Before the real fun of hacking begins, there comes two important steps in the intelligence gathering process known as foot-printing and scanning to be performed by the hacker. This chapter will deal with the first step called foot-printing which simply means gathering information about the target.
WHAT IS FOOT-PRINTING?
Foot-printing refers to the process of gathering information about a specific computer system or a network environment and the company it belongs to. This is the preparatory phase for the hacker where he gathers as much information as he can so as to find ways to intrude into the target. Foot-printing can reveal the vulnerabilities of the target system and improve the ways in which they can be exploited.
Foot-printing has to be done in a slow and methodological manner where the hacker spends 90% of his time in blueprinting the security profile of the target and only 10% in launching the attack. Foot-printing can actually help hacker decide on the type of attack that is most suitable for the target.
INFORMATION GATHERING METHODOLOGY
Suppose if a hacker decides to break into a target-company, he can only do so after blueprinting the target and assessing the possible vulnerabilities. Based on this information, the hacker can carry out possible attacks such as breaking into the company’s database, hacking its website or causing denial of service. The following are some of the different types of information that a hacker could gather before actually carrying out the attack:
Obtaining the Domain Name Information
Various background information about the target website (domain name) such as the name of its Owner and registrar, date of its registration, expiry date, name Servers associated, contact details associated with it such as email, phone and address can be found out by performing a Whois look up. The following are some of the popular websites where you can perform Whois look up on any domain to uncover its background information:
Finding IP Address and Hosting Provider
Information such as the IP address of the website and its hosting provider can be very
crucial. This can be easily found out using the following website:
WhoIsHostingThis: here
Just visit the above website and enter the domain name of your choice to obtain its IP
address as well as the name of its hosting provider as shown below.
Finding IP Address Location
Finding out the physical location of the IP address is very simple. Just visit the following website and enter the target IP address to reveal its physical location:
IP2Location: here
Finding IP Address Range
While small websites may have a single IP address, big players such as Google, Facebook and Microsoft have a range of IP addresses allocated to their company for hosting additional websites and servers. This range of information can be obtained from the official website of American Registry for Internet Numbers (ARIN). The URL for the ARIN website is listed below:
ARIN Website: here
Visit the above URL and insert the IP address of any given website in the “Search
Whois” box found at the top right corner of the web page.
Trace-route
Trace route is a network diagnostic tool to identify the actual path (route) that the information (packets) takes to travel from source to destination. The source will be your own computer called local host. The destination can be any host or server on the local network or Internet.
The trace route tool is available on both Windows and Linux. The command syntax for Windows is as follows:
tracert target-domain-or-IP
The command syntax for Linux is as follows:
trace route target-domain-or-IP
Usually, the transfer of information from one computer to another will not happen in a
single jump. It involves a chain of several computers and network devices called hops to transmit information from source to destination. Trace-route identifies each hop on that list and the amount of time it takes to travel from one hop to another. A snapshot of the trace-route performed on “google.com” using a Windows computer is shown below:
As shown in the above snapshot, the trace-route tool identifies all the hops present in the path traversed by packets from source to destination. Here 192.168.0.1 is the private IP and 117.192.208.1 is the public IP of the source (my computer). 74.125.236.66 is the destination IP address (Google’s server). All the remaining IP addresses shown in between the source and the destination belong to computers that assist in carrying the information.
Obtaining Archive of the Target Website
Getting access to the archive of the target website will let you know how the website was during the time of its launch and how it got advanced and changed over time. You will also see all the updates made to the website, including the nature of updates and their dates. You can use the WayBackMachine tool to access the this information.
WayBackMachine: here
Just use the above link to visit the WayBackMachine website and type in the URL of the
target website. You should get a list of archives of the website listed in a month by month and yearly basis as shown in the snapshot below.
COUNTERMEASURES
I hope you are now aware of several ways using which you can successfully perform foot printing to gather a whole lot of information about the target. Once you are done with organising the data that you have obtained through the foot printing process, you can sit back and analyse them to find out possible vulnerabilities in any of the technologies used in the website.
Many network administrators often fail to update vulnerable software and scripts running on their server to the latest version. This can open an opportunity for the hacker to exploit and gain access to the system. Therefore, it is important to identify and patch the existing vulnerabilities on a regular basis and also limit the amount of sensitive information leaked to the Internet.
No comments:
Post a Comment