.c o m R e g i s t r a r W hois: w h o is . !n a rlato n i t o r . c a n R e g i s t r a r H o n e p ag e: h ttp ://w w w .m a rJ a n c n t o r . c o t
Dom ain D ossier

| domain whois record 9 J user anonym ous [ balance: 47 units
lo f in | a cco un t info
I n v e s t i g a t e d o m a in s a n d I P a d d r e s s e s
dom ain or !P a d d re s s ]ug9yCoy.com 0 DNS records traceroute 2
30] PfJ11tr.fi ,!,Lit
Address lookup
canonical name juooyboy.com. aliases a d d re s s e s 6
A d s r i n i s t r a t i v e C o n ta c t : Domain A d n l n l s t r a t o r
Microsoft Corporation
One M i c r o s o f t Way Redmond W A 98052 US d ornains@ m cf soft.com + 1 .4 2 5 8 8 2 8 0 8 0 F ax : 4-1.4 2 5 9 3 6 3 2 9
D o m a in W h o is r e c o r d
Q u e rie d w h o i s .in te r n ic .n e t w ith "dom ju g g y b o y .c o m ... D cxein Name: JUGGYBOY.COM R e g i s t r a r : NETWORK SOLUTIONS, LLC.
h o i s S e r v e r : w h o is .n e t v f o r lf s o lu t i o n s .c o j n
10
T e c h n i c a l C o n ta c t , Zone C o n ta c t : MSN H o s tm a s te r M i c r o s o f t C o r p o r a ti o n One M i c r o s o f t Way Redirond KA 98052 US n snf s t@ m itro so flc o m 1*4258828080 F ax: + 1 .4 2 5 9 3 6 7 3 2 9
1 1
C re a te d o n : 1 9 9 1 -0 5 - 0 1 . E x p ire s o n 2 0 2 1 -0 5 - 0 2 . R e c o rd l a s t u p d a te d o n . . : 2 0 1 1 -0 8 - 1 4 .
R e fe r r a l URL: h ttp ://w vfw .n etw orJc3clu tion3.co1r/en US/ Vane S e rv e r: HS19.WORLDNIC.COM Nase S e r v e r : HS20.WORLDNIC.COM S ta t u s : c l i c n t T r a n s f e r F r o h i b i t e d U pdated D a te : 0 3 -fe b -2 0 0 9 C r e a tio n D a te : 1 6 - ) u l- 2 0 0 2 E x p i r a ti o n D a te : 16 - j j 1-2014 > L ast update o f w hois d a ta b a se : Thu, 19 Ju l 2012 0 7 :4 9 :3 6 UTC < Q u e ried w h o ib .n e tw o r k b o lu tio n b .c o iii w ith " ju g g y b o y x o iH ... R e g is tra n t:
Domain s e r v e r s i n l i s t e d o r d e r : n s 5 .n s f t.n e t n s 4 .n s f t.n e t n s l.n s ft.n e t n s 3 .n s f t.n e t n s 2 .n s ft.n e t
h t t p ://w h o is .d o m a in to o ls .c o m
h tt p ://c e n tr a lo p s .n e t/c o
FIGURE 2 .3 0 : W h o is se rvice s s c re e n s h o ts
M o d u le 0 2 P a g e 1 9 1
W H O ISLookupT ool: Sm artW hois C E H

Urtffi* IthKjl lU ckM
Sm artW hois - Evaluation V ersion F ie Query Edit Y!r/ Settings Help
2?
c r a iji
P. host or dcmarc J m!cr050ft.c< miacsoft.com ^ mcney.de
1 4
E53
tt
Free SAS i ProXad 8, rue de la ville l"Evcque 75006 Paris phone -33 1 73 50 20 00 fax * 3 3 1 73 50 25 01 hQstmastcfCPptoxad.nct (3 free SAS i ProXad rue de 14 ville l"Evec|ue 75006 Pri phone-33 173 50 20 00 fax: *33 1 73 502501 r.ojtmcitcricfo.od.nct
( | frMml-g20.frM.fi [2 1 2 .2 7 .6 0 .1 9 ]
( J ''*ns2-q2C.frM.fr [21227 60.20]
IJ
r*at*d 29/12/2006 c" Updated: u p 17/02/2004 Source: whois.nic.fr Completed at 19-07-2012 12:4*01 PM Processing me 1.6$ seconds V1 rVM>Liter
h t t p : / / w w w . t a m o s , c o m
H O
I S
L o o k u p
T o o l :
S m
a r t W
h o i s
S o u rce : h ttp ://w w w .ta r n o s .c o m S m a r t W h o i s is a u s e f u l n e t w o r k i n f o r m a t i o n in fo rm a tio n a b o u t an u tility t h a t a llo w s y o u t o l o o k u p a ll t h e a v a ila b le o r p ro v in c e ,
IP a d d r e s s , h o s t n a m e , o r d o m a i n , i n c l u d i n g
c o u n try , s ta te
c ity , n a m e o f t h e n e t w o r k p r o v i d e r , a d m i n i s t r a t o r , a n d t e c h n i c a l s u p p o r t c o n t a c t i n f o r m a t i o n . It a ls o a s s is ts y o u in f i n d i n g t h e o w n e r o f t h e d o m a i n , t h e o w n e r ' s c o n t a c t i n f o r m a t i o n , t h e o w n e r o f t h e IP a d d r e s s b l o c k , r e g i s t e r e d d a t e o f t h e d o m a i n , e t c .
M o d u le 0 2 P a g e 1 9 2
Sm aitW hois Evaluation Version

F ile Q u e ry E d it V ie w S e ttin g s H e lp
IP, h o s t o r d o m a in :
m ic r o s o f t c o m
> Q u e r y
m
a t m ic r o s o ft .c o m m o n e y .d e
Q n jg jfc fr
8 8.19 0 2S 4.12
Free S A S / P r o X a d I 8, ru e d e la v ille I 'E v e q u c 75008 P a ris p h o n e : 33 1 73 50 20 00 fax: 33 1 7 3 5 0 2 5 01 h o s t m a s t e r g p fQ x id .n e t Free S A S / P r o X a d I 8. ru e d e la v ille l" F v e q u e 75008 P a ris
phene 33 173 50 20 00 fax: 33 173 5025 01 freensl-g20iree.fr (212.27.60.19] Google Page Rank: 7
1freens2-g20iree.fr[212.27.60.20] 1Alexa Traffic Rank: 11,330

Created: 29/12/2008 Updated: 17/02/2004 Source: whois.nicir
Completed at 19*07-2012 12:44:01 PM Processing time: 1.63 seconds

Vievy s o u r c e
FIGURE 2.31: SmartWhois screenshot
M o d u le 0 2 P a g e 1 9 3
W H O IS
L o o k u p
O n lin e T o o ls
C E H
SmartWhois
http://smartwhois.com
Whois
http://tools.whois.net
1 1
Better Whois
http://www. betterwhois. com
%
m im r =
DNSstuff
http://www.dnsstuff, com
Whois Source
http://www.whois.sc
p y y
S'
Network Solutions Whois

http://www.networksolutions.com
Web Wiz
fc ] http://www.webwiz.co. uk/domain tools/whois-lookup.htm
WebToolHub
http://www.webtooll 1whois-lookup. aspx
Network-Tools.com
http://network-tools.com
Ultra Tools
https://www.ultratools.com/whois/home
H O
I S
L o o k u p
T o o l s a re n u m e r o u s to o ls a v a ila b le in t h e m a rk e t to r e trie v e
S im ila r t o
S m a rtW h o is , th e r e
W h o is in fo rm a tio n . A f e w a re m e n tio n e d as fo llo w s :
p p
C o u n t r y W
h o is
----------S o u r c e : h t t p : / / w w w . t a m o s . c o m C o u n t r y W h o i s is a u t i l i t y f o r i d e n t i f y i n g t h e g e o g r a p h i c l o c a t i o n o f a n I P a d d r e s s . C o u n t r y W h o i s can be used to a n a ly z e s e r v e r lo g s , c h e c k e m a i l a d d r e s s h e a de rs, id e n tify o n lin e c r e d it ca rd
f r a u d , o r in a n y o t h e r i n s t a n c e w h e r e y o u n e e d t o q u i c k l y a n d a c c u r a t e l y d e t e r m i n e t h e c o u n t r y o f o r i g i n b y IP a d d r e s s .
L a n W
h o is
S o u rce : h ttp ://la n tric k s .c o m L a n W h o ls h e lp s you p ro v id e s in fo rm a tio n who, a b o u t d o m a in s and when and th e a d d re s s e s o n or s ite th e you I n t e r n e t . T h is a re p ro g ra m in was
d e te rm in e
w h e re ,
d o m a in
in te re s te d
re g is te re d , a n d th e
in fo rm a tio n
a b o u t t h o s e w h o s u p p o r t it n o w . T h is t o o l a llo w s y o u t o s a v e it la te r. Y o u c a n p r in t a n d s a v e t h e s e a rc h
y o u r s e a r c h r e s u l t in t h e f o r m r e s u l t in H T M L f o r m a t .
o f an a rc h iv e t o v ie w
M o d u le 0 2 P a g e 1 9 4
P j i^
t
t
B a tc h *
I P
C o n v e r t e r
S o u rce : h ttp ://w w w .n e tw o r k m o s t.c o m B a tc h IP C o n v e r t e r is a n e tw o rk to o l to w o rk w ith IP a d d r e s s e s . It c o m b i n e s D o m a in -to -IP
C o n v e r t e r , B a tc h P in g , T r a c e r t , W h o i s , W e b s i t e S c a n n e r , a n d C o n n e c t i o n in te rfa c e as w e ll as a n I P - t o - C o u n t r y C o n v e r t e r . It a llo w s y o u to
M o n i t o r in t o a s in g le IP a d d r e s s f o r a
lo o k u p th e
s in g le o r lis t o f d o m a in n a m e s a n d v ic e v e rs a .
r 1
C a lle r I P S o u rce : h ttp ://w w w .c a lle r ip p ro .c o m
C a lle rIP
is b a s i c a l l y IP a n d m ade th e to
p o rt m o n ito rin g
s o ftw a re
t h a t d is p la y s t h e to fin d th e
in c o m in g
and
o u tg o in g IP as
c o n n e c tio n
y o u r c o m p u te r. m ap. The
It a ls o a llo w s y o u re p o rtin g
o rig in key
o f a ll c o n n e c t i n g in fo rm a tio n such
a d d re s se s o n
w o rld
W h o is
fe a tu re
p ro v id e s
w h o a n IP is r e g i s t e r e d t o a l o n g w i t h c o n t a c t e m a i l a d d r e s s e s a n d p h o n e n u m b e r s .
h o ls
L o o k u p
u l t i p l e
A d d r e s s e s
S o u rce : h ttp ://w w w .s o b o ls o ft.c o m T h is s o f t w a r e m ore th re e o ffe rs a s o lu tio n U se rs can fo r u se rs w h o w a n t to lo o k up o w n e rs h ip th e m fro m d e ta ils fo r one or a re
IP a d d r e s s e s .
s im p ly e n te r
IP a d d r e s s e s
o r lo a d
a file . T h e r e
o p t io n s f o r lo o k u p s ite s : w h o is . d o m a in t o o ls . c o m , w h o is - s e a r c h . c o m , a n d w h o is . a r in . n e t . b e tw e e n lo o k u p s , t o a v o id lo c k o u ts f r o m th e s e w e b s ite s . T h e
T h e u s e r ca n s e t a d e la y p e rio d r e s u lt in g lis t s h o w s t h e t e x t file .
IP a d d r e s s e s a n d d e t a i l s o f e a c h . I t a l s o a l l o w s y o u t o s a v e r e s u l t s t o a
h o ls
A n a ly z e r
P r o
S o u rce : h ttp ://w w w .w h o is a n a lv z e r .c o m T h is t o o l a llo w s y o u t o a c c e s s in f o r m a t io n a b o u t a r e g is t e r e d d o m a in w o r l d w i d e ; y o u c a n v ie w th e d o m a in fin d in g th e o w n e r n a m e , d o m a in lo c a tio n n a m e , a n d c o n ta c t d e ta ils o f d o m a in can a ls o s u b m i t m u l t i p l e o w n e r . It a ls o h e l p s in q u e rie s w it h th is to o l
o f a s p e c ific d o m a in . Y o u
s im u lt a n e o u s ly . T h is t o o l g iv e s y o u t h e a b ilit y t o fo rm a t.
p rin t o r save th e
r e s u lt o f t h e q u e r y in H T M L
H o tW h o is S o u rce : h ttp ://w w w .tia ls o ft.c o m H o tW h o is c ity , is a n IP t r a c k i n g t o o l t h a t c a n phone n u m b e rs, re v e a l v a lu a b le and e m a il in fo rm a tio n , such of an IP as c o u n tr y , s ta te , The q u e ry
a d d re s s,
c o n ta c t
a d d re s se s
p ro v id e r.
m e c h a n is m
r e s o r t s t o a v a r i e t y o f R e g io n a l I n t e r n e t R e g is trie s , t o o b t a i n
IP W h o i s i n f o r m a t i o n
a b o u t IP a d d r e s s . W i t h
H o tW h o is y o u c a n m a k e w h o is q u e rie s e v e n if t h e re g is tra r, s u p p o r tin g
a p a rtic u la r d o m a in , d o e s n 't h a v e th e w h o is s e rv e r its e lf.
M o d u le 0 2 P a g e 1 9 5
h o is
2 0 1 0
P r o
S o u rce : h ttp ://la p s h in s .c o m W h o i s 2 0 1 0 P R O is n e t w o r k i n f o r m a t i o n s o f tw a r e th a t a llo w s y o u to l o o k u p a ll t h e a v a ila b le
in f o r m a t io n a b o u t a d o m a in n a m e , in c lu d in g c o u n tr y , s ta te o r p r o v in c e , c ity , a d m in is t r a t o r , a n d te c h n ic a l s u p p o r t c o n ta c t in fo rm a tio n .
(W )
A c t iv e W h o is S o u rce : h ttp ://w w w .jo h n r u .c o m
A c t i v e W h o i s is a n e t w o r k t o o l t o f i n d i n f o r m a t i o n a b o u t t h e o w n e r s o f IP a d d r e s s e s o r I n t e r n e t d o m a in s . Y o u ca n d e te r m in e th e c o u n tr y , p e rs o n a l a n d p o s ta l a d d re s s e s o f th e o w n e r, a n d /o r u s e r s o f IP a d d r e s s e s a n d d o m a i n s .
h o is T h is D o m a in
S o u rce : h ttp ://w w w .n ir s o ft.n e t W h o is T h is D o m a in a b o u t a re g is te re d is a d o m a i n r e g is tra tio n lo o k u p u tility th a t a llo w s you to get in fo rm a tio n re trie v e s
d o m a i n . It a u t o m a t i c a l l y c o n n e c t s t o t h e
rig h t W H O IS s e rv e r a n d
t h e W H O I S r e c o r d o f t h e d o m a i n . It s u p p o r t s b o t h g e n e r ic d o m a i n s a n d c o u n t r y c o d e d o m a in s .
M o d u le 0 2 P a g e 1 9 6
W H O IS
L o o k u p
O n lin e T o o ls
C E H
SmartWhois
http://smartwhois.com
Whois
http://tools.whois.net
1 1
Better Whois
http://www. betterwhois. com
%
m im r =
DNSstuff
http://www.dnsstuff, com
Whois Source
http://www.whois.se
p y y
S'
Network Solutions Whois

http://www.networksolutions.com
Web Wiz
fc ] http://www.webwiz.co. uk/domain tools/whois-lookup.htm
WebToolHub
http://www.webtooll 1whois-lookup. aspx
Network-Tools.com
http://network-tools.com
Ultra Tools
https://www.ultratools.com/whois/home
H O
I S
L o o k u p
n l i n e
T o o ls o n lin e W h o is lo o k u p to o ls
In a d d i t i o n t o t h e W h o i s l o o k u p t o o l s m e n t i o n e d s o f a r , a f e w a re lis te d as fo llo w s : Q Q O Q Q Q Q S Q S m a r tW h o is a v a ila b le a t h t t p : / / s m a r t w h o is . c o m B e tte r W h o is a v a ila b le a t h t t p : / / w w w . b e t t e r w h o is . c o m W h o is S o u rc e a v a ila b le a t h ttp ://w w w .w h o is .s e
W e b W iz a v a ila b le a t h t t p : / / w w w . w e b w iz . c o . u k / d o m a in - t o o ls / w h o is - lo o k u p . h t m N e tw o rk -T o o ls .c o m a v a ila b le a t h t t p : / / n e t w o r k - t o o ls . c o m
W h o is a v a ila b le a t h t t p : / / t o o ls . w h o is . n e t D N S s tu ff a v a ila b le a t h ttp ://w w w .d n s s tu ff.c o m N e t w o r k S o lu tio n s W h o is a v a ila b le a t h t t p : / / w w w . n e t w o r k s o l u t io n s . c o m W e b T o o lH u b a v a ila b le a t h t t p :/ / w w w . w e b t o o lh u b . c o m / t n 5 6 1 3 8 1 - w h o is - lo o k u p . a s p x U ltra T o o ls a v a ila b le a t h t t p s : / / w w w . u lt r a t o o ls . c o m / w h o is / h o m e
M o d u le 0 2 P a g e 1 9 7
C E H
WHOIS Footprinting
DNS Footprinting
Email Footprinting
F o o t p r i n t i n g -------
e t h o d o l o g y
T h e n e x t p h a s e i n f o o t p r i n t i n g m e t h o d o l o g y is D N S f o o t p r i n t i n g .
T h is s e c tio n d e s c rib e s h o w t o e x t r a c t D N S in f o r m a t io n a n d t h e D N S in t e r r o g a t i o n to o ls .
M o d u le 0 2 P a g e 1 9 8
E x t r a c t in g
0
D N S I n f o r m a t io n
(rtifwd
C E H
ilk. (41 UthM
0 A ttacker can gather DNS inform ation to determ ine key hosts in the netw o rk and can perform social engineering attacks
DNS records provide important information about location and type of servers
R e co rd T yp e A MX NS CNAM E SOA SRV PTR RP H IN FO T XT D e s c r ip t io n
D N S I n te r r o g a tio n T o o ls
P o in ts t o a h o s t's IP ad d re s s P o in ts t o d o m a in 's m a il se rv e r P o in ts t o h o s t's n a m e se rv e r C a n o n ic a l n a m in g a llo w s a lia se s to a h ost In d ic a te a u th o r ity fo r d o m a in S e rv ic e re c o rd s M a p s IP a d d re s s t o a h o s tn a m e R e sp o n sib le p e rso n H o s t in fo r m a t io n re c o r d in c lu d e s C P U t y p e an d O S U n s tru c tu r e d te x t re c o rd s
http://www.dnsstuff.com http://network-tools.com
E x t r a c t i n g DNS fo o tp rin tin g
D N S
I n f o r m to
a t i o n in fo rm a tio n about DNS zone d a ta . T h is DNS
a llo w s y o u
o b ta in
z o n e d a t a i n c l u d e s D N S d o m a i n n a m e s , c o m p u t e r n a m e s , IP a d d r e s s e s , a n d m u c h m o r e a b o u t a p a rtic u la r n e tw o rk . T h e a tta c k e r p e rfo r m s D N S fo o t p r in t in g o b ta in th e in fo rm a tio n key h o s ts about DNS. He and or she th e n uses o n t h e t a r g e t n e t w o r k in o r d e r t o th e g a th e re d DNS in fo rm a tio n to
d e te rm in e
in t h e
n e tw o rk
th e n
p e rfo rm s
s o c ia l e n g in e e r in g
a tta c k s to
g a th e r
m o re in fo rm a tio n . DNS fo o tp rin tin g can be p e rfo rm e d u s in g D N S in t e r r o g a t io n t o o ls s u c h as w w w . D N S s t u f f . c o m . a b o u t IP a d d r e s s e s , m a i l a b o u t a ta rg e t
B y u s i n g w w w . D N S s t u f f . c o m , i t is p o s s i b l e t o e x t r a c t D N S i n f o r m a t i o n s e rv e r e x te n s io n s , DNS lo o k u p s , W h o is lo o k u p s , e tc . If y o u w ant
in fo rm a tio n
c o m p a n y , i t is p o s s i b l e t o e x t r a c t i t s r a n g e o f IP a d d r e s s e s u t i l i z i n g t h e I P r o u t i n g l o o k u p o f D N S s tu ff. If t h e t a r g e t n e t w o r k a llo w s u n k n o w n , u n a u t h o r iz e d u s e rs t o t r a n s f e r D N S z o n e d a ta , t h e n i t is e a s y f o r y o u t o to o l. O nce you re sp o n d to send th e you w ith q u e r y u s in g t h e a re co rd DNS in te rro g a tio n to o l to th e DN S se rv e r, th e a b o u t th e s e rv e r w ill o b ta in th e in fo rm a tio n a b o u t DNS w ith th e h e lp o f th e DNS in te rro g a tio n
s tru c tu re th a t c o n ta in s
in fo rm a tio n
ta rg e t DNS. DNS
re c o rd s p ro v id e im p o r ta n t in fo r m a tio n a b o u t lo c a tio n a n d ty p e o f s e rve rs. Q A - P o i n t s t o a h o s t ' s IP a d d r e s s
M o d u le 0 2 P a g e 1 9 9
Q Q Q Q Q Q 6
M X P o in ts t o d o m a in 's m a il s e rv e r NS - P o in ts t o h o s t's n a m e s e rv e r C N A M E - C a n o n ic a l n a m in g a llo w s a lia s e s t o a h o s t S O A - In d ic a te a u t h o r it y f o r d o m a in SR V - S e rv ic e r e c o r d s P T R - M a p s IP a d d r e s s t o a h o s t n a m e RP - R e s p o n s i b l e p e r s o n H IN F O - H o s t in f o r m a t io n r e c o r d in c lu d e s C PU t y p e a n d OS
A f e w m o r e e x a m p le s o f D N S in t e r r o g a tio n to o ls t o s e n d a D N S q u e r y in c lu d e : 6 h ttp ://w w w .d n s s tu ff.c o m h ttp ://n e tw o rk -to o ls .c o m
M o d u le 0 2 P a g e 2 0 0
E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s C o p y r ig h t b y
E C -C 0 l1 n cil
E x t r a c t in g
D N S I n f o r m a t io n
( C o n t d )
C E H
(rtifw tf | EthKJi U ck M
T h is t o o l i s v e r y u s e f u l t o p e r f o r m a D N S q u e r y o n a n y h o s t . E a c h d o m a in n a m e (Ex a m p le : d n s q u e r ie s . c o m ) i s s t r u c t u r e d in h o s t s (e x :
^ Perform DNS query
Q 10
u e r ie s , c o m ) a n d t h e D N S ( D o m a in N a m e S y s t e m ) a llo w t o t r a n s la t e t h e d o m a in n a m e o r t h e h o s t n a m e in an IP A d d r e s s c o n t a c t v ia t h e T C P / I P p r o t o c o l. T h e r e a r e s e r v e r a l t y p e s o f q u e r ie microsoft.com s,
c o r r e s p o n d in g t o a ll t h e I m p le m e n t a b le t y p e s o f D N S r e c o r d s s u c h a s A re c o rd , M X . A A A A , C N A M E an d SOA.
Results for checks on m icro so ft.co m

H ost m ic r o s o f t .c o m !J m ic r o s o f t .c o m m lc r o s o f t .c o m ^ m ic io b u f t . c o iii J m ic r o s o f t .c o m m ic r o s o f t .c o m m ic r o s o f t .c o m m ic r o s o f t .c o m m ic r o s o f t .c o m ^ m ic r o s o f t .c o m $ m ic r o s o f t .c o m $ TTL 3381 3381 3381 3381 3381 3381 C la s s IN IN IN IN IN IN ly p e TXT TXT MX SOA A A NS NS NS NS NS D e ta ils FbU F 6 D bkE * A w 1 / v / i9 x g D i3 K V r llZ u s 5 v 8 L 6 tb lQ Z k G r Q r V Q K J i8 C jQ b B tW t 6 4 e y 4 N JJv /j5 J6 5 P lg g V Y N a b d Q v - s p f Include: s p f- a . m lc r o s o f t .c o m Include :_ s p f- b .m fc ro s o ft.c o m 1 n c lu d e :_ sp fc. m lc r o s o ft .c o m 1nclu de:_spf-ssg a . m ic r o s o ft .c o m ip 4 : l 3 1 . 1 0 7 .1 1 5 .2 1 5 ip i : 1 3 1 .1 0 7 .1 1 5 .2 1 4 ip 4 :2 0 5 .2 4 8 .1 0 6 .6 4 ip 4 : 2 0 5 .2 4 8 .1 0 6 .3 0 ip 4 :2 0 5 .2 4 8 .1 0 6 .3 2 * all 1 0 m a ll. m e s s a g ln g . m lc r o s o n . c o m ! J n s 1 .m s f t. n e t m b n h b t .m ia b f t .c m 2 01 2 0 7 1 6 0 2 3C0 6 00 2 4 1 9 2 0 0 3 600 6 4 .4 .1 1 .3 7 () 6 5.5 5 .5 8 .7 0 1 $ n s 5 .m s ft.n e t n s 2 .m s ft.n e t n s 1 .m s f t.n e t (g) n s 3 .m s f t.n e t $ n s 4 .m s f t.n e t yj}
00 0
'J
141531 IN 141531 IN 141531 IN 141531 IN 141531 IN
h ttp ://w w w .d n s q u e r ie s .c o m
Copyright by EG-GtailCil. All Rights Reserved. Reproduction is Strictly Prohibited.
E x t r a c t i n g
D N S
I n f o r m
a t i o n
( C
o n t d )
S o u rce : h ttp ://w w w .d n s q u e rie s .c o m P e rfo rm p e rfo rm in h o s ts DNS q u e ry a v a ila b le at h ttp ://w w w .d n s q u e rie s .c o m is a to o l th a t a llo w s you to
a D N S q u e r y o n a n y h o s t . E a c h d o m a i n n a m e ( e x a m p l e : d n s q u e r i e s . c o m ) is s t r u c t u r e d (ex: w w w .d n s q u e rie s .c o m ) a n d th e DNS (D o m a in Nam e S y s te m ) a llo w s anyone to
t r a n s l a t e t h e d o m a i n n a m e o r t h e h o s t n a m e i n a n IP a d d r e s s t o c o n t a c t v i a t h e T he re a re se ve ra l ty p e s of q u e rie s , c o rre s p o n d in g to a ll th e
TCP/IP
p ro to c o l. of DNS
im p le m e n ta b le
ty p e s
re c o rd s su ch as a re c o rd , M X , A A A A , C N A M E , a n d SOA. Now le t's s e e h o w t h e DNS in te r r o g a tio n to o l re trie v e s in fo r m a tio n a b o u t th e DNS. G o to th e
b ro w s e r and ty p e h ttp ://w w w .d n s q u e rie s .c o m b e d i s p l a y e d in t h e b r o w s e r . E n t e r t h e d o m a i n n a m e o f y o u r i n t e r e s t in t h e a re e n te rin g M ic ro s o ft.c o m ) and c lic k th e
a n d p re s s E n te r. T h e D N S q u e ry 's h o m e s ite w ill
P e rfo rm Run
D N S q u e r y 's H o s tN a m e fie ld (h e re w e b u tto n ; th e DNS in fo rm a tio n fo r
to o l
M i c r o s o f t . c o m w i l l b e d i s p l a y e d as s h o w n in t h e f o l l o w i n g f i g u r e .
M o d u le 0 2 P a g e 2 0 1
T h is t o o l is v e r y u s e f u l t o p e r f o r m a D N S q u e r y o n a n y h o s t . E a c h d o m a in n a m e ( F x a m p le : d n s q u e r ie s . c o m ) is s t r u c t u r e d in h o s t s (ex: w w w . d n s q u 9 r ie s . c o m ) a n d t h e D N S ( D o m a in Nam S y s t e m ) a llo w o v o r y b o d y t o t r a n s la t o t h o d o m a in n a m o o r t h o h o s t n a m e in an IP A d d r o s s t o c o n t a c t v ia t h e T C P / I P p r o t o c o l. T h e r e a r e s e r v e r ^ t y p e s o f q u e r ie s , c o r r e s p o n d in g t o dll t h e im p le m e n ld b le t y p e s o f D N S r e c o r d s s u c h A r e c o r d , M X , A A A A , C N A M E a n d SO A .
Q Perform DNS query

H o s t fla m e :
[mcrosoftcom Type:
ANY 0 | R un to o h T
Results fo r checks on m 1crosoft.com

H ost m ic r o s o ft .c o m TTL 3381 3381 3381 3381 3381 3381 141531 141531 141531 141531 141531 C la s s IN IN IN IN IN IN IN IN IN IN IN Type TXT TXT MX SOA A A NS NS NS NS NS D e ta ils F b U F 6 D b k E * A v v l/w i9 x g D i8 K V rllZ u s 5 v 8 L 6 tb lQ Z k G rQ / V Q K Ji8 C jQ b B tW tE 6 4 e y 4 N JJ v v j5 J6 5 P lg g W N a b d Q - v= spf ln c lu d e :_ s p f-a .m fc r o s o fL c o m ln d u d e :_ s p f b .m fc r o s o ft.c o m ln c lu d e :_ s p f a . m ic r o s o ft.c o m i p 4 : l 3 l . l C 7 . 1 l 5 . 2 l 5 i p 4 : l 3 l .1 0 7 .1 1 5 .2 1 4 ip 4 :2 G 5 .2 4 8 .1 0 0 .6 4 ip 4 :2 0 5 .2 4 3 .1 06.30 ip 4 :2 0 5 .2 4 8 .1 0 6 .3 2 ' a l l
micr030ft.c0m
m ic r o s o ft .c o m m ic r o s o t t. c o m ^ m ic r o s o ft .c o m m ic r o s o ft .c o m
c . m lc r o s o ft.c o m 1 n d u d e :_ s p f-s sg
10 mail.mes5aging.micro50ft.c0m
n s l.m s ft .n e t m s n h s t .m ic r o s o f t . c o m 2 01 2 0 7 1 6 0 2 300 6 0 0 2 4 1 9 20 0 3 600
64.4.11.37 sJ
6 5 55.58.201 n s 5 .m s f t.n e t {gj n s 2 .m s lt .n e t $ n s 1 .m s ft.n e t !} n s 3 .m s ft.n e t rr54.t1tsft.net ' j
microsoh.com ^
m ic r o s o t t. c o m ^ m ic r o s o ft .c o m C J m ic r o s o ft .c o m Q
n1icr050ft.c0m ^
FIGURE 2 .3 2 : S c re e n s h o t s h o w in g DNS in fo r m a tio n f o r M ic ro s o ft.c o m
M o d u le 0 2 P a g e 2 0 2
DNS Interrogation Tools

A
DIG
http://www.kloth.net
____
C E H
DNSWatch
http://www.dns watch, info
myDNSTools
http://www.mydnstools.info
DomainTools
http://www.domaintools.com
ffjp slli
D N S
Professional Toolset
http://www.dnsstuff. com
(0 m
1 rv ' - ,
DNS
http://e-dns.org
DNS Records
http://net work-tools.com
DNS Lookup Tool

http://www.webwiz. co.uk
DNSData View
http://www.nirsoft.net
DNS Query Utility

http://www.webmaster-toolkit. com
I n t e r r o g a t i o n
T o o l s
A f e w m o r e w e ll- k n o w n D N S in t e r r o g a t i o n t o o ls a re lis te d as fo llo w s : D IG a v a ila b le a t h t t p : / / w w w . k l o t h . n e t m y D N S T o o ls a v a ila b le a t h ttp ://w w w .m y d n s to o ls .in fo P ro fe s s io n a l T o o ls e t a v a ila b le a t h t t p : / / w w w . d n s s t u f f . c o m D N S R e c o rd s a v a ila b le a t h t t p : / / n e t w o r k - t o o ls . c o m D N S D a ta V ie w a v a ila b le a t h t t p : / / w w w . n i r s o f t . n e t D N S W a tc h a v a ila b le a t h ttp ://w w w .d n s w a tc h .in fo D o m a in T o o ls P ro a v a ila b le a t h ttp ://w w w .d o m a in to o ls .c o m D N S a v a ila b le a t h t t p :/ / e - d n s . o r g D N S L o o k u p T o o l a v a ila b le a t h t t p : / / w w w . w e b w iz . c o . u k D N S Q u e ry U tility a v a ila b le a t h t t p : / / w w w . w e b m a s t e r - t o o lk i t . c o m
M o d u le 0 2 P a g e 2 0 3
C E H
WHOIS Footprinting
DNS Footprinting
Email Footprinting
F o o t p r i n t i n g The in fo rm a tio n . next So, s te p we a fte r w ill
e t h o d o l o g y th e DNS in fo rm a tio n is to g a th e r n e tw o rk -re la te d n e tw o rk -
re trie v in g d is c u s s
now
n e tw o rk
fo o tp rin tin g ,
a m e th o d
o f g a th e rin g
re la te d in fo rm a tio n . T h is s e c tio n d e s c rib e s how to lo c a te n e tw o rk range, d e te rm in e th e o p e ra tin g s y s te m ,
T ra c e ro u te , a n d th e T ra c e ro u te to o ls .
M o d u le 0 2 P a g e 2 0 4
Locate the Network Range

J Network range information obtained assists an attacker to create a map of the target's network Find the range of IP addresses using ARIN whois database search tool You can find the range of IP addresses and the subnet mask used by the target organization from Regional Internet Registry (RIR)
Q u e rie d w h o is .a r in .n e t w ith "n . . N e tR a n g e : C ID R : O rig in A S : N e tN a m e : N e tH a n d le : P a r e n t: N e tT y p e : N a m e S e rv e r: N a m e S e rv e r: N a m e S e rv e r: N a m e S e rv e r: N a m e S e rv e r: R e g D a te : U p d a te d : R e f: M IC R O S O F T -G L O B A L -N E T N E T N E T N S . . .
(citifwd
CE H
IthKJI lUckM . " . . .
N e tw o r k W h o is R e c o rd
J J
207 46 232 1 8 2 2 07.46. 0. 0 207 46 2 5 5 .2 5 5 2 07.46 0/16 2 0 74 600 -1 2 0 7000 -0

-
D ir e c t N S N S N S N S
2 4 1 5 3 1 9 9 70 3 -3 1 2 0 0 41 2 -0 9
ic ro s o ft M
A s s ig n m e n t
.M S F T .N E T .M S F T .N E T .M S F T .N E T .M S F T .N E T .M S F T .N E T
2 0 74 600 -1
-
h t tp : / /w M
h o is .a r in .n e t/r e s t/n e t/N E T C o rp W ay
O rg N a m e :
Orgld:
A d d re s s : C ity : S ta te P r o v :
MSFT O ne WA US ic ro s o ft R edm ond
PostalCode:
C o u n try : R e g D a te : U p d a te d : R e f: O r g A b u s e H a n d le O rg A k u se N a m e : O rg A b u se P h o n e : O rg A b u s e E m a il: O rg A b u se R e f:
h t t p : //w h o is . a r i n .n e t/re s t/o rg /M S F T ABU SE A b u se + -A R IN
Atta cker
9 8 0 5 2 1 9 9 80 7 -1 0 2 0 0 91 1 -1 0 2 3 1 14 2 58 8 2 -8 0 8 0
-
N e tw o rk
a b u s e @ h o tm a il. com
h t t p : / /w h o is . a r i n .n e t/re s t/p o c /A B U S E
2 3 1
-A R IN
Copyright by EG-Gtancil. All Rights Reserved. Reproduction is Strictly Prohibited.
-
fo r, an d
L o c a t e To
t h e
e t w
o r k
R a n g e you need to g a th e r b a s ic and im p o rta n t
p e rfo rm
n e tw o rk
fo o tp rin tin g ,
in fo rm a tio n
a b o u t th e t a r g e t o rg a n iz a tio n su ch as w h a t th e o rg a n iz a tio n d o e s , w h o th e y w o r k o f w o rk th e y p e rfo rm . The a n s w e rs to th e s e q u e s tio n s g iv e you an id e a
w h a t ty p e
a b o u t th e in te rn a l s tr u c tu r e o f th e ta r g e t n e tw o rk . A fte r g a th e rin g th e ran g e a fo re m e n tio n e d in fo rm a tio n , an a tta c k e r can p ro c e e d to fin d th e d e ta ile d in fo rm a tio n fro m th e n e tw o rk
o f a ta rg e t s y s te m .
He o r she can g e t m o re
a p p ro p ria te
r e g i o n a l r e g i s t r y d a t a b a s e r e g a r d i n g IP a l l o c a t i o n a n d t h e
n a tu r e o f th e a llo c a tio n . A n a tta c k e r
c a n a ls o d e t e r m i n e t h e s u b n e t m a s k o f t h e d o m a in . H e o r s h e c a n a ls o t r a c e t h e r o u t e b e t w e e n th e s y s te m and th e ta rg e t s y s te m . Two p o p u la r tra c e ro u te to o ls a re N e o T ra ce and V is u a l
R o u te . O b ta in in g A u th o rity In te rn e ts : p riv a te (IA N A ) IP a d d r e s s e s c a n has rese rve d th e be u s e fu l fo r an a tta c k e r. T h e fo llo w in g (1 0 /8 th re e b lo c k s o f t h e In t e r n e t A s s ig n e d N u m b e rs
IP a d d r e s s s p a c e f o r p r i v a t e (1 7 2 .1 6 /1 2
1 0 .0 .0 .0 -1 0 .2 5 5 .2 5 5 .2 5 5
p re fix ),
1 7 2 .1 6 .0 .0 -1 7 2 .3 1 .2 5 5 .2 5 5
p re fix ) , a n d 1 9 2 .1 6 8 . 0 .0 - 1 9 2 .1 6 8 .2 5 5 .2 5 5 ( 1 9 2 .1 6 8 /1 6 p re fix ). The n e tw o rk ran g e g iv e s you an id e a about how th e n e tw o rk is , w h ic h m a c h in e s in th e
n e t w o r k s a re a liv e , a n d it h e lp s t o id e n t i f y t h e n e t w o r k t o p o lo g y , a c c e s s c o n t r o l d e v ic e , a n d OS
M o d u le 0 2 P a g e 2 0 5
u s e d in t h e t a r g e t n e t w o r k . T o f i n d t h e
n e tw o rk ra n g e o f th e ta rg e t n e tw o rk , e n te r th e s e rve r
IP a d d r e s s ( t h a t w a s g a t h e r e d i n W H O I S f o o t p r i n t i n g ) i n t h e A R I N w h o i s d a t a b a s e s e a r c h t o o l o r you can go to th e A R IN w e b s ite (h t t p s ://w w w .a r in .n e t/k n o w le d g e /r ir s .h tm l) a n d e n te r th e
s e r v e r IP i n t h e S E A R C H W h o i s t e x t b o x . Y o u w i l l g e t t h e n e t w o r k r a n g e o f t h e t a r g e t n e t w o r k . I f th e D N S s e rv e r s a re n o t s e t u p c o r r e c t ly , t h e a t t a c k e r h a s a g o o d c h a n c e o f o b t a i n i n g a lis t o f
in te r n a l m a c h in e s o n t h e s e rv e r . A ls o , s o m e t im e s if a n a t t a c k e r tr a c e s a r o u t e t o a m a c h in e , h e o r s h e c a n g e t t h e i n t e r n a l IP a d d r e s s o f t h e g a t e w a y , w h i c h m i g h t b e u s e f u l . N e tw o rk W h o is R e c o rd
Q u e rie d w h o is . a r i n . n e t w it h
"n 2 0 7 .4 6 .2 3 2 .1 8 2 ",
2 0 7 .4 6 .0 .0 - 2 0 7 .4 6 .2 5 5 .2 5 5 N e tR a n g e : 2 0 7 .4 6 .0 .0 /1 6 C ID R : O rig in A S : MICROSOFT-GLOBAL-NET NetN am e: N E T -207 -46-0 -0-1 N e tH a n d le : N E T -20 7 -0 -0 -0 -0 P a re n t: D i r e c t A s s ig n m e n t N e tT yp e : N S 2 .MSFT.NET N am eS e rve r: N S 4 .MSFT.NET N am eS e rve r: NS1.MSFT.NET N am eS e rve r: NS5.MSFT.NET N am eS e rve r: NS3.MSFT.NET N am eS erver: 1997-03-31 R eg D a te : 2 0 04-12-09 U p d a ted : h ttp ://w h o is .a r i n .n e t/re s t/n e t/N E T R e f: 2 0 7 -4 6 -0 -0 -1 M i c r o s o f t Corp O rgN a m e : MS FT O rg ld : One M i c r o s o f t Way A ddress: Redmond C ity : WA S ta te P ro v : 98052 P o s ta lC o d e : US C o u n try : 1998-0 7 -1 0 R eg D a te : 2 0 0 9-1 1 -1 0 U p d a ted : h t t p : / /w h o is .a r i n . n e t/re s t/o rg /M S F T R e f: O r g A b u s e H a n d l e : ABUSE23 1 - A R I N OrgAbuseName: Abuse O rgA buseP hone: + 1 -4 25-882-8080 O rg A b u s e E m a il: e k b u s e @ h o tm a il.c o m O rgA b use R e f: h t t p : / / w h o i s . a r i n . n e t/re s t/p o c /A B U S E 2 3 1 -A R IN
Y o u n e e d t o u s e m o r e t h a n o n e t o o l t o o b t a in n e t w o r k in f o r m a t i o n as s o m e t im e s a s in g le t o o l is n o t c a p a b l e o f d e l i v e r i n g t h e i n f o r m a t i o n y o u w a n t .
M o d u le 0 2 P a g e 2 0 6
Determ ine the O perating System c E H

(itifw d tU M Jl N M h M
Use the Netcraft tool to determine the OSes in use by the target organization
Copyright by EC-CaHCil. All Rights Reserved. Reproduction is Strictly Prohibited.
\ D e t e r m i n e t h e O p e r a t i n g S y s t e m
S o u rce : h ttp ://n e w s .n e tc ra ft.c o m S o f a r w e h a v e c o l l e c t e d i n f o r m a t i o n a b o u t IP a d d r e s s e s , n e t w o r k r a n g e s , s e r v e r n a m e s , e t c . o f th e ta rg e t n e tw o rk . Now it's tim e to fin d out th e OS r u n n in g on th e ta rg e t n e tw o rk . The
t e c h n i q u e o f o b t a i n i n g i n f o r m a t i o n a b o u t t h e t a r g e t n e t w o r k O S is c a l l e d O S f i n g e r p r i n t i n g . T h e N e tc r a ft to o l w ill h e lp y o u t o fin d o u t th e OS r u n n in g o n th e ta r g e t n e tw o r k . L e t's s e e h o w N e t c r a f t h e lp s y o u d e t e r , o m e t h e O S o f t h e t a r g e t n e t w o r k . Open th e h ttp ://n e w s .n e tc ra ft.c o m s ite in y o u r b ro w se r and ty p e th e d o m a in nam e of your
t a r g e t n e t w o r k in t h e W h a t ' s t h a t s it e r u n n i n g ? f i e l d ( h e r e w e a r e c o n s i d e r i n g t h e d o m a i n n a m e M i c r o s o f t . c o m " ) . It d is p la y s a ll t h e s it e s a s s o c i a t e d w i t h t h a t d o m a i n a l o n g w i t h t h e o p e r a t i n g s y s t e m r u n n in g o n e a c h s ite .
M o d u le 0 2 P a g e 2 0 7
OS, Wab Scrrcr aad Mosang M i lory for wlnOo/o./ricrosoft.coai
riE T C R ^ F T
* kBtxkOwiMi
S earch W eb by Domain I E >pb(0 1 .0 4 5 .7 4 5w # &:la s u<1 tdb yu s9rs ofth N p icra fl T o o lb a r

fiM fchr *arch .!p.
raeo-^
r* fk;-p
3 rdA u g u st 2 0 1 2
lookup!
fWC-P P5 NG-P H fclG-P GIC-P
M 1UOS08-88/7.5 Mier6<w8-8S/7 5 Micre&Jt IIS/7 ( Miaoso8-83/7 5 Miacsat-iis5 / Micrcs:>MS/7 6 M ierc sot HC/7 6 Miacso-S/7 5 Mieroso8-flS/7 5 Uiaeco IS/75
lft-JUl-2012 14Jul-901? 8 Jun 2012 14-Ju1-2012 18-M ay-2012 14-May-2012 10Apr-2012 12-Apr-2012 18-Uar-?01? 11 Mar-2012
M 55 175 113 M W 175183
6 (( 8 1 3 3
M ac** Cap Acre** Cap! Merc s Cap Macso Cap MCTCSJtCCfp
55 55 175183 5555.176183 85 56 175183 56 52103 234 55 52 103234 55 52 103 ?34 65 5 175 183
s* contains
ft
Ucreot Cat
Were5 Cap M a cs* Cap U a c s * Cap lAacsot Cap
a te contains .net : aft.com
r s c ic p F5 eG-P F5 BIC-P F6 6ICP
Results fo r m icro soft 1 Found 252 sites Site

1. w .x n :f5 J 0 f:.: r1 1 2. 34. :upert.m tro5eft.to f'e c s 'f.fo r nnd9M .TkfM f(.tom
Site Report First seen
Netblock
microsoft corp microsoft corp mieroaoft torp microsoft corp
O S
otrix netscaler unicnown otrix n atari to* w rio o a * * 2 0 0 8 % otrix netsealor unoow n citnx notscalor window ! e 2008 *r f i w . >0 2 otrix notacotor ctrix n t ttta l - rS o * Mac: UpOTie - the Dm* since last reboot >3explained la the fAO Sle >wvwpassport con www encarta.com asioue com MM MrcarpeiAteem mada com rriacsotcomt* mtreso* iu mjrat hcrro microcoHcom c9lm acso 8.com * mw 12:2:1 r*1 nKrc08c0m wwwmancanvlw caficcant wwwoficccom 08k nMcmalt cent Mogs tacftnatcam wwwrnuesot.con1 lemincom men ca p IA/EC0U msnccra Avtraoe 60 52 48 46 41 39 38 38 3 33 32 20 20 20 35 36 24 92 32 20 !8 Uax 129 56 91 81 6 39 50 84 66 77 *6 2 0 185 110 20 45 ?4 36 51 79 ! CiMi nCral*r F5BC P > J ? ! ! < OS v/11o*3 Sr. a 2CC8 reoG-p wnflows S f r . t r2i<X inertx (1M1) 2*120*24:13 Server U1ac308-1S/7 5
1
1
1
a e
a a a 1 a a 1 (U a a a a a a a a
august 1995 octobar 1997 august 1909 juoa 1998
& $ F
5. r s d 1.merosoftcom 67. ca-m 1:ro*oftxom soaal tochncc.microsoft.ccm
saptennbor 1998 microsoft coro novombor 1998 microsoft corp august 2008 august 2009 microsoft coro microsoft imttod
UtCTCSOM S/7 Q l/Krcsot-IS/7 5 Uiereso IS/7 Macs*-*2/7: lft<yc90MSS7 5 U*<reco*-IS/7 5
1 1
8. 'tswara.nnicroioft.coni 9. MNM<pdta.nlcnaoftcDn 10. aooal.msdn.iTtKroBoft.tom 11 } m1!f01H,t1 12 *d0<updta.nKrft.<0m 13. n ffd it r#r1
m a y2007
august 2008 novombor 2001 ms hotm! fabwary 1999 faboary 3003 microsoft corp microsoft corp
FSBCP
wnoows s*rr* 2W8 intro** Pf&C-P rsoG -r F6BG-P w ! Sana 2CC3
ao-v2308
K.aco S/7 5 WlCTCSOf-MIP*/ l2 0 IMac40MS/7 4 ItK T C M U t^f u.acsol-lC/7 5 IWa$0MV/5 U1ac 08-iS/7 5 Iitacc08 li/7 8 U atM H V T S
wr<M 1 var ?90S linuv
14. 1.mr91alWff>alatftr,nyr IS. search.mKroicft.ccm 16. ***(.m icroioftator com 17. :o ^ r .mtcrotoHorV11to.com IB. M0r.1nKr0B0H.c0m
novombor ?008 Itam ai torhnelooiet January 1997
a<ama international v Itoux f5
novombor 2008 d ltal rlvor iroiand ltd. docombor 2010 microsoft corp october 00 microsoft corp
bio-c
I M O C K O M S M 0
U>ae sol 1V7 8 U tacso18/7 0 IAOCSOt-13/7 3
window s%a 21303 w rcova S*2008 \
FIGURE 2.3 3 : N e tc r a ft s h o w in g th e o p e ra tin g s y s te m th a t is in use b y M ic ro s o ft
M o d u le 0 2 P a g e 2 0 8
E t h ic a l H a c k in g a n d C o u n t e r m e a s u r e s C o p y r ig h t b y E C - C 0 lin C il A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d .
e t e r m
i n e
t h e
p e r a t i n g
S y s t e m
( C
o n t d )
((IL *
' * '
S H O D A N
S e a r c h
E n g in e
S o u rce : h ttp ://w w w .s h o d a n h a .c o m
U s e S H O D A N s e a rc h e n g in e t h a t le ts y o u f in d s p e c ific c o m p u t e r s ( r o u t e r s , s e rv e r s , e tc .) u s in g a v a r ie ty o f filte rs .
Ex
p o s e
n l in e
e v ic e s
. ,vA >j
W ebcam s. Ro uters. P O W E R P L A N T S . IP H O N E S . W I N D T U R B IN E S . R E FR IG E R A T O R S . V O IP P H O N E S .
* *
Take a Tour
Free Sion Up
Papular Search Querios: RuggotiConi oyposod via loln ot Wired: hT1f /w w w .w 1ro<].car11f]rGaCeveV2012/0'Un 1ggQdco1n-iH C M ooti (-ull O iscloctrc: http:/'soc...
U2
D e v e lo p e r API
Ond out how 1 0 accc33 the Qhodan ilHtalMSH with P/lhon. Pw1 ot Ruby
Le a r n M o r e
Gel rnorc oat c f ycur 5 c jcfc3 and find * mfnmaton rwwl
Fo l l o w M e
> * * 1
FIGURE 2 .3 4 : SHODAN S earch E ngine s c re e n s h o t
M o d u le 0 2 P a g e 2 0 9
* SHODAN
Search
Services HTTP HTTP Alternate FTP SNMP UPnP 6,692.080 164,711 13.543 9,022 6.392
Error
66.77.20.147 W indow s XP B1znews24.com A d d e d on 25 09 2012 S Arin gton H T T P 1.0 4 0 3 F o rb id d e n C o n te n t-L e n g th 218 C o n te n t T y p e : te x th tm l S e r v e r M ic r o s o ft-I IS 6 .0 IIS E x p o rt: T h is w e b site w a s e x p o rte d u sm g U S E x p o rt v 4 J c lie n t s 2 .b n 2 4 .c o m X -P o w e re d -B y : A S P .N E T D a te : T u e ? 25 S e p 2 0 1 2 0 1 :5 3 :0 0 G M T
Top Countries United States China United Kingdom Germany Canada 3,352,389 506,298 362,793 247,985 246,968 www.net.cn)
112.127.180.133 HiChina W eb Solutions (Bering) Lim ited A d d e d on 25 0 9 2 0 1 2 H Chaoyang H T T P 1.0 2 0 0 O K C o n te n t- T y p e : te x th tm l L a s t-M o d ifie d W ed. 2 2 J u n 2011 1 0 :28:46 G M T A cc ep t-R an g e s: b y te s E T ag: " 0 8 3 b 4 2 sc 7 3 0 c c l:0 "
Top Cities Englewood Beijing Columbus Dallas Seoul 170,677 111,663 107,163 90.899 86,213
Server. M ic r o s o ft-I IS 7.5 X -P o w e r e d - B y A S P N E T X -U A -C o m p a tib le E - E m u la te I E 7 D ate: T u e , 25 S e p 2 0 1 2 0 1 :5 3 :0 2 G M T C o n te n t L ength: 5304
Top Organizations Verio W eb Hosting 97,784 HiChina W eb Solutions ... 52,629 Ecommerce Corporation 43,967 GoDaddy.com, LLC 33,234 Comcast Business Commu... 32,203
The page must be viewed over a secure channel

41.216.174.82 W in dow s XP V D T C o m m u n ic a t io n s L im it e d A d d e d on 25 0 9 2 0 1 2 H T T P 1 .0 4 0 3 F o rb id d e n C o n ten t-L en g th : 1409 C o n te n t- T y p e : te x th tm l S e r v e r M ic r o s o ft-I IS 6 .0 X -P o w e r e d - B y A S P N E T D a te : T u e , 25 S e p 2 0 1 2 0 1 :5 9 :2 0 G M T
II
IIS7
110.142.89.161 T elstra Internet A d d e d on 25 09 2012 e f l W entw orth F a ls H T T P 1.0 2 0 0 O K C o n te n t- T y p e : te x th tm l L a s t-M o d ifie d : S a t, 2 0 N o v 2 0 1 0 0 3 :13:31 G M T A c c ep t-R an g e s: b y te s E T ag: 3 a 2 4 cb e 8 6 0 S 8 c b l :0" S e r v e r M ic r o s o ft-I IS 7.5 X -P o w e re d -B y : A S P N E T D a te : T u e , 25 S e p 2 0 1 2 0 1 :5 2 :5 0 G M T
FIGURE 2 .3 5 : SH O D AN s c re e n s h o t
M o d u le 0 2 P a g e 2 1 0
E t h i c a l H a c k i n g a n d C o u n t e r m e a s u r e s C o p y r i g h t b y E C - C 0 U n C il A l l R ig h t s R e s e r v e d , R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d .
Traceroute
Traceroute programs work on the concept of ICMP protocol and use the TTL field in the header of ICMP packets to discover the routers on the path to a target host
IP Source
IC M P E cho re q u e s t
C E H
Router Hop Router Hop Destination Host
Router Hop
TTL = 1
T r a c e r o u t e F in d in g t h e ro u te o f th e t a r g e t h o s t is n e c e s s a r y t o t e s t a g a i n s t m a n - i n t h e m i d d l e ro u te o f t h e t a r g e t h o s t in u tility p ro v id e d w ith
a tta c k s a n d o t h e r re la tiv e a tta c k s . T h e r e fo r e , y o u th e n e t w o r k . T h is c a n be a c c o m p lis h e d w ith th e
n e e d to fin d th e h e lp o f th e
T ra c e ro u te
m o s t o p e r a t i n g s y s t e m s . It a l l o w s y o u t o t r a c e t h e p a t h o r r o u t e t h r o u g h w h i c h t h e t a r g e t h o s t p a c k e ts t r a v e l in t h e n e t w o r k . T r a c e r o u t e u s e s t h e I C M P p r o t o c o l c o n c e p t a n d T T L ( T i m e t o L i v e ) f i e l d o f IP h e a d e r t o f i n d t h e p a t h o f t h e t a r g e t h o s t in t h e n e t w o r k . T he T ra c e ro u te th e u tility can d e ta il th e p a th IP p a c k e t s t r a v e l b e t w e e n ro u n d trip tw o s y s t e m s . It c a n t r a c e d u ra tio n in t r a n s i t i n g
n u m b e r o f ro u te rs th e
p a c k e ts tra v e l th r o u g h , th e
tim e
b e tw e e n tw o
r o u te r s , a n d , if t h e
r o u te r s h a v e D N S e n trie s , th e g e o g ra p h ic L iv e (T T L ). m ay lo c a tio n . The It w o r k s fie ld
n a m e s o f th e
ro u te rs a n d th e ir o f th e th e w ill
n e t w o r k a ffilia tio n , as w e ll as th e In te rn e t m a x im u m P ro to c o l num ber c a lle d of T im e a To
b y e x p lo itin g a fe a tu r e is in te rp re te d th a t th e to a
TTL
in d ic a te packet
ro u te rs
packet
tra n s it.
Each
ro u te r
h a n d le s
d e c r e m e n t th e TTL c o u n t fie ld p a c k e t w ill p a c k e t. be d is c a rd e d and
in t h e an
IC M P h e a d e r b y o n e . W h e n m essage w ill be
c o u n t re a c h e s z e ro , th e to th e o rig in a to r o f th e
e rro r
tra n s m itte d
M o d u le 0 2 P a g e 2 1 1
It s e n d s o u t a p a c k e t d e s t i n e d f o r t h e d e s t i n a t i o n s p e c i f i e d . It s e t s t h e T T L f i e l d in t h e p a c k e t t o o n e . T h e f i r s t r o u t e r in t h e p a th re c e iv e s t h e p a c k e t, d e c r e m e n ts th e TTL v a lu e b y o n e , a n d if
t h e r e s u l t i n g T T L v a l u e is 0 , i t d i s c a r d s t h e p a c k e t a n d s e n d s a m e s s a g e b a c k t o t h e o r i g i n a t i n g h o s t to in fo rm i t t h a t t h e p a c k e t h a s b e e n d i s c a r d e d . It r e c o r d s t h e IP a d d r e s s a n d D N S n a m e o f
t h a t r o u t e r , a n d s e n d s o u t a n o t h e r p a c k e t w i t h a T T L v a lu e o f t w o . T h is p a c k e t m a k e s it t h r o u g h t h e f i r s t r o u t e r , t h e n t i m e s - o u t a t t h e n e x t r o u t e r in t h e p a t h . T h i s s e c o n d r o u t e r a ls o s e n d s a n e r r o r m e s s a g e b a c k t o t h e o r i g i n a t i n g h o s t . T r a c e r o u t e c o n t i n u e s t o d o t h i s , a n d r e c o r d s t h e IP a d d re s s a n d n a m e o f e a c h r o u t e r u n til a p a c k e t fin a lly re a c h e s t h e t a r g e t h o s t o r u n til it d e c id e s t h a t t h e h o s t is u n r e a c h a b l e . I n t h e p r o c e s s , i t r e c o r d s t h e t i m e i t t o o k f o r e a c h p a c k e t t o t r a v e l ro u n d trip to each ro u te r. th e F in a lly , when it re a ch e s u tility th e d e s tin a tio n , th e n o rm a l IC M P p in g
re s p o n s e w ill b e se n d to
s e n d e r. T h u s, th is
h e lp s t o
reve a l th e
IP a d d r e s s e s o f t h e
i n t e r m e d i a t e h o p s in t h e r o u t e o f t h e t a r g e t h o s t f r o m t h e s o u r c e .
IP S ource
ICMP Echo request
R o u te r H op
TTl =1
R o u te r H op
R o u te r H op
D e s tin a tio n H ost
.................................
............................................................................................................................... '
a a a a
HTSTSW S
A A A
ICMP error message ICMP Echo request
- ...............................
ICMP error message ICMP Echo request A Mi A A A A A A " 1
ICMP error message ICMP Echo request
H I ::::
A
ICMP Echo Reply
AA A A
FIGURE 2 .3 6 : W o rk in g o f T ra c e ro u te p ro g ra m
How to use the tracert command

G o to th e c o m m a n d p ro m p t an d ty p e th e t r a c e r t o r d o m a in n a m e as fo llo w s : c o m m a n d a l o n g w i t h d e s t i n a t i o n IP a d d r e s s
C :\> tra c e rt
2 1 6 .23 9.3 6.1 0

[2 1 6 .2 3 9 .3 6 .1 0 ] o v e r a m a x im u m o f 30 hops:
T ra c in g r o u te t o n s 3 .g o o g le .c o m
1 2 3 4 5 6 7
1 2 6 2 ms 2 7 9 6 ms 1 5 5 ms 2171 ms
1 8 6 ms 3 0 6 1 ms 2 1 7 ms 1 4 0 5 ms 1 2 8 0 ms 5 3 0 ms 1124 ms
124
ms
195.229.252.10 1 9 5 .2 29.252.130 195.229.252.114 194.170.2.57 d x b - e m i x - r a . g e 6 3 0 3 . e m i x . ae d x b - e m i x - r b . s o l O O . e m i x . ae [1 9 5 .2 2 9 .3 1 .9 9 ] [1 9 5 .2 2 9 .0 .2 3 0 ] [1 6 6 .6 3 .2 1 4 .6 5 ]
3 4 3 6 ms 1 5 5 ms 1530 ms
2 6 8 5 ms 2 0 2 ms 609 ms
6 5 5 ms 9 9 9 ms 1748 ms
ia rl-s o -3 -2 -0 .T h a m e s s id e .c w .n e t
M o d u le 0 2 P a g e 2 1 2
8 1 6 2 2 ms 9 10 11 12 Trace 2 4 9 8 ms
2377
ms
2 0 6 1 ms 5 9 3 ms
e q ix v a -g o o g le -g ig e .g o o g le .c o m 2 16 .239.48.193
[206.223.115.21]
9 6 8 ms 3 6 8 6 ms 1 5 2 9 ms 1 6 8 3 ms
3 5 4 6 ms 1 8 0 6 ms 1 1 0 8 ms
3 0 3 0 ms 2 1 6 . 2 3 9 . 4 8 . 8 9 8 1 2 ms 2 1 6 . 3 3 . 9 8 . 1 5 4 2 0 6 2 ms n s 3 . g o o g l e . c o m [2 1 6.239.36.10]
co m p le te .
M o d u le 0 2 P a g e 2 1 3
Traceroute Analysis
Attackers co n d u c t tra ce ro u te to extract in fo rm a tio n a bo u t: n e tw o rk to p o lo g y , tru sted ro u te rs, and fire w a ll lo ca tio n s For exam ple: a fter running several tra c e ro u te s, an attacker m ight o bta in th e fo llo w in g in fo rm atio n: & a J traceroute 1.10.10.20, second to last hop is 1.10.10.1 traceroute 1 10.20.10, third to last hop is 1.10.10.1 traceroute 1 10.20.10, second to last hop is 1.10.10.50 traceroute 1 10.20.15, third to last hop is 1.10.10.1 traceroute 1 10.20.15, second to last hop is 1.10.10.50
By putting this in fo rm a tio n together, attackers can draw th e n e tw o rk dia g ra m
n o
E D
IIIIIIIIIIIIIIIIIIII
1 .1 0 .1 0 .2 0
B a s tio n H ost
1 .1 0 .2 0 .1 0
W e b S e rv e r
H acker
1.10.20.50
1 .1 0 .2 0 .
M a il S e rv e r
F ire w a ll
T r a c e r o u t e s W e have seen
A n a l y s i s th e T ra c e ro u te u tility h e lp s y o u to fin d o u t th e s o u rc e IP a d d r e s s e s o f and d e s tin a tio n .
how
in te rm e d ia te
d e v ic e s s u c h
as r o u te r s , fir e w a lls , e tc . p r e s e n t b e t w e e n
Y o u ca n d r a w th e n e tw o r k to p o lo g y d ia g ra m se ve ra l tra c e ro u te s , y o u n e tw o rk . w ill b e a b le t o fin d
b y a n a ly z in g th e T r a c e r o u te re s u lts . A f t e r r u n n in g o u t th e lo c a tio n o f a p a rtic u la r h o p in t h e t a r g e t
L e t's c o n s i d e r t h e f o l l o w i n g t r a c e r o u t e r e s u lt s o b t a i n e d :
9 9
tra ce ro u te tra ce ro u te tra ce ro u te tra ce ro u te tra ce ro u te
1 .1 0 .1 0 .2 0 , 1 .1 0 .2 20 0 .. 1 10 0. 1 .1 0 .2 0 .1 0 1 .1 0 .2 0 .1 5 1 .1 0 .2 0 .1 5
second th ird second th ird second
to to to to to
la s t la s t la s t la s t la s t
hop hop hop hop hop
is is is is is
1 .1 0 .1 0 .1 1 .1 0 .1 0 .1 1 .1 0 .1 0 .5 0 1 .1 0 .1 0 .1 1 .1 0 .1 0 .5 0
o f t h e t a r g e t n e t w o r k as
B y a n a ly z in g th e s e re s u lts , a n a tta c k e r ca n d r a w t h e n e t w o r k d ia g ra m fo llo w s :
M o d u le 0 2 P a g e 2 1 4
1.10.20.10
W eb Server
DMZ ZONE
Hacker In te rn e t
.........
1.10.10.1
Router 1.10.10.50 Firewall 1.10.20.15 M ail S erv er 1.10.20.50 Firew all
FIGURE 2 .3 7 : D ia g ra m m a tic a l re p re s e n ta tio n o f th e ta r g e t n e tw o rk
M o d u le 0 2 P a g e 2 1 5
P a th
A n a ly z e r
P ro
and
V is u a lR o u te
2010
a re
th e
tw o
to o ls
s im ila r
to
T ra c e ro u te
i n t e n d e d t o t r a c e r o u t e t h e t a r g e t h o s t in a n e t w o r k . P a th A n a ly z e r P r o
<
P a th ro u te
S o u rce : h ttp ://w w w .p a th a n a ly z e r .c o m A n a ly z e r fro m P ro is a g r a p h i c a l - u s e r - i n t e r f a c e - b a s e d to d e s tin a tio n g ra p h ic a lly . It a ls o tra c e ro u tin g to o l th a t show s such you th e hop
so u rce
p ro v id e s
in fo rm a tio n
as t h e
n u m b e r , i t s IP a d d r e s s , h o s t n a m e , A S N , n e t w o r k
name,
% lo s s , la t e n c y , a v g . la t e n c y , a n d s td .
d e v . a b o u t e a c h h o p i n t h e p a t h . Y o u c a n a l s o m a p t h e l o c a t i o n o f t h e IP a d d r e s s i n t h e n e t w o r k w i t h t h i s t o o l . It a l l o w s y o u t o d e t e c t f ilt e r s , s t a t e fu l f ir e w a l ls , a n d o t h e r a n o m a lie s a u t o m a t i c a l l y in th e n e tw o rk .
M o d u le 0 2 P a g e 2 1 6
V is u a lR o u te
2 0 1 0
S o u rce : h ttp ://w w w .v is u a lr o u te .c o m T h i s is a n o t h e r g r a p h i c a l - u s e r - b a s e d t r a c i n g t o o l t h a t d i s p l a y s h o p - b y - h o p you to a n a ly s is . It e n a b le s
i d e n t i f y t h e g e o g r a p h i c a l l o c a t i o n o f t h e r o u t e r s , s e r v e r s , a n d o t h e r IP d e v i c e s . I t is a b l e in t h r e e f o r m s : as a n o v e r a l l a n a ly s is , in a d a t a t a b l e , a n d as
to p ro v id e th e tra c in g in fo r m a tio n
a g e o g r a p h i c a l v i e w o f t h e r o u t i n g . T h e d a t a t a b l e c o n t a i n s i n f o r m a t i o n s u c h a s h o p n u m b e r , IP a d d r e s s , n o d e n a m e , g e o g r a p h i c a l l o c a t i o n , e t c . a b o u t e a c h h o p in t h e r o u t e . F e a tu re s : 9 9 ^ 9 9 9 9 9 H o p -b y -h o p tra c e ro u te s R e ve rse tr a c in g H is to ric a l a n a ly s is P a c k e t lo s s r e p o r t i n g R e ve rse DNS P in g p l o t t i n g P o rt p ro b in g F i r e f o x a n d IE p l u g i n
M o d u le 0 2 P a g e 2 1 7
Frfe Edt Options View M *p
VisualRoute 2010 Business Edition Tnal day 1 of IS

Tools H*4p
s Mm lo o lv . y S#tv* t% stopped
t from
My Compute*
v ttp ://
v.n-KT00ftaH
I ct
www m*cf * com (65 55 57 8 0 ) f| _ O M .m a lo o t s , j Run o o c
00
PM
? f
Trcf ou le to w w w j K
1 0
to n .c o n
1
A a J rtformfton ^ h<k and / V A n a ly s is
9
To L o c a t io n N e tw o rk RTT F ir e w a ll P o rt P r o b e P a c k e t lo s s www m icrosoft c om (65 5 5 57 80) Redm ond. W A . U S A M 1cro*oft Corp // Mot responding to pings O pen to http request* on port 80 R unning *enter M icro*o!WIS/7 5 R esp on ded in 9543m * AH
6 1 q
oa
Kgre to m o vt this view f
in general thr* rout is reason ably q u ic k ,* th hop* !*ponding on average within 122m s However, all h ops after hop 10 in network ]Network for 207 46 47 18)* !*pond particularly *lowtjr
RTT
116 3 m * /2 9 6 m *
1 *
P acket Loss 36 l% / 1 0 0 % R o u te le n g th A t least 17 hops A lt e r n a te ro u te s ? 4 hop(*) hare alternate route* (Hop{*) 1 2 .1 3 .1 4 & 15)
O Tracer out to w n w in K i otoH .com
You are on day l of a IS day tria l. For purchase inform ation d id t h e re or en ter a license key. Your database is 338 days out of da te d ick here to update. li t i t tim e u s e S pe< u l offe t ? Q kfc h g t 10 J M f c l H t f l i B f t 1 V b m B P V t g 1 * t t t i f l f l i l * H o u rs O nly!
FIGURE 2 .3 9 : V is u a lR o u te 2 0 1 0 s c re e n s h o t
M o d u le 0 2 P a g e 2 1 8
Traceroute Tools
( C o n t d )
C E H
M a g ic N e tT ra c e
p ^ j
1^1 | r l
N e t w o r k P in g e r
http:/'/www. networkpinger.com
http://www.tialsoft.com
G E O S p id e r
http://www.oreware, com
0!
3 D T r a c e r o u te
http://www.d3tr.de
v T ra c e
A n a lo g X H y p e rT ra c e
http://vtrace.pl
http://www.analogx.com
N e tw o r k S y s te m s T ra c e ro u te
http://www.net.princeton.edu
Si
R o a d k il's T ra c e R o u te
http://www. roadkil. net
Mot
P in g P lo tte r
V4V
http://www.pingplotter, com
T r a c e r o u t e A fe w lis te d as fo llo w s : S Q Q Q Q 0 Q Q Q
T o o l s
( C
o n t d ) P a th A n a ly z e r P ro a n d V is u a lR o u te 2 0 1 0 a re
m o re tra c e ro u te
to o ls s im ila r to
N e t w o r k P in g e r a v a ila b le a t h t t p : / / w w w . n e t w o r k p i n g e r . c o m G E O S p id e r a v a ila b le a t h t t p : / / w w w . o r e w a r e . c o m v T ra c e a v a ila b le a t h t t p :/ / v t r a c e . p l T r o u t a v a ila b le a t h t t p : / / w w w . m c a f e e . c o m R o a d k il's T ra c e R o u te a v a ila b le a t h t t p : / / w w w . r o a d k i l . n e t M a g ic N e tT ra c e a v a ila b le a t h t t p : / / w w w . t ia ls o f t . c o m 3 D T ra c e ro u te a v a ila b le a t h ttp ://w w w .d 3 tr .d e A n a lo g X H y p e rT ra c e a v a ila b le a t h t t p :/ / w w w .a n a lo g x . c o m N e t w o r k S y s te m s T ra c e ro u te a v a ila b le a t h t t p : / / w w w . n e t . p r i n c e t o n . e d u P in g P l o t t e r a v a ila b le a t h t t p : / / w w w . p i n g p l o t t e r . c o m
M o d u le 0 2 P a g e 2 1 9
M e t h o d o lo g y
C E H
WHOIS Footprinting
DNS Footprinting
Email Footprinting
Copyright by EG-G ouid. A ll Rights Reserved. Reproduction isStrictly Prohibited.
F o o t p r i n t i n g So fa r w e
e t h o d o l o g y in fo rm a tio n e ith e r w ith th e s o c ia l e n g in e e r in g ,
h a v e d is c u s s e d v a r io u s te c h n iq u e s o f g a t h e r in g
h e lp o f o n lin e r e s o u r c e s o r to o ls . N o w w e w ill d is c u s s f o o t p r i n t i n g t h r o u g h th e a rt o f g ra b b in g in fo rm a tio n fr o m p e o p le b y m a n ip u la tin g th e m .
T h is s e c tio n c o v e rs t h e s o c ia l e n g in e e r in g c o n c e p t a n d t e c h n iq u e s u s e d t o g a t h e r in f o r m a t io n .
M o d u le 0 2 P a g e 2 2 0
FootprintingthroughSocial Engineering
0 J
r Ell E
!z
n r \ 4 1 r* 0 0
Social e n g in e e rin g is th e a r t o f c o n v in c in g p e o p le to re v e a l c o n fid e n tia l in fo rm a tio n
Social e n g in e e rs d e p e n d on th e fa c t th a t p e o p le are u n a w a re o f th e ir v a lu a b le in fo rm a tio n an d are careless a b o u t p ro te c tin g it
0
Social e n g in e e rs a tte m p t to g a ther: & S S S S Credit card details and social security number User names and passwords Other personal information Security products in use Operating systems and software versions Network layout information IP addresses and names of servers
0
Social e n g in eers use th e s e te ch n iq u e s: S S S S Eavesdropping Shoulder surfing Dumpster diving Impersonation on social networking sites
m
0 0
Copyright by EG-G(HIICil. All Rights Reserved. Reproduction Is Strictly Prohibited.
F o o t p r i n t i n g S o c ia l e n g in e e rin g
t h r o u g h is a t o t a l l y
S o c ia l
n g i n e e r i n g p ro ce ss in w h ic h an a tta c k e r tric k s a
n o n -te c h n ic a l a b o u t th e
p e rs o n a n d o b ta in s c o n fid e n tia l in fo rm a tio n
t a r g e t i n s u c h a w a y t h a t t h e t a r g e t is
u n a w a r e o f t h e f a c t t h a t s o m e o n e is s t e a l i n g h i s o r h e r c o n f i d e n t i a l i n f o r m a t i o n . T h e a t t a c k e r a c t u a lly p la y s a c u n n in g g a m e w i t h t h e t a r g e t t o o b t a i n c o n f id e n t ia l i n f o r m a t io n . T h e a t t a c k e r ta k e s a d v a n ta g e in fo rm a tio n . To p e rfo rm th e n tric k s o c ia l e n g in e e r in g , y o u f i r s t n e e d t o g a in t h e c o n f i d e n c e o f a n a u t h o r i z e d u s e r a n d h im is t o or her in to re v e a lin g c o n fid e n tia l in fo rm a tio n . and th e n The b a s ic goal of s o c ia l fo r o f th e h e lp in g n a tu re o f p e o p le and th e ir w e a k n e s s to p ro v id e c o n fid e n tia l
e n g in e e rin g
o b ta in
re q u ire d
c o n fid e n tia l
in fo rm a tio n
use th a t
in fo rm a tio n
h a c k in g a t t e m p t s s u c h as g a in in g u n a u t h o r iz e d e s p io n a g e , n e tw o rk in tru s io n , c o m m it fra u d s ,
access to th e e tc . T h e
s y s te m , id e n tity th e ft, in d u s tria l o b ta in e d th ro u g h s o c ia l
in fo rm a tio n
e n g in e e r in g m a y in c lu d e c r e d it c a rd d e ta ils , s o c ia l s e c u r it y n u m b e r s , u s e r n a m e s a n d p a s s w o r d s , o th e r p e rs o n a l in fo rm a tio n , o p e ra tin g s y s te m s a n d s o ftw a re s e rv e rs , n e tw o r k la y o u t in fo rm a tio n , a n d h a ck a s y s te m o r to c o m m it fra u d . S o c ia l e n g i n e e r i n g can be p e rfo rm e d in m a n y w a y s s u c h as e a v e s d r o p p in g , s h o u ld e r s u rfin g , m uch v e r s i o n s , IP a d d r e s s e s , n a m e s o f
m o r e . S o c ia l e n g in e e r s u s e t h is i n f o r m a t i o n t o
d u m p s t e r d iv in g , im p e r s o n a t i o n o n s o c ia l n e t w o r k i n g s ite s , a n d s o o n .
M o d u le 0 2 P a g e 2 2 1
C o lle c t I n f o r m
a t io n
U s in g
E a v e s d r o p p in g ,
f J *
S h o u ld e r S u r fin g ,
a n d
D u m p s t e r D iv in g
[ j
E a v e s d ro p p in g
Eavesdropping is un authorized listening o f conversations or reading o f m essages It is interception o f any form of com m un ication such as audio, video, or w ritten &
S h o u ld e r S u rfin g
Shoulder surfing is the procedure w here the attackers lo o k over the user's sho ulder to gain critical inform ation Attackers gather inform ation such as passwords, personal identification num ber, account num bers, credit card inform ation, etc. 6
D u m p s te r D iv in g
Dum pster diving is looking for treasure in so m e o n e else's trash It involves collection o f phone bills, contact inform ation, financial inform ation, operations related inform ation, etc. from the target com pany's trash bins, printer trash bins, user desk for sticky notes, etc.
C o l l e c t I n f o r m a n d D a t i o n u m S u r f i n g , As m e n tio n e d
u s i n g D p s t e r i v i n g
E a v e s d r o p p i n g ,
S h o u l d e r
p re v io u s ly e a v e s d ro p p in g , s h o u ld e r s u rfin g , a n d d u m p s t e r d riv in g a re th e th r e e p e o p l e u s in g s o c ia l e n g i n e e r i n g . L e t's d is c u s s t h e s e
te c h n iq u e s u se d to c o lle c t in fo r m a tio n f r o m
s o c ia l e n g in e e r in g t e c h n i q u e s t o u n d e r s t a n d h o w t h e y c a n b e p e r f o r m e d t o o b t a i n c o n f id e n t ia l in fo rm a tio n .
E a v e s d r o p p in g E a v e s d ro p p in g is t h e a c t o f s e c re tly lis te n in g to th e c o n v e rs a tio n s o f p e o p le over a
p h o n e o r v id e o c o n f e r e n c e w i t h o u t t h e i r c o n s e n t . It a ls o in c lu d e s r e a d in g s e c r e t m e s s a g e s f r o m c o m m u n i c a t i o n m e d i a s u c h a s i n s t a n t m e s s a g i n g o r f a x t r a n s m i s s i o n s . T h u s , i t is b a s i c a l l y t h e a c t o f in t e r c e p t in g c o m m u n ic a t io n w i t h o u t t h e c o n s e n t o f t h e c o m m u n ic a t in g p a rtie s . T h e a tta c k e r g a in s c o n fid e n tia l in fo rm a tio n by ta p p in g th e phone c o n v e rs a tio n , and in te rc e p tin g a u d io ,
v id e o , o r w r it t e n c o m m u n ic a tio n . S h o u ld e r W ith S u r fin g a n d s e c re tly o b s e rv e s th e
th is te c h n iq u e , an a t t a c k e r s ta n d s b e h in d th e v ic tim
v ic tim 's a c tiv itie s o n th e c o m p u t e r s u c h k e y s tro k e s w h ile e n te r in g u s e rn a m e s , p a s s w o rd s , e tc .
M o d u le 0 2 P a g e 2 2 2
T h is t e c h n iq u e c re d it ca rd
is c o m m o n l y and
used
to
g a in d a ta .
p a s s w o rd s , It c a n be
P IN s, s e c u r it y p e rfo rm e d in
codes, account a cro w de d
n u m b e rs, as it is
in fo rm a tio n ,
s im ila r
p la c e
r e l a t i v e l y e a s y t o s t a n d b e h in d t h e v i c t i m w i t h o u t h is o r h e r k n o w l e d g e .
D u m p s t e r T h is t e c h n iq u e
D iv in g is a l s o k n o w n a s t r a s h i n g , w h e r e t h e a t t a c k e r l o o k s f o r i n f o r m a t i o n s u c h as p h o n e in
th e t a r g e t c o m p a n y 's d u m p s te r . T h e a tta c k e r m a y g a in v ita l in f o r m a t io n c o n ta c t in fo r m a tio n , fin a n c ia l in fo r m a tio n , o p e r a tio n s - r e la te d codes, p rin to u ts o f s e n s itiv e in fo rm a tio n , e tc . f r o m th e
b ills ,
in fo rm a tio n , p rin to u ts o f s o u rc e tra s h b in s , p rin te r
ta rg e t c o m p a n y 's
t r a s h b in s , a n d s tic k y n o t e s a t u s e rs ' d e s k s , e tc . T h e o b t a i n e d i n f o r m a t i o n c a n b e h e lp f u l f o r t h e a tta c k e r to c o m m it a tta c k s .
M o d u le 0 2 P a g e 2 2 3
F o o t p r in t in g M e t h o d o lo g y
WHOIS Footprinting
DNS Footprinting
Email Footprinting
F o o t p r i n t i n g Though th ro u g h s o c ia l fo o tp rin tin g
e t h o d o l o g y s o c ia l a re n e tw o rk in g s ite s sounds s im ila r th e to fo o tp rin tin g m e th o d s . In
th ro u g h th e re
e n g in e e rin g ,
som e
d iffe re n c e s
b e tw e e n p e o p le th e use in to
tw o
fo o tp rin tin g w h e re a s a v a ila b le in on
th ro u g h
s o c ia l e n g in e e r in g , t h e th ro u g h s o c ia l
a tta c k e r tric k s s ite s , even
re v e a lin g g a th e rs
in fo rm a tio n in fo rm a tio n s ite s as a
fo o tp rin tin g s o c ia l
n e tw o rk in g can
a tta c k e r s o c ia l
n e tw o rk in g
s ite s .
A tta c k e rs
n e tw o rk in g
m e d iu m to p e rfo rm
s o c ia l e n g in e e r in g a tta c k s . a n d w h a t in fo rm a tio n ca n b e c o lle c te d fr o m s o c ia l n e t w o r k i n g s ite s
T h is s e c t io n e x p la in s h o w
b y m e a n s o f s o c ia l e n g in e e r in g .
M o d u le 0 2 P a g e 2 2 4
C o lle c t
I n f o r m
a t i o n
t h r o u g h
S o c ia l S ite s
E n g i n e e r i n g
o n
S o c ia l
N e t w o r k i n g
Attackers g a ther sensitive in fo rm a tio n th ro u g h social e n g inee ring on social n e tw o rk in g w ebsites such as Facebook, M ySpace, Linkedln, T w itte r, P interest, G oogle+, etc.
I V
Attackers create a fake p ro file on social n e tw o rk in g sites and th e n use th e false id e n tity to lure th e em ployees to give up th e ir sensitive in fo rm a tio n
Employees may post personal inform ation such as date of birth, educational and em ploym ent backgrounds, spouses names, etc. and information about their company such as potential clients and business partners, trade secrets of business, websites, company's upcoming news, mergers, acquisitions, etc.
Using th e details o f an em ployee o f th e ta rg e t organization, an attacker can
co m p ro m ise a secured fa c ility
Copyright by EG-G*ancil. All Rights Reserved. Reproduction is Strictly Prohibited
o l l e c t N
I n f o r m e t w
a t i o n
t h r o u g h
S o c ia l
E n g i n e e r i n g
o n
S o c ia l
o r k i n g
S it e s
S o c ia l n e t w o r k i n g s ite s a re t h e o n l i n e s e r v ic e s , p l a t f o r m s , o r s ite s t h a t a l l o w p e o p l e t o c o n n e c t w i t h e a c h o t h e r a n d t o b u i l d s o c i a l r e l a t i o n s a m o n g p e o p l e . T h e u s e o f s o c i a l n e t w o r k i n g s i t e s is in c re a s in g T w itte r, fe a tu re s . ra p id ly . E x a m p le s o f s o c ia l n e t w o r k i n g so on . to Each s ite s in c lu d e Facebook, s ite M ySpace, L in k e d ln , and be
P in te re s t, G o o g le + , a n d One s ite m ay be
s o c ia l n e t w o r k in g frie n d s ,
h a s its o w n e tc . and
p u rp o s e m ay
in te n d e d
connect
fa m ily ,
a n o th e r
in t e n d e d t o s h a r e p r o f e s s io n a l p r o f ile s , e tc . T h e s e s o c ia l n e t w o r k i n g s ite s a re o p e n t o e v e r y o n e . A tta c k e rs m ay ta k e a d v a n ta g e o f th e s e to g ra b s e n s itiv e in fo rm a tio n fro m u se rs e ith e r by
b ro w s in g th ro u g h h im or her
u s e rs ' p u b lic p ro file s o r b y c r e a tin g a fa k e p ro file a n d tric k in g u s e r t o b e lie v e u se r. These s ite s a llo w p e o p le to s ta y c o n n e c te d w ith o th e rs , to
as a g e n u in e
m a in ta in
p ro fe s s io n a l p ro file s , a n d t o s h a re th e
in fo rm a tio n w ith
o t h e r s . O n s o c ia l n e t w o r k i n g
s ite s , p e o p l e m a y p o s t in f o r m a t i o n s u c h as d a t e o f b ir t h , e d u c a t io n a l i n f o r m a t i o n , e m p l o y m e n t b a c k g ro u n d s , s p o u s e 's nam es, e tc . and c o m p a n ie s m ay post in fo rm a tio n such as p o te n tia l
p a rtn e rs , w e b s ite s , a n d u p c o m in g n e w s a b o u t th e c o m p a n y . F o r a n a tta c k e r , th e s e s o c ia l n e t w o r k in g s ite s c a n b e g re a t s o u rc e s to fin d in fo rm a tio n about
t h e t a r g e t p e r s o n o r t h e c o m p a n y . T h e s e s ite s h e lp a n a t t a c k e r t o c o lle c t o n ly t h e in f o r m a t io n u p lo a d e d by th e p e rs o n o r th e com pany. A tta c k e rs can e a s ily access p u b lic pages o f th e s e
M o d u le 0 2 P a g e 2 2 5
a c c o u n t s o n t h e s ite s . T o o b t a i n m o r e i n f o r m a t i o n a b o u t t h e t a r g e t , a t t a c k e r s m a y c r e a t e a f a k e a c c o u n t a n d u s e s o c ia l e n g in e e r in g t o lu r e t h e v ic t im to re v e a l m o r e in fo r m a tio n . F or e x a m p le , t h e fa k e a c c o u n t; if t h e v ic tim
th e a tta c k e r can se n d a frie n d re q u e s t to th e ta rg e t p e rs o n fr o m
a c c e p ts th e re q u e s t, th e n th e a tta c k e r ca n access e v e n th e r e s tric te d p a g es o f th e ta r g e t p e rs o n o n t h a t w e b s it e . T h u s , s o c ia l n e t w o r k i n g s ite s p r o v e t o a tta c k e rs . b e a v a lu a b le in fo r m a tio n reso u rce fo r
M o d u le 0 2 P a g e 2 2 6
Inform ationA vailable onSocial N etw orking Sites

What Attacker Gets What Users Do
Organizations Do
C E H
Attacker Gets
Contact info, lo ca tio n, etc. M a in ta in profile U ser surveys .*
Business strategies Business strategies J I
Friends list, frien ds info, etc.
jk A.
Connect to friends, chatting
P ro m o te products
Product profile
......
Identity o f a fa m ily m em b ers Share photos and video s U ser suppo rt Social engineering
..................................
R e c ru itm e n t i Platform /technology ' : inform ation
Play gam es, join groups
Creates events
Background check to hire em ployees
Type o f business
n
I n f o r m So n e tw o rk in g fa r, s ite s ;
a t i o n have we
v a i l a b l e how
o n an
S o c ia l a tta c k e r
e t w g ra b
o r k i n g
S it e s fro m fro m s o c ia l s o c ia l
we now
d is c u s s e d w ill
can an
in fo rm a tio n can get
d is c u s s
what
in fo rm a tio n
a tta c k e r
n e t w o r k i n g s ite s . P e o p le u s u a lly m a in ta in th e m p ro file s and to on get s o c ia l n e tw o rk in g w ith s ite s in o rd e r p ro file to p ro v id e b a s ic
in fo rm a tio n
about
c o n n e c te d
o th e rs .
The
g e n e ra lly
c o n ta in s
i n f o r m a t i o n s u c h as n a m e , c o n t a c t i n f o r m a t i o n ( m o b i l e n u m b e r , e m a il ID ), f r i e n d s ' i n f o r m a t i o n , in fo rm a tio n frie n d s and a b o u t fa m ily c h a t w ith m e m b e rs , th e ir can in te re s ts , a c tiv itie s , e tc . P e o p le u s u a lly c o n n e c t to th e ir c h a ts .
th e m .
A tta c k e rs
g a th e r s e n s itiv e s h a re
in fo rm a tio n
th ro u g h
S o c ia l n e t w o r k i n g s ite s a ls o a l l o w
p e o p le to
p h o t o s a n d v id e o s w i t h t h e i r f r ie n d s . If t h e
p e o p le d o n 't s e t t h e ir p riv a c y s e ttin g s f o r t h e ir a lb u m s , th e n a tta c k e r s ca n see th e p ic tu re s a n d v id e o s s h a re d b y th e v ic tim . U se rs m a y jo in g ro u p s t o p la y s g a m e s o r t o s h a re t h e ir v ie w s a n d
in te re s ts . A tta c k e r s c a n g r a b in f o r m a t io n a b o u t a v ic tim 's in te re s ts b y tr a c k in g t h e ir g ro u p s a n d th e n can tr a p th e v ic tim to reveal m o re in fo rm a tio n . U se rs m a y c re a te e v e n ts to n o tify o th e r
u s e rs o f g r o u p a b o u t u p c o m in g o c c a s io n s . W it h th e s e e v e n ts , a tta c k e r s ca n re v e a l t h e v ic tim 's a c t iv it ie s . L ik e in d iv id u a ls , o r g a n iz a t io n s a ls o u s e s o c ia l n e t w o r k i n g s ite s t o c o n n e c t w i t h p e o p le , p ro m o te th e ir p ro d u c ts , and to g a th e r fe e d b a c k about th e ir p ro d u c ts or s e rv ic e s , e tc . The
M o d u le 0 2 P a g e 2 2 7
a c t iv it ie s o f a n o r g a n iz a t io n o n t h e s o c ia l n e t w o r k in g s ite s a n d t h e a n a tt a c k e r ca n g ra b a re as fo llo w s :
re s p e c tiv e in f o r m a t io n t h a t
W h a t O r g a n iz a tio n s D o U se r s u rv e y s P ro m o te p ro d u c ts User su p p o rt B a c k g ro u n d c h e c k t o h ire
W h a t A tta c k e r G e ts B u s in e s s s t r a t e g ie s P ro d u c t p ro file S o c ia l e n g in e e r in g
T y p e o f b u s in e s s e m p lo y e e s
TABLE 2 .1 : W h a t o rg a n iz a tio n s Do a n d W h a t A tta c k e r G ets
M o d u le 0 2 P a g e 2 2 8
Collecting FacebookInform ation C E H

F a c e b o o k is a T r e a s u re - tr o v e f o r A tta c k e r s
E u ro p e
223,376,640
Middle East N. Americi^J^
174,586,680 V / ' V 174,586,680
18,241,080
S T k ,'%
L a t in A m e r ic a
141,612,220
N u m b e r of user using F a c e b o o k all over the world
8 4 5
1 0 0
r\ o
* O
&
m illion m onthly active users billion connections
2 5 0
W
1 of every 5 of all page views minutes tim e spent per visit
m illion photos uploaded daily
o l l e c t i n g
F a c e b o o k
I n f o r m
a t i o n
F a c e b o o k is o n e o f t h e w o r l d ' s l a r g e s t s o c i a l n e t w o r k i n g s i t e s , h a v i n g m o r e t h a n 8 4 5 m i l l i o n m o n t h l y a c t i v e u s e r s a ll o v e r t h e w o r l d . It a l l o w s p e o p l e t o c r e a t e t h e i r p e r s o n a l p r o f i l e , a d d fr ie n d s , e x c h a n g e in s ta n t m essages, c r e a te o r jo in v a r io u s g r o u p s o r c o m m u n it ie s , a n d m u c h m o re . An a tta c k e r can g ra b fro m a ll t h e in fo rm a tio n p ro v id e d by th e v ic tim on F ace b o o k. T o g ra b
in fo rm a tio n lo g in to
F acebook, th e a c c o u n t, and
a tta c k e r s h o u ld se a rch fo r m ay e ith e r reveal
h a v e a n a c tiv e a c c o u n t. T h e a tta c k e r s h o u ld th e a ta rg e t of p e rs o n or o rg a n iz a tio n such h is as p ro file . phone
h is /h e r th e e m a il
B ro w s in g n u m b e r,
ta rg e t
p e rs o n 's
p ro file
lo t
u s e fu l
in fo rm a tio n
ID , f r i e n d
in fo rm a tio n ,
e d u c a tio n a l use th is
d e ta ils ,
p ro fe s s io n a l
d e ta ils ,
in te re s ts , p la n n in g ,
p h o to s , a n d
m uch
m ore . T he
a tta c k e r can
in fo rm a tio n
fo r fu rth e r
h a c k in g
s u c h as s o c ia l e n g in e e r in g , t o re v e a l m o r e in f o r m a t io n a b o u t t h e ta r g e t.
M o d u le 0 2 P a g e 2 2 9
About T h eO to o a lW inle g e n dF a c e b o o kP a g e . Jo h nle g e n dn e w s o n g* T o n g h tn o w o n Tiresh Q p e / flh 7 & T o n 0 tf

Biography
Basic Info facrbook Cmt OUHflM U tfiod J o h nle g e n dC A L L> ( 7 1 3 )5 0 2 -8 0 0 8 H o rn e t0 1 S p m g fie U .O M
R e c o rd n ga rtis t, c o n c e rtp e rfo rm e ra n dtN an tfrop st J o h nle g e n dh a tw o nn n e G ra m m y* w a rd *a n dw a *n a m e do n eo fT m e m a g a a n e*1 0 0 m o * trA je n fta l Jo h nlurchedh ac a re e ra sase sso np la y e ra n dv o ca b t, corrbutrgtob e s tse k n greardngi b ylairynHi, A k > aK e y * . Ja y 2 a n d* C a n y eW e s tb e fo re re c o rd n ghso w nirtro k ench a no fT o p1 0a b o rts G e tlifte d(2 0 0 4 ), O n c e A g a n...S mM o r A rtistsW eA lsoI d e e Estd e, v a u g h nA n th o n y ,K a n y eW e st. G o o dM \ jk
R ecordlabel G O O O M u sc -S o n y / C o tn t a G en eral M an ager * C arre ( location T h e A rfts i*O rg a ru a b o n S te v *W o n d e r, N e -Y o ,A JG re e n , Je ffB u d d e y N e w Y o rk
Contact Info W ebute h tip :/ ^ w w w .) h rie g e n d -c f f l h flp :/ / w w w .rfw m e c a p g n .o rg h ttp :/ / w w w y s p a c ec o j)o h rte g e n d h ttp :/ / w w w .y u % i)e c c m / )h r* e g e n d
Crete*Jrta tsA g e n c y
F a c e b o o kC 2 0 1 2 E n g ta h( U S )
A b o u tC re M ea nA d CetteaP a g eD e v e lo p e r* C a re e rs P riv a c yC o o to e s-T e rm ! H e f c >
FIGURE 2 .4 0 : F a ce b o o k s c re e n s h o t
M o d u le 0 2 P a g e 2 3 0
Collecting Twitter Information C E H

Urt1fw < ilhiul lUtbM
Wayne Rooney C
~wayneR00ney
Japan
29.9 m illio n
A
Twee* to Wayne Rooney T iveets *1 im >
j Q W a y n a B o c n c y
Tweets FO IW iin a
a
JR K1:
g tj P a u 'W c C a rtn e j a = /
11
1811 donl 0ut9 urJe18l8rd w*tjr 1e Mi w have 10 he* eve-ryttmj in french Hit? utterly rdcjom
v m m m
r 'e s w ith la r g e s t ^
oym pcs
can t tittlev aa T h e R e a K C 3fifKrtoano'a* c*f*n n y * H 0 R 88p # c th ed o n **0 m jc'i th ecouWy > ct4 o 1 C 0 1 r
9 4 6 5 3 5 0 W * 7 6 %
Jcov*An<VtfvJ
m illion accounts
m illion tw e e ts a day
sH o p ep a u lm entr?9I
5 5 %
Q
Wayne Rooney 3wsyr<J4v,, I Great riotory of Brrtr aiiesiy. Dtl'eitnt
T w itte r u s e rs n o w p o s t s ta tu s u p d a te s
T w itte r users access th e p la tfo rm via th e ir m o b ile
rh b .oo o o nb e fix6
Copyright by EG-Gllincil. All Rights Reserved. Reproduction is Strictly Prohibited.
o l l e c t i n g
T w
i t t e r
I n f o r m
a t i o n s ite used by p e o p le to send and rea d
T w i t t e r is a n o t h e r p o p u l a r s o c i a l n e t w o r k i n g
t e x t - b a s e d m e s s a g e s . It a llo w s y o u t o f o l l o w y o u r f r ie n d s , e x p e r t s , f a v o r i t e c e le b r it ie s , e tc . T h is s i t e a l s o c a n b e a g r e a t s o u r c e f o r a n a t t a c k e r t o g e t i n f o r m a t i o n a b o u t t h e t a r g e t p e r s o n . T h i s is h e lp f u l in e x t r a c t i n g i n f o r m a t i o n s u c h a s p e r s o n a l i n f o r m a t i o n , f r i e n d th e ta rg e t p o s te d as tw e e ts , w h o m th e t a r g e t is f o l l o w i n g , t h e in fo r m a tio n , a c tiv itie s o f o f th e u se r, p h o to s
fo llo w e rs
u p lo a d e d , e tc . T h e a t t a c k e r m a y g e t m e a n in g f u l in f o r m a t io n f r o m t h e t a r g e t u s e r's tw e e t s .
M o d u le 0 2 P a g e 2 3 1
Wayne Rooney O
wayneRooney
h a p s /w w u . /acebooic.eom. ^ ayntMoon*i/
* Follow
A-
940 ,.' f f ! 119*

4,635.170
h ttp o ffca w a yn o ro e n y0 0 m
d
T w e e t to W a y n e R o o n e y Q W eyneR ooney Paul M cCartney T w e e ts FoSowing F o io w e r s F a v o rte s
TV/eets j No repiiH
i . :: i : * y
Nearly tome ptc tw tte r coaV S O C T lllW 0 D t M M d by Wiyfl Rooney
a
m
j
P iers M organ
l s ti < qu te understand w h y m e h e! w e h ave to hear e v e r y th r g FRENCH first7 Utterty ndicutous solym piccerem ony =K**!K ty Wayne Rooney Expand P m ills vtrStacAV s
:-!-:;j
rwvcni ayca
U W 2 0 1 2T w e ta f
Btog Stjtu* A Ad**1 *ef* B1
3 M
cant befteve . TheReaUVC3 a not part o f this cerem ony N o Resp ect he done s o much 4 the country Imao = Lon do n2 0 l2 *O lym pics Rtfwwwd t y Wayne Rooney Expand Wayne Rooney ., * ::< ,
About Help Tam* Pnvaey
, B e c k s s m ie on the boat w a s s o funny
H
a
Karl H yde
v .H y i*
..ayneRooney themchaelowen becks to bght a footba and bet 1 straight to the Olympic stadum torch GO Rato tea ty Wayna Rooney Va> oonvarMOen Ian Hicholls .>_1af
WayneRooney macca ctosrg t lad ca nl w a r ScouseAndProud * Rafaatad by Wayna Roonay v* oonaratn Wayne Rooney R : :<
Y e s the beetles Hope paul me a S flg n g later Representing frverpool B e s t band ev e r
. i >*Rooney U r bean Fun n y Expand W ayne Rooney .vaynaReeaey G reat history o f b r t a r already Different to an y other cerem ony i , h ave se e n before
FIGURE 2 .4 1 : T w itte r s h o w in g u s e r's tw e e ts
M o d u le 0 2 P a g e 2 3 2
Collecting LinkedinInform ation

LinkedQr Go t a c kl aS t > c *R o t U l t Chris Stone P n . j rH I : . U . '. 1 j . 1 i t v B .1 F W i ;u r n
B P
C *rwl P rogmmtnM n n n j > f Mf r c l a c f c *B a n k0 1 . I j i u m S H . * m p t y * d ( ( # . Pwl * MdotO p ! ! * * " PtyKt$ * Sv&oc K *XA * B a n k E t r a P r e a t s m i T i oManigwa MA B j n *t u : < c O jt P1 j * f T 0i P > r 1 > w n ti *XA f c p xxtr MotM W s M n a c o r r m a n M i e n * )p o t * >I*!*cannvnMOm W f l t a r i M C a n p j r yW<6tM t i p . , * iMxtr
ai a ^
*a H i an Y - - *1 *.^ - 2
n e w m e m b e rs 2 , 4 4 7 e m p lo y e e s lo c a te d a ro u n d th e w o rld $ 5 2 2 m illio n
m illio n c o m p a n ie s
jo in e v e ry s eco nd
re v e n u e f o r 2 0 1 1
ha ve L in k e d ln c o m p a n y pages
Copyright by EG-G1IIIIC1I. All Rights Reserved. Reproduction is Strictly Prohibited.
o l l e c t i n g to
L i n k e d l n and
I n f o r m
a t i o n is a n o th e r s o c ia l n e tw o rk in g s ite fo r
S im ila r
Facebook
T w itte r,
L in k e d ln
p r o f e s s io n a ls . It a llo w s p e o p l e t o c r e a t e a n d m a n a g e t h e i r p r o f e s s i o n a l p r o f i l e
a n d id e n t i t y . It
a llo w s its u s e rs t o b u ild a n d e n g a g e w i t h t h e i r p r o f e s s io n a l n e t w o r k . H e n c e , t h is c a n b e a g r e a t in fo rm a tio n e m p lo y m e n t m ore about reso u rce d e ta ils , th e fo r th e a tta c k e r. The a tta c k e r m ay get in fo rm a tio n c o n ta c t th is such d e ta ils , as cu rre n t m uch th e
p a st e m p lo y m e n t p e rs o n . The
d e ta ils , a tta c k e r
e d u c a tio n can
d e ta ils , a ll
and w ith
ta rg e t
c o lle c t
in fo rm a tio n
f o o t p r in t in g p ro ce ss.
M o d u le 0 2 P a g e 2 3 3
Linked 03 *** !T y!* bmc : Horn Profile Contacts Group* Job inbox Conpann Non Mora
< G o back 10 Search Results
C hris Stone
Programme Manager at Deutsche Bank Belgium
Bru ssels Area B e lp u m Management Consumg
S ee e x p a n d e d
Connect Send InMari Save Chns's F Current P ro g ra m m e M a n a g e r at D eu tsch e B a n k B e lg iu m D irecto r a n d Co n s u lta n t a! P ro g ra m M a n a g e m e n t S olu tio n s sprl (S e lf e m p lo y e d ) Pa st Head of Operations Projects & Support Investment O m s k *! at A X A Bank Europe Programme Manager at A X A Bank Europe O utsourcing Programme & Procurement Manager at A X A B ek pu m O M il Henot-Watt Institute of Chartered Secretaries and Adm M st/ators Recommendations Connections W ebsites Public Protoe 3 people have recommended Chns 500 connections Com pany W ebs4e http II be knkedn c o m W c ss to n e
Education
FIGURE 2 .4 2 : L in k e d ln s h o w in g u s e r's p ro fe s s io n a l p ro file a n d id e n tity
M o d u le 0 2 P a g e 2 3 4
CollectingY outube Inform ation I C E H

3 rd
M o s t v is ite d w e b s ite a c c o rd in g t o A le x a
tm
9 0 0 Sec
A v e ra g e tim e u se rs s p e n d o n Y o u T u b e e v e ry d a y
8 2 9 ,4 4 0
V id e o s u p lo a d e d
,G E E
Q )
1]
o l l e c t i n g
Y o u T u b e
I n f o r m
a t i o n u p l o a d , v i e w , a n d s h a r e v i d e o s a ll o v e r t h e
Y o u T u b e is a w e b s i t e t h a t a l l o w s y o u t o
w o r ld . T h e a tta c k e r ca n s e a rc h f o r th e v id e o s re la te d t o th e ta r g e t a n d m a y c o lle c t in f o r m a t io n fro m th e m .
FIGURE 2 .4 3 : Y o u tu b e s h o w in g v id e o s re la te d t o ta r g e t
M o d u le 0 2 P a g e 2 3 5
TrackingU sers onSocial N etw orking Sites

J U sers m ay use fake id e n titie s on social netw orking sites. Attackers use to o ls such as G e t S o m e o n e s IP o r IP-G R ABB ER to track users' real identity J Steps to get so m e o n e 's IP address thro ugh chat o n F a ceb o o k using G e t S o m e o n e s IP tool:
C E H
G o to
http:/ / www.myiptest.com/staticpages/ index.php/how-about-you
Three fields exist:
L in k fo r P e rso n
R e d ire c t U R L
L in k fo r yo u
Copy the generated link of this field and send it to the target via chat to get IP address
Enter any U R L you w ant th e target to redirect to
O p en th e URL in this field and keep checkin g fo r ta rge t's IP
kKprs41: http Ifw m i nyiptesi corr/img pk>?>d=z0 eujbg1f?&Klnwwvr gruil con&rd =yatoc c> rr&
Link ID
Ideu jb g1f2
IP
8 5.93.218.204
Proxy Refer Dateffime

NO NO 201 2 -08 -0 6 1 3:04 4 4
kxyou: > N *w w myiptest corvstatKpages/ndex prp'to<f-aboutyou'*d=zcMbj1G&shw*jp
h ttp ://w w w .m y ip te s t.c o m Copyright by EG-G*ancil. All Rights Reserved. Reproduction is Strictly Prohibited.
T r a c k i n g ^ In o rd e r about w ill to
U s e r s
o n
S o c ia l fro m
e t w
o r k i n g and
S it e s a tta c k s , p e o p le w ith little
p ro te c t th e m s e lv e s m ay
In te rn e t fra u d id e n titie s th e on
k n o w le d g e cases, you
In te r n e t c rim e s get exact
use fa k e
s o c ia l n e t w o r k in g u se r. So to
s ite s .
In s u c h th e rea l
not
in fo rm a tio n
about
ta rg e t
d e te rm in e
i d e n t i t y o f t h e t a r g e t u s e r , y o u c a n u s e t o o l s s u c h a s G e t S o m e o n e ' s IP o r I P - G R A B B E R t o t r a c k u s e rs ' re a l id e n titie s . If y o u w a n t t o t r a c e t h e i d e n t i t y o f p a r t i c u l a r u s e r, t h e n d o t h e f o l l o w i n g : O p e n y o u r w e b b ro w s e r , p a s te th e URL, a n d p re ss E n te r: h ttp ://w w w .m y ip te s t.c o m /s ta tic p a g e s /in d e x .p h p /h o w -a b o u t-v o u N o tic e th e th re e and fie ld s a t th e b o tto m o f th e web pa g e, n a m e ly
Link for person, Redirect Link for person
URL: http://,
Link for you.

lin k o f t h e fie ld
T o g e t r e a l IP a d d r e s s o f t h e t a r g e t , c o p y t h e g e n e r a t e d a n d s e n d it t o t h e t a r g e t v ia c h a t.
E n te r a n y Open th e
URL y o u
URL
w a n t t h e t a r g e t t o r e d i r e c t t o in in th e L in k
the Redirect link: http://

in a n o th e r w in d o w , to
fie ld .
p re s e n t
for you
fie ld
m o n ito r th e
t a r g e t ' s IP a d d r e s s d e t a i l s a n d a d d i t i o n a l d e t a i l s .
M o d u le 0 2 P a g e 2 3 6
Link for person: http //www myiptest com/1 mg php7!d=zdeujbg1f2&rdr=www gmail com&rdr=yahoo com& Redirect URL: http# www gmail com Link for you: http //www myipfest com/staticpages/index php/how-about-you?id=zdeujbg1f2&showjp:
L i n k ID
IP
P ro xy
R e fe r
D a te ffim e
z d e u jb g lf2
8 5 .9 3 .2 1 8 .2 0 4
NO
NO
2 0 1 2 -0 8 -0 6 1 3 :0 4 :4 4
FIGURE 2 .4 4 : T ra c in g id e n tity o f u s e r's
M o d u le 0 2 P a g e 2 3 7
Footprinting Concepts
Footprinting Threats
Footprinting M ethodology
Footprinting Penetration Testing
Footprinting Countermeasures
Footprinting Tools
1 M
o d u l e
F l o w w ith th e h e lp o f to o ls . M a n y o rg a n iz a tio n s o ffe r to o ls
F o o tp rin tin g can be p f: e r f o r m e d
t h a t m a k e in fo r m a t io n g a th e r in g an e a s y jo b . T h e s e to o ls e n s u re th e m a x im u m
Footprinting Concepts
|w |
F o o t p r in tin g T o o ls
Footprinting Countermeasures
C D
vtv
T h is s e c tio n d e s c rib e s t o o ls in t e n d e d f o r g r a b b in g in f o r m a t io n f r o m v a r io u s s o u rc e s .
M o d u le 0 2 P a g e 2 3 8
Footprinting Tool: Maltego
T o o l:
a l t e g o
S o u rce : h ttp ://p a te rv a .c o m M a lte g o is an open so u rce in te llig e n c e and fo re n s ic s w o rk. a p p lic a tio n . M a lte g o It can be used fo r th e to
in fo rm a tio n
g a th e rin g
p h a s e o f a ll s e c u r i t y - r e l a t e d
is a p l a t f o r m
d e v e lo p e d
d e l i v e r a c l e a r t h r e a t p i c t u r e t o t h e e n v i r o n m e n t t h a t a n o r g a n i z a t i o n o w n s a n d o p e r a t e s . It c a n be used to d e te rm in e th e r e la tio n s h ip s a n d re a l-w o rld lin k s b e t w e e n p e o p le , s o c ia l n e t w o r k s ,
c o m p a n i e s , o r g a n i z a t i o n s , w e b s i t e s , I n t e r n e t i n f r a s t r u c t u r e ( d o m a i n s , D N S n a m e s , N e t b l o c k s , IP a d d re s s e s ) , p h ra s e s , a f f ilia t io n s , d o c u m e n t s , a n d file s .
I ! M
----| | |
q '3
r 0 o
V 1 ^ O 0 o n 9
& 9
~ o Or <
w m
r*
: J ^
Internet Domain
Personal Information
FIGURE 2 .4 5 : M a lte g o s h o w in g In te r n e t D o m a in a n d p e rs o n a l in fo rm a tio n
M o d u le 0 2 P a g e 2 3 9
FootprintingT ool: Domain Name Analyzer Pro
C E H
Setting W indow
h t t p : / / w w w .d o m o i n p u n c h .1
Copyright by EG-Gtancil. All Rights Reserved. Reproduction Is Strictly Prohibited.
T o o l :
o m
a i n
a m
A n a l y z e r
P r o
S o u rce : h ttp ://w w w .d o m a in p u n c h .c o m D o m a in Nam e A n a ly z e r P ro fe s s io n a l nam es. It is W in d o w s th e s o ftw a re d is p la y of fo r fin d in g , m a n a g in g , d a ta (e x p iry and and
m a in ta in in g c re a tio n
m u ltip le
d o m a in
s u p p o rts
a d d itio n a l
d a te s , n a m e s e rv e r in fo r m a tio n ) , ta g g in g d o m a in s , s e c o n d a ry w h o is lo o k u p s ( fo r th in
m o d e l w h o is T L D s lik e C O M , N ET, T V ). T h e fo llo w in g in fo rm a tio n : is a s c r e e n s h o t o f t h e D o m a in Nam e A n a ly z e r P ro to o l s h o w in g d o m a in nam e
M o d u le 0 2 P a g e 2 4 0
Testdpng D om ain N am eA nalyze Pro

C *
Output
TZ0''
1
A
ittu1 VWw Doium
( C
!
SMdrt
_ Mrtc 0*t*t
M
lo o lu * 0ou
SMn
9
WS5.M201
mctosoftcom uptnctml VM iDoicom cwtMhidutca U|Rm<*k1
WDoalootupAt M2W21MS3SPM 162*1? 1 1 M l
1
CO* COT
Mi.1n.1S2J(
mnM.W
cert fie d tw c k e f.c o m
Bar Domaai
m e doman certfeAadcer.com resokes to an ip Address [202.7S.S4.101]. So is most Hceh not avaiafeie or reparation triess your ISP, - j UnknoMil network admmrt&ator or you he sett* the local network to resohe al host names.
.< ft i)phtS may use the App Seangs and toaMe the Mranae Whois lootaos' option t Hyphn*te vog I you war* the hots data nstead th guck ONS based check.
W W WDo
fc fe n d 90 1
j j InAuctc
NctoAuc 02
J T 99<4D 0
j Unt99dl
t [>NAf*0 0 1 1 1 W
1f c
NUU
* U S MO*
M at V I
w O u#tqr J
D o m a in
N a m e
In fo r m a tio n
FIGURE 2 .4 6 : D o m a in N a m e A n a ly z e r P ro s o ftw a re s h o w in g D o m a in N a m e In fo rm a tio n
M o d u le 0 2 P a g e 2 4 1
FootprintingT ool:W ebData Extractor

J J
C E H
Extract targeted c o m p a n y co n ta ct data (em ail, p h o n e , fax) fro m w eb fo r respo nsible b2b co m m u n ic a tio n Extract UR L, m eta tag (title, descrip tio n , keyw ord) fo r w ebsite p ro m o tio n , sea rch d irecto ry creatio n, w eb research
T o o l :
e b
D a t a
E x t r a c t o r
S o u rce : h ttp ://w w w .w e b e x tr a c to r .c o m W eb D a t a E x t r a c t o r is a d a t a e x t r a c t o r t o o l . I t e x t r a c t s t a r g e t e d c o m p a n y c o n t a c t d a t a ( e m a i l , th e w e b , e x tra c ts th e U R L a n d m e ta ta g (title , de sc, k e y w o rd ) fo r w e b s ite d ire c to ry c re a tio n , e tc . T h e fo llo w in g is a s c r e e n s h o t o f t h e W eb D a ta
p h o n e , a n d fa x ) f r o m p ro m o tio n , se a rch e s
E x tr a c to r s h o w in g m e ta ta g s :
M o d u le 0 2 P a g e 2 4 2
W e b D a ta E xtractor 8 3 Ele yiew Uelp Job 0
& ^ 1e dr n p r> I U lt S1C I
1 6|
Cur tpecd Av< 3 stm 6
1 b p .
11111,11
littp//ceiUiedhackc lYtp//cs1tfipdhacle | y .t>//cc tfiedhocko hrtp1//ce tfipdhacke Iv .to ://ce tficdhackc h rlp r //ce tfiedhacke tîcdhackc tfiedhacke h:b / / : = N.t //ooilficdhackc tJicdhackc h ttp ://cei tfiedhacke tficdhackc h rtto//coilificdhockc http//esi tfledhacke t^cdhackc hf.t>.//o=1 Uicdhackc htlp //cei ttiedhacke KtoV/ce Uiedhacke Iv.tp //c s tfiedhacke H:tp //OH tfiedhacke http//co tfiodhack krto//c tfiedhacke http/ / c 3 tfiodhocko hftn//ce rfiedhacke Iv.tp//cc tficdhackc hrtp//0 tfi(dhad:p Iv.tp//cc tficdhackc 1ttp7/c 1rliArthArk a http//ccitfiedhackc tfiodhockc 1ttp//0il Hi^rthArle lAtp//cc1tfioJhotko tfisdhocko http //oettt 1 dhcke Ir.ly //tc tficdtiatkc http// tliodhaoko 1 r.to// c 1Ifiedlidcke Nip //0# 1tf1*dh*cke l*tu//c1 tfiodl1ackc
N .t //c e
*ST<*rr Hot! Title Domai com,0nlr< Onlne Booking: I # beding, hotel Drlhe Ecckr htp://cethfcdo c rrn /flnlr< f rlhf* Booking Hot brfking kclel Ecckr h pf , c c conw'Onlr* Onlne Booking: P rr becking, kctelD rihe Ecckr http:/ca lifcd o c corn/P-folirP-Folc h r p ',c 1 if * A e corn/'P-foli: F Tolc hlip://1 califcdo : corVP-foli: P-Folc M ip 7 ;c a tie d a c corVP-foli: PFolc http, ^cahfccko c conWReallProle^malRealEiraa enae.fea^-oteJttxwlFhrp^/cefiifeck.a c corn/Real I FioIcsb13 l Rral E; 0^ > =fc^3 cvdF htp7 c a h fc tio c com/Real I Ftole^malRaIE<ra etta,rea:>ote?tDCMlFhtp://C1 1 f<la c com/ReollFtotesbn3IRsalE:153 e;t 3 e. tea ôfcjiwnalFhtip:(/ca lif edo c conWReallFTole^malRealEuaa ettae, rea 3 ote ^ xia l FWcp:'/c1fcka c com/Retic Ycu -OTtxxv - Fee Sonr k c y w d A ;Fat deâiht)p:f i ccrhfcdo c com/'RecipYou corpary - Flee Soto keyword A tkcr* deiai Wp:/,ce1hfe<fa c com/Recic Ycu c orpdrv-A tcSonetev-iod A :k a ! dKCiihUDV/cefiifetfa c com/Reci;: Ycu corpay Pee Sons k y w d A skat desai M 'p ^cah fcd -o c com/Recic You corpary Ccr Son- key !ad A ;Frit desai ht:p //c & ffe c to c com/Recif Ycu corpary Pee Sons key-crd A ska* de;cn h t'p :ccr hfedo c com/Recin Ycu corpary - Pet Son- keypad A ?krii daaihirp //ciifecka c com/Roci:Ycu corpary Fee Sons key Mad \ ska dosai Mp:/ crhfccko c conWRecir Ycu covpary - Pec Son keyword A ?kcri <fe?rrihTVhf 1 v c com/'Rccic Ycu ooirpay Pee Sone keypad A :ka desaih<tp://ca1ifcc1o c eorWReeipY c u eorpary PeeSon keyword A *km deiaihf p rwtif c com/Soeia Unite TogclSe1 ijEkc>vcd,orp Abdow:|htp:Aca 1 iFcelo c 00 ^ 01 Yeu eonrpary Pee Son* kpywrd A 1k n l d*1< fihrp / , r 1 if<rk/ c oom/Socia h*p:./ca iifcd o c com/Sona Unite 1ogetftw it k \ *jv w il: 01 p A t*W n*Km hrp/,r#fM#rk,j C corn/S otia Unite -1 vqeltisi i> C\ cvv*u J. ot p A U d oc 1 . 1 1 ( U p '/<.ahfaJ o t cont/Soei*Unite 1 oget'w fc \ >ve13:. orp Abref 0f :f hp ,chfck.* c corWTuibc I 0 0 1 1 ndo Unfia tho I r W p: Z/cerWccko 0 h t 'p V / L t f t f e i J a C corn/Undo UnOa the Tie Wp: //CfWd-1 * c com/Und* Under the I r# l ValifoJ o c com/RcoitYcu -j ii-a 1 -MerSon keypad A tkcrtdeicn Wtp: /cwWceJ-al con
Page 12G G 1 39498 5G G 3 9307 8531
1 20 12 0 1 1 1 2 0 1 2 0 1 1 1 2 0 1 2 0 1 1 1 2 -0 1 -2 0 1 1 1 2 0 12 0 1 1 9 4 6 4 12-01-2011 1 2 0 1 2 0 1 1 1 2 0 1 2 0 1 1 1 2 0 1 2 0 1 1 1 2 -0 1 -2 0 1 1 1 2 0 1 2 0 1 1 1 2 0 1 2 0 1 1 1 2 0 1 2 0 1 1 1 2 0 1 2 0 1 1 1 2 0 1 2 0 1 1 1 2 0 12 0 1 1 1 2 0 1 2 0 1 1 1 2 0 12 0 1 1 1 2 0 1 2 0 1 1 1 20 12 0 1 1 1 2 0 1 2 0 1 1 1 20 12 0 1 1 1 20 12 0 1 1 1
10049 3683 3089 4352 5767 5789 10147 10081 5762 9635 5828 9366 9594 8397 10804 1271G 8862 13274 12451 1409 16239 12143 16259 5227 8693 2963 5932 7909 11584 12-01 2 0 1 1 12 -0 1201 12-01 2011 12 -0 12011 1 2 -0 1All I LU 11
P0< *i f r o Key
tot Va'ifedo t
1 2 0 12 0 1 1 1 2 0 1 2 0 1 1 1 1 2 0 1 2 0 1 1 1 2 0 1 2 J 1 1 1 2 0 1 2 0 1 1
12
12-01^011 1 0
FIGURE 2 .4 7 : W e b D ata E x tra c to r s h o w in g m e ta tag s
M o d u le 0 2 P a g e 2 4 3
A d d it io n a l F o o t p r in t in g T o o ls
C E H
Prefix W hois
cL U http://pwhois.org
Netmask
http://www.phenoelit-us.org
NetScanTools Pro
http://www.netscantools.com
Binging
http://www.blueinfy.com
Tctrace
Spiderzilla
http://spiderzilla.mo/dev.org
Autonom ous System Scanner(ASS)

Sam Spade
http://www.majorgeeks.com
ifi
A
DNS DIGGER
http://www.dnsdigger.com
n <^KPj
Robtex
http://www.robtex.com
Copyright by EG-Gtancil. All Rights Reserved. Reproduction is Strictly Prohibited.
d d i t i o n a l
T o o ls
In a d d i t i o n t o t h e f o o t p r i n t i n g t o o l s m e n t i o n e d p r e v i o u s l y , a f e w m o r e t o o l s a r e l i s t e d as f o llo w s : - S Q Q O S Q S S P re fix W h o is a v a ila b le a t h t t p : / / p w h o is . o r g N e tS c a n T o o ls P ro a v a ila b le a t h t t p : / / w w w . n e t s c a n t o o ls . c o m T c tra c e a v a ila b le a t h t t p : / / w w w . p h e n o e lit - u s . o r g A u t o n o m o u s S y s t e m S c a n n e r (A S S ) a v a i l a b l e a t h t t p : / / w w w . p h e n o e l i t - u s . o r g D N S D IG G E R a v a ila b le a t h t t p : / / w w w . d n s d i g g e r . c o m N e tm a s k a v a ila b le a t h t t p : / / w w w . p h e n o e lit - u s . o r g B in g in g a v a ila b le a t h ttp ://w w w .b lu e in fy .c o m S p id e rz illa a v a ila b le a t h t t p :/ / s p id e r z illa . m o z d e v . o r g S a m S p a d e a v a ila b le a t h t t p :/ / w w w .m a jo r g e e k s . c o m R o b te x a v a ila b le a t h t t p : / / w w w . r o b t e x . c o m
M o d u le 0 2 P a g e 2 4 4
A d d it io n a l F o o t p r in t in g T o o ls
( C o n t d )
(E H
(rtifw tf | tlfciijl U tkM
Dig Web Interface

http://www.digwebinterface.com
SpiderFoot
http://www.binarypool.com
Domain Research Tool

http://www.domainresearchtool.com
CallerIP
http://www.callerippro.com
ActiveW hois
http://www.johnru.com
Zaba Search
http://www.zabasearch.com
m
Ww
yoName
http://yoname.com
j
GeoTrace
http://www.nabber.org
(? W
Ping-Probe
http://www.ping-probe.com
DomainHostingView
http://www.nirsoft.net
Copyright by EG-CtllllCil. All Rights Reserved. Reproduction Is Strictly Prohibited.
d d i t i o n a l
T o o l s
( C
o n t d )
A d d i t i o n a l f o o t p r i n t i n g t o o l s t h a t a r e h e l p f u l in g a t h e r i n g i n f o r m a t i o n a b o u t t h e t a r g e t p e r s o n o r o r g a n iz a t io n a re lis te d as f o llo w s : Q Q Q 6 0 Q Q D ig W e b I n t e r f a c e a v a ila b le a t h t t p :/ / w w w .d ig w e b in t e r f a c e . c o m D o m a in R e s e a rc h T o o l a v a ila b le a t h t t p : / / w w w . d o m a in r e s e a r c h t o o l. c o m A c tiv e W h o is a v a ila b le a t h t t p : / / w w w . j o h n r u . c o m y o N a m e a v a ila b le a t h t t p : / / y o n a m e . c o m P in g -P ro b e a v a ila b le a t h t t p : / / w w w . p in g - p r o b e . c o m S p id e rF o o t a v a ila b le a t h t t p : / / w w w . b in a r y p o o l. c o m C a lle rIP a v a ila b le a t h t t p : / / w w w . c a l l e r i p p r o . c o m Z a b a S e a rc h a v a ila b le a t h t t p :/ / w w w .z a b a s e a r c h . c o m G e o T ra c e a v a ila b le a t h t t p : / / w w w . n a b b e r . o r g D o m a in H o s tin g V ie w a v a ila b le a t h t t p : / / w w w . n ir s o f t . n e t
M o d u le 0 2 P a g e 2 4 5
E t h i c a l H a c k i n g a n d C o u n t e r m e a s u r e s C o p y r i g h t b y E C - C O U I I C il A l l R ig h t s R e s e r v e d . R e p r o d u c t i o n is S t r i c t l y P r o h i b i t e d .
M o d u le
F lo w
So fa r we have discussed th e im portance o f fo o tp rin tin g , various ways in which fo o tp rin tin g can be p erfo rm ed , and the tools th a t can be used fo r fo o tp rin tin g . Now we w ill discuss the co unterm easures to be applied in o rd e r to avoid sensitive in fo rm a tio n disclosure.
x Footprinting Concepts
IH J Footprinting Tools
fo o tp rin tin g C ounterm easures
C L ) Footprinting Methodology
% ((
This section lists various fo o tp rin tin g counterm easures to be applied at various levels.
M o d u le 0 2 P ag e 2 46
Ethical H acking a n d C o u n te rm e a s u re s C opyright by EC-C0l1nCil All Rights R eserved. R ep ro d u ctio n is Strictly P ro h ib ite d .
F o o tp r in tin gC o u n term ea su res C E H

fertiAH itfciui IUck
&
C onfigure routers to restrict th e responses to fo o tp rin tin g requests C onfigure w eb servers to avoid in fo rm a tio n leakage and disab le un w an ted protoco ls
Lock the ports w ith the s uitab le fire w a ll co nfig u ration
Use an IDS th a t can be co nfigured to refuse su sp iciou s tra ffic and pick up fo o tp rin tin g patterns
Evaluate and lim it the am ount of inform ation available before publishing it on the w eb site/ Internet and disable the unnecessary services
Perform fo o tp rin tin g tech n iq u es and rem ove any sen sitive in fo rm a tio n fou n d
Prevent search engines fro m caching a w eb page and use an on ym ous registration services
Enforce secu rity policies to regulate th e in fo rm a tio n th a t em ployees can reveal to th ird parties
&
Copyright by EG-G(HIICil. All Rights Reserved. Reproduction is S trictly Prohibited.
F o o tp r in tin g
C o u n te rm e a s u re s
F o o tp rin tin g co unterm easures are the measures or actions taken to co u n te r or o ffse t in fo rm a tio n disclosure. A fe w fo o tp rin tin g counterm easures are listed as follow s: y 9 Q Configure routers to re strict the responses to fo o tp rin tin g requests. Lock the ports w ith suitable fire w a ll co nfiguration. Evaluate and lim it the a m o un t o f in fo rm a tio n available before publishing it on w e b s ite /In te rn e t and disable the unnecessary services. Prevent search engines fro m caching a webpage and use anonym ous registration services. Q Configure w eb servers to avoid in fo rm a tio n leakage and disable unw anted protocols. Use an IDS th a t can be configured to refuse suspicious tra ffic and pick up fo o tp rin tin g patterns. Q Q Perform fo o tp rin tin g techniques and rem ove any sensitive in fo rm a tio n found. Enforce security policies to regulate the in fo rm a tio n th a t em ployees can reveal to th ird parties. the
M o d u le 0 2 Page 247
F o o tp r in tin gC o u n term ea su res C E H

(C o n td)
Set ap art internal DNS and external DNS Disable directory listings and use split-DNS
Educate employees ab ou t various social engineering tricks and risks
Restrict unexpected input such as |; < >
Avoid domain-level cross-linking fo r th e critical assets
Encrypt and password protect th e sensitive in fo rm a tio n
Copyright by EG-G(HIICil. All Rights Reserved. Reproduction is S trictly Prohibited.
F o o tp r in tin g
C o u n te rm e a s u re s (C o n td )
In a dd itio n to the counterm easures m entioned previously, you can apply the fo llo w in g counterm easures as w ell: Q Q S 9 Q Q Set apart the in terna l DNS and external DNS. Disable d ire cto ry listings and use split-DNS. Educate em ployees about various social e ngineering tricks and risks. Restrict unexpected in p ut such as |; < >. Avoid dom ain-level cross-linking fo r critical assets. Encrypt and password p ro te ct sensitive in fo rm a tio n . Do n ot enable protocols th a t are n ot required. Always use TCP/IP and IPSec filte rs. Configure IIS against banner grabbing.
So fa r we discussed all the necessary techniques and tools to te st th e security o f a system or n etw o rk. Now it is the tim e to put all those tech n iq ue s in to practice. Testing the security o f a system or n e tw o rk using sim ilar techniques as th a t o f an a ttacker w ith adequate perm issions is know n as p e n e tra tio n te stin g . The p en e tratio n te st should be conducted to check w h e th e r an a ttacker is able to reveal sensitive in fo rm a tio n in response to fo o tp rin tin g a tte m p ts.
*j Footprinting Concepts
|!!J!
Footprinting Tools
FootPrint'ng Countermeasures
QO
P enetration testing is an evaluation m ethod o f system or n e tw o rk security. In this evaluation m ethod, the pen te s te r acts as a m alicious o utsid e r and sim ulates an attack to find the security loopholes.
F ootprintingP enT esting C E H

J Footprinting pen test is used to determine organization's publicly available inform ation on the Internet such as network architecture, operating systems, applications, and users The tester attempts to gather as much information as possible about the target organization from the Internet and other publicly accessible sources
Prevent in fo rm a tio n leakage
Footprinting pen testing helps administrator to:

Prevent DNS record re trieval fro m publically available servers Prevent social engineering attem pts
Copyright by EG-G(U(ICil. All Rights Reserved. Reproduction is S trictly Prohibited.
F o o tp r in tin g
P e n T e s tin g
A fo o tp rin tin g pen te st is used to d ete rm ine an organization's publicly available in fo rm a tio n on th e In te rn e t such as n e tw o rk a rchitecture, ope ra tin g systems, applications, and users. In this m ethod, the pen te ste r trie s to gather publicly available sensitive in fo rm a tio n o f the ta rg e t by p retending to be an attacker. The ta rg e t may be a specific host or a n etw o rk. The pen te ste r can p erfo rm any attack th a t an attacker could p erfo rm . The pen te ste r should try all possible ways to gather as much in fo rm a tio n as possible in o rd e r to ensure m axim um scope o f fo o tp rin tin g pen testing. If the pen te ste r finds any sensitive in fo rm a tio n on any publicly available in fo rm a tio n resource, then he or she should e nte r the in fo rm a tio n and the respective source in the report. The m ajor advantages o f conducting p en e tra tio n testin g include: It gives you the chance to p revent DNS record retrieval fro m publically available servers. It helps you to avoid in fo rm a tio n leakage. It prevents social engineering a tte m p ts.
F ootprintingP enT esting C E H +

(C o n td)
START
J G et proper authorization and define the scope of th e assessm ent J Footprint search engines such as G oogle, Yahoo! Search, Ask, Bing, D ogpile, etc. to gather target organization's inform ation such as em ployee details, login pages, intranet portals, etc. that helps in perform ing social engineering and other types of advanced system attacks J Perform w ebsite footprin tin g using tools such as HTTrack W eb Site Copier, B la ckW id o w , W eb rip p er, etc. to build a detailed m ap o f w ebsite's structure and architecture
D efine the scope o f th e assessment
P erform fo o tp rin tin g thro u g h search engines
>
Use search engines such as Google, Yahoo! Search, Bing, etc.
P erform w ebsite fo o tp rin tin g

' y
Use tools such as HTTrack W eb Site Copier, BlackW idow , etc.
!1
Copyright by EG-G(HIICil. All Rights Reserved. Reproduction Is S trictly Prohibited.
F o o tp r in tin g
P e n T e s tin g ( C o n t d )
P enetration testing is a procedural way o f testin g the security in various steps. Steps should be fo llo w e d one a fte r the o th e r in o rd e r to ensure m a xim u m scope o f testing. Here are the steps involved in fo o tp rin tin g pen testing:
Step 1: Get proper authorization

Pen testin g should adm inistrators. be p e rfo rm e d w ith perm ission. Therefore, the very firs t step in a fo o tp rin tin g pen te st is to get p ro pe r a u th oriza tion fro m the concerned people, such as
Step 2: Define the scope of the assessment

Defining the scope o f the se curity assessm ent is th e p rerequisite fo r p en e tratio n testing. Defining the scope o f assessment determ ines the range o f systems in the n e tw o rk to be tested and the resources th a t can be used to test, etc. It also determ ines the pen teste r's lim itatio n s. Once you define the scope, you should plan and gather sensitive in fo rm a tio n using various fo o tp rin tin g techniques.
Step 3: Perform fo o tp rin tin g through search engines
F o otp rin t search engines such as Google, Yahoo! Search, Ask, Bing, Dogpile, etc. to gather the ta rg e t organization's in fo rm a tio n such as em ployee details, login pages, in tra n e t portals, etc. th a t can help in p erfo rm ing social engineering and o th e r types o f advanced system attacks.
Step 4: Perform website footprinting

Perform w ebsite fo o tp rin tin g using tools such as HTTrack W eb Site Copier, BlackW idow, W e b rip pe r, etc. to build a detailed map o f the w e b site 's s tru c tu re and a rch ite ctu re .
F ootprintingP enT esting ^

(C o n td)
Urt.fi* | ttk.ul Nm Im
Perform em ail footprin tin g using tools such as e M a ilT ra ckerPro, P o lite M a il, Em ail Lookup - Free Em ail Tracker, etc. to gather inform ation about th e physical location o f an individual to perform social engineering that in turn may help in m apping target organization's netw ork
P e r fo rm e m a il fo o tp r in tin g V G a th e r c o m p e titiv e in te llig e n c e y P e rfo rm G o o g le h a c k in g V P e rfo rm W H O IS fo o tp rin tin g I...... I...... ;......
Use tools such as eM ailTrackerPro, P oliteM a il, etc. J Use tools such as Hoovers, LexisNexis, Business W ire, etc. J Use tools such as GHDB, M e ta G oofil, SiteDigger, etc.
G ather com p etitive intelligence using tools such as Hoovers, LexisNexis, Business W ire, etc. Perform G oogle hacking using tools such as GHDB, M e ta G o o fil, SiteDigger, etc.
Perform W HOIS footprin tin g using tools such as W HOIS Lookup, S m a rtW h ois, etc. to create detailed m ap o f organizational netw ork, to gather personal inform ation
Use tools such as WHOIS Lookup, Sm artW hois, etc.
that assists to perform social engineering, and to gather oth er internal netw ork details, etc.
Copyright by EG-C*ancil. All Rights Reserved. Reproduction is S trictly Prohibited.
F o o tp r in tin g
P e n T e s tin g
(C o n td )
Step 5: Perform email footprinting

Perform em ail fo o tp rin tin g using too ls such as eM ailTrackerPro, P oliteM ail, Email Lookup - Free Email Tracker, etc. to gather in fo rm a tio n about the physical location o f an individual to p erform social e ngineering th a t in tu rn may help in m apping the ta rg e t organization's netw ork.
Step 6: Gather competitive intelligence

G ather c o m p e titive intelligence using tools such as Hoovers, SEC Info, Business W ire, etc. These too ls help you to e xtract a co m p e tito r's in fo rm a tio n such as its establishm ent, location o f the com pany, progress analysis, higher a uth oritie s, p ro du ct analysis, m arketing details, and much more.
Step 7: Perform Google hacking

Perform Google hacking using too ls such as GHDB, M etaG oofil, SiteDigger, etc. It determ ines the se curity lo o ph o les in the code and co nfig u ra tion o f the websites. Google hacking is usually done w ith the help o f advanced Google operators th a t locate specific strings o f te x t such as versions o f vulnerable web applications.
Step 8: Perform WHOIS footprinting
Perform the WHOIS fo o tp rin tin g te ch n iq u e to e xtract in fo rm a tio n about p articula r dom ains. You can get in fo rm a tio n such as dom ain name, IP address, dom ain o w n e r name, registrant name, and th e ir contact details including phone num bers, em ail IDs, etc. Tools such as Sm artW hois, C ountryW hois, W hois Pro, and A ctiveW hois w ill in fo rm a tio n . help you to e xtract this in fo rm a tio n . You can use this in fo rm a tio n to p erfo rm social e ngineering to obtain m ore
F ootprintingP enT esting g

(C o n td)
Peforrr DNS f ODtp-'rt'ng Lsng t i o s ;s DIG, NsLcon.jp, DHS Records, etc. to se te 'T n e hey h osts 'n the ret *w< and peform soc'a e r j'r e e - 'r j attacks Perform DNS footprinting
tooSS J S SD IG ,
USLookup etc.
Perform network footprinting
se too i i j as Path Analyzer Pro, VtsuaiRoute 20m . etc.

~X/ eîent team q jes sjffi as esvesdrappmj, jriDuiaer surfing, s dumpster drying
Peform footprints^ using too such as Path Ana yzer Pro. VTsualRoute 2010, Networic Pinger, etc. to c eate a ra p of the ta'get's netwo< Implement social e r j r e e - r j te :h r -Les such as eavesdropping d o d d e r surf ng and dum pster diving that ay help to 5atte r o e criticar nfoHrat'on aboLtthe ta get o tganaibon Gatfce ta get organ 2at on enp oyees infora t or. fron the pesara p*0F es on social netwo-icng ste s stc h as Facebook, Linkedln, Tvitter, Google*, Pinterest, e tc .th a ta s s s tto p e farr s3cia eri-'nee-lnJ At the end of per t e s t r doc um ert e the findings
Perform Social Engineering Perform footprinting through social networking sites
Ceate a se aent ty on soca retw o 'd fg stessjm as FsiebMfc, Lrkeain, etc
C c c fe y
*J l
H c u a rv a e 0 -= -- aS hctfy *rr*fe1 ta S
F o o tp r in tin g
r
P e n T e s tin g ( C o n t d )
Step 9: Perform DNS footprinting
Perform DNS fo o tp rin tin g using too ls such as DIG, NsLookup, DNS Records, etc. to d ete rm ine key hosts in the n e tw o rk and p erfo rm social e ngineering attacks. Resolve th e dom ain name to learn abo u t its IP address, DNS records, etc.
Step 11: Perform network footprinting

Perform n e tw o rk fo o tp rin tin g using too ls such as Path Analyzer Pro, VisualRoute 2010, N e tw o rk Pinger, etc. to create a map o f the ta rg e t's n etw o rk. N e tw o rk fo o tp rin tin g allows you to reveal the n e tw o rk range and o th e r n e tw o rk in fo rm a tio n o f the ta rg e t n etw o rk. Using all this in fo rm a tio n , you can draw the n e tw o rk diagram o f the ta rg e t netw ork.
Step 12: Perform social engineering

Im p le m e nt social engineering techniques such as eavesdropping, sh ou ld e r surfing, and dum pste r diving th a t may help to gather m ore critical in fo rm a tio n about th e targe t organization. Through social engineering you can gather ta rg e t o rg a n iza tio n 's em ployee details, phone num bers, co nta ct address, em ail address, etc. You can use this in fo rm a tio n to reveal even m ore in fo rm a tio n .
Step 13: Perform footprinting through social networking sites

Perform fo o tp rin tin g throu g h social n e tw o rkin g sites on the em ployees o f the ta rg e t o rg a n iza tio n obtained in fo o tp rin tin g throu g h social engineering. You can gather in fo rm a tio n fro m th e ir personal profiles on social n e tw o rkin g sites such as Facebook, Linkedln, T w itte r, Google+, Pinterest, etc. th a t assists in p e rfo rm in g social engineering. You can also use people search engines to obtain in fo rm a tio n abo u t ta rg e t person.
Step 14: Document all the findings

A fte r im p le m e n tin g all the fo o tp rin tin g tech n iq ue s, collect and d ocum ent all the in fo rm a tio n obtained at every stage o f testing. You can use this d ocum ent to study, understand, and analyze th e security posture o f the ta rg e t organization. This also enables you to fin d security loopholes. Once you find security loopholes, you should suggest respective counterm easures to the loopholes. The fo llo w in g is a sum m ary o f fo o tp rin tin g p e n e tra tio n te stin g .
F o o tp r in tin gP e nT e stin gR e p o r t E H T e m p la te s
Pen T e stin g R eport
Information obtained through search engines
|J ^ |J J ^ E m ployee d e ta ils : Login pages: In tr a n e t p o rta ls : T e ch n o lo g y p la tfo rm s : O th e rs: g ^ ^
Information obtained through people search

D a te o f b ir th : C o n ta c t d e ta ils : Em ail ID: P ho to s: O th e rs:
Information obtained through website footprinting

y j ^ jigp W? 0 O p e ra tin g e n v iro n m e n t: Filesystem s tru c tu re : S c rip tin g p la tfo rm s used: C o n ta c t d e ta ils : CMS d e ta ils : O th e rs:
Information obtained through Google

T A d v is o rie s an d se rve r v u ln e ra b ilitie s : E rro r messages th a t c o n ta in s e n s itiv e in fo r m a tio n : A i Files c o n ta in in g pa ssw ords: Pages c o n ta in in g n e tw o rk o r v u ln e ra b ility d a ta : O th e rs:
Information obtained through email footprinting

H IP address: GPS lo c a tio n : A u th e n tic a tio n syste m used b y m a il serve r:
Information obtained through competitive intelligence

Financial d e ta ils : P ro je c t plans: O th e rs:
Others:
F o o tp r in tin g
P e n
P e n T e s t in g R e p o r t T e m p la te s
R e p o r t
T e s tin g
P enetration testing is usually conducted to enhance the se curity p e rim e te r o f an organization. As a pen te ste r you should gather sensitive in fo rm a tio n such as server details, the operating system, etc. o f yo u r ta rg e t by conducting fo o tp rin tin g . Analyze the system and n e tw o rk defenses by breaking into its security w ith adequate perm issions (i.e., ethically) w ith o u t causing any damage. Find the loopholes and weaknesses in the n e tw o rk or system security. Now explain all the v u ln e ra b ilitie s along w ith respective counterm easures in a re p ort, i.e., the pen testin g re p ort. The pen testin g re p o rt is a re p o rt obtained a fte r p erfo rm ing n e tw o rk p en e tratio n tests o r security audits. It contains all the details such as types o f tests p erfo rm ed , the hacking tech n iq ue s used, and the results o f hacking activity. In a dd ition, the re p o rt also contains the highlights o f security risks and vu ln era b ilitie s o f an organization. If any vu ln e ra b ility is id e n tifie d during any test, the details o f th e cause o f vu ln e ra b ility along w ith the counterm easures are suggested. The re p o rt should always be kept c o n fid e n tia l. If this in fo rm a tio n falls in to the hands o f attacker, he o r she may use this in fo rm a tio n to launch attacks. The pen testing re p o rt should contain the fo llo w in g details:
P e n T e s tin g R e p o r t
Inform ation o b & in e d through search engines
|J Em ployee d etails Lofi n pages Intranet portals: 0 ^ T echnology platforms: Others: Q Q r
Q
Inform ation o b o in e d through people search

Date o f birth: Contact d e ta is Emai ID: Photos: O thers.
Inform ation obtained throi^ h website fpfplgfgQJtQf

gg a ^ O perating environm ent;
Inform ation obtained through Google

J | ^ A dvisories and server vulnerabilities: Error m e s s a g e s that contain scnath fe information: R e s containing p a ssw o rd s Pages containing netw ork or vJ n era b iity data: Others:
Sea5Js3!>Itr1* rture:
Scripting platform s used:
W Contact d e ta is : ^ CMS d e ta is : Others:
Inform ation obtained throi^ h em ail fefiJSBUDftOt

IP w M reu : GPS location: Authentication sy ste m u sed by m a i ser v er Others:
Inform ation obtained through co m p e titiw intexigence

Financial d e ta is : Project plans: Others:
^
m
B ^
FIGURE 2.48: Pen Testing Report
F o o tp r in tin gP e nT e stin gR e p o r t T e m p la te s E 5 !
(C o n t d)
Pen T e stin g R eport
Information obtained through WHOIS footprinting ^
^ D o m a in n a m e d e ta ils : C o n ta c t d e ta ils o f d o m a in o w n e r:
Information obtained through social engineering ft

m
Personal in fo rm a tio n : Financial in fo rm a tio n : O p e ra tin g e n v iro n m e n t: U ser nam es an d p a ssw ords: N e tw o rk la y o u t in fo rm a tio n : IP addresses a n d n am es o f servers: O th e rs:
D o m a in n a m e servers: N etra n g e :
%
m
^5
W h e n a d o m a in has been cre a te d : O th e rs:
5 $
ft
Information obtained through DNS footprinting

L o c a tio n o f DNS servers:
^
%A
T ype o f servers: O th e rs:
Information obtained through network footprinting

Range o f IP addresses: S u b n e t m ask used b y th e ta r g e t o rg a n iz a tio n :
^
Information obtained through social netw orking sites B a

Personal p ro file s : W o rk re la te d in fo rm a tio n : N ew s a n d p o te n tia l p a rtn e rs o f th e ta rg e t co m p a n y: E d u ca tio n a l a n d e m p lo y m e n t ba ckgrounds: O th e rs:
OS's in use: F ire w a ll lo c a tio n s :
O th e rs:
F o o tp r in tin g
P e n T e s t in g R e p o r t T e m p la te s ( C o n t d )
Pen T e stin g R e p o rt
Inform ation obtained throi^ h WHOIS fooCjirifltnfc

| Q Dom ain n am e details: Contact d etails o f dom ain o w n e r Dom ain nam e servers Netrange: fcfc ^ W h en a dom ain has b e e n created: O thers:
Inform ation obtained through social engineering

Personal information:
ft ra ? ft
* *
Financial inform ation: O perating en vironm ent: U sern am es and passwords: N etw ork layout information: IP a d d r e s s e s and nam es o f servers: O thers:
Inform ation obtained through D N S f $ B ! ^

^ Location o f DNS servers: Type ^
of servers:
O thers:
Inform ation obtained throi^ h network foo tp rin t i/ift

| | Range o f IP ad d resses:
Inform ation obtained through social netw orking sites
Personal p ro fies: W ort related information: N e w s and potertiai partners of th e target company: Educational and em p lo y m e n t b ack grou nd . O thers:
4PQP S u b n et m as* u s e d by th e target organuation:

^
OS's in u se: Rrewafl locations: Others:
FIGURE 2.49: Pen Testing R eport show ing in fo rm a tio n o b ta in e d th ro u g h fo o tp rin tin g and social engineering
M odule Sum m ary

rem ote access, etc. Attackers use search engines to extract in fo rm a tio n about a target
| 0
Footprinting is the process o f collecting as much in fo rm a tio n as possible ab o ut a target n etw ork, fo r id e ntifying various ways to in tru d e into an organization's ne tw o rk system It reduces attacker's attack area to specific range o f IP address, networks, dom ain names,
In fo rm a tion obtained from target's w ebsite enables an attacker to build a detailed map o f website's structu re and architecture Com petitive intelligence is th e process o f identifying, gathering, analyzing, verifying, and using in fo rm a tio n about yo u r com petitors from resources such as the Internet DNS records provide im p o rta n t info rm a tio n ab o ut location and typ e o f servers Attackers conduct trace ro u te to e xtract info rm a tio n about: n e tw o rk topology, trusted routers, and firew all locations Attackers gather sensitive info rm a tio n th ro u g h social engineering on social netw orking websites such as Facebook, MySpace, Linkedln, Twitter, Pinterest, Google+, etc.
M o d u le
S u m m a ry
F o otp rin tin g refers to uncovering and collecting as much in fo rm a tio n as possible about a ta rg e t o f attack. 9 It reduces attacker's attack area to specific range o f IP address, netw orks, dom ain names, rem ote access, etc. A ttackers use search engines to e xtract in fo rm a tio n abo u t a target. Info rm a tio n obtained fro m ta rg e t's w ebsite enables an a ttacker to build a detailed map o f w ebsite's stru ctu re and architecture. 9 C om petitive intelligence is the process o f id e ntifyin g , gathering, analyzing, verifying, and using in fo rm a tio n abo u t yo u r co m p e tito rs fro m resources such as the Inte rn e t. 9 Q DNS records provide im p o rta n t in fo rm a tio n about location and type o f servers. Attackers conduct tra ce ro u te to e xtract in fo rm a tio n about: n e tw o rk topology, tru sted routers, and fire w a ll locations. W Attackers gather sensitive in fo rm a tio n throu g h social engineering on social n e tw o rkin g w ebsites such as Facebook, MySpace, Linkedln, T w itte r, Pinterest, Google+, etc.
M o d u le 0 2 Page 261

CEHv8 Module 02 Footprinting and Reconnaissance

Transféré par

Informations du document

Copyright

Formats disponibles

Partager ce document

Partager ou intégrer le document

Options de partage

Avez-vous trouvé ce document utile ?

Ce contenu est-il inapproprié ?

Droits d'auteur :

Formats disponibles

CEHv8 Module 02 Footprinting and Reconnaissance

Transféré par

Droits d'auteur :

Formats disponibles

Footprinting and R econnaissance M odule

Ethical Hacking a n d C o u n te rm e a s u re s F o o tp rin tin g a n d R e c o n n a issa n c e

Exam 3 1 2-50 C ertified Ethical H acker

Ethical Hacking a n d C o u n te rm e a s u re s F o o tp rin tin g a n d R e c o n n a issa n c e

Exam 3 1 2 -5 0 C ertified Ethical H acker

F a ceb o ok a 'tre a s u re tro v e ' o f P e rs o n a lly Id e n tifia b le In fo rm a tio n

Copyright by EG-G*ancil. All Rights Reserved. Reproduction Is Strictly Prohibited.

Ethical Hacking a n d C o u n te rm e a s u re s F o o tp rin tin g a n d R e c o n n a issa n c e

Exam 3 1 2 -5 0 C ertified Ethical H acker

Ethical Hacking a n d C o u n te rm e a s u re s F o o tp rin tin g a n d R e c o n n a issa n c e

Exam 3 1 2-50 C ertified Ethical H acker

F o o tp r in tin g T e rm in o lo g y W h a t Is F o o tp r in tin g ? O b je c tiv e s o f F o o tp r in tin g F o o tp r in tin g T h re a ts

W H O IS F o o tp r in tin g DNS F o o tp r in tin g N e tw o r k F o o tp r in tin g F o o tp r in tin g th r o u g h S ocial E n g in e e rin g

F o o tp r in tin g th r o u g h S ocial N e tw o r k in g S ites

F o o tp r in tin g T ools F o o tp r in tin g C o u n te rm e a s u re s F o o tp r in tin g P en T e s tin g

Copyright by EC-G*ancil. All Rights Reserved. Reproduction is Strictly Prohibited.

Ethical Hacking a n d C o u n te rm e a s u re s F o o tp rin tin g a n d R e c o n n a issa n c e

Exam 3 1 2 -5 0 C ertified Ethical H acker

F o o tp rin tin g Concepts

F o o tp rin tin g Tools

F o o tp rin tin g Threats

Fo o tPr in t' ng C ounterm easures

F o o tp rin tin g P e n e tra tio n Testing

Ethical Hacking a n d C o u n te rm e a s u re s F o o tp rin tin g a n d R e c o n n a issa n c e

Exam 3 1 2-50 C ertified Ethical H acker

Ethical Hacking a n d C o u n te rm e a s u re s F o o tp rin tin g a n d R e c o n n a issa n c e

Exam 3 1 2-50 C ertified Ethical H acker

Open Source or Passive Information Gathering

Active Information Gathering

Organizational or Private Footprinting

Copyright by EC-G*ancil. All Rights Reserved. Reproduction is Strictly Prohibited.

Ethical Hacking a n d C o u n te rm e a s u re s F o o tp rin tin g a n d R e c o n n a issa n c e

Exam 3 1 2 -5 0 C ertified Ethical H acker

Ethical Hacking a n d C o u n te rm e a s u re s F o o tp rin tin g a n d R e c o n n a issa n c e

Exam 3 1 2 -5 0 C ertified Ethical H acker

F o o tp r in tin g is th e p ro c e s s o f c o lle c tin g as m u c h in fo r m a t io n as p o s s ib le a b o u t a ta r g e t n e tw o r k , f o r id e n tify in g v a rio u s w a y s to in tr u d e in to an o r g a n iz a tio n 's n e t w o r k s y s te m

Process involved in Footprinting a Target

Collect basic in fo rm a tio n about th e target and its n e tw o rk

P erform techniques such as W hois, DNS, n e tw o rk and organizational queries

Find vuln e ra b ilitie s and exploits fo r launching attacks

Copyright by EC-G*ancil. All Rights Reserved. Reproduction is Strictly Prohibited.

Ethical Hacking a n d C o u n te rm e a s u re s F o o tp rin tin g a n d R e c o n n a issa n c e

Exam 3 1 2 -5 0 C ertified Ethical H acker

Ethical Hacking a n d C o u n te rm e a s u re s F o o tp rin tin g a n d R e c o n n a issa n c e

Exam 3 1 2 -5 0 C ertified Ethical H acker

Ethical Hacking a n d C o u n te rm e a s u re s F o o tp rin tin g a n d R e c o n n a issa n c e

Exam 3 1 2 -5 0 C ertified Ethical H acker

Ethical Hacking a n d C o u n te rm e a s u re s F o o tp rin tin g a n d R e c o n n a issa n c e

Exam 3 1 2-50 C ertified Ethical H acker

Collect Network Information

U s e r a n d g ro u p n a m e s S y ste m b a n n e rs R o u tin g ta b le s S N M P in fo r m a tio n

S y ste m a rc h ite c tu re R e m o te s y ste m ty p e S y ste m n a m e s P a s s w o rd s

Collect Organizations Information

Copyright by EC-G*ancil. All Rights Reserved. Reproduction is Strictly Prohibited.

Ethical H acking a n d C o u n te rm e a s u re s F o o tp rin tin g a n d R e c o n n a issa n c e

Exam 3 1 2-50 C ertified Ethical H acker

Ethical Hacking a n d C o u n te rm e a s u re s F o o tp rin tin g a n d R e c o n n a issa n c e

Exam 3 1 2 -5 0 C ertified Ethical H acker

F o o tp rin tin g Concepts

F o o tp rin tin g Tools

o F o o tp rin tin g Threats

F o o tp rin tin g C ounterm easures

F o o tp rin tin g P e n e tra tio n Testing

Ethical Hacking a n d C o u n te rm e a s u re s F o o tp rin tin g a n d R e c o n n a issa n c e

O m Okxh Sfchn#rby Svtomp mor*

port poC4m. U C LM H lp Ooogi Ue M i: Ooo# rwim 0 1 Um * *